summaryrefslogtreecommitdiffstats
path: root/tinySIP/include/tinysip/authentication
diff options
context:
space:
mode:
Diffstat (limited to 'tinySIP/include/tinysip/authentication')
-rw-r--r--tinySIP/include/tinysip/authentication/tsip_challenge.h92
-rw-r--r--tinySIP/include/tinysip/authentication/tsip_milenage.h189
-rw-r--r--tinySIP/include/tinysip/authentication/tsip_rijndael.h71
3 files changed, 352 insertions, 0 deletions
diff --git a/tinySIP/include/tinysip/authentication/tsip_challenge.h b/tinySIP/include/tinysip/authentication/tsip_challenge.h
new file mode 100644
index 0000000..38f7690
--- /dev/null
+++ b/tinySIP/include/tinysip/authentication/tsip_challenge.h
@@ -0,0 +1,92 @@
+/*
+* Copyright (C) 2010-2011 Mamadou Diop.
+*
+* Contact: Mamadou Diop <diopmamadou(at)doubango[dot]org>
+*
+* This file is part of Open Source Doubango Framework.
+*
+* DOUBANGO is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* DOUBANGO is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with DOUBANGO.
+*
+*/
+
+/**@file tsip_challenge.h
+ * @brief SIP authentication challenge.
+ *
+ * @author Mamadou Diop <diopmamadou(at)doubango[dot]org>
+ *
+
+ */
+#ifndef TINYSIP_AUTHENTICATION_CHALLENGE_H
+#define TINYSIP_AUTHENTICATION_CHALLENGE_H
+
+#include "tinysip_config.h"
+
+#include "tsip.h"
+
+#include "tinysip/tsip_message.h"
+#include "tinysip/headers/tsip_header.h"
+
+#include "tinysip/authentication/tsip_milenage.h"
+
+#include "tinyhttp/auth/thttp_auth.h"
+
+#include "tsk_object.h"
+#include "tsk_list.h"
+#include "tsk_md5.h"
+
+TSIP_BEGIN_DECLS
+
+
+typedef struct tsip_challenge_s
+{
+ TSK_DECLARE_OBJECT;
+
+ const tsip_stack_handle_t *stack;
+
+ tsk_bool_t isproxy;
+
+ char* username;
+ char* scheme;
+ char* realm;
+ char* nonce;
+ char* opaque;
+ char* algorithm;
+ const char* qop;
+
+ char* ha1_hexstr;
+
+ AKA_CK_T ck;
+ AKA_IK_T ik;
+
+ tsk_md5string_t cnonce;
+ unsigned nc;
+}
+tsip_challenge_t;
+
+typedef tsk_list_t tsip_challenges_L_t;
+
+TINYSIP_API tsip_challenge_t* tsip_challenge_create(tsip_stack_t* stack, tsk_bool_t isproxy, const char* scheme, const char* realm, const char* nonce, const char* opaque, const char* algorithm, const char* qop);
+tsip_challenge_t* tsip_challenge_create_null(tsip_stack_t* stack);
+
+int tsip_challenge_set_cred(tsip_challenge_t *self, const char* username, const char* ha1_hexstr);
+int tsip_challenge_update(tsip_challenge_t *self, const char* scheme, const char* realm, const char* nonce, const char* opaque, const char* algorithm, const char* qop);
+TINYSIP_API tsip_header_t *tsip_challenge_create_header_authorization(tsip_challenge_t *self, const tsip_request_t *request);
+tsip_header_t *tsip_challenge_create_empty_header_authorization(const char* username, const char* realm, const char* uristring);
+
+TINYSIP_GEXTERN const tsk_object_def_t *tsip_challenge_def_t;
+
+TSIP_END_DECLS
+
+#endif /* TINYSIP_AUTHENTICATION_CHALLENGE_H */
+
diff --git a/tinySIP/include/tinysip/authentication/tsip_milenage.h b/tinySIP/include/tinysip/authentication/tsip_milenage.h
new file mode 100644
index 0000000..dbf72de
--- /dev/null
+++ b/tinySIP/include/tinysip/authentication/tsip_milenage.h
@@ -0,0 +1,189 @@
+/*
+* Copyright (C) 2010-2011 Mamadou Diop.
