From 6fa3be393c02dfd9725690a84900f519bfa7659f Mon Sep 17 00:00:00 2001 From: Damien Stuart Date: Sun, 10 Mar 2013 13:21:24 -0400 Subject: [PATCH] Renamed fko_set_hmac_type to fko_set_spa_hmac_type. Incorporated libfko changes and additions to the fko python module code. --- client/fwknop.c | 4 +- fwknop.spec | 2 +- lib/fko.h | 4 +- lib/fko_hmac.c | 4 +- perl/FKO/FKO.xs | 2 +- python/fko.py | 255 ++++++++++++++++++--- python/fkomodule.c | 407 ++++++++++++++++++++++++++++++++- python/setup.py | 6 +- test/fko-wrapper/fko_wrapper.c | 4 +- 9 files changed, 631 insertions(+), 57 deletions(-) diff --git a/client/fwknop.c b/client/fwknop.c index f29dda22..012f07d4 100644 --- a/client/fwknop.c +++ b/client/fwknop.c @@ -970,10 +970,10 @@ get_keys(fko_ctx_t ctx, fko_cli_options_t *options, if (use_hmac) { - res = fko_set_hmac_type(ctx, FKO_HMAC_SHA256); + res = fko_set_spa_hmac_type(ctx, FKO_HMAC_SHA256); if(res != FKO_SUCCESS) { - errmsg("fko_set_hmac_type", res); + errmsg("fko_set_spa_hmac_type", res); exit(EXIT_FAILURE); } } diff --git a/fwknop.spec b/fwknop.spec index 8394cbba..f7e167e5 100644 --- a/fwknop.spec +++ b/fwknop.spec @@ -13,7 +13,7 @@ %define _mandir /usr/share/man Name: fwknop -Version: 2.0.4 +Version: 2.5.0b Epoch: 1 Release: 1%{?dist} Summary: Firewall Knock Operator client. An implementation of Single Packet Authorization. diff --git a/lib/fko.h b/lib/fko.h index 3617bf0a..ba02b4f3 100644 --- a/lib/fko.h +++ b/lib/fko.h @@ -53,7 +53,7 @@ extern "C" { /* General params */ -#define FKO_PROTOCOL_VERSION "2.0.4" /* The fwknop protocol version */ +#define FKO_PROTOCOL_VERSION "2.5.0" /* The fwknop protocol version */ /* Supported FKO Message types... */ @@ -260,7 +260,7 @@ DLL_API int fko_set_raw_spa_digest(fko_ctx_t ctx); DLL_API int fko_set_spa_encryption_type(fko_ctx_t ctx, const short encrypt_type); DLL_API int fko_set_spa_encryption_mode(fko_ctx_t ctx, const int encrypt_mode); DLL_API int fko_set_spa_data(fko_ctx_t ctx, const char * const enc_msg); -DLL_API int fko_set_hmac_type(fko_ctx_t ctx, const short hmac_type); +DLL_API int fko_set_spa_hmac_type(fko_ctx_t ctx, const short hmac_type); /* Data processing and misc utility functions */ diff --git a/lib/fko_hmac.c b/lib/fko_hmac.c index 8d698594..13243671 100644 --- a/lib/fko_hmac.c +++ b/lib/fko_hmac.c @@ -86,7 +86,7 @@ int fko_verify_hmac(fko_ctx_t ctx, /* Calculate the HMAC from the encrypted data and then * compare */ - res = fko_set_hmac_type(ctx, FKO_HMAC_SHA256); + res = fko_set_spa_hmac_type(ctx, FKO_HMAC_SHA256); if(res == FKO_SUCCESS) { res = fko_calculate_hmac(ctx, hmac_key, hmac_key_len); @@ -123,7 +123,7 @@ fko_get_hmac_data(fko_ctx_t ctx, char **hmac_data) /* Set the HMAC type */ int -fko_set_hmac_type(fko_ctx_t ctx, const short hmac_type) +fko_set_spa_hmac_type(fko_ctx_t ctx, const short hmac_type) { /* Must be initialized */ diff --git a/perl/FKO/FKO.xs b/perl/FKO/FKO.xs index 71c08673..f2de427b 100644 --- a/perl/FKO/FKO.xs +++ b/perl/FKO/FKO.xs @@ -184,7 +184,7 @@ _set_hmac_type(ctx, hmac_type) fko_ctx_t ctx; short hmac_type; CODE: - RETVAL = fko_set_hmac_type(ctx, hmac_type); + RETVAL = fko_set_spa_hmac_type(ctx, hmac_type); OUTPUT: RETVAL diff --git a/python/fko.py b/python/fko.py index 5afda6ec..f9cf5194 100644 --- a/python/fko.py +++ b/python/fko.py @@ -61,17 +61,43 @@ FKO_CLIENT_TIMEOUT_LOCAL_NAT_ACCESS_MSG = 6 """Digest