added initial HMAC-SHA256 support for the client side

2012-07-02 23:50:45 -04:00
parent 3095f0ee43
commit 92e403a242
22 changed files with 744 additions and 77 deletions
--- a/server/access.c
+++ b/server/access.c
@@ -581,6 +581,9 @@ free_acc_stanza_data(acc_stanza_t *acc)
    if(acc->key_base64 != NULL)
        free(acc->key_base64);

+    if(acc->hmac_key != NULL)
+        free(acc->hmac_key);
+
    if(acc->hmac_key_base64 != NULL)
        free(acc->hmac_key_base64);

--- a/server/fwknopd_common.h
+++ b/server/fwknopd_common.h
@@ -268,6 +268,7 @@ typedef struct acc_stanza
    acc_port_list_t     *rport_list;
    char                *key;
    char                *key_base64;
+    char                *hmac_key;
    char                *hmac_key_base64;
    int                 fw_access_timeout;
    unsigned char       enable_cmd_exec;
--- a/server/incoming_spa.c
+++ b/server/incoming_spa.c
@@ -241,12 +241,7 @@ incoming_spa(fko_srv_options_t *opts)

        if(enc_type == FKO_ENCRYPTION_RIJNDAEL)
        {
-            if(acc->key != NULL)
-            {
-                res = fko_new_with_data(&ctx,
-                    (char *)spa_pkt->packet_data, acc->key, acc->encryption_mode);
-            }
-            else if (acc->key_base64 != NULL)
+            if (acc->key_base64 != NULL)
            {
                if ((acc->key = strdup(acc->key_base64)) == NULL)
                {
@@ -258,10 +253,8 @@ incoming_spa(fko_srv_options_t *opts)
                }
                memset(acc->key, 0x0, strlen(acc->key_base64));
                fko_base64_decode(acc->key_base64, (unsigned char *) acc->key);
-                res = fko_new_with_data(&ctx,
-                    (char *)spa_pkt->packet_data, acc->key, acc->encryption_mode);
            }
-            else
+            if (acc->key == NULL)
            {
                log_msg(LOG_ERR,
                    "(stanza #%d) No KEY for RIJNDAEL encrypted messages",
@@ -270,6 +263,23 @@ incoming_spa(fko_srv_options_t *opts)
                acc = acc->next;
                continue;
            }
+
+            if (acc->hmac_key_base64 != NULL)
+            {
+                if ((acc->hmac_key = strdup(acc->hmac_key_base64)) == NULL)
+                {
+                    log_msg(LOG_ERR,
+                        "Fatal memory allocation error copying hmac_key_base64 -> hmac_key: %s",
+                        acc->hmac_key_base64
+                    );
+                    exit(EXIT_FAILURE);
+                }
+                memset(acc->hmac_key, 0x0, strlen(acc->hmac_key_base64));
+                fko_base64_decode(acc->hmac_key_base64, (unsigned char *) acc->hmac_key);
+            }
+
+            res = fko_new_with_data(&ctx, (char *)spa_pkt->packet_data,
+                acc->key, acc->encryption_mode, acc->hmac_key);
        }
        else if(enc_type == FKO_ENCRYPTION_GPG)
        {
@@ -279,7 +289,7 @@ incoming_spa(fko_srv_options_t *opts)
            if(acc->gpg_decrypt_pw != NULL)
            {
                res = fko_new_with_data(&ctx, (char *)spa_pkt->packet_data, NULL,
-                        acc->encryption_mode);
+                        acc->encryption_mode, NULL);
                if(res != FKO_SUCCESS)
                {
                    log_msg(LOG_WARNING,