1: /* $NetBSD: rsalist.c,v 1.6 2011/03/14 15:50:36 vanhu Exp $ */
2:
3: /* Id: rsalist.c,v 1.3 2004/11/08 12:04:23 ludvigm Exp */
4:
5: /*
6: * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany.
7: * Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
8: * All rights reserved.
9: *
10: * Redistribution and use in source and binary forms, with or without
11: * modification, are permitted provided that the following conditions
12: * are met:
13: * 1. Redistributions of source code must retain the above copyright
14: * notice, this list of conditions and the following disclaimer.
15: * 2. Redistributions in binary form must reproduce the above copyright
16: * notice, this list of conditions and the following disclaimer in the
17: * documentation and/or other materials provided with the distribution.
18: * 3. Neither the name of the project nor the names of its contributors
19: * may be used to endorse or promote products derived from this software
20: * without specific prior written permission.
21: *
22: * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
23: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25: * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
26: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32: * SUCH DAMAGE.
33: */
34:
35: #include "config.h"
36:
37: #include <stdio.h>
38: #include <string.h>
39:
40: #include <sys/types.h>
41: #include <sys/queue.h>
42: #include <sys/socket.h>
43: #include <netdb.h>
44:
45: #include <openssl/bn.h>
46: #include <openssl/rsa.h>
47:
48: #include "misc.h"
49: #include "plog.h"
50: #include "sockmisc.h"
51: #include "rsalist.h"
52: #include "genlist.h"
53: #include "remoteconf.h"
54: #include "crypto_openssl.h"
55:
56: #ifndef LIST_FIRST
57: #define LIST_FIRST(head) ((head)->lh_first)
58: #endif
59:
60: #ifndef LIST_NEXT
61: #define LIST_NEXT(elm, field) ((elm)->field.le_next)
62: #endif
63:
64: /* from prsa_tok.l */
65: int prsa_parse_file(struct genlist *list, const char *fname, enum rsa_key_type type);
66:
67: int
68: rsa_key_insert(struct genlist *list, struct netaddr *src,
69: struct netaddr *dst, RSA *rsa)
70: {
71: struct rsa_key *rsa_key;
72:
73: rsa_key = calloc(sizeof(struct rsa_key), 1);
74: rsa_key->rsa = rsa;
75:
76: if (src)
77: rsa_key->src = src;
78: else
79: rsa_key->src = calloc(sizeof(*rsa_key->src), 1);
80:
81: if (dst)
82: rsa_key->dst = dst;
83: else
84: rsa_key->dst = calloc(sizeof(*rsa_key->dst), 1);
85:
86: genlist_append(list, rsa_key);
87:
88: return 0;
89: }
90:
91: struct rsa_key *
92: rsa_key_dup(struct rsa_key *key)
93: {
94: struct rsa_key *new;
95:
96: new = calloc(sizeof(struct rsa_key), 1);
97: if (new == NULL)
98: return NULL;
99:
100: if (key->rsa) {
101: new->rsa = key->rsa->d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa);
102: if (new->rsa == NULL)
103: goto dup_error;
104: }
105:
106: if (key->src) {
107: new->src = malloc(sizeof(*new->src));
108: if (new->src == NULL)
109: goto dup_error;
110: memcpy(new->src, key->src, sizeof(*new->src));
111: }
112: if (key->dst) {
113: new->dst = malloc(sizeof(*new->dst));
114: if (new->dst == NULL)
115: goto dup_error;
116: memcpy(new->dst, key->dst, sizeof(*new->dst));
117: }
118:
119: return new;
120:
121: dup_error:
122: if (new->rsa != NULL)
123: RSA_free(new->rsa);
124: if (new->dst != NULL)
125: free(new->dst);
126: if (new->src != NULL)
127: free(new->src);
128:
129: free(new);
130: return NULL;
131: }
132:
133: void
134: rsa_key_free(void *data)
135: {
136: struct rsa_key *rsa_key;
137:
138:
139: rsa_key = (struct rsa_key *)data;
140: if (rsa_key->src)