type constants """ +FKO_DIGEST_INVALID_DATA = -1 +FKO_DIGEST_UNKNOWN = 0 FKO_DIGEST_MD5 = 1 FKO_DIGEST_SHA1 = 2 FKO_DIGEST_SHA256 = 3 FKO_DIGEST_SHA384 = 4 FKO_DIGEST_SHA512 = 5 +"""Digest type constants +""" +FKO_HMAC_INVALID_DATA = -1 +FKO_HMAC_UNKNOWN = 0 +FKO_HMAC_MD5 = 1 +FKO_HMAC_SHA1 = 2 +FKO_HMAC_SHA256 = 3 +FKO_HMAC_SHA384 = 4 +FKO_HMAC_SHA512 = 5 + """Encryption type constants """ +FKO_ENCRYPTION_INVALID_DATA = -1 +FKO_ENCRYPTION_UNKNOWN = 0 FKO_ENCRYPTION_RIJNDAEL = 1 FKO_ENCRYPTION_GPG = 2 +"""Symmetric encryption modes to correspond to rijndael.h +""" +FKO_ENC_MODE_UNKNOWN = 0 +FKO_ENC_MODE_ECB = 1 +FKO_ENC_MODE_CBC = 2 +FKO_ENC_MODE_CFB = 3 +FKO_ENC_MODE_PCBC = 4 +FKO_ENC_MODE_OFB = 5 +FKO_ENC_MODE_CTR = 6 +FKO_ENC_MODE_ASYMMETRIC = 7 +FKO_ENC_MODE_CBC_LEGACY_IV = 8 + """FKO error codes """ FKO_SUCCESS = 0 @@ -93,35 +119,36 @@ FKO_ERROR_WRONG_ENCRYPTION_TYPE = 15 FKO_ERROR_DECRYPTION_SIZE = 16 FKO_ERROR_DECRYPTION_FAILURE = 17 FKO_ERROR_DIGEST_VERIFICATION_FAILED = 18 -FKO_ERROR_UNSUPPORTED_FEATURE = 19 -FKO_ERROR_UNKNOWN = 20 +FKO_UNSUPPOERTED_HMAC_MODE = 19 +FKO_ERROR_UNSUPPORTED_FEATURE = 20 +FKO_ERROR_UNKNOWN = 21 # Start GPGME-related errors -GPGME_ERR_START = 21 -FKO_ERROR_MISSING_GPG_KEY_DATA = 22 -FKO_ERROR_GPGME_NO_OPENPGP = 23 -FKO_ERROR_GPGME_CONTEXT = 24 -FKO_ERROR_GPGME_PLAINTEXT_DATA_OBJ = 25 -FKO_ERROR_GPGME_SET_PROTOCOL = 26 -FKO_ERROR_GPGME_CIPHER_DATA_OBJ = 27 -FKO_ERROR_GPGME_BAD_PASSPHRASE = 28 -FKO_ERROR_GPGME_ENCRYPT_SIGN = 29 -FKO_ERROR_GPGME_CONTEXT_SIGNER_KEY = 30 -FKO_ERROR_GPGME_SIGNER_KEYLIST_START = 31 -FKO_ERROR_GPGME_SIGNER_KEY_NOT_FOUND = 32 -FKO_ERROR_GPGME_SIGNER_KEY_AMBIGUOUS = 33 -FKO_ERROR_GPGME_ADD_SIGNER = 34 -FKO_ERROR_GPGME_CONTEXT_RECIPIENT_KEY = 35 -FKO_ERROR_GPGME_RECIPIENT_KEYLIST_START = 36 -FKO_ERROR_GPGME_RECIPIENT_KEY_NOT_FOUND = 37 -FKO_ERROR_GPGME_RECIPIENT_KEY_AMBIGUOUS = 38 -FKO_ERROR_GPGME_DECRYPT_FAILED = 39 -FKO_ERROR_GPGME_DECRYPT_UNSUPPORTED_ALGORITHM = 40 -FKO_ERROR_GPGME_BAD_GPG_EXE = 41 -FKO_ERROR_GPGME_BAD_HOME_DIR = 42 -FKO_ERROR_GPGME_SET_HOME_DIR = 43 -FKO_ERROR_GPGME_NO_SIGNATURE = 44 -FKO_ERROR_GPGME_BAD_SIGNATURE = 45 -FKO_ERROR_GPGME_SIGNATURE_VERIFY_DISABLED = 46 +GPGME_ERR_START = 22 +FKO_ERROR_MISSING_GPG_KEY_DATA = 23 +FKO_ERROR_GPGME_NO_OPENPGP = 24 +FKO_ERROR_GPGME_CONTEXT = 25 +FKO_ERROR_GPGME_PLAINTEXT_DATA_OBJ = 26 +FKO_ERROR_GPGME_SET_PROTOCOL = 27 +FKO_ERROR_GPGME_CIPHER_DATA_OBJ = 28 +FKO_ERROR_GPGME_BAD_PASSPHRASE = 29 +FKO_ERROR_GPGME_ENCRYPT_SIGN = 30 +FKO_ERROR_GPGME_CONTEXT_SIGNER_KEY = 31 +FKO_ERROR_GPGME_SIGNER_KEYLIST_START = 32 +FKO_ERROR_GPGME_SIGNER_KEY_NOT_FOUND = 33 +FKO_ERROR_GPGME_SIGNER_KEY_AMBIGUOUS = 34 +FKO_ERROR_GPGME_ADD_SIGNER = 35 +FKO_ERROR_GPGME_CONTEXT_RECIPIENT_KEY = 36 +FKO_ERROR_GPGME_RECIPIENT_KEYLIST_START = 37 +FKO_ERROR_GPGME_RECIPIENT_KEY_NOT_FOUND = 38 +FKO_ERROR_GPGME_RECIPIENT_KEY_AMBIGUOUS = 39 +FKO_ERROR_GPGME_DECRYPT_FAILED = 40 +FKO_ERROR_GPGME_DECRYPT_UNSUPPORTED_ALGORITHM = 41 +FKO_ERROR_GPGME_BAD_GPG_EXE = 42 +FKO_ERROR_GPGME_BAD_HOME_DIR = 43 +FKO_ERROR_GPGME_SET_HOME_DIR = 44 +FKO_ERROR_GPGME_NO_SIGNATURE = 45 +FKO_ERROR_GPGME_BAD_SIGNATURE = 46 +FKO_ERROR_GPGME_SIGNATURE_VERIFY_DISABLED = 47 ### End FKO Constants ### @@ -423,7 +450,51 @@ class Fko: """ return _fko.get_encoded_data(self.ctx) - def spa_data_final(self, key): + def raw_spa_digest_type(self, val=None): + """Get