DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

Merge remote-tracking branch 'fjoncourt/hmac_support' into hmac_support

Browse Source 
Significant merge from Franck Joncourt to add the ability to save command line
args to ~/.fwknoprc stanzas.  This merge is in support of #4.

Conflicts:
	lib/fko_util.c
	lib/fko_util.h
This commit is contained in:
Michael Rash 2013-03-17 21:34:23 -04:00
commit c7b5611fa4
8 changed files with 924 additions and 214 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile.am
View File

@ -161,6 +161,7 @@ EXTRA_DIST = \
test/conf/hmac_sha384_long_key_access.conf \
test/conf/hmac_sha512_access.conf \
test/conf/hmac_sha512_short_key_access.conf \
test/conf/hmac_sha512_long_key_access.conf \
test/conf/hmac_simple_keys_access.conf \
test/conf/hmac_sha256_open_ports_access.conf \
test/conf/fwknoprc_default_hmac_base64_key \
@ -179,6 +180,7 @@ EXTRA_DIST = \
test/conf/fwknoprc_hmac_sha384_short_key \
test/conf/fwknoprc_hmac_sha512_key \
test/conf/fwknoprc_hmac_sha512_short_key \
test/conf/fwknoprc_hmac_sha512_long_key \
test/conf/fwknoprc_hmac_simple_keys \
test/conf/fwknoprc_invalid_base64_key \
test/conf/fwknoprc_named_key \

8
client/cmd_opts.h
View File

@ -41,6 +41,7 @@ enum {
NAT_RAND_PORT,
TIME_OFFSET_MINUS,
TIME_OFFSET_PLUS,
SAVE_RC_STANZA,
NO_SAVE_ARGS,
SHOW_LAST_ARGS,
RC_FILE_PATH,
@ -51,6 +52,9 @@ enum {
KEY_LEN,
HMAC_DIGEST_TYPE,
HMAC_KEY_LEN,
KEY_RIJNDAEL,
KEY_RIJNDAEL_BASE64,
KEY_HMAC_BASE64,
/* Put GPG-related items below the following line */
GPG_ENCRYPTION = 0x200,
GPG_RECIP_KEY,
@ -73,6 +77,7 @@ static struct option cmd_opts[] =
{"access", 1, NULL, 'A'},
{"save-packet-append", 0, NULL, 'b'},
{"save-packet", 1, NULL, 'B'},
{"save-rc-stanza", 0, NULL, SAVE_RC_STANZA},
{"no-save-args", 0, NULL, NO_SAVE_ARGS},
{"server-cmd", 1, NULL, 'C'},
{"digest-type", 1, NULL, FKO_DIGEST_NAME},
@ -90,6 +95,9 @@ static struct option cmd_opts[] =
{"http-proxy", 1, NULL, 'H'},
{"key-gen", 0, NULL, 'k'},
{"key-gen-file", 1, NULL, 'K'},
{"key-rijndael", 1, NULL, KEY_RIJNDAEL },
{"key-rijndael-base64", 1, NULL, KEY_RIJNDAEL_BASE64 },
{"key-hmac-base64", 1, NULL, KEY_HMAC_BASE64 },
{"key-len", 1, NULL, KEY_LEN},
{"hmac-key-len", 1, NULL, HMAC_KEY_LEN},
{"hmac-digest-type", 1, NULL, HMAC_DIGEST_TYPE},

