1 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
2
3 /*-
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 /*
35 * This code is referd to RFC 2367
36 */
37
38 #include "opt_inet.h"
39 #include "opt_inet6.h"
40 #include "opt_ipsec.h"
41
42 #include <sys/types.h>
43 #include <sys/param.h>
44 #include <sys/systm.h>
45 #include <sys/kernel.h>
46 #include <sys/fnv_hash.h>
47 #include <sys/lock.h>
48 #include <sys/mutex.h>
49 #include <sys/mbuf.h>
50 #include <sys/domain.h>
51 #include <sys/protosw.h>
52 #include <sys/malloc.h>
53 #include <sys/rmlock.h>
54 #include <sys/socket.h>
55 #include <sys/socketvar.h>
56 #include <sys/sysctl.h>
57 #include <sys/errno.h>
58 #include <sys/proc.h>
59 #include <sys/queue.h>
60 #include <sys/refcount.h>
61 #include <sys/syslog.h>
62
63 #include <vm/uma.h>
64
65 #include <net/if.h>
66 #include <net/if_var.h>
67 #include <net/vnet.h>
68
69 #include <netinet/in.h>
70 #include <netinet/in_systm.h>
71 #include <netinet/ip.h>
72 #include <netinet/in_var.h>
73 #include <netinet/udp.h>
74
75 #ifdef INET6
76 #include <netinet/ip6.h>
77 #include <netinet6/in6_var.h>
78 #include <netinet6/ip6_var.h>
79 #endif /* INET6 */
80
81 #include <net/pfkeyv2.h>
82 #include <netipsec/keydb.h>
83 #include <netipsec/key.h>
84 #include <netipsec/keysock.h>
85 #include <netipsec/key_debug.h>
86 #include <netipsec/ipsec_offload.h>
87
88 #include <netipsec/ipsec.h>
89 #ifdef INET6
90 #include <netipsec/ipsec6.h>
91 #endif
92
93 #include <netipsec/xform.h>
94 #include <netipsec/ipsec_offload.h>
95 #include <machine/in_cksum.h>
96 #include <machine/stdarg.h>
97
98 /* randomness */
99 #include <sys/random.h>
100
101 #ifdef IPSEC_OFFLOAD
102 void (*ipsec_accel_sa_newkey_p)(struct secasvar *sav);
103 void (*ipsec_accel_forget_sav_p)(struct secasvar *sav);
104 void (*ipsec_accel_spdadd_p)(struct secpolicy *sp, struct inpcb *inp);
105 void (*ipsec_accel_spddel_p)(struct secpolicy *sp);
106 int (*ipsec_accel_sa_lifetime_op_p)(struct secasvar *sav,
107 struct seclifetime *lft_c, if_t ifp, enum IF_SA_CNT_WHICH op,
108 struct rm_priotracker *sahtree_trackerp);
109 void (*ipsec_accel_sync_p)(void);
110 bool (*ipsec_accel_is_accel_sav_p)(struct secasvar *sav);
111 struct mbuf *(*ipsec_accel_key_setaccelif_p)(struct secasvar *sav);
112 void (*ipsec_accel_on_ifdown_p)(struct ifnet *ifp);
113 void (*ipsec_accel_drv_sa_lifetime_update_p)(struct secasvar *sav, if_t ifp,
114 u_int drv_spi, uint64_t octets, uint64_t allocs);
115 int (*ipsec_accel_drv_sa_lifetime_fetch_p)(struct secasvar *sav, if_t ifp,
116 u_int drv_spi, uint64_t *octets, uint64_t *allocs);
117 #endif
118
119 #define FULLMASK 0xff
120 #define _BITS(bytes) ((bytes) << 3)
121
122 #define UINT32_80PCT 0xcccccccc
123 /*
124 * Note on SA reference counting:
125 * - SAs that are not in DEAD state will have (total external reference + 1)
126 * following value in reference count field. they cannot be freed and are
127 * referenced from SA header.
128 * - SAs that are in DEAD state will have (total external reference)
129 * in reference count field. they are ready to be freed. reference from
130 * SA header will be removed in key_delsav(), when the reference count
131 * field hits 0 (= no external reference other than from SA header.
132 */
133
134 VNET_DEFINE(u_int32_t, key_debug_level) = 0;
135 VNET_DEFINE_STATIC(u_int, key_spi_trycnt) = 1000;
136 VNET_DEFINE_STATIC(u_int32_t, key_spi_minval) = 0x100;
137 VNET_DEFINE_STATIC(u_int32_t, key_spi_maxval) = 0x0fffffff; /* XXX */
138 VNET_DEFINE_STATIC(u_int32_t, policy_id) = 0;
139 /*interval to initialize randseed,1(m)*/
140 VNET_DEFINE_STATIC(u_int, key_int_random) = 60;
141 /* interval to expire acquiring, 30(s)*/
142 VNET_DEFINE_STATIC(u_int, key_larval_lifetime) = 30;
143 /* counter for blocking SADB_ACQUIRE.*/
144 VNET_DEFINE_STATIC(int, key_blockacq_count) = 10;
145 /* lifetime for blocking SADB_ACQUIRE.*/
146 VNET_DEFINE_STATIC(int, key_blockacq_lifetime) = 20;
147 /* preferred old sa rather than new sa.*/
148 VNET_DEFINE_STATIC(int, key_preferred_oldsa) = 1;
149 #define V_key_spi_trycnt VNET(key_spi_trycnt)
150 #define V_key_spi_minval VNET(key_spi_minval)
151 #define V_key_spi_maxval VNET(key_spi_maxval)
152 #define V_policy_id VNET(policy_id)
153 #define V_key_int_random VNET(key_int_random)
154 #define V_key_larval_lifetime VNET(key_larval_lifetime)
155 #define V_key_blockacq_count VNET(key_blockacq_count)
156 #define V_key_blockacq_lifetime VNET(key_blockacq_lifetime)
157 #define V_key_preferred_oldsa VNET(key_preferred_oldsa)
158
159 VNET_DEFINE_STATIC(u_int32_t, acq_seq) = 0;
160 #define V_acq_seq VNET(acq_seq)
161
162 VNET_DEFINE_STATIC(uint32_t, sp_genid) = 0;
163 #define V_sp_genid VNET(sp_genid)
164
165 /* SPD */
166 TAILQ_HEAD(secpolicy_queue, secpolicy);
167 LIST_HEAD(secpolicy_list, secpolicy);
168 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree[IPSEC_DIR_MAX]);
169 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree_ifnet[IPSEC_DIR_MAX]);
170 static struct rmlock sptree_lock;
171 #define V_sptree VNET(sptree)
172 #define V_sptree_ifnet VNET(sptree_ifnet)
173 #define SPTREE_LOCK_INIT() rm_init(&sptree_lock, "sptree")
174 #define SPTREE_LOCK_DESTROY() rm_destroy(&sptree_lock)
175 #define SPTREE_RLOCK_TRACKER struct rm_priotracker sptree_tracker
176 #define SPTREE_RLOCK() rm_rlock(&sptree_lock, &sptree_tracker)
177 #define SPTREE_RUNLOCK() rm_runlock(&sptree_lock, &sptree_tracker)
178 #define SPTREE_RLOCK_ASSERT() rm_assert(&sptree_lock, RA_RLOCKED)
179 #define SPTREE_WLOCK() rm_wlock(&sptree_lock)
180 #define SPTREE_WUNLOCK() rm_wunlock(&sptree_lock)
181 #define SPTREE_WLOCK_ASSERT() rm_assert(&sptree_lock, RA_WLOCKED)
182 #define SPTREE_UNLOCK_ASSERT() rm_assert(&sptree_lock, RA_UNLOCKED)
183
184 /* Hash table for lookup SP using unique id */
185 VNET_DEFINE_STATIC(struct secpolicy_list *, sphashtbl);
186 VNET_DEFINE_STATIC(u_long, sphash_mask);
187 #define V_sphashtbl VNET(sphashtbl)
188 #define V_sphash_mask VNET(sphash_mask)
189
190 #define SPHASH_NHASH_LOG2 7
191 #define SPHASH_NHASH (1 << SPHASH_NHASH_LOG2)
192 #define SPHASH_HASHVAL(id) (key_u32hash(id) & V_sphash_mask)
193 #define SPHASH_HASH(id) &V_sphashtbl[SPHASH_HASHVAL(id)]
194
195 /* SPD cache */
196 struct spdcache_entry {
197 struct secpolicyindex spidx; /* secpolicyindex */
198 struct secpolicy *sp; /* cached policy to be used */
199
200 LIST_ENTRY(spdcache_entry) chain;
201 };
202 LIST_HEAD(spdcache_entry_list, spdcache_entry);
203
204 #define SPDCACHE_MAX_ENTRIES_PER_HASH 8
205
206 VNET_DEFINE_STATIC(u_int, key_spdcache_maxentries) = 0;
207 #define V_key_spdcache_maxentries VNET(key_spdcache_maxentries)
208 VNET_DEFINE_STATIC(u_int, key_spdcache_threshold) = 32;
209 #define V_key_spdcache_threshold VNET(key_spdcache_threshold)
210 VNET_DEFINE_STATIC(unsigned long, spd_size) = 0;
211 #define V_spd_size VNET(spd_size)
212
213 #define SPDCACHE_ENABLED() (V_key_spdcache_maxentries != 0)
214 #define SPDCACHE_ACTIVE() \
215 (SPDCACHE_ENABLED() && V_spd_size >= V_key_spdcache_threshold)
216
217 VNET_DEFINE_STATIC(struct spdcache_entry_list *, spdcachehashtbl);
218 VNET_DEFINE_STATIC(u_long, spdcachehash_mask);
219 #define V_spdcachehashtbl VNET(spdcachehashtbl)
220 #define V_spdcachehash_mask VNET(spdcachehash_mask)
221
222 #define SPDCACHE_HASHVAL(idx) \
223 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->ul_proto) & \
224 V_spdcachehash_mask)
225
226 /* Each cache line is protected by a mutex */
227 VNET_DEFINE_STATIC(struct mtx *, spdcache_lock);
228 #define V_spdcache_lock VNET(spdcache_lock)
229
230 #define SPDCACHE_LOCK_INIT(a) \
231 mtx_init(&V_spdcache_lock[a], "spdcache", \
232 "fast ipsec SPD cache", MTX_DEF|MTX_DUPOK)
233 #define SPDCACHE_LOCK_DESTROY(a) mtx_destroy(&V_spdcache_lock[a])
234 #define SPDCACHE_LOCK(a) mtx_lock(&V_spdcache_lock[a]);
235 #define SPDCACHE_UNLOCK(a) mtx_unlock(&V_spdcache_lock[a]);
236
237 static struct sx spi_alloc_lock;
238 #define SPI_ALLOC_LOCK_INIT() sx_init(&spi_alloc_lock, "spialloc")
239 #define SPI_ALLOC_LOCK_DESTROY() sx_destroy(&spi_alloc_lock)
240 #define SPI_ALLOC_LOCK() sx_xlock(&spi_alloc_lock)
241 #define SPI_ALLOC_UNLOCK() sx_unlock(&spi_alloc_lock)
242 #define SPI_ALLOC_LOCK_ASSERT() sx_assert(&spi_alloc_lock, SA_XLOCKED)
243
244 /* SAD */
245 TAILQ_HEAD(secashead_queue, secashead);
246 LIST_HEAD(secashead_list, secashead);
247 VNET_DEFINE_STATIC(struct secashead_queue, sahtree);
248 static struct rmlock sahtree_lock;
249 #define V_sahtree VNET(sahtree)
250 #define SAHTREE_LOCK_INIT() rm_init(&sahtree_lock, "sahtree")
251 #define SAHTREE_LOCK_DESTROY() rm_destroy(&sahtree_lock)
252 #define SAHTREE_RLOCK_TRACKER struct rm_priotracker sahtree_tracker
253 #define SAHTREE_RLOCK() rm_rlock(&sahtree_lock, &sahtree_tracker)
254 #define SAHTREE_RUNLOCK() rm_runlock(&sahtree_lock, &sahtree_tracker)
255 #define SAHTREE_RLOCK_ASSERT() rm_assert(&sahtree_lock, RA_RLOCKED)
256 #define SAHTREE_WLOCK() rm_wlock(&sahtree_lock)
257 #define SAHTREE_WUNLOCK() rm_wunlock(&sahtree_lock)
258 #define SAHTREE_WLOCK_ASSERT() rm_assert(&sahtree_lock, RA_WLOCKED)
259 #define SAHTREE_UNLOCK_ASSERT() rm_assert(&sahtree_lock, RA_UNLOCKED)
260
261 /* Hash table for lookup in SAD using SA addresses */
262 VNET_DEFINE_STATIC(struct secashead_list *, sahaddrhashtbl);
263 VNET_DEFINE_STATIC(u_long, sahaddrhash_mask);
264 #define V_sahaddrhashtbl VNET(sahaddrhashtbl)
265 #define V_sahaddrhash_mask VNET(sahaddrhash_mask)
266
267 #define SAHHASH_NHASH_LOG2 7
268 #define SAHHASH_NHASH (1 << SAHHASH_NHASH_LOG2)
269 #define SAHADDRHASH_HASHVAL(idx) \
270 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \
271 V_sahaddrhash_mask)
272 #define SAHADDRHASH_HASH(saidx) \
273 &V_sahaddrhashtbl[SAHADDRHASH_HASHVAL(saidx)]
274
275 /* Hash table for lookup in SAD using SPI */
276 LIST_HEAD(secasvar_list, secasvar);
277 VNET_DEFINE_STATIC(struct secasvar_list *, savhashtbl);
278 VNET_DEFINE_STATIC(u_long, savhash_mask);
279 #define V_savhashtbl VNET(savhashtbl)
280 #define V_savhash_mask VNET(savhash_mask)
281 #define SAVHASH_NHASH_LOG2 7
282 #define SAVHASH_NHASH (1 << SAVHASH_NHASH_LOG2)
283 #define SAVHASH_HASHVAL(spi) (key_u32hash(spi) & V_savhash_mask)
284 #define SAVHASH_HASH(spi) &V_savhashtbl[SAVHASH_HASHVAL(spi)]
285
286 static uint32_t
key_addrprotohash(const union sockaddr_union * src,const union sockaddr_union * dst,const uint8_t * proto)287 key_addrprotohash(const union sockaddr_union *src,
288 const union sockaddr_union *dst, const uint8_t *proto)
289 {
290 uint32_t hval;
291
292 hval = fnv_32_buf(proto, sizeof(*proto),
293 FNV1_32_INIT);
294 switch (dst->sa.sa_family) {
295 #ifdef INET
296 case AF_INET:
297 hval = fnv_32_buf(&src->sin.sin_addr,
298 sizeof(in_addr_t), hval);
299 hval = fnv_32_buf(&dst->sin.sin_addr,
300 sizeof(in_addr_t), hval);
301 break;
302 #endif
303 #ifdef INET6
304 case AF_INET6:
305 hval = fnv_32_buf(&src->sin6.sin6_addr,
306 sizeof(struct in6_addr), hval);
307 hval = fnv_32_buf(&dst->sin6.sin6_addr,
308 sizeof(struct in6_addr), hval);
309 break;
310 #endif
311 default:
312 hval = 0;
313 ipseclog((LOG_DEBUG, "%s: unknown address family %d\n",
314 __func__, dst->sa.sa_family));
315 }
316 return (hval);
317 }
318
319 static uint32_t
key_u32hash(uint32_t val)320 key_u32hash(uint32_t val)
321 {
322
323 return (fnv_32_buf(&val, sizeof(val), FNV1_32_INIT));
324 }
325
326 /* registed list */
327 VNET_DEFINE_STATIC(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]);
328 #define V_regtree VNET(regtree)
329 static struct mtx regtree_lock;
330 #define REGTREE_LOCK_INIT() \
331 mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF)
332 #define REGTREE_LOCK_DESTROY() mtx_destroy(®tree_lock)
333 #define REGTREE_LOCK() mtx_lock(®tree_lock)
334 #define REGTREE_UNLOCK() mtx_unlock(®tree_lock)
335 #define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED)
336
337 /* Acquiring list */
338 LIST_HEAD(secacq_list, secacq);
339 VNET_DEFINE_STATIC(struct secacq_list, acqtree);
340 #define V_acqtree VNET(acqtree)
341 static struct mtx acq_lock;
342 #define ACQ_LOCK_INIT() \
343 mtx_init(&acq_lock, "acqtree", "ipsec SA acquiring list", MTX_DEF)
344 #define ACQ_LOCK_DESTROY() mtx_destroy(&acq_lock)
345 #define ACQ_LOCK() mtx_lock(&acq_lock)
346 #define ACQ_UNLOCK() mtx_unlock(&acq_lock)
347 #define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED)
348
349 /* Hash table for lookup in ACQ list using SA addresses */
350 VNET_DEFINE_STATIC(struct secacq_list *, acqaddrhashtbl);
351 VNET_DEFINE_STATIC(u_long, acqaddrhash_mask);
352 #define V_acqaddrhashtbl VNET(acqaddrhashtbl)
353 #define V_acqaddrhash_mask VNET(acqaddrhash_mask)
354
355 /* Hash table for lookup in ACQ list using SEQ number */
356 VNET_DEFINE_STATIC(struct secacq_list *, acqseqhashtbl);
357 VNET_DEFINE_STATIC(u_long, acqseqhash_mask);
358 #define V_acqseqhashtbl VNET(acqseqhashtbl)
359 #define V_acqseqhash_mask VNET(acqseqhash_mask)
360
361 #define ACQHASH_NHASH_LOG2 7
362 #define ACQHASH_NHASH (1 << ACQHASH_NHASH_LOG2)
363 #define ACQADDRHASH_HASHVAL(idx) \
364 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \
365 V_acqaddrhash_mask)
366 #define ACQSEQHASH_HASHVAL(seq) \
367 (key_u32hash(seq) & V_acqseqhash_mask)
368 #define ACQADDRHASH_HASH(saidx) \
369 &V_acqaddrhashtbl[ACQADDRHASH_HASHVAL(saidx)]
370 #define ACQSEQHASH_HASH(seq) \
371 &V_acqseqhashtbl[ACQSEQHASH_HASHVAL(seq)]
372 /* SP acquiring list */
373 VNET_DEFINE_STATIC(LIST_HEAD(_spacqtree, secspacq), spacqtree);
374 #define V_spacqtree VNET(spacqtree)
375 static struct mtx spacq_lock;
376 #define SPACQ_LOCK_INIT() \
377 mtx_init(&spacq_lock, "spacqtree", \
378 "fast ipsec security policy acquire list", MTX_DEF)
379 #define SPACQ_LOCK_DESTROY() mtx_destroy(&spacq_lock)
380 #define SPACQ_LOCK() mtx_lock(&spacq_lock)
381 #define SPACQ_UNLOCK() mtx_unlock(&spacq_lock)
382 #define SPACQ_LOCK_ASSERT() mtx_assert(&spacq_lock, MA_OWNED)
383
384 static const int minsize[] = {
385 [SADB_EXT_RESERVED] = sizeof(struct sadb_msg),
386 [SADB_EXT_SA] = sizeof(struct sadb_sa),
387 [SADB_EXT_LIFETIME_CURRENT] = sizeof(struct sadb_lifetime),
388 [SADB_EXT_LIFETIME_HARD] = sizeof(struct sadb_lifetime),
389 [SADB_EXT_LIFETIME_SOFT] = sizeof(struct sadb_lifetime),
390 [SADB_EXT_ADDRESS_SRC] = sizeof(struct sadb_address),
391 [SADB_EXT_ADDRESS_DST] = sizeof(struct sadb_address),
392 [SADB_EXT_ADDRESS_PROXY] = sizeof(struct sadb_address),
393 [SADB_EXT_KEY_AUTH] = sizeof(struct sadb_key),
394 [SADB_EXT_KEY_ENCRYPT] = sizeof(struct sadb_key),
395 [SADB_EXT_IDENTITY_SRC] = sizeof(struct sadb_ident),
396 [SADB_EXT_IDENTITY_DST] = sizeof(struct sadb_ident),
397 [SADB_EXT_SENSITIVITY] = sizeof(struct sadb_sens),
398 [SADB_EXT_PROPOSAL] = sizeof(struct sadb_prop),
399 [SADB_EXT_SUPPORTED_AUTH] = sizeof(struct sadb_supported),
400 [SADB_EXT_SUPPORTED_ENCRYPT] = sizeof(struct sadb_supported),
401 [SADB_EXT_SPIRANGE] = sizeof(struct sadb_spirange),
402 [SADB_X_EXT_KMPRIVATE] = 0,
403 [SADB_X_EXT_POLICY] = sizeof(struct sadb_x_policy),
404 [SADB_X_EXT_SA2] = sizeof(struct sadb_x_sa2),
405 [SADB_X_EXT_NAT_T_TYPE] = sizeof(struct sadb_x_nat_t_type),
406 [SADB_X_EXT_NAT_T_SPORT] = sizeof(struct sadb_x_nat_t_port),
407 [SADB_X_EXT_NAT_T_DPORT] = sizeof(struct sadb_x_nat_t_port),
408 [SADB_X_EXT_NAT_T_OAI] = sizeof(struct sadb_address),
409 [SADB_X_EXT_NAT_T_OAR] = sizeof(struct sadb_address),
410 [SADB_X_EXT_NAT_T_FRAG] = sizeof(struct sadb_x_nat_t_frag),
411 [SADB_X_EXT_SA_REPLAY] = sizeof(struct sadb_x_sa_replay),
412 [SADB_X_EXT_NEW_ADDRESS_SRC] = sizeof(struct sadb_address),
413 [SADB_X_EXT_NEW_ADDRESS_DST] = sizeof(struct sadb_address),
414 [SADB_X_EXT_LFT_CUR_SW_OFFL] = sizeof(struct sadb_lifetime),
415 [SADB_X_EXT_LFT_CUR_HW_OFFL] = sizeof(struct sadb_lifetime),
416 [SADB_X_EXT_IF_HW_OFFL] = sizeof(struct sadb_x_if_hw_offl),
417 };
418 _Static_assert(nitems(minsize) == SADB_EXT_MAX + 1, "minsize size mismatch");
419
420 static const int maxsize[] = {
421 [SADB_EXT_RESERVED] = sizeof(struct sadb_msg),
422 [SADB_EXT_SA] = sizeof(struct sadb_sa),
423 [SADB_EXT_LIFETIME_CURRENT] = sizeof(struct sadb_lifetime),
424 [SADB_EXT_LIFETIME_HARD] = sizeof(struct sadb_lifetime),
425 [SADB_EXT_LIFETIME_SOFT] = sizeof(struct sadb_lifetime),
426 [SADB_EXT_ADDRESS_SRC] = 0,
427 [SADB_EXT_ADDRESS_DST] = 0,
428 [SADB_EXT_ADDRESS_PROXY] = 0,
429 [SADB_EXT_KEY_AUTH] = 0,
430 [SADB_EXT_KEY_ENCRYPT] = 0,
431 [SADB_EXT_IDENTITY_SRC] = 0,
432 [SADB_EXT_IDENTITY_DST] = 0,
433 [SADB_EXT_SENSITIVITY] = 0,
434 [SADB_EXT_PROPOSAL] = 0,
435 [SADB_EXT_SUPPORTED_AUTH] = 0,
436 [SADB_EXT_SUPPORTED_ENCRYPT] = 0,
437 [SADB_EXT_SPIRANGE] = sizeof(struct sadb_spirange),
438 [SADB_X_EXT_KMPRIVATE] = 0,
439 [SADB_X_EXT_POLICY] = 0,
440 [SADB_X_EXT_SA2] = sizeof(struct sadb_x_sa2),
441 [SADB_X_EXT_NAT_T_TYPE] = sizeof(struct sadb_x_nat_t_type),
442 [SADB_X_EXT_NAT_T_SPORT] = sizeof(struct sadb_x_nat_t_port),
443 [SADB_X_EXT_NAT_T_DPORT] = sizeof(struct sadb_x_nat_t_port),
444 [SADB_X_EXT_NAT_T_OAI] = 0,
445 [SADB_X_EXT_NAT_T_OAR] = 0,
446 [SADB_X_EXT_NAT_T_FRAG] = sizeof(struct sadb_x_nat_t_frag),
447 [SADB_X_EXT_SA_REPLAY] = sizeof(struct sadb_x_sa_replay),
448 [SADB_X_EXT_NEW_ADDRESS_SRC] = 0,
449 [SADB_X_EXT_NEW_ADDRESS_DST] = 0,
450 [SADB_X_EXT_LFT_CUR_SW_OFFL] = sizeof(struct sadb_lifetime),
451 [SADB_X_EXT_LFT_CUR_HW_OFFL] = sizeof(struct sadb_lifetime),
452 [SADB_X_EXT_IF_HW_OFFL] = sizeof(struct sadb_x_if_hw_offl),
453 };
454 _Static_assert(nitems(maxsize) == SADB_EXT_MAX + 1, "maxsize size mismatch");
455
456 /*
457 * Internal values for SA flags:
458 * SADB_X_EXT_F_CLONED means that SA was cloned by key_updateaddresses,
459 * thus we will not free the most of SA content in key_delsav().
460 */
461 #define SADB_X_EXT_F_CLONED 0x80000000
462
463 #define SADB_CHECKLEN(_mhp, _ext) \
464 ((_mhp)->extlen[(_ext)] < minsize[(_ext)] || (maxsize[(_ext)] != 0 && \
465 ((_mhp)->extlen[(_ext)] > maxsize[(_ext)])))
466 #define SADB_CHECKHDR(_mhp, _ext) ((_mhp)->ext[(_ext)] == NULL)
467
468 VNET_DEFINE_STATIC(int, ipsec_esp_keymin) = 256;
469 VNET_DEFINE_STATIC(int, ipsec_esp_auth) = 0;
470 VNET_DEFINE_STATIC(int, ipsec_ah_keymin) = 128;
471
472 #define V_ipsec_esp_keymin VNET(ipsec_esp_keymin)
473 #define V_ipsec_esp_auth VNET(ipsec_esp_auth)
474 #define V_ipsec_ah_keymin VNET(ipsec_ah_keymin)
475
476 #ifdef IPSEC_DEBUG
477 VNET_DEFINE(int, ipsec_debug) = 1;
478 #else
479 VNET_DEFINE(int, ipsec_debug) = 0;
480 #endif
481
482 #ifdef INET
483 SYSCTL_DECL(_net_inet_ipsec);
484 SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, debug,
485 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0,
486 "Enable IPsec debugging output when set.");
487 #endif
488 #ifdef INET6
489 SYSCTL_DECL(_net_inet6_ipsec6);
490 SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, debug,
491 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0,
492 "Enable IPsec debugging output when set.");
493 #endif
494
495 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug,
496 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, "");
497
498 /* max count of trial for the decision of spi value */
499 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt,
500 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, "");
501
502 /* minimum spi value to allocate automatically. */
503 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval,
504 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, "");
505
506 /* maximun spi value to allocate automatically. */
507 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval,
508 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, "");
509
510 /* interval to initialize randseed */
511 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random,
512 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_int_random), 0, "");
513
514 /* lifetime for larval SA */
515 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime,
516 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, "");
517
518 /* counter for blocking to send SADB_ACQUIRE to IKEd */
519 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count,
520 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, "");
521
522 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
523 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime,
524 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, "");
525
526 /* ESP auth */
527 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth,
528 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, "");
529
530 /* minimum ESP key length */
531 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin,
532 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, "");
533
534 /* minimum AH key length */
535 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin,
536 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, "");
537
538 /* perfered old SA rather than new SA */
539 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa,
540 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, "");
541
542 SYSCTL_NODE(_net_key, OID_AUTO, spdcache, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
543 "SPD cache");
544
545 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, maxentries,
546 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_maxentries), 0,
547 "Maximum number of entries in the SPD cache"
548 " (power of 2, 0 to disable)");
549
550 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, threshold,
551 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_threshold), 0,
552 "Number of SPs that make the SPD cache active");
553
554 #define __LIST_CHAINED(elm) \
555 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
556
557 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association");
558 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head");
559 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy");
560 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request");
561 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous");
562 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire");
563 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire");
564 MALLOC_DEFINE(M_IPSEC_SPDCACHE, "ipsec-spdcache", "ipsec SPD cache");
565
566 static uma_zone_t __read_mostly ipsec_key_lft_zone;
567
568 /*
569 * set parameters into secpolicyindex buffer.
570 * Must allocate secpolicyindex buffer passed to this function.
571 */
572 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \
573 do { \
574 bzero((idx), sizeof(struct secpolicyindex)); \
575 (idx)->dir = (_dir); \
576 (idx)->prefs = (ps); \
577 (idx)->prefd = (pd); \
578 (idx)->ul_proto = (ulp); \
579 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \
580 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \
581 } while (0)
582
583 /*
584 * set parameters into secasindex buffer.
585 * Must allocate secasindex buffer before calling this function.
586 */
587 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \
588 do { \
589 bzero((idx), sizeof(struct secasindex)); \
590 (idx)->proto = (p); \
591 (idx)->mode = (m); \
592 (idx)->reqid = (r); \
593 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \
594 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \
595 key_porttosaddr(&(idx)->src.sa, 0); \
596 key_porttosaddr(&(idx)->dst.sa, 0); \
597 } while (0)
598
599 /* key statistics */
600 struct _keystat {
601 u_long getspi_count; /* the avarage of count to try to get new SPI */
602 } keystat;
603
604 struct sadb_msghdr {
605 struct sadb_msg *msg;
606 struct sadb_ext *ext[SADB_EXT_MAX + 1];
607 int extoff[SADB_EXT_MAX + 1];
608 int extlen[SADB_EXT_MAX + 1];
609 };
610
611 static const struct supported_ealgs {
612 int sadb_alg;
613 const struct enc_xform *xform;
614 } supported_ealgs[] = {
615 { SADB_X_EALG_AES, &enc_xform_aes_cbc },
616 { SADB_EALG_NULL, &enc_xform_null },
617 { SADB_X_EALG_AESCTR, &enc_xform_aes_icm },
618 { SADB_X_EALG_AESGCM16, &enc_xform_aes_nist_gcm },
619 { SADB_X_EALG_AESGMAC, &enc_xform_aes_nist_gmac },
620 { SADB_X_EALG_CHACHA20POLY1305, &enc_xform_chacha20_poly1305 },
621 };
622
623 static const struct supported_aalgs {
624 int sadb_alg;
625 const struct auth_hash *xform;
626 } supported_aalgs[] = {
627 { SADB_X_AALG_NULL, &auth_hash_null },
628 { SADB_AALG_SHA1HMAC, &auth_hash_hmac_sha1 },
629 { SADB_X_AALG_SHA2_256, &auth_hash_hmac_sha2_256 },
630 { SADB_X_AALG_SHA2_384, &auth_hash_hmac_sha2_384 },
631 { SADB_X_AALG_SHA2_512, &auth_hash_hmac_sha2_512 },
632 { SADB_X_AALG_AES128GMAC, &auth_hash_nist_gmac_aes_128 },
633 { SADB_X_AALG_AES192GMAC, &auth_hash_nist_gmac_aes_192 },
634 { SADB_X_AALG_AES256GMAC, &auth_hash_nist_gmac_aes_256 },
635 { SADB_X_AALG_CHACHA20POLY1305, &auth_hash_poly1305 },
636 };
637
638 static const struct supported_calgs {
639 int sadb_alg;
640 const struct comp_algo *xform;
641 } supported_calgs[] = {
642 { SADB_X_CALG_DEFLATE, &comp_algo_deflate },
643 };
644
645 #ifndef IPSEC_DEBUG2
646 static struct callout key_timer;
647 #endif
648
649 static void key_unlink(struct secpolicy *);
650 static void key_detach(struct secpolicy *);
651 static struct secpolicy *key_getsp(struct secpolicyindex *);
652 static struct secpolicy *key_getspbyid(u_int32_t);
653 static struct mbuf *key_gather_mbuf(struct mbuf *,
654 const struct sadb_msghdr *, int, int, ...);
655 static int key_spdadd(struct socket *, struct mbuf *,
656 const struct sadb_msghdr *);
657 static uint32_t key_getnewspid(void);
658 static int key_spddelete(struct socket *, struct mbuf *,
659 const struct sadb_msghdr *);
660 static int key_spddelete2(struct socket *, struct mbuf *,
661 const struct sadb_msghdr *);
662 static int key_spdget(struct socket *, struct mbuf *,
663 const struct sadb_msghdr *);
664 static int key_spdflush(struct socket *, struct mbuf *,
665 const struct sadb_msghdr *);
666 static int key_spddump(struct socket *, struct mbuf *,
667 const struct sadb_msghdr *);
668 static struct mbuf *key_setdumpsp(struct secpolicy *,
669 u_int8_t, u_int32_t, u_int32_t);
670 static struct mbuf *key_sp2mbuf(struct secpolicy *);
671 static size_t key_getspreqmsglen(struct secpolicy *);
672 static int key_spdexpire(struct secpolicy *);
673 static struct secashead *key_newsah(struct secasindex *);
674 static void key_freesah(struct secashead **);
675 static void key_delsah(struct secashead *);
676 static struct secasvar *key_newsav(const struct sadb_msghdr *,
677 struct secasindex *, uint32_t, int *);
678 static void key_delsav(struct secasvar *);
679 static void key_unlinksav(struct secasvar *);
680 static struct secashead *key_getsah(struct secasindex *);
681 static int key_checkspidup(uint32_t);
682 static struct secasvar *key_getsavbyspi(uint32_t);
683 static int key_setnatt(struct secasvar *, const struct sadb_msghdr *);
684 static int key_setsaval(struct secasvar *, const struct sadb_msghdr *);
685 static int key_updatelifetimes(struct secasvar *, const struct sadb_msghdr *);
686 static int key_updateaddresses(struct socket *, struct mbuf *,
687 const struct sadb_msghdr *, struct secasvar *, struct secasindex *);
688
689 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t,
690 u_int8_t, u_int32_t, u_int32_t, struct rm_priotracker *);
691 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t,
692 u_int32_t, pid_t, u_int16_t);
693 static struct mbuf *key_setsadbsa(struct secasvar *);
694 static struct mbuf *key_setsadbaddr(u_int16_t,
695 const struct sockaddr *, u_int8_t, u_int16_t);
696 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t);
697 static struct mbuf *key_setsadbxtype(u_int16_t);
698 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t);
699 static struct mbuf *key_setsadbxsareplay(u_int32_t);
700 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
701 u_int32_t, u_int32_t);
702 static struct seckey *key_dup_keymsg(const struct sadb_key *,
703 struct malloc_type *);
704 static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src,
705 struct malloc_type *);
706
707 /* flags for key_cmpsaidx() */
708 #define CMP_HEAD 1 /* protocol, addresses. */
709 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */
710 #define CMP_REQID 3 /* additionally HEAD, reaid. */
711 #define CMP_EXACTLY 4 /* all elements. */
712 static int key_cmpsaidx(const struct secasindex *,
713 const struct secasindex *, int);
714 static int key_cmpspidx_exactly(struct secpolicyindex *,
715 struct secpolicyindex *);
716 static int key_cmpspidx_withmask(struct secpolicyindex *,
717 struct secpolicyindex *);
718 static int key_bbcmp(const void *, const void *, u_int);
719 static uint8_t key_satype2proto(uint8_t);
720 static uint8_t key_proto2satype(uint8_t);
721
722 static int key_getspi(struct socket *, struct mbuf *,
723 const struct sadb_msghdr *);
724 static uint32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *);
725 static int key_update(struct socket *, struct mbuf *,
726 const struct sadb_msghdr *);
727 static int key_add(struct socket *, struct mbuf *,
728 const struct sadb_msghdr *);
729 static int key_setident(struct secashead *, const struct sadb_msghdr *);
730 static struct mbuf *key_getmsgbuf_x1(struct mbuf *,
731 const struct sadb_msghdr *);
732 static int key_delete(struct socket *, struct mbuf *,
733 const struct sadb_msghdr *);
734 static int key_delete_all(struct socket *, struct mbuf *,
735 const struct sadb_msghdr *, struct secasindex *);
736 static int key_get(struct socket *, struct mbuf *,
737 const struct sadb_msghdr *);
738
739 static void key_getcomb_setlifetime(struct sadb_comb *);
740 static struct mbuf *key_getcomb_ealg(void);
741 static struct mbuf *key_getcomb_ah(void);
742 static struct mbuf *key_getcomb_ipcomp(void);
743 static struct mbuf *key_getprop(const struct secasindex *);
744
745 static int key_acquire(const struct secasindex *, struct secpolicy *);
746 static uint32_t key_newacq(const struct secasindex *, int *);
747 static uint32_t key_getacq(const struct secasindex *, int *);
748 static int key_acqdone(const struct secasindex *, uint32_t);
749 static int key_acqreset(uint32_t);
750 static struct secspacq *key_newspacq(struct secpolicyindex *);
751 static struct secspacq *key_getspacq(struct secpolicyindex *);
752 static int key_acquire2(struct socket *, struct mbuf *,
753 const struct sadb_msghdr *);
754 static int key_register(struct socket *, struct mbuf *,
755 const struct sadb_msghdr *);
756 static int key_expire(struct secasvar *, int);
757 static int key_flush(struct socket *, struct mbuf *,
758 const struct sadb_msghdr *);
759 static int key_dump(struct socket *, struct mbuf *,
760 const struct sadb_msghdr *);
761 static int key_promisc(struct socket *, struct mbuf *,
762 const struct sadb_msghdr *);
763 static int key_senderror(struct socket *, struct mbuf *, int);
764 static int key_validate_ext(const struct sadb_ext *, int);
765 static int key_align(struct mbuf *, struct sadb_msghdr *);
766 static struct mbuf *key_setlifetime(struct seclifetime *, uint16_t);
767 static struct mbuf *key_setkey(struct seckey *, uint16_t);
768
769 static void spdcache_init(void);
770 static void spdcache_clear(void);
771 static struct spdcache_entry *spdcache_entry_alloc(
772 const struct secpolicyindex *spidx,
773 struct secpolicy *policy);
774 static void spdcache_entry_free(struct spdcache_entry *entry);
775 #ifdef VIMAGE
776 static void spdcache_destroy(void);
777 #endif
778
779 #define DBG_IPSEC_INITREF(t, p) do { \
780 refcount_init(&(p)->refcnt, 1); \
781 KEYDBG(KEY_STAMP, \
782 printf("%s: Initialize refcnt %s(%p) = %u\n", \
783 __func__, #t, (p), (p)->refcnt)); \
784 } while (0)
785 #define DBG_IPSEC_ADDREF(t, p) do { \
786 refcount_acquire(&(p)->refcnt); \
787 KEYDBG(KEY_STAMP, \
788 printf("%s: Acquire refcnt %s(%p) -> %u\n", \
789 __func__, #t, (p), (p)->refcnt)); \
790 } while (0)
791 #define DBG_IPSEC_DELREF(t, p) do { \
792 KEYDBG(KEY_STAMP, \
793 printf("%s: Release refcnt %s(%p) -> %u\n", \
794 __func__, #t, (p), (p)->refcnt - 1)); \
795 refcount_release(&(p)->refcnt); \
796 } while (0)
797
798 #define IPSEC_INITREF(t, p) refcount_init(&(p)->refcnt, 1)
799 #define IPSEC_ADDREF(t, p) refcount_acquire(&(p)->refcnt)
800 #define IPSEC_DELREF(t, p) refcount_release(&(p)->refcnt)
801
802 #define SP_INITREF(p) IPSEC_INITREF(SP, p)
803 #define SP_ADDREF(p) IPSEC_ADDREF(SP, p)
804 #define SP_DELREF(p) IPSEC_DELREF(SP, p)
805
806 #define SAH_INITREF(p) IPSEC_INITREF(SAH, p)
807 #define SAH_ADDREF(p) IPSEC_ADDREF(SAH, p)
808 #define SAH_DELREF(p) IPSEC_DELREF(SAH, p)
809
810 #define SAV_INITREF(p) IPSEC_INITREF(SAV, p)
811 #define SAV_ADDREF(p) IPSEC_ADDREF(SAV, p)
812 #define SAV_DELREF(p) IPSEC_DELREF(SAV, p)
813
814 /*
815 * Update the refcnt while holding the SPTREE lock.
816 */
817 void
key_addref(struct secpolicy * sp)818 key_addref(struct secpolicy *sp)
819 {
820
821 SP_ADDREF(sp);
822 }
823
824 /*
825 * Return 0 when there are known to be no SP's for the specified
826 * direction. Otherwise return 1. This is used by IPsec code
827 * to optimize performance.
