1 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
2
3 /*-
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 /*
35 * This code is referd to RFC 2367
36 */
37
38 #include "opt_inet.h"
39 #include "opt_inet6.h"
40 #include "opt_ipsec.h"
41
42 #include <sys/types.h>
43 #include <sys/param.h>
44 #include <sys/systm.h>
45 #include <sys/kernel.h>
46 #include <sys/fnv_hash.h>
47 #include <sys/lock.h>
48 #include <sys/mutex.h>
49 #include <sys/mbuf.h>
50 #include <sys/domain.h>
51 #include <sys/protosw.h>
52 #include <sys/malloc.h>
53 #include <sys/rmlock.h>
54 #include <sys/socket.h>
55 #include <sys/socketvar.h>
56 #include <sys/sysctl.h>
57 #include <sys/errno.h>
58 #include <sys/proc.h>
59 #include <sys/queue.h>
60 #include <sys/refcount.h>
61 #include <sys/syslog.h>
62
63 #include <vm/uma.h>
64
65 #include <net/if.h>
66 #include <net/if_var.h>
67 #include <net/vnet.h>
68
69 #include <netinet/in.h>
70 #include <netinet/in_systm.h>
71 #include <netinet/ip.h>
72 #include <netinet/in_var.h>
73 #include <netinet/udp.h>
74
75 #ifdef INET6
76 #include <netinet/ip6.h>
77 #include <netinet6/in6_var.h>
78 #include <netinet6/ip6_var.h>
79 #endif /* INET6 */
80
81 #include <net/pfkeyv2.h>
82 #include <netipsec/keydb.h>
83 #include <netipsec/key.h>
84 #include <netipsec/keysock.h>
85 #include <netipsec/key_debug.h>
86 #include <netipsec/ipsec_offload.h>
87
88 #include <netipsec/ipsec.h>
89 #ifdef INET6
90 #include <netipsec/ipsec6.h>
91 #endif
92
93 #include <netipsec/xform.h>
94 #include <netipsec/ipsec_offload.h>
95 #include <machine/in_cksum.h>
96 #include <machine/stdarg.h>
97
98 /* randomness */
99 #include <sys/random.h>
100
101 #ifdef IPSEC_OFFLOAD
102 void (*ipsec_accel_sa_newkey_p)(struct secasvar *sav);
103 void (*ipsec_accel_forget_sav_p)(struct secasvar *sav);
104 void (*ipsec_accel_spdadd_p)(struct secpolicy *sp, struct inpcb *inp);
105 void (*ipsec_accel_spddel_p)(struct secpolicy *sp);
106 int (*ipsec_accel_sa_lifetime_op_p)(struct secasvar *sav,
107 struct seclifetime *lft_c, if_t ifp, enum IF_SA_CNT_WHICH op,
108 struct rm_priotracker *sahtree_trackerp);
109 void (*ipsec_accel_sync_p)(void);
110 bool (*ipsec_accel_is_accel_sav_p)(struct secasvar *sav);
111 struct mbuf *(*ipsec_accel_key_setaccelif_p)(struct secasvar *sav);
112 void (*ipsec_accel_on_ifdown_p)(struct ifnet *ifp);
113 void (*ipsec_accel_drv_sa_lifetime_update_p)(struct secasvar *sav, if_t ifp,
114 u_int drv_spi, uint64_t octets, uint64_t allocs);
115 int (*ipsec_accel_drv_sa_lifetime_fetch_p)(struct secasvar *sav, if_t ifp,
116 u_int drv_spi, uint64_t *octets, uint64_t *allocs);
117 #endif
118
119 #define FULLMASK 0xff
120 #define _BITS(bytes) ((bytes) << 3)
121
122 #define UINT32_80PCT 0xcccccccc
123 /*
124 * Note on SA reference counting:
125 * - SAs that are not in DEAD state will have (total external reference + 1)
126 * following value in reference count field. they cannot be freed and are
127 * referenced from SA header.
128 * - SAs that are in DEAD state will have (total external reference)
129 * in reference count field. they are ready to be freed. reference from
130 * SA header will be removed in key_delsav(), when the reference count
131 * field hits 0 (= no external reference other than from SA header.
132 */
133
134 VNET_DEFINE(u_int32_t, key_debug_level) = 0;
135 VNET_DEFINE_STATIC(u_int, key_spi_trycnt) = 1000;
136 VNET_DEFINE_STATIC(u_int32_t, key_spi_minval) = 0x100;
137 VNET_DEFINE_STATIC(u_int32_t, key_spi_maxval) = 0x0fffffff; /* XXX */
138 VNET_DEFINE_STATIC(u_int32_t, policy_id) = 0;
139 /*interval to initialize randseed,1(m)*/
140 VNET_DEFINE_STATIC(u_int, key_int_random) = 60;
141 /* interval to expire acquiring, 30(s)*/
142 VNET_DEFINE_STATIC(u_int, key_larval_lifetime) = 30;
143 /* counter for blocking SADB_ACQUIRE.*/
144 VNET_DEFINE_STATIC(int, key_blockacq_count) = 10;
145 /* lifetime for blocking SADB_ACQUIRE.*/
146 VNET_DEFINE_STATIC(int, key_blockacq_lifetime) = 20;
147 /* preferred old sa rather than new sa.*/
148 VNET_DEFINE_STATIC(int, key_preferred_oldsa) = 1;
149 #define V_key_spi_trycnt VNET(key_spi_trycnt)
150 #define V_key_spi_minval VNET(key_spi_minval)
151 #define V_key_spi_maxval VNET(key_spi_maxval)
152 #define V_policy_id VNET(policy_id)
153 #define V_key_int_random VNET(key_int_random)
154 #define V_key_larval_lifetime VNET(key_larval_lifetime)
155 #define V_key_blockacq_count VNET(key_blockacq_count)
156 #define V_key_blockacq_lifetime VNET(key_blockacq_lifetime)
157 #define V_key_preferred_oldsa VNET(key_preferred_oldsa)
158
159 VNET_DEFINE_STATIC(u_int32_t, acq_seq) = 0;
160 #define V_acq_seq VNET(acq_seq)
161
162 VNET_DEFINE_STATIC(uint32_t, sp_genid) = 0;
163 #define V_sp_genid VNET(sp_genid)
164
165 /* SPD */
166 TAILQ_HEAD(secpolicy_queue, secpolicy);
167 LIST_HEAD(secpolicy_list, secpolicy);
168 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree[IPSEC_DIR_MAX]);
169 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree_ifnet[IPSEC_DIR_MAX]);
170 static struct rmlock sptree_lock;
171 #define V_sptree VNET(sptree)
172 #define V_sptree_ifnet VNET(sptree_ifnet)
173 #define SPTREE_LOCK_INIT() rm_init(&sptree_lock, "sptree")
174 #define SPTREE_LOCK_DESTROY() rm_destroy(&sptree_lock)
175 #define SPTREE_RLOCK_TRACKER struct rm_priotracker sptree_tracker
176 #define SPTREE_RLOCK() rm_rlock(&sptree_lock, &sptree_tracker)
177 #define SPTREE_RUNLOCK() rm_runlock(&sptree_lock, &sptree_tracker)
178 #define SPTREE_RLOCK_ASSERT() rm_assert(&sptree_lock, RA_RLOCKED)
179 #define SPTREE_WLOCK() rm_wlock(&sptree_lock)
180 #define SPTREE_WUNLOCK() rm_wunlock(&sptree_lock)
181 #define SPTREE_WLOCK_ASSERT() rm_assert(&sptree_lock, RA_WLOCKED)
182 #define SPTREE_UNLOCK_ASSERT() rm_assert(&sptree_lock, RA_UNLOCKED)
183
184 /* Hash table for lookup SP using unique id */
185 VNET_DEFINE_STATIC(struct secpolicy_list *, sphashtbl);
186 VNET_DEFINE_STATIC(u_long, sphash_mask);
187 #define V_sphashtbl VNET(sphashtbl)
188 #define V_sphash_mask VNET(sphash_mask)
189
190 #define SPHASH_NHASH_LOG2 7
191 #define SPHASH_NHASH (1 << SPHASH_NHASH_LOG2)
192 #define SPHASH_HASHVAL(id) (key_u32hash(id) & V_sphash_mask)
193 #define SPHASH_HASH(id) &V_sphashtbl[SPHASH_HASHVAL(id)]
194
195 /* SPD cache */
196 struct spdcache_entry {
197 struct secpolicyindex spidx; /* secpolicyindex */
198 struct secpolicy *sp; /* cached policy to be used */
199
200 LIST_ENTRY(spdcache_entry) chain;
201 };
202 LIST_HEAD(spdcache_entry_list, spdcache_entry);
203
204 #define SPDCACHE_MAX_ENTRIES_PER_HASH 8
205
206 VNET_DEFINE_STATIC(u_int, key_spdcache_maxentries) = 0;
207 #define V_key_spdcache_maxentries VNET(key_spdcache_maxentries)
208 VNET_DEFINE_STATIC(u_int, key_spdcache_threshold) = 32;
209 #define V_key_spdcache_threshold VNET(key_spdcache_threshold)
210 VNET_DEFINE_STATIC(unsigned long, spd_size) = 0;
211 #define V_spd_size VNET(spd_size)
212
213 #define SPDCACHE_ENABLED() (V_key_spdcache_maxentries != 0)
214 #define SPDCACHE_ACTIVE() \
215 (SPDCACHE_ENABLED() && V_spd_size >= V_key_spdcache_threshold)
216
217 VNET_DEFINE_STATIC(struct spdcache_entry_list *, spdcachehashtbl);
218 VNET_DEFINE_STATIC(u_long, spdcachehash_mask);
219 #define V_spdcachehashtbl VNET(spdcachehashtbl)
220 #define V_spdcachehash_mask VNET(spdcachehash_mask)
221
222 #define SPDCACHE_HASHVAL(idx) \
223 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->ul_proto) & \
224 V_spdcachehash_mask)
225
226 /* Each cache line is protected by a mutex */
227 VNET_DEFINE_STATIC(struct mtx *, spdcache_lock);
228 #define V_spdcache_lock VNET(spdcache_lock)
229
230 #define SPDCACHE_LOCK_INIT(a) \
231 mtx_init(&V_spdcache_lock[a], "spdcache", \
232 "fast ipsec SPD cache", MTX_DEF|MTX_DUPOK)
233 #define SPDCACHE_LOCK_DESTROY(a) mtx_destroy(&V_spdcache_lock[a])
234 #define SPDCACHE_LOCK(a) mtx_lock(&V_spdcache_lock[a]);
235 #define SPDCACHE_UNLOCK(a) mtx_unlock(&V_spdcache_lock[a]);
236
237 static struct sx spi_alloc_lock;
238 #define SPI_ALLOC_LOCK_INIT() sx_init(&spi_alloc_lock, "spialloc")
239 #define SPI_ALLOC_LOCK_DESTROY() sx_destroy(&spi_alloc_lock)
240 #define SPI_ALLOC_LOCK() sx_xlock(&spi_alloc_lock)
241 #define SPI_ALLOC_UNLOCK() sx_unlock(&spi_alloc_lock)
242 #define SPI_ALLOC_LOCK_ASSERT() sx_assert(&spi_alloc_lock, SA_XLOCKED)
243
244 /* SAD */
245 TAILQ_HEAD(secashead_queue, secashead);
246 LIST_HEAD(secashead_list, secashead);
247 VNET_DEFINE_STATIC(struct secashead_queue, sahtree);
248 static struct rmlock sahtree_lock;
249 #define V_sahtree VNET(sahtree)
250 #define SAHTREE_LOCK_INIT() rm_init(&sahtree_lock, "sahtree")
251 #define SAHTREE_LOCK_DESTROY() rm_destroy(&sahtree_lock)
252 #define SAHTREE_RLOCK_TRACKER struct rm_priotracker sahtree_tracker
253 #define SAHTREE_RLOCK() rm_rlock(&sahtree_lock, &sahtree_tracker)
254 #define SAHTREE_RUNLOCK() rm_runlock(&sahtree_lock, &sahtree_tracker)
255 #define SAHTREE_RLOCK_ASSERT() rm_assert(&sahtree_lock, RA_RLOCKED)
256 #define SAHTREE_WLOCK() rm_wlock(&sahtree_lock)
257 #define SAHTREE_WUNLOCK() rm_wunlock(&sahtree_lock)
258 #define SAHTREE_WLOCK_ASSERT() rm_assert(&sahtree_lock, RA_WLOCKED)
259 #define SAHTREE_UNLOCK_ASSERT() rm_assert(&sahtree_lock, RA_UNLOCKED)
260
261 /* Hash table for lookup in SAD using SA addresses */
262 VNET_DEFINE_STATIC(struct secashead_list *, sahaddrhashtbl);
263 VNET_DEFINE_STATIC(u_long, sahaddrhash_mask);
264 #define V_sahaddrhashtbl VNET(sahaddrhashtbl)
265 #define V_sahaddrhash_mask VNET(sahaddrhash_mask)
266
267 #define SAHHASH_NHASH_LOG2 7
268 #define SAHHASH_NHASH (1 << SAHHASH_NHASH_LOG2)
269 #define SAHADDRHASH_HASHVAL(idx) \
270 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \
271 V_sahaddrhash_mask)
272 #define SAHADDRHASH_HASH(saidx) \
273 &V_sahaddrhashtbl[SAHADDRHASH_HASHVAL(saidx)]
274
275 /* Hash table for lookup in SAD using SPI */
276 LIST_HEAD(secasvar_list, secasvar);
277 VNET_DEFINE_STATIC(struct secasvar_list *, savhashtbl);
278 VNET_DEFINE_STATIC(u_long, savhash_mask);
279 #define V_savhashtbl VNET(savhashtbl)
280 #define V_savhash_mask VNET(savhash_mask)
281 #define SAVHASH_NHASH_LOG2 7
282 #define SAVHASH_NHASH (1 << SAVHASH_NHASH_LOG2)
283 #define SAVHASH_HASHVAL(spi) (key_u32hash(spi) & V_savhash_mask)
284 #define SAVHASH_HASH(spi) &V_savhashtbl[SAVHASH_HASHVAL(spi)]
285
286 static uint32_t
key_addrprotohash(const union sockaddr_union * src,const union sockaddr_union * dst,const uint8_t * proto)287 key_addrprotohash(const union sockaddr_union *src,
288 const union sockaddr_union *dst, const uint8_t *proto)
289 {
290 uint32_t hval;
291
292 hval = fnv_32_buf(proto, sizeof(*proto),
293 FNV1_32_INIT);
294 switch (dst->sa.sa_family) {
295 #ifdef INET
296 case AF_INET:
297 hval = fnv_32_buf(&src->sin.sin_addr,
298 sizeof(in_addr_t), hval);
299 hval = fnv_32_buf(&dst->sin.sin_addr,
300 sizeof(in_addr_t), hval);
301 break;
302 #endif
303 #ifdef INET6
304 case AF_INET6:
305 hval = fnv_32_buf(&src->sin6.sin6_addr,
306 sizeof(struct in6_addr), hval);
307 hval = fnv_32_buf(&dst->sin6.sin6_addr,
308 sizeof(struct in6_addr), hval);
309 break;
310 #endif
311 default:
312 hval = 0;
313 ipseclog((LOG_DEBUG, "%s: unknown address family %d\n",
314 __func__, dst->sa.sa_family));
315 }
316 return (hval);
317 }
318
319 static uint32_t
key_u32hash(uint32_t val)320 key_u32hash(uint32_t val)
321 {
322
323 return (fnv_32_buf(&val, sizeof(val), FNV1_32_INIT));
324 }
325
326 /* registed list */
327 VNET_DEFINE_STATIC(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]);
328 #define V_regtree VNET(regtree)
329 static struct mtx regtree_lock;
330 #define REGTREE_LOCK_INIT() \
331 mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF)
332 #define REGTREE_LOCK_DESTROY() mtx_destroy(®tree_lock)
333 #define REGTREE_LOCK() mtx_lock(®tree_lock)
334 #define REGTREE_UNLOCK() mtx_unlock(®tree_lock)
335 #define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED)
336
337 /* Acquiring list */
338 LIST_HEAD(secacq_list, secacq);
339 VNET_DEFINE_STATIC(struct secacq_list, acqtree);
340 #define V_acqtree VNET(acqtree)
341 static struct mtx acq_lock;
342 #define ACQ_LOCK_INIT() \
343 mtx_init(&acq_lock, "acqtree", "ipsec SA acquiring list", MTX_DEF)
344 #define ACQ_LOCK_DESTROY() mtx_destroy(&acq_lock)
345 #define ACQ_LOCK() mtx_lock(&acq_lock)
346 #define ACQ_UNLOCK() mtx_unlock(&acq_lock)
347 #define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED)
348
349 /* Hash table for lookup in ACQ list using SA addresses */
350 VNET_DEFINE_STATIC(struct secacq_list *, acqaddrhashtbl);
351 VNET_DEFINE_STATIC(u_long, acqaddrhash_mask);
352 #define V_acqaddrhashtbl VNET(acqaddrhashtbl)
353 #define V_acqaddrhash_mask VNET(acqaddrhash_mask)
354
355 /* Hash table for lookup in ACQ list using SEQ number */
356 VNET_DEFINE_STATIC(struct secacq_list *, acqseqhashtbl);
357 VNET_DEFINE_STATIC(u_long, acqseqhash_mask);
358 #define V_acqseqhashtbl VNET(acqseqhashtbl)
359 #define V_acqseqhash_mask VNET(acqseqhash_mask)
360
361 #define ACQHASH_NHASH_LOG2 7
362 #define ACQHASH_NHASH (1 << ACQHASH_NHASH_LOG2)
363 #define ACQADDRHASH_HASHVAL(idx) \
364 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \
365 V_acqaddrhash_mask)
366 #define ACQSEQHASH_HASHVAL(seq) \
367 (key_u32hash(seq) & V_acqseqhash_mask)
368 #define ACQADDRHASH_HASH(saidx) \
369 &V_acqaddrhashtbl[ACQADDRHASH_HASHVAL(saidx)]
370 #define ACQSEQHASH_HASH(seq) \
371 &V_acqseqhashtbl[ACQSEQHASH_HASHVAL(seq)]
372 /* SP acquiring list */
373 VNET_DEFINE_STATIC(LIST_HEAD(_spacqtree, secspacq), spacqtree);
374 #define V_spacqtree VNET(spacqtree)
375 static struct mtx spacq_lock;
376 #define SPACQ_LOCK_INIT() \
377 mtx_init(&spacq_lock, "spacqtree", \
378 "fast ipsec security policy acquire list", MTX_DEF)
379 #define SPACQ_LOCK_DESTROY() mtx_destroy(&spacq_lock)
380 #define SPACQ_LOCK() mtx_lock(&spacq_lock)
381 #define SPACQ_UNLOCK() mtx_unlock(&spacq_lock)
382 #define SPACQ_LOCK_ASSERT() mtx_assert(&spacq_lock, MA_OWNED)
383
384 static const int minsize[] = {
385 [SADB_EXT_RESERVED] = sizeof(struct sadb_msg),
386 [SADB_EXT_SA] = sizeof(struct sadb_sa),
387 [SADB_EXT_LIFETIME_CURRENT] = sizeof(struct sadb_lifetime),
388 [SADB_EXT_LIFETIME_HARD] = sizeof(struct sadb_lifetime),
389 [SADB_EXT_LIFETIME_SOFT] = sizeof(struct sadb_lifetime),
390 [SADB_EXT_ADDRESS_SRC] = sizeof(struct sadb_address),
391 [SADB_EXT_ADDRESS_DST] = sizeof(struct sadb_address),
392 [SADB_EXT_ADDRESS_PROXY] = sizeof(struct sadb_address),
393 [SADB_EXT_KEY_AUTH] = sizeof(struct sadb_key),
394 [SADB_EXT_KEY_ENCRYPT] = sizeof(struct sadb_key),
395 [SADB_EXT_IDENTITY_SRC] = sizeof(struct sadb_ident),
396 [SADB_EXT_IDENTITY_DST] = sizeof(struct sadb_ident),
397 [SADB_EXT_SENSITIVITY] = sizeof(struct sadb_sens),
398 [SADB_EXT_PROPOSAL] = sizeof(struct sadb_prop),
399 [SADB_EXT_SUPPORTED_AUTH] = sizeof(struct sadb_supported),
400 [SADB_EXT_SUPPORTED_ENCRYPT] = sizeof(struct sadb_supported),
401 [SADB_EXT_SPIRANGE] = sizeof(struct sadb_spirange),
402 [SADB_X_EXT_KMPRIVATE] = 0,
403 [SADB_X_EXT_POLICY] = sizeof(struct sadb_x_policy),
404 [SADB_X_EXT_SA2] = sizeof(struct sadb_x_sa2),
405 [SADB_X_EXT_NAT_T_TYPE] = sizeof(struct sadb_x_nat_t_type),
406 [SADB_X_EXT_NAT_T_SPORT] = sizeof(struct sadb_x_nat_t_port),
407 [SADB_X_EXT_NAT_T_DPORT] = sizeof(struct sadb_x_nat_t_port),
408 [SADB_X_EXT_NAT_T_OAI] = sizeof(struct sadb_address),
409 [SADB_X_EXT_NAT_T_OAR] = sizeof(struct sadb_address),
410 [SADB_X_EXT_NAT_T_FRAG] = sizeof(struct sadb_x_nat_t_frag),
411 [SADB_X_EXT_SA_REPLAY] = sizeof(struct sadb_x_sa_replay),
412 [SADB_X_EXT_NEW_ADDRESS_SRC] = sizeof(struct sadb_address),
413 [SADB_X_EXT_NEW_ADDRESS_DST] = sizeof(struct sadb_address),
414 [SADB_X_EXT_LFT_CUR_SW_OFFL] = sizeof(struct sadb_lifetime),
415 [SADB_X_EXT_LFT_CUR_HW_OFFL] = sizeof(struct sadb_lifetime),
416 [SADB_X_EXT_IF_HW_OFFL] = sizeof(struct sadb_x_if_hw_offl),
417 };
418 _Static_assert(nitems(minsize) == SADB_EXT_MAX + 1, "minsize size mismatch");
419
420 static const int maxsize[] = {
421 [SADB_EXT_RESERVED] = sizeof(struct sadb_msg),
422 [SADB_EXT_SA] = sizeof(struct sadb_sa),
423 [SADB_EXT_LIFETIME_CURRENT] = sizeof(struct sadb_lifetime),
424 [SADB_EXT_LIFETIME_HARD] = sizeof(struct sadb_lifetime),
425 [SADB_EXT_LIFETIME_SOFT] = sizeof(struct sadb_lifetime),
426 [SADB_EXT_ADDRESS_SRC] = 0,
427 [SADB_EXT_ADDRESS_DST] = 0,
428 [SADB_EXT_ADDRESS_PROXY] = 0,
429 [SADB_EXT_KEY_AUTH] = 0,
430 [SADB_EXT_KEY_ENCRYPT] = 0,
431 [SADB_EXT_IDENTITY_SRC] = 0,
432 [SADB_EXT_IDENTITY_DST] = 0,
433 [SADB_EXT_SENSITIVITY] = 0,
434 [SADB_EXT_PROPOSAL] = 0,
435 [SADB_EXT_SUPPORTED_AUTH] = 0,
436 [SADB_EXT_SUPPORTED_ENCRYPT] = 0,
437 [SADB_EXT_SPIRANGE] = sizeof(struct sadb_spirange),
438 [SADB_X_EXT_KMPRIVATE] = 0,
439 [SADB_X_EXT_POLICY] = 0,
440 [SADB_X_EXT_SA2] = sizeof(struct sadb_x_sa2),
441 [SADB_X_EXT_NAT_T_TYPE] = sizeof(struct sadb_x_nat_t_type),
442 [SADB_X_EXT_NAT_T_SPORT] = sizeof(struct sadb_x_nat_t_port),
443 [SADB_X_EXT_NAT_T_DPORT] = sizeof(struct sadb_x_nat_t_port),
444 [SADB_X_EXT_NAT_T_OAI] = 0,
445 [SADB_X_EXT_NAT_T_OAR] = 0,
446 [SADB_X_EXT_NAT_T_FRAG] = sizeof(struct sadb_x_nat_t_frag),
447 [SADB_X_EXT_SA_REPLAY] = sizeof(struct sadb_x_sa_replay),
448 [SADB_X_EXT_NEW_ADDRESS_SRC] = 0,
449 [SADB_X_EXT_NEW_ADDRESS_DST] = 0,
450 [SADB_X_EXT_LFT_CUR_SW_OFFL] = sizeof(struct sadb_lifetime),
451 [SADB_X_EXT_LFT_CUR_HW_OFFL] = sizeof(struct sadb_lifetime),
452 [SADB_X_EXT_IF_HW_OFFL] = sizeof(struct sadb_x_if_hw_offl),
453 };
454 _Static_assert(nitems(maxsize) == SADB_EXT_MAX + 1, "maxsize size mismatch");
455
456 /*
457 * Internal values for SA flags:
458 * SADB_X_EXT_F_CLONED means that SA was cloned by key_updateaddresses,
459 * thus we will not free the most of SA content in key_delsav().
460 */
461 #define SADB_X_EXT_F_CLONED 0x80000000
462
463 #define SADB_CHECKLEN(_mhp, _ext) \
464 ((_mhp)->extlen[(_ext)] < minsize[(_ext)] || (maxsize[(_ext)] != 0 && \
465 ((_mhp)->extlen[(_ext)] > maxsize[(_ext)])))
466 #define SADB_CHECKHDR(_mhp, _ext) ((_mhp)->ext[(_ext)] == NULL)
467
468 VNET_DEFINE_STATIC(int, ipsec_esp_keymin) = 256;
469 VNET_DEFINE_STATIC(int, ipsec_esp_auth) = 0;
470 VNET_DEFINE_STATIC(int, ipsec_ah_keymin) = 128;
471
472 #define V_ipsec_esp_keymin VNET(ipsec_esp_keymin)
473 #define V_ipsec_esp_auth VNET(ipsec_esp_auth)
474 #define V_ipsec_ah_keymin VNET(ipsec_ah_keymin)
475
476 #ifdef IPSEC_DEBUG
477 VNET_DEFINE(int, ipsec_debug) = 1;
478 #else
479 VNET_DEFINE(int, ipsec_debug) = 0;
480 #endif
481
482 #ifdef INET
483 SYSCTL_DECL(_net_inet_ipsec);
484 SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, debug,
485 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0,
486 "Enable IPsec debugging output when set.");
487 #endif
488 #ifdef INET6
489 SYSCTL_DECL(_net_inet6_ipsec6);
490 SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, debug,
491 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0,
492 "Enable IPsec debugging output when set.");
493 #endif
494
495 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug,
496 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, "");
497
498 /* max count of trial for the decision of spi value */
499 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt,
500 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, "");
501
502 /* minimum spi value to allocate automatically. */
503 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval,
504 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, "");
505
506 /* maximun spi value to allocate automatically. */
507 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval,
508 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, "");
509
510 /* interval to initialize randseed */
511 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random,
512 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_int_random), 0, "");
513
514 /* lifetime for larval SA */
515 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime,
516 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, "");
517
518 /* counter for blocking to send SADB_ACQUIRE to IKEd */
519 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count,
520 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, "");
521
522 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
523 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime,
524 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, "");
525
526 /* ESP auth */
527 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth,
528 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, "");
529
530 /* minimum ESP key length */
531 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin,
532 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, "");
533
534 /* minimum AH key length */
535 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin,
536 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, "");
537
538 /* perfered old SA rather than new SA */
539 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa,
540 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, "");
541
542 SYSCTL_NODE(_net_key, OID_AUTO, spdcache, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
543 "SPD cache");
544
545 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, maxentries,
546 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_maxentries), 0,
547 "Maximum number of entries in the SPD cache"
548 " (power of 2, 0 to disable)");
549
550 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, threshold,
551 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_threshold), 0,
552 "Number of SPs that make the SPD cache active");
553
554 #define __LIST_CHAINED(elm) \
555 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
556
557 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association");
558 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head");
559 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy");
560 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request");
561 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous");
562 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire");
563 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire");
564 MALLOC_DEFINE(M_IPSEC_SPDCACHE, "ipsec-spdcache", "ipsec SPD cache");
565
566 static uma_zone_t __read_mostly ipsec_key_lft_zone;
567
568 /*
569 * set parameters into secpolicyindex buffer.
570 * Must allocate secpolicyindex buffer passed to this function.
571 */
572 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \
573 do { \
574 bzero((idx), sizeof(struct secpolicyindex)); \
575 (idx)->dir = (_dir); \
576 (idx)->prefs = (ps); \
577 (idx)->prefd = (pd); \
578 (idx)->ul_proto = (ulp); \
579 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \
580 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \
581 } while (0)
582
583 /*
584 * set parameters into secasindex buffer.
585 * Must allocate secasindex buffer before calling this function.
586 */
587 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \
588 do { \
589 bzero((idx), sizeof(struct secasindex)); \
590 (idx)->proto = (p); \
591 (idx)->mode = (m); \
592 (idx)->reqid = (r); \
593 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \
594 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \
595 key_porttosaddr(&(idx)->src.sa, 0); \
596 key_porttosaddr(&(idx)->dst.sa, 0); \
597 } while (0)
598
599 /* key statistics */
600 struct _keystat {
601 u_long getspi_count; /* the avarage of count to try to get new SPI */
602 } keystat;
603
604 struct sadb_msghdr {
605 struct sadb_msg *msg;
606 struct sadb_ext *ext[SADB_EXT_MAX + 1];
607 int extoff[SADB_EXT_MAX + 1];
608 int extlen[SADB_EXT_MAX + 1];
609 };
610
611 static const struct supported_ealgs {
612 int sadb_alg;
613 const struct enc_xform *xform;
614 } supported_ealgs[] = {
615 { SADB_X_EALG_AES, &enc_xform_aes_cbc },
616 { SADB_EALG_NULL, &enc_xform_null },
617 { SADB_X_EALG_AESCTR, &enc_xform_aes_icm },
618 { SADB_X_EALG_AESGCM16, &enc_xform_aes_nist_gcm },
619 { SADB_X_EALG_AESGMAC, &enc_xform_aes_nist_gmac },
620 { SADB_X_EALG_CHACHA20POLY1305, &enc_xform_chacha20_poly1305 },
621 };
622
623 static const struct supported_aalgs {
624 int sadb_alg;
625 const struct auth_hash *xform;
626 } supported_aalgs[] = {
627 { SADB_X_AALG_NULL, &auth_hash_null },
628 { SADB_AALG_SHA1HMAC, &auth_hash_hmac_sha1 },
629 { SADB_X_AALG_SHA2_256, &auth_hash_hmac_sha2_256 },
630 { SADB_X_AALG_SHA2_384, &auth_hash_hmac_sha2_384 },
631 { SADB_X_AALG_SHA2_512, &auth_hash_hmac_sha2_512 },
632 { SADB_X_AALG_AES128GMAC, &auth_hash_nist_gmac_aes_128 },
633 { SADB_X_AALG_AES192GMAC, &auth_hash_nist_gmac_aes_192 },
634 { SADB_X_AALG_AES256GMAC, &auth_hash_nist_gmac_aes_256 },
635 { SADB_X_AALG_CHACHA20POLY1305, &auth_hash_poly1305 },
636 };
637
638 static const struct supported_calgs {
639 int sadb_alg;
640 const struct comp_algo *xform;
641 } supported_calgs[] = {
642 { SADB_X_CALG_DEFLATE, &comp_algo_deflate },
643 };
644
645 #ifndef IPSEC_DEBUG2
646 static struct callout key_timer;
647 #endif
648
649 static void key_unlink(struct secpolicy *);
650 static void key_detach(struct secpolicy *);
651 static struct secpolicy *key_getsp(struct secpolicyindex *);
652 static struct secpolicy *key_getspbyid(u_int32_t);
653 static struct mbuf *key_gather_mbuf(struct mbuf *,
654 const struct sadb_msghdr *, int, int, ...);
655 static int key_spdadd(struct socket *, struct mbuf *,
656 const struct sadb_msghdr *);
657 static uint32_t key_getnewspid(void);
658 static int key_spddelete(struct socket *, struct mbuf *,
659 const struct sadb_msghdr *);
660 static int key_spddelete2(struct socket *, struct mbuf *,
661 const struct sadb_msghdr *);
662 static int key_spdget(struct socket *, struct mbuf *,
663 const struct sadb_msghdr *);
664 static int key_spdflush(struct socket *, struct mbuf *,
665 const struct sadb_msghdr *);
666 static int key_spddump(struct socket *, struct mbuf *,
667 const struct sadb_msghdr *);
668 static struct mbuf *key_setdumpsp(struct secpolicy *,
669 u_int8_t, u_int32_t, u_int32_t);
670 static struct mbuf *key_sp2mbuf(struct secpolicy *);
671 static size_t key_getspreqmsglen(struct secpolicy *);
672 static int key_spdexpire(struct secpolicy *);
673 static struct secashead *key_newsah(struct secasindex *);
674 static void key_freesah(struct secashead **);
675 static void key_delsah(struct secashead *);
676 static struct secasvar *key_newsav(const struct sadb_msghdr *,
677 struct secasindex *, uint32_t, int *);
678 static void key_delsav(struct secasvar *);
679 static void key_unlinksav(struct secasvar *);
680 static struct secashead *key_getsah(struct secasindex *);
681 static int key_checkspidup(uint32_t);
682 static struct secasvar *key_getsavbyspi(uint32_t);
683 static int key_setnatt(struct secasvar *, const struct sadb_msghdr *);
684 static int key_setsaval(struct secasvar *, const struct sadb_msghdr *);
685 static int key_updatelifetimes(struct secasvar *, const struct sadb_msghdr *);
686 static int key_updateaddresses(struct socket *, struct mbuf *,
687 const struct sadb_msghdr *, struct secasvar *, struct secasindex *);
688
689 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t,
690 u_int8_t, u_int32_t, u_int32_t, struct rm_priotracker *);
691 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t,
692 u_int32_t, pid_t, u_int16_t);
693 static struct mbuf *key_setsadbsa(struct secasvar *);
694 static struct mbuf *key_setsadbaddr(u_int16_t,
695 const struct sockaddr *, u_int8_t, u_int16_t);
696 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t);
697 static struct mbuf *key_setsadbxtype(u_int16_t);
698 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t);
699 static struct mbuf *key_setsadbxsareplay(u_int32_t);
700 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
701 u_int32_t, u_int32_t);
702 static struct seckey *key_dup_keymsg(const struct sadb_key *, size_t,
703 struct malloc_type *);
704 static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src,
705 struct malloc_type *);
706
707 /* flags for key_cmpsaidx() */
708 #define CMP_HEAD 1 /* protocol, addresses. */
709 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */
710 #define CMP_REQID 3 /* additionally HEAD, reaid. */
711 #define CMP_EXACTLY 4 /* all elements. */
712 static int key_cmpsaidx(const struct secasindex *,
713 const struct secasindex *, int);
714 static int key_cmpspidx_exactly(struct secpolicyindex *,
715 struct secpolicyindex *);
716 static int key_cmpspidx_withmask(struct secpolicyindex *,
717 struct secpolicyindex *);
718 static int key_bbcmp(const void *, const void *, u_int);
719 static uint8_t key_satype2proto(uint8_t);
720 static uint8_t key_proto2satype(uint8_t);
721
722 static int key_getspi(struct socket *, struct mbuf *,
723 const struct sadb_msghdr *);
724 static uint32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *);
725 static int key_update(struct socket *, struct mbuf *,
726 const struct sadb_msghdr *);
727 static int key_add(struct socket *, struct mbuf *,
728 const struct sadb_msghdr *);
729 static int key_setident(struct secashead *, const struct sadb_msghdr *);
730 static struct mbuf *key_getmsgbuf_x1(struct mbuf *,
731 const struct sadb_msghdr *);
732 static int key_delete(struct socket *, struct mbuf *,
733 const struct sadb_msghdr *);
734 static int key_delete_all(struct socket *, struct mbuf *,
735 const struct sadb_msghdr *, struct secasindex *);
736 static int key_get(struct socket *, struct mbuf *,
737 const struct sadb_msghdr *);
738
739 static void key_getcomb_setlifetime(struct sadb_comb *);
740 static struct mbuf *key_getcomb_ealg(void);
741 static struct mbuf *key_getcomb_ah(void);
742 static struct mbuf *key_getcomb_ipcomp(void);
743 static struct mbuf *key_getprop(const struct secasindex *);
744
745 static int key_acquire(const struct secasindex *, struct secpolicy *);
746 static uint32_t key_newacq(const struct secasindex *, int *);
747 static uint32_t key_getacq(const struct secasindex *, int *);
748 static int key_acqdone(const struct secasindex *, uint32_t);
749 static int key_acqreset(uint32_t);
750 static struct secspacq *key_newspacq(struct secpolicyindex *);
751 static struct secspacq *key_getspacq(struct secpolicyindex *);
752 static int key_acquire2(struct socket *, struct mbuf *,
753 const struct sadb_msghdr *);
754 static int key_register(struct socket *, struct mbuf *,
755 const struct sadb_msghdr *);
756 static int key_expire(struct secasvar *, int);
757 static int key_flush(struct socket *, struct mbuf *,
758 const struct sadb_msghdr *);
759 static int key_dump(struct socket *, struct mbuf *,
760 const struct sadb_msghdr *);
761 static int key_promisc(struct socket *, struct mbuf *,
762 const struct sadb_msghdr *);
763 static int key_senderror(struct socket *, struct mbuf *, int);
764 static int key_validate_ext(const struct sadb_ext *, int);
765 static int key_align(struct mbuf *, struct sadb_msghdr *);
766 static struct mbuf *key_setlifetime(struct seclifetime *, uint16_t);
767 static struct mbuf *key_setkey(struct seckey *, uint16_t);
768
769 static void spdcache_init(void);
770 static void spdcache_clear(void);
771 static struct spdcache_entry *spdcache_entry_alloc(
772 const struct secpolicyindex *spidx,
773 struct secpolicy *policy);
774 static void spdcache_entry_free(struct spdcache_entry *entry);
775 #ifdef VIMAGE
776 static void spdcache_destroy(void);
777 #endif
778
779 #define DBG_IPSEC_INITREF(t, p) do { \
780 refcount_init(&(p)->refcnt, 1); \
781 KEYDBG(KEY_STAMP, \
782 printf("%s: Initialize refcnt %s(%p) = %u\n", \
783 __func__, #t, (p), (p)->refcnt)); \
784 } while (0)
785 #define DBG_IPSEC_ADDREF(t, p) do { \
786 refcount_acquire(&(p)->refcnt); \
787 KEYDBG(KEY_STAMP, \
788 printf("%s: Acquire refcnt %s(%p) -> %u\n", \
789 __func__, #t, (p), (p)->refcnt)); \
790 } while (0)
791 #define DBG_IPSEC_DELREF(t, p) do { \
792 KEYDBG(KEY_STAMP, \
793 printf("%s: Release refcnt %s(%p) -> %u\n", \
794 __func__, #t, (p), (p)->refcnt - 1)); \
795 refcount_release(&(p)->refcnt); \
796 } while (0)
797
798 #define IPSEC_INITREF(t, p) refcount_init(&(p)->refcnt, 1)
799 #define IPSEC_ADDREF(t, p) refcount_acquire(&(p)->refcnt)
800 #define IPSEC_DELREF(t, p) refcount_release(&(p)->refcnt)
801
802 #define SP_INITREF(p) IPSEC_INITREF(SP, p)
803 #define SP_ADDREF(p) IPSEC_ADDREF(SP, p)
804 #define SP_DELREF(p) IPSEC_DELREF(SP, p)
805
806 #define SAH_INITREF(p) IPSEC_INITREF(SAH, p)
807 #define SAH_ADDREF(p) IPSEC_ADDREF(SAH, p)
808 #define SAH_DELREF(p) IPSEC_DELREF(SAH, p)
809
810 #define SAV_INITREF(p) IPSEC_INITREF(SAV, p)
811 #define SAV_ADDREF(p) IPSEC_ADDREF(SAV, p)
812 #define SAV_DELREF(p) IPSEC_DELREF(SAV, p)
813
814 /*
815 * Update the refcnt while holding the SPTREE lock.
816 */
817 void
key_addref(struct secpolicy * sp)818 key_addref(struct secpolicy *sp)
819 {
820
821 SP_ADDREF(sp);
822 }
823
824 /*
825 * Return 0 when there are known to be no SP's for the specified
826 * direction. Otherwise return 1. This is used by IPsec code
827 * to optimize performance.
