Esempio n. 1
0
static void spa_func_int(fko_ctx_t *ctx, char *name,
        int (*spa_set)(fko_ctx_t ctx, const int modifier), int min, int max,
        int final_val, int new_ctx_flag, int destroy_ctx_flag)
{
    fko_ctx_t default_ctx = NULL;
    int i;

    spa_default_ctx(&default_ctx);

    printf("[+] calling libfko function: %s\n", name);
    for (i=min; i <= max; i++) {
        printf("%s(%d): %s\n", name, i, fko_errstr((spa_set)(*ctx, i)));
        printf("%s(%d): %s (DUPE)\n", name, i, fko_errstr((spa_set)(*ctx, i)));

        ctx_update(ctx, new_ctx_flag, destroy_ctx_flag, DO_PRINT);
        spa_calls += 2;

        /* also set on a fully populated context */
        (spa_set)(default_ctx, i);
    }
    printf("%s(%d): %s (FINAL)\n", name, final_val,
            fko_errstr((spa_set)(*ctx, final_val)));
    display_ctx(*ctx);

    fko_spa_data_final(default_ctx, ENC_KEY, 16, HMAC_KEY, 16);
    fko_destroy(default_ctx);
    default_ctx = NULL;

    return;
}
Esempio n. 2
0
static void spa_func_getset_int(fko_ctx_t *ctx, char *set_name,
        int (*spa_set)(fko_ctx_t ctx, const int modifier),
        char *get_name, int (*spa_get)(fko_ctx_t ctx, int *val),
        int min, int max, int final_val, int new_ctx_flag, int destroy_ctx_flag)
{
    fko_ctx_t default_ctx = NULL;
    int get_val;
    int i, res;

    spa_default_ctx(&default_ctx);

    printf("[+] calling libfko get/set: %s/%s\n", get_name, set_name);
    for (i=min; i <= max; i++) {
        get_val = 1234;  /* meaningless default */
        printf("%s(%d): %s\n", set_name, i, fko_errstr((spa_set)(*ctx, i)));
        printf("%s(%d): %s (DUPE)\n", set_name, i, fko_errstr((spa_set)(*ctx, i)));
        res = (spa_get)(*ctx, &get_val);
        printf("%s(%d): %s\n", get_name, get_val, fko_errstr(res));

        ctx_update(ctx, new_ctx_flag, destroy_ctx_flag, DO_PRINT);
        spa_calls += 3;

        /* also set on a fully populated context */
        (spa_set)(default_ctx, i);
    }
    printf("%s(%d): %s (FINAL)\n", set_name, final_val,
            fko_errstr((spa_set)(*ctx, final_val)));
    display_ctx(*ctx);

    fko_spa_data_final(default_ctx, ENC_KEY, 16, HMAC_KEY, 16);
    fko_destroy(default_ctx);
    default_ctx = NULL;

    return;
}
Esempio n. 3
0
static void ctx_update(fko_ctx_t *ctx, int new_ctx_flag,
        int destroy_ctx_flag, int print_flag)
{
    if (destroy_ctx_flag == CTX_DESTROY) {
        if (print_flag == DO_PRINT)
            printf("fko_destroy(): %s\n", fko_errstr(fko_destroy(*ctx)));
        else
            fko_destroy(*ctx);
        spa_calls++;
        *ctx = NULL;
    }
    if (new_ctx_flag == NEW_CTX) {
        /* always destroy before re-creating */
        if (print_flag == DO_PRINT)
            printf("fko_destroy(): %s\n", fko_errstr(fko_destroy(*ctx)));
        else
            fko_destroy(*ctx);
        *ctx = NULL;

        if (print_flag == DO_PRINT)
            printf("fko_new(): %s\n", fko_errstr(fko_new(ctx)));
        else
            fko_new(ctx);
        spa_calls += 2;
    }
    return;
}
Esempio n. 4
0
/* For replay attack detection
*/
static int
get_raw_digest(char **digest, char *pkt_data)
{
    fko_ctx_t    ctx = NULL;
    char        *tmp_digest = NULL;
    int          res = FKO_SUCCESS;