828 */
829 int
key_havesp(u_int dir)830 key_havesp(u_int dir)
831 {
832
833 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
834 ("invalid direction %u", dir));
835 return (TAILQ_FIRST(&V_sptree[dir]) != NULL);
836 }
837
838 int
key_havesp_any(void)839 key_havesp_any(void)
840 {
841
842 return (V_spd_size != 0);
843 }
844
845 /*
846 * Allocate a single mbuf with a buffer of the desired length. The buffer is
847 * pre-zeroed to help ensure that uninitialized pad bytes are not leaked.
848 */
849 static struct mbuf *
key_mget(u_int len)850 key_mget(u_int len)
851 {
852 struct mbuf *m;
853
854 KASSERT(len <= MCLBYTES,
855 ("%s: invalid buffer length %u", __func__, len));
856
857 m = m_get2(len, M_NOWAIT, MT_DATA, M_PKTHDR);
858 if (m == NULL)
859 return (NULL);
860 memset(mtod(m, void *), 0, len);
861 return (m);
862 }
863
864 /* %%% IPsec policy management */
865 /*
866 * Return current SPDB generation.
867 */
868 uint32_t
key_getspgen(void)869 key_getspgen(void)
870 {
871
872 return (V_sp_genid);
873 }
874
875 void
key_bumpspgen(void)876 key_bumpspgen(void)
877 {
878
879 V_sp_genid++;
880 }
881
882 static int
key_checksockaddrs(struct sockaddr * src,struct sockaddr * dst)883 key_checksockaddrs(struct sockaddr *src, struct sockaddr *dst)
884 {
885
886 /* family match */
887 if (src->sa_family != dst->sa_family)
888 return (EINVAL);
889 /* sa_len match */
890 if (src->sa_len != dst->sa_len)
891 return (EINVAL);
892 switch (src->sa_family) {
893 #ifdef INET
894 case AF_INET:
895 if (src->sa_len != sizeof(struct sockaddr_in))
896 return (EINVAL);
897 break;
898 #endif
899 #ifdef INET6
900 case AF_INET6:
901 if (src->sa_len != sizeof(struct sockaddr_in6))
902 return (EINVAL);
903 break;
904 #endif
905 default:
906 return (EAFNOSUPPORT);
907 }
908 return (0);
909 }
910
911 struct secpolicy *
key_do_allocsp(struct secpolicyindex * spidx,u_int dir)912 key_do_allocsp(struct secpolicyindex *spidx, u_int dir)
913 {
914 SPTREE_RLOCK_TRACKER;
915 struct secpolicy *sp;
916
917 IPSEC_ASSERT(spidx != NULL, ("null spidx"));
918 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
919 ("invalid direction %u", dir));
920
921 SPTREE_RLOCK();
922 TAILQ_FOREACH(sp, &V_sptree[dir], chain) {
923 if (key_cmpspidx_withmask(&sp->spidx, spidx)) {
924 SP_ADDREF(sp);
925 break;
926 }
927 }
928 SPTREE_RUNLOCK();
929 return (sp);
930 }
931
932 /*
933 * allocating a SP for OUTBOUND or INBOUND packet.
934 * Must call key_freesp() later.
935 * OUT: NULL: not found
936 * others: found and return the pointer.
937 */
938 struct secpolicy *
key_allocsp(struct secpolicyindex * spidx,u_int dir)939 key_allocsp(struct secpolicyindex *spidx, u_int dir)
940 {
941 struct spdcache_entry *entry, *lastentry, *tmpentry;
942 struct secpolicy *sp;
943 uint32_t hashv;
944 time_t ts;
945 int nb_entries;
946
947 if (!SPDCACHE_ACTIVE()) {
948 sp = key_do_allocsp(spidx, dir);
949 goto out;
950 }
951
952 hashv = SPDCACHE_HASHVAL(spidx);
953 SPDCACHE_LOCK(hashv);
954 nb_entries = 0;
955 LIST_FOREACH_SAFE(entry, &V_spdcachehashtbl[hashv], chain, tmpentry) {
956 /* Removed outdated entries */
957 if (entry->sp != NULL &&
958 entry->sp->state == IPSEC_SPSTATE_DEAD) {
959 LIST_REMOVE(entry, chain);
960 spdcache_entry_free(entry);
961 continue;
962 }
963
964 nb_entries++;
965 if (!key_cmpspidx_exactly(&entry->spidx, spidx)) {
966 lastentry = entry;
967 continue;
968 }
969
970 sp = entry->sp;
971 if (entry->sp != NULL)
972 SP_ADDREF(sp);
973
974 /* IPSECSTAT_INC(ips_spdcache_hits); */
975
976 SPDCACHE_UNLOCK(hashv);
977 goto out;
978 }
979
980 /* IPSECSTAT_INC(ips_spdcache_misses); */
981
982 sp = key_do_allocsp(spidx, dir);
983 entry = spdcache_entry_alloc(spidx, sp);
984 if (entry != NULL) {
985 if (nb_entries >= SPDCACHE_MAX_ENTRIES_PER_HASH) {
986 LIST_REMOVE(lastentry, chain);
987 spdcache_entry_free(lastentry);
988 }
989
990 LIST_INSERT_HEAD(&V_spdcachehashtbl[hashv], entry, chain);
991 }
992
993 SPDCACHE_UNLOCK(hashv);
994
995 out:
996 if (sp != NULL) { /* found a SPD entry */
997 ts = time_second;
998 if (__predict_false(sp->lastused != ts))
999 sp->lastused = ts;
1000 KEYDBG(IPSEC_STAMP,
1001 printf("%s: return SP(%p)\n", __func__, sp));
1002 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp));
1003 } else {
1004 KEYDBG(IPSEC_DATA,
1005 printf("%s: lookup failed for ", __func__);
1006 kdebug_secpolicyindex(spidx, NULL));
1007 }
1008 return (sp);
1009 }
1010
1011 /*
1012 * Allocating an SA entry for an *INBOUND* or *OUTBOUND* TCP packet, signed
1013 * or should be signed by MD5 signature.
1014 * We don't use key_allocsa() for such lookups, because we don't know SPI.
1015 * Unlike ESP and AH protocols, SPI isn't transmitted in the TCP header with
1016 * signed packet. We use SADB only as storage for password.
1017 * OUT: positive: corresponding SA for given saidx found.
1018 * NULL: SA not found
1019 */
1020 struct secasvar *
key_allocsa_tcpmd5(struct secasindex * saidx)1021 key_allocsa_tcpmd5(struct secasindex *saidx)
1022 {
1023 SAHTREE_RLOCK_TRACKER;
1024 struct secashead *sah;
1025 struct secasvar *sav;
1026
1027 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP,
1028 ("unexpected security protocol %u", saidx->proto));
1029 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TCPMD5,
1030 ("unexpected mode %u", saidx->mode));
1031
1032 SAHTREE_RLOCK();
1033 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) {
1034 KEYDBG(IPSEC_DUMP,
1035 printf("%s: checking SAH\n", __func__);
1036 kdebug_secash(sah, " "));
1037 if (sah->saidx.proto != IPPROTO_TCP)
1038 continue;
1039 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) &&
1040 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0))
1041 break;
1042 }
1043 if (sah != NULL) {
1044 if (V_key_preferred_oldsa)
1045 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue);
1046 else
1047 sav = TAILQ_FIRST(&sah->savtree_alive);
1048 if (sav != NULL)
1049 SAV_ADDREF(sav);
1050 } else
1051 sav = NULL;
1052 SAHTREE_RUNLOCK();
1053
1054 if (sav != NULL) {
1055 KEYDBG(IPSEC_STAMP,
1056 printf("%s: return SA(%p)\n", __func__, sav));
1057 KEYDBG(IPSEC_DATA, kdebug_secasv(sav));
1058 } else {
1059 KEYDBG(IPSEC_STAMP,
1060 printf("%s: SA not found\n", __func__));
1061 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL));
1062 }
1063 return (sav);
1064 }
1065
1066 /*
1067 * Allocating an SA entry for an *OUTBOUND* packet.
1068 * OUT: positive: corresponding SA for given saidx found.
1069 * NULL: SA not found, but will be acquired, check *error
1070 * for acquiring status.
1071 */
1072 struct secasvar *
key_allocsa_policy(struct secpolicy * sp,const struct secasindex * saidx,int * error)1073 key_allocsa_policy(struct secpolicy *sp, const struct secasindex *saidx,
1074 int *error)
1075 {
1076 SAHTREE_RLOCK_TRACKER;
1077 struct secashead *sah;
1078 struct secasvar *sav;
1079
1080 IPSEC_ASSERT(saidx != NULL, ("null saidx"));
1081 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT ||
1082 saidx->mode == IPSEC_MODE_TUNNEL,
1083 ("unexpected policy %u", saidx->mode));
1084
1085 /*
1086 * We check new SA in the IPsec request because a different
1087 * SA may be involved each time this request is checked, either
1088 * because new SAs are being configured, or this request is
1089 * associated with an unconnected datagram socket, or this request
1090 * is associated with a system default policy.
1091 */
1092 SAHTREE_RLOCK();
1093 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) {
1094 KEYDBG(IPSEC_DUMP,
1095 printf("%s: checking SAH\n", __func__);
1096 kdebug_secash(sah, " "));
1097 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
1098 break;
1099 }
1100 if (sah != NULL) {
1101 /*
1102 * Allocate the oldest SA available according to
1103 * draft-jenkins-ipsec-rekeying-03.
1104 */
1105 if (V_key_preferred_oldsa)
1106 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue);
1107 else
1108 sav = TAILQ_FIRST(&sah->savtree_alive);
1109 if (sav != NULL)
1110 SAV_ADDREF(sav);
1111 } else
1112 sav = NULL;
1113 SAHTREE_RUNLOCK();
1114
1115 if (sav != NULL) {
1116 *error = 0;
1117 KEYDBG(IPSEC_STAMP,
1118 printf("%s: chosen SA(%p) for SP(%p)\n", __func__,
1119 sav, sp));
1120 KEYDBG(IPSEC_DATA, kdebug_secasv(sav));
1121 return (sav); /* return referenced SA */
1122 }
1123
1124 /* there is no SA */
1125 *error = key_acquire(saidx, sp);
1126 if ((*error) != 0)
1127 ipseclog((LOG_DEBUG,
1128 "%s: error %d returned from key_acquire()\n",
1129 __func__, *error));
1130 KEYDBG(IPSEC_STAMP,
1131 printf("%s: acquire SA for SP(%p), error %d\n",
1132 __func__, sp, *error));
1133 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL));
1134 return (NULL);
1135 }
1136
1137 /*
1138 * allocating a usable SA entry for a *INBOUND* packet.
1139 * Must call key_freesav() later.
1140 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state).
1141 * NULL: not found, or error occurred.
1142 *
1143 * According to RFC 2401 SA is uniquely identified by a triple SPI,
1144 * destination address, and security protocol. But according to RFC 4301,
1145 * SPI by itself suffices to specify an SA.
1146 *
1147 * Note that, however, we do need to keep source address in IPsec SA.
1148 * IKE specification and PF_KEY specification do assume that we
1149 * keep source address in IPsec SA. We see a tricky situation here.
1150 */
1151 struct secasvar *
key_allocsa(union sockaddr_union * dst,uint8_t proto,uint32_t spi)1152 key_allocsa(union sockaddr_union *dst, uint8_t proto, uint32_t spi)
1153 {
1154 SAHTREE_RLOCK_TRACKER;
1155 struct secasvar *sav;
1156
1157 IPSEC_ASSERT(proto == IPPROTO_ESP || proto == IPPROTO_AH ||
1158 proto == IPPROTO_IPCOMP, ("unexpected security protocol %u",
1159 proto));
1160
1161 SAHTREE_RLOCK();
1162 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) {
1163 if (sav->spi == spi)
1164 break;
1165 }
1166 /*
1167 * We use single SPI namespace for all protocols, so it is
1168 * impossible to have SPI duplicates in the SAVHASH.
1169 */
1170 if (sav != NULL) {
1171 if (sav->state != SADB_SASTATE_LARVAL &&
1172 sav->sah->saidx.proto == proto &&
1173 key_sockaddrcmp(&dst->sa,
1174 &sav->sah->saidx.dst.sa, 0) == 0)
1175 SAV_ADDREF(sav);
1176 else
1177 sav = NULL;
1178 }
1179 SAHTREE_RUNLOCK();
1180
1181 if (sav == NULL) {
1182 KEYDBG(IPSEC_STAMP,
1183 char buf[IPSEC_ADDRSTRLEN];
1184 printf("%s: SA not found for spi %u proto %u dst %s\n",
1185 __func__, ntohl(spi), proto, ipsec_address(dst, buf,
1186 sizeof(buf))));
1187 } else {
1188 KEYDBG(IPSEC_STAMP,
1189 printf("%s: return SA(%p)\n", __func__, sav));
1190 KEYDBG(IPSEC_DATA, kdebug_secasv(sav));
1191 }
1192 return (sav);
1193 }
1194
1195 struct secasvar *
key_allocsa_tunnel(union sockaddr_union * src,union sockaddr_union * dst,uint8_t proto)1196 key_allocsa_tunnel(union sockaddr_union *src, union sockaddr_union *dst,
1197 uint8_t proto)
1198 {
1199 SAHTREE_RLOCK_TRACKER;
1200 struct secasindex saidx;
1201 struct secashead *sah;
1202 struct secasvar *sav;
1203
1204 IPSEC_ASSERT(src != NULL, ("null src address"));
1205 IPSEC_ASSERT(dst != NULL, ("null dst address"));
1206
1207 KEY_SETSECASIDX(proto, IPSEC_MODE_TUNNEL, 0, &src->sa,
1208 &dst->sa, &saidx);
1209
1210 sav = NULL;
1211 SAHTREE_RLOCK();
1212 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) {
1213 if (IPSEC_MODE_TUNNEL != sah->saidx.mode)
1214 continue;
1215 if (proto != sah->saidx.proto)
1216 continue;
1217 if (key_sockaddrcmp(&src->sa, &sah->saidx.src.sa, 0) != 0)
1218 continue;
1219 if (key_sockaddrcmp(&dst->sa, &sah->saidx.dst.sa, 0) != 0)
1220 continue;
1221 /* XXXAE: is key_preferred_oldsa reasonably?*/
1222 if (V_key_preferred_oldsa)
1223 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue);
1224 else
1225 sav = TAILQ_FIRST(&sah->savtree_alive);
1226 if (sav != NULL) {
1227 SAV_ADDREF(sav);
1228 break;
1229 }
1230 }
1231 SAHTREE_RUNLOCK();
1232 KEYDBG(IPSEC_STAMP,
1233 printf("%s: return SA(%p)\n", __func__, sav));
1234 if (sav != NULL)
1235 KEYDBG(IPSEC_DATA, kdebug_secasv(sav));
1236 return (sav);
1237 }
1238
1239 /*
1240 * Must be called after calling key_allocsp().
1241 */
1242 void
key_freesp(struct secpolicy ** spp)1243 key_freesp(struct secpolicy **spp)
1244 {
1245 struct secpolicy *sp = *spp;
1246
1247 IPSEC_ASSERT(sp != NULL, ("null sp"));
1248 if (SP_DELREF(sp) == 0)
1249 return;
1250
1251 KEYDBG(IPSEC_STAMP,
1252 printf("%s: last reference to SP(%p)\n", __func__, sp));
1253 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp));
1254
1255 *spp = NULL;
1256 #ifdef IPSEC_OFFLOAD
1257 KASSERT(CK_LIST_EMPTY(&sp->accel_ifps),
1258 ("key_freesp: sp %p still offloaded", sp));
1259 free(__DECONST(char *, sp->accel_ifname), M_IPSEC_MISC);
1260 #endif
1261 while (sp->tcount > 0)
1262 ipsec_delisr(sp->req[--sp->tcount]);
1263 free(sp, M_IPSEC_SP);
1264 }
1265
1266 static void
key_unlink(struct secpolicy * sp)1267 key_unlink(struct secpolicy *sp)
1268 {
1269 SPTREE_WLOCK();
1270 key_detach(sp);
1271 SPTREE_WUNLOCK();
1272 if (SPDCACHE_ENABLED())
1273 spdcache_clear();
1274 ipsec_accel_sync();
1275 key_freesp(&sp);
1276 }
1277
1278 static void
key_detach(struct secpolicy * sp)1279 key_detach(struct secpolicy *sp)
1280 {
1281 IPSEC_ASSERT(sp->spidx.dir == IPSEC_DIR_INBOUND ||
1282 sp->spidx.dir == IPSEC_DIR_OUTBOUND,
1283 ("invalid direction %u", sp->spidx.dir));
1284 SPTREE_WLOCK_ASSERT();
1285
1286 KEYDBG(KEY_STAMP,
1287 printf("%s: SP(%p)\n", __func__, sp));
1288 if (sp->state != IPSEC_SPSTATE_ALIVE) {
1289 /* SP is already unlinked */
1290 return;
1291 }
1292 sp->state = IPSEC_SPSTATE_DEAD;
1293 ipsec_accel_spddel(sp);
1294 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain);
1295 V_spd_size--;
1296 LIST_REMOVE(sp, idhash);
1297 V_sp_genid++;
1298 }
1299
1300 /*
1301 * insert a secpolicy into the SP database. Lower priorities first
1302 */
1303 static void
key_insertsp(struct secpolicy * newsp)1304 key_insertsp(struct secpolicy *newsp)
1305 {
1306 struct secpolicy *sp;
1307
1308 SPTREE_WLOCK_ASSERT();
1309 TAILQ_FOREACH(sp, &V_sptree[newsp->spidx.dir], chain) {
1310 if (newsp->priority < sp->priority) {
1311 TAILQ_INSERT_BEFORE(sp, newsp, chain);
1312 goto done;
1313 }
1314 }
1315 TAILQ_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, chain);
1316 done:
1317 LIST_INSERT_HEAD(SPHASH_HASH(newsp->id), newsp, idhash);
1318 newsp->state = IPSEC_SPSTATE_ALIVE;
1319 V_spd_size++;
1320 V_sp_genid++;
1321 ipsec_accel_spdadd(newsp, NULL);
1322 }
1323
1324 /*
1325 * Insert a bunch of VTI secpolicies into the SPDB.
1326 * We keep VTI policies in the separate list due to following reasons:
1327 * 1) they should be immutable to user's or some deamon's attempts to
1328 * delete. The only way delete such policies - destroy or unconfigure
1329 * corresponding virtual inteface.
1330 * 2) such policies have traffic selector that matches all traffic per
1331 * address family.
1332 * Since all VTI policies have the same priority, we don't care about
1333 * policies order.
1334 */
1335 int
key_register_ifnet(struct secpolicy ** spp,u_int count)1336 key_register_ifnet(struct secpolicy **spp, u_int count)
1337 {
1338 struct mbuf *m;
1339 u_int i;
1340
1341 SPTREE_WLOCK();
1342 /*
1343 * First of try to acquire id for each SP.
1344 */
1345 for (i = 0; i < count; i++) {
1346 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND ||
1347 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND,
1348 ("invalid direction %u", spp[i]->spidx.dir));
1349
1350 if ((spp[i]->id = key_getnewspid()) == 0) {
1351 SPTREE_WUNLOCK();
1352 return (EAGAIN);
1353 }
1354 }
1355 for (i = 0; i < count; i++) {
1356 TAILQ_INSERT_TAIL(&V_sptree_ifnet[spp[i]->spidx.dir],
1357 spp[i], chain);
1358 /*
1359 * NOTE: despite the fact that we keep VTI SP in the
1360 * separate list, SPHASH contains policies from both
1361 * sources. Thus SADB_X_SPDGET will correctly return
1362 * SP by id, because it uses SPHASH for lookups.
1363 */
1364 LIST_INSERT_HEAD(SPHASH_HASH(spp[i]->id), spp[i], idhash);
1365 spp[i]->state = IPSEC_SPSTATE_IFNET;
1366 ipsec_accel_spdadd(spp[i], NULL);
1367 }
1368 SPTREE_WUNLOCK();
1369 /*
1370 * Notify user processes about new SP.
1371 */
1372 for (i = 0; i < count; i++) {
1373 m = key_setdumpsp(spp[i], SADB_X_SPDADD, 0, 0);
1374 if (m != NULL)
1375 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL);
1376 }
1377 return (0);
1378 }
1379
1380 void
key_unregister_ifnet(struct secpolicy ** spp,u_int count)1381 key_unregister_ifnet(struct secpolicy **spp, u_int count)
1382 {
1383 struct mbuf *m;
1384 u_int i;
1385
1386 SPTREE_WLOCK();
1387 for (i = 0; i < count; i++) {
1388 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND ||
1389 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND,
1390 ("invalid direction %u", spp[i]->spidx.dir));
1391
1392 if (spp[i]->state != IPSEC_SPSTATE_IFNET)
1393 continue;
1394 spp[i]->state = IPSEC_SPSTATE_DEAD;
1395 ipsec_accel_spddel(spp[i]);
1396 TAILQ_REMOVE(&V_sptree_ifnet[spp[i]->spidx.dir],
1397 spp[i], chain);
1398 V_spd_size--;
1399 LIST_REMOVE(spp[i], idhash);
1400 }
1401 SPTREE_WUNLOCK();
1402 if (SPDCACHE_ENABLED())
1403 spdcache_clear();
1404 ipsec_accel_sync();
1405
1406 for (i = 0; i < count; i++) {
1407 m = key_setdumpsp(spp[i], SADB_X_SPDDELETE, 0, 0);
1408 if (m != NULL)
1409 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL);
1410 }
1411 }
1412
1413 /*
1414 * Must be called after calling key_allocsa().
1415 * This function is called by key_freesp() to free some SA allocated
1416 * for a policy.
1417 */
1418 void
key_freesav(struct secasvar ** psav)1419 key_freesav(struct secasvar **psav)
1420 {
1421 struct secasvar *sav = *psav;
1422
1423 IPSEC_ASSERT(sav != NULL, ("null sav"));
1424 CURVNET_ASSERT_SET();
1425 if (SAV_DELREF(sav) == 0)
1426 return;
1427
1428 KEYDBG(IPSEC_STAMP,
1429 printf("%s: last reference to SA(%p)\n", __func__, sav));
1430
1431 *psav = NULL;
1432 key_delsav(sav);
1433 }
1434
1435 /*
1436 * Unlink SA from SAH and SPI hash under SAHTREE_WLOCK.
1437 * Expect that SA has extra reference due to lookup.
1438 * Release this references, also release SAH reference after unlink.
1439 */
1440 static void
key_unlinksav(struct secasvar * sav)1441 key_unlinksav(struct secasvar *sav)
1442 {
1443 struct secashead *sah;
1444
1445 KEYDBG(KEY_STAMP,
1446 printf("%s: SA(%p)\n", __func__, sav));
1447
1448 CURVNET_ASSERT_SET();
1449 SAHTREE_UNLOCK_ASSERT();
1450 SAHTREE_WLOCK();
1451 if (sav->state == SADB_SASTATE_DEAD) {
1452 /* SA is already unlinked */
1453 SAHTREE_WUNLOCK();
1454 return;
1455 }
1456 /* Unlink from SAH */
1457 if (sav->state == SADB_SASTATE_LARVAL)
1458 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain);
1459 else
1460 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain);
1461 /* Unlink from SPI hash */
1462 LIST_REMOVE(sav, spihash);
1463 sav->state = SADB_SASTATE_DEAD;
1464 ipsec_accel_forget_sav(sav);
1465 sah = sav->sah;
1466 SAHTREE_WUNLOCK();
1467 key_freesav(&sav);
1468 /* Since we are unlinked, release reference to SAH */
1469 key_freesah(&sah);
1470 }
1471
1472 /* %%% SPD management */
1473 /*
1474 * search SPD
1475 * OUT: NULL : not found
1476 * others : found, pointer to a SP.
1477 */
1478 static struct secpolicy *
key_getsp(struct secpolicyindex * spidx)1479 key_getsp(struct secpolicyindex *spidx)
1480 {
1481 SPTREE_RLOCK_TRACKER;
1482 struct secpolicy *sp;
1483
1484 IPSEC_ASSERT(spidx != NULL, ("null spidx"));
1485
1486 SPTREE_RLOCK();
1487 TAILQ_FOREACH(sp, &V_sptree[spidx->dir], chain) {
1488 if (key_cmpspidx_exactly(spidx, &sp->spidx)) {
1489 SP_ADDREF(sp);
1490 break;
1491 }
1492 }
1493 SPTREE_RUNLOCK();
1494
1495 return sp;
1496 }
1497
1498 /*
1499 * get SP by index.
1500 * OUT: NULL : not found
1501 * others : found, pointer to referenced SP.
1502 */
1503 static struct secpolicy *
key_getspbyid(uint32_t id)1504 key_getspbyid(uint32_t id)
1505 {
1506 SPTREE_RLOCK_TRACKER;
1507 struct secpolicy *sp;
1508
1509 SPTREE_RLOCK();
1510 LIST_FOREACH(sp, SPHASH_HASH(id), idhash) {
1511 if (sp->id == id) {
1512 SP_ADDREF(sp);
1513 break;
1514 }
1515 }
1516 SPTREE_RUNLOCK();
1517 return (sp);
1518 }
1519
1520 struct secpolicy *
key_newsp(void)1521 key_newsp(void)
1522 {
1523 struct secpolicy *sp;
1524
1525 sp = malloc(sizeof(*sp), M_IPSEC_SP, M_NOWAIT | M_ZERO);
1526 if (sp != NULL)
1527 SP_INITREF(sp);
1528 return (sp);
1529 }
1530
1531 struct ipsecrequest *
ipsec_newisr(void)1532 ipsec_newisr(void)
1533 {
1534
1535 return (malloc(sizeof(struct ipsecrequest), M_IPSEC_SR,
1536 M_NOWAIT | M_ZERO));
1537 }
1538
1539 void
ipsec_delisr(struct ipsecrequest * p)1540 ipsec_delisr(struct ipsecrequest *p)
1541 {
1542
1543 free(p, M_IPSEC_SR);
1544 }
1545
1546 /*
1547 * create secpolicy structure from sadb_x_policy structure.
1548 * NOTE: `state', `secpolicyindex' and 'id' in secpolicy structure
1549 * are not set, so must be set properly later.
1550 */
1551 struct secpolicy *
key_msg2sp(struct sadb_x_policy * xpl0,size_t len,int * error)1552 key_msg2sp(struct sadb_x_policy *xpl0, size_t len, int *error)
1553 {
1554 struct secpolicy *newsp;
1555
1556 IPSEC_ASSERT(xpl0 != NULL, ("null xpl0"));
1557 IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len));
1558
1559 if (len != PFKEY_EXTLEN(xpl0)) {
1560 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__));
1561 *error = EINVAL;
1562 return NULL;
1563 }
1564
1565 if ((newsp = key_newsp()) == NULL) {
1566 *error = ENOBUFS;
1567 return NULL;
1568 }
1569
1570 newsp->spidx.dir = xpl0->sadb_x_policy_dir;
1571 newsp->policy = xpl0->sadb_x_policy_type;
1572 newsp->priority = xpl0->sadb_x_policy_priority;
1573 newsp->tcount = 0;
1574
1575 /* check policy */
1576 switch (xpl0->sadb_x_policy_type) {
1577 case IPSEC_POLICY_DISCARD:
1578 case IPSEC_POLICY_NONE:
1579 case IPSEC_POLICY_ENTRUST:
1580 case IPSEC_POLICY_BYPASS:
1581 break;
1582
1583 case IPSEC_POLICY_IPSEC:
1584 {
1585 struct sadb_x_ipsecrequest *xisr;
1586 struct ipsecrequest *isr;
1587 int tlen;
1588
1589 /* validity check */
1590 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
1591 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n",
1592 __func__));
1593 key_freesp(&newsp);
1594 *error = EINVAL;
1595 return NULL;
1596 }
1597
1598 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
1599 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
1600
1601 while (tlen > 0) {
1602 /* length check */
1603 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr) ||
1604 xisr->sadb_x_ipsecrequest_len > tlen) {
1605 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest "
1606 "length.\n", __func__));
1607 key_freesp(&newsp);
1608 *error = EINVAL;
1609 return NULL;
1610 }
1611
1612 if (newsp->tcount >= IPSEC_MAXREQ) {
1613 ipseclog((LOG_DEBUG,
1614 "%s: too many ipsecrequests.\n",
1615 __func__));
1616 key_freesp(&newsp);
1617 *error = EINVAL;
1618 return (NULL);
1619 }
1620
1621 /* allocate request buffer */
1622 /* NB: data structure is zero'd */
1623 isr = ipsec_newisr();
1624 if (isr == NULL) {
1625 ipseclog((LOG_DEBUG,
1626 "%s: No more memory.\n", __func__));
1627 key_freesp(&newsp);
1628 *error = ENOBUFS;
1629 return NULL;
1630 }
1631
1632 newsp->req[newsp->tcount++] = isr;
1633
1634 /* set values */
1635 switch (xisr->sadb_x_ipsecrequest_proto) {
1636 case IPPROTO_ESP:
1637 case IPPROTO_AH:
1638 case IPPROTO_IPCOMP:
1639 break;
1640 default:
1641 ipseclog((LOG_DEBUG,
1642 "%s: invalid proto type=%u\n", __func__,
1643 xisr->sadb_x_ipsecrequest_proto));
1644 key_freesp(&newsp);
1645 *error = EPROTONOSUPPORT;
1646 return NULL;
1647 }
1648 isr->saidx.proto =
1649 (uint8_t)xisr->sadb_x_ipsecrequest_proto;
1650
1651 switch (xisr->sadb_x_ipsecrequest_mode) {
1652 case IPSEC_MODE_TRANSPORT:
1653 case IPSEC_MODE_TUNNEL:
1654 break;
1655 case IPSEC_MODE_ANY:
1656 default:
1657 ipseclog((LOG_DEBUG,
1658 "%s: invalid mode=%u\n", __func__,
1659 xisr->sadb_x_ipsecrequest_mode));
1660 key_freesp(&newsp);
1661 *error = EINVAL;
1662 return NULL;
1663 }
1664 isr->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
1665
1666 switch (xisr->sadb_x_ipsecrequest_level) {
1667 case IPSEC_LEVEL_DEFAULT:
1668 case IPSEC_LEVEL_USE:
1669 case IPSEC_LEVEL_REQUIRE:
1670 break;
1671 case IPSEC_LEVEL_UNIQUE:
1672 /* validity check */
1673 /*
1674 * If range violation of reqid, kernel will
1675 * update it, don't refuse it.
1676 */
1677 if (xisr->sadb_x_ipsecrequest_reqid
1678 > IPSEC_MANUAL_REQID_MAX) {
1679 ipseclog((LOG_DEBUG,
1680 "%s: reqid=%d range "
1681 "violation, updated by kernel.\n",
1682 __func__,
1683 xisr->sadb_x_ipsecrequest_reqid));
1684 xisr->sadb_x_ipsecrequest_reqid = 0;
1685 }
1686
1687 /* allocate new reqid id if reqid is zero. */
1688 if (xisr->sadb_x_ipsecrequest_reqid == 0) {
1689 u_int32_t reqid;
1690 if ((reqid = key_newreqid()) == 0) {
1691 key_freesp(&newsp);
1692 *error = ENOBUFS;
1693 return NULL;
1694 }
1695 isr->saidx.reqid = reqid;
1696 xisr->sadb_x_ipsecrequest_reqid = reqid;
1697 } else {
1698 /* set it for manual keying. */
1699 isr->saidx.reqid =
1700 xisr->sadb_x_ipsecrequest_reqid;
1701 }
1702 break;
1703
1704 default:
1705 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n",
1706 __func__,
1707 xisr->sadb_x_ipsecrequest_level));
1708 key_freesp(&newsp);
1709 *error = EINVAL;
1710 return NULL;
1711 }
1712 isr->level = xisr->sadb_x_ipsecrequest_level;
1713
1714 /* set IP addresses if there */
1715 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
1716 struct sockaddr *paddr;
1717
1718 len = tlen - sizeof(*xisr);
1719 paddr = (struct sockaddr *)(xisr + 1);
1720 /* validity check */
1721 if (len < sizeof(struct sockaddr) ||
1722 len < 2 * paddr->sa_len ||
1723 paddr->sa_len > sizeof(isr->saidx.src)) {
1724 ipseclog((LOG_DEBUG, "%s: invalid "
1725 "request address length.\n",
1726 __func__));
1727 key_freesp(&newsp);
1728 *error = EINVAL;
1729 return NULL;
1730 }
1731 /*
1732 * Request length should be enough to keep
1733 * source and destination addresses.
1734 */
1735 if (xisr->sadb_x_ipsecrequest_len <
1736 sizeof(*xisr) + 2 * paddr->sa_len) {
1737 ipseclog((LOG_DEBUG, "%s: invalid "
1738 "ipsecrequest length.\n",
1739 __func__));
1740 key_freesp(&newsp);
1741 *error = EINVAL;
1742 return (NULL);
1743 }
1744 bcopy(paddr, &isr->saidx.src, paddr->sa_len);
1745 paddr = (struct sockaddr *)((caddr_t)paddr +
1746 paddr->sa_len);
1747
1748 /* validity check */
1749 if (paddr->sa_len !=
1750 isr->saidx.src.sa.sa_len) {
1751 ipseclog((LOG_DEBUG, "%s: invalid "
1752 "request address length.\n",
1753 __func__));
1754 key_freesp(&newsp);
1755 *error = EINVAL;
1756 return NULL;
1757 }
1758 /* AF family should match */
1759 if (paddr->sa_family !=
1760 isr->saidx.src.sa.sa_family) {
1761 ipseclog((LOG_DEBUG, "%s: address "
1762 "family doesn't match.\n",
1763 __func__));
1764 key_freesp(&newsp);
1765 *error = EINVAL;
1766 return (NULL);
1767 }
1768 bcopy(paddr, &isr->saidx.dst, paddr->sa_len);
1769 } else {
1770 /*
1771 * Addresses for TUNNEL mode requests are
1772 * mandatory.
1773 */
1774 if (isr->saidx.mode == IPSEC_MODE_TUNNEL) {
1775 ipseclog((LOG_DEBUG, "%s: missing "
1776 "request addresses.\n", __func__));
1777 key_freesp(&newsp);
1778 *error = EINVAL;
1779 return (NULL);
1780 }
1781 }
1782 tlen -= xisr->sadb_x_ipsecrequest_len;
1783
1784 /* validity check */
1785 if (tlen < 0) {
1786 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n",
1787 __func__));
1788 key_freesp(&newsp);
1789 *error = EINVAL;
1790 return NULL;
1791 }
1792
1793 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
1794 + xisr->sadb_x_ipsecrequest_len);
1795 }
1796 /* XXXAE: LARVAL SP */
1797 if (newsp->tcount < 1) {
1798 ipseclog((LOG_DEBUG, "%s: valid IPSEC transforms "
1799 "not found.\n", __func__));
1800 key_freesp(&newsp);
1801 *error = EINVAL;
1802 return (NULL);
1803 }
1804 }
1805 break;
1806 default:
1807 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__));
1808 key_freesp(&newsp);
1809 *error = EINVAL;
1810 return NULL;
1811 }
1812
1813 *error = 0;
1814 return (newsp);
1815 }
1816
1817 uint32_t
key_newreqid(void)1818 key_newreqid(void)
1819 {
1820 static uint32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
1821
1822 if (auto_reqid == ~0)
1823 auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
1824 else
1825 auto_reqid++;
1826
1827 /* XXX should be unique check */
1828 return (auto_reqid);
1829 }
1830
1831 /*
1832 * copy secpolicy struct to sadb_x_policy structure indicated.
1833 */
1834 static struct mbuf *
key_sp2mbuf(struct secpolicy * sp)1835 key_sp2mbuf(struct secpolicy *sp)
1836 {
1837 struct mbuf *m;
1838 size_t tlen;
1839
1840 tlen = key_getspreqmsglen(sp);
1841 m = m_get2(tlen, M_NOWAIT, MT_DATA, 0);
1842 if (m == NULL)
1843 return (NULL);
1844 m_align(m, tlen);
1845 m->m_len = tlen;
1846 if (key_sp2msg(sp, m->m_data, &tlen) != 0) {
1847 m_freem(m);
1848 return (NULL);
1849 }
1850 return (m);
1851 }
1852
1853 int
key_sp2msg(struct secpolicy * sp,void * request,size_t * len)1854 key_sp2msg(struct secpolicy *sp, void *request, size_t *len)
1855 {
1856 struct sadb_x_ipsecrequest *xisr;
1857 struct sadb_x_policy *xpl;
1858 struct ipsecrequest *isr;
1859 size_t xlen, ilen;
1860 caddr_t p;
1861 int error, i;
1862 #ifdef IPSEC_OFFLOAD
1863 struct sadb_x_if_hw_offl *xif;
1864 #endif
1865
1866 IPSEC_ASSERT(sp != NULL, ("null policy"));
1867
1868 xlen = sizeof(*xpl);
1869 if (*len < xlen)
1870 return (EINVAL);
1871
1872 error = 0;
1873 bzero(request, *len);
1874 xpl = (struct sadb_x_policy *)request;
1875 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
1876 xpl->sadb_x_policy_type = sp->policy;
1877 xpl->sadb_x_policy_dir = sp->spidx.dir;
1878 xpl->sadb_x_policy_id = sp->id;
1879 xpl->sadb_x_policy_priority = sp->priority;
1880 switch (sp->state) {
1881 case IPSEC_SPSTATE_IFNET:
1882 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_IFNET;
1883 break;
1884 case IPSEC_SPSTATE_PCB:
1885 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_PCB;
1886 break;
1887 default:
1888 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_GLOBAL;
1889 }
1890
1891 /* if is the policy for ipsec ? */
1892 if (sp->policy == IPSEC_POLICY_IPSEC) {
1893 p = (caddr_t)xpl + sizeof(*xpl);
1894 for (i = 0; i < sp->tcount; i++) {
1895 isr = sp->req[i];
1896 ilen = PFKEY_ALIGN8(sizeof(*xisr) +
1897 isr->saidx.src.sa.sa_len +
1898 isr->saidx.dst.sa.sa_len);
1899 xlen += ilen;
1900 if (xlen > *len) {
1901 error = ENOBUFS;
1902 /* Calculate needed size */
1903 continue;
1904 }
1905 xisr = (struct sadb_x_ipsecrequest *)p;
1906 xisr->sadb_x_ipsecrequest_len = ilen;
1907 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
1908 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
1909 xisr->sadb_x_ipsecrequest_level = isr->level;
1910 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
1911
1912 p += sizeof(*xisr);
1913 bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len);
1914 p += isr->saidx.src.sa.sa_len;
1915 bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len);
1916 p += isr->saidx.dst.sa.sa_len;
1917 }
1918 }
1919 xpl->sadb_x_policy_len = PFKEY_UNIT64(xlen);
1920 #ifdef IPSEC_OFFLOAD
1921 if (error == 0 && sp->accel_ifname != NULL) {
1922 xif = (struct sadb_x_if_hw_offl *)(xpl + 1);
1923 bzero(xif, sizeof(*xif));
1924 xif->sadb_x_if_hw_offl_len = PFKEY_UNIT64(sizeof(*xif));
1925 xif->sadb_x_if_hw_offl_exttype = SADB_X_EXT_IF_HW_OFFL;
1926 xif->sadb_x_if_hw_offl_flags = 0;
1927 strncpy(xif->sadb_x_if_hw_offl_if, sp->accel_ifname,
1928 sizeof(xif->sadb_x_if_hw_offl_if));
1929 xlen += sizeof(*xif);
1930 }
1931 #endif
1932 if (error == 0)
1933 *len = xlen;
1934 else
1935 *len = sizeof(*xpl);
1936 return (error);
1937 }
1938
1939 /* m will not be freed nor modified */
1940 static struct mbuf *
key_gather_mbuf(struct mbuf * m,const struct sadb_msghdr * mhp,int ndeep,int nitem,...)1941 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
1942 int ndeep, int nitem, ...)