828 */
829 int
key_havesp(u_int dir)830 key_havesp(u_int dir)
831 {
832
833 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
834 ("invalid direction %u", dir));
835 return (TAILQ_FIRST(&V_sptree[dir]) != NULL);
836 }
837
838 int
key_havesp_any(void)839 key_havesp_any(void)
840 {
841
842 return (V_spd_size != 0);
843 }
844
845 /*
846 * Allocate a single mbuf with a buffer of the desired length. The buffer is
847 * pre-zeroed to help ensure that uninitialized pad bytes are not leaked.
848 */
849 static struct mbuf *
key_mget(u_int len)850 key_mget(u_int len)
851 {
852 struct mbuf *m;
853
854 KASSERT(len <= MCLBYTES,
855 ("%s: invalid buffer length %u", __func__, len));
856
857 m = m_get2(len, M_NOWAIT, MT_DATA, M_PKTHDR);
858 if (m == NULL)
859 return (NULL);
860 memset(mtod(m, void *), 0, len);
861 return (m);
862 }
863
864 /* %%% IPsec policy management */
865 /*
866 * Return current SPDB generation.
867 */
868 uint32_t
key_getspgen(void)869 key_getspgen(void)
870 {
871
872 return (V_sp_genid);
873 }
874
875 void
key_bumpspgen(void)876 key_bumpspgen(void)
877 {
878
879 V_sp_genid++;
880 }
881
882 static int
key_checksockaddrs(struct sockaddr * src,struct sockaddr * dst)883 key_checksockaddrs(struct sockaddr *src, struct sockaddr *dst)
884 {
885
886 /* family match */
887 if (src->sa_family != dst->sa_family)
888 return (EINVAL);
889 /* sa_len match */
890 if (src->sa_len != dst->sa_len)
891 return (EINVAL);
892 switch (src->sa_family) {
893 #ifdef INET
894 case AF_INET:
895 if (src->sa_len != sizeof(struct sockaddr_in))
896 return (EINVAL);
897 break;
898 #endif
899 #ifdef INET6
900 case AF_INET6:
901 if (src->sa_len != sizeof(struct sockaddr_in6))
902 return (EINVAL);
903 break;
904 #endif
905 default:
906 return (EAFNOSUPPORT);
907 }
908 return (0);
909 }
910
911 struct secpolicy *
key_do_allocsp(struct secpolicyindex * spidx,u_int dir)912 key_do_allocsp(struct secpolicyindex *spidx, u_int dir)
913 {
914 SPTREE_RLOCK_TRACKER;
915 struct secpolicy *sp;
916
917 IPSEC_ASSERT(spidx != NULL, ("null spidx"));
918 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
919 ("invalid direction %u", dir));
920
921 SPTREE_RLOCK();
922 TAILQ_FOREACH(sp, &V_sptree[dir], chain) {
923 if (key_cmpspidx_withmask(&sp->spidx, spidx)) {
924 SP_ADDREF(sp);
925 break;
926 }
927 }
928 SPTREE_RUNLOCK();
929 return (sp);
930 }
931
932 /*
933 * allocating a SP for OUTBOUND or INBOUND packet.
934 * Must call key_freesp() later.
935 * OUT: NULL: not found
936 * others: found and return the pointer.
937 */
938 struct secpolicy *
key_allocsp(struct secpolicyindex * spidx,u_int dir)939 key_allocsp(struct secpolicyindex *spidx, u_int dir)
940 {
941 struct spdcache_entry *entry, *lastentry, *tmpentry;
942 struct secpolicy *sp;
943 uint32_t hashv;
944 time_t ts;
945 int nb_entries;
946
947 if (!SPDCACHE_ACTIVE()) {
948 sp = key_do_allocsp(spidx, dir);
949 goto out;
950 }
951
952 hashv = SPDCACHE_HASHVAL(spidx);
953 SPDCACHE_LOCK(hashv);
954 nb_entries = 0;
955 LIST_FOREACH_SAFE(entry, &V_spdcachehashtbl[hashv], chain, tmpentry) {
956 /* Removed outdated entries */
957 if (entry->sp != NULL &&
958 entry->sp->state == IPSEC_SPSTATE_DEAD) {
959 LIST_REMOVE(entry, chain);
960 spdcache_entry_free(entry);
961 continue;
962 }
963
964 nb_entries++;
965 if (!key_cmpspidx_exactly(&entry->spidx, spidx)) {
966 lastentry = entry;
967 continue;
968 }
969
970 sp = entry->sp;
971 if (entry->sp != NULL)
972 SP_ADDREF(sp);
973
974 /* IPSECSTAT_INC(ips_spdcache_hits); */
975
976 SPDCACHE_UNLOCK(hashv);
977 goto out;
978 }
979
980 /* IPSECSTAT_INC(ips_spdcache_misses); */
981
982 sp = key_do_allocsp(spidx, dir);
983 entry = spdcache_entry_alloc(spidx, sp);
984 if (entry != NULL) {
985 if (nb_entries >= SPDCACHE_MAX_ENTRIES_PER_HASH) {
986 LIST_REMOVE(lastentry, chain);
987 spdcache_entry_free(lastentry);
988 }
989
990 LIST_INSERT_HEAD(&V_spdcachehashtbl[hashv], entry, chain);
991 }
992
993 SPDCACHE_UNLOCK(hashv);
994
995 out:
996 if (sp != NULL) { /* found a SPD entry */
997 ts = time_second;
998 if (__predict_false(sp->lastused != ts))
999 sp->lastused = ts;
1000 KEYDBG(IPSEC_STAMP,
1001 printf("%s: return SP(%p)\n", __func__, sp));
1002 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp));
1003 } else {
1004 KEYDBG(IPSEC_DATA,
1005 printf("%s: lookup failed for ", __func__);
1006 kdebug_secpolicyindex(spidx, NULL));
1007 }
1008 return (sp);
1009 }
1010
1011 /*
1012 * Allocating an SA entry for an *INBOUND* or *OUTBOUND* TCP packet, signed
1013 * or should be signed by MD5 signature.
1014 * We don't use key_allocsa() for such lookups, because we don't know SPI.
1015 * Unlike ESP and AH protocols, SPI isn't transmitted in the TCP header with
1016 * signed packet. We use SADB only as storage for password.
1017 * OUT: positive: corresponding SA for given saidx found.
1018 * NULL: SA not found
1019 */
1020 struct secasvar *
key_allocsa_tcpmd5(struct secasindex * saidx)1021 key_allocsa_tcpmd5(struct secasindex *saidx)
1022 {
1023 SAHTREE_RLOCK_TRACKER;
1024 struct secashead *sah;
1025 struct secasvar *sav;
1026
1027 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP,
1028 ("unexpected security protocol %u", saidx->proto));
1029 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TCPMD5,
1030 ("unexpected mode %u", saidx->mode));
1031
1032 SAHTREE_RLOCK();
1033 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) {
1034 KEYDBG(IPSEC_DUMP,
1035 printf("%s: checking SAH\n", __func__);
1036 kdebug_secash(sah, " "));
1037 if (sah->saidx.proto != IPPROTO_TCP)
1038 continue;
1039 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) &&
1040 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0))
1041 break;
1042 }
1043 if (sah != NULL) {
1044 if (V_key_preferred_oldsa)
1045 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue);
1046 else
1047 sav = TAILQ_FIRST(&sah->savtree_alive);
1048 if (sav != NULL)
1049 SAV_ADDREF(sav);
1050 } else
1051 sav = NULL;
1052 SAHTREE_RUNLOCK();
1053
1054 if (sav != NULL) {
1055 KEYDBG(IPSEC_STAMP,
1056 printf("%s: return SA(%p)\n", __func__, sav));
1057 KEYDBG(IPSEC_DATA, kdebug_secasv(sav));
1058 } else {
1059 KEYDBG(IPSEC_STAMP,
1060 printf("%s: SA not found\n", __func__));
1061 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL));
1062 }
1063 return (sav);
1064 }
1065
1066 /*
1067 * Allocating an SA entry for an *OUTBOUND* packet.
1068 * OUT: positive: corresponding SA for given saidx found.
1069 * NULL: SA not found, but will be acquired, check *error
1070 * for acquiring status.
1071 */
1072 struct secasvar *
key_allocsa_policy(struct secpolicy * sp,const struct secasindex * saidx,int * error)1073 key_allocsa_policy(struct secpolicy *sp, const struct secasindex *saidx,
1074 int *error)
1075 {
1076 SAHTREE_RLOCK_TRACKER;
1077 struct secashead *sah;
1078 struct secasvar *sav;
1079
1080 IPSEC_ASSERT(saidx != NULL, ("null saidx"));
1081 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT ||
1082 saidx->mode == IPSEC_MODE_TUNNEL,
1083 ("unexpected policy %u", saidx->mode));
1084
1085 /*
1086 * We check new SA in the IPsec request because a different
1087 * SA may be involved each time this request is checked, either
1088 * because new SAs are being configured, or this request is
1089 * associated with an unconnected datagram socket, or this request
1090 * is associated with a system default policy.
1091 */
1092 SAHTREE_RLOCK();
1093 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) {
1094 KEYDBG(IPSEC_DUMP,
1095 printf("%s: checking SAH\n", __func__);
1096 kdebug_secash(sah, " "));
1097 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
1098 break;
1099 }
1100 if (sah != NULL) {
1101 /*
1102 * Allocate the oldest SA available according to
1103 * draft-jenkins-ipsec-rekeying-03.
1104 */
1105 if (V_key_preferred_oldsa)
1106 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue);
1107 else
1108 sav = TAILQ_FIRST(&sah->savtree_alive);
1109 if (sav != NULL)
1110 SAV_ADDREF(sav);
1111 } else
1112 sav = NULL;
1113 SAHTREE_RUNLOCK();
1114
1115 if (sav != NULL) {
1116 *error = 0;
1117 KEYDBG(IPSEC_STAMP,
1118 printf("%s: chosen SA(%p) for SP(%p)\n", __func__,
1119 sav, sp));
1120 KEYDBG(IPSEC_DATA, kdebug_secasv(sav));
1121 return (sav); /* return referenced SA */
1122 }
1123
1124 /* there is no SA */
1125 *error = key_acquire(saidx, sp);
1126 if ((*error) != 0)
1127 ipseclog((LOG_DEBUG,
1128 "%s: error %d returned from key_acquire()\n",
1129 __func__, *error));
1130 KEYDBG(IPSEC_STAMP,
1131 printf("%s: acquire SA for SP(%p), error %d\n",
1132 __func__, sp, *error));
1133 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL));
1134 return (NULL);
1135 }
1136
1137 /*
1138 * allocating a usable SA entry for a *INBOUND* packet.
1139 * Must call key_freesav() later.
1140 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state).
1141 * NULL: not found, or error occurred.
1142 *
1143 * According to RFC 2401 SA is uniquely identified by a triple SPI,
1144 * destination address, and security protocol. But according to RFC 4301,
1145 * SPI by itself suffices to specify an SA.
1146 *
1147 * Note that, however, we do need to keep source address in IPsec SA.
1148 * IKE specification and PF_KEY specification do assume that we
1149 * keep source address in IPsec SA. We see a tricky situation here.
1150 */
1151 struct secasvar *
key_allocsa(union sockaddr_union * dst,uint8_t proto,uint32_t spi)1152 key_allocsa(union sockaddr_union *dst, uint8_t proto, uint32_t spi)
1153 {
1154 SAHTREE_RLOCK_TRACKER;
1155 struct secasvar *sav;
1156
1157 IPSEC_ASSERT(proto == IPPROTO_ESP || proto == IPPROTO_AH ||
1158 proto == IPPROTO_IPCOMP, ("unexpected security protocol %u",
1159 proto));
1160
1161 SAHTREE_RLOCK();
1162 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) {
1163 if (sav->spi == spi)
1164 break;
1165 }
1166 /*
1167 * We use single SPI namespace for all protocols, so it is
1168 * impossible to have SPI duplicates in the SAVHASH.
1169 */
1170 if (sav != NULL) {
1171 if (sav->state != SADB_SASTATE_LARVAL &&
1172 sav->sah->saidx.proto == proto &&
1173 key_sockaddrcmp(&dst->sa,
1174 &sav->sah->saidx.dst.sa, 0) == 0)
1175 SAV_ADDREF(sav);
1176 else
1177 sav = NULL;
1178 }
1179 SAHTREE_RUNLOCK();
1180
1181 if (sav == NULL) {
1182 KEYDBG(IPSEC_STAMP,
1183 char buf[IPSEC_ADDRSTRLEN];
1184 printf("%s: SA not found for spi %u proto %u dst %s\n",
1185 __func__, ntohl(spi), proto, ipsec_address(dst, buf,
1186 sizeof(buf))));
1187 } else {
1188 KEYDBG(IPSEC_STAMP,
1189 printf("%s: return SA(%p)\n", __func__, sav));
1190 KEYDBG(IPSEC_DATA, kdebug_secasv(sav));
1191 }
1192 return (sav);
1193 }
1194
1195 struct secasvar *
key_allocsa_tunnel(union sockaddr_union * src,union sockaddr_union * dst,uint8_t proto)1196 key_allocsa_tunnel(union sockaddr_union *src, union sockaddr_union *dst,
1197 uint8_t proto)
1198 {
1199 SAHTREE_RLOCK_TRACKER;
1200 struct secasindex saidx;
1201 struct secashead *sah;
1202 struct secasvar *sav;
1203
1204 IPSEC_ASSERT(src != NULL, ("null src address"));
1205 IPSEC_ASSERT(dst != NULL, ("null dst address"));
1206
1207 KEY_SETSECASIDX(proto, IPSEC_MODE_TUNNEL, 0, &src->sa,
1208 &dst->sa, &saidx);
1209
1210 sav = NULL;
1211 SAHTREE_RLOCK();
1212 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) {
1213 if (IPSEC_MODE_TUNNEL != sah->saidx.mode)
1214 continue;
1215 if (proto != sah->saidx.proto)
1216 continue;
1217 if (key_sockaddrcmp(&src->sa, &sah->saidx.src.sa, 0) != 0)
1218 continue;
1219 if (key_sockaddrcmp(&dst->sa, &sah->saidx.dst.sa, 0) != 0)
1220 continue;
1221 /* XXXAE: is key_preferred_oldsa reasonably?*/
1222 if (V_key_preferred_oldsa)
1223 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue);
1224 else
1225 sav = TAILQ_FIRST(&sah->savtree_alive);
1226 if (sav != NULL) {
1227 SAV_ADDREF(sav);
1228 break;
1229 }
1230 }
1231 SAHTREE_RUNLOCK();
1232 KEYDBG(IPSEC_STAMP,
1233 printf("%s: return SA(%p)\n", __func__, sav));
1234 if (sav != NULL)
1235 KEYDBG(IPSEC_DATA, kdebug_secasv(sav));
1236 return (sav);
1237 }
1238
1239 /*
1240 * Must be called after calling key_allocsp().
1241 */
1242 void
key_freesp(struct secpolicy ** spp)1243 key_freesp(struct secpolicy **spp)
1244 {
1245 struct secpolicy *sp = *spp;
1246
1247 IPSEC_ASSERT(sp != NULL, ("null sp"));
1248 if (SP_DELREF(sp) == 0)
1249 return;
1250
1251 KEYDBG(IPSEC_STAMP,
1252 printf("%s: last reference to SP(%p)\n", __func__, sp));
1253 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp));
1254
1255 *spp = NULL;
1256 #ifdef IPSEC_OFFLOAD
1257 KASSERT(CK_LIST_EMPTY(&sp->accel_ifps),
1258 ("key_freesp: sp %p still offloaded", sp));
1259 free(__DECONST(char *, sp->accel_ifname), M_IPSEC_MISC);
1260 #endif
1261 while (sp->tcount > 0)
1262 ipsec_delisr(sp->req[--sp->tcount]);
1263 free(sp, M_IPSEC_SP);
1264 }
1265
1266 static void
key_unlink(struct secpolicy * sp)1267 key_unlink(struct secpolicy *sp)
1268 {
1269 SPTREE_WLOCK();
1270 key_detach(sp);
1271 SPTREE_WUNLOCK();
1272 if (SPDCACHE_ENABLED())
1273 spdcache_clear();
1274 ipsec_accel_sync();
1275 key_freesp(&sp);
1276 }
1277
1278 static void
key_detach(struct secpolicy * sp)1279 key_detach(struct secpolicy *sp)
1280 {
1281 IPSEC_ASSERT(sp->spidx.dir == IPSEC_DIR_INBOUND ||
1282 sp->spidx.dir == IPSEC_DIR_OUTBOUND,
1283 ("invalid direction %u", sp->spidx.dir));
1284 SPTREE_WLOCK_ASSERT();
1285
1286 KEYDBG(KEY_STAMP,
1287 printf("%s: SP(%p)\n", __func__, sp));
1288 if (sp->state != IPSEC_SPSTATE_ALIVE) {
1289 /* SP is already unlinked */
1290 return;
1291 }
1292 sp->state = IPSEC_SPSTATE_DEAD;
1293 ipsec_accel_spddel(sp);
1294 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain);
1295 V_spd_size--;
1296 LIST_REMOVE(sp, idhash);
1297 V_sp_genid++;
1298 }
1299
1300 /*
1301 * insert a secpolicy into the SP database. Lower priorities first
1302 */
1303 static void
key_insertsp(struct secpolicy * newsp)1304 key_insertsp(struct secpolicy *newsp)
1305 {
1306 struct secpolicy *sp;
1307
1308 SPTREE_WLOCK_ASSERT();
1309 TAILQ_FOREACH(sp, &V_sptree[newsp->spidx.dir], chain) {
1310 if (newsp->priority < sp->priority) {
1311 TAILQ_INSERT_BEFORE(sp, newsp, chain);
1312 goto done;
1313 }
1314 }
1315 TAILQ_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, chain);
1316 done:
1317 LIST_INSERT_HEAD(SPHASH_HASH(newsp->id), newsp, idhash);
1318 newsp->state = IPSEC_SPSTATE_ALIVE;
1319 V_spd_size++;
1320 V_sp_genid++;
1321 ipsec_accel_spdadd(newsp, NULL);
1322 }
1323
1324 /*
1325 * Insert a bunch of VTI secpolicies into the SPDB.
1326 * We keep VTI policies in the separate list due to following reasons:
1327 * 1) they should be immutable to user's or some deamon's attempts to
1328 * delete. The only way delete such policies - destroy or unconfigure
1329 * corresponding virtual inteface.
1330 * 2) such policies have traffic selector that matches all traffic per
1331 * address family.
1332 * Since all VTI policies have the same priority, we don't care about
1333 * policies order.
1334 */
1335 int
key_register_ifnet(struct secpolicy ** spp,u_int count)1336 key_register_ifnet(struct secpolicy **spp, u_int count)
1337 {
1338 struct mbuf *m;
1339 u_int i;
1340
1341 SPTREE_WLOCK();
1342 /*
1343 * First of try to acquire id for each SP.
1344 */
1345 for (i = 0; i < count; i++) {
1346 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND ||
1347 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND,
1348 ("invalid direction %u", spp[i]->spidx.dir));
1349
1350 if ((spp[i]->id = key_getnewspid()) == 0) {
1351 SPTREE_WUNLOCK();
1352 return (EAGAIN);
1353 }
1354 }
1355 for (i = 0; i < count; i++) {
1356 TAILQ_INSERT_TAIL(&V_sptree_ifnet[spp[i]->spidx.dir],
1357 spp[i], chain);
1358 /*
1359 * NOTE: despite the fact that we keep VTI SP in the
1360 * separate list, SPHASH contains policies from both
1361 * sources. Thus SADB_X_SPDGET will correctly return
1362 * SP by id, because it uses SPHASH for lookups.
1363 */
1364 LIST_INSERT_HEAD(SPHASH_HASH(spp[i]->id), spp[i], idhash);
1365 spp[i]->state = IPSEC_SPSTATE_IFNET;
1366 ipsec_accel_spdadd(spp[i], NULL);
1367 }
1368 SPTREE_WUNLOCK();
1369 /*
1370 * Notify user processes about new SP.
1371 */
1372 for (i = 0; i < count; i++) {
1373 m = key_setdumpsp(spp[i], SADB_X_SPDADD, 0, 0);
1374 if (m != NULL)
1375 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL);
1376 }
1377 return (0);
1378 }
1379
1380 void
key_unregister_ifnet(struct secpolicy ** spp,u_int count)1381 key_unregister_ifnet(struct secpolicy **spp, u_int count)
1382 {
1383 struct mbuf *m;
1384 u_int i;
1385
1386 SPTREE_WLOCK();
1387 for (i = 0; i < count; i++) {
1388 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND ||
1389 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND,
1390 ("invalid direction %u", spp[i]->spidx.dir));
1391
1392 if (spp[i]->state != IPSEC_SPSTATE_IFNET)
1393 continue;
1394 spp[i]->state = IPSEC_SPSTATE_DEAD;
1395 ipsec_accel_spddel(spp[i]);
1396 TAILQ_REMOVE(&V_sptree_ifnet[spp[i]->spidx.dir],
1397 spp[i], chain);
1398 V_spd_size--;
1399 LIST_REMOVE(spp[i], idhash);
1400 }
1401 SPTREE_WUNLOCK();
1402 if (SPDCACHE_ENABLED())
1403 spdcache_clear();
1404 ipsec_accel_sync();
1405
1406 for (i = 0; i < count; i++) {
1407 m = key_setdumpsp(spp[i], SADB_X_SPDDELETE, 0, 0);
1408 if (m != NULL)
1409 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL);
1410 }
1411 }
1412
1413 /*
1414 * Must be called after calling key_allocsa().
1415 * This function is called by key_freesp() to free some SA allocated
1416 * for a policy.
1417 */
1418 void
key_freesav(struct secasvar ** psav)1419 key_freesav(struct secasvar **psav)
1420 {
1421 struct secasvar *sav = *psav;
1422
1423 IPSEC_ASSERT(sav != NULL, ("null sav"));
1424 CURVNET_ASSERT_SET();
1425 if (SAV_DELREF(sav) == 0)
1426 return;
1427
1428 KEYDBG(IPSEC_STAMP,
1429 printf("%s: last reference to SA(%p)\n", __func__, sav));
1430
1431 *psav = NULL;
1432 key_delsav(sav);
1433 }
1434
1435 /*
1436 * Unlink SA from SAH and SPI hash under SAHTREE_WLOCK.
1437 * Expect that SA has extra reference due to lookup.
1438 * Release this references, also release SAH reference after unlink.
1439 */
1440 static void
key_unlinksav(struct secasvar * sav)1441 key_unlinksav(struct secasvar *sav)
1442 {
1443 struct secashead *sah;
1444
1445 KEYDBG(KEY_STAMP,
1446 printf("%s: SA(%p)\n", __func__, sav));
1447
1448 CURVNET_ASSERT_SET();
1449 SAHTREE_UNLOCK_ASSERT();
1450 SAHTREE_WLOCK();
1451 if (sav->state == SADB_SASTATE_DEAD) {
1452 /* SA is already unlinked */
1453 SAHTREE_WUNLOCK();
1454 return;
1455 }
1456 /* Unlink from SAH */
1457 if (sav->state == SADB_SASTATE_LARVAL)
1458 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain);
1459 else
1460 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain);
1461 /* Unlink from SPI hash */
1462 LIST_REMOVE(sav, spihash);
1463 sav->state = SADB_SASTATE_DEAD;
1464 ipsec_accel_forget_sav(sav);
1465 sah = sav->sah;
1466 SAHTREE_WUNLOCK();
1467 key_freesav(&sav);
1468 /* Since we are unlinked, release reference to SAH */
1469 key_freesah(&sah);
1470 }
1471
1472 /* %%% SPD management */
1473 /*
1474 * search SPD
1475 * OUT: NULL : not found
1476 * others : found, pointer to a SP.
1477 */
1478 static struct secpolicy *
key_getsp(struct secpolicyindex * spidx)1479 key_getsp(struct secpolicyindex *spidx)
1480 {
1481 SPTREE_RLOCK_TRACKER;
1482 struct secpolicy *sp;
1483
1484 IPSEC_ASSERT(spidx != NULL, ("null spidx"));
1485
1486 SPTREE_RLOCK();
1487 TAILQ_FOREACH(sp, &V_sptree[spidx->dir], chain) {
1488 if (key_cmpspidx_exactly(spidx, &sp->spidx)) {
1489 SP_ADDREF(sp);
1490 break;
1491 }
1492 }
1493 SPTREE_RUNLOCK();
1494
1495 return sp;
1496 }
1497
1498 /*
1499 * get SP by index.
1500 * OUT: NULL : not found
1501 * others : found, pointer to referenced SP.
1502 */
1503 static struct secpolicy *
key_getspbyid(uint32_t id)1504 key_getspbyid(uint32_t id)
1505 {
1506 SPTREE_RLOCK_TRACKER;
1507 struct secpolicy *sp;
1508
1509 SPTREE_RLOCK();
1510 LIST_FOREACH(sp, SPHASH_HASH(id), idhash) {
1511 if (sp->id == id) {
1512 SP_ADDREF(sp);
1513 break;
1514 }
1515 }
1516 SPTREE_RUNLOCK();
1517 return (sp);
1518 }
1519
1520 struct secpolicy *
key_newsp(void)1521 key_newsp(void)
1522 {
1523 struct secpolicy *sp;
1524
1525 sp = malloc(sizeof(*sp), M_IPSEC_SP, M_NOWAIT | M_ZERO);
1526 if (sp != NULL)
1527 SP_INITREF(sp);
1528 return (sp);
1529 }
1530
1531 struct ipsecrequest *
ipsec_newisr(void)1532 ipsec_newisr(void)
1533 {
1534
1535 return (malloc(sizeof(struct ipsecrequest), M_IPSEC_SR,
1536 M_NOWAIT | M_ZERO));
1537 }
1538
1539 void
ipsec_delisr(struct ipsecrequest * p)1540 ipsec_delisr(struct ipsecrequest *p)
1541 {
1542
1543 free(p, M_IPSEC_SR);
1544 }
1545
1546 /*
1547 * create secpolicy structure from sadb_x_policy structure.
1548 * NOTE: `state', `secpolicyindex' and 'id' in secpolicy structure
1549 * are not set, so must be set properly later.
1550 */
1551 struct secpolicy *
key_msg2sp(struct sadb_x_policy * xpl0,size_t len,int * error)1552 key_msg2sp(struct sadb_x_policy *xpl0, size_t len, int *error)
1553 {
1554 struct secpolicy *newsp;
1555
1556 IPSEC_ASSERT(xpl0 != NULL, ("null xpl0"));
1557 IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len));
1558
1559 if (len != PFKEY_EXTLEN(xpl0)) {
1560 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__));
1561 *error = EINVAL;
1562 return NULL;
1563 }
1564
1565 if ((newsp = key_newsp()) == NULL) {
1566 *error = ENOBUFS;
1567 return NULL;
1568 }
1569
1570 newsp->spidx.dir = xpl0->sadb_x_policy_dir;
1571 newsp->policy = xpl0->sadb_x_policy_type;
1572 newsp->priority = xpl0->sadb_x_policy_priority;
1573 newsp->tcount = 0;
1574
1575 /* check policy */
1576 switch (xpl0->sadb_x_policy_type) {
1577 case IPSEC_POLICY_DISCARD:
1578 case IPSEC_POLICY_NONE:
1579 case IPSEC_POLICY_ENTRUST:
1580 case IPSEC_POLICY_BYPASS:
1581 break;
1582
1583 case IPSEC_POLICY_IPSEC:
1584 {
1585 struct sadb_x_ipsecrequest *xisr;
1586 struct ipsecrequest *isr;
1587 int tlen;
1588
1589 /* validity check */
1590 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
1591 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n",
1592 __func__));
1593 key_freesp(&newsp);
1594 *error = EINVAL;
1595 return NULL;
1596 }
1597
1598 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
1599 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
1600
1601 while (tlen > 0) {
1602 /* length check */
1603 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr) ||
1604 xisr->sadb_x_ipsecrequest_len > tlen) {
1605 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest "
1606 "length.\n", __func__));
1607 key_freesp(&newsp);
1608 *error = EINVAL;
1609 return NULL;
1610 }
1611
1612 if (newsp->tcount >= IPSEC_MAXREQ) {
1613 ipseclog((LOG_DEBUG,
1614 "%s: too many ipsecrequests.\n",
1615 __func__));
1616 key_freesp(&newsp);
1617 *error = EINVAL;
1618 return (NULL);
1619 }
1620
1621 /* allocate request buffer */
1622 /* NB: data structure is zero'd */
1623 isr = ipsec_newisr();
1624 if (isr == NULL) {
1625 ipseclog((LOG_DEBUG,
1626 "%s: No more memory.\n", __func__));
1627 key_freesp(&newsp);
1628 *error = ENOBUFS;
1629 return NULL;
1630 }
1631
1632 newsp->req[newsp->tcount++] = isr;
1633
1634 /* set values */
1635 switch (xisr->sadb_x_ipsecrequest_proto) {
1636 case IPPROTO_ESP:
1637 case IPPROTO_AH:
1638 case IPPROTO_IPCOMP:
1639 break;
1640 default:
1641 ipseclog((LOG_DEBUG,
1642 "%s: invalid proto type=%u\n", __func__,
1643 xisr->sadb_x_ipsecrequest_proto));
1644 key_freesp(&newsp);
1645 *error = EPROTONOSUPPORT;
1646 return NULL;
1647 }
1648 isr->saidx.proto =
1649 (uint8_t)xisr->sadb_x_ipsecrequest_proto;
1650
1651 switch (xisr->sadb_x_ipsecrequest_mode) {
1652 case IPSEC_MODE_TRANSPORT:
1653 case IPSEC_MODE_TUNNEL:
1654 break;
1655 case IPSEC_MODE_ANY:
1656 default:
1657 ipseclog((LOG_DEBUG,
1658 "%s: invalid mode=%u\n", __func__,
1659 xisr->sadb_x_ipsecrequest_mode));
1660 key_freesp(&newsp);
1661 *error = EINVAL;
1662 return NULL;
1663 }
1664 isr->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
1665
1666 switch (xisr->sadb_x_ipsecrequest_level) {
1667 case IPSEC_LEVEL_DEFAULT:
1668 case IPSEC_LEVEL_USE:
1669 case IPSEC_LEVEL_REQUIRE:
1670 break;
1671 case IPSEC_LEVEL_UNIQUE:
1672 /* validity check */
1673 /*
1674 * If range violation of reqid, kernel will
1675 * update it, don't refuse it.
1676 */
1677 if (xisr->sadb_x_ipsecrequest_reqid
1678 > IPSEC_MANUAL_REQID_MAX) {
1679 ipseclog((LOG_DEBUG,
1680 "%s: reqid=%d range "
1681 "violation, updated by kernel.\n",
1682 __func__,
1683 xisr->sadb_x_ipsecrequest_reqid));
1684 xisr->sadb_x_ipsecrequest_reqid = 0;
1685 }
1686
1687 /* allocate new reqid id if reqid is zero. */
1688 if (xisr->sadb_x_ipsecrequest_reqid == 0) {
1689 u_int32_t reqid;
1690 if ((reqid = key_newreqid()) == 0) {
1691 key_freesp(&newsp);
1692 *error = ENOBUFS;
1693 return NULL;
1694 }
1695 isr->saidx.reqid = reqid;
1696 xisr->sadb_x_ipsecrequest_reqid = reqid;
1697 } else {
1698 /* set it for manual keying. */
1699 isr->saidx.reqid =
1700 xisr->sadb_x_ipsecrequest_reqid;
1701 }
1702 break;
1703
1704 default:
1705 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n",
1706 __func__,
1707 xisr->sadb_x_ipsecrequest_level));
1708 key_freesp(&newsp);
1709 *error = EINVAL;
1710 return NULL;
1711 }
1712 isr->level = xisr->sadb_x_ipsecrequest_level;
1713
1714 /* set IP addresses if there */
1715 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
1716 struct sockaddr *paddr;
1717
1718 len = tlen - sizeof(*xisr);
1719 paddr = (struct sockaddr *)(xisr + 1);
1720 /* validity check */
1721 if (len < sizeof(struct sockaddr) ||
1722 len < 2 * paddr->sa_len ||
1723 paddr->sa_len > sizeof(isr->saidx.src)) {
1724 ipseclog((LOG_DEBUG, "%s: invalid "
1725 "request address length.\n",
1726 __func__));
1727 key_freesp(&newsp);
1728 *error = EINVAL;
1729 return NULL;
1730 }
1731 /*
1732 * Request length should be enough to keep
1733 * source and destination addresses.
1734 */
1735 if (xisr->sadb_x_ipsecrequest_len <
1736 sizeof(*xisr) + 2 * paddr->sa_len) {
1737 ipseclog((LOG_DEBUG, "%s: invalid "
1738 "ipsecrequest length.\n",
1739 __func__));
1740 key_freesp(&newsp);
1741 *error = EINVAL;
1742 return (NULL);
1743 }
1744 bcopy(paddr, &isr->saidx.src, paddr->sa_len);
1745 paddr = (struct sockaddr *)((caddr_t)paddr +
1746 paddr->sa_len);
1747
1748 /* validity check */
1749 if (paddr->sa_len !=
1750 isr->saidx.src.sa.sa_len) {
1751 ipseclog((LOG_DEBUG, "%s: invalid "
1752 "request address length.\n",
1753 __func__));
1754 key_freesp(&newsp);
1755 *error = EINVAL;
1756 return NULL;
1757 }
1758 /* AF family should match */
1759 if (paddr->sa_family !=
1760 isr->saidx.src.sa.sa_family) {
1761 ipseclog((LOG_DEBUG, "%s: address "
1762 "family doesn't match.\n",
1763 __func__));
1764 key_freesp(&newsp);
1765 *error = EINVAL;
1766 return (NULL);
1767 }
1768 bcopy(paddr, &isr->saidx.dst, paddr->sa_len);
1769 } else {
1770 /*
1771 * Addresses for TUNNEL mode requests are
1772 * mandatory.
1773 */
1774 if (isr->saidx.mode == IPSEC_MODE_TUNNEL) {
1775 ipseclog((LOG_DEBUG, "%s: missing "
1776 "request addresses.\n", __func__));
1777 key_freesp(&newsp);
1778 *error = EINVAL;
1779 return (NULL);
1780 }
1781 }
1782 tlen -= xisr->sadb_x_ipsecrequest_len;
1783
1784 /* validity check */
1785 if (tlen < 0) {
1786 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n",
1787 __func__));
1788 key_freesp(&newsp);
1789 *error = EINVAL;
1790 return NULL;
1791 }
1792
1793 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
1794 + xisr->sadb_x_ipsecrequest_len);
1795 }
1796 /* XXXAE: LARVAL SP */
1797 if (newsp->tcount < 1) {
1798 ipseclog((LOG_DEBUG, "%s: valid IPSEC transforms "
1799 "not found.\n", __func__));
1800 key_freesp(&newsp);
1801 *error = EINVAL;
1802 return (NULL);
1803 }
1804 }
1805 break;
1806 default:
1807 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__));
1808 key_freesp(&newsp);
1809 *error = EINVAL;
1810 return NULL;
1811 }
1812
1813 *error = 0;
1814 return (newsp);
1815 }
1816
1817 uint32_t
key_newreqid(void)1818 key_newreqid(void)
1819 {
1820 static uint32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
1821
1822 if (auto_reqid == ~0)
1823 auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
1824 else
1825 auto_reqid++;
1826
1827 /* XXX should be unique check */
1828 return (auto_reqid);
1829 }
1830
1831 /*
1832 * copy secpolicy struct to sadb_x_policy structure indicated.
1833 */
1834 static struct mbuf *
key_sp2mbuf(struct secpolicy * sp)1835 key_sp2mbuf(struct secpolicy *sp)
1836 {
1837 struct mbuf *m;
1838 size_t tlen;
1839
1840 tlen = key_getspreqmsglen(sp);
1841 m = m_get2(tlen, M_NOWAIT, MT_DATA, 0);
1842 if (m == NULL)
1843 return (NULL);
1844 m_align(m, tlen);
1845 m->m_len = tlen;
1846 if (key_sp2msg(sp, m->m_data, &tlen) != 0) {
1847 m_freem(m);
1848 return (NULL);
1849 }
1850 return (m);
1851 }
1852
1853 int
key_sp2msg(struct secpolicy * sp,void * request,size_t * len)1854 key_sp2msg(struct secpolicy *sp, void *request, size_t *len)
1855 {
1856 struct sadb_x_ipsecrequest *xisr;
1857 struct sadb_x_policy *xpl;
1858 struct ipsecrequest *isr;
1859 size_t xlen, ilen;
1860 caddr_t p;
1861 int error, i;
1862 #ifdef IPSEC_OFFLOAD
1863 struct sadb_x_if_hw_offl *xif;
1864 #endif
1865
1866 IPSEC_ASSERT(sp != NULL, ("null policy"));
1867
1868 xlen = sizeof(*xpl);
1869 if (*len < xlen)
1870 return (EINVAL);
1871
1872 error = 0;
1873 bzero(request, *len);
1874 xpl = (struct sadb_x_policy *)request;
1875 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
1876 xpl->sadb_x_policy_type = sp->policy;
1877 xpl->sadb_x_policy_dir = sp->spidx.dir;
1878 xpl->sadb_x_policy_id = sp->id;
1879 xpl->sadb_x_policy_priority = sp->priority;
1880 switch (sp->state) {
1881 case IPSEC_SPSTATE_IFNET:
1882 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_IFNET;
1883 break;
1884 case IPSEC_SPSTATE_PCB:
1885 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_PCB;
1886 break;
1887 default:
1888 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_GLOBAL;
1889 }
1890
1891 /* if is the policy for ipsec ? */
1892 if (sp->policy == IPSEC_POLICY_IPSEC) {
1893 p = (caddr_t)xpl + sizeof(*xpl);
1894 for (i = 0; i < sp->tcount; i++) {
1895 isr = sp->req[i];
1896 ilen = PFKEY_ALIGN8(sizeof(*xisr) +
1897 isr->saidx.src.sa.sa_len +
1898 isr->saidx.dst.sa.sa_len);
1899 xlen += ilen;
1900 if (xlen > *len) {
1901 error = ENOBUFS;
1902 /* Calculate needed size */
1903 continue;
1904 }
1905 xisr = (struct sadb_x_ipsecrequest *)p;
1906 xisr->sadb_x_ipsecrequest_len = ilen;
1907 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
1908 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
1909 xisr->sadb_x_ipsecrequest_level = isr->level;
1910 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
1911
1912 p += sizeof(*xisr);
1913 bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len);
1914 p += isr->saidx.src.sa.sa_len;
1915 bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len);
1916 p += isr->saidx.dst.sa.sa_len;
1917 }
1918 }
1919 xpl->sadb_x_policy_len = PFKEY_UNIT64(xlen);
1920 #ifdef IPSEC_OFFLOAD
1921 if (error == 0 && sp->accel_ifname != NULL) {
1922 xif = (struct sadb_x_if_hw_offl *)(xpl + 1);
1923 bzero(xif, sizeof(*xif));
1924 xif->sadb_x_if_hw_offl_len = PFKEY_UNIT64(sizeof(*xif));
1925 xif->sadb_x_if_hw_offl_exttype = SADB_X_EXT_IF_HW_OFFL;
1926 xif->sadb_x_if_hw_offl_flags = 0;
1927 strncpy(xif->sadb_x_if_hw_offl_if, sp->accel_ifname,
1928 sizeof(xif->sadb_x_if_hw_offl_if));
1929 xlen += sizeof(*xif);
1930 }
1931 #endif
1932 if (error == 0)
1933 *len = xlen;
1934 else
1935 *len = sizeof(*xpl);
1936 return (error);
1937 }
1938
1939 /* m will not be freed nor modified */
1940 static struct mbuf *
key_gather_mbuf(struct mbuf * m,const struct sadb_msghdr * mhp,int ndeep,int nitem,...)1941 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
1942 int ndeep, int nitem, ...)
