Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

merged android4.4_support branch

  • Loading branch information...
commit a347be354d646d29e304f668eb5aa8f94863d18d 2 parents 551b243 + bd0b8a1
Michael Rash authored
Showing with 335 additions and 552 deletions.
  1. +7 −0 CREDITS
  2. +3 −0  ChangeLog
  3. +6 −3 Makefile.am
  4. +35 −0 android/README
  5. +1 −1  android/project/AndroidManifest.xml
  6. +22 −0 android/project/ant.properties
  7. +0 −16 android/project/build-4.1.2.properties
  8. +0 −16 android/project/build.properties
  9. +78 −51 android/project/build.xml
  10. +25 −0 android/project/custom_rules.xml
  11. +0 −11 android/project/default.properties
  12. +2 −1  android/project/jni/Android.mk
  13. +0 −286 android/project/jni/fwknop/fko.h
  14. +0 −67 android/project/jni/fwknop/fko_limits.h
  15. +0 −44 android/project/jni/fwknop/fko_message.h
  16. +25 −3 android/project/jni/fwknop/fwknop_client.c
  17. +37 −0 android/project/jni/fwknop/get_libfko_header.sh
  18. +14 −0 android/project/project.properties
  19. +22 −0 android/project/res/layout/main.xml
  20. +3 −0  android/project/sdk.paths
  21. +13 −0 android/project/src/com/max2idea/android/fwknop/Fwknop.java
  22. +0 −52 android/project/src/com/max2idea/android/fwknop/R.java
  23. +1 −1  test/conf/android_access.conf
  24. +4 −0 test/conf/hmac_android_access.conf
  25. +1 −0  test/test-fwknop.pl
  26. +18 −0 test/tests/rijndael_backwards_compatibility.pl
  27. +18 −0 test/tests/rijndael_hmac.pl
7 CREDITS
View
@@ -168,3 +168,10 @@ Marek Wrzosek
in for key derivation used by PBKDF1 in Rjindael CBC mode.
- Various excellent feedback on crypto design, including the need to remove
the GPG_IGNORE_SIG_VERIFY_ERROR mode.
+
+Gerry Reno
+ - Updated the Android client to be compatible with Android-4.4.
+ - Provided guidance on Android client issues along with testing candidate
+ patches to update various things - this work is being tracked in the
+ android4.4_support branch.
+
3  ChangeLog
View
@@ -26,6 +26,9 @@ fwknop-2.6.0 (01//2014):
recommended to use HMAC authenticated encryption whenever possible even
for GPG modes since this also provides a work around even for libfko
prior to this fix.
+ - [Android] (Gerry Reno) Updated the Android client to be compatible with
+ Android-4.4.
+ - [Android] Added HMAC support (currently optional).
- [server] Updated pcap_dispatch() default packet count from zero to 100.
This change was made to ensure backwards compatibility with older
versions of libpcap per the pcap_dispatch() man page, and also because
9 Makefile.am
View
@@ -19,10 +19,12 @@ EXTRA_DIST = \
android/COPYING \
android/Application.mk \
android/README \
- android/project/src/com/max2idea/android/fwknop/R.java \
android/project/src/com/max2idea/android/fwknop/Fwknop.java \
+ android/project/project.properties \
+ android/project/sdk.paths \
+ android/project/ant.properties \
android/project/build.xml \
- android/project/default.properties \
+ android/project/custom_rules.xml \
android/project/res/values/strings.xml \
android/project/res/drawable-hdpi/icon.png \
android/project/res/drawable-mdpi/icon.png \
@@ -38,10 +40,10 @@ EXTRA_DIST = \
android/project/nbproject/private/private.xml \
android/project/nbproject/private/config.properties \
android/project/nbproject/genfiles.properties \
- android/project/build.properties \
android/project/AndroidManifest.xml \
android/project/jni/fwknop/fwknop_client.c \
android/project/jni/fwknop/fwknop_client.h \
+ android/project/jni/fwknop/get_libfko_header.sh \
android/project/jni/fwknop/send_spa_packet.c \
android/project/jni/config.h \
android/project/jni/libfwknop/README \
@@ -127,6 +129,7 @@ EXTRA_DIST = \
test/conf/server-gpg-no-pw/pubring.gpg \
test/conf/server-gpg-no-pw/secring.gpg \
test/conf/server-gpg-no-pw/trustdb.gpg \
+ test/conf/hmac_android_access.conf \
test/conf/android_access.conf \
test/conf/android_legacy_iv_access.conf \
test/conf/base64_key_access.conf \
35 android/README
View
@@ -6,6 +6,41 @@ Max Kastanas <max2idea@users.sourceforge.net>
Based on fwknop C implementation by Damien Stuart
===============================================================================
+- For those that are interested in Android development for the fwknop project,
+the ./project/sdk.paths file is meant to provide JAVE_HOME and PATH definitions
+for the local JVM and the Android SDK and NDK installations. The general work
+flow is to first update the paths in in the sdk.paths file to point to the
+correct directories on your system, and you will also need to similarly update
+the sdk.dir and ndk.dir paths in the ./android/project/ant.properties file.
+Then:
+
+$ source ./project/sdk.paths
+
+- Then, start up the Android SDK:
+
+$ android &
+
+- Now, make updates to the fwknop/android/project/ files if implementing new
+functionality or fixing bugs. Then, with an Android emulator running:
+
+$ cd ./project
+$ ant clean
+$ ant debug
+$ adb install -r bin/fwknop-android-debug.apk
+
+ - or -
+
+$ cd ./project
+$ ant clean
+$ ant release
+$ adb install bin/fwknop-android-release-unsigned.apk
+
+- With the new Android app installed now in the emulator, you can fire it up
+and use it to send SPA packets.
