Added fuzzing spa packet generation for invalid encodings
authorMichael Rash <mbr@cipherdyne.org>
Fri, 26 Oct 2012 01:37:52 +0000 (21:37 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Fri, 26 Oct 2012 01:37:52 +0000 (21:37 -0400)
This commit adds the ability to generate SPA packets that are valid except for
the last encoding step before encryption.  This is independent of supplying
invalid data for SPA packet fields.  To invoke the test suite in this mode,
do something like:

 # ./test-fwknop.pl --enable-perl-module-pkt-gen  --fuzzing-test-tag "encoded_colon1_missing"  --fuzzing-class encoding

This assumes that lib/fko_encode.c has been patched to subvert the encoding
step itself before encryption.  In this case, the first colon after the random
value is removed.

test/fuzzing/fuzzing_spa_packets
test/test-fwknop.pl

index dcafde3..76544e3 100644 (file)
 [+] Bogus msg_type: non_b64_user_char_-1, SPA packet: 9joMA/frW89LuwII4+/Woq2EfzrgvrB18vJdKzD1A3mWJzRTEtHZkqy2MZrEtpOz9p5NRH/tS6pqGZgYftvQyh7MerCwbqgBEgH4O57MI5rv50KGnYi6R5NNIX3/ECio81ukLMyyONO1HZEIJLoUhD56FYdfu86xQ
 [+] Bogus msg_type: non_b64_user_char_-2, SPA packet: 8fFmjUFNvSnm7ZAugLg+1wWkq/4YU0jn7iA7s8Ii4ii5muo7UXNI3WKHIYVK6k6Jx+ELmhJcYIjD7rfTfWKyK/PLfapCvcDDqdZ4fRf/0dX7yQyMKEWRTtn7/pevKxtj6u5B6CW/dzLHmVMHhh+LMkITrlIaUGSxo
 [+] Bogus msg_type: non_b64_user_char_255, SPA packet: /GUVf0x5GkoXnO7VmgqwjzBuYGUcJkBj8sKpwe96MGgQa2VI9c83R2XJk+E5kIyX6HugN2ND8WG4znaWfrm4qIxZL24H6oG26k6Ffpq9NnrE/sE7u/rI3s8IXk8QLNLBLObcAc0dlZd8mdCbO2qbdHRd4t+/hu490
+[+] Invalid_encoding user: encoded_colon1_missing_test, SPA packet: 859TVR5TxVu3Gm/d4405AxaWtmsZ3HhFJMGGr/Dtt9GBgFExtYirxjTnp7CxcwcyeaShJj7puZwuDZqk3nzCNZWfam6QwTPo9LywOunpiU1ejxPCGY832EYnv9WXQ8WgchKRY4mVV2+zhqXe4MwcyUgbIye05hSM0
+[+] Invalid_encoding user: encoded_colon1_missing_root, SPA packet: /DjgfVCvxYNtCK3M5EA7+nK8EM+wMxvuuS27o6OD5StyDUy7jvhBUJgycouPrWNSUtXdkXu3BH8d6Uc9qdjvU6gv/XmRTO2vKzgw/ivldD0fTleadiOz9ka23kXRFSQDdw3/rF5BQo9x/0raxpzguakOZAl/wLKlc
