d9/d2d/res__stir__shaken_8c_source.html

/*

 * Asterisk -- An open source telephony toolkit.

 *

 * Copyright (C) 2020, Sangoma Technologies Corporation

 *

 * Kevin Harwell <kharwell@digium.com>

 *

 * See http://www.asterisk.org for more information about

 * the Asterisk project. Please do not directly contact

 * any of the maintainers of this project for assistance;

 * the project provides a web site, mailing lists and IRC

 * channels for your use.

 *

 * This program is free software, distributed under the terms of

 * the GNU General Public License Version 2. See the LICENSE file

 * at the top of the source tree.

 */


/*** MODULEINFO

    <depend>curl</depend>

    <depend>res_curl</depend>

    <depend>libjwt</depend>

    <support_level>core</support_level>

 ***/


#define _TRACE_PREFIX_ "rss",__LINE__, ""


#include "asterisk.h"


#include "asterisk/app.h"

#include "asterisk/cli.h"

#include "asterisk/conversions.h"

#include "asterisk/module.h"

#include "asterisk/global_datastores.h"

#include "asterisk/pbx.h"


#include "res_stir_shaken/stir_shaken.h"


static int tn_auth_list_nid;


int get_tn_auth_nid(void)

{

    return tn_auth_list_nid;

}


/* The datastore struct holding verification information for the channel */

struct stir_datastore {

    /* The identitifier for the STIR/SHAKEN verification */

    char *identity;

    /* The attestation value */

    char *attestation;

    /* The actual verification result */

    enum ast_stir_shaken_vs_response_code verify_result;

};


/*!

 * \brief Frees a stir_shaken_datastore structure

 *

 * \param datastore The datastore to free

 */

static void stir_datastore_free(struct stir_datastore *datastore)

{

    if (!datastore) {

        return;

    }


    ast_free(datastore->identity);

    ast_free(datastore->attestation);

    ast_free(datastore);

}


/*!

 * \brief The callback to destroy a stir_shaken_datastore

 *

 * \param data The stir_shaken_datastore

 */

static void stir_datastore_destroy_cb(void *data)

{

    struct stir_datastore *datastore = data;

    stir_datastore_free(datastore);

}


/* The stir_shaken_datastore info used to add and compare stir_shaken_datastores on the channel */

static const struct ast_datastore_info stir_shaken_datastore_info = {

    .type = "STIR/SHAKEN VERIFICATION",

    .destroy = stir_datastore_destroy_cb,

};


int ast_stir_shaken_add_result_to_channel(

    struct ast_stir_shaken_vs_ctx *ctx)

{

    struct stir_datastore *stir_datastore;

    struct ast_datastore *chan_datastore;

    const char *chan_name;


    if (!ctx->chan) {

        ast_log(LOG_ERROR, "Channel is required to add STIR/SHAKEN verification\n");

        return -1;

    }


    chan_name = ast_channel_name(ctx->chan);


    if (!ctx->identity_hdr) {

        ast_log(LOG_ERROR, "No identity to add STIR/SHAKEN verification to channel "

            "%s\n", chan_name);

        return -1;

    }


    if (!ctx->attestation) {

        ast_log(LOG_ERROR, "Attestation cannot be NULL to add STIR/SHAKEN verification to "

            "channel %s\n", chan_name);

        return -1;

    }


    stir_datastore = ast_calloc(1, sizeof(*stir_datastore));

    if (!stir_datastore) {

        ast_log(LOG_ERROR, "Failed to allocate space for STIR/SHAKEN datastore for "

            "channel %s\n", chan_name);

        return -1;

    }


    stir_datastore->identity = ast_strdup(ctx->identity_hdr);

    if (!stir_datastore->identity) {

        ast_log(LOG_ERROR, "Failed to allocate space for STIR/SHAKEN datastore "

            "identity for channel %s\n", chan_name);

        stir_datastore_free(stir_datastore);

        return -1;

    }


    stir_datastore->attestation = ast_strdup(ctx->attestation);

    if (!stir_datastore->attestation) {

        ast_log(LOG_ERROR, "Failed to allocate space for STIR/SHAKEN datastore "

            "attestation for channel %s\n", chan_name);

        stir_datastore_free(stir_datastore);

        return -1;

    }


    stir_datastore->verify_result = ctx->failure_reason;


    chan_datastore = ast_datastore_alloc(&stir_shaken_datastore_info, NULL);

    if (!chan_datastore) {

        ast_log(LOG_ERROR, "Failed to allocate space for datastore for channel "

            "%s\n", chan_name);

        stir_datastore_free(stir_datastore);

        return -1;

    }


    chan_datastore->data = stir_datastore;


    ast_channel_lock(ctx->chan);

    ast_channel_datastore_add(ctx->chan, chan_datastore);

    ast_channel_unlock(ctx->chan);


    return 0;

}


/*!