+
+
+### Legacy instructions follow: ###
+
1. Requirements:
a. Apache Ant (1.7.1)
2  android/project/AndroidManifest.xml
View
@@ -14,6 +14,6 @@
</intent-filter>
</activity>
</application>
- <uses-sdk android:minSdkVersion="5" android:targetSdkVersion="8"/>
+ <uses-sdk android:minSdkVersion="5" android:targetSdkVersion="19"/>
<uses-permission android:name="android.permission.INTERNET" />
</manifest>
22 android/project/ant.properties
View
@@ -0,0 +1,22 @@
+# This file is used to override default values used by the Ant build system.
+#
+# This file must be checked into Version Control Systems, as it is
+# integral to the build system of your project.
+
+# This file is only used by the Ant script.
+
+# You can use this to override default values such as
+# 'source.dir' for the location of your java source folder and
+# 'out.dir' for the location of your output folder.
+
+# You can also use it define how the release builds are signed by declaring
+# the following properties:
+# 'key.store' for the location of your keystore and
+# 'key.alias' for the name of the key to use.
+# The password will be asked during the build when you use the 'release' target.
+
+# location of the SDK. This is only used by Ant
+# For customization when using a Version Control System, please read the
+# header note.
+sdk.dir=/home/mbr/android/android-sdk-linux
+ndk.dir=/home/mbr/android/android-ndk-r9b
16 android/project/build-4.1.2.properties
View
@@ -1,16 +0,0 @@
-# SDK paths
-sdk.dir=/home/mbr/src/android-sdk-linux
-ndk.dir=/home/mbr/src/android-ndk-r8b
-
-# if you want to deploy to a website#
-#deploy.dir=/home/yourname/public_html
-
-# Currently platform supported is Android 7 (2.1)
-platforms.Android_fwknop.aapt=${sdk.dir}/platform-tools/aapt
-platforms.Android_fwknop.adb=${sdk.dir}/platform-tools/adb
-platforms.Android_fwknop.apkbuilder=${sdk.dir}/tools/apkbuilder
-platforms.Android_fwknop.bootclasspath=${platforms.Android_fwknop.home}/android.jar
-platforms.Android_fwknop.bootclasspath0=${platforms.Android_fwknop.home}/android.jar
-platforms.Android_fwknop.dx=${sdk.dir}/platform-tools/dx
-platforms.Android_fwknop.emulator=${sdk.dir}/tools/emulator
-platforms.Android_fwknop.home=${sdk.dir}/platforms/android-16
16 android/project/build.properties
View
@@ -1,16 +0,0 @@
-# SDK paths
-sdk.dir=/home/dstuart/android-sdk-linux_86
-ndk.dir=/home/dstuart/android-ndk-r5
-
-# if you want to deploy to a website#
-#deploy.dir=/home/yourname/public_html
-
-# Currently platform supported is Android 7 (2.1)
-platforms.Android2.1.aapt=${platforms.Android2.1.home}/tools/aapt
-platforms.Android2.1.adb=${sdk.dir}/tools/adb
-platforms.Android2.1.apkbuilder=${sdk.dir}/tools/apkbuilder
-platforms.Android2.1.bootclasspath=${platforms.Android2.1.home}/android.jar
-platforms.Android2.1.bootclasspath0=${platforms.Android2.1.home}/android.jar
-platforms.Android2.1.dx=${platforms.Android2.1.home}/tools/dx
-platforms.Android2.1.emulator=${sdk.dir}/tools/emulator
-platforms.Android2.1.home=${sdk.dir}/platforms/android-7
129 android/project/build.xml
View
@@ -1,67 +1,94 @@
<?xml version="1.0" encoding="UTF-8"?>
-<project name="fwknop-android" default="jar">
+<project name="fwknop-android" default="help">
+<!--
<import file="nbproject/build-impl.xml"/>
+-->
<!-- The local.properties file is created and updated by the 'android' tool.
- It contains the path to the SDK. It should *NOT* be checked in in Version
- Control Systems. -->
+ It contains the path to the SDK. It should *NOT* be checked into
+ Version Control Systems. -->
<property file="local.properties" />
- <!-- The build.properties file can be created by you and is never touched
- by the 'android' tool. This is the place to change some of the default property values
- used by the Ant rules.
+ <!-- The ant.properties file can be created by you. It is only edited by the
+ 'android' tool to add properties to it.
+ This is the place to change some Ant specific build properties.
Here are some properties you may want to change/update:
- application.package
- the name of your application package as defined in the manifest. Used by the
- 'uninstall' rule.
source.dir
- the name of the source directory. Default is 'src'.
+ The name of the source directory. Default is 'src'.
out.dir
- the name of the output directory. Default is 'bin'.
+ The name of the output directory. Default is 'bin'.
- Properties related to the SDK location or the project target should be updated
- using the 'android' tool with the 'update' action.
+ For other overridable properties, look at the beginning of the rules
+ files in the SDK, at tools/ant/build.xml
- This file is an integral part of the build system for your application and
- should be checked in in Version Control Systems.
+ Properties related to the SDK location or the project target should
+ be updated using the 'android' tool with the 'update' action.
+
+ This file is an integral part of the build system for your
+ application and should be checked into Version Control Systems.
-->
- <property file="build.properties" />
-
- <!-- The default.properties file is created and updated by the 'android' tool, as well
- as ADT.
- This file is an integral part of the build system for your application and
- should be checked in in Version Control Systems. -->
- <property file="default.properties" />
-
- <!-- Custom Android task to deal with the project target, and import the proper rules.
- This requires ant 1.6.0 or above. -->
- <path id="android.antlibs">
- <pathelement path="${sdk.dir}/tools/lib/anttasks.jar" />
- <pathelement path="${sdk.dir}/tools/lib/sdklib.jar" />
- <pathelement path="${sdk.dir}/tools/lib/androidprefs.jar" />
- <pathelement path="${sdk.dir}/tools/lib/apkbuilder.jar" />
- <pathelement path="${sdk.dir}/tools/lib/jarutils.jar" />
- </path>
-
-<!-- <taskdef name="setup"
- classname="com.android.ant.SetupTask"
- classpathref="android.antlibs" />-->
-
- <!-- Execute the Android Setup task that will setup some properties specific to the target,
- and import the build rules files.