1943 {
1944 va_list ap;
1945 int idx;
1946 int i;
1947 struct mbuf *result = NULL, *n;
1948 int len;
1949
1950 IPSEC_ASSERT(m != NULL, ("null mbuf"));
1951 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
1952
1953 va_start(ap, nitem);
1954 for (i = 0; i < nitem; i++) {
1955 idx = va_arg(ap, int);
1956 if (idx < 0 || idx > SADB_EXT_MAX)
1957 goto fail;
1958 /* don't attempt to pull empty extension */
1959 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
1960 continue;
1961 if (idx != SADB_EXT_RESERVED &&
1962 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
1963 continue;
1964
1965 if (idx == SADB_EXT_RESERVED) {
1966 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
1967
1968 IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len));
1969
1970 MGETHDR(n, M_NOWAIT, MT_DATA);
1971 if (!n)
1972 goto fail;
1973 n->m_len = len;
1974 n->m_next = NULL;
1975 m_copydata(m, 0, sizeof(struct sadb_msg),
1976 mtod(n, caddr_t));
1977 } else if (i < ndeep) {
1978 len = mhp->extlen[idx];
1979 n = m_get2(len, M_NOWAIT, MT_DATA, 0);
1980 if (n == NULL)
1981 goto fail;
1982 m_align(n, len);
1983 n->m_len = len;
1984 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
1985 mtod(n, caddr_t));
1986 } else {
1987 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
1988 M_NOWAIT);
1989 }
1990 if (n == NULL)
1991 goto fail;
1992
1993 if (result)
1994 m_cat(result, n);
1995 else
1996 result = n;
1997 }
1998 va_end(ap);
1999
2000 if ((result->m_flags & M_PKTHDR) != 0) {
2001 result->m_pkthdr.len = 0;
2002 for (n = result; n; n = n->m_next)
2003 result->m_pkthdr.len += n->m_len;
2004 }
2005
2006 return result;
2007
2008 fail:
2009 m_freem(result);
2010 va_end(ap);
2011 return NULL;
2012 }
2013
2014 /*
2015 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
2016 * add an entry to SP database, when received
2017 * <base, address(SD), (lifetime(H),) policy>
2018 * from the user(?).
2019 * Adding to SP database,
2020 * and send
2021 * <base, address(SD), (lifetime(H),) policy>
2022 * to the socket which was send.
2023 *
2024 * SPDADD set a unique policy entry.
2025 * SPDSETIDX like SPDADD without a part of policy requests.
2026 * SPDUPDATE replace a unique policy entry.
2027 *
2028 * XXXAE: serialize this in PF_KEY to avoid races.
2029 * m will always be freed.
2030 */
2031 static int
key_spdadd(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)2032 key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
2033 {
2034 struct secpolicyindex spidx;
2035 struct sadb_address *src0, *dst0;
2036 struct sadb_x_policy *xpl0, *xpl;
2037 struct sadb_lifetime *lft = NULL;
2038 struct secpolicy *newsp, *oldsp;
2039 int error;
2040
2041 IPSEC_ASSERT(so != NULL, ("null socket"));
2042 IPSEC_ASSERT(m != NULL, ("null mbuf"));
2043 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
2044 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
2045
2046 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) ||
2047 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) ||
2048 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) {
2049 ipseclog((LOG_DEBUG,
2050 "%s: invalid message: missing required header.\n",
2051 __func__));
2052 return key_senderror(so, m, EINVAL);
2053 }
2054 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) ||
2055 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) ||
2056 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) {
2057 ipseclog((LOG_DEBUG,
2058 "%s: invalid message: wrong header size.\n", __func__));
2059 return key_senderror(so, m, EINVAL);
2060 }
2061 if (!SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD)) {
2062 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD)) {
2063 ipseclog((LOG_DEBUG,
2064 "%s: invalid message: wrong header size.\n",
2065 __func__));
2066 return key_senderror(so, m, EINVAL);
2067 }
2068 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
2069 }
2070
2071 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
2072 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
2073 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
2074
2075 /* check the direciton */
2076 switch (xpl0->sadb_x_policy_dir) {
2077 case IPSEC_DIR_INBOUND:
2078 case IPSEC_DIR_OUTBOUND:
2079 break;
2080 default:
2081 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__));
2082 return key_senderror(so, m, EINVAL);
2083 }
2084 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
2085 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD &&
2086 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE &&
2087 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) {
2088 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__));
2089 return key_senderror(so, m, EINVAL);
2090 }
2091
2092 /* policy requests are mandatory when action is ipsec. */
2093 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
2094 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
2095 ipseclog((LOG_DEBUG,
2096 "%s: policy requests required.\n", __func__));
2097 return key_senderror(so, m, EINVAL);
2098 }
2099
2100 error = key_checksockaddrs((struct sockaddr *)(src0 + 1),
2101 (struct sockaddr *)(dst0 + 1));
2102 if (error != 0 ||
2103 src0->sadb_address_proto != dst0->sadb_address_proto) {
2104 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__));
2105 return key_senderror(so, m, error);
2106 }
2107 /* make secindex */
2108 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
2109 src0 + 1,
2110 dst0 + 1,
2111 src0->sadb_address_prefixlen,
2112 dst0->sadb_address_prefixlen,
2113 src0->sadb_address_proto,
2114 &spidx);
2115 /* Checking there is SP already or not. */
2116 oldsp = key_getsp(&spidx);
2117 if (oldsp != NULL) {
2118 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
2119 KEYDBG(KEY_STAMP,
2120 printf("%s: unlink SP(%p) for SPDUPDATE\n",
2121 __func__, oldsp));
2122 KEYDBG(KEY_DATA, kdebug_secpolicy(oldsp));
2123 } else {
2124 key_freesp(&oldsp);
2125 ipseclog((LOG_DEBUG,
2126 "%s: a SP entry exists already.\n", __func__));
2127 return (key_senderror(so, m, EEXIST));
2128 }
2129 }
2130
2131 /* allocate new SP entry */
2132 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
2133 if (oldsp != NULL) {
2134 key_unlink(oldsp);
2135 key_freesp(&oldsp); /* second for our reference */
2136 }
2137 return key_senderror(so, m, error);
2138 }
2139
2140 newsp->lastused = newsp->created = time_second;
2141 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
2142 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
2143 bcopy(&spidx, &newsp->spidx, sizeof(spidx));
2144 #ifdef IPSEC_OFFLOAD
2145 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_IF_HW_OFFL) &&
2146 !SADB_CHECKLEN(mhp, SADB_X_EXT_IF_HW_OFFL)) {
2147 struct sadb_x_if_hw_offl *xof;
2148
2149 xof = (struct sadb_x_if_hw_offl *)mhp->ext[
2150 SADB_X_EXT_IF_HW_OFFL];
2151 newsp->accel_ifname = malloc(sizeof(xof->sadb_x_if_hw_offl_if),
2152 M_IPSEC_MISC, M_NOWAIT);
2153 if (newsp->accel_ifname == NULL) {
2154 ipseclog((LOG_DEBUG, "%s: cannot alloc accel_ifname.\n",
2155 __func__));
2156 key_freesp(&newsp);
2157 return (key_senderror(so, m, error));
2158 }
2159 strncpy(__DECONST(char *, newsp->accel_ifname),
2160 xof->sadb_x_if_hw_offl_if,
2161 sizeof(xof->sadb_x_if_hw_offl_if));
2162 }
2163
2164 #endif
2165
2166 SPTREE_WLOCK();
2167 if ((newsp->id = key_getnewspid()) == 0) {
2168 if (oldsp != NULL)
2169 key_detach(oldsp);
2170 SPTREE_WUNLOCK();
2171 if (oldsp != NULL) {
2172 ipsec_accel_sync();
2173 key_freesp(&oldsp); /* first for key_detach */
2174 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug"));
2175 key_freesp(&oldsp); /* second for our reference */
2176 if (SPDCACHE_ENABLED()) /* refresh cache because of key_detach */
2177 spdcache_clear();
2178 }
2179 key_freesp(&newsp);
2180 return key_senderror(so, m, ENOBUFS);
2181 }
2182 if (oldsp != NULL)
2183 key_detach(oldsp);
2184 key_insertsp(newsp);
2185 SPTREE_WUNLOCK();
2186 if (oldsp != NULL) {
2187 ipsec_accel_sync();
2188 key_freesp(&oldsp); /* first for key_detach */
2189 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug"));
2190 key_freesp(&oldsp); /* second for our reference */
2191 }
2192 if (SPDCACHE_ENABLED())
2193 spdcache_clear();
2194 KEYDBG(KEY_STAMP,
2195 printf("%s: SP(%p)\n", __func__, newsp));
2196 KEYDBG(KEY_DATA, kdebug_secpolicy(newsp));
2197
2198 {
2199 struct mbuf *n, *mpolicy;
2200 struct sadb_msg *newmsg;
2201 int off;
2202
2203 /* create new sadb_msg to reply. */
2204 if (lft) {
2205 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED,
2206 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD,
2207 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2208 } else {
2209 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED,
2210 SADB_X_EXT_POLICY,
2211 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2212 }
2213 if (!n)
2214 return key_senderror(so, m, ENOBUFS);
2215
2216 if (n->m_len < sizeof(*newmsg)) {
2217 n = m_pullup(n, sizeof(*newmsg));
2218 if (!n)
2219 return key_senderror(so, m, ENOBUFS);
2220 }
2221 newmsg = mtod(n, struct sadb_msg *);
2222 newmsg->sadb_msg_errno = 0;
2223 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2224
2225 off = 0;
2226 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
2227 sizeof(*xpl), &off);
2228 if (mpolicy == NULL) {
2229 /* n is already freed */
2230 return key_senderror(so, m, ENOBUFS);
2231 }
2232 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off);
2233 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
2234 m_freem(n);
2235 return key_senderror(so, m, EINVAL);
2236 }
2237 xpl->sadb_x_policy_id = newsp->id;
2238
2239 m_freem(m);
2240 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2241 }
2242 }
2243
2244 /*
2245 * get new policy id.
2246 * OUT:
2247 * 0: failure.
2248 * others: success.
2249 */
2250 static uint32_t
key_getnewspid(void)2251 key_getnewspid(void)
2252 {
2253 struct secpolicy *sp;
2254 uint32_t newid = 0;
2255 int tries, limit;
2256
2257 SPTREE_WLOCK_ASSERT();
2258
2259 limit = atomic_load_int(&V_key_spi_trycnt);
2260 for (tries = 0; tries < limit; tries++) {
2261 if (V_policy_id == ~0) /* overflowed */
2262 newid = V_policy_id = 1;
2263 else
2264 newid = ++V_policy_id;
2265 LIST_FOREACH(sp, SPHASH_HASH(newid), idhash) {
2266 if (sp->id == newid)
2267 break;
2268 }
2269 if (sp == NULL)
2270 break;
2271 }
2272 if (tries == limit || newid == 0) {
2273 ipseclog((LOG_DEBUG, "%s: failed to allocate policy id.\n",
2274 __func__));
2275 return (0);
2276 }
2277 return (newid);
2278 }
2279
2280 /*
2281 * SADB_SPDDELETE processing
2282 * receive
2283 * <base, address(SD), policy(*)>
2284 * from the user(?), and set SADB_SASTATE_DEAD,
2285 * and send,
2286 * <base, address(SD), policy(*)>
2287 * to the ikmpd.
2288 * policy(*) including direction of policy.
2289 *
2290 * m will always be freed.
2291 */
2292 static int
key_spddelete(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)2293 key_spddelete(struct socket *so, struct mbuf *m,
2294 const struct sadb_msghdr *mhp)
2295 {
2296 struct secpolicyindex spidx;
2297 struct sadb_address *src0, *dst0;
2298 struct sadb_x_policy *xpl0;
2299 struct secpolicy *sp;
2300
2301 IPSEC_ASSERT(so != NULL, ("null so"));
2302 IPSEC_ASSERT(m != NULL, ("null mbuf"));
2303 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
2304 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
2305
2306 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) ||
2307 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) ||
2308 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) {
2309 ipseclog((LOG_DEBUG,
2310 "%s: invalid message: missing required header.\n",
2311 __func__));
2312 return key_senderror(so, m, EINVAL);
2313 }
2314 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) ||
2315 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) ||
2316 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) {
2317 ipseclog((LOG_DEBUG,
2318 "%s: invalid message: wrong header size.\n", __func__));
2319 return key_senderror(so, m, EINVAL);
2320 }
2321
2322 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
2323 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
2324 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
2325
2326 /* check the direciton */
2327 switch (xpl0->sadb_x_policy_dir) {
2328 case IPSEC_DIR_INBOUND:
2329 case IPSEC_DIR_OUTBOUND:
2330 break;
2331 default:
2332 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__));
2333 return key_senderror(so, m, EINVAL);
2334 }
2335 /* Only DISCARD, NONE and IPSEC are allowed */
2336 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD &&
2337 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE &&
2338 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) {
2339 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__));
2340 return key_senderror(so, m, EINVAL);
2341 }
2342 if (key_checksockaddrs((struct sockaddr *)(src0 + 1),
2343 (struct sockaddr *)(dst0 + 1)) != 0 ||
2344 src0->sadb_address_proto != dst0->sadb_address_proto) {
2345 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__));
2346 return key_senderror(so, m, EINVAL);
2347 }
2348 /* make secindex */
2349 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
2350 src0 + 1,
2351 dst0 + 1,
2352 src0->sadb_address_prefixlen,
2353 dst0->sadb_address_prefixlen,
2354 src0->sadb_address_proto,
2355 &spidx);
2356
2357 /* Is there SP in SPD ? */
2358 if ((sp = key_getsp(&spidx)) == NULL) {
2359 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__));
2360 return key_senderror(so, m, EINVAL);
2361 }
2362
2363 /* save policy id to buffer to be returned. */
2364 xpl0->sadb_x_policy_id = sp->id;
2365
2366 KEYDBG(KEY_STAMP,
2367 printf("%s: SP(%p)\n", __func__, sp));
2368 KEYDBG(KEY_DATA, kdebug_secpolicy(sp));
2369 ipsec_accel_spddel(sp);
2370 key_unlink(sp);
2371 key_freesp(&sp);
2372
2373 {
2374 struct mbuf *n;
2375 struct sadb_msg *newmsg;
2376
2377 /* create new sadb_msg to reply. */
2378 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
2379 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2380 if (!n)
2381 return key_senderror(so, m, ENOBUFS);
2382
2383 newmsg = mtod(n, struct sadb_msg *);
2384 newmsg->sadb_msg_errno = 0;
2385 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2386
2387 m_freem(m);
2388 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2389 }
2390 }
2391
2392 /*
2393 * SADB_SPDDELETE2 processing
2394 * receive
2395 * <base, policy(*)>
2396 * from the user(?), and set SADB_SASTATE_DEAD,
2397 * and send,
2398 * <base, policy(*)>
2399 * to the ikmpd.
2400 * policy(*) including direction of policy.
2401 *
2402 * m will always be freed.
2403 */
2404 static int
key_spddelete2(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)2405 key_spddelete2(struct socket *so, struct mbuf *m,
2406 const struct sadb_msghdr *mhp)
2407 {
2408 struct secpolicy *sp;
2409 uint32_t id;
2410
2411 IPSEC_ASSERT(so != NULL, ("null socket"));
2412 IPSEC_ASSERT(m != NULL, ("null mbuf"));
2413 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
2414 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
2415
2416 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) ||
2417 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) {
2418 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
2419 __func__));
2420 return key_senderror(so, m, EINVAL);
2421 }
2422
2423 id = ((struct sadb_x_policy *)
2424 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2425
2426 /* Is there SP in SPD ? */
2427 if ((sp = key_getspbyid(id)) == NULL) {
2428 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n",
2429 __func__, id));
2430 return key_senderror(so, m, EINVAL);
2431 }
2432
2433 KEYDBG(KEY_STAMP,
2434 printf("%s: SP(%p)\n", __func__, sp));
2435 KEYDBG(KEY_DATA, kdebug_secpolicy(sp));
2436 key_unlink(sp);
2437 if (sp->state != IPSEC_SPSTATE_DEAD) {
2438 ipseclog((LOG_DEBUG, "%s: failed to delete SP with id %u.\n",
2439 __func__, id));
2440 key_freesp(&sp);
2441 return (key_senderror(so, m, EACCES));
2442 }
2443 key_freesp(&sp);
2444
2445 {
2446 struct mbuf *n, *nn;
2447 struct sadb_msg *newmsg;
2448 int off, len;
2449
2450 /* create new sadb_msg to reply. */
2451 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2452
2453 n = key_mget(len);
2454 if (n == NULL)
2455 return key_senderror(so, m, ENOBUFS);
2456
2457 n->m_len = len;
2458 n->m_next = NULL;
2459 off = 0;
2460
2461 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
2462 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
2463
2464 IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)",
2465 off, len));
2466
2467 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
2468 mhp->extlen[SADB_X_EXT_POLICY], M_NOWAIT);
2469 if (!n->m_next) {
2470 m_freem(n);
2471 return key_senderror(so, m, ENOBUFS);
2472 }
2473
2474 n->m_pkthdr.len = 0;
2475 for (nn = n; nn; nn = nn->m_next)
2476 n->m_pkthdr.len += nn->m_len;
2477
2478 newmsg = mtod(n, struct sadb_msg *);
2479 newmsg->sadb_msg_errno = 0;
2480 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2481
2482 m_freem(m);
2483 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2484 }
2485 }
2486
2487 /*
2488 * SADB_X_SPDGET processing
2489 * receive
2490 * <base, policy(*)>
2491 * from the user(?),
2492 * and send,
2493 * <base, address(SD), policy>
2494 * to the ikmpd.
2495 * policy(*) including direction of policy.
2496 *
2497 * m will always be freed.
2498 */
2499 static int
key_spdget(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)2500 key_spdget(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
2501 {
2502 struct secpolicy *sp;
2503 struct mbuf *n;
2504 uint32_t id;
2505
2506 IPSEC_ASSERT(so != NULL, ("null socket"));
2507 IPSEC_ASSERT(m != NULL, ("null mbuf"));
2508 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
2509 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
2510
2511 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) ||
2512 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) {
2513 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
2514 __func__));
2515 return key_senderror(so, m, EINVAL);
2516 }
2517
2518 id = ((struct sadb_x_policy *)
2519 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2520
2521 /* Is there SP in SPD ? */
2522 if ((sp = key_getspbyid(id)) == NULL) {
2523 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n",
2524 __func__, id));
2525 return key_senderror(so, m, ENOENT);
2526 }
2527
2528 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq,
2529 mhp->msg->sadb_msg_pid);
2530 key_freesp(&sp);
2531 if (n != NULL) {
2532 m_freem(m);
2533 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2534 } else
2535 return key_senderror(so, m, ENOBUFS);
2536 }
2537
2538 /*
2539 * SADB_X_SPDACQUIRE processing.
2540 * Acquire policy and SA(s) for a *OUTBOUND* packet.
2541 * send
2542 * <base, policy(*)>
2543 * to KMD, and expect to receive
2544 * <base> with SADB_X_SPDACQUIRE if error occurred,
2545 * or
2546 * <base, policy>
2547 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
2548 * policy(*) is without policy requests.
2549 *
2550 * 0 : succeed
2551 * others: error number
2552 */
2553 int
key_spdacquire(struct secpolicy * sp)2554 key_spdacquire(struct secpolicy *sp)
2555 {
2556 struct mbuf *result = NULL, *m;
2557 struct secspacq *newspacq;
2558
2559 IPSEC_ASSERT(sp != NULL, ("null secpolicy"));
2560 IPSEC_ASSERT(sp->req == NULL, ("policy exists"));
2561 IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC,
2562 ("policy not IPSEC %u", sp->policy));
2563
2564 /* Get an entry to check whether sent message or not. */
2565 newspacq = key_getspacq(&sp->spidx);
2566 if (newspacq != NULL) {
2567 if (V_key_blockacq_count < newspacq->count) {
2568 /* reset counter and do send message. */
2569 newspacq->count = 0;
2570 } else {
2571 /* increment counter and do nothing. */
2572 newspacq->count++;
2573 SPACQ_UNLOCK();
2574 return (0);
2575 }
2576 SPACQ_UNLOCK();
2577 } else {
2578 /* make new entry for blocking to send SADB_ACQUIRE. */
2579 newspacq = key_newspacq(&sp->spidx);
2580 if (newspacq == NULL)
2581 return ENOBUFS;
2582 }
2583
2584 /* create new sadb_msg to reply. */
2585 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
2586 if (!m)
2587 return ENOBUFS;
2588
2589 result = m;
2590
2591 result->m_pkthdr.len = 0;
2592 for (m = result; m; m = m->m_next)
2593 result->m_pkthdr.len += m->m_len;
2594
2595 mtod(result, struct sadb_msg *)->sadb_msg_len =
2596 PFKEY_UNIT64(result->m_pkthdr.len);
2597
2598 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED);
2599 }
2600
2601 /*
2602 * SADB_SPDFLUSH processing
2603 * receive
2604 * <base>
2605 * from the user, and free all entries in secpctree.
2606 * and send,
2607 * <base>
2608 * to the user.
2609 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
2610 *
2611 * m will always be freed.
2612 */
2613 static int
key_spdflush(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)2614 key_spdflush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
2615 {
2616 struct secpolicy_queue drainq;
2617 struct sadb_msg *newmsg;
2618 struct secpolicy *sp, *nextsp;
2619 u_int dir;
2620
2621 IPSEC_ASSERT(so != NULL, ("null socket"));
2622 IPSEC_ASSERT(m != NULL, ("null mbuf"));
2623 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
2624 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
2625
2626 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
2627 return key_senderror(so, m, EINVAL);
2628
2629 TAILQ_INIT(&drainq);
2630 SPTREE_WLOCK();
2631 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2632 TAILQ_CONCAT(&drainq, &V_sptree[dir], chain);
2633 }
2634 /*
2635 * We need to set state to DEAD for each policy to be sure,
2636 * that another thread won't try to unlink it.
2637 * Also remove SP from sphash.
2638 */
2639 TAILQ_FOREACH(sp, &drainq, chain) {
2640 sp->state = IPSEC_SPSTATE_DEAD;
2641 ipsec_accel_spddel(sp);
2642 LIST_REMOVE(sp, idhash);
2643 }
2644 V_sp_genid++;
2645 V_spd_size = 0;
2646 SPTREE_WUNLOCK();
2647 if (SPDCACHE_ENABLED())
2648 spdcache_clear();
2649 sp = TAILQ_FIRST(&drainq);
2650 while (sp != NULL) {
2651 nextsp = TAILQ_NEXT(sp, chain);
2652 key_freesp(&sp);
2653 sp = nextsp;
2654 }
2655
2656 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
2657 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
2658 return key_senderror(so, m, ENOBUFS);
2659 }
2660
2661 if (m->m_next)
2662 m_freem(m->m_next);
2663 m->m_next = NULL;
2664 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2665 newmsg = mtod(m, struct sadb_msg *);
2666 newmsg->sadb_msg_errno = 0;
2667 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
2668
2669 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
2670 }
2671
2672 static uint8_t
key_satype2scopemask(uint8_t satype)2673 key_satype2scopemask(uint8_t satype)
2674 {
2675
2676 if (satype == IPSEC_POLICYSCOPE_ANY)
2677 return (0xff);
2678 return (satype);
2679 }
2680 /*
2681 * SADB_SPDDUMP processing
2682 * receive
2683 * <base>
2684 * from the user, and dump all SP leaves and send,
2685 * <base> .....
2686 * to the ikmpd.
2687 *
2688 * NOTE:
2689 * sadb_msg_satype is considered as mask of policy scopes.
2690 * m will always be freed.
2691 */
2692 static int
key_spddump(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)2693 key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
2694 {
2695 SPTREE_RLOCK_TRACKER;
2696 struct secpolicy *sp;
2697 struct mbuf *n;
2698 int cnt;
2699 u_int dir, scope;
2700
2701 IPSEC_ASSERT(so != NULL, ("null socket"));
2702 IPSEC_ASSERT(m != NULL, ("null mbuf"));
2703 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
2704 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
2705
2706 /* search SPD entry and get buffer size. */
2707 cnt = 0;
2708 scope = key_satype2scopemask(mhp->msg->sadb_msg_satype);
2709 SPTREE_RLOCK();
2710 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2711 if (scope & IPSEC_POLICYSCOPE_GLOBAL) {
2712 TAILQ_FOREACH(sp, &V_sptree[dir], chain)
2713 cnt++;
2714 }
2715 if (scope & IPSEC_POLICYSCOPE_IFNET) {
2716 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain)
2717 cnt++;
2718 }
2719 }
2720
2721 if (cnt == 0) {
2722 SPTREE_RUNLOCK();
2723 return key_senderror(so, m, ENOENT);
2724 }
2725
2726 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2727 if (scope & IPSEC_POLICYSCOPE_GLOBAL) {
2728 TAILQ_FOREACH(sp, &V_sptree[dir], chain) {
2729 --cnt;
2730 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
2731 mhp->msg->sadb_msg_pid);
2732
2733 if (n != NULL)
2734 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2735 }
2736 }
2737 if (scope & IPSEC_POLICYSCOPE_IFNET) {
2738 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) {
2739 --cnt;
2740 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
2741 mhp->msg->sadb_msg_pid);
2742
2743 if (n != NULL)
2744 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2745 }
2746 }
2747 }
2748
2749 SPTREE_RUNLOCK();
2750 m_freem(m);
2751 return (0);
2752 }
2753
2754 static struct mbuf *
key_setdumpsp(struct secpolicy * sp,u_int8_t type,u_int32_t seq,u_int32_t pid)2755 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq,
2756 u_int32_t pid)
2757 {
2758 struct mbuf *result = NULL, *m;
2759 struct seclifetime lt;
2760
2761 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
2762 if (!m)
2763 goto fail;
2764 result = m;
2765
2766 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2767 &sp->spidx.src.sa, sp->spidx.prefs,
2768 sp->spidx.ul_proto);
2769 if (!m)
2770 goto fail;
2771 m_cat(result, m);
2772
2773 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2774 &sp->spidx.dst.sa, sp->spidx.prefd,
2775 sp->spidx.ul_proto);
2776 if (!m)
2777 goto fail;
2778 m_cat(result, m);
2779
2780 m = key_sp2mbuf(sp);
2781 if (!m)
2782 goto fail;
2783 m_cat(result, m);
2784
2785 if(sp->lifetime){
2786 lt.addtime=sp->created;
2787 lt.usetime= sp->lastused;
2788 m = key_setlifetime(<, SADB_EXT_LIFETIME_CURRENT);
2789 if (!m)
2790 goto fail;
2791 m_cat(result, m);
2792
2793 lt.addtime=sp->lifetime;
2794 lt.usetime= sp->validtime;
2795 m = key_setlifetime(<, SADB_EXT_LIFETIME_HARD);
2796 if (!m)
2797 goto fail;
2798 m_cat(result, m);
2799 }
2800
2801 if ((result->m_flags & M_PKTHDR) == 0)
2802 goto fail;
2803
2804 if (result->m_len < sizeof(struct sadb_msg)) {
2805 result = m_pullup(result, sizeof(struct sadb_msg));
2806 if (result == NULL)
2807 goto fail;
2808 }
2809
2810 result->m_pkthdr.len = 0;
2811 for (m = result; m; m = m->m_next)
2812 result->m_pkthdr.len += m->m_len;
2813
2814 mtod(result, struct sadb_msg *)->sadb_msg_len =
2815 PFKEY_UNIT64(result->m_pkthdr.len);
2816
2817 return result;
2818
2819 fail:
2820 m_freem(result);
2821 return NULL;
2822 }
2823 /*
2824 * get PFKEY message length for security policy and request.
2825 */
2826 static size_t
key_getspreqmsglen(struct secpolicy * sp)2827 key_getspreqmsglen(struct secpolicy *sp)
2828 {
2829 size_t tlen, len;
2830 int i;
2831
2832 tlen = sizeof(struct sadb_x_policy);
2833 /* if is the policy for ipsec ? */
2834 if (sp->policy != IPSEC_POLICY_IPSEC)
2835 return (tlen);
2836
2837 /* get length of ipsec requests */
2838 for (i = 0; i < sp->tcount; i++) {
2839 len = sizeof(struct sadb_x_ipsecrequest)
2840 + sp->req[i]->saidx.src.sa.sa_len
2841 + sp->req[i]->saidx.dst.sa.sa_len;
2842
2843 tlen += PFKEY_ALIGN8(len);
2844 }
2845 #ifdef IPSEC_OFFLOAD
2846 if (sp->accel_ifname != NULL)
2847 tlen += sizeof(struct sadb_x_if_hw_offl);
2848 #endif
2849 return (tlen);
2850 }
2851
2852 /*
2853 * SADB_SPDEXPIRE processing
2854 * send
2855 * <base, address(SD), lifetime(CH), policy>
2856 * to KMD by PF_KEY.
2857 *
2858 * OUT: 0 : succeed
2859 * others : error number
2860 */
2861 static int
key_spdexpire(struct secpolicy * sp)2862 key_spdexpire(struct secpolicy *sp)
2863 {
2864 struct sadb_lifetime *lt;
2865 struct mbuf *result = NULL, *m;
2866 int len, error = -1;
2867
2868 IPSEC_ASSERT(sp != NULL, ("null secpolicy"));
2869
2870 KEYDBG(KEY_STAMP,
2871 printf("%s: SP(%p)\n", __func__, sp));
2872 KEYDBG(KEY_DATA, kdebug_secpolicy(sp));
2873
2874 /* set msg header */
2875 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
2876 if (!m) {
2877 error = ENOBUFS;
2878 goto fail;
2879 }
2880 result = m;
2881
2882 /* create lifetime extension (current and hard) */
2883 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
2884 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
2885 if (m == NULL) {
2886 error = ENOBUFS;
2887 goto fail;
2888 }
2889 m_align(m, len);
2890 m->m_len = len;
2891 bzero(mtod(m, caddr_t), len);
2892 lt = mtod(m, struct sadb_lifetime *);
2893 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2894 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
2895 lt->sadb_lifetime_allocations = 0;
2896 lt->sadb_lifetime_bytes = 0;
2897 lt->sadb_lifetime_addtime = sp->created;
2898 lt->sadb_lifetime_usetime = sp->lastused;
2899 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
2900 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2901 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
2902 lt->sadb_lifetime_allocations = 0;
2903 lt->sadb_lifetime_bytes = 0;
2904 lt->sadb_lifetime_addtime = sp->lifetime;
2905 lt->sadb_lifetime_usetime = sp->validtime;
2906 m_cat(result, m);
2907
2908 /* set sadb_address for source */
2909 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2910 &sp->spidx.src.sa,
2911 sp->spidx.prefs, sp->spidx.ul_proto);
2912 if (!m) {
2913 error = ENOBUFS;
2914 goto fail;
2915 }
2916 m_cat(result, m);
2917
2918 /* set sadb_address for destination */
2919 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2920 &sp->spidx.dst.sa,
2921 sp->spidx.prefd, sp->spidx.ul_proto);
2922 if (!m) {
2923 error = ENOBUFS;
2924 goto fail;
2925 }
2926 m_cat(result, m);
2927
2928 /* set secpolicy */
2929 m = key_sp2mbuf(sp);
2930 if (!m) {
2931 error = ENOBUFS;
2932 goto fail;
2933 }
2934 m_cat(result, m);
2935
2936 if ((result->m_flags & M_PKTHDR) == 0) {
2937 error = EINVAL;
2938 goto fail;
2939 }
2940
2941 if (result->m_len < sizeof(struct sadb_msg)) {
2942 result = m_pullup(result, sizeof(struct sadb_msg));
2943 if (result == NULL) {
2944 error = ENOBUFS;
2945 goto fail;
2946 }
2947 }
2948
2949 result->m_pkthdr.len = 0;
2950 for (m = result; m; m = m->m_next)
2951 result->m_pkthdr.len += m->m_len;
2952
2953 mtod(result, struct sadb_msg *)->sadb_msg_len =
2954 PFKEY_UNIT64(result->m_pkthdr.len);
2955
2956 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
2957
2958 fail:
2959 if (result)
2960 m_freem(result);
2961 return error;
2962 }
2963
2964 /* %%% SAD management */
2965 /*
2966 * allocating and initialize new SA head.
2967 * OUT: NULL : failure due to the lack of memory.
2968 * others : pointer to new SA head.
2969 */
2970 static struct secashead *
key_newsah(struct secasindex * saidx)2971 key_newsah(struct secasindex *saidx)
2972 {
2973 struct secashead *sah;
2974
2975 sah = malloc(sizeof(struct secashead), M_IPSEC_SAH,
2976 M_NOWAIT | M_ZERO);
2977 if (sah == NULL) {
2978 PFKEYSTAT_INC(in_nomem);
2979 return (NULL);
2980 }
2981 TAILQ_INIT(&sah->savtree_larval);
2982 TAILQ_INIT(&sah->savtree_alive);
2983 sah->saidx = *saidx;
2984 sah->state = SADB_SASTATE_DEAD;
2985 SAH_INITREF(sah);
2986
2987 KEYDBG(KEY_STAMP,
2988 printf("%s: SAH(%p)\n", __func__, sah));
2989 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL));
2990 return (sah);
2991 }
2992
2993 static void
key_freesah(struct secashead ** psah)2994 key_freesah(struct secashead **psah)
2995 {
2996 struct secashead *sah = *psah;
2997
2998 CURVNET_ASSERT_SET();
2999
3000 if (SAH_DELREF(sah) == 0)
3001 return;
3002
3003 KEYDBG(KEY_STAMP,
3004 printf("%s: last reference to SAH(%p)\n", __func__, sah));
3005 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL));
3006
3007 *psah = NULL;
3008 key_delsah(sah);
3009 }
3010
3011 static void
key_delsah(struct secashead * sah)3012 key_delsah(struct secashead *sah)
3013 {
3014 IPSEC_ASSERT(sah != NULL, ("NULL sah"));
3015 IPSEC_ASSERT(sah->state == SADB_SASTATE_DEAD,
3016 ("Attempt to free non DEAD SAH %p", sah));
3017 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_larval),
3018 ("Attempt to free SAH %p with LARVAL SA", sah));
3019 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_alive),
3020 ("Attempt to free SAH %p with ALIVE SA", sah));
3021
3022 free(sah, M_IPSEC_SAH);
3023 }
3024
3025 /*
3026 * allocating a new SA for key_add() and key_getspi() call,
3027 * and copy the values of mhp into new buffer.
3028 * When SAD message type is SADB_GETSPI set SA state to LARVAL.
3029 * For SADB_ADD create and initialize SA with MATURE state.
3030 * OUT: NULL : fail
3031 * others : pointer to new secasvar.
3032 */
3033 static struct secasvar *
key_newsav(const struct sadb_msghdr * mhp,struct secasindex * saidx,uint32_t spi,int * errp)3034 key_newsav(const struct sadb_msghdr *mhp, struct secasindex *saidx,
3035 uint32_t spi, int *errp)
3036 {
3037 struct secashead *sah;
3038 struct secasvar *sav;
3039 int isnew;
3040
3041 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
3042 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
3043 IPSEC_ASSERT(mhp->msg->sadb_msg_type == SADB_GETSPI ||
3044 mhp->msg->sadb_msg_type == SADB_ADD, ("wrong message type"));
3045
3046 sav = NULL;
3047 sah = NULL;
3048 /* check SPI value */
3049 switch (saidx->proto) {
3050 case IPPROTO_ESP:
3051 case IPPROTO_AH:
3052 /*
3053 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values
3054 * 1-255 reserved by IANA for future use,
3055 * 0 for implementation specific, local use.
3056 */
3057 if (ntohl(spi) <= 255) {
3058 ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n",
3059 __func__, ntohl(spi)));
3060 *errp = EINVAL;
3061 goto done;
3062 }
3063 break;
3064 }
3065
3066 sav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT | M_ZERO);
3067 if (sav == NULL) {
3068 *errp = ENOBUFS;
3069 goto done;
3070 }
3071 sav->lock = malloc_aligned(max(sizeof(struct rmlock),
3072 CACHE_LINE_SIZE), CACHE_LINE_SIZE, M_IPSEC_MISC,
3073 M_NOWAIT | M_ZERO);
3074 if (sav->lock == NULL) {
3075 *errp = ENOBUFS;
3076 goto done;
3077 }
3078 rm_init(sav->lock, "ipsec association");
3079 sav->lft_c = uma_zalloc_pcpu(ipsec_key_lft_zone, M_NOWAIT | M_ZERO);
3080 if (sav->lft_c == NULL) {
3081 *errp = ENOBUFS;
3082 goto done;
3083 }
3084
3085 sav->spi = spi;
3086 sav->seq = mhp->msg->sadb_msg_seq;
3087 sav->state = SADB_SASTATE_LARVAL;
3088 sav->pid = (pid_t)mhp->msg->sadb_msg_pid;
3089 SAV_INITREF(sav);
3090 #ifdef IPSEC_OFFLOAD
3091 CK_LIST_INIT(&sav->accel_ifps);
3092 sav->accel_forget_tq = 0;
3093 sav->accel_lft_sw = uma_zalloc_pcpu(ipsec_key_lft_zone,
3094 M_NOWAIT | M_ZERO);
3095 if (sav->accel_lft_sw == NULL) {
3096 *errp = ENOBUFS;
3097 goto done;
3098 }
3099 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_IF_HW_OFFL) &&
3100 !SADB_CHECKLEN(mhp, SADB_X_EXT_IF_HW_OFFL)) {
3101 struct sadb_x_if_hw_offl *xof;
3102
3103 xof = (struct sadb_x_if_hw_offl *)mhp->ext[
3104 SADB_X_EXT_IF_HW_OFFL];
3105 sav->accel_ifname = malloc(sizeof(xof->sadb_x_if_hw_offl_if),
3106 M_IPSEC_MISC, M_NOWAIT);
3107 if (sav->accel_ifname == NULL) {
3108 *errp = ENOBUFS;
3109 goto done;
3110 }
3111 strncpy(__DECONST(char *, sav->accel_ifname),
3112 xof->sadb_x_if_hw_offl_if,
3113 sizeof(xof->sadb_x_if_hw_offl_if));
3114 }
3115 #endif
3116 again:
3117 sah = key_getsah(saidx);
3118 if (sah == NULL) {
3119 /* create a new SA index */
3120 sah = key_newsah(saidx);
3121 if (sah == NULL) {
3122 ipseclog((LOG_DEBUG,
3123 "%s: No more memory.\n", __func__));
3124 *errp = ENOBUFS;
3125 goto done;
3126 }
3127 isnew = 1;
3128 } else
3129 isnew = 0;
3130
3131 sav->sah = sah;
3132 if (mhp->msg->sadb_msg_type == SADB_GETSPI) {
3133 sav->created = time_second;
3134 } else if (sav->state == SADB_SASTATE_LARVAL) {
3135 /*
3136 * Do not call key_setsaval() second time in case
3137 * of `goto again`. We will have MATURE state.
3138 */
3139 *errp = key_setsaval(sav, mhp);
3140 if (*errp != 0)
3141 goto done;
3142 sav->state = SADB_SASTATE_MATURE;
3143 }
3144
3145 SAHTREE_WLOCK();
3146 /*
3147 * Check that existing SAH wasn't unlinked.
3148 * Since we didn't hold the SAHTREE lock, it is possible,
3149 * that callout handler or key_flush() or key_delete() could
3150 * unlink this SAH.
3151 */
3152 if (isnew == 0 && sah->state == SADB_SASTATE_DEAD) {
3153 SAHTREE_WUNLOCK();
3154 key_freesah(&sah); /* reference from key_getsah() */
3155 goto again;
3156 }
3157 if (isnew != 0) {
3158 /*
3159 * Add new SAH into SADB.
3160 *
3161 * XXXAE: we can serialize key_add and key_getspi calls, so
3162 * several threads will not fight in the race.
3163 * Otherwise we should check under SAHTREE lock, that this
3164 * SAH would not added twice.
3165 */
3166 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain);
3167 /* Add new SAH into hash by addresses */
3168 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash);
3169 /* Now we are linked in the chain */
3170 sah->state = SADB_SASTATE_MATURE;
3171 /*
3172 * SAV references this new SAH.
3173 * In case of existing SAH we reuse reference
3174 * from key_getsah().
3175 */
3176 SAH_ADDREF(sah);
3177 }
3178 /* Link SAV with SAH */
3179 if (sav->state == SADB_SASTATE_MATURE) {
3180 TAILQ_INSERT_HEAD(&sah->savtree_alive, sav, chain);
3181 ipsec_accel_sa_newkey(sav);
3182 } else
3183 TAILQ_INSERT_HEAD(&sah->savtree_larval, sav, chain);
3184 /* Add SAV into SPI hash */
3185 LIST_INSERT_HEAD(SAVHASH_HASH(sav->spi), sav, spihash);
3186 SAHTREE_WUNLOCK();
3187 *errp = 0; /* success */
3188 done:
3189 if (*errp != 0) {
3190 if (sav != NULL) {
3191 if (sav->lock != NULL) {
3192 rm_destroy(sav->lock);
3193 free(sav->lock, M_IPSEC_MISC);
3194 }
3195 if (sav->lft_c != NULL)
3196 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c);
3197 #ifdef IPSEC_OFFLOAD
3198 if (sav->accel_lft_sw != NULL)
3199 uma_zfree_pcpu(ipsec_key_lft_zone,
3200 sav->accel_lft_sw);
3201 free(__DECONST(char *, sav->accel_ifname),
3202 M_IPSEC_MISC);
3203 #endif
3204 free(sav, M_IPSEC_SA), sav = NULL;
3205 }
3206 if (sah != NULL)
3207 key_freesah(&sah);
3208 if (*errp == ENOBUFS) {
3209 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
3210 __func__));
3211 PFKEYSTAT_INC(in_nomem);
3212 }
3213 }
3214 return (sav);
3215 }
3216
3217 /*
3218 * free() SA variable entry.
