1 /* $FreeBSD$ */ 2 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 3 4 /*- 5 * SPDX-License-Identifier: BSD-3-Clause 6 * 7 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the project nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 /* 36 * This code is referd to RFC 2367 37 */ 38 39 #include "opt_inet.h" 40 #include "opt_inet6.h" 41 #include "opt_ipsec.h" 42 43 #include <sys/types.h> 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/kernel.h> 47 #include <sys/fnv_hash.h> 48 #include <sys/lock.h> 49 #include <sys/mutex.h> 50 #include <sys/mbuf.h> 51 #include <sys/domain.h> 52 #include <sys/protosw.h> 53 #include <sys/malloc.h> 54 #include <sys/rmlock.h> 55 #include <sys/socket.h> 56 #include <sys/socketvar.h> 57 #include <sys/sysctl.h> 58 #include <sys/errno.h> 59 #include <sys/proc.h> 60 #include <sys/queue.h> 61 #include <sys/refcount.h> 62 #include <sys/syslog.h> 63 64 #include <vm/uma.h> 65 66 #include <net/if.h> 67 #include <net/if_var.h> 68 #include <net/vnet.h> 69 #include <net/raw_cb.h> 70 71 #include <netinet/in.h> 72 #include <netinet/in_systm.h> 73 #include <netinet/ip.h> 74 #include <netinet/in_var.h> 75 #include <netinet/udp.h> 76 77 #ifdef INET6 78 #include <netinet/ip6.h> 79 #include <netinet6/in6_var.h> 80 #include <netinet6/ip6_var.h> 81 #endif /* INET6 */ 82 83 #include <net/pfkeyv2.h> 84 #include <netipsec/keydb.h> 85 #include <netipsec/key.h> 86 #include <netipsec/keysock.h> 87 #include <netipsec/key_debug.h> 88 89 #include <netipsec/ipsec.h> 90 #ifdef INET6 91 #include <netipsec/ipsec6.h> 92 #endif 93 94 #include <netipsec/xform.h> 95 #include <machine/in_cksum.h> 96 #include <machine/stdarg.h> 97 98 /* randomness */ 99 #include <sys/random.h> 100 101 #define FULLMASK 0xff 102 #define _BITS(bytes) ((bytes) << 3) 103 104 /* 105 * Note on SA reference counting: 106 * - SAs that are not in DEAD state will have (total external reference + 1) 107 * following value in reference count field. they cannot be freed and are 108 * referenced from SA header. 109 * - SAs that are in DEAD state will have (total external reference) 110 * in reference count field. they are ready to be freed. reference from 111 * SA header will be removed in key_delsav(), when the reference count 112 * field hits 0 (= no external reference other than from SA header. 113 */ 114 115 VNET_DEFINE(u_int32_t, key_debug_level) = 0; 116 VNET_DEFINE_STATIC(u_int, key_spi_trycnt) = 1000; 117 VNET_DEFINE_STATIC(u_int32_t, key_spi_minval) = 0x100; 118 VNET_DEFINE_STATIC(u_int32_t, key_spi_maxval) = 0x0fffffff; /* XXX */ 119 VNET_DEFINE_STATIC(u_int32_t, policy_id) = 0; 120 /*interval to initialize randseed,1(m)*/ 121 VNET_DEFINE_STATIC(u_int, key_int_random) = 60; 122 /* interval to expire acquiring, 30(s)*/ 123 VNET_DEFINE_STATIC(u_int, key_larval_lifetime) = 30; 124 /* counter for blocking SADB_ACQUIRE.*/ 125 VNET_DEFINE_STATIC(int, key_blockacq_count) = 10; 126 /* lifetime for blocking SADB_ACQUIRE.*/ 127 VNET_DEFINE_STATIC(int, key_blockacq_lifetime) = 20; 128 /* preferred old sa rather than new sa.*/ 129 VNET_DEFINE_STATIC(int, key_preferred_oldsa) = 1; 130 #define V_key_spi_trycnt VNET(key_spi_trycnt) 131 #define V_key_spi_minval VNET(key_spi_minval) 132 #define V_key_spi_maxval VNET(key_spi_maxval) 133 #define V_policy_id VNET(policy_id) 134 #define V_key_int_random VNET(key_int_random) 135 #define V_key_larval_lifetime VNET(key_larval_lifetime) 136 #define V_key_blockacq_count VNET(key_blockacq_count) 137 #define V_key_blockacq_lifetime VNET(key_blockacq_lifetime) 138 #define V_key_preferred_oldsa VNET(key_preferred_oldsa) 139 140 VNET_DEFINE_STATIC(u_int32_t, acq_seq) = 0; 141 #define V_acq_seq VNET(acq_seq) 142 143 VNET_DEFINE_STATIC(uint32_t, sp_genid) = 0; 144 #define V_sp_genid VNET(sp_genid) 145 146 /* SPD */ 147 TAILQ_HEAD(secpolicy_queue, secpolicy); 148 LIST_HEAD(secpolicy_list, secpolicy); 149 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree[IPSEC_DIR_MAX]); 150 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree_ifnet[IPSEC_DIR_MAX]); 151 static struct rmlock sptree_lock; 152 #define V_sptree VNET(sptree) 153 #define V_sptree_ifnet VNET(sptree_ifnet) 154 #define SPTREE_LOCK_INIT() rm_init(&sptree_lock, "sptree") 155 #define SPTREE_LOCK_DESTROY() rm_destroy(&sptree_lock) 156 #define SPTREE_RLOCK_TRACKER struct rm_priotracker sptree_tracker 157 #define SPTREE_RLOCK() rm_rlock(&sptree_lock, &sptree_tracker) 158 #define SPTREE_RUNLOCK() rm_runlock(&sptree_lock, &sptree_tracker) 159 #define SPTREE_RLOCK_ASSERT() rm_assert(&sptree_lock, RA_RLOCKED) 160 #define SPTREE_WLOCK() rm_wlock(&sptree_lock) 161 #define SPTREE_WUNLOCK() rm_wunlock(&sptree_lock) 162 #define SPTREE_WLOCK_ASSERT() rm_assert(&sptree_lock, RA_WLOCKED) 163 #define SPTREE_UNLOCK_ASSERT() rm_assert(&sptree_lock, RA_UNLOCKED) 164 165 /* Hash table for lookup SP using unique id */ 166 VNET_DEFINE_STATIC(struct secpolicy_list *, sphashtbl); 167 VNET_DEFINE_STATIC(u_long, sphash_mask); 168 #define V_sphashtbl VNET(sphashtbl) 169 #define V_sphash_mask VNET(sphash_mask) 170 171 #define SPHASH_NHASH_LOG2 7 172 #define SPHASH_NHASH (1 << SPHASH_NHASH_LOG2) 173 #define SPHASH_HASHVAL(id) (key_u32hash(id) & V_sphash_mask) 174 #define SPHASH_HASH(id) &V_sphashtbl[SPHASH_HASHVAL(id)] 175 176 /* SPD cache */ 177 struct spdcache_entry { 178 struct secpolicyindex spidx; /* secpolicyindex */ 179 struct secpolicy *sp; /* cached policy to be used */ 180 181 LIST_ENTRY(spdcache_entry) chain; 182 }; 183 LIST_HEAD(spdcache_entry_list, spdcache_entry); 184 185 #define SPDCACHE_MAX_ENTRIES_PER_HASH 8 186 187 VNET_DEFINE_STATIC(u_int, key_spdcache_maxentries) = 0; 188 #define V_key_spdcache_maxentries VNET(key_spdcache_maxentries) 189 VNET_DEFINE_STATIC(u_int, key_spdcache_threshold) = 32; 190 #define V_key_spdcache_threshold VNET(key_spdcache_threshold) 191 VNET_DEFINE_STATIC(unsigned long, spd_size) = 0; 192 #define V_spd_size VNET(spd_size) 193 194 #define SPDCACHE_ENABLED() (V_key_spdcache_maxentries != 0) 195 #define SPDCACHE_ACTIVE() \ 196 (SPDCACHE_ENABLED() && V_spd_size >= V_key_spdcache_threshold) 197 198 VNET_DEFINE_STATIC(struct spdcache_entry_list *, spdcachehashtbl); 199 VNET_DEFINE_STATIC(u_long, spdcachehash_mask); 200 #define V_spdcachehashtbl VNET(spdcachehashtbl) 201 #define V_spdcachehash_mask VNET(spdcachehash_mask) 202 203 #define SPDCACHE_HASHVAL(idx) \ 204 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->ul_proto) & \ 205 V_spdcachehash_mask) 206 207 /* Each cache line is protected by a mutex */ 208 VNET_DEFINE_STATIC(struct mtx *, spdcache_lock); 209 #define V_spdcache_lock VNET(spdcache_lock) 210 211 #define SPDCACHE_LOCK_INIT(a) \ 212 mtx_init(&V_spdcache_lock[a], "spdcache", \ 213 "fast ipsec SPD cache", MTX_DEF|MTX_DUPOK) 214 #define SPDCACHE_LOCK_DESTROY(a) mtx_destroy(&V_spdcache_lock[a]) 215 #define SPDCACHE_LOCK(a) mtx_lock(&V_spdcache_lock[a]); 216 #define SPDCACHE_UNLOCK(a) mtx_unlock(&V_spdcache_lock[a]); 217 218 /* SAD */ 219 TAILQ_HEAD(secashead_queue, secashead); 220 LIST_HEAD(secashead_list, secashead); 221 VNET_DEFINE_STATIC(struct secashead_queue, sahtree); 222 static struct rmlock sahtree_lock; 223 #define V_sahtree VNET(sahtree) 224 #define SAHTREE_LOCK_INIT() rm_init(&sahtree_lock, "sahtree") 225 #define SAHTREE_LOCK_DESTROY() rm_destroy(&sahtree_lock) 226 #define SAHTREE_RLOCK_TRACKER struct rm_priotracker sahtree_tracker 227 #define SAHTREE_RLOCK() rm_rlock(&sahtree_lock, &sahtree_tracker) 228 #define SAHTREE_RUNLOCK() rm_runlock(&sahtree_lock, &sahtree_tracker) 229 #define SAHTREE_RLOCK_ASSERT() rm_assert(&sahtree_lock, RA_RLOCKED) 230 #define SAHTREE_WLOCK() rm_wlock(&sahtree_lock) 231 #define SAHTREE_WUNLOCK() rm_wunlock(&sahtree_lock) 232 #define SAHTREE_WLOCK_ASSERT() rm_assert(&sahtree_lock, RA_WLOCKED) 233 #define SAHTREE_UNLOCK_ASSERT() rm_assert(&sahtree_lock, RA_UNLOCKED) 234 235 /* Hash table for lookup in SAD using SA addresses */ 236 VNET_DEFINE_STATIC(struct secashead_list *, sahaddrhashtbl); 237 VNET_DEFINE_STATIC(u_long, sahaddrhash_mask); 238 #define V_sahaddrhashtbl VNET(sahaddrhashtbl) 239 #define V_sahaddrhash_mask VNET(sahaddrhash_mask) 240 241 #define SAHHASH_NHASH_LOG2 7 242 #define SAHHASH_NHASH (1 << SAHHASH_NHASH_LOG2) 243 #define SAHADDRHASH_HASHVAL(idx) \ 244 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 245 V_sahaddrhash_mask) 246 #define SAHADDRHASH_HASH(saidx) \ 247 &V_sahaddrhashtbl[SAHADDRHASH_HASHVAL(saidx)] 248 249 /* Hash table for lookup in SAD using SPI */ 250 LIST_HEAD(secasvar_list, secasvar); 251 VNET_DEFINE_STATIC(struct secasvar_list *, savhashtbl); 252 VNET_DEFINE_STATIC(u_long, savhash_mask); 253 #define V_savhashtbl VNET(savhashtbl) 254 #define V_savhash_mask VNET(savhash_mask) 255 #define SAVHASH_NHASH_LOG2 7 256 #define SAVHASH_NHASH (1 << SAVHASH_NHASH_LOG2) 257 #define SAVHASH_HASHVAL(spi) (key_u32hash(spi) & V_savhash_mask) 258 #define SAVHASH_HASH(spi) &V_savhashtbl[SAVHASH_HASHVAL(spi)] 259 260 static uint32_t 261 key_addrprotohash(const union sockaddr_union *src, 262 const union sockaddr_union *dst, const uint8_t *proto) 263 { 264 uint32_t hval; 265 266 hval = fnv_32_buf(proto, sizeof(*proto), 267 FNV1_32_INIT); 268 switch (dst->sa.sa_family) { 269 #ifdef INET 270 case AF_INET: 271 hval = fnv_32_buf(&src->sin.sin_addr, 272 sizeof(in_addr_t), hval); 273 hval = fnv_32_buf(&dst->sin.sin_addr, 274 sizeof(in_addr_t), hval); 275 break; 276 #endif 277 #ifdef INET6 278 case AF_INET6: 279 hval = fnv_32_buf(&src->sin6.sin6_addr, 280 sizeof(struct in6_addr), hval); 281 hval = fnv_32_buf(&dst->sin6.sin6_addr, 282 sizeof(struct in6_addr), hval); 283 break; 284 #endif 285 default: 286 hval = 0; 287 ipseclog((LOG_DEBUG, "%s: unknown address family %d", 288 __func__, dst->sa.sa_family)); 289 } 290 return (hval); 291 } 292 293 static uint32_t 294 key_u32hash(uint32_t val) 295 { 296 297 return (fnv_32_buf(&val, sizeof(val), FNV1_32_INIT)); 298 } 299 300 /* registed list */ 301 VNET_DEFINE_STATIC(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]); 302 #define V_regtree VNET(regtree) 303 static struct mtx regtree_lock; 304 #define REGTREE_LOCK_INIT() \ 305 mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF) 306 #define REGTREE_LOCK_DESTROY() mtx_destroy(®tree_lock) 307 #define REGTREE_LOCK() mtx_lock(®tree_lock) 308 #define REGTREE_UNLOCK() mtx_unlock(®tree_lock) 309 #define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED) 310 311 /* Acquiring list */ 312 LIST_HEAD(secacq_list, secacq); 313 VNET_DEFINE_STATIC(struct secacq_list, acqtree); 314 #define V_acqtree VNET(acqtree) 315 static struct mtx acq_lock; 316 #define ACQ_LOCK_INIT() \ 317 mtx_init(&acq_lock, "acqtree", "ipsec SA acquiring list", MTX_DEF) 318 #define ACQ_LOCK_DESTROY() mtx_destroy(&acq_lock) 319 #define ACQ_LOCK() mtx_lock(&acq_lock) 320 #define ACQ_UNLOCK() mtx_unlock(&acq_lock) 321 #define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED) 322 323 /* Hash table for lookup in ACQ list using SA addresses */ 324 VNET_DEFINE_STATIC(struct secacq_list *, acqaddrhashtbl); 325 VNET_DEFINE_STATIC(u_long, acqaddrhash_mask); 326 #define V_acqaddrhashtbl VNET(acqaddrhashtbl) 327 #define V_acqaddrhash_mask VNET(acqaddrhash_mask) 328 329 /* Hash table for lookup in ACQ list using SEQ number */ 330 VNET_DEFINE_STATIC(struct secacq_list *, acqseqhashtbl); 331 VNET_DEFINE_STATIC(u_long, acqseqhash_mask); 332 #define V_acqseqhashtbl VNET(acqseqhashtbl) 333 #define V_acqseqhash_mask VNET(acqseqhash_mask) 334 335 #define ACQHASH_NHASH_LOG2 7 336 #define ACQHASH_NHASH (1 << ACQHASH_NHASH_LOG2) 337 #define ACQADDRHASH_HASHVAL(idx) \ 338 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 339 V_acqaddrhash_mask) 340 #define ACQSEQHASH_HASHVAL(seq) \ 341 (key_u32hash(seq) & V_acqseqhash_mask) 342 #define ACQADDRHASH_HASH(saidx) \ 343 &V_acqaddrhashtbl[ACQADDRHASH_HASHVAL(saidx)] 344 #define ACQSEQHASH_HASH(seq) \ 345 &V_acqseqhashtbl[ACQSEQHASH_HASHVAL(seq)] 346 /* SP acquiring list */ 347 VNET_DEFINE_STATIC(LIST_HEAD(_spacqtree, secspacq), spacqtree); 348 #define V_spacqtree VNET(spacqtree) 349 static struct mtx spacq_lock; 350 #define SPACQ_LOCK_INIT() \ 351 mtx_init(&spacq_lock, "spacqtree", \ 352 "fast ipsec security policy acquire list", MTX_DEF) 353 #define SPACQ_LOCK_DESTROY() mtx_destroy(&spacq_lock) 354 #define SPACQ_LOCK() mtx_lock(&spacq_lock) 355 #define SPACQ_UNLOCK() mtx_unlock(&spacq_lock) 356 #define SPACQ_LOCK_ASSERT() mtx_assert(&spacq_lock, MA_OWNED) 357 358 static const int minsize[] = { 359 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 360 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 361 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 362 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 363 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 364 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */ 365 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */ 366 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */ 367 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */ 368 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */ 369 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */ 370 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */ 371 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */ 372 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */ 373 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */ 374 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */ 375 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 376 0, /* SADB_X_EXT_KMPRIVATE */ 377 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */ 378 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 379 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 380 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 381 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 382 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAI */ 383 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAR */ 384 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 385 sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */ 386 sizeof(struct sadb_address), /* SADB_X_EXT_NEW_ADDRESS_SRC */ 387 sizeof(struct sadb_address), /* SADB_X_EXT_NEW_ADDRESS_DST */ 388 }; 389 _Static_assert(sizeof(minsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch"); 390 391 static const int maxsize[] = { 392 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 393 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 394 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 395 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 396 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 397 0, /* SADB_EXT_ADDRESS_SRC */ 398 0, /* SADB_EXT_ADDRESS_DST */ 399 0, /* SADB_EXT_ADDRESS_PROXY */ 400 0, /* SADB_EXT_KEY_AUTH */ 401 0, /* SADB_EXT_KEY_ENCRYPT */ 402 0, /* SADB_EXT_IDENTITY_SRC */ 403 0, /* SADB_EXT_IDENTITY_DST */ 404 0, /* SADB_EXT_SENSITIVITY */ 405 0, /* SADB_EXT_PROPOSAL */ 406 0, /* SADB_EXT_SUPPORTED_AUTH */ 407 0, /* SADB_EXT_SUPPORTED_ENCRYPT */ 408 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 409 0, /* SADB_X_EXT_KMPRIVATE */ 410 0, /* SADB_X_EXT_POLICY */ 411 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 412 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 413 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 414 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 415 0, /* SADB_X_EXT_NAT_T_OAI */ 416 0, /* SADB_X_EXT_NAT_T_OAR */ 417 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 418 sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */ 419 0, /* SADB_X_EXT_NEW_ADDRESS_SRC */ 420 0, /* SADB_X_EXT_NEW_ADDRESS_DST */ 421 }; 422 _Static_assert(sizeof(maxsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch"); 423 424 /* 425 * Internal values for SA flags: 426 * SADB_X_EXT_F_CLONED means that SA was cloned by key_updateaddresses, 427 * thus we will not free the most of SA content in key_delsav(). 428 */ 429 #define SADB_X_EXT_F_CLONED 0x80000000 430 431 #define SADB_CHECKLEN(_mhp, _ext) \ 432 ((_mhp)->extlen[(_ext)] < minsize[(_ext)] || (maxsize[(_ext)] != 0 && \ 433 ((_mhp)->extlen[(_ext)] > maxsize[(_ext)]))) 434 #define SADB_CHECKHDR(_mhp, _ext) ((_mhp)->ext[(_ext)] == NULL) 435 436 VNET_DEFINE_STATIC(int, ipsec_esp_keymin) = 256; 437 VNET_DEFINE_STATIC(int, ipsec_esp_auth) = 0; 438 VNET_DEFINE_STATIC(int, ipsec_ah_keymin) = 128; 439 440 #define V_ipsec_esp_keymin VNET(ipsec_esp_keymin) 441 #define V_ipsec_esp_auth VNET(ipsec_esp_auth) 442 #define V_ipsec_ah_keymin VNET(ipsec_ah_keymin) 443 444 #ifdef IPSEC_DEBUG 445 VNET_DEFINE(int, ipsec_debug) = 1; 446 #else 447 VNET_DEFINE(int, ipsec_debug) = 0; 448 #endif 449 450 #ifdef INET 451 SYSCTL_DECL(_net_inet_ipsec); 452 SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, debug, 453 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 454 "Enable IPsec debugging output when set."); 455 #endif 456 #ifdef INET6 457 SYSCTL_DECL(_net_inet6_ipsec6); 458 SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, debug, 459 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 460 "Enable IPsec debugging output when set."); 461 #endif 462 463 SYSCTL_DECL(_net_key); 464 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, 465 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, ""); 466 467 /* max count of trial for the decision of spi value */ 468 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, 469 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, ""); 470 471 /* minimum spi value to allocate automatically. */ 472 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, 473 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, ""); 474 475 /* maximun spi value to allocate automatically. */ 476 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, 477 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, ""); 478 479 /* interval to initialize randseed */ 480 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, 481 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_int_random), 0, ""); 482 483 /* lifetime for larval SA */ 484 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, 485 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, ""); 486 487 /* counter for blocking to send SADB_ACQUIRE to IKEd */ 488 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, 489 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, ""); 490 491 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ 492 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, 493 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, ""); 494 495 /* ESP auth */ 496 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, 497 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, ""); 498 499 /* minimum ESP key length */ 500 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, 501 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, ""); 502 503 /* minimum AH key length */ 504 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, 505 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, ""); 506 507 /* perfered old SA rather than new SA */ 508 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, 509 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, ""); 510 511 static SYSCTL_NODE(_net_key, OID_AUTO, spdcache, CTLFLAG_RW, 0, "SPD cache"); 512 513 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, maxentries, 514 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_maxentries), 0, 515 "Maximum number of entries in the SPD cache" 516 " (power of 2, 0 to disable)"); 517 518 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, threshold, 519 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_threshold), 0, 520 "Number of SPs that make the SPD cache active"); 521 522 #define __LIST_CHAINED(elm) \ 523 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) 524 525 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association"); 526 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head"); 527 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy"); 528 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request"); 529 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous"); 530 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire"); 531 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire"); 532 MALLOC_DEFINE(M_IPSEC_SPDCACHE, "ipsec-spdcache", "ipsec SPD cache"); 533 534 VNET_DEFINE_STATIC(uma_zone_t, key_lft_zone); 535 #define V_key_lft_zone VNET(key_lft_zone) 536 537 /* 538 * set parameters into secpolicyindex buffer. 539 * Must allocate secpolicyindex buffer passed to this function. 540 */ 541 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \ 542 do { \ 543 bzero((idx), sizeof(struct secpolicyindex)); \ 544 (idx)->dir = (_dir); \ 545 (idx)->prefs = (ps); \ 546 (idx)->prefd = (pd); \ 547 (idx)->ul_proto = (ulp); \ 548 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 549 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 550 } while (0) 551 552 /* 553 * set parameters into secasindex buffer. 554 * Must allocate secasindex buffer before calling this function. 555 */ 556 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \ 557 do { \ 558 bzero((idx), sizeof(struct secasindex)); \ 559 (idx)->proto = (p); \ 560 (idx)->mode = (m); \ 561 (idx)->reqid = (r); \ 562 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 563 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 564 key_porttosaddr(&(idx)->src.sa, 0); \ 565 key_porttosaddr(&(idx)->dst.sa, 0); \ 566 } while (0) 567 568 /* key statistics */ 569 struct _keystat { 570 u_long getspi_count; /* the avarage of count to try to get new SPI */ 571 } keystat; 572 573 struct sadb_msghdr { 574 struct sadb_msg *msg; 575 struct sadb_ext *ext[SADB_EXT_MAX + 1]; 576 int extoff[SADB_EXT_MAX + 1]; 577 int extlen[SADB_EXT_MAX + 1]; 578 }; 579 580 static struct supported_ealgs { 581 int sadb_alg; 582 const struct enc_xform *xform; 583 } supported_ealgs[] = { 584 { SADB_EALG_DESCBC, &enc_xform_des }, 585 { SADB_EALG_3DESCBC, &enc_xform_3des }, 586 { SADB_X_EALG_AES, &enc_xform_rijndael128 }, 587 { SADB_X_EALG_BLOWFISHCBC, &enc_xform_blf }, 588 { SADB_X_EALG_CAST128CBC, &enc_xform_cast5 }, 589 { SADB_EALG_NULL, &enc_xform_null }, 590 { SADB_X_EALG_CAMELLIACBC, &enc_xform_camellia }, 591 { SADB_X_EALG_AESCTR, &enc_xform_aes_icm }, 592 { SADB_X_EALG_AESGCM16, &enc_xform_aes_nist_gcm }, 593 { SADB_X_EALG_AESGMAC, &enc_xform_aes_nist_gmac }, 594 }; 595 596 static struct supported_aalgs { 597 int sadb_alg; 598 const struct auth_hash *xform; 599 } supported_aalgs[] = { 600 { SADB_X_AALG_NULL, &auth_hash_null }, 601 { SADB_AALG_MD5HMAC, &auth_hash_hmac_md5 }, 602 { SADB_AALG_SHA1HMAC, &auth_hash_hmac_sha1 }, 603 { SADB_X_AALG_RIPEMD160HMAC, &auth_hash_hmac_ripemd_160 }, 604 { SADB_X_AALG_MD5, &auth_hash_key_md5 }, 605 { SADB_X_AALG_SHA, &auth_hash_key_sha1 }, 606 { SADB_X_AALG_SHA2_256, &auth_hash_hmac_sha2_256 }, 607 { SADB_X_AALG_SHA2_384, &auth_hash_hmac_sha2_384 }, 608 { SADB_X_AALG_SHA2_512, &auth_hash_hmac_sha2_512 }, 609 { SADB_X_AALG_AES128GMAC, &auth_hash_nist_gmac_aes_128 }, 610 { SADB_X_AALG_AES192GMAC, &auth_hash_nist_gmac_aes_192 }, 611 { SADB_X_AALG_AES256GMAC, &auth_hash_nist_gmac_aes_256 }, 612 }; 613 614 static struct supported_calgs { 615 int sadb_alg; 616 const struct comp_algo *xform; 617 } supported_calgs[] = { 618 { SADB_X_CALG_DEFLATE, &comp_algo_deflate }, 619 }; 620 621 #ifndef IPSEC_DEBUG2 622 static struct callout key_timer; 623 #endif 624 625 static void key_unlink(struct secpolicy *); 626 static struct secpolicy *key_do_allocsp(struct secpolicyindex *spidx, u_int dir); 627 static struct secpolicy *key_getsp(struct secpolicyindex *); 628 static struct secpolicy *key_getspbyid(u_int32_t); 629 static struct mbuf *key_gather_mbuf(struct mbuf *, 630 const struct sadb_msghdr *, int, int, ...); 631 static int key_spdadd(struct socket *, struct mbuf *, 632 const struct sadb_msghdr *); 633 static uint32_t key_getnewspid(void); 634 static int key_spddelete(struct socket *, struct mbuf *, 635 const struct sadb_msghdr *); 636 static int key_spddelete2(struct socket *, struct mbuf *, 637 const struct sadb_msghdr *); 638 static int key_spdget(struct socket *, struct mbuf *, 639 const struct sadb_msghdr *); 640 static int key_spdflush(struct socket *, struct mbuf *, 641 const struct sadb_msghdr *); 642 static int key_spddump(struct socket *, struct mbuf *, 643 const struct sadb_msghdr *); 644 static struct mbuf *key_setdumpsp(struct secpolicy *, 645 u_int8_t, u_int32_t, u_int32_t); 646 static struct mbuf *key_sp2mbuf(struct secpolicy *); 647 static size_t key_getspreqmsglen(struct secpolicy *); 648 static int key_spdexpire(struct secpolicy *); 649 static struct secashead *key_newsah(struct secasindex *); 650 static void key_freesah(struct secashead **); 651 static void key_delsah(struct secashead *); 652 static struct secasvar *key_newsav(const struct sadb_msghdr *, 653 struct secasindex *, uint32_t, int *); 654 static void key_delsav(struct secasvar *); 655 static void key_unlinksav(struct secasvar *); 656 static struct secashead *key_getsah(struct secasindex *); 657 static int key_checkspidup(uint32_t); 658 static struct secasvar *key_getsavbyspi(uint32_t); 659 static int key_setnatt(struct secasvar *, const struct sadb_msghdr *); 660 static int key_setsaval(struct secasvar *, const struct sadb_msghdr *); 661 static int key_updatelifetimes(struct secasvar *, const struct sadb_msghdr *); 662 static int key_updateaddresses(struct socket *, struct mbuf *, 663 const struct sadb_msghdr *, struct secasvar *, struct secasindex *); 664 665 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t, 666 u_int8_t, u_int32_t, u_int32_t); 667 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t, 668 u_int32_t, pid_t, u_int16_t); 669 static struct mbuf *key_setsadbsa(struct secasvar *); 670 static struct mbuf *key_setsadbaddr(u_int16_t, 671 const struct sockaddr *, u_int8_t, u_int16_t); 672 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t); 673 static struct mbuf *key_setsadbxtype(u_int16_t); 674 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t); 675 static struct mbuf *key_setsadbxsareplay(u_int32_t); 676 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t, 677 u_int32_t, u_int32_t); 678 static struct seckey *key_dup_keymsg(const struct sadb_key *, size_t, 679 struct malloc_type *); 680 static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src, 681 struct malloc_type *); 682 683 /* flags for key_cmpsaidx() */ 684 #define CMP_HEAD 1 /* protocol, addresses. */ 685 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */ 686 #define CMP_REQID 3 /* additionally HEAD, reaid. */ 687 #define CMP_EXACTLY 4 /* all elements. */ 688 static int key_cmpsaidx(const struct secasindex *, 689 const struct secasindex *, int); 690 static int key_cmpspidx_exactly(struct secpolicyindex *, 691 struct secpolicyindex *); 692 static int key_cmpspidx_withmask(struct secpolicyindex *, 693 struct secpolicyindex *); 694 static int key_bbcmp(const void *, const void *, u_int); 695 static uint8_t key_satype2proto(uint8_t); 696 static uint8_t key_proto2satype(uint8_t); 697 698 static int key_getspi(struct socket *, struct mbuf *, 699 const struct sadb_msghdr *); 700 static uint32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *); 701 static int key_update(struct socket *, struct mbuf *, 702 const struct sadb_msghdr *); 703 static int key_add(struct socket *, struct mbuf *, 704 const struct sadb_msghdr *); 705 static int key_setident(struct secashead *, const struct sadb_msghdr *); 706 static struct mbuf *key_getmsgbuf_x1(struct mbuf *, 707 const struct sadb_msghdr *); 708 static int key_delete(struct socket *, struct mbuf *, 709 const struct sadb_msghdr *); 710 static int key_delete_all(struct socket *, struct mbuf *, 711 const struct sadb_msghdr *, struct secasindex *); 712 static int key_get(struct socket *, struct mbuf *, 713 const struct sadb_msghdr *); 714 715 static void key_getcomb_setlifetime(struct sadb_comb *); 716 static struct mbuf *key_getcomb_ealg(void); 717 static struct mbuf *key_getcomb_ah(void); 718 static struct mbuf *key_getcomb_ipcomp(void); 719 static struct mbuf *key_getprop(const struct secasindex *); 720 721 static int key_acquire(const struct secasindex *, struct secpolicy *); 722 static uint32_t key_newacq(const struct secasindex *, int *); 723 static uint32_t key_getacq(const struct secasindex *, int *); 724 static int key_acqdone(const struct secasindex *, uint32_t); 725 static int key_acqreset(uint32_t); 726 static struct secspacq *key_newspacq(struct secpolicyindex *); 727 static struct secspacq *key_getspacq(struct secpolicyindex *); 728 static int key_acquire2(struct socket *, struct mbuf *, 729 const struct sadb_msghdr *); 730 static int key_register(struct socket *, struct mbuf *, 731 const struct sadb_msghdr *); 732 static int key_expire(struct secasvar *, int); 733 static int key_flush(struct socket *, struct mbuf *, 734 const struct sadb_msghdr *); 735 static int key_dump(struct socket *, struct mbuf *, 736 const struct sadb_msghdr *); 737 static int key_promisc(struct socket *, struct mbuf *, 738 const struct sadb_msghdr *); 739 static int key_senderror(struct socket *, struct mbuf *, int); 740 static int key_validate_ext(const struct sadb_ext *, int); 741 static int key_align(struct mbuf *, struct sadb_msghdr *); 742 static struct mbuf *key_setlifetime(struct seclifetime *, uint16_t); 743 static struct mbuf *key_setkey(struct seckey *, uint16_t); 744 745 static void spdcache_init(void); 746 static void spdcache_clear(void); 747 static struct spdcache_entry *spdcache_entry_alloc( 748 const struct secpolicyindex *spidx, 749 struct secpolicy *policy); 750 static void spdcache_entry_free(struct spdcache_entry *entry); 751 #ifdef VIMAGE 752 static void spdcache_destroy(void); 753 #endif 754 755 #define DBG_IPSEC_INITREF(t, p) do { \ 756 refcount_init(&(p)->refcnt, 1); \ 757 KEYDBG(KEY_STAMP, \ 758 printf("%s: Initialize refcnt %s(%p) = %u\n", \ 759 __func__, #t, (p), (p)->refcnt)); \ 760 } while (0) 761 #define DBG_IPSEC_ADDREF(t, p) do { \ 762 refcount_acquire(&(p)->refcnt); \ 763 KEYDBG(KEY_STAMP, \ 764 printf("%s: Acquire refcnt %s(%p) -> %u\n", \ 765 __func__, #t, (p), (p)->refcnt)); \ 766 } while (0) 767 #define DBG_IPSEC_DELREF(t, p) do { \ 768 KEYDBG(KEY_STAMP, \ 769 printf("%s: Release refcnt %s(%p) -> %u\n", \ 770 __func__, #t, (p), (p)->refcnt - 1)); \ 771 refcount_release(&(p)->refcnt); \ 772 } while (0) 773 774 #define IPSEC_INITREF(t, p) refcount_init(&(p)->refcnt, 1) 775 #define IPSEC_ADDREF(t, p) refcount_acquire(&(p)->refcnt) 776 #define IPSEC_DELREF(t, p) refcount_release(&(p)->refcnt) 777 778 #define SP_INITREF(p) IPSEC_INITREF(SP, p) 779 #define SP_ADDREF(p) IPSEC_ADDREF(SP, p) 780 #define SP_DELREF(p) IPSEC_DELREF(SP, p) 781 782 #define SAH_INITREF(p) IPSEC_INITREF(SAH, p) 783 #define SAH_ADDREF(p) IPSEC_ADDREF(SAH, p) 784 #define SAH_DELREF(p) IPSEC_DELREF(SAH, p) 785 786 #define SAV_INITREF(p) IPSEC_INITREF(SAV, p) 787 #define SAV_ADDREF(p) IPSEC_ADDREF(SAV, p) 788 #define SAV_DELREF(p) IPSEC_DELREF(SAV, p) 789 790 /* 791 * Update the refcnt while holding the SPTREE lock. 792 */ 793 void 794 key_addref(struct secpolicy *sp) 795 { 796 797 SP_ADDREF(sp); 798 } 799 800 /* 801 * Return 0 when there are known to be no SP's for the specified 802 * direction. Otherwise return 1. This is used by IPsec code 803 * to optimize performance. 804 */ 805 int 806 key_havesp(u_int dir) 807 { 808 809 return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ? 810 TAILQ_FIRST(&V_sptree[dir]) != NULL : 1); 811 } 812 813 /* %%% IPsec policy management */ 814 /* 815 * Return current SPDB generation. 