]>
Commit | Line | Data |
---|---|---|
1 | /* $NetBSD: rsalist.c,v 1.4 2006/09/09 16:22:10 manu Exp $ */ | |
2 | ||
3 | /* Id: rsalist.c,v 1.3 2004/11/08 12:04:23 ludvigm Exp */ | |
4 | ||
5 | /* | |
6 | * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany. | |
7 | * Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs | |
8 | * All rights reserved. | |
9 | * | |
10 | * Redistribution and use in source and binary forms, with or without | |
11 | * modification, are permitted provided that the following conditions | |
12 | * are met: | |
13 | * 1. Redistributions of source code must retain the above copyright | |
14 | * notice, this list of conditions and the following disclaimer. | |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in the | |
17 | * documentation and/or other materials provided with the distribution. | |
18 | * 3. Neither the name of the project nor the names of its contributors | |
19 | * may be used to endorse or promote products derived from this software | |
20 | * without specific prior written permission. | |
21 | * | |
22 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND | |
23 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
24 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
25 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | |
26 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
27 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
28 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
29 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
30 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
31 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
32 | * SUCH DAMAGE. | |
33 | */ | |
34 | ||
35 | #include "config.h" | |
36 | ||
37 | #include <stdio.h> | |
38 | #include <string.h> | |
39 | ||
40 | #include <sys/types.h> | |
41 | #include <sys/queue.h> | |
42 | #include <sys/socket.h> | |
43 | #include <netdb.h> | |
44 | ||
45 | #include <openssl/bn.h> | |
46 | #include <openssl/rsa.h> | |
47 | ||
48 | #include "misc.h" | |
49 | #include "plog.h" | |
50 | #include "sockmisc.h" | |
51 | #include "rsalist.h" | |
52 | #include "genlist.h" | |
53 | #include "remoteconf.h" | |
54 | #include "crypto_openssl.h" | |
55 | ||
56 | #ifndef LIST_FIRST | |
57 | #define LIST_FIRST(head) ((head)->lh_first) | |
58 | #endif | |
59 | ||
60 | #ifndef LIST_NEXT | |
61 | #define LIST_NEXT(elm, field) ((elm)->field.le_next) | |
62 | #endif | |
63 | ||
64 | /* from prsa_tok.l */ | |
65 | int prsa_parse_file(struct genlist *list, const char *fname, enum rsa_key_type type); | |
66 | ||
67 | int | |
68 | rsa_key_insert(struct genlist *list, struct netaddr *src, | |
69 | struct netaddr *dst, RSA *rsa) | |
70 | { | |
71 | struct rsa_key *rsa_key; | |
72 | ||
73 | rsa_key = calloc(sizeof(struct rsa_key), 1); | |
74 | rsa_key->rsa = rsa; | |
75 | ||
76 | if (src) | |
77 | rsa_key->src = src; | |
78 | else | |
79 | rsa_key->src = calloc(sizeof(*rsa_key->src), 1); | |
80 | ||
81 | if (dst) | |
82 | rsa_key->dst = dst; | |
83 | else | |
84 | rsa_key->dst = calloc(sizeof(*rsa_key->dst), 1); | |
85 | ||
86 | genlist_append(list, rsa_key); | |
87 | ||
88 | return 0; | |
89 | } | |
90 | ||
91 | static void * | |
92 | rsa_key_dump_one(void *entry, void *arg) | |
93 | { | |
94 | struct rsa_key *key = entry; | |
95 | ||
96 | plog(LLV_DEBUG, LOCATION, NULL, "Entry %s\n", | |
97 | naddrwop2str_fromto("%s -> %s", key->src, | |
98 | key->dst)); | |
99 | if (loglevel > LLV_DEBUG) | |
100 | RSA_print_fp(stdout, key->rsa, 4); | |
101 | ||
102 | return NULL; | |