3219 */
3220 static void
key_cleansav(struct secasvar * sav)3221 key_cleansav(struct secasvar *sav)
3222 {
3223
3224 if (sav->natt != NULL) {
3225 free(sav->natt, M_IPSEC_MISC);
3226 sav->natt = NULL;
3227 }
3228 if (sav->flags & SADB_X_EXT_F_CLONED)
3229 return;
3230 if (sav->tdb_xform != NULL) {
3231 sav->tdb_xform->xf_cleanup(sav);
3232 sav->tdb_xform = NULL;
3233 }
3234 if (sav->key_auth != NULL) {
3235 zfree(sav->key_auth->key_data, M_IPSEC_MISC);
3236 free(sav->key_auth, M_IPSEC_MISC);
3237 sav->key_auth = NULL;
3238 }
3239 if (sav->key_enc != NULL) {
3240 zfree(sav->key_enc->key_data, M_IPSEC_MISC);
3241 free(sav->key_enc, M_IPSEC_MISC);
3242 sav->key_enc = NULL;
3243 }
3244 if (sav->replay != NULL) {
3245 mtx_destroy(&sav->replay->lock);
3246 if (sav->replay->bitmap != NULL)
3247 free(sav->replay->bitmap, M_IPSEC_MISC);
3248 free(sav->replay, M_IPSEC_MISC);
3249 sav->replay = NULL;
3250 }
3251 if (sav->lft_h != NULL) {
3252 free(sav->lft_h, M_IPSEC_MISC);
3253 sav->lft_h = NULL;
3254 }
3255 if (sav->lft_s != NULL) {
3256 free(sav->lft_s, M_IPSEC_MISC);
3257 sav->lft_s = NULL;
3258 }
3259 }
3260
3261 /*
3262 * free() SA variable entry.
3263 */
3264 static void
key_delsav(struct secasvar * sav)3265 key_delsav(struct secasvar *sav)
3266 {
3267 IPSEC_ASSERT(sav != NULL, ("null sav"));
3268 IPSEC_ASSERT(sav->state == SADB_SASTATE_DEAD,
3269 ("attempt to free non DEAD SA %p", sav));
3270 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0",
3271 sav->refcnt));
3272 #ifdef IPSEC_OFFLOAD
3273 KASSERT(CK_LIST_EMPTY(&sav->accel_ifps),
3274 ("key_unlinksav: sav %p still offloaded", sav));
3275 #endif
3276
3277 /*
3278 * SA must be unlinked from the chain and hashtbl.
3279 * If SA was cloned, we leave all fields untouched,
3280 * except NAT-T config.
3281 */
3282 key_cleansav(sav);
3283 if ((sav->flags & SADB_X_EXT_F_CLONED) == 0) {
3284 rm_destroy(sav->lock);
3285 free(sav->lock, M_IPSEC_MISC);
3286 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c);
3287 }
3288 #ifdef IPSEC_OFFLOAD
3289 /* XXXKIB should this be moved to key_cleansav()? */
3290 uma_zfree_pcpu(ipsec_key_lft_zone, sav->accel_lft_sw);
3291 free(__DECONST(char *, sav->accel_ifname), M_IPSEC_MISC);
3292 #endif
3293 free(sav, M_IPSEC_SA);
3294 }
3295
3296 /*
3297 * search SAH.
3298 * OUT:
3299 * NULL : not found
3300 * others : found, referenced pointer to a SAH.
3301 */
3302 static struct secashead *
key_getsah(struct secasindex * saidx)3303 key_getsah(struct secasindex *saidx)
3304 {
3305 SAHTREE_RLOCK_TRACKER;
3306 struct secashead *sah;
3307
3308 SAHTREE_RLOCK();
3309 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) {
3310 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID) != 0) {
3311 SAH_ADDREF(sah);
3312 break;
3313 }
3314 }
3315 SAHTREE_RUNLOCK();
3316 return (sah);
3317 }
3318
3319 /*
3320 * Check not to be duplicated SPI.
3321 * OUT:
3322 * 0 : not found
3323 * 1 : found SA with given SPI.
3324 */
3325 static int
key_checkspidup(uint32_t spi)3326 key_checkspidup(uint32_t spi)
3327 {
3328 SAHTREE_RLOCK_TRACKER;
3329 struct secasvar *sav;
3330
3331 /* Assume SPI is in network byte order */
3332 SAHTREE_RLOCK();
3333 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) {
3334 if (sav->spi == spi)
3335 break;
3336 }
3337 SAHTREE_RUNLOCK();
3338 return (sav != NULL);
3339 }
3340
3341 /*
3342 * Search SA by SPI.
3343 * OUT:
3344 * NULL : not found
3345 * others : found, referenced pointer to a SA.
3346 */
3347 static struct secasvar *
key_getsavbyspi(uint32_t spi)3348 key_getsavbyspi(uint32_t spi)
3349 {
3350 SAHTREE_RLOCK_TRACKER;
3351 struct secasvar *sav;
3352
3353 /* Assume SPI is in network byte order */
3354 SAHTREE_RLOCK();
3355 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) {
3356 if (sav->spi != spi)
3357 continue;
3358 SAV_ADDREF(sav);
3359 break;
3360 }
3361 SAHTREE_RUNLOCK();
3362 return (sav);
3363 }
3364
3365 static int
key_updatelifetimes(struct secasvar * sav,const struct sadb_msghdr * mhp)3366 key_updatelifetimes(struct secasvar *sav, const struct sadb_msghdr *mhp)
3367 {
3368 struct seclifetime *lft_h, *lft_s, *tmp;
3369
3370 /* Lifetime extension is optional, check that it is present. */
3371 if (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) &&
3372 SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) {
3373 /*
3374 * In case of SADB_UPDATE we may need to change
3375 * existing lifetimes.
3376 */
3377 if (sav->state == SADB_SASTATE_MATURE) {
3378 lft_h = lft_s = NULL;
3379 goto reset;
3380 }
3381 return (0);
3382 }
3383 /* Both HARD and SOFT extensions must present */
3384 if ((SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) &&
3385 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) ||
3386 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) &&
3387 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) {
3388 ipseclog((LOG_DEBUG,
3389 "%s: invalid message: missing required header.\n",
3390 __func__));
3391 return (EINVAL);
3392 }
3393 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD) ||
3394 SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_SOFT)) {
3395 ipseclog((LOG_DEBUG,
3396 "%s: invalid message: wrong header size.\n", __func__));
3397 return (EINVAL);
3398 }
3399 lft_h = key_dup_lifemsg((const struct sadb_lifetime *)
3400 mhp->ext[SADB_EXT_LIFETIME_HARD], M_IPSEC_MISC);
3401 if (lft_h == NULL) {
3402 PFKEYSTAT_INC(in_nomem);
3403 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
3404 return (ENOBUFS);
3405 }
3406 lft_s = key_dup_lifemsg((const struct sadb_lifetime *)
3407 mhp->ext[SADB_EXT_LIFETIME_SOFT], M_IPSEC_MISC);
3408 if (lft_s == NULL) {
3409 PFKEYSTAT_INC(in_nomem);
3410 free(lft_h, M_IPSEC_MISC);
3411 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
3412 return (ENOBUFS);
3413 }
3414 reset:
3415 if (sav->state != SADB_SASTATE_LARVAL) {
3416 /*
3417 * key_update() holds reference to this SA,
3418 * so it won't be deleted in meanwhile.
3419 */
3420 SECASVAR_WLOCK(sav);
3421 tmp = sav->lft_h;
3422 sav->lft_h = lft_h;
3423 lft_h = tmp;
3424
3425 tmp = sav->lft_s;
3426 sav->lft_s = lft_s;
3427 lft_s = tmp;
3428 SECASVAR_WUNLOCK(sav);
3429 if (lft_h != NULL)
3430 free(lft_h, M_IPSEC_MISC);
3431 if (lft_s != NULL)
3432 free(lft_s, M_IPSEC_MISC);
3433 return (0);
3434 }
3435 /* We can update lifetime without holding a lock */
3436 IPSEC_ASSERT(sav->lft_h == NULL, ("lft_h is already initialized\n"));
3437 IPSEC_ASSERT(sav->lft_s == NULL, ("lft_s is already initialized\n"));
3438 sav->lft_h = lft_h;
3439 sav->lft_s = lft_s;
3440 return (0);
3441 }
3442
3443 /*
3444 * copy SA values from PF_KEY message except *SPI, SEQ, PID and TYPE*.
3445 * You must update these if need. Expects only LARVAL SAs.
3446 * OUT: 0: success.
3447 * !0: failure.
3448 */
3449 static int
key_setsaval(struct secasvar * sav,const struct sadb_msghdr * mhp)3450 key_setsaval(struct secasvar *sav, const struct sadb_msghdr *mhp)
3451 {
3452 const struct sadb_sa *sa0;
3453 const struct sadb_key *key0;
3454 uint32_t replay;
3455 size_t len;
3456 int error;
3457
3458 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
3459 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
3460 IPSEC_ASSERT(sav->state == SADB_SASTATE_LARVAL,
3461 ("Attempt to update non LARVAL SA"));
3462
3463 /* XXX rewrite */
3464 error = key_setident(sav->sah, mhp);
3465 if (error != 0)
3466 goto fail;
3467
3468 /* SA */
3469 if (!SADB_CHECKHDR(mhp, SADB_EXT_SA)) {
3470 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) {
3471 error = EINVAL;
3472 goto fail;
3473 }
3474 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
3475 sav->alg_auth = sa0->sadb_sa_auth;
3476 sav->alg_enc = sa0->sadb_sa_encrypt;
3477 sav->flags = sa0->sadb_sa_flags;
3478 if ((sav->flags & SADB_KEY_FLAGS_MAX) != sav->flags) {
3479 ipseclog((LOG_DEBUG,
3480 "%s: invalid sa_flags 0x%08x.\n", __func__,
3481 sav->flags));
3482 error = EINVAL;
3483 goto fail;
3484 }
3485
3486 /* Optional replay window */
3487 replay = 0;
3488 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0)
3489 replay = sa0->sadb_sa_replay;
3490 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_SA_REPLAY)) {
3491 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA_REPLAY)) {
3492 error = EINVAL;
3493 goto fail;
3494 }
3495 replay = ((const struct sadb_x_sa_replay *)
3496 mhp->ext[SADB_X_EXT_SA_REPLAY])->sadb_x_sa_replay_replay;
3497
3498 if (replay > UINT32_MAX - 32) {
3499 ipseclog((LOG_DEBUG,
3500 "%s: replay window too big.\n", __func__));
3501 error = EINVAL;
3502 goto fail;
3503 }
3504
3505 replay = (replay + 7) >> 3;
3506 }
3507
3508 sav->replay = malloc(sizeof(struct secreplay), M_IPSEC_MISC,
3509 M_NOWAIT | M_ZERO);
3510 if (sav->replay == NULL) {
3511 PFKEYSTAT_INC(in_nomem);
3512 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
3513 __func__));
3514 error = ENOBUFS;
3515 goto fail;
3516 }
3517 mtx_init(&sav->replay->lock, "ipsec replay", NULL, MTX_DEF);
3518
3519 if (replay != 0) {
3520 /* number of 32b blocks to be allocated */
3521 uint32_t bitmap_size;
3522
3523 /* RFC 6479:
3524 * - the allocated replay window size must be
3525 * a power of two.
3526 * - use an extra 32b block as a redundant window.
3527 */
3528 bitmap_size = 1;
3529 while (replay + 4 > bitmap_size)
3530 bitmap_size <<= 1;
3531 bitmap_size = bitmap_size / 4;
3532
3533 sav->replay->bitmap = malloc(
3534 bitmap_size * sizeof(uint32_t), M_IPSEC_MISC,
3535 M_NOWAIT | M_ZERO);
3536 if (sav->replay->bitmap == NULL) {
3537 PFKEYSTAT_INC(in_nomem);
3538 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
3539 __func__));
3540 error = ENOBUFS;
3541 goto fail;
3542 }
3543 sav->replay->bitmap_size = bitmap_size;
3544 sav->replay->wsize = replay;
3545 }
3546 }
3547
3548 /* Authentication keys */
3549 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) {
3550 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH)) {
3551 error = EINVAL;
3552 goto fail;
3553 }
3554 error = 0;
3555 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
3556 len = mhp->extlen[SADB_EXT_KEY_AUTH];
3557 switch (mhp->msg->sadb_msg_satype) {
3558 case SADB_SATYPE_AH:
3559 case SADB_SATYPE_ESP:
3560 case SADB_X_SATYPE_TCPSIGNATURE:
3561 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3562 sav->alg_auth != SADB_X_AALG_NULL)
3563 error = EINVAL;
3564 break;
3565 case SADB_X_SATYPE_IPCOMP:
3566 default:
3567 error = EINVAL;
3568 break;
3569 }
3570 if (error) {
3571 ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n",
3572 __func__));
3573 goto fail;
3574 }
3575
3576 sav->key_auth = key_dup_keymsg(key0, len, M_IPSEC_MISC);
3577 if (sav->key_auth == NULL ) {
3578 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
3579 __func__));
3580 PFKEYSTAT_INC(in_nomem);
3581 error = ENOBUFS;
3582 goto fail;
3583 }
3584 }
3585
3586 /* Encryption key */
3587 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) {
3588 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT)) {
3589 error = EINVAL;
3590 goto fail;
3591 }
3592 error = 0;
3593 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
3594 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
3595 switch (mhp->msg->sadb_msg_satype) {
3596 case SADB_SATYPE_ESP:
3597 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3598 sav->alg_enc != SADB_EALG_NULL) {
3599 error = EINVAL;
3600 break;
3601 }
3602 sav->key_enc = key_dup_keymsg(key0, len, M_IPSEC_MISC);
3603 if (sav->key_enc == NULL) {
3604 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
3605 __func__));
3606 PFKEYSTAT_INC(in_nomem);
3607 error = ENOBUFS;
3608 goto fail;
3609 }
3610 break;
3611 case SADB_X_SATYPE_IPCOMP:
3612 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
3613 error = EINVAL;
3614 sav->key_enc = NULL; /*just in case*/
3615 break;
3616 case SADB_SATYPE_AH:
3617 case SADB_X_SATYPE_TCPSIGNATURE:
3618 default:
3619 error = EINVAL;
3620 break;
3621 }
3622 if (error) {
3623 ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n",
3624 __func__));
3625 goto fail;
3626 }
3627 }
3628
3629 /* set iv */
3630 sav->ivlen = 0;
3631 switch (mhp->msg->sadb_msg_satype) {
3632 case SADB_SATYPE_AH:
3633 if (sav->flags & SADB_X_EXT_DERIV) {
3634 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) "
3635 "given to AH SA.\n", __func__));
3636 error = EINVAL;
3637 goto fail;
3638 }
3639 if (sav->alg_enc != SADB_EALG_NONE) {
3640 ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
3641 "mismated.\n", __func__));
3642 error = EINVAL;
3643 goto fail;
3644 }
3645 error = xform_init(sav, XF_AH);
3646 break;
3647 case SADB_SATYPE_ESP:
3648 if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) ==
3649 (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) {
3650 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) "
3651 "given to old-esp.\n", __func__));
3652 error = EINVAL;
3653 goto fail;
3654 }
3655 error = xform_init(sav, XF_ESP);
3656 break;
3657 case SADB_X_SATYPE_IPCOMP:
3658 if (sav->alg_auth != SADB_AALG_NONE) {
3659 ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
3660 "mismated.\n", __func__));
3661 error = EINVAL;
3662 goto fail;
3663 }
3664 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 &&
3665 ntohl(sav->spi) >= 0x10000) {
3666 ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n",
3667 __func__));
3668 error = EINVAL;
3669 goto fail;
3670 }
3671 error = xform_init(sav, XF_IPCOMP);
3672 break;
3673 case SADB_X_SATYPE_TCPSIGNATURE:
3674 if (sav->alg_enc != SADB_EALG_NONE) {
3675 ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
3676 "mismated.\n", __func__));
3677 error = EINVAL;
3678 goto fail;
3679 }
3680 error = xform_init(sav, XF_TCPSIGNATURE);
3681 break;
3682 default:
3683 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__));
3684 error = EPROTONOSUPPORT;
3685 goto fail;
3686 }
3687 if (error) {
3688 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n",
3689 __func__, mhp->msg->sadb_msg_satype));
3690 goto fail;
3691 }
3692
3693 /* Handle NAT-T headers */
3694 error = key_setnatt(sav, mhp);
3695 if (error != 0)
3696 goto fail;
3697
3698 /* Initialize lifetime for CURRENT */
3699 sav->firstused = 0;
3700 sav->created = time_second;
3701
3702 /* lifetimes for HARD and SOFT */
3703 error = key_updatelifetimes(sav, mhp);
3704 if (error == 0)
3705 return (0);
3706 fail:
3707 key_cleansav(sav);
3708 return (error);
3709 }
3710
3711 /*
3712 * subroutine for SADB_GET and SADB_DUMP.
3713 */
3714 static struct mbuf *
key_setdumpsa(struct secasvar * sav,uint8_t type,uint8_t satype,uint32_t seq,uint32_t pid,struct rm_priotracker * sahtree_trackerp)3715 key_setdumpsa(struct secasvar *sav, uint8_t type, uint8_t satype,
3716 uint32_t seq, uint32_t pid, struct rm_priotracker *sahtree_trackerp)
3717 {
3718 struct seclifetime lft_c;
3719 struct mbuf *result = NULL, *tres = NULL, *m;
3720 int i, dumporder[] = {
3721 SADB_EXT_SA, SADB_X_EXT_SA2, SADB_X_EXT_SA_REPLAY,
3722 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
3723 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
3724 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY,
3725 SADB_EXT_KEY_AUTH, SADB_EXT_KEY_ENCRYPT,
3726 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST,
3727 SADB_EXT_SENSITIVITY,
3728 SADB_X_EXT_NAT_T_TYPE,
3729 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT,
3730 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR,
3731 SADB_X_EXT_NAT_T_FRAG,
3732 #ifdef IPSEC_OFFLOAD
3733 SADB_X_EXT_LFT_CUR_SW_OFFL, SADB_X_EXT_LFT_CUR_HW_OFFL,
3734 SADB_X_EXT_IF_HW_OFFL,
3735 #endif
3736 };
3737 uint32_t replay_count;
3738 #ifdef IPSEC_OFFLOAD
3739 int error;
3740 #endif
3741
3742 SECASVAR_RLOCK_TRACKER;
3743
3744 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
3745 if (m == NULL)
3746 goto fail;
3747 result = m;
3748
3749 for (i = nitems(dumporder) - 1; i >= 0; i--) {
3750 m = NULL;
3751 switch (dumporder[i]) {
3752 case SADB_EXT_SA:
3753 m = key_setsadbsa(sav);
3754 if (!m)
3755 goto fail;
3756 break;
3757
3758 case SADB_X_EXT_SA2: {
3759 SECASVAR_RLOCK(sav);
3760 replay_count = sav->replay ? sav->replay->count : 0;
3761 SECASVAR_RUNLOCK(sav);
3762 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count,
3763 sav->sah->saidx.reqid);
3764 if (!m)
3765 goto fail;
3766 break;
3767 }
3768 case SADB_X_EXT_SA_REPLAY:
3769 if (sav->replay == NULL ||
3770 sav->replay->wsize <= UINT8_MAX)
3771 continue;
3772
3773 m = key_setsadbxsareplay(sav->replay->wsize);
3774 if (!m)
3775 goto fail;
3776 break;
3777
3778 case SADB_EXT_ADDRESS_SRC:
3779 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3780 &sav->sah->saidx.src.sa,
3781 FULLMASK, IPSEC_ULPROTO_ANY);
3782 if (!m)
3783 goto fail;
3784 break;
3785
3786 case SADB_EXT_ADDRESS_DST:
3787 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3788 &sav->sah->saidx.dst.sa,
3789 FULLMASK, IPSEC_ULPROTO_ANY);
3790 if (!m)
3791 goto fail;
3792 break;
3793
3794 case SADB_EXT_KEY_AUTH:
3795 if (!sav->key_auth)
3796 continue;
3797 m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH);
3798 if (!m)
3799 goto fail;
3800 break;
3801
3802 case SADB_EXT_KEY_ENCRYPT:
3803 if (!sav->key_enc)
3804 continue;
3805 m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT);
3806 if (!m)
3807 goto fail;
3808 break;
3809
3810 case SADB_EXT_LIFETIME_CURRENT:
3811 lft_c.addtime = sav->created;
3812 lft_c.allocations = (uint32_t)counter_u64_fetch(
3813 sav->lft_c_allocations);
3814 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes);
3815 lft_c.usetime = sav->firstused;
3816 m = key_setlifetime(&lft_c, SADB_EXT_LIFETIME_CURRENT);
3817 if (!m)
3818 goto fail;
3819 break;
3820
3821 case SADB_EXT_LIFETIME_HARD:
3822 if (!sav->lft_h)
3823 continue;
3824 m = key_setlifetime(sav->lft_h,
3825 SADB_EXT_LIFETIME_HARD);
3826 if (!m)
3827 goto fail;
3828 break;
3829
3830 case SADB_EXT_LIFETIME_SOFT:
3831 if (!sav->lft_s)
3832 continue;
3833 m = key_setlifetime(sav->lft_s,
3834 SADB_EXT_LIFETIME_SOFT);
3835
3836 if (!m)
3837 goto fail;
3838 break;
3839
3840 case SADB_X_EXT_NAT_T_TYPE:
3841 if (sav->natt == NULL)
3842 continue;
3843 m = key_setsadbxtype(UDP_ENCAP_ESPINUDP);
3844 if (!m)
3845 goto fail;
3846 break;
3847
3848 case SADB_X_EXT_NAT_T_DPORT:
3849 if (sav->natt == NULL)
3850 continue;
3851 m = key_setsadbxport(sav->natt->dport,
3852 SADB_X_EXT_NAT_T_DPORT);
3853 if (!m)
3854 goto fail;
3855 break;
3856
3857 case SADB_X_EXT_NAT_T_SPORT:
3858 if (sav->natt == NULL)
3859 continue;
3860 m = key_setsadbxport(sav->natt->sport,
3861 SADB_X_EXT_NAT_T_SPORT);
3862 if (!m)
3863 goto fail;
3864 break;
3865
3866 case SADB_X_EXT_NAT_T_OAI:
3867 if (sav->natt == NULL ||
3868 (sav->natt->flags & IPSEC_NATT_F_OAI) == 0)
3869 continue;
3870 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAI,
3871 &sav->natt->oai.sa, FULLMASK, IPSEC_ULPROTO_ANY);
3872 if (!m)
3873 goto fail;
3874 break;
3875 case SADB_X_EXT_NAT_T_OAR:
3876 if (sav->natt == NULL ||
3877 (sav->natt->flags & IPSEC_NATT_F_OAR) == 0)
3878 continue;
3879 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAR,
3880 &sav->natt->oar.sa, FULLMASK, IPSEC_ULPROTO_ANY);
3881 if (!m)
3882 goto fail;
3883 break;
3884 case SADB_X_EXT_NAT_T_FRAG:
3885 /* We do not (yet) support those. */
3886 continue;
3887 #ifdef IPSEC_OFFLOAD
3888 case SADB_X_EXT_LFT_CUR_SW_OFFL:
3889 if (!ipsec_accel_is_accel_sav(sav))
3890 continue;
3891 SAV_ADDREF(sav);
3892 error = ipsec_accel_sa_lifetime_op(sav, &lft_c,
3893 NULL, IF_SA_CNT_TOTAL_SW_VAL, sahtree_trackerp);
3894 if (error != 0) {
3895 m = NULL;
3896 goto fail;
3897 }
3898 m = key_setlifetime(&lft_c, dumporder[i]);
3899 if (m == NULL)
3900 goto fail;
3901 key_freesav(&sav);
3902 if (sav == NULL) {
3903 m_freem(m);
3904 goto fail;
3905 }
3906 break;
3907 case SADB_X_EXT_LFT_CUR_HW_OFFL:
3908 if (!ipsec_accel_is_accel_sav(sav))
3909 continue;
3910 memset(&lft_c, 0, sizeof(lft_c));
3911 lft_c.bytes = sav->accel_hw_octets;
3912 lft_c.allocations = sav->accel_hw_allocs;
3913 m = key_setlifetime(&lft_c, dumporder[i]);
3914 if (m == NULL)
3915 goto fail;
3916 break;
3917 case SADB_X_EXT_IF_HW_OFFL:
3918 if (!ipsec_accel_is_accel_sav(sav))
3919 continue;
3920 m = ipsec_accel_key_setaccelif(sav);
3921 if (m == NULL)
3922 continue; /* benigh */
3923 break;
3924 #endif
3925
3926 case SADB_EXT_ADDRESS_PROXY:
3927 case SADB_EXT_IDENTITY_SRC:
3928 case SADB_EXT_IDENTITY_DST:
3929 /* XXX: should we brought from SPD ? */
3930 case SADB_EXT_SENSITIVITY:
3931 default:
3932 continue;
3933 }
3934
3935 if (!m)
3936 goto fail;
3937 if (tres)
3938 m_cat(m, tres);
3939 tres = m;
3940 }
3941
3942 m_cat(result, tres);
3943 tres = NULL;
3944 if (result->m_len < sizeof(struct sadb_msg)) {
3945 result = m_pullup(result, sizeof(struct sadb_msg));
3946 if (result == NULL)
3947 goto fail;
3948 }
3949
3950 result->m_pkthdr.len = 0;
3951 for (m = result; m; m = m->m_next)
3952 result->m_pkthdr.len += m->m_len;
3953
3954 mtod(result, struct sadb_msg *)->sadb_msg_len =
3955 PFKEY_UNIT64(result->m_pkthdr.len);
3956
3957 return result;
3958
3959 fail:
3960 m_freem(result);
3961 m_freem(tres);
3962 return NULL;
3963 }
3964
3965 /*
3966 * set data into sadb_msg.
3967 */
3968 static struct mbuf *
key_setsadbmsg(u_int8_t type,u_int16_t tlen,u_int8_t satype,u_int32_t seq,pid_t pid,u_int16_t reserved)3969 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq,
3970 pid_t pid, u_int16_t reserved)
3971 {
3972 struct mbuf *m;
3973 struct sadb_msg *p;
3974 int len;
3975
3976 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
3977 if (len > MCLBYTES)
3978 return NULL;
3979 m = key_mget(len);
3980 if (m == NULL)
3981 return NULL;
3982 m->m_pkthdr.len = m->m_len = len;
3983 m->m_next = NULL;
3984
3985 p = mtod(m, struct sadb_msg *);
3986
3987 bzero(p, len);
3988 p->sadb_msg_version = PF_KEY_V2;
3989 p->sadb_msg_type = type;
3990 p->sadb_msg_errno = 0;
3991 p->sadb_msg_satype = satype;
3992 p->sadb_msg_len = PFKEY_UNIT64(tlen);
3993 p->sadb_msg_reserved = reserved;
3994 p->sadb_msg_seq = seq;
3995 p->sadb_msg_pid = (u_int32_t)pid;
3996
3997 return m;
3998 }
3999
4000 /*
4001 * copy secasvar data into sadb_address.
4002 */
4003 static struct mbuf *
key_setsadbsa(struct secasvar * sav)4004 key_setsadbsa(struct secasvar *sav)
4005 {
4006 struct mbuf *m;
4007 struct sadb_sa *p;
4008 int len;
4009
4010 len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
4011 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
4012 if (m == NULL)
4013 return (NULL);
4014 m_align(m, len);
4015 m->m_len = len;
4016 p = mtod(m, struct sadb_sa *);
4017 bzero(p, len);
4018 p->sadb_sa_len = PFKEY_UNIT64(len);
4019 p->sadb_sa_exttype = SADB_EXT_SA;
4020 p->sadb_sa_spi = sav->spi;
4021 p->sadb_sa_replay = sav->replay ?
4022 (sav->replay->wsize > UINT8_MAX ? UINT8_MAX :
4023 sav->replay->wsize): 0;
4024 p->sadb_sa_state = sav->state;
4025 p->sadb_sa_auth = sav->alg_auth;
4026 p->sadb_sa_encrypt = sav->alg_enc;
4027 p->sadb_sa_flags = sav->flags & SADB_KEY_FLAGS_MAX;
4028 return (m);
4029 }
4030
4031 /*
4032 * set data into sadb_address.
4033 */
4034 static struct mbuf *
key_setsadbaddr(u_int16_t exttype,const struct sockaddr * saddr,u_int8_t prefixlen,u_int16_t ul_proto)4035 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr,
4036 u_int8_t prefixlen, u_int16_t ul_proto)
4037 {
4038 struct mbuf *m;
4039 struct sadb_address *p;
4040 size_t len;
4041
4042 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
4043 PFKEY_ALIGN8(saddr->sa_len);
4044 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
4045 if (m == NULL)
4046 return (NULL);
4047 m_align(m, len);
4048 m->m_len = len;
4049 p = mtod(m, struct sadb_address *);
4050
4051 bzero(p, len);
4052 p->sadb_address_len = PFKEY_UNIT64(len);
4053 p->sadb_address_exttype = exttype;
4054 p->sadb_address_proto = ul_proto;
4055 if (prefixlen == FULLMASK) {
4056 switch (saddr->sa_family) {
4057 case AF_INET:
4058 prefixlen = sizeof(struct in_addr) << 3;
4059 break;
4060 case AF_INET6:
4061 prefixlen = sizeof(struct in6_addr) << 3;
4062 break;
4063 default:
4064 ; /*XXX*/
4065 }
4066 }
4067 p->sadb_address_prefixlen = prefixlen;
4068 p->sadb_address_reserved = 0;
4069
4070 bcopy(saddr,
4071 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
4072 saddr->sa_len);
4073
4074 return m;
4075 }
4076
4077 /*
4078 * set data into sadb_x_sa2.
4079 */
4080 static struct mbuf *
key_setsadbxsa2(u_int8_t mode,u_int32_t seq,u_int32_t reqid)4081 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid)
4082 {
4083 struct mbuf *m;
4084 struct sadb_x_sa2 *p;
4085 size_t len;
4086
4087 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
4088 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
4089 if (m == NULL)
4090 return (NULL);
4091 m_align(m, len);
4092 m->m_len = len;
4093 p = mtod(m, struct sadb_x_sa2 *);
4094
4095 bzero(p, len);
4096 p->sadb_x_sa2_len = PFKEY_UNIT64(len);
4097 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
4098 p->sadb_x_sa2_mode = mode;
4099 p->sadb_x_sa2_reserved1 = 0;
4100 p->sadb_x_sa2_reserved2 = 0;
4101 p->sadb_x_sa2_sequence = seq;
4102 p->sadb_x_sa2_reqid = reqid;
4103
4104 return m;
4105 }
4106
4107 /*
4108 * Set data into sadb_x_sa_replay.
4109 */
4110 static struct mbuf *
key_setsadbxsareplay(u_int32_t replay)4111 key_setsadbxsareplay(u_int32_t replay)
4112 {
4113 struct mbuf *m;
4114 struct sadb_x_sa_replay *p;
4115 size_t len;
4116
4117 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa_replay));
4118 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
4119 if (m == NULL)
4120 return (NULL);
4121 m_align(m, len);
4122 m->m_len = len;
4123 p = mtod(m, struct sadb_x_sa_replay *);
4124
4125 bzero(p, len);
4126 p->sadb_x_sa_replay_len = PFKEY_UNIT64(len);
4127 p->sadb_x_sa_replay_exttype = SADB_X_EXT_SA_REPLAY;
4128 p->sadb_x_sa_replay_replay = (replay << 3);
4129
4130 return m;
4131 }
4132
4133 /*
4134 * Set a type in sadb_x_nat_t_type.
4135 */
4136 static struct mbuf *
key_setsadbxtype(u_int16_t type)4137 key_setsadbxtype(u_int16_t type)
4138 {
4139 struct mbuf *m;
4140 size_t len;
4141 struct sadb_x_nat_t_type *p;
4142
4143 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type));
4144
4145 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
4146 if (m == NULL)
4147 return (NULL);
4148 m_align(m, len);
4149 m->m_len = len;
4150 p = mtod(m, struct sadb_x_nat_t_type *);
4151
4152 bzero(p, len);
4153 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len);
4154 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
4155 p->sadb_x_nat_t_type_type = type;
4156
4157 return (m);
4158 }
4159 /*
4160 * Set a port in sadb_x_nat_t_port.
4161 * In contrast to default RFC 2367 behaviour, port is in network byte order.
4162 */
4163 static struct mbuf *
key_setsadbxport(u_int16_t port,u_int16_t type)4164 key_setsadbxport(u_int16_t port, u_int16_t type)
4165 {
4166 struct mbuf *m;
4167 size_t len;
4168 struct sadb_x_nat_t_port *p;
4169
4170 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port));
4171
4172 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
4173 if (m == NULL)
4174 return (NULL);
4175 m_align(m, len);
4176 m->m_len = len;
4177 p = mtod(m, struct sadb_x_nat_t_port *);
4178
4179 bzero(p, len);
4180 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len);
4181 p->sadb_x_nat_t_port_exttype = type;
4182 p->sadb_x_nat_t_port_port = port;
4183
4184 return (m);
4185 }
4186
4187 /*
4188 * Get port from sockaddr. Port is in network byte order.
4189 */
4190 uint16_t
key_portfromsaddr(struct sockaddr * sa)4191 key_portfromsaddr(struct sockaddr *sa)
4192 {
4193
4194 switch (sa->sa_family) {
4195 #ifdef INET
4196 case AF_INET:
4197 return ((struct sockaddr_in *)sa)->sin_port;
4198 #endif
4199 #ifdef INET6
4200 case AF_INET6:
4201 return ((struct sockaddr_in6 *)sa)->sin6_port;
4202 #endif
4203 }
4204 return (0);
4205 }
4206
4207 /*
4208 * Set port in struct sockaddr. Port is in network byte order.
4209 */
4210 void
key_porttosaddr(struct sockaddr * sa,uint16_t port)4211 key_porttosaddr(struct sockaddr *sa, uint16_t port)
4212 {
4213
4214 switch (sa->sa_family) {
4215 #ifdef INET
4216 case AF_INET:
4217 ((struct sockaddr_in *)sa)->sin_port = port;
4218 break;
4219 #endif
4220 #ifdef INET6
4221 case AF_INET6:
4222 ((struct sockaddr_in6 *)sa)->sin6_port = port;
4223 break;
4224 #endif
4225 default:
4226 ipseclog((LOG_DEBUG, "%s: unexpected address family %d.\n",
4227 __func__, sa->sa_family));
4228 break;
4229 }
4230 }
4231
4232 /*
4233 * set data into sadb_x_policy
4234 */
4235 static struct mbuf *
key_setsadbxpolicy(u_int16_t type,u_int8_t dir,u_int32_t id,u_int32_t priority)4236 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id, u_int32_t priority)
4237 {
4238 struct mbuf *m;
4239 struct sadb_x_policy *p;
4240 size_t len;
4241
4242 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
4243 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
4244 if (m == NULL)
4245 return (NULL);
4246 m_align(m, len);
4247 m->m_len = len;
4248 p = mtod(m, struct sadb_x_policy *);
4249
4250 bzero(p, len);
4251 p->sadb_x_policy_len = PFKEY_UNIT64(len);
4252 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
4253 p->sadb_x_policy_type = type;
4254 p->sadb_x_policy_dir = dir;
4255 p->sadb_x_policy_id = id;
4256 p->sadb_x_policy_priority = priority;
4257
4258 return m;
4259 }
4260
4261 /* %%% utilities */
4262 /* Take a key message (sadb_key) from the socket and turn it into one
4263 * of the kernel's key structures (seckey).
4264 *
4265 * IN: pointer to the src
4266 * OUT: NULL no more memory
4267 */
4268 struct seckey *
key_dup_keymsg(const struct sadb_key * src,size_t len,struct malloc_type * type)4269 key_dup_keymsg(const struct sadb_key *src, size_t len,
4270 struct malloc_type *type)
4271 {
4272 struct seckey *dst;
4273
4274 dst = malloc(sizeof(*dst), type, M_NOWAIT);
4275 if (dst != NULL) {
4276 dst->bits = src->sadb_key_bits;
4277 dst->key_data = malloc(len, type, M_NOWAIT);
4278 if (dst->key_data != NULL) {
4279 bcopy((const char *)(src + 1), dst->key_data, len);
4280 } else {
4281 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
4282 __func__));
4283 free(dst, type);
4284 dst = NULL;
4285 }
4286 } else {
4287 ipseclog((LOG_DEBUG, "%s: No more memory.\n",
4288 __func__));
4289 }
4290 return (dst);
4291 }
4292
4293 /* Take a lifetime message (sadb_lifetime) passed in on a socket and
4294 * turn it into one of the kernel's lifetime structures (seclifetime).
4295 *
4296 * IN: pointer to the destination, source and malloc type
4297 * OUT: NULL, no more memory
4298 */
4299
4300 static struct seclifetime *
key_dup_lifemsg(const struct sadb_lifetime * src,struct malloc_type * type)4301 key_dup_lifemsg(const struct sadb_lifetime *src, struct malloc_type *type)
4302 {
4303 struct seclifetime *dst;
4304
4305 dst = malloc(sizeof(*dst), type, M_NOWAIT);
4306 if (dst == NULL) {
4307 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
4308 return (NULL);
4309 }
4310 dst->allocations = src->sadb_lifetime_allocations;
4311 dst->bytes = src->sadb_lifetime_bytes;
4312 dst->addtime = src->sadb_lifetime_addtime;
4313 dst->usetime = src->sadb_lifetime_usetime;
4314 return (dst);
4315 }
4316
4317 /*
4318 * compare two secasindex structure.
4319 * flag can specify to compare 2 saidxes.
4320 * compare two secasindex structure without both mode and reqid.
4321 * don't compare port.
4322 * IN:
4323 * saidx0: source, it can be in SAD.
4324 * saidx1: object.
4325 * OUT:
4326 * 1 : equal
4327 * 0 : not equal
4328 */
4329 static int
key_cmpsaidx(const struct secasindex * saidx0,const struct secasindex * saidx1,int flag)4330 key_cmpsaidx(const struct secasindex *saidx0, const struct secasindex *saidx1,
4331 int flag)
4332 {
4333
4334 /* sanity */
4335 if (saidx0 == NULL && saidx1 == NULL)
4336 return 1;
4337
4338 if (saidx0 == NULL || saidx1 == NULL)
4339 return 0;
4340
4341 if (saidx0->proto != saidx1->proto)
4342 return 0;
4343
4344 if (flag == CMP_EXACTLY) {
4345 if (saidx0->mode != saidx1->mode)
4346 return 0;
4347 if (saidx0->reqid != saidx1->reqid)
4348 return 0;
4349 if (bcmp(&saidx0->src, &saidx1->src,
4350 saidx0->src.sa.sa_len) != 0 ||
4351 bcmp(&saidx0->dst, &saidx1->dst,
4352 saidx0->dst.sa.sa_len) != 0)
4353 return 0;
4354 } else {
4355 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */
4356 if (flag == CMP_MODE_REQID || flag == CMP_REQID) {
4357 /*
4358 * If reqid of SPD is non-zero, unique SA is required.
4359 * The result must be of same reqid in this case.
4360 */
4361 if (saidx1->reqid != 0 &&
4362 saidx0->reqid != saidx1->reqid)
4363 return 0;
4364 }
4365
4366 if (flag == CMP_MODE_REQID) {
4367 if (saidx0->mode != IPSEC_MODE_ANY
4368 && saidx0->mode != saidx1->mode)
4369 return 0;
4370 }
4371
4372 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, 0) != 0)
4373 return 0;
4374 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, 0) != 0)
4375 return 0;
4376 }
4377
4378 return 1;
4379 }
4380
4381 /*
4382 * compare two secindex structure exactly.
4383 * IN:
4384 * spidx0: source, it is often in SPD.
