Annotation of embedaddon/ipsec-tools/src/racoon/prsa_par.y, revision 1.1
1.1 ! misho 1: /* $NetBSD: prsa_par.y,v 1.6 2011/03/02 14:49:21 vanhu Exp $ */
! 2:
! 3: /* Id: prsa_par.y,v 1.3 2004/11/08 12:04:23 ludvigm Exp */
! 4:
! 5: %{
! 6: /*
! 7: * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany.
! 8: * Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
! 9: * All rights reserved.
! 10: *
! 11: * Redistribution and use in source and binary forms, with or without
! 12: * modification, are permitted provided that the following conditions
! 13: * are met:
! 14: * 1. Redistributions of source code must retain the above copyright
! 15: * notice, this list of conditions and the following disclaimer.
! 16: * 2. Redistributions in binary form must reproduce the above copyright
! 17: * notice, this list of conditions and the following disclaimer in the
! 18: * documentation and/or other materials provided with the distribution.
! 19: * 3. Neither the name of the project nor the names of its contributors
! 20: * may be used to endorse or promote products derived from this software
! 21: * without specific prior written permission.
! 22: *
! 23: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
! 24: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 25: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 26: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
! 27: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 28: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 29: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 30: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 31: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 32: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 33: * SUCH DAMAGE.
! 34: */
! 35:
! 36: /* This file contains a parser for FreeS/WAN-style ipsec.secrets RSA keys. */
! 37:
! 38: #include "config.h"
! 39:
! 40: #include <stdio.h>
! 41: #include <stdarg.h>
! 42: #include <string.h>
! 43: #include <errno.h>
! 44: #include <unistd.h>
! 45:
! 46: #ifdef HAVE_STDARG_H
! 47: #include <stdarg.h>
! 48: #else
! 49: #include <varargs.h>
! 50: #endif
! 51:
! 52: #include <netdb.h>
! 53: #include <netinet/in.h>
! 54: #include <sys/socket.h>
! 55: #include <arpa/inet.h>
! 56: #include <sys/types.h>
! 57:
! 58: #include <sys/stat.h>
! 59: #include <unistd.h>
! 60:
! 61: #include <openssl/bn.h>
! 62: #include <openssl/rsa.h>
! 63:
! 64: #include "misc.h"
! 65: #include "vmbuf.h"
! 66: #include "plog.h"
! 67: #include "oakley.h"
! 68: #include "isakmp_var.h"
! 69: #include "handler.h"
! 70: #include "crypto_openssl.h"
! 71: #include "sockmisc.h"
! 72: #include "rsalist.h"
! 73:
! 74: extern void prsaerror(const char *str, ...);
! 75: extern int prsawrap (void);
! 76: extern int prsalex (void);
! 77:
! 78: extern char *prsatext;
! 79: extern int prsa_cur_lineno;
! 80: extern char *prsa_cur_fname;
! 81: extern FILE *prsain;
! 82:
! 83: int prsa_cur_lineno = 0;
! 84: char *prsa_cur_fname = NULL;
! 85: struct genlist *prsa_cur_list = NULL;
! 86: enum rsa_key_type prsa_cur_type = RSA_TYPE_ANY;
! 87:
! 88: static RSA *rsa_cur;
! 89:
! 90: void
! 91: prsaerror(const char *s, ...)
! 92: {
! 93: char fmt[512];
! 94:
! 95: va_list ap;
! 96: #ifdef HAVE_STDARG_H
! 97: va_start(ap, s);
! 98: #else
! 99: va_start(ap);
! 100: #endif
! 101: snprintf(fmt, sizeof(fmt), "%s:%d: %s",
! 102: prsa_cur_fname, prsa_cur_lineno, s);
! 103: plogv(LLV_ERROR, LOCATION, NULL, fmt, ap);
! 104: va_end(ap);
! 105: }
! 106:
! 107: void
! 108: prsawarning(const char *s, ...)
