/* Return the fko SPA encrypted data. */ int fko_get_spa_data(fko_ctx_t ctx, char **spa_data) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); /* We expect to have encrypted data to process. If not, we bail. */ if(ctx->encrypted_msg == NULL || (strlen(ctx->encrypted_msg) < 1)) return(FKO_ERROR_MISSING_ENCODED_DATA); *spa_data = ctx->encrypted_msg; /* Notice we omit the first 10 bytes if Rijndael encryption is * used (to eliminate the consistent 'Salted__' string), and * in GnuPG mode we eliminate the consistent 'hQ' base64 encoded * prefix */ if(ctx->encryption_type == FKO_ENCRYPTION_RIJNDAEL) *spa_data += strlen(B64_RIJNDAEL_SALT); else if(ctx->encryption_type == FKO_ENCRYPTION_GPG) *spa_data += strlen(B64_GPG_PREFIX); return(FKO_SUCCESS); }
/* Set the timestamp. */ int fko_set_timestamp(fko_ctx_t ctx, const int offset) { time_t ts; #if HAVE_LIBFIU fiu_return_on("fko_set_timestamp_init", FKO_ERROR_CTX_NOT_INITIALIZED); #endif /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return FKO_ERROR_CTX_NOT_INITIALIZED; ts = time(NULL) + offset; #if HAVE_LIBFIU fiu_return_on("fko_set_timestamp_val", FKO_ERROR_INVALID_DATA_TIMESTAMP_VALIDFAIL); #endif if(ts < 0) return(FKO_ERROR_INVALID_DATA_TIMESTAMP_VALIDFAIL); ctx->timestamp = ts; ctx->state |= FKO_DATA_MODIFIED; return(FKO_SUCCESS); }
/* Set the SPA encryption mode. */ int fko_set_spa_encryption_mode(fko_ctx_t ctx, const int encrypt_mode) { #if HAVE_LIBFIU fiu_return_on("fko_set_spa_encryption_mode_init", FKO_ERROR_CTX_NOT_INITIALIZED); #endif /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); #if HAVE_LIBFIU fiu_return_on("fko_set_spa_encryption_mode_val", FKO_ERROR_INVALID_DATA_ENCRYPT_MODE_VALIDFAIL); #endif if(encrypt_mode < 0 || encrypt_mode >= FKO_LAST_ENC_MODE) return(FKO_ERROR_INVALID_DATA_ENCRYPT_MODE_VALIDFAIL); ctx->encryption_mode = encrypt_mode; ctx->state |= FKO_ENCRYPT_MODE_MODIFIED; return(FKO_SUCCESS); }
/* Set the HMAC type */ int fko_set_spa_hmac_type(fko_ctx_t ctx, const short hmac_type) { #if HAVE_LIBFIU fiu_return_on("fko_set_spa_hmac_type_init", FKO_ERROR_CTX_NOT_INITIALIZED); #endif /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); #if HAVE_LIBFIU fiu_return_on("fko_set_spa_hmac_type_val", FKO_ERROR_INVALID_DATA_HMAC_TYPE_VALIDFAIL); #endif if(hmac_type < 0 || hmac_type >= FKO_LAST_HMAC_MODE) return(FKO_ERROR_INVALID_DATA_HMAC_TYPE_VALIDFAIL); ctx->hmac_type = hmac_type; ctx->state |= FKO_HMAC_MODE_MODIFIED; return(FKO_SUCCESS); }
/* provide a way to set the encrypted data directly without base64 encoding. * This allows direct AFL fuzzing against decryption routines. */ int fko_afl_set_spa_data(fko_ctx_t ctx, const char * const enc_msg, const int enc_msg_len) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return FKO_ERROR_CTX_NOT_INITIALIZED; if(enc_msg == NULL) return(FKO_ERROR_INVALID_DATA_FUNCS_SET_MSGLEN_VALIDFAIL); if(! is_valid_encoded_msg_len(enc_msg_len)) return(FKO_ERROR_INVALID_DATA_FUNCS_SET_MSGLEN_VALIDFAIL); if(ctx->encrypted_msg != NULL) free(ctx->encrypted_msg); /* Copy the raw encrypted data into the context */ ctx->encrypted_msg = calloc(1, enc_msg_len); if(ctx->encrypted_msg == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); memcpy(ctx->encrypted_msg, enc_msg, enc_msg_len); ctx->encrypted_msg_len = enc_msg_len; return(FKO_SUCCESS); }
