xref: /netbsd-src/crypto/dist/ipsec-tools/src/setkey/token.l (revision 0c4ddb1599a0bea866fde8522a74cfbd2f68cd1b) 
1 /*	$NetBSD: token.l,v 1.12 2007/07/18 12:07:53 vanhu Exp $	*/
2 
3 /*	$KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $	*/
4 
5 /*
6  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the project nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 %{
35 
36 #ifdef HAVE_CONFIG_H
37 #include "config.h"
38 #endif
39 
40 #include <sys/types.h>
41 #include <sys/param.h>
42 #include <sys/socket.h>
43 #include <net/pfkeyv2.h>
44 #include <netinet/in.h>
45 #include PATH_IPSEC_H
46 
47 #include <stdlib.h>
48 #include <limits.h>
49 #include <string.h>
50 #include <unistd.h>
51 #include <errno.h>
52 #include <netdb.h>
53 
54 #include "vchar.h"
55 #if defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || \
56 (defined(__APPLE__) && defined(__MACH__))
57 #include "parse.h"
58 #else
59 #include "y.tab.h"
60 #endif
61 
62 #include "extern.h"
63 
64 /* make the code compile on *BSD-current */
65 #ifndef SADB_X_AALG_SHA2_256
66 #define SADB_X_AALG_SHA2_256	(-1)
67 #endif
68 #ifndef SADB_X_AALG_SHA2_384
69 #define SADB_X_AALG_SHA2_384	(-1)
70 #endif
71 #ifndef SADB_X_AALG_SHA2_512
72 #define SADB_X_AALG_SHA2_512	(-1)
73 #endif
74 #ifndef SADB_X_AALG_RIPEMD160HMAC
75 #define SADB_X_AALG_RIPEMD160HMAC	(-1)
76 #endif
77 #ifndef SADB_X_AALG_AES_XCBC_MAC
78 #define SADB_X_AALG_AES_XCBC_MAC	(-1)
79 #endif
80 #ifndef SADB_X_EALG_TWOFISHCBC
81 #define SADB_X_EALG_TWOFISHCBC	(-1)
82 #endif
83 #ifndef SADB_X_EALG_AESCTR
84 #define SADB_X_EALG_AESCTR	(-1)
85 #endif
86 #if defined(SADB_X_EALG_AES) && ! defined(SADB_X_EALG_AESCBC)
87 #define SADB_X_EALG_AESCBC  SADB_X_EALG_AES
88 #endif
89 %}
90 
91 /* common section */
92 nl		\n
93 ws		[ \t]+
94 digit		[0-9]
95 letter		[0-9A-Za-z]
96 hexdigit	[0-9A-Fa-f]
97 dot		\.
98 hyphen		\-
99 slash		\/
100 blcl		\[
101 elcl		\]
102 semi		\;
103 comment		\#.*
104 quotedstring	\"[^"]*\"
105 decstring	{digit}+
106 hexstring	0[xX]{hexdigit}+
107 ipaddress	[a-fA-F0-9:]([a-fA-F0-9:\.]*|[a-fA-F0-9:\.]*%[a-zA-Z0-9]*)
108 ipaddrmask	{slash}{digit}{1,3}
109 name		{letter}(({letter}|{digit}|{hyphen})*({letter}|{digit}))*
110 hostname	{name}(({dot}{name})+{dot}?)?
