static void afl_pkt_from_stdin(fko_srv_options_t *opts) { FILE *fp = NULL; fko_ctx_t decode_ctx = NULL; unsigned char spa_pkt[AFL_MAX_PKT_SIZE] = {0}; int res = 0, es = EXIT_SUCCESS; char dump_buf[AFL_DUMP_CTX_SIZE]; fp = fdopen(STDIN_FILENO, "r"); if(fp != NULL) { if(fgets((char *)spa_pkt, AFL_MAX_PKT_SIZE, fp) == NULL) { fclose(fp); clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE); } fclose(fp); fko_new(&decode_ctx); res = fko_set_encoded_data(decode_ctx, (char *) spa_pkt, strlen((char *)spa_pkt), 0, FKO_DIGEST_SHA256); if(res == FKO_SUCCESS) res = fko_set_spa_data(decode_ctx, (const char *) spa_pkt); if(res == FKO_SUCCESS) res = fko_decode_spa_data(decode_ctx); if(res == FKO_SUCCESS) res = dump_ctx_to_buffer(decode_ctx, dump_buf, sizeof(dump_buf)); if(res == FKO_SUCCESS) log_msg(LOG_INFO, "%s", dump_buf); fko_destroy(decode_ctx); if(res == FKO_SUCCESS) { log_msg(LOG_INFO, "SPA packet decode: %s", fko_errstr(res)); es = EXIT_SUCCESS; } else { log_msg(LOG_ERR, "Could not decode SPA packet: %s", fko_errstr(res)); es = EXIT_FAILURE; } } else log_msg(LOG_ERR, "Could not acquire SPA packet from stdin."); clean_exit(opts, NO_FW_CLEANUP, es); }
static void spa_encoded_msg_fuzzing(void) { fko_ctx_t decode_ctx = NULL; int res = 0, pkt_id, require_success, require_digest, digest_type, msg_len; int line_ctr = 0, spa_payload_ctr = 0; FILE *fz = NULL; char line[MAX_LINE_LEN] = {0}; char b64_encoded_msg[MAX_LINE_LEN] = {0}; unsigned char b64_decoded_msg[MAX_LINE_LEN] = {0}; /* fuzzing file contents (or from stdin) are formatted like this: * * <pkt_ID> <status: success|fail> <digest: yes|no> <digest type> <base64_SPA_payload> */ if ((fz = fopen("fuzz_spa_payloads", "r")) == NULL) return; while ((fgets(line, MAX_LINE_LEN, fz)) != NULL) { line_ctr++; line[MAX_LINE_LEN-1] = '\0'; if (line[strlen(line)-1] == '\n') line[strlen(line)-1] = '\0'; if(IS_EMPTY_LINE(line[0])) continue; if(sscanf(line, "%d %d %d %d %s", &pkt_id, &require_success, &require_digest, &digest_type, b64_encoded_msg) != 5) { printf("[+] fuzzing parsing error at line: %d\n", line_ctr); continue; } msg_len = fko_base64_decode(b64_encoded_msg, b64_decoded_msg); spa_payload_ctr++; fko_new(&decode_ctx); if ((res = fko_set_encoded_data(decode_ctx, (char *) b64_decoded_msg, msg_len, require_digest, digest_type)) != FKO_SUCCESS) { printf("[-] pkt_id: %d, fko_set_encoded_data(): %s\n", pkt_id, fko_errstr(res)); } res = fko_decode_spa_data(decode_ctx); if (require_success) { if (res != FKO_SUCCESS) { printf("[-] pkt_id: %d, expected decode success but: fko_decode_spa_data(): %s\n", pkt_id, fko_errstr(res)); } } else { if (res == FKO_SUCCESS) { printf("[-] pkt_id: %d, expected decode failure but: fko_decode_spa_data(): %s\n", pkt_id, fko_errstr(res)); } } fko_destroy(decode_ctx); memset(line, 0x0, MAX_LINE_LEN); memset(b64_encoded_msg, 0x0, MAX_LINE_LEN); } fclose(fz); printf("[+] Sent %d SPA payloads through libfko encode/decode cycle...\n", spa_payload_ctr); return; }