SIP Core R. Shekh-Yusef, Ed. Internet-Draft Avaya Updates: 3261 (if approved) January 12, 2017 Intended status: Standards Track Expires: July 16, 2017 The Session Initiation Protocol (SIP) Digest Authentication Scheme draft-yusef-sipcore-digest-scheme-05 Abstract This document updates the Digest Access Authentication scheme used by the Session Initiation Protocol (SIP) to add support for SHA2 digest algorithms to replace the MD5 algorithm. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on July 16, 2017. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Shekh-Yusef Expires July 16, 2017 [Page 1] Internet-Draft SIP Digest Authentication January 2017 This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 2. The SIP Digest Authentication Scheme . . . . . . . . . . . . 3 2.1. Hash Algorithms . . . . . . . . . . . . . . . . . . . . . 3 2.2. Representation of Digest Values . . . . . . . . . . . . . 3 2.3. The Authenticate Response Header . . . . . . . . . . . . 4 2.4. The Authorization Request Header . . . . . . . . . . . . 4 2.5. Forking . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.6. HTTP Modifications . . . . . . . . . . . . . . . . . . . 5 3. Augmented BNF for the SIP Protocol . . . . . . . . . . . . . 6 4. Security Considerations . . . . . . . . . . . . . . . . . . . 6 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 7. Normative References . . . . . . . . . . . . . . . . . . . . 7 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction The SIP protocol [RFC3261] uses the same mechanism used by the HTTP protocol for authenticating users, which is a simple challenge- response authentication mechanism that allows a server to challenge a client request and allows a client to provide authentication information in response to that challenge. The SIP protocol uses the Digest Authentication scheme that is used with the HTTP authentication mechanism, which by default uses MD5 as the default algorithm. The HTTP Digest Access Authentication [RFC7616] document defines the Digest Authentication scheme and defines a few algorithms that could be used with the Digest Authentication scheme, and establishes a registry for these algorithms to allow for additional algorithms to be added in the future. Shekh-Yusef Expires July 16, 2017 [Page 2] Internet-Draft SIP Digest Authentication January 2017 This document updates the Digest Access Authentication scheme used by SIP to add support for SHA2 digest algorithms to replace the MD5 algorithm. 1.1. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2. The SIP Digest Authentication Scheme This section describes the modifications to the operation of the Digest mechanism as specified in RFC3261 in order to support the SHA- 256 and SHA-512/256 algorithms as described in [RFC7616], and also to require support for the "qop" option." 2.1. Hash Algorithms The Digest scheme has an 'algorithm' parameter that specifies the algorithm to be used to compute the digest of the response. The IANA registry named "HTTP Digest Hash Algorithms" specifies the algorithms that correspond to 'algorithm' values, and specifies a priority for each algorithm. RFC3261 specifies only one algorithm, MD5, which is used by default. This document adds two new algorithms, to align with the [RFC7616], that SHOULD be used instead of MD5: SHA-256 and SHA-512/256. The priority of the algorithm defines its usage preference. UAs SHOULD prefer algorithms with higher priorities. Note that [RFC7616] defines a -sess variant for each algorithm; the -sess variants are not used with SIP. 2.2. Representation of Digest Values The size of the digest depends on the algorithm used. The bits in the digest are converted from the most significant to the least significant bit, four bits at a time to the ASCII representation as follows. Each four bits is represented by its familiar hexadecimal notation from the characters 0123456789abcdef, that is binary 0000 is represented by the character '0', 0001 by '1' and so on up to the representation of 1111 as 'f'. If the MD5 algorithm is used to calculate the digest, then the digest will be represented as 32 hexadecimal characters, SHA-256 and SHA-512/256 by 64 hexadecimal characters. Shekh-Yusef Expires July 16, 2017 [Page 3] Internet-Draft SIP Digest Authentication January 2017 2.3. The Authenticate Response Header When a UAS receives a request from a UAC, and an acceptable Authorization header is not sent, the UAS can challenge the originator to provide credentials by rejecting the request with a 401/407 status code with the WWW-Authenticate/Proxy-Authenticate header field. The UAS MAY include multiple WWW-Authenticate/Proxy- Authenticate headers to allow the UAS to utilize the best available algorithm supported by the client. If the UAS challenges with multiple WWW-Authenticate/Proxy- Authenticate headers with the same realm, then each one of these headers MUST use a different digest algorithm. The UAS MUST add these headers to the response in the order that it would prefer to see them used, starting with the most preferred algorithm at the top, followed by the less preferred algorithms. 