#19 Simple Early-IMS Authentication Always failing

[Midimistro]

I am working on a research project that requires the use of an IMS Server, but it needed to be configurable, easy to use, and free, like OpenIMSCore. OpenIMSCore seems to be set up correctly, but I am having trouble registering my phone to OpenIMSCore using Early-IMS (since the phone refuses to respond to challenges made to it).

I've searched this over and over, but I can't seem to figure out why I can't get my iPhone 6S+ (which has a Gemalto Test SIM in it), to register with OpenIMSCore. I've checked all of the mailing lists here on OpenIMSCore's sourceforge and tried all of the recommendations in the said mailing list, but regardless what I do, the same following error still appears in red in my scscf terminal:
"ERR:S-CSCF:pack_challenge: not implemented for algorithm Early-IMS"

I provided an image of the terminal error, as well as my FHoSS IMPI for that client. Boghe and an Agilent E6696A Client can connect to it no problem (through normal authentication), but I need to use Early-IMS since normal authentication doesn't seem to be working for my current iPhone setup.

Please note that I have two domains I am running (intending to run side by side, simultaineously):

1. the default: open-ims.test
2. Mine domain: ims.mnc01.mcc001.3gppnetwork.org (not sure if I have fully implemented this one properly).

If you need any additional information or files, please let me know.

Please note I am using the most recent version of everything available (except Ubuntu, which I am using 14.04), including OpenIMSCore itself, so I would think that this shouldn't be much of an issue. It might be the fact that I am trying to use two domains simultaneously, or that 3gppnetwork is not fully implemented (at least with HSS)?

Getting over this hurdle would really help out my research project as this authentication issue is the only thing standing in our way of testing and collecting data (assuming we don't run into any additional issues).

[Midimistro]

Looks like I found a way around it using AKAv1, but the problem is that there is no documentation on changing the RES length and Authentication type so that it accepts our Gemalto test SIM and the SIM responds (doesn't respond if RES lengths don't match).

I need to adjust RES to a length of 8 bytes and the algorithm needs to be Milenage. How would I go about adjusting OpenIMSCore properly? I assume it would involve the scscsf module "registration.c", but I don't know enough about your code to mess with it in that great of detail.

Any help would be appreciated.

[Dragos Vingarzan]

Hi,

first, I am since a very long time not working on the project anymore, so
I'd recommend you move to using the Kamailio IMS, where the modules have
been imported.

Then regarding Early-IMS, there is no challenge, so something is probably
not configured right. Early-IMS shall just identify the user by IP and
directly answer with 200OK

Then you're asking about the challenge, so not Early-IMS, but AKA. That
part would be in the HSS, as that is where the Auth-Vectors are generated,
not in S-CSCF, I think...

Cheers,
-Dragos

On Fri, Sep 15, 2017 at 9:38 PM, Midimistro midimistro@users.sf.net wrote:

Looks like I found a way around it, but the problem is that there is no
documentation on changing the Res value and Authentication type so that it
accepts our Gemalto test SIM.

I need to adjust RES to a length of 8 bytes and the algorithm needs to be
Milenage. How would I go about adjusting OpenIMSCore properly? I assume it
would involve the scscsf module "registration.c"

Any help would be appreciated.

• [issues:#19] https://sourceforge.net/p/openimscore/issues/19/ Simple
  Early-IMS Authentication Always failing*

Status: open
Milestone: 1.0
Labels: early-ims
Created: Thu Sep 14, 2017 08:22 PM UTC by Midimistro
Last Updated: Thu Sep 14, 2017 08:22 PM UTC
Owner: Dragos Vingarzan
Attachments:

• Early-IMS Error.png
  https://sourceforge.net/p/openimscore/issues/19/attachment/Early-IMS%20Error.png
  (242.2 kB; image/png)

I am working on a research project that requires the use of an IMS Server,
but it needed to be configurable, easy to use, and free, like OpenIMSCore.
OpenIMSCore seems to be set up correctly, but I am having trouble
registering my phone to OpenIMSCore using Early-IMS (since the phone
refuses to respond to challenges made to it).

I've searched this over and over, but I can't seem to figure out why I
can't get my iPhone 6S+ (which has a Gemalto Test SIM in it), to register
with OpenIMSCore. I've checked all of the mailing lists here on
OpenIMSCore's sourceforge and tried all of the recommendations in the said
mailing list, but regardless what I do, the same following error still
appears in red in my scscf terminal:
"ERR:S-CSCF:pack_challenge: not implemented for algorithm Early-IMS"

I provided an image of the terminal error, as well as my FHoSS IMPI for
that client. Boghe and an Agilent E6696A Client can connect to it no
problem (through normal authentication), but I need to use Early-IMS since
normal authentication doesn't seem to be working for my current iPhone
setup.

Please note that I have two domains I am running (intending to run side by
side, simultaineously):
1. the default: open-ims.test
2. Mine domain: ims.mnc01.mcc001.3gppnetwork.org (not sure if I have
fully implemented this one properly).

If you need any additional information or files, please let me know.

Please note I am using the most recent version of everything available
(except Ubuntu, which I am using 14.04), including OpenIMSCore itself, so I
would think that this shouldn't be much of an issue. It might be the fact
that I am trying to use two domains simultaneously, or that 3gppnetwork is
not fully implemented (at least with HSS)?

Getting over this hurdle would really help out my research project as this
authentication issue is the only thing standing in our way of testing and
collecting data (assuming we don't run into any additional issues).

---

Sent from sourceforge.net because you indicated interest in
https://sourceforge.net/p/openimscore/issues/19/

To unsubscribe from further messages, please visit
https://sourceforge.net/auth/subscriptions/

--
Dragos Vingarzan

[Midimistro]

Dragos,

I've tried the VM for Kamailio IMS, but its so broken apart that I'm not sure if I can fix all of its issues. For example, the FHoSS interface won't search anything, so I have no way of adding my user until I can figure out what is failing. I also can't get Kamailio's scscf module to respond to Fokus.

In terms of OpenIMSCore, I have found that I can register my phone using AKAv1 or AKAv2, but OpenIMScore fails halfway through the registration process because of an XMAC!=MAC error from the HSS shell script, startup.sh. You wouldn't happen to know the issue behind this error? I have searched it and part of it may be that I can't use the default 0ed values for OP and AMF. If thats the case, is there any way around it or would you know anyone who would?

EDIT 1:
I've figured out that I need to set AMF to Zero In Fokus due to a bug in Fokus. That solved the registration problem... That being said, likely because I am using "ims.mnc01.mcc001.3gppnetwork.org" instead of "open-ims.test" for the domain (open-ims.test is still HSS default), I think that the services are not available as I am getting a 403 Dialog not found on S-CSCF or Terminating user not suitable for unregisted services error when I attempt a call using an account with the ims.mnc01.mcc001.3gppnetwork.org domain.

Help with either software is much appreciated.

Thank you.

Regards,

Midimistro