de/d3e/security__agreements_8c_source.html

/*

 * Asterisk -- An open source telephony toolkit.

 *

 * Copyright (C) 2022, Commend International

 *

 * Maximilian Fridrich <m.fridrich@commend.com>

 *

 * See http://www.asterisk.org for more information about

 * the Asterisk project. Please do not directly contact

 * any of the maintainers of this project for assistance;

 * the project provides a web site, mailing lists and IRC

 * channels for your use.

 *

 * This program is free software, distributed under the terms of

 * the GNU General Public License Version 2. See the LICENSE file

 * at the top of the source tree.

 */


/*!

 * \file

 *

 * \brief Interact with security agreement negotiations and mechanisms

 *

 * \author Maximilian Fridrich <m.fridrich@commend.com>

 */


#include "asterisk.h"


#include <pjsip.h>


#include "asterisk/res_pjsip.h"


static struct ast_sip_security_mechanism *security_mechanisms_alloc(size_t n_params)

{

    struct ast_sip_security_mechanism *mech;


    mech = ast_calloc(1, sizeof(struct ast_sip_security_mechanism));

    if (mech == NULL) {

        return NULL;

    }

    mech->qvalue = 0.0;

    if (AST_VECTOR_INIT(&mech->mechanism_parameters, n_params) != 0) {

        ast_free(mech);

        return NULL;

    }


    return mech;

}


static struct ast_sip_security_mechanism *security_mechanisms_copy(

    const struct ast_sip_security_mechanism *src)

{

    struct ast_sip_security_mechanism *dst = NULL;

    int i, n_params;

    char *param;


    n_params = AST_VECTOR_SIZE(&src->mechanism_parameters);


    dst = security_mechanisms_alloc(n_params);

    if (dst == NULL) {

        return NULL;

    }

    dst->type = src->type;

    dst->qvalue = src->qvalue;


    for (i = 0; i < n_params; i++) {

        param = ast_strdup(AST_VECTOR_GET(&src->mechanism_parameters, i));

        AST_VECTOR_APPEND(&dst->mechanism_parameters, param);

    }


    return dst;

}


static void security_mechanism_destroy(struct ast_sip_security_mechanism *mech)

{

    AST_VECTOR_RESET(&mech->mechanism_parameters, ast_free);

    AST_VECTOR_FREE(&mech->mechanism_parameters);

    ast_free(mech);

}


void ast_sip_security_mechanisms_vector_copy(struct ast_sip_security_mechanism_vector *dst,

    const struct ast_sip_security_mechanism_vector *src)

{

    struct ast_sip_security_mechanism *mech;

    int i;


    ast_sip_security_mechanisms_vector_destroy(dst);

    for (i = 0; i < AST_VECTOR_SIZE(src); i++) {

        mech = AST_VECTOR_GET(src, i);

        AST_VECTOR_APPEND(dst, security_mechanisms_copy(mech));

    }

};


void ast_sip_security_mechanisms_vector_destroy(struct ast_sip_security_mechanism_vector *security_mechanisms)

{

    if (!security_mechanisms) {

        return;

    }


    AST_VECTOR_RESET(security_mechanisms, security_mechanism_destroy);

    AST_VECTOR_FREE(security_mechanisms);

}


static char *mechanism_str[] = {

    [AST_SIP_SECURITY_MECH_NONE] = "none",

    [AST_SIP_SECURITY_MECH_MSRP_TLS] = "msrp-tls",

    [AST_SIP_SECURITY_MECH_SDES_SRTP] = "sdes-srtp",

    [AST_SIP_SECURITY_MECH_DTLS_SRTP] = "dtls-srtp",

};


static int str_to_security_mechanism_type(const char *security_mechanism) {

    int i = 0;


    for (i = 0; i < ARRAY_LEN(mechanism_str); i++) {

        if (!strcasecmp(security_mechanism, mechanism_str[i])) {

            return i;

        }

    }


    return -1;

}


static int security_mechanism_to_str(const struct ast_sip_security_mechanism *security_mechanism, int add_qvalue, char **buf)

{

    size_t size;

    int i;

    int rc = 0;

