DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

interim commit for supporting multiple HMAC digest types (# 45)

Browse Source
This commit is contained in:
Michael Rash
2013-03-07 23:14:48 -05:00
parent 39ca73a245
commit 44d05a6916
18 changed files with 321 additions and 330 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
lib/fko.h
View File

@@ -92,7 +92,7 @@ typedef enum {
FKO_HMAC_SHA384,
FKO_HMAC_SHA512,
FKO_LAST_HMAC_MODE /* Always leave this as the last one */
} fko_hmac_mode_t;
} fko_hmac_type_t;
/* Supported encryption types...
*/
@@ -186,10 +186,13 @@ typedef enum {
/* General Defaults
*/
#define FKO_DEFAULT_MSG_TYPE FKO_ACCESS_MSG
#define FKO_DEFAULT_DIGEST FKO_DIGEST_SHA256
#define FKO_DEFAULT_ENCRYPTION FKO_ENCRYPTION_RIJNDAEL
#define FKO_DEFAULT_ENC_MODE FKO_ENC_MODE_CBC
#define FKO_DEFAULT_MSG_TYPE FKO_ACCESS_MSG
#define FKO_DEFAULT_DIGEST FKO_DIGEST_SHA256
#define FKO_DEFAULT_ENCRYPTION FKO_ENCRYPTION_RIJNDAEL
#define FKO_DEFAULT_ENC_MODE FKO_ENC_MODE_CBC
#define FKO_DEFAULT_KEY_LEN 0
#define FKO_DEFAULT_HMAC_KEY_LEN 0
#define FKO_DEFAULT_HMAC_MODE FKO_HMAC_SHA256
/* Define the consistent prefixes or salt on some encryption schemes.
*/
@@ -257,13 +260,15 @@ DLL_API int fko_set_raw_spa_digest(fko_ctx_t ctx);
DLL_API int fko_set_spa_encryption_type(fko_ctx_t ctx, const short encrypt_type);
DLL_API int fko_set_spa_encryption_mode(fko_ctx_t ctx, const int encrypt_mode);
DLL_API int fko_set_spa_data(fko_ctx_t ctx, const char * const enc_msg);
DLL_API int fko_set_hmac_mode(fko_ctx_t ctx, const short hmac_mode);
DLL_API int fko_set_hmac_type(fko_ctx_t ctx, const short hmac_type);
/* Data processing and misc utility functions
*/
DLL_API const char* fko_errstr(const int err_code);
DLL_API int fko_encryption_type(const char * const enc_data);
DLL_API int fko_key_gen(char * const key_base64, char * const hmac_key_base64);
DLL_API int fko_key_gen(char * const key_base64, const int key_len,
char * const hmac_key_base64, const int hmac_ken_len,
const int hmac_type);
DLL_API int fko_base64_encode(unsigned char * const in, char * const out, int in_len);
DLL_API int fko_base64_decode(const char * const in, unsigned char *out);
@@ -294,6 +299,7 @@ DLL_API int fko_get_spa_server_auth(fko_ctx_t ctx, char **server_auth);
DLL_API int fko_get_spa_client_timeout(fko_ctx_t ctx, int *client_timeout);
DLL_API int fko_get_spa_digest_type(fko_ctx_t ctx, short *spa_digest_type);
DLL_API int fko_get_raw_spa_digest_type(fko_ctx_t ctx, short *raw_spa_digest_type);
DLL_API int fko_get_spa_hmac_type(fko_ctx_t ctx, short *spa_hmac_type);
DLL_API int fko_get_spa_digest(fko_ctx_t ctx, char **spa_digest);
DLL_API int fko_get_raw_spa_digest(fko_ctx_t ctx, char **raw_spa_digest);
DLL_API int fko_get_spa_encryption_type(fko_ctx_t ctx, short *spa_enc_type);

2
lib/fko_context.h
View File

@@ -69,7 +69,7 @@ struct fko_context {
short digest_type;
short encryption_type;
int encryption_mode;
short hmac_mode;
short hmac_type;
/* Computed or predefined data */
char *version;

