1 /* $FreeBSD$ */ 2 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 3 4 /*- 5 * SPDX-License-Identifier: BSD-3-Clause 6 * 7 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the project nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 /* 36 * This code is referd to RFC 2367 37 */ 38 39 #include "opt_inet.h" 40 #include "opt_inet6.h" 41 #include "opt_ipsec.h" 42 43 #include <sys/types.h> 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/kernel.h> 47 #include <sys/fnv_hash.h> 48 #include <sys/lock.h> 49 #include <sys/mutex.h> 50 #include <sys/mbuf.h> 51 #include <sys/domain.h> 52 #include <sys/protosw.h> 53 #include <sys/malloc.h> 54 #include <sys/rmlock.h> 55 #include <sys/socket.h> 56 #include <sys/socketvar.h> 57 #include <sys/sysctl.h> 58 #include <sys/errno.h> 59 #include <sys/proc.h> 60 #include <sys/queue.h> 61 #include <sys/refcount.h> 62 #include <sys/syslog.h> 63 64 #include <vm/uma.h> 65 66 #include <net/if.h> 67 #include <net/if_var.h> 68 #include <net/vnet.h> 69 #include <net/raw_cb.h> 70 71 #include <netinet/in.h> 72 #include <netinet/in_systm.h> 73 #include <netinet/ip.h> 74 #include <netinet/in_var.h> 75 #include <netinet/udp.h> 76 77 #ifdef INET6 78 #include <netinet/ip6.h> 79 #include <netinet6/in6_var.h> 80 #include <netinet6/ip6_var.h> 81 #endif /* INET6 */ 82 83 #include <net/pfkeyv2.h> 84 #include <netipsec/keydb.h> 85 #include <netipsec/key.h> 86 #include <netipsec/keysock.h> 87 #include <netipsec/key_debug.h> 88 89 #include <netipsec/ipsec.h> 90 #ifdef INET6 91 #include <netipsec/ipsec6.h> 92 #endif 93 94 #include <netipsec/xform.h> 95 #include <machine/in_cksum.h> 96 #include <machine/stdarg.h> 97 98 /* randomness */ 99 #include <sys/random.h> 100 101 #define FULLMASK 0xff 102 #define _BITS(bytes) ((bytes) << 3) 103 104 /* 105 * Note on SA reference counting: 106 * - SAs that are not in DEAD state will have (total external reference + 1) 107 * following value in reference count field. they cannot be freed and are 108 * referenced from SA header. 109 * - SAs that are in DEAD state will have (total external reference) 110 * in reference count field. they are ready to be freed. reference from 111 * SA header will be removed in key_delsav(), when the reference count 112 * field hits 0 (= no external reference other than from SA header. 113 */ 114 115 VNET_DEFINE(u_int32_t, key_debug_level) = 0; 116 static VNET_DEFINE(u_int, key_spi_trycnt) = 1000; 117 static VNET_DEFINE(u_int32_t, key_spi_minval) = 0x100; 118 static VNET_DEFINE(u_int32_t, key_spi_maxval) = 0x0fffffff; /* XXX */ 119 static VNET_DEFINE(u_int32_t, policy_id) = 0; 120 /*interval to initialize randseed,1(m)*/ 121 static VNET_DEFINE(u_int, key_int_random) = 60; 122 /* interval to expire acquiring, 30(s)*/ 123 static VNET_DEFINE(u_int, key_larval_lifetime) = 30; 124 /* counter for blocking SADB_ACQUIRE.*/ 125 static VNET_DEFINE(int, key_blockacq_count) = 10; 126 /* lifetime for blocking SADB_ACQUIRE.*/ 127 static VNET_DEFINE(int, key_blockacq_lifetime) = 20; 128 /* preferred old sa rather than new sa.*/ 129 static VNET_DEFINE(int, key_preferred_oldsa) = 1; 130 #define V_key_spi_trycnt VNET(key_spi_trycnt) 131 #define V_key_spi_minval VNET(key_spi_minval) 132 #define V_key_spi_maxval VNET(key_spi_maxval) 133 #define V_policy_id VNET(policy_id) 134 #define V_key_int_random VNET(key_int_random) 135 #define V_key_larval_lifetime VNET(key_larval_lifetime) 136 #define V_key_blockacq_count VNET(key_blockacq_count) 137 #define V_key_blockacq_lifetime VNET(key_blockacq_lifetime) 138 #define V_key_preferred_oldsa VNET(key_preferred_oldsa) 139 140 static VNET_DEFINE(u_int32_t, acq_seq) = 0; 141 #define V_acq_seq VNET(acq_seq) 142 143 static VNET_DEFINE(uint32_t, sp_genid) = 0; 144 #define V_sp_genid VNET(sp_genid) 145 146 /* SPD */ 147 TAILQ_HEAD(secpolicy_queue, secpolicy); 148 LIST_HEAD(secpolicy_list, secpolicy); 149 static VNET_DEFINE(struct secpolicy_queue, sptree[IPSEC_DIR_MAX]); 150 static VNET_DEFINE(struct secpolicy_queue, sptree_ifnet[IPSEC_DIR_MAX]); 151 static struct rmlock sptree_lock; 152 #define V_sptree VNET(sptree) 153 #define V_sptree_ifnet VNET(sptree_ifnet) 154 #define SPTREE_LOCK_INIT() rm_init(&sptree_lock, "sptree") 155 #define SPTREE_LOCK_DESTROY() rm_destroy(&sptree_lock) 156 #define SPTREE_RLOCK_TRACKER struct rm_priotracker sptree_tracker 157 #define SPTREE_RLOCK() rm_rlock(&sptree_lock, &sptree_tracker) 158 #define SPTREE_RUNLOCK() rm_runlock(&sptree_lock, &sptree_tracker) 159 #define SPTREE_RLOCK_ASSERT() rm_assert(&sptree_lock, RA_RLOCKED) 160 #define SPTREE_WLOCK() rm_wlock(&sptree_lock) 161 #define SPTREE_WUNLOCK() rm_wunlock(&sptree_lock) 162 #define SPTREE_WLOCK_ASSERT() rm_assert(&sptree_lock, RA_WLOCKED) 163 #define SPTREE_UNLOCK_ASSERT() rm_assert(&sptree_lock, RA_UNLOCKED) 164 165 /* Hash table for lookup SP using unique id */ 166 static VNET_DEFINE(struct secpolicy_list *, sphashtbl); 167 static VNET_DEFINE(u_long, sphash_mask); 168 #define V_sphashtbl VNET(sphashtbl) 169 #define V_sphash_mask VNET(sphash_mask) 170 171 #define SPHASH_NHASH_LOG2 7 172 #define SPHASH_NHASH (1 << SPHASH_NHASH_LOG2) 173 #define SPHASH_HASHVAL(id) (key_u32hash(id) & V_sphash_mask) 174 #define SPHASH_HASH(id) &V_sphashtbl[SPHASH_HASHVAL(id)] 175 176 /* SAD */ 177 TAILQ_HEAD(secashead_queue, secashead); 178 LIST_HEAD(secashead_list, secashead); 179 static VNET_DEFINE(struct secashead_queue, sahtree); 180 static struct rmlock sahtree_lock; 181 #define V_sahtree VNET(sahtree) 182 #define SAHTREE_LOCK_INIT() rm_init(&sahtree_lock, "sahtree") 183 #define SAHTREE_LOCK_DESTROY() rm_destroy(&sahtree_lock) 184 #define SAHTREE_RLOCK_TRACKER struct rm_priotracker sahtree_tracker 185 #define SAHTREE_RLOCK() rm_rlock(&sahtree_lock, &sahtree_tracker) 186 #define SAHTREE_RUNLOCK() rm_runlock(&sahtree_lock, &sahtree_tracker) 187 #define SAHTREE_RLOCK_ASSERT() rm_assert(&sahtree_lock, RA_RLOCKED) 188 #define SAHTREE_WLOCK() rm_wlock(&sahtree_lock) 189 #define SAHTREE_WUNLOCK() rm_wunlock(&sahtree_lock) 190 #define SAHTREE_WLOCK_ASSERT() rm_assert(&sahtree_lock, RA_WLOCKED) 191 #define SAHTREE_UNLOCK_ASSERT() rm_assert(&sahtree_lock, RA_UNLOCKED) 192 193 /* Hash table for lookup in SAD using SA addresses */ 194 static VNET_DEFINE(struct secashead_list *, sahaddrhashtbl); 195 static VNET_DEFINE(u_long, sahaddrhash_mask); 196 #define V_sahaddrhashtbl VNET(sahaddrhashtbl) 197 #define V_sahaddrhash_mask VNET(sahaddrhash_mask) 198 199 #define SAHHASH_NHASH_LOG2 7 200 #define SAHHASH_NHASH (1 << SAHHASH_NHASH_LOG2) 201 #define SAHADDRHASH_HASHVAL(saidx) \ 202 (key_saidxhash(saidx) & V_sahaddrhash_mask) 203 #define SAHADDRHASH_HASH(saidx) \ 204 &V_sahaddrhashtbl[SAHADDRHASH_HASHVAL(saidx)] 205 206 /* Hash table for lookup in SAD using SPI */ 207 LIST_HEAD(secasvar_list, secasvar); 208 static VNET_DEFINE(struct secasvar_list *, savhashtbl); 209 static VNET_DEFINE(u_long, savhash_mask); 210 #define V_savhashtbl VNET(savhashtbl) 211 #define V_savhash_mask VNET(savhash_mask) 212 #define SAVHASH_NHASH_LOG2 7 213 #define SAVHASH_NHASH (1 << SAVHASH_NHASH_LOG2) 214 #define SAVHASH_HASHVAL(spi) (key_u32hash(spi) & V_savhash_mask) 215 #define SAVHASH_HASH(spi) &V_savhashtbl[SAVHASH_HASHVAL(spi)] 216 217 static uint32_t 218 key_saidxhash(const struct secasindex *saidx) 219 { 220 uint32_t hval; 221 222 hval = fnv_32_buf(&saidx->proto, sizeof(saidx->proto), 223 FNV1_32_INIT); 224 switch (saidx->dst.sa.sa_family) { 225 #ifdef INET 226 case AF_INET: 227 hval = fnv_32_buf(&saidx->src.sin.sin_addr, 228 sizeof(in_addr_t), hval); 229 hval = fnv_32_buf(&saidx->dst.sin.sin_addr, 230 sizeof(in_addr_t), hval); 231 break; 232 #endif 233 #ifdef INET6 234 case AF_INET6: 235 hval = fnv_32_buf(&saidx->src.sin6.sin6_addr, 236 sizeof(struct in6_addr), hval); 237 hval = fnv_32_buf(&saidx->dst.sin6.sin6_addr, 238 sizeof(struct in6_addr), hval); 239 break; 240 #endif 241 default: 242 hval = 0; 243 ipseclog((LOG_DEBUG, "%s: unknown address family %d", 244 __func__, saidx->dst.sa.sa_family)); 245 } 246 return (hval); 247 } 248 249 static uint32_t 250 key_u32hash(uint32_t val) 251 { 252 253 return (fnv_32_buf(&val, sizeof(val), FNV1_32_INIT)); 254 } 255 256 /* registed list */ 257 static VNET_DEFINE(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]); 258 #define V_regtree VNET(regtree) 259 static struct mtx regtree_lock; 260 #define REGTREE_LOCK_INIT() \ 261 mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF) 262 #define REGTREE_LOCK_DESTROY() mtx_destroy(®tree_lock) 263 #define REGTREE_LOCK() mtx_lock(®tree_lock) 264 #define REGTREE_UNLOCK() mtx_unlock(®tree_lock) 265 #define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED) 266 267 /* Acquiring list */ 268 LIST_HEAD(secacq_list, secacq); 269 static VNET_DEFINE(struct secacq_list, acqtree); 270 #define V_acqtree VNET(acqtree) 271 static struct mtx acq_lock; 272 #define ACQ_LOCK_INIT() \ 273 mtx_init(&acq_lock, "acqtree", "ipsec SA acquiring list", MTX_DEF) 274 #define ACQ_LOCK_DESTROY() mtx_destroy(&acq_lock) 275 #define ACQ_LOCK() mtx_lock(&acq_lock) 276 #define ACQ_UNLOCK() mtx_unlock(&acq_lock) 277 #define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED) 278 279 /* Hash table for lookup in ACQ list using SA addresses */ 280 static VNET_DEFINE(struct secacq_list *, acqaddrhashtbl); 281 static VNET_DEFINE(u_long, acqaddrhash_mask); 282 #define V_acqaddrhashtbl VNET(acqaddrhashtbl) 283 #define V_acqaddrhash_mask VNET(acqaddrhash_mask) 284 285 /* Hash table for lookup in ACQ list using SEQ number */ 286 static VNET_DEFINE(struct secacq_list *, acqseqhashtbl); 287 static VNET_DEFINE(u_long, acqseqhash_mask); 288 #define V_acqseqhashtbl VNET(acqseqhashtbl) 289 #define V_acqseqhash_mask VNET(acqseqhash_mask) 290 291 #define ACQHASH_NHASH_LOG2 7 292 #define ACQHASH_NHASH (1 << ACQHASH_NHASH_LOG2) 293 #define ACQADDRHASH_HASHVAL(saidx) \ 294 (key_saidxhash(saidx) & V_acqaddrhash_mask) 295 #define ACQSEQHASH_HASHVAL(seq) \ 296 (key_u32hash(seq) & V_acqseqhash_mask) 297 #define ACQADDRHASH_HASH(saidx) \ 298 &V_acqaddrhashtbl[ACQADDRHASH_HASHVAL(saidx)] 299 #define ACQSEQHASH_HASH(seq) \ 300 &V_acqseqhashtbl[ACQSEQHASH_HASHVAL(seq)] 301 /* SP acquiring list */ 302 static VNET_DEFINE(LIST_HEAD(_spacqtree, secspacq), spacqtree); 303 #define V_spacqtree VNET(spacqtree) 304 static struct mtx spacq_lock; 305 #define SPACQ_LOCK_INIT() \ 306 mtx_init(&spacq_lock, "spacqtree", \ 307 "fast ipsec security policy acquire list", MTX_DEF) 308 #define SPACQ_LOCK_DESTROY() mtx_destroy(&spacq_lock) 309 #define SPACQ_LOCK() mtx_lock(&spacq_lock) 310 #define SPACQ_UNLOCK() mtx_unlock(&spacq_lock) 311 #define SPACQ_LOCK_ASSERT() mtx_assert(&spacq_lock, MA_OWNED) 312 313 static const int minsize[] = { 314 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 315 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 316 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 317 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 318 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 319 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */ 320 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */ 321 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */ 322 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */ 323 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */ 324 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */ 325 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */ 326 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */ 327 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */ 328 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */ 329 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */ 330 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 331 0, /* SADB_X_EXT_KMPRIVATE */ 332 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */ 333 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 334 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 335 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 336 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 337 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAI */ 338 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAR */ 339 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 340 sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */ 341 sizeof(struct sadb_address), /* SADB_X_EXT_NEW_ADDRESS_SRC */ 342 sizeof(struct sadb_address), /* SADB_X_EXT_NEW_ADDRESS_DST */ 343 }; 344 _Static_assert(sizeof(minsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch"); 345 346 static const int maxsize[] = { 347 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 348 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 349 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 350 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 351 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 352 0, /* SADB_EXT_ADDRESS_SRC */ 353 0, /* SADB_EXT_ADDRESS_DST */ 354 0, /* SADB_EXT_ADDRESS_PROXY */ 355 0, /* SADB_EXT_KEY_AUTH */ 356 0, /* SADB_EXT_KEY_ENCRYPT */ 357 0, /* SADB_EXT_IDENTITY_SRC */ 358 0, /* SADB_EXT_IDENTITY_DST */ 359 0, /* SADB_EXT_SENSITIVITY */ 360 0, /* SADB_EXT_PROPOSAL */ 361 0, /* SADB_EXT_SUPPORTED_AUTH */ 362 0, /* SADB_EXT_SUPPORTED_ENCRYPT */ 363 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 364 0, /* SADB_X_EXT_KMPRIVATE */ 365 0, /* SADB_X_EXT_POLICY */ 366 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 367 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 368 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 369 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 370 0, /* SADB_X_EXT_NAT_T_OAI */ 371 0, /* SADB_X_EXT_NAT_T_OAR */ 372 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 373 sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */ 374 0, /* SADB_X_EXT_NEW_ADDRESS_SRC */ 375 0, /* SADB_X_EXT_NEW_ADDRESS_DST */ 376 }; 377 _Static_assert(sizeof(maxsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch"); 378 379 /* 380 * Internal values for SA flags: 381 * SADB_X_EXT_F_CLONED means that SA was cloned by key_updateaddresses, 382 * thus we will not free the most of SA content in key_delsav(). 383 */ 384 #define SADB_X_EXT_F_CLONED 0x80000000 385 386 #define SADB_CHECKLEN(_mhp, _ext) \ 387 ((_mhp)->extlen[(_ext)] < minsize[(_ext)] || (maxsize[(_ext)] != 0 && \ 388 ((_mhp)->extlen[(_ext)] > maxsize[(_ext)]))) 389 #define SADB_CHECKHDR(_mhp, _ext) ((_mhp)->ext[(_ext)] == NULL) 390 391 static VNET_DEFINE(int, ipsec_esp_keymin) = 256; 392 static VNET_DEFINE(int, ipsec_esp_auth) = 0; 393 static VNET_DEFINE(int, ipsec_ah_keymin) = 128; 394 395 #define V_ipsec_esp_keymin VNET(ipsec_esp_keymin) 396 #define V_ipsec_esp_auth VNET(ipsec_esp_auth) 397 #define V_ipsec_ah_keymin VNET(ipsec_ah_keymin) 398 399 #ifdef IPSEC_DEBUG 400 VNET_DEFINE(int, ipsec_debug) = 1; 401 #else 402 VNET_DEFINE(int, ipsec_debug) = 0; 403 #endif 404 405 #ifdef INET 406 SYSCTL_DECL(_net_inet_ipsec); 407 SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, debug, 408 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 409 "Enable IPsec debugging output when set."); 410 #endif 411 #ifdef INET6 412 SYSCTL_DECL(_net_inet6_ipsec6); 413 SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, debug, 414 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 415 "Enable IPsec debugging output when set."); 416 #endif 417 418 SYSCTL_DECL(_net_key); 419 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, 420 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, ""); 421 422 /* max count of trial for the decision of spi value */ 423 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, 424 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, ""); 425 426 /* minimum spi value to allocate automatically. */ 427 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, 428 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, ""); 429 430 /* maximun spi value to allocate automatically. */ 431 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, 432 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, ""); 433 434 /* interval to initialize randseed */ 435 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, 436 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_int_random), 0, ""); 437 438 /* lifetime for larval SA */ 439 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, 440 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, ""); 441 442 /* counter for blocking to send SADB_ACQUIRE to IKEd */ 443 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, 444 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, ""); 445 446 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ 447 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, 448 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, ""); 449 450 /* ESP auth */ 451 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, 452 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, ""); 453 454 /* minimum ESP key length */ 455 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, 456 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, ""); 457 458 /* minimum AH key length */ 459 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, 460 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, ""); 461 462 /* perfered old SA rather than new SA */ 463 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, 464 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, ""); 465 466 #define __LIST_CHAINED(elm) \ 467 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) 468 469 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association"); 470 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head"); 471 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy"); 472 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request"); 473 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous"); 474 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire"); 475 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire"); 476 477 static VNET_DEFINE(uma_zone_t, key_lft_zone); 478 #define V_key_lft_zone VNET(key_lft_zone) 479 480 static LIST_HEAD(xforms_list, xformsw) xforms = LIST_HEAD_INITIALIZER(); 481 static struct mtx xforms_lock; 482 #define XFORMS_LOCK_INIT() \ 483 mtx_init(&xforms_lock, "xforms_list", "IPsec transforms list", MTX_DEF) 484 #define XFORMS_LOCK_DESTROY() mtx_destroy(&xforms_lock) 485 #define XFORMS_LOCK() mtx_lock(&xforms_lock) 486 #define XFORMS_UNLOCK() mtx_unlock(&xforms_lock) 487 488 /* 489 * set parameters into secpolicyindex buffer. 490 * Must allocate secpolicyindex buffer passed to this function. 491 */ 492 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \ 493 do { \ 494 bzero((idx), sizeof(struct secpolicyindex)); \ 495 (idx)->dir = (_dir); \ 496 (idx)->prefs = (ps); \ 497 (idx)->prefd = (pd); \ 498 (idx)->ul_proto = (ulp); \ 499 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 500 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 501 } while (0) 502 503 /* 504 * set parameters into secasindex buffer. 505 * Must allocate secasindex buffer before calling this function. 506 */ 507 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \ 508 do { \ 509 bzero((idx), sizeof(struct secasindex)); \ 510 (idx)->proto = (p); \ 511 (idx)->mode = (m); \ 512 (idx)->reqid = (r); \ 513 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 514 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 515 key_porttosaddr(&(idx)->src.sa, 0); \ 516 key_porttosaddr(&(idx)->dst.sa, 0); \ 517 } while (0) 518 519 /* key statistics */ 520 struct _keystat { 521 u_long getspi_count; /* the avarage of count to try to get new SPI */ 522 } keystat; 523 524 struct sadb_msghdr { 525 struct sadb_msg *msg; 526 struct sadb_ext *ext[SADB_EXT_MAX + 1]; 527 int extoff[SADB_EXT_MAX + 1]; 528 int extlen[SADB_EXT_MAX + 1]; 529 }; 530 531 static struct supported_ealgs { 532 int sadb_alg; 533 const struct enc_xform *xform; 534 } supported_ealgs[] = { 535 { SADB_EALG_DESCBC, &enc_xform_des }, 536 { SADB_EALG_3DESCBC, &enc_xform_3des }, 537 { SADB_X_EALG_AES, &enc_xform_rijndael128 }, 538 { SADB_X_EALG_BLOWFISHCBC, &enc_xform_blf }, 539 { SADB_X_EALG_CAST128CBC, &enc_xform_cast5 }, 540 { SADB_EALG_NULL, &enc_xform_null }, 541 { SADB_X_EALG_CAMELLIACBC, &enc_xform_camellia }, 542 { SADB_X_EALG_AESCTR, &enc_xform_aes_icm }, 543 { SADB_X_EALG_AESGCM16, &enc_xform_aes_nist_gcm }, 544 { SADB_X_EALG_AESGMAC, &enc_xform_aes_nist_gmac }, 545 }; 546 547 static struct supported_aalgs { 548 int sadb_alg; 549 const struct auth_hash *xform; 550 } supported_aalgs[] = { 551 { SADB_X_AALG_NULL, &auth_hash_null }, 552 { SADB_AALG_MD5HMAC, &auth_hash_hmac_md5 }, 553 { SADB_AALG_SHA1HMAC, &auth_hash_hmac_sha1 }, 554 { SADB_X_AALG_RIPEMD160HMAC, &auth_hash_hmac_ripemd_160 }, 555 { SADB_X_AALG_MD5, &auth_hash_key_md5 }, 556 { SADB_X_AALG_SHA, &auth_hash_key_sha1 }, 557 { SADB_X_AALG_SHA2_256, &auth_hash_hmac_sha2_256 }, 558 { SADB_X_AALG_SHA2_384, &auth_hash_hmac_sha2_384 }, 559 { SADB_X_AALG_SHA2_512, &auth_hash_hmac_sha2_512 }, 560 { SADB_X_AALG_AES128GMAC, &auth_hash_nist_gmac_aes_128 }, 561 { SADB_X_AALG_AES192GMAC, &auth_hash_nist_gmac_aes_192 }, 562 { SADB_X_AALG_AES256GMAC, &auth_hash_nist_gmac_aes_256 }, 563 }; 564 565 static struct supported_calgs { 566 int sadb_alg; 567 const struct comp_algo *xform; 568 } supported_calgs[] = { 569 { SADB_X_CALG_DEFLATE, &comp_algo_deflate }, 570 }; 571 572 #ifndef IPSEC_DEBUG2 573 static struct callout key_timer; 574 #endif 575 576 static void key_unlink(struct secpolicy *); 577 static struct secpolicy *key_getsp(struct secpolicyindex *); 578 static struct secpolicy *key_getspbyid(u_int32_t); 579 static struct mbuf *key_gather_mbuf(struct mbuf *, 580 const struct sadb_msghdr *, int, int, ...); 581 static int key_spdadd(struct socket *, struct mbuf *, 582 const struct sadb_msghdr *); 583 static uint32_t key_getnewspid(void); 584 static int key_spddelete(struct socket *, struct mbuf *, 585 const struct sadb_msghdr *); 586 static int key_spddelete2(struct socket *, struct mbuf *, 587 const struct sadb_msghdr *); 588 static int key_spdget(struct socket *, struct mbuf *, 589 const struct sadb_msghdr *); 590 static int key_spdflush(struct socket *, struct mbuf *, 591 const struct sadb_msghdr *); 592 static int key_spddump(struct socket *, struct mbuf *, 593 const struct sadb_msghdr *); 594 static struct mbuf *key_setdumpsp(struct secpolicy *, 595 u_int8_t, u_int32_t, u_int32_t); 596 static struct mbuf *key_sp2mbuf(struct secpolicy *); 597 static size_t key_getspreqmsglen(struct secpolicy *); 598 static int key_spdexpire(struct secpolicy *); 599 static struct secashead *key_newsah(struct secasindex *); 600 static void key_freesah(struct secashead **); 601 static void key_delsah(struct secashead *); 602 static struct secasvar *key_newsav(const struct sadb_msghdr *, 603 struct secasindex *, uint32_t, int *); 604 static void key_delsav(struct secasvar *); 605 static void key_unlinksav(struct secasvar *); 606 static struct secashead *key_getsah(struct secasindex *); 607 static int key_checkspidup(uint32_t); 608 static struct secasvar *key_getsavbyspi(uint32_t); 609 static int key_setnatt(struct secasvar *, const struct sadb_msghdr *); 610 static int key_setsaval(struct secasvar *, const struct sadb_msghdr *); 611 static int key_updatelifetimes(struct secasvar *, const struct sadb_msghdr *); 612 static int key_updateaddresses(struct socket *, struct mbuf *, 613 const struct sadb_msghdr *, struct secasvar *, struct secasindex *); 614 615 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t, 616 u_int8_t, u_int32_t, u_int32_t); 617 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t, 618 u_int32_t, pid_t, u_int16_t); 619 static struct mbuf *key_setsadbsa(struct secasvar *); 620 static struct mbuf *key_setsadbaddr(u_int16_t, 621 const struct sockaddr *, u_int8_t, u_int16_t); 622 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t); 623 static struct mbuf *key_setsadbxtype(u_int16_t); 624 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t); 625 static struct mbuf *key_setsadbxsareplay(u_int32_t); 626 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t, 627 u_int32_t, u_int32_t); 628 static struct seckey *key_dup_keymsg(const struct sadb_key *, size_t, 629 struct malloc_type *); 630 static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src, 631 struct malloc_type *); 632 633 /* flags for key_cmpsaidx() */ 634 #define CMP_HEAD 1 /* protocol, addresses. */ 635 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */ 636 #define CMP_REQID 3 /* additionally HEAD, reaid. */ 637 #define CMP_EXACTLY 4 /* all elements. */ 638 static int key_cmpsaidx(const struct secasindex *, 639 const struct secasindex *, int); 640 static int key_cmpspidx_exactly(struct secpolicyindex *, 641 struct secpolicyindex *); 642 static int key_cmpspidx_withmask(struct secpolicyindex *, 643 struct secpolicyindex *); 644 static int key_bbcmp(const void *, const void *, u_int); 645 static uint8_t key_satype2proto(uint8_t); 646 static uint8_t key_proto2satype(uint8_t); 647 648 static int key_getspi(struct socket *, struct mbuf *, 649 const struct sadb_msghdr *); 650 static uint32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *); 651 static int key_update(struct socket *, struct mbuf *, 652 const struct sadb_msghdr *); 653 static int key_add(struct socket *, struct mbuf *, 654 const struct sadb_msghdr *); 655 static int key_setident(struct secashead *, const struct sadb_msghdr *); 656 static struct mbuf *key_getmsgbuf_x1(struct mbuf *, 657 const struct sadb_msghdr *); 658 static int key_delete(struct socket *, struct mbuf *, 659 const struct sadb_msghdr *); 660 static int key_delete_all(struct socket *, struct mbuf *, 661 const struct sadb_msghdr *, struct secasindex *); 662 static void key_delete_xform(const struct xformsw *); 663 static int key_get(struct socket *, struct mbuf *, 664 const struct sadb_msghdr *); 665 666 static void key_getcomb_setlifetime(struct sadb_comb *); 667 static struct mbuf *key_getcomb_ealg(void); 668 static struct mbuf *key_getcomb_ah(void); 669 static struct mbuf *key_getcomb_ipcomp(void); 670 static struct mbuf *key_getprop(const struct secasindex *); 671 672 static int key_acquire(const struct secasindex *, struct secpolicy *); 673 static uint32_t key_newacq(const struct secasindex *, int *); 674 static uint32_t key_getacq(const struct secasindex *, int *); 675 static int key_acqdone(const struct secasindex *, uint32_t); 676 static int key_acqreset(uint32_t); 677 static struct secspacq *key_newspacq(struct secpolicyindex *); 678 static struct secspacq *key_getspacq(struct secpolicyindex *); 679 static int key_acquire2(struct socket *, struct mbuf *, 680 const struct sadb_msghdr *); 681 static int key_register(struct socket *, struct mbuf *, 682 const struct sadb_msghdr *); 683 static int key_expire(struct secasvar *, int); 684 static int key_flush(struct socket *, struct mbuf *, 685 const struct sadb_msghdr *); 686 static int key_dump(struct socket *, struct mbuf *, 687 const struct sadb_msghdr *); 688 static int key_promisc(struct socket *, struct mbuf *, 689 const struct sadb_msghdr *); 690 static int key_senderror(struct socket *, struct mbuf *, int); 691 static int key_validate_ext(const struct sadb_ext *, int); 692 static int key_align(struct mbuf *, struct sadb_msghdr *); 693 static struct mbuf *key_setlifetime(struct seclifetime *, uint16_t); 694 static struct mbuf *key_setkey(struct seckey *, uint16_t); 695 static int xform_init(struct secasvar *, u_short); 696 697 #define DBG_IPSEC_INITREF(t, p) do { \ 698 refcount_init(&(p)->refcnt, 1); \ 699 KEYDBG(KEY_STAMP, \ 700 printf("%s: Initialize refcnt %s(%p) = %u\n", \ 701 __func__, #t, (p), (p)->refcnt)); \ 702 } while (0) 703 #define DBG_IPSEC_ADDREF(t, p) do { \ 704 refcount_acquire(&(p)->refcnt); \ 705 KEYDBG(KEY_STAMP, \ 706 printf("%s: Acquire refcnt %s(%p) -> %u\n", \ 707 __func__, #t, (p), (p)->refcnt)); \ 708 } while (0) 709 #define DBG_IPSEC_DELREF(t, p) do { \ 710 KEYDBG(KEY_STAMP, \ 711 printf("%s: Release refcnt %s(%p) -> %u\n", \ 712 __func__, #t, (p), (p)->refcnt - 1)); \ 713 refcount_release(&(p)->refcnt); \ 714 } while (0) 715 716 #define IPSEC_INITREF(t, p) refcount_init(&(p)->refcnt, 1) 717 #define IPSEC_ADDREF(t, p) refcount_acquire(&(p)->refcnt) 718 #define IPSEC_DELREF(t, p) refcount_release(&(p)->refcnt) 719 720 #define SP_INITREF(p) IPSEC_INITREF(SP, p) 721 #define SP_ADDREF(p) IPSEC_ADDREF(SP, p) 722 #define SP_DELREF(p) IPSEC_DELREF(SP, p) 723 724 #define SAH_INITREF(p) IPSEC_INITREF(SAH, p) 725 #define SAH_ADDREF(p) IPSEC_ADDREF(SAH, p) 726 #define SAH_DELREF(p) IPSEC_DELREF(SAH, p) 727 728 #define SAV_INITREF(p) IPSEC_INITREF(SAV, p) 729 #define SAV_ADDREF(p) IPSEC_ADDREF(SAV, p) 730 #define SAV_DELREF(p) IPSEC_DELREF(SAV, p) 731 732 /* 733 * Update the refcnt while holding the SPTREE lock. 734 */ 735 void 736 key_addref(struct secpolicy *sp) 737 { 738 739 SP_ADDREF(sp); 740 } 741 742 /* 743 * Return 0 when there are known to be no SP's for the specified 744 * direction. Otherwise return 1. This is used by IPsec code 745 * to optimize performance. 746 */ 747 int 748 key_havesp(u_int dir) 749 { 750 751 return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ? 752 TAILQ_FIRST(&V_sptree[dir]) != NULL : 1); 753 } 754 755 /* %%% IPsec policy management */ 756 /* 757 * Return current SPDB generation. 758 */ 759 uint32_t 760 key_getspgen(void) 761 { 762 763 return (V_sp_genid); 764 } 765 766 void 767 key_bumpspgen(void) 768 { 769 770 V_sp_genid++; 771 } 772 773 static int 774 key_checksockaddrs(struct sockaddr *src, struct sockaddr *dst) 775 { 776 777 /* family match */ 778 if (src->sa_family != dst->sa_family) 779 return (EINVAL); 780 /* sa_len match */ 781 if (src->sa_len != dst->sa_len) 782 return (EINVAL); 783 switch (src->sa_family) { 784 #ifdef INET 785 case AF_INET: 786 if (src->sa_len != sizeof(struct sockaddr_in)) 787 return (EINVAL); 788 break; 789 #endif 790 #ifdef INET6 791 case AF_INET6: 792 if (src->sa_len != sizeof(struct sockaddr_in6)) 793 return (EINVAL); 794 break; 795 #endif 796 default: 797 return (EAFNOSUPPORT); 798 } 799 return (0); 800 } 801 802 /* 803 * allocating a SP for OUTBOUND or INBOUND packet. 804 * Must call key_freesp() later. 805 * OUT: NULL: not found 806 * others: found and return the pointer. 807 */ 808 struct secpolicy * 809 key_allocsp(struct secpolicyindex *spidx, u_int dir) 810 { 811 SPTREE_RLOCK_TRACKER; 812 struct secpolicy *sp; 813 814 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 815 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 816 ("invalid direction %u", dir)); 817 818 SPTREE_RLOCK(); 819 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 820 if (key_cmpspidx_withmask(&sp->spidx, spidx)) { 821 SP_ADDREF(sp); 822 break; 823 } 824 } 825 SPTREE_RUNLOCK(); 826 827 if (sp != NULL) { /* found a SPD entry */ 828 sp->lastused = time_second; 829 KEYDBG(IPSEC_STAMP, 830 printf("%s: return SP(%p)\n", __func__, sp)); 831 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 832 } else { 833 KEYDBG(IPSEC_DATA, 834 printf("%s: lookup failed for ", __func__); 835 kdebug_secpolicyindex(spidx, NULL)); 836 } 837 return (sp); 838 } 839 840 /* 841 * Allocating an SA entry for an *INBOUND* or *OUTBOUND* TCP packet, signed 842 * or should be signed by MD5 signature. 