DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

[client] --key-gen bug fix to print keys to stdout

Browse Source
This commit is contained in:
Michael Rash 2013-05-17 21:03:16 -04:00
parent b6562d3bf3
commit 45244114f8
5 changed files with 42 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
client/config_init.c
View File

@ -1360,6 +1360,9 @@ validate_options(fko_cli_options_t *options)
if(options->use_hmac && options->hmac_type == FKO_HMAC_UNKNOWN) if(options->use_hmac && options->hmac_type == FKO_HMAC_UNKNOWN)
options->hmac_type = FKO_DEFAULT_HMAC_MODE; options->hmac_type = FKO_DEFAULT_HMAC_MODE;
if(options->key_gen && options->hmac_type == FKO_HMAC_UNKNOWN)
options->hmac_type = FKO_DEFAULT_HMAC_MODE;
return; return;
} }
@ -1491,7 +1494,7 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
strlcpy(options->get_key_file, optarg, sizeof(options->get_key_file)); strlcpy(options->get_key_file, optarg, sizeof(options->get_key_file));
cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_KEY_FILE); cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_KEY_FILE);
break; break;
case GET_HMAC_KEY: case GET_HMAC_KEY:
strlcpy(options->get_hmac_key_file, optarg, strlcpy(options->get_hmac_key_file, optarg,
sizeof(options->get_hmac_key_file)); sizeof(options->get_hmac_key_file));
options->use_hmac = 1; options->use_hmac = 1;

11
client/fwknop.c
View File

@ -205,10 +205,19 @@ main(int argc, char **argv)
*/ */
if(options.key_gen) if(options.key_gen)
{ {
fko_key_gen(options.key_base64, options.key_len, memset(options.key_base64, 0x00, MAX_B64_KEY_LEN+1);
memset(options.hmac_key_base64, 0x00, MAX_B64_KEY_LEN+1);
res = fko_key_gen(options.key_base64, options.key_len,
options.hmac_key_base64, options.hmac_key_len, options.hmac_key_base64, options.hmac_key_len,
options.hmac_type); options.hmac_type);
if(res != FKO_SUCCESS)
{
errmsg("fko_key_gen", res);
return(EXIT_FAILURE);
}
if(options.key_gen_file[0] != '\0') if(options.key_gen_file[0] != '\0')
{ {
if ((key_gen_file_ptr = fopen(options.key_gen_file, "w")) == NULL) if ((key_gen_file_ptr = fopen(options.key_gen_file, "w")) == NULL)

10
lib/fko_funcs.c
View File

@ -381,6 +381,7 @@ fko_key_gen(char * const key_base64, const int key_len,
unsigned char hmac_key[SHA512_BLOCK_LEN]; unsigned char hmac_key[SHA512_BLOCK_LEN];
int klen = key_len; int klen = key_len;
int hmac_klen = hmac_key_len; int hmac_klen = hmac_key_len;
int b64_len = 0;
if(key_len == FKO_DEFAULT_KEY_LEN) if(key_len == FKO_DEFAULT_KEY_LEN)
klen = RIJNDAEL_MAX_KEYSIZE; klen = RIJNDAEL_MAX_KEYSIZE;
@ -409,8 +410,13 @@ fko_key_gen(char * const key_base64, const int key_len,
get_random_data(key, klen); get_random_data(key, klen);
get_random_data(hmac_key, hmac_klen); get_random_data(hmac_key, hmac_klen);
b64_encode(key, key_base64, klen); b64_len = b64_encode(key, key_base64, klen);
b64_encode(hmac_key, hmac_key_base64, hmac_klen); if(b64_len < klen)
return(FKO_ERROR_INVALID_DATA);
b64_len = b64_encode(hmac_key, hmac_key_base64, hmac_klen);
if(b64_len < hmac_klen)
return(FKO_ERROR_INVALID_DATA);
return(FKO_SUCCESS); return(FKO_SUCCESS);
} }

