1 /* $FreeBSD$ */ 2 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 3 4 /*- 5 * SPDX-License-Identifier: BSD-3-Clause 6 * 7 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the project nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 /* 36 * This code is referd to RFC 2367 37 */ 38 39 #include "opt_inet.h" 40 #include "opt_inet6.h" 41 #include "opt_ipsec.h" 42 43 #include <sys/types.h> 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/kernel.h> 47 #include <sys/fnv_hash.h> 48 #include <sys/lock.h> 49 #include <sys/mutex.h> 50 #include <sys/mbuf.h> 51 #include <sys/domain.h> 52 #include <sys/protosw.h> 53 #include <sys/malloc.h> 54 #include <sys/rmlock.h> 55 #include <sys/socket.h> 56 #include <sys/socketvar.h> 57 #include <sys/sysctl.h> 58 #include <sys/errno.h> 59 #include <sys/proc.h> 60 #include <sys/queue.h> 61 #include <sys/refcount.h> 62 #include <sys/syslog.h> 63 64 #include <vm/uma.h> 65 66 #include <net/if.h> 67 #include <net/if_var.h> 68 #include <net/vnet.h> 69 #include <net/raw_cb.h> 70 71 #include <netinet/in.h> 72 #include <netinet/in_systm.h> 73 #include <netinet/ip.h> 74 #include <netinet/in_var.h> 75 #include <netinet/udp.h> 76 77 #ifdef INET6 78 #include <netinet/ip6.h> 79 #include <netinet6/in6_var.h> 80 #include <netinet6/ip6_var.h> 81 #endif /* INET6 */ 82 83 #include <net/pfkeyv2.h> 84 #include <netipsec/keydb.h> 85 #include <netipsec/key.h> 86 #include <netipsec/keysock.h> 87 #include <netipsec/key_debug.h> 88 89 #include <netipsec/ipsec.h> 90 #ifdef INET6 91 #include <netipsec/ipsec6.h> 92 #endif 93 94 #include <netipsec/xform.h> 95 #include <machine/in_cksum.h> 96 #include <machine/stdarg.h> 97 98 /* randomness */ 99 #include <sys/random.h> 100 101 #define FULLMASK 0xff 102 #define _BITS(bytes) ((bytes) << 3) 103 104 #define UINT32_80PCT 0xcccccccc 105 /* 106 * Note on SA reference counting: 107 * - SAs that are not in DEAD state will have (total external reference + 1) 108 * following value in reference count field. they cannot be freed and are 109 * referenced from SA header. 110 * - SAs that are in DEAD state will have (total external reference) 111 * in reference count field. they are ready to be freed. reference from 112 * SA header will be removed in key_delsav(), when the reference count 113 * field hits 0 (= no external reference other than from SA header. 114 */ 115 116 VNET_DEFINE(u_int32_t, key_debug_level) = 0; 117 VNET_DEFINE_STATIC(u_int, key_spi_trycnt) = 1000; 118 VNET_DEFINE_STATIC(u_int32_t, key_spi_minval) = 0x100; 119 VNET_DEFINE_STATIC(u_int32_t, key_spi_maxval) = 0x0fffffff; /* XXX */ 120 VNET_DEFINE_STATIC(u_int32_t, policy_id) = 0; 121 /*interval to initialize randseed,1(m)*/ 122 VNET_DEFINE_STATIC(u_int, key_int_random) = 60; 123 /* interval to expire acquiring, 30(s)*/ 124 VNET_DEFINE_STATIC(u_int, key_larval_lifetime) = 30; 125 /* counter for blocking SADB_ACQUIRE.*/ 126 VNET_DEFINE_STATIC(int, key_blockacq_count) = 10; 127 /* lifetime for blocking SADB_ACQUIRE.*/ 128 VNET_DEFINE_STATIC(int, key_blockacq_lifetime) = 20; 129 /* preferred old sa rather than new sa.*/ 130 VNET_DEFINE_STATIC(int, key_preferred_oldsa) = 1; 131 #define V_key_spi_trycnt VNET(key_spi_trycnt) 132 #define V_key_spi_minval VNET(key_spi_minval) 133 #define V_key_spi_maxval VNET(key_spi_maxval) 134 #define V_policy_id VNET(policy_id) 135 #define V_key_int_random VNET(key_int_random) 136 #define V_key_larval_lifetime VNET(key_larval_lifetime) 137 #define V_key_blockacq_count VNET(key_blockacq_count) 138 #define V_key_blockacq_lifetime VNET(key_blockacq_lifetime) 139 #define V_key_preferred_oldsa VNET(key_preferred_oldsa) 140 141 VNET_DEFINE_STATIC(u_int32_t, acq_seq) = 0; 142 #define V_acq_seq VNET(acq_seq) 143 144 VNET_DEFINE_STATIC(uint32_t, sp_genid) = 0; 145 #define V_sp_genid VNET(sp_genid) 146 147 /* SPD */ 148 TAILQ_HEAD(secpolicy_queue, secpolicy); 149 LIST_HEAD(secpolicy_list, secpolicy); 150 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree[IPSEC_DIR_MAX]); 151 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree_ifnet[IPSEC_DIR_MAX]); 152 static struct rmlock sptree_lock; 153 #define V_sptree VNET(sptree) 154 #define V_sptree_ifnet VNET(sptree_ifnet) 155 #define SPTREE_LOCK_INIT() rm_init(&sptree_lock, "sptree") 156 #define SPTREE_LOCK_DESTROY() rm_destroy(&sptree_lock) 157 #define SPTREE_RLOCK_TRACKER struct rm_priotracker sptree_tracker 158 #define SPTREE_RLOCK() rm_rlock(&sptree_lock, &sptree_tracker) 159 #define SPTREE_RUNLOCK() rm_runlock(&sptree_lock, &sptree_tracker) 160 #define SPTREE_RLOCK_ASSERT() rm_assert(&sptree_lock, RA_RLOCKED) 161 #define SPTREE_WLOCK() rm_wlock(&sptree_lock) 162 #define SPTREE_WUNLOCK() rm_wunlock(&sptree_lock) 163 #define SPTREE_WLOCK_ASSERT() rm_assert(&sptree_lock, RA_WLOCKED) 164 #define SPTREE_UNLOCK_ASSERT() rm_assert(&sptree_lock, RA_UNLOCKED) 165 166 /* Hash table for lookup SP using unique id */ 167 VNET_DEFINE_STATIC(struct secpolicy_list *, sphashtbl); 168 VNET_DEFINE_STATIC(u_long, sphash_mask); 169 #define V_sphashtbl VNET(sphashtbl) 170 #define V_sphash_mask VNET(sphash_mask) 171 172 #define SPHASH_NHASH_LOG2 7 173 #define SPHASH_NHASH (1 << SPHASH_NHASH_LOG2) 174 #define SPHASH_HASHVAL(id) (key_u32hash(id) & V_sphash_mask) 175 #define SPHASH_HASH(id) &V_sphashtbl[SPHASH_HASHVAL(id)] 176 177 /* SPD cache */ 178 struct spdcache_entry { 179 struct secpolicyindex spidx; /* secpolicyindex */ 180 struct secpolicy *sp; /* cached policy to be used */ 181 182 LIST_ENTRY(spdcache_entry) chain; 183 }; 184 LIST_HEAD(spdcache_entry_list, spdcache_entry); 185 186 #define SPDCACHE_MAX_ENTRIES_PER_HASH 8 187 188 VNET_DEFINE_STATIC(u_int, key_spdcache_maxentries) = 0; 189 #define V_key_spdcache_maxentries VNET(key_spdcache_maxentries) 190 VNET_DEFINE_STATIC(u_int, key_spdcache_threshold) = 32; 191 #define V_key_spdcache_threshold VNET(key_spdcache_threshold) 192 VNET_DEFINE_STATIC(unsigned long, spd_size) = 0; 193 #define V_spd_size VNET(spd_size) 194 195 #define SPDCACHE_ENABLED() (V_key_spdcache_maxentries != 0) 196 #define SPDCACHE_ACTIVE() \ 197 (SPDCACHE_ENABLED() && V_spd_size >= V_key_spdcache_threshold) 198 199 VNET_DEFINE_STATIC(struct spdcache_entry_list *, spdcachehashtbl); 200 VNET_DEFINE_STATIC(u_long, spdcachehash_mask); 201 #define V_spdcachehashtbl VNET(spdcachehashtbl) 202 #define V_spdcachehash_mask VNET(spdcachehash_mask) 203 204 #define SPDCACHE_HASHVAL(idx) \ 205 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->ul_proto) & \ 206 V_spdcachehash_mask) 207 208 /* Each cache line is protected by a mutex */ 209 VNET_DEFINE_STATIC(struct mtx *, spdcache_lock); 210 #define V_spdcache_lock VNET(spdcache_lock) 211 212 #define SPDCACHE_LOCK_INIT(a) \ 213 mtx_init(&V_spdcache_lock[a], "spdcache", \ 214 "fast ipsec SPD cache", MTX_DEF|MTX_DUPOK) 215 #define SPDCACHE_LOCK_DESTROY(a) mtx_destroy(&V_spdcache_lock[a]) 216 #define SPDCACHE_LOCK(a) mtx_lock(&V_spdcache_lock[a]); 217 #define SPDCACHE_UNLOCK(a) mtx_unlock(&V_spdcache_lock[a]); 218 219 static struct sx spi_alloc_lock; 220 #define SPI_ALLOC_LOCK_INIT() sx_init(&spi_alloc_lock, "spialloc") 221 #define SPI_ALLOC_LOCK_DESTROY() sx_destroy(&spi_alloc_lock) 222 #define SPI_ALLOC_LOCK() sx_xlock(&spi_alloc_lock) 223 #define SPI_ALLOC_UNLOCK() sx_unlock(&spi_alloc_lock) 224 #define SPI_ALLOC_LOCK_ASSERT() sx_assert(&spi_alloc_lock, SA_XLOCKED) 225 226 /* SAD */ 227 TAILQ_HEAD(secashead_queue, secashead); 228 LIST_HEAD(secashead_list, secashead); 229 VNET_DEFINE_STATIC(struct secashead_queue, sahtree); 230 static struct rmlock sahtree_lock; 231 #define V_sahtree VNET(sahtree) 232 #define SAHTREE_LOCK_INIT() rm_init(&sahtree_lock, "sahtree") 233 #define SAHTREE_LOCK_DESTROY() rm_destroy(&sahtree_lock) 234 #define SAHTREE_RLOCK_TRACKER struct rm_priotracker sahtree_tracker 235 #define SAHTREE_RLOCK() rm_rlock(&sahtree_lock, &sahtree_tracker) 236 #define SAHTREE_RUNLOCK() rm_runlock(&sahtree_lock, &sahtree_tracker) 237 #define SAHTREE_RLOCK_ASSERT() rm_assert(&sahtree_lock, RA_RLOCKED) 238 #define SAHTREE_WLOCK() rm_wlock(&sahtree_lock) 239 #define SAHTREE_WUNLOCK() rm_wunlock(&sahtree_lock) 240 #define SAHTREE_WLOCK_ASSERT() rm_assert(&sahtree_lock, RA_WLOCKED) 241 #define SAHTREE_UNLOCK_ASSERT() rm_assert(&sahtree_lock, RA_UNLOCKED) 242 243 /* Hash table for lookup in SAD using SA addresses */ 244 VNET_DEFINE_STATIC(struct secashead_list *, sahaddrhashtbl); 245 VNET_DEFINE_STATIC(u_long, sahaddrhash_mask); 246 #define V_sahaddrhashtbl VNET(sahaddrhashtbl) 247 #define V_sahaddrhash_mask VNET(sahaddrhash_mask) 248 249 #define SAHHASH_NHASH_LOG2 7 250 #define SAHHASH_NHASH (1 << SAHHASH_NHASH_LOG2) 251 #define SAHADDRHASH_HASHVAL(idx) \ 252 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 253 V_sahaddrhash_mask) 254 #define SAHADDRHASH_HASH(saidx) \ 255 &V_sahaddrhashtbl[SAHADDRHASH_HASHVAL(saidx)] 256 257 /* Hash table for lookup in SAD using SPI */ 258 LIST_HEAD(secasvar_list, secasvar); 259 VNET_DEFINE_STATIC(struct secasvar_list *, savhashtbl); 260 VNET_DEFINE_STATIC(u_long, savhash_mask); 261 #define V_savhashtbl VNET(savhashtbl) 262 #define V_savhash_mask VNET(savhash_mask) 263 #define SAVHASH_NHASH_LOG2 7 264 #define SAVHASH_NHASH (1 << SAVHASH_NHASH_LOG2) 265 #define SAVHASH_HASHVAL(spi) (key_u32hash(spi) & V_savhash_mask) 266 #define SAVHASH_HASH(spi) &V_savhashtbl[SAVHASH_HASHVAL(spi)] 267 268 static uint32_t 269 key_addrprotohash(const union sockaddr_union *src, 270 const union sockaddr_union *dst, const uint8_t *proto) 271 { 272 uint32_t hval; 273 274 hval = fnv_32_buf(proto, sizeof(*proto), 275 FNV1_32_INIT); 276 switch (dst->sa.sa_family) { 277 #ifdef INET 278 case AF_INET: 279 hval = fnv_32_buf(&src->sin.sin_addr, 280 sizeof(in_addr_t), hval); 281 hval = fnv_32_buf(&dst->sin.sin_addr, 282 sizeof(in_addr_t), hval); 283 break; 284 #endif 285 #ifdef INET6 286 case AF_INET6: 287 hval = fnv_32_buf(&src->sin6.sin6_addr, 288 sizeof(struct in6_addr), hval); 289 hval = fnv_32_buf(&dst->sin6.sin6_addr, 290 sizeof(struct in6_addr), hval); 291 break; 292 #endif 293 default: 294 hval = 0; 295 ipseclog((LOG_DEBUG, "%s: unknown address family %d\n", 296 __func__, dst->sa.sa_family)); 297 } 298 return (hval); 299 } 300 301 static uint32_t 302 key_u32hash(uint32_t val) 303 { 304 305 return (fnv_32_buf(&val, sizeof(val), FNV1_32_INIT)); 306 } 307 308 /* registed list */ 309 VNET_DEFINE_STATIC(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]); 310 #define V_regtree VNET(regtree) 311 static struct mtx regtree_lock; 312 #define REGTREE_LOCK_INIT() \ 313 mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF) 314 #define REGTREE_LOCK_DESTROY() mtx_destroy(®tree_lock) 315 #define REGTREE_LOCK() mtx_lock(®tree_lock) 316 #define REGTREE_UNLOCK() mtx_unlock(®tree_lock) 317 #define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED) 318 319 /* Acquiring list */ 320 LIST_HEAD(secacq_list, secacq); 321 VNET_DEFINE_STATIC(struct secacq_list, acqtree); 322 #define V_acqtree VNET(acqtree) 323 static struct mtx acq_lock; 324 #define ACQ_LOCK_INIT() \ 325 mtx_init(&acq_lock, "acqtree", "ipsec SA acquiring list", MTX_DEF) 326 #define ACQ_LOCK_DESTROY() mtx_destroy(&acq_lock) 327 #define ACQ_LOCK() mtx_lock(&acq_lock) 328 #define ACQ_UNLOCK() mtx_unlock(&acq_lock) 329 #define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED) 330 331 /* Hash table for lookup in ACQ list using SA addresses */ 332 VNET_DEFINE_STATIC(struct secacq_list *, acqaddrhashtbl); 333 VNET_DEFINE_STATIC(u_long, acqaddrhash_mask); 334 #define V_acqaddrhashtbl VNET(acqaddrhashtbl) 335 #define V_acqaddrhash_mask VNET(acqaddrhash_mask) 336 337 /* Hash table for lookup in ACQ list using SEQ number */ 338 VNET_DEFINE_STATIC(struct secacq_list *, acqseqhashtbl); 339 VNET_DEFINE_STATIC(u_long, acqseqhash_mask); 340 #define V_acqseqhashtbl VNET(acqseqhashtbl) 341 #define V_acqseqhash_mask VNET(acqseqhash_mask) 342 343 #define ACQHASH_NHASH_LOG2 7 344 #define ACQHASH_NHASH (1 << ACQHASH_NHASH_LOG2) 345 #define ACQADDRHASH_HASHVAL(idx) \ 346 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 347 V_acqaddrhash_mask) 348 #define ACQSEQHASH_HASHVAL(seq) \ 349 (key_u32hash(seq) & V_acqseqhash_mask) 350 #define ACQADDRHASH_HASH(saidx) \ 351 &V_acqaddrhashtbl[ACQADDRHASH_HASHVAL(saidx)] 352 #define ACQSEQHASH_HASH(seq) \ 353 &V_acqseqhashtbl[ACQSEQHASH_HASHVAL(seq)] 354 /* SP acquiring list */ 355 VNET_DEFINE_STATIC(LIST_HEAD(_spacqtree, secspacq), spacqtree); 356 #define V_spacqtree VNET(spacqtree) 357 static struct mtx spacq_lock; 358 #define SPACQ_LOCK_INIT() \ 359 mtx_init(&spacq_lock, "spacqtree", \ 360 "fast ipsec security policy acquire list", MTX_DEF) 361 #define SPACQ_LOCK_DESTROY() mtx_destroy(&spacq_lock) 362 #define SPACQ_LOCK() mtx_lock(&spacq_lock) 363 #define SPACQ_UNLOCK() mtx_unlock(&spacq_lock) 364 #define SPACQ_LOCK_ASSERT() mtx_assert(&spacq_lock, MA_OWNED) 365 366 static const int minsize[] = { 367 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 368 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 369 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 370 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 371 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 372 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */ 373 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */ 374 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */ 375 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */ 376 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */ 377 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */ 378 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */ 379 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */ 380 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */ 381 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */ 382 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */ 383 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 384 0, /* SADB_X_EXT_KMPRIVATE */ 385 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */ 386 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 387 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 388 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 389 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 390 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAI */ 391 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAR */ 392 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 393 sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */ 394 sizeof(struct sadb_address), /* SADB_X_EXT_NEW_ADDRESS_SRC */ 395 sizeof(struct sadb_address), /* SADB_X_EXT_NEW_ADDRESS_DST */ 396 }; 397 _Static_assert(sizeof(minsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch"); 398 399 static const int maxsize[] = { 400 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 401 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 402 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 403 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 404 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 405 0, /* SADB_EXT_ADDRESS_SRC */ 406 0, /* SADB_EXT_ADDRESS_DST */ 407 0, /* SADB_EXT_ADDRESS_PROXY */ 408 0, /* SADB_EXT_KEY_AUTH */ 409 0, /* SADB_EXT_KEY_ENCRYPT */ 410 0, /* SADB_EXT_IDENTITY_SRC */ 411 0, /* SADB_EXT_IDENTITY_DST */ 412 0, /* SADB_EXT_SENSITIVITY */ 413 0, /* SADB_EXT_PROPOSAL */ 414 0, /* SADB_EXT_SUPPORTED_AUTH */ 415 0, /* SADB_EXT_SUPPORTED_ENCRYPT */ 416 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 417 0, /* SADB_X_EXT_KMPRIVATE */ 418 0, /* SADB_X_EXT_POLICY */ 419 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 420 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 421 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 422 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 423 0, /* SADB_X_EXT_NAT_T_OAI */ 424 0, /* SADB_X_EXT_NAT_T_OAR */ 425 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 426 sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */ 427 0, /* SADB_X_EXT_NEW_ADDRESS_SRC */ 428 0, /* SADB_X_EXT_NEW_ADDRESS_DST */ 429 }; 430 _Static_assert(sizeof(maxsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch"); 431 432 /* 433 * Internal values for SA flags: 434 * SADB_X_EXT_F_CLONED means that SA was cloned by key_updateaddresses, 435 * thus we will not free the most of SA content in key_delsav(). 436 */ 437 #define SADB_X_EXT_F_CLONED 0x80000000 438 439 #define SADB_CHECKLEN(_mhp, _ext) \ 440 ((_mhp)->extlen[(_ext)] < minsize[(_ext)] || (maxsize[(_ext)] != 0 && \ 441 ((_mhp)->extlen[(_ext)] > maxsize[(_ext)]))) 442 #define SADB_CHECKHDR(_mhp, _ext) ((_mhp)->ext[(_ext)] == NULL) 443 444 VNET_DEFINE_STATIC(int, ipsec_esp_keymin) = 256; 445 VNET_DEFINE_STATIC(int, ipsec_esp_auth) = 0; 446 VNET_DEFINE_STATIC(int, ipsec_ah_keymin) = 128; 447 448 #define V_ipsec_esp_keymin VNET(ipsec_esp_keymin) 449 #define V_ipsec_esp_auth VNET(ipsec_esp_auth) 450 #define V_ipsec_ah_keymin VNET(ipsec_ah_keymin) 451 452 #ifdef IPSEC_DEBUG 453 VNET_DEFINE(int, ipsec_debug) = 1; 454 #else 455 VNET_DEFINE(int, ipsec_debug) = 0; 456 #endif 457 458 #ifdef INET 459 SYSCTL_DECL(_net_inet_ipsec); 460 SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, debug, 461 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 462 "Enable IPsec debugging output when set."); 463 #endif 464 #ifdef INET6 465 SYSCTL_DECL(_net_inet6_ipsec6); 466 SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, debug, 467 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 468 "Enable IPsec debugging output when set."); 469 #endif 470 471 SYSCTL_DECL(_net_key); 472 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, 473 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, ""); 474 475 /* max count of trial for the decision of spi value */ 476 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, 477 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, ""); 478 479 /* minimum spi value to allocate automatically. */ 480 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, 481 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, ""); 482 483 /* maximun spi value to allocate automatically. */ 484 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, 485 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, ""); 486 487 /* interval to initialize randseed */ 488 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, 489 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_int_random), 0, ""); 490 491 /* lifetime for larval SA */ 492 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, 493 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, ""); 494 495 /* counter for blocking to send SADB_ACQUIRE to IKEd */ 496 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, 497 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, ""); 498 499 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ 500 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, 501 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, ""); 502 503 /* ESP auth */ 504 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, 505 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, ""); 506 507 /* minimum ESP key length */ 508 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, 509 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, ""); 510 511 /* minimum AH key length */ 512 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, 513 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, ""); 514 515 /* perfered old SA rather than new SA */ 516 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, 517 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, ""); 518 519 static SYSCTL_NODE(_net_key, OID_AUTO, spdcache, 520 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 521 "SPD cache"); 522 523 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, maxentries, 524 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_maxentries), 0, 525 "Maximum number of entries in the SPD cache" 526 " (power of 2, 0 to disable)"); 527 528 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, threshold, 529 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_threshold), 0, 530 "Number of SPs that make the SPD cache active"); 531 532 #define __LIST_CHAINED(elm) \ 533 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) 534 535 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association"); 536 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head"); 537 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy"); 538 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request"); 539 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous"); 540 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire"); 541 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire"); 542 MALLOC_DEFINE(M_IPSEC_SPDCACHE, "ipsec-spdcache", "ipsec SPD cache"); 543 544 static uma_zone_t __read_mostly ipsec_key_lft_zone; 545 546 /* 547 * set parameters into secpolicyindex buffer. 548 * Must allocate secpolicyindex buffer passed to this function. 549 */ 550 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \ 551 do { \ 552 bzero((idx), sizeof(struct secpolicyindex)); \ 553 (idx)->dir = (_dir); \ 554 (idx)->prefs = (ps); \ 555 (idx)->prefd = (pd); \ 556 (idx)->ul_proto = (ulp); \ 557 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 558 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 559 } while (0) 560 561 /* 562 * set parameters into secasindex buffer. 563 * Must allocate secasindex buffer before calling this function. 564 */ 565 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \ 566 do { \ 567 bzero((idx), sizeof(struct secasindex)); \ 568 (idx)->proto = (p); \ 569 (idx)->mode = (m); \ 570 (idx)->reqid = (r); \ 571 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 572 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 573 key_porttosaddr(&(idx)->src.sa, 0); \ 574 key_porttosaddr(&(idx)->dst.sa, 0); \ 575 } while (0) 576 577 /* key statistics */ 578 struct _keystat { 579 u_long getspi_count; /* the avarage of count to try to get new SPI */ 580 } keystat; 581 582 struct sadb_msghdr { 583 struct sadb_msg *msg; 584 struct sadb_ext *ext[SADB_EXT_MAX + 1]; 585 int extoff[SADB_EXT_MAX + 1]; 586 int extlen[SADB_EXT_MAX + 1]; 587 }; 588 589 static struct supported_ealgs { 590 int sadb_alg; 591 const struct enc_xform *xform; 592 } supported_ealgs[] = { 593 { SADB_X_EALG_AES, &enc_xform_aes_cbc }, 594 { SADB_EALG_NULL, &enc_xform_null }, 595 { SADB_X_EALG_AESCTR, &enc_xform_aes_icm }, 596 { SADB_X_EALG_AESGCM16, &enc_xform_aes_nist_gcm }, 597 { SADB_X_EALG_AESGMAC, &enc_xform_aes_nist_gmac }, 598 }; 599 600 static struct supported_aalgs { 601 int sadb_alg; 602 const struct auth_hash *xform; 603 } supported_aalgs[] = { 604 { SADB_X_AALG_NULL, &auth_hash_null }, 605 { SADB_AALG_SHA1HMAC, &auth_hash_hmac_sha1 }, 606 { SADB_X_AALG_SHA2_256, &auth_hash_hmac_sha2_256 }, 607 { SADB_X_AALG_SHA2_384, &auth_hash_hmac_sha2_384 }, 608 { SADB_X_AALG_SHA2_512, &auth_hash_hmac_sha2_512 }, 609 { SADB_X_AALG_AES128GMAC, &auth_hash_nist_gmac_aes_128 }, 610 { SADB_X_AALG_AES192GMAC, &auth_hash_nist_gmac_aes_192 }, 611 { SADB_X_AALG_AES256GMAC, &auth_hash_nist_gmac_aes_256 }, 612 }; 613 614 static struct supported_calgs { 615 int sadb_alg; 616 const struct comp_algo *xform; 617 } supported_calgs[] = { 618 { SADB_X_CALG_DEFLATE, &comp_algo_deflate }, 619 }; 620 621 #ifndef IPSEC_DEBUG2 622 static struct callout key_timer; 623 #endif 624 625 static void key_unlink(struct secpolicy *); 626 static void key_detach(struct secpolicy *); 627 static struct secpolicy *key_do_allocsp(struct secpolicyindex *spidx, u_int dir); 628 static struct secpolicy *key_getsp(struct secpolicyindex *); 629 static struct secpolicy *key_getspbyid(u_int32_t); 630 static struct mbuf *key_gather_mbuf(struct mbuf *, 631 const struct sadb_msghdr *, int, int, ...); 632 static int key_spdadd(struct socket *, struct mbuf *, 633 const struct sadb_msghdr *); 634 static uint32_t key_getnewspid(void); 635 static int key_spddelete(struct socket *, struct mbuf *, 636 const struct sadb_msghdr *); 637 static int key_spddelete2(struct socket *, struct mbuf *, 638 const struct sadb_msghdr *); 639 static int key_spdget(struct socket *, struct mbuf *, 640 const struct sadb_msghdr *); 641 static int key_spdflush(struct socket *, struct mbuf *, 642 const struct sadb_msghdr *); 643 static int key_spddump(struct socket *, struct mbuf *, 644 const struct sadb_msghdr *); 645 static struct mbuf *key_setdumpsp(struct secpolicy *, 646 u_int8_t, u_int32_t, u_int32_t); 647 static struct mbuf *key_sp2mbuf(struct secpolicy *); 648 static size_t key_getspreqmsglen(struct secpolicy *); 649 static int key_spdexpire(struct secpolicy *); 650 static struct secashead *key_newsah(struct secasindex *); 651 static void key_freesah(struct secashead **); 652 static void key_delsah(struct secashead *); 653 static struct secasvar *key_newsav(const struct sadb_msghdr *, 654 struct secasindex *, uint32_t, int *); 655 static void key_delsav(struct secasvar *); 656 static void key_unlinksav(struct secasvar *); 657 static struct secashead *key_getsah(struct secasindex *); 658 static int key_checkspidup(uint32_t); 659 static struct secasvar *key_getsavbyspi(uint32_t); 660 static int key_setnatt(struct secasvar *, const struct sadb_msghdr *); 661 static int key_setsaval(struct secasvar *, const struct sadb_msghdr *); 662 static int key_updatelifetimes(struct secasvar *, const struct sadb_msghdr *); 663 static int key_updateaddresses(struct socket *, struct mbuf *, 664 const struct sadb_msghdr *, struct secasvar *, struct secasindex *); 665 666 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t, 667 u_int8_t, u_int32_t, u_int32_t); 668 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t, 669 u_int32_t, pid_t, u_int16_t); 670 static struct mbuf *key_setsadbsa(struct secasvar *); 671 static struct mbuf *key_setsadbaddr(u_int16_t, 672 const struct sockaddr *, u_int8_t, u_int16_t); 673 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t); 674 static struct mbuf *key_setsadbxtype(u_int16_t); 675 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t); 676 static struct mbuf *key_setsadbxsareplay(u_int32_t); 677 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t, 678 u_int32_t, u_int32_t); 679 static struct seckey *key_dup_keymsg(const struct sadb_key *, size_t, 680 struct malloc_type *); 681 static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src, 682 struct malloc_type *); 683 684 /* flags for key_cmpsaidx() */ 685 #define CMP_HEAD 1 /* protocol, addresses. */ 686 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */ 687 #define CMP_REQID 3 /* additionally HEAD, reaid. */ 688 #define CMP_EXACTLY 4 /* all elements. */ 689 static int key_cmpsaidx(const struct secasindex *, 690 const struct secasindex *, int); 691 static int key_cmpspidx_exactly(struct secpolicyindex *, 692 struct secpolicyindex *); 693 static int key_cmpspidx_withmask(struct secpolicyindex *, 694 struct secpolicyindex *); 695 static int key_bbcmp(const void *, const void *, u_int); 696 static uint8_t key_satype2proto(uint8_t); 697 static uint8_t key_proto2satype(uint8_t); 698 699 static int key_getspi(struct socket *, struct mbuf *, 700 const struct sadb_msghdr *); 701 static uint32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *); 702 static int key_update(struct socket *, struct mbuf *, 703 const struct sadb_msghdr *); 704 static int key_add(struct socket *, struct mbuf *, 705 const struct sadb_msghdr *); 706 static int key_setident(struct secashead *, const struct sadb_msghdr *); 707 static struct mbuf *key_getmsgbuf_x1(struct mbuf *, 708 const struct sadb_msghdr *); 709 static int key_delete(struct socket *, struct mbuf *, 710 const struct sadb_msghdr *); 711 static int key_delete_all(struct socket *, struct mbuf *, 712 const struct sadb_msghdr *, struct secasindex *); 713 static int key_get(struct socket *, struct mbuf *, 714 const struct sadb_msghdr *); 715 716 static void key_getcomb_setlifetime(struct sadb_comb *); 717 static struct mbuf *key_getcomb_ealg(void); 718 static struct mbuf *key_getcomb_ah(void); 719 static struct mbuf *key_getcomb_ipcomp(void); 720 static struct mbuf *key_getprop(const struct secasindex *); 721 722 static int key_acquire(const struct secasindex *, struct secpolicy *); 723 static uint32_t key_newacq(const struct secasindex *, int *); 724 static uint32_t key_getacq(const struct secasindex *, int *); 725 static int key_acqdone(const struct secasindex *, uint32_t); 726 static int key_acqreset(uint32_t); 727 static struct secspacq *key_newspacq(struct secpolicyindex *); 728 static struct secspacq *key_getspacq(struct secpolicyindex *); 729 static int key_acquire2(struct socket *, struct mbuf *, 730 const struct sadb_msghdr *); 731 static int key_register(struct socket *, struct mbuf *, 732 const struct sadb_msghdr *); 733 static int key_expire(struct secasvar *, int); 734 static int key_flush(struct socket *, struct mbuf *, 735 const struct sadb_msghdr *); 736 static int key_dump(struct socket *, struct mbuf *, 737 const struct sadb_msghdr *); 738 static int key_promisc(struct socket *, struct mbuf *, 739 const struct sadb_msghdr *); 740 static int key_senderror(struct socket *, struct mbuf *, int); 741 static int key_validate_ext(const struct sadb_ext *, int); 742 static int key_align(struct mbuf *, struct sadb_msghdr *); 743 static struct mbuf *key_setlifetime(struct seclifetime *, uint16_t); 744 static struct mbuf *key_setkey(struct seckey *, uint16_t); 745 746 static void spdcache_init(void); 747 static void spdcache_clear(void); 748 static struct spdcache_entry *spdcache_entry_alloc( 749 const struct secpolicyindex *spidx, 750 struct secpolicy *policy); 751 static void spdcache_entry_free(struct spdcache_entry *entry); 752 #ifdef VIMAGE 753 static void spdcache_destroy(void); 754 #endif 755 756 #define DBG_IPSEC_INITREF(t, p) do { \ 757 refcount_init(&(p)->refcnt, 1); \ 758 KEYDBG(KEY_STAMP, \ 759 printf("%s: Initialize refcnt %s(%p) = %u\n", \ 760 __func__, #t, (p), (p)->refcnt)); \ 761 } while (0) 762 #define DBG_IPSEC_ADDREF(t, p) do { \ 763 refcount_acquire(&(p)->refcnt); \ 764 KEYDBG(KEY_STAMP, \ 765 printf("%s: Acquire refcnt %s(%p) -> %u\n", \ 766 __func__, #t, (p), (p)->refcnt)); \ 767 } while (0) 768 #define DBG_IPSEC_DELREF(t, p) do { \ 769 KEYDBG(KEY_STAMP, \ 770 printf("%s: Release refcnt %s(%p) -> %u\n", \ 771 __func__, #t, (p), (p)->refcnt - 1)); \ 772 refcount_release(&(p)->refcnt); \ 773 } while (0) 774 775 #define IPSEC_INITREF(t, p) refcount_init(&(p)->refcnt, 1) 776 #define IPSEC_ADDREF(t, p) refcount_acquire(&(p)->refcnt) 777 #define IPSEC_DELREF(t, p) refcount_release(&(p)->refcnt) 778 779 #define SP_INITREF(p) IPSEC_INITREF(SP, p) 780 #define SP_ADDREF(p) IPSEC_ADDREF(SP, p) 781 #define SP_DELREF(p) IPSEC_DELREF(SP, p) 782 783 #define SAH_INITREF(p) IPSEC_INITREF(SAH, p) 784 #define SAH_ADDREF(p) IPSEC_ADDREF(SAH, p) 785 #define SAH_DELREF(p) IPSEC_DELREF(SAH, p) 786 787 #define SAV_INITREF(p) IPSEC_INITREF(SAV, p) 788 #define SAV_ADDREF(p) IPSEC_ADDREF(SAV, p) 789 #define SAV_DELREF(p) IPSEC_DELREF(SAV, p) 790 791 /* 792 * Update the refcnt while holding the SPTREE lock. 793 */ 794 void 795 key_addref(struct secpolicy *sp) 796 { 797 798 SP_ADDREF(sp); 799 } 800 801 /* 802 * Return 0 when there are known to be no SP's for the specified 803 * direction. Otherwise return 1. This is used by IPsec code 804 * to optimize performance. 805 */ 806 int 807 key_havesp(u_int dir) 808 { 809 810 return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ? 811 TAILQ_FIRST(&V_sptree[dir]) != NULL : 1); 812 } 813 814 /* %%% IPsec policy management */ 815 /* 816 * Return current SPDB generation. 