Asterisk - The Open Source Telephony Project GIT-master-f36a736
Macros | Functions | Variables
attestation.c File Reference
#include <jwt.h>
#include "asterisk.h"
#include "asterisk/module.h"
#include "asterisk/uuid.h"
#include "asterisk/json.h"
#include "asterisk/channel.h"
#include "stir_shaken.h"
Include dependency graph for attestation.c:

Go to the source code of this file.

Macros

#define _TRACE_PREFIX_   "a",__LINE__, ""
 
#define CREATE_JSON_APPEND_ARRAY(__val, __obj)
 
#define CREATE_JSON_SET_OBJ(__val, __obj, __name)
 

Functions

int as_load ()
 Load the stir/shaken attestation service. More...
 
int as_reload ()
 Load the stir/shaken attestation service. More...
 
const char * as_response_code_to_str (enum ast_stir_shaken_as_response_code as_rc)
 Return string version of AS response code. More...
 
int as_unload ()
 Load the stir/shaken attestation service. More...
 
enum ast_stir_shaken_as_response_code ast_stir_shaken_as_ctx_add_fingerprint (struct ast_stir_shaken_as_ctx *ctx, const char *alg, const char *fingerprint)
 Add DTLS fingerprints to AS context. More...
 
enum ast_stir_shaken_as_response_code ast_stir_shaken_as_ctx_create (const char *orig_tn, const char *dest_tn, struct ast_channel *chan, const char *profile_name, const char *tag, struct ast_stir_shaken_as_ctx **ctxout)
 Create Attestation Service Context. More...
 
int ast_stir_shaken_as_ctx_wants_fingerprints (struct ast_stir_shaken_as_ctx *ctx)
 Indicates if the AS context needs DTLS fingerprints. More...
 
enum ast_stir_shaken_as_response_code ast_stir_shaken_attest (struct ast_stir_shaken_as_ctx *ctx, char **header)
 Attest and return Identity header value. More...
 
static void ctx_destructor (void *obj)
 
static enum ast_stir_shaken_as_response_code pack_payload (struct ast_stir_shaken_as_ctx *ctx, jwt_t *jwt)
 

Variables

static const char * as_rc_map []
 

Macro Definition Documentation

◆ _TRACE_PREFIX_

#define _TRACE_PREFIX_   "a",__LINE__, ""

Definition at line 21 of file attestation.c.

◆ CREATE_JSON_APPEND_ARRAY

#define CREATE_JSON_APPEND_ARRAY (   __val,
  __obj 
)

Definition at line 273 of file attestation.c.

◆ CREATE_JSON_SET_OBJ

#define CREATE_JSON_SET_OBJ (   __val,
  __obj,
  __name 
)

Definition at line 256 of file attestation.c.

Function Documentation

◆ as_load()

int as_load ( void  )

Load the stir/shaken attestation service.

Return values
0on success
-1on error

Definition at line 440 of file attestation.c.

441{
442 if (as_config_load()) {
443 return AST_MODULE_LOAD_DECLINE;
444 }
445
446 return AST_MODULE_LOAD_SUCCESS;
447}
as_config_load
int as_config_load(void)
Definition: attestation_config.c:300
AST_MODULE_LOAD_SUCCESS
@ AST_MODULE_LOAD_SUCCESS
Definition: module.h:70
AST_MODULE_LOAD_DECLINE
@ AST_MODULE_LOAD_DECLINE
Module has failed to load, may be in an inconsistent state.
Definition: module.h:78

References as_config_load(), AST_MODULE_LOAD_DECLINE, and AST_MODULE_LOAD_SUCCESS.

Referenced by common_config_load().

◆ as_reload()

int as_reload ( void  )

Load the stir/shaken attestation service.

Return values
0on success
-1on error

Definition at line 427 of file attestation.c.

428{
429 as_config_reload();
430
431 return 0;
432}
as_config_reload
int as_config_reload(void)
Definition: attestation_config.c:272

References as_config_reload().

Referenced by common_config_reload().

◆ as_response_code_to_str()

const char * as_response_code_to_str ( enum ast_stir_shaken_as_response_code  as_rc)

Return string version of AS response code.

Parameters
as_rc
Returns
Response string

Definition at line 47 of file attestation.c.

49{
50 return ARRAY_IN_BOUNDS(as_rc, as_rc_map) ?
51 as_rc_map[as_rc] : NULL;
52}
as_rc_map
static const char * as_rc_map[]
Definition: attestation.c:31
NULL
#define NULL
Definition: resample.c:96
ARRAY_IN_BOUNDS
#define ARRAY_IN_BOUNDS(v, a)
Checks to see if value is within the bounds of the given array.
Definition: utils.h:687

References ARRAY_IN_BOUNDS, as_rc_map, and NULL.