! 109: {
! 110: char fmt[512];
! 111:
! 112: va_list ap;
! 113: #ifdef HAVE_STDARG_H
! 114: va_start(ap, s);
! 115: #else
! 116: va_start(ap);
! 117: #endif
! 118: snprintf(fmt, sizeof(fmt), "%s:%d: %s",
! 119: prsa_cur_fname, prsa_cur_lineno, s);
! 120: plogv(LLV_WARNING, LOCATION, NULL, fmt, ap);
! 121: va_end(ap);
! 122: }
! 123:
! 124: int
! 125: prsawrap()
! 126: {
! 127: return 1;
! 128: }
! 129: %}
! 130: %union {
! 131: BIGNUM *bn;
! 132: RSA *rsa;
! 133: char *chr;
! 134: long num;
! 135: struct netaddr *naddr;
! 136: }
! 137:
! 138: %token COLON HEX
! 139: %token OBRACE EBRACE COLON HEX
! 140: %token TAG_RSA TAG_PUB TAG_PSK
! 141: %token MODULUS PUBLIC_EXPONENT PRIVATE_EXPONENT
! 142: %token PRIME1 PRIME2 EXPONENT1 EXPONENT2 COEFFICIENT
! 143: %token ADDR4 ADDR6 ADDRANY SLASH NUMBER BASE64
! 144:
! 145: %type <bn> HEX
! 146: %type <num> NUMBER
! 147: %type <chr> ADDR4 ADDR6 BASE64
! 148:
! 149: %type <rsa> rsa_statement
! 150: %type <num> prefix
! 151: %type <naddr> addr4 addr6 addr
! 152:
! 153: %%
! 154: statements:
! 155: statements statement
! 156: | statement
! 157: ;
! 158:
! 159: statement:
! 160: addr addr COLON rsa_statement
! 161: {
! 162: rsa_key_insert(prsa_cur_list, $1, $2, $4);
! 163: }
! 164: | addr COLON rsa_statement
! 165: {
! 166: rsa_key_insert(prsa_cur_list, NULL, $1, $3);
! 167: }
! 168: | COLON rsa_statement
! 169: {
! 170: rsa_key_insert(prsa_cur_list, NULL, NULL, $2);
! 171: }
! 172: ;
! 173:
! 174: rsa_statement:
! 175: TAG_RSA OBRACE params EBRACE
! 176: {
! 177: if (prsa_cur_type == RSA_TYPE_PUBLIC) {
! 178: prsawarning("Using private key for public key purpose.\n");
! 179: if (!rsa_cur->n || !rsa_cur->e) {
! 180: prsaerror("Incomplete key. Mandatory parameters are missing!\n");
! 181: YYABORT;
! 182: }
! 183: }
! 184: else {
! 185: if (!rsa_cur->n || !rsa_cur->e || !rsa_cur->d) {
! 186: prsaerror("Incomplete key. Mandatory parameters are missing!\n");
! 187: YYABORT;
! 188: }
! 189: if (!rsa_cur->p || !rsa_cur->q || !rsa_cur->dmp1
! 190: || !rsa_cur->dmq1 || !rsa_cur->iqmp) {
! 191: if (rsa_cur->p) BN_clear_free(rsa_cur->p);
! 192: if (rsa_cur->q) BN_clear_free(rsa_cur->q);
! 193: if (rsa_cur->dmp1) BN_clear_free(rsa_cur->dmp1);
! 194: if (rsa_cur->dmq1) BN_clear_free(rsa_cur->dmq1);
! 195: if (rsa_cur->iqmp) BN_clear_free(rsa_cur->iqmp);
! 196:
! 197: rsa_cur->p = NULL;
! 198: rsa_cur->q = NULL;
! 199: rsa_cur->dmp1 = NULL;
! 200: rsa_cur->dmq1 = NULL;
! 201: rsa_cur->iqmp = NULL;
! 202: }
! 203: }
! 204: $$ = rsa_cur;
! 205: rsa_cur = RSA_new();
! 206: }
! 207: | TAG_PUB BASE64
! 208: {
! 209: if (prsa_cur_type == RSA_TYPE_PRIVATE) {
! 210: prsaerror("Public key in private-key file!\n");
! 211: YYABORT;
! 212: }
! 213: $$ = base64_pubkey2rsa($2);
! 214: free($2);
! 215: }
! 216: | TAG_PUB HEX
! 217: {
! 218: if (prsa_cur_type == RSA_TYPE_PRIVATE) {
! 219: prsaerror("Public key in private-key file!\n");
! 220: YYABORT;
! 221: }
! 222: $$ = bignum_pubkey2rsa($2);
! 223: }
! 224: ;
! 225:
! 226: addr:
! 227: addr4
! 228: | addr6
! 229: | ADDRANY
! 230: {
! 231: $$ = NULL;
! 232: }
! 233: ;
! 234:
! 235: addr4:
! 236: ADDR4 prefix
! 237: {
! 238: int err;
! 239: struct sockaddr_in *sap;
! 240: struct addrinfo hints, *res;
! 241:
! 242: if ($2 == -1) $2 = 32;
! 243: if ($2 < 0 || $2 > 32) {
! 244: prsaerror ("Invalid IPv4 prefix\n");
! 245: YYABORT;
! 246: }
! 247: $$ = calloc (sizeof(struct netaddr), 1);
! 248: $$->prefix = $2;
! 249: sap = (struct sockaddr_in *)(&$$->sa);
! 250: memset(&hints, 0, sizeof(hints));
! 251: hints.ai_family = AF_INET;