817 */ 818 uint32_t 819 key_getspgen(void) 820 { 821 822 return (V_sp_genid); 823 } 824 825 void 826 key_bumpspgen(void) 827 { 828 829 V_sp_genid++; 830 } 831 832 static int 833 key_checksockaddrs(struct sockaddr *src, struct sockaddr *dst) 834 { 835 836 /* family match */ 837 if (src->sa_family != dst->sa_family) 838 return (EINVAL); 839 /* sa_len match */ 840 if (src->sa_len != dst->sa_len) 841 return (EINVAL); 842 switch (src->sa_family) { 843 #ifdef INET 844 case AF_INET: 845 if (src->sa_len != sizeof(struct sockaddr_in)) 846 return (EINVAL); 847 break; 848 #endif 849 #ifdef INET6 850 case AF_INET6: 851 if (src->sa_len != sizeof(struct sockaddr_in6)) 852 return (EINVAL); 853 break; 854 #endif 855 default: 856 return (EAFNOSUPPORT); 857 } 858 return (0); 859 } 860 861 struct secpolicy * 862 key_do_allocsp(struct secpolicyindex *spidx, u_int dir) 863 { 864 SPTREE_RLOCK_TRACKER; 865 struct secpolicy *sp; 866 867 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 868 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 869 ("invalid direction %u", dir)); 870 871 SPTREE_RLOCK(); 872 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 873 if (key_cmpspidx_withmask(&sp->spidx, spidx)) { 874 SP_ADDREF(sp); 875 break; 876 } 877 } 878 SPTREE_RUNLOCK(); 879 return (sp); 880 } 881 882 /* 883 * allocating a SP for OUTBOUND or INBOUND packet. 884 * Must call key_freesp() later. 885 * OUT: NULL: not found 886 * others: found and return the pointer. 887 */ 888 struct secpolicy * 889 key_allocsp(struct secpolicyindex *spidx, u_int dir) 890 { 891 struct spdcache_entry *entry, *lastentry, *tmpentry; 892 struct secpolicy *sp; 893 uint32_t hashv; 894 int nb_entries; 895 896 if (!SPDCACHE_ACTIVE()) { 897 sp = key_do_allocsp(spidx, dir); 898 goto out; 899 } 900 901 hashv = SPDCACHE_HASHVAL(spidx); 902 SPDCACHE_LOCK(hashv); 903 nb_entries = 0; 904 LIST_FOREACH_SAFE(entry, &V_spdcachehashtbl[hashv], chain, tmpentry) { 905 /* Removed outdated entries */ 906 if (entry->sp != NULL && 907 entry->sp->state == IPSEC_SPSTATE_DEAD) { 908 LIST_REMOVE(entry, chain); 909 spdcache_entry_free(entry); 910 continue; 911 } 912 913 nb_entries++; 914 if (!key_cmpspidx_exactly(&entry->spidx, spidx)) { 915 lastentry = entry; 916 continue; 917 } 918 919 sp = entry->sp; 920 if (entry->sp != NULL) 921 SP_ADDREF(sp); 922 923 /* IPSECSTAT_INC(ips_spdcache_hits); */ 924 925 SPDCACHE_UNLOCK(hashv); 926 goto out; 927 } 928 929 /* IPSECSTAT_INC(ips_spdcache_misses); */ 930 931 sp = key_do_allocsp(spidx, dir); 932 entry = spdcache_entry_alloc(spidx, sp); 933 if (entry != NULL) { 934 if (nb_entries >= SPDCACHE_MAX_ENTRIES_PER_HASH) { 935 LIST_REMOVE(lastentry, chain); 936 spdcache_entry_free(lastentry); 937 } 938 939 LIST_INSERT_HEAD(&V_spdcachehashtbl[hashv], entry, chain); 940 } 941 942 SPDCACHE_UNLOCK(hashv); 943 944 out: 945 if (sp != NULL) { /* found a SPD entry */ 946 sp->lastused = time_second; 947 KEYDBG(IPSEC_STAMP, 948 printf("%s: return SP(%p)\n", __func__, sp)); 949 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 950 } else { 951 KEYDBG(IPSEC_DATA, 952 printf("%s: lookup failed for ", __func__); 953 kdebug_secpolicyindex(spidx, NULL)); 954 } 955 return (sp); 956 } 957 958 /* 959 * Allocating an SA entry for an *INBOUND* or *OUTBOUND* TCP packet, signed 960 * or should be signed by MD5 signature. 961 * We don't use key_allocsa() for such lookups, because we don't know SPI. 962 * Unlike ESP and AH protocols, SPI isn't transmitted in the TCP header with 963 * signed packet. We use SADB only as storage for password. 964 * OUT: positive: corresponding SA for given saidx found. 965 * NULL: SA not found 966 */ 967 struct secasvar * 968 key_allocsa_tcpmd5(struct secasindex *saidx) 969 { 970 SAHTREE_RLOCK_TRACKER; 971 struct secashead *sah; 972 struct secasvar *sav; 973 974 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, 975 ("unexpected security protocol %u", saidx->proto)); 976 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TCPMD5, 977 ("unexpected mode %u", saidx->mode)); 978 979 SAHTREE_RLOCK(); 980 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 981 KEYDBG(IPSEC_DUMP, 982 printf("%s: checking SAH\n", __func__); 983 kdebug_secash(sah, " ")); 984 if (sah->saidx.proto != IPPROTO_TCP) 985 continue; 986 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 987 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 988 break; 989 } 990 if (sah != NULL) { 991 if (V_key_preferred_oldsa) 992 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 993 else 994 sav = TAILQ_FIRST(&sah->savtree_alive); 995 if (sav != NULL) 996 SAV_ADDREF(sav); 997 } else 998 sav = NULL; 999 SAHTREE_RUNLOCK(); 1000 1001 if (sav != NULL) { 1002 KEYDBG(IPSEC_STAMP, 1003 printf("%s: return SA(%p)\n", __func__, sav)); 1004 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1005 } else { 1006 KEYDBG(IPSEC_STAMP, 1007 printf("%s: SA not found\n", __func__)); 1008 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1009 } 1010 return (sav); 1011 } 1012 1013 /* 1014 * Allocating an SA entry for an *OUTBOUND* packet. 1015 * OUT: positive: corresponding SA for given saidx found. 1016 * NULL: SA not found, but will be acquired, check *error 1017 * for acquiring status. 1018 */ 1019 struct secasvar * 1020 key_allocsa_policy(struct secpolicy *sp, const struct secasindex *saidx, 1021 int *error) 1022 { 1023 SAHTREE_RLOCK_TRACKER; 1024 struct secashead *sah; 1025 struct secasvar *sav; 1026 1027 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 1028 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || 1029 saidx->mode == IPSEC_MODE_TUNNEL, 1030 ("unexpected policy %u", saidx->mode)); 1031 1032 /* 1033 * We check new SA in the IPsec request because a different 1034 * SA may be involved each time this request is checked, either 1035 * because new SAs are being configured, or this request is 1036 * associated with an unconnected datagram socket, or this request 1037 * is associated with a system default policy. 1038 */ 1039 SAHTREE_RLOCK(); 1040 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 1041 KEYDBG(IPSEC_DUMP, 1042 printf("%s: checking SAH\n", __func__); 1043 kdebug_secash(sah, " ")); 1044 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) 1045 break; 1046 } 1047 if (sah != NULL) { 1048 /* 1049 * Allocate the oldest SA available according to 1050 * draft-jenkins-ipsec-rekeying-03. 1051 */ 1052 if (V_key_preferred_oldsa) 1053 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1054 else 1055 sav = TAILQ_FIRST(&sah->savtree_alive); 1056 if (sav != NULL) 1057 SAV_ADDREF(sav); 1058 } else 1059 sav = NULL; 1060 SAHTREE_RUNLOCK(); 1061 1062 if (sav != NULL) { 1063 *error = 0; 1064 KEYDBG(IPSEC_STAMP, 1065 printf("%s: chosen SA(%p) for SP(%p)\n", __func__, 1066 sav, sp)); 1067 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1068 return (sav); /* return referenced SA */ 1069 } 1070 1071 /* there is no SA */ 1072 *error = key_acquire(saidx, sp); 1073 if ((*error) != 0) 1074 ipseclog((LOG_DEBUG, 1075 "%s: error %d returned from key_acquire()\n", 1076 __func__, *error)); 1077 KEYDBG(IPSEC_STAMP, 1078 printf("%s: acquire SA for SP(%p), error %d\n", 1079 __func__, sp, *error)); 1080 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1081 return (NULL); 1082 } 1083 1084 /* 1085 * allocating a usable SA entry for a *INBOUND* packet. 1086 * Must call key_freesav() later. 1087 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state). 1088 * NULL: not found, or error occurred. 1089 * 1090 * According to RFC 2401 SA is uniquely identified by a triple SPI, 1091 * destination address, and security protocol. But according to RFC 4301, 1092 * SPI by itself suffices to specify an SA. 1093 * 1094 * Note that, however, we do need to keep source address in IPsec SA. 1095 * IKE specification and PF_KEY specification do assume that we 1096 * keep source address in IPsec SA. We see a tricky situation here. 1097 */ 1098 struct secasvar * 1099 key_allocsa(union sockaddr_union *dst, uint8_t proto, uint32_t spi) 1100 { 1101 SAHTREE_RLOCK_TRACKER; 1102 struct secasvar *sav; 1103 1104 IPSEC_ASSERT(proto == IPPROTO_ESP || proto == IPPROTO_AH || 1105 proto == IPPROTO_IPCOMP, ("unexpected security protocol %u", 1106 proto)); 1107 1108 SAHTREE_RLOCK(); 1109 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 1110 if (sav->spi == spi) 1111 break; 1112 } 1113 /* 1114 * We use single SPI namespace for all protocols, so it is 1115 * impossible to have SPI duplicates in the SAVHASH. 1116 */ 1117 if (sav != NULL) { 1118 if (sav->state != SADB_SASTATE_LARVAL && 1119 sav->sah->saidx.proto == proto && 1120 key_sockaddrcmp(&dst->sa, 1121 &sav->sah->saidx.dst.sa, 0) == 0) 1122 SAV_ADDREF(sav); 1123 else 1124 sav = NULL; 1125 } 1126 SAHTREE_RUNLOCK(); 1127 1128 if (sav == NULL) { 1129 KEYDBG(IPSEC_STAMP, 1130 char buf[IPSEC_ADDRSTRLEN]; 1131 printf("%s: SA not found for spi %u proto %u dst %s\n", 1132 __func__, ntohl(spi), proto, ipsec_address(dst, buf, 1133 sizeof(buf)))); 1134 } else { 1135 KEYDBG(IPSEC_STAMP, 1136 printf("%s: return SA(%p)\n", __func__, sav)); 1137 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1138 } 1139 return (sav); 1140 } 1141 1142 struct secasvar * 1143 key_allocsa_tunnel(union sockaddr_union *src, union sockaddr_union *dst, 1144 uint8_t proto) 1145 { 1146 SAHTREE_RLOCK_TRACKER; 1147 struct secasindex saidx; 1148 struct secashead *sah; 1149 struct secasvar *sav; 1150 1151 IPSEC_ASSERT(src != NULL, ("null src address")); 1152 IPSEC_ASSERT(dst != NULL, ("null dst address")); 1153 1154 KEY_SETSECASIDX(proto, IPSEC_MODE_TUNNEL, 0, &src->sa, 1155 &dst->sa, &saidx); 1156 1157 sav = NULL; 1158 SAHTREE_RLOCK(); 1159 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 1160 if (IPSEC_MODE_TUNNEL != sah->saidx.mode) 1161 continue; 1162 if (proto != sah->saidx.proto) 1163 continue; 1164 if (key_sockaddrcmp(&src->sa, &sah->saidx.src.sa, 0) != 0) 1165 continue; 1166 if (key_sockaddrcmp(&dst->sa, &sah->saidx.dst.sa, 0) != 0) 1167 continue; 1168 /* XXXAE: is key_preferred_oldsa reasonably?*/ 1169 if (V_key_preferred_oldsa) 1170 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1171 else 1172 sav = TAILQ_FIRST(&sah->savtree_alive); 1173 if (sav != NULL) { 1174 SAV_ADDREF(sav); 1175 break; 1176 } 1177 } 1178 SAHTREE_RUNLOCK(); 1179 KEYDBG(IPSEC_STAMP, 1180 printf("%s: return SA(%p)\n", __func__, sav)); 1181 if (sav != NULL) 1182 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1183 return (sav); 1184 } 1185 1186 /* 1187 * Must be called after calling key_allocsp(). 1188 */ 1189 void 1190 key_freesp(struct secpolicy **spp) 1191 { 1192 struct secpolicy *sp = *spp; 1193 1194 IPSEC_ASSERT(sp != NULL, ("null sp")); 1195 if (SP_DELREF(sp) == 0) 1196 return; 1197 1198 KEYDBG(IPSEC_STAMP, 1199 printf("%s: last reference to SP(%p)\n", __func__, sp)); 1200 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 1201 1202 *spp = NULL; 1203 while (sp->tcount > 0) 1204 ipsec_delisr(sp->req[--sp->tcount]); 1205 free(sp, M_IPSEC_SP); 1206 } 1207 1208 static void 1209 key_unlink(struct secpolicy *sp) 1210 { 1211 SPTREE_WLOCK(); 1212 key_detach(sp); 1213 SPTREE_WUNLOCK(); 1214 if (SPDCACHE_ENABLED()) 1215 spdcache_clear(); 1216 key_freesp(&sp); 1217 } 1218 1219 static void 1220 key_detach(struct secpolicy *sp) 1221 { 1222 IPSEC_ASSERT(sp->spidx.dir == IPSEC_DIR_INBOUND || 1223 sp->spidx.dir == IPSEC_DIR_OUTBOUND, 1224 ("invalid direction %u", sp->spidx.dir)); 1225 SPTREE_WLOCK_ASSERT(); 1226 1227 KEYDBG(KEY_STAMP, 1228 printf("%s: SP(%p)\n", __func__, sp)); 1229 if (sp->state != IPSEC_SPSTATE_ALIVE) { 1230 /* SP is already unlinked */ 1231 return; 1232 } 1233 sp->state = IPSEC_SPSTATE_DEAD; 1234 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 1235 V_spd_size--; 1236 LIST_REMOVE(sp, idhash); 1237 V_sp_genid++; 1238 } 1239 1240 /* 1241 * insert a secpolicy into the SP database. Lower priorities first 1242 */ 1243 static void 1244 key_insertsp(struct secpolicy *newsp) 1245 { 1246 struct secpolicy *sp; 1247 1248 SPTREE_WLOCK_ASSERT(); 1249 TAILQ_FOREACH(sp, &V_sptree[newsp->spidx.dir], chain) { 1250 if (newsp->priority < sp->priority) { 1251 TAILQ_INSERT_BEFORE(sp, newsp, chain); 1252 goto done; 1253 } 1254 } 1255 TAILQ_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, chain); 1256 done: 1257 LIST_INSERT_HEAD(SPHASH_HASH(newsp->id), newsp, idhash); 1258 newsp->state = IPSEC_SPSTATE_ALIVE; 1259 V_spd_size++; 1260 V_sp_genid++; 1261 } 1262 1263 /* 1264 * Insert a bunch of VTI secpolicies into the SPDB. 1265 * We keep VTI policies in the separate list due to following reasons: 1266 * 1) they should be immutable to user's or some deamon's attempts to 1267 * delete. The only way delete such policies - destroy or unconfigure 1268 * corresponding virtual inteface. 1269 * 2) such policies have traffic selector that matches all traffic per 1270 * address family. 1271 * Since all VTI policies have the same priority, we don't care about 1272 * policies order. 1273 */ 1274 int 1275 key_register_ifnet(struct secpolicy **spp, u_int count) 1276 { 1277 struct mbuf *m; 1278 u_int i; 1279 1280 SPTREE_WLOCK(); 1281 /* 1282 * First of try to acquire id for each SP. 1283 */ 1284 for (i = 0; i < count; i++) { 1285 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1286 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1287 ("invalid direction %u", spp[i]->spidx.dir)); 1288 1289 if ((spp[i]->id = key_getnewspid()) == 0) { 1290 SPTREE_WUNLOCK(); 1291 return (EAGAIN); 1292 } 1293 } 1294 for (i = 0; i < count; i++) { 1295 TAILQ_INSERT_TAIL(&V_sptree_ifnet[spp[i]->spidx.dir], 1296 spp[i], chain); 1297 /* 1298 * NOTE: despite the fact that we keep VTI SP in the 1299 * separate list, SPHASH contains policies from both 1300 * sources. Thus SADB_X_SPDGET will correctly return 1301 * SP by id, because it uses SPHASH for lookups. 1302 */ 1303 LIST_INSERT_HEAD(SPHASH_HASH(spp[i]->id), spp[i], idhash); 1304 spp[i]->state = IPSEC_SPSTATE_IFNET; 1305 } 1306 SPTREE_WUNLOCK(); 1307 /* 1308 * Notify user processes about new SP. 1309 */ 1310 for (i = 0; i < count; i++) { 1311 m = key_setdumpsp(spp[i], SADB_X_SPDADD, 0, 0); 1312 if (m != NULL) 1313 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1314 } 1315 return (0); 1316 } 1317 1318 void 1319 key_unregister_ifnet(struct secpolicy **spp, u_int count) 1320 { 1321 struct mbuf *m; 1322 u_int i; 1323 1324 SPTREE_WLOCK(); 1325 for (i = 0; i < count; i++) { 1326 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1327 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1328 ("invalid direction %u", spp[i]->spidx.dir)); 1329 1330 if (spp[i]->state != IPSEC_SPSTATE_IFNET) 1331 continue; 1332 spp[i]->state = IPSEC_SPSTATE_DEAD; 1333 TAILQ_REMOVE(&V_sptree_ifnet[spp[i]->spidx.dir], 1334 spp[i], chain); 1335 V_spd_size--; 1336 LIST_REMOVE(spp[i], idhash); 1337 } 1338 SPTREE_WUNLOCK(); 1339 if (SPDCACHE_ENABLED()) 1340 spdcache_clear(); 1341 1342 for (i = 0; i < count; i++) { 1343 m = key_setdumpsp(spp[i], SADB_X_SPDDELETE, 0, 0); 1344 if (m != NULL) 1345 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1346 } 1347 } 1348 1349 /* 1350 * Must be called after calling key_allocsa(). 1351 * This function is called by key_freesp() to free some SA allocated 1352 * for a policy. 1353 */ 1354 void 1355 key_freesav(struct secasvar **psav) 1356 { 1357 struct secasvar *sav = *psav; 1358 1359 IPSEC_ASSERT(sav != NULL, ("null sav")); 1360 CURVNET_ASSERT_SET(); 1361 if (SAV_DELREF(sav) == 0) 1362 return; 1363 1364 KEYDBG(IPSEC_STAMP, 1365 printf("%s: last reference to SA(%p)\n", __func__, sav)); 1366 1367 *psav = NULL; 1368 key_delsav(sav); 1369 } 1370 1371 /* 1372 * Unlink SA from SAH and SPI hash under SAHTREE_WLOCK. 1373 * Expect that SA has extra reference due to lookup. 1374 * Release this references, also release SAH reference after unlink. 1375 */ 1376 static void 1377 key_unlinksav(struct secasvar *sav) 1378 { 1379 struct secashead *sah; 1380 1381 KEYDBG(KEY_STAMP, 1382 printf("%s: SA(%p)\n", __func__, sav)); 1383 1384 CURVNET_ASSERT_SET(); 1385 SAHTREE_UNLOCK_ASSERT(); 1386 SAHTREE_WLOCK(); 1387 if (sav->state == SADB_SASTATE_DEAD) { 1388 /* SA is already unlinked */ 1389 SAHTREE_WUNLOCK(); 1390 return; 1391 } 1392 /* Unlink from SAH */ 1393 if (sav->state == SADB_SASTATE_LARVAL) 1394 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 1395 else 1396 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 1397 /* Unlink from SPI hash */ 1398 LIST_REMOVE(sav, spihash); 1399 sav->state = SADB_SASTATE_DEAD; 1400 sah = sav->sah; 1401 SAHTREE_WUNLOCK(); 1402 key_freesav(&sav); 1403 /* Since we are unlinked, release reference to SAH */ 1404 key_freesah(&sah); 1405 } 1406 1407 /* %%% SPD management */ 1408 /* 1409 * search SPD 1410 * OUT: NULL : not found 1411 * others : found, pointer to a SP. 1412 */ 1413 static struct secpolicy * 1414 key_getsp(struct secpolicyindex *spidx) 1415 { 1416 SPTREE_RLOCK_TRACKER; 1417 struct secpolicy *sp; 1418 1419 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 1420 1421 SPTREE_RLOCK(); 1422 TAILQ_FOREACH(sp, &V_sptree[spidx->dir], chain) { 1423 if (key_cmpspidx_exactly(spidx, &sp->spidx)) { 1424 SP_ADDREF(sp); 1425 break; 1426 } 1427 } 1428 SPTREE_RUNLOCK(); 1429 1430 return sp; 1431 } 1432 1433 /* 1434 * get SP by index. 1435 * OUT: NULL : not found 1436 * others : found, pointer to referenced SP. 1437 */ 1438 static struct secpolicy * 1439 key_getspbyid(uint32_t id) 1440 { 1441 SPTREE_RLOCK_TRACKER; 1442 struct secpolicy *sp; 1443 1444 SPTREE_RLOCK(); 1445 LIST_FOREACH(sp, SPHASH_HASH(id), idhash) { 1446 if (sp->id == id) { 1447 SP_ADDREF(sp); 1448 break; 1449 } 1450 } 1451 SPTREE_RUNLOCK(); 1452 return (sp); 1453 } 1454 1455 struct secpolicy * 1456 key_newsp(void) 1457 { 1458 struct secpolicy *sp; 1459 1460 sp = malloc(sizeof(*sp), M_IPSEC_SP, M_NOWAIT | M_ZERO); 1461 if (sp != NULL) 1462 SP_INITREF(sp); 1463 return (sp); 1464 } 1465 1466 struct ipsecrequest * 1467 ipsec_newisr(void) 1468 { 1469 1470 return (malloc(sizeof(struct ipsecrequest), M_IPSEC_SR, 1471 M_NOWAIT | M_ZERO)); 1472 } 1473 1474 void 1475 ipsec_delisr(struct ipsecrequest *p) 1476 { 1477 1478 free(p, M_IPSEC_SR); 1479 } 1480 1481 /* 1482 * create secpolicy structure from sadb_x_policy structure. 1483 * NOTE: `state', `secpolicyindex' and 'id' in secpolicy structure 1484 * are not set, so must be set properly later. 1485 */ 1486 struct secpolicy * 1487 key_msg2sp(struct sadb_x_policy *xpl0, size_t len, int *error) 1488 { 1489 struct secpolicy *newsp; 1490 1491 IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); 1492 IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len)); 1493 1494 if (len != PFKEY_EXTLEN(xpl0)) { 1495 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__)); 1496 *error = EINVAL; 1497 return NULL; 1498 } 1499 1500 if ((newsp = key_newsp()) == NULL) { 1501 *error = ENOBUFS; 1502 return NULL; 1503 } 1504 1505 newsp->spidx.dir = xpl0->sadb_x_policy_dir; 1506 newsp->policy = xpl0->sadb_x_policy_type; 1507 newsp->priority = xpl0->sadb_x_policy_priority; 1508 newsp->tcount = 0; 1509 1510 /* check policy */ 1511 switch (xpl0->sadb_x_policy_type) { 1512 case IPSEC_POLICY_DISCARD: 1513 case IPSEC_POLICY_NONE: 1514 case IPSEC_POLICY_ENTRUST: 1515 case IPSEC_POLICY_BYPASS: 1516 break; 1517 1518 case IPSEC_POLICY_IPSEC: 1519 { 1520 struct sadb_x_ipsecrequest *xisr; 1521 struct ipsecrequest *isr; 1522 int tlen; 1523 1524 /* validity check */ 1525 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { 1526 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", 1527 __func__)); 1528 key_freesp(&newsp); 1529 *error = EINVAL; 1530 return NULL; 1531 } 1532 1533 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); 1534 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1); 1535 1536 while (tlen > 0) { 1537 /* length check */ 1538 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr) || 1539 xisr->sadb_x_ipsecrequest_len > tlen) { 1540 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest " 1541 "length.\n", __func__)); 1542 key_freesp(&newsp); 1543 *error = EINVAL; 1544 return NULL; 1545 } 1546 1547 if (newsp->tcount >= IPSEC_MAXREQ) { 1548 ipseclog((LOG_DEBUG, 1549 "%s: too many ipsecrequests.\n", 1550 __func__)); 1551 key_freesp(&newsp); 1552 *error = EINVAL; 1553 return (NULL); 1554 } 1555 1556 /* allocate request buffer */ 1557 /* NB: data structure is zero'd */ 1558 isr = ipsec_newisr(); 1559 if (isr == NULL) { 1560 ipseclog((LOG_DEBUG, 1561 "%s: No more memory.\n", __func__)); 1562 key_freesp(&newsp); 1563 *error = ENOBUFS; 1564 return NULL; 1565 } 1566 1567 newsp->req[newsp->tcount++] = isr; 1568 1569 /* set values */ 1570 switch (xisr->sadb_x_ipsecrequest_proto) { 1571 case IPPROTO_ESP: 1572 case IPPROTO_AH: 1573 case IPPROTO_IPCOMP: 1574 break; 1575 default: 1576 ipseclog((LOG_DEBUG, 1577 "%s: invalid proto type=%u\n", __func__, 1578 xisr->sadb_x_ipsecrequest_proto)); 1579 key_freesp(&newsp); 1580 *error = EPROTONOSUPPORT; 1581 return NULL; 1582 } 1583 isr->saidx.proto = 1584 (uint8_t)xisr->sadb_x_ipsecrequest_proto; 1585 1586 switch (xisr->sadb_x_ipsecrequest_mode) { 1587 case IPSEC_MODE_TRANSPORT: 1588 case IPSEC_MODE_TUNNEL: 1589 break; 1590 case IPSEC_MODE_ANY: 1591 default: 1592 ipseclog((LOG_DEBUG, 1593 "%s: invalid mode=%u\n", __func__, 1594 xisr->sadb_x_ipsecrequest_mode)); 1595 key_freesp(&newsp); 1596 *error = EINVAL; 1597 return NULL; 1598 } 1599 isr->saidx.mode = xisr->sadb_x_ipsecrequest_mode; 1600 1601 switch (xisr->sadb_x_ipsecrequest_level) { 1602 case IPSEC_LEVEL_DEFAULT: 1603 case IPSEC_LEVEL_USE: 1604 case IPSEC_LEVEL_REQUIRE: 1605 break; 1606 case IPSEC_LEVEL_UNIQUE: 1607 /* validity check */ 1608 /* 1609 * If range violation of reqid, kernel will 1610 * update it, don't refuse it. 1611 */ 1612 if (xisr->sadb_x_ipsecrequest_reqid 1613 > IPSEC_MANUAL_REQID_MAX) { 1614 ipseclog((LOG_DEBUG, 1615 "%s: reqid=%d range " 1616 "violation, updated by kernel.\n", 1617 __func__, 1618 xisr->sadb_x_ipsecrequest_reqid)); 1619 xisr->sadb_x_ipsecrequest_reqid = 0; 1620 } 1621 1622 /* allocate new reqid id if reqid is zero. */ 1623 if (xisr->sadb_x_ipsecrequest_reqid == 0) { 1624 u_int32_t reqid; 1625 if ((reqid = key_newreqid()) == 0) { 1626 key_freesp(&newsp); 1627 *error = ENOBUFS; 1628 return NULL; 1629 } 1630 isr->saidx.reqid = reqid; 1631 xisr->sadb_x_ipsecrequest_reqid = reqid; 1632 } else { 1633 /* set it for manual keying. */ 1634 isr->saidx.reqid = 1635 xisr->sadb_x_ipsecrequest_reqid; 1636 } 1637 break; 1638 1639 default: 1640 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n", 1641 __func__, 1642 xisr->sadb_x_ipsecrequest_level)); 1643 key_freesp(&newsp); 1644 *error = EINVAL; 1645 return NULL; 1646 } 1647 isr->level = xisr->sadb_x_ipsecrequest_level; 1648 1649 /* set IP addresses if there */ 1650 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 1651 struct sockaddr *paddr; 1652 1653 len = tlen - sizeof(*xisr); 1654 paddr = (struct sockaddr *)(xisr + 1); 1655 /* validity check */ 1656 if (len < sizeof(struct sockaddr) || 1657 len < 2 * paddr->sa_len || 1658 paddr->sa_len > sizeof(isr->saidx.src)) { 1659 ipseclog((LOG_DEBUG, "%s: invalid " 1660 "request address length.\n", 1661 __func__)); 1662 key_freesp(&newsp); 1663 *error = EINVAL; 1664 return NULL; 1665 } 1666 /* 1667 * Request length should be enough to keep 1668 * source and destination addresses. 1669 */ 1670 if (xisr->sadb_x_ipsecrequest_len < 1671 sizeof(*xisr) + 2 * paddr->sa_len) { 1672 ipseclog((LOG_DEBUG, "%s: invalid " 1673 "ipsecrequest length.\n", 1674 __func__)); 1675 key_freesp(&newsp); 1676 *error = EINVAL; 1677 return (NULL); 1678 } 1679 bcopy(paddr, &isr->saidx.src, paddr->sa_len); 1680 paddr = (struct sockaddr *)((caddr_t)paddr + 1681 paddr->sa_len); 1682 1683 /* validity check */ 1684 if (paddr->sa_len != 1685 isr->saidx.src.sa.sa_len) { 1686 ipseclog((LOG_DEBUG, "%s: invalid " 1687 "request address length.\n", 1688 __func__)); 1689 key_freesp(&newsp); 1690 *error = EINVAL; 1691 return NULL; 1692 } 1693 /* AF family should match */ 1694 if (paddr->sa_family != 1695 isr->saidx.src.sa.sa_family) { 1696 ipseclog((LOG_DEBUG, "%s: address " 1697 "family doesn't match.\n", 1698 __func__)); 1699 key_freesp(&newsp); 1700 *error = EINVAL; 1701 return (NULL); 1702 } 1703 bcopy(paddr, &isr->saidx.dst, paddr->sa_len); 1704 } else { 1705 /* 1706 * Addresses for TUNNEL mode requests are 1707 * mandatory. 1708 */ 1709 if (isr->saidx.mode == IPSEC_MODE_TUNNEL) { 1710 ipseclog((LOG_DEBUG, "%s: missing " 1711 "request addresses.\n", __func__)); 1712 key_freesp(&newsp); 1713 *error = EINVAL; 1714 return (NULL); 1715 } 1716 } 1717 tlen -= xisr->sadb_x_ipsecrequest_len; 1718 1719 /* validity check */ 1720 if (tlen < 0) { 1721 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n", 1722 __func__)); 1723 key_freesp(&newsp); 1724 *error = EINVAL; 1725 return NULL; 1726 } 1727 1728 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 1729 + xisr->sadb_x_ipsecrequest_len); 1730 } 1731 /* XXXAE: LARVAL SP */ 1732 if (newsp->tcount < 1) { 1733 ipseclog((LOG_DEBUG, "%s: valid IPSEC transforms " 1734 "not found.\n", __func__)); 1735 key_freesp(&newsp); 1736 *error = EINVAL; 1737 return (NULL); 1738 } 1739 } 1740 break; 1741 default: 1742 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 1743 key_freesp(&newsp); 1744 *error = EINVAL; 1745 return NULL; 1746 } 1747 1748 *error = 0; 1749 return (newsp); 1750 } 1751 1752 uint32_t 1753 key_newreqid(void) 1754 { 1755 static uint32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1756 1757 if (auto_reqid == ~0) 1758 auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1759 else 1760 auto_reqid++; 1761 1762 /* XXX should be unique check */ 1763 return (auto_reqid); 1764 } 1765 1766 /* 1767 * copy secpolicy struct to sadb_x_policy structure indicated. 1768 */ 1769 static struct mbuf * 1770 key_sp2mbuf(struct secpolicy *sp) 1771 { 1772 struct mbuf *m; 1773 size_t tlen; 1774 1775 tlen = key_getspreqmsglen(sp); 1776 m = m_get2(tlen, M_NOWAIT, MT_DATA, 0); 1777 if (m == NULL) 1778 return (NULL); 1779 m_align(m, tlen); 1780 m->m_len = tlen; 1781 if (key_sp2msg(sp, m->m_data, &tlen) != 0) { 1782 m_freem(m); 1783 return (NULL); 1784 } 1785 return (m); 1786 } 1787 1788 int 1789 key_sp2msg(struct secpolicy *sp, void *request, size_t *len) 1790 { 1791 struct sadb_x_ipsecrequest *xisr; 1792 struct sadb_x_policy *xpl; 1793 struct ipsecrequest *isr; 1794 size_t xlen, ilen; 1795 caddr_t p; 1796 int error, i; 1797 1798 IPSEC_ASSERT(sp != NULL, ("null policy")); 1799 1800 xlen = sizeof(*xpl); 1801 if (*len < xlen) 1802 return (EINVAL); 1803 1804 error = 0; 1805 bzero(request, *len); 1806 xpl = (struct sadb_x_policy *)request; 1807 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1808 xpl->sadb_x_policy_type = sp->policy; 1809 xpl->sadb_x_policy_dir = sp->spidx.dir; 1810 xpl->sadb_x_policy_id = sp->id; 1811 xpl->sadb_x_policy_priority = sp->priority; 1812 switch (sp->state) { 1813 case IPSEC_SPSTATE_IFNET: 1814 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_IFNET; 1815 break; 1816 case IPSEC_SPSTATE_PCB: 1817 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_PCB; 1818 break; 1819 default: 1820 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_GLOBAL; 1821 } 1822 1823 /* if is the policy for ipsec ? */ 1824 if (sp->policy == IPSEC_POLICY_IPSEC) { 1825 p = (caddr_t)xpl + sizeof(*xpl); 1826 for (i = 0; i < sp->tcount; i++) { 1827 isr = sp->req[i]; 1828 ilen = PFKEY_ALIGN8(sizeof(*xisr) + 1829 isr->saidx.src.sa.sa_len + 1830 isr->saidx.dst.sa.sa_len); 1831 xlen += ilen; 1832 if (xlen > *len) { 1833 error = ENOBUFS; 1834 /* Calculate needed size */ 1835 continue; 1836 } 1837 xisr = (struct sadb_x_ipsecrequest *)p; 1838 xisr->sadb_x_ipsecrequest_len = ilen; 1839 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 1840 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 1841 xisr->sadb_x_ipsecrequest_level = isr->level; 1842 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; 1843 1844 p += sizeof(*xisr); 1845 bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len); 1846 p += isr->saidx.src.sa.sa_len; 1847 bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len); 1848 p += isr->saidx.dst.sa.sa_len; 1849 } 1850 } 1851 xpl->sadb_x_policy_len = PFKEY_UNIT64(xlen); 1852 if (error == 0) 1853 *len = xlen; 1854 else 1855 *len = sizeof(*xpl); 1856 return (error); 1857 } 1858 1859 /* m will not be freed nor modified */ 1860 static struct mbuf * 1861 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, 1862 int ndeep, int nitem, ...) 1863 { 1864 va_list ap; 1865 int idx; 1866 int i; 1867 struct mbuf *result = NULL, *n; 1868 int len; 1869 1870 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1871 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1872 1873 va_start(ap, nitem); 1874 for (i = 0; i < nitem; i++) { 1875 idx = va_arg(ap, int); 1876 if (idx < 0 || idx > SADB_EXT_MAX) 1877 goto fail; 1878 /* don't attempt to pull empty extension */ 1879 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) 1880 continue; 1881 if (idx != SADB_EXT_RESERVED && 1882 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) 1883 continue; 1884 1885 if (idx == SADB_EXT_RESERVED) { 1886 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 1887 1888 IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len)); 1889 1890 MGETHDR(n, M_NOWAIT, MT_DATA); 1891 if (!n) 1892 goto fail; 1893 n->m_len = len; 1894 n->m_next = NULL; 1895 m_copydata(m, 0, sizeof(struct sadb_msg), 1896 mtod(n, caddr_t)); 1897 } else if (i < ndeep) { 1898 len = mhp->extlen[idx]; 1899 n = m_get2(len, M_NOWAIT, MT_DATA, 0); 1900 if (n == NULL) 1901 goto fail; 1902 m_align(n, len); 1903 n->m_len = len; 1904 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], 1905 mtod(n, caddr_t)); 1906 } else { 1907 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], 1908 M_NOWAIT); 1909 } 1910 if (n == NULL) 1911 goto fail; 1912 1913 if (result) 1914 m_cat(result, n); 1915 else 1916 result = n; 1917 } 1918 va_end(ap); 1919 1920 if ((result->m_flags & M_PKTHDR) != 0) { 1921 result->m_pkthdr.len = 0; 1922 for (n = result; n; n = n->m_next) 1923 result->m_pkthdr.len += n->m_len; 1924 } 1925 1926 return result; 1927 1928 fail: 1929 m_freem(result); 1930 va_end(ap); 1931 return NULL; 1932 } 1933 1934 /* 1935 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing 1936 * add an entry to SP database, when received 1937 * <base, address(SD), (lifetime(H),) policy> 1938 * from the user(?). 1939 * Adding to SP database, 1940 * and send 1941 * <base, address(SD), (lifetime(H),) policy> 1942 * to the socket which was send. 1943 * 1944 * SPDADD set a unique policy entry. 1945 * SPDSETIDX like SPDADD without a part of policy requests. 1946 * SPDUPDATE replace a unique policy entry. 1947 * 1948 * XXXAE: serialize this in PF_KEY to avoid races. 1949 * m will always be freed. 1950 */ 1951 static int 1952 key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 1953 { 1954 struct secpolicyindex spidx; 1955 struct sadb_address *src0, *dst0; 1956 struct sadb_x_policy *xpl0, *xpl; 1957 struct sadb_lifetime *lft = NULL; 1958 struct secpolicy *newsp, *oldsp; 1959 int error; 1960 1961 IPSEC_ASSERT(so != NULL, ("null socket")); 1962 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1963 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1964 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 1965 1966 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 1967 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 1968 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 1969 ipseclog((LOG_DEBUG, 1970 "%s: invalid message: missing required header.\n", 1971 __func__)); 1972 return key_senderror(so, m, EINVAL); 1973 } 1974 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 1975 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 1976 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 1977 ipseclog((LOG_DEBUG, 1978 "%s: invalid message: wrong header size.\n", __func__)); 1979 return key_senderror(so, m, EINVAL); 1980 } 1981 if (!SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD)) { 1982 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD)) { 1983 ipseclog((LOG_DEBUG, 1984 "%s: invalid message: wrong header size.