void stress_c(){
void * p;
void * q;
head = (node *)malloc(sizeof(node));
while(1){
if(queue_size == 0){
p = g_test_fixture.receive_message(NULL);
head = enqueue(p);
} else {
p = dequeue();
queue_size--;
}
if(message_type(ml_index) == COUNT_REPORT){
if(*((int*)(p+64))%20 == 0){
uprintf((CHAR *)"Process C");
}
q = g_test_fixture.request_memory_block();
ml_index = g_test_fixture.delayed_send(STRESS_C_PID, q, 10);
set_message_type(ml_index, WAKEUP_10);
while(1){
p = g_test_fixture.receive_message(NULL);
if(message_type(ml_index) == WAKEUP_10){
break;
} else {
enqueue(p);
}
}
}
g_test_fixture.release_processor();
}
return;
}
int message_api_tests_passed(){
void * p = request_memory_block();
int i = 0;
int testCases = 100;
for(i = 0; i < testCases; i++){
set_sender_PID(p, i);
assert(get_sender_PID(p) == i,"message api function is broken");
set_destination_PID(p, i);
assert(get_destination_PID(p) == i,"message api function is broken");
set_message_type(p, i);
assert(get_message_type(p) == i,"message api function is broken");
assert(get_message_data(p) != 0,"message api function is broken");
assert(get_message_data(p) != 0,"message api function is broken");
//set_message_data(p,p, 10);
}
release_memory_block(p);
return 1;
}
void stress_b(){
void * p;
while(1){
p = g_test_fixture.receive_message(NULL);
ml_index = g_test_fixture.send_message(STRESS_C_PID, p);
set_message_type(ml_index, COUNT_REPORT);
}
return;
}
/****************************************************************************
Message Handler: echo_req(text) -> echo_res(text)
****************************************************************************/
int msg_echo_req(Client *cli, MemBlock *block)
{
#if DEBUG
g_debug("[%s] echo_req", cli->id);
#endif
set_message_magic(block, MAGIC_RESPONSE);
set_message_type(block, MSG_ECHO_RES);
client_send(cli, block);
return 0;
}
void stress_a(){
int num;
void * p = g_test_fixture.request_memory_block();
register_command((CHAR *)"Z");
while(1){
if(current_command == OTHER){
g_test_fixture.release_memory_block(p);
break;
} else {
g_test_fixture.release_memory_block(p);
}
}
num = 0;
while(1){
p = g_test_fixture.request_memory_block();
ml_index = g_test_fixture.send_message(STRESS_A_PID, p);
set_message_type(ml_index, COUNT_REPORT);
*((int *)(p+64)) = num;
num++;
g_test_fixture.release_processor();
}
return;
}
int
main(int argc, char **argv)
{
fko_ctx_t ctx = NULL;
fko_ctx_t ctx2 = NULL;
int res;
char *spa_data=NULL, *version=NULL;
char access_buf[MAX_LINE_LEN] = {0};
char key[MAX_KEY_LEN+1] = {0};
char hmac_key[MAX_KEY_LEN+1] = {0};
int key_len = 0, orig_key_len = 0, hmac_key_len = 0, enc_mode;
int tmp_port = 0;
char dump_buf[CTX_DUMP_BUFSIZE];
fko_cli_options_t options;
memset(&options, 0x0, sizeof(fko_cli_options_t));
/* Initialize the log module */
log_new();
/* Handle command line
*/
config_init(&options, argc, argv);
#if HAVE_LIBFIU
/* Set any fault injection points early
*/
if(! enable_fault_injections(&options))
clean_exit(ctx, &options, key, &key_len, hmac_key,
&hmac_key_len, EXIT_FAILURE);
#endif
/* Handle previous execution arguments if required
*/
if(prev_exec(&options, argc, argv) != 1)
clean_exit(ctx, &options, key, &key_len, hmac_key,
&hmac_key_len, EXIT_FAILURE);
if(options.show_last_command)
clean_exit(ctx, &options, key, &key_len, hmac_key,
&hmac_key_len, EXIT_SUCCESS);
/* Intialize the context
*/
res = fko_new(&ctx);
if(res != FKO_SUCCESS)
{
errmsg("fko_new", res);
clean_exit(ctx, &options, key, &key_len, hmac_key,
&hmac_key_len, EXIT_FAILURE);
}
/* Display version info and exit.