816 */ 817 uint32_t 818 key_getspgen(void) 819 { 820 821 return (V_sp_genid); 822 } 823 824 void 825 key_bumpspgen(void) 826 { 827 828 V_sp_genid++; 829 } 830 831 static int 832 key_checksockaddrs(struct sockaddr *src, struct sockaddr *dst) 833 { 834 835 /* family match */ 836 if (src->sa_family != dst->sa_family) 837 return (EINVAL); 838 /* sa_len match */ 839 if (src->sa_len != dst->sa_len) 840 return (EINVAL); 841 switch (src->sa_family) { 842 #ifdef INET 843 case AF_INET: 844 if (src->sa_len != sizeof(struct sockaddr_in)) 845 return (EINVAL); 846 break; 847 #endif 848 #ifdef INET6 849 case AF_INET6: 850 if (src->sa_len != sizeof(struct sockaddr_in6)) 851 return (EINVAL); 852 break; 853 #endif 854 default: 855 return (EAFNOSUPPORT); 856 } 857 return (0); 858 } 859 860 struct secpolicy * 861 key_do_allocsp(struct secpolicyindex *spidx, u_int dir) 862 { 863 SPTREE_RLOCK_TRACKER; 864 struct secpolicy *sp; 865 866 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 867 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 868 ("invalid direction %u", dir)); 869 870 SPTREE_RLOCK(); 871 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 872 if (key_cmpspidx_withmask(&sp->spidx, spidx)) { 873 SP_ADDREF(sp); 874 break; 875 } 876 } 877 SPTREE_RUNLOCK(); 878 return (sp); 879 } 880 881 882 /* 883 * allocating a SP for OUTBOUND or INBOUND packet. 884 * Must call key_freesp() later. 885 * OUT: NULL: not found 886 * others: found and return the pointer. 887 */ 888 struct secpolicy * 889 key_allocsp(struct secpolicyindex *spidx, u_int dir) 890 { 891 struct spdcache_entry *entry, *lastentry, *tmpentry; 892 struct secpolicy *sp; 893 uint32_t hashv; 894 int nb_entries; 895 896 if (!SPDCACHE_ACTIVE()) { 897 sp = key_do_allocsp(spidx, dir); 898 goto out; 899 } 900 901 hashv = SPDCACHE_HASHVAL(spidx); 902 SPDCACHE_LOCK(hashv); 903 nb_entries = 0; 904 LIST_FOREACH_SAFE(entry, &V_spdcachehashtbl[hashv], chain, tmpentry) { 905 /* Removed outdated entries */ 906 if (entry->sp != NULL && 907 entry->sp->state == IPSEC_SPSTATE_DEAD) { 908 LIST_REMOVE(entry, chain); 909 spdcache_entry_free(entry); 910 continue; 911 } 912 913 nb_entries++; 914 if (!key_cmpspidx_exactly(&entry->spidx, spidx)) { 915 lastentry = entry; 916 continue; 917 } 918 919 sp = entry->sp; 920 if (entry->sp != NULL) 921 SP_ADDREF(sp); 922 923 /* IPSECSTAT_INC(ips_spdcache_hits); */ 924 925 SPDCACHE_UNLOCK(hashv); 926 goto out; 927 } 928 929 /* IPSECSTAT_INC(ips_spdcache_misses); */ 930 931 sp = key_do_allocsp(spidx, dir); 932 entry = spdcache_entry_alloc(spidx, sp); 933 if (entry != NULL) { 934 if (nb_entries >= SPDCACHE_MAX_ENTRIES_PER_HASH) { 935 LIST_REMOVE(lastentry, chain); 936 spdcache_entry_free(lastentry); 937 } 938 939 LIST_INSERT_HEAD(&V_spdcachehashtbl[hashv], entry, chain); 940 } 941 942 SPDCACHE_UNLOCK(hashv); 943 944 out: 945 if (sp != NULL) { /* found a SPD entry */ 946 sp->lastused = time_second; 947 KEYDBG(IPSEC_STAMP, 948 printf("%s: return SP(%p)\n", __func__, sp)); 949 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 950 } else { 951 KEYDBG(IPSEC_DATA, 952 printf("%s: lookup failed for ", __func__); 953 kdebug_secpolicyindex(spidx, NULL)); 954 } 955 return (sp); 956 } 957 958 /* 959 * Allocating an SA entry for an *INBOUND* or *OUTBOUND* TCP packet, signed 960 * or should be signed by MD5 signature. 961 * We don't use key_allocsa() for such lookups, because we don't know SPI. 962 * Unlike ESP and AH protocols, SPI isn't transmitted in the TCP header with 963 * signed packet. We use SADB only as storage for password. 964 * OUT: positive: corresponding SA for given saidx found. 965 * NULL: SA not found 966 */ 967 struct secasvar * 968 key_allocsa_tcpmd5(struct secasindex *saidx) 969 { 970 SAHTREE_RLOCK_TRACKER; 971 struct secashead *sah; 972 struct secasvar *sav; 973 974 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, 975 ("unexpected security protocol %u", saidx->proto)); 976 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TCPMD5, 977 ("unexpected mode %u", saidx->mode)); 978 979 SAHTREE_RLOCK(); 980 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 981 KEYDBG(IPSEC_DUMP, 982 printf("%s: checking SAH\n", __func__); 983 kdebug_secash(sah, " ")); 984 if (sah->saidx.proto != IPPROTO_TCP) 985 continue; 986 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 987 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 988 break; 989 } 990 if (sah != NULL) { 991 if (V_key_preferred_oldsa) 992 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 993 else 994 sav = TAILQ_FIRST(&sah->savtree_alive); 995 if (sav != NULL) 996 SAV_ADDREF(sav); 997 } else 998 sav = NULL; 999 SAHTREE_RUNLOCK(); 1000 1001 if (sav != NULL) { 1002 KEYDBG(IPSEC_STAMP, 1003 printf("%s: return SA(%p)\n", __func__, sav)); 1004 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1005 } else { 1006 KEYDBG(IPSEC_STAMP, 1007 printf("%s: SA not found\n", __func__)); 1008 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1009 } 1010 return (sav); 1011 } 1012 1013 /* 1014 * Allocating an SA entry for an *OUTBOUND* packet. 1015 * OUT: positive: corresponding SA for given saidx found. 1016 * NULL: SA not found, but will be acquired, check *error 1017 * for acquiring status. 1018 */ 1019 struct secasvar * 1020 key_allocsa_policy(struct secpolicy *sp, const struct secasindex *saidx, 1021 int *error) 1022 { 1023 SAHTREE_RLOCK_TRACKER; 1024 struct secashead *sah; 1025 struct secasvar *sav; 1026 1027 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 1028 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || 1029 saidx->mode == IPSEC_MODE_TUNNEL, 1030 ("unexpected policy %u", saidx->mode)); 1031 1032 /* 1033 * We check new SA in the IPsec request because a different 1034 * SA may be involved each time this request is checked, either 1035 * because new SAs are being configured, or this request is 1036 * associated with an unconnected datagram socket, or this request 1037 * is associated with a system default policy. 1038 */ 1039 SAHTREE_RLOCK(); 1040 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 1041 KEYDBG(IPSEC_DUMP, 1042 printf("%s: checking SAH\n", __func__); 1043 kdebug_secash(sah, " ")); 1044 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) 1045 break; 1046 1047 } 1048 if (sah != NULL) { 1049 /* 1050 * Allocate the oldest SA available according to 1051 * draft-jenkins-ipsec-rekeying-03. 1052 */ 1053 if (V_key_preferred_oldsa) 1054 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1055 else 1056 sav = TAILQ_FIRST(&sah->savtree_alive); 1057 if (sav != NULL) 1058 SAV_ADDREF(sav); 1059 } else 1060 sav = NULL; 1061 SAHTREE_RUNLOCK(); 1062 1063 if (sav != NULL) { 1064 *error = 0; 1065 KEYDBG(IPSEC_STAMP, 1066 printf("%s: chosen SA(%p) for SP(%p)\n", __func__, 1067 sav, sp)); 1068 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1069 return (sav); /* return referenced SA */ 1070 } 1071 1072 /* there is no SA */ 1073 *error = key_acquire(saidx, sp); 1074 if ((*error) != 0) 1075 ipseclog((LOG_DEBUG, 1076 "%s: error %d returned from key_acquire()\n", 1077 __func__, *error)); 1078 KEYDBG(IPSEC_STAMP, 1079 printf("%s: acquire SA for SP(%p), error %d\n", 1080 __func__, sp, *error)); 1081 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1082 return (NULL); 1083 } 1084 1085 /* 1086 * allocating a usable SA entry for a *INBOUND* packet. 1087 * Must call key_freesav() later. 1088 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state). 1089 * NULL: not found, or error occurred. 1090 * 1091 * According to RFC 2401 SA is uniquely identified by a triple SPI, 1092 * destination address, and security protocol. But according to RFC 4301, 1093 * SPI by itself suffices to specify an SA. 1094 * 1095 * Note that, however, we do need to keep source address in IPsec SA. 1096 * IKE specification and PF_KEY specification do assume that we 1097 * keep source address in IPsec SA. We see a tricky situation here. 1098 */ 1099 struct secasvar * 1100 key_allocsa(union sockaddr_union *dst, uint8_t proto, uint32_t spi) 1101 { 1102 SAHTREE_RLOCK_TRACKER; 1103 struct secasvar *sav; 1104 1105 IPSEC_ASSERT(proto == IPPROTO_ESP || proto == IPPROTO_AH || 1106 proto == IPPROTO_IPCOMP, ("unexpected security protocol %u", 1107 proto)); 1108 1109 SAHTREE_RLOCK(); 1110 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 1111 if (sav->spi == spi) 1112 break; 1113 } 1114 /* 1115 * We use single SPI namespace for all protocols, so it is 1116 * impossible to have SPI duplicates in the SAVHASH. 1117 */ 1118 if (sav != NULL) { 1119 if (sav->state != SADB_SASTATE_LARVAL && 1120 sav->sah->saidx.proto == proto && 1121 key_sockaddrcmp(&dst->sa, 1122 &sav->sah->saidx.dst.sa, 0) == 0) 1123 SAV_ADDREF(sav); 1124 else 1125 sav = NULL; 1126 } 1127 SAHTREE_RUNLOCK(); 1128 1129 if (sav == NULL) { 1130 KEYDBG(IPSEC_STAMP, 1131 char buf[IPSEC_ADDRSTRLEN]; 1132 printf("%s: SA not found for spi %u proto %u dst %s\n", 1133 __func__, ntohl(spi), proto, ipsec_address(dst, buf, 1134 sizeof(buf)))); 1135 } else { 1136 KEYDBG(IPSEC_STAMP, 1137 printf("%s: return SA(%p)\n", __func__, sav)); 1138 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1139 } 1140 return (sav); 1141 } 1142 1143 struct secasvar * 1144 key_allocsa_tunnel(union sockaddr_union *src, union sockaddr_union *dst, 1145 uint8_t proto) 1146 { 1147 SAHTREE_RLOCK_TRACKER; 1148 struct secasindex saidx; 1149 struct secashead *sah; 1150 struct secasvar *sav; 1151 1152 IPSEC_ASSERT(src != NULL, ("null src address")); 1153 IPSEC_ASSERT(dst != NULL, ("null dst address")); 1154 1155 KEY_SETSECASIDX(proto, IPSEC_MODE_TUNNEL, 0, &src->sa, 1156 &dst->sa, &saidx); 1157 1158 sav = NULL; 1159 SAHTREE_RLOCK(); 1160 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 1161 if (IPSEC_MODE_TUNNEL != sah->saidx.mode) 1162 continue; 1163 if (proto != sah->saidx.proto) 1164 continue; 1165 if (key_sockaddrcmp(&src->sa, &sah->saidx.src.sa, 0) != 0) 1166 continue; 1167 if (key_sockaddrcmp(&dst->sa, &sah->saidx.dst.sa, 0) != 0) 1168 continue; 1169 /* XXXAE: is key_preferred_oldsa reasonably?*/ 1170 if (V_key_preferred_oldsa) 1171 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1172 else 1173 sav = TAILQ_FIRST(&sah->savtree_alive); 1174 if (sav != NULL) { 1175 SAV_ADDREF(sav); 1176 break; 1177 } 1178 } 1179 SAHTREE_RUNLOCK(); 1180 KEYDBG(IPSEC_STAMP, 1181 printf("%s: return SA(%p)\n", __func__, sav)); 1182 if (sav != NULL) 1183 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1184 return (sav); 1185 } 1186 1187 /* 1188 * Must be called after calling key_allocsp(). 1189 */ 1190 void 1191 key_freesp(struct secpolicy **spp) 1192 { 1193 struct secpolicy *sp = *spp; 1194 1195 IPSEC_ASSERT(sp != NULL, ("null sp")); 1196 if (SP_DELREF(sp) == 0) 1197 return; 1198 1199 KEYDBG(IPSEC_STAMP, 1200 printf("%s: last reference to SP(%p)\n", __func__, sp)); 1201 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 1202 1203 *spp = NULL; 1204 while (sp->tcount > 0) 1205 ipsec_delisr(sp->req[--sp->tcount]); 1206 free(sp, M_IPSEC_SP); 1207 } 1208 1209 static void 1210 key_unlink(struct secpolicy *sp) 1211 { 1212 1213 IPSEC_ASSERT(sp->spidx.dir == IPSEC_DIR_INBOUND || 1214 sp->spidx.dir == IPSEC_DIR_OUTBOUND, 1215 ("invalid direction %u", sp->spidx.dir)); 1216 SPTREE_UNLOCK_ASSERT(); 1217 1218 KEYDBG(KEY_STAMP, 1219 printf("%s: SP(%p)\n", __func__, sp)); 1220 SPTREE_WLOCK(); 1221 if (sp->state != IPSEC_SPSTATE_ALIVE) { 1222 /* SP is already unlinked */ 1223 SPTREE_WUNLOCK(); 1224 return; 1225 } 1226 sp->state = IPSEC_SPSTATE_DEAD; 1227 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 1228 V_spd_size--; 1229 LIST_REMOVE(sp, idhash); 1230 V_sp_genid++; 1231 SPTREE_WUNLOCK(); 1232 if (SPDCACHE_ENABLED()) 1233 spdcache_clear(); 1234 key_freesp(&sp); 1235 } 1236 1237 /* 1238 * insert a secpolicy into the SP database. Lower priorities first 1239 */ 1240 static void 1241 key_insertsp(struct secpolicy *newsp) 1242 { 1243 struct secpolicy *sp; 1244 1245 SPTREE_WLOCK_ASSERT(); 1246 TAILQ_FOREACH(sp, &V_sptree[newsp->spidx.dir], chain) { 1247 if (newsp->priority < sp->priority) { 1248 TAILQ_INSERT_BEFORE(sp, newsp, chain); 1249 goto done; 1250 } 1251 } 1252 TAILQ_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, chain); 1253 done: 1254 LIST_INSERT_HEAD(SPHASH_HASH(newsp->id), newsp, idhash); 1255 newsp->state = IPSEC_SPSTATE_ALIVE; 1256 V_spd_size++; 1257 V_sp_genid++; 1258 } 1259 1260 /* 1261 * Insert a bunch of VTI secpolicies into the SPDB. 1262 * We keep VTI policies in the separate list due to following reasons: 1263 * 1) they should be immutable to user's or some deamon's attempts to 1264 * delete. The only way delete such policies - destroy or unconfigure 1265 * corresponding virtual inteface. 1266 * 2) such policies have traffic selector that matches all traffic per 1267 * address family. 1268 * Since all VTI policies have the same priority, we don't care about 1269 * policies order. 1270 */ 1271 int 1272 key_register_ifnet(struct secpolicy **spp, u_int count) 1273 { 1274 struct mbuf *m; 1275 u_int i; 1276 1277 SPTREE_WLOCK(); 1278 /* 1279 * First of try to acquire id for each SP. 1280 */ 1281 for (i = 0; i < count; i++) { 1282 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1283 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1284 ("invalid direction %u", spp[i]->spidx.dir)); 1285 1286 if ((spp[i]->id = key_getnewspid()) == 0) { 1287 SPTREE_WUNLOCK(); 1288 return (EAGAIN); 1289 } 1290 } 1291 for (i = 0; i < count; i++) { 1292 TAILQ_INSERT_TAIL(&V_sptree_ifnet[spp[i]->spidx.dir], 1293 spp[i], chain); 1294 /* 1295 * NOTE: despite the fact that we keep VTI SP in the 1296 * separate list, SPHASH contains policies from both 1297 * sources. Thus SADB_X_SPDGET will correctly return 1298 * SP by id, because it uses SPHASH for lookups. 1299 */ 1300 LIST_INSERT_HEAD(SPHASH_HASH(spp[i]->id), spp[i], idhash); 1301 spp[i]->state = IPSEC_SPSTATE_IFNET; 1302 } 1303 SPTREE_WUNLOCK(); 1304 /* 1305 * Notify user processes about new SP. 1306 */ 1307 for (i = 0; i < count; i++) { 1308 m = key_setdumpsp(spp[i], SADB_X_SPDADD, 0, 0); 1309 if (m != NULL) 1310 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1311 } 1312 return (0); 1313 } 1314 1315 void 1316 key_unregister_ifnet(struct secpolicy **spp, u_int count) 1317 { 1318 struct mbuf *m; 1319 u_int i; 1320 1321 SPTREE_WLOCK(); 1322 for (i = 0; i < count; i++) { 1323 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1324 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1325 ("invalid direction %u", spp[i]->spidx.dir)); 1326 1327 if (spp[i]->state != IPSEC_SPSTATE_IFNET) 1328 continue; 1329 spp[i]->state = IPSEC_SPSTATE_DEAD; 1330 TAILQ_REMOVE(&V_sptree_ifnet[spp[i]->spidx.dir], 1331 spp[i], chain); 1332 V_spd_size--; 1333 LIST_REMOVE(spp[i], idhash); 1334 } 1335 SPTREE_WUNLOCK(); 1336 if (SPDCACHE_ENABLED()) 1337 spdcache_clear(); 1338 1339 for (i = 0; i < count; i++) { 1340 m = key_setdumpsp(spp[i], SADB_X_SPDDELETE, 0, 0); 1341 if (m != NULL) 1342 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1343 } 1344 } 1345 1346 /* 1347 * Must be called after calling key_allocsa(). 1348 * This function is called by key_freesp() to free some SA allocated 1349 * for a policy. 1350 */ 1351 void 1352 key_freesav(struct secasvar **psav) 1353 { 1354 struct secasvar *sav = *psav; 1355 1356 IPSEC_ASSERT(sav != NULL, ("null sav")); 1357 if (SAV_DELREF(sav) == 0) 1358 return; 1359 1360 KEYDBG(IPSEC_STAMP, 1361 printf("%s: last reference to SA(%p)\n", __func__, sav)); 1362 1363 *psav = NULL; 1364 key_delsav(sav); 1365 } 1366 1367 /* 1368 * Unlink SA from SAH and SPI hash under SAHTREE_WLOCK. 1369 * Expect that SA has extra reference due to lookup. 1370 * Release this references, also release SAH reference after unlink. 1371 */ 1372 static void 1373 key_unlinksav(struct secasvar *sav) 1374 { 1375 struct secashead *sah; 1376 1377 KEYDBG(KEY_STAMP, 1378 printf("%s: SA(%p)\n", __func__, sav)); 1379 1380 SAHTREE_UNLOCK_ASSERT(); 1381 SAHTREE_WLOCK(); 1382 if (sav->state == SADB_SASTATE_DEAD) { 1383 /* SA is already unlinked */ 1384 SAHTREE_WUNLOCK(); 1385 return; 1386 } 1387 /* Unlink from SAH */ 1388 if (sav->state == SADB_SASTATE_LARVAL) 1389 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 1390 else 1391 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 1392 /* Unlink from SPI hash */ 1393 LIST_REMOVE(sav, spihash); 1394 sav->state = SADB_SASTATE_DEAD; 1395 sah = sav->sah; 1396 SAHTREE_WUNLOCK(); 1397 key_freesav(&sav); 1398 /* Since we are unlinked, release reference to SAH */ 1399 key_freesah(&sah); 1400 } 1401 1402 /* %%% SPD management */ 1403 /* 1404 * search SPD 1405 * OUT: NULL : not found 1406 * others : found, pointer to a SP. 1407 */ 1408 static struct secpolicy * 1409 key_getsp(struct secpolicyindex *spidx) 1410 { 1411 SPTREE_RLOCK_TRACKER; 1412 struct secpolicy *sp; 1413 1414 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 1415 1416 SPTREE_RLOCK(); 1417 TAILQ_FOREACH(sp, &V_sptree[spidx->dir], chain) { 1418 if (key_cmpspidx_exactly(spidx, &sp->spidx)) { 1419 SP_ADDREF(sp); 1420 break; 1421 } 1422 } 1423 SPTREE_RUNLOCK(); 1424 1425 return sp; 1426 } 1427 1428 /* 1429 * get SP by index. 1430 * OUT: NULL : not found 1431 * others : found, pointer to referenced SP. 1432 */ 1433 static struct secpolicy * 1434 key_getspbyid(uint32_t id) 1435 { 1436 SPTREE_RLOCK_TRACKER; 1437 struct secpolicy *sp; 1438 1439 SPTREE_RLOCK(); 1440 LIST_FOREACH(sp, SPHASH_HASH(id), idhash) { 1441 if (sp->id == id) { 1442 SP_ADDREF(sp); 1443 break; 1444 } 1445 } 1446 SPTREE_RUNLOCK(); 1447 return (sp); 1448 } 1449 1450 struct secpolicy * 1451 key_newsp(void) 1452 { 1453 struct secpolicy *sp; 1454 1455 sp = malloc(sizeof(*sp), M_IPSEC_SP, M_NOWAIT | M_ZERO); 1456 if (sp != NULL) 1457 SP_INITREF(sp); 1458 return (sp); 1459 } 1460 1461 struct ipsecrequest * 1462 ipsec_newisr(void) 1463 { 1464 1465 return (malloc(sizeof(struct ipsecrequest), M_IPSEC_SR, 1466 M_NOWAIT | M_ZERO)); 1467 } 1468 1469 void 1470 ipsec_delisr(struct ipsecrequest *p) 1471 { 1472 1473 free(p, M_IPSEC_SR); 1474 } 1475 1476 /* 1477 * create secpolicy structure from sadb_x_policy structure. 1478 * NOTE: `state', `secpolicyindex' and 'id' in secpolicy structure 1479 * are not set, so must be set properly later. 1480 */ 1481 struct secpolicy * 1482 key_msg2sp(struct sadb_x_policy *xpl0, size_t len, int *error) 1483 { 1484 struct secpolicy *newsp; 1485 1486 IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); 1487 IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len)); 1488 1489 if (len != PFKEY_EXTLEN(xpl0)) { 1490 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__)); 1491 *error = EINVAL; 1492 return NULL; 1493 } 1494 1495 if ((newsp = key_newsp()) == NULL) { 1496 *error = ENOBUFS; 1497 return NULL; 1498 } 1499 1500 newsp->spidx.dir = xpl0->sadb_x_policy_dir; 1501 newsp->policy = xpl0->sadb_x_policy_type; 1502 newsp->priority = xpl0->sadb_x_policy_priority; 1503 newsp->tcount = 0; 1504 1505 /* check policy */ 1506 switch (xpl0->sadb_x_policy_type) { 1507 case IPSEC_POLICY_DISCARD: 1508 case IPSEC_POLICY_NONE: 1509 case IPSEC_POLICY_ENTRUST: 1510 case IPSEC_POLICY_BYPASS: 1511 break; 1512 1513 case IPSEC_POLICY_IPSEC: 1514 { 1515 struct sadb_x_ipsecrequest *xisr; 1516 struct ipsecrequest *isr; 1517 int tlen; 1518 1519 /* validity check */ 1520 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { 1521 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", 1522 __func__)); 1523 key_freesp(&newsp); 1524 *error = EINVAL; 1525 return NULL; 1526 } 1527 1528 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); 1529 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1); 1530 1531 while (tlen > 0) { 1532 /* length check */ 1533 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr) || 1534 xisr->sadb_x_ipsecrequest_len > tlen) { 1535 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest " 1536 "length.\n", __func__)); 1537 key_freesp(&newsp); 1538 *error = EINVAL; 1539 return NULL; 1540 } 1541 1542 if (newsp->tcount >= IPSEC_MAXREQ) { 1543 ipseclog((LOG_DEBUG, 1544 "%s: too many ipsecrequests.\n", 1545 __func__)); 1546 key_freesp(&newsp); 1547 *error = EINVAL; 1548 return (NULL); 1549 } 1550 1551 /* allocate request buffer */ 1552 /* NB: data structure is zero'd */ 1553 isr = ipsec_newisr(); 1554 if (isr == NULL) { 1555 ipseclog((LOG_DEBUG, 1556 "%s: No more memory.\n", __func__)); 1557 key_freesp(&newsp); 1558 *error = ENOBUFS; 1559 return NULL; 1560 } 1561 1562 newsp->req[newsp->tcount++] = isr; 1563 1564 /* set values */ 1565 switch (xisr->sadb_x_ipsecrequest_proto) { 1566 case IPPROTO_ESP: 1567 case IPPROTO_AH: 1568 case IPPROTO_IPCOMP: 1569 break; 1570 default: 1571 ipseclog((LOG_DEBUG, 1572 "%s: invalid proto type=%u\n", __func__, 1573 xisr->sadb_x_ipsecrequest_proto)); 1574 key_freesp(&newsp); 1575 *error = EPROTONOSUPPORT; 1576 return NULL; 1577 } 1578 isr->saidx.proto = 1579 (uint8_t)xisr->sadb_x_ipsecrequest_proto; 1580 1581 switch (xisr->sadb_x_ipsecrequest_mode) { 1582 case IPSEC_MODE_TRANSPORT: 1583 case IPSEC_MODE_TUNNEL: 1584 break; 1585 case IPSEC_MODE_ANY: 1586 default: 1587 ipseclog((LOG_DEBUG, 1588 "%s: invalid mode=%u\n", __func__, 1589 xisr->sadb_x_ipsecrequest_mode)); 1590 key_freesp(&newsp); 1591 *error = EINVAL; 1592 return NULL; 1593 } 1594 isr->saidx.mode = xisr->sadb_x_ipsecrequest_mode; 1595 1596 switch (xisr->sadb_x_ipsecrequest_level) { 1597 case IPSEC_LEVEL_DEFAULT: 1598 case IPSEC_LEVEL_USE: 1599 case IPSEC_LEVEL_REQUIRE: 1600 break; 1601 case IPSEC_LEVEL_UNIQUE: 1602 /* validity check */ 1603 /* 1604 * If range violation of reqid, kernel will 1605 * update it, don't refuse it. 1606 */ 1607 if (xisr->sadb_x_ipsecrequest_reqid 1608 > IPSEC_MANUAL_REQID_MAX) { 1609 ipseclog((LOG_DEBUG, 1610 "%s: reqid=%d range " 1611 "violation, updated by kernel.\n", 1612 __func__, 1613 xisr->sadb_x_ipsecrequest_reqid)); 1614 xisr->sadb_x_ipsecrequest_reqid = 0; 1615 } 1616 1617 /* allocate new reqid id if reqid is zero. */ 1618 if (xisr->sadb_x_ipsecrequest_reqid == 0) { 1619 u_int32_t reqid; 1620 if ((reqid = key_newreqid()) == 0) { 1621 key_freesp(&newsp); 1622 *error = ENOBUFS; 1623 return NULL; 1624 } 1625 isr->saidx.reqid = reqid; 1626 xisr->sadb_x_ipsecrequest_reqid = reqid; 1627 } else { 1628 /* set it for manual keying. */ 1629 isr->saidx.reqid = 1630 xisr->sadb_x_ipsecrequest_reqid; 1631 } 1632 break; 1633 1634 default: 1635 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n", 1636 __func__, 1637 xisr->sadb_x_ipsecrequest_level)); 1638 key_freesp(&newsp); 1639 *error = EINVAL; 1640 return NULL; 1641 } 1642 isr->level = xisr->sadb_x_ipsecrequest_level; 1643 1644 /* set IP addresses if there */ 1645 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 1646 struct sockaddr *paddr; 1647 1648 len = tlen - sizeof(*xisr); 1649 paddr = (struct sockaddr *)(xisr + 1); 1650 /* validity check */ 1651 if (len < sizeof(struct sockaddr) || 1652 len < 2 * paddr->sa_len || 1653 paddr->sa_len > sizeof(isr->saidx.src)) { 1654 ipseclog((LOG_DEBUG, "%s: invalid " 1655 "request address length.\n", 1656 __func__)); 1657 key_freesp(&newsp); 1658 *error = EINVAL; 1659 return NULL; 1660 } 1661 /* 1662 * Request length should be enough to keep 1663 * source and destination addresses. 1664 */ 1665 if (xisr->sadb_x_ipsecrequest_len < 1666 sizeof(*xisr) + 2 * paddr->sa_len) { 1667 ipseclog((LOG_DEBUG, "%s: invalid " 1668 "ipsecrequest length.\n", 1669 __func__)); 1670 key_freesp(&newsp); 1671 *error = EINVAL; 1672 return (NULL); 1673 } 1674 bcopy(paddr, &isr->saidx.src, paddr->sa_len); 1675 paddr = (struct sockaddr *)((caddr_t)paddr + 1676 paddr->sa_len); 1677 1678 /* validity check */ 1679 if (paddr->sa_len != 1680 isr->saidx.src.sa.sa_len) { 1681 ipseclog((LOG_DEBUG, "%s: invalid " 1682 "request address length.\n", 1683 __func__)); 1684 key_freesp(&newsp); 1685 *error = EINVAL; 1686 return NULL; 1687 } 1688 /* AF family should match */ 1689 if (paddr->sa_family != 1690 isr->saidx.src.sa.sa_family) { 1691 ipseclog((LOG_DEBUG, "%s: address " 1692 "family doesn't match.\n", 1693 __func__)); 1694 key_freesp(&newsp); 1695 *error = EINVAL; 1696 return (NULL); 1697 } 1698 bcopy(paddr, &isr->saidx.dst, paddr->sa_len); 1699 } else { 1700 /* 1701 * Addresses for TUNNEL mode requests are 1702 * mandatory. 1703 */ 1704 if (isr->saidx.mode == IPSEC_MODE_TUNNEL) { 1705 ipseclog((LOG_DEBUG, "%s: missing " 1706 "request addresses.\n", __func__)); 1707 key_freesp(&newsp); 1708 *error = EINVAL; 1709 return (NULL); 1710 } 1711 } 1712 tlen -= xisr->sadb_x_ipsecrequest_len; 1713 1714 /* validity check */ 1715 if (tlen < 0) { 1716 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n", 1717 __func__)); 1718 key_freesp(&newsp); 1719 *error = EINVAL; 1720 return NULL; 1721 } 1722 1723 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 1724 + xisr->sadb_x_ipsecrequest_len); 1725 } 1726 /* XXXAE: LARVAL SP */ 1727 if (newsp->tcount < 1) { 1728 ipseclog((LOG_DEBUG, "%s: valid IPSEC transforms " 1729 "not found.\n", __func__)); 1730 key_freesp(&newsp); 1731 *error = EINVAL; 1732 return (NULL); 1733 } 1734 } 1735 break; 1736 default: 1737 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 1738 key_freesp(&newsp); 1739 *error = EINVAL; 1740 return NULL; 1741 } 1742 1743 *error = 0; 1744 return (newsp); 1745 } 1746 1747 uint32_t 1748 key_newreqid(void) 1749 { 1750 static uint32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1751 1752 if (auto_reqid == ~0) 1753 auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1754 else 1755 auto_reqid++; 1756 1757 /* XXX should be unique check */ 1758 return (auto_reqid); 1759 } 1760 1761 /* 1762 * copy secpolicy struct to sadb_x_policy structure indicated. 1763 */ 1764 static struct mbuf * 1765 key_sp2mbuf(struct secpolicy *sp) 1766 { 1767 struct mbuf *m; 1768 size_t tlen; 1769 1770 tlen = key_getspreqmsglen(sp); 1771 m = m_get2(tlen, M_NOWAIT, MT_DATA, 0); 1772 if (m == NULL) 1773 return (NULL); 1774 m_align(m, tlen); 1775 m->m_len = tlen; 1776 if (key_sp2msg(sp, m->m_data, &tlen) != 0) { 1777 m_freem(m); 1778 return (NULL); 1779 } 1780 return (m); 1781 } 1782 1783 int 1784 key_sp2msg(struct secpolicy *sp, void *request, size_t *len) 1785 { 1786 struct sadb_x_ipsecrequest *xisr; 1787 struct sadb_x_policy *xpl; 1788 struct ipsecrequest *isr; 1789 size_t xlen, ilen; 1790 caddr_t p; 1791 int error, i; 1792 1793 IPSEC_ASSERT(sp != NULL, ("null policy")); 1794 1795 xlen = sizeof(*xpl); 1796 if (*len < xlen) 1797 return (EINVAL); 1798 1799 error = 0; 1800 bzero(request, *len); 1801 xpl = (struct sadb_x_policy *)request; 1802 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1803 xpl->sadb_x_policy_type = sp->policy; 1804 xpl->sadb_x_policy_dir = sp->spidx.dir; 1805 xpl->sadb_x_policy_id = sp->id; 1806 xpl->sadb_x_policy_priority = sp->priority; 1807 switch (sp->state) { 1808 case IPSEC_SPSTATE_IFNET: 1809 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_IFNET; 1810 break; 1811 case IPSEC_SPSTATE_PCB: 1812 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_PCB; 1813 break; 1814 default: 1815 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_GLOBAL; 1816 } 1817 1818 /* if is the policy for ipsec ? */ 1819 if (sp->policy == IPSEC_POLICY_IPSEC) { 1820 p = (caddr_t)xpl + sizeof(*xpl); 1821 for (i = 0; i < sp->tcount; i++) { 1822 isr = sp->req[i]; 1823 ilen = PFKEY_ALIGN8(sizeof(*xisr) + 1824 isr->saidx.src.sa.sa_len + 1825 isr->saidx.dst.sa.sa_len); 1826 xlen += ilen; 1827 if (xlen > *len) { 1828 error = ENOBUFS; 1829 /* Calculate needed size */ 1830 continue; 1831 } 1832 xisr = (struct sadb_x_ipsecrequest *)p; 1833 xisr->sadb_x_ipsecrequest_len = ilen; 1834 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 1835 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 1836 xisr->sadb_x_ipsecrequest_level = isr->level; 1837 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; 1838 1839 p += sizeof(*xisr); 1840 bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len); 1841 p += isr->saidx.src.sa.sa_len; 1842 bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len); 1843 p += isr->saidx.dst.sa.sa_len; 1844 } 1845 } 1846 xpl->sadb_x_policy_len = PFKEY_UNIT64(xlen); 1847 if (error == 0) 1848 *len = xlen; 1849 else 1850 *len = sizeof(*xpl); 1851 return (error); 1852 } 1853 1854 /* m will not be freed nor modified */ 1855 static struct mbuf * 1856 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, 1857 int ndeep, int nitem, ...) 1858 { 1859 va_list ap; 1860 int idx; 1861 int i; 1862 struct mbuf *result = NULL, *n; 1863 int len; 1864 1865 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1866 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1867 1868 va_start(ap, nitem); 1869 for (i = 0; i < nitem; i++) { 1870 idx = va_arg(ap, int); 1871 if (idx < 0 || idx > SADB_EXT_MAX) 1872 goto fail; 1873 /* don't attempt to pull empty extension */ 1874 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) 1875 continue; 1876 if (idx != SADB_EXT_RESERVED && 1877 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) 1878 continue; 1879 1880 if (idx == SADB_EXT_RESERVED) { 1881 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 1882 1883 IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len)); 1884 1885 MGETHDR(n, M_NOWAIT, MT_DATA); 1886 if (!n) 1887 goto fail; 1888 n->m_len = len; 1889 n->m_next = NULL; 1890 m_copydata(m, 0, sizeof(struct sadb_msg), 1891 mtod(n, caddr_t)); 1892 } else if (i < ndeep) { 1893 len = mhp->extlen[idx]; 1894 n = m_get2(len, M_NOWAIT, MT_DATA, 0); 1895 if (n == NULL) 1896 goto fail; 1897 m_align(n, len); 1898 n->m_len = len; 1899 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], 1900 mtod(n, caddr_t)); 1901 } else { 1902 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], 1903 M_NOWAIT); 1904 } 1905 if (n == NULL) 1906 goto fail; 1907 1908 if (result) 1909 m_cat(result, n); 1910 else 1911 result = n; 1912 } 1913 va_end(ap); 1914 1915 if ((result->m_flags & M_PKTHDR) != 0) { 1916 result->m_pkthdr.len = 0; 1917 for (n = result; n; n = n->m_next) 1918 result->m_pkthdr.len += n->m_len; 1919 } 1920 1921 return result; 1922 1923 fail: 1924 m_freem(result); 1925 va_end(ap); 1926 return NULL; 1927 } 1928 1929 /* 1930 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing 1931 * add an entry to SP database, when received 1932 * <base, address(SD), (lifetime(H),) policy> 1933 * from the user(?). 1934 * Adding to SP database, 1935 * and send 1936 * <base, address(SD), (lifetime(H),) policy> 1937 * to the socket which was send. 1938 * 1939 * SPDADD set a unique policy entry. 1940 * SPDSETIDX like SPDADD without a part of policy requests. 1941 * SPDUPDATE replace a unique policy entry. 1942 * 1943 * XXXAE: serialize this in PF_KEY to avoid races. 1944 * m will always be freed. 1945 */ 1946 static int 1947 key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 1948 { 1949 struct secpolicyindex spidx; 1950 struct sadb_address *src0, *dst0; 1951 struct sadb_x_policy *xpl0, *xpl; 1952 struct sadb_lifetime *lft = NULL; 1953 struct secpolicy *newsp; 1954 int error; 1955 1956 IPSEC_ASSERT(so != NULL, ("null socket")); 1957 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1958 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1959 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 1960 1961 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 1962 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 1963 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 1964 ipseclog((LOG_DEBUG, 1965 "%s: invalid message: missing required header.\n", 1966 __func__)); 1967 return key_senderror(so, m, EINVAL); 1968 } 1969 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 1970 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 1971 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 1972 ipseclog((LOG_DEBUG, 1973 "%s: invalid message: wrong header size.\n", __func__)); 1974 return key_senderror(so, m, EINVAL); 1975 } 1976 if (!SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD)) { 1977 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD)) { 1978 ipseclog((LOG_DEBUG, 1979 "%s: invalid message: wrong header size.