1 /* $FreeBSD$ */ 2 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 3 4 /*- 5 * SPDX-License-Identifier: BSD-3-Clause 6 * 7 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the project nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 /* 36 * This code is referd to RFC 2367 37 */ 38 39 #include "opt_inet.h" 40 #include "opt_inet6.h" 41 #include "opt_ipsec.h" 42 43 #include <sys/types.h> 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/kernel.h> 47 #include <sys/fnv_hash.h> 48 #include <sys/lock.h> 49 #include <sys/mutex.h> 50 #include <sys/mbuf.h> 51 #include <sys/domain.h> 52 #include <sys/protosw.h> 53 #include <sys/malloc.h> 54 #include <sys/rmlock.h> 55 #include <sys/socket.h> 56 #include <sys/socketvar.h> 57 #include <sys/sysctl.h> 58 #include <sys/errno.h> 59 #include <sys/proc.h> 60 #include <sys/queue.h> 61 #include <sys/refcount.h> 62 #include <sys/syslog.h> 63 64 #include <vm/uma.h> 65 66 #include <net/if.h> 67 #include <net/if_var.h> 68 #include <net/vnet.h> 69 #include <net/raw_cb.h> 70 71 #include <netinet/in.h> 72 #include <netinet/in_systm.h> 73 #include <netinet/ip.h> 74 #include <netinet/in_var.h> 75 #include <netinet/udp.h> 76 77 #ifdef INET6 78 #include <netinet/ip6.h> 79 #include <netinet6/in6_var.h> 80 #include <netinet6/ip6_var.h> 81 #endif /* INET6 */ 82 83 #include <net/pfkeyv2.h> 84 #include <netipsec/keydb.h> 85 #include <netipsec/key.h> 86 #include <netipsec/keysock.h> 87 #include <netipsec/key_debug.h> 88 89 #include <netipsec/ipsec.h> 90 #ifdef INET6 91 #include <netipsec/ipsec6.h> 92 #endif 93 94 #include <netipsec/xform.h> 95 #include <machine/in_cksum.h> 96 #include <machine/stdarg.h> 97 98 /* randomness */ 99 #include <sys/random.h> 100 101 #define FULLMASK 0xff 102 #define _BITS(bytes) ((bytes) << 3) 103 104 #define UINT32_80PCT 0xcccccccc 105 /* 106 * Note on SA reference counting: 107 * - SAs that are not in DEAD state will have (total external reference + 1) 108 * following value in reference count field. they cannot be freed and are 109 * referenced from SA header. 110 * - SAs that are in DEAD state will have (total external reference) 111 * in reference count field. they are ready to be freed. reference from 112 * SA header will be removed in key_delsav(), when the reference count 113 * field hits 0 (= no external reference other than from SA header. 114 */ 115 116 VNET_DEFINE(u_int32_t, key_debug_level) = 0; 117 VNET_DEFINE_STATIC(u_int, key_spi_trycnt) = 1000; 118 VNET_DEFINE_STATIC(u_int32_t, key_spi_minval) = 0x100; 119 VNET_DEFINE_STATIC(u_int32_t, key_spi_maxval) = 0x0fffffff; /* XXX */ 120 VNET_DEFINE_STATIC(u_int32_t, policy_id) = 0; 121 /*interval to initialize randseed,1(m)*/ 122 VNET_DEFINE_STATIC(u_int, key_int_random) = 60; 123 /* interval to expire acquiring, 30(s)*/ 124 VNET_DEFINE_STATIC(u_int, key_larval_lifetime) = 30; 125 /* counter for blocking SADB_ACQUIRE.*/ 126 VNET_DEFINE_STATIC(int, key_blockacq_count) = 10; 127 /* lifetime for blocking SADB_ACQUIRE.*/ 128 VNET_DEFINE_STATIC(int, key_blockacq_lifetime) = 20; 129 /* preferred old sa rather than new sa.*/ 130 VNET_DEFINE_STATIC(int, key_preferred_oldsa) = 1; 131 #define V_key_spi_trycnt VNET(key_spi_trycnt) 132 #define V_key_spi_minval VNET(key_spi_minval) 133 #define V_key_spi_maxval VNET(key_spi_maxval) 134 #define V_policy_id VNET(policy_id) 135 #define V_key_int_random VNET(key_int_random) 136 #define V_key_larval_lifetime VNET(key_larval_lifetime) 137 #define V_key_blockacq_count VNET(key_blockacq_count) 138 #define V_key_blockacq_lifetime VNET(key_blockacq_lifetime) 139 #define V_key_preferred_oldsa VNET(key_preferred_oldsa) 140 141 VNET_DEFINE_STATIC(u_int32_t, acq_seq) = 0; 142 #define V_acq_seq VNET(acq_seq) 143 144 VNET_DEFINE_STATIC(uint32_t, sp_genid) = 0; 145 #define V_sp_genid VNET(sp_genid) 146 147 /* SPD */ 148 TAILQ_HEAD(secpolicy_queue, secpolicy); 149 LIST_HEAD(secpolicy_list, secpolicy); 150 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree[IPSEC_DIR_MAX]); 151 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree_ifnet[IPSEC_DIR_MAX]); 152 static struct rmlock sptree_lock; 153 #define V_sptree VNET(sptree) 154 #define V_sptree_ifnet VNET(sptree_ifnet) 155 #define SPTREE_LOCK_INIT() rm_init(&sptree_lock, "sptree") 156 #define SPTREE_LOCK_DESTROY() rm_destroy(&sptree_lock) 157 #define SPTREE_RLOCK_TRACKER struct rm_priotracker sptree_tracker 158 #define SPTREE_RLOCK() rm_rlock(&sptree_lock, &sptree_tracker) 159 #define SPTREE_RUNLOCK() rm_runlock(&sptree_lock, &sptree_tracker) 160 #define SPTREE_RLOCK_ASSERT() rm_assert(&sptree_lock, RA_RLOCKED) 161 #define SPTREE_WLOCK() rm_wlock(&sptree_lock) 162 #define SPTREE_WUNLOCK() rm_wunlock(&sptree_lock) 163 #define SPTREE_WLOCK_ASSERT() rm_assert(&sptree_lock, RA_WLOCKED) 164 #define SPTREE_UNLOCK_ASSERT() rm_assert(&sptree_lock, RA_UNLOCKED) 165 166 /* Hash table for lookup SP using unique id */ 167 VNET_DEFINE_STATIC(struct secpolicy_list *, sphashtbl); 168 VNET_DEFINE_STATIC(u_long, sphash_mask); 169 #define V_sphashtbl VNET(sphashtbl) 170 #define V_sphash_mask VNET(sphash_mask) 171 172 #define SPHASH_NHASH_LOG2 7 173 #define SPHASH_NHASH (1 << SPHASH_NHASH_LOG2) 174 #define SPHASH_HASHVAL(id) (key_u32hash(id) & V_sphash_mask) 175 #define SPHASH_HASH(id) &V_sphashtbl[SPHASH_HASHVAL(id)] 176 177 /* SPD cache */ 178 struct spdcache_entry { 179 struct secpolicyindex spidx; /* secpolicyindex */ 180 struct secpolicy *sp; /* cached policy to be used */ 181 182 LIST_ENTRY(spdcache_entry) chain; 183 }; 184 LIST_HEAD(spdcache_entry_list, spdcache_entry); 185 186 #define SPDCACHE_MAX_ENTRIES_PER_HASH 8 187 188 VNET_DEFINE_STATIC(u_int, key_spdcache_maxentries) = 0; 189 #define V_key_spdcache_maxentries VNET(key_spdcache_maxentries) 190 VNET_DEFINE_STATIC(u_int, key_spdcache_threshold) = 32; 191 #define V_key_spdcache_threshold VNET(key_spdcache_threshold) 192 VNET_DEFINE_STATIC(unsigned long, spd_size) = 0; 193 #define V_spd_size VNET(spd_size) 194 195 #define SPDCACHE_ENABLED() (V_key_spdcache_maxentries != 0) 196 #define SPDCACHE_ACTIVE() \ 197 (SPDCACHE_ENABLED() && V_spd_size >= V_key_spdcache_threshold) 198 199 VNET_DEFINE_STATIC(struct spdcache_entry_list *, spdcachehashtbl); 200 VNET_DEFINE_STATIC(u_long, spdcachehash_mask); 201 #define V_spdcachehashtbl VNET(spdcachehashtbl) 202 #define V_spdcachehash_mask VNET(spdcachehash_mask) 203 204 #define SPDCACHE_HASHVAL(idx) \ 205 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->ul_proto) & \ 206 V_spdcachehash_mask) 207 208 /* Each cache line is protected by a mutex */ 209 VNET_DEFINE_STATIC(struct mtx *, spdcache_lock); 210 #define V_spdcache_lock VNET(spdcache_lock) 211 212 #define SPDCACHE_LOCK_INIT(a) \ 213 mtx_init(&V_spdcache_lock[a], "spdcache", \ 214 "fast ipsec SPD cache", MTX_DEF|MTX_DUPOK) 215 #define SPDCACHE_LOCK_DESTROY(a) mtx_destroy(&V_spdcache_lock[a]) 216 #define SPDCACHE_LOCK(a) mtx_lock(&V_spdcache_lock[a]); 217 #define SPDCACHE_UNLOCK(a) mtx_unlock(&V_spdcache_lock[a]); 218 219 static struct sx spi_alloc_lock; 220 #define SPI_ALLOC_LOCK_INIT() sx_init(&spi_alloc_lock, "spialloc") 221 #define SPI_ALLOC_LOCK_DESTROY() sx_destroy(&spi_alloc_lock) 222 #define SPI_ALLOC_LOCK() sx_xlock(&spi_alloc_lock) 223 #define SPI_ALLOC_UNLOCK() sx_unlock(&spi_alloc_lock) 224 #define SPI_ALLOC_LOCK_ASSERT() sx_assert(&spi_alloc_lock, SA_XLOCKED) 225 226 /* SAD */ 227 TAILQ_HEAD(secashead_queue, secashead); 228 LIST_HEAD(secashead_list, secashead); 229 VNET_DEFINE_STATIC(struct secashead_queue, sahtree); 230 static struct rmlock sahtree_lock; 231 #define V_sahtree VNET(sahtree) 232 #define SAHTREE_LOCK_INIT() rm_init(&sahtree_lock, "sahtree") 233 #define SAHTREE_LOCK_DESTROY() rm_destroy(&sahtree_lock) 234 #define SAHTREE_RLOCK_TRACKER