-
- The rules file is imported from
- <SDK>/platforms/<target_platform>/templates/android_rules.xml
-
- To customize some build steps for your project:
- - copy the content of the main node <project> from android_rules.xml
- - paste it in this build.xml below the <setup /> task.
- - disable the import by changing the setup task below to <setup import="false" />
-
- This will ensure that the properties are setup correctly but that your customized
- build steps are used.
+ <property file="ant.properties" />
+
+ <!-- if sdk.dir was not set from one of the property file, then
+ get it from the ANDROID_HOME env var.
+ This must be done before we load project.properties since
+ the proguard config can use sdk.dir -->
+ <property environment="env" />
+ <condition property="sdk.dir" value="${env.ANDROID_HOME}">
+ <isset property="env.ANDROID_HOME" />
+ </condition>
+
+ <!-- The project.properties file is created and updated by the 'android'
+ tool, as well as ADT.
+
+ This contains project specific properties such as project target, and library
+ dependencies. Lower level build properties are stored in ant.properties
+ (or in .classpath for Eclipse projects).
+
+ This file is an integral part of the build system for your
+ application and should be checked into Version Control Systems. -->
+ <loadproperties srcFile="project.properties" />
+
+ <!-- quick check on sdk.dir -->
+ <fail
+ message="sdk.dir is missing. Make sure to generate local.properties using 'android update project' or to inject it through the ANDROID_HOME environment variable."
+ unless="sdk.dir"
+ />
+
+ <!--
+ Import per project custom build rules if present at the root of the project.
+ This is the place to put custom intermediary targets such as:
+ -pre-build
+ -pre-compile
+ -post-compile (This is typically used for code obfuscation.
+ Compiled code location: ${out.classes.absolute.dir}
+ If this is not done in place, override ${out.dex.input.absolute.dir})
+ -post-package
+ -post-build
+ -pre-clean
+ -->
+ <import file="custom_rules.xml" optional="true" />
+
+ <!-- Import the actual build file.
+
+ To customize existing targets, there are two options:
+ - Customize only one target:
+ - copy/paste the target into this file, *before* the
+ <import> task.
+ - customize it to your needs.
+ - Customize the whole content of build.xml
+ - copy/paste the content of the rules files (minus the top node)
+ into this file, replacing the <import> task.
+ - customize to your needs.
+
+ ***********************
+ ****** IMPORTANT ******
+ ***********************
+ In all cases you must update the value of version-tag below to read 'custom' instead of an integer,
+ in order to avoid having your file be overridden by tools such as "android update project"
-->
- <!--<setup />-->
+ <!-- version-tag: 1 -->
+ <import file="${sdk.dir}/tools/ant/build.xml" />
</project>
25 android/project/custom_rules.xml
View
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project name="fwknop-android_custom_rules" default="help">
+ <target name="-pre-build" depends="get-libfko-files, get-libfko-header">
+ <exec executable="${ndk.dir}/ndk-build" failonerror="true"/>
+ </target>
+
+ <target name="clean" depends="android_rules.clean">
+ <exec executable="${ndk.dir}/ndk-build" failonerror="true">
+ <arg value="clean"/>
+ </exec>
+ </target>
+
+ <target name="get-libfko-files">
+ <echo>Copying ../../lib files to ./jni/libfwknop</echo>
+ <exec dir="./jni/libfwknop" executable="./get_libfko_files.sh">
+ </exec>
+ </target>
+
+ <target name="get-libfko-header">
+ <echo>Copying ../../lib/fko.h file to ./jni/fwknop</echo>
+ <exec dir="./jni/fwknop" executable="./get_libfko_header.sh">
+ </exec>
+ </target>
+</project>
+
11 android/project/default.properties
View
@@ -1,11 +0,0 @@
-# This file is automatically generated by Android Tools.
-# Do not modify this file -- YOUR CHANGES WILL BE ERASED!
-#
-# This file must be checked in Version Control Systems.
-#
-# To customize properties used by the Ant build system use,
-# "build.properties", and override values to adapt the script to your
-# project structure.
-
-# Project target.
-target=Google Inc.:Google APIs:7
3  android/project/jni/Android.mk
View
@@ -19,11 +19,12 @@ LOCAL_PATH:= $(call my-dir)
include $(CLEAR_VARS)
LOCAL_MODULE := libfwknop
+
LOCAL_CFLAGS := -W -g -DHAVE_CONFIG_H \
+ -I$(LOCAL_PATH)/../../../common \
-I$(LOCAL_PATH) \
-I$(LOCAL_PATH)/fwknop \
-I$(LOCAL_PATH)/libfwknop
-
LOCAL_SRC_FILES := $(shell cd $(LOCAL_PATH); \
find ./fwknop/ -type f -name '*.c'; \
find ./libfwknop/ -type f -name '*.c'; \
286 android/project/jni/fwknop/fko.h
View
@@ -1,286 +0,0 @@
-/*
- *****************************************************************************
- *
- * File: fko.h
- *
- * Author: Damien S. Stuart
- *
- * Purpose: Header for libfko.
- *
- * Copyright 2009-2013 Damien Stuart (dstuart@dstuart.org)
- *
- * License (GNU General Public License):
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- * USA
- *
- *****************************************************************************
-*/
-#ifndef FKO_H
-#define FKO_H 1
-
-#include <time.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef WIN32
- #ifdef DLL_EXPORTS
- #define DLL_API __declspec(dllexport)
- #else
- #ifdef DLL_IMPORTS
- #define DLL_API __declspec(dllimport)
- #else
- #define DLL_API
- #endif
- #endif
-#else
- #define DLL_API
-#endif
-
-/* General params
-*/
-#define FKO_PROTOCOL_VERSION "2.0.4" /* The fwknop protocol version */
-
-/* Supported FKO Message types...