\n", 1980 __func__)); 1981 return key_senderror(so, m, EINVAL); 1982 } 1983 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 1984 } 1985 1986 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 1987 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 1988 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 1989 1990 /* check the direciton */ 1991 switch (xpl0->sadb_x_policy_dir) { 1992 case IPSEC_DIR_INBOUND: 1993 case IPSEC_DIR_OUTBOUND: 1994 break; 1995 default: 1996 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 1997 return key_senderror(so, m, EINVAL); 1998 } 1999 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */ 2000 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2001 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2002 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2003 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2004 return key_senderror(so, m, EINVAL); 2005 } 2006 2007 /* policy requests are mandatory when action is ipsec. */ 2008 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 2009 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { 2010 ipseclog((LOG_DEBUG, 2011 "%s: policy requests required.\n", __func__)); 2012 return key_senderror(so, m, EINVAL); 2013 } 2014 2015 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 2016 (struct sockaddr *)(dst0 + 1)); 2017 if (error != 0 || 2018 src0->sadb_address_proto != dst0->sadb_address_proto) { 2019 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2020 return key_senderror(so, m, error); 2021 } 2022 /* make secindex */ 2023 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2024 src0 + 1, 2025 dst0 + 1, 2026 src0->sadb_address_prefixlen, 2027 dst0->sadb_address_prefixlen, 2028 src0->sadb_address_proto, 2029 &spidx); 2030 /* Checking there is SP already or not. */ 2031 newsp = key_getsp(&spidx); 2032 if (newsp != NULL) { 2033 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 2034 KEYDBG(KEY_STAMP, 2035 printf("%s: unlink SP(%p) for SPDUPDATE\n", 2036 __func__, newsp)); 2037 KEYDBG(KEY_DATA, kdebug_secpolicy(newsp)); 2038 key_unlink(newsp); 2039 key_freesp(&newsp); 2040 } else { 2041 key_freesp(&newsp); 2042 ipseclog((LOG_DEBUG, "%s: a SP entry exists already.", 2043 __func__)); 2044 return (key_senderror(so, m, EEXIST)); 2045 } 2046 } 2047 2048 /* allocate new SP entry */ 2049 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) { 2050 return key_senderror(so, m, error); 2051 } 2052 2053 newsp->lastused = newsp->created = time_second; 2054 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; 2055 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; 2056 bcopy(&spidx, &newsp->spidx, sizeof(spidx)); 2057 2058 /* XXXAE: there is race between key_getsp() and key_insertsp() */ 2059 SPTREE_WLOCK(); 2060 if ((newsp->id = key_getnewspid()) == 0) { 2061 SPTREE_WUNLOCK(); 2062 key_freesp(&newsp); 2063 return key_senderror(so, m, ENOBUFS); 2064 } 2065 key_insertsp(newsp); 2066 SPTREE_WUNLOCK(); 2067 if (SPDCACHE_ENABLED()) 2068 spdcache_clear(); 2069 2070 KEYDBG(KEY_STAMP, 2071 printf("%s: SP(%p)\n", __func__, newsp)); 2072 KEYDBG(KEY_DATA, kdebug_secpolicy(newsp)); 2073 2074 { 2075 struct mbuf *n, *mpolicy; 2076 struct sadb_msg *newmsg; 2077 int off; 2078 2079 /* create new sadb_msg to reply. */ 2080 if (lft) { 2081 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, 2082 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, 2083 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2084 } else { 2085 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, 2086 SADB_X_EXT_POLICY, 2087 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2088 } 2089 if (!n) 2090 return key_senderror(so, m, ENOBUFS); 2091 2092 if (n->m_len < sizeof(*newmsg)) { 2093 n = m_pullup(n, sizeof(*newmsg)); 2094 if (!n) 2095 return key_senderror(so, m, ENOBUFS); 2096 } 2097 newmsg = mtod(n, struct sadb_msg *); 2098 newmsg->sadb_msg_errno = 0; 2099 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2100 2101 off = 0; 2102 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), 2103 sizeof(*xpl), &off); 2104 if (mpolicy == NULL) { 2105 /* n is already freed */ 2106 return key_senderror(so, m, ENOBUFS); 2107 } 2108 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off); 2109 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { 2110 m_freem(n); 2111 return key_senderror(so, m, EINVAL); 2112 } 2113 xpl->sadb_x_policy_id = newsp->id; 2114 2115 m_freem(m); 2116 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2117 } 2118 } 2119 2120 /* 2121 * get new policy id. 2122 * OUT: 2123 * 0: failure. 2124 * others: success. 2125 */ 2126 static uint32_t 2127 key_getnewspid(void) 2128 { 2129 struct secpolicy *sp; 2130 uint32_t newid = 0; 2131 int count = V_key_spi_trycnt; /* XXX */ 2132 2133 SPTREE_WLOCK_ASSERT(); 2134 while (count--) { 2135 if (V_policy_id == ~0) /* overflowed */ 2136 newid = V_policy_id = 1; 2137 else 2138 newid = ++V_policy_id; 2139 LIST_FOREACH(sp, SPHASH_HASH(newid), idhash) { 2140 if (sp->id == newid) 2141 break; 2142 } 2143 if (sp == NULL) 2144 break; 2145 } 2146 if (count == 0 || newid == 0) { 2147 ipseclog((LOG_DEBUG, "%s: failed to allocate policy id.\n", 2148 __func__)); 2149 return (0); 2150 } 2151 return (newid); 2152 } 2153 2154 /* 2155 * SADB_SPDDELETE processing 2156 * receive 2157 * <base, address(SD), policy(*)> 2158 * from the user(?), and set SADB_SASTATE_DEAD, 2159 * and send, 2160 * <base, address(SD), policy(*)> 2161 * to the ikmpd. 2162 * policy(*) including direction of policy. 2163 * 2164 * m will always be freed. 2165 */ 2166 static int 2167 key_spddelete(struct socket *so, struct mbuf *m, 2168 const struct sadb_msghdr *mhp) 2169 { 2170 struct secpolicyindex spidx; 2171 struct sadb_address *src0, *dst0; 2172 struct sadb_x_policy *xpl0; 2173 struct secpolicy *sp; 2174 2175 IPSEC_ASSERT(so != NULL, ("null so")); 2176 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2177 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2178 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2179 2180 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 2181 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 2182 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 2183 ipseclog((LOG_DEBUG, 2184 "%s: invalid message: missing required header.\n", 2185 __func__)); 2186 return key_senderror(so, m, EINVAL); 2187 } 2188 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 2189 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 2190 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2191 ipseclog((LOG_DEBUG, 2192 "%s: invalid message: wrong header size.\n", __func__)); 2193 return key_senderror(so, m, EINVAL); 2194 } 2195 2196 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 2197 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2198 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2199 2200 /* check the direciton */ 2201 switch (xpl0->sadb_x_policy_dir) { 2202 case IPSEC_DIR_INBOUND: 2203 case IPSEC_DIR_OUTBOUND: 2204 break; 2205 default: 2206 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2207 return key_senderror(so, m, EINVAL); 2208 } 2209 /* Only DISCARD, NONE and IPSEC are allowed */ 2210 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2211 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2212 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2213 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2214 return key_senderror(so, m, EINVAL); 2215 } 2216 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 2217 (struct sockaddr *)(dst0 + 1)) != 0 || 2218 src0->sadb_address_proto != dst0->sadb_address_proto) { 2219 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2220 return key_senderror(so, m, EINVAL); 2221 } 2222 /* make secindex */ 2223 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2224 src0 + 1, 2225 dst0 + 1, 2226 src0->sadb_address_prefixlen, 2227 dst0->sadb_address_prefixlen, 2228 src0->sadb_address_proto, 2229 &spidx); 2230 2231 /* Is there SP in SPD ? */ 2232 if ((sp = key_getsp(&spidx)) == NULL) { 2233 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__)); 2234 return key_senderror(so, m, EINVAL); 2235 } 2236 2237 /* save policy id to buffer to be returned. */ 2238 xpl0->sadb_x_policy_id = sp->id; 2239 2240 KEYDBG(KEY_STAMP, 2241 printf("%s: SP(%p)\n", __func__, sp)); 2242 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2243 key_unlink(sp); 2244 key_freesp(&sp); 2245 2246 { 2247 struct mbuf *n; 2248 struct sadb_msg *newmsg; 2249 2250 /* create new sadb_msg to reply. */ 2251 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 2252 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2253 if (!n) 2254 return key_senderror(so, m, ENOBUFS); 2255 2256 newmsg = mtod(n, struct sadb_msg *); 2257 newmsg->sadb_msg_errno = 0; 2258 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2259 2260 m_freem(m); 2261 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2262 } 2263 } 2264 2265 /* 2266 * SADB_SPDDELETE2 processing 2267 * receive 2268 * <base, policy(*)> 2269 * from the user(?), and set SADB_SASTATE_DEAD, 2270 * and send, 2271 * <base, policy(*)> 2272 * to the ikmpd. 2273 * policy(*) including direction of policy. 2274 * 2275 * m will always be freed. 2276 */ 2277 static int 2278 key_spddelete2(struct socket *so, struct mbuf *m, 2279 const struct sadb_msghdr *mhp) 2280 { 2281 struct secpolicy *sp; 2282 uint32_t id; 2283 2284 IPSEC_ASSERT(so != NULL, ("null socket")); 2285 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2286 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2287 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2288 2289 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2290 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2291 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2292 __func__)); 2293 return key_senderror(so, m, EINVAL); 2294 } 2295 2296 id = ((struct sadb_x_policy *) 2297 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2298 2299 /* Is there SP in SPD ? */ 2300 if ((sp = key_getspbyid(id)) == NULL) { 2301 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2302 __func__, id)); 2303 return key_senderror(so, m, EINVAL); 2304 } 2305 2306 KEYDBG(KEY_STAMP, 2307 printf("%s: SP(%p)\n", __func__, sp)); 2308 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2309 key_unlink(sp); 2310 if (sp->state != IPSEC_SPSTATE_DEAD) { 2311 ipseclog((LOG_DEBUG, "%s: failed to delete SP with id %u.\n", 2312 __func__, id)); 2313 key_freesp(&sp); 2314 return (key_senderror(so, m, EACCES)); 2315 } 2316 key_freesp(&sp); 2317 2318 { 2319 struct mbuf *n, *nn; 2320 struct sadb_msg *newmsg; 2321 int off, len; 2322 2323 /* create new sadb_msg to reply. */ 2324 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2325 2326 MGETHDR(n, M_NOWAIT, MT_DATA); 2327 if (n && len > MHLEN) { 2328 if (!(MCLGET(n, M_NOWAIT))) { 2329 m_freem(n); 2330 n = NULL; 2331 } 2332 } 2333 if (!n) 2334 return key_senderror(so, m, ENOBUFS); 2335 2336 n->m_len = len; 2337 n->m_next = NULL; 2338 off = 0; 2339 2340 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 2341 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2342 2343 IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)", 2344 off, len)); 2345 2346 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], 2347 mhp->extlen[SADB_X_EXT_POLICY], M_NOWAIT); 2348 if (!n->m_next) { 2349 m_freem(n); 2350 return key_senderror(so, m, ENOBUFS); 2351 } 2352 2353 n->m_pkthdr.len = 0; 2354 for (nn = n; nn; nn = nn->m_next) 2355 n->m_pkthdr.len += nn->m_len; 2356 2357 newmsg = mtod(n, struct sadb_msg *); 2358 newmsg->sadb_msg_errno = 0; 2359 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2360 2361 m_freem(m); 2362 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2363 } 2364 } 2365 2366 /* 2367 * SADB_X_SPDGET processing 2368 * receive 2369 * <base, policy(*)> 2370 * from the user(?), 2371 * and send, 2372 * <base, address(SD), policy> 2373 * to the ikmpd. 2374 * policy(*) including direction of policy. 2375 * 2376 * m will always be freed. 2377 */ 2378 static int 2379 key_spdget(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2380 { 2381 struct secpolicy *sp; 2382 struct mbuf *n; 2383 uint32_t id; 2384 2385 IPSEC_ASSERT(so != NULL, ("null socket")); 2386 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2387 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2388 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2389 2390 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2391 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2392 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2393 __func__)); 2394 return key_senderror(so, m, EINVAL); 2395 } 2396 2397 id = ((struct sadb_x_policy *) 2398 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2399 2400 /* Is there SP in SPD ? */ 2401 if ((sp = key_getspbyid(id)) == NULL) { 2402 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2403 __func__, id)); 2404 return key_senderror(so, m, ENOENT); 2405 } 2406 2407 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq, 2408 mhp->msg->sadb_msg_pid); 2409 key_freesp(&sp); 2410 if (n != NULL) { 2411 m_freem(m); 2412 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2413 } else 2414 return key_senderror(so, m, ENOBUFS); 2415 } 2416 2417 /* 2418 * SADB_X_SPDACQUIRE processing. 2419 * Acquire policy and SA(s) for a *OUTBOUND* packet. 2420 * send 2421 * <base, policy(*)> 2422 * to KMD, and expect to receive 2423 * <base> with SADB_X_SPDACQUIRE if error occurred, 2424 * or 2425 * <base, policy> 2426 * with SADB_X_SPDUPDATE from KMD by PF_KEY. 2427 * policy(*) is without policy requests. 2428 * 2429 * 0 : succeed 2430 * others: error number 2431 */ 2432 int 2433 key_spdacquire(struct secpolicy *sp) 2434 { 2435 struct mbuf *result = NULL, *m; 2436 struct secspacq *newspacq; 2437 2438 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2439 IPSEC_ASSERT(sp->req == NULL, ("policy exists")); 2440 IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, 2441 ("policy not IPSEC %u", sp->policy)); 2442 2443 /* Get an entry to check whether sent message or not. */ 2444 newspacq = key_getspacq(&sp->spidx); 2445 if (newspacq != NULL) { 2446 if (V_key_blockacq_count < newspacq->count) { 2447 /* reset counter and do send message. */ 2448 newspacq->count = 0; 2449 } else { 2450 /* increment counter and do nothing. */ 2451 newspacq->count++; 2452 SPACQ_UNLOCK(); 2453 return (0); 2454 } 2455 SPACQ_UNLOCK(); 2456 } else { 2457 /* make new entry for blocking to send SADB_ACQUIRE. */ 2458 newspacq = key_newspacq(&sp->spidx); 2459 if (newspacq == NULL) 2460 return ENOBUFS; 2461 } 2462 2463 /* create new sadb_msg to reply. */ 2464 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); 2465 if (!m) 2466 return ENOBUFS; 2467 2468 result = m; 2469 2470 result->m_pkthdr.len = 0; 2471 for (m = result; m; m = m->m_next) 2472 result->m_pkthdr.len += m->m_len; 2473 2474 mtod(result, struct sadb_msg *)->sadb_msg_len = 2475 PFKEY_UNIT64(result->m_pkthdr.len); 2476 2477 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED); 2478 } 2479 2480 /* 2481 * SADB_SPDFLUSH processing 2482 * receive 2483 * <base> 2484 * from the user, and free all entries in secpctree. 2485 * and send, 2486 * <base> 2487 * to the user. 2488 * NOTE: what to do is only marking SADB_SASTATE_DEAD. 2489 * 2490 * m will always be freed. 2491 */ 2492 static int 2493 key_spdflush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2494 { 2495 struct secpolicy_queue drainq; 2496 struct sadb_msg *newmsg; 2497 struct secpolicy *sp, *nextsp; 2498 u_int dir; 2499 2500 IPSEC_ASSERT(so != NULL, ("null socket")); 2501 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2502 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2503 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2504 2505 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) 2506 return key_senderror(so, m, EINVAL); 2507 2508 TAILQ_INIT(&drainq); 2509 SPTREE_WLOCK(); 2510 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2511 TAILQ_CONCAT(&drainq, &V_sptree[dir], chain); 2512 } 2513 /* 2514 * We need to set state to DEAD for each policy to be sure, 2515 * that another thread won't try to unlink it. 2516 * Also remove SP from sphash. 2517 */ 2518 TAILQ_FOREACH(sp, &drainq, chain) { 2519 sp->state = IPSEC_SPSTATE_DEAD; 2520 LIST_REMOVE(sp, idhash); 2521 } 2522 V_sp_genid++; 2523 V_spd_size = 0; 2524 SPTREE_WUNLOCK(); 2525 if (SPDCACHE_ENABLED()) 2526 spdcache_clear(); 2527 sp = TAILQ_FIRST(&drainq); 2528 while (sp != NULL) { 2529 nextsp = TAILQ_NEXT(sp, chain); 2530 key_freesp(&sp); 2531 sp = nextsp; 2532 } 2533 2534 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 2535 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 2536 return key_senderror(so, m, ENOBUFS); 2537 } 2538 2539 if (m->m_next) 2540 m_freem(m->m_next); 2541 m->m_next = NULL; 2542 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2543 newmsg = mtod(m, struct sadb_msg *); 2544 newmsg->sadb_msg_errno = 0; 2545 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 2546 2547 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 2548 } 2549 2550 static uint8_t 2551 key_satype2scopemask(uint8_t satype) 2552 { 2553 2554 if (satype == IPSEC_POLICYSCOPE_ANY) 2555 return (0xff); 2556 return (satype); 2557 } 2558 /* 2559 * SADB_SPDDUMP processing 2560 * receive 2561 * <base> 2562 * from the user, and dump all SP leaves and send, 2563 * <base> ..... 2564 * to the ikmpd. 2565 * 2566 * NOTE: 2567 * sadb_msg_satype is considered as mask of policy scopes. 2568 * m will always be freed. 2569 */ 2570 static int 2571 key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2572 { 2573 SPTREE_RLOCK_TRACKER; 2574 struct secpolicy *sp; 2575 struct mbuf *n; 2576 int cnt; 2577 u_int dir, scope; 2578 2579 IPSEC_ASSERT(so != NULL, ("null socket")); 2580 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2581 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2582 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2583 2584 /* search SPD entry and get buffer size. */ 2585 cnt = 0; 2586 scope = key_satype2scopemask(mhp->msg->sadb_msg_satype); 2587 SPTREE_RLOCK(); 2588 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2589 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2590 TAILQ_FOREACH(sp, &V_sptree[dir], chain) 2591 cnt++; 2592 } 2593 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2594 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) 2595 cnt++; 2596 } 2597 } 2598 2599 if (cnt == 0) { 2600 SPTREE_RUNLOCK(); 2601 return key_senderror(so, m, ENOENT); 2602 } 2603 2604 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2605 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2606 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 2607 --cnt; 2608 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2609 mhp->msg->sadb_msg_pid); 2610 2611 if (n != NULL) 2612 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2613 } 2614 } 2615 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2616 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) { 2617 --cnt; 2618 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2619 mhp->msg->sadb_msg_pid); 2620 2621 if (n != NULL) 2622 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2623 } 2624 } 2625 } 2626 2627 SPTREE_RUNLOCK(); 2628 m_freem(m); 2629 return (0); 2630 } 2631 2632 static struct mbuf * 2633 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, 2634 u_int32_t pid) 2635 { 2636 struct mbuf *result = NULL, *m; 2637 struct seclifetime lt; 2638 2639 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt); 2640 if (!m) 2641 goto fail; 2642 result = m; 2643 2644 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2645 &sp->spidx.src.sa, sp->spidx.prefs, 2646 sp->spidx.ul_proto); 2647 if (!m) 2648 goto fail; 2649 m_cat(result, m); 2650 2651 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2652 &sp->spidx.dst.sa, sp->spidx.prefd, 2653 sp->spidx.ul_proto); 2654 if (!m) 2655 goto fail; 2656 m_cat(result, m); 2657 2658 m = key_sp2mbuf(sp); 2659 if (!m) 2660 goto fail; 2661 m_cat(result, m); 2662 2663 if(sp->lifetime){ 2664 lt.addtime=sp->created; 2665 lt.usetime= sp->lastused; 2666 m = key_setlifetime(<, SADB_EXT_LIFETIME_CURRENT); 2667 if (!m) 2668 goto fail; 2669 m_cat(result, m); 2670 2671 lt.addtime=sp->lifetime; 2672 lt.usetime= sp->validtime; 2673 m = key_setlifetime(<, SADB_EXT_LIFETIME_HARD); 2674 if (!m) 2675 goto fail; 2676 m_cat(result, m); 2677 } 2678 2679 if ((result->m_flags & M_PKTHDR) == 0) 2680 goto fail; 2681 2682 if (result->m_len < sizeof(struct sadb_msg)) { 2683 result = m_pullup(result, sizeof(struct sadb_msg)); 2684 if (result == NULL) 2685 goto fail; 2686 } 2687 2688 result->m_pkthdr.len = 0; 2689 for (m = result; m; m = m->m_next) 2690 result->m_pkthdr.len += m->m_len; 2691 2692 mtod(result, struct sadb_msg *)->sadb_msg_len = 2693 PFKEY_UNIT64(result->m_pkthdr.len); 2694 2695 return result; 2696 2697 fail: 2698 m_freem(result); 2699 return NULL; 2700 } 2701 /* 2702 * get PFKEY message length for security policy and request. 2703 */ 2704 static size_t 2705 key_getspreqmsglen(struct secpolicy *sp) 2706 { 2707 size_t tlen, len; 2708 int i; 2709 2710 tlen = sizeof(struct sadb_x_policy); 2711 /* if is the policy for ipsec ? */ 2712 if (sp->policy != IPSEC_POLICY_IPSEC) 2713 return (tlen); 2714 2715 /* get length of ipsec requests */ 2716 for (i = 0; i < sp->tcount; i++) { 2717 len = sizeof(struct sadb_x_ipsecrequest) 2718 + sp->req[i]->saidx.src.sa.sa_len 2719 + sp->req[i]->saidx.dst.sa.sa_len; 2720 2721 tlen += PFKEY_ALIGN8(len); 2722 } 2723 return (tlen); 2724 } 2725 2726 /* 2727 * SADB_SPDEXPIRE processing 2728 * send 2729 * <base, address(SD), lifetime(CH), policy> 2730 * to KMD by PF_KEY. 2731 * 2732 * OUT: 0 : succeed 2733 * others : error number 2734 */ 2735 static int 2736 key_spdexpire(struct secpolicy *sp) 2737 { 2738 struct sadb_lifetime *lt; 2739 struct mbuf *result = NULL, *m; 2740 int len, error = -1; 2741 2742 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2743 2744 KEYDBG(KEY_STAMP, 2745 printf("%s: SP(%p)\n", __func__, sp)); 2746 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2747 2748 /* set msg header */ 2749 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); 2750 if (!m) { 2751 error = ENOBUFS; 2752 goto fail; 2753 } 2754 result = m; 2755 2756 /* create lifetime extension (current and hard) */ 2757 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 2758 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 2759 if (m == NULL) { 2760 error = ENOBUFS; 2761 goto fail; 2762 } 2763 m_align(m, len); 2764 m->m_len = len; 2765 bzero(mtod(m, caddr_t), len); 2766 lt = mtod(m, struct sadb_lifetime *); 2767 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2768 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2769 lt->sadb_lifetime_allocations = 0; 2770 lt->sadb_lifetime_bytes = 0; 2771 lt->sadb_lifetime_addtime = sp->created; 2772 lt->sadb_lifetime_usetime = sp->lastused; 2773 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 2774 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2775 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2776 lt->sadb_lifetime_allocations = 0; 2777 lt->sadb_lifetime_bytes = 0; 2778 lt->sadb_lifetime_addtime = sp->lifetime; 2779 lt->sadb_lifetime_usetime = sp->validtime; 2780 m_cat(result, m); 2781 2782 /* set sadb_address for source */ 2783 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2784 &sp->spidx.src.sa, 2785 sp->spidx.prefs, sp->spidx.ul_proto); 2786 if (!m) { 2787 error = ENOBUFS; 2788 goto fail; 2789 } 2790 m_cat(result, m); 2791 2792 /* set sadb_address for destination */ 2793 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2794 &sp->spidx.dst.sa, 2795 sp->spidx.prefd, sp->spidx.ul_proto); 2796 if (!m) { 2797 error = ENOBUFS; 2798 goto fail; 2799 } 2800 m_cat(result, m); 2801 2802 /* set secpolicy */ 2803 m = key_sp2mbuf(sp); 2804 if (!m) { 2805 error = ENOBUFS; 2806 goto fail; 2807 } 2808 m_cat(result, m); 2809 2810 if ((result->m_flags & M_PKTHDR) == 0) { 2811 error = EINVAL; 2812 goto fail; 2813 } 2814 2815 if (result->m_len < sizeof(struct sadb_msg)) { 2816 result = m_pullup(result, sizeof(struct sadb_msg)); 2817 if (result == NULL) { 2818 error = ENOBUFS; 2819 goto fail; 2820 } 2821 } 2822 2823 result->m_pkthdr.len = 0; 2824 for (m = result; m; m = m->m_next) 2825 result->m_pkthdr.len += m->m_len; 2826 2827 mtod(result, struct sadb_msg *)->sadb_msg_len = 2828 PFKEY_UNIT64(result->m_pkthdr.len); 2829 2830 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2831 2832 fail: 2833 if (result) 2834 m_freem(result); 2835 return error; 2836 } 2837 2838 /* %%% SAD management */ 2839 /* 2840 * allocating and initialize new SA head. 2841 * OUT: NULL : failure due to the lack of memory. 2842 * others : pointer to new SA head. 2843 */ 2844 static struct secashead * 2845 key_newsah(struct secasindex *saidx) 2846 { 2847 struct secashead *sah; 2848 2849 sah = malloc(sizeof(struct secashead), M_IPSEC_SAH, 2850 M_NOWAIT | M_ZERO); 2851 if (sah == NULL) { 2852 PFKEYSTAT_INC(in_nomem); 2853 return (NULL); 2854 } 2855 TAILQ_INIT(&sah->savtree_larval); 2856 TAILQ_INIT(&sah->savtree_alive); 2857 sah->saidx = *saidx; 2858 sah->state = SADB_SASTATE_DEAD; 2859 SAH_INITREF(sah); 2860 2861 KEYDBG(KEY_STAMP, 2862 printf("%s: SAH(%p)\n", __func__, sah)); 2863 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2864 return (sah); 2865 } 2866 2867 static void 2868 key_freesah(struct secashead **psah) 2869 { 2870 struct secashead *sah = *psah; 2871 2872 if (SAH_DELREF(sah) == 0) 2873 return; 2874 2875 KEYDBG(KEY_STAMP, 2876 printf("%s: last reference to SAH(%p)\n", __func__, sah)); 2877 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2878 2879 *psah = NULL; 2880 key_delsah(sah); 2881 } 2882 2883 static void 2884 key_delsah(struct secashead *sah) 2885 { 2886 IPSEC_ASSERT(sah != NULL, ("NULL sah")); 2887 IPSEC_ASSERT(sah->state == SADB_SASTATE_DEAD, 2888 ("Attempt to free non DEAD SAH %p", sah)); 2889 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_larval), 2890 ("Attempt to free SAH %p with LARVAL SA", sah)); 2891 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_alive), 2892 ("Attempt to free SAH %p with ALIVE SA", sah)); 2893 2894 free(sah, M_IPSEC_SAH); 2895 } 2896 2897 /* 2898 * allocating a new SA for key_add() and key_getspi() call, 2899 * and copy the values of mhp into new buffer. 2900 * When SAD message type is SADB_GETSPI set SA state to LARVAL. 2901 * For SADB_ADD create and initialize SA with MATURE state. 2902 * OUT: NULL : fail 2903 * others : pointer to new secasvar. 2904 */ 2905 static struct secasvar * 2906 key_newsav(const struct sadb_msghdr *mhp, struct secasindex *saidx, 2907 uint32_t spi, int *errp) 2908 { 2909 struct secashead *sah; 2910 struct secasvar *sav; 2911 int isnew; 2912 2913 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2914 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2915 IPSEC_ASSERT(mhp->msg->sadb_msg_type == SADB_GETSPI || 2916 mhp->msg->sadb_msg_type == SADB_ADD, ("wrong message type")); 2917 2918 sav = NULL; 2919 sah = NULL; 2920 /* check SPI value */ 2921 switch (saidx->proto) { 2922 case IPPROTO_ESP: 2923 case IPPROTO_AH: 2924 /* 2925 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values 2926 * 1-255 reserved by IANA for future use, 2927 * 0 for implementation specific, local use. 2928 */ 2929 if (ntohl(spi) <= 255) { 2930 ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n", 2931 __func__, ntohl(spi))); 2932 *errp = EINVAL; 2933 goto done; 2934 } 2935 break; 2936 } 2937 2938 sav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT | M_ZERO); 2939 if (sav == NULL) { 2940 *errp = ENOBUFS; 2941 goto done; 2942 } 2943 sav->lock = malloc(sizeof(struct mtx), M_IPSEC_MISC, 2944 M_NOWAIT | M_ZERO); 2945 if (sav->lock == NULL) { 2946 *errp = ENOBUFS; 2947 goto done; 2948 } 2949 mtx_init(sav->lock, "ipsec association", NULL, MTX_DEF); 2950 sav->lft_c = uma_zalloc_pcpu(V_key_lft_zone, M_NOWAIT); 2951 if (sav->lft_c == NULL) { 2952 *errp = ENOBUFS; 2953 goto done; 2954 } 2955 counter_u64_zero(sav->lft_c_allocations); 2956 counter_u64_zero(sav->lft_c_bytes); 2957 2958 sav->spi = spi; 2959 sav->seq = mhp->msg->sadb_msg_seq; 2960 sav->state = SADB_SASTATE_LARVAL; 2961 sav->pid = (pid_t)mhp->msg->sadb_msg_pid; 2962 SAV_INITREF(sav); 2963 again: 2964 sah = key_getsah(saidx); 2965 if (sah == NULL) { 2966 /* create a new SA index */ 2967 sah = key_newsah(saidx); 2968 if (sah == NULL) { 2969 ipseclog((LOG_DEBUG, 2970 "%s: No more memory.\n", __func__)); 2971 *errp = ENOBUFS; 2972 goto done; 2973 } 2974 isnew = 1; 2975 } else 2976 isnew = 0; 2977 2978 sav->sah = sah; 2979 if (mhp->msg->sadb_msg_type == SADB_GETSPI) { 2980 sav->created = time_second; 2981 } else if (sav->state == SADB_SASTATE_LARVAL) { 2982 /* 2983 * Do not call key_setsaval() second time in case 2984 * of `goto again`. We will have MATURE state. 2985 */ 2986 *errp = key_setsaval(sav, mhp); 2987 if (*errp != 0) 2988 goto done; 2989 sav->state = SADB_SASTATE_MATURE; 2990 } 2991 2992 SAHTREE_WLOCK(); 2993 /* 2994 * Check that existing SAH wasn't unlinked. 2995 * Since we didn't hold the SAHTREE lock, it is possible, 2996 * that callout handler or key_flush() or key_delete() could 2997 * unlink this SAH. 2998 */ 2999 if (isnew == 0 && sah->state == SADB_SASTATE_DEAD) { 3000 SAHTREE_WUNLOCK(); 3001 key_freesah(&sah); /* reference from key_getsah() */ 3002 goto again; 3003 } 3004 if (isnew != 0) { 3005 /* 3006 * Add new SAH into SADB. 3007 * 3008 * XXXAE: we can serialize key_add and key_getspi calls, so 3009 * several threads will not fight in the race. 3010 * Otherwise we should check under SAHTREE lock, that this 3011 * SAH would not added twice. 3012 */ 3013 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 3014 /* Add new SAH into hash by addresses */ 3015 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 3016 /* Now we are linked in the chain */ 3017 sah->state = SADB_SASTATE_MATURE; 3018 /* 3019 * SAV references this new SAH. 3020 * In case of existing SAH we reuse reference 3021 * from key_getsah(). 3022 */ 3023 SAH_ADDREF(sah); 3024 } 3025 /* Link SAV with SAH */ 3026 if (sav->state == SADB_SASTATE_MATURE) 3027 TAILQ_INSERT_HEAD(&sah->savtree_alive, sav, chain); 3028 else 3029 TAILQ_INSERT_HEAD(&sah->savtree_larval, sav, chain); 3030 /* Add SAV into SPI hash */ 3031 LIST_INSERT_HEAD(SAVHASH_HASH(sav->spi), sav, spihash); 3032 SAHTREE_WUNLOCK(); 3033 *errp = 0; /* success */ 3034 done: 3035 if (*errp != 0) { 3036 if (sav != NULL) { 3037 if (sav->lock != NULL) { 3038 mtx_destroy(sav->lock); 3039 free(sav->lock, M_IPSEC_MISC); 3040 } 3041 if (sav->lft_c != NULL) 3042 uma_zfree_pcpu(V_key_lft_zone, sav->lft_c); 3043 free(sav, M_IPSEC_SA), sav = NULL; 3044 } 3045 if (sah != NULL) 3046 key_freesah(&sah); 3047 if (*errp == ENOBUFS) { 3048 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3049 __func__)); 3050 PFKEYSTAT_INC(in_nomem); 3051 } 3052 } 3053 return (sav); 3054 } 3055 3056 /* 3057 * free() SA variable entry. 3058 */ 3059 static void 3060 key_cleansav(struct secasvar *sav) 3061 { 3062 3063 if (sav->natt != NULL) { 3064 free(sav->natt, M_IPSEC_MISC); 3065 sav->natt = NULL; 3066 } 3067 if (sav->flags & SADB_X_EXT_F_CLONED) 3068 return; 3069 /* 3070 * Cleanup xform state. Note that zeroize'ing causes the 3071 * keys to be cleared; otherwise we must do it ourself. 3072 */ 3073 if (sav->tdb_xform != NULL) { 3074 sav->tdb_xform->xf_zeroize(sav); 3075 sav->tdb_xform = NULL; 3076 } else { 3077 if (sav->key_auth != NULL) 3078 bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth)); 3079 if (sav->key_enc != NULL) 3080 bzero(sav->key_enc->key_data, _KEYLEN(sav->key_enc)); 3081 } 3082 if (sav->key_auth != NULL) { 3083 if (sav->key_auth->key_data != NULL) 3084 free(sav->key_auth->key_data, M_IPSEC_MISC); 3085 free(sav->key_auth, M_IPSEC_MISC); 3086 sav->key_auth = NULL; 3087 } 3088 if (sav->key_enc != NULL) { 3089 if (sav->key_enc->key_data != NULL) 3090 free(sav->key_enc->key_data, M_IPSEC_MISC); 3091 free(sav->key_enc, M_IPSEC_MISC); 3092 sav->key_enc = NULL; 3093 } 3094 if (sav->replay != NULL) { 3095 if (sav->replay->bitmap != NULL) 3096 free(sav->replay->bitmap, M_IPSEC_MISC); 3097 free(sav->replay, M_IPSEC_MISC); 3098 sav->replay = NULL; 3099 } 3100 if (sav->lft_h != NULL) { 3101 free(sav->lft_h, M_IPSEC_MISC); 3102 sav->lft_h = NULL; 3103 } 3104 if (sav->lft_s != NULL) { 3105 free(sav->lft_s, M_IPSEC_MISC); 3106 sav->lft_s = NULL; 3107 } 3108 } 3109 3110 /* 3111 * free() SA variable entry. 