Changeset 1488

Timestamp:

Oct 10, 2007 11:37:56 AM (17 years ago)

Author:

bennylp

Message:

Ticket #396: initial implementation of digest AKA (akav1-md5) authentication for IMS/3GPP

Location:

pjproject/trunk

Files:

• pjlib-util/build/Makefile (modified) (1 diff)
• pjlib-util/build/pjlib_util.dsp (modified) (4 diffs)
• pjlib-util/include/pjlib-util/base64.h (added)
• pjlib-util/src/pjlib-util-test/encryption.c (modified) (1 diff)
• pjlib-util/src/pjlib-util/base64.c (added)
• pjproject-vs8.sln (modified) (6 diffs)
• pjproject.dsw (modified) (2 diffs)
• pjsip-apps/build/wince-evc4/wince_demos.vcw (modified) (2 diffs)
• pjsip/build/pjsip_core.dsp (modified) (2 diffs)
• pjsip/include/pjsip.h (modified) (1 diff)
• pjsip/include/pjsip/sip_auth.h (modified) (7 diffs)
• pjsip/include/pjsip/sip_auth_aka.h (added)
• pjsip/include/pjsip/sip_errno.h (modified) (1 diff)
• pjsip/include/pjsua-lib/pjsua.h (modified) (1 diff)
• pjsip/src/pjsip/sip_auth_aka.c (added)
• pjsip/src/pjsip/sip_auth_client.c (modified) (8 diffs)
• pjsip/src/pjsip/sip_errno.c (modified) (1 diff)
• pjsip/src/pjsua-lib/pjsua_core.c (modified) (1 diff)
• third_party/README.txt (modified) (1 diff)
• third_party/build/Makefile (modified) (1 diff)
• third_party/build/milenage (added)
• third_party/build/milenage/Makefile (added)
• third_party/build/milenage/libmilenage.dsp (added)
• third_party/build/milenage/libmilenage.vcp (added)
• third_party/build/milenage/libmilenage.vcproj (added)
• third_party/build/milenage/output (added)
• third_party/build/os-darwinos.mak (modified) (1 diff)
• third_party/build/os-linux.mak (modified) (1 diff)
• third_party/build/os-win32.mak (modified) (1 diff)
• third_party/milenage (added)
• third_party/milenage/milenage.c (added)
• third_party/milenage/milenage.h (added)
• third_party/milenage/rijndael.c (added)
• third_party/milenage/rijndael.h (added)

pjproject/trunk/pjlib-util/build/Makefile

@@ -28 +28 @@
 export PJLIB_UTIL_SRCDIR = ../src/pjlib-util
 export PJLIB_UTIL_OBJS += $(OS_OBJS) $(M_OBJS) $(CC_OBJS) $(HOST_OBJS) \
-                crc32.o errno.o dns.o dns_dump.o getopt.o \
+                base64.o crc32.o errno.o dns.o dns_dump.o getopt.o \
                 hmac_md5.o hmac_sha1.o md5.o resolver.o \
                 scanner.o sha1.o srv_resolver.o string.o stun_simple.o \

pjproject/trunk/pjlib-util/build/pjlib_util.dsp

@@ -41 +41 @@
 # PROP Intermediate_Dir "./output/pjlib-util-i386-win32-vc6-release"
 # PROP Target_Dir ""
+F90=df.exe
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_MBCS" /D "_LIB" /YX /FD /c
 # ADD CPP /nologo /MD /W4 /GX /Zi /O2 /Ob2 /I "../include" /I "../../pjlib/include" /D "NDEBUG" /D "WIN32" /D "_MBCS" /D "_LIB" /D PJ_WIN32=1 /D PJ_M_I386=1 /FR /FD /c
@@ -65 +66 @@
 # PROP Intermediate_Dir "./output/pjlib-util-i386-win32-vc6-debug"
 # PROP Target_Dir ""
+F90=df.exe
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_MBCS" /D "_LIB" /YX /FD /GZ /c
 # ADD CPP /nologo /MTd /W4 /Gm /GX /ZI /Od /I "../include" /I "../../pjlib/include" /D "_DEBUG" /D "WIN32" /D "_MBCS" /D "_LIB" /D PJ_WIN32=1 /D PJ_M_I386=1 /FR /FD /GZ /c
@@ -88 +90 @@
 # Begin Source File
 