◆ as_unload()

int as_unload ( void  )

Load the stir/shaken attestation service.

Return values
0on success
-1on error

Definition at line 434 of file attestation.c.

435{
436 as_config_unload();
437 return 0;
438}
as_config_unload
int as_config_unload(void)
Definition: attestation_config.c:291

References as_config_unload().

Referenced by common_config_unload().

◆ ast_stir_shaken_as_ctx_add_fingerprint()

enum ast_stir_shaken_as_response_code ast_stir_shaken_as_ctx_add_fingerprint ( struct ast_stir_shaken_as_ctx ctx,
const char *  alg,
const char *  fingerprint 
)

Add DTLS fingerprints to AS context.

Parameters
ctxAS context
algFingerprint algorithm ("sha-1" or "sha-256")
fingerprintFingerprint
Return values
AST_STIR_SHAKEN_AS_SUCCESSif successful
OtherAST_STIR_SHAKEN_AS errors.

Definition at line 206 of file attestation.c.

208{
209 char *compacted_fp = ast_alloca(strlen(fingerprint) + 1);
210 const char *f = fingerprint;
211 char *fp = compacted_fp;
212 char *combined;
213 int rc;
214 SCOPE_ENTER(4, "%s: Add fingerprint %s:%s\n", ctx ? ctx->tag : "",
215 alg, fingerprint);
216
217 if (!ctx || ast_strlen_zero(alg) || ast_strlen_zero(fingerprint)) {
218 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS,
219 "%s: Missing arguments\n", ctx->tag);
220 }
221
222 if (!ENUM_BOOL(ctx->etn->acfg_common.send_mky, send_mky)) {
223 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_DISABLED,
224 "%s: Not needed\n", ctx->tag);
225 }
226
227 /* De-colonize */
228 while (*f != '\0') {
229 if (*f != ':') {
230 *fp++ = *f;
231 }
232 f++;
233 }
234 *fp = '\0';
235 rc = ast_asprintf(&combined, "%s:%s", alg, compacted_fp);
236 if (rc < 0) {
237 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
238 "%s: Can't allocate memory for comobined string\n", ctx->tag);
239 }
240
241 rc = AST_VECTOR_ADD_SORTED(&ctx->fingerprints, combined, strcasecmp);
242 if (rc < 0) {
243 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
244 "%s: Can't add entry to vector\n", ctx->tag);
245 }
246
247 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_SUCCESS,
248 "%s: Done\n", ctx->tag);
249}
ast_alloca
#define ast_alloca(size)
call __builtin_alloca to ensure we get gcc builtin semantics
Definition: astmm.h:288
ast_asprintf
#define ast_asprintf(ret, fmt,...)
A wrapper for asprintf()
Definition: astmm.h:267
ENUM_BOOL
#define ENUM_BOOL(__enum1, __field)
Definition: common_config.h:218
SCOPE_EXIT_RTN_VALUE
#define SCOPE_EXIT_RTN_VALUE(__return_value,...)
Definition: include/asterisk/logger.h:1037
SCOPE_ENTER
#define SCOPE_ENTER(level,...)
Definition: include/asterisk/logger.h:1009
AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS
@ AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS
Definition: res_stir_shaken.h:64
AST_STIR_SHAKEN_AS_DISABLED
@ AST_STIR_SHAKEN_AS_DISABLED
Definition: res_stir_shaken.h:63
AST_STIR_SHAKEN_AS_SUCCESS
@ AST_STIR_SHAKEN_AS_SUCCESS
Definition: res_stir_shaken.h:62
AST_STIR_SHAKEN_AS_INTERNAL_ERROR
@ AST_STIR_SHAKEN_AS_INTERNAL_ERROR
Definition: res_stir_shaken.h:66
ast_strlen_zero
static force_inline int attribute_pure ast_strlen_zero(const char *s)
Definition: strings.h:65
ast_stir_shaken_as_ctx::etn
struct tn_cfg * etn
Definition: attestation.h:32
ast_stir_shaken_as_ctx::tag
const ast_string_field tag
Definition: attestation.h:29
ast_stir_shaken_as_ctx::fingerprints
struct ast_vector_string fingerprints
Definition: attestation.h:31
attestation_cfg_common::send_mky
enum send_mky_enum send_mky
Definition: common_config.h:299
tn_cfg::acfg_common
struct attestation_cfg_common acfg_common
Definition: common_config.h:464
AST_VECTOR_ADD_SORTED
#define AST_VECTOR_ADD_SORTED(vec, elem, cmp)
Add an element into a sorted vector.
Definition: vector.h:371