3112 */ 3113 static void 3114 key_delsav(struct secasvar *sav) 3115 { 3116 IPSEC_ASSERT(sav != NULL, ("null sav")); 3117 IPSEC_ASSERT(sav->state == SADB_SASTATE_DEAD, 3118 ("attempt to free non DEAD SA %p", sav)); 3119 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", 3120 sav->refcnt)); 3121 3122 /* 3123 * SA must be unlinked from the chain and hashtbl. 3124 * If SA was cloned, we leave all fields untouched, 3125 * except NAT-T config. 3126 */ 3127 key_cleansav(sav); 3128 if ((sav->flags & SADB_X_EXT_F_CLONED) == 0) { 3129 mtx_destroy(sav->lock); 3130 free(sav->lock, M_IPSEC_MISC); 3131 uma_zfree(V_key_lft_zone, sav->lft_c); 3132 } 3133 free(sav, M_IPSEC_SA); 3134 } 3135 3136 /* 3137 * search SAH. 3138 * OUT: 3139 * NULL : not found 3140 * others : found, referenced pointer to a SAH. 3141 */ 3142 static struct secashead * 3143 key_getsah(struct secasindex *saidx) 3144 { 3145 SAHTREE_RLOCK_TRACKER; 3146 struct secashead *sah; 3147 3148 SAHTREE_RLOCK(); 3149 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 3150 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID) != 0) { 3151 SAH_ADDREF(sah); 3152 break; 3153 } 3154 } 3155 SAHTREE_RUNLOCK(); 3156 return (sah); 3157 } 3158 3159 /* 3160 * Check not to be duplicated SPI. 3161 * OUT: 3162 * 0 : not found 3163 * 1 : found SA with given SPI. 3164 */ 3165 static int 3166 key_checkspidup(uint32_t spi) 3167 { 3168 SAHTREE_RLOCK_TRACKER; 3169 struct secasvar *sav; 3170 3171 /* Assume SPI is in network byte order */ 3172 SAHTREE_RLOCK(); 3173 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3174 if (sav->spi == spi) 3175 break; 3176 } 3177 SAHTREE_RUNLOCK(); 3178 return (sav != NULL); 3179 } 3180 3181 /* 3182 * Search SA by SPI. 3183 * OUT: 3184 * NULL : not found 3185 * others : found, referenced pointer to a SA. 3186 */ 3187 static struct secasvar * 3188 key_getsavbyspi(uint32_t spi) 3189 { 3190 SAHTREE_RLOCK_TRACKER; 3191 struct secasvar *sav; 3192 3193 /* Assume SPI is in network byte order */ 3194 SAHTREE_RLOCK(); 3195 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3196 if (sav->spi != spi) 3197 continue; 3198 SAV_ADDREF(sav); 3199 break; 3200 } 3201 SAHTREE_RUNLOCK(); 3202 return (sav); 3203 } 3204 3205 static int 3206 key_updatelifetimes(struct secasvar *sav, const struct sadb_msghdr *mhp) 3207 { 3208 struct seclifetime *lft_h, *lft_s, *tmp; 3209 3210 /* Lifetime extension is optional, check that it is present. */ 3211 if (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3212 SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) { 3213 /* 3214 * In case of SADB_UPDATE we may need to change 3215 * existing lifetimes. 3216 */ 3217 if (sav->state == SADB_SASTATE_MATURE) { 3218 lft_h = lft_s = NULL; 3219 goto reset; 3220 } 3221 return (0); 3222 } 3223 /* Both HARD and SOFT extensions must present */ 3224 if ((SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3225 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 3226 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 3227 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 3228 ipseclog((LOG_DEBUG, 3229 "%s: invalid message: missing required header.\n", 3230 __func__)); 3231 return (EINVAL); 3232 } 3233 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD) || 3234 SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_SOFT)) { 3235 ipseclog((LOG_DEBUG, 3236 "%s: invalid message: wrong header size.\n", __func__)); 3237 return (EINVAL); 3238 } 3239 lft_h = key_dup_lifemsg((const struct sadb_lifetime *) 3240 mhp->ext[SADB_EXT_LIFETIME_HARD], M_IPSEC_MISC); 3241 if (lft_h == NULL) { 3242 PFKEYSTAT_INC(in_nomem); 3243 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3244 return (ENOBUFS); 3245 } 3246 lft_s = key_dup_lifemsg((const struct sadb_lifetime *) 3247 mhp->ext[SADB_EXT_LIFETIME_SOFT], M_IPSEC_MISC); 3248 if (lft_s == NULL) { 3249 PFKEYSTAT_INC(in_nomem); 3250 free(lft_h, M_IPSEC_MISC); 3251 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3252 return (ENOBUFS); 3253 } 3254 reset: 3255 if (sav->state != SADB_SASTATE_LARVAL) { 3256 /* 3257 * key_update() holds reference to this SA, 3258 * so it won't be deleted in meanwhile. 3259 */ 3260 SECASVAR_LOCK(sav); 3261 tmp = sav->lft_h; 3262 sav->lft_h = lft_h; 3263 lft_h = tmp; 3264 3265 tmp = sav->lft_s; 3266 sav->lft_s = lft_s; 3267 lft_s = tmp; 3268 SECASVAR_UNLOCK(sav); 3269 if (lft_h != NULL) 3270 free(lft_h, M_IPSEC_MISC); 3271 if (lft_s != NULL) 3272 free(lft_s, M_IPSEC_MISC); 3273 return (0); 3274 } 3275 /* We can update lifetime without holding a lock */ 3276 IPSEC_ASSERT(sav->lft_h == NULL, ("lft_h is already initialized\n")); 3277 IPSEC_ASSERT(sav->lft_s == NULL, ("lft_s is already initialized\n")); 3278 sav->lft_h = lft_h; 3279 sav->lft_s = lft_s; 3280 return (0); 3281 } 3282 3283 /* 3284 * copy SA values from PF_KEY message except *SPI, SEQ, PID and TYPE*. 3285 * You must update these if need. Expects only LARVAL SAs. 3286 * OUT: 0: success. 3287 * !0: failure. 3288 */ 3289 static int 3290 key_setsaval(struct secasvar *sav, const struct sadb_msghdr *mhp) 3291 { 3292 const struct sadb_sa *sa0; 3293 const struct sadb_key *key0; 3294 uint32_t replay; 3295 size_t len; 3296 int error; 3297 3298 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 3299 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 3300 IPSEC_ASSERT(sav->state == SADB_SASTATE_LARVAL, 3301 ("Attempt to update non LARVAL SA")); 3302 3303 /* XXX rewrite */ 3304 error = key_setident(sav->sah, mhp); 3305 if (error != 0) 3306 goto fail; 3307 3308 /* SA */ 3309 if (!SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 3310 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 3311 error = EINVAL; 3312 goto fail; 3313 } 3314 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 3315 sav->alg_auth = sa0->sadb_sa_auth; 3316 sav->alg_enc = sa0->sadb_sa_encrypt; 3317 sav->flags = sa0->sadb_sa_flags; 3318 if ((sav->flags & SADB_KEY_FLAGS_MAX) != sav->flags) { 3319 ipseclog((LOG_DEBUG, 3320 "%s: invalid sa_flags 0x%08x.\n", __func__, 3321 sav->flags)); 3322 error = EINVAL; 3323 goto fail; 3324 } 3325 3326 /* Optional replay window */ 3327 replay = 0; 3328 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) 3329 replay = sa0->sadb_sa_replay; 3330 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_SA_REPLAY)) { 3331 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA_REPLAY)) { 3332 error = EINVAL; 3333 goto fail; 3334 } 3335 replay = ((const struct sadb_x_sa_replay *) 3336 mhp->ext[SADB_X_EXT_SA_REPLAY])->sadb_x_sa_replay_replay; 3337 3338 if (replay > UINT32_MAX - 32) { 3339 ipseclog((LOG_DEBUG, 3340 "%s: replay window too big.\n", __func__)); 3341 error = EINVAL; 3342 goto fail; 3343 } 3344 3345 replay = (replay + 7) >> 3; 3346 } 3347 3348 sav->replay = malloc(sizeof(struct secreplay), M_IPSEC_MISC, 3349 M_NOWAIT | M_ZERO); 3350 if (sav->replay == NULL) { 3351 PFKEYSTAT_INC(in_nomem); 3352 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3353 __func__)); 3354 error = ENOBUFS; 3355 goto fail; 3356 } 3357 3358 if (replay != 0) { 3359 /* number of 32b blocks to be allocated */ 3360 uint32_t bitmap_size; 3361 3362 /* RFC 6479: 3363 * - the allocated replay window size must be 3364 * a power of two. 3365 * - use an extra 32b block as a redundant window. 3366 */ 3367 bitmap_size = 1; 3368 while (replay + 4 > bitmap_size) 3369 bitmap_size <<= 1; 3370 bitmap_size = bitmap_size / 4; 3371 3372 sav->replay->bitmap = malloc( 3373 bitmap_size * sizeof(uint32_t), M_IPSEC_MISC, 3374 M_NOWAIT | M_ZERO); 3375 if (sav->replay->bitmap == NULL) { 3376 PFKEYSTAT_INC(in_nomem); 3377 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3378 __func__)); 3379 error = ENOBUFS; 3380 goto fail; 3381 } 3382 sav->replay->bitmap_size = bitmap_size; 3383 sav->replay->wsize = replay; 3384 } 3385 } 3386 3387 /* Authentication keys */ 3388 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 3389 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH)) { 3390 error = EINVAL; 3391 goto fail; 3392 } 3393 error = 0; 3394 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH]; 3395 len = mhp->extlen[SADB_EXT_KEY_AUTH]; 3396 switch (mhp->msg->sadb_msg_satype) { 3397 case SADB_SATYPE_AH: 3398 case SADB_SATYPE_ESP: 3399 case SADB_X_SATYPE_TCPSIGNATURE: 3400 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3401 sav->alg_auth != SADB_X_AALG_NULL) 3402 error = EINVAL; 3403 break; 3404 case SADB_X_SATYPE_IPCOMP: 3405 default: 3406 error = EINVAL; 3407 break; 3408 } 3409 if (error) { 3410 ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n", 3411 __func__)); 3412 goto fail; 3413 } 3414 3415 sav->key_auth = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3416 if (sav->key_auth == NULL ) { 3417 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3418 __func__)); 3419 PFKEYSTAT_INC(in_nomem); 3420 error = ENOBUFS; 3421 goto fail; 3422 } 3423 } 3424 3425 /* Encryption key */ 3426 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) { 3427 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT)) { 3428 error = EINVAL; 3429 goto fail; 3430 } 3431 error = 0; 3432 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT]; 3433 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; 3434 switch (mhp->msg->sadb_msg_satype) { 3435 case SADB_SATYPE_ESP: 3436 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3437 sav->alg_enc != SADB_EALG_NULL) { 3438 error = EINVAL; 3439 break; 3440 } 3441 sav->key_enc = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3442 if (sav->key_enc == NULL) { 3443 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3444 __func__)); 3445 PFKEYSTAT_INC(in_nomem); 3446 error = ENOBUFS; 3447 goto fail; 3448 } 3449 break; 3450 case SADB_X_SATYPE_IPCOMP: 3451 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) 3452 error = EINVAL; 3453 sav->key_enc = NULL; /*just in case*/ 3454 break; 3455 case SADB_SATYPE_AH: 3456 case SADB_X_SATYPE_TCPSIGNATURE: 3457 default: 3458 error = EINVAL; 3459 break; 3460 } 3461 if (error) { 3462 ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n", 3463 __func__)); 3464 goto fail; 3465 } 3466 } 3467 3468 /* set iv */ 3469 sav->ivlen = 0; 3470 switch (mhp->msg->sadb_msg_satype) { 3471 case SADB_SATYPE_AH: 3472 if (sav->flags & SADB_X_EXT_DERIV) { 3473 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3474 "given to AH SA.\n", __func__)); 3475 error = EINVAL; 3476 goto fail; 3477 } 3478 if (sav->alg_enc != SADB_EALG_NONE) { 3479 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3480 "mismated.\n", __func__)); 3481 error = EINVAL; 3482 goto fail; 3483 } 3484 error = xform_init(sav, XF_AH); 3485 break; 3486 case SADB_SATYPE_ESP: 3487 if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) == 3488 (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) { 3489 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3490 "given to old-esp.\n", __func__)); 3491 error = EINVAL; 3492 goto fail; 3493 } 3494 error = xform_init(sav, XF_ESP); 3495 break; 3496 case SADB_X_SATYPE_IPCOMP: 3497 if (sav->alg_auth != SADB_AALG_NONE) { 3498 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3499 "mismated.\n", __func__)); 3500 error = EINVAL; 3501 goto fail; 3502 } 3503 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 && 3504 ntohl(sav->spi) >= 0x10000) { 3505 ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n", 3506 __func__)); 3507 error = EINVAL; 3508 goto fail; 3509 } 3510 error = xform_init(sav, XF_IPCOMP); 3511 break; 3512 case SADB_X_SATYPE_TCPSIGNATURE: 3513 if (sav->alg_enc != SADB_EALG_NONE) { 3514 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3515 "mismated.\n", __func__)); 3516 error = EINVAL; 3517 goto fail; 3518 } 3519 error = xform_init(sav, XF_TCPSIGNATURE); 3520 break; 3521 default: 3522 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__)); 3523 error = EPROTONOSUPPORT; 3524 goto fail; 3525 } 3526 if (error) { 3527 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n", 3528 __func__, mhp->msg->sadb_msg_satype)); 3529 goto fail; 3530 } 3531 3532 /* Handle NAT-T headers */ 3533 error = key_setnatt(sav, mhp); 3534 if (error != 0) 3535 goto fail; 3536 3537 /* Initialize lifetime for CURRENT */ 3538 sav->firstused = 0; 3539 sav->created = time_second; 3540 3541 /* lifetimes for HARD and SOFT */ 3542 error = key_updatelifetimes(sav, mhp); 3543 if (error == 0) 3544 return (0); 3545 fail: 3546 key_cleansav(sav); 3547 return (error); 3548 } 3549 3550 /* 3551 * subroutine for SADB_GET and SADB_DUMP. 3552 */ 3553 static struct mbuf * 3554 key_setdumpsa(struct secasvar *sav, uint8_t type, uint8_t satype, 3555 uint32_t seq, uint32_t pid) 3556 { 3557 struct seclifetime lft_c; 3558 struct mbuf *result = NULL, *tres = NULL, *m; 3559 int i, dumporder[] = { 3560 SADB_EXT_SA, SADB_X_EXT_SA2, SADB_X_EXT_SA_REPLAY, 3561 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 3562 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, 3563 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, 3564 SADB_EXT_KEY_AUTH, SADB_EXT_KEY_ENCRYPT, 3565 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 3566 SADB_EXT_SENSITIVITY, 3567 SADB_X_EXT_NAT_T_TYPE, 3568 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, 3569 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, 3570 SADB_X_EXT_NAT_T_FRAG, 3571 }; 3572 uint32_t replay_count; 3573 3574 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); 3575 if (m == NULL) 3576 goto fail; 3577 result = m; 3578 3579 for (i = nitems(dumporder) - 1; i >= 0; i--) { 3580 m = NULL; 3581 switch (dumporder[i]) { 3582 case SADB_EXT_SA: 3583 m = key_setsadbsa(sav); 3584 if (!m) 3585 goto fail; 3586 break; 3587 3588 case SADB_X_EXT_SA2: 3589 SECASVAR_LOCK(sav); 3590 replay_count = sav->replay ? sav->replay->count : 0; 3591 SECASVAR_UNLOCK(sav); 3592 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 3593 sav->sah->saidx.reqid); 3594 if (!m) 3595 goto fail; 3596 break; 3597 3598 case SADB_X_EXT_SA_REPLAY: 3599 if (sav->replay == NULL || 3600 sav->replay->wsize <= UINT8_MAX) 3601 continue; 3602 3603 m = key_setsadbxsareplay(sav->replay->wsize); 3604 if (!m) 3605 goto fail; 3606 break; 3607 3608 case SADB_EXT_ADDRESS_SRC: 3609 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3610 &sav->sah->saidx.src.sa, 3611 FULLMASK, IPSEC_ULPROTO_ANY); 3612 if (!m) 3613 goto fail; 3614 break; 3615 3616 case SADB_EXT_ADDRESS_DST: 3617 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3618 &sav->sah->saidx.dst.sa, 3619 FULLMASK, IPSEC_ULPROTO_ANY); 3620 if (!m) 3621 goto fail; 3622 break; 3623 3624 case SADB_EXT_KEY_AUTH: 3625 if (!sav->key_auth) 3626 continue; 3627 m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH); 3628 if (!m) 3629 goto fail; 3630 break; 3631 3632 case SADB_EXT_KEY_ENCRYPT: 3633 if (!sav->key_enc) 3634 continue; 3635 m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT); 3636 if (!m) 3637 goto fail; 3638 break; 3639 3640 case SADB_EXT_LIFETIME_CURRENT: 3641 lft_c.addtime = sav->created; 3642 lft_c.allocations = (uint32_t)counter_u64_fetch( 3643 sav->lft_c_allocations); 3644 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes); 3645 lft_c.usetime = sav->firstused; 3646 m = key_setlifetime(&lft_c, SADB_EXT_LIFETIME_CURRENT); 3647 if (!m) 3648 goto fail; 3649 break; 3650 3651 case SADB_EXT_LIFETIME_HARD: 3652 if (!sav->lft_h) 3653 continue; 3654 m = key_setlifetime(sav->lft_h, 3655 SADB_EXT_LIFETIME_HARD); 3656 if (!m) 3657 goto fail; 3658 break; 3659 3660 case SADB_EXT_LIFETIME_SOFT: 3661 if (!sav->lft_s) 3662 continue; 3663 m = key_setlifetime(sav->lft_s, 3664 SADB_EXT_LIFETIME_SOFT); 3665 3666 if (!m) 3667 goto fail; 3668 break; 3669 3670 case SADB_X_EXT_NAT_T_TYPE: 3671 if (sav->natt == NULL) 3672 continue; 3673 m = key_setsadbxtype(UDP_ENCAP_ESPINUDP); 3674 if (!m) 3675 goto fail; 3676 break; 3677 3678 case SADB_X_EXT_NAT_T_DPORT: 3679 if (sav->natt == NULL) 3680 continue; 3681 m = key_setsadbxport(sav->natt->dport, 3682 SADB_X_EXT_NAT_T_DPORT); 3683 if (!m) 3684 goto fail; 3685 break; 3686 3687 case SADB_X_EXT_NAT_T_SPORT: 3688 if (sav->natt == NULL) 3689 continue; 3690 m = key_setsadbxport(sav->natt->sport, 3691 SADB_X_EXT_NAT_T_SPORT); 3692 if (!m) 3693 goto fail; 3694 break; 3695 3696 case SADB_X_EXT_NAT_T_OAI: 3697 if (sav->natt == NULL || 3698 (sav->natt->flags & IPSEC_NATT_F_OAI) == 0) 3699 continue; 3700 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAI, 3701 &sav->natt->oai.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3702 if (!m) 3703 goto fail; 3704 break; 3705 case SADB_X_EXT_NAT_T_OAR: 3706 if (sav->natt == NULL || 3707 (sav->natt->flags & IPSEC_NATT_F_OAR) == 0) 3708 continue; 3709 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAR, 3710 &sav->natt->oar.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3711 if (!m) 3712 goto fail; 3713 break; 3714 case SADB_X_EXT_NAT_T_FRAG: 3715 /* We do not (yet) support those. */ 3716 continue; 3717 3718 case SADB_EXT_ADDRESS_PROXY: 3719 case SADB_EXT_IDENTITY_SRC: 3720 case SADB_EXT_IDENTITY_DST: 3721 /* XXX: should we brought from SPD ? */ 3722 case SADB_EXT_SENSITIVITY: 3723 default: 3724 continue; 3725 } 3726 3727 if (!m) 3728 goto fail; 3729 if (tres) 3730 m_cat(m, tres); 3731 tres = m; 3732 } 3733 3734 m_cat(result, tres); 3735 tres = NULL; 3736 if (result->m_len < sizeof(struct sadb_msg)) { 3737 result = m_pullup(result, sizeof(struct sadb_msg)); 3738 if (result == NULL) 3739 goto fail; 3740 } 3741 3742 result->m_pkthdr.len = 0; 3743 for (m = result; m; m = m->m_next) 3744 result->m_pkthdr.len += m->m_len; 3745 3746 mtod(result, struct sadb_msg *)->sadb_msg_len = 3747 PFKEY_UNIT64(result->m_pkthdr.len); 3748 3749 return result; 3750 3751 fail: 3752 m_freem(result); 3753 m_freem(tres); 3754 return NULL; 3755 } 3756 3757 /* 3758 * set data into sadb_msg. 3759 */ 3760 static struct mbuf * 3761 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq, 3762 pid_t pid, u_int16_t reserved) 3763 { 3764 struct mbuf *m; 3765 struct sadb_msg *p; 3766 int len; 3767 3768 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 3769 if (len > MCLBYTES) 3770 return NULL; 3771 MGETHDR(m, M_NOWAIT, MT_DATA); 3772 if (m && len > MHLEN) { 3773 if (!(MCLGET(m, M_NOWAIT))) { 3774 m_freem(m); 3775 m = NULL; 3776 } 3777 } 3778 if (!m) 3779 return NULL; 3780 m->m_pkthdr.len = m->m_len = len; 3781 m->m_next = NULL; 3782 3783 p = mtod(m, struct sadb_msg *); 3784 3785 bzero(p, len); 3786 p->sadb_msg_version = PF_KEY_V2; 3787 p->sadb_msg_type = type; 3788 p->sadb_msg_errno = 0; 3789 p->sadb_msg_satype = satype; 3790 p->sadb_msg_len = PFKEY_UNIT64(tlen); 3791 p->sadb_msg_reserved = reserved; 3792 p->sadb_msg_seq = seq; 3793 p->sadb_msg_pid = (u_int32_t)pid; 3794 3795 return m; 3796 } 3797 3798 /* 3799 * copy secasvar data into sadb_address. 3800 */ 3801 static struct mbuf * 3802 key_setsadbsa(struct secasvar *sav) 3803 { 3804 struct mbuf *m; 3805 struct sadb_sa *p; 3806 int len; 3807 3808 len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); 3809 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3810 if (m == NULL) 3811 return (NULL); 3812 m_align(m, len); 3813 m->m_len = len; 3814 p = mtod(m, struct sadb_sa *); 3815 bzero(p, len); 3816 p->sadb_sa_len = PFKEY_UNIT64(len); 3817 p->sadb_sa_exttype = SADB_EXT_SA; 3818 p->sadb_sa_spi = sav->spi; 3819 p->sadb_sa_replay = sav->replay ? 3820 (sav->replay->wsize > UINT8_MAX ? UINT8_MAX : 3821 sav->replay->wsize): 0; 3822 p->sadb_sa_state = sav->state; 3823 p->sadb_sa_auth = sav->alg_auth; 3824 p->sadb_sa_encrypt = sav->alg_enc; 3825 p->sadb_sa_flags = sav->flags & SADB_KEY_FLAGS_MAX; 3826 return (m); 3827 } 3828 3829 /* 3830 * set data into sadb_address. 3831 */ 3832 static struct mbuf * 3833 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr, 3834 u_int8_t prefixlen, u_int16_t ul_proto) 3835 { 3836 struct mbuf *m; 3837 struct sadb_address *p; 3838 size_t len; 3839 3840 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + 3841 PFKEY_ALIGN8(saddr->sa_len); 3842 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3843 if (m == NULL) 3844 return (NULL); 3845 m_align(m, len); 3846 m->m_len = len; 3847 p = mtod(m, struct sadb_address *); 3848 3849 bzero(p, len); 3850 p->sadb_address_len = PFKEY_UNIT64(len); 3851 p->sadb_address_exttype = exttype; 3852 p->sadb_address_proto = ul_proto; 3853 if (prefixlen == FULLMASK) { 3854 switch (saddr->sa_family) { 3855 case AF_INET: 3856 prefixlen = sizeof(struct in_addr) << 3; 3857 break; 3858 case AF_INET6: 3859 prefixlen = sizeof(struct in6_addr) << 3; 3860 break; 3861 default: 3862 ; /*XXX*/ 3863 } 3864 } 3865 p->sadb_address_prefixlen = prefixlen; 3866 p->sadb_address_reserved = 0; 3867 3868 bcopy(saddr, 3869 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)), 3870 saddr->sa_len); 3871 3872 return m; 3873 } 3874 3875 /* 3876 * set data into sadb_x_sa2. 3877 */ 3878 static struct mbuf * 3879 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid) 3880 { 3881 struct mbuf *m; 3882 struct sadb_x_sa2 *p; 3883 size_t len; 3884 3885 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); 3886 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3887 if (m == NULL) 3888 return (NULL); 3889 m_align(m, len); 3890 m->m_len = len; 3891 p = mtod(m, struct sadb_x_sa2 *); 3892 3893 bzero(p, len); 3894 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 3895 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 3896 p->sadb_x_sa2_mode = mode; 3897 p->sadb_x_sa2_reserved1 = 0; 3898 p->sadb_x_sa2_reserved2 = 0; 3899 p->sadb_x_sa2_sequence = seq; 3900 p->sadb_x_sa2_reqid = reqid; 3901 3902 return m; 3903 } 3904 3905 /* 3906 * Set data into sadb_x_sa_replay. 3907 */ 3908 static struct mbuf * 3909 key_setsadbxsareplay(u_int32_t replay) 3910 { 3911 struct mbuf *m; 3912 struct sadb_x_sa_replay *p; 3913 size_t len; 3914 3915 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa_replay)); 3916 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3917 if (m == NULL) 3918 return (NULL); 3919 m_align(m, len); 3920 m->m_len = len; 3921 p = mtod(m, struct sadb_x_sa_replay *); 3922 3923 bzero(p, len); 3924 p->sadb_x_sa_replay_len = PFKEY_UNIT64(len); 3925 p->sadb_x_sa_replay_exttype = SADB_X_EXT_SA_REPLAY; 3926 p->sadb_x_sa_replay_replay = (replay << 3); 3927 3928 return m; 3929 } 3930 3931 /* 3932 * Set a type in sadb_x_nat_t_type. 3933 */ 3934 static struct mbuf * 3935 key_setsadbxtype(u_int16_t type) 3936 { 3937 struct mbuf *m; 3938 size_t len; 3939 struct sadb_x_nat_t_type *p; 3940 3941 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type)); 3942 3943 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3944 if (m == NULL) 3945 return (NULL); 3946 m_align(m, len); 3947 m->m_len = len; 3948 p = mtod(m, struct sadb_x_nat_t_type *); 3949 3950 bzero(p, len); 3951 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len); 3952 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 3953 p->sadb_x_nat_t_type_type = type; 3954 3955 return (m); 3956 } 3957 /* 3958 * Set a port in sadb_x_nat_t_port. 3959 * In contrast to default RFC 2367 behaviour, port is in network byte order. 3960 */ 3961 static struct mbuf * 3962 key_setsadbxport(u_int16_t port, u_int16_t type) 3963 { 3964 struct mbuf *m; 3965 size_t len; 3966 struct sadb_x_nat_t_port *p; 3967 3968 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port)); 3969 3970 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3971 if (m == NULL) 3972 return (NULL); 3973 m_align(m, len); 3974 m->m_len = len; 3975 p = mtod(m, struct sadb_x_nat_t_port *); 3976 3977 bzero(p, len); 3978 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len); 3979 p->sadb_x_nat_t_port_exttype = type; 3980 p->sadb_x_nat_t_port_port = port; 3981 3982 return (m); 3983 } 3984 3985 /* 3986 * Get port from sockaddr. Port is in network byte order. 3987 */ 3988 uint16_t 3989 key_portfromsaddr(struct sockaddr *sa) 3990 { 3991 3992 switch (sa->sa_family) { 3993 #ifdef INET 3994 case AF_INET: 3995 return ((struct sockaddr_in *)sa)->sin_port; 3996 #endif 3997 #ifdef INET6 3998 case AF_INET6: 3999 return ((struct sockaddr_in6 *)sa)->sin6_port; 4000 #endif 4001 } 4002 return (0); 4003 } 4004 4005 /* 4006 * Set port in struct sockaddr. Port is in network byte order. 4007 */ 4008 void 4009 key_porttosaddr(struct sockaddr *sa, uint16_t port) 4010 { 4011 4012 switch (sa->sa_family) { 4013 #ifdef INET 4014 case AF_INET: 4015 ((struct sockaddr_in *)sa)->sin_port = port; 4016 break; 4017 #endif 4018 #ifdef INET6 4019 case AF_INET6: 4020 ((struct sockaddr_in6 *)sa)->sin6_port = port; 4021 break; 4022 #endif 4023 default: 4024 ipseclog((LOG_DEBUG, "%s: unexpected address family %d.\n", 4025 __func__, sa->sa_family)); 4026 break; 4027 } 4028 } 4029 4030 /* 4031 * set data into sadb_x_policy 4032 */ 4033 static struct mbuf * 4034 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id, u_int32_t priority) 4035 { 4036 struct mbuf *m; 4037 struct sadb_x_policy *p; 4038 size_t len; 4039 4040 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); 4041 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4042 if (m == NULL) 4043 return (NULL); 4044 m_align(m, len); 4045 m->m_len = len; 4046 p = mtod(m, struct sadb_x_policy *); 4047 4048 bzero(p, len); 4049 p->sadb_x_policy_len = PFKEY_UNIT64(len); 4050 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 4051 p->sadb_x_policy_type = type; 4052 p->sadb_x_policy_dir = dir; 4053 p->sadb_x_policy_id = id; 4054 p->sadb_x_policy_priority = priority; 4055 4056 return m; 4057 } 4058 4059 /* %%% utilities */ 4060 /* Take a key message (sadb_key) from the socket and turn it into one 4061 * of the kernel's key structures (seckey). 4062 * 4063 * IN: pointer to the src 4064 * OUT: NULL no more memory 4065 */ 4066 struct seckey * 4067 key_dup_keymsg(const struct sadb_key *src, size_t len, 4068 struct malloc_type *type) 4069 { 4070 struct seckey *dst; 4071 4072 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4073 if (dst != NULL) { 4074 dst->bits = src->sadb_key_bits; 4075 dst->key_data = malloc(len, type, M_NOWAIT); 4076 if (dst->key_data != NULL) { 4077 bcopy((const char *)(src + 1), dst->key_data, len); 4078 } else { 4079 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4080 __func__)); 4081 free(dst, type); 4082 dst = NULL; 4083 } 4084 } else { 4085 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4086 __func__)); 4087 4088 } 4089 return (dst); 4090 } 4091 4092 /* Take a lifetime message (sadb_lifetime) passed in on a socket and 4093 * turn it into one of the kernel's lifetime structures (seclifetime). 4094 * 4095 * IN: pointer to the destination, source and malloc type 4096 * OUT: NULL, no more memory 4097 */ 4098 4099 static struct seclifetime * 4100 key_dup_lifemsg(const struct sadb_lifetime *src, struct malloc_type *type) 4101 { 4102 struct seclifetime *dst; 4103 4104 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4105 if (dst == NULL) { 4106 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 4107 return (NULL); 4108 } 4109 dst->allocations = src->sadb_lifetime_allocations; 4110 dst->bytes = src->sadb_lifetime_bytes; 4111 dst->addtime = src->sadb_lifetime_addtime; 4112 dst->usetime = src->sadb_lifetime_usetime; 4113 return (dst); 4114 } 4115 4116 /* 4117 * compare two secasindex structure. 4118 * flag can specify to compare 2 saidxes. 4119 * compare two secasindex structure without both mode and reqid. 4120 * don't compare port. 4121 * IN: 4122 * saidx0: source, it can be in SAD. 4123 * saidx1: object. 4124 * OUT: 4125 * 1 : equal 4126 * 0 : not equal 4127 */ 4128 static int 4129 key_cmpsaidx(const struct secasindex *saidx0, const struct secasindex *saidx1, 4130 int flag) 4131 { 4132 4133 /* sanity */ 4134 if (saidx0 == NULL && saidx1 == NULL) 4135 return 1; 4136 4137 if (saidx0 == NULL || saidx1 == NULL) 4138 return 0; 4139 4140 if (saidx0->proto != saidx1->proto) 4141 return 0; 4142 4143 if (flag == CMP_EXACTLY) { 4144 if (saidx0->mode != saidx1->mode) 4145 return 0; 4146 if (saidx0->reqid != saidx1->reqid) 4147 return 0; 4148 if (bcmp(&saidx0->src, &saidx1->src, 4149 saidx0->src.sa.sa_len) != 0 || 4150 bcmp(&saidx0->dst, &saidx1->dst, 4151 saidx0->dst.sa.sa_len) != 0) 4152 return 0; 4153 } else { 4154 4155 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */ 4156 if (flag == CMP_MODE_REQID || flag == CMP_REQID) { 4157 /* 4158 * If reqid of SPD is non-zero, unique SA is required. 4159 * The result must be of same reqid in this case. 4160 */ 4161 if (saidx1->reqid != 0 && 4162 saidx0->reqid != saidx1->reqid) 4163 return 0; 4164 } 4165 4166 if (flag == CMP_MODE_REQID) { 4167 if (saidx0->mode != IPSEC_MODE_ANY 4168 && saidx0->mode != saidx1->mode) 4169 return 0; 4170 } 4171 4172 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, 0) != 0) 4173 return 0; 4174 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, 0) != 0) 4175 return 0; 4176 } 4177 4178 return 1; 4179 } 4180 4181 /* 4182 * compare two secindex structure exactly. 4183 * IN: 4184 * spidx0: source, it is often in SPD. 4185 * spidx1: object, it is often from PFKEY message. 4186 * OUT: 4187 * 1 : equal 4188 * 0 : not equal 4189 */ 4190 static int 4191 key_cmpspidx_exactly(struct secpolicyindex *spidx0, 4192 struct secpolicyindex *spidx1) 4193 { 4194 /* sanity */ 4195 if (spidx0 == NULL && spidx1 == NULL) 4196 return 1; 4197 4198 if (spidx0 == NULL || spidx1 == NULL) 4199 return 0; 4200 4201 if (spidx0->prefs != spidx1->prefs 4202 || spidx0->prefd != spidx1->prefd 4203 || spidx0->ul_proto != spidx1->ul_proto 4204 || spidx0->dir != spidx1->dir) 4205 return 0; 4206 4207 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 && 4208 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0; 4209 } 4210 4211 /* 4212 * compare two secindex structure with mask. 4213 * IN: 4214 * spidx0: source, it is often in SPD. 4215 * spidx1: object, it is often from IP header. 