    /* initialize an FKO context with no decryption key just so
     * we can get the outer message digest
    */
    res = fko_new_with_data(&ctx, (char *)pkt_data, NULL);
    if(res != FKO_SUCCESS)
    {
        log_msg(LOG_WARNING, "Error initializing FKO context from SPA data: %s",
            fko_errstr(res));
        fko_destroy(ctx);
        return(SPA_MSG_FKO_CTX_ERROR);
    }

    res = fko_set_raw_spa_digest_type(ctx, FKO_DEFAULT_DIGEST);
    if(res != FKO_SUCCESS)
    {
        log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s",
            fko_errstr(res));
        fko_destroy(ctx);
        return(SPA_MSG_DIGEST_ERROR);
    }

    res = fko_set_raw_spa_digest(ctx);
    if(res != FKO_SUCCESS)
    {
        log_msg(LOG_WARNING, "Error setting digest for SPA data: %s",
            fko_errstr(res));
        fko_destroy(ctx);
        return(SPA_MSG_DIGEST_ERROR);
    }

    res = fko_get_raw_spa_digest(ctx, &tmp_digest);
    if(res != FKO_SUCCESS)
    {
        log_msg(LOG_WARNING, "Error getting digest from SPA data: %s",
            fko_errstr(res));
        fko_destroy(ctx);
        return(SPA_MSG_DIGEST_ERROR);
    }

    *digest = strdup(tmp_digest);

    if (digest == NULL)
        return SPA_MSG_ERROR;

    fko_destroy(ctx);

    return res;
}
Esempio n. 5
0
static void afl_enc_pkt_from_file(fko_srv_options_t *opts)
{
    FILE                *fp = NULL;
    fko_ctx_t           decrypt_ctx = NULL;
    unsigned char       enc_spa_pkt[AFL_MAX_PKT_SIZE] = {0}, rc;
    int                 res = 0, es = EXIT_SUCCESS, enc_msg_len;
    char                dump_buf[AFL_DUMP_CTX_SIZE];

    fp = fopen(opts->config[CONF_AFL_PKT_FILE], "rb");
    if(fp != NULL)
    {
        enc_msg_len = 0;
        while(fread(&rc, 1, 1, fp))
        {
            enc_spa_pkt[enc_msg_len] = rc;
            enc_msg_len++;
            if(enc_msg_len == AFL_MAX_PKT_SIZE-1)
                break;
        }
        fclose(fp);

        fko_new(&decrypt_ctx);

        res = fko_afl_set_spa_data(decrypt_ctx, (const char *)enc_spa_pkt,
                enc_msg_len);
        if(res == FKO_SUCCESS)
            res = fko_decrypt_spa_data(decrypt_ctx, "fwknoptest",
                    strlen("fwknoptest"));
        if(res == FKO_SUCCESS)
            res = dump_ctx_to_buffer(decrypt_ctx, dump_buf, sizeof(dump_buf));
        if(res == FKO_SUCCESS)
            log_msg(LOG_INFO, "%s", dump_buf);
        else
            log_msg(LOG_ERR, "Error (%d): %s", res, fko_errstr(res));

        fko_destroy(decrypt_ctx);

        if(res == FKO_SUCCESS)
        {
            log_msg(LOG_INFO, "SPA packet decode: %s", fko_errstr(res));
            es = EXIT_SUCCESS;
        }
        else
        {
            log_msg(LOG_ERR, "Could not decode SPA packet: %s", fko_errstr(res));
            es = EXIT_FAILURE;
        }
    }
    else
        log_msg(LOG_ERR, "Could not acquire SPA packet from file: %s.",
                opts->config[CONF_AFL_PKT_FILE]);

    clean_exit(opts, NO_FW_CLEANUP, es);
}
Esempio n. 6
0
int main(void) {
    fko_ctx_t       ctx = NULL;
    int             res = 0, i, es = EXIT_SUCCESS;
    int             exec=0, success=0, fail=0;

    fiu_init(0);

    for (i=0; i < sizeof(fiu_rvs)/sizeof(int); i++) {
        exec++;
        printf("[+] libfiu injection tag: %s\n", fiu_tags[i]);

        fiu_enable(fiu_tags[i], fiu_rvs[i], NULL, 0);

        res = fko_new(&ctx);

