xref: /netbsd-src/crypto/dist/ipsec-tools/src/racoon/rsalist.c (revision 9fd8799cb5ceb66c69f2eb1a6d26a1d587ba1f1e) 
1 /*	$NetBSD: rsalist.c,v 1.7 2018/02/07 03:59:03 christos Exp $	*/
2 
3 /* Id: rsalist.c,v 1.3 2004/11/08 12:04:23 ludvigm Exp */
4 
5 /*
6  * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany.
7  * Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
8  * All rights reserved.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  * 3. Neither the name of the project nor the names of its contributors
19  *    may be used to endorse or promote products derived from this software
20  *    without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  */
34 
35 #include "config.h"
36 
37 #include <stdio.h>
38 #include <string.h>
39 
40 #include <sys/types.h>
41 #include <sys/queue.h>
42 #include <sys/socket.h>
43 #include <netdb.h>
44 
45 #include <openssl/bn.h>
46 #include <openssl/rsa.h>
47 
48 #include "misc.h"
49 #include "plog.h"
50 #include "sockmisc.h"
51 #include "rsalist.h"
52 #include "genlist.h"
53 #include "remoteconf.h"
54 #include "crypto_openssl.h"
55 
56 #ifndef LIST_FIRST
57 #define LIST_FIRST(head)        ((head)->lh_first)
58 #endif
59 
60 #ifndef LIST_NEXT
61 #define LIST_NEXT(elm, field)   ((elm)->field.le_next)
62 #endif
63 
64 /* from prsa_tok.l */
65 int prsa_parse_file(struct genlist *list, const char *fname, enum rsa_key_type type);
66 
67 int
68 rsa_key_insert(struct genlist *list, struct netaddr *src,
69 	       struct netaddr *dst, RSA *rsa)
70 {
71 	struct rsa_key *rsa_key;
72 
73 	rsa_key = calloc(sizeof(struct rsa_key), 1);
74 	rsa_key->rsa = rsa;
75 
76 	if (src)
77 		rsa_key->src = src;
78 	else
79 		rsa_key->src = calloc(sizeof(*rsa_key->src), 1);
80 
81 	if (dst)
82 		rsa_key->dst = dst;
83 	else
84 		rsa_key->dst = calloc(sizeof(*rsa_key->dst), 1);
85 
86 	genlist_append(list, rsa_key);
87 
88 	return 0;
89 }
90 
91 struct rsa_key *
92 rsa_key_dup(struct rsa_key *key)
93 {
94 	struct rsa_key *new;
95 
96 	new = calloc(sizeof(struct rsa_key), 1);
97 	if (new == NULL)
98 		return NULL;
99 
100 	if (key->rsa) {
101 		const BIGNUM *d;
102 		RSA_get0_key(key->rsa, NULL, NULL, &d);
103 		new->rsa = d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa);
104 		if (new->rsa == NULL)
105 			goto dup_error;
106 	}
107 
108 	if (key->src) {
109 		new->src = malloc(sizeof(*new->src));
110 		if (new->src == NULL)
111 			goto dup_error;
112 		memcpy(new->src, key->src, sizeof(*new->src));
113 	}
114 	if (key->dst) {
115 		new->dst = malloc(sizeof(*new->dst));
116 		if (new->dst == NULL)
117 			goto dup_error;
118 		memcpy(new->dst, key->dst, sizeof(*new->dst));
119 	}
120 
121 	return new;
122 
123 dup_error:
124 	if (new->rsa != NULL)
125 		RSA_free(new->rsa);
126 	if (new->dst != NULL)
127 		free(new->dst);
128 	if (new->src != NULL)
129 		free(new->src);
130 
131 	free(new);
132 	return NULL;
133 }
134 
135 void
136 rsa_key_free(void *data)
137 {
138 	struct rsa_key *rsa_key;
139 
140 
141 	rsa_key = (struct rsa_key *)data;
142 	if (rsa_key->src)
143 		free(rsa_key->src);
144 	if (rsa_key->dst)
145 		free(rsa_key->dst);
146 	if (rsa_key->rsa)
147 		RSA_free(rsa_key->rsa);
148 
149 	free(rsa_key);
150 }
151 
152 static void *
153 rsa_key_dump_one(void *entry, void *arg)
