static void spa_func_int(fko_ctx_t *ctx, char *name,
int (*spa_set)(fko_ctx_t ctx, const int modifier), int min, int max,
int final_val, int new_ctx_flag, int destroy_ctx_flag)
{
fko_ctx_t default_ctx = NULL;
int i;
spa_default_ctx(&default_ctx);
printf("[+] calling libfko function: %s\n", name);
for (i=min; i <= max; i++) {
printf("%s(%d): %s\n", name, i, fko_errstr((spa_set)(*ctx, i)));
printf("%s(%d): %s (DUPE)\n", name, i, fko_errstr((spa_set)(*ctx, i)));
ctx_update(ctx, new_ctx_flag, destroy_ctx_flag, DO_PRINT);
spa_calls += 2;
/* also set on a fully populated context */
(spa_set)(default_ctx, i);
}
printf("%s(%d): %s (FINAL)\n", name, final_val,
fko_errstr((spa_set)(*ctx, final_val)));
display_ctx(*ctx);
fko_spa_data_final(default_ctx, ENC_KEY, 16, HMAC_KEY, 16);
fko_destroy(default_ctx);
default_ctx = NULL;
return;
}
static void spa_func_getset_int(fko_ctx_t *ctx, char *set_name,
int (*spa_set)(fko_ctx_t ctx, const int modifier),
char *get_name, int (*spa_get)(fko_ctx_t ctx, int *val),
int min, int max, int final_val, int new_ctx_flag, int destroy_ctx_flag)
{
fko_ctx_t default_ctx = NULL;
int get_val;
int i, res;
spa_default_ctx(&default_ctx);
printf("[+] calling libfko get/set: %s/%s\n", get_name, set_name);
for (i=min; i <= max; i++) {
get_val = 1234; /* meaningless default */
printf("%s(%d): %s\n", set_name, i, fko_errstr((spa_set)(*ctx, i)));
printf("%s(%d): %s (DUPE)\n", set_name, i, fko_errstr((spa_set)(*ctx, i)));
res = (spa_get)(*ctx, &get_val);
printf("%s(%d): %s\n", get_name, get_val, fko_errstr(res));
ctx_update(ctx, new_ctx_flag, destroy_ctx_flag, DO_PRINT);
spa_calls += 3;
/* also set on a fully populated context */
(spa_set)(default_ctx, i);
}
printf("%s(%d): %s (FINAL)\n", set_name, final_val,
fko_errstr((spa_set)(*ctx, final_val)));
display_ctx(*ctx);
fko_spa_data_final(default_ctx, ENC_KEY, 16, HMAC_KEY, 16);
fko_destroy(default_ctx);
default_ctx = NULL;
return;
}
static void ctx_update(fko_ctx_t *ctx, int new_ctx_flag,
int destroy_ctx_flag, int print_flag)
{
if (destroy_ctx_flag == CTX_DESTROY) {
if (print_flag == DO_PRINT)
printf("fko_destroy(): %s\n", fko_errstr(fko_destroy(*ctx)));
else
fko_destroy(*ctx);
spa_calls++;
*ctx = NULL;
}
if (new_ctx_flag == NEW_CTX) {
/* always destroy before re-creating */
if (print_flag == DO_PRINT)
printf("fko_destroy(): %s\n", fko_errstr(fko_destroy(*ctx)));
else
fko_destroy(*ctx);
*ctx = NULL;
if (print_flag == DO_PRINT)
printf("fko_new(): %s\n", fko_errstr(fko_new(ctx)));
else
fko_new(ctx);
spa_calls += 2;
}
return;
}
/* For replay attack detection
*/
static int
get_raw_digest(char **digest, char *pkt_data)
{
fko_ctx_t ctx = NULL;
char *tmp_digest = NULL;
int res = FKO_SUCCESS;
/* initialize an FKO context with no decryption key just so
* we can get the outer message digest
*/
res = fko_new_with_data(&ctx, (char *)pkt_data, NULL);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error initializing FKO context from SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
return(SPA_MSG_FKO_CTX_ERROR);
}
res = fko_set_raw_spa_digest_type(ctx, FKO_DEFAULT_DIGEST);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
return(SPA_MSG_DIGEST_ERROR);
}
res = fko_set_raw_spa_digest(ctx);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error setting digest for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
return(SPA_MSG_DIGEST_ERROR);
}
res = fko_get_raw_spa_digest(ctx, &tmp_digest);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error getting digest from SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
return(SPA_MSG_DIGEST_ERROR);
}
*digest = strdup(tmp_digest);
if (digest == NULL)
return SPA_MSG_ERROR;
fko_destroy(ctx);
return res;
}
static void afl_enc_pkt_from_file(fko_srv_options_t *opts)
{
FILE *fp = NULL;
fko_ctx_t decrypt_ctx = NULL;
