1/*	$KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $	*/
2
3/*
4 * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 *    notice, this list of conditions and the following disclaimer in the
14 *    documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 *    may be used to endorse or promote products derived from this software
17 *    without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32%option noyywrap
33%{
34
35#ifdef HAVE_CONFIG_H
36#include "config.h"
37#endif
38
39#include <sys/types.h>
40#include <sys/param.h>
41#include <sys/socket.h>
42#include <net/pfkeyv2.h>
43#include <netinet/in.h>
44#ifdef HAVE_NETINET6_IPSEC
45#  include <netinet6/ipsec.h>
46#else
47#  include <netinet/ipsec.h>
48#endif
49
50#include <stdlib.h>
51#include <limits.h>
52#include <string.h>
53#include <unistd.h>
54#include <errno.h>
55#include <netdb.h>
56
57#include "vchar.h"
58#include "y.tab.h"
59
60#include "extern.h"
61
62/* make the code compile on *BSD-current */
63#ifndef SADB_X_AALG_SHA2_256
64#define SADB_X_AALG_SHA2_256	(-1)
65#endif
66#ifndef SADB_X_AALG_SHA2_384
67#define SADB_X_AALG_SHA2_384	(-1)
68#endif
69#ifndef SADB_X_AALG_SHA2_512
70#define SADB_X_AALG_SHA2_512	(-1)
71#endif
72#ifndef SADB_X_AALG_RIPEMD160HMAC
73#define SADB_X_AALG_RIPEMD160HMAC	(-1)
74#endif
75#ifndef SADB_X_AALG_AES_XCBC_MAC
76#define SADB_X_AALG_AES_XCBC_MAC	(-1)
77#endif
78#ifndef SADB_X_EALG_TWOFISHCBC
79#define SADB_X_EALG_TWOFISHCBC	(-1)
80#endif
81#ifndef SADB_X_EALG_AESCTR
82#define SADB_X_EALG_AESCTR	(-1)
83#endif
84%}
85
86/* common section */
87nl		\n
88ws		[ \t]+
89digit		[0-9]
90letter		[0-9A-Za-z]
91hexdigit	[0-9A-Fa-f]
92dot		\.
93hyphen		\-
94slash		\/
95blcl		\[
96elcl		\]
97semi		\;
98comment		\#.*
99quotedstring	\"[^"]*\"
100decstring	{digit}+
101hexstring	0[xX]{hexdigit}+
102ipaddress	[a-fA-F0-9:]([a-fA-F0-9:\.]*|[a-fA-F0-9:\.]*%[a-zA-Z0-9]*)
103ipaddrmask	{slash}{digit}{1,3}
104name		{letter}(({letter}|{digit}|{hyphen})*({letter}|{digit}))*
105hostname	{name}(({dot}{name})+{dot}?)?
106
107%s S_PL S_AUTHALG S_ENCALG
108
109%%
110
111add		{ return(ADD); }
112delete		{ return(DELETE); }
113deleteall	{ return(DELETEALL); }
114get		{ return(GET); }
115flush		{ return(FLUSH); }
116dump		{ return(DUMP); }
117exit		{ return(EXIT); }
118quit		{ return(EXIT); }
119bye		{ return(EXIT); }
120
121	/* for management SPD */
122spdadd		{ return(SPDADD); }
123spddelete	{ return(SPDDELETE); }
124spddump		{ return(SPDDUMP); }
125spdflush	{ return(SPDFLUSH); }
126tagged		{ return(TAGGED); }
127{hyphen}P	{ BEGIN S_PL; return(F_POLICY); }
128<S_PL>[a-zA-Z0-9:\.\-_/ \n\t][a-zA-Z0-9:\.%\-+_/ \n\t\]\[]* {
129			yymore();
130
131			/* count up for nl */
132			    {
133				char *p;
134				for (p = yytext; *p != '\0'; p++)
135					if (*p == '\n')
136						lineno++;
137			    }
138
139			yylval.val.len = strlen(yytext);
140			yylval.val.buf = strdup(yytext);
141			if (!yylval.val.buf)
142				yyfatal("insufficient memory");
143
144			return(PL_REQUESTS);
145		}
146<S_PL>{semi}	{ BEGIN INITIAL; return(EOT); }
147
148	/* address resolution flags */
149{hyphen}[n46][n46]*	{