+[+] Invalid_encoding user: encoded_colon1_missing_mbr, SPA packet: /QpOj9Io0yknOT7dQjj/aT3Zc9QvudSi686iZRiwgpZtmIuKOD9Zp03pC6gCSAp0VkjDv3pDmi2vq8bp0vVB5Adqc3Vzn4iy2yQtzTp/6RIkK9tWdiw0KGeFXu+UYVsiFSPrk0QS1ntNVuSO72KsNQ0iqzKK9dWQg
+[+] Invalid_encoding user: encoded_colon1_missing_test-test, SPA packet: 8jJihpMzEfMTy307mdxhjWsvHiVfJDzLzhmH1twZJyNT4RGhh4xp+0w+6gONvttX5USK8H2QKi7rb2sYph1NBuVa28kIvUdFMKGmlmF3LBr20xWBO0L8x8J54jo+BLzLFeBjBChBfJPnnt2WTO/FoXKFS72+fknkY
+[+] Invalid_encoding user: encoded_colon1_missing_someuser, SPA packet: /dI/wd/u9GPujMh3OTY0LZ0SOOD3iFy64LXwg8Q+pmNrDGP+F501uZLaC93RjhUQHUsKUE9w5SsxHzXsm1H5OicASbVm+Gzjp6YPNT5eINU+QL/ed2oPnuMX7EFZ7nitUOZPGAJM69QO+PiNqwR9ZC9Z9xYfB3WSQ
+[+] Invalid_encoding user: encoded_colon1_missing_someUser, SPA packet: +JdsYyFBtyUqQRv2jvuX70Y+onNNfh920qxlvQIiHNCGsGvkaUP8QkUHeTmJTxHISEsZ+K4j6boGvqHohO6tPnOCU1JNZfBGEPeaBixhQObhntufBqo+NdXAyFHqmesiH9zHA/YOKibsAYs31j0DLYVHaBj5nq/DE
+[+] Invalid_encoding user: encoded_colon1_missing_USER, SPA packet: /pG9XIghf8Co9oq3ftzYVuLFFNq9oRibxsA8fZKUEMYFQp6QetD0z8cJrmnJGafdz0UcrVweQIMfYRvK+ZpEQ5mKEqzEK8QJEMCmGYun+CF/cgOhFwOKjlORtu4lpC1B9NGA+kCR8UslFI9izMu8O5IgV0YPHrFgQ
+[+] Invalid_encoding user: encoded_colon1_missing_USER001, SPA packet: /8ZPmNEXliapp0b5GtXdtgNOasACFjf7ATKNBplWUIMQ3RPCrh3egX+0OQpsu+7Uqiy0GRc17wLN1n69qaCzKzduZKkwA4lB7oca4T4P/59/HVIULAOQ+hkV5IXbp1G1y+FDREtmcNFH887RISHzOW8QLUQExYse0
+[+] Invalid_encoding user: encoded_colon1_missing_00001, SPA packet: 8EikreH4mra4B4Iw81xK0MZa0bogk9PBVyNivGBJ/Xg82UIoykNtKuGtrlJa5q1X0xtx1oYF/fxFJBWbMSfw2HRN0bNO1LT16Du+5e6xAvXbeum4r2koKTdxod6YlngMmkVpY+BgRNzM7LzvUBAsYwiNJCOptF3SE
+[+] Invalid_encoding access_msg: encoded_colon1_missing_1.2.3.4,tcp/22, SPA packet: +CWzA0srcKhbWhYJnW4wCC/VYfEGlKouC8HazZ/Eu3+p6CrpGLWdV6MoecQmY0GE++mqrg5bqbpLbpOGcHENAz/tfzUBX0VK57y9mGdjVnYw7qDQyGeaPgXNSmAWL/4vsWHHEZ7hbr/+tBLILhr9h57g3vtT1snRo
+[+] Invalid_encoding access_msg: encoded_colon1_missing_123.123.123.123,tcp/12345, SPA packet: 98g0Xsg2eiUxh54W2JEEh6/WetDiyBEtcrVJ8JTYII92DuRhhrHcoRttNU753sOiVB5CxjyB6kk47rOXBj5uzN+bFOzCyg+v9vBak8ylP66zXQFhvRrVN0U9/+8YuEKnSTd4lTRgxSFqvVwGDwCr3QdmYd5CgOhi+CWvhtQNdiQsbjImmjNxas
