[python module] default to HMAC SHA256 when an HMAC key is used but no HMAC mode was specified

ChangeLog

@@ -1,13 +1,13 @@
 fwknop-2.6.4 (10//2014):
-    - Bug fix to ensure that a User-Agent string can be specified when the
-      fwknop client uses wget via SSL to resolve the external IP address. This
-      closes issue #134 on github reported by Barry Allard. The fwknop now
-      uses the wget '-U' option to specify the User-Agent string with a
-      default of "Fwknop/<version>". In addition, a new command line argument
-      "--use-wget-user-agent" to allow the default wget User-Agent string to
-      apply instead.
+    - [client] Bug fix to ensure that a User-Agent string can be specified
+      when the fwknop client uses wget via SSL to resolve the external IP
+      address. This closes issue #134 on github reported by Barry Allard. The
+      fwknop client now uses the wget '-U' option to specify the User-Agent
+      string with a default of "Fwknop/<version>". In addition, a new command
+      line argument "--use-wget-user-agent" to allow the default wget
+      User-Agent string to apply instead.
     - (Gerry Reno) Added support for firewalld to the fwknopd daemon on RHEL 7
-      CentOS 7. This is implemented using the current firewalld '--direct
+      and CentOS 7. This is implemented using the current firewalld '--direct
       --passthrough' capability which accepts raw iptables commands. More
       information on firewalld can be found here:
 
@@ -23,6 +23,9 @@ fwknop-2.6.4 (10//2014):
           BeagleBone Black rev C running 3.8.13-bone50 #1 SMP Tue May 13
           13:24:52 UTC 2014 armv7l GNU/Linux
 
+    - [python module] When an HMAC key is passed to spa_data_final() then
+      default to HMAC SHA256 if no HMAC mode was specified.
+
 fwknop-2.6.3 (07/28/2014):
     - [client] External IP resolution via '-R' (or '--resolve-ip-http') is now
       done via SSL by default. The IP resolution URL is now

python/fko.py

@@ -32,7 +32,7 @@ Example simple minimal fknop client:
 
     # Generate the final SPA data string.
     #
-    f.spa_data_final('put_pw_here')
+    f.spa_data_final('put_pw_here', 'put_hmac_pw_here')
 
     # Display the final SPA data string.
     #
@@ -563,7 +563,7 @@ class Fko:
         else:
             return _fko.get_raw_spa_digest(self.ctx)
 
-    def spa_encryption_mode(self, val=None):
+    def encryption_mode(self, val=None):
         """Get or set the spa_encryption mode
 
         This is an integer value. If no argument is given, the current value
@@ -575,6 +575,11 @@ class Fko:
         else:
             return _fko.get_spa_encryption_mode(self.ctx)
 
+    def spa_encryption_mode(self, val=None):
+        """Alias for encryption_mode() to maintain backwards compatibility
+        """
+        return self.encryption_mode(val)
+
     def hmac_type(self, val=None):
         """Get or set the spa_hmac_type
 
@@ -593,8 +598,13 @@ class Fko:
         This function is the final step in creating a complete encrypted
         SPA data string suitable for transmission to an fwknop server.  It
         does require all of the requisite SPA data fields be set. Otherwise,
-        it will fail and throw an fko.error exception.
+        it will fail and throw an fko.error exception. We do set the default
+        HMAC digest to SHA256 if an HMAC key was provided and the HMAC mode
+        was not already set.
         """
+        if hmac_key and not _fko.get_spa_hmac_type(self.ctx):
+            _fko.set_spa_hmac_type(self.ctx, FKO_HMAC_SHA256)
+
         _fko.spa_data_final(self.ctx, key, hmac_key)
 
     def gen_spa_data(self, key):
@@ -659,11 +669,6 @@ class Fko:
 
 # --DSS
 
-    def encryption_type(self, enc_data):
-        """Return the assumed encryption type based on the encryptped data
-        """
-        _fko.encryption_type(enc_data)
-
     def key_gen(self, keyb64, hmac_keyb64):
         """Generate Rijndael and HMAC keys and base64 encode them
         """
@@ -692,7 +697,7 @@ class Fko:
     def get_spa_hmac(self):
         """Return the HMAC for the data in the current context
         """
-        _fko.get_spa_hmac(self.ctx)
+        return _fko.get_spa_hmac(self.ctx)
 
 
     # GPG-related functions.

python/fkomodule.c

@@ -1282,14 +1282,13 @@ base64_encode(PyObject *self, PyObject *args)
     unsigned char *in;
     int in_len;
     char *out;
-    int res;
 
     /* --DSS Note the order of args is different than the libfko call.
              We need to do this for the following parse call. */
     if(!PyArg_ParseTuple(args, "s#s", &in, &in_len, &out))
         return NULL;
 
-    res = fko_base64_encode(in, out, in_len);
+    fko_base64_encode(in, out, in_len);
 
     return Py_BuildValue("s", out);
 }
@@ -1357,13 +1356,13 @@ static PyObject *
 get_spa_hmac(PyObject *self, PyObject *args)
 {
     fko_ctx_t ctx;
-    char *enc_data;
+    char *hmac_data;
     int res;
 
     if(!PyArg_ParseTuple(args, "k", &ctx))
         return NULL;
 
-    res = fko_get_spa_hmac(ctx, &enc_data);
+    res = fko_get_spa_hmac(ctx, &hmac_data);
 
     if(res != FKO_SUCCESS)
     {
@@ -1371,7 +1370,7 @@ get_spa_hmac(PyObject *self, PyObject *args)
         return NULL;
     }
 
-    return Py_BuildValue("s", enc_data);
+    return Py_BuildValue("s", hmac_data);
 }
 
 /*****************************************************************************

test/fko-python.py

@@ -32,6 +32,10 @@ def main():
     print "Version:", fko.version()
     print "Timestamp:", fko.timestamp()
     print "Username:", fko.username()
+    print "Encryption Type (value):", fko.encryption_type()
+    print "Encryption Type (string):", fko.encryption_type_str()
+    print "Encryption Mode (value):", fko.encryption_mode()
+    print "Encryption Mode (string):", fko.encryption_mode_str()
     print "Digest Type (value):", fko.digest_type()
     print "Digest Type (string):", fko.digest_type_str()
     print "Digest:", fko.spa_digest()