SIP authentication¶
SIPp supports SIP authentication. Two authentication algorithm are supported: Digest/MD5 (“algorithm=”MD5””) and Digest/AKA (“algorithm=”AKAv1-MD5””, as specified by 3GPP for IMS).
Enabling authentication is simple. When receiving a 401 (Unauthorized) or a 407 (Proxy Authentication Required), you must add auth=”true” in the <recv> command to take the challenge into account. Then, the authorization header can be re-injected in the next message by using [authentication] keyword.
Computing the authorization header is done through the usage of the “[authentication]” keyword. Depending on the algorithm (“MD5” or “AKAv1-MD5”), different parameters must be passed next to the authentication keyword:
Digest/MD5 (example: [authentication username=joe password=schmo])
- username : username: if no username is specified, the username is taken from the ‘-au’ (authentication username) or ‘-s’ (service) command line parameter
- password : password: if no password is specified, the password is taken from the ‘-ap’ (authentication password) command line parameter
Digest/AKA: (example: [authentication username=HappyFeet aka_OP=0xCDC202D5123E20F62B6D676AC72CB318 aka_K=0x465B5CE8B199B49FAA5F0A2EE238A6BC aka_AMF=0xB9B9])
- username : username: if no username is specified, the username is taken from the ‘-au’ (authentication username) or ‘-s’ (service) command line parameter
- aka_K : Permanent secret key. If no aka_K is provided, the “password” attributed is used as aka_K.
- aka_OP : OPerator variant key
- aka_AMF : Authentication Management Field (indicates the algorithm and key in use)
In case you want to use authentication with a different username/password or aka_K for each call, you can do this:
Make a CSV like this:
SEQUENTIAL User0001;[authentication username=joe password=schmo] User0002;[authentication username=john password=smith] User0003;[authentication username=betty password=boop]
And an XML like this (the [field1] will be substituted with the full auth string, which is the processed as a new keyword):
<send retrans="500"> <![CDATA[ REGISTER sip:[remote_ip] SIP/2.0 Via: SIP/2.0/[transport] [local_ip]:[local_port] To: <sip:[field0]@sip.com:[remote_port]> From: <sip:[field0]@[remote_ip]:[remote_port]> Contact: <sip:[field0]@[local_ip]:[local_port]>;transport=[transport] [field1] Expires: 300 Call-ID: [call_id] CSeq: 2 REGISTER Content-Length: 0 ]]> </send>
Example:
<recv response="407" auth="true">
</recv>
<send>
<![CDATA[
ACK sip:[service]@[remote_ip]:[remote_port] SIP/2.0
Via: SIP/2.0/[transport] [local_ip]:[local_port]
From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[call_number]
To: sut <sip:[service]@[remote_ip]:[remote_port]>[peer_tag_param]
Call-ID: [call_id]
CSeq: 1 ACK
Contact: sip:sipp@[local_ip]:[local_port]
Max-Forwards: 70
Subject: Performance Test
Content-Length: 0
]]>
</send>
<send retrans="500">
<![CDATA[
INVITE sip:[service]@[remote_ip]:[remote_port] SIP/2.0
Via: SIP/2.0/[transport] [local_ip]:[local_port]
From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[call_number]
To: sut <sip:[service]@[remote_ip]:[remote_port]>
Call-ID: [call_id]
CSeq: 2 INVITE
Contact: sip:sipp@[local_ip]:[local_port]
[authentication username=foouser]
Max-Forwards: 70
Subject: Performance Test
Content-Type: application/sdp
Content-Length: [len]
v=0
o=user1 53655765 2353687637 IN IP[local_ip_type] [local_ip]
s=-
t=0 0
c=IN IP[media_ip_type] [media_ip]
m=audio [media_port] RTP/AVP 0
a=rtpmap:0 PCMU/8000
]]>
</send>