+*
+* Contact: Mamadou Diop <diopmamadou(at)doubango[dot]org>
+*
+* This file is part of Open Source Doubango Framework.
+*
+* DOUBANGO is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* DOUBANGO is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with DOUBANGO.
+*
+*/
+
+/**@file tsip_milenage.h
+ * @brief 3GPP authentication and key agreement functions f1, f1*, f2, f3, f4, f5 and f5*.
+ *
+ * @section DESCRIPTION
+ *
+ * @sa 3G Security
+ * <a href="http://www.3gpp.org/ftp/Specs/html-info/35205.htm"> 3GPP TS 35.205 </a>
+ * <a href="http://www.3gpp.org/ftp/Specs/html-info/35206.htm"> 3GPP TS 35.206 </a>
+ * <a href="http://www.3gpp.org/ftp/Specs/html-info/35207.htm"> 3GPP TS 35.207 </a>
+ * <a href="http://www.3gpp.org/ftp/Specs/html-info/35208.htm"> 3GPP TS 35.208 </a>
+ * <a href="http://www.3gpp.org/ftp/Specs/html-info/35909.htm"> 3GPP TS 35.909 </a>
+ *-------------------------------------------------------------------
+ * Example algorithms f1, f1*, f2, f3, f4, f5, f5*
+ *-------------------------------------------------------------------
+ *
+ * A sample implementation of the example 3GPP authentication and
+ * key agreement functions f1, f1*, f2, f3, f4, f5 and f5*. This is
+ * a byte-oriented implementation of the functions, and of the block
+ * cipher kernel function Rijndael.
+ *
+ * This has been coded for clarity, not necessarily for efficiency.
+ *
+ * The functions f2, f3, f4 and f5 share the same inputs and have
+ * been coded together as a single function. f1, f1* and f5* are
+ * all coded separately.
+ *
+ *-----------------------------------------------------------------
+ *
+ * @author Mamadou Diop <diopmamadou(at)doubango[dot]org>
+ *
+
+ */
+
+#ifndef TINYSIP_AUTHENTICATION_MILENAGE_H
+#define TINYSIP_AUTHENTICATION_MILENAGE_H
+
+#include "tinysip_config.h"
+
+/**@def AKA_AK_SIZE
+ * a 48-bit anonymity key that is the output of either of the functions f5 and f5*.
+ * Defined in 3GPP TS 35.206 subclause 2.3.
+ */
+
+TSIP_BEGIN_DECLS
+
+#define AKA_AK_SIZE 6
+typedef uint8_t AKA_AK_T[AKA_AK_SIZE + 1];
+
+/**@def AKA_AMF_SIZE
+ * 16-bit authentication management field that is an input to the functions f1 and f1*.
+ * Defined in 3GPP TS 35.206 subclause 2.3.
+ */
+#define AKA_AMF_SIZE 2
+typedef uint8_t AKA_AMF_T[AKA_AMF_SIZE + 1];
+
+/**@def AKA_CK_SIZE
+ * a 128-bit confidentiality key that is the output of the function f3.
+ * Defined in 3GPP TS 35.206 subclause 2.3.
+ */
+#define AKA_CK_SIZE 16
+typedef uint8_t AKA_CK_T[AKA_CK_SIZE + 1];
+
+/**@def AKA_IK_SIZE
+ * a 128-bit integrity key that is the output of the function f4.
+ * Defined in 3GPP TS 35.206 subclause 2.3.
+ */
+#define AKA_IK_SIZE 16
+typedef uint8_t AKA_IK_T[AKA_IK_SIZE + 1];
+
+/**@def AKA_K_SIZE
+ * a 128-bit subscriber key that is an input to the functions f1, f1*, f2, f3, f4, f5 and f5*.
