Asterisk - The Open Source Telephony Project GIT-master-8f1982c
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Macros Modules Pages
Enumerations | Functions
res_stir_shaken.h File Reference
#include "asterisk/sorcery.h"
Include dependency graph for res_stir_shaken.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Enumerations

enum  ast_stir_shaken_as_response_code {
  AST_STIR_SHAKEN_AS_SUCCESS = 0 , AST_STIR_SHAKEN_AS_DISABLED , AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS , AST_STIR_SHAKEN_AS_MISSING_PARAMETERS ,
  AST_STIR_SHAKEN_AS_INTERNAL_ERROR , AST_STIR_SHAKEN_AS_NO_TN_FOR_CALLERID , AST_STIR_SHAKEN_AS_NO_PRIVATE_KEY_AVAIL , AST_STIR_SHAKEN_AS_NO_PUBLIC_CERT_URL_AVAIL ,
  AST_STIR_SHAKEN_AS_NO_ATTEST_LEVEL , AST_STIR_SHAKEN_AS_IDENTITY_HDR_EXISTS , AST_STIR_SHAKEN_AS_NO_TO_HDR , AST_STIR_SHAKEN_AS_TO_HDR_BAD_URI ,
  AST_STIR_SHAKEN_AS_SIGN_ENCODE_FAILURE , AST_STIR_SHAKEN_AS_RESPONSE_CODE_MAX
}
 
enum  ast_stir_shaken_vs_response_code {
  AST_STIR_SHAKEN_VS_SUCCESS = 0 , AST_STIR_SHAKEN_VS_DISABLED , AST_STIR_SHAKEN_VS_INVALID_ARGUMENTS , AST_STIR_SHAKEN_VS_INTERNAL_ERROR ,
  AST_STIR_SHAKEN_VS_NO_IDENTITY_HDR , AST_STIR_SHAKEN_VS_NO_DATE_HDR , AST_STIR_SHAKEN_VS_DATE_HDR_PARSE_FAILURE , AST_STIR_SHAKEN_VS_DATE_HDR_EXPIRED ,
  AST_STIR_SHAKEN_VS_NO_JWT_HDR , AST_STIR_SHAKEN_VS_INVALID_OR_NO_X5U , AST_STIR_SHAKEN_VS_CERT_CACHE_MISS , AST_STIR_SHAKEN_VS_CERT_CACHE_INVALID ,
  AST_STIR_SHAKEN_VS_CERT_CACHE_EXPIRED , AST_STIR_SHAKEN_VS_CERT_RETRIEVAL_FAILURE , AST_STIR_SHAKEN_VS_CERT_CONTENTS_INVALID , AST_STIR_SHAKEN_VS_CERT_NOT_TRUSTED ,
  AST_STIR_SHAKEN_VS_CERT_DATE_INVALID , AST_STIR_SHAKEN_VS_CERT_NO_TN_AUTH_EXT , AST_STIR_SHAKEN_VS_CERT_NO_SPC_IN_TN_AUTH_EXT , AST_STIR_SHAKEN_VS_NO_RAW_KEY ,
  AST_STIR_SHAKEN_VS_SIGNATURE_VALIDATION , AST_STIR_SHAKEN_VS_NO_IAT , AST_STIR_SHAKEN_VS_IAT_EXPIRED , AST_STIR_SHAKEN_VS_INVALID_OR_NO_PPT ,
  AST_STIR_SHAKEN_VS_INVALID_OR_NO_ALG , AST_STIR_SHAKEN_VS_INVALID_OR_NO_TYP , AST_STIR_SHAKEN_VS_INVALID_OR_NO_GRANTS , AST_STIR_SHAKEN_VS_INVALID_OR_NO_ATTEST ,
  AST_STIR_SHAKEN_VS_NO_ORIGID , AST_STIR_SHAKEN_VS_NO_ORIG_TN , AST_STIR_SHAKEN_VS_CID_ORIG_TN_MISMATCH , AST_STIR_SHAKEN_VS_NO_DEST_TN ,
  AST_STIR_SHAKEN_VS_INVALID_HEADER , AST_STIR_SHAKEN_VS_INVALID_GRANT , AST_STIR_SHAKEN_VS_INVALID_OR_NO_CID , AST_STIR_SHAKEN_VS_RESPONSE_CODE_MAX
}
 
enum  stir_shaken_failure_action_enum {
  stir_shaken_failure_action_UNKNOWN = -1 , stir_shaken_failure_action_CONTINUE = 0 , stir_shaken_failure_action_REJECT_REQUEST , stir_shaken_failure_action_CONTINUE_RETURN_REASON ,
  stir_shaken_failure_action_NOT_SET
}
 

Functions

int ast_stir_shaken_add_result_to_channel (struct ast_stir_shaken_vs_ctx *ctx)
 Add a STIR/SHAKEN verification result to a channel. More...
 
enum ast_stir_shaken_as_response_code ast_stir_shaken_as_ctx_add_fingerprint (struct ast_stir_shaken_as_ctx *ctx, const char *alg, const char *fingerprint)
 Add DTLS fingerprints to AS context. More...
 
enum ast_stir_shaken_as_response_code ast_stir_shaken_as_ctx_create (const char *caller_id, const char *dest_tn, struct ast_channel *chan, const char *profile_name, const char *tag, struct ast_stir_shaken_as_ctx **ctxout)
 Create Attestation Service Context. More...
 
int ast_stir_shaken_as_ctx_wants_fingerprints (struct ast_stir_shaken_as_ctx *ctx)
 Indicates if the AS context needs DTLS fingerprints. More...
 
enum ast_stir_shaken_as_response_code ast_stir_shaken_attest (struct ast_stir_shaken_as_ctx *ctx, char **header)
 Attest and return Identity header value. More...
 
enum ast_stir_shaken_vs_response_code ast_stir_shaken_vs_ctx_add_date_hdr (struct ast_stir_shaken_vs_ctx *ctx, const char *date_hdr)
 Add the received Date header value to the VS context. More...
 
enum ast_stir_shaken_vs_response_code ast_stir_shaken_vs_ctx_add_identity_hdr (struct ast_stir_shaken_vs_ctx *ctx, const char *identity_hdr)
 Add the received Identity header value to the VS context. More...
 
enum ast_stir_shaken_vs_response_code ast_stir_shaken_vs_ctx_create (const char *caller_id, struct ast_channel *chan, const char *profile_name, const char *tag, struct ast_stir_shaken_vs_ctx **ctxout)
 Create Verification Service context. More...
 
void ast_stir_shaken_vs_ctx_set_response_code (struct ast_stir_shaken_vs_ctx *ctx, enum ast_stir_shaken_vs_response_code vs_rc)
 Sets response code on VS context. More...
 
const char * ast_stir_shaken_vs_get_caller_id (struct ast_stir_shaken_vs_ctx *ctx)
 Get caller_id from context. More...
 
enum stir_shaken_failure_action_enum ast_stir_shaken_vs_get_failure_action (struct ast_stir_shaken_vs_ctx *ctx)
 Get failure_action from context. More...
 
int ast_stir_shaken_vs_get_use_rfc9410_responses (struct ast_stir_shaken_vs_ctx *ctx)
 Get use_rfc9410_responses from context. More...
 
enum ast_stir_shaken_vs_response_code ast_stir_shaken_vs_verify (struct ast_stir_shaken_vs_ctx *ctx)
 Perform incoming call verification. More...
 

Enumeration Type Documentation

◆ ast_stir_shaken_as_response_code

enum ast_stir_shaken_as_response_code
Enumerator
AST_STIR_SHAKEN_AS_SUCCESS 
AST_STIR_SHAKEN_AS_DISABLED 
AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS 
AST_STIR_SHAKEN_AS_MISSING_PARAMETERS 
AST_STIR_SHAKEN_AS_INTERNAL_ERROR 
AST_STIR_SHAKEN_AS_NO_TN_FOR_CALLERID 
AST_STIR_SHAKEN_AS_NO_PRIVATE_KEY_AVAIL 
AST_STIR_SHAKEN_AS_NO_PUBLIC_CERT_URL_AVAIL 
AST_STIR_SHAKEN_AS_NO_ATTEST_LEVEL 
AST_STIR_SHAKEN_AS_IDENTITY_HDR_EXISTS 
AST_STIR_SHAKEN_AS_NO_TO_HDR 
AST_STIR_SHAKEN_AS_TO_HDR_BAD_URI 
AST_STIR_SHAKEN_AS_SIGN_ENCODE_FAILURE 
AST_STIR_SHAKEN_AS_RESPONSE_CODE_MAX 

Definition at line 62 of file res_stir_shaken.h.