843 * We don't use key_allocsa() for such lookups, because we don't know SPI. 844 * Unlike ESP and AH protocols, SPI isn't transmitted in the TCP header with 845 * signed packet. We use SADB only as storage for password. 846 * OUT: positive: corresponding SA for given saidx found. 847 * NULL: SA not found 848 */ 849 struct secasvar * 850 key_allocsa_tcpmd5(struct secasindex *saidx) 851 { 852 SAHTREE_RLOCK_TRACKER; 853 struct secashead *sah; 854 struct secasvar *sav; 855 856 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, 857 ("unexpected security protocol %u", saidx->proto)); 858 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TCPMD5, 859 ("unexpected mode %u", saidx->mode)); 860 861 SAHTREE_RLOCK(); 862 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 863 KEYDBG(IPSEC_DUMP, 864 printf("%s: checking SAH\n", __func__); 865 kdebug_secash(sah, " ")); 866 if (sah->saidx.proto != IPPROTO_TCP) 867 continue; 868 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 869 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 870 break; 871 } 872 if (sah != NULL) { 873 if (V_key_preferred_oldsa) 874 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 875 else 876 sav = TAILQ_FIRST(&sah->savtree_alive); 877 if (sav != NULL) 878 SAV_ADDREF(sav); 879 } else 880 sav = NULL; 881 SAHTREE_RUNLOCK(); 882 883 if (sav != NULL) { 884 KEYDBG(IPSEC_STAMP, 885 printf("%s: return SA(%p)\n", __func__, sav)); 886 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 887 } else { 888 KEYDBG(IPSEC_STAMP, 889 printf("%s: SA not found\n", __func__)); 890 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 891 } 892 return (sav); 893 } 894 895 /* 896 * Allocating an SA entry for an *OUTBOUND* packet. 897 * OUT: positive: corresponding SA for given saidx found. 898 * NULL: SA not found, but will be acquired, check *error 899 * for acquiring status. 900 */ 901 struct secasvar * 902 key_allocsa_policy(struct secpolicy *sp, const struct secasindex *saidx, 903 int *error) 904 { 905 SAHTREE_RLOCK_TRACKER; 906 struct secashead *sah; 907 struct secasvar *sav; 908 909 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 910 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || 911 saidx->mode == IPSEC_MODE_TUNNEL, 912 ("unexpected policy %u", saidx->mode)); 913 914 /* 915 * We check new SA in the IPsec request because a different 916 * SA may be involved each time this request is checked, either 917 * because new SAs are being configured, or this request is 918 * associated with an unconnected datagram socket, or this request 919 * is associated with a system default policy. 920 */ 921 SAHTREE_RLOCK(); 922 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 923 KEYDBG(IPSEC_DUMP, 924 printf("%s: checking SAH\n", __func__); 925 kdebug_secash(sah, " ")); 926 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) 927 break; 928 929 } 930 if (sah != NULL) { 931 /* 932 * Allocate the oldest SA available according to 933 * draft-jenkins-ipsec-rekeying-03. 934 */ 935 if (V_key_preferred_oldsa) 936 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 937 else 938 sav = TAILQ_FIRST(&sah->savtree_alive); 939 if (sav != NULL) 940 SAV_ADDREF(sav); 941 } else 942 sav = NULL; 943 SAHTREE_RUNLOCK(); 944 945 if (sav != NULL) { 946 *error = 0; 947 KEYDBG(IPSEC_STAMP, 948 printf("%s: chosen SA(%p) for SP(%p)\n", __func__, 949 sav, sp)); 950 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 951 return (sav); /* return referenced SA */ 952 } 953 954 /* there is no SA */ 955 *error = key_acquire(saidx, sp); 956 if ((*error) != 0) 957 ipseclog((LOG_DEBUG, 958 "%s: error %d returned from key_acquire()\n", 959 __func__, *error)); 960 KEYDBG(IPSEC_STAMP, 961 printf("%s: acquire SA for SP(%p), error %d\n", 962 __func__, sp, *error)); 963 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 964 return (NULL); 965 } 966 967 /* 968 * allocating a usable SA entry for a *INBOUND* packet. 969 * Must call key_freesav() later. 970 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state). 971 * NULL: not found, or error occurred. 972 * 973 * According to RFC 2401 SA is uniquely identified by a triple SPI, 974 * destination address, and security protocol. But according to RFC 4301, 975 * SPI by itself suffices to specify an SA. 976 * 977 * Note that, however, we do need to keep source address in IPsec SA. 978 * IKE specification and PF_KEY specification do assume that we 979 * keep source address in IPsec SA. We see a tricky situation here. 980 */ 981 struct secasvar * 982 key_allocsa(union sockaddr_union *dst, uint8_t proto, uint32_t spi) 983 { 984 SAHTREE_RLOCK_TRACKER; 985 struct secasvar *sav; 986 987 IPSEC_ASSERT(proto == IPPROTO_ESP || proto == IPPROTO_AH || 988 proto == IPPROTO_IPCOMP, ("unexpected security protocol %u", 989 proto)); 990 991 SAHTREE_RLOCK(); 992 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 993 if (sav->spi == spi) 994 break; 995 } 996 /* 997 * We use single SPI namespace for all protocols, so it is 998 * impossible to have SPI duplicates in the SAVHASH. 999 */ 1000 if (sav != NULL) { 1001 if (sav->state != SADB_SASTATE_LARVAL && 1002 sav->sah->saidx.proto == proto && 1003 key_sockaddrcmp(&dst->sa, 1004 &sav->sah->saidx.dst.sa, 0) == 0) 1005 SAV_ADDREF(sav); 1006 else 1007 sav = NULL; 1008 } 1009 SAHTREE_RUNLOCK(); 1010 1011 if (sav == NULL) { 1012 KEYDBG(IPSEC_STAMP, 1013 char buf[IPSEC_ADDRSTRLEN]; 1014 printf("%s: SA not found for spi %u proto %u dst %s\n", 1015 __func__, ntohl(spi), proto, ipsec_address(dst, buf, 1016 sizeof(buf)))); 1017 } else { 1018 KEYDBG(IPSEC_STAMP, 1019 printf("%s: return SA(%p)\n", __func__, sav)); 1020 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1021 } 1022 return (sav); 1023 } 1024 1025 struct secasvar * 1026 key_allocsa_tunnel(union sockaddr_union *src, union sockaddr_union *dst, 1027 uint8_t proto) 1028 { 1029 SAHTREE_RLOCK_TRACKER; 1030 struct secasindex saidx; 1031 struct secashead *sah; 1032 struct secasvar *sav; 1033 1034 IPSEC_ASSERT(src != NULL, ("null src address")); 1035 IPSEC_ASSERT(dst != NULL, ("null dst address")); 1036 1037 KEY_SETSECASIDX(proto, IPSEC_MODE_TUNNEL, 0, &src->sa, 1038 &dst->sa, &saidx); 1039 1040 sav = NULL; 1041 SAHTREE_RLOCK(); 1042 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 1043 if (IPSEC_MODE_TUNNEL != sah->saidx.mode) 1044 continue; 1045 if (proto != sah->saidx.proto) 1046 continue; 1047 if (key_sockaddrcmp(&src->sa, &sah->saidx.src.sa, 0) != 0) 1048 continue; 1049 if (key_sockaddrcmp(&dst->sa, &sah->saidx.dst.sa, 0) != 0) 1050 continue; 1051 /* XXXAE: is key_preferred_oldsa reasonably?*/ 1052 if (V_key_preferred_oldsa) 1053 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1054 else 1055 sav = TAILQ_FIRST(&sah->savtree_alive); 1056 if (sav != NULL) { 1057 SAV_ADDREF(sav); 1058 break; 1059 } 1060 } 1061 SAHTREE_RUNLOCK(); 1062 KEYDBG(IPSEC_STAMP, 1063 printf("%s: return SA(%p)\n", __func__, sav)); 1064 if (sav != NULL) 1065 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1066 return (sav); 1067 } 1068 1069 /* 1070 * Must be called after calling key_allocsp(). 1071 */ 1072 void 1073 key_freesp(struct secpolicy **spp) 1074 { 1075 struct secpolicy *sp = *spp; 1076 1077 IPSEC_ASSERT(sp != NULL, ("null sp")); 1078 if (SP_DELREF(sp) == 0) 1079 return; 1080 1081 KEYDBG(IPSEC_STAMP, 1082 printf("%s: last reference to SP(%p)\n", __func__, sp)); 1083 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 1084 1085 *spp = NULL; 1086 while (sp->tcount > 0) 1087 ipsec_delisr(sp->req[--sp->tcount]); 1088 free(sp, M_IPSEC_SP); 1089 } 1090 1091 static void 1092 key_unlink(struct secpolicy *sp) 1093 { 1094 1095 IPSEC_ASSERT(sp->spidx.dir == IPSEC_DIR_INBOUND || 1096 sp->spidx.dir == IPSEC_DIR_OUTBOUND, 1097 ("invalid direction %u", sp->spidx.dir)); 1098 SPTREE_UNLOCK_ASSERT(); 1099 1100 KEYDBG(KEY_STAMP, 1101 printf("%s: SP(%p)\n", __func__, sp)); 1102 SPTREE_WLOCK(); 1103 if (sp->state != IPSEC_SPSTATE_ALIVE) { 1104 /* SP is already unlinked */ 1105 SPTREE_WUNLOCK(); 1106 return; 1107 } 1108 sp->state = IPSEC_SPSTATE_DEAD; 1109 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 1110 LIST_REMOVE(sp, idhash); 1111 V_sp_genid++; 1112 SPTREE_WUNLOCK(); 1113 key_freesp(&sp); 1114 } 1115 1116 /* 1117 * insert a secpolicy into the SP database. Lower priorities first 1118 */ 1119 static void 1120 key_insertsp(struct secpolicy *newsp) 1121 { 1122 struct secpolicy *sp; 1123 1124 SPTREE_WLOCK_ASSERT(); 1125 TAILQ_FOREACH(sp, &V_sptree[newsp->spidx.dir], chain) { 1126 if (newsp->priority < sp->priority) { 1127 TAILQ_INSERT_BEFORE(sp, newsp, chain); 1128 goto done; 1129 } 1130 } 1131 TAILQ_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, chain); 1132 done: 1133 LIST_INSERT_HEAD(SPHASH_HASH(newsp->id), newsp, idhash); 1134 newsp->state = IPSEC_SPSTATE_ALIVE; 1135 V_sp_genid++; 1136 } 1137 1138 /* 1139 * Insert a bunch of VTI secpolicies into the SPDB. 1140 * We keep VTI policies in the separate list due to following reasons: 1141 * 1) they should be immutable to user's or some deamon's attempts to 1142 * delete. The only way delete such policies - destroy or unconfigure 1143 * corresponding virtual inteface. 1144 * 2) such policies have traffic selector that matches all traffic per 1145 * address family. 1146 * Since all VTI policies have the same priority, we don't care about 1147 * policies order. 1148 */ 1149 int 1150 key_register_ifnet(struct secpolicy **spp, u_int count) 1151 { 1152 struct mbuf *m; 1153 u_int i; 1154 1155 SPTREE_WLOCK(); 1156 /* 1157 * First of try to acquire id for each SP. 1158 */ 1159 for (i = 0; i < count; i++) { 1160 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1161 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1162 ("invalid direction %u", spp[i]->spidx.dir)); 1163 1164 if ((spp[i]->id = key_getnewspid()) == 0) { 1165 SPTREE_WUNLOCK(); 1166 return (EAGAIN); 1167 } 1168 } 1169 for (i = 0; i < count; i++) { 1170 TAILQ_INSERT_TAIL(&V_sptree_ifnet[spp[i]->spidx.dir], 1171 spp[i], chain); 1172 /* 1173 * NOTE: despite the fact that we keep VTI SP in the 1174 * separate list, SPHASH contains policies from both 1175 * sources. Thus SADB_X_SPDGET will correctly return 1176 * SP by id, because it uses SPHASH for lookups. 1177 */ 1178 LIST_INSERT_HEAD(SPHASH_HASH(spp[i]->id), spp[i], idhash); 1179 spp[i]->state = IPSEC_SPSTATE_IFNET; 1180 } 1181 SPTREE_WUNLOCK(); 1182 /* 1183 * Notify user processes about new SP. 1184 */ 1185 for (i = 0; i < count; i++) { 1186 m = key_setdumpsp(spp[i], SADB_X_SPDADD, 0, 0); 1187 if (m != NULL) 1188 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1189 } 1190 return (0); 1191 } 1192 1193 void 1194 key_unregister_ifnet(struct secpolicy **spp, u_int count) 1195 { 1196 struct mbuf *m; 1197 u_int i; 1198 1199 SPTREE_WLOCK(); 1200 for (i = 0; i < count; i++) { 1201 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1202 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1203 ("invalid direction %u", spp[i]->spidx.dir)); 1204 1205 if (spp[i]->state != IPSEC_SPSTATE_IFNET) 1206 continue; 1207 spp[i]->state = IPSEC_SPSTATE_DEAD; 1208 TAILQ_REMOVE(&V_sptree_ifnet[spp[i]->spidx.dir], 1209 spp[i], chain); 1210 LIST_REMOVE(spp[i], idhash); 1211 } 1212 SPTREE_WUNLOCK(); 1213 1214 for (i = 0; i < count; i++) { 1215 m = key_setdumpsp(spp[i], SADB_X_SPDDELETE, 0, 0); 1216 if (m != NULL) 1217 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1218 } 1219 } 1220 1221 /* 1222 * Must be called after calling key_allocsa(). 1223 * This function is called by key_freesp() to free some SA allocated 1224 * for a policy. 1225 */ 1226 void 1227 key_freesav(struct secasvar **psav) 1228 { 1229 struct secasvar *sav = *psav; 1230 1231 IPSEC_ASSERT(sav != NULL, ("null sav")); 1232 if (SAV_DELREF(sav) == 0) 1233 return; 1234 1235 KEYDBG(IPSEC_STAMP, 1236 printf("%s: last reference to SA(%p)\n", __func__, sav)); 1237 1238 *psav = NULL; 1239 key_delsav(sav); 1240 } 1241 1242 /* 1243 * Unlink SA from SAH and SPI hash under SAHTREE_WLOCK. 1244 * Expect that SA has extra reference due to lookup. 1245 * Release this references, also release SAH reference after unlink. 1246 */ 1247 static void 1248 key_unlinksav(struct secasvar *sav) 1249 { 1250 struct secashead *sah; 1251 1252 KEYDBG(KEY_STAMP, 1253 printf("%s: SA(%p)\n", __func__, sav)); 1254 1255 SAHTREE_UNLOCK_ASSERT(); 1256 SAHTREE_WLOCK(); 1257 if (sav->state == SADB_SASTATE_DEAD) { 1258 /* SA is already unlinked */ 1259 SAHTREE_WUNLOCK(); 1260 return; 1261 } 1262 /* Unlink from SAH */ 1263 if (sav->state == SADB_SASTATE_LARVAL) 1264 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 1265 else 1266 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 1267 /* Unlink from SPI hash */ 1268 LIST_REMOVE(sav, spihash); 1269 sav->state = SADB_SASTATE_DEAD; 1270 sah = sav->sah; 1271 SAHTREE_WUNLOCK(); 1272 key_freesav(&sav); 1273 /* Since we are unlinked, release reference to SAH */ 1274 key_freesah(&sah); 1275 } 1276 1277 /* %%% SPD management */ 1278 /* 1279 * search SPD 1280 * OUT: NULL : not found 1281 * others : found, pointer to a SP. 1282 */ 1283 static struct secpolicy * 1284 key_getsp(struct secpolicyindex *spidx) 1285 { 1286 SPTREE_RLOCK_TRACKER; 1287 struct secpolicy *sp; 1288 1289 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 1290 1291 SPTREE_RLOCK(); 1292 TAILQ_FOREACH(sp, &V_sptree[spidx->dir], chain) { 1293 if (key_cmpspidx_exactly(spidx, &sp->spidx)) { 1294 SP_ADDREF(sp); 1295 break; 1296 } 1297 } 1298 SPTREE_RUNLOCK(); 1299 1300 return sp; 1301 } 1302 1303 /* 1304 * get SP by index. 1305 * OUT: NULL : not found 1306 * others : found, pointer to referenced SP. 1307 */ 1308 static struct secpolicy * 1309 key_getspbyid(uint32_t id) 1310 { 1311 SPTREE_RLOCK_TRACKER; 1312 struct secpolicy *sp; 1313 1314 SPTREE_RLOCK(); 1315 LIST_FOREACH(sp, SPHASH_HASH(id), idhash) { 1316 if (sp->id == id) { 1317 SP_ADDREF(sp); 1318 break; 1319 } 1320 } 1321 SPTREE_RUNLOCK(); 1322 return (sp); 1323 } 1324 1325 struct secpolicy * 1326 key_newsp(void) 1327 { 1328 struct secpolicy *sp; 1329 1330 sp = malloc(sizeof(*sp), M_IPSEC_SP, M_NOWAIT | M_ZERO); 1331 if (sp != NULL) 1332 SP_INITREF(sp); 1333 return (sp); 1334 } 1335 1336 struct ipsecrequest * 1337 ipsec_newisr(void) 1338 { 1339 1340 return (malloc(sizeof(struct ipsecrequest), M_IPSEC_SR, 1341 M_NOWAIT | M_ZERO)); 1342 } 1343 1344 void 1345 ipsec_delisr(struct ipsecrequest *p) 1346 { 1347 1348 free(p, M_IPSEC_SR); 1349 } 1350 1351 /* 1352 * create secpolicy structure from sadb_x_policy structure. 1353 * NOTE: `state', `secpolicyindex' and 'id' in secpolicy structure 1354 * are not set, so must be set properly later. 1355 */ 1356 struct secpolicy * 1357 key_msg2sp(struct sadb_x_policy *xpl0, size_t len, int *error) 1358 { 1359 struct secpolicy *newsp; 1360 1361 IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); 1362 IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len)); 1363 1364 if (len != PFKEY_EXTLEN(xpl0)) { 1365 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__)); 1366 *error = EINVAL; 1367 return NULL; 1368 } 1369 1370 if ((newsp = key_newsp()) == NULL) { 1371 *error = ENOBUFS; 1372 return NULL; 1373 } 1374 1375 newsp->spidx.dir = xpl0->sadb_x_policy_dir; 1376 newsp->policy = xpl0->sadb_x_policy_type; 1377 newsp->priority = xpl0->sadb_x_policy_priority; 1378 newsp->tcount = 0; 1379 1380 /* check policy */ 1381 switch (xpl0->sadb_x_policy_type) { 1382 case IPSEC_POLICY_DISCARD: 1383 case IPSEC_POLICY_NONE: 1384 case IPSEC_POLICY_ENTRUST: 1385 case IPSEC_POLICY_BYPASS: 1386 break; 1387 1388 case IPSEC_POLICY_IPSEC: 1389 { 1390 struct sadb_x_ipsecrequest *xisr; 1391 struct ipsecrequest *isr; 1392 int tlen; 1393 1394 /* validity check */ 1395 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { 1396 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", 1397 __func__)); 1398 key_freesp(&newsp); 1399 *error = EINVAL; 1400 return NULL; 1401 } 1402 1403 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); 1404 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1); 1405 1406 while (tlen > 0) { 1407 /* length check */ 1408 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr) || 1409 xisr->sadb_x_ipsecrequest_len > tlen) { 1410 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest " 1411 "length.\n", __func__)); 1412 key_freesp(&newsp); 1413 *error = EINVAL; 1414 return NULL; 1415 } 1416 1417 if (newsp->tcount >= IPSEC_MAXREQ) { 1418 ipseclog((LOG_DEBUG, 1419 "%s: too many ipsecrequests.\n", 1420 __func__)); 1421 key_freesp(&newsp); 1422 *error = EINVAL; 1423 return (NULL); 1424 } 1425 1426 /* allocate request buffer */ 1427 /* NB: data structure is zero'd */ 1428 isr = ipsec_newisr(); 1429 if (isr == NULL) { 1430 ipseclog((LOG_DEBUG, 1431 "%s: No more memory.\n", __func__)); 1432 key_freesp(&newsp); 1433 *error = ENOBUFS; 1434 return NULL; 1435 } 1436 1437 newsp->req[newsp->tcount++] = isr; 1438 1439 /* set values */ 1440 switch (xisr->sadb_x_ipsecrequest_proto) { 1441 case IPPROTO_ESP: 1442 case IPPROTO_AH: 1443 case IPPROTO_IPCOMP: 1444 break; 1445 default: 1446 ipseclog((LOG_DEBUG, 1447 "%s: invalid proto type=%u\n", __func__, 1448 xisr->sadb_x_ipsecrequest_proto)); 1449 key_freesp(&newsp); 1450 *error = EPROTONOSUPPORT; 1451 return NULL; 1452 } 1453 isr->saidx.proto = 1454 (uint8_t)xisr->sadb_x_ipsecrequest_proto; 1455 1456 switch (xisr->sadb_x_ipsecrequest_mode) { 1457 case IPSEC_MODE_TRANSPORT: 1458 case IPSEC_MODE_TUNNEL: 1459 break; 1460 case IPSEC_MODE_ANY: 1461 default: 1462 ipseclog((LOG_DEBUG, 1463 "%s: invalid mode=%u\n", __func__, 1464 xisr->sadb_x_ipsecrequest_mode)); 1465 key_freesp(&newsp); 1466 *error = EINVAL; 1467 return NULL; 1468 } 1469 isr->saidx.mode = xisr->sadb_x_ipsecrequest_mode; 1470 1471 switch (xisr->sadb_x_ipsecrequest_level) { 1472 case IPSEC_LEVEL_DEFAULT: 1473 case IPSEC_LEVEL_USE: 1474 case IPSEC_LEVEL_REQUIRE: 1475 break; 1476 case IPSEC_LEVEL_UNIQUE: 1477 /* validity check */ 1478 /* 1479 * If range violation of reqid, kernel will 1480 * update it, don't refuse it. 1481 */ 1482 if (xisr->sadb_x_ipsecrequest_reqid 1483 > IPSEC_MANUAL_REQID_MAX) { 1484 ipseclog((LOG_DEBUG, 1485 "%s: reqid=%d range " 1486 "violation, updated by kernel.\n", 1487 __func__, 1488 xisr->sadb_x_ipsecrequest_reqid)); 1489 xisr->sadb_x_ipsecrequest_reqid = 0; 1490 } 1491 1492 /* allocate new reqid id if reqid is zero. */ 1493 if (xisr->sadb_x_ipsecrequest_reqid == 0) { 1494 u_int32_t reqid; 1495 if ((reqid = key_newreqid()) == 0) { 1496 key_freesp(&newsp); 1497 *error = ENOBUFS; 1498 return NULL; 1499 } 1500 isr->saidx.reqid = reqid; 1501 xisr->sadb_x_ipsecrequest_reqid = reqid; 1502 } else { 1503 /* set it for manual keying. */ 1504 isr->saidx.reqid = 1505 xisr->sadb_x_ipsecrequest_reqid; 1506 } 1507 break; 1508 1509 default: 1510 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n", 1511 __func__, 1512 xisr->sadb_x_ipsecrequest_level)); 1513 key_freesp(&newsp); 1514 *error = EINVAL; 1515 return NULL; 1516 } 1517 isr->level = xisr->sadb_x_ipsecrequest_level; 1518 1519 /* set IP addresses if there */ 1520 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 1521 struct sockaddr *paddr; 1522 1523 len = tlen - sizeof(*xisr); 1524 paddr = (struct sockaddr *)(xisr + 1); 1525 /* validity check */ 1526 if (len < sizeof(struct sockaddr) || 1527 len < 2 * paddr->sa_len || 1528 paddr->sa_len > sizeof(isr->saidx.src)) { 1529 ipseclog((LOG_DEBUG, "%s: invalid " 1530 "request address length.\n", 1531 __func__)); 1532 key_freesp(&newsp); 1533 *error = EINVAL; 1534 return NULL; 1535 } 1536 /* 1537 * Request length should be enough to keep 1538 * source and destination addresses. 1539 */ 1540 if (xisr->sadb_x_ipsecrequest_len < 1541 sizeof(*xisr) + 2 * paddr->sa_len) { 1542 ipseclog((LOG_DEBUG, "%s: invalid " 1543 "ipsecrequest length.\n", 1544 __func__)); 1545 key_freesp(&newsp); 1546 *error = EINVAL; 1547 return (NULL); 1548 } 1549 bcopy(paddr, &isr->saidx.src, paddr->sa_len); 1550 paddr = (struct sockaddr *)((caddr_t)paddr + 1551 paddr->sa_len); 1552 1553 /* validity check */ 1554 if (paddr->sa_len != 1555 isr->saidx.src.sa.sa_len) { 1556 ipseclog((LOG_DEBUG, "%s: invalid " 1557 "request address length.\n", 1558 __func__)); 1559 key_freesp(&newsp); 1560 *error = EINVAL; 1561 return NULL; 1562 } 1563 /* AF family should match */ 1564 if (paddr->sa_family != 1565 isr->saidx.src.sa.sa_family) { 1566 ipseclog((LOG_DEBUG, "%s: address " 1567 "family doesn't match.\n", 1568 __func__)); 1569 key_freesp(&newsp); 1570 *error = EINVAL; 1571 return (NULL); 1572 } 1573 bcopy(paddr, &isr->saidx.dst, paddr->sa_len); 1574 } else { 1575 /* 1576 * Addresses for TUNNEL mode requests are 1577 * mandatory. 1578 */ 1579 if (isr->saidx.mode == IPSEC_MODE_TUNNEL) { 1580 ipseclog((LOG_DEBUG, "%s: missing " 1581 "request addresses.\n", __func__)); 1582 key_freesp(&newsp); 1583 *error = EINVAL; 1584 return (NULL); 1585 } 1586 } 1587 tlen -= xisr->sadb_x_ipsecrequest_len; 1588 1589 /* validity check */ 1590 if (tlen < 0) { 1591 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n", 1592 __func__)); 1593 key_freesp(&newsp); 1594 *error = EINVAL; 1595 return NULL; 1596 } 1597 1598 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 1599 + xisr->sadb_x_ipsecrequest_len); 1600 } 1601 /* XXXAE: LARVAL SP */ 1602 if (newsp->tcount < 1) { 1603 ipseclog((LOG_DEBUG, "%s: valid IPSEC transforms " 1604 "not found.\n", __func__)); 1605 key_freesp(&newsp); 1606 *error = EINVAL; 1607 return (NULL); 1608 } 1609 } 1610 break; 1611 default: 1612 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 1613 key_freesp(&newsp); 1614 *error = EINVAL; 1615 return NULL; 1616 } 1617 1618 *error = 0; 1619 return (newsp); 1620 } 1621 1622 uint32_t 1623 key_newreqid(void) 1624 { 1625 static uint32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1626 1627 if (auto_reqid == ~0) 1628 auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1629 else 1630 auto_reqid++; 1631 1632 /* XXX should be unique check */ 1633 return (auto_reqid); 1634 } 1635 1636 /* 1637 * copy secpolicy struct to sadb_x_policy structure indicated. 1638 */ 1639 static struct mbuf * 1640 key_sp2mbuf(struct secpolicy *sp) 1641 { 1642 struct mbuf *m; 1643 size_t tlen; 1644 1645 tlen = key_getspreqmsglen(sp); 1646 m = m_get2(tlen, M_NOWAIT, MT_DATA, 0); 1647 if (m == NULL) 1648 return (NULL); 1649 m_align(m, tlen); 1650 m->m_len = tlen; 1651 if (key_sp2msg(sp, m->m_data, &tlen) != 0) { 1652 m_freem(m); 1653 return (NULL); 1654 } 1655 return (m); 1656 } 1657 1658 int 1659 key_sp2msg(struct secpolicy *sp, void *request, size_t *len) 1660 { 1661 struct sadb_x_ipsecrequest *xisr; 1662 struct sadb_x_policy *xpl; 1663 struct ipsecrequest *isr; 1664 size_t xlen, ilen; 1665 caddr_t p; 1666 int error, i; 1667 1668 IPSEC_ASSERT(sp != NULL, ("null policy")); 1669 1670 xlen = sizeof(*xpl); 1671 if (*len < xlen) 1672 return (EINVAL); 1673 1674 error = 0; 1675 bzero(request, *len); 1676 xpl = (struct sadb_x_policy *)request; 1677 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1678 xpl->sadb_x_policy_type = sp->policy; 1679 xpl->sadb_x_policy_dir = sp->spidx.dir; 1680 xpl->sadb_x_policy_id = sp->id; 1681 xpl->sadb_x_policy_priority = sp->priority; 1682 switch (sp->state) { 1683 case IPSEC_SPSTATE_IFNET: 1684 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_IFNET; 1685 break; 1686 case IPSEC_SPSTATE_PCB: 1687 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_PCB; 1688 break; 1689 default: 1690 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_GLOBAL; 1691 } 1692 1693 /* if is the policy for ipsec ? */ 1694 if (sp->policy == IPSEC_POLICY_IPSEC) { 1695 p = (caddr_t)xpl + sizeof(*xpl); 1696 for (i = 0; i < sp->tcount; i++) { 1697 isr = sp->req[i]; 1698 ilen = PFKEY_ALIGN8(sizeof(*xisr) + 1699 isr->saidx.src.sa.sa_len + 1700 isr->saidx.dst.sa.sa_len); 1701 xlen += ilen; 1702 if (xlen > *len) { 1703 error = ENOBUFS; 1704 /* Calculate needed size */ 1705 continue; 1706 } 1707 xisr = (struct sadb_x_ipsecrequest *)p; 1708 xisr->sadb_x_ipsecrequest_len = ilen; 1709 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 1710 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 1711 xisr->sadb_x_ipsecrequest_level = isr->level; 1712 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; 1713 1714 p += sizeof(*xisr); 1715 bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len); 1716 p += isr->saidx.src.sa.sa_len; 1717 bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len); 1718 p += isr->saidx.dst.sa.sa_len; 1719 } 1720 } 1721 xpl->sadb_x_policy_len = PFKEY_UNIT64(xlen); 1722 if (error == 0) 1723 *len = xlen; 1724 else 1725 *len = sizeof(*xpl); 1726 return (error); 1727 } 1728 1729 /* m will not be freed nor modified */ 1730 static struct mbuf * 1731 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, 1732 int ndeep, int nitem, ...) 1733 { 1734 va_list ap; 1735 int idx; 1736 int i; 1737 struct mbuf *result = NULL, *n; 1738 int len; 1739 1740 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1741 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1742 1743 va_start(ap, nitem); 1744 for (i = 0; i < nitem; i++) { 1745 idx = va_arg(ap, int); 1746 if (idx < 0 || idx > SADB_EXT_MAX) 1747 goto fail; 1748 /* don't attempt to pull empty extension */ 1749 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) 1750 continue; 1751 if (idx != SADB_EXT_RESERVED && 1752 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) 1753 continue; 1754 1755 if (idx == SADB_EXT_RESERVED) { 1756 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 1757 1758 IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len)); 1759 1760 MGETHDR(n, M_NOWAIT, MT_DATA); 1761 if (!n) 1762 goto fail; 1763 n->m_len = len; 1764 n->m_next = NULL; 1765 m_copydata(m, 0, sizeof(struct sadb_msg), 1766 mtod(n, caddr_t)); 1767 } else if (i < ndeep) { 1768 len = mhp->extlen[idx]; 1769 n = m_get2(len, M_NOWAIT, MT_DATA, 0); 1770 if (n == NULL) 1771 goto fail; 1772 m_align(n, len); 1773 n->m_len = len; 1774 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], 1775 mtod(n, caddr_t)); 1776 } else { 1777 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], 1778 M_NOWAIT); 1779 } 1780 if (n == NULL) 1781 goto fail; 1782 1783 if (result) 1784 m_cat(result, n); 1785 else 1786 result = n; 1787 } 1788 va_end(ap); 1789 1790 if ((result->m_flags & M_PKTHDR) != 0) { 1791 result->m_pkthdr.len = 0; 1792 for (n = result; n; n = n->m_next) 1793 result->m_pkthdr.len += n->m_len; 1794 } 1795 1796 return result; 1797 1798 fail: 1799 m_freem(result); 1800 va_end(ap); 1801 return NULL; 1802 } 1803 1804 /* 1805 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing 1806 * add an entry to SP database, when received 1807 * <base, address(SD), (lifetime(H),) policy> 1808 * from the user(?). 1809 * Adding to SP database, 1810 * and send 1811 * <base, address(SD), (lifetime(H),) policy> 1812 * to the socket which was send. 1813 * 1814 * SPDADD set a unique policy entry. 1815 * SPDSETIDX like SPDADD without a part of policy requests. 1816 * SPDUPDATE replace a unique policy entry. 1817 * 1818 * XXXAE: serialize this in PF_KEY to avoid races. 1819 * m will always be freed. 1820 */ 1821 static int 1822 key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 1823 { 1824 struct secpolicyindex spidx; 1825 struct sadb_address *src0, *dst0; 1826 struct sadb_x_policy *xpl0, *xpl; 1827 struct sadb_lifetime *lft = NULL; 1828 struct secpolicy *newsp; 1829 int error; 1830 1831 IPSEC_ASSERT(so != NULL, ("null socket")); 1832 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1833 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1834 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 1835 1836 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 1837 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 1838 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 1839 ipseclog((LOG_DEBUG, 1840 "%s: invalid message: missing required header.\n", 1841 __func__)); 1842 return key_senderror(so, m, EINVAL); 1843 } 1844 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 1845 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 1846 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 1847 ipseclog((LOG_DEBUG, 1848 "%s: invalid message: wrong header size.\n", __func__)); 1849 return key_senderror(so, m, EINVAL); 1850 } 1851 if (!SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD)) { 1852 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD)) { 1853 ipseclog((LOG_DEBUG, 1854 "%s: invalid message: wrong header size.\n", 1855 __func__)); 1856 return key_senderror(so, m, EINVAL); 1857 } 1858 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 1859 } 1860 1861 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 1862 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 1863 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 1864 1865 /* check the direciton */ 1866 switch (xpl0->sadb_x_policy_dir) { 1867 case IPSEC_DIR_INBOUND: 1868 case IPSEC_DIR_OUTBOUND: 1869 break; 1870 default: 1871 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 1872 return key_senderror(so, m, EINVAL); 1873 } 1874 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */ 1875 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 1876 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 1877 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 1878 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 1879 return key_senderror(so, m, EINVAL); 1880 } 1881 1882 /* policy requests are mandatory when action is ipsec. */ 1883 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 1884 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { 1885 ipseclog((LOG_DEBUG, 1886 "%s: policy requests required.