1 /* $NetBSD: token.l,v 1.21 2018/05/28 19:52:18 maxv Exp $ */ 2 3 /* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */ 4 5 /* 6 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 %{ 35 36 #ifdef HAVE_CONFIG_H 37 #include "config.h" 38 #endif 39 40 #include <sys/types.h> 41 #include <sys/param.h> 42 #include <sys/socket.h> 43 #include <net/pfkeyv2.h> 44 #include <netinet/in.h> 45 #include PATH_IPSEC_H 46 47 #include <stdlib.h> 48 #include <limits.h> 49 #include <string.h> 50 #include <unistd.h> 51 #include <errno.h> 52 #include <netdb.h> 53 54 #include "vchar.h" 55 #if defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || \ 56 (defined(__APPLE__) && defined(__MACH__)) 57 #include "parse.h" 58 #else 59 #include "y.tab.h" 60 #endif 61 62 #include "extern.h" 63 64 /* make the code compile on *BSD-current */ 65 #ifndef SADB_X_AALG_SHA2_256 66 #define SADB_X_AALG_SHA2_256 (-1) 67 #endif 68 #ifndef SADB_X_AALG_SHA2_384 69 #define SADB_X_AALG_SHA2_384 (-1) 70 #endif 71 #ifndef SADB_X_AALG_SHA2_512 72 #define SADB_X_AALG_SHA2_512 (-1) 73 #endif 74 #ifndef SADB_X_AALG_RIPEMD160HMAC 75 #define SADB_X_AALG_RIPEMD160HMAC (-1) 76 #endif 77 #ifndef SADB_X_AALG_AES_XCBC_MAC 78 #define SADB_X_AALG_AES_XCBC_MAC (-1) 79 #endif 80 #ifndef SADB_X_EALG_TWOFISHCBC 81 #define SADB_X_EALG_TWOFISHCBC (-1) 82 #endif 83 #ifndef SADB_X_EALG_AESCTR 84 #define SADB_X_EALG_AESCTR (-1) 85 #endif 86 #if defined(SADB_X_EALG_AES) && ! defined(SADB_X_EALG_AESCBC) 87 #define SADB_X_EALG_AESCBC SADB_X_EALG_AES 88 #endif 89 %} 90 91 /* common section */ 92 nl \n 93 ws [ \t]+ 94 digit [0-9] 95 letter [0-9A-Za-z] 96 hexdigit [0-9A-Fa-f] 97 dot \. 98 hyphen \- 99 slash \/ 100 blcl \[ 101 elcl \] 102 semi \; 103 comment \#.* 104 quotedstring \"[^"]*\" 105 decstring {digit}+ 106 hexstring 0[xX]{hexdigit}+ 107 ipaddress [a-fA-F0-9:]([a-fA-F0-9:\.]*|[a-fA-F0-9:\.]*%[a-zA-Z0-9]*) 108 ipaddrmask {slash}{digit}{1,3} 109 name {letter}(({letter}|{digit}|{hyphen})*({letter}|{digit}))* 110 hostname {name}(({dot}{name})+{dot}?)? 111 112 %s S_PL S_AUTHALG S_ENCALG 113 114 %option noinput nounput 115 %% 116 117 118 add { return(ADD); } 119 update { return(UPDATE); } 120 delete { return(DELETE); } 121 deleteall { return(DELETEALL); } 122 get { return(GET); } 123 flush { return(FLUSH); } 124 dump { return(DUMP); } 125 exit { return(EXIT); } 126 quit { return(EXIT); } 127 bye { return(EXIT); } 128 129 /* for management SPD */ 130 spdadd { return(SPDADD); } 131 spdupdate { return(SPDUPDATE); } 132 spddelete { return(SPDDELETE); } 133 spddump { return(SPDDUMP); } 134 spdflush { return(SPDFLUSH); } 135 tagged { return(TAGGED); } 136 {hyphen}P { BEGIN S_PL; return(F_POLICY); } 137 <S_PL>[a-zA-Z0-9:\.\-_/ \n\t][a-zA-Z0-9:\.%\-+_/ \n\t\]\[]* { 138 yymore(); 139 140 /* count up for nl */ 141 { 142 char *p; 143 for (p = yytext; *p != '\0'; p++) 144 if (*p == '\n') 145 lineno++; 146 } 147 148 yylval.val.len = strlen(yytext); 149 yylval.val.buf = strdup(yytext); 150 if (!yylval.val.buf) 151 yyfatal("insufficient memory"); 152 153 return(PL_REQUESTS); 154 } 155 <S_PL>{semi} { BEGIN INITIAL; return(EOT); } 156 157 /* address resolution flags */ 158 {hyphen}[n46][n46]* { 159 yylval.val.len = strlen(yytext); 160 yylval.val.buf = strdup(yytext); 161 if (!yylval.val.buf) 162 