+SOURCE="..\src\pjlib-util\base64.c"
+# End Source File
+# Begin Source File
+
 SOURCE="..\src\pjlib-util\crc32.c"
 # End Source File
@@ -168 +174 @@
 
 # PROP Default_Filter "h;hpp;hxx;hm;inl"
+# Begin Source File
+
+SOURCE="..\include\pjlib-util\base64.h"
+# End Source File
 # Begin Source File
 

pjproject/trunk/pjlib-util/src/pjlib-util-test/encryption.c

@@ -466 +466 @@
 
 
+/*
+ * Base64 test vectors (RFC 4648)
+ */
+static struct base64_test_vec
+{
+    const char *base256;
+    const char *base64;
+} base64_test_vec[] = 
+{
+    {
+        "",
+        ""
+    },
+    {
+        "f",
+        "Zg=="
+    },
+    {
+        "fo",
+        "Zm8="
+    },
+    {
+        "foo",
+        "Zm9v"
+    },
+    {
+        "foob",
+        "Zm9vYg=="
+    },
+    {
+        "fooba",
+        "Zm9vYmE=",
+    },
+    {
+        "foobar",
+        "Zm9vYmFy"
+    },
+    {
+        "\x14\xfb\x9c\x03\xd9\x7e",
+        "FPucA9l+"
+    },
+    {
+        "\x14\xfb\x9c\x03\xd9",
+        "FPucA9k="
+    },
+    {
+        "\x14\xfb\x9c\x03",
+        "FPucAw=="
+    }
+};
+
+
+static int base64_test(void)
+{
+    unsigned i;
+    char output[80];
+    pj_status_t rc;
+
+    PJ_LOG(3, (THIS_FILE, "  base64 test.."));
+
+    for (i=0; i<PJ_ARRAY_SIZE(base64_test_vec); ++i) {
+        /* Encode test */
+        pj_str_t input;
+        int out_len = sizeof(output);
+
+        rc = pj_base64_encode(base64_test_vec[i].base256, 
+                              strlen(base64_test_vec[i].base256),
+                              output, &out_len);
+        if (rc != PJ_SUCCESS)
+            return -90;
+
+        if (out_len != strlen(base64_test_vec[i].base64))
+            return -91;
+
+        output[out_len] = '\0';
+        if (strcmp(output, base64_test_vec[i].base64) != 0)
+            return -92;
+
+        /* Decode test */
+        out_len = sizeof(output);
+        input.ptr = base64_test_vec[i].base64;
+        input.slen = strlen(base64_test_vec[i].base64);
+        rc = pj_base64_decode(&input, (pj_uint8_t*)output, &out_len);
+        if (rc != PJ_SUCCESS)
+            return -95;
+
+        if (out_len != strlen(base64_test_vec[i].base256))
+            return -96;
+
+        output[out_len] = '\0';
+
+        if (strcmp(output, base64_test_vec[i].base256) != 0)
+            return -97;
+    }
+
+    return 0;
+}
+
+
 int encryption_test()
 {
     int rc;
+
+    rc = base64_test();
+    if (rc != 0)
+        return rc;
 
     rc = sha1_test1();

