[Asterisk-code-review] res_stir_shaken: Add inbound INVITE support. (asterisk[master])

Benjamin Keith Ford asteriskteam at digium.com
Tue Jun 2 09:23:02 CDT 2020 

Hello George Joseph, Friendly Automation, 

I'd like you to reexamine a change. Please visit

    https://gerrit.asterisk.org/c/asterisk/+/14447

to look at the new patch set (#2).

Change subject: res_stir_shaken: Add inbound INVITE support.
......................................................................

res_stir_shaken: Add inbound INVITE support.

Integrated STIR/SHAKEN support with incoming INVITES. Upon receiving an
INVITE, the Identity header is retrieved, parsing the message to verify
the signature. If any of the parsing fails,
AST_STIR_SHAKEN_VERIFY_NOT_PRESENT will be added to the channel for this
caller ID. If verification itself fails,
AST_STIR_SHAKEN_VERIFY_SIGNATURE_FAILED will be added. If anything in
the payload does not line up with the SIP signaling,
AST_STIR_SHAKEN_VERIFY_MISMATCH will be added. If all of the above steps
pass, then AST_STIR_SHAKEN_VERIFY_PASSED will be added, completing the
verification process.

A new config option has been added to the general section for
stir_shaken.conf. "signature_timeout" is the amount of time a signature
will be considered valid. If an INVITE is received and the amount of
time between when it was received and when it was signed is greater than
signature_timeout, verification will fail.

Some changes were also made to signing and verification. There was an
error where the whole JSON string was being signed rather than the
header combined with the payload. This has been changed to sign the
correct thing. Verification has been changed to do this as well, and the
unit tests have been updated to reflect these changes.

Change-Id: I855f857be3d1c63b64812ac35d9ce0534085b913
---
M include/asterisk/res_stir_shaken.h
M res/res_pjsip_stir_shaken.c
M res/res_stir_shaken.c
A res/res_stir_shaken.exports.in
M res/res_stir_shaken/general.c
M res/res_stir_shaken/general.h
6 files changed, 341 insertions(+), 34 deletions(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/47/14447/2
-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/14447
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: I855f857be3d1c63b64812ac35d9ce0534085b913
Gerrit-Change-Number: 14447
Gerrit-PatchSet: 2
Gerrit-Owner: Benjamin Keith Ford <bford at digium.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-MessageType: newpatchset
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20200602/bdbed6dc/attachment-0001.html>

More information about the asterisk-code-review mailing list