+[+] Invalid_encoding access_msg: encoded_colon1_missing_1.2.3.4,udp/53, SPA packet: 8nm/CVql1Ayg0GGCa/jCet3yZU9LfrdkKA0EGEDPhtgU6ub+pHQ/85kiSFxcmx5XA0E10ZwAUCLcEbF5rVDnOD4GOdeGrYHKi5toAYOflkD7dTMfHaXdYbwjX2c3wgP/VdXgaGJWteI84VCeAErI4r8up8qMn3nts
+[+] Invalid_encoding access_msg: encoded_colon1_missing_123.123.123.123,udp/12345, SPA packet: /4h6Y7PvJvaznlDjZuow4yTkdSSrV7g1wR9xr7A4wqaguDINnNoEMPIgwe8NMEbdr2/PzD0h5v9K1xTiQseWtBTlnGKiImH9FJ3roUugofkOAObYht5zIM0dRN3MzmN6/nTBX4tEKEQHkKq6tNwj+5kVabJH25OGs8JSUeAJKVvhexJdtBV49J
+[+] Invalid_encoding access_msg: encoded_colon1_missing_123.123.123.123,udp/12345,tcp/12345, SPA packet: /fpj1225rEBEs9v23g1sZ7ys5t3AXTQ12ldSHoFqi1I6vQLLH2dBaR7JIr/nQEp5gfnuYY/RxjSZsItp8utZdr7pTC1FvdMXWy28s5257WZnIgEfUZKiCmu7j8SxKcViNCjgMpojFePE+wK2sGvyCiQ95R5+FV2ieQF84Z15la5nESY+uu20pQOTnYDhiqpIkMSpZBUksi6A
+[+] Invalid_encoding access_msg: encoded_colon1_missing_1.1.1.1,udp/1,tcp/1,tcp/2,udp/3,tcp/4,tcp/12345, SPA packet: /oD3cGN0tItROvlcsNP5h8ajVTD2lJSrtLGrc5XUt1CO/6L/rl56uotfTztChyypUOmBTufC/kTak9cUTRZfWBhlsPCdtdo0SoQo3xU7LtO5s7qkyk8DhwEtjfFvWRbKOQjGUd33w3NZMkpKf5d2Z5WG6Agci7CAso/c0nNRyoPO5ec71DPTPZ4zAqyVFtO75pHLq6kbJ2yur8Fc50xtQ4bGYJrn8B37w
+[+] Invalid_encoding NAT_access_msg: encoded_colon1_missing_1.2.3.4,22, SPA packet: 9rQMouB0yw42ySvPU0eg11XtVKl3Tk2MhIhCcVCFwqXJZrvYxNMF9BjRk6fK9269OrimGbAkYpO6/2HkpwPdd6jbkTZjhDsZSMbifnZhnmci7A8TrwkYYFjBHPgSCZnH46QUzDHSRHPvdjTYeVw/WBQ9iY9ZWLaQ2k3ketVR2lj0EVx07xKGQy
+[+] Invalid_encoding NAT_access_msg: encoded_colon1_missing_123.123.123.123,12345, SPA packet: 9VcKWxWmtNtiejubKoStEOL5DrMqpjsyUqd1O9nj1EMXwUuTrcmvpkrRDXj9WDTzDSRGs9bXEqIG63j7D+V7Ub1vllzZsO8fvuQ9bAoNn7UBTF2xKaYA1EOmRmTu2KP7mI4Y2v9qIXRsKWKYSNS0U/+t7QTi0lHrnve23sKum9Vxzkj06PDJV6qUhXoeYq0iFqF+jE4GiCSA
+[+] Invalid_encoding cmd_msg: encoded_colon1_missing_1.2.3.4,cat /etc/hosts, SPA packet: /p18C61k5N11B82Fj5YDWyksSkUi+Ki8DJkFl+3sRIG/dv7q4J3SjqjM3mDaKLv+AVVwoD6BXRc0cteILG9Rr5EA11K33384NN3e83DWCoGLMBbHpfX82BiiZDUi3ma/Z1VcrHgYHZHkCZO7M5LhfHq24kcBKJuAsOZi3dkvDNlBGJR2hW0dy6
