| Tristan Matthews | 0a329cc | 2013-07-17 13:20:14 -0400 | [diff] [blame] | 1 | /* $Id$ */ |
| 2 | /* |
| 3 | * Copyright (C) 2008-2011 Teluu Inc. (http://www.teluu.com) |
| 4 | * Copyright (C) 2003-2008 Benny Prijono <benny@prijono.org> |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or modify |
| 7 | * it under the terms of the GNU General Public License as published by |
| 8 | * the Free Software Foundation; either version 2 of the License, or |
| 9 | * (at your option) any later version. |
| 10 | * |
| 11 | * This program is distributed in the hope that it will be useful, |
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 14 | * GNU General Public License for more details. |
| 15 | * |
| 16 | * You should have received a copy of the GNU General Public License |
| 17 | * along with this program; if not, write to the Free Software |
| 18 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
| 19 | */ |
| 20 | #include <pjsip/sip_auth_aka.h> |
| 21 | #include <pjsip/sip_errno.h> |
| 22 | #include <pjlib-util/base64.h> |
| 23 | #include <pjlib-util/md5.h> |
| 24 | #include <pjlib-util/hmac_md5.h> |
| 25 | #include <pj/assert.h> |
| 26 | #include <pj/log.h> |
| 27 | #include <pj/pool.h> |
| 28 | #include <pj/string.h> |
| 29 | |
| 30 | #if PJSIP_HAS_DIGEST_AKA_AUTH |
| 31 | |
| 32 | #include "../../third_party/milenage/milenage.h" |
| 33 | |
| 34 | /* |
| 35 | * Create MD5-AKA1 digest response. |
| 36 | */ |
| 37 | PJ_DEF(pj_status_t) pjsip_auth_create_aka_response( |
| 38 | pj_pool_t *pool, |
| 39 | const pjsip_digest_challenge*chal, |
| 40 | const pjsip_cred_info *cred, |
| 41 | const pj_str_t *method, |
| 42 | pjsip_digest_credential *auth) |
| 43 | { |
| 44 | pj_str_t nonce_bin; |
| 45 | int aka_version; |
| 46 | const pj_str_t pjsip_AKAv1_MD5 = { "AKAv1-MD5", 9 }; |
| 47 | const pj_str_t pjsip_AKAv2_MD5 = { "AKAv2-MD5", 9 }; |
| 48 | pj_uint8_t *chal_rand, *chal_sqnxoraka, *chal_mac; |
| 49 | pj_uint8_t k[PJSIP_AKA_KLEN]; |
| 50 | pj_uint8_t op[PJSIP_AKA_OPLEN]; |
| 51 | pj_uint8_t amf[PJSIP_AKA_AMFLEN]; |
| 52 | pj_uint8_t res[PJSIP_AKA_RESLEN]; |
| 53 | pj_uint8_t ck[PJSIP_AKA_CKLEN]; |
| 54 | pj_uint8_t ik[PJSIP_AKA_IKLEN]; |
| 55 | pj_uint8_t ak[PJSIP_AKA_AKLEN]; |
| 56 | pj_uint8_t sqn[PJSIP_AKA_SQNLEN]; |
| 57 | pj_uint8_t xmac[PJSIP_AKA_MACLEN]; |
| 58 | pjsip_cred_info aka_cred; |
| 59 | int i, len; |
| 60 | pj_status_t status; |
| 61 | |
| 62 | /* Check the algorithm is supported. */ |
| 63 | if (chal->algorithm.slen==0 || pj_stricmp2(&chal->algorithm, "md5") == 0) { |
| 64 | /* |
| 65 | * A normal MD5 authentication is requested. Fallbackt to the usual |
