diff --git a/lib/fko_funcs.c b/lib/fko_funcs.c index 0dd1f99d..dfb5b0e7 100644 --- a/lib/fko_funcs.c +++ b/lib/fko_funcs.c @@ -453,8 +453,8 @@ fko_get_spa_data(fko_ctx_t ctx, char **spa_data) /* We expect to have encrypted data to process. If not, we bail. */ - if(ctx->encrypted_msg == NULL - || (strnlen(ctx->encrypted_msg, MAX_SPA_ENCRYPTED_SIZE) < 1)) + if(ctx->encrypted_msg == NULL || ! is_valid_encoded_msg_len( + strnlen(ctx->encrypted_msg, MAX_SPA_ENCODED_MSG_SIZE))) return(FKO_ERROR_MISSING_ENCODED_DATA); *spa_data = ctx->encrypted_msg; @@ -477,14 +477,23 @@ fko_get_spa_data(fko_ctx_t ctx, char **spa_data) int fko_set_spa_data(fko_ctx_t ctx, const char *enc_msg) { + int enc_msg_len; + /* Must be initialized */ if(!CTX_INITIALIZED(ctx)) return FKO_ERROR_CTX_NOT_INITIALIZED; + enc_msg_len = strnlen(enc_msg, MAX_SPA_ENCODED_MSG_SIZE); + + if(! is_valid_encoded_msg_len(enc_msg_len)) + return(FKO_ERROR_INVALID_DATA); + /* First, add the data to the context. */ ctx->encrypted_msg = strdup(enc_msg); + ctx->encrypted_msg_len = enc_msg_len; + if(ctx->encrypted_msg == NULL) return(FKO_ERROR_MEMORY_ALLOCATION); diff --git a/perl/FKO/FKO.xs b/perl/FKO/FKO.xs index 0d8ba83f..f62ae7dc 100644 --- a/perl/FKO/FKO.xs +++ b/perl/FKO/FKO.xs @@ -70,7 +70,7 @@ _init_ctx_with_data_only(data) INIT: fko_ctx_t ctx; CODE: - g_ec = fko_new_with_data(&ctx, data, NULL, 0, 0, NULL, 0); + g_ec = fko_new_with_data(&ctx, data, NULL, 0, FKO_ENCRYPTION_RIJNDAEL, NULL, 0); if(g_ec == 0) RETVAL = ctx; else @@ -105,7 +105,7 @@ _error_str(err_code) RETVAL = fko_errstr(err_code); OUTPUT: RETVAL - + const char* _gpg_error_str(ctx) INPUT: @@ -114,7 +114,7 @@ _gpg_error_str(ctx) RETVAL = fko_gpg_errstr(ctx); OUTPUT: RETVAL - + int _set_digest_type(ctx, digest_type) INPUT: @@ -124,7 +124,7 @@ _set_digest_type(ctx, digest_type) RETVAL = fko_set_spa_digest_type(ctx, digest_type); OUTPUT: RETVAL - + int _get_digest_type(ctx, val) INPUT: @@ -145,7 +145,7 @@ _set_encryption_type(ctx, encryption_type) RETVAL = fko_set_spa_encryption_type(ctx, encryption_type); OUTPUT: RETVAL - + int _get_encryption_type(ctx, val) INPUT: @@ -157,6 +157,16 @@ _get_encryption_type(ctx, val) val RETVAL +int +_set_hmac_mode(ctx, hmac_mode) + INPUT: + fko_ctx_t ctx; + short hmac_mode; + CODE: + RETVAL = fko_set_hmac_mode(ctx, hmac_mode); + OUTPUT: + RETVAL + int _set_rand_value(ctx, rand_val) INPUT: @@ -187,7 +197,7 @@ _set_username(ctx, username) RETVAL = fko_set_username(ctx, username); OUTPUT: RETVAL - + int _get_username(ctx, val) INPUT: @@ -208,7 +218,7 @@ _set_spa_message_type(ctx, spa_message_type) RETVAL = fko_set_spa_message_type(ctx, spa_message_type); OUTPUT: RETVAL - + int _get_spa_message_type(ctx, val) INPUT: @@ -229,7 +239,7 @@ _set_timestamp(ctx, offset) RETVAL = fko_set_timestamp(ctx, offset); OUTPUT: RETVAL - + int _get_timestamp(ctx, val) INPUT: diff --git a/perl/FKO/lib/FKO.pm b/perl/FKO/lib/FKO.pm index 2362e9d8..f919e528 100644 --- a/perl/FKO/lib/FKO.pm +++ b/perl/FKO/lib/FKO.pm @@ -25,6 +25,7 @@ our @ISA = qw(Exporter); our ( @MSG_TYPES, @DIGEST_TYPES, + @HMAC_DIGEST_TYPES, @ENCRYPTION_TYPES, @ERROR_CODES ); @@ -36,16 +37,18 @@ require "FKO_Constants.pl"; our %EXPORT_TAGS = ( 'message_types' => \@MSG_TYPES, 'digest_types' => \@DIGEST_TYPES, + 'hmac_digest_types' => \@HMAC_DIGEST_TYPES, 'encryption_types' => \@ENCRYPTION_TYPES, 'errors' => \@ERROR_CODES, 'types' => [ @MSG_TYPES, @DIGEST_TYPES, + @HMAC_DIGEST_TYPES, @ENCRYPTION_TYPES ], 'all' => [ @MSG_TYPES, - @DIGEST_TYPES, + @HMAC_DIGEST_TYPES, @ENCRYPTION_TYPES, @ERROR_CODES ] @@ -63,9 +66,10 @@ XSLoader::load('FKO', $VERSION); # Constructor. # sub new { - my $class = shift; - my $data = shift; - my $dc_pw = shift; + my $class = shift; + my $data = shift; + my $dc_pw = shift; + my $dc_pw_len = shift; my $res; my $ctx; @@ -75,7 +79,7 @@ sub new { # if($data) { if(defined($dc_pw)) { - $ctx = _init_ctx_with_data($data, $dc_pw); + $ctx = _init_ctx_with_data($data, $dc_pw, $dc_pw_len); } else { $ctx = _init_ctx_with_data_only($data); } @@ -421,24 +425,29 @@ sub encoded_data { } sub spa_data_final { - my $self = shift; - my $key = shift || ''; + my $self = shift; + my $key = shift || ''; + my $key_len = shift || 0; + my $hmac_key = shift || ''; + my $hmac_key_len = shift || 0; - return FKO::_spa_data_final($self->{_ctx}, $key) + return FKO::_spa_data_final($self->{_ctx}, $key, $key_len, $hmac_key, $hmac_key_len); } sub encrypt_spa_data { - my $self = shift; - my $key = shift || ''; + my $self = shift; + my $key = shift || ''; + my $key_len = shift || 0; - return FKO::_encrypt_spa_data($self->{_ctx}, $key) + return FKO::_encrypt_spa_data($self->{_ctx}, $key, $key_len) } sub decrypt_spa_data { - my $self = shift; - my $key = shift || ''; + my $self = shift; + my $key = shift || ''; + my $key_len = shift || 0; - return FKO::_decrypt_spa_data($self->{_ctx}, $key) + return FKO::_decrypt_spa_data($self->{_ctx}, $key, $key_len) } sub encode_spa_data { @@ -715,7 +724,6 @@ The SHA384 message digest algorithm. This is the I default. The SHA512 message digest algorithm. This is the I default. =back - =item B diff --git a/perl/FKO/lib/FKO_Constants.pl b/perl/FKO/lib/FKO_Constants.pl index ad8d1805..25e34687 100644 --- a/perl/FKO/lib/FKO_Constants.pl +++ b/perl/FKO/lib/FKO_Constants.pl @@ -31,6 +31,16 @@ our @DIGEST_TYPES = qw( FKO_DIGEST_SHA512 ); +# HMAC digest types tag list. +# +our @HMAC_DIGEST_TYPES = qw( + FKO_HMAC_MD5 + FKO_HMAC_SHA1 + FKO_HMAC_SHA256 + FKO_HMAC_SHA384 + FKO_HMAC_SHA512 +); + # Encryption types tag list. # our @ENCRYPTION_TYPES = qw( @@ -60,6 +70,7 @@ our @ERROR_CODES = qw( FKO_ERROR_DECRYPTION_SIZE FKO_ERROR_DECRYPTION_FAILURE FKO_ERROR_DIGEST_VERIFICATION_FAILED + FKO_ERROR_UNSUPPORTED_HMAC_MODE FKO_ERROR_UNSUPPORTED_FEATURE FKO_ERROR_UNKNOWN GPGME_ERR_START @@ -109,6 +120,13 @@ use constant { FKO_DIGEST_SHA384 => 4, FKO_DIGEST_SHA512 => 5, + # HMAC digest types + FKO_HMAC_MD5 => 1, + FKO_HMAC_SHA1 => 2, + FKO_HMAC_SHA256 => 3, + FKO_HMAC_SHA384 => 4, + FKO_HMAC_SHA512 => 5, + # Encryption types FKO_ENCRYPTION_RIJNDAEL => 1, FKO_ENCRYPTION_GPG => 2, diff --git a/test/test-fwknop.pl b/test/test-fwknop.pl index 503ef577..d5c71724 100755 --- a/test/test-fwknop.pl +++ b/test/test-fwknop.pl @@ -4201,7 +4201,7 @@ sub perl_fko_module_complete_cycle() { $fko_obj->username($user); $fko_obj->spa_message_type(FKO->FKO_ACCESS_MSG); $fko_obj->digest_type($digest_type); - $fko_obj->spa_data_final($key); + $fko_obj->spa_data_final($key, length($key), '', 0); my $encrypted_msg = $fko_obj->spa_data(); @@ -4215,7 +4215,7 @@ sub perl_fko_module_complete_cycle() { return 0; } $fko_obj->spa_data($encrypted_msg); - $fko_obj->decrypt_spa_data($key); + $fko_obj->decrypt_spa_data($key, length($key)); if ($msg ne $fko_obj->spa_message()) { &write_test_file("[-] $msg encrypt/decrypt mismatch\n", @@ -4257,7 +4257,7 @@ sub perl_fko_module_complete_cycle_module_reuse() { $fko_obj->username($user); $fko_obj->spa_message_type(FKO->FKO_ACCESS_MSG); $fko_obj->digest_type($digest_type); - $fko_obj->spa_data_final($key); + $fko_obj->spa_data_final($key, length($key), '', 0); my $encrypted_msg = $fko_obj->spa_data(); @@ -4305,7 +4305,7 @@ sub perl_fko_module_assume_patches_generate_fuzzing_spa_packets() { } $fko_obj->spa_message_type(FKO->FKO_ACCESS_MSG); $fko_obj->digest_type(FKO->FKO_DIGEST_SHA256); - $fko_obj->spa_data_final($fuzzing_key); + $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0); my $fuzzing_str = '[+] Bogus user: ' . $fuzzing_test_tag @@ -4337,7 +4337,7 @@ sub perl_fko_module_assume_patches_generate_fuzzing_spa_packets() { } $fko_obj->spa_message_type(FKO->FKO_ACCESS_MSG); $fko_obj->digest_type(FKO->FKO_DIGEST_SHA256); - $fko_obj->spa_data_final($fuzzing_key); + $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0); my $fuzzing_str = '[+] Bogus access_msg: ' . $fuzzing_test_tag @@ -4370,7 +4370,7 @@ sub perl_fko_module_assume_patches_generate_fuzzing_spa_packets() { } $fko_obj->spa_message_type(FKO->FKO_NAT_ACCESS_MSG); $fko_obj->digest_type(FKO->FKO_DIGEST_SHA256); - $fko_obj->spa_data_final($fuzzing_key); + $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0); my $fuzzing_str = '[+] Bogus NAT_access_msg: ' . $fuzzing_test_tag @@ -4402,7 +4402,7 @@ sub