 * \brief Retrieves STIR/SHAKEN verification information for the channel via dialplan.

 * Examples:

 *

 * STIR_SHAKEN(count)

 * STIR_SHAKEN(0, identity)

 * STIR_SHAKEN(1, attestation)

 * STIR_SHAKEN(27, verify_result)

 *

 * \retval -1 on failure

 * \retval 0 on success

 */

static int func_read(struct ast_channel *chan, const char *function,

    char *data, char *buf, size_t len)

{

    struct stir_datastore *stir_datastore;

    struct ast_datastore *chan_datastore;

    char *parse;

    char *first;

    char *second;

    unsigned int target_index, current_index = 0;

    AST_DECLARE_APP_ARGS(args,

        AST_APP_ARG(first_param);

        AST_APP_ARG(second_param);

    );


    if (ast_strlen_zero(data)) {

        ast_log(LOG_WARNING, "%s requires at least one argument\n", function);

        return -1;

    }


    if (!chan) {

        ast_log(LOG_ERROR, "No channel for %s function\n", function);

        return -1;

    }


    parse = ast_strdupa(data);


    AST_STANDARD_APP_ARGS(args, parse);


    first = ast_strip(args.first_param);

    if (ast_strlen_zero(first)) {

        ast_log(LOG_ERROR, "An argument must be passed to %s\n", function);

        return -1;

    }


    second = ast_strip(args.second_param);


    /* Check if we are only looking for the number of STIR/SHAKEN verification results */

    if (!strcasecmp(first, "count")) {

        size_t count = 0;


        if (!ast_strlen_zero(second)) {

            ast_log(LOG_ERROR, "%s only takes 1 paramater for 'count'\n", function);

            return -1;

        }


        ast_channel_lock(chan);

        AST_LIST_TRAVERSE(ast_channel_datastores(chan), chan_datastore, entry) {

            if (chan_datastore->info != &stir_shaken_datastore_info) {

                continue;

            }

            count++;

        }

        ast_channel_unlock(chan);


        snprintf(buf, len, "%zu", count);

        return 0;

    }


    /* If we aren't doing a count, then there should be two parameters. The field

     * we are searching for will be the second parameter. The index is the first.

     */

    if (ast_strlen_zero(second)) {

        ast_log(LOG_ERROR, "Retrieving a value using %s requires two paramaters (index, value) "

            "- only index was given\n", function);

        return -1;

    }


    if (ast_str_to_uint(first, &target_index)) {

        ast_log(LOG_ERROR, "Failed to convert index %s to integer for function %s\n",

            first, function);

        return -1;

    }


    /* We don't store by uid for the datastore, so just search for the specified index */

    ast_channel_lock(chan);

    AST_LIST_TRAVERSE(ast_channel_datastores(chan), chan_datastore, entry) {

        if (chan_datastore->info != &stir_shaken_datastore_info) {

            continue;

        }


        if (current_index == target_index) {

            break;

        }


        current_index++;

    }

    ast_channel_unlock(chan);

    if (current_index != target_index || !chan_datastore) {

        ast_log(LOG_WARNING, "No STIR/SHAKEN results for index '%s'\n", first);

        return -1;

    }

    stir_datastore = chan_datastore->data;


    if (!strcasecmp(second, "identity")) {

        ast_copy_string(buf, stir_datastore->identity, len);

    } else if (!strcasecmp(second, "attestation")) {

        ast_copy_string(buf, stir_datastore->attestation, len);

    } else if (!strcasecmp(second, "verify_result")) {

        ast_copy_string(buf, vs_response_code_to_str(stir_datastore->verify_result), len);

    } else {

        ast_log(LOG_ERROR, "No such value '%s' for %s\n", second, function);

        return -1;

    }


    return 0;

}


static struct ast_custom_function stir_shaken_function = {

    .name = "STIR_SHAKEN",

    .read = func_read,

};


static int reload_module(void)

{

    return common_config_reload();

}


static int unload_module(void)

