pyhss icon indicating copy to clipboard operation
pyhss copied to clipboard
Published 2 months ago verified publisher icon nickvsnetworking

pyHSS Authentication Algorithm using MD5 instead of AKAv1-MD5

Open juan-montero-byd opened this issue 2 years ago • 1 comments

Hi Nick,

I raised an issue to herlesupreeth for an authentication issue, but it might be related to pyHSS. Can you help me check it? Here the details:

After I successfully attach a srsue_zmq container and establish the connectivity towards kamailio's P-CSCF, registration fails with 403 Authentication Failed. I'm using a SIPp client and REGISTER message successfully reaches S-CSCF, but I can see that pyHSS's MAA specifies to use Algorithm MD5 instead of AKAv1-MD5. I have tried to check how to change the algorithm in pyHSS but haven't found where exactly. I also tried to bypass and force the algorithm on scscf.cfg file but 401 is always generated with Algorithm MD5

Besides the default configs in your repo, here are the subscriber provisioning data on pyHSS:

ims_subscriber { "msisdn": "9076543210", "imsi": "001011234567895", "sh_profile": "string", "scscf_timestamp": null, "scscf_realm": "ims.mnc001.mcc001.3gppnetwork.org", "last_modified": "2023-11-10T00:55:11Z", "msisdn_list": "[9076543210]", "ims_subscriber_id": 1, "ifc_path": "default_ifc.xml", "scscf": "sip:scscf.ims.mnc001.mcc001.3gppnetwork.org:6060", "scscf_peer": "scscf.ims.mnc001.mcc001.3gppnetwork.org" }

auc { "batch_name": null, "puk2": null, "misc4": null, "auc_id": 1, "sim_vendor": null, "last_modified": "2023-11-15T23:27:11Z", "esim": false, "lpa": null, "amf": "8000", "pin1": null, "sqn": 1072, "pin2": null, "misc1": null, "iccid": null, "puk1": null, "misc2": null, "imsi": "001011234567895", "misc3": null }

subscriber { "enabled": true, "subscriber_id": 1, "default_apn": 2, "apn_list": "1, 2", "ue_ambr_dl": 0, "nam": 0, "serving_mme": null, "serving_mme_realm": null, "last_modified": "2023-11-14T17:44:32Z", "imsi": "001011234567895", "auc_id": 1, "msisdn": "9076543210", "ue_ambr_ul": 0, "subscribed_rau_tau_timer": 300, "serving_mme_timestamp": null, "serving_mme_peer": null }

scscf.cfg #Select Authorization Algorhithm: #!define REG_AUTH_DEFAULT_ALG "AKAv1-MD5" ##!define REG_AUTH_DEFAULT_ALG "AKAv2-MD5" ##!define REG_AUTH_DEFAULT_ALG "MD5" ##!define REG_AUTH_DEFAULT_ALG "CableLabs-Digest" ##!define REG_AUTH_DEFAULT_ALG "3GPP-Digest" ##!define REG_AUTH_DEFAULT_ALG "TISPAN-HTTP_DIGEST_MD5" #Let the HSS decide ##!define REG_AUTH_DEFAULT_ALG "HSS-Selected"

capture 20231207c.zip

Here the related case with herlesupreeth: https://github.com/herlesupreeth/docker_open5gs/issues/263

Thanks in advance!

juan-montero-byd avatar Dec 07 '23 21:12 juan-montero-byd