40
lib/fko_funcs.c
View File

@@ -352,16 +352,44 @@ fko_destroy(fko_ctx_t ctx)
* encode them
*/
int
fko_key_gen(char * const key_base64, char * const hmac_key_base64)
fko_key_gen(char * const key_base64, const int key_len,
char * const hmac_key_base64, const int hmac_key_len,
const int hmac_type)
{
unsigned char key[RIJNDAEL_MAX_KEYSIZE];
unsigned char hmac_key[SHA256_BLOCK_LEN];
int klen = 0;
int hmac_klen = 0;
get_random_data(key, RIJNDAEL_MAX_KEYSIZE);
get_random_data(hmac_key, SHA256_BLOCK_LEN);
if(key_len == FKO_DEFAULT_KEY_LEN)
klen = RIJNDAEL_MAX_KEYSIZE;
b64_encode(key, key_base64, RIJNDAEL_MAX_KEYSIZE);
b64_encode(hmac_key, hmac_key_base64, SHA256_BLOCK_LEN);
if(hmac_key_len == FKO_DEFAULT_KEY_LEN)
{
if(hmac_type == FKO_DEFAULT_HMAC_MODE
|| hmac_type == FKO_HMAC_SHA256)
hmac_klen = SHA256_BLOCK_LEN;
else if(hmac_type == FKO_HMAC_MD5)
hmac_klen = MD5_DIGEST_LEN;
else if(hmac_type == FKO_HMAC_SHA1)
hmac_klen = SHA1_DIGEST_LEN;
else if(hmac_type == FKO_HMAC_SHA384)
hmac_klen = SHA384_BLOCK_LEN;
else if(hmac_type == FKO_HMAC_SHA512)
hmac_klen = SHA512_BLOCK_LEN;
}
if((klen < 1) || (klen > RIJNDAEL_MAX_KEYSIZE))
return(FKO_ERROR_INVALID_DATA);
if((hmac_klen < 1) || (hmac_klen > SHA512_BLOCK_LEN))
return(FKO_ERROR_INVALID_DATA);
get_random_data(key, klen);
get_random_data(hmac_key, hmac_klen);
b64_encode(key, key_base64, klen);
b64_encode(hmac_key, hmac_key_base64, hmac_klen);
return(FKO_SUCCESS);
}
@@ -417,7 +445,7 @@ fko_spa_data_final(fko_ctx_t ctx,
/* Now calculate hmac if so configured
*/
if (res == FKO_SUCCESS &&
ctx->hmac_mode != FKO_HMAC_UNKNOWN && hmac_key != NULL)
ctx->hmac_type != FKO_HMAC_UNKNOWN && hmac_key != NULL)
{
res = fko_calculate_hmac(ctx, hmac_key, hmac_key_len);