4216 * OUT: 4217 * 1 : equal 4218 * 0 : not equal 4219 */ 4220 static int 4221 key_cmpspidx_withmask(struct secpolicyindex *spidx0, 4222 struct secpolicyindex *spidx1) 4223 { 4224 /* sanity */ 4225 if (spidx0 == NULL && spidx1 == NULL) 4226 return 1; 4227 4228 if (spidx0 == NULL || spidx1 == NULL) 4229 return 0; 4230 4231 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family || 4232 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family || 4233 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len || 4234 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) 4235 return 0; 4236 4237 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ 4238 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY 4239 && spidx0->ul_proto != spidx1->ul_proto) 4240 return 0; 4241 4242 switch (spidx0->src.sa.sa_family) { 4243 case AF_INET: 4244 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY 4245 && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) 4246 return 0; 4247 if (!key_bbcmp(&spidx0->src.sin.sin_addr, 4248 &spidx1->src.sin.sin_addr, spidx0->prefs)) 4249 return 0; 4250 break; 4251 case AF_INET6: 4252 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY 4253 && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) 4254 return 0; 4255 /* 4256 * scope_id check. if sin6_scope_id is 0, we regard it 4257 * as a wildcard scope, which matches any scope zone ID. 4258 */ 4259 if (spidx0->src.sin6.sin6_scope_id && 4260 spidx1->src.sin6.sin6_scope_id && 4261 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) 4262 return 0; 4263 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr, 4264 &spidx1->src.sin6.sin6_addr, spidx0->prefs)) 4265 return 0; 4266 break; 4267 default: 4268 /* XXX */ 4269 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) 4270 return 0; 4271 break; 4272 } 4273 4274 switch (spidx0->dst.sa.sa_family) { 4275 case AF_INET: 4276 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY 4277 && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) 4278 return 0; 4279 if (!key_bbcmp(&spidx0->dst.sin.sin_addr, 4280 &spidx1->dst.sin.sin_addr, spidx0->prefd)) 4281 return 0; 4282 break; 4283 case AF_INET6: 4284 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY 4285 && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) 4286 return 0; 4287 /* 4288 * scope_id check. if sin6_scope_id is 0, we regard it 4289 * as a wildcard scope, which matches any scope zone ID. 4290 */ 4291 if (spidx0->dst.sin6.sin6_scope_id && 4292 spidx1->dst.sin6.sin6_scope_id && 4293 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) 4294 return 0; 4295 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr, 4296 &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) 4297 return 0; 4298 break; 4299 default: 4300 /* XXX */ 4301 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) 4302 return 0; 4303 break; 4304 } 4305 4306 /* XXX Do we check other field ? e.g. flowinfo */ 4307 4308 return 1; 4309 } 4310 4311 #ifdef satosin 4312 #undef satosin 4313 #endif 4314 #define satosin(s) ((const struct sockaddr_in *)s) 4315 #ifdef satosin6 4316 #undef satosin6 4317 #endif 4318 #define satosin6(s) ((const struct sockaddr_in6 *)s) 4319 /* returns 0 on match */ 4320 int 4321 key_sockaddrcmp(const struct sockaddr *sa1, const struct sockaddr *sa2, 4322 int port) 4323 { 4324 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4325 return 1; 4326 4327 switch (sa1->sa_family) { 4328 #ifdef INET 4329 case AF_INET: 4330 if (sa1->sa_len != sizeof(struct sockaddr_in)) 4331 return 1; 4332 if (satosin(sa1)->sin_addr.s_addr != 4333 satosin(sa2)->sin_addr.s_addr) { 4334 return 1; 4335 } 4336 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port) 4337 return 1; 4338 break; 4339 #endif 4340 #ifdef INET6 4341 case AF_INET6: 4342 if (sa1->sa_len != sizeof(struct sockaddr_in6)) 4343 return 1; /*EINVAL*/ 4344 if (satosin6(sa1)->sin6_scope_id != 4345 satosin6(sa2)->sin6_scope_id) { 4346 return 1; 4347 } 4348 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr, 4349 &satosin6(sa2)->sin6_addr)) { 4350 return 1; 4351 } 4352 if (port && 4353 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) { 4354 return 1; 4355 } 4356 break; 4357 #endif 4358 default: 4359 if (bcmp(sa1, sa2, sa1->sa_len) != 0) 4360 return 1; 4361 break; 4362 } 4363 4364 return 0; 4365 } 4366 4367 /* returns 0 on match */ 4368 int 4369 key_sockaddrcmp_withmask(const struct sockaddr *sa1, 4370 const struct sockaddr *sa2, size_t mask) 4371 { 4372 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4373 return (1); 4374 4375 switch (sa1->sa_family) { 4376 #ifdef INET 4377 case AF_INET: 4378 return (!key_bbcmp(&satosin(sa1)->sin_addr, 4379 &satosin(sa2)->sin_addr, mask)); 4380 #endif 4381 #ifdef INET6 4382 case AF_INET6: 4383 if (satosin6(sa1)->sin6_scope_id != 4384 satosin6(sa2)->sin6_scope_id) 4385 return (1); 4386 return (!key_bbcmp(&satosin6(sa1)->sin6_addr, 4387 &satosin6(sa2)->sin6_addr, mask)); 4388 #endif 4389 } 4390 return (1); 4391 } 4392 #undef satosin 4393 #undef satosin6 4394 4395 /* 4396 * compare two buffers with mask. 4397 * IN: 4398 * addr1: source 4399 * addr2: object 4400 * bits: Number of bits to compare 4401 * OUT: 4402 * 1 : equal 4403 * 0 : not equal 4404 */ 4405 static int 4406 key_bbcmp(const void *a1, const void *a2, u_int bits) 4407 { 4408 const unsigned char *p1 = a1; 4409 const unsigned char *p2 = a2; 4410 4411 /* XXX: This could be considerably faster if we compare a word 4412 * at a time, but it is complicated on LSB Endian machines */ 4413 4414 /* Handle null pointers */ 4415 if (p1 == NULL || p2 == NULL) 4416 return (p1 == p2); 4417 4418 while (bits >= 8) { 4419 if (*p1++ != *p2++) 4420 return 0; 4421 bits -= 8; 4422 } 4423 4424 if (bits > 0) { 4425 u_int8_t mask = ~((1<<(8-bits))-1); 4426 if ((*p1 & mask) != (*p2 & mask)) 4427 return 0; 4428 } 4429 return 1; /* Match! */ 4430 } 4431 4432 static void 4433 key_flush_spd(time_t now) 4434 { 4435 SPTREE_RLOCK_TRACKER; 4436 struct secpolicy_list drainq; 4437 struct secpolicy *sp, *nextsp; 4438 u_int dir; 4439 4440 LIST_INIT(&drainq); 4441 SPTREE_RLOCK(); 4442 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 4443 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 4444 if (sp->lifetime == 0 && sp->validtime == 0) 4445 continue; 4446 if ((sp->lifetime && 4447 now - sp->created > sp->lifetime) || 4448 (sp->validtime && 4449 now - sp->lastused > sp->validtime)) { 4450 /* Hold extra reference to send SPDEXPIRE */ 4451 SP_ADDREF(sp); 4452 LIST_INSERT_HEAD(&drainq, sp, drainq); 4453 } 4454 } 4455 } 4456 SPTREE_RUNLOCK(); 4457 if (LIST_EMPTY(&drainq)) 4458 return; 4459 4460 SPTREE_WLOCK(); 4461 sp = LIST_FIRST(&drainq); 4462 while (sp != NULL) { 4463 nextsp = LIST_NEXT(sp, drainq); 4464 /* Check that SP is still linked */ 4465 if (sp->state != IPSEC_SPSTATE_ALIVE) { 4466 LIST_REMOVE(sp, drainq); 4467 key_freesp(&sp); /* release extra reference */ 4468 sp = nextsp; 4469 continue; 4470 } 4471 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 4472 V_spd_size--; 4473 LIST_REMOVE(sp, idhash); 4474 sp->state = IPSEC_SPSTATE_DEAD; 4475 sp = nextsp; 4476 } 4477 V_sp_genid++; 4478 SPTREE_WUNLOCK(); 4479 if (SPDCACHE_ENABLED()) 4480 spdcache_clear(); 4481 4482 sp = LIST_FIRST(&drainq); 4483 while (sp != NULL) { 4484 nextsp = LIST_NEXT(sp, drainq); 4485 key_spdexpire(sp); 4486 key_freesp(&sp); /* release extra reference */ 4487 key_freesp(&sp); /* release last reference */ 4488 sp = nextsp; 4489 } 4490 } 4491 4492 static void 4493 key_flush_sad(time_t now) 4494 { 4495 SAHTREE_RLOCK_TRACKER; 4496 struct secashead_list emptyq; 4497 struct secasvar_list drainq, hexpireq, sexpireq, freeq; 4498 struct secashead *sah, *nextsah; 4499 struct secasvar *sav, *nextsav; 4500 4501 LIST_INIT(&drainq); 4502 LIST_INIT(&hexpireq); 4503 LIST_INIT(&sexpireq); 4504 LIST_INIT(&emptyq); 4505 4506 SAHTREE_RLOCK(); 4507 TAILQ_FOREACH(sah, &V_sahtree, chain) { 4508 /* Check for empty SAH */ 4509 if (TAILQ_EMPTY(&sah->savtree_larval) && 4510 TAILQ_EMPTY(&sah->savtree_alive)) { 4511 SAH_ADDREF(sah); 4512 LIST_INSERT_HEAD(&emptyq, sah, drainq); 4513 continue; 4514 } 4515 /* Add all stale LARVAL SAs into drainq */ 4516 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 4517 if (now - sav->created < V_key_larval_lifetime) 4518 continue; 4519 SAV_ADDREF(sav); 4520 LIST_INSERT_HEAD(&drainq, sav, drainq); 4521 } 4522 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 4523 /* lifetimes aren't specified */ 4524 if (sav->lft_h == NULL) 4525 continue; 4526 SECASVAR_LOCK(sav); 4527 /* 4528 * Check again with lock held, because it may 4529 * be updated by SADB_UPDATE. 4530 */ 4531 if (sav->lft_h == NULL) { 4532 SECASVAR_UNLOCK(sav); 4533 continue; 4534 } 4535 /* 4536 * RFC 2367: 4537 * HARD lifetimes MUST take precedence over SOFT 4538 * lifetimes, meaning if the HARD and SOFT lifetimes 4539 * are the same, the HARD lifetime will appear on the 4540 * EXPIRE message. 4541 */ 4542 /* check HARD lifetime */ 4543 if ((sav->lft_h->addtime != 0 && 4544 now - sav->created > sav->lft_h->addtime) || 4545 (sav->lft_h->usetime != 0 && sav->firstused && 4546 now - sav->firstused > sav->lft_h->usetime) || 4547 (sav->lft_h->bytes != 0 && counter_u64_fetch( 4548 sav->lft_c_bytes) > sav->lft_h->bytes)) { 4549 SECASVAR_UNLOCK(sav); 4550 SAV_ADDREF(sav); 4551 LIST_INSERT_HEAD(&hexpireq, sav, drainq); 4552 continue; 4553 } 4554 /* check SOFT lifetime (only for MATURE SAs) */ 4555 if (sav->state == SADB_SASTATE_MATURE && ( 4556 (sav->lft_s->addtime != 0 && 4557 now - sav->created > sav->lft_s->addtime) || 4558 (sav->lft_s->usetime != 0 && sav->firstused && 4559 now - sav->firstused > sav->lft_s->usetime) || 4560 (sav->lft_s->bytes != 0 && counter_u64_fetch( 4561 sav->lft_c_bytes) > sav->lft_s->bytes))) { 4562 SECASVAR_UNLOCK(sav); 4563 SAV_ADDREF(sav); 4564 LIST_INSERT_HEAD(&sexpireq, sav, drainq); 4565 continue; 4566 } 4567 SECASVAR_UNLOCK(sav); 4568 } 4569 } 4570 SAHTREE_RUNLOCK(); 4571 4572 if (LIST_EMPTY(&emptyq) && LIST_EMPTY(&drainq) && 4573 LIST_EMPTY(&hexpireq) && LIST_EMPTY(&sexpireq)) 4574 return; 4575 4576 LIST_INIT(&freeq); 4577 SAHTREE_WLOCK(); 4578 /* Unlink stale LARVAL SAs */ 4579 sav = LIST_FIRST(&drainq); 4580 while (sav != NULL) { 4581 nextsav = LIST_NEXT(sav, drainq); 4582 /* Check that SA is still LARVAL */ 4583 if (sav->state != SADB_SASTATE_LARVAL) { 4584 LIST_REMOVE(sav, drainq); 4585 LIST_INSERT_HEAD(&freeq, sav, drainq); 4586 sav = nextsav; 4587 continue; 4588 } 4589 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 4590 LIST_REMOVE(sav, spihash); 4591 sav->state = SADB_SASTATE_DEAD; 4592 sav = nextsav; 4593 } 4594 /* Unlink all SAs with expired HARD lifetime */ 4595 sav = LIST_FIRST(&hexpireq); 4596 while (sav != NULL) { 4597 nextsav = LIST_NEXT(sav, drainq); 4598 /* Check that SA is not unlinked */ 4599 if (sav->state == SADB_SASTATE_DEAD) { 4600 LIST_REMOVE(sav, drainq); 4601 LIST_INSERT_HEAD(&freeq, sav, drainq); 4602 sav = nextsav; 4603 continue; 4604 } 4605 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 4606 LIST_REMOVE(sav, spihash); 4607 sav->state = SADB_SASTATE_DEAD; 4608 sav = nextsav; 4609 } 4610 /* Mark all SAs with expired SOFT lifetime as DYING */ 4611 sav = LIST_FIRST(&sexpireq); 4612 while (sav != NULL) { 4613 nextsav = LIST_NEXT(sav, drainq); 4614 /* Check that SA is not unlinked */ 4615 if (sav->state == SADB_SASTATE_DEAD) { 4616 LIST_REMOVE(sav, drainq); 4617 LIST_INSERT_HEAD(&freeq, sav, drainq); 4618 sav = nextsav; 4619 continue; 4620 } 4621 /* 4622 * NOTE: this doesn't change SA order in the chain. 4623 */ 4624 sav->state = SADB_SASTATE_DYING; 4625 sav = nextsav; 4626 } 4627 /* Unlink empty SAHs */ 4628 sah = LIST_FIRST(&emptyq); 4629 while (sah != NULL) { 4630 nextsah = LIST_NEXT(sah, drainq); 4631 /* Check that SAH is still empty and not unlinked */ 4632 if (sah->state == SADB_SASTATE_DEAD || 4633 !TAILQ_EMPTY(&sah->savtree_larval) || 4634 !TAILQ_EMPTY(&sah->savtree_alive)) { 4635 LIST_REMOVE(sah, drainq); 4636 key_freesah(&sah); /* release extra reference */ 4637 sah = nextsah; 4638 continue; 4639 } 4640 TAILQ_REMOVE(&V_sahtree, sah, chain); 4641 LIST_REMOVE(sah, addrhash); 4642 sah->state = SADB_SASTATE_DEAD; 4643 sah = nextsah; 4644 } 4645 SAHTREE_WUNLOCK(); 4646 4647 /* Send SPDEXPIRE messages */ 4648 sav = LIST_FIRST(&hexpireq); 4649 while (sav != NULL) { 4650 nextsav = LIST_NEXT(sav, drainq); 4651 key_expire(sav, 1); 4652 key_freesah(&sav->sah); /* release reference from SAV */ 4653 key_freesav(&sav); /* release extra reference */ 4654 key_freesav(&sav); /* release last reference */ 4655 sav = nextsav; 4656 } 4657 sav = LIST_FIRST(&sexpireq); 4658 while (sav != NULL) { 4659 nextsav = LIST_NEXT(sav, drainq); 4660 key_expire(sav, 0); 4661 key_freesav(&sav); /* release extra reference */ 4662 sav = nextsav; 4663 } 4664 /* Free stale LARVAL SAs */ 4665 sav = LIST_FIRST(&drainq); 4666 while (sav != NULL) { 4667 nextsav = LIST_NEXT(sav, drainq); 4668 key_freesah(&sav->sah); /* release reference from SAV */ 4669 key_freesav(&sav); /* release extra reference */ 4670 key_freesav(&sav); /* release last reference */ 4671 sav = nextsav; 4672 } 4673 /* Free SAs that were unlinked/changed by someone else */ 4674 sav = LIST_FIRST(&freeq); 4675 while (sav != NULL) { 4676 nextsav = LIST_NEXT(sav, drainq); 4677 key_freesav(&sav); /* release extra reference */ 4678 sav = nextsav; 4679 } 4680 /* Free empty SAH */ 4681 sah = LIST_FIRST(&emptyq); 4682 while (sah != NULL) { 4683 nextsah = LIST_NEXT(sah, drainq); 4684 key_freesah(&sah); /* release extra reference */ 4685 key_freesah(&sah); /* release last reference */ 4686 sah = nextsah; 4687 } 4688 } 4689 4690 static void 4691 key_flush_acq(time_t now) 4692 { 4693 struct secacq *acq, *nextacq; 4694 4695 /* ACQ tree */ 4696 ACQ_LOCK(); 4697 acq = LIST_FIRST(&V_acqtree); 4698 while (acq != NULL) { 4699 nextacq = LIST_NEXT(acq, chain); 4700 if (now - acq->created > V_key_blockacq_lifetime) { 4701 LIST_REMOVE(acq, chain); 4702 LIST_REMOVE(acq, addrhash); 4703 LIST_REMOVE(acq, seqhash); 4704 free(acq, M_IPSEC_SAQ); 4705 } 4706 acq = nextacq; 4707 } 4708 ACQ_UNLOCK(); 4709 } 4710 4711 static void 4712 key_flush_spacq(time_t now) 4713 { 4714 struct secspacq *acq, *nextacq; 4715 4716 /* SP ACQ tree */ 4717 SPACQ_LOCK(); 4718 for (acq = LIST_FIRST(&V_spacqtree); acq != NULL; acq = nextacq) { 4719 nextacq = LIST_NEXT(acq, chain); 4720 if (now - acq->created > V_key_blockacq_lifetime 4721 && __LIST_CHAINED(acq)) { 4722 LIST_REMOVE(acq, chain); 4723 free(acq, M_IPSEC_SAQ); 4724 } 4725 } 4726 SPACQ_UNLOCK(); 4727 } 4728 4729 /* 4730 * time handler. 4731 * scanning SPD and SAD to check status for each entries, 4732 * and do to remove or to expire. 4733 * XXX: year 2038 problem may remain. 4734 */ 4735 static void 4736 key_timehandler(void *arg) 4737 { 4738 VNET_ITERATOR_DECL(vnet_iter); 4739 time_t now = time_second; 4740 4741 VNET_LIST_RLOCK_NOSLEEP(); 4742 VNET_FOREACH(vnet_iter) { 4743 CURVNET_SET(vnet_iter); 4744 key_flush_spd(now); 4745 key_flush_sad(now); 4746 key_flush_acq(now); 4747 key_flush_spacq(now); 4748 CURVNET_RESTORE(); 4749 } 4750 VNET_LIST_RUNLOCK_NOSLEEP(); 4751 4752 #ifndef IPSEC_DEBUG2 4753 /* do exchange to tick time !! */ 4754 callout_schedule(&key_timer, hz); 4755 #endif /* IPSEC_DEBUG2 */ 4756 } 4757 4758 u_long 4759 key_random() 4760 { 4761 u_long value; 4762 4763 arc4random_buf(&value, sizeof(value)); 4764 return value; 4765 } 4766 4767 /* 4768 * map SADB_SATYPE_* to IPPROTO_*. 4769 * if satype == SADB_SATYPE then satype is mapped to ~0. 4770 * OUT: 4771 * 0: invalid satype. 4772 */ 4773 static uint8_t 4774 key_satype2proto(uint8_t satype) 4775 { 4776 switch (satype) { 4777 case SADB_SATYPE_UNSPEC: 4778 return IPSEC_PROTO_ANY; 4779 case SADB_SATYPE_AH: 4780 return IPPROTO_AH; 4781 case SADB_SATYPE_ESP: 4782 return IPPROTO_ESP; 4783 case SADB_X_SATYPE_IPCOMP: 4784 return IPPROTO_IPCOMP; 4785 case SADB_X_SATYPE_TCPSIGNATURE: 4786 return IPPROTO_TCP; 4787 default: 4788 return 0; 4789 } 4790 /* NOTREACHED */ 4791 } 4792 4793 /* 4794 * map IPPROTO_* to SADB_SATYPE_* 4795 * OUT: 4796 * 0: invalid protocol type. 4797 */ 4798 static uint8_t 4799 key_proto2satype(uint8_t proto) 4800 { 4801 switch (proto) { 4802 case IPPROTO_AH: 4803 return SADB_SATYPE_AH; 4804 case IPPROTO_ESP: 4805 return SADB_SATYPE_ESP; 4806 case IPPROTO_IPCOMP: 4807 return SADB_X_SATYPE_IPCOMP; 4808 case IPPROTO_TCP: 4809 return SADB_X_SATYPE_TCPSIGNATURE; 4810 default: 4811 return 0; 4812 } 4813 /* NOTREACHED */ 4814 } 4815 4816 /* %%% PF_KEY */ 4817 /* 4818 * SADB_GETSPI processing is to receive 4819 * <base, (SA2), src address, dst address, (SPI range)> 4820 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND 4821 * tree with the status of LARVAL, and send 4822 * <base, SA(*), address(SD)> 4823 * to the IKMPd. 4824 * 4825 * IN: mhp: pointer to the pointer to each header. 4826 * OUT: NULL if fail. 4827 * other if success, return pointer to the message to send. 4828 */ 4829 static int 4830 key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 4831 { 4832 struct secasindex saidx; 4833 struct sadb_address *src0, *dst0; 4834 struct secasvar *sav; 4835 uint32_t reqid, spi; 4836 int error; 4837 uint8_t mode, proto; 4838 4839 IPSEC_ASSERT(so != NULL, ("null socket")); 4840 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4841 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4842 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4843 4844 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 4845 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) 4846 #ifdef PFKEY_STRICT_CHECKS 4847 || SADB_CHECKHDR(mhp, SADB_EXT_SPIRANGE) 4848 #endif 4849 ) { 4850 ipseclog((LOG_DEBUG, 4851 "%s: invalid message: missing required header.\n", 4852 __func__)); 4853 error = EINVAL; 4854 goto fail; 4855 } 4856 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 4857 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) 4858 #ifdef PFKEY_STRICT_CHECKS 4859 || SADB_CHECKLEN(mhp, SADB_EXT_SPIRANGE) 4860 #endif 4861 ) { 4862 ipseclog((LOG_DEBUG, 4863 "%s: invalid message: wrong header size.\n", __func__)); 4864 error = EINVAL; 4865 goto fail; 4866 } 4867 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 4868 mode = IPSEC_MODE_ANY; 4869 reqid = 0; 4870 } else { 4871 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 4872 ipseclog((LOG_DEBUG, 4873 "%s: invalid message: wrong header size.\n", 4874 __func__)); 4875 error = EINVAL; 4876 goto fail; 4877 } 4878 mode = ((struct sadb_x_sa2 *) 4879 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 4880 reqid = ((struct sadb_x_sa2 *) 4881 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 4882 } 4883 4884 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 4885 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 4886 4887 /* map satype to proto */ 4888 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 4889 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 4890 __func__)); 4891 error = EINVAL; 4892 goto fail; 4893 } 4894 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 4895 (struct sockaddr *)(dst0 + 1)); 4896 if (error != 0) { 4897 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 4898 error = EINVAL; 4899 goto fail; 4900 } 4901 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 4902 4903 /* SPI allocation */ 4904 spi = key_do_getnewspi( 4905 (struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], &saidx); 4906 if (spi == 0) { 4907 /* 4908 * Requested SPI or SPI range is not available or 4909 * already used. 4910 */ 4911 error = EEXIST; 4912 goto fail; 4913 } 4914 sav = key_newsav(mhp, &saidx, spi, &error); 4915 if (sav == NULL) 4916 goto fail; 4917 4918 if (sav->seq != 0) { 4919 /* 4920 * RFC2367: 4921 * If the SADB_GETSPI message is in response to a 4922 * kernel-generated SADB_ACQUIRE, the sadb_msg_seq 4923 * MUST be the same as the SADB_ACQUIRE message. 4924 * 4925 * XXXAE: However it doesn't definethe behaviour how to 4926 * check this and what to do if it doesn't match. 4927 * Also what we should do if it matches? 4928 * 4929 * We can compare saidx used in SADB_ACQUIRE with saidx 4930 * used in SADB_GETSPI, but this probably can break 4931 * existing software. For now just warn if it doesn't match. 4932 * 4933 * XXXAE: anyway it looks useless. 4934 */ 4935 key_acqdone(&saidx, sav->seq); 4936 } 4937 KEYDBG(KEY_STAMP, 4938 printf("%s: SA(%p)\n", __func__, sav)); 4939 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 4940 4941 { 4942 struct mbuf *n, *nn; 4943 struct sadb_sa *m_sa; 4944 struct sadb_msg *newmsg; 4945 int off, len; 4946 4947 /* create new sadb_msg to reply. */ 4948 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 4949 PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4950 4951 MGETHDR(n, M_NOWAIT, MT_DATA); 4952 if (len > MHLEN) { 4953 if (!(MCLGET(n, M_NOWAIT))) { 4954 m_freem(n); 4955 n = NULL; 4956 } 4957 } 4958 if (!n) { 4959 error = ENOBUFS; 4960 goto fail; 4961 } 4962 4963 n->m_len = len; 4964 n->m_next = NULL; 4965 off = 0; 4966 4967 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 4968 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 4969 4970 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off); 4971 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); 4972 m_sa->sadb_sa_exttype = SADB_EXT_SA; 4973 m_sa->sadb_sa_spi = spi; /* SPI is already in network byte order */ 4974 off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4975 4976 IPSEC_ASSERT(off == len, 4977 ("length inconsistency (off %u len %u)", off, len)); 4978 4979 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, 4980 SADB_EXT_ADDRESS_DST); 4981 if (!n->m_next) { 4982 m_freem(n); 4983 error = ENOBUFS; 4984 goto fail; 4985 } 4986 4987 if (n->m_len < sizeof(struct sadb_msg)) { 4988 n = m_pullup(n, sizeof(struct sadb_msg)); 4989 if (n == NULL) 4990 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 4991 } 4992 4993 n->m_pkthdr.len = 0; 4994 for (nn = n; nn; nn = nn->m_next) 4995 n->m_pkthdr.len += nn->m_len; 4996 4997 newmsg = mtod(n, struct sadb_msg *); 4998 newmsg->sadb_msg_seq = sav->seq; 4999 newmsg->sadb_msg_errno = 0; 5000 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5001 5002 m_freem(m); 5003 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 5004 } 5005 5006 fail: 5007 return (key_senderror(so, m, error)); 5008 } 5009 5010 /* 5011 * allocating new SPI 5012 * called by key_getspi(). 5013 * OUT: 5014 * 0: failure. 5015 * others: success, SPI in network byte order. 5016 */ 5017 static uint32_t 5018 key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx) 5019 { 5020 uint32_t min, max, newspi, t; 5021 int count = V_key_spi_trycnt; 5022 5023 /* set spi range to allocate */ 5024 if (spirange != NULL) { 5025 min = spirange->sadb_spirange_min; 5026 max = spirange->sadb_spirange_max; 5027 } else { 5028 min = V_key_spi_minval; 5029 max = V_key_spi_maxval; 5030 } 5031 /* IPCOMP needs 2-byte SPI */ 5032 if (saidx->proto == IPPROTO_IPCOMP) { 5033 if (min >= 0x10000) 5034 min = 0xffff; 5035 if (max >= 0x10000) 5036 max = 0xffff; 5037 if (min > max) { 5038 t = min; min = max; max = t; 5039 } 5040 } 5041 5042 if (min == max) { 5043 if (!key_checkspidup(htonl(min))) { 5044 ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n", 5045 __func__, min)); 5046 return 0; 5047 } 5048 5049 count--; /* taking one cost. */ 5050 newspi = min; 5051 } else { 5052 5053 /* init SPI */ 5054 newspi = 0; 5055 5056 /* when requesting to allocate spi ranged */ 5057 while (count--) { 5058 /* generate pseudo-random SPI value ranged. */ 5059 newspi = min + (key_random() % (max - min + 1)); 5060 if (!key_checkspidup(htonl(newspi))) 5061 break; 5062 } 5063 5064 if (count == 0 || newspi == 0) { 5065 ipseclog((LOG_DEBUG, 5066 "%s: failed to allocate SPI.\n", __func__)); 5067 return 0; 5068 } 5069 } 5070 5071 /* statistics */ 5072 keystat.getspi_count = 5073 (keystat.getspi_count + V_key_spi_trycnt - count) / 2; 5074 5075 return (htonl(newspi)); 5076 } 5077 5078 /* 5079 * Find TCP-MD5 SA with corresponding secasindex. 5080 * If not found, return NULL and fill SPI with usable value if needed. 5081 */ 5082 static struct secasvar * 5083 key_getsav_tcpmd5(struct secasindex *saidx, uint32_t *spi) 5084 { 5085 SAHTREE_RLOCK_TRACKER; 5086 struct secashead *sah; 5087 struct secasvar *sav; 5088 5089 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, ("wrong proto")); 5090 SAHTREE_RLOCK(); 5091 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 5092 if (sah->saidx.proto != IPPROTO_TCP) 5093 continue; 5094 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 5095 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 5096 break; 5097 } 5098 if (sah != NULL) { 5099 if (V_key_preferred_oldsa) 5100 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 5101 else 5102 sav = TAILQ_FIRST(&sah->savtree_alive); 5103 if (sav != NULL) { 5104 SAV_ADDREF(sav); 5105 SAHTREE_RUNLOCK(); 5106 return (sav); 5107 } 5108 } 5109 if (spi == NULL) { 5110 /* No SPI required */ 5111 SAHTREE_RUNLOCK(); 5112 return (NULL); 5113 } 5114 /* Check that SPI is unique */ 5115 LIST_FOREACH(sav, SAVHASH_HASH(*spi), spihash) { 5116 if (sav->spi == *spi) 5117 break; 5118 } 5119 if (sav == NULL) { 5120 SAHTREE_RUNLOCK(); 5121 /* SPI is already unique */ 5122 return (NULL); 5123 } 5124 SAHTREE_RUNLOCK(); 5125 /* XXX: not optimal */ 5126 *spi = key_do_getnewspi(NULL, saidx); 5127 return (NULL); 5128 } 5129 5130 static int 5131 key_updateaddresses(struct socket *so, struct mbuf *m, 5132 const struct sadb_msghdr *mhp, struct secasvar *sav, 5133 struct secasindex *saidx) 5134 { 5135 struct sockaddr *newaddr; 5136 struct secashead *sah; 5137 struct secasvar *newsav, *tmp; 5138 struct mbuf *n; 5139 int error, isnew; 5140 5141 /* Check that we need to change SAH */ 5142 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC)) { 5143 newaddr = (struct sockaddr *)( 5144 ((struct sadb_address *) 5145 mhp->ext[SADB_X_EXT_NEW_ADDRESS_SRC]) + 1); 5146 bcopy(newaddr, &saidx->src, newaddr->sa_len); 5147 key_porttosaddr(&saidx->src.sa, 0); 5148 } 5149 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5150 newaddr = (struct sockaddr *)( 5151 ((struct sadb_address *) 5152 mhp->ext[SADB_X_EXT_NEW_ADDRESS_DST]) + 1); 5153 bcopy(newaddr, &saidx->dst, newaddr->sa_len); 5154 key_porttosaddr(&saidx->dst.sa, 0); 5155 } 5156 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5157 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5158 error = key_checksockaddrs(&saidx->src.sa, &saidx->dst.sa); 5159 if (error != 0) { 5160 ipseclog((LOG_DEBUG, "%s: invalid new sockaddr.\n", 5161 __func__)); 5162 return (error); 5163 } 5164 5165 sah = key_getsah(saidx); 5166 if (sah == NULL) { 5167 /* create a new SA index */ 5168 sah = key_newsah(saidx); 5169 if (sah == NULL) { 5170 ipseclog((LOG_DEBUG, 5171 "%s: No more memory.\n", __func__)); 5172 return (ENOBUFS); 5173 } 5174 isnew = 2; /* SAH is new */ 5175 } else 5176 isnew = 1; /* existing SAH is referenced */ 5177 } else { 5178 /* 5179 * src and dst addresses are still the same. 5180 * Do we want to change NAT-T config? 5181 */ 5182 if (sav->sah->saidx.proto != IPPROTO_ESP || 5183 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5184 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) || 5185 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5186 ipseclog((LOG_DEBUG, 5187 "%s: invalid message: missing required header.\n", 5188 __func__)); 5189 return (EINVAL); 5190 } 5191 /* We hold reference to SA, thus SAH will be referenced too. */ 5192 sah = sav->sah; 5193 isnew = 0; 5194 } 5195 5196 newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, 5197 M_NOWAIT | M_ZERO); 5198 if (newsav == NULL) { 5199 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5200 error = ENOBUFS; 5201 goto fail; 5202 } 5203 5204 /* Clone SA's content into newsav */ 5205 SAV_INITREF(newsav); 5206 bcopy(sav, newsav, offsetof(struct secasvar, chain)); 5207 /* 5208 * We create new NAT-T config if it is needed. 5209 * Old NAT-T config will be freed by key_cleansav() when 5210 * last reference to SA will be released. 5211 */ 5212 newsav->natt = NULL; 5213 newsav->sah = sah; 5214 newsav->state = SADB_SASTATE_MATURE; 5215 error = key_setnatt(newsav, mhp); 5216 if (error != 0) 5217 goto fail; 5218 5219 SAHTREE_WLOCK(); 5220 /* Check that SA is still alive */ 5221 if (sav->state == SADB_SASTATE_DEAD) { 5222 /* SA was unlinked */ 5223 SAHTREE_WUNLOCK(); 5224 error = ESRCH; 5225 goto fail; 5226 } 5227 5228 /* Unlink SA from SAH and SPI hash */ 5229 IPSEC_ASSERT((sav->flags & SADB_X_EXT_F_CLONED) == 0, 5230 ("SA is already cloned")); 5231 IPSEC_ASSERT(sav->state == SADB_SASTATE_MATURE || 5232 sav->state == SADB_SASTATE_DYING, 5233 ("Wrong SA state %u\n", sav->state)); 5234 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 5235 LIST_REMOVE(sav, spihash); 5236 sav->state = SADB_SASTATE_DEAD; 5237 5238 /* 5239 * Link new SA with SAH. Keep SAs ordered by 5240 * create time (newer are first). 5241 */ 5242 TAILQ_FOREACH(tmp, &sah->savtree_alive, chain) { 5243 if (newsav->created > tmp->created) { 5244 TAILQ_INSERT_BEFORE(tmp, newsav, chain); 5245 break; 5246 } 5247 } 5248 if (tmp == NULL) 5249 TAILQ_INSERT_TAIL(&sah->savtree_alive, newsav, chain); 5250 5251 /* Add new SA into SPI hash. */ 5252 LIST_INSERT_HEAD(SAVHASH_HASH(newsav->spi), newsav, spihash); 5253 5254 /* Add new SAH into SADB. */ 5255 if (isnew == 2) { 5256 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 5257 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 5258 sah->state = SADB_SASTATE_MATURE; 5259 SAH_ADDREF(sah); /* newsav references new SAH */ 5260 } 5261 /* 5262 * isnew == 1 -> @sah was referenced by key_getsah(). 5263 * isnew == 0 -> we use the same @sah, that was used by @sav, 5264 * and we use its reference for @newsav. 5265 */ 5266 SECASVAR_LOCK(sav); 5267 /* XXX: replace cntr with pointer? */ 5268 newsav->cntr = sav->cntr; 5269 sav->flags |= SADB_X_EXT_F_CLONED; 5270 SECASVAR_UNLOCK(sav); 5271 5272 SAHTREE_WUNLOCK(); 5273 5274 KEYDBG(KEY_STAMP, 5275 printf("%s: SA(%p) cloned into SA(%p)\n", 5276 __func__, sav, newsav)); 5277 KEYDBG(KEY_DATA, kdebug_secasv(newsav)); 5278 5279 key_freesav(&sav); /* release last reference */ 5280 5281 /* set msg buf from mhp */ 5282 n = key_getmsgbuf_x1(m, mhp); 5283 if (n == NULL) { 5284 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5285 return (ENOBUFS); 5286 } 5287 m_freem(m); 5288 key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5289 return (0); 5290 fail: 5291 if (isnew != 0) 5292 key_freesah(&sah); 5293 if (newsav != NULL) { 5294 if (newsav->natt != NULL) 5295 free(newsav->natt, M_IPSEC_MISC); 5296 free(newsav, M_IPSEC_SA); 5297 } 5298 return (error); 5299 } 5300 5301 /* 5302 * SADB_UPDATE processing 5303 * receive 5304 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5305 * key(AE), (identity(SD),) (sensitivity)> 5306 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. 5307 * and send 5308 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5309 * (identity(SD),) (sensitivity)> 5310 * to the ikmpd. 5311 * 5312 * m will always be freed. 5313 */ 5314 static int 5315 key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5316 { 5317 struct secasindex saidx; 5318 struct sadb_address *src0, *dst0; 5319 struct sadb_sa *sa0; 5320 struct secasvar *sav; 5321 uint32_t reqid; 5322 int error; 5323 uint8_t mode, proto; 5324 5325 IPSEC_ASSERT(so != NULL, ("null socket")); 5326 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5327 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5328 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5329 5330 /* map satype to proto */ 5331 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5332 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5333 __func__)); 5334 return key_senderror(so, m, EINVAL); 5335 } 5336 5337 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5338 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5339 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5340 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5341 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5342 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5343 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5344 ipseclog((LOG_DEBUG, 5345 "%s: invalid message: missing required header.\n", 5346 __func__)); 5347 return key_senderror(so, m, EINVAL); 5348 } 5349 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5350 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5351 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5352 ipseclog((LOG_DEBUG, 5353 "%s: invalid message: wrong header size.\n", __func__)); 5354 return key_senderror(so, m, EINVAL); 5355 } 5356 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5357 mode = IPSEC_MODE_ANY; 5358 reqid = 0; 5359 } else { 5360 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5361 ipseclog((LOG_DEBUG, 5362 "%s: invalid message: wrong header size.\n", 5363 __func__)); 5364 return key_senderror(so, m, EINVAL); 5365 } 5366 mode = ((struct sadb_x_sa2 *) 5367 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5368 reqid = ((struct sadb_x_sa2 *) 5369 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5370 } 5371 5372 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5373 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5374 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5375 5376 /* 5377 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5378 * SADB_UPDATE message. 