62 {
63 AST_STIR_SHAKEN_AS_SUCCESS = 0,
64 AST_STIR_SHAKEN_AS_DISABLED,
65 AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS,
66 AST_STIR_SHAKEN_AS_MISSING_PARAMETERS,
67 AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
68 AST_STIR_SHAKEN_AS_NO_TN_FOR_CALLERID,
69 AST_STIR_SHAKEN_AS_NO_PRIVATE_KEY_AVAIL,
70 AST_STIR_SHAKEN_AS_NO_PUBLIC_CERT_URL_AVAIL,
71 AST_STIR_SHAKEN_AS_NO_ATTEST_LEVEL,
72 AST_STIR_SHAKEN_AS_IDENTITY_HDR_EXISTS,
73 AST_STIR_SHAKEN_AS_NO_TO_HDR,
74 AST_STIR_SHAKEN_AS_TO_HDR_BAD_URI,
75 AST_STIR_SHAKEN_AS_SIGN_ENCODE_FAILURE,
76 AST_STIR_SHAKEN_AS_RESPONSE_CODE_MAX
77};
AST_STIR_SHAKEN_AS_NO_TN_FOR_CALLERID
@ AST_STIR_SHAKEN_AS_NO_TN_FOR_CALLERID
Definition: res_stir_shaken.h:68
AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS
@ AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS
Definition: res_stir_shaken.h:65
AST_STIR_SHAKEN_AS_TO_HDR_BAD_URI
@ AST_STIR_SHAKEN_AS_TO_HDR_BAD_URI
Definition: res_stir_shaken.h:74
AST_STIR_SHAKEN_AS_MISSING_PARAMETERS
@ AST_STIR_SHAKEN_AS_MISSING_PARAMETERS
Definition: res_stir_shaken.h:66
AST_STIR_SHAKEN_AS_NO_PRIVATE_KEY_AVAIL
@ AST_STIR_SHAKEN_AS_NO_PRIVATE_KEY_AVAIL
Definition: res_stir_shaken.h:69
AST_STIR_SHAKEN_AS_DISABLED
@ AST_STIR_SHAKEN_AS_DISABLED
Definition: res_stir_shaken.h:64
AST_STIR_SHAKEN_AS_SIGN_ENCODE_FAILURE
@ AST_STIR_SHAKEN_AS_SIGN_ENCODE_FAILURE
Definition: res_stir_shaken.h:75
AST_STIR_SHAKEN_AS_NO_TO_HDR
@ AST_STIR_SHAKEN_AS_NO_TO_HDR
Definition: res_stir_shaken.h:73
AST_STIR_SHAKEN_AS_NO_PUBLIC_CERT_URL_AVAIL
@ AST_STIR_SHAKEN_AS_NO_PUBLIC_CERT_URL_AVAIL
Definition: res_stir_shaken.h:70
AST_STIR_SHAKEN_AS_SUCCESS
@ AST_STIR_SHAKEN_AS_SUCCESS
Definition: res_stir_shaken.h:63
AST_STIR_SHAKEN_AS_RESPONSE_CODE_MAX
@ AST_STIR_SHAKEN_AS_RESPONSE_CODE_MAX
Definition: res_stir_shaken.h:76
AST_STIR_SHAKEN_AS_INTERNAL_ERROR
@ AST_STIR_SHAKEN_AS_INTERNAL_ERROR
Definition: res_stir_shaken.h:67
AST_STIR_SHAKEN_AS_IDENTITY_HDR_EXISTS
@ AST_STIR_SHAKEN_AS_IDENTITY_HDR_EXISTS
Definition: res_stir_shaken.h:72
AST_STIR_SHAKEN_AS_NO_ATTEST_LEVEL
@ AST_STIR_SHAKEN_AS_NO_ATTEST_LEVEL
Definition: res_stir_shaken.h:71

◆ ast_stir_shaken_vs_response_code

enum ast_stir_shaken_vs_response_code
Enumerator
AST_STIR_SHAKEN_VS_SUCCESS 
AST_STIR_SHAKEN_VS_DISABLED 
AST_STIR_SHAKEN_VS_INVALID_ARGUMENTS 
AST_STIR_SHAKEN_VS_INTERNAL_ERROR 
AST_STIR_SHAKEN_VS_NO_IDENTITY_HDR 
AST_STIR_SHAKEN_VS_NO_DATE_HDR 
AST_STIR_SHAKEN_VS_DATE_HDR_PARSE_FAILURE 
AST_STIR_SHAKEN_VS_DATE_HDR_EXPIRED 
AST_STIR_SHAKEN_VS_NO_JWT_HDR 
AST_STIR_SHAKEN_VS_INVALID_OR_NO_X5U 
AST_STIR_SHAKEN_VS_CERT_CACHE_MISS 
AST_STIR_SHAKEN_VS_CERT_CACHE_INVALID 
AST_STIR_SHAKEN_VS_CERT_CACHE_EXPIRED 
AST_STIR_SHAKEN_VS_CERT_RETRIEVAL_FAILURE 
AST_STIR_SHAKEN_VS_CERT_CONTENTS_INVALID 
AST_STIR_SHAKEN_VS_CERT_NOT_TRUSTED 
AST_STIR_SHAKEN_VS_CERT_DATE_INVALID 
AST_STIR_SHAKEN_VS_CERT_NO_TN_AUTH_EXT 
AST_STIR_SHAKEN_VS_CERT_NO_SPC_IN_TN_AUTH_EXT 
AST_STIR_SHAKEN_VS_NO_RAW_KEY 
AST_STIR_SHAKEN_VS_SIGNATURE_VALIDATION 
AST_STIR_SHAKEN_VS_NO_IAT 
AST_STIR_SHAKEN_VS_IAT_EXPIRED 
AST_STIR_SHAKEN_VS_INVALID_OR_NO_PPT 
AST_STIR_SHAKEN_VS_INVALID_OR_NO_ALG 
AST_STIR_SHAKEN_VS_INVALID_OR_NO_TYP 
AST_STIR_SHAKEN_VS_INVALID_OR_NO_GRANTS 
AST_STIR_SHAKEN_VS_INVALID_OR_NO_ATTEST 
AST_STIR_SHAKEN_VS_NO_ORIGID 
AST_STIR_SHAKEN_VS_NO_ORIG_TN 
AST_STIR_SHAKEN_VS_CID_ORIG_TN_MISMATCH 
AST_STIR_SHAKEN_VS_NO_DEST_TN 
AST_STIR_SHAKEN_VS_INVALID_HEADER 
AST_STIR_SHAKEN_VS_INVALID_GRANT 
AST_STIR_SHAKEN_VS_INVALID_OR_NO_CID 
AST_STIR_SHAKEN_VS_RESPONSE_CODE_MAX 

Definition at line 23 of file res_stir_shaken.h.