        if(strncmp(fiu_tags[i], "fko_set_rand_value_lenval",
                    strlen("fko_set_rand_value_lenval")) == 0)
            res = fko_set_rand_value(ctx, "asdf1234");

        if(strncmp(fiu_tags[i], "fko_set_rand_value_strdup",
                    strlen("fko_set_rand_value_strdup")) == 0)
            res = fko_set_rand_value(ctx, "asdf1234");

        if(strncmp(fiu_tags[i], "fko_set_username_valuser",
                    strlen("fko_set_username_valuser")) == 0)
            res = fko_set_username(ctx, "BADCHAR=");

        if(strncmp(fiu_tags[i], "fko_set_username_strdup",
                    strlen("fko_set_username_strdup")) == 0)
            res = fko_set_username(ctx, "normaluser");

        if(res == FKO_SUCCESS)
        {
            printf("[-] fko_new(): %s\n", fko_errstr(res));
            fail++;
            es = EXIT_FAILURE;
        }
        else
        {
            printf("[+] fko_new(): %s\n", fko_errstr(res));
            success++;
        }
        fko_destroy(ctx);
        ctx = NULL;

        fiu_disable(fiu_tags[i]);
    }

    printf("fiu_fault_injection() passed/failed/executed: %d/%d/%d\n",
            success, fail, exec);
    return es;
}
Esempio n. 7
0
static void afl_pkt_from_stdin(fko_srv_options_t *opts)
{
    FILE                *fp = NULL;
    fko_ctx_t           decode_ctx = NULL;
    unsigned char       spa_pkt[AFL_MAX_PKT_SIZE] = {0};
    int                 res = 0, es = EXIT_SUCCESS;
    char                dump_buf[AFL_DUMP_CTX_SIZE];

    fp = fdopen(STDIN_FILENO, "r");
    if(fp != NULL)
    {
        if(fgets((char *)spa_pkt, AFL_MAX_PKT_SIZE, fp) == NULL)
        {
            fclose(fp);
            clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
        }

        fclose(fp);

        fko_new(&decode_ctx);

        res = fko_set_encoded_data(decode_ctx, (char *) spa_pkt,
                strlen((char *)spa_pkt), 0, FKO_DIGEST_SHA256);

        if(res == FKO_SUCCESS)
            res = fko_set_spa_data(decode_ctx, (const char *) spa_pkt);
        if(res == FKO_SUCCESS)
            res = fko_decode_spa_data(decode_ctx);
        if(res == FKO_SUCCESS)
            res = dump_ctx_to_buffer(decode_ctx, dump_buf, sizeof(dump_buf));
        if(res == FKO_SUCCESS)
            log_msg(LOG_INFO, "%s", dump_buf);

        fko_destroy(decode_ctx);

        if(res == FKO_SUCCESS)
        {
            log_msg(LOG_INFO, "SPA packet decode: %s", fko_errstr(res));
            es = EXIT_SUCCESS;
        }
        else
        {
            log_msg(LOG_ERR, "Could not decode SPA packet: %s", fko_errstr(res));
            es = EXIT_FAILURE;
        }
    }
    else
        log_msg(LOG_ERR, "Could not acquire SPA packet from stdin.");

    clean_exit(opts, NO_FW_CLEANUP, es);
}
Esempio n. 8
0
int main(void) {
    fko_ctx_t       ctx = NULL;
    int             res = 0;

    res = fko_new(&ctx);

    if (res == FKO_SUCCESS)
        printf("[+] fko_new(): %s\n", fko_errstr(res));
    else
        printf("[-] fko_new(): %s\n", fko_errstr(res));

    fko_destroy(ctx);

    return 0;
}
Esempio n. 9
0
static PyObject *
key_gen(PyObject *self, PyObject *args)
{
    char *key_b64;
    int key_b64_len;
    char *hmac_key_b64;
    int hmac_key_b64_len;
    int hmac_type;
    int res;

    if(!PyArg_ParseTuple(args, "s#s#ih", &key_b64, &key_b64_len,
                         &hmac_key_b64, &hmac_key_b64_len, &hmac_type))
        return NULL;