\n", __func__)); 1887 return key_senderror(so, m, EINVAL); 1888 } 1889 1890 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 1891 (struct sockaddr *)(dst0 + 1)); 1892 if (error != 0 || 1893 src0->sadb_address_proto != dst0->sadb_address_proto) { 1894 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 1895 return key_senderror(so, m, error); 1896 } 1897 /* make secindex */ 1898 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 1899 src0 + 1, 1900 dst0 + 1, 1901 src0->sadb_address_prefixlen, 1902 dst0->sadb_address_prefixlen, 1903 src0->sadb_address_proto, 1904 &spidx); 1905 /* Checking there is SP already or not. */ 1906 newsp = key_getsp(&spidx); 1907 if (newsp != NULL) { 1908 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 1909 KEYDBG(KEY_STAMP, 1910 printf("%s: unlink SP(%p) for SPDUPDATE\n", 1911 __func__, newsp)); 1912 KEYDBG(KEY_DATA, kdebug_secpolicy(newsp)); 1913 key_unlink(newsp); 1914 key_freesp(&newsp); 1915 } else { 1916 key_freesp(&newsp); 1917 ipseclog((LOG_DEBUG, "%s: a SP entry exists already.", 1918 __func__)); 1919 return (key_senderror(so, m, EEXIST)); 1920 } 1921 } 1922 1923 /* allocate new SP entry */ 1924 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) { 1925 return key_senderror(so, m, error); 1926 } 1927 1928 newsp->lastused = newsp->created = time_second; 1929 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; 1930 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; 1931 bcopy(&spidx, &newsp->spidx, sizeof(spidx)); 1932 1933 /* XXXAE: there is race between key_getsp() and key_insertsp() */ 1934 SPTREE_WLOCK(); 1935 if ((newsp->id = key_getnewspid()) == 0) { 1936 SPTREE_WUNLOCK(); 1937 key_freesp(&newsp); 1938 return key_senderror(so, m, ENOBUFS); 1939 } 1940 key_insertsp(newsp); 1941 SPTREE_WUNLOCK(); 1942 1943 KEYDBG(KEY_STAMP, 1944 printf("%s: SP(%p)\n", __func__, newsp)); 1945 KEYDBG(KEY_DATA, kdebug_secpolicy(newsp)); 1946 1947 { 1948 struct mbuf *n, *mpolicy; 1949 struct sadb_msg *newmsg; 1950 int off; 1951 1952 /* create new sadb_msg to reply. */ 1953 if (lft) { 1954 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, 1955 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, 1956 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 1957 } else { 1958 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, 1959 SADB_X_EXT_POLICY, 1960 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 1961 } 1962 if (!n) 1963 return key_senderror(so, m, ENOBUFS); 1964 1965 if (n->m_len < sizeof(*newmsg)) { 1966 n = m_pullup(n, sizeof(*newmsg)); 1967 if (!n) 1968 return key_senderror(so, m, ENOBUFS); 1969 } 1970 newmsg = mtod(n, struct sadb_msg *); 1971 newmsg->sadb_msg_errno = 0; 1972 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 1973 1974 off = 0; 1975 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), 1976 sizeof(*xpl), &off); 1977 if (mpolicy == NULL) { 1978 /* n is already freed */ 1979 return key_senderror(so, m, ENOBUFS); 1980 } 1981 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off); 1982 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { 1983 m_freem(n); 1984 return key_senderror(so, m, EINVAL); 1985 } 1986 xpl->sadb_x_policy_id = newsp->id; 1987 1988 m_freem(m); 1989 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 1990 } 1991 } 1992 1993 /* 1994 * get new policy id. 1995 * OUT: 1996 * 0: failure. 1997 * others: success. 1998 */ 1999 static uint32_t 2000 key_getnewspid(void) 2001 { 2002 struct secpolicy *sp; 2003 uint32_t newid = 0; 2004 int count = V_key_spi_trycnt; /* XXX */ 2005 2006 SPTREE_WLOCK_ASSERT(); 2007 while (count--) { 2008 if (V_policy_id == ~0) /* overflowed */ 2009 newid = V_policy_id = 1; 2010 else 2011 newid = ++V_policy_id; 2012 LIST_FOREACH(sp, SPHASH_HASH(newid), idhash) { 2013 if (sp->id == newid) 2014 break; 2015 } 2016 if (sp == NULL) 2017 break; 2018 } 2019 if (count == 0 || newid == 0) { 2020 ipseclog((LOG_DEBUG, "%s: failed to allocate policy id.\n", 2021 __func__)); 2022 return (0); 2023 } 2024 return (newid); 2025 } 2026 2027 /* 2028 * SADB_SPDDELETE processing 2029 * receive 2030 * <base, address(SD), policy(*)> 2031 * from the user(?), and set SADB_SASTATE_DEAD, 2032 * and send, 2033 * <base, address(SD), policy(*)> 2034 * to the ikmpd. 2035 * policy(*) including direction of policy. 2036 * 2037 * m will always be freed. 2038 */ 2039 static int 2040 key_spddelete(struct socket *so, struct mbuf *m, 2041 const struct sadb_msghdr *mhp) 2042 { 2043 struct secpolicyindex spidx; 2044 struct sadb_address *src0, *dst0; 2045 struct sadb_x_policy *xpl0; 2046 struct secpolicy *sp; 2047 2048 IPSEC_ASSERT(so != NULL, ("null so")); 2049 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2050 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2051 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2052 2053 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 2054 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 2055 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 2056 ipseclog((LOG_DEBUG, 2057 "%s: invalid message: missing required header.\n", 2058 __func__)); 2059 return key_senderror(so, m, EINVAL); 2060 } 2061 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 2062 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 2063 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2064 ipseclog((LOG_DEBUG, 2065 "%s: invalid message: wrong header size.\n", __func__)); 2066 return key_senderror(so, m, EINVAL); 2067 } 2068 2069 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 2070 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2071 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2072 2073 /* check the direciton */ 2074 switch (xpl0->sadb_x_policy_dir) { 2075 case IPSEC_DIR_INBOUND: 2076 case IPSEC_DIR_OUTBOUND: 2077 break; 2078 default: 2079 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2080 return key_senderror(so, m, EINVAL); 2081 } 2082 /* Only DISCARD, NONE and IPSEC are allowed */ 2083 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2084 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2085 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2086 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2087 return key_senderror(so, m, EINVAL); 2088 } 2089 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 2090 (struct sockaddr *)(dst0 + 1)) != 0 || 2091 src0->sadb_address_proto != dst0->sadb_address_proto) { 2092 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2093 return key_senderror(so, m, EINVAL); 2094 } 2095 /* make secindex */ 2096 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2097 src0 + 1, 2098 dst0 + 1, 2099 src0->sadb_address_prefixlen, 2100 dst0->sadb_address_prefixlen, 2101 src0->sadb_address_proto, 2102 &spidx); 2103 2104 /* Is there SP in SPD ? */ 2105 if ((sp = key_getsp(&spidx)) == NULL) { 2106 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__)); 2107 return key_senderror(so, m, EINVAL); 2108 } 2109 2110 /* save policy id to buffer to be returned. */ 2111 xpl0->sadb_x_policy_id = sp->id; 2112 2113 KEYDBG(KEY_STAMP, 2114 printf("%s: SP(%p)\n", __func__, sp)); 2115 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2116 key_unlink(sp); 2117 key_freesp(&sp); 2118 2119 { 2120 struct mbuf *n; 2121 struct sadb_msg *newmsg; 2122 2123 /* create new sadb_msg to reply. */ 2124 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 2125 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2126 if (!n) 2127 return key_senderror(so, m, ENOBUFS); 2128 2129 newmsg = mtod(n, struct sadb_msg *); 2130 newmsg->sadb_msg_errno = 0; 2131 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2132 2133 m_freem(m); 2134 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2135 } 2136 } 2137 2138 /* 2139 * SADB_SPDDELETE2 processing 2140 * receive 2141 * <base, policy(*)> 2142 * from the user(?), and set SADB_SASTATE_DEAD, 2143 * and send, 2144 * <base, policy(*)> 2145 * to the ikmpd. 2146 * policy(*) including direction of policy. 2147 * 2148 * m will always be freed. 2149 */ 2150 static int 2151 key_spddelete2(struct socket *so, struct mbuf *m, 2152 const struct sadb_msghdr *mhp) 2153 { 2154 struct secpolicy *sp; 2155 uint32_t id; 2156 2157 IPSEC_ASSERT(so != NULL, ("null socket")); 2158 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2159 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2160 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2161 2162 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2163 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2164 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2165 __func__)); 2166 return key_senderror(so, m, EINVAL); 2167 } 2168 2169 id = ((struct sadb_x_policy *) 2170 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2171 2172 /* Is there SP in SPD ? */ 2173 if ((sp = key_getspbyid(id)) == NULL) { 2174 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2175 __func__, id)); 2176 return key_senderror(so, m, EINVAL); 2177 } 2178 2179 KEYDBG(KEY_STAMP, 2180 printf("%s: SP(%p)\n", __func__, sp)); 2181 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2182 key_unlink(sp); 2183 if (sp->state != IPSEC_SPSTATE_DEAD) { 2184 ipseclog((LOG_DEBUG, "%s: failed to delete SP with id %u.\n", 2185 __func__, id)); 2186 key_freesp(&sp); 2187 return (key_senderror(so, m, EACCES)); 2188 } 2189 key_freesp(&sp); 2190 2191 { 2192 struct mbuf *n, *nn; 2193 struct sadb_msg *newmsg; 2194 int off, len; 2195 2196 /* create new sadb_msg to reply. */ 2197 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2198 2199 MGETHDR(n, M_NOWAIT, MT_DATA); 2200 if (n && len > MHLEN) { 2201 if (!(MCLGET(n, M_NOWAIT))) { 2202 m_freem(n); 2203 n = NULL; 2204 } 2205 } 2206 if (!n) 2207 return key_senderror(so, m, ENOBUFS); 2208 2209 n->m_len = len; 2210 n->m_next = NULL; 2211 off = 0; 2212 2213 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 2214 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2215 2216 IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)", 2217 off, len)); 2218 2219 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], 2220 mhp->extlen[SADB_X_EXT_POLICY], M_NOWAIT); 2221 if (!n->m_next) { 2222 m_freem(n); 2223 return key_senderror(so, m, ENOBUFS); 2224 } 2225 2226 n->m_pkthdr.len = 0; 2227 for (nn = n; nn; nn = nn->m_next) 2228 n->m_pkthdr.len += nn->m_len; 2229 2230 newmsg = mtod(n, struct sadb_msg *); 2231 newmsg->sadb_msg_errno = 0; 2232 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2233 2234 m_freem(m); 2235 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2236 } 2237 } 2238 2239 /* 2240 * SADB_X_SPDGET processing 2241 * receive 2242 * <base, policy(*)> 2243 * from the user(?), 2244 * and send, 2245 * <base, address(SD), policy> 2246 * to the ikmpd. 2247 * policy(*) including direction of policy. 2248 * 2249 * m will always be freed. 2250 */ 2251 static int 2252 key_spdget(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2253 { 2254 struct secpolicy *sp; 2255 struct mbuf *n; 2256 uint32_t id; 2257 2258 IPSEC_ASSERT(so != NULL, ("null socket")); 2259 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2260 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2261 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2262 2263 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2264 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2265 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2266 __func__)); 2267 return key_senderror(so, m, EINVAL); 2268 } 2269 2270 id = ((struct sadb_x_policy *) 2271 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2272 2273 /* Is there SP in SPD ? */ 2274 if ((sp = key_getspbyid(id)) == NULL) { 2275 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2276 __func__, id)); 2277 return key_senderror(so, m, ENOENT); 2278 } 2279 2280 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq, 2281 mhp->msg->sadb_msg_pid); 2282 key_freesp(&sp); 2283 if (n != NULL) { 2284 m_freem(m); 2285 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2286 } else 2287 return key_senderror(so, m, ENOBUFS); 2288 } 2289 2290 /* 2291 * SADB_X_SPDACQUIRE processing. 2292 * Acquire policy and SA(s) for a *OUTBOUND* packet. 2293 * send 2294 * <base, policy(*)> 2295 * to KMD, and expect to receive 2296 * <base> with SADB_X_SPDACQUIRE if error occurred, 2297 * or 2298 * <base, policy> 2299 * with SADB_X_SPDUPDATE from KMD by PF_KEY. 2300 * policy(*) is without policy requests. 2301 * 2302 * 0 : succeed 2303 * others: error number 2304 */ 2305 int 2306 key_spdacquire(struct secpolicy *sp) 2307 { 2308 struct mbuf *result = NULL, *m; 2309 struct secspacq *newspacq; 2310 2311 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2312 IPSEC_ASSERT(sp->req == NULL, ("policy exists")); 2313 IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, 2314 ("policy not IPSEC %u", sp->policy)); 2315 2316 /* Get an entry to check whether sent message or not. */ 2317 newspacq = key_getspacq(&sp->spidx); 2318 if (newspacq != NULL) { 2319 if (V_key_blockacq_count < newspacq->count) { 2320 /* reset counter and do send message. */ 2321 newspacq->count = 0; 2322 } else { 2323 /* increment counter and do nothing. */ 2324 newspacq->count++; 2325 SPACQ_UNLOCK(); 2326 return (0); 2327 } 2328 SPACQ_UNLOCK(); 2329 } else { 2330 /* make new entry for blocking to send SADB_ACQUIRE. */ 2331 newspacq = key_newspacq(&sp->spidx); 2332 if (newspacq == NULL) 2333 return ENOBUFS; 2334 } 2335 2336 /* create new sadb_msg to reply. */ 2337 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); 2338 if (!m) 2339 return ENOBUFS; 2340 2341 result = m; 2342 2343 result->m_pkthdr.len = 0; 2344 for (m = result; m; m = m->m_next) 2345 result->m_pkthdr.len += m->m_len; 2346 2347 mtod(result, struct sadb_msg *)->sadb_msg_len = 2348 PFKEY_UNIT64(result->m_pkthdr.len); 2349 2350 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED); 2351 } 2352 2353 /* 2354 * SADB_SPDFLUSH processing 2355 * receive 2356 * <base> 2357 * from the user, and free all entries in secpctree. 2358 * and send, 2359 * <base> 2360 * to the user. 2361 * NOTE: what to do is only marking SADB_SASTATE_DEAD. 2362 * 2363 * m will always be freed. 2364 */ 2365 static int 2366 key_spdflush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2367 { 2368 struct secpolicy_queue drainq; 2369 struct sadb_msg *newmsg; 2370 struct secpolicy *sp, *nextsp; 2371 u_int dir; 2372 2373 IPSEC_ASSERT(so != NULL, ("null socket")); 2374 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2375 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2376 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2377 2378 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) 2379 return key_senderror(so, m, EINVAL); 2380 2381 TAILQ_INIT(&drainq); 2382 SPTREE_WLOCK(); 2383 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2384 TAILQ_CONCAT(&drainq, &V_sptree[dir], chain); 2385 } 2386 /* 2387 * We need to set state to DEAD for each policy to be sure, 2388 * that another thread won't try to unlink it. 2389 * Also remove SP from sphash. 2390 */ 2391 TAILQ_FOREACH(sp, &drainq, chain) { 2392 sp->state = IPSEC_SPSTATE_DEAD; 2393 LIST_REMOVE(sp, idhash); 2394 } 2395 V_sp_genid++; 2396 SPTREE_WUNLOCK(); 2397 sp = TAILQ_FIRST(&drainq); 2398 while (sp != NULL) { 2399 nextsp = TAILQ_NEXT(sp, chain); 2400 key_freesp(&sp); 2401 sp = nextsp; 2402 } 2403 2404 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 2405 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 2406 return key_senderror(so, m, ENOBUFS); 2407 } 2408 2409 if (m->m_next) 2410 m_freem(m->m_next); 2411 m->m_next = NULL; 2412 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2413 newmsg = mtod(m, struct sadb_msg *); 2414 newmsg->sadb_msg_errno = 0; 2415 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 2416 2417 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 2418 } 2419 2420 static uint8_t 2421 key_satype2scopemask(uint8_t satype) 2422 { 2423 2424 if (satype == IPSEC_POLICYSCOPE_ANY) 2425 return (0xff); 2426 return (satype); 2427 } 2428 /* 2429 * SADB_SPDDUMP processing 2430 * receive 2431 * <base> 2432 * from the user, and dump all SP leaves and send, 2433 * <base> ..... 2434 * to the ikmpd. 2435 * 2436 * NOTE: 2437 * sadb_msg_satype is considered as mask of policy scopes. 2438 * m will always be freed. 2439 */ 2440 static int 2441 key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2442 { 2443 SPTREE_RLOCK_TRACKER; 2444 struct secpolicy *sp; 2445 struct mbuf *n; 2446 int cnt; 2447 u_int dir, scope; 2448 2449 IPSEC_ASSERT(so != NULL, ("null socket")); 2450 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2451 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2452 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2453 2454 /* search SPD entry and get buffer size. */ 2455 cnt = 0; 2456 scope = key_satype2scopemask(mhp->msg->sadb_msg_satype); 2457 SPTREE_RLOCK(); 2458 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2459 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2460 TAILQ_FOREACH(sp, &V_sptree[dir], chain) 2461 cnt++; 2462 } 2463 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2464 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) 2465 cnt++; 2466 } 2467 } 2468 2469 if (cnt == 0) { 2470 SPTREE_RUNLOCK(); 2471 return key_senderror(so, m, ENOENT); 2472 } 2473 2474 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2475 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2476 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 2477 --cnt; 2478 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2479 mhp->msg->sadb_msg_pid); 2480 2481 if (n != NULL) 2482 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2483 } 2484 } 2485 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2486 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) { 2487 --cnt; 2488 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2489 mhp->msg->sadb_msg_pid); 2490 2491 if (n != NULL) 2492 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2493 } 2494 } 2495 } 2496 2497 SPTREE_RUNLOCK(); 2498 m_freem(m); 2499 return (0); 2500 } 2501 2502 static struct mbuf * 2503 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, 2504 u_int32_t pid) 2505 { 2506 struct mbuf *result = NULL, *m; 2507 struct seclifetime lt; 2508 2509 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt); 2510 if (!m) 2511 goto fail; 2512 result = m; 2513 2514 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2515 &sp->spidx.src.sa, sp->spidx.prefs, 2516 sp->spidx.ul_proto); 2517 if (!m) 2518 goto fail; 2519 m_cat(result, m); 2520 2521 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2522 &sp->spidx.dst.sa, sp->spidx.prefd, 2523 sp->spidx.ul_proto); 2524 if (!m) 2525 goto fail; 2526 m_cat(result, m); 2527 2528 m = key_sp2mbuf(sp); 2529 if (!m) 2530 goto fail; 2531 m_cat(result, m); 2532 2533 if(sp->lifetime){ 2534 lt.addtime=sp->created; 2535 lt.usetime= sp->lastused; 2536 m = key_setlifetime(<, SADB_EXT_LIFETIME_CURRENT); 2537 if (!m) 2538 goto fail; 2539 m_cat(result, m); 2540 2541 lt.addtime=sp->lifetime; 2542 lt.usetime= sp->validtime; 2543 m = key_setlifetime(<, SADB_EXT_LIFETIME_HARD); 2544 if (!m) 2545 goto fail; 2546 m_cat(result, m); 2547 } 2548 2549 if ((result->m_flags & M_PKTHDR) == 0) 2550 goto fail; 2551 2552 if (result->m_len < sizeof(struct sadb_msg)) { 2553 result = m_pullup(result, sizeof(struct sadb_msg)); 2554 if (result == NULL) 2555 goto fail; 2556 } 2557 2558 result->m_pkthdr.len = 0; 2559 for (m = result; m; m = m->m_next) 2560 result->m_pkthdr.len += m->m_len; 2561 2562 mtod(result, struct sadb_msg *)->sadb_msg_len = 2563 PFKEY_UNIT64(result->m_pkthdr.len); 2564 2565 return result; 2566 2567 fail: 2568 m_freem(result); 2569 return NULL; 2570 } 2571 /* 2572 * get PFKEY message length for security policy and request. 2573 */ 2574 static size_t 2575 key_getspreqmsglen(struct secpolicy *sp) 2576 { 2577 size_t tlen, len; 2578 int i; 2579 2580 tlen = sizeof(struct sadb_x_policy); 2581 /* if is the policy for ipsec ? */ 2582 if (sp->policy != IPSEC_POLICY_IPSEC) 2583 return (tlen); 2584 2585 /* get length of ipsec requests */ 2586 for (i = 0; i < sp->tcount; i++) { 2587 len = sizeof(struct sadb_x_ipsecrequest) 2588 + sp->req[i]->saidx.src.sa.sa_len 2589 + sp->req[i]->saidx.dst.sa.sa_len; 2590 2591 tlen += PFKEY_ALIGN8(len); 2592 } 2593 return (tlen); 2594 } 2595 2596 /* 2597 * SADB_SPDEXPIRE processing 2598 * send 2599 * <base, address(SD), lifetime(CH), policy> 2600 * to KMD by PF_KEY. 2601 * 2602 * OUT: 0 : succeed 2603 * others : error number 2604 */ 2605 static int 2606 key_spdexpire(struct secpolicy *sp) 2607 { 2608 struct sadb_lifetime *lt; 2609 struct mbuf *result = NULL, *m; 2610 int len, error = -1; 2611 2612 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2613 2614 KEYDBG(KEY_STAMP, 2615 printf("%s: SP(%p)\n", __func__, sp)); 2616 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2617 2618 /* set msg header */ 2619 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); 2620 if (!m) { 2621 error = ENOBUFS; 2622 goto fail; 2623 } 2624 result = m; 2625 2626 /* create lifetime extension (current and hard) */ 2627 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 2628 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 2629 if (m == NULL) { 2630 error = ENOBUFS; 2631 goto fail; 2632 } 2633 m_align(m, len); 2634 m->m_len = len; 2635 bzero(mtod(m, caddr_t), len); 2636 lt = mtod(m, struct sadb_lifetime *); 2637 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2638 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2639 lt->sadb_lifetime_allocations = 0; 2640 lt->sadb_lifetime_bytes = 0; 2641 lt->sadb_lifetime_addtime = sp->created; 2642 lt->sadb_lifetime_usetime = sp->lastused; 2643 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 2644 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2645 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2646 lt->sadb_lifetime_allocations = 0; 2647 lt->sadb_lifetime_bytes = 0; 2648 lt->sadb_lifetime_addtime = sp->lifetime; 2649 lt->sadb_lifetime_usetime = sp->validtime; 2650 m_cat(result, m); 2651 2652 /* set sadb_address for source */ 2653 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2654 &sp->spidx.src.sa, 2655 sp->spidx.prefs, sp->spidx.ul_proto); 2656 if (!m) { 2657 error = ENOBUFS; 2658 goto fail; 2659 } 2660 m_cat(result, m); 2661 2662 /* set sadb_address for destination */ 2663 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2664 &sp->spidx.dst.sa, 2665 sp->spidx.prefd, sp->spidx.ul_proto); 2666 if (!m) { 2667 error = ENOBUFS; 2668 goto fail; 2669 } 2670 m_cat(result, m); 2671 2672 /* set secpolicy */ 2673 m = key_sp2mbuf(sp); 2674 if (!m) { 2675 error = ENOBUFS; 2676 goto fail; 2677 } 2678 m_cat(result, m); 2679 2680 if ((result->m_flags & M_PKTHDR) == 0) { 2681 error = EINVAL; 2682 goto fail; 2683 } 2684 2685 if (result->m_len < sizeof(struct sadb_msg)) { 2686 result = m_pullup(result, sizeof(struct sadb_msg)); 2687 if (result == NULL) { 2688 error = ENOBUFS; 2689 goto fail; 2690 } 2691 } 2692 2693 result->m_pkthdr.len = 0; 2694 for (m = result; m; m = m->m_next) 2695 result->m_pkthdr.len += m->m_len; 2696 2697 mtod(result, struct sadb_msg *)->sadb_msg_len = 2698 PFKEY_UNIT64(result->m_pkthdr.len); 2699 2700 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2701 2702 fail: 2703 if (result) 2704 m_freem(result); 2705 return error; 2706 } 2707 2708 /* %%% SAD management */ 2709 /* 2710 * allocating and initialize new SA head. 2711 * OUT: NULL : failure due to the lack of memory. 2712 * others : pointer to new SA head. 2713 */ 2714 static struct secashead * 2715 key_newsah(struct secasindex *saidx) 2716 { 2717 struct secashead *sah; 2718 2719 sah = malloc(sizeof(struct secashead), M_IPSEC_SAH, 2720 M_NOWAIT | M_ZERO); 2721 if (sah == NULL) { 2722 PFKEYSTAT_INC(in_nomem); 2723 return (NULL); 2724 } 2725 TAILQ_INIT(&sah->savtree_larval); 2726 TAILQ_INIT(&sah->savtree_alive); 2727 sah->saidx = *saidx; 2728 sah->state = SADB_SASTATE_DEAD; 2729 SAH_INITREF(sah); 2730 2731 KEYDBG(KEY_STAMP, 2732 printf("%s: SAH(%p)\n", __func__, sah)); 2733 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2734 return (sah); 2735 } 2736 2737 static void 2738 key_freesah(struct secashead **psah) 2739 { 2740 struct secashead *sah = *psah; 2741 2742 if (SAH_DELREF(sah) == 0) 2743 return; 2744 2745 KEYDBG(KEY_STAMP, 2746 printf("%s: last reference to SAH(%p)\n", __func__, sah)); 2747 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2748 2749 *psah = NULL; 2750 key_delsah(sah); 2751 } 2752 2753 static void 2754 key_delsah(struct secashead *sah) 2755 { 2756 IPSEC_ASSERT(sah != NULL, ("NULL sah")); 2757 IPSEC_ASSERT(sah->state == SADB_SASTATE_DEAD, 2758 ("Attempt to free non DEAD SAH %p", sah)); 2759 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_larval), 2760 ("Attempt to free SAH %p with LARVAL SA", sah)); 2761 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_alive), 2762 ("Attempt to free SAH %p with ALIVE SA", sah)); 2763 2764 free(sah, M_IPSEC_SAH); 2765 } 2766 2767 /* 2768 * allocating a new SA for key_add() and key_getspi() call, 2769 * and copy the values of mhp into new buffer. 2770 * When SAD message type is SADB_GETSPI set SA state to LARVAL. 2771 * For SADB_ADD create and initialize SA with MATURE state. 2772 * OUT: NULL : fail 2773 * others : pointer to new secasvar. 2774 */ 2775 static struct secasvar * 2776 key_newsav(const struct sadb_msghdr *mhp, struct secasindex *saidx, 2777 uint32_t spi, int *errp) 2778 { 2779 struct secashead *sah; 2780 struct secasvar *sav; 2781 int isnew; 2782 2783 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2784 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2785 IPSEC_ASSERT(mhp->msg->sadb_msg_type == SADB_GETSPI || 2786 mhp->msg->sadb_msg_type == SADB_ADD, ("wrong message type")); 2787 2788 sav = NULL; 2789 sah = NULL; 2790 /* check SPI value */ 2791 switch (saidx->proto) { 2792 case IPPROTO_ESP: 2793 case IPPROTO_AH: 2794 /* 2795 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values 2796 * 1-255 reserved by IANA for future use, 2797 * 0 for implementation specific, local use. 2798 */ 2799 if (ntohl(spi) <= 255) { 2800 ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n", 2801 __func__, ntohl(spi))); 2802 *errp = EINVAL; 2803 goto done; 2804 } 2805 break; 2806 } 2807 2808 sav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT | M_ZERO); 2809 if (sav == NULL) { 2810 *errp = ENOBUFS; 2811 goto done; 2812 } 2813 sav->lock = malloc(sizeof(struct mtx), M_IPSEC_MISC, 2814 M_NOWAIT | M_ZERO); 2815 if (sav->lock == NULL) { 2816 *errp = ENOBUFS; 2817 goto done; 2818 } 2819 mtx_init(sav->lock, "ipsec association", NULL, MTX_DEF); 2820 sav->lft_c = uma_zalloc(V_key_lft_zone, M_NOWAIT); 2821 if (sav->lft_c == NULL) { 2822 *errp = ENOBUFS; 2823 goto done; 2824 } 2825 counter_u64_zero(sav->lft_c_allocations); 2826 counter_u64_zero(sav->lft_c_bytes); 2827 2828 sav->spi = spi; 2829 sav->seq = mhp->msg->sadb_msg_seq; 2830 sav->state = SADB_SASTATE_LARVAL; 2831 sav->pid = (pid_t)mhp->msg->sadb_msg_pid; 2832 SAV_INITREF(sav); 2833 again: 2834 sah = key_getsah(saidx); 2835 if (sah == NULL) { 2836 /* create a new SA index */ 2837 sah = key_newsah(saidx); 2838 if (sah == NULL) { 2839 ipseclog((LOG_DEBUG, 2840 "%s: No more memory.\n", __func__)); 2841 *errp = ENOBUFS; 2842 goto done; 2843 } 2844 isnew = 1; 2845 } else 2846 isnew = 0; 2847 2848 sav->sah = sah; 2849 if (mhp->msg->sadb_msg_type == SADB_GETSPI) { 2850 sav->created = time_second; 2851 } else if (sav->state == SADB_SASTATE_LARVAL) { 2852 /* 2853 * Do not call key_setsaval() second time in case 2854 * of `goto again`. We will have MATURE state. 2855 */ 2856 *errp = key_setsaval(sav, mhp); 2857 if (*errp != 0) 2858 goto done; 2859 sav->state = SADB_SASTATE_MATURE; 2860 } 2861 2862 SAHTREE_WLOCK(); 2863 /* 2864 * Check that existing SAH wasn't unlinked. 2865 * Since we didn't hold the SAHTREE lock, it is possible, 2866 * that callout handler or key_flush() or key_delete() could 2867 * unlink this SAH. 2868 */ 2869 if (isnew == 0 && sah->state == SADB_SASTATE_DEAD) { 2870 SAHTREE_WUNLOCK(); 2871 key_freesah(&sah); /* reference from key_getsah() */ 2872 goto again; 2873 } 2874 if (isnew != 0) { 2875 /* 2876 * Add new SAH into SADB. 2877 * 2878 * XXXAE: we can serialize key_add and key_getspi calls, so 2879 * several threads will not fight in the race. 2880 * Otherwise we should check under SAHTREE lock, that this 2881 * SAH would not added twice. 2882 */ 2883 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 2884 /* Add new SAH into hash by addresses */ 2885 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 2886 /* Now we are linked in the chain */ 2887 sah->state = SADB_SASTATE_MATURE; 2888 /* 2889 * SAV references this new SAH. 2890 * In case of existing SAH we reuse reference 2891 * from key_getsah(). 2892 */ 2893 SAH_ADDREF(sah); 2894 } 2895 /* Link SAV with SAH */ 2896 if (sav->state == SADB_SASTATE_MATURE) 2897 TAILQ_INSERT_HEAD(&sah->savtree_alive, sav, chain); 2898 else 2899 TAILQ_INSERT_HEAD(&sah->savtree_larval, sav, chain); 2900 /* Add SAV into SPI hash */ 2901 LIST_INSERT_HEAD(SAVHASH_HASH(sav->spi), sav, spihash); 2902 SAHTREE_WUNLOCK(); 2903 *errp = 0; /* success */ 2904 done: 2905 if (*errp != 0) { 2906 if (sav != NULL) { 2907 if (sav->lock != NULL) { 2908 mtx_destroy(sav->lock); 2909 free(sav->lock, M_IPSEC_MISC); 2910 } 2911 if (sav->lft_c != NULL) 2912 uma_zfree(V_key_lft_zone, sav->lft_c); 2913 free(sav, M_IPSEC_SA), sav = NULL; 2914 } 2915 if (sah != NULL) 2916 key_freesah(&sah); 2917 if (*errp == ENOBUFS) { 2918 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 2919 __func__)); 2920 PFKEYSTAT_INC(in_nomem); 2921 } 2922 } 2923 return (sav); 2924 } 2925 2926 /* 2927 * free() SA variable entry. 2928 */ 2929 static void 2930 key_cleansav(struct secasvar *sav) 2931 { 2932 2933 if (sav->natt != NULL) { 2934 free(sav->natt, M_IPSEC_MISC); 2935 sav->natt = NULL; 2936 } 2937 if (sav->flags & SADB_X_EXT_F_CLONED) 2938 return; 2939 /* 2940 * Cleanup xform state. Note that zeroize'ing causes the 2941 * keys to be cleared; otherwise we must do it ourself. 2942 */ 2943 if (sav->tdb_xform != NULL) { 2944 sav->tdb_xform->xf_zeroize(sav); 2945 sav->tdb_xform = NULL; 2946 } else { 2947 if (sav->key_auth != NULL) 2948 bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth)); 2949 if (sav->key_enc != NULL) 2950 bzero(sav->key_enc->key_data, _KEYLEN(sav->key_enc)); 2951 } 2952 if (sav->key_auth != NULL) { 2953 if (sav->key_auth->key_data != NULL) 2954 free(sav->key_auth->key_data, M_IPSEC_MISC); 2955 free(sav->key_auth, M_IPSEC_MISC); 2956 sav->key_auth = NULL; 2957 } 2958 if (sav->key_enc != NULL) { 2959 if (sav->key_enc->key_data != NULL) 2960 free(sav->key_enc->key_data, M_IPSEC_MISC); 2961 free(sav->key_enc, M_IPSEC_MISC); 2962 sav->key_enc = NULL; 2963 } 2964 if (sav->replay != NULL) { 2965 if (sav->replay->bitmap != NULL) 2966 free(sav->replay->bitmap, M_IPSEC_MISC); 2967 free(sav->replay, M_IPSEC_MISC); 2968 sav->replay = NULL; 2969 } 2970 if (sav->lft_h != NULL) { 2971 free(sav->lft_h, M_IPSEC_MISC); 2972 sav->lft_h = NULL; 2973 } 2974 if (sav->lft_s != NULL) { 2975 free(sav->lft_s, M_IPSEC_MISC); 2976 sav->lft_s = NULL; 2977 } 2978 } 2979 2980 /* 2981 * free() SA variable entry. 2982 */ 2983 static void 2984 key_delsav(struct secasvar *sav) 2985 { 2986 IPSEC_ASSERT(sav != NULL, ("null sav")); 2987 IPSEC_ASSERT(sav->state == SADB_SASTATE_DEAD, 2988 ("attempt to free non DEAD SA %p", sav)); 2989 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", 2990 sav->refcnt)); 2991 2992 /* 2993 * SA must be unlinked from the chain and hashtbl. 2994 * If SA was cloned, we leave all fields untouched, 2995 * except NAT-T config. 2996 */ 2997 key_cleansav(sav); 2998 if ((sav->flags & SADB_X_EXT_F_CLONED) == 0) { 2999 mtx_destroy(sav->lock); 3000 free(sav->lock, M_IPSEC_MISC); 3001 uma_zfree(V_key_lft_zone, sav->lft_c); 3002 } 3003 free(sav, M_IPSEC_SA); 3004 } 3005 3006 /* 3007 * search SAH. 3008 * OUT: 3009 * NULL : not found 3010 * others : found, referenced pointer to a SAH. 3011 */ 3012 static struct secashead * 3013 key_getsah(struct secasindex *saidx) 3014 { 3015 SAHTREE_RLOCK_TRACKER; 3016 struct secashead *sah; 3017 3018 SAHTREE_RLOCK(); 3019 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 3020 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID) != 0) { 3021 SAH_ADDREF(sah); 3022 break; 3023 } 3024 } 3025 SAHTREE_RUNLOCK(); 3026 return (sah); 3027 } 3028 3029 /* 3030 * Check not to be duplicated SPI. 3031 * OUT: 3032 * 0 : not found 3033 * 1 : found SA with given SPI. 3034 */ 3035 static int 3036 key_checkspidup(uint32_t spi) 3037 { 3038 SAHTREE_RLOCK_TRACKER; 3039 struct secasvar *sav; 3040 3041 /* Assume SPI is in network byte order */ 3042 SAHTREE_RLOCK(); 3043 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3044 if (sav->spi == spi) 3045 break; 3046 } 3047 SAHTREE_RUNLOCK(); 3048 return (sav != NULL); 3049 } 3050 3051 /* 3052 * Search SA by SPI. 3053 * OUT: 3054 * NULL : not found 3055 * others : found, referenced pointer to a SA. 3056 */ 3057 static struct secasvar * 3058 key_getsavbyspi(uint32_t spi) 3059 { 3060 SAHTREE_RLOCK_TRACKER; 3061 struct secasvar *sav; 3062 3063 /* Assume SPI is in network byte order */ 3064 SAHTREE_RLOCK(); 3065 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3066 if (sav->spi != spi) 3067 continue; 3068 SAV_ADDREF(sav); 3069 break; 3070 } 3071 SAHTREE_RUNLOCK(); 3072 return (sav); 3073 } 3074 3075 static int 3076 key_updatelifetimes(struct secasvar *sav, const struct sadb_msghdr *mhp) 3077 { 3078 struct seclifetime *lft_h, *lft_s, *tmp; 3079 3080 /* Lifetime extension is optional, check that it is present. */ 3081 if (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3082 SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) { 3083 /* 3084 * In case of SADB_UPDATE we may need to change 3085 * existing lifetimes. 