/* We expect to have encrypted data to process. If not, we bail.
*/
- if(ctx->encrypted_msg == NULL
- || (strnlen(ctx->encrypted_msg, MAX_SPA_ENCRYPTED_SIZE) < 1))
+ if(ctx->encrypted_msg == NULL || ! is_valid_encoded_msg_len(
+ strnlen(ctx->encrypted_msg, MAX_SPA_ENCODED_MSG_SIZE)))
return(FKO_ERROR_MISSING_ENCODED_DATA);
*spa_data = ctx->encrypted_msg;
int
fko_set_spa_data(fko_ctx_t ctx, const char *enc_msg)
{
+ int enc_msg_len;
+
/* Must be initialized
*/
if(!CTX_INITIALIZED(ctx))
return FKO_ERROR_CTX_NOT_INITIALIZED;
+ enc_msg_len = strnlen(enc_msg, MAX_SPA_ENCODED_MSG_SIZE);
+
+ if(! is_valid_encoded_msg_len(enc_msg_len))
+ return(FKO_ERROR_INVALID_DATA);
+
/* First, add the data to the context.
*/
ctx->encrypted_msg = strdup(enc_msg);
+ ctx->encrypted_msg_len = enc_msg_len;
+
if(ctx->encrypted_msg == NULL)
return(FKO_ERROR_MEMORY_ALLOCATION);
INIT:
fko_ctx_t ctx;
CODE:
- g_ec = fko_new_with_data(&ctx, data, NULL, 0, 0, NULL, 0);
+ g_ec = fko_new_with_data(&ctx, data, NULL, 0, FKO_ENCRYPTION_RIJNDAEL, NULL, 0);
if(g_ec == 0)
RETVAL = ctx;
else
RETVAL = fko_errstr(err_code);
OUTPUT:
RETVAL
-
+
const char*
_gpg_error_str(ctx)
INPUT:
RETVAL = fko_gpg_errstr(ctx);
OUTPUT:
RETVAL
-
+
int
_set_digest_type(ctx, digest_type)
INPUT:
RETVAL = fko_set_spa_digest_type(ctx, digest_type);
OUTPUT:
RETVAL
-
+
int
_get_digest_type(ctx, val)
INPUT:
RETVAL = fko_set_spa_encryption_type(ctx, encryption_type);
OUTPUT:
RETVAL
-
+
int
_get_encryption_type(ctx, val)
INPUT:
RETVAL
int
+_set_hmac_mode(ctx, hmac_mode)
+ INPUT:
+ fko_ctx_t ctx;
+ short hmac_mode;
+ CODE:
+ RETVAL = fko_set_hmac_mode(ctx, hmac_mode);
+ OUTPUT:
+ RETVAL
+
+int
_set_rand_value(ctx, rand_val)
INPUT:
fko_ctx_t ctx;
RETVAL = fko_set_username(ctx, username);
OUTPUT:
RETVAL
-
+
int
_get_username(ctx, val)
INPUT:
RETVAL = fko_set_spa_message_type(ctx, spa_message_type);
OUTPUT:
RETVAL
-
+
int
_get_spa_message_type(ctx, val)
INPUT:
RETVAL = fko_set_timestamp(ctx, offset);
OUTPUT:
RETVAL
-
+
int
_get_timestamp(ctx, val)
INPUT:
our (
@MSG_TYPES,
@DIGEST_TYPES,
+ @HMAC_DIGEST_TYPES,
@ENCRYPTION_TYPES,
@ERROR_CODES
);
our %EXPORT_TAGS = (
'message_types' => \@MSG_TYPES,
'digest_types' => \@DIGEST_TYPES,
+ 'hmac_digest_types' => \@HMAC_DIGEST_TYPES,
'encryption_types' => \@ENCRYPTION_TYPES,
'errors' => \@ERROR_CODES,
'types' => [
@MSG_TYPES,
@DIGEST_TYPES,
+ @HMAC_DIGEST_TYPES,
@ENCRYPTION_TYPES
],
'all' => [
@MSG_TYPES,
- @DIGEST_TYPES,
+ @HMAC_DIGEST_TYPES,
@ENCRYPTION_TYPES,
@ERROR_CODES
]
# Constructor.
#
sub new {
- my $class = shift;
- my $data = shift;
- my $dc_pw = shift;
+ my $class = shift;
+ my $data = shift;
+ my $dc_pw = shift;
+ my $dc_pw_len = shift;
my $res;
my $ctx;
#
if($data) {
if(defined($dc_pw)) {
- $ctx = _init_ctx_with_data($data, $dc_pw);
+ $ctx = _init_ctx_with_data($data, $dc_pw, $dc_pw_len);
} else {
$ctx = _init_ctx_with_data_only($data);
}
}
sub spa_data_final {
- my $self = shift;
- my $key = shift || '';
+ my $self = shift;
+ my $key = shift || '';
+ my $key_len = shift || 0;
+ my $hmac_key = shift || '';
+ my $hmac_key_len = shift || 0;
- return FKO::_spa_data_final($self->{_ctx}, $key)
+ return FKO::_spa_data_final($self->{_ctx}, $key, $key_len, $hmac_key, $hmac_key_len);
}
sub encrypt_spa_data {
- my $self = shift;
- my $key = shift || '';
+ my $self = shift;
+ my $key = shift || '';
+ my $key_len = shift || 0;
- return FKO::_encrypt_spa_data($self->{_ctx}, $key)
+ return FKO::_encrypt_spa_data($self->{_ctx}, $key, $key_len)
}
sub decrypt_spa_data {
- my $self = shift;
- my $key = shift || '';
+ my $self = shift;
+ my $key = shift || '';
+ my $key_len = shift || 0;
- return FKO::_decrypt_spa_data($self->{_ctx}, $key)
+ return FKO::_decrypt_spa_data($self->{_ctx}, $key, $key_len)
}
sub encode_spa_data {
The SHA512 message digest algorithm. This is the I<libfko> default.