or set the raw spa_digest_type + + This is an integer value. If no argument is given, the current value + is returned. Otherwise, the SPA message client timeout value will + be set to the given value. + """ + if val != None: + _fko.set_raw_spa_digest_type(self.ctx, val) + else: + return _fko.get_raw_spa_digest_type(self.ctx) + + def raw_spa_digest(self, val=None): + """Get or set the raw spa_digest_type + """ + if val != None: + _fko.set_raw_spa_digest(self.ctx, val) + else: + return _fko.get_raw_spa_digest(self.ctx) + + def spa_encryption_mode(self, val=None): + """Get or set the spa_encryption mode + + This is an integer value. If no argument is given, the current value + is returned. Otherwise, the SPA message client timeout value will + be set to the given value. + """ + if val != None: + _fko.set_spa_encryption_mode(self.ctx, val) + else: + return _fko.get_spa_encryption_mode(self.ctx) + + def spa_hmac_type(self, val=None): + """Get or set the spa_hmac_type + + This is an integer value. If no argument is given, the current value + is returned. Otherwise, the SPA message client timeout value will + be set to the given value. + """ + if val != None: + _fko.set_spa_hmac_type(self.ctx, val) + else: + return _fko.get_spa_hmac_type(self.ctx) + + def spa_data_final(self, key, hmac_key): """Perform final processing and generation of the SPA message data. This function is the final step in creating a complete encrypted @@ -431,7 +502,7 @@ class Fko: does require all of the requisite SPA data fields be set. Otherwise, it will fail and throw an fko.error exception. """ - _fko.spa_data_final(self.ctx, key) + _fko.spa_data_final(self.ctx, key, hmac_key) def gen_spa_data(self, key): """Alias for "spa_data_final()". @@ -493,6 +564,44 @@ class Fko: """ _fko.decrypt_spa_data(self.ctx, key) +# --DSS + + def encryption_type(self, enc_data): + """Return the assumed encryption type based on the encryptped data + """ + _fko.encryption_type(enc_data) + + def key_gen(self, keyb64, hmac_keyb64): + """Generate Rijndael and HMAC keys and base64 encode them + """ + _fko.key_gen(keyb64, hmac_keyb64) + + def base64_encode(self, indata): + """Base64 encode function + """ + _fko.base64_encode(indata) + + def base64_decode(self, indata): + """Base64 decode function + """ + _fko.base64_decode(indata) + + def verify_hmac(self, hmac_key): + """Generate HMAC for the data and verify it against the HMAC included with the data + """ + _fko.verify_hmac(self.ctx, hmac_key) + + def calculate_hmac(self, hmac_key): + """Calculate the HMAC for the given data + """ + _fko.calculate_hmac(self.ctx, hmac_key) + + def get_hmac_data(self): + """Return the HMAC for the data in the current context + """ + _fko.get_hmac_data(self.ctx) + + # GPG-related functions. def gpg_recipient(self, val=None): @@ -637,6 +746,11 @@ class Fko: return True return False + def gpg_errstr(self): + """Return the last GPG-related error on the current context + """ + _fko.fko_gpg_errstr(self.ctx) + # Error message string function. def errstr(self, val): @@ -668,16 +782,23 @@ class Fko: elif val == FKO_CLIENT_TIMEOUT_LOCAL_NAT_ACCESS_MSG: mts = "Local NAT Access Message with timeout" else: - mts = "Unknown message type" + mts = "Unknown SPA message type" return mts def digest_type_str(self, val=None): """Returns the digest type string for the given value. + + If