3086 */ 3087 if (sav->state == SADB_SASTATE_MATURE) { 3088 lft_h = lft_s = NULL; 3089 goto reset; 3090 } 3091 return (0); 3092 } 3093 /* Both HARD and SOFT extensions must present */ 3094 if ((SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3095 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 3096 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 3097 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 3098 ipseclog((LOG_DEBUG, 3099 "%s: invalid message: missing required header.\n", 3100 __func__)); 3101 return (EINVAL); 3102 } 3103 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD) || 3104 SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_SOFT)) { 3105 ipseclog((LOG_DEBUG, 3106 "%s: invalid message: wrong header size.\n", __func__)); 3107 return (EINVAL); 3108 } 3109 lft_h = key_dup_lifemsg((const struct sadb_lifetime *) 3110 mhp->ext[SADB_EXT_LIFETIME_HARD], M_IPSEC_MISC); 3111 if (lft_h == NULL) { 3112 PFKEYSTAT_INC(in_nomem); 3113 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3114 return (ENOBUFS); 3115 } 3116 lft_s = key_dup_lifemsg((const struct sadb_lifetime *) 3117 mhp->ext[SADB_EXT_LIFETIME_SOFT], M_IPSEC_MISC); 3118 if (lft_s == NULL) { 3119 PFKEYSTAT_INC(in_nomem); 3120 free(lft_h, M_IPSEC_MISC); 3121 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3122 return (ENOBUFS); 3123 } 3124 reset: 3125 if (sav->state != SADB_SASTATE_LARVAL) { 3126 /* 3127 * key_update() holds reference to this SA, 3128 * so it won't be deleted in meanwhile. 3129 */ 3130 SECASVAR_LOCK(sav); 3131 tmp = sav->lft_h; 3132 sav->lft_h = lft_h; 3133 lft_h = tmp; 3134 3135 tmp = sav->lft_s; 3136 sav->lft_s = lft_s; 3137 lft_s = tmp; 3138 SECASVAR_UNLOCK(sav); 3139 if (lft_h != NULL) 3140 free(lft_h, M_IPSEC_MISC); 3141 if (lft_s != NULL) 3142 free(lft_s, M_IPSEC_MISC); 3143 return (0); 3144 } 3145 /* We can update lifetime without holding a lock */ 3146 IPSEC_ASSERT(sav->lft_h == NULL, ("lft_h is already initialized\n")); 3147 IPSEC_ASSERT(sav->lft_s == NULL, ("lft_s is already initialized\n")); 3148 sav->lft_h = lft_h; 3149 sav->lft_s = lft_s; 3150 return (0); 3151 } 3152 3153 /* 3154 * copy SA values from PF_KEY message except *SPI, SEQ, PID and TYPE*. 3155 * You must update these if need. Expects only LARVAL SAs. 3156 * OUT: 0: success. 3157 * !0: failure. 3158 */ 3159 static int 3160 key_setsaval(struct secasvar *sav, const struct sadb_msghdr *mhp) 3161 { 3162 const struct sadb_sa *sa0; 3163 const struct sadb_key *key0; 3164 uint32_t replay; 3165 size_t len; 3166 int error; 3167 3168 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 3169 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 3170 IPSEC_ASSERT(sav->state == SADB_SASTATE_LARVAL, 3171 ("Attempt to update non LARVAL SA")); 3172 3173 /* XXX rewrite */ 3174 error = key_setident(sav->sah, mhp); 3175 if (error != 0) 3176 goto fail; 3177 3178 /* SA */ 3179 if (!SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 3180 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 3181 error = EINVAL; 3182 goto fail; 3183 } 3184 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 3185 sav->alg_auth = sa0->sadb_sa_auth; 3186 sav->alg_enc = sa0->sadb_sa_encrypt; 3187 sav->flags = sa0->sadb_sa_flags; 3188 if ((sav->flags & SADB_KEY_FLAGS_MAX) != sav->flags) { 3189 ipseclog((LOG_DEBUG, 3190 "%s: invalid sa_flags 0x%08x.\n", __func__, 3191 sav->flags)); 3192 error = EINVAL; 3193 goto fail; 3194 } 3195 3196 /* Optional replay window */ 3197 replay = 0; 3198 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) 3199 replay = sa0->sadb_sa_replay; 3200 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_SA_REPLAY)) { 3201 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA_REPLAY)) { 3202 error = EINVAL; 3203 goto fail; 3204 } 3205 replay = ((const struct sadb_x_sa_replay *) 3206 mhp->ext[SADB_X_EXT_SA_REPLAY])->sadb_x_sa_replay_replay; 3207 3208 if (replay > UINT32_MAX - 32) { 3209 ipseclog((LOG_DEBUG, 3210 "%s: replay window too big.\n", __func__)); 3211 error = EINVAL; 3212 goto fail; 3213 } 3214 3215 replay = (replay + 7) >> 3; 3216 } 3217 3218 sav->replay = malloc(sizeof(struct secreplay), M_IPSEC_MISC, 3219 M_NOWAIT | M_ZERO); 3220 if (sav->replay == NULL) { 3221 PFKEYSTAT_INC(in_nomem); 3222 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3223 __func__)); 3224 error = ENOBUFS; 3225 goto fail; 3226 } 3227 3228 if (replay != 0) { 3229 /* number of 32b blocks to be allocated */ 3230 uint32_t bitmap_size; 3231 3232 /* RFC 6479: 3233 * - the allocated replay window size must be 3234 * a power of two. 3235 * - use an extra 32b block as a redundant window. 3236 */ 3237 bitmap_size = 1; 3238 while (replay + 4 > bitmap_size) 3239 bitmap_size <<= 1; 3240 bitmap_size = bitmap_size / 4; 3241 3242 sav->replay->bitmap = malloc( 3243 bitmap_size * sizeof(uint32_t), M_IPSEC_MISC, 3244 M_NOWAIT | M_ZERO); 3245 if (sav->replay->bitmap == NULL) { 3246 PFKEYSTAT_INC(in_nomem); 3247 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3248 __func__)); 3249 error = ENOBUFS; 3250 goto fail; 3251 } 3252 sav->replay->bitmap_size = bitmap_size; 3253 sav->replay->wsize = replay; 3254 } 3255 } 3256 3257 /* Authentication keys */ 3258 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 3259 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH)) { 3260 error = EINVAL; 3261 goto fail; 3262 } 3263 error = 0; 3264 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH]; 3265 len = mhp->extlen[SADB_EXT_KEY_AUTH]; 3266 switch (mhp->msg->sadb_msg_satype) { 3267 case SADB_SATYPE_AH: 3268 case SADB_SATYPE_ESP: 3269 case SADB_X_SATYPE_TCPSIGNATURE: 3270 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3271 sav->alg_auth != SADB_X_AALG_NULL) 3272 error = EINVAL; 3273 break; 3274 case SADB_X_SATYPE_IPCOMP: 3275 default: 3276 error = EINVAL; 3277 break; 3278 } 3279 if (error) { 3280 ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n", 3281 __func__)); 3282 goto fail; 3283 } 3284 3285 sav->key_auth = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3286 if (sav->key_auth == NULL ) { 3287 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3288 __func__)); 3289 PFKEYSTAT_INC(in_nomem); 3290 error = ENOBUFS; 3291 goto fail; 3292 } 3293 } 3294 3295 /* Encryption key */ 3296 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) { 3297 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT)) { 3298 error = EINVAL; 3299 goto fail; 3300 } 3301 error = 0; 3302 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT]; 3303 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; 3304 switch (mhp->msg->sadb_msg_satype) { 3305 case SADB_SATYPE_ESP: 3306 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3307 sav->alg_enc != SADB_EALG_NULL) { 3308 error = EINVAL; 3309 break; 3310 } 3311 sav->key_enc = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3312 if (sav->key_enc == NULL) { 3313 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3314 __func__)); 3315 PFKEYSTAT_INC(in_nomem); 3316 error = ENOBUFS; 3317 goto fail; 3318 } 3319 break; 3320 case SADB_X_SATYPE_IPCOMP: 3321 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) 3322 error = EINVAL; 3323 sav->key_enc = NULL; /*just in case*/ 3324 break; 3325 case SADB_SATYPE_AH: 3326 case SADB_X_SATYPE_TCPSIGNATURE: 3327 default: 3328 error = EINVAL; 3329 break; 3330 } 3331 if (error) { 3332 ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n", 3333 __func__)); 3334 goto fail; 3335 } 3336 } 3337 3338 /* set iv */ 3339 sav->ivlen = 0; 3340 switch (mhp->msg->sadb_msg_satype) { 3341 case SADB_SATYPE_AH: 3342 if (sav->flags & SADB_X_EXT_DERIV) { 3343 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3344 "given to AH SA.\n", __func__)); 3345 error = EINVAL; 3346 goto fail; 3347 } 3348 if (sav->alg_enc != SADB_EALG_NONE) { 3349 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3350 "mismated.\n", __func__)); 3351 error = EINVAL; 3352 goto fail; 3353 } 3354 error = xform_init(sav, XF_AH); 3355 break; 3356 case SADB_SATYPE_ESP: 3357 if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) == 3358 (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) { 3359 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3360 "given to old-esp.\n", __func__)); 3361 error = EINVAL; 3362 goto fail; 3363 } 3364 error = xform_init(sav, XF_ESP); 3365 break; 3366 case SADB_X_SATYPE_IPCOMP: 3367 if (sav->alg_auth != SADB_AALG_NONE) { 3368 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3369 "mismated.\n", __func__)); 3370 error = EINVAL; 3371 goto fail; 3372 } 3373 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 && 3374 ntohl(sav->spi) >= 0x10000) { 3375 ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n", 3376 __func__)); 3377 error = EINVAL; 3378 goto fail; 3379 } 3380 error = xform_init(sav, XF_IPCOMP); 3381 break; 3382 case SADB_X_SATYPE_TCPSIGNATURE: 3383 if (sav->alg_enc != SADB_EALG_NONE) { 3384 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3385 "mismated.\n", __func__)); 3386 error = EINVAL; 3387 goto fail; 3388 } 3389 error = xform_init(sav, XF_TCPSIGNATURE); 3390 break; 3391 default: 3392 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__)); 3393 error = EPROTONOSUPPORT; 3394 goto fail; 3395 } 3396 if (error) { 3397 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n", 3398 __func__, mhp->msg->sadb_msg_satype)); 3399 goto fail; 3400 } 3401 3402 /* Handle NAT-T headers */ 3403 error = key_setnatt(sav, mhp); 3404 if (error != 0) 3405 goto fail; 3406 3407 /* Initialize lifetime for CURRENT */ 3408 sav->firstused = 0; 3409 sav->created = time_second; 3410 3411 /* lifetimes for HARD and SOFT */ 3412 error = key_updatelifetimes(sav, mhp); 3413 if (error == 0) 3414 return (0); 3415 fail: 3416 key_cleansav(sav); 3417 return (error); 3418 } 3419 3420 /* 3421 * subroutine for SADB_GET and SADB_DUMP. 3422 */ 3423 static struct mbuf * 3424 key_setdumpsa(struct secasvar *sav, uint8_t type, uint8_t satype, 3425 uint32_t seq, uint32_t pid) 3426 { 3427 struct seclifetime lft_c; 3428 struct mbuf *result = NULL, *tres = NULL, *m; 3429 int i, dumporder[] = { 3430 SADB_EXT_SA, SADB_X_EXT_SA2, SADB_X_EXT_SA_REPLAY, 3431 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 3432 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, 3433 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, 3434 SADB_EXT_KEY_AUTH, SADB_EXT_KEY_ENCRYPT, 3435 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 3436 SADB_EXT_SENSITIVITY, 3437 SADB_X_EXT_NAT_T_TYPE, 3438 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, 3439 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, 3440 SADB_X_EXT_NAT_T_FRAG, 3441 }; 3442 uint32_t replay_count; 3443 3444 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); 3445 if (m == NULL) 3446 goto fail; 3447 result = m; 3448 3449 for (i = nitems(dumporder) - 1; i >= 0; i--) { 3450 m = NULL; 3451 switch (dumporder[i]) { 3452 case SADB_EXT_SA: 3453 m = key_setsadbsa(sav); 3454 if (!m) 3455 goto fail; 3456 break; 3457 3458 case SADB_X_EXT_SA2: 3459 SECASVAR_LOCK(sav); 3460 replay_count = sav->replay ? sav->replay->count : 0; 3461 SECASVAR_UNLOCK(sav); 3462 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 3463 sav->sah->saidx.reqid); 3464 if (!m) 3465 goto fail; 3466 break; 3467 3468 case SADB_X_EXT_SA_REPLAY: 3469 if (sav->replay == NULL || 3470 sav->replay->wsize <= UINT8_MAX) 3471 continue; 3472 3473 m = key_setsadbxsareplay(sav->replay->wsize); 3474 if (!m) 3475 goto fail; 3476 break; 3477 3478 case SADB_EXT_ADDRESS_SRC: 3479 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3480 &sav->sah->saidx.src.sa, 3481 FULLMASK, IPSEC_ULPROTO_ANY); 3482 if (!m) 3483 goto fail; 3484 break; 3485 3486 case SADB_EXT_ADDRESS_DST: 3487 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3488 &sav->sah->saidx.dst.sa, 3489 FULLMASK, IPSEC_ULPROTO_ANY); 3490 if (!m) 3491 goto fail; 3492 break; 3493 3494 case SADB_EXT_KEY_AUTH: 3495 if (!sav->key_auth) 3496 continue; 3497 m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH); 3498 if (!m) 3499 goto fail; 3500 break; 3501 3502 case SADB_EXT_KEY_ENCRYPT: 3503 if (!sav->key_enc) 3504 continue; 3505 m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT); 3506 if (!m) 3507 goto fail; 3508 break; 3509 3510 case SADB_EXT_LIFETIME_CURRENT: 3511 lft_c.addtime = sav->created; 3512 lft_c.allocations = (uint32_t)counter_u64_fetch( 3513 sav->lft_c_allocations); 3514 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes); 3515 lft_c.usetime = sav->firstused; 3516 m = key_setlifetime(&lft_c, SADB_EXT_LIFETIME_CURRENT); 3517 if (!m) 3518 goto fail; 3519 break; 3520 3521 case SADB_EXT_LIFETIME_HARD: 3522 if (!sav->lft_h) 3523 continue; 3524 m = key_setlifetime(sav->lft_h, 3525 SADB_EXT_LIFETIME_HARD); 3526 if (!m) 3527 goto fail; 3528 break; 3529 3530 case SADB_EXT_LIFETIME_SOFT: 3531 if (!sav->lft_s) 3532 continue; 3533 m = key_setlifetime(sav->lft_s, 3534 SADB_EXT_LIFETIME_SOFT); 3535 3536 if (!m) 3537 goto fail; 3538 break; 3539 3540 case SADB_X_EXT_NAT_T_TYPE: 3541 if (sav->natt == NULL) 3542 continue; 3543 m = key_setsadbxtype(UDP_ENCAP_ESPINUDP); 3544 if (!m) 3545 goto fail; 3546 break; 3547 3548 case SADB_X_EXT_NAT_T_DPORT: 3549 if (sav->natt == NULL) 3550 continue; 3551 m = key_setsadbxport(sav->natt->dport, 3552 SADB_X_EXT_NAT_T_DPORT); 3553 if (!m) 3554 goto fail; 3555 break; 3556 3557 case SADB_X_EXT_NAT_T_SPORT: 3558 if (sav->natt == NULL) 3559 continue; 3560 m = key_setsadbxport(sav->natt->sport, 3561 SADB_X_EXT_NAT_T_SPORT); 3562 if (!m) 3563 goto fail; 3564 break; 3565 3566 case SADB_X_EXT_NAT_T_OAI: 3567 if (sav->natt == NULL || 3568 (sav->natt->flags & IPSEC_NATT_F_OAI) == 0) 3569 continue; 3570 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAI, 3571 &sav->natt->oai.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3572 if (!m) 3573 goto fail; 3574 break; 3575 case SADB_X_EXT_NAT_T_OAR: 3576 if (sav->natt == NULL || 3577 (sav->natt->flags & IPSEC_NATT_F_OAR) == 0) 3578 continue; 3579 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAR, 3580 &sav->natt->oar.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3581 if (!m) 3582 goto fail; 3583 break; 3584 case SADB_X_EXT_NAT_T_FRAG: 3585 /* We do not (yet) support those. */ 3586 continue; 3587 3588 case SADB_EXT_ADDRESS_PROXY: 3589 case SADB_EXT_IDENTITY_SRC: 3590 case SADB_EXT_IDENTITY_DST: 3591 /* XXX: should we brought from SPD ? */ 3592 case SADB_EXT_SENSITIVITY: 3593 default: 3594 continue; 3595 } 3596 3597 if (!m) 3598 goto fail; 3599 if (tres) 3600 m_cat(m, tres); 3601 tres = m; 3602 } 3603 3604 m_cat(result, tres); 3605 tres = NULL; 3606 if (result->m_len < sizeof(struct sadb_msg)) { 3607 result = m_pullup(result, sizeof(struct sadb_msg)); 3608 if (result == NULL) 3609 goto fail; 3610 } 3611 3612 result->m_pkthdr.len = 0; 3613 for (m = result; m; m = m->m_next) 3614 result->m_pkthdr.len += m->m_len; 3615 3616 mtod(result, struct sadb_msg *)->sadb_msg_len = 3617 PFKEY_UNIT64(result->m_pkthdr.len); 3618 3619 return result; 3620 3621 fail: 3622 m_freem(result); 3623 m_freem(tres); 3624 return NULL; 3625 } 3626 3627 /* 3628 * set data into sadb_msg. 3629 */ 3630 static struct mbuf * 3631 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq, 3632 pid_t pid, u_int16_t reserved) 3633 { 3634 struct mbuf *m; 3635 struct sadb_msg *p; 3636 int len; 3637 3638 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 3639 if (len > MCLBYTES) 3640 return NULL; 3641 MGETHDR(m, M_NOWAIT, MT_DATA); 3642 if (m && len > MHLEN) { 3643 if (!(MCLGET(m, M_NOWAIT))) { 3644 m_freem(m); 3645 m = NULL; 3646 } 3647 } 3648 if (!m) 3649 return NULL; 3650 m->m_pkthdr.len = m->m_len = len; 3651 m->m_next = NULL; 3652 3653 p = mtod(m, struct sadb_msg *); 3654 3655 bzero(p, len); 3656 p->sadb_msg_version = PF_KEY_V2; 3657 p->sadb_msg_type = type; 3658 p->sadb_msg_errno = 0; 3659 p->sadb_msg_satype = satype; 3660 p->sadb_msg_len = PFKEY_UNIT64(tlen); 3661 p->sadb_msg_reserved = reserved; 3662 p->sadb_msg_seq = seq; 3663 p->sadb_msg_pid = (u_int32_t)pid; 3664 3665 return m; 3666 } 3667 3668 /* 3669 * copy secasvar data into sadb_address. 3670 */ 3671 static struct mbuf * 3672 key_setsadbsa(struct secasvar *sav) 3673 { 3674 struct mbuf *m; 3675 struct sadb_sa *p; 3676 int len; 3677 3678 len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); 3679 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3680 if (m == NULL) 3681 return (NULL); 3682 m_align(m, len); 3683 m->m_len = len; 3684 p = mtod(m, struct sadb_sa *); 3685 bzero(p, len); 3686 p->sadb_sa_len = PFKEY_UNIT64(len); 3687 p->sadb_sa_exttype = SADB_EXT_SA; 3688 p->sadb_sa_spi = sav->spi; 3689 p->sadb_sa_replay = sav->replay ? 3690 (sav->replay->wsize > UINT8_MAX ? UINT8_MAX : 3691 sav->replay->wsize): 0; 3692 p->sadb_sa_state = sav->state; 3693 p->sadb_sa_auth = sav->alg_auth; 3694 p->sadb_sa_encrypt = sav->alg_enc; 3695 p->sadb_sa_flags = sav->flags & SADB_KEY_FLAGS_MAX; 3696 return (m); 3697 } 3698 3699 /* 3700 * set data into sadb_address. 3701 */ 3702 static struct mbuf * 3703 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr, 3704 u_int8_t prefixlen, u_int16_t ul_proto) 3705 { 3706 struct mbuf *m; 3707 struct sadb_address *p; 3708 size_t len; 3709 3710 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + 3711 PFKEY_ALIGN8(saddr->sa_len); 3712 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3713 if (m == NULL) 3714 return (NULL); 3715 m_align(m, len); 3716 m->m_len = len; 3717 p = mtod(m, struct sadb_address *); 3718 3719 bzero(p, len); 3720 p->sadb_address_len = PFKEY_UNIT64(len); 3721 p->sadb_address_exttype = exttype; 3722 p->sadb_address_proto = ul_proto; 3723 if (prefixlen == FULLMASK) { 3724 switch (saddr->sa_family) { 3725 case AF_INET: 3726 prefixlen = sizeof(struct in_addr) << 3; 3727 break; 3728 case AF_INET6: 3729 prefixlen = sizeof(struct in6_addr) << 3; 3730 break; 3731 default: 3732 ; /*XXX*/ 3733 } 3734 } 3735 p->sadb_address_prefixlen = prefixlen; 3736 p->sadb_address_reserved = 0; 3737 3738 bcopy(saddr, 3739 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)), 3740 saddr->sa_len); 3741 3742 return m; 3743 } 3744 3745 /* 3746 * set data into sadb_x_sa2. 3747 */ 3748 static struct mbuf * 3749 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid) 3750 { 3751 struct mbuf *m; 3752 struct sadb_x_sa2 *p; 3753 size_t len; 3754 3755 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); 3756 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3757 if (m == NULL) 3758 return (NULL); 3759 m_align(m, len); 3760 m->m_len = len; 3761 p = mtod(m, struct sadb_x_sa2 *); 3762 3763 bzero(p, len); 3764 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 3765 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 3766 p->sadb_x_sa2_mode = mode; 3767 p->sadb_x_sa2_reserved1 = 0; 3768 p->sadb_x_sa2_reserved2 = 0; 3769 p->sadb_x_sa2_sequence = seq; 3770 p->sadb_x_sa2_reqid = reqid; 3771 3772 return m; 3773 } 3774 3775 /* 3776 * Set data into sadb_x_sa_replay. 3777 */ 3778 static struct mbuf * 3779 key_setsadbxsareplay(u_int32_t replay) 3780 { 3781 struct mbuf *m; 3782 struct sadb_x_sa_replay *p; 3783 size_t len; 3784 3785 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa_replay)); 3786 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3787 if (m == NULL) 3788 return (NULL); 3789 m_align(m, len); 3790 m->m_len = len; 3791 p = mtod(m, struct sadb_x_sa_replay *); 3792 3793 bzero(p, len); 3794 p->sadb_x_sa_replay_len = PFKEY_UNIT64(len); 3795 p->sadb_x_sa_replay_exttype = SADB_X_EXT_SA_REPLAY; 3796 p->sadb_x_sa_replay_replay = (replay << 3); 3797 3798 return m; 3799 } 3800 3801 /* 3802 * Set a type in sadb_x_nat_t_type. 3803 */ 3804 static struct mbuf * 3805 key_setsadbxtype(u_int16_t type) 3806 { 3807 struct mbuf *m; 3808 size_t len; 3809 struct sadb_x_nat_t_type *p; 3810 3811 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type)); 3812 3813 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3814 if (m == NULL) 3815 return (NULL); 3816 m_align(m, len); 3817 m->m_len = len; 3818 p = mtod(m, struct sadb_x_nat_t_type *); 3819 3820 bzero(p, len); 3821 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len); 3822 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 3823 p->sadb_x_nat_t_type_type = type; 3824 3825 return (m); 3826 } 3827 /* 3828 * Set a port in sadb_x_nat_t_port. 3829 * In contrast to default RFC 2367 behaviour, port is in network byte order. 3830 */ 3831 static struct mbuf * 3832 key_setsadbxport(u_int16_t port, u_int16_t type) 3833 { 3834 struct mbuf *m; 3835 size_t len; 3836 struct sadb_x_nat_t_port *p; 3837 3838 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port)); 3839 3840 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3841 if (m == NULL) 3842 return (NULL); 3843 m_align(m, len); 3844 m->m_len = len; 3845 p = mtod(m, struct sadb_x_nat_t_port *); 3846 3847 bzero(p, len); 3848 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len); 3849 p->sadb_x_nat_t_port_exttype = type; 3850 p->sadb_x_nat_t_port_port = port; 3851 3852 return (m); 3853 } 3854 3855 /* 3856 * Get port from sockaddr. Port is in network byte order. 3857 */ 3858 uint16_t 3859 key_portfromsaddr(struct sockaddr *sa) 3860 { 3861 3862 switch (sa->sa_family) { 3863 #ifdef INET 3864 case AF_INET: 3865 return ((struct sockaddr_in *)sa)->sin_port; 3866 #endif 3867 #ifdef INET6 3868 case AF_INET6: 3869 return ((struct sockaddr_in6 *)sa)->sin6_port; 3870 #endif 3871 } 3872 return (0); 3873 } 3874 3875 /* 3876 * Set port in struct sockaddr. Port is in network byte order. 3877 */ 3878 void 3879 key_porttosaddr(struct sockaddr *sa, uint16_t port) 3880 { 3881 3882 switch (sa->sa_family) { 3883 #ifdef INET 3884 case AF_INET: 3885 ((struct sockaddr_in *)sa)->sin_port = port; 3886 break; 3887 #endif 3888 #ifdef INET6 3889 case AF_INET6: 3890 ((struct sockaddr_in6 *)sa)->sin6_port = port; 3891 break; 3892 #endif 3893 default: 3894 ipseclog((LOG_DEBUG, "%s: unexpected address family %d.\n", 3895 __func__, sa->sa_family)); 3896 break; 3897 } 3898 } 3899 3900 /* 3901 * set data into sadb_x_policy 3902 */ 3903 static struct mbuf * 3904 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id, u_int32_t priority) 3905 { 3906 struct mbuf *m; 3907 struct sadb_x_policy *p; 3908 size_t len; 3909 3910 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); 3911 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3912 if (m == NULL) 3913 return (NULL); 3914 m_align(m, len); 3915 m->m_len = len; 3916 p = mtod(m, struct sadb_x_policy *); 3917 3918 bzero(p, len); 3919 p->sadb_x_policy_len = PFKEY_UNIT64(len); 3920 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 3921 p->sadb_x_policy_type = type; 3922 p->sadb_x_policy_dir = dir; 3923 p->sadb_x_policy_id = id; 3924 p->sadb_x_policy_priority = priority; 3925 3926 return m; 3927 } 3928 3929 /* %%% utilities */ 3930 /* Take a key message (sadb_key) from the socket and turn it into one 3931 * of the kernel's key structures (seckey). 3932 * 3933 * IN: pointer to the src 3934 * OUT: NULL no more memory 3935 */ 3936 struct seckey * 3937 key_dup_keymsg(const struct sadb_key *src, size_t len, 3938 struct malloc_type *type) 3939 { 3940 struct seckey *dst; 3941 3942 dst = malloc(sizeof(*dst), type, M_NOWAIT); 3943 if (dst != NULL) { 3944 dst->bits = src->sadb_key_bits; 3945 dst->key_data = malloc(len, type, M_NOWAIT); 3946 if (dst->key_data != NULL) { 3947 bcopy((const char *)(src + 1), dst->key_data, len); 3948 } else { 3949 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3950 __func__)); 3951 free(dst, type); 3952 dst = NULL; 3953 } 3954 } else { 3955 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3956 __func__)); 3957 3958 } 3959 return (dst); 3960 } 3961 3962 /* Take a lifetime message (sadb_lifetime) passed in on a socket and 3963 * turn it into one of the kernel's lifetime structures (seclifetime). 3964 * 3965 * IN: pointer to the destination, source and malloc type 3966 * OUT: NULL, no more memory 3967 */ 3968 3969 static struct seclifetime * 3970 key_dup_lifemsg(const struct sadb_lifetime *src, struct malloc_type *type) 3971 { 3972 struct seclifetime *dst; 3973 3974 dst = malloc(sizeof(*dst), type, M_NOWAIT); 3975 if (dst == NULL) { 3976 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3977 return (NULL); 3978 } 3979 dst->allocations = src->sadb_lifetime_allocations; 3980 dst->bytes = src->sadb_lifetime_bytes; 3981 dst->addtime = src->sadb_lifetime_addtime; 3982 dst->usetime = src->sadb_lifetime_usetime; 3983 return (dst); 3984 } 3985 3986 /* 3987 * compare two secasindex structure. 3988 * flag can specify to compare 2 saidxes. 3989 * compare two secasindex structure without both mode and reqid. 3990 * don't compare port. 3991 * IN: 3992 * saidx0: source, it can be in SAD. 3993 * saidx1: object. 3994 * OUT: 3995 * 1 : equal 3996 * 0 : not equal 3997 */ 3998 static int 3999 key_cmpsaidx(const struct secasindex *saidx0, const struct secasindex *saidx1, 4000 int flag) 4001 { 4002 4003 /* sanity */ 4004 if (saidx0 == NULL && saidx1 == NULL) 4005 return 1; 4006 4007 if (saidx0 == NULL || saidx1 == NULL) 4008 return 0; 4009 4010 if (saidx0->proto != saidx1->proto) 4011 return 0; 4012 4013 if (flag == CMP_EXACTLY) { 4014 if (saidx0->mode != saidx1->mode) 4015 return 0; 4016 if (saidx0->reqid != saidx1->reqid) 4017 return 0; 4018 if (bcmp(&saidx0->src, &saidx1->src, 4019 saidx0->src.sa.sa_len) != 0 || 4020 bcmp(&saidx0->dst, &saidx1->dst, 4021 saidx0->dst.sa.sa_len) != 0) 4022 return 0; 4023 } else { 4024 4025 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */ 4026 if (flag == CMP_MODE_REQID || flag == CMP_REQID) { 4027 /* 4028 * If reqid of SPD is non-zero, unique SA is required. 4029 * The result must be of same reqid in this case. 4030 */ 4031 if (saidx1->reqid != 0 && 4032 saidx0->reqid != saidx1->reqid) 4033 return 0; 4034 } 4035 4036 if (flag == CMP_MODE_REQID) { 4037 if (saidx0->mode != IPSEC_MODE_ANY 4038 && saidx0->mode != saidx1->mode) 4039 return 0; 4040 } 4041 4042 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, 0) != 0) 4043 return 0; 4044 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, 0) != 0) 4045 return 0; 4046 } 4047 4048 return 1; 4049 } 4050 4051 /* 4052 * compare two secindex structure exactly. 4053 * IN: 4054 * spidx0: source, it is often in SPD. 4055 * spidx1: object, it is often from PFKEY message. 4056 * OUT: 4057 * 1 : equal 4058 * 0 : not equal 4059 */ 4060 static int 4061 key_cmpspidx_exactly(struct secpolicyindex *spidx0, 4062 struct secpolicyindex *spidx1) 4063 { 4064 /* sanity */ 4065 if (spidx0 == NULL && spidx1 == NULL) 4066 return 1; 4067 4068 if (spidx0 == NULL || spidx1 == NULL) 4069 return 0; 4070 4071 if (spidx0->prefs != spidx1->prefs 4072 || spidx0->prefd != spidx1->prefd 4073 || spidx0->ul_proto != spidx1->ul_proto) 4074 return 0; 4075 4076 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 && 4077 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0; 4078 } 4079 4080 /* 4081 * compare two secindex structure with mask. 4082 * IN: 4083 * spidx0: source, it is often in SPD. 4084 * spidx1: object, it is often from IP header. 