d8/d4c/attestation__config_8c_source.html

/*

 * Asterisk -- An open source telephony toolkit.

 *

 * Copyright (C) 2023, Sangoma Technologies Corporation

 *

 * George Joseph <gjoseph@digium.com>

 *

 * See http://www.asterisk.org for more information about

 * the Asterisk project. Please do not directly contact

 * any of the maintainers of this project for assistance;

 * the project provides a web site, mailing lists and IRC

 * channels for your use.

 *

 * This program is free software, distributed under the terms of

 * the GNU General Public License Version 2. See the LICENSE file

 * at the top of the source tree.

 */


#define _TRACE_PREFIX_ "ac",__LINE__, ""


#include "asterisk.h"


#include "asterisk/cli.h"

#include "asterisk/logger.h"

#include "asterisk/sorcery.h"

#include "asterisk/paths.h"


#include "stir_shaken.h"


#define CONFIG_TYPE "attestation"


#define DEFAULT_global_disable 0


#define DEFAULT_check_tn_cert_public_url check_tn_cert_public_url_NO

#define DEFAULT_private_key_file NULL

#define DEFAULT_public_cert_url NULL

#define DEFAULT_attest_level attest_level_NOT_SET

#define DEFAULT_unknown_tn_attest_level attest_level_NOT_SET

#define DEFAULT_send_mky send_mky_NO


static struct attestation_cfg *empty_cfg = NULL;


struct attestation_cfg *as_get_cfg(void)

{

    struct attestation_cfg *cfg = ast_sorcery_retrieve_by_id(get_sorcery(),

        CONFIG_TYPE, CONFIG_TYPE);

    if (cfg) {

        return cfg;

    }


    return empty_cfg ? ao2_bump(empty_cfg) : NULL;

}


int as_is_config_loaded(void)

{

    struct attestation_cfg *cfg = ast_sorcery_retrieve_by_id(get_sorcery(),

        CONFIG_TYPE, CONFIG_TYPE);

    ao2_cleanup(cfg);


    return !!cfg;

}


generate_acfg_common_sorcery_handlers(attestation_cfg);


generate_sorcery_enum_from_str_ex(attestation_cfg,,unknown_tn_attest_level, attest_level, UNKNOWN);

generate_sorcery_enum_to_str_ex(attestation_cfg,,unknown_tn_attest_level, attest_level);


void acfg_cleanup(struct attestation_cfg_common *acfg_common)

{

    if (!acfg_common) {

        return;

    }

    ast_string_field_free_memory(acfg_common);

    ao2_cleanup(acfg_common->raw_key);

}


static void attestation_destructor(void *obj)

{

    struct attestation_cfg *cfg = obj;


    ast_string_field_free_memory(cfg);

    acfg_cleanup(&cfg->acfg_common);

}


static void *attestation_alloc(const char *name)

{

    struct attestation_cfg *cfg;


    cfg = ast_sorcery_generic_alloc(sizeof(*cfg), attestation_destructor);

    if (!cfg) {

        return NULL;

    }


    if (ast_string_field_init(cfg, 1024)) {

        ao2_ref(cfg, -1);

        return NULL;

    }


    /*

     * The memory for acfg_common actually comes from cfg

     * due to the weirdness of the STRFLDSET macro used with

     * sorcery.  We just use a token amount of memory in

     * this call so the initialize doesn't fail.

