NetBSD/sbin/cgdconfig/cgdparse.y

%{
/* $NetBSD: cgdparse.y,v 1.7 2022/08/12 10:49:17 riastradh Exp $ */

/*-
 * Copyright (c) 2003 The NetBSD Foundation, Inc.
 * All rights reserved.
 *
 * This code is derived from software contributed to The NetBSD Foundation
 * by Roland C. Dowdeswell.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include <sys/cdefs.h>
#ifndef lint
__RCSID("$NetBSD: cgdparse.y,v 1.7 2022/08/12 10:49:17 riastradh Exp $");
#endif

#include <stdio.h>
#include <stdlib.h>

#include "params.h"
#include "utils.h"
#include "extern.h"

static struct params *yy_global_params;

%}
%union {
	int	 	 integer;
	struct {
		char	*text;
		int	 length;
	} token;
	string_t	*string;
	bits_t		*bits;
	struct params	*params;
	struct keygen	*keygen;
}

%type <params>	entry rules rule
%type <keygen>	kgrule kgbody kgvars kgvar deprecated
%type <string>	stringlit base64 intstr tokstr
%type <bits>	bits
%type <token>	token deptoken

%token <integer> INTEGER
%token <string> STRINGLIT

%token <token> ALGORITHM KEYLENGTH IVMETHOD VERIFY_METHOD
%token <token> KEYGEN SALT ITERATIONS MEMORY PARALLELISM VERSION KEY CMD SHARED
%token <token> SUBKEY

%token EOL

/* Deprecated tokens */
%token <token> KEYGEN_METHOD KEYGEN_SALT KEYGEN_ITERATIONS XOR_KEY

%%

entry:	  rules				{ yy_global_params = $$; }

rules:	/* empty */			{ $$ = NULL; }
	| rules rule			{ $$ = params_combine($$, $2); }

rule:	  ALGORITHM stringlit EOL	{ $$ = params_algorithm($2); }
	| KEYLENGTH INTEGER EOL		{ $$ = params_keylen($2); }
	| IVMETHOD stringlit EOL	{ $$ = params_ivmeth($2); }
	| VERIFY_METHOD stringlit EOL	{ $$ = params_verify_method($2); }
	| kgrule			{ $$ = params_keygen($1); }
	| deprecated			{ $$ = params_dep_keygen($1); }
	| EOL				{ $$ = NULL; }

kgrule:	  KEYGEN stringlit kgbody EOL	{ $$ = keygen_set_method($3, $2); }

kgbody:	  kgvar				{ $$ = $1; }
	| '{' kgvars '}'		{ $$ = $2; }

kgvars: /* empty */			{ $$ = NULL; }
	| kgvars kgvar			{ $$ = keygen_combine($$, $2); }

kgvar:	  SALT bits EOL			{ $$ = keygen_salt($2); }
	| ITERATIONS INTEGER EOL	{ $$ = keygen_iterations($2); }
	| MEMORY INTEGER EOL		{ $$ = keygen_memory($2); }
	| PARALLELISM INTEGER EOL	{ $$ = keygen_parallelism($2); }
	| VERSION INTEGER EOL		{ $$ = keygen_version($2); }
	| KEY bits EOL			{ $$ = keygen_key($2); }
	| CMD stringlit EOL		{ $$ = keygen_cmd($2); }
	| SHARED stringlit ALGORITHM stringlit SUBKEY bits EOL
					{ $$ = keygen_shared($2, $4, $6); }
	| EOL				{ $$ = NULL; }

stringlit:  STRINGLIT | tokstr | intstr

tokstr:	  token				{ $$ = string_new($1.text, $1.length); }

token:	  ALGORITHM | KEYLENGTH
	| IVMETHOD | VERIFY_METHOD
	| KEYGEN | SALT | ITERATIONS
	| KEY
	| deptoken

intstr:   INTEGER			{ $$ = string_fromint($1); }

bits:	  base64			{ $$ = bits_decode_d($1); }

base64:   stringlit
	| base64 stringlit		{ $$ = string_add_d($1, $2); }

/* The following rules are deprecated */

deprecated:
	  KEYGEN_METHOD stringlit EOL	{ $$ = keygen_method($2); }
	| KEYGEN_SALT bits EOL		{ $$ = keygen_salt($2); }
	| KEYGEN_ITERATIONS INTEGER EOL	{ $$ = keygen_iterations($2); }
	| XOR_KEY bits EOL		{ $$ = keygen_key($2); }