-*/
-typedef enum {
- FKO_COMMAND_MSG = 0,
- FKO_ACCESS_MSG,
- FKO_NAT_ACCESS_MSG,
- FKO_CLIENT_TIMEOUT_ACCESS_MSG,
- FKO_CLIENT_TIMEOUT_NAT_ACCESS_MSG,
- FKO_LOCAL_NAT_ACCESS_MSG,
- FKO_CLIENT_TIMEOUT_LOCAL_NAT_ACCESS_MSG,
- FKO_LAST_MSG_TYPE /* Always leave this as the last one */
-} fko_message_type_t;
-
-/* Supported digest types...
-*/
-typedef enum {
- FKO_DIGEST_INVALID_DATA = -1,
- FKO_DIGEST_UNKNOWN = 0,
- FKO_DIGEST_MD5,
- FKO_DIGEST_SHA1,
- FKO_DIGEST_SHA256,
- FKO_DIGEST_SHA384,
- FKO_DIGEST_SHA512,
- FKO_LAST_DIGEST_TYPE /* Always leave this as the last one */
-} fko_digest_type_t;
-
-/* Supported encryption types...
-*/
-typedef enum {
- FKO_ENCRYPTION_INVALID_DATA = -1,
- FKO_ENCRYPTION_UNKNOWN = 0,
- FKO_ENCRYPTION_RIJNDAEL,
- FKO_ENCRYPTION_GPG,
- FKO_LAST_ENCRYPTION_TYPE /* Always leave this as the last one */
-} fko_encryption_type_t;
-
-/* FKO ERROR_CODES
- *
- * Note: If you change this list in any way, please be sure to make the
- * appropriate corresponding change to the error message list in
- * fko_error.c.
-*/
-typedef enum {
- FKO_SUCCESS = 0,
- FKO_ERROR_CTX_NOT_INITIALIZED,
- FKO_ERROR_MEMORY_ALLOCATION,
- FKO_ERROR_FILESYSTEM_OPERATION,
- FKO_ERROR_INVALID_DATA,
- FKO_ERROR_DATA_TOO_LARGE,
- FKO_ERROR_USERNAME_UNKNOWN,
- FKO_ERROR_INCOMPLETE_SPA_DATA,
- FKO_ERROR_MISSING_ENCODED_DATA,
- FKO_ERROR_INVALID_DIGEST_TYPE,
- FKO_ERROR_INVALID_ALLOW_IP,
- FKO_ERROR_INVALID_SPA_COMMAND_MSG,
- FKO_ERROR_INVALID_SPA_ACCESS_MSG,
- FKO_ERROR_INVALID_SPA_NAT_ACCESS_MSG,
- FKO_ERROR_INVALID_ENCRYPTION_TYPE,
- FKO_ERROR_WRONG_ENCRYPTION_TYPE,
- FKO_ERROR_DECRYPTION_SIZE,
- FKO_ERROR_DECRYPTION_FAILURE,
- FKO_ERROR_DIGEST_VERIFICATION_FAILED,
- FKO_ERROR_UNSUPPORTED_FEATURE,
- FKO_ERROR_UNKNOWN,
-
- /* Start GPGME-related errors */
- GPGME_ERR_START,
- FKO_ERROR_MISSING_GPG_KEY_DATA,
- FKO_ERROR_GPGME_NO_OPENPGP,
- FKO_ERROR_GPGME_CONTEXT,
- FKO_ERROR_GPGME_PLAINTEXT_DATA_OBJ,
- FKO_ERROR_GPGME_SET_PROTOCOL,
- FKO_ERROR_GPGME_CIPHER_DATA_OBJ,
- FKO_ERROR_GPGME_BAD_PASSPHRASE,
- FKO_ERROR_GPGME_ENCRYPT_SIGN,
- FKO_ERROR_GPGME_CONTEXT_SIGNER_KEY,
- FKO_ERROR_GPGME_SIGNER_KEYLIST_START,
- FKO_ERROR_GPGME_SIGNER_KEY_NOT_FOUND,
- FKO_ERROR_GPGME_SIGNER_KEY_AMBIGUOUS,
- FKO_ERROR_GPGME_ADD_SIGNER,
- FKO_ERROR_GPGME_CONTEXT_RECIPIENT_KEY,
- FKO_ERROR_GPGME_RECIPIENT_KEYLIST_START,
- FKO_ERROR_GPGME_RECIPIENT_KEY_NOT_FOUND,
- FKO_ERROR_GPGME_RECIPIENT_KEY_AMBIGUOUS,
- FKO_ERROR_GPGME_DECRYPT_FAILED,
- FKO_ERROR_GPGME_DECRYPT_UNSUPPORTED_ALGORITHM,
- FKO_ERROR_GPGME_BAD_GPG_EXE,
- FKO_ERROR_GPGME_BAD_HOME_DIR,
- FKO_ERROR_GPGME_SET_HOME_DIR,
- FKO_ERROR_GPGME_NO_SIGNATURE,
- FKO_ERROR_GPGME_BAD_SIGNATURE,
- FKO_ERROR_GPGME_SIGNATURE_VERIFY_DISABLED,
-
- FKO_LAST_ERROR
-} fko_error_codes_t;
-
-/* Macro that returns true if the given error code is a gpg-related error.
-*/
-#define IS_GPG_ERROR(x) (x > GPGME_ERR_START && x < FKO_LAST_ERROR)
-
-/* General Defaults
-*/
-#define FKO_DEFAULT_MSG_TYPE FKO_ACCESS_MSG
-#define FKO_DEFAULT_DIGEST FKO_DIGEST_SHA256
-#define FKO_DEFAULT_ENCRYPTION FKO_ENCRYPTION_RIJNDAEL
-
-/* Define the consistent prefixes or salt on some encryption schemes.
-*/
-#define B64_RIJNDAEL_SALT "U2FsdGVkX1"
-#define B64_RIJNDAEL_SALT_STR_LEN 10
-
-#define B64_GPG_PREFIX "hQ"
-#define B64_GPG_PREFIX_STR_LEN 2
-
-/* The context holds the global state and config options, as
- * well as some intermediate results during processing. This
- * is an opaque pointer.
-*/
-struct fko_context;
-typedef struct fko_context *fko_ctx_t;
-
-/* Some gpg-specifc data types and constants.