5379 */ 5380 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5381 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5382 #ifdef PFKEY_STRICT_CHECKS 5383 return key_senderror(so, m, EINVAL); 5384 #endif 5385 } 5386 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5387 (struct sockaddr *)(dst0 + 1)); 5388 if (error != 0) { 5389 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5390 return key_senderror(so, m, error); 5391 } 5392 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5393 sav = key_getsavbyspi(sa0->sadb_sa_spi); 5394 if (sav == NULL) { 5395 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u\n", 5396 __func__, ntohl(sa0->sadb_sa_spi))); 5397 return key_senderror(so, m, EINVAL); 5398 } 5399 /* 5400 * Check that SADB_UPDATE issued by the same process that did 5401 * SADB_GETSPI or SADB_ADD. 5402 */ 5403 if (sav->pid != mhp->msg->sadb_msg_pid) { 5404 ipseclog((LOG_DEBUG, 5405 "%s: pid mismatched (SPI %u, pid %u vs. %u)\n", __func__, 5406 ntohl(sav->spi), sav->pid, mhp->msg->sadb_msg_pid)); 5407 key_freesav(&sav); 5408 return key_senderror(so, m, EINVAL); 5409 } 5410 /* saidx should match with SA. */ 5411 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_MODE_REQID) == 0) { 5412 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u", 5413 __func__, ntohl(sav->spi))); 5414 key_freesav(&sav); 5415 return key_senderror(so, m, ESRCH); 5416 } 5417 5418 if (sav->state == SADB_SASTATE_LARVAL) { 5419 if ((mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5420 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) || 5421 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5422 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH))) { 5423 ipseclog((LOG_DEBUG, 5424 "%s: invalid message: missing required header.\n", 5425 __func__)); 5426 key_freesav(&sav); 5427 return key_senderror(so, m, EINVAL); 5428 } 5429 /* 5430 * We can set any values except src, dst and SPI. 5431 */ 5432 error = key_setsaval(sav, mhp); 5433 if (error != 0) { 5434 key_freesav(&sav); 5435 return (key_senderror(so, m, error)); 5436 } 5437 /* Change SA state to MATURE */ 5438 SAHTREE_WLOCK(); 5439 if (sav->state != SADB_SASTATE_LARVAL) { 5440 /* SA was deleted or another thread made it MATURE. */ 5441 SAHTREE_WUNLOCK(); 5442 key_freesav(&sav); 5443 return (key_senderror(so, m, ESRCH)); 5444 } 5445 /* 5446 * NOTE: we keep SAs in savtree_alive ordered by created 5447 * time. When SA's state changed from LARVAL to MATURE, 5448 * we update its created time in key_setsaval() and move 5449 * it into head of savtree_alive. 5450 */ 5451 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 5452 TAILQ_INSERT_HEAD(&sav->sah->savtree_alive, sav, chain); 5453 sav->state = SADB_SASTATE_MATURE; 5454 SAHTREE_WUNLOCK(); 5455 } else { 5456 /* 5457 * For DYING and MATURE SA we can change only state 5458 * and lifetimes. Report EINVAL if something else attempted 5459 * to change. 5460 */ 5461 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5462 !SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 5463 key_freesav(&sav); 5464 return (key_senderror(so, m, EINVAL)); 5465 } 5466 error = key_updatelifetimes(sav, mhp); 5467 if (error != 0) { 5468 key_freesav(&sav); 5469 return (key_senderror(so, m, error)); 5470 } 5471 /* 5472 * This is FreeBSD extension to RFC2367. 5473 * IKEd can specify SADB_X_EXT_NEW_ADDRESS_SRC and/or 5474 * SADB_X_EXT_NEW_ADDRESS_DST when it wants to change 5475 * SA addresses (for example to implement MOBIKE protocol 5476 * as described in RFC4555). Also we allow to change 5477 * NAT-T config. 5478 */ 5479 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5480 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST) || 5481 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5482 sav->natt != NULL) { 5483 error = key_updateaddresses(so, m, mhp, sav, &saidx); 5484 key_freesav(&sav); 5485 if (error != 0) 5486 return (key_senderror(so, m, error)); 5487 return (0); 5488 } 5489 /* Check that SA is still alive */ 5490 SAHTREE_WLOCK(); 5491 if (sav->state == SADB_SASTATE_DEAD) { 5492 /* SA was unlinked */ 5493 SAHTREE_WUNLOCK(); 5494 key_freesav(&sav); 5495 return (key_senderror(so, m, ESRCH)); 5496 } 5497 /* 5498 * NOTE: there is possible state moving from DYING to MATURE, 5499 * but this doesn't change created time, so we won't reorder 5500 * this SA. 5501 */ 5502 sav->state = SADB_SASTATE_MATURE; 5503 SAHTREE_WUNLOCK(); 5504 } 5505 KEYDBG(KEY_STAMP, 5506 printf("%s: SA(%p)\n", __func__, sav)); 5507 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5508 key_freesav(&sav); 5509 5510 { 5511 struct mbuf *n; 5512 5513 /* set msg buf from mhp */ 5514 n = key_getmsgbuf_x1(m, mhp); 5515 if (n == NULL) { 5516 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5517 return key_senderror(so, m, ENOBUFS); 5518 } 5519 5520 m_freem(m); 5521 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5522 } 5523 } 5524 5525 /* 5526 * SADB_ADD processing 5527 * add an entry to SA database, when received 5528 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5529 * key(AE), (identity(SD),) (sensitivity)> 5530 * from the ikmpd, 5531 * and send 5532 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5533 * (identity(SD),) (sensitivity)> 5534 * to the ikmpd. 5535 * 5536 * IGNORE identity and sensitivity messages. 5537 * 5538 * m will always be freed. 5539 */ 5540 static int 5541 key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5542 { 5543 struct secasindex saidx; 5544 struct sadb_address *src0, *dst0; 5545 struct sadb_sa *sa0; 5546 struct secasvar *sav; 5547 uint32_t reqid, spi; 5548 uint8_t mode, proto; 5549 int error; 5550 5551 IPSEC_ASSERT(so != NULL, ("null socket")); 5552 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5553 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5554 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5555 5556 /* map satype to proto */ 5557 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5558 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5559 __func__)); 5560 return key_senderror(so, m, EINVAL); 5561 } 5562 5563 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5564 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5565 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5566 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && ( 5567 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5568 SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT))) || 5569 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && ( 5570 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH) || 5571 SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH))) || 5572 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5573 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5574 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5575 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5576 ipseclog((LOG_DEBUG, 5577 "%s: invalid message: missing required header.\n", 5578 __func__)); 5579 return key_senderror(so, m, EINVAL); 5580 } 5581 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5582 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5583 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5584 ipseclog((LOG_DEBUG, 5585 "%s: invalid message: wrong header size.\n", __func__)); 5586 return key_senderror(so, m, EINVAL); 5587 } 5588 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5589 mode = IPSEC_MODE_ANY; 5590 reqid = 0; 5591 } else { 5592 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5593 ipseclog((LOG_DEBUG, 5594 "%s: invalid message: wrong header size.\n", 5595 __func__)); 5596 return key_senderror(so, m, EINVAL); 5597 } 5598 mode = ((struct sadb_x_sa2 *) 5599 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5600 reqid = ((struct sadb_x_sa2 *) 5601 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5602 } 5603 5604 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5605 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 5606 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 5607 5608 /* 5609 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5610 * SADB_ADD message. 5611 */ 5612 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5613 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5614 #ifdef PFKEY_STRICT_CHECKS 5615 return key_senderror(so, m, EINVAL); 5616 #endif 5617 } 5618 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5619 (struct sockaddr *)(dst0 + 1)); 5620 if (error != 0) { 5621 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5622 return key_senderror(so, m, error); 5623 } 5624 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5625 spi = sa0->sadb_sa_spi; 5626 /* 5627 * For TCP-MD5 SAs we don't use SPI. Check the uniqueness using 5628 * secasindex. 5629 * XXXAE: IPComp seems also doesn't use SPI. 5630 */ 5631 if (proto == IPPROTO_TCP) { 5632 sav = key_getsav_tcpmd5(&saidx, &spi); 5633 if (sav == NULL && spi == 0) { 5634 /* Failed to allocate SPI */ 5635 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", 5636 __func__)); 5637 return key_senderror(so, m, EEXIST); 5638 } 5639 /* XXX: SPI that we report back can have another value */ 5640 } else { 5641 /* We can create new SA only if SPI is different. */ 5642 sav = key_getsavbyspi(spi); 5643 } 5644 if (sav != NULL) { 5645 key_freesav(&sav); 5646 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__)); 5647 return key_senderror(so, m, EEXIST); 5648 } 5649 5650 sav = key_newsav(mhp, &saidx, spi, &error); 5651 if (sav == NULL) 5652 return key_senderror(so, m, error); 5653 KEYDBG(KEY_STAMP, 5654 printf("%s: return SA(%p)\n", __func__, sav)); 5655 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5656 /* 5657 * If SADB_ADD was in response to SADB_ACQUIRE, we need to schedule 5658 * ACQ for deletion. 5659 */ 5660 if (sav->seq != 0) 5661 key_acqdone(&saidx, sav->seq); 5662 5663 { 5664 /* 5665 * Don't call key_freesav() on error here, as we would like to 5666 * keep the SA in the database. 5667 */ 5668 struct mbuf *n; 5669 5670 /* set msg buf from mhp */ 5671 n = key_getmsgbuf_x1(m, mhp); 5672 if (n == NULL) { 5673 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5674 return key_senderror(so, m, ENOBUFS); 5675 } 5676 5677 m_freem(m); 5678 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5679 } 5680 } 5681 5682 /* 5683 * NAT-T support. 5684 * IKEd may request the use ESP in UDP encapsulation when it detects the 5685 * presence of NAT. It uses NAT-T extension headers for such SAs to specify 5686 * parameters needed for encapsulation and decapsulation. These PF_KEY 5687 * extension headers are not standardized, so this comment addresses our 5688 * implementation. 5689 * SADB_X_EXT_NAT_T_TYPE specifies type of encapsulation, we support only 5690 * UDP_ENCAP_ESPINUDP as described in RFC3948. 5691 * SADB_X_EXT_NAT_T_SPORT/DPORT specifies source and destination ports for 5692 * UDP header. We use these ports in UDP encapsulation procedure, also we 5693 * can check them in UDP decapsulation procedure. 5694 * SADB_X_EXT_NAT_T_OA[IR] specifies original address of initiator or 5695 * responder. These addresses can be used for transport mode to adjust 5696 * checksum after decapsulation and decryption. Since original IP addresses 5697 * used by peer usually different (we detected presence of NAT), TCP/UDP 5698 * pseudo header checksum and IP header checksum was calculated using original 5699 * addresses. After decapsulation and decryption we need to adjust checksum 5700 * to have correct datagram. 5701 * 5702 * We expect presence of NAT-T extension headers only in SADB_ADD and 5703 * SADB_UPDATE messages. We report NAT-T extension headers in replies 5704 * to SADB_ADD, SADB_UPDATE, SADB_GET, and SADB_DUMP messages. 5705 */ 5706 static int 5707 key_setnatt(struct secasvar *sav, const struct sadb_msghdr *mhp) 5708 { 5709 struct sadb_x_nat_t_port *port; 5710 struct sadb_x_nat_t_type *type; 5711 struct sadb_address *oai, *oar; 5712 struct sockaddr *sa; 5713 uint32_t addr; 5714 uint16_t cksum; 5715 5716 IPSEC_ASSERT(sav->natt == NULL, ("natt is already initialized")); 5717 /* 5718 * Ignore NAT-T headers if sproto isn't ESP. 5719 */ 5720 if (sav->sah->saidx.proto != IPPROTO_ESP) 5721 return (0); 5722 5723 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) && 5724 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) && 5725 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5726 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_TYPE) || 5727 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_SPORT) || 5728 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5729 ipseclog((LOG_DEBUG, 5730 "%s: invalid message: wrong header size.\n", 5731 __func__)); 5732 return (EINVAL); 5733 } 5734 } else 5735 return (0); 5736 5737 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5738 if (type->sadb_x_nat_t_type_type != UDP_ENCAP_ESPINUDP) { 5739 ipseclog((LOG_DEBUG, "%s: unsupported NAT-T type %u.\n", 5740 __func__, type->sadb_x_nat_t_type_type)); 5741 return (EINVAL); 5742 } 5743 /* 5744 * Allocate storage for NAT-T config. 5745 * On error it will be released by key_cleansav(). 5746 */ 5747 sav->natt = malloc(sizeof(struct secnatt), M_IPSEC_MISC, 5748 M_NOWAIT | M_ZERO); 5749 if (sav->natt == NULL) { 5750 PFKEYSTAT_INC(in_nomem); 5751 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5752 return (ENOBUFS); 5753 } 5754 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5755 if (port->sadb_x_nat_t_port_port == 0) { 5756 ipseclog((LOG_DEBUG, "%s: invalid NAT-T sport specified.\n", 5757 __func__)); 5758 return (EINVAL); 5759 } 5760 sav->natt->sport = port->sadb_x_nat_t_port_port; 5761 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5762 if (port->sadb_x_nat_t_port_port == 0) { 5763 ipseclog((LOG_DEBUG, "%s: invalid NAT-T dport specified.\n", 5764 __func__)); 5765 return (EINVAL); 5766 } 5767 sav->natt->dport = port->sadb_x_nat_t_port_port; 5768 5769 /* 5770 * SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR are optional 5771 * and needed only for transport mode IPsec. 5772 * Usually NAT translates only one address, but it is possible, 5773 * that both addresses could be translated. 5774 * NOTE: Value of SADB_X_EXT_NAT_T_OAI is equal to SADB_X_EXT_NAT_T_OA. 5775 */ 5776 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAI)) { 5777 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAI)) { 5778 ipseclog((LOG_DEBUG, 5779 "%s: invalid message: wrong header size.\n", 5780 __func__)); 5781 return (EINVAL); 5782 } 5783 oai = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI]; 5784 } else 5785 oai = NULL; 5786 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAR)) { 5787 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAR)) { 5788 ipseclog((LOG_DEBUG, 5789 "%s: invalid message: wrong header size.\n", 5790 __func__)); 5791 return (EINVAL); 5792 } 5793 oar = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR]; 5794 } else 5795 oar = NULL; 5796 5797 /* Initialize addresses only for transport mode */ 5798 if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) { 5799 cksum = 0; 5800 if (oai != NULL) { 5801 /* Currently we support only AF_INET */ 5802 sa = (struct sockaddr *)(oai + 1); 5803 if (sa->sa_family != AF_INET || 5804 sa->sa_len != sizeof(struct sockaddr_in)) { 5805 ipseclog((LOG_DEBUG, 5806 "%s: wrong NAT-OAi header.\n", 5807 __func__)); 5808 return (EINVAL); 5809 } 5810 /* Ignore address if it the same */ 5811 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5812 sav->sah->saidx.src.sin.sin_addr.s_addr) { 5813 bcopy(sa, &sav->natt->oai.sa, sa->sa_len); 5814 sav->natt->flags |= IPSEC_NATT_F_OAI; 5815 /* Calculate checksum delta */ 5816 addr = sav->sah->saidx.src.sin.sin_addr.s_addr; 5817 cksum = in_addword(cksum, ~addr >> 16); 5818 cksum = in_addword(cksum, ~addr & 0xffff); 5819 addr = sav->natt->oai.sin.sin_addr.s_addr; 5820 cksum = in_addword(cksum, addr >> 16); 5821 cksum = in_addword(cksum, addr & 0xffff); 5822 } 5823 } 5824 if (oar != NULL) { 5825 /* Currently we support only AF_INET */ 5826 sa = (struct sockaddr *)(oar + 1); 5827 if (sa->sa_family != AF_INET || 5828 sa->sa_len != sizeof(struct sockaddr_in)) { 5829 ipseclog((LOG_DEBUG, 5830 "%s: wrong NAT-OAr header.\n", 5831 __func__)); 5832 return (EINVAL); 5833 } 5834 /* Ignore address if it the same */ 5835 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5836 sav->sah->saidx.dst.sin.sin_addr.s_addr) { 5837 bcopy(sa, &sav->natt->oar.sa, sa->sa_len); 5838 sav->natt->flags |= IPSEC_NATT_F_OAR; 5839 /* Calculate checksum delta */ 5840 addr = sav->sah->saidx.dst.sin.sin_addr.s_addr; 5841 cksum = in_addword(cksum, ~addr >> 16); 5842 cksum = in_addword(cksum, ~addr & 0xffff); 5843 addr = sav->natt->oar.sin.sin_addr.s_addr; 5844 cksum = in_addword(cksum, addr >> 16); 5845 cksum = in_addword(cksum, addr & 0xffff); 5846 } 5847 } 5848 sav->natt->cksum = cksum; 5849 } 5850 return (0); 5851 } 5852 5853 static int 5854 key_setident(struct secashead *sah, const struct sadb_msghdr *mhp) 5855 { 5856 const struct sadb_ident *idsrc, *iddst; 5857 5858 IPSEC_ASSERT(sah != NULL, ("null secashead")); 5859 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5860 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5861 5862 /* don't make buffer if not there */ 5863 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) && 5864 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5865 sah->idents = NULL; 5866 sah->identd = NULL; 5867 return (0); 5868 } 5869 5870 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) || 5871 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5872 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__)); 5873 return (EINVAL); 5874 } 5875 5876 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC]; 5877 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST]; 5878 5879 /* validity check */ 5880 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { 5881 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__)); 5882 return EINVAL; 5883 } 5884 5885 switch (idsrc->sadb_ident_type) { 5886 case SADB_IDENTTYPE_PREFIX: 5887 case SADB_IDENTTYPE_FQDN: 5888 case SADB_IDENTTYPE_USERFQDN: 5889 default: 5890 /* XXX do nothing */ 5891 sah->idents = NULL; 5892 sah->identd = NULL; 5893 return 0; 5894 } 5895 5896 /* make structure */ 5897 sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5898 if (sah->idents == NULL) { 5899 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5900 return ENOBUFS; 5901 } 5902 sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5903 if (sah->identd == NULL) { 5904 free(sah->idents, M_IPSEC_MISC); 5905 sah->idents = NULL; 5906 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5907 return ENOBUFS; 5908 } 5909 sah->idents->type = idsrc->sadb_ident_type; 5910 sah->idents->id = idsrc->sadb_ident_id; 5911 5912 sah->identd->type = iddst->sadb_ident_type; 5913 sah->identd->id = iddst->sadb_ident_id; 5914 5915 return 0; 5916 } 5917 5918 /* 5919 * m will not be freed on return. 5920 * it is caller's responsibility to free the result. 5921 * 5922 * Called from SADB_ADD and SADB_UPDATE. Reply will contain headers 5923 * from the request in defined order. 5924 */ 5925 static struct mbuf * 5926 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp) 5927 { 5928 struct mbuf *n; 5929 5930 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5931 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5932 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5933 5934 /* create new sadb_msg to reply. */ 5935 n = key_gather_mbuf(m, mhp, 1, 16, SADB_EXT_RESERVED, 5936 SADB_EXT_SA, SADB_X_EXT_SA2, 5937 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, 5938 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 5939 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 5940 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT, 5941 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, 5942 SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NEW_ADDRESS_SRC, 5943 SADB_X_EXT_NEW_ADDRESS_DST); 5944 if (!n) 5945 return NULL; 5946 5947 if (n->m_len < sizeof(struct sadb_msg)) { 5948 n = m_pullup(n, sizeof(struct sadb_msg)); 5949 if (n == NULL) 5950 return NULL; 5951 } 5952 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; 5953 mtod(n, struct sadb_msg *)->sadb_msg_len = 5954 PFKEY_UNIT64(n->m_pkthdr.len); 5955 5956 return n; 5957 } 5958 5959 /* 5960 * SADB_DELETE processing 5961 * receive 5962 * <base, SA(*), address(SD)> 5963 * from the ikmpd, and set SADB_SASTATE_DEAD, 5964 * and send, 5965 * <base, SA(*), address(SD)> 5966 * to the ikmpd. 5967 * 5968 * m will always be freed. 5969 */ 5970 static int 5971 key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5972 { 5973 struct secasindex saidx; 5974 struct sadb_address *src0, *dst0; 5975 struct secasvar *sav; 5976 struct sadb_sa *sa0; 5977 uint8_t proto; 5978 5979 IPSEC_ASSERT(so != NULL, ("null socket")); 5980 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5981 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5982 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5983 5984 /* map satype to proto */ 5985 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5986 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5987 __func__)); 5988 return key_senderror(so, m, EINVAL); 5989 } 5990 5991 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5992 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5993 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5994 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5995 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5996 __func__)); 5997 return key_senderror(so, m, EINVAL); 5998 } 5999 6000 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 6001 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 6002 6003 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6004 (struct sockaddr *)(dst0 + 1)) != 0) { 6005 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6006 return (key_senderror(so, m, EINVAL)); 6007 } 6008 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6009 if (SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 6010 /* 6011 * Caller wants us to delete all non-LARVAL SAs 6012 * that match the src/dst. This is used during 6013 * IKE INITIAL-CONTACT. 6014 * XXXAE: this looks like some extension to RFC2367. 6015 */ 6016 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__)); 6017 return (key_delete_all(so, m, mhp, &saidx)); 6018 } 6019 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 6020 ipseclog((LOG_DEBUG, 6021 "%s: invalid message: wrong header size.\n", __func__)); 6022 return (key_senderror(so, m, EINVAL)); 6023 } 6024 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6025 if (proto == IPPROTO_TCP) 6026 sav = key_getsav_tcpmd5(&saidx, NULL); 6027 else 6028 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6029 if (sav == NULL) { 6030 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u.\n", 6031 __func__, ntohl(sa0->sadb_sa_spi))); 6032 return (key_senderror(so, m, ESRCH)); 6033 } 6034 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6035 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6036 __func__, ntohl(sav->spi))); 6037 key_freesav(&sav); 6038 return (key_senderror(so, m, ESRCH)); 6039 } 6040 KEYDBG(KEY_STAMP, 6041 printf("%s: SA(%p)\n", __func__, sav)); 6042 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6043 key_unlinksav(sav); 6044 key_freesav(&sav); 6045 6046 { 6047 struct mbuf *n; 6048 struct sadb_msg *newmsg; 6049 6050 /* create new sadb_msg to reply. */ 6051 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 6052 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6053 if (!n) 6054 return key_senderror(so, m, ENOBUFS); 6055 6056 if (n->m_len < sizeof(struct sadb_msg)) { 6057 n = m_pullup(n, sizeof(struct sadb_msg)); 6058 if (n == NULL) 6059 return key_senderror(so, m, ENOBUFS); 6060 } 6061 newmsg = mtod(n, struct sadb_msg *); 6062 newmsg->sadb_msg_errno = 0; 6063 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6064 6065 m_freem(m); 6066 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6067 } 6068 } 6069 6070 /* 6071 * delete all SAs for src/dst. Called from key_delete(). 6072 */ 6073 static int 6074 key_delete_all(struct socket *so, struct mbuf *m, 6075 const struct sadb_msghdr *mhp, struct secasindex *saidx) 6076 { 6077 struct secasvar_queue drainq; 6078 struct secashead *sah; 6079 struct secasvar *sav, *nextsav; 6080 6081 TAILQ_INIT(&drainq); 6082 SAHTREE_WLOCK(); 6083 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 6084 if (key_cmpsaidx(&sah->saidx, saidx, CMP_HEAD) == 0) 6085 continue; 6086 /* Move all ALIVE SAs into drainq */ 6087 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6088 } 6089 /* Unlink all queued SAs from SPI hash */ 6090 TAILQ_FOREACH(sav, &drainq, chain) { 6091 sav->state = SADB_SASTATE_DEAD; 6092 LIST_REMOVE(sav, spihash); 6093 } 6094 SAHTREE_WUNLOCK(); 6095 /* Now we can release reference for all SAs in drainq */ 6096 sav = TAILQ_FIRST(&drainq); 6097 while (sav != NULL) { 6098 KEYDBG(KEY_STAMP, 6099 printf("%s: SA(%p)\n", __func__, sav)); 6100 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6101 nextsav = TAILQ_NEXT(sav, chain); 6102 key_freesah(&sav->sah); /* release reference from SAV */ 6103 key_freesav(&sav); /* release last reference */ 6104 sav = nextsav; 6105 } 6106 6107 { 6108 struct mbuf *n; 6109 struct sadb_msg *newmsg; 6110 6111 /* create new sadb_msg to reply. */ 6112 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, 6113 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6114 if (!n) 6115 return key_senderror(so, m, ENOBUFS); 6116 6117 if (n->m_len < sizeof(struct sadb_msg)) { 6118 n = m_pullup(n, sizeof(struct sadb_msg)); 6119 if (n == NULL) 6120 return key_senderror(so, m, ENOBUFS); 6121 } 6122 newmsg = mtod(n, struct sadb_msg *); 6123 newmsg->sadb_msg_errno = 0; 6124 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6125 6126 m_freem(m); 6127 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6128 } 6129 } 6130 6131 /* 6132 * Delete all alive SAs for corresponding xform. 6133 * Larval SAs have not initialized tdb_xform, so it is safe to leave them 6134 * here when xform disappears. 6135 */ 6136 void 6137 key_delete_xform(const struct xformsw *xsp) 6138 { 6139 struct secasvar_queue drainq; 6140 struct secashead *sah; 6141 struct secasvar *sav, *nextsav; 6142 6143 TAILQ_INIT(&drainq); 6144 SAHTREE_WLOCK(); 6145 TAILQ_FOREACH(sah, &V_sahtree, chain) { 6146 sav = TAILQ_FIRST(&sah->savtree_alive); 6147 if (sav == NULL) 6148 continue; 6149 if (sav->tdb_xform != xsp) 6150 continue; 6151 /* 6152 * It is supposed that all SAs in the chain are related to 6153 * one xform. 6154 */ 6155 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6156 } 6157 /* Unlink all queued SAs from SPI hash */ 6158 TAILQ_FOREACH(sav, &drainq, chain) { 6159 sav->state = SADB_SASTATE_DEAD; 6160 LIST_REMOVE(sav, spihash); 6161 } 6162 SAHTREE_WUNLOCK(); 6163 6164 /* Now we can release reference for all SAs in drainq */ 6165 sav = TAILQ_FIRST(&drainq); 6166 while (sav != NULL) { 6167 KEYDBG(KEY_STAMP, 6168 printf("%s: SA(%p)\n", __func__, sav)); 6169 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6170 nextsav = TAILQ_NEXT(sav, chain); 6171 key_freesah(&sav->sah); /* release reference from SAV */ 6172 key_freesav(&sav); /* release last reference */ 6173 sav = nextsav; 6174 } 6175 } 6176 6177 /* 6178 * SADB_GET processing 6179 * receive 6180 * <base, SA(*), address(SD)> 6181 * from the ikmpd, and get a SP and a SA to respond, 6182 * and send, 6183 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), 6184 * (identity(SD),) (sensitivity)> 6185 * to the ikmpd. 6186 * 6187 * m will always be freed. 6188 */ 6189 static int 6190 key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6191 { 6192 struct secasindex saidx; 6193 struct sadb_address *src0, *dst0; 6194 struct sadb_sa *sa0; 6195 struct secasvar *sav; 6196 uint8_t proto; 6197 6198 IPSEC_ASSERT(so != NULL, ("null socket")); 6199 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6200 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6201 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6202 6203 /* map satype to proto */ 6204 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6205 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6206 __func__)); 6207 return key_senderror(so, m, EINVAL); 6208 } 6209 6210 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 6211 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6212 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST)) { 6213 ipseclog((LOG_DEBUG, 6214 "%s: invalid message: missing required header.\n", 6215 __func__)); 6216 return key_senderror(so, m, EINVAL); 6217 } 6218 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 6219 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6220 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6221 ipseclog((LOG_DEBUG, 6222 "%s: invalid message: wrong header size.\n", __func__)); 6223 return key_senderror(so, m, EINVAL); 6224 } 6225 6226 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6227 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 6228 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 6229 6230 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6231 (struct sockaddr *)(dst0 + 1)) != 0) { 6232 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6233 return key_senderror(so, m, EINVAL); 6234 } 6235 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6236 6237 if (proto == IPPROTO_TCP) 6238 sav = key_getsav_tcpmd5(&saidx, NULL); 6239 else 6240 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6241 if (sav == NULL) { 6242 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); 6243 return key_senderror(so, m, ESRCH); 6244 } 6245 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6246 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6247 __func__, ntohl(sa0->sadb_sa_spi))); 6248 key_freesav(&sav); 6249 return (key_senderror(so, m, ESRCH)); 6250 } 6251 6252 { 6253 struct mbuf *n; 6254 uint8_t satype; 6255 6256 /* map proto to satype */ 6257 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { 6258 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n", 6259 __func__)); 6260 key_freesav(&sav); 6261 return key_senderror(so, m, EINVAL); 6262 } 6263 6264 /* create new sadb_msg to reply. */ 6265 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, 6266 mhp->msg->sadb_msg_pid); 6267 6268 key_freesav(&sav); 6269 if (!n) 6270 return key_senderror(so, m, ENOBUFS); 6271 6272 m_freem(m); 6273 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 6274 } 6275 } 6276 6277 /* XXX make it sysctl-configurable? */ 6278 static void 6279 key_getcomb_setlifetime(struct sadb_comb *comb) 6280 { 6281 6282 comb->sadb_comb_soft_allocations = 1; 6283 comb->sadb_comb_hard_allocations = 1; 6284 comb->sadb_comb_soft_bytes = 0; 6285 comb->sadb_comb_hard_bytes = 0; 6286 comb->sadb_comb_hard_addtime = 86400; /* 1 day */ 6287 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; 6288 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */ 6289 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100; 6290 } 6291 6292 /* 6293 * XXX reorder combinations by preference 6294 * XXX no idea if the user wants ESP authentication or not 6295 */ 6296 static struct mbuf * 6297 key_getcomb_ealg(void) 6298 { 6299 struct sadb_comb *comb; 6300 const struct enc_xform *algo; 6301 struct mbuf *result = NULL, *m, *n; 6302 int encmin; 6303 int i, off, o; 6304 int totlen; 6305 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6306 6307 m = NULL; 6308 for (i = 1; i <= SADB_EALG_MAX; i++) { 6309 algo = enc_algorithm_lookup(i); 6310 if (algo == NULL) 6311 continue; 6312 6313 /* discard algorithms with key size smaller than system min */ 6314 if (_BITS(algo->maxkey) < V_ipsec_esp_keymin) 6315 continue; 6316 if (_BITS(algo->minkey) < V_ipsec_esp_keymin) 6317 encmin = V_ipsec_esp_keymin; 6318 else 6319 encmin = _BITS(algo->minkey); 6320 6321 if (V_ipsec_esp_auth) 6322 m = key_getcomb_ah(); 6323 else { 6324 IPSEC_ASSERT(l <= MLEN, 6325 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6326 MGET(m, M_NOWAIT, MT_DATA); 6327 if (m) { 6328 M_ALIGN(m, l); 6329 m->m_len = l; 6330 m->m_next = NULL; 6331 bzero(mtod(m, caddr_t), m->m_len); 6332 } 6333 } 6334 if (!m) 6335 goto fail; 6336 6337 totlen = 0; 6338 for (n = m; n; n = n->m_next) 6339 totlen += n->m_len; 6340 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l)); 6341 6342 for (off = 0; off < totlen; off += l) { 6343 n = m_pulldown(m, off, l, &o); 6344 if (!n) { 6345 /* m is already freed */ 6346 goto fail; 6347 } 6348 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o); 6349 bzero(comb, sizeof(*comb)); 6350 key_getcomb_setlifetime(comb); 6351 comb->sadb_comb_encrypt = i; 6352 comb->sadb_comb_encrypt_minbits = encmin; 6353 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey); 6354 } 6355 6356 if (!result) 6357 result = m; 6358 else 6359 m_cat(result, m); 6360 } 6361 6362 return result; 6363 6364 fail: 6365 if (result) 6366 m_freem(result); 6367 return NULL; 6368 } 6369 6370 static void 6371 key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min, 6372 u_int16_t* max) 6373 { 6374 6375 *min = *max = ah->hashsize; 6376 if (ah->keysize == 0) { 6377 /* 6378 * Transform takes arbitrary key size but algorithm 6379 * key size is restricted. Enforce this here. 6380 */ 6381 switch (alg) { 6382 case SADB_X_AALG_MD5: *min = *max = 16; break; 6383 case SADB_X_AALG_SHA: *min = *max = 20; break; 6384 case SADB_X_AALG_NULL: *min = 1; *max = 256; break; 6385 case SADB_X_AALG_SHA2_256: *min = *max = 32; break; 6386 case SADB_X_AALG_SHA2_384: *min = *max = 48; break; 6387 case SADB_X_AALG_SHA2_512: *min = *max = 64; break; 6388 default: 6389 DPRINTF(("%s: unknown AH algorithm %u\n", 6390 __func__, alg)); 6391 break; 6392 } 6393 } 6394 } 6395 6396 /* 6397 * XXX reorder combinations by preference 6398 */ 6399 static struct mbuf * 6400 key_getcomb_ah() 6401 { 6402 const struct auth_hash *algo; 6403 struct sadb_comb *comb; 6404 struct mbuf *m; 6405 u_int16_t minkeysize, maxkeysize; 6406 int i; 6407 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6408 6409 m = NULL; 6410 for (i = 1; i <= SADB_AALG_MAX; i++) { 6411 #if 1 6412 /* we prefer HMAC algorithms, not old algorithms */ 6413 if (i != SADB_AALG_SHA1HMAC && 6414 i != SADB_AALG_MD5HMAC && 6415 i != SADB_X_AALG_SHA2_256 && 6416 i != SADB_X_AALG_SHA2_384 && 6417 i != SADB_X_AALG_SHA2_512) 6418 continue; 6419 #endif 6420 algo = auth_algorithm_lookup(i); 6421 if (!algo) 6422 continue; 6423 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize); 6424 /* discard algorithms with key size smaller than system min */ 6425 if (_BITS(minkeysize) < V_ipsec_ah_keymin) 6426 continue; 6427 6428 if (!m) { 6429 IPSEC_ASSERT(l <= MLEN, 6430 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6431 MGET(m, M_NOWAIT, MT_DATA); 6432 if (m) { 6433 M_ALIGN(m, l); 6434 m->m_len = l; 6435 m->m_next = NULL; 6436 } 6437 } else 6438 M_PREPEND(m, l, M_NOWAIT); 6439 if (!m) 6440 return NULL; 6441 6442 comb = mtod(m, struct sadb_comb *); 6443 bzero(comb, sizeof(*comb)); 6444 key_getcomb_setlifetime(comb); 6445 comb->sadb_comb_auth = i; 6446 comb->sadb_comb_auth_minbits = _BITS(minkeysize); 6447 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize); 6448 } 6449 6450 return m; 6451 } 6452 6453 /* 6454 * not really an official behavior. discussed in pf_key@inner.net in Sep2000. 