static void afl_pkt_from_stdin(fko_srv_options_t *opts)
{
FILE *fp = NULL;
fko_ctx_t decode_ctx = NULL;
unsigned char spa_pkt[AFL_MAX_PKT_SIZE] = {0};
int res = 0, es = EXIT_SUCCESS;
char dump_buf[AFL_DUMP_CTX_SIZE];
fp = fdopen(STDIN_FILENO, "r");
if(fp != NULL)
{
if(fgets((char *)spa_pkt, AFL_MAX_PKT_SIZE, fp) == NULL)
{
fclose(fp);
clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
fclose(fp);
fko_new(&decode_ctx);
res = fko_set_encoded_data(decode_ctx, (char *) spa_pkt,
strlen((char *)spa_pkt), 0, FKO_DIGEST_SHA256);
if(res == FKO_SUCCESS)
res = fko_set_spa_data(decode_ctx, (const char *) spa_pkt);
if(res == FKO_SUCCESS)
res = fko_decode_spa_data(decode_ctx);
if(res == FKO_SUCCESS)
res = dump_ctx_to_buffer(decode_ctx, dump_buf, sizeof(dump_buf));
if(res == FKO_SUCCESS)
log_msg(LOG_INFO, "%s", dump_buf);
fko_destroy(decode_ctx);
if(res == FKO_SUCCESS)
{
log_msg(LOG_INFO, "SPA packet decode: %s", fko_errstr(res));
es = EXIT_SUCCESS;
}
else
{
log_msg(LOG_ERR, "Could not decode SPA packet: %s", fko_errstr(res));
es = EXIT_FAILURE;
}
}
else
log_msg(LOG_ERR, "Could not acquire SPA packet from stdin.");
clean_exit(opts, NO_FW_CLEANUP, es);
}
static void
spa_encoded_msg_fuzzing(void)
{
fko_ctx_t decode_ctx = NULL;
int res = 0, pkt_id, require_success, require_digest, digest_type, msg_len;
int line_ctr = 0, spa_payload_ctr = 0;
FILE *fz = NULL;
char line[MAX_LINE_LEN] = {0};
char b64_encoded_msg[MAX_LINE_LEN] = {0};
unsigned char b64_decoded_msg[MAX_LINE_LEN] = {0};
/* fuzzing file contents (or from stdin) are formatted like this:
*
* <pkt_ID> <status: success|fail> <digest: yes|no> <digest type> <base64_SPA_payload>
*/
if ((fz = fopen("fuzz_spa_payloads", "r")) == NULL)
return;
while ((fgets(line, MAX_LINE_LEN, fz)) != NULL)
{
line_ctr++;
line[MAX_LINE_LEN-1] = '\0';
if (line[strlen(line)-1] == '\n')
line[strlen(line)-1] = '\0';
if(IS_EMPTY_LINE(line[0]))
continue;
if(sscanf(line, "%d %d %d %d %s", &pkt_id, &require_success,
&require_digest, &digest_type, b64_encoded_msg) != 5)
{
printf("[+] fuzzing parsing error at line: %d\n", line_ctr);
continue;
}
msg_len = fko_base64_decode(b64_encoded_msg, b64_decoded_msg);
spa_payload_ctr++;
fko_new(&decode_ctx);
if ((res = fko_set_encoded_data(decode_ctx, (char *) b64_decoded_msg,
msg_len, require_digest, digest_type)) != FKO_SUCCESS) {
printf("[-] pkt_id: %d, fko_set_encoded_data(): %s\n", pkt_id, fko_errstr(res));
}
res = fko_decode_spa_data(decode_ctx);
if (require_success) {
if (res != FKO_SUCCESS) {
printf("[-] pkt_id: %d, expected decode success but: fko_decode_spa_data(): %s\n",
pkt_id, fko_errstr(res));
}
} else {
if (res == FKO_SUCCESS) {
printf("[-] pkt_id: %d, expected decode failure but: fko_decode_spa_data(): %s\n",
pkt_id, fko_errstr(res));
}
}
fko_destroy(decode_ctx);
memset(line, 0x0, MAX_LINE_LEN);
memset(b64_encoded_msg, 0x0, MAX_LINE_LEN);
}
fclose(fz);
printf("[+] Sent %d SPA payloads through libfko encode/decode cycle...\n",
spa_payload_ctr);
return;
}
