Hi Kutay, Many thanks for your detailed response. However I have no problem understanding the "common" case of digest authentication (or at least, I hope so :-) ). To clarify my question, let's consider that the URI in your example includes optional values, e. g.
sip:user:[email protected] ;transport=udp;user=ip;method=INVITE;ttl=123&header=some%20header What value should be used in the calculation of str2 in the <sip uri> part, the whole URI as string with all optional values in the exact order they are given above or just the mandatory parts (which would be " sip:[email protected]" or the one in your example without the user)? Best regards, Peter 2011/4/1 Kutay OZDOGRU <[email protected]> > > Hi all, > > Let me explain, authorization. > > Lets consider these informations are provided: > > username="[email protected]" > realm="ericsson.com" > uri="sip:ericsson.com" > password:"alice" > > > > REGISTER sip:ericsson.com SIP/2.0 > Max-Forwards: 20 > CSeq: 1 REGISTER > Expires: 3600 > Content-Length: 0 > Contact: "Alice" <sip:[email protected]:5060 > >;+sip.instance=e7def040-f226-4927-bd52-a37f0fdf0067 > Authorization: Digest username="[email protected]",realm="ericsson.com > ",nonce="",response="",uri="sip:ericsson.com" > User-Agent: Fokus MONSTER Version: 0.9.13 > From: "Alice" <sip:[email protected]>;tag=1000 > To: "Alice" <sip:[email protected]> > Call-ID: [email protected] > Via: SIP/2.0/UDP 127.0.0.1:5060 > ;branch=z9hG4bK3b39625cc9b75f78d0789f5a93554dfb3536 > > > ]]] > [SDS] [INFO ] > <-- Sent message on UDP [Local: 0.0.0.0:5081 | Remote: 127.0.0.1:5060] [[[ > SIP/2.0 401 Unauthorized - Respond to challenge > CSeq: 1 REGISTER > Via: SIP/2.0/UDP 127.0.0.1:5060 > ;branch=z9hG4bK3b39625cc9b75f78d0789f5a93554dfb3536;received_port_ext=5081;received=127.0.0.1 > WWW-Authenticate: Digest realm="ericsson.com",stale=false, > algorithm=MD5,nonce="fe176678b1b5fe0738666a70e05248c4", > opaque="d77e6f9d33d5f3baadf33be71aa52403",domain="sip:ericsson.com > ",qop="auth" > Content-Length: 0 > Call-ID: [email protected] > From: "Alice" <sip:[email protected]>;tag=1000 > To: "Alice"<sip:[email protected]>;tag=5066 > > > ]]] > [SDS] [INFO ] > --> Received message on UDP [Local: 127.0.0.1:5081 | Remote: > 127.0.0.1:5060] [[[ > REGISTER sip:ericsson.com SIP/2.0 > Max-Forwards: 20 > CSeq: 2 REGISTER > Expires: 3600 > Content-Length: 0 > Contact: "Alice" <sip:[email protected]:5060 > >;+sip.instance=e7def040-f226-4927-bd52-a37f0fdf0067 > Authorization: Digest username="[email protected]",realm="ericsson.com", > nonce="fe176678b1b5fe0738666a70e05248c4",uri="sip:ericsson.com", > opaque="d77e6f9d33d5f3baadf33be71aa52403",algoritm=MD5, > > response="16e5c07af53f578bf1c08dedc636ffa7",qop=auth,nc=00000001,cnonce="101102559755515299" > User-Agent: Fokus MONSTER Version: 0.9.13 > From: "Alice" <sip:[email protected]>;tag=1001 > To: "Alice" <sip:[email protected]> > Call-ID: [email protected] > Via: SIP/2.0/UDP 127.0.0.1:5060 > ;branch=z9hG4bKf739c2091e946a283db7449f256244003536 > > > > In this message flows, to calculate response paramater you should use the > following algorithm: > > > String str1 = MD5( [email protected]:ericsson.com:alice ) > // str1 Equals: 1 2e7d687bd567bc61f7675a58cca337d7 > // MD5(<username> + ":" + <realm> + ":" + <password>) > > String str2 = MD5( REGISTER:sip:ericsson.com ) > // str2 Equals: 1 e3939fcee16f943b7fc61ad777e2b7eb > // MD5(REGISTER:<sip uri>) > > String str3 = MD5( > 2e7d687bd567bc61f7675a58cca337d7:fe176678b1b5fe0738666a70e05248c4:00000001:101102559755515299:auth:e3939fcee16f943b7fc61ad777e2b7eb > ) > // str3 Equals: 16e5c07af53f578bf1c08dedc636ffa7 > // MD5( str1 + ":" + <nonce> + ":" + <cnonce> + ":" + <qop> + ":" + str2 ) > > STR3 is your response parameter. > > I hope it will help you ;)) > > Thanks, > Kutay > > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Peter Krebs > Sent: 31 Mart 2011 Perşembe 21:07 > To: [email protected] > Subject: [Sip-implementors] Digest-URI questions > > Hello, > > I have a question regarding the Digest-URI used to calculate the response > parameter which is put into an Authorization header. From RFC 3665 it seems > to me that the Digest-URI is the same as the Request-URI. However, in > draft-smit-sip-auth-examples the From-URI is clearly used in all > calculations and in the Authorization header. Which one should a UAC use, or > is it only required that whatever URI is used in the digest calculation is > conveyed in the uri parameter of the Authorization header? > > Another related question: In all examples I have seen so far, the > Digest-URI consisted only of user and host. What form of the URI should be > used in the calculation and Authorization header respectively, if there are > URI parameters and/or headers present? Should the parameters/headers be > stripped off and only the user+host (+password?) be used? Is there a > canonical URI format for digest authentication? > > Thanks in advance for all answers. > > Best regards, > > Peter > _______________________________________________ > Sip-implementors mailing list > [email protected] > https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors > _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