6455 * XXX reorder combinations by preference 6456 */ 6457 static struct mbuf * 6458 key_getcomb_ipcomp() 6459 { 6460 const struct comp_algo *algo; 6461 struct sadb_comb *comb; 6462 struct mbuf *m; 6463 int i; 6464 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6465 6466 m = NULL; 6467 for (i = 1; i <= SADB_X_CALG_MAX; i++) { 6468 algo = comp_algorithm_lookup(i); 6469 if (!algo) 6470 continue; 6471 6472 if (!m) { 6473 IPSEC_ASSERT(l <= MLEN, 6474 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6475 MGET(m, M_NOWAIT, MT_DATA); 6476 if (m) { 6477 M_ALIGN(m, l); 6478 m->m_len = l; 6479 m->m_next = NULL; 6480 } 6481 } else 6482 M_PREPEND(m, l, M_NOWAIT); 6483 if (!m) 6484 return NULL; 6485 6486 comb = mtod(m, struct sadb_comb *); 6487 bzero(comb, sizeof(*comb)); 6488 key_getcomb_setlifetime(comb); 6489 comb->sadb_comb_encrypt = i; 6490 /* what should we set into sadb_comb_*_{min,max}bits? */ 6491 } 6492 6493 return m; 6494 } 6495 6496 /* 6497 * XXX no way to pass mode (transport/tunnel) to userland 6498 * XXX replay checking? 6499 * XXX sysctl interface to ipsec_{ah,esp}_keymin 6500 */ 6501 static struct mbuf * 6502 key_getprop(const struct secasindex *saidx) 6503 { 6504 struct sadb_prop *prop; 6505 struct mbuf *m, *n; 6506 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop)); 6507 int totlen; 6508 6509 switch (saidx->proto) { 6510 case IPPROTO_ESP: 6511 m = key_getcomb_ealg(); 6512 break; 6513 case IPPROTO_AH: 6514 m = key_getcomb_ah(); 6515 break; 6516 case IPPROTO_IPCOMP: 6517 m = key_getcomb_ipcomp(); 6518 break; 6519 default: 6520 return NULL; 6521 } 6522 6523 if (!m) 6524 return NULL; 6525 M_PREPEND(m, l, M_NOWAIT); 6526 if (!m) 6527 return NULL; 6528 6529 totlen = 0; 6530 for (n = m; n; n = n->m_next) 6531 totlen += n->m_len; 6532 6533 prop = mtod(m, struct sadb_prop *); 6534 bzero(prop, sizeof(*prop)); 6535 prop->sadb_prop_len = PFKEY_UNIT64(totlen); 6536 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 6537 prop->sadb_prop_replay = 32; /* XXX */ 6538 6539 return m; 6540 } 6541 6542 /* 6543 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2(). 6544 * send 6545 * <base, SA, address(SD), (address(P)), x_policy, 6546 * (identity(SD),) (sensitivity,) proposal> 6547 * to KMD, and expect to receive 6548 * <base> with SADB_ACQUIRE if error occurred, 6549 * or 6550 * <base, src address, dst address, (SPI range)> with SADB_GETSPI 6551 * from KMD by PF_KEY. 6552 * 6553 * XXX x_policy is outside of RFC2367 (KAME extension). 6554 * XXX sensitivity is not supported. 6555 * XXX for ipcomp, RFC2367 does not define how to fill in proposal. 6556 * see comment for key_getcomb_ipcomp(). 6557 * 6558 * OUT: 6559 * 0 : succeed 6560 * others: error number 6561 */ 6562 static int 6563 key_acquire(const struct secasindex *saidx, struct secpolicy *sp) 6564 { 6565 union sockaddr_union addr; 6566 struct mbuf *result, *m; 6567 uint32_t seq; 6568 int error; 6569 uint16_t ul_proto; 6570 uint8_t mask, satype; 6571 6572 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 6573 satype = key_proto2satype(saidx->proto); 6574 IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto)); 6575 6576 error = -1; 6577 result = NULL; 6578 ul_proto = IPSEC_ULPROTO_ANY; 6579 6580 /* Get seq number to check whether sending message or not. */ 6581 seq = key_getacq(saidx, &error); 6582 if (seq == 0) 6583 return (error); 6584 6585 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0); 6586 if (!m) { 6587 error = ENOBUFS; 6588 goto fail; 6589 } 6590 result = m; 6591 6592 /* 6593 * set sadb_address for saidx's. 6594 * 6595 * Note that if sp is supplied, then we're being called from 6596 * key_allocsa_policy() and should supply port and protocol 6597 * information. 6598 * XXXAE: why only TCP and UDP? ICMP and SCTP looks applicable too. 6599 * XXXAE: probably we can handle this in the ipsec[46]_allocsa(). 6600 * XXXAE: it looks like we should save this info in the ACQ entry. 6601 */ 6602 if (sp != NULL && (sp->spidx.ul_proto == IPPROTO_TCP || 6603 sp->spidx.ul_proto == IPPROTO_UDP)) 6604 ul_proto = sp->spidx.ul_proto; 6605 6606 addr = saidx->src; 6607 mask = FULLMASK; 6608 if (ul_proto != IPSEC_ULPROTO_ANY) { 6609 switch (sp->spidx.src.sa.sa_family) { 6610 case AF_INET: 6611 if (sp->spidx.src.sin.sin_port != IPSEC_PORT_ANY) { 6612 addr.sin.sin_port = sp->spidx.src.sin.sin_port; 6613 mask = sp->spidx.prefs; 6614 } 6615 break; 6616 case AF_INET6: 6617 if (sp->spidx.src.sin6.sin6_port != IPSEC_PORT_ANY) { 6618 addr.sin6.sin6_port = 6619 sp->spidx.src.sin6.sin6_port; 6620 mask = sp->spidx.prefs; 6621 } 6622 break; 6623 default: 6624 break; 6625 } 6626 } 6627 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &addr.sa, mask, ul_proto); 6628 if (!m) { 6629 error = ENOBUFS; 6630 goto fail; 6631 } 6632 m_cat(result, m); 6633 6634 addr = saidx->dst; 6635 mask = FULLMASK; 6636 if (ul_proto != IPSEC_ULPROTO_ANY) { 6637 switch (sp->spidx.dst.sa.sa_family) { 6638 case AF_INET: 6639 if (sp->spidx.dst.sin.sin_port != IPSEC_PORT_ANY) { 6640 addr.sin.sin_port = sp->spidx.dst.sin.sin_port; 6641 mask = sp->spidx.prefd; 6642 } 6643 break; 6644 case AF_INET6: 6645 if (sp->spidx.dst.sin6.sin6_port != IPSEC_PORT_ANY) { 6646 addr.sin6.sin6_port = 6647 sp->spidx.dst.sin6.sin6_port; 6648 mask = sp->spidx.prefd; 6649 } 6650 break; 6651 default: 6652 break; 6653 } 6654 } 6655 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &addr.sa, mask, ul_proto); 6656 if (!m) { 6657 error = ENOBUFS; 6658 goto fail; 6659 } 6660 m_cat(result, m); 6661 6662 /* XXX proxy address (optional) */ 6663 6664 /* 6665 * Set sadb_x_policy. This is KAME extension to RFC2367. 6666 */ 6667 if (sp != NULL) { 6668 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, 6669 sp->priority); 6670 if (!m) { 6671 error = ENOBUFS; 6672 goto fail; 6673 } 6674 m_cat(result, m); 6675 } 6676 6677 /* 6678 * Set sadb_x_sa2 extension if saidx->reqid is not zero. 6679 * This is FreeBSD extension to RFC2367. 6680 */ 6681 if (saidx->reqid != 0) { 6682 m = key_setsadbxsa2(saidx->mode, 0, saidx->reqid); 6683 if (m == NULL) { 6684 error = ENOBUFS; 6685 goto fail; 6686 } 6687 m_cat(result, m); 6688 } 6689 /* XXX identity (optional) */ 6690 #if 0 6691 if (idexttype && fqdn) { 6692 /* create identity extension (FQDN) */ 6693 struct sadb_ident *id; 6694 int fqdnlen; 6695 6696 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */ 6697 id = (struct sadb_ident *)p; 6698 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6699 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6700 id->sadb_ident_exttype = idexttype; 6701 id->sadb_ident_type = SADB_IDENTTYPE_FQDN; 6702 bcopy(fqdn, id + 1, fqdnlen); 6703 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen); 6704 } 6705 6706 if (idexttype) { 6707 /* create identity extension (USERFQDN) */ 6708 struct sadb_ident *id; 6709 int userfqdnlen; 6710 6711 if (userfqdn) { 6712 /* +1 for terminating-NUL */ 6713 userfqdnlen = strlen(userfqdn) + 1; 6714 } else 6715 userfqdnlen = 0; 6716 id = (struct sadb_ident *)p; 6717 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6718 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6719 id->sadb_ident_exttype = idexttype; 6720 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; 6721 /* XXX is it correct? */ 6722 if (curproc && curproc->p_cred) 6723 id->sadb_ident_id = curproc->p_cred->p_ruid; 6724 if (userfqdn && userfqdnlen) 6725 bcopy(userfqdn, id + 1, userfqdnlen); 6726 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen); 6727 } 6728 #endif 6729 6730 /* XXX sensitivity (optional) */ 6731 6732 /* create proposal/combination extension */ 6733 m = key_getprop(saidx); 6734 #if 0 6735 /* 6736 * spec conformant: always attach proposal/combination extension, 6737 * the problem is that we have no way to attach it for ipcomp, 6738 * due to the way sadb_comb is declared in RFC2367. 6739 */ 6740 if (!m) { 6741 error = ENOBUFS; 6742 goto fail; 6743 } 6744 m_cat(result, m); 6745 #else 6746 /* 6747 * outside of spec; make proposal/combination extension optional. 6748 */ 6749 if (m) 6750 m_cat(result, m); 6751 #endif 6752 6753 if ((result->m_flags & M_PKTHDR) == 0) { 6754 error = EINVAL; 6755 goto fail; 6756 } 6757 6758 if (result->m_len < sizeof(struct sadb_msg)) { 6759 result = m_pullup(result, sizeof(struct sadb_msg)); 6760 if (result == NULL) { 6761 error = ENOBUFS; 6762 goto fail; 6763 } 6764 } 6765 6766 result->m_pkthdr.len = 0; 6767 for (m = result; m; m = m->m_next) 6768 result->m_pkthdr.len += m->m_len; 6769 6770 mtod(result, struct sadb_msg *)->sadb_msg_len = 6771 PFKEY_UNIT64(result->m_pkthdr.len); 6772 6773 KEYDBG(KEY_STAMP, 6774 printf("%s: SP(%p)\n", __func__, sp)); 6775 KEYDBG(KEY_DATA, kdebug_secasindex(saidx, NULL)); 6776 6777 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 6778 6779 fail: 6780 if (result) 6781 m_freem(result); 6782 return error; 6783 } 6784 6785 static uint32_t 6786 key_newacq(const struct secasindex *saidx, int *perror) 6787 { 6788 struct secacq *acq; 6789 uint32_t seq; 6790 6791 acq = malloc(sizeof(*acq), M_IPSEC_SAQ, M_NOWAIT | M_ZERO); 6792 if (acq == NULL) { 6793 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6794 *perror = ENOBUFS; 6795 return (0); 6796 } 6797 6798 /* copy secindex */ 6799 bcopy(saidx, &acq->saidx, sizeof(acq->saidx)); 6800 acq->created = time_second; 6801 acq->count = 0; 6802 6803 /* add to acqtree */ 6804 ACQ_LOCK(); 6805 seq = acq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq); 6806 LIST_INSERT_HEAD(&V_acqtree, acq, chain); 6807 LIST_INSERT_HEAD(ACQADDRHASH_HASH(saidx), acq, addrhash); 6808 LIST_INSERT_HEAD(ACQSEQHASH_HASH(seq), acq, seqhash); 6809 ACQ_UNLOCK(); 6810 *perror = 0; 6811 return (seq); 6812 } 6813 6814 static uint32_t 6815 key_getacq(const struct secasindex *saidx, int *perror) 6816 { 6817 struct secacq *acq; 6818 uint32_t seq; 6819 6820 ACQ_LOCK(); 6821 LIST_FOREACH(acq, ACQADDRHASH_HASH(saidx), addrhash) { 6822 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY)) { 6823 if (acq->count > V_key_blockacq_count) { 6824 /* 6825 * Reset counter and send message. 6826 * Also reset created time to keep ACQ for 6827 * this saidx. 6828 */ 6829 acq->created = time_second; 6830 acq->count = 0; 6831 seq = acq->seq; 6832 } else { 6833 /* 6834 * Increment counter and do nothing. 6835 * We send SADB_ACQUIRE message only 6836 * for each V_key_blockacq_count packet. 6837 */ 6838 acq->count++; 6839 seq = 0; 6840 } 6841 break; 6842 } 6843 } 6844 ACQ_UNLOCK(); 6845 if (acq != NULL) { 6846 *perror = 0; 6847 return (seq); 6848 } 6849 /* allocate new entry */ 6850 return (key_newacq(saidx, perror)); 6851 } 6852 6853 static int 6854 key_acqreset(uint32_t seq) 6855 { 6856 struct secacq *acq; 6857 6858 ACQ_LOCK(); 6859 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6860 if (acq->seq == seq) { 6861 acq->count = 0; 6862 acq->created = time_second; 6863 break; 6864 } 6865 } 6866 ACQ_UNLOCK(); 6867 if (acq == NULL) 6868 return (ESRCH); 6869 return (0); 6870 } 6871 /* 6872 * Mark ACQ entry as stale to remove it in key_flush_acq(). 6873 * Called after successful SADB_GETSPI message. 6874 */ 6875 static int 6876 key_acqdone(const struct secasindex *saidx, uint32_t seq) 6877 { 6878 struct secacq *acq; 6879 6880 ACQ_LOCK(); 6881 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6882 if (acq->seq == seq) 6883 break; 6884 } 6885 if (acq != NULL) { 6886 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY) == 0) { 6887 ipseclog((LOG_DEBUG, 6888 "%s: Mismatched saidx for ACQ %u", __func__, seq)); 6889 acq = NULL; 6890 } else { 6891 acq->created = 0; 6892 } 6893 } else { 6894 ipseclog((LOG_DEBUG, 6895 "%s: ACQ %u is not found.", __func__, seq)); 6896 } 6897 ACQ_UNLOCK(); 6898 if (acq == NULL) 6899 return (ESRCH); 6900 return (0); 6901 } 6902 6903 static struct secspacq * 6904 key_newspacq(struct secpolicyindex *spidx) 6905 { 6906 struct secspacq *acq; 6907 6908 /* get new entry */ 6909 acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO); 6910 if (acq == NULL) { 6911 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6912 return NULL; 6913 } 6914 6915 /* copy secindex */ 6916 bcopy(spidx, &acq->spidx, sizeof(acq->spidx)); 6917 acq->created = time_second; 6918 acq->count = 0; 6919 6920 /* add to spacqtree */ 6921 SPACQ_LOCK(); 6922 LIST_INSERT_HEAD(&V_spacqtree, acq, chain); 6923 SPACQ_UNLOCK(); 6924 6925 return acq; 6926 } 6927 6928 static struct secspacq * 6929 key_getspacq(struct secpolicyindex *spidx) 6930 { 6931 struct secspacq *acq; 6932 6933 SPACQ_LOCK(); 6934 LIST_FOREACH(acq, &V_spacqtree, chain) { 6935 if (key_cmpspidx_exactly(spidx, &acq->spidx)) { 6936 /* NB: return holding spacq_lock */ 6937 return acq; 6938 } 6939 } 6940 SPACQ_UNLOCK(); 6941 6942 return NULL; 6943 } 6944 6945 /* 6946 * SADB_ACQUIRE processing, 6947 * in first situation, is receiving 6948 * <base> 6949 * from the ikmpd, and clear sequence of its secasvar entry. 6950 * 6951 * In second situation, is receiving 6952 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6953 * from a user land process, and return 6954 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6955 * to the socket. 6956 * 6957 * m will always be freed. 6958 */ 6959 static int 6960 key_acquire2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6961 { 6962 SAHTREE_RLOCK_TRACKER; 6963 struct sadb_address *src0, *dst0; 6964 struct secasindex saidx; 6965 struct secashead *sah; 6966 uint32_t reqid; 6967 int error; 6968 uint8_t mode, proto; 6969 6970 IPSEC_ASSERT(so != NULL, ("null socket")); 6971 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6972 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6973 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6974 6975 /* 6976 * Error message from KMd. 6977 * We assume that if error was occurred in IKEd, the length of PFKEY 6978 * message is equal to the size of sadb_msg structure. 6979 * We do not raise error even if error occurred in this function. 6980 */ 6981 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) { 6982 /* check sequence number */ 6983 if (mhp->msg->sadb_msg_seq == 0 || 6984 mhp->msg->sadb_msg_errno == 0) { 6985 ipseclog((LOG_DEBUG, "%s: must specify sequence " 6986 "number and errno.\n", __func__)); 6987 } else { 6988 /* 6989 * IKEd reported that error occurred. 6990 * XXXAE: what it expects from the kernel? 6991 * Probably we should send SADB_ACQUIRE again? 6992 * If so, reset ACQ's state. 6993 * XXXAE: it looks useless. 6994 */ 6995 key_acqreset(mhp->msg->sadb_msg_seq); 6996 } 6997 m_freem(m); 6998 return (0); 6999 } 7000 7001 /* 7002 * This message is from user land. 7003 */ 7004 7005 /* map satype to proto */ 7006 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7007 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7008 __func__)); 7009 return key_senderror(so, m, EINVAL); 7010 } 7011 7012 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 7013 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 7014 SADB_CHECKHDR(mhp, SADB_EXT_PROPOSAL)) { 7015 ipseclog((LOG_DEBUG, 7016 "%s: invalid message: missing required header.\n", 7017 __func__)); 7018 return key_senderror(so, m, EINVAL); 7019 } 7020 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 7021 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 7022 SADB_CHECKLEN(mhp, SADB_EXT_PROPOSAL)) { 7023 ipseclog((LOG_DEBUG, 7024 "%s: invalid message: wrong header size.\n", __func__)); 7025 return key_senderror(so, m, EINVAL); 7026 } 7027 7028 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 7029 mode = IPSEC_MODE_ANY; 7030 reqid = 0; 7031 } else { 7032 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 7033 ipseclog((LOG_DEBUG, 7034 "%s: invalid message: wrong header size.\n", 7035 __func__)); 7036 return key_senderror(so, m, EINVAL); 7037 } 7038 mode = ((struct sadb_x_sa2 *) 7039 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 7040 reqid = ((struct sadb_x_sa2 *) 7041 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 7042 } 7043 7044 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 7045 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 7046 7047 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 7048 (struct sockaddr *)(dst0 + 1)); 7049 if (error != 0) { 7050 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 7051 return key_senderror(so, m, EINVAL); 7052 } 7053 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 7054 7055 /* get a SA index */ 7056 SAHTREE_RLOCK(); 7057 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 7058 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID)) 7059 break; 7060 } 7061 SAHTREE_RUNLOCK(); 7062 if (sah != NULL) { 7063 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__)); 7064 return key_senderror(so, m, EEXIST); 7065 } 7066 7067 error = key_acquire(&saidx, NULL); 7068 if (error != 0) { 7069 ipseclog((LOG_DEBUG, 7070 "%s: error %d returned from key_acquire()\n", 7071 __func__, error)); 7072 return key_senderror(so, m, error); 7073 } 7074 m_freem(m); 7075 return (0); 7076 } 7077 7078 /* 7079 * SADB_REGISTER processing. 7080 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported. 7081 * receive 7082 * <base> 7083 * from the ikmpd, and register a socket to send PF_KEY messages, 7084 * and send 7085 * <base, supported> 7086 * to KMD by PF_KEY. 7087 * If socket is detached, must free from regnode. 7088 * 7089 * m will always be freed. 7090 */ 7091 static int 7092 key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7093 { 7094 struct secreg *reg, *newreg = NULL; 7095 7096 IPSEC_ASSERT(so != NULL, ("null socket")); 7097 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7098 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7099 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7100 7101 /* check for invalid register message */ 7102 if (mhp->msg->sadb_msg_satype >= sizeof(V_regtree)/sizeof(V_regtree[0])) 7103 return key_senderror(so, m, EINVAL); 7104 7105 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */ 7106 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 7107 goto setmsg; 7108 7109 /* check whether existing or not */ 7110 REGTREE_LOCK(); 7111 LIST_FOREACH(reg, &V_regtree[mhp->msg->sadb_msg_satype], chain) { 7112 if (reg->so == so) { 7113 REGTREE_UNLOCK(); 7114 ipseclog((LOG_DEBUG, "%s: socket exists already.\n", 7115 __func__)); 7116 return key_senderror(so, m, EEXIST); 7117 } 7118 } 7119 7120 /* create regnode */ 7121 newreg = malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO); 7122 if (newreg == NULL) { 7123 REGTREE_UNLOCK(); 7124 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7125 return key_senderror(so, m, ENOBUFS); 7126 } 7127 7128 newreg->so = so; 7129 ((struct keycb *)sotorawcb(so))->kp_registered++; 7130 7131 /* add regnode to regtree. */ 7132 LIST_INSERT_HEAD(&V_regtree[mhp->msg->sadb_msg_satype], newreg, chain); 7133 REGTREE_UNLOCK(); 7134 7135 setmsg: 7136 { 7137 struct mbuf *n; 7138 struct sadb_msg *newmsg; 7139 struct sadb_supported *sup; 7140 u_int len, alen, elen; 7141 int off; 7142 int i; 7143 struct sadb_alg *alg; 7144 7145 /* create new sadb_msg to reply. */ 7146 alen = 0; 7147 for (i = 1; i <= SADB_AALG_MAX; i++) { 7148 if (auth_algorithm_lookup(i)) 7149 alen += sizeof(struct sadb_alg); 7150 } 7151 if (alen) 7152 alen += sizeof(struct sadb_supported); 7153 elen = 0; 7154 for (i = 1; i <= SADB_EALG_MAX; i++) { 7155 if (enc_algorithm_lookup(i)) 7156 elen += sizeof(struct sadb_alg); 7157 } 7158 if (elen) 7159 elen += sizeof(struct sadb_supported); 7160 7161 len = sizeof(struct sadb_msg) + alen + elen; 7162 7163 if (len > MCLBYTES) 7164 return key_senderror(so, m, ENOBUFS); 7165 7166 MGETHDR(n, M_NOWAIT, MT_DATA); 7167 if (len > MHLEN) { 7168 if (!(MCLGET(n, M_NOWAIT))) { 7169 m_freem(n); 7170 n = NULL; 7171 } 7172 } 7173 if (!n) 7174 return key_senderror(so, m, ENOBUFS); 7175 7176 n->m_pkthdr.len = n->m_len = len; 7177 n->m_next = NULL; 7178 off = 0; 7179 7180 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 7181 newmsg = mtod(n, struct sadb_msg *); 7182 newmsg->sadb_msg_errno = 0; 7183 newmsg->sadb_msg_len = PFKEY_UNIT64(len); 7184 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 7185 7186 /* for authentication algorithm */ 7187 if (alen) { 7188 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7189 sup->sadb_supported_len = PFKEY_UNIT64(alen); 7190 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 7191 off += PFKEY_ALIGN8(sizeof(*sup)); 7192 7193 for (i = 1; i <= SADB_AALG_MAX; i++) { 7194 const struct auth_hash *aalgo; 7195 u_int16_t minkeysize, maxkeysize; 7196 7197 aalgo = auth_algorithm_lookup(i); 7198 if (!aalgo) 7199 continue; 7200 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7201 alg->sadb_alg_id = i; 7202 alg->sadb_alg_ivlen = 0; 7203 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize); 7204 alg->sadb_alg_minbits = _BITS(minkeysize); 7205 alg->sadb_alg_maxbits = _BITS(maxkeysize); 7206 off += PFKEY_ALIGN8(sizeof(*alg)); 7207 } 7208 } 7209 7210 /* for encryption algorithm */ 7211 if (elen) { 7212 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7213 sup->sadb_supported_len = PFKEY_UNIT64(elen); 7214 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 7215 off += PFKEY_ALIGN8(sizeof(*sup)); 7216 7217 for (i = 1; i <= SADB_EALG_MAX; i++) { 7218 const struct enc_xform *ealgo; 7219 7220 ealgo = enc_algorithm_lookup(i); 7221 if (!ealgo) 7222 continue; 7223 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7224 alg->sadb_alg_id = i; 7225 alg->sadb_alg_ivlen = ealgo->ivsize; 7226 alg->sadb_alg_minbits = _BITS(ealgo->minkey); 7227 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey); 7228 off += PFKEY_ALIGN8(sizeof(struct sadb_alg)); 7229 } 7230 } 7231 7232 IPSEC_ASSERT(off == len, 7233 ("length assumption failed (off %u len %u)", off, len)); 7234 7235 m_freem(m); 7236 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); 7237 } 7238 } 7239 7240 /* 7241 * free secreg entry registered. 7242 * XXX: I want to do free a socket marked done SADB_RESIGER to socket. 7243 */ 7244 void 7245 key_freereg(struct socket *so) 7246 { 7247 struct secreg *reg; 7248 int i; 7249 7250 IPSEC_ASSERT(so != NULL, ("NULL so")); 7251 7252 /* 7253 * check whether existing or not. 7254 * check all type of SA, because there is a potential that 7255 * one socket is registered to multiple type of SA. 7256 */ 7257 REGTREE_LOCK(); 7258 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 7259 LIST_FOREACH(reg, &V_regtree[i], chain) { 7260 if (reg->so == so && __LIST_CHAINED(reg)) { 7261 LIST_REMOVE(reg, chain); 7262 free(reg, M_IPSEC_SAR); 7263 break; 7264 } 7265 } 7266 } 7267 REGTREE_UNLOCK(); 7268 } 7269 7270 /* 7271 * SADB_EXPIRE processing 7272 * send 7273 * <base, SA, SA2, lifetime(C and one of HS), address(SD)> 7274 * to KMD by PF_KEY. 7275 * NOTE: We send only soft lifetime extension. 7276 * 7277 * OUT: 0 : succeed 7278 * others : error number 7279 */ 7280 static int 7281 key_expire(struct secasvar *sav, int hard) 7282 { 7283 struct mbuf *result = NULL, *m; 7284 struct sadb_lifetime *lt; 7285 uint32_t replay_count; 7286 int error, len; 7287 uint8_t satype; 7288 7289 IPSEC_ASSERT (sav != NULL, ("null sav")); 7290 IPSEC_ASSERT (sav->sah != NULL, ("null sa header")); 7291 7292 KEYDBG(KEY_STAMP, 7293 printf("%s: SA(%p) expired %s lifetime\n", __func__, 7294 sav, hard ? "hard": "soft")); 7295 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 7296 /* set msg header */ 7297 satype = key_proto2satype(sav->sah->saidx.proto); 7298 IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype)); 7299 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); 7300 if (!m) { 7301 error = ENOBUFS; 7302 goto fail; 7303 } 7304 result = m; 7305 7306 /* create SA extension */ 7307 m = key_setsadbsa(sav); 7308 if (!m) { 7309 error = ENOBUFS; 7310 goto fail; 7311 } 7312 m_cat(result, m); 7313 7314 /* create SA extension */ 7315 SECASVAR_LOCK(sav); 7316 replay_count = sav->replay ? sav->replay->count : 0; 7317 SECASVAR_UNLOCK(sav); 7318 7319 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 7320 sav->sah->saidx.reqid); 7321 if (!m) { 7322 error = ENOBUFS; 7323 goto fail; 7324 } 7325 m_cat(result, m); 7326 7327 if (sav->replay && sav->replay->wsize > UINT8_MAX) { 7328 m = key_setsadbxsareplay(sav->replay->wsize); 7329 if (!m) { 7330 error = ENOBUFS; 7331 goto fail; 7332 } 7333 m_cat(result, m); 7334 } 7335 7336 /* create lifetime extension (current and soft) */ 7337 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 7338 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 7339 if (m == NULL) { 7340 error = ENOBUFS; 7341 goto fail; 7342 } 7343 m_align(m, len); 7344 m->m_len = len; 7345 bzero(mtod(m, caddr_t), len); 7346 lt = mtod(m, struct sadb_lifetime *); 7347 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7348 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 7349 lt->sadb_lifetime_allocations = 7350 (uint32_t)counter_u64_fetch(sav->lft_c_allocations); 7351 lt->sadb_lifetime_bytes = 7352 counter_u64_fetch(sav->lft_c_bytes); 7353 lt->sadb_lifetime_addtime = sav->created; 7354 lt->sadb_lifetime_usetime = sav->firstused; 7355 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 7356 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7357 if (hard) { 7358 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 7359 lt->sadb_lifetime_allocations = sav->lft_h->allocations; 7360 lt->sadb_lifetime_bytes = sav->lft_h->bytes; 7361 lt->sadb_lifetime_addtime = sav->lft_h->addtime; 7362 lt->sadb_lifetime_usetime = sav->lft_h->usetime; 7363 } else { 7364 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 7365 lt->sadb_lifetime_allocations = sav->lft_s->allocations; 7366 lt->sadb_lifetime_bytes = sav->lft_s->bytes; 7367 lt->sadb_lifetime_addtime = sav->lft_s->addtime; 7368 lt->sadb_lifetime_usetime = sav->lft_s->usetime; 7369 } 7370 m_cat(result, m); 7371 7372 /* set sadb_address for source */ 7373 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 7374 &sav->sah->saidx.src.sa, 7375 FULLMASK, IPSEC_ULPROTO_ANY); 7376 if (!m) { 7377 error = ENOBUFS; 7378 goto fail; 7379 } 7380 m_cat(result, m); 7381 7382 /* set sadb_address for destination */ 7383 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 7384 &sav->sah->saidx.dst.sa, 7385 FULLMASK, IPSEC_ULPROTO_ANY); 7386 if (!m) { 7387 error = ENOBUFS; 7388 goto fail; 7389 } 7390 m_cat(result, m); 7391 7392 /* 7393 * XXX-BZ Handle NAT-T extensions here. 7394 * XXXAE: it doesn't seem quite useful. IKEs should not depend on 7395 * this information, we report only significant SA fields. 7396 */ 7397 7398 if ((result->m_flags & M_PKTHDR) == 0) { 7399 error = EINVAL; 7400 goto fail; 7401 } 7402 7403 if (result->m_len < sizeof(struct sadb_msg)) { 7404 result = m_pullup(result, sizeof(struct sadb_msg)); 7405 if (result == NULL) { 7406 error = ENOBUFS; 7407 goto fail; 7408 } 7409 } 7410 7411 result->m_pkthdr.len = 0; 7412 for (m = result; m; m = m->m_next) 7413 result->m_pkthdr.len += m->m_len; 7414 7415 mtod(result, struct sadb_msg *)->sadb_msg_len = 7416 PFKEY_UNIT64(result->m_pkthdr.len); 7417 7418 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 7419 7420 fail: 7421 if (result) 7422 m_freem(result); 7423 return error; 7424 } 7425 7426 static void 7427 key_freesah_flushed(struct secashead_queue *flushq) 7428 { 7429 struct secashead *sah, *nextsah; 7430 struct secasvar *sav, *nextsav; 7431 7432 sah = TAILQ_FIRST(flushq); 7433 while (sah != NULL) { 7434 sav = TAILQ_FIRST(&sah->savtree_larval); 7435 while (sav != NULL) { 7436 nextsav = TAILQ_NEXT(sav, chain); 7437 TAILQ_REMOVE(&sah->savtree_larval, sav, chain); 7438 key_freesav(&sav); /* release last reference */ 7439 key_freesah(&sah); /* release reference from SAV */ 7440 sav = nextsav; 7441 } 7442 sav = TAILQ_FIRST(&sah->savtree_alive); 7443 while (sav != NULL) { 7444 nextsav = TAILQ_NEXT(sav, chain); 7445 TAILQ_REMOVE(&sah->savtree_alive, sav, chain); 7446 key_freesav(&sav); /* release last reference */ 7447 key_freesah(&sah); /* release reference from SAV */ 7448 sav = nextsav; 7449 } 7450 nextsah = TAILQ_NEXT(sah, chain); 7451 key_freesah(&sah); /* release last reference */ 7452 sah = nextsah; 7453 } 7454 } 7455 7456 /* 7457 * SADB_FLUSH processing 7458 * receive 7459 * <base> 7460 * from the ikmpd, and free all entries in secastree. 7461 * and send, 7462 * <base> 7463 * to the ikmpd. 7464 * NOTE: to do is only marking SADB_SASTATE_DEAD. 7465 * 7466 * m will always be freed. 