*/
if(options.version)
{
fko_get_version(ctx, &version);
fprintf(stdout, "fwknop client %s, FKO protocol version %s\n",
MY_VERSION, version);
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_SUCCESS);
}
/* Set client timeout
*/
if(options.fw_timeout >= 0)
{
res = fko_set_spa_client_timeout(ctx, options.fw_timeout);
if(res != FKO_SUCCESS)
{
errmsg("fko_set_spa_client_timeout", res);
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
}
/* Set the SPA packet message type based on command line options
*/
res = set_message_type(ctx, &options);
if(res != FKO_SUCCESS)
{
errmsg("fko_set_spa_message_type", res);
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
/* Adjust the SPA timestamp if necessary
*/
if(options.time_offset_plus > 0)
{
res = fko_set_timestamp(ctx, options.time_offset_plus);
if(res != FKO_SUCCESS)
{
errmsg("fko_set_timestamp", res);
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
}
if(options.time_offset_minus > 0)
{
res = fko_set_timestamp(ctx, -options.time_offset_minus);
if(res != FKO_SUCCESS)
{
errmsg("fko_set_timestamp", res);
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
}
if(options.server_command[0] != 0x0)
{
/* Set the access message to a command that the server will
* execute
*/
snprintf(access_buf, MAX_LINE_LEN, "%s%s%s",
options.allow_ip_str, ",", options.server_command);
}
else
{
/* Resolve the client's public facing IP address if requestesd.
* if this fails, consider it fatal.
*/
if (options.resolve_ip_http_https)
{
if(options.resolve_http_only)
{
if(resolve_ip_http(&options) < 0)
{
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
}
else
{
/* Default to HTTPS */
if(resolve_ip_https(&options) < 0)
{
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
}
}
/* Set a message string by combining the allow IP and the
* port/protocol. The fwknopd server allows no port/protocol
* to be specified as well, so in this case append the string
* "none/0" to the allow IP.
*/
if(set_access_buf(ctx, &options, access_buf) != 1)
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
res = fko_set_spa_message(ctx, access_buf);
if(res != FKO_SUCCESS)
{
errmsg("fko_set_spa_message", res);
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
/* Set NAT access string
*/
if (options.nat_local || options.nat_access_str[0] != 0x0)
{
res = set_nat_access(ctx, &options, access_buf);
if(res != FKO_SUCCESS)
{
errmsg("fko_set_nat_access_str", res);
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
}
/* Set username
*/
if(options.spoof_user[0] != 0x0)
{
res = fko_set_username(ctx, options.spoof_user);
if(res != FKO_SUCCESS)
{
errmsg("fko_set_username", res);
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
}
/* Set up for using GPG if specified.
*/
if(options.use_gpg)
{
/* If use-gpg-agent was not specified, then remove the GPG_AGENT_INFO
* ENV variable if it exists.
*/
#ifndef WIN32
if(!options.use_gpg_agent)
unsetenv("GPG_AGENT_INFO");
#endif
res = fko_set_spa_encryption_type(ctx, FKO_ENCRYPTION_GPG);
if(res != FKO_SUCCESS)
{
errmsg("fko_set_spa_encryption_type", res);
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
/* Set gpg path if necessary
*/
if(strlen(options.gpg_exe) > 0)
{
res = fko_set_gpg_exe(ctx, options.gpg_exe);
if(res != FKO_SUCCESS)
{
errmsg("fko_set_gpg_exe", res);
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
}
/* If a GPG home dir was specified, set it here. Note: Setting
* this has to occur before calling any of the other GPG-related
* functions.
*/
if(strlen(options.gpg_home_dir) > 0)
{
res = fko_set_gpg_home_dir(ctx, options.gpg_home_dir);
if(res != FKO_SUCCESS)
{
errmsg("fko_set_gpg_home_dir", res);
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
}
res = fko_set_gpg_recipient(ctx, options.gpg_recipient_key);
if(res != FKO_SUCCESS)
{
errmsg("fko_set_gpg_recipient", res);
if(IS_GPG_ERROR(res))
log_msg(LOG_VERBOSITY_ERROR, "GPG ERR: %s", fko_gpg_errstr(ctx));
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
if(strlen(options.gpg_signer_key) > 0)
{
res = fko_set_gpg_signer(ctx, options.gpg_signer_key);
if(res != FKO_SUCCESS)
{
errmsg("fko_set_gpg_signer", res);
if(IS_GPG_ERROR(res))
log_msg(LOG_VERBOSITY_ERROR, "GPG ERR: %s", fko_gpg_errstr(ctx));
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
}
res = fko_set_spa_encryption_mode(ctx, FKO_ENC_MODE_ASYMMETRIC);
if(res != FKO_SUCCESS)
{
errmsg("fko_set_spa_encryption_mode", res);
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
}
if(options.encryption_mode && !options.use_gpg)
{
res = fko_set_spa_encryption_mode(ctx, options.encryption_mode);
if(res != FKO_SUCCESS)
{
errmsg("fko_set_spa_encryption_mode", res);
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
}
/* Set Digest type.