889
client/config_init.c Normal file → Executable file
View File

File diff suppressed because it is too large Load Diff

13
client/fwknop.c
View File

@ -1147,6 +1147,9 @@ display_ctx(fko_ctx_t ctx)
char *hmac_data = NULL;
char *spa_digest = NULL;
char *spa_data = NULL;
char digest_str[MAX_LINE_LEN] = {0};
char hmac_str[MAX_LINE_LEN] = {0};
char enc_mode_str[MAX_LINE_LEN] = {0};
time_t timestamp = 0;
short msg_type = -1;
@ -1176,6 +1179,10 @@ display_ctx(fko_ctx_t ctx)
fko_get_spa_digest(ctx, &spa_digest);
fko_get_spa_data(ctx, &spa_data);
digest_inttostr(digest_type, digest_str, sizeof(digest_str));
hmac_digest_inttostr(hmac_type, hmac_str, sizeof(hmac_str));
enc_mode_inttostr(encryption_mode, enc_mode_str, sizeof(enc_mode_str));
printf("\nFKO Field Values:\n=================\n\n");
printf(" Random Value: %s\n", rand_val == NULL ? "<NULL>" : rand_val);
printf(" Username: %s\n", username == NULL ? "<NULL>" : username);
@ -1186,10 +1193,10 @@ display_ctx(fko_ctx_t ctx)
printf(" Nat Access: %s\n", nat_access == NULL ? "<NULL>" : nat_access);
printf(" Server Auth: %s\n", server_auth == NULL ? "<NULL>" : server_auth);
printf(" Client Timeout: %u (seconds)\n", client_timeout);
printf(" Digest Type: %d (%s)\n", digest_type, digest_inttostr(digest_type));
printf(" HMAC Type: %d (%s)\n", hmac_type, digest_inttostr(hmac_type));
printf(" Digest Type: %d (%s)\n", digest_type, digest_str);
printf(" HMAC Type: %d (%s)\n", hmac_type, hmac_str);
printf("Encryption Type: %d (%s)\n", encryption_type, enc_type_inttostr(encryption_type));
printf("Encryption Mode: %d (%s)\n", encryption_mode, enc_mode_inttostr(encryption_mode));
printf("Encryption Mode: %d (%s)\n", encryption_mode, enc_mode_str);
printf("\n Encoded Data: %s\n", enc_data == NULL ? "<NULL>" : enc_data);
printf("SPA Data Digest: %s\n", spa_digest == NULL ? "<NULL>" : spa_digest);
printf(" HMAC: %s\n", hmac_data == NULL ? "<NULL>" : hmac_data);

1
client/fwknop_common.h
View File

@ -156,6 +156,7 @@ typedef struct fko_cli_options
char use_rc_stanza[MAX_LINE_LEN];
unsigned char got_named_stanza;
unsigned char save_rc_stanza;
//char config_file[MAX_PATH_LEN];

182
lib/fko_util.c
View File

@ -63,6 +63,51 @@ digest_strtoint(const char *dt_str)
return(-1);
}
/**
* \brief Return a digest string according to a digest integer value
*
* This function checks the digest integer is valid, and write the digest
* string associated.
*
* \param digest Digest inetger value (FKO_DIGEST_MD5, FKO_DIGEST_SHA1 ...)
* \param digest_str Buffer to write the digest string
* \param digest_size size of the digest string buffer
*
* \return -1 if the digest integer value is not supported, 0 otherwise
*/
short
digest_inttostr(int digest, char* digest_str, size_t digest_size)
{
short digest_not_valid = 0;
memset(digest_str, 0, digest_size);
switch (digest)
{
case FKO_DIGEST_MD5:
strlcpy(digest_str, "MD5", digest_size);
break;
case FKO_DIGEST_SHA1:
strlcpy(digest_str, "SHA1", digest_size);
break;
case FKO_DIGEST_SHA256:
strlcpy(digest_str, "SHA256", digest_size);
break;
case FKO_DIGEST_SHA384:
strlcpy(digest_str, "SHA384", digest_size);
break;
case FKO_DIGEST_SHA512:
strlcpy(digest_str, "SHA512", digest_size);
break;
default:
strlcpy(digest_str, "Unknown", digest_size);
digest_not_valid = -1;
break;
}
return digest_not_valid;
}
short
hmac_digest_strtoint(const char *dt_str)
{
@ -95,33 +140,6 @@ enc_type_inttostr(const int type)
return("Unknown encryption type");
}
/* Return encryption mode string representation
*/
const char *
enc_mode_inttostr(const int mode)
{
if(mode == FKO_ENC_MODE_UNKNOWN)
return("Unknown encryption mode");
else if(mode == FKO_ENC_MODE_ECB)
return("ECB");
else if(mode == FKO_ENC_MODE_CBC)
return("CBC");
else if(mode == FKO_ENC_MODE_CFB)
return("CFB");
else if(mode == FKO_ENC_MODE_PCBC)
return("PCBC");
else if(mode == FKO_ENC_MODE_OFB)
return("OFB");
else if(mode == FKO_ENC_MODE_CTR)
return("CTR");
else if(mode == FKO_ENC_MODE_ASYMMETRIC)
return("Asymmetric");
else if(mode == FKO_ENC_MODE_CBC_LEGACY_IV)
return("CBC legacy initialization vector");
return("Unknown encryption mode");
}
/* Return message type string representation
*/
const char *
@ -145,23 +163,49 @@ msg_type_inttostr(const int type)
return("Unknown message type");
}
/* Return digest string representation
*/
const char *
digest_inttostr(const int type)
/**
* \brief Return a hmac digest string according to a hmac digest integer value
*
* This function checks if the digest integer is valid, and write the digest
* string associated.
*
* \param digest Digest inetger value (FKO_HMAC_MD5, FKO_HMAC_SHA1 ...)
* \param digest_str Buffer to write the digest string
* \param digest_size size of the digest string buffer
*
* \return -1 if the digest integer value is not supported, 0 otherwise
*/
short
hmac_digest_inttostr(int digest, char* digest_str, size_t digest_size)
{
if(type == FKO_DIGEST_MD5 || type == FKO_HMAC_MD5)
return("MD5");
else if(type == FKO_DIGEST_SHA1 || type == FKO_HMAC_SHA1)
return("SHA1");
else if(type == FKO_DIGEST_SHA256 || type == FKO_HMAC_SHA256)
return("SHA256");
else if(type == FKO_DIGEST_SHA384 || type == FKO_HMAC_SHA384)
return("SHA384");
else if(type == FKO_DIGEST_SHA512 || type == FKO_HMAC_SHA512)
return("SHA512");
short digest_not_valid = 0;
return("Unknown digest type");
memset(digest_str, 0, digest_size);
switch (digest)
{
case FKO_HMAC_MD5:
strlcpy(digest_str, "MD5", digest_size);
break;
case FKO_HMAC_SHA1:
strlcpy(digest_str, "SHA1", digest_size);
break;
case FKO_HMAC_SHA256:
strlcpy(digest_str, "SHA256", digest_size);
break;
case FKO_HMAC_SHA384:
strlcpy(digest_str, "SHA384", digest_size);
break;
case FKO_HMAC_SHA512:
strlcpy(digest_str, "SHA512", digest_size);
break;
default:
strlcpy(digest_str, "Unknown", digest_size);
digest_not_valid = -1;
break;
}
return digest_not_valid;
}
/* Validate plaintext input size
@ -198,6 +242,60 @@ enc_mode_strtoint(const char *enc_mode_str)
return(-1);
}
/**
* \brief Return an encryption mode string according to an enc_mode integer value
*
* This function checks if the encryption mode integer is valid, and write the
* encryption mode string associated.
*
* \param enc_mode Encryption mode inetger value (FKO_ENC_MODE_CBC, FKO_ENC_MODE_ECB ...)
* \param enc_mode_str Buffer to write the encryption mode string
* \param enc_mode_size size of the encryption mode string buffer
*
* \return -1 if the encryption mode integer value is not supported, 0 otherwise
*/
short
enc_mode_inttostr(int enc_mode, char* enc_mode_str, size_t enc_mode_size)
{
short enc_mode_not_valid = 0;
memset(enc_mode_str, 0, enc_mode_size);
switch (enc_mode)
{
case FKO_ENC_MODE_CBC :
strlcpy(enc_mode_str, "CBC", enc_mode_size);
break;
case FKO_ENC_MODE_ECB :
strlcpy(enc_mode_str, "ECB", enc_mode_size);
break;
case FKO_ENC_MODE_CFB :
strlcpy(enc_mode_str, "CFB", enc_mode_size);
break;
case FKO_ENC_MODE_PCBC :
//strlcpy(enc_mode_str, "PCBC", enc_mode_size);
enc_mode_not_valid = -1;
break;
case FKO_ENC_MODE_OFB :
strlcpy(enc_mode_str, "OFB", enc_mode_size);
break;
case FKO_ENC_MODE_CTR :
strlcpy(enc_mode_str, "CTR", enc_mode_size);
break;
case FKO_ENC_MODE_CBC_LEGACY_IV:
strlcpy(enc_mode_str, "CBC legacy IV", enc_mode_size);
break;
case FKO_ENC_MODE_ASYMMETRIC:
strlcpy(enc_mode_str, "Asymmetric", enc_mode_size);
break;
default:
enc_mode_not_valid = -1;
break;
}
return enc_mode_not_valid;
}
int
strtol_wrapper(const char * const str, const int min,
const int max, const int exit_upon_err, int *err)