7467 */ 7468 static int 7469 key_flush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7470 { 7471 struct secashead_queue flushq; 7472 struct sadb_msg *newmsg; 7473 struct secashead *sah, *nextsah; 7474 struct secasvar *sav; 7475 uint8_t proto; 7476 int i; 7477 7478 IPSEC_ASSERT(so != NULL, ("null socket")); 7479 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7480 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7481 7482 /* map satype to proto */ 7483 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7484 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7485 __func__)); 7486 return key_senderror(so, m, EINVAL); 7487 } 7488 KEYDBG(KEY_STAMP, 7489 printf("%s: proto %u\n", __func__, proto)); 7490 7491 TAILQ_INIT(&flushq); 7492 if (proto == IPSEC_PROTO_ANY) { 7493 /* no SATYPE specified, i.e. flushing all SA. */ 7494 SAHTREE_WLOCK(); 7495 /* Move all SAHs into flushq */ 7496 TAILQ_CONCAT(&flushq, &V_sahtree, chain); 7497 /* Flush all buckets in SPI hash */ 7498 for (i = 0; i < V_savhash_mask + 1; i++) 7499 LIST_INIT(&V_savhashtbl[i]); 7500 /* Flush all buckets in SAHADDRHASH */ 7501 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 7502 LIST_INIT(&V_sahaddrhashtbl[i]); 7503 /* Mark all SAHs as unlinked */ 7504 TAILQ_FOREACH(sah, &flushq, chain) { 7505 sah->state = SADB_SASTATE_DEAD; 7506 /* 7507 * Callout handler makes its job using 7508 * RLOCK and drain queues. In case, when this 7509 * function will be called just before it 7510 * acquires WLOCK, we need to mark SAs as 7511 * unlinked to prevent second unlink. 7512 */ 7513 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7514 sav->state = SADB_SASTATE_DEAD; 7515 } 7516 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7517 sav->state = SADB_SASTATE_DEAD; 7518 } 7519 } 7520 SAHTREE_WUNLOCK(); 7521 } else { 7522 SAHTREE_WLOCK(); 7523 sah = TAILQ_FIRST(&V_sahtree); 7524 while (sah != NULL) { 7525 IPSEC_ASSERT(sah->state != SADB_SASTATE_DEAD, 7526 ("DEAD SAH %p in SADB_FLUSH", sah)); 7527 nextsah = TAILQ_NEXT(sah, chain); 7528 if (sah->saidx.proto != proto) { 7529 sah = nextsah; 7530 continue; 7531 } 7532 sah->state = SADB_SASTATE_DEAD; 7533 TAILQ_REMOVE(&V_sahtree, sah, chain); 7534 LIST_REMOVE(sah, addrhash); 7535 /* Unlink all SAs from SPI hash */ 7536 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7537 LIST_REMOVE(sav, spihash); 7538 sav->state = SADB_SASTATE_DEAD; 7539 } 7540 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7541 LIST_REMOVE(sav, spihash); 7542 sav->state = SADB_SASTATE_DEAD; 7543 } 7544 /* Add SAH into flushq */ 7545 TAILQ_INSERT_HEAD(&flushq, sah, chain); 7546 sah = nextsah; 7547 } 7548 SAHTREE_WUNLOCK(); 7549 } 7550 7551 key_freesah_flushed(&flushq); 7552 /* Free all queued SAs and SAHs */ 7553 if (m->m_len < sizeof(struct sadb_msg) || 7554 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 7555 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7556 return key_senderror(so, m, ENOBUFS); 7557 } 7558 7559 if (m->m_next) 7560 m_freem(m->m_next); 7561 m->m_next = NULL; 7562 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg); 7563 newmsg = mtod(m, struct sadb_msg *); 7564 newmsg->sadb_msg_errno = 0; 7565 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 7566 7567 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7568 } 7569 7570 /* 7571 * SADB_DUMP processing 7572 * dump all entries including status of DEAD in SAD. 7573 * receive 7574 * <base> 7575 * from the ikmpd, and dump all secasvar leaves 7576 * and send, 7577 * <base> ..... 7578 * to the ikmpd. 7579 * 7580 * m will always be freed. 7581 */ 7582 static int 7583 key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7584 { 7585 SAHTREE_RLOCK_TRACKER; 7586 struct secashead *sah; 7587 struct secasvar *sav; 7588 struct mbuf *n; 7589 uint32_t cnt; 7590 uint8_t proto, satype; 7591 7592 IPSEC_ASSERT(so != NULL, ("null socket")); 7593 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7594 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7595 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7596 7597 /* map satype to proto */ 7598 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7599 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7600 __func__)); 7601 return key_senderror(so, m, EINVAL); 7602 } 7603 7604 /* count sav entries to be sent to the userland. */ 7605 cnt = 0; 7606 SAHTREE_RLOCK(); 7607 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7608 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7609 proto != sah->saidx.proto) 7610 continue; 7611 7612 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) 7613 cnt++; 7614 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) 7615 cnt++; 7616 } 7617 7618 if (cnt == 0) { 7619 SAHTREE_RUNLOCK(); 7620 return key_senderror(so, m, ENOENT); 7621 } 7622 7623 /* send this to the userland, one at a time. */ 7624 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7625 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7626 proto != sah->saidx.proto) 7627 continue; 7628 7629 /* map proto to satype */ 7630 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 7631 SAHTREE_RUNLOCK(); 7632 ipseclog((LOG_DEBUG, "%s: there was invalid proto in " 7633 "SAD.\n", __func__)); 7634 return key_senderror(so, m, EINVAL); 7635 } 7636 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7637 n = key_setdumpsa(sav, SADB_DUMP, satype, 7638 --cnt, mhp->msg->sadb_msg_pid); 7639 if (n == NULL) { 7640 SAHTREE_RUNLOCK(); 7641 return key_senderror(so, m, ENOBUFS); 7642 } 7643 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7644 } 7645 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7646 n = key_setdumpsa(sav, SADB_DUMP, satype, 7647 --cnt, mhp->msg->sadb_msg_pid); 7648 if (n == NULL) { 7649 SAHTREE_RUNLOCK(); 7650 return key_senderror(so, m, ENOBUFS); 7651 } 7652 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7653 } 7654 } 7655 SAHTREE_RUNLOCK(); 7656 m_freem(m); 7657 return (0); 7658 } 7659 /* 7660 * SADB_X_PROMISC processing 7661 * 7662 * m will always be freed. 7663 */ 7664 static int 7665 key_promisc(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7666 { 7667 int olen; 7668 7669 IPSEC_ASSERT(so != NULL, ("null socket")); 7670 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7671 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7672 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7673 7674 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7675 7676 if (olen < sizeof(struct sadb_msg)) { 7677 #if 1 7678 return key_senderror(so, m, EINVAL); 7679 #else 7680 m_freem(m); 7681 return 0; 7682 #endif 7683 } else if (olen == sizeof(struct sadb_msg)) { 7684 /* enable/disable promisc mode */ 7685 struct keycb *kp; 7686 7687 if ((kp = (struct keycb *)sotorawcb(so)) == NULL) 7688 return key_senderror(so, m, EINVAL); 7689 mhp->msg->sadb_msg_errno = 0; 7690 switch (mhp->msg->sadb_msg_satype) { 7691 case 0: 7692 case 1: 7693 kp->kp_promisc = mhp->msg->sadb_msg_satype; 7694 break; 7695 default: 7696 return key_senderror(so, m, EINVAL); 7697 } 7698 7699 /* send the original message back to everyone */ 7700 mhp->msg->sadb_msg_errno = 0; 7701 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7702 } else { 7703 /* send packet as is */ 7704 7705 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg))); 7706 7707 /* TODO: if sadb_msg_seq is specified, send to specific pid */ 7708 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7709 } 7710 } 7711 7712 static int (*key_typesw[])(struct socket *, struct mbuf *, 7713 const struct sadb_msghdr *) = { 7714 NULL, /* SADB_RESERVED */ 7715 key_getspi, /* SADB_GETSPI */ 7716 key_update, /* SADB_UPDATE */ 7717 key_add, /* SADB_ADD */ 7718 key_delete, /* SADB_DELETE */ 7719 key_get, /* SADB_GET */ 7720 key_acquire2, /* SADB_ACQUIRE */ 7721 key_register, /* SADB_REGISTER */ 7722 NULL, /* SADB_EXPIRE */ 7723 key_flush, /* SADB_FLUSH */ 7724 key_dump, /* SADB_DUMP */ 7725 key_promisc, /* SADB_X_PROMISC */ 7726 NULL, /* SADB_X_PCHANGE */ 7727 key_spdadd, /* SADB_X_SPDUPDATE */ 7728 key_spdadd, /* SADB_X_SPDADD */ 7729 key_spddelete, /* SADB_X_SPDDELETE */ 7730 key_spdget, /* SADB_X_SPDGET */ 7731 NULL, /* SADB_X_SPDACQUIRE */ 7732 key_spddump, /* SADB_X_SPDDUMP */ 7733 key_spdflush, /* SADB_X_SPDFLUSH */ 7734 key_spdadd, /* SADB_X_SPDSETIDX */ 7735 NULL, /* SADB_X_SPDEXPIRE */ 7736 key_spddelete2, /* SADB_X_SPDDELETE2 */ 7737 }; 7738 7739 /* 7740 * parse sadb_msg buffer to process PFKEYv2, 7741 * and create a data to response if needed. 7742 * I think to be dealed with mbuf directly. 7743 * IN: 7744 * msgp : pointer to pointer to a received buffer pulluped. 7745 * This is rewrited to response. 7746 * so : pointer to socket. 7747 * OUT: 7748 * length for buffer to send to user process. 7749 */ 7750 int 7751 key_parse(struct mbuf *m, struct socket *so) 7752 { 7753 struct sadb_msg *msg; 7754 struct sadb_msghdr mh; 7755 u_int orglen; 7756 int error; 7757 int target; 7758 7759 IPSEC_ASSERT(so != NULL, ("null socket")); 7760 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7761 7762 if (m->m_len < sizeof(struct sadb_msg)) { 7763 m = m_pullup(m, sizeof(struct sadb_msg)); 7764 if (!m) 7765 return ENOBUFS; 7766 } 7767 msg = mtod(m, struct sadb_msg *); 7768 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); 7769 target = KEY_SENDUP_ONE; 7770 7771 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != orglen) { 7772 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); 7773 PFKEYSTAT_INC(out_invlen); 7774 error = EINVAL; 7775 goto senderror; 7776 } 7777 7778 if (msg->sadb_msg_version != PF_KEY_V2) { 7779 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n", 7780 __func__, msg->sadb_msg_version)); 7781 PFKEYSTAT_INC(out_invver); 7782 error = EINVAL; 7783 goto senderror; 7784 } 7785 7786 if (msg->sadb_msg_type > SADB_MAX) { 7787 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7788 __func__, msg->sadb_msg_type)); 7789 PFKEYSTAT_INC(out_invmsgtype); 7790 error = EINVAL; 7791 goto senderror; 7792 } 7793 7794 /* for old-fashioned code - should be nuked */ 7795 if (m->m_pkthdr.len > MCLBYTES) { 7796 m_freem(m); 7797 return ENOBUFS; 7798 } 7799 if (m->m_next) { 7800 struct mbuf *n; 7801 7802 MGETHDR(n, M_NOWAIT, MT_DATA); 7803 if (n && m->m_pkthdr.len > MHLEN) { 7804 if (!(MCLGET(n, M_NOWAIT))) { 7805 m_free(n); 7806 n = NULL; 7807 } 7808 } 7809 if (!n) { 7810 m_freem(m); 7811 return ENOBUFS; 7812 } 7813 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t)); 7814 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len; 7815 n->m_next = NULL; 7816 m_freem(m); 7817 m = n; 7818 } 7819 7820 /* align the mbuf chain so that extensions are in contiguous region. */ 7821 error = key_align(m, &mh); 7822 if (error) 7823 return error; 7824 7825 msg = mh.msg; 7826 7827 /* We use satype as scope mask for spddump */ 7828 if (msg->sadb_msg_type == SADB_X_SPDDUMP) { 7829 switch (msg->sadb_msg_satype) { 7830 case IPSEC_POLICYSCOPE_ANY: 7831 case IPSEC_POLICYSCOPE_GLOBAL: 7832 case IPSEC_POLICYSCOPE_IFNET: 7833 case IPSEC_POLICYSCOPE_PCB: 7834 break; 7835 default: 7836 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7837 __func__, msg->sadb_msg_type)); 7838 PFKEYSTAT_INC(out_invsatype); 7839 error = EINVAL; 7840 goto senderror; 7841 } 7842 } else { 7843 switch (msg->sadb_msg_satype) { /* check SA type */ 7844 case SADB_SATYPE_UNSPEC: 7845 switch (msg->sadb_msg_type) { 7846 case SADB_GETSPI: 7847 case SADB_UPDATE: 7848 case SADB_ADD: 7849 case SADB_DELETE: 7850 case SADB_GET: 7851 case SADB_ACQUIRE: 7852 case SADB_EXPIRE: 7853 ipseclog((LOG_DEBUG, "%s: must specify satype " 7854 "when msg type=%u.\n", __func__, 7855 msg->sadb_msg_type)); 7856 PFKEYSTAT_INC(out_invsatype); 7857 error = EINVAL; 7858 goto senderror; 7859 } 7860 break; 7861 case SADB_SATYPE_AH: 7862 case SADB_SATYPE_ESP: 7863 case SADB_X_SATYPE_IPCOMP: 7864 case SADB_X_SATYPE_TCPSIGNATURE: 7865 switch (msg->sadb_msg_type) { 7866 case SADB_X_SPDADD: 7867 case SADB_X_SPDDELETE: 7868 case SADB_X_SPDGET: 7869 case SADB_X_SPDFLUSH: 7870 case SADB_X_SPDSETIDX: 7871 case SADB_X_SPDUPDATE: 7872 case SADB_X_SPDDELETE2: 7873 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7874 __func__, msg->sadb_msg_type)); 7875 PFKEYSTAT_INC(out_invsatype); 7876 error = EINVAL; 7877 goto senderror; 7878 } 7879 break; 7880 case SADB_SATYPE_RSVP: 7881 case SADB_SATYPE_OSPFV2: 7882 case SADB_SATYPE_RIPV2: 7883 case SADB_SATYPE_MIP: 7884 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n", 7885 __func__, msg->sadb_msg_satype)); 7886 PFKEYSTAT_INC(out_invsatype); 7887 error = EOPNOTSUPP; 7888 goto senderror; 7889 case 1: /* XXX: What does it do? */ 7890 if (msg->sadb_msg_type == SADB_X_PROMISC) 7891 break; 7892 /*FALLTHROUGH*/ 7893 default: 7894 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7895 __func__, msg->sadb_msg_satype)); 7896 PFKEYSTAT_INC(out_invsatype); 7897 error = EINVAL; 7898 goto senderror; 7899 } 7900 } 7901 7902 /* check field of upper layer protocol and address family */ 7903 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL 7904 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) { 7905 struct sadb_address *src0, *dst0; 7906 u_int plen; 7907 7908 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]); 7909 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]); 7910 7911 /* check upper layer protocol */ 7912 if (src0->sadb_address_proto != dst0->sadb_address_proto) { 7913 ipseclog((LOG_DEBUG, "%s: upper layer protocol " 7914 "mismatched.\n", __func__)); 7915 PFKEYSTAT_INC(out_invaddr); 7916 error = EINVAL; 7917 goto senderror; 7918 } 7919 7920 /* check family */ 7921 if (PFKEY_ADDR_SADDR(src0)->sa_family != 7922 PFKEY_ADDR_SADDR(dst0)->sa_family) { 7923 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", 7924 __func__)); 7925 PFKEYSTAT_INC(out_invaddr); 7926 error = EINVAL; 7927 goto senderror; 7928 } 7929 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7930 PFKEY_ADDR_SADDR(dst0)->sa_len) { 7931 ipseclog((LOG_DEBUG, "%s: address struct size " 7932 "mismatched.\n", __func__)); 7933 PFKEYSTAT_INC(out_invaddr); 7934 error = EINVAL; 7935 goto senderror; 7936 } 7937 7938 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7939 case AF_INET: 7940 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7941 sizeof(struct sockaddr_in)) { 7942 PFKEYSTAT_INC(out_invaddr); 7943 error = EINVAL; 7944 goto senderror; 7945 } 7946 break; 7947 case AF_INET6: 7948 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7949 sizeof(struct sockaddr_in6)) { 7950 PFKEYSTAT_INC(out_invaddr); 7951 error = EINVAL; 7952 goto senderror; 7953 } 7954 break; 7955 default: 7956 ipseclog((LOG_DEBUG, "%s: unsupported address family\n", 7957 __func__)); 7958 PFKEYSTAT_INC(out_invaddr); 7959 error = EAFNOSUPPORT; 7960 goto senderror; 7961 } 7962 7963 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7964 case AF_INET: 7965 plen = sizeof(struct in_addr) << 3; 7966 break; 7967 case AF_INET6: 7968 plen = sizeof(struct in6_addr) << 3; 7969 break; 7970 default: 7971 plen = 0; /*fool gcc*/ 7972 break; 7973 } 7974 7975 /* check max prefix length */ 7976 if (src0->sadb_address_prefixlen > plen || 7977 dst0->sadb_address_prefixlen > plen) { 7978 ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n", 7979 __func__)); 7980 PFKEYSTAT_INC(out_invaddr); 7981 error = EINVAL; 7982 goto senderror; 7983 } 7984 7985 /* 7986 * prefixlen == 0 is valid because there can be a case when 7987 * all addresses are matched. 7988 */ 7989 } 7990 7991 if (msg->sadb_msg_type >= nitems(key_typesw) || 7992 key_typesw[msg->sadb_msg_type] == NULL) { 7993 PFKEYSTAT_INC(out_invmsgtype); 7994 error = EINVAL; 7995 goto senderror; 7996 } 7997 7998 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh); 7999 8000 senderror: 8001 msg->sadb_msg_errno = error; 8002 return key_sendup_mbuf(so, m, target); 8003 } 8004 8005 static int 8006 key_senderror(struct socket *so, struct mbuf *m, int code) 8007 { 8008 struct sadb_msg *msg; 8009 8010 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8011 ("mbuf too small, len %u", m->m_len)); 8012 8013 msg = mtod(m, struct sadb_msg *); 8014 msg->sadb_msg_errno = code; 8015 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 8016 } 8017 8018 /* 8019 * set the pointer to each header into message buffer. 8020 * m will be freed on error. 8021 * XXX larger-than-MCLBYTES extension? 8022 */ 8023 static int 8024 key_align(struct mbuf *m, struct sadb_msghdr *mhp) 8025 { 8026 struct mbuf *n; 8027 struct sadb_ext *ext; 8028 size_t off, end; 8029 int extlen; 8030 int toff; 8031 8032 IPSEC_ASSERT(m != NULL, ("null mbuf")); 8033 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 8034 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8035 ("mbuf too small, len %u", m->m_len)); 8036 8037 /* initialize */ 8038 bzero(mhp, sizeof(*mhp)); 8039 8040 mhp->msg = mtod(m, struct sadb_msg *); 8041 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */ 8042 8043 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 8044 extlen = end; /*just in case extlen is not updated*/ 8045 for (off = sizeof(struct sadb_msg); off < end; off += extlen) { 8046 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff); 8047 if (!n) { 8048 /* m is already freed */ 8049 return ENOBUFS; 8050 } 8051 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8052 8053 /* set pointer */ 8054 switch (ext->sadb_ext_type) { 8055 case SADB_EXT_SA: 8056 case SADB_EXT_ADDRESS_SRC: 8057 case SADB_EXT_ADDRESS_DST: 8058 case SADB_EXT_ADDRESS_PROXY: 8059 case SADB_EXT_LIFETIME_CURRENT: 8060 case SADB_EXT_LIFETIME_HARD: 8061 case SADB_EXT_LIFETIME_SOFT: 8062 case SADB_EXT_KEY_AUTH: 8063 case SADB_EXT_KEY_ENCRYPT: 8064 case SADB_EXT_IDENTITY_SRC: 8065 case SADB_EXT_IDENTITY_DST: 8066 case SADB_EXT_SENSITIVITY: 8067 case SADB_EXT_PROPOSAL: 8068 case SADB_EXT_SUPPORTED_AUTH: 8069 case SADB_EXT_SUPPORTED_ENCRYPT: 8070 case SADB_EXT_SPIRANGE: 8071 case SADB_X_EXT_POLICY: 8072 case SADB_X_EXT_SA2: 8073 case SADB_X_EXT_NAT_T_TYPE: 8074 case SADB_X_EXT_NAT_T_SPORT: 8075 case SADB_X_EXT_NAT_T_DPORT: 8076 case SADB_X_EXT_NAT_T_OAI: 8077 case SADB_X_EXT_NAT_T_OAR: 8078 case SADB_X_EXT_NAT_T_FRAG: 8079 case SADB_X_EXT_SA_REPLAY: 8080 case SADB_X_EXT_NEW_ADDRESS_SRC: 8081 case SADB_X_EXT_NEW_ADDRESS_DST: 8082 /* duplicate check */ 8083 /* 8084 * XXX Are there duplication payloads of either 8085 * KEY_AUTH or KEY_ENCRYPT ? 8086 */ 8087 if (mhp->ext[ext->sadb_ext_type] != NULL) { 8088 ipseclog((LOG_DEBUG, "%s: duplicate ext_type " 8089 "%u\n", __func__, ext->sadb_ext_type)); 8090 m_freem(m); 8091 PFKEYSTAT_INC(out_dupext); 8092 return EINVAL; 8093 } 8094 break; 8095 default: 8096 ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n", 8097 __func__, ext->sadb_ext_type)); 8098 m_freem(m); 8099 PFKEYSTAT_INC(out_invexttype); 8100 return EINVAL; 8101 } 8102 8103 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 8104 8105 if (key_validate_ext(ext, extlen)) { 8106 m_freem(m); 8107 PFKEYSTAT_INC(out_invlen); 8108 return EINVAL; 8109 } 8110 8111 n = m_pulldown(m, off, extlen, &toff); 8112 if (!n) { 8113 /* m is already freed */ 8114 return ENOBUFS; 8115 } 8116 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8117 8118 mhp->ext[ext->sadb_ext_type] = ext; 8119 mhp->extoff[ext->sadb_ext_type] = off; 8120 mhp->extlen[ext->sadb_ext_type] = extlen; 8121 } 8122 8123 if (off != end) { 8124 m_freem(m); 8125 PFKEYSTAT_INC(out_invlen); 8126 return EINVAL; 8127 } 8128 8129 return 0; 8130 } 8131 8132 static int 8133 key_validate_ext(const struct sadb_ext *ext, int len) 8134 { 8135 const struct sockaddr *sa; 8136 enum { NONE, ADDR } checktype = NONE; 8137 int baselen = 0; 8138 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len); 8139 8140 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len)) 8141 return EINVAL; 8142 8143 /* if it does not match minimum/maximum length, bail */ 8144 if (ext->sadb_ext_type >= nitems(minsize) || 8145 ext->sadb_ext_type >= nitems(maxsize)) 8146 return EINVAL; 8147 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type]) 8148 return EINVAL; 8149 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type]) 8150 return EINVAL; 8151 8152 /* more checks based on sadb_ext_type XXX need more */ 8153 switch (ext->sadb_ext_type) { 8154 case SADB_EXT_ADDRESS_SRC: 8155 case SADB_EXT_ADDRESS_DST: 8156 case SADB_EXT_ADDRESS_PROXY: 8157 case SADB_X_EXT_NAT_T_OAI: 8158 case SADB_X_EXT_NAT_T_OAR: 8159 case SADB_X_EXT_NEW_ADDRESS_SRC: 8160 case SADB_X_EXT_NEW_ADDRESS_DST: 8161 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address)); 8162 checktype = ADDR; 8163 break; 8164 case SADB_EXT_IDENTITY_SRC: 8165 case SADB_EXT_IDENTITY_DST: 8166 if (((const struct sadb_ident *)ext)->sadb_ident_type == 8167 SADB_X_IDENTTYPE_ADDR) { 8168 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident)); 8169 checktype = ADDR; 8170 } else 8171 checktype = NONE; 8172 break; 8173 default: 8174 checktype = NONE; 8175 break; 8176 } 8177 8178 switch (checktype) { 8179 case NONE: 8180 break; 8181 case ADDR: 8182 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen); 8183 if (len < baselen + sal) 8184 return EINVAL; 8185 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len) 8186 return EINVAL; 8187 break; 8188 } 8189 8190 return 0; 8191 } 8192 8193 void 8194 spdcache_init(void) 8195 { 8196 int i; 8197 8198 TUNABLE_INT_FETCH("net.key.spdcache.maxentries", 8199 &V_key_spdcache_maxentries); 8200 TUNABLE_INT_FETCH("net.key.spdcache.threshold", 8201 &V_key_spdcache_threshold); 8202 8203 if (V_key_spdcache_maxentries) { 8204 V_key_spdcache_maxentries = MAX(V_key_spdcache_maxentries, 8205 SPDCACHE_MAX_ENTRIES_PER_HASH); 8206 V_spdcachehashtbl = hashinit(V_key_spdcache_maxentries / 8207 SPDCACHE_MAX_ENTRIES_PER_HASH, 8208 M_IPSEC_SPDCACHE, &V_spdcachehash_mask); 8209 V_key_spdcache_maxentries = (V_spdcachehash_mask + 1) 8210 * SPDCACHE_MAX_ENTRIES_PER_HASH; 8211 8212 V_spdcache_lock = malloc(sizeof(struct mtx) * 8213 (V_spdcachehash_mask + 1), 8214 M_IPSEC_SPDCACHE, M_WAITOK|M_ZERO); 8215 8216 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8217 SPDCACHE_LOCK_INIT(i); 8218 } 8219 } 8220 8221 struct spdcache_entry * 8222 spdcache_entry_alloc(const struct secpolicyindex *spidx, struct secpolicy *sp) 8223 { 8224 struct spdcache_entry *entry; 8225 8226 entry = malloc(sizeof(struct spdcache_entry), 8227 M_IPSEC_SPDCACHE, M_NOWAIT|M_ZERO); 8228 if (entry == NULL) 8229 return NULL; 8230 8231 if (sp != NULL) 8232 SP_ADDREF(sp); 8233 8234 entry->spidx = *spidx; 8235 entry->sp = sp; 8236 8237 return (entry); 8238 } 8239 8240 void 8241 spdcache_entry_free(struct spdcache_entry *entry) 8242 { 8243 8244 if (entry->sp != NULL) 8245 key_freesp(&entry->sp); 8246 free(entry, M_IPSEC_SPDCACHE); 8247 } 8248 8249 void 8250 spdcache_clear(void) 8251 { 8252 struct spdcache_entry *entry; 8253 int i; 8254 8255 for (i = 0; i < V_spdcachehash_mask + 1; ++i) { 8256 SPDCACHE_LOCK(i); 8257 while (!LIST_EMPTY(&V_spdcachehashtbl[i])) { 8258 entry = LIST_FIRST(&V_spdcachehashtbl[i]); 8259 LIST_REMOVE(entry, chain); 8260 spdcache_entry_free(entry); 8261 } 8262 SPDCACHE_UNLOCK(i); 8263 } 8264 } 8265 8266 #ifdef VIMAGE 8267 void 8268 spdcache_destroy(void) 8269 { 8270 int i; 8271 8272 if (SPDCACHE_ENABLED()) { 8273 spdcache_clear(); 8274 hashdestroy(V_spdcachehashtbl, M_IPSEC_SPDCACHE, V_spdcachehash_mask); 8275 8276 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8277 SPDCACHE_LOCK_DESTROY(i); 8278 8279 free(V_spdcache_lock, M_IPSEC_SPDCACHE); 8280 } 8281 } 8282 #endif 8283 void 8284 key_init(void) 8285 { 8286 int i; 8287 8288 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8289 TAILQ_INIT(&V_sptree[i]); 8290 TAILQ_INIT(&V_sptree_ifnet[i]); 8291 } 8292 8293 V_key_lft_zone = uma_zcreate("IPsec SA lft_c", 8294 sizeof(uint64_t) * 2, NULL, NULL, NULL, NULL, 8295 UMA_ALIGN_PTR, UMA_ZONE_PCPU); 8296 8297 TAILQ_INIT(&V_sahtree); 8298 V_sphashtbl = hashinit(SPHASH_NHASH, M_IPSEC_SP, &V_sphash_mask); 8299 V_savhashtbl = hashinit(SAVHASH_NHASH, M_IPSEC_SA, &V_savhash_mask); 8300 V_sahaddrhashtbl = hashinit(SAHHASH_NHASH, M_IPSEC_SAH, 8301 &V_sahaddrhash_mask); 8302 V_acqaddrhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8303 &V_acqaddrhash_mask); 8304 V_acqseqhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8305 &V_acqseqhash_mask); 8306 8307 spdcache_init(); 8308 8309 for (i = 0; i <= SADB_SATYPE_MAX; i++) 8310 LIST_INIT(&V_regtree[i]); 8311 8312 LIST_INIT(&V_acqtree); 8313 LIST_INIT(&V_spacqtree); 8314 8315 if (!IS_DEFAULT_VNET(curvnet)) 8316 return; 8317 8318 SPTREE_LOCK_INIT(); 8319 REGTREE_LOCK_INIT(); 8320 SAHTREE_LOCK_INIT(); 8321 ACQ_LOCK_INIT(); 8322 SPACQ_LOCK_INIT(); 8323 8324 #ifndef IPSEC_DEBUG2 8325 callout_init(&key_timer, 1); 8326 callout_reset(&key_timer, hz, key_timehandler, NULL); 8327 #endif /*IPSEC_DEBUG2*/ 8328 8329 /* initialize key statistics */ 8330 keystat.getspi_count = 1; 8331 8332 if (bootverbose) 8333 printf("IPsec: Initialized Security Association Processing.\n"); 8334 } 8335 8336 #ifdef VIMAGE 8337 void 8338 key_destroy(void) 8339 { 8340 struct secashead_queue sahdrainq; 8341 struct secpolicy_queue drainq; 8342 struct secpolicy *sp, *nextsp; 8343 struct secacq *acq, *nextacq; 8344 struct secspacq *spacq, *nextspacq; 8345 struct secashead *sah; 8346 struct secasvar *sav; 8347 struct secreg *reg; 8348 int i; 8349 8350 /* 8351 * XXX: can we just call free() for each object without 8352 * walking through safe way with releasing references? 8353 */ 8354 TAILQ_INIT(&drainq); 8355 SPTREE_WLOCK(); 8356 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8357 TAILQ_CONCAT(&drainq, &V_sptree[i], chain); 8358 TAILQ_CONCAT(&drainq, &V_sptree_ifnet[i], chain); 8359 } 8360 for (i = 0; i < V_sphash_mask + 1; i++) 8361 LIST_INIT(&V_sphashtbl[i]); 8362 SPTREE_WUNLOCK(); 8363 spdcache_destroy(); 8364 8365 sp = TAILQ_FIRST(&drainq); 8366 while (sp != NULL) { 8367 nextsp = TAILQ_NEXT(sp, chain); 8368 key_freesp(&sp); 8369 sp = nextsp; 8370 } 8371 8372 TAILQ_INIT(&sahdrainq); 8373 SAHTREE_WLOCK(); 8374 TAILQ_CONCAT(&sahdrainq, &V_sahtree, chain); 8375 for (i = 0; i < V_savhash_mask + 1; i++) 8376 LIST_INIT(&V_savhashtbl[i]); 8377 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 8378 LIST_INIT(&V_sahaddrhashtbl[i]); 8379 TAILQ_FOREACH(sah, &sahdrainq, chain) { 8380 sah->state = SADB_SASTATE_DEAD; 8381 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 8382 sav->state = SADB_SASTATE_DEAD; 8383 } 8384 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 8385 sav->state = SADB_SASTATE_DEAD; 8386 } 8387 } 8388 SAHTREE_WUNLOCK(); 8389 8390 key_freesah_flushed(&sahdrainq); 8391 hashdestroy(V_sphashtbl, M_IPSEC_SP, V_sphash_mask); 8392 hashdestroy(V_savhashtbl, M_IPSEC_SA, V_savhash_mask); 8393 hashdestroy(V_sahaddrhashtbl, M_IPSEC_SAH, V_sahaddrhash_mask); 8394 8395 REGTREE_LOCK(); 8396 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 8397 LIST_FOREACH(reg, &V_regtree[i], chain) { 8398 if (__LIST_CHAINED(reg)) { 8399 LIST_REMOVE(reg, chain); 8400 free(reg, M_IPSEC_SAR); 8401 break; 8402 } 8403 } 8404 } 8405 REGTREE_UNLOCK(); 8406 8407 ACQ_LOCK(); 8408 acq = LIST_FIRST(&V_acqtree); 8409 while (acq != NULL) { 8410 nextacq = LIST_NEXT(acq, chain); 8411 LIST_REMOVE(acq, chain); 8412 free(acq, M_IPSEC_SAQ); 8413 acq = nextacq; 8414 } 8415 for (i = 0; i < V_acqaddrhash_mask + 1; i++) 8416 LIST_INIT(&V_acqaddrhashtbl[i]); 8417 for (i = 0; i < V_acqseqhash_mask + 1; i++) 8418 LIST_INIT(&V_acqseqhashtbl[i]); 8419 ACQ_UNLOCK(); 8420 8421 SPACQ_LOCK(); 8422 for (spacq = LIST_FIRST(&V_spacqtree); spacq != NULL; 8423 spacq = nextspacq) { 8424 nextspacq = LIST_NEXT(spacq, chain); 8425 if (__LIST_CHAINED(spacq)) { 8426 LIST_REMOVE(spacq, chain); 8427 free(spacq, M_IPSEC_SAQ); 8428 } 8429 } 8430 SPACQ_UNLOCK(); 8431 hashdestroy(V_acqaddrhashtbl, M_IPSEC_SAQ, V_acqaddrhash_mask); 8432 hashdestroy(V_acqseqhashtbl, M_IPSEC_SAQ, V_acqseqhash_mask); 8433 uma_zdestroy(V_key_lft_zone); 8434 8435 if (!IS_DEFAULT_VNET(curvnet)) 8436 return; 8437 #ifndef IPSEC_DEBUG2 8438 callout_drain(&key_timer); 8439 #endif 8440 SPTREE_LOCK_DESTROY(); 8441 REGTREE_LOCK_DESTROY(); 8442 SAHTREE_LOCK_DESTROY(); 8443 ACQ_LOCK_DESTROY(); 8444 SPACQ_LOCK_DESTROY(); 8445 } 8446 #endif 8447 8448 /* record data transfer on SA, and update timestamps */ 8449 void 8450 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m) 8451 { 8452 IPSEC_ASSERT(sav != NULL, ("Null secasvar")); 8453 IPSEC_ASSERT(m != NULL, ("Null mbuf")); 8454 8455 /* 8456 * XXX Currently, there is a difference of bytes size 8457 * between inbound and outbound processing. 8458 */ 8459 counter_u64_add(sav->lft_c_bytes, m->m_pkthdr.len); 8460 8461 /* 8462 * We use the number of packets as the unit of 8463 * allocations. We increment the variable 8464 * whenever {esp,ah}_{in,out}put is called. 8465 */ 8466 counter_u64_add(sav->lft_c_allocations, 1); 8467 8468 /* 8469 * NOTE: We record CURRENT usetime by using wall clock, 8470 * in seconds. HARD and SOFT lifetime are measured by the time 8471 * difference (again in seconds) from usetime. 8472 * 8473 * usetime 8474 * v expire expire 8475 * -----+-----+--------+---> t 8476 * <--------------> HARD 8477 * <-----> SOFT 8478 */ 8479 if (sav->firstused == 0) 8480 sav->firstused = time_second; 8481 } 8482 8483 /* 8484 * Take one of the kernel's security keys and convert it into a PF_KEY 8485 * structure within an mbuf, suitable for sending up to a waiting 8486 * application in user land. 8487 * 8488 * IN: 8489 * src: A pointer to a kernel security key. 8490 * exttype: Which type of key this is. Refer to the PF_KEY data structures. 8491 * OUT: 8492 * a valid mbuf or NULL indicating an error 8493 * 8494 */ 8495 8496 static struct mbuf * 8497 key_setkey(struct seckey *src, uint16_t exttype) 8498 { 8499 struct mbuf *m; 8500 struct sadb_key *p; 8501 int len; 8502 8503 if (src == NULL) 8504 return NULL; 8505 8506 len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src)); 8507 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8508 if (m == NULL) 8509 return NULL; 8510 m_align(m, len); 8511 m->m_len = len; 8512 p = mtod(m, struct sadb_key *); 8513 bzero(p, len); 8514 p->sadb_key_len = PFKEY_UNIT64(len); 8515 p->sadb_key_exttype = exttype; 8516 p->sadb_key_bits = src->bits; 8517 bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src)); 8518 8519 return m; 8520 } 8521 8522 /* 8523 * Take one of the kernel's lifetime data structures and convert it 8524 * into a PF_KEY structure within an mbuf, suitable for sending up to 8525 * a waiting application in user land. 8526 * 8527 * IN: 8528 * src: A pointer to a kernel lifetime structure. 8529 * exttype: Which type of lifetime this is. Refer to the PF_KEY 8530 * data structures for more information. 8531 * OUT: 8532 * a valid mbuf or NULL indicating an error 8533 * 8534 */ 8535 8536 static struct mbuf * 8537 key_setlifetime(struct seclifetime *src, uint16_t exttype) 8538 { 8539 struct mbuf *m = NULL; 8540 struct sadb_lifetime *p; 8541 int len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime)); 8542 8543 if (src == NULL) 8544 return NULL; 8545 8546 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8547 if (m == NULL) 8548 return m; 8549 m_align(m, len); 8550 m->m_len = len; 8551 p = mtod(m, struct sadb_lifetime *); 8552 8553 bzero(p, len); 8554 p->sadb_lifetime_len = PFKEY_UNIT64(len); 8555 p->sadb_lifetime_exttype = exttype; 8556 p->sadb_lifetime_allocations = src->allocations; 8557 p->sadb_lifetime_bytes = src->bytes; 8558 p->sadb_lifetime_addtime = src->addtime; 8559 p->sadb_lifetime_usetime = src->usetime; 8560 8561 return m; 8562 8563 } 8564 8565 const struct enc_xform * 8566 enc_algorithm_lookup(int alg) 8567 { 8568 int i; 8569 8570 for (i = 0; i < nitems(supported_ealgs); i++) 8571 if (alg == supported_ealgs[i].sadb_alg) 8572 return (supported_ealgs[i].xform); 8573 return (NULL); 8574 } 8575 8576 const struct auth_hash * 8577 auth_algorithm_lookup(int alg) 8578 { 8579 int i; 8580 8581 for (i = 0; i < nitems(supported_aalgs); i++) 8582 if (alg == supported_aalgs[i].sadb_alg) 8583 return (supported_aalgs[i].xform); 8584 return (NULL); 8585 } 8586 8587 const struct comp_algo * 8588 comp_algorithm_lookup(int alg) 8589 { 8590 int i; 8591 8592 for (i = 0; i < nitems(supported_calgs); i++) 8593 if (alg == supported_calgs[i].sadb_alg) 8594 return (supported_calgs[i].xform); 8595 return (NULL); 8596 } 8597 8598