23 {
24 AST_STIR_SHAKEN_VS_SUCCESS = 0,
25 AST_STIR_SHAKEN_VS_DISABLED,
26 AST_STIR_SHAKEN_VS_INVALID_ARGUMENTS,
27 AST_STIR_SHAKEN_VS_INTERNAL_ERROR,
28 AST_STIR_SHAKEN_VS_NO_IDENTITY_HDR,
29 AST_STIR_SHAKEN_VS_NO_DATE_HDR,
30 AST_STIR_SHAKEN_VS_DATE_HDR_PARSE_FAILURE,
31 AST_STIR_SHAKEN_VS_DATE_HDR_EXPIRED,
32 AST_STIR_SHAKEN_VS_NO_JWT_HDR,
33 AST_STIR_SHAKEN_VS_INVALID_OR_NO_X5U,
34 AST_STIR_SHAKEN_VS_CERT_CACHE_MISS,
35 AST_STIR_SHAKEN_VS_CERT_CACHE_INVALID,
36 AST_STIR_SHAKEN_VS_CERT_CACHE_EXPIRED,
37 AST_STIR_SHAKEN_VS_CERT_RETRIEVAL_FAILURE,
38 AST_STIR_SHAKEN_VS_CERT_CONTENTS_INVALID,
39 AST_STIR_SHAKEN_VS_CERT_NOT_TRUSTED,
40 AST_STIR_SHAKEN_VS_CERT_DATE_INVALID,
41 AST_STIR_SHAKEN_VS_CERT_NO_TN_AUTH_EXT,
42 AST_STIR_SHAKEN_VS_CERT_NO_SPC_IN_TN_AUTH_EXT,
43 AST_STIR_SHAKEN_VS_NO_RAW_KEY,
44 AST_STIR_SHAKEN_VS_SIGNATURE_VALIDATION,
45 AST_STIR_SHAKEN_VS_NO_IAT,
46 AST_STIR_SHAKEN_VS_IAT_EXPIRED,
47 AST_STIR_SHAKEN_VS_INVALID_OR_NO_PPT,
48 AST_STIR_SHAKEN_VS_INVALID_OR_NO_ALG,
49 AST_STIR_SHAKEN_VS_INVALID_OR_NO_TYP,
50 AST_STIR_SHAKEN_VS_INVALID_OR_NO_GRANTS,
51 AST_STIR_SHAKEN_VS_INVALID_OR_NO_ATTEST,
52 AST_STIR_SHAKEN_VS_NO_ORIGID,
53 AST_STIR_SHAKEN_VS_NO_ORIG_TN,
54 AST_STIR_SHAKEN_VS_CID_ORIG_TN_MISMATCH,
55 AST_STIR_SHAKEN_VS_NO_DEST_TN,
56 AST_STIR_SHAKEN_VS_INVALID_HEADER,
57 AST_STIR_SHAKEN_VS_INVALID_GRANT,
58 AST_STIR_SHAKEN_VS_INVALID_OR_NO_CID,
59 AST_STIR_SHAKEN_VS_RESPONSE_CODE_MAX
60};
AST_STIR_SHAKEN_VS_CERT_DATE_INVALID
@ AST_STIR_SHAKEN_VS_CERT_DATE_INVALID
Definition: res_stir_shaken.h:40
AST_STIR_SHAKEN_VS_NO_DATE_HDR
@ AST_STIR_SHAKEN_VS_NO_DATE_HDR
Definition: res_stir_shaken.h:29
AST_STIR_SHAKEN_VS_SUCCESS
@ AST_STIR_SHAKEN_VS_SUCCESS
Definition: res_stir_shaken.h:24
AST_STIR_SHAKEN_VS_INVALID_OR_NO_ATTEST
@ AST_STIR_SHAKEN_VS_INVALID_OR_NO_ATTEST
Definition: res_stir_shaken.h:51
AST_STIR_SHAKEN_VS_INVALID_OR_NO_TYP
@ AST_STIR_SHAKEN_VS_INVALID_OR_NO_TYP
Definition: res_stir_shaken.h:49
AST_STIR_SHAKEN_VS_CID_ORIG_TN_MISMATCH
@ AST_STIR_SHAKEN_VS_CID_ORIG_TN_MISMATCH
Definition: res_stir_shaken.h:54
AST_STIR_SHAKEN_VS_NO_JWT_HDR
@ AST_STIR_SHAKEN_VS_NO_JWT_HDR
Definition: res_stir_shaken.h:32
AST_STIR_SHAKEN_VS_NO_DEST_TN
@ AST_STIR_SHAKEN_VS_NO_DEST_TN
Definition: res_stir_shaken.h:55
AST_STIR_SHAKEN_VS_IAT_EXPIRED
@ AST_STIR_SHAKEN_VS_IAT_EXPIRED
Definition: res_stir_shaken.h:46
AST_STIR_SHAKEN_VS_NO_IDENTITY_HDR
@ AST_STIR_SHAKEN_VS_NO_IDENTITY_HDR
Definition: res_stir_shaken.h:28
AST_STIR_SHAKEN_VS_NO_RAW_KEY
@ AST_STIR_SHAKEN_VS_NO_RAW_KEY
Definition: res_stir_shaken.h:43
AST_STIR_SHAKEN_VS_DATE_HDR_EXPIRED
@ AST_STIR_SHAKEN_VS_DATE_HDR_EXPIRED
Definition: res_stir_shaken.h:31
AST_STIR_SHAKEN_VS_INVALID_ARGUMENTS
@ AST_STIR_SHAKEN_VS_INVALID_ARGUMENTS
Definition: res_stir_shaken.h:26
AST_STIR_SHAKEN_VS_SIGNATURE_VALIDATION
@ AST_STIR_SHAKEN_VS_SIGNATURE_VALIDATION
Definition: res_stir_shaken.h:44
AST_STIR_SHAKEN_VS_INVALID_OR_NO_ALG
@ AST_STIR_SHAKEN_VS_INVALID_OR_NO_ALG
Definition: res_stir_shaken.h:48
AST_STIR_SHAKEN_VS_CERT_CONTENTS_INVALID
@ AST_STIR_SHAKEN_VS_CERT_CONTENTS_INVALID
Definition: res_stir_shaken.h:38
AST_STIR_SHAKEN_VS_NO_ORIGID
@ AST_STIR_SHAKEN_VS_NO_ORIGID
Definition: res_stir_shaken.h:52
AST_STIR_SHAKEN_VS_INVALID_HEADER
@ AST_STIR_SHAKEN_VS_INVALID_HEADER
Definition: res_stir_shaken.h:56
AST_STIR_SHAKEN_VS_CERT_CACHE_INVALID
@ AST_STIR_SHAKEN_VS_CERT_CACHE_INVALID
Definition: res_stir_shaken.h:35
AST_STIR_SHAKEN_VS_INVALID_GRANT
@ AST_STIR_SHAKEN_VS_INVALID_GRANT
Definition: res_stir_shaken.h:57
AST_STIR_SHAKEN_VS_DISABLED
@ AST_STIR_SHAKEN_VS_DISABLED
Definition: res_stir_shaken.h:25
AST_STIR_SHAKEN_VS_CERT_CACHE_MISS
@ AST_STIR_SHAKEN_VS_CERT_CACHE_MISS
Definition: res_stir_shaken.h:34
AST_STIR_SHAKEN_VS_CERT_CACHE_EXPIRED
@ AST_STIR_SHAKEN_VS_CERT_CACHE_EXPIRED
Definition: res_stir_shaken.h:36
AST_STIR_SHAKEN_VS_NO_IAT
@ AST_STIR_SHAKEN_VS_NO_IAT
Definition: res_stir_shaken.h:45
AST_STIR_SHAKEN_VS_NO_ORIG_TN
@ AST_STIR_SHAKEN_VS_NO_ORIG_TN
Definition: res_stir_shaken.h:53
AST_STIR_SHAKEN_VS_INVALID_OR_NO_PPT
@ AST_STIR_SHAKEN_VS_INVALID_OR_NO_PPT
Definition: res_stir_shaken.h:47
AST_STIR_SHAKEN_VS_CERT_NOT_TRUSTED
@ AST_STIR_SHAKEN_VS_CERT_NOT_TRUSTED
Definition: res_stir_shaken.h:39
AST_STIR_SHAKEN_VS_DATE_HDR_PARSE_FAILURE
@ AST_STIR_SHAKEN_VS_DATE_HDR_PARSE_FAILURE
Definition: res_stir_shaken.h:30
AST_STIR_SHAKEN_VS_INTERNAL_ERROR
@ AST_STIR_SHAKEN_VS_INTERNAL_ERROR
Definition: res_stir_shaken.h:27
AST_STIR_SHAKEN_VS_INVALID_OR_NO_CID
@ AST_STIR_SHAKEN_VS_INVALID_OR_NO_CID
Definition: res_stir_shaken.h:58
AST_STIR_SHAKEN_VS_CERT_NO_SPC_IN_TN_AUTH_EXT
@ AST_STIR_SHAKEN_VS_CERT_NO_SPC_IN_TN_AUTH_EXT
Definition: res_stir_shaken.h:42
AST_STIR_SHAKEN_VS_RESPONSE_CODE_MAX
@ AST_STIR_SHAKEN_VS_RESPONSE_CODE_MAX
Definition: res_stir_shaken.h:59
AST_STIR_SHAKEN_VS_INVALID_OR_NO_GRANTS
@ AST_STIR_SHAKEN_VS_INVALID_OR_NO_GRANTS
Definition: res_stir_shaken.h:50
AST_STIR_SHAKEN_VS_INVALID_OR_NO_X5U
@ AST_STIR_SHAKEN_VS_INVALID_OR_NO_X5U
Definition: res_stir_shaken.h:33
AST_STIR_SHAKEN_VS_CERT_RETRIEVAL_FAILURE
@ AST_STIR_SHAKEN_VS_CERT_RETRIEVAL_FAILURE
Definition: res_stir_shaken.h:37
AST_STIR_SHAKEN_VS_CERT_NO_TN_AUTH_EXT
@ AST_STIR_SHAKEN_VS_CERT_NO_TN_AUTH_EXT
Definition: res_stir_shaken.h:41

◆ stir_shaken_failure_action_enum

enum stir_shaken_failure_action_enum
Enumerator
stir_shaken_failure_action_UNKNOWN 

Unknown value

stir_shaken_failure_action_CONTINUE 

Continue and let dialplan decide action

stir_shaken_failure_action_REJECT_REQUEST 

Reject request with respone codes defined in RFC8224

stir_shaken_failure_action_CONTINUE_RETURN_REASON 

Continue but return a Reason header in next provisional response

stir_shaken_failure_action_NOT_SET 

Not set in config

Definition at line 79 of file res_stir_shaken.h.

79 {
80 /*! Unknown value */
81 stir_shaken_failure_action_UNKNOWN = -1,
82 /*! Continue and let dialplan decide action */
83 stir_shaken_failure_action_CONTINUE = 0,
84 /*! Reject request with respone codes defined in RFC8224 */
85 stir_shaken_failure_action_REJECT_REQUEST,
86 /*! Continue but return a Reason header in next provisional response */
87 stir_shaken_failure_action_CONTINUE_RETURN_REASON,
88 /*! Not set in config */
89 stir_shaken_failure_action_NOT_SET,
90};
stir_shaken_failure_action_CONTINUE
@ stir_shaken_failure_action_CONTINUE
Definition: res_stir_shaken.h:83
stir_shaken_failure_action_CONTINUE_RETURN_REASON
@ stir_shaken_failure_action_CONTINUE_RETURN_REASON
Definition: res_stir_shaken.h:87
stir_shaken_failure_action_UNKNOWN
@ stir_shaken_failure_action_UNKNOWN
Definition: res_stir_shaken.h:81
stir_shaken_failure_action_NOT_SET
@ stir_shaken_failure_action_NOT_SET
Definition: res_stir_shaken.h:89
stir_shaken_failure_action_REJECT_REQUEST
@ stir_shaken_failure_action_REJECT_REQUEST
Definition: res_stir_shaken.h:85

Function Documentation

◆ ast_stir_shaken_add_result_to_channel()

int ast_stir_shaken_add_result_to_channel ( struct ast_stir_shaken_vs_ctx ctx)

Add a STIR/SHAKEN verification result to a channel.

Parameters
ctxVS context
Return values
-1on failure
0on success

Definition at line 89 of file res_stir_shaken.c.