4385 * spidx1: object, it is often from PFKEY message.
4386 * OUT:
4387 * 1 : equal
4388 * 0 : not equal
4389 */
4390 static int
key_cmpspidx_exactly(struct secpolicyindex * spidx0,struct secpolicyindex * spidx1)4391 key_cmpspidx_exactly(struct secpolicyindex *spidx0,
4392 struct secpolicyindex *spidx1)
4393 {
4394 /* sanity */
4395 if (spidx0 == NULL && spidx1 == NULL)
4396 return 1;
4397
4398 if (spidx0 == NULL || spidx1 == NULL)
4399 return 0;
4400
4401 if (spidx0->prefs != spidx1->prefs
4402 || spidx0->prefd != spidx1->prefd
4403 || spidx0->ul_proto != spidx1->ul_proto
4404 || spidx0->dir != spidx1->dir)
4405 return 0;
4406
4407 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 &&
4408 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0;
4409 }
4410
4411 /*
4412 * compare two secindex structure with mask.
4413 * IN:
4414 * spidx0: source, it is often in SPD.
4415 * spidx1: object, it is often from IP header.
4416 * OUT:
4417 * 1 : equal
4418 * 0 : not equal
4419 */
4420 static int
key_cmpspidx_withmask(struct secpolicyindex * spidx0,struct secpolicyindex * spidx1)4421 key_cmpspidx_withmask(struct secpolicyindex *spidx0,
4422 struct secpolicyindex *spidx1)
4423 {
4424 /* sanity */
4425 if (spidx0 == NULL && spidx1 == NULL)
4426 return 1;
4427
4428 if (spidx0 == NULL || spidx1 == NULL)
4429 return 0;
4430
4431 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family ||
4432 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family ||
4433 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len ||
4434 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len)
4435 return 0;
4436
4437 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
4438 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY
4439 && spidx0->ul_proto != spidx1->ul_proto)
4440 return 0;
4441
4442 switch (spidx0->src.sa.sa_family) {
4443 case AF_INET:
4444 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY
4445 && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port)
4446 return 0;
4447 if (!key_bbcmp(&spidx0->src.sin.sin_addr,
4448 &spidx1->src.sin.sin_addr, spidx0->prefs))
4449 return 0;
4450 break;
4451 case AF_INET6:
4452 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY
4453 && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port)
4454 return 0;
4455 /*
4456 * scope_id check. if sin6_scope_id is 0, we regard it
4457 * as a wildcard scope, which matches any scope zone ID.
4458 */
4459 if (spidx0->src.sin6.sin6_scope_id &&
4460 spidx1->src.sin6.sin6_scope_id &&
4461 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id)
4462 return 0;
4463 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr,
4464 &spidx1->src.sin6.sin6_addr, spidx0->prefs))
4465 return 0;
4466 break;
4467 default:
4468 /* XXX */
4469 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0)
4470 return 0;
4471 break;
4472 }
4473
4474 switch (spidx0->dst.sa.sa_family) {
4475 case AF_INET:
4476 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY
4477 && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port)
4478 return 0;
4479 if (!key_bbcmp(&spidx0->dst.sin.sin_addr,
4480 &spidx1->dst.sin.sin_addr, spidx0->prefd))
4481 return 0;
4482 break;
4483 case AF_INET6:
4484 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY
4485 && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port)
4486 return 0;
4487 /*
4488 * scope_id check. if sin6_scope_id is 0, we regard it
4489 * as a wildcard scope, which matches any scope zone ID.
4490 */
4491 if (spidx0->dst.sin6.sin6_scope_id &&
4492 spidx1->dst.sin6.sin6_scope_id &&
4493 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id)
4494 return 0;
4495 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr,
4496 &spidx1->dst.sin6.sin6_addr, spidx0->prefd))
4497 return 0;
4498 break;
4499 default:
4500 /* XXX */
4501 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0)
4502 return 0;
4503 break;
4504 }
4505
4506 /* XXX Do we check other field ? e.g. flowinfo */
4507
4508 return 1;
4509 }
4510
4511 #ifdef satosin
4512 #undef satosin
4513 #endif
4514 #define satosin(s) ((const struct sockaddr_in *)s)
4515 #ifdef satosin6
4516 #undef satosin6
4517 #endif
4518 #define satosin6(s) ((const struct sockaddr_in6 *)s)
4519 /* returns 0 on match */
4520 int
key_sockaddrcmp(const struct sockaddr * sa1,const struct sockaddr * sa2,int port)4521 key_sockaddrcmp(const struct sockaddr *sa1, const struct sockaddr *sa2,
4522 int port)
4523 {
4524 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
4525 return 1;
4526
4527 switch (sa1->sa_family) {
4528 #ifdef INET
4529 case AF_INET:
4530 if (sa1->sa_len != sizeof(struct sockaddr_in))
4531 return 1;
4532 if (satosin(sa1)->sin_addr.s_addr !=
4533 satosin(sa2)->sin_addr.s_addr) {
4534 return 1;
4535 }
4536 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port)
4537 return 1;
4538 break;
4539 #endif
4540 #ifdef INET6
4541 case AF_INET6:
4542 if (sa1->sa_len != sizeof(struct sockaddr_in6))
4543 return 1; /*EINVAL*/
4544 if (satosin6(sa1)->sin6_scope_id !=
4545 satosin6(sa2)->sin6_scope_id) {
4546 return 1;
4547 }
4548 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr,
4549 &satosin6(sa2)->sin6_addr)) {
4550 return 1;
4551 }
4552 if (port &&
4553 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) {
4554 return 1;
4555 }
4556 break;
4557 #endif
4558 default:
4559 if (bcmp(sa1, sa2, sa1->sa_len) != 0)
4560 return 1;
4561 break;
4562 }
4563
4564 return 0;
4565 }
4566
4567 /* returns 0 on match */
4568 int
key_sockaddrcmp_withmask(const struct sockaddr * sa1,const struct sockaddr * sa2,size_t mask)4569 key_sockaddrcmp_withmask(const struct sockaddr *sa1,
4570 const struct sockaddr *sa2, size_t mask)
4571 {
4572 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
4573 return (1);
4574
4575 switch (sa1->sa_family) {
4576 #ifdef INET
4577 case AF_INET:
4578 return (!key_bbcmp(&satosin(sa1)->sin_addr,
4579 &satosin(sa2)->sin_addr, mask));
4580 #endif
4581 #ifdef INET6
4582 case AF_INET6:
4583 if (satosin6(sa1)->sin6_scope_id !=
4584 satosin6(sa2)->sin6_scope_id)
4585 return (1);
4586 return (!key_bbcmp(&satosin6(sa1)->sin6_addr,
4587 &satosin6(sa2)->sin6_addr, mask));
4588 #endif
4589 }
4590 return (1);
4591 }
4592 #undef satosin
4593 #undef satosin6
4594
4595 /*
4596 * compare two buffers with mask.
4597 * IN:
4598 * addr1: source
4599 * addr2: object
4600 * bits: Number of bits to compare
4601 * OUT:
4602 * 1 : equal
4603 * 0 : not equal
4604 */
4605 static int
key_bbcmp(const void * a1,const void * a2,u_int bits)4606 key_bbcmp(const void *a1, const void *a2, u_int bits)
4607 {
4608 const unsigned char *p1 = a1;
4609 const unsigned char *p2 = a2;
4610
4611 /* XXX: This could be considerably faster if we compare a word
4612 * at a time, but it is complicated on LSB Endian machines */
4613
4614 /* Handle null pointers */
4615 if (p1 == NULL || p2 == NULL)
4616 return (p1 == p2);
4617
4618 while (bits >= 8) {
4619 if (*p1++ != *p2++)
4620 return 0;
4621 bits -= 8;
4622 }
4623
4624 if (bits > 0) {
4625 u_int8_t mask = ~((1<<(8-bits))-1);
4626 if ((*p1 & mask) != (*p2 & mask))
4627 return 0;
4628 }
4629 return 1; /* Match! */
4630 }
4631
4632 static void
key_flush_spd(time_t now)4633 key_flush_spd(time_t now)
4634 {
4635 SPTREE_RLOCK_TRACKER;
4636 struct secpolicy_list drainq;
4637 struct secpolicy *sp, *nextsp;
4638 u_int dir;
4639
4640 LIST_INIT(&drainq);
4641 SPTREE_RLOCK();
4642 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
4643 TAILQ_FOREACH(sp, &V_sptree[dir], chain) {
4644 if (sp->lifetime == 0 && sp->validtime == 0)
4645 continue;
4646 if ((sp->lifetime &&
4647 now - sp->created > sp->lifetime) ||
4648 (sp->validtime &&
4649 now - sp->lastused > sp->validtime)) {
4650 /* Hold extra reference to send SPDEXPIRE */
4651 SP_ADDREF(sp);
4652 LIST_INSERT_HEAD(&drainq, sp, drainq);
4653 }
4654 }
4655 }
4656 SPTREE_RUNLOCK();
4657 if (LIST_EMPTY(&drainq))
4658 return;
4659
4660 SPTREE_WLOCK();
4661 sp = LIST_FIRST(&drainq);
4662 while (sp != NULL) {
4663 nextsp = LIST_NEXT(sp, drainq);
4664 /* Check that SP is still linked */
4665 if (sp->state != IPSEC_SPSTATE_ALIVE) {
4666 LIST_REMOVE(sp, drainq);
4667 key_freesp(&sp); /* release extra reference */
4668 sp = nextsp;
4669 continue;
4670 }
4671 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain);
4672 V_spd_size--;
4673 LIST_REMOVE(sp, idhash);
4674 sp->state = IPSEC_SPSTATE_DEAD;
4675 ipsec_accel_spddel(sp);
4676 sp = nextsp;
4677 }
4678 V_sp_genid++;
4679 SPTREE_WUNLOCK();
4680 if (SPDCACHE_ENABLED())
4681 spdcache_clear();
4682
4683 sp = LIST_FIRST(&drainq);
4684 while (sp != NULL) {
4685 nextsp = LIST_NEXT(sp, drainq);
4686 key_spdexpire(sp);
4687 key_freesp(&sp); /* release extra reference */
4688 key_freesp(&sp); /* release last reference */
4689 sp = nextsp;
4690 }
4691 }
4692
4693 static void
key_flush_sad(time_t now)4694 key_flush_sad(time_t now)
4695 {
4696 SAHTREE_RLOCK_TRACKER;
4697 struct secashead_list emptyq;
4698 struct secasvar_list drainq, hexpireq, sexpireq, freeq;
4699 struct secashead *sah, *nextsah;
4700 struct secasvar *sav, *nextsav;
4701
4702 SECASVAR_RLOCK_TRACKER;
4703
4704 LIST_INIT(&drainq);
4705 LIST_INIT(&hexpireq);
4706 LIST_INIT(&sexpireq);
4707 LIST_INIT(&emptyq);
4708
4709 SAHTREE_RLOCK();
4710 TAILQ_FOREACH(sah, &V_sahtree, chain) {
4711 /* Check for empty SAH */
4712 if (TAILQ_EMPTY(&sah->savtree_larval) &&
4713 TAILQ_EMPTY(&sah->savtree_alive)) {
4714 SAH_ADDREF(sah);
4715 LIST_INSERT_HEAD(&emptyq, sah, drainq);
4716 continue;
4717 }
4718 /* Add all stale LARVAL SAs into drainq */
4719 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
4720 if (now - sav->created < V_key_larval_lifetime)
4721 continue;
4722 SAV_ADDREF(sav);
4723 LIST_INSERT_HEAD(&drainq, sav, drainq);
4724 }
4725 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
4726 /* lifetimes aren't specified */
4727 if (sav->lft_h == NULL)
4728 continue;
4729 SECASVAR_RLOCK(sav);
4730 /*
4731 * Check again with lock held, because it may
4732 * be updated by SADB_UPDATE.
4733 */
4734 if (sav->lft_h == NULL) {
4735 SECASVAR_RUNLOCK(sav);
4736 continue;
4737 }
4738 /*
4739 * RFC 2367:
4740 * HARD lifetimes MUST take precedence over SOFT
4741 * lifetimes, meaning if the HARD and SOFT lifetimes
4742 * are the same, the HARD lifetime will appear on the
4743 * EXPIRE message.
4744 */
4745 /* check HARD lifetime */
4746 if ((sav->lft_h->addtime != 0 &&
4747 now - sav->created > sav->lft_h->addtime) ||
4748 (sav->lft_h->usetime != 0 && sav->firstused &&
4749 now - sav->firstused > sav->lft_h->usetime) ||
4750 (sav->lft_h->bytes != 0 && counter_u64_fetch(
4751 sav->lft_c_bytes) > sav->lft_h->bytes)) {
4752 SECASVAR_RUNLOCK(sav);
4753 SAV_ADDREF(sav);
4754 LIST_INSERT_HEAD(&hexpireq, sav, drainq);
4755 continue;
4756 }
4757 /* check SOFT lifetime (only for MATURE SAs) */
4758 if (sav->state == SADB_SASTATE_MATURE && (
4759 (sav->lft_s->addtime != 0 &&
4760 now - sav->created > sav->lft_s->addtime) ||
4761 (sav->lft_s->usetime != 0 && sav->firstused &&
4762 now - sav->firstused > sav->lft_s->usetime) ||
4763 (sav->lft_s->bytes != 0 && counter_u64_fetch(
4764 sav->lft_c_bytes) > sav->lft_s->bytes) ||
4765 (!(sav->flags & SADB_X_SAFLAGS_ESN) &&
4766 (sav->replay != NULL) && (
4767 (sav->replay->count > UINT32_80PCT) ||
4768 (sav->replay->last > UINT32_80PCT))))) {
4769 SECASVAR_RUNLOCK(sav);
4770 SAV_ADDREF(sav);
4771 LIST_INSERT_HEAD(&sexpireq, sav, drainq);
4772 continue;
4773 }
4774 SECASVAR_RUNLOCK(sav);
4775 }
4776 }
4777 SAHTREE_RUNLOCK();
4778
4779 if (LIST_EMPTY(&emptyq) && LIST_EMPTY(&drainq) &&
4780 LIST_EMPTY(&hexpireq) && LIST_EMPTY(&sexpireq))
4781 return;
4782
4783 LIST_INIT(&freeq);
4784 SAHTREE_WLOCK();
4785 /* Unlink stale LARVAL SAs */
4786 sav = LIST_FIRST(&drainq);
4787 while (sav != NULL) {
4788 nextsav = LIST_NEXT(sav, drainq);
4789 /* Check that SA is still LARVAL */
4790 if (sav->state != SADB_SASTATE_LARVAL) {
4791 LIST_REMOVE(sav, drainq);
4792 LIST_INSERT_HEAD(&freeq, sav, drainq);
4793 sav = nextsav;
4794 continue;
4795 }
4796 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain);
4797 LIST_REMOVE(sav, spihash);
4798 sav->state = SADB_SASTATE_DEAD;
4799 ipsec_accel_forget_sav(sav);
4800 sav = nextsav;
4801 }
4802 /* Unlink all SAs with expired HARD lifetime */
4803 sav = LIST_FIRST(&hexpireq);
4804 while (sav != NULL) {
4805 nextsav = LIST_NEXT(sav, drainq);
4806 /* Check that SA is not unlinked */
4807 if (sav->state == SADB_SASTATE_DEAD) {
4808 LIST_REMOVE(sav, drainq);
4809 LIST_INSERT_HEAD(&freeq, sav, drainq);
4810 sav = nextsav;
4811 continue;
4812 }
4813 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain);
4814 LIST_REMOVE(sav, spihash);
4815 sav->state = SADB_SASTATE_DEAD;
4816 ipsec_accel_forget_sav(sav);
4817 sav = nextsav;
4818 }
4819 /* Mark all SAs with expired SOFT lifetime as DYING */
4820 sav = LIST_FIRST(&sexpireq);
4821 while (sav != NULL) {
4822 nextsav = LIST_NEXT(sav, drainq);
4823 /* Check that SA is not unlinked */
4824 if (sav->state == SADB_SASTATE_DEAD) {
4825 LIST_REMOVE(sav, drainq);
4826 LIST_INSERT_HEAD(&freeq, sav, drainq);
4827 sav = nextsav;
4828 continue;
4829 }
4830 /*
4831 * NOTE: this doesn't change SA order in the chain.
4832 */
4833 sav->state = SADB_SASTATE_DYING;
4834 sav = nextsav;
4835 }
4836 /* Unlink empty SAHs */
4837 sah = LIST_FIRST(&emptyq);
4838 while (sah != NULL) {
4839 nextsah = LIST_NEXT(sah, drainq);
4840 /* Check that SAH is still empty and not unlinked */
4841 if (sah->state == SADB_SASTATE_DEAD ||
4842 !TAILQ_EMPTY(&sah->savtree_larval) ||
4843 !TAILQ_EMPTY(&sah->savtree_alive)) {
4844 LIST_REMOVE(sah, drainq);
4845 key_freesah(&sah); /* release extra reference */
4846 sah = nextsah;
4847 continue;
4848 }
4849 TAILQ_REMOVE(&V_sahtree, sah, chain);
4850 LIST_REMOVE(sah, addrhash);
4851 sah->state = SADB_SASTATE_DEAD;
4852 sah = nextsah;
4853 }
4854 SAHTREE_WUNLOCK();
4855
4856 /* Send SPDEXPIRE messages */
4857 sav = LIST_FIRST(&hexpireq);
4858 while (sav != NULL) {
4859 nextsav = LIST_NEXT(sav, drainq);
4860 key_expire(sav, 1);
4861 key_freesah(&sav->sah); /* release reference from SAV */
4862 key_freesav(&sav); /* release extra reference */
4863 key_freesav(&sav); /* release last reference */
4864 sav = nextsav;
4865 }
4866 sav = LIST_FIRST(&sexpireq);
4867 while (sav != NULL) {
4868 nextsav = LIST_NEXT(sav, drainq);
4869 key_expire(sav, 0);
4870 key_freesav(&sav); /* release extra reference */
4871 sav = nextsav;
4872 }
4873 /* Free stale LARVAL SAs */
4874 sav = LIST_FIRST(&drainq);
4875 while (sav != NULL) {
4876 nextsav = LIST_NEXT(sav, drainq);
4877 key_freesah(&sav->sah); /* release reference from SAV */
4878 key_freesav(&sav); /* release extra reference */
4879 key_freesav(&sav); /* release last reference */
4880 sav = nextsav;
4881 }
4882 /* Free SAs that were unlinked/changed by someone else */
4883 sav = LIST_FIRST(&freeq);
4884 while (sav != NULL) {
4885 nextsav = LIST_NEXT(sav, drainq);
4886 key_freesav(&sav); /* release extra reference */
4887 sav = nextsav;
4888 }
4889 /* Free empty SAH */
4890 sah = LIST_FIRST(&emptyq);
4891 while (sah != NULL) {
4892 nextsah = LIST_NEXT(sah, drainq);
4893 key_freesah(&sah); /* release extra reference */
4894 key_freesah(&sah); /* release last reference */
4895 sah = nextsah;
4896 }
4897 }
4898
4899 static void
key_flush_acq(time_t now)4900 key_flush_acq(time_t now)
4901 {
4902 struct secacq *acq, *nextacq;
4903
4904 /* ACQ tree */
4905 ACQ_LOCK();
4906 acq = LIST_FIRST(&V_acqtree);
4907 while (acq != NULL) {
4908 nextacq = LIST_NEXT(acq, chain);
4909 if (now - acq->created > V_key_blockacq_lifetime) {
4910 LIST_REMOVE(acq, chain);
4911 LIST_REMOVE(acq, addrhash);
4912 LIST_REMOVE(acq, seqhash);
4913 free(acq, M_IPSEC_SAQ);
4914 }
4915 acq = nextacq;
4916 }
4917 ACQ_UNLOCK();
4918 }
4919
4920 static void
key_flush_spacq(time_t now)4921 key_flush_spacq(time_t now)
4922 {
4923 struct secspacq *acq, *nextacq;
4924
4925 /* SP ACQ tree */
4926 SPACQ_LOCK();
4927 for (acq = LIST_FIRST(&V_spacqtree); acq != NULL; acq = nextacq) {
4928 nextacq = LIST_NEXT(acq, chain);
4929 if (now - acq->created > V_key_blockacq_lifetime
4930 && __LIST_CHAINED(acq)) {
4931 LIST_REMOVE(acq, chain);
4932 free(acq, M_IPSEC_SAQ);
4933 }
4934 }
4935 SPACQ_UNLOCK();
4936 }
4937
4938 /*
4939 * time handler.
4940 * scanning SPD and SAD to check status for each entries,
4941 * and do to remove or to expire.
4942 * XXX: year 2038 problem may remain.
4943 */
4944 static void
key_timehandler(void * arg)4945 key_timehandler(void *arg)
4946 {
4947 VNET_ITERATOR_DECL(vnet_iter);
4948 time_t now = time_second;
4949
4950 VNET_LIST_RLOCK_NOSLEEP();
4951 VNET_FOREACH(vnet_iter) {
4952 CURVNET_SET(vnet_iter);
4953 key_flush_spd(now);
4954 key_flush_sad(now);
4955 key_flush_acq(now);
4956 key_flush_spacq(now);
4957 CURVNET_RESTORE();
4958 }
4959 VNET_LIST_RUNLOCK_NOSLEEP();
4960
4961 #ifndef IPSEC_DEBUG2
4962 /* do exchange to tick time !! */
4963 callout_schedule(&key_timer, hz);
4964 #endif /* IPSEC_DEBUG2 */
4965 }
4966
4967 u_long
key_random(void)4968 key_random(void)
4969 {
4970 u_long value;
4971
4972 arc4random_buf(&value, sizeof(value));
4973 return value;
4974 }
4975
4976 /*
4977 * map SADB_SATYPE_* to IPPROTO_*.
4978 * if satype == SADB_SATYPE then satype is mapped to ~0.
4979 * OUT:
4980 * 0: invalid satype.
4981 */
4982 static uint8_t
key_satype2proto(uint8_t satype)4983 key_satype2proto(uint8_t satype)
4984 {
4985 switch (satype) {
4986 case SADB_SATYPE_UNSPEC:
4987 return IPSEC_PROTO_ANY;
4988 case SADB_SATYPE_AH:
4989 return IPPROTO_AH;
4990 case SADB_SATYPE_ESP:
4991 return IPPROTO_ESP;
4992 case SADB_X_SATYPE_IPCOMP:
4993 return IPPROTO_IPCOMP;
4994 case SADB_X_SATYPE_TCPSIGNATURE:
4995 return IPPROTO_TCP;
4996 default:
4997 return 0;
4998 }
4999 /* NOTREACHED */
5000 }
5001
5002 /*
5003 * map IPPROTO_* to SADB_SATYPE_*
5004 * OUT:
5005 * 0: invalid protocol type.
5006 */
5007 static uint8_t
key_proto2satype(uint8_t proto)5008 key_proto2satype(uint8_t proto)
5009 {
5010 switch (proto) {
5011 case IPPROTO_AH:
5012 return SADB_SATYPE_AH;
5013 case IPPROTO_ESP:
5014 return SADB_SATYPE_ESP;
5015 case IPPROTO_IPCOMP:
5016 return SADB_X_SATYPE_IPCOMP;
5017 case IPPROTO_TCP:
5018 return SADB_X_SATYPE_TCPSIGNATURE;
5019 default:
5020 return 0;
5021 }
5022 /* NOTREACHED */
5023 }
5024
5025 /* %%% PF_KEY */
5026 /*
5027 * SADB_GETSPI processing is to receive
5028 * <base, (SA2), src address, dst address, (SPI range)>
5029 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
5030 * tree with the status of LARVAL, and send
5031 * <base, SA(*), address(SD)>
5032 * to the IKMPd.
5033 *
5034 * IN: mhp: pointer to the pointer to each header.
5035 * OUT: NULL if fail.
5036 * other if success, return pointer to the message to send.
5037 */
5038 static int
key_getspi(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)5039 key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
5040 {
5041 struct secasindex saidx;
5042 struct sadb_address *src0, *dst0;
5043 struct secasvar *sav;
5044 uint32_t reqid, spi;
5045 int error;
5046 uint8_t mode, proto;
5047
5048 IPSEC_ASSERT(so != NULL, ("null socket"));
5049 IPSEC_ASSERT(m != NULL, ("null mbuf"));
5050 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
5051 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
5052
5053 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) ||
5054 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST)
5055 #ifdef PFKEY_STRICT_CHECKS
5056 || SADB_CHECKHDR(mhp, SADB_EXT_SPIRANGE)
5057 #endif
5058 ) {
5059 ipseclog((LOG_DEBUG,
5060 "%s: invalid message: missing required header.\n",
5061 __func__));
5062 error = EINVAL;
5063 goto fail;
5064 }
5065 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) ||
5066 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)
5067 #ifdef PFKEY_STRICT_CHECKS
5068 || SADB_CHECKLEN(mhp, SADB_EXT_SPIRANGE)
5069 #endif
5070 ) {
5071 ipseclog((LOG_DEBUG,
5072 "%s: invalid message: wrong header size.\n", __func__));
5073 error = EINVAL;
5074 goto fail;
5075 }
5076 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) {
5077 mode = IPSEC_MODE_ANY;
5078 reqid = 0;
5079 } else {
5080 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) {
5081 ipseclog((LOG_DEBUG,
5082 "%s: invalid message: wrong header size.\n",
5083 __func__));
5084 error = EINVAL;
5085 goto fail;
5086 }
5087 mode = ((struct sadb_x_sa2 *)
5088 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5089 reqid = ((struct sadb_x_sa2 *)
5090 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5091 }
5092
5093 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5094 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5095
5096 /* map satype to proto */
5097 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5098 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
5099 __func__));
5100 error = EINVAL;
5101 goto fail;
5102 }
5103 error = key_checksockaddrs((struct sockaddr *)(src0 + 1),
5104 (struct sockaddr *)(dst0 + 1));
5105 if (error != 0) {
5106 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__));
5107 error = EINVAL;
5108 goto fail;
5109 }
5110 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5111
5112 /* SPI allocation */
5113 SPI_ALLOC_LOCK();
5114 spi = key_do_getnewspi(
5115 (struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], &saidx);
5116 if (spi == 0) {
5117 /*
5118 * Requested SPI or SPI range is not available or
5119 * already used.
5120 */
5121 SPI_ALLOC_UNLOCK();
5122 error = EEXIST;
5123 goto fail;
5124 }
5125 sav = key_newsav(mhp, &saidx, spi, &error);
5126 SPI_ALLOC_UNLOCK();
5127 if (sav == NULL)
5128 goto fail;
5129
5130 if (sav->seq != 0) {
5131 /*
5132 * RFC2367:
5133 * If the SADB_GETSPI message is in response to a
5134 * kernel-generated SADB_ACQUIRE, the sadb_msg_seq
5135 * MUST be the same as the SADB_ACQUIRE message.
5136 *
5137 * XXXAE: However it doesn't definethe behaviour how to
5138 * check this and what to do if it doesn't match.
5139 * Also what we should do if it matches?
5140 *
5141 * We can compare saidx used in SADB_ACQUIRE with saidx
5142 * used in SADB_GETSPI, but this probably can break
5143 * existing software. For now just warn if it doesn't match.
5144 *
5145 * XXXAE: anyway it looks useless.
5146 */
5147 key_acqdone(&saidx, sav->seq);
5148 }
5149 KEYDBG(KEY_STAMP,
5150 printf("%s: SA(%p)\n", __func__, sav));
5151 KEYDBG(KEY_DATA, kdebug_secasv(sav));
5152
5153 {
5154 struct mbuf *n, *nn;
5155 struct sadb_sa *m_sa;
5156 struct sadb_msg *newmsg;
5157 int off, len;
5158
5159 /* create new sadb_msg to reply. */
5160 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
5161 PFKEY_ALIGN8(sizeof(struct sadb_sa));
5162
5163 n = key_mget(len);
5164 if (n == NULL) {
5165 error = ENOBUFS;
5166 goto fail;
5167 }
5168
5169 n->m_len = len;
5170 n->m_next = NULL;
5171 off = 0;
5172
5173 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
5174 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
5175
5176 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off);
5177 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
5178 m_sa->sadb_sa_exttype = SADB_EXT_SA;
5179 m_sa->sadb_sa_spi = spi; /* SPI is already in network byte order */
5180 off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
5181
5182 IPSEC_ASSERT(off == len,
5183 ("length inconsistency (off %u len %u)", off, len));
5184
5185 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC,
5186 SADB_EXT_ADDRESS_DST);
5187 if (!n->m_next) {
5188 m_freem(n);
5189 error = ENOBUFS;
5190 goto fail;
5191 }
5192
5193 if (n->m_len < sizeof(struct sadb_msg)) {
5194 n = m_pullup(n, sizeof(struct sadb_msg));
5195 if (n == NULL)
5196 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
5197 }
5198
5199 n->m_pkthdr.len = 0;
5200 for (nn = n; nn; nn = nn->m_next)
5201 n->m_pkthdr.len += nn->m_len;
5202
5203 newmsg = mtod(n, struct sadb_msg *);
5204 newmsg->sadb_msg_seq = sav->seq;
5205 newmsg->sadb_msg_errno = 0;
5206 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5207
5208 m_freem(m);
5209 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
5210 }
5211
5212 fail:
5213 return (key_senderror(so, m, error));
5214 }
5215
5216 /*
5217 * allocating new SPI
5218 * called by key_getspi().
5219 * OUT:
5220 * 0: failure.
5221 * others: success, SPI in network byte order.
5222 */
5223 static uint32_t
key_do_getnewspi(struct sadb_spirange * spirange,struct secasindex * saidx)5224 key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx)
5225 {
5226 uint32_t min, max, newspi, t;
5227 int tries, limit;
5228
5229 SPI_ALLOC_LOCK_ASSERT();
5230
5231 /* set spi range to allocate */
5232 if (spirange != NULL) {
5233 min = spirange->sadb_spirange_min;
5234 max = spirange->sadb_spirange_max;
5235 } else {
5236 min = V_key_spi_minval;
5237 max = V_key_spi_maxval;
5238 }
5239 /* IPCOMP needs 2-byte SPI */
5240 if (saidx->proto == IPPROTO_IPCOMP) {
5241 if (min >= 0x10000)
5242 min = 0xffff;
5243 if (max >= 0x10000)
5244 max = 0xffff;
5245 if (min > max) {
5246 t = min; min = max; max = t;
5247 }
5248 }
5249
5250 if (min == max) {
5251 if (key_checkspidup(htonl(min))) {
5252 ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n",
5253 __func__, min));
5254 return 0;
5255 }
5256
5257 tries = 1;
5258 newspi = min;
5259 } else {
5260 /* init SPI */
5261 newspi = 0;
5262
5263 limit = atomic_load_int(&V_key_spi_trycnt);
5264 /* when requesting to allocate spi ranged */
5265 for (tries = 0; tries < limit; tries++) {
5266 /* generate pseudo-random SPI value ranged. */
5267 newspi = min + (key_random() % (max - min + 1));
5268 if (!key_checkspidup(htonl(newspi)))
5269 break;
5270 }
5271
5272 if (tries == limit || newspi == 0) {
5273 ipseclog((LOG_DEBUG,
5274 "%s: failed to allocate SPI.\n", __func__));
5275 return 0;
5276 }
5277 }
5278
5279 /* statistics */
5280 keystat.getspi_count =
5281 (keystat.getspi_count + tries) / 2;
5282
5283 return (htonl(newspi));
5284 }
5285
5286 /*
5287 * Find TCP-MD5 SA with corresponding secasindex.
5288 * If not found, return NULL and fill SPI with usable value if needed.
5289 */
5290 static struct secasvar *
key_getsav_tcpmd5(struct secasindex * saidx,uint32_t * spi)5291 key_getsav_tcpmd5(struct secasindex *saidx, uint32_t *spi)
5292 {
5293 SAHTREE_RLOCK_TRACKER;
5294 struct secashead *sah;
5295 struct secasvar *sav;
5296
5297 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, ("wrong proto"));
5298 SAHTREE_RLOCK();
5299 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) {
5300 if (sah->saidx.proto != IPPROTO_TCP)
5301 continue;
5302 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) &&
5303 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0))
5304 break;
5305 }
5306 if (sah != NULL) {
5307 if (V_key_preferred_oldsa)
5308 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue);
5309 else
5310 sav = TAILQ_FIRST(&sah->savtree_alive);
5311 if (sav != NULL) {
5312 SAV_ADDREF(sav);
5313 SAHTREE_RUNLOCK();
5314 return (sav);
5315 }
5316 }
5317 if (spi == NULL) {
5318 /* No SPI required */
5319 SAHTREE_RUNLOCK();
5320 return (NULL);
5321 }
5322 /* Check that SPI is unique */
5323 LIST_FOREACH(sav, SAVHASH_HASH(*spi), spihash) {
5324 if (sav->spi == *spi)
5325 break;
5326 }
5327 if (sav == NULL) {
5328 SAHTREE_RUNLOCK();
5329 /* SPI is already unique */
5330 return (NULL);
5331 }
5332 SAHTREE_RUNLOCK();
5333 /* XXX: not optimal */
5334 *spi = key_do_getnewspi(NULL, saidx);
5335 return (NULL);
5336 }
5337
5338 static int
key_updateaddresses(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp,struct secasvar * sav,struct secasindex * saidx)5339 key_updateaddresses(struct socket *so, struct mbuf *m,
5340 const struct sadb_msghdr *mhp, struct secasvar *sav,
5341 struct secasindex *saidx)
5342 {
5343 struct sockaddr *newaddr;
5344 struct secashead *sah;
5345 struct secasvar *newsav, *tmp;
5346 struct mbuf *n;
5347 int error, isnew;
5348
5349 /* Check that we need to change SAH */
5350 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC)) {
5351 newaddr = (struct sockaddr *)(
5352 ((struct sadb_address *)
5353 mhp->ext[SADB_X_EXT_NEW_ADDRESS_SRC]) + 1);
5354 bcopy(newaddr, &saidx->src, newaddr->sa_len);
5355 key_porttosaddr(&saidx->src.sa, 0);
5356 }
5357 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) {
5358 newaddr = (struct sockaddr *)(
5359 ((struct sadb_address *)
5360 mhp->ext[SADB_X_EXT_NEW_ADDRESS_DST]) + 1);
5361 bcopy(newaddr, &saidx->dst, newaddr->sa_len);
5362 key_porttosaddr(&saidx->dst.sa, 0);
5363 }
5364 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) ||
5365 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) {
5366 error = key_checksockaddrs(&saidx->src.sa, &saidx->dst.sa);
5367 if (error != 0) {
5368 ipseclog((LOG_DEBUG, "%s: invalid new sockaddr.\n",
5369 __func__));
5370 return (error);
5371 }
5372
5373 sah = key_getsah(saidx);
5374 if (sah == NULL) {
5375 /* create a new SA index */
5376 sah = key_newsah(saidx);
5377 if (sah == NULL) {
5378 ipseclog((LOG_DEBUG,
5379 "%s: No more memory.\n", __func__));
5380 return (ENOBUFS);
5381 }
5382 isnew = 2; /* SAH is new */
5383 } else
5384 isnew = 1; /* existing SAH is referenced */
5385 } else {
5386 /*
5387 * src and dst addresses are still the same.
5388 * Do we want to change NAT-T config?
5389 */
5390 if (sav->sah->saidx.proto != IPPROTO_ESP ||
5391 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) ||
5392 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) ||
5393 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) {
5394 ipseclog((LOG_DEBUG,
5395 "%s: invalid message: missing required header.\n",
5396 __func__));
5397 return (EINVAL);
5398 }
5399 /* We hold reference to SA, thus SAH will be referenced too. */
5400 sah = sav->sah;
5401 isnew = 0;
5402 }
5403
5404 newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA,
5405 M_NOWAIT | M_ZERO);
5406 if (newsav == NULL) {
5407 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
5408 error = ENOBUFS;
5409 goto fail;
5410 }
5411
5412 /* Clone SA's content into newsav */
5413 SAV_INITREF(newsav);
5414 bcopy(sav, newsav, offsetof(struct secasvar, chain));
5415 #ifdef IPSEC_OFFLOAD
5416 CK_LIST_INIT(&newsav->accel_ifps);
5417 newsav->accel_forget_tq = 0;
5418 newsav->accel_lft_sw = uma_zalloc_pcpu(ipsec_key_lft_zone,
5419 M_NOWAIT | M_ZERO);
5420 if (newsav->accel_lft_sw == NULL) {
5421 error = ENOBUFS;
5422 goto fail;
5423 }
5424 if (sav->accel_ifname != NULL) {
5425 struct sadb_x_if_hw_offl xof;
5426
5427 newsav->accel_ifname = malloc(sizeof(xof.sadb_x_if_hw_offl_if),
5428 M_IPSEC_MISC, M_NOWAIT);
5429 if (newsav->accel_ifname == NULL) {
5430 error = ENOBUFS;
5431 goto fail;
5432 }
5433 strncpy(__DECONST(char *, sav->accel_ifname),
5434 newsav->accel_ifname,
5435 sizeof(xof.sadb_x_if_hw_offl_if));
5436 }
5437 #endif
5438
5439 /*
5440 * We create new NAT-T config if it is needed.
5441 * Old NAT-T config will be freed by key_cleansav() when
5442 * last reference to SA will be released.
5443 */
5444 newsav->natt = NULL;
5445 newsav->sah = sah;
5446 newsav->state = SADB_SASTATE_MATURE;
5447 error = key_setnatt(newsav, mhp);
5448 if (error != 0)
5449 goto fail;
5450
5451 SAHTREE_WLOCK();
5452 /* Check that SA is still alive */
5453 if (sav->state == SADB_SASTATE_DEAD) {
5454 /* SA was unlinked */
5455 SAHTREE_WUNLOCK();
5456 error = ESRCH;
5457 goto fail;
5458 }
5459
5460 /* Unlink SA from SAH and SPI hash */
5461 IPSEC_ASSERT((sav->flags & SADB_X_EXT_F_CLONED) == 0,
5462 ("SA is already cloned"));
5463 IPSEC_ASSERT(sav->state == SADB_SASTATE_MATURE ||
5464 sav->state == SADB_SASTATE_DYING,
5465 ("Wrong SA state %u\n", sav->state));
5466 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain);
5467 LIST_REMOVE(sav, spihash);
5468 sav->state = SADB_SASTATE_DEAD;
5469 ipsec_accel_forget_sav(sav);
5470
5471 /*
5472 * Link new SA with SAH. Keep SAs ordered by
5473 * create time (newer are first).
5474 */
5475 TAILQ_FOREACH(tmp, &sah->savtree_alive, chain) {
5476 if (newsav->created > tmp->created) {
5477 TAILQ_INSERT_BEFORE(tmp, newsav, chain);
5478 break;
5479 }
5480 }
5481 if (tmp == NULL)
5482 TAILQ_INSERT_TAIL(&sah->savtree_alive, newsav, chain);
5483
5484 /* Add new SA into SPI hash. */
5485 LIST_INSERT_HEAD(SAVHASH_HASH(newsav->spi), newsav, spihash);
5486
5487 /* Add new SAH into SADB. */
5488 if (isnew == 2) {
5489 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain);
5490 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash);
5491 sah->state = SADB_SASTATE_MATURE;
5492 SAH_ADDREF(sah); /* newsav references new SAH */
5493 }
5494 /*
5495 * isnew == 1 -> @sah was referenced by key_getsah().
5496 * isnew == 0 -> we use the same @sah, that was used by @sav,
5497 * and we use its reference for @newsav.
5498 */
5499 SECASVAR_WLOCK(sav);
5500 /* XXX: replace cntr with pointer? */
5501 newsav->cntr = sav->cntr;
5502 sav->flags |= SADB_X_EXT_F_CLONED;
5503 SECASVAR_WUNLOCK(sav);
5504
5505 SAHTREE_WUNLOCK();
5506
5507 KEYDBG(KEY_STAMP,
5508 printf("%s: SA(%p) cloned into SA(%p)\n",
5509 __func__, sav, newsav));
5510 KEYDBG(KEY_DATA, kdebug_secasv(newsav));
5511
5512 key_freesav(&sav); /* release last reference */
5513
5514 /* set msg buf from mhp */
5515 n = key_getmsgbuf_x1(m, mhp);
5516 if (n == NULL) {
5517 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
5518 return (ENOBUFS);
5519 }
5520 m_freem(m);
5521 key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5522 return (0);
5523 fail:
5524 if (isnew != 0)
5525 key_freesah(&sah);
5526 if (newsav != NULL) {
5527 #ifdef IPSEC_OFFLOAD
5528 uma_zfree_pcpu(ipsec_key_lft_zone, newsav->accel_lft_sw);
5529 free(__DECONST(char *, newsav->accel_ifname), M_IPSEC_MISC);
5530 #endif
5531 if (newsav->natt != NULL)
5532 free(newsav->natt, M_IPSEC_MISC);
5533 free(newsav, M_IPSEC_SA);
5534 }
5535 return (error);
5536 }
5537
5538 /*
5539 * SADB_UPDATE processing
5540 * receive
5541 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5542 * key(AE), (identity(SD),) (sensitivity)>
5543 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
5544 * and send
5545 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5546 * (identity(SD),) (sensitivity)>
5547 * to the ikmpd.