struct rm_priotracker sahtree_tracker 235 #define SAHTREE_RLOCK() rm_rlock(&sahtree_lock, &sahtree_tracker) 236 #define SAHTREE_RUNLOCK() rm_runlock(&sahtree_lock, &sahtree_tracker) 237 #define SAHTREE_RLOCK_ASSERT() rm_assert(&sahtree_lock, RA_RLOCKED) 238 #define SAHTREE_WLOCK() rm_wlock(&sahtree_lock) 239 #define SAHTREE_WUNLOCK() rm_wunlock(&sahtree_lock) 240 #define SAHTREE_WLOCK_ASSERT() rm_assert(&sahtree_lock, RA_WLOCKED) 241 #define SAHTREE_UNLOCK_ASSERT() rm_assert(&sahtree_lock, RA_UNLOCKED) 242 243 /* Hash table for lookup in SAD using SA addresses */ 244 VNET_DEFINE_STATIC(struct secashead_list *, sahaddrhashtbl); 245 VNET_DEFINE_STATIC(u_long, sahaddrhash_mask); 246 #define V_sahaddrhashtbl VNET(sahaddrhashtbl) 247 #define V_sahaddrhash_mask VNET(sahaddrhash_mask) 248 249 #define SAHHASH_NHASH_LOG2 7 250 #define SAHHASH_NHASH (1 << SAHHASH_NHASH_LOG2) 251 #define SAHADDRHASH_HASHVAL(idx) \ 252 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 253 V_sahaddrhash_mask) 254 #define SAHADDRHASH_HASH(saidx) \ 255 &V_sahaddrhashtbl[SAHADDRHASH_HASHVAL(saidx)] 256 257 /* Hash table for lookup in SAD using SPI */ 258 LIST_HEAD(secasvar_list, secasvar); 259 VNET_DEFINE_STATIC(struct secasvar_list *, savhashtbl); 260 VNET_DEFINE_STATIC(u_long, savhash_mask); 261 #define V_savhashtbl VNET(savhashtbl) 262 #define V_savhash_mask VNET(savhash_mask) 263 #define SAVHASH_NHASH_LOG2 7 264 #define SAVHASH_NHASH (1 << SAVHASH_NHASH_LOG2) 265 #define SAVHASH_HASHVAL(spi) (key_u32hash(spi) & V_savhash_mask) 266 #define SAVHASH_HASH(spi) &V_savhashtbl[SAVHASH_HASHVAL(spi)] 267 268 static uint32_t 269 key_addrprotohash(const union sockaddr_union *src, 270 const union sockaddr_union *dst, const uint8_t *proto) 271 { 272 uint32_t hval; 273 274 hval = fnv_32_buf(proto, sizeof(*proto), 275 FNV1_32_INIT); 276 switch (dst->sa.sa_family) { 277 #ifdef INET 278 case AF_INET: 279 hval = fnv_32_buf(&src->sin.sin_addr, 280 sizeof(in_addr_t), hval); 281 hval = fnv_32_buf(&dst->sin.sin_addr, 282 sizeof(in_addr_t), hval); 283 break; 284 #endif 285 #ifdef INET6 286 case AF_INET6: 287 hval = fnv_32_buf(&src->sin6.sin6_addr, 288 sizeof(struct in6_addr), hval); 289 hval = fnv_32_buf(&dst->sin6.sin6_addr, 290 sizeof(struct in6_addr), hval); 291 break; 292 #endif 293 default: 294 hval = 0; 295 ipseclog((LOG_DEBUG, "%s: unknown address family %d\n", 296 __func__, dst->sa.sa_family)); 297 } 298 return (hval); 299 } 300 301 static uint32_t 302 key_u32hash(uint32_t val) 303 { 304 305 return (fnv_32_buf(&val, sizeof(val), FNV1_32_INIT)); 306 } 307 308 /* registed list */ 309 VNET_DEFINE_STATIC(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]); 310 #define V_regtree VNET(regtree) 311 static struct mtx regtree_lock; 312 #define REGTREE_LOCK_INIT() \ 313 mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF) 314 #define REGTREE_LOCK_DESTROY() mtx_destroy(®tree_lock) 315 #define REGTREE_LOCK() mtx_lock(®tree_lock) 316 #define REGTREE_UNLOCK() mtx_unlock(®tree_lock) 317 #define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED) 318 319 /* Acquiring list */ 320 LIST_HEAD(secacq_list, secacq); 321 VNET_DEFINE_STATIC(struct secacq_list, acqtree); 322 #define V_acqtree VNET(acqtree) 323 static struct mtx acq_lock; 324 #define ACQ_LOCK_INIT() \ 325 mtx_init(&acq_lock, "acqtree", "ipsec SA acquiring list", MTX_DEF) 326 #define ACQ_LOCK_DESTROY() mtx_destroy(&acq_lock) 327 #define ACQ_LOCK() mtx_lock(&acq_lock) 328 #define ACQ_UNLOCK() mtx_unlock(&acq_lock) 329 #define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED) 330 331 /* Hash table for lookup in ACQ list using SA addresses */ 332 VNET_DEFINE_STATIC(struct secacq_list *, acqaddrhashtbl); 333 VNET_DEFINE_STATIC(u_long, acqaddrhash_mask); 334 #define V_acqaddrhashtbl VNET(acqaddrhashtbl) 335 #define V_acqaddrhash_mask VNET(acqaddrhash_mask) 336 337 /* Hash table for lookup in ACQ list using SEQ number */ 338 VNET_DEFINE_STATIC(struct secacq_list *, acqseqhashtbl); 339 VNET_DEFINE_STATIC(u_long, acqseqhash_mask); 340 #define V_acqseqhashtbl VNET(acqseqhashtbl) 341 #define V_acqseqhash_mask VNET(acqseqhash_mask) 342 343 #define ACQHASH_NHASH_LOG2 7 344 #define ACQHASH_NHASH (1 << ACQHASH_NHASH_LOG2) 345 #define ACQADDRHASH_HASHVAL(idx) \ 346 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 347 V_acqaddrhash_mask) 348 #define ACQSEQHASH_HASHVAL(seq) \ 349 (key_u32hash(seq) & V_acqseqhash_mask) 350 #define ACQADDRHASH_HASH(saidx) \ 351 &V_acqaddrhashtbl[ACQADDRHASH_HASHVAL(saidx)] 352 #define ACQSEQHASH_HASH(seq) \ 353 &V_acqseqhashtbl[ACQSEQHASH_HASHVAL(seq)] 354 /* SP acquiring list */ 355 VNET_DEFINE_STATIC(LIST_HEAD(_spacqtree, secspacq), spacqtree); 356 #define V_spacqtree VNET(spacqtree) 357 static struct mtx spacq_lock; 358 #define SPACQ_LOCK_INIT() \ 359 mtx_init(&spacq_lock, "spacqtree", \ 360 "fast ipsec security policy acquire list", MTX_DEF) 361 #define SPACQ_LOCK_DESTROY() mtx_destroy(&spacq_lock) 362 #define SPACQ_LOCK() mtx_lock(&spacq_lock) 363 #define SPACQ_UNLOCK() mtx_unlock(&spacq_lock) 364 #define SPACQ_LOCK_ASSERT() mtx_assert(&spacq_lock, MA_OWNED) 365 366 static const int minsize[] = { 367 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 368 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 369 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 370 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 371 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 372 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */ 373 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */ 374 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */ 375 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */ 376 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */ 377 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */ 378 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */ 379 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */ 380 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */ 381 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */ 382 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */ 383 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 384 0, /* SADB_X_EXT_KMPRIVATE */ 385 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */ 386 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 387 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 388 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 389 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 390 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAI */ 391 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAR */ 392 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 393 sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */ 394 sizeof(struct sadb_address), /* SADB_X_EXT_NEW_ADDRESS_SRC */ 395 sizeof(struct sadb_address), /* SADB_X_EXT_NEW_ADDRESS_DST */ 396 }; 397 _Static_assert(sizeof(minsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch"); 398 399 static const int maxsize[] = { 400 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 401 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 402 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 403 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 404 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 405 0, /* SADB_EXT_ADDRESS_SRC */ 406 0, /* SADB_EXT_ADDRESS_DST */ 407 0, /* SADB_EXT_ADDRESS_PROXY */ 408 0, /* SADB_EXT_KEY_AUTH */ 409 0, /* SADB_EXT_KEY_ENCRYPT */ 410 0, /* SADB_EXT_IDENTITY_SRC */ 411 0, /* SADB_EXT_IDENTITY_DST */ 412 0, /* SADB_EXT_SENSITIVITY */ 413 0, /* SADB_EXT_PROPOSAL */ 414 0, /* SADB_EXT_SUPPORTED_AUTH */ 415 0, /* SADB_EXT_SUPPORTED_ENCRYPT */ 416 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 417 0, /* SADB_X_EXT_KMPRIVATE */ 418 0, /* SADB_X_EXT_POLICY */ 419 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 420 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 421 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 422 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 423 0, /* SADB_X_EXT_NAT_T_OAI */ 424 0, /* SADB_X_EXT_NAT_T_OAR */ 425 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 426 sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */ 427 0, /* SADB_X_EXT_NEW_ADDRESS_SRC */ 428 0, /* SADB_X_EXT_NEW_ADDRESS_DST */ 429 }; 430 _Static_assert(sizeof(maxsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch"); 431 432 /* 433 * Internal values for SA flags: 434 * SADB_X_EXT_F_CLONED means that SA was cloned by key_updateaddresses, 435 * thus we will not free the most of SA content in key_delsav(). 