1943 {
1944 va_list ap;
1945 int idx;
1946 int i;
1947 struct mbuf *result = NULL, *n;
1948 int len;
1949
1950 IPSEC_ASSERT(m != NULL, ("null mbuf"));
1951 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
1952
1953 va_start(ap, nitem);
1954 for (i = 0; i < nitem; i++) {
1955 idx = va_arg(ap, int);
1956 if (idx < 0 || idx > SADB_EXT_MAX)
1957 goto fail;
1958 /* don't attempt to pull empty extension */
1959 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
1960 continue;
1961 if (idx != SADB_EXT_RESERVED &&
1962 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
1963 continue;
1964
1965 if (idx == SADB_EXT_RESERVED) {
1966 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
1967
1968 IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len));
1969
1970 MGETHDR(n, M_NOWAIT, MT_DATA);
1971 if (!n)
1972 goto fail;
1973 n->m_len = len;
1974 n->m_next = NULL;
1975 m_copydata(m, 0, sizeof(struct sadb_msg),
1976 mtod(n, caddr_t));
1977 } else if (i < ndeep) {
1978 len = mhp->extlen[idx];
1979 n = m_get2(len, M_NOWAIT, MT_DATA, 0);
1980 if (n == NULL)
1981 goto fail;
1982 m_align(n, len);
1983 n->m_len = len;
1984 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
1985 mtod(n, caddr_t));
1986 } else {
1987 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
1988 M_NOWAIT);
1989 }
1990 if (n == NULL)
1991 goto fail;
1992
1993 if (result)
1994 m_cat(result, n);
1995 else
1996 result = n;
1997 }
1998 va_end(ap);
1999
2000 if ((result->m_flags & M_PKTHDR) != 0) {
2001 result->m_pkthdr.len = 0;
2002 for (n = result; n; n = n->m_next)
2003 result->m_pkthdr.len += n->m_len;
2004 }
2005
2006 return result;
2007
2008 fail:
2009 m_freem(result);
2010 va_end(ap);
2011 return NULL;
2012 }
2013
2014 /*
2015 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
2016 * add an entry to SP database, when received
2017 * <base, address(SD), (lifetime(H),) policy>
2018 * from the user(?).
2019 * Adding to SP database,
2020 * and send
2021 * <base, address(SD), (lifetime(H),) policy>
2022 * to the socket which was send.
2023 *
2024 * SPDADD set a unique policy entry.
2025 * SPDSETIDX like SPDADD without a part of policy requests.
2026 * SPDUPDATE replace a unique policy entry.
2027 *
2028 * XXXAE: serialize this in PF_KEY to avoid races.
2029 * m will always be freed.
2030 */
2031 static int
key_spdadd(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)2032 key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
2033 {
2034 struct secpolicyindex spidx;
2035 struct sadb_address *src0, *dst0;
2036 struct sadb_x_policy *xpl0, *xpl;
2037 struct sadb_lifetime *lft = NULL;
2038 struct secpolicy *newsp, *oldsp;
2039 int error;
2040
2041 IPSEC_ASSERT(so != NULL, ("null socket"));
2042 IPSEC_ASSERT(m != NULL, ("null mbuf"));
2043 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
2044 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
2045
2046 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) ||
2047 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) ||
2048 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) {
2049 ipseclog((LOG_DEBUG,
2050 "%s: invalid message: missing required header.\n",
2051 __func__));
2052 return key_senderror(so, m, EINVAL);
2053 }
2054 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) ||
2055 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) ||
2056 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) {
2057 ipseclog((LOG_DEBUG,
2058 "%s: invalid message: wrong header size.\n", __func__));
2059 return key_senderror(so, m, EINVAL);
2060 }
2061 if (!SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD)) {
2062 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD)) {
2063 ipseclog((LOG_DEBUG,
2064 "%s: invalid message: wrong header size.\n",
2065 __func__));
2066 return key_senderror(so, m, EINVAL);
2067 }
2068 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
2069 }
2070
2071 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
2072 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
2073 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
2074
2075 /* check the direciton */
2076 switch (xpl0->sadb_x_policy_dir) {
2077 case IPSEC_DIR_INBOUND:
2078 case IPSEC_DIR_OUTBOUND:
2079 break;
2080 default:
2081 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__));
2082 return key_senderror(so, m, EINVAL);
2083 }
2084 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
2085 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD &&
2086 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE &&
2087 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) {
2088 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__));
2089 return key_senderror(so, m, EINVAL);
2090 }
2091
2092 /* policy requests are mandatory when action is ipsec. */
2093 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
2094 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
2095 ipseclog((LOG_DEBUG,
2096 "%s: policy requests required.\n", __func__));
2097 return key_senderror(so, m, EINVAL);
2098 }
2099
2100 error = key_checksockaddrs((struct sockaddr *)(src0 + 1),
2101 (struct sockaddr *)(dst0 + 1));
2102 if (error != 0 ||
2103 src0->sadb_address_proto != dst0->sadb_address_proto) {
2104 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__));
2105 return key_senderror(so, m, error);
2106 }
2107 /* make secindex */
2108 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
2109 src0 + 1,
2110 dst0 + 1,
2111 src0->sadb_address_prefixlen,
2112 dst0->sadb_address_prefixlen,
2113 src0->sadb_address_proto,
2114 &spidx);
2115 /* Checking there is SP already or not. */
2116 oldsp = key_getsp(&spidx);
2117 if (oldsp != NULL) {
2118 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
2119 KEYDBG(KEY_STAMP,
2120 printf("%s: unlink SP(%p) for SPDUPDATE\n",
2121 __func__, oldsp));
2122 KEYDBG(KEY_DATA, kdebug_secpolicy(oldsp));
2123 } else {
2124 key_freesp(&oldsp);
2125 ipseclog((LOG_DEBUG,
2126 "%s: a SP entry exists already.\n", __func__));
2127 return (key_senderror(so, m, EEXIST));
2128 }
2129 }
2130
2131 /* allocate new SP entry */
2132 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
2133 if (oldsp != NULL) {
2134 key_unlink(oldsp);
2135 key_freesp(&oldsp); /* second for our reference */
2136 }
2137 return key_senderror(so, m, error);
2138 }
2139
2140 newsp->lastused = newsp->created = time_second;
2141 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
2142 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
2143 bcopy(&spidx, &newsp->spidx, sizeof(spidx));
2144 #ifdef IPSEC_OFFLOAD
2145 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_IF_HW_OFFL) &&
2146 !SADB_CHECKLEN(mhp, SADB_X_EXT_IF_HW_OFFL)) {
2147 struct sadb_x_if_hw_offl *xof;
2148
2149 xof = (struct sadb_x_if_hw_offl *)mhp->ext[
2150 SADB_X_EXT_IF_HW_OFFL];
2151 newsp->accel_ifname = malloc(sizeof(xof->sadb_x_if_hw_offl_if),
2152 M_IPSEC_MISC, M_NOWAIT);
2153 if (newsp->accel_ifname == NULL) {
2154 ipseclog((LOG_DEBUG, "%s: cannot alloc accel_ifname.\n",
2155 __func__));
2156 key_freesp(&newsp);
2157 return (key_senderror(so, m, error));
2158 }
2159 strncpy(__DECONST(char *, newsp->accel_ifname),
2160 xof->sadb_x_if_hw_offl_if,
2161 sizeof(xof->sadb_x_if_hw_offl_if));
2162 }
2163
2164 #endif
2165
2166 SPTREE_WLOCK();
2167 if ((newsp->id = key_getnewspid()) == 0) {
2168 if (oldsp != NULL)
2169 key_detach(oldsp);
2170 SPTREE_WUNLOCK();
2171 if (oldsp != NULL) {
2172 ipsec_accel_sync();
2173 key_freesp(&oldsp); /* first for key_detach */
2174 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug"));
2175 key_freesp(&oldsp); /* second for our reference */
2176 if (SPDCACHE_ENABLED()) /* refresh cache because of key_detach */
2177 spdcache_clear();
2178 }
2179 key_freesp(&newsp);
2180 return key_senderror(so, m, ENOBUFS);
2181 }
2182 if (oldsp != NULL)
2183 key_detach(oldsp);
2184 key_insertsp(newsp);
2185 SPTREE_WUNLOCK();
2186 if (oldsp != NULL) {
2187 ipsec_accel_sync();
2188 key_freesp(&oldsp); /* first for key_detach */
2189 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug"));
2190 key_freesp(&oldsp); /* second for our reference */
2191 }
2192 if (SPDCACHE_ENABLED())
2193 spdcache_clear();
2194 KEYDBG(KEY_STAMP,
2195 printf("%s: SP(%p)\n", __func__, newsp));
2196 KEYDBG(KEY_DATA, kdebug_secpolicy(newsp));
2197
2198 {
2199 struct mbuf *n, *mpolicy;
2200 struct sadb_msg *newmsg;
2201 int off;
2202
2203 /* create new sadb_msg to reply. */
2204 if (lft) {
2205 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED,
2206 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD,
2207 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2208 } else {
2209 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED,
2210 SADB_X_EXT_POLICY,
2211 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2212 }
2213 if (!n)
2214 return key_senderror(so, m, ENOBUFS);
2215
2216 if (n->m_len < sizeof(*newmsg)) {
2217 n = m_pullup(n, sizeof(*newmsg));
2218 if (!n)
2219 return key_senderror(so, m, ENOBUFS);
2220 }
2221 newmsg = mtod(n, struct sadb_msg *);
2222 newmsg->sadb_msg_errno = 0;
2223 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2224
2225 off = 0;
2226 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
2227 sizeof(*xpl), &off);
2228 if (mpolicy == NULL) {
2229 /* n is already freed */
2230 return key_senderror(so, m, ENOBUFS);
2231 }
2232 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off);
2233 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
2234 m_freem(n);
2235 return key_senderror(so, m, EINVAL);
2236 }
2237 xpl->sadb_x_policy_id = newsp->id;
2238
2239 m_freem(m);
2240 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2241 }
2242 }
2243
2244 /*
2245 * get new policy id.
2246 * OUT:
2247 * 0: failure.
2248 * others: success.
2249 */
2250 static uint32_t
key_getnewspid(void)2251 key_getnewspid(void)
2252 {
2253 struct secpolicy *sp;
2254 uint32_t newid = 0;
2255 int tries, limit;
2256
2257 SPTREE_WLOCK_ASSERT();
2258
2259 limit = atomic_load_int(&V_key_spi_trycnt);
2260 for (tries = 0; tries < limit; tries++) {
2261 if (V_policy_id == ~0) /* overflowed */
2262 newid = V_policy_id = 1;
2263 else
2264 newid = ++V_policy_id;
2265 LIST_FOREACH(sp, SPHASH_HASH(newid), idhash) {
2266 if (sp->id == newid)
2267 break;
2268 }
2269 if (sp == NULL)
2270 break;
2271 }
2272 if (tries == limit || newid == 0) {
2273 ipseclog((LOG_DEBUG, "%s: failed to allocate policy id.\n",
2274 __func__));
2275 return (0);
2276 }
2277 return (newid);
2278 }
2279
2280 /*
2281 * SADB_SPDDELETE processing
2282 * receive
2283 * <base, address(SD), policy(*)>
2284 * from the user(?), and set SADB_SASTATE_DEAD,
2285 * and send,
2286 * <base, address(SD), policy(*)>
2287 * to the ikmpd.
2288 * policy(*) including direction of policy.
2289 *
2290 * m will always be freed.
2291 */
2292 static int
key_spddelete(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)2293 key_spddelete(struct socket *so, struct mbuf *m,
2294 const struct sadb_msghdr *mhp)
2295 {
2296 struct secpolicyindex spidx;
2297 struct sadb_address *src0, *dst0;
2298 struct sadb_x_policy *xpl0;
2299 struct secpolicy *sp;
2300
2301 IPSEC_ASSERT(so != NULL, ("null so"));
2302 IPSEC_ASSERT(m != NULL, ("null mbuf"));
2303 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
2304 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
2305
2306 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) ||
2307 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) ||
2308 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) {
2309 ipseclog((LOG_DEBUG,
2310 "%s: invalid message: missing required header.\n",
2311 __func__));
2312 return key_senderror(so, m, EINVAL);
2313 }
2314 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) ||
2315 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) ||
2316 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) {
2317 ipseclog((LOG_DEBUG,
2318 "%s: invalid message: wrong header size.\n", __func__));
2319 return key_senderror(so, m, EINVAL);
2320 }
2321
2322 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
2323 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
2324 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
2325
2326 /* check the direciton */
2327 switch (xpl0->sadb_x_policy_dir) {
2328 case IPSEC_DIR_INBOUND:
2329 case IPSEC_DIR_OUTBOUND:
2330 break;
2331 default:
2332 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__));
2333 return key_senderror(so, m, EINVAL);
2334 }
2335 /* Only DISCARD, NONE and IPSEC are allowed */
2336 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD &&
2337 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE &&
2338 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) {
2339 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__));
2340 return key_senderror(so, m, EINVAL);
2341 }
2342 if (key_checksockaddrs((struct sockaddr *)(src0 + 1),
2343 (struct sockaddr *)(dst0 + 1)) != 0 ||
2344 src0->sadb_address_proto != dst0->sadb_address_proto) {
2345 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__));
2346 return key_senderror(so, m, EINVAL);
2347 }
2348 /* make secindex */
2349 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
2350 src0 + 1,
2351 dst0 + 1,
2352 src0->sadb_address_prefixlen,
2353 dst0->sadb_address_prefixlen,
2354 src0->sadb_address_proto,
2355 &spidx);
2356
2357 /* Is there SP in SPD ? */
2358 if ((sp = key_getsp(&spidx)) == NULL) {
2359 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__));
2360 return key_senderror(so, m, EINVAL);
2361 }
2362
2363 /* save policy id to buffer to be returned. */
2364 xpl0->sadb_x_policy_id = sp->id;
2365
2366 KEYDBG(KEY_STAMP,
2367 printf("%s: SP(%p)\n", __func__, sp));
2368 KEYDBG(KEY_DATA, kdebug_secpolicy(sp));
2369 ipsec_accel_spddel(sp);
2370 key_unlink(sp);
2371 key_freesp(&sp);
2372
2373 {
2374 struct mbuf *n;
2375 struct sadb_msg *newmsg;
2376
2377 /* create new sadb_msg to reply. */
2378 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
2379 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2380 if (!n)
2381 return key_senderror(so, m, ENOBUFS);
2382
2383 newmsg = mtod(n, struct sadb_msg *);
2384 newmsg->sadb_msg_errno = 0;
2385 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2386
2387 m_freem(m);
2388 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2389 }
2390 }
2391
2392 /*
2393 * SADB_SPDDELETE2 processing
2394 * receive
2395 * <base, policy(*)>
2396 * from the user(?), and set SADB_SASTATE_DEAD,
2397 * and send,
2398 * <base, policy(*)>
2399 * to the ikmpd.
2400 * policy(*) including direction of policy.
2401 *
2402 * m will always be freed.
2403 */
2404 static int
key_spddelete2(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)2405 key_spddelete2(struct socket *so, struct mbuf *m,
2406 const struct sadb_msghdr *mhp)
2407 {
2408 struct secpolicy *sp;
2409 uint32_t id;
2410
2411 IPSEC_ASSERT(so != NULL, ("null socket"));
2412 IPSEC_ASSERT(m != NULL, ("null mbuf"));
2413 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
2414 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
2415
2416 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) ||
2417 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) {
2418 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
2419 __func__));
2420 return key_senderror(so, m, EINVAL);
2421 }
2422
2423 id = ((struct sadb_x_policy *)
2424 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2425
2426 /* Is there SP in SPD ? */
2427 if ((sp = key_getspbyid(id)) == NULL) {
2428 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n",
2429 __func__, id));
2430 return key_senderror(so, m, EINVAL);
2431 }
2432
2433 KEYDBG(KEY_STAMP,
2434 printf("%s: SP(%p)\n", __func__, sp));
2435 KEYDBG(KEY_DATA, kdebug_secpolicy(sp));
2436 key_unlink(sp);
2437 if (sp->state != IPSEC_SPSTATE_DEAD) {
2438 ipseclog((LOG_DEBUG, "%s: failed to delete SP with id %u.\n",
2439 __func__, id));
2440 key_freesp(&sp);
2441 return (key_senderror(so, m, EACCES));
2442 }
2443 key_freesp(&sp);
2444
2445 {
2446 struct mbuf *n, *nn;
2447 struct sadb_msg *newmsg;
2448 int off, len;
2449
2450 /* create new sadb_msg to reply. */
2451 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2452
2453 n = key_mget(len);
2454 if (n == NULL)
2455 return key_senderror(so, m, ENOBUFS);
2456
2457 n->m_len = len;
2458 n->m_next = NULL;
2459 off = 0;
2460
2461 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
2462 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
2463
2464 IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)",
2465 off, len));
2466
2467 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
2468 mhp->extlen[SADB_X_EXT_POLICY], M_NOWAIT);
2469 if (!n->m_next) {
2470 m_freem(n);
2471 return key_senderror(so, m, ENOBUFS);
2472 }
2473
2474 n->m_pkthdr.len = 0;
2475 for (nn = n; nn; nn = nn->m_next)
2476 n->m_pkthdr.len += nn->m_len;
2477
2478 newmsg = mtod(n, struct sadb_msg *);
2479 newmsg->sadb_msg_errno = 0;
2480 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2481
2482 m_freem(m);
2483 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2484 }
2485 }
2486
2487 /*
2488 * SADB_X_SPDGET processing
2489 * receive
2490 * <base, policy(*)>
2491 * from the user(?),
2492 * and send,
2493 * <base, address(SD), policy>
2494 * to the ikmpd.
2495 * policy(*) including direction of policy.
2496 *
2497 * m will always be freed.
2498 */
2499 static int
key_spdget(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)2500 key_spdget(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
2501 {
2502 struct secpolicy *sp;
2503 struct mbuf *n;
2504 uint32_t id;
2505
2506 IPSEC_ASSERT(so != NULL, ("null socket"));
2507 IPSEC_ASSERT(m != NULL, ("null mbuf"));
2508 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
2509 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
2510
2511 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) ||
2512 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) {
2513 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
2514 __func__));
2515 return key_senderror(so, m, EINVAL);
2516 }
2517
2518 id = ((struct sadb_x_policy *)
2519 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2520
2521 /* Is there SP in SPD ? */
2522 if ((sp = key_getspbyid(id)) == NULL) {
2523 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n",
2524 __func__, id));
2525 return key_senderror(so, m, ENOENT);
2526 }
2527
2528 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq,
2529 mhp->msg->sadb_msg_pid);
2530 key_freesp(&sp);
2531 if (n != NULL) {
2532 m_freem(m);
2533 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2534 } else
2535 return key_senderror(so, m, ENOBUFS);
2536 }
2537
2538 /*
2539 * SADB_X_SPDACQUIRE processing.
2540 * Acquire policy and SA(s) for a *OUTBOUND* packet.
2541 * send
2542 * <base, policy(*)>
2543 * to KMD, and expect to receive
2544 * <base> with SADB_X_SPDACQUIRE if error occurred,
2545 * or
2546 * <base, policy>
2547 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
2548 * policy(*) is without policy requests.
2549 *
2550 * 0 : succeed
2551 * others: error number
2552 */
2553 int
key_spdacquire(struct secpolicy * sp)2554 key_spdacquire(struct secpolicy *sp)
2555 {
2556 struct mbuf *result = NULL, *m;
2557 struct secspacq *newspacq;
2558
2559 IPSEC_ASSERT(sp != NULL, ("null secpolicy"));
2560 IPSEC_ASSERT(sp->req == NULL, ("policy exists"));
2561 IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC,
2562 ("policy not IPSEC %u", sp->policy));
2563
2564 /* Get an entry to check whether sent message or not. */
2565 newspacq = key_getspacq(&sp->spidx);
2566 if (newspacq != NULL) {
2567 if (V_key_blockacq_count < newspacq->count) {
2568 /* reset counter and do send message. */
2569 newspacq->count = 0;
2570 } else {
2571 /* increment counter and do nothing. */
2572 newspacq->count++;
2573 SPACQ_UNLOCK();
2574 return (0);
2575 }
2576 SPACQ_UNLOCK();
2577 } else {
2578 /* make new entry for blocking to send SADB_ACQUIRE. */
2579 newspacq = key_newspacq(&sp->spidx);
2580 if (newspacq == NULL)
2581 return ENOBUFS;
2582 }
2583
2584 /* create new sadb_msg to reply. */
2585 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
2586 if (!m)
2587 return ENOBUFS;
2588
2589 result = m;
2590
2591 result->m_pkthdr.len = 0;
2592 for (m = result; m; m = m->m_next)
2593 result->m_pkthdr.len += m->m_len;
2594
2595 mtod(result, struct sadb_msg *)->sadb_msg_len =
2596 PFKEY_UNIT64(result->m_pkthdr.len);
2597
2598 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
2599 }
2600
2601 /*
2602 * SADB_SPDFLUSH processing
2603 * receive
2604 * <base>
2605 * from the user, and free all entries in secpctree.
2606 * and send,
2607 * <base>
2608 * to the user.
2609 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
2610 *
2611 * m will always be freed.
2612 */
2613 static int
key_spdflush(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)2614 key_spdflush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
2615 {
2616 struct secpolicy_queue drainq;
2617 struct sadb_msg *newmsg;
2618 struct secpolicy *sp, *nextsp;
2619 u_int dir;
2620
2621 IPSEC_ASSERT(so != NULL, ("null socket"));
2622 IPSEC_ASSERT(m != NULL, ("null mbuf"));
2623 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
2624 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
2625
2626 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
2627 return key_senderror(so, m, EINVAL);
2628
2629 TAILQ_INIT(&drainq);
2630 SPTREE_WLOCK();
2631 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2632 TAILQ_CONCAT(&drainq, &V_sptree[dir], chain);
2633 }
2634 /*
2635 * We need to set state to DEAD for each policy to be sure,
2636 * that another thread won't try to unlink it.
2637 * Also remove SP from sphash.
2638 */
2639 TAILQ_FOREACH(sp, &drainq, chain) {
2640 sp->state = IPSEC_SPSTATE_DEAD;
2641 ipsec_accel_spddel(sp);
2642 LIST_REMOVE(sp, idhash);
2643 }
2644 V_sp_genid++;
2645 V_spd_size = 0;
2646 SPTREE_WUNLOCK();
2647 if (SPDCACHE_ENABLED())
2648 spdcache_clear();
2649 sp = TAILQ_FIRST(&drainq);
2650 while (sp != NULL) {
2651 nextsp = TAILQ_NEXT(sp, chain);
2652 key_freesp(&sp);
2653 sp = nextsp;
2654 }
2655
2656 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
2657 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
2658 return key_senderror(so, m, ENOBUFS);
2659 }
2660
2661 if (m->m_next)
2662 m_freem(m->m_next);
2663 m->m_next = NULL;
2664 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2665 newmsg = mtod(m, struct sadb_msg *);
2666 newmsg->sadb_msg_errno = 0;
2667 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
2668
2669 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
2670 }
2671
2672 static uint8_t
key_satype2scopemask(uint8_t satype)2673 key_satype2scopemask(uint8_t satype)
2674 {
2675
2676 if (satype == IPSEC_POLICYSCOPE_ANY)
2677 return (0xff);
2678 return (satype);
2679 }
2680 /*
2681 * SADB_SPDDUMP processing
2682 * receive
2683 * <base>
2684 * from the user, and dump all SP leaves and send,
2685 * <base> .....
2686 * to the ikmpd.
2687 *
2688 * NOTE:
2689 * sadb_msg_satype is considered as mask of policy scopes.
2690 * m will always be freed.
2691 */
2692 static int
key_spddump(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)2693 key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
2694 {
2695 SPTREE_RLOCK_TRACKER;
2696 struct secpolicy *sp;
2697 struct mbuf *n;
2698 int cnt;
2699 u_int dir, scope;
2700
2701 IPSEC_ASSERT(so != NULL, ("null socket"));
2702 IPSEC_ASSERT(m != NULL, ("null mbuf"));
2703 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
2704 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
2705
2706 /* search SPD entry and get buffer size. */
2707 cnt = 0;
2708 scope = key_satype2scopemask(mhp->msg->sadb_msg_satype);
2709 SPTREE_RLOCK();
2710 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2711 if (scope & IPSEC_POLICYSCOPE_GLOBAL) {
2712 TAILQ_FOREACH(sp, &V_sptree[dir], chain)
2713 cnt++;
2714 }
2715 if (scope & IPSEC_POLICYSCOPE_IFNET) {
2716 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain)
2717 cnt++;
2718 }
2719 }
2720
2721 if (cnt == 0) {
2722 SPTREE_RUNLOCK();
2723 return key_senderror(so, m, ENOENT);
2724 }
2725
2726 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2727 if (scope & IPSEC_POLICYSCOPE_GLOBAL) {
2728 TAILQ_FOREACH(sp, &V_sptree[dir], chain) {
2729 --cnt;
2730 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
2731 mhp->msg->sadb_msg_pid);
2732
2733 if (n != NULL)
2734 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2735 }
2736 }
2737 if (scope & IPSEC_POLICYSCOPE_IFNET) {
2738 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) {
2739 --cnt;
2740 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
2741 mhp->msg->sadb_msg_pid);
2742
2743 if (n != NULL)
2744 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2745 }
2746 }
2747 }
2748
2749 SPTREE_RUNLOCK();
2750 m_freem(m);
2751 return (0);
2752 }
2753
2754 static struct mbuf *
key_setdumpsp(struct secpolicy * sp,u_int8_t type,u_int32_t seq,u_int32_t pid)2755 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq,
2756 u_int32_t pid)
2757 {
2758 struct mbuf *result = NULL, *m;
2759 struct seclifetime lt;
2760
2761 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
2762 if (!m)
2763 goto fail;
2764 result = m;
2765
2766 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2767 &sp->spidx.src.sa, sp->spidx.prefs,
2768 sp->spidx.ul_proto);
2769 if (!m)
2770 goto fail;
2771 m_cat(result, m);
2772
2773 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2774 &sp->spidx.dst.sa, sp->spidx.prefd,
2775 sp->spidx.ul_proto);
2776 if (!m)
2777 goto fail;
2778 m_cat(result, m);
2779
2780 m = key_sp2mbuf(sp);
2781 if (!m)
2782 goto fail;
2783 m_cat(result, m);
2784
2785 if(sp->lifetime){
2786 lt.addtime=sp->created;
2787 lt.usetime= sp->lastused;
2788 m = key_setlifetime(<, SADB_EXT_LIFETIME_CURRENT);
2789 if (!m)
2790 goto fail;
2791 m_cat(result, m);
2792
2793 lt.addtime=sp->lifetime;
2794 lt.usetime= sp->validtime;
2795 m = key_setlifetime(<, SADB_EXT_LIFETIME_HARD);
2796 if (!m)
2797 goto fail;
2798 m_cat(result, m);
2799 }
2800
2801 if ((result->m_flags & M_PKTHDR) == 0)
2802 goto fail;
2803
2804 if (result->m_len < sizeof(struct sadb_msg)) {
2805 result = m_pullup(result, sizeof(struct sadb_msg));
2806 if (result == NULL)
2807 goto fail;
2808 }
2809
2810 result->m_pkthdr.len = 0;
2811 for (m = result; m; m = m->m_next)
2812 result->m_pkthdr.len += m->m_len;
2813
2814 mtod(result, struct sadb_msg *)->sadb_msg_len =
2815 PFKEY_UNIT64(result->m_pkthdr.len);
2816
2817 return result;
2818
2819 fail:
2820 m_freem(result);
2821 return NULL;
2822 }
2823 /*
2824 * get PFKEY message length for security policy and request.
2825 */
2826 static size_t
key_getspreqmsglen(struct secpolicy * sp)2827 key_getspreqmsglen(struct secpolicy *sp)
2828 {
2829 size_t tlen, len;
2830 int i;
2831
2832 tlen = sizeof(struct sadb_x_policy);
2833 /* if is the policy for ipsec ? */
2834 if (sp->policy != IPSEC_POLICY_IPSEC)
2835 return (tlen);
2836
2837 /* get length of ipsec requests */
2838 for (i = 0; i < sp->tcount; i++) {
2839 len = sizeof(struct sadb_x_ipsecrequest)
2840 + sp->req[i]->saidx.src.sa.sa_len
2841 + sp->req[i]->saidx.dst.sa.sa_len;
2842
2843 tlen += PFKEY_ALIGN8(len);
2844 }
2845 #ifdef IPSEC_OFFLOAD
2846 if (sp->accel_ifname != NULL)
2847 tlen += sizeof(struct sadb_x_if_hw_offl);
2848 #endif
2849 return (tlen);
2850 }
2851
2852 /*
2853 * SADB_SPDEXPIRE processing
2854 * send
2855 * <base, address(SD), lifetime(CH), policy>
2856 * to KMD by PF_KEY.
2857 *
2858 * OUT: 0 : succeed
2859 * others : error number
2860 */
2861 static int
key_spdexpire(struct secpolicy * sp)2862 key_spdexpire(struct secpolicy *sp)
2863 {
2864 struct sadb_lifetime *lt;
2865 struct mbuf *result = NULL, *m;
2866 int len, error = -1;
2867
2868 IPSEC_ASSERT(sp != NULL, ("null secpolicy"));
2869
2870 KEYDBG(KEY_STAMP,
2871 printf("%s: SP(%p)\n", __func__, sp));
2872 KEYDBG(KEY_DATA, kdebug_secpolicy(sp));
2873
2874 /* set msg header */
2875 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
2876 if (!m) {
2877 error = ENOBUFS;
2878 goto fail;
2879 }
2880 result = m;
2881
2882 /* create lifetime extension (current and hard) */
2883 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
2884 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
2885 if (m == NULL) {
2886 error = ENOBUFS;
2887 goto fail;
2888 }
2889 m_align(m, len);
2890 m->m_len = len;
2891 bzero(mtod(m, caddr_t), len);
2892 lt = mtod(m, struct sadb_lifetime *);
2893 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2894 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
2895 lt->sadb_lifetime_allocations = 0;
2896 lt->sadb_lifetime_bytes = 0;
2897 lt->sadb_lifetime_addtime = sp->created;
2898 lt->sadb_lifetime_usetime = sp->lastused;
2899 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
2900 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2901 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
2902 lt->sadb_lifetime_allocations = 0;
2903 lt->sadb_lifetime_bytes = 0;
2904 lt->sadb_lifetime_addtime = sp->lifetime;
2905 lt->sadb_lifetime_usetime = sp->validtime;
2906 m_cat(result, m);
2907
2908 /* set sadb_address for source */
2909 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2910 &sp->spidx.src.sa,
2911 sp->spidx.prefs, sp->spidx.ul_proto);
2912 if (!m) {
2913 error = ENOBUFS;
2914 goto fail;
2915 }
2916 m_cat(result, m);
2917
2918 /* set sadb_address for destination */
2919 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2920 &sp->spidx.dst.sa,
2921 sp->spidx.prefd, sp->spidx.ul_proto);
2922 if (!m) {
2923 error = ENOBUFS;
2924 goto fail;
2925 }
2926 m_cat(result, m);
2927
2928 /* set secpolicy */
2929 m = key_sp2mbuf(sp);
2930 if (!m) {
2931 error = ENOBUFS;
2932 goto fail;
2933 }
2934 m_cat(result, m);
2935
2936 if ((result->m_flags & M_PKTHDR) == 0) {
2937 error = EINVAL;
2938 goto fail;
2939 }
2940
2941 if (result->m_len < sizeof(struct sadb_msg)) {
2942 result = m_pullup(result, sizeof(struct sadb_msg));
2943 if (result == NULL) {
2944 error = ENOBUFS;
2945 goto fail;
2946 }
2947 }
2948
2949 result->m_pkthdr.len = 0;
2950 for (m = result; m; m = m->m_next)
2951 result->m_pkthdr.len += m->m_len;
2952
2953 mtod(result, struct sadb_msg *)->sadb_msg_len =
2954 PFKEY_UNIT64(result->m_pkthdr.len);
2955
2956 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
2957
2958 fail:
2959 if (result)
2960 m_freem(result);
2961 return error;
2962 }
2963
2964 /* %%% SAD management */
2965 /*
2966 * allocating and initialize new SA head.
2967 * OUT: NULL : failure due to the lack of memory.
2968 * others : pointer to new SA head.
2969 */
2970 static struct secashead *
key_newsah(struct secasindex * saidx)2971 key_newsah(struct secasindex *saidx)
2972 {
2973 struct secashead *sah;
2974
2975 sah = malloc(sizeof(struct secashead), M_IPSEC_SAH,
2976 M_NOWAIT | M_ZERO);
2977 if (sah == NULL) {
2978 PFKEYSTAT_INC(in_nomem);
2979 return (NULL);
2980 }
2981 TAILQ_INIT(&sah->savtree_larval);
2982 TAILQ_INIT(&sah->savtree_alive);
2983 sah->saidx = *saidx;
2984 sah->state = SADB_SASTATE_DEAD;
2985 SAH_INITREF(sah);
2986
2987 KEYDBG(KEY_STAMP,
2988 printf("%s: SAH(%p)\n", __func__, sah));
2989 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL));
2990 return (sah);
2991 }
2992
2993 static void
key_freesah(struct secashead ** psah)2994 key_freesah(struct secashead **psah)
2995 {
2996 struct secashead *sah = *psah;
2997
2998 CURVNET_ASSERT_SET();
2999
3000 if (SAH_DELREF(sah) == 0)
3001 return;
3002
3003 KEYDBG(KEY_STAMP,
3004 printf("%s: last reference to SAH(%p)\n", __func__, sah));
3005 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL));
3006
3007 *psah = NULL;
3008 key_delsah(sah);
3009 }
3010
3011 static void
key_delsah(struct secashead * sah)3012 key_delsah(struct secashead *sah)
3013 {
3014 IPSEC_ASSERT(sah != NULL, ("NULL sah"));
3015 IPSEC_ASSERT(sah->state == SADB_SASTATE_DEAD,
3016 ("Attempt to free non DEAD SAH %p", sah));
3017 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_larval),
3018 ("Attempt to free SAH %p with LARVAL SA", sah));
3019 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_alive),
3020 ("Attempt to free SAH %p with ALIVE SA", sah));
3021
3022 free(sah, M_IPSEC_SAH);
3023 }
3024
3025 /*
3026 * allocating a new SA for key_add() and key_getspi() call,
3027 * and copy the values of mhp into new buffer.
3028 * When SAD message type is SADB_GETSPI set SA state to LARVAL.
3029 * For SADB_ADD create and initialize SA with MATURE state.
3030 * OUT: NULL : fail
3031 * others : pointer to new secasvar.
3032 */
3033 static struct secasvar *
key_newsav(const struct sadb_msghdr * mhp,struct secasindex * saidx,uint32_t spi,int * errp)3034 key_newsav(const struct sadb_msghdr *mhp, struct secasindex *saidx,
3035 uint32_t spi, int *errp)
3036 {
3037 struct secashead *sah;
3038 struct secasvar *sav;
3039 int isnew;
3040
3041 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
3042 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
3043 IPSEC_ASSERT(mhp->msg->sadb_msg_type == SADB_GETSPI ||
3044 mhp->msg->sadb_msg_type == SADB_ADD, ("wrong message type"));
3045
3046 sav = NULL;
3047 sah = NULL;
3048 /* check SPI value */
3049 switch (saidx->proto) {
3050 case IPPROTO_ESP:
3051 case IPPROTO_AH:
3052 /*
3053 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values
3054 * 1-255 reserved by IANA for future use,
3055 * 0 for implementation specific, local use.
3056 */
3057 if (ntohl(spi) <= 255) {
3058 ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n",
3059 __func__, ntohl(spi)));
3060 *errp = EINVAL;
3061 goto done;
3062 }
3063 break;
3064 }
3065
3066 sav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT | M_ZERO);
3067 if (sav == NULL) {
3068 *errp = ENOBUFS;
3069 goto done;
3070 }
3071 sav->lock = malloc_aligned(max(sizeof(struct rmlock),
3072 CACHE_LINE_SIZE), CACHE_LINE_SIZE, M_IPSEC_MISC,
3073 M_NOWAIT | M_ZERO);
3074 if (sav->lock == NULL) {
3075 *errp = ENOBUFS;
3076 goto done;
3077 }
3078 rm_init(sav->lock, "ipsec association");
3079 sav->lft_c = uma_zalloc_pcpu(ipsec_key_lft_zone, M_NOWAIT | M_ZERO);
3080 if (sav->lft_c == NULL) {
3081 *errp = ENOBUFS;
3082 goto done;
3083 }
3084
3085 sav->spi = spi;
3086 sav->seq = mhp->msg->sadb_msg_seq;
3087 sav->state = SADB_SASTATE_LARVAL;
3088 sav->pid = (pid_t)mhp->msg->sadb_msg_pid;
3089 SAV_INITREF(sav);
3090 #ifdef IPSEC_OFFLOAD
3091 CK_LIST_INIT(&sav->accel_ifps);
3092 sav->accel_forget_tq = 0;
3093 sav->accel_lft_sw = uma_zalloc_pcpu(ipsec_key_lft_zone,
3094 M_NOWAIT | M_ZERO);
3095 if (sav->accel_lft_sw == NULL) {
3096 *errp = ENOBUFS;
3097 goto done;
3098 }
3099 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_IF_HW_OFFL) &&
3100 !SADB_CHECKLEN(mhp, SADB_X_EXT_IF_HW_OFFL)) {
3101 struct sadb_x_if_hw_offl *xof;
3102
3103 xof = (struct sadb_x_if_hw_offl *)mhp->ext[
3104 SADB_X_EXT_IF_HW_OFFL];
3105 sav->accel_ifname = malloc(sizeof(xof->sadb_x_if_hw_offl_if),
3106 M_IPSEC_MISC, M_NOWAIT);
3107 if (sav->accel_ifname == NULL) {
3108 *errp = ENOBUFS;
3109 goto done;
3110 }
3111 strncpy(__DECONST(char *, sav->accel_ifname),
3112 xof->sadb_x_if_hw_offl_if,
3113 sizeof(xof->sadb_x_if_hw_offl_if));
3114 }
3115 #endif
3116 again:
3117 sah = key_getsah(saidx);
3118 if (sah == NULL) {
3119 /* create a new SA index */
3120 sah = key_newsah(saidx);
3121 if (sah == NULL) {
3122 ipseclog((LOG_DEBUG,
3123 "%s: No more memory.\n", __func__));
3124 *errp = ENOBUFS;
3125 goto done;
3126 }
3127 isnew = 1;
3128 } else
3129 isnew = 0;
3130
3131 sav->sah = sah;
3132 if (mhp->msg->sadb_msg_type == SADB_GETSPI) {
3133 sav->created = time_second;
3134 } else if (sav->state == SADB_SASTATE_LARVAL) {
3135 /*
3136 * Do not call key_setsaval() second time in case
3137 * of `goto again`. We will have MATURE state.
3138 */
3139 *errp = key_setsaval(sav, mhp);
3140 if (*errp != 0)
3141 goto done;
3142 sav->state = SADB_SASTATE_MATURE;
3143 }
3144
3145 SAHTREE_WLOCK();
3146 /*
3147 * Check that existing SAH wasn't unlinked.
3148 * Since we didn't hold the SAHTREE lock, it is possible,
3149 * that callout handler or key_flush() or key_delete() could
3150 * unlink this SAH.
3151 */
3152 if (isnew == 0 && sah->state == SADB_SASTATE_DEAD) {
3153 SAHTREE_WUNLOCK();
3154 key_freesah(&sah); /* reference from key_getsah() */
3155 goto again;
3156 }
3157 if (isnew != 0) {
3158 /*
3159 * Add new SAH into SADB.
3160 *
3161 * XXXAE: we can serialize key_add and key_getspi calls, so
3162 * several threads will not fight in the race.
3163 * Otherwise we should check under SAHTREE lock, that this
3164 * SAH would not added twice.
3165 */
3166 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain);
3167 /* Add new SAH into hash by addresses */
3168 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash);
3169 /* Now we are linked in the chain */
3170 sah->state = SADB_SASTATE_MATURE;
3171 /*
3172 * SAV references this new SAH.
3173 * In case of existing SAH we reuse reference
3174 * from key_getsah().
3175 */
3176 SAH_ADDREF(sah);
3177 }
3178 /* Link SAV with SAH */
3179 if (sav->state == SADB_SASTATE_MATURE) {
3180 TAILQ_INSERT_HEAD(&sah->savtree_alive, sav, chain);
3181 ipsec_accel_sa_newkey(sav);
3182 } else
3183 TAILQ_INSERT_HEAD(&sah->savtree_larval, sav, chain);
3184 /* Add SAV into SPI hash */
3185 LIST_INSERT_HEAD(SAVHASH_HASH(sav->spi), sav, spihash);
3186 SAHTREE_WUNLOCK();
3187 *errp = 0; /* success */
3188 done:
3189 if (*errp != 0) {
3190 if (sav != NULL) {
3191 if (sav->lock != NULL) {
3192 rm_destroy(sav->lock);
3193 free(sav->lock, M_IPSEC_MISC);
3194 }
3195 if (sav->lft_c != NULL)
3196 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c);
3197 #ifdef IPSEC_OFFLOAD
3198 if (sav->accel_lft_sw != NULL)
3199 uma_zfree_pcpu(ipsec_key_lft_zone,
3200 sav->accel_lft_sw);
3201 free(__DECONST(char *, sav->accel_ifname),
3202 M_IPSEC_MISC);
3203 #endif
3204 free(sav, M_IPSEC_SA), sav = NULL;
3205 }
3206 if (sah != NULL)
3207 key_freesah(&sah);
3208 if (*errp == ENOBUFS) {
3209 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
3210 __func__));
3211 PFKEYSTAT_INC(in_nomem);
3212 }
3213 }
3214 return (sav);
3215 }
3216
3217 /*
3218 * free() SA variable entry.