5548 *
5549 * m will always be freed.
5550 */
5551 static int
key_update(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)5552 key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
5553 {
5554 struct secasindex saidx;
5555 struct sadb_address *src0, *dst0;
5556 struct sadb_sa *sa0;
5557 struct secasvar *sav;
5558 uint32_t reqid;
5559 int error;
5560 uint8_t mode, proto;
5561
5562 IPSEC_ASSERT(so != NULL, ("null socket"));
5563 IPSEC_ASSERT(m != NULL, ("null mbuf"));
5564 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
5565 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
5566
5567 /* map satype to proto */
5568 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5569 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
5570 __func__));
5571 return key_senderror(so, m, EINVAL);
5572 }
5573
5574 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) ||
5575 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) ||
5576 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) ||
5577 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) &&
5578 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) ||
5579 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) &&
5580 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) {
5581 ipseclog((LOG_DEBUG,
5582 "%s: invalid message: missing required header.\n",
5583 __func__));
5584 return key_senderror(so, m, EINVAL);
5585 }
5586 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) ||
5587 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) ||
5588 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) {
5589 ipseclog((LOG_DEBUG,
5590 "%s: invalid message: wrong header size.\n", __func__));
5591 return key_senderror(so, m, EINVAL);
5592 }
5593 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) {
5594 mode = IPSEC_MODE_ANY;
5595 reqid = 0;
5596 } else {
5597 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) {
5598 ipseclog((LOG_DEBUG,
5599 "%s: invalid message: wrong header size.\n",
5600 __func__));
5601 return key_senderror(so, m, EINVAL);
5602 }
5603 mode = ((struct sadb_x_sa2 *)
5604 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5605 reqid = ((struct sadb_x_sa2 *)
5606 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5607 }
5608
5609 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5610 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5611 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5612
5613 /*
5614 * Only SADB_SASTATE_MATURE SAs may be submitted in an
5615 * SADB_UPDATE message.
5616 */
5617 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) {
5618 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__));
5619 #ifdef PFKEY_STRICT_CHECKS
5620 return key_senderror(so, m, EINVAL);
5621 #endif
5622 }
5623 error = key_checksockaddrs((struct sockaddr *)(src0 + 1),
5624 (struct sockaddr *)(dst0 + 1));
5625 if (error != 0) {
5626 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__));
5627 return key_senderror(so, m, error);
5628 }
5629 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5630 sav = key_getsavbyspi(sa0->sadb_sa_spi);
5631 if (sav == NULL) {
5632 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u\n",
5633 __func__, ntohl(sa0->sadb_sa_spi)));
5634 return key_senderror(so, m, EINVAL);
5635 }
5636 /*
5637 * Check that SADB_UPDATE issued by the same process that did
5638 * SADB_GETSPI or SADB_ADD.
5639 */
5640 if (sav->pid != mhp->msg->sadb_msg_pid) {
5641 ipseclog((LOG_DEBUG,
5642 "%s: pid mismatched (SPI %u, pid %u vs. %u)\n", __func__,
5643 ntohl(sav->spi), sav->pid, mhp->msg->sadb_msg_pid));
5644 key_freesav(&sav);
5645 return key_senderror(so, m, EINVAL);
5646 }
5647 /* saidx should match with SA. */
5648 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_MODE_REQID) == 0) {
5649 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u\n",
5650 __func__, ntohl(sav->spi)));
5651 key_freesav(&sav);
5652 return key_senderror(so, m, ESRCH);
5653 }
5654
5655 if (sav->state == SADB_SASTATE_LARVAL) {
5656 if ((mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
5657 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) ||
5658 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
5659 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH))) {
5660 ipseclog((LOG_DEBUG,
5661 "%s: invalid message: missing required header.\n",
5662 __func__));
5663 key_freesav(&sav);
5664 return key_senderror(so, m, EINVAL);
5665 }
5666 /*
5667 * We can set any values except src, dst and SPI.
5668 */
5669 error = key_setsaval(sav, mhp);
5670 if (error != 0) {
5671 key_freesav(&sav);
5672 return (key_senderror(so, m, error));
5673 }
5674 /* Change SA state to MATURE */
5675 SAHTREE_WLOCK();
5676 if (sav->state != SADB_SASTATE_LARVAL) {
5677 /* SA was deleted or another thread made it MATURE. */
5678 SAHTREE_WUNLOCK();
5679 key_freesav(&sav);
5680 return (key_senderror(so, m, ESRCH));
5681 }
5682 /*
5683 * NOTE: we keep SAs in savtree_alive ordered by created
5684 * time. When SA's state changed from LARVAL to MATURE,
5685 * we update its created time in key_setsaval() and move
5686 * it into head of savtree_alive.
5687 */
5688 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain);
5689 TAILQ_INSERT_HEAD(&sav->sah->savtree_alive, sav, chain);
5690 sav->state = SADB_SASTATE_MATURE;
5691 SAHTREE_WUNLOCK();
5692 } else {
5693 /*
5694 * For DYING and MATURE SA we can change only state
5695 * and lifetimes. Report EINVAL if something else attempted
5696 * to change.
5697 */
5698 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) ||
5699 !SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) {
5700 key_freesav(&sav);
5701 return (key_senderror(so, m, EINVAL));
5702 }
5703 error = key_updatelifetimes(sav, mhp);
5704 if (error != 0) {
5705 key_freesav(&sav);
5706 return (key_senderror(so, m, error));
5707 }
5708 /*
5709 * This is FreeBSD extension to RFC2367.
5710 * IKEd can specify SADB_X_EXT_NEW_ADDRESS_SRC and/or
5711 * SADB_X_EXT_NEW_ADDRESS_DST when it wants to change
5712 * SA addresses (for example to implement MOBIKE protocol
5713 * as described in RFC4555). Also we allow to change
5714 * NAT-T config.
5715 */
5716 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) ||
5717 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST) ||
5718 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) ||
5719 sav->natt != NULL) {
5720 error = key_updateaddresses(so, m, mhp, sav, &saidx);
5721 key_freesav(&sav);
5722 if (error != 0)
5723 return (key_senderror(so, m, error));
5724 return (0);
5725 }
5726 /* Check that SA is still alive */
5727 SAHTREE_WLOCK();
5728 if (sav->state == SADB_SASTATE_DEAD) {
5729 /* SA was unlinked */
5730 SAHTREE_WUNLOCK();
5731 key_freesav(&sav);
5732 return (key_senderror(so, m, ESRCH));
5733 }
5734 /*
5735 * NOTE: there is possible state moving from DYING to MATURE,
5736 * but this doesn't change created time, so we won't reorder
5737 * this SA.
5738 */
5739 sav->state = SADB_SASTATE_MATURE;
5740 SAHTREE_WUNLOCK();
5741 }
5742 KEYDBG(KEY_STAMP,
5743 printf("%s: SA(%p)\n", __func__, sav));
5744 KEYDBG(KEY_DATA, kdebug_secasv(sav));
5745 ipsec_accel_sa_newkey(sav);
5746 key_freesav(&sav);
5747
5748 {
5749 struct mbuf *n;
5750
5751 /* set msg buf from mhp */
5752 n = key_getmsgbuf_x1(m, mhp);
5753 if (n == NULL) {
5754 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
5755 return key_senderror(so, m, ENOBUFS);
5756 }
5757
5758 m_freem(m);
5759 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5760 }
5761 }
5762
5763 /*
5764 * SADB_ADD processing
5765 * add an entry to SA database, when received
5766 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5767 * key(AE), (identity(SD),) (sensitivity)>
5768 * from the ikmpd,
5769 * and send
5770 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5771 * (identity(SD),) (sensitivity)>
5772 * to the ikmpd.
5773 *
5774 * IGNORE identity and sensitivity messages.
5775 *
5776 * m will always be freed.
5777 */
5778 static int
key_add(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)5779 key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
5780 {
5781 struct secasindex saidx;
5782 struct sadb_address *src0, *dst0;
5783 struct sadb_sa *sa0;
5784 struct secasvar *sav;
5785 uint32_t reqid, spi;
5786 uint8_t mode, proto;
5787 int error;
5788
5789 IPSEC_ASSERT(so != NULL, ("null socket"));
5790 IPSEC_ASSERT(m != NULL, ("null mbuf"));
5791 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
5792 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
5793
5794 /* map satype to proto */
5795 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5796 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
5797 __func__));
5798 return key_senderror(so, m, EINVAL);
5799 }
5800
5801 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) ||
5802 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) ||
5803 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) ||
5804 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && (
5805 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) ||
5806 SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT))) ||
5807 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && (
5808 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH) ||
5809 SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH))) ||
5810 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) &&
5811 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) ||
5812 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) &&
5813 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) {
5814 ipseclog((LOG_DEBUG,
5815 "%s: invalid message: missing required header.\n",
5816 __func__));
5817 return key_senderror(so, m, EINVAL);
5818 }
5819 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) ||
5820 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) ||
5821 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) {
5822 ipseclog((LOG_DEBUG,
5823 "%s: invalid message: wrong header size.\n", __func__));
5824 return key_senderror(so, m, EINVAL);
5825 }
5826 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) {
5827 mode = IPSEC_MODE_ANY;
5828 reqid = 0;
5829 } else {
5830 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) {
5831 ipseclog((LOG_DEBUG,
5832 "%s: invalid message: wrong header size.\n",
5833 __func__));
5834 return key_senderror(so, m, EINVAL);
5835 }
5836 mode = ((struct sadb_x_sa2 *)
5837 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5838 reqid = ((struct sadb_x_sa2 *)
5839 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5840 }
5841
5842 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5843 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
5844 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
5845
5846 /*
5847 * Only SADB_SASTATE_MATURE SAs may be submitted in an
5848 * SADB_ADD message.
5849 */
5850 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) {
5851 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__));
5852 #ifdef PFKEY_STRICT_CHECKS
5853 return key_senderror(so, m, EINVAL);
5854 #endif
5855 }
5856 error = key_checksockaddrs((struct sockaddr *)(src0 + 1),
5857 (struct sockaddr *)(dst0 + 1));
5858 if (error != 0) {
5859 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__));
5860 return key_senderror(so, m, error);
5861 }
5862 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5863 spi = sa0->sadb_sa_spi;
5864 /*
5865 * For TCP-MD5 SAs we don't use SPI. Check the uniqueness using
5866 * secasindex.
5867 * XXXAE: IPComp seems also doesn't use SPI.
5868 */
5869 SPI_ALLOC_LOCK();
5870 if (proto == IPPROTO_TCP) {
5871 sav = key_getsav_tcpmd5(&saidx, &spi);
5872 if (sav == NULL && spi == 0) {
5873 SPI_ALLOC_UNLOCK();
5874 /* Failed to allocate SPI */
5875 ipseclog((LOG_DEBUG, "%s: SA already exists.\n",
5876 __func__));
5877 return key_senderror(so, m, EEXIST);
5878 }
5879 /* XXX: SPI that we report back can have another value */
5880 } else {
5881 /* We can create new SA only if SPI is different. */
5882 sav = key_getsavbyspi(spi);
5883 }
5884 if (sav != NULL) {
5885 SPI_ALLOC_UNLOCK();
5886 key_freesav(&sav);
5887 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__));
5888 return key_senderror(so, m, EEXIST);
5889 }
5890
5891 sav = key_newsav(mhp, &saidx, spi, &error);
5892 SPI_ALLOC_UNLOCK();
5893 if (sav == NULL)
5894 return key_senderror(so, m, error);
5895 KEYDBG(KEY_STAMP,
5896 printf("%s: return SA(%p)\n", __func__, sav));
5897 KEYDBG(KEY_DATA, kdebug_secasv(sav));
5898 ipsec_accel_sa_newkey(sav);
5899 /*
5900 * If SADB_ADD was in response to SADB_ACQUIRE, we need to schedule
5901 * ACQ for deletion.
5902 */
5903 if (sav->seq != 0)
5904 key_acqdone(&saidx, sav->seq);
5905
5906 {
5907 /*
5908 * Don't call key_freesav() on error here, as we would like to
5909 * keep the SA in the database.
5910 */
5911 struct mbuf *n;
5912
5913 /* set msg buf from mhp */
5914 n = key_getmsgbuf_x1(m, mhp);
5915 if (n == NULL) {
5916 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
5917 return key_senderror(so, m, ENOBUFS);
5918 }
5919
5920 m_freem(m);
5921 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5922 }
5923 }
5924
5925 /*
5926 * NAT-T support.
5927 * IKEd may request the use ESP in UDP encapsulation when it detects the
5928 * presence of NAT. It uses NAT-T extension headers for such SAs to specify
5929 * parameters needed for encapsulation and decapsulation. These PF_KEY
5930 * extension headers are not standardized, so this comment addresses our
5931 * implementation.
5932 * SADB_X_EXT_NAT_T_TYPE specifies type of encapsulation, we support only
5933 * UDP_ENCAP_ESPINUDP as described in RFC3948.
5934 * SADB_X_EXT_NAT_T_SPORT/DPORT specifies source and destination ports for
5935 * UDP header. We use these ports in UDP encapsulation procedure, also we
5936 * can check them in UDP decapsulation procedure.
5937 * SADB_X_EXT_NAT_T_OA[IR] specifies original address of initiator or
5938 * responder. These addresses can be used for transport mode to adjust
5939 * checksum after decapsulation and decryption. Since original IP addresses
5940 * used by peer usually different (we detected presence of NAT), TCP/UDP
5941 * pseudo header checksum and IP header checksum was calculated using original
5942 * addresses. After decapsulation and decryption we need to adjust checksum
5943 * to have correct datagram.
5944 *
5945 * We expect presence of NAT-T extension headers only in SADB_ADD and
5946 * SADB_UPDATE messages. We report NAT-T extension headers in replies
5947 * to SADB_ADD, SADB_UPDATE, SADB_GET, and SADB_DUMP messages.
5948 */
5949 static int
key_setnatt(struct secasvar * sav,const struct sadb_msghdr * mhp)5950 key_setnatt(struct secasvar *sav, const struct sadb_msghdr *mhp)
5951 {
5952 struct sadb_x_nat_t_port *port;
5953 struct sadb_x_nat_t_type *type;
5954 struct sadb_address *oai, *oar;
5955 struct sockaddr *sa;
5956 uint32_t addr;
5957 uint16_t cksum;
5958 int i;
5959
5960 IPSEC_ASSERT(sav->natt == NULL, ("natt is already initialized"));
5961 /*
5962 * Ignore NAT-T headers if sproto isn't ESP.
5963 */
5964 if (sav->sah->saidx.proto != IPPROTO_ESP)
5965 return (0);
5966
5967 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) &&
5968 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) &&
5969 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) {
5970 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_TYPE) ||
5971 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_SPORT) ||
5972 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_DPORT)) {
5973 ipseclog((LOG_DEBUG,
5974 "%s: invalid message: wrong header size.\n",
5975 __func__));
5976 return (EINVAL);
5977 }
5978 } else
5979 return (0);
5980
5981 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE];
5982 if (type->sadb_x_nat_t_type_type != UDP_ENCAP_ESPINUDP) {
5983 ipseclog((LOG_DEBUG, "%s: unsupported NAT-T type %u.\n",
5984 __func__, type->sadb_x_nat_t_type_type));
5985 return (EINVAL);
5986 }
5987 /*
5988 * Allocate storage for NAT-T config.
5989 * On error it will be released by key_cleansav().
5990 */
5991 sav->natt = malloc(sizeof(struct secnatt), M_IPSEC_MISC,
5992 M_NOWAIT | M_ZERO);
5993 if (sav->natt == NULL) {
5994 PFKEYSTAT_INC(in_nomem);
5995 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
5996 return (ENOBUFS);
5997 }
5998 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT];
5999 if (port->sadb_x_nat_t_port_port == 0) {
6000 ipseclog((LOG_DEBUG, "%s: invalid NAT-T sport specified.\n",
6001 __func__));
6002 return (EINVAL);
6003 }
6004 sav->natt->sport = port->sadb_x_nat_t_port_port;
6005 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT];
6006 if (port->sadb_x_nat_t_port_port == 0) {
6007 ipseclog((LOG_DEBUG, "%s: invalid NAT-T dport specified.\n",
6008 __func__));
6009 return (EINVAL);
6010 }
6011 sav->natt->dport = port->sadb_x_nat_t_port_port;
6012
6013 /*
6014 * SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR are optional
6015 * and needed only for transport mode IPsec.
6016 * Usually NAT translates only one address, but it is possible,
6017 * that both addresses could be translated.
6018 * NOTE: Value of SADB_X_EXT_NAT_T_OAI is equal to SADB_X_EXT_NAT_T_OA.
6019 */
6020 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAI)) {
6021 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAI)) {
6022 ipseclog((LOG_DEBUG,
6023 "%s: invalid message: wrong header size.\n",
6024 __func__));
6025 return (EINVAL);
6026 }
6027 oai = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI];
6028 } else
6029 oai = NULL;
6030 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAR)) {
6031 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAR)) {
6032 ipseclog((LOG_DEBUG,
6033 "%s: invalid message: wrong header size.\n",
6034 __func__));
6035 return (EINVAL);
6036 }
6037 oar = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR];
6038 } else
6039 oar = NULL;
6040
6041 /* Initialize addresses only for transport mode */
6042 if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) {
6043 cksum = 0;
6044 if (oai != NULL) {
6045 sa = (struct sockaddr *)(oai + 1);
6046 switch (sa->sa_family) {
6047 #ifdef AF_INET
6048 case AF_INET:
6049 if (sa->sa_len != sizeof(struct sockaddr_in)) {
6050 ipseclog((LOG_DEBUG,
6051 "%s: wrong NAT-OAi header.\n",
6052 __func__));
6053 return (EINVAL);
6054 }
6055 /* Ignore address if it the same */
6056 if (((struct sockaddr_in *)sa)->sin_addr.s_addr !=
6057 sav->sah->saidx.src.sin.sin_addr.s_addr) {
6058 bcopy(sa, &sav->natt->oai.sa, sa->sa_len);
6059 sav->natt->flags |= IPSEC_NATT_F_OAI;
6060 /* Calculate checksum delta */
6061 addr = sav->sah->saidx.src.sin.sin_addr.s_addr;
6062 cksum = in_addword(cksum, ~addr >> 16);
6063 cksum = in_addword(cksum, ~addr & 0xffff);
6064 addr = sav->natt->oai.sin.sin_addr.s_addr;
6065 cksum = in_addword(cksum, addr >> 16);
6066 cksum = in_addword(cksum, addr & 0xffff);
6067 }
6068 break;
6069 #endif
6070 #ifdef AF_INET6
6071 case AF_INET6:
6072 if (sa->sa_len != sizeof(struct sockaddr_in6)) {
6073 ipseclog((LOG_DEBUG,
6074 "%s: wrong NAT-OAi header.\n",
6075 __func__));
6076 return (EINVAL);
6077 }
6078 /* Ignore address if it the same */
6079 if (memcmp(&((struct sockaddr_in6 *)sa)->sin6_addr.s6_addr,
6080 &sav->sah->saidx.src.sin6.sin6_addr.s6_addr,
6081 sizeof(struct in6_addr)) != 0) {
6082 bcopy(sa, &sav->natt->oai.sa, sa->sa_len);
6083 sav->natt->flags |= IPSEC_NATT_F_OAI;
6084 /* Calculate checksum delta */
6085 for (i = 0; i < 8; i++) {
6086 cksum = in_addword(cksum,
6087 ~sav->sah->saidx.src.sin6.sin6_addr.s6_addr16[i]);
6088 cksum = in_addword(cksum,
6089 sav->natt->oai.sin6.sin6_addr.s6_addr16[i]);
6090 }
6091 }
6092 break;
6093 #endif
6094 default:
6095 ipseclog((LOG_DEBUG,
6096 "%s: wrong NAT-OAi header.\n",
6097 __func__));
6098 return (EINVAL);
6099 }
6100 }
6101 if (oar != NULL) {
6102 sa = (struct sockaddr *)(oar + 1);
6103 switch (sa->sa_family) {
6104 #ifdef AF_INET
6105 case AF_INET:
6106 if (sa->sa_len != sizeof(struct sockaddr_in)) {
6107 ipseclog((LOG_DEBUG,
6108 "%s: wrong NAT-OAr header.\n",
6109 __func__));
6110 return (EINVAL);
6111 }
6112 /* Ignore address if it the same */
6113 if (((struct sockaddr_in *)sa)->sin_addr.s_addr !=
6114 sav->sah->saidx.dst.sin.sin_addr.s_addr) {
6115 bcopy(sa, &sav->natt->oar.sa, sa->sa_len);
6116 sav->natt->flags |= IPSEC_NATT_F_OAR;
6117 /* Calculate checksum delta */
6118 addr = sav->sah->saidx.dst.sin.sin_addr.s_addr;
6119 cksum = in_addword(cksum, ~addr >> 16);
6120 cksum = in_addword(cksum, ~addr & 0xffff);
6121 addr = sav->natt->oar.sin.sin_addr.s_addr;
6122 cksum = in_addword(cksum, addr >> 16);
6123 cksum = in_addword(cksum, addr & 0xffff);
6124 }
6125 break;
6126 #endif
6127 #ifdef AF_INET6
6128 case AF_INET6:
6129 if (sa->sa_len != sizeof(struct sockaddr_in6)) {
6130 ipseclog((LOG_DEBUG,
6131 "%s: wrong NAT-OAr header.\n",
6132 __func__));
6133 return (EINVAL);
6134 }
6135 /* Ignore address if it the same */
6136 if (memcmp(&((struct sockaddr_in6 *)sa)->sin6_addr.s6_addr,
6137 &sav->sah->saidx.dst.sin6.sin6_addr.s6_addr, 16) != 0) {
6138 bcopy(sa, &sav->natt->oar.sa, sa->sa_len);
6139 sav->natt->flags |= IPSEC_NATT_F_OAR;
6140 /* Calculate checksum delta */
6141 for (i = 0; i < 8; i++) {
6142 cksum = in_addword(cksum,
6143 ~sav->sah->saidx.dst.sin6.sin6_addr.s6_addr16[i]);
6144 cksum = in_addword(cksum,
6145 sav->natt->oar.sin6.sin6_addr.s6_addr16[i]);
6146 }
6147 }
6148 break;
6149 #endif
6150 default:
6151 ipseclog((LOG_DEBUG,
6152 "%s: wrong NAT-OAr header.\n",
6153 __func__));
6154 return (EINVAL);
6155 }
6156 }
6157 sav->natt->cksum = cksum;
6158 }
6159 return (0);
6160 }
6161
6162 static int
key_setident(struct secashead * sah,const struct sadb_msghdr * mhp)6163 key_setident(struct secashead *sah, const struct sadb_msghdr *mhp)
6164 {
6165 const struct sadb_ident *idsrc, *iddst;
6166
6167 IPSEC_ASSERT(sah != NULL, ("null secashead"));
6168 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
6169 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
6170
6171 /* don't make buffer if not there */
6172 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) &&
6173 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) {
6174 sah->idents = NULL;
6175 sah->identd = NULL;
6176 return (0);
6177 }
6178
6179 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) ||
6180 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) {
6181 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__));
6182 return (EINVAL);
6183 }
6184
6185 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC];
6186 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST];
6187
6188 /* validity check */
6189 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
6190 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__));
6191 return EINVAL;
6192 }
6193
6194 switch (idsrc->sadb_ident_type) {
6195 case SADB_IDENTTYPE_PREFIX:
6196 case SADB_IDENTTYPE_FQDN:
6197 case SADB_IDENTTYPE_USERFQDN:
6198 default:
6199 /* XXX do nothing */
6200 sah->idents = NULL;
6201 sah->identd = NULL;
6202 return 0;
6203 }
6204
6205 /* make structure */
6206 sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT);
6207 if (sah->idents == NULL) {
6208 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
6209 return ENOBUFS;
6210 }
6211 sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT);
6212 if (sah->identd == NULL) {
6213 free(sah->idents, M_IPSEC_MISC);
6214 sah->idents = NULL;
6215 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
6216 return ENOBUFS;
6217 }
6218 sah->idents->type = idsrc->sadb_ident_type;
6219 sah->idents->id = idsrc->sadb_ident_id;
6220
6221 sah->identd->type = iddst->sadb_ident_type;
6222 sah->identd->id = iddst->sadb_ident_id;
6223
6224 return 0;
6225 }
6226
6227 /*
6228 * m will not be freed on return.
6229 * it is caller's responsibility to free the result.
6230 *
6231 * Called from SADB_ADD and SADB_UPDATE. Reply will contain headers
6232 * from the request in defined order.
6233 */
6234 static struct mbuf *
key_getmsgbuf_x1(struct mbuf * m,const struct sadb_msghdr * mhp)6235 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp)
6236 {
6237 struct mbuf *n;
6238
6239 IPSEC_ASSERT(m != NULL, ("null mbuf"));
6240 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
6241 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
6242
6243 /* create new sadb_msg to reply. */
6244 n = key_gather_mbuf(m, mhp, 1, 16, SADB_EXT_RESERVED,
6245 SADB_EXT_SA, SADB_X_EXT_SA2,
6246 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
6247 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
6248 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST,
6249 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT,
6250 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI,
6251 SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NEW_ADDRESS_SRC,
6252 SADB_X_EXT_NEW_ADDRESS_DST);
6253 if (!n)
6254 return NULL;
6255
6256 if (n->m_len < sizeof(struct sadb_msg)) {
6257 n = m_pullup(n, sizeof(struct sadb_msg));
6258 if (n == NULL)
6259 return NULL;
6260 }
6261 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
6262 mtod(n, struct sadb_msg *)->sadb_msg_len =
6263 PFKEY_UNIT64(n->m_pkthdr.len);
6264
6265 return n;
6266 }
6267
6268 /*
6269 * SADB_DELETE processing
6270 * receive
6271 * <base, SA(*), address(SD)>
6272 * from the ikmpd, and set SADB_SASTATE_DEAD,
6273 * and send,
6274 * <base, SA(*), address(SD)>
6275 * to the ikmpd.
6276 *
6277 * m will always be freed.
6278 */
6279 static int
key_delete(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)6280 key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
6281 {
6282 struct secasindex saidx;
6283 struct sadb_address *src0, *dst0;
6284 struct secasvar *sav;
6285 struct sadb_sa *sa0;
6286 uint8_t proto;
6287
6288 IPSEC_ASSERT(so != NULL, ("null socket"));
6289 IPSEC_ASSERT(m != NULL, ("null mbuf"));
6290 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
6291 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
6292
6293 /* map satype to proto */
6294 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6295 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
6296 __func__));
6297 return key_senderror(so, m, EINVAL);
6298 }
6299
6300 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) ||
6301 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) ||
6302 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) ||
6303 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) {
6304 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n",
6305 __func__));
6306 return key_senderror(so, m, EINVAL);
6307 }
6308
6309 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
6310 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
6311
6312 if (key_checksockaddrs((struct sockaddr *)(src0 + 1),
6313 (struct sockaddr *)(dst0 + 1)) != 0) {
6314 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__));
6315 return (key_senderror(so, m, EINVAL));
6316 }
6317 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
6318 if (SADB_CHECKHDR(mhp, SADB_EXT_SA)) {
6319 /*
6320 * Caller wants us to delete all non-LARVAL SAs
6321 * that match the src/dst. This is used during
6322 * IKE INITIAL-CONTACT.
6323 * XXXAE: this looks like some extension to RFC2367.
6324 */
6325 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__));
6326 return (key_delete_all(so, m, mhp, &saidx));
6327 }
6328 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) {
6329 ipseclog((LOG_DEBUG,
6330 "%s: invalid message: wrong header size.\n", __func__));
6331 return (key_senderror(so, m, EINVAL));
6332 }
6333 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
6334 SPI_ALLOC_LOCK();
6335 if (proto == IPPROTO_TCP)
6336 sav = key_getsav_tcpmd5(&saidx, NULL);
6337 else
6338 sav = key_getsavbyspi(sa0->sadb_sa_spi);
6339 SPI_ALLOC_UNLOCK();
6340 if (sav == NULL) {
6341 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u.\n",
6342 __func__, ntohl(sa0->sadb_sa_spi)));
6343 return (key_senderror(so, m, ESRCH));
6344 }
6345 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) {
6346 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n",
6347 __func__, ntohl(sav->spi)));
6348 key_freesav(&sav);
6349 return (key_senderror(so, m, ESRCH));
6350 }
6351 KEYDBG(KEY_STAMP,
6352 printf("%s: SA(%p)\n", __func__, sav));
6353 KEYDBG(KEY_DATA, kdebug_secasv(sav));
6354 key_unlinksav(sav);
6355 key_freesav(&sav);
6356
6357 {
6358 struct mbuf *n;
6359 struct sadb_msg *newmsg;
6360
6361 /* create new sadb_msg to reply. */
6362 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
6363 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
6364 if (!n)
6365 return key_senderror(so, m, ENOBUFS);
6366
6367 if (n->m_len < sizeof(struct sadb_msg)) {
6368 n = m_pullup(n, sizeof(struct sadb_msg));
6369 if (n == NULL)
6370 return key_senderror(so, m, ENOBUFS);
6371 }
6372 newmsg = mtod(n, struct sadb_msg *);
6373 newmsg->sadb_msg_errno = 0;
6374 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
6375
6376 m_freem(m);
6377 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
6378 }
6379 }
6380
6381 /*
6382 * delete all SAs for src/dst. Called from key_delete().
6383 */
6384 static int
key_delete_all(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp,struct secasindex * saidx)6385 key_delete_all(struct socket *so, struct mbuf *m,
6386 const struct sadb_msghdr *mhp, struct secasindex *saidx)
6387 {
6388 struct secasvar_queue drainq;
6389 struct secashead *sah;
6390 struct secasvar *sav, *nextsav;
6391
6392 TAILQ_INIT(&drainq);
6393 SAHTREE_WLOCK();
6394 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) {
6395 if (key_cmpsaidx(&sah->saidx, saidx, CMP_HEAD) == 0)
6396 continue;
6397 /* Move all ALIVE SAs into drainq */
6398 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain);
6399 }
6400 /* Unlink all queued SAs from SPI hash */
6401 TAILQ_FOREACH(sav, &drainq, chain) {
6402 sav->state = SADB_SASTATE_DEAD;
6403 ipsec_accel_forget_sav(sav);
6404 LIST_REMOVE(sav, spihash);
6405 }
6406 SAHTREE_WUNLOCK();
6407 /* Now we can release reference for all SAs in drainq */
6408 sav = TAILQ_FIRST(&drainq);
6409 while (sav != NULL) {
6410 KEYDBG(KEY_STAMP,
6411 printf("%s: SA(%p)\n", __func__, sav));
6412 KEYDBG(KEY_DATA, kdebug_secasv(sav));
6413 nextsav = TAILQ_NEXT(sav, chain);
6414 key_freesah(&sav->sah); /* release reference from SAV */
6415 key_freesav(&sav); /* release last reference */
6416 sav = nextsav;
6417 }
6418
6419 {
6420 struct mbuf *n;
6421 struct sadb_msg *newmsg;
6422
6423 /* create new sadb_msg to reply. */
6424 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED,
6425 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
6426 if (!n)
6427 return key_senderror(so, m, ENOBUFS);
6428
6429 if (n->m_len < sizeof(struct sadb_msg)) {
6430 n = m_pullup(n, sizeof(struct sadb_msg));
6431 if (n == NULL)
6432 return key_senderror(so, m, ENOBUFS);
6433 }
6434 newmsg = mtod(n, struct sadb_msg *);
6435 newmsg->sadb_msg_errno = 0;
6436 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
6437
6438 m_freem(m);
6439 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
6440 }
6441 }
6442
6443 /*
6444 * Delete all alive SAs for corresponding xform.
6445 * Larval SAs have not initialized tdb_xform, so it is safe to leave them
6446 * here when xform disappears.
6447 */
6448 void
key_delete_xform(const struct xformsw * xsp)6449 key_delete_xform(const struct xformsw *xsp)
6450 {
6451 struct secasvar_queue drainq;
6452 struct secashead *sah;
6453 struct secasvar *sav, *nextsav;
6454
6455 TAILQ_INIT(&drainq);
6456 SAHTREE_WLOCK();
6457 TAILQ_FOREACH(sah, &V_sahtree, chain) {
6458 sav = TAILQ_FIRST(&sah->savtree_alive);
6459 if (sav == NULL)
6460 continue;
6461 if (sav->tdb_xform != xsp)
6462 continue;
6463 /*
6464 * It is supposed that all SAs in the chain are related to
6465 * one xform.
6466 */
6467 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain);
6468 }
6469 /* Unlink all queued SAs from SPI hash */
6470 TAILQ_FOREACH(sav, &drainq, chain) {
6471 sav->state = SADB_SASTATE_DEAD;
6472 ipsec_accel_forget_sav(sav);
6473 LIST_REMOVE(sav, spihash);
6474 }
6475 SAHTREE_WUNLOCK();
6476
6477 /* Now we can release reference for all SAs in drainq */
6478 sav = TAILQ_FIRST(&drainq);
6479 while (sav != NULL) {
6480 KEYDBG(KEY_STAMP,
6481 printf("%s: SA(%p)\n", __func__, sav));
6482 KEYDBG(KEY_DATA, kdebug_secasv(sav));
6483 nextsav = TAILQ_NEXT(sav, chain);
6484 key_freesah(&sav->sah); /* release reference from SAV */
6485 key_freesav(&sav); /* release last reference */
6486 sav = nextsav;
6487 }
6488 }
6489
6490 /*
6491 * SADB_GET processing
6492 * receive
6493 * <base, SA(*), address(SD)>
6494 * from the ikmpd, and get a SP and a SA to respond,
6495 * and send,
6496 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
6497 * (identity(SD),) (sensitivity)>
6498 * to the ikmpd.
6499 *
6500 * m will always be freed.
6501 */
6502 static int
key_get(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)6503 key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
6504 {
6505 struct secasindex saidx;
6506 struct sadb_address *src0, *dst0;
6507 struct sadb_sa *sa0;
6508 struct secasvar *sav;
6509 uint8_t proto;
6510
6511 IPSEC_ASSERT(so != NULL, ("null socket"));
6512 IPSEC_ASSERT(m != NULL, ("null mbuf"));
6513 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
6514 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
6515
6516 /* map satype to proto */
6517 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6518 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
6519 __func__));
6520 return key_senderror(so, m, EINVAL);
6521 }
6522
6523 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) ||
6524 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) ||
6525 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST)) {
6526 ipseclog((LOG_DEBUG,
6527 "%s: invalid message: missing required header.\n",
6528 __func__));
6529 return key_senderror(so, m, EINVAL);
6530 }
6531 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) ||
6532 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) ||
6533 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) {
6534 ipseclog((LOG_DEBUG,
6535 "%s: invalid message: wrong header size.\n", __func__));
6536 return key_senderror(so, m, EINVAL);
6537 }
6538
6539 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
6540 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
6541 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
6542
6543 if (key_checksockaddrs((struct sockaddr *)(src0 + 1),
6544 (struct sockaddr *)(dst0 + 1)) != 0) {
6545 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__));
6546 return key_senderror(so, m, EINVAL);
6547 }
6548 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
6549
6550 SPI_ALLOC_LOCK();
6551 if (proto == IPPROTO_TCP)
6552 sav = key_getsav_tcpmd5(&saidx, NULL);
6553 else
6554 sav = key_getsavbyspi(sa0->sadb_sa_spi);
6555 SPI_ALLOC_UNLOCK();
6556 if (sav == NULL) {
6557 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__));
6558 return key_senderror(so, m, ESRCH);
6559 }
6560 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) {
6561 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n",
6562 __func__, ntohl(sa0->sadb_sa_spi)));
6563 key_freesav(&sav);
6564 return (key_senderror(so, m, ESRCH));
6565 }
6566
6567 {
6568 struct mbuf *n;
6569 uint8_t satype;
6570
6571 /* map proto to satype */
6572 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) {
6573 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n",
6574 __func__));
6575 key_freesav(&sav);
6576 return key_senderror(so, m, EINVAL);
6577 }
6578
6579 /* create new sadb_msg to reply. */
6580 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
6581 mhp->msg->sadb_msg_pid, NULL);
6582
6583 key_freesav(&sav);
6584 if (!n)
6585 return key_senderror(so, m, ENOBUFS);
6586
6587 m_freem(m);
6588 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
6589 }
6590 }
6591
6592 /* XXX make it sysctl-configurable? */
6593 static void
key_getcomb_setlifetime(struct sadb_comb * comb)6594 key_getcomb_setlifetime(struct sadb_comb *comb)
6595 {
6596
6597 comb->sadb_comb_soft_allocations = 1;
6598 comb->sadb_comb_hard_allocations = 1;
6599 comb->sadb_comb_soft_bytes = 0;
6600 comb->sadb_comb_hard_bytes = 0;
6601 comb->sadb_comb_hard_addtime = 86400; /* 1 day */
6602 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100;
6603 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */
6604 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
6605 }
6606
6607 /*
6608 * XXX reorder combinations by preference
6609 * XXX no idea if the user wants ESP authentication or not
6610 */
6611 static struct mbuf *
key_getcomb_ealg(void)6612 key_getcomb_ealg(void)
6613 {
6614 struct sadb_comb *comb;
6615 const struct enc_xform *algo;
6616 struct mbuf *result = NULL, *m, *n;
6617 int encmin;
6618 int i, off, o;
6619 int totlen;
6620 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6621
6622 m = NULL;
6623 for (i = 1; i <= SADB_EALG_MAX; i++) {
6624 algo = enc_algorithm_lookup(i);
6625 if (algo == NULL)
6626 continue;
6627
6628 /* discard algorithms with key size smaller than system min */
6629 if (_BITS(algo->maxkey) < V_ipsec_esp_keymin)
6630 continue;
6631 if (_BITS(algo->minkey) < V_ipsec_esp_keymin)
6632 encmin = V_ipsec_esp_keymin;
6633 else
6634 encmin = _BITS(algo->minkey);
6635
6636 if (V_ipsec_esp_auth)
6637 m = key_getcomb_ah();
6638 else {
6639 IPSEC_ASSERT(l <= MLEN,
6640 ("l=%u > MLEN=%lu", l, (u_long) MLEN));
6641 MGET(m, M_NOWAIT, MT_DATA);
6642 if (m) {
6643 M_ALIGN(m, l);
6644 m->m_len = l;
6645 m->m_next = NULL;
6646 bzero(mtod(m, caddr_t), m->m_len);
6647 }
6648 }
6649 if (!m)
6650 goto fail;
6651
6652 totlen = 0;
6653 for (n = m; n; n = n->m_next)
6654 totlen += n->m_len;
6655 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l));
6656
6657 for (off = 0; off < totlen; off += l) {
6658 n = m_pulldown(m, off, l, &o);
6659 if (!n) {
6660 /* m is already freed */
6661 goto fail;
6662 }
6663 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o);
6664 bzero(comb, sizeof(*comb));
6665 key_getcomb_setlifetime(comb);
6666 comb->sadb_comb_encrypt = i;
6667 comb->sadb_comb_encrypt_minbits = encmin;
6668 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey);
6669 }
6670
6671 if (!result)
6672 result = m;
6673 else
6674 m_cat(result, m);
6675 }
6676
6677 return result;
6678
6679 fail:
6680 if (result)
6681 m_freem(result);
6682 return NULL;
6683 }
6684
6685 static void
key_getsizes_ah(const struct auth_hash * ah,int alg,u_int16_t * min,u_int16_t * max)6686 key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min,
6687 u_int16_t* max)
6688 {
6689
6690 *min = *max = ah->hashsize;
6691 if (ah->keysize == 0) {
6692 /*
6693 * Transform takes arbitrary key size but algorithm
6694 * key size is restricted. Enforce this here.