\n", 1985 __func__)); 1986 return key_senderror(so, m, EINVAL); 1987 } 1988 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 1989 } 1990 1991 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 1992 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 1993 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 1994 1995 /* check the direciton */ 1996 switch (xpl0->sadb_x_policy_dir) { 1997 case IPSEC_DIR_INBOUND: 1998 case IPSEC_DIR_OUTBOUND: 1999 break; 2000 default: 2001 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2002 return key_senderror(so, m, EINVAL); 2003 } 2004 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */ 2005 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2006 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2007 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2008 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2009 return key_senderror(so, m, EINVAL); 2010 } 2011 2012 /* policy requests are mandatory when action is ipsec. */ 2013 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 2014 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { 2015 ipseclog((LOG_DEBUG, 2016 "%s: policy requests required.\n", __func__)); 2017 return key_senderror(so, m, EINVAL); 2018 } 2019 2020 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 2021 (struct sockaddr *)(dst0 + 1)); 2022 if (error != 0 || 2023 src0->sadb_address_proto != dst0->sadb_address_proto) { 2024 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2025 return key_senderror(so, m, error); 2026 } 2027 /* make secindex */ 2028 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2029 src0 + 1, 2030 dst0 + 1, 2031 src0->sadb_address_prefixlen, 2032 dst0->sadb_address_prefixlen, 2033 src0->sadb_address_proto, 2034 &spidx); 2035 /* Checking there is SP already or not. */ 2036 oldsp = key_getsp(&spidx); 2037 if (oldsp != NULL) { 2038 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 2039 KEYDBG(KEY_STAMP, 2040 printf("%s: unlink SP(%p) for SPDUPDATE\n", 2041 __func__, oldsp)); 2042 KEYDBG(KEY_DATA, kdebug_secpolicy(oldsp)); 2043 } else { 2044 key_freesp(&oldsp); 2045 ipseclog((LOG_DEBUG, 2046 "%s: a SP entry exists already.\n", __func__)); 2047 return (key_senderror(so, m, EEXIST)); 2048 } 2049 } 2050 2051 /* allocate new SP entry */ 2052 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) { 2053 if (oldsp != NULL) { 2054 key_unlink(oldsp); 2055 key_freesp(&oldsp); /* second for our reference */ 2056 } 2057 return key_senderror(so, m, error); 2058 } 2059 2060 newsp->lastused = newsp->created = time_second; 2061 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; 2062 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; 2063 bcopy(&spidx, &newsp->spidx, sizeof(spidx)); 2064 2065 SPTREE_WLOCK(); 2066 if ((newsp->id = key_getnewspid()) == 0) { 2067 if (oldsp != NULL) 2068 key_detach(oldsp); 2069 SPTREE_WUNLOCK(); 2070 if (oldsp != NULL) { 2071 key_freesp(&oldsp); /* first for key_detach */ 2072 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug")); 2073 key_freesp(&oldsp); /* second for our reference */ 2074 if (SPDCACHE_ENABLED()) /* refresh cache because of key_detach */ 2075 spdcache_clear(); 2076 } 2077 key_freesp(&newsp); 2078 return key_senderror(so, m, ENOBUFS); 2079 } 2080 if (oldsp != NULL) 2081 key_detach(oldsp); 2082 key_insertsp(newsp); 2083 SPTREE_WUNLOCK(); 2084 if (oldsp != NULL) { 2085 key_freesp(&oldsp); /* first for key_detach */ 2086 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug")); 2087 key_freesp(&oldsp); /* second for our reference */ 2088 } 2089 if (SPDCACHE_ENABLED()) 2090 spdcache_clear(); 2091 KEYDBG(KEY_STAMP, 2092 printf("%s: SP(%p)\n", __func__, newsp)); 2093 KEYDBG(KEY_DATA, kdebug_secpolicy(newsp)); 2094 2095 { 2096 struct mbuf *n, *mpolicy; 2097 struct sadb_msg *newmsg; 2098 int off; 2099 2100 /* create new sadb_msg to reply. */ 2101 if (lft) { 2102 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, 2103 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, 2104 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2105 } else { 2106 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, 2107 SADB_X_EXT_POLICY, 2108 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2109 } 2110 if (!n) 2111 return key_senderror(so, m, ENOBUFS); 2112 2113 if (n->m_len < sizeof(*newmsg)) { 2114 n = m_pullup(n, sizeof(*newmsg)); 2115 if (!n) 2116 return key_senderror(so, m, ENOBUFS); 2117 } 2118 newmsg = mtod(n, struct sadb_msg *); 2119 newmsg->sadb_msg_errno = 0; 2120 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2121 2122 off = 0; 2123 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), 2124 sizeof(*xpl), &off); 2125 if (mpolicy == NULL) { 2126 /* n is already freed */ 2127 return key_senderror(so, m, ENOBUFS); 2128 } 2129 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off); 2130 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { 2131 m_freem(n); 2132 return key_senderror(so, m, EINVAL); 2133 } 2134 xpl->sadb_x_policy_id = newsp->id; 2135 2136 m_freem(m); 2137 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2138 } 2139 } 2140 2141 /* 2142 * get new policy id. 2143 * OUT: 2144 * 0: failure. 2145 * others: success. 2146 */ 2147 static uint32_t 2148 key_getnewspid(void) 2149 { 2150 struct secpolicy *sp; 2151 uint32_t newid = 0; 2152 int tries, limit; 2153 2154 SPTREE_WLOCK_ASSERT(); 2155 2156 limit = atomic_load_int(&V_key_spi_trycnt); 2157 for (tries = 0; tries < limit; tries++) { 2158 if (V_policy_id == ~0) /* overflowed */ 2159 newid = V_policy_id = 1; 2160 else 2161 newid = ++V_policy_id; 2162 LIST_FOREACH(sp, SPHASH_HASH(newid), idhash) { 2163 if (sp->id == newid) 2164 break; 2165 } 2166 if (sp == NULL) 2167 break; 2168 } 2169 if (tries == limit || newid == 0) { 2170 ipseclog((LOG_DEBUG, "%s: failed to allocate policy id.\n", 2171 __func__)); 2172 return (0); 2173 } 2174 return (newid); 2175 } 2176 2177 /* 2178 * SADB_SPDDELETE processing 2179 * receive 2180 * <base, address(SD), policy(*)> 2181 * from the user(?), and set SADB_SASTATE_DEAD, 2182 * and send, 2183 * <base, address(SD), policy(*)> 2184 * to the ikmpd. 2185 * policy(*) including direction of policy. 2186 * 2187 * m will always be freed. 2188 */ 2189 static int 2190 key_spddelete(struct socket *so, struct mbuf *m, 2191 const struct sadb_msghdr *mhp) 2192 { 2193 struct secpolicyindex spidx; 2194 struct sadb_address *src0, *dst0; 2195 struct sadb_x_policy *xpl0; 2196 struct secpolicy *sp; 2197 2198 IPSEC_ASSERT(so != NULL, ("null so")); 2199 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2200 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2201 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2202 2203 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 2204 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 2205 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 2206 ipseclog((LOG_DEBUG, 2207 "%s: invalid message: missing required header.\n", 2208 __func__)); 2209 return key_senderror(so, m, EINVAL); 2210 } 2211 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 2212 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 2213 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2214 ipseclog((LOG_DEBUG, 2215 "%s: invalid message: wrong header size.\n", __func__)); 2216 return key_senderror(so, m, EINVAL); 2217 } 2218 2219 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 2220 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2221 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2222 2223 /* check the direciton */ 2224 switch (xpl0->sadb_x_policy_dir) { 2225 case IPSEC_DIR_INBOUND: 2226 case IPSEC_DIR_OUTBOUND: 2227 break; 2228 default: 2229 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2230 return key_senderror(so, m, EINVAL); 2231 } 2232 /* Only DISCARD, NONE and IPSEC are allowed */ 2233 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2234 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2235 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2236 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2237 return key_senderror(so, m, EINVAL); 2238 } 2239 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 2240 (struct sockaddr *)(dst0 + 1)) != 0 || 2241 src0->sadb_address_proto != dst0->sadb_address_proto) { 2242 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2243 return key_senderror(so, m, EINVAL); 2244 } 2245 /* make secindex */ 2246 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2247 src0 + 1, 2248 dst0 + 1, 2249 src0->sadb_address_prefixlen, 2250 dst0->sadb_address_prefixlen, 2251 src0->sadb_address_proto, 2252 &spidx); 2253 2254 /* Is there SP in SPD ? */ 2255 if ((sp = key_getsp(&spidx)) == NULL) { 2256 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__)); 2257 return key_senderror(so, m, EINVAL); 2258 } 2259 2260 /* save policy id to buffer to be returned. */ 2261 xpl0->sadb_x_policy_id = sp->id; 2262 2263 KEYDBG(KEY_STAMP, 2264 printf("%s: SP(%p)\n", __func__, sp)); 2265 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2266 key_unlink(sp); 2267 key_freesp(&sp); 2268 2269 { 2270 struct mbuf *n; 2271 struct sadb_msg *newmsg; 2272 2273 /* create new sadb_msg to reply. */ 2274 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 2275 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2276 if (!n) 2277 return key_senderror(so, m, ENOBUFS); 2278 2279 newmsg = mtod(n, struct sadb_msg *); 2280 newmsg->sadb_msg_errno = 0; 2281 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2282 2283 m_freem(m); 2284 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2285 } 2286 } 2287 2288 /* 2289 * SADB_SPDDELETE2 processing 2290 * receive 2291 * <base, policy(*)> 2292 * from the user(?), and set SADB_SASTATE_DEAD, 2293 * and send, 2294 * <base, policy(*)> 2295 * to the ikmpd. 2296 * policy(*) including direction of policy. 2297 * 2298 * m will always be freed. 2299 */ 2300 static int 2301 key_spddelete2(struct socket *so, struct mbuf *m, 2302 const struct sadb_msghdr *mhp) 2303 { 2304 struct secpolicy *sp; 2305 uint32_t id; 2306 2307 IPSEC_ASSERT(so != NULL, ("null socket")); 2308 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2309 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2310 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2311 2312 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2313 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2314 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2315 __func__)); 2316 return key_senderror(so, m, EINVAL); 2317 } 2318 2319 id = ((struct sadb_x_policy *) 2320 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2321 2322 /* Is there SP in SPD ? */ 2323 if ((sp = key_getspbyid(id)) == NULL) { 2324 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2325 __func__, id)); 2326 return key_senderror(so, m, EINVAL); 2327 } 2328 2329 KEYDBG(KEY_STAMP, 2330 printf("%s: SP(%p)\n", __func__, sp)); 2331 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2332 key_unlink(sp); 2333 if (sp->state != IPSEC_SPSTATE_DEAD) { 2334 ipseclog((LOG_DEBUG, "%s: failed to delete SP with id %u.\n", 2335 __func__, id)); 2336 key_freesp(&sp); 2337 return (key_senderror(so, m, EACCES)); 2338 } 2339 key_freesp(&sp); 2340 2341 { 2342 struct mbuf *n, *nn; 2343 struct sadb_msg *newmsg; 2344 int off, len; 2345 2346 /* create new sadb_msg to reply. */ 2347 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2348 2349 MGETHDR(n, M_NOWAIT, MT_DATA); 2350 if (n && len > MHLEN) { 2351 if (!(MCLGET(n, M_NOWAIT))) { 2352 m_freem(n); 2353 n = NULL; 2354 } 2355 } 2356 if (!n) 2357 return key_senderror(so, m, ENOBUFS); 2358 2359 n->m_len = len; 2360 n->m_next = NULL; 2361 off = 0; 2362 2363 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 2364 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2365 2366 IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)", 2367 off, len)); 2368 2369 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], 2370 mhp->extlen[SADB_X_EXT_POLICY], M_NOWAIT); 2371 if (!n->m_next) { 2372 m_freem(n); 2373 return key_senderror(so, m, ENOBUFS); 2374 } 2375 2376 n->m_pkthdr.len = 0; 2377 for (nn = n; nn; nn = nn->m_next) 2378 n->m_pkthdr.len += nn->m_len; 2379 2380 newmsg = mtod(n, struct sadb_msg *); 2381 newmsg->sadb_msg_errno = 0; 2382 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2383 2384 m_freem(m); 2385 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2386 } 2387 } 2388 2389 /* 2390 * SADB_X_SPDGET processing 2391 * receive 2392 * <base, policy(*)> 2393 * from the user(?), 2394 * and send, 2395 * <base, address(SD), policy> 2396 * to the ikmpd. 2397 * policy(*) including direction of policy. 2398 * 2399 * m will always be freed. 2400 */ 2401 static int 2402 key_spdget(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2403 { 2404 struct secpolicy *sp; 2405 struct mbuf *n; 2406 uint32_t id; 2407 2408 IPSEC_ASSERT(so != NULL, ("null socket")); 2409 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2410 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2411 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2412 2413 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2414 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2415 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2416 __func__)); 2417 return key_senderror(so, m, EINVAL); 2418 } 2419 2420 id = ((struct sadb_x_policy *) 2421 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2422 2423 /* Is there SP in SPD ? */ 2424 if ((sp = key_getspbyid(id)) == NULL) { 2425 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2426 __func__, id)); 2427 return key_senderror(so, m, ENOENT); 2428 } 2429 2430 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq, 2431 mhp->msg->sadb_msg_pid); 2432 key_freesp(&sp); 2433 if (n != NULL) { 2434 m_freem(m); 2435 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2436 } else 2437 return key_senderror(so, m, ENOBUFS); 2438 } 2439 2440 /* 2441 * SADB_X_SPDACQUIRE processing. 2442 * Acquire policy and SA(s) for a *OUTBOUND* packet. 2443 * send 2444 * <base, policy(*)> 2445 * to KMD, and expect to receive 2446 * <base> with SADB_X_SPDACQUIRE if error occurred, 2447 * or 2448 * <base, policy> 2449 * with SADB_X_SPDUPDATE from KMD by PF_KEY. 2450 * policy(*) is without policy requests. 2451 * 2452 * 0 : succeed 2453 * others: error number 2454 */ 2455 int 2456 key_spdacquire(struct secpolicy *sp) 2457 { 2458 struct mbuf *result = NULL, *m; 2459 struct secspacq *newspacq; 2460 2461 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2462 IPSEC_ASSERT(sp->req == NULL, ("policy exists")); 2463 IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, 2464 ("policy not IPSEC %u", sp->policy)); 2465 2466 /* Get an entry to check whether sent message or not. */ 2467 newspacq = key_getspacq(&sp->spidx); 2468 if (newspacq != NULL) { 2469 if (V_key_blockacq_count < newspacq->count) { 2470 /* reset counter and do send message. */ 2471 newspacq->count = 0; 2472 } else { 2473 /* increment counter and do nothing. */ 2474 newspacq->count++; 2475 SPACQ_UNLOCK(); 2476 return (0); 2477 } 2478 SPACQ_UNLOCK(); 2479 } else { 2480 /* make new entry for blocking to send SADB_ACQUIRE. */ 2481 newspacq = key_newspacq(&sp->spidx); 2482 if (newspacq == NULL) 2483 return ENOBUFS; 2484 } 2485 2486 /* create new sadb_msg to reply. */ 2487 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); 2488 if (!m) 2489 return ENOBUFS; 2490 2491 result = m; 2492 2493 result->m_pkthdr.len = 0; 2494 for (m = result; m; m = m->m_next) 2495 result->m_pkthdr.len += m->m_len; 2496 2497 mtod(result, struct sadb_msg *)->sadb_msg_len = 2498 PFKEY_UNIT64(result->m_pkthdr.len); 2499 2500 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED); 2501 } 2502 2503 /* 2504 * SADB_SPDFLUSH processing 2505 * receive 2506 * <base> 2507 * from the user, and free all entries in secpctree. 2508 * and send, 2509 * <base> 2510 * to the user. 2511 * NOTE: what to do is only marking SADB_SASTATE_DEAD. 2512 * 2513 * m will always be freed. 2514 */ 2515 static int 2516 key_spdflush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2517 { 2518 struct secpolicy_queue drainq; 2519 struct sadb_msg *newmsg; 2520 struct secpolicy *sp, *nextsp; 2521 u_int dir; 2522 2523 IPSEC_ASSERT(so != NULL, ("null socket")); 2524 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2525 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2526 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2527 2528 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) 2529 return key_senderror(so, m, EINVAL); 2530 2531 TAILQ_INIT(&drainq); 2532 SPTREE_WLOCK(); 2533 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2534 TAILQ_CONCAT(&drainq, &V_sptree[dir], chain); 2535 } 2536 /* 2537 * We need to set state to DEAD for each policy to be sure, 2538 * that another thread won't try to unlink it. 2539 * Also remove SP from sphash. 2540 */ 2541 TAILQ_FOREACH(sp, &drainq, chain) { 2542 sp->state = IPSEC_SPSTATE_DEAD; 2543 LIST_REMOVE(sp, idhash); 2544 } 2545 V_sp_genid++; 2546 V_spd_size = 0; 2547 SPTREE_WUNLOCK(); 2548 if (SPDCACHE_ENABLED()) 2549 spdcache_clear(); 2550 sp = TAILQ_FIRST(&drainq); 2551 while (sp != NULL) { 2552 nextsp = TAILQ_NEXT(sp, chain); 2553 key_freesp(&sp); 2554 sp = nextsp; 2555 } 2556 2557 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 2558 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 2559 return key_senderror(so, m, ENOBUFS); 2560 } 2561 2562 if (m->m_next) 2563 m_freem(m->m_next); 2564 m->m_next = NULL; 2565 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2566 newmsg = mtod(m, struct sadb_msg *); 2567 newmsg->sadb_msg_errno = 0; 2568 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 2569 2570 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 2571 } 2572 2573 static uint8_t 2574 key_satype2scopemask(uint8_t satype) 2575 { 2576 2577 if (satype == IPSEC_POLICYSCOPE_ANY) 2578 return (0xff); 2579 return (satype); 2580 } 2581 /* 2582 * SADB_SPDDUMP processing 2583 * receive 2584 * <base> 2585 * from the user, and dump all SP leaves and send, 2586 * <base> ..... 2587 * to the ikmpd. 2588 * 2589 * NOTE: 2590 * sadb_msg_satype is considered as mask of policy scopes. 2591 * m will always be freed. 2592 */ 2593 static int 2594 key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2595 { 2596 SPTREE_RLOCK_TRACKER; 2597 struct secpolicy *sp; 2598 struct mbuf *n; 2599 int cnt; 2600 u_int dir, scope; 2601 2602 IPSEC_ASSERT(so != NULL, ("null socket")); 2603 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2604 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2605 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2606 2607 /* search SPD entry and get buffer size. */ 2608 cnt = 0; 2609 scope = key_satype2scopemask(mhp->msg->sadb_msg_satype); 2610 SPTREE_RLOCK(); 2611 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2612 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2613 TAILQ_FOREACH(sp, &V_sptree[dir], chain) 2614 cnt++; 2615 } 2616 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2617 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) 2618 cnt++; 2619 } 2620 } 2621 2622 if (cnt == 0) { 2623 SPTREE_RUNLOCK(); 2624 return key_senderror(so, m, ENOENT); 2625 } 2626 2627 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2628 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2629 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 2630 --cnt; 2631 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2632 mhp->msg->sadb_msg_pid); 2633 2634 if (n != NULL) 2635 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2636 } 2637 } 2638 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2639 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) { 2640 --cnt; 2641 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2642 mhp->msg->sadb_msg_pid); 2643 2644 if (n != NULL) 2645 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2646 } 2647 } 2648 } 2649 2650 SPTREE_RUNLOCK(); 2651 m_freem(m); 2652 return (0); 2653 } 2654 2655 static struct mbuf * 2656 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, 2657 u_int32_t pid) 2658 { 2659 struct mbuf *result = NULL, *m; 2660 struct seclifetime lt; 2661 2662 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt); 2663 if (!m) 2664 goto fail; 2665 result = m; 2666 2667 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2668 &sp->spidx.src.sa, sp->spidx.prefs, 2669 sp->spidx.ul_proto); 2670 if (!m) 2671 goto fail; 2672 m_cat(result, m); 2673 2674 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2675 &sp->spidx.dst.sa, sp->spidx.prefd, 2676 sp->spidx.ul_proto); 2677 if (!m) 2678 goto fail; 2679 m_cat(result, m); 2680 2681 m = key_sp2mbuf(sp); 2682 if (!m) 2683 goto fail; 2684 m_cat(result, m); 2685 2686 if(sp->lifetime){ 2687 lt.addtime=sp->created; 2688 lt.usetime= sp->lastused; 2689 m = key_setlifetime(<, SADB_EXT_LIFETIME_CURRENT); 2690 if (!m) 2691 goto fail; 2692 m_cat(result, m); 2693 2694 lt.addtime=sp->lifetime; 2695 lt.usetime= sp->validtime; 2696 m = key_setlifetime(<, SADB_EXT_LIFETIME_HARD); 2697 if (!m) 2698 goto fail; 2699 m_cat(result, m); 2700 } 2701 2702 if ((result->m_flags & M_PKTHDR) == 0) 2703 goto fail; 2704 2705 if (result->m_len < sizeof(struct sadb_msg)) { 2706 result = m_pullup(result, sizeof(struct sadb_msg)); 2707 if (result == NULL) 2708 goto fail; 2709 } 2710 2711 result->m_pkthdr.len = 0; 2712 for (m = result; m; m = m->m_next) 2713 result->m_pkthdr.len += m->m_len; 2714 2715 mtod(result, struct sadb_msg *)->sadb_msg_len = 2716 PFKEY_UNIT64(result->m_pkthdr.len); 2717 2718 return result; 2719 2720 fail: 2721 m_freem(result); 2722 return NULL; 2723 } 2724 /* 2725 * get PFKEY message length for security policy and request. 2726 */ 2727 static size_t 2728 key_getspreqmsglen(struct secpolicy *sp) 2729 { 2730 size_t tlen, len; 2731 int i; 2732 2733 tlen = sizeof(struct sadb_x_policy); 2734 /* if is the policy for ipsec ? */ 2735 if (sp->policy != IPSEC_POLICY_IPSEC) 2736 return (tlen); 2737 2738 /* get length of ipsec requests */ 2739 for (i = 0; i < sp->tcount; i++) { 2740 len = sizeof(struct sadb_x_ipsecrequest) 2741 + sp->req[i]->saidx.src.sa.sa_len 2742 + sp->req[i]->saidx.dst.sa.sa_len; 2743 2744 tlen += PFKEY_ALIGN8(len); 2745 } 2746 return (tlen); 2747 } 2748 2749 /* 2750 * SADB_SPDEXPIRE processing 2751 * send 2752 * <base, address(SD), lifetime(CH), policy> 2753 * to KMD by PF_KEY. 2754 * 2755 * OUT: 0 : succeed 2756 * others : error number 2757 */ 2758 static int 2759 key_spdexpire(struct secpolicy *sp) 2760 { 2761 struct sadb_lifetime *lt; 2762 struct mbuf *result = NULL, *m; 2763 int len, error = -1; 2764 2765 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2766 2767 KEYDBG(KEY_STAMP, 2768 printf("%s: SP(%p)\n", __func__, sp)); 2769 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2770 2771 /* set msg header */ 2772 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); 2773 if (!m) { 2774 error = ENOBUFS; 2775 goto fail; 2776 } 2777 result = m; 2778 2779 /* create lifetime extension (current and hard) */ 2780 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 2781 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 2782 if (m == NULL) { 2783 error = ENOBUFS; 2784 goto fail; 2785 } 2786 m_align(m, len); 2787 m->m_len = len; 2788 bzero(mtod(m, caddr_t), len); 2789 lt = mtod(m, struct sadb_lifetime *); 2790 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2791 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2792 lt->sadb_lifetime_allocations = 0; 2793 lt->sadb_lifetime_bytes = 0; 2794 lt->sadb_lifetime_addtime = sp->created; 2795 lt->sadb_lifetime_usetime = sp->lastused; 2796 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 2797 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2798 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2799 lt->sadb_lifetime_allocations = 0; 2800 lt->sadb_lifetime_bytes = 0; 2801 lt->sadb_lifetime_addtime = sp->lifetime; 2802 lt->sadb_lifetime_usetime = sp->validtime; 2803 m_cat(result, m); 2804 2805 /* set sadb_address for source */ 2806 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2807 &sp->spidx.src.sa, 2808 sp->spidx.prefs, sp->spidx.ul_proto); 2809 if (!m) { 2810 error = ENOBUFS; 2811 goto fail; 2812 } 2813 m_cat(result, m); 2814 2815 /* set sadb_address for destination */ 2816 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2817 &sp->spidx.dst.sa, 2818 sp->spidx.prefd, sp->spidx.ul_proto); 2819 if (!m) { 2820 error = ENOBUFS; 2821 goto fail; 2822 } 2823 m_cat(result, m); 2824 2825 /* set secpolicy */ 2826 m = key_sp2mbuf(sp); 2827 if (!m) { 2828 error = ENOBUFS; 2829 goto fail; 2830 } 2831 m_cat(result, m); 2832 2833 if ((result->m_flags & M_PKTHDR) == 0) { 2834 error = EINVAL; 2835 goto fail; 2836 } 2837 2838 if (result->m_len < sizeof(struct sadb_msg)) { 2839 result = m_pullup(result, sizeof(struct sadb_msg)); 2840 if (result == NULL) { 2841 error = ENOBUFS; 2842 goto fail; 2843 } 2844 } 2845 2846 result->m_pkthdr.len = 0; 2847 for (m = result; m; m = m->m_next) 2848 result->m_pkthdr.len += m->m_len; 2849 2850 mtod(result, struct sadb_msg *)->sadb_msg_len = 2851 PFKEY_UNIT64(result->m_pkthdr.len); 2852 2853 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2854 2855 fail: 2856 if (result) 2857 m_freem(result); 2858 return error; 2859 } 2860 2861 /* %%% SAD management */ 2862 /* 2863 * allocating and initialize new SA head. 2864 * OUT: NULL : failure due to the lack of memory. 2865 * others : pointer to new SA head. 2866 */ 2867 static struct secashead * 2868 key_newsah(struct secasindex *saidx) 2869 { 2870 struct secashead *sah; 2871 2872 sah = malloc(sizeof(struct secashead), M_IPSEC_SAH, 2873 M_NOWAIT | M_ZERO); 2874 if (sah == NULL) { 2875 PFKEYSTAT_INC(in_nomem); 2876 return (NULL); 2877 } 2878 TAILQ_INIT(&sah->savtree_larval); 2879 TAILQ_INIT(&sah->savtree_alive); 2880 sah->saidx = *saidx; 2881 sah->state = SADB_SASTATE_DEAD; 2882 SAH_INITREF(sah); 2883 2884 KEYDBG(KEY_STAMP, 2885 printf("%s: SAH(%p)\n", __func__, sah)); 2886 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2887 return (sah); 2888 } 2889 2890 static void 2891 key_freesah(struct secashead **psah) 2892 { 2893 struct secashead *sah = *psah; 2894 2895 CURVNET_ASSERT_SET(); 2896 2897 if (SAH_DELREF(sah) == 0) 2898 return; 2899 2900 KEYDBG(KEY_STAMP, 2901 printf("%s: last reference to SAH(%p)\n", __func__, sah)); 2902 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2903 2904 *psah = NULL; 2905 key_delsah(sah); 2906 } 2907 2908 static void 2909 key_delsah(struct secashead *sah) 2910 { 2911 IPSEC_ASSERT(sah != NULL, ("NULL sah")); 2912 IPSEC_ASSERT(sah->state == SADB_SASTATE_DEAD, 2913 ("Attempt to free non DEAD SAH %p", sah)); 2914 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_larval), 2915 ("Attempt to free SAH %p with LARVAL SA", sah)); 2916 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_alive), 2917 ("Attempt to free SAH %p with ALIVE SA", sah)); 2918 2919 free(sah, M_IPSEC_SAH); 2920 } 2921 2922 /* 2923 * allocating a new SA for key_add() and key_getspi() call, 2924 * and copy the values of mhp into new buffer. 2925 * When SAD message type is SADB_GETSPI set SA state to LARVAL. 2926 * For SADB_ADD create and initialize SA with MATURE state. 2927 * OUT: NULL : fail 2928 * others : pointer to new secasvar. 2929 */ 2930 static struct secasvar * 2931 key_newsav(const struct sadb_msghdr *mhp, struct secasindex *saidx, 2932 uint32_t spi, int *errp) 2933 { 2934 struct secashead *sah; 2935 struct secasvar *sav; 2936 int isnew; 2937 2938 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2939 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2940 IPSEC_ASSERT(mhp->msg->sadb_msg_type == SADB_GETSPI || 2941 mhp->msg->sadb_msg_type == SADB_ADD, ("wrong message type")); 2942 2943 sav = NULL; 2944 sah = NULL; 2945 /* check SPI value */ 2946 switch (saidx->proto) { 2947 case IPPROTO_ESP: 2948 case IPPROTO_AH: 2949 /* 2950 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values 2951 * 1-255 reserved by IANA for future use, 2952 * 0 for implementation specific, local use. 2953 */ 2954 if (ntohl(spi) <= 255) { 2955 ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n", 2956 __func__, ntohl(spi))); 2957 *errp = EINVAL; 2958 goto done; 2959 } 2960 break; 2961 } 2962 2963 sav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT | M_ZERO); 2964 if (sav == NULL) { 2965 *errp = ENOBUFS; 2966 goto done; 2967 } 2968 sav->lock = malloc_aligned(max(sizeof(struct mtx), CACHE_LINE_SIZE), 2969 CACHE_LINE_SIZE, M_IPSEC_MISC, M_NOWAIT | M_ZERO); 2970 if (sav->lock == NULL) { 2971 *errp = ENOBUFS; 2972 goto done; 2973 } 2974 mtx_init(sav->lock, "ipsec association", NULL, MTX_DEF); 2975 sav->lft_c = uma_zalloc_pcpu(ipsec_key_lft_zone, M_NOWAIT | M_ZERO); 2976 if (sav->lft_c == NULL) { 2977 *errp = ENOBUFS; 2978 goto done; 2979 } 2980 2981 sav->spi = spi; 2982 sav->seq = mhp->msg->sadb_msg_seq; 2983 sav->state = SADB_SASTATE_LARVAL; 2984 sav->pid = (pid_t)mhp->msg->sadb_msg_pid; 2985 SAV_INITREF(sav); 2986 again: 2987 sah = key_getsah(saidx); 2988 if (sah == NULL) { 2989 /* create a new SA index */ 2990 sah = key_newsah(saidx); 2991 if (sah == NULL) { 2992 ipseclog((LOG_DEBUG, 2993 "%s: No more memory.\n", __func__)); 2994 *errp = ENOBUFS; 2995 goto done; 2996 } 2997 isnew = 1; 2998 } else 2999 isnew = 0; 3000 3001 sav->sah = sah; 3002 if (mhp->msg->sadb_msg_type == SADB_GETSPI) { 3003 sav->created = time_second; 3004 } else if (sav->state == SADB_SASTATE_LARVAL) { 3005 /* 3006 * Do not call key_setsaval() second time in case 3007 * of `goto again`. We will have MATURE state. 3008 */ 3009 *errp = key_setsaval(sav, mhp); 3010 if (*errp != 0) 3011 goto done; 3012 sav->state = SADB_SASTATE_MATURE; 3013 } 3014 3015 SAHTREE_WLOCK(); 3016 /* 3017 * Check that existing SAH wasn't unlinked. 3018 * Since we didn't hold the SAHTREE lock, it is possible, 3019 * that callout handler or key_flush() or key_delete() could 3020 * unlink this SAH. 3021 */ 3022 if (isnew == 0 && sah->state == SADB_SASTATE_DEAD) { 3023 SAHTREE_WUNLOCK(); 3024 key_freesah(&sah); /* reference from key_getsah() */ 3025 goto again; 3026 } 3027 if (isnew != 0) { 3028 /* 3029 * Add new SAH into SADB. 3030 * 3031 * XXXAE: we can serialize key_add and key_getspi calls, so 3032 * several threads will not fight in the race. 3033 * Otherwise we should check under SAHTREE lock, that this 3034 * SAH would not added twice. 3035 */ 3036 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 3037 /* Add new SAH into hash by addresses */ 3038 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 3039 /* Now we are linked in the chain */ 3040 sah->state = SADB_SASTATE_MATURE; 3041 /* 3042 * SAV references this new SAH. 3043 * In case of existing SAH we reuse reference 3044 * from key_getsah(). 3045 */ 3046 SAH_ADDREF(sah); 3047 } 3048 /* Link SAV with SAH */ 3049 if (sav->state == SADB_SASTATE_MATURE) 3050 TAILQ_INSERT_HEAD(&sah->savtree_alive, sav, chain); 3051 else 3052 TAILQ_INSERT_HEAD(&sah->savtree_larval, sav, chain); 3053 /* Add SAV into SPI hash */ 3054 LIST_INSERT_HEAD(SAVHASH_HASH(sav->spi), sav, spihash); 3055 SAHTREE_WUNLOCK(); 3056 *errp = 0; /* success */ 3057 done: 3058 if (*errp != 0) { 3059 if (sav != NULL) { 3060 if (sav->lock != NULL) { 3061 mtx_destroy(sav->lock); 3062 free(sav->lock, M_IPSEC_MISC); 3063 } 3064 if (sav->lft_c != NULL) 3065 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c); 3066 free(sav, M_IPSEC_SA), sav = NULL; 3067 } 3068 if (sah != NULL) 3069 key_freesah(&sah); 3070 if (*errp == ENOBUFS) { 3071 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3072 __func__)); 3073 PFKEYSTAT_INC(in_nomem); 3074 } 3075 } 3076 return (sav); 3077 } 3078 3079 /* 3080 * free() SA variable entry. 3081 */ 3082 static void 3083 key_cleansav(struct secasvar *sav) 3084 { 3085 3086 if (sav->natt != NULL) { 3087 free(sav->natt, M_IPSEC_MISC); 3088 sav->natt = NULL; 3089 } 3090 if (sav->flags & SADB_X_EXT_F_CLONED) 3091 return; 3092 if (sav->tdb_xform != NULL) { 3093 sav->tdb_xform->xf_cleanup(sav); 3094 sav->tdb_xform = NULL; 3095 } 3096 if (sav->key_auth != NULL) { 3097 zfree(sav->key_auth->key_data, M_IPSEC_MISC); 3098 free(sav->key_auth, M_IPSEC_MISC); 3099 sav->key_auth = NULL; 3100 } 3101 if (sav->key_enc != NULL) { 3102 zfree(sav->key_enc->key_data, M_IPSEC_MISC); 3103 free(sav->key_enc, M_IPSEC_MISC); 3104 sav->key_enc = NULL; 3105 } 3106 if (sav->replay != NULL) { 3107 if (sav->replay->bitmap != NULL) 3108 free(sav->replay->bitmap, M_IPSEC_MISC); 3109 free(sav->replay, M_IPSEC_MISC); 3110 sav->replay = NULL; 3111 } 3112 if (sav->lft_h != NULL) { 3113 free(sav->lft_h, M_IPSEC_MISC); 3114 sav->lft_h = NULL; 3115 } 3116 if (sav->lft_s != NULL) { 3117 free(sav->lft_s, M_IPSEC_MISC); 3118 sav->lft_s = NULL; 3119 } 3120 } 3121 3122 /* 3123 * free() SA variable entry. 