| 66 | * MD5 digest creation. |
| 67 | */ |
| 68 | pjsip_auth_create_digest(&auth->response, &auth->nonce, &auth->nc, |
| 69 | &auth->cnonce, &auth->qop, &auth->uri, |
| 70 | &auth->realm, cred, method); |
| 71 | return PJ_SUCCESS; |
| 72 | |
| 73 | } else if (pj_stricmp(&chal->algorithm, &pjsip_AKAv1_MD5) == 0) { |
| 74 | /* |
| 75 | * AKA version 1 is requested. |
| 76 | */ |
| 77 | aka_version = 1; |
| 78 | |
| 79 | } else if (pj_stricmp(&chal->algorithm, &pjsip_AKAv2_MD5) == 0) { |
| 80 | /* |
| 81 | * AKA version 2 is requested. |
| 82 | */ |
| 83 | aka_version = 2; |
| 84 | |
| 85 | } else { |
| 86 | /* Unsupported algorithm */ |
| 87 | return PJSIP_EINVALIDALGORITHM; |
| 88 | } |
| 89 | |
| 90 | /* Decode nonce */ |
| 91 | nonce_bin.slen = len = PJ_BASE64_TO_BASE256_LEN(chal->nonce.slen); |
| 92 | nonce_bin.ptr = pj_pool_alloc(pool, nonce_bin.slen + 1); |
| 93 | status = pj_base64_decode(&chal->nonce, (pj_uint8_t*)nonce_bin.ptr, &len); |
| 94 | nonce_bin.slen = len; |
| 95 | if (status != PJ_SUCCESS) |
| 96 | return PJSIP_EAUTHINNONCE; |
| 97 | |
| 98 | if (nonce_bin.slen < PJSIP_AKA_RANDLEN + PJSIP_AKA_AUTNLEN) |
| 99 | return PJSIP_EAUTHINNONCE; |
| 100 | |
| 101 | /* Get RAND, AUTN, and MAC */ |
| 102 | chal_rand = (pj_uint8_t*)(nonce_bin.ptr + 0); |
| 103 | chal_sqnxoraka = (pj_uint8_t*) (nonce_bin.ptr + PJSIP_AKA_RANDLEN); |
| 104 | chal_mac = (pj_uint8_t*) (nonce_bin.ptr + PJSIP_AKA_RANDLEN + |
| 105 | PJSIP_AKA_SQNLEN + PJSIP_AKA_AMFLEN); |
| 106 | |
| 107 | /* Copy k. op, and amf */ |
| 108 | pj_bzero(k, sizeof(k)); |
| 109 | pj_bzero(op, sizeof(op)); |
| 110 | pj_bzero(amf, sizeof(amf)); |
| 111 | |
| 112 | if (cred->ext.aka.k.slen) |
| 113 | pj_memcpy(k, cred->ext.aka.k.ptr, cred->ext.aka.k.slen); |
| 114 | if (cred->ext.aka.op.slen) |
| 115 | pj_memcpy(op, cred->ext.aka.op.ptr, cred->ext.aka.op.slen); |
| 116 | if (cred->ext.aka.amf.slen) |
| 117 | pj_memcpy(amf, cred->ext.aka.amf.ptr, cred->ext.aka.amf.slen); |
| 118 | |
| 119 | /* Given key K and random challenge RAND, compute response RES, |
| 120 | * confidentiality key CK, integrity key IK and anonymity key AK. |
| 121 | */ |
| 122 | f2345(k, chal_rand, res, ck, ik, ak, op); |
| 123 | |
| 124 | /* Compute sequence number SQN */ |
| 125 | for (i=0; i<PJSIP_AKA_SQNLEN; ++i) |
| 126 | sqn[i] = (pj_uint8_t) (chal_sqnxoraka[i] ^ ak[i]); |
| 127 | |
| 128 | /* Verify MAC in the challenge */ |
| 129 | /* Compute XMAC */ |
| 130 | f1(k, chal_rand, sqn, amf, xmac, op); |
| 131 | |
| 132 | if (pj_memcmp(chal_mac, xmac, PJSIP_AKA_MACLEN) != 0) { |
