/* For replay attack detection */ static int get_raw_digest(char **digest, char *pkt_data) { fko_ctx_t ctx = NULL; char *tmp_digest = NULL; int res = FKO_SUCCESS; /* initialize an FKO context with no decryption key just so * we can get the outer message digest */ res = fko_new_with_data(&ctx, (char *)pkt_data, NULL); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error initializing FKO context from SPA data: %s", fko_errstr(res)); fko_destroy(ctx); return(SPA_MSG_FKO_CTX_ERROR); } res = fko_set_raw_spa_digest_type(ctx, FKO_DEFAULT_DIGEST); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); return(SPA_MSG_DIGEST_ERROR); } res = fko_set_raw_spa_digest(ctx); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error setting digest for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); return(SPA_MSG_DIGEST_ERROR); } res = fko_get_raw_spa_digest(ctx, &tmp_digest); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error getting digest from SPA data: %s", fko_errstr(res)); fko_destroy(ctx); return(SPA_MSG_DIGEST_ERROR); } *digest = strdup(tmp_digest); if (digest == NULL) return SPA_MSG_ERROR; fko_destroy(ctx); return res; }
static PyObject * get_raw_spa_digest(PyObject *self, PyObject *args) { fko_ctx_t ctx; char *raw_spa_digest; int res; if(!PyArg_ParseTuple(args, "k", &ctx)) return NULL; res = fko_get_raw_spa_digest(ctx, &raw_spa_digest); if(res != FKO_SUCCESS) { PyErr_SetString(FKOError, fko_errstr(res)); return NULL; } return Py_BuildValue("s", raw_spa_digest); }
/* For replay attack detection */ static int get_raw_digest(char **digest, char *pkt_data) { fko_ctx_t ctx = NULL; char *tmp_digest = NULL; int res = FKO_SUCCESS; short raw_digest_type = -1; /* initialize an FKO context with no decryption key just so * we can get the outer message digest */ res = fko_new_with_data(&ctx, (char *)pkt_data, NULL, 0, FKO_DEFAULT_ENC_MODE, NULL, 0, 0); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error initializing FKO context from SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_FKO_CTX_ERROR); } res = fko_set_raw_spa_digest_type(ctx, FKO_DEFAULT_DIGEST); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } res = fko_get_raw_spa_digest_type(ctx, &raw_digest_type); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error getting digest type for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } /* Make sure the digest type is what we expect */ if(raw_digest_type != FKO_DEFAULT_DIGEST) { log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } res = fko_set_raw_spa_digest(ctx); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error setting digest for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } res = fko_get_raw_spa_digest(ctx, &tmp_digest); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error getting digest from SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } *digest = strdup(tmp_digest); if (*digest == NULL) res = SPA_MSG_ERROR; /* really a strdup() memory allocation problem */ fko_destroy(ctx); ctx = NULL; return res; }
/* For replay attack detection */ static int get_raw_digest(char **digest, char *pkt_data) { fko_ctx_t ctx = NULL; char *tmp_digest = NULL; int res = FKO_SUCCESS; short raw_digest_type = -1; /* initialize an FKO context with no decryption key just so * we can get the outer message digest */ //pkt_data:SPAÔʼÊý¾Ý°ü¡ //ÔÚ²»´«Èë½âÃÜÃÜÔ¿µÄÇé¿öÏÂÎÒÃÇ¿ÉÒÔ»ñÈ¡½ÓÊÕµ½µÄmessageÕªÒª¡£ res = fko_new_with_data(&ctx, (char *)pkt_data, NULL, 0, FKO_DEFAULT_ENC_MODE, NULL, 0, 0); //½«pkt_data¸´ÖƵ½ctx->encrypted_msgÖС£ if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error initializing FKO context from SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_FKO_CTX_ERROR); } //ÉèÖÃSPAÕªÒªÀàÐÍ(default:SHA256)¡£ res = fko_set_raw_spa_digest_type(ctx, FKO_DEFAULT_DIGEST); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } //»ñÈ¡SPAÕªÒªÀàÐÍ(SHA256)¡£ res = fko_get_raw_spa_digest_type(ctx, &raw_digest_type); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error getting digest type for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } /* Make sure the digest type is what we expect */ //È·±£ÊÇÎÒÃÇËùÆÚÍûµÄÕªÒªÀàÐÍ¡£ if(raw_digest_type != FKO_DEFAULT_DIGEST) { log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } //¼ÆËãctx->encrypted_msgµÄÕªÒª(default:SHA256)£¬´æÈëctx->raw_digest¡£ res = fko_set_raw_spa_digest(ctx); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error setting digest for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } //»ñÈ¡Server¼ÆËã³öµÄÕªÒª¡£tmp_digest=ctx->raw_digest; res = fko_get_raw_spa_digest(ctx, &tmp_digest); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error getting digest from SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } *digest = strdup(tmp_digest); if (*digest == NULL) res = SPA_MSG_ERROR; /* really a strdup() memory allocation problem */ fko_destroy(ctx); //ÊÍ·Åctx½á¹¹¡£ ctx = NULL; return res; }