References tn_cfg::acfg_common, ast_alloca, ast_asprintf, AST_STIR_SHAKEN_AS_DISABLED, AST_STIR_SHAKEN_AS_INTERNAL_ERROR, AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS, AST_STIR_SHAKEN_AS_SUCCESS, ast_strlen_zero(), AST_VECTOR_ADD_SORTED, ENUM_BOOL, ast_stir_shaken_as_ctx::etn, ast_stir_shaken_as_ctx::fingerprints, SCOPE_ENTER, SCOPE_EXIT_RTN_VALUE, attestation_cfg_common::send_mky, and ast_stir_shaken_as_ctx::tag.

Referenced by add_fingerprints_if_present().

◆ ast_stir_shaken_as_ctx_create()

enum ast_stir_shaken_as_response_code ast_stir_shaken_as_ctx_create ( const char *  caller_id,
const char *  dest_tn,
struct ast_channel chan,
const char *  profile_name,
const char *  tag,
struct ast_stir_shaken_as_ctx **  ctxout 
)

Create Attestation Service Context.

Parameters
caller_idThe caller_id for the outgoing call
dest_tnCanonicalized destination tn
chanThe outgoing channel
profile_nameThe profile name on the endpoint May be NULL.
tagIdentifying string to output in log and trace messages.
ctxoutReceives a pointer to the newly created context The caller must release with ao2_ref or ao2_cleanup.
Return values
AST_STIR_SHAKEN_AS_SUCCESSif successful.
AST_STIR_SHAKEN_AS_DISABLEDif attestation is disabled by the endpoint itself, the profile or globally.
OtherAST_STIR_SHAKEN_AS errors.

Definition at line 66 of file attestation.c.

