search

just50415 / android-rcs-ims-stack

Automatically exported from code.google.com/p/android-rcs-ims-stack
0 stars 0 forks source link

REGISTER challenge: wrong calculation of the response in case of several tokens for qop option in the challenging response. #4

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Use of openIMS as IMS core network
2. creation of a user in openIMS.
3. configuration of the rcs settings under the android emulator.
4. restart of the rcs service under the android emulator.

What is the expected output? What do you see instead?
After the android emulator sends a first REGISTER request, it receives from the 
openIMS network a "401" challenging response where qop is equal to "auth, 
auth-int" (as authorized in RFC2617, page 10). In this case, the android 
emulator has to send back a REGISTER request with qop equals to one of the 
proposed values (auth or auth-int but not both) and a md5 value calculated 
based partly on it.

Currently, the md5 value is not correct as the service is using the complete 
qop value received in the challenging response to calculate the md5 code. 

What version of the product are you using? On what operating system?
RCS core 2.0.8

Please provide any additional information below.
The problem occurs in the method writeSecurityHeader of the 
HttpDigestRegistrationProcedure class in the response calculation. 
The used method calculateResponse uses the complete QoP value inherited from 
the "401" challenging response instead of one of the token of the QoP value.

the MD5 code is then calculated in the following way:
H(a1) + ":" + nonce + ":" + nc + ":" + cnonce + ":" + qop + ":" + H(a2)
where qop will be equal to : "auth, auth-int"
and H(a2) will be equal to H(method + ":" + uri) as the qop value is not 
strictly equals to "auth-int" and starts with "auth".

A possible correction consists in choosing by default the first token from the 
qop value list during the retrieval of the www-authenticate parameters which is 
performed in the readSecurityHeader method from the 
HttpDigestRegistrationProcedure class.

in this case, the line :
// Get qop              digest.setQop(response.getHeaderParameter("WWW-Authenticate", 
"qop"));

can be replaced by:
// Get qop              digest.setQop(response.getHeaderParameter("WWW-Authenticate", 
"qop").split(",")[0]);

Extract from RFC2617, page 10
qop-options
     This directive is optional, [ ... ]. If present, it is a quoted 
     string of one or more tokens indicating the "quality of protection" 
     values supported by the server.  The value "auth" indicates
     authentication; the value "auth-int" indicates authentication with 
     integrity protection; [ ... ]

Original issue reported on code.google.com by rouxel.jerome@gmail.com on 19 Nov 2010 at 2:34

GoogleCodeExporter commented 8 years ago 
The correction of this issue may solve issue 3.

Original comment by rouxel.jerome@gmail.com on 19 Nov 2010 at 2:37

GoogleCodeExporter commented 8 years ago 
Corrected in v2.1.0

Original comment by jmauffret@gmail.com on 4 Jan 2011 at 9:08