/* Set the fko SPA encrypted data. */ int fko_set_spa_data(fko_ctx_t ctx, const char * const enc_msg) { int enc_msg_len; /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return FKO_ERROR_CTX_NOT_INITIALIZED; if(enc_msg == NULL) return(FKO_ERROR_INVALID_DATA_FUNCS_SET_MSGLEN_VALIDFAIL); enc_msg_len = strnlen(enc_msg, MAX_SPA_ENCODED_MSG_SIZE); if(! is_valid_encoded_msg_len(enc_msg_len)) return(FKO_ERROR_INVALID_DATA_FUNCS_SET_MSGLEN_VALIDFAIL); if(ctx->encrypted_msg != NULL) free(ctx->encrypted_msg); /* First, add the data to the context. */ ctx->encrypted_msg = strdup(enc_msg); ctx->encrypted_msg_len = enc_msg_len; if(ctx->encrypted_msg == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); return(FKO_SUCCESS); }
/* Set the SPA digest type. */ static int set_spa_digest_type(fko_ctx_t ctx, short *digest_type_field, const short digest_type) { #if HAVE_LIBFIU fiu_return_on("set_spa_digest_type_init", FKO_ERROR_CTX_NOT_INITIALIZED); #endif /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); #if HAVE_LIBFIU fiu_return_on("set_spa_digest_type_val", FKO_ERROR_INVALID_DATA_ENCODE_DIGEST_VALIDFAIL); #endif if(digest_type < 1 || digest_type >= FKO_LAST_DIGEST_TYPE) return(FKO_ERROR_INVALID_DATA_ENCODE_DIGEST_VALIDFAIL); *digest_type_field = digest_type; ctx->state |= FKO_DIGEST_TYPE_MODIFIED; return(FKO_SUCCESS); }
/* Final update and encoding of data in the context. * This does require all requisite fields be properly * set. */ int fko_spa_data_final(fko_ctx_t ctx, char *enc_key) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); return(fko_encrypt_spa_data(ctx, enc_key)); }
/* Return the fko version */ int fko_get_version(fko_ctx_t ctx, char **version) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *version = ctx->version; return(FKO_SUCCESS); }
/* Return the fko SPA encrypted data. */ int fko_get_encoded_data(fko_ctx_t ctx, char **enc_msg) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *enc_msg = ctx->encoded_msg; return(FKO_SUCCESS); }
/* Return the SPA message data. */ int fko_get_spa_server_auth(fko_ctx_t ctx, char **server_auth) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *server_auth = ctx->server_auth; return(FKO_SUCCESS); }
/* Return the SPA message data. */ int fko_get_spa_client_timeout(fko_ctx_t ctx, int *timeout) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *timeout = ctx->client_timeout; return(FKO_SUCCESS); }
/* Return the SPA encryption mode. */ int fko_get_spa_encryption_mode(fko_ctx_t ctx, int *enc_mode) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *enc_mode = ctx->encryption_mode; return(FKO_SUCCESS); }
/* Return the fko HMAC type */ int fko_get_spa_hmac_type(fko_ctx_t ctx, short *hmac_type) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *hmac_type = ctx->hmac_type; return(FKO_SUCCESS); }
/* Return the current username for this fko context. */ int fko_get_username(fko_ctx_t ctx, char **username) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *username = ctx->username; return(FKO_SUCCESS); }
/* Return the fko HMAC data */ int fko_get_spa_hmac(fko_ctx_t ctx, char **hmac_data) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *hmac_data = ctx->msg_hmac; return(FKO_SUCCESS); }
int fko_get_raw_spa_digest(fko_ctx_t ctx, char **md) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *md = ctx->raw_digest; return(FKO_SUCCESS); }
/* Set the SPA Nat Access data */ int fko_set_spa_nat_access(fko_ctx_t ctx, const char * const msg) { int res = FKO_SUCCESS; /* Context must be initialized. */ if(!CTX_INITIALIZED(ctx)) return FKO_ERROR_CTX_NOT_INITIALIZED; /* Gotta have a valid string. */ if(msg == NULL || strnlen(msg, MAX_SPA_NAT_ACCESS_SIZE) == 0) return(FKO_ERROR_INVALID_DATA_NAT_EMPTY); /* --DSS XXX: Bail out for now. But consider just * truncating in the future... */ if(strnlen(msg, MAX_SPA_NAT_ACCESS_SIZE) == MAX_SPA_NAT_ACCESS_SIZE) return(FKO_ERROR_DATA_TOO_LARGE); if((res = validate_nat_access_msg(msg)) != FKO_SUCCESS) return(res); /* Just in case this is a subsquent call to this function. We * do not want to be leaking memory. */ if(ctx->nat_access != NULL) free(ctx->nat_access); ctx->nat_access = strdup(msg); ctx->state |= FKO_DATA_MODIFIED; if(ctx->nat_access == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); /* If we set the nat_access message Then we force the message_type * as well. Technically, the message type should be set already. * This will serve a half-protective measure. * --DSS XXX: should do this better. */ if(ctx->client_timeout > 0) { if(ctx->message_type != FKO_CLIENT_TIMEOUT_LOCAL_NAT_ACCESS_MSG) ctx->message_type = FKO_CLIENT_TIMEOUT_NAT_ACCESS_MSG; } else if(ctx->message_type != FKO_LOCAL_NAT_ACCESS_MSG) ctx->message_type = FKO_NAT_ACCESS_MSG; return(FKO_SUCCESS); }
/* Return the SPA message data. */ int fko_get_spa_nat_access(fko_ctx_t ctx, char **nat_access) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *nat_access = ctx->nat_access; return(FKO_SUCCESS); }
/* Final update and encoding of data in the context. * This does require all requisite fields be properly * set. */ int fko_spa_data_final(fko_ctx_t ctx, const char * const enc_key, const int enc_key_len, const char * const hmac_key, const int hmac_key_len) { char *tbuf; int res = 0, data_with_hmac_len = 0; /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); if(enc_key_len < 0) return(FKO_ERROR_INVALID_KEY_LEN); res = fko_encrypt_spa_data(ctx, enc_key, enc_key_len); /* Now calculate hmac if so configured */ if (res == FKO_SUCCESS && ctx->hmac_type != FKO_HMAC_UNKNOWN) { if(hmac_key_len < 0) return(FKO_ERROR_INVALID_KEY_LEN); if(hmac_key == NULL) return(FKO_ERROR_INVALID_KEY_LEN); res = fko_set_spa_hmac(ctx, hmac_key, hmac_key_len); if (res == FKO_SUCCESS) { /* Now that we have the hmac, append it to the * encrypted data (which has already been base64-encoded * and the trailing '=' chars stripped off). */ data_with_hmac_len = ctx->encrypted_msg_len+1+ctx->msg_hmac_len+1; tbuf = realloc(ctx->encrypted_msg, data_with_hmac_len); if (tbuf == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); strlcat(tbuf, ctx->msg_hmac, data_with_hmac_len); ctx->encrypted_msg = tbuf; ctx->encrypted_msg_len = data_with_hmac_len; } } return res; }
/* Set the SPA Server Auth data */ int fko_set_spa_server_auth(fko_ctx_t ctx, const char * const msg) { /**************************************** * --DSS This is not supported yet **************************************** */ //return(FKO_ERROR_UNSUPPORTED_FEATURE); #if HAVE_LIBFIU fiu_return_on("fko_set_spa_server_auth_init", FKO_ERROR_CTX_NOT_INITIALIZED); #endif /* Context must be initialized. */ if(!CTX_INITIALIZED(ctx)) return FKO_ERROR_CTX_NOT_INITIALIZED; /* Gotta have a valid string. */ if(msg == NULL || strnlen(msg, MAX_SPA_SERVER_AUTH_SIZE) == 0) return(FKO_ERROR_INVALID_DATA_SRVAUTH_MISSING); /* --DSS