70{
71 RAII_VAR(struct ast_stir_shaken_as_ctx *, ctx, NULL, ao2_cleanup);
72 RAII_VAR(struct profile_cfg *, eprofile, NULL, ao2_cleanup);
73 RAII_VAR(struct attestation_cfg *, as_cfg, NULL, ao2_cleanup);
74 RAII_VAR(struct tn_cfg *, etn, NULL, ao2_cleanup);
75 RAII_VAR(char *, canon_dest_tn , canonicalize_tn_alloc(dest_tn), ast_free);
76 RAII_VAR(char *, canon_orig_tn , canonicalize_tn_alloc(orig_tn), ast_free);
77
78 const char *t = S_OR(tag, S_COR(chan, ast_channel_name(chan), ""));
79 SCOPE_ENTER(3, "%s: Enter\n", t);
80
81 as_cfg = as_get_cfg();
82 if (as_cfg->global_disable) {
83 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_DISABLED,
84 "%s: Globally disabled\n", t);
85 }
86
87 if (ast_strlen_zero(profile_name)) {
88 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_DISABLED,
89 "%s: Disabled due to missing profile name\n", t);
90 }
91
92 eprofile = eprofile_get_cfg(profile_name);
93 if (!eprofile) {
94 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_DISABLED,
95 LOG_ERROR, "%s: No profile for profile name '%s'. Call will continue\n", tag,
96 profile_name);
97 }
98
99 if (!PROFILE_ALLOW_ATTEST(eprofile)) {
100 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_DISABLED,
101 "%s: Disabled by profile '%s'\n", t, profile_name);
102 }
103
104 if (ast_strlen_zero(tag)) {
105 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS,
106 LOG_ERROR, "%s: Must provide tag\n", t);
107 }
108
109 if (!canon_orig_tn) {
110 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS,
111 LOG_ERROR, "%s: Must provide caller_id/orig_tn\n", tag);
112 }
113
114 if (!canon_dest_tn) {
115 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS,
116 LOG_ERROR, "%s: Must provide dest_tn\n", tag);
117 }
118
119 if (!ctxout) {
120 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS,
121 LOG_ERROR, "%s: Must provide ctxout\n", tag);
122 }
123
124 etn = tn_get_etn(canon_orig_tn, eprofile);
125 if (!etn) {
126 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_DISABLED,
127 "%s: No tn for orig_tn '%s'\n", tag, canon_orig_tn);
128 }
129
130 /* We don't need eprofile or as_cfg anymore so let's clean em up */
131 ao2_cleanup(as_cfg);
132 as_cfg = NULL;
133 ao2_cleanup(eprofile);
134 eprofile = NULL;
135
136
137 if (etn->acfg_common.attest_level == attest_level_NOT_SET) {
138 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_MISSING_PARAMETERS,
139 LOG_ERROR,
140 "'%s': No attest_level specified in tn, profile or attestation objects\n",
141 tag);
142 }
143
144 if (ast_strlen_zero(etn->acfg_common.public_cert_url)) {
145 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_NO_PUBLIC_CERT_URL_AVAIL,
146 LOG_ERROR, "%s: No public cert url in tn %s, profile or attestation objects\n",
147 tag, canon_orig_tn);
148 }
149
150 if (etn->acfg_common.raw_key_length == 0) {
151 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_NO_PRIVATE_KEY_AVAIL,
152 LOG_ERROR, "%s: No private key in tn %s, profile or attestation objects\n",
153 canon_orig_tn, tag);
154 }
155
156 ctx = ao2_alloc_options(sizeof(*ctx), ctx_destructor,
157 AO2_ALLOC_OPT_LOCK_NOLOCK);
158 if (!ctx) {
159 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
160 LOG_ERROR, "%s: Unable to allocate memory for ctx\n", tag);
161 }
162
163 if (ast_string_field_init(ctx, 1024) != 0) {
164 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
165 LOG_ERROR, "%s: Unable to allocate memory for ctx\n", tag);
166 }
167
168 if (ast_string_field_set(ctx, tag, tag) != 0) {
169 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
170 LOG_ERROR, "%s: Unable to allocate memory for ctx\n", tag);
171 }
172
173 if (ast_string_field_set(ctx, orig_tn, canon_orig_tn) != 0) {
174 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
175 LOG_ERROR, "%s: Unable to allocate memory for ctx\n", tag);
176 }
177
178 if (ast_string_field_set(ctx, dest_tn, canon_dest_tn)) {
179 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
180 LOG_ERROR, "%s: Unable to allocate memory for ctx\n", tag);
181 }
182
183 ctx->chan = chan;
184 ast_channel_ref(ctx->chan);
185
186 if (AST_VECTOR_INIT(&ctx->fingerprints, 1) != 0) {
187 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
188 LOG_ERROR, "%s: Unable to allocate memory for ctx\n", tag);
189 }
190
191 /* Transfer the references */
192 ctx->etn = etn;
193 etn = NULL;
194 *ctxout = ctx;
195 ctx = NULL;
196
197 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_SUCCESS, "%s: Done\n", tag);
198}
ast_free
#define ast_free(a)
Definition: astmm.h:180
AO2_ALLOC_OPT_LOCK_NOLOCK
@ AO2_ALLOC_OPT_LOCK_NOLOCK
Definition: astobj2.h:367
ao2_cleanup
#define ao2_cleanup(obj)
Definition: astobj2.h:1934
ao2_alloc_options
#define ao2_alloc_options(data_size, destructor_fn, options)
Definition: astobj2.h:404
ctx_destructor
static void ctx_destructor(void *obj)
Definition: attestation.c:54
as_get_cfg
struct attestation_cfg * as_get_cfg(void)
Definition: attestation_config.c:43
ast_channel_name
const char * ast_channel_name(const struct ast_channel *chan)
ast_channel_ref
#define ast_channel_ref(c)
Increase channel reference count.
Definition: channel.h:2993
canonicalize_tn_alloc
char * canonicalize_tn_alloc(const char *tn)
Canonicalize a TN into nre buffer.
Definition: common_config.c:293
eprofile_get_cfg
struct profile_cfg * eprofile_get_cfg(const char *id)
Definition: profile_config.c:126
PROFILE_ALLOW_ATTEST
#define PROFILE_ALLOW_ATTEST(__profile)
Definition: common_config.h:441
tn_get_etn
struct tn_cfg * tn_get_etn(const char *tn, struct profile_cfg *eprofile)
Definition: tn_config.c:111
SCOPE_EXIT_LOG_RTN_VALUE
#define SCOPE_EXIT_LOG_RTN_VALUE(__value, __log_level,...)
Definition: include/asterisk/logger.h:1060
LOG_ERROR
#define LOG_ERROR
Definition: include/asterisk/logger.h:292
AST_STIR_SHAKEN_AS_MISSING_PARAMETERS
@ AST_STIR_SHAKEN_AS_MISSING_PARAMETERS
Definition: res_stir_shaken.h:65
AST_STIR_SHAKEN_AS_NO_PRIVATE_KEY_AVAIL
@ AST_STIR_SHAKEN_AS_NO_PRIVATE_KEY_AVAIL
Definition: res_stir_shaken.h:68
AST_STIR_SHAKEN_AS_NO_PUBLIC_CERT_URL_AVAIL
@ AST_STIR_SHAKEN_AS_NO_PUBLIC_CERT_URL_AVAIL
Definition: res_stir_shaken.h:69
ast_string_field_set
#define ast_string_field_set(x, field, data)
Set a field to a simple string value.
Definition: stringfields.h:521
ast_string_field_init
#define ast_string_field_init(x, size)
Initialize a field pool and fields.
Definition: stringfields.h:359
S_OR
#define S_OR(a, b)
returns the equivalent of logic or for strings: first one if not empty, otherwise second one.
Definition: strings.h:80
S_COR
#define S_COR(a, b, c)
returns the equivalent of logic or for strings, with an additional boolean check: second one if not e...
Definition: strings.h:87
ast_stir_shaken_as_ctx
Definition: attestation.h:24
attestation_cfg
Definition: common_config.h:320
profile_cfg
Profile configuration for stir/shaken.
Definition: common_config.h:417
tn_cfg
TN configuration for stir/shaken.
Definition: common_config.h:455
RAII_VAR
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition: utils.h:941
AST_VECTOR_INIT
#define AST_VECTOR_INIT(vec, size)
Initialize a vector.
Definition: vector.h:113