-*/
-#if HAVE_LIBGPGME
-
-enum {
- FKO_GPG_NO_SIG_VERIFY_SIGS = 0x01,
- FKO_GPG_ALLOW_BAD_SIG = 0x02,
- FKO_GPG_NO_SIG_INFO = 0x04,
- FKO_GPG_ALLOW_EXPIRED_SIG = 0x08,
- FKO_GPG_ALLOW_REVOKED_SIG = 0x10
-};
-
-#define FKO_GPG_GOOD_SIGSUM 3
-
-#endif /* HAVE_LIBGPGME */
-
-/* Function prototypes */
-
-/* General api calls
-*/
-DLL_API int fko_new(fko_ctx_t *ctx);
-DLL_API int fko_new_with_data(fko_ctx_t *ctx, const char *enc_msg, const char *dec_key);
-DLL_API void fko_destroy(fko_ctx_t ctx);
-DLL_API int fko_spa_data_final(fko_ctx_t ctx, const char *enc_key);
-
-
-/* Set context data functions
-*/
-DLL_API int fko_set_rand_value(fko_ctx_t ctx, const char *val);
-DLL_API int fko_set_username(fko_ctx_t ctx, const char *spoof_user);
-DLL_API int fko_set_timestamp(fko_ctx_t ctx, const int offset);
-DLL_API int fko_set_spa_message_type(fko_ctx_t ctx, const short msg_type);
-DLL_API int fko_set_spa_message(fko_ctx_t ctx, const char *msg_string);
-DLL_API int fko_set_spa_nat_access(fko_ctx_t ctx, const char *nat_access);
-DLL_API int fko_set_spa_server_auth(fko_ctx_t ctx, const char *server_auth);
-DLL_API int fko_set_spa_client_timeout(fko_ctx_t ctx, const int timeout);
-DLL_API int fko_set_spa_digest_type(fko_ctx_t ctx, const short digest_type);
-DLL_API int fko_set_spa_digest(fko_ctx_t ctx);
-DLL_API int fko_set_raw_spa_digest_type(fko_ctx_t ctx, const short raw_digest_type);
-DLL_API int fko_set_raw_spa_digest(fko_ctx_t ctx);
-DLL_API int fko_set_spa_encryption_type(fko_ctx_t ctx, const short encrypt_type);
-DLL_API int fko_set_spa_data(fko_ctx_t ctx, const char *enc_msg);
-
-/* Data processing and misc utility functions
-*/
-DLL_API const char* fko_errstr(const int err_code);
-DLL_API int fko_encryption_type(const char *enc_data);
-
-DLL_API int fko_encode_spa_data(fko_ctx_t ctx);
-DLL_API int fko_decode_spa_data(fko_ctx_t ctx);
-DLL_API int fko_encrypt_spa_data(fko_ctx_t ctx, const char *enc_key);
-DLL_API int fko_decrypt_spa_data(fko_ctx_t ctx, const char *dec_key);
-
-DLL_API int fko_get_encoded_data(fko_ctx_t ctx, char **enc_data);
-
-
-/* Get context data functions
-*/
-DLL_API int fko_get_rand_value(fko_ctx_t ctx, char **rand_val);
-DLL_API int fko_get_username(fko_ctx_t ctx, char **username);
-DLL_API int fko_get_timestamp(fko_ctx_t ctx, time_t *ts);
-DLL_API int fko_get_spa_message_type(fko_ctx_t ctx, short *spa_msg);
-DLL_API int fko_get_spa_message(fko_ctx_t ctx, char **spa_message);
-DLL_API int fko_get_spa_nat_access(fko_ctx_t ctx, char **nat_access);
-DLL_API int fko_get_spa_server_auth(fko_ctx_t ctx, char **server_auth);
-DLL_API int fko_get_spa_client_timeout(fko_ctx_t ctx, int *client_timeout);
-DLL_API int fko_get_spa_digest_type(fko_ctx_t ctx, short *spa_digest_type);
-DLL_API int fko_get_raw_spa_digest_type(fko_ctx_t ctx, short *raw_spa_digest_type);
-DLL_API int fko_get_spa_digest(fko_ctx_t ctx, char **spa_digest);
-DLL_API int fko_get_raw_spa_digest(fko_ctx_t ctx, char **raw_spa_digest);
-DLL_API int fko_get_spa_encryption_type(fko_ctx_t ctx, short *spa_enc_type);
-DLL_API int fko_get_spa_data(fko_ctx_t ctx, char **spa_data);
-
-DLL_API int fko_get_version(fko_ctx_t ctx, char **version);
-
-/* GPG-related functions */
-DLL_API int fko_set_gpg_exe(fko_ctx_t ctx, const char *gpg_exe);
-DLL_API int fko_get_gpg_exe(fko_ctx_t ctx, char **gpg_exe);
-
-DLL_API int fko_set_gpg_recipient(fko_ctx_t ctx, const char *recip);
-DLL_API int fko_get_gpg_recipient(fko_ctx_t ctx, char **recip);
-DLL_API int fko_set_gpg_signer(fko_ctx_t ctx, const char *signer);
-DLL_API int fko_get_gpg_signer(fko_ctx_t ctx, char **signer);
-DLL_API int fko_set_gpg_home_dir(fko_ctx_t ctx, const char *gpg_home_dir);
-DLL_API int fko_get_gpg_home_dir(fko_ctx_t ctx, char **gpg_home_dir);
-
-DLL_API const char* fko_gpg_errstr(fko_ctx_t ctx);
-
-DLL_API int fko_set_gpg_signature_verify(fko_ctx_t ctx, const unsigned char val);
-DLL_API int fko_get_gpg_signature_verify(fko_ctx_t ctx, unsigned char *val);
-DLL_API int fko_set_gpg_ignore_verify_error(fko_ctx_t ctx, const unsigned char val);
-DLL_API int fko_get_gpg_ignore_verify_error(fko_ctx_t ctx, unsigned char *val);
-
-DLL_API int fko_get_gpg_signature_id(fko_ctx_t ctx, char **sig_id);
-DLL_API int fko_get_gpg_signature_fpr(fko_ctx_t ctx, char **sig_fpr);
-DLL_API int fko_get_gpg_signature_summary(fko_ctx_t ctx, int *sigsum);
-DLL_API int fko_get_gpg_signature_status(fko_ctx_t ctx, int *sigstat);
-
-DLL_API int fko_gpg_signature_id_match(fko_ctx_t ctx, const char *id, unsigned char *result);
-DLL_API int fko_gpg_signature_fpr_match(fko_ctx_t ctx, const char *fpr, unsigned char *result);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* FKO_H */
-
-/***EOF***/
67 android/project/jni/fwknop/fko_limits.h
View
@@ -1,67 +0,0 @@
-/*
- *****************************************************************************
- *
- * File: fko_limits.h
- *
- * Author: Damien S. Stuart
- *
- * Copyright 2009-2013 Damien Stuart (dstuart@dstuart.org)
- *
- * License (GNU General Public License):
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- * USA
- *
- *****************************************************************************
-*/
-#ifndef FKO_LIMITS_H
-#define FKO_LIMITS_H 1
-
-/* How much space we allow for the fko context error message buffer.