{

    int res = 0;


    common_config_unload();

    crypto_unload();


    res |= ast_custom_function_unregister(&stir_shaken_function);


    return 0;

}


#define TN_AUTH_LIST_OID "1.3.6.1.5.5.7.1.26"

#define TN_AUTH_LIST_SHORT "TNAuthList"

#define TN_AUTH_LIST_LONG "TNAuthorizationList"


static int check_for_old_config(void)

{

    const char *error_msg = "There appears to be a 'stir_shaken.conf' file"

    " with old configuration options in it.  Please see the new config"

    " file format in the configs/samples/stir_shaken.conf.sample file"

    " in the source tree at https://github.com/asterisk/asterisk/raw/master/configs/samples/stir_shaken.conf.sample"

    " or visit https://docs.asterisk.org/Deployment/STIR-SHAKEN for more information.";

    RAII_VAR(struct ast_config *, cfg, NULL, ast_config_destroy);

    struct ast_flags config_flags = { 0 };

    char *cat = NULL;


    cfg = ast_config_load("stir_shaken.conf", config_flags);

    if (cfg == NULL) {

        /*

         * They may be loading from realtime so the fact that there's

         * no stir-shaken.conf file isn't an issue for this purpose.

         */

        return AST_MODULE_LOAD_DECLINE;

    }

    while ((cat = ast_category_browse(cfg, cat))) {

        const char *val;

        if (strcasecmp(cat, "general") == 0) {

            ast_log(LOG_ERROR, "%s\n", error_msg);

            return AST_MODULE_LOAD_DECLINE;

        }

        val = ast_variable_retrieve(cfg, cat, "type");

        if (val && (strcasecmp(val, "store") == 0 ||

            strcasecmp(val, "certificate") == 0)) {

            ast_log(LOG_ERROR, "%s\n", error_msg);

            return AST_MODULE_LOAD_DECLINE;

        }

    }


    return AST_MODULE_LOAD_SUCCESS;

}


static int load_module(void)

{

    int res = 0;


    if (check_for_old_config()) {

        return AST_MODULE_LOAD_DECLINE;

    }


    if (crypto_load()) {

        unload_module();

        return AST_MODULE_LOAD_DECLINE;

    }


    tn_auth_list_nid = crypto_register_x509_extension(TN_AUTH_LIST_OID,

        TN_AUTH_LIST_SHORT, TN_AUTH_LIST_LONG);

    if (tn_auth_list_nid < 0) {

        unload_module();

        return AST_MODULE_LOAD_DECLINE;

    }


    if (common_config_load()) {

        unload_module();

        return AST_MODULE_LOAD_DECLINE;

    }


    res |= ast_custom_function_register(&stir_shaken_function);


    return res;

}


AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_GLOBAL_SYMBOLS | AST_MODFLAG_LOAD_ORDER, "STIR/SHAKEN Module for Asterisk",

    .support_level = AST_MODULE_SUPPORT_CORE,

    .load = load_module,

    .unload = unload_module,

    .reload = reload_module,

    .load_pri = AST_MODPRI_CHANNEL_DEPEND - 1,

    .requires = "res_curl",

);

first
struct sla_ringing_trunk * first
Definition: app_sla.c:332

asterisk.h
Asterisk main include file. File version handling, generic pbx functions.

ast_free
#define ast_free(a)
Definition: astmm.h:180

ast_strdup
#define ast_strdup(str)
A wrapper for strdup()
Definition: astmm.h:241

ast_strdupa
#define ast_strdupa(s)
duplicate a string in memory from the stack
Definition: astmm.h:298

ast_calloc
#define ast_calloc(num, len)
A wrapper for calloc()
Definition: astmm.h:202

ast_log
#define ast_log
Definition: astobj2.c:42

ast_channel_name
const char * ast_channel_name(const struct ast_channel *chan)

ast_channel_datastore_add
int ast_channel_datastore_add(struct ast_channel *chan, struct ast_datastore *datastore)
Add a datastore to a channel.
Definition: channel.c:2385

ast_channel_lock
#define ast_channel_lock(chan)
Definition: channel.h:2922

ast_channel_datastores
struct ast_datastore_list * ast_channel_datastores(struct ast_channel *chan)
Definition: channel_internal_api.c:853

ast_channel_unlock
#define ast_channel_unlock(chan)
Definition: channel.h:2923

cli.h
Standard Command Line Interface.