References tn_cfg::acfg_common, AO2_ALLOC_OPT_LOCK_NOLOCK, ao2_alloc_options, ao2_cleanup, as_get_cfg(), ast_channel_name(), ast_channel_ref, ast_free, AST_STIR_SHAKEN_AS_DISABLED, AST_STIR_SHAKEN_AS_INTERNAL_ERROR, AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS, AST_STIR_SHAKEN_AS_MISSING_PARAMETERS, AST_STIR_SHAKEN_AS_NO_PRIVATE_KEY_AVAIL, AST_STIR_SHAKEN_AS_NO_PUBLIC_CERT_URL_AVAIL, AST_STIR_SHAKEN_AS_SUCCESS, ast_string_field_init, ast_string_field_set, ast_strlen_zero(), AST_VECTOR_INIT, attestation_cfg_common::attest_level, canonicalize_tn_alloc(), ast_stir_shaken_as_ctx::chan, ctx_destructor(), ast_stir_shaken_as_ctx::dest_tn, eprofile_get_cfg(), ast_stir_shaken_as_ctx::etn, LOG_ERROR, NULL, ast_stir_shaken_as_ctx::orig_tn, PROFILE_ALLOW_ATTEST, attestation_cfg_common::public_cert_url, RAII_VAR, attestation_cfg_common::raw_key_length, S_COR, S_OR, SCOPE_ENTER, SCOPE_EXIT_LOG_RTN_VALUE, SCOPE_EXIT_RTN_VALUE, ast_stir_shaken_as_ctx::tag, and tn_get_etn().

Referenced by stir_shaken_outgoing_request().

◆ ast_stir_shaken_as_ctx_wants_fingerprints()

int ast_stir_shaken_as_ctx_wants_fingerprints ( struct ast_stir_shaken_as_ctx ctx)

Indicates if the AS context needs DTLS fingerprints.

Parameters
ctxAS Context
Return values
0Not needed
1Needed

Definition at line 200 of file attestation.c.

201{
202 return ENUM_BOOL(ctx->etn->acfg_common.send_mky, send_mky);
203}

References tn_cfg::acfg_common, ENUM_BOOL, ast_stir_shaken_as_ctx::etn, and attestation_cfg_common::send_mky.

Referenced by add_fingerprints_if_present().

◆ ast_stir_shaken_attest()

enum ast_stir_shaken_as_response_code ast_stir_shaken_attest ( struct ast_stir_shaken_as_ctx ctx,
char **  header 
)

Attest and return Identity header value.

Parameters
ctxAS Context
headerPointer to buffer to receive the header value Must be freed with ast_free when done
Return values
AST_STIR_SHAKEN_AS_SUCCESSif successful
OtherAST_STIR_SHAKEN_AS errors.

Definition at line 364 of file attestation.c.

