From c25cf594d4e399b9981eb39bfa44e7bc918aeea7 Mon Sep 17 00:00:00 2001
From: Andreas Eversberg <jolly@eversberg.eu>
Date: Tue, 23 Apr 2024 15:43:10 +0200
Subject: [PATCH] Add support for IMS AKA authentication configuration

---
 include/asterisk/res_pjsip.h                  | 13 ++++++++++++-
 res/res_pjsip/config_auth.c                   | 14 +++++++++++++-
 res/res_pjsip_outbound_authenticator_digest.c |  5 +++++
 3 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/include/asterisk/res_pjsip.h b/include/asterisk/res_pjsip.h
index b320cff525..ba919f6caf 100644
--- a/include/asterisk/res_pjsip.h
+++ b/include/asterisk/res_pjsip.h
@@ -563,7 +563,9 @@ enum ast_sip_auth_type {
 	/*! Google Oauth */
 	AST_SIP_AUTH_TYPE_GOOGLE_OAUTH,
 	/*! Credentials not stored this is a fake auth */
-	AST_SIP_AUTH_TYPE_ARTIFICIAL
+	AST_SIP_AUTH_TYPE_ARTIFICIAL,
+	/*! Credentials stored as a username and RES combination */
+	AST_SIP_AUTH_TYPE_IMS_AKA
 };
 
 #define SIP_SORCERY_AUTH_TYPE "auth"
@@ -578,6 +580,9 @@ struct ast_sip_auth {
 		AST_STRING_FIELD(auth_user);
 		/*! Authentication password */
 		AST_STRING_FIELD(auth_pass);
+		/*! IMS Authentication password */
+		char ims_res[8];
+		int ims_res_len;
 		/*! Authentication credentials in MD5 format (hash of user:realm:pass) */
 		AST_STRING_FIELD(md5_creds);
 		/*! Refresh token to use for OAuth authentication */
@@ -586,7 +591,13 @@ struct ast_sip_auth {
 		AST_STRING_FIELD(oauth_clientid);
 		/*! Secret to use for OAuth authentication */
 		AST_STRING_FIELD(oauth_secret);
+		/*! Use USIM emulation with these parameters */
+		AST_STRING_FIELD(usim_opc);
+		AST_STRING_FIELD(usim_k);
+		AST_STRING_FIELD(usim_sqn);
 	);
+	/*! Use AMI interface for communication with USIM (instead of emulation) */
+	unsigned int usim_ami;
 	/*! The time period (in seconds) that a nonce may be reused */
 	unsigned int nonce_lifetime;
 	/*! Used to determine what to use when authenticating */
diff --git a/res/res_pjsip/config_auth.c b/res/res_pjsip/config_auth.c
index 2350140f53..a8b06d59df 100644
--- a/res/res_pjsip/config_auth.c
+++ b/res/res_pjsip/config_auth.c
@@ -63,6 +63,8 @@ static int auth_type_handler(const struct aco_option *opt, struct ast_variable *
 		ast_log(LOG_WARNING, "OAuth support is not available in the version of PJSIP in use\n");
 		return -1;
 #endif
+	} else if (!strcasecmp(var->value, "ims_aka")) {
+		auth->type = AST_SIP_AUTH_TYPE_IMS_AKA;
 	} else {
 		ast_log(LOG_WARNING, "Unknown authentication storage type '%s' specified for %s\n",
 				var->value, var->name);
@@ -74,7 +76,8 @@ static int auth_type_handler(const struct aco_option *opt, struct ast_variable *
 static const char *auth_types_map[] = {
 	[AST_SIP_AUTH_TYPE_USER_PASS] = "userpass",
 	[AST_SIP_AUTH_TYPE_MD5] = "md5",
-	[AST_SIP_AUTH_TYPE_GOOGLE_OAUTH] = "google_oauth"
+	[AST_SIP_AUTH_TYPE_GOOGLE_OAUTH] = "google_oauth",
+	[AST_SIP_AUTH_TYPE_IMS_AKA] = "ims_aka"
 };
 
 const char *ast_sip_auth_type_to_str(enum ast_sip_auth_type type)
@@ -126,6 +129,7 @@ static int auth_apply(const struct ast_sorcery *sorcery, void *obj)
 		break;
 	case AST_SIP_AUTH_TYPE_USER_PASS:
 	case AST_SIP_AUTH_TYPE_ARTIFICIAL:
+	case AST_SIP_AUTH_TYPE_IMS_AKA:
 		break;
 	}
 
@@ -395,6 +399,14 @@ int ast_sip_initialize_sorcery_auth(void)
 			"", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, realm));
 	ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "nonce_lifetime",
 			"32", OPT_UINT_T, 0, FLDSET(struct ast_sip_auth, nonce_lifetime));
+	ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "usim_ami",
+			"no", OPT_BOOL_T, 0, FLDSET(struct ast_sip_auth, usim_ami));
+	ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "usim_opc",
+			"", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, usim_opc));
+	ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "usim_k",
+			"", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, usim_k));
+	ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "usim_sqn",
+			"", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, usim_sqn));
 	ast_sorcery_object_field_register_custom(sorcery, SIP_SORCERY_AUTH_TYPE, "auth_type",
 			"userpass", auth_type_handler, auth_type_to_str, NULL, 0, 0);
 
diff --git a/res/res_pjsip_outbound_authenticator_digest.c b/res/res_pjsip_outbound_authenticator_digest.c
index aee4afc90e..2420b2261a 100644
--- a/res/res_pjsip_outbound_authenticator_digest.c
+++ b/res/res_pjsip_outbound_authenticator_digest.c
@@ -314,6 +314,11 @@ static pj_status_t set_outbound_authentication_credentials(pjsip_auth_clt_sess *
 			pj_cstr(&auth_cred.data, auth->auth_pass);
 			auth_cred.data_type = PJSIP_CRED_DATA_PLAIN_PASSWD;
 			break;
+		case AST_SIP_AUTH_TYPE_IMS_AKA:
+			auth_cred.data.ptr = auth->ims_res;
+			auth_cred.data.slen = auth->ims_res_len;
+			auth_cred.data_type = PJSIP_CRED_DATA_PLAIN_PASSWD;
+			break;
 		case AST_SIP_AUTH_TYPE_MD5:
 			pj_cstr(&auth_cred.data, auth->md5_creds);
 			auth_cred.data_type = PJSIP_CRED_DATA_DIGEST;