    res = fko_key_gen(key_b64, key_b64_len, hmac_key_b64, hmac_key_b64_len,
                      hmac_type);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("", NULL);
}
Esempio n. 10
0
/* spa_data_final
*/
static PyObject *
spa_data_final(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    char *enc_key;
    int enc_key_len;
    char *hmac_key;
    int hmac_key_len;
    int res;

    if(!PyArg_ParseTuple(args, "ks#s#", &ctx, &enc_key, &enc_key_len,
                         &hmac_key, &hmac_key_len))
        return NULL;

    res = fko_spa_data_final(ctx, enc_key, enc_key_len,
                             hmac_key, hmac_key_len);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("", NULL);
}
Esempio n. 11
0
static int
check_mode_ctx(spa_data_t *spadat, fko_ctx_t *ctx, int attempted_decrypt,
        const int enc_type, const int stanza_num, const int res)
{
    if(attempted_decrypt == 0)
    {
        log_msg(LOG_ERR,
            "[%s] (stanza #%d) No stanza encryption mode match for encryption type: %i.",
            spadat->pkt_source_ip, stanza_num, enc_type);
        return 0;
    }

    /* Do we have a valid FKO context?  Did the SPA decrypt properly?
    */
    if(res != FKO_SUCCESS)
    {
        log_msg(LOG_WARNING, "[%s] (stanza #%d) Error creating fko context: %s",
            spadat->pkt_source_ip, stanza_num, fko_errstr(res));

        if(IS_GPG_ERROR(res))
            log_msg(LOG_WARNING, "[%s] (stanza #%d) - GPG ERROR: %s",
                spadat->pkt_source_ip, stanza_num, fko_gpg_errstr(*ctx));
        return 0;
    }

    return 1;
}
Esempio n. 12
0
/* init_ctx_with_data
*/
static PyObject *
init_ctx_with_data(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    char *spa_data;
    char *dec_key;
    int dec_key_len;
    int enc_mode;
    char *hmac_key;
    int hmac_key_len;
    int hmac_type;
    int res;

    if(!PyArg_ParseTuple(args, "ss#is#", &spa_data, &dec_key, &dec_key_len,
                         &enc_mode, &hmac_key, &hmac_key_len, &hmac_type))
        return NULL;

    res = fko_new_with_data(&ctx, spa_data, dec_key, dec_key_len, enc_mode,
                            hmac_key, hmac_key_len, hmac_type);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("k", ctx);
}
Esempio n. 13
0
/* errstr
*/
static PyObject *
errstr(PyObject *self, PyObject *args)
{
    const char *errmsg;
    int res;

    if(!PyArg_ParseTuple(args, "i", &res))
        return NULL;

    errmsg = fko_errstr(res);

    return Py_BuildValue("s", errmsg);
}
Esempio n. 14
0
/* init_ctx
*/
static PyObject *
init_ctx(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    int res;

    res = fko_new(&ctx);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("k", ctx);
}
Esempio n. 15
0
/* set_spa_digest
*/
static PyObject *
set_spa_digest(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    int res;

    if(!PyArg_ParseTuple(args, "k", &ctx))
        return NULL;

    res = fko_set_spa_digest(ctx);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("", NULL);
}
Esempio n. 16
0
/* set_timestamp
*/
static PyObject *
set_timestamp(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    int res, offset;

    if(!PyArg_ParseTuple(args, "kk", &ctx, &offset))
        return NULL;

    res = fko_set_timestamp(ctx, offset);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("", NULL);
}
Esempio n. 17
0
/* set_gpg_ignore_verify_error
*/
static PyObject *
set_gpg_ignore_verify_error(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    unsigned char gpg_ignore_verify_error;
    int res;

    if(!PyArg_ParseTuple(args, "kb", &ctx, &gpg_ignore_verify_error))
        return NULL;

    res = fko_set_gpg_ignore_verify_error(ctx, gpg_ignore_verify_error);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("", NULL);
}
Esempio n. 18
0
static PyObject *
get_raw_spa_digest_type(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    short raw_digest_type;
    int res;

    if(!PyArg_ParseTuple(args, "k", &ctx))
        return NULL;

