/* For replay attack detection
*/
static int
get_raw_digest(char **digest, char *pkt_data)
{
fko_ctx_t ctx = NULL;
char *tmp_digest = NULL;
int res = FKO_SUCCESS;
/* initialize an FKO context with no decryption key just so
* we can get the outer message digest
*/
res = fko_new_with_data(&ctx, (char *)pkt_data, NULL);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error initializing FKO context from SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
return(SPA_MSG_FKO_CTX_ERROR);
}
res = fko_set_raw_spa_digest_type(ctx, FKO_DEFAULT_DIGEST);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
return(SPA_MSG_DIGEST_ERROR);
}
res = fko_set_raw_spa_digest(ctx);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error setting digest for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
return(SPA_MSG_DIGEST_ERROR);
}
res = fko_get_raw_spa_digest(ctx, &tmp_digest);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error getting digest from SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
return(SPA_MSG_DIGEST_ERROR);
}
*digest = strdup(tmp_digest);
if (digest == NULL)
return SPA_MSG_ERROR;
fko_destroy(ctx);
return res;
}
static void spa_func_getset_short(fko_ctx_t *ctx, char *set_name,
int (*spa_set)(fko_ctx_t ctx, const short modifier),
char *get_name, int (*spa_get)(fko_ctx_t ctx, short *val),
int min, int max, int final_val, int digest_flag,
int new_ctx_flag, int destroy_ctx_flag)
{
fko_ctx_t default_ctx = NULL;
short get_val;
int i, res;
spa_default_ctx(&default_ctx);
printf("[+] calling libfko get/set: %s/%s\n", get_name, set_name);
for (i=min; i <= max; i++) {
get_val = 1234; /* meaningless default */
printf("%s(%d): %s\n", set_name, i, fko_errstr((spa_set)(*ctx, i)));
printf("%s(%d): %s (DUPE)\n", set_name, i, fko_errstr((spa_set)(*ctx, i)));
if (digest_flag == DO_DIGEST)
fko_set_spa_digest(*ctx);
else if (digest_flag == RAW_DIGEST)
fko_set_raw_spa_digest(*ctx);
res = (spa_get)(*ctx, &get_val);
printf("%s(%d): %s\n", get_name, get_val, fko_errstr(res));
ctx_update(ctx, new_ctx_flag, destroy_ctx_flag, DO_PRINT);
if (digest_flag == NO_DIGEST)
spa_calls += 3;
else
spa_calls += 4;
/* also set on a fully populated context */
(spa_set)(default_ctx, i);
}
printf("%s(%d): %s (FINAL)\n", set_name, final_val,
fko_errstr((spa_set)(*ctx, final_val)));
display_ctx(*ctx);
fko_spa_data_final(default_ctx, ENC_KEY, 16, HMAC_KEY, 16);
fko_destroy(default_ctx);
default_ctx = NULL;
return;
}
static PyObject *
set_raw_spa_digest(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
int res;
if(!PyArg_ParseTuple(args, "k", &ctx))
return NULL;
res = fko_set_raw_spa_digest(ctx);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("", NULL);
}
/* For replay attack detection
*/
static int
get_raw_digest(char **digest, char *pkt_data)
{
fko_ctx_t ctx = NULL;
char *tmp_digest = NULL;
int res = FKO_SUCCESS;
short raw_digest_type = -1;
/* initialize an FKO context with no decryption key just so
* we can get the outer message digest
*/
res = fko_new_with_data(&ctx, (char *)pkt_data, NULL, 0,
FKO_DEFAULT_ENC_MODE, NULL, 0, 0);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error initializing FKO context from SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_FKO_CTX_ERROR);
}
res = fko_set_raw_spa_digest_type(ctx, FKO_DEFAULT_DIGEST);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
res = fko_get_raw_spa_digest_type(ctx, &raw_digest_type);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error getting digest type for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
/* Make sure the digest type is what we expect
*/
if(raw_digest_type != FKO_DEFAULT_DIGEST)
{
log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
res = fko_set_raw_spa_digest(ctx);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error setting digest for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
res = fko_get_raw_spa_digest(ctx, &tmp_digest);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error getting digest from SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
*digest = strdup(tmp_digest);
if (*digest == NULL)
res = SPA_MSG_ERROR; /* really a strdup() memory allocation problem */
fko_destroy(ctx);
ctx = NULL;
return res;
}
/* For replay attack detection
*/
static int
get_raw_digest(char **digest, char *pkt_data)
{
fko_ctx_t ctx = NULL;
char *tmp_digest = NULL;
int res = FKO_SUCCESS;
short raw_digest_type = -1;
/* initialize an FKO context with no decryption key just so
* we can get the outer message digest
*/
//pkt_data:SPAÔʼÊý¾Ý°ü¡
//ÔÚ²»´«Èë½âÃÜÃÜÔ¿µÄÇé¿öÏÂÎÒÃÇ¿ÉÒÔ»ñÈ¡½ÓÊÕµ½µÄmessageÕªÒª¡£
res = fko_new_with_data(&ctx, (char *)pkt_data, NULL, 0,
FKO_DEFAULT_ENC_MODE, NULL, 0, 0); //½«pkt_data¸´ÖƵ½ctx->encrypted_msgÖС£
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error initializing FKO context from SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_FKO_CTX_ERROR);
}
//ÉèÖÃSPAÕªÒªÀàÐÍ(default:SHA256)¡£
res = fko_set_raw_spa_digest_type(ctx, FKO_DEFAULT_DIGEST);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
//»ñÈ¡SPAÕªÒªÀàÐÍ(SHA256)¡£
res = fko_get_raw_spa_digest_type(ctx, &raw_digest_type);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error getting digest type for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
/* Make sure the digest type is what we expect
*/
//È·±£ÊÇÎÒÃÇËùÆÚÍûµÄÕªÒªÀàÐÍ¡£
if(raw_digest_type != FKO_DEFAULT_DIGEST)
{
log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
//¼ÆËãctx->encrypted_msgµÄÕªÒª(default:SHA256)£¬´æÈëctx->raw_digest¡£
res = fko_set_raw_spa_digest(ctx);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error setting digest for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
//»ñÈ¡Server¼ÆËã³öµÄÕªÒª¡£tmp_digest=ctx->raw_digest;
res = fko_get_raw_spa_digest(ctx, &tmp_digest);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error getting digest from SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
*digest = strdup(tmp_digest);
if (*digest == NULL)
res = SPA_MSG_ERROR; /* really a strdup() memory allocation problem */
fko_destroy(ctx); //ÊÍ·Åctx½á¹¹¡£
ctx = NULL;
return res;
}
