xref: /netbsd-src/crypto/dist/ipsec-tools/src/setkey/token.l (revision 3227e6cf668bd374971740bd6660f43cee4417ac)
1 /*	$NetBSD: token.l,v 1.21 2018/05/28 19:52:18 maxv Exp $	*/
2 
3 /*	$KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $	*/
4 
5 /*
6  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the project nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 %{
35 
36 #ifdef HAVE_CONFIG_H
37 #include "config.h"
38 #endif
39 
40 #include <sys/types.h>
41 #include <sys/param.h>
42 #include <sys/socket.h>
43 #include <net/pfkeyv2.h>
44 #include <netinet/in.h>
45 #include PATH_IPSEC_H
46 
47 #include <stdlib.h>
48 #include <limits.h>
49 #include <string.h>
50 #include <unistd.h>
51 #include <errno.h>
52 #include <netdb.h>
53 
54 #include "vchar.h"
55 #if defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || \
56 (defined(__APPLE__) && defined(__MACH__))
57 #include "parse.h"
58 #else
59 #include "y.tab.h"
60 #endif
61 
62 #include "extern.h"
63 
64 /* make the code compile on *BSD-current */
65 #ifndef SADB_X_AALG_SHA2_256
66 #define SADB_X_AALG_SHA2_256	(-1)
67 #endif
68 #ifndef SADB_X_AALG_SHA2_384
69 #define SADB_X_AALG_SHA2_384	(-1)
70 #endif
71 #ifndef SADB_X_AALG_SHA2_512
72 #define SADB_X_AALG_SHA2_512	(-1)
73 #endif
74 #ifndef SADB_X_AALG_RIPEMD160HMAC
75 #define SADB_X_AALG_RIPEMD160HMAC	(-1)
76 #endif
77 #ifndef SADB_X_AALG_AES_XCBC_MAC
78 #define SADB_X_AALG_AES_XCBC_MAC	(-1)
79 #endif
80 #ifndef SADB_X_EALG_TWOFISHCBC
81 #define SADB_X_EALG_TWOFISHCBC	(-1)
82 #endif
83 #ifndef SADB_X_EALG_AESCTR
84 #define SADB_X_EALG_AESCTR	(-1)
85 #endif
86 #if defined(SADB_X_EALG_AES) && ! defined(SADB_X_EALG_AESCBC)
87 #define SADB_X_EALG_AESCBC  SADB_X_EALG_AES
88 #endif
89 %}
90 
91 /* common section */
92 nl		\n
93 ws		[ \t]+
94 digit		[0-9]
95 letter		[0-9A-Za-z]
96 hexdigit	[0-9A-Fa-f]
97 dot		\.
98 hyphen		\-
99 slash		\/
100 blcl		\[
101 elcl		\]
102 semi		\;
103 comment		\#.*
104 quotedstring	\"[^"]*\"
105 decstring	{digit}+
106 hexstring	0[xX]{hexdigit}+
107 ipaddress	[a-fA-F0-9:]([a-fA-F0-9:\.]*|[a-fA-F0-9:\.]*%[a-zA-Z0-9]*)
108 ipaddrmask	{slash}{digit}{1,3}
109 name		{letter}(({letter}|{digit}|{hyphen})*({letter}|{digit}))*
110 hostname	{name}(({dot}{name})+{dot}?)?
111 
112 %s S_PL S_AUTHALG S_ENCALG
113 
114 %option noinput nounput
115 %%
116 
117 
118 add		{ return(ADD); }
119 update		{ return(UPDATE); }
120 delete		{ return(DELETE); }
121 deleteall	{ return(DELETEALL); }
122 get		{ return(GET); }
123 flush		{ return(FLUSH); }
124 dump		{ return(DUMP); }
125 exit		{ return(EXIT); }
126 quit		{ return(EXIT); }
127 bye		{ return(EXIT); }
128 
129 	/* for management SPD */
130 spdadd		{ return(SPDADD); }
131 spdupdate	{ return(SPDUPDATE); }
132 spddelete	{ return(SPDDELETE); }
133 spddump		{ return(SPDDUMP); }
134 spdflush	{ return(SPDFLUSH); }
135 tagged		{ return(TAGGED); }
136 {hyphen}P	{ BEGIN S_PL; return(F_POLICY); }
137 <S_PL>[a-zA-Z0-9:\.\-_/ \n\t][a-zA-Z0-9:\.%\-+_/ \n\t\]\[]* {
138 			yymore();
139 
140 			/* count up for nl */
141 			    {
142 				char *p;
143 				for (p = yytext; *p != '\0'; p++)
144 					if (*p == '\n')
145 						lineno++;
146 			    }
147 
148 			yylval.val.len = strlen(yytext);
149 			yylval.val.buf = strdup(yytext);
150 			if (!yylval.val.buf)
151 				yyfatal("insufficient memory");
152 
153 			return(PL_REQUESTS);
154 		}
155 <S_PL>{semi}	{ BEGIN INITIAL; return(EOT); }
156 
157 	/* address resolution flags */
