1/* $NetBSD: rsalist.c,v 1.5 2011/03/02 15:04:01 vanhu Exp $ */ 2 3/* Id: rsalist.c,v 1.3 2004/11/08 12:04:23 ludvigm Exp */ 4 5/* 6 * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany. 7 * Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the project nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35#include "config.h" 36 37#include <stdio.h> 38#include <string.h> 39 40#include <sys/types.h> 41#include <sys/queue.h> 42#include <sys/socket.h> 43#include <netdb.h> 44 45#include <openssl/bn.h> 46#include <openssl/rsa.h> 47 48#include "misc.h" 49#include "plog.h" 50#include "sockmisc.h" 51#include "rsalist.h" 52#include "genlist.h" 53#include "remoteconf.h" 54#include "crypto_openssl.h" 55 56#ifndef LIST_FIRST 57#define LIST_FIRST(head) ((head)->lh_first) 58#endif 59 60#ifndef LIST_NEXT 61#define LIST_NEXT(elm, field) ((elm)->field.le_next) 62#endif 63 64/* from prsa_tok.l */ 65int prsa_parse_file(struct genlist *list, const char *fname, enum rsa_key_type type); 66 67int 68rsa_key_insert(struct genlist *list, struct netaddr *src, 69 struct netaddr *dst, RSA *rsa) 70{ 71 struct rsa_key *rsa_key; 72 73 rsa_key = calloc(sizeof(struct rsa_key), 1); 74 rsa_key->rsa = rsa; 75 76 if (src) 77 rsa_key->src = src; 78 else 79 rsa_key->src = calloc(sizeof(*rsa_key->src), 1); 80 81 if (dst) 82 rsa_key->dst = dst; 83 else 84 rsa_key->dst = calloc(sizeof(*rsa_key->dst), 1); 85 86 genlist_append(list, rsa_key); 87 88 return 0; 89} 90 91struct rsa_key * 92rsa_key_dup(struct rsa_key *key) 93{ 94 struct rsa_key *new; 95 96 new = calloc(sizeof(struct rsa_key), 1); 97 if (new == NULL) 98 return NULL; 99 100 if (key->rsa) { 101 new->rsa = key->rsa->d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa); 102 if (new->rsa == NULL) 103 goto dup_error; 104 } 105 106 if (key->src) { 107 new->src = malloc(sizeof(*new->src)); 108 if (new->src == NULL) 109 goto dup_error; 110 memcpy(new->src, key->src, sizeof(*new->src)); 111 } 112 if (key->dst) { 113 new->dst = malloc(sizeof(*new->dst)); 114 if (new->dst == NULL) 115 goto dup_error; 116 memcpy(new->dst, key->dst, sizeof(*new->dst)); 117 } 118 119 return new; 120 121dup_error: 122 if (new->rsa != NULL) 123 RSA_free(new->rsa); 124 if (new->dst != NULL) 125 free(new->dst); 126 if (new->src != NULL) 127 free(new->src); 128 129 free(new); 130 return NULL; 131} 132 133void 134rsa_key_free(void *data) 135{ 136 struct rsa_key *rsa_key; 137 138 139 rsa_key = (struct rsa_key *)data; 140 if (rsa_key->src) 141 free(rsa_key->src); 142 if (rsa_key->dst) 143 free(rsa_key->dst); 144 if (rsa_key->rsa) 145 RSA_free(rsa_key->rsa); 146 147 free(rsa_key); 148} 149 150static void * 151rsa_key_dump_one(void *entry, void *arg) 152{ 153 struct rsa_key *key = entry; 154 155 plog(LLV_DEBUG, LOCATION, NULL, "Entry %s\n", 156 naddrwop2str_fromto("%s -> %s", key->src, 157 key->dst)); 158 if (loglevel > LLV_DEBUG) 159 RSA_print_fp(stdout, key->rsa, 4); 160 161 return NULL; 162} 163 164void 165rsa_key_dump(struct genlist *list) 166{ 167 genlist_foreach(list, rsa_key_dump_one, NULL); 168} 169 170static void * 171rsa_list_count_one(void *entry, void *arg) 172{ 173 if (arg) 174 (*(unsigned long *)arg)++; 175 return NULL; 176} 177 178unsigned long 179rsa_list_count(struct genlist *list) 180{ 181 unsigned long count = 0; 182 genlist_foreach(list, rsa_list_count_one, &count); 183 return count; 184} 185 186struct lookup_result { 187 struct ph1handle *iph1; 188 int max_score; 189 struct genlist *winners; 190}; 191 192static void * 193rsa_lookup_key_one(void *entry, void *data) 194{ 195 int local_score, remote_score; 196 struct lookup_result *req = data; 197 struct rsa_key *key = entry; 198 199 local_score = naddr_score(key->src, req->iph1->local); 200 remote_score = naddr_score(key->dst, req->iph1->remote); 201 202 plog(LLV_DEBUG, LOCATION, NULL, "Entry %s scored %d/%d\n", 203 naddrwop2str_fromto("%s -> %s", key->src, key->dst), 204 local_score, remote_score); 205 206 if (local_score >= 0 && remote_score >= 0) { 207 if (local_score + remote_score > req->max_score) { 208 req->max_score = local_score + remote_score; 209// genlist_free(req->winners, NULL); 210 } 211 212 if (local_score + remote_score >= req->max_score) { 213 genlist_append(req->winners, key); 214 } 215 } 216 217 /* Always traverse the whole list */ 218 return NULL; 219} 220 221struct genlist * 222rsa_lookup_keys(struct ph1handle *iph1, int my) 223{ 224 struct genlist *list; 225 struct lookup_result r; 226 227 plog(LLV_DEBUG, LOCATION, NULL, "Looking up RSA key for %s\n", 228 saddr2str_fromto("%s <-> %s", iph1->local, iph1->remote)); 229 230 r.iph1 = iph1; 231 r.max_score = -1; 232 r.winners = genlist_init(); 233 234 if (my) 235 list = iph1->rmconf->rsa_private; 236 else 237 list = iph1->rmconf->rsa_public; 238 239 genlist_foreach(list, rsa_lookup_key_one, &r); 240 241 if (loglevel >= LLV_DEBUG) 242 rsa_key_dump(r.winners); 243 244 return r.winners; 245} 246 247int 248rsa_parse_file(struct genlist *list, const char *fname, enum rsa_key_type type) 249{ 250 int ret; 251 252 plog(LLV_DEBUG, LOCATION, NULL, "Parsing %s\n", fname); 253 ret = prsa_parse_file(list, fname, type); 254 if (loglevel >= LLV_DEBUG) 255 rsa_key_dump(list); 256 return ret; 257} 258 259RSA * 260rsa_try_check_rsasign(vchar_t *source, vchar_t *sig, struct genlist *list) 261{ 262 struct rsa_key *key; 263 struct genlist_entry *gp; 264 265 for(key = genlist_next(list, &gp); key; key = genlist_next(NULL, &gp)) { 266 plog(LLV_DEBUG, LOCATION, NULL, "Checking key %s...\n", 267 naddrwop2str_fromto("%s -> %s", key->src, key->dst)); 268 if (eay_check_rsasign(source, sig, key->rsa) == 0) { 269 plog(LLV_DEBUG, LOCATION, NULL, " ... YEAH!\n"); 270 return key->rsa; 271 } 272 plog(LLV_DEBUG, LOCATION, NULL, " ... nope.\n"); 273 } 274 return NULL; 275} 276