111 
112 %s S_PL S_AUTHALG S_ENCALG
113 
114 %%
115 
116 add		{ return(ADD); }
117 delete		{ return(DELETE); }
118 deleteall	{ return(DELETEALL); }
119 get		{ return(GET); }
120 flush		{ return(FLUSH); }
121 dump		{ return(DUMP); }
122 exit		{ return(EXIT); }
123 quit		{ return(EXIT); }
124 bye		{ return(EXIT); }
125 
126 	/* for management SPD */
127 spdadd		{ return(SPDADD); }
128 spddelete	{ return(SPDDELETE); }
129 spddump		{ return(SPDDUMP); }
130 spdflush	{ return(SPDFLUSH); }
131 tagged		{ return(TAGGED); }
132 {hyphen}P	{ BEGIN S_PL; return(F_POLICY); }
133 <S_PL>[a-zA-Z0-9:\.\-_/ \n\t][a-zA-Z0-9:\.%\-+_/ \n\t\]\[]* {
134 			yymore();
135 
136 			/* count up for nl */
137 			    {
138 				char *p;
139 				for (p = yytext; *p != '\0'; p++)
140 					if (*p == '\n')
141 						lineno++;
142 			    }
143 
144 			yylval.val.len = strlen(yytext);
145 			yylval.val.buf = strdup(yytext);
146 			if (!yylval.val.buf)
147 				yyfatal("insufficient memory");
148 
149 			return(PL_REQUESTS);
150 		}
151 <S_PL>{semi}	{ BEGIN INITIAL; return(EOT); }
152 
153 	/* address resolution flags */
154 {hyphen}[n46][n46]*	{
155 			yylval.val.len = strlen(yytext);
156 			yylval.val.buf = strdup(yytext);
157 			if (!yylval.val.buf)
158 				yyfatal("insufficient memory");
159 			return(F_AIFLAGS);
160 		}
161 
162 	/* security protocols */
163 ah		{ yylval.num = 0; return(PR_AH); }
164 esp		{ yylval.num = 0; return(PR_ESP); }
165 ah-old		{ yylval.num = 1; return(PR_AH); }
166 esp-old		{ yylval.num = 1; return(PR_ESP); }
167 esp-udp		{ yylval.num = 0; return(PR_ESPUDP); }
168 ipcomp		{ yylval.num = 0; return(PR_IPCOMP); }
169 tcp		{
170 			yylval.num = 0; return(PR_TCP);
171 		}
172 
173 	/* authentication alogorithm */
174 {hyphen}A	{ BEGIN S_AUTHALG; return(F_AUTH); }
175 <S_AUTHALG>hmac-md5	{ yylval.num = SADB_AALG_MD5HMAC; BEGIN INITIAL; return(ALG_AUTH); }
176 <S_AUTHALG>hmac-sha1	{ yylval.num = SADB_AALG_SHA1HMAC; BEGIN INITIAL; return(ALG_AUTH); }
177 <S_AUTHALG>keyed-md5	{ yylval.num = SADB_X_AALG_MD5; BEGIN INITIAL; return(ALG_AUTH); }
178 <S_AUTHALG>keyed-sha1	{ yylval.num = SADB_X_AALG_SHA; BEGIN INITIAL; return(ALG_AUTH); }
179 <S_AUTHALG>hmac-sha2-256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
180 <S_AUTHALG>hmac-sha256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
181 <S_AUTHALG>hmac-sha2-384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
182 <S_AUTHALG>hmac-sha384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
183 <S_AUTHALG>hmac-sha2-512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
184 <S_AUTHALG>hmac-sha512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
185 <S_AUTHALG>hmac-ripemd160 { yylval.num = SADB_X_AALG_RIPEMD160HMAC; BEGIN INITIAL; return(ALG_AUTH); }
186 <S_AUTHALG>aes-xcbc-mac { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); }
187 <S_AUTHALG>tcp-md5	{
188 #ifdef SADB_X_AALG_TCP_MD5
189 				yylval.num = SADB_X_AALG_TCP_MD5;
190 				BEGIN INITIAL;
191 				return(ALG_AUTH);
192 #endif
193 			}
194 <S_AUTHALG>null { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); }
195 
196 	/* encryption alogorithm */
197 {hyphen}E	{ BEGIN S_ENCALG; return(F_ENC); }
198 <S_ENCALG>des-cbc	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC); }
199 <S_ENCALG>3des-cbc	{ yylval.num = SADB_EALG_3DESCBC; BEGIN INITIAL; return(ALG_ENC); }
200 <S_ENCALG>null		{ yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_NOKEY); }
201 <S_ENCALG>simple	{ yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_OLD); }
202 <S_ENCALG>blowfish-cbc	{ yylval.num = SADB_X_EALG_BLOWFISHCBC; BEGIN INITIAL; return(ALG_ENC); }
203 <S_ENCALG>cast128-cbc	{ yylval.num = SADB_X_EALG_CAST128CBC; BEGIN INITIAL; return(ALG_ENC); }
204 <S_ENCALG>des-deriv	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DESDERIV); }