unsigned char enc_spa_pkt[AFL_MAX_PKT_SIZE] = {0}, rc;
int res = 0, es = EXIT_SUCCESS, enc_msg_len;
char dump_buf[AFL_DUMP_CTX_SIZE];
fp = fopen(opts->config[CONF_AFL_PKT_FILE], "rb");
if(fp != NULL)
{
enc_msg_len = 0;
while(fread(&rc, 1, 1, fp))
{
enc_spa_pkt[enc_msg_len] = rc;
enc_msg_len++;
if(enc_msg_len == AFL_MAX_PKT_SIZE-1)
break;
}
fclose(fp);
fko_new(&decrypt_ctx);
res = fko_afl_set_spa_data(decrypt_ctx, (const char *)enc_spa_pkt,
enc_msg_len);
if(res == FKO_SUCCESS)
res = fko_decrypt_spa_data(decrypt_ctx, "fwknoptest",
strlen("fwknoptest"));
if(res == FKO_SUCCESS)
res = dump_ctx_to_buffer(decrypt_ctx, dump_buf, sizeof(dump_buf));
if(res == FKO_SUCCESS)
log_msg(LOG_INFO, "%s", dump_buf);
else
log_msg(LOG_ERR, "Error (%d): %s", res, fko_errstr(res));
fko_destroy(decrypt_ctx);
if(res == FKO_SUCCESS)
{
log_msg(LOG_INFO, "SPA packet decode: %s", fko_errstr(res));
es = EXIT_SUCCESS;
}
else
{
log_msg(LOG_ERR, "Could not decode SPA packet: %s", fko_errstr(res));
es = EXIT_FAILURE;
}
}
else
log_msg(LOG_ERR, "Could not acquire SPA packet from file: %s.",
opts->config[CONF_AFL_PKT_FILE]);
clean_exit(opts, NO_FW_CLEANUP, es);
}
int main(void) {
fko_ctx_t ctx = NULL;
int res = 0, i, es = EXIT_SUCCESS;
int exec=0, success=0, fail=0;
fiu_init(0);
for (i=0; i < sizeof(fiu_rvs)/sizeof(int); i++) {
exec++;
printf("[+] libfiu injection tag: %s\n", fiu_tags[i]);
fiu_enable(fiu_tags[i], fiu_rvs[i], NULL, 0);
res = fko_new(&ctx);
if(strncmp(fiu_tags[i], "fko_set_rand_value_lenval",
strlen("fko_set_rand_value_lenval")) == 0)
res = fko_set_rand_value(ctx, "asdf1234");
if(strncmp(fiu_tags[i], "fko_set_rand_value_strdup",
strlen("fko_set_rand_value_strdup")) == 0)
res = fko_set_rand_value(ctx, "asdf1234");
if(strncmp(fiu_tags[i], "fko_set_username_valuser",
strlen("fko_set_username_valuser")) == 0)
res = fko_set_username(ctx, "BADCHAR=");
if(strncmp(fiu_tags[i], "fko_set_username_strdup",
strlen("fko_set_username_strdup")) == 0)
res = fko_set_username(ctx, "normaluser");
if(res == FKO_SUCCESS)
{
printf("[-] fko_new(): %s\n", fko_errstr(res));
fail++;
es = EXIT_FAILURE;
}
else
{
printf("[+] fko_new(): %s\n", fko_errstr(res));
success++;
}
fko_destroy(ctx);
ctx = NULL;
fiu_disable(fiu_tags[i]);
}
printf("fiu_fault_injection() passed/failed/executed: %d/%d/%d\n",
success, fail, exec);
return es;
}
static void afl_pkt_from_stdin(fko_srv_options_t *opts)
{
FILE *fp = NULL;
fko_ctx_t decode_ctx = NULL;
unsigned char spa_pkt[AFL_MAX_PKT_SIZE] = {0};
int res = 0, es = EXIT_SUCCESS;
char dump_buf[AFL_DUMP_CTX_SIZE];
fp = fdopen(STDIN_FILENO, "r");
if(fp != NULL)
{
if(fgets((char *)spa_pkt, AFL_MAX_PKT_SIZE, fp) == NULL)
{
fclose(fp);
clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
fclose(fp);
fko_new(&decode_ctx);
res = fko_set_encoded_data(decode_ctx, (char *) spa_pkt,
strlen((char *)spa_pkt), 0, FKO_DIGEST_SHA256);
if(res == FKO_SUCCESS)
res = fko_set_spa_data(decode_ctx, (const char *) spa_pkt);
if(res == FKO_SUCCESS)
res = fko_decode_spa_data(decode_ctx);
if(res == FKO_SUCCESS)
res = dump_ctx_to_buffer(decode_ctx, dump_buf, sizeof(dump_buf));
if(res == FKO_SUCCESS)
log_msg(LOG_INFO, "%s", dump_buf);
fko_destroy(decode_ctx);
if(res == FKO_SUCCESS)
{
log_msg(LOG_INFO, "SPA packet decode: %s", fko_errstr(res));
es = EXIT_SUCCESS;
}
else
{
log_msg(LOG_ERR, "Could not decode SPA packet: %s", fko_errstr(res));
es = EXIT_FAILURE;
}
}
else
log_msg(LOG_ERR, "Could not acquire SPA packet from stdin.");
clean_exit(opts, NO_FW_CLEANUP, es);
}
int main(void) {
fko_ctx_t ctx = NULL;
int res = 0;
res = fko_new(&ctx);
if (res == FKO_SUCCESS)
printf("[+] fko_new(): %s\n", fko_errstr(res));
else
printf("[-] fko_new(): %s\n", fko_errstr(res));
fko_destroy(ctx);
return 0;
}
static PyObject *
key_gen(PyObject *self, PyObject *args)
{
char *key_b64;