3219 */
3220 static void
key_cleansav(struct secasvar * sav)3221 key_cleansav(struct secasvar *sav)
3222 {
3223
3224 if (sav->natt != NULL) {
3225 free(sav->natt, M_IPSEC_MISC);
3226 sav->natt = NULL;
3227 }
3228 if (sav->flags & SADB_X_EXT_F_CLONED)
3229 return;
3230 if (sav->tdb_xform != NULL) {
3231 sav->tdb_xform->xf_cleanup(sav);
3232 sav->tdb_xform = NULL;
3233 }
3234 if (sav->key_auth != NULL) {
3235 zfree(sav->key_auth->key_data, M_IPSEC_MISC);
3236 free(sav->key_auth, M_IPSEC_MISC);
3237 sav->key_auth = NULL;
3238 }
3239 if (sav->key_enc != NULL) {
3240 zfree(sav->key_enc->key_data, M_IPSEC_MISC);
3241 free(sav->key_enc, M_IPSEC_MISC);
3242 sav->key_enc = NULL;
3243 }
3244 if (sav->replay != NULL) {
3245 mtx_destroy(&sav->replay->lock);
3246 if (sav->replay->bitmap != NULL)
3247 free(sav->replay->bitmap, M_IPSEC_MISC);
3248 free(sav->replay, M_IPSEC_MISC);
3249 sav->replay = NULL;
3250 }
3251 if (sav->lft_h != NULL) {
3252 free(sav->lft_h, M_IPSEC_MISC);
3253 sav->lft_h = NULL;
3254 }
3255 if (sav->lft_s != NULL) {
3256 free(sav->lft_s, M_IPSEC_MISC);
3257 sav->lft_s = NULL;
3258 }
3259 }
3260
3261 /*
3262 * free() SA variable entry.
3263 */
3264 static void
key_delsav(struct secasvar * sav)3265 key_delsav(struct secasvar *sav)
3266 {
3267 IPSEC_ASSERT(sav != NULL, ("null sav"));
3268 IPSEC_ASSERT(sav->state == SADB_SASTATE_DEAD,
3269 ("attempt to free non DEAD SA %p", sav));
3270 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0",
3271 sav->refcnt));
3272 #ifdef IPSEC_OFFLOAD
3273 KASSERT(CK_LIST_EMPTY(&sav->accel_ifps),
3274 ("key_unlinksav: sav %p still offloaded", sav));
3275 #endif
3276
3277 /*
3278 * SA must be unlinked from the chain and hashtbl.
3279 * If SA was cloned, we leave all fields untouched,
3280 * except NAT-T config.
3281 */
3282 key_cleansav(sav);
3283 if ((sav->flags & SADB_X_EXT_F_CLONED) == 0) {
3284 rm_destroy(sav->lock);
3285 free(sav->lock, M_IPSEC_MISC);
3286 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c);
3287 }
3288 #ifdef IPSEC_OFFLOAD
3289 /* XXXKIB should this be moved to key_cleansav()? */
3290 uma_zfree_pcpu(ipsec_key_lft_zone, sav->accel_lft_sw);
3291 free(__DECONST(char *, sav->accel_ifname), M_IPSEC_MISC);
3292 #endif
3293 free(sav, M_IPSEC_SA);
3294 }
3295
3296 /*
3297 * search SAH.
3298 * OUT:
3299 * NULL : not found
3300 * others : found, referenced pointer to a SAH.
3301 */
3302 static struct secashead *
key_getsah(struct secasindex * saidx)3303 key_getsah(struct secasindex *saidx)
3304 {
3305 SAHTREE_RLOCK_TRACKER;
3306 struct secashead *sah;
3307
3308 SAHTREE_RLOCK();
3309 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) {
3310 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID) != 0) {
3311 SAH_ADDREF(sah);
3312 break;
3313 }
3314 }
3315 SAHTREE_RUNLOCK();
3316 return (sah);
3317 }
3318
3319 /*
3320 * Check not to be duplicated SPI.
3321 * OUT:
3322 * 0 : not found
3323 * 1 : found SA with given SPI.
3324 */
3325 static int
key_checkspidup(uint32_t spi)3326 key_checkspidup(uint32_t spi)
3327 {
3328 SAHTREE_RLOCK_TRACKER;
3329 struct secasvar *sav;
3330
3331 /* Assume SPI is in network byte order */
3332 SAHTREE_RLOCK();
3333 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) {
3334 if (sav->spi == spi)
3335 break;
3336 }
3337 SAHTREE_RUNLOCK();
3338 return (sav != NULL);
3339 }
3340
3341 /*
3342 * Search SA by SPI.
3343 * OUT:
3344 * NULL : not found
3345 * others : found, referenced pointer to a SA.
3346 */
3347 static struct secasvar *
key_getsavbyspi(uint32_t spi)3348 key_getsavbyspi(uint32_t spi)
3349 {
3350 SAHTREE_RLOCK_TRACKER;
3351 struct secasvar *sav;
3352
3353 /* Assume SPI is in network byte order */
3354 SAHTREE_RLOCK();
3355 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) {
3356 if (sav->spi != spi)
3357 continue;
3358 SAV_ADDREF(sav);
3359 break;
3360 }
3361 SAHTREE_RUNLOCK();
3362 return (sav);
3363 }
3364
3365 static int
key_updatelifetimes(struct secasvar * sav,const struct sadb_msghdr * mhp)3366 key_updatelifetimes(struct secasvar *sav, const struct sadb_msghdr *mhp)
3367 {
3368 struct seclifetime *lft_h, *lft_s, *tmp;
3369
3370 /* Lifetime extension is optional, check that it is present. */
3371 if (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) &&
3372 SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) {
3373 /*
3374 * In case of SADB_UPDATE we may need to change
3375 * existing lifetimes.
3376 */
3377 if (sav->state == SADB_SASTATE_MATURE) {
3378 lft_h = lft_s = NULL;
3379 goto reset;
3380 }
3381 return (0);
3382 }
3383 /* Both HARD and SOFT extensions must present */
3384 if ((SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) &&
3385 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) ||
3386 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) &&
3387 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) {
3388 ipseclog((LOG_DEBUG,
3389 "%s: invalid message: missing required header.\n",
3390 __func__));
3391 return (EINVAL);
3392 }
3393 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD) ||
3394 SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_SOFT)) {
3395 ipseclog((LOG_DEBUG,
3396 "%s: invalid message: wrong header size.\n", __func__));
3397 return (EINVAL);
3398 }
3399 lft_h = key_dup_lifemsg((const struct sadb_lifetime *)
3400 mhp->ext[SADB_EXT_LIFETIME_HARD], M_IPSEC_MISC);
3401 if (lft_h == NULL) {
3402 PFKEYSTAT_INC(in_nomem);
3403 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
3404 return (ENOBUFS);
3405 }
3406 lft_s = key_dup_lifemsg((const struct sadb_lifetime *)
3407 mhp->ext[SADB_EXT_LIFETIME_SOFT], M_IPSEC_MISC);
3408 if (lft_s == NULL) {
3409 PFKEYSTAT_INC(in_nomem);
3410 free(lft_h, M_IPSEC_MISC);
3411 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
3412 return (ENOBUFS);
3413 }
3414 reset:
3415 if (sav->state != SADB_SASTATE_LARVAL) {
3416 /*
3417 * key_update() holds reference to this SA,
3418 * so it won't be deleted in meanwhile.
3419 */
3420 SECASVAR_WLOCK(sav);
3421 tmp = sav->lft_h;
3422 sav->lft_h = lft_h;
3423 lft_h = tmp;
3424
3425 tmp = sav->lft_s;
3426 sav->lft_s = lft_s;
3427 lft_s = tmp;
3428 SECASVAR_WUNLOCK(sav);
3429 if (lft_h != NULL)
3430 free(lft_h, M_IPSEC_MISC);
3431 if (lft_s != NULL)
3432 free(lft_s, M_IPSEC_MISC);
3433 return (0);
3434 }
3435 /* We can update lifetime without holding a lock */
3436 IPSEC_ASSERT(sav->lft_h == NULL, ("lft_h is already initialized\n"));
3437 IPSEC_ASSERT(sav->lft_s == NULL, ("lft_s is already initialized\n"));
3438 sav->lft_h = lft_h;
3439 sav->lft_s = lft_s;
3440 return (0);
3441 }
3442
3443 /*
3444 * copy SA values from PF_KEY message except *SPI, SEQ, PID and TYPE*.
3445 * You must update these if need. Expects only LARVAL SAs.
3446 * OUT: 0: success.
3447 * !0: failure.
3448 */
3449 static int
key_setsaval(struct secasvar * sav,const struct sadb_msghdr * mhp)3450 key_setsaval(struct secasvar *sav, const struct sadb_msghdr *mhp)
3451 {
3452 const struct sadb_sa *sa0;
3453 const struct sadb_key *key0;
3454 uint32_t replay;
3455 size_t len;
3456 int error;
3457
3458 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
3459 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
3460 IPSEC_ASSERT(sav->state == SADB_SASTATE_LARVAL,
3461 ("Attempt to update non LARVAL SA"));
3462
3463 /* XXX rewrite */
3464 error = key_setident(sav->sah, mhp);
3465 if (error != 0)
3466 goto fail;
3467
3468 /* SA */
3469 if (!SADB_CHECKHDR(mhp, SADB_EXT_SA)) {
3470 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) {
3471 error = EINVAL;
3472 goto fail;
3473 }
3474 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
3475 sav->alg_auth = sa0->sadb_sa_auth;
3476 sav->alg_enc = sa0->sadb_sa_encrypt;
3477 sav->flags = sa0->sadb_sa_flags;
3478 if ((sav->flags & SADB_KEY_FLAGS_MAX) != sav->flags) {
3479 ipseclog((LOG_DEBUG,
3480 "%s: invalid sa_flags 0x%08x.\n", __func__,
3481 sav->flags));
3482 error = EINVAL;
3483 goto fail;
3484 }
3485
3486 /* Optional replay window */
3487 replay = 0;
3488 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0)
3489 replay = sa0->sadb_sa_replay;
3490 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_SA_REPLAY)) {
3491 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA_REPLAY)) {
3492 error = EINVAL;
3493 goto fail;
3494 }
3495 replay = ((const struct sadb_x_sa_replay *)
3496 mhp->ext[SADB_X_EXT_SA_REPLAY])->sadb_x_sa_replay_replay;
3497
3498 if (replay > UINT32_MAX - 32) {
3499 ipseclog((LOG_DEBUG,
3500 "%s: replay window too big.\n", __func__));
3501 error = EINVAL;
3502 goto fail;
3503 }
3504
3505 replay = (replay + 7) >> 3;
3506 }
3507
3508 sav->replay = malloc(sizeof(struct secreplay), M_IPSEC_MISC,
3509 M_NOWAIT | M_ZERO);
3510 if (sav->replay == NULL) {
3511 PFKEYSTAT_INC(in_nomem);
3512 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
3513 __func__));
3514 error = ENOBUFS;
3515 goto fail;
3516 }
3517 mtx_init(&sav->replay->lock, "ipsec replay", NULL, MTX_DEF);
3518
3519 if (replay != 0) {
3520 /* number of 32b blocks to be allocated */
3521 uint32_t bitmap_size;
3522
3523 /* RFC 6479:
3524 * - the allocated replay window size must be
3525 * a power of two.
3526 * - use an extra 32b block as a redundant window.
3527 */
3528 bitmap_size = 1;
3529 while (replay + 4 > bitmap_size)
3530 bitmap_size <<= 1;
3531 bitmap_size = bitmap_size / 4;
3532
3533 sav->replay->bitmap = malloc(
3534 bitmap_size * sizeof(uint32_t), M_IPSEC_MISC,
3535 M_NOWAIT | M_ZERO);
3536 if (sav->replay->bitmap == NULL) {
3537 PFKEYSTAT_INC(in_nomem);
3538 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
3539 __func__));
3540 error = ENOBUFS;
3541 goto fail;
3542 }
3543 sav->replay->bitmap_size = bitmap_size;
3544 sav->replay->wsize = replay;
3545 }
3546 }
3547
3548 /* Authentication keys */
3549 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) {
3550 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH)) {
3551 error = EINVAL;
3552 goto fail;
3553 }
3554 error = 0;
3555 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
3556 len = mhp->extlen[SADB_EXT_KEY_AUTH];
3557 switch (mhp->msg->sadb_msg_satype) {
3558 case SADB_SATYPE_AH:
3559 case SADB_SATYPE_ESP:
3560 case SADB_X_SATYPE_TCPSIGNATURE:
3561 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3562 sav->alg_auth != SADB_X_AALG_NULL)
3563 error = EINVAL;
3564 if (key0->sadb_key_bits == 0 || (sizeof(struct sadb_key) +
3565 (key0->sadb_key_bits >> 3)) > len)
3566 error = EINVAL;
3567 break;
3568 case SADB_X_SATYPE_IPCOMP:
3569 default:
3570 error = EINVAL;
3571 break;
3572 }
3573 if (error) {
3574 ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n",
3575 __func__));
3576 goto fail;
3577 }
3578
3579 sav->key_auth = key_dup_keymsg(key0, M_IPSEC_MISC);
3580 if (sav->key_auth == NULL ) {
3581 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
3582 __func__));
3583 PFKEYSTAT_INC(in_nomem);
3584 error = ENOBUFS;
3585 goto fail;
3586 }
3587 }
3588
3589 /* Encryption key */
3590 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) {
3591 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT)) {
3592 error = EINVAL;
3593 goto fail;
3594 }
3595 error = 0;
3596 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
3597 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
3598 switch (mhp->msg->sadb_msg_satype) {
3599 case SADB_SATYPE_ESP:
3600 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3601 sav->alg_enc != SADB_EALG_NULL) {
3602 error = EINVAL;
3603 break;
3604 }
3605 if (key0->sadb_key_bits == 0 || (sizeof(struct sadb_key) +
3606 (key0->sadb_key_bits >> 3)) > len) {
3607 error = EINVAL;
3608 break;
3609 }
3610 sav->key_enc = key_dup_keymsg(key0, M_IPSEC_MISC);
3611 if (sav->key_enc == NULL) {
3612 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
3613 __func__));
3614 PFKEYSTAT_INC(in_nomem);
3615 error = ENOBUFS;
3616 goto fail;
3617 }
3618 break;
3619 case SADB_X_SATYPE_IPCOMP:
3620 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
3621 error = EINVAL;
3622 sav->key_enc = NULL; /*just in case*/
3623 break;
3624 case SADB_SATYPE_AH:
3625 case SADB_X_SATYPE_TCPSIGNATURE:
3626 default:
3627 error = EINVAL;
3628 break;
3629 }
3630 if (error) {
3631 ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n",
3632 __func__));
3633 goto fail;
3634 }
3635 }
3636
3637 /* set iv */
3638 sav->ivlen = 0;
3639 switch (mhp->msg->sadb_msg_satype) {
3640 case SADB_SATYPE_AH:
3641 if (sav->flags & SADB_X_EXT_DERIV) {
3642 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) "
3643 "given to AH SA.\n", __func__));
3644 error = EINVAL;
3645 goto fail;
3646 }
3647 if (sav->alg_enc != SADB_EALG_NONE) {
3648 ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
3649 "mismated.\n", __func__));
3650 error = EINVAL;
3651 goto fail;
3652 }
3653 error = xform_init(sav, XF_AH);
3654 break;
3655 case SADB_SATYPE_ESP:
3656 if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) ==
3657 (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) {
3658 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) "
3659 "given to old-esp.\n", __func__));
3660 error = EINVAL;
3661 goto fail;
3662 }
3663 error = xform_init(sav, XF_ESP);
3664 break;
3665 case SADB_X_SATYPE_IPCOMP:
3666 if (sav->alg_auth != SADB_AALG_NONE) {
3667 ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
3668 "mismated.\n", __func__));
3669 error = EINVAL;
3670 goto fail;
3671 }
3672 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 &&
3673 ntohl(sav->spi) >= 0x10000) {
3674 ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n",
3675 __func__));
3676 error = EINVAL;
3677 goto fail;
3678 }
3679 error = xform_init(sav, XF_IPCOMP);
3680 break;
3681 case SADB_X_SATYPE_TCPSIGNATURE:
3682 if (sav->alg_enc != SADB_EALG_NONE) {
3683 ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
3684 "mismated.\n", __func__));
3685 error = EINVAL;
3686 goto fail;
3687 }
3688 error = xform_init(sav, XF_TCPSIGNATURE);
3689 break;
3690 default:
3691 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__));
3692 error = EPROTONOSUPPORT;
3693 goto fail;
3694 }
3695 if (error) {
3696 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n",
3697 __func__, mhp->msg->sadb_msg_satype));
3698 goto fail;
3699 }
3700
3701 /* Handle NAT-T headers */
3702 error = key_setnatt(sav, mhp);
3703 if (error != 0)
3704 goto fail;
3705
3706 /* Initialize lifetime for CURRENT */
3707 sav->firstused = 0;
3708 sav->created = time_second;
3709
3710 /* lifetimes for HARD and SOFT */
3711 error = key_updatelifetimes(sav, mhp);
3712 if (error == 0)
3713 return (0);
3714 fail:
3715 key_cleansav(sav);
3716 return (error);
3717 }
3718
3719 /*
3720 * subroutine for SADB_GET and SADB_DUMP.
3721 */
3722 static struct mbuf *
key_setdumpsa(struct secasvar * sav,uint8_t type,uint8_t satype,uint32_t seq,uint32_t pid,struct rm_priotracker * sahtree_trackerp)3723 key_setdumpsa(struct secasvar *sav, uint8_t type, uint8_t satype,
3724 uint32_t seq, uint32_t pid, struct rm_priotracker *sahtree_trackerp)
3725 {
3726 struct seclifetime lft_c;
3727 struct mbuf *result = NULL, *tres = NULL, *m;
3728 int i, dumporder[] = {
3729 SADB_EXT_SA, SADB_X_EXT_SA2, SADB_X_EXT_SA_REPLAY,
3730 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
3731 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
3732 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY,
3733 SADB_EXT_KEY_AUTH, SADB_EXT_KEY_ENCRYPT,
3734 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST,
3735 SADB_EXT_SENSITIVITY,
3736 SADB_X_EXT_NAT_T_TYPE,
3737 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT,
3738 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR,
3739 SADB_X_EXT_NAT_T_FRAG,
3740 #ifdef IPSEC_OFFLOAD
3741 SADB_X_EXT_LFT_CUR_SW_OFFL, SADB_X_EXT_LFT_CUR_HW_OFFL,
3742 SADB_X_EXT_IF_HW_OFFL,
3743 #endif
3744 };
3745 uint32_t replay_count;
3746 #ifdef IPSEC_OFFLOAD
3747 int error;
3748 #endif
3749
3750 SECASVAR_RLOCK_TRACKER;
3751
3752 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
3753 if (m == NULL)
3754 goto fail;
3755 result = m;
3756
3757 for (i = nitems(dumporder) - 1; i >= 0; i--) {
3758 m = NULL;
3759 switch (dumporder[i]) {
3760 case SADB_EXT_SA:
3761 m = key_setsadbsa(sav);
3762 if (!m)
3763 goto fail;
3764 break;
3765
3766 case SADB_X_EXT_SA2: {
3767 SECASVAR_RLOCK(sav);
3768 replay_count = sav->replay ? sav->replay->count : 0;
3769 SECASVAR_RUNLOCK(sav);
3770 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count,
3771 sav->sah->saidx.reqid);
3772 if (!m)
3773 goto fail;
3774 break;
3775 }
3776 case SADB_X_EXT_SA_REPLAY:
3777 if (sav->replay == NULL ||
3778 sav->replay->wsize <= UINT8_MAX)
3779 continue;
3780
3781 m = key_setsadbxsareplay(sav->replay->wsize);
3782 if (!m)
3783 goto fail;
3784 break;
3785
3786 case SADB_EXT_ADDRESS_SRC:
3787 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3788 &sav->sah->saidx.src.sa,
3789 FULLMASK, IPSEC_ULPROTO_ANY);
3790 if (!m)
3791 goto fail;
3792 break;
3793
3794 case SADB_EXT_ADDRESS_DST:
3795 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3796 &sav->sah->saidx.dst.sa,
3797 FULLMASK, IPSEC_ULPROTO_ANY);
3798 if (!m)
3799 goto fail;
3800 break;
3801
3802 case SADB_EXT_KEY_AUTH:
3803 if (!sav->key_auth)
3804 continue;
3805 m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH);
3806 if (!m)
3807 goto fail;
3808 break;
3809
3810 case SADB_EXT_KEY_ENCRYPT:
3811 if (!sav->key_enc)
3812 continue;
3813 m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT);
3814 if (!m)
3815 goto fail;
3816 break;
3817
3818 case SADB_EXT_LIFETIME_CURRENT:
3819 lft_c.addtime = sav->created;
3820 lft_c.allocations = (uint32_t)counter_u64_fetch(
3821 sav->lft_c_allocations);
3822 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes);
3823 lft_c.usetime = sav->firstused;
3824 m = key_setlifetime(&lft_c, SADB_EXT_LIFETIME_CURRENT);
3825 if (!m)
3826 goto fail;
3827 break;
3828
3829 case SADB_EXT_LIFETIME_HARD:
3830 if (!sav->lft_h)
3831 continue;
3832 m = key_setlifetime(sav->lft_h,
3833 SADB_EXT_LIFETIME_HARD);
3834 if (!m)
3835 goto fail;
3836 break;
3837
3838 case SADB_EXT_LIFETIME_SOFT:
3839 if (!sav->lft_s)
3840 continue;
3841 m = key_setlifetime(sav->lft_s,
3842 SADB_EXT_LIFETIME_SOFT);
3843
3844 if (!m)
3845 goto fail;
3846 break;
3847
3848 case SADB_X_EXT_NAT_T_TYPE:
3849 if (sav->natt == NULL)
3850 continue;
3851 m = key_setsadbxtype(UDP_ENCAP_ESPINUDP);
3852 if (!m)
3853 goto fail;
3854 break;
3855
3856 case SADB_X_EXT_NAT_T_DPORT:
3857 if (sav->natt == NULL)
3858 continue;
3859 m = key_setsadbxport(sav->natt->dport,
3860 SADB_X_EXT_NAT_T_DPORT);
3861 if (!m)
3862 goto fail;
3863 break;
3864
3865 case SADB_X_EXT_NAT_T_SPORT:
3866 if (sav->natt == NULL)
3867 continue;
3868 m = key_setsadbxport(sav->natt->sport,
3869 SADB_X_EXT_NAT_T_SPORT);
3870 if (!m)
3871 goto fail;
3872 break;
3873
3874 case SADB_X_EXT_NAT_T_OAI:
3875 if (sav->natt == NULL ||
3876 (sav->natt->flags & IPSEC_NATT_F_OAI) == 0)
3877 continue;
3878 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAI,
3879 &sav->natt->oai.sa, FULLMASK, IPSEC_ULPROTO_ANY);
3880 if (!m)
3881 goto fail;
3882 break;
3883 case SADB_X_EXT_NAT_T_OAR:
3884 if (sav->natt == NULL ||
3885 (sav->natt->flags & IPSEC_NATT_F_OAR) == 0)
3886 continue;
3887 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAR,
3888 &sav->natt->oar.sa, FULLMASK, IPSEC_ULPROTO_ANY);
3889 if (!m)
3890 goto fail;
3891 break;
3892 case SADB_X_EXT_NAT_T_FRAG:
3893 /* We do not (yet) support those. */
3894 continue;
3895 #ifdef IPSEC_OFFLOAD
3896 case SADB_X_EXT_LFT_CUR_SW_OFFL:
3897 if (!ipsec_accel_is_accel_sav(sav))
3898 continue;
3899 SAV_ADDREF(sav);
3900 error = ipsec_accel_sa_lifetime_op(sav, &lft_c,
3901 NULL, IF_SA_CNT_TOTAL_SW_VAL, sahtree_trackerp);
3902 if (error != 0) {
3903 m = NULL;
3904 goto fail;
3905 }
3906 m = key_setlifetime(&lft_c, dumporder[i]);
3907 if (m == NULL)
3908 goto fail;
3909 key_freesav(&sav);
3910 if (sav == NULL) {
3911 m_freem(m);
3912 goto fail;
3913 }
3914 break;
3915 case SADB_X_EXT_LFT_CUR_HW_OFFL:
3916 if (!ipsec_accel_is_accel_sav(sav))
3917 continue;
3918 memset(&lft_c, 0, sizeof(lft_c));
3919 lft_c.bytes = sav->accel_hw_octets;
3920 lft_c.allocations = sav->accel_hw_allocs;
3921 m = key_setlifetime(&lft_c, dumporder[i]);
3922 if (m == NULL)
3923 goto fail;
3924 break;
3925 case SADB_X_EXT_IF_HW_OFFL:
3926 if (!ipsec_accel_is_accel_sav(sav))
3927 continue;
3928 m = ipsec_accel_key_setaccelif(sav);
3929 if (m == NULL)
3930 continue; /* benigh */
3931 break;
3932 #endif
3933
3934 case SADB_EXT_ADDRESS_PROXY:
3935 case SADB_EXT_IDENTITY_SRC:
3936 case SADB_EXT_IDENTITY_DST:
3937 /* XXX: should we brought from SPD ? */
3938 case SADB_EXT_SENSITIVITY:
3939 default:
3940 continue;
3941 }
3942
3943 if (!m)
3944 goto fail;
3945 if (tres)
3946 m_cat(m, tres);
3947 tres = m;
3948 }
3949
3950 m_cat(result, tres);
3951 tres = NULL;
3952 if (result->m_len < sizeof(struct sadb_msg)) {
3953 result = m_pullup(result, sizeof(struct sadb_msg));
3954 if (result == NULL)
3955 goto fail;
3956 }
3957
3958 result->m_pkthdr.len = 0;
3959 for (m = result; m; m = m->m_next)
3960 result->m_pkthdr.len += m->m_len;
3961
3962 mtod(result, struct sadb_msg *)->sadb_msg_len =
3963 PFKEY_UNIT64(result->m_pkthdr.len);
3964
3965 return result;
3966
3967 fail:
3968 m_freem(result);
3969 m_freem(tres);
3970 return NULL;
3971 }
3972
3973 /*
3974 * set data into sadb_msg.
3975 */
3976 static struct mbuf *
key_setsadbmsg(u_int8_t type,u_int16_t tlen,u_int8_t satype,u_int32_t seq,pid_t pid,u_int16_t reserved)3977 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq,
3978 pid_t pid, u_int16_t reserved)
3979 {
3980 struct mbuf *m;
3981 struct sadb_msg *p;
3982 int len;
3983
3984 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
3985 if (len > MCLBYTES)
3986 return NULL;
3987 m = key_mget(len);
3988 if (m == NULL)
3989 return NULL;
3990 m->m_pkthdr.len = m->m_len = len;
3991 m->m_next = NULL;
3992
3993 p = mtod(m, struct sadb_msg *);
3994
3995 bzero(p, len);
3996 p->sadb_msg_version = PF_KEY_V2;
3997 p->sadb_msg_type = type;
3998 p->sadb_msg_errno = 0;
3999 p->sadb_msg_satype = satype;
4000 p->sadb_msg_len = PFKEY_UNIT64(tlen);
4001 p->sadb_msg_reserved = reserved;
4002 p->sadb_msg_seq = seq;
4003 p->sadb_msg_pid = (u_int32_t)pid;
4004
4005 return m;
4006 }
4007
4008 /*
4009 * copy secasvar data into sadb_address.
4010 */
4011 static struct mbuf *
key_setsadbsa(struct secasvar * sav)4012 key_setsadbsa(struct secasvar *sav)
4013 {
4014 struct mbuf *m;
4015 struct sadb_sa *p;
4016 int len;
4017
4018 len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
4019 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
4020 if (m == NULL)
4021 return (NULL);
4022 m_align(m, len);
4023 m->m_len = len;
4024 p = mtod(m, struct sadb_sa *);
4025 bzero(p, len);
4026 p->sadb_sa_len = PFKEY_UNIT64(len);
4027 p->sadb_sa_exttype = SADB_EXT_SA;
4028 p->sadb_sa_spi = sav->spi;
4029 p->sadb_sa_replay = sav->replay ?
4030 (sav->replay->wsize > UINT8_MAX ? UINT8_MAX :
4031 sav->replay->wsize): 0;
4032 p->sadb_sa_state = sav->state;
4033 p->sadb_sa_auth = sav->alg_auth;
4034 p->sadb_sa_encrypt = sav->alg_enc;
4035 p->sadb_sa_flags = sav->flags & SADB_KEY_FLAGS_MAX;
4036 return (m);
4037 }
4038
4039 /*
4040 * set data into sadb_address.
4041 */
4042 static struct mbuf *
key_setsadbaddr(u_int16_t exttype,const struct sockaddr * saddr,u_int8_t prefixlen,u_int16_t ul_proto)4043 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr,
4044 u_int8_t prefixlen, u_int16_t ul_proto)
4045 {
4046 struct mbuf *m;
4047 struct sadb_address *p;
4048 size_t len;
4049
4050 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
4051 PFKEY_ALIGN8(saddr->sa_len);
4052 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
4053 if (m == NULL)
4054 return (NULL);
4055 m_align(m, len);
4056 m->m_len = len;
4057 p = mtod(m, struct sadb_address *);
4058
4059 bzero(p, len);
4060 p->sadb_address_len = PFKEY_UNIT64(len);
4061 p->sadb_address_exttype = exttype;
4062 p->sadb_address_proto = ul_proto;
4063 if (prefixlen == FULLMASK) {
4064 switch (saddr->sa_family) {
4065 case AF_INET:
4066 prefixlen = sizeof(struct in_addr) << 3;
4067 break;
4068 case AF_INET6:
4069 prefixlen = sizeof(struct in6_addr) << 3;
4070 break;
4071 default:
4072 ; /*XXX*/
4073 }
4074 }
4075 p->sadb_address_prefixlen = prefixlen;
4076 p->sadb_address_reserved = 0;
4077
4078 bcopy(saddr,
4079 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
4080 saddr->sa_len);
4081
4082 return m;
4083 }
4084
4085 /*
4086 * set data into sadb_x_sa2.
4087 */
4088 static struct mbuf *
key_setsadbxsa2(u_int8_t mode,u_int32_t seq,u_int32_t reqid)4089 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid)
4090 {
4091 struct mbuf *m;
4092 struct sadb_x_sa2 *p;
4093 size_t len;
4094
4095 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
4096 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
4097 if (m == NULL)
4098 return (NULL);
4099 m_align(m, len);
4100 m->m_len = len;
4101 p = mtod(m, struct sadb_x_sa2 *);
4102
4103 bzero(p, len);
4104 p->sadb_x_sa2_len = PFKEY_UNIT64(len);
4105 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
4106 p->sadb_x_sa2_mode = mode;
4107 p->sadb_x_sa2_reserved1 = 0;
4108 p->sadb_x_sa2_reserved2 = 0;
4109 p->sadb_x_sa2_sequence = seq;
4110 p->sadb_x_sa2_reqid = reqid;
4111
4112 return m;
4113 }
4114
4115 /*
4116 * Set data into sadb_x_sa_replay.
4117 */
4118 static struct mbuf *
key_setsadbxsareplay(u_int32_t replay)4119 key_setsadbxsareplay(u_int32_t replay)
4120 {
4121 struct mbuf *m;
4122 struct sadb_x_sa_replay *p;
4123 size_t len;
4124
4125 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa_replay));
4126 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
4127 if (m == NULL)
4128 return (NULL);
4129 m_align(m, len);
4130 m->m_len = len;
4131 p = mtod(m, struct sadb_x_sa_replay *);
4132
4133 bzero(p, len);
4134 p->sadb_x_sa_replay_len = PFKEY_UNIT64(len);
4135 p->sadb_x_sa_replay_exttype = SADB_X_EXT_SA_REPLAY;
4136 p->sadb_x_sa_replay_replay = (replay << 3);
4137
4138 return m;
4139 }
4140
4141 /*
4142 * Set a type in sadb_x_nat_t_type.
4143 */
4144 static struct mbuf *
key_setsadbxtype(u_int16_t type)4145 key_setsadbxtype(u_int16_t type)
4146 {
4147 struct mbuf *m;
4148 size_t len;
4149 struct sadb_x_nat_t_type *p;
4150
4151 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type));
4152
4153 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
4154 if (m == NULL)
4155 return (NULL);
4156 m_align(m, len);
4157 m->m_len = len;
4158 p = mtod(m, struct sadb_x_nat_t_type *);
4159
4160 bzero(p, len);
4161 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len);
4162 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
4163 p->sadb_x_nat_t_type_type = type;
4164
4165 return (m);
4166 }
4167 /*
4168 * Set a port in sadb_x_nat_t_port.
4169 * In contrast to default RFC 2367 behaviour, port is in network byte order.
4170 */
4171 static struct mbuf *
key_setsadbxport(u_int16_t port,u_int16_t type)4172 key_setsadbxport(u_int16_t port, u_int16_t type)
4173 {
4174 struct mbuf *m;
4175 size_t len;
4176 struct sadb_x_nat_t_port *p;
4177
4178 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port));
4179
4180 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
4181 if (m == NULL)
4182 return (NULL);
4183 m_align(m, len);
4184 m->m_len = len;
4185 p = mtod(m, struct sadb_x_nat_t_port *);
4186
4187 bzero(p, len);
4188 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len);
4189 p->sadb_x_nat_t_port_exttype = type;
4190 p->sadb_x_nat_t_port_port = port;
4191
4192 return (m);
4193 }
4194
4195 /*
4196 * Get port from sockaddr. Port is in network byte order.
4197 */
4198 uint16_t
key_portfromsaddr(struct sockaddr * sa)4199 key_portfromsaddr(struct sockaddr *sa)
4200 {
4201
4202 switch (sa->sa_family) {
4203 #ifdef INET
4204 case AF_INET:
4205 return ((struct sockaddr_in *)sa)->sin_port;
4206 #endif
4207 #ifdef INET6
4208 case AF_INET6:
4209 return ((struct sockaddr_in6 *)sa)->sin6_port;
4210 #endif
4211 }
4212 return (0);
4213 }
4214
4215 /*
4216 * Set port in struct sockaddr. Port is in network byte order.
4217 */
4218 void
key_porttosaddr(struct sockaddr * sa,uint16_t port)4219 key_porttosaddr(struct sockaddr *sa, uint16_t port)
4220 {
4221
4222 switch (sa->sa_family) {
4223 #ifdef INET
4224 case AF_INET:
4225 ((struct sockaddr_in *)sa)->sin_port = port;
4226 break;
4227 #endif
4228 #ifdef INET6
4229 case AF_INET6:
4230 ((struct sockaddr_in6 *)sa)->sin6_port = port;
4231 break;
4232 #endif
4233 default:
4234 ipseclog((LOG_DEBUG, "%s: unexpected address family %d.\n",
4235 __func__, sa->sa_family));
4236 break;
4237 }
4238 }
4239
4240 /*
4241 * set data into sadb_x_policy
4242 */
4243 static struct mbuf *
key_setsadbxpolicy(u_int16_t type,u_int8_t dir,u_int32_t id,u_int32_t priority)4244 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id, u_int32_t priority)
4245 {
4246 struct mbuf *m;
4247 struct sadb_x_policy *p;
4248 size_t len;
4249
4250 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
4251 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
4252 if (m == NULL)
4253 return (NULL);
4254 m_align(m, len);
4255 m->m_len = len;
4256 p = mtod(m, struct sadb_x_policy *);
4257
4258 bzero(p, len);
4259 p->sadb_x_policy_len = PFKEY_UNIT64(len);
4260 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
4261 p->sadb_x_policy_type = type;
4262 p->sadb_x_policy_dir = dir;
4263 p->sadb_x_policy_id = id;
4264 p->sadb_x_policy_priority = priority;
4265
4266 return m;
4267 }
4268
4269 /* %%% utilities */
4270 /* Take a key message (sadb_key) from the socket and turn it into one
4271 * of the kernel's key structures (seckey).
4272 *
4273 * IN: pointer to the src
4274 * OUT: NULL no more memory
4275 */
4276 struct seckey *
key_dup_keymsg(const struct sadb_key * src,struct malloc_type * type)4277 key_dup_keymsg(const struct sadb_key *src, struct malloc_type *type)
4278 {
4279 struct seckey *dst;
4280 size_t len;
4281
4282 dst = malloc(sizeof(*dst), type, M_NOWAIT);
4283 if (dst != NULL) {
4284 len = src->sadb_key_bits >> 3;
4285 dst->bits = src->sadb_key_bits;
4286 dst->key_data = malloc(len, type, M_NOWAIT);
4287 if (dst->key_data != NULL) {
4288 bcopy((const char *)(src + 1), dst->key_data, len);
4289 } else {
4290 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
4291 __func__));
4292 free(dst, type);
4293 dst = NULL;
4294 }
4295 } else {
4296 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
4297 __func__));
4298 }
4299 return (dst);
4300 }
4301
4302 /* Take a lifetime message (sadb_lifetime) passed in on a socket and
4303 * turn it into one of the kernel's lifetime structures (seclifetime).
4304 *
4305 * IN: pointer to the destination, source and malloc type
4306 * OUT: NULL, no more memory
4307 */
4308
4309 static struct seclifetime *
key_dup_lifemsg(const struct sadb_lifetime * src,struct malloc_type * type)4310 key_dup_lifemsg(const struct sadb_lifetime *src, struct malloc_type *type)
4311 {
4312 struct seclifetime *dst;
4313
4314 dst = malloc(sizeof(*dst), type, M_NOWAIT);
4315 if (dst == NULL) {
4316 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
4317 return (NULL);
4318 }
4319 dst->allocations = src->sadb_lifetime_allocations;
4320 dst->bytes = src->sadb_lifetime_bytes;
4321 dst->addtime = src->sadb_lifetime_addtime;
4322 dst->usetime = src->sadb_lifetime_usetime;
4323 return (dst);
4324 }
4325
4326 /*
4327 * compare two secasindex structure.
4328 * flag can specify to compare 2 saidxes.
4329 * compare two secasindex structure without both mode and reqid.
4330 * don't compare port.
4331 * IN:
4332 * saidx0: source, it can be in SAD.
4333 * saidx1: object.
4334 * OUT:
4335 * 1 : equal
4336 * 0 : not equal
4337 */
4338 static int
key_cmpsaidx(const struct secasindex * saidx0,const struct secasindex * saidx1,int flag)4339 key_cmpsaidx(const struct secasindex *saidx0, const struct secasindex *saidx1,
4340 int flag)
4341 {
4342
4343 /* sanity */
4344 if (saidx0 == NULL && saidx1 == NULL)
4345 return 1;
4346
4347 if (saidx0 == NULL || saidx1 == NULL)
4348 return 0;
4349
4350 if (saidx0->proto != saidx1->proto)
4351 return 0;
4352
4353 if (flag == CMP_EXACTLY) {
4354 if (saidx0->mode != saidx1->mode)
4355 return 0;
4356 if (saidx0->reqid != saidx1->reqid)
4357 return 0;
4358 if (bcmp(&saidx0->src, &saidx1->src,
4359 saidx0->src.sa.sa_len) != 0 ||
4360 bcmp(&saidx0->dst, &saidx1->dst,
4361 saidx0->dst.sa.sa_len) != 0)
4362 return 0;
4363 } else {
4364 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */
4365 if (flag == CMP_MODE_REQID || flag == CMP_REQID) {
4366 /*
4367 * If reqid of SPD is non-zero, unique SA is required.
4368 * The result must be of same reqid in this case.
4369 */
4370 if (saidx1->reqid != 0 &&
4371 saidx0->reqid != saidx1->reqid)
4372 return 0;
4373 }
4374
4375 if (flag == CMP_MODE_REQID) {
4376 if (saidx0->mode != IPSEC_MODE_ANY
4377 && saidx0->mode != saidx1->mode)
4378 return 0;
4379 }
4380
4381 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, 0) != 0)
4382 return 0;
4383 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, 0) != 0)
4384 return 0;
4385 }
4386
4387 return 1;
4388 }
4389
4390 /*
4391 * compare two secindex structure exactly.