deptoken: KEYGEN_METHOD | KEYGEN_SALT
	| KEYGEN_ITERATIONS | XOR_KEY

%%

struct params *
cgdparsefile(FILE *f)
{

	yyin = f;
	yy_global_params = NULL;
	if (yyparse()) {
		fprintf(stderr, "%s: failed to parse parameters file\n",
		    getprogname());
		params_free(yy_global_params);
		return NULL;
	}
	return yy_global_params;
}
substantial rototill of the code. o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format. 2003-03-24 05:02:49 +03:00			`%{`
cgdconfig(8): Add support for shared keys. New clause `shared <id> algorithm <alg> subkey <info>' in a keygen block enables `cgdconfig -C' to reuse a key between different params files, so you can, e.g., use a single password for multiple disks. This is better than simply caching the password itself because: - Hashing the password is expensive, so it should only be done once. Suppose your budget is time t before you get bored, and you calibrate password hash parameters to unlock n disks before you get bored waiting for `cgdconfig -C'. . With n password hashings the adversary's cost goes up only by a factor of t/n. . With one password hashing and n subkeys the adversary's cost goes up by a factor of n. And if you ever add a disk, rehashing it will make `cgdconfig -C' go over budget, whereas another subkey adds negligible cost to you. - Subkeys work for other types of keygen blocks, like shell_cmd, which could be used to get a key from a hardware token that needs a button press. The <info> parameter must be different for each params file; everything else in the keygen block must be the same. With this clause, the keygen block determines a shared key used only to derive keys; the actual key used by cgdconfig is derived from the shared key by the specified algorithm. The only supported algorithm is hkdf-hmac-sha256, which uses HKDF-Expand of RFC 5869 instantiated with SHA-256. Example: algorithm aes-cbc; iv-method encblkno1; keylength 128; verify_method none; keygen pkcs5_pbkdf2/sha1 { iterations 39361; salt AAAAgMoHiYonye6KogdYJAobCHE=; shared "pw" algorithm hkdf-hmac-sha256 subkey AAAAgFlw0BMQ5gY+haYkZ6JC+yY=; }; The key used for this disk will be derived by HKDF-HMAC-SHA256_k(WXDQExDmBj6FpiRnokL7Jg==), where k is the outcome of PBKDF2-SHA1 with the given parameters. Note that <info> encodes a four-byte prefix giving the big-endian length in bits of the info argument to HKDF, just like all other bit strings in cgdconfig parameters files. If you have multiple disks configured using the same keygen block except for the info parameter, `cgdconfig -C' will only prompt once for your passphrase, generate a shared key k with PBKDF2 as usual, and then reuse it for each of the disks. 2022-08-12 13:49:17 +03:00			`/* $NetBSD: cgdparse.y,v 1.7 2022/08/12 10:49:17 riastradh Exp $ */`
substantial rototill of the code. o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format. 2003-03-24 05:02:49 +03:00
			`/*-`
			`* Copyright (c) 2003 The NetBSD Foundation, Inc.`
			`* All rights reserved.`
			`*`
			`* This code is derived from software contributed to The NetBSD Foundation`
			`* by Roland C. Dowdeswell.`
			`*`
			`* Redistribution and use in source and binary forms, with or without`
			`* modification, are permitted provided that the following conditions`
			`* are met:`
			`* 1. Redistributions of source code must retain the above copyright`
			`* notice, this list of conditions and the following disclaimer.`
			`* 2. Redistributions in binary form must reproduce the above copyright`
			`* notice, this list of conditions and the following disclaimer in the`
			`* documentation and/or other materials provided with the distribution.`
			`*`
			`* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS`
			* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
			`* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR`
			`* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS`
			`* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR`
			`* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF`
			`* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS`
			`* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN`
			`* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)`
			`* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE`
			`* POSSIBILITY OF SUCH DAMAGE.`
			`*/`