common_config_unload
int common_config_unload(void)
Definition: common_config.c:284

common_config_reload
int common_config_reload(void)
Definition: common_config.c:262

common_config_load
int common_config_load(void)
Definition: common_config.c:311

conversions.h
Conversion utility functions.

ast_str_to_uint
int ast_str_to_uint(const char *str, unsigned int *res)
Convert the given string to an unsigned integer.
Definition: conversions.c:56

crypto_register_x509_extension
int crypto_register_x509_extension(const char *oid, const char *short_name, const char *long_name)
Register a certificate extension to openssl.
Definition: crypto_utils.c:76

crypto_unload
int crypto_unload(void)
Clean up the crypto utils.
Definition: crypto_utils.c:514

ast_datastore_alloc
#define ast_datastore_alloc(info, uid)
Definition: datastore.h:85

buf
char buf[BUFSIZE]
Definition: eagi_proxy.c:66

len
static int len(struct ast_channel *chan, const char *cmd, char *data, char *buf, size_t buflen)
Definition: func_strings.c:1567

global_datastores.h
globally accessible channel datastores

app.h
Application convenience functions, designed to give consistent look and feel to Asterisk apps.

AST_APP_ARG
#define AST_APP_ARG(name)
Define an application argument.
Definition: include/asterisk/app.h:1230

AST_DECLARE_APP_ARGS
#define AST_DECLARE_APP_ARGS(name, arglist)
Declare a structure to hold an application's arguments.
Definition: include/asterisk/app.h:1247

AST_STANDARD_APP_ARGS
#define AST_STANDARD_APP_ARGS(args, parse)
Performs the 'standard' argument separation process for an application.
Definition: include/asterisk/app.h:1283

ast_config_load
#define ast_config_load(filename, flags)
Load a config file.
Definition: include/asterisk/config.h:179

ast_category_browse
char * ast_category_browse(struct ast_config *config, const char *prev_name)
Browse categories.
Definition: extconf.c:3326

ast_config_destroy
void ast_config_destroy(struct ast_config *cfg)
Destroys a config.
Definition: extconf.c:1289

ast_variable_retrieve
const char * ast_variable_retrieve(struct ast_config *config, const char *category, const char *variable)
Definition: main/config.c:783

LOG_ERROR
#define LOG_ERROR
Definition: include/asterisk/logger.h:286

LOG_WARNING
#define LOG_WARNING
Definition: include/asterisk/logger.h:275

AST_LIST_TRAVERSE
#define AST_LIST_TRAVERSE(head, var, field)
Loops over (traverses) the entries in a list.
Definition: linkedlists.h:491

module.h
Asterisk module definitions.

AST_MODFLAG_LOAD_ORDER
@ AST_MODFLAG_LOAD_ORDER
Definition: module.h:317

AST_MODFLAG_GLOBAL_SYMBOLS
@ AST_MODFLAG_GLOBAL_SYMBOLS
Definition: module.h:316

AST_MODULE_INFO
#define AST_MODULE_INFO(keystr, flags_to_set, desc, fields...)
Definition: module.h:543

AST_MODPRI_CHANNEL_DEPEND
@ AST_MODPRI_CHANNEL_DEPEND
Definition: module.h:326

AST_MODULE_SUPPORT_CORE
@ AST_MODULE_SUPPORT_CORE
Definition: module.h:121

ASTERISK_GPL_KEY
#define ASTERISK_GPL_KEY
The text the key() function should return.
Definition: module.h:46

AST_MODULE_LOAD_SUCCESS
@ AST_MODULE_LOAD_SUCCESS
Definition: module.h:70

AST_MODULE_LOAD_DECLINE
@ AST_MODULE_LOAD_DECLINE
Module has failed to load, may be in an inconsistent state.
Definition: module.h:78

pbx.h
Core PBX routines and definitions.

ast_custom_function_register
#define ast_custom_function_register(acf)
Register a custom function.
Definition: pbx.h:1558

ast_custom_function_unregister
int ast_custom_function_unregister(struct ast_custom_function *acf)
Unregister a custom function.
Definition: pbx_functions.c:273

reload
static int reload(void)
Definition: res_config_mysql.c:1186

crypto_load
static void crypto_load(int ifd, int ofd)
refresh RSA keys from file
Definition: res_crypto.c:819