pjproject/trunk/pjproject-vs8.sln

@@ -29 +29 @@
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pjsua", "pjsip-apps\build\pjsua.vcproj", "{8310649E-A25E-4AF0-91E8-9E3CC659BB89}"
         ProjectSection(ProjectDependencies) = postProject
+                {2BB84911-C1B4-4747-B93D-36AA82CC5031} = {2BB84911-C1B4-4747-B93D-36AA82CC5031}
+                {4BF51C21-5A30-423B-82FE-1ED410E5769D} = {4BF51C21-5A30-423B-82FE-1ED410E5769D}
                 {E53AA5FF-B737-40AA-BD13-387EFA99023D} = {E53AA5FF-B737-40AA-BD13-387EFA99023D}
                 {9CA0FDFB-2172-41FC-B7F1-5CE915EDCB37} = {9CA0FDFB-2172-41FC-B7F1-5CE915EDCB37}
@@ -42 +44 @@
                 {FE07F272-AE7F-4549-9E9F-EF9B80CB1693} = {FE07F272-AE7F-4549-9E9F-EF9B80CB1693}
                 {A5D9AA24-08ED-48B9-BD65-F0A25E96BFC4} = {A5D9AA24-08ED-48B9-BD65-F0A25E96BFC4}
-                {2BB84911-C1B4-4747-B93D-36AA82CC5031} = {2BB84911-C1B4-4747-B93D-36AA82CC5031}
         EndProjectSection
 EndProject
@@ -49 +50 @@
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sample_debug", "pjsip-apps\build\sample_debug.vcproj", "{A0F1AA62-0F6F-420D-B09A-AC04B6862821}"
         ProjectSection(ProjectDependencies) = postProject
-                {2BB84911-C1B4-4747-B93D-36AA82CC5031} = {2BB84911-C1B4-4747-B93D-36AA82CC5031}
-                {A5D9AA24-08ED-48B9-BD65-F0A25E96BFC4} = {A5D9AA24-08ED-48B9-BD65-F0A25E96BFC4}
                 {E53AA5FF-B737-40AA-BD13-387EFA99023D} = {E53AA5FF-B737-40AA-BD13-387EFA99023D}
                 {9CA0FDFB-2172-41FC-B7F1-5CE915EDCB37} = {9CA0FDFB-2172-41FC-B7F1-5CE915EDCB37}
@@ -63 +62 @@
                 {6794B975-4E84-4F49-B2DC-C31F2224E03E} = {6794B975-4E84-4F49-B2DC-C31F2224E03E}
                 {FE07F272-AE7F-4549-9E9F-EF9B80CB1693} = {FE07F272-AE7F-4549-9E9F-EF9B80CB1693}
+                {A5D9AA24-08ED-48B9-BD65-F0A25E96BFC4} = {A5D9AA24-08ED-48B9-BD65-F0A25E96BFC4}
+                {2BB84911-C1B4-4747-B93D-36AA82CC5031} = {2BB84911-C1B4-4747-B93D-36AA82CC5031}
         EndProjectSection
 EndProject
@@ -102 +103 @@
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libresample_dll", "third_party\build\resample\libresample_dll.vcproj", "{C48EAAF5-F69E-410B-9CE4-23AB41B00E2A}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libmilenage", "third_party\build\milenage\libmilenage.vcproj", "{4BF51C21-5A30-423B-82FE-1ED410E5769D}"
 EndProject
 Global
@@ -193 +196 @@
                 {C48EAAF5-F69E-410B-9CE4-23AB41B00E2A}.Release|Win32.ActiveCfg = Release|Win32
                 {C48EAAF5-F69E-410B-9CE4-23AB41B00E2A}.Release|Win32.Build.0 = Release|Win32
+                {4BF51C21-5A30-423B-82FE-1ED410E5769D}.Debug|Win32.ActiveCfg = Debug|Win32
+                {4BF51C21-5A30-423B-82FE-1ED410E5769D}.Debug|Win32.Build.0 = Debug|Win32
+                {4BF51C21-5A30-423B-82FE-1ED410E5769D}.Release|Win32.ActiveCfg = Release|Win32
+                {4BF51C21-5A30-423B-82FE-1ED410E5769D}.Release|Win32.Build.0 = Release|Win32
         EndGlobalSection
         GlobalSection(SolutionProperties) = preSolution

pjproject/trunk/pjproject.dsw

@@ -28 +28 @@
 ###############################################################################
 
+Project: "libmilenage"=.\third_party\build\milenage\libmilenage.dsp - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
 Project: "libportaudio"=.\THIRD_PARTY\BUILD\PORTAUDIO\libportaudio.dsp - Package Owner=<4>
 
@@ -255 +267 @@
     Project_Dep_Name libresample
     End Project Dependency
+    Begin Project Dependency
+    Project_Dep_Name libmilenage
+    End Project Dependency
 }}}
 

pjproject/trunk/pjsip-apps/build/wince-evc4/wince_demos.vcw

@@ -28 +28 @@
 ###############################################################################
 
+Project: "libmilenage"="..\..\..\third_party\build\milenage\libmilenage.vcp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
 Project: "libportaudio"="..\..\..\THIRD_PARTY\BUILD\PORTAUDIO\libportaudio.vcp" - Package Owner=<4>
 
