<p>Friendly Automation <strong>submitted</strong> this change.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/14339">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Joshua Colp: Looks good to me, approved
Kevin Harwell: Looks good to me, but someone else must approve
Friendly Automation: Approved for Submit
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">res_stir_shaken: Added dialplan function and API call.<br><br>Adds the "STIR_SHAKEN" dialplan function and an API call to add a<br>STIR_SHAKEN verification result to a channel. This information will be<br>held in a datastore on the channel that can later be queried through the<br>"STIR_SHAKEN" dialplan funtion to get information on STIR_SHAKEN results<br>including identity, attestation, and verify_result. Here are some<br>examples:<br><br>STIR_SHAKEN(count)<br>STIR_SHAKEN(0, identity)<br>STIR_SHAKEN(1, attestation)<br>STIR_SHAKEN(2, verify_result)<br><br>Getting the count can be used to iterate through the results and pull<br>information by specifying the index and the field you want to retrieve.<br><br>Change-Id: Ice6d52a3a7d6e4607c9c35b28a1f7c25f5284a82<br>---<br>A configs/samples/stir_shaken.conf.sample<br>M include/asterisk/res_stir_shaken.h<br>M res/res_stir_shaken.c<br>3 files changed, 372 insertions(+), 2 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/configs/samples/stir_shaken.conf.sample b/configs/samples/stir_shaken.conf.sample</span><br><span>new file mode 100644</span><br><span>index 0000000..57d1634</span><br><span>--- /dev/null</span><br><span>+++ b/configs/samples/stir_shaken.conf.sample</span><br><span>@@ -0,0 +1,49 @@</span><br><span style="color: hsl(120, 100%, 40%);">+;</span><br><span style="color: hsl(120, 100%, 40%);">+; This file is used by the res_stir_shaken module to configure parameters</span><br><span style="color: hsl(120, 100%, 40%);">+; used for STIR/SHAKEN.</span><br><span style="color: hsl(120, 100%, 40%);">+;</span><br><span style="color: hsl(120, 100%, 40%);">+;</span><br><span style="color: hsl(120, 100%, 40%);">+; [general]</span><br><span style="color: hsl(120, 100%, 40%);">+;</span><br><span style="color: hsl(120, 100%, 40%);">+; File path to the certificate authority certificate</span><br><span style="color: hsl(120, 100%, 40%);">+;ca_file=/etc/asterisk/stir/ca.crt</span><br><span style="color: hsl(120, 100%, 40%);">+;</span><br><span style="color: hsl(120, 100%, 40%);">+; File path to a chain of trust</span><br><span style="color: hsl(120, 100%, 40%);">+;ca_path=/etc/asterisk/stir/ca</span><br><span style="color: hsl(120, 100%, 40%);">+;</span><br><span style="color: hsl(120, 100%, 40%);">+; Maximum size to use for caching public keys</span><br><span style="color: hsl(120, 100%, 40%);">+;cache_max_size=1000</span><br><span style="color: hsl(120, 100%, 40%);">+;</span><br><span style="color: hsl(120, 100%, 40%);">+; Maximum time to wait to CURL certificates</span><br><span style="color: hsl(120, 100%, 40%);">+;curl_timeout</span><br><span style="color: hsl(120, 100%, 40%);">+;</span><br><span style="color: hsl(120, 100%, 40%);">+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;</span><br><span style="color: hsl(120, 100%, 40%);">+;</span><br><span style="color: hsl(120, 100%, 40%);">+; A certificate store is used to examine, and load all certificates found in a</span><br><span style="color: hsl(120, 100%, 40%);">+; given directory. When using this type the public key URL is generated based</span><br><span style="color: hsl(120, 100%, 40%);">+; upon the filename, and variable substitution.</span><br><span style="color: hsl(120, 100%, 40%);">+;[certificates]</span><br><span style="color: hsl(120, 100%, 40%);">+;</span><br><span style="color: hsl(120, 100%, 40%);">+; type must be "store"</span><br><span style="color: hsl(120, 100%, 40%);">+;type=store</span><br><span style="color: hsl(120, 100%, 40%);">+;</span><br><span style="color: hsl(120, 100%, 40%);">+; Path to a directory containing certificates</span><br><span style="color: hsl(120, 100%, 40%);">+;path=/etc/asterisk/stir</span><br><span style="color: hsl(120, 100%, 40%);">+;</span><br><span style="color: hsl(120, 100%, 40%);">+; URL to the public key(s). Must contain variable '${CERTIFICATE}' used for</span><br><span style="color: hsl(120, 100%, 40%);">+; substitution</span><br><span style="color: hsl(120, 100%, 40%);">+;public_key_url=http://mycompany.com/${CERTIFICATE}.pub</span><br><span style="color: hsl(120, 100%, 40%);">+;</span><br><span style="color: hsl(120, 100%, 40%);">+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;</span><br><span style="color: hsl(120, 100%, 40%);">+;</span><br><span style="color: hsl(120, 100%, 40%);">+; Individual certificates are declared by using the certificate type.