yyfatal("insufficient memory"); 163 return(F_AIFLAGS); 164 } 165 166 /* security protocols */ 167 ah { yylval.num = 0; return(PR_AH); } 168 esp { yylval.num = 0; return(PR_ESP); } 169 ah-old { yylval.num = 1; return(PR_AH); } 170 esp-old { yylval.num = 1; return(PR_ESP); } 171 esp-udp { yylval.num = 0; return(PR_ESPUDP); } 172 ipcomp { yylval.num = 0; return(PR_IPCOMP); } 173 tcp { 174 yylval.num = 0; return(PR_TCP); 175 } 176 177 /* authentication alogorithm */ 178 {hyphen}A { BEGIN S_AUTHALG; return(F_AUTH); } 179 <S_AUTHALG>hmac-md5 { yylval.num = SADB_AALG_MD5HMAC; BEGIN INITIAL; return(ALG_AUTH); } 180 <S_AUTHALG>hmac-sha1 { yylval.num = SADB_AALG_SHA1HMAC; BEGIN INITIAL; return(ALG_AUTH); } 181 <S_AUTHALG>keyed-md5 { yylval.num = SADB_X_AALG_MD5; BEGIN INITIAL; return(ALG_AUTH); } 182 <S_AUTHALG>keyed-sha1 { yylval.num = SADB_X_AALG_SHA; BEGIN INITIAL; return(ALG_AUTH); } 183 <S_AUTHALG>hmac-sha2-256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); } 184 <S_AUTHALG>hmac-sha256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); } 185 <S_AUTHALG>hmac-sha2-384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); } 186 <S_AUTHALG>hmac-sha384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); } 187 <S_AUTHALG>hmac-sha2-512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); } 188 <S_AUTHALG>hmac-sha512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); } 189 <S_AUTHALG>hmac-ripemd160 { yylval.num = SADB_X_AALG_RIPEMD160HMAC; BEGIN INITIAL; return(ALG_AUTH); } 190 <S_AUTHALG>aes-xcbc-mac { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); } 191 <S_AUTHALG>tcp-md5 { 192 #ifdef SADB_X_AALG_TCP_MD5 193 yylval.num = SADB_X_AALG_TCP_MD5; 194 BEGIN INITIAL; 195 return(ALG_AUTH); 196 #endif 197 } 198 <S_AUTHALG>null { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); } 199 200 /* encryption alogorithm */ 201 {hyphen}E { BEGIN S_ENCALG; return(F_ENC); } 202 <S_ENCALG>des-cbc { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC); } 203 <S_ENCALG>3des-cbc { yylval.num = SADB_EALG_3DESCBC; BEGIN INITIAL; return(ALG_ENC); } 204 <S_ENCALG>null { yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_NOKEY); } 205 <S_ENCALG>simple { yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_OLD); } 206 <S_ENCALG>blowfish-cbc { yylval.num = SADB_X_EALG_BLOWFISHCBC; BEGIN INITIAL; return(ALG_ENC); } 207 <S_ENCALG>cast128-cbc { yylval.num = SADB_X_EALG_CAST128CBC; BEGIN INITIAL; return(ALG_ENC); } 208 <S_ENCALG>des-deriv { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DESDERIV); } 209 <S_ENCALG>des-32iv { yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DES32IV); } 210 <S_ENCALG>twofish-cbc { yylval.num = SADB_X_EALG_TWOFISHCBC; BEGIN INITIAL; return(ALG_ENC); } 211 <S_ENCALG>aes-cbc { 212 #ifdef SADB_X_EALG_AESCBC 213 yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC); 214 #endif 215 } 216 <S_ENCALG>rijndael-cbc { 217 #ifdef SADB_X_EALG_AESCBC 218 yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC); 219 #endif 220 } 221 <S_ENCALG>aes-ctr { yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC); } 222 <S_ENCALG>camellia-cbc { 223 #ifdef SADB_X_EALG_CAMELLIACBC 224 yylval.num = SADB_X_EALG_CAMELLIACBC; BEGIN INITIAL; return(ALG_ENC); 225 #endif 226 } 227 <S_ENCALG>aes-gcm-16 { 228 #ifdef