4085 * OUT: 4086 * 1 : equal 4087 * 0 : not equal 4088 */ 4089 static int 4090 key_cmpspidx_withmask(struct secpolicyindex *spidx0, 4091 struct secpolicyindex *spidx1) 4092 { 4093 /* sanity */ 4094 if (spidx0 == NULL && spidx1 == NULL) 4095 return 1; 4096 4097 if (spidx0 == NULL || spidx1 == NULL) 4098 return 0; 4099 4100 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family || 4101 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family || 4102 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len || 4103 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) 4104 return 0; 4105 4106 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ 4107 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY 4108 && spidx0->ul_proto != spidx1->ul_proto) 4109 return 0; 4110 4111 switch (spidx0->src.sa.sa_family) { 4112 case AF_INET: 4113 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY 4114 && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) 4115 return 0; 4116 if (!key_bbcmp(&spidx0->src.sin.sin_addr, 4117 &spidx1->src.sin.sin_addr, spidx0->prefs)) 4118 return 0; 4119 break; 4120 case AF_INET6: 4121 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY 4122 && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) 4123 return 0; 4124 /* 4125 * scope_id check. if sin6_scope_id is 0, we regard it 4126 * as a wildcard scope, which matches any scope zone ID. 4127 */ 4128 if (spidx0->src.sin6.sin6_scope_id && 4129 spidx1->src.sin6.sin6_scope_id && 4130 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) 4131 return 0; 4132 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr, 4133 &spidx1->src.sin6.sin6_addr, spidx0->prefs)) 4134 return 0; 4135 break; 4136 default: 4137 /* XXX */ 4138 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) 4139 return 0; 4140 break; 4141 } 4142 4143 switch (spidx0->dst.sa.sa_family) { 4144 case AF_INET: 4145 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY 4146 && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) 4147 return 0; 4148 if (!key_bbcmp(&spidx0->dst.sin.sin_addr, 4149 &spidx1->dst.sin.sin_addr, spidx0->prefd)) 4150 return 0; 4151 break; 4152 case AF_INET6: 4153 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY 4154 && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) 4155 return 0; 4156 /* 4157 * scope_id check. if sin6_scope_id is 0, we regard it 4158 * as a wildcard scope, which matches any scope zone ID. 4159 */ 4160 if (spidx0->dst.sin6.sin6_scope_id && 4161 spidx1->dst.sin6.sin6_scope_id && 4162 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) 4163 return 0; 4164 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr, 4165 &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) 4166 return 0; 4167 break; 4168 default: 4169 /* XXX */ 4170 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) 4171 return 0; 4172 break; 4173 } 4174 4175 /* XXX Do we check other field ? e.g. flowinfo */ 4176 4177 return 1; 4178 } 4179 4180 #ifdef satosin 4181 #undef satosin 4182 #endif 4183 #define satosin(s) ((const struct sockaddr_in *)s) 4184 #ifdef satosin6 4185 #undef satosin6 4186 #endif 4187 #define satosin6(s) ((const struct sockaddr_in6 *)s) 4188 /* returns 0 on match */ 4189 int 4190 key_sockaddrcmp(const struct sockaddr *sa1, const struct sockaddr *sa2, 4191 int port) 4192 { 4193 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4194 return 1; 4195 4196 switch (sa1->sa_family) { 4197 #ifdef INET 4198 case AF_INET: 4199 if (sa1->sa_len != sizeof(struct sockaddr_in)) 4200 return 1; 4201 if (satosin(sa1)->sin_addr.s_addr != 4202 satosin(sa2)->sin_addr.s_addr) { 4203 return 1; 4204 } 4205 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port) 4206 return 1; 4207 break; 4208 #endif 4209 #ifdef INET6 4210 case AF_INET6: 4211 if (sa1->sa_len != sizeof(struct sockaddr_in6)) 4212 return 1; /*EINVAL*/ 4213 if (satosin6(sa1)->sin6_scope_id != 4214 satosin6(sa2)->sin6_scope_id) { 4215 return 1; 4216 } 4217 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr, 4218 &satosin6(sa2)->sin6_addr)) { 4219 return 1; 4220 } 4221 if (port && 4222 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) { 4223 return 1; 4224 } 4225 break; 4226 #endif 4227 default: 4228 if (bcmp(sa1, sa2, sa1->sa_len) != 0) 4229 return 1; 4230 break; 4231 } 4232 4233 return 0; 4234 } 4235 4236 /* returns 0 on match */ 4237 int 4238 key_sockaddrcmp_withmask(const struct sockaddr *sa1, 4239 const struct sockaddr *sa2, size_t mask) 4240 { 4241 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4242 return (1); 4243 4244 switch (sa1->sa_family) { 4245 #ifdef INET 4246 case AF_INET: 4247 return (!key_bbcmp(&satosin(sa1)->sin_addr, 4248 &satosin(sa2)->sin_addr, mask)); 4249 #endif 4250 #ifdef INET6 4251 case AF_INET6: 4252 if (satosin6(sa1)->sin6_scope_id != 4253 satosin6(sa2)->sin6_scope_id) 4254 return (1); 4255 return (!key_bbcmp(&satosin6(sa1)->sin6_addr, 4256 &satosin6(sa2)->sin6_addr, mask)); 4257 #endif 4258 } 4259 return (1); 4260 } 4261 #undef satosin 4262 #undef satosin6 4263 4264 /* 4265 * compare two buffers with mask. 4266 * IN: 4267 * addr1: source 4268 * addr2: object 4269 * bits: Number of bits to compare 4270 * OUT: 4271 * 1 : equal 4272 * 0 : not equal 4273 */ 4274 static int 4275 key_bbcmp(const void *a1, const void *a2, u_int bits) 4276 { 4277 const unsigned char *p1 = a1; 4278 const unsigned char *p2 = a2; 4279 4280 /* XXX: This could be considerably faster if we compare a word 4281 * at a time, but it is complicated on LSB Endian machines */ 4282 4283 /* Handle null pointers */ 4284 if (p1 == NULL || p2 == NULL) 4285 return (p1 == p2); 4286 4287 while (bits >= 8) { 4288 if (*p1++ != *p2++) 4289 return 0; 4290 bits -= 8; 4291 } 4292 4293 if (bits > 0) { 4294 u_int8_t mask = ~((1<<(8-bits))-1); 4295 if ((*p1 & mask) != (*p2 & mask)) 4296 return 0; 4297 } 4298 return 1; /* Match! */ 4299 } 4300 4301 static void 4302 key_flush_spd(time_t now) 4303 { 4304 SPTREE_RLOCK_TRACKER; 4305 struct secpolicy_list drainq; 4306 struct secpolicy *sp, *nextsp; 4307 u_int dir; 4308 4309 LIST_INIT(&drainq); 4310 SPTREE_RLOCK(); 4311 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 4312 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 4313 if (sp->lifetime == 0 && sp->validtime == 0) 4314 continue; 4315 if ((sp->lifetime && 4316 now - sp->created > sp->lifetime) || 4317 (sp->validtime && 4318 now - sp->lastused > sp->validtime)) { 4319 /* Hold extra reference to send SPDEXPIRE */ 4320 SP_ADDREF(sp); 4321 LIST_INSERT_HEAD(&drainq, sp, drainq); 4322 } 4323 } 4324 } 4325 SPTREE_RUNLOCK(); 4326 if (LIST_EMPTY(&drainq)) 4327 return; 4328 4329 SPTREE_WLOCK(); 4330 sp = LIST_FIRST(&drainq); 4331 while (sp != NULL) { 4332 nextsp = LIST_NEXT(sp, drainq); 4333 /* Check that SP is still linked */ 4334 if (sp->state != IPSEC_SPSTATE_ALIVE) { 4335 LIST_REMOVE(sp, drainq); 4336 key_freesp(&sp); /* release extra reference */ 4337 sp = nextsp; 4338 continue; 4339 } 4340 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 4341 LIST_REMOVE(sp, idhash); 4342 sp->state = IPSEC_SPSTATE_DEAD; 4343 sp = nextsp; 4344 } 4345 V_sp_genid++; 4346 SPTREE_WUNLOCK(); 4347 4348 sp = LIST_FIRST(&drainq); 4349 while (sp != NULL) { 4350 nextsp = LIST_NEXT(sp, drainq); 4351 key_spdexpire(sp); 4352 key_freesp(&sp); /* release extra reference */ 4353 key_freesp(&sp); /* release last reference */ 4354 sp = nextsp; 4355 } 4356 } 4357 4358 static void 4359 key_flush_sad(time_t now) 4360 { 4361 SAHTREE_RLOCK_TRACKER; 4362 struct secashead_list emptyq; 4363 struct secasvar_list drainq, hexpireq, sexpireq, freeq; 4364 struct secashead *sah, *nextsah; 4365 struct secasvar *sav, *nextsav; 4366 4367 LIST_INIT(&drainq); 4368 LIST_INIT(&hexpireq); 4369 LIST_INIT(&sexpireq); 4370 LIST_INIT(&emptyq); 4371 4372 SAHTREE_RLOCK(); 4373 TAILQ_FOREACH(sah, &V_sahtree, chain) { 4374 /* Check for empty SAH */ 4375 if (TAILQ_EMPTY(&sah->savtree_larval) && 4376 TAILQ_EMPTY(&sah->savtree_alive)) { 4377 SAH_ADDREF(sah); 4378 LIST_INSERT_HEAD(&emptyq, sah, drainq); 4379 continue; 4380 } 4381 /* Add all stale LARVAL SAs into drainq */ 4382 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 4383 if (now - sav->created < V_key_larval_lifetime) 4384 continue; 4385 SAV_ADDREF(sav); 4386 LIST_INSERT_HEAD(&drainq, sav, drainq); 4387 } 4388 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 4389 /* lifetimes aren't specified */ 4390 if (sav->lft_h == NULL) 4391 continue; 4392 SECASVAR_LOCK(sav); 4393 /* 4394 * Check again with lock held, because it may 4395 * be updated by SADB_UPDATE. 4396 */ 4397 if (sav->lft_h == NULL) { 4398 SECASVAR_UNLOCK(sav); 4399 continue; 4400 } 4401 /* 4402 * RFC 2367: 4403 * HARD lifetimes MUST take precedence over SOFT 4404 * lifetimes, meaning if the HARD and SOFT lifetimes 4405 * are the same, the HARD lifetime will appear on the 4406 * EXPIRE message. 4407 */ 4408 /* check HARD lifetime */ 4409 if ((sav->lft_h->addtime != 0 && 4410 now - sav->created > sav->lft_h->addtime) || 4411 (sav->lft_h->usetime != 0 && sav->firstused && 4412 now - sav->firstused > sav->lft_h->usetime) || 4413 (sav->lft_h->bytes != 0 && counter_u64_fetch( 4414 sav->lft_c_bytes) > sav->lft_h->bytes)) { 4415 SECASVAR_UNLOCK(sav); 4416 SAV_ADDREF(sav); 4417 LIST_INSERT_HEAD(&hexpireq, sav, drainq); 4418 continue; 4419 } 4420 /* check SOFT lifetime (only for MATURE SAs) */ 4421 if (sav->state == SADB_SASTATE_MATURE && ( 4422 (sav->lft_s->addtime != 0 && 4423 now - sav->created > sav->lft_s->addtime) || 4424 (sav->lft_s->usetime != 0 && sav->firstused && 4425 now - sav->firstused > sav->lft_s->usetime) || 4426 (sav->lft_s->bytes != 0 && counter_u64_fetch( 4427 sav->lft_c_bytes) > sav->lft_s->bytes))) { 4428 SECASVAR_UNLOCK(sav); 4429 SAV_ADDREF(sav); 4430 LIST_INSERT_HEAD(&sexpireq, sav, drainq); 4431 continue; 4432 } 4433 SECASVAR_UNLOCK(sav); 4434 } 4435 } 4436 SAHTREE_RUNLOCK(); 4437 4438 if (LIST_EMPTY(&emptyq) && LIST_EMPTY(&drainq) && 4439 LIST_EMPTY(&hexpireq) && LIST_EMPTY(&sexpireq)) 4440 return; 4441 4442 LIST_INIT(&freeq); 4443 SAHTREE_WLOCK(); 4444 /* Unlink stale LARVAL SAs */ 4445 sav = LIST_FIRST(&drainq); 4446 while (sav != NULL) { 4447 nextsav = LIST_NEXT(sav, drainq); 4448 /* Check that SA is still LARVAL */ 4449 if (sav->state != SADB_SASTATE_LARVAL) { 4450 LIST_REMOVE(sav, drainq); 4451 LIST_INSERT_HEAD(&freeq, sav, drainq); 4452 sav = nextsav; 4453 continue; 4454 } 4455 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 4456 LIST_REMOVE(sav, spihash); 4457 sav->state = SADB_SASTATE_DEAD; 4458 sav = nextsav; 4459 } 4460 /* Unlink all SAs with expired HARD lifetime */ 4461 sav = LIST_FIRST(&hexpireq); 4462 while (sav != NULL) { 4463 nextsav = LIST_NEXT(sav, drainq); 4464 /* Check that SA is not unlinked */ 4465 if (sav->state == SADB_SASTATE_DEAD) { 4466 LIST_REMOVE(sav, drainq); 4467 LIST_INSERT_HEAD(&freeq, sav, drainq); 4468 sav = nextsav; 4469 continue; 4470 } 4471 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 4472 LIST_REMOVE(sav, spihash); 4473 sav->state = SADB_SASTATE_DEAD; 4474 sav = nextsav; 4475 } 4476 /* Mark all SAs with expired SOFT lifetime as DYING */ 4477 sav = LIST_FIRST(&sexpireq); 4478 while (sav != NULL) { 4479 nextsav = LIST_NEXT(sav, drainq); 4480 /* Check that SA is not unlinked */ 4481 if (sav->state == SADB_SASTATE_DEAD) { 4482 LIST_REMOVE(sav, drainq); 4483 LIST_INSERT_HEAD(&freeq, sav, drainq); 4484 sav = nextsav; 4485 continue; 4486 } 4487 /* 4488 * NOTE: this doesn't change SA order in the chain. 4489 */ 4490 sav->state = SADB_SASTATE_DYING; 4491 sav = nextsav; 4492 } 4493 /* Unlink empty SAHs */ 4494 sah = LIST_FIRST(&emptyq); 4495 while (sah != NULL) { 4496 nextsah = LIST_NEXT(sah, drainq); 4497 /* Check that SAH is still empty and not unlinked */ 4498 if (sah->state == SADB_SASTATE_DEAD || 4499 !TAILQ_EMPTY(&sah->savtree_larval) || 4500 !TAILQ_EMPTY(&sah->savtree_alive)) { 4501 LIST_REMOVE(sah, drainq); 4502 key_freesah(&sah); /* release extra reference */ 4503 sah = nextsah; 4504 continue; 4505 } 4506 TAILQ_REMOVE(&V_sahtree, sah, chain); 4507 LIST_REMOVE(sah, addrhash); 4508 sah->state = SADB_SASTATE_DEAD; 4509 sah = nextsah; 4510 } 4511 SAHTREE_WUNLOCK(); 4512 4513 /* Send SPDEXPIRE messages */ 4514 sav = LIST_FIRST(&hexpireq); 4515 while (sav != NULL) { 4516 nextsav = LIST_NEXT(sav, drainq); 4517 key_expire(sav, 1); 4518 key_freesah(&sav->sah); /* release reference from SAV */ 4519 key_freesav(&sav); /* release extra reference */ 4520 key_freesav(&sav); /* release last reference */ 4521 sav = nextsav; 4522 } 4523 sav = LIST_FIRST(&sexpireq); 4524 while (sav != NULL) { 4525 nextsav = LIST_NEXT(sav, drainq); 4526 key_expire(sav, 0); 4527 key_freesav(&sav); /* release extra reference */ 4528 sav = nextsav; 4529 } 4530 /* Free stale LARVAL SAs */ 4531 sav = LIST_FIRST(&drainq); 4532 while (sav != NULL) { 4533 nextsav = LIST_NEXT(sav, drainq); 4534 key_freesah(&sav->sah); /* release reference from SAV */ 4535 key_freesav(&sav); /* release extra reference */ 4536 key_freesav(&sav); /* release last reference */ 4537 sav = nextsav; 4538 } 4539 /* Free SAs that were unlinked/changed by someone else */ 4540 sav = LIST_FIRST(&freeq); 4541 while (sav != NULL) { 4542 nextsav = LIST_NEXT(sav, drainq); 4543 key_freesav(&sav); /* release extra reference */ 4544 sav = nextsav; 4545 } 4546 /* Free empty SAH */ 4547 sah = LIST_FIRST(&emptyq); 4548 while (sah != NULL) { 4549 nextsah = LIST_NEXT(sah, drainq); 4550 key_freesah(&sah); /* release extra reference */ 4551 key_freesah(&sah); /* release last reference */ 4552 sah = nextsah; 4553 } 4554 } 4555 4556 static void 4557 key_flush_acq(time_t now) 4558 { 4559 struct secacq *acq, *nextacq; 4560 4561 /* ACQ tree */ 4562 ACQ_LOCK(); 4563 acq = LIST_FIRST(&V_acqtree); 4564 while (acq != NULL) { 4565 nextacq = LIST_NEXT(acq, chain); 4566 if (now - acq->created > V_key_blockacq_lifetime) { 4567 LIST_REMOVE(acq, chain); 4568 LIST_REMOVE(acq, addrhash); 4569 LIST_REMOVE(acq, seqhash); 4570 free(acq, M_IPSEC_SAQ); 4571 } 4572 acq = nextacq; 4573 } 4574 ACQ_UNLOCK(); 4575 } 4576 4577 static void 4578 key_flush_spacq(time_t now) 4579 { 4580 struct secspacq *acq, *nextacq; 4581 4582 /* SP ACQ tree */ 4583 SPACQ_LOCK(); 4584 for (acq = LIST_FIRST(&V_spacqtree); acq != NULL; acq = nextacq) { 4585 nextacq = LIST_NEXT(acq, chain); 4586 if (now - acq->created > V_key_blockacq_lifetime 4587 && __LIST_CHAINED(acq)) { 4588 LIST_REMOVE(acq, chain); 4589 free(acq, M_IPSEC_SAQ); 4590 } 4591 } 4592 SPACQ_UNLOCK(); 4593 } 4594 4595 /* 4596 * time handler. 4597 * scanning SPD and SAD to check status for each entries, 4598 * and do to remove or to expire. 4599 * XXX: year 2038 problem may remain. 4600 */ 4601 static void 4602 key_timehandler(void *arg) 4603 { 4604 VNET_ITERATOR_DECL(vnet_iter); 4605 time_t now = time_second; 4606 4607 VNET_LIST_RLOCK_NOSLEEP(); 4608 VNET_FOREACH(vnet_iter) { 4609 CURVNET_SET(vnet_iter); 4610 key_flush_spd(now); 4611 key_flush_sad(now); 4612 key_flush_acq(now); 4613 key_flush_spacq(now); 4614 CURVNET_RESTORE(); 4615 } 4616 VNET_LIST_RUNLOCK_NOSLEEP(); 4617 4618 #ifndef IPSEC_DEBUG2 4619 /* do exchange to tick time !! */ 4620 callout_schedule(&key_timer, hz); 4621 #endif /* IPSEC_DEBUG2 */ 4622 } 4623 4624 u_long 4625 key_random() 4626 { 4627 u_long value; 4628 4629 key_randomfill(&value, sizeof(value)); 4630 return value; 4631 } 4632 4633 void 4634 key_randomfill(void *p, size_t l) 4635 { 4636 size_t n; 4637 u_long v; 4638 static int warn = 1; 4639 4640 n = 0; 4641 n = (size_t)read_random(p, (u_int)l); 4642 /* last resort */ 4643 while (n < l) { 4644 v = random(); 4645 bcopy(&v, (u_int8_t *)p + n, 4646 l - n < sizeof(v) ? l - n : sizeof(v)); 4647 n += sizeof(v); 4648 4649 if (warn) { 4650 printf("WARNING: pseudo-random number generator " 4651 "used for IPsec processing\n"); 4652 warn = 0; 4653 } 4654 } 4655 } 4656 4657 /* 4658 * map SADB_SATYPE_* to IPPROTO_*. 4659 * if satype == SADB_SATYPE then satype is mapped to ~0. 4660 * OUT: 4661 * 0: invalid satype. 4662 */ 4663 static uint8_t 4664 key_satype2proto(uint8_t satype) 4665 { 4666 switch (satype) { 4667 case SADB_SATYPE_UNSPEC: 4668 return IPSEC_PROTO_ANY; 4669 case SADB_SATYPE_AH: 4670 return IPPROTO_AH; 4671 case SADB_SATYPE_ESP: 4672 return IPPROTO_ESP; 4673 case SADB_X_SATYPE_IPCOMP: 4674 return IPPROTO_IPCOMP; 4675 case SADB_X_SATYPE_TCPSIGNATURE: 4676 return IPPROTO_TCP; 4677 default: 4678 return 0; 4679 } 4680 /* NOTREACHED */ 4681 } 4682 4683 /* 4684 * map IPPROTO_* to SADB_SATYPE_* 4685 * OUT: 4686 * 0: invalid protocol type. 4687 */ 4688 static uint8_t 4689 key_proto2satype(uint8_t proto) 4690 { 4691 switch (proto) { 4692 case IPPROTO_AH: 4693 return SADB_SATYPE_AH; 4694 case IPPROTO_ESP: 4695 return SADB_SATYPE_ESP; 4696 case IPPROTO_IPCOMP: 4697 return SADB_X_SATYPE_IPCOMP; 4698 case IPPROTO_TCP: 4699 return SADB_X_SATYPE_TCPSIGNATURE; 4700 default: 4701 return 0; 4702 } 4703 /* NOTREACHED */ 4704 } 4705 4706 /* %%% PF_KEY */ 4707 /* 4708 * SADB_GETSPI processing is to receive 4709 * <base, (SA2), src address, dst address, (SPI range)> 4710 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND 4711 * tree with the status of LARVAL, and send 4712 * <base, SA(*), address(SD)> 4713 * to the IKMPd. 4714 * 4715 * IN: mhp: pointer to the pointer to each header. 4716 * OUT: NULL if fail. 4717 * other if success, return pointer to the message to send. 4718 */ 4719 static int 4720 key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 4721 { 4722 struct secasindex saidx; 4723 struct sadb_address *src0, *dst0; 4724 struct secasvar *sav; 4725 uint32_t reqid, spi; 4726 int error; 4727 uint8_t mode, proto; 4728 4729 IPSEC_ASSERT(so != NULL, ("null socket")); 4730 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4731 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4732 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4733 4734 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 4735 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) 4736 #ifdef PFKEY_STRICT_CHECKS 4737 || SADB_CHECKHDR(mhp, SADB_EXT_SPIRANGE) 4738 #endif 4739 ) { 4740 ipseclog((LOG_DEBUG, 4741 "%s: invalid message: missing required header.\n", 4742 __func__)); 4743 error = EINVAL; 4744 goto fail; 4745 } 4746 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 4747 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) 4748 #ifdef PFKEY_STRICT_CHECKS 4749 || SADB_CHECKLEN(mhp, SADB_EXT_SPIRANGE) 4750 #endif 4751 ) { 4752 ipseclog((LOG_DEBUG, 4753 "%s: invalid message: wrong header size.\n", __func__)); 4754 error = EINVAL; 4755 goto fail; 4756 } 4757 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 4758 mode = IPSEC_MODE_ANY; 4759 reqid = 0; 4760 } else { 4761 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 4762 ipseclog((LOG_DEBUG, 4763 "%s: invalid message: wrong header size.\n", 4764 __func__)); 4765 error = EINVAL; 4766 goto fail; 4767 } 4768 mode = ((struct sadb_x_sa2 *) 4769 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 4770 reqid = ((struct sadb_x_sa2 *) 4771 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 4772 } 4773 4774 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 4775 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 4776 4777 /* map satype to proto */ 4778 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 4779 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 4780 __func__)); 4781 error = EINVAL; 4782 goto fail; 4783 } 4784 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 4785 (struct sockaddr *)(dst0 + 1)); 4786 if (error != 0) { 4787 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 4788 error = EINVAL; 4789 goto fail; 4790 } 4791 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 4792 4793 /* SPI allocation */ 4794 spi = key_do_getnewspi( 4795 (struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], &saidx); 4796 if (spi == 0) { 4797 /* 4798 * Requested SPI or SPI range is not available or 4799 * already used. 4800 */ 4801 error = EEXIST; 4802 goto fail; 4803 } 4804 sav = key_newsav(mhp, &saidx, spi, &error); 4805 if (sav == NULL) 4806 goto fail; 4807 4808 if (sav->seq != 0) { 4809 /* 4810 * RFC2367: 4811 * If the SADB_GETSPI message is in response to a 4812 * kernel-generated SADB_ACQUIRE, the sadb_msg_seq 4813 * MUST be the same as the SADB_ACQUIRE message. 4814 * 4815 * XXXAE: However it doesn't definethe behaviour how to 4816 * check this and what to do if it doesn't match. 4817 * Also what we should do if it matches? 4818 * 4819 * We can compare saidx used in SADB_ACQUIRE with saidx 4820 * used in SADB_GETSPI, but this probably can break 4821 * existing software. For now just warn if it doesn't match. 4822 * 4823 * XXXAE: anyway it looks useless. 4824 */ 4825 key_acqdone(&saidx, sav->seq); 4826 } 4827 KEYDBG(KEY_STAMP, 4828 printf("%s: SA(%p)\n", __func__, sav)); 4829 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 4830 4831 { 4832 struct mbuf *n, *nn; 4833 struct sadb_sa *m_sa; 4834 struct sadb_msg *newmsg; 4835 int off, len; 4836 4837 /* create new sadb_msg to reply. */ 4838 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 4839 PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4840 4841 MGETHDR(n, M_NOWAIT, MT_DATA); 4842 if (len > MHLEN) { 4843 if (!(MCLGET(n, M_NOWAIT))) { 4844 m_freem(n); 4845 n = NULL; 4846 } 4847 } 4848 if (!n) { 4849 error = ENOBUFS; 4850 goto fail; 4851 } 4852 4853 n->m_len = len; 4854 n->m_next = NULL; 4855 off = 0; 4856 4857 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 4858 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 4859 4860 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off); 4861 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); 4862 m_sa->sadb_sa_exttype = SADB_EXT_SA; 4863 m_sa->sadb_sa_spi = spi; /* SPI is already in network byte order */ 4864 off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4865 4866 IPSEC_ASSERT(off == len, 4867 ("length inconsistency (off %u len %u)", off, len)); 4868 4869 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, 4870 SADB_EXT_ADDRESS_DST); 4871 if (!n->m_next) { 4872 m_freem(n); 4873 error = ENOBUFS; 4874 goto fail; 4875 } 4876 4877 if (n->m_len < sizeof(struct sadb_msg)) { 4878 n = m_pullup(n, sizeof(struct sadb_msg)); 4879 if (n == NULL) 4880 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 4881 } 4882 4883 n->m_pkthdr.len = 0; 4884 for (nn = n; nn; nn = nn->m_next) 4885 n->m_pkthdr.len += nn->m_len; 4886 4887 newmsg = mtod(n, struct sadb_msg *); 4888 newmsg->sadb_msg_seq = sav->seq; 4889 newmsg->sadb_msg_errno = 0; 4890 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 4891 4892 m_freem(m); 4893 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 4894 } 4895 4896 fail: 4897 return (key_senderror(so, m, error)); 4898 } 4899 4900 /* 4901 * allocating new SPI 4902 * called by key_getspi(). 4903 * OUT: 4904 * 0: failure. 4905 * others: success, SPI in network byte order. 4906 */ 4907 static uint32_t 4908 key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx) 4909 { 4910 uint32_t min, max, newspi, t; 4911 int count = V_key_spi_trycnt; 4912 4913 /* set spi range to allocate */ 4914 if (spirange != NULL) { 4915 min = spirange->sadb_spirange_min; 4916 max = spirange->sadb_spirange_max; 4917 } else { 4918 min = V_key_spi_minval; 4919 max = V_key_spi_maxval; 4920 } 4921 /* IPCOMP needs 2-byte SPI */ 4922 if (saidx->proto == IPPROTO_IPCOMP) { 4923 if (min >= 0x10000) 4924 min = 0xffff; 4925 if (max >= 0x10000) 4926 max = 0xffff; 4927 if (min > max) { 4928 t = min; min = max; max = t; 4929 } 4930 } 4931 4932 if (min == max) { 4933 if (!key_checkspidup(htonl(min))) { 4934 ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n", 4935 __func__, min)); 4936 return 0; 4937 } 4938 4939 count--; /* taking one cost. */ 4940 newspi = min; 4941 } else { 4942 4943 /* init SPI */ 4944 newspi = 0; 4945 4946 /* when requesting to allocate spi ranged */ 4947 while (count--) { 4948 /* generate pseudo-random SPI value ranged. */ 4949 newspi = min + (key_random() % (max - min + 1)); 4950 if (!key_checkspidup(htonl(newspi))) 4951 break; 4952 } 4953 4954 if (count == 0 || newspi == 0) { 4955 ipseclog((LOG_DEBUG, 4956 "%s: failed to allocate SPI.\n", __func__)); 4957 return 0; 4958 } 4959 } 4960 4961 /* statistics */ 4962 keystat.getspi_count = 4963 (keystat.getspi_count + V_key_spi_trycnt - count) / 2; 4964 4965 return (htonl(newspi)); 4966 } 4967 4968 /* 4969 * Find TCP-MD5 SA with corresponding secasindex. 4970 * If not found, return NULL and fill SPI with usable value if needed. 4971 */ 4972 static struct secasvar * 4973 key_getsav_tcpmd5(struct secasindex *saidx, uint32_t *spi) 4974 { 4975 SAHTREE_RLOCK_TRACKER; 4976 struct secashead *sah; 4977 struct secasvar *sav; 4978 4979 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, ("wrong proto")); 4980 SAHTREE_RLOCK(); 4981 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 4982 if (sah->saidx.proto != IPPROTO_TCP) 4983 continue; 4984 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 4985 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 4986 break; 4987 } 4988 if (sah != NULL) { 4989 if (V_key_preferred_oldsa) 4990 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 4991 else 4992 sav = TAILQ_FIRST(&sah->savtree_alive); 4993 if (sav != NULL) { 4994 SAV_ADDREF(sav); 4995 SAHTREE_RUNLOCK(); 4996 return (sav); 4997 } 4998 } 4999 if (spi == NULL) { 5000 /* No SPI required */ 5001 SAHTREE_RUNLOCK(); 5002 return (NULL); 5003 } 5004 /* Check that SPI is unique */ 5005 LIST_FOREACH(sav, SAVHASH_HASH(*spi), spihash) { 5006 if (sav->spi == *spi) 5007 break; 5008 } 5009 if (sav == NULL) { 5010 SAHTREE_RUNLOCK(); 5011 /* SPI is already unique */ 5012 return (NULL); 5013 } 5014 SAHTREE_RUNLOCK(); 5015 /* XXX: not optimal */ 5016 *spi = key_do_getnewspi(NULL, saidx); 5017 return (NULL); 5018 } 5019 5020 static int 5021 key_updateaddresses(struct socket *so, struct mbuf *m, 5022 const struct sadb_msghdr *mhp, struct secasvar *sav, 5023 struct secasindex *saidx) 5024 { 5025 struct sockaddr *newaddr; 5026 struct secashead *sah; 5027 struct secasvar *newsav, *tmp; 5028 struct mbuf *n; 5029 int error, isnew; 5030 5031 /* Check that we need to change SAH */ 5032 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC)) { 5033 newaddr = (struct sockaddr *)( 5034 ((struct sadb_address *) 5035 mhp->ext[SADB_X_EXT_NEW_ADDRESS_SRC]) + 1); 5036 bcopy(newaddr, &saidx->src, newaddr->sa_len); 5037 key_porttosaddr(&saidx->src.sa, 0); 5038 } 5039 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5040 newaddr = (struct sockaddr *)( 5041 ((struct sadb_address *) 5042 mhp->ext[SADB_X_EXT_NEW_ADDRESS_DST]) + 1); 5043 bcopy(newaddr, &saidx->dst, newaddr->sa_len); 5044 key_porttosaddr(&saidx->dst.sa, 0); 5045 } 5046 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5047 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5048 error = key_checksockaddrs(&saidx->src.sa, &saidx->dst.sa); 5049 if (error != 0) { 5050 ipseclog((LOG_DEBUG, "%s: invalid new sockaddr.\n", 5051 __func__)); 5052 return (error); 5053 } 5054 5055 sah = key_getsah(saidx); 5056 if (sah == NULL) { 5057 /* create a new SA index */ 5058 sah = key_newsah(saidx); 5059 if (sah == NULL) { 5060 ipseclog((LOG_DEBUG, 5061 "%s: No more memory.\n", __func__)); 5062 return (ENOBUFS); 5063 } 5064 isnew = 2; /* SAH is new */ 5065 } else 5066 isnew = 1; /* existing SAH is referenced */ 5067 } else { 5068 /* 5069 * src and dst addresses are still the same. 5070 * Do we want to change NAT-T config? 5071 */ 5072 if (sav->sah->saidx.proto != IPPROTO_ESP || 5073 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5074 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) || 5075 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5076 ipseclog((LOG_DEBUG, 5077 "%s: invalid message: missing required header.\n", 5078 __func__)); 5079 return (EINVAL); 5080 } 5081 /* We hold reference to SA, thus SAH will be referenced too. */ 5082 sah = sav->sah; 5083 isnew = 0; 5084 } 5085 5086 newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, 5087 M_NOWAIT | M_ZERO); 5088 if (newsav == NULL) { 5089 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5090 error = ENOBUFS; 5091 goto fail; 5092 } 5093 5094 /* Clone SA's content into newsav */ 5095 SAV_INITREF(newsav); 5096 bcopy(sav, newsav, offsetof(struct secasvar, chain)); 5097 /* 5098 * We create new NAT-T config if it is needed. 5099 * Old NAT-T config will be freed by key_cleansav() when 5100 * last reference to SA will be released. 5101 */ 5102 newsav->natt = NULL; 5103 newsav->sah = sah; 5104 newsav->state = SADB_SASTATE_MATURE; 5105 error = key_setnatt(newsav, mhp); 5106 if (error != 0) 5107 goto fail; 5108 5109 SAHTREE_WLOCK(); 5110 /* Check that SA is still alive */ 5111 if (sav->state == SADB_SASTATE_DEAD) { 5112 /* SA was unlinked */ 5113 SAHTREE_WUNLOCK(); 5114 error = ESRCH; 5115 goto fail; 5116 } 5117 5118 /* Unlink SA from SAH and SPI hash */ 5119 IPSEC_ASSERT((sav->flags & SADB_X_EXT_F_CLONED) == 0, 5120 ("SA is already cloned")); 5121 IPSEC_ASSERT(sav->state == SADB_SASTATE_MATURE || 5122 sav->state == SADB_SASTATE_DYING, 5123 ("Wrong SA state %u\n", sav->state)); 5124 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 5125 LIST_REMOVE(sav, spihash); 5126 sav->state = SADB_SASTATE_DEAD; 5127 5128 /* 5129 * Link new SA with SAH. Keep SAs ordered by 5130 * create time (newer are first). 5131 */ 5132 TAILQ_FOREACH(tmp, &sah->savtree_alive, chain) { 5133 if (newsav->created > tmp->created) { 5134 TAILQ_INSERT_BEFORE(tmp, newsav, chain); 5135 break; 5136 } 5137 } 5138 if (tmp == NULL) 5139 TAILQ_INSERT_TAIL(&sah->savtree_alive, newsav, chain); 5140 5141 /* Add new SA into SPI hash. */ 5142 LIST_INSERT_HEAD(SAVHASH_HASH(newsav->spi), newsav, spihash); 5143 5144 /* Add new SAH into SADB. */ 5145 if (isnew == 2) { 5146 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 5147 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 5148 sah->state = SADB_SASTATE_MATURE; 5149 SAH_ADDREF(sah); /* newsav references new SAH */ 5150 } 5151 /* 5152 * isnew == 1 -> @sah was referenced by key_getsah(). 5153 * isnew == 0 -> we use the same @sah, that was used by @sav, 5154 * and we use its reference for @newsav. 5155 */ 5156 SECASVAR_LOCK(sav); 5157 /* XXX: replace cntr with pointer? */ 5158 newsav->cntr = sav->cntr; 5159 sav->flags |= SADB_X_EXT_F_CLONED; 5160 SECASVAR_UNLOCK(sav); 5161 5162 SAHTREE_WUNLOCK(); 5163 5164 KEYDBG(KEY_STAMP, 5165 printf("%s: SA(%p) cloned into SA(%p)\n", 5166 __func__, sav, newsav)); 5167 KEYDBG(KEY_DATA, kdebug_secasv(newsav)); 5168 5169 key_freesav(&sav); /* release last reference */ 5170 5171 /* set msg buf from mhp */ 5172 n = key_getmsgbuf_x1(m, mhp); 5173 if (n == NULL) { 5174 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5175 return (ENOBUFS); 5176 } 5177 m_freem(m); 5178 key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5179 return (0); 5180 fail: 5181 if (isnew != 0) 5182 key_freesah(&sah); 5183 if (newsav != NULL) { 5184 if (newsav->natt != NULL) 5185 free(newsav->natt, M_IPSEC_MISC); 5186 free(newsav, M_IPSEC_SA); 5187 } 5188 return (error); 5189 } 5190 5191 /* 5192 * SADB_UPDATE processing 5193 * receive 5194 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5195 * key(AE), (identity(SD),) (sensitivity)> 5196 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. 5197 * and send 5198 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5199 * (identity(SD),) (sensitivity)> 5200 * to the ikmpd. 5201 * 5202 * m will always be freed. 5203 */ 5204 static int 5205 key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5206 { 5207 struct secasindex saidx; 5208 struct sadb_address *src0, *dst0; 5209 struct sadb_sa *sa0; 5210 struct secasvar *sav; 5211 uint32_t reqid; 5212 int error; 5213 uint8_t mode, proto; 5214 5215 IPSEC_ASSERT(so != NULL, ("null socket")); 5216 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5217 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5218 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5219 5220 /* map satype to proto */ 5221 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5222 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5223 __func__)); 5224 return key_senderror(so, m, EINVAL); 5225 } 5226 5227 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5228 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5229 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5230 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5231 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5232 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5233 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5234 ipseclog((LOG_DEBUG, 5235 "%s: invalid message: missing required header.\n", 5236 __func__)); 5237 return key_senderror(so, m, EINVAL); 5238 } 5239 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5240 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5241 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5242 ipseclog((LOG_DEBUG, 5243 "%s: invalid message: wrong header size.\n", __func__)); 5244 return key_senderror(so, m, EINVAL); 5245 } 5246 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5247 mode = IPSEC_MODE_ANY; 5248 reqid = 0; 5249 } else { 5250 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5251 ipseclog((LOG_DEBUG, 5252 "%s: invalid message: wrong header size.\n", 5253 __func__)); 5254 return key_senderror(so, m, EINVAL); 5255 } 5256 mode = ((struct sadb_x_sa2 *) 5257 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5258 reqid = ((struct sadb_x_sa2 *) 5259 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5260 } 5261 5262 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5263 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5264 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5265 5266 /* 5267 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5268 * SADB_UPDATE message. 