150			yylval.val.len = strlen(yytext);
151			yylval.val.buf = strdup(yytext);
152			if (!yylval.val.buf)
153				yyfatal("insufficient memory");
154			return(F_AIFLAGS);
155		}
156
157	/* security protocols */
158ah		{ yylval.num = 0; return(PR_AH); }
159esp		{ yylval.num = 0; return(PR_ESP); }
160ah-old		{ yylval.num = 1; return(PR_AH); }
161esp-old		{ yylval.num = 1; return(PR_ESP); }
162esp-udp		{ yylval.num = 0; return(PR_ESPUDP); }
163ipcomp		{ yylval.num = 0; return(PR_IPCOMP); }
164tcp		{
165			yylval.num = 0; return(PR_TCP);
166		}
167
168	/* authentication alogorithm */
169{hyphen}A	{ BEGIN S_AUTHALG; return(F_AUTH); }
170<S_AUTHALG>hmac-md5	{ yylval.num = SADB_AALG_MD5HMAC; BEGIN INITIAL; return(ALG_AUTH); }
171<S_AUTHALG>hmac-sha1	{ yylval.num = SADB_AALG_SHA1HMAC; BEGIN INITIAL; return(ALG_AUTH); }
172<S_AUTHALG>keyed-md5	{ yylval.num = SADB_X_AALG_MD5; BEGIN INITIAL; return(ALG_AUTH); }
173<S_AUTHALG>keyed-sha1	{ yylval.num = SADB_X_AALG_SHA; BEGIN INITIAL; return(ALG_AUTH); }
174<S_AUTHALG>hmac-sha2-256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
175<S_AUTHALG>hmac-sha256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
176<S_AUTHALG>hmac-sha2-384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
177<S_AUTHALG>hmac-sha384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
178<S_AUTHALG>hmac-sha2-512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
179<S_AUTHALG>hmac-sha512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
180<S_AUTHALG>hmac-ripemd160 { yylval.num = SADB_X_AALG_RIPEMD160HMAC; BEGIN INITIAL; return(ALG_AUTH); }
181<S_AUTHALG>aes-xcbc-mac { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); }
182<S_AUTHALG>tcp-md5	{
183#ifdef SADB_X_AALG_TCP_MD5
184				yylval.num = SADB_X_AALG_TCP_MD5;
185				BEGIN INITIAL;
186				return(ALG_AUTH);
187#endif
188			}
189<S_AUTHALG>null { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); }
190
191	/* encryption alogorithm */
192{hyphen}E	{ BEGIN S_ENCALG; return(F_ENC); }
193<S_ENCALG>des-cbc	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC); }
194<S_ENCALG>3des-cbc	{ yylval.num = SADB_EALG_3DESCBC; BEGIN INITIAL; return(ALG_ENC); }
195<S_ENCALG>null		{ yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_NOKEY); }
196<S_ENCALG>simple	{ yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_OLD); }
197<S_ENCALG>blowfish-cbc	{ yylval.num = SADB_X_EALG_BLOWFISHCBC; BEGIN INITIAL; return(ALG_ENC); }
198<S_ENCALG>cast128-cbc	{ yylval.num = SADB_X_EALG_CAST128CBC; BEGIN INITIAL; return(ALG_ENC); }
199<S_ENCALG>des-deriv	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DESDERIV); }
200<S_ENCALG>des-32iv	{ yylval.num = SADB_EALG_DESCBC; BEGIN INITIAL; return(ALG_ENC_DES32IV); }
201<S_ENCALG>twofish-cbc	{ yylval.num = SADB_X_EALG_TWOFISHCBC; BEGIN INITIAL; return(ALG_ENC); }
202<S_ENCALG>aes-cbc	{
203#ifdef SADB_X_EALG_AESCBC
204	yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC);
205#endif
206}
207<S_ENCALG>rijndael-cbc	{
208#ifdef SADB_X_EALG_AESCBC
209	yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC);
210#endif
211}
