/* For replay attack detection */ static int get_raw_digest(char **digest, char *pkt_data) { fko_ctx_t ctx = NULL; char *tmp_digest = NULL; int res = FKO_SUCCESS; /* initialize an FKO context with no decryption key just so * we can get the outer message digest */ res = fko_new_with_data(&ctx, (char *)pkt_data, NULL); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error initializing FKO context from SPA data: %s", fko_errstr(res)); fko_destroy(ctx); return(SPA_MSG_FKO_CTX_ERROR); } res = fko_set_raw_spa_digest_type(ctx, FKO_DEFAULT_DIGEST); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); return(SPA_MSG_DIGEST_ERROR); } res = fko_set_raw_spa_digest(ctx); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error setting digest for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); return(SPA_MSG_DIGEST_ERROR); } res = fko_get_raw_spa_digest(ctx, &tmp_digest); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error getting digest from SPA data: %s", fko_errstr(res)); fko_destroy(ctx); return(SPA_MSG_DIGEST_ERROR); } *digest = strdup(tmp_digest); if (digest == NULL) return SPA_MSG_ERROR; fko_destroy(ctx); return res; }
static void spa_func_getset_short(fko_ctx_t *ctx, char *set_name, int (*spa_set)(fko_ctx_t ctx, const short modifier), char *get_name, int (*spa_get)(fko_ctx_t ctx, short *val), int min, int max, int final_val, int digest_flag, int new_ctx_flag, int destroy_ctx_flag) { fko_ctx_t default_ctx = NULL; short get_val; int i, res; spa_default_ctx(&default_ctx); printf("[+] calling libfko get/set: %s/%s\n", get_name, set_name); for (i=min; i <= max; i++) { get_val = 1234; /* meaningless default */ printf("%s(%d): %s\n", set_name, i, fko_errstr((spa_set)(*ctx, i))); printf("%s(%d): %s (DUPE)\n", set_name, i, fko_errstr((spa_set)(*ctx, i))); if (digest_flag == DO_DIGEST) fko_set_spa_digest(*ctx); else if (digest_flag == RAW_DIGEST) fko_set_raw_spa_digest(*ctx); res = (spa_get)(*ctx, &get_val); printf("%s(%d): %s\n", get_name, get_val, fko_errstr(res)); ctx_update(ctx, new_ctx_flag, destroy_ctx_flag, DO_PRINT); if (digest_flag == NO_DIGEST) spa_calls += 3; else spa_calls += 4; /* also set on a fully populated context */ (spa_set)(default_ctx, i); } printf("%s(%d): %s (FINAL)\n", set_name, final_val, fko_errstr((spa_set)(*ctx, final_val))); display_ctx(*ctx); fko_spa_data_final(default_ctx, ENC_KEY, 16, HMAC_KEY, 16); fko_destroy(default_ctx); default_ctx = NULL; return; }
static PyObject * set_raw_spa_digest(PyObject *self, PyObject *args) { fko_ctx_t ctx; int res; if(!PyArg_ParseTuple(args, "k", &ctx)) return NULL; res = fko_set_raw_spa_digest(ctx); if(res != FKO_SUCCESS) { PyErr_SetString(FKOError, fko_errstr(res)); return NULL; } return Py_BuildValue("", NULL); }
/* For replay attack detection */ static int get_raw_digest(char **digest, char *pkt_data) { fko_ctx_t ctx = NULL; char *tmp_digest = NULL; int res = FKO_SUCCESS; short raw_digest_type = -1; /* initialize an FKO context with no decryption key just so * we can get the outer message digest */ res = fko_new_with_data(&ctx, (char *)pkt_data, NULL, 0, FKO_DEFAULT_ENC_MODE, NULL, 0, 0); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error initializing FKO context from SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_FKO_CTX_ERROR); } res = fko_set_raw_spa_digest_type(ctx, FKO_DEFAULT_DIGEST); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } res = fko_get_raw_spa_digest_type(ctx, &raw_digest_type); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error getting digest type for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } /* Make sure the digest type is what we expect */ if(raw_digest_type != FKO_DEFAULT_DIGEST) { log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } res = fko_set_raw_spa_digest(ctx); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error setting digest for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } res = fko_get_raw_spa_digest(ctx, &tmp_digest); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error getting digest from SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } *digest = strdup(tmp_digest); if (*digest == NULL) res = SPA_MSG_ERROR; /* really a strdup() memory allocation problem */ fko_destroy(ctx); ctx = NULL; return res; }
/* For replay attack detection */ static int get_raw_digest(char **digest, char *pkt_data) { fko_ctx_t ctx = NULL; char *tmp_digest = NULL; int res = FKO_SUCCESS; short raw_digest_type = -1; /* initialize an FKO context with no decryption key just so * we can get the outer message digest */ //pkt_data:SPAÔʼÊý¾Ý°ü¡ //ÔÚ²»´«Èë½âÃÜÃÜÔ¿µÄÇé¿öÏÂÎÒÃÇ¿ÉÒÔ»ñÈ¡½ÓÊÕµ½µÄmessageÕªÒª¡£ res = fko_new_with_data(&ctx, (char *)pkt_data, NULL, 0, FKO_DEFAULT_ENC_MODE, NULL, 0, 0); //½«pkt_data¸´ÖƵ½ctx->encrypted_msgÖС£ if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error initializing FKO context from SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_FKO_CTX_ERROR); } //ÉèÖÃSPAÕªÒªÀàÐÍ(default:SHA256)¡£ res = fko_set_raw_spa_digest_type(ctx, FKO_DEFAULT_DIGEST); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } //»ñÈ¡SPAÕªÒªÀàÐÍ(SHA256)¡£ res = fko_get_raw_spa_digest_type(ctx, &raw_digest_type); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error getting digest type for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } /* Make sure the digest type is what we expect */ //È·±£ÊÇÎÒÃÇËùÆÚÍûµÄÕªÒªÀàÐÍ¡£ if(raw_digest_type != FKO_DEFAULT_DIGEST) { log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } //¼ÆËãctx->encrypted_msgµÄÕªÒª(default:SHA256)£¬´æÈëctx->raw_digest¡£ res = fko_set_raw_spa_digest(ctx); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error setting digest for SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } //»ñÈ¡Server¼ÆËã³öµÄÕªÒª¡£tmp_digest=ctx->raw_digest; res = fko_get_raw_spa_digest(ctx, &tmp_digest); if(res != FKO_SUCCESS) { log_msg(LOG_WARNING, "Error getting digest from SPA data: %s", fko_errstr(res)); fko_destroy(ctx); ctx = NULL; return(SPA_MSG_DIGEST_ERROR); } *digest = strdup(tmp_digest); if (*digest == NULL) res = SPA_MSG_ERROR; /* really a strdup() memory allocation problem */ fko_destroy(ctx); //ÊÍ·Åctx½á¹¹¡£ ctx = NULL; return res; }