5269 */ 5270 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5271 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5272 #ifdef PFKEY_STRICT_CHECKS 5273 return key_senderror(so, m, EINVAL); 5274 #endif 5275 } 5276 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5277 (struct sockaddr *)(dst0 + 1)); 5278 if (error != 0) { 5279 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5280 return key_senderror(so, m, error); 5281 } 5282 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5283 sav = key_getsavbyspi(sa0->sadb_sa_spi); 5284 if (sav == NULL) { 5285 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u\n", 5286 __func__, ntohl(sa0->sadb_sa_spi))); 5287 return key_senderror(so, m, EINVAL); 5288 } 5289 /* 5290 * Check that SADB_UPDATE issued by the same process that did 5291 * SADB_GETSPI or SADB_ADD. 5292 */ 5293 if (sav->pid != mhp->msg->sadb_msg_pid) { 5294 ipseclog((LOG_DEBUG, 5295 "%s: pid mismatched (SPI %u, pid %u vs. %u)\n", __func__, 5296 ntohl(sav->spi), sav->pid, mhp->msg->sadb_msg_pid)); 5297 key_freesav(&sav); 5298 return key_senderror(so, m, EINVAL); 5299 } 5300 /* saidx should match with SA. */ 5301 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_MODE_REQID) == 0) { 5302 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u", 5303 __func__, ntohl(sav->spi))); 5304 key_freesav(&sav); 5305 return key_senderror(so, m, ESRCH); 5306 } 5307 5308 if (sav->state == SADB_SASTATE_LARVAL) { 5309 if ((mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5310 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) || 5311 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5312 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH))) { 5313 ipseclog((LOG_DEBUG, 5314 "%s: invalid message: missing required header.\n", 5315 __func__)); 5316 key_freesav(&sav); 5317 return key_senderror(so, m, EINVAL); 5318 } 5319 /* 5320 * We can set any values except src, dst and SPI. 5321 */ 5322 error = key_setsaval(sav, mhp); 5323 if (error != 0) { 5324 key_freesav(&sav); 5325 return (key_senderror(so, m, error)); 5326 } 5327 /* Change SA state to MATURE */ 5328 SAHTREE_WLOCK(); 5329 if (sav->state != SADB_SASTATE_LARVAL) { 5330 /* SA was deleted or another thread made it MATURE. */ 5331 SAHTREE_WUNLOCK(); 5332 key_freesav(&sav); 5333 return (key_senderror(so, m, ESRCH)); 5334 } 5335 /* 5336 * NOTE: we keep SAs in savtree_alive ordered by created 5337 * time. When SA's state changed from LARVAL to MATURE, 5338 * we update its created time in key_setsaval() and move 5339 * it into head of savtree_alive. 5340 */ 5341 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 5342 TAILQ_INSERT_HEAD(&sav->sah->savtree_alive, sav, chain); 5343 sav->state = SADB_SASTATE_MATURE; 5344 SAHTREE_WUNLOCK(); 5345 } else { 5346 /* 5347 * For DYING and MATURE SA we can change only state 5348 * and lifetimes. Report EINVAL if something else attempted 5349 * to change. 5350 */ 5351 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5352 !SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 5353 key_freesav(&sav); 5354 return (key_senderror(so, m, EINVAL)); 5355 } 5356 error = key_updatelifetimes(sav, mhp); 5357 if (error != 0) { 5358 key_freesav(&sav); 5359 return (key_senderror(so, m, error)); 5360 } 5361 /* 5362 * This is FreeBSD extension to RFC2367. 5363 * IKEd can specify SADB_X_EXT_NEW_ADDRESS_SRC and/or 5364 * SADB_X_EXT_NEW_ADDRESS_DST when it wants to change 5365 * SA addresses (for example to implement MOBIKE protocol 5366 * as described in RFC4555). Also we allow to change 5367 * NAT-T config. 5368 */ 5369 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5370 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST) || 5371 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5372 sav->natt != NULL) { 5373 error = key_updateaddresses(so, m, mhp, sav, &saidx); 5374 key_freesav(&sav); 5375 if (error != 0) 5376 return (key_senderror(so, m, error)); 5377 return (0); 5378 } 5379 /* Check that SA is still alive */ 5380 SAHTREE_WLOCK(); 5381 if (sav->state == SADB_SASTATE_DEAD) { 5382 /* SA was unlinked */ 5383 SAHTREE_WUNLOCK(); 5384 key_freesav(&sav); 5385 return (key_senderror(so, m, ESRCH)); 5386 } 5387 /* 5388 * NOTE: there is possible state moving from DYING to MATURE, 5389 * but this doesn't change created time, so we won't reorder 5390 * this SA. 5391 */ 5392 sav->state = SADB_SASTATE_MATURE; 5393 SAHTREE_WUNLOCK(); 5394 } 5395 KEYDBG(KEY_STAMP, 5396 printf("%s: SA(%p)\n", __func__, sav)); 5397 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5398 key_freesav(&sav); 5399 5400 { 5401 struct mbuf *n; 5402 5403 /* set msg buf from mhp */ 5404 n = key_getmsgbuf_x1(m, mhp); 5405 if (n == NULL) { 5406 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5407 return key_senderror(so, m, ENOBUFS); 5408 } 5409 5410 m_freem(m); 5411 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5412 } 5413 } 5414 5415 /* 5416 * SADB_ADD processing 5417 * add an entry to SA database, when received 5418 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5419 * key(AE), (identity(SD),) (sensitivity)> 5420 * from the ikmpd, 5421 * and send 5422 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5423 * (identity(SD),) (sensitivity)> 5424 * to the ikmpd. 5425 * 5426 * IGNORE identity and sensitivity messages. 5427 * 5428 * m will always be freed. 5429 */ 5430 static int 5431 key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5432 { 5433 struct secasindex saidx; 5434 struct sadb_address *src0, *dst0; 5435 struct sadb_sa *sa0; 5436 struct secasvar *sav; 5437 uint32_t reqid, spi; 5438 uint8_t mode, proto; 5439 int error; 5440 5441 IPSEC_ASSERT(so != NULL, ("null socket")); 5442 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5443 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5444 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5445 5446 /* map satype to proto */ 5447 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5448 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5449 __func__)); 5450 return key_senderror(so, m, EINVAL); 5451 } 5452 5453 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5454 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5455 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5456 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && ( 5457 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5458 SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT))) || 5459 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && ( 5460 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH) || 5461 SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH))) || 5462 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5463 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5464 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5465 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5466 ipseclog((LOG_DEBUG, 5467 "%s: invalid message: missing required header.\n", 5468 __func__)); 5469 return key_senderror(so, m, EINVAL); 5470 } 5471 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5472 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5473 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5474 ipseclog((LOG_DEBUG, 5475 "%s: invalid message: wrong header size.\n", __func__)); 5476 return key_senderror(so, m, EINVAL); 5477 } 5478 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5479 mode = IPSEC_MODE_ANY; 5480 reqid = 0; 5481 } else { 5482 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5483 ipseclog((LOG_DEBUG, 5484 "%s: invalid message: wrong header size.\n", 5485 __func__)); 5486 return key_senderror(so, m, EINVAL); 5487 } 5488 mode = ((struct sadb_x_sa2 *) 5489 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5490 reqid = ((struct sadb_x_sa2 *) 5491 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5492 } 5493 5494 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5495 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 5496 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 5497 5498 /* 5499 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5500 * SADB_ADD message. 5501 */ 5502 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5503 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5504 #ifdef PFKEY_STRICT_CHECKS 5505 return key_senderror(so, m, EINVAL); 5506 #endif 5507 } 5508 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5509 (struct sockaddr *)(dst0 + 1)); 5510 if (error != 0) { 5511 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5512 return key_senderror(so, m, error); 5513 } 5514 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5515 spi = sa0->sadb_sa_spi; 5516 /* 5517 * For TCP-MD5 SAs we don't use SPI. Check the uniqueness using 5518 * secasindex. 5519 * XXXAE: IPComp seems also doesn't use SPI. 5520 */ 5521 if (proto == IPPROTO_TCP) { 5522 sav = key_getsav_tcpmd5(&saidx, &spi); 5523 if (sav == NULL && spi == 0) { 5524 /* Failed to allocate SPI */ 5525 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", 5526 __func__)); 5527 return key_senderror(so, m, EEXIST); 5528 } 5529 /* XXX: SPI that we report back can have another value */ 5530 } else { 5531 /* We can create new SA only if SPI is different. */ 5532 sav = key_getsavbyspi(spi); 5533 } 5534 if (sav != NULL) { 5535 key_freesav(&sav); 5536 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__)); 5537 return key_senderror(so, m, EEXIST); 5538 } 5539 5540 sav = key_newsav(mhp, &saidx, spi, &error); 5541 if (sav == NULL) 5542 return key_senderror(so, m, error); 5543 KEYDBG(KEY_STAMP, 5544 printf("%s: return SA(%p)\n", __func__, sav)); 5545 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5546 /* 5547 * If SADB_ADD was in response to SADB_ACQUIRE, we need to schedule 5548 * ACQ for deletion. 5549 */ 5550 if (sav->seq != 0) 5551 key_acqdone(&saidx, sav->seq); 5552 5553 { 5554 /* 5555 * Don't call key_freesav() on error here, as we would like to 5556 * keep the SA in the database. 5557 */ 5558 struct mbuf *n; 5559 5560 /* set msg buf from mhp */ 5561 n = key_getmsgbuf_x1(m, mhp); 5562 if (n == NULL) { 5563 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5564 return key_senderror(so, m, ENOBUFS); 5565 } 5566 5567 m_freem(m); 5568 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5569 } 5570 } 5571 5572 /* 5573 * NAT-T support. 5574 * IKEd may request the use ESP in UDP encapsulation when it detects the 5575 * presence of NAT. It uses NAT-T extension headers for such SAs to specify 5576 * parameters needed for encapsulation and decapsulation. These PF_KEY 5577 * extension headers are not standardized, so this comment addresses our 5578 * implementation. 5579 * SADB_X_EXT_NAT_T_TYPE specifies type of encapsulation, we support only 5580 * UDP_ENCAP_ESPINUDP as described in RFC3948. 5581 * SADB_X_EXT_NAT_T_SPORT/DPORT specifies source and destination ports for 5582 * UDP header. We use these ports in UDP encapsulation procedure, also we 5583 * can check them in UDP decapsulation procedure. 5584 * SADB_X_EXT_NAT_T_OA[IR] specifies original address of initiator or 5585 * responder. These addresses can be used for transport mode to adjust 5586 * checksum after decapsulation and decryption. Since original IP addresses 5587 * used by peer usually different (we detected presence of NAT), TCP/UDP 5588 * pseudo header checksum and IP header checksum was calculated using original 5589 * addresses. After decapsulation and decryption we need to adjust checksum 5590 * to have correct datagram. 5591 * 5592 * We expect presence of NAT-T extension headers only in SADB_ADD and 5593 * SADB_UPDATE messages. We report NAT-T extension headers in replies 5594 * to SADB_ADD, SADB_UPDATE, SADB_GET, and SADB_DUMP messages. 5595 */ 5596 static int 5597 key_setnatt(struct secasvar *sav, const struct sadb_msghdr *mhp) 5598 { 5599 struct sadb_x_nat_t_port *port; 5600 struct sadb_x_nat_t_type *type; 5601 struct sadb_address *oai, *oar; 5602 struct sockaddr *sa; 5603 uint32_t addr; 5604 uint16_t cksum; 5605 5606 IPSEC_ASSERT(sav->natt == NULL, ("natt is already initialized")); 5607 /* 5608 * Ignore NAT-T headers if sproto isn't ESP. 5609 */ 5610 if (sav->sah->saidx.proto != IPPROTO_ESP) 5611 return (0); 5612 5613 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) && 5614 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) && 5615 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5616 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_TYPE) || 5617 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_SPORT) || 5618 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5619 ipseclog((LOG_DEBUG, 5620 "%s: invalid message: wrong header size.\n", 5621 __func__)); 5622 return (EINVAL); 5623 } 5624 } else 5625 return (0); 5626 5627 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5628 if (type->sadb_x_nat_t_type_type != UDP_ENCAP_ESPINUDP) { 5629 ipseclog((LOG_DEBUG, "%s: unsupported NAT-T type %u.\n", 5630 __func__, type->sadb_x_nat_t_type_type)); 5631 return (EINVAL); 5632 } 5633 /* 5634 * Allocate storage for NAT-T config. 5635 * On error it will be released by key_cleansav(). 5636 */ 5637 sav->natt = malloc(sizeof(struct secnatt), M_IPSEC_MISC, 5638 M_NOWAIT | M_ZERO); 5639 if (sav->natt == NULL) { 5640 PFKEYSTAT_INC(in_nomem); 5641 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5642 return (ENOBUFS); 5643 } 5644 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5645 if (port->sadb_x_nat_t_port_port == 0) { 5646 ipseclog((LOG_DEBUG, "%s: invalid NAT-T sport specified.\n", 5647 __func__)); 5648 return (EINVAL); 5649 } 5650 sav->natt->sport = port->sadb_x_nat_t_port_port; 5651 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5652 if (port->sadb_x_nat_t_port_port == 0) { 5653 ipseclog((LOG_DEBUG, "%s: invalid NAT-T dport specified.\n", 5654 __func__)); 5655 return (EINVAL); 5656 } 5657 sav->natt->dport = port->sadb_x_nat_t_port_port; 5658 5659 /* 5660 * SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR are optional 5661 * and needed only for transport mode IPsec. 5662 * Usually NAT translates only one address, but it is possible, 5663 * that both addresses could be translated. 5664 * NOTE: Value of SADB_X_EXT_NAT_T_OAI is equal to SADB_X_EXT_NAT_T_OA. 5665 */ 5666 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAI)) { 5667 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAI)) { 5668 ipseclog((LOG_DEBUG, 5669 "%s: invalid message: wrong header size.\n", 5670 __func__)); 5671 return (EINVAL); 5672 } 5673 oai = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI]; 5674 } else 5675 oai = NULL; 5676 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAR)) { 5677 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAR)) { 5678 ipseclog((LOG_DEBUG, 5679 "%s: invalid message: wrong header size.\n", 5680 __func__)); 5681 return (EINVAL); 5682 } 5683 oar = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR]; 5684 } else 5685 oar = NULL; 5686 5687 /* Initialize addresses only for transport mode */ 5688 if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) { 5689 cksum = 0; 5690 if (oai != NULL) { 5691 /* Currently we support only AF_INET */ 5692 sa = (struct sockaddr *)(oai + 1); 5693 if (sa->sa_family != AF_INET || 5694 sa->sa_len != sizeof(struct sockaddr_in)) { 5695 ipseclog((LOG_DEBUG, 5696 "%s: wrong NAT-OAi header.\n", 5697 __func__)); 5698 return (EINVAL); 5699 } 5700 /* Ignore address if it the same */ 5701 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5702 sav->sah->saidx.src.sin.sin_addr.s_addr) { 5703 bcopy(sa, &sav->natt->oai.sa, sa->sa_len); 5704 sav->natt->flags |= IPSEC_NATT_F_OAI; 5705 /* Calculate checksum delta */ 5706 addr = sav->sah->saidx.src.sin.sin_addr.s_addr; 5707 cksum = in_addword(cksum, ~addr >> 16); 5708 cksum = in_addword(cksum, ~addr & 0xffff); 5709 addr = sav->natt->oai.sin.sin_addr.s_addr; 5710 cksum = in_addword(cksum, addr >> 16); 5711 cksum = in_addword(cksum, addr & 0xffff); 5712 } 5713 } 5714 if (oar != NULL) { 5715 /* Currently we support only AF_INET */ 5716 sa = (struct sockaddr *)(oar + 1); 5717 if (sa->sa_family != AF_INET || 5718 sa->sa_len != sizeof(struct sockaddr_in)) { 5719 ipseclog((LOG_DEBUG, 5720 "%s: wrong NAT-OAr header.\n", 5721 __func__)); 5722 return (EINVAL); 5723 } 5724 /* Ignore address if it the same */ 5725 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5726 sav->sah->saidx.dst.sin.sin_addr.s_addr) { 5727 bcopy(sa, &sav->natt->oar.sa, sa->sa_len); 5728 sav->natt->flags |= IPSEC_NATT_F_OAR; 5729 /* Calculate checksum delta */ 5730 addr = sav->sah->saidx.dst.sin.sin_addr.s_addr; 5731 cksum = in_addword(cksum, ~addr >> 16); 5732 cksum = in_addword(cksum, ~addr & 0xffff); 5733 addr = sav->natt->oar.sin.sin_addr.s_addr; 5734 cksum = in_addword(cksum, addr >> 16); 5735 cksum = in_addword(cksum, addr & 0xffff); 5736 } 5737 } 5738 sav->natt->cksum = cksum; 5739 } 5740 return (0); 5741 } 5742 5743 static int 5744 key_setident(struct secashead *sah, const struct sadb_msghdr *mhp) 5745 { 5746 const struct sadb_ident *idsrc, *iddst; 5747 int idsrclen, iddstlen; 5748 5749 IPSEC_ASSERT(sah != NULL, ("null secashead")); 5750 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5751 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5752 5753 /* don't make buffer if not there */ 5754 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) && 5755 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5756 sah->idents = NULL; 5757 sah->identd = NULL; 5758 return (0); 5759 } 5760 5761 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) || 5762 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5763 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__)); 5764 return (EINVAL); 5765 } 5766 5767 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC]; 5768 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST]; 5769 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC]; 5770 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST]; 5771 5772 /* validity check */ 5773 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { 5774 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__)); 5775 return EINVAL; 5776 } 5777 5778 switch (idsrc->sadb_ident_type) { 5779 case SADB_IDENTTYPE_PREFIX: 5780 case SADB_IDENTTYPE_FQDN: 5781 case SADB_IDENTTYPE_USERFQDN: 5782 default: 5783 /* XXX do nothing */ 5784 sah->idents = NULL; 5785 sah->identd = NULL; 5786 return 0; 5787 } 5788 5789 /* make structure */ 5790 sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5791 if (sah->idents == NULL) { 5792 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5793 return ENOBUFS; 5794 } 5795 sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5796 if (sah->identd == NULL) { 5797 free(sah->idents, M_IPSEC_MISC); 5798 sah->idents = NULL; 5799 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5800 return ENOBUFS; 5801 } 5802 sah->idents->type = idsrc->sadb_ident_type; 5803 sah->idents->id = idsrc->sadb_ident_id; 5804 5805 sah->identd->type = iddst->sadb_ident_type; 5806 sah->identd->id = iddst->sadb_ident_id; 5807 5808 return 0; 5809 } 5810 5811 /* 5812 * m will not be freed on return. 5813 * it is caller's responsibility to free the result. 5814 * 5815 * Called from SADB_ADD and SADB_UPDATE. Reply will contain headers 5816 * from the request in defined order. 5817 */ 5818 static struct mbuf * 5819 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp) 5820 { 5821 struct mbuf *n; 5822 5823 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5824 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5825 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5826 5827 /* create new sadb_msg to reply. */ 5828 n = key_gather_mbuf(m, mhp, 1, 16, SADB_EXT_RESERVED, 5829 SADB_EXT_SA, SADB_X_EXT_SA2, 5830 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, 5831 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 5832 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 5833 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT, 5834 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, 5835 SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NEW_ADDRESS_SRC, 5836 SADB_X_EXT_NEW_ADDRESS_DST); 5837 if (!n) 5838 return NULL; 5839 5840 if (n->m_len < sizeof(struct sadb_msg)) { 5841 n = m_pullup(n, sizeof(struct sadb_msg)); 5842 if (n == NULL) 5843 return NULL; 5844 } 5845 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; 5846 mtod(n, struct sadb_msg *)->sadb_msg_len = 5847 PFKEY_UNIT64(n->m_pkthdr.len); 5848 5849 return n; 5850 } 5851 5852 /* 5853 * SADB_DELETE processing 5854 * receive 5855 * <base, SA(*), address(SD)> 5856 * from the ikmpd, and set SADB_SASTATE_DEAD, 5857 * and send, 5858 * <base, SA(*), address(SD)> 5859 * to the ikmpd. 5860 * 5861 * m will always be freed. 5862 */ 5863 static int 5864 key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5865 { 5866 struct secasindex saidx; 5867 struct sadb_address *src0, *dst0; 5868 struct secasvar *sav; 5869 struct sadb_sa *sa0; 5870 uint8_t proto; 5871 5872 IPSEC_ASSERT(so != NULL, ("null socket")); 5873 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5874 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5875 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5876 5877 /* map satype to proto */ 5878 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5879 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5880 __func__)); 5881 return key_senderror(so, m, EINVAL); 5882 } 5883 5884 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5885 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5886 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5887 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5888 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5889 __func__)); 5890 return key_senderror(so, m, EINVAL); 5891 } 5892 5893 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5894 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5895 5896 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 5897 (struct sockaddr *)(dst0 + 1)) != 0) { 5898 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5899 return (key_senderror(so, m, EINVAL)); 5900 } 5901 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 5902 if (SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 5903 /* 5904 * Caller wants us to delete all non-LARVAL SAs 5905 * that match the src/dst. This is used during 5906 * IKE INITIAL-CONTACT. 5907 * XXXAE: this looks like some extension to RFC2367. 5908 */ 5909 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__)); 5910 return (key_delete_all(so, m, mhp, &saidx)); 5911 } 5912 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 5913 ipseclog((LOG_DEBUG, 5914 "%s: invalid message: wrong header size.\n", __func__)); 5915 return (key_senderror(so, m, EINVAL)); 5916 } 5917 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5918 if (proto == IPPROTO_TCP) 5919 sav = key_getsav_tcpmd5(&saidx, NULL); 5920 else 5921 sav = key_getsavbyspi(sa0->sadb_sa_spi); 5922 if (sav == NULL) { 5923 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u.\n", 5924 __func__, ntohl(sa0->sadb_sa_spi))); 5925 return (key_senderror(so, m, ESRCH)); 5926 } 5927 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 5928 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 5929 __func__, ntohl(sav->spi))); 5930 key_freesav(&sav); 5931 return (key_senderror(so, m, ESRCH)); 5932 } 5933 KEYDBG(KEY_STAMP, 5934 printf("%s: SA(%p)\n", __func__, sav)); 5935 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5936 key_unlinksav(sav); 5937 key_freesav(&sav); 5938 5939 { 5940 struct mbuf *n; 5941 struct sadb_msg *newmsg; 5942 5943 /* create new sadb_msg to reply. */ 5944 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 5945 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 5946 if (!n) 5947 return key_senderror(so, m, ENOBUFS); 5948 5949 if (n->m_len < sizeof(struct sadb_msg)) { 5950 n = m_pullup(n, sizeof(struct sadb_msg)); 5951 if (n == NULL) 5952 return key_senderror(so, m, ENOBUFS); 5953 } 5954 newmsg = mtod(n, struct sadb_msg *); 5955 newmsg->sadb_msg_errno = 0; 5956 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5957 5958 m_freem(m); 5959 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5960 } 5961 } 5962 5963 /* 5964 * delete all SAs for src/dst. Called from key_delete(). 5965 */ 5966 static int 5967 key_delete_all(struct socket *so, struct mbuf *m, 5968 const struct sadb_msghdr *mhp, struct secasindex *saidx) 5969 { 5970 struct secasvar_queue drainq; 5971 struct secashead *sah; 5972 struct secasvar *sav, *nextsav; 5973 5974 TAILQ_INIT(&drainq); 5975 SAHTREE_WLOCK(); 5976 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 5977 if (key_cmpsaidx(&sah->saidx, saidx, CMP_HEAD) == 0) 5978 continue; 5979 /* Move all ALIVE SAs into drainq */ 5980 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 5981 } 5982 /* Unlink all queued SAs from SPI hash */ 5983 TAILQ_FOREACH(sav, &drainq, chain) { 5984 sav->state = SADB_SASTATE_DEAD; 5985 LIST_REMOVE(sav, spihash); 5986 } 5987 SAHTREE_WUNLOCK(); 5988 /* Now we can release reference for all SAs in drainq */ 5989 sav = TAILQ_FIRST(&drainq); 5990 while (sav != NULL) { 5991 KEYDBG(KEY_STAMP, 5992 printf("%s: SA(%p)\n", __func__, sav)); 5993 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5994 nextsav = TAILQ_NEXT(sav, chain); 5995 key_freesah(&sav->sah); /* release reference from SAV */ 5996 key_freesav(&sav); /* release last reference */ 5997 sav = nextsav; 5998 } 5999 6000 { 6001 struct mbuf *n; 6002 struct sadb_msg *newmsg; 6003 6004 /* create new sadb_msg to reply. */ 6005 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, 6006 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6007 if (!n) 6008 return key_senderror(so, m, ENOBUFS); 6009 6010 if (n->m_len < sizeof(struct sadb_msg)) { 6011 n = m_pullup(n, sizeof(struct sadb_msg)); 6012 if (n == NULL) 6013 return key_senderror(so, m, ENOBUFS); 6014 } 6015 newmsg = mtod(n, struct sadb_msg *); 6016 newmsg->sadb_msg_errno = 0; 6017 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6018 6019 m_freem(m); 6020 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6021 } 6022 } 6023 6024 /* 6025 * Delete all alive SAs for corresponding xform. 6026 * Larval SAs have not initialized tdb_xform, so it is safe to leave them 6027 * here when xform disappears. 6028 */ 6029 static void 6030 key_delete_xform(const struct xformsw *xsp) 6031 { 6032 struct secasvar_queue drainq; 6033 struct secashead *sah; 6034 struct secasvar *sav, *nextsav; 6035 6036 TAILQ_INIT(&drainq); 6037 SAHTREE_WLOCK(); 6038 TAILQ_FOREACH(sah, &V_sahtree, chain) { 6039 sav = TAILQ_FIRST(&sah->savtree_alive); 6040 if (sav == NULL) 6041 continue; 6042 if (sav->tdb_xform != xsp) 6043 continue; 6044 /* 6045 * It is supposed that all SAs in the chain are related to 6046 * one xform. 6047 */ 6048 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6049 } 6050 /* Unlink all queued SAs from SPI hash */ 6051 TAILQ_FOREACH(sav, &drainq, chain) { 6052 sav->state = SADB_SASTATE_DEAD; 6053 LIST_REMOVE(sav, spihash); 6054 } 6055 SAHTREE_WUNLOCK(); 6056 6057 /* Now we can release reference for all SAs in drainq */ 6058 sav = TAILQ_FIRST(&drainq); 6059 while (sav != NULL) { 6060 KEYDBG(KEY_STAMP, 6061 printf("%s: SA(%p)\n", __func__, sav)); 6062 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6063 nextsav = TAILQ_NEXT(sav, chain); 6064 key_freesah(&sav->sah); /* release reference from SAV */ 6065 key_freesav(&sav); /* release last reference */ 6066 sav = nextsav; 6067 } 6068 } 6069 6070 /* 6071 * SADB_GET processing 6072 * receive 6073 * <base, SA(*), address(SD)> 6074 * from the ikmpd, and get a SP and a SA to respond, 6075 * and send, 6076 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), 6077 * (identity(SD),) (sensitivity)> 6078 * to the ikmpd. 6079 * 6080 * m will always be freed. 6081 */ 6082 static int 6083 key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6084 { 6085 struct secasindex saidx; 6086 struct sadb_address *src0, *dst0; 6087 struct sadb_sa *sa0; 6088 struct secasvar *sav; 6089 uint8_t proto; 6090 6091 IPSEC_ASSERT(so != NULL, ("null socket")); 6092 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6093 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6094 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6095 6096 /* map satype to proto */ 6097 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6098 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6099 __func__)); 6100 return key_senderror(so, m, EINVAL); 6101 } 6102 6103 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 6104 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6105 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST)) { 6106 ipseclog((LOG_DEBUG, 6107 "%s: invalid message: missing required header.\n", 6108 __func__)); 6109 return key_senderror(so, m, EINVAL); 6110 } 6111 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 6112 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6113 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6114 ipseclog((LOG_DEBUG, 6115 "%s: invalid message: wrong header size.