3124 */ 3125 static void 3126 key_delsav(struct secasvar *sav) 3127 { 3128 IPSEC_ASSERT(sav != NULL, ("null sav")); 3129 IPSEC_ASSERT(sav->state == SADB_SASTATE_DEAD, 3130 ("attempt to free non DEAD SA %p", sav)); 3131 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", 3132 sav->refcnt)); 3133 3134 /* 3135 * SA must be unlinked from the chain and hashtbl. 3136 * If SA was cloned, we leave all fields untouched, 3137 * except NAT-T config. 3138 */ 3139 key_cleansav(sav); 3140 if ((sav->flags & SADB_X_EXT_F_CLONED) == 0) { 3141 mtx_destroy(sav->lock); 3142 free(sav->lock, M_IPSEC_MISC); 3143 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c); 3144 } 3145 free(sav, M_IPSEC_SA); 3146 } 3147 3148 /* 3149 * search SAH. 3150 * OUT: 3151 * NULL : not found 3152 * others : found, referenced pointer to a SAH. 3153 */ 3154 static struct secashead * 3155 key_getsah(struct secasindex *saidx) 3156 { 3157 SAHTREE_RLOCK_TRACKER; 3158 struct secashead *sah; 3159 3160 SAHTREE_RLOCK(); 3161 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 3162 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID) != 0) { 3163 SAH_ADDREF(sah); 3164 break; 3165 } 3166 } 3167 SAHTREE_RUNLOCK(); 3168 return (sah); 3169 } 3170 3171 /* 3172 * Check not to be duplicated SPI. 3173 * OUT: 3174 * 0 : not found 3175 * 1 : found SA with given SPI. 3176 */ 3177 static int 3178 key_checkspidup(uint32_t spi) 3179 { 3180 SAHTREE_RLOCK_TRACKER; 3181 struct secasvar *sav; 3182 3183 /* Assume SPI is in network byte order */ 3184 SAHTREE_RLOCK(); 3185 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3186 if (sav->spi == spi) 3187 break; 3188 } 3189 SAHTREE_RUNLOCK(); 3190 return (sav != NULL); 3191 } 3192 3193 /* 3194 * Search SA by SPI. 3195 * OUT: 3196 * NULL : not found 3197 * others : found, referenced pointer to a SA. 3198 */ 3199 static struct secasvar * 3200 key_getsavbyspi(uint32_t spi) 3201 { 3202 SAHTREE_RLOCK_TRACKER; 3203 struct secasvar *sav; 3204 3205 /* Assume SPI is in network byte order */ 3206 SAHTREE_RLOCK(); 3207 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3208 if (sav->spi != spi) 3209 continue; 3210 SAV_ADDREF(sav); 3211 break; 3212 } 3213 SAHTREE_RUNLOCK(); 3214 return (sav); 3215 } 3216 3217 static int 3218 key_updatelifetimes(struct secasvar *sav, const struct sadb_msghdr *mhp) 3219 { 3220 struct seclifetime *lft_h, *lft_s, *tmp; 3221 3222 /* Lifetime extension is optional, check that it is present. */ 3223 if (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3224 SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) { 3225 /* 3226 * In case of SADB_UPDATE we may need to change 3227 * existing lifetimes. 3228 */ 3229 if (sav->state == SADB_SASTATE_MATURE) { 3230 lft_h = lft_s = NULL; 3231 goto reset; 3232 } 3233 return (0); 3234 } 3235 /* Both HARD and SOFT extensions must present */ 3236 if ((SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3237 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 3238 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 3239 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 3240 ipseclog((LOG_DEBUG, 3241 "%s: invalid message: missing required header.\n", 3242 __func__)); 3243 return (EINVAL); 3244 } 3245 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD) || 3246 SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_SOFT)) { 3247 ipseclog((LOG_DEBUG, 3248 "%s: invalid message: wrong header size.\n", __func__)); 3249 return (EINVAL); 3250 } 3251 lft_h = key_dup_lifemsg((const struct sadb_lifetime *) 3252 mhp->ext[SADB_EXT_LIFETIME_HARD], M_IPSEC_MISC); 3253 if (lft_h == NULL) { 3254 PFKEYSTAT_INC(in_nomem); 3255 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3256 return (ENOBUFS); 3257 } 3258 lft_s = key_dup_lifemsg((const struct sadb_lifetime *) 3259 mhp->ext[SADB_EXT_LIFETIME_SOFT], M_IPSEC_MISC); 3260 if (lft_s == NULL) { 3261 PFKEYSTAT_INC(in_nomem); 3262 free(lft_h, M_IPSEC_MISC); 3263 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3264 return (ENOBUFS); 3265 } 3266 reset: 3267 if (sav->state != SADB_SASTATE_LARVAL) { 3268 /* 3269 * key_update() holds reference to this SA, 3270 * so it won't be deleted in meanwhile. 3271 */ 3272 SECASVAR_LOCK(sav); 3273 tmp = sav->lft_h; 3274 sav->lft_h = lft_h; 3275 lft_h = tmp; 3276 3277 tmp = sav->lft_s; 3278 sav->lft_s = lft_s; 3279 lft_s = tmp; 3280 SECASVAR_UNLOCK(sav); 3281 if (lft_h != NULL) 3282 free(lft_h, M_IPSEC_MISC); 3283 if (lft_s != NULL) 3284 free(lft_s, M_IPSEC_MISC); 3285 return (0); 3286 } 3287 /* We can update lifetime without holding a lock */ 3288 IPSEC_ASSERT(sav->lft_h == NULL, ("lft_h is already initialized\n")); 3289 IPSEC_ASSERT(sav->lft_s == NULL, ("lft_s is already initialized\n")); 3290 sav->lft_h = lft_h; 3291 sav->lft_s = lft_s; 3292 return (0); 3293 } 3294 3295 /* 3296 * copy SA values from PF_KEY message except *SPI, SEQ, PID and TYPE*. 3297 * You must update these if need. Expects only LARVAL SAs. 3298 * OUT: 0: success. 3299 * !0: failure. 3300 */ 3301 static int 3302 key_setsaval(struct secasvar *sav, const struct sadb_msghdr *mhp) 3303 { 3304 const struct sadb_sa *sa0; 3305 const struct sadb_key *key0; 3306 uint32_t replay; 3307 size_t len; 3308 int error; 3309 3310 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 3311 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 3312 IPSEC_ASSERT(sav->state == SADB_SASTATE_LARVAL, 3313 ("Attempt to update non LARVAL SA")); 3314 3315 /* XXX rewrite */ 3316 error = key_setident(sav->sah, mhp); 3317 if (error != 0) 3318 goto fail; 3319 3320 /* SA */ 3321 if (!SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 3322 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 3323 error = EINVAL; 3324 goto fail; 3325 } 3326 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 3327 sav->alg_auth = sa0->sadb_sa_auth; 3328 sav->alg_enc = sa0->sadb_sa_encrypt; 3329 sav->flags = sa0->sadb_sa_flags; 3330 if ((sav->flags & SADB_KEY_FLAGS_MAX) != sav->flags) { 3331 ipseclog((LOG_DEBUG, 3332 "%s: invalid sa_flags 0x%08x.\n", __func__, 3333 sav->flags)); 3334 error = EINVAL; 3335 goto fail; 3336 } 3337 3338 /* Optional replay window */ 3339 replay = 0; 3340 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) 3341 replay = sa0->sadb_sa_replay; 3342 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_SA_REPLAY)) { 3343 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA_REPLAY)) { 3344 error = EINVAL; 3345 goto fail; 3346 } 3347 replay = ((const struct sadb_x_sa_replay *) 3348 mhp->ext[SADB_X_EXT_SA_REPLAY])->sadb_x_sa_replay_replay; 3349 3350 if (replay > UINT32_MAX - 32) { 3351 ipseclog((LOG_DEBUG, 3352 "%s: replay window too big.\n", __func__)); 3353 error = EINVAL; 3354 goto fail; 3355 } 3356 3357 replay = (replay + 7) >> 3; 3358 } 3359 3360 sav->replay = malloc(sizeof(struct secreplay), M_IPSEC_MISC, 3361 M_NOWAIT | M_ZERO); 3362 if (sav->replay == NULL) { 3363 PFKEYSTAT_INC(in_nomem); 3364 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3365 __func__)); 3366 error = ENOBUFS; 3367 goto fail; 3368 } 3369 3370 if (replay != 0) { 3371 /* number of 32b blocks to be allocated */ 3372 uint32_t bitmap_size; 3373 3374 /* RFC 6479: 3375 * - the allocated replay window size must be 3376 * a power of two. 3377 * - use an extra 32b block as a redundant window. 3378 */ 3379 bitmap_size = 1; 3380 while (replay + 4 > bitmap_size) 3381 bitmap_size <<= 1; 3382 bitmap_size = bitmap_size / 4; 3383 3384 sav->replay->bitmap = malloc( 3385 bitmap_size * sizeof(uint32_t), M_IPSEC_MISC, 3386 M_NOWAIT | M_ZERO); 3387 if (sav->replay->bitmap == NULL) { 3388 PFKEYSTAT_INC(in_nomem); 3389 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3390 __func__)); 3391 error = ENOBUFS; 3392 goto fail; 3393 } 3394 sav->replay->bitmap_size = bitmap_size; 3395 sav->replay->wsize = replay; 3396 } 3397 } 3398 3399 /* Authentication keys */ 3400 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 3401 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH)) { 3402 error = EINVAL; 3403 goto fail; 3404 } 3405 error = 0; 3406 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH]; 3407 len = mhp->extlen[SADB_EXT_KEY_AUTH]; 3408 switch (mhp->msg->sadb_msg_satype) { 3409 case SADB_SATYPE_AH: 3410 case SADB_SATYPE_ESP: 3411 case SADB_X_SATYPE_TCPSIGNATURE: 3412 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3413 sav->alg_auth != SADB_X_AALG_NULL) 3414 error = EINVAL; 3415 break; 3416 case SADB_X_SATYPE_IPCOMP: 3417 default: 3418 error = EINVAL; 3419 break; 3420 } 3421 if (error) { 3422 ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n", 3423 __func__)); 3424 goto fail; 3425 } 3426 3427 sav->key_auth = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3428 if (sav->key_auth == NULL ) { 3429 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3430 __func__)); 3431 PFKEYSTAT_INC(in_nomem); 3432 error = ENOBUFS; 3433 goto fail; 3434 } 3435 } 3436 3437 /* Encryption key */ 3438 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) { 3439 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT)) { 3440 error = EINVAL; 3441 goto fail; 3442 } 3443 error = 0; 3444 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT]; 3445 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; 3446 switch (mhp->msg->sadb_msg_satype) { 3447 case SADB_SATYPE_ESP: 3448 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3449 sav->alg_enc != SADB_EALG_NULL) { 3450 error = EINVAL; 3451 break; 3452 } 3453 sav->key_enc = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3454 if (sav->key_enc == NULL) { 3455 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3456 __func__)); 3457 PFKEYSTAT_INC(in_nomem); 3458 error = ENOBUFS; 3459 goto fail; 3460 } 3461 break; 3462 case SADB_X_SATYPE_IPCOMP: 3463 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) 3464 error = EINVAL; 3465 sav->key_enc = NULL; /*just in case*/ 3466 break; 3467 case SADB_SATYPE_AH: 3468 case SADB_X_SATYPE_TCPSIGNATURE: 3469 default: 3470 error = EINVAL; 3471 break; 3472 } 3473 if (error) { 3474 ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n", 3475 __func__)); 3476 goto fail; 3477 } 3478 } 3479 3480 /* set iv */ 3481 sav->ivlen = 0; 3482 switch (mhp->msg->sadb_msg_satype) { 3483 case SADB_SATYPE_AH: 3484 if (sav->flags & SADB_X_EXT_DERIV) { 3485 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3486 "given to AH SA.\n", __func__)); 3487 error = EINVAL; 3488 goto fail; 3489 } 3490 if (sav->alg_enc != SADB_EALG_NONE) { 3491 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3492 "mismated.\n", __func__)); 3493 error = EINVAL; 3494 goto fail; 3495 } 3496 error = xform_init(sav, XF_AH); 3497 break; 3498 case SADB_SATYPE_ESP: 3499 if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) == 3500 (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) { 3501 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3502 "given to old-esp.\n", __func__)); 3503 error = EINVAL; 3504 goto fail; 3505 } 3506 error = xform_init(sav, XF_ESP); 3507 break; 3508 case SADB_X_SATYPE_IPCOMP: 3509 if (sav->alg_auth != SADB_AALG_NONE) { 3510 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3511 "mismated.\n", __func__)); 3512 error = EINVAL; 3513 goto fail; 3514 } 3515 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 && 3516 ntohl(sav->spi) >= 0x10000) { 3517 ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n", 3518 __func__)); 3519 error = EINVAL; 3520 goto fail; 3521 } 3522 error = xform_init(sav, XF_IPCOMP); 3523 break; 3524 case SADB_X_SATYPE_TCPSIGNATURE: 3525 if (sav->alg_enc != SADB_EALG_NONE) { 3526 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3527 "mismated.\n", __func__)); 3528 error = EINVAL; 3529 goto fail; 3530 } 3531 error = xform_init(sav, XF_TCPSIGNATURE); 3532 break; 3533 default: 3534 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__)); 3535 error = EPROTONOSUPPORT; 3536 goto fail; 3537 } 3538 if (error) { 3539 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n", 3540 __func__, mhp->msg->sadb_msg_satype)); 3541 goto fail; 3542 } 3543 3544 /* Handle NAT-T headers */ 3545 error = key_setnatt(sav, mhp); 3546 if (error != 0) 3547 goto fail; 3548 3549 /* Initialize lifetime for CURRENT */ 3550 sav->firstused = 0; 3551 sav->created = time_second; 3552 3553 /* lifetimes for HARD and SOFT */ 3554 error = key_updatelifetimes(sav, mhp); 3555 if (error == 0) 3556 return (0); 3557 fail: 3558 key_cleansav(sav); 3559 return (error); 3560 } 3561 3562 /* 3563 * subroutine for SADB_GET and SADB_DUMP. 3564 */ 3565 static struct mbuf * 3566 key_setdumpsa(struct secasvar *sav, uint8_t type, uint8_t satype, 3567 uint32_t seq, uint32_t pid) 3568 { 3569 struct seclifetime lft_c; 3570 struct mbuf *result = NULL, *tres = NULL, *m; 3571 int i, dumporder[] = { 3572 SADB_EXT_SA, SADB_X_EXT_SA2, SADB_X_EXT_SA_REPLAY, 3573 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 3574 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, 3575 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, 3576 SADB_EXT_KEY_AUTH, SADB_EXT_KEY_ENCRYPT, 3577 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 3578 SADB_EXT_SENSITIVITY, 3579 SADB_X_EXT_NAT_T_TYPE, 3580 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, 3581 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, 3582 SADB_X_EXT_NAT_T_FRAG, 3583 }; 3584 uint32_t replay_count; 3585 3586 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); 3587 if (m == NULL) 3588 goto fail; 3589 result = m; 3590 3591 for (i = nitems(dumporder) - 1; i >= 0; i--) { 3592 m = NULL; 3593 switch (dumporder[i]) { 3594 case SADB_EXT_SA: 3595 m = key_setsadbsa(sav); 3596 if (!m) 3597 goto fail; 3598 break; 3599 3600 case SADB_X_EXT_SA2: 3601 SECASVAR_LOCK(sav); 3602 replay_count = sav->replay ? sav->replay->count : 0; 3603 SECASVAR_UNLOCK(sav); 3604 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 3605 sav->sah->saidx.reqid); 3606 if (!m) 3607 goto fail; 3608 break; 3609 3610 case SADB_X_EXT_SA_REPLAY: 3611 if (sav->replay == NULL || 3612 sav->replay->wsize <= UINT8_MAX) 3613 continue; 3614 3615 m = key_setsadbxsareplay(sav->replay->wsize); 3616 if (!m) 3617 goto fail; 3618 break; 3619 3620 case SADB_EXT_ADDRESS_SRC: 3621 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3622 &sav->sah->saidx.src.sa, 3623 FULLMASK, IPSEC_ULPROTO_ANY); 3624 if (!m) 3625 goto fail; 3626 break; 3627 3628 case SADB_EXT_ADDRESS_DST: 3629 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3630 &sav->sah->saidx.dst.sa, 3631 FULLMASK, IPSEC_ULPROTO_ANY); 3632 if (!m) 3633 goto fail; 3634 break; 3635 3636 case SADB_EXT_KEY_AUTH: 3637 if (!sav->key_auth) 3638 continue; 3639 m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH); 3640 if (!m) 3641 goto fail; 3642 break; 3643 3644 case SADB_EXT_KEY_ENCRYPT: 3645 if (!sav->key_enc) 3646 continue; 3647 m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT); 3648 if (!m) 3649 goto fail; 3650 break; 3651 3652 case SADB_EXT_LIFETIME_CURRENT: 3653 lft_c.addtime = sav->created; 3654 lft_c.allocations = (uint32_t)counter_u64_fetch( 3655 sav->lft_c_allocations); 3656 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes); 3657 lft_c.usetime = sav->firstused; 3658 m = key_setlifetime(&lft_c, SADB_EXT_LIFETIME_CURRENT); 3659 if (!m) 3660 goto fail; 3661 break; 3662 3663 case SADB_EXT_LIFETIME_HARD: 3664 if (!sav->lft_h) 3665 continue; 3666 m = key_setlifetime(sav->lft_h, 3667 SADB_EXT_LIFETIME_HARD); 3668 if (!m) 3669 goto fail; 3670 break; 3671 3672 case SADB_EXT_LIFETIME_SOFT: 3673 if (!sav->lft_s) 3674 continue; 3675 m = key_setlifetime(sav->lft_s, 3676 SADB_EXT_LIFETIME_SOFT); 3677 3678 if (!m) 3679 goto fail; 3680 break; 3681 3682 case SADB_X_EXT_NAT_T_TYPE: 3683 if (sav->natt == NULL) 3684 continue; 3685 m = key_setsadbxtype(UDP_ENCAP_ESPINUDP); 3686 if (!m) 3687 goto fail; 3688 break; 3689 3690 case SADB_X_EXT_NAT_T_DPORT: 3691 if (sav->natt == NULL) 3692 continue; 3693 m = key_setsadbxport(sav->natt->dport, 3694 SADB_X_EXT_NAT_T_DPORT); 3695 if (!m) 3696 goto fail; 3697 break; 3698 3699 case SADB_X_EXT_NAT_T_SPORT: 3700 if (sav->natt == NULL) 3701 continue; 3702 m = key_setsadbxport(sav->natt->sport, 3703 SADB_X_EXT_NAT_T_SPORT); 3704 if (!m) 3705 goto fail; 3706 break; 3707 3708 case SADB_X_EXT_NAT_T_OAI: 3709 if (sav->natt == NULL || 3710 (sav->natt->flags & IPSEC_NATT_F_OAI) == 0) 3711 continue; 3712 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAI, 3713 &sav->natt->oai.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3714 if (!m) 3715 goto fail; 3716 break; 3717 case SADB_X_EXT_NAT_T_OAR: 3718 if (sav->natt == NULL || 3719 (sav->natt->flags & IPSEC_NATT_F_OAR) == 0) 3720 continue; 3721 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAR, 3722 &sav->natt->oar.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3723 if (!m) 3724 goto fail; 3725 break; 3726 case SADB_X_EXT_NAT_T_FRAG: 3727 /* We do not (yet) support those. */ 3728 continue; 3729 3730 case SADB_EXT_ADDRESS_PROXY: 3731 case SADB_EXT_IDENTITY_SRC: 3732 case SADB_EXT_IDENTITY_DST: 3733 /* XXX: should we brought from SPD ? */ 3734 case SADB_EXT_SENSITIVITY: 3735 default: 3736 continue; 3737 } 3738 3739 if (!m) 3740 goto fail; 3741 if (tres) 3742 m_cat(m, tres); 3743 tres = m; 3744 } 3745 3746 m_cat(result, tres); 3747 tres = NULL; 3748 if (result->m_len < sizeof(struct sadb_msg)) { 3749 result = m_pullup(result, sizeof(struct sadb_msg)); 3750 if (result == NULL) 3751 goto fail; 3752 } 3753 3754 result->m_pkthdr.len = 0; 3755 for (m = result; m; m = m->m_next) 3756 result->m_pkthdr.len += m->m_len; 3757 3758 mtod(result, struct sadb_msg *)->sadb_msg_len = 3759 PFKEY_UNIT64(result->m_pkthdr.len); 3760 3761 return result; 3762 3763 fail: 3764 m_freem(result); 3765 m_freem(tres); 3766 return NULL; 3767 } 3768 3769 /* 3770 * set data into sadb_msg. 3771 */ 3772 static struct mbuf * 3773 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq, 3774 pid_t pid, u_int16_t reserved) 3775 { 3776 struct mbuf *m; 3777 struct sadb_msg *p; 3778 int len; 3779 3780 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 3781 if (len > MCLBYTES) 3782 return NULL; 3783 MGETHDR(m, M_NOWAIT, MT_DATA); 3784 if (m && len > MHLEN) { 3785 if (!(MCLGET(m, M_NOWAIT))) { 3786 m_freem(m); 3787 m = NULL; 3788 } 3789 } 3790 if (!m) 3791 return NULL; 3792 m->m_pkthdr.len = m->m_len = len; 3793 m->m_next = NULL; 3794 3795 p = mtod(m, struct sadb_msg *); 3796 3797 bzero(p, len); 3798 p->sadb_msg_version = PF_KEY_V2; 3799 p->sadb_msg_type = type; 3800 p->sadb_msg_errno = 0; 3801 p->sadb_msg_satype = satype; 3802 p->sadb_msg_len = PFKEY_UNIT64(tlen); 3803 p->sadb_msg_reserved = reserved; 3804 p->sadb_msg_seq = seq; 3805 p->sadb_msg_pid = (u_int32_t)pid; 3806 3807 return m; 3808 } 3809 3810 /* 3811 * copy secasvar data into sadb_address. 3812 */ 3813 static struct mbuf * 3814 key_setsadbsa(struct secasvar *sav) 3815 { 3816 struct mbuf *m; 3817 struct sadb_sa *p; 3818 int len; 3819 3820 len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); 3821 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3822 if (m == NULL) 3823 return (NULL); 3824 m_align(m, len); 3825 m->m_len = len; 3826 p = mtod(m, struct sadb_sa *); 3827 bzero(p, len); 3828 p->sadb_sa_len = PFKEY_UNIT64(len); 3829 p->sadb_sa_exttype = SADB_EXT_SA; 3830 p->sadb_sa_spi = sav->spi; 3831 p->sadb_sa_replay = sav->replay ? 3832 (sav->replay->wsize > UINT8_MAX ? UINT8_MAX : 3833 sav->replay->wsize): 0; 3834 p->sadb_sa_state = sav->state; 3835 p->sadb_sa_auth = sav->alg_auth; 3836 p->sadb_sa_encrypt = sav->alg_enc; 3837 p->sadb_sa_flags = sav->flags & SADB_KEY_FLAGS_MAX; 3838 return (m); 3839 } 3840 3841 /* 3842 * set data into sadb_address. 3843 */ 3844 static struct mbuf * 3845 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr, 3846 u_int8_t prefixlen, u_int16_t ul_proto) 3847 { 3848 struct mbuf *m; 3849 struct sadb_address *p; 3850 size_t len; 3851 3852 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + 3853 PFKEY_ALIGN8(saddr->sa_len); 3854 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3855 if (m == NULL) 3856 return (NULL); 3857 m_align(m, len); 3858 m->m_len = len; 3859 p = mtod(m, struct sadb_address *); 3860 3861 bzero(p, len); 3862 p->sadb_address_len = PFKEY_UNIT64(len); 3863 p->sadb_address_exttype = exttype; 3864 p->sadb_address_proto = ul_proto; 3865 if (prefixlen == FULLMASK) { 3866 switch (saddr->sa_family) { 3867 case AF_INET: 3868 prefixlen = sizeof(struct in_addr) << 3; 3869 break; 3870 case AF_INET6: 3871 prefixlen = sizeof(struct in6_addr) << 3; 3872 break; 3873 default: 3874 ; /*XXX*/ 3875 } 3876 } 3877 p->sadb_address_prefixlen = prefixlen; 3878 p->sadb_address_reserved = 0; 3879 3880 bcopy(saddr, 3881 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)), 3882 saddr->sa_len); 3883 3884 return m; 3885 } 3886 3887 /* 3888 * set data into sadb_x_sa2. 3889 */ 3890 static struct mbuf * 3891 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid) 3892 { 3893 struct mbuf *m; 3894 struct sadb_x_sa2 *p; 3895 size_t len; 3896 3897 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); 3898 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3899 if (m == NULL) 3900 return (NULL); 3901 m_align(m, len); 3902 m->m_len = len; 3903 p = mtod(m, struct sadb_x_sa2 *); 3904 3905 bzero(p, len); 3906 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 3907 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 3908 p->sadb_x_sa2_mode = mode; 3909 p->sadb_x_sa2_reserved1 = 0; 3910 p->sadb_x_sa2_reserved2 = 0; 3911 p->sadb_x_sa2_sequence = seq; 3912 p->sadb_x_sa2_reqid = reqid; 3913 3914 return m; 3915 } 3916 3917 /* 3918 * Set data into sadb_x_sa_replay. 3919 */ 3920 static struct mbuf * 3921 key_setsadbxsareplay(u_int32_t replay) 3922 { 3923 struct mbuf *m; 3924 struct sadb_x_sa_replay *p; 3925 size_t len; 3926 3927 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa_replay)); 3928 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3929 if (m == NULL) 3930 return (NULL); 3931 m_align(m, len); 3932 m->m_len = len; 3933 p = mtod(m, struct sadb_x_sa_replay *); 3934 3935 bzero(p, len); 3936 p->sadb_x_sa_replay_len = PFKEY_UNIT64(len); 3937 p->sadb_x_sa_replay_exttype = SADB_X_EXT_SA_REPLAY; 3938 p->sadb_x_sa_replay_replay = (replay << 3); 3939 3940 return m; 3941 } 3942 3943 /* 3944 * Set a type in sadb_x_nat_t_type. 3945 */ 3946 static struct mbuf * 3947 key_setsadbxtype(u_int16_t type) 3948 { 3949 struct mbuf *m; 3950 size_t len; 3951 struct sadb_x_nat_t_type *p; 3952 3953 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type)); 3954 3955 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3956 if (m == NULL) 3957 return (NULL); 3958 m_align(m, len); 3959 m->m_len = len; 3960 p = mtod(m, struct sadb_x_nat_t_type *); 3961 3962 bzero(p, len); 3963 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len); 3964 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 3965 p->sadb_x_nat_t_type_type = type; 3966 3967 return (m); 3968 } 3969 /* 3970 * Set a port in sadb_x_nat_t_port. 3971 * In contrast to default RFC 2367 behaviour, port is in network byte order. 3972 */ 3973 static struct mbuf * 3974 key_setsadbxport(u_int16_t port, u_int16_t type) 3975 { 3976 struct mbuf *m; 3977 size_t len; 3978 struct sadb_x_nat_t_port *p; 3979 3980 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port)); 3981 3982 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3983 if (m == NULL) 3984 return (NULL); 3985 m_align(m, len); 3986 m->m_len = len; 3987 p = mtod(m, struct sadb_x_nat_t_port *); 3988 3989 bzero(p, len); 3990 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len); 3991 p->sadb_x_nat_t_port_exttype = type; 3992 p->sadb_x_nat_t_port_port = port; 3993 3994 return (m); 3995 } 3996 3997 /* 3998 * Get port from sockaddr. Port is in network byte order. 3999 */ 4000 uint16_t 4001 key_portfromsaddr(struct sockaddr *sa) 4002 { 4003 4004 switch (sa->sa_family) { 4005 #ifdef INET 4006 case AF_INET: 4007 return ((struct sockaddr_in *)sa)->sin_port; 4008 #endif 4009 #ifdef INET6 4010 case AF_INET6: 4011 return ((struct sockaddr_in6 *)sa)->sin6_port; 4012 #endif 4013 } 4014 return (0); 4015 } 4016 4017 /* 4018 * Set port in struct sockaddr. Port is in network byte order. 4019 */ 4020 void 4021 key_porttosaddr(struct sockaddr *sa, uint16_t port) 4022 { 4023 4024 switch (sa->sa_family) { 4025 #ifdef INET 4026 case AF_INET: 4027 ((struct sockaddr_in *)sa)->sin_port = port; 4028 break; 4029 #endif 4030 #ifdef INET6 4031 case AF_INET6: 4032 ((struct sockaddr_in6 *)sa)->sin6_port = port; 4033 break; 4034 #endif 4035 default: 4036 ipseclog((LOG_DEBUG, "%s: unexpected address family %d.\n", 4037 __func__, sa->sa_family)); 4038 break; 4039 } 4040 } 4041 4042 /* 4043 * set data into sadb_x_policy 4044 */ 4045 static struct mbuf * 4046 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id, u_int32_t priority) 4047 { 4048 struct mbuf *m; 4049 struct sadb_x_policy *p; 4050 size_t len; 4051 4052 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); 4053 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4054 if (m == NULL) 4055 return (NULL); 4056 m_align(m, len); 4057 m->m_len = len; 4058 p = mtod(m, struct sadb_x_policy *); 4059 4060 bzero(p, len); 4061 p->sadb_x_policy_len = PFKEY_UNIT64(len); 4062 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 4063 p->sadb_x_policy_type = type; 4064 p->sadb_x_policy_dir = dir; 4065 p->sadb_x_policy_id = id; 4066 p->sadb_x_policy_priority = priority; 4067 4068 return m; 4069 } 4070 4071 /* %%% utilities */ 4072 /* Take a key message (sadb_key) from the socket and turn it into one 4073 * of the kernel's key structures (seckey). 4074 * 4075 * IN: pointer to the src 4076 * OUT: NULL no more memory 4077 */ 4078 struct seckey * 4079 key_dup_keymsg(const struct sadb_key *src, size_t len, 4080 struct malloc_type *type) 4081 { 4082 struct seckey *dst; 4083 4084 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4085 if (dst != NULL) { 4086 dst->bits = src->sadb_key_bits; 4087 dst->key_data = malloc(len, type, M_NOWAIT); 4088 if (dst->key_data != NULL) { 4089 bcopy((const char *)(src + 1), dst->key_data, len); 4090 } else { 4091 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4092 __func__)); 4093 free(dst, type); 4094 dst = NULL; 4095 } 4096 } else { 4097 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4098 __func__)); 4099 } 4100 return (dst); 4101 } 4102 4103 /* Take a lifetime message (sadb_lifetime) passed in on a socket and 4104 * turn it into one of the kernel's lifetime structures (seclifetime). 4105 * 4106 * IN: pointer to the destination, source and malloc type 4107 * OUT: NULL, no more memory 4108 */ 4109 4110 static struct seclifetime * 4111 key_dup_lifemsg(const struct sadb_lifetime *src, struct malloc_type *type) 4112 { 4113 struct seclifetime *dst; 4114 4115 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4116 if (dst == NULL) { 4117 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 4118 return (NULL); 4119 } 4120 dst->allocations = src->sadb_lifetime_allocations; 4121 dst->bytes = src->sadb_lifetime_bytes; 4122 dst->addtime = src->sadb_lifetime_addtime; 4123 dst->usetime = src->sadb_lifetime_usetime; 4124 return (dst); 4125 } 4126 4127 /* 4128 * compare two secasindex structure. 4129 * flag can specify to compare 2 saidxes. 4130 * compare two secasindex structure without both mode and reqid. 4131 * don't compare port. 4132 * IN: 4133 * saidx0: source, it can be in SAD. 4134 * saidx1: object. 4135 * OUT: 4136 * 1 : equal 4137 * 0 : not equal 4138 */ 4139 static int 4140 key_cmpsaidx(const struct secasindex *saidx0, const struct secasindex *saidx1, 4141 int flag) 4142 { 4143 4144 /* sanity */ 4145 if (saidx0 == NULL && saidx1 == NULL) 4146 return 1; 4147 4148 if (saidx0 == NULL || saidx1 == NULL) 4149 return 0; 4150 4151 if (saidx0->proto != saidx1->proto) 4152 return 0; 4153 4154 if (flag == CMP_EXACTLY) { 4155 if (saidx0->mode != saidx1->mode) 4156 return 0; 4157 if (saidx0->reqid != saidx1->reqid) 4158 return 0; 4159 if (bcmp(&saidx0->src, &saidx1->src, 4160 saidx0->src.sa.sa_len) != 0 || 4161 bcmp(&saidx0->dst, &saidx1->dst, 4162 saidx0->dst.sa.sa_len) != 0) 4163 return 0; 4164 } else { 4165 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */ 4166 if (flag == CMP_MODE_REQID || flag == CMP_REQID) { 4167 /* 4168 * If reqid of SPD is non-zero, unique SA is required. 4169 * The result must be of same reqid in this case. 4170 */ 4171 if (saidx1->reqid != 0 && 4172 saidx0->reqid != saidx1->reqid) 4173 return 0; 4174 } 4175 4176 if (flag == CMP_MODE_REQID) { 4177 if (saidx0->mode != IPSEC_MODE_ANY 4178 && saidx0->mode != saidx1->mode) 4179 return 0; 4180 } 4181 4182 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, 0) != 0) 4183 return 0; 4184 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, 0) != 0) 4185 return 0; 4186 } 4187 4188 return 1; 4189 } 4190 4191 /* 4192 * compare two secindex structure exactly. 4193 * IN: 4194 * spidx0: source, it is often in SPD. 4195 * spidx1: object, it is often from PFKEY message. 4196 * OUT: 4197 * 1 : equal 4198 * 0 : not equal 4199 */ 4200 static int 4201 key_cmpspidx_exactly(struct secpolicyindex *spidx0, 4202 struct secpolicyindex *spidx1) 4203 { 4204 /* sanity */ 4205 if (spidx0 == NULL && spidx1 == NULL) 4206 return 1; 4207 4208 if (spidx0 == NULL || spidx1 == NULL) 4209 return 0; 4210 4211 if (spidx0->prefs != spidx1->prefs 4212 || spidx0->prefd != spidx1->prefd 4213 || spidx0->ul_proto != spidx1->ul_proto 4214 || spidx0->dir != spidx1->dir) 4215 return 0; 4216 4217 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 && 4218 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0; 4219 } 4220 4221 /* 4222 * compare two secindex structure with mask. 4223 * IN: 4224 * spidx0: source, it is often in SPD. 4225 * spidx1: object, it is often from IP header. 