xref: /netbsd-src/crypto/dist/ipsec-tools/src/setkey/token.l (revision 75219f3a016dfaad1cb304eb017f9787b1de8292) 
1 /*	$NetBSD: token.l,v 1.18 2012/11/29 15:31:25 vanhu Exp $	*/
2 
3 /*	$KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $	*/
4 
5 /*
6  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the project nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 %{
35 
36 #ifdef HAVE_CONFIG_H
37 #include "config.h"
38 #endif
39 
40 #include <sys/types.h>
41 #include <sys/param.h>
42 #include <sys/socket.h>
43 #include <net/pfkeyv2.h>
44 #include <netinet/in.h>
45 #include PATH_IPSEC_H
46 
47 #include <stdlib.h>
48 #include <limits.h>
49 #include <string.h>
50 #include <unistd.h>
51 #include <errno.h>
52 #include <netdb.h>
53 
54 #include "vchar.h"
55 #if defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || \
56 (defined(__APPLE__) && defined(__MACH__))
57 #include "parse.h"
58 #else
59 #include "y.tab.h"
60 #endif
61 
62 #include "extern.h"
63 
64 /* make the code compile on *BSD-current */
65 #ifndef SADB_X_AALG_SHA2_256
66 #define SADB_X_AALG_SHA2_256	(-1)
67 #endif
68 #ifndef SADB_X_AALG_SHA2_384
69 #define SADB_X_AALG_SHA2_384	(-1)
70 #endif
71 #ifndef SADB_X_AALG_SHA2_512
72 #define SADB_X_AALG_SHA2_512	(-1)
73 #endif
74 #ifndef SADB_X_AALG_RIPEMD160HMAC
75 #define SADB_X_AALG_RIPEMD160HMAC	(-1)
76 #endif
77 #ifndef SADB_X_AALG_AES_XCBC_MAC
78 #define SADB_X_AALG_AES_XCBC_MAC	(-1)
79 #endif
80 #ifndef SADB_X_EALG_TWOFISHCBC
81 #define SADB_X_EALG_TWOFISHCBC	(-1)
82 #endif
83 #ifndef SADB_X_EALG_AESCTR
84 #define SADB_X_EALG_AESCTR	(-1)
85 #endif
86 #if defined(SADB_X_EALG_AES) && ! defined(SADB_X_EALG_AESCBC)
87 #define SADB_X_EALG_AESCBC  SADB_X_EALG_AES
88 #endif
89 %}
90 
91 /* common section */
92 nl		\n
93 ws		[ \t]+
94 digit		[0-9]
95 letter		[0-9A-Za-z]
96 hexdigit	[0-9A-Fa-f]
97 dot		\.
98 hyphen		\-
99 slash		\/
100 blcl		\[
101 elcl		\]
102 semi		\;
103 comment		\#.*
104 quotedstring	\"[^"]*\"
105 decstring	{digit}+
106 hexstring	0[xX]{hexdigit}+
107 ipaddress	[a-fA-F0-9:]([a-fA-F0-9:\.]*|[a-fA-F0-9:\.]*%[a-zA-Z0-9]*)
108 ipaddrmask	{slash}{digit}{1,3}
109 name		{letter}(({letter}|{digit}|{hyphen})*({letter}|{digit}))*
110 hostname	{name}(({dot}{name})+{dot}?)?
111 
112 %s S_PL S_AUTHALG S_ENCALG
113 
114 %option noinput nounput
115 %%
116 
117 
118 add		{ return(ADD); }
119 delete		{ return(DELETE); }
120 deleteall	{ return(DELETEALL); }
121 get		{ return(GET); }
122 flush		{ return(FLUSH); }
123 dump		{ return(DUMP); }
124 exit		{ return(EXIT); }
125 quit		{ return(EXIT); }
126 bye		{ return(EXIT); }
127 
128 	/* for management SPD */
129 spdadd		{ return(SPDADD); }
130 spdupdate	{ return(SPDUPDATE); }
131 spddelete	{ return(SPDDELETE); }
132 spddump		{ return(SPDDUMP); }
133 spdflush	{ return(SPDFLUSH); }
134 tagged		{ return(TAGGED); }
135 {hyphen}P	{ BEGIN S_PL; return(F_POLICY); }
136 <S_PL>[a-zA-Z0-9:\.\-_/ \n\t][a-zA-Z0-9:\.%\-+_/ \n\t\]\[]* {
137 			yymore();
138 
139 			/* count up for nl */
140 			    {
141 				char *p;
142 				for (p = yytext; *p != '\0'; p++)
143 					if (*p == '\n')
144 						lineno++;
145 			    }
146 
147 			yylval.val.len = strlen(yytext);
148 			yylval.val.buf = strdup(yytext);
149 			if (!yylval.val.buf)
150 				yyfatal("insufficient memory");
151 
152 			return(PL_REQUESTS);
153 		}
154 <S_PL>{semi}	{ BEGIN INITIAL; return(EOT); }
155 
156 	/* address resolution flags */
157 {hyphen}[n46][n46]*	{
158 			yylval.val.len = strlen(yytext);
159 			yylval.val.buf = strdup(yytext);
160 			if (!yylval.val.buf)