*/
if(options.digest_type)
{
res = fko_set_spa_digest_type(ctx, options.digest_type);
if(res != FKO_SUCCESS)
{
errmsg("fko_set_spa_digest_type", res);
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
}
/* Acquire the necessary encryption/hmac keys
*/
if(get_keys(ctx, &options, key, &key_len, hmac_key, &hmac_key_len) != 1)
clean_exit(ctx, &options, key, &key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
orig_key_len = key_len;
if(options.encryption_mode == FKO_ENC_MODE_CBC_LEGACY_IV
&& key_len > 16)
{
log_msg(LOG_VERBOSITY_ERROR,
"WARNING: Encryption key in '-M legacy' mode must be <= 16 bytes");
log_msg(LOG_VERBOSITY_ERROR,
"long - truncating before sending SPA packet. Upgrading remote");
log_msg(LOG_VERBOSITY_ERROR,
"fwknopd is recommended.");
key_len = 16;
}
/* Finalize the context data (encrypt and encode the SPA data)
*/
res = fko_spa_data_final(ctx, key, key_len, hmac_key, hmac_key_len);
if(res != FKO_SUCCESS)
{
errmsg("fko_spa_data_final", res);
if(IS_GPG_ERROR(res))
log_msg(LOG_VERBOSITY_ERROR, "GPG ERR: %s", fko_gpg_errstr(ctx));
clean_exit(ctx, &options, key, &orig_key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
/* Display the context data.
*/
if (options.verbose || options.test)
{
res = dump_ctx_to_buffer(ctx, dump_buf, sizeof(dump_buf));
if (res == FKO_SUCCESS)
log_msg(LOG_VERBOSITY_NORMAL, "%s", dump_buf);
else
log_msg(LOG_VERBOSITY_WARNING, "Unable to dump FKO context: %s",
fko_errstr(res));
}
/* Save packet data payload if requested.
*/
if (options.save_packet_file[0] != 0x0)
write_spa_packet_data(ctx, &options);
/* SPA packet random destination port handling
*/
if (options.rand_port)
{
tmp_port = get_rand_port(ctx);
if(tmp_port < 0)
clean_exit(ctx, &options, key, &orig_key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
options.spa_dst_port = tmp_port;
}
/* If we are using one the "raw" modes (normally because
* we're going to spoof the SPA packet source IP), then select
* a random source port unless the source port is already set
*/
if ((options.spa_proto == FKO_PROTO_TCP_RAW
|| options.spa_proto == FKO_PROTO_UDP_RAW
|| options.spa_proto == FKO_PROTO_ICMP)
&& !options.spa_src_port)
{
tmp_port = get_rand_port(ctx);
if(tmp_port < 0)
clean_exit(ctx, &options, key, &orig_key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
options.spa_src_port = tmp_port;
}
res = send_spa_packet(ctx, &options);
if(res < 0)
{
log_msg(LOG_VERBOSITY_ERROR, "send_spa_packet: packet not sent.");
clean_exit(ctx, &options, key, &orig_key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
else
{
log_msg(LOG_VERBOSITY_INFO, "send_spa_packet: bytes sent: %i", res);
}
/* Run through a decode cycle in test mode (--DSS XXX: This test/decode
* portion should be moved elsewhere).
*/
if (options.test)
{
/************** Decoding now *****************/
/* Now we create a new context based on data from the first one.
*/
res = fko_get_spa_data(ctx, &spa_data);
if(res != FKO_SUCCESS)
{
errmsg("fko_get_spa_data", res);
clean_exit(ctx, &options, key, &orig_key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
/* Pull the encryption mode.
