crypto/dist/ipsec-tools/src/racoon/rsalist.c

   1 /*      $NetBSD$        */
   2
   3 /* Id: rsalist.c,v 1.3 2004/11/08 12:04:23 ludvigm Exp */
   4
   5 /*
   6  * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany.
   7  * Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs
   8  * All rights reserved.
   9  *
  10  * Redistribution and use in source and binary forms, with or without
  11  * modification, are permitted provided that the following conditions
  12  * are met:
  13  * 1. Redistributions of source code must retain the above copyright
  14  *    notice, this list of conditions and the following disclaimer.
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in the
  17  *    documentation and/or other materials provided with the distribution.
  18  * 3. Neither the name of the project nor the names of its contributors
  19  *    may be used to endorse or promote products derived from this software
  20  *    without specific prior written permission.
  21  *
  22  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  32  * SUCH DAMAGE.
  33  */
  34
  35 #include "config.h"
  36
  37 #include <stdio.h>
  38 #include <string.h>
  39
  40 #include <sys/types.h>
  41 #include <sys/queue.h>
  42 #include <sys/socket.h>
  43 #include <netdb.h>
  44
  45 #include <openssl/bn.h>
  46 #include <openssl/rsa.h>
  47
  48 #include "misc.h"
  49 #include "plog.h"
  50 #include "sockmisc.h"
  51 #include "rsalist.h"
  52 #include "genlist.h"
  53 #include "remoteconf.h"
  54 #include "crypto_openssl.h"
  55
  56 #ifndef LIST_FIRST
  57 #define LIST_FIRST(head)        ((head)->lh_first)
  58 #endif
  59
  60 #ifndef LIST_NEXT
  61 #define LIST_NEXT(elm, field)   ((elm)->field.le_next)
  62 #endif
  63
  64 /* from prsa_tok.l */
  65 int prsa_parse_file(struct genlist *list, const char *fname, enum rsa_key_type type);
  66
  67 int
  68 rsa_key_insert(struct genlist *list, struct netaddr *src,
  69                struct netaddr *dst, RSA *rsa)
  70 {
  71         struct rsa_key *rsa_key;
  72
  73         rsa_key = calloc(sizeof(struct rsa_key), 1);
  74         rsa_key->rsa = rsa;
  75
  76         if (src)
  77                 rsa_key->src = src;
  78         else
  79                 rsa_key->src = calloc(sizeof(*rsa_key->src), 1);
  80
  81         if (dst)
  82                 rsa_key->dst = dst;
  83         else
  84                 rsa_key->dst = calloc(sizeof(*rsa_key->dst), 1);
  85
  86         genlist_append(list, rsa_key);
  87
  88         return 0;
  89 }
  90
  91 static void *
  92 rsa_key_dump_one(void *entry, void *arg)
  93 {
  94         struct rsa_key *key = entry;
  95
  96         plog(LLV_DEBUG, LOCATION, NULL, "Entry %s\n",
  97              naddrwop2str_fromto("%s -> %s", key->src,
  98                                  key->dst));
  99         if (loglevel > LLV_DEBUG)
 100                 RSA_print_fp(stdout, key->rsa, 4);
 101
 102         return NULL;
 103 }
 104
 105 void
 106 rsa_key_dump(struct genlist *list)
 107 {
 108         genlist_foreach(list, rsa_key_dump_one, NULL);
 109 }
 110
 111 static void *
 112 rsa_list_count_one(void *entry, void *arg)
 113 {
 114         if (arg)
 115                 (*(unsigned long *)arg)++;
 116         return NULL;
 117 }
 118
 119 unsigned long
 120 rsa_list_count(struct genlist *list)
 121 {
 122         unsigned long count = 0;
 123         genlist_foreach(list, rsa_list_count_one, &count);
 124         return count;
 125 }
 126
 127 struct lookup_result {
 128         struct ph1handle *iph1;
 129         int max_score;
 130         struct genlist *winners;
 131 };
 132
 133 static void *
 134 rsa_lookup_key_one(void *entry, void *data)
 135 {
 136         int local_score, remote_score;
 137         struct lookup_result *req = data;
 138         struct rsa_key *key = entry;
 139
 140         local_score = naddr_score(key->src, req->iph1->local);
 141         remote_score = naddr_score(key->dst, req->iph1->remote);
 142
 143         plog(LLV_DEBUG, LOCATION, NULL, "Entry %s scored %d/%d\n",
 144                 naddrwop2str_fromto("%s -> %s", key->src, key->dst),
 145                 local_score, remote_score);
 146
 147         if (local_score >= 0 && remote_score >= 0) {
 148                 if (local_score + remote_score > req->max_score) {
 149                         req->max_score = local_score + remote_score;
 150 //                      genlist_free(req->winners, NULL);
 151                 }
 152
 153                 if (local_score + remote_score >= req->max_score) {
 154                         genlist_append(req->winners, key);
 155                 }
 156         }
 157
 158         /* Always traverse the whole list */
 159         return NULL;
 160 }
 161
 162 struct genlist *
 163 rsa_lookup_keys(struct ph1handle *iph1, int my)
 164 {
 165         struct genlist *list;
 166         struct lookup_result r;
 167
 168         plog(LLV_DEBUG, LOCATION, NULL, "Looking up RSA key for %s\n",
 169              saddr2str_fromto("%s <-> %s", iph1->local, iph1->remote));
 170
 171         r.iph1 = iph1;
 172         r.max_score = -1;
 173         r.winners = genlist_init();
 174
 175         if (my)
 176                 list = iph1->rmconf->rsa_private;
 177         else
 178                 list = iph1->rmconf->rsa_public;
 179
 180         genlist_foreach(list, rsa_lookup_key_one, &r);
 181
 182         if (loglevel >= LLV_DEBUG)
 183                 rsa_key_dump(r.winners);
 184
 185         return r.winners;
 186 }
 187
 188 int
 189 rsa_parse_file(struct genlist *list, const char *fname, enum rsa_key_type type)
 190 {
 191         int ret;
 192
 193         plog(LLV_DEBUG, LOCATION, NULL, "Parsing %s\n", fname);
 194         ret = prsa_parse_file(list, fname, type);
 195         if (loglevel >= LLV_DEBUG)
 196                 rsa_key_dump(list);
 197         return ret;
 198 }
 199
 200 RSA *
 201 rsa_try_check_rsasign(vchar_t *source, vchar_t *sig, struct genlist *list)
 202 {
 203         struct rsa_key *key;
 204         struct genlist_entry *gp;
 205
 206         for(key = genlist_next(list, &gp); key; key = genlist_next(NULL, &gp)) {
 207                 plog(LLV_DEBUG, LOCATION, NULL, "Checking key %s...\n",
 208                         naddrwop2str_fromto("%s -> %s", key->src, key->dst));
 209                 if (eay_check_rsasign(source, sig, key->rsa) == 0) {
 210                         plog(LLV_DEBUG, LOCATION, NULL, " ... YEAH!\n");
 211                         return key->rsa;
 212                 }
 213                 plog(LLV_DEBUG, LOCATION, NULL, " ... nope.\n");
 214         }
 215         return NULL;
 216 }