=back
-
=item B<spa_message_type( )>
$fko_obj->username($user);
$fko_obj->spa_message_type(FKO->FKO_ACCESS_MSG);
$fko_obj->digest_type($digest_type);
- $fko_obj->spa_data_final($key);
+ $fko_obj->spa_data_final($key, length($key), '', 0);
my $encrypted_msg = $fko_obj->spa_data();
return 0;
}
$fko_obj->spa_data($encrypted_msg);
- $fko_obj->decrypt_spa_data($key);
+ $fko_obj->decrypt_spa_data($key, length($key));
if ($msg ne $fko_obj->spa_message()) {
&write_test_file("[-] $msg encrypt/decrypt mismatch\n",
$fko_obj->username($user);
$fko_obj->spa_message_type(FKO->FKO_ACCESS_MSG);
$fko_obj->digest_type($digest_type);
- $fko_obj->spa_data_final($key);
+ $fko_obj->spa_data_final($key, length($key), '', 0);
my $encrypted_msg = $fko_obj->spa_data();
}
$fko_obj->spa_message_type(FKO->FKO_ACCESS_MSG);
$fko_obj->digest_type(FKO->FKO_DIGEST_SHA256);
- $fko_obj->spa_data_final($fuzzing_key);
+ $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0);
my $fuzzing_str = '[+] Bogus user: '
. $fuzzing_test_tag
}
$fko_obj->spa_message_type(FKO->FKO_ACCESS_MSG);
$fko_obj->digest_type(FKO->FKO_DIGEST_SHA256);
- $fko_obj->spa_data_final($fuzzing_key);
+ $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0);
my $fuzzing_str = '[+] Bogus access_msg: '
. $fuzzing_test_tag
}
$fko_obj->spa_message_type(FKO->FKO_NAT_ACCESS_MSG);
$fko_obj->digest_type(FKO->FKO_DIGEST_SHA256);
- $fko_obj->spa_data_final($fuzzing_key);
+ $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0);
my $fuzzing_str = '[+] Bogus NAT_access_msg: '
. $fuzzing_test_tag
}
$fko_obj->spa_message_type(FKO->FKO_COMMAND_MSG);
$fko_obj->digest_type(FKO->FKO_DIGEST_SHA256);
- $fko_obj->spa_data_final($fuzzing_key);
+ $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0);
my $fuzzing_str = '[+] Bogus cmd_msg: '
. $fuzzing_test_tag
next TYPE;
}
$fko_obj->digest_type(FKO->FKO_DIGEST_SHA256);
- $fko_obj->spa_data_final($fuzzing_key);
+ $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0);
my $fuzzing_str = '[+] Bogus msg_type: '
. $fuzzing_test_tag
}
$fko_obj->spa_message_type(FKO->FKO_ACCESS_MSG);
$fko_obj->digest_type(FKO->FKO_DIGEST_SHA256);
- $fko_obj->spa_data_final($fuzzing_key);
+ $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0);
my $fuzzing_str = '[+] Invalid_encoding user: '
. $fuzzing_test_tag
}
$fko_obj->spa_message_type(FKO->FKO_ACCESS_MSG);
$fko_obj->digest_type(FKO->FKO_DIGEST_SHA256);
- $fko_obj->spa_data_final($fuzzing_key);
+ $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0);
my $fuzzing_str = '[+] Invalid_encoding access_msg: '
. $fuzzing_test_tag
}
$fko_obj->spa_message_type(FKO->FKO_NAT_ACCESS_MSG);
$fko_obj->digest_type(FKO->FKO_DIGEST_SHA256);
- $fko_obj->spa_data_final($fuzzing_key);
+ $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0);
my $fuzzing_str = '[+] Invalid_encoding NAT_access_msg: '
. $fuzzing_test_tag
next CMD;
}
$fko_obj->digest_type(FKO->FKO_DIGEST_SHA256);
- $fko_obj->spa_data_final($fuzzing_key);
+ $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0);
my $fuzzing_str = '[+] Invalid_encoding cmd_msg: '
. $fuzzing_test_tag
next TYPE;
}
$fko_obj->digest_type(FKO->FKO_DIGEST_SHA256);
- $fko_obj->spa_data_final($fuzzing_key);
+ $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0);
my $fuzzing_str = '[+] Invalid_encoding msg_type: '
. $fuzzing_test_tag
$fko_obj->spa_message("$fake_ip,tcp/22");
$fko_obj->spa_message_type(FKO->FKO_ACCESS_MSG);
- $fko_obj->spa_data_final($default_key);
+ $fko_obj->spa_data_final($default_key, length($default_key), '', 0);
my $spa_pkt = $fko_obj->spa_data();
$fko_obj->destroy();
projects / fwknop.git / commitdiff