4392 * IN:
4393 * spidx0: source, it is often in SPD.
4394 * spidx1: object, it is often from PFKEY message.
4395 * OUT:
4396 * 1 : equal
4397 * 0 : not equal
4398 */
4399 static int
key_cmpspidx_exactly(struct secpolicyindex * spidx0,struct secpolicyindex * spidx1)4400 key_cmpspidx_exactly(struct secpolicyindex *spidx0,
4401 struct secpolicyindex *spidx1)
4402 {
4403 /* sanity */
4404 if (spidx0 == NULL && spidx1 == NULL)
4405 return 1;
4406
4407 if (spidx0 == NULL || spidx1 == NULL)
4408 return 0;
4409
4410 if (spidx0->prefs != spidx1->prefs
4411 || spidx0->prefd != spidx1->prefd
4412 || spidx0->ul_proto != spidx1->ul_proto
4413 || spidx0->dir != spidx1->dir)
4414 return 0;
4415
4416 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 &&
4417 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0;
4418 }
4419
4420 /*
4421 * compare two secindex structure with mask.
4422 * IN:
4423 * spidx0: source, it is often in SPD.
4424 * spidx1: object, it is often from IP header.
4425 * OUT:
4426 * 1 : equal
4427 * 0 : not equal
4428 */
4429 static int
key_cmpspidx_withmask(struct secpolicyindex * spidx0,struct secpolicyindex * spidx1)4430 key_cmpspidx_withmask(struct secpolicyindex *spidx0,
4431 struct secpolicyindex *spidx1)
4432 {
4433 /* sanity */
4434 if (spidx0 == NULL && spidx1 == NULL)
4435 return 1;
4436
4437 if (spidx0 == NULL || spidx1 == NULL)
4438 return 0;
4439
4440 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family ||
4441 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family ||
4442 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len ||
4443 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len)
4444 return 0;
4445
4446 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
4447 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY
4448 && spidx0->ul_proto != spidx1->ul_proto)
4449 return 0;
4450
4451 switch (spidx0->src.sa.sa_family) {
4452 case AF_INET:
4453 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY
4454 && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port)
4455 return 0;
4456 if (!key_bbcmp(&spidx0->src.sin.sin_addr,
4457 &spidx1->src.sin.sin_addr, spidx0->prefs))
4458 return 0;
4459 break;
4460 case AF_INET6:
4461 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY
4462 && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port)
4463 return 0;
4464 /*
4465 * scope_id check. if sin6_scope_id is 0, we regard it
4466 * as a wildcard scope, which matches any scope zone ID.
4467 */
4468 if (spidx0->src.sin6.sin6_scope_id &&
4469 spidx1->src.sin6.sin6_scope_id &&
4470 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id)
4471 return 0;
4472 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr,
4473 &spidx1->src.sin6.sin6_addr, spidx0->prefs))
4474 return 0;
4475 break;
4476 default:
4477 /* XXX */
4478 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0)
4479 return 0;
4480 break;
4481 }
4482
4483 switch (spidx0->dst.sa.sa_family) {
4484 case AF_INET:
4485 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY
4486 && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port)
4487 return 0;
4488 if (!key_bbcmp(&spidx0->dst.sin.sin_addr,
4489 &spidx1->dst.sin.sin_addr, spidx0->prefd))
4490 return 0;
4491 break;
4492 case AF_INET6:
4493 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY
4494 && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port)
4495 return 0;
4496 /*
4497 * scope_id check. if sin6_scope_id is 0, we regard it
4498 * as a wildcard scope, which matches any scope zone ID.
4499 */
4500 if (spidx0->dst.sin6.sin6_scope_id &&
4501 spidx1->dst.sin6.sin6_scope_id &&
4502 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id)
4503 return 0;
4504 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr,
4505 &spidx1->dst.sin6.sin6_addr, spidx0->prefd))
4506 return 0;
4507 break;
4508 default:
4509 /* XXX */
4510 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0)
4511 return 0;
4512 break;
4513 }
4514
4515 /* XXX Do we check other field ? e.g. flowinfo */
4516
4517 return 1;
4518 }
4519
4520 #ifdef satosin
4521 #undef satosin
4522 #endif
4523 #define satosin(s) ((const struct sockaddr_in *)s)
4524 #ifdef satosin6
4525 #undef satosin6
4526 #endif
4527 #define satosin6(s) ((const struct sockaddr_in6 *)s)
4528 /* returns 0 on match */
4529 int
key_sockaddrcmp(const struct sockaddr * sa1,const struct sockaddr * sa2,int port)4530 key_sockaddrcmp(const struct sockaddr *sa1, const struct sockaddr *sa2,
4531 int port)
4532 {
4533 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
4534 return 1;
4535
4536 switch (sa1->sa_family) {
4537 #ifdef INET
4538 case AF_INET:
4539 if (sa1->sa_len != sizeof(struct sockaddr_in))
4540 return 1;
4541 if (satosin(sa1)->sin_addr.s_addr !=
4542 satosin(sa2)->sin_addr.s_addr) {
4543 return 1;
4544 }
4545 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port)
4546 return 1;
4547 break;
4548 #endif
4549 #ifdef INET6
4550 case AF_INET6:
4551 if (sa1->sa_len != sizeof(struct sockaddr_in6))
4552 return 1; /*EINVAL*/
4553 if (satosin6(sa1)->sin6_scope_id !=
4554 satosin6(sa2)->sin6_scope_id) {
4555 return 1;
4556 }
4557 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr,
4558 &satosin6(sa2)->sin6_addr)) {
4559 return 1;
4560 }
4561 if (port &&
4562 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) {
4563 return 1;
4564 }
4565 break;
4566 #endif
4567 default:
4568 if (bcmp(sa1, sa2, sa1->sa_len) != 0)
4569 return 1;
4570 break;
4571 }
4572
4573 return 0;
4574 }
4575
4576 /* returns 0 on match */
4577 int
key_sockaddrcmp_withmask(const struct sockaddr * sa1,const struct sockaddr * sa2,size_t mask)4578 key_sockaddrcmp_withmask(const struct sockaddr *sa1,
4579 const struct sockaddr *sa2, size_t mask)
4580 {
4581 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
4582 return (1);
4583
4584 switch (sa1->sa_family) {
4585 #ifdef INET
4586 case AF_INET:
4587 return (!key_bbcmp(&satosin(sa1)->sin_addr,
4588 &satosin(sa2)->sin_addr, mask));
4589 #endif
4590 #ifdef INET6
4591 case AF_INET6:
4592 if (satosin6(sa1)->sin6_scope_id !=
4593 satosin6(sa2)->sin6_scope_id)
4594 return (1);
4595 return (!key_bbcmp(&satosin6(sa1)->sin6_addr,
4596 &satosin6(sa2)->sin6_addr, mask));
4597 #endif
4598 }
4599 return (1);
4600 }
4601 #undef satosin
4602 #undef satosin6
4603
4604 /*
4605 * compare two buffers with mask.
4606 * IN:
4607 * addr1: source
4608 * addr2: object
4609 * bits: Number of bits to compare
4610 * OUT:
4611 * 1 : equal
4612 * 0 : not equal
4613 */
4614 static int
key_bbcmp(const void * a1,const void * a2,u_int bits)4615 key_bbcmp(const void *a1, const void *a2, u_int bits)
4616 {
4617 const unsigned char *p1 = a1;
4618 const unsigned char *p2 = a2;
4619
4620 /* XXX: This could be considerably faster if we compare a word
4621 * at a time, but it is complicated on LSB Endian machines */
4622
4623 /* Handle null pointers */
4624 if (p1 == NULL || p2 == NULL)
4625 return (p1 == p2);
4626
4627 while (bits >= 8) {
4628 if (*p1++ != *p2++)
4629 return 0;
4630 bits -= 8;
4631 }
4632
4633 if (bits > 0) {
4634 u_int8_t mask = ~((1<<(8-bits))-1);
4635 if ((*p1 & mask) != (*p2 & mask))
4636 return 0;
4637 }
4638 return 1; /* Match! */
4639 }
4640
4641 static void
key_flush_spd(time_t now)4642 key_flush_spd(time_t now)
4643 {
4644 SPTREE_RLOCK_TRACKER;
4645 struct secpolicy_list drainq;
4646 struct secpolicy *sp, *nextsp;
4647 u_int dir;
4648
4649 LIST_INIT(&drainq);
4650 SPTREE_RLOCK();
4651 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
4652 TAILQ_FOREACH(sp, &V_sptree[dir], chain) {
4653 if (sp->lifetime == 0 && sp->validtime == 0)
4654 continue;
4655 if ((sp->lifetime &&
4656 now - sp->created > sp->lifetime) ||
4657 (sp->validtime &&
4658 now - sp->lastused > sp->validtime)) {
4659 /* Hold extra reference to send SPDEXPIRE */
4660 SP_ADDREF(sp);
4661 LIST_INSERT_HEAD(&drainq, sp, drainq);
4662 }
4663 }
4664 }
4665 SPTREE_RUNLOCK();
4666 if (LIST_EMPTY(&drainq))
4667 return;
4668
4669 SPTREE_WLOCK();
4670 sp = LIST_FIRST(&drainq);
4671 while (sp != NULL) {
4672 nextsp = LIST_NEXT(sp, drainq);
4673 /* Check that SP is still linked */
4674 if (sp->state != IPSEC_SPSTATE_ALIVE) {
4675 LIST_REMOVE(sp, drainq);
4676 key_freesp(&sp); /* release extra reference */
4677 sp = nextsp;
4678 continue;
4679 }
4680 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain);
4681 V_spd_size--;
4682 LIST_REMOVE(sp, idhash);
4683 sp->state = IPSEC_SPSTATE_DEAD;
4684 ipsec_accel_spddel(sp);
4685 sp = nextsp;
4686 }
4687 V_sp_genid++;
4688 SPTREE_WUNLOCK();
4689 if (SPDCACHE_ENABLED())
4690 spdcache_clear();
4691
4692 sp = LIST_FIRST(&drainq);
4693 while (sp != NULL) {
4694 nextsp = LIST_NEXT(sp, drainq);
4695 key_spdexpire(sp);
4696 key_freesp(&sp); /* release extra reference */
4697 key_freesp(&sp); /* release last reference */
4698 sp = nextsp;
4699 }
4700 }
4701
4702 static void
key_flush_sad(time_t now)4703 key_flush_sad(time_t now)
4704 {
4705 SAHTREE_RLOCK_TRACKER;
4706 struct secashead_list emptyq;
4707 struct secasvar_list drainq, hexpireq, sexpireq, freeq;
4708 struct secashead *sah, *nextsah;
4709 struct secasvar *sav, *nextsav;
4710
4711 SECASVAR_RLOCK_TRACKER;
4712
4713 LIST_INIT(&drainq);
4714 LIST_INIT(&hexpireq);
4715 LIST_INIT(&sexpireq);
4716 LIST_INIT(&emptyq);
4717
4718 SAHTREE_RLOCK();
4719 TAILQ_FOREACH(sah, &V_sahtree, chain) {
4720 /* Check for empty SAH */
4721 if (TAILQ_EMPTY(&sah->savtree_larval) &&
4722 TAILQ_EMPTY(&sah->savtree_alive)) {
4723 SAH_ADDREF(sah);
4724 LIST_INSERT_HEAD(&emptyq, sah, drainq);
4725 continue;
4726 }
4727 /* Add all stale LARVAL SAs into drainq */
4728 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
4729 if (now - sav->created < V_key_larval_lifetime)
4730 continue;
4731 SAV_ADDREF(sav);
4732 LIST_INSERT_HEAD(&drainq, sav, drainq);
4733 }
4734 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
4735 /* lifetimes aren't specified */
4736 if (sav->lft_h == NULL)
4737 continue;
4738 SECASVAR_RLOCK(sav);
4739 /*
4740 * Check again with lock held, because it may
4741 * be updated by SADB_UPDATE.
4742 */
4743 if (sav->lft_h == NULL) {
4744 SECASVAR_RUNLOCK(sav);
4745 continue;
4746 }
4747 /*
4748 * RFC 2367:
4749 * HARD lifetimes MUST take precedence over SOFT
4750 * lifetimes, meaning if the HARD and SOFT lifetimes
4751 * are the same, the HARD lifetime will appear on the
4752 * EXPIRE message.
4753 */
4754 /* check HARD lifetime */
4755 if ((sav->lft_h->addtime != 0 &&
4756 now - sav->created > sav->lft_h->addtime) ||
4757 (sav->lft_h->usetime != 0 && sav->firstused &&
4758 now - sav->firstused > sav->lft_h->usetime) ||
4759 (sav->lft_h->bytes != 0 && counter_u64_fetch(
4760 sav->lft_c_bytes) > sav->lft_h->bytes)) {
4761 SECASVAR_RUNLOCK(sav);
4762 SAV_ADDREF(sav);
4763 LIST_INSERT_HEAD(&hexpireq, sav, drainq);
4764 continue;
4765 }
4766 /* check SOFT lifetime (only for MATURE SAs) */
4767 if (sav->state == SADB_SASTATE_MATURE && (
4768 (sav->lft_s->addtime != 0 &&
4769 now - sav->created > sav->lft_s->addtime) ||
4770 (sav->lft_s->usetime != 0 && sav->firstused &&
4771 now - sav->firstused > sav->lft_s->usetime) ||
4772 (sav->lft_s->bytes != 0 && counter_u64_fetch(
4773 sav->lft_c_bytes) > sav->lft_s->bytes) ||
4774 (!(sav->flags & SADB_X_SAFLAGS_ESN) &&
4775 (sav->replay != NULL) && (
4776 (sav->replay->count > UINT32_80PCT) ||
4777 (sav->replay->last > UINT32_80PCT))))) {
4778 SECASVAR_RUNLOCK(sav);
4779 SAV_ADDREF(sav);
4780 LIST_INSERT_HEAD(&sexpireq, sav, drainq);
4781 continue;
4782 }
4783 SECASVAR_RUNLOCK(sav);
4784 }
4785 }
4786 SAHTREE_RUNLOCK();
4787
4788 if (LIST_EMPTY(&emptyq) && LIST_EMPTY(&drainq) &&
4789 LIST_EMPTY(&hexpireq) && LIST_EMPTY(&sexpireq))
4790 return;
4791
4792 LIST_INIT(&freeq);
4793 SAHTREE_WLOCK();
4794 /* Unlink stale LARVAL SAs */
4795 sav = LIST_FIRST(&drainq);
4796 while (sav != NULL) {
4797 nextsav = LIST_NEXT(sav, drainq);
4798 /* Check that SA is still LARVAL */
4799 if (sav->state != SADB_SASTATE_LARVAL) {
4800 LIST_REMOVE(sav, drainq);
4801 LIST_INSERT_HEAD(&freeq, sav, drainq);
4802 sav = nextsav;
4803 continue;
4804 }
4805 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain);
4806 LIST_REMOVE(sav, spihash);
4807 sav->state = SADB_SASTATE_DEAD;
4808 ipsec_accel_forget_sav(sav);
4809 sav = nextsav;
4810 }
4811 /* Unlink all SAs with expired HARD lifetime */
4812 sav = LIST_FIRST(&hexpireq);
4813 while (sav != NULL) {
4814 nextsav = LIST_NEXT(sav, drainq);
4815 /* Check that SA is not unlinked */
4816 if (sav->state == SADB_SASTATE_DEAD) {
4817 LIST_REMOVE(sav, drainq);
4818 LIST_INSERT_HEAD(&freeq, sav, drainq);
4819 sav = nextsav;
4820 continue;
4821 }
4822 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain);
4823 LIST_REMOVE(sav, spihash);
4824 sav->state = SADB_SASTATE_DEAD;
4825 ipsec_accel_forget_sav(sav);
4826 sav = nextsav;
4827 }
4828 /* Mark all SAs with expired SOFT lifetime as DYING */
4829 sav = LIST_FIRST(&sexpireq);
4830 while (sav != NULL) {
4831 nextsav = LIST_NEXT(sav, drainq);
4832 /* Check that SA is not unlinked */
4833 if (sav->state == SADB_SASTATE_DEAD) {
4834 LIST_REMOVE(sav, drainq);
4835 LIST_INSERT_HEAD(&freeq, sav, drainq);
4836 sav = nextsav;
4837 continue;
4838 }
4839 /*
4840 * NOTE: this doesn't change SA order in the chain.
4841 */
4842 sav->state = SADB_SASTATE_DYING;
4843 sav = nextsav;
4844 }
4845 /* Unlink empty SAHs */
4846 sah = LIST_FIRST(&emptyq);
4847 while (sah != NULL) {
4848 nextsah = LIST_NEXT(sah, drainq);
4849 /* Check that SAH is still empty and not unlinked */
4850 if (sah->state == SADB_SASTATE_DEAD ||
4851 !TAILQ_EMPTY(&sah->savtree_larval) ||
4852 !TAILQ_EMPTY(&sah->savtree_alive)) {
4853 LIST_REMOVE(sah, drainq);
4854 key_freesah(&sah); /* release extra reference */
4855 sah = nextsah;
4856 continue;
4857 }
4858 TAILQ_REMOVE(&V_sahtree, sah, chain);
4859 LIST_REMOVE(sah, addrhash);
4860 sah->state = SADB_SASTATE_DEAD;
4861 sah = nextsah;
4862 }
4863 SAHTREE_WUNLOCK();
4864
4865 /* Send SPDEXPIRE messages */
4866 sav = LIST_FIRST(&hexpireq);
4867 while (sav != NULL) {
4868 nextsav = LIST_NEXT(sav, drainq);
4869 key_expire(sav, 1);
4870 key_freesah(&sav->sah); /* release reference from SAV */
4871 key_freesav(&sav); /* release extra reference */
4872 key_freesav(&sav); /* release last reference */
4873 sav = nextsav;
4874 }
4875 sav = LIST_FIRST(&sexpireq);
4876 while (sav != NULL) {
4877 nextsav = LIST_NEXT(sav, drainq);
4878 key_expire(sav, 0);
4879 key_freesav(&sav); /* release extra reference */
4880 sav = nextsav;
4881 }
4882 /* Free stale LARVAL SAs */
4883 sav = LIST_FIRST(&drainq);
4884 while (sav != NULL) {
4885 nextsav = LIST_NEXT(sav, drainq);
4886 key_freesah(&sav->sah); /* release reference from SAV */
4887 key_freesav(&sav); /* release extra reference */
4888 key_freesav(&sav); /* release last reference */
4889 sav = nextsav;
4890 }
4891 /* Free SAs that were unlinked/changed by someone else */
4892 sav = LIST_FIRST(&freeq);
4893 while (sav != NULL) {
4894 nextsav = LIST_NEXT(sav, drainq);
4895 key_freesav(&sav); /* release extra reference */
4896 sav = nextsav;
4897 }
4898 /* Free empty SAH */
4899 sah = LIST_FIRST(&emptyq);
4900 while (sah != NULL) {
4901 nextsah = LIST_NEXT(sah, drainq);
4902 key_freesah(&sah); /* release extra reference */
4903 key_freesah(&sah); /* release last reference */
4904 sah = nextsah;
4905 }
4906 }
4907
4908 static void
key_flush_acq(time_t now)4909 key_flush_acq(time_t now)
4910 {
4911 struct secacq *acq, *nextacq;
4912
4913 /* ACQ tree */
4914 ACQ_LOCK();
4915 acq = LIST_FIRST(&V_acqtree);
4916 while (acq != NULL) {
4917 nextacq = LIST_NEXT(acq, chain);
4918 if (now - acq->created > V_key_blockacq_lifetime) {
4919 LIST_REMOVE(acq, chain);
4920 LIST_REMOVE(acq, addrhash);
4921 LIST_REMOVE(acq, seqhash);
4922 free(acq, M_IPSEC_SAQ);
4923 }
4924 acq = nextacq;
4925 }
4926 ACQ_UNLOCK();
4927 }
4928
4929 static void
key_flush_spacq(time_t now)4930 key_flush_spacq(time_t now)
4931 {
4932 struct secspacq *acq, *nextacq;
4933
4934 /* SP ACQ tree */
4935 SPACQ_LOCK();
4936 for (acq = LIST_FIRST(&V_spacqtree); acq != NULL; acq = nextacq) {
4937 nextacq = LIST_NEXT(acq, chain);
4938 if (now - acq->created > V_key_blockacq_lifetime
4939 && __LIST_CHAINED(acq)) {
4940 LIST_REMOVE(acq, chain);
4941 free(acq, M_IPSEC_SAQ);
4942 }
4943 }
4944 SPACQ_UNLOCK();
4945 }
4946
4947 /*
4948 * time handler.
4949 * scanning SPD and SAD to check status for each entries,
4950 * and do to remove or to expire.
4951 * XXX: year 2038 problem may remain.
4952 */
4953 static void
key_timehandler(void * arg)4954 key_timehandler(void *arg)
4955 {
4956 VNET_ITERATOR_DECL(vnet_iter);
4957 time_t now = time_second;
4958
4959 VNET_LIST_RLOCK_NOSLEEP();
4960 VNET_FOREACH(vnet_iter) {
4961 CURVNET_SET(vnet_iter);
4962 key_flush_spd(now);
4963 key_flush_sad(now);
4964 key_flush_acq(now);
4965 key_flush_spacq(now);
4966 CURVNET_RESTORE();
4967 }
4968 VNET_LIST_RUNLOCK_NOSLEEP();
4969
4970 #ifndef IPSEC_DEBUG2
4971 /* do exchange to tick time !! */
4972 callout_schedule(&key_timer, hz);
4973 #endif /* IPSEC_DEBUG2 */
4974 }
4975
4976 u_long
key_random(void)4977 key_random(void)
4978 {
4979 u_long value;
4980
4981 arc4random_buf(&value, sizeof(value));
4982 return value;
4983 }
4984
4985 /*
4986 * map SADB_SATYPE_* to IPPROTO_*.
4987 * if satype == SADB_SATYPE then satype is mapped to ~0.
4988 * OUT:
4989 * 0: invalid satype.
4990 */
4991 static uint8_t
key_satype2proto(uint8_t satype)4992 key_satype2proto(uint8_t satype)
4993 {
4994 switch (satype) {
4995 case SADB_SATYPE_UNSPEC:
4996 return IPSEC_PROTO_ANY;
4997 case SADB_SATYPE_AH:
4998 return IPPROTO_AH;
4999 case SADB_SATYPE_ESP:
5000 return IPPROTO_ESP;
5001 case SADB_X_SATYPE_IPCOMP:
5002 return IPPROTO_IPCOMP;
5003 case SADB_X_SATYPE_TCPSIGNATURE:
5004 return IPPROTO_TCP;
5005 default:
5006 return 0;
5007 }
5008 /* NOTREACHED */
5009 }
5010
5011 /*
5012 * map IPPROTO_* to SADB_SATYPE_*
5013 * OUT:
5014 * 0: invalid protocol type.
5015 */
5016 static uint8_t
key_proto2satype(uint8_t proto)5017 key_proto2satype(uint8_t proto)
5018 {
5019 switch (proto) {
5020 case IPPROTO_AH:
5021 return SADB_SATYPE_AH;
5022 case IPPROTO_ESP:
5023 return SADB_SATYPE_ESP;
5024 case IPPROTO_IPCOMP:
5025 return SADB_X_SATYPE_IPCOMP;
5026 case IPPROTO_TCP:
5027 return SADB_X_SATYPE_TCPSIGNATURE;
5028 default:
5029 return 0;
5030 }
5031 /* NOTREACHED */
5032 }
5033
5034 /* %%% PF_KEY */
5035 /*
5036 * SADB_GETSPI processing is to receive
5037 * <base, (SA2), src address, dst address, (SPI range)>
5038 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
5039 * tree with the status of LARVAL, and send
5040 * <base, SA(*), address(SD)>
5041 * to the IKMPd.
5042 *
5043 * IN: mhp: pointer to the pointer to each header.
5044 * OUT: NULL if fail.
5045 * other if success, return pointer to the message to send.
5046 */
5047 static int
key_getspi(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)5048 key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
5049 {
5050 struct secasindex saidx;
5051 struct sadb_address *src0, *dst0;
5052 struct secasvar *sav;
5053 uint32_t reqid, spi;
5054 int error;
5055 uint8_t mode, proto;
5056
5057 IPSEC_ASSERT(so != NULL, ("null socket"));
5058 IPSEC_ASSERT(m != NULL, ("null mbuf"));
5059 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
5060 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
5061
5062 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) ||
5063 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST)
5064 #ifdef PFKEY_STRICT_CHECKS
5065 || SADB_CHECKHDR(mhp, SADB_EXT_SPIRANGE)
5066 #endif
5067 ) {
5068 ipseclog((LOG_DEBUG,
5069 "%s: invalid message: missing required header.\n",
5070 __func__));
5071 error = EINVAL;
5072 goto fail;
5073 }
5074 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) ||
5075 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)
5076 #ifdef PFKEY_STRICT_CHECKS
5077 || SADB_CHECKLEN(mhp, SADB_EXT_SPIRANGE)
5078 #endif
5079 ) {
5080 ipseclog((LOG_DEBUG,
5081 "%s: invalid message: wrong header size.\n", __func__));
5082 error = EINVAL;
5083 goto fail;
5084 }
5085 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) {
5086 mode = IPSEC_MODE_ANY;
5087 reqid = 0;
5088 } else {
5089 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) {
5090 ipseclog((LOG_DEBUG,
5091 "%s: invalid message: wrong header size.\n",
5092 __func__));
5093 error = EINVAL;
5094 goto fail;
5095 }
5096 mode = ((struct sadb_x_sa2 *)
5097 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5098 reqid = ((struct sadb_x_sa2 *)
5099 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5100 }
5101
5102 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5103 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5104
5105 /* map satype to proto */
5106 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5107 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
5108 __func__));
5109 error = EINVAL;
5110 goto fail;
5111 }
5112 error = key_checksockaddrs((struct sockaddr *)(src0 + 1),
5113 (struct sockaddr *)(dst0 + 1));
5114 if (error != 0) {
5115 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__));
5116 error = EINVAL;
5117 goto fail;
5118 }
5119 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5120
5121 /* SPI allocation */
5122 SPI_ALLOC_LOCK();
5123 spi = key_do_getnewspi(
5124 (struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], &saidx);
5125 if (spi == 0) {
5126 /*
5127 * Requested SPI or SPI range is not available or
5128 * already used.
5129 */
5130 SPI_ALLOC_UNLOCK();
5131 error = EEXIST;
5132 goto fail;
5133 }
5134 sav = key_newsav(mhp, &saidx, spi, &error);
5135 SPI_ALLOC_UNLOCK();
5136 if (sav == NULL)
5137 goto fail;
5138
5139 if (sav->seq != 0) {
5140 /*
5141 * RFC2367:
5142 * If the SADB_GETSPI message is in response to a
5143 * kernel-generated SADB_ACQUIRE, the sadb_msg_seq
5144 * MUST be the same as the SADB_ACQUIRE message.
5145 *
5146 * XXXAE: However it doesn't definethe behaviour how to
5147 * check this and what to do if it doesn't match.
5148 * Also what we should do if it matches?
5149 *
5150 * We can compare saidx used in SADB_ACQUIRE with saidx
5151 * used in SADB_GETSPI, but this probably can break
5152 * existing software. For now just warn if it doesn't match.
5153 *
5154 * XXXAE: anyway it looks useless.
5155 */
5156 key_acqdone(&saidx, sav->seq);
5157 }
5158 KEYDBG(KEY_STAMP,
5159 printf("%s: SA(%p)\n", __func__, sav));
5160 KEYDBG(KEY_DATA, kdebug_secasv(sav));
5161
5162 {
5163 struct mbuf *n, *nn;
5164 struct sadb_sa *m_sa;
5165 struct sadb_msg *newmsg;
5166 int off, len;
5167
5168 /* create new sadb_msg to reply. */
5169 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
5170 PFKEY_ALIGN8(sizeof(struct sadb_sa));
5171
5172 n = key_mget(len);
5173 if (n == NULL) {
5174 error = ENOBUFS;
5175 goto fail;
5176 }
5177
5178 n->m_len = len;
5179 n->m_next = NULL;
5180 off = 0;
5181
5182 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
5183 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
5184
5185 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off);
5186 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
5187 m_sa->sadb_sa_exttype = SADB_EXT_SA;
5188 m_sa->sadb_sa_spi = spi; /* SPI is already in network byte order */
5189 off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
5190
5191 IPSEC_ASSERT(off == len,
5192 ("length inconsistency (off %u len %u)", off, len));
5193
5194 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC,
5195 SADB_EXT_ADDRESS_DST);
5196 if (!n->m_next) {
5197 m_freem(n);
5198 error = ENOBUFS;
5199 goto fail;
5200 }
5201
5202 if (n->m_len < sizeof(struct sadb_msg)) {
5203 n = m_pullup(n, sizeof(struct sadb_msg));
5204 if (n == NULL)
5205 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
5206 }
5207
5208 n->m_pkthdr.len = 0;
5209 for (nn = n; nn; nn = nn->m_next)
5210 n->m_pkthdr.len += nn->m_len;
5211
5212 newmsg = mtod(n, struct sadb_msg *);
5213 newmsg->sadb_msg_seq = sav->seq;
5214 newmsg->sadb_msg_errno = 0;
5215 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5216
5217 m_freem(m);
5218 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
5219 }
5220
5221 fail:
5222 return (key_senderror(so, m, error));
5223 }
5224
5225 /*
5226 * allocating new SPI
5227 * called by key_getspi().
5228 * OUT:
5229 * 0: failure.
5230 * others: success, SPI in network byte order.
5231 */
5232 static uint32_t
key_do_getnewspi(struct sadb_spirange * spirange,struct secasindex * saidx)5233 key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx)
5234 {
5235 uint32_t min, max, newspi, t;
5236 int tries, limit;
5237
5238 SPI_ALLOC_LOCK_ASSERT();
5239
5240 /* set spi range to allocate */
5241 if (spirange != NULL) {
5242 min = spirange->sadb_spirange_min;
5243 max = spirange->sadb_spirange_max;
5244 } else {
5245 min = V_key_spi_minval;
5246 max = V_key_spi_maxval;
5247 }
5248 /* IPCOMP needs 2-byte SPI */
5249 if (saidx->proto == IPPROTO_IPCOMP) {
5250 if (min >= 0x10000)
5251 min = 0xffff;
5252 if (max >= 0x10000)
5253 max = 0xffff;
5254 if (min > max) {
5255 t = min; min = max; max = t;
5256 }
5257 }
5258
5259 if (min == max) {
5260 if (key_checkspidup(htonl(min))) {
5261 ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n",
5262 __func__, min));
5263 return 0;
5264 }
5265
5266 tries = 1;
5267 newspi = min;
5268 } else {
5269 /* init SPI */
5270 newspi = 0;
5271
5272 limit = atomic_load_int(&V_key_spi_trycnt);
5273 /* when requesting to allocate spi ranged */
5274 for (tries = 0; tries < limit; tries++) {
5275 /* generate pseudo-random SPI value ranged. */
5276 newspi = min + (key_random() % (max - min + 1));
5277 if (!key_checkspidup(htonl(newspi)))
5278 break;
5279 }
5280
5281 if (tries == limit || newspi == 0) {
5282 ipseclog((LOG_DEBUG,
5283 "%s: failed to allocate SPI.\n", __func__));
5284 return 0;
5285 }
5286 }
5287
5288 /* statistics */
5289 keystat.getspi_count =
5290 (keystat.getspi_count + tries) / 2;
5291
5292 return (htonl(newspi));
5293 }
5294
5295 /*
5296 * Find TCP-MD5 SA with corresponding secasindex.
5297 * If not found, return NULL and fill SPI with usable value if needed.
5298 */
5299 static struct secasvar *
key_getsav_tcpmd5(struct secasindex * saidx,uint32_t * spi)5300 key_getsav_tcpmd5(struct secasindex *saidx, uint32_t *spi)
5301 {
5302 SAHTREE_RLOCK_TRACKER;
5303 struct secashead *sah;
5304 struct secasvar *sav;
5305
5306 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, ("wrong proto"));
5307 SAHTREE_RLOCK();
5308 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) {
5309 if (sah->saidx.proto != IPPROTO_TCP)
5310 continue;
5311 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) &&
5312 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0))
5313 break;
5314 }
5315 if (sah != NULL) {
5316 if (V_key_preferred_oldsa)
5317 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue);
5318 else
5319 sav = TAILQ_FIRST(&sah->savtree_alive);
5320 if (sav != NULL) {
5321 SAV_ADDREF(sav);
5322 SAHTREE_RUNLOCK();
5323 return (sav);
5324 }
5325 }
5326 if (spi == NULL) {
5327 /* No SPI required */
5328 SAHTREE_RUNLOCK();
5329 return (NULL);
5330 }
5331 /* Check that SPI is unique */
5332 LIST_FOREACH(sav, SAVHASH_HASH(*spi), spihash) {
5333 if (sav->spi == *spi)
5334 break;
5335 }
5336 if (sav == NULL) {
5337 SAHTREE_RUNLOCK();
5338 /* SPI is already unique */
5339 return (NULL);
5340 }
5341 SAHTREE_RUNLOCK();
5342 /* XXX: not optimal */
5343 *spi = key_do_getnewspi(NULL, saidx);
5344 return (NULL);
5345 }
5346
5347 static int
key_updateaddresses(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp,struct secasvar * sav,struct secasindex * saidx)5348 key_updateaddresses(struct socket *so, struct mbuf *m,
5349 const struct sadb_msghdr *mhp, struct secasvar *sav,
5350 struct secasindex *saidx)
5351 {
5352 struct sockaddr *newaddr;
5353 struct secashead *sah;
5354 struct secasvar *newsav, *tmp;
5355 struct mbuf *n;
5356 int error, isnew;
5357
5358 /* Check that we need to change SAH */
5359 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC)) {
5360 newaddr = (struct sockaddr *)(
5361 ((struct sadb_address *)
5362 mhp->ext[SADB_X_EXT_NEW_ADDRESS_SRC]) + 1);
5363 bcopy(newaddr, &saidx->src, newaddr->sa_len);
5364 key_porttosaddr(&saidx->src.sa, 0);
5365 }
5366 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) {
5367 newaddr = (struct sockaddr *)(
5368 ((struct sadb_address *)
5369 mhp->ext[SADB_X_EXT_NEW_ADDRESS_DST]) + 1);
5370 bcopy(newaddr, &saidx->dst, newaddr->sa_len);
5371 key_porttosaddr(&saidx->dst.sa, 0);
5372 }
5373 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) ||
5374 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) {
5375 error = key_checksockaddrs(&saidx->src.sa, &saidx->dst.sa);
5376 if (error != 0) {
5377 ipseclog((LOG_DEBUG, "%s: invalid new sockaddr.\n",
5378 __func__));
5379 return (error);
5380 }
5381
5382 sah = key_getsah(saidx);
5383 if (sah == NULL) {
5384 /* create a new SA index */
5385 sah = key_newsah(saidx);
5386 if (sah == NULL) {
5387 ipseclog((LOG_DEBUG,
5388 "%s: No more memory.\n", __func__));
5389 return (ENOBUFS);
5390 }
5391 isnew = 2; /* SAH is new */
5392 } else
5393 isnew = 1; /* existing SAH is referenced */
5394 } else {
5395 /*
5396 * src and dst addresses are still the same.
5397 * Do we want to change NAT-T config?
5398 */
5399 if (sav->sah->saidx.proto != IPPROTO_ESP ||
5400 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) ||
5401 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) ||
5402 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) {
5403 ipseclog((LOG_DEBUG,
5404 "%s: invalid message: missing required header.\n",
5405 __func__));
5406 return (EINVAL);
5407 }
5408 /* We hold reference to SA, thus SAH will be referenced too. */
5409 sah = sav->sah;
5410 isnew = 0;
5411 }
5412
5413 newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA,
5414 M_NOWAIT | M_ZERO);
5415 if (newsav == NULL) {
5416 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
5417 error = ENOBUFS;
5418 goto fail;
5419 }
5420
5421 /* Clone SA's content into newsav */
5422 SAV_INITREF(newsav);
5423 bcopy(sav, newsav, offsetof(struct secasvar, chain));
5424 #ifdef IPSEC_OFFLOAD
5425 CK_LIST_INIT(&newsav->accel_ifps);
5426 newsav->accel_forget_tq = 0;
5427 newsav->accel_lft_sw = uma_zalloc_pcpu(ipsec_key_lft_zone,
5428 M_NOWAIT | M_ZERO);
5429 if (newsav->accel_lft_sw == NULL) {
5430 error = ENOBUFS;
5431 goto fail;
5432 }
5433 if (sav->accel_ifname != NULL) {
5434 struct sadb_x_if_hw_offl xof;
5435
5436 newsav->accel_ifname = malloc(sizeof(xof.sadb_x_if_hw_offl_if),
5437 M_IPSEC_MISC, M_NOWAIT);
5438 if (newsav->accel_ifname == NULL) {
5439 error = ENOBUFS;
5440 goto fail;
5441 }
5442 strncpy(__DECONST(char *, sav->accel_ifname),
5443 newsav->accel_ifname,
5444 sizeof(xof.sadb_x_if_hw_offl_if));
5445 }
5446 #endif
5447
5448 /*
5449 * We create new NAT-T config if it is needed.
5450 * Old NAT-T config will be freed by key_cleansav() when
5451 * last reference to SA will be released.
5452 */
5453 newsav->natt = NULL;
5454 newsav->sah = sah;
5455 newsav->state = SADB_SASTATE_MATURE;
5456 error = key_setnatt(newsav, mhp);
5457 if (error != 0)
5458 goto fail;
5459
5460 SAHTREE_WLOCK();
5461 /* Check that SA is still alive */
5462 if (sav->state == SADB_SASTATE_DEAD) {
5463 /* SA was unlinked */
5464 SAHTREE_WUNLOCK();
5465 error = ESRCH;
5466 goto fail;
5467 }
5468
5469 /* Unlink SA from SAH and SPI hash */
5470 IPSEC_ASSERT((sav->flags & SADB_X_EXT_F_CLONED) == 0,
5471 ("SA is already cloned"));
5472 IPSEC_ASSERT(sav->state == SADB_SASTATE_MATURE ||
5473 sav->state == SADB_SASTATE_DYING,
5474 ("Wrong SA state %u\n", sav->state));
5475 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain);
5476 LIST_REMOVE(sav, spihash);
5477 sav->state = SADB_SASTATE_DEAD;
5478 ipsec_accel_forget_sav(sav);
5479
5480 /*
5481 * Link new SA with SAH. Keep SAs ordered by
5482 * create time (newer are first).
5483 */
5484 TAILQ_FOREACH(tmp, &sah->savtree_alive, chain) {
5485 if (newsav->created > tmp->created) {
5486 TAILQ_INSERT_BEFORE(tmp, newsav, chain);
5487 break;
5488 }
5489 }
5490 if (tmp == NULL)
5491 TAILQ_INSERT_TAIL(&sah->savtree_alive, newsav, chain);
5492
5493 /* Add new SA into SPI hash. */
5494 LIST_INSERT_HEAD(SAVHASH_HASH(newsav->spi), newsav, spihash);
5495
5496 /* Add new SAH into SADB. */
5497 if (isnew == 2) {
5498 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain);
5499 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash);
5500 sah->state = SADB_SASTATE_MATURE;
5501 SAH_ADDREF(sah); /* newsav references new SAH */
5502 }
5503 /*
5504 * isnew == 1 -> @sah was referenced by key_getsah().
5505 * isnew == 0 -> we use the same @sah, that was used by @sav,
5506 * and we use its reference for @newsav.