    RAII_VAR(struct ast_str *, str, ast_str_create(MAX_OBJECT_FIELD), ast_free);


    if (str == NULL) {

        return ENOMEM;

    }


    if (security_mechanism == NULL) {

        return EINVAL;

    }


    rc = ast_str_set(&str, 0, "%s", mechanism_str[security_mechanism->type]);

    if (rc <= 0) {

        return ENOMEM;

    }

    if (add_qvalue) {

        rc = ast_str_append(&str, 0, ";q=%f.4", security_mechanism->qvalue);

        if (rc <= 0) {

            return ENOMEM;

        }

    }


    size = AST_VECTOR_SIZE(&security_mechanism->mechanism_parameters);

    for (i = 0; i < size; ++i) {

        rc = ast_str_append(&str, 0, ";%s", AST_VECTOR_GET(&security_mechanism->mechanism_parameters, i));

        if (rc <= 0) {

            return ENOMEM;

        }

    }


    *buf = ast_strdup(ast_str_buffer(str));

    return 0;

}


int ast_sip_security_mechanisms_to_str(const struct ast_sip_security_mechanism_vector *security_mechanisms, int add_qvalue, char **buf)

{

    size_t vec_size;

    struct ast_sip_security_mechanism *mech;

    char *tmp_buf;

    RAII_VAR(struct ast_str *, str, ast_str_create(MAX_OBJECT_FIELD), ast_free);

    size_t i;

    int rc = 0;


    if (str == NULL) {

        return ENOMEM;

    }


    if (!security_mechanisms) {

        return -1;

    }


    vec_size = AST_VECTOR_SIZE(security_mechanisms);

    if (vec_size == 0) {

        return -1;

    }


    for (i = 0; i < vec_size; ++i) {

        mech = AST_VECTOR_GET(security_mechanisms, i);

        rc = security_mechanism_to_str(mech, add_qvalue, &tmp_buf);

        if (rc) {

            return rc;

        }

        rc = ast_str_append(&str, 0, "%s, ", tmp_buf);

        ast_free(tmp_buf);

        if (rc <= 0) {

            return ENOMEM;

        }

    }


    /* ast_str_truncate removes the trailing ", " on the last mechanism */

    *buf = ast_strdup(ast_str_truncate(str, -2));


    return 0;

}


void ast_sip_remove_headers_by_name_and_value(pjsip_msg *msg, const pj_str_t *hdr_name, const char* value)

{

    struct pjsip_generic_string_hdr *hdr = pjsip_msg_find_hdr_by_name(msg, hdr_name, NULL);

    for (; hdr; hdr = pjsip_msg_find_hdr_by_name(msg, hdr_name, hdr->next)) {

        if (value == NULL || !pj_strcmp2(&hdr->hvalue, value)) {

            pj_list_erase(hdr);

        }

        if (hdr->next == hdr) {

            break;

        }

    }

}


/*!

 * \internal

 * \brief Parses a string representing a q_value to a float.

 *

 * Valid q values must be in the range from 0.0 to 1.0 inclusively.

 *

 * \param q_value

 * \retval The parsed qvalue or -1.0 on failure.

 */


static float parse_qvalue(const char *q_value) {

    char *end;

    float ret = strtof(q_value, &end);


    if (end == q_value) {

        /* Not a number. */

        return -1.0;

    } else if ('\0' != *end) {

        /* Extra character at end of input. */

        return -1.0;

    } else if (ret > 1.0 || ret < 0.0) {

        /* Out of valid range. */

        return -1.0;

    }

    return ret;

}


int ast_sip_str_to_security_mechanism(struct ast_sip_security_mechanism **security_mechanism, const char *value) {

    struct ast_sip_security_mechanism *mech;

    char *param;

    char *tmp;

    char *mechanism = ast_strdupa(value);

    int err = 0;

    int type = -1;


    mech = security_mechanisms_alloc(1);

    if (!mech) {

        err = ENOMEM;

        goto out;

    }


    tmp = ast_strsep(&mechanism, ';', AST_STRSEP_ALL);

    type = str_to_security_mechanism_type(tmp);

    if (type == -1) {

        err = EINVAL;

        goto out;

    }


    mech->type = type;

    while ((param = ast_strsep(&mechanism, ';', AST_STRSEP_ALL))) {

        if (!param) {

            err = EINVAL;

            goto out;

        }

        if (!strncmp(param, "q=", 2)) {

            mech->qvalue = parse_qvalue(&param[2]);

            if (mech->qvalue < 0.0) {

                err = EINVAL;

                goto out;

            }

            continue;

        }

        param = ast_strdup(param);

        AST_VECTOR_APPEND(&mech->mechanism_parameters, param);

    }


    *security_mechanism = mech;


out:

    if (err && (mech != NULL)) {

        security_mechanism_destroy(mech);

    }

    return err;

}


int ast_sip_add_security_headers(struct ast_sip_security_mechanism_vector *security_mechanisms,

        const char *header_name, int add_qval, pjsip_tx_data *tdata) {

    struct ast_sip_security_mechanism *mech;

    char *buf;

    int mech_cnt;

    int i;

    int add_qvalue = 1;

    static const pj_str_t proxy_require = { "Proxy-Require", 13 };

    static const pj_str_t require = { "Require", 7 };


    if (!security_mechanisms || !tdata) {

        return EINVAL;

    }


    if (!strcmp(header_name, "Security-Client")) {

        add_qvalue = 0;

    } else if (strcmp(header_name, "Security-Server") &&

            strcmp(header_name, "Security-Verify")) {

        return EINVAL;

    }

    /* If we're adding Security-Client headers, don't add q-value

     * even if the function caller requested it. */

    add_qvalue = add_qvalue && add_qval;


    mech_cnt = AST_VECTOR_SIZE(security_mechanisms);

    for (i = 0; i < mech_cnt; ++i) {

        mech = AST_VECTOR_GET(security_mechanisms, i);

        if (security_mechanism_to_str(mech, add_qvalue, &buf)) {

            continue;

        }

        ast_sip_add_header(tdata, header_name, buf);

        ast_free(buf);

    }


    if (pjsip_msg_find_hdr_by_name(tdata->msg, &require, NULL) == NULL) {

        ast_sip_add_header(tdata, "Require", "mediasec");

    }

    if (pjsip_msg_find_hdr_by_name(tdata->msg, &proxy_require, NULL) == NULL) {

        ast_sip_add_header(tdata, "Proxy-Require", "mediasec");

    }

    return 0;

}


void ast_sip_header_to_security_mechanism(const pjsip_generic_string_hdr *hdr,

        struct ast_sip_security_mechanism_vector *security_mechanisms) {


    struct ast_sip_security_mechanism *mech;

    char buf[512];

    char *hdr_val;

    char *mechanism;


    if (!security_mechanisms || !hdr) {

        return;

    }


    if (pj_stricmp2(&hdr->name, "Security-Client") && pj_stricmp2(&hdr->name, "Security-Server") &&

            pj_stricmp2(&hdr->name, "Security-Verify")) {

        return;

    }


    ast_copy_pj_str(buf, &hdr->hvalue, sizeof(buf));

    hdr_val = ast_skip_blanks(buf);


    while ((mechanism = ast_strsep(&hdr_val, ',', AST_STRSEP_ALL))) {

        if (!ast_sip_str_to_security_mechanism(&mech, mechanism)) {

            AST_VECTOR_APPEND(security_mechanisms, mech);

        }

    }

}


int ast_sip_security_mechanism_vector_init(struct ast_sip_security_mechanism_vector *security_mechanisms, const char *value)

{

    char *val = value ? ast_strdupa(value) : NULL;

    struct ast_sip_security_mechanism *mech;

    char *mechanism;


    ast_sip_security_mechanisms_vector_destroy(security_mechanisms);

    if (AST_VECTOR_INIT(security_mechanisms, 1)) {

        return -1;

    }


    if (!val) {

        return 0;

    }


    while ((mechanism = ast_strsep(&val, ',', AST_STRSEP_ALL))) {

        if (!ast_sip_str_to_security_mechanism(&mech, mechanism)) {

            AST_VECTOR_APPEND(security_mechanisms, mech);

