GB35114

GB35114 简单理解

示例数据

SIP上级平台信息

SIP服务编码： 11010000002000000001

SIP服务域： 1101000000

SIP服务IP：10.2.64.180

SIP服务端口：5060

SIP下级信息

设备SIP编码: 11010000001320000211

设备SIP域: 1101000000

设备IP: 10.2.64.101

设备SIP端口: 5060

# 注册

# 单向认证

# 流程示意图

信令

# 1.首次注册

REGISTER sip:11010000002000000001@10.2.64.180:5060 SIP/2.0
Via: SIP/2.0/UDP 10.2.64.101:5060;rport;branch=z9hG4bK339559691
From: <sip:11010000001320000211@10.2.64.101:5060>;tag=552151529
To: <sip:11010000001320000211@10.2.64.101:5060>
Call-ID: 1642492311
CSeq: 1 REGISTER
Contact: <sip:11010000001320000211@10.2.64.101:5060>
Max-Forwards: 70
User-Agent: agent
Expires: 3600
Authorization: Capability  algorithm="A:SM2;H:SM3;S:SM4/OFB/PKCS5;SI:SM3-SM2", keyversion="2021-06-11T14:21:34"
Content-Length: 0

添加头 Authorization 值（Scheme）Capability:

携带参数：

algorithm "A:SM2;H:SM3;S:SM4/OFB/PKCS5;SI:SM3-SM2"
- A : 非对称算法描述,取值为设备支持的非对称算法，多种算法之间用逗号分隔。例如：A:SM2;
- H : 杂凑算法描述,取值为设备支持的杂凑算法，多种算法之间用逗号分隔。例如：H:SM3
- S : 对称算法描述，取值为设备支持的对称算法／模式／填充方式，多种算法之间用逗号分隔。例如：S:SM4/OFB/PKCS5
- SI : 签名算法的描述。例如：SI:SM3-SM2
keyversion : 秘钥版本

# 2.响应401

SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.2.64.101:5060;rport=5060;branch=z9hG4bK339559691
From: <sip:11010000001320000211@10.2.64.101:5060>;tag=552151529
To: <sip:11010000001320000211@10.2.64.101:5060>;tag=2050236306
Call-ID: 1642492311
CSeq: 1 REGISTER
User-Agent: JCZX-GBVAG
WWW-Authenticate: Unidirection algorithm="A:SM2;H:SM3;S:SM4/OFB/PKCS5;SI:SM3-SM2",random1="NjcwMDY3NjcwMDY3NjcwMDY3NjcwMDY3"
Content-Length: 0

添加头 WWW-Authenticate 值（Scheme）Unidirection

携带参数：

random1 ： SIP服务器随机数
algorithm ：服务器使用的安全算法

# 3.再次注册

REGISTER sip:11010000002000000001@10.2.64.180:5060 SIP/2.0
Via: SIP/2.0/UDP 10.2.64.101:5060;rport;branch=z9hG4bK819567731
From: <sip:11010000001320000211@10.2.64.101:5060>;tag=552151529
To: <sip:11010000001320000211@10.2.64.101:5060>
Call-ID: 1642492311
CSeq: 2 REGISTER
Contact: <sip:11010000001320000211@10.2.64.101:5060>
Max-Forwards: 70
User-Agent: agent
Expires: 3600
Authorization: Unidirection algorithm="A:SM2;H:SM3;S:SM4/OFB/PKCS5,SM1/OFB/PKCS5;SI:SM3-SM2", sign1="MEUCIEKmV87g1h4+0q1oYek6imcwrhHanuWEvdxpHGlJWVtNAiEAou0BOVldDJhHIprbtmAPxNFs3kWnJwe2twKmFwttNAI=", random2="CTcRaIUdJ9xgiNV+sCjxGw==", random1="NjcwMDY3NjcwMDY3NjcwMDY3NjcwMDY3", serverid="11010000002000000001", deviceid="11010000001320000211"
Content-Length: 0

添加头 Authorization 值（Scheme）Unidirection

携带参数：

algorithm 采用的安全算法
sign1 sign(random2+random1+serverid)
random2 FDWSF生成随机数
random1 SIP服务器随机数
serverid SIP服务器ID

# 4.注册成功

SIP/2.0 200 OK
Via: SIP/2.0/UDP 10.2.64.101:5060;rport=5060;branch=z9hG4bK819567731
From: <sip:11010000001320000211@10.2.64.101:5060>;tag=552151529
To: <sip:11010000001320000211@10.2.64.101:5060>;tag=958442107
Call-ID: 1642492311
CSeq: 2 REGISTER
User-Agent: JCZX-GBVAG
SecurityInfo: Unidirection cryptkey="MHkCIQCfe8tHLkEsunWqxM+L8P+eJmSv9/Ofc1ZcZ2m/Lu5E8wIgLcEDgu1vAuetlgtYh3E61vY6L7WjhkWeNYZgdQXCN2EEIBHnR/qvF1D4y39oHnLR+4HxkK7fty53BAQj9/Voo3dTBBALVg5CJSKiOrUnu3n/pKaT",algorithm="A:SM2;H:SM3"
Date: 2021-06-11T14:21:35.100
Expires: 3600
Content-Length: 0