91{
92 struct stir_datastore *stir_datastore;
93 struct ast_datastore *chan_datastore;
94 const char *chan_name;
95
96 if (!ctx->chan) {
97 ast_log(LOG_ERROR, "Channel is required to add STIR/SHAKEN verification\n");
98 return -1;
99 }
100
101 chan_name = ast_channel_name(ctx->chan);
102
103 if (!ctx->identity_hdr) {
104 ast_log(LOG_ERROR, "No identity to add STIR/SHAKEN verification to channel "
105 "%s\n", chan_name);
106 return -1;
107 }
108
109 if (!ctx->attestation) {
110 ast_log(LOG_ERROR, "Attestation cannot be NULL to add STIR/SHAKEN verification to "
111 "channel %s\n", chan_name);
112 return -1;
113 }
114
115 stir_datastore = ast_calloc(1, sizeof(*stir_datastore));
116 if (!stir_datastore) {
117 ast_log(LOG_ERROR, "Failed to allocate space for STIR/SHAKEN datastore for "
118 "channel %s\n", chan_name);
119 return -1;
120 }
121
122 stir_datastore->identity = ast_strdup(ctx->identity_hdr);
123 if (!stir_datastore->identity) {
124 ast_log(LOG_ERROR, "Failed to allocate space for STIR/SHAKEN datastore "
125 "identity for channel %s\n", chan_name);
126 stir_datastore_free(stir_datastore);
127 return -1;
128 }
129
130 stir_datastore->attestation = ast_strdup(ctx->attestation);
131 if (!stir_datastore->attestation) {
132 ast_log(LOG_ERROR, "Failed to allocate space for STIR/SHAKEN datastore "
133 "attestation for channel %s\n", chan_name);
134 stir_datastore_free(stir_datastore);
135 return -1;
136 }
137
138 stir_datastore->verify_result = ctx->failure_reason;
139
140 chan_datastore = ast_datastore_alloc(&stir_shaken_datastore_info, NULL);
141 if (!chan_datastore) {
142 ast_log(LOG_ERROR, "Failed to allocate space for datastore for channel "
143 "%s\n", chan_name);
144 stir_datastore_free(stir_datastore);
145 return -1;
146 }
147
148 chan_datastore->data = stir_datastore;
149
150 ast_channel_lock(ctx->chan);
151 ast_channel_datastore_add(ctx->chan, chan_datastore);
152 ast_channel_unlock(ctx->chan);
153
154 return 0;
155}
ast_strdup
#define ast_strdup(str)
A wrapper for strdup()
Definition: astmm.h:241
ast_calloc
#define ast_calloc(num, len)
A wrapper for calloc()
Definition: astmm.h:202
ast_log
#define ast_log
Definition: astobj2.c:42
ast_channel_name
const char * ast_channel_name(const struct ast_channel *chan)
ast_channel_datastore_add
int ast_channel_datastore_add(struct ast_channel *chan, struct ast_datastore *datastore)
Add a datastore to a channel.
Definition: channel.c:2354
ast_channel_lock
#define ast_channel_lock(chan)
Definition: channel.h:2972
ast_channel_unlock
#define ast_channel_unlock(chan)
Definition: channel.h:2973
ast_datastore_alloc
#define ast_datastore_alloc(info, uid)
Definition: datastore.h:85
LOG_ERROR
#define LOG_ERROR
Definition: include/asterisk/logger.h:289
stir_shaken_datastore_info
static const struct ast_datastore_info stir_shaken_datastore_info
Definition: res_stir_shaken.c:84
stir_datastore_free
static void stir_datastore_free(struct stir_datastore *datastore)
Frees a stir_shaken_datastore structure.
Definition: res_stir_shaken.c:61
NULL
#define NULL
Definition: resample.c:96
ast_datastore
Structure for a data store object.
Definition: datastore.h:64
ast_datastore::data
void * data
Definition: datastore.h:66
ast_stir_shaken_vs_ctx::attestation
const ast_string_field attestation
Definition: verification.h:39
ast_stir_shaken_vs_ctx::identity_hdr
const ast_string_field identity_hdr
Definition: verification.h:39
ast_stir_shaken_vs_ctx::chan
struct ast_channel * chan
Definition: verification.h:41
ast_stir_shaken_vs_ctx::failure_reason
enum ast_stir_shaken_vs_response_code failure_reason
Definition: verification.h:48
stir_datastore
Definition: res_stir_shaken.c:47
stir_datastore::attestation
char * attestation
Definition: res_stir_shaken.c:51
stir_datastore::verify_result
enum ast_stir_shaken_vs_response_code verify_result
Definition: res_stir_shaken.c:53
stir_datastore::identity
char * identity
Definition: res_stir_shaken.c:49

References ast_calloc, ast_channel_datastore_add(), ast_channel_lock, ast_channel_name(), ast_channel_unlock, ast_datastore_alloc, ast_log, ast_strdup, stir_datastore::attestation, ast_stir_shaken_vs_ctx::attestation, ast_stir_shaken_vs_ctx::chan, ast_datastore::data, ast_stir_shaken_vs_ctx::failure_reason, stir_datastore::identity, ast_stir_shaken_vs_ctx::identity_hdr, LOG_ERROR, NULL, stir_datastore_free(), stir_shaken_datastore_info, and stir_datastore::verify_result.

Referenced by process_failure(), and stir_shaken_incoming_request().

◆ ast_stir_shaken_as_ctx_add_fingerprint()

enum ast_stir_shaken_as_response_code ast_stir_shaken_as_ctx_add_fingerprint ( struct ast_stir_shaken_as_ctx ctx,
const char *  alg,
const char *  fingerprint 
)

Add DTLS fingerprints to AS context.

Parameters
ctxAS context
algFingerprint algorithm ("sha-1" or "sha-256")
fingerprintFingerprint
Return values
AST_STIR_SHAKEN_AS_SUCCESSif successful
OtherAST_STIR_SHAKEN_AS errors.

Definition at line 206 of file attestation.c.

208{
209 char *compacted_fp = ast_alloca(strlen(fingerprint) + 1);
210 const char *f = fingerprint;
211 char *fp = compacted_fp;
212 char *combined;
213 int rc;
214 SCOPE_ENTER(4, "%s: Add fingerprint %s:%s\n", ctx ? ctx->tag : "",
215 alg, fingerprint);
216
217 if (!ctx || ast_strlen_zero(alg) || ast_strlen_zero(fingerprint)) {
218 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS,
219 "%s: Missing arguments\n", ctx->tag);
220 }
221
222 if (!ENUM_BOOL(ctx->etn->acfg_common.send_mky, send_mky)) {
223 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_DISABLED,
224 "%s: Not needed\n", ctx->tag);
225 }
226
227 /* De-colonize */
228 while (*f != '\0') {
229 if (*f != ':') {
230 *fp++ = *f;
231 }
232 f++;
233 }
234 *fp = '\0';
235 rc = ast_asprintf(&combined, "%s:%s", alg, compacted_fp);
236 if (rc < 0) {
237 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
238 "%s: Can't allocate memory for comobined string\n", ctx->tag);
239 }
240
241 rc = AST_VECTOR_ADD_SORTED(&ctx->fingerprints, combined, strcasecmp);
242 if (rc < 0) {
243 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
244 "%s: Can't add entry to vector\n", ctx->tag);
245 }
246
247 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_SUCCESS,
248 "%s: Done\n", ctx->tag);
249}
ast_alloca
#define ast_alloca(size)
call __builtin_alloca to ensure we get gcc builtin semantics
Definition: astmm.h:288
ast_asprintf
#define ast_asprintf(ret, fmt,...)
A wrapper for asprintf()
Definition: astmm.h:267
ENUM_BOOL
#define ENUM_BOOL(__enum1, __field)
Definition: common_config.h:218
SCOPE_EXIT_RTN_VALUE
#define SCOPE_EXIT_RTN_VALUE(__return_value,...)
Definition: include/asterisk/logger.h:1034
SCOPE_ENTER
#define SCOPE_ENTER(level,...)
Definition: include/asterisk/logger.h:1006
ast_strlen_zero
static force_inline int attribute_pure ast_strlen_zero(const char *s)
Definition: strings.h:65
ast_stir_shaken_as_ctx::etn
struct tn_cfg * etn
Definition: attestation.h:32
ast_stir_shaken_as_ctx::tag
const ast_string_field tag
Definition: attestation.h:29
ast_stir_shaken_as_ctx::fingerprints
struct ast_vector_string fingerprints
Definition: attestation.h:31
attestation_cfg_common::send_mky
enum send_mky_enum send_mky
Definition: common_config.h:299
tn_cfg::acfg_common
struct attestation_cfg_common acfg_common
Definition: common_config.h:464
AST_VECTOR_ADD_SORTED
#define AST_VECTOR_ADD_SORTED(vec, elem, cmp)
Add an element into a sorted vector.
Definition: vector.h:371

References tn_cfg::acfg_common, ast_alloca, ast_asprintf, AST_STIR_SHAKEN_AS_DISABLED, AST_STIR_SHAKEN_AS_INTERNAL_ERROR, AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS, AST_STIR_SHAKEN_AS_SUCCESS, ast_strlen_zero(), AST_VECTOR_ADD_SORTED, ENUM_BOOL, ast_stir_shaken_as_ctx::etn, ast_stir_shaken_as_ctx::fingerprints, SCOPE_ENTER, SCOPE_EXIT_RTN_VALUE, attestation_cfg_common::send_mky, and ast_stir_shaken_as_ctx::tag.

Referenced by add_fingerprints_if_present().

◆ ast_stir_shaken_as_ctx_create()

enum ast_stir_shaken_as_response_code ast_stir_shaken_as_ctx_create ( const char *  caller_id,
const char *  dest_tn,
struct ast_channel chan,
const char *  profile_name,
const char *  tag,
struct ast_stir_shaken_as_ctx **  ctxout 
)

Create Attestation Service Context.

Parameters
caller_idThe caller_id for the outgoing call
dest_tnCanonicalized destination tn
chanThe outgoing channel
profile_nameThe profile name on the endpoint May be NULL.
tagIdentifying string to output in log and trace messages.
ctxoutReceives a pointer to the newly created context The caller must release with ao2_ref or ao2_cleanup.
Return values
AST_STIR_SHAKEN_AS_SUCCESSif successful.
AST_STIR_SHAKEN_AS_DISABLEDif attestation is disabled by the endpoint itself, the profile or globally.
OtherAST_STIR_SHAKEN_AS errors.

Definition at line 66 of file attestation.c.