int key_b64_len;
char *hmac_key_b64;
int hmac_key_b64_len;
int hmac_type;
int res;
if(!PyArg_ParseTuple(args, "s#s#ih", &key_b64, &key_b64_len,
&hmac_key_b64, &hmac_key_b64_len, &hmac_type))
return NULL;
res = fko_key_gen(key_b64, key_b64_len, hmac_key_b64, hmac_key_b64_len,
hmac_type);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("", NULL);
}
/* spa_data_final
*/
static PyObject *
spa_data_final(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
char *enc_key;
int enc_key_len;
char *hmac_key;
int hmac_key_len;
int res;
if(!PyArg_ParseTuple(args, "ks#s#", &ctx, &enc_key, &enc_key_len,
&hmac_key, &hmac_key_len))
return NULL;
res = fko_spa_data_final(ctx, enc_key, enc_key_len,
hmac_key, hmac_key_len);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("", NULL);
}
static int
check_mode_ctx(spa_data_t *spadat, fko_ctx_t *ctx, int attempted_decrypt,
const int enc_type, const int stanza_num, const int res)
{
if(attempted_decrypt == 0)
{
log_msg(LOG_ERR,
"[%s] (stanza #%d) No stanza encryption mode match for encryption type: %i.",
spadat->pkt_source_ip, stanza_num, enc_type);
return 0;
}
/* Do we have a valid FKO context? Did the SPA decrypt properly?
*/
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "[%s] (stanza #%d) Error creating fko context: %s",
spadat->pkt_source_ip, stanza_num, fko_errstr(res));
if(IS_GPG_ERROR(res))
log_msg(LOG_WARNING, "[%s] (stanza #%d) - GPG ERROR: %s",
spadat->pkt_source_ip, stanza_num, fko_gpg_errstr(*ctx));
return 0;
}
return 1;
}
/* init_ctx_with_data
*/
static PyObject *
init_ctx_with_data(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
char *spa_data;
char *dec_key;
int dec_key_len;
int enc_mode;
char *hmac_key;
int hmac_key_len;
int hmac_type;
int res;
if(!PyArg_ParseTuple(args, "ss#is#", &spa_data, &dec_key, &dec_key_len,
&enc_mode, &hmac_key, &hmac_key_len, &hmac_type))
return NULL;
res = fko_new_with_data(&ctx, spa_data, dec_key, dec_key_len, enc_mode,
hmac_key, hmac_key_len, hmac_type);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("k", ctx);
}
/* errstr
*/
static PyObject *
errstr(PyObject *self, PyObject *args)
{
const char *errmsg;
int res;
if(!PyArg_ParseTuple(args, "i", &res))
return NULL;
errmsg = fko_errstr(res);
return Py_BuildValue("s", errmsg);
}
/* init_ctx
*/
static PyObject *
init_ctx(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
int res;
res = fko_new(&ctx);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("k", ctx);
}
/* set_spa_digest
*/
static PyObject *
set_spa_digest(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
int res;
if(!PyArg_ParseTuple(args, "k", &ctx))
return NULL;
res = fko_set_spa_digest(ctx);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("", NULL);
}
/* set_timestamp
*/
static PyObject *
set_timestamp(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
int res, offset;
if(!PyArg_ParseTuple(args, "kk", &ctx, &offset))
return NULL;
res = fko_set_timestamp(ctx, offset);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("", NULL);
}
/* set_gpg_ignore_verify_error
*/
static PyObject *
set_gpg_ignore_verify_error(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
unsigned char gpg_ignore_verify_error;
int res;
if(!PyArg_ParseTuple(args, "kb", &ctx, &gpg_ignore_verify_error))
return NULL;
res = fko_set_gpg_ignore_verify_error(ctx, gpg_ignore_verify_error);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("", NULL);
}
static PyObject *
get_raw_spa_digest_type(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
short raw_digest_type;
int res;
if(!PyArg_ParseTuple(args, "k", &ctx))
return NULL;
res = fko_get_raw_spa_digest_type(ctx, &raw_digest_type);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("h", raw_digest_type);
}
/* get_encoded_data
*/
static PyObject *
