xref: /freebsd/sbin/setkey/token.l (revision db33c6f3ae9d1231087710068ee4ea5398aacca7)
1 /*	$KAME: token.l,v 1.43 2003/07/25 09:35:28 itojun Exp $	*/
2 
3 /*-
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the project nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 %{
35 #include <sys/types.h>
36 #include <sys/param.h>
37 #include <sys/socket.h>
38 #include <net/route.h>
39 #include <net/pfkeyv2.h>
40 #include <netipsec/keydb.h>
41 #include <netipsec/key_debug.h>
42 #include <netinet/in.h>
43 #include <netipsec/ipsec.h>
44 
45 #include <stdlib.h>
46 #include <limits.h>
47 #include <string.h>
48 #include <unistd.h>
49 #include <errno.h>
50 #include <netdb.h>
51 
52 #include "vchar.h"
53 #include "y.tab.h"
54 
55 int lineno = 1;
56 
57 extern u_char m_buf[BUFSIZ];
58 extern u_int m_len;
59 extern int f_debug;
60 
61 int yylex(void);
62 void yyfatal(const char *s);
63 void yyerror(const char *s);
64 extern void parse_init(void);
65 int parse(FILE **);
66 int yyparse(void);
67 %}
68 
69 %option noyywrap
70 
71 /* common section */
72 nl		\n
73 ws		[ \t]+
74 digit		[0-9]
75 letter		[0-9A-Za-z]
76 hexdigit	[0-9A-Fa-f]
77 dot		\.
78 hyphen		\-
79 slash		\/
80 blcl		\[
81 elcl		\]
82 semi		\;
83 comment		\#.*
84 quotedstring	\"[^"]*\"
85 decstring	{digit}+
86 hexstring	0[xX]{hexdigit}+
87 ipaddress	[a-fA-F0-9:]([a-fA-F0-9:\.]*|[a-fA-F0-9:\.]*%[a-zA-Z0-9]*)
88 ipaddrmask	{slash}{digit}{1,3}
89 name		{letter}(({letter}|{digit}|{hyphen})*({letter}|{digit}))*
90 hostname	{name}(({dot}{name})+{dot}?)?
91 
92 %s S_PL S_AUTHALG S_ENCALG
93 
94 %%
95 
96 add		{ return(ADD); }
97 delete		{ return(DELETE); }
98 deleteall	{ return(DELETEALL); }
99 get		{ return(GET); }
100 flush		{ return(FLUSH); }
101 dump		{ return(DUMP); }
102 
103 	/* for management SPD */
104 spdadd		{ return(SPDADD); }
105 spddelete	{ return(SPDDELETE); }
106 spddump		{ return(SPDDUMP); }
107 spdflush	{ return(SPDFLUSH); }
108 tagged		{ return(TAGGED); }
109 {hyphen}P	{ BEGIN S_PL; return(F_POLICY); }
110 <S_PL>[a-zA-Z0-9:\.\-_/ \n\t][a-zA-Z0-9:\.%\-_/ \n\t]* {
111 			yymore();
112 
113 			/* count up for nl */
114 			    {
115 				char *p;
116 				for (p = yytext; *p != '\0'; p++)
117 					if (*p == '\n')
118 						lineno++;
119 			    }
120 
121 			yylval.val.len = strlen(yytext);
122 			yylval.val.buf = strdup(yytext);
123 			if (!yylval.val.buf)
124 				yyfatal("insufficient memory");
125 
126 			return(PL_REQUESTS);
127 		}
128 <S_PL>{semi}	{ BEGIN INITIAL; return(EOT); }
129 
130 	/* address resolution flags */
131 {hyphen}[n46][n46]*	{
132 			yylval.val.len = strlen(yytext);
133 			yylval.val.buf = strdup(yytext);
134 			if (!yylval.val.buf)
135 				yyfatal("insufficient memory");
136 			return(F_AIFLAGS);
137 		}
138 
139 	/* security protocols */
140 ah		{ yylval.num = 0; return(PR_AH); }
141 esp		{ yylval.num = 0; return(PR_ESP); }
142 ah-old		{ yylval.num = 1; return(PR_AH); }
143 esp-old		{ yylval.num = 1; return(PR_ESP); }
144 ipcomp		{ yylval.num = 0; return(PR_IPCOMP); }
145 tcp		{ yylval.num = 0; return(PR_TCP); }
146 
147 	/* authentication alogorithm */
148 {hyphen}A	{ BEGIN S_AUTHALG; return(F_AUTH); }
149 <S_AUTHALG>chacha20-poly1305 { yylval.num = SADB_X_AALG_CHACHA20POLY1305; BEGIN INITIAL; return(ALG_AUTH); }
150 <S_AUTHALG>hmac-sha1	{ yylval.num = SADB_AALG_SHA1HMAC; BEGIN INITIAL; return(ALG_AUTH); }
151 <S_AUTHALG>hmac-sha2-256 { yylval.num = SADB_X_AALG_SHA2_256; BEGIN INITIAL; return(ALG_AUTH); }
152 <S_AUTHALG>hmac-sha2-384 { yylval.num = SADB_X_AALG_SHA2_384; BEGIN INITIAL; return(ALG_AUTH); }
153 <S_AUTHALG>hmac-sha2-512 { yylval.num = SADB_X_AALG_SHA2_512; BEGIN INITIAL; return(ALG_AUTH); }
154 <S_AUTHALG>aes-xcbc-mac { yylval.num = SADB_X_AALG_AES_XCBC_MAC; BEGIN INITIAL; return(ALG_AUTH); }
155 <S_AUTHALG>tcp-md5	{ yylval.num = SADB_X_AALG_TCP_MD5; BEGIN INITIAL; return(ALG_AUTH); }