</span><br><span style="color: hsl(120, 100%, 40%);">+;[alice]</span><br><span style="color: hsl(120, 100%, 40%);">+;</span><br><span style="color: hsl(120, 100%, 40%);">+; type must be "certificate"</span><br><span style="color: hsl(120, 100%, 40%);">+;type=certificate</span><br><span style="color: hsl(120, 100%, 40%);">+;</span><br><span style="color: hsl(120, 100%, 40%);">+; File path to a certificate</span><br><span style="color: hsl(120, 100%, 40%);">+;path=/etc/asterisk/stir/alice.crt</span><br><span style="color: hsl(120, 100%, 40%);">+;</span><br><span style="color: hsl(120, 100%, 40%);">+; URL to the public key</span><br><span style="color: hsl(120, 100%, 40%);">+;public_key_url=http://mycompany.com/alice.pub</span><br><span>diff --git a/include/asterisk/res_stir_shaken.h b/include/asterisk/res_stir_shaken.h</span><br><span>index a65a887..48bfa00 100644</span><br><span>--- a/include/asterisk/res_stir_shaken.h</span><br><span>+++ b/include/asterisk/res_stir_shaken.h</span><br><span>@@ -21,11 +21,32 @@</span><br><span> #include <openssl/evp.h></span><br><span> #include <openssl/pem.h></span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+enum ast_stir_shaken_verification_result {</span><br><span style="color: hsl(120, 100%, 40%);">+ AST_STIR_SHAKEN_VERIFY_NOT_PRESENT, /*! No STIR/SHAKEN information was available */</span><br><span style="color: hsl(120, 100%, 40%);">+ AST_STIR_SHAKEN_VERIFY_SIGNATURE_FAILED, /*! Signature verification failed */</span><br><span style="color: hsl(120, 100%, 40%);">+ AST_STIR_SHAKEN_VERIFY_MISMATCH, /*! Contents of the signaling and the STIR/SHAKEN payload did not match */</span><br><span style="color: hsl(120, 100%, 40%);">+ AST_STIR_SHAKEN_VERIFY_PASSED, /*! Signature verified and contents match signaling */</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> struct ast_stir_shaken_payload;</span><br><span> </span><br><span> struct ast_json;</span><br><span> </span><br><span> /*!</span><br><span style="color: hsl(120, 100%, 40%);">+ * \brief Add a STIR/SHAKEN verification result to a channel</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param chan The channel</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param identity The identity</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param attestation The attestation</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param result The verification result</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * \retval -1 on failure</span><br><span style="color: hsl(120, 100%, 40%);">+ * \retval 0 on success</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+int ast_stir_shaken_add_verification(struct ast_channel *chan, const char *identity, const char *attestation,</span><br><span style="color: hsl(120, 100%, 40%);">+ enum ast_stir_shaken_verification_result result);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/*!</span><br><span> * \brief Verify a JSON STIR/SHAKEN payload</span><br><span> *</span><br><span> * \param header The payload header</span><br><span>diff --git a/res/res_stir_shaken.c b/res/res_stir_shaken.c</span><br><span>index 97fb177..90ceb93 100644</span><br><span>--- a/res/res_stir_shaken.c</span><br><span>+++ b/res/res_stir_shaken.c</span><br><span>@@ -32,6 +32,9 @@</span><br><span> #include "asterisk/astdb.h"</span><br><span> #include "asterisk/paths.h"</span><br><span> #include "asterisk/conversions.h"</span><br><span style="color: hsl(120, 100%, 40%);">+#include "asterisk/pbx.h"</span><br><span style="color: hsl(120, 100%, 40%);">+#include "asterisk/global_datastores.h"</span><br><span style="color: hsl(120, 100%, 40%);">+#include "asterisk/app.h"</span><br><span> </span><br><span> #include "asterisk/res_stir_shaken.h"</span><br><span> #include "res_stir_shaken/stir_shaken.h"</span><br><span>@@ -92,9 +95,41 @@</span><br><span> Must be a valid http, or https, URL.</span><br><span> </para></description></span><br><span> </configOption></span><br><span style="color: hsl(120, 100%, 40%);">+ <configOption name="caller_id_number" default=""></span><br><span style="color: hsl(120, 100%, 40%);">+ <synopsis>The caller ID number to match on.</synopsis></span><br><span style="color: hsl(120, 100%, 40%);">+ </configOption></span><br><span> </configObject></span><br><span> </configFile></span><br><span> </configInfo></span><br><span style="color: hsl(120, 100%, 40%);">+ <function name="STIR_SHAKEN" language="en_US"></span><br><span style="color: hsl(120, 100%, 40%);">+ <synopsis></span><br><span style="color: hsl(120, 100%, 40%);">+ Gets the number of STIR/SHAKEN results or a specific STIR/SHAKEN value from a result on the channel.</span><br><span style="color: hsl(120, 100%, 40%);">+ </synopsis></span><br><span style="color: hsl(120, 100%, 40%);">+ <syntax></span><br><span style="color: hsl(120, 100%, 40%);">+ <parameter name="index" required="true"></span><br><span style="color: hsl(120, 100%, 40%);">+ <para>The index of the STIR/SHAKEN result to get. If only 'count' is passed in, gets the number of STIR/SHAKEN results instead.