I am testing VoLTE between Kamailio and several smart phones. The phones requested re-synchronization from time to time. However, I found the one phone could not re-syn while the other phones could. The main difference is that this phone send "auts" with no "response", and other phone requested re-sync with a "response". Here is the comparison of two typical Authorization attribute:
1, no response:
Authorization:
Authentication Scheme: Digest
Nonce Value: "ruyNeVizArzCYHL7P8RARxEImZpylYAAzrS+UZA9LS4="
Algorithm: AKAv1-MD5,response=""
QOP: auth,cnonce="86340c0486340c24"
Nonce Count: 00000001,auts="UNjSbCZ9C8A7gHq2ngE="
2, no response:
Authorization:
Authentication Scheme: Digest
Nonce Value: "XA2hWJsI0H1ElQORsxX9KjaGlvSLNIAAqUhXhX7iIgw="
Digest Authentication Response: "6ebd7700739d5e6d4f8d3c7009147fa3"
QOP: auth,nc=00000001,cnonce="dsf232sun603405704xyx"
Authentication Token: "F3k9aD3/Zd7ijAeKiWw="
I think the problem lies in module ims_auth. On line 784 of kamailio/src/modules/ims_auth/authorize.c:
if (!get_nonce_response(msg, &username, realm, &nonce, &response16, &qop, &qop_str, &nc, &cnonce, &uri, is_proxy_auth) ||
!nonce.len || !response16.len) {
LM_DBG("Nonce or response missing: nonce len [%i], response16 len[%i]\n", nonce.len, response16.len);
return AUTH_ERROR;
}
Basically the code skip re-sync request and return auth failure when "response" is empty. So the IMS server doesn't update SQN with UE and it responds 401 challenge with a old SQN. Re-synchronization can never succeed then.
if (!get_nonce_response(msg, &username, realm, &nonce, &response16, &qop, &qop_str, &nc, &cnonce, &uri, is_proxy_auth) ||
!nonce.len ) {
I hope I didn't miss anything else and won't cause other problem.