Hi All I have written a code as follows for creation of response for algorithm AKAv1-MD5. (i.e http://www.pjsip.org/pjsip/docs/html/group__PJSIP__AUTH__AKA__API.htm) So that i have created a pool in the main program and passed it as argument to the calling function pjsip_auth_create_aka_response with other arguments. Here in the following section the following lines runs fine and returns status PJ_SUCCESS. /* Decode nonce */ nonce_bin.slen = len = PJ_BASE64_TO_BASE256_LEN(chal->nonce.slen); nonce_bin.ptr = pj_pool_alloc(pool, nonce_bin.slen + 1); status = pj_base64_decode(&chal->nonce, (pj_uint8_t*)nonce_bin.ptr, &len); nonce_bin.slen = len; if (status != PJ_SUCCESS) return PJSIP_EAUTHINNONCE; but during execution of /* Get RAND, AUTN, and MAC */ chal_rand = (pj_uint8_t*)(nonce_bin.ptr + 0); here the nonce_bin.ptr contains no value. As per me the base64 decoded value of the nonce should be stored here. I think there is some mistake in my pool creation. So that the above value is not stored in my pool. Plz suggest what is wrong in my code? The code is as follows: #include <string.h> #define PJ_WIN32 1; #include <pjlib.h> #include <pjlib-util.h> #include <pjnath.h> #include <pjsip.h> #include <pjsip_ua.h> #include <pjsip_simple.h> #include <pjsua-lib/pjsua.h> #include <pjmedia.h> #include <pjmedia-codec.h> #include <pjsua-lib/pjsua.h> #include <pj/string.h> #include <pj/types.h> #include <pj/config_site.h > #include <pjsip/sip_auth.h> #include <pjsip/sip_auth_parser.h> /* just to get pjsip_DIGEST_STR */ #include <pjsip/sip_auth_aka.h> #include <pjsip/sip_transport.h> #include <pjsip/sip_endpoint.h> #include <pjsip/sip_errno.h> #include <pjsip/sip_util.h> #include <pjlib-util/md5.h> #include <pj/log.h> #include <pj/string.h> #include <pj/pool.h> #include <pj/guid.h> #include <pj/assert.h> #include <pj/ctype.h> #include<E:/pjproject-1.0.1/pjsip/src/pjsip/sip_auth_client.c> #define PJSIP_HAS_DIGEST_AKA_AUTH 1 #define PJ_BASE64_TO_BASE256_LEN(len) (len * 3 / 4) #define SIZE 4096 #define PJSIP_AKA_AKLEN 6 #define PJSIP_AKA_AMFLEN 2 #define PJSIP_AKA_AUTNLEN 16 #define PJSIP_AKA_CKLEN 16 #define PJSIP_AKA_IKLEN 16 #define PJSIP_AKA_KLEN 16 #define PJSIP_AKA_MACLEN 8 #define PJSIP_AKA_OPLEN 16 #define PJSIP_AKA_RANDLEN 16 #define PJSIP_AKA_RESLEN 8 #define PJSIP_AKA_SQNLEN 6 typedef int pj_status_t; typedef signed char pj_int8_t; #include <pjsip/sip_auth_aka.h> #include <pjsip/sip_errno.h> #include <pjlib-util/base64.h> #include <pjlib-util/md5.h> #include <pjlib-util/hmac_md5.h> #include <pj/assert.h> #include <pj/log.h> #include <pj/pool.h> #include <pj/string.h> #include <pjsip/sip_auth.h> #include <pjlib.h> #include "E:/pjproject-1.0.1/third_party/milenage/milenage.h" pj_status_t pjsip_auth_create_aka_response(pj_pool_t * pool, const pjsip_digest_challenge * chal, const pjsip_cred_info * cred, const pj_str_t * method, pjsip_digest_credential * auth); pj_status_t pjsip_auth_create_aka_response( pj_pool_t *pool, const pjsip_digest_challenge*chal, const pjsip_cred_info *cred, const pj_str_t *method, pjsip_digest_credential *auth) { pj_str_t nonce_bin; int aka_version; const pj_str_t pjsip_AKAv1_MD5 = { "AKAv1-MD5", 9 }; const pj_str_t pjsip_AKAv2_MD5 = { "AKAv2-MD5", 9 }; pj_uint8_t *chal_rand, *chal_sqnxoraka, *chal_mac; pj_uint8_t k[PJSIP_AKA_KLEN]; pj_uint8_t op[PJSIP_AKA_OPLEN]; pj_uint8_t amf[PJSIP_AKA_AMFLEN]; pj_uint8_t res[PJSIP_AKA_RESLEN]; pj_uint8_t ck[PJSIP_AKA_CKLEN]; pj_uint8_t ik[PJSIP_AKA_IKLEN]; pj_uint8_t ak[PJSIP_AKA_AKLEN]; pj_uint8_t sqn[PJSIP_AKA_SQNLEN]; pj_uint8_t xmac[PJSIP_AKA_MACLEN]; pjsip_cred_info aka_cred; int i, len; pj_status_t status; /* Check the algorithm is supported. */ if (chal->algorithm.slen==0 || pj_stricmp2(&chal->algorithm, "md5") == 0) { /* * A normal MD5 authentication is requested. Fallbackt to the usual * MD5 digest creation. */ pjsip_auth_create_digest(&auth->response, &auth->nonce, &auth->nc, &auth->cnonce, &auth->qop, &auth->uri, &auth->realm, cred, method); return PJ_SUCCESS; } else if (pj_stricmp(&chal->algorithm, &pjsip_AKAv1_MD5) == 0) { /* * AKA version 1 is requested. */ aka_version = 1; } else if (pj_stricmp(&chal->algorithm, &pjsip_AKAv2_MD5) == 0) { /* * AKA version 2 is requested. */ aka_version = 2; } else { /* Unsupported algorithm */ return PJSIP_EINVALIDALGORITHM; } /* Decode nonce */ nonce_bin.slen = len = PJ_BASE64_TO_BASE256_LEN(chal->nonce.slen); nonce_bin.ptr = pj_pool_alloc(pool, nonce_bin.slen + 1); status = pj_base64_decode(&chal->nonce, (pj_uint8_t*)nonce_bin.ptr, &len); nonce_bin.slen = len; if (status != PJ_SUCCESS) return PJSIP_EAUTHINNONCE; if (nonce_bin.slen < PJSIP_AKA_RANDLEN + PJSIP_AKA_AUTNLEN) return PJSIP_EAUTHINNONCE; /* Get RAND, AUTN, and MAC */ chal_rand = (pj_uint8_t*)(nonce_bin.ptr + 0); chal_sqnxoraka = (pj_uint8_t*) (nonce_bin.ptr + PJSIP_AKA_RANDLEN); chal_mac = (pj_uint8_t*) (nonce_bin.ptr + PJSIP_AKA_RANDLEN + PJSIP_AKA_SQNLEN + PJSIP_AKA_AMFLEN); /* Copy k. op, and amf */ pj_bzero(k, sizeof(k)); pj_bzero(op, sizeof(op)); pj_bzero(amf, sizeof(amf)); if (cred->ext.aka.k.slen) pj_memcpy(k, cred->ext.aka.k.ptr, cred->ext.aka.k.slen); if (cred->ext.aka.op.slen) pj_memcpy(op, cred->ext.aka.op.ptr, cred->ext.aka.op.slen); if (cred->ext.aka.amf.slen) pj_memcpy(amf, cred->ext.aka.amf.ptr, cred->ext.aka.amf.slen); /* Given key K and random challenge RAND, compute response RES, * confidentiality key CK, integrity key IK and anonymity key AK. */ f2345(k, chal_rand, res, ck, ik, ak, op); /* Compute sequence number SQN */ for (i=0; i<PJSIP_AKA_SQNLEN; ++i) sqn[i] = (pj_uint8_t) (chal_sqnxoraka[i] ^ ak[i]); /* Verify MAC in the challenge */ /* Compute XMAC */ f1(k, chal_rand, sqn, amf, xmac, op); if (pj_memcmp(chal_mac, xmac, PJSIP_AKA_MACLEN) != 0) { return PJSIP_EAUTHINNONCE; } /* Build a temporary credential info to create MD5 digest, using * "res" as the password. */ pj_memcpy(&aka_cred, cred, sizeof(aka_cred)); aka_cred.data_type = PJSIP_CRED_DATA_PLAIN_PASSWD; /* Create a response */ if (aka_version == 1) { /* * For AKAv1, the password is RES */ aka_cred.data.ptr = (char*)res; aka_cred.data.slen = PJSIP_AKA_RESLEN; pjsip_auth_create_digest(&auth->response, &chal->nonce, &auth->nc, &auth->cnonce, &auth->qop, &auth->uri, &chal->realm, &aka_cred, method); } else if (aka_version == 2) { /* * For AKAv2, password is base64 encoded [1] parameters: * PRF(RES||IK||CK,"http-digest-akav2-password") * * The