366{
367 RAII_VAR(jwt_t *, jwt, NULL, jwt_free);
368 jwt_alg_t alg;
369 char *encoded = NULL;
370 enum ast_stir_shaken_as_response_code as_rc;
371 int rc = 0;
372 SCOPE_ENTER(3, "%s: Attestation: orig: %s dest: %s\n",
373 ctx ? ctx->tag : "NULL", ctx ? ctx->orig_tn : "NULL",
374 ctx ? ctx->dest_tn : "NULL");
375
376 if (!ctx) {
377 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_VS_INTERNAL_ERROR, LOG_ERROR,
378 "%s: No context object!\n", "NULL");
379 }
380
381 if (header == NULL) {
382 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS,
383 LOG_ERROR, "%s: Header buffer was NULL\n", ctx->tag);
384 }
385
386 rc = jwt_new(&jwt);
387 if (rc != 0) {
388 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
389 LOG_ERROR, "%s: Cannot create JWT\n", ctx->tag);
390 }
391
392 /*
393 * All headers added need to be in alphabetical order!
394 */
395 alg = jwt_str_alg(STIR_SHAKEN_ENCRYPTION_ALGORITHM);
396 jwt_set_alg(jwt, alg, (const unsigned char *)ctx->etn->acfg_common.raw_key,
397 ctx->etn->acfg_common.raw_key_length);
398 jwt_add_header(jwt, "ppt", STIR_SHAKEN_PPT);
399 jwt_add_header(jwt, "typ", STIR_SHAKEN_TYPE);
400 jwt_add_header(jwt, "x5u", ctx->etn->acfg_common.public_cert_url);
401
402 as_rc = pack_payload(ctx, jwt);
403 if (as_rc != AST_STIR_SHAKEN_AS_SUCCESS) {
404 SCOPE_EXIT_LOG_RTN_VALUE(as_rc,
405 LOG_ERROR, "%s: Cannot pack payload\n", ctx->tag);
406 }
407
408 encoded = jwt_encode_str(jwt);
409 if (!encoded) {
410 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_SIGN_ENCODE_FAILURE,
411 LOG_ERROR, "%s: Unable to sign/encode JWT\n", ctx->tag);
412 }
413
414 rc = ast_asprintf(header, "%s;info=<%s>;alg=%s;ppt=%s",
415 encoded, ctx->etn->acfg_common.public_cert_url, jwt_alg_str(alg),
416 STIR_SHAKEN_PPT);
417 ast_std_free(encoded);
418 if (rc < 0) {
419 SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_AS_INTERNAL_ERROR,
420 LOG_ERROR, "%s: Unable to allocate memory for identity header\n",
421 ctx->tag);
422 }
423
424 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_SUCCESS, "%s: Done\n", ctx->tag);
425}
ast_std_free
void ast_std_free(void *ptr)
Definition: astmm.c:1734
pack_payload
static enum ast_stir_shaken_as_response_code pack_payload(struct ast_stir_shaken_as_ctx *ctx, jwt_t *jwt)
Definition: attestation.c:290
ast_stir_shaken_as_response_code
ast_stir_shaken_as_response_code
Definition: res_stir_shaken.h:61
AST_STIR_SHAKEN_AS_SIGN_ENCODE_FAILURE
@ AST_STIR_SHAKEN_AS_SIGN_ENCODE_FAILURE
Definition: res_stir_shaken.h:74
AST_STIR_SHAKEN_VS_INTERNAL_ERROR
@ AST_STIR_SHAKEN_VS_INTERNAL_ERROR
Definition: res_stir_shaken.h:27
STIR_SHAKEN_ENCRYPTION_ALGORITHM
#define STIR_SHAKEN_ENCRYPTION_ALGORITHM
Definition: stir_shaken.h:28
STIR_SHAKEN_PPT
#define STIR_SHAKEN_PPT
Definition: stir_shaken.h:29
STIR_SHAKEN_TYPE
#define STIR_SHAKEN_TYPE
Definition: stir_shaken.h:30
ast_stir_shaken_as_ctx::dest_tn
const ast_string_field dest_tn
Definition: attestation.h:29
ast_stir_shaken_as_ctx::orig_tn
const ast_string_field orig_tn
Definition: attestation.h:29
attestation_cfg_common::raw_key
unsigned char * raw_key
Definition: common_config.h:300
attestation_cfg_common::raw_key_length
size_t raw_key_length
Definition: common_config.h:301
attestation_cfg_common::public_cert_url
const ast_string_field public_cert_url
Definition: common_config.h:296

References tn_cfg::acfg_common, ast_asprintf, ast_std_free(), AST_STIR_SHAKEN_AS_INTERNAL_ERROR, AST_STIR_SHAKEN_AS_INVALID_ARGUMENTS, AST_STIR_SHAKEN_AS_SIGN_ENCODE_FAILURE, AST_STIR_SHAKEN_AS_SUCCESS, AST_STIR_SHAKEN_VS_INTERNAL_ERROR, ast_stir_shaken_as_ctx::dest_tn, ast_stir_shaken_as_ctx::etn, LOG_ERROR, NULL, ast_stir_shaken_as_ctx::orig_tn, pack_payload(), attestation_cfg_common::public_cert_url, RAII_VAR, attestation_cfg_common::raw_key, attestation_cfg_common::raw_key_length, SCOPE_ENTER, SCOPE_EXIT_LOG_RTN_VALUE, SCOPE_EXIT_RTN_VALUE, STIR_SHAKEN_ENCRYPTION_ALGORITHM, STIR_SHAKEN_PPT, STIR_SHAKEN_TYPE, and ast_stir_shaken_as_ctx::tag.