     */

    if (ast_string_field_init(&cfg->acfg_common, 8)) {

        ao2_ref(cfg, -1);

        return NULL;

    }


    return cfg;

}


int as_copy_cfg_common(const char *id, struct attestation_cfg_common *cfg_dst,

    struct attestation_cfg_common *cfg_src)

{

    int rc = 0;


    if (!cfg_dst || !cfg_src) {

        return -1;

    }


    cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, private_key_file);

    cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, public_cert_url);


    cfg_enum_copy(cfg_dst, cfg_src, attest_level);

    cfg_enum_copy(cfg_dst, cfg_src, check_tn_cert_public_url);

    cfg_enum_copy(cfg_dst, cfg_src, send_mky);


    if (cfg_src->raw_key) {

        /* Free and overwrite the destination */

        ao2_cleanup(cfg_dst->raw_key);

        cfg_dst->raw_key = ao2_bump(cfg_src->raw_key);

        cfg_dst->raw_key_length = cfg_src->raw_key_length;

    }


    return rc;

}


int as_check_common_config(const char *id, struct attestation_cfg_common *acfg_common)

{

    SCOPE_ENTER(3, "%s: Checking common config\n", id);


    if (!ast_strlen_zero(acfg_common->private_key_file)

        && !ast_file_is_readable(acfg_common->private_key_file)) {

        SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: default_private_key_path %s is missing or not readable\n", id,

            acfg_common->private_key_file);

    }


    if (ENUM_BOOL(acfg_common->check_tn_cert_public_url,

        check_tn_cert_public_url)

        && !ast_strlen_zero(acfg_common->public_cert_url)) {

        RAII_VAR(char *, public_cert_data, NULL, ast_std_free);

        X509 *public_cert;

        size_t public_cert_len;

        int rc = 0;

        long http_code;

        SCOPE_ENTER(3 , "%s: Checking public cert url '%s'\n",

            id, acfg_common->public_cert_url);


        http_code = curl_download_to_memory(acfg_common->public_cert_url,

            &public_cert_len, &public_cert_data, NULL);

        if (http_code / 100 != 2) {

            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: public_cert '%s' could not be downloaded\n", id,

                acfg_common->public_cert_url);

        }


        public_cert = crypto_load_cert_chain_from_memory(public_cert_data,

            public_cert_len, NULL);

        if (!public_cert) {

            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: public_cert '%s' could not be parsed as a certificate\n", id,

                acfg_common->public_cert_url);

        }

        rc = crypto_is_cert_time_valid(public_cert, 0);

        X509_free(public_cert);

        if (!rc) {

            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: public_cert '%s' is not valid yet or has expired\n", id,

                acfg_common->public_cert_url);

        }


        rc = crypto_has_private_key_from_memory(public_cert_data, public_cert_len);

        if (rc) {

            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: DANGER!!! public_cert_url '%s' has a private key in the file!!!\n", id,

                acfg_common->public_cert_url);

        }

        SCOPE_EXIT("%s: Done\n", id);

    }


    if (!ast_strlen_zero(acfg_common->private_key_file)) {

        EVP_PKEY *private_key;

        RAII_VAR(unsigned char *, raw_key, NULL, ast_free);


        private_key = crypto_load_privkey_from_file(acfg_common->private_key_file);

        if (!private_key) {

            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: Could not extract raw private key from file '%s'\n", id,

                acfg_common->private_key_file);

        }


        acfg_common->raw_key_length = crypto_extract_raw_privkey(private_key, &raw_key);

        EVP_PKEY_free(private_key);

        if (acfg_common->raw_key_length == 0 || raw_key == NULL) {

            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: Could not extract raw private key from file '%s'\n", id,

                acfg_common->private_key_file);

        }


        /*

         * We're making this an ao2 object so it can be referenced

         * by a profile instead of having to copy it.

         */

        acfg_common->raw_key = ao2_alloc(acfg_common->raw_key_length, NULL);

        if (!acfg_common->raw_key) {

            SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,

                "%s: Could not allocate memory for raw private key\n", id);

        }

        memcpy(acfg_common->raw_key, raw_key, acfg_common->raw_key_length);


    }


    SCOPE_EXIT_RTN_VALUE(0, "%s: Done\n", id);

}


static int attestation_apply(const struct ast_sorcery *sorcery, void *obj)

{

    struct attestation_cfg *cfg = obj;

    const char *id = ast_sorcery_object_get_id(cfg);


    if (as_check_common_config(id, &cfg->acfg_common) != 0) {

        return -1;