154 {
155 	struct rsa_key *key = entry;
156 
157 	plog(LLV_DEBUG, LOCATION, NULL, "Entry %s\n",
158 	     naddrwop2str_fromto("%s -> %s", key->src,
159 				 key->dst));
160 	if (loglevel > LLV_DEBUG)
161 		RSA_print_fp(stdout, key->rsa, 4);
162 
163 	return NULL;
164 }
165 
166 void
167 rsa_key_dump(struct genlist *list)
168 {
169 	genlist_foreach(list, rsa_key_dump_one, NULL);
170 }
171 
172 static void *
173 rsa_list_count_one(void *entry, void *arg)
174 {
175 	if (arg)
176 		(*(unsigned long *)arg)++;
177 	return NULL;
178 }
179 
180 unsigned long
181 rsa_list_count(struct genlist *list)
182 {
183 	unsigned long count = 0;
184 	genlist_foreach(list, rsa_list_count_one, &count);
185 	return count;
186 }
187 
188 struct lookup_result {
189 	struct ph1handle *iph1;
190 	int max_score;
191 	struct genlist *winners;
192 };
193 
194 static void *
195 rsa_lookup_key_one(void *entry, void *data)
196 {
197 	int local_score, remote_score;
198 	struct lookup_result *req = data;
199 	struct rsa_key *key = entry;
200 
201 	local_score = naddr_score(key->src, req->iph1->local);
202 	remote_score = naddr_score(key->dst, req->iph1->remote);
203 
204 	plog(LLV_DEBUG, LOCATION, NULL, "Entry %s scored %d/%d\n",
205 		naddrwop2str_fromto("%s -> %s", key->src, key->dst),
206 		local_score, remote_score);
207 
208 	if (local_score >= 0 && remote_score >= 0) {
209 		if (local_score + remote_score > req->max_score) {
210 			req->max_score = local_score + remote_score;
211 //			genlist_free(req->winners, NULL);
212 		}
213 
214 		if (local_score + remote_score >= req->max_score) {
215 			genlist_append(req->winners, key);
216 		}
217 	}
218 
219 	/* Always traverse the whole list */
220 	return NULL;
221 }
222 
223 struct genlist *
224 rsa_lookup_keys(struct ph1handle *iph1, int my)
225 {
226 	struct genlist *list;
227 	struct lookup_result r;
228 
229 	plog(LLV_DEBUG, LOCATION, NULL, "Looking up RSA key for %s\n",
230 	     saddr2str_fromto("%s <-> %s", iph1->local, iph1->remote));
231 
232 	r.iph1 = iph1;
233 	r.max_score = -1;
234 	r.winners = genlist_init();
235 
236 	if (my)
237 		list = iph1->rmconf->rsa_private;
238 	else
239 		list = iph1->rmconf->rsa_public;
240 
241 	genlist_foreach(list, rsa_lookup_key_one, &r);
242 
243 	if (loglevel >= LLV_DEBUG)
244 		rsa_key_dump(r.winners);
245 
246 	return r.winners;
247 }
248 
249 int
250 rsa_parse_file(struct genlist *list, const char *fname, enum rsa_key_type type)
251 {
252 	int ret;
253 
254 	plog(LLV_DEBUG, LOCATION, NULL, "Parsing %s\n", fname);
255 	ret = prsa_parse_file(list, fname, type);
256 	if (loglevel >= LLV_DEBUG)
257 		rsa_key_dump(list);
258 	return ret;
259 }
260 
261 RSA *
262 rsa_try_check_rsasign(vchar_t *source, vchar_t *sig, struct genlist *list)
263 {
264 	struct rsa_key *key;
265 	struct genlist_entry *gp;
266 
267 	for(key = genlist_next(list, &gp); key; key = genlist_next(NULL, &gp)) {
268 		plog(LLV_DEBUG, LOCATION, NULL, "Checking key %s...\n",
269 			naddrwop2str_fromto("%s -> %s", key->src, key->dst));
270 		if (eay_check_rsasign(source, sig, key->rsa) == 0) {
271 			plog(LLV_DEBUG, LOCATION, NULL, " ... YEAH!\n");
272 			return key->rsa;
273 		}
274 		plog(LLV_DEBUG, LOCATION, NULL, " ... nope.\n");
275 	}
276 	return NULL;
277 }
278