4226 * OUT: 4227 * 1 : equal 4228 * 0 : not equal 4229 */ 4230 static int 4231 key_cmpspidx_withmask(struct secpolicyindex *spidx0, 4232 struct secpolicyindex *spidx1) 4233 { 4234 /* sanity */ 4235 if (spidx0 == NULL && spidx1 == NULL) 4236 return 1; 4237 4238 if (spidx0 == NULL || spidx1 == NULL) 4239 return 0; 4240 4241 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family || 4242 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family || 4243 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len || 4244 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) 4245 return 0; 4246 4247 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ 4248 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY 4249 && spidx0->ul_proto != spidx1->ul_proto) 4250 return 0; 4251 4252 switch (spidx0->src.sa.sa_family) { 4253 case AF_INET: 4254 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY 4255 && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) 4256 return 0; 4257 if (!key_bbcmp(&spidx0->src.sin.sin_addr, 4258 &spidx1->src.sin.sin_addr, spidx0->prefs)) 4259 return 0; 4260 break; 4261 case AF_INET6: 4262 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY 4263 && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) 4264 return 0; 4265 /* 4266 * scope_id check. if sin6_scope_id is 0, we regard it 4267 * as a wildcard scope, which matches any scope zone ID. 4268 */ 4269 if (spidx0->src.sin6.sin6_scope_id && 4270 spidx1->src.sin6.sin6_scope_id && 4271 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) 4272 return 0; 4273 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr, 4274 &spidx1->src.sin6.sin6_addr, spidx0->prefs)) 4275 return 0; 4276 break; 4277 default: 4278 /* XXX */ 4279 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) 4280 return 0; 4281 break; 4282 } 4283 4284 switch (spidx0->dst.sa.sa_family) { 4285 case AF_INET: 4286 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY 4287 && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) 4288 return 0; 4289 if (!key_bbcmp(&spidx0->dst.sin.sin_addr, 4290 &spidx1->dst.sin.sin_addr, spidx0->prefd)) 4291 return 0; 4292 break; 4293 case AF_INET6: 4294 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY 4295 && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) 4296 return 0; 4297 /* 4298 * scope_id check. if sin6_scope_id is 0, we regard it 4299 * as a wildcard scope, which matches any scope zone ID. 4300 */ 4301 if (spidx0->dst.sin6.sin6_scope_id && 4302 spidx1->dst.sin6.sin6_scope_id && 4303 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) 4304 return 0; 4305 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr, 4306 &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) 4307 return 0; 4308 break; 4309 default: 4310 /* XXX */ 4311 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) 4312 return 0; 4313 break; 4314 } 4315 4316 /* XXX Do we check other field ? e.g. flowinfo */ 4317 4318 return 1; 4319 } 4320 4321 #ifdef satosin 4322 #undef satosin 4323 #endif 4324 #define satosin(s) ((const struct sockaddr_in *)s) 4325 #ifdef satosin6 4326 #undef satosin6 4327 #endif 4328 #define satosin6(s) ((const struct sockaddr_in6 *)s) 4329 /* returns 0 on match */ 4330 int 4331 key_sockaddrcmp(const struct sockaddr *sa1, const struct sockaddr *sa2, 4332 int port) 4333 { 4334 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4335 return 1; 4336 4337 switch (sa1->sa_family) { 4338 #ifdef INET 4339 case AF_INET: 4340 if (sa1->sa_len != sizeof(struct sockaddr_in)) 4341 return 1; 4342 if (satosin(sa1)->sin_addr.s_addr != 4343 satosin(sa2)->sin_addr.s_addr) { 4344 return 1; 4345 } 4346 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port) 4347 return 1; 4348 break; 4349 #endif 4350 #ifdef INET6 4351 case AF_INET6: 4352 if (sa1->sa_len != sizeof(struct sockaddr_in6)) 4353 return 1; /*EINVAL*/ 4354 if (satosin6(sa1)->sin6_scope_id != 4355 satosin6(sa2)->sin6_scope_id) { 4356 return 1; 4357 } 4358 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr, 4359 &satosin6(sa2)->sin6_addr)) { 4360 return 1; 4361 } 4362 if (port && 4363 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) { 4364 return 1; 4365 } 4366 break; 4367 #endif 4368 default: 4369 if (bcmp(sa1, sa2, sa1->sa_len) != 0) 4370 return 1; 4371 break; 4372 } 4373 4374 return 0; 4375 } 4376 4377 /* returns 0 on match */ 4378 int 4379 key_sockaddrcmp_withmask(const struct sockaddr *sa1, 4380 const struct sockaddr *sa2, size_t mask) 4381 { 4382 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4383 return (1); 4384 4385 switch (sa1->sa_family) { 4386 #ifdef INET 4387 case AF_INET: 4388 return (!key_bbcmp(&satosin(sa1)->sin_addr, 4389 &satosin(sa2)->sin_addr, mask)); 4390 #endif 4391 #ifdef INET6 4392 case AF_INET6: 4393 if (satosin6(sa1)->sin6_scope_id != 4394 satosin6(sa2)->sin6_scope_id) 4395 return (1); 4396 return (!key_bbcmp(&satosin6(sa1)->sin6_addr, 4397 &satosin6(sa2)->sin6_addr, mask)); 4398 #endif 4399 } 4400 return (1); 4401 } 4402 #undef satosin 4403 #undef satosin6 4404 4405 /* 4406 * compare two buffers with mask. 4407 * IN: 4408 * addr1: source 4409 * addr2: object 4410 * bits: Number of bits to compare 4411 * OUT: 4412 * 1 : equal 4413 * 0 : not equal 4414 */ 4415 static int 4416 key_bbcmp(const void *a1, const void *a2, u_int bits) 4417 { 4418 const unsigned char *p1 = a1; 4419 const unsigned char *p2 = a2; 4420 4421 /* XXX: This could be considerably faster if we compare a word 4422 * at a time, but it is complicated on LSB Endian machines */ 4423 4424 /* Handle null pointers */ 4425 if (p1 == NULL || p2 == NULL) 4426 return (p1 == p2); 4427 4428 while (bits >= 8) { 4429 if (*p1++ != *p2++) 4430 return 0; 4431 bits -= 8; 4432 } 4433 4434 if (bits > 0) { 4435 u_int8_t mask = ~((1<<(8-bits))-1); 4436 if ((*p1 & mask) != (*p2 & mask)) 4437 return 0; 4438 } 4439 return 1; /* Match! */ 4440 } 4441 4442 static void 4443 key_flush_spd(time_t now) 4444 { 4445 SPTREE_RLOCK_TRACKER; 4446 struct secpolicy_list drainq; 4447 struct secpolicy *sp, *nextsp; 4448 u_int dir; 4449 4450 LIST_INIT(&drainq); 4451 SPTREE_RLOCK(); 4452 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 4453 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 4454 if (sp->lifetime == 0 && sp->validtime == 0) 4455 continue; 4456 if ((sp->lifetime && 4457 now - sp->created > sp->lifetime) || 4458 (sp->validtime && 4459 now - sp->lastused > sp->validtime)) { 4460 /* Hold extra reference to send SPDEXPIRE */ 4461 SP_ADDREF(sp); 4462 LIST_INSERT_HEAD(&drainq, sp, drainq); 4463 } 4464 } 4465 } 4466 SPTREE_RUNLOCK(); 4467 if (LIST_EMPTY(&drainq)) 4468 return; 4469 4470 SPTREE_WLOCK(); 4471 sp = LIST_FIRST(&drainq); 4472 while (sp != NULL) { 4473 nextsp = LIST_NEXT(sp, drainq); 4474 /* Check that SP is still linked */ 4475 if (sp->state != IPSEC_SPSTATE_ALIVE) { 4476 LIST_REMOVE(sp, drainq); 4477 key_freesp(&sp); /* release extra reference */ 4478 sp = nextsp; 4479 continue; 4480 } 4481 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 4482 V_spd_size--; 4483 LIST_REMOVE(sp, idhash); 4484 sp->state = IPSEC_SPSTATE_DEAD; 4485 sp = nextsp; 4486 } 4487 V_sp_genid++; 4488 SPTREE_WUNLOCK(); 4489 if (SPDCACHE_ENABLED()) 4490 spdcache_clear(); 4491 4492 sp = LIST_FIRST(&drainq); 4493 while (sp != NULL) { 4494 nextsp = LIST_NEXT(sp, drainq); 4495 key_spdexpire(sp); 4496 key_freesp(&sp); /* release extra reference */ 4497 key_freesp(&sp); /* release last reference */ 4498 sp = nextsp; 4499 } 4500 } 4501 4502 static void 4503 key_flush_sad(time_t now) 4504 { 4505 SAHTREE_RLOCK_TRACKER; 4506 struct secashead_list emptyq; 4507 struct secasvar_list drainq, hexpireq, sexpireq, freeq; 4508 struct secashead *sah, *nextsah; 4509 struct secasvar *sav, *nextsav; 4510 4511 LIST_INIT(&drainq); 4512 LIST_INIT(&hexpireq); 4513 LIST_INIT(&sexpireq); 4514 LIST_INIT(&emptyq); 4515 4516 SAHTREE_RLOCK(); 4517 TAILQ_FOREACH(sah, &V_sahtree, chain) { 4518 /* Check for empty SAH */ 4519 if (TAILQ_EMPTY(&sah->savtree_larval) && 4520 TAILQ_EMPTY(&sah->savtree_alive)) { 4521 SAH_ADDREF(sah); 4522 LIST_INSERT_HEAD(&emptyq, sah, drainq); 4523 continue; 4524 } 4525 /* Add all stale LARVAL SAs into drainq */ 4526 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 4527 if (now - sav->created < V_key_larval_lifetime) 4528 continue; 4529 SAV_ADDREF(sav); 4530 LIST_INSERT_HEAD(&drainq, sav, drainq); 4531 } 4532 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 4533 /* lifetimes aren't specified */ 4534 if (sav->lft_h == NULL) 4535 continue; 4536 SECASVAR_LOCK(sav); 4537 /* 4538 * Check again with lock held, because it may 4539 * be updated by SADB_UPDATE. 4540 */ 4541 if (sav->lft_h == NULL) { 4542 SECASVAR_UNLOCK(sav); 4543 continue; 4544 } 4545 /* 4546 * RFC 2367: 4547 * HARD lifetimes MUST take precedence over SOFT 4548 * lifetimes, meaning if the HARD and SOFT lifetimes 4549 * are the same, the HARD lifetime will appear on the 4550 * EXPIRE message. 4551 */ 4552 /* check HARD lifetime */ 4553 if ((sav->lft_h->addtime != 0 && 4554 now - sav->created > sav->lft_h->addtime) || 4555 (sav->lft_h->usetime != 0 && sav->firstused && 4556 now - sav->firstused > sav->lft_h->usetime) || 4557 (sav->lft_h->bytes != 0 && counter_u64_fetch( 4558 sav->lft_c_bytes) > sav->lft_h->bytes)) { 4559 SECASVAR_UNLOCK(sav); 4560 SAV_ADDREF(sav); 4561 LIST_INSERT_HEAD(&hexpireq, sav, drainq); 4562 continue; 4563 } 4564 /* check SOFT lifetime (only for MATURE SAs) */ 4565 if (sav->state == SADB_SASTATE_MATURE && ( 4566 (sav->lft_s->addtime != 0 && 4567 now - sav->created > sav->lft_s->addtime) || 4568 (sav->lft_s->usetime != 0 && sav->firstused && 4569 now - sav->firstused > sav->lft_s->usetime) || 4570 (sav->lft_s->bytes != 0 && counter_u64_fetch( 4571 sav->lft_c_bytes) > sav->lft_s->bytes) || 4572 (!(sav->flags & SADB_X_SAFLAGS_ESN) && 4573 (sav->replay != NULL) && ( 4574 (sav->replay->count > UINT32_80PCT) || 4575 (sav->replay->last > UINT32_80PCT))))) { 4576 SECASVAR_UNLOCK(sav); 4577 SAV_ADDREF(sav); 4578 LIST_INSERT_HEAD(&sexpireq, sav, drainq); 4579 continue; 4580 } 4581 SECASVAR_UNLOCK(sav); 4582 } 4583 } 4584 SAHTREE_RUNLOCK(); 4585 4586 if (LIST_EMPTY(&emptyq) && LIST_EMPTY(&drainq) && 4587 LIST_EMPTY(&hexpireq) && LIST_EMPTY(&sexpireq)) 4588 return; 4589 4590 LIST_INIT(&freeq); 4591 SAHTREE_WLOCK(); 4592 /* Unlink stale LARVAL SAs */ 4593 sav = LIST_FIRST(&drainq); 4594 while (sav != NULL) { 4595 nextsav = LIST_NEXT(sav, drainq); 4596 /* Check that SA is still LARVAL */ 4597 if (sav->state != SADB_SASTATE_LARVAL) { 4598 LIST_REMOVE(sav, drainq); 4599 LIST_INSERT_HEAD(&freeq, sav, drainq); 4600 sav = nextsav; 4601 continue; 4602 } 4603 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 4604 LIST_REMOVE(sav, spihash); 4605 sav->state = SADB_SASTATE_DEAD; 4606 sav = nextsav; 4607 } 4608 /* Unlink all SAs with expired HARD lifetime */ 4609 sav = LIST_FIRST(&hexpireq); 4610 while (sav != NULL) { 4611 nextsav = LIST_NEXT(sav, drainq); 4612 /* Check that SA is not unlinked */ 4613 if (sav->state == SADB_SASTATE_DEAD) { 4614 LIST_REMOVE(sav, drainq); 4615 LIST_INSERT_HEAD(&freeq, sav, drainq); 4616 sav = nextsav; 4617 continue; 4618 } 4619 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 4620 LIST_REMOVE(sav, spihash); 4621 sav->state = SADB_SASTATE_DEAD; 4622 sav = nextsav; 4623 } 4624 /* Mark all SAs with expired SOFT lifetime as DYING */ 4625 sav = LIST_FIRST(&sexpireq); 4626 while (sav != NULL) { 4627 nextsav = LIST_NEXT(sav, drainq); 4628 /* Check that SA is not unlinked */ 4629 if (sav->state == SADB_SASTATE_DEAD) { 4630 LIST_REMOVE(sav, drainq); 4631 LIST_INSERT_HEAD(&freeq, sav, drainq); 4632 sav = nextsav; 4633 continue; 4634 } 4635 /* 4636 * NOTE: this doesn't change SA order in the chain. 4637 */ 4638 sav->state = SADB_SASTATE_DYING; 4639 sav = nextsav; 4640 } 4641 /* Unlink empty SAHs */ 4642 sah = LIST_FIRST(&emptyq); 4643 while (sah != NULL) { 4644 nextsah = LIST_NEXT(sah, drainq); 4645 /* Check that SAH is still empty and not unlinked */ 4646 if (sah->state == SADB_SASTATE_DEAD || 4647 !TAILQ_EMPTY(&sah->savtree_larval) || 4648 !TAILQ_EMPTY(&sah->savtree_alive)) { 4649 LIST_REMOVE(sah, drainq); 4650 key_freesah(&sah); /* release extra reference */ 4651 sah = nextsah; 4652 continue; 4653 } 4654 TAILQ_REMOVE(&V_sahtree, sah, chain); 4655 LIST_REMOVE(sah, addrhash); 4656 sah->state = SADB_SASTATE_DEAD; 4657 sah = nextsah; 4658 } 4659 SAHTREE_WUNLOCK(); 4660 4661 /* Send SPDEXPIRE messages */ 4662 sav = LIST_FIRST(&hexpireq); 4663 while (sav != NULL) { 4664 nextsav = LIST_NEXT(sav, drainq); 4665 key_expire(sav, 1); 4666 key_freesah(&sav->sah); /* release reference from SAV */ 4667 key_freesav(&sav); /* release extra reference */ 4668 key_freesav(&sav); /* release last reference */ 4669 sav = nextsav; 4670 } 4671 sav = LIST_FIRST(&sexpireq); 4672 while (sav != NULL) { 4673 nextsav = LIST_NEXT(sav, drainq); 4674 key_expire(sav, 0); 4675 key_freesav(&sav); /* release extra reference */ 4676 sav = nextsav; 4677 } 4678 /* Free stale LARVAL SAs */ 4679 sav = LIST_FIRST(&drainq); 4680 while (sav != NULL) { 4681 nextsav = LIST_NEXT(sav, drainq); 4682 key_freesah(&sav->sah); /* release reference from SAV */ 4683 key_freesav(&sav); /* release extra reference */ 4684 key_freesav(&sav); /* release last reference */ 4685 sav = nextsav; 4686 } 4687 /* Free SAs that were unlinked/changed by someone else */ 4688 sav = LIST_FIRST(&freeq); 4689 while (sav != NULL) { 4690 nextsav = LIST_NEXT(sav, drainq); 4691 key_freesav(&sav); /* release extra reference */ 4692 sav = nextsav; 4693 } 4694 /* Free empty SAH */ 4695 sah = LIST_FIRST(&emptyq); 4696 while (sah != NULL) { 4697 nextsah = LIST_NEXT(sah, drainq); 4698 key_freesah(&sah); /* release extra reference */ 4699 key_freesah(&sah); /* release last reference */ 4700 sah = nextsah; 4701 } 4702 } 4703 4704 static void 4705 key_flush_acq(time_t now) 4706 { 4707 struct secacq *acq, *nextacq; 4708 4709 /* ACQ tree */ 4710 ACQ_LOCK(); 4711 acq = LIST_FIRST(&V_acqtree); 4712 while (acq != NULL) { 4713 nextacq = LIST_NEXT(acq, chain); 4714 if (now - acq->created > V_key_blockacq_lifetime) { 4715 LIST_REMOVE(acq, chain); 4716 LIST_REMOVE(acq, addrhash); 4717 LIST_REMOVE(acq, seqhash); 4718 free(acq, M_IPSEC_SAQ); 4719 } 4720 acq = nextacq; 4721 } 4722 ACQ_UNLOCK(); 4723 } 4724 4725 static void 4726 key_flush_spacq(time_t now) 4727 { 4728 struct secspacq *acq, *nextacq; 4729 4730 /* SP ACQ tree */ 4731 SPACQ_LOCK(); 4732 for (acq = LIST_FIRST(&V_spacqtree); acq != NULL; acq = nextacq) { 4733 nextacq = LIST_NEXT(acq, chain); 4734 if (now - acq->created > V_key_blockacq_lifetime 4735 && __LIST_CHAINED(acq)) { 4736 LIST_REMOVE(acq, chain); 4737 free(acq, M_IPSEC_SAQ); 4738 } 4739 } 4740 SPACQ_UNLOCK(); 4741 } 4742 4743 /* 4744 * time handler. 4745 * scanning SPD and SAD to check status for each entries, 4746 * and do to remove or to expire. 4747 * XXX: year 2038 problem may remain. 4748 */ 4749 static void 4750 key_timehandler(void *arg) 4751 { 4752 VNET_ITERATOR_DECL(vnet_iter); 4753 time_t now = time_second; 4754 4755 VNET_LIST_RLOCK_NOSLEEP(); 4756 VNET_FOREACH(vnet_iter) { 4757 CURVNET_SET(vnet_iter); 4758 key_flush_spd(now); 4759 key_flush_sad(now); 4760 key_flush_acq(now); 4761 key_flush_spacq(now); 4762 CURVNET_RESTORE(); 4763 } 4764 VNET_LIST_RUNLOCK_NOSLEEP(); 4765 4766 #ifndef IPSEC_DEBUG2 4767 /* do exchange to tick time !! */ 4768 callout_schedule(&key_timer, hz); 4769 #endif /* IPSEC_DEBUG2 */ 4770 } 4771 4772 u_long 4773 key_random(void) 4774 { 4775 u_long value; 4776 4777 arc4random_buf(&value, sizeof(value)); 4778 return value; 4779 } 4780 4781 /* 4782 * map SADB_SATYPE_* to IPPROTO_*. 4783 * if satype == SADB_SATYPE then satype is mapped to ~0. 4784 * OUT: 4785 * 0: invalid satype. 4786 */ 4787 static uint8_t 4788 key_satype2proto(uint8_t satype) 4789 { 4790 switch (satype) { 4791 case SADB_SATYPE_UNSPEC: 4792 return IPSEC_PROTO_ANY; 4793 case SADB_SATYPE_AH: 4794 return IPPROTO_AH; 4795 case SADB_SATYPE_ESP: 4796 return IPPROTO_ESP; 4797 case SADB_X_SATYPE_IPCOMP: 4798 return IPPROTO_IPCOMP; 4799 case SADB_X_SATYPE_TCPSIGNATURE: 4800 return IPPROTO_TCP; 4801 default: 4802 return 0; 4803 } 4804 /* NOTREACHED */ 4805 } 4806 4807 /* 4808 * map IPPROTO_* to SADB_SATYPE_* 4809 * OUT: 4810 * 0: invalid protocol type. 4811 */ 4812 static uint8_t 4813 key_proto2satype(uint8_t proto) 4814 { 4815 switch (proto) { 4816 case IPPROTO_AH: 4817 return SADB_SATYPE_AH; 4818 case IPPROTO_ESP: 4819 return SADB_SATYPE_ESP; 4820 case IPPROTO_IPCOMP: 4821 return SADB_X_SATYPE_IPCOMP; 4822 case IPPROTO_TCP: 4823 return SADB_X_SATYPE_TCPSIGNATURE; 4824 default: 4825 return 0; 4826 } 4827 /* NOTREACHED */ 4828 } 4829 4830 /* %%% PF_KEY */ 4831 /* 4832 * SADB_GETSPI processing is to receive 4833 * <base, (SA2), src address, dst address, (SPI range)> 4834 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND 4835 * tree with the status of LARVAL, and send 4836 * <base, SA(*), address(SD)> 4837 * to the IKMPd. 4838 * 4839 * IN: mhp: pointer to the pointer to each header. 4840 * OUT: NULL if fail. 4841 * other if success, return pointer to the message to send. 4842 */ 4843 static int 4844 key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 4845 { 4846 struct secasindex saidx; 4847 struct sadb_address *src0, *dst0; 4848 struct secasvar *sav; 4849 uint32_t reqid, spi; 4850 int error; 4851 uint8_t mode, proto; 4852 4853 IPSEC_ASSERT(so != NULL, ("null socket")); 4854 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4855 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4856 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4857 4858 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 4859 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) 4860 #ifdef PFKEY_STRICT_CHECKS 4861 || SADB_CHECKHDR(mhp, SADB_EXT_SPIRANGE) 4862 #endif 4863 ) { 4864 ipseclog((LOG_DEBUG, 4865 "%s: invalid message: missing required header.\n", 4866 __func__)); 4867 error = EINVAL; 4868 goto fail; 4869 } 4870 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 4871 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) 4872 #ifdef PFKEY_STRICT_CHECKS 4873 || SADB_CHECKLEN(mhp, SADB_EXT_SPIRANGE) 4874 #endif 4875 ) { 4876 ipseclog((LOG_DEBUG, 4877 "%s: invalid message: wrong header size.\n", __func__)); 4878 error = EINVAL; 4879 goto fail; 4880 } 4881 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 4882 mode = IPSEC_MODE_ANY; 4883 reqid = 0; 4884 } else { 4885 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 4886 ipseclog((LOG_DEBUG, 4887 "%s: invalid message: wrong header size.\n", 4888 __func__)); 4889 error = EINVAL; 4890 goto fail; 4891 } 4892 mode = ((struct sadb_x_sa2 *) 4893 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 4894 reqid = ((struct sadb_x_sa2 *) 4895 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 4896 } 4897 4898 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 4899 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 4900 4901 /* map satype to proto */ 4902 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 4903 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 4904 __func__)); 4905 error = EINVAL; 4906 goto fail; 4907 } 4908 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 4909 (struct sockaddr *)(dst0 + 1)); 4910 if (error != 0) { 4911 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 4912 error = EINVAL; 4913 goto fail; 4914 } 4915 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 4916 4917 /* SPI allocation */ 4918 SPI_ALLOC_LOCK(); 4919 spi = key_do_getnewspi( 4920 (struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], &saidx); 4921 if (spi == 0) { 4922 /* 4923 * Requested SPI or SPI range is not available or 4924 * already used. 4925 */ 4926 SPI_ALLOC_UNLOCK(); 4927 error = EEXIST; 4928 goto fail; 4929 } 4930 sav = key_newsav(mhp, &saidx, spi, &error); 4931 SPI_ALLOC_UNLOCK(); 4932 if (sav == NULL) 4933 goto fail; 4934 4935 if (sav->seq != 0) { 4936 /* 4937 * RFC2367: 4938 * If the SADB_GETSPI message is in response to a 4939 * kernel-generated SADB_ACQUIRE, the sadb_msg_seq 4940 * MUST be the same as the SADB_ACQUIRE message. 4941 * 4942 * XXXAE: However it doesn't definethe behaviour how to 4943 * check this and what to do if it doesn't match. 4944 * Also what we should do if it matches? 4945 * 4946 * We can compare saidx used in SADB_ACQUIRE with saidx 4947 * used in SADB_GETSPI, but this probably can break 4948 * existing software. For now just warn if it doesn't match. 4949 * 4950 * XXXAE: anyway it looks useless. 4951 */ 4952 key_acqdone(&saidx, sav->seq); 4953 } 4954 KEYDBG(KEY_STAMP, 4955 printf("%s: SA(%p)\n", __func__, sav)); 4956 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 4957 4958 { 4959 struct mbuf *n, *nn; 4960 struct sadb_sa *m_sa; 4961 struct sadb_msg *newmsg; 4962 int off, len; 4963 4964 /* create new sadb_msg to reply. */ 4965 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 4966 PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4967 4968 MGETHDR(n, M_NOWAIT, MT_DATA); 4969 if (len > MHLEN) { 4970 if (!(MCLGET(n, M_NOWAIT))) { 4971 m_freem(n); 4972 n = NULL; 4973 } 4974 } 4975 if (!n) { 4976 error = ENOBUFS; 4977 goto fail; 4978 } 4979 4980 n->m_len = len; 4981 n->m_next = NULL; 4982 off = 0; 4983 4984 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 4985 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 4986 4987 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off); 4988 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); 4989 m_sa->sadb_sa_exttype = SADB_EXT_SA; 4990 m_sa->sadb_sa_spi = spi; /* SPI is already in network byte order */ 4991 off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4992 4993 IPSEC_ASSERT(off == len, 4994 ("length inconsistency (off %u len %u)", off, len)); 4995 4996 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, 4997 SADB_EXT_ADDRESS_DST); 4998 if (!n->m_next) { 4999 m_freem(n); 5000 error = ENOBUFS; 5001 goto fail; 5002 } 5003 5004 if (n->m_len < sizeof(struct sadb_msg)) { 5005 n = m_pullup(n, sizeof(struct sadb_msg)); 5006 if (n == NULL) 5007 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 5008 } 5009 5010 n->m_pkthdr.len = 0; 5011 for (nn = n; nn; nn = nn->m_next) 5012 n->m_pkthdr.len += nn->m_len; 5013 5014 newmsg = mtod(n, struct sadb_msg *); 5015 newmsg->sadb_msg_seq = sav->seq; 5016 newmsg->sadb_msg_errno = 0; 5017 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5018 5019 m_freem(m); 5020 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 5021 } 5022 5023 fail: 5024 return (key_senderror(so, m, error)); 5025 } 5026 5027 /* 5028 * allocating new SPI 5029 * called by key_getspi(). 5030 * OUT: 5031 * 0: failure. 5032 * others: success, SPI in network byte order. 5033 */ 5034 static uint32_t 5035 key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx) 5036 { 5037 uint32_t min, max, newspi, t; 5038 int tries, limit; 5039 5040 SPI_ALLOC_LOCK_ASSERT(); 5041 5042 /* set spi range to allocate */ 5043 if (spirange != NULL) { 5044 min = spirange->sadb_spirange_min; 5045 max = spirange->sadb_spirange_max; 5046 } else { 5047 min = V_key_spi_minval; 5048 max = V_key_spi_maxval; 5049 } 5050 /* IPCOMP needs 2-byte SPI */ 5051 if (saidx->proto == IPPROTO_IPCOMP) { 5052 if (min >= 0x10000) 5053 min = 0xffff; 5054 if (max >= 0x10000) 5055 max = 0xffff; 5056 if (min > max) { 5057 t = min; min = max; max = t; 5058 } 5059 } 5060 5061 if (min == max) { 5062 if (key_checkspidup(htonl(min))) { 5063 ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n", 5064 __func__, min)); 5065 return 0; 5066 } 5067 5068 tries = 1; 5069 newspi = min; 5070 } else { 5071 /* init SPI */ 5072 newspi = 0; 5073 5074 limit = atomic_load_int(&V_key_spi_trycnt); 5075 /* when requesting to allocate spi ranged */ 5076 for (tries = 0; tries < limit; tries++) { 5077 /* generate pseudo-random SPI value ranged. */ 5078 newspi = min + (key_random() % (max - min + 1)); 5079 if (!key_checkspidup(htonl(newspi))) 5080 break; 5081 } 5082 5083 if (tries == limit || newspi == 0) { 5084 ipseclog((LOG_DEBUG, 5085 "%s: failed to allocate SPI.\n", __func__)); 5086 return 0; 5087 } 5088 } 5089 5090 /* statistics */ 5091 keystat.getspi_count = 5092 (keystat.getspi_count + tries) / 2; 5093 5094 return (htonl(newspi)); 5095 } 5096 5097 /* 5098 * Find TCP-MD5 SA with corresponding secasindex. 5099 * If not found, return NULL and fill SPI with usable value if needed. 5100 */ 5101 static struct secasvar * 5102 key_getsav_tcpmd5(struct secasindex *saidx, uint32_t *spi) 5103 { 5104 SAHTREE_RLOCK_TRACKER; 5105 struct secashead *sah; 5106 struct secasvar *sav; 5107 5108 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, ("wrong proto")); 5109 SAHTREE_RLOCK(); 5110 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 5111 if (sah->saidx.proto != IPPROTO_TCP) 5112 continue; 5113 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 5114 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 5115 break; 5116 } 5117 if (sah != NULL) { 5118 if (V_key_preferred_oldsa) 5119 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 5120 else 5121 sav = TAILQ_FIRST(&sah->savtree_alive); 5122 if (sav != NULL) { 5123 SAV_ADDREF(sav); 5124 SAHTREE_RUNLOCK(); 5125 return (sav); 5126 } 5127 } 5128 if (spi == NULL) { 5129 /* No SPI required */ 5130 SAHTREE_RUNLOCK(); 5131 return (NULL); 5132 } 5133 /* Check that SPI is unique */ 5134 LIST_FOREACH(sav, SAVHASH_HASH(*spi), spihash) { 5135 if (sav->spi == *spi) 5136 break; 5137 } 5138 if (sav == NULL) { 5139 SAHTREE_RUNLOCK(); 5140 /* SPI is already unique */ 5141 return (NULL); 5142 } 5143 SAHTREE_RUNLOCK(); 5144 /* XXX: not optimal */ 5145 *spi = key_do_getnewspi(NULL, saidx); 5146 return (NULL); 5147 } 5148 5149 static int 5150 key_updateaddresses(struct socket *so, struct mbuf *m, 5151 const struct sadb_msghdr *mhp, struct secasvar *sav, 5152 struct secasindex *saidx) 5153 { 5154 struct sockaddr *newaddr; 5155 struct secashead *sah; 5156 struct secasvar *newsav, *tmp; 5157 struct mbuf *n; 5158 int error, isnew; 5159 5160 /* Check that we need to change SAH */ 5161 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC)) { 5162 newaddr = (struct sockaddr *)( 5163 ((struct sadb_address *) 5164 mhp->ext[SADB_X_EXT_NEW_ADDRESS_SRC]) + 1); 5165 bcopy(newaddr, &saidx->src, newaddr->sa_len); 5166 key_porttosaddr(&saidx->src.sa, 0); 5167 } 5168 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5169 newaddr = (struct sockaddr *)( 5170 ((struct sadb_address *) 5171 mhp->ext[SADB_X_EXT_NEW_ADDRESS_DST]) + 1); 5172 bcopy(newaddr, &saidx->dst, newaddr->sa_len); 5173 key_porttosaddr(&saidx->dst.sa, 0); 5174 } 5175 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5176 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5177 error = key_checksockaddrs(&saidx->src.sa, &saidx->dst.sa); 5178 if (error != 0) { 5179 ipseclog((LOG_DEBUG, "%s: invalid new sockaddr.\n", 5180 __func__)); 5181 return (error); 5182 } 5183 5184 sah = key_getsah(saidx); 5185 if (sah == NULL) { 5186 /* create a new SA index */ 5187 sah = key_newsah(saidx); 5188 if (sah == NULL) { 5189 ipseclog((LOG_DEBUG, 5190 "%s: No more memory.\n", __func__)); 5191 return (ENOBUFS); 5192 } 5193 isnew = 2; /* SAH is new */ 5194 } else 5195 isnew = 1; /* existing SAH is referenced */ 5196 } else { 5197 /* 5198 * src and dst addresses are still the same. 5199 * Do we want to change NAT-T config? 5200 */ 5201 if (sav->sah->saidx.proto != IPPROTO_ESP || 5202 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5203 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) || 5204 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5205 ipseclog((LOG_DEBUG, 5206 "%s: invalid message: missing required header.\n", 5207 __func__)); 5208 return (EINVAL); 5209 } 5210 /* We hold reference to SA, thus SAH will be referenced too. */ 5211 sah = sav->sah; 5212 isnew = 0; 5213 } 5214 5215 newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, 5216 M_NOWAIT | M_ZERO); 5217 if (newsav == NULL) { 5218 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5219 error = ENOBUFS; 5220 goto fail; 5221 } 5222 5223 /* Clone SA's content into newsav */ 5224 SAV_INITREF(newsav); 5225 bcopy(sav, newsav, offsetof(struct secasvar, chain)); 5226 /* 5227 * We create new NAT-T config if it is needed. 5228 * Old NAT-T config will be freed by key_cleansav() when 5229 * last reference to SA will be released. 5230 */ 5231 newsav->natt = NULL; 5232 newsav->sah = sah; 5233 newsav->state = SADB_SASTATE_MATURE; 5234 error = key_setnatt(newsav, mhp); 5235 if (error != 0) 5236 goto fail; 5237 5238 SAHTREE_WLOCK(); 5239 /* Check that SA is still alive */ 5240 if (sav->state == SADB_SASTATE_DEAD) { 5241 /* SA was unlinked */ 5242 SAHTREE_WUNLOCK(); 5243 error = ESRCH; 5244 goto fail; 5245 } 5246 5247 /* Unlink SA from SAH and SPI hash */ 5248 IPSEC_ASSERT((sav->flags & SADB_X_EXT_F_CLONED) == 0, 5249 ("SA is already cloned")); 5250 IPSEC_ASSERT(sav->state == SADB_SASTATE_MATURE || 5251 sav->state == SADB_SASTATE_DYING, 5252 ("Wrong SA state %u\n", sav->state)); 5253 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 5254 LIST_REMOVE(sav, spihash); 5255 sav->state = SADB_SASTATE_DEAD; 5256 5257 /* 5258 * Link new SA with SAH. Keep SAs ordered by 5259 * create time (newer are first). 5260 */ 5261 TAILQ_FOREACH(tmp, &sah->savtree_alive, chain) { 5262 if (newsav->created > tmp->created) { 5263 TAILQ_INSERT_BEFORE(tmp, newsav, chain); 5264 break; 5265 } 5266 } 5267 if (tmp == NULL) 5268 TAILQ_INSERT_TAIL(&sah->savtree_alive, newsav, chain); 5269 5270 /* Add new SA into SPI hash. */ 5271 LIST_INSERT_HEAD(SAVHASH_HASH(newsav->spi), newsav, spihash); 5272 5273 /* Add new SAH into SADB. */ 5274 if (isnew == 2) { 5275 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 5276 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 5277 sah->state = SADB_SASTATE_MATURE; 5278 SAH_ADDREF(sah); /* newsav references new SAH */ 5279 } 5280 /* 5281 * isnew == 1 -> @sah was referenced by key_getsah(). 5282 * isnew == 0 -> we use the same @sah, that was used by @sav, 5283 * and we use its reference for @newsav. 5284 */ 5285 SECASVAR_LOCK(sav); 5286 /* XXX: replace cntr with pointer? */ 5287 newsav->cntr = sav->cntr; 5288 sav->flags |= SADB_X_EXT_F_CLONED; 5289 SECASVAR_UNLOCK(sav); 5290 5291 SAHTREE_WUNLOCK(); 5292 5293 KEYDBG(KEY_STAMP, 5294 printf("%s: SA(%p) cloned into SA(%p)\n", 5295 __func__, sav, newsav)); 5296 KEYDBG(KEY_DATA, kdebug_secasv(newsav)); 5297 5298 key_freesav(&sav); /* release last reference */ 5299 5300 /* set msg buf from mhp */ 5301 n = key_getmsgbuf_x1(m, mhp); 5302 if (n == NULL) { 5303 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5304 return (ENOBUFS); 5305 } 5306 m_freem(m); 5307 key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5308 return (0); 5309 fail: 5310 if (isnew != 0) 5311 key_freesah(&sah); 5312 if (newsav != NULL) { 5313 if (newsav->natt != NULL) 5314 free(newsav->natt, M_IPSEC_MISC); 5315 free(newsav, M_IPSEC_SA); 5316 } 5317 return (error); 5318 } 5319 5320 /* 5321 * SADB_UPDATE processing 5322 * receive 5323 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5324 * key(AE), (identity(SD),) (sensitivity)> 5325 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. 5326 * and send 5327 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5328 * (identity(SD),) (sensitivity)> 5329 * to the ikmpd. 5330 * 5331 * m will always be freed. 5332 */ 5333 static int 5334 key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5335 { 5336 struct secasindex saidx; 5337 struct sadb_address *src0, *dst0; 5338 struct sadb_sa *sa0; 5339 struct secasvar *sav; 5340 uint32_t reqid; 5341 int error; 5342 uint8_t mode, proto; 5343 5344 IPSEC_ASSERT(so != NULL, ("null socket")); 5345 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5346 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5347 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5348 5349 /* map satype to proto */ 5350 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5351 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5352 __func__)); 5353 return key_senderror(so, m, EINVAL); 5354 } 5355 5356 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5357 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5358 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5359 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5360 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5361 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5362 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5363 ipseclog((LOG_DEBUG, 5364 "%s: invalid message: missing required header.\n", 5365 __func__)); 5366 return key_senderror(so, m, EINVAL); 5367 } 5368 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5369 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5370 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5371 ipseclog((LOG_DEBUG, 5372 "%s: invalid message: wrong header size.\n", __func__)); 5373 return key_senderror(so, m, EINVAL); 5374 } 5375 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5376 mode = IPSEC_MODE_ANY; 5377 reqid = 0; 5378 } else { 5379 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5380 ipseclog((LOG_DEBUG, 5381 "%s: invalid message: wrong header size.\n", 5382 __func__)); 5383 return key_senderror(so, m, EINVAL); 5384 } 5385 mode = ((struct sadb_x_sa2 *) 5386 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5387 reqid = ((struct sadb_x_sa2 *) 5388 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5389 } 5390 5391 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5392 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5393 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5394 5395 /* 5396 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5397 * SADB_UPDATE message. 