    }


    return 0;

}


static char *attestation_show(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)

{

    struct attestation_cfg *cfg;

    struct config_object_cli_data data = {

        .title = "Default Attestation",

        .object_type = config_object_type_attestation,

    };


    switch(cmd) {

    case CLI_INIT:

        e->command = "stir_shaken show attestation";

        e->usage =

            "Usage: stir_shaken show attestation\n"

            "       Show the stir/shaken attestation settings\n";

        return NULL;

    case CLI_GENERATE:

        return NULL;

    }


    if (a->argc != 3) {

        return CLI_SHOWUSAGE;

    }


    if (!as_is_config_loaded()) {

        ast_log(LOG_WARNING,"Stir/Shaken attestation service disabled.  Either there were errors in the 'attestation' object in stir_shaken.conf or it was missing altogether.\n");

        return CLI_FAILURE;

    }


    cfg = as_get_cfg();

    config_object_cli_show(cfg, a, &data, 0);

    ao2_cleanup(cfg);


    return CLI_SUCCESS;

}


static struct ast_cli_entry attestation_cli[] = {

    AST_CLI_DEFINE(attestation_show, "Show stir/shaken attestation configuration"),

};


int as_config_reload(void)

{

    struct ast_sorcery *sorcery = get_sorcery();

    ast_sorcery_force_reload_object(sorcery, CONFIG_TYPE);


    if (!as_is_config_loaded()) {

        ast_log(LOG_WARNING,"Stir/Shaken attestation service disabled.  Either there were errors in the 'attestation' object in stir_shaken.conf or it was missing altogether.\n");

    }

    if (!empty_cfg) {

        empty_cfg = attestation_alloc(CONFIG_TYPE);

        if (!empty_cfg) {

            return -1;

        }

        empty_cfg->global_disable = 1;

    }


    return 0;

}


int as_config_unload(void)

{

    ast_cli_unregister_multiple(attestation_cli,

        ARRAY_LEN(attestation_cli));

    ao2_cleanup(empty_cfg);


    return 0;

}


int as_config_load(void)

{

    struct ast_sorcery *sorcery = get_sorcery();


    ast_sorcery_apply_default(sorcery, CONFIG_TYPE, "config",

        "stir_shaken.conf,criteria=type=" CONFIG_TYPE ",single_object=yes,explicit_name=" CONFIG_TYPE);


    if (ast_sorcery_object_register(sorcery, CONFIG_TYPE, attestation_alloc,

            NULL, attestation_apply)) {

        ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);

        return -1;

    }


    ast_sorcery_object_field_register_nodoc(sorcery, CONFIG_TYPE, "type",

        "", OPT_NOOP_T, 0, 0);


    ast_sorcery_object_field_register(sorcery, CONFIG_TYPE, "global_disable",

        DEFAULT_global_disable ? "yes" : "no",

        OPT_YESNO_T, 1, FLDSET(struct attestation_cfg, global_disable));


    enum_option_register_ex(sorcery, CONFIG_TYPE, unknown_tn_attest_level,

        unknown_tn_attest_level, attest_level,);


    register_common_attestation_fields(sorcery, attestation_cfg, CONFIG_TYPE,);


    ast_sorcery_load_object(sorcery, CONFIG_TYPE);


    if (!as_is_config_loaded()) {

        ast_log(LOG_WARNING,"Stir/Shaken attestation service disabled.  Either there were errors in the 'attestation' object in stir_shaken.conf or it was missing altogether.\n");

    }

    if (!empty_cfg) {

        empty_cfg = attestation_alloc(CONFIG_TYPE);

        if (!empty_cfg) {

            return -1;

        }

        empty_cfg->global_disable = 1;

    }


    ast_cli_register_multiple(attestation_cli,

        ARRAY_LEN(attestation_cli));


    return 0;