@@ -243 +255 @@
     Project_Dep_Name libspeex
     End Project Dependency
+    Begin Project Dependency
+    Project_Dep_Name libmilenage
+    End Project Dependency
 }}}
 

pjproject/trunk/pjsip/build/pjsip_core.dsp

@@ -165 +165 @@
 # Begin Source File
 
+SOURCE=..\src\pjsip\sip_auth_aka.c
+# End Source File
+# Begin Source File
+
 SOURCE=..\src\pjsip\sip_auth_client.c
 # End Source File
@@ -309 +313 @@
 # Begin Source File
 
+SOURCE=..\include\pjsip\sip_auth_aka.h
+# End Source File
+# Begin Source File
+
 SOURCE=..\include\pjsip\sip_auth_msg.h
 # End Source File

pjproject/trunk/pjsip/include/pjsip.h

@@ -46 +46 @@
 /* Authentication. */
 #include <pjsip/sip_auth.h>
+#include <pjsip/sip_auth_aka.h>
 
 /* Transaction layer. */

pjproject/trunk/pjsip/include/pjsip/sip_auth.h

@@ -47 +47 @@
 
 
-/** Type of data in the credential information. */
+/** Type of data in the credential information in #pjsip_cred_info. */
 typedef enum pjsip_cred_data_type
 {
-    PJSIP_CRED_DATA_PLAIN_PASSWD,   /**< Plain text password.   */
-    PJSIP_CRED_DATA_DIGEST          /**< Hashed digest.         */
+    PJSIP_CRED_DATA_PLAIN_PASSWD=0, /**< Plain text password.           */
+    PJSIP_CRED_DATA_DIGEST      =1, /**< Hashed digest.                 */
+
+    PJSIP_CRED_DATA_EXT_AKA     =16 /**< Extended AKA info is available */
+
 } pjsip_cred_data_type;
 
@@ -64 +67 @@
 
 
+/**
+ * Type of callback function to create authentication response.
+ * Application can specify this callback in \a cb field of the credential info
+ * (#pjsip_cred_info) and specifying PJSIP_CRED_DATA_DIGEST_CALLBACK as 
+ * \a data_type. When this function is called, most of the fields in the 
+ * \a auth authentication response will have been filled by the framework. 
+ * Application normally should just need to calculate the response digest 
+ * of the authentication response.
+ *
+ * @param pool      Pool to allocate memory from if application needs to.
+ * @param chal      The authentication challenge sent by server in 401
+ *                  or 401 response, in either Proxy-Authenticate or
+ *                  WWW-Authenticate header.
+ * @param cred      The credential that has been selected by the framework
+ *                  to authenticate against the challenge.
+ * @param auth      The authentication response which application needs to
+ *                  calculate the response digest.
+ *
+ * @return          Application may return non-PJ_SUCCESS to abort the
+ *                  authentication process. When this happens, the 
+ *                  framework will return failure to the original function
+ *                  that requested authentication.
+ */
+typedef pj_status_t (*pjsip_cred_cb)(pj_pool_t *pool,
+                                     const pjsip_digest_challenge *chal,
+                                     const pjsip_cred_info *cred,
+                                     const pj_str_t *method,
+                                     pjsip_digest_credential *auth);
+
+
 /** 
  * This structure describes credential information. 
@@ -70 +103 @@
  *
  * Note that since PJSIP 0.7.0.1, it is possible to make a credential that is
- * valid for any realms, by setting the realm to star/asterisk character,
+ * valid for any realms, by setting the realm to star/wildcard character,
  * i.e. realm = pj_str("*");.
  */
@@ -83 +116 @@
     pj_str_t    data;           /**< The data, which can be a plaintext 
                                      password or a hashed digest.           */
+
+    /** Extended data */
+    union {
+        /** Digest AKA credential information. Note that when AKA credential
+         *  is being used, the \a data field of this #pjsip_cred_info is
+         *  not used, but it still must be initialized to an empty string.
+         */
+        struct {
+            pj_str_t      k;    /**< Permanent key.                     */
+            pj_str_t      op;   /**< Operator variant key.              */
+            pj_str_t      amf;  /**< Authentication Management Field    */
+            pjsip_cred_cb cb;   /**< Callback to create AKA digest.     */
+        } aka;
+
+    } ext;
 };
 