+[+] Invalid_encoding cmd_msg: encoded_colon1_missing_123.123.123.123,cat /etc/hosts, SPA packet: 9LS7egGRu8BK9+4/9uJs47hJc5PpvfOKpcfZsWNUXLjcsE12z5R4vEhH/Qs7NQ/5/fBlvlvOTM9ph7oPLtomUgkFSPTAOb37qahsECqgrToD9kxGaw/qCaX1Fnm9pvtN+e6Bfd5mdI7gPwHtARbcsKoncY7yrBiAQtBLflkBBuGfJkbocTTUR+
+[+] Invalid_encoding cmd_msg: encoded_colon1_missing_123.123.123.123,echo blah > /some/file, SPA packet: 8SgaG6RZ06x0UcNfXNK2DqZtzw0cj3THAwAlA3bxVNNIVdKXsNIam3bKR1tf6lP2mu3d0zYUTTgqj7kEYAe/yCk+R73awePHWg0A/Zjd06ph0dK7cdt4Tl1Pca+uRHmBK5NU7/1EjuPSrbtYOS7YTSl+r65qHYMi2n6cxYQiohPZfIEI6AfbqiOPrmR3p6lbuJd3LmIe7q7w
+[+] Invalid_encoding cmd_msg: encoded_colon1_missing_1.1.1.1,echo blah > /some/file, SPA packet: 9yUb1EBe6AlMveVQMaDOvnvgCEuSy//Lw8/ks+XDibQlbH5zlwlLD2sI+ApFuOm+dCj2OkfRSLxRphNxIjJsaPIce3ZW0pyl5tSJG2aUz04zeEiQXo1GL8IDzSkY6XkDj1e26qKosIVAfiihb56/c3gGJFPrWE7FBtoOplNqMLfKh8RDlG0GSf
+[+] Invalid_encoding cmd_msg: encoded_colon1_missing_1.1.1.1,AAAAAAAAAA, SPA packet: +nln0u5WeSKPXpdLUOU15xpLLy2sIImPVlyWo/rP9iH8Flg4K3msXauzZjHYcc6IEgTgtdP0un1EIv6wedaGu1fj2c87I/VhbfzK9TTRMFHX5pG2hjcWXq46BdLcOUIwB8lsfjVRwYCNd9feKLRsBixHa4Dhpbw9g
+[+] Invalid_encoding cmd_msg: encoded_colon1_missing_1.1.1.1,AAAAAAAAAA:, SPA packet: +iJ5Rl+X8wgFNe6A2lmMjt04ipOECVnAuwYvWPQeBAagbVrxce0YBMmavVKG/yNz6XVeS0j1D33yHZXlftVGD2irdU8MxVVDVhKED/DDTERDN0gQ0RVmHErLqFt/kiM/+LRL+kS8p2hmUIS2GbJISR0Iey1l3gF+E
+[+] Invalid_encoding msg_type: encoded_colon1_missing_1, SPA packet: +RgnJzXuRuEswe8pDOzR9u5Tvt83+gNNWDEHIMVteuIACg+HQG5HvIqXZRElHFMYoaOlIGESlguo+yYMc2+PNQdnl5qL+BYZ4LLh+nf+rDAwQQ5Ck0x43Fqxvz3YvDP8jCgeWVK+jKOY+qLR1d0IDT2owIIqXQqyA
+[+] Invalid_encoding msg_type: encoded_colon1_missing_0, SPA packet: 8XYBquKvmrO+93qwYF3kDd/HBRAv4GYk7+lPAn8eFCOGb8UTGYL2XwfYhqmvD/QKCrMAktGSp26mMefyIXbub929SUpJ057OO5eJkxjV/N4/oxAS3z2x8RWFouohL6hAkpER1SeRukUcvzLG/JTJ1Brww/kp+biWQ
+[+] Invalid_encoding msg_type: encoded_colon1_missing_5, SPA packet: 8gJjUcD4P/uA/m0Pnzl45fp7+Wh+btLYVWU1lGS0wUoUBEveCC0Xgf9nmagD8cBF8Q4okAomf80dmAxSPj+VZ6LCGXQtzHU+Zbz3mcshTo4XyAd62V1XX/cuWUHQt2sNMubVes0MR3HfrRGwI0O9EtUmT5kDkH/L4
+[+] Invalid_encoding msg_type: encoded_colon1_missing_2, SPA packet: (NULL)