5507 */
5508 SECASVAR_WLOCK(sav);
5509 /* XXX: replace cntr with pointer? */
5510 newsav->cntr = sav->cntr;
5511 sav->flags |= SADB_X_EXT_F_CLONED;
5512 SECASVAR_WUNLOCK(sav);
5513
5514 SAHTREE_WUNLOCK();
5515
5516 KEYDBG(KEY_STAMP,
5517 printf("%s: SA(%p) cloned into SA(%p)\n",
5518 __func__, sav, newsav));
5519 KEYDBG(KEY_DATA, kdebug_secasv(newsav));
5520
5521 key_freesav(&sav); /* release last reference */
5522
5523 /* set msg buf from mhp */
5524 n = key_getmsgbuf_x1(m, mhp);
5525 if (n == NULL) {
5526 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
5527 return (ENOBUFS);
5528 }
5529 m_freem(m);
5530 key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5531 return (0);
5532 fail:
5533 if (isnew != 0)
5534 key_freesah(&sah);
5535 if (newsav != NULL) {
5536 #ifdef IPSEC_OFFLOAD
5537 uma_zfree_pcpu(ipsec_key_lft_zone, newsav->accel_lft_sw);
5538 free(__DECONST(char *, newsav->accel_ifname), M_IPSEC_MISC);
5539 #endif
5540 if (newsav->natt != NULL)
5541 free(newsav->natt, M_IPSEC_MISC);
5542 free(newsav, M_IPSEC_SA);
5543 }
5544 return (error);
5545 }
5546
5547 /*
5548 * SADB_UPDATE processing
5549 * receive
5550 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5551 * key(AE), (identity(SD),) (sensitivity)>
5552 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
5553 * and send
5554 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5555 * (identity(SD),) (sensitivity)>
5556 * to the ikmpd.
5557 *
5558 * m will always be freed.
5559 */
5560 static int
key_update(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)5561 key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
5562 {
5563 struct secasindex saidx;
5564 struct sadb_address *src0, *dst0;
5565 struct sadb_sa *sa0;
5566 struct secasvar *sav;
5567 uint32_t reqid;
5568 int error;
5569 uint8_t mode, proto;
5570
5571 IPSEC_ASSERT(so != NULL, ("null socket"));
5572 IPSEC_ASSERT(m != NULL, ("null mbuf"));
5573 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
5574 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
5575
5576 /* map satype to proto */
5577 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5578 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
5579 __func__));
5580 return key_senderror(so, m, EINVAL);
5581 }
5582
5583 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) ||
5584 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) ||
5585 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) ||
5586 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) &&
5587 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) ||
5588 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) &&
5589 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) {
5590 ipseclog((LOG_DEBUG,
5591 "%s: invalid message: missing required header.\n",
5592 __func__));
5593 return key_senderror(so, m, EINVAL);
5594 }
5595 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) ||
5596 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) ||
5597 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) {
5598 ipseclog((LOG_DEBUG,
5599 "%s: invalid message: wrong header size.\n", __func__));
5600 return key_senderror(so, m, EINVAL);
5601 }
5602 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) {
5603 mode = IPSEC_MODE_ANY;
5604 reqid = 0;
5605 } else {
5606 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) {
5607 ipseclog((LOG_DEBUG,
5608 "%s: invalid message: wrong header size.\n",
5609 __func__));
5610 return key_senderror(so, m, EINVAL);
5611 }
5612 mode = ((struct sadb_x_sa2 *)
5613 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5614 reqid = ((struct sadb_x_sa2 *)
5615 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5616 }
5617
5618 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5619 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5620 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5621
5622 /*
5623 * Only SADB_SASTATE_MATURE SAs may be submitted in an
5624 * SADB_UPDATE message.
5625 */
5626 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) {
5627 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__));
5628 #ifdef PFKEY_STRICT_CHECKS
5629 return key_senderror(so, m, EINVAL);
5630 #endif
5631 }
5632 error = key_checksockaddrs((struct sockaddr *)(src0 + 1),
5633 (struct sockaddr *)(dst0 + 1));
5634 if (error != 0) {
5635 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__));
5636 return key_senderror(so, m, error);
5637 }
5638 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5639 sav = key_getsavbyspi(sa0->sadb_sa_spi);
5640 if (sav == NULL) {
5641 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u\n",
5642 __func__, ntohl(sa0->sadb_sa_spi)));
5643 return key_senderror(so, m, EINVAL);
5644 }
5645 /*
5646 * Check that SADB_UPDATE issued by the same process that did
5647 * SADB_GETSPI or SADB_ADD.
5648 */
5649 if (sav->pid != mhp->msg->sadb_msg_pid) {
5650 ipseclog((LOG_DEBUG,
5651 "%s: pid mismatched (SPI %u, pid %u vs. %u)\n", __func__,
5652 ntohl(sav->spi), sav->pid, mhp->msg->sadb_msg_pid));
5653 key_freesav(&sav);
5654 return key_senderror(so, m, EINVAL);
5655 }
5656 /* saidx should match with SA. */
5657 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_MODE_REQID) == 0) {
5658 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u\n",
5659 __func__, ntohl(sav->spi)));
5660 key_freesav(&sav);
5661 return key_senderror(so, m, ESRCH);
5662 }
5663
5664 if (sav->state == SADB_SASTATE_LARVAL) {
5665 if ((mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
5666 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) ||
5667 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
5668 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH))) {
5669 ipseclog((LOG_DEBUG,
5670 "%s: invalid message: missing required header.\n",
5671 __func__));
5672 key_freesav(&sav);
5673 return key_senderror(so, m, EINVAL);
5674 }
5675 /*
5676 * We can set any values except src, dst and SPI.
5677 */
5678 error = key_setsaval(sav, mhp);
5679 if (error != 0) {
5680 key_freesav(&sav);
5681 return (key_senderror(so, m, error));
5682 }
5683 /* Change SA state to MATURE */
5684 SAHTREE_WLOCK();
5685 if (sav->state != SADB_SASTATE_LARVAL) {
5686 /* SA was deleted or another thread made it MATURE. */
5687 SAHTREE_WUNLOCK();
5688 key_freesav(&sav);
5689 return (key_senderror(so, m, ESRCH));
5690 }
5691 /*
5692 * NOTE: we keep SAs in savtree_alive ordered by created
5693 * time. When SA's state changed from LARVAL to MATURE,
5694 * we update its created time in key_setsaval() and move
5695 * it into head of savtree_alive.
5696 */
5697 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain);
5698 TAILQ_INSERT_HEAD(&sav->sah->savtree_alive, sav, chain);
5699 sav->state = SADB_SASTATE_MATURE;
5700 SAHTREE_WUNLOCK();
5701 } else {
5702 /*
5703 * For DYING and MATURE SA we can change only state
5704 * and lifetimes. Report EINVAL if something else attempted
5705 * to change.
5706 */
5707 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) ||
5708 !SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) {
5709 key_freesav(&sav);
5710 return (key_senderror(so, m, EINVAL));
5711 }
5712 error = key_updatelifetimes(sav, mhp);
5713 if (error != 0) {
5714 key_freesav(&sav);
5715 return (key_senderror(so, m, error));
5716 }
5717 /*
5718 * This is FreeBSD extension to RFC2367.
5719 * IKEd can specify SADB_X_EXT_NEW_ADDRESS_SRC and/or
5720 * SADB_X_EXT_NEW_ADDRESS_DST when it wants to change
5721 * SA addresses (for example to implement MOBIKE protocol
5722 * as described in RFC4555). Also we allow to change
5723 * NAT-T config.
5724 */
5725 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) ||
5726 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST) ||
5727 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) ||
5728 sav->natt != NULL) {
5729 error = key_updateaddresses(so, m, mhp, sav, &saidx);
5730 key_freesav(&sav);
5731 if (error != 0)
5732 return (key_senderror(so, m, error));
5733 return (0);
5734 }
5735 /* Check that SA is still alive */
5736 SAHTREE_WLOCK();
5737 if (sav->state == SADB_SASTATE_DEAD) {
5738 /* SA was unlinked */
5739 SAHTREE_WUNLOCK();
5740 key_freesav(&sav);
5741 return (key_senderror(so, m, ESRCH));
5742 }
5743 /*
5744 * NOTE: there is possible state moving from DYING to MATURE,
5745 * but this doesn't change created time, so we won't reorder
5746 * this SA.
5747 */
5748 sav->state = SADB_SASTATE_MATURE;
5749 SAHTREE_WUNLOCK();
5750 }
5751 KEYDBG(KEY_STAMP,
5752 printf("%s: SA(%p)\n", __func__, sav));
5753 KEYDBG(KEY_DATA, kdebug_secasv(sav));
5754 ipsec_accel_sa_newkey(sav);
5755 key_freesav(&sav);
5756
5757 {
5758 struct mbuf *n;
5759
5760 /* set msg buf from mhp */
5761 n = key_getmsgbuf_x1(m, mhp);
5762 if (n == NULL) {
5763 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
5764 return key_senderror(so, m, ENOBUFS);
5765 }
5766
5767 m_freem(m);
5768 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5769 }
5770 }
5771
5772 /*
5773 * SADB_ADD processing
5774 * add an entry to SA database, when received
5775 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5776 * key(AE), (identity(SD),) (sensitivity)>
5777 * from the ikmpd,
5778 * and send
5779 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5780 * (identity(SD),) (sensitivity)>
5781 * to the ikmpd.
5782 *
5783 * IGNORE identity and sensitivity messages.
5784 *
5785 * m will always be freed.
5786 */
5787 static int
key_add(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)5788 key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
5789 {
5790 struct secasindex saidx;
5791 struct sadb_address *src0, *dst0;
5792 struct sadb_sa *sa0;
5793 struct secasvar *sav;
5794 uint32_t reqid, spi;
5795 uint8_t mode, proto;
5796 int error;
5797
5798 IPSEC_ASSERT(so != NULL, ("null socket"));
5799 IPSEC_ASSERT(m != NULL, ("null mbuf"));
5800 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
5801 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
5802
5803 /* map satype to proto */
5804 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5805 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
5806 __func__));
5807 return key_senderror(so, m, EINVAL);
5808 }
5809
5810 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) ||
5811 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) ||
5812 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) ||
5813 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && (
5814 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) ||
5815 SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT))) ||
5816 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && (
5817 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH) ||
5818 SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH))) ||
5819 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) &&
5820 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) ||
5821 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) &&
5822 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) {
5823 ipseclog((LOG_DEBUG,
5824 "%s: invalid message: missing required header.\n",
5825 __func__));
5826 return key_senderror(so, m, EINVAL);
5827 }
5828 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) ||
5829 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) ||
5830 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) {
5831 ipseclog((LOG_DEBUG,
5832 "%s: invalid message: wrong header size.\n", __func__));
5833 return key_senderror(so, m, EINVAL);
5834 }
5835 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) {
5836 mode = IPSEC_MODE_ANY;
5837 reqid = 0;
5838 } else {
5839 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) {
5840 ipseclog((LOG_DEBUG,
5841 "%s: invalid message: wrong header size.\n",
5842 __func__));
5843 return key_senderror(so, m, EINVAL);
5844 }
5845 mode = ((struct sadb_x_sa2 *)
5846 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5847 reqid = ((struct sadb_x_sa2 *)
5848 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5849 }
5850
5851 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5852 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
5853 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
5854
5855 /*
5856 * Only SADB_SASTATE_MATURE SAs may be submitted in an
5857 * SADB_ADD message.
5858 */
5859 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) {
5860 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__));
5861 #ifdef PFKEY_STRICT_CHECKS
5862 return key_senderror(so, m, EINVAL);
5863 #endif
5864 }
5865 error = key_checksockaddrs((struct sockaddr *)(src0 + 1),
5866 (struct sockaddr *)(dst0 + 1));
5867 if (error != 0) {
5868 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__));
5869 return key_senderror(so, m, error);
5870 }
5871 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5872 spi = sa0->sadb_sa_spi;
5873 /*
5874 * For TCP-MD5 SAs we don't use SPI. Check the uniqueness using
5875 * secasindex.
5876 * XXXAE: IPComp seems also doesn't use SPI.
5877 */
5878 SPI_ALLOC_LOCK();
5879 if (proto == IPPROTO_TCP) {
5880 sav = key_getsav_tcpmd5(&saidx, &spi);
5881 if (sav == NULL && spi == 0) {
5882 SPI_ALLOC_UNLOCK();
5883 /* Failed to allocate SPI */
5884 ipseclog((LOG_DEBUG, "%s: SA already exists.\n",
5885 __func__));
5886 return key_senderror(so, m, EEXIST);
5887 }
5888 /* XXX: SPI that we report back can have another value */
5889 } else {
5890 /* We can create new SA only if SPI is different. */
5891 sav = key_getsavbyspi(spi);
5892 }
5893 if (sav != NULL) {
5894 SPI_ALLOC_UNLOCK();
5895 key_freesav(&sav);
5896 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__));
5897 return key_senderror(so, m, EEXIST);
5898 }
5899
5900 sav = key_newsav(mhp, &saidx, spi, &error);
5901 SPI_ALLOC_UNLOCK();
5902 if (sav == NULL)
5903 return key_senderror(so, m, error);
5904 KEYDBG(KEY_STAMP,
5905 printf("%s: return SA(%p)\n", __func__, sav));
5906 KEYDBG(KEY_DATA, kdebug_secasv(sav));
5907 ipsec_accel_sa_newkey(sav);
5908 /*
5909 * If SADB_ADD was in response to SADB_ACQUIRE, we need to schedule
5910 * ACQ for deletion.
5911 */
5912 if (sav->seq != 0)
5913 key_acqdone(&saidx, sav->seq);
5914
5915 {
5916 /*
5917 * Don't call key_freesav() on error here, as we would like to
5918 * keep the SA in the database.
5919 */
5920 struct mbuf *n;
5921
5922 /* set msg buf from mhp */
5923 n = key_getmsgbuf_x1(m, mhp);
5924 if (n == NULL) {
5925 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
5926 return key_senderror(so, m, ENOBUFS);
5927 }
5928
5929 m_freem(m);
5930 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5931 }
5932 }
5933
5934 /*
5935 * NAT-T support.
5936 * IKEd may request the use ESP in UDP encapsulation when it detects the
5937 * presence of NAT. It uses NAT-T extension headers for such SAs to specify
5938 * parameters needed for encapsulation and decapsulation. These PF_KEY
5939 * extension headers are not standardized, so this comment addresses our
5940 * implementation.
5941 * SADB_X_EXT_NAT_T_TYPE specifies type of encapsulation, we support only
5942 * UDP_ENCAP_ESPINUDP as described in RFC3948.
5943 * SADB_X_EXT_NAT_T_SPORT/DPORT specifies source and destination ports for
5944 * UDP header. We use these ports in UDP encapsulation procedure, also we
5945 * can check them in UDP decapsulation procedure.
5946 * SADB_X_EXT_NAT_T_OA[IR] specifies original address of initiator or
5947 * responder. These addresses can be used for transport mode to adjust
5948 * checksum after decapsulation and decryption. Since original IP addresses
5949 * used by peer usually different (we detected presence of NAT), TCP/UDP
5950 * pseudo header checksum and IP header checksum was calculated using original
5951 * addresses. After decapsulation and decryption we need to adjust checksum
5952 * to have correct datagram.
5953 *
5954 * We expect presence of NAT-T extension headers only in SADB_ADD and
5955 * SADB_UPDATE messages. We report NAT-T extension headers in replies
5956 * to SADB_ADD, SADB_UPDATE, SADB_GET, and SADB_DUMP messages.
5957 */
5958 static int
key_setnatt(struct secasvar * sav,const struct sadb_msghdr * mhp)5959 key_setnatt(struct secasvar *sav, const struct sadb_msghdr *mhp)
5960 {
5961 struct sadb_x_nat_t_port *port;
5962 struct sadb_x_nat_t_type *type;
5963 struct sadb_address *oai, *oar;
5964 struct sockaddr *sa;
5965 uint32_t addr;
5966 uint16_t cksum;
5967 int i;
5968
5969 IPSEC_ASSERT(sav->natt == NULL, ("natt is already initialized"));
5970 /*
5971 * Ignore NAT-T headers if sproto isn't ESP.
5972 */
5973 if (sav->sah->saidx.proto != IPPROTO_ESP)
5974 return (0);
5975
5976 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) &&
5977 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) &&
5978 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) {
5979 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_TYPE) ||
5980 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_SPORT) ||
5981 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_DPORT)) {
5982 ipseclog((LOG_DEBUG,
5983 "%s: invalid message: wrong header size.\n",
5984 __func__));
5985 return (EINVAL);
5986 }
5987 } else
5988 return (0);
5989
5990 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE];
5991 if (type->sadb_x_nat_t_type_type != UDP_ENCAP_ESPINUDP) {
5992 ipseclog((LOG_DEBUG, "%s: unsupported NAT-T type %u.\n",
5993 __func__, type->sadb_x_nat_t_type_type));
5994 return (EINVAL);
5995 }
5996 /*
5997 * Allocate storage for NAT-T config.
5998 * On error it will be released by key_cleansav().
5999 */
6000 sav->natt = malloc(sizeof(struct secnatt), M_IPSEC_MISC,
6001 M_NOWAIT | M_ZERO);
6002 if (sav->natt == NULL) {
6003 PFKEYSTAT_INC(in_nomem);
6004 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
6005 return (ENOBUFS);
6006 }
6007 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT];
6008 if (port->sadb_x_nat_t_port_port == 0) {
6009 ipseclog((LOG_DEBUG, "%s: invalid NAT-T sport specified.\n",
6010 __func__));
6011 return (EINVAL);
6012 }
6013 sav->natt->sport = port->sadb_x_nat_t_port_port;
6014 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT];
6015 if (port->sadb_x_nat_t_port_port == 0) {
6016 ipseclog((LOG_DEBUG, "%s: invalid NAT-T dport specified.\n",
6017 __func__));
6018 return (EINVAL);
6019 }
6020 sav->natt->dport = port->sadb_x_nat_t_port_port;
6021
6022 /*
6023 * SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR are optional
6024 * and needed only for transport mode IPsec.
6025 * Usually NAT translates only one address, but it is possible,
6026 * that both addresses could be translated.
6027 * NOTE: Value of SADB_X_EXT_NAT_T_OAI is equal to SADB_X_EXT_NAT_T_OA.
6028 */
6029 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAI)) {
6030 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAI)) {
6031 ipseclog((LOG_DEBUG,
6032 "%s: invalid message: wrong header size.\n",
6033 __func__));
6034 return (EINVAL);
6035 }
6036 oai = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI];
6037 } else
6038 oai = NULL;
6039 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAR)) {
6040 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAR)) {
6041 ipseclog((LOG_DEBUG,
6042 "%s: invalid message: wrong header size.\n",
6043 __func__));
6044 return (EINVAL);
6045 }
6046 oar = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR];
6047 } else
6048 oar = NULL;
6049
6050 /* Initialize addresses only for transport mode */
6051 if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) {
6052 cksum = 0;
6053 if (oai != NULL) {
6054 sa = (struct sockaddr *)(oai + 1);
6055 switch (sa->sa_family) {
6056 #ifdef AF_INET
6057 case AF_INET:
6058 if (sa->sa_len != sizeof(struct sockaddr_in)) {
6059 ipseclog((LOG_DEBUG,
6060 "%s: wrong NAT-OAi header.\n",
6061 __func__));
6062 return (EINVAL);
6063 }
6064 /* Ignore address if it the same */
6065 if (((struct sockaddr_in *)sa)->sin_addr.s_addr !=
6066 sav->sah->saidx.src.sin.sin_addr.s_addr) {
6067 bcopy(sa, &sav->natt->oai.sa, sa->sa_len);
6068 sav->natt->flags |= IPSEC_NATT_F_OAI;
6069 /* Calculate checksum delta */
6070 addr = sav->sah->saidx.src.sin.sin_addr.s_addr;
6071 cksum = in_addword(cksum, ~addr >> 16);
6072 cksum = in_addword(cksum, ~addr & 0xffff);
6073 addr = sav->natt->oai.sin.sin_addr.s_addr;
6074 cksum = in_addword(cksum, addr >> 16);
6075 cksum = in_addword(cksum, addr & 0xffff);
6076 }
6077 break;
6078 #endif
6079 #ifdef AF_INET6
6080 case AF_INET6:
6081 if (sa->sa_len != sizeof(struct sockaddr_in6)) {
6082 ipseclog((LOG_DEBUG,
6083 "%s: wrong NAT-OAi header.\n",
6084 __func__));
6085 return (EINVAL);
6086 }
6087 /* Ignore address if it the same */
6088 if (memcmp(&((struct sockaddr_in6 *)sa)->sin6_addr.s6_addr,
6089 &sav->sah->saidx.src.sin6.sin6_addr.s6_addr,
6090 sizeof(struct in6_addr)) != 0) {
6091 bcopy(sa, &sav->natt->oai.sa, sa->sa_len);
6092 sav->natt->flags |= IPSEC_NATT_F_OAI;
6093 /* Calculate checksum delta */
6094 for (i = 0; i < 8; i++) {
6095 cksum = in_addword(cksum,
6096 ~sav->sah->saidx.src.sin6.sin6_addr.s6_addr16[i]);
6097 cksum = in_addword(cksum,
6098 sav->natt->oai.sin6.sin6_addr.s6_addr16[i]);
6099 }
6100 }
6101 break;
6102 #endif
6103 default:
6104 ipseclog((LOG_DEBUG,
6105 "%s: wrong NAT-OAi header.\n",
6106 __func__));
6107 return (EINVAL);
6108 }
6109 }
6110 if (oar != NULL) {
6111 sa = (struct sockaddr *)(oar + 1);
6112 switch (sa->sa_family) {
6113 #ifdef AF_INET
6114 case AF_INET:
6115 if (sa->sa_len != sizeof(struct sockaddr_in)) {
6116 ipseclog((LOG_DEBUG,
6117 "%s: wrong NAT-OAr header.\n",
6118 __func__));
6119 return (EINVAL);
6120 }
6121 /* Ignore address if it the same */
6122 if (((struct sockaddr_in *)sa)->sin_addr.s_addr !=
6123 sav->sah->saidx.dst.sin.sin_addr.s_addr) {
6124 bcopy(sa, &sav->natt->oar.sa, sa->sa_len);
6125 sav->natt->flags |= IPSEC_NATT_F_OAR;
6126 /* Calculate checksum delta */
6127 addr = sav->sah->saidx.dst.sin.sin_addr.s_addr;
6128 cksum = in_addword(cksum, ~addr >> 16);
6129 cksum = in_addword(cksum, ~addr & 0xffff);
6130 addr = sav->natt->oar.sin.sin_addr.s_addr;
6131 cksum = in_addword(cksum, addr >> 16);
6132 cksum = in_addword(cksum, addr & 0xffff);
6133 }
6134 break;
6135 #endif
6136 #ifdef AF_INET6
6137 case AF_INET6:
6138 if (sa->sa_len != sizeof(struct sockaddr_in6)) {
6139 ipseclog((LOG_DEBUG,
6140 "%s: wrong NAT-OAr header.\n",
6141 __func__));
6142 return (EINVAL);
6143 }
6144 /* Ignore address if it the same */
6145 if (memcmp(&((struct sockaddr_in6 *)sa)->sin6_addr.s6_addr,
6146 &sav->sah->saidx.dst.sin6.sin6_addr.s6_addr, 16) != 0) {
6147 bcopy(sa, &sav->natt->oar.sa, sa->sa_len);
6148 sav->natt->flags |= IPSEC_NATT_F_OAR;
6149 /* Calculate checksum delta */
6150 for (i = 0; i < 8; i++) {
6151 cksum = in_addword(cksum,
6152 ~sav->sah->saidx.dst.sin6.sin6_addr.s6_addr16[i]);
6153 cksum = in_addword(cksum,
6154 sav->natt->oar.sin6.sin6_addr.s6_addr16[i]);
6155 }
6156 }
6157 break;
6158 #endif
6159 default:
6160 ipseclog((LOG_DEBUG,
6161 "%s: wrong NAT-OAr header.\n",
6162 __func__));
6163 return (EINVAL);
6164 }
6165 }
6166 sav->natt->cksum = cksum;
6167 }
6168 return (0);
6169 }
6170
6171 static int
key_setident(struct secashead * sah,const struct sadb_msghdr * mhp)6172 key_setident(struct secashead *sah, const struct sadb_msghdr *mhp)
6173 {
6174 const struct sadb_ident *idsrc, *iddst;
6175
6176 IPSEC_ASSERT(sah != NULL, ("null secashead"));
6177 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
6178 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
6179
6180 /* don't make buffer if not there */
6181 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) &&
6182 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) {
6183 sah->idents = NULL;
6184 sah->identd = NULL;
6185 return (0);
6186 }
6187
6188 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) ||
6189 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) {
6190 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__));
6191 return (EINVAL);
6192 }
6193
6194 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC];
6195 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST];
6196
6197 /* validity check */
6198 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
6199 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__));
6200 return EINVAL;
6201 }
6202
6203 switch (idsrc->sadb_ident_type) {
6204 case SADB_IDENTTYPE_PREFIX:
6205 case SADB_IDENTTYPE_FQDN:
6206 case SADB_IDENTTYPE_USERFQDN:
6207 default:
6208 /* XXX do nothing */
6209 sah->idents = NULL;
6210 sah->identd = NULL;
6211 return 0;
6212 }
6213
6214 /* make structure */
6215 sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT);
6216 if (sah->idents == NULL) {
6217 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
6218 return ENOBUFS;
6219 }
6220 sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT);
6221 if (sah->identd == NULL) {
6222 free(sah->idents, M_IPSEC_MISC);
6223 sah->idents = NULL;
6224 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
6225 return ENOBUFS;
6226 }
6227 sah->idents->type = idsrc->sadb_ident_type;
6228 sah->idents->id = idsrc->sadb_ident_id;
6229
6230 sah->identd->type = iddst->sadb_ident_type;
6231 sah->identd->id = iddst->sadb_ident_id;
6232
6233 return 0;
6234 }
6235
6236 /*
6237 * m will not be freed on return.
6238 * it is caller's responsibility to free the result.
6239 *
6240 * Called from SADB_ADD and SADB_UPDATE. Reply will contain headers
6241 * from the request in defined order.
6242 */
6243 static struct mbuf *
key_getmsgbuf_x1(struct mbuf * m,const struct sadb_msghdr * mhp)6244 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp)
6245 {
6246 struct mbuf *n;
6247
6248 IPSEC_ASSERT(m != NULL, ("null mbuf"));
6249 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
6250 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
6251
6252 /* create new sadb_msg to reply. */
6253 n = key_gather_mbuf(m, mhp, 1, 16, SADB_EXT_RESERVED,
6254 SADB_EXT_SA, SADB_X_EXT_SA2,
6255 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
6256 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
6257 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST,
6258 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT,
6259 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI,
6260 SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NEW_ADDRESS_SRC,
6261 SADB_X_EXT_NEW_ADDRESS_DST);
6262 if (!n)
6263 return NULL;
6264
6265 if (n->m_len < sizeof(struct sadb_msg)) {
6266 n = m_pullup(n, sizeof(struct sadb_msg));
6267 if (n == NULL)
6268 return NULL;
6269 }
6270 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
6271 mtod(n, struct sadb_msg *)->sadb_msg_len =
6272 PFKEY_UNIT64(n->m_pkthdr.len);
6273
6274 return n;
6275 }
6276
6277 /*
6278 * SADB_DELETE processing
6279 * receive
6280 * <base, SA(*), address(SD)>
6281 * from the ikmpd, and set SADB_SASTATE_DEAD,
6282 * and send,
6283 * <base, SA(*), address(SD)>
6284 * to the ikmpd.
6285 *
6286 * m will always be freed.
6287 */
6288 static int
key_delete(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)6289 key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
6290 {
6291 struct secasindex saidx;
6292 struct sadb_address *src0, *dst0;
6293 struct secasvar *sav;
6294 struct sadb_sa *sa0;
6295 uint8_t proto;
6296
6297 IPSEC_ASSERT(so != NULL, ("null socket"));
6298 IPSEC_ASSERT(m != NULL, ("null mbuf"));
6299 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
6300 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
6301
6302 /* map satype to proto */
6303 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6304 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
6305 __func__));
6306 return key_senderror(so, m, EINVAL);
6307 }
6308
6309 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) ||
6310 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) ||
6311 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) ||
6312 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) {
6313 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
6314 __func__));
6315 return key_senderror(so, m, EINVAL);
6316 }
6317
6318 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
6319 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
6320
6321 if (key_checksockaddrs((struct sockaddr *)(src0 + 1),
6322 (struct sockaddr *)(dst0 + 1)) != 0) {
6323 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__));
6324 return (key_senderror(so, m, EINVAL));
6325 }
6326 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
6327 if (SADB_CHECKHDR(mhp, SADB_EXT_SA)) {
6328 /*
6329 * Caller wants us to delete all non-LARVAL SAs
6330 * that match the src/dst. This is used during
6331 * IKE INITIAL-CONTACT.
6332 * XXXAE: this looks like some extension to RFC2367.
6333 */
6334 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__));
6335 return (key_delete_all(so, m, mhp, &saidx));
6336 }
6337 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) {
6338 ipseclog((LOG_DEBUG,
6339 "%s: invalid message: wrong header size.\n", __func__));
6340 return (key_senderror(so, m, EINVAL));
6341 }
6342 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
6343 SPI_ALLOC_LOCK();
6344 if (proto == IPPROTO_TCP)
6345 sav = key_getsav_tcpmd5(&saidx, NULL);
6346 else
6347 sav = key_getsavbyspi(sa0->sadb_sa_spi);
6348 SPI_ALLOC_UNLOCK();
6349 if (sav == NULL) {
6350 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u.\n",
6351 __func__, ntohl(sa0->sadb_sa_spi)));
6352 return (key_senderror(so, m, ESRCH));
6353 }
6354 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) {
6355 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n",
6356 __func__, ntohl(sav->spi)));
6357 key_freesav(&sav);
6358 return (key_senderror(so, m, ESRCH));
6359 }
6360 KEYDBG(KEY_STAMP,
6361 printf("%s: SA(%p)\n", __func__, sav));
6362 KEYDBG(KEY_DATA, kdebug_secasv(sav));
6363 key_unlinksav(sav);
6364 key_freesav(&sav);
6365
6366 {
6367 struct mbuf *n;
6368 struct sadb_msg *newmsg;
6369
6370 /* create new sadb_msg to reply. */
6371 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
6372 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
6373 if (!n)
6374 return key_senderror(so, m, ENOBUFS);
6375
6376 if (n->m_len < sizeof(struct sadb_msg)) {
6377 n = m_pullup(n, sizeof(struct sadb_msg));
6378 if (n == NULL)
6379 return key_senderror(so, m, ENOBUFS);
6380 }
6381 newmsg = mtod(n, struct sadb_msg *);
6382 newmsg->sadb_msg_errno = 0;
6383 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
6384
6385 m_freem(m);
6386 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
6387 }
6388 }
6389
6390 /*
6391 * delete all SAs for src/dst. Called from key_delete().
6392 */
6393 static int
key_delete_all(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp,struct secasindex * saidx)6394 key_delete_all(struct socket *so, struct mbuf *m,
6395 const struct sadb_msghdr *mhp, struct secasindex *saidx)
6396 {
6397 struct secasvar_queue drainq;
6398 struct secashead *sah;
6399 struct secasvar *sav, *nextsav;
6400
6401 TAILQ_INIT(&drainq);
6402 SAHTREE_WLOCK();
6403 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) {
6404 if (key_cmpsaidx(&sah->saidx, saidx, CMP_HEAD) == 0)
6405 continue;
6406 /* Move all ALIVE SAs into drainq */
6407 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain);
6408 }
6409 /* Unlink all queued SAs from SPI hash */
6410 TAILQ_FOREACH(sav, &drainq, chain) {
6411 sav->state = SADB_SASTATE_DEAD;
6412 ipsec_accel_forget_sav(sav);
6413 LIST_REMOVE(sav, spihash);
6414 }
6415 SAHTREE_WUNLOCK();
6416 /* Now we can release reference for all SAs in drainq */
6417 sav = TAILQ_FIRST(&drainq);
6418 while (sav != NULL) {
6419 KEYDBG(KEY_STAMP,
6420 printf("%s: SA(%p)\n", __func__, sav));
6421 KEYDBG(KEY_DATA, kdebug_secasv(sav));
6422 nextsav = TAILQ_NEXT(sav, chain);
6423 key_freesah(&sav->sah); /* release reference from SAV */
6424 key_freesav(&sav); /* release last reference */
6425 sav = nextsav;
6426 }
6427
6428 {
6429 struct mbuf *n;
6430 struct sadb_msg *newmsg;
6431
6432 /* create new sadb_msg to reply. */
6433 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED,
6434 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
6435 if (!n)
6436 return key_senderror(so, m, ENOBUFS);
6437
6438 if (n->m_len < sizeof(struct sadb_msg)) {
6439 n = m_pullup(n, sizeof(struct sadb_msg));
6440 if (n == NULL)
6441 return key_senderror(so, m, ENOBUFS);
6442 }
6443 newmsg = mtod(n, struct sadb_msg *);
6444 newmsg->sadb_msg_errno = 0;
6445 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
6446
6447 m_freem(m);
6448 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
6449 }
6450 }
6451
6452 /*
6453 * Delete all alive SAs for corresponding xform.
6454 * Larval SAs have not initialized tdb_xform, so it is safe to leave them
6455 * here when xform disappears.
6456 */
6457 void
key_delete_xform(const struct xformsw * xsp)6458 key_delete_xform(const struct xformsw *xsp)
6459 {
6460 struct secasvar_queue drainq;
6461 struct secashead *sah;
6462 struct secasvar *sav, *nextsav;
6463
6464 TAILQ_INIT(&drainq);
6465 SAHTREE_WLOCK();
6466 TAILQ_FOREACH(sah, &V_sahtree, chain) {
6467 sav = TAILQ_FIRST(&sah->savtree_alive);
6468 if (sav == NULL)
6469 continue;
6470 if (sav->tdb_xform != xsp)
6471 continue;
6472 /*
6473 * It is supposed that all SAs in the chain are related to
6474 * one xform.
6475 */
6476 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain);
6477 }
6478 /* Unlink all queued SAs from SPI hash */
6479 TAILQ_FOREACH(sav, &drainq, chain) {
6480 sav->state = SADB_SASTATE_DEAD;
6481 ipsec_accel_forget_sav(sav);
6482 LIST_REMOVE(sav, spihash);
6483 }
6484 SAHTREE_WUNLOCK();
6485
6486 /* Now we can release reference for all SAs in drainq */
6487 sav = TAILQ_FIRST(&drainq);
6488 while (sav != NULL) {
6489 KEYDBG(KEY_STAMP,
6490 printf("%s: SA(%p)\n", __func__, sav));
6491 KEYDBG(KEY_DATA, kdebug_secasv(sav));
6492 nextsav = TAILQ_NEXT(sav, chain);
6493 key_freesah(&sav->sah); /* release reference from SAV */
6494 key_freesav(&sav); /* release last reference */
6495 sav = nextsav;
6496 }
6497 }
6498
6499 /*
6500 * SADB_GET processing
6501 * receive
6502 * <base, SA(*), address(SD)>
6503 * from the ikmpd, and get a SP and a SA to respond,
6504 * and send,
6505 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
6506 * (identity(SD),) (sensitivity)>
6507 * to the ikmpd.
6508 *
6509 * m will always be freed.
6510 */
6511 static int
key_get(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)6512 key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
6513 {
6514 struct secasindex saidx;
6515 struct sadb_address *src0, *dst0;
6516 struct sadb_sa *sa0;
6517 struct secasvar *sav;
6518 uint8_t proto;
6519
6520 IPSEC_ASSERT(so != NULL, ("null socket"));
6521 IPSEC_ASSERT(m != NULL, ("null mbuf"));
6522 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
6523 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
6524
6525 /* map satype to proto */
6526 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6527 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
6528 __func__));
6529 return key_senderror(so, m, EINVAL);
6530 }
6531
6532 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) ||
6533 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) ||
6534 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST)) {
6535 ipseclog((LOG_DEBUG,
6536 "%s: invalid message: missing required header.\n",
6537 __func__));
6538 return key_senderror(so, m, EINVAL);
6539 }
6540 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) ||
6541 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) ||
6542 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) {
6543 ipseclog((LOG_DEBUG,
6544 "%s: invalid message: wrong header size.\n", __func__));
6545 return key_senderror(so, m, EINVAL);
6546 }
6547
6548 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
6549 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
6550 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
6551
6552 if (key_checksockaddrs((struct sockaddr *)(src0 + 1),
6553 (struct sockaddr *)(dst0 + 1)) != 0) {
6554 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__));
6555 return key_senderror(so, m, EINVAL);
6556 }
6557 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
6558
6559 SPI_ALLOC_LOCK();
6560 if (proto == IPPROTO_TCP)
6561 sav = key_getsav_tcpmd5(&saidx, NULL);
6562 else
6563 sav = key_getsavbyspi(sa0->sadb_sa_spi);
6564 SPI_ALLOC_UNLOCK();
6565 if (sav == NULL) {
6566 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__));
6567 return key_senderror(so, m, ESRCH);
6568 }
6569 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) {
6570 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n",
6571 __func__, ntohl(sa0->sadb_sa_spi)));
6572 key_freesav(&sav);
6573 return (key_senderror(so, m, ESRCH));
6574 }
6575
6576 {
6577 struct mbuf *n;
6578 uint8_t satype;
6579
6580 /* map proto to satype */
6581 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) {
6582 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n",
6583 __func__));
6584 key_freesav(&sav);
6585 return key_senderror(so, m, EINVAL);
6586 }
6587
6588 /* create new sadb_msg to reply. */
6589 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
6590 mhp->msg->sadb_msg_pid, NULL);
6591
6592 key_freesav(&sav);
6593 if (!n)
6594 return key_senderror(so, m, ENOBUFS);
6595
6596 m_freem(m);
6597 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
6598 }
6599 }
6600
6601 /* XXX make it sysctl-configurable? */
6602 static void
key_getcomb_setlifetime(struct sadb_comb * comb)6603 key_getcomb_setlifetime(struct sadb_comb *comb)
6604 {
6605
6606 comb->sadb_comb_soft_allocations = 1;
6607 comb->sadb_comb_hard_allocations = 1;
6608 comb->sadb_comb_soft_bytes = 0;
6609 comb->sadb_comb_hard_bytes = 0;
6610 comb->sadb_comb_hard_addtime = 86400; /* 1 day */
6611 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100;
6612 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */
6613 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
6614 }
6615
6616 /*
6617 * XXX reorder combinations by preference
6618 * XXX no idea if the user wants ESP authentication or not
6619 */
6620 static struct mbuf *
key_getcomb_ealg(void)6621 key_getcomb_ealg(void)
6622 {
6623 struct sadb_comb *comb;
6624 const struct enc_xform *algo;
6625 struct mbuf *result = NULL, *m, *n;
6626 int encmin;
6627 int i, off, o;
6628 int totlen;
6629 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6630
6631 m = NULL;
6632 for (i = 1; i <= SADB_EALG_MAX; i++) {
6633 algo = enc_algorithm_lookup(i);
6634 if (algo == NULL)
6635 continue;
6636
6637 /* discard algorithms with key size smaller than system min */
6638 if (_BITS(algo->maxkey) < V_ipsec_esp_keymin)
6639 continue;
6640 if (_BITS(algo->minkey) < V_ipsec_esp_keymin)
6641 encmin = V_ipsec_esp_keymin;
6642 else
6643 encmin = _BITS(algo->minkey);
6644
6645 if (V_ipsec_esp_auth)
6646 m = key_getcomb_ah();
6647 else {
6648 IPSEC_ASSERT(l <= MLEN,
6649 ("l=%u > MLEN=%lu", l, (u_long) MLEN));
6650 MGET(m, M_NOWAIT, MT_DATA);
6651 if (m) {
6652 M_ALIGN(m, l);
6653 m->m_len = l;
6654 m->m_next = NULL;
6655 bzero(mtod(m, caddr_t), m->m_len);
6656 }
6657 }
6658 if (!m)
6659 goto fail;
6660
6661 totlen = 0;
6662 for (n = m; n; n = n->m_next)
6663 totlen += n->m_len;
6664 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l));
6665
6666 for (off = 0; off < totlen; off += l) {
6667 n = m_pulldown(m, off, l, &o);
6668 if (!n) {
6669 /* m is already freed */
6670 goto fail;
6671 }
6672 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o);
6673 bzero(comb, sizeof(*comb));
6674 key_getcomb_setlifetime(comb);
6675 comb->sadb_comb_encrypt = i;
6676 comb->sadb_comb_encrypt_minbits = encmin;
6677 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey);
6678 }
6679
6680 if (!result)
6681 result = m;
6682 else
6683 m_cat(result, m);
6684 }
6685
6686 return result;
6687
6688 fail:
6689 if (result)
6690 m_freem(result);
6691 return NULL;
6692 }
6693
6694 static void
key_getsizes_ah(const struct auth_hash * ah,int alg,u_int16_t * min,u_int16_t * max)6695 key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min,
6696 u_int16_t* max)
6697 {
6698
6699 *min = *max = ah->hashsize;
6700 if (ah->keysize == 0) {
6701 /*
6702 * Transform takes arbitrary key size but algorithm
6703 * key size is restricted. Enforce this here.