</para></span><br><span style="color: hsl(120, 100%, 40%);">+ </parameter></span><br><span style="color: hsl(120, 100%, 40%);">+ <parameter name="value" required="false"></span><br><span style="color: hsl(120, 100%, 40%);">+ <para>The value to get from the STIR/SHAKEN result. Only used when an index is passed in (instead of 'count'). Allowable values:</para></span><br><span style="color: hsl(120, 100%, 40%);">+ <enumlist></span><br><span style="color: hsl(120, 100%, 40%);">+ <enum name = "identity" /></span><br><span style="color: hsl(120, 100%, 40%);">+ <enum name = "attestation" /></span><br><span style="color: hsl(120, 100%, 40%);">+ <enum name = "verify_result" /></span><br><span style="color: hsl(120, 100%, 40%);">+ </enumlist></span><br><span style="color: hsl(120, 100%, 40%);">+ </parameter></span><br><span style="color: hsl(120, 100%, 40%);">+ </syntax></span><br><span style="color: hsl(120, 100%, 40%);">+ <description></span><br><span style="color: hsl(120, 100%, 40%);">+ <para>This function will either return the number of STIR/SHAKEN identities, or return information on the specified identity.</span><br><span style="color: hsl(120, 100%, 40%);">+ To get the number of identities, just pass 'count' as the only parameter to the function. If you want to get information on a</span><br><span style="color: hsl(120, 100%, 40%);">+ specific STIR/SHAKEN identity, you can get the number of identities and then pass an index as the first parameter and one of</span><br><span style="color: hsl(120, 100%, 40%);">+ the values you would like to retrieve as the second parameter.</span><br><span style="color: hsl(120, 100%, 40%);">+ </para></span><br><span style="color: hsl(120, 100%, 40%);">+ <example title="Get count and retrieve value"></span><br><span style="color: hsl(120, 100%, 40%);">+ same => n,NoOp(Number of STIR/SHAKEN identities: ${STIR_SHAKEN(count)})</span><br><span style="color: hsl(120, 100%, 40%);">+ same => n,NoOp(Identity ${STIR_SHAKEN(0, identity)} has attestation level ${STIR_SHAKEN(0, attestation)})</span><br><span style="color: hsl(120, 100%, 40%);">+ </example></span><br><span style="color: hsl(120, 100%, 40%);">+ </description></span><br><span style="color: hsl(120, 100%, 40%);">+ </function></span><br><span> ***/</span><br><span> </span><br><span> #define STIR_SHAKEN_ENCRYPTION_ALGORITHM "ES256"</span><br><span>@@ -146,6 +181,143 @@</span><br><span> }</span><br><span> </span><br><span> /*!</span><br><span style="color: hsl(120, 100%, 40%);">+ * \brief Convert an ast_stir_shaken_verification_result to string representation</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param result The result to convert</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * \retval empty string if not a valid enum value</span><br><span style="color: hsl(120, 100%, 40%);">+ * \retval string representation of result otherwise</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+static const char *stir_shaken_verification_result_to_string(enum ast_stir_shaken_verification_result result)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ switch (result) {</span><br><span style="color: hsl(120, 100%, 40%);">+ case AST_STIR_SHAKEN_VERIFY_NOT_PRESENT:</span><br><span style="color: hsl(120, 100%, 40%);">+ return "Verification not present";</span><br><span style="color: hsl(120, 100%, 40%);">+ case AST_STIR_SHAKEN_VERIFY_SIGNATURE_FAILED:</span><br><span style="color: hsl(120, 100%, 40%);">+ return "Signature failed";</span><br><span style="color: hsl(120, 100%, 40%);">+ case AST_STIR_SHAKEN_VERIFY_MISMATCH:</span><br><span style="color: hsl(120, 100%, 40%);">+ return "Verification mismatch";</span><br><span style="color: hsl(120, 100%, 40%);">+ case AST_STIR_SHAKEN_VERIFY_PASSED:</span><br><span style="color: hsl(120, 100%, 40%);">+ return "Verification passed";</span><br><span style="color: hsl(120, 100%, 40%);">+ default:</span><br><span style="color: hsl(120, 100%, 40%);">+ break;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ return "";</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/* The datastore struct holding verification information for the channel */</span><br><span style="color: hsl(120, 100%, 40%);">+struct stir_shaken_datastore {</span><br><span style="color: hsl(120, 100%, 40%);">+ /* The identitifier for the STIR/SHAKEN verification */</span><br><span style="color: hsl(120, 100%, 40%);">+ char *identity;</span><br><span style="color: hsl(120, 100%, 40%);">+ /* The attestation value */</span><br><span style="color: hsl(120, 100%, 40%);">+ char *attestation;</span><br><span style="color: hsl(120, 100%, 40%);">+ /* The actual verification result */</span><br><span style="color: hsl(120, 100%, 40%);">+ enum ast_stir_shaken_verification_result verify_result;</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/*!