@@ -151 +199 @@
 
 /**
+ * Duplicate a credential info.
+ *
+ * @param pool      The memory pool.
+ * @param dst       Destination credential.
+ * @param src       Source credential.
+ */
+PJ_DECL(void) pjsip_cred_info_dup(pj_pool_t *pool,
+                                  pjsip_cred_info *dst,
+                                  const pjsip_cred_info *src);
+
+/**
  * Type of function to lookup credential for the specified name.
  *
@@ -350 +409 @@
                                                pjsip_tx_data *tdata);
 
+/**
+ * Helper function to create MD5 digest out of the specified 
+ * parameters.
+ *
+ * @param result        String to store the response digest. This string
+ *                      must have been preallocated by caller with the 
+ *                      buffer at least PJSIP_MD5STRLEN (32 bytes) in size.
+ * @param nonce         Optional nonce.
+ * @param nc            Nonce count.
+ * @param cnonce        Optional cnonce.
+ * @param qop           Optional qop.
+ * @param uri           URI.
+ * @param realm         Realm.
+ * @param cred_info     Credential info.
+ * @param method        SIP method.
+ */
+PJ_DECL(void) pjsip_auth_create_digest(pj_str_t *result,
+                                       const pj_str_t *nonce,
+                                       const pj_str_t *nc,
+                                       const pj_str_t *cnonce,
+                                       const pj_str_t *qop,
+                                       const pj_str_t *uri,
+                                       const pj_str_t *realm,
+                                       const pjsip_cred_info *cred_info,
+                                       const pj_str_t *method);
 
 /**
@@ -355 +439 @@
  */
 
-/* Internal function defined in sip_auth_client.c */
-void pjsip_auth_create_digest( pj_str_t *result,
-                               const pj_str_t *nonce,
-                               const pj_str_t *nc,
-                               const pj_str_t *cnonce,
-                               const pj_str_t *qop,
-                               const pj_str_t *uri,
-                               const pj_str_t *realm,
-                               const pjsip_cred_info *cred_info,
-                               const pj_str_t *method);
-
 
 

pjproject/trunk/pjsip/include/pjsip/sip_errno.h

@@ -382 +382 @@
  */
 #define PJSIP_EAUTHSTALECOUNT   (PJSIP_ERRNO_START_PJSIP + 111) /* 171111 */
+/**
+ * @hideinitializer
+ * Invalid nonce value in the challenge.
+ */
+#define PJSIP_EAUTHINNONCE      (PJSIP_ERRNO_START_PJSIP + 112) /* 171112 */
+/**
+ * @hideinitializer
+ * Invalid AKA credential.
+ */
+#define PJSIP_EAUTHINAKACRED    (PJSIP_ERRNO_START_PJSIP + 113) /* 171113 */
 
 

pjproject/trunk/pjsip/include/pjsua-lib/pjsua.h

@@ -1030 +1030 @@
 
 
-/**
- * Duplicate credential.
- *
- * @param pool      The memory pool.
- * @param dst       Destination credential.
- * @param src       Source credential.
- *
- * \par Python:
- * Not applicable (for now). Probably we could just assign one credential
- * variable to another, but this has not been tested.
- */
-PJ_DECL(void) pjsip_cred_dup( pj_pool_t *pool,
-                              pjsip_cred_info *dst,
-                              const pjsip_cred_info *src);
+/* The implementation has been moved to sip_auth.h */
+#define pjsip_cred_dup  pjsip_cred_info_dup
 
 

pjproject/trunk/pjsip/src/pjsip/sip_auth_client.c

@@ -20 +20 @@
 #include <pjsip/sip_auth.h>
 #include <pjsip/sip_auth_parser.h>      /* just to get pjsip_DIGEST_STR */
+#include <pjsip/sip_auth_aka.h>
 #include <pjsip/sip_transport.h>
 #include <pjsip/sip_endpoint.h>
@@ -44 +45 @@
 #endif
 