6704 */
6705 switch (alg) {
6706 case SADB_X_AALG_NULL: *min = 1; *max = 256; break;
6707 case SADB_X_AALG_SHA2_256: *min = *max = 32; break;
6708 case SADB_X_AALG_SHA2_384: *min = *max = 48; break;
6709 case SADB_X_AALG_SHA2_512: *min = *max = 64; break;
6710 default:
6711 DPRINTF(("%s: unknown AH algorithm %u\n",
6712 __func__, alg));
6713 break;
6714 }
6715 }
6716 }
6717
6718 /*
6719 * XXX reorder combinations by preference
6720 */
6721 static struct mbuf *
key_getcomb_ah(void)6722 key_getcomb_ah(void)
6723 {
6724 const struct auth_hash *algo;
6725 struct sadb_comb *comb;
6726 struct mbuf *m;
6727 u_int16_t minkeysize, maxkeysize;
6728 int i;
6729 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6730
6731 m = NULL;
6732 for (i = 1; i <= SADB_AALG_MAX; i++) {
6733 #if 1
6734 /* we prefer HMAC algorithms, not old algorithms */
6735 if (i != SADB_AALG_SHA1HMAC &&
6736 i != SADB_X_AALG_SHA2_256 &&
6737 i != SADB_X_AALG_SHA2_384 &&
6738 i != SADB_X_AALG_SHA2_512)
6739 continue;
6740 #endif
6741 algo = auth_algorithm_lookup(i);
6742 if (!algo)
6743 continue;
6744 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize);
6745 /* discard algorithms with key size smaller than system min */
6746 if (_BITS(minkeysize) < V_ipsec_ah_keymin)
6747 continue;
6748
6749 if (!m) {
6750 IPSEC_ASSERT(l <= MLEN,
6751 ("l=%u > MLEN=%lu", l, (u_long) MLEN));
6752 MGET(m, M_NOWAIT, MT_DATA);
6753 if (m) {
6754 M_ALIGN(m, l);
6755 m->m_len = l;
6756 m->m_next = NULL;
6757 }
6758 } else
6759 M_PREPEND(m, l, M_NOWAIT);
6760 if (!m)
6761 return NULL;
6762
6763 comb = mtod(m, struct sadb_comb *);
6764 bzero(comb, sizeof(*comb));
6765 key_getcomb_setlifetime(comb);
6766 comb->sadb_comb_auth = i;
6767 comb->sadb_comb_auth_minbits = _BITS(minkeysize);
6768 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize);
6769 }
6770
6771 return m;
6772 }
6773
6774 /*
6775 * not really an official behavior. discussed in pf_key@inner.net in Sep2000.
6776 * XXX reorder combinations by preference
6777 */
6778 static struct mbuf *
key_getcomb_ipcomp(void)6779 key_getcomb_ipcomp(void)
6780 {
6781 const struct comp_algo *algo;
6782 struct sadb_comb *comb;
6783 struct mbuf *m;
6784 int i;
6785 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6786
6787 m = NULL;
6788 for (i = 1; i <= SADB_X_CALG_MAX; i++) {
6789 algo = comp_algorithm_lookup(i);
6790 if (!algo)
6791 continue;
6792
6793 if (!m) {
6794 IPSEC_ASSERT(l <= MLEN,
6795 ("l=%u > MLEN=%lu", l, (u_long) MLEN));
6796 MGET(m, M_NOWAIT, MT_DATA);
6797 if (m) {
6798 M_ALIGN(m, l);
6799 m->m_len = l;
6800 m->m_next = NULL;
6801 }
6802 } else
6803 M_PREPEND(m, l, M_NOWAIT);
6804 if (!m)
6805 return NULL;
6806
6807 comb = mtod(m, struct sadb_comb *);
6808 bzero(comb, sizeof(*comb));
6809 key_getcomb_setlifetime(comb);
6810 comb->sadb_comb_encrypt = i;
6811 /* what should we set into sadb_comb_*_{min,max}bits? */
6812 }
6813
6814 return m;
6815 }
6816
6817 /*
6818 * XXX no way to pass mode (transport/tunnel) to userland
6819 * XXX replay checking?
6820 * XXX sysctl interface to ipsec_{ah,esp}_keymin
6821 */
6822 static struct mbuf *
key_getprop(const struct secasindex * saidx)6823 key_getprop(const struct secasindex *saidx)
6824 {
6825 struct sadb_prop *prop;
6826 struct mbuf *m, *n;
6827 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
6828 int totlen;
6829
6830 switch (saidx->proto) {
6831 case IPPROTO_ESP:
6832 m = key_getcomb_ealg();
6833 break;
6834 case IPPROTO_AH:
6835 m = key_getcomb_ah();
6836 break;
6837 case IPPROTO_IPCOMP:
6838 m = key_getcomb_ipcomp();
6839 break;
6840 default:
6841 return NULL;
6842 }
6843
6844 if (!m)
6845 return NULL;
6846 M_PREPEND(m, l, M_NOWAIT);
6847 if (!m)
6848 return NULL;
6849
6850 totlen = 0;
6851 for (n = m; n; n = n->m_next)
6852 totlen += n->m_len;
6853
6854 prop = mtod(m, struct sadb_prop *);
6855 bzero(prop, sizeof(*prop));
6856 prop->sadb_prop_len = PFKEY_UNIT64(totlen);
6857 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
6858 prop->sadb_prop_replay = 32; /* XXX */
6859
6860 return m;
6861 }
6862
6863 /*
6864 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
6865 * send
6866 * <base, SA, address(SD), (address(P)), x_policy,
6867 * (identity(SD),) (sensitivity,) proposal>
6868 * to KMD, and expect to receive
6869 * <base> with SADB_ACQUIRE if error occurred,
6870 * or
6871 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
6872 * from KMD by PF_KEY.
6873 *
6874 * XXX x_policy is outside of RFC2367 (KAME extension).
6875 * XXX sensitivity is not supported.
6876 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
6877 * see comment for key_getcomb_ipcomp().
6878 *
6879 * OUT:
6880 * 0 : succeed
6881 * others: error number
6882 */
6883 static int
key_acquire(const struct secasindex * saidx,struct secpolicy * sp)6884 key_acquire(const struct secasindex *saidx, struct secpolicy *sp)
6885 {
6886 union sockaddr_union addr;
6887 struct mbuf *result, *m;
6888 uint32_t seq;
6889 int error;
6890 uint16_t ul_proto;
6891 uint8_t mask, satype;
6892
6893 IPSEC_ASSERT(saidx != NULL, ("null saidx"));
6894 satype = key_proto2satype(saidx->proto);
6895 IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto));
6896
6897 error = -1;
6898 result = NULL;
6899 ul_proto = IPSEC_ULPROTO_ANY;
6900
6901 /* Get seq number to check whether sending message or not. */
6902 seq = key_getacq(saidx, &error);
6903 if (seq == 0)
6904 return (error);
6905
6906 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
6907 if (!m) {
6908 error = ENOBUFS;
6909 goto fail;
6910 }
6911 result = m;
6912
6913 /*
6914 * set sadb_address for saidx's.
6915 *
6916 * Note that if sp is supplied, then we're being called from
6917 * key_allocsa_policy() and should supply port and protocol
6918 * information.
6919 * XXXAE: why only TCP and UDP? ICMP and SCTP looks applicable too.
6920 * XXXAE: probably we can handle this in the ipsec[46]_allocsa().
6921 * XXXAE: it looks like we should save this info in the ACQ entry.
6922 */
6923 if (sp != NULL && (sp->spidx.ul_proto == IPPROTO_TCP ||
6924 sp->spidx.ul_proto == IPPROTO_UDP))
6925 ul_proto = sp->spidx.ul_proto;
6926
6927 addr = saidx->src;
6928 mask = FULLMASK;
6929 if (ul_proto != IPSEC_ULPROTO_ANY) {
6930 switch (sp->spidx.src.sa.sa_family) {
6931 case AF_INET:
6932 if (sp->spidx.src.sin.sin_port != IPSEC_PORT_ANY) {
6933 addr.sin.sin_port = sp->spidx.src.sin.sin_port;
6934 mask = sp->spidx.prefs;
6935 }
6936 break;
6937 case AF_INET6:
6938 if (sp->spidx.src.sin6.sin6_port != IPSEC_PORT_ANY) {
6939 addr.sin6.sin6_port =
6940 sp->spidx.src.sin6.sin6_port;
6941 mask = sp->spidx.prefs;
6942 }
6943 break;
6944 default:
6945 break;
6946 }
6947 }
6948 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &addr.sa, mask, ul_proto);
6949 if (!m) {
6950 error = ENOBUFS;
6951 goto fail;
6952 }
6953 m_cat(result, m);
6954
6955 addr = saidx->dst;
6956 mask = FULLMASK;
6957 if (ul_proto != IPSEC_ULPROTO_ANY) {
6958 switch (sp->spidx.dst.sa.sa_family) {
6959 case AF_INET:
6960 if (sp->spidx.dst.sin.sin_port != IPSEC_PORT_ANY) {
6961 addr.sin.sin_port = sp->spidx.dst.sin.sin_port;
6962 mask = sp->spidx.prefd;
6963 }
6964 break;
6965 case AF_INET6:
6966 if (sp->spidx.dst.sin6.sin6_port != IPSEC_PORT_ANY) {
6967 addr.sin6.sin6_port =
6968 sp->spidx.dst.sin6.sin6_port;
6969 mask = sp->spidx.prefd;
6970 }
6971 break;
6972 default:
6973 break;
6974 }
6975 }
6976 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &addr.sa, mask, ul_proto);
6977 if (!m) {
6978 error = ENOBUFS;
6979 goto fail;
6980 }
6981 m_cat(result, m);
6982
6983 /* XXX proxy address (optional) */
6984
6985 /*
6986 * Set sadb_x_policy. This is KAME extension to RFC2367.
6987 */
6988 if (sp != NULL) {
6989 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id,
6990 sp->priority);
6991 if (!m) {
6992 error = ENOBUFS;
6993 goto fail;
6994 }
6995 m_cat(result, m);
6996 }
6997
6998 /*
6999 * Set sadb_x_sa2 extension if saidx->reqid is not zero.
7000 * This is FreeBSD extension to RFC2367.
7001 */
7002 if (saidx->reqid != 0) {
7003 m = key_setsadbxsa2(saidx->mode, 0, saidx->reqid);
7004 if (m == NULL) {
7005 error = ENOBUFS;
7006 goto fail;
7007 }
7008 m_cat(result, m);
7009 }
7010 /* XXX identity (optional) */
7011 #if 0
7012 if (idexttype && fqdn) {
7013 /* create identity extension (FQDN) */
7014 struct sadb_ident *id;
7015 int fqdnlen;
7016
7017 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */
7018 id = (struct sadb_ident *)p;
7019 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
7020 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
7021 id->sadb_ident_exttype = idexttype;
7022 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
7023 bcopy(fqdn, id + 1, fqdnlen);
7024 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
7025 }
7026
7027 if (idexttype) {
7028 /* create identity extension (USERFQDN) */
7029 struct sadb_ident *id;
7030 int userfqdnlen;
7031
7032 if (userfqdn) {
7033 /* +1 for terminating-NUL */
7034 userfqdnlen = strlen(userfqdn) + 1;
7035 } else
7036 userfqdnlen = 0;
7037 id = (struct sadb_ident *)p;
7038 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
7039 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
7040 id->sadb_ident_exttype = idexttype;
7041 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
7042 /* XXX is it correct? */
7043 if (curproc && curproc->p_cred)
7044 id->sadb_ident_id = curproc->p_cred->p_ruid;
7045 if (userfqdn && userfqdnlen)
7046 bcopy(userfqdn, id + 1, userfqdnlen);
7047 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
7048 }
7049 #endif
7050
7051 /* XXX sensitivity (optional) */
7052
7053 /* create proposal/combination extension */
7054 m = key_getprop(saidx);
7055 #if 0
7056 /*
7057 * spec conformant: always attach proposal/combination extension,
7058 * the problem is that we have no way to attach it for ipcomp,
7059 * due to the way sadb_comb is declared in RFC2367.
7060 */
7061 if (!m) {
7062 error = ENOBUFS;
7063 goto fail;
7064 }
7065 m_cat(result, m);
7066 #else
7067 /*
7068 * outside of spec; make proposal/combination extension optional.
7069 */
7070 if (m)
7071 m_cat(result, m);
7072 #endif
7073
7074 if ((result->m_flags & M_PKTHDR) == 0) {
7075 error = EINVAL;
7076 goto fail;
7077 }
7078
7079 if (result->m_len < sizeof(struct sadb_msg)) {
7080 result = m_pullup(result, sizeof(struct sadb_msg));
7081 if (result == NULL) {
7082 error = ENOBUFS;
7083 goto fail;
7084 }
7085 }
7086
7087 result->m_pkthdr.len = 0;
7088 for (m = result; m; m = m->m_next)
7089 result->m_pkthdr.len += m->m_len;
7090
7091 mtod(result, struct sadb_msg *)->sadb_msg_len =
7092 PFKEY_UNIT64(result->m_pkthdr.len);
7093
7094 KEYDBG(KEY_STAMP,
7095 printf("%s: SP(%p)\n", __func__, sp));
7096 KEYDBG(KEY_DATA, kdebug_secasindex(saidx, NULL));
7097
7098 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
7099
7100 fail:
7101 if (result)
7102 m_freem(result);
7103 return error;
7104 }
7105
7106 static uint32_t
key_newacq(const struct secasindex * saidx,int * perror)7107 key_newacq(const struct secasindex *saidx, int *perror)
7108 {
7109 struct secacq *acq;
7110 uint32_t seq;
7111
7112 acq = malloc(sizeof(*acq), M_IPSEC_SAQ, M_NOWAIT | M_ZERO);
7113 if (acq == NULL) {
7114 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
7115 *perror = ENOBUFS;
7116 return (0);
7117 }
7118
7119 /* copy secindex */
7120 bcopy(saidx, &acq->saidx, sizeof(acq->saidx));
7121 acq->created = time_second;
7122 acq->count = 0;
7123
7124 /* add to acqtree */
7125 ACQ_LOCK();
7126 seq = acq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq);
7127 LIST_INSERT_HEAD(&V_acqtree, acq, chain);
7128 LIST_INSERT_HEAD(ACQADDRHASH_HASH(saidx), acq, addrhash);
7129 LIST_INSERT_HEAD(ACQSEQHASH_HASH(seq), acq, seqhash);
7130 ACQ_UNLOCK();
7131 *perror = 0;
7132 return (seq);
7133 }
7134
7135 static uint32_t
key_getacq(const struct secasindex * saidx,int * perror)7136 key_getacq(const struct secasindex *saidx, int *perror)
7137 {
7138 struct secacq *acq;
7139 uint32_t seq;
7140
7141 ACQ_LOCK();
7142 LIST_FOREACH(acq, ACQADDRHASH_HASH(saidx), addrhash) {
7143 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY)) {
7144 if (acq->count > V_key_blockacq_count) {
7145 /*
7146 * Reset counter and send message.
7147 * Also reset created time to keep ACQ for
7148 * this saidx.
7149 */
7150 acq->created = time_second;
7151 acq->count = 0;
7152 seq = acq->seq;
7153 } else {
7154 /*
7155 * Increment counter and do nothing.
7156 * We send SADB_ACQUIRE message only
7157 * for each V_key_blockacq_count packet.
7158 */
7159 acq->count++;
7160 seq = 0;
7161 }
7162 break;
7163 }
7164 }
7165 ACQ_UNLOCK();
7166 if (acq != NULL) {
7167 *perror = 0;
7168 return (seq);
7169 }
7170 /* allocate new entry */
7171 return (key_newacq(saidx, perror));
7172 }
7173
7174 static int
key_acqreset(uint32_t seq)7175 key_acqreset(uint32_t seq)
7176 {
7177 struct secacq *acq;
7178
7179 ACQ_LOCK();
7180 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) {
7181 if (acq->seq == seq) {
7182 acq->count = 0;
7183 acq->created = time_second;
7184 break;
7185 }
7186 }
7187 ACQ_UNLOCK();
7188 if (acq == NULL)
7189 return (ESRCH);
7190 return (0);
7191 }
7192 /*
7193 * Mark ACQ entry as stale to remove it in key_flush_acq().
7194 * Called after successful SADB_GETSPI message.
7195 */
7196 static int
key_acqdone(const struct secasindex * saidx,uint32_t seq)7197 key_acqdone(const struct secasindex *saidx, uint32_t seq)
7198 {
7199 struct secacq *acq;
7200
7201 ACQ_LOCK();
7202 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) {
7203 if (acq->seq == seq)
7204 break;
7205 }
7206 if (acq != NULL) {
7207 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY) == 0) {
7208 ipseclog((LOG_DEBUG,
7209 "%s: Mismatched saidx for ACQ %u\n", __func__, seq));
7210 acq = NULL;
7211 } else {
7212 acq->created = 0;
7213 }
7214 } else {
7215 ipseclog((LOG_DEBUG,
7216 "%s: ACQ %u is not found.\n", __func__, seq));
7217 }
7218 ACQ_UNLOCK();
7219 if (acq == NULL)
7220 return (ESRCH);
7221 return (0);
7222 }
7223
7224 static struct secspacq *
key_newspacq(struct secpolicyindex * spidx)7225 key_newspacq(struct secpolicyindex *spidx)
7226 {
7227 struct secspacq *acq;
7228
7229 /* get new entry */
7230 acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO);
7231 if (acq == NULL) {
7232 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
7233 return NULL;
7234 }
7235
7236 /* copy secindex */
7237 bcopy(spidx, &acq->spidx, sizeof(acq->spidx));
7238 acq->created = time_second;
7239 acq->count = 0;
7240
7241 /* add to spacqtree */
7242 SPACQ_LOCK();
7243 LIST_INSERT_HEAD(&V_spacqtree, acq, chain);
7244 SPACQ_UNLOCK();
7245
7246 return acq;
7247 }
7248
7249 static struct secspacq *
key_getspacq(struct secpolicyindex * spidx)7250 key_getspacq(struct secpolicyindex *spidx)
7251 {
7252 struct secspacq *acq;
7253
7254 SPACQ_LOCK();
7255 LIST_FOREACH(acq, &V_spacqtree, chain) {
7256 if (key_cmpspidx_exactly(spidx, &acq->spidx)) {
7257 /* NB: return holding spacq_lock */
7258 return acq;
7259 }
7260 }
7261 SPACQ_UNLOCK();
7262
7263 return NULL;
7264 }
7265
7266 /*
7267 * SADB_ACQUIRE processing,
7268 * in first situation, is receiving
7269 * <base>
7270 * from the ikmpd, and clear sequence of its secasvar entry.
7271 *
7272 * In second situation, is receiving
7273 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
7274 * from a user land process, and return
7275 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
7276 * to the socket.
7277 *
7278 * m will always be freed.
7279 */
7280 static int
key_acquire2(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)7281 key_acquire2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
7282 {
7283 SAHTREE_RLOCK_TRACKER;
7284 struct sadb_address *src0, *dst0;
7285 struct secasindex saidx;
7286 struct secashead *sah;
7287 uint32_t reqid;
7288 int error;
7289 uint8_t mode, proto;
7290
7291 IPSEC_ASSERT(so != NULL, ("null socket"));
7292 IPSEC_ASSERT(m != NULL, ("null mbuf"));
7293 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
7294 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
7295
7296 /*
7297 * Error message from KMd.
7298 * We assume that if error was occurred in IKEd, the length of PFKEY
7299 * message is equal to the size of sadb_msg structure.
7300 * We do not raise error even if error occurred in this function.
7301 */
7302 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
7303 /* check sequence number */
7304 if (mhp->msg->sadb_msg_seq == 0 ||
7305 mhp->msg->sadb_msg_errno == 0) {
7306 ipseclog((LOG_DEBUG, "%s: must specify sequence "
7307 "number and errno.\n", __func__));
7308 } else {
7309 /*
7310 * IKEd reported that error occurred.
7311 * XXXAE: what it expects from the kernel?
7312 * Probably we should send SADB_ACQUIRE again?
7313 * If so, reset ACQ's state.
7314 * XXXAE: it looks useless.
7315 */
7316 key_acqreset(mhp->msg->sadb_msg_seq);
7317 }
7318 m_freem(m);
7319 return (0);
7320 }
7321
7322 /*
7323 * This message is from user land.
7324 */
7325
7326 /* map satype to proto */
7327 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7328 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
7329 __func__));
7330 return key_senderror(so, m, EINVAL);
7331 }
7332
7333 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) ||
7334 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) ||
7335 SADB_CHECKHDR(mhp, SADB_EXT_PROPOSAL)) {
7336 ipseclog((LOG_DEBUG,
7337 "%s: invalid message: missing required header.\n",
7338 __func__));
7339 return key_senderror(so, m, EINVAL);
7340 }
7341 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) ||
7342 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) ||
7343 SADB_CHECKLEN(mhp, SADB_EXT_PROPOSAL)) {
7344 ipseclog((LOG_DEBUG,
7345 "%s: invalid message: wrong header size.\n", __func__));
7346 return key_senderror(so, m, EINVAL);
7347 }
7348
7349 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) {
7350 mode = IPSEC_MODE_ANY;
7351 reqid = 0;
7352 } else {
7353 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) {
7354 ipseclog((LOG_DEBUG,
7355 "%s: invalid message: wrong header size.\n",
7356 __func__));
7357 return key_senderror(so, m, EINVAL);
7358 }
7359 mode = ((struct sadb_x_sa2 *)
7360 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
7361 reqid = ((struct sadb_x_sa2 *)
7362 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
7363 }
7364
7365 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
7366 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
7367
7368 error = key_checksockaddrs((struct sockaddr *)(src0 + 1),
7369 (struct sockaddr *)(dst0 + 1));
7370 if (error != 0) {
7371 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__));
7372 return key_senderror(so, m, EINVAL);
7373 }
7374 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
7375
7376 /* get a SA index */
7377 SAHTREE_RLOCK();
7378 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) {
7379 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID))
7380 break;
7381 }
7382 SAHTREE_RUNLOCK();
7383 if (sah != NULL) {
7384 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__));
7385 return key_senderror(so, m, EEXIST);
7386 }
7387
7388 error = key_acquire(&saidx, NULL);
7389 if (error != 0) {
7390 ipseclog((LOG_DEBUG,
7391 "%s: error %d returned from key_acquire()\n",
7392 __func__, error));
7393 return key_senderror(so, m, error);
7394 }
7395 m_freem(m);
7396 return (0);
7397 }
7398
7399 /*
7400 * SADB_REGISTER processing.
7401 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
7402 * receive
7403 * <base>
7404 * from the ikmpd, and register a socket to send PF_KEY messages,
7405 * and send
7406 * <base, supported>
7407 * to KMD by PF_KEY.
7408 * If socket is detached, must free from regnode.
7409 *
7410 * m will always be freed.
7411 */
7412 static int
key_register(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)7413 key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
7414 {
7415 struct secreg *reg, *newreg = NULL;
7416
7417 IPSEC_ASSERT(so != NULL, ("null socket"));
7418 IPSEC_ASSERT(m != NULL, ("null mbuf"));
7419 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
7420 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
7421
7422 /* check for invalid register message */
7423 if (mhp->msg->sadb_msg_satype >= sizeof(V_regtree)/sizeof(V_regtree[0]))
7424 return key_senderror(so, m, EINVAL);
7425
7426 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
7427 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
7428 goto setmsg;
7429
7430 /* check whether existing or not */
7431 REGTREE_LOCK();
7432 LIST_FOREACH(reg, &V_regtree[mhp->msg->sadb_msg_satype], chain) {
7433 if (reg->so == so) {
7434 REGTREE_UNLOCK();
7435 ipseclog((LOG_DEBUG, "%s: socket exists already.\n",
7436 __func__));
7437 return key_senderror(so, m, EEXIST);
7438 }
7439 }
7440
7441 /* create regnode */
7442 newreg = malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO);
7443 if (newreg == NULL) {
7444 REGTREE_UNLOCK();
7445 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
7446 return key_senderror(so, m, ENOBUFS);
7447 }
7448
7449 newreg->so = so;
7450 ((struct keycb *)(so->so_pcb))->kp_registered++;
7451
7452 /* add regnode to regtree. */
7453 LIST_INSERT_HEAD(&V_regtree[mhp->msg->sadb_msg_satype], newreg, chain);
7454 REGTREE_UNLOCK();
7455
7456 setmsg:
7457 {
7458 struct mbuf *n;
7459 struct sadb_msg *newmsg;
7460 struct sadb_supported *sup;
7461 u_int len, alen, elen;
7462 int off;
7463 int i;
7464 struct sadb_alg *alg;
7465
7466 /* create new sadb_msg to reply. */
7467 alen = 0;
7468 for (i = 1; i <= SADB_AALG_MAX; i++) {
7469 if (auth_algorithm_lookup(i))
7470 alen += sizeof(struct sadb_alg);
7471 }
7472 if (alen)
7473 alen += sizeof(struct sadb_supported);
7474 elen = 0;
7475 for (i = 1; i <= SADB_EALG_MAX; i++) {
7476 if (enc_algorithm_lookup(i))
7477 elen += sizeof(struct sadb_alg);
7478 }
7479 if (elen)
7480 elen += sizeof(struct sadb_supported);
7481
7482 len = sizeof(struct sadb_msg) + alen + elen;
7483
7484 if (len > MCLBYTES)
7485 return key_senderror(so, m, ENOBUFS);
7486
7487 n = key_mget(len);
7488 if (n == NULL)
7489 return key_senderror(so, m, ENOBUFS);
7490
7491 n->m_pkthdr.len = n->m_len = len;
7492 n->m_next = NULL;
7493 off = 0;
7494
7495 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
7496 newmsg = mtod(n, struct sadb_msg *);
7497 newmsg->sadb_msg_errno = 0;
7498 newmsg->sadb_msg_len = PFKEY_UNIT64(len);
7499 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
7500
7501 /* for authentication algorithm */
7502 if (alen) {
7503 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
7504 sup->sadb_supported_len = PFKEY_UNIT64(alen);
7505 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
7506 off += PFKEY_ALIGN8(sizeof(*sup));
7507
7508 for (i = 1; i <= SADB_AALG_MAX; i++) {
7509 const struct auth_hash *aalgo;
7510 u_int16_t minkeysize, maxkeysize;
7511
7512 aalgo = auth_algorithm_lookup(i);
7513 if (!aalgo)
7514 continue;
7515 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
7516 alg->sadb_alg_id = i;
7517 alg->sadb_alg_ivlen = 0;
7518 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize);
7519 alg->sadb_alg_minbits = _BITS(minkeysize);
7520 alg->sadb_alg_maxbits = _BITS(maxkeysize);
7521 off += PFKEY_ALIGN8(sizeof(*alg));
7522 }
7523 }
7524
7525 /* for encryption algorithm */
7526 if (elen) {
7527 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
7528 sup->sadb_supported_len = PFKEY_UNIT64(elen);
7529 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
7530 off += PFKEY_ALIGN8(sizeof(*sup));
7531
7532 for (i = 1; i <= SADB_EALG_MAX; i++) {
7533 const struct enc_xform *ealgo;
7534
7535 ealgo = enc_algorithm_lookup(i);
7536 if (!ealgo)
7537 continue;
7538 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
7539 alg->sadb_alg_id = i;
7540 alg->sadb_alg_ivlen = ealgo->ivsize;
7541 alg->sadb_alg_minbits = _BITS(ealgo->minkey);
7542 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey);
7543 off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
7544 }
7545 }
7546
7547 IPSEC_ASSERT(off == len,
7548 ("length assumption failed (off %u len %u)", off, len));
7549
7550 m_freem(m);
7551 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
7552 }
7553 }
7554
7555 /*
7556 * free secreg entry registered.
7557 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
7558 */
7559 void
key_freereg(struct socket * so)7560 key_freereg(struct socket *so)
7561 {
7562 struct secreg *reg;
7563 int i;
7564
7565 IPSEC_ASSERT(so != NULL, ("NULL so"));
7566
7567 /*
7568 * check whether existing or not.
7569 * check all type of SA, because there is a potential that
7570 * one socket is registered to multiple type of SA.
7571 */
7572 REGTREE_LOCK();
7573 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
7574 LIST_FOREACH(reg, &V_regtree[i], chain) {
7575 if (reg->so == so && __LIST_CHAINED(reg)) {
7576 LIST_REMOVE(reg, chain);
7577 free(reg, M_IPSEC_SAR);
7578 break;
7579 }
7580 }
7581 }
7582 REGTREE_UNLOCK();
7583 }
7584
7585 /*
7586 * SADB_EXPIRE processing
7587 * send
7588 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
7589 * to KMD by PF_KEY.
7590 * NOTE: We send only soft lifetime extension.
7591 *
7592 * OUT: 0 : succeed
7593 * others : error number
7594 */
7595 static int
key_expire(struct secasvar * sav,int hard)7596 key_expire(struct secasvar *sav, int hard)
7597 {
7598 struct mbuf *result = NULL, *m;
7599 struct sadb_lifetime *lt;
7600 uint32_t replay_count;
7601 int error, len;
7602 uint8_t satype;
7603
7604 SECASVAR_RLOCK_TRACKER;
7605
7606 IPSEC_ASSERT (sav != NULL, ("null sav"));
7607 IPSEC_ASSERT (sav->sah != NULL, ("null sa header"));
7608
7609 KEYDBG(KEY_STAMP,
7610 printf("%s: SA(%p) expired %s lifetime\n", __func__,
7611 sav, hard ? "hard": "soft"));
7612 KEYDBG(KEY_DATA, kdebug_secasv(sav));
7613 /* set msg header */
7614 satype = key_proto2satype(sav->sah->saidx.proto);
7615 IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype));
7616 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
7617 if (!m) {
7618 error = ENOBUFS;
7619 goto fail;
7620 }
7621 result = m;
7622
7623 /* create SA extension */
7624 m = key_setsadbsa(sav);
7625 if (!m) {
7626 error = ENOBUFS;
7627 goto fail;
7628 }
7629 m_cat(result, m);
7630
7631 /* create SA extension */
7632 SECASVAR_RLOCK(sav);
7633 replay_count = sav->replay ? sav->replay->count : 0;
7634 SECASVAR_RUNLOCK(sav);
7635
7636 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count,
7637 sav->sah->saidx.reqid);
7638 if (!m) {
7639 error = ENOBUFS;
7640 goto fail;
7641 }
7642 m_cat(result, m);
7643
7644 if (sav->replay && sav->replay->wsize > UINT8_MAX) {
7645 m = key_setsadbxsareplay(sav->replay->wsize);
7646 if (!m) {
7647 error = ENOBUFS;
7648 goto fail;
7649 }
7650 m_cat(result, m);
7651 }
7652
7653 /* create lifetime extension (current and soft) */
7654 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
7655 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
7656 if (m == NULL) {
7657 error = ENOBUFS;
7658 goto fail;
7659 }
7660 m_align(m, len);
7661 m->m_len = len;
7662 bzero(mtod(m, caddr_t), len);
7663 lt = mtod(m, struct sadb_lifetime *);
7664 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
7665 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
7666 lt->sadb_lifetime_allocations =
7667 (uint32_t)counter_u64_fetch(sav->lft_c_allocations);
7668 lt->sadb_lifetime_bytes =
7669 counter_u64_fetch(sav->lft_c_bytes);
7670 lt->sadb_lifetime_addtime = sav->created;
7671 lt->sadb_lifetime_usetime = sav->firstused;
7672 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
7673 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
7674 if (hard) {
7675 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
7676 lt->sadb_lifetime_allocations = sav->lft_h->allocations;
7677 lt->sadb_lifetime_bytes = sav->lft_h->bytes;
7678 lt->sadb_lifetime_addtime = sav->lft_h->addtime;
7679 lt->sadb_lifetime_usetime = sav->lft_h->usetime;
7680 } else {
7681 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
7682 lt->sadb_lifetime_allocations = sav->lft_s->allocations;
7683 lt->sadb_lifetime_bytes = sav->lft_s->bytes;
7684 lt->sadb_lifetime_addtime = sav->lft_s->addtime;
7685 lt->sadb_lifetime_usetime = sav->lft_s->usetime;
7686 }
7687 m_cat(result, m);
7688
7689 /* set sadb_address for source */
7690 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
7691 &sav->sah->saidx.src.sa,
7692 FULLMASK, IPSEC_ULPROTO_ANY);
7693 if (!m) {
7694 error = ENOBUFS;
7695 goto fail;
7696 }
7697 m_cat(result, m);
7698
7699 /* set sadb_address for destination */
7700 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
7701 &sav->sah->saidx.dst.sa,
7702 FULLMASK, IPSEC_ULPROTO_ANY);
7703 if (!m) {
7704 error = ENOBUFS;
7705 goto fail;
7706 }
7707 m_cat(result, m);
7708
7709 /*
7710 * XXX-BZ Handle NAT-T extensions here.
7711 * XXXAE: it doesn't seem quite useful. IKEs should not depend on
7712 * this information, we report only significant SA fields.
7713 */
7714
7715 if ((result->m_flags & M_PKTHDR) == 0) {
7716 error = EINVAL;
7717 goto fail;
7718 }
7719
7720 if (result->m_len < sizeof(struct sadb_msg)) {
7721 result = m_pullup(result, sizeof(struct sadb_msg));
7722 if (result == NULL) {
7723 error = ENOBUFS;
7724 goto fail;
7725 }
7726 }
7727
7728 result->m_pkthdr.len = 0;
7729 for (m = result; m; m = m->m_next)
7730 result->m_pkthdr.len += m->m_len;
7731
7732 mtod(result, struct sadb_msg *)->sadb_msg_len =
7733 PFKEY_UNIT64(result->m_pkthdr.len);
7734
7735 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
7736
7737 fail:
7738 if (result)
7739 m_freem(result);
7740 return error;
7741 }
7742
7743 static void
key_freesah_flushed(struct secashead_queue * flushq)7744 key_freesah_flushed(struct secashead_queue *flushq)
7745 {
7746 struct secashead *sah, *nextsah;
7747 struct secasvar *sav, *nextsav;
7748
7749 sah = TAILQ_FIRST(flushq);
7750 while (sah != NULL) {
7751 sav = TAILQ_FIRST(&sah->savtree_larval);
7752 while (sav != NULL) {
7753 nextsav = TAILQ_NEXT(sav, chain);
7754 TAILQ_REMOVE(&sah->savtree_larval, sav, chain);
7755 key_freesav(&sav); /* release last reference */
7756 key_freesah(&sah); /* release reference from SAV */
7757 sav = nextsav;
7758 }
7759 sav = TAILQ_FIRST(&sah->savtree_alive);
7760 while (sav != NULL) {
7761 nextsav = TAILQ_NEXT(sav, chain);
7762 TAILQ_REMOVE(&sah->savtree_alive, sav, chain);
7763 key_freesav(&sav); /* release last reference */
7764 key_freesah(&sah); /* release reference from SAV */
7765 sav = nextsav;
7766 }
7767 nextsah = TAILQ_NEXT(sah, chain);
7768 key_freesah(&sah); /* release last reference */
7769 sah = nextsah;
7770 }
7771 }
7772
7773 /*
7774 * SADB_FLUSH processing
7775 * receive
7776 * <base>
7777 * from the ikmpd, and free all entries in secastree.
7778 * and send,
7779 * <base>
7780 * to the ikmpd.
7781 * NOTE: to do is only marking SADB_SASTATE_DEAD.
7782 *
7783 * m will always be freed.
7784 */
7785 static int
key_flush(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)7786 key_flush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
7787 {
7788 struct secashead_queue flushq;
7789 struct sadb_msg *newmsg;
7790 struct secashead *sah, *nextsah;
7791 struct secasvar *sav;
7792 uint8_t proto;
7793 int i;
7794
7795 IPSEC_ASSERT(so != NULL, ("null socket"));
7796 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
7797 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
7798
7799 /* map satype to proto */
7800 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7801 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
7802 __func__));
7803 return key_senderror(so, m, EINVAL);
7804 }
7805 KEYDBG(KEY_STAMP,
7806 printf("%s: proto %u\n", __func__, proto));
7807
7808 TAILQ_INIT(&flushq);
7809 if (proto == IPSEC_PROTO_ANY) {
7810 /* no SATYPE specified, i.e. flushing all SA. */
7811 SAHTREE_WLOCK();
7812 /* Move all SAHs into flushq */
7813 TAILQ_CONCAT(&flushq, &V_sahtree, chain);
7814 /* Flush all buckets in SPI hash */
7815 for (i = 0; i < V_savhash_mask + 1; i++)
7816 LIST_INIT(&V_savhashtbl[i]);
7817 /* Flush all buckets in SAHADDRHASH */
7818 for (i = 0; i < V_sahaddrhash_mask + 1; i++)
7819 LIST_INIT(&V_sahaddrhashtbl[i]);
7820 /* Mark all SAHs as unlinked */
7821 TAILQ_FOREACH(sah, &flushq, chain) {
7822 sah->state = SADB_SASTATE_DEAD;
7823 /*
7824 * Callout handler makes its job using
7825 * RLOCK and drain queues. In case, when this
7826 * function will be called just before it
7827 * acquires WLOCK, we need to mark SAs as
7828 * unlinked to prevent second unlink.
7829 */
7830 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
7831 sav->state = SADB_SASTATE_DEAD;
7832 ipsec_accel_forget_sav(sav);
7833 }
7834 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
7835 sav->state = SADB_SASTATE_DEAD;
7836 ipsec_accel_forget_sav(sav);
7837 }
7838 }
7839 SAHTREE_WUNLOCK();
7840 } else {
7841 SAHTREE_WLOCK();
7842 sah = TAILQ_FIRST(&V_sahtree);
7843 while (sah != NULL) {
7844 IPSEC_ASSERT(sah->state != SADB_SASTATE_DEAD,
7845 ("DEAD SAH %p in SADB_FLUSH", sah));
7846 nextsah = TAILQ_NEXT(sah, chain);
7847 if (sah->saidx.proto != proto) {
7848 sah = nextsah;
7849 continue;
7850 }
7851 sah->state = SADB_SASTATE_DEAD;
7852 TAILQ_REMOVE(&V_sahtree, sah, chain);
7853 LIST_REMOVE(sah, addrhash);
7854 /* Unlink all SAs from SPI hash */
7855 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
7856 LIST_REMOVE(sav, spihash);
7857 sav->state = SADB_SASTATE_DEAD;
7858 ipsec_accel_forget_sav(sav);
7859 }
7860 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
7861 LIST_REMOVE(sav, spihash);
7862 sav->state = SADB_SASTATE_DEAD;
7863 ipsec_accel_forget_sav(sav);
7864 }
7865 /* Add SAH into flushq */
7866 TAILQ_INSERT_HEAD(&flushq, sah, chain);
7867 sah = nextsah;
7868 }
7869 SAHTREE_WUNLOCK();
7870 }
7871
7872 key_freesah_flushed(&flushq);
7873 /* Free all queued SAs and SAHs */
7874 if (m->m_len < sizeof(struct sadb_msg) ||
7875 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
7876 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
7877 return key_senderror(so, m, ENOBUFS);
7878 }
7879
7880 if (m->m_next)
7881 m_freem(m->m_next);
7882 m->m_next = NULL;
7883 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
7884 newmsg = mtod(m, struct sadb_msg *);
7885 newmsg->sadb_msg_errno = 0;
7886 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
7887
7888 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7889 }
7890
7891 /*
7892 * SADB_DUMP processing
7893 * dump all entries including status of DEAD in SAD.
7894 * receive
7895 * <base>
7896 * from the ikmpd, and dump all secasvar leaves
7897 * and send,
7898 * <base> .....
7899 * to the ikmpd.
7900 *
7901 * m will always be freed.