        }

    }


    return 0;

}


str
const char * str
Definition app_jack.c:150

asterisk.h
Asterisk main include file. File version handling, generic pbx functions.

ast_free
#define ast_free(a)
Definition astmm.h:180

ast_strdup
#define ast_strdup(str)
A wrapper for strdup()
Definition astmm.h:241

ast_strdupa
#define ast_strdupa(s)
duplicate a string in memory from the stack
Definition astmm.h:298

ast_calloc
#define ast_calloc(num, len)
A wrapper for calloc()
Definition astmm.h:202

type
static const char type[]
Definition chan_ooh323.c:109

end
char * end
Definition eagi_proxy.c:73

buf
char buf[BUFSIZE]
Definition eagi_proxy.c:66

res_pjsip.h

AST_SIP_SECURITY_MECH_DTLS_SRTP
@ AST_SIP_SECURITY_MECH_DTLS_SRTP
Definition res_pjsip.h:369

AST_SIP_SECURITY_MECH_SDES_SRTP
@ AST_SIP_SECURITY_MECH_SDES_SRTP
Definition res_pjsip.h:367

AST_SIP_SECURITY_MECH_MSRP_TLS
@ AST_SIP_SECURITY_MECH_MSRP_TLS
Definition res_pjsip.h:365

AST_SIP_SECURITY_MECH_NONE
@ AST_SIP_SECURITY_MECH_NONE
Definition res_pjsip.h:363

ast_copy_pj_str
void ast_copy_pj_str(char *dest, const pj_str_t *src, size_t size)
Copy a pj_str_t into a standard character buffer.
Definition res_pjsip.c:2201

ast_sip_add_header
int ast_sip_add_header(pjsip_tx_data *tdata, const char *name, const char *value)
Add a header to an outbound SIP message.
Definition res_pjsip.c:2008

NULL
#define NULL
Definition resample.c:96

ast_sip_header_to_security_mechanism
void ast_sip_header_to_security_mechanism(const pjsip_generic_string_hdr *hdr, struct ast_sip_security_mechanism_vector *security_mechanisms)
Append to security mechanism vector from SIP header.
Definition security_agreements.c:333

ast_sip_security_mechanisms_vector_copy
void ast_sip_security_mechanisms_vector_copy(struct ast_sip_security_mechanism_vector *dst, const struct ast_sip_security_mechanism_vector *src)
Duplicate a security mechanism.
Definition security_agreements.c:81

security_mechanisms_copy
static struct ast_sip_security_mechanism * security_mechanisms_copy(const struct ast_sip_security_mechanism *src)
Definition security_agreements.c:50

security_mechanisms_alloc
static struct ast_sip_security_mechanism * security_mechanisms_alloc(size_t n_params)
Definition security_agreements.c:33

ast_sip_security_mechanisms_vector_destroy
void ast_sip_security_mechanisms_vector_destroy(struct ast_sip_security_mechanism_vector *security_mechanisms)
Free contents of a security mechanism vector.
Definition security_agreements.c:94

security_mechanism_to_str
static int security_mechanism_to_str(const struct ast_sip_security_mechanism *security_mechanism, int add_qvalue, char **buf)
Definition security_agreements.c:124

str_to_security_mechanism_type
static int str_to_security_mechanism_type(const char *security_mechanism)
Definition security_agreements.c:112

ast_sip_security_mechanism_vector_init
int ast_sip_security_mechanism_vector_init(struct ast_sip_security_mechanism_vector *security_mechanisms, const char *value)
Initialize security mechanism vector from string of security mechanisms.
Definition security_agreements.c:360

security_mechanism_destroy
static void security_mechanism_destroy(struct ast_sip_security_mechanism *mech)
Definition security_agreements.c:74

ast_sip_security_mechanisms_to_str
int ast_sip_security_mechanisms_to_str(const struct ast_sip_security_mechanism_vector *security_mechanisms, int add_qvalue, char **buf)
Writes the security mechanisms of an endpoint into a buffer as a string and returns the buffer.
Definition security_agreements.c:162