-*/
-#define MAX_FKO_ERR_MSG_SIZE 128
-
-/* Define some limits (--DSS XXX: These sizes need to be reviewed)
-*/
-#define MAX_SPA_ENCRYPTED_SIZE 1500
-#define MAX_SPA_CMD_LEN 1400
-#define MAX_SPA_USERNAME_SIZE 64
-#define MAX_SPA_MESSAGE_SIZE 256
-#define MAX_SPA_NAT_ACCESS_SIZE 128
-#define MAX_SPA_SERVER_AUTH_SIZE 64
-#define MAX_SPA_TIMESTAMP_SIZE 12
-#define MAX_SPA_VERSION_SIZE 8 /* 12.34.56 */
-#define MAX_SPA_MESSAGE_TYPE_SIZE 2
-
-#define MIN_SPA_ENCODED_MSG_SIZE 36 /* Somewhat arbitrary */
-#define MAX_SPA_ENCODED_MSG_SIZE MAX_SPA_ENCRYPTED_SIZE
-#define MIN_GNUPG_MSG_SIZE 400
-#define MIN_SPA_FIELDS 6
-#define MAX_SPA_FIELDS 10
-
-#define MAX_IPV4_STR_LEN 16
-#define MIN_IPV4_STR_LEN 7
-
-#define MAX_PROTO_STR_LEN 4 /* tcp, udp, icmp for now */
-#define MAX_PORT_STR_LEN 5
-
-/* Misc.
-*/
-#define FKO_ENCODE_TMP_BUF_SIZE 1024
-#define FKO_RAND_VAL_SIZE 16
-
-#endif /* FKO_LIMITS_H */
-
-/***EOF***/
44 android/project/jni/fwknop/fko_message.h
View
@@ -1,44 +0,0 @@
-/*
- *****************************************************************************
- *
- * File: fko_message.h
- *
- * Author: Michael Rash
- *
- * Purpose: Provide validation functions for SPA messages
- *
- * Copyright 2012 Michael Rash (mbr@cipherdyne.org)
- *
- * License (GNU General Public License):
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- * USA
- *
- *****************************************************************************
-*/
-
-#ifndef FKO_MESSAGE_H
-#define FKO_MESSAGE_H 1
-
-/* SPA message format validation functions.
-*/
-int validate_cmd_msg(const char *msg);
-int validate_access_msg(const char *msg);
-int validate_nat_access_msg(const char *msg);
-int validate_proto_port_spec(const char *msg);
-
-#endif /* FKO_MESSAGE_H */
-
-/***EOF***/
28 android/project/jni/fwknop/fwknop_client.c
View
@@ -45,7 +45,7 @@ jstring Java_com_max2idea_android_fwknop_Fwknop_sendSPAPacket(JNIEnv* env,
fko_ctx_t ctx;
fwknop_options_t opts;
- int res;
+ int res, hmac_str_len = 0;
char res_msg[MSG_BUFSIZE+1] = {0};
char spa_msg[MSG_BUFSIZE+1] = {0};
@@ -72,6 +72,10 @@ jstring Java_com_max2idea_android_fwknop_Fwknop_sendSPAPacket(JNIEnv* env,
jstring jpasswd = (*env)->GetObjectField(env, thiz, fid);
const char *passwd_str = (*env)->GetStringUTFChars(env, jpasswd, 0);
+ fid = (*env)->GetFieldID(env, c, "hmac_str", "Ljava/lang/String;");
+ jstring jhmac = (*env)->GetObjectField(env, thiz, fid);
+ const char *hmac_str = (*env)->GetStringUTFChars(env, jhmac, 0);
+
fid = (*env)->GetFieldID(env, c, "fw_timeout_str", "Ljava/lang/String;");
jstring jfwtimeout = (*env)->GetObjectField(env, thiz, fid);
const char *fw_timeout_str = (*env)->GetStringUTFChars(env, jfwtimeout, 0);
@@ -99,6 +103,12 @@ jstring Java_com_max2idea_android_fwknop_Fwknop_sendSPAPacket(JNIEnv* env,
goto cleanup2;
}
+ /* Using an HMAC is optional (currently)
+ */
+ if(hmac_str != NULL) {
+ hmac_str_len = (int)strlen(hmac_str);
+ }
+
/* Set our spa server info
*/
opts.spa_server_str = (char*)destip_str;
@@ -130,9 +140,20 @@ jstring Java_com_max2idea_android_fwknop_Fwknop_sendSPAPacket(JNIEnv* env,
goto cleanup;
}
+ /* Set the HMAC mode if necessary
+ */
+ if (hmac_str_len > 0) {
+ res = fko_set_spa_hmac_type(ctx, FKO_DEFAULT_HMAC_MODE);
+ if (res != FKO_SUCCESS) {
+ strcpy(res_msg, fko_errmsg("Error setting SPA HMAC type", res));
+ goto cleanup;
+ }
+ }
+
/* Finalize the context data (Encrypt and encode).