			`#include <sys/cdefs.h>`
			`#ifndef lint`
cgdconfig(8): Add support for shared keys. New clause `shared <id> algorithm <alg> subkey <info>' in a keygen block enables `cgdconfig -C' to reuse a key between different params files, so you can, e.g., use a single password for multiple disks. This is better than simply caching the password itself because: - Hashing the password is expensive, so it should only be done once. Suppose your budget is time t before you get bored, and you calibrate password hash parameters to unlock n disks before you get bored waiting for `cgdconfig -C'. . With n password hashings the adversary's cost goes up only by a factor of t/n. . With one password hashing and n subkeys the adversary's cost goes up by a factor of n. And if you ever add a disk, rehashing it will make `cgdconfig -C' go over budget, whereas another subkey adds negligible cost to you. - Subkeys work for other types of keygen blocks, like shell_cmd, which could be used to get a key from a hardware token that needs a button press. The <info> parameter must be different for each params file; everything else in the keygen block must be the same. With this clause, the keygen block determines a shared key used only to derive keys; the actual key used by cgdconfig is derived from the shared key by the specified algorithm. The only supported algorithm is hkdf-hmac-sha256, which uses HKDF-Expand of RFC 5869 instantiated with SHA-256. Example: algorithm aes-cbc; iv-method encblkno1; keylength 128; verify_method none; keygen pkcs5_pbkdf2/sha1 { iterations 39361; salt AAAAgMoHiYonye6KogdYJAobCHE=; shared "pw" algorithm hkdf-hmac-sha256 subkey AAAAgFlw0BMQ5gY+haYkZ6JC+yY=; }; The key used for this disk will be derived by HKDF-HMAC-SHA256_k(WXDQExDmBj6FpiRnokL7Jg==), where k is the outcome of PBKDF2-SHA1 with the given parameters. Note that <info> encodes a four-byte prefix giving the big-endian length in bits of the info argument to HKDF, just like all other bit strings in cgdconfig parameters files. If you have multiple disks configured using the same keygen block except for the info parameter, `cgdconfig -C' will only prompt once for your passphrase, generate a shared key k with PBKDF2 as usual, and then reuse it for each of the disks. 2022-08-12 13:49:17 +03:00			`__RCSID("$NetBSD: cgdparse.y,v 1.7 2022/08/12 10:49:17 riastradh Exp $");`
substantial rototill of the code. o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format. 2003-03-24 05:02:49 +03:00			`#endif`

			`#include <stdio.h>`
include <stdlib.h> explicitely, for exit(), getprogname() etc. (it happens to be pulled in by the yacc skeleton, but we shouldn't rely on this) 2008-07-17 20:24:55 +04:00			`#include <stdlib.h>`
substantial rototill of the code. o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format. 2003-03-24 05:02:49 +03:00
			`#include "params.h"`
			`#include "utils.h"`
- constify. - don't dup extern declarations on each file because they end up being inconsistent (yyerror). 2005-06-27 07:07:45 +04:00			`#include "extern.h"`
substantial rototill of the code. o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format. 2003-03-24 05:02:49 +03:00
- constify. - don't dup extern declarations on each file because they end up being inconsistent (yyerror). 2005-06-27 07:07:45 +04:00			`static struct params *yy_global_params;`
substantial rototill of the code. o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format. 2003-03-24 05:02:49 +03:00
			`%}`
			`%union {`
			`int integer;`
			`struct {`
			`char *text;`
			`int length;`
			`} token;`
			`string_t *string;`
			`bits_t *bits;`
			`struct params *params;`
			`struct keygen *keygen;`
			`}`

			`%type <params> entry rules rule`
			`%type <keygen> kgrule kgbody kgvars kgvar deprecated`
			`%type <string> stringlit base64 intstr tokstr`
			`%type <bits> bits`
			`%type <token> token deptoken`