161 				yyfatal("insufficient memory");
162 			return(F_AIFLAGS);
163 		}
164 
165 	/* security protocols */
166 ah		{ yylval.num = 0; return(PR_AH); }
167 esp		{ yylval.num = 0; return(PR_ESP); }
168 ah-old		{ yylval.num = 1; return(PR_AH); }
169 esp-old		{ yylval.num = 1; return(PR_ESP); }
170 esp-udp		{ yylval.num = 0; return(PR_ESPUDP); }
171 ipcomp		{ yylval.num = 0; return(PR_IPCOMP); }
172 tcp		{
173 			yylval.num = 0; return(PR_TCP);
174 		}
175 
176 	/* authentication alogorithm */
177 {hyphen}A	{ BEGIN S_AUTHALG; return(F_AUTH); }
178 <S_AUTHALG>hmac-md5	{ yylval.num = SADB_AALG_MD5HMAC; BEGIN INITIAL; return(ALG_AUTH); }
179 <S_AUTHALG>hmac-sha1	{ yylval.num = SADB_AALG_SHA1HMAC; BEGIN INITIAL; return(ALG_AUTH); }
180 <S_AUTHALG>keyed-md5	{ yylval.num = SADB_X_AALG_MD5; BEGIN INITIAL; return(ALG_AUTH); }
181 <S_AUTHALG>keyed-sha1	{ yylval.num = SADB_X_AALG_SHA; BEGIN INITIAL; return(ALG_AUTH); }
182 <S_AUTHALG>hmac-sha2-256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
183 <S_AUTHALG>hmac-sha256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
184 <S_AUTHALG>hmac-sha2-384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
185 <S_AUTHALG>hmac-sha384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
186 <S_AUTHALG>hmac-sha2-512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
187 <S_AUTHALG>hmac-sha512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
188 <S_AUTHALG>hmac-ripemd160 { yylval.num = SADB_X_AALG_RIPEMD160HMAC; BEGIN INITIAL; return(ALG_AUTH); }
189 <S_AUTHALG>aes-xcbc-mac { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); }
190 <S_AUTHALG>tcp-md5	{
191 #ifdef SADB_X_AALG_TCP_MD5
192 				yylval.num = SADB_X_AALG_TCP_MD5;
193 				BEGIN INITIAL;
194 				return(ALG_AUTH);
195 #endif
196 			}
197 <S_AUTHALG>null { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); }
198 
199 	/* encryption alogorithm */
200 {hyphen}E	{ BEGIN S_ENCALG; return(F_ENC); }
201 <S_ENCALG>des-cbc	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC); }
202 <S_ENCALG>3des-cbc	{ yylval.num = SADB_EALG_3DESCBC; BEGIN INITIAL; return(ALG_ENC); }
203 <S_ENCALG>null		{ yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_NOKEY); }
204 <S_ENCALG>simple	{ yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_OLD); }
205 <S_ENCALG>blowfish-cbc	{ yylval.num = SADB_X_EALG_BLOWFISHCBC; BEGIN INITIAL; return(ALG_ENC); }
206 <S_ENCALG>cast128-cbc	{ yylval.num = SADB_X_EALG_CAST128CBC; BEGIN INITIAL; return(ALG_ENC); }
207 <S_ENCALG>des-deriv	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DESDERIV); }
208 <S_ENCALG>des-32iv	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DES32IV); }
209 <S_ENCALG>twofish-cbc	{ yylval.num = SADB_X_EALG_TWOFISHCBC; BEGIN INITIAL; return(ALG_ENC); }
210 <S_ENCALG>aes-cbc	{
211 #ifdef SADB_X_EALG_AESCBC
212 	yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC);
213 #endif
214 }
215 <S_ENCALG>rijndael-cbc	{
216 #ifdef SADB_X_EALG_AESCBC
217 	yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC);
218 #endif
219 }
220 <S_ENCALG>aes-ctr	{ yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC); }
221 <S_ENCALG>camellia-cbc	{
222 #ifdef SADB_X_EALG_CAMELLIACBC
223 	yylval.num = SADB_X_EALG_CAMELLIACBC; BEGIN INITIAL; return(ALG_ENC);
224 #endif
225 }
226 <S_ENCALG>aes-gcm-16	{
227 #ifdef SADB_X_EALG_AESGCM16
228 	yylval.num = SADB_X_EALG_AESGCM16; BEGIN INITIAL; return(ALG_ENC);
229 #endif
230 }
231 <S_ENCALG>aes-gmac	{
232 #ifdef SADB_X_EALG_AESGMAC
233 	yylval.num = SADB_X_EALG_AESGMAC; BEGIN INITIAL; return(ALG_ENC);
