candidate in SDP

[csweng]

Hi,
I am tracing aMSN code. In SIP protocol  SDP have candidate
a=candidate:VG3BRDRrIC+M60oq5Xa/Y9drCG4lRDioMGfuzUqQxNE= 1 cmFIjK4XCgDaQri8v/rOVw== UDP 0.830 140.96.112.113 41711

I know this is a  password (base64 encoder) -->  cmFIjK4XCgDaQri8v/rOVw==
but I do not know how get the password.  (Is It get from server or random value)
Have somebody know how generate this password ?
Any help will be appreciated  

Best Regard


 -->obj2--< {1 1 140.96.112.113 41711 {} 0 UDP 0.83 host VG3BRDRrIC+M60oq5Xa/Y9drCG4lRDioMGfuzUqQxNE= cmFIjK4XCgDaQri8v/rOVw==} {3 1 207.46.125.90 51756 140.96.112.113 41711 UDP 0.45 relay QSSnZKWM6kRnzehFd7EJCM+ZMi9JTgMjZfoTW3vSRnA= a73JR3v4blJybyVf5iukhQ==} {1 2 140.96.112.113 40870 {} 0 UDP 0.83 host VG3BRDRrIC+M60oq5Xa/Y9drCG4lRDioMGfuzUqQxNE= cmFIjK4XCgDaQri8v/rOVw==} {3 2 207.46.125.90 49017 140.96.112.113 40870 UDP 0.45 relay QSSnZKWM6kRnzehFd7EJCM+ZMi9JTgMjZfoTW3vSRnA= a73JR3v4blJybyVf5iukhQ==}
[15:20:44] -->candidates--< {1 1 140.96.112.113 41711 {} 0 UDP 0.83 host VG3BRDRrIC+M60oq5Xa/Y9drCG4lRDioMGfuzUqQxNE= cmFIjK4XCgDaQri8v/rOVw==} {3 1 207.46.125.90 51756 140.96.112.113 41711 UDP 0.45 relay QSSnZKWM6kRnzehFd7EJCM+ZMi9JTgMjZfoTW3vSRnA= a73JR3v4blJybyVf5iukhQ==} {1 2 140.96.112.113 40870 {} 0 UDP 0.83 host VG3BRDRrIC+M60oq5Xa/Y9drCG4lRDioMGfuzUqQxNE= cmFIjK4XCgDaQri8v/rOVw==} {3 2 207.46.125.90 49017 140.96.112.113 40870 UDP 0.45 relay QSSnZKWM6kRnzehFd7EJCM+ZMi9JTgMjZfoTW3vSRnA= a73JR3v4blJybyVf5iukhQ==}
[15:20:44] -->SIP (64.4.16.25) SIP/2.0 180 Ringing

v: SIP/2.0/TLS 64.4.16.25:443;branch=z9hG4bK266F69C5.027B2781;branched=TRUE;ms-internal-info="aiRODlbO9OyabF4IJaAkwBpNs2JrgCeyeBQcLbbwAA"

v: SIP/2.0/TLS 140.96.112.88:4438;received=64.4.16.17;ms-received-port=4438;ms-received-cid=1BE35600

Record-Route: <sip:BY2MSG1020601.sip.messenger.msn.com:443;transport=tls;lr;ms-route-sig=ahfr1U2A2JTxWl-gMD8kNOU-Pe6l8CeyeBWmt1cQAA>;tag=4748BD6E19C282B8A0A05B54AF96428F

Max-Forwards: 70

f: <sip:hi_weng@hotmail.com;mepid=D0F4A9F52DE54EB0AA9233C415EDE094;wl-type=1>;tag=6b428811ff;epid=20581e223b

t: "0" <sip:n500_robot_3@hotmail.com>;tag=a6df1cc220

i: 8c3e702602334d45921b9e9436971c6c

CSeq: 1 INVITE

User-Agent: aTSC/0.1

l: 0

-->SIP (64.4.16.25) SIP/2.0 200 OK

v: SIP/2.0/TLS 64.4.16.25:443;branch=z9hG4bK266F69C5.027B2781;branched=TRUE;ms-internal-info="aiRODlbO9OyabF4IJaAkwBpNs2JrgCeyeBQcLbbwAA"

v: SIP/2.0/TLS 140.96.112.88:4438;received=64.4.16.17;ms-received-port=4438;ms-received-cid=1BE35600