436 */ 437 #define SADB_X_EXT_F_CLONED 0x80000000 438 439 #define SADB_CHECKLEN(_mhp, _ext) \ 440 ((_mhp)->extlen[(_ext)] < minsize[(_ext)] || (maxsize[(_ext)] != 0 && \ 441 ((_mhp)->extlen[(_ext)] > maxsize[(_ext)]))) 442 #define SADB_CHECKHDR(_mhp, _ext) ((_mhp)->ext[(_ext)] == NULL) 443 444 VNET_DEFINE_STATIC(int, ipsec_esp_keymin) = 256; 445 VNET_DEFINE_STATIC(int, ipsec_esp_auth) = 0; 446 VNET_DEFINE_STATIC(int, ipsec_ah_keymin) = 128; 447 448 #define V_ipsec_esp_keymin VNET(ipsec_esp_keymin) 449 #define V_ipsec_esp_auth VNET(ipsec_esp_auth) 450 #define V_ipsec_ah_keymin VNET(ipsec_ah_keymin) 451 452 #ifdef IPSEC_DEBUG 453 VNET_DEFINE(int, ipsec_debug) = 1; 454 #else 455 VNET_DEFINE(int, ipsec_debug) = 0; 456 #endif 457 458 #ifdef INET 459 SYSCTL_DECL(_net_inet_ipsec); 460 SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, debug, 461 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 462 "Enable IPsec debugging output when set."); 463 #endif 464 #ifdef INET6 465 SYSCTL_DECL(_net_inet6_ipsec6); 466 SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, debug, 467 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 468 "Enable IPsec debugging output when set."); 469 #endif 470 471 SYSCTL_DECL(_net_key); 472 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, 473 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, ""); 474 475 /* max count of trial for the decision of spi value */ 476 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, 477 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, ""); 478 479 /* minimum spi value to allocate automatically. */ 480 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, 481 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, ""); 482 483 /* maximun spi value to allocate automatically. */ 484 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, 485 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, ""); 486 487 /* interval to initialize randseed */ 488 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, 489 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_int_random), 0, ""); 490 491 /* lifetime for larval SA */ 492 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, 493 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, ""); 494 495 /* counter for blocking to send SADB_ACQUIRE to IKEd */ 496 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, 497 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, ""); 498 499 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ 500 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, 501 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, ""); 502 503 /* ESP auth */ 504 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, 505 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, ""); 506 507 /* minimum ESP key length */ 508 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, 509 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, ""); 510 511 /* minimum AH key length */ 512 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, 513 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, ""); 514 515 /* perfered old SA rather than new SA */ 516 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, 517 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, ""); 518 519 static SYSCTL_NODE(_net_key, OID_AUTO, spdcache, 520 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 521 "SPD cache"); 522 523 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, maxentries, 524 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_maxentries), 0, 525 "Maximum number of entries in the SPD cache" 526 " (power of 2, 0 to disable)"); 527 528 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, threshold, 529 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_threshold), 0, 530 "Number of SPs that make the SPD cache active"); 531 532 #define __LIST_CHAINED(elm) \ 533 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) 534 535 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association"); 536 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head"); 537 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy"); 538 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request"); 539 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous"); 540 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire"); 541 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire"); 542 MALLOC_DEFINE(M_IPSEC_SPDCACHE, "ipsec-spdcache", "ipsec SPD cache"); 543 544 static uma_zone_t __read_mostly ipsec_key_lft_zone; 545 546 /* 547 * set parameters into secpolicyindex buffer. 548 * Must allocate secpolicyindex buffer passed to this function. 549 */ 550 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \ 551 do { \ 552 bzero((idx), sizeof(struct secpolicyindex)); \ 553 (idx)->dir = (_dir); \ 554 (idx)->prefs = (ps); \ 555 (idx)->prefd = (pd); \ 556 (idx)->ul_proto = (ulp); \ 557 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 558 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 559 } while (0) 560 561 /* 562 * set parameters into secasindex buffer. 563 * Must allocate secasindex buffer before calling this function. 564 */ 565 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \ 566 do { \ 567 bzero((idx), sizeof(struct secasindex)); \ 568 (idx)->proto = (p); \ 569 (idx)->mode = (m); \ 570 (idx)->reqid = (r); \ 571 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 572 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 573 key_porttosaddr(&(idx)->src.sa, 0); \ 574 key_porttosaddr(&(idx)->dst.sa, 0); \ 575 } while (0) 576 577 /* key statistics */ 578 struct _keystat { 579 u_long getspi_count; /* the avarage of count to try to get new SPI */ 580 } keystat; 581 582 struct sadb_msghdr { 583 struct sadb_msg *msg; 584 struct sadb_ext *ext[SADB_EXT_MAX + 1]; 585 int extoff[SADB_EXT_MAX + 1]; 586 int extlen[SADB_EXT_MAX + 1]; 587 }; 588 589 static struct supported_ealgs { 590 int sadb_alg; 591 const struct enc_xform *xform; 592 } supported_ealgs[] = { 593 { SADB_X_EALG_AES, &enc_xform_aes_cbc }, 594 { SADB_EALG_NULL, &enc_xform_null }, 595 { SADB_X_EALG_AESCTR, &enc_xform_aes_icm }, 596 { SADB_X_EALG_AESGCM16, &enc_xform_aes_nist_gcm }, 597 { SADB_X_EALG_AESGMAC, &enc_xform_aes_nist_gmac }, 598 }; 599 600 static struct supported_aalgs { 601 int sadb_alg; 602 const struct auth_hash *xform; 603 } supported_aalgs[] = { 604 { SADB_X_AALG_NULL, &auth_hash_null }, 605 { SADB_AALG_SHA1HMAC, &auth_hash_hmac_sha1 }, 606 { SADB_X_AALG_SHA2_256, &auth_hash_hmac_sha2_256 }, 607 { SADB_X_AALG_SHA2_384, &auth_hash_hmac_sha2_384 }, 608 { SADB_X_AALG_SHA2_512, &auth_hash_hmac_sha2_512 }, 609 { SADB_X_AALG_AES128GMAC, &auth_hash_nist_gmac_aes_128 }, 610 { SADB_X_AALG_AES192GMAC, &auth_hash_nist_gmac_aes_192 }, 611 { SADB_X_AALG_AES256GMAC, &auth_hash_nist_gmac_aes_256 }, 612 }; 613 614 static struct supported_calgs { 615 int sadb_alg; 616 const struct