27
test/test-fwknop.pl
View File

@ -346,6 +346,7 @@ exit 1 unless GetOptions(
### can set the following to "output.last/valgrind-coverage" if ### can set the following to "output.last/valgrind-coverage" if
### a full test suite run has already been executed with --enable-valgrind ### a full test suite run has already been executed with --enable-valgrind
'valgrind-prev-cov-dir=s' => \$previous_valgrind_coverage_dir, 'valgrind-prev-cov-dir=s' => \$previous_valgrind_coverage_dir,
'openssl-path=s' => \$openssl_path,
'output-dir=s' => \$output_dir, 'output-dir=s' => \$output_dir,
'diff' => \$diff_mode, 'diff' => \$diff_mode,
'diff-dir1=s' => \$diff_dir1, 'diff-dir1=s' => \$diff_dir1,
@ -4307,8 +4308,11 @@ sub key_gen_uniqueness() {
my %rijndael_keys = (); my %rijndael_keys = ();
my %hmac_keys = (); my %hmac_keys = ();
my $rv = 1;
### collect key information ### collect key information
my $found_dup = 0; my $found_dup = 0;
for (my $i=0; $i < $uniq_keys; $i++) { for (my $i=0; $i < $uniq_keys; $i++) {
open CMD, "$test_hr->{'cmdline'} | " or die $!; open CMD, "$test_hr->{'cmdline'} | " or die $!;
while (<CMD>) { while (<CMD>) {
@ -4324,7 +4328,12 @@ sub key_gen_uniqueness() {
last if $found_dup; last if $found_dup;
} }
return ! $found_dup; $rv = 0 if $found_dup;
$rv = 0 unless keys %rijndael_keys == $uniq_keys;
$rv = 0 unless keys %hmac_keys == $uniq_keys;
return $rv;
} }
### check for PIE ### check for PIE
@ -5062,11 +5071,11 @@ sub init() {
} }
if ($enable_openssl_compatibility_tests) { if ($enable_openssl_compatibility_tests) {
$openssl_path = &find_command('openssl'); $openssl_path = &find_command('openssl') unless $openssl_path;
if ($openssl_path) { if ($openssl_path) {
require MIME::Base64; require MIME::Base64;
MIME::Base64->import(qw(encode_base64 decode_base64)); MIME::Base64->import(qw(encode_base64 decode_base64));
$base64_path = &find_command('base64'); $base64_path = &find_command('base64') unless $base64_path;
### check for hmac openssl support ### check for hmac openssl support
&openssl_hmac_style_check(); &openssl_hmac_style_check();
@ -5079,7 +5088,7 @@ sub init() {
} }
if ($enable_valgrind) { if ($enable_valgrind) {
$valgrind_path = &find_command('valgrind'); $valgrind_path = &find_command('valgrind') unless $valgrind_path;
unless ($valgrind_path) { unless ($valgrind_path) {
print "[-] --enable-valgrind mode requested ", print "[-] --enable-valgrind mode requested ",
"but valgrind not found, disabling.\n"; "but valgrind not found, disabling.\n";
@ -5123,7 +5132,7 @@ sub init() {
die "[*] The python test script: $python_script doesn't exist ", die "[*] The python test script: $python_script doesn't exist ",
"or is not executable." "or is not executable."
unless -e $python_script and -x $python_script; unless -e $python_script and -x $python_script;
$python_path = &find_command('python'); $python_path = &find_command('python') unless $python_path;
unless ($python_path) { unless ($python_path) {
push @tests_to_exclude, qr/python fko extension/ push @tests_to_exclude, qr/python fko extension/
} }
@ -5142,16 +5151,16 @@ sub init() {
push @tests_to_exclude, qr/perl FKO module.*FUZZING/; push @tests_to_exclude, qr/perl FKO module.*FUZZING/;
} }
$sudo_path = &find_command('sudo'); $sudo_path = &find_command('sudo') unless $sudo_path;
$killall_path = &find_command('killall'); $killall_path = &find_command('killall') unless $killall_path;
$pgrep_path = &find_command('pgrep'); $pgrep_path = &find_command('pgrep') unless $pgrep_path;
unless ((&find_command('cc') or &find_command('gcc')) and &find_command('make')) { unless ((&find_command('cc') or &find_command('gcc')) and &find_command('make')) {
### disable compilation checks ### disable compilation checks
push @tests_to_exclude, qr/recompilation/; push @tests_to_exclude, qr/recompilation/;
} }
$gcov_path = &find_command('gcov'); $gcov_path = &find_command('gcov') unless $gcov_path;
if ($gcov_path) { if ($gcov_path) {
if ($enable_profile_coverage_check) { if ($enable_profile_coverage_check) {

3
test/tests/rijndael.pl
View File

@ -325,7 +325,8 @@
'function' => \&generic_exec, 'function' => \&generic_exec,
'cmdline' => "LD_LIBRARY_PATH=$lib_dir " . 'cmdline' => "LD_LIBRARY_PATH=$lib_dir " .
"$valgrind_str $fwknopCmd --key-gen", "$valgrind_str $fwknopCmd --key-gen",
'positive_output_matches' => [qr/BASE64/, qw/HMAC/, qw/KEY/], 'positive_output_matches' => [qr/^KEY_BASE64\:?\s\S{10}/,
qw/HMAC_KEY_BASE64\:?\s\S{10}/],
'fatal' => $NO 'fatal' => $NO
}, },
{ {