70{
71 RAII_VAR(struct ast_stir_shaken_as_ctx *, ctx, NULL, ao2_cleanup);
72 RAII_VAR(struct profile_cfg *, eprofile, NULL, ao2_cleanup);
73 RAII_VAR(struct attestation_cfg *, as_cfg, NULL, ao2_cleanup);
74 RAII_VAR(struct tn_cfg *, etn, NULL, ao2_cleanup);
75 RAII_VAR(char *, canon_dest_tn , canonicalize_tn_alloc(dest_tn), ast_free);
76 RAII_VAR(char *, canon_orig_tn , canonicalize_tn_alloc(orig_tn), ast_free);
77
78 const char *t = S_OR(tag, S_COR(chan, ast_channel_name(chan), ""));
79 SCOPE_ENTER(3, "%s: Enter\n", t);
80
81 as_cfg = as_get_cfg();
82 if (as_cfg->global_disable) {
83 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_DISABLED,
84 "%s: Globally disabled\n", t);
85 }
86
87 if (ast_strlen_zero(profile_name)) {
88 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_DISABLED,
89 "%s: Disabled due to missing profile name\n", t);
90 }
91
92 eprofile = eprofile_get_cfg(profile_name);
93 if (!eprofile) {
94 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_DISABLED,
95 LOG_ERROR, "%s: No profile for profile name '%s'. Call will continue\n", tag,
96 profile_name);
97 }
98
99 if (!PROFILE_ALLOW_ATTEST(eprofile)) {
100 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_DISABLED,
101 "%s: Disabled by profile '%s'\n", t, profile_name);
102 }
103
104 if (ast_strlen_zero(tag)) {
105 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS,
106 LOG_ERROR, "%s: Must provide tag\n", t);
107 }
108
109 if (!canon_orig_tn) {
110 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS,
111 LOG_ERROR, "%s: Must provide caller_id/orig_tn\n", tag);
112 }
113
114 if (!canon_dest_tn) {
115 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS,
116 LOG_ERROR, "%s: Must provide dest_tn\n", tag);
117 }
118
119 if (!ctxout) {
120 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS,
121 LOG_ERROR, "%s: Must provide ctxout\n", tag);
122 }
123
124 etn = tn_get_etn(canon_orig_tn, eprofile);
125 if (!etn) {
126 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_DISABLED,
127 "%s: No tn for orig_tn '%s'\n", tag, canon_orig_tn);
128 }
129
130 /* We don't need eprofile or as_cfg anymore so let's clean em up */
131 ao2_cleanup(as_cfg);
132 as_cfg = NULL;
133 ao2_cleanup(eprofile);
134 eprofile = NULL;
135
136
137 if (etn->acfg_common.attest_level == attest_level_NOT_SET) {
138 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_MISSING_PARAMETERS,
139 LOG_ERROR,
140 "'%s': No attest_level specified in tn, profile or attestation objects\n",
141 tag);
142 }
143
144 if (ast_strlen_zero(etn->acfg_common.public_cert_url)) {
145 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_NO_PUBLIC_CERT_URL_AVAIL,
146 LOG_ERROR, "%s: No public cert url in tn %s, profile or attestation objects\n",
147 tag, canon_orig_tn);
148 }
149
150 if (etn->acfg_common.raw_key_length == 0) {
151 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_NO_PRIVATE_KEY_AVAIL,
152 LOG_ERROR, "%s: No private key in tn %s, profile or attestation objects\n",
153 canon_orig_tn, tag);
154 }
155
156 ctx = ao2_alloc_options(sizeof(*ctx), ctx_destructor,
157 AO2_ALLOC_OPT_LOCK_NOLOCK);
158 if (!ctx) {
159 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
160 LOG_ERROR, "%s: Unable to allocate memory for ctx\n", tag);
161 }
162
163 if (ast_string_field_init(ctx, 1024) != 0) {
164 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
165 LOG_ERROR, "%s: Unable to allocate memory for ctx\n", tag);
166 }
167
168 if (ast_string_field_set(ctx, tag, tag) != 0) {
169 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
170 LOG_ERROR, "%s: Unable to allocate memory for ctx\n", tag);
171 }
172
173 if (ast_string_field_set(ctx, orig_tn, canon_orig_tn) != 0) {
174 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
175 LOG_ERROR, "%s: Unable to allocate memory for ctx\n", tag);
176 }
177
178 if (ast_string_field_set(ctx, dest_tn, canon_dest_tn)) {
179 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
180 LOG_ERROR, "%s: Unable to allocate memory for ctx\n", tag);
181 }
182
183 ctx->chan = chan;
184 ast_channel_ref(ctx->chan);
185
186 if (AST_VECTOR_INIT(&ctx->fingerprints, 1) != 0) {
187 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
188 LOG_ERROR, "%s: Unable to allocate memory for ctx\n", tag);
189 }
190
191 /* Transfer the references */
192 ctx->etn = etn;
193 etn = NULL;
194 *ctxout = ctx;
195 ctx = NULL;
196
197 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_SUCCESS, "%s: Done\n", tag);
198}
ast_free
#define ast_free(a)
Definition: astmm.h:180
AO2_ALLOC_OPT_LOCK_NOLOCK
@ AO2_ALLOC_OPT_LOCK_NOLOCK
Definition: astobj2.h:367
ao2_cleanup
#define ao2_cleanup(obj)
Definition: astobj2.h:1934
ao2_alloc_options
#define ao2_alloc_options(data_size, destructor_fn, options)
Definition: astobj2.h:404
ctx_destructor
static void ctx_destructor(void *obj)
Definition: attestation.c:54
as_get_cfg
struct attestation_cfg * as_get_cfg(void)
Definition: attestation_config.c:43
ast_channel_ref
#define ast_channel_ref(c)
Increase channel reference count.
Definition: channel.h:2997
canonicalize_tn_alloc
char * canonicalize_tn_alloc(const char *tn)
Canonicalize a TN into nre buffer.
Definition: common_config.c:293
eprofile_get_cfg
struct profile_cfg * eprofile_get_cfg(const char *id)
Definition: profile_config.c:126
PROFILE_ALLOW_ATTEST
#define PROFILE_ALLOW_ATTEST(__profile)
Definition: common_config.h:441
tn_get_etn
struct tn_cfg * tn_get_etn(const char *tn, struct profile_cfg *eprofile)
Definition: tn_config.c:111
SCOPE_EXIT_LOG_RTN_VALUE
#define SCOPE_EXIT_LOG_RTN_VALUE(__value, __log_level,...)
Definition: include/asterisk/logger.h:1057
ast_string_field_set
#define ast_string_field_set(x, field, data)
Set a field to a simple string value.
Definition: stringfields.h:521
ast_string_field_init
#define ast_string_field_init(x, size)
Initialize a field pool and fields.
Definition: stringfields.h:359
S_OR
#define S_OR(a, b)
returns the equivalent of logic or for strings: first one if not empty, otherwise second one.
Definition: strings.h:80
S_COR
#define S_COR(a, b, c)
returns the equivalent of logic or for strings, with an additional boolean check: second one if not e...
Definition: strings.h:87
ast_stir_shaken_as_ctx
Definition: attestation.h:24
attestation_cfg
Definition: common_config.h:320
profile_cfg
Profile configuration for stir/shaken.
Definition: common_config.h:417
tn_cfg
TN configuration for stir/shaken.
Definition: common_config.h:455
RAII_VAR
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition: utils.h:941
AST_VECTOR_INIT
#define AST_VECTOR_INIT(vec, size)
Initialize a vector.
Definition: vector.h:113

References tn_cfg::acfg_common, AO2_ALLOC_OPT_LOCK_NOLOCK, ao2_alloc_options, ao2_cleanup, as_get_cfg(), ast_channel_name(), ast_channel_ref, ast_free, AST_STIR_SHAKEN_AS_DISABLED, AST_STIR_SHAKEN_AS_INTERNAL_ERROR, AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS, AST_STIR_SHAKEN_AS_MISSING_PARAMETERS, AST_STIR_SHAKEN_AS_NO_PRIVATE_KEY_AVAIL, AST_STIR_SHAKEN_AS_NO_PUBLIC_CERT_URL_AVAIL, AST_STIR_SHAKEN_AS_SUCCESS, ast_string_field_init, ast_string_field_set, ast_strlen_zero(), AST_VECTOR_INIT, attestation_cfg_common::attest_level, canonicalize_tn_alloc(), ast_stir_shaken_as_ctx::chan, ctx_destructor(), ast_stir_shaken_as_ctx::dest_tn, eprofile_get_cfg(), ast_stir_shaken_as_ctx::etn, LOG_ERROR, NULL, ast_stir_shaken_as_ctx::orig_tn, PROFILE_ALLOW_ATTEST, attestation_cfg_common::public_cert_url, RAII_VAR, attestation_cfg_common::raw_key_length, S_COR, S_OR, SCOPE_ENTER, SCOPE_EXIT_LOG_RTN_VALUE, SCOPE_EXIT_RTN_VALUE, ast_stir_shaken_as_ctx::tag, and tn_get_etn().

Referenced by stir_shaken_outgoing_request().

◆ ast_stir_shaken_as_ctx_wants_fingerprints()

int ast_stir_shaken_as_ctx_wants_fingerprints ( struct ast_stir_shaken_as_ctx ctx)

Indicates if the AS context needs DTLS fingerprints.

Parameters
ctxAS Context
Return values
0Not needed
1Needed

Definition at line 200 of file attestation.c.

201{
202 return ENUM_BOOL(ctx->etn->acfg_common.send_mky, send_mky);
203}

References tn_cfg::acfg_common, ENUM_BOOL, ast_stir_shaken_as_ctx::etn, and attestation_cfg_common::send_mky.

Referenced by add_fingerprints_if_present().

◆ ast_stir_shaken_attest()

enum ast_stir_shaken_as_response_code ast_stir_shaken_attest ( struct ast_stir_shaken_as_ctx ctx,
char **  header 
)

Attest and return Identity header value.

Parameters
ctxAS Context
headerPointer to buffer to receive the header value Must be freed with ast_free when done
Return values
AST_STIR_SHAKEN_AS_SUCCESSif successful
OtherAST_STIR_SHAKEN_AS errors.

Definition at line 364 of file attestation.c.