</span><br><span style="color: hsl(120, 100%, 40%);">+ * \brief Frees a stir_shaken_datastore structure</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param datastore The datastore to free</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+static void stir_shaken_datastore_free(struct stir_shaken_datastore *datastore)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!datastore) {</span><br><span style="color: hsl(120, 100%, 40%);">+ return;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_free(datastore->identity);</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_free(datastore->attestation);</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_free(datastore);</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/*!</span><br><span style="color: hsl(120, 100%, 40%);">+ * \brief The callback to destroy a stir_shaken_datastore</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param data The stir_shaken_datastore</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+static void stir_shaken_datastore_destroy_cb(void *data)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ struct stir_shaken_datastore *datastore = data;</span><br><span style="color: hsl(120, 100%, 40%);">+ stir_shaken_datastore_free(datastore);</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/* The stir_shaken_datastore info used to add and compare stir_shaken_datastores on the channel */</span><br><span style="color: hsl(120, 100%, 40%);">+static const struct ast_datastore_info stir_shaken_datastore_info = {</span><br><span style="color: hsl(120, 100%, 40%);">+ .type = "STIR/SHAKEN VERIFICATION",</span><br><span style="color: hsl(120, 100%, 40%);">+ .destroy = stir_shaken_datastore_destroy_cb,</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+int ast_stir_shaken_add_verification(struct ast_channel *chan, const char *identity, const char *attestation,</span><br><span style="color: hsl(120, 100%, 40%);">+ enum ast_stir_shaken_verification_result result)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ struct stir_shaken_datastore *ss_datastore;</span><br><span style="color: hsl(120, 100%, 40%);">+ struct ast_datastore *datastore;</span><br><span style="color: hsl(120, 100%, 40%);">+ const char *chan_name;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!chan) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_ERROR, "Channel is required to add STIR/SHAKEN verification\n");</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ chan_name = ast_channel_name(chan);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!identity) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_ERROR, "No identity to add STIR/SHAKEN verification to channel "</span><br><span style="color: hsl(120, 100%, 40%);">+ "%s\n", chan_name);</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (ast_strlen_zero(attestation)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_ERROR, "No attestation to add STIR/SHAKEN verification to "</span><br><span style="color: hsl(120, 100%, 40%);">+ "channel %s\n", chan_name);</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ss_datastore = ast_calloc(1, sizeof(*ss_datastore));</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!ss_datastore) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_ERROR, "Failed to allocate space for STIR/SHAKEN datastore for "</span><br><span style="color: hsl(120, 100%, 40%);">+ "channel %s\n", chan_name);</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ss_datastore->identity = ast_strdup(identity);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!ss_datastore->identity) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_ERROR, "Failed to allocate space for STIR/SHAKEN datastore "</span><br><span style="color: hsl(120, 100%, 40%);">+ "identity for channel %s\n", chan_name);</span><br><span style="color: hsl(120, 100%, 40%);">+ stir_shaken_datastore_free(ss_datastore);</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ss_datastore->attestation = ast_strdup(attestation);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!ss_datastore->attestation) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_ERROR, "Failed to allocate space for STIR/SHAKEN datastore "</span><br><span style="color: hsl(120, 100%, 40%);">+ "attestation for channel %s\n", chan_name);</span><br><span style="color: hsl(120, 100%, 40%);">+ stir_shaken_datastore_free(ss_datastore);</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ss_datastore->verify_result = result;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ datastore = ast_datastore_alloc(&stir_shaken_datastore_info, NULL);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!datastore) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_ERROR, "Failed to allocate space for datastore for channel "</span><br><span style="color: hsl(120, 100%, 40%);">+ "%s\n", chan_name);</span><br><span style="color: hsl(120, 100%, 40%);">+ stir_shaken_datastore_free(ss_datastore);</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ datastore->data = ss_datastore;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_channel_lock(chan);</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_channel_datastore_add(chan, datastore);</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_channel_unlock(chan);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ return 0;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/*!