+[+] Invalid_encoding msg_type: encoded_colon1_missing_3, SPA packet: 9QWav9tRaEnnkXI2NWsUsD+f/zDpkysqLhaMzTPtZPaVY1swJuwJ1my3RXHMsc9NFREm2a7rcw4d4/2rM1RxaPYrDXLeuhL6OoYWc/kdHgUk/c47kHwdlX8nMExevM3LmsA0PNpS94oZ3OS3vFiMe1R2XXRMUk3ic
+[+] Invalid_encoding msg_type: encoded_colon1_missing_4, SPA packet: 9hMSn1ynd9JMJFB2t6GgoNGmcHNHXYJ2XmhOhY6QbLzUmus+n77FO0METjtxVGN9G4dimgRBl4UktvVHXfzPvMuyCn3M1h8tisNM7/ucP9cyvr5NfonRu7Sc3G+T5Z9FFrvrFwQ8qqmGxweuoXI9ezuvxZLfXIxy8
+[+] Invalid_encoding msg_type: encoded_colon1_missing_6, SPA packet: +XWx5ZBy2SfRNyusioAHLqVrbR+9XXH21DIhTqUZArmVsNci8U0aLuEiiH0cA2o7NzoWXrN+47e1WdOiX/8yvGleKlqLoR7xBv52ZdpwgRlrDUsKkFHyFpuQMKu3V72cvQMClcAFtSzPegPl2t5KD1q119IlxbxZg
index 0fc83ee..05d3e35 100755 (executable)
@@ -105,6 +105,7 @@ my $fuzzing_pkts_append = 0;
 my $fuzzing_key = 'testtest';
 my $fuzzing_num_pkts = 0;
 my $fuzzing_test_tag = '';
+my $fuzzing_class = 'bogus data';
 my $server_test_file  = '';
 my $use_valgrind = 0;
 my $valgrind_str = '';
@@ -157,6 +158,7 @@ exit 1 unless GetOptions(
     'fuzzing-pkts-file=s' => \$fuzzing_pkts_file,
     'fuzzing-pkts-append' => \$fuzzing_pkts_append,
     'fuzzing-test-tag=s'  => \$fuzzing_test_tag,
+    'fuzzing-class=s'     => \$fuzzing_class,
     'enable-recompile-check' => \$enable_recompilation_warnings_check,
     'enable-ip-resolve' => \$enable_client_ip_resolve_test,
     'enable-distcheck'  => \$enable_make_distcheck,
@@ -1735,6 +1737,15 @@ my @tests = (
     },
     {
         'category' => 'perl FKO module',
+        'subcategory' => 'FUZZING',
+        'detail'   => 'generate invalid encoded pkts',
+        'err_msg'  => 'could not generate invalid SPA pkts',
+        'function' => \&perl_fko_module_assume_patches_generate_fuzzing_encoding_spa_packets,
+        'fatal'    => $NO
+    },
+
+    {
+        'category' => 'perl FKO module',
         'subcategory' => 'basic ops',
         'detail'   => 'create/destroy FKO object',
         'err_msg'  => 'could not create/destroy FKO object',
@@ -2324,8 +2335,8 @@ sub run_test() {
     }
 