\n", __func__)); 6116 return key_senderror(so, m, EINVAL); 6117 } 6118 6119 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6120 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 6121 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 6122 6123 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6124 (struct sockaddr *)(dst0 + 1)) != 0) { 6125 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6126 return key_senderror(so, m, EINVAL); 6127 } 6128 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6129 6130 if (proto == IPPROTO_TCP) 6131 sav = key_getsav_tcpmd5(&saidx, NULL); 6132 else 6133 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6134 if (sav == NULL) { 6135 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); 6136 return key_senderror(so, m, ESRCH); 6137 } 6138 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6139 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6140 __func__, ntohl(sa0->sadb_sa_spi))); 6141 key_freesav(&sav); 6142 return (key_senderror(so, m, ESRCH)); 6143 } 6144 6145 { 6146 struct mbuf *n; 6147 uint8_t satype; 6148 6149 /* map proto to satype */ 6150 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { 6151 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n", 6152 __func__)); 6153 key_freesav(&sav); 6154 return key_senderror(so, m, EINVAL); 6155 } 6156 6157 /* create new sadb_msg to reply. */ 6158 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, 6159 mhp->msg->sadb_msg_pid); 6160 6161 key_freesav(&sav); 6162 if (!n) 6163 return key_senderror(so, m, ENOBUFS); 6164 6165 m_freem(m); 6166 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 6167 } 6168 } 6169 6170 /* XXX make it sysctl-configurable? */ 6171 static void 6172 key_getcomb_setlifetime(struct sadb_comb *comb) 6173 { 6174 6175 comb->sadb_comb_soft_allocations = 1; 6176 comb->sadb_comb_hard_allocations = 1; 6177 comb->sadb_comb_soft_bytes = 0; 6178 comb->sadb_comb_hard_bytes = 0; 6179 comb->sadb_comb_hard_addtime = 86400; /* 1 day */ 6180 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; 6181 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */ 6182 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100; 6183 } 6184 6185 /* 6186 * XXX reorder combinations by preference 6187 * XXX no idea if the user wants ESP authentication or not 6188 */ 6189 static struct mbuf * 6190 key_getcomb_ealg(void) 6191 { 6192 struct sadb_comb *comb; 6193 const struct enc_xform *algo; 6194 struct mbuf *result = NULL, *m, *n; 6195 int encmin; 6196 int i, off, o; 6197 int totlen; 6198 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6199 6200 m = NULL; 6201 for (i = 1; i <= SADB_EALG_MAX; i++) { 6202 algo = enc_algorithm_lookup(i); 6203 if (algo == NULL) 6204 continue; 6205 6206 /* discard algorithms with key size smaller than system min */ 6207 if (_BITS(algo->maxkey) < V_ipsec_esp_keymin) 6208 continue; 6209 if (_BITS(algo->minkey) < V_ipsec_esp_keymin) 6210 encmin = V_ipsec_esp_keymin; 6211 else 6212 encmin = _BITS(algo->minkey); 6213 6214 if (V_ipsec_esp_auth) 6215 m = key_getcomb_ah(); 6216 else { 6217 IPSEC_ASSERT(l <= MLEN, 6218 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6219 MGET(m, M_NOWAIT, MT_DATA); 6220 if (m) { 6221 M_ALIGN(m, l); 6222 m->m_len = l; 6223 m->m_next = NULL; 6224 bzero(mtod(m, caddr_t), m->m_len); 6225 } 6226 } 6227 if (!m) 6228 goto fail; 6229 6230 totlen = 0; 6231 for (n = m; n; n = n->m_next) 6232 totlen += n->m_len; 6233 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l)); 6234 6235 for (off = 0; off < totlen; off += l) { 6236 n = m_pulldown(m, off, l, &o); 6237 if (!n) { 6238 /* m is already freed */ 6239 goto fail; 6240 } 6241 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o); 6242 bzero(comb, sizeof(*comb)); 6243 key_getcomb_setlifetime(comb); 6244 comb->sadb_comb_encrypt = i; 6245 comb->sadb_comb_encrypt_minbits = encmin; 6246 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey); 6247 } 6248 6249 if (!result) 6250 result = m; 6251 else 6252 m_cat(result, m); 6253 } 6254 6255 return result; 6256 6257 fail: 6258 if (result) 6259 m_freem(result); 6260 return NULL; 6261 } 6262 6263 static void 6264 key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min, 6265 u_int16_t* max) 6266 { 6267 6268 *min = *max = ah->hashsize; 6269 if (ah->keysize == 0) { 6270 /* 6271 * Transform takes arbitrary key size but algorithm 6272 * key size is restricted. Enforce this here. 6273 */ 6274 switch (alg) { 6275 case SADB_X_AALG_MD5: *min = *max = 16; break; 6276 case SADB_X_AALG_SHA: *min = *max = 20; break; 6277 case SADB_X_AALG_NULL: *min = 1; *max = 256; break; 6278 case SADB_X_AALG_SHA2_256: *min = *max = 32; break; 6279 case SADB_X_AALG_SHA2_384: *min = *max = 48; break; 6280 case SADB_X_AALG_SHA2_512: *min = *max = 64; break; 6281 default: 6282 DPRINTF(("%s: unknown AH algorithm %u\n", 6283 __func__, alg)); 6284 break; 6285 } 6286 } 6287 } 6288 6289 /* 6290 * XXX reorder combinations by preference 6291 */ 6292 static struct mbuf * 6293 key_getcomb_ah() 6294 { 6295 const struct auth_hash *algo; 6296 struct sadb_comb *comb; 6297 struct mbuf *m; 6298 u_int16_t minkeysize, maxkeysize; 6299 int i; 6300 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6301 6302 m = NULL; 6303 for (i = 1; i <= SADB_AALG_MAX; i++) { 6304 #if 1 6305 /* we prefer HMAC algorithms, not old algorithms */ 6306 if (i != SADB_AALG_SHA1HMAC && 6307 i != SADB_AALG_MD5HMAC && 6308 i != SADB_X_AALG_SHA2_256 && 6309 i != SADB_X_AALG_SHA2_384 && 6310 i != SADB_X_AALG_SHA2_512) 6311 continue; 6312 #endif 6313 algo = auth_algorithm_lookup(i); 6314 if (!algo) 6315 continue; 6316 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize); 6317 /* discard algorithms with key size smaller than system min */ 6318 if (_BITS(minkeysize) < V_ipsec_ah_keymin) 6319 continue; 6320 6321 if (!m) { 6322 IPSEC_ASSERT(l <= MLEN, 6323 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6324 MGET(m, M_NOWAIT, MT_DATA); 6325 if (m) { 6326 M_ALIGN(m, l); 6327 m->m_len = l; 6328 m->m_next = NULL; 6329 } 6330 } else 6331 M_PREPEND(m, l, M_NOWAIT); 6332 if (!m) 6333 return NULL; 6334 6335 comb = mtod(m, struct sadb_comb *); 6336 bzero(comb, sizeof(*comb)); 6337 key_getcomb_setlifetime(comb); 6338 comb->sadb_comb_auth = i; 6339 comb->sadb_comb_auth_minbits = _BITS(minkeysize); 6340 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize); 6341 } 6342 6343 return m; 6344 } 6345 6346 /* 6347 * not really an official behavior. discussed in pf_key@inner.net in Sep2000. 6348 * XXX reorder combinations by preference 6349 */ 6350 static struct mbuf * 6351 key_getcomb_ipcomp() 6352 { 6353 const struct comp_algo *algo; 6354 struct sadb_comb *comb; 6355 struct mbuf *m; 6356 int i; 6357 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6358 6359 m = NULL; 6360 for (i = 1; i <= SADB_X_CALG_MAX; i++) { 6361 algo = comp_algorithm_lookup(i); 6362 if (!algo) 6363 continue; 6364 6365 if (!m) { 6366 IPSEC_ASSERT(l <= MLEN, 6367 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6368 MGET(m, M_NOWAIT, MT_DATA); 6369 if (m) { 6370 M_ALIGN(m, l); 6371 m->m_len = l; 6372 m->m_next = NULL; 6373 } 6374 } else 6375 M_PREPEND(m, l, M_NOWAIT); 6376 if (!m) 6377 return NULL; 6378 6379 comb = mtod(m, struct sadb_comb *); 6380 bzero(comb, sizeof(*comb)); 6381 key_getcomb_setlifetime(comb); 6382 comb->sadb_comb_encrypt = i; 6383 /* what should we set into sadb_comb_*_{min,max}bits? */ 6384 } 6385 6386 return m; 6387 } 6388 6389 /* 6390 * XXX no way to pass mode (transport/tunnel) to userland 6391 * XXX replay checking? 6392 * XXX sysctl interface to ipsec_{ah,esp}_keymin 6393 */ 6394 static struct mbuf * 6395 key_getprop(const struct secasindex *saidx) 6396 { 6397 struct sadb_prop *prop; 6398 struct mbuf *m, *n; 6399 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop)); 6400 int totlen; 6401 6402 switch (saidx->proto) { 6403 case IPPROTO_ESP: 6404 m = key_getcomb_ealg(); 6405 break; 6406 case IPPROTO_AH: 6407 m = key_getcomb_ah(); 6408 break; 6409 case IPPROTO_IPCOMP: 6410 m = key_getcomb_ipcomp(); 6411 break; 6412 default: 6413 return NULL; 6414 } 6415 6416 if (!m) 6417 return NULL; 6418 M_PREPEND(m, l, M_NOWAIT); 6419 if (!m) 6420 return NULL; 6421 6422 totlen = 0; 6423 for (n = m; n; n = n->m_next) 6424 totlen += n->m_len; 6425 6426 prop = mtod(m, struct sadb_prop *); 6427 bzero(prop, sizeof(*prop)); 6428 prop->sadb_prop_len = PFKEY_UNIT64(totlen); 6429 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 6430 prop->sadb_prop_replay = 32; /* XXX */ 6431 6432 return m; 6433 } 6434 6435 /* 6436 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2(). 6437 * send 6438 * <base, SA, address(SD), (address(P)), x_policy, 6439 * (identity(SD),) (sensitivity,) proposal> 6440 * to KMD, and expect to receive 6441 * <base> with SADB_ACQUIRE if error occurred, 6442 * or 6443 * <base, src address, dst address, (SPI range)> with SADB_GETSPI 6444 * from KMD by PF_KEY. 6445 * 6446 * XXX x_policy is outside of RFC2367 (KAME extension). 6447 * XXX sensitivity is not supported. 6448 * XXX for ipcomp, RFC2367 does not define how to fill in proposal. 6449 * see comment for key_getcomb_ipcomp(). 6450 * 6451 * OUT: 6452 * 0 : succeed 6453 * others: error number 6454 */ 6455 static int 6456 key_acquire(const struct secasindex *saidx, struct secpolicy *sp) 6457 { 6458 union sockaddr_union addr; 6459 struct mbuf *result, *m; 6460 uint32_t seq; 6461 int error; 6462 uint16_t ul_proto; 6463 uint8_t mask, satype; 6464 6465 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 6466 satype = key_proto2satype(saidx->proto); 6467 IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto)); 6468 6469 error = -1; 6470 result = NULL; 6471 ul_proto = IPSEC_ULPROTO_ANY; 6472 6473 /* Get seq number to check whether sending message or not. */ 6474 seq = key_getacq(saidx, &error); 6475 if (seq == 0) 6476 return (error); 6477 6478 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0); 6479 if (!m) { 6480 error = ENOBUFS; 6481 goto fail; 6482 } 6483 result = m; 6484 6485 /* 6486 * set sadb_address for saidx's. 6487 * 6488 * Note that if sp is supplied, then we're being called from 6489 * key_allocsa_policy() and should supply port and protocol 6490 * information. 6491 * XXXAE: why only TCP and UDP? ICMP and SCTP looks applicable too. 6492 * XXXAE: probably we can handle this in the ipsec[46]_allocsa(). 6493 * XXXAE: it looks like we should save this info in the ACQ entry. 6494 */ 6495 if (sp != NULL && (sp->spidx.ul_proto == IPPROTO_TCP || 6496 sp->spidx.ul_proto == IPPROTO_UDP)) 6497 ul_proto = sp->spidx.ul_proto; 6498 6499 addr = saidx->src; 6500 mask = FULLMASK; 6501 if (ul_proto != IPSEC_ULPROTO_ANY) { 6502 switch (sp->spidx.src.sa.sa_family) { 6503 case AF_INET: 6504 if (sp->spidx.src.sin.sin_port != IPSEC_PORT_ANY) { 6505 addr.sin.sin_port = sp->spidx.src.sin.sin_port; 6506 mask = sp->spidx.prefs; 6507 } 6508 break; 6509 case AF_INET6: 6510 if (sp->spidx.src.sin6.sin6_port != IPSEC_PORT_ANY) { 6511 addr.sin6.sin6_port = 6512 sp->spidx.src.sin6.sin6_port; 6513 mask = sp->spidx.prefs; 6514 } 6515 break; 6516 default: 6517 break; 6518 } 6519 } 6520 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &addr.sa, mask, ul_proto); 6521 if (!m) { 6522 error = ENOBUFS; 6523 goto fail; 6524 } 6525 m_cat(result, m); 6526 6527 addr = saidx->dst; 6528 mask = FULLMASK; 6529 if (ul_proto != IPSEC_ULPROTO_ANY) { 6530 switch (sp->spidx.dst.sa.sa_family) { 6531 case AF_INET: 6532 if (sp->spidx.dst.sin.sin_port != IPSEC_PORT_ANY) { 6533 addr.sin.sin_port = sp->spidx.dst.sin.sin_port; 6534 mask = sp->spidx.prefd; 6535 } 6536 break; 6537 case AF_INET6: 6538 if (sp->spidx.dst.sin6.sin6_port != IPSEC_PORT_ANY) { 6539 addr.sin6.sin6_port = 6540 sp->spidx.dst.sin6.sin6_port; 6541 mask = sp->spidx.prefd; 6542 } 6543 break; 6544 default: 6545 break; 6546 } 6547 } 6548 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &addr.sa, mask, ul_proto); 6549 if (!m) { 6550 error = ENOBUFS; 6551 goto fail; 6552 } 6553 m_cat(result, m); 6554 6555 /* XXX proxy address (optional) */ 6556 6557 /* set sadb_x_policy */ 6558 if (sp != NULL) { 6559 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, 6560 sp->priority); 6561 if (!m) { 6562 error = ENOBUFS; 6563 goto fail; 6564 } 6565 m_cat(result, m); 6566 } 6567 6568 /* XXX identity (optional) */ 6569 #if 0 6570 if (idexttype && fqdn) { 6571 /* create identity extension (FQDN) */ 6572 struct sadb_ident *id; 6573 int fqdnlen; 6574 6575 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */ 6576 id = (struct sadb_ident *)p; 6577 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6578 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6579 id->sadb_ident_exttype = idexttype; 6580 id->sadb_ident_type = SADB_IDENTTYPE_FQDN; 6581 bcopy(fqdn, id + 1, fqdnlen); 6582 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen); 6583 } 6584 6585 if (idexttype) { 6586 /* create identity extension (USERFQDN) */ 6587 struct sadb_ident *id; 6588 int userfqdnlen; 6589 6590 if (userfqdn) { 6591 /* +1 for terminating-NUL */ 6592 userfqdnlen = strlen(userfqdn) + 1; 6593 } else 6594 userfqdnlen = 0; 6595 id = (struct sadb_ident *)p; 6596 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6597 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6598 id->sadb_ident_exttype = idexttype; 6599 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; 6600 /* XXX is it correct? */ 6601 if (curproc && curproc->p_cred) 6602 id->sadb_ident_id = curproc->p_cred->p_ruid; 6603 if (userfqdn && userfqdnlen) 6604 bcopy(userfqdn, id + 1, userfqdnlen); 6605 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen); 6606 } 6607 #endif 6608 6609 /* XXX sensitivity (optional) */ 6610 6611 /* create proposal/combination extension */ 6612 m = key_getprop(saidx); 6613 #if 0 6614 /* 6615 * spec conformant: always attach proposal/combination extension, 6616 * the problem is that we have no way to attach it for ipcomp, 6617 * due to the way sadb_comb is declared in RFC2367. 6618 */ 6619 if (!m) { 6620 error = ENOBUFS; 6621 goto fail; 6622 } 6623 m_cat(result, m); 6624 #else 6625 /* 6626 * outside of spec; make proposal/combination extension optional. 6627 */ 6628 if (m) 6629 m_cat(result, m); 6630 #endif 6631 6632 if ((result->m_flags & M_PKTHDR) == 0) { 6633 error = EINVAL; 6634 goto fail; 6635 } 6636 6637 if (result->m_len < sizeof(struct sadb_msg)) { 6638 result = m_pullup(result, sizeof(struct sadb_msg)); 6639 if (result == NULL) { 6640 error = ENOBUFS; 6641 goto fail; 6642 } 6643 } 6644 6645 result->m_pkthdr.len = 0; 6646 for (m = result; m; m = m->m_next) 6647 result->m_pkthdr.len += m->m_len; 6648 6649 mtod(result, struct sadb_msg *)->sadb_msg_len = 6650 PFKEY_UNIT64(result->m_pkthdr.len); 6651 6652 KEYDBG(KEY_STAMP, 6653 printf("%s: SP(%p)\n", __func__, sp)); 6654 KEYDBG(KEY_DATA, kdebug_secasindex(saidx, NULL)); 6655 6656 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 6657 6658 fail: 6659 if (result) 6660 m_freem(result); 6661 return error; 6662 } 6663 6664 static uint32_t 6665 key_newacq(const struct secasindex *saidx, int *perror) 6666 { 6667 struct secacq *acq; 6668 uint32_t seq; 6669 6670 acq = malloc(sizeof(*acq), M_IPSEC_SAQ, M_NOWAIT | M_ZERO); 6671 if (acq == NULL) { 6672 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6673 *perror = ENOBUFS; 6674 return (0); 6675 } 6676 6677 /* copy secindex */ 6678 bcopy(saidx, &acq->saidx, sizeof(acq->saidx)); 6679 acq->created = time_second; 6680 acq->count = 0; 6681 6682 /* add to acqtree */ 6683 ACQ_LOCK(); 6684 seq = acq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq); 6685 LIST_INSERT_HEAD(&V_acqtree, acq, chain); 6686 LIST_INSERT_HEAD(ACQADDRHASH_HASH(saidx), acq, addrhash); 6687 LIST_INSERT_HEAD(ACQSEQHASH_HASH(seq), acq, seqhash); 6688 ACQ_UNLOCK(); 6689 *perror = 0; 6690 return (seq); 6691 } 6692 6693 static uint32_t 6694 key_getacq(const struct secasindex *saidx, int *perror) 6695 { 6696 struct secacq *acq; 6697 uint32_t seq; 6698 6699 ACQ_LOCK(); 6700 LIST_FOREACH(acq, ACQADDRHASH_HASH(saidx), addrhash) { 6701 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY)) { 6702 if (acq->count > V_key_blockacq_count) { 6703 /* 6704 * Reset counter and send message. 6705 * Also reset created time to keep ACQ for 6706 * this saidx. 6707 */ 6708 acq->created = time_second; 6709 acq->count = 0; 6710 seq = acq->seq; 6711 } else { 6712 /* 6713 * Increment counter and do nothing. 6714 * We send SADB_ACQUIRE message only 6715 * for each V_key_blockacq_count packet. 6716 */ 6717 acq->count++; 6718 seq = 0; 6719 } 6720 break; 6721 } 6722 } 6723 ACQ_UNLOCK(); 6724 if (acq != NULL) { 6725 *perror = 0; 6726 return (seq); 6727 } 6728 /* allocate new entry */ 6729 return (key_newacq(saidx, perror)); 6730 } 6731 6732 static int 6733 key_acqreset(uint32_t seq) 6734 { 6735 struct secacq *acq; 6736 6737 ACQ_LOCK(); 6738 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6739 if (acq->seq == seq) { 6740 acq->count = 0; 6741 acq->created = time_second; 6742 break; 6743 } 6744 } 6745 ACQ_UNLOCK(); 6746 if (acq == NULL) 6747 return (ESRCH); 6748 return (0); 6749 } 6750 /* 6751 * Mark ACQ entry as stale to remove it in key_flush_acq(). 6752 * Called after successful SADB_GETSPI message. 6753 */ 6754 static int 6755 key_acqdone(const struct secasindex *saidx, uint32_t seq) 6756 { 6757 struct secacq *acq; 6758 6759 ACQ_LOCK(); 6760 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6761 if (acq->seq == seq) 6762 break; 6763 } 6764 if (acq != NULL) { 6765 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY) == 0) { 6766 ipseclog((LOG_DEBUG, 6767 "%s: Mismatched saidx for ACQ %u", __func__, seq)); 6768 acq = NULL; 6769 } else { 6770 acq->created = 0; 6771 } 6772 } else { 6773 ipseclog((LOG_DEBUG, 6774 "%s: ACQ %u is not found.", __func__, seq)); 6775 } 6776 ACQ_UNLOCK(); 6777 if (acq == NULL) 6778 return (ESRCH); 6779 return (0); 6780 } 6781 6782 static struct secspacq * 6783 key_newspacq(struct secpolicyindex *spidx) 6784 { 6785 struct secspacq *acq; 6786 6787 /* get new entry */ 6788 acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO); 6789 if (acq == NULL) { 6790 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6791 return NULL; 6792 } 6793 6794 /* copy secindex */ 6795 bcopy(spidx, &acq->spidx, sizeof(acq->spidx)); 6796 acq->created = time_second; 6797 acq->count = 0; 6798 6799 /* add to spacqtree */ 6800 SPACQ_LOCK(); 6801 LIST_INSERT_HEAD(&V_spacqtree, acq, chain); 6802 SPACQ_UNLOCK(); 6803 6804 return acq; 6805 } 6806 6807 static struct secspacq * 6808 key_getspacq(struct secpolicyindex *spidx) 6809 { 6810 struct secspacq *acq; 6811 6812 SPACQ_LOCK(); 6813 LIST_FOREACH(acq, &V_spacqtree, chain) { 6814 if (key_cmpspidx_exactly(spidx, &acq->spidx)) { 6815 /* NB: return holding spacq_lock */ 6816 return acq; 6817 } 6818 } 6819 SPACQ_UNLOCK(); 6820 6821 return NULL; 6822 } 6823 6824 /* 6825 * SADB_ACQUIRE processing, 6826 * in first situation, is receiving 6827 * <base> 6828 * from the ikmpd, and clear sequence of its secasvar entry. 6829 * 6830 * In second situation, is receiving 6831 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6832 * from a user land process, and return 6833 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6834 * to the socket. 6835 * 6836 * m will always be freed. 6837 */ 6838 static int 6839 key_acquire2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6840 { 6841 SAHTREE_RLOCK_TRACKER; 6842 struct sadb_address *src0, *dst0; 6843 struct secasindex saidx; 6844 struct secashead *sah; 6845 uint32_t reqid; 6846 int error; 6847 uint8_t mode, proto; 6848 6849 IPSEC_ASSERT(so != NULL, ("null socket")); 6850 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6851 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6852 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6853 6854 /* 6855 * Error message from KMd. 6856 * We assume that if error was occurred in IKEd, the length of PFKEY 6857 * message is equal to the size of sadb_msg structure. 6858 * We do not raise error even if error occurred in this function. 6859 */ 6860 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) { 6861 /* check sequence number */ 6862 if (mhp->msg->sadb_msg_seq == 0 || 6863 mhp->msg->sadb_msg_errno == 0) { 6864 ipseclog((LOG_DEBUG, "%s: must specify sequence " 6865 "number and errno.\n", __func__)); 6866 } else { 6867 /* 6868 * IKEd reported that error occurred. 6869 * XXXAE: what it expects from the kernel? 6870 * Probably we should send SADB_ACQUIRE again? 6871 * If so, reset ACQ's state. 6872 * XXXAE: it looks useless. 6873 */ 6874 key_acqreset(mhp->msg->sadb_msg_seq); 6875 } 6876 m_freem(m); 6877 return (0); 6878 } 6879 6880 /* 6881 * This message is from user land. 6882 */ 6883 6884 /* map satype to proto */ 6885 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6886 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6887 __func__)); 6888 return key_senderror(so, m, EINVAL); 6889 } 6890 6891 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6892 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 6893 SADB_CHECKHDR(mhp, SADB_EXT_PROPOSAL)) { 6894 ipseclog((LOG_DEBUG, 6895 "%s: invalid message: missing required header.\n", 6896 __func__)); 6897 return key_senderror(so, m, EINVAL); 6898 } 6899 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6900 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 6901 SADB_CHECKLEN(mhp, SADB_EXT_PROPOSAL)) { 6902 ipseclog((LOG_DEBUG, 6903 "%s: invalid message: wrong header size.\n", __func__)); 6904 return key_senderror(so, m, EINVAL); 6905 } 6906 6907 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 6908 mode = IPSEC_MODE_ANY; 6909 reqid = 0; 6910 } else { 6911 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 6912 ipseclog((LOG_DEBUG, 6913 "%s: invalid message: wrong header size.\n", 6914 __func__)); 6915 return key_senderror(so, m, EINVAL); 6916 } 6917 mode = ((struct sadb_x_sa2 *) 6918 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 6919 reqid = ((struct sadb_x_sa2 *) 6920 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 6921 } 6922 6923 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 6924 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 6925 6926 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 6927 (struct sockaddr *)(dst0 + 1)); 6928 if (error != 0) { 6929 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6930 return key_senderror(so, m, EINVAL); 6931 } 6932 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 6933 6934 /* get a SA index */ 6935 SAHTREE_RLOCK(); 6936 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 6937 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID)) 6938 break; 6939 } 6940 SAHTREE_RUNLOCK(); 6941 if (sah != NULL) { 6942 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__)); 6943 return key_senderror(so, m, EEXIST); 6944 } 6945 6946 error = key_acquire(&saidx, NULL); 6947 if (error != 0) { 6948 ipseclog((LOG_DEBUG, 6949 "%s: error %d returned from key_acquire()\n", 6950 __func__, error)); 6951 return key_senderror(so, m, error); 6952 } 6953 m_freem(m); 6954 return (0); 6955 } 6956 6957 /* 6958 * SADB_REGISTER processing. 6959 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported. 6960 * receive 6961 * <base> 6962 * from the ikmpd, and register a socket to send PF_KEY messages, 6963 * and send 6964 * <base, supported> 6965 * to KMD by PF_KEY. 6966 * If socket is detached, must free from regnode. 6967 * 6968 * m will always be freed. 6969 */ 6970 static int 6971 key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6972 { 6973 struct secreg *reg, *newreg = NULL; 6974 6975 IPSEC_ASSERT(so != NULL, ("null socket")); 6976 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6977 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6978 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6979 6980 /* check for invalid register message */ 6981 if (mhp->msg->sadb_msg_satype >= sizeof(V_regtree)/sizeof(V_regtree[0])) 6982 return key_senderror(so, m, EINVAL); 6983 6984 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */ 6985 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 6986 goto setmsg; 6987 6988 /* check whether existing or not */ 6989 REGTREE_LOCK(); 6990 LIST_FOREACH(reg, &V_regtree[mhp->msg->sadb_msg_satype], chain) { 6991 if (reg->so == so) { 6992 REGTREE_UNLOCK(); 6993 ipseclog((LOG_DEBUG, "%s: socket exists already.\n", 6994 __func__)); 6995 return key_senderror(so, m, EEXIST); 6996 } 6997 } 6998 6999 /* create regnode */ 7000 newreg = malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO); 7001 if (newreg == NULL) { 7002 REGTREE_UNLOCK(); 7003 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7004 return key_senderror(so, m, ENOBUFS); 7005 } 7006 7007 newreg->so = so; 7008 ((struct keycb *)sotorawcb(so))->kp_registered++; 7009 7010 /* add regnode to regtree. */ 7011 LIST_INSERT_HEAD(&V_regtree[mhp->msg->sadb_msg_satype], newreg, chain); 7012 REGTREE_UNLOCK(); 7013 7014 setmsg: 7015 { 7016 struct mbuf *n; 7017 struct sadb_msg *newmsg; 7018 struct sadb_supported *sup; 7019 u_int len, alen, elen; 7020 int off; 7021 int i; 7022 struct sadb_alg *alg; 7023 7024 /* create new sadb_msg to reply. */ 7025 alen = 0; 7026 for (i = 1; i <= SADB_AALG_MAX; i++) { 7027 if (auth_algorithm_lookup(i)) 7028 alen += sizeof(struct sadb_alg); 7029 } 7030 if (alen) 7031 alen += sizeof(struct sadb_supported); 7032 elen = 0; 7033 for (i = 1; i <= SADB_EALG_MAX; i++) { 7034 if (enc_algorithm_lookup(i)) 7035 elen += sizeof(struct sadb_alg); 7036 } 7037 if (elen) 7038 elen += sizeof(struct sadb_supported); 7039 7040 len = sizeof(struct sadb_msg) + alen + elen; 7041 7042 if (len > MCLBYTES) 7043 return key_senderror(so, m, ENOBUFS); 7044 7045 MGETHDR(n, M_NOWAIT, MT_DATA); 7046 if (len > MHLEN) { 7047 if (!(MCLGET(n, M_NOWAIT))) { 7048 m_freem(n); 7049 n = NULL; 7050 } 7051 } 7052 if (!n) 7053 return key_senderror(so, m, ENOBUFS); 7054 7055 n->m_pkthdr.len = n->m_len = len; 7056 n->m_next = NULL; 7057 off = 0; 7058 7059 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 7060 newmsg = mtod(n, struct sadb_msg *); 7061 newmsg->sadb_msg_errno = 0; 7062 newmsg->sadb_msg_len = PFKEY_UNIT64(len); 7063 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 7064 7065 /* for authentication algorithm */ 7066 if (alen) { 7067 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7068 sup->sadb_supported_len = PFKEY_UNIT64(alen); 7069 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 7070 off += PFKEY_ALIGN8(sizeof(*sup)); 7071 7072 for (i = 1; i <= SADB_AALG_MAX; i++) { 7073 const struct auth_hash *aalgo; 7074 u_int16_t minkeysize, maxkeysize; 7075 7076 aalgo = auth_algorithm_lookup(i); 7077 if (!aalgo) 7078 continue; 7079 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7080 alg->sadb_alg_id = i; 7081 alg->sadb_alg_ivlen = 0; 7082 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize); 7083 alg->sadb_alg_minbits = _BITS(minkeysize); 7084 alg->sadb_alg_maxbits = _BITS(maxkeysize); 7085 off += PFKEY_ALIGN8(sizeof(*alg)); 7086 } 7087 } 7088 7089 /* for encryption algorithm */ 7090 if (elen) { 7091 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7092 sup->sadb_supported_len = PFKEY_UNIT64(elen); 7093 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 7094 off += PFKEY_ALIGN8(sizeof(*sup)); 7095 7096 for (i = 1; i <= SADB_EALG_MAX; i++) { 7097 const struct enc_xform *ealgo; 7098 7099 ealgo = enc_algorithm_lookup(i); 7100 if (!ealgo) 7101 continue; 7102 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7103 alg->sadb_alg_id = i; 7104 alg->sadb_alg_ivlen = ealgo->ivsize; 7105 alg->sadb_alg_minbits = _BITS(ealgo->minkey); 7106 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey); 7107 off += PFKEY_ALIGN8(sizeof(struct sadb_alg)); 7108 } 7109 } 7110 7111 IPSEC_ASSERT(off == len, 7112 ("length assumption failed (off %u len %u)", off, len)); 7113 7114 m_freem(m); 7115 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); 7116 } 7117 } 7118 7119 /* 7120 * free secreg entry registered. 7121 * XXX: I want to do free a socket marked done SADB_RESIGER to socket. 7122 */ 7123 void 7124 key_freereg(struct socket *so) 7125 { 7126 struct secreg *reg; 7127 int i; 7128 7129 IPSEC_ASSERT(so != NULL, ("NULL so")); 7130 7131 /* 7132 * check whether existing or not. 7133 * check all type of SA, because there is a potential that 7134 * one socket is registered to multiple type of SA. 7135 */ 7136 REGTREE_LOCK(); 7137 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 7138 LIST_FOREACH(reg, &V_regtree[i], chain) { 7139 if (reg->so == so && __LIST_CHAINED(reg)) { 7140 LIST_REMOVE(reg, chain); 7141 free(reg, M_IPSEC_SAR); 7142 break; 7143 } 7144 } 7145 } 7146 REGTREE_UNLOCK(); 7147 } 7148 7149 /* 7150 * SADB_EXPIRE processing 7151 * send 7152 * <base, SA, SA2, lifetime(C and one of HS), address(SD)> 7153 * to KMD by PF_KEY. 7154 * NOTE: We send only soft lifetime extension. 7155 * 7156 * OUT: 0 : succeed 7157 * others : error number 7158 */ 7159 static int 7160 key_expire(struct secasvar *sav, int hard) 7161 { 7162 struct mbuf *result = NULL, *m; 7163 struct sadb_lifetime *lt; 7164 uint32_t replay_count; 7165 int error, len; 7166 uint8_t satype; 7167 7168 IPSEC_ASSERT (sav != NULL, ("null sav")); 7169 IPSEC_ASSERT (sav->sah != NULL, ("null sa header")); 7170 7171 KEYDBG(KEY_STAMP, 7172 printf("%s: SA(%p) expired %s lifetime\n", __func__, 7173 sav, hard ? "hard": "soft")); 7174 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 7175 /* set msg header */ 7176 satype = key_proto2satype(sav->sah->saidx.proto); 7177 IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype)); 7178 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); 7179 if (!m) { 7180 error = ENOBUFS; 7181 goto fail; 7182 } 7183 result = m; 7184 7185 /* create SA extension */ 7186 m = key_setsadbsa(sav); 7187 if (!m) { 7188 error = ENOBUFS; 7189 goto fail; 7190 } 7191 m_cat(result, m); 7192 7193 /* create SA extension */ 7194 SECASVAR_LOCK(sav); 7195 replay_count = sav->replay ? sav->replay->count : 0; 7196 SECASVAR_UNLOCK(sav); 7197 7198 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 7199 sav->sah->saidx.reqid); 7200 if (!m) { 7201 error = ENOBUFS; 7202 goto fail; 7203 } 7204 m_cat(result, m); 7205 7206 if (sav->replay && sav->replay->wsize > UINT8_MAX) { 7207 m = key_setsadbxsareplay(sav->replay->wsize); 7208 if (!m) { 7209 error = ENOBUFS; 7210 goto fail; 7211 } 7212 m_cat(result, m); 7213 } 7214 7215 /* create lifetime extension (current and soft) */ 7216 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 7217 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 7218 if (m == NULL) { 7219 error = ENOBUFS; 7220 goto fail; 7221 } 7222 m_align(m, len); 7223 m->m_len = len; 7224 bzero(mtod(m, caddr_t), len); 7225 lt = mtod(m, struct sadb_lifetime *); 7226 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7227 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 7228 lt->sadb_lifetime_allocations = 7229 (uint32_t)counter_u64_fetch(sav->lft_c_allocations); 7230 lt->sadb_lifetime_bytes = 7231 counter_u64_fetch(sav->lft_c_bytes); 7232 lt->sadb_lifetime_addtime = sav->created; 7233 lt->sadb_lifetime_usetime = sav->firstused; 7234 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 7235 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7236 if (hard) { 7237 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 7238 lt->sadb_lifetime_allocations = sav->lft_h->allocations; 7239 lt->sadb_lifetime_bytes = sav->lft_h->bytes; 7240 lt->sadb_lifetime_addtime = sav->lft_h->addtime; 7241 lt->sadb_lifetime_usetime = sav->lft_h->usetime; 7242 } else { 7243 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 7244 lt->sadb_lifetime_allocations = sav->lft_s->allocations; 7245 lt->sadb_lifetime_bytes = sav->lft_s->bytes; 7246 lt->sadb_lifetime_addtime = sav->lft_s->addtime; 7247 lt->sadb_lifetime_usetime = sav->lft_s->usetime; 7248 } 7249 m_cat(result, m); 7250 7251 /* set sadb_address for source */ 7252 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 7253 &sav->sah->saidx.src.sa, 7254 FULLMASK, IPSEC_ULPROTO_ANY); 7255 if (!m) { 7256 error = ENOBUFS; 7257 goto fail; 7258 } 7259 m_cat(result, m); 7260 7261 /* set sadb_address for destination */ 7262 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 7263 &sav->sah->saidx.dst.sa, 7264 FULLMASK, IPSEC_ULPROTO_ANY); 7265 if (!m) { 7266 error = ENOBUFS; 7267 goto fail; 7268 } 7269 m_cat(result, m); 7270 7271 /* 7272 * XXX-BZ Handle NAT-T extensions here. 7273 * XXXAE: it doesn't seem quite useful. IKEs should not depend on 7274 * this information, we report only significant SA fields. 7275 */ 7276 7277 if ((result->m_flags & M_PKTHDR) == 0) { 7278 error = EINVAL; 7279 goto fail; 7280 } 7281 7282 if (result->m_len < sizeof(struct sadb_msg)) { 7283 result = m_pullup(result, sizeof(struct sadb_msg)); 7284 if (result == NULL) { 7285 error = ENOBUFS; 7286 goto fail; 7287 } 7288 } 7289 7290 result->m_pkthdr.len = 0; 7291 for (m = result; m; m = m->m_next) 7292 result->m_pkthdr.len += m->m_len; 7293 7294 mtod(result, struct sadb_msg *)->sadb_msg_len = 7295 PFKEY_UNIT64(result->m_pkthdr.len); 7296 7297 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 7298 7299 fail: 7300 if (result) 7301 m_freem(result); 7302 return error; 7303 } 7304 7305 static void 7306 key_freesah_flushed(struct secashead_queue *flushq) 7307 { 7308 struct secashead *sah, *nextsah; 7309 struct secasvar *sav, *nextsav; 7310 7311 sah = TAILQ_FIRST(flushq); 7312 while (sah != NULL) { 7313 sav = TAILQ_FIRST(&sah->savtree_larval); 7314 while (sav != NULL) { 7315 nextsav = TAILQ_NEXT(sav, chain); 7316 TAILQ_REMOVE(&sah->savtree_larval, sav, chain); 7317 key_freesav(&sav); /* release last reference */ 7318 key_freesah(&sah); /* release reference from SAV */ 7319 sav = nextsav; 7320 } 7321 sav = TAILQ_FIRST(&sah->savtree_alive); 7322 while (sav != NULL) { 7323 nextsav = TAILQ_NEXT(sav, chain); 7324 TAILQ_REMOVE(&sah->savtree_alive, sav, chain); 7325 key_freesav(&sav); /* release last reference */ 7326 key_freesah(&sah); /* release reference from SAV */ 7327 sav = nextsav; 7328 } 7329 nextsah = TAILQ_NEXT(sah, chain); 7330 key_freesah(&sah); /* release last reference */ 7331 sah = nextsah; 7332 } 7333 } 7334 7335 /* 7336 * SADB_FLUSH processing 7337 * receive 7338 * <base> 7339 * from the ikmpd, and free all entries in secastree. 