TN_AUTH_LIST_SHORT
#define TN_AUTH_LIST_SHORT
Definition: res_stir_shaken.c:299

ast_stir_shaken_add_result_to_channel
int ast_stir_shaken_add_result_to_channel(struct ast_stir_shaken_vs_ctx *ctx)
Add a STIR/SHAKEN verification result to a channel.
Definition: res_stir_shaken.c:89

stir_shaken_datastore_info
static const struct ast_datastore_info stir_shaken_datastore_info
Definition: res_stir_shaken.c:84

stir_datastore_destroy_cb
static void stir_datastore_destroy_cb(void *data)
The callback to destroy a stir_shaken_datastore.
Definition: res_stir_shaken.c:77

TN_AUTH_LIST_OID
#define TN_AUTH_LIST_OID
Definition: res_stir_shaken.c:298

TN_AUTH_LIST_LONG
#define TN_AUTH_LIST_LONG
Definition: res_stir_shaken.c:300

stir_datastore_free
static void stir_datastore_free(struct stir_datastore *datastore)
Frees a stir_shaken_datastore structure.
Definition: res_stir_shaken.c:61

stir_shaken_function
static struct ast_custom_function stir_shaken_function
Definition: res_stir_shaken.c:276

func_read
static int func_read(struct ast_channel *chan, const char *function, char *data, char *buf, size_t len)
Retrieves STIR/SHAKEN verification information for the channel via dialplan. Examples:
Definition: res_stir_shaken.c:169

reload_module
static int reload_module(void)
Definition: res_stir_shaken.c:281

check_for_old_config
static int check_for_old_config(void)
Definition: res_stir_shaken.c:302

tn_auth_list_nid
static int tn_auth_list_nid
Definition: res_stir_shaken.c:39

load_module
static int load_module(void)
Definition: res_stir_shaken.c:338

unload_module
static int unload_module(void)
Definition: res_stir_shaken.c:286

get_tn_auth_nid
int get_tn_auth_nid(void)
Retrieves the OpenSSL NID for the TN Auth list extension.
Definition: res_stir_shaken.c:41

ast_stir_shaken_vs_response_code
ast_stir_shaken_vs_response_code
Definition: res_stir_shaken.h:23

NULL
#define NULL
Definition: resample.c:96

stir_shaken.h

vs_response_code_to_str
const char * vs_response_code_to_str(enum ast_stir_shaken_vs_response_code vs_rc)
Return string version of VS response code.
Definition: verification.c:90

ast_strlen_zero
static force_inline int attribute_pure ast_strlen_zero(const char *s)
Definition: strings.h:65

ast_copy_string
void ast_copy_string(char *dst, const char *src, size_t size)
Size-limited null-terminating string copy.
Definition: strings.h:425

ast_strip
char * ast_strip(char *s)
Strip leading/trailing whitespace from a string.
Definition: strings.h:223

ast_channel
Main Channel structure associated with a channel.
Definition: channel_internal_api.c:73

ast_config
Definition: main/config.c:249

ast_custom_function
Data structure associated with a custom dialplan function.
Definition: pbx.h:118

ast_custom_function::name
const char * name
Definition: pbx.h:119

ast_datastore_info
Structure for a data store type.
Definition: datastore.h:31

ast_datastore_info::type
const char * type
Definition: datastore.h:32

ast_datastore
Structure for a data store object.
Definition: datastore.h:64

ast_datastore::info
const struct ast_datastore_info * info
Definition: datastore.h:67

ast_datastore::data
void * data
Definition: datastore.h:66

ast_flags
Structure used to handle boolean flags.
Definition: utils.h:199

ast_stir_shaken_vs_ctx
Definition: verification.h:24

ast_stir_shaken_vs_ctx::attestation
const ast_string_field attestation
Definition: verification.h:39

ast_stir_shaken_vs_ctx::identity_hdr
const ast_string_field identity_hdr
Definition: verification.h:39

ast_stir_shaken_vs_ctx::chan
struct ast_channel * chan
Definition: verification.h:41

ast_stir_shaken_vs_ctx::failure_reason
enum ast_stir_shaken_vs_response_code failure_reason
Definition: verification.h:48

entry
Definition: search.h:40

stir_datastore
Definition: res_stir_shaken.c:47

stir_datastore::attestation
char * attestation
Definition: res_stir_shaken.c:51

stir_datastore::verify_result
enum ast_stir_shaken_vs_response_code verify_result
Definition: res_stir_shaken.c:53

stir_datastore::identity
char * identity
Definition: res_stir_shaken.c:49

val
Definition: ast_expr2.c:325

args
const char * args
Definition: test_func_file.c:46

RAII_VAR
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition: utils.h:941