comp_algo *xform; 617 } supported_calgs[] = { 618 { SADB_X_CALG_DEFLATE, &comp_algo_deflate }, 619 }; 620 621 #ifndef IPSEC_DEBUG2 622 static struct callout key_timer; 623 #endif 624 625 static void key_unlink(struct secpolicy *); 626 static void key_detach(struct secpolicy *); 627 static struct secpolicy *key_do_allocsp(struct secpolicyindex *spidx, u_int dir); 628 static struct secpolicy *key_getsp(struct secpolicyindex *); 629 static struct secpolicy *key_getspbyid(u_int32_t); 630 static struct mbuf *key_gather_mbuf(struct mbuf *, 631 const struct sadb_msghdr *, int, int, ...); 632 static int key_spdadd(struct socket *, struct mbuf *, 633 const struct sadb_msghdr *); 634 static uint32_t key_getnewspid(void); 635 static int key_spddelete(struct socket *, struct mbuf *, 636 const struct sadb_msghdr *); 637 static int key_spddelete2(struct socket *, struct mbuf *, 638 const struct sadb_msghdr *); 639 static int key_spdget(struct socket *, struct mbuf *, 640 const struct sadb_msghdr *); 641 static int key_spdflush(struct socket *, struct mbuf *, 642 const struct sadb_msghdr *); 643 static int key_spddump(struct socket *, struct mbuf *, 644 const struct sadb_msghdr *); 645 static struct mbuf *key_setdumpsp(struct secpolicy *, 646 u_int8_t, u_int32_t, u_int32_t); 647 static struct mbuf *key_sp2mbuf(struct secpolicy *); 648 static size_t key_getspreqmsglen(struct secpolicy *); 649 static int key_spdexpire(struct secpolicy *); 650 static struct secashead *key_newsah(struct secasindex *); 651 static void key_freesah(struct secashead **); 652 static void key_delsah(struct secashead *); 653 static struct secasvar *key_newsav(const struct sadb_msghdr *, 654 struct secasindex *, uint32_t, int *); 655 static void key_delsav(struct secasvar *); 656 static void key_unlinksav(struct secasvar *); 657 static struct secashead *key_getsah(struct secasindex *); 658 static int key_checkspidup(uint32_t); 659 static struct secasvar *key_getsavbyspi(uint32_t); 660 static int key_setnatt(struct secasvar *, const struct sadb_msghdr *); 661 static int key_setsaval(struct secasvar *, const struct sadb_msghdr *); 662 static int key_updatelifetimes(struct secasvar *, const struct sadb_msghdr *); 663 static int key_updateaddresses(struct socket *, struct mbuf *, 664 const struct sadb_msghdr *, struct secasvar *, struct secasindex *); 665 666 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t, 667 u_int8_t, u_int32_t, u_int32_t); 668 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t, 669 u_int32_t, pid_t, u_int16_t); 670 static struct mbuf *key_setsadbsa(struct secasvar *); 671 static struct mbuf *key_setsadbaddr(u_int16_t, 672 const struct sockaddr *, u_int8_t, u_int16_t); 673 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t); 674 static struct mbuf *key_setsadbxtype(u_int16_t); 675 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t); 676 static struct mbuf *key_setsadbxsareplay(u_int32_t); 677 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t, 678 u_int32_t, u_int32_t); 679 static struct seckey *key_dup_keymsg(const struct sadb_key *, size_t, 680 struct malloc_type *); 681 static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src, 682 struct malloc_type *); 683 684 /* flags for key_cmpsaidx() */ 685 #define CMP_HEAD 1 /* protocol, addresses. */ 686 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */ 687 #define CMP_REQID 3 /* additionally HEAD, reaid. */ 688 #define CMP_EXACTLY 4 /* all elements. */ 689 static int key_cmpsaidx(const struct secasindex *, 690 const struct secasindex *, int); 691 static int key_cmpspidx_exactly(struct secpolicyindex *, 692 struct secpolicyindex *); 693 static int key_cmpspidx_withmask(struct secpolicyindex *, 694 struct secpolicyindex *); 695 static int key_bbcmp(const void *, const void *, u_int); 696 static uint8_t key_satype2proto(uint8_t); 697 static uint8_t key_proto2satype(uint8_t); 698 699 static int key_getspi(struct socket *, struct mbuf *, 700 const struct sadb_msghdr *); 701 static uint32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *); 702 static int key_update(struct socket *, struct mbuf *, 703 const struct sadb_msghdr *); 704 static int key_add(struct socket *, struct mbuf *, 705 const struct sadb_msghdr *); 706 static int key_setident(struct secashead *, const struct sadb_msghdr *); 707 static struct mbuf *key_getmsgbuf_x1(struct mbuf *, 708 const struct sadb_msghdr *); 709 static int key_delete(struct socket *, struct mbuf *, 710 const struct sadb_msghdr *); 711 static int key_delete_all(struct socket *, struct mbuf *, 712 const struct sadb_msghdr *, struct secasindex *); 713 static int key_get(struct socket *, struct mbuf *, 714 const struct sadb_msghdr *); 715 716 static void key_getcomb_setlifetime(struct sadb_comb *); 717 static struct mbuf *key_getcomb_ealg(void); 718 static struct mbuf *key_getcomb_ah(void); 719 static struct mbuf *key_getcomb_ipcomp(void); 720 static struct mbuf *key_getprop(const struct secasindex *); 721 722 static int key_acquire(const struct secasindex *, struct secpolicy *); 723 static uint32_t key_newacq(const struct secasindex *, int *); 724 static uint32_t key_getacq(const struct secasindex *, int *); 725 static int key_acqdone(const struct secasindex *, uint32_t); 726 static int key_acqreset(uint32_t); 727 static struct secspacq *key_newspacq(struct secpolicyindex *); 728 static struct secspacq *key_getspacq(struct secpolicyindex *); 729 static int key_acquire2(struct socket *, struct mbuf *, 730 const struct sadb_msghdr *); 731 static int key_register(struct socket *, struct mbuf *, 732 const struct sadb_msghdr *); 733 static int key_expire(struct secasvar *, int); 734 static int key_flush(struct socket *, struct mbuf *, 735 const struct sadb_msghdr *); 736 static int key_dump(struct socket *, struct mbuf *, 737 const struct sadb_msghdr *); 738 static int key_promisc(struct socket *, struct mbuf *, 739 const struct sadb_msghdr *); 740 static int key_senderror(struct socket *, struct mbuf *, int); 741 static int key_validate_ext(const struct sadb_ext *, int); 742 static int key_align(struct mbuf *, struct sadb_msghdr *); 743 static struct mbuf *key_setlifetime(struct seclifetime *, uint16_t); 744 static struct mbuf *key_setkey(struct seckey *, uint16_t); 745 746 static void spdcache_init(void); 747 static void spdcache_clear(void); 748 static struct spdcache_entry *spdcache_entry_alloc( 749 const struct secpolicyindex *spidx, 750 struct secpolicy *policy); 751 static void spdcache_entry_free(struct spdcache_entry *entry); 752 #ifdef VIMAGE 753 static void spdcache_destroy(void); 754 #endif 755 756 #define DBG_IPSEC_INITREF(t, p) do { \ 757 refcount_init(&(p)->refcnt, 1); \ 758 KEYDBG(KEY_STAMP, \ 759 printf("%s: Initialize refcnt %s(%p) = %u\n", \ 760 __func__, #t, (p), (p)->refcnt)); \ 761 } while (0) 762 #define DBG_IPSEC_ADDREF(t, p) do { \ 763 refcount_acquire(&(p)->refcnt); \ 764 KEYDBG(KEY_STAMP, \ 765 printf("%s: Acquire refcnt %s(%p) -> %u\n", \ 766 __func__, #t, (p), (p)->refcnt)); \ 767 } while (0) 768 #define DBG_IPSEC_DELREF(t, p) do { \ 769 KEYDBG(KEY_STAMP, \ 770 printf("%s: Release refcnt %s(%p) -> %u\n", \ 771 __func__, #t, (p), (p)->refcnt - 1)); \ 772 refcount_release(&(p)->refcnt); \ 773 } while (0) 774 775 #define IPSEC_INITREF(t, p) refcount_init(&(p)->refcnt, 1) 776 #define IPSEC_ADDREF(t, p) refcount_acquire(&(p)->refcnt) 777 #define IPSEC_DELREF(t, p) refcount_release(&(p)->refcnt) 778 779 #define SP_INITREF(p) IPSEC_INITREF(SP, p) 780 #define SP_ADDREF(p) IPSEC_ADDREF(SP, p) 781 #define SP_DELREF(p) IPSEC_DELREF(SP, p) 782 783 #define SAH_INITREF(p) IPSEC_INITREF(SAH, p) 784 #define SAH_ADDREF(p) IPSEC_ADDREF(SAH, p) 785 #define SAH_DELREF(p) IPSEC_DELREF(SAH, p) 786 787 #define SAV_INITREF(p) IPSEC_INITREF(SAV, p) 788 #define SAV_ADDREF(p) IPSEC_ADDREF(SAV, p) 789 #define SAV_DELREF(p) IPSEC_DELREF(SAV, p) 790 791 /* 792 * Update the refcnt while holding the SPTREE lock. 793 */ 794 void 795 key_addref(struct secpolicy *sp) 796 { 797 798 SP_ADDREF(sp); 799 } 800 801 /* 802 * Return 0 when there are known to be no SP's for the specified 803 * direction. Otherwise return 1. This is used by IPsec code 804 * to optimize performance. 