XXX: Bail out for now. But consider just * truncating in the future... */ if(strnlen(msg, MAX_SPA_SERVER_AUTH_SIZE) == MAX_SPA_SERVER_AUTH_SIZE) return(FKO_ERROR_DATA_TOO_LARGE); /* --DSS TODO: ??? * Do we want to add message type and format checking here * or continue to leave it to the implementor? */ /**/ /* Just in case this is a subsquent call to this function. We * do not want to be leaking memory. */ if(ctx->server_auth != NULL) free(ctx->server_auth); ctx->server_auth = strdup(msg); ctx->state |= FKO_DATA_MODIFIED; if(ctx->server_auth == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); return(FKO_SUCCESS); }
/* Return the SPA digest type. */ int fko_get_spa_digest_type(fko_ctx_t ctx, short *digest_type) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); if(digest_type == NULL) return(FKO_ERROR_INVALID_DATA); *digest_type = ctx->digest_type; return(FKO_SUCCESS); }
int fko_get_spa_digest(fko_ctx_t ctx, char **md) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); if(md == NULL) return(FKO_ERROR_INVALID_DATA); *md = ctx->digest; return(FKO_SUCCESS); }
int fko_get_raw_spa_digest(fko_ctx_t ctx, char **md) { #if HAVE_LIBFIU fiu_return_on("fko_get_raw_spa_digest_init", FKO_ERROR_CTX_NOT_INITIALIZED); #endif /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *md = ctx->raw_digest; return(FKO_SUCCESS); }
/* Return the current rand value. */ int fko_get_rand_value(fko_ctx_t ctx, char **rand_value) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); if(rand_value == NULL) return(FKO_ERROR_INVALID_DATA); *rand_value = ctx->rand_val; return(FKO_SUCCESS); }
int fko_set_raw_spa_digest(fko_ctx_t ctx) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); /* Must have encoded message data to start with. */ if(ctx->encrypted_msg == NULL) return(FKO_ERROR_MISSING_ENCODED_DATA); return set_digest(ctx->encrypted_msg, &ctx->raw_digest, ctx->raw_digest_type, &ctx->raw_digest_len); }
/* Return the SPA digest type. */ int fko_get_raw_spa_digest_type(fko_ctx_t ctx, short *raw_digest_type) { #if HAVE_LIBFIU fiu_return_on("fko_get_raw_spa_digest_type_init", FKO_ERROR_CTX_NOT_INITIALIZED); #endif /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); *raw_digest_type = ctx->raw_digest_type; return(FKO_SUCCESS); }
/* Set the fko SPA encrypted data. */ int fko_set_spa_data(fko_ctx_t ctx, char *enc_msg) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return FKO_ERROR_CTX_NOT_INITIALIZED; /* First, add the data to the context. */ ctx->encrypted_msg = strdup(enc_msg); if(ctx->encrypted_msg == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); return(FKO_SUCCESS); }
/* Set the HMAC type */ int fko_set_spa_hmac_type(fko_ctx_t ctx, const short hmac_type) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); if(hmac_type < 0 || hmac_type >= FKO_LAST_HMAC_MODE) return(FKO_ERROR_INVALID_DATA_HMAC_TYPE_VALIDFAIL); ctx->hmac_type = hmac_type; ctx->state |= FKO_HMAC_MODE_MODIFIED; return(FKO_SUCCESS); }
/* Set the SPA encryption type. */ int fko_set_spa_encryption_type(fko_ctx_t ctx, const short encrypt_type) { /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return(FKO_ERROR_CTX_NOT_INITIALIZED); if(encrypt_type < 0 || encrypt_type >= FKO_LAST_ENCRYPTION_TYPE) return(FKO_ERROR_INVALID_DATA); ctx->encryption_type = encrypt_type; ctx->state |= FKO_ENCRYPT_TYPE_MODIFIED; return(FKO_SUCCESS); }