366{
367 RAII_VAR(jwt_t *, jwt, NULL, jwt_free);
368 jwt_alg_t alg;
369 char *encoded = NULL;
370 enum ast_stir_shaken_as_response_code as_rc;
371 int rc = 0;
372 SCOPE_ENTER(3, "%s: Attestation: orig: %s dest: %s\n",
373 ctx ? ctx->tag : "NULL", ctx ? ctx->orig_tn : "NULL",
374 ctx ? ctx->dest_tn : "NULL");
375
376 if (!ctx) {
377 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_VS_INTERNAL_ERROR, LOG_ERROR,
378 "%s: No context object!\n", "NULL");
379 }
380
381 if (header == NULL) {
382 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS,
383 LOG_ERROR, "%s: Header buffer was NULL\n", ctx->tag);
384 }
385
386 rc = jwt_new(&jwt);
387 if (rc != 0) {
388 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
389 LOG_ERROR, "%s: Cannot create JWT\n", ctx->tag);
390 }
391
392 /*
393 * All headers added need to be in alphabetical order!
394 */
395 alg = jwt_str_alg(STIR_SHAKEN_ENCRYPTION_ALGORITHM);
396 jwt_set_alg(jwt, alg, (const unsigned char *)ctx->etn->acfg_common.raw_key,
397 ctx->etn->acfg_common.raw_key_length);
398 jwt_add_header(jwt, "ppt", STIR_SHAKEN_PPT);
399 jwt_add_header(jwt, "typ", STIR_SHAKEN_TYPE);
400 jwt_add_header(jwt, "x5u", ctx->etn->acfg_common.public_cert_url);
401
402 as_rc = pack_payload(ctx, jwt);
403 if (as_rc != AST_STIR_SHAKEN_AS_SUCCESS) {
404 SCOPE_EXIT_LOG_RTN_VALUE(as_rc,
405 LOG_ERROR, "%s: Cannot pack payload\n", ctx->tag);
406 }
407
408 encoded = jwt_encode_str(jwt);
409 if (!encoded) {
410 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_SIGN_ENCODE_FAILURE,
411 LOG_ERROR, "%s: Unable to sign/encode JWT\n", ctx->tag);
412 }
413
414 rc = ast_asprintf(header, "%s;info=<%s>;alg=%s;ppt=%s",
415 encoded, ctx->etn->acfg_common.public_cert_url, jwt_alg_str(alg),
416 STIR_SHAKEN_PPT);
417 ast_std_free(encoded);
418 if (rc < 0) {
419 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
420 LOG_ERROR, "%s: Unable to allocate memory for identity header\n",
421 ctx->tag);
422 }
423
424 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_SUCCESS, "%s: Done\n", ctx->tag);
425}
ast_std_free
void ast_std_free(void *ptr)
Definition: astmm.c:1734
pack_payload
static enum ast_stir_shaken_as_response_code pack_payload(struct ast_stir_shaken_as_ctx *ctx, jwt_t *jwt)
Definition: attestation.c:290
ast_stir_shaken_as_response_code
ast_stir_shaken_as_response_code
Definition: res_stir_shaken.h:62
STIR_SHAKEN_ENCRYPTION_ALGORITHM
#define STIR_SHAKEN_ENCRYPTION_ALGORITHM
Definition: stir_shaken.h:28
STIR_SHAKEN_PPT
#define STIR_SHAKEN_PPT
Definition: stir_shaken.h:29
STIR_SHAKEN_TYPE
#define STIR_SHAKEN_TYPE
Definition: stir_shaken.h:30
ast_stir_shaken_as_ctx::dest_tn
const ast_string_field dest_tn
Definition: attestation.h:29
ast_stir_shaken_as_ctx::orig_tn
const ast_string_field orig_tn
Definition: attestation.h:29
attestation_cfg_common::raw_key
unsigned char * raw_key
Definition: common_config.h:300
attestation_cfg_common::raw_key_length
size_t raw_key_length
Definition: common_config.h:301
attestation_cfg_common::public_cert_url
const ast_string_field public_cert_url
Definition: common_config.h:296

References tn_cfg::acfg_common, ast_asprintf, ast_std_free(), AST_STIR_SHAKEN_AS_INTERNAL_ERROR, AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS, AST_STIR_SHAKEN_AS_SIGN_ENCODE_FAILURE, AST_STIR_SHAKEN_AS_SUCCESS, AST_STIR_SHAKEN_VS_INTERNAL_ERROR, ast_stir_shaken_as_ctx::dest_tn, ast_stir_shaken_as_ctx::etn, LOG_ERROR, NULL, ast_stir_shaken_as_ctx::orig_tn, pack_payload(), attestation_cfg_common::public_cert_url, RAII_VAR, attestation_cfg_common::raw_key, attestation_cfg_common::raw_key_length, SCOPE_ENTER, SCOPE_EXIT_LOG_RTN_VALUE, SCOPE_EXIT_RTN_VALUE, STIR_SHAKEN_ENCRYPTION_ALGORITHM, STIR_SHAKEN_PPT, STIR_SHAKEN_TYPE, and ast_stir_shaken_as_ctx::tag.

Referenced by stir_shaken_outgoing_request().

◆ ast_stir_shaken_vs_ctx_add_date_hdr()

enum ast_stir_shaken_vs_response_code ast_stir_shaken_vs_ctx_add_date_hdr ( struct ast_stir_shaken_vs_ctx ctx,
const char *  date_hdr 
)

Add the received Date header value to the VS context.

Parameters
ctxVS context
date_hdrDate header value
Return values
AST_STIR_SHAKEN_VS_SUCCESSif successful
OtherAST_STIR_SHAKEN_VS errors.

Definition at line 613 of file verification.c.

615{
616 return ast_string_field_set(ctx, date_hdr, date_hdr) == 0 ?
617 AST_STIR_SHAKEN_VS_SUCCESS : AST_STIR_SHAKEN_VS_INTERNAL_ERROR;
618}

References AST_STIR_SHAKEN_VS_INTERNAL_ERROR, AST_STIR_SHAKEN_VS_SUCCESS, and ast_string_field_set.

Referenced by stir_shaken_incoming_request().

◆ ast_stir_shaken_vs_ctx_add_identity_hdr()

enum ast_stir_shaken_vs_response_code ast_stir_shaken_vs_ctx_add_identity_hdr ( struct ast_stir_shaken_vs_ctx ctx,
const char *  identity_hdr 
)

Add the received Identity header value to the VS context.

Parameters
ctxVS context
identity_hdrIdentity header value
Return values
AST_STIR_SHAKEN_VS_SUCCESSif successful
OtherAST_STIR_SHAKEN_VS errors.

Definition at line 605 of file verification.c.

607{
608 return ast_string_field_set(ctx, identity_hdr, identity_hdr) == 0 ?
609 AST_STIR_SHAKEN_VS_SUCCESS : AST_STIR_SHAKEN_VS_INTERNAL_ERROR;
610}

References AST_STIR_SHAKEN_VS_INTERNAL_ERROR, AST_STIR_SHAKEN_VS_SUCCESS, and ast_string_field_set.

Referenced by stir_shaken_incoming_request().

◆ ast_stir_shaken_vs_ctx_create()

enum ast_stir_shaken_vs_response_code ast_stir_shaken_vs_ctx_create ( const char *  caller_id,
struct ast_channel chan,
const char *  profile_name,
const char *  tag,
struct ast_stir_shaken_vs_ctx **  ctxout 
)

Create Verification Service context.

Parameters
caller_idIncoming caller id
chanIncoming channel
profile_nameThe profile name on the endpoint May be NULL.
endpoint_behaviorBehavior associated to the specific endpoint
tagIdentifying string to output in log and trace messages.
ctxoutReceives a pointer to the newly created context The caller must release with ao2_ref or ao2_cleanup.
Return values
AST_STIR_SHAKEN_VS_SUCCESSif successful.
AST_STIR_SHAKEN_VS_DISABLEDif verification is disabled by the endpoint itself, the profile or globally.
OtherAST_STIR_SHAKEN_VS errors.

Definition at line 657 of file verification.c.

660{
661 RAII_VAR(struct ast_stir_shaken_vs_ctx *, ctx, NULL, ao2_cleanup);
662 RAII_VAR(struct profile_cfg *, profile, NULL, ao2_cleanup);
663 RAII_VAR(struct verification_cfg *, vs, NULL, ao2_cleanup);
664 RAII_VAR(char *, canon_caller_id , canonicalize_tn_alloc(caller_id), ast_free);
665
666 const char *t = S_OR(tag, S_COR(chan, ast_channel_name(chan), ""));
667 SCOPE_ENTER(3, "%s: Enter\n", t);
668
669 vs = vs_get_cfg();
670 if (vs->global_disable) {
671 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_DISABLED,
672 "%s: Globally disabled\n", t);
673 }
674
675 if (ast_strlen_zero(profile_name)) {
676 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_DISABLED,
677 "%s: Disabled due to missing profile name\n", t);
678 }
679
680 profile = eprofile_get_cfg(profile_name);
681 if (!profile) {
682 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_VS_DISABLED,
683 LOG_ERROR, "%s: No profile for profile name '%s'. Call will continue\n", tag,
684 profile_name);
685 }
686
687 if (!PROFILE_ALLOW_VERIFY(profile)) {
688 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_DISABLED,
689 "%s: Disabled by profile '%s'\n", t, profile_name);
690 }
691
692 if (ast_strlen_zero(tag)) {
693 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_VS_INVALID_ARGUMENTS,
694 LOG_ERROR, "%s: Must provide tag\n", t);
695 }
696
697 ctx = ao2_alloc_options(sizeof(*ctx), ctx_destructor,
698 AO2_ALLOC_OPT_LOCK_NOLOCK);
699 if (!ctx) {
700 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_INTERNAL_ERROR);
701 }
702 if (ast_string_field_init(ctx, 1024) != 0) {
703 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_INTERNAL_ERROR);
704 }
705
706 if (ast_string_field_set(ctx, tag, tag) != 0) {
707 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_INTERNAL_ERROR);
708 }
709
710 ctx->chan = chan;
711 if (ast_string_field_set(ctx, caller_id, canon_caller_id) != 0) {
712 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_INTERNAL_ERROR);
713 }
714
715 /* Transfer references to ctx */
716 ctx->eprofile = profile;
717 profile = NULL;
718
719 ao2_ref(ctx, +1);
720 *ctxout = ctx;
721 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_SUCCESS, "%s: Done\n", t);
722}
ao2_ref
#define ao2_ref(o, delta)
Reference/unreference an object and return the old refcount.
Definition: astobj2.h:459
vs_get_cfg
struct verification_cfg * vs_get_cfg(void)
Definition: verification_config.c:54
PROFILE_ALLOW_VERIFY
#define PROFILE_ALLOW_VERIFY(__profile)
Definition: common_config.h:445
ast_stir_shaken_vs_ctx
Definition: verification.h:24
verification_cfg
Definition: common_config.h:395
ctx_destructor
static void ctx_destructor(void *obj)
Definition: verification.c:646

References AO2_ALLOC_OPT_LOCK_NOLOCK, ao2_alloc_options, ao2_cleanup, ao2_ref, ast_channel_name(), ast_free, AST_STIR_SHAKEN_VS_DISABLED, AST_STIR_SHAKEN_VS_INTERNAL_ERROR, AST_STIR_SHAKEN_VS_INVALID_ARGUMENTS, AST_STIR_SHAKEN_VS_SUCCESS, ast_string_field_init, ast_string_field_set, ast_strlen_zero(), ast_stir_shaken_vs_ctx::caller_id, canonicalize_tn_alloc(), ast_stir_shaken_vs_ctx::chan, ctx_destructor(), eprofile_get_cfg(), LOG_ERROR, NULL, PROFILE_ALLOW_VERIFY, RAII_VAR, S_COR, S_OR, SCOPE_ENTER, SCOPE_EXIT_LOG_RTN_VALUE, SCOPE_EXIT_RTN_VALUE, ast_stir_shaken_vs_ctx::tag, and vs_get_cfg().