! 252: hints.ai_flags = AI_NUMERICHOST;
! 253: err = getaddrinfo($1, NULL, &hints, &res);
! 254: if (err < 0) {
! 255: prsaerror("getaddrinfo(%s): %s\n", $1, gai_strerror(err));
! 256: YYABORT;
! 257: }
! 258: memcpy(sap, res->ai_addr, res->ai_addrlen);
! 259: freeaddrinfo(res);
! 260: free($1);
! 261: }
! 262: ;
! 263:
! 264: addr6:
! 265: ADDR6 prefix
! 266: {
! 267: int err;
! 268: struct sockaddr_in6 *sap;
! 269: struct addrinfo hints, *res;
! 270:
! 271: if ($2 == -1) $2 = 128;
! 272: if ($2 < 0 || $2 > 128) {
! 273: prsaerror ("Invalid IPv6 prefix\n");
! 274: YYABORT;
! 275: }
! 276: $$ = calloc (sizeof(struct netaddr), 1);
! 277: $$->prefix = $2;
! 278: sap = (struct sockaddr_in6 *)(&$$->sa);
! 279: memset(&hints, 0, sizeof(hints));
! 280: hints.ai_family = AF_INET6;
! 281: hints.ai_flags = AI_NUMERICHOST;
! 282: err = getaddrinfo($1, NULL, &hints, &res);
! 283: if (err < 0) {
! 284: prsaerror("getaddrinfo(%s): %s\n", $1, gai_strerror(err));
! 285: YYABORT;
! 286: }
! 287: memcpy(sap, res->ai_addr, res->ai_addrlen);
! 288: freeaddrinfo(res);
! 289: free($1);
! 290: }
! 291: ;
! 292:
! 293: prefix:
! 294: /* nothing */ { $$ = -1; }
! 295: | SLASH NUMBER { $$ = $2; }
! 296: ;
! 297: params:
! 298: params param
! 299: | param
! 300: ;
! 301:
! 302: param:
! 303: MODULUS COLON HEX
! 304: { if (!rsa_cur->n) rsa_cur->n = $3; else { prsaerror ("Modulus already defined\n"); YYABORT; } }
! 305: | PUBLIC_EXPONENT COLON HEX
! 306: { if (!rsa_cur->e) rsa_cur->e = $3; else { prsaerror ("PublicExponent already defined\n"); YYABORT; } }
! 307: | PRIVATE_EXPONENT COLON HEX
! 308: { if (!rsa_cur->d) rsa_cur->d = $3; else { prsaerror ("PrivateExponent already defined\n"); YYABORT; } }
! 309: | PRIME1 COLON HEX
! 310: { if (!rsa_cur->p) rsa_cur->p = $3; else { prsaerror ("Prime1 already defined\n"); YYABORT; } }
! 311: | PRIME2 COLON HEX
! 312: { if (!rsa_cur->q) rsa_cur->q = $3; else { prsaerror ("Prime2 already defined\n"); YYABORT; } }
! 313: | EXPONENT1 COLON HEX
! 314: { if (!rsa_cur->dmp1) rsa_cur->dmp1 = $3; else { prsaerror ("Exponent1 already defined\n"); YYABORT; } }
! 315: | EXPONENT2 COLON HEX
! 316: { if (!rsa_cur->dmq1) rsa_cur->dmq1 = $3; else { prsaerror ("Exponent2 already defined\n"); YYABORT; } }
! 317: | COEFFICIENT COLON HEX
! 318: { if (!rsa_cur->iqmp) rsa_cur->iqmp = $3; else { prsaerror ("Coefficient already defined\n"); YYABORT; } }
! 319: ;
! 320: %%
! 321:
! 322: int prsaparse(void);
! 323:
! 324: int
! 325: prsa_parse_file(struct genlist *list, char *fname, enum rsa_key_type type)
! 326: {
! 327: FILE *fp = NULL;
! 328: int ret;
! 329:
! 330: if (!fname)
! 331: return -1;
! 332: if (type == RSA_TYPE_PRIVATE) {
! 333: struct stat st;
! 334: if (stat(fname, &st) < 0)
! 335: return -1;
! 336: if (st.st_mode & (S_IRWXG | S_IRWXO)) {
! 337: plog(LLV_ERROR, LOCATION, NULL,
! 338: "Too slack permissions on private key '%s'\n",
! 339: fname);
! 340: plog(LLV_ERROR, LOCATION, NULL,
! 341: "Should be at most 0600, now is 0%o\n",
! 342: st.st_mode & 0777);
! 343: return -1;
! 344: }
! 345: }
! 346: fp = fopen(fname, "r");
! 347: if (!fp)
! 348: return -1;
! 349: prsain = fp;
! 350: prsa_cur_lineno = 1;
! 351: prsa_cur_fname = fname;
! 352: prsa_cur_list = list;
! 353: prsa_cur_type = type;
! 354: rsa_cur = RSA_new();
! 355: ret = prsaparse();
! 356: if (rsa_cur) {
! 357: RSA_free(rsa_cur);
! 358: rsa_cur = NULL;
! 359: }
! 360: fclose (fp);
! 361: prsain = NULL;
! 362: return ret;
! 363: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to prsa_par.y CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon