Annotation of embedaddon/ipsec-tools/src/racoon/rsalist.c, revision 1.1
1.1 ! misho 1: /* $NetBSD: rsalist.c,v 1.6 2011/03/14 15:50:36 vanhu Exp $ */
! 2:
! 3: /* Id: rsalist.c,v 1.3 2004/11/08 12:04:23 ludvigm Exp */
! 4:
! 5: /*
! 6: * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany.
! 7: * Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
! 8: * All rights reserved.
! 9: *
! 10: * Redistribution and use in source and binary forms, with or without
! 11: * modification, are permitted provided that the following conditions
! 12: * are met:
! 13: * 1. Redistributions of source code must retain the above copyright
! 14: * notice, this list of conditions and the following disclaimer.
! 15: * 2. Redistributions in binary form must reproduce the above copyright
! 16: * notice, this list of conditions and the following disclaimer in the
! 17: * documentation and/or other materials provided with the distribution.
! 18: * 3. Neither the name of the project nor the names of its contributors
! 19: * may be used to endorse or promote products derived from this software
! 20: * without specific prior written permission.
! 21: *
! 22: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
! 23: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
! 24: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
! 25: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
! 26: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
! 27: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
! 28: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
! 29: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
! 30: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
! 31: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
! 32: * SUCH DAMAGE.
! 33: */
! 34:
! 35: #include "config.h"
! 36:
! 37: #include <stdio.h>
! 38: #include <string.h>
! 39:
! 40: #include <sys/types.h>
! 41: #include <sys/queue.h>
! 42: #include <sys/socket.h>
! 43: #include <netdb.h>
! 44:
! 45: #include <openssl/bn.h>
! 46: #include <openssl/rsa.h>
! 47:
! 48: #include "misc.h"
! 49: #include "plog.h"
! 50: #include "sockmisc.h"
! 51: #include "rsalist.h"
! 52: #include "genlist.h"
! 53: #include "remoteconf.h"
! 54: #include "crypto_openssl.h"
! 55:
! 56: #ifndef LIST_FIRST
! 57: #define LIST_FIRST(head) ((head)->lh_first)
! 58: #endif
! 59:
! 60: #ifndef LIST_NEXT
! 61: #define LIST_NEXT(elm, field) ((elm)->field.le_next)
! 62: #endif
! 63:
! 64: /* from prsa_tok.l */
! 65: int prsa_parse_file(struct genlist *list, const char *fname, enum rsa_key_type type);
! 66:
! 67: int
! 68: rsa_key_insert(struct genlist *list, struct netaddr *src,
! 69: struct netaddr *dst, RSA *rsa)
! 70: {
! 71: struct rsa_key *rsa_key;
! 72:
! 73: rsa_key = calloc(sizeof(struct rsa_key), 1);
! 74: rsa_key->rsa = rsa;
! 75:
! 76: if (src)
! 77: rsa_key->src = src;
! 78: else
! 79: rsa_key->src = calloc(sizeof(*rsa_key->src), 1);
! 80:
! 81: if (dst)
! 82: rsa_key->dst = dst;
! 83: else
! 84: rsa_key->dst = calloc(sizeof(*rsa_key->dst), 1);
! 85:
! 86: genlist_append(list, rsa_key);
! 87:
! 88: return 0;
! 89: }
! 90:
! 91: struct rsa_key *
! 92: rsa_key_dup(struct rsa_key *key)
! 93: {
! 94: struct rsa_key *new;
! 95:
! 96: new = calloc(sizeof(struct rsa_key), 1);
! 97: if (new == NULL)
! 98: return NULL;
! 99:
! 100: if (key->rsa) {
! 101: new->rsa = key->rsa->d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa);
! 102: if (new->rsa == NULL)
! 103: goto dup_error;
! 104: }
! 105:
! 106: if (key->src) {
! 107: new->src = malloc(sizeof(*new->src));
! 108: if (new->src == NULL)
! 109: goto dup_error;
! 110: memcpy(new->src, key->src, sizeof(*new->src));
! 111: }
! 112: if (key->dst) {
! 113: new->dst = malloc(sizeof(*new->dst));
! 114: if (new->dst == NULL)
! 115: goto dup_error;
! 116: memcpy(new->dst, key->dst, sizeof(*new->dst));
! 117: }
! 118:
! 119: return new;
! 120:
! 121: dup_error:
! 122: if (new->rsa != NULL)
! 123: RSA_free(new->rsa);
! 124: if (new->dst != NULL)
! 125: free(new->dst);
! 126: if (new->src != NULL)
! 127: free(new->src);
! 128:
! 129: free(new);
! 130: return NULL;
! 131: }
! 132:
! 133: void
! 134: rsa_key_free(void *data)
! 135: {
! 136: struct rsa_key *rsa_key;
! 137:
! 138:
! 139: rsa_key = (struct rsa_key *)data;
! 140: if (rsa_key->src)
! 141: free(rsa_key->src);
! 142: if (rsa_key->dst)
! 143: free(rsa_key->dst);
! 144: if (rsa_key->rsa)
! 145: RSA_free(rsa_key->rsa);
! 146:
! 147: free(rsa_key);
! 148: }
! 149:
! 150: static void *
! 151: rsa_key_dump_one(void *entry, void *arg)
! 152: {
! 153: struct rsa_key *key = entry;
! 154:
! 155: plog(LLV_DEBUG, LOCATION, NULL, "Entry %s\n",
! 156: naddrwop2str_fromto("%s -> %s", key->src,
! 157: key->dst));
! 158: if (loglevel > LLV_DEBUG)
! 159: RSA_print_fp(stdout, key->rsa, 4);
! 160:
! 161: return NULL;
! 162: }
! 163:
! 164: void
! 165: rsa_key_dump(struct genlist *list)
! 166: {
! 167: genlist_foreach(list, rsa_key_dump_one, NULL);
! 168: }
! 169:
! 170: static void *
! 171: rsa_list_count_one(void *entry, void *arg)
! 172: {
! 173: if (arg)
! 174: (*(unsigned long *)arg)++;
! 175: return NULL;
! 176: }
! 177:
! 178: unsigned long
! 179: rsa_list_count(struct genlist *list)
! 180: {
! 181: unsigned long count = 0;
! 182: genlist_foreach(list, rsa_list_count_one, &count);
! 183: return count;
! 184: }
! 185:
! 186: struct lookup_result {
! 187: struct ph1handle *iph1;
! 188: int max_score;
! 189: struct genlist *winners;
! 190: };
! 191:
! 192: static void *
! 193: rsa_lookup_key_one(void *entry, void *data)
! 194: {
! 195: int local_score, remote_score;
! 196: struct lookup_result *req = data;
! 197: struct rsa_key *key = entry;
! 198:
! 199: local_score = naddr_score(key->src, req->iph1->local);
! 200: remote_score = naddr_score(key->dst, req->iph1->remote);
! 201:
! 202: plog(LLV_DEBUG, LOCATION, NULL, "Entry %s scored %d/%d\n",
! 203: naddrwop2str_fromto("%s -> %s", key->src, key->dst),
! 204: local_score, remote_score);
! 205:
! 206: if (local_score >= 0 && remote_score >= 0) {
! 207: if (local_score + remote_score > req->max_score) {
! 208: req->max_score = local_score + remote_score;
! 209: // genlist_free(req->winners, NULL);
! 210: }
! 211:
! 212: if (local_score + remote_score >= req->max_score) {
! 213: genlist_append(req->winners, key);
! 214: }
! 215: }
! 216:
! 217: /* Always traverse the whole list */
! 218: return NULL;
! 219: }
! 220:
! 221: struct genlist *
! 222: rsa_lookup_keys(struct ph1handle *iph1, int my)
! 223: {
! 224: struct genlist *list;
! 225: struct lookup_result r;
! 226:
! 227: plog(LLV_DEBUG, LOCATION, NULL, "Looking up RSA key for %s\n",
! 228: saddr2str_fromto("%s <-> %s", iph1->local, iph1->remote));
! 229:
! 230: r.iph1 = iph1;
! 231: r.max_score = -1;
! 232: r.winners = genlist_init();
! 233:
! 234: if (my)
! 235: list = iph1->rmconf->rsa_private;
! 236: else
! 237: list = iph1->rmconf->rsa_public;
! 238:
! 239: genlist_foreach(list, rsa_lookup_key_one, &r);
! 240:
! 241: if (loglevel >= LLV_DEBUG)
! 242: rsa_key_dump(r.winners);
! 243:
! 244: return r.winners;
! 245: }
! 246:
! 247: int
! 248: rsa_parse_file(struct genlist *list, const char *fname, enum rsa_key_type type)
! 249: {
! 250: int ret;
! 251:
! 252: plog(LLV_DEBUG, LOCATION, NULL, "Parsing %s\n", fname);
! 253: ret = prsa_parse_file(list, fname, type);
! 254: if (loglevel >= LLV_DEBUG)
! 255: rsa_key_dump(list);
! 256: return ret;
! 257: }
! 258:
! 259: RSA *
! 260: rsa_try_check_rsasign(vchar_t *source, vchar_t *sig, struct genlist *list)
! 261: {
! 262: struct rsa_key *key;
! 263: struct genlist_entry *gp;
! 264:
! 265: for(key = genlist_next(list, &gp); key; key = genlist_next(NULL, &gp)) {
! 266: plog(LLV_DEBUG, LOCATION, NULL, "Checking key %s...\n",
! 267: naddrwop2str_fromto("%s -> %s", key->src, key->dst));
! 268: if (eay_check_rsasign(source, sig, key->rsa) == 0) {
! 269: plog(LLV_DEBUG, LOCATION, NULL, " ... YEAH!\n");
! 270: return key->rsa;
! 271: }
! 272: plog(LLV_DEBUG, LOCATION, NULL, " ... nope.\n");
! 273: }
! 274: return NULL;
! 275: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to rsalist.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon