kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-02 19:16:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

res_stir_shaken: Add inbound INVITE support.

Browse Source 
Integrated STIR/SHAKEN support with incoming INVITES. Upon receiving an
INVITE, the Identity header is retrieved, parsing the message to verify
the signature. If any of the parsing fails,
AST_STIR_SHAKEN_VERIFY_NOT_PRESENT will be added to the channel for this
caller ID. If verification itself fails,
AST_STIR_SHAKEN_VERIFY_SIGNATURE_FAILED will be added. If anything in
the payload does not line up with the SIP signaling,
AST_STIR_SHAKEN_VERIFY_MISMATCH will be added. If all of the above steps
pass, then AST_STIR_SHAKEN_VERIFY_PASSED will be added, completing the
verification process.

A new config option has been added to the general section for
stir_shaken.conf. "signature_timeout" is the amount of time a signature
will be considered valid. If an INVITE is received and the amount of
time between when it was received and when it was signed is greater than
signature_timeout, verification will fail.

Some changes were also made to signing and verification. There was an
error where the whole JSON string was being signed rather than the
header combined with the payload. This has been changed to sign the
correct thing. Verification has been changed to do this as well, and the
unit tests have been updated to reflect these changes.

A couple of utility functions have also been added. One decodes a BASE64
string and returns the decoded string, doing all the length calculations
for you. The other retrieves a string value from a header in a rdata
object.

Change-Id: I855f857be3d1c63b64812ac35d9ce0534085b913
This commit is contained in:
Ben Ford
2020-05-19 14:46:45 -05:00
committed by Joshua Colp
parent 1fcb6b1b21
commit 3927f79cb5
10 changed files with 344 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
main/utils.c
View File

@@ -310,6 +310,37 @@ int ast_base64decode(unsigned char *dst, const char *src, int max)
return cnt;
}
/*! \brief Decode BASE64 encoded text and return the string */
char *ast_base64decode_string(const char *src)
{
size_t encoded_len;
size_t decoded_len;
int padding = 0;
unsigned char *decoded_string;
if (ast_strlen_zero(src)) {
return NULL;
}
encoded_len = strlen(src);
if (encoded_len > 2 && src[encoded_len - 1] == '=') {
padding++;
if (src[encoded_len - 2] == '=') {
padding++;
}
}
decoded_len = (encoded_len / 4 * 3) - padding;
decoded_string = ast_calloc(1, decoded_len);
if (!decoded_string) {
return NULL;
}
ast_base64decode(decoded_string, src, decoded_len);
return (char *)decoded_string;
}
/*! \brief encode text to BASE64 coding */
int ast_base64encode_full(char *dst, const unsigned char *src, int srclen, int max, int linebreaks)
{