25
lib/fko_hmac.c
View File

@@ -86,7 +86,7 @@ int fko_verify_hmac(fko_ctx_t ctx,
/* Calculate the HMAC from the encrypted data and then
* compare
*/
res = fko_set_hmac_mode(ctx, FKO_HMAC_SHA256);
res = fko_set_hmac_type(ctx, FKO_HMAC_SHA256);
if(res == FKO_SUCCESS)
{
res = fko_calculate_hmac(ctx, hmac_key, hmac_key_len);
@@ -123,23 +123,38 @@ fko_get_hmac_data(fko_ctx_t ctx, char **hmac_data)
/* Set the HMAC type
*/
int
fko_set_hmac_mode(fko_ctx_t ctx, const short hmac_mode)
fko_set_hmac_type(fko_ctx_t ctx, const short hmac_type)
{
/* Must be initialized
*/
if(!CTX_INITIALIZED(ctx))
return(FKO_ERROR_CTX_NOT_INITIALIZED);
if(hmac_mode < 0 || hmac_mode >= FKO_LAST_HMAC_MODE)
if(hmac_type < 0 || hmac_type >= FKO_LAST_HMAC_MODE)
return(FKO_ERROR_INVALID_DATA);
ctx->hmac_mode = hmac_mode;
ctx->hmac_type = hmac_type;
ctx->state |= FKO_HMAC_MODE_MODIFIED;
return(FKO_SUCCESS);
}
/* Return the fko HMAC type
*/
int
fko_get_spa_hmac_type(fko_ctx_t ctx, short *hmac_type)
{
/* Must be initialized
*/
if(!CTX_INITIALIZED(ctx))
return(FKO_ERROR_CTX_NOT_INITIALIZED);
*hmac_type = ctx->hmac_type;
return(FKO_SUCCESS);
}
int fko_calculate_hmac(fko_ctx_t ctx,
const char * const hmac_key, const int hmac_key_len)
{
@@ -155,7 +170,7 @@ int fko_calculate_hmac(fko_ctx_t ctx,
/* Only HMAC-SHA256 is supported for now
*/
if(ctx->hmac_mode != FKO_HMAC_SHA256)
if(ctx->hmac_type != FKO_HMAC_SHA256)
return(FKO_ERROR_UNSUPPORTED_HMAC_MODE);
hmac_base64 = calloc(1, MD_HEX_SIZE(SHA256_DIGEST_LEN)+1);

36
lib/fko_util.c
View File

@@ -44,6 +44,42 @@ is_valid_encoded_msg_len(const int len)
return(1);
}
/* Convert a digest_type string to its integer value.
*/
short
digest_strtoint(const char *dt_str)
{
if(strcasecmp(dt_str, "md5") == 0)
return(FKO_DIGEST_MD5);
else if(strcasecmp(dt_str, "sha1") == 0)
return(FKO_DIGEST_SHA1);
else if(strcasecmp(dt_str, "sha256") == 0)
return(FKO_DIGEST_SHA256);
else if(strcasecmp(dt_str, "sha384") == 0)
return(FKO_DIGEST_SHA384);
else if(strcasecmp(dt_str, "sha512") == 0)
return(FKO_DIGEST_SHA512);
else
return(-1);
}
short
hmac_digest_strtoint(const char *dt_str)
{
if(strcasecmp(dt_str, "md5") == 0)
return(FKO_HMAC_MD5);
else if(strcasecmp(dt_str, "sha1") == 0)
return(FKO_HMAC_SHA1);
else if(strcasecmp(dt_str, "sha256") == 0)
return(FKO_HMAC_SHA256);
else if(strcasecmp(dt_str, "sha384") == 0)
return(FKO_HMAC_SHA384);
else if(strcasecmp(dt_str, "sha512") == 0)
return(FKO_HMAC_SHA512);
else
return(-1);
}
/* Validate plaintext input size
*/
int

2
lib/fko_util.h
View File

@@ -39,6 +39,8 @@ int is_valid_digest_len(const int len);
int enc_mode_strtoint(const char *enc_mode_str);
int strtol_wrapper(const char * const str, const int min,
const int max, const int exit_upon_err, int *is_err);
short digest_strtoint(const char *dt_str);
short hmac_digest_strtoint(const char *dt_str);
size_t strlcat(char *dst, const char *src, size_t siz);
size_t strlcpy(char *dst, const char *src, size_t siz);

2
lib/sha2.h
View File

@@ -71,10 +71,12 @@ extern "C" {
#define SHA256_DIGEST_LEN 32
#define SHA256_DIGEST_STR_LEN (SHA256_DIGEST_LEN * 2 + 1)
#define SHA256_B64_LEN 43
#define SHA384_BLOCK_LEN 128
#define SHA384_DIGEST_LEN 48
#define SHA384_DIGEST_STR_LEN (SHA384_DIGEST_LEN * 2 + 1)
#define SHA384_B64_LEN 64
#define SHA512_BLOCK_LEN 128
#define SHA512_DIGEST_LEN 64
#define SHA512_DIGEST_STR_LEN (SHA512_DIGEST_LEN * 2 + 1)