get_encoded_data(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
char *encoded_data;
int res;
if(!PyArg_ParseTuple(args, "k", &ctx))
return NULL;
res = fko_get_encoded_data(ctx, &encoded_data);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("s", encoded_data);
}
/* get_spa_client_timeout
*/
static PyObject *
get_spa_client_timeout(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
int client_timeout;
int res;
if(!PyArg_ParseTuple(args, "k", &ctx))
return NULL;
res = fko_get_spa_client_timeout(ctx, &client_timeout);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("i", client_timeout);
}
static PyObject *
set_spa_encryption_mode(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
int encryption_mode;
int res;
if(!PyArg_ParseTuple(args, "kh", &ctx, &encryption_mode))
return NULL;
res = fko_set_spa_encryption_mode(ctx, encryption_mode);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("", NULL);
}
/* set_spa_message_type
*/
static PyObject *
set_spa_message_type(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
short message_type;
int res;
if(!PyArg_ParseTuple(args, "kh", &ctx, &message_type))
return NULL;
res = fko_set_spa_message_type(ctx, message_type);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("", NULL);
}
/* get_timestamp
*/
static PyObject *
get_timestamp(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
time_t timestamp;
int res;
if(!PyArg_ParseTuple(args, "k", &ctx))
return NULL;
res = fko_get_timestamp(ctx, ×tamp);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("k", timestamp);
}
/* get_gpg_signature_status
*/
static PyObject *
get_gpg_signature_status(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
int gpg_signature_status;
int res;
if(!PyArg_ParseTuple(args, "k", &ctx))
return NULL;
res = fko_get_gpg_signature_status(ctx, &gpg_signature_status);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("i", gpg_signature_status);
}
/* get_version
*/
static PyObject *
get_version(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
char *ver_str;
int res;
if(!PyArg_ParseTuple(args, "k", &ctx))
return NULL;
res = fko_get_version(ctx, &ver_str);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("s", ver_str);
}
/* set_gpg_home_dir
*/
static PyObject *
set_gpg_home_dir(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
char *gpg_home_dir;
int res;
if(!PyArg_ParseTuple(args, "ks", &ctx, &gpg_home_dir))
return NULL;
res = fko_set_gpg_home_dir(ctx, gpg_home_dir);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("", NULL);
}
/* get_gpg_recipient
*/
static PyObject *
get_gpg_recipient(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
char *gpg_recipient;
int res;
if(!PyArg_ParseTuple(args, "k", &ctx))
return NULL;
res = fko_get_gpg_recipient(ctx, &gpg_recipient);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("s", gpg_recipient);
}
/* get_spa_nat_access
*/
static PyObject *
get_spa_nat_access(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
char *spa_nat_access;
int res;
if(!PyArg_ParseTuple(args, "k", &ctx))
return NULL;
res = fko_get_spa_nat_access(ctx, &spa_nat_access);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("s", spa_nat_access);
}
/* set_username
*/
static PyObject *
set_username(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
char *username;
int res;
if(!PyArg_ParseTuple(args, "kz", &ctx, &username))
return NULL;
res = fko_set_username(ctx, username);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("", NULL);
}
/* set_spa_server_auth
*/
static PyObject *
set_spa_server_auth(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
char *spa_server_auth;
int res;
if(!PyArg_ParseTuple(args, "ks", &ctx, &spa_server_auth))
return NULL;
res = fko_set_spa_server_auth(ctx, spa_server_auth);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("", NULL);
}