Record-Route: <sip:BY2MSG1020601.sip.messenger.msn.com:443;transport=tls;lr;ms-route-sig=ahfr1U2A2JTxWl-gMD8kNOU-Pe6l8CeyeBWmt1cQAA>;tag=4748BD6E19C282B8A0A05B54AF96428F

Max-Forwards: 70

f: <sip:hi_weng@hotmail.com;mepid=D0F4A9F52DE54EB0AA9233C415EDE094;wl-type=1>;tag=6b428811ff;epid=20581e223b

t: "0" <sip:n500_robot_3@hotmail.com>;tag=a6df1cc220

i: 8c3e702602334d45921b9e9436971c6c

CSeq: 1 INVITE

m: "0" <sip:n500_robot_3@hotmail.com:50390;maddr=127.0.0.1;transport=tls>;proxy=replace

User-Agent: aTSC/0.1

c: application/sdp

l: 715



v=0

o=- 0 0 IN IP4 207.46.125.90

s=session

b=CT:99980

t=0 0

m=audio 51756 RTP/AVP 8 0 101

c=IN IP4 207.46.125.90

a=candidate:VG3BRDRrIC+M60oq5Xa/Y9drCG4lRDioMGfuzUqQxNE= 1 cmFIjK4XCgDaQri8v/rOVw== UDP 0.830 140.96.112.113 41711

a=candidate:VG3BRDRrIC+M60oq5Xa/Y9drCG4lRDioMGfuzUqQxNE= 2 cmFIjK4XCgDaQri8v/rOVw== UDP 0.830 140.96.112.113 40870

a=candidate:QSSnZKWM6kRnzehFd7EJCM+ZMi9JTgMjZfoTW3vSRnA= 1 a73JR3v4blJybyVf5iukhQ== UDP 0.450 207.46.125.90 51756

a=candidate:QSSnZKWM6kRnzehFd7EJCM+ZMi9JTgMjZfoTW3vSRnA= 2 a73JR3v4blJybyVf5iukhQ== UDP 0.450 207.46.125.90 49017

[kakaroto]

this is part of the ICE specification, if you don't know how to get the ICE password, then trust me, you are not going to be able to implement ICE by yourself. I suggest you use libnice (http://nice.freedesktop.org) which will handle all the ICE processing. It will generate the username/password for you. It has a MSN compatibility mode.

[csweng]

Thanks a lost kaKaroto  :lol:

[csweng]

Hi!
    I trace libnice source. I find the id (VG3BRDRrIC+M60oq5Xa/Y9drCG4lRDioMGfuzUqQxNE= )and password  (cmFIjK4XCgDaQri8v/rOVw==  ) are random number
Maybe my find is worng for id and number ?
    I using wireshark to log WLM's protocol packet for audio connection. I find stun binding request packet have id, username and message integrity. I went to check the message integrity.
I modify  libnce /stun/tests/test-parser.c for my testing

I using base64dec0oTdrXdoaRDjXy6uXdHcgnHSqyKneYvtTvIubC3rGVk) as username and   base64dec(jcvFxYZDUV6FPDYv+JM9CA )as my password . I get wrong message integrity.
Anybody could help me how get the correct message integrity?
Best Regard.

binding request packet show below

SIP/2.0 200 OK 64.4.16.25
   .
   .
m=audio 30242 RTP/AVP 114 111 112 115 116 4 8 0 97 13 118 101

a=candidate:0oTdrXdoaRDjXy6uXdHcgnHSqyKneYvtTvIubC3rGVk 1 jcvFxYZDUV6FPDYv+JM9CA UDP 0.830 192.168.126.1 9510

a=candidate:0oTdrXdoaRDjXy6uXdHcgnHSqyKneYvtTvIubC3rGVk 2 jcvFxYZDUV6FPDYv+JM9CA UDP 0.830 192.168.126.1 15904

  .
  .