Referenced by stir_shaken_outgoing_request().

◆ ctx_destructor()

static void ctx_destructor ( void *  obj)
static

Definition at line 54 of file attestation.c.

55{
56 struct ast_stir_shaken_as_ctx *ctx = obj;
57
58 ao2_cleanup(ctx->etn);
59 ast_channel_cleanup(ctx->chan);
60 ast_string_field_free_memory(ctx);
61 AST_VECTOR_RESET(&ctx->fingerprints, ast_free);
62 AST_VECTOR_FREE(&ctx->fingerprints);
63}
ast_channel_cleanup
#define ast_channel_cleanup(c)
Cleanup a channel reference.
Definition: channel.h:3015
ast_string_field_free_memory
#define ast_string_field_free_memory(x)
free all memory - to be called before destroying the object
Definition: stringfields.h:374
ast_stir_shaken_as_ctx::chan
struct ast_channel * chan
Definition: attestation.h:30
AST_VECTOR_RESET
#define AST_VECTOR_RESET(vec, cleanup)
Reset vector.
Definition: vector.h:625
AST_VECTOR_FREE
#define AST_VECTOR_FREE(vec)
Deallocates this vector.
Definition: vector.h:174

References ao2_cleanup, ast_channel_cleanup, ast_free, ast_string_field_free_memory, AST_VECTOR_FREE, AST_VECTOR_RESET, ast_stir_shaken_as_ctx::chan, ast_stir_shaken_as_ctx::etn, and ast_stir_shaken_as_ctx::fingerprints.

Referenced by ast_stir_shaken_as_ctx_create().

◆ pack_payload()

static enum ast_stir_shaken_as_response_code pack_payload ( struct ast_stir_shaken_as_ctx ctx,
jwt_t *  jwt 
)
static

Definition at line 290 of file attestation.c.