212<S_ENCALG>aes-ctr	{ yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC); }
213
214	/* compression algorithms */
215{hyphen}C	{ return(F_COMP); }
216oui		{ yylval.num = SADB_X_CALG_OUI; return(ALG_COMP); }
217deflate		{ yylval.num = SADB_X_CALG_DEFLATE; return(ALG_COMP); }
218lzs		{ yylval.num = SADB_X_CALG_LZS; return(ALG_COMP); }
219{hyphen}R	{ return(F_RAWCPI); }
220
221	/* extension */
222{hyphen}m	{ return(F_MODE); }
223transport	{ yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); }
224tunnel		{ yylval.num = IPSEC_MODE_TUNNEL; return(MODE); }
225{hyphen}u	{ return(F_REQID); }
226{hyphen}f	{ return(F_EXT); }
227random-pad	{ yylval.num = SADB_X_EXT_PRAND; return(EXTENSION); }
228seq-pad		{ yylval.num = SADB_X_EXT_PSEQ; return(EXTENSION); }
229zero-pad	{ yylval.num = SADB_X_EXT_PZERO; return(EXTENSION); }
230nocyclic-seq	{ return(NOCYCLICSEQ); }
231{hyphen}r	{ return(F_REPLAY); }
232{hyphen}lh	{ return(F_LIFETIME_HARD); }
233{hyphen}ls	{ return(F_LIFETIME_SOFT); }
234{hyphen}bh	{ return(F_LIFEBYTE_HARD); }
235{hyphen}bs	{ return(F_LIFEBYTE_SOFT); }
236
237	/* ... */
238any		{ return(ANY); }
239{ws}		{ }
240{nl}		{ lineno++; }
241{comment}
242{semi}		{ return(EOT); }
243
244	/* for address parameters: /prefix, [port] */
245{slash}		{ return SLASH; }
246{blcl}		{ return BLCL; }
247{elcl}		{ return ELCL; }
248
249	/* parameter */
250{decstring}	{
251			char *bp;
252
253			yylval.ulnum = strtoul(yytext, &bp, 10);
254			return(DECSTRING);
255		}
256
257{hexstring}	{
258			yylval.val.buf = strdup(yytext + 2);
259			if (!yylval.val.buf)
260				yyfatal("insufficient memory");
261			yylval.val.len = strlen(yylval.val.buf);
262
263			return(HEXSTRING);
264		}
265
266{quotedstring}	{
267			char *p = yytext;
268			while (*++p != '"') ;
269			*p = '\0';
270			yytext++;
271			yylval.val.len = yyleng - 2;
272			yylval.val.buf = strdup(yytext);
273			if (!yylval.val.buf)
274				yyfatal("insufficient memory");
275
276			return(QUOTEDSTRING);
277		}
278
279[A-Za-z0-9:][A-Za-z0-9:%\.-]* {
280			yylval.val.len = yyleng;
281			yylval.val.buf = strdup(yytext);
282			if (!yylval.val.buf)
283				yyfatal("insufficient memory");
284			return(STRING);
285		}
286
287[0-9,]+ {
288			yylval.val.len = yyleng;
289			yylval.val.buf = strdup(yytext);
290			if (!yylval.val.buf)
291				yyfatal("insufficient memory");
292			return(STRING);
293		}
294
295.		{
296			yyfatal("Syntax error");
297			/*NOTREACHED*/
298		}
299
300%%
301
302void
303yyfatal(s)
304	const char *s;
305{
306	yyerror(s);
307	exit(1);
308}
309
310void
311yyerror(s)
312	const char *s;
313{
314	printf("line %d: %s at [%s]\n", lineno, s, yytext);
315}
316
317int
318parse(fp)
319	FILE **fp;
320{
321	yyin = *fp;
322
323	lineno = 1;
324	parse_init();
325
326	if (yyparse()) {
327		printf("parse failed, line %d.\n", lineno);
328		return(-1);
329	}
330
331	return(0);
332}
333
334int
335parse_string (char *src)
336{
337	int             result;
338	YY_BUFFER_STATE buf_state;
339
340	buf_state = yy_scan_string(src);
341	result = yyparse();
342	yy_delete_buffer(buf_state);
343	return result;
344}
345
346