     if ($enable_perl_module_fuzzing_spa_pkt_generation) {
-        if ($msg =~ /perl FKO module.*FUZZING/) {
-            print "\n[+] Wrote $fuzzing_num_pkts fuzzing SPA " .
+       if ($msg =~ /perl FKO module.*FUZZING/) {
+            print "\n[+] Wrote $fuzzing_num_pkts fuzzing SPA ",
                 "packets to $fuzzing_pkts_file.tmp...\n\n";
             exit 0;
         }
@@ -2889,7 +2900,7 @@ sub perl_fko_module_timestamp() {
         $rv = 0;
     }
 
-    for my $offset (@{&valid_offsets()}) {
+    for my $offset (@{&valid_time_offsets()}) {
 
         $fko_obj->timestamp($offset);
 
@@ -3181,7 +3192,7 @@ sub perl_fko_module_cmd_msgs() {
     return $rv;
 }
 
-sub valid_offsets() {
+sub valid_time_offsets() {
     my @offsets = (
         9999999,
         10,
@@ -3717,6 +3728,191 @@ sub perl_fko_module_assume_patches_generate_fuzzing_spa_packets() {
     return $rv;
 }
 
+sub perl_fko_module_assume_patches_generate_fuzzing_encoding_spa_packets() {
+    my $test_hr = shift;
+
+    ### this function assumes the lib/fko_encode.c has been patched to mess
+    ### with final encoded SPA packet data just before encryption
+
+    my $rv = 1;
+
+    my @fuzzing_pkts = ();
+
+    USER: for my $user (@{&valid_usernames()}) {
+
+        $fko_obj = FKO->new();
+        unless ($fko_obj) {
+            die "[*] error FKO->new(): " . FKO::error_str();
+        }
+        $fko_obj->spa_message('1.2.3.4,tcp/22');
+        my $status = $fko_obj->username($user);
+        if ($status != FKO->FKO_SUCCESS) {
+            &write_test_file("[-] Invalid_encoding user: $user triggered a libfko error\n",
+                $current_test_file);
+            $fko_obj->destroy();
+            $rv = 0;
+            next USER;
+        }
+        $fko_obj->spa_message_type(FKO->FKO_ACCESS_MSG);
+        $fko_obj->digest_type(FKO->FKO_DIGEST_SHA256);
+        $fko_obj->spa_data_final($fuzzing_key);
+
+        my $fuzzing_str = '[+] Invalid_encoding user: '
+            . $fuzzing_test_tag
+            . "$user, SPA packet: "
+            . ($fko_obj->spa_data() || '(NULL)');
+        $fuzzing_str =~ s/[^\x20-\x7e]{1,}/(NA)/g;
+
+        push @fuzzing_pkts, $fuzzing_str;
+        &write_test_file("$fuzzing_str\n", $current_test_file);
+
+        $fko_obj->destroy();
+    }
+
+    MSG: for my $msg (@{&valid_access_messages()}) {
+
+        $fko_obj = FKO->new();
+        unless ($fko_obj) {
+            die "[*] error FKO->new(): " . FKO::error_str();
+        }
+        my $status = $fko_obj->spa_message($msg);
+        if ($status != FKO->FKO_SUCCESS) {
+            ### we expect that a patch has been applied to libfko to allow
+            ### fuzzing data
+            &write_test_file("[-] Invalid_encoding access_msg: $msg triggered a libfko error\n",
+                $current_test_file);
+            $fko_obj->destroy();
+            $rv = 0;
+            next MSG;
+        }
+        $fko_obj->spa_message_type(FKO->FKO_ACCESS_MSG);
+        $fko_obj->digest_type(FKO->FKO_DIGEST_SHA256);
+        $fko_obj->spa_data_final($fuzzing_key);
+
+        my $fuzzing_str = '[+] Invalid_encoding access_msg: '
+            . $fuzzing_test_tag
+            . "$msg, SPA packet: "
+            . ($fko_obj->spa_data() || '(NULL)');
+        $fuzzing_str =~ s/[^\x20-\x7e]{1,}/(NA)/g;
+
+        push @fuzzing_pkts, $fuzzing_str;
+        &write_test_file("$fuzzing_str\n", $current_test_file);
+
+        $fko_obj->destroy();
+    }
+
+    NAT_MSG: for my $nat_msg (@{&valid_nat_access_messages()}) {
+
+        $fko_obj = FKO->new();
+        unless ($fko_obj) {
+            die "[*] error FKO->new(): " . FKO::error_str();
+        }
+        $fko_obj->spa_message('1.2.3.4,tcp/22');