no value is given, the digest type for the current context + is returned. """ if val == None: val = _fko.get_spa_digest_type(self.ctx) - if val == FKO_DIGEST_MD5: + if val == FKO_DIGEST_INVALID_DATA: + dts = "invalid_data" + elif val == FKO_DIGEST_UNKNOWN: + dts = "unknown" + elif val == FKO_DIGEST_MD5: dts = "MD5" elif val == FKO_DIGEST_SHA1: dts = "SHA1" @@ -688,16 +809,50 @@ class Fko: elif val == FKO_DIGEST_SHA512: dts = "SHA512" else: - dts = "Unknown digest type" + dts = "Invalid digest type value" return dts + def hmac_type_str(self, val=None): + """Returns the HMAC type string for the given value. + + If no value is given, the HMAC type for the current context + is returned. + """ + if val == None: + val = _fko.get_spa_hmac_type(self.ctx) + + if val == FKO_HMAC_INVALID_DATA: + ht = "invalid_data" + elif val == FKO_HMAC_UNKNOWN: + ht = "unknown" + elif val == FKO_HMAC_MD5: + ht = "MD5" + elif val == FKO_HMAC_SHA1: + ht = "SHA1" + elif val == FKO_HMAC_SHA256: + ht = "SHA256" + elif val == FKO_HMAC_SHA384: + ht = "SHA384" + elif val == FKO_HMAC_SHA512: + ht = "SHA512" + else: + ht = "Invalid HMAC digest type value" + return ht + def encryption_type_str(self, val=None): """Returns the encryption type string for the given value. + + If no value is given, the encryption type for the current context + is returned. """ if val == None: val = _fko.get_spa_encryption_type(self.ctx) - if val == FKO_ENCRYPTION_RIJNDAEL: + if val == FKO_ENCRYPTION_INVALID_DATA: + ets = "invalid_data" + elif val == FKO_ENCRYPTION_UNKNOWN: + ets = "unknown" + elif val == FKO_ENCRYPTION_RIJNDAEL: ets = "Rijndael (AES)" elif val == FKO_ENCRYPTION_GPG: ets = "GPG" @@ -705,6 +860,38 @@ class Fko: ets = "Unknown encryption type" return ets + def encryption_mode_str(self, val=None): + """Returns the encryption mode string for the given value. + + If no value is given, the encryption mode for the current context + is returned. + """ + if val == None: + val = _fko.get_spa_encryption_mode(self.ctx) + + if val == FKO_ENC_MODE_UNKNOWN: + dts = "unknown" + elif val == FKO_ENC_MODE_ECB: + dts = "ECB" + elif val == FKO_ENC_MODE_CBC: + dts = "CBC" + elif val == FKO_ENC_MODE_CBF: + dts = "CBF" + elif val == FKO_ENC_MODE_PCBC: + dts = "PCBC" + elif val == FKO_ENC_MODE_OFB: + dts = "OFB" + elif val == FKO_ENC_MODE_CTR: + dts = "CTR" + elif val == FKO_ENC_MODE_ASYMMETRIC: + dts = "ASYMMETRIC" + elif val == FKO_ENC_MODE_CBC_LEGACY_IV: + dts = "CBC_LEGACY_IV" + else: + dts = "Invalid encryption mode value" + return dts + + def __call__(self): """Calls the spa_data() method. diff --git a/python/fkomodule.c b/python/fkomodule.c index ef96d6f0..23d70d53 100644 --- a/python/fkomodule.c +++ b/python/fkomodule.c @@ -54,6 +54,15 @@ static PyObject * get_spa_data(PyObject *self, PyObject *args); static PyObject * set_spa_data(PyObject *self, PyObject *args); static PyObject * get_encoded_data(PyObject *self, PyObject *args); +static PyObject * get_raw_spa_digest_type(PyObject *self, PyObject *args); +static PyObject * set_raw_spa_digest_type(PyObject *self, PyObject *args); +static PyObject * get_raw_spa_digest(PyObject *self, PyObject *args); +static PyObject * set_raw_spa_digest(PyObject *self, PyObject *args); +static PyObject * get_spa_encryption_mode(PyObject *self, PyObject *args); +static PyObject * set_spa_encryption_mode(PyObject *self, PyObject *args); +static PyObject * get_spa_hmac_type(PyObject *self, PyObject *args); +static PyObject * set_spa_hmac_type(PyObject *self, PyObject *args); + /* FKO other utility Functions. */ static PyObject * spa_data_final(PyObject *self, PyObject *args); @@ -62,6 +71,14 @@ static PyObject * encrypt_spa_data(PyObject *self, PyObject *args); static PyObject * decode_spa_data(PyObject *self, PyObject *args); static PyObject * encode_spa_data(PyObject *self, PyObject *args); +static PyObject * encryption_type(PyObject *self, PyObject *args); +static PyObject * key_gen(PyObject *self, PyObject *args); +static PyObject * base64_encode(PyObject *self, PyObject *args); +static PyObject * base64_decode(PyObject *self, PyObject *args); +static PyObject * verify_hmac(PyObject *self, PyObject *args); +static PyObject * calculate_hmac(PyObject *self, PyObject *args); +static PyObject * get_hmac_data(PyObject *self, PyObject *args); + /* FKO GPG-related Functions. */ static PyObject * get_gpg_recipient(PyObject *self, PyObject *args); @@ -83,9 +100,10 @@ static PyObject * get_gpg_signature_status(PyObject *self, PyObject *args); static PyObject * gpg_signature_id_match(PyObject *self, PyObject *args); static PyObject * gpg_signature_fpr_match(PyObject *self, PyObject *args); -/* FKO error message function. +/* FKO error message functions. */ static PyObject * errstr(PyObject *self, PyObject *args); +static PyObject * gpg_errstr(PyObject *self, PyObject *args); static PyMethodDef FKOMethods[] = { {"init_ctx", init_ctx, METH_VARARGS, @@ -148,6 +166,23 @@ static PyMethodDef FKOMethods[] = { {"get_encoded_data", get_encoded_data, METH_VARARGS, "Returns the encoded_data string for this context"}, +//--DSS + {"get_raw_spa_digest_type", get_raw_spa_digest_type, METH_VARARGS, + "Returns the raw spa_digest_type value for this context"}, + {"set_raw_spa_digest_type", set_raw_spa_digest_type, METH_VARARGS, + "Sets the raw_spa_digest_type string for this context"}, + {"get_raw_spa_digest", get_raw_spa_digest, METH_VARARGS, + "Returns the raw spa_digest value for this context"}, + {"set_raw_spa_digest", set_raw_spa_digest, METH_VARARGS, + "Sets the raw_spa_digest string for this context"}, + {"get_spa_encryption_mode", get_spa_encryption_mode, METH_VARARGS, + "Returns the raw spa_encryption_mode value for this context"}, + {"set_spa_encryption_mode", set_spa_encryption_mode, METH_VARARGS, + "Sets the set_spa_encryption_mode string for this context"}, + {"get_spa_hmac_type", get_spa_hmac_type, METH_VARARGS, + "Returns the raw spa_hmac_type value for this context"}, + {"set_spa_hmac_type", set_spa_hmac_type, METH_VARARGS, + "Sets the spa_hmac_type string for this context"}, {"spa_data_final", spa_data_final, METH_VARARGS, "Recalculate and recreate the SPA data for the current context"}, @@ -160,6 +195,21 @@ static PyMethodDef FKOMethods[] = { {"encode_spa_data", encode_spa_data, METH_VARARGS, "Encode the current context raw data to prepare for encryption"}, +//--DSS + {"encryption_type", encryption_type, METH_VARARGS, + "Return the assumed encryption type based on the encryptped data"}, + {"key_gen", key_gen, METH_VARARGS, + "Generate Rijndael and HMAC keys and base64 encode them"}, + {"base64_encode", base64_encode, METH_VARARGS, + "Base64 encode function"}, + {"base64_decode", base64_decode, METH_VARARGS, + "Base64 decode