// log packet stun binding request
 binding_request[] =
     {
      0x00, 0x01, 0x00, 0x64,
      0x5a, 0xdd, 0x83, 0x79, //id
      0x63, 0x66, 0x11, 0x2f,
      0xc6, 0xa9, 0xef, 0xa1,
      0x2b, 0x09, 0xa7, 0x5b,      

      0x00, 0x06, 0x00, 0x48, // username
      0xea, 0x11, 0x0e, 0xe5,
      0x9c, 0xc3, 0x74, 0x78,
      0x19, 0x68, 0x34, 0x68,
      0xf7, 0xc7, 0x1d, 0xa3,
      0xbb, 0x3c, 0x33, 0xcc,
      0xa1, 0x4a, 0xf1, 0xa4,
      0x71, 0x75, 0x2b, 0x21,
      0x78, 0x9c, 0x8a, 0xa0,
      0x3a, 0x31, 0x3a, 0xfa,
      0x1c, 0xc7, 0xbe, 0x96,
      0x38, 0xfe, 0xf1, 0x54,
      0xbe, 0xc0, 0x8f, 0x67,
      0x3c, 0x9e, 0xa1, 0x28,
      0x50, 0xcf, 0x24, 0x5b,
      0xb1, 0xef, 0x96, 0xd7,
      0x6a, 0xd8, 0x8b, 0x67,
      0xe7, 0xa1, 0x16, 0x3a,
      0x31, 0x00, 0x00, 0x00,
     
      0x00, 0x08, 0x00, 0x14, // message integrity
      0x54, 0x8e, 0x09, 0x64,
      0x6f, 0x84, 0x9d, 0xbe,
      0xe9, 0xe1, 0x7c, 0xe6,
      0x2c, 0x6c, 0xbf, 0x80,
      0xaa, 0xd3, 0x17, 0x20}   ;

[kakaroto]

as I said before, the id and password are RANDOM, also the message integrity is NOT a base 64 decode.. there is an RFC for this, RFC3489 and RFC5389 .. you just had to do "google stun rfc".. READ THAT RFC! it has all the answers you need, and the code for checking/generating the proper message integrity is NOT a simple base 64 decode..
just... read the rfc... or read the code!

[csweng]

Dear kakaroto,
      I have read RFC3489 . I know message integrity is using HMAC-SHA1 method , it must have a key to generate the message integrity.
      I follow RFC3489 and use libnic/stun/tests/test-parser to testing . I can not get correct message integrity. Could you help me check the
      generate key and encrypt data method are right ?
 
      my step show below  
 
INVITE sip:64.4.16.25
..
m=audio 30242 RTP/AVP 114 111 112 115 116 4 8 0 97 13 118 101

a=candidate:6hEO5ZzDdHgZaDRo98cdo7s8M8yhSvGkcXUrIXiciqA 1 kD+dyAmcRaCPPy3BrdnPYQ UDP 0.830 192.168.126.1 9510
a=candidate:6hEO5ZzDdHgZaDRo98cdo7s8M8yhSvGkcXUrIXiciqA  2  kD+dyAmcRaCPPy3BrdnPYQ  UDP 0.830 192.168.126.1 15904
.
 

I use INVITE packet base64_decode(kD+dyAmcRaCPPy3BrdnPYQ) as encrypt Key  (is right ?)   or I must use md5(username:realm:passwd) as encrypt key, but I can not  find get realm packet in msn packet log.