}


ast_cli_unregister_multiple
void ast_cli_unregister_multiple(void)
Definition ael_main.c:408

asterisk.h
Asterisk main include file. File version handling, generic pbx functions.

ast_std_free
void ast_std_free(void *ptr)
Definition astmm.c:1734

ast_free
#define ast_free(a)
Definition astmm.h:180

ast_log
#define ast_log
Definition astobj2.c:42

ao2_cleanup
#define ao2_cleanup(obj)
Definition astobj2.h:1934

ao2_ref
#define ao2_ref(o, delta)
Reference/unreference an object and return the old refcount.
Definition astobj2.h:459

ao2_bump
#define ao2_bump(obj)
Bump refcount on an AO2 object by one, returning the object.
Definition astobj2.h:480

ao2_alloc
#define ao2_alloc(data_size, destructor_fn)
Definition astobj2.h:409

as_config_unload
int as_config_unload(void)
Definition attestation_config.c:291

as_config_reload
int as_config_reload(void)
Definition attestation_config.c:272

attestation_cli
static struct ast_cli_entry attestation_cli[]
Definition attestation_config.c:268

as_get_cfg
struct attestation_cfg * as_get_cfg(void)
Definition attestation_config.c:43

empty_cfg
static struct attestation_cfg * empty_cfg
Definition attestation_config.c:41

attestation_destructor
static void attestation_destructor(void *obj)
Definition attestation_config.c:77

as_check_common_config
int as_check_common_config(const char *id, struct attestation_cfg_common *acfg_common)
Definition attestation_config.c:139

acfg_cleanup
void acfg_cleanup(struct attestation_cfg_common *acfg_common)
Definition attestation_config.c:68

as_config_load
int as_config_load(void)
Definition attestation_config.c:300

DEFAULT_global_disable
#define DEFAULT_global_disable
Definition attestation_config.c:32

as_is_config_loaded
int as_is_config_loaded(void)
Definition attestation_config.c:54

attestation_alloc
static void * attestation_alloc(const char *name)
Definition attestation_config.c:85

attestation_show
static char * attestation_show(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
Definition attestation_config.c:233

as_copy_cfg_common
int as_copy_cfg_common(const char *id, struct attestation_cfg_common *cfg_dst, struct attestation_cfg_common *cfg_src)
Definition attestation_config.c:113

CONFIG_TYPE
#define CONFIG_TYPE
Definition attestation_config.c:30

attestation_apply
static int attestation_apply(const struct ast_sorcery *sorcery, void *obj)
Definition attestation_config.c:221

sorcery
static struct ast_sorcery * sorcery
Definition chan_websocket.c:54

cli.h
Standard Command Line Interface.

CLI_SHOWUSAGE
#define CLI_SHOWUSAGE
Definition cli.h:45

CLI_SUCCESS
#define CLI_SUCCESS
Definition cli.h:44

AST_CLI_DEFINE
#define AST_CLI_DEFINE(fn, txt,...)
Definition cli.h:197

CLI_INIT
@ CLI_INIT
Definition cli.h:152

CLI_GENERATE
@ CLI_GENERATE
Definition cli.h:153

CLI_FAILURE
#define CLI_FAILURE
Definition cli.h:46

ast_cli_register_multiple
#define ast_cli_register_multiple(e, len)
Register multiple commands.
Definition cli.h:265

config_object_cli_show
int config_object_cli_show(void *obj, void *arg, void *data, int flags)
Output configuration settings to the Asterisk CLI.
Definition common_config.c:173

get_sorcery
struct ast_sorcery * get_sorcery(void)
Retrieve the stir/shaken sorcery context.
Definition common_config.c:34

config_object_type_attestation
@ config_object_type_attestation
Definition common_config.h:561

generate_sorcery_enum_to_str_ex
#define generate_sorcery_enum_to_str_ex(__struct, __substruct, __lc_param, __base_enum)
Enum sorcery handler generator.
Definition common_config.h:147

generate_acfg_common_sorcery_handlers
#define generate_acfg_common_sorcery_handlers(object)
Definition common_config.h:306

cfg_sf_copy_wrapper
#define cfg_sf_copy_wrapper(id, __cfg_dst, __cfg_src, __field)
cfg_copy_wrapper
Definition common_config.h:248

register_common_attestation_fields
#define register_common_attestation_fields(sorcery, object, CONFIG_TYPE, nodoc)
Definition common_config.h:547