141: free(rsa_key->src);
142: if (rsa_key->dst)
143: free(rsa_key->dst);
144: if (rsa_key->rsa)
145: RSA_free(rsa_key->rsa);
146:
147: free(rsa_key);
148: }
149:
150: static void *
151: rsa_key_dump_one(void *entry, void *arg)
152: {
153: struct rsa_key *key = entry;
154:
155: plog(LLV_DEBUG, LOCATION, NULL, "Entry %s\n",
156: naddrwop2str_fromto("%s -> %s", key->src,
157: key->dst));
158: if (loglevel > LLV_DEBUG)
159: RSA_print_fp(stdout, key->rsa, 4);
160:
161: return NULL;
162: }
163:
164: void
165: rsa_key_dump(struct genlist *list)
166: {
167: genlist_foreach(list, rsa_key_dump_one, NULL);
168: }
169:
170: static void *
171: rsa_list_count_one(void *entry, void *arg)
172: {
173: if (arg)
174: (*(unsigned long *)arg)++;
175: return NULL;
176: }
177:
178: unsigned long
179: rsa_list_count(struct genlist *list)
180: {
181: unsigned long count = 0;
182: genlist_foreach(list, rsa_list_count_one, &count);
183: return count;
184: }
185:
186: struct lookup_result {
187: struct ph1handle *iph1;
188: int max_score;
189: struct genlist *winners;
190: };
191:
192: static void *
193: rsa_lookup_key_one(void *entry, void *data)
194: {
195: int local_score, remote_score;
196: struct lookup_result *req = data;
197: struct rsa_key *key = entry;
198:
199: local_score = naddr_score(key->src, req->iph1->local);
200: remote_score = naddr_score(key->dst, req->iph1->remote);
201:
202: plog(LLV_DEBUG, LOCATION, NULL, "Entry %s scored %d/%d\n",
203: naddrwop2str_fromto("%s -> %s", key->src, key->dst),
204: local_score, remote_score);
205:
206: if (local_score >= 0 && remote_score >= 0) {
207: if (local_score + remote_score > req->max_score) {
208: req->max_score = local_score + remote_score;
209: // genlist_free(req->winners, NULL);
210: }
211:
212: if (local_score + remote_score >= req->max_score) {
213: genlist_append(req->winners, key);
214: }
215: }
216:
217: /* Always traverse the whole list */
218: return NULL;
219: }
220:
221: struct genlist *
222: rsa_lookup_keys(struct ph1handle *iph1, int my)
223: {
224: struct genlist *list;
225: struct lookup_result r;
226:
227: plog(LLV_DEBUG, LOCATION, NULL, "Looking up RSA key for %s\n",
228: saddr2str_fromto("%s <-> %s", iph1->local, iph1->remote));
229:
230: r.iph1 = iph1;
231: r.max_score = -1;
232: r.winners = genlist_init();
233:
234: if (my)
235: list = iph1->rmconf->rsa_private;
236: else
237: list = iph1->rmconf->rsa_public;
238:
239: genlist_foreach(list, rsa_lookup_key_one, &r);
240:
241: if (loglevel >= LLV_DEBUG)
242: rsa_key_dump(r.winners);
243:
244: return r.winners;
245: }
246:
247: int
248: rsa_parse_file(struct genlist *list, const char *fname, enum rsa_key_type type)
249: {
250: int ret;
251:
252: plog(LLV_DEBUG, LOCATION, NULL, "Parsing %s\n", fname);
253: ret = prsa_parse_file(list, fname, type);
254: if (loglevel >= LLV_DEBUG)
255: rsa_key_dump(list);
256: return ret;
257: }
258:
259: RSA *
260: rsa_try_check_rsasign(vchar_t *source, vchar_t *sig, struct genlist *list)
261: {
262: struct rsa_key *key;
263: struct genlist_entry *gp;
264:
265: for(key = genlist_next(list, &gp); key; key = genlist_next(NULL, &gp)) {
266: plog(LLV_DEBUG, LOCATION, NULL, "Checking key %s...\n",
267: naddrwop2str_fromto("%s -> %s", key->src, key->dst));
268: if (eay_check_rsasign(source, sig, key->rsa) == 0) {
269: plog(LLV_DEBUG, LOCATION, NULL, " ... YEAH!\n");
270: return key->rsa;
271: }
272: plog(LLV_DEBUG, LOCATION, NULL, " ... nope.\n");
273: }
274: return NULL;
275: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to rsalist.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon