DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
885 Commits 15 Branches 0 Tags
Commit Graph

13 Commits

Author SHA1 Message Date
Michael Rash
22dde8eb35 SPA with HMAC SHA256 and SHA384 now works 
This is a fairly significant commit that lays the groundwork for getting
selectable HMAC modes working for both the client and server.  One libfko API
change was required so that the hmac_type is passed into fko_new_with_data().
This allows the server to set the hmac_type via access.conf stanzas.  The
effort in this commit will be extended to allow HMAC MD5, SHA1, and SHA512
also function properly.
 2013-03-10 14:26:05 -04:00
Michael Rash
6f45b2c3b1 added HMAC SHA384 and SHA512 support, bug fix to allow shorter HMAC key lengths than associated digest block size 2013-03-09 23:27:08 -05:00
Michael Rash
44d05a6916 interim commit for supporting multiple HMAC digest types (# 45) 2013-03-07 23:14:48 -05:00
Michael Rash
39ca73a245 [test suite] added OpenSSL HMAC verification (closes #39) 2013-03-05 23:29:46 -05:00
Damien Stuart
6ecf81b16e First round if refactoring to clean up header dependencies. 2013-03-02 17:03:20 -05:00
Michael Rash
6c2b657bfe [libfko] free dynamically allocated resources for multiple libfko fcn calls 2013-02-21 22:44:33 -05:00
Michael Rash
ce18de4f84 make libfko pointers constant where possible 2013-02-12 22:39:39 -05:00
Michael Rash
30acf93b72 Memory leak fix for HMAC verification 
This commit commit fixes a memory leak in the HMAC verification code found with
the test suite running in valgrind mode.  Here is the './test-fwknop.pl --diff'
output showing fko_verify_hmac() removed from the flagged functions list:

 [+] fwknop functions (unique view):
-        8 : ???
-        3 : main
-        3 : pcap_capture
-        1 : incoming_spa
+        7 : ???
+        2 : pcap_capture
+        2 : main
         1 : pcap_compile
-        1 : fko_new_with_data
-        1 : strndup
-        1 : fko_verify_hmac

 [+] fwknop functions (with call line numbers):
-        8 : ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.1.1)
-        3 : main (fwknopd.c:299)
-        1 : fko_new_with_data (fko_funcs.c:220)
-        1 : pcap_capture (pcap_capture.c:105)
-        1 : incoming_spa (incoming_spa.c:376)
-        1 : strndup (strndup.c:46)
+        7 : ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.1.1)
+        2 : main (fwknopd.c:299)
         1 : pcap_compile (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.1.1)
-        1 : pcap_capture (pcap_capture.c:226)
         1 : pcap_capture (pcap_capture.c:97)
-        1 : fko_verify_hmac (fko_hmac.c:54)
+        1 : pcap_capture (pcap_capture.c:105)
 2012-08-02 22:55:54 -04:00
Michael Rash
fd30a3491d minor variable rename LENGTH -> LEN, STRING_LENGTH -> STR_LEN 2012-07-29 21:57:05 -04:00
Michael Rash
a9cbd60327 [libfko] first HMAC-SHA256 implementation (includes test suite support) 2012-07-29 21:34:08 -04:00
Michael Rash
482e6f974c added msg_hmac_len and removed additional strlen() calls 2012-07-27 21:29:26 -04:00
Michael Rash
47e39272ed Make encrypt/decrypt code accept integer key lengths instead of using strlen() 
Now that encryptions keys and hmac keys may be acquired from /dev/random with
--key-gen (and base64 encoded), they may contain NULL bytes.  This emphasizes
the need to not leverage code that assumes C-style strings when making use of
key information.
 2012-07-10 21:44:06 -04:00
Michael Rash
92e403a242 added initial HMAC-SHA256 support for the client side 2012-07-02 23:50:45 -04:00