SADB_X_EALG_AESGCM16 229 yylval.num = SADB_X_EALG_AESGCM16; BEGIN INITIAL; return(ALG_ENC); 230 #endif 231 } 232 <S_ENCALG>aes-gmac { 233 #ifdef SADB_X_EALG_AESGMAC 234 yylval.num = SADB_X_EALG_AESGMAC; BEGIN INITIAL; return(ALG_ENC); 235 #endif 236 } 237 238 /* compression algorithms */ 239 {hyphen}C { return(F_COMP); } 240 oui { yylval.num = SADB_X_CALG_OUI; return(ALG_COMP); } 241 deflate { yylval.num = SADB_X_CALG_DEFLATE; return(ALG_COMP); } 242 lzs { yylval.num = SADB_X_CALG_LZS; return(ALG_COMP); } 243 {hyphen}R { return(F_RAWCPI); } 244 245 /* extension */ 246 {hyphen}m { return(F_MODE); } 247 transport { yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); } 248 tunnel { yylval.num = IPSEC_MODE_TUNNEL; return(MODE); } 249 {hyphen}u { return(F_REQID); } 250 {hyphen}f { return(F_EXT); } 251 random-pad { yylval.num = SADB_X_EXT_PRAND; return(EXTENSION); } 252 seq-pad { yylval.num = SADB_X_EXT_PSEQ; return(EXTENSION); } 253 zero-pad { yylval.num = SADB_X_EXT_PZERO; return(EXTENSION); } 254 nocyclic-seq { return(NOCYCLICSEQ); } 255 {hyphen}r { return(F_REPLAY); } 256 {hyphen}lh { return(F_LIFETIME_HARD); } 257 {hyphen}ls { return(F_LIFETIME_SOFT); } 258 {hyphen}bh { return(F_LIFEBYTE_HARD); } 259 {hyphen}bs { return(F_LIFEBYTE_SOFT); } 260 {hyphen}ctx { return(SECURITY_CTX); } 261 {hyphen}esp_frag { return(F_ESPFRAG); } 262 263 /* ... */ 264 any { return(ANY); } 265 {ws} { } 266 {nl} { lineno++; } 267 {comment} 268 {semi} { return(EOT); } 269 270 /* for address parameters: /prefix, [port] */ 271 {slash} { return SLASH; } 272 {blcl} { return BLCL; } 273 {elcl} { return ELCL; } 274 275 /* parameter */ 276 {decstring} { 277 char *bp; 278 279 yylval.ulnum = strtoul(yytext, &bp, 10); 280 return(DECSTRING); 281 } 282 283 {hexstring} { 284 yylval.val.buf = strdup(yytext + 2); 285 if (!yylval.val.buf) 286 yyfatal("insufficient memory"); 287 yylval.val.len = strlen(yylval.val.buf); 288 289 return(HEXSTRING); 290 } 291 292 {quotedstring} { 293 char *p = yytext; 294 while (*++p != '"') ; 295 *p = '\0'; 296 yytext++; 297 yylval.val.len = yyleng - 2; 298 yylval.val.buf = strdup(yytext); 299 if (!yylval.val.buf) 300 yyfatal("insufficient memory"); 301 302 return(QUOTEDSTRING); 303 } 304 305 [A-Za-z0-9:][A-Za-z0-9:%\.-]* { 306 yylval.val.len = yyleng; 307 yylval.val.buf = strdup(yytext); 308 if (!yylval.val.buf) 309 yyfatal("insufficient memory"); 310 return(STRING); 311 } 312 313 [0-9,]+ { 314 yylval.val.len = yyleng; 315 yylval.val.buf = strdup(yytext); 316 if (!yylval.val.buf) 317 yyfatal("insufficient memory"); 318 return(STRING); 319 } 320 321 . { 322 yyfatal("Syntax error"); 323 /*NOTREACHED*/ 324 } 325 326 %% 327 328 void 329 yyfatal(const char *s) 330 { 331 yyerror(s); 332 exit(1); 333 } 334 335 void 336 yyerror(const char *s) 337 { 338 printf("line %d: %s at [%s]\n", lineno, s, yytext); 339 } 340 341 int 342 parse(FILE **fp) 343 { 344 yyin = *fp; 345 346 lineno = 1; 347 parse_init(); 348 349 if (yyparse()) { 350 printf("parse failed, line %d.\n", lineno); 351 return(-1); 352 } 353 354 return(0); 355 } 356 357 int 358 parse_string (char *src) 359 { 360 int result; 361 YY_BUFFER_STATE buf_state; 362 363 buf_state = yy_scan_string(src); 364 result = yyparse(); 365 yy_delete_buffer(buf_state); 366 return result; 367 } 368 369