805 */ 806 int 807 key_havesp(u_int dir) 808 { 809 810 return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ? 811 TAILQ_FIRST(&V_sptree[dir]) != NULL : 1); 812 } 813 814 /* %%% IPsec policy management */ 815 /* 816 * Return current SPDB generation. 817 */ 818 uint32_t 819 key_getspgen(void) 820 { 821 822 return (V_sp_genid); 823 } 824 825 void 826 key_bumpspgen(void) 827 { 828 829 V_sp_genid++; 830 } 831 832 static int 833 key_checksockaddrs(struct sockaddr *src, struct sockaddr *dst) 834 { 835 836 /* family match */ 837 if (src->sa_family != dst->sa_family) 838 return (EINVAL); 839 /* sa_len match */ 840 if (src->sa_len != dst->sa_len) 841 return (EINVAL); 842 switch (src->sa_family) { 843 #ifdef INET 844 case AF_INET: 845 if (src->sa_len != sizeof(struct sockaddr_in)) 846 return (EINVAL); 847 break; 848 #endif 849 #ifdef INET6 850 case AF_INET6: 851 if (src->sa_len != sizeof(struct sockaddr_in6)) 852 return (EINVAL); 853 break; 854 #endif 855 default: 856 return (EAFNOSUPPORT); 857 } 858 return (0); 859 } 860 861 struct secpolicy * 862 key_do_allocsp(struct secpolicyindex *spidx, u_int dir) 863 { 864 SPTREE_RLOCK_TRACKER; 865 struct secpolicy *sp; 866 867 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 868 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 869 ("invalid direction %u", dir)); 870 871 SPTREE_RLOCK(); 872 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 873 if (key_cmpspidx_withmask(&sp->spidx, spidx)) { 874 SP_ADDREF(sp); 875 break; 876 } 877 } 878 SPTREE_RUNLOCK(); 879 return (sp); 880 } 881 882 /* 883 * allocating a SP for OUTBOUND or INBOUND packet. 884 * Must call key_freesp() later. 885 * OUT: NULL: not found 886 * others: found and return the pointer. 887 */ 888 struct secpolicy * 889 key_allocsp(struct secpolicyindex *spidx, u_int dir) 890 { 891 struct spdcache_entry *entry, *lastentry, *tmpentry; 892 struct secpolicy *sp; 893 uint32_t hashv; 894 int nb_entries; 895 896 if (!SPDCACHE_ACTIVE()) { 897 sp = key_do_allocsp(spidx, dir); 898 goto out; 899 } 900 901 hashv = SPDCACHE_HASHVAL(spidx); 902 SPDCACHE_LOCK(hashv); 903 nb_entries = 0; 904 LIST_FOREACH_SAFE(entry, &V_spdcachehashtbl[hashv], chain, tmpentry) { 905 /* Removed outdated entries */ 906 if (entry->sp != NULL && 907 entry->sp->state == IPSEC_SPSTATE_DEAD) { 908 LIST_REMOVE(entry, chain); 909 spdcache_entry_free(entry); 910 continue; 911 } 912 913 nb_entries++; 914 if (!key_cmpspidx_exactly(&entry->spidx, spidx)) { 915 lastentry = entry; 916 continue; 917 } 918 919 sp = entry->sp; 920 if (entry->sp != NULL) 921 SP_ADDREF(sp); 922 923 /* IPSECSTAT_INC(ips_spdcache_hits); */ 924 925 SPDCACHE_UNLOCK(hashv); 926 goto out; 927 } 928 929 /* IPSECSTAT_INC(ips_spdcache_misses); */ 930 931 sp = key_do_allocsp(spidx, dir); 932 entry = spdcache_entry_alloc(spidx, sp); 933 if (entry != NULL) { 934 if (nb_entries >= SPDCACHE_MAX_ENTRIES_PER_HASH) { 935 LIST_REMOVE(lastentry, chain); 936 spdcache_entry_free(lastentry); 937 } 938 939 LIST_INSERT_HEAD(&V_spdcachehashtbl[hashv], entry, chain); 940 } 941 942 SPDCACHE_UNLOCK(hashv); 943 944 out: 945 if (sp != NULL) { /* found a SPD entry */ 946 sp->lastused = time_second; 947 KEYDBG(IPSEC_STAMP, 948 printf("%s: return SP(%p)\n", __func__, sp)); 949 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 950 } else { 951 KEYDBG(IPSEC_DATA, 952 printf("%s: lookup failed for ", __func__); 953 kdebug_secpolicyindex(spidx, NULL)); 954 } 955 return (sp); 956 } 957 958 /* 959 * Allocating an SA entry for an *INBOUND* or *OUTBOUND* TCP packet, signed 960 * or should be signed by MD5 signature. 961 * We don't use key_allocsa() for such lookups, because we don't know SPI. 962 * Unlike ESP and AH protocols, SPI isn't transmitted in the TCP header with 963 * signed packet. We use SADB only as storage for password. 964 * OUT: positive: corresponding SA for given saidx found. 965 * NULL: SA not found 966 */ 967 struct secasvar * 968 key_allocsa_tcpmd5(struct secasindex *saidx) 969 { 970 SAHTREE_RLOCK_TRACKER; 971 struct secashead *sah; 972 struct secasvar *sav; 973 974 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, 975 ("unexpected security protocol %u", saidx->proto)); 976 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TCPMD5, 977 ("unexpected mode %u", saidx->mode)); 978 979 SAHTREE_RLOCK(); 980 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 981 KEYDBG(IPSEC_DUMP, 982 printf("%s: checking SAH\n", __func__); 983 kdebug_secash(sah, " ")); 984 if (sah->saidx.proto != IPPROTO_TCP) 985 continue; 986 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 987 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 988 break; 989 } 990 if (sah != NULL) { 991 if (V_key_preferred_oldsa) 992 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 993 else 994 sav = TAILQ_FIRST(&sah->savtree_alive); 995 if (sav != NULL) 996 SAV_ADDREF(sav); 997 } else 998 sav = NULL; 999 SAHTREE_RUNLOCK(); 1000 1001 if (sav != NULL) { 1002 KEYDBG(IPSEC_STAMP, 1003 printf("%s: return SA(%p)\n", __func__, sav)); 1004 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1005 } else { 1006 KEYDBG(IPSEC_STAMP, 1007 printf("%s: SA not found\n", __func__)); 1008 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1009 } 1010 return (sav); 1011 } 1012 1013 /* 1014 * Allocating an SA entry for an *OUTBOUND* packet. 1015 * OUT: positive: corresponding SA for given saidx found. 1016 * NULL: SA not found, but will be acquired, check *error 1017 * for acquiring status. 1018 */ 1019 struct secasvar * 1020 key_allocsa_policy(struct secpolicy *sp, const struct secasindex *saidx, 1021 int *error) 1022 { 1023 SAHTREE_RLOCK_TRACKER; 1024 struct secashead *sah; 1025 struct secasvar *sav; 1026 1027 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 1028 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || 1029 saidx->mode == IPSEC_MODE_TUNNEL, 1030 ("unexpected policy %u", saidx->mode)); 1031 1032 /* 1033 * We check new SA in the IPsec request because a different 1034 * SA may be involved each time this request is checked, either 1035 * because new SAs are being configured, or this request is 1036 * associated with an unconnected datagram socket, or this request 1037 * is associated with a system default policy. 1038 */ 1039 SAHTREE_RLOCK(); 1040 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 1041 KEYDBG(IPSEC_DUMP, 1042 printf("%s: checking SAH\n", __func__); 1043 kdebug_secash(sah, " ")); 1044 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) 1045 break; 1046 } 1047 if (sah != NULL) { 1048 /* 1049 * Allocate the oldest SA available according to 1050 * draft-jenkins-ipsec-rekeying-03. 1051 */ 1052 if (V_key_preferred_oldsa) 1053 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1054 else 1055 sav = TAILQ_FIRST(&sah->savtree_alive); 1056 if (sav != NULL) 1057 SAV_ADDREF(sav); 1058 } else 1059 sav = NULL; 1060 SAHTREE_RUNLOCK(); 1061 1062 if (sav != NULL) { 1063 *error = 0; 1064 KEYDBG(IPSEC_STAMP, 1065 printf("%s: chosen SA(%p) for SP(%p)\n", __func__, 1066 sav, sp)); 1067 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1068 return (sav); /* return referenced SA */ 1069 } 1070 1071 /* there is no SA */ 1072 *error = key_acquire(saidx, sp); 1073 if ((*error) != 0) 1074 ipseclog((LOG_DEBUG, 1075 "%s: error %d returned from key_acquire()\n", 1076 __func__, *error)); 1077 KEYDBG(IPSEC_STAMP, 1078 printf("%s: acquire SA for SP(%p), error %d\n", 1079 __func__, sp, *error)); 1080 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1081 return (NULL); 1082 } 1083 1084 /* 1085 * allocating a usable SA entry for a *INBOUND* packet. 1086 * Must call key_freesav() later. 1087 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state). 1088 * NULL: not found, or error occurred. 1089 * 1090 * According to RFC 2401 SA is uniquely identified by a triple SPI, 1091 * destination address, and security protocol. But according to RFC 4301, 1092 * SPI by itself suffices to specify an SA. 1093 * 1094 * Note that, however, we do need to keep source address in IPsec SA. 1095 * IKE specification and PF_KEY specification do assume that we 1096 * keep source address in IPsec SA. We see a tricky situation here. 1097 */ 1098 struct secasvar * 1099 key_allocsa(union sockaddr_union *dst, uint8_t proto, uint32_t spi) 1100 { 1101 SAHTREE_RLOCK_TRACKER; 1102 struct secasvar *sav; 1103 1104 IPSEC_ASSERT(proto == IPPROTO_ESP || proto == IPPROTO_AH || 1105 proto == IPPROTO_IPCOMP, ("unexpected security protocol %u", 1106 proto)); 1107 1108 SAHTREE_RLOCK(); 1109 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 1110 if (sav->spi == spi) 1111 break; 1112 } 1113 /* 1114 * We use single SPI namespace for all protocols, so it is 1115 * impossible to have SPI duplicates in the SAVHASH. 1116 */ 1117 if (sav != NULL) { 1118 if (sav->state != SADB_SASTATE_LARVAL && 1119 sav->sah->saidx.proto == proto && 1120 key_sockaddrcmp(&dst->sa, 1121 &sav->sah->saidx.dst.sa, 0) == 0) 1122 SAV_ADDREF(sav); 1123 else 1124 sav = NULL; 1125 } 1126 SAHTREE_RUNLOCK(); 1127 1128 if (sav == NULL) { 1129 KEYDBG(IPSEC_STAMP, 1130 char buf[IPSEC_ADDRSTRLEN]; 1131 printf("%s: SA not found for spi %u proto %u dst %s\n", 1132 __func__, ntohl(spi), proto, ipsec_address(dst, buf, 1133 sizeof(buf)))); 1134 } else { 1135 KEYDBG(IPSEC_STAMP, 1136 printf("%s: return SA(%p)\n", __func__, sav)); 1137 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1138 } 1139 return (sav); 1140 } 1141 1142 struct secasvar * 1143 key_allocsa_tunnel(union sockaddr_union *src, union sockaddr_union *dst, 1144 uint8_t proto) 1145 { 1146 SAHTREE_RLOCK_TRACKER; 1147 struct secasindex saidx; 1148 struct secashead *sah; 1149 struct secasvar *sav; 1150 1151 IPSEC_ASSERT(src != NULL, ("null src address")); 1152 IPSEC_ASSERT(dst != NULL, ("null dst address")); 1153 1154 KEY_SETSECASIDX(proto, IPSEC_MODE_TUNNEL, 0, &src->sa, 1155 &dst->sa, &saidx); 1156 1157 sav = NULL; 1158 SAHTREE_RLOCK(); 1159 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 1160 if (IPSEC_MODE_TUNNEL != sah->saidx.mode) 1161 continue; 1162 if (proto != sah->saidx.proto) 1163 continue; 1164 if (key_sockaddrcmp(&src->sa, &sah->saidx.src.sa, 0) != 0) 1165 continue; 1166 if (key_sockaddrcmp(&dst->sa, &sah->saidx.dst.sa, 0) != 0) 1167 continue; 1168 /* XXXAE: is key_preferred_oldsa reasonably?*/ 1169 if (V_key_preferred_oldsa) 1170 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1171 else 1172 sav = TAILQ_FIRST(&sah->savtree_alive); 1173 if (sav != NULL) { 1174 SAV_ADDREF(sav); 1175 break; 1176 } 1177 } 1178 SAHTREE_RUNLOCK(); 1179 KEYDBG(IPSEC_STAMP, 1180 printf("%s: return SA(%p)\n", __func__, sav)); 1181 if (sav != NULL) 1182 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1183 return (sav); 1184 } 1185 1186 /* 1187 * Must be called after calling key_allocsp(). 1188 */ 1189 void 1190 key_freesp(struct secpolicy **spp) 1191 { 1192 struct secpolicy *sp = *spp; 1193 1194 IPSEC_ASSERT(sp != NULL, ("null sp")); 1195 if (SP_DELREF(sp) == 0) 1196 return; 1197 1198 KEYDBG(IPSEC_STAMP, 1199 printf("%s: last reference to SP(%p)\n", __func__, sp)); 1200 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 1201 1202 *spp = NULL; 1203 while (sp->tcount > 0) 1204 ipsec_delisr(sp->req[--sp->tcount]); 1205 free(sp, M_IPSEC_SP); 1206 } 1207 1208 static void 1209 key_unlink(struct secpolicy *sp) 1210 { 1211 SPTREE_WLOCK(); 1212 key_detach(sp); 1213 SPTREE_WUNLOCK(); 1214 if (SPDCACHE_ENABLED()) 1215 spdcache_clear(); 1216 key_freesp(&sp); 1217 } 1218 1219 static void 1220 key_detach(struct secpolicy *sp) 1221 { 1222 IPSEC_ASSERT(sp->spidx.dir == IPSEC_DIR_INBOUND || 1223 sp->spidx.dir == IPSEC_DIR_OUTBOUND, 1224 ("invalid direction %u", sp->spidx.dir)); 1225 SPTREE_WLOCK_ASSERT(); 1226 1227 KEYDBG(KEY_STAMP, 1228 printf("%s: SP(%p)\n", __func__, sp)); 1229 if (sp->state != IPSEC_SPSTATE_ALIVE) { 1230 /* SP is already unlinked */ 1231 return; 1232 } 1233 sp->state = IPSEC_SPSTATE_DEAD; 1234 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 1235 V_spd_size--; 1236 LIST_REMOVE(sp, idhash); 1237 V_sp_genid++; 1238 } 1239 1240 /* 1241 * insert a secpolicy into the SP database. Lower priorities first 1242 */ 1243 static void 1244 key_insertsp(struct secpolicy *newsp) 1245 { 1246 struct secpolicy *sp; 1247 1248 SPTREE_WLOCK_ASSERT(); 1249 TAILQ_FOREACH(sp, &V_sptree[newsp->spidx.dir], chain) { 1250 if (newsp->priority < sp->priority) { 1251 TAILQ_INSERT_BEFORE(sp, newsp, chain); 1252 goto done; 1253 } 1254 } 1255 TAILQ_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, chain); 1256 done: 1257 LIST_INSERT_HEAD(SPHASH_HASH(newsp->id), newsp, idhash); 1258 newsp->state = IPSEC_SPSTATE_ALIVE; 1259 V_spd_size++; 1260 V_sp_genid++; 1261 } 1262 1263 /* 1264 * Insert a bunch of VTI secpolicies into the SPDB. 1265 * We keep VTI policies in the separate list due to following reasons: 1266 * 1) they should be immutable to user's or some deamon's attempts to 1267 * delete. The only way delete such policies - destroy or unconfigure 1268 * corresponding virtual inteface. 1269 * 2) such policies have traffic selector that matches all traffic per 1270 * address family. 1271 * Since all VTI policies have the same priority, we don't care about 1272 * policies order. 1273 */ 1274 int 1275 key_register_ifnet(struct secpolicy **spp, u_int count) 1276 { 1277 struct mbuf *m; 1278 u_int i; 1279 1280 SPTREE_WLOCK(); 1281 /* 1282 * First of try to acquire id for each SP. 1283 */ 1284 for (i = 0; i < count; i++) { 1285 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1286 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1287 ("invalid direction %u", spp[i]->spidx.dir)); 1288 1289 if ((spp[i]->id = key_getnewspid()) == 0) { 1290 SPTREE_WUNLOCK(); 1291 return (EAGAIN); 1292 } 1293 } 1294 for (i = 0; i < count; i++) { 1295 TAILQ_INSERT_TAIL(&V_sptree_ifnet[spp[i]->spidx.dir], 1296 spp[i], chain); 1297 /* 1298 * NOTE: despite the fact that we keep VTI SP in the 1299 * separate list, SPHASH contains policies from both 1300 * sources. Thus SADB_X_SPDGET will correctly return 1301 * SP by id, because it uses SPHASH for lookups. 1302 */ 1303 LIST_INSERT_HEAD(SPHASH_HASH(spp[i]->id), spp[i], idhash); 1304 spp[i]->state = IPSEC_SPSTATE_IFNET; 1305 } 1306 SPTREE_WUNLOCK(); 1307 /* 1308 * Notify user processes about new SP. 1309 */ 1310 for (i = 0; i < count; i++) { 1311 m = key_setdumpsp(spp[i], SADB_X_SPDADD, 0, 0); 1312 if (m != NULL) 1313 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1314 } 1315 return (0); 1316 } 1317 1318 void 1319 key_unregister_ifnet(struct secpolicy **spp, u_int count) 1320 { 1321 struct mbuf *m; 1322 u_int i; 1323 1324 SPTREE_WLOCK(); 1325 for (i = 0; i < count; i++) { 1326 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1327 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1328 ("invalid direction %u", spp[i]->spidx.dir)); 1329 1330 if (spp[i]->state != IPSEC_SPSTATE_IFNET) 1331 continue; 1332 spp[i]->state = IPSEC_SPSTATE_DEAD; 1333 TAILQ_REMOVE(&V_sptree_ifnet[spp[i]->spidx.dir], 1334 spp[i], chain); 1335 V_spd_size--; 1336 LIST_REMOVE(spp[i], idhash); 1337 } 1338 SPTREE_WUNLOCK(); 1339 if (SPDCACHE_ENABLED()) 1340 spdcache_clear(); 1341 1342 for (i = 0; i < count; i++) { 1343 m = key_setdumpsp(spp[i], SADB_X_SPDDELETE, 0, 0); 1344 if (m != NULL) 1345 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1346 } 1347 } 1348 1349 /* 1350 * Must be called after calling key_allocsa(). 