static PyObject *
get_raw_spa_digest_type(PyObject *self, PyObject *args)
{
fko_ctx_t ctx;
short raw_digest_type;
int res;
if(!PyArg_ParseTuple(args, "k", &ctx))
return NULL;
res = fko_get_raw_spa_digest_type(ctx, &raw_digest_type);
if(res != FKO_SUCCESS)
{
PyErr_SetString(FKOError, fko_errstr(res));
return NULL;
}
return Py_BuildValue("h", raw_digest_type);
}
/* For replay attack detection
*/
static int
get_raw_digest(char **digest, char *pkt_data)
{
fko_ctx_t ctx = NULL;
char *tmp_digest = NULL;
int res = FKO_SUCCESS;
short raw_digest_type = -1;
/* initialize an FKO context with no decryption key just so
* we can get the outer message digest
*/
res = fko_new_with_data(&ctx, (char *)pkt_data, NULL, 0,
FKO_DEFAULT_ENC_MODE, NULL, 0, 0);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error initializing FKO context from SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_FKO_CTX_ERROR);
}
res = fko_set_raw_spa_digest_type(ctx, FKO_DEFAULT_DIGEST);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
res = fko_get_raw_spa_digest_type(ctx, &raw_digest_type);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error getting digest type for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
/* Make sure the digest type is what we expect
*/
if(raw_digest_type != FKO_DEFAULT_DIGEST)
{
log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
res = fko_set_raw_spa_digest(ctx);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error setting digest for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
res = fko_get_raw_spa_digest(ctx, &tmp_digest);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error getting digest from SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
*digest = strdup(tmp_digest);
if (*digest == NULL)
res = SPA_MSG_ERROR; /* really a strdup() memory allocation problem */
fko_destroy(ctx);
ctx = NULL;
return res;
}
/* For replay attack detection
*/
static int
get_raw_digest(char **digest, char *pkt_data)
{
fko_ctx_t ctx = NULL;
char *tmp_digest = NULL;
int res = FKO_SUCCESS;
short raw_digest_type = -1;
/* initialize an FKO context with no decryption key just so
* we can get the outer message digest
*/
//pkt_data:SPAÔʼÊý¾Ý°ü¡
//ÔÚ²»´«Èë½âÃÜÃÜÔ¿µÄÇé¿öÏÂÎÒÃÇ¿ÉÒÔ»ñÈ¡½ÓÊÕµ½µÄmessageÕªÒª¡£
res = fko_new_with_data(&ctx, (char *)pkt_data, NULL, 0,
FKO_DEFAULT_ENC_MODE, NULL, 0, 0); //½«pkt_data¸´ÖƵ½ctx->encrypted_msgÖС£
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error initializing FKO context from SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_FKO_CTX_ERROR);
}
//ÉèÖÃSPAÕªÒªÀàÐÍ(default:SHA256)¡£
res = fko_set_raw_spa_digest_type(ctx, FKO_DEFAULT_DIGEST);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
//»ñÈ¡SPAÕªÒªÀàÐÍ(SHA256)¡£
res = fko_get_raw_spa_digest_type(ctx, &raw_digest_type);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error getting digest type for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
/* Make sure the digest type is what we expect
*/
//È·±£ÊÇÎÒÃÇËùÆÚÍûµÄÕªÒªÀàÐÍ¡£
if(raw_digest_type != FKO_DEFAULT_DIGEST)
{
log_msg(LOG_WARNING, "Error setting digest type for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
//¼ÆËãctx->encrypted_msgµÄÕªÒª(default:SHA256)£¬´æÈëctx->raw_digest¡£
res = fko_set_raw_spa_digest(ctx);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error setting digest for SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
//»ñÈ¡Server¼ÆËã³öµÄÕªÒª¡£tmp_digest=ctx->raw_digest;
res = fko_get_raw_spa_digest(ctx, &tmp_digest);
if(res != FKO_SUCCESS)
{
log_msg(LOG_WARNING, "Error getting digest from SPA data: %s",
fko_errstr(res));
fko_destroy(ctx);
ctx = NULL;
return(SPA_MSG_DIGEST_ERROR);
}
*digest = strdup(tmp_digest);
if (*digest == NULL)
res = SPA_MSG_ERROR; /* really a strdup() memory allocation problem */
fko_destroy(ctx); //ÊÍ·Åctx½á¹¹¡£
ctx = NULL;
return res;
}