			`%token <integer> INTEGER`
			`%token <string> STRINGLIT`

			`%token <token> ALGORITHM KEYLENGTH IVMETHOD VERIFY_METHOD`
cgdconfig(8): Add support for shared keys. New clause `shared <id> algorithm <alg> subkey <info>' in a keygen block enables `cgdconfig -C' to reuse a key between different params files, so you can, e.g., use a single password for multiple disks. This is better than simply caching the password itself because: - Hashing the password is expensive, so it should only be done once. Suppose your budget is time t before you get bored, and you calibrate password hash parameters to unlock n disks before you get bored waiting for `cgdconfig -C'. . With n password hashings the adversary's cost goes up only by a factor of t/n. . With one password hashing and n subkeys the adversary's cost goes up by a factor of n. And if you ever add a disk, rehashing it will make `cgdconfig -C' go over budget, whereas another subkey adds negligible cost to you. - Subkeys work for other types of keygen blocks, like shell_cmd, which could be used to get a key from a hardware token that needs a button press. The <info> parameter must be different for each params file; everything else in the keygen block must be the same. With this clause, the keygen block determines a shared key used only to derive keys; the actual key used by cgdconfig is derived from the shared key by the specified algorithm. The only supported algorithm is hkdf-hmac-sha256, which uses HKDF-Expand of RFC 5869 instantiated with SHA-256. Example: algorithm aes-cbc; iv-method encblkno1; keylength 128; verify_method none; keygen pkcs5_pbkdf2/sha1 { iterations 39361; salt AAAAgMoHiYonye6KogdYJAobCHE=; shared "pw" algorithm hkdf-hmac-sha256 subkey AAAAgFlw0BMQ5gY+haYkZ6JC+yY=; }; The key used for this disk will be derived by HKDF-HMAC-SHA256_k(WXDQExDmBj6FpiRnokL7Jg==), where k is the outcome of PBKDF2-SHA1 with the given parameters. Note that <info> encodes a four-byte prefix giving the big-endian length in bits of the info argument to HKDF, just like all other bit strings in cgdconfig parameters files. If you have multiple disks configured using the same keygen block except for the info parameter, `cgdconfig -C' will only prompt once for your passphrase, generate a shared key k with PBKDF2 as usual, and then reuse it for each of the disks. 2022-08-12 13:49:17 +03:00			`%token <token> KEYGEN SALT ITERATIONS MEMORY PARALLELISM VERSION KEY CMD SHARED`
			`%token <token> SUBKEY`
substantial rototill of the code. o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format. 2003-03-24 05:02:49 +03:00
			`%token EOL`

			`/* Deprecated tokens */`
			`%token <token> KEYGEN_METHOD KEYGEN_SALT KEYGEN_ITERATIONS XOR_KEY`

			`%%`

			`entry: rules { yy_global_params = $$; }`

			`rules: /* empty */ { $$ = NULL; }`
			`\| rules rule { $$ = params_combine($$, $2); }`

			`rule: ALGORITHM stringlit EOL { $$ = params_algorithm($2); }`
			`\| KEYLENGTH INTEGER EOL { $$ = params_keylen($2); }`
			`\| IVMETHOD stringlit EOL { $$ = params_ivmeth($2); }`
			`\| VERIFY_METHOD stringlit EOL { $$ = params_verify_method($2); }`
			`\| kgrule { $$ = params_keygen($1); }`
			`\| deprecated { $$ = params_dep_keygen($1); }`
			`\| EOL { $$ = NULL; }`

			`kgrule: KEYGEN stringlit kgbody EOL { $$ = keygen_set_method($3, $2); }`

			`kgbody: kgvar { $$ = $1; }`
			`\| '{' kgvars '}' { $$ = $2; }`

			`kgvars: /* empty */ { $$ = NULL; }`
			`\| kgvars kgvar { $$ = keygen_combine($$, $2); }`