158 {hyphen}[n46][n46]*	{
159 			yylval.val.len = strlen(yytext);
160 			yylval.val.buf = strdup(yytext);
161 			if (!yylval.val.buf)
162 				yyfatal("insufficient memory");
163 			return(F_AIFLAGS);
164 		}
165 
166 	/* security protocols */
167 ah		{ yylval.num = 0; return(PR_AH); }
168 esp		{ yylval.num = 0; return(PR_ESP); }
169 ah-old		{ yylval.num = 1; return(PR_AH); }
170 esp-old		{ yylval.num = 1; return(PR_ESP); }
171 esp-udp		{ yylval.num = 0; return(PR_ESPUDP); }
172 ipcomp		{ yylval.num = 0; return(PR_IPCOMP); }
173 tcp		{
174 			yylval.num = 0; return(PR_TCP);
175 		}
176 
177 	/* authentication alogorithm */
178 {hyphen}A	{ BEGIN S_AUTHALG; return(F_AUTH); }
179 <S_AUTHALG>hmac-md5	{ yylval.num = SADB_AALG_MD5HMAC; BEGIN INITIAL; return(ALG_AUTH); }
180 <S_AUTHALG>hmac-sha1	{ yylval.num = SADB_AALG_SHA1HMAC; BEGIN INITIAL; return(ALG_AUTH); }
181 <S_AUTHALG>keyed-md5	{ yylval.num = SADB_X_AALG_MD5; BEGIN INITIAL; return(ALG_AUTH); }
182 <S_AUTHALG>keyed-sha1	{ yylval.num = SADB_X_AALG_SHA; BEGIN INITIAL; return(ALG_AUTH); }
183 <S_AUTHALG>hmac-sha2-256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
184 <S_AUTHALG>hmac-sha256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
185 <S_AUTHALG>hmac-sha2-384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
186 <S_AUTHALG>hmac-sha384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
187 <S_AUTHALG>hmac-sha2-512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
188 <S_AUTHALG>hmac-sha512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
189 <S_AUTHALG>hmac-ripemd160 { yylval.num = SADB_X_AALG_RIPEMD160HMAC; BEGIN INITIAL; return(ALG_AUTH); }
190 <S_AUTHALG>aes-xcbc-mac { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); }
191 <S_AUTHALG>tcp-md5	{
192 #ifdef SADB_X_AALG_TCP_MD5
193 				yylval.num = SADB_X_AALG_TCP_MD5;
194 				BEGIN INITIAL;
195 				return(ALG_AUTH);
196 #endif
197 			}
198 <S_AUTHALG>null { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); }
199 
200 	/* encryption alogorithm */
201 {hyphen}E	{ BEGIN S_ENCALG; return(F_ENC); }
202 <S_ENCALG>des-cbc	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC); }
203 <S_ENCALG>3des-cbc	{ yylval.num = SADB_EALG_3DESCBC; BEGIN INITIAL; return(ALG_ENC); }
204 <S_ENCALG>null		{ yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_NOKEY); }
205 <S_ENCALG>simple	{ yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_OLD); }
206 <S_ENCALG>blowfish-cbc	{ yylval.num = SADB_X_EALG_BLOWFISHCBC; BEGIN INITIAL; return(ALG_ENC); }
207 <S_ENCALG>cast128-cbc	{ yylval.num = SADB_X_EALG_CAST128CBC; BEGIN INITIAL; return(ALG_ENC); }
208 <S_ENCALG>des-deriv	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DESDERIV); }
209 <S_ENCALG>des-32iv	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DES32IV); }
210 <S_ENCALG>twofish-cbc	{ yylval.num = SADB_X_EALG_TWOFISHCBC; BEGIN INITIAL; return(ALG_ENC); }
211 <S_ENCALG>aes-cbc	{
212 #ifdef SADB_X_EALG_AESCBC
213 	yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC);
214 #endif
215 }
216 <S_ENCALG>rijndael-cbc	{
217 #ifdef SADB_X_EALG_AESCBC
218 	yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC);
219 #endif
220 }
221 <S_ENCALG>aes-ctr	{ yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC); }
222 <S_ENCALG>camellia-cbc	{
223 #ifdef SADB_X_EALG_CAMELLIACBC
224 	yylval.num = SADB_X_EALG_CAMELLIACBC; BEGIN INITIAL; return(ALG_ENC);
225 #endif
226 }
227 <S_ENCALG>aes-gcm-16	{
228 #ifdef SADB_X_EALG_AESGCM16