234 #endif
235 }
236 <S_ENCALG>aes-gcm-16   {
237 #ifdef SADB_X_EALG_AESGCM16
238 	yylval.num = SADB_X_EALG_AESGCM16; BEGIN INITIAL; return(ALG_ENC);
239 #endif
240 }
241 <S_ENCALG>aes-gmac     {
242 #ifdef SADB_X_EALG_AESGMAC
243 	yylval.num = SADB_X_EALG_AESGMAC; BEGIN INITIAL; return(ALG_ENC);
244 #endif
245 }
246 
247 	/* compression algorithms */
248 {hyphen}C	{ return(F_COMP); }
249 oui		{ yylval.num = SADB_X_CALG_OUI; return(ALG_COMP); }
250 deflate		{ yylval.num = SADB_X_CALG_DEFLATE; return(ALG_COMP); }
251 lzs		{ yylval.num = SADB_X_CALG_LZS; return(ALG_COMP); }
252 {hyphen}R	{ return(F_RAWCPI); }
253 
254 	/* extension */
255 {hyphen}m	{ return(F_MODE); }
256 transport	{ yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); }
257 tunnel		{ yylval.num = IPSEC_MODE_TUNNEL; return(MODE); }
258 {hyphen}u	{ return(F_REQID); }
259 {hyphen}f	{ return(F_EXT); }
260 random-pad	{ yylval.num = SADB_X_EXT_PRAND; return(EXTENSION); }
261 seq-pad		{ yylval.num = SADB_X_EXT_PSEQ; return(EXTENSION); }
262 zero-pad	{ yylval.num = SADB_X_EXT_PZERO; return(EXTENSION); }
263 nocyclic-seq	{ return(NOCYCLICSEQ); }
264 {hyphen}r	{ return(F_REPLAY); }
265 {hyphen}lh	{ return(F_LIFETIME_HARD); }
266 {hyphen}ls	{ return(F_LIFETIME_SOFT); }
267 {hyphen}bh	{ return(F_LIFEBYTE_HARD); }
268 {hyphen}bs	{ return(F_LIFEBYTE_SOFT); }
269 {hyphen}ctx	{ return(SECURITY_CTX); }
270 {hyphen}esp_frag { return(F_ESPFRAG); }
271 
272 	/* ... */
273 any		{ return(ANY); }
274 {ws}		{ }
275 {nl}		{ lineno++; }
276 {comment}
277 {semi}		{ return(EOT); }
278 
279 	/* for address parameters: /prefix, [port] */
280 {slash}		{ return SLASH; }
281 {blcl}		{ return BLCL; }
282 {elcl}		{ return ELCL; }
283 
284 	/* parameter */
285 {decstring}	{
286 			char *bp;
287 
288 			yylval.ulnum = strtoul(yytext, &bp, 10);
289 			return(DECSTRING);
290 		}
291 
292 {hexstring}	{
293 			yylval.val.buf = strdup(yytext + 2);
294 			if (!yylval.val.buf)
295 				yyfatal("insufficient memory");
296 			yylval.val.len = strlen(yylval.val.buf);
297 
298 			return(HEXSTRING);
299 		}
300 
301 {quotedstring}	{
302 			char *p = yytext;
303 			while (*++p != '"') ;
304 			*p = '\0';
305 			yytext++;
306 			yylval.val.len = yyleng - 2;
307 			yylval.val.buf = strdup(yytext);
308 			if (!yylval.val.buf)
309 				yyfatal("insufficient memory");
310 
311 			return(QUOTEDSTRING);
312 		}
313 
314 [A-Za-z0-9:][A-Za-z0-9:%\.-]* {
315 			yylval.val.len = yyleng;
316 			yylval.val.buf = strdup(yytext);
317 			if (!yylval.val.buf)
318 				yyfatal("insufficient memory");
319 			return(STRING);
320 		}
321 
322 [0-9,]+ {
323 			yylval.val.len = yyleng;
324 			yylval.val.buf = strdup(yytext);
325 			if (!yylval.val.buf)
326 				yyfatal("insufficient memory");
327 			return(STRING);
328 		}
329 
330 .		{
331 			yyfatal("Syntax error");
332 			/*NOTREACHED*/
333 		}
334 
335 %%
336 
337 void
338 yyfatal(s)
339 	const char *s;
340 {
341 	yyerror(s);
342 	exit(1);
343 }
344 
345 void
346 yyerror(s)
347 	const char *s;
348 {
349 	printf("line %d: %s at [%s]\n", lineno, s, yytext);
350 }
351 
352 int
353 parse(fp)
354 	FILE **fp;
355 {
356 	yyin = *fp;
357 
358 	lineno = 1;
359 	parse_init();
360 
361 	if (yyparse()) {
362 		printf("parse failed, line %d.\n", lineno);
363 		return(-1);
364 	}
365 
366 	return(0);
367 }
368 
369 int
370 parse_string (char *src)
371 {
372 	int             result;
373 	YY_BUFFER_STATE buf_state;
374 
375 	buf_state = yy_scan_string(src);
376 	result = yyparse();
377 	yy_delete_buffer(buf_state);
378 	return result;
379 }
380 
381