<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
to understand properly, do you need to have:<br>
<p
style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:1.0pt;margin-left:0cm"><span
style="font-family:"Calibri","sans-serif"">HA1=SHA(</span><span
style="font-family:"Calibri","sans-serif"">username:realm:password</span><span
style="font-family:"Calibri","sans-serif"">)<o:p></o:p></span><span
style="font-family:"Calibri","sans-serif""><br>
HA2=SHA(method:digestURI)<o:p></o:p></span><br>
<span
style="font-family:"Calibri","sans-serif"">response=SHA(HA1:nonce:HA2)</span><br>
</p>
<p
style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:1.0pt;margin-left:0cm">Perhaps
it can be done with config file scripting, if you are familiar
with transformations and header manipulation. But I think it will
be simpler to extend auth module to support different hashing
algorithm.<br>
</p>
<p
style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:1.0pt;margin-left:0cm">The
code for computing shaX is already in kamailio (used for shaX
transformations), so the change in auth should be about
advertising and detecting when the new algorithm has to be used.<br>
</p>
<p
style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:1.0pt;margin-left:0cm">Cheers,<br>
Daniel<br>
</p>
<br>
<div class="moz-cite-prefix">On 06/05/15 16:28, Mathys Frédéric
wrote:<br>
</div>
<blockquote
cite="mid:07615A203831B840B39D79D932983916716667AD@CHX-EXMBX-01.hq.k.grp"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hello,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">In my scenario with a Kamailio server, I
have a VOIP client connecting to the server which, for some
reasons, cannot calculate MD5 hashes but only SHA. In this
situation, would it be possible to change the authentication
algorithm by either modifying Kamailio scripts or writing an
external module to do that?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">As far as I know, the authentication
response is calculated as follow (standard HTTP Digest
authentication) :<o:p></o:p></p>
<p
style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:1.0pt;margin-left:0cm"><span
style="font-family:"Calibri","sans-serif"">HA1=MD5(</span><span
style="font-family:"Calibri","sans-serif"">username:realm:password</span><span
style="font-family:"Calibri","sans-serif"">)<o:p></o:p></span></p>
<p
style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:1.0pt;margin-left:0cm"><span
style="font-family:"Calibri","sans-serif"">HA2=MD5(method:digestURI)<o:p></o:p></span></p>
<p
style="mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:1.0pt;margin-left:0cm"><span
style="font-family:"Calibri","sans-serif"">response=MD5(HA1:nonce:HA2)<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">For that, I have to save ha1 and ha1b
values in the DB with the SHA function directly (with a
trigger for example), and then change the authentication
method too.<o:p></o:p></p>
<p class="MsoNormal">What is the best solution to do that? Does
a module already exists?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thank you!<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt">Frederic Mathys<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt">System Integration & Validation</span><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a>
Kamailio World Conference, May 27-29, 2015
Berlin, Germany - <a class="moz-txt-link-freetext" href="http://www.kamailioworld.com">http://www.kamailioworld.com</a></pre>
</body>
</html>