*/
- res = fko_spa_data_final(ctx, (char*)passwd_str);
+ res = fko_spa_data_final(ctx, (char*)passwd_str,
+ (int)strlen(passwd_str), (char *)hmac_str, hmac_str_len);
if (res != FKO_SUCCESS) {
strcpy(res_msg, fko_errmsg("Error generating SPA data", res));
goto cleanup;
@@ -173,12 +194,13 @@ jstring Java_com_max2idea_android_fwknop_Fwknop_sendSPAPacket(JNIEnv* env,
(*env)->ReleaseStringUTFChars(env, jallowip, allowip_str);
(*env)->ReleaseStringUTFChars(env, jdestip, destip_str);
(*env)->ReleaseStringUTFChars(env, jpasswd, passwd_str);
+ (*env)->ReleaseStringUTFChars(env, jhmac, hmac_str);
(*env)->ReleaseStringUTFChars(env, jfwtimeout, fw_timeout_str);
/* Log and return a string of success or error message.
* This can be enhanced semantically with codes.
*/
- LOGV(res_msg);
+ LOGV("%s", res_msg);
return (*env)->NewStringUTF(env, res_msg);
}
37 android/project/jni/fwknop/get_libfko_header.sh
View
@@ -0,0 +1,37 @@
+#!/bin/sh
+#
+# get_libfko_header.sh
+#
+# Copy the fko.h header file in the fwknop source tree into this
+# directory.
+#
+# Usage: ./get_libfko_header.sh [libfko-dir]
+#
+# Note: You should run this script only from this directory (jni/fwknop).
+#
+# If the libfko-dir argument is not given, this script will assume
+# ../../../../lib (which will work if this directory is still part
+# of the original fwknop source distribution.
+#
+###############################################################################
+#
+LIBFKO_DIR=${1:-"../../../../lib"} # Default relative path to libfko files.
+
+# Simple sanity checks. See if the LIBFKO_DIR directory exists and see if
+# thi "fko_context.h" is found there as well.
+#
+if [ ! -d "$LIBFKO_DIR" ] ; then
+ echo "Libfko directory: '$LIBFKO_DIR' was not found! Aborting."
+ exit 1
+fi
+
+if [ ! -e "${LIBFKO_DIR}/fko_context.h" ] ; then
+ echo "'$LIBFKO_DIR' does not seem to contain the required files! Aborting."
+ exit 1
+fi
+
+# Copy the fko.h header file
+#
+/bin/cp ${LIBFKO_DIR}/fko.h .
+
+###EOF###
14 android/project/project.properties
View
@@ -0,0 +1,14 @@
+# This file is automatically generated by Android Tools.
+# Do not modify this file -- YOUR CHANGES WILL BE ERASED!
+#
+# This file must be checked in Version Control Systems.
+#
+# To customize properties used by the Ant build system edit
+# "ant.properties", and override values to adapt the script to your
+# project structure.
+#
+# To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: sdk.dir, user.home):
+#proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
+
+# Project target.
+target=android-19
22 android/project/res/layout/main.xml
View
@@ -133,6 +133,28 @@
android:textSize="20dip"
/>
</LinearLayout>
+ <LinearLayout android:id="@+id/hmacl"
+ android:orientation="horizontal"
+ android:layout_width="fill_parent"
+ android:layout_height="wrap_content"
+ >
+ <TextView
+ android:id="@+id/hmacStr"
+ android:layout_width="wrap_content"
+ android:layout_height="wrap_content"
+ android:text="HMAC Key: "
+ android:textSize="20dip"
+ />
+ <EditText
+ android:id="@+id/hmac"
+ android:layout_width="fill_parent"
+ android:layout_height="wrap_content"
+ android:text=""
+ android:singleLine="true"
+ android:password="true"
+ android:textSize="20dip"
+ />
+ </LinearLayout>
<RelativeLayout android:id="@+id/startAppl"
android:orientation="horizontal"
android:layout_width="fill_parent"
3  android/project/sdk.paths
View
@@ -0,0 +1,3 @@
+export JAVA_HOME=/usr/lib/jvm/java-6-openjdk-amd64
+
+export PATH=$PATH:/usr/lib/jvm/java-6-openjdk-amd64/bin:/home/mbr/android/android-sdk-linux/tools:/home/mbr/android/android-sdk-linux/platform-tools:/home/mbr/android/android-ndk-rb9
13 android/project/src/com/max2idea/android/fwknop/Fwknop.java
View
@@ -94,6 +94,7 @@ public void onClick(DialogInterface dialog, int which) {
private String output;
private Spinner mAllowip;
private EditText mPasswd;
+ private EditText mHmac;
private EditText mDestip;
private Spinner mAccessProto;
private EditText mAccessPort;
@@ -102,6 +103,7 @@ public void onClick(DialogInterface dialog, int which) {
private String access_str;
private String allowip_str;
private String passwd_str;
+ private String hmac_str;
private String destip_str;
private String fw_timeout_str;
private CheckBox mCheck;
@@ -303,6 +305,15 @@ private void onStartButton() {
return;
}
+ if (this.mHmac != null && !this.mHmac.getText().toString().trim().equals("")) {
+ this.hmac_str = mHmac.getText().toString();
+ edit.putString("hmac_str", mHmac.getText().toString());
+ } else {
+ // the HMAC is currently optional
+ this.hmac_str = "";
+ edit.putString("hmac_str", this.hmac_str);
+ }
+
if (this.mDestip != null && !this.mDestip.getText().toString().trim().equals("")) {
this.destip_str = mDestip.getText().toString();
edit.putString("destip_str", mDestip.getText().toString());
@@ -367,6 +378,8 @@ public void setupWidgets() {
this.mPasswd = (EditText) findViewById(R.id.passwd);
this.mOutput = (TextView) findViewById(R.id.output);
+ this.mHmac = (EditText) findViewById(R.id.hmac);
+
mUnlock = (ImageButton) findViewById(R.id.unlock);
mUnlock.setOnClickListener(new OnClickListener() {
52 android/project/src/com/max2idea/android/fwknop/R.java
View
@@ -1,52 +0,0 @@
-/* AUTO-GENERATED FILE. DO NOT MODIFY.