ast_sip_str_to_security_mechanism
int ast_sip_str_to_security_mechanism(struct ast_sip_security_mechanism **security_mechanism, const char *value)
Allocate a security mechanism from a string.
Definition security_agreements.c:242

parse_qvalue
static float parse_qvalue(const char *q_value)
Definition security_agreements.c:225

ast_sip_remove_headers_by_name_and_value
void ast_sip_remove_headers_by_name_and_value(pjsip_msg *msg, const pj_str_t *hdr_name, const char *value)
Removes all headers of a specific name and value from a pjsip_msg.
Definition security_agreements.c:203

mechanism_str
static char * mechanism_str[]
Definition security_agreements.c:104

ast_sip_add_security_headers
int ast_sip_add_security_headers(struct ast_sip_security_mechanism_vector *security_mechanisms, const char *header_name, int add_qval, pjsip_tx_data *tdata)
Add security headers to transmission data.
Definition security_agreements.c:290

MAX_OBJECT_FIELD
#define MAX_OBJECT_FIELD
Maximum length of an object field name.
Definition sorcery.h:110

ast_str_truncate
char * ast_str_truncate(struct ast_str *buf, ssize_t len)
Truncates the enclosed string to the given length.
Definition strings.h:786

ast_str_append
int ast_str_append(struct ast_str **buf, ssize_t max_len, const char *fmt,...)
Append to a thread local dynamic string.
Definition strings.h:1139

AST_STRSEP_ALL
@ AST_STRSEP_ALL
Definition strings.h:258

ast_str_create
#define ast_str_create(init_len)
Create a malloc'ed dynamic length string.
Definition strings.h:659

ast_str_set
int ast_str_set(struct ast_str **buf, ssize_t max_len, const char *fmt,...)
Set a dynamic string using variable arguments.
Definition strings.h:1113

ast_str_buffer
char *attribute_pure ast_str_buffer(const struct ast_str *buf)
Returns the string buffer within the ast_str buf.
Definition strings.h:761

ast_strsep
char * ast_strsep(char **s, const char sep, uint32_t flags)
Act like strsep but ignore separators inside quotes.
Definition utils.c:1871

ast_skip_blanks
char *attribute_pure ast_skip_blanks(const char *str)
Gets a pointer to the first non-whitespace character in a string.
Definition strings.h:161

ast_sip_security_mechanism_vector
Definition res_pjsip.h:385

ast_sip_security_mechanism
Structure representing a security mechanism as defined in RFC 3329.
Definition res_pjsip.h:376

ast_sip_security_mechanism::mechanism_parameters
struct ast_vector_string mechanism_parameters
Definition res_pjsip.h:382

ast_sip_security_mechanism::qvalue
float qvalue
Definition res_pjsip.h:380

ast_sip_security_mechanism::type
enum ast_sip_security_mechanism_type type
Definition res_pjsip.h:378

ast_str
Support for dynamic strings.
Definition strings.h:623

val
Definition ast_expr2.c:325

value
int value
Definition syslog.c:37

out
FILE * out
Definition utils/frame.c:33

RAII_VAR
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition utils.h:981

ARRAY_LEN
#define ARRAY_LEN(a)
Definition utils.h:706

AST_VECTOR_RESET
#define AST_VECTOR_RESET(vec, cleanup)
Reset vector.
Definition vector.h:636

AST_VECTOR_SIZE
#define AST_VECTOR_SIZE(vec)
Get the number of elements in a vector.
Definition vector.h:620

AST_VECTOR_FREE
#define AST_VECTOR_FREE(vec)
Deallocates this vector.
Definition vector.h:185

AST_VECTOR_INIT
#define AST_VECTOR_INIT(vec, size)
Initialize a vector.
Definition vector.h:124

AST_VECTOR_APPEND
#define AST_VECTOR_APPEND(vec, elem)
Append an element to a vector, growing the vector if needed.
Definition vector.h:267

AST_VECTOR_GET
#define AST_VECTOR_GET(vec, idx)
Get an element from a vector.
Definition vector.h:691