7340 * and send, 7341 * <base> 7342 * to the ikmpd. 7343 * NOTE: to do is only marking SADB_SASTATE_DEAD. 7344 * 7345 * m will always be freed. 7346 */ 7347 static int 7348 key_flush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7349 { 7350 struct secashead_queue flushq; 7351 struct sadb_msg *newmsg; 7352 struct secashead *sah, *nextsah; 7353 struct secasvar *sav; 7354 uint8_t proto; 7355 int i; 7356 7357 IPSEC_ASSERT(so != NULL, ("null socket")); 7358 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7359 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7360 7361 /* map satype to proto */ 7362 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7363 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7364 __func__)); 7365 return key_senderror(so, m, EINVAL); 7366 } 7367 KEYDBG(KEY_STAMP, 7368 printf("%s: proto %u\n", __func__, proto)); 7369 7370 TAILQ_INIT(&flushq); 7371 if (proto == IPSEC_PROTO_ANY) { 7372 /* no SATYPE specified, i.e. flushing all SA. */ 7373 SAHTREE_WLOCK(); 7374 /* Move all SAHs into flushq */ 7375 TAILQ_CONCAT(&flushq, &V_sahtree, chain); 7376 /* Flush all buckets in SPI hash */ 7377 for (i = 0; i < V_savhash_mask + 1; i++) 7378 LIST_INIT(&V_savhashtbl[i]); 7379 /* Flush all buckets in SAHADDRHASH */ 7380 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 7381 LIST_INIT(&V_sahaddrhashtbl[i]); 7382 /* Mark all SAHs as unlinked */ 7383 TAILQ_FOREACH(sah, &flushq, chain) { 7384 sah->state = SADB_SASTATE_DEAD; 7385 /* 7386 * Callout handler makes its job using 7387 * RLOCK and drain queues. In case, when this 7388 * function will be called just before it 7389 * acquires WLOCK, we need to mark SAs as 7390 * unlinked to prevent second unlink. 7391 */ 7392 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7393 sav->state = SADB_SASTATE_DEAD; 7394 } 7395 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7396 sav->state = SADB_SASTATE_DEAD; 7397 } 7398 } 7399 SAHTREE_WUNLOCK(); 7400 } else { 7401 SAHTREE_WLOCK(); 7402 sah = TAILQ_FIRST(&V_sahtree); 7403 while (sah != NULL) { 7404 IPSEC_ASSERT(sah->state != SADB_SASTATE_DEAD, 7405 ("DEAD SAH %p in SADB_FLUSH", sah)); 7406 nextsah = TAILQ_NEXT(sah, chain); 7407 if (sah->saidx.proto != proto) { 7408 sah = nextsah; 7409 continue; 7410 } 7411 sah->state = SADB_SASTATE_DEAD; 7412 TAILQ_REMOVE(&V_sahtree, sah, chain); 7413 LIST_REMOVE(sah, addrhash); 7414 /* Unlink all SAs from SPI hash */ 7415 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7416 LIST_REMOVE(sav, spihash); 7417 sav->state = SADB_SASTATE_DEAD; 7418 } 7419 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7420 LIST_REMOVE(sav, spihash); 7421 sav->state = SADB_SASTATE_DEAD; 7422 } 7423 /* Add SAH into flushq */ 7424 TAILQ_INSERT_HEAD(&flushq, sah, chain); 7425 sah = nextsah; 7426 } 7427 SAHTREE_WUNLOCK(); 7428 } 7429 7430 key_freesah_flushed(&flushq); 7431 /* Free all queued SAs and SAHs */ 7432 if (m->m_len < sizeof(struct sadb_msg) || 7433 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 7434 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7435 return key_senderror(so, m, ENOBUFS); 7436 } 7437 7438 if (m->m_next) 7439 m_freem(m->m_next); 7440 m->m_next = NULL; 7441 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg); 7442 newmsg = mtod(m, struct sadb_msg *); 7443 newmsg->sadb_msg_errno = 0; 7444 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 7445 7446 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7447 } 7448 7449 /* 7450 * SADB_DUMP processing 7451 * dump all entries including status of DEAD in SAD. 7452 * receive 7453 * <base> 7454 * from the ikmpd, and dump all secasvar leaves 7455 * and send, 7456 * <base> ..... 7457 * to the ikmpd. 7458 * 7459 * m will always be freed. 7460 */ 7461 static int 7462 key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7463 { 7464 SAHTREE_RLOCK_TRACKER; 7465 struct secashead *sah; 7466 struct secasvar *sav; 7467 struct sadb_msg *newmsg; 7468 struct mbuf *n; 7469 uint32_t cnt; 7470 uint8_t proto, satype; 7471 7472 IPSEC_ASSERT(so != NULL, ("null socket")); 7473 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7474 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7475 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7476 7477 /* map satype to proto */ 7478 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7479 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7480 __func__)); 7481 return key_senderror(so, m, EINVAL); 7482 } 7483 7484 /* count sav entries to be sent to the userland. */ 7485 cnt = 0; 7486 SAHTREE_RLOCK(); 7487 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7488 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7489 proto != sah->saidx.proto) 7490 continue; 7491 7492 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) 7493 cnt++; 7494 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) 7495 cnt++; 7496 } 7497 7498 if (cnt == 0) { 7499 SAHTREE_RUNLOCK(); 7500 return key_senderror(so, m, ENOENT); 7501 } 7502 7503 /* send this to the userland, one at a time. */ 7504 newmsg = NULL; 7505 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7506 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7507 proto != sah->saidx.proto) 7508 continue; 7509 7510 /* map proto to satype */ 7511 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 7512 SAHTREE_RUNLOCK(); 7513 ipseclog((LOG_DEBUG, "%s: there was invalid proto in " 7514 "SAD.\n", __func__)); 7515 return key_senderror(so, m, EINVAL); 7516 } 7517 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7518 n = key_setdumpsa(sav, SADB_DUMP, satype, 7519 --cnt, mhp->msg->sadb_msg_pid); 7520 if (n == NULL) { 7521 SAHTREE_RUNLOCK(); 7522 return key_senderror(so, m, ENOBUFS); 7523 } 7524 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7525 } 7526 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7527 n = key_setdumpsa(sav, SADB_DUMP, satype, 7528 --cnt, mhp->msg->sadb_msg_pid); 7529 if (n == NULL) { 7530 SAHTREE_RUNLOCK(); 7531 return key_senderror(so, m, ENOBUFS); 7532 } 7533 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7534 } 7535 } 7536 SAHTREE_RUNLOCK(); 7537 m_freem(m); 7538 return (0); 7539 } 7540 /* 7541 * SADB_X_PROMISC processing 7542 * 7543 * m will always be freed. 7544 */ 7545 static int 7546 key_promisc(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7547 { 7548 int olen; 7549 7550 IPSEC_ASSERT(so != NULL, ("null socket")); 7551 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7552 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7553 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7554 7555 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7556 7557 if (olen < sizeof(struct sadb_msg)) { 7558 #if 1 7559 return key_senderror(so, m, EINVAL); 7560 #else 7561 m_freem(m); 7562 return 0; 7563 #endif 7564 } else if (olen == sizeof(struct sadb_msg)) { 7565 /* enable/disable promisc mode */ 7566 struct keycb *kp; 7567 7568 if ((kp = (struct keycb *)sotorawcb(so)) == NULL) 7569 return key_senderror(so, m, EINVAL); 7570 mhp->msg->sadb_msg_errno = 0; 7571 switch (mhp->msg->sadb_msg_satype) { 7572 case 0: 7573 case 1: 7574 kp->kp_promisc = mhp->msg->sadb_msg_satype; 7575 break; 7576 default: 7577 return key_senderror(so, m, EINVAL); 7578 } 7579 7580 /* send the original message back to everyone */ 7581 mhp->msg->sadb_msg_errno = 0; 7582 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7583 } else { 7584 /* send packet as is */ 7585 7586 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg))); 7587 7588 /* TODO: if sadb_msg_seq is specified, send to specific pid */ 7589 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7590 } 7591 } 7592 7593 static int (*key_typesw[])(struct socket *, struct mbuf *, 7594 const struct sadb_msghdr *) = { 7595 NULL, /* SADB_RESERVED */ 7596 key_getspi, /* SADB_GETSPI */ 7597 key_update, /* SADB_UPDATE */ 7598 key_add, /* SADB_ADD */ 7599 key_delete, /* SADB_DELETE */ 7600 key_get, /* SADB_GET */ 7601 key_acquire2, /* SADB_ACQUIRE */ 7602 key_register, /* SADB_REGISTER */ 7603 NULL, /* SADB_EXPIRE */ 7604 key_flush, /* SADB_FLUSH */ 7605 key_dump, /* SADB_DUMP */ 7606 key_promisc, /* SADB_X_PROMISC */ 7607 NULL, /* SADB_X_PCHANGE */ 7608 key_spdadd, /* SADB_X_SPDUPDATE */ 7609 key_spdadd, /* SADB_X_SPDADD */ 7610 key_spddelete, /* SADB_X_SPDDELETE */ 7611 key_spdget, /* SADB_X_SPDGET */ 7612 NULL, /* SADB_X_SPDACQUIRE */ 7613 key_spddump, /* SADB_X_SPDDUMP */ 7614 key_spdflush, /* SADB_X_SPDFLUSH */ 7615 key_spdadd, /* SADB_X_SPDSETIDX */ 7616 NULL, /* SADB_X_SPDEXPIRE */ 7617 key_spddelete2, /* SADB_X_SPDDELETE2 */ 7618 }; 7619 7620 /* 7621 * parse sadb_msg buffer to process PFKEYv2, 7622 * and create a data to response if needed. 7623 * I think to be dealed with mbuf directly. 7624 * IN: 7625 * msgp : pointer to pointer to a received buffer pulluped. 7626 * This is rewrited to response. 7627 * so : pointer to socket. 7628 * OUT: 7629 * length for buffer to send to user process. 7630 */ 7631 int 7632 key_parse(struct mbuf *m, struct socket *so) 7633 { 7634 struct sadb_msg *msg; 7635 struct sadb_msghdr mh; 7636 u_int orglen; 7637 int error; 7638 int target; 7639 7640 IPSEC_ASSERT(so != NULL, ("null socket")); 7641 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7642 7643 if (m->m_len < sizeof(struct sadb_msg)) { 7644 m = m_pullup(m, sizeof(struct sadb_msg)); 7645 if (!m) 7646 return ENOBUFS; 7647 } 7648 msg = mtod(m, struct sadb_msg *); 7649 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); 7650 target = KEY_SENDUP_ONE; 7651 7652 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != orglen) { 7653 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); 7654 PFKEYSTAT_INC(out_invlen); 7655 error = EINVAL; 7656 goto senderror; 7657 } 7658 7659 if (msg->sadb_msg_version != PF_KEY_V2) { 7660 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n", 7661 __func__, msg->sadb_msg_version)); 7662 PFKEYSTAT_INC(out_invver); 7663 error = EINVAL; 7664 goto senderror; 7665 } 7666 7667 if (msg->sadb_msg_type > SADB_MAX) { 7668 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7669 __func__, msg->sadb_msg_type)); 7670 PFKEYSTAT_INC(out_invmsgtype); 7671 error = EINVAL; 7672 goto senderror; 7673 } 7674 7675 /* for old-fashioned code - should be nuked */ 7676 if (m->m_pkthdr.len > MCLBYTES) { 7677 m_freem(m); 7678 return ENOBUFS; 7679 } 7680 if (m->m_next) { 7681 struct mbuf *n; 7682 7683 MGETHDR(n, M_NOWAIT, MT_DATA); 7684 if (n && m->m_pkthdr.len > MHLEN) { 7685 if (!(MCLGET(n, M_NOWAIT))) { 7686 m_free(n); 7687 n = NULL; 7688 } 7689 } 7690 if (!n) { 7691 m_freem(m); 7692 return ENOBUFS; 7693 } 7694 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t)); 7695 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len; 7696 n->m_next = NULL; 7697 m_freem(m); 7698 m = n; 7699 } 7700 7701 /* align the mbuf chain so that extensions are in contiguous region. */ 7702 error = key_align(m, &mh); 7703 if (error) 7704 return error; 7705 7706 msg = mh.msg; 7707 7708 /* We use satype as scope mask for spddump */ 7709 if (msg->sadb_msg_type == SADB_X_SPDDUMP) { 7710 switch (msg->sadb_msg_satype) { 7711 case IPSEC_POLICYSCOPE_ANY: 7712 case IPSEC_POLICYSCOPE_GLOBAL: 7713 case IPSEC_POLICYSCOPE_IFNET: 7714 case IPSEC_POLICYSCOPE_PCB: 7715 break; 7716 default: 7717 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7718 __func__, msg->sadb_msg_type)); 7719 PFKEYSTAT_INC(out_invsatype); 7720 error = EINVAL; 7721 goto senderror; 7722 } 7723 } else { 7724 switch (msg->sadb_msg_satype) { /* check SA type */ 7725 case SADB_SATYPE_UNSPEC: 7726 switch (msg->sadb_msg_type) { 7727 case SADB_GETSPI: 7728 case SADB_UPDATE: 7729 case SADB_ADD: 7730 case SADB_DELETE: 7731 case SADB_GET: 7732 case SADB_ACQUIRE: 7733 case SADB_EXPIRE: 7734 ipseclog((LOG_DEBUG, "%s: must specify satype " 7735 "when msg type=%u.\n", __func__, 7736 msg->sadb_msg_type)); 7737 PFKEYSTAT_INC(out_invsatype); 7738 error = EINVAL; 7739 goto senderror; 7740 } 7741 break; 7742 case SADB_SATYPE_AH: 7743 case SADB_SATYPE_ESP: 7744 case SADB_X_SATYPE_IPCOMP: 7745 case SADB_X_SATYPE_TCPSIGNATURE: 7746 switch (msg->sadb_msg_type) { 7747 case SADB_X_SPDADD: 7748 case SADB_X_SPDDELETE: 7749 case SADB_X_SPDGET: 7750 case SADB_X_SPDFLUSH: 7751 case SADB_X_SPDSETIDX: 7752 case SADB_X_SPDUPDATE: 7753 case SADB_X_SPDDELETE2: 7754 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7755 __func__, msg->sadb_msg_type)); 7756 PFKEYSTAT_INC(out_invsatype); 7757 error = EINVAL; 7758 goto senderror; 7759 } 7760 break; 7761 case SADB_SATYPE_RSVP: 7762 case SADB_SATYPE_OSPFV2: 7763 case SADB_SATYPE_RIPV2: 7764 case SADB_SATYPE_MIP: 7765 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n", 7766 __func__, msg->sadb_msg_satype)); 7767 PFKEYSTAT_INC(out_invsatype); 7768 error = EOPNOTSUPP; 7769 goto senderror; 7770 case 1: /* XXX: What does it do? */ 7771 if (msg->sadb_msg_type == SADB_X_PROMISC) 7772 break; 7773 /*FALLTHROUGH*/ 7774 default: 7775 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7776 __func__, msg->sadb_msg_satype)); 7777 PFKEYSTAT_INC(out_invsatype); 7778 error = EINVAL; 7779 goto senderror; 7780 } 7781 } 7782 7783 /* check field of upper layer protocol and address family */ 7784 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL 7785 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) { 7786 struct sadb_address *src0, *dst0; 7787 u_int plen; 7788 7789 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]); 7790 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]); 7791 7792 /* check upper layer protocol */ 7793 if (src0->sadb_address_proto != dst0->sadb_address_proto) { 7794 ipseclog((LOG_DEBUG, "%s: upper layer protocol " 7795 "mismatched.\n", __func__)); 7796 PFKEYSTAT_INC(out_invaddr); 7797 error = EINVAL; 7798 goto senderror; 7799 } 7800 7801 /* check family */ 7802 if (PFKEY_ADDR_SADDR(src0)->sa_family != 7803 PFKEY_ADDR_SADDR(dst0)->sa_family) { 7804 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", 7805 __func__)); 7806 PFKEYSTAT_INC(out_invaddr); 7807 error = EINVAL; 7808 goto senderror; 7809 } 7810 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7811 PFKEY_ADDR_SADDR(dst0)->sa_len) { 7812 ipseclog((LOG_DEBUG, "%s: address struct size " 7813 "mismatched.\n", __func__)); 7814 PFKEYSTAT_INC(out_invaddr); 7815 error = EINVAL; 7816 goto senderror; 7817 } 7818 7819 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7820 case AF_INET: 7821 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7822 sizeof(struct sockaddr_in)) { 7823 PFKEYSTAT_INC(out_invaddr); 7824 error = EINVAL; 7825 goto senderror; 7826 } 7827 break; 7828 case AF_INET6: 7829 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7830 sizeof(struct sockaddr_in6)) { 7831 PFKEYSTAT_INC(out_invaddr); 7832 error = EINVAL; 7833 goto senderror; 7834 } 7835 break; 7836 default: 7837 ipseclog((LOG_DEBUG, "%s: unsupported address family\n", 7838 __func__)); 7839 PFKEYSTAT_INC(out_invaddr); 7840 error = EAFNOSUPPORT; 7841 goto senderror; 7842 } 7843 7844 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7845 case AF_INET: 7846 plen = sizeof(struct in_addr) << 3; 7847 break; 7848 case AF_INET6: 7849 plen = sizeof(struct in6_addr) << 3; 7850 break; 7851 default: 7852 plen = 0; /*fool gcc*/ 7853 break; 7854 } 7855 7856 /* check max prefix length */ 7857 if (src0->sadb_address_prefixlen > plen || 7858 dst0->sadb_address_prefixlen > plen) { 7859 ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n", 7860 __func__)); 7861 PFKEYSTAT_INC(out_invaddr); 7862 error = EINVAL; 7863 goto senderror; 7864 } 7865 7866 /* 7867 * prefixlen == 0 is valid because there can be a case when 7868 * all addresses are matched. 7869 */ 7870 } 7871 7872 if (msg->sadb_msg_type >= nitems(key_typesw) || 7873 key_typesw[msg->sadb_msg_type] == NULL) { 7874 PFKEYSTAT_INC(out_invmsgtype); 7875 error = EINVAL; 7876 goto senderror; 7877 } 7878 7879 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh); 7880 7881 senderror: 7882 msg->sadb_msg_errno = error; 7883 return key_sendup_mbuf(so, m, target); 7884 } 7885 7886 static int 7887 key_senderror(struct socket *so, struct mbuf *m, int code) 7888 { 7889 struct sadb_msg *msg; 7890 7891 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 7892 ("mbuf too small, len %u", m->m_len)); 7893 7894 msg = mtod(m, struct sadb_msg *); 7895 msg->sadb_msg_errno = code; 7896 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 7897 } 7898 7899 /* 7900 * set the pointer to each header into message buffer. 7901 * m will be freed on error. 7902 * XXX larger-than-MCLBYTES extension? 7903 */ 7904 static int 7905 key_align(struct mbuf *m, struct sadb_msghdr *mhp) 7906 { 7907 struct mbuf *n; 7908 struct sadb_ext *ext; 7909 size_t off, end; 7910 int extlen; 7911 int toff; 7912 7913 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7914 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7915 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 7916 ("mbuf too small, len %u", m->m_len)); 7917 7918 /* initialize */ 7919 bzero(mhp, sizeof(*mhp)); 7920 7921 mhp->msg = mtod(m, struct sadb_msg *); 7922 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */ 7923 7924 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7925 extlen = end; /*just in case extlen is not updated*/ 7926 for (off = sizeof(struct sadb_msg); off < end; off += extlen) { 7927 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff); 7928 if (!n) { 7929 /* m is already freed */ 7930 return ENOBUFS; 7931 } 7932 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 7933 7934 /* set pointer */ 7935 switch (ext->sadb_ext_type) { 7936 case SADB_EXT_SA: 7937 case SADB_EXT_ADDRESS_SRC: 7938 case SADB_EXT_ADDRESS_DST: 7939 case SADB_EXT_ADDRESS_PROXY: 7940 case SADB_EXT_LIFETIME_CURRENT: 7941 case SADB_EXT_LIFETIME_HARD: 7942 case SADB_EXT_LIFETIME_SOFT: 7943 case SADB_EXT_KEY_AUTH: 7944 case SADB_EXT_KEY_ENCRYPT: 7945 case SADB_EXT_IDENTITY_SRC: 7946 case SADB_EXT_IDENTITY_DST: 7947 case SADB_EXT_SENSITIVITY: 7948 case SADB_EXT_PROPOSAL: 7949 case SADB_EXT_SUPPORTED_AUTH: 7950 case SADB_EXT_SUPPORTED_ENCRYPT: 7951 case SADB_EXT_SPIRANGE: 7952 case SADB_X_EXT_POLICY: 7953 case SADB_X_EXT_SA2: 7954 case SADB_X_EXT_NAT_T_TYPE: 7955 case SADB_X_EXT_NAT_T_SPORT: 7956 case SADB_X_EXT_NAT_T_DPORT: 7957 case SADB_X_EXT_NAT_T_OAI: 7958 case SADB_X_EXT_NAT_T_OAR: 7959 case SADB_X_EXT_NAT_T_FRAG: 7960 case SADB_X_EXT_SA_REPLAY: 7961 case SADB_X_EXT_NEW_ADDRESS_SRC: 7962 case SADB_X_EXT_NEW_ADDRESS_DST: 7963 /* duplicate check */ 7964 /* 7965 * XXX Are there duplication payloads of either 7966 * KEY_AUTH or KEY_ENCRYPT ? 7967 */ 7968 if (mhp->ext[ext->sadb_ext_type] != NULL) { 7969 ipseclog((LOG_DEBUG, "%s: duplicate ext_type " 7970 "%u\n", __func__, ext->sadb_ext_type)); 7971 m_freem(m); 7972 PFKEYSTAT_INC(out_dupext); 7973 return EINVAL; 7974 } 7975 break; 7976 default: 7977 ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n", 7978 __func__, ext->sadb_ext_type)); 7979 m_freem(m); 7980 PFKEYSTAT_INC(out_invexttype); 7981 return EINVAL; 7982 } 7983 7984 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 7985 7986 if (key_validate_ext(ext, extlen)) { 7987 m_freem(m); 7988 PFKEYSTAT_INC(out_invlen); 7989 return EINVAL; 7990 } 7991 7992 n = m_pulldown(m, off, extlen, &toff); 7993 if (!n) { 7994 /* m is already freed */ 7995 return ENOBUFS; 7996 } 7997 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 7998 7999 mhp->ext[ext->sadb_ext_type] = ext; 8000 mhp->extoff[ext->sadb_ext_type] = off; 8001 mhp->extlen[ext->sadb_ext_type] = extlen; 8002 } 8003 8004 if (off != end) { 8005 m_freem(m); 8006 PFKEYSTAT_INC(out_invlen); 8007 return EINVAL; 8008 } 8009 8010 return 0; 8011 } 8012 8013 static int 8014 key_validate_ext(const struct sadb_ext *ext, int len) 8015 { 8016 const struct sockaddr *sa; 8017 enum { NONE, ADDR } checktype = NONE; 8018 int baselen = 0; 8019 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len); 8020 8021 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len)) 8022 return EINVAL; 8023 8024 /* if it does not match minimum/maximum length, bail */ 8025 if (ext->sadb_ext_type >= nitems(minsize) || 8026 ext->sadb_ext_type >= nitems(maxsize)) 8027 return EINVAL; 8028 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type]) 8029 return EINVAL; 8030 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type]) 8031 return EINVAL; 8032 8033 /* more checks based on sadb_ext_type XXX need more */ 8034 switch (ext->sadb_ext_type) { 8035 case SADB_EXT_ADDRESS_SRC: 8036 case SADB_EXT_ADDRESS_DST: 8037 case SADB_EXT_ADDRESS_PROXY: 8038 case SADB_X_EXT_NAT_T_OAI: 8039 case SADB_X_EXT_NAT_T_OAR: 8040 case SADB_X_EXT_NEW_ADDRESS_SRC: 8041 case SADB_X_EXT_NEW_ADDRESS_DST: 8042 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address)); 8043 checktype = ADDR; 8044 break; 8045 case SADB_EXT_IDENTITY_SRC: 8046 case SADB_EXT_IDENTITY_DST: 8047 if (((const struct sadb_ident *)ext)->sadb_ident_type == 8048 SADB_X_IDENTTYPE_ADDR) { 8049 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident)); 8050 checktype = ADDR; 8051 } else 8052 checktype = NONE; 8053 break; 8054 default: 8055 checktype = NONE; 8056 break; 8057 } 8058 8059 switch (checktype) { 8060 case NONE: 8061 break; 8062 case ADDR: 8063 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen); 8064 if (len < baselen + sal) 8065 return EINVAL; 8066 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len) 8067 return EINVAL; 8068 break; 8069 } 8070 8071 return 0; 8072 } 8073 8074 void 8075 key_init(void) 8076 { 8077 int i; 8078 8079 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8080 TAILQ_INIT(&V_sptree[i]); 8081 TAILQ_INIT(&V_sptree_ifnet[i]); 8082 } 8083 8084 V_key_lft_zone = uma_zcreate("IPsec SA lft_c", 8085 sizeof(uint64_t) * 2, NULL, NULL, NULL, NULL, 8086 UMA_ALIGN_PTR, UMA_ZONE_PCPU); 8087 8088 TAILQ_INIT(&V_sahtree); 8089 V_sphashtbl = hashinit(SPHASH_NHASH, M_IPSEC_SP, &V_sphash_mask); 8090 V_savhashtbl = hashinit(SAVHASH_NHASH, M_IPSEC_SA, &V_savhash_mask); 8091 V_sahaddrhashtbl = hashinit(SAHHASH_NHASH, M_IPSEC_SAH, 8092 &V_sahaddrhash_mask); 8093 V_acqaddrhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8094 &V_acqaddrhash_mask); 8095 V_acqseqhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8096 &V_acqseqhash_mask); 8097 8098 for (i = 0; i <= SADB_SATYPE_MAX; i++) 8099 LIST_INIT(&V_regtree[i]); 8100 8101 LIST_INIT(&V_acqtree); 8102 LIST_INIT(&V_spacqtree); 8103 8104 if (!IS_DEFAULT_VNET(curvnet)) 8105 return; 8106 8107 XFORMS_LOCK_INIT(); 8108 SPTREE_LOCK_INIT(); 8109 REGTREE_LOCK_INIT(); 8110 SAHTREE_LOCK_INIT(); 8111 ACQ_LOCK_INIT(); 8112 SPACQ_LOCK_INIT(); 8113 8114 #ifndef IPSEC_DEBUG2 8115 callout_init(&key_timer, 1); 8116 callout_reset(&key_timer, hz, key_timehandler, NULL); 8117 #endif /*IPSEC_DEBUG2*/ 8118 8119 /* initialize key statistics */ 8120 keystat.getspi_count = 1; 8121 8122 if (bootverbose) 8123 printf("IPsec: Initialized Security Association Processing.\n"); 8124 } 8125 8126 #ifdef VIMAGE 8127 void 8128 key_destroy(void) 8129 { 8130 struct secashead_queue sahdrainq; 8131 struct secpolicy_queue drainq; 8132 struct secpolicy *sp, *nextsp; 8133 struct secacq *acq, *nextacq; 8134 struct secspacq *spacq, *nextspacq; 8135 struct secashead *sah; 8136 struct secasvar *sav; 8137 struct secreg *reg; 8138 int i; 8139 8140 /* 8141 * XXX: can we just call free() for each object without 8142 * walking through safe way with releasing references? 8143 */ 8144 TAILQ_INIT(&drainq); 8145 SPTREE_WLOCK(); 8146 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8147 TAILQ_CONCAT(&drainq, &V_sptree[i], chain); 8148 TAILQ_CONCAT(&drainq, &V_sptree_ifnet[i], chain); 8149 } 8150 SPTREE_WUNLOCK(); 8151 sp = TAILQ_FIRST(&drainq); 8152 while (sp != NULL) { 8153 nextsp = TAILQ_NEXT(sp, chain); 8154 key_freesp(&sp); 8155 sp = nextsp; 8156 } 8157 8158 TAILQ_INIT(&sahdrainq); 8159 SAHTREE_WLOCK(); 8160 TAILQ_CONCAT(&sahdrainq, &V_sahtree, chain); 8161 for (i = 0; i < V_savhash_mask + 1; i++) 8162 LIST_INIT(&V_savhashtbl[i]); 8163 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 8164 LIST_INIT(&V_sahaddrhashtbl[i]); 8165 TAILQ_FOREACH(sah, &sahdrainq, chain) { 8166 sah->state = SADB_SASTATE_DEAD; 8167 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 8168 sav->state = SADB_SASTATE_DEAD; 8169 } 8170 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 8171 sav->state = SADB_SASTATE_DEAD; 8172 } 8173 } 8174 SAHTREE_WUNLOCK(); 8175 8176 key_freesah_flushed(&sahdrainq); 8177 hashdestroy(V_sphashtbl, M_IPSEC_SP, V_sphash_mask); 8178 hashdestroy(V_savhashtbl, M_IPSEC_SA, V_savhash_mask); 8179 hashdestroy(V_sahaddrhashtbl, M_IPSEC_SAH, V_sahaddrhash_mask); 8180 8181 REGTREE_LOCK(); 8182 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 8183 LIST_FOREACH(reg, &V_regtree[i], chain) { 8184 if (__LIST_CHAINED(reg)) { 8185 LIST_REMOVE(reg, chain); 8186 free(reg, M_IPSEC_SAR); 8187 break; 8188 } 8189 } 8190 } 8191 REGTREE_UNLOCK(); 8192 8193 ACQ_LOCK(); 8194 acq = LIST_FIRST(&V_acqtree); 8195 while (acq != NULL) { 8196 nextacq = LIST_NEXT(acq, chain); 8197 LIST_REMOVE(acq, chain); 8198 free(acq, M_IPSEC_SAQ); 8199 acq = nextacq; 8200 } 8201 ACQ_UNLOCK(); 8202 8203 SPACQ_LOCK(); 8204 for (spacq = LIST_FIRST(&V_spacqtree); spacq != NULL; 8205 spacq = nextspacq) { 8206 nextspacq = LIST_NEXT(spacq, chain); 8207 if (__LIST_CHAINED(spacq)) { 8208 LIST_REMOVE(spacq, chain); 8209 free(spacq, M_IPSEC_SAQ); 8210 } 8211 } 8212 SPACQ_UNLOCK(); 8213 hashdestroy(V_acqaddrhashtbl, M_IPSEC_SAQ, V_acqaddrhash_mask); 8214 hashdestroy(V_acqseqhashtbl, M_IPSEC_SAQ, V_acqseqhash_mask); 8215 uma_zdestroy(V_key_lft_zone); 8216 } 8217 #endif 8218 8219 /* record data transfer on SA, and update timestamps */ 8220 void 8221 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m) 8222 { 8223 IPSEC_ASSERT(sav != NULL, ("Null secasvar")); 8224 IPSEC_ASSERT(m != NULL, ("Null mbuf")); 8225 8226 /* 8227 * XXX Currently, there is a difference of bytes size 8228 * between inbound and outbound processing. 8229 */ 8230 counter_u64_add(sav->lft_c_bytes, m->m_pkthdr.len); 8231 8232 /* 8233 * We use the number of packets as the unit of 8234 * allocations. We increment the variable 8235 * whenever {esp,ah}_{in,out}put is called. 8236 */ 8237 counter_u64_add(sav->lft_c_allocations, 1); 8238 8239 /* 8240 * NOTE: We record CURRENT usetime by using wall clock, 8241 * in seconds. HARD and SOFT lifetime are measured by the time 8242 * difference (again in seconds) from usetime. 8243 * 8244 * usetime 8245 * v expire expire 8246 * -----+-----+--------+---> t 8247 * <--------------> HARD 8248 * <-----> SOFT 8249 */ 8250 if (sav->firstused == 0) 8251 sav->firstused = time_second; 8252 } 8253 8254 /* 8255 * Take one of the kernel's security keys and convert it into a PF_KEY 8256 * structure within an mbuf, suitable for sending up to a waiting 8257 * application in user land. 8258 * 8259 * IN: 8260 * src: A pointer to a kernel security key. 8261 * exttype: Which type of key this is. Refer to the PF_KEY data structures. 8262 * OUT: 8263 * a valid mbuf or NULL indicating an error 8264 * 8265 */ 8266 8267 static struct mbuf * 8268 key_setkey(struct seckey *src, uint16_t exttype) 8269 { 8270 struct mbuf *m; 8271 struct sadb_key *p; 8272 int len; 8273 8274 if (src == NULL) 8275 return NULL; 8276 8277 len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src)); 8278 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8279 if (m == NULL) 8280 return NULL; 8281 m_align(m, len); 8282 m->m_len = len; 8283 p = mtod(m, struct sadb_key *); 8284 bzero(p, len); 8285 p->sadb_key_len = PFKEY_UNIT64(len); 8286 p->sadb_key_exttype = exttype; 8287 p->sadb_key_bits = src->bits; 8288 bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src)); 8289 8290 return m; 8291 } 8292 8293 /* 8294 * Take one of the kernel's lifetime data structures and convert it 8295 * into a PF_KEY structure within an mbuf, suitable for sending up to 8296 * a waiting application in user land. 8297 * 8298 * IN: 8299 * src: A pointer to a kernel lifetime structure. 8300 * exttype: Which type of lifetime this is. Refer to the PF_KEY 8301 * data structures for more information. 8302 * OUT: 8303 * a valid mbuf or NULL indicating an error 8304 * 8305 */ 8306 8307 static struct mbuf * 8308 key_setlifetime(struct seclifetime *src, uint16_t exttype) 8309 { 8310 struct mbuf *m = NULL; 8311 struct sadb_lifetime *p; 8312 int len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime)); 8313 8314 if (src == NULL) 8315 return NULL; 8316 8317 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8318 if (m == NULL) 8319 return m; 8320 m_align(m, len); 8321 m->m_len = len; 8322 p = mtod(m, struct sadb_lifetime *); 8323 8324 bzero(p, len); 8325 p->sadb_lifetime_len = PFKEY_UNIT64(len); 8326 p->sadb_lifetime_exttype = exttype; 8327 p->sadb_lifetime_allocations = src->allocations; 8328 p->sadb_lifetime_bytes = src->bytes; 8329 p->sadb_lifetime_addtime = src->addtime; 8330 p->sadb_lifetime_usetime = src->usetime; 8331 8332 return m; 8333 8334 } 8335 8336 const struct enc_xform * 8337 enc_algorithm_lookup(int alg) 8338 { 8339 int i; 8340 8341 for (i = 0; i < nitems(supported_ealgs); i++) 8342 if (alg == supported_ealgs[i].sadb_alg) 8343 return (supported_ealgs[i].xform); 8344 return (NULL); 8345 } 8346 8347 const struct auth_hash * 8348 auth_algorithm_lookup(int alg) 8349 { 8350 int i; 8351 8352 for (i = 0; i < nitems(supported_aalgs); i++) 8353 if (alg == supported_aalgs[i].sadb_alg) 8354 return (supported_aalgs[i].xform); 8355 return (NULL); 8356 } 8357 8358 const struct comp_algo * 8359 comp_algorithm_lookup(int alg) 8360 { 8361 int i; 8362 8363 for (i = 0; i < nitems(supported_calgs); i++) 8364 if (alg == supported_calgs[i].sadb_alg) 8365 return (supported_calgs[i].xform); 8366 return (NULL); 8367 } 8368 8369 /* 8370 * Register a transform. 8371 */ 8372 static int 8373 xform_register(struct xformsw* xsp) 8374 { 8375 struct xformsw *entry; 8376 8377 XFORMS_LOCK(); 8378 LIST_FOREACH(entry, &xforms, chain) { 8379 if (entry->xf_type == xsp->xf_type) { 8380 XFORMS_UNLOCK(); 8381 return (EEXIST); 8382 } 8383 } 8384 LIST_INSERT_HEAD(&xforms, xsp, chain); 8385 XFORMS_UNLOCK(); 8386 return (0); 8387 } 8388 8389 void 8390 xform_attach(void *data) 8391 { 8392 struct xformsw *xsp = (struct xformsw *)data; 8393 8394 if (xform_register(xsp) != 0) 8395 printf("%s: failed to register %s xform\n", __func__, 8396 xsp->xf_name); 8397 } 8398 8399 void 8400 xform_detach(void *data) 8401 { 8402 struct xformsw *xsp = (struct xformsw *)data; 8403 8404 XFORMS_LOCK(); 8405 LIST_REMOVE(xsp, chain); 8406 XFORMS_UNLOCK(); 8407 8408 /* Delete all SAs related to this xform. */ 8409 key_delete_xform(xsp); 8410 } 8411 8412 /* 8413 * Initialize transform support in an sav. 8414 */ 8415 static int 8416 xform_init(struct secasvar *sav, u_short xftype) 8417 { 8418 struct xformsw *entry; 8419 int ret; 8420 8421 IPSEC_ASSERT(sav->tdb_xform == NULL, 8422 ("tdb_xform is already initialized")); 8423 8424 ret = EINVAL; 8425 XFORMS_LOCK(); 8426 LIST_FOREACH(entry, &xforms, chain) { 8427 if (entry->xf_type == xftype) { 8428 ret = (*entry->xf_init)(sav, entry); 8429 break; 8430 } 8431 } 8432 XFORMS_UNLOCK(); 8433 return (ret); 8434 } 8435 8436