username =  base64_decode(6hEO5ZzDdHgZaDRo98cdo7s8M8yhSvGkcXUrIXiciqA) + 0x3a, 0x31, 0x3a  +  ramdom(32 bytes)  (as local candidate) + 0x3a,0x31, 0x00, 0x00, 0x00

messenge-integrity = HMAC-SHA1(encrypt-data,key);

encrypt_data  ={
0x00, 0x01, 0x00, 0x64,
0x5a, 0xdd, 0x83, 0x79, //id
0x63, 0x66, 0x11, 0x2f,
0xc6, 0xa9, 0xef, 0xa1,
0x2b, 0x09, 0xa7, 0x5b,
0x00, 0x06, 0x00, 0x48, // username
0xea, 0x11, 0x0e, 0xe5,
0x9c, 0xc3, 0x74, 0x78,
0x19, 0x68, 0x34, 0x68,
0xf7, 0xc7, 0x1d, 0xa3,
0xbb, 0x3c, 0x33, 0xcc,
0xa1, 0x4a, 0xf1, 0xa4,
0x71, 0x75, 0x2b, 0x21,
0x78, 0x9c, 0x8a, 0xa0,
0x3a, 0x31, 0x3a, 0xfa,
0x1c, 0xc7, 0xbe, 0x96,
0x38, 0xfe, 0xf1, 0x54,
0xbe, 0xc0, 0x8f, 0x67,
0x3c, 0x9e, 0xa1, 0x28,
0x50, 0xcf, 0x24, 0x5b,
0xb1, 0xef, 0x96, 0xd7,
0x6a, 0xd8, 0x8b, 0x67,
0xe7, 0xa1, 0x16, 0x3a,
0x31, 0x00, 0x00, 0x00
}


messenge-integrity = {
0x54, 0x8e, 0x09, 0x64,
0x6f, 0x84, 0x9d, 0xbe,
0xe9, 0xe1, 0x7c, 0xe6,
0x2c, 0x6c, 0xbf, 0x80,
0xaa, 0xd3, 0x17, 0x20
}





// log packet stun binding request
binding_request[] =
{
0x00, 0x01, 0x00, 0x64,
0x5a, 0xdd, 0x83, 0x79, //id
0x63, 0x66, 0x11, 0x2f,
0xc6, 0xa9, 0xef, 0xa1,
0x2b, 0x09, 0xa7, 0x5b,

0x00, 0x06, 0x00, 0x48, // username
0xea, 0x11, 0x0e, 0xe5,
0x9c, 0xc3, 0x74, 0x78,
0x19, 0x68, 0x34, 0x68,
0xf7, 0xc7, 0x1d, 0xa3,
0xbb, 0x3c, 0x33, 0xcc,
0xa1, 0x4a, 0xf1, 0xa4,
0x71, 0x75, 0x2b, 0x21,
0x78, 0x9c, 0x8a, 0xa0,
0x3a, 0x31, 0x3a, 0xfa,
0x1c, 0xc7, 0xbe, 0x96,
0x38, 0xfe, 0xf1, 0x54,
0xbe, 0xc0, 0x8f, 0x67,
0x3c, 0x9e, 0xa1, 0x28,
0x50, 0xcf, 0x24, 0x5b,
0xb1, 0xef, 0x96, 0xd7,
0x6a, 0xd8, 0x8b, 0x67,
0xe7, 0xa1, 0x16, 0x3a,
0x31, 0x00, 0x00, 0x00,

0x00, 0x08, 0x00, 0x14, // message integrity
0x54, 0x8e, 0x09, 0x64,
0x6f, 0x84, 0x9d, 0xbe,
0xe9, 0xe1, 0x7c, 0xe6,
0x2c, 0x6c, 0xbf, 0x80,
0xaa, 0xd3, 0x17, 0x20} ;

Best Regard,

[kakaroto]

ok, here's your answer : USE LIBNICE! why are you wasting your time (and mine?) trying to do what libnice does already...
and NO, you did not read the RFC, because the RFC tells you EXACTLY how to compute the message integrity, if you can't even read an RFC and understand what needs to be done, how the hell are you planning on implementing a ICE agent??
STUN is for babies, it's damn easy.. but ICE is crazy and more than 100 pages where every little word is important.. if you can't do something as simply as message integrity, then FORGET ABOUT IT... libnice is available, it's LGPL, and IT WOKRS, so just use it instead of wasting everyone time!
(did you forget about changing the size of the packet in the stun header before doing sha1? did you add the correct padding to it ?  )