+ * Defined in 3GPP TS 35.206 subclause 2.3.
+ */
+#define AKA_K_SIZE 16
+typedef uint8_t AKA_K_T[AKA_K_SIZE + 1];
+
+/**@def AKA_MAC_A_SIZE
+ * a 64-bit network authentication code that is the output of the function f1.
+ * Defined in 3GPP TS 35.206 subclause 2.3.
+ */
+#define AKA_MAC_A_SIZE 8
+typedef uint8_t AKA_MAC_A_T[AKA_MAC_A_SIZE + 1];
+
+/**@def AKA_MAC_S_SIZE
+ * a 64-bit network authentication code that is the output of the function f1*.
+ * Defined in 3GPP TS 35.206 subclause 2.3.
+ */
+#define AKA_MAC_S_SIZE 8
+typedef uint8_t AKA_MAC_S_T[AKA_MAC_S_SIZE + 1];
+
+/**@def AKA_OP_SIZE
+ * a 128-bit Operator Variant Algorithm Configuration Field that is a component of the functions f1, f1*, f2, f3, f4, f5 and f5*.
+ * Defined in 3GPP TS 35.206 subclause 2.3.
+ */
+#define AKA_OP_SIZE 16
+typedef uint8_t AKA_OP_T[AKA_OP_SIZE + 1];
+
+/**@def AKA_OPC_SIZE
+ * a 128-bit value derived from OP and K and used within the computation of the functions.
+ * Defined in 3GPP TS 35.206 subclause 2.3.
+ */
+#define AKA_OPC_SIZE 16
+typedef uint8_t AKA_OPC_T[AKA_OPC_SIZE + 1];
+
+/**@def AKA_RAND_SIZE
+ * a 128-bit random challenge that is an input to the functions f1, f1*, f2, f3, f4, f5 and f5*.
+ * Defined in 3GPP TS 35.206 subclause 2.3.
+ */
+#define AKA_RAND_SIZE 16
+typedef uint8_t AKA_RAND_T[AKA_RAND_SIZE + 1];
+
+/**@def AKA_RES_SIZE
+ * a 64-bit signed response that is the output of the function f2.
+ * Defined in 3GPP TS 35.206 subclause 2.3.
+ */
+#define AKA_RES_SIZE 8
+typedef uint8_t AKA_RES_T[AKA_RES_SIZE + 1];
+
+/**@def AKA_SQN_SIZE
+ * a 48-bit sequence number that is an input to either of the functions f1 and f1*. (For f1* this input is more precisely called SQNMS.)
+ * Defined in 3GPP TS 35.206 subclause 2.3.
+ */
+#define AKA_SQN_SIZE 6
+typedef uint8_t AKA_SQN_T[AKA_SQN_SIZE + 1];
+
+/**@def AKA_TEMP_SIZE
+ * a 128-bit value used within the computation of the functions.
+ * Defined in 3GPP TS 35.206 subclause 2.3.
+ */
+#define AKA_TEMP_SIZE 16
+typedef uint8_t AKA_TEMP_T[AKA_TEMP_SIZE + 1];
+
+/**@def AKA_AUTS_SIZE
+* Authentication Token. A 112 bit value generated by the client
+ upon experiencing an SQN synchronization failure.
+* Defined in RFC 3310 subclause 3.4
+*/
+#define AKA_AUTS_SIZE 14
+typedef uint8_t AKA_AUTS_T[AKA_AUTS_SIZE + 1];
+
+/**@def AKA_AUTN_SIZE
+* Authentication Token. A 128 bit value generated by the AuC, which
+ together with the RAND parameter authenticates the server to the client.