- *
- * This class was automatically generated by the
- * aapt tool from the resource data it found. It
- * should not be modified by hand.
- */
-
-package com.max2idea.android.fwknop;
-
-public final class R {
- public static final class attr {
- }
- public static final class drawable {
- public static final int icon=0x7f020000;
- public static final int lock_128x128=0x7f020001;
- public static final int lock_32x32=0x7f020002;
- public static final int lock_64x64=0x7f020003;
- }
- public static final class id {
- public static final int accessPort=0x7f050008;
- public static final int accessPortStr=0x7f050007;
- public static final int accessPortl=0x7f050006;
- public static final int accessProto=0x7f050005;
- public static final int accessProtoStr=0x7f050004;
- public static final int accessProtol=0x7f050003;
- public static final int allowip=0x7f050002;
- public static final int allowipl=0x7f050000;
- public static final int allowipstr=0x7f050001;
- public static final int destIP=0x7f05000b;
- public static final int destIPStr=0x7f05000a;
- public static final int destIPl=0x7f050009;
- public static final int fwTimeout=0x7f05000e;
- public static final int fwTimeoutStr=0x7f05000d;
- public static final int fwTimeoutl=0x7f05000c;
- public static final int output=0x7f050016;
- public static final int passwd=0x7f050011;
- public static final int passwdStr=0x7f050010;
- public static final int passwdl=0x7f05000f;
- public static final int startApp=0x7f050013;
- public static final int startAppCheck=0x7f050014;
- public static final int startAppl=0x7f050012;
- public static final int startl=0x7f050015;
- public static final int unlock=0x7f050017;
- }
- public static final class layout {
- public static final int main=0x7f030000;
- }
- public static final class string {
- public static final int app_name=0x7f040000;
- public static final int app_short_name=0x7f040001;
- }
-}
2  test/conf/android_access.conf
View
@@ -1,3 +1,3 @@
SOURCE ANY
-KEY asdfasdf
+KEY fwknoptest
FW_ACCESS_TIMEOUT 3
4 test/conf/hmac_android_access.conf
View
@@ -0,0 +1,4 @@
+SOURCE ANY
+KEY fwknoptest
+HMAC_KEY hmactest
+FW_ACCESS_TIMEOUT 3
1  test/test-fwknop.pl
View
@@ -88,6 +88,7 @@
'no_flush_exit' => "$conf_dir/no_flush_exit_fwknopd.conf",
'no_flush_init_or_exit' => "$conf_dir/no_flush_init_or_exit_fwknopd.conf",
'ipfw_active_expire' => "$conf_dir/ipfw_active_expire_equal_fwknopd.conf",
+ 'hmac_android_access' => "$conf_dir/hmac_android_access.conf",
'android_access' => "$conf_dir/android_access.conf",
'android_legacy_iv_access' => "$conf_dir/android_legacy_iv_access.conf",
'dual_key_access' => "$conf_dir/dual_key_usage_access.conf",
18 test/tests/rijndael_backwards_compatibility.pl
View
@@ -163,4 +163,22 @@
'fw_rule_created' => $NEW_RULE_REQUIRED,
'fw_rule_removed' => $NEW_RULE_REMOVED,
},
+ {
+ 'category' => 'Rijndael',
+ 'subcategory' => 'Android compatibility',
+ 'detail' => 'v4.4',
+ 'function' => \&backwards_compatibility,
+ 'no_ip_check' => 1,
+ 'pkt' =>
+ '/Nx+t6S6IDIFoYROp2V29yj9MmHVlrPKNQKuo3DTHa8/EJmu3fkp' .
+ 'cv4xpiaQ82q2I2u9ia1L3SOrscltFhhNUkFdOguM+fMnd8koQL1a' .
+ '/gafXo83MiZzxzDmROiJ+qrmB4qnDgp8Vtd/E5ExEOoZggOkroak' .
+ '/PALo',
+ 'server_positive_output_matches' => [qr/with expire time/],
+ 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'android_access'} " .
+ "-d $default_digest_file -p $default_pid_file $intf_str",
+ 'fw_rule_created' => $NEW_RULE_REQUIRED,
+ 'fw_rule_removed' => $NEW_RULE_REMOVED,
+ },
+
);
18 test/tests/rijndael_hmac.pl
View
@@ -229,6 +229,24 @@
'fw_rule_removed' => $NEW_RULE_REMOVED,
},
{
+ 'category' => 'Rijndael+HMAC',
+ 'subcategory' => 'Android compatibility',
+ 'detail' => 'v4.4',
+ 'function' => \&backwards_compatibility,
+ 'no_ip_check' => 1,
+ 'pkt' =>
+ '+8fP34T9Vjs50Yke5tNTz7YnsDbQUcp6zaaJTzVOgRuNXyhiZKL5' .
+ 'UpaC2neRkqgjSlG6/qJSKXIuXBKR4LFS3rX2ZwrOkfBGKJeXe8S2' .
+ 'uZex9RjOr/8SwS45Q+Kt3J6QsShXU4cxz09Cv+bi7+08/bGCyVdh' .
+ 'vYNwogIhEkcqS79+JNR3lSBEBrOY4hoOKRRAYw41yI5cBCdc',
+ 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'hmac_android_access'} " .
+ "-d $default_digest_file -p $default_pid_file $intf_str",
+ 'server_positive_output_matches' => [qr/with expire time/],
+ 'fw_rule_created' => $NEW_RULE_REQUIRED,
+ 'fw_rule_removed' => $NEW_RULE_REMOVED,
+ },
+
+ {
'category' => 'Rijndael+HMAC',
'subcategory' => 'client+server',
Please sign in to comment.
Something went wrong with that request. Please try again.