103 | } | |
104 | ||
105 | void | |
106 | rsa_key_dump(struct genlist *list) | |
107 | { | |
108 | genlist_foreach(list, rsa_key_dump_one, NULL); | |
109 | } | |
110 | ||
111 | static void * | |
112 | rsa_list_count_one(void *entry, void *arg) | |
113 | { | |
114 | if (arg) | |
115 | (*(unsigned long *)arg)++; | |
116 | return NULL; | |
117 | } | |
118 | ||
119 | unsigned long | |
120 | rsa_list_count(struct genlist *list) | |
121 | { | |
122 | unsigned long count = 0; | |
123 | genlist_foreach(list, rsa_list_count_one, &count); | |
124 | return count; | |
125 | } | |
126 | ||
127 | struct lookup_result { | |
128 | struct ph1handle *iph1; | |
129 | int max_score; | |
130 | struct genlist *winners; | |
131 | }; | |
132 | ||
133 | static void * | |
134 | rsa_lookup_key_one(void *entry, void *data) | |
135 | { | |
136 | int local_score, remote_score; | |
137 | struct lookup_result *req = data; | |
138 | struct rsa_key *key = entry; | |
139 | ||
140 | local_score = naddr_score(key->src, req->iph1->local); | |
141 | remote_score = naddr_score(key->dst, req->iph1->remote); | |
142 | ||
143 | plog(LLV_DEBUG, LOCATION, NULL, "Entry %s scored %d/%d\n", | |
144 | naddrwop2str_fromto("%s -> %s", key->src, key->dst), | |
145 | local_score, remote_score); | |
146 | ||
147 | if (local_score >= 0 && remote_score >= 0) { | |
148 | if (local_score + remote_score > req->max_score) { | |
149 | req->max_score = local_score + remote_score; | |
150 | // genlist_free(req->winners, NULL); | |
151 | } | |
152 | ||
153 | if (local_score + remote_score >= req->max_score) { | |
154 | genlist_append(req->winners, key); | |
155 | } | |
156 | } | |
157 | ||
158 | /* Always traverse the whole list */ | |
159 | return NULL; | |
160 | } | |
161 | ||
162 | struct genlist * | |
163 | rsa_lookup_keys(struct ph1handle *iph1, int my) | |
164 | { | |
165 | struct genlist *list; | |
166 | struct lookup_result r; | |
167 | ||
168 | plog(LLV_DEBUG, LOCATION, NULL, "Looking up RSA key for %s\n", | |
169 | saddr2str_fromto("%s <-> %s", iph1->local, iph1->remote)); | |
170 | ||
171 | r.iph1 = iph1; | |
172 | r.max_score = -1; | |
173 | r.winners = genlist_init(); | |
174 | ||
175 | if (my) | |
176 | list = iph1->rmconf->rsa_private; | |
177 | else | |
178 | list = iph1->rmconf->rsa_public; | |
179 | ||
180 | genlist_foreach(list, rsa_lookup_key_one, &r); | |
181 | ||
182 | if (loglevel >= LLV_DEBUG) | |
183 | rsa_key_dump(r.winners); | |
184 | ||
185 | return r.winners; | |
186 | } | |
187 | ||
188 | int | |
189 | rsa_parse_file(struct genlist *list, const char *fname, enum rsa_key_type type) | |
190 | { | |
191 | int ret; | |
192 | ||
193 | plog(LLV_DEBUG, LOCATION, NULL, "Parsing %s\n", fname); | |
194 | ret = prsa_parse_file(list, fname, type); | |
195 | if (loglevel >= LLV_DEBUG) | |
196 | rsa_key_dump(list); | |
197 | return ret; | |
198 | } | |
199 | ||
200 | RSA * | |
201 | rsa_try_check_rsasign(vchar_t *source, vchar_t *sig, struct genlist *list) | |
202 | { | |
203 | struct rsa_key *key; | |
204 | struct genlist_entry *gp; | |
205 | ||
206 | for(key = genlist_next(list, &gp); key; key = genlist_next(NULL, &gp)) { | |
207 | plog(LLV_DEBUG, LOCATION, NULL, "Checking key %s...\n", | |
208 | naddrwop2str_fromto("%s -> %s", key->src, key->dst)); | |
209 | if (eay_check_rsasign(source, sig, key->rsa) == 0) { | |
210 | plog(LLV_DEBUG, LOCATION, NULL, " ... YEAH!\n"); | |
211 | return key->rsa; | |
212 | } | |
213 | plog(LLV_DEBUG, LOCATION, NULL, " ... nope.\n"); | |
214 | } | |
215 | return NULL; | |
216 | } |