+        my $status = $fko_obj->spa_nat_access($nat_msg);
+        if ($status != FKO->FKO_SUCCESS) {
+            ### we expect that a patch has been applied to libfko to allow
+            ### fuzzing data
+            &write_test_file("[-] Invalid_encoding NAT_access_msg: $nat_msg triggered a libfko error\n",
+                $current_test_file);
+            $fko_obj->destroy();
+            $rv = 0;
+            next NAT_MSG;
+        }
+        $fko_obj->spa_message_type(FKO->FKO_NAT_ACCESS_MSG);
+        $fko_obj->digest_type(FKO->FKO_DIGEST_SHA256);
+        $fko_obj->spa_data_final($fuzzing_key);
+
+        my $fuzzing_str = '[+] Invalid_encoding NAT_access_msg: '
+            . $fuzzing_test_tag
+            . "$nat_msg, SPA packet: "
+            . ($fko_obj->spa_data() || '(NULL)');
+        $fuzzing_str =~ s/[^\x20-\x7e]{1,}/(NA)/g;
+
+        push @fuzzing_pkts, $fuzzing_str;
+        &write_test_file("$fuzzing_str\n", $current_test_file);
+
+        $fko_obj->destroy();
+    }
+
+    CMD: for my $msg (@{&valid_cmd_messages()}) {
+
+        $fko_obj = FKO->new();
+        unless ($fko_obj) {
+            die "[*] error FKO->new(): " . FKO::error_str();
+        }
+        $fko_obj->spa_message_type(FKO->FKO_COMMAND_MSG);
+        my $status = $fko_obj->spa_message($msg);
+        if ($status != FKO->FKO_SUCCESS) {
+            ### we expect that a patch has been applied to libfko to allow
+            ### fuzzing data
+            &write_test_file("[-] Invalid_encoding cmd_msg: $msg triggered a libfko error\n",
+                $current_test_file);
+            $fko_obj->destroy();
+            $rv = 0;
+            next CMD;
+        }
+        $fko_obj->digest_type(FKO->FKO_DIGEST_SHA256);
+        $fko_obj->spa_data_final($fuzzing_key);
+
+        my $fuzzing_str = '[+] Invalid_encoding cmd_msg: '
+            . $fuzzing_test_tag
+            . "$msg, SPA packet: "
+            . ($fko_obj->spa_data() || '(NULL)');
+        $fuzzing_str =~ s/[^\x20-\x7e]{1,}/(NA)/g;
+
+        push @fuzzing_pkts, $fuzzing_str;
+        &write_test_file("$fuzzing_str\n", $current_test_file);
+
+        $fko_obj->destroy();
+    }
+
+    TYPE: for my $type (@{&valid_spa_message_types()}) {
+
+        $fko_obj = FKO->new();
+        unless ($fko_obj) {
+            die "[*] error FKO->new(): " . FKO::error_str();
+        }
+        $fko_obj->spa_message('1.2.3.4,tcp/22');
+        my $status = $fko_obj->spa_message_type($type);
+        if ($status != FKO->FKO_SUCCESS) {
+            ### we expect that a patch has been applied to libfko to allow
+            ### fuzzing data
+            &write_test_file("[-] Invalid_encoding msg_type: $type triggered a libfko error\n",
+                $current_test_file);
+            $fko_obj->destroy();
+            $rv = 0;
+            next TYPE;
+        }
+        $fko_obj->digest_type(FKO->FKO_DIGEST_SHA256);
+        $fko_obj->spa_data_final($fuzzing_key);
+
+        my $fuzzing_str = '[+] Invalid_encoding msg_type: '
+            . $fuzzing_test_tag
+            . "$type, SPA packet: "
+            . ($fko_obj->spa_data() || '(NULL)');
+        $fuzzing_str =~ s/[^\x20-\x7e]{1,}/(NA)/g;
+
+        push @fuzzing_pkts, $fuzzing_str;
+        &write_test_file("$fuzzing_str\n", $current_test_file);
+
+        $fko_obj->destroy();
+    }
+
+    if ($fuzzing_pkts_append) {
+        open F, ">> $fuzzing_pkts_file.tmp" or die $!;
+    } else {
+        open F, "> $fuzzing_pkts_file.tmp" or die $!;
+    }
+    for my $pkt (@fuzzing_pkts) {
+        print F $pkt, "\n";
+    }
+    close F;
+
+    $fuzzing_num_pkts = $#fuzzing_pkts+1;
+
+    return $rv;
+}
+
 sub perl_fko_module_full_fuzzing_packets() {
     my $test_hr = shift;
 
@@ -3726,38 +3922,38 @@ sub perl_fko_module_full_fuzzing_packets() {
 
     open F, "< $fuzzing_pkts_file" or die $!;
     while (<F>) {
-        if (/Bogus\s(\S+)\:\s+(.*)\,\sSPA\spacket\:\s(\S+)/) {
-            $fuzzing_spa_packets{$1}{$2} = $3;
+        if (/(?:Bogus|Invalid_encoding)\s(\S+)\:\s+(.*)\,\sSPA\spacket\:\s(\S+)/) {
+            push @{$fuzzing_spa_packets{$1}{$2}}, $3;
         }
     }
     close F;
 
     for my $field (keys %fuzzing_spa_packets) {
         for my $field_val (keys %{$fuzzing_spa_packets{$field}}) {
+            for my $encrypted_spa_pkt (@{$fuzzing_spa_packets{$field}{$field_val}}) {
 
-            my $encrypted_spa_pkt = $fuzzing_spa_packets{$field}{$field_val};
+                ### now get new object for decryption
+                $fko_obj = FKO->new();
+                unless ($fko_obj) {
+                    &write_test_file("[-] error FKO->new(): " . FKO::error_str() . "\n",
+                        $current_test_file);
+                    return 0;
+                }
+                $fko_obj->spa_data($encrypted_spa_pkt);
 
-            ### now get new object for decryption
-            $fko_obj = FKO->new();
-            unless ($fko_obj) {
-                &write_test_file("[-] error FKO->new(): " . FKO::error_str() . "\n",
-                    $current_test_file);
-                return 0;
-            }
-            $fko_obj->spa_data($encrypted_spa_pkt);
+                my $status = $fko_obj->decrypt_spa_data($fuzzing_key);
 
-            my $status = $fko_obj->decrypt_spa_data($fuzzing_key);
+                if ($status == FKO->FKO_SUCCESS) {
+                    &write_test_file("[-] Accepted fuzzing $field $field_val SPA packet.\n",
+                        $current_test_file);
+                    $rv = 0;
+                } else {
+                    &write_test_file("[+] Rejected fuzzing $field $field_val SPA packet.\n",
+                        $current_test_file);
+                }
 
-            if ($status == FKO->FKO_SUCCESS) {
-                &write_test_file("[-] Accepted fuzzing $field $field_val SPA packet.\n",
-                    $current_test_file);
-                $rv = 0;
-            } else {
-                &write_test_file("[+] Rejected fuzzing $field $field_val SPA packet.\n",
-                    $current_test_file);
+                $fko_obj->destroy();
             }
-
-            $fko_obj->destroy();
         }
     }
 
@@ -4831,6 +5027,11 @@ sub init() {
 
     if ($enable_perl_module_fuzzing_spa_pkt_generation) {
         push @tests_to_include, qr/perl FKO module/;
+        if ($fuzzing_class eq 'bogus data') {
+            push @tests_to_exclude, qr/perl FKO module.*FUZZING.*invalid encoded/;
+        } else {
+            push @tests_to_exclude, qr/perl FKO module.*FUZZING.*invalid SPA/;
+        }
     } else {
         push @tests_to_exclude, qr/perl FKO module.*FUZZING/;
     }