function"}, + {"verify_hmac", verify_hmac, METH_VARARGS, + "Generate HMAC for the data and verify it against the HMAC included with the data"}, + {"calculate_hmac", calculate_hmac, METH_VARARGS, + "Calculate the HMAC for the given data"}, + {"get_hmac_data", get_hmac_data, METH_VARARGS, + "Return the HMAC for the data in the current context"}, {"get_gpg_recipient", get_gpg_recipient, METH_VARARGS, "Returns the gpg_recipient string for this context"}, @@ -201,6 +251,8 @@ static PyMethodDef FKOMethods[] = { {"errstr", errstr, METH_VARARGS, "Returns the error message for the given error code"}, + {"gpg_errstr", gpg_errstr, METH_VARARGS, + "Returns the GPG error message for the given error code"}, {NULL, NULL, 0, NULL} }; @@ -245,6 +297,7 @@ init_ctx(PyObject *self, PyObject *args) return Py_BuildValue("k", ctx); } + /* init_ctx_with_data */ static PyObject * @@ -252,13 +305,19 @@ init_ctx_with_data(PyObject *self, PyObject *args) { fko_ctx_t ctx; char *spa_data; - char *key; + char *dec_key; + int dec_key_len; + int enc_mode; + char *hmac_key; + int hmac_key_len; int res; - if(!PyArg_ParseTuple(args, "sz", &spa_data, &key)) + if(!PyArg_ParseTuple(args, "ss#is#", &spa_data, &dec_key, &dec_key_len, + &enc_mode, &hmac_key, &hmac_key_len)) return NULL; - res = fko_new_with_data(&ctx, spa_data, key); + res = fko_new_with_data(&ctx, spa_data, dec_key, dec_key_len, enc_mode, + hmac_key, hmac_key_len); if(res != FKO_SUCCESS) { @@ -884,6 +943,172 @@ get_encoded_data(PyObject *self, PyObject *args) return Py_BuildValue("s", encoded_data); } +static PyObject * +get_raw_spa_digest_type(PyObject *self, PyObject *args) +{ + fko_ctx_t ctx; + short raw_digest_type; + int res; + + if(!PyArg_ParseTuple(args, "k", &ctx)) + return NULL; + + res = fko_get_raw_spa_digest_type(ctx, &raw_digest_type); + + if(res != FKO_SUCCESS) + { + PyErr_SetString(FKOError, fko_errstr(res)); + return NULL; + } + + return Py_BuildValue("h", raw_digest_type); +} + +static PyObject * +set_raw_spa_digest_type(PyObject *self, PyObject *args) +{ + fko_ctx_t ctx; + short raw_digest_type; + int res; + + if(!PyArg_ParseTuple(args, "kh", &ctx, &raw_digest_type)) + return NULL; + + res = fko_set_raw_spa_digest_type(ctx, raw_digest_type); + + if(res != FKO_SUCCESS) + { + PyErr_SetString(FKOError, fko_errstr(res)); + return NULL; + } + + return Py_BuildValue("", NULL); +} + +static PyObject * +get_raw_spa_digest(PyObject *self, PyObject *args) +{ + fko_ctx_t ctx; + char *raw_spa_digest; + int res; + + if(!PyArg_ParseTuple(args, "k", &ctx)) + return NULL; + + res = fko_get_raw_spa_digest(ctx, &raw_spa_digest); + + if(res != FKO_SUCCESS) + { + PyErr_SetString(FKOError, fko_errstr(res)); + return NULL; + } + + return Py_BuildValue("s", raw_spa_digest); +} + +static PyObject * +set_raw_spa_digest(PyObject *self, PyObject *args) +{ + fko_ctx_t ctx; + int res; + + if(!PyArg_ParseTuple(args, "k", &ctx)) + return NULL; + + res = fko_set_raw_spa_digest(ctx); + + if(res != FKO_SUCCESS) + { + PyErr_SetString(FKOError, fko_errstr(res)); + return NULL; + } + + return Py_BuildValue("", NULL); +} + +static PyObject * +get_spa_encryption_mode(PyObject *self, PyObject *args) +{ + fko_ctx_t ctx; + int encryption_mode; + int res; + + if(!PyArg_ParseTuple(args, "k", &ctx)) + return NULL; + + res = fko_get_spa_encryption_mode(ctx, &encryption_mode); + + if(res != FKO_SUCCESS) + { + PyErr_SetString(FKOError, fko_errstr(res)); + return NULL; + } + + return Py_BuildValue("h", encryption_mode); +} + +static PyObject * +set_spa_encryption_mode(PyObject *self, PyObject *args) +{ + fko_ctx_t ctx; + int encryption_mode; + int res; + + if(!PyArg_ParseTuple(args, "kh", &ctx, &encryption_mode)) + return NULL; + + res = fko_set_spa_encryption_mode(ctx, encryption_mode); + + if(res != FKO_SUCCESS) + { + PyErr_SetString(FKOError, fko_errstr(res)); + return NULL; + } + + return Py_BuildValue("", NULL); +} + +static PyObject * +get_spa_hmac_type(PyObject *self, PyObject *args) +{ + fko_ctx_t ctx; + short hmac_type; + int res; + + if(!PyArg_ParseTuple(args, "k", &ctx)) + return NULL; + + res = fko_get_spa_hmac_type(ctx, &hmac_type); + + if(res != FKO_SUCCESS) + { + PyErr_SetString(FKOError, fko_errstr(res)); + return NULL; + } + + return Py_BuildValue("h", hmac_type); +} + +static PyObject * +set_spa_hmac_type(PyObject *self, PyObject *args) +{ + fko_ctx_t ctx; + short hmac_type; + int res; + + if(!PyArg_ParseTuple(args, "kh", &ctx, &hmac_type)) + return NULL; + + res = fko_set_spa_hmac_type(ctx, hmac_type); + + if(res != FKO_SUCCESS) + { + PyErr_SetString(FKOError, fko_errstr(res)); + return NULL; + } + + return Py_BuildValue("", NULL); +} /***************************************************************************** * FKO other utility functions. @@ -894,13 +1119,18 @@ static PyObject * spa_data_final(PyObject *self, PyObject *args) { fko_ctx_t ctx; - char *key; + char *enc_key; + int enc_key_len; + char *hmac_key; + int hmac_key_len; int res; - if(!PyArg_ParseTuple(args, "ks", &ctx, &key)) + if(!PyArg_ParseTuple(args, "ks#s#", &ctx, &enc_key, &enc_key_len, + &hmac_key, &hmac_key_len)) return NULL; - res = fko_spa_data_final(ctx, key); + res = fko_spa_data_final(ctx, enc_key, enc_key_len, + hmac_key, hmac_key_len); if(res != FKO_SUCCESS) { @@ -918,12 +1148,13 @@ decrypt_spa_data(PyObject *self, PyObject *args) { fko_ctx_t ctx; char *key; + int key_len; int res; - if(!PyArg_ParseTuple(args, "ks", &ctx, &key)) + if(!PyArg_ParseTuple(args, "ks#", &ctx, &key, &key_len)) return NULL; - res = fko_decrypt_spa_data(ctx, key); + res = fko_decrypt_spa_data(ctx, key, key_len); if(res != FKO_SUCCESS) { @@ -941,12 +1172,13 @@ encrypt_spa_data(PyObject *self, PyObject *args) { fko_ctx_t ctx; char *key; + int key_len; int res; - if(!PyArg_ParseTuple(args, "ks", &ctx, &key)) + if(!PyArg_ParseTuple(args, "ks#", &ctx, &key, &key_len)) return NULL; - res = fko_encrypt_spa_data(ctx, key); + res = fko_encrypt_spa_data(ctx, key, key_len); if(res != FKO_SUCCESS) { @@ -1001,6 +1233,143 @@ encode_spa_data(PyObject *self, PyObject *args) return Py_BuildValue("", NULL); } +static PyObject * +encryption_type(PyObject *self, PyObject *args) +{ + char *spa_data; + int enc_type; + + if(!PyArg_ParseTuple(args, "s", &spa_data)) + return NULL; + + enc_type = fko_encryption_type(spa_data); + + return Py_BuildValue("i", enc_type); +} + +static PyObject * +key_gen(PyObject *self, PyObject *args) +{ + char *key_b64; + int key_b64_len; + char *hmac_key_b64; + int hmac_key_b64_len; + int hmac_type; + int res; + + if(!PyArg_ParseTuple(args, "s#s#i", &key_b64, &key_b64_len, + &hmac_key_b64, &hmac_key_b64_len, &hmac_type)) + return NULL; + + res = fko_key_gen(key_b64, key_b64_len, hmac_key_b64, hmac_key_b64_len, + hmac_type); + + if(res != FKO_SUCCESS) + { + PyErr_SetString(FKOError, fko_errstr(res)); + return NULL; + } + + return Py_BuildValue("", NULL); +} + +static PyObject * +base64_encode(PyObject *self, PyObject *args) +{ + unsigned char *in; + int in_len; + char *out; + int res; + + /* --DSS Note the order of args is different than the libfko call. + We need to do this for the following parse call. */ + if(!PyArg_ParseTuple(args, "s#s", &in, &in_len, &out)) + return NULL; + + res = fko_base64_encode(in, out, in_len); + + return Py_BuildValue("s", out); +} + +static PyObject * +base64_decode(PyObject *self, PyObject *args) +{ + char *in; + unsigned char *out; + int res; + + if(!PyArg_ParseTuple(args, "ss", &in, &out)) + return NULL; + + res = fko_base64_decode(in, out); + + return Py_BuildValue("s#", out, res); +} + +static PyObject * +verify_hmac(PyObject *self, PyObject *args) +{ + fko_ctx_t ctx; + char *hmac_key; + int hmac_key_len; + int res; + + if(!PyArg_ParseTuple(args, "ks#", &ctx, &hmac_key, &hmac_key_len)) + return NULL; + + res = fko_verify_hmac(ctx, hmac_key, hmac_key_len); + + if(res != FKO_SUCCESS) + { + PyErr_SetString(FKOError, fko_errstr(res)); + return NULL; + } + + return Py_BuildValue("", NULL); +} + +static PyObject * +calculate_hmac(PyObject *self, PyObject *args) +{ + fko_ctx_t ctx; + char *hmac_key; + int hmac_key_len; + int res; + + if(!PyArg_ParseTuple(args, "ks#", &ctx, &hmac_key, &hmac_key_len)) + return NULL; + + res = fko_calculate_hmac(ctx, hmac_key, hmac_key_len); + + if(res != FKO_SUCCESS) + { + PyErr_SetString(FKOError, fko_errstr(res)); + return NULL; + } + + return Py_BuildValue("", NULL); +} + +static PyObject * +get_hmac_data(PyObject *self, PyObject *args) +{ + fko_ctx_t ctx; + char *enc_data; + int res; + + if(!PyArg_ParseTuple(args, "k", &ctx)) + return NULL; + + res = fko_get_hmac_data(ctx, &enc_data); + + if(res != FKO_SUCCESS) + { + PyErr_SetString(FKOError, fko_errstr(res)); + return NULL; + } + + return Py_BuildValue("s", enc_data); +} /***************************************************************************** * FKO GPG-related functions. @@ -1441,4 +1810,20 @@ errstr(PyObject *self, PyObject *args) return Py_BuildValue("s", errmsg); } +/* gpg_errstr +*/ +static PyObject * +gpg_errstr(PyObject *self, PyObject *args) +{ + fko_ctx_t ctx; + const char *errmsg; + + if(!PyArg_ParseTuple(args, "k", &ctx)) + return NULL; + + errmsg = fko_gpg_errstr(ctx); + + return Py_BuildValue("s", errmsg); +} + /***EOF***/ diff --git a/python/setup.py b/python/setup.py index a55a9727..4b2a3866 100644 --- a/python/setup.py +++ b/python/setup.py @@ -15,14 +15,16 @@ from distutils.core import setup, Extension # fko_ext = Extension( '_fko', - define_macros = [('MAJOR_VERSION', '1'), ('MINOR_VERSION', '0')], + define_macros = [('MAJOR_VERSION', '1'), ('MINOR_VERSION', '5')], libraries = ['fko'], + library_dirs = ['/opt/local/lib'], + include_dirs = ['/opt/local/include'], sources = ['fkomodule.c'] ) setup ( name = 'fko', - version = '1.0', + version = '1.5', description = 'Wrapper for Fwknop library (libfko)', author = 'Damien S. Stuart', author_email = 'dstuart@dstuart.org', diff --git a/test/fko-wrapper/fko_wrapper.c b/test/fko-wrapper/fko_wrapper.c index 23e9ac5f..abe74fb3 100644 --- a/test/fko-wrapper/fko_wrapper.c +++ b/test/fko-wrapper/fko_wrapper.c @@ -93,8 +93,8 @@ int main(void) { } for (i=0; i