perl_fko_module_assume_patches_generate_fuzzing_spa_packets() { } $fko_obj->spa_message_type(FKO->FKO_COMMAND_MSG); $fko_obj->digest_type(FKO->FKO_DIGEST_SHA256); - $fko_obj->spa_data_final($fuzzing_key); + $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0); my $fuzzing_str = '[+] Bogus cmd_msg: ' . $fuzzing_test_tag @@ -4434,7 +4434,7 @@ sub perl_fko_module_assume_patches_generate_fuzzing_spa_packets() { next TYPE; } $fko_obj->digest_type(FKO->FKO_DIGEST_SHA256); - $fko_obj->spa_data_final($fuzzing_key); + $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0); my $fuzzing_str = '[+] Bogus msg_type: ' . $fuzzing_test_tag @@ -4490,7 +4490,7 @@ sub perl_fko_module_assume_patches_generate_fuzzing_encoding_spa_packets() { } $fko_obj->spa_message_type(FKO->FKO_ACCESS_MSG); $fko_obj->digest_type(FKO->FKO_DIGEST_SHA256); - $fko_obj->spa_data_final($fuzzing_key); + $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0); my $fuzzing_str = '[+] Invalid_encoding user: ' . $fuzzing_test_tag @@ -4522,7 +4522,7 @@ sub perl_fko_module_assume_patches_generate_fuzzing_encoding_spa_packets() { } $fko_obj->spa_message_type(FKO->FKO_ACCESS_MSG); $fko_obj->digest_type(FKO->FKO_DIGEST_SHA256); - $fko_obj->spa_data_final($fuzzing_key); + $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0); my $fuzzing_str = '[+] Invalid_encoding access_msg: ' . $fuzzing_test_tag @@ -4555,7 +4555,7 @@ sub perl_fko_module_assume_patches_generate_fuzzing_encoding_spa_packets() { } $fko_obj->spa_message_type(FKO->FKO_NAT_ACCESS_MSG); $fko_obj->digest_type(FKO->FKO_DIGEST_SHA256); - $fko_obj->spa_data_final($fuzzing_key); + $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0); my $fuzzing_str = '[+] Invalid_encoding NAT_access_msg: ' . $fuzzing_test_tag @@ -4587,7 +4587,7 @@ sub perl_fko_module_assume_patches_generate_fuzzing_encoding_spa_packets() { next CMD; } $fko_obj->digest_type(FKO->FKO_DIGEST_SHA256); - $fko_obj->spa_data_final($fuzzing_key); + $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0); my $fuzzing_str = '[+] Invalid_encoding cmd_msg: ' . $fuzzing_test_tag @@ -4619,7 +4619,7 @@ sub perl_fko_module_assume_patches_generate_fuzzing_encoding_spa_packets() { next TYPE; } $fko_obj->digest_type(FKO->FKO_DIGEST_SHA256); - $fko_obj->spa_data_final($fuzzing_key); + $fko_obj->spa_data_final($fuzzing_key, length($fuzzing_key), '', 0); my $fuzzing_str = '[+] Invalid_encoding msg_type: ' . $fuzzing_test_tag @@ -4698,7 +4698,7 @@ sub perl_fko_module_client_compatibility() { $fko_obj->spa_message("$fake_ip,tcp/22"); $fko_obj->spa_message_type(FKO->FKO_ACCESS_MSG); - $fko_obj->spa_data_final($default_key); + $fko_obj->spa_data_final($default_key, length($default_key), '', 0); my $spa_pkt = $fko_obj->spa_data(); $fko_obj->destroy();