205 <S_ENCALG>des-32iv	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DES32IV); }
206 <S_ENCALG>twofish-cbc	{ yylval.num = SADB_X_EALG_TWOFISHCBC; BEGIN INITIAL; return(ALG_ENC); }
207 <S_ENCALG>aes-cbc	{
208 #ifdef SADB_X_EALG_AESCBC
209 	yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC);
210 #endif
211 }
212 <S_ENCALG>rijndael-cbc	{
213 #ifdef SADB_X_EALG_AESCBC
214 	yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC);
215 #endif
216 }
217 <S_ENCALG>aes-ctr	{ yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC); }
218 <S_ENCALG>camellia-cbc	{
219 #ifdef SADB_X_EALG_CAMELLIACBC
220 	yylval.num = SADB_X_EALG_CAMELLIACBC; BEGIN INITIAL; return(ALG_ENC);
221 #endif
222 }
223 
224 	/* compression algorithms */
225 {hyphen}C	{ return(F_COMP); }
226 oui		{ yylval.num = SADB_X_CALG_OUI; return(ALG_COMP); }
227 deflate		{ yylval.num = SADB_X_CALG_DEFLATE; return(ALG_COMP); }
228 lzs		{ yylval.num = SADB_X_CALG_LZS; return(ALG_COMP); }
229 {hyphen}R	{ return(F_RAWCPI); }
230 
231 	/* extension */
232 {hyphen}m	{ return(F_MODE); }
233 transport	{ yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); }
234 tunnel		{ yylval.num = IPSEC_MODE_TUNNEL; return(MODE); }
235 {hyphen}u	{ return(F_REQID); }
236 {hyphen}f	{ return(F_EXT); }
237 random-pad	{ yylval.num = SADB_X_EXT_PRAND; return(EXTENSION); }
238 seq-pad		{ yylval.num = SADB_X_EXT_PSEQ; return(EXTENSION); }
239 zero-pad	{ yylval.num = SADB_X_EXT_PZERO; return(EXTENSION); }
240 nocyclic-seq	{ return(NOCYCLICSEQ); }
241 {hyphen}r	{ return(F_REPLAY); }
242 {hyphen}lh	{ return(F_LIFETIME_HARD); }
243 {hyphen}ls	{ return(F_LIFETIME_SOFT); }
244 {hyphen}bh	{ return(F_LIFEBYTE_HARD); }
245 {hyphen}bs	{ return(F_LIFEBYTE_SOFT); }
246 {hyphen}ctx	{ return(SECURITY_CTX); }
247 
248 	/* ... */
249 any		{ return(ANY); }
250 {ws}		{ }
251 {nl}		{ lineno++; }
252 {comment}
253 {semi}		{ return(EOT); }
254 
255 	/* for address parameters: /prefix, [port] */
256 {slash}		{ return SLASH; }
257 {blcl}		{ return BLCL; }
258 {elcl}		{ return ELCL; }
259 
260 	/* parameter */
261 {decstring}	{
262 			char *bp;
263 
264 			yylval.ulnum = strtoul(yytext, &bp, 10);
265 			return(DECSTRING);
266 		}
267 
268 {hexstring}	{
269 			yylval.val.buf = strdup(yytext + 2);
270 			if (!yylval.val.buf)
271 				yyfatal("insufficient memory");
272 			yylval.val.len = strlen(yylval.val.buf);
273 
274 			return(HEXSTRING);
275 		}
276 
277 {quotedstring}	{
278 			char *p = yytext;
279 			while (*++p != '"') ;
280 			*p = '\0';
281 			yytext++;
282 			yylval.val.len = yyleng - 2;
283 			yylval.val.buf = strdup(yytext);
284 			if (!yylval.val.buf)
285 				yyfatal("insufficient memory");
286 
287 			return(QUOTEDSTRING);
288 		}
289 
290 [A-Za-z0-9:][A-Za-z0-9:%\.-]* {
291 			yylval.val.len = yyleng;
292 			yylval.val.buf = strdup(yytext);
293 			if (!yylval.val.buf)
294 				yyfatal("insufficient memory");
295 			return(STRING);
296 		}
297 
298 [0-9,]+ {
299 			yylval.val.len = yyleng;
300 			yylval.val.buf = strdup(yytext);
301 			if (!yylval.val.buf)
302 				yyfatal("insufficient memory");
303 			return(STRING);
304 		}
305 
306 .		{
307 			yyfatal("Syntax error");
308 			/*NOTREACHED*/
309 		}
310 
311 %%
312 
313 void
314 yyfatal(s)
315 	const char *s;
316 {
317 	yyerror(s);
318 	exit(1);
319 }
320 
321 void
322 yyerror(s)
323 	const char *s;
324 {
325 	printf("line %d: %s at [%s]\n", lineno, s, yytext);
326 }
327 
328 int
329 parse(fp)
330 	FILE **fp;
331 {
332 	yyin = *fp;
333 
334 	lineno = 1;
335 	parse_init();
336 
337 	if (yyparse()) {
338 		printf("parse failed, line %d.\n", lineno);
339 		return(-1);
340 	}
341 
342 	return(0);
343 }
344 
345 int
346 parse_string (char *src)
347 {
348 	int             result;
349 	YY_BUFFER_STATE buf_state;
350 
351 	buf_state = yy_scan_string(src);
352 	result = yyparse();
353 	yy_delete_buffer(buf_state);
354 	return result;
355 }
356 
357