			`kgvar: SALT bits EOL { $$ = keygen_salt($2); }`
			`\| ITERATIONS INTEGER EOL { $$ = keygen_iterations($2); }`
cgdconfig(8): Add an argon2id password-based key generation method This provides an extra level of side-channel and cracking resistance compared to the pre-existing pkcs5_pbkdf2/sha1 method used for password-based disk encryption. Several new keygen parameters are supported: memory (integer, in kilobytes) parallelism (integer, usually the number of CPU cores) version (integer, usually 19...) We do our best to calibrate these automatically when the paramsfile is initially generated. lgtm riastradh@ 2021-11-22 17:34:35 +03:00			`\| MEMORY INTEGER EOL { $$ = keygen_memory($2); }`
			`\| PARALLELISM INTEGER EOL { $$ = keygen_parallelism($2); }`
			`\| VERSION INTEGER EOL { $$ = keygen_version($2); }`
substantial rototill of the code. o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format. 2003-03-24 05:02:49 +03:00			`\| KEY bits EOL { $$ = keygen_key($2); }`
Add a new keygen method which will execute an external command and take its output as the key. I've been meaning to do this for quite a while... 2008-05-11 07:15:21 +04:00			`\| CMD stringlit EOL { $$ = keygen_cmd($2); }`
cgdconfig(8): Add support for shared keys. New clause `shared <id> algorithm <alg> subkey <info>' in a keygen block enables `cgdconfig -C' to reuse a key between different params files, so you can, e.g., use a single password for multiple disks. This is better than simply caching the password itself because: - Hashing the password is expensive, so it should only be done once. Suppose your budget is time t before you get bored, and you calibrate password hash parameters to unlock n disks before you get bored waiting for `cgdconfig -C'. . With n password hashings the adversary's cost goes up only by a factor of t/n. . With one password hashing and n subkeys the adversary's cost goes up by a factor of n. And if you ever add a disk, rehashing it will make `cgdconfig -C' go over budget, whereas another subkey adds negligible cost to you. - Subkeys work for other types of keygen blocks, like shell_cmd, which could be used to get a key from a hardware token that needs a button press. The <info> parameter must be different for each params file; everything else in the keygen block must be the same. With this clause, the keygen block determines a shared key used only to derive keys; the actual key used by cgdconfig is derived from the shared key by the specified algorithm. The only supported algorithm is hkdf-hmac-sha256, which uses HKDF-Expand of RFC 5869 instantiated with SHA-256. Example: algorithm aes-cbc; iv-method encblkno1; keylength 128; verify_method none; keygen pkcs5_pbkdf2/sha1 { iterations 39361; salt AAAAgMoHiYonye6KogdYJAobCHE=; shared "pw" algorithm hkdf-hmac-sha256 subkey AAAAgFlw0BMQ5gY+haYkZ6JC+yY=; }; The key used for this disk will be derived by HKDF-HMAC-SHA256_k(WXDQExDmBj6FpiRnokL7Jg==), where k is the outcome of PBKDF2-SHA1 with the given parameters. Note that <info> encodes a four-byte prefix giving the big-endian length in bits of the info argument to HKDF, just like all other bit strings in cgdconfig parameters files. If you have multiple disks configured using the same keygen block except for the info parameter, `cgdconfig -C' will only prompt once for your passphrase, generate a shared key k with PBKDF2 as usual, and then reuse it for each of the disks. 2022-08-12 13:49:17 +03:00			`\| SHARED stringlit ALGORITHM stringlit SUBKEY bits EOL`
			`{ $$ = keygen_shared($2, $4, $6); }`
substantial rototill of the code. o added new features: o -G: generate a new paramsfile that produces the same key as the old paramsfile, o ffs verify_method, o multiple keygen methods that are xor'ed together (for n-factor authentication), and o calibrating the iteration count of PKCS#5 PBKDF2 to the current machine's speed. o changed paramsfile format to allow for the new features. o replaced open-coded parser with yacc grammar. o lots of supporting changes. o updated documentation to reflect new features and new paramsfile format. 2003-03-24 05:02:49 +03:00			`\| EOL { $$ = NULL; }`

			`stringlit: STRINGLIT \| tokstr \| intstr`

			`tokstr: token { $$ = string_new($1.text, $1.length); }`

			`token: ALGORITHM \| KEYLENGTH`
			`\| IVMETHOD \| VERIFY_METHOD`
			`\| KEYGEN \| SALT \| ITERATIONS`
			`\| KEY`
			`\| deptoken`

			`intstr: INTEGER { $$ = string_fromint($1); }`

			`bits: base64 { $$ = bits_decode_d($1); }`

			`base64: stringlit`
			`\| base64 stringlit { $$ = string_add_d($1, $2); }`

			`/* The following rules are deprecated */`

			`deprecated:`
			`KEYGEN_METHOD stringlit EOL { $$ = keygen_method($2); }`
			`\| KEYGEN_SALT bits EOL { $$ = keygen_salt($2); }`
			`\| KEYGEN_ITERATIONS INTEGER EOL { $$ = keygen_iterations($2); }`
			`\| XOR_KEY bits EOL { $$ = keygen_key($2); }`

			`deptoken: KEYGEN_METHOD \| KEYGEN_SALT`
			`\| KEYGEN_ITERATIONS \| XOR_KEY`

			`%%`

			`struct params *`
			`cgdparsefile(FILE *f)`
			`{`

			`yyin = f;`
			`yy_global_params = NULL;`
			`if (yyparse()) {`
			`fprintf(stderr, "%s: failed to parse parameters file\n",`
			`getprogname());`
			`params_free(yy_global_params);`
			`return NULL;`
			`}`
			`return yy_global_params;`
			`}`