Module: kamailio Branch: master Commit: 84fb4a20a81e065d5bb1bc96b10697bf066ddf33 URL: https://github.com/kamailio/kamailio/commit/84fb4a20a81e065d5bb1bc96b10697b… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2020-11-17T10:11:29+01:00 secsipid: added secsipid_check_identity_pubkey(pubkeyVal) - functions that checks the identity header validity with a public key provided in the parameter --- Modified: src/modules/secsipid/secsipid_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/84fb4a20a81e065d5bb1bc96b10697b… Patch: https://github.com/kamailio/kamailio/commit/84fb4a20a81e065d5bb1bc96b10697b… --- diff --git a/src/modules/secsipid/secsipid_mod.c b/src/modules/secsipid/secsipid_mod.c index bd757b173d..b6f4bd53aa 100644 --- a/src/modules/secsipid/secsipid_mod.c +++ b/src/modules/secsipid/secsipid_mod.c @@ -46,6 +46,7 @@ static int child_init(int); static void mod_destroy(void); static int w_secsipid_check_identity(sip_msg_t *msg, char *pkeypath, char *str2); +static int w_secsipid_check_identity_pubkey(sip_msg_t *msg, char *pkeyval, char *str2); static int w_secsipid_add_identity(sip_msg_t *msg, char *porigtn, char *pdesttn, char *pattest, char *porigid, char *px5u, char *pkeypath); @@ -54,6 +55,8 @@ static int w_secsipid_add_identity(sip_msg_t *msg, char *porigtn, char *pdesttn, static cmd_export_t cmds[]={ {"secsipid_check_identity", (cmd_function)w_secsipid_check_identity, 1, fixup_spve_null, fixup_free_spve_null, ANY_ROUTE}, + {"secsipid_check_identity_pubkey", (cmd_function)w_secsipid_check_identity_pubkey, 1, + fixup_spve_null, fixup_free_spve_null, ANY_ROUTE}, {"secsipid_add_identity", (cmd_function)w_secsipid_add_identity, 6, fixup_spve_all, fixup_free_spve_all, ANY_ROUTE}, {0, 0, 0, 0, 0, 0} @@ -162,6 +165,57 @@ static int w_secsipid_check_identity(sip_msg_t *msg, char *pkeypath, char *str2) return ki_secsipid_check_identity(msg, &keypath); } +/** + * + */ +static int ki_secsipid_check_identity_pubkey(sip_msg_t *msg, str *keyval) +{ + int ret = 1; + str ibody = STR_NULL; + hdr_field_t *hf; + + for (hf=msg->headers; hf; hf=hf->next) { + if (hf->name.len==SECSIPID_HDR_IDENTITY_LEN + && strncasecmp(hf->name.s, SECSIPID_HDR_IDENTITY, + SECSIPID_HDR_IDENTITY_LEN)==0) + break; + } + + if(hf == NULL) { + LM_DBG("no identity header\n"); + return -1; + } + + ibody = hf->body; + + ret = SecSIPIDCheckFullPubKey(ibody.s, ibody.len, secsipid_expire, keyval->s, + keyval->len); + + if(ret==0) { + LM_DBG("identity check: ok\n"); + return 1; + } + + LM_DBG("identity check: failed\n"); + return -1; +} + +/** + * + */ +static int w_secsipid_check_identity_pubkey(sip_msg_t *msg, char *pkeyval, char *str2) +{ + str keyval = STR_NULL; + + if(fixup_get_svalue(msg, (gparam_t*)pkeyval, &keyval)<0) { + LM_ERR("failed to get keyval parameter\n"); + return -1; + } + + return ki_secsipid_check_identity_pubkey(msg, &keyval); +} + + /** * */ @@ -277,6 +331,11 @@ static sr_kemi_t sr_kemi_secsipid_exports[] = { { SR_KEMIP_STR, SR_KEMIP_STR, SR_KEMIP_STR, SR_KEMIP_STR, SR_KEMIP_STR, SR_KEMIP_STR } }, + { str_init("secsipid"), str_init("secsipid_check_identity_pubkey"), + SR_KEMIP_INT, ki_secsipid_check_identity_pubkey, + { SR_KEMIP_STR, SR_KEMIP_NONE, SR_KEMIP_NONE, + SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE } + }, { {0, 0}, {0, 0}, 0, NULL, { 0, 0, 0, 0, 0, 0 } } };