5398 */ 5399 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5400 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5401 #ifdef PFKEY_STRICT_CHECKS 5402 return key_senderror(so, m, EINVAL); 5403 #endif 5404 } 5405 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5406 (struct sockaddr *)(dst0 + 1)); 5407 if (error != 0) { 5408 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5409 return key_senderror(so, m, error); 5410 } 5411 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5412 sav = key_getsavbyspi(sa0->sadb_sa_spi); 5413 if (sav == NULL) { 5414 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u\n", 5415 __func__, ntohl(sa0->sadb_sa_spi))); 5416 return key_senderror(so, m, EINVAL); 5417 } 5418 /* 5419 * Check that SADB_UPDATE issued by the same process that did 5420 * SADB_GETSPI or SADB_ADD. 5421 */ 5422 if (sav->pid != mhp->msg->sadb_msg_pid) { 5423 ipseclog((LOG_DEBUG, 5424 "%s: pid mismatched (SPI %u, pid %u vs. %u)\n", __func__, 5425 ntohl(sav->spi), sav->pid, mhp->msg->sadb_msg_pid)); 5426 key_freesav(&sav); 5427 return key_senderror(so, m, EINVAL); 5428 } 5429 /* saidx should match with SA. */ 5430 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_MODE_REQID) == 0) { 5431 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u\n", 5432 __func__, ntohl(sav->spi))); 5433 key_freesav(&sav); 5434 return key_senderror(so, m, ESRCH); 5435 } 5436 5437 if (sav->state == SADB_SASTATE_LARVAL) { 5438 if ((mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5439 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) || 5440 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5441 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH))) { 5442 ipseclog((LOG_DEBUG, 5443 "%s: invalid message: missing required header.\n", 5444 __func__)); 5445 key_freesav(&sav); 5446 return key_senderror(so, m, EINVAL); 5447 } 5448 /* 5449 * We can set any values except src, dst and SPI. 5450 */ 5451 error = key_setsaval(sav, mhp); 5452 if (error != 0) { 5453 key_freesav(&sav); 5454 return (key_senderror(so, m, error)); 5455 } 5456 /* Change SA state to MATURE */ 5457 SAHTREE_WLOCK(); 5458 if (sav->state != SADB_SASTATE_LARVAL) { 5459 /* SA was deleted or another thread made it MATURE. */ 5460 SAHTREE_WUNLOCK(); 5461 key_freesav(&sav); 5462 return (key_senderror(so, m, ESRCH)); 5463 } 5464 /* 5465 * NOTE: we keep SAs in savtree_alive ordered by created 5466 * time. When SA's state changed from LARVAL to MATURE, 5467 * we update its created time in key_setsaval() and move 5468 * it into head of savtree_alive. 5469 */ 5470 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 5471 TAILQ_INSERT_HEAD(&sav->sah->savtree_alive, sav, chain); 5472 sav->state = SADB_SASTATE_MATURE; 5473 SAHTREE_WUNLOCK(); 5474 } else { 5475 /* 5476 * For DYING and MATURE SA we can change only state 5477 * and lifetimes. Report EINVAL if something else attempted 5478 * to change. 5479 */ 5480 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5481 !SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 5482 key_freesav(&sav); 5483 return (key_senderror(so, m, EINVAL)); 5484 } 5485 error = key_updatelifetimes(sav, mhp); 5486 if (error != 0) { 5487 key_freesav(&sav); 5488 return (key_senderror(so, m, error)); 5489 } 5490 /* 5491 * This is FreeBSD extension to RFC2367. 5492 * IKEd can specify SADB_X_EXT_NEW_ADDRESS_SRC and/or 5493 * SADB_X_EXT_NEW_ADDRESS_DST when it wants to change 5494 * SA addresses (for example to implement MOBIKE protocol 5495 * as described in RFC4555). Also we allow to change 5496 * NAT-T config. 5497 */ 5498 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5499 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST) || 5500 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5501 sav->natt != NULL) { 5502 error = key_updateaddresses(so, m, mhp, sav, &saidx); 5503 key_freesav(&sav); 5504 if (error != 0) 5505 return (key_senderror(so, m, error)); 5506 return (0); 5507 } 5508 /* Check that SA is still alive */ 5509 SAHTREE_WLOCK(); 5510 if (sav->state == SADB_SASTATE_DEAD) { 5511 /* SA was unlinked */ 5512 SAHTREE_WUNLOCK(); 5513 key_freesav(&sav); 5514 return (key_senderror(so, m, ESRCH)); 5515 } 5516 /* 5517 * NOTE: there is possible state moving from DYING to MATURE, 5518 * but this doesn't change created time, so we won't reorder 5519 * this SA. 5520 */ 5521 sav->state = SADB_SASTATE_MATURE; 5522 SAHTREE_WUNLOCK(); 5523 } 5524 KEYDBG(KEY_STAMP, 5525 printf("%s: SA(%p)\n", __func__, sav)); 5526 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5527 key_freesav(&sav); 5528 5529 { 5530 struct mbuf *n; 5531 5532 /* set msg buf from mhp */ 5533 n = key_getmsgbuf_x1(m, mhp); 5534 if (n == NULL) { 5535 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5536 return key_senderror(so, m, ENOBUFS); 5537 } 5538 5539 m_freem(m); 5540 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5541 } 5542 } 5543 5544 /* 5545 * SADB_ADD processing 5546 * add an entry to SA database, when received 5547 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5548 * key(AE), (identity(SD),) (sensitivity)> 5549 * from the ikmpd, 5550 * and send 5551 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5552 * (identity(SD),) (sensitivity)> 5553 * to the ikmpd. 5554 * 5555 * IGNORE identity and sensitivity messages. 5556 * 5557 * m will always be freed. 5558 */ 5559 static int 5560 key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5561 { 5562 struct secasindex saidx; 5563 struct sadb_address *src0, *dst0; 5564 struct sadb_sa *sa0; 5565 struct secasvar *sav; 5566 uint32_t reqid, spi; 5567 uint8_t mode, proto; 5568 int error; 5569 5570 IPSEC_ASSERT(so != NULL, ("null socket")); 5571 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5572 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5573 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5574 5575 /* map satype to proto */ 5576 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5577 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5578 __func__)); 5579 return key_senderror(so, m, EINVAL); 5580 } 5581 5582 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5583 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5584 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5585 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && ( 5586 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5587 SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT))) || 5588 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && ( 5589 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH) || 5590 SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH))) || 5591 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5592 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5593 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5594 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5595 ipseclog((LOG_DEBUG, 5596 "%s: invalid message: missing required header.\n", 5597 __func__)); 5598 return key_senderror(so, m, EINVAL); 5599 } 5600 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5601 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5602 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5603 ipseclog((LOG_DEBUG, 5604 "%s: invalid message: wrong header size.\n", __func__)); 5605 return key_senderror(so, m, EINVAL); 5606 } 5607 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5608 mode = IPSEC_MODE_ANY; 5609 reqid = 0; 5610 } else { 5611 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5612 ipseclog((LOG_DEBUG, 5613 "%s: invalid message: wrong header size.\n", 5614 __func__)); 5615 return key_senderror(so, m, EINVAL); 5616 } 5617 mode = ((struct sadb_x_sa2 *) 5618 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5619 reqid = ((struct sadb_x_sa2 *) 5620 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5621 } 5622 5623 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5624 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 5625 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 5626 5627 /* 5628 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5629 * SADB_ADD message. 5630 */ 5631 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5632 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5633 #ifdef PFKEY_STRICT_CHECKS 5634 return key_senderror(so, m, EINVAL); 5635 #endif 5636 } 5637 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5638 (struct sockaddr *)(dst0 + 1)); 5639 if (error != 0) { 5640 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5641 return key_senderror(so, m, error); 5642 } 5643 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5644 spi = sa0->sadb_sa_spi; 5645 /* 5646 * For TCP-MD5 SAs we don't use SPI. Check the uniqueness using 5647 * secasindex. 5648 * XXXAE: IPComp seems also doesn't use SPI. 5649 */ 5650 SPI_ALLOC_LOCK(); 5651 if (proto == IPPROTO_TCP) { 5652 sav = key_getsav_tcpmd5(&saidx, &spi); 5653 if (sav == NULL && spi == 0) { 5654 SPI_ALLOC_UNLOCK(); 5655 /* Failed to allocate SPI */ 5656 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", 5657 __func__)); 5658 return key_senderror(so, m, EEXIST); 5659 } 5660 /* XXX: SPI that we report back can have another value */ 5661 } else { 5662 /* We can create new SA only if SPI is different. */ 5663 sav = key_getsavbyspi(spi); 5664 } 5665 if (sav != NULL) { 5666 SPI_ALLOC_UNLOCK(); 5667 key_freesav(&sav); 5668 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__)); 5669 return key_senderror(so, m, EEXIST); 5670 } 5671 5672 sav = key_newsav(mhp, &saidx, spi, &error); 5673 SPI_ALLOC_UNLOCK(); 5674 if (sav == NULL) 5675 return key_senderror(so, m, error); 5676 KEYDBG(KEY_STAMP, 5677 printf("%s: return SA(%p)\n", __func__, sav)); 5678 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5679 /* 5680 * If SADB_ADD was in response to SADB_ACQUIRE, we need to schedule 5681 * ACQ for deletion. 5682 */ 5683 if (sav->seq != 0) 5684 key_acqdone(&saidx, sav->seq); 5685 5686 { 5687 /* 5688 * Don't call key_freesav() on error here, as we would like to 5689 * keep the SA in the database. 5690 */ 5691 struct mbuf *n; 5692 5693 /* set msg buf from mhp */ 5694 n = key_getmsgbuf_x1(m, mhp); 5695 if (n == NULL) { 5696 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5697 return key_senderror(so, m, ENOBUFS); 5698 } 5699 5700 m_freem(m); 5701 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5702 } 5703 } 5704 5705 /* 5706 * NAT-T support. 5707 * IKEd may request the use ESP in UDP encapsulation when it detects the 5708 * presence of NAT. It uses NAT-T extension headers for such SAs to specify 5709 * parameters needed for encapsulation and decapsulation. These PF_KEY 5710 * extension headers are not standardized, so this comment addresses our 5711 * implementation. 5712 * SADB_X_EXT_NAT_T_TYPE specifies type of encapsulation, we support only 5713 * UDP_ENCAP_ESPINUDP as described in RFC3948. 5714 * SADB_X_EXT_NAT_T_SPORT/DPORT specifies source and destination ports for 5715 * UDP header. We use these ports in UDP encapsulation procedure, also we 5716 * can check them in UDP decapsulation procedure. 5717 * SADB_X_EXT_NAT_T_OA[IR] specifies original address of initiator or 5718 * responder. These addresses can be used for transport mode to adjust 5719 * checksum after decapsulation and decryption. Since original IP addresses 5720 * used by peer usually different (we detected presence of NAT), TCP/UDP 5721 * pseudo header checksum and IP header checksum was calculated using original 5722 * addresses. After decapsulation and decryption we need to adjust checksum 5723 * to have correct datagram. 5724 * 5725 * We expect presence of NAT-T extension headers only in SADB_ADD and 5726 * SADB_UPDATE messages. We report NAT-T extension headers in replies 5727 * to SADB_ADD, SADB_UPDATE, SADB_GET, and SADB_DUMP messages. 5728 */ 5729 static int 5730 key_setnatt(struct secasvar *sav, const struct sadb_msghdr *mhp) 5731 { 5732 struct sadb_x_nat_t_port *port; 5733 struct sadb_x_nat_t_type *type; 5734 struct sadb_address *oai, *oar; 5735 struct sockaddr *sa; 5736 uint32_t addr; 5737 uint16_t cksum; 5738 5739 IPSEC_ASSERT(sav->natt == NULL, ("natt is already initialized")); 5740 /* 5741 * Ignore NAT-T headers if sproto isn't ESP. 5742 */ 5743 if (sav->sah->saidx.proto != IPPROTO_ESP) 5744 return (0); 5745 5746 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) && 5747 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) && 5748 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5749 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_TYPE) || 5750 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_SPORT) || 5751 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5752 ipseclog((LOG_DEBUG, 5753 "%s: invalid message: wrong header size.\n", 5754 __func__)); 5755 return (EINVAL); 5756 } 5757 } else 5758 return (0); 5759 5760 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5761 if (type->sadb_x_nat_t_type_type != UDP_ENCAP_ESPINUDP) { 5762 ipseclog((LOG_DEBUG, "%s: unsupported NAT-T type %u.\n", 5763 __func__, type->sadb_x_nat_t_type_type)); 5764 return (EINVAL); 5765 } 5766 /* 5767 * Allocate storage for NAT-T config. 5768 * On error it will be released by key_cleansav(). 5769 */ 5770 sav->natt = malloc(sizeof(struct secnatt), M_IPSEC_MISC, 5771 M_NOWAIT | M_ZERO); 5772 if (sav->natt == NULL) { 5773 PFKEYSTAT_INC(in_nomem); 5774 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5775 return (ENOBUFS); 5776 } 5777 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5778 if (port->sadb_x_nat_t_port_port == 0) { 5779 ipseclog((LOG_DEBUG, "%s: invalid NAT-T sport specified.\n", 5780 __func__)); 5781 return (EINVAL); 5782 } 5783 sav->natt->sport = port->sadb_x_nat_t_port_port; 5784 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5785 if (port->sadb_x_nat_t_port_port == 0) { 5786 ipseclog((LOG_DEBUG, "%s: invalid NAT-T dport specified.\n", 5787 __func__)); 5788 return (EINVAL); 5789 } 5790 sav->natt->dport = port->sadb_x_nat_t_port_port; 5791 5792 /* 5793 * SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR are optional 5794 * and needed only for transport mode IPsec. 5795 * Usually NAT translates only one address, but it is possible, 5796 * that both addresses could be translated. 5797 * NOTE: Value of SADB_X_EXT_NAT_T_OAI is equal to SADB_X_EXT_NAT_T_OA. 5798 */ 5799 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAI)) { 5800 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAI)) { 5801 ipseclog((LOG_DEBUG, 5802 "%s: invalid message: wrong header size.\n", 5803 __func__)); 5804 return (EINVAL); 5805 } 5806 oai = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI]; 5807 } else 5808 oai = NULL; 5809 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAR)) { 5810 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAR)) { 5811 ipseclog((LOG_DEBUG, 5812 "%s: invalid message: wrong header size.\n", 5813 __func__)); 5814 return (EINVAL); 5815 } 5816 oar = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR]; 5817 } else 5818 oar = NULL; 5819 5820 /* Initialize addresses only for transport mode */ 5821 if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) { 5822 cksum = 0; 5823 if (oai != NULL) { 5824 /* Currently we support only AF_INET */ 5825 sa = (struct sockaddr *)(oai + 1); 5826 if (sa->sa_family != AF_INET || 5827 sa->sa_len != sizeof(struct sockaddr_in)) { 5828 ipseclog((LOG_DEBUG, 5829 "%s: wrong NAT-OAi header.\n", 5830 __func__)); 5831 return (EINVAL); 5832 } 5833 /* Ignore address if it the same */ 5834 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5835 sav->sah->saidx.src.sin.sin_addr.s_addr) { 5836 bcopy(sa, &sav->natt->oai.sa, sa->sa_len); 5837 sav->natt->flags |= IPSEC_NATT_F_OAI; 5838 /* Calculate checksum delta */ 5839 addr = sav->sah->saidx.src.sin.sin_addr.s_addr; 5840 cksum = in_addword(cksum, ~addr >> 16); 5841 cksum = in_addword(cksum, ~addr & 0xffff); 5842 addr = sav->natt->oai.sin.sin_addr.s_addr; 5843 cksum = in_addword(cksum, addr >> 16); 5844 cksum = in_addword(cksum, addr & 0xffff); 5845 } 5846 } 5847 if (oar != NULL) { 5848 /* Currently we support only AF_INET */ 5849 sa = (struct sockaddr *)(oar + 1); 5850 if (sa->sa_family != AF_INET || 5851 sa->sa_len != sizeof(struct sockaddr_in)) { 5852 ipseclog((LOG_DEBUG, 5853 "%s: wrong NAT-OAr header.\n", 5854 __func__)); 5855 return (EINVAL); 5856 } 5857 /* Ignore address if it the same */ 5858 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5859 sav->sah->saidx.dst.sin.sin_addr.s_addr) { 5860 bcopy(sa, &sav->natt->oar.sa, sa->sa_len); 5861 sav->natt->flags |= IPSEC_NATT_F_OAR; 5862 /* Calculate checksum delta */ 5863 addr = sav->sah->saidx.dst.sin.sin_addr.s_addr; 5864 cksum = in_addword(cksum, ~addr >> 16); 5865 cksum = in_addword(cksum, ~addr & 0xffff); 5866 addr = sav->natt->oar.sin.sin_addr.s_addr; 5867 cksum = in_addword(cksum, addr >> 16); 5868 cksum = in_addword(cksum, addr & 0xffff); 5869 } 5870 } 5871 sav->natt->cksum = cksum; 5872 } 5873 return (0); 5874 } 5875 5876 static int 5877 key_setident(struct secashead *sah, const struct sadb_msghdr *mhp) 5878 { 5879 const struct sadb_ident *idsrc, *iddst; 5880 5881 IPSEC_ASSERT(sah != NULL, ("null secashead")); 5882 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5883 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5884 5885 /* don't make buffer if not there */ 5886 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) && 5887 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5888 sah->idents = NULL; 5889 sah->identd = NULL; 5890 return (0); 5891 } 5892 5893 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) || 5894 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5895 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__)); 5896 return (EINVAL); 5897 } 5898 5899 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC]; 5900 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST]; 5901 5902 /* validity check */ 5903 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { 5904 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__)); 5905 return EINVAL; 5906 } 5907 5908 switch (idsrc->sadb_ident_type) { 5909 case SADB_IDENTTYPE_PREFIX: 5910 case SADB_IDENTTYPE_FQDN: 5911 case SADB_IDENTTYPE_USERFQDN: 5912 default: 5913 /* XXX do nothing */ 5914 sah->idents = NULL; 5915 sah->identd = NULL; 5916 return 0; 5917 } 5918 5919 /* make structure */ 5920 sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5921 if (sah->idents == NULL) { 5922 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5923 return ENOBUFS; 5924 } 5925 sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5926 if (sah->identd == NULL) { 5927 free(sah->idents, M_IPSEC_MISC); 5928 sah->idents = NULL; 5929 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5930 return ENOBUFS; 5931 } 5932 sah->idents->type = idsrc->sadb_ident_type; 5933 sah->idents->id = idsrc->sadb_ident_id; 5934 5935 sah->identd->type = iddst->sadb_ident_type; 5936 sah->identd->id = iddst->sadb_ident_id; 5937 5938 return 0; 5939 } 5940 5941 /* 5942 * m will not be freed on return. 5943 * it is caller's responsibility to free the result. 5944 * 5945 * Called from SADB_ADD and SADB_UPDATE. Reply will contain headers 5946 * from the request in defined order. 5947 */ 5948 static struct mbuf * 5949 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp) 5950 { 5951 struct mbuf *n; 5952 5953 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5954 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5955 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5956 5957 /* create new sadb_msg to reply. */ 5958 n = key_gather_mbuf(m, mhp, 1, 16, SADB_EXT_RESERVED, 5959 SADB_EXT_SA, SADB_X_EXT_SA2, 5960 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, 5961 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 5962 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 5963 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT, 5964 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, 5965 SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NEW_ADDRESS_SRC, 5966 SADB_X_EXT_NEW_ADDRESS_DST); 5967 if (!n) 5968 return NULL; 5969 5970 if (n->m_len < sizeof(struct sadb_msg)) { 5971 n = m_pullup(n, sizeof(struct sadb_msg)); 5972 if (n == NULL) 5973 return NULL; 5974 } 5975 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; 5976 mtod(n, struct sadb_msg *)->sadb_msg_len = 5977 PFKEY_UNIT64(n->m_pkthdr.len); 5978 5979 return n; 5980 } 5981 5982 /* 5983 * SADB_DELETE processing 5984 * receive 5985 * <base, SA(*), address(SD)> 5986 * from the ikmpd, and set SADB_SASTATE_DEAD, 5987 * and send, 5988 * <base, SA(*), address(SD)> 5989 * to the ikmpd. 5990 * 5991 * m will always be freed. 5992 */ 5993 static int 5994 key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5995 { 5996 struct secasindex saidx; 5997 struct sadb_address *src0, *dst0; 5998 struct secasvar *sav; 5999 struct sadb_sa *sa0; 6000 uint8_t proto; 6001 6002 IPSEC_ASSERT(so != NULL, ("null socket")); 6003 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6004 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6005 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6006 6007 /* map satype to proto */ 6008 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6009 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6010 __func__)); 6011 return key_senderror(so, m, EINVAL); 6012 } 6013 6014 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6015 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 6016 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6017 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6018 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 6019 __func__)); 6020 return key_senderror(so, m, EINVAL); 6021 } 6022 6023 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 6024 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 6025 6026 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6027 (struct sockaddr *)(dst0 + 1)) != 0) { 6028 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6029 return (key_senderror(so, m, EINVAL)); 6030 } 6031 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6032 if (SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 6033 /* 6034 * Caller wants us to delete all non-LARVAL SAs 6035 * that match the src/dst. This is used during 6036 * IKE INITIAL-CONTACT. 6037 * XXXAE: this looks like some extension to RFC2367. 6038 */ 6039 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__)); 6040 return (key_delete_all(so, m, mhp, &saidx)); 6041 } 6042 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 6043 ipseclog((LOG_DEBUG, 6044 "%s: invalid message: wrong header size.\n", __func__)); 6045 return (key_senderror(so, m, EINVAL)); 6046 } 6047 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6048 SPI_ALLOC_LOCK(); 6049 if (proto == IPPROTO_TCP) 6050 sav = key_getsav_tcpmd5(&saidx, NULL); 6051 else 6052 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6053 SPI_ALLOC_UNLOCK(); 6054 if (sav == NULL) { 6055 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u.\n", 6056 __func__, ntohl(sa0->sadb_sa_spi))); 6057 return (key_senderror(so, m, ESRCH)); 6058 } 6059 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6060 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6061 __func__, ntohl(sav->spi))); 6062 key_freesav(&sav); 6063 return (key_senderror(so, m, ESRCH)); 6064 } 6065 KEYDBG(KEY_STAMP, 6066 printf("%s: SA(%p)\n", __func__, sav)); 6067 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6068 key_unlinksav(sav); 6069 key_freesav(&sav); 6070 6071 { 6072 struct mbuf *n; 6073 struct sadb_msg *newmsg; 6074 6075 /* create new sadb_msg to reply. */ 6076 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 6077 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6078 if (!n) 6079 return key_senderror(so, m, ENOBUFS); 6080 6081 if (n->m_len < sizeof(struct sadb_msg)) { 6082 n = m_pullup(n, sizeof(struct sadb_msg)); 6083 if (n == NULL) 6084 return key_senderror(so, m, ENOBUFS); 6085 } 6086 newmsg = mtod(n, struct sadb_msg *); 6087 newmsg->sadb_msg_errno = 0; 6088 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6089 6090 m_freem(m); 6091 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6092 } 6093 } 6094 6095 /* 6096 * delete all SAs for src/dst. Called from key_delete(). 6097 */ 6098 static int 6099 key_delete_all(struct socket *so, struct mbuf *m, 6100 const struct sadb_msghdr *mhp, struct secasindex *saidx) 6101 { 6102 struct secasvar_queue drainq; 6103 struct secashead *sah; 6104 struct secasvar *sav, *nextsav; 6105 6106 TAILQ_INIT(&drainq); 6107 SAHTREE_WLOCK(); 6108 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 6109 if (key_cmpsaidx(&sah->saidx, saidx, CMP_HEAD) == 0) 6110 continue; 6111 /* Move all ALIVE SAs into drainq */ 6112 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6113 } 6114 /* Unlink all queued SAs from SPI hash */ 6115 TAILQ_FOREACH(sav, &drainq, chain) { 6116 sav->state = SADB_SASTATE_DEAD; 6117 LIST_REMOVE(sav, spihash); 6118 } 6119 SAHTREE_WUNLOCK(); 6120 /* Now we can release reference for all SAs in drainq */ 6121 sav = TAILQ_FIRST(&drainq); 6122 while (sav != NULL) { 6123 KEYDBG(KEY_STAMP, 6124 printf("%s: SA(%p)\n", __func__, sav)); 6125 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6126 nextsav = TAILQ_NEXT(sav, chain); 6127 key_freesah(&sav->sah); /* release reference from SAV */ 6128 key_freesav(&sav); /* release last reference */ 6129 sav = nextsav; 6130 } 6131 6132 { 6133 struct mbuf *n; 6134 struct sadb_msg *newmsg; 6135 6136 /* create new sadb_msg to reply. */ 6137 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, 6138 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6139 if (!n) 6140 return key_senderror(so, m, ENOBUFS); 6141 6142 if (n->m_len < sizeof(struct sadb_msg)) { 6143 n = m_pullup(n, sizeof(struct sadb_msg)); 6144 if (n == NULL) 6145 return key_senderror(so, m, ENOBUFS); 6146 } 6147 newmsg = mtod(n, struct sadb_msg *); 6148 newmsg->sadb_msg_errno = 0; 6149 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6150 6151 m_freem(m); 6152 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6153 } 6154 } 6155 6156 /* 6157 * Delete all alive SAs for corresponding xform. 6158 * Larval SAs have not initialized tdb_xform, so it is safe to leave them 6159 * here when xform disappears. 6160 */ 6161 void 6162 key_delete_xform(const struct xformsw *xsp) 6163 { 6164 struct secasvar_queue drainq; 6165 struct secashead *sah; 6166 struct secasvar *sav, *nextsav; 6167 6168 TAILQ_INIT(&drainq); 6169 SAHTREE_WLOCK(); 6170 TAILQ_FOREACH(sah, &V_sahtree, chain) { 6171 sav = TAILQ_FIRST(&sah->savtree_alive); 6172 if (sav == NULL) 6173 continue; 6174 if (sav->tdb_xform != xsp) 6175 continue; 6176 /* 6177 * It is supposed that all SAs in the chain are related to 6178 * one xform. 6179 */ 6180 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6181 } 6182 /* Unlink all queued SAs from SPI hash */ 6183 TAILQ_FOREACH(sav, &drainq, chain) { 6184 sav->state = SADB_SASTATE_DEAD; 6185 LIST_REMOVE(sav, spihash); 6186 } 6187 SAHTREE_WUNLOCK(); 6188 6189 /* Now we can release reference for all SAs in drainq */ 6190 sav = TAILQ_FIRST(&drainq); 6191 while (sav != NULL) { 6192 KEYDBG(KEY_STAMP, 6193 printf("%s: SA(%p)\n", __func__, sav)); 6194 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6195 nextsav = TAILQ_NEXT(sav, chain); 6196 key_freesah(&sav->sah); /* release reference from SAV */ 6197 key_freesav(&sav); /* release last reference */ 6198 sav = nextsav; 6199 } 6200 } 6201 6202 /* 6203 * SADB_GET processing 6204 * receive 6205 * <base, SA(*), address(SD)> 6206 * from the ikmpd, and get a SP and a SA to respond, 6207 * and send, 6208 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), 6209 * (identity(SD),) (sensitivity)> 6210 * to the ikmpd. 6211 * 6212 * m will always be freed. 6213 */ 6214 static int 6215 key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6216 { 6217 struct secasindex saidx; 6218 struct sadb_address *src0, *dst0; 6219 struct sadb_sa *sa0; 6220 struct secasvar *sav; 6221 uint8_t proto; 6222 6223 IPSEC_ASSERT(so != NULL, ("null socket")); 6224 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6225 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6226 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6227 6228 /* map satype to proto */ 6229 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6230 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6231 __func__)); 6232 return key_senderror(so, m, EINVAL); 6233 } 6234 6235 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 6236 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6237 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST)) { 6238 ipseclog((LOG_DEBUG, 6239 "%s: invalid message: missing required header.\n", 6240 __func__)); 6241 return key_senderror(so, m, EINVAL); 6242 } 6243 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 6244 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6245 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6246 ipseclog((LOG_DEBUG, 6247 "%s: invalid message: wrong header size.\n", __func__)); 6248 return key_senderror(so, m, EINVAL); 6249 } 6250 6251 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6252 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 6253 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 6254 6255 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6256 (struct sockaddr *)(dst0 + 1)) != 0) { 6257 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6258 return key_senderror(so, m, EINVAL); 6259 } 6260 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6261 6262 SPI_ALLOC_LOCK(); 6263 if (proto == IPPROTO_TCP) 6264 sav = key_getsav_tcpmd5(&saidx, NULL); 6265 else 6266 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6267 SPI_ALLOC_UNLOCK(); 6268 if (sav == NULL) { 6269 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); 6270 return key_senderror(so, m, ESRCH); 6271 } 6272 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6273 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6274 __func__, ntohl(sa0->sadb_sa_spi))); 6275 key_freesav(&sav); 6276 return (key_senderror(so, m, ESRCH)); 6277 } 6278 6279 { 6280 struct mbuf *n; 6281 uint8_t satype; 6282 6283 /* map proto to satype */ 6284 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { 6285 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n", 6286 __func__)); 6287 key_freesav(&sav); 6288 return key_senderror(so, m, EINVAL); 6289 } 6290 6291 /* create new sadb_msg to reply. */ 6292 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, 6293 mhp->msg->sadb_msg_pid); 6294 6295 key_freesav(&sav); 6296 if (!n) 6297 return key_senderror(so, m, ENOBUFS); 6298 6299 m_freem(m); 6300 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 6301 } 6302 } 6303 6304 /* XXX make it sysctl-configurable? */ 6305 static void 6306 key_getcomb_setlifetime(struct sadb_comb *comb) 6307 { 6308 6309 comb->sadb_comb_soft_allocations = 1; 6310 comb->sadb_comb_hard_allocations = 1; 6311 comb->sadb_comb_soft_bytes = 0; 6312 comb->sadb_comb_hard_bytes = 0; 6313 comb->sadb_comb_hard_addtime = 86400; /* 1 day */ 6314 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; 6315 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */ 6316 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100; 6317 } 6318 6319 /* 6320 * XXX reorder combinations by preference 6321 * XXX no idea if the user wants ESP authentication or not 6322 */ 6323 static struct mbuf * 6324 key_getcomb_ealg(void) 6325 { 6326 struct sadb_comb *comb; 6327 const struct enc_xform *algo; 6328 struct mbuf *result = NULL, *m, *n; 6329 int encmin; 6330 int i, off, o; 6331 int totlen; 6332 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6333 6334 m = NULL; 6335 for (i = 1; i <= SADB_EALG_MAX; i++) { 6336 algo = enc_algorithm_lookup(i); 6337 if (algo == NULL) 6338 continue; 6339 6340 /* discard algorithms with key size smaller than system min */ 6341 if (_BITS(algo->maxkey) < V_ipsec_esp_keymin) 6342 continue; 6343 if (_BITS(algo->minkey) < V_ipsec_esp_keymin) 6344 encmin = V_ipsec_esp_keymin; 6345 else 6346 encmin = _BITS(algo->minkey); 6347 6348 if (V_ipsec_esp_auth) 6349 m = key_getcomb_ah(); 6350 else { 6351 IPSEC_ASSERT(l <= MLEN, 6352 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6353 MGET(m, M_NOWAIT, MT_DATA); 6354 if (m) { 6355 M_ALIGN(m, l); 6356 m->m_len = l; 6357 m->m_next = NULL; 6358 bzero(mtod(m, caddr_t), m->m_len); 6359 } 6360 } 6361 if (!m) 6362 goto fail; 6363 6364 totlen = 0; 6365 for (n = m; n; n = n->m_next) 6366 totlen += n->m_len; 6367 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l)); 6368 6369 for (off = 0; off < totlen; off += l) { 6370 n = m_pulldown(m, off, l, &o); 6371 if (!n) { 6372 /* m is already freed */ 6373 goto fail; 6374 } 6375 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o); 6376 bzero(comb, sizeof(*comb)); 6377 key_getcomb_setlifetime(comb); 6378 comb->sadb_comb_encrypt = i; 6379 comb->sadb_comb_encrypt_minbits = encmin; 6380 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey); 6381 } 6382 6383 if (!result) 6384 result = m; 6385 else 6386 m_cat(result, m); 6387 } 6388 6389 return result; 6390 6391 fail: 6392 if (result) 6393 m_freem(result); 6394 return NULL; 6395 } 6396 6397 static void 6398 key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min, 6399 u_int16_t* max) 6400 { 6401 6402 *min = *max = ah->hashsize; 6403 if (ah->keysize == 0) { 6404 /* 6405 * Transform takes arbitrary key size but algorithm 6406 * key size is restricted. Enforce this here. 6407 */ 6408 switch (alg) { 6409 case SADB_X_AALG_NULL: *min = 1; *max = 256; break; 6410 case SADB_X_AALG_SHA2_256: *min = *max = 32; break; 6411 case SADB_X_AALG_SHA2_384: *min = *max = 48; break; 6412 case SADB_X_AALG_SHA2_512: *min = *max = 64; break; 6413 default: 6414 DPRINTF(("%s: unknown AH algorithm %u\n", 6415 __func__, alg)); 6416 break; 6417 } 6418 } 6419 } 6420 6421 /* 6422 * XXX reorder combinations by preference 6423 */ 6424 static struct mbuf * 6425 key_getcomb_ah() 6426 { 6427 const struct auth_hash *algo; 6428 struct sadb_comb *comb; 6429 struct mbuf *m; 6430 u_int16_t minkeysize, maxkeysize; 6431 int i; 6432 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6433 6434 m = NULL; 6435 for (i = 1; i <= SADB_AALG_MAX; i++) { 6436 #if 1 6437 /* we prefer HMAC algorithms, not old algorithms */ 6438 if (i != SADB_AALG_SHA1HMAC && 6439 i != SADB_X_AALG_SHA2_256 && 6440 i != SADB_X_AALG_SHA2_384 && 6441 i != SADB_X_AALG_SHA2_512) 6442 continue; 6443 #endif 6444 algo = auth_algorithm_lookup(i); 6445 if (!algo) 6446 continue; 6447 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize); 6448 /* discard algorithms with key size smaller than system min */ 6449 if (_BITS(minkeysize) < V_ipsec_ah_keymin) 6450 continue; 6451 6452 if (!m) { 6453 IPSEC_ASSERT(l <= MLEN, 6454 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6455 MGET(m, M_NOWAIT, MT_DATA); 6456 if (m) { 6457 M_ALIGN(m, l); 6458 m->m_len = l; 6459 m->m_next = NULL; 6460 } 6461 } else 6462 M_PREPEND(m, l, M_NOWAIT); 6463 if (!m) 6464 return NULL; 6465 6466 comb = mtod(m, struct sadb_comb *); 6467 bzero(comb, sizeof(*comb)); 6468 key_getcomb_setlifetime(comb); 6469 comb->sadb_comb_auth = i; 6470 comb->sadb_comb_auth_minbits = _BITS(minkeysize); 6471 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize); 6472 } 6473 6474 return m; 6475 } 6476 6477 /* 6478 * not really an official behavior. discussed in pf_key@inner.net in Sep2000. 