| 133 | return PJSIP_EAUTHINNONCE; |
| 134 | } |
| 135 | |
| 136 | /* Build a temporary credential info to create MD5 digest, using |
| 137 | * "res" as the password. |
| 138 | */ |
| 139 | pj_memcpy(&aka_cred, cred, sizeof(aka_cred)); |
| 140 | aka_cred.data_type = PJSIP_CRED_DATA_PLAIN_PASSWD; |
| 141 | |
| 142 | /* Create a response */ |
| 143 | if (aka_version == 1) { |
| 144 | /* |
| 145 | * For AKAv1, the password is RES |
| 146 | */ |
| 147 | aka_cred.data.ptr = (char*)res; |
| 148 | aka_cred.data.slen = PJSIP_AKA_RESLEN; |
| 149 | |
| 150 | pjsip_auth_create_digest(&auth->response, &chal->nonce, |
| 151 | &auth->nc, &auth->cnonce, &auth->qop, |
| 152 | &auth->uri, &chal->realm, &aka_cred, method); |
| 153 | |
| 154 | } else if (aka_version == 2) { |
| 155 | |
| 156 | /* |
| 157 | * For AKAv2, password is base64 encoded [1] parameters: |
| 158 | * PRF(RES||IK||CK,"http-digest-akav2-password") |
| 159 | * |
| 160 | * The pseudo-random function (PRF) is HMAC-MD5 in this case. |
| 161 | */ |
| 162 | |
| 163 | pj_str_t resikck; |
| 164 | const pj_str_t AKAv2_Passwd = { "http-digest-akav2-password", 26 }; |
| 165 | pj_uint8_t hmac_digest[16]; |
| 166 | char tmp_buf[48]; |
| 167 | int hmac64_len; |
| 168 | |
| 169 | resikck.slen = PJSIP_AKA_RESLEN + PJSIP_AKA_IKLEN + PJSIP_AKA_CKLEN; |
| 170 | pj_assert(resikck.slen <= PJ_ARRAY_SIZE(tmp_buf)); |
| 171 | resikck.ptr = tmp_buf; |
| 172 | pj_memcpy(resikck.ptr + 0, res, PJSIP_AKA_RESLEN); |
| 173 | pj_memcpy(resikck.ptr + PJSIP_AKA_RESLEN, ik, PJSIP_AKA_IKLEN); |
| 174 | pj_memcpy(resikck.ptr + PJSIP_AKA_RESLEN + PJSIP_AKA_IKLEN, |
| 175 | ck, PJSIP_AKA_CKLEN); |
| 176 | |
| 177 | pj_hmac_md5((const pj_uint8_t*)AKAv2_Passwd.ptr, AKAv2_Passwd.slen, |
| 178 | (const pj_uint8_t*)resikck.ptr, resikck.slen, |
| 179 | hmac_digest); |
| 180 | |
| 181 | aka_cred.data.slen = hmac64_len = |
| 182 | PJ_BASE256_TO_BASE64_LEN(PJ_ARRAY_SIZE(hmac_digest)); |
| 183 | pj_assert(aka_cred.data.slen+1 <= PJ_ARRAY_SIZE(tmp_buf)); |
| 184 | aka_cred.data.ptr = tmp_buf; |
| 185 | pj_base64_encode(hmac_digest, PJ_ARRAY_SIZE(hmac_digest), |
| 186 | aka_cred.data.ptr, &len); |
| 187 | aka_cred.data.slen = hmac64_len; |
| 188 | |
| 189 | pjsip_auth_create_digest(&auth->response, &chal->nonce, |
| 190 | &auth->nc, &auth->cnonce, &auth->qop, |
| 191 | &auth->uri, &chal->realm, &aka_cred, method); |
| 192 | |
| 193 | } else { |
| 194 | pj_assert(!"Bug!"); |
| 195 | return PJ_EBUG; |
| 196 | } |
| 197 | |
| 198 | /* Done */ |
| 199 | return PJ_SUCCESS; |
| 200 | } |
| 201 | |
| 202 | |
| 203 | #endif /* PJSIP_HAS_DIGEST_AKA_AUTH */ |
| 204 | |