6695 */
6696 switch (alg) {
6697 case SADB_X_AALG_NULL: *min = 1; *max = 256; break;
6698 case SADB_X_AALG_SHA2_256: *min = *max = 32; break;
6699 case SADB_X_AALG_SHA2_384: *min = *max = 48; break;
6700 case SADB_X_AALG_SHA2_512: *min = *max = 64; break;
6701 default:
6702 DPRINTF(("%s: unknown AH algorithm %u\n",
6703 __func__, alg));
6704 break;
6705 }
6706 }
6707 }
6708
6709 /*
6710 * XXX reorder combinations by preference
6711 */
6712 static struct mbuf *
key_getcomb_ah(void)6713 key_getcomb_ah(void)
6714 {
6715 const struct auth_hash *algo;
6716 struct sadb_comb *comb;
6717 struct mbuf *m;
6718 u_int16_t minkeysize, maxkeysize;
6719 int i;
6720 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6721
6722 m = NULL;
6723 for (i = 1; i <= SADB_AALG_MAX; i++) {
6724 #if 1
6725 /* we prefer HMAC algorithms, not old algorithms */
6726 if (i != SADB_AALG_SHA1HMAC &&
6727 i != SADB_X_AALG_SHA2_256 &&
6728 i != SADB_X_AALG_SHA2_384 &&
6729 i != SADB_X_AALG_SHA2_512)
6730 continue;
6731 #endif
6732 algo = auth_algorithm_lookup(i);
6733 if (!algo)
6734 continue;
6735 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize);
6736 /* discard algorithms with key size smaller than system min */
6737 if (_BITS(minkeysize) < V_ipsec_ah_keymin)
6738 continue;
6739
6740 if (!m) {
6741 IPSEC_ASSERT(l <= MLEN,
6742 ("l=%u > MLEN=%lu", l, (u_long) MLEN));
6743 MGET(m, M_NOWAIT, MT_DATA);
6744 if (m) {
6745 M_ALIGN(m, l);
6746 m->m_len = l;
6747 m->m_next = NULL;
6748 }
6749 } else
6750 M_PREPEND(m, l, M_NOWAIT);
6751 if (!m)
6752 return NULL;
6753
6754 comb = mtod(m, struct sadb_comb *);
6755 bzero(comb, sizeof(*comb));
6756 key_getcomb_setlifetime(comb);
6757 comb->sadb_comb_auth = i;
6758 comb->sadb_comb_auth_minbits = _BITS(minkeysize);
6759 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize);
6760 }
6761
6762 return m;
6763 }
6764
6765 /*
6766 * not really an official behavior. discussed in pf_key@inner.net in Sep2000.
6767 * XXX reorder combinations by preference
6768 */
6769 static struct mbuf *
key_getcomb_ipcomp(void)6770 key_getcomb_ipcomp(void)
6771 {
6772 const struct comp_algo *algo;
6773 struct sadb_comb *comb;
6774 struct mbuf *m;
6775 int i;
6776 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6777
6778 m = NULL;
6779 for (i = 1; i <= SADB_X_CALG_MAX; i++) {
6780 algo = comp_algorithm_lookup(i);
6781 if (!algo)
6782 continue;
6783
6784 if (!m) {
6785 IPSEC_ASSERT(l <= MLEN,
6786 ("l=%u > MLEN=%lu", l, (u_long) MLEN));
6787 MGET(m, M_NOWAIT, MT_DATA);
6788 if (m) {
6789 M_ALIGN(m, l);
6790 m->m_len = l;
6791 m->m_next = NULL;
6792 }
6793 } else
6794 M_PREPEND(m, l, M_NOWAIT);
6795 if (!m)
6796 return NULL;
6797
6798 comb = mtod(m, struct sadb_comb *);
6799 bzero(comb, sizeof(*comb));
6800 key_getcomb_setlifetime(comb);
6801 comb->sadb_comb_encrypt = i;
6802 /* what should we set into sadb_comb_*_{min,max}bits? */
6803 }
6804
6805 return m;
6806 }
6807
6808 /*
6809 * XXX no way to pass mode (transport/tunnel) to userland
6810 * XXX replay checking?
6811 * XXX sysctl interface to ipsec_{ah,esp}_keymin
6812 */
6813 static struct mbuf *
key_getprop(const struct secasindex * saidx)6814 key_getprop(const struct secasindex *saidx)
6815 {
6816 struct sadb_prop *prop;
6817 struct mbuf *m, *n;
6818 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
6819 int totlen;
6820
6821 switch (saidx->proto) {
6822 case IPPROTO_ESP:
6823 m = key_getcomb_ealg();
6824 break;
6825 case IPPROTO_AH:
6826 m = key_getcomb_ah();
6827 break;
6828 case IPPROTO_IPCOMP:
6829 m = key_getcomb_ipcomp();
6830 break;
6831 default:
6832 return NULL;
6833 }
6834
6835 if (!m)
6836 return NULL;
6837 M_PREPEND(m, l, M_NOWAIT);
6838 if (!m)
6839 return NULL;
6840
6841 totlen = 0;
6842 for (n = m; n; n = n->m_next)
6843 totlen += n->m_len;
6844
6845 prop = mtod(m, struct sadb_prop *);
6846 bzero(prop, sizeof(*prop));
6847 prop->sadb_prop_len = PFKEY_UNIT64(totlen);
6848 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
6849 prop->sadb_prop_replay = 32; /* XXX */
6850
6851 return m;
6852 }
6853
6854 /*
6855 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
6856 * send
6857 * <base, SA, address(SD), (address(P)), x_policy,
6858 * (identity(SD),) (sensitivity,) proposal>
6859 * to KMD, and expect to receive
6860 * <base> with SADB_ACQUIRE if error occurred,
6861 * or
6862 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
6863 * from KMD by PF_KEY.
6864 *
6865 * XXX x_policy is outside of RFC2367 (KAME extension).
6866 * XXX sensitivity is not supported.
6867 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
6868 * see comment for key_getcomb_ipcomp().
6869 *
6870 * OUT:
6871 * 0 : succeed
6872 * others: error number
6873 */
6874 static int
key_acquire(const struct secasindex * saidx,struct secpolicy * sp)6875 key_acquire(const struct secasindex *saidx, struct secpolicy *sp)
6876 {
6877 union sockaddr_union addr;
6878 struct mbuf *result, *m;
6879 uint32_t seq;
6880 int error;
6881 uint16_t ul_proto;
6882 uint8_t mask, satype;
6883
6884 IPSEC_ASSERT(saidx != NULL, ("null saidx"));
6885 satype = key_proto2satype(saidx->proto);
6886 IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto));
6887
6888 error = -1;
6889 result = NULL;
6890 ul_proto = IPSEC_ULPROTO_ANY;
6891
6892 /* Get seq number to check whether sending message or not. */
6893 seq = key_getacq(saidx, &error);
6894 if (seq == 0)
6895 return (error);
6896
6897 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
6898 if (!m) {
6899 error = ENOBUFS;
6900 goto fail;
6901 }
6902 result = m;
6903
6904 /*
6905 * set sadb_address for saidx's.
6906 *
6907 * Note that if sp is supplied, then we're being called from
6908 * key_allocsa_policy() and should supply port and protocol
6909 * information.
6910 * XXXAE: why only TCP and UDP? ICMP and SCTP looks applicable too.
6911 * XXXAE: probably we can handle this in the ipsec[46]_allocsa().
6912 * XXXAE: it looks like we should save this info in the ACQ entry.
6913 */
6914 if (sp != NULL && (sp->spidx.ul_proto == IPPROTO_TCP ||
6915 sp->spidx.ul_proto == IPPROTO_UDP))
6916 ul_proto = sp->spidx.ul_proto;
6917
6918 addr = saidx->src;
6919 mask = FULLMASK;
6920 if (ul_proto != IPSEC_ULPROTO_ANY) {
6921 switch (sp->spidx.src.sa.sa_family) {
6922 case AF_INET:
6923 if (sp->spidx.src.sin.sin_port != IPSEC_PORT_ANY) {
6924 addr.sin.sin_port = sp->spidx.src.sin.sin_port;
6925 mask = sp->spidx.prefs;
6926 }
6927 break;
6928 case AF_INET6:
6929 if (sp->spidx.src.sin6.sin6_port != IPSEC_PORT_ANY) {
6930 addr.sin6.sin6_port =
6931 sp->spidx.src.sin6.sin6_port;
6932 mask = sp->spidx.prefs;
6933 }
6934 break;
6935 default:
6936 break;
6937 }
6938 }
6939 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &addr.sa, mask, ul_proto);
6940 if (!m) {
6941 error = ENOBUFS;
6942 goto fail;
6943 }
6944 m_cat(result, m);
6945
6946 addr = saidx->dst;
6947 mask = FULLMASK;
6948 if (ul_proto != IPSEC_ULPROTO_ANY) {
6949 switch (sp->spidx.dst.sa.sa_family) {
6950 case AF_INET:
6951 if (sp->spidx.dst.sin.sin_port != IPSEC_PORT_ANY) {
6952 addr.sin.sin_port = sp->spidx.dst.sin.sin_port;
6953 mask = sp->spidx.prefd;
6954 }
6955 break;
6956 case AF_INET6:
6957 if (sp->spidx.dst.sin6.sin6_port != IPSEC_PORT_ANY) {
6958 addr.sin6.sin6_port =
6959 sp->spidx.dst.sin6.sin6_port;
6960 mask = sp->spidx.prefd;
6961 }
6962 break;
6963 default:
6964 break;
6965 }
6966 }
6967 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &addr.sa, mask, ul_proto);
6968 if (!m) {
6969 error = ENOBUFS;
6970 goto fail;
6971 }
6972 m_cat(result, m);
6973
6974 /* XXX proxy address (optional) */
6975
6976 /*
6977 * Set sadb_x_policy. This is KAME extension to RFC2367.
6978 */
6979 if (sp != NULL) {
6980 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id,
6981 sp->priority);
6982 if (!m) {
6983 error = ENOBUFS;
6984 goto fail;
6985 }
6986 m_cat(result, m);
6987 }
6988
6989 /*
6990 * Set sadb_x_sa2 extension if saidx->reqid is not zero.
6991 * This is FreeBSD extension to RFC2367.
6992 */
6993 if (saidx->reqid != 0) {
6994 m = key_setsadbxsa2(saidx->mode, 0, saidx->reqid);
6995 if (m == NULL) {
6996 error = ENOBUFS;
6997 goto fail;
6998 }
6999 m_cat(result, m);
7000 }
7001 /* XXX identity (optional) */
7002 #if 0
7003 if (idexttype && fqdn) {
7004 /* create identity extension (FQDN) */
7005 struct sadb_ident *id;
7006 int fqdnlen;
7007
7008 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */
7009 id = (struct sadb_ident *)p;
7010 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
7011 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
7012 id->sadb_ident_exttype = idexttype;
7013 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
7014 bcopy(fqdn, id + 1, fqdnlen);
7015 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
7016 }
7017
7018 if (idexttype) {
7019 /* create identity extension (USERFQDN) */
7020 struct sadb_ident *id;
7021 int userfqdnlen;
7022
7023 if (userfqdn) {
7024 /* +1 for terminating-NUL */
7025 userfqdnlen = strlen(userfqdn) + 1;
7026 } else
7027 userfqdnlen = 0;
7028 id = (struct sadb_ident *)p;
7029 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
7030 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
7031 id->sadb_ident_exttype = idexttype;
7032 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
7033 /* XXX is it correct? */
7034 if (curproc && curproc->p_cred)
7035 id->sadb_ident_id = curproc->p_cred->p_ruid;
7036 if (userfqdn && userfqdnlen)
7037 bcopy(userfqdn, id + 1, userfqdnlen);
7038 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
7039 }
7040 #endif
7041
7042 /* XXX sensitivity (optional) */
7043
7044 /* create proposal/combination extension */
7045 m = key_getprop(saidx);
7046 #if 0
7047 /*
7048 * spec conformant: always attach proposal/combination extension,
7049 * the problem is that we have no way to attach it for ipcomp,
7050 * due to the way sadb_comb is declared in RFC2367.
7051 */
7052 if (!m) {
7053 error = ENOBUFS;
7054 goto fail;
7055 }
7056 m_cat(result, m);
7057 #else
7058 /*
7059 * outside of spec; make proposal/combination extension optional.
7060 */
7061 if (m)
7062 m_cat(result, m);
7063 #endif
7064
7065 if ((result->m_flags & M_PKTHDR) == 0) {
7066 error = EINVAL;
7067 goto fail;
7068 }
7069
7070 if (result->m_len < sizeof(struct sadb_msg)) {
7071 result = m_pullup(result, sizeof(struct sadb_msg));
7072 if (result == NULL) {
7073 error = ENOBUFS;
7074 goto fail;
7075 }
7076 }
7077
7078 result->m_pkthdr.len = 0;
7079 for (m = result; m; m = m->m_next)
7080 result->m_pkthdr.len += m->m_len;
7081
7082 mtod(result, struct sadb_msg *)->sadb_msg_len =
7083 PFKEY_UNIT64(result->m_pkthdr.len);
7084
7085 KEYDBG(KEY_STAMP,
7086 printf("%s: SP(%p)\n", __func__, sp));
7087 KEYDBG(KEY_DATA, kdebug_secasindex(saidx, NULL));
7088
7089 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
7090
7091 fail:
7092 if (result)
7093 m_freem(result);
7094 return error;
7095 }
7096
7097 static uint32_t
key_newacq(const struct secasindex * saidx,int * perror)7098 key_newacq(const struct secasindex *saidx, int *perror)
7099 {
7100 struct secacq *acq;
7101 uint32_t seq;
7102
7103 acq = malloc(sizeof(*acq), M_IPSEC_SAQ, M_NOWAIT | M_ZERO);
7104 if (acq == NULL) {
7105 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
7106 *perror = ENOBUFS;
7107 return (0);
7108 }
7109
7110 /* copy secindex */
7111 bcopy(saidx, &acq->saidx, sizeof(acq->saidx));
7112 acq->created = time_second;
7113 acq->count = 0;
7114
7115 /* add to acqtree */
7116 ACQ_LOCK();
7117 seq = acq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq);
7118 LIST_INSERT_HEAD(&V_acqtree, acq, chain);
7119 LIST_INSERT_HEAD(ACQADDRHASH_HASH(saidx), acq, addrhash);
7120 LIST_INSERT_HEAD(ACQSEQHASH_HASH(seq), acq, seqhash);
7121 ACQ_UNLOCK();
7122 *perror = 0;
7123 return (seq);
7124 }
7125
7126 static uint32_t
key_getacq(const struct secasindex * saidx,int * perror)7127 key_getacq(const struct secasindex *saidx, int *perror)
7128 {
7129 struct secacq *acq;
7130 uint32_t seq;
7131
7132 ACQ_LOCK();
7133 LIST_FOREACH(acq, ACQADDRHASH_HASH(saidx), addrhash) {
7134 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY)) {
7135 if (acq->count > V_key_blockacq_count) {
7136 /*
7137 * Reset counter and send message.
7138 * Also reset created time to keep ACQ for
7139 * this saidx.
7140 */
7141 acq->created = time_second;
7142 acq->count = 0;
7143 seq = acq->seq;
7144 } else {
7145 /*
7146 * Increment counter and do nothing.
7147 * We send SADB_ACQUIRE message only
7148 * for each V_key_blockacq_count packet.
7149 */
7150 acq->count++;
7151 seq = 0;
7152 }
7153 break;
7154 }
7155 }
7156 ACQ_UNLOCK();
7157 if (acq != NULL) {
7158 *perror = 0;
7159 return (seq);
7160 }
7161 /* allocate new entry */
7162 return (key_newacq(saidx, perror));
7163 }
7164
7165 static int
key_acqreset(uint32_t seq)7166 key_acqreset(uint32_t seq)
7167 {
7168 struct secacq *acq;
7169
7170 ACQ_LOCK();
7171 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) {
7172 if (acq->seq == seq) {
7173 acq->count = 0;
7174 acq->created = time_second;
7175 break;
7176 }
7177 }
7178 ACQ_UNLOCK();
7179 if (acq == NULL)
7180 return (ESRCH);
7181 return (0);
7182 }
7183 /*
7184 * Mark ACQ entry as stale to remove it in key_flush_acq().
7185 * Called after successful SADB_GETSPI message.
7186 */
7187 static int
key_acqdone(const struct secasindex * saidx,uint32_t seq)7188 key_acqdone(const struct secasindex *saidx, uint32_t seq)
7189 {
7190 struct secacq *acq;
7191
7192 ACQ_LOCK();
7193 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) {
7194 if (acq->seq == seq)
7195 break;
7196 }
7197 if (acq != NULL) {
7198 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY) == 0) {
7199 ipseclog((LOG_DEBUG,
7200 "%s: Mismatched saidx for ACQ %u\n", __func__, seq));
7201 acq = NULL;
7202 } else {
7203 acq->created = 0;
7204 }
7205 } else {
7206 ipseclog((LOG_DEBUG,
7207 "%s: ACQ %u is not found.\n", __func__, seq));
7208 }
7209 ACQ_UNLOCK();
7210 if (acq == NULL)
7211 return (ESRCH);
7212 return (0);
7213 }
7214
7215 static struct secspacq *
key_newspacq(struct secpolicyindex * spidx)7216 key_newspacq(struct secpolicyindex *spidx)
7217 {
7218 struct secspacq *acq;
7219
7220 /* get new entry */
7221 acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO);
7222 if (acq == NULL) {
7223 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
7224 return NULL;
7225 }
7226
7227 /* copy secindex */
7228 bcopy(spidx, &acq->spidx, sizeof(acq->spidx));
7229 acq->created = time_second;
7230 acq->count = 0;
7231
7232 /* add to spacqtree */
7233 SPACQ_LOCK();
7234 LIST_INSERT_HEAD(&V_spacqtree, acq, chain);
7235 SPACQ_UNLOCK();
7236
7237 return acq;
7238 }
7239
7240 static struct secspacq *
key_getspacq(struct secpolicyindex * spidx)7241 key_getspacq(struct secpolicyindex *spidx)
7242 {
7243 struct secspacq *acq;
7244
7245 SPACQ_LOCK();
7246 LIST_FOREACH(acq, &V_spacqtree, chain) {
7247 if (key_cmpspidx_exactly(spidx, &acq->spidx)) {
7248 /* NB: return holding spacq_lock */
7249 return acq;
7250 }
7251 }
7252 SPACQ_UNLOCK();
7253
7254 return NULL;
7255 }
7256
7257 /*
7258 * SADB_ACQUIRE processing,
7259 * in first situation, is receiving
7260 * <base>
7261 * from the ikmpd, and clear sequence of its secasvar entry.
7262 *
7263 * In second situation, is receiving
7264 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
7265 * from a user land process, and return
7266 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
7267 * to the socket.
7268 *
7269 * m will always be freed.
7270 */
7271 static int
key_acquire2(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)7272 key_acquire2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
7273 {
7274 SAHTREE_RLOCK_TRACKER;
7275 struct sadb_address *src0, *dst0;
7276 struct secasindex saidx;
7277 struct secashead *sah;
7278 uint32_t reqid;
7279 int error;
7280 uint8_t mode, proto;
7281
7282 IPSEC_ASSERT(so != NULL, ("null socket"));
7283 IPSEC_ASSERT(m != NULL, ("null mbuf"));
7284 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
7285 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
7286
7287 /*
7288 * Error message from KMd.
7289 * We assume that if error was occurred in IKEd, the length of PFKEY
7290 * message is equal to the size of sadb_msg structure.
7291 * We do not raise error even if error occurred in this function.
7292 */
7293 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
7294 /* check sequence number */
7295 if (mhp->msg->sadb_msg_seq == 0 ||
7296 mhp->msg->sadb_msg_errno == 0) {
7297 ipseclog((LOG_DEBUG, "%s: must specify sequence "
7298 "number and errno.\n", __func__));
7299 } else {
7300 /*
7301 * IKEd reported that error occurred.
7302 * XXXAE: what it expects from the kernel?
7303 * Probably we should send SADB_ACQUIRE again?
7304 * If so, reset ACQ's state.
7305 * XXXAE: it looks useless.
7306 */
7307 key_acqreset(mhp->msg->sadb_msg_seq);
7308 }
7309 m_freem(m);
7310 return (0);
7311 }
7312
7313 /*
7314 * This message is from user land.
7315 */
7316
7317 /* map satype to proto */
7318 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7319 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
7320 __func__));
7321 return key_senderror(so, m, EINVAL);
7322 }
7323
7324 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) ||
7325 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) ||
7326 SADB_CHECKHDR(mhp, SADB_EXT_PROPOSAL)) {
7327 ipseclog((LOG_DEBUG,
7328 "%s: invalid message: missing required header.\n",
7329 __func__));
7330 return key_senderror(so, m, EINVAL);
7331 }
7332 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) ||
7333 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) ||
7334 SADB_CHECKLEN(mhp, SADB_EXT_PROPOSAL)) {
7335 ipseclog((LOG_DEBUG,
7336 "%s: invalid message: wrong header size.\n", __func__));
7337 return key_senderror(so, m, EINVAL);
7338 }
7339
7340 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) {
7341 mode = IPSEC_MODE_ANY;
7342 reqid = 0;
7343 } else {
7344 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) {
7345 ipseclog((LOG_DEBUG,
7346 "%s: invalid message: wrong header size.\n",
7347 __func__));
7348 return key_senderror(so, m, EINVAL);
7349 }
7350 mode = ((struct sadb_x_sa2 *)
7351 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
7352 reqid = ((struct sadb_x_sa2 *)
7353 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
7354 }
7355
7356 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
7357 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
7358
7359 error = key_checksockaddrs((struct sockaddr *)(src0 + 1),
7360 (struct sockaddr *)(dst0 + 1));
7361 if (error != 0) {
7362 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__));
7363 return key_senderror(so, m, EINVAL);
7364 }
7365 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
7366
7367 /* get a SA index */
7368 SAHTREE_RLOCK();
7369 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) {
7370 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID))
7371 break;
7372 }
7373 SAHTREE_RUNLOCK();
7374 if (sah != NULL) {
7375 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__));
7376 return key_senderror(so, m, EEXIST);
7377 }
7378
7379 error = key_acquire(&saidx, NULL);
7380 if (error != 0) {
7381 ipseclog((LOG_DEBUG,
7382 "%s: error %d returned from key_acquire()\n",
7383 __func__, error));
7384 return key_senderror(so, m, error);
7385 }
7386 m_freem(m);
7387 return (0);
7388 }
7389
7390 /*
7391 * SADB_REGISTER processing.
7392 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
7393 * receive
7394 * <base>
7395 * from the ikmpd, and register a socket to send PF_KEY messages,
7396 * and send
7397 * <base, supported>
7398 * to KMD by PF_KEY.
7399 * If socket is detached, must free from regnode.
7400 *
7401 * m will always be freed.
7402 */
7403 static int
key_register(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)7404 key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
7405 {
7406 struct secreg *reg, *newreg = NULL;
7407
7408 IPSEC_ASSERT(so != NULL, ("null socket"));
7409 IPSEC_ASSERT(m != NULL, ("null mbuf"));
7410 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
7411 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
7412
7413 /* check for invalid register message */
7414 if (mhp->msg->sadb_msg_satype >= sizeof(V_regtree)/sizeof(V_regtree[0]))
7415 return key_senderror(so, m, EINVAL);
7416
7417 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
7418 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
7419 goto setmsg;
7420
7421 /* check whether existing or not */
7422 REGTREE_LOCK();
7423 LIST_FOREACH(reg, &V_regtree[mhp->msg->sadb_msg_satype], chain) {
7424 if (reg->so == so) {
7425 REGTREE_UNLOCK();
7426 ipseclog((LOG_DEBUG, "%s: socket exists already.\n",
7427 __func__));
7428 return key_senderror(so, m, EEXIST);
7429 }
7430 }
7431
7432 /* create regnode */
7433 newreg = malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO);
7434 if (newreg == NULL) {
7435 REGTREE_UNLOCK();
7436 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
7437 return key_senderror(so, m, ENOBUFS);
7438 }
7439
7440 newreg->so = so;
7441 ((struct keycb *)(so->so_pcb))->kp_registered++;
7442
7443 /* add regnode to regtree. */
7444 LIST_INSERT_HEAD(&V_regtree[mhp->msg->sadb_msg_satype], newreg, chain);
7445 REGTREE_UNLOCK();
7446
7447 setmsg:
7448 {
7449 struct mbuf *n;
7450 struct sadb_msg *newmsg;
7451 struct sadb_supported *sup;
7452 u_int len, alen, elen;
7453 int off;
7454 int i;
7455 struct sadb_alg *alg;
7456
7457 /* create new sadb_msg to reply. */
7458 alen = 0;
7459 for (i = 1; i <= SADB_AALG_MAX; i++) {
7460 if (auth_algorithm_lookup(i))
7461 alen += sizeof(struct sadb_alg);
7462 }
7463 if (alen)
7464 alen += sizeof(struct sadb_supported);
7465 elen = 0;
7466 for (i = 1; i <= SADB_EALG_MAX; i++) {
7467 if (enc_algorithm_lookup(i))
7468 elen += sizeof(struct sadb_alg);
7469 }
7470 if (elen)
7471 elen += sizeof(struct sadb_supported);
7472
7473 len = sizeof(struct sadb_msg) + alen + elen;
7474
7475 if (len > MCLBYTES)
7476 return key_senderror(so, m, ENOBUFS);
7477
7478 n = key_mget(len);
7479 if (n == NULL)
7480 return key_senderror(so, m, ENOBUFS);
7481
7482 n->m_pkthdr.len = n->m_len = len;
7483 n->m_next = NULL;
7484 off = 0;
7485
7486 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
7487 newmsg = mtod(n, struct sadb_msg *);
7488 newmsg->sadb_msg_errno = 0;
7489 newmsg->sadb_msg_len = PFKEY_UNIT64(len);
7490 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
7491
7492 /* for authentication algorithm */
7493 if (alen) {
7494 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
7495 sup->sadb_supported_len = PFKEY_UNIT64(alen);
7496 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
7497 off += PFKEY_ALIGN8(sizeof(*sup));
7498
7499 for (i = 1; i <= SADB_AALG_MAX; i++) {
7500 const struct auth_hash *aalgo;
7501 u_int16_t minkeysize, maxkeysize;
7502
7503 aalgo = auth_algorithm_lookup(i);
7504 if (!aalgo)
7505 continue;
7506 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
7507 alg->sadb_alg_id = i;
7508 alg->sadb_alg_ivlen = 0;
7509 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize);
7510 alg->sadb_alg_minbits = _BITS(minkeysize);
7511 alg->sadb_alg_maxbits = _BITS(maxkeysize);
7512 off += PFKEY_ALIGN8(sizeof(*alg));
7513 }
7514 }
7515
7516 /* for encryption algorithm */
7517 if (elen) {
7518 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
7519 sup->sadb_supported_len = PFKEY_UNIT64(elen);
7520 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
7521 off += PFKEY_ALIGN8(sizeof(*sup));
7522
7523 for (i = 1; i <= SADB_EALG_MAX; i++) {
7524 const struct enc_xform *ealgo;
7525
7526 ealgo = enc_algorithm_lookup(i);
7527 if (!ealgo)
7528 continue;
7529 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
7530 alg->sadb_alg_id = i;
7531 alg->sadb_alg_ivlen = ealgo->ivsize;
7532 alg->sadb_alg_minbits = _BITS(ealgo->minkey);
7533 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey);
7534 off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
7535 }
7536 }
7537
7538 IPSEC_ASSERT(off == len,
7539 ("length assumption failed (off %u len %u)", off, len));
7540
7541 m_freem(m);
7542 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
7543 }
7544 }
7545
7546 /*
7547 * free secreg entry registered.
7548 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
7549 */
7550 void
key_freereg(struct socket * so)7551 key_freereg(struct socket *so)
7552 {
7553 struct secreg *reg;
7554 int i;
7555
7556 IPSEC_ASSERT(so != NULL, ("NULL so"));
7557
7558 /*
7559 * check whether existing or not.
7560 * check all type of SA, because there is a potential that
7561 * one socket is registered to multiple type of SA.
7562 */
7563 REGTREE_LOCK();
7564 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
7565 LIST_FOREACH(reg, &V_regtree[i], chain) {
7566 if (reg->so == so && __LIST_CHAINED(reg)) {
7567 LIST_REMOVE(reg, chain);
7568 free(reg, M_IPSEC_SAR);
7569 break;
7570 }
7571 }
7572 }
7573 REGTREE_UNLOCK();
7574 }
7575
7576 /*
7577 * SADB_EXPIRE processing
7578 * send
7579 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
7580 * to KMD by PF_KEY.
7581 * NOTE: We send only soft lifetime extension.
7582 *
7583 * OUT: 0 : succeed
7584 * others : error number
7585 */
7586 static int
key_expire(struct secasvar * sav,int hard)7587 key_expire(struct secasvar *sav, int hard)
7588 {
7589 struct mbuf *result = NULL, *m;
7590 struct sadb_lifetime *lt;
7591 uint32_t replay_count;
7592 int error, len;
7593 uint8_t satype;
7594
7595 SECASVAR_RLOCK_TRACKER;
7596
7597 IPSEC_ASSERT (sav != NULL, ("null sav"));
7598 IPSEC_ASSERT (sav->sah != NULL, ("null sa header"));
7599
7600 KEYDBG(KEY_STAMP,
7601 printf("%s: SA(%p) expired %s lifetime\n", __func__,
7602 sav, hard ? "hard": "soft"));
7603 KEYDBG(KEY_DATA, kdebug_secasv(sav));
7604 /* set msg header */
7605 satype = key_proto2satype(sav->sah->saidx.proto);
7606 IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype));
7607 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
7608 if (!m) {
7609 error = ENOBUFS;
7610 goto fail;
7611 }
7612 result = m;
7613
7614 /* create SA extension */
7615 m = key_setsadbsa(sav);
7616 if (!m) {
7617 error = ENOBUFS;
7618 goto fail;
7619 }
7620 m_cat(result, m);
7621
7622 /* create SA extension */
7623 SECASVAR_RLOCK(sav);
7624 replay_count = sav->replay ? sav->replay->count : 0;
7625 SECASVAR_RUNLOCK(sav);
7626
7627 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count,
7628 sav->sah->saidx.reqid);
7629 if (!m) {
7630 error = ENOBUFS;
7631 goto fail;
7632 }
7633 m_cat(result, m);
7634
7635 if (sav->replay && sav->replay->wsize > UINT8_MAX) {
7636 m = key_setsadbxsareplay(sav->replay->wsize);
7637 if (!m) {
7638 error = ENOBUFS;
7639 goto fail;
7640 }
7641 m_cat(result, m);
7642 }
7643
7644 /* create lifetime extension (current and soft) */
7645 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
7646 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
7647 if (m == NULL) {
7648 error = ENOBUFS;
7649 goto fail;
7650 }
7651 m_align(m, len);
7652 m->m_len = len;
7653 bzero(mtod(m, caddr_t), len);
7654 lt = mtod(m, struct sadb_lifetime *);
7655 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
7656 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
7657 lt->sadb_lifetime_allocations =
7658 (uint32_t)counter_u64_fetch(sav->lft_c_allocations);
7659 lt->sadb_lifetime_bytes =
7660 counter_u64_fetch(sav->lft_c_bytes);
7661 lt->sadb_lifetime_addtime = sav->created;
7662 lt->sadb_lifetime_usetime = sav->firstused;
7663 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
7664 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
7665 if (hard) {
7666 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
7667 lt->sadb_lifetime_allocations = sav->lft_h->allocations;
7668 lt->sadb_lifetime_bytes = sav->lft_h->bytes;
7669 lt->sadb_lifetime_addtime = sav->lft_h->addtime;
7670 lt->sadb_lifetime_usetime = sav->lft_h->usetime;
7671 } else {
7672 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
7673 lt->sadb_lifetime_allocations = sav->lft_s->allocations;
7674 lt->sadb_lifetime_bytes = sav->lft_s->bytes;
7675 lt->sadb_lifetime_addtime = sav->lft_s->addtime;
7676 lt->sadb_lifetime_usetime = sav->lft_s->usetime;
7677 }
7678 m_cat(result, m);
7679
7680 /* set sadb_address for source */
7681 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
7682 &sav->sah->saidx.src.sa,
7683 FULLMASK, IPSEC_ULPROTO_ANY);
7684 if (!m) {
7685 error = ENOBUFS;
7686 goto fail;
7687 }
7688 m_cat(result, m);
7689
7690 /* set sadb_address for destination */
7691 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
7692 &sav->sah->saidx.dst.sa,
7693 FULLMASK, IPSEC_ULPROTO_ANY);
7694 if (!m) {
7695 error = ENOBUFS;
7696 goto fail;
7697 }
7698 m_cat(result, m);
7699
7700 /*
7701 * XXX-BZ Handle NAT-T extensions here.
7702 * XXXAE: it doesn't seem quite useful. IKEs should not depend on
7703 * this information, we report only significant SA fields.
7704 */
7705
7706 if ((result->m_flags & M_PKTHDR) == 0) {
7707 error = EINVAL;
7708 goto fail;
7709 }
7710
7711 if (result->m_len < sizeof(struct sadb_msg)) {
7712 result = m_pullup(result, sizeof(struct sadb_msg));
7713 if (result == NULL) {
7714 error = ENOBUFS;
7715 goto fail;
7716 }
7717 }
7718
7719 result->m_pkthdr.len = 0;
7720 for (m = result; m; m = m->m_next)
7721 result->m_pkthdr.len += m->m_len;
7722
7723 mtod(result, struct sadb_msg *)->sadb_msg_len =
7724 PFKEY_UNIT64(result->m_pkthdr.len);
7725
7726 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
7727
7728 fail:
7729 if (result)
7730 m_freem(result);
7731 return error;
7732 }
7733
7734 static void
key_freesah_flushed(struct secashead_queue * flushq)7735 key_freesah_flushed(struct secashead_queue *flushq)
7736 {
7737 struct secashead *sah, *nextsah;
7738 struct secasvar *sav, *nextsav;
7739
7740 sah = TAILQ_FIRST(flushq);
7741 while (sah != NULL) {
7742 sav = TAILQ_FIRST(&sah->savtree_larval);
7743 while (sav != NULL) {
7744 nextsav = TAILQ_NEXT(sav, chain);
7745 TAILQ_REMOVE(&sah->savtree_larval, sav, chain);
7746 key_freesav(&sav); /* release last reference */
7747 key_freesah(&sah); /* release reference from SAV */
7748 sav = nextsav;
7749 }
7750 sav = TAILQ_FIRST(&sah->savtree_alive);
7751 while (sav != NULL) {
7752 nextsav = TAILQ_NEXT(sav, chain);
7753 TAILQ_REMOVE(&sah->savtree_alive, sav, chain);
7754 key_freesav(&sav); /* release last reference */
7755 key_freesah(&sah); /* release reference from SAV */
7756 sav = nextsav;
7757 }
7758 nextsah = TAILQ_NEXT(sah, chain);
7759 key_freesah(&sah); /* release last reference */
7760 sah = nextsah;
7761 }
7762 }
7763
7764 /*
7765 * SADB_FLUSH processing
7766 * receive
7767 * <base>
7768 * from the ikmpd, and free all entries in secastree.
7769 * and send,
7770 * <base>
7771 * to the ikmpd.
7772 * NOTE: to do is only marking SADB_SASTATE_DEAD.
7773 *
7774 * m will always be freed.
7775 */
7776 static int
key_flush(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)7777 key_flush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
7778 {
7779 struct secashead_queue flushq;
7780 struct sadb_msg *newmsg;
7781 struct secashead *sah, *nextsah;
7782 struct secasvar *sav;
7783 uint8_t proto;
7784 int i;
7785
7786 IPSEC_ASSERT(so != NULL, ("null socket"));
7787 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
7788 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
7789
7790 /* map satype to proto */
7791 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7792 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
7793 __func__));
7794 return key_senderror(so, m, EINVAL);
7795 }
7796 KEYDBG(KEY_STAMP,
7797 printf("%s: proto %u\n", __func__, proto));
7798
7799 TAILQ_INIT(&flushq);
7800 if (proto == IPSEC_PROTO_ANY) {
7801 /* no SATYPE specified, i.e. flushing all SA. */
7802 SAHTREE_WLOCK();
7803 /* Move all SAHs into flushq */
7804 TAILQ_CONCAT(&flushq, &V_sahtree, chain);
7805 /* Flush all buckets in SPI hash */
7806 for (i = 0; i < V_savhash_mask + 1; i++)
7807 LIST_INIT(&V_savhashtbl[i]);
7808 /* Flush all buckets in SAHADDRHASH */
7809 for (i = 0; i < V_sahaddrhash_mask + 1; i++)
7810 LIST_INIT(&V_sahaddrhashtbl[i]);
7811 /* Mark all SAHs as unlinked */
7812 TAILQ_FOREACH(sah, &flushq, chain) {
7813 sah->state = SADB_SASTATE_DEAD;
7814 /*
7815 * Callout handler makes its job using
7816 * RLOCK and drain queues. In case, when this
7817 * function will be called just before it
7818 * acquires WLOCK, we need to mark SAs as
7819 * unlinked to prevent second unlink.
7820 */
7821 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
7822 sav->state = SADB_SASTATE_DEAD;
7823 ipsec_accel_forget_sav(sav);
7824 }
7825 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
7826 sav->state = SADB_SASTATE_DEAD;
7827 ipsec_accel_forget_sav(sav);
7828 }
7829 }
7830 SAHTREE_WUNLOCK();
7831 } else {
7832 SAHTREE_WLOCK();
7833 sah = TAILQ_FIRST(&V_sahtree);
7834 while (sah != NULL) {
7835 IPSEC_ASSERT(sah->state != SADB_SASTATE_DEAD,
7836 ("DEAD SAH %p in SADB_FLUSH", sah));
7837 nextsah = TAILQ_NEXT(sah, chain);
7838 if (sah->saidx.proto != proto) {
7839 sah = nextsah;
7840 continue;
7841 }
7842 sah->state = SADB_SASTATE_DEAD;
7843 TAILQ_REMOVE(&V_sahtree, sah, chain);
7844 LIST_REMOVE(sah, addrhash);
7845 /* Unlink all SAs from SPI hash */
7846 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
7847 LIST_REMOVE(sav, spihash);
7848 sav->state = SADB_SASTATE_DEAD;
7849 ipsec_accel_forget_sav(sav);
7850 }
7851 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
7852 LIST_REMOVE(sav, spihash);
7853 sav->state = SADB_SASTATE_DEAD;
7854 ipsec_accel_forget_sav(sav);
7855 }
7856 /* Add SAH into flushq */
7857 TAILQ_INSERT_HEAD(&flushq, sah, chain);
7858 sah = nextsah;
7859 }
7860 SAHTREE_WUNLOCK();
7861 }
7862
7863 key_freesah_flushed(&flushq);
7864 /* Free all queued SAs and SAHs */
7865 if (m->m_len < sizeof(struct sadb_msg) ||
7866 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
7867 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
7868 return key_senderror(so, m, ENOBUFS);
7869 }
7870
7871 if (m->m_next)
7872 m_freem(m->m_next);
7873 m->m_next = NULL;
7874 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
7875 newmsg = mtod(m, struct sadb_msg *);
7876 newmsg->sadb_msg_errno = 0;
7877 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
7878
7879 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7880 }
7881
7882 /*
7883 * SADB_DUMP processing
7884 * dump all entries including status of DEAD in SAD.
7885 * receive
7886 * <base>
7887 * from the ikmpd, and dump all secasvar leaves
7888 * and send,
7889 * <base> .....
7890 * to the ikmpd.
7891 *
7892 * m will always be freed.