*/
res = fko_get_spa_encryption_mode(ctx, &enc_mode);
if(res != FKO_SUCCESS)
{
errmsg("fko_get_spa_encryption_mode", res);
if(fko_destroy(ctx) == FKO_ERROR_ZERO_OUT_DATA)
log_msg(LOG_VERBOSITY_ERROR,
"[*] Could not zero out sensitive data buffer.");
ctx = NULL;
clean_exit(ctx, &options, key, &orig_key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
/* If gpg-home-dir is specified, we have to defer decrypting if we
* use the fko_new_with_data() function because we need to set the
* gpg home dir after the context is created, but before we attempt
* to decrypt the data. Therefore we either pass NULL for the
* decryption key to fko_new_with_data() or use fko_new() to create
* an empty context, populate it with the encrypted data, set our
* options, then decode it.
*
* This also verifies the HMAC and truncates it if there are no
* problems.
*/
res = fko_new_with_data(&ctx2, spa_data, NULL,
0, enc_mode, hmac_key, hmac_key_len, options.hmac_type);
if(res != FKO_SUCCESS)
{
errmsg("fko_new_with_data", res);
if(fko_destroy(ctx2) == FKO_ERROR_ZERO_OUT_DATA)
log_msg(LOG_VERBOSITY_ERROR,
"[*] Could not zero out sensitive data buffer.");
ctx2 = NULL;
clean_exit(ctx, &options, key, &orig_key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
res = fko_set_spa_encryption_mode(ctx2, enc_mode);
if(res != FKO_SUCCESS)
{
errmsg("fko_set_spa_encryption_mode", res);
if(fko_destroy(ctx2) == FKO_ERROR_ZERO_OUT_DATA)
log_msg(LOG_VERBOSITY_ERROR,
"[*] Could not zero out sensitive data buffer.");
ctx2 = NULL;
clean_exit(ctx, &options, key, &orig_key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
/* See if we are using gpg and if we need to set the GPG home dir.
*/
if(options.use_gpg)
{
if(strlen(options.gpg_home_dir) > 0)
{
res = fko_set_gpg_home_dir(ctx2, options.gpg_home_dir);
if(res != FKO_SUCCESS)
{
errmsg("fko_set_gpg_home_dir", res);
if(fko_destroy(ctx2) == FKO_ERROR_ZERO_OUT_DATA)
log_msg(LOG_VERBOSITY_ERROR,
"[*] Could not zero out sensitive data buffer.");
ctx2 = NULL;
clean_exit(ctx, &options, key, &orig_key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
}
}
/* Decrypt
*/
res = fko_decrypt_spa_data(ctx2, key, key_len);
if(res != FKO_SUCCESS)
{
errmsg("fko_decrypt_spa_data", res);
if(IS_GPG_ERROR(res)) {
/* we most likely could not decrypt the gpg-encrypted data
* because we don't have access to the private key associated
* with the public key we used for encryption. Since this is
* expected, return 0 instead of an error condition (so calling
* programs like the fwknop test suite don't interpret this as
* an unrecoverable error), but print the error string for
* debugging purposes. The test suite does run a series of
* tests that use a single key pair for encryption and
* authentication, so decryption become possible for these
* tests. */
log_msg(LOG_VERBOSITY_ERROR, "GPG ERR: %s\n%s", fko_gpg_errstr(ctx2),
"No access to recipient private key?");
}
if(fko_destroy(ctx2) == FKO_ERROR_ZERO_OUT_DATA)
log_msg(LOG_VERBOSITY_ERROR,
"[*] Could not zero out sensitive data buffer.");
ctx2 = NULL;
clean_exit(ctx, &options, key, &orig_key_len,
hmac_key, &hmac_key_len, EXIT_FAILURE);
}
res = dump_ctx_to_buffer(ctx2, dump_buf, sizeof(dump_buf));
if (res == FKO_SUCCESS)
log_msg(LOG_VERBOSITY_NORMAL, "\nDump of the Decoded Data\n%s", dump_buf);
else
log_msg(LOG_VERBOSITY_WARNING, "Unable to dump FKO context: %s", fko_errstr(res));
if(fko_destroy(ctx2) == FKO_ERROR_ZERO_OUT_DATA)
log_msg(LOG_VERBOSITY_ERROR,
"[*] Could not zero out sensitive data buffer.");
ctx2 = NULL;
}
clean_exit(ctx, &options, key, &orig_key_len,
hmac_key, &hmac_key_len, EXIT_SUCCESS);
return EXIT_SUCCESS; /* quiet down a gcc warning */
}