ENUM_BOOL
#define ENUM_BOOL(__enum1, __field)
Definition common_config.h:220

cfg_enum_copy
#define cfg_enum_copy(__cfg_dst, __cfg_src, __field)
Definition common_config.h:285

generate_sorcery_enum_from_str_ex
#define generate_sorcery_enum_from_str_ex(__struct, __substruct, __lc_param, __base_enum, __unknown)
Definition common_config.h:158

enum_option_register_ex
#define enum_option_register_ex(sorcery, CONFIG_TYPE, name, field, function_prefix, nodoc)
Definition common_config.h:508

FLDSET
#define FLDSET(type,...)
Convert a struct and list of fields to an argument list of field offsets.
Definition config_options.h:816

OPT_NOOP_T
@ OPT_NOOP_T
Type for a default handler that should do nothing.
Definition config_options.h:399

OPT_YESNO_T
@ OPT_YESNO_T
Type for default option handler for bools (ast_true/ast_false)
Definition config_options.h:481

crypto_load_cert_chain_from_memory
X509 * crypto_load_cert_chain_from_memory(const char *buffer, size_t size, STACK_OF(X509) **cert_chain)
Load an X509 Cert and any chained certs from a NULL terminated buffer.
Definition crypto_utils.c:266

crypto_load_privkey_from_file
EVP_PKEY * crypto_load_privkey_from_file(const char *filename)
Load a private key from a file.
Definition crypto_utils.c:141

crypto_extract_raw_privkey
int crypto_extract_raw_privkey(EVP_PKEY *key, unsigned char **buffer)
Extract raw private key from EVP_PKEY.
Definition crypto_utils.c:409

crypto_is_cert_time_valid
int crypto_is_cert_time_valid(X509 *cert, time_t reftime)
Check if the reftime is within the cert's valid dates.
Definition crypto_utils.c:810

crypto_has_private_key_from_memory
int crypto_has_private_key_from_memory(const char *buffer, size_t size)
Check if the supplied buffer has a private key.
Definition crypto_utils.c:355

name
static const char name[]
Definition format_mp3.c:68

SCOPE_EXIT_RTN_VALUE
#define SCOPE_EXIT_RTN_VALUE(__return_value,...)
Definition include/asterisk/logger.h:1036

SCOPE_EXIT_LOG_RTN_VALUE
#define SCOPE_EXIT_LOG_RTN_VALUE(__value, __log_level,...)
Definition include/asterisk/logger.h:1059

SCOPE_ENTER
#define SCOPE_ENTER(level,...)
Definition include/asterisk/logger.h:1008

SCOPE_EXIT
#define SCOPE_EXIT(...)
Definition include/asterisk/logger.h:1025

curl_download_to_memory
long curl_download_to_memory(const char *url, size_t *returned_length, char **returned_data, struct ast_variable **headers)
Really simple document retrieval to memory.
Definition curl_utils.c:300

logger.h
Support for logging to various files, console and syslog Configuration in file logger....

LOG_ERROR
#define LOG_ERROR
Definition include/asterisk/logger.h:291

LOG_WARNING
#define LOG_WARNING
Definition include/asterisk/logger.h:280

paths.h
Asterisk file paths, configured in asterisk.conf.