6479 * XXX reorder combinations by preference 6480 */ 6481 static struct mbuf * 6482 key_getcomb_ipcomp() 6483 { 6484 const struct comp_algo *algo; 6485 struct sadb_comb *comb; 6486 struct mbuf *m; 6487 int i; 6488 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6489 6490 m = NULL; 6491 for (i = 1; i <= SADB_X_CALG_MAX; i++) { 6492 algo = comp_algorithm_lookup(i); 6493 if (!algo) 6494 continue; 6495 6496 if (!m) { 6497 IPSEC_ASSERT(l <= MLEN, 6498 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6499 MGET(m, M_NOWAIT, MT_DATA); 6500 if (m) { 6501 M_ALIGN(m, l); 6502 m->m_len = l; 6503 m->m_next = NULL; 6504 } 6505 } else 6506 M_PREPEND(m, l, M_NOWAIT); 6507 if (!m) 6508 return NULL; 6509 6510 comb = mtod(m, struct sadb_comb *); 6511 bzero(comb, sizeof(*comb)); 6512 key_getcomb_setlifetime(comb); 6513 comb->sadb_comb_encrypt = i; 6514 /* what should we set into sadb_comb_*_{min,max}bits? */ 6515 } 6516 6517 return m; 6518 } 6519 6520 /* 6521 * XXX no way to pass mode (transport/tunnel) to userland 6522 * XXX replay checking? 6523 * XXX sysctl interface to ipsec_{ah,esp}_keymin 6524 */ 6525 static struct mbuf * 6526 key_getprop(const struct secasindex *saidx) 6527 { 6528 struct sadb_prop *prop; 6529 struct mbuf *m, *n; 6530 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop)); 6531 int totlen; 6532 6533 switch (saidx->proto) { 6534 case IPPROTO_ESP: 6535 m = key_getcomb_ealg(); 6536 break; 6537 case IPPROTO_AH: 6538 m = key_getcomb_ah(); 6539 break; 6540 case IPPROTO_IPCOMP: 6541 m = key_getcomb_ipcomp(); 6542 break; 6543 default: 6544 return NULL; 6545 } 6546 6547 if (!m) 6548 return NULL; 6549 M_PREPEND(m, l, M_NOWAIT); 6550 if (!m) 6551 return NULL; 6552 6553 totlen = 0; 6554 for (n = m; n; n = n->m_next) 6555 totlen += n->m_len; 6556 6557 prop = mtod(m, struct sadb_prop *); 6558 bzero(prop, sizeof(*prop)); 6559 prop->sadb_prop_len = PFKEY_UNIT64(totlen); 6560 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 6561 prop->sadb_prop_replay = 32; /* XXX */ 6562 6563 return m; 6564 } 6565 6566 /* 6567 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2(). 6568 * send 6569 * <base, SA, address(SD), (address(P)), x_policy, 6570 * (identity(SD),) (sensitivity,) proposal> 6571 * to KMD, and expect to receive 6572 * <base> with SADB_ACQUIRE if error occurred, 6573 * or 6574 * <base, src address, dst address, (SPI range)> with SADB_GETSPI 6575 * from KMD by PF_KEY. 6576 * 6577 * XXX x_policy is outside of RFC2367 (KAME extension). 6578 * XXX sensitivity is not supported. 6579 * XXX for ipcomp, RFC2367 does not define how to fill in proposal. 6580 * see comment for key_getcomb_ipcomp(). 6581 * 6582 * OUT: 6583 * 0 : succeed 6584 * others: error number 6585 */ 6586 static int 6587 key_acquire(const struct secasindex *saidx, struct secpolicy *sp) 6588 { 6589 union sockaddr_union addr; 6590 struct mbuf *result, *m; 6591 uint32_t seq; 6592 int error; 6593 uint16_t ul_proto; 6594 uint8_t mask, satype; 6595 6596 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 6597 satype = key_proto2satype(saidx->proto); 6598 IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto)); 6599 6600 error = -1; 6601 result = NULL; 6602 ul_proto = IPSEC_ULPROTO_ANY; 6603 6604 /* Get seq number to check whether sending message or not. */ 6605 seq = key_getacq(saidx, &error); 6606 if (seq == 0) 6607 return (error); 6608 6609 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0); 6610 if (!m) { 6611 error = ENOBUFS; 6612 goto fail; 6613 } 6614 result = m; 6615 6616 /* 6617 * set sadb_address for saidx's. 6618 * 6619 * Note that if sp is supplied, then we're being called from 6620 * key_allocsa_policy() and should supply port and protocol 6621 * information. 6622 * XXXAE: why only TCP and UDP? ICMP and SCTP looks applicable too. 6623 * XXXAE: probably we can handle this in the ipsec[46]_allocsa(). 6624 * XXXAE: it looks like we should save this info in the ACQ entry. 6625 */ 6626 if (sp != NULL && (sp->spidx.ul_proto == IPPROTO_TCP || 6627 sp->spidx.ul_proto == IPPROTO_UDP)) 6628 ul_proto = sp->spidx.ul_proto; 6629 6630 addr = saidx->src; 6631 mask = FULLMASK; 6632 if (ul_proto != IPSEC_ULPROTO_ANY) { 6633 switch (sp->spidx.src.sa.sa_family) { 6634 case AF_INET: 6635 if (sp->spidx.src.sin.sin_port != IPSEC_PORT_ANY) { 6636 addr.sin.sin_port = sp->spidx.src.sin.sin_port; 6637 mask = sp->spidx.prefs; 6638 } 6639 break; 6640 case AF_INET6: 6641 if (sp->spidx.src.sin6.sin6_port != IPSEC_PORT_ANY) { 6642 addr.sin6.sin6_port = 6643 sp->spidx.src.sin6.sin6_port; 6644 mask = sp->spidx.prefs; 6645 } 6646 break; 6647 default: 6648 break; 6649 } 6650 } 6651 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &addr.sa, mask, ul_proto); 6652 if (!m) { 6653 error = ENOBUFS; 6654 goto fail; 6655 } 6656 m_cat(result, m); 6657 6658 addr = saidx->dst; 6659 mask = FULLMASK; 6660 if (ul_proto != IPSEC_ULPROTO_ANY) { 6661 switch (sp->spidx.dst.sa.sa_family) { 6662 case AF_INET: 6663 if (sp->spidx.dst.sin.sin_port != IPSEC_PORT_ANY) { 6664 addr.sin.sin_port = sp->spidx.dst.sin.sin_port; 6665 mask = sp->spidx.prefd; 6666 } 6667 break; 6668 case AF_INET6: 6669 if (sp->spidx.dst.sin6.sin6_port != IPSEC_PORT_ANY) { 6670 addr.sin6.sin6_port = 6671 sp->spidx.dst.sin6.sin6_port; 6672 mask = sp->spidx.prefd; 6673 } 6674 break; 6675 default: 6676 break; 6677 } 6678 } 6679 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &addr.sa, mask, ul_proto); 6680 if (!m) { 6681 error = ENOBUFS; 6682 goto fail; 6683 } 6684 m_cat(result, m); 6685 6686 /* XXX proxy address (optional) */ 6687 6688 /* 6689 * Set sadb_x_policy. This is KAME extension to RFC2367. 6690 */ 6691 if (sp != NULL) { 6692 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, 6693 sp->priority); 6694 if (!m) { 6695 error = ENOBUFS; 6696 goto fail; 6697 } 6698 m_cat(result, m); 6699 } 6700 6701 /* 6702 * Set sadb_x_sa2 extension if saidx->reqid is not zero. 6703 * This is FreeBSD extension to RFC2367. 6704 */ 6705 if (saidx->reqid != 0) { 6706 m = key_setsadbxsa2(saidx->mode, 0, saidx->reqid); 6707 if (m == NULL) { 6708 error = ENOBUFS; 6709 goto fail; 6710 } 6711 m_cat(result, m); 6712 } 6713 /* XXX identity (optional) */ 6714 #if 0 6715 if (idexttype && fqdn) { 6716 /* create identity extension (FQDN) */ 6717 struct sadb_ident *id; 6718 int fqdnlen; 6719 6720 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */ 6721 id = (struct sadb_ident *)p; 6722 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6723 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6724 id->sadb_ident_exttype = idexttype; 6725 id->sadb_ident_type = SADB_IDENTTYPE_FQDN; 6726 bcopy(fqdn, id + 1, fqdnlen); 6727 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen); 6728 } 6729 6730 if (idexttype) { 6731 /* create identity extension (USERFQDN) */ 6732 struct sadb_ident *id; 6733 int userfqdnlen; 6734 6735 if (userfqdn) { 6736 /* +1 for terminating-NUL */ 6737 userfqdnlen = strlen(userfqdn) + 1; 6738 } else 6739 userfqdnlen = 0; 6740 id = (struct sadb_ident *)p; 6741 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6742 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6743 id->sadb_ident_exttype = idexttype; 6744 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; 6745 /* XXX is it correct? */ 6746 if (curproc && curproc->p_cred) 6747 id->sadb_ident_id = curproc->p_cred->p_ruid; 6748 if (userfqdn && userfqdnlen) 6749 bcopy(userfqdn, id + 1, userfqdnlen); 6750 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen); 6751 } 6752 #endif 6753 6754 /* XXX sensitivity (optional) */ 6755 6756 /* create proposal/combination extension */ 6757 m = key_getprop(saidx); 6758 #if 0 6759 /* 6760 * spec conformant: always attach proposal/combination extension, 6761 * the problem is that we have no way to attach it for ipcomp, 6762 * due to the way sadb_comb is declared in RFC2367. 6763 */ 6764 if (!m) { 6765 error = ENOBUFS; 6766 goto fail; 6767 } 6768 m_cat(result, m); 6769 #else 6770 /* 6771 * outside of spec; make proposal/combination extension optional. 6772 */ 6773 if (m) 6774 m_cat(result, m); 6775 #endif 6776 6777 if ((result->m_flags & M_PKTHDR) == 0) { 6778 error = EINVAL; 6779 goto fail; 6780 } 6781 6782 if (result->m_len < sizeof(struct sadb_msg)) { 6783 result = m_pullup(result, sizeof(struct sadb_msg)); 6784 if (result == NULL) { 6785 error = ENOBUFS; 6786 goto fail; 6787 } 6788 } 6789 6790 result->m_pkthdr.len = 0; 6791 for (m = result; m; m = m->m_next) 6792 result->m_pkthdr.len += m->m_len; 6793 6794 mtod(result, struct sadb_msg *)->sadb_msg_len = 6795 PFKEY_UNIT64(result->m_pkthdr.len); 6796 6797 KEYDBG(KEY_STAMP, 6798 printf("%s: SP(%p)\n", __func__, sp)); 6799 KEYDBG(KEY_DATA, kdebug_secasindex(saidx, NULL)); 6800 6801 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 6802 6803 fail: 6804 if (result) 6805 m_freem(result); 6806 return error; 6807 } 6808 6809 static uint32_t 6810 key_newacq(const struct secasindex *saidx, int *perror) 6811 { 6812 struct secacq *acq; 6813 uint32_t seq; 6814 6815 acq = malloc(sizeof(*acq), M_IPSEC_SAQ, M_NOWAIT | M_ZERO); 6816 if (acq == NULL) { 6817 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6818 *perror = ENOBUFS; 6819 return (0); 6820 } 6821 6822 /* copy secindex */ 6823 bcopy(saidx, &acq->saidx, sizeof(acq->saidx)); 6824 acq->created = time_second; 6825 acq->count = 0; 6826 6827 /* add to acqtree */ 6828 ACQ_LOCK(); 6829 seq = acq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq); 6830 LIST_INSERT_HEAD(&V_acqtree, acq, chain); 6831 LIST_INSERT_HEAD(ACQADDRHASH_HASH(saidx), acq, addrhash); 6832 LIST_INSERT_HEAD(ACQSEQHASH_HASH(seq), acq, seqhash); 6833 ACQ_UNLOCK(); 6834 *perror = 0; 6835 return (seq); 6836 } 6837 6838 static uint32_t 6839 key_getacq(const struct secasindex *saidx, int *perror) 6840 { 6841 struct secacq *acq; 6842 uint32_t seq; 6843 6844 ACQ_LOCK(); 6845 LIST_FOREACH(acq, ACQADDRHASH_HASH(saidx), addrhash) { 6846 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY)) { 6847 if (acq->count > V_key_blockacq_count) { 6848 /* 6849 * Reset counter and send message. 6850 * Also reset created time to keep ACQ for 6851 * this saidx. 6852 */ 6853 acq->created = time_second; 6854 acq->count = 0; 6855 seq = acq->seq; 6856 } else { 6857 /* 6858 * Increment counter and do nothing. 6859 * We send SADB_ACQUIRE message only 6860 * for each V_key_blockacq_count packet. 6861 */ 6862 acq->count++; 6863 seq = 0; 6864 } 6865 break; 6866 } 6867 } 6868 ACQ_UNLOCK(); 6869 if (acq != NULL) { 6870 *perror = 0; 6871 return (seq); 6872 } 6873 /* allocate new entry */ 6874 return (key_newacq(saidx, perror)); 6875 } 6876 6877 static int 6878 key_acqreset(uint32_t seq) 6879 { 6880 struct secacq *acq; 6881 6882 ACQ_LOCK(); 6883 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6884 if (acq->seq == seq) { 6885 acq->count = 0; 6886 acq->created = time_second; 6887 break; 6888 } 6889 } 6890 ACQ_UNLOCK(); 6891 if (acq == NULL) 6892 return (ESRCH); 6893 return (0); 6894 } 6895 /* 6896 * Mark ACQ entry as stale to remove it in key_flush_acq(). 6897 * Called after successful SADB_GETSPI message. 6898 */ 6899 static int 6900 key_acqdone(const struct secasindex *saidx, uint32_t seq) 6901 { 6902 struct secacq *acq; 6903 6904 ACQ_LOCK(); 6905 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6906 if (acq->seq == seq) 6907 break; 6908 } 6909 if (acq != NULL) { 6910 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY) == 0) { 6911 ipseclog((LOG_DEBUG, 6912 "%s: Mismatched saidx for ACQ %u\n", __func__, seq)); 6913 acq = NULL; 6914 } else { 6915 acq->created = 0; 6916 } 6917 } else { 6918 ipseclog((LOG_DEBUG, 6919 "%s: ACQ %u is not found.\n", __func__, seq)); 6920 } 6921 ACQ_UNLOCK(); 6922 if (acq == NULL) 6923 return (ESRCH); 6924 return (0); 6925 } 6926 6927 static struct secspacq * 6928 key_newspacq(struct secpolicyindex *spidx) 6929 { 6930 struct secspacq *acq; 6931 6932 /* get new entry */ 6933 acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO); 6934 if (acq == NULL) { 6935 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6936 return NULL; 6937 } 6938 6939 /* copy secindex */ 6940 bcopy(spidx, &acq->spidx, sizeof(acq->spidx)); 6941 acq->created = time_second; 6942 acq->count = 0; 6943 6944 /* add to spacqtree */ 6945 SPACQ_LOCK(); 6946 LIST_INSERT_HEAD(&V_spacqtree, acq, chain); 6947 SPACQ_UNLOCK(); 6948 6949 return acq; 6950 } 6951 6952 static struct secspacq * 6953 key_getspacq(struct secpolicyindex *spidx) 6954 { 6955 struct secspacq *acq; 6956 6957 SPACQ_LOCK(); 6958 LIST_FOREACH(acq, &V_spacqtree, chain) { 6959 if (key_cmpspidx_exactly(spidx, &acq->spidx)) { 6960 /* NB: return holding spacq_lock */ 6961 return acq; 6962 } 6963 } 6964 SPACQ_UNLOCK(); 6965 6966 return NULL; 6967 } 6968 6969 /* 6970 * SADB_ACQUIRE processing, 6971 * in first situation, is receiving 6972 * <base> 6973 * from the ikmpd, and clear sequence of its secasvar entry. 6974 * 6975 * In second situation, is receiving 6976 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6977 * from a user land process, and return 6978 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6979 * to the socket. 6980 * 6981 * m will always be freed. 6982 */ 6983 static int 6984 key_acquire2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6985 { 6986 SAHTREE_RLOCK_TRACKER; 6987 struct sadb_address *src0, *dst0; 6988 struct secasindex saidx; 6989 struct secashead *sah; 6990 uint32_t reqid; 6991 int error; 6992 uint8_t mode, proto; 6993 6994 IPSEC_ASSERT(so != NULL, ("null socket")); 6995 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6996 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6997 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6998 6999 /* 7000 * Error message from KMd. 7001 * We assume that if error was occurred in IKEd, the length of PFKEY 7002 * message is equal to the size of sadb_msg structure. 7003 * We do not raise error even if error occurred in this function. 7004 */ 7005 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) { 7006 /* check sequence number */ 7007 if (mhp->msg->sadb_msg_seq == 0 || 7008 mhp->msg->sadb_msg_errno == 0) { 7009 ipseclog((LOG_DEBUG, "%s: must specify sequence " 7010 "number and errno.\n", __func__)); 7011 } else { 7012 /* 7013 * IKEd reported that error occurred. 7014 * XXXAE: what it expects from the kernel? 7015 * Probably we should send SADB_ACQUIRE again? 7016 * If so, reset ACQ's state. 7017 * XXXAE: it looks useless. 7018 */ 7019 key_acqreset(mhp->msg->sadb_msg_seq); 7020 } 7021 m_freem(m); 7022 return (0); 7023 } 7024 7025 /* 7026 * This message is from user land. 7027 */ 7028 7029 /* map satype to proto */ 7030 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7031 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7032 __func__)); 7033 return key_senderror(so, m, EINVAL); 7034 } 7035 7036 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 7037 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 7038 SADB_CHECKHDR(mhp, SADB_EXT_PROPOSAL)) { 7039 ipseclog((LOG_DEBUG, 7040 "%s: invalid message: missing required header.\n", 7041 __func__)); 7042 return key_senderror(so, m, EINVAL); 7043 } 7044 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 7045 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 7046 SADB_CHECKLEN(mhp, SADB_EXT_PROPOSAL)) { 7047 ipseclog((LOG_DEBUG, 7048 "%s: invalid message: wrong header size.\n", __func__)); 7049 return key_senderror(so, m, EINVAL); 7050 } 7051 7052 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 7053 mode = IPSEC_MODE_ANY; 7054 reqid = 0; 7055 } else { 7056 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 7057 ipseclog((LOG_DEBUG, 7058 "%s: invalid message: wrong header size.\n", 7059 __func__)); 7060 return key_senderror(so, m, EINVAL); 7061 } 7062 mode = ((struct sadb_x_sa2 *) 7063 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 7064 reqid = ((struct sadb_x_sa2 *) 7065 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 7066 } 7067 7068 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 7069 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 7070 7071 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 7072 (struct sockaddr *)(dst0 + 1)); 7073 if (error != 0) { 7074 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 7075 return key_senderror(so, m, EINVAL); 7076 } 7077 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 7078 7079 /* get a SA index */ 7080 SAHTREE_RLOCK(); 7081 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 7082 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID)) 7083 break; 7084 } 7085 SAHTREE_RUNLOCK(); 7086 if (sah != NULL) { 7087 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__)); 7088 return key_senderror(so, m, EEXIST); 7089 } 7090 7091 error = key_acquire(&saidx, NULL); 7092 if (error != 0) { 7093 ipseclog((LOG_DEBUG, 7094 "%s: error %d returned from key_acquire()\n", 7095 __func__, error)); 7096 return key_senderror(so, m, error); 7097 } 7098 m_freem(m); 7099 return (0); 7100 } 7101 7102 /* 7103 * SADB_REGISTER processing. 7104 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported. 7105 * receive 7106 * <base> 7107 * from the ikmpd, and register a socket to send PF_KEY messages, 7108 * and send 7109 * <base, supported> 7110 * to KMD by PF_KEY. 7111 * If socket is detached, must free from regnode. 7112 * 7113 * m will always be freed. 7114 */ 7115 static int 7116 key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7117 { 7118 struct secreg *reg, *newreg = NULL; 7119 7120 IPSEC_ASSERT(so != NULL, ("null socket")); 7121 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7122 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7123 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7124 7125 /* check for invalid register message */ 7126 if (mhp->msg->sadb_msg_satype >= sizeof(V_regtree)/sizeof(V_regtree[0])) 7127 return key_senderror(so, m, EINVAL); 7128 7129 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */ 7130 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 7131 goto setmsg; 7132 7133 /* check whether existing or not */ 7134 REGTREE_LOCK(); 7135 LIST_FOREACH(reg, &V_regtree[mhp->msg->sadb_msg_satype], chain) { 7136 if (reg->so == so) { 7137 REGTREE_UNLOCK(); 7138 ipseclog((LOG_DEBUG, "%s: socket exists already.\n", 7139 __func__)); 7140 return key_senderror(so, m, EEXIST); 7141 } 7142 } 7143 7144 /* create regnode */ 7145 newreg = malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO); 7146 if (newreg == NULL) { 7147 REGTREE_UNLOCK(); 7148 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7149 return key_senderror(so, m, ENOBUFS); 7150 } 7151 7152 newreg->so = so; 7153 ((struct keycb *)sotorawcb(so))->kp_registered++; 7154 7155 /* add regnode to regtree. */ 7156 LIST_INSERT_HEAD(&V_regtree[mhp->msg->sadb_msg_satype], newreg, chain); 7157 REGTREE_UNLOCK(); 7158 7159 setmsg: 7160 { 7161 struct mbuf *n; 7162 struct sadb_msg *newmsg; 7163 struct sadb_supported *sup; 7164 u_int len, alen, elen; 7165 int off; 7166 int i; 7167 struct sadb_alg *alg; 7168 7169 /* create new sadb_msg to reply. */ 7170 alen = 0; 7171 for (i = 1; i <= SADB_AALG_MAX; i++) { 7172 if (auth_algorithm_lookup(i)) 7173 alen += sizeof(struct sadb_alg); 7174 } 7175 if (alen) 7176 alen += sizeof(struct sadb_supported); 7177 elen = 0; 7178 for (i = 1; i <= SADB_EALG_MAX; i++) { 7179 if (enc_algorithm_lookup(i)) 7180 elen += sizeof(struct sadb_alg); 7181 } 7182 if (elen) 7183 elen += sizeof(struct sadb_supported); 7184 7185 len = sizeof(struct sadb_msg) + alen + elen; 7186 7187 if (len > MCLBYTES) 7188 return key_senderror(so, m, ENOBUFS); 7189 7190 MGETHDR(n, M_NOWAIT, MT_DATA); 7191 if (n != NULL && len > MHLEN) { 7192 if (!(MCLGET(n, M_NOWAIT))) { 7193 m_freem(n); 7194 n = NULL; 7195 } 7196 } 7197 if (!n) 7198 return key_senderror(so, m, ENOBUFS); 7199 7200 n->m_pkthdr.len = n->m_len = len; 7201 n->m_next = NULL; 7202 off = 0; 7203 7204 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 7205 newmsg = mtod(n, struct sadb_msg *); 7206 newmsg->sadb_msg_errno = 0; 7207 newmsg->sadb_msg_len = PFKEY_UNIT64(len); 7208 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 7209 7210 /* for authentication algorithm */ 7211 if (alen) { 7212 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7213 sup->sadb_supported_len = PFKEY_UNIT64(alen); 7214 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 7215 off += PFKEY_ALIGN8(sizeof(*sup)); 7216 7217 for (i = 1; i <= SADB_AALG_MAX; i++) { 7218 const struct auth_hash *aalgo; 7219 u_int16_t minkeysize, maxkeysize; 7220 7221 aalgo = auth_algorithm_lookup(i); 7222 if (!aalgo) 7223 continue; 7224 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7225 alg->sadb_alg_id = i; 7226 alg->sadb_alg_ivlen = 0; 7227 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize); 7228 alg->sadb_alg_minbits = _BITS(minkeysize); 7229 alg->sadb_alg_maxbits = _BITS(maxkeysize); 7230 off += PFKEY_ALIGN8(sizeof(*alg)); 7231 } 7232 } 7233 7234 /* for encryption algorithm */ 7235 if (elen) { 7236 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7237 sup->sadb_supported_len = PFKEY_UNIT64(elen); 7238 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 7239 off += PFKEY_ALIGN8(sizeof(*sup)); 7240 7241 for (i = 1; i <= SADB_EALG_MAX; i++) { 7242 const struct enc_xform *ealgo; 7243 7244 ealgo = enc_algorithm_lookup(i); 7245 if (!ealgo) 7246 continue; 7247 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7248 alg->sadb_alg_id = i; 7249 alg->sadb_alg_ivlen = ealgo->ivsize; 7250 alg->sadb_alg_minbits = _BITS(ealgo->minkey); 7251 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey); 7252 off += PFKEY_ALIGN8(sizeof(struct sadb_alg)); 7253 } 7254 } 7255 7256 IPSEC_ASSERT(off == len, 7257 ("length assumption failed (off %u len %u)", off, len)); 7258 7259 m_freem(m); 7260 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); 7261 } 7262 } 7263 7264 /* 7265 * free secreg entry registered. 7266 * XXX: I want to do free a socket marked done SADB_RESIGER to socket. 7267 */ 7268 void 7269 key_freereg(struct socket *so) 7270 { 7271 struct secreg *reg; 7272 int i; 7273 7274 IPSEC_ASSERT(so != NULL, ("NULL so")); 7275 7276 /* 7277 * check whether existing or not. 7278 * check all type of SA, because there is a potential that 7279 * one socket is registered to multiple type of SA. 7280 */ 7281 REGTREE_LOCK(); 7282 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 7283 LIST_FOREACH(reg, &V_regtree[i], chain) { 7284 if (reg->so == so && __LIST_CHAINED(reg)) { 7285 LIST_REMOVE(reg, chain); 7286 free(reg, M_IPSEC_SAR); 7287 break; 7288 } 7289 } 7290 } 7291 REGTREE_UNLOCK(); 7292 } 7293 7294 /* 7295 * SADB_EXPIRE processing 7296 * send 7297 * <base, SA, SA2, lifetime(C and one of HS), address(SD)> 7298 * to KMD by PF_KEY. 7299 * NOTE: We send only soft lifetime extension. 7300 * 7301 * OUT: 0 : succeed 7302 * others : error number 7303 */ 7304 static int 7305 key_expire(struct secasvar *sav, int hard) 7306 { 7307 struct mbuf *result = NULL, *m; 7308 struct sadb_lifetime *lt; 7309 uint32_t replay_count; 7310 int error, len; 7311 uint8_t satype; 7312 7313 IPSEC_ASSERT (sav != NULL, ("null sav")); 7314 IPSEC_ASSERT (sav->sah != NULL, ("null sa header")); 7315 7316 KEYDBG(KEY_STAMP, 7317 printf("%s: SA(%p) expired %s lifetime\n", __func__, 7318 sav, hard ? "hard": "soft")); 7319 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 7320 /* set msg header */ 7321 satype = key_proto2satype(sav->sah->saidx.proto); 7322 IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype)); 7323 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); 7324 if (!m) { 7325 error = ENOBUFS; 7326 goto fail; 7327 } 7328 result = m; 7329 7330 /* create SA extension */ 7331 m = key_setsadbsa(sav); 7332 if (!m) { 7333 error = ENOBUFS; 7334 goto fail; 7335 } 7336 m_cat(result, m); 7337 7338 /* create SA extension */ 7339 SECASVAR_LOCK(sav); 7340 replay_count = sav->replay ? sav->replay->count : 0; 7341 SECASVAR_UNLOCK(sav); 7342 7343 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 7344 sav->sah->saidx.reqid); 7345 if (!m) { 7346 error = ENOBUFS; 7347 goto fail; 7348 } 7349 m_cat(result, m); 7350 7351 if (sav->replay && sav->replay->wsize > UINT8_MAX) { 7352 m = key_setsadbxsareplay(sav->replay->wsize); 7353 if (!m) { 7354 error = ENOBUFS; 7355 goto fail; 7356 } 7357 m_cat(result, m); 7358 } 7359 7360 /* create lifetime extension (current and soft) */ 7361 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 7362 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 7363 if (m == NULL) { 7364 error = ENOBUFS; 7365 goto fail; 7366 } 7367 m_align(m, len); 7368 m->m_len = len; 7369 bzero(mtod(m, caddr_t), len); 7370 lt = mtod(m, struct sadb_lifetime *); 7371 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7372 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 7373 lt->sadb_lifetime_allocations = 7374 (uint32_t)counter_u64_fetch(sav->lft_c_allocations); 7375 lt->sadb_lifetime_bytes = 7376 counter_u64_fetch(sav->lft_c_bytes); 7377 lt->sadb_lifetime_addtime = sav->created; 7378 lt->sadb_lifetime_usetime = sav->firstused; 7379 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 7380 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7381 if (hard) { 7382 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 7383 lt->sadb_lifetime_allocations = sav->lft_h->allocations; 7384 lt->sadb_lifetime_bytes = sav->lft_h->bytes; 7385 lt->sadb_lifetime_addtime = sav->lft_h->addtime; 7386 lt->sadb_lifetime_usetime = sav->lft_h->usetime; 7387 } else { 7388 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 7389 lt->sadb_lifetime_allocations = sav->lft_s->allocations; 7390 lt->sadb_lifetime_bytes = sav->lft_s->bytes; 7391 lt->sadb_lifetime_addtime = sav->lft_s->addtime; 7392 lt->sadb_lifetime_usetime = sav->lft_s->usetime; 7393 } 7394 m_cat(result, m); 7395 7396 /* set sadb_address for source */ 7397 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 7398 &sav->sah->saidx.src.sa, 7399 FULLMASK, IPSEC_ULPROTO_ANY); 7400 if (!m) { 7401 error = ENOBUFS; 7402 goto fail; 7403 } 7404 m_cat(result, m); 7405 7406 /* set sadb_address for destination */ 7407 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 7408 &sav->sah->saidx.dst.sa, 7409 FULLMASK, IPSEC_ULPROTO_ANY); 7410 if (!m) { 7411 error = ENOBUFS; 7412 goto fail; 7413 } 7414 m_cat(result, m); 7415 7416 /* 7417 * XXX-BZ Handle NAT-T extensions here. 7418 * XXXAE: it doesn't seem quite useful. IKEs should not depend on 7419 * this information, we report only significant SA fields. 7420 */ 7421 7422 if ((result->m_flags & M_PKTHDR) == 0) { 7423 error = EINVAL; 7424 goto fail; 7425 } 7426 7427 if (result->m_len < sizeof(struct sadb_msg)) { 7428 result = m_pullup(result, sizeof(struct sadb_msg)); 7429 if (result == NULL) { 7430 error = ENOBUFS; 7431 goto fail; 7432 } 7433 } 7434 7435 result->m_pkthdr.len = 0; 7436 for (m = result; m; m = m->m_next) 7437 result->m_pkthdr.len += m->m_len; 7438 7439 mtod(result, struct sadb_msg *)->sadb_msg_len = 7440 PFKEY_UNIT64(result->m_pkthdr.len); 7441 7442 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 7443 7444 fail: 7445 if (result) 7446 m_freem(result); 7447 return error; 7448 } 7449 7450 static void 7451 key_freesah_flushed(struct secashead_queue *flushq) 7452 { 7453 struct secashead *sah, *nextsah; 7454 struct secasvar *sav, *nextsav; 7455 7456 sah = TAILQ_FIRST(flushq); 7457 while (sah != NULL) { 7458 sav = TAILQ_FIRST(&sah->savtree_larval); 7459 while (sav != NULL) { 7460 nextsav = TAILQ_NEXT(sav, chain); 7461 TAILQ_REMOVE(&sah->savtree_larval, sav, chain); 7462 key_freesav(&sav); /* release last reference */ 7463 key_freesah(&sah); /* release reference from SAV */ 7464 sav = nextsav; 7465 } 7466 sav = TAILQ_FIRST(&sah->savtree_alive); 7467 while (sav != NULL) { 7468 nextsav = TAILQ_NEXT(sav, chain); 7469 TAILQ_REMOVE(&sah->savtree_alive, sav, chain); 7470 key_freesav(&sav); /* release last reference */ 7471 key_freesah(&sah); /* release reference from SAV */ 7472 sav = nextsav; 7473 } 7474 nextsah = TAILQ_NEXT(sah, chain); 7475 key_freesah(&sah); /* release last reference */ 7476 sah = nextsah; 7477 } 7478 } 7479 7480 /* 7481 * SADB_FLUSH processing 7482 * receive 7483 * <base> 7484 * from the ikmpd, and free all entries in secastree. 7485 * and send, 7486 * <base> 7487 * to the ikmpd. 7488 * NOTE: to do is only marking SADB_SASTATE_DEAD. 7489 * 7490 * m will always be freed. 7491 */ 7492 static int 7493 key_flush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7494 { 7495 struct secashead_queue flushq; 7496 struct sadb_msg *newmsg; 7497 struct secashead *sah, *nextsah; 7498 struct secasvar *sav; 7499 uint8_t proto; 7500 int i; 7501 7502 IPSEC_ASSERT(so != NULL, ("null socket")); 7503 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7504 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7505 7506 /* map satype to proto */ 7507 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7508 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7509 __func__)); 7510 return key_senderror(so, m, EINVAL); 7511 } 7512 KEYDBG(KEY_STAMP, 7513 printf("%s: proto %u\n", __func__, proto)); 7514 7515 TAILQ_INIT(&flushq); 7516 if (proto == IPSEC_PROTO_ANY) { 7517 /* no SATYPE specified, i.e. flushing all SA. */ 7518 SAHTREE_WLOCK(); 7519 /* Move all SAHs into flushq */ 7520 TAILQ_CONCAT(&flushq, &V_sahtree, chain); 7521 /* Flush all buckets in SPI hash */ 7522 for (i = 0; i < V_savhash_mask + 1; i++) 7523 LIST_INIT(&V_savhashtbl[i]); 7524 /* Flush all buckets in SAHADDRHASH */ 7525 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 7526 LIST_INIT(&V_sahaddrhashtbl[i]); 7527 /* Mark all SAHs as unlinked */ 7528 TAILQ_FOREACH(sah, &flushq, chain) { 7529 sah->state = SADB_SASTATE_DEAD; 7530 /* 7531 * Callout handler makes its job using 7532 * RLOCK and drain queues. In case, when this 7533 * function will be called just before it 7534 * acquires WLOCK, we need to mark SAs as 7535 * unlinked to prevent second unlink. 