+#define PASSWD_MASK         0x000F
+#define EXT_MASK            0x00F0
+
+
+PJ_DEF(void) pjsip_cred_info_dup(pj_pool_t *pool,
+                                 pjsip_cred_info *dst,
+                                 const pjsip_cred_info *src)
+{
+    pj_memcpy(dst, src, sizeof(pjsip_cred_info));
+
+    pj_strdup_with_null(pool, &dst->realm, &src->realm);
+    pj_strdup_with_null(pool, &dst->scheme, &src->scheme);
+    pj_strdup_with_null(pool, &dst->username, &src->username);
+    pj_strdup_with_null(pool, &dst->data, &src->data);
+
+    if ((dst->data_type & EXT_MASK) == PJSIP_CRED_DATA_EXT_AKA) {
+        pj_strdup(pool, &dst->ext.aka.k, &src->ext.aka.k);
+        pj_strdup(pool, &dst->ext.aka.op, &src->ext.aka.op);
+        pj_strdup(pool, &dst->ext.aka.amf, &src->ext.aka.amf);
+    }
+}
+
 
 /* Transform digest to string.
@@ -64 +87 @@
  * digest ASCII in 'result'. 
  */
-void pjsip_auth_create_digest( pj_str_t *result,
-                               const pj_str_t *nonce,
-                               const pj_str_t *nc,
-                               const pj_str_t *cnonce,
-                               const pj_str_t *qop,
-                               const pj_str_t *uri,
-                               const pj_str_t *realm,
-                               const pjsip_cred_info *cred_info,
-                               const pj_str_t *method)
+PJ_DEF(void) pjsip_auth_create_digest( pj_str_t *result,
+                                       const pj_str_t *nonce,
+                                       const pj_str_t *nc,
+                                       const pj_str_t *cnonce,
+                                       const pj_str_t *qop,
+                                       const pj_str_t *uri,
+                                       const pj_str_t *realm,
+                                       const pjsip_cred_info *cred_info,
+                                       const pj_str_t *method)
 {
     char ha1[PJSIP_MD5STRLEN];
@@ -83 +106 @@
     AUTH_TRACE_((THIS_FILE, "Begin creating digest"));
 
-    if (cred_info->data_type == PJSIP_CRED_DATA_PLAIN_PASSWD) {
+    if ((cred_info->data_type & PASSWD_MASK) == PJSIP_CRED_DATA_PLAIN_PASSWD) {
         /*** 
          *** ha1 = MD5(username ":" realm ":" password) 
@@ -97 +120 @@
         digest2str(digest, ha1);
 
-    } else if (cred_info->data_type == PJSIP_CRED_DATA_DIGEST) {
+    } else if ((cred_info->data_type & PASSWD_MASK) == PJSIP_CRED_DATA_DIGEST) {
         pj_assert(cred_info->data.slen == 32);
         pj_memcpy( ha1, cred_info->data.ptr, cred_info->data.slen );
+    } else {
+        pj_assert(!"Invalid data_type");
     }
 
@@ -221 +246 @@
         /* Server doesn't require quality of protection. */
 
-        /* Convert digest to string and store in chal->response. */
-        pjsip_auth_create_digest( &cred->response, &cred->nonce, NULL, NULL, 
-                                  NULL, uri, &chal->realm, cred_info, method);
+        if ((cred_info->data_type & EXT_MASK) == PJSIP_CRED_DATA_EXT_AKA) {
+            /* Call application callback to create the response digest */
+            return (*cred_info->ext.aka.cb)(pool, chal, cred_info, 
+                                            method, cred);
+        } 
+        else {
+            /* Convert digest to string and store in chal->response. */
+            pjsip_auth_create_digest( &cred->response, &cred->nonce, NULL, 
+                                      NULL,  NULL, uri, &chal->realm, 
+                                      cred_info, method);
+        }
 
     } else if (has_auth_qop(pool, &chal->qop)) {
@@ -240 +273 @@
         }
 
-        pjsip_auth_create_digest( &cred->response, &cred->nonce, &cred->nc, 
-                                  cnonce, &pjsip_AUTH_STR, uri, &chal->realm, 
-                                  cred_info, method );
+        if ((cred_info->data_type & EXT_MASK) == PJSIP_CRED_DATA_EXT_AKA) {
+            /* Call application callback to create the response digest */
+            return (*cred_info->ext.aka.cb)(pool, chal, cred_info, 
+                                            method, cred);
+        }
+        else {
+            pjsip_auth_create_digest( &cred->response, &cred->nonce, 
+                                      &cred->nc, cnonce, &pjsip_AUTH_STR, 
+                                      uri, &chal->realm, cred_info, method );
+        }
 