Referenced by stir_shaken_incoming_request().

◆ ast_stir_shaken_vs_ctx_set_response_code()

void ast_stir_shaken_vs_ctx_set_response_code ( struct ast_stir_shaken_vs_ctx ctx,
enum ast_stir_shaken_vs_response_code  vs_rc 
)

Sets response code on VS context.

Parameters
ctxVS context
vs_rcast_stir_shaken_vs_response_code to set

Definition at line 639 of file verification.c.

642{
643 ctx->failure_reason = vs_rc;
644}

References ast_stir_shaken_vs_ctx::failure_reason.

Referenced by process_failure().

◆ ast_stir_shaken_vs_get_caller_id()

const char * ast_stir_shaken_vs_get_caller_id ( struct ast_stir_shaken_vs_ctx ctx)

Get caller_id from context.

Parameters
ctxVS context
Return values
CallerID or NULL

Definition at line 633 of file verification.c.

635{
636 return ctx->caller_id;
637}
ast_stir_shaken_vs_ctx::caller_id
const ast_string_field caller_id
Definition: verification.h:39

References ast_stir_shaken_vs_ctx::caller_id.

Referenced by stir_shaken_incoming_request().

◆ ast_stir_shaken_vs_get_failure_action()

enum stir_shaken_failure_action_enum ast_stir_shaken_vs_get_failure_action ( struct ast_stir_shaken_vs_ctx ctx)

Get failure_action from context.

Parameters
ctxVS context
Return values
ast_stir_shaken_failure_action

Definition at line 621 of file verification.c.

623{
624 return ctx->eprofile->vcfg_common.stir_shaken_failure_action;
625}
ast_stir_shaken_vs_ctx::eprofile
struct profile_cfg * eprofile
Definition: verification.h:40
profile_cfg::vcfg_common
struct verification_cfg_common vcfg_common
Definition: common_config.h:427
verification_cfg_common::stir_shaken_failure_action
enum stir_shaken_failure_action_enum stir_shaken_failure_action
Definition: common_config.h:360

References ast_stir_shaken_vs_ctx::eprofile, verification_cfg_common::stir_shaken_failure_action, and profile_cfg::vcfg_common.

Referenced by process_failure().

◆ ast_stir_shaken_vs_get_use_rfc9410_responses()

int ast_stir_shaken_vs_get_use_rfc9410_responses ( struct ast_stir_shaken_vs_ctx ctx)

Get use_rfc9410_responses from context.

Parameters
ctxVS context
Return values
1if true
0if false

Definition at line 627 of file verification.c.

629{
630 return ctx->eprofile->vcfg_common.use_rfc9410_responses;
631}
verification_cfg_common::use_rfc9410_responses
enum use_rfc9410_responses_enum use_rfc9410_responses
Definition: common_config.h:362

References ast_stir_shaken_vs_ctx::eprofile, verification_cfg_common::use_rfc9410_responses, and profile_cfg::vcfg_common.

Referenced by process_failure().

◆ ast_stir_shaken_vs_verify()

enum ast_stir_shaken_vs_response_code ast_stir_shaken_vs_verify ( struct ast_stir_shaken_vs_ctx ctx)

Perform incoming call verification.

Parameters
ctxVS context
Return values
AST_STIR_SHAKEN_AS_SUCCESSif successful
OtherAST_STIR_SHAKEN_AS errors.

Definition at line 884 of file verification.c.