1351 * This function is called by key_freesp() to free some SA allocated 1352 * for a policy. 1353 */ 1354 void 1355 key_freesav(struct secasvar **psav) 1356 { 1357 struct secasvar *sav = *psav; 1358 1359 IPSEC_ASSERT(sav != NULL, ("null sav")); 1360 CURVNET_ASSERT_SET(); 1361 if (SAV_DELREF(sav) == 0) 1362 return; 1363 1364 KEYDBG(IPSEC_STAMP, 1365 printf("%s: last reference to SA(%p)\n", __func__, sav)); 1366 1367 *psav = NULL; 1368 key_delsav(sav); 1369 } 1370 1371 /* 1372 * Unlink SA from SAH and SPI hash under SAHTREE_WLOCK. 1373 * Expect that SA has extra reference due to lookup. 1374 * Release this references, also release SAH reference after unlink. 1375 */ 1376 static void 1377 key_unlinksav(struct secasvar *sav) 1378 { 1379 struct secashead *sah; 1380 1381 KEYDBG(KEY_STAMP, 1382 printf("%s: SA(%p)\n", __func__, sav)); 1383 1384 CURVNET_ASSERT_SET(); 1385 SAHTREE_UNLOCK_ASSERT(); 1386 SAHTREE_WLOCK(); 1387 if (sav->state == SADB_SASTATE_DEAD) { 1388 /* SA is already unlinked */ 1389 SAHTREE_WUNLOCK(); 1390 return; 1391 } 1392 /* Unlink from SAH */ 1393 if (sav->state == SADB_SASTATE_LARVAL) 1394 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 1395 else 1396 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 1397 /* Unlink from SPI hash */ 1398 LIST_REMOVE(sav, spihash); 1399 sav->state = SADB_SASTATE_DEAD; 1400 sah = sav->sah; 1401 SAHTREE_WUNLOCK(); 1402 key_freesav(&sav); 1403 /* Since we are unlinked, release reference to SAH */ 1404 key_freesah(&sah); 1405 } 1406 1407 /* %%% SPD management */ 1408 /* 1409 * search SPD 1410 * OUT: NULL : not found 1411 * others : found, pointer to a SP. 1412 */ 1413 static struct secpolicy * 1414 key_getsp(struct secpolicyindex *spidx) 1415 { 1416 SPTREE_RLOCK_TRACKER; 1417 struct secpolicy *sp; 1418 1419 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 1420 1421 SPTREE_RLOCK(); 1422 TAILQ_FOREACH(sp, &V_sptree[spidx->dir], chain) { 1423 if (key_cmpspidx_exactly(spidx, &sp->spidx)) { 1424 SP_ADDREF(sp); 1425 break; 1426 } 1427 } 1428 SPTREE_RUNLOCK(); 1429 1430 return sp; 1431 } 1432 1433 /* 1434 * get SP by index. 1435 * OUT: NULL : not found 1436 * others : found, pointer to referenced SP. 1437 */ 1438 static struct secpolicy * 1439 key_getspbyid(uint32_t id) 1440 { 1441 SPTREE_RLOCK_TRACKER; 1442 struct secpolicy *sp; 1443 1444 SPTREE_RLOCK(); 1445 LIST_FOREACH(sp, SPHASH_HASH(id), idhash) { 1446 if (sp->id == id) { 1447 SP_ADDREF(sp); 1448 break; 1449 } 1450 } 1451 SPTREE_RUNLOCK(); 1452 return (sp); 1453 } 1454 1455 struct secpolicy * 1456 key_newsp(void) 1457 { 1458 struct secpolicy *sp; 1459 1460 sp = malloc(sizeof(*sp), M_IPSEC_SP, M_NOWAIT | M_ZERO); 1461 if (sp != NULL) 1462 SP_INITREF(sp); 1463 return (sp); 1464 } 1465 1466 struct ipsecrequest * 1467 ipsec_newisr(void) 1468 { 1469 1470 return (malloc(sizeof(struct ipsecrequest), M_IPSEC_SR, 1471 M_NOWAIT | M_ZERO)); 1472 } 1473 1474 void 1475 ipsec_delisr(struct ipsecrequest *p) 1476 { 1477 1478 free(p, M_IPSEC_SR); 1479 } 1480 1481 /* 1482 * create secpolicy structure from sadb_x_policy structure. 1483 * NOTE: `state', `secpolicyindex' and 'id' in secpolicy structure 1484 * are not set, so must be set properly later. 1485 */ 1486 struct secpolicy * 1487 key_msg2sp(struct sadb_x_policy *xpl0, size_t len, int *error) 1488 { 1489 struct secpolicy *newsp; 1490 1491 IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); 1492 IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len)); 1493 1494 if (len != PFKEY_EXTLEN(xpl0)) { 1495 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__)); 1496 *error = EINVAL; 1497 return NULL; 1498 } 1499 1500 if ((newsp = key_newsp()) == NULL) { 1501 *error = ENOBUFS; 1502 return NULL; 1503 } 1504 1505 newsp->spidx.dir = xpl0->sadb_x_policy_dir; 1506 newsp->policy = xpl0->sadb_x_policy_type; 1507 newsp->priority = xpl0->sadb_x_policy_priority; 1508 newsp->tcount = 0; 1509 1510 /* check policy */ 1511 switch (xpl0->sadb_x_policy_type) { 1512 case IPSEC_POLICY_DISCARD: 1513 case IPSEC_POLICY_NONE: 1514 case IPSEC_POLICY_ENTRUST: 1515 case IPSEC_POLICY_BYPASS: 1516 break; 1517 1518 case IPSEC_POLICY_IPSEC: 1519 { 1520 struct sadb_x_ipsecrequest *xisr; 1521 struct ipsecrequest *isr; 1522 int tlen; 1523 1524 /* validity check */ 1525 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { 1526 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", 1527 __func__)); 1528 key_freesp(&newsp); 1529 *error = EINVAL; 1530 return NULL; 1531 } 1532 1533 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); 1534 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1); 1535 1536 while (tlen > 0) { 1537 /* length check */ 1538 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr) || 1539 xisr->sadb_x_ipsecrequest_len > tlen) { 1540 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest " 1541 "length.\n", __func__)); 1542 key_freesp(&newsp); 1543 *error = EINVAL; 1544 return NULL; 1545 } 1546 1547 if (newsp->tcount >= IPSEC_MAXREQ) { 1548 ipseclog((LOG_DEBUG, 1549 "%s: too many ipsecrequests.\n", 1550 __func__)); 1551 key_freesp(&newsp); 1552 *error = EINVAL; 1553 return (NULL); 1554 } 1555 1556 /* allocate request buffer */ 1557 /* NB: data structure is zero'd */ 1558 isr = ipsec_newisr(); 1559 if (isr == NULL) { 1560 ipseclog((LOG_DEBUG, 1561 "%s: No more memory.\n", __func__)); 1562 key_freesp(&newsp); 1563 *error = ENOBUFS; 1564 return NULL; 1565 } 1566 1567 newsp->req[newsp->tcount++] = isr; 1568 1569 /* set values */ 1570 switch (xisr->sadb_x_ipsecrequest_proto) { 1571 case IPPROTO_ESP: 1572 case IPPROTO_AH: 1573 case IPPROTO_IPCOMP: 1574 break; 1575 default: 1576 ipseclog((LOG_DEBUG, 1577 "%s: invalid proto type=%u\n", __func__, 1578 xisr->sadb_x_ipsecrequest_proto)); 1579 key_freesp(&newsp); 1580 *error = EPROTONOSUPPORT; 1581 return NULL; 1582 } 1583 isr->saidx.proto = 1584 (uint8_t)xisr->sadb_x_ipsecrequest_proto; 1585 1586 switch (xisr->sadb_x_ipsecrequest_mode) { 1587 case IPSEC_MODE_TRANSPORT: 1588 case IPSEC_MODE_TUNNEL: 1589 break; 1590 case IPSEC_MODE_ANY: 1591 default: 1592 ipseclog((LOG_DEBUG, 1593 "%s: invalid mode=%u\n", __func__, 1594 xisr->sadb_x_ipsecrequest_mode)); 1595 key_freesp(&newsp); 1596 *error = EINVAL; 1597 return NULL; 1598 } 1599 isr->saidx.mode = xisr->sadb_x_ipsecrequest_mode; 1600 1601 switch (xisr->sadb_x_ipsecrequest_level) { 1602 case IPSEC_LEVEL_DEFAULT: 1603 case IPSEC_LEVEL_USE: 1604 case IPSEC_LEVEL_REQUIRE: 1605 break; 1606 case IPSEC_LEVEL_UNIQUE: 1607 /* validity check */ 1608 /* 1609 * If range violation of reqid, kernel will 1610 * update it, don't refuse it. 1611 */ 1612 if (xisr->sadb_x_ipsecrequest_reqid 1613 > IPSEC_MANUAL_REQID_MAX) { 1614 ipseclog((LOG_DEBUG, 1615 "%s: reqid=%d range " 1616 "violation, updated by kernel.