7902 */
7903 static int
key_dump(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)7904 key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
7905 {
7906 SAHTREE_RLOCK_TRACKER;
7907 struct secashead *sah;
7908 struct secasvar *sav;
7909 struct mbuf *n;
7910 uint32_t cnt;
7911 uint8_t proto, satype;
7912
7913 IPSEC_ASSERT(so != NULL, ("null socket"));
7914 IPSEC_ASSERT(m != NULL, ("null mbuf"));
7915 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
7916 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
7917
7918 /* map satype to proto */
7919 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7920 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
7921 __func__));
7922 return key_senderror(so, m, EINVAL);
7923 }
7924
7925 /* count sav entries to be sent to the userland. */
7926 cnt = 0;
7927 IFNET_RLOCK();
7928 SAHTREE_RLOCK();
7929 TAILQ_FOREACH(sah, &V_sahtree, chain) {
7930 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
7931 proto != sah->saidx.proto)
7932 continue;
7933
7934 TAILQ_FOREACH(sav, &sah->savtree_larval, chain)
7935 cnt++;
7936 TAILQ_FOREACH(sav, &sah->savtree_alive, chain)
7937 cnt++;
7938 }
7939
7940 if (cnt == 0) {
7941 SAHTREE_RUNLOCK();
7942 IFNET_RUNLOCK();
7943 return key_senderror(so, m, ENOENT);
7944 }
7945
7946 /* send this to the userland, one at a time. */
7947 TAILQ_FOREACH(sah, &V_sahtree, chain) {
7948 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
7949 proto != sah->saidx.proto)
7950 continue;
7951
7952 /* map proto to satype */
7953 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
7954 SAHTREE_RUNLOCK();
7955 IFNET_RUNLOCK();
7956 ipseclog((LOG_DEBUG, "%s: there was invalid proto in "
7957 "SAD.\n", __func__));
7958 return key_senderror(so, m, EINVAL);
7959 }
7960 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
7961 n = key_setdumpsa(sav, SADB_DUMP, satype,
7962 --cnt, mhp->msg->sadb_msg_pid, &sahtree_tracker);
7963 if (n == NULL) {
7964 SAHTREE_RUNLOCK();
7965 IFNET_RUNLOCK();
7966 return key_senderror(so, m, ENOBUFS);
7967 }
7968 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
7969 }
7970 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
7971 n = key_setdumpsa(sav, SADB_DUMP, satype,
7972 --cnt, mhp->msg->sadb_msg_pid, &sahtree_tracker);
7973 if (n == NULL) {
7974 SAHTREE_RUNLOCK();
7975 IFNET_RUNLOCK();
7976 return key_senderror(so, m, ENOBUFS);
7977 }
7978 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
7979 }
7980 }
7981 SAHTREE_RUNLOCK();
7982 IFNET_RUNLOCK();
7983 m_freem(m);
7984 return (0);
7985 }
7986 /*
7987 * SADB_X_PROMISC processing
7988 *
7989 * m will always be freed.
7990 */
7991 static int
key_promisc(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)7992 key_promisc(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
7993 {
7994 int olen;
7995
7996 IPSEC_ASSERT(so != NULL, ("null socket"));
7997 IPSEC_ASSERT(m != NULL, ("null mbuf"));
7998 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
7999 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
8000
8001 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
8002
8003 if (olen < sizeof(struct sadb_msg)) {
8004 #if 1
8005 return key_senderror(so, m, EINVAL);
8006 #else
8007 m_freem(m);
8008 return 0;
8009 #endif
8010 } else if (olen == sizeof(struct sadb_msg)) {
8011 /* enable/disable promisc mode */
8012 struct keycb *kp;
8013
8014 if ((kp = so->so_pcb) == NULL)
8015 return key_senderror(so, m, EINVAL);
8016 mhp->msg->sadb_msg_errno = 0;
8017 switch (mhp->msg->sadb_msg_satype) {
8018 case 0:
8019 case 1:
8020 kp->kp_promisc = mhp->msg->sadb_msg_satype;
8021 break;
8022 default:
8023 return key_senderror(so, m, EINVAL);
8024 }
8025
8026 /* send the original message back to everyone */
8027 mhp->msg->sadb_msg_errno = 0;
8028 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
8029 } else {
8030 /* send packet as is */
8031
8032 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
8033
8034 /* TODO: if sadb_msg_seq is specified, send to specific pid */
8035 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
8036 }
8037 }
8038
8039 static int (*key_typesw[])(struct socket *, struct mbuf *,
8040 const struct sadb_msghdr *) = {
8041 [SADB_RESERVED] = NULL,
8042 [SADB_GETSPI] = key_getspi,
8043 [SADB_UPDATE] = key_update,
8044 [SADB_ADD] = key_add,
8045 [SADB_DELETE] = key_delete,
8046 [SADB_GET] = key_get,
8047 [SADB_ACQUIRE] = key_acquire2,
8048 [SADB_REGISTER] = key_register,
8049 [SADB_EXPIRE] = NULL,
8050 [SADB_FLUSH] = key_flush,
8051 [SADB_DUMP] = key_dump,
8052 [SADB_X_PROMISC] = key_promisc,
8053 [SADB_X_PCHANGE] = NULL,
8054 [SADB_X_SPDUPDATE] = key_spdadd,
8055 [SADB_X_SPDADD] = key_spdadd,
8056 [SADB_X_SPDDELETE] = key_spddelete,
8057 [SADB_X_SPDGET] = key_spdget,
8058 [SADB_X_SPDACQUIRE] = NULL,
8059 [SADB_X_SPDDUMP] = key_spddump,
8060 [SADB_X_SPDFLUSH] = key_spdflush,
8061 [SADB_X_SPDSETIDX] = key_spdadd,
8062 [SADB_X_SPDEXPIRE] = NULL,
8063 [SADB_X_SPDDELETE2] = key_spddelete2,
8064 };
8065
8066 /*
8067 * parse sadb_msg buffer to process PFKEYv2,
8068 * and create a data to response if needed.
8069 * I think to be dealed with mbuf directly.
8070 * IN:
8071 * msgp : pointer to pointer to a received buffer pulluped.
8072 * This is rewrited to response.
8073 * so : pointer to socket.
8074 * OUT:
8075 * length for buffer to send to user process.
8076 */
8077 int
key_parse(struct mbuf * m,struct socket * so)8078 key_parse(struct mbuf *m, struct socket *so)
8079 {
8080 struct sadb_msg *msg;
8081 struct sadb_msghdr mh;
8082 u_int orglen;
8083 int error;
8084 int target;
8085
8086 IPSEC_ASSERT(so != NULL, ("null socket"));
8087 IPSEC_ASSERT(m != NULL, ("null mbuf"));
8088
8089 if (m->m_len < sizeof(struct sadb_msg)) {
8090 m = m_pullup(m, sizeof(struct sadb_msg));
8091 if (!m)
8092 return ENOBUFS;
8093 }
8094 msg = mtod(m, struct sadb_msg *);
8095 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
8096 target = KEY_SENDUP_ONE;
8097
8098 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != orglen) {
8099 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__));
8100 PFKEYSTAT_INC(out_invlen);
8101 error = EINVAL;
8102 goto senderror;
8103 }
8104
8105 if (msg->sadb_msg_version != PF_KEY_V2) {
8106 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n",
8107 __func__, msg->sadb_msg_version));
8108 PFKEYSTAT_INC(out_invver);
8109 error = EINVAL;
8110 goto senderror;
8111 }
8112
8113 if (msg->sadb_msg_type > SADB_MAX) {
8114 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n",
8115 __func__, msg->sadb_msg_type));
8116 PFKEYSTAT_INC(out_invmsgtype);
8117 error = EINVAL;
8118 goto senderror;
8119 }
8120
8121 /* for old-fashioned code - should be nuked */
8122 if (m->m_pkthdr.len > MCLBYTES) {
8123 m_freem(m);
8124 return ENOBUFS;
8125 }
8126 if (m->m_next) {
8127 struct mbuf *n;
8128
8129 n = key_mget(m->m_pkthdr.len);
8130 if (n == NULL) {
8131 m_freem(m);
8132 return ENOBUFS;
8133 }
8134 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t));
8135 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
8136 n->m_next = NULL;
8137 m_freem(m);
8138 m = n;
8139 }
8140
8141 /* align the mbuf chain so that extensions are in contiguous region. */
8142 error = key_align(m, &mh);
8143 if (error)
8144 return error;
8145
8146 msg = mh.msg;
8147
8148 /* We use satype as scope mask for spddump */
8149 if (msg->sadb_msg_type == SADB_X_SPDDUMP) {
8150 switch (msg->sadb_msg_satype) {
8151 case IPSEC_POLICYSCOPE_ANY:
8152 case IPSEC_POLICYSCOPE_GLOBAL:
8153 case IPSEC_POLICYSCOPE_IFNET:
8154 case IPSEC_POLICYSCOPE_PCB:
8155 break;
8156 default:
8157 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n",
8158 __func__, msg->sadb_msg_type));
8159 PFKEYSTAT_INC(out_invsatype);
8160 error = EINVAL;
8161 goto senderror;
8162 }
8163 } else {
8164 switch (msg->sadb_msg_satype) { /* check SA type */
8165 case SADB_SATYPE_UNSPEC:
8166 switch (msg->sadb_msg_type) {
8167 case SADB_GETSPI:
8168 case SADB_UPDATE:
8169 case SADB_ADD:
8170 case SADB_DELETE:
8171 case SADB_GET:
8172 case SADB_ACQUIRE:
8173 case SADB_EXPIRE:
8174 ipseclog((LOG_DEBUG, "%s: must specify satype "
8175 "when msg type=%u.\n", __func__,
8176 msg->sadb_msg_type));
8177 PFKEYSTAT_INC(out_invsatype);
8178 error = EINVAL;
8179 goto senderror;
8180 }
8181 break;
8182 case SADB_SATYPE_AH:
8183 case SADB_SATYPE_ESP:
8184 case SADB_X_SATYPE_IPCOMP:
8185 case SADB_X_SATYPE_TCPSIGNATURE:
8186 switch (msg->sadb_msg_type) {
8187 case SADB_X_SPDADD:
8188 case SADB_X_SPDDELETE:
8189 case SADB_X_SPDGET:
8190 case SADB_X_SPDFLUSH:
8191 case SADB_X_SPDSETIDX:
8192 case SADB_X_SPDUPDATE:
8193 case SADB_X_SPDDELETE2:
8194 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n",
8195 __func__, msg->sadb_msg_type));
8196 PFKEYSTAT_INC(out_invsatype);
8197 error = EINVAL;
8198 goto senderror;
8199 }
8200 break;
8201 case SADB_SATYPE_RSVP:
8202 case SADB_SATYPE_OSPFV2:
8203 case SADB_SATYPE_RIPV2:
8204 case SADB_SATYPE_MIP:
8205 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n",
8206 __func__, msg->sadb_msg_satype));
8207 PFKEYSTAT_INC(out_invsatype);
8208 error = EOPNOTSUPP;
8209 goto senderror;
8210 case 1: /* XXX: What does it do? */
8211 if (msg->sadb_msg_type == SADB_X_PROMISC)
8212 break;
8213 /*FALLTHROUGH*/
8214 default:
8215 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n",
8216 __func__, msg->sadb_msg_satype));
8217 PFKEYSTAT_INC(out_invsatype);
8218 error = EINVAL;
8219 goto senderror;
8220 }
8221 }
8222
8223 /* check field of upper layer protocol and address family */
8224 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL
8225 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
8226 struct sadb_address *src0, *dst0;
8227 u_int plen;
8228
8229 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
8230 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
8231
8232 /* check upper layer protocol */
8233 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
8234 ipseclog((LOG_DEBUG, "%s: upper layer protocol "
8235 "mismatched.\n", __func__));
8236 PFKEYSTAT_INC(out_invaddr);
8237 error = EINVAL;
8238 goto senderror;
8239 }
8240
8241 /* check family */
8242 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
8243 PFKEY_ADDR_SADDR(dst0)->sa_family) {
8244 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n",
8245 __func__));
8246 PFKEYSTAT_INC(out_invaddr);
8247 error = EINVAL;
8248 goto senderror;
8249 }
8250 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
8251 PFKEY_ADDR_SADDR(dst0)->sa_len) {
8252 ipseclog((LOG_DEBUG, "%s: address struct size "
8253 "mismatched.\n", __func__));
8254 PFKEYSTAT_INC(out_invaddr);
8255 error = EINVAL;
8256 goto senderror;
8257 }
8258
8259 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
8260 case AF_INET:
8261 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
8262 sizeof(struct sockaddr_in)) {
8263 PFKEYSTAT_INC(out_invaddr);
8264 error = EINVAL;
8265 goto senderror;
8266 }
8267 break;
8268 case AF_INET6:
8269 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
8270 sizeof(struct sockaddr_in6)) {
8271 PFKEYSTAT_INC(out_invaddr);
8272 error = EINVAL;
8273 goto senderror;
8274 }
8275 break;
8276 default:
8277 ipseclog((LOG_DEBUG, "%s: unsupported address family\n",
8278 __func__));
8279 PFKEYSTAT_INC(out_invaddr);
8280 error = EAFNOSUPPORT;
8281 goto senderror;
8282 }
8283
8284 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
8285 case AF_INET:
8286 plen = sizeof(struct in_addr) << 3;
8287 break;
8288 case AF_INET6:
8289 plen = sizeof(struct in6_addr) << 3;
8290 break;
8291 default:
8292 plen = 0; /*fool gcc*/
8293 break;
8294 }
8295
8296 /* check max prefix length */
8297 if (src0->sadb_address_prefixlen > plen ||
8298 dst0->sadb_address_prefixlen > plen) {
8299 ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n",
8300 __func__));
8301 PFKEYSTAT_INC(out_invaddr);
8302 error = EINVAL;
8303 goto senderror;
8304 }
8305
8306 /*
8307 * prefixlen == 0 is valid because there can be a case when
8308 * all addresses are matched.
8309 */
8310 }
8311
8312 if (msg->sadb_msg_type >= nitems(key_typesw) ||
8313 key_typesw[msg->sadb_msg_type] == NULL) {
8314 PFKEYSTAT_INC(out_invmsgtype);
8315 error = EINVAL;
8316 goto senderror;
8317 }
8318
8319 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
8320
8321 senderror:
8322 msg->sadb_msg_errno = error;
8323 return key_sendup_mbuf(so, m, target);
8324 }
8325
8326 static int
key_senderror(struct socket * so,struct mbuf * m,int code)8327 key_senderror(struct socket *so, struct mbuf *m, int code)
8328 {
8329 struct sadb_msg *msg;
8330
8331 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg),
8332 ("mbuf too small, len %u", m->m_len));
8333
8334 msg = mtod(m, struct sadb_msg *);
8335 msg->sadb_msg_errno = code;
8336 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
8337 }
8338
8339 /*
8340 * set the pointer to each header into message buffer.
8341 * m will be freed on error.
8342 * XXX larger-than-MCLBYTES extension?
8343 */
8344 static int
key_align(struct mbuf * m,struct sadb_msghdr * mhp)8345 key_align(struct mbuf *m, struct sadb_msghdr *mhp)
8346 {
8347 struct mbuf *n;
8348 struct sadb_ext *ext;
8349 size_t off, end;
8350 int extlen;
8351 int toff;
8352
8353 IPSEC_ASSERT(m != NULL, ("null mbuf"));
8354 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
8355 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg),
8356 ("mbuf too small, len %u", m->m_len));
8357
8358 /* initialize */
8359 bzero(mhp, sizeof(*mhp));
8360
8361 mhp->msg = mtod(m, struct sadb_msg *);
8362 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */
8363
8364 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
8365 extlen = end; /*just in case extlen is not updated*/
8366 for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
8367 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
8368 if (!n) {
8369 /* m is already freed */
8370 return ENOBUFS;
8371 }
8372 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
8373
8374 /* set pointer */
8375 switch (ext->sadb_ext_type) {
8376 case SADB_EXT_SA:
8377 case SADB_EXT_ADDRESS_SRC:
8378 case SADB_EXT_ADDRESS_DST:
8379 case SADB_EXT_ADDRESS_PROXY:
8380 case SADB_EXT_LIFETIME_CURRENT:
8381 case SADB_EXT_LIFETIME_HARD:
8382 case SADB_EXT_LIFETIME_SOFT:
8383 case SADB_EXT_KEY_AUTH:
8384 case SADB_EXT_KEY_ENCRYPT:
8385 case SADB_EXT_IDENTITY_SRC:
8386 case SADB_EXT_IDENTITY_DST:
8387 case SADB_EXT_SENSITIVITY:
8388 case SADB_EXT_PROPOSAL:
8389 case SADB_EXT_SUPPORTED_AUTH:
8390 case SADB_EXT_SUPPORTED_ENCRYPT:
8391 case SADB_EXT_SPIRANGE:
8392 case SADB_X_EXT_POLICY:
8393 case SADB_X_EXT_SA2:
8394 case SADB_X_EXT_NAT_T_TYPE:
8395 case SADB_X_EXT_NAT_T_SPORT:
8396 case SADB_X_EXT_NAT_T_DPORT:
8397 case SADB_X_EXT_NAT_T_OAI:
8398 case SADB_X_EXT_NAT_T_OAR:
8399 case SADB_X_EXT_NAT_T_FRAG:
8400 case SADB_X_EXT_SA_REPLAY:
8401 case SADB_X_EXT_NEW_ADDRESS_SRC:
8402 case SADB_X_EXT_NEW_ADDRESS_DST:
8403 #ifdef IPSEC_OFFLOAD
8404 case SADB_X_EXT_LFT_CUR_SW_OFFL:
8405 case SADB_X_EXT_LFT_CUR_HW_OFFL:
8406 case SADB_X_EXT_IF_HW_OFFL:
8407 #endif
8408 /* duplicate check */
8409 /*
8410 * XXX Are there duplication payloads of either
8411 * KEY_AUTH or KEY_ENCRYPT ?
8412 */
8413 if (mhp->ext[ext->sadb_ext_type] != NULL) {
8414 ipseclog((LOG_DEBUG, "%s: duplicate ext_type "
8415 "%u\n", __func__, ext->sadb_ext_type));
8416 m_freem(m);
8417 PFKEYSTAT_INC(out_dupext);
8418 return EINVAL;
8419 }
8420 break;
8421 default:
8422 ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n",
8423 __func__, ext->sadb_ext_type));
8424 m_freem(m);
8425 PFKEYSTAT_INC(out_invexttype);
8426 return EINVAL;
8427 }
8428
8429 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
8430
8431 if (key_validate_ext(ext, extlen)) {
8432 m_freem(m);
8433 PFKEYSTAT_INC(out_invlen);
8434 return EINVAL;
8435 }
8436
8437 n = m_pulldown(m, off, extlen, &toff);
8438 if (!n) {
8439 /* m is already freed */
8440 return ENOBUFS;
8441 }
8442 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
8443
8444 mhp->ext[ext->sadb_ext_type] = ext;
8445 mhp->extoff[ext->sadb_ext_type] = off;
8446 mhp->extlen[ext->sadb_ext_type] = extlen;
8447 }
8448
8449 if (off != end) {
8450 m_freem(m);
8451 PFKEYSTAT_INC(out_invlen);
8452 return EINVAL;
8453 }
8454
8455 return 0;
8456 }
8457
8458 static int
key_validate_ext(const struct sadb_ext * ext,int len)8459 key_validate_ext(const struct sadb_ext *ext, int len)
8460 {
8461 const struct sockaddr *sa;
8462 enum { NONE, ADDR } checktype = NONE;
8463 int baselen = 0;
8464 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
8465
8466 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
8467 return EINVAL;
8468
8469 /* if it does not match minimum/maximum length, bail */
8470 if (ext->sadb_ext_type >= nitems(minsize) ||
8471 ext->sadb_ext_type >= nitems(maxsize))
8472 return EINVAL;
8473 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
8474 return EINVAL;
8475 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
8476 return EINVAL;
8477
8478 /* more checks based on sadb_ext_type XXX need more */
8479 switch (ext->sadb_ext_type) {
8480 case SADB_EXT_ADDRESS_SRC:
8481 case SADB_EXT_ADDRESS_DST:
8482 case SADB_EXT_ADDRESS_PROXY:
8483 case SADB_X_EXT_NAT_T_OAI:
8484 case SADB_X_EXT_NAT_T_OAR:
8485 case SADB_X_EXT_NEW_ADDRESS_SRC:
8486 case SADB_X_EXT_NEW_ADDRESS_DST:
8487 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
8488 checktype = ADDR;
8489 break;
8490 case SADB_EXT_IDENTITY_SRC:
8491 case SADB_EXT_IDENTITY_DST:
8492 if (((const struct sadb_ident *)ext)->sadb_ident_type ==
8493 SADB_X_IDENTTYPE_ADDR) {
8494 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
8495 checktype = ADDR;
8496 } else
8497 checktype = NONE;
8498 break;
8499 default:
8500 checktype = NONE;
8501 break;
8502 }
8503
8504 switch (checktype) {
8505 case NONE:
8506 break;
8507 case ADDR:
8508 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen);
8509 if (len < baselen + sal)
8510 return EINVAL;
8511 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
8512 return EINVAL;
8513 break;
8514 }
8515
8516 return 0;
8517 }
8518
8519 void
spdcache_init(void)8520 spdcache_init(void)
8521 {
8522 int i;
8523
8524 TUNABLE_INT_FETCH("net.key.spdcache.maxentries",
8525 &V_key_spdcache_maxentries);
8526 TUNABLE_INT_FETCH("net.key.spdcache.threshold",
8527 &V_key_spdcache_threshold);
8528
8529 if (V_key_spdcache_maxentries) {
8530 V_key_spdcache_maxentries = MAX(V_key_spdcache_maxentries,
8531 SPDCACHE_MAX_ENTRIES_PER_HASH);
8532 V_spdcachehashtbl = hashinit(V_key_spdcache_maxentries /
8533 SPDCACHE_MAX_ENTRIES_PER_HASH,
8534 M_IPSEC_SPDCACHE, &V_spdcachehash_mask);
8535 V_key_spdcache_maxentries = (V_spdcachehash_mask + 1)
8536 * SPDCACHE_MAX_ENTRIES_PER_HASH;
8537
8538 V_spdcache_lock = malloc(sizeof(struct mtx) *
8539 (V_spdcachehash_mask + 1),
8540 M_IPSEC_SPDCACHE, M_WAITOK | M_ZERO);
8541
8542 for (i = 0; i < V_spdcachehash_mask + 1; ++i)
8543 SPDCACHE_LOCK_INIT(i);
8544 }
8545 }
8546
8547 struct spdcache_entry *
spdcache_entry_alloc(const struct secpolicyindex * spidx,struct secpolicy * sp)8548 spdcache_entry_alloc(const struct secpolicyindex *spidx, struct secpolicy *sp)
8549 {
8550 struct spdcache_entry *entry;
8551
8552 entry = malloc(sizeof(struct spdcache_entry), M_IPSEC_SPDCACHE,
8553 M_NOWAIT | M_ZERO);
8554 if (entry == NULL)
8555 return (NULL);
8556
8557 if (sp != NULL)
8558 SP_ADDREF(sp);
8559
8560 entry->spidx = *spidx;
8561 entry->sp = sp;
8562
8563 return (entry);
8564 }
8565
8566 void
spdcache_entry_free(struct spdcache_entry * entry)8567 spdcache_entry_free(struct spdcache_entry *entry)
8568 {
8569
8570 if (entry->sp != NULL)
8571 key_freesp(&entry->sp);
8572 free(entry, M_IPSEC_SPDCACHE);
8573 }
8574
8575 void
spdcache_clear(void)8576 spdcache_clear(void)
8577 {
8578 struct spdcache_entry *entry;
8579 int i;
8580
8581 for (i = 0; i < V_spdcachehash_mask + 1; ++i) {
8582 SPDCACHE_LOCK(i);
8583 while (!LIST_EMPTY(&V_spdcachehashtbl[i])) {
8584 entry = LIST_FIRST(&V_spdcachehashtbl[i]);
8585 LIST_REMOVE(entry, chain);
8586 spdcache_entry_free(entry);
8587 }
8588 SPDCACHE_UNLOCK(i);
8589 }
8590 }
8591
8592 #ifdef VIMAGE
8593 void
spdcache_destroy(void)8594 spdcache_destroy(void)
8595 {
8596 int i;
8597
8598 if (SPDCACHE_ENABLED()) {
8599 spdcache_clear();
8600 hashdestroy(V_spdcachehashtbl, M_IPSEC_SPDCACHE, V_spdcachehash_mask);
8601
8602 for (i = 0; i < V_spdcachehash_mask + 1; ++i)
8603 SPDCACHE_LOCK_DESTROY(i);
8604
8605 free(V_spdcache_lock, M_IPSEC_SPDCACHE);
8606 }
8607 }
8608 #endif
8609
8610 static void
key_vnet_init(void * arg __unused)8611 key_vnet_init(void *arg __unused)
8612 {
8613 int i;
8614
8615 for (i = 0; i < IPSEC_DIR_MAX; i++) {
8616 TAILQ_INIT(&V_sptree[i]);
8617 TAILQ_INIT(&V_sptree_ifnet[i]);
8618 }
8619
8620 TAILQ_INIT(&V_sahtree);
8621 V_sphashtbl = hashinit(SPHASH_NHASH, M_IPSEC_SP, &V_sphash_mask);
8622 V_savhashtbl = hashinit(SAVHASH_NHASH, M_IPSEC_SA, &V_savhash_mask);
8623 V_sahaddrhashtbl = hashinit(SAHHASH_NHASH, M_IPSEC_SAH,
8624 &V_sahaddrhash_mask);
8625 V_acqaddrhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ,
8626 &V_acqaddrhash_mask);
8627 V_acqseqhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ,
8628 &V_acqseqhash_mask);
8629
8630 spdcache_init();
8631
8632 for (i = 0; i <= SADB_SATYPE_MAX; i++)
8633 LIST_INIT(&V_regtree[i]);
8634
8635 LIST_INIT(&V_acqtree);
8636 LIST_INIT(&V_spacqtree);
8637 }
8638 VNET_SYSINIT(key_vnet_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_SECOND,
8639 key_vnet_init, NULL);
8640
8641 static void
key_init(void * arg __unused)8642 key_init(void *arg __unused)
8643 {
8644
8645 ipsec_key_lft_zone = uma_zcreate("IPsec SA lft_c",
8646 sizeof(uint64_t) * 2, NULL, NULL, NULL, NULL,
8647 UMA_ALIGN_PTR, UMA_ZONE_PCPU);
8648
8649 SPTREE_LOCK_INIT();
8650 REGTREE_LOCK_INIT();
8651 SAHTREE_LOCK_INIT();
8652 ACQ_LOCK_INIT();
8653 SPACQ_LOCK_INIT();
8654 SPI_ALLOC_LOCK_INIT();
8655
8656 #ifndef IPSEC_DEBUG2
8657 callout_init(&key_timer, 1);
8658 callout_reset(&key_timer, hz, key_timehandler, NULL);
8659 #endif /*IPSEC_DEBUG2*/
8660
8661 /* initialize key statistics */
8662 keystat.getspi_count = 1;
8663
8664 if (bootverbose)
8665 printf("IPsec: Initialized Security Association Processing.\n");
8666 }
8667 SYSINIT(key_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, key_init, NULL);
8668
8669 #ifdef VIMAGE
8670 static void
key_vnet_destroy(void * arg __unused)8671 key_vnet_destroy(void *arg __unused)
8672 {
8673 struct secashead_queue sahdrainq;
8674 struct secpolicy_queue drainq;
8675 struct secpolicy *sp, *nextsp;
8676 struct secacq *acq, *nextacq;
8677 struct secspacq *spacq, *nextspacq;
8678 struct secashead *sah;
8679 struct secasvar *sav;
8680 struct secreg *reg;
8681 int i;
8682
8683 /*
8684 * XXX: can we just call free() for each object without
8685 * walking through safe way with releasing references?
8686 */
8687 TAILQ_INIT(&drainq);
8688 SPTREE_WLOCK();
8689 for (i = 0; i < IPSEC_DIR_MAX; i++) {
8690 TAILQ_CONCAT(&drainq, &V_sptree[i], chain);
8691 TAILQ_CONCAT(&drainq, &V_sptree_ifnet[i], chain);
8692 }
8693 for (i = 0; i < V_sphash_mask + 1; i++)
8694 LIST_INIT(&V_sphashtbl[i]);
8695 SPTREE_WUNLOCK();
8696 spdcache_destroy();
8697
8698 sp = TAILQ_FIRST(&drainq);
8699 while (sp != NULL) {
8700 nextsp = TAILQ_NEXT(sp, chain);
8701 key_freesp(&sp);
8702 sp = nextsp;
8703 }
8704
8705 TAILQ_INIT(&sahdrainq);
8706 SAHTREE_WLOCK();
8707 TAILQ_CONCAT(&sahdrainq, &V_sahtree, chain);
8708 for (i = 0; i < V_savhash_mask + 1; i++)
8709 LIST_INIT(&V_savhashtbl[i]);
8710 for (i = 0; i < V_sahaddrhash_mask + 1; i++)
8711 LIST_INIT(&V_sahaddrhashtbl[i]);
8712 TAILQ_FOREACH(sah, &sahdrainq, chain) {
8713 sah->state = SADB_SASTATE_DEAD;
8714 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
8715 sav->state = SADB_SASTATE_DEAD;
8716 ipsec_accel_forget_sav(sav);
8717 }
8718 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
8719 sav->state = SADB_SASTATE_DEAD;
8720 ipsec_accel_forget_sav(sav);
8721 }
8722 }
8723 SAHTREE_WUNLOCK();
8724
8725 /* Wait for async work referencing this VNET to finish. */
8726 ipsec_accel_sync();
8727
8728 key_freesah_flushed(&sahdrainq);
8729 hashdestroy(V_sphashtbl, M_IPSEC_SP, V_sphash_mask);
8730 hashdestroy(V_savhashtbl, M_IPSEC_SA, V_savhash_mask);
8731 hashdestroy(V_sahaddrhashtbl, M_IPSEC_SAH, V_sahaddrhash_mask);
8732
8733 REGTREE_LOCK();
8734 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
8735 LIST_FOREACH(reg, &V_regtree[i], chain) {
8736 if (__LIST_CHAINED(reg)) {
8737 LIST_REMOVE(reg, chain);
8738 free(reg, M_IPSEC_SAR);
8739 break;
8740 }
8741 }
8742 }
8743 REGTREE_UNLOCK();
8744
8745 ACQ_LOCK();
8746 acq = LIST_FIRST(&V_acqtree);
8747 while (acq != NULL) {
8748 nextacq = LIST_NEXT(acq, chain);
8749 LIST_REMOVE(acq, chain);
8750 free(acq, M_IPSEC_SAQ);
8751 acq = nextacq;
8752 }
8753 for (i = 0; i < V_acqaddrhash_mask + 1; i++)
8754 LIST_INIT(&V_acqaddrhashtbl[i]);
8755 for (i = 0; i < V_acqseqhash_mask + 1; i++)
8756 LIST_INIT(&V_acqseqhashtbl[i]);
8757 ACQ_UNLOCK();
8758
8759 SPACQ_LOCK();
8760 for (spacq = LIST_FIRST(&V_spacqtree); spacq != NULL;
8761 spacq = nextspacq) {
8762 nextspacq = LIST_NEXT(spacq, chain);
8763 if (__LIST_CHAINED(spacq)) {
8764 LIST_REMOVE(spacq, chain);
8765 free(spacq, M_IPSEC_SAQ);
8766 }
8767 }
8768 SPACQ_UNLOCK();
8769 hashdestroy(V_acqaddrhashtbl, M_IPSEC_SAQ, V_acqaddrhash_mask);
8770 hashdestroy(V_acqseqhashtbl, M_IPSEC_SAQ, V_acqseqhash_mask);
8771 }
8772 VNET_SYSUNINIT(key_vnet_destroy, SI_SUB_PROTO_DOMAIN, SI_ORDER_SECOND,
8773 key_vnet_destroy, NULL);
8774 #endif
8775
8776 /*
8777 * XXX: as long as domains are not unloadable, this function is never called,
8778 * provided for consistensy and future unload support.
8779 */
8780 static void
key_destroy(void * arg __unused)8781 key_destroy(void *arg __unused)
8782 {
8783 uma_zdestroy(ipsec_key_lft_zone);
8784
8785 #ifndef IPSEC_DEBUG2
8786 callout_drain(&key_timer);
8787 #endif
8788 SPTREE_LOCK_DESTROY();
8789 REGTREE_LOCK_DESTROY();
8790 SAHTREE_LOCK_DESTROY();
8791 ACQ_LOCK_DESTROY();
8792 SPACQ_LOCK_DESTROY();
8793 SPI_ALLOC_LOCK_DESTROY();
8794 }
8795 SYSUNINIT(key_destroy, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, key_destroy, NULL);
8796
8797 /* record data transfer on SA, and update timestamps */
8798 void
key_sa_recordxfer(struct secasvar * sav,struct mbuf * m)8799 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m)
8800 {
8801 IPSEC_ASSERT(sav != NULL, ("Null secasvar"));
8802 IPSEC_ASSERT(m != NULL, ("Null mbuf"));
8803
8804 /*
8805 * XXX Currently, there is a difference of bytes size
8806 * between inbound and outbound processing.
8807 */
8808 counter_u64_add(sav->lft_c_bytes, m->m_pkthdr.len);
8809
8810 /*
8811 * We use the number of packets as the unit of
8812 * allocations. We increment the variable
8813 * whenever {esp,ah}_{in,out}put is called.
8814 */
8815 counter_u64_add(sav->lft_c_allocations, 1);
8816
8817 /*
8818 * NOTE: We record CURRENT usetime by using wall clock,
8819 * in seconds. HARD and SOFT lifetime are measured by the time
8820 * difference (again in seconds) from usetime.
8821 *
8822 * usetime
8823 * v expire expire
8824 * -----+-----+--------+---> t
8825 * <--------------> HARD
8826 * <-----> SOFT
8827 */
8828 if (sav->firstused == 0)
8829 sav->firstused = time_second;
8830 }
8831
8832 /*
8833 * Take one of the kernel's security keys and convert it into a PF_KEY
8834 * structure within an mbuf, suitable for sending up to a waiting
8835 * application in user land.
8836 *
8837 * IN:
8838 * src: A pointer to a kernel security key.
8839 * exttype: Which type of key this is. Refer to the PF_KEY data structures.
8840 * OUT:
8841 * a valid mbuf or NULL indicating an error
8842 *
8843 */
8844
8845 static struct mbuf *
key_setkey(struct seckey * src,uint16_t exttype)8846 key_setkey(struct seckey *src, uint16_t exttype)
8847 {
8848 struct mbuf *m;
8849 struct sadb_key *p;
8850 int len;
8851
8852 if (src == NULL)
8853 return NULL;
8854
8855 len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src));
8856 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
8857 if (m == NULL)
8858 return NULL;
8859 m_align(m, len);
8860 m->m_len = len;
8861 p = mtod(m, struct sadb_key *);
8862 bzero(p, len);
8863 p->sadb_key_len = PFKEY_UNIT64(len);
8864 p->sadb_key_exttype = exttype;
8865 p->sadb_key_bits = src->bits;
8866 bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src));
8867
8868 return m;
8869 }
8870
8871 #ifdef IPSEC_OFFLOAD
8872 struct mbuf *
key_setaccelif(const char * ifname)8873 key_setaccelif(const char *ifname)
8874 {
8875 struct mbuf *m = NULL;
8876 struct sadb_x_if_hw_offl *p;
8877 int len = PFKEY_ALIGN8(sizeof(*p));
8878
8879 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
8880 if (m == NULL)
8881 return (m);
8882 m_align(m, len);
8883 m->m_len = len;
8884 p = mtod(m, struct sadb_x_if_hw_offl *);
8885
8886 bzero(p, len);
8887 p->sadb_x_if_hw_offl_len = PFKEY_UNIT64(len);
8888 p->sadb_x_if_hw_offl_exttype = SADB_X_EXT_IF_HW_OFFL;
8889 p->sadb_x_if_hw_offl_flags = 0;
8890 strncpy(p->sadb_x_if_hw_offl_if, ifname,
8891 sizeof(p->sadb_x_if_hw_offl_if));
8892
8893 return (m);
8894 }
8895 #endif
8896
8897 /*
8898 * Take one of the kernel's lifetime data structures and convert it
8899 * into a PF_KEY structure within an mbuf, suitable for sending up to
8900 * a waiting application in user land.
8901 *
8902 * IN:
8903 * src: A pointer to a kernel lifetime structure.
8904 * exttype: Which type of lifetime this is. Refer to the PF_KEY
8905 * data structures for more information.
8906 * OUT:
8907 * a valid mbuf or NULL indicating an error
8908 *
8909 */
8910
8911 static struct mbuf *
key_setlifetime(struct seclifetime * src,uint16_t exttype)8912 key_setlifetime(struct seclifetime *src, uint16_t exttype)
8913 {
8914 struct mbuf *m = NULL;
8915 struct sadb_lifetime *p;
8916 int len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime));
8917
8918 if (src == NULL)
8919 return NULL;
8920
8921 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
8922 if (m == NULL)
8923 return m;
8924 m_align(m, len);
8925 m->m_len = len;
8926 p = mtod(m, struct sadb_lifetime *);
8927
8928 bzero(p, len);
8929 p->sadb_lifetime_len = PFKEY_UNIT64(len);
8930 p->sadb_lifetime_exttype = exttype;
8931 p->sadb_lifetime_allocations = src->allocations;
8932 p->sadb_lifetime_bytes = src->bytes;
8933 p->sadb_lifetime_addtime = src->addtime;
8934 p->sadb_lifetime_usetime = src->usetime;
8935
8936 return m;
8937
8938 }
8939
8940 const struct enc_xform *
enc_algorithm_lookup(int alg)8941 enc_algorithm_lookup(int alg)
8942 {
8943 int i;
8944
8945 for (i = 0; i < nitems(supported_ealgs); i++)
8946 if (alg == supported_ealgs[i].sadb_alg)
8947 return (supported_ealgs[i].xform);
8948 return (NULL);
8949 }
8950
8951 const struct auth_hash *
auth_algorithm_lookup(int alg)8952 auth_algorithm_lookup(int alg)
8953 {
8954 int i;
8955
8956 for (i = 0; i < nitems(supported_aalgs); i++)
8957 if (alg == supported_aalgs[i].sadb_alg)
8958 return (supported_aalgs[i].xform);
8959 return (NULL);
8960 }
8961
8962 const struct comp_algo *
comp_algorithm_lookup(int alg)8963 comp_algorithm_lookup(int alg)
8964 {
8965 int i;
8966
8967 for (i = 0; i < nitems(supported_calgs); i++)
8968 if (alg == supported_calgs[i].sadb_alg)
8969 return (supported_calgs[i].xform);
8970 return (NULL);
8971 }
8972
8973 void
ipsec_sahtree_runlock(struct rm_priotracker * sahtree_trackerp)8974 ipsec_sahtree_runlock(struct rm_priotracker *sahtree_trackerp)
8975 {
8976 rm_runlock(&sahtree_lock, sahtree_trackerp);
8977 }
8978
8979 void
ipsec_sahtree_rlock(struct rm_priotracker * sahtree_trackerp)8980 ipsec_sahtree_rlock(struct rm_priotracker *sahtree_trackerp)
8981 {
8982 rm_rlock(&sahtree_lock, sahtree_trackerp);
8983 }
8984
8985 #ifdef IPSEC_OFFLOAD
8986 void
ipsec_accel_on_ifdown(struct ifnet * ifp)8987 ipsec_accel_on_ifdown(struct ifnet *ifp)
8988 {
8989 void (*p)(struct ifnet *ifp);
8990
8991 p = atomic_load_ptr(&ipsec_accel_on_ifdown_p);
8992 if (p != NULL)
8993 p(ifp);
8994 }
8995
8996 void
ipsec_accel_drv_sa_lifetime_update(struct secasvar * sav,if_t ifp,u_int drv_spi,uint64_t octets,uint64_t allocs)8997 ipsec_accel_drv_sa_lifetime_update(struct secasvar *sav, if_t ifp,
8998 u_int drv_spi, uint64_t octets, uint64_t allocs)
8999 {
9000 void (*p)(struct secasvar *sav, if_t ifp, u_int drv_spi,
9001 uint64_t octets, uint64_t allocs);
9002
9003 p = atomic_load_ptr(&ipsec_accel_drv_sa_lifetime_update_p);
9004 if (p != NULL)
9005 p(sav, ifp, drv_spi, octets, allocs);
9006 }
9007
9008 int
ipsec_accel_drv_sa_lifetime_fetch(struct secasvar * sav,if_t ifp,u_int drv_spi,uint64_t * octets,uint64_t * allocs)9009 ipsec_accel_drv_sa_lifetime_fetch(struct secasvar *sav,
9010 if_t ifp, u_int drv_spi, uint64_t *octets, uint64_t *allocs)
9011 {
9012 int (*p)(struct secasvar *sav, if_t ifp, u_int drv_spi,
9013 uint64_t *octets, uint64_t *allocs);
9014
9015 p = atomic_load_ptr(&ipsec_accel_drv_sa_lifetime_fetch_p);
9016 if (p == NULL)
9017 return (EOPNOTSUPP);
9018 return (p(sav, ifp, drv_spi, octets, allocs));
9019 }
9020 #endif
9021