156 <S_AUTHALG>null { yylval.num = SADB_X_AALG_NULL; BEGIN INITIAL; return(ALG_AUTH_NOKEY); }
157 
158 	/* encryption alogorithm */
159 {hyphen}E	{ BEGIN S_ENCALG; return(F_ENC); }
160 <S_ENCALG>null		{ yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC); }
161 <S_ENCALG>simple	{ yylval.num = SADB_EALG_NULL; BEGIN INITIAL; return(ALG_ENC_OLD); }
162 <S_ENCALG>rijndael-cbc	{ yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC); }
163 <S_ENCALG>aes-cbc	{ yylval.num = SADB_X_EALG_AESCBC; BEGIN INITIAL; return(ALG_ENC); }
164 <S_ENCALG>aes-ctr	{ yylval.num = SADB_X_EALG_AESCTR; BEGIN INITIAL; return(ALG_ENC_SALT); }
165 <S_ENCALG>aes-gcm-16	{ yylval.num = SADB_X_EALG_AESGCM16; BEGIN INITIAL; return(ALG_ENC_SALT); }
166 <S_ENCALG>chacha20-poly1305 { yylval.num = SADB_X_EALG_CHACHA20POLY1305; BEGIN INITIAL; return(ALG_ENC_SALT); }
167 
168 	/* compression algorithms */
169 {hyphen}C	{ return(F_COMP); }
170 oui		{ yylval.num = SADB_X_CALG_OUI; return(ALG_COMP); }
171 deflate		{ yylval.num = SADB_X_CALG_DEFLATE; return(ALG_COMP); }
172 lzs		{ yylval.num = SADB_X_CALG_LZS; return(ALG_COMP); }
173 {hyphen}R	{ return(F_RAWCPI); }
174 
175 	/* extension */
176 {hyphen}m	{ return(F_MODE); }
177 transport	{ yylval.num = IPSEC_MODE_TRANSPORT; return(MODE); }
178 tunnel		{ yylval.num = IPSEC_MODE_TUNNEL; return(MODE); }
179 {hyphen}u	{ return(F_REQID); }
180 {hyphen}f	{ return(F_EXT); }
181 random-pad	{ yylval.num = SADB_X_EXT_PRAND; return(EXTENSION); }
182 seq-pad		{ yylval.num = SADB_X_EXT_PSEQ; return(EXTENSION); }
183 zero-pad	{ yylval.num = SADB_X_EXT_PZERO; return(EXTENSION); }
184 nocyclic-seq	{ return(NOCYCLICSEQ); }
185 {hyphen}r	{ return(F_REPLAY); }
186 {hyphen}lh	{ return(F_LIFETIME_HARD); }
187 {hyphen}ls	{ return(F_LIFETIME_SOFT); }
188 {hyphen}natt	{ return(F_NATT); }
189 {hyphen}natt_mtu { return(F_NATT_MTU); }
190 {hyphen}esn	{ return(F_ESN); }
191 {hyphen}hwif	{ return(F_HWIF); }
192 
193 	/* ... */
194 any		{ return(ANY); }
195 {ws}		{ }
196 {nl}		{ lineno++; }
197 {comment}
198 {semi}		{ return(EOT); }
199 
200 	/* for address parameters: /prefix, [port] */
201 {slash}		{ return SLASH; }
202 {blcl}		{ return BLCL; }
203 {elcl}		{ return ELCL; }
204 
205 	/* parameter */
206 {decstring}	{
207 			char *bp;
208 
209 			yylval.ulnum = strtoul(yytext, &bp, 10);
210 			return(DECSTRING);
211 		}
212 
213 {hexstring}	{
214 			yylval.val.buf = strdup(yytext + 2);
215 			if (!yylval.val.buf)
216 				yyfatal("insufficient memory");
217 			yylval.val.len = strlen(yylval.val.buf);
218 
219 			return(HEXSTRING);
220 		}
221 
222 {quotedstring}	{
223 			char *p = yytext;
224 			while (*++p != '"') ;
225 			*p = '\0';
226 			yytext++;
227 			yylval.val.len = yyleng - 2;
228 			yylval.val.buf = strdup(yytext);
229 			if (!yylval.val.buf)
230 				yyfatal("insufficient memory");
231 
232 			return(QUOTEDSTRING);
233 		}
234 
235 [A-Za-z0-9:][A-Za-z0-9:%\.-]* {
236 			yylval.val.len = yyleng;
237 			yylval.val.buf = strdup(yytext);
238 			if (!yylval.val.buf)
239 				yyfatal("insufficient memory");
240 			return(STRING);
241 		}
242 
243 [0-9,]+ {
244 			yylval.val.len = yyleng;
245 			yylval.val.buf = strdup(yytext);
246 			if (!yylval.val.buf)
247 				yyfatal("insufficient memory");
248 			return(STRING);
249 		}
250 
251 .		{
252 			yyfatal("Syntax error");
253 			/*NOTREACHED*/
254 		}
255 
256 %%
257 
258 void
259 yyfatal(const char *s)
260 {
261 	yyerror(s);
262 	exit(1);
263 }
264 
265 void
266 yyerror(const char *s)
267 {
268 	printf("line %d: %s at [%s]\n", lineno, s, yytext);
269 }
270 
271 int
272 parse(FILE **fp)
273 {
274 	yyin = *fp;
275 
276 	parse_init();
277 
278 	if (yyparse()) {
279 		printf("parse failed, line %d.\n", lineno);
280 		return(-1);
281 	}
282 
283 	return(0);
284 }
285