229 	yylval.num = SADB_X_EALG_AESGCM16; BEGIN INITIAL; return(ALG_ENC);
230 #endif
231 }
232 <S_ENCALG>aes-gmac	{
233 #ifdef SADB_X_EALG_AESGMAC
234 	yylval.num = SADB_X_EALG_AESGMAC; BEGIN INITIAL; return(ALG_ENC);
235 #endif
236 }
237 
238 	/* compression algorithms */
239 {hyphen}C	{ return(F_COMP); }
240 oui		{ yylval.num = SADB_X_CALG_OUI; return(ALG_COMP); }
241 deflate		{ yylval.num = SADB_X_CALG_DEFLATE; return(ALG_COMP); }
242 lzs		{ yylval.num = SADB_X_CALG_LZS; return(ALG_COMP); }
243 {hyphen}R	{ return(F_RAWCPI); }
244 
245 	/* extension */
246 {hyphen}m	{ return(F_MODE); }
247 transport	{ yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); }
248 tunnel		{ yylval.num = IPSEC_MODE_TUNNEL; return(MODE); }
249 {hyphen}u	{ return(F_REQID); }
250 {hyphen}f	{ return(F_EXT); }
251 random-pad	{ yylval.num = SADB_X_EXT_PRAND; return(EXTENSION); }
252 seq-pad		{ yylval.num = SADB_X_EXT_PSEQ; return(EXTENSION); }
253 zero-pad	{ yylval.num = SADB_X_EXT_PZERO; return(EXTENSION); }
254 nocyclic-seq	{ return(NOCYCLICSEQ); }
255 {hyphen}r	{ return(F_REPLAY); }
256 {hyphen}lh	{ return(F_LIFETIME_HARD); }
257 {hyphen}ls	{ return(F_LIFETIME_SOFT); }
258 {hyphen}bh	{ return(F_LIFEBYTE_HARD); }
259 {hyphen}bs	{ return(F_LIFEBYTE_SOFT); }
260 {hyphen}ctx	{ return(SECURITY_CTX); }
261 {hyphen}esp_frag { return(F_ESPFRAG); }
262 
263 	/* ... */
264 any		{ return(ANY); }
265 {ws}		{ }
266 {nl}		{ lineno++; }
267 {comment}
268 {semi}		{ return(EOT); }
269 
270 	/* for address parameters: /prefix, [port] */
271 {slash}		{ return SLASH; }
272 {blcl}		{ return BLCL; }
273 {elcl}		{ return ELCL; }
274 
275 	/* parameter */
276 {decstring}	{
277 			char *bp;
278 
279 			yylval.ulnum = strtoul(yytext, &bp, 10);
280 			return(DECSTRING);
281 		}
282 
283 {hexstring}	{
284 			yylval.val.buf = strdup(yytext + 2);
285 			if (!yylval.val.buf)
286 				yyfatal("insufficient memory");
287 			yylval.val.len = strlen(yylval.val.buf);
288 
289 			return(HEXSTRING);
290 		}
291 
292 {quotedstring}	{
293 			char *p = yytext;
294 			while (*++p != '"') ;
295 			*p = '\0';
296 			yytext++;
297 			yylval.val.len = yyleng - 2;
298 			yylval.val.buf = strdup(yytext);
299 			if (!yylval.val.buf)
300 				yyfatal("insufficient memory");
301 
302 			return(QUOTEDSTRING);
303 		}
304 
305 [A-Za-z0-9:][A-Za-z0-9:%\.-]* {
306 			yylval.val.len = yyleng;
307 			yylval.val.buf = strdup(yytext);
308 			if (!yylval.val.buf)
309 				yyfatal("insufficient memory");
310 			return(STRING);
311 		}
312 
313 [0-9,]+ {
314 			yylval.val.len = yyleng;
315 			yylval.val.buf = strdup(yytext);
316 			if (!yylval.val.buf)
317 				yyfatal("insufficient memory");
318 			return(STRING);
319 		}
320 
321 .		{
322 			yyfatal("Syntax error");
323 			/*NOTREACHED*/
324 		}
325 
326 %%
327 
328 void
329 yyfatal(const char *s)
330 {
331 	yyerror(s);
332 	exit(1);
333 }
334 
335 void
336 yyerror(const char *s)
337 {
338 	printf("line %d: %s at [%s]\n", lineno, s, yytext);
339 }
340 
341 int
342 parse(FILE **fp)
343 {
344 	yyin = *fp;
345 
346 	lineno = 1;
347 	parse_init();
348 
349 	if (yyparse()) {
350 		printf("parse failed, line %d.\n", lineno);
351 		return(-1);
352 	}
353 
354 	return(0);
355 }
356 
357 int
358 parse_string (char *src)
359 {
360 	int             result;
361 	YY_BUFFER_STATE buf_state;
362 
363 	buf_state = yy_scan_string(src);
364 	result = yyparse();
365 	yy_delete_buffer(buf_state);
366 	return result;
367 }
368 
369