30
lib/fko_util.h
View File

@ -33,21 +33,23 @@
/* Function prototypes
*/
int is_valid_encoded_msg_len(const int len);
int is_valid_pt_msg_len(const int len);
int is_valid_digest_len(const int len);
int enc_mode_strtoint(const char *enc_mode_str);
int strtol_wrapper(const char * const str, const int min,
const int max, const int exit_upon_err, int *is_err);
const char * msg_type_inttostr(const int type);
short digest_strtoint(const char *dt_str);
const char * enc_type_inttostr(const int type);
const char * enc_mode_inttostr(const int mode);
const char * digest_inttostr(const int type);
short hmac_digest_strtoint(const char *dt_str);
int is_valid_encoded_msg_len(const int len);
int is_valid_pt_msg_len(const int len);
int is_valid_digest_len(const int len);
int enc_mode_strtoint(const char *enc_mode_str);
short enc_mode_inttostr(int enc_mode, char* enc_mode_str, size_t enc_mode_size);
int strtol_wrapper(const char * const str, const int min,
const int max, const int exit_upon_err, int *is_err);
short digest_strtoint(const char *dt_str);
short digest_inttostr(int digest, char* digest_str, size_t digest_size);
short hmac_digest_strtoint(const char *dt_str);
short hmac_digest_inttostr(int digest, char* digest_str, size_t digest_size);
size_t strlcat(char *dst, const char *src, size_t siz);
size_t strlcpy(char *dst, const char *src, size_t siz);
const char * enc_type_inttostr(const int type);
const char * msg_type_inttostr(const int type);
size_t strlcat(char *dst, const char *src, size_t siz);
size_t strlcpy(char *dst, const char *src, size_t siz);
#endif /* FKO_UTIL_H */

13
server/utils.c
View File

@ -87,6 +87,9 @@ dump_ctx(fko_ctx_t ctx)
char *hmac_data = NULL;
char *spa_digest = NULL;
char *spa_data = NULL;
char digest_str[MAX_LINE_LEN] = {0};
char hmac_str[MAX_LINE_LEN] = {0};
char enc_mode_str[MAX_LINE_LEN] = {0};
time_t timestamp = 0;
short msg_type = -1;
@ -116,6 +119,10 @@ dump_ctx(fko_ctx_t ctx)
fko_get_spa_digest(ctx, &spa_digest);
fko_get_spa_data(ctx, &spa_data);
digest_inttostr(digest_type, digest_str, sizeof(digest_str));
hmac_digest_inttostr(hmac_type, hmac_str, sizeof(hmac_str));
enc_mode_inttostr(encryption_mode, enc_mode_str, sizeof(enc_mode_str));
memset(buf, 0x0, CTX_DUMP_BUFSIZE);
ndx = buf;
@ -140,13 +147,13 @@ dump_ctx(fko_ctx_t ctx)
ndx += cp;
cp = sprintf(ndx, " Client Timeout: %u\n", client_timeout);
ndx += cp;
cp = sprintf(ndx, " Digest Type: %u (%s)\n", digest_type, digest_inttostr(digest_type));
cp = sprintf(ndx, " Digest Type: %u (%s)\n", digest_type, digest_str);
ndx += cp;
cp = sprintf(ndx, " HMAC Type: %u (%s)\n", hmac_type, digest_inttostr(hmac_type));
cp = sprintf(ndx, " HMAC Type: %u (%s)\n", hmac_type, hmac_str);
ndx += cp;
cp = sprintf(ndx, "Encryption Type: %d (%s)\n", encryption_type, enc_type_inttostr(encryption_type));
ndx += cp;
cp = sprintf(ndx, "Encryption Mode: %d (%s)\n", encryption_mode, enc_mode_inttostr(encryption_mode));
cp = sprintf(ndx, "Encryption Mode: %d (%s)\n", encryption_mode, enc_mode_str);
ndx += cp;
cp = sprintf(ndx, " Encoded Data: %s\n", enc_data == NULL ? "<NULL>" : enc_data);
ndx += cp;