</span><br><span> * \brief Sets the expiration for the public key based on the provided fields.</span><br><span> * If Cache-Control is present, use it. Otherwise, use Expires.</span><br><span> *</span><br><span>@@ -903,6 +1075,126 @@</span><br><span> return NULL;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+/*!</span><br><span style="color: hsl(120, 100%, 40%);">+ * \brief Retrieves STIR/SHAKEN verification information for the channel via dialplan.</span><br><span style="color: hsl(120, 100%, 40%);">+ * Examples:</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * STIR_SHAKEN(count)</span><br><span style="color: hsl(120, 100%, 40%);">+ * STIR_SHAKEN(0, identity)</span><br><span style="color: hsl(120, 100%, 40%);">+ * STIR_SHAKEN(1, attestation)</span><br><span style="color: hsl(120, 100%, 40%);">+ * STIR_SHAKEN(27, verify_result)</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * \retval -1 on failure</span><br><span style="color: hsl(120, 100%, 40%);">+ * \retval 0 on success</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+static int stir_shaken_read(struct ast_channel *chan, const char *function,</span><br><span style="color: hsl(120, 100%, 40%);">+ char *data, char *buf, size_t len)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ struct stir_shaken_datastore *ss_datastore;</span><br><span style="color: hsl(120, 100%, 40%);">+ struct ast_datastore *datastore;</span><br><span style="color: hsl(120, 100%, 40%);">+ char *parse;</span><br><span style="color: hsl(120, 100%, 40%);">+ unsigned int target_index, current_index = 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ AST_DECLARE_APP_ARGS(args,</span><br><span style="color: hsl(120, 100%, 40%);">+ AST_APP_ARG(first_param);</span><br><span style="color: hsl(120, 100%, 40%);">+ AST_APP_ARG(second_param);</span><br><span style="color: hsl(120, 100%, 40%);">+ );</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (ast_strlen_zero(data)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_WARNING, "%s requires at least one argument\n", function);</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!chan) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_ERROR, "No channel for %s function\n", function);</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ parse = ast_strdupa(data);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ AST_STANDARD_APP_ARGS(args, parse);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (ast_strlen_zero(args.first_param)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_ERROR, "An argument must be passed to %s\n", function);</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Check if we are only looking for the number of STIR/SHAKEN verification results */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!strcasecmp(args.first_param, "count")) {</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ size_t count = 0;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!ast_strlen_zero(args.second_param)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_ERROR, "%s only takes 1 paramater for 'count'\n", function);</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_channel_lock(chan);</span><br><span style="color: hsl(120, 100%, 40%);">+ AST_LIST_TRAVERSE(ast_channel_datastores(chan), datastore, entry) {</span><br><span style="color: hsl(120, 100%, 40%);">+ if (datastore->info != &stir_shaken_datastore_info) {</span><br><span style="color: hsl(120, 100%, 40%);">+ continue;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ count++;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_channel_unlock(chan);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ snprintf(buf, len, "%zu", count);</span><br><span style="color: hsl(120, 100%, 40%);">+ return 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /* If we aren't doing a count, then there should be two parameters. The field</span><br><span style="color: hsl(120, 100%, 40%);">+ * we are searching for will be the second parameter. The index is the first.