885{
886 RAII_VAR(char *, jwt_encoded, NULL, ast_free);
887 RAII_VAR(jwt_t *, jwt, NULL, jwt_free);
888 RAII_VAR(struct ast_json *, grants, NULL, ast_json_unref);
889 char *p = NULL;
890 char *grants_str = NULL;
891 const char *x5u;
892 const char *ppt_header = NULL;
893 const char *grant = NULL;
894 time_t now_s = time(NULL);
895 time_t iat;
896 struct ast_json *grant_obj = NULL;
897 int len;
898 int rc;
899 enum ast_stir_shaken_vs_response_code vs_rc;
900 SCOPE_ENTER(3, "%s: Verifying\n", ctx ? ctx->tag : "NULL");
901
902 if (!ctx) {
903 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_VS_INTERNAL_ERROR, LOG_ERROR,
904 "%s: No context object!\n", "NULL");
905 }
906
907 if (ast_strlen_zero(ctx->identity_hdr)) {
908 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_VS_INTERNAL_ERROR, LOG_ERROR,
909 "%s: No identity header in ctx\n", ctx->tag);
910 }
911
912 p = strchr(ctx->identity_hdr, ';');
913 len = p - ctx->identity_hdr + 1;
914 jwt_encoded = ast_malloc(len);
915 if (!jwt_encoded) {
916 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_VS_INTERNAL_ERROR, LOG_ERROR,
917 "%s: Failed to allocate memory for encoded jwt\n", ctx->tag);
918 }
919
920 memcpy(jwt_encoded, ctx->identity_hdr, len);
921 jwt_encoded[len - 1] = '\0';
922
923 jwt_decode(&jwt, jwt_encoded, NULL, 0);
924
925 ppt_header = jwt_get_header(jwt, "ppt");
926 if (!ppt_header || strcmp(ppt_header, STIR_SHAKEN_PPT)) {
927 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_INVALID_OR_NO_PPT, "%s: %s\n",
928 ctx->tag, vs_response_code_to_str(AST_STIR_SHAKEN_VS_INVALID_OR_NO_PPT));
929 }
930
931 vs_rc = check_date_header(ctx);
932 if (vs_rc != AST_STIR_SHAKEN_VS_SUCCESS) {
933 SCOPE_EXIT_LOG_RTN_VALUE(vs_rc, LOG_ERROR,
934 "%s: Date header verification failed\n", ctx->tag);
935 }
936
937 x5u = jwt_get_header(jwt, "x5u");
938 if (ast_strlen_zero(x5u)) {
939 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_VS_INVALID_OR_NO_X5U, LOG_ERROR,
940 "%s: No x5u in Identity header\n", ctx->tag);
941 }
942
943 rc = check_x5u_url(ctx, x5u);
944 if (rc != AST_STIR_SHAKEN_VS_SUCCESS) {
945 SCOPE_EXIT_RTN_VALUE(vs_rc,
946 "%s: x5u URL verification failed\n", ctx->tag);
947 }
948
949 ast_trace(3, "%s: Decoded enough to get x5u: '%s'\n", ctx->tag, x5u);
950 if (ast_string_field_set(ctx, public_url, x5u) != 0) {
951 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_VS_INTERNAL_ERROR, LOG_ERROR,
952 "%s: Failed to set public_url '%s'\n", ctx->tag, x5u);
953 }
954
955 iat = jwt_get_grant_int(jwt, "iat");
956 if (iat == 0) {
957 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_VS_NO_IAT, LOG_ERROR,
958 "%s: No 'iat' in Identity header\n", ctx->tag);
959 }
960 ast_trace(1, "date_hdr: %zu iat: %zu diff: %zu\n",
961 ctx->date_hdr_time, iat, ctx->date_hdr_time - iat);
962 if (iat + ctx->eprofile->vcfg_common.max_iat_age < now_s) {
963 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_IAT_EXPIRED,
964 "%s: iat %ld older than %u seconds\n", ctx->tag,
965 iat, ctx->eprofile->vcfg_common.max_iat_age);
966 }
967 ctx->validity_check_time = iat;
968
969 vs_rc = ctx_populate(ctx);
970 if (vs_rc != AST_STIR_SHAKEN_VS_SUCCESS) {
971 SCOPE_EXIT_LOG_RTN_VALUE(vs_rc, LOG_ERROR,
972 "%s: Unable to populate ctx\n", ctx->tag);
973 }
974
975 vs_rc = retrieve_verification_cert(ctx);
976 if (vs_rc != AST_STIR_SHAKEN_VS_SUCCESS) {
977 SCOPE_EXIT_LOG_RTN_VALUE(vs_rc, LOG_ERROR,
978 "%s: Could not get valid cert from '%s'\n", ctx->tag, ctx->public_url);
979 }
980
981 jwt_free(jwt);
982 jwt = NULL;
983
984 rc = jwt_decode(&jwt, jwt_encoded, ctx->raw_key, ctx->raw_key_len);
985 if (rc != 0) {
986 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_VS_SIGNATURE_VALIDATION,
987 LOG_ERROR, "%s: Signature validation failed for '%s'\n",
988 ctx->tag, ctx->public_url);
989 }
990
991 ast_trace(1, "%s: Decoding succeeded\n", ctx->tag);
992
993 ppt_header = jwt_get_header(jwt, "alg");
994 if (!ppt_header || strcmp(ppt_header, STIR_SHAKEN_ENCRYPTION_ALGORITHM)) {
995 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_INVALID_OR_NO_ALG,
996 "%s: %s\n", ctx->tag,
997 vs_response_code_to_str(AST_STIR_SHAKEN_VS_INVALID_OR_NO_ALG));
998 }
999
1000 ppt_header = jwt_get_header(jwt, "ppt");
1001 if (!ppt_header || strcmp(ppt_header, STIR_SHAKEN_PPT)) {
1002 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_INVALID_OR_NO_PPT,
1003 "%s: %s\n", ctx->tag,
1004 vs_response_code_to_str(AST_STIR_SHAKEN_VS_INVALID_OR_NO_PPT));
1005 }
1006
1007 ppt_header = jwt_get_header(jwt, "typ");
1008 if (!ppt_header || strcmp(ppt_header, STIR_SHAKEN_TYPE)) {
1009 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_INVALID_OR_NO_TYP,
1010 "%s: %s\n", ctx->tag,
1011 vs_response_code_to_str(AST_STIR_SHAKEN_VS_INVALID_OR_NO_TYP));
1012 }
1013
1014 grants_str = jwt_get_grants_json(jwt, NULL);
1015 if (ast_strlen_zero(grants_str)) {
1016 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_INVALID_OR_NO_GRANTS,
1017 "%s: %s\n", ctx->tag,
1018 vs_response_code_to_str(AST_STIR_SHAKEN_VS_INVALID_OR_NO_GRANTS));
1019 }
1020 ast_trace(1, "grants: %s\n", grants_str);
1021 grants = ast_json_load_string(grants_str, NULL);
1022 ast_std_free(grants_str);
1023 if (!grants) {
1024 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_INVALID_OR_NO_GRANTS,
1025 "%s: %s\n", ctx->tag,
1026 vs_response_code_to_str(AST_STIR_SHAKEN_VS_INVALID_OR_NO_GRANTS));
1027 }
1028
1029 grant = ast_json_object_string_get(grants, "attest");
1030 if (ast_strlen_zero(grant)) {
1031 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_INVALID_OR_NO_ATTEST,
1032 "%s: No 'attest' in Identity header\n", ctx->tag);
1033 }
1034 if (grant[0] < 'A' || grant[0] > 'C') {
1035 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_INVALID_OR_NO_ATTEST,
1036 "%s: Invalid attest value '%s'\n", ctx->tag, grant);
1037 }
1038 ast_string_field_set(ctx, attestation, grant);
1039 ast_trace(1, "got attest: %s\n", grant);
1040
1041 grant_obj = ast_json_object_get(grants, "dest");
1042 if (!grant_obj) {
1043 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_NO_DEST_TN,
1044 "%s: No 'dest' in Identity header\n", ctx->tag);
1045 }
1046 if (TRACE_ATLEAST(3)) {
1047 char *otn = ast_json_dump_string(grant_obj);
1048 ast_trace(1, "got dest: %s\n", otn);
1049 ast_json_free(otn);
1050 }
1051
1052 grant_obj = ast_json_object_get(grants, "orig");
1053 if (!grant_obj) {
1054 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_NO_ORIG_TN,
1055 "%s: No 'orig' in Identity header\n", ctx->tag);
1056 }
1057 if (TRACE_ATLEAST(3)) {
1058 char *otn = ast_json_dump_string(grant_obj);
1059 ast_trace(1, "got orig: %s\n", otn);
1060 ast_json_free(otn);
1061 }
1062 grant = ast_json_object_string_get(grant_obj, "tn");
1063 if (!grant) {
1064 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_NO_ORIG_TN,
1065 "%s: No 'orig.tn' in Indentity header\n", ctx->tag);
1066 }
1067 ast_string_field_set(ctx, orig_tn, grant);
1068 if (strcmp(ctx->caller_id, ctx->orig_tn) != 0) {
1069 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_CID_ORIG_TN_MISMATCH,
1070 "%s: Mismatched cid '%s' and orig_tn '%s'\n", ctx->tag,
1071 ctx->caller_id, grant);
1072 }
1073
1074 grant = ast_json_object_string_get(grants, "origid");
1075 if (ast_strlen_zero(grant)) {
1076 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_NO_ORIGID,
1077 "%s: No 'origid' in Identity header\n", ctx->tag);
1078 }
1079
1080 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_SUCCESS,
1081 "%s: verification succeeded\n", ctx->tag);
1082}
ast_malloc
#define ast_malloc(len)
A wrapper for malloc()
Definition: astmm.h:191
len
static int len(struct ast_channel *chan, const char *cmd, char *data, char *buf, size_t buflen)
Definition: func_strings.c:1669
TRACE_ATLEAST
#define TRACE_ATLEAST(level)
Definition: include/asterisk/logger.h:682
ast_trace
#define ast_trace(level,...)
Definition: include/asterisk/logger.h:997
ast_json_object_string_get
#define ast_json_object_string_get(object, key)
Get a string field from a JSON object.
Definition: json.h:600
ast_json_unref
void ast_json_unref(struct ast_json *value)
Decrease refcount on value. If refcount reaches zero, value is freed.
Definition: json.c:73
ast_json_free
void ast_json_free(void *p)
Asterisk's custom JSON allocator. Exposed for use by unit tests.
Definition: json.c:52
ast_json_dump_string
#define ast_json_dump_string(root)
Encode a JSON value to a compact string.
Definition: json.h:810
ast_json_load_string
struct ast_json * ast_json_load_string(const char *input, struct ast_json_error *error)
Parse null terminated string into a JSON object or array.
Definition: json.c:567
ast_json_object_get
struct ast_json * ast_json_object_get(struct ast_json *object, const char *key)
Get a field from a JSON object.
Definition: json.c:407
ast_stir_shaken_vs_response_code
ast_stir_shaken_vs_response_code
Definition: res_stir_shaken.h:23
ast_json
Abstract JSON element (object, array, string, int, ...).
ast_stir_shaken_vs_ctx::public_url
const ast_string_field public_url
Definition: verification.h:39
ast_stir_shaken_vs_ctx::orig_tn
const ast_string_field orig_tn
Definition: verification.h:39
ast_stir_shaken_vs_ctx::raw_key
unsigned char * raw_key
Definition: verification.h:45
ast_stir_shaken_vs_ctx::tag
const ast_string_field tag
Definition: verification.h:39
ast_stir_shaken_vs_ctx::raw_key_len
long raw_key_len
Definition: verification.h:44
ast_stir_shaken_vs_ctx::validity_check_time
time_t validity_check_time
Definition: verification.h:43
ast_stir_shaken_vs_ctx::date_hdr_time
time_t date_hdr_time
Definition: verification.h:42
verification_cfg_common::max_iat_age
unsigned int max_iat_age
Definition: common_config.h:356
check_x5u_url
static int check_x5u_url(struct ast_stir_shaken_vs_ctx *ctx, const char *x5u)
Definition: verification.c:826
vs_response_code_to_str
const char * vs_response_code_to_str(enum ast_stir_shaken_vs_response_code vs_rc)
Return string version of VS response code.
Definition: verification.c:90
retrieve_verification_cert
static enum ast_stir_shaken_vs_response_code retrieve_verification_cert(struct ast_stir_shaken_vs_ctx *ctx)
Definition: verification.c:576
check_date_header
static enum ast_stir_shaken_vs_response_code check_date_header(struct ast_stir_shaken_vs_ctx *ctx)
Definition: verification.c:724
ctx_populate
static enum ast_stir_shaken_vs_response_code ctx_populate(struct ast_stir_shaken_vs_ctx *ctx)
Definition: verification.c:548

References ast_free, ast_json_dump_string, ast_json_free(), ast_json_load_string(), ast_json_object_get(), ast_json_object_string_get, ast_json_unref(), ast_malloc, ast_std_free(), AST_STIR_SHAKEN_VS_CID_ORIG_TN_MISMATCH, AST_STIR_SHAKEN_VS_IAT_EXPIRED, AST_STIR_SHAKEN_VS_INTERNAL_ERROR, AST_STIR_SHAKEN_VS_INVALID_OR_NO_ALG, AST_STIR_SHAKEN_VS_INVALID_OR_NO_ATTEST, AST_STIR_SHAKEN_VS_INVALID_OR_NO_GRANTS, AST_STIR_SHAKEN_VS_INVALID_OR_NO_PPT, AST_STIR_SHAKEN_VS_INVALID_OR_NO_TYP, AST_STIR_SHAKEN_VS_INVALID_OR_NO_X5U, AST_STIR_SHAKEN_VS_NO_DEST_TN, AST_STIR_SHAKEN_VS_NO_IAT, AST_STIR_SHAKEN_VS_NO_ORIG_TN, AST_STIR_SHAKEN_VS_NO_ORIGID, AST_STIR_SHAKEN_VS_SIGNATURE_VALIDATION, AST_STIR_SHAKEN_VS_SUCCESS, ast_string_field_set, ast_strlen_zero(), ast_trace, ast_stir_shaken_vs_ctx::caller_id, check_date_header(), check_x5u_url(), ctx_populate(), ast_stir_shaken_vs_ctx::date_hdr_time, ast_stir_shaken_vs_ctx::eprofile, ast_stir_shaken_vs_ctx::identity_hdr, len(), LOG_ERROR, verification_cfg_common::max_iat_age, NULL, ast_stir_shaken_vs_ctx::orig_tn, ast_stir_shaken_vs_ctx::public_url, RAII_VAR, ast_stir_shaken_vs_ctx::raw_key, ast_stir_shaken_vs_ctx::raw_key_len, retrieve_verification_cert(), SCOPE_ENTER, SCOPE_EXIT_LOG_RTN_VALUE, SCOPE_EXIT_RTN_VALUE, STIR_SHAKEN_ENCRYPTION_ALGORITHM, STIR_SHAKEN_PPT, STIR_SHAKEN_TYPE, ast_stir_shaken_vs_ctx::tag, TRACE_ATLEAST, ast_stir_shaken_vs_ctx::validity_check_time, profile_cfg::vcfg_common, and vs_response_code_to_str().

Referenced by stir_shaken_incoming_request().

Generated on Wed May 7 2025 20:04:36 for Asterisk - The Open Source Telephony Project by doxygen 1.9.4