响应头 SecurityInfo 值（Scheme）Unidirection

携带参数：

cryptkey base64(VKEK公钥加密)
algorithm 采用的安全算法

# 双向认证

# 流程示意图

信令

# 1.首次注册

REGISTER sip:11010000002000000001@10.2.64.180:5060 SIP/2.0
Via: SIP/2.0/UDP 10.2.64.101:5060;rport;branch=z9hG4bK1486647237
From: <sip:11010000001320000211@10.2.64.101:5060>;tag=2046396740
To: <sip:11010000001320000211@10.2.64.101:5060>
Call-ID: 1790410176
CSeq: 1 REGISTER
Contact: <sip:11010000001320000211@10.2.64.101:5060>
Max-Forwards: 70
User-Agent: agent
Expires: 3600
Authorization: Capability  algorithm="A:SM2;H:SM3;S:SM4/OFB/PKCS5;SI:SM3-SM2", keyversion="2021-06-11T14:26:11"
Content-Length: 0

同单向认证

# 2.响应401

SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.2.64.101:5060;rport=5060;branch=z9hG4bK1486647237
From: <sip:11010000001320000211@10.2.64.101:5060>;tag=2046396740
To: <sip:11010000001320000211@10.2.64.101:5060>;tag=520744638
Call-ID: 1790410176
CSeq: 1 REGISTER
User-Agent: JCZX-GBVAG
WWW-Authenticate: Bidirection algorithm="A:SM2;H:SM3;S:SM4/OFB/PKCS5;SI:SM3-SM2",random1="MmUwMDJlMmUwMDJlMmUwMDJlMmUwMDJl"
Content-Length: 0

添加头 WWW-Authenticate 值（Scheme）Bidirection

携带参数：

random1 ： SIP服务器随机数
algorithm ：服务器使用的安全算法

# 3.再次注册

REGISTER sip:11010000002000000001@10.2.64.180:5060 SIP/2.0
Via: SIP/2.0/UDP 10.2.64.101:5060;rport;branch=z9hG4bK1410715500
From: <sip:11010000001320000211@10.2.64.101:5060>;tag=2046396740
To: <sip:11010000001320000211@10.2.64.101:5060>
Call-ID: 1790410176
CSeq: 2 REGISTER
Contact: <sip:11010000001320000211@10.2.64.101:5060>
Max-Forwards: 70
User-Agent: agent
Expires: 3600
Authorization: Bidirection algorithm="A:SM2;H:SM3;S:SM4/OFB/PKCS5,SM1/OFB/PKCS5;SI:SM3-SM2", sign1="MEYCIQCrEAEaOLtBrfAypnRWyH4sCrTkr0hcTATyGq+3IDacvQIhANIN5hRvvnn4emg6Gk33UkeP71LDF6uTigoFHOjAzCfS", random2="5n6TL3SAh90tENzdalRFDg==", random1="MmUwMDJlMmUwMDJlMmUwMDJlMmUwMDJl", serverid="11010000002000000001", deviceid="11010000001320000211"
Content-Length: 0

添加头 Authorization 值（Scheme）Bidirection:

携带参数：

algorithm 采用的安全算法
sign1 sign(random2+random1+serverid)
random2 FDWSF生成随机数
random1 SIP服务器随机数
serverid SIP服务器ID

# 4.注册成功

SIP/2.0 200 OK
Via: SIP/2.0/UDP 10.2.64.101:5060;rport=5060;branch=z9hG4bK1410715500
From: <sip:11010000001320000211@10.2.64.101:5060>;tag=2046396740
To: <sip:11010000001320000211@10.2.64.101:5060>;tag=1509534134
Call-ID: 1790410176
CSeq: 2 REGISTER
User-Agent: JCZX-GBVAG
SecurityInfo: Bidirection random1="MmUwMDJlMmUwMDJlMmUwMDJlMmUwMDJl",random2="5n6TL3SAh90tENzdalRFDg==",deviceid="11010000001320000211",cryptkey="MHkCIQCfe8tHLkEsunWqxM+L8P+eJmSv9/Ofc1ZcZ2m/Lu5E8wIgLcEDgu1vAuetlgtYh3E61vY6L7WjhkWeNYZgdQXCN2EEIJDOIrrHKjogmak5o4tbslsLjXMgxXS14l1ILfuwSt6KBBAOXg5CICqnMrUnvnH6rKaT",sign2="MEQCIF9wHGMwj+aoR/5UwENOpRH+4TTOftFYr5c6p0SCjvi8AiAmkRfeJ6bW5cQYkWf6HQMVe9LwT/rCTcer4NOSUSBqpw==",algorithm="A:SM2;H:SM3;S:SM4/OFB/PKCS5;SI:SM3-SM2"
Date: 2021-06-11T14:26:12.100
Expires: 3600
Content-Length: 0

响应头 SecurityInfo 值（Scheme）Bidirection

携带参数

cryptkey = base64(VKEK公钥加密)
random1 SIP服务器随机数
random2 FDWSF生成随机数
deviceid FDWSF ID
serverid SIP服务器ID
algorithm 采用的安全算法
sign2 = sign(random1+random2+deviceid+cryptkey)

上次更新: 2024/11/05, 08:29:31

← GB28181 SM2工具类→