+* Defined in RFC 3310 subclause 3.4
+*/
+#define AKA_AUTN_SIZE 16
+typedef uint8_t AKA_AUTN_T[AKA_AUTN_SIZE + 1];
+
+#define AKA_XXX_DECLARE(name) AKA_##name##_T name
+#define AKA_XXX_BZERO(name) memset(name, '\0', AKA_##name##_SIZE + 1)
+
+void f1 ( uint8_t k[16], uint8_t rand[16], uint8_t sqn[6], uint8_t amf[2],
+ uint8_t mac_a[8] );
+void f2345 ( uint8_t k[16], uint8_t rand[16],
+ uint8_t res[8], uint8_t ck[16], uint8_t ik[16], uint8_t ak[6] );
+void f1star( uint8_t k[16], uint8_t rand[16], uint8_t sqn[6], uint8_t amf[2],
+ uint8_t mac_s[8] );
+void f5star( uint8_t k[16], uint8_t rand[16],
+ uint8_t ak[6] );
+void ComputeOPc( uint8_t op_c[16] );
+void ComputeOP( uint8_t op[16] );
+
+
+TSIP_END_DECLS
+
+#endif /* TINYSIP_AUTHENTICATION_MILENAGE_H */
+
diff --git a/tinySIP/include/tinysip/authentication/tsip_rijndael.h b/tinySIP/include/tinysip/authentication/tsip_rijndael.h
new file mode 100644
index 0000000..18efe3a
--- /dev/null
+++ b/tinySIP/include/tinysip/authentication/tsip_rijndael.h
@@ -0,0 +1,71 @@
+/*
+* Copyright (C) 2010-2011 Mamadou Diop.
+*
+* Contact: Mamadou Diop <diopmamadou(at)doubango[dot]org>
+*
+* This file is part of Open Source Doubango Framework.
+*
+* DOUBANGO is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* DOUBANGO is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with DOUBANGO.
+*
+*/
+
+/**@file tsip_rijndael.h
+ * @brief Rijndael Implementation.
+ *
+
+ * @section DESCRIPTION
+ *
+ * @sa 3G Security
+ * <a href="http://www.3gpp.org/ftp/Specs/html-info/35205.htm"> 3GPP TS 35.205 </a>
+ * <a href="http://www.3gpp.org/ftp/Specs/html-info/35206.htm"> 3GPP TS 35.206 </a>
+ * <a href="http://www.3gpp.org/ftp/Specs/html-info/35207.htm"> 3GPP TS 35.207 </a>
+ * <a href="http://www.3gpp.org/ftp/Specs/html-info/35208.htm"> 3GPP TS 35.208 </a>
+ * <a href="http://www.3gpp.org/ftp/Specs/html-info/35909.htm"> 3GPP TS 35.909 </a>
+ *-------------------------------------------------------------------
+ * Rijndael Implementation
+ *-------------------------------------------------------------------
+ *
+ * A sample 32-bit orientated implementation of Rijndael, the
+ * suggested kernel for the example 3GPP authentication and key
+ * agreement functions.
+ *
+ * This implementation draws on the description in section 5.2 of
+ * the AES proposal and also on the implementation by
+ * Dr B. R. Gladman <brg@gladman.uk.net> 9th October 2000.
+ * It uses a number of large (4k) lookup tables to implement the
+ * algorithm in an efficient manner.
+ *
+ * Note: in this implementation the State is stored in four 32-bit
+ * words, one per column of the State, with the top byte of the
+ * column being the _least_ significant byte of the word.
+ *
+ *-----------------------------------------------------------------
+ *
+ * @author Mamadou Diop <diopmamadou(at)doubango[dot]org>
+ *
+
+ */
+#ifndef TINYSIP_AUTHENTICATION_RIJNDAEL_H
+#define TINYSIP_AUTHENTICATION_RIJNDAEL_H
+
+#include "tinysip_config.h"
+
+TSIP_BEGIN_DECLS
+
+void RijndaelKeySchedule( uint8_t key[16] );
+void RijndaelEncrypt( uint8_t in[16], uint8_t out[16] );
+
+TSIP_END_DECLS
+
+#endif /*TINYSIP_AUTHENTICATION_RIJNDAEL_H*/
OpenPOWER on IntegriCloud