7893 */
7894 static int
key_dump(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)7895 key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
7896 {
7897 SAHTREE_RLOCK_TRACKER;
7898 struct secashead *sah;
7899 struct secasvar *sav;
7900 struct mbuf *n;
7901 uint32_t cnt;
7902 uint8_t proto, satype;
7903
7904 IPSEC_ASSERT(so != NULL, ("null socket"));
7905 IPSEC_ASSERT(m != NULL, ("null mbuf"));
7906 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
7907 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
7908
7909 /* map satype to proto */
7910 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7911 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n",
7912 __func__));
7913 return key_senderror(so, m, EINVAL);
7914 }
7915
7916 /* count sav entries to be sent to the userland. */
7917 cnt = 0;
7918 IFNET_RLOCK();
7919 SAHTREE_RLOCK();
7920 TAILQ_FOREACH(sah, &V_sahtree, chain) {
7921 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
7922 proto != sah->saidx.proto)
7923 continue;
7924
7925 TAILQ_FOREACH(sav, &sah->savtree_larval, chain)
7926 cnt++;
7927 TAILQ_FOREACH(sav, &sah->savtree_alive, chain)
7928 cnt++;
7929 }
7930
7931 if (cnt == 0) {
7932 SAHTREE_RUNLOCK();
7933 IFNET_RUNLOCK();
7934 return key_senderror(so, m, ENOENT);
7935 }
7936
7937 /* send this to the userland, one at a time. */
7938 TAILQ_FOREACH(sah, &V_sahtree, chain) {
7939 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
7940 proto != sah->saidx.proto)
7941 continue;
7942
7943 /* map proto to satype */
7944 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
7945 SAHTREE_RUNLOCK();
7946 IFNET_RUNLOCK();
7947 ipseclog((LOG_DEBUG, "%s: there was invalid proto in "
7948 "SAD.\n", __func__));
7949 return key_senderror(so, m, EINVAL);
7950 }
7951 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
7952 n = key_setdumpsa(sav, SADB_DUMP, satype,
7953 --cnt, mhp->msg->sadb_msg_pid, &sahtree_tracker);
7954 if (n == NULL) {
7955 SAHTREE_RUNLOCK();
7956 IFNET_RUNLOCK();
7957 return key_senderror(so, m, ENOBUFS);
7958 }
7959 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
7960 }
7961 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
7962 n = key_setdumpsa(sav, SADB_DUMP, satype,
7963 --cnt, mhp->msg->sadb_msg_pid, &sahtree_tracker);
7964 if (n == NULL) {
7965 SAHTREE_RUNLOCK();
7966 IFNET_RUNLOCK();
7967 return key_senderror(so, m, ENOBUFS);
7968 }
7969 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
7970 }
7971 }
7972 SAHTREE_RUNLOCK();
7973 IFNET_RUNLOCK();
7974 m_freem(m);
7975 return (0);
7976 }
7977 /*
7978 * SADB_X_PROMISC processing
7979 *
7980 * m will always be freed.
7981 */
7982 static int
key_promisc(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)7983 key_promisc(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
7984 {
7985 int olen;
7986
7987 IPSEC_ASSERT(so != NULL, ("null socket"));
7988 IPSEC_ASSERT(m != NULL, ("null mbuf"));
7989 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
7990 IPSEC_ASSERT(mhp->msg != NULL, ("null msg"));
7991
7992 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
7993
7994 if (olen < sizeof(struct sadb_msg)) {
7995 #if 1
7996 return key_senderror(so, m, EINVAL);
7997 #else
7998 m_freem(m);
7999 return 0;
8000 #endif
8001 } else if (olen == sizeof(struct sadb_msg)) {
8002 /* enable/disable promisc mode */
8003 struct keycb *kp;
8004
8005 if ((kp = so->so_pcb) == NULL)
8006 return key_senderror(so, m, EINVAL);
8007 mhp->msg->sadb_msg_errno = 0;
8008 switch (mhp->msg->sadb_msg_satype) {
8009 case 0:
8010 case 1:
8011 kp->kp_promisc = mhp->msg->sadb_msg_satype;
8012 break;
8013 default:
8014 return key_senderror(so, m, EINVAL);
8015 }
8016
8017 /* send the original message back to everyone */
8018 mhp->msg->sadb_msg_errno = 0;
8019 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
8020 } else {
8021 /* send packet as is */
8022
8023 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
8024
8025 /* TODO: if sadb_msg_seq is specified, send to specific pid */
8026 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
8027 }
8028 }
8029
8030 static int (*key_typesw[])(struct socket *, struct mbuf *,
8031 const struct sadb_msghdr *) = {
8032 [SADB_RESERVED] = NULL,
8033 [SADB_GETSPI] = key_getspi,
8034 [SADB_UPDATE] = key_update,
8035 [SADB_ADD] = key_add,
8036 [SADB_DELETE] = key_delete,
8037 [SADB_GET] = key_get,
8038 [SADB_ACQUIRE] = key_acquire2,
8039 [SADB_REGISTER] = key_register,
8040 [SADB_EXPIRE] = NULL,
8041 [SADB_FLUSH] = key_flush,
8042 [SADB_DUMP] = key_dump,
8043 [SADB_X_PROMISC] = key_promisc,
8044 [SADB_X_PCHANGE] = NULL,
8045 [SADB_X_SPDUPDATE] = key_spdadd,
8046 [SADB_X_SPDADD] = key_spdadd,
8047 [SADB_X_SPDDELETE] = key_spddelete,
8048 [SADB_X_SPDGET] = key_spdget,
8049 [SADB_X_SPDACQUIRE] = NULL,
8050 [SADB_X_SPDDUMP] = key_spddump,
8051 [SADB_X_SPDFLUSH] = key_spdflush,
8052 [SADB_X_SPDSETIDX] = key_spdadd,
8053 [SADB_X_SPDEXPIRE] = NULL,
8054 [SADB_X_SPDDELETE2] = key_spddelete2,
8055 };
8056
8057 /*
8058 * parse sadb_msg buffer to process PFKEYv2,
8059 * and create a data to response if needed.
8060 * I think to be dealed with mbuf directly.
8061 * IN:
8062 * msgp : pointer to pointer to a received buffer pulluped.
8063 * This is rewrited to response.
8064 * so : pointer to socket.
8065 * OUT:
8066 * length for buffer to send to user process.
8067 */
8068 int
key_parse(struct mbuf * m,struct socket * so)8069 key_parse(struct mbuf *m, struct socket *so)
8070 {
8071 struct sadb_msg *msg;
8072 struct sadb_msghdr mh;
8073 u_int orglen;
8074 int error;
8075 int target;
8076
8077 IPSEC_ASSERT(so != NULL, ("null socket"));
8078 IPSEC_ASSERT(m != NULL, ("null mbuf"));
8079
8080 if (m->m_len < sizeof(struct sadb_msg)) {
8081 m = m_pullup(m, sizeof(struct sadb_msg));
8082 if (!m)
8083 return ENOBUFS;
8084 }
8085 msg = mtod(m, struct sadb_msg *);
8086 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
8087 target = KEY_SENDUP_ONE;
8088
8089 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != orglen) {
8090 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__));
8091 PFKEYSTAT_INC(out_invlen);
8092 error = EINVAL;
8093 goto senderror;
8094 }
8095
8096 if (msg->sadb_msg_version != PF_KEY_V2) {
8097 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n",
8098 __func__, msg->sadb_msg_version));
8099 PFKEYSTAT_INC(out_invver);
8100 error = EINVAL;
8101 goto senderror;
8102 }
8103
8104 if (msg->sadb_msg_type > SADB_MAX) {
8105 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n",
8106 __func__, msg->sadb_msg_type));
8107 PFKEYSTAT_INC(out_invmsgtype);
8108 error = EINVAL;
8109 goto senderror;
8110 }
8111
8112 /* for old-fashioned code - should be nuked */
8113 if (m->m_pkthdr.len > MCLBYTES) {
8114 m_freem(m);
8115 return ENOBUFS;
8116 }
8117 if (m->m_next) {
8118 struct mbuf *n;
8119
8120 n = key_mget(m->m_pkthdr.len);
8121 if (n == NULL) {
8122 m_freem(m);
8123 return ENOBUFS;
8124 }
8125 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t));
8126 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
8127 n->m_next = NULL;
8128 m_freem(m);
8129 m = n;
8130 }
8131
8132 /* align the mbuf chain so that extensions are in contiguous region. */
8133 error = key_align(m, &mh);
8134 if (error)
8135 return error;
8136
8137 msg = mh.msg;
8138
8139 /* We use satype as scope mask for spddump */
8140 if (msg->sadb_msg_type == SADB_X_SPDDUMP) {
8141 switch (msg->sadb_msg_satype) {
8142 case IPSEC_POLICYSCOPE_ANY:
8143 case IPSEC_POLICYSCOPE_GLOBAL:
8144 case IPSEC_POLICYSCOPE_IFNET:
8145 case IPSEC_POLICYSCOPE_PCB:
8146 break;
8147 default:
8148 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n",
8149 __func__, msg->sadb_msg_type));
8150 PFKEYSTAT_INC(out_invsatype);
8151 error = EINVAL;
8152 goto senderror;
8153 }
8154 } else {
8155 switch (msg->sadb_msg_satype) { /* check SA type */
8156 case SADB_SATYPE_UNSPEC:
8157 switch (msg->sadb_msg_type) {
8158 case SADB_GETSPI:
8159 case SADB_UPDATE:
8160 case SADB_ADD:
8161 case SADB_DELETE:
8162 case SADB_GET:
8163 case SADB_ACQUIRE:
8164 case SADB_EXPIRE:
8165 ipseclog((LOG_DEBUG, "%s: must specify satype "
8166 "when msg type=%u.\n", __func__,
8167 msg->sadb_msg_type));
8168 PFKEYSTAT_INC(out_invsatype);
8169 error = EINVAL;
8170 goto senderror;
8171 }
8172 break;
8173 case SADB_SATYPE_AH:
8174 case SADB_SATYPE_ESP:
8175 case SADB_X_SATYPE_IPCOMP:
8176 case SADB_X_SATYPE_TCPSIGNATURE:
8177 switch (msg->sadb_msg_type) {
8178 case SADB_X_SPDADD:
8179 case SADB_X_SPDDELETE:
8180 case SADB_X_SPDGET:
8181 case SADB_X_SPDFLUSH:
8182 case SADB_X_SPDSETIDX:
8183 case SADB_X_SPDUPDATE:
8184 case SADB_X_SPDDELETE2:
8185 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n",
8186 __func__, msg->sadb_msg_type));
8187 PFKEYSTAT_INC(out_invsatype);
8188 error = EINVAL;
8189 goto senderror;
8190 }
8191 break;
8192 case SADB_SATYPE_RSVP:
8193 case SADB_SATYPE_OSPFV2:
8194 case SADB_SATYPE_RIPV2:
8195 case SADB_SATYPE_MIP:
8196 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n",
8197 __func__, msg->sadb_msg_satype));
8198 PFKEYSTAT_INC(out_invsatype);
8199 error = EOPNOTSUPP;
8200 goto senderror;
8201 case 1: /* XXX: What does it do? */
8202 if (msg->sadb_msg_type == SADB_X_PROMISC)
8203 break;
8204 /*FALLTHROUGH*/
8205 default:
8206 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n",
8207 __func__, msg->sadb_msg_satype));
8208 PFKEYSTAT_INC(out_invsatype);
8209 error = EINVAL;
8210 goto senderror;
8211 }
8212 }
8213
8214 /* check field of upper layer protocol and address family */
8215 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL
8216 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
8217 struct sadb_address *src0, *dst0;
8218 u_int plen;
8219
8220 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
8221 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
8222
8223 /* check upper layer protocol */
8224 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
8225 ipseclog((LOG_DEBUG, "%s: upper layer protocol "
8226 "mismatched.\n", __func__));
8227 PFKEYSTAT_INC(out_invaddr);
8228 error = EINVAL;
8229 goto senderror;
8230 }
8231
8232 /* check family */
8233 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
8234 PFKEY_ADDR_SADDR(dst0)->sa_family) {
8235 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n",
8236 __func__));
8237 PFKEYSTAT_INC(out_invaddr);
8238 error = EINVAL;
8239 goto senderror;
8240 }
8241 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
8242 PFKEY_ADDR_SADDR(dst0)->sa_len) {
8243 ipseclog((LOG_DEBUG, "%s: address struct size "
8244 "mismatched.\n", __func__));
8245 PFKEYSTAT_INC(out_invaddr);
8246 error = EINVAL;
8247 goto senderror;
8248 }
8249
8250 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
8251 case AF_INET:
8252 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
8253 sizeof(struct sockaddr_in)) {
8254 PFKEYSTAT_INC(out_invaddr);
8255 error = EINVAL;
8256 goto senderror;
8257 }
8258 break;
8259 case AF_INET6:
8260 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
8261 sizeof(struct sockaddr_in6)) {
8262 PFKEYSTAT_INC(out_invaddr);
8263 error = EINVAL;
8264 goto senderror;
8265 }
8266 break;
8267 default:
8268 ipseclog((LOG_DEBUG, "%s: unsupported address family\n",
8269 __func__));
8270 PFKEYSTAT_INC(out_invaddr);
8271 error = EAFNOSUPPORT;
8272 goto senderror;
8273 }
8274
8275 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
8276 case AF_INET:
8277 plen = sizeof(struct in_addr) << 3;
8278 break;
8279 case AF_INET6:
8280 plen = sizeof(struct in6_addr) << 3;
8281 break;
8282 default:
8283 plen = 0; /*fool gcc*/
8284 break;
8285 }
8286
8287 /* check max prefix length */
8288 if (src0->sadb_address_prefixlen > plen ||
8289 dst0->sadb_address_prefixlen > plen) {
8290 ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n",
8291 __func__));
8292 PFKEYSTAT_INC(out_invaddr);
8293 error = EINVAL;
8294 goto senderror;
8295 }
8296
8297 /*
8298 * prefixlen == 0 is valid because there can be a case when
8299 * all addresses are matched.
8300 */
8301 }
8302
8303 if (msg->sadb_msg_type >= nitems(key_typesw) ||
8304 key_typesw[msg->sadb_msg_type] == NULL) {
8305 PFKEYSTAT_INC(out_invmsgtype);
8306 error = EINVAL;
8307 goto senderror;
8308 }
8309
8310 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
8311
8312 senderror:
8313 msg->sadb_msg_errno = error;
8314 return key_sendup_mbuf(so, m, target);
8315 }
8316
8317 static int
key_senderror(struct socket * so,struct mbuf * m,int code)8318 key_senderror(struct socket *so, struct mbuf *m, int code)
8319 {
8320 struct sadb_msg *msg;
8321
8322 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg),
8323 ("mbuf too small, len %u", m->m_len));
8324
8325 msg = mtod(m, struct sadb_msg *);
8326 msg->sadb_msg_errno = code;
8327 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
8328 }
8329
8330 /*
8331 * set the pointer to each header into message buffer.
8332 * m will be freed on error.
8333 * XXX larger-than-MCLBYTES extension?
8334 */
8335 static int
key_align(struct mbuf * m,struct sadb_msghdr * mhp)8336 key_align(struct mbuf *m, struct sadb_msghdr *mhp)
8337 {
8338 struct mbuf *n;
8339 struct sadb_ext *ext;
8340 size_t off, end;
8341 int extlen;
8342 int toff;
8343
8344 IPSEC_ASSERT(m != NULL, ("null mbuf"));
8345 IPSEC_ASSERT(mhp != NULL, ("null msghdr"));
8346 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg),
8347 ("mbuf too small, len %u", m->m_len));
8348
8349 /* initialize */
8350 bzero(mhp, sizeof(*mhp));
8351
8352 mhp->msg = mtod(m, struct sadb_msg *);
8353 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */
8354
8355 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
8356 extlen = end; /*just in case extlen is not updated*/
8357 for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
8358 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
8359 if (!n) {
8360 /* m is already freed */
8361 return ENOBUFS;
8362 }
8363 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
8364
8365 /* set pointer */
8366 switch (ext->sadb_ext_type) {
8367 case SADB_EXT_SA:
8368 case SADB_EXT_ADDRESS_SRC:
8369 case SADB_EXT_ADDRESS_DST:
8370 case SADB_EXT_ADDRESS_PROXY:
8371 case SADB_EXT_LIFETIME_CURRENT:
8372 case SADB_EXT_LIFETIME_HARD:
8373 case SADB_EXT_LIFETIME_SOFT:
8374 case SADB_EXT_KEY_AUTH:
8375 case SADB_EXT_KEY_ENCRYPT:
8376 case SADB_EXT_IDENTITY_SRC:
8377 case SADB_EXT_IDENTITY_DST:
8378 case SADB_EXT_SENSITIVITY:
8379 case SADB_EXT_PROPOSAL:
8380 case SADB_EXT_SUPPORTED_AUTH:
8381 case SADB_EXT_SUPPORTED_ENCRYPT:
8382 case SADB_EXT_SPIRANGE:
8383 case SADB_X_EXT_POLICY:
8384 case SADB_X_EXT_SA2:
8385 case SADB_X_EXT_NAT_T_TYPE:
8386 case SADB_X_EXT_NAT_T_SPORT:
8387 case SADB_X_EXT_NAT_T_DPORT:
8388 case SADB_X_EXT_NAT_T_OAI:
8389 case SADB_X_EXT_NAT_T_OAR:
8390 case SADB_X_EXT_NAT_T_FRAG:
8391 case SADB_X_EXT_SA_REPLAY:
8392 case SADB_X_EXT_NEW_ADDRESS_SRC:
8393 case SADB_X_EXT_NEW_ADDRESS_DST:
8394 #ifdef IPSEC_OFFLOAD
8395 case SADB_X_EXT_LFT_CUR_SW_OFFL:
8396 case SADB_X_EXT_LFT_CUR_HW_OFFL:
8397 case SADB_X_EXT_IF_HW_OFFL:
8398 #endif
8399 /* duplicate check */
8400 /*
8401 * XXX Are there duplication payloads of either
8402 * KEY_AUTH or KEY_ENCRYPT ?
8403 */
8404 if (mhp->ext[ext->sadb_ext_type] != NULL) {
8405 ipseclog((LOG_DEBUG, "%s: duplicate ext_type "
8406 "%u\n", __func__, ext->sadb_ext_type));
8407 m_freem(m);
8408 PFKEYSTAT_INC(out_dupext);
8409 return EINVAL;
8410 }
8411 break;
8412 default:
8413 ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n",
8414 __func__, ext->sadb_ext_type));
8415 m_freem(m);
8416 PFKEYSTAT_INC(out_invexttype);
8417 return EINVAL;
8418 }
8419
8420 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
8421
8422 if (key_validate_ext(ext, extlen)) {
8423 m_freem(m);
8424 PFKEYSTAT_INC(out_invlen);
8425 return EINVAL;
8426 }
8427
8428 n = m_pulldown(m, off, extlen, &toff);
8429 if (!n) {
8430 /* m is already freed */
8431 return ENOBUFS;
8432 }
8433 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
8434
8435 mhp->ext[ext->sadb_ext_type] = ext;
8436 mhp->extoff[ext->sadb_ext_type] = off;
8437 mhp->extlen[ext->sadb_ext_type] = extlen;
8438 }
8439
8440 if (off != end) {
8441 m_freem(m);
8442 PFKEYSTAT_INC(out_invlen);
8443 return EINVAL;
8444 }
8445
8446 return 0;
8447 }
8448
8449 static int
key_validate_ext(const struct sadb_ext * ext,int len)8450 key_validate_ext(const struct sadb_ext *ext, int len)
8451 {
8452 const struct sockaddr *sa;
8453 enum { NONE, ADDR } checktype = NONE;
8454 int baselen = 0;
8455 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
8456
8457 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
8458 return EINVAL;
8459
8460 /* if it does not match minimum/maximum length, bail */
8461 if (ext->sadb_ext_type >= nitems(minsize) ||
8462 ext->sadb_ext_type >= nitems(maxsize))
8463 return EINVAL;
8464 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
8465 return EINVAL;
8466 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
8467 return EINVAL;
8468
8469 /* more checks based on sadb_ext_type XXX need more */
8470 switch (ext->sadb_ext_type) {
8471 case SADB_EXT_ADDRESS_SRC:
8472 case SADB_EXT_ADDRESS_DST:
8473 case SADB_EXT_ADDRESS_PROXY:
8474 case SADB_X_EXT_NAT_T_OAI:
8475 case SADB_X_EXT_NAT_T_OAR:
8476 case SADB_X_EXT_NEW_ADDRESS_SRC:
8477 case SADB_X_EXT_NEW_ADDRESS_DST:
8478 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
8479 checktype = ADDR;
8480 break;
8481 case SADB_EXT_IDENTITY_SRC:
8482 case SADB_EXT_IDENTITY_DST:
8483 if (((const struct sadb_ident *)ext)->sadb_ident_type ==
8484 SADB_X_IDENTTYPE_ADDR) {
8485 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
8486 checktype = ADDR;
8487 } else
8488 checktype = NONE;
8489 break;
8490 default:
8491 checktype = NONE;
8492 break;
8493 }
8494
8495 switch (checktype) {
8496 case NONE:
8497 break;
8498 case ADDR:
8499 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen);
8500 if (len < baselen + sal)
8501 return EINVAL;
8502 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
8503 return EINVAL;
8504 break;
8505 }
8506
8507 return 0;
8508 }
8509
8510 void
spdcache_init(void)8511 spdcache_init(void)
8512 {
8513 int i;
8514
8515 TUNABLE_INT_FETCH("net.key.spdcache.maxentries",
8516 &V_key_spdcache_maxentries);
8517 TUNABLE_INT_FETCH("net.key.spdcache.threshold",
8518 &V_key_spdcache_threshold);
8519
8520 if (V_key_spdcache_maxentries) {
8521 V_key_spdcache_maxentries = MAX(V_key_spdcache_maxentries,
8522 SPDCACHE_MAX_ENTRIES_PER_HASH);
8523 V_spdcachehashtbl = hashinit(V_key_spdcache_maxentries /
8524 SPDCACHE_MAX_ENTRIES_PER_HASH,
8525 M_IPSEC_SPDCACHE, &V_spdcachehash_mask);
8526 V_key_spdcache_maxentries = (V_spdcachehash_mask + 1)
8527 * SPDCACHE_MAX_ENTRIES_PER_HASH;
8528
8529 V_spdcache_lock = malloc(sizeof(struct mtx) *
8530 (V_spdcachehash_mask + 1),
8531 M_IPSEC_SPDCACHE, M_WAITOK | M_ZERO);
8532
8533 for (i = 0; i < V_spdcachehash_mask + 1; ++i)
8534 SPDCACHE_LOCK_INIT(i);
8535 }
8536 }
8537
8538 struct spdcache_entry *
spdcache_entry_alloc(const struct secpolicyindex * spidx,struct secpolicy * sp)8539 spdcache_entry_alloc(const struct secpolicyindex *spidx, struct secpolicy *sp)
8540 {
8541 struct spdcache_entry *entry;
8542
8543 entry = malloc(sizeof(struct spdcache_entry), M_IPSEC_SPDCACHE,
8544 M_NOWAIT | M_ZERO);
8545 if (entry == NULL)
8546 return (NULL);
8547
8548 if (sp != NULL)
8549 SP_ADDREF(sp);
8550
8551 entry->spidx = *spidx;
8552 entry->sp = sp;
8553
8554 return (entry);
8555 }
8556
8557 void
spdcache_entry_free(struct spdcache_entry * entry)8558 spdcache_entry_free(struct spdcache_entry *entry)
8559 {
8560
8561 if (entry->sp != NULL)
8562 key_freesp(&entry->sp);
8563 free(entry, M_IPSEC_SPDCACHE);
8564 }
8565
8566 void
spdcache_clear(void)8567 spdcache_clear(void)
8568 {
8569 struct spdcache_entry *entry;
8570 int i;
8571
8572 for (i = 0; i < V_spdcachehash_mask + 1; ++i) {
8573 SPDCACHE_LOCK(i);
8574 while (!LIST_EMPTY(&V_spdcachehashtbl[i])) {
8575 entry = LIST_FIRST(&V_spdcachehashtbl[i]);
8576 LIST_REMOVE(entry, chain);
8577 spdcache_entry_free(entry);
8578 }
8579 SPDCACHE_UNLOCK(i);
8580 }
8581 }
8582
8583 #ifdef VIMAGE
8584 void
spdcache_destroy(void)8585 spdcache_destroy(void)
8586 {
8587 int i;
8588
8589 if (SPDCACHE_ENABLED()) {
8590 spdcache_clear();
8591 hashdestroy(V_spdcachehashtbl, M_IPSEC_SPDCACHE, V_spdcachehash_mask);
8592
8593 for (i = 0; i < V_spdcachehash_mask + 1; ++i)
8594 SPDCACHE_LOCK_DESTROY(i);
8595
8596 free(V_spdcache_lock, M_IPSEC_SPDCACHE);
8597 }
8598 }
8599 #endif
8600
8601 static void
key_vnet_init(void * arg __unused)8602 key_vnet_init(void *arg __unused)
8603 {
8604 int i;
8605
8606 for (i = 0; i < IPSEC_DIR_MAX; i++) {
8607 TAILQ_INIT(&V_sptree[i]);
8608 TAILQ_INIT(&V_sptree_ifnet[i]);
8609 }
8610
8611 TAILQ_INIT(&V_sahtree);
8612 V_sphashtbl = hashinit(SPHASH_NHASH, M_IPSEC_SP, &V_sphash_mask);
8613 V_savhashtbl = hashinit(SAVHASH_NHASH, M_IPSEC_SA, &V_savhash_mask);
8614 V_sahaddrhashtbl = hashinit(SAHHASH_NHASH, M_IPSEC_SAH,
8615 &V_sahaddrhash_mask);
8616 V_acqaddrhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ,
8617 &V_acqaddrhash_mask);
8618 V_acqseqhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ,
8619 &V_acqseqhash_mask);
8620
8621 spdcache_init();
8622
8623 for (i = 0; i <= SADB_SATYPE_MAX; i++)
8624 LIST_INIT(&V_regtree[i]);
8625
8626 LIST_INIT(&V_acqtree);
8627 LIST_INIT(&V_spacqtree);
8628 }
8629 VNET_SYSINIT(key_vnet_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_SECOND,
8630 key_vnet_init, NULL);
8631
8632 static void
key_init(void * arg __unused)8633 key_init(void *arg __unused)
8634 {
8635
8636 ipsec_key_lft_zone = uma_zcreate("IPsec SA lft_c",
8637 sizeof(uint64_t) * 2, NULL, NULL, NULL, NULL,
8638 UMA_ALIGN_PTR, UMA_ZONE_PCPU);
8639
8640 SPTREE_LOCK_INIT();
8641 REGTREE_LOCK_INIT();
8642 SAHTREE_LOCK_INIT();
8643 ACQ_LOCK_INIT();
8644 SPACQ_LOCK_INIT();
8645 SPI_ALLOC_LOCK_INIT();
8646
8647 #ifndef IPSEC_DEBUG2
8648 callout_init(&key_timer, 1);
8649 callout_reset(&key_timer, hz, key_timehandler, NULL);
8650 #endif /*IPSEC_DEBUG2*/
8651
8652 /* initialize key statistics */
8653 keystat.getspi_count = 1;
8654
8655 if (bootverbose)
8656 printf("IPsec: Initialized Security Association Processing.\n");
8657 }
8658 SYSINIT(key_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, key_init, NULL);
8659
8660 #ifdef VIMAGE
8661 static void
key_vnet_destroy(void * arg __unused)8662 key_vnet_destroy(void *arg __unused)
8663 {
8664 struct secashead_queue sahdrainq;
8665 struct secpolicy_queue drainq;
8666 struct secpolicy *sp, *nextsp;
8667 struct secacq *acq, *nextacq;
8668 struct secspacq *spacq, *nextspacq;
8669 struct secashead *sah;
8670 struct secasvar *sav;
8671 struct secreg *reg;
8672 int i;
8673
8674 /*
8675 * XXX: can we just call free() for each object without
8676 * walking through safe way with releasing references?
8677 */
8678 TAILQ_INIT(&drainq);
8679 SPTREE_WLOCK();
8680 for (i = 0; i < IPSEC_DIR_MAX; i++) {
8681 TAILQ_CONCAT(&drainq, &V_sptree[i], chain);
8682 TAILQ_CONCAT(&drainq, &V_sptree_ifnet[i], chain);
8683 }
8684 for (i = 0; i < V_sphash_mask + 1; i++)
8685 LIST_INIT(&V_sphashtbl[i]);
8686 SPTREE_WUNLOCK();
8687 spdcache_destroy();
8688
8689 sp = TAILQ_FIRST(&drainq);
8690 while (sp != NULL) {
8691 nextsp = TAILQ_NEXT(sp, chain);
8692 key_freesp(&sp);
8693 sp = nextsp;
8694 }
8695
8696 TAILQ_INIT(&sahdrainq);
8697 SAHTREE_WLOCK();
8698 TAILQ_CONCAT(&sahdrainq, &V_sahtree, chain);
8699 for (i = 0; i < V_savhash_mask + 1; i++)
8700 LIST_INIT(&V_savhashtbl[i]);
8701 for (i = 0; i < V_sahaddrhash_mask + 1; i++)
8702 LIST_INIT(&V_sahaddrhashtbl[i]);
8703 TAILQ_FOREACH(sah, &sahdrainq, chain) {
8704 sah->state = SADB_SASTATE_DEAD;
8705 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) {
8706 sav->state = SADB_SASTATE_DEAD;
8707 ipsec_accel_forget_sav(sav);
8708 }
8709 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) {
8710 sav->state = SADB_SASTATE_DEAD;
8711 ipsec_accel_forget_sav(sav);
8712 }
8713 }
8714 SAHTREE_WUNLOCK();
8715
8716 /* Wait for async work referencing this VNET to finish. */
8717 ipsec_accel_sync();
8718
8719 key_freesah_flushed(&sahdrainq);
8720 hashdestroy(V_sphashtbl, M_IPSEC_SP, V_sphash_mask);
8721 hashdestroy(V_savhashtbl, M_IPSEC_SA, V_savhash_mask);
8722 hashdestroy(V_sahaddrhashtbl, M_IPSEC_SAH, V_sahaddrhash_mask);
8723
8724 REGTREE_LOCK();
8725 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
8726 LIST_FOREACH(reg, &V_regtree[i], chain) {
8727 if (__LIST_CHAINED(reg)) {
8728 LIST_REMOVE(reg, chain);
8729 free(reg, M_IPSEC_SAR);
8730 break;
8731 }
8732 }
8733 }
8734 REGTREE_UNLOCK();
8735
8736 ACQ_LOCK();
8737 acq = LIST_FIRST(&V_acqtree);
8738 while (acq != NULL) {
8739 nextacq = LIST_NEXT(acq, chain);
8740 LIST_REMOVE(acq, chain);
8741 free(acq, M_IPSEC_SAQ);
8742 acq = nextacq;
8743 }
8744 for (i = 0; i < V_acqaddrhash_mask + 1; i++)
8745 LIST_INIT(&V_acqaddrhashtbl[i]);
8746 for (i = 0; i < V_acqseqhash_mask + 1; i++)
8747 LIST_INIT(&V_acqseqhashtbl[i]);
8748 ACQ_UNLOCK();
8749
8750 SPACQ_LOCK();
8751 for (spacq = LIST_FIRST(&V_spacqtree); spacq != NULL;
8752 spacq = nextspacq) {
8753 nextspacq = LIST_NEXT(spacq, chain);
8754 if (__LIST_CHAINED(spacq)) {
8755 LIST_REMOVE(spacq, chain);
8756 free(spacq, M_IPSEC_SAQ);
8757 }
8758 }
8759 SPACQ_UNLOCK();
8760 hashdestroy(V_acqaddrhashtbl, M_IPSEC_SAQ, V_acqaddrhash_mask);
8761 hashdestroy(V_acqseqhashtbl, M_IPSEC_SAQ, V_acqseqhash_mask);
8762 }
8763 VNET_SYSUNINIT(key_vnet_destroy, SI_SUB_PROTO_DOMAIN, SI_ORDER_SECOND,
8764 key_vnet_destroy, NULL);
8765 #endif
8766
8767 /*
8768 * XXX: as long as domains are not unloadable, this function is never called,
8769 * provided for consistensy and future unload support.
8770 */
8771 static void
key_destroy(void * arg __unused)8772 key_destroy(void *arg __unused)
8773 {
8774 uma_zdestroy(ipsec_key_lft_zone);
8775
8776 #ifndef IPSEC_DEBUG2
8777 callout_drain(&key_timer);
8778 #endif
8779 SPTREE_LOCK_DESTROY();
8780 REGTREE_LOCK_DESTROY();
8781 SAHTREE_LOCK_DESTROY();
8782 ACQ_LOCK_DESTROY();
8783 SPACQ_LOCK_DESTROY();
8784 SPI_ALLOC_LOCK_DESTROY();
8785 }
8786 SYSUNINIT(key_destroy, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, key_destroy, NULL);
8787
8788 /* record data transfer on SA, and update timestamps */
8789 void
key_sa_recordxfer(struct secasvar * sav,struct mbuf * m)8790 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m)
8791 {
8792 IPSEC_ASSERT(sav != NULL, ("Null secasvar"));
8793 IPSEC_ASSERT(m != NULL, ("Null mbuf"));
8794
8795 /*
8796 * XXX Currently, there is a difference of bytes size
8797 * between inbound and outbound processing.
8798 */
8799 counter_u64_add(sav->lft_c_bytes, m->m_pkthdr.len);
8800
8801 /*
8802 * We use the number of packets as the unit of
8803 * allocations. We increment the variable
8804 * whenever {esp,ah}_{in,out}put is called.
8805 */
8806 counter_u64_add(sav->lft_c_allocations, 1);
8807
8808 /*
8809 * NOTE: We record CURRENT usetime by using wall clock,
8810 * in seconds. HARD and SOFT lifetime are measured by the time
8811 * difference (again in seconds) from usetime.
8812 *
8813 * usetime
8814 * v expire expire
8815 * -----+-----+--------+---> t
8816 * <--------------> HARD
8817 * <-----> SOFT
8818 */
8819 if (sav->firstused == 0)
8820 sav->firstused = time_second;
8821 }
8822
8823 /*
8824 * Take one of the kernel's security keys and convert it into a PF_KEY
8825 * structure within an mbuf, suitable for sending up to a waiting
8826 * application in user land.
8827 *
8828 * IN:
8829 * src: A pointer to a kernel security key.
8830 * exttype: Which type of key this is. Refer to the PF_KEY data structures.
8831 * OUT:
8832 * a valid mbuf or NULL indicating an error
8833 *
8834 */
8835
8836 static struct mbuf *
key_setkey(struct seckey * src,uint16_t exttype)8837 key_setkey(struct seckey *src, uint16_t exttype)
8838 {
8839 struct mbuf *m;
8840 struct sadb_key *p;
8841 int len;
8842
8843 if (src == NULL)
8844 return NULL;
8845
8846 len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src));
8847 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
8848 if (m == NULL)
8849 return NULL;
8850 m_align(m, len);
8851 m->m_len = len;
8852 p = mtod(m, struct sadb_key *);
8853 bzero(p, len);
8854 p->sadb_key_len = PFKEY_UNIT64(len);
8855 p->sadb_key_exttype = exttype;
8856 p->sadb_key_bits = src->bits;
8857 bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src));
8858
8859 return m;
8860 }
8861
8862 #ifdef IPSEC_OFFLOAD
8863 struct mbuf *
key_setaccelif(const char * ifname)8864 key_setaccelif(const char *ifname)
8865 {
8866 struct mbuf *m = NULL;
8867 struct sadb_x_if_hw_offl *p;
8868 int len = PFKEY_ALIGN8(sizeof(*p));
8869
8870 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
8871 if (m == NULL)
8872 return (m);
8873 m_align(m, len);
8874 m->m_len = len;
8875 p = mtod(m, struct sadb_x_if_hw_offl *);
8876
8877 bzero(p, len);
8878 p->sadb_x_if_hw_offl_len = PFKEY_UNIT64(len);
8879 p->sadb_x_if_hw_offl_exttype = SADB_X_EXT_IF_HW_OFFL;
8880 p->sadb_x_if_hw_offl_flags = 0;
8881 strncpy(p->sadb_x_if_hw_offl_if, ifname,
8882 sizeof(p->sadb_x_if_hw_offl_if));
8883
8884 return (m);
8885 }
8886 #endif
8887
8888 /*
8889 * Take one of the kernel's lifetime data structures and convert it
8890 * into a PF_KEY structure within an mbuf, suitable for sending up to
8891 * a waiting application in user land.
8892 *
8893 * IN:
8894 * src: A pointer to a kernel lifetime structure.
8895 * exttype: Which type of lifetime this is. Refer to the PF_KEY
8896 * data structures for more information.
8897 * OUT:
8898 * a valid mbuf or NULL indicating an error
8899 *
8900 */
8901
8902 static struct mbuf *
key_setlifetime(struct seclifetime * src,uint16_t exttype)8903 key_setlifetime(struct seclifetime *src, uint16_t exttype)
8904 {
8905 struct mbuf *m = NULL;
8906 struct sadb_lifetime *p;
8907 int len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime));
8908
8909 if (src == NULL)
8910 return NULL;
8911
8912 m = m_get2(len, M_NOWAIT, MT_DATA, 0);
8913 if (m == NULL)
8914 return m;
8915 m_align(m, len);
8916 m->m_len = len;
8917 p = mtod(m, struct sadb_lifetime *);
8918
8919 bzero(p, len);
8920 p->sadb_lifetime_len = PFKEY_UNIT64(len);
8921 p->sadb_lifetime_exttype = exttype;
8922 p->sadb_lifetime_allocations = src->allocations;
8923 p->sadb_lifetime_bytes = src->bytes;
8924 p->sadb_lifetime_addtime = src->addtime;
8925 p->sadb_lifetime_usetime = src->usetime;
8926
8927 return m;
8928
8929 }
8930
8931 const struct enc_xform *
enc_algorithm_lookup(int alg)8932 enc_algorithm_lookup(int alg)
8933 {
8934 int i;
8935
8936 for (i = 0; i < nitems(supported_ealgs); i++)
8937 if (alg == supported_ealgs[i].sadb_alg)
8938 return (supported_ealgs[i].xform);
8939 return (NULL);
8940 }
8941
8942 const struct auth_hash *
auth_algorithm_lookup(int alg)8943 auth_algorithm_lookup(int alg)
8944 {
8945 int i;
8946
8947 for (i = 0; i < nitems(supported_aalgs); i++)
8948 if (alg == supported_aalgs[i].sadb_alg)
8949 return (supported_aalgs[i].xform);
8950 return (NULL);
8951 }
8952
8953 const struct comp_algo *
comp_algorithm_lookup(int alg)8954 comp_algorithm_lookup(int alg)
8955 {
8956 int i;
8957
8958 for (i = 0; i < nitems(supported_calgs); i++)
8959 if (alg == supported_calgs[i].sadb_alg)
8960 return (supported_calgs[i].xform);
8961 return (NULL);
8962 }
8963
8964 void
ipsec_sahtree_runlock(struct rm_priotracker * sahtree_trackerp)8965 ipsec_sahtree_runlock(struct rm_priotracker *sahtree_trackerp)
8966 {
8967 rm_runlock(&sahtree_lock, sahtree_trackerp);
8968 }
8969
8970 void
ipsec_sahtree_rlock(struct rm_priotracker * sahtree_trackerp)8971 ipsec_sahtree_rlock(struct rm_priotracker *sahtree_trackerp)
8972 {
8973 rm_rlock(&sahtree_lock, sahtree_trackerp);
8974 }
8975
8976 #ifdef IPSEC_OFFLOAD
8977 void
ipsec_accel_on_ifdown(struct ifnet * ifp)8978 ipsec_accel_on_ifdown(struct ifnet *ifp)
8979 {
8980 void (*p)(struct ifnet *ifp);
8981
8982 p = atomic_load_ptr(&ipsec_accel_on_ifdown_p);
8983 if (p != NULL)
8984 p(ifp);
8985 }
8986
8987 void
ipsec_accel_drv_sa_lifetime_update(struct secasvar * sav,if_t ifp,u_int drv_spi,uint64_t octets,uint64_t allocs)8988 ipsec_accel_drv_sa_lifetime_update(struct secasvar *sav, if_t ifp,
8989 u_int drv_spi, uint64_t octets, uint64_t allocs)
8990 {
8991 void (*p)(struct secasvar *sav, if_t ifp, u_int drv_spi,
8992 uint64_t octets, uint64_t allocs);
8993
8994 p = atomic_load_ptr(&ipsec_accel_drv_sa_lifetime_update_p);
8995 if (p != NULL)
8996 p(sav, ifp, drv_spi, octets, allocs);
8997 }
8998
8999 int
ipsec_accel_drv_sa_lifetime_fetch(struct secasvar * sav,if_t ifp,u_int drv_spi,uint64_t * octets,uint64_t * allocs)9000 ipsec_accel_drv_sa_lifetime_fetch(struct secasvar *sav,
9001 if_t ifp, u_int drv_spi, uint64_t *octets, uint64_t *allocs)
9002 {
9003 int (*p)(struct secasvar *sav, if_t ifp, u_int drv_spi,
9004 uint64_t *octets, uint64_t *allocs);
9005
9006 p = atomic_load_ptr(&ipsec_accel_drv_sa_lifetime_fetch_p);
9007 if (p == NULL)
9008 return (EOPNOTSUPP);
9009 return (p(sav, ifp, drv_spi, octets, allocs));
9010 }
9011 #endif
9012