2.4. The Authorization Request Header When the UAC receives a response with multiple headers with the same realm it SHOULD use the topmost header that it supports, unless a local policy dictates otherwise. The client should ignore any challenge it does not understand. When the UAC receives a response with multiple headers with different realms it SHOULD provide all credentials that it possesses that match any one of the challenges. If the UAC cannot respond to any of the challenges in the response, then it should abandon attempts to send the request; e.g., if the UAC does not have credentials for any of the realms. 2.5. Forking RFC3261, section 22.3, discusses the operation of the proxy-to-user authentication, which describes the operation of the proxy when it forks a request. This section introduces some clarification to that operation. If a request is forked, various proxy servers and/or UAs may wish to challenge the UAC. In this case, the forking proxy server is responsible for aggregating these challenges into a single response. Each WWW-Authenticate and Proxy-Authenticate value received in responses to the forked request MUST be placed into the single response that is sent by the forking proxy to the UA. When the forking proxy places multiple WWW-Authenticate and Proxy- Authenticate header fields from one received response into the single Shekh-Yusef Expires July 16, 2017 [Page 4] Internet-Draft SIP Digest Authentication January 2017 response it MUST maintain the order of these header fields. The ordering of the header field values from the various proxies is not significant. 2.6. HTTP Modifications This section describes the modifications and clarifications required to apply the HTTP Digest authentication scheme to SIP. The SIP scheme usage is similar to that for HTTP. SIP clients and servers MUST NOT accept or request Basic authentication. The rules for Digest authentication follow those defined in HTTP, with "HTTP/1.1" replaced by "SIP/2.0" in addition to the following differences: 1. The URI included in the challenge has the following BNF: URI = SIP-URI / SIPS-URI 2. The BNF for digest-uri-value is: digest-uri-value = Request-URI ; as defined in Section 25 3. The example procedure for choosing a nonce based on Etag does not work for SIP. 4. The text in [RFC7616] regarding cache operation does not apply to SIP. 5. [RFC7616] requires that a server check that the URI in the request line and the URI included in the Authorization header field point to the same resource. In a SIP context, these two URIs may refer to different users, due to forwarding at some proxy. Therefore, in SIP, a server MAY check that the Request-URI in the Authorization header field value corresponds to a user for whom the server is willing to accept forwarded or direct requests, but it is not necessarily a failure if the two fields are not equivalent. 6. As a clarification to the calculation of the A2 value for message integrity assurance in the Digest authentication scheme, implementers should assume, when the entity-body is empty (that is, when SIP messages have no body) that the hash of the entity-body resolves to the hash of an empty string: H(entity-body) = chosen-algorithm("") Shekh-Yusef Expires July 16, 2017 [Page 5] Internet-Draft SIP Digest Authentication January 2017 For example, when the chosen algorithm is SHA-256, then: H(entity-body) = SHA-256("") = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" 7. Servers MUST be able to properly handle "qop" parameter received in an authorization header field, and clients MUST be able to properly handle "qop" parameter received in WWW-Authenticate and Proxy-Authenticate header fields. Servers MUST always send a "qop" parameter in WWW-Authenticate and Proxy-Authenticate header field values, and clients MUST send the "qop" parameter in any resulting authorization header field. The usage of the Authentication-Info header field continue to be allowed, since it provides integrity checks over the bodies and provides mutual authentication. 3. Augmented BNF for the SIP Protocol This document updates the Augmented BNF for the SIP Protocol as follows. It extends the request-digest as follows to allow for different digest sizes: request-digest = LDQUOT *LHEX RDQUOT The number of hex digits must be specified by the specification of the algorithm used. It extends the algorithm parameter as follows to allow for SHA2 algorithms to be used: algorithm = "algorithm" EQUAL ( "MD5" / "SHA-512-256" / "SHA-256" / token ) 4. Security Considerations 5. IANA Considerations [RFC7616] defines an IANA registry named "Hash Algorithms for HTTP Digest Authentication" to simplify the introduction of new algorithms in the future. This document will use the algorithms defined in that registry. Shekh-Yusef Expires July 16, 2017 [Page 6] Internet-Draft SIP Digest Authentication January 2017 6. Acknowledgments 7. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, H., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. [RFC7616] Shekh-Yusef, R., Ahrens, D., and S. Bremer, "HTTP Digest Access Authentication", RFC 7616, September 2015. Author's Address Rifaat Shekh-Yusef (editor) Avaya 250 Sidney Street Belleville, Ontario Canada Phone: +1-613-967-5267 EMail: rifaat.ietf@gmail.com Shekh-Yusef Expires July 16, 2017 [Page 7]