292{
293 RAII_VAR(struct ast_json *, payload, ast_json_object_create(), ast_json_unref);
294 /*
295 * These don't need RAII because once they're added to payload,
296 * they'll get destroyed when payload gets unreffed.
297 */
298 struct ast_json *dest;
299 struct ast_json *tns;
300 struct ast_json *orig;
301 char origid[AST_UUID_STR_LEN];
302 char *payload_str = NULL;
303 SCOPE_ENTER(3, "%s: Enter\n", ctx->tag);
304
305 /*
306 * All fields added need to be in alphabetical order
307 * and there must be no whitespace in the result.
308 *
309 * We can't use ast_json_pack here because the entries
310 * need to be kept in order and the "mky" array may
311 * not be present.
312 */
313
314 /*
315 * The order of the calls matters. We want to add an object
316 * to its parent as soon as it's created, then add things
317 * to it. This way if something later fails, the whole thing
318 * will get destroyed when its parent gets destroyed.
319 */
320 CREATE_JSON_SET_OBJ(ast_json_string_create(
321 attest_level_to_str(ctx->etn->acfg_common.attest_level)),
322 payload, "attest");
323
324 dest = CREATE_JSON_SET_OBJ(ast_json_object_create(), payload, "dest");
325 tns = CREATE_JSON_SET_OBJ(ast_json_array_create(), dest, "tn");
326 CREATE_JSON_APPEND_ARRAY(ast_json_string_create(ctx->dest_tn), tns);
327
328 CREATE_JSON_SET_OBJ(ast_json_integer_create(time(NULL)), payload, "iat");
329
330 if (AST_VECTOR_SIZE(&ctx->fingerprints)
331 && ENUM_BOOL(ctx->etn->acfg_common.send_mky, send_mky)) {
332 struct ast_json *mky;
333 int i;
334
335 mky = CREATE_JSON_SET_OBJ(ast_json_array_create(), payload, "mky");
336
337 for (i = 0; i < AST_VECTOR_SIZE(&ctx->fingerprints); i++) {
338 struct ast_json *mk;
339 char *afp = AST_VECTOR_GET(&ctx->fingerprints, i);
340 char *fp = strchr(afp, ':');
341 *fp++ = '\0';
342
343 mk = CREATE_JSON_APPEND_ARRAY(ast_json_object_create(), mky);
344 CREATE_JSON_SET_OBJ(ast_json_string_create(afp), mk, "alg");
345 CREATE_JSON_SET_OBJ(ast_json_string_create(fp), mk, "dig");
346 }
347 }
348
349 orig = CREATE_JSON_SET_OBJ(ast_json_object_create(), payload, "orig");
350 CREATE_JSON_SET_OBJ(ast_json_string_create(ctx->orig_tn), orig, "tn");
351
352 ast_uuid_generate_str(origid, sizeof(origid));
353 CREATE_JSON_SET_OBJ(ast_json_string_create(origid), payload, "origid");
354
355 payload_str = ast_json_dump_string_format(payload, AST_JSON_COMPACT);
356 ast_trace(2, "Payload: %s\n", payload_str);
357 jwt_add_grants_json(jwt, payload_str);
358 ast_json_free(payload_str);
359
360 SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_AS_SUCCESS, "Done\n");
361
362}
CREATE_JSON_APPEND_ARRAY
#define CREATE_JSON_APPEND_ARRAY(__val, __obj)
Definition: attestation.c:273
CREATE_JSON_SET_OBJ
#define CREATE_JSON_SET_OBJ(__val, __obj, __name)
Definition: attestation.c:256
ast_trace
#define ast_trace(level,...)
Definition: include/asterisk/logger.h:1000
ast_json_string_create
struct ast_json * ast_json_string_create(const char *value)
Construct a JSON string from value.
Definition: json.c:278
ast_json_unref
void ast_json_unref(struct ast_json *value)
Decrease refcount on value. If refcount reaches zero, value is freed.
Definition: json.c:73
ast_json_free
void ast_json_free(void *p)
Asterisk's custom JSON allocator. Exposed for use by unit tests.
Definition: json.c:52
ast_json_object_create
struct ast_json * ast_json_object_create(void)
Create a new JSON object.
Definition: json.c:399
ast_json_integer_create
struct ast_json * ast_json_integer_create(intmax_t value)
Create a JSON integer.
Definition: json.c:327
ast_json_array_create
struct ast_json * ast_json_array_create(void)
Create a empty JSON array.
Definition: json.c:362
AST_JSON_COMPACT
@ AST_JSON_COMPACT
Definition: json.h:793
ast_json_dump_string_format
char * ast_json_dump_string_format(struct ast_json *root, enum ast_json_encoding_format format)
Encode a JSON value to a string.
Definition: json.c:484
ast_json
Abstract JSON element (object, array, string, int, ...).
attestation_cfg_common::attest_level
enum attest_level_enum attest_level
Definition: common_config.h:297
AST_UUID_STR_LEN
#define AST_UUID_STR_LEN
Definition: uuid.h:27
ast_uuid_generate_str
char * ast_uuid_generate_str(char *buf, size_t size)
Generate a UUID string.
Definition: uuid.c:141
AST_VECTOR_SIZE
#define AST_VECTOR_SIZE(vec)
Get the number of elements in a vector.
Definition: vector.h:609
AST_VECTOR_GET
#define AST_VECTOR_GET(vec, idx)
Get an element from a vector.
Definition: vector.h:680

References tn_cfg::acfg_common, ast_json_array_create(), AST_JSON_COMPACT, ast_json_dump_string_format(), ast_json_free(), ast_json_integer_create(), ast_json_object_create(), ast_json_string_create(), ast_json_unref(), AST_STIR_SHAKEN_AS_SUCCESS, ast_trace, ast_uuid_generate_str(), AST_UUID_STR_LEN, AST_VECTOR_GET, AST_VECTOR_SIZE, attestation_cfg_common::attest_level, CREATE_JSON_APPEND_ARRAY, CREATE_JSON_SET_OBJ, ast_stir_shaken_as_ctx::dest_tn, ENUM_BOOL, ast_stir_shaken_as_ctx::etn, ast_stir_shaken_as_ctx::fingerprints, NULL, ast_stir_shaken_as_ctx::orig_tn, RAII_VAR, SCOPE_ENTER, SCOPE_EXIT_RTN_VALUE, attestation_cfg_common::send_mky, and ast_stir_shaken_as_ctx::tag.

Referenced by ast_stir_shaken_attest().

Variable Documentation

◆ as_rc_map

const char* as_rc_map[]
static

Definition at line 31 of file attestation.c.

Referenced by as_response_code_to_str().

Generated on Wed Dec 18 2024 20:04:42 for Asterisk - The Open Source Telephony Project by doxygen 1.9.4