    res = fko_get_raw_spa_digest_type(ctx, &raw_digest_type);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("h", raw_digest_type);
}
Esempio n. 19
0
/* get_encoded_data
*/
static PyObject *
get_encoded_data(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    char *encoded_data;
    int res;

    if(!PyArg_ParseTuple(args, "k", &ctx))
        return NULL;

    res = fko_get_encoded_data(ctx, &encoded_data);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("s", encoded_data);
}
Esempio n. 20
0
/* get_spa_client_timeout
*/
static PyObject *
get_spa_client_timeout(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    int client_timeout;
    int res;

    if(!PyArg_ParseTuple(args, "k", &ctx))
        return NULL;

    res = fko_get_spa_client_timeout(ctx, &client_timeout);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("i", client_timeout);
}
Esempio n. 21
0
static PyObject *
set_spa_encryption_mode(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    int encryption_mode;
    int res;

    if(!PyArg_ParseTuple(args, "kh", &ctx, &encryption_mode))
        return NULL;

    res = fko_set_spa_encryption_mode(ctx, encryption_mode);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("", NULL);
}
Esempio n. 22
0
/* set_spa_message_type
*/
static PyObject *
set_spa_message_type(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    short message_type;
    int res;

    if(!PyArg_ParseTuple(args, "kh", &ctx, &message_type))
        return NULL;

    res = fko_set_spa_message_type(ctx, message_type);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("", NULL);
}
Esempio n. 23
0
/* get_timestamp
*/
static PyObject *
get_timestamp(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    time_t timestamp;
    int res;

    if(!PyArg_ParseTuple(args, "k", &ctx))
        return NULL;

    res = fko_get_timestamp(ctx, &timestamp);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("k", timestamp);
}
Esempio n. 24
0
/* get_gpg_signature_status
*/
static PyObject *
get_gpg_signature_status(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    int gpg_signature_status;
    int res;

    if(!PyArg_ParseTuple(args, "k", &ctx))
        return NULL;

    res = fko_get_gpg_signature_status(ctx, &gpg_signature_status);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("i", gpg_signature_status);
}
Esempio n. 25
0
/* get_version
*/
static PyObject *
get_version(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    char *ver_str;
    int res;

    if(!PyArg_ParseTuple(args, "k", &ctx))
        return NULL;

    res = fko_get_version(ctx, &ver_str);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("s", ver_str);
}
Esempio n. 26
0
/* set_gpg_home_dir
*/
static PyObject *
set_gpg_home_dir(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    char *gpg_home_dir;
    int res;

    if(!PyArg_ParseTuple(args, "ks", &ctx, &gpg_home_dir))
        return NULL;

    res = fko_set_gpg_home_dir(ctx, gpg_home_dir);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("", NULL);
}
Esempio n. 27
0
/* get_gpg_recipient
*/
static PyObject *
get_gpg_recipient(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    char *gpg_recipient;
    int res;

    if(!PyArg_ParseTuple(args, "k", &ctx))
        return NULL;

    res = fko_get_gpg_recipient(ctx, &gpg_recipient);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("s", gpg_recipient);
}
Esempio n. 28
0
/* get_spa_nat_access
*/
static PyObject *
get_spa_nat_access(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    char *spa_nat_access;
    int res;

    if(!PyArg_ParseTuple(args, "k", &ctx))
        return NULL;

    res = fko_get_spa_nat_access(ctx, &spa_nat_access);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("s", spa_nat_access);
}
Esempio n. 29
0
/* set_username
*/
static PyObject *
set_username(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    char *username;
    int res;

    if(!PyArg_ParseTuple(args, "kz", &ctx, &username))
        return NULL;

    res = fko_set_username(ctx, username);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("", NULL);
}
Esempio n. 30
0
/* set_spa_server_auth
*/
static PyObject *
set_spa_server_auth(PyObject *self, PyObject *args)
{
    fko_ctx_t ctx;
    char *spa_server_auth;
    int res;

    if(!PyArg_ParseTuple(args, "ks", &ctx, &spa_server_auth))
        return NULL;

    res = fko_set_spa_server_auth(ctx, spa_server_auth);

    if(res != FKO_SUCCESS)
    {
        PyErr_SetString(FKOError, fko_errstr(res));
        return NULL;
    }

    return Py_BuildValue("", NULL);
}