     } else {
@@ -425 +465 @@
         for (i=0; i<cred_cnt; ++i) {
             sess->cred_info[i].data_type = c[i].data_type;
+
+            /* When data_type is PJSIP_CRED_DATA_EXT_AKA, 
+             * callback must be specified.
+             */
+            if ((c[i].data_type & EXT_MASK) == PJSIP_CRED_DATA_EXT_AKA) {
+                /* Callback must be specified */
+                PJ_ASSERT_RETURN(c[i].ext.aka.cb != NULL, PJ_EINVAL);
+
+                /* Verify K len */
+                PJ_ASSERT_RETURN(c[i].ext.aka.k.slen == PJSIP_AKA_KLEN, 
+                                 PJSIP_EAUTHINAKACRED);
+
+                /* Verify OP len */
+                PJ_ASSERT_RETURN(c[i].ext.aka.op.slen == PJSIP_AKA_OPLEN, 
+                                 PJSIP_EAUTHINAKACRED);
+
+                /* Verify AMF len */
+                PJ_ASSERT_RETURN(c[i].ext.aka.amf.slen == PJSIP_AKA_AMFLEN,
+                                 PJSIP_EAUTHINAKACRED);
+
+                sess->cred_info[i].ext.aka.cb = c[i].ext.aka.cb;
+                pj_strdup(sess->pool, &sess->cred_info[i].ext.aka.k,
+                          &c[i].ext.aka.k);
+                pj_strdup(sess->pool, &sess->cred_info[i].ext.aka.op,
+                          &c[i].ext.aka.op);
+                pj_strdup(sess->pool, &sess->cred_info[i].ext.aka.amf,
+                          &c[i].ext.aka.amf);
+            }
+
             pj_strdup(sess->pool, &sess->cred_info[i].scheme, &c[i].scheme);
             pj_strdup(sess->pool, &sess->cred_info[i].realm, &c[i].realm);

pjproject/trunk/pjsip/src/pjsip/sip_errno.c

@@ -103 +103 @@
     PJ_BUILD_ERR( PJSIP_EAUTHINVALIDDIGEST,"Invalid authorization digest" ),
     PJ_BUILD_ERR( PJSIP_EAUTHSTALECOUNT,   "Maximum number of stale retries exceeded"),
+    PJ_BUILD_ERR( PJSIP_EAUTHINNONCE,      "Invalid nonce value in authentication challenge"),
+    PJ_BUILD_ERR( PJSIP_EAUTHINAKACRED,    "Invalid AKA credential"),
 
     /* UA/dialog layer. */

pjproject/trunk/pjsip/src/pjsua-lib/pjsua_core.c

@@ -80 +80 @@
     cfg->max_calls = 4;
     cfg->thread_cnt = 1;
-}
-
-PJ_DEF(void) pjsip_cred_dup( pj_pool_t *pool,
-                             pjsip_cred_info *dst,
-                             const pjsip_cred_info *src)
-{
-    pj_strdup_with_null(pool, &dst->realm, &src->realm);
-    pj_strdup_with_null(pool, &dst->scheme, &src->scheme);
-    pj_strdup_with_null(pool, &dst->username, &src->username);
-    pj_strdup_with_null(pool, &dst->data, &src->data);
 }
 

pjproject/trunk/third_party/README.txt

@@ -16 +16 @@
 gsm:            gsm-1.0.12
 ilbc:           from RFC
-plc_steveu:     Steve Underwood's PLC
 resample:       lib-resample, I think version 1.7

pjproject/trunk/third_party/build/Makefile

@@ -1 @@
-DIRS = resample
+DIRS = resample milenage
 
 include ../../build.mak

pjproject/trunk/third_party/build/os-darwinos.mak

@@ -1 @@
-DIRS = resample
 DIRS += gsm
 DIRS += ilbc

pjproject/trunk/third_party/build/os-linux.mak

@@ -1 @@
-DIRS = resample
 DIRS += gsm
 DIRS += ilbc

pjproject/trunk/third_party/build/os-win32.mak

@@ -1 @@
-DIRS = resample
 DIRS += gsm
 DIRS += ilbc