</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (ast_strlen_zero(args.second_param)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_ERROR, "Retrieving a value using %s requires two paramaters (index, value) "</span><br><span style="color: hsl(120, 100%, 40%);">+ "- only index was given (%s)\n", function, args.second_param);</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (ast_str_to_uint(args.first_param, &target_index)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_ERROR, "Failed to convert index %s to integer for function %s\n",</span><br><span style="color: hsl(120, 100%, 40%);">+ args.first_param, function);</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /* We don't store by uid for the datastore, so just search for the specified index */</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_channel_lock(chan);</span><br><span style="color: hsl(120, 100%, 40%);">+ AST_LIST_TRAVERSE(ast_channel_datastores(chan), datastore, entry) {</span><br><span style="color: hsl(120, 100%, 40%);">+ if (datastore->info != &stir_shaken_datastore_info) {</span><br><span style="color: hsl(120, 100%, 40%);">+ continue;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (current_index == target_index) {</span><br><span style="color: hsl(120, 100%, 40%);">+ break;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ current_index++;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_channel_unlock(chan);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (current_index != target_index || !datastore) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_WARNING, "No STIR/SHAKEN results for index '%s'\n", args.first_param);</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ ss_datastore = datastore->data;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!strcasecmp(args.second_param, "identity")) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_copy_string(buf, ss_datastore->identity, len);</span><br><span style="color: hsl(120, 100%, 40%);">+ } else if (!strcasecmp(args.second_param, "attestation")) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_copy_string(buf, ss_datastore->attestation, len);</span><br><span style="color: hsl(120, 100%, 40%);">+ } else if (!strcasecmp(args.second_param, "verify_result")) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_copy_string(buf, stir_shaken_verification_result_to_string(ss_datastore->verify_result), len);</span><br><span style="color: hsl(120, 100%, 40%);">+ } else {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_log(LOG_ERROR, "No such value '%s' for %s\n", args.second_param, function);</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ return 0;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+static struct ast_custom_function stir_shaken_function = {</span><br><span style="color: hsl(120, 100%, 40%);">+ .name = "STIR_SHAKEN",</span><br><span style="color: hsl(120, 100%, 40%);">+ .read = stir_shaken_read,</span><br><span style="color: hsl(120, 100%, 40%);">+};</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> static int reload_module(void)</span><br><span> {</span><br><span> if (stir_shaken_sorcery) {</span><br><span>@@ -914,6 +1206,8 @@</span><br><span> </span><br><span> static int unload_module(void)</span><br><span> {</span><br><span style="color: hsl(120, 100%, 40%);">+ int res = 0;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> stir_shaken_certificate_unload();</span><br><span> stir_shaken_store_unload();</span><br><span> stir_shaken_general_unload();</span><br><span>@@ -921,11 +1215,15 @@</span><br><span> ast_sorcery_unref(stir_shaken_sorcery);</span><br><span> stir_shaken_sorcery = NULL;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- return 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ res |= ast_custom_function_unregister(&stir_shaken_function);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ return res;</span><br><span> }</span><br><span> </span><br><span> static int load_module(void)</span><br><span> {</span><br><span style="color: hsl(120, 100%, 40%);">+ int res = 0;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> if (!(stir_shaken_sorcery = ast_sorcery_open())) {</span><br><span> ast_log(LOG_ERROR, "stir/shaken - failed to open sorcery\n");</span><br><span> return AST_MODULE_LOAD_DECLINE;</span><br><span>@@ -948,7 +1246,9 @@</span><br><span> </span><br><span> ast_sorcery_load(ast_stir_shaken_sorcery());</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- return AST_MODULE_LOAD_SUCCESS;</span><br><span style="color: hsl(120, 100%, 40%);">+ res |= ast_custom_function_register(&stir_shaken_function);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ return res;</span><br><span> }</span><br><span> </span><br><span> AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_GLOBAL_SYMBOLS | AST_MODFLAG_LOAD_ORDER,</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/14339">change 14339</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/14339"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: Ice6d52a3a7d6e4607c9c35b28a1f7c25f5284a82 </div>
<div style="display:none"> Gerrit-Change-Number: 14339 </div>
<div style="display:none"> Gerrit-PatchSet: 8 </div>
<div style="display:none"> Gerrit-Owner: Benjamin Keith Ford <bford@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Friendly Automation </div>
<div style="display:none"> Gerrit-Reviewer: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Joshua Colp <jcolp@sangoma.com> </div>
<div style="display:none"> Gerrit-Reviewer: Kevin Harwell <kharwell@digium.com> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>