pseudo-random function (PRF) is HMAC-MD5 in this case. * * Hmmm.. but those above doesn't seem to work, and this below does! */ aka_cred.data.slen = PJSIP_AKA_RESLEN + PJSIP_AKA_IKLEN + PJSIP_AKA_CKLEN; aka_cred.data.ptr = pj_pool_alloc(pool, aka_cred.data.slen); pj_memcpy(aka_cred.data.ptr + 0, res, PJSIP_AKA_RESLEN); pj_memcpy(aka_cred.data.ptr + PJSIP_AKA_RESLEN, ik, PJSIP_AKA_IKLEN); pj_memcpy(aka_cred.data.ptr + PJSIP_AKA_RESLEN + PJSIP_AKA_IKLEN, ck, PJSIP_AKA_CKLEN); pjsip_auth_create_digest(&auth->response, &chal->nonce, &auth->nc, &auth->cnonce, &auth->qop, &auth->uri, &chal->realm, &aka_cred, method); } else { pj_assert(!"Bug!"); return PJ_EBUG; } /* Done */ return PJ_SUCCESS; } static void my_perror(const char *title, pj_status_t status) { char errmsg[PJ_ERR_MSG_SIZE]; pj_strerror(status, errmsg, sizeof(errmsg)); printf(errmsg); //PJ_LOG(1,(THIS_FILE, "%s: %s [status=%d]", title, errmsg, status)); } int main() { pj_status_t status; pj_str_t method; pjsip_cred_info cred; pjsip_digest_challenge chal; pjsip_digest_credential auth; pj_pool_t *pool; pj_caching_pool cp; status = pj_init(); if (status != PJ_SUCCESS) { my_perror("Error initializing PJLIB", status); return 1; } // Create the pool factory, in this case, a caching pool, // using default pool policy. //pj_caching_pool_init(&cp, NULL, 1024*1024 ); pj_caching_pool_init(&cp, &pj_pool_factory_default_policy,1024*1024 ); pool = pj_pool_create(&cp.factory, // the factory "pool2", // pool's name 4000, // initial size 4000, // increment size NULL); // use default callback. if (pool == NULL) { my_perror("Error creating pool", PJ_ENOMEM); return; } //mentioning method name method = pj_str("REGISTER"); //Authentication challange Parameters pj_bzero(&chal, sizeof(chal)); pj_bzero(&chal, sizeof(chal)); chal.realm = pj_str("ptinovacao.pt"); chal.domain = pj_str("ptinovacao.pt"); chal.nonce = pj_str("AABHegAACUAAAEsHAAAMzULdXEXBS7m5ew/MiBUkHdR="); chal.opaque = pj_str(""); chal.algorithm = pj_str("AKAv1-MD5"); chal.qop = pj_str (""); chal.stale = 0; //authorization parameters pj_bzero(&auth, sizeof(auth)); auth.realm = pj_str("ptinovacao.pt"); auth.username = pj_str("bob at ptinovacao.pt"); auth.nonce = pj_str("AABHegAACUAAAEsHAAAMzULdXEXBS7m5ew/MiBUkHdR="); auth.algorithm = pj_str ("AKAv1-MD5"); auth.uri = pj_str ("sip:36.212.176.92"); auth.cnonce = pj_str(""); auth.nc = pj_str(""); auth.opaque = pj_str(""); auth.qop = pj_str(""); auth.response = pj_str(""); // Credential parameters pj_bzero(&cred, sizeof(cred)); cred.scheme = pj_str("Digest"); cred.realm = pj_str("ptinovacao.pt"); cred.username = pj_str("bob at ptinovacao.pt"); cred.data_type = PJSIP_CRED_DATA_EXT_AKA; cred.data = pj_str(""); // AKA extended info cred.ext.aka.k = pj_str(""); cred.ext.aka.op = pj_str("00000000000000000000000000000000"); cred.ext.aka.amf = pj_str("0000"); //cred.ext.aka.cb = &pjsip_auth_create_aka_response; status = pjsip_auth_create_aka_response(pool,&chal,&cred,&method,&auth); if (status != PJ_SUCCESS) { my_perror("Error initializing PJLIB", status); return 1; } pj_caching_pool_destroy(&cp); return 0; } Regd's Sanjay -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20090220/a6bd08bd/attachment-0001.html>