7536 */ 7537 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7538 sav->state = SADB_SASTATE_DEAD; 7539 } 7540 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7541 sav->state = SADB_SASTATE_DEAD; 7542 } 7543 } 7544 SAHTREE_WUNLOCK(); 7545 } else { 7546 SAHTREE_WLOCK(); 7547 sah = TAILQ_FIRST(&V_sahtree); 7548 while (sah != NULL) { 7549 IPSEC_ASSERT(sah->state != SADB_SASTATE_DEAD, 7550 ("DEAD SAH %p in SADB_FLUSH", sah)); 7551 nextsah = TAILQ_NEXT(sah, chain); 7552 if (sah->saidx.proto != proto) { 7553 sah = nextsah; 7554 continue; 7555 } 7556 sah->state = SADB_SASTATE_DEAD; 7557 TAILQ_REMOVE(&V_sahtree, sah, chain); 7558 LIST_REMOVE(sah, addrhash); 7559 /* Unlink all SAs from SPI hash */ 7560 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7561 LIST_REMOVE(sav, spihash); 7562 sav->state = SADB_SASTATE_DEAD; 7563 } 7564 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7565 LIST_REMOVE(sav, spihash); 7566 sav->state = SADB_SASTATE_DEAD; 7567 } 7568 /* Add SAH into flushq */ 7569 TAILQ_INSERT_HEAD(&flushq, sah, chain); 7570 sah = nextsah; 7571 } 7572 SAHTREE_WUNLOCK(); 7573 } 7574 7575 key_freesah_flushed(&flushq); 7576 /* Free all queued SAs and SAHs */ 7577 if (m->m_len < sizeof(struct sadb_msg) || 7578 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 7579 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7580 return key_senderror(so, m, ENOBUFS); 7581 } 7582 7583 if (m->m_next) 7584 m_freem(m->m_next); 7585 m->m_next = NULL; 7586 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg); 7587 newmsg = mtod(m, struct sadb_msg *); 7588 newmsg->sadb_msg_errno = 0; 7589 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 7590 7591 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7592 } 7593 7594 /* 7595 * SADB_DUMP processing 7596 * dump all entries including status of DEAD in SAD. 7597 * receive 7598 * <base> 7599 * from the ikmpd, and dump all secasvar leaves 7600 * and send, 7601 * <base> ..... 7602 * to the ikmpd. 7603 * 7604 * m will always be freed. 7605 */ 7606 static int 7607 key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7608 { 7609 SAHTREE_RLOCK_TRACKER; 7610 struct secashead *sah; 7611 struct secasvar *sav; 7612 struct mbuf *n; 7613 uint32_t cnt; 7614 uint8_t proto, satype; 7615 7616 IPSEC_ASSERT(so != NULL, ("null socket")); 7617 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7618 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7619 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7620 7621 /* map satype to proto */ 7622 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7623 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7624 __func__)); 7625 return key_senderror(so, m, EINVAL); 7626 } 7627 7628 /* count sav entries to be sent to the userland. */ 7629 cnt = 0; 7630 SAHTREE_RLOCK(); 7631 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7632 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7633 proto != sah->saidx.proto) 7634 continue; 7635 7636 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) 7637 cnt++; 7638 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) 7639 cnt++; 7640 } 7641 7642 if (cnt == 0) { 7643 SAHTREE_RUNLOCK(); 7644 return key_senderror(so, m, ENOENT); 7645 } 7646 7647 /* send this to the userland, one at a time. */ 7648 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7649 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7650 proto != sah->saidx.proto) 7651 continue; 7652 7653 /* map proto to satype */ 7654 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 7655 SAHTREE_RUNLOCK(); 7656 ipseclog((LOG_DEBUG, "%s: there was invalid proto in " 7657 "SAD.\n", __func__)); 7658 return key_senderror(so, m, EINVAL); 7659 } 7660 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7661 n = key_setdumpsa(sav, SADB_DUMP, satype, 7662 --cnt, mhp->msg->sadb_msg_pid); 7663 if (n == NULL) { 7664 SAHTREE_RUNLOCK(); 7665 return key_senderror(so, m, ENOBUFS); 7666 } 7667 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7668 } 7669 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7670 n = key_setdumpsa(sav, SADB_DUMP, satype, 7671 --cnt, mhp->msg->sadb_msg_pid); 7672 if (n == NULL) { 7673 SAHTREE_RUNLOCK(); 7674 return key_senderror(so, m, ENOBUFS); 7675 } 7676 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7677 } 7678 } 7679 SAHTREE_RUNLOCK(); 7680 m_freem(m); 7681 return (0); 7682 } 7683 /* 7684 * SADB_X_PROMISC processing 7685 * 7686 * m will always be freed. 7687 */ 7688 static int 7689 key_promisc(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7690 { 7691 int olen; 7692 7693 IPSEC_ASSERT(so != NULL, ("null socket")); 7694 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7695 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7696 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7697 7698 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7699 7700 if (olen < sizeof(struct sadb_msg)) { 7701 #if 1 7702 return key_senderror(so, m, EINVAL); 7703 #else 7704 m_freem(m); 7705 return 0; 7706 #endif 7707 } else if (olen == sizeof(struct sadb_msg)) { 7708 /* enable/disable promisc mode */ 7709 struct keycb *kp; 7710 7711 if ((kp = (struct keycb *)sotorawcb(so)) == NULL) 7712 return key_senderror(so, m, EINVAL); 7713 mhp->msg->sadb_msg_errno = 0; 7714 switch (mhp->msg->sadb_msg_satype) { 7715 case 0: 7716 case 1: 7717 kp->kp_promisc = mhp->msg->sadb_msg_satype; 7718 break; 7719 default: 7720 return key_senderror(so, m, EINVAL); 7721 } 7722 7723 /* send the original message back to everyone */ 7724 mhp->msg->sadb_msg_errno = 0; 7725 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7726 } else { 7727 /* send packet as is */ 7728 7729 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg))); 7730 7731 /* TODO: if sadb_msg_seq is specified, send to specific pid */ 7732 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7733 } 7734 } 7735 7736 static int (*key_typesw[])(struct socket *, struct mbuf *, 7737 const struct sadb_msghdr *) = { 7738 NULL, /* SADB_RESERVED */ 7739 key_getspi, /* SADB_GETSPI */ 7740 key_update, /* SADB_UPDATE */ 7741 key_add, /* SADB_ADD */ 7742 key_delete, /* SADB_DELETE */ 7743 key_get, /* SADB_GET */ 7744 key_acquire2, /* SADB_ACQUIRE */ 7745 key_register, /* SADB_REGISTER */ 7746 NULL, /* SADB_EXPIRE */ 7747 key_flush, /* SADB_FLUSH */ 7748 key_dump, /* SADB_DUMP */ 7749 key_promisc, /* SADB_X_PROMISC */ 7750 NULL, /* SADB_X_PCHANGE */ 7751 key_spdadd, /* SADB_X_SPDUPDATE */ 7752 key_spdadd, /* SADB_X_SPDADD */ 7753 key_spddelete, /* SADB_X_SPDDELETE */ 7754 key_spdget, /* SADB_X_SPDGET */ 7755 NULL, /* SADB_X_SPDACQUIRE */ 7756 key_spddump, /* SADB_X_SPDDUMP */ 7757 key_spdflush, /* SADB_X_SPDFLUSH */ 7758 key_spdadd, /* SADB_X_SPDSETIDX */ 7759 NULL, /* SADB_X_SPDEXPIRE */ 7760 key_spddelete2, /* SADB_X_SPDDELETE2 */ 7761 }; 7762 7763 /* 7764 * parse sadb_msg buffer to process PFKEYv2, 7765 * and create a data to response if needed. 7766 * I think to be dealed with mbuf directly. 7767 * IN: 7768 * msgp : pointer to pointer to a received buffer pulluped. 7769 * This is rewrited to response. 7770 * so : pointer to socket. 7771 * OUT: 7772 * length for buffer to send to user process. 7773 */ 7774 int 7775 key_parse(struct mbuf *m, struct socket *so) 7776 { 7777 struct sadb_msg *msg; 7778 struct sadb_msghdr mh; 7779 u_int orglen; 7780 int error; 7781 int target; 7782 7783 IPSEC_ASSERT(so != NULL, ("null socket")); 7784 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7785 7786 if (m->m_len < sizeof(struct sadb_msg)) { 7787 m = m_pullup(m, sizeof(struct sadb_msg)); 7788 if (!m) 7789 return ENOBUFS; 7790 } 7791 msg = mtod(m, struct sadb_msg *); 7792 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); 7793 target = KEY_SENDUP_ONE; 7794 7795 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != orglen) { 7796 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); 7797 PFKEYSTAT_INC(out_invlen); 7798 error = EINVAL; 7799 goto senderror; 7800 } 7801 7802 if (msg->sadb_msg_version != PF_KEY_V2) { 7803 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n", 7804 __func__, msg->sadb_msg_version)); 7805 PFKEYSTAT_INC(out_invver); 7806 error = EINVAL; 7807 goto senderror; 7808 } 7809 7810 if (msg->sadb_msg_type > SADB_MAX) { 7811 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7812 __func__, msg->sadb_msg_type)); 7813 PFKEYSTAT_INC(out_invmsgtype); 7814 error = EINVAL; 7815 goto senderror; 7816 } 7817 7818 /* for old-fashioned code - should be nuked */ 7819 if (m->m_pkthdr.len > MCLBYTES) { 7820 m_freem(m); 7821 return ENOBUFS; 7822 } 7823 if (m->m_next) { 7824 struct mbuf *n; 7825 7826 MGETHDR(n, M_NOWAIT, MT_DATA); 7827 if (n && m->m_pkthdr.len > MHLEN) { 7828 if (!(MCLGET(n, M_NOWAIT))) { 7829 m_free(n); 7830 n = NULL; 7831 } 7832 } 7833 if (!n) { 7834 m_freem(m); 7835 return ENOBUFS; 7836 } 7837 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t)); 7838 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len; 7839 n->m_next = NULL; 7840 m_freem(m); 7841 m = n; 7842 } 7843 7844 /* align the mbuf chain so that extensions are in contiguous region. */ 7845 error = key_align(m, &mh); 7846 if (error) 7847 return error; 7848 7849 msg = mh.msg; 7850 7851 /* We use satype as scope mask for spddump */ 7852 if (msg->sadb_msg_type == SADB_X_SPDDUMP) { 7853 switch (msg->sadb_msg_satype) { 7854 case IPSEC_POLICYSCOPE_ANY: 7855 case IPSEC_POLICYSCOPE_GLOBAL: 7856 case IPSEC_POLICYSCOPE_IFNET: 7857 case IPSEC_POLICYSCOPE_PCB: 7858 break; 7859 default: 7860 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7861 __func__, msg->sadb_msg_type)); 7862 PFKEYSTAT_INC(out_invsatype); 7863 error = EINVAL; 7864 goto senderror; 7865 } 7866 } else { 7867 switch (msg->sadb_msg_satype) { /* check SA type */ 7868 case SADB_SATYPE_UNSPEC: 7869 switch (msg->sadb_msg_type) { 7870 case SADB_GETSPI: 7871 case SADB_UPDATE: 7872 case SADB_ADD: 7873 case SADB_DELETE: 7874 case SADB_GET: 7875 case SADB_ACQUIRE: 7876 case SADB_EXPIRE: 7877 ipseclog((LOG_DEBUG, "%s: must specify satype " 7878 "when msg type=%u.\n", __func__, 7879 msg->sadb_msg_type)); 7880 PFKEYSTAT_INC(out_invsatype); 7881 error = EINVAL; 7882 goto senderror; 7883 } 7884 break; 7885 case SADB_SATYPE_AH: 7886 case SADB_SATYPE_ESP: 7887 case SADB_X_SATYPE_IPCOMP: 7888 case SADB_X_SATYPE_TCPSIGNATURE: 7889 switch (msg->sadb_msg_type) { 7890 case SADB_X_SPDADD: 7891 case SADB_X_SPDDELETE: 7892 case SADB_X_SPDGET: 7893 case SADB_X_SPDFLUSH: 7894 case SADB_X_SPDSETIDX: 7895 case SADB_X_SPDUPDATE: 7896 case SADB_X_SPDDELETE2: 7897 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7898 __func__, msg->sadb_msg_type)); 7899 PFKEYSTAT_INC(out_invsatype); 7900 error = EINVAL; 7901 goto senderror; 7902 } 7903 break; 7904 case SADB_SATYPE_RSVP: 7905 case SADB_SATYPE_OSPFV2: 7906 case SADB_SATYPE_RIPV2: 7907 case SADB_SATYPE_MIP: 7908 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n", 7909 __func__, msg->sadb_msg_satype)); 7910 PFKEYSTAT_INC(out_invsatype); 7911 error = EOPNOTSUPP; 7912 goto senderror; 7913 case 1: /* XXX: What does it do? */ 7914 if (msg->sadb_msg_type == SADB_X_PROMISC) 7915 break; 7916 /*FALLTHROUGH*/ 7917 default: 7918 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7919 __func__, msg->sadb_msg_satype)); 7920 PFKEYSTAT_INC(out_invsatype); 7921 error = EINVAL; 7922 goto senderror; 7923 } 7924 } 7925 7926 /* check field of upper layer protocol and address family */ 7927 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL 7928 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) { 7929 struct sadb_address *src0, *dst0; 7930 u_int plen; 7931 7932 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]); 7933 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]); 7934 7935 /* check upper layer protocol */ 7936 if (src0->sadb_address_proto != dst0->sadb_address_proto) { 7937 ipseclog((LOG_DEBUG, "%s: upper layer protocol " 7938 "mismatched.\n", __func__)); 7939 PFKEYSTAT_INC(out_invaddr); 7940 error = EINVAL; 7941 goto senderror; 7942 } 7943 7944 /* check family */ 7945 if (PFKEY_ADDR_SADDR(src0)->sa_family != 7946 PFKEY_ADDR_SADDR(dst0)->sa_family) { 7947 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", 7948 __func__)); 7949 PFKEYSTAT_INC(out_invaddr); 7950 error = EINVAL; 7951 goto senderror; 7952 } 7953 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7954 PFKEY_ADDR_SADDR(dst0)->sa_len) { 7955 ipseclog((LOG_DEBUG, "%s: address struct size " 7956 "mismatched.\n", __func__)); 7957 PFKEYSTAT_INC(out_invaddr); 7958 error = EINVAL; 7959 goto senderror; 7960 } 7961 7962 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7963 case AF_INET: 7964 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7965 sizeof(struct sockaddr_in)) { 7966 PFKEYSTAT_INC(out_invaddr); 7967 error = EINVAL; 7968 goto senderror; 7969 } 7970 break; 7971 case AF_INET6: 7972 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7973 sizeof(struct sockaddr_in6)) { 7974 PFKEYSTAT_INC(out_invaddr); 7975 error = EINVAL; 7976 goto senderror; 7977 } 7978 break; 7979 default: 7980 ipseclog((LOG_DEBUG, "%s: unsupported address family\n", 7981 __func__)); 7982 PFKEYSTAT_INC(out_invaddr); 7983 error = EAFNOSUPPORT; 7984 goto senderror; 7985 } 7986 7987 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7988 case AF_INET: 7989 plen = sizeof(struct in_addr) << 3; 7990 break; 7991 case AF_INET6: 7992 plen = sizeof(struct in6_addr) << 3; 7993 break; 7994 default: 7995 plen = 0; /*fool gcc*/ 7996 break; 7997 } 7998 7999 /* check max prefix length */ 8000 if (src0->sadb_address_prefixlen > plen || 8001 dst0->sadb_address_prefixlen > plen) { 8002 ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n", 8003 __func__)); 8004 PFKEYSTAT_INC(out_invaddr); 8005 error = EINVAL; 8006 goto senderror; 8007 } 8008 8009 /* 8010 * prefixlen == 0 is valid because there can be a case when 8011 * all addresses are matched. 8012 */ 8013 } 8014 8015 if (msg->sadb_msg_type >= nitems(key_typesw) || 8016 key_typesw[msg->sadb_msg_type] == NULL) { 8017 PFKEYSTAT_INC(out_invmsgtype); 8018 error = EINVAL; 8019 goto senderror; 8020 } 8021 8022 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh); 8023 8024 senderror: 8025 msg->sadb_msg_errno = error; 8026 return key_sendup_mbuf(so, m, target); 8027 } 8028 8029 static int 8030 key_senderror(struct socket *so, struct mbuf *m, int code) 8031 { 8032 struct sadb_msg *msg; 8033 8034 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8035 ("mbuf too small, len %u", m->m_len)); 8036 8037 msg = mtod(m, struct sadb_msg *); 8038 msg->sadb_msg_errno = code; 8039 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 8040 } 8041 8042 /* 8043 * set the pointer to each header into message buffer. 8044 * m will be freed on error. 8045 * XXX larger-than-MCLBYTES extension? 8046 */ 8047 static int 8048 key_align(struct mbuf *m, struct sadb_msghdr *mhp) 8049 { 8050 struct mbuf *n; 8051 struct sadb_ext *ext; 8052 size_t off, end; 8053 int extlen; 8054 int toff; 8055 8056 IPSEC_ASSERT(m != NULL, ("null mbuf")); 8057 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 8058 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8059 ("mbuf too small, len %u", m->m_len)); 8060 8061 /* initialize */ 8062 bzero(mhp, sizeof(*mhp)); 8063 8064 mhp->msg = mtod(m, struct sadb_msg *); 8065 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */ 8066 8067 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 8068 extlen = end; /*just in case extlen is not updated*/ 8069 for (off = sizeof(struct sadb_msg); off < end; off += extlen) { 8070 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff); 8071 if (!n) { 8072 /* m is already freed */ 8073 return ENOBUFS; 8074 } 8075 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8076 8077 /* set pointer */ 8078 switch (ext->sadb_ext_type) { 8079 case SADB_EXT_SA: 8080 case SADB_EXT_ADDRESS_SRC: 8081 case SADB_EXT_ADDRESS_DST: 8082 case SADB_EXT_ADDRESS_PROXY: 8083 case SADB_EXT_LIFETIME_CURRENT: 8084 case SADB_EXT_LIFETIME_HARD: 8085 case SADB_EXT_LIFETIME_SOFT: 8086 case SADB_EXT_KEY_AUTH: 8087 case SADB_EXT_KEY_ENCRYPT: 8088 case SADB_EXT_IDENTITY_SRC: 8089 case SADB_EXT_IDENTITY_DST: 8090 case SADB_EXT_SENSITIVITY: 8091 case SADB_EXT_PROPOSAL: 8092 case SADB_EXT_SUPPORTED_AUTH: 8093 case SADB_EXT_SUPPORTED_ENCRYPT: 8094 case SADB_EXT_SPIRANGE: 8095 case SADB_X_EXT_POLICY: 8096 case SADB_X_EXT_SA2: 8097 case SADB_X_EXT_NAT_T_TYPE: 8098 case SADB_X_EXT_NAT_T_SPORT: 8099 case SADB_X_EXT_NAT_T_DPORT: 8100 case SADB_X_EXT_NAT_T_OAI: 8101 case SADB_X_EXT_NAT_T_OAR: 8102 case SADB_X_EXT_NAT_T_FRAG: 8103 case SADB_X_EXT_SA_REPLAY: 8104 case SADB_X_EXT_NEW_ADDRESS_SRC: 8105 case SADB_X_EXT_NEW_ADDRESS_DST: 8106 /* duplicate check */ 8107 /* 8108 * XXX Are there duplication payloads of either 8109 * KEY_AUTH or KEY_ENCRYPT ? 8110 */ 8111 if (mhp->ext[ext->sadb_ext_type] != NULL) { 8112 ipseclog((LOG_DEBUG, "%s: duplicate ext_type " 8113 "%u\n", __func__, ext->sadb_ext_type)); 8114 m_freem(m); 8115 PFKEYSTAT_INC(out_dupext); 8116 return EINVAL; 8117 } 8118 break; 8119 default: 8120 ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n", 8121 __func__, ext->sadb_ext_type)); 8122 m_freem(m); 8123 PFKEYSTAT_INC(out_invexttype); 8124 return EINVAL; 8125 } 8126 8127 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 8128 8129 if (key_validate_ext(ext, extlen)) { 8130 m_freem(m); 8131 PFKEYSTAT_INC(out_invlen); 8132 return EINVAL; 8133 } 8134 8135 n = m_pulldown(m, off, extlen, &toff); 8136 if (!n) { 8137 /* m is already freed */ 8138 return ENOBUFS; 8139 } 8140 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8141 8142 mhp->ext[ext->sadb_ext_type] = ext; 8143 mhp->extoff[ext->sadb_ext_type] = off; 8144 mhp->extlen[ext->sadb_ext_type] = extlen; 8145 } 8146 8147 if (off != end) { 8148 m_freem(m); 8149 PFKEYSTAT_INC(out_invlen); 8150 return EINVAL; 8151 } 8152 8153 return 0; 8154 } 8155 8156 static int 8157 key_validate_ext(const struct sadb_ext *ext, int len) 8158 { 8159 const struct sockaddr *sa; 8160 enum { NONE, ADDR } checktype = NONE; 8161 int baselen = 0; 8162 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len); 8163 8164 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len)) 8165 return EINVAL; 8166 8167 /* if it does not match minimum/maximum length, bail */ 8168 if (ext->sadb_ext_type >= nitems(minsize) || 8169 ext->sadb_ext_type >= nitems(maxsize)) 8170 return EINVAL; 8171 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type]) 8172 return EINVAL; 8173 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type]) 8174 return EINVAL; 8175 8176 /* more checks based on sadb_ext_type XXX need more */ 8177 switch (ext->sadb_ext_type) { 8178 case SADB_EXT_ADDRESS_SRC: 8179 case SADB_EXT_ADDRESS_DST: 8180 case SADB_EXT_ADDRESS_PROXY: 8181 case SADB_X_EXT_NAT_T_OAI: 8182 case SADB_X_EXT_NAT_T_OAR: 8183 case SADB_X_EXT_NEW_ADDRESS_SRC: 8184 case SADB_X_EXT_NEW_ADDRESS_DST: 8185 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address)); 8186 checktype = ADDR; 8187 break; 8188 case SADB_EXT_IDENTITY_SRC: 8189 case SADB_EXT_IDENTITY_DST: 8190 if (((const struct sadb_ident *)ext)->sadb_ident_type == 8191 SADB_X_IDENTTYPE_ADDR) { 8192 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident)); 8193 checktype = ADDR; 8194 } else 8195 checktype = NONE; 8196 break; 8197 default: 8198 checktype = NONE; 8199 break; 8200 } 8201 8202 switch (checktype) { 8203 case NONE: 8204 break; 8205 case ADDR: 8206 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen); 8207 if (len < baselen + sal) 8208 return EINVAL; 8209 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len) 8210 return EINVAL; 8211 break; 8212 } 8213 8214 return 0; 8215 } 8216 8217 void 8218 spdcache_init(void) 8219 { 8220 int i; 8221 8222 TUNABLE_INT_FETCH("net.key.spdcache.maxentries", 8223 &V_key_spdcache_maxentries); 8224 TUNABLE_INT_FETCH("net.key.spdcache.threshold", 8225 &V_key_spdcache_threshold); 8226 8227 if (V_key_spdcache_maxentries) { 8228 V_key_spdcache_maxentries = MAX(V_key_spdcache_maxentries, 8229 SPDCACHE_MAX_ENTRIES_PER_HASH); 8230 V_spdcachehashtbl = hashinit(V_key_spdcache_maxentries / 8231 SPDCACHE_MAX_ENTRIES_PER_HASH, 8232 M_IPSEC_SPDCACHE, &V_spdcachehash_mask); 8233 V_key_spdcache_maxentries = (V_spdcachehash_mask + 1) 8234 * SPDCACHE_MAX_ENTRIES_PER_HASH; 8235 8236 V_spdcache_lock = malloc(sizeof(struct mtx) * 8237 (V_spdcachehash_mask + 1), 8238 M_IPSEC_SPDCACHE, M_WAITOK|M_ZERO); 8239 8240 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8241 SPDCACHE_LOCK_INIT(i); 8242 } 8243 } 8244 8245 struct spdcache_entry * 8246 spdcache_entry_alloc(const struct secpolicyindex *spidx, struct secpolicy *sp) 8247 { 8248 struct spdcache_entry *entry; 8249 8250 entry = malloc(sizeof(struct spdcache_entry), 8251 M_IPSEC_SPDCACHE, M_NOWAIT|M_ZERO); 8252 if (entry == NULL) 8253 return NULL; 8254 8255 if (sp != NULL) 8256 SP_ADDREF(sp); 8257 8258 entry->spidx = *spidx; 8259 entry->sp = sp; 8260 8261 return (entry); 8262 } 8263 8264 void 8265 spdcache_entry_free(struct spdcache_entry *entry) 8266 { 8267 8268 if (entry->sp != NULL) 8269 key_freesp(&entry->sp); 8270 free(entry, M_IPSEC_SPDCACHE); 8271 } 8272 8273 void 8274 spdcache_clear(void) 8275 { 8276 struct spdcache_entry *entry; 8277 int i; 8278 8279 for (i = 0; i < V_spdcachehash_mask + 1; ++i) { 8280 SPDCACHE_LOCK(i); 8281 while (!LIST_EMPTY(&V_spdcachehashtbl[i])) { 8282 entry = LIST_FIRST(&V_spdcachehashtbl[i]); 8283 LIST_REMOVE(entry, chain); 8284 spdcache_entry_free(entry); 8285 } 8286 SPDCACHE_UNLOCK(i); 8287 } 8288 } 8289 8290 #ifdef VIMAGE 8291 void 8292 spdcache_destroy(void) 8293 { 8294 int i; 8295 8296 if (SPDCACHE_ENABLED()) { 8297 spdcache_clear(); 8298 hashdestroy(V_spdcachehashtbl, M_IPSEC_SPDCACHE, V_spdcachehash_mask); 8299 8300 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8301 SPDCACHE_LOCK_DESTROY(i); 8302 8303 free(V_spdcache_lock, M_IPSEC_SPDCACHE); 8304 } 8305 } 8306 #endif 8307 8308 static void 8309 key_vnet_init(void *arg __unused) 8310 { 8311 int i; 8312 8313 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8314 TAILQ_INIT(&V_sptree[i]); 8315 TAILQ_INIT(&V_sptree_ifnet[i]); 8316 } 8317 8318 TAILQ_INIT(&V_sahtree); 8319 V_sphashtbl = hashinit(SPHASH_NHASH, M_IPSEC_SP, &V_sphash_mask); 8320 V_savhashtbl = hashinit(SAVHASH_NHASH, M_IPSEC_SA, &V_savhash_mask); 8321 V_sahaddrhashtbl = hashinit(SAHHASH_NHASH, M_IPSEC_SAH, 8322 &V_sahaddrhash_mask); 8323 V_acqaddrhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8324 &V_acqaddrhash_mask); 8325 V_acqseqhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8326 &V_acqseqhash_mask); 8327 8328 spdcache_init(); 8329 8330 for (i = 0; i <= SADB_SATYPE_MAX; i++) 8331 LIST_INIT(&V_regtree[i]); 8332 8333 LIST_INIT(&V_acqtree); 8334 LIST_INIT(&V_spacqtree); 8335 } 8336 VNET_SYSINIT(key_vnet_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_SECOND, 8337 key_vnet_init, NULL); 8338 8339 static void 8340 key_init(void *arg __unused) 8341 { 8342 8343 ipsec_key_lft_zone = uma_zcreate("IPsec SA lft_c", 8344 sizeof(uint64_t) * 2, NULL, NULL, NULL, NULL, 8345 UMA_ALIGN_PTR, UMA_ZONE_PCPU); 8346 8347 SPTREE_LOCK_INIT(); 8348 REGTREE_LOCK_INIT(); 8349 SAHTREE_LOCK_INIT(); 8350 ACQ_LOCK_INIT(); 8351 SPACQ_LOCK_INIT(); 8352 SPI_ALLOC_LOCK_INIT(); 8353 8354 #ifndef IPSEC_DEBUG2 8355 callout_init(&key_timer, 1); 8356 callout_reset(&key_timer, hz, key_timehandler, NULL); 8357 #endif /*IPSEC_DEBUG2*/ 8358 8359 /* initialize key statistics */ 8360 keystat.getspi_count = 1; 8361 8362 if (bootverbose) 8363 printf("IPsec: Initialized Security Association Processing.\n"); 8364 } 8365 SYSINIT(key_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, key_init, NULL); 8366 8367 #ifdef VIMAGE 8368 static void 8369 key_vnet_destroy(void *arg __unused) 8370 { 8371 struct secashead_queue sahdrainq; 8372 struct secpolicy_queue drainq; 8373 struct secpolicy *sp, *nextsp; 8374 struct secacq *acq, *nextacq; 8375 struct secspacq *spacq, *nextspacq; 8376 struct secashead *sah; 8377 struct secasvar *sav; 8378 struct secreg *reg; 8379 int i; 8380 8381 /* 8382 * XXX: can we just call free() for each object without 8383 * walking through safe way with releasing references? 8384 */ 8385 TAILQ_INIT(&drainq); 8386 SPTREE_WLOCK(); 8387 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8388 TAILQ_CONCAT(&drainq, &V_sptree[i], chain); 8389 TAILQ_CONCAT(&drainq, &V_sptree_ifnet[i], chain); 8390 } 8391 for (i = 0; i < V_sphash_mask + 1; i++) 8392 LIST_INIT(&V_sphashtbl[i]); 8393 SPTREE_WUNLOCK(); 8394 spdcache_destroy(); 8395 8396 sp = TAILQ_FIRST(&drainq); 8397 while (sp != NULL) { 8398 nextsp = TAILQ_NEXT(sp, chain); 8399 key_freesp(&sp); 8400 sp = nextsp; 8401 } 8402 8403 TAILQ_INIT(&sahdrainq); 8404 SAHTREE_WLOCK(); 8405 TAILQ_CONCAT(&sahdrainq, &V_sahtree, chain); 8406 for (i = 0; i < V_savhash_mask + 1; i++) 8407 LIST_INIT(&V_savhashtbl[i]); 8408 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 8409 LIST_INIT(&V_sahaddrhashtbl[i]); 8410 TAILQ_FOREACH(sah, &sahdrainq, chain) { 8411 sah->state = SADB_SASTATE_DEAD; 8412 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 8413 sav->state = SADB_SASTATE_DEAD; 8414 } 8415 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 8416 sav->state = SADB_SASTATE_DEAD; 8417 } 8418 } 8419 SAHTREE_WUNLOCK(); 8420 8421 key_freesah_flushed(&sahdrainq); 8422 hashdestroy(V_sphashtbl, M_IPSEC_SP, V_sphash_mask); 8423 hashdestroy(V_savhashtbl, M_IPSEC_SA, V_savhash_mask); 8424 hashdestroy(V_sahaddrhashtbl, M_IPSEC_SAH, V_sahaddrhash_mask); 8425 8426 REGTREE_LOCK(); 8427 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 8428 LIST_FOREACH(reg, &V_regtree[i], chain) { 8429 if (__LIST_CHAINED(reg)) { 8430 LIST_REMOVE(reg, chain); 8431 free(reg, M_IPSEC_SAR); 8432 break; 8433 } 8434 } 8435 } 8436 REGTREE_UNLOCK(); 8437 8438 ACQ_LOCK(); 8439 acq = LIST_FIRST(&V_acqtree); 8440 while (acq != NULL) { 8441 nextacq = LIST_NEXT(acq, chain); 8442 LIST_REMOVE(acq, chain); 8443 free(acq, M_IPSEC_SAQ); 8444 acq = nextacq; 8445 } 8446 for (i = 0; i < V_acqaddrhash_mask + 1; i++) 8447 LIST_INIT(&V_acqaddrhashtbl[i]); 8448 for (i = 0; i < V_acqseqhash_mask + 1; i++) 8449 LIST_INIT(&V_acqseqhashtbl[i]); 8450 ACQ_UNLOCK(); 8451 8452 SPACQ_LOCK(); 8453 for (spacq = LIST_FIRST(&V_spacqtree); spacq != NULL; 8454 spacq = nextspacq) { 8455 nextspacq = LIST_NEXT(spacq, chain); 8456 if (__LIST_CHAINED(spacq)) { 8457 LIST_REMOVE(spacq, chain); 8458 free(spacq, M_IPSEC_SAQ); 8459 } 8460 } 8461 SPACQ_UNLOCK(); 8462 hashdestroy(V_acqaddrhashtbl, M_IPSEC_SAQ, V_acqaddrhash_mask); 8463 hashdestroy(V_acqseqhashtbl, M_IPSEC_SAQ, V_acqseqhash_mask); 8464 } 8465 VNET_SYSUNINIT(key_vnet_destroy, SI_SUB_PROTO_DOMAIN, SI_ORDER_SECOND, 8466 key_vnet_destroy, NULL); 8467 #endif 8468 8469 /* 8470 * XXX: as long as domains are not unloadable, this function is never called, 8471 * provided for consistensy and future unload support. 8472 */ 8473 static void 8474 key_destroy(void *arg __unused) 8475 { 8476 uma_zdestroy(ipsec_key_lft_zone); 8477 8478 #ifndef IPSEC_DEBUG2 8479 callout_drain(&key_timer); 8480 #endif 8481 SPTREE_LOCK_DESTROY(); 8482 REGTREE_LOCK_DESTROY(); 8483 SAHTREE_LOCK_DESTROY(); 8484 ACQ_LOCK_DESTROY(); 8485 SPACQ_LOCK_DESTROY(); 8486 SPI_ALLOC_LOCK_DESTROY(); 8487 } 8488 SYSUNINIT(key_destroy, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, key_destroy, NULL); 8489 8490 /* record data transfer on SA, and update timestamps */ 8491 void 8492 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m) 8493 { 8494 IPSEC_ASSERT(sav != NULL, ("Null secasvar")); 8495 IPSEC_ASSERT(m != NULL, ("Null mbuf")); 8496 8497 /* 8498 * XXX Currently, there is a difference of bytes size 8499 * between inbound and outbound processing. 8500 */ 8501 counter_u64_add(sav->lft_c_bytes, m->m_pkthdr.len); 8502 8503 /* 8504 * We use the number of packets as the unit of 8505 * allocations. We increment the variable 8506 * whenever {esp,ah}_{in,out}put is called. 8507 */ 8508 counter_u64_add(sav->lft_c_allocations, 1); 8509 8510 /* 8511 * NOTE: We record CURRENT usetime by using wall clock, 8512 * in seconds. HARD and SOFT lifetime are measured by the time 8513 * difference (again in seconds) from usetime. 8514 * 8515 * usetime 8516 * v expire expire 8517 * -----+-----+--------+---> t 8518 * <--------------> HARD 8519 * <-----> SOFT 8520 */ 8521 if (sav->firstused == 0) 8522 sav->firstused = time_second; 8523 } 8524 8525 /* 8526 * Take one of the kernel's security keys and convert it into a PF_KEY 8527 * structure within an mbuf, suitable for sending up to a waiting 8528 * application in user land. 8529 * 8530 * IN: 8531 * src: A pointer to a kernel security key. 8532 * exttype: Which type of key this is. Refer to the PF_KEY data structures. 8533 * OUT: 8534 * a valid mbuf or NULL indicating an error 8535 * 8536 */ 8537 8538 static struct mbuf * 8539 key_setkey(struct seckey *src, uint16_t exttype) 8540 { 8541 struct mbuf *m; 8542 struct sadb_key *p; 8543 int len; 8544 8545 if (src == NULL) 8546 return NULL; 8547 8548 len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src)); 8549 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8550 if (m == NULL) 8551 return NULL; 8552 m_align(m, len); 8553 m->m_len = len; 8554 p = mtod(m, struct sadb_key *); 8555 bzero(p, len); 8556 p->sadb_key_len = PFKEY_UNIT64(len); 8557 p->sadb_key_exttype = exttype; 8558 p->sadb_key_bits = src->bits; 8559 bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src)); 8560 8561 return m; 8562 } 8563 8564 /* 8565 * Take one of the kernel's lifetime data structures and convert it 8566 * into a PF_KEY structure within an mbuf, suitable for sending up to 8567 * a waiting application in user land. 8568 * 8569 * IN: 8570 * src: A pointer to a kernel lifetime structure. 8571 * exttype: Which type of lifetime this is. Refer to the PF_KEY 8572 * data structures for more information. 8573 * OUT: 8574 * a valid mbuf or NULL indicating an error 8575 * 8576 */ 8577 8578 static struct mbuf * 8579 key_setlifetime(struct seclifetime *src, uint16_t exttype) 8580 { 8581 struct mbuf *m = NULL; 8582 struct sadb_lifetime *p; 8583 int len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime)); 8584 8585 if (src == NULL) 8586 return NULL; 8587 8588 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8589 if (m == NULL) 8590 return m; 8591 m_align(m, len); 8592 m->m_len = len; 8593 p = mtod(m, struct sadb_lifetime *); 8594 8595 bzero(p, len); 8596 p->sadb_lifetime_len = PFKEY_UNIT64(len); 8597 p->sadb_lifetime_exttype = exttype; 8598 p->sadb_lifetime_allocations = src->allocations; 8599 p->sadb_lifetime_bytes = src->bytes; 8600 p->sadb_lifetime_addtime = src->addtime; 8601 p->sadb_lifetime_usetime = src->usetime; 8602 8603 return m; 8604 8605 } 8606 8607 const struct enc_xform * 8608 enc_algorithm_lookup(int alg) 8609 { 8610 int i; 8611 8612 for (i = 0; i < nitems(supported_ealgs); i++) 8613 if (alg == supported_ealgs[i].sadb_alg) 8614 return (supported_ealgs[i].xform); 8615 return (NULL); 8616 } 8617 8618 const struct auth_hash * 8619 auth_algorithm_lookup(int alg) 8620 { 8621 int i; 8622 8623 for (i = 0; i < nitems(supported_aalgs); i++) 8624 if (alg == supported_aalgs[i].sadb_alg) 8625 return (supported_aalgs[i].xform); 8626 return (NULL); 8627 } 8628 8629 const struct comp_algo * 8630 comp_algorithm_lookup(int alg) 8631 { 8632 int i; 8633 8634 for (i = 0; i < nitems(supported_calgs); i++) 8635 if (alg == supported_calgs[i].sadb_alg) 8636 return (supported_calgs[i].xform); 8637 return (NULL); 8638 } 8639