UNKNOWN
@ UNKNOWN
Definition res_pjsip.h:440

NULL
#define NULL
Definition resample.c:96

sorcery.h
Sorcery Data Access Layer API.

ast_sorcery_object_get_id
const char * ast_sorcery_object_get_id(const void *object)
Get the unique identifier of a sorcery object.
Definition sorcery.c:2381

ast_sorcery_object_field_register_nodoc
#define ast_sorcery_object_field_register_nodoc(sorcery, type, name, default_val, opt_type, flags,...)
Register a field within an object without documentation.
Definition sorcery.h:987

ast_sorcery_retrieve_by_id
void * ast_sorcery_retrieve_by_id(const struct ast_sorcery *sorcery, const char *type, const char *id)
Retrieve an object using its unique identifier.
Definition sorcery.c:1917

ast_sorcery_object_register
#define ast_sorcery_object_register(sorcery, type, alloc, transform, apply)
Register an object type.
Definition sorcery.h:837

ast_sorcery_load_object
void ast_sorcery_load_object(const struct ast_sorcery *sorcery, const char *type)
Inform any wizards of a specific object type to load persistent objects.
Definition sorcery.c:1457

ast_sorcery_generic_alloc
void * ast_sorcery_generic_alloc(size_t size, ao2_destructor_fn destructor)
Allocate a generic sorcery capable object.
Definition sorcery.c:1792

ast_sorcery_object_field_register
#define ast_sorcery_object_field_register(sorcery, type, name, default_val, opt_type, flags,...)
Register a field within an object.
Definition sorcery.h:955

ast_sorcery_force_reload_object
void ast_sorcery_force_reload_object(const struct ast_sorcery *sorcery, const char *type)
Inform any wizards of a specific object type to reload persistent objects even if no changes determin...
Definition sorcery.c:1521

ast_sorcery_apply_default
#define ast_sorcery_apply_default(sorcery, type, name, data)
Definition sorcery.h:476

stir_shaken.h

ast_string_field_init
#define ast_string_field_init(x, size)
Initialize a field pool and fields.
Definition stringfields.h:359

ast_string_field_free_memory
#define ast_string_field_free_memory(x)
free all memory - to be called before destroying the object
Definition stringfields.h:374

ast_strlen_zero
static force_inline int attribute_pure ast_strlen_zero(const char *s)
Definition strings.h:65

ast_cli_args
Definition cli.h:158

ast_cli_entry
descriptor for a cli entry.
Definition cli.h:171

ast_cli_entry::command
char * command
Definition cli.h:186

ast_cli_entry::usage
const char * usage
Definition cli.h:177

ast_sorcery
Full structure for sorcery.
Definition sorcery.c:231

attestation_cfg_common
Attestation Service configuration for stir/shaken.
Definition common_config.h:294

attestation_cfg_common::check_tn_cert_public_url
enum check_tn_cert_public_url_enum check_tn_cert_public_url
Definition common_config.h:300

attestation_cfg_common::raw_key
unsigned char * raw_key
Definition common_config.h:302

attestation_cfg_common::raw_key_length
size_t raw_key_length
Definition common_config.h:303

attestation_cfg_common::public_cert_url
const ast_string_field public_cert_url
Definition common_config.h:298

attestation_cfg_common::private_key_file
const ast_string_field private_key_file
Definition common_config.h:298

attestation_cfg
Definition common_config.h:322

attestation_cfg::acfg_common
struct attestation_cfg_common acfg_common
Definition common_config.h:331

attestation_cfg::global_disable
int global_disable
Definition common_config.h:333

attestation_cfg::unknown_tn_attest_level
enum attest_level_enum unknown_tn_attest_level
Definition common_config.h:332

config_object_cli_data
Definition common_config.h:567

config_object_cli_data::title
const char * title
Definition common_config.h:568

a
static struct test_val a
Definition test_linkedlists.c:46

RAII_VAR
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition utils.h:981

ast_file_is_readable
int ast_file_is_readable(const char *filename)
Test that a file exists and is readable by the effective user.
Definition utils.c:3143

ARRAY_LEN
#define ARRAY_LEN(a)
Definition utils.h:706