\n", 1617 __func__, 1618 xisr->sadb_x_ipsecrequest_reqid)); 1619 xisr->sadb_x_ipsecrequest_reqid = 0; 1620 } 1621 1622 /* allocate new reqid id if reqid is zero. */ 1623 if (xisr->sadb_x_ipsecrequest_reqid == 0) { 1624 u_int32_t reqid; 1625 if ((reqid = key_newreqid()) == 0) { 1626 key_freesp(&newsp); 1627 *error = ENOBUFS; 1628 return NULL; 1629 } 1630 isr->saidx.reqid = reqid; 1631 xisr->sadb_x_ipsecrequest_reqid = reqid; 1632 } else { 1633 /* set it for manual keying. */ 1634 isr->saidx.reqid = 1635 xisr->sadb_x_ipsecrequest_reqid; 1636 } 1637 break; 1638 1639 default: 1640 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n", 1641 __func__, 1642 xisr->sadb_x_ipsecrequest_level)); 1643 key_freesp(&newsp); 1644 *error = EINVAL; 1645 return NULL; 1646 } 1647 isr->level = xisr->sadb_x_ipsecrequest_level; 1648 1649 /* set IP addresses if there */ 1650 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 1651 struct sockaddr *paddr; 1652 1653 len = tlen - sizeof(*xisr); 1654 paddr = (struct sockaddr *)(xisr + 1); 1655 /* validity check */ 1656 if (len < sizeof(struct sockaddr) || 1657 len < 2 * paddr->sa_len || 1658 paddr->sa_len > sizeof(isr->saidx.src)) { 1659 ipseclog((LOG_DEBUG, "%s: invalid " 1660 "request address length.\n", 1661 __func__)); 1662 key_freesp(&newsp); 1663 *error = EINVAL; 1664 return NULL; 1665 } 1666 /* 1667 * Request length should be enough to keep 1668 * source and destination addresses. 1669 */ 1670 if (xisr->sadb_x_ipsecrequest_len < 1671 sizeof(*xisr) + 2 * paddr->sa_len) { 1672 ipseclog((LOG_DEBUG, "%s: invalid " 1673 "ipsecrequest length.\n", 1674 __func__)); 1675 key_freesp(&newsp); 1676 *error = EINVAL; 1677 return (NULL); 1678 } 1679 bcopy(paddr, &isr->saidx.src, paddr->sa_len); 1680 paddr = (struct sockaddr *)((caddr_t)paddr + 1681 paddr->sa_len); 1682 1683 /* validity check */ 1684 if (paddr->sa_len != 1685 isr->saidx.src.sa.sa_len) { 1686 ipseclog((LOG_DEBUG, "%s: invalid " 1687 "request address length.\n", 1688 __func__)); 1689 key_freesp(&newsp); 1690 *error = EINVAL; 1691 return NULL; 1692 } 1693 /* AF family should match */ 1694 if (paddr->sa_family != 1695 isr->saidx.src.sa.sa_family) { 1696 ipseclog((LOG_DEBUG, "%s: address " 1697 "family doesn't match.\n", 1698 __func__)); 1699 key_freesp(&newsp); 1700 *error = EINVAL; 1701 return (NULL); 1702 } 1703 bcopy(paddr, &isr->saidx.dst, paddr->sa_len); 1704 } else { 1705 /* 1706 * Addresses for TUNNEL mode requests are 1707 * mandatory. 1708 */ 1709 if (isr->saidx.mode == IPSEC_MODE_TUNNEL) { 1710 ipseclog((LOG_DEBUG, "%s: missing " 1711 "request addresses.\n", __func__)); 1712 key_freesp(&newsp); 1713 *error = EINVAL; 1714 return (NULL); 1715 } 1716 } 1717 tlen -= xisr->sadb_x_ipsecrequest_len; 1718 1719 /* validity check */ 1720 if (tlen < 0) { 1721 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n", 1722 __func__)); 1723 key_freesp(&newsp); 1724 *error = EINVAL; 1725 return NULL; 1726 } 1727 1728 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 1729 + xisr->sadb_x_ipsecrequest_len); 1730 } 1731 /* XXXAE: LARVAL SP */ 1732 if (newsp->tcount < 1) { 1733 ipseclog((LOG_DEBUG, "%s: valid IPSEC transforms " 1734 "not found.\n", __func__)); 1735 key_freesp(&newsp); 1736 *error = EINVAL; 1737 return (NULL); 1738 } 1739 } 1740 break; 1741 default: 1742 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 1743 key_freesp(&newsp); 1744 *error = EINVAL; 1745 return NULL; 1746 } 1747 1748 *error = 0; 1749 return (newsp); 1750 } 1751 1752 uint32_t 1753 key_newreqid(void) 1754 { 1755 static uint32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1756 1757 if (auto_reqid == ~0) 1758 auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1759 else 1760 auto_reqid++; 1761 1762 /* XXX should be unique check */ 1763 return (auto_reqid); 1764 } 1765 1766 /* 1767 * copy secpolicy struct to sadb_x_policy structure indicated. 1768 */ 1769 static struct mbuf * 1770 key_sp2mbuf(struct secpolicy *sp) 1771 { 1772 struct mbuf *m; 1773 size_t tlen; 1774 1775 tlen = key_getspreqmsglen(sp); 1776 m = m_get2(tlen, M_NOWAIT, MT_DATA, 0); 1777 if (m == NULL) 1778 return (NULL); 1779 m_align(m, tlen); 1780 m->m_len = tlen; 1781 if (key_sp2msg(sp, m->m_data, &tlen) != 0) { 1782 m_freem(m); 1783 return (NULL); 1784 } 1785 return (m); 1786 } 1787 1788 int 1789 key_sp2msg(struct secpolicy *sp, void *request, size_t *len) 1790 { 1791 struct sadb_x_ipsecrequest *xisr; 1792 struct sadb_x_policy *xpl; 1793 struct ipsecrequest *isr; 1794 size_t xlen, ilen; 1795 caddr_t p; 1796 int error, i; 1797 1798 IPSEC_ASSERT(sp != NULL, ("null policy")); 1799 1800 xlen = sizeof(*xpl); 1801 if (*len < xlen) 1802 return (EINVAL); 1803 1804 error = 0; 1805 bzero(request, *len); 1806 xpl = (struct sadb_x_policy *)request; 1807 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1808 xpl->sadb_x_policy_type = sp->policy; 1809 xpl->sadb_x_policy_dir = sp->spidx.dir; 1810 xpl->sadb_x_policy_id = sp->id; 1811 xpl->sadb_x_policy_priority = sp->priority; 1812 switch (sp->state) { 1813 case IPSEC_SPSTATE_IFNET: 1814 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_IFNET; 1815 break; 1816 case IPSEC_SPSTATE_PCB: 1817 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_PCB; 1818 break; 1819 default: 1820 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_GLOBAL; 1821 } 1822 1823 /* if is the policy for ipsec ? */ 1824 if (sp->policy == IPSEC_POLICY_IPSEC) { 1825 p = (caddr_t)xpl + sizeof(*xpl); 1826 for (i = 0; i < sp->tcount; i++) { 1827 isr = sp->req[i]; 1828 ilen = PFKEY_ALIGN8(sizeof(*xisr) + 1829 isr->saidx.src.sa.sa_len + 1830 isr->saidx.dst.sa.sa_len); 1831 xlen += ilen; 1832 if (xlen > *len) { 1833 error = ENOBUFS; 1834 /* Calculate needed size */ 1835 continue; 1836 } 1837 xisr = (struct sadb_x_ipsecrequest *)p; 1838 xisr->sadb_x_ipsecrequest_len = ilen; 1839 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 1840 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 1841 xisr->sadb_x_ipsecrequest_level = isr->level; 1842 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; 1843 1844 p += sizeof(*xisr); 1845 bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len); 1846 p += isr->saidx.src.sa.sa_len; 1847 bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len); 1848 p += isr->saidx.dst.sa.sa_len; 1849 } 1850 } 1851 xpl->sadb_x_policy_len = PFKEY_UNIT64(xlen); 1852 if (error == 0) 1853 *len = xlen; 1854 else 1855 *len = sizeof(*xpl); 1856 return (error); 1857 } 1858 1859 /* m will not be freed nor modified */ 1860 static struct mbuf * 1861 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, 1862 int ndeep, int nitem, ...) 1863 { 1864 va_list ap; 1865 int idx; 1866 int i; 1867 struct mbuf *result = NULL, *n; 1868 int len; 1869 1870 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1871 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1872 1873 va_start(ap, nitem); 1874 for (i = 0; i < nitem; i++) { 1875 idx = va_arg(ap, int); 1876 if (idx < 0 || idx > SADB_EXT_MAX) 1877 goto fail; 1878 /* don't attempt to pull empty extension */ 1879 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) 1880 continue; 1881 if (idx != SADB_EXT_RESERVED && 1882 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) 1883 continue; 1884 1885 if (idx == SADB_EXT_RESERVED) { 1886 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 1887 1888 IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len)); 1889 1890 MGETHDR(n, M_NOWAIT, MT_DATA); 1891 if (!n) 1892 goto fail; 1893 n->m_len = len; 1894 n->m_next = NULL; 1895 m_copydata(m, 0, sizeof(struct sadb_msg), 1896 mtod(n, caddr_t)); 1897 } else if (i < ndeep) { 1898 len = mhp->extlen[idx]; 1899 n = m_get2(len, M_NOWAIT, MT_DATA, 0); 1900 if (n == NULL) 1901 goto fail; 1902 m_align(n, len); 1903 n->m_len = len; 1904 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], 1905 mtod(n, caddr_t)); 1906 } else { 1907 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], 1908 M_NOWAIT); 1909 } 1910 if (n == NULL) 1911 goto fail; 1912 1913 if (result) 1914 m_cat(result, n); 1915 else 1916 result = n; 1917 } 1918 va_end(ap); 1919 1920 if ((result->m_flags & M_PKTHDR) != 0) { 1921 result->m_pkthdr.len = 0; 1922 for (n = result; n; n = n->m_next) 1923 result->m_pkthdr.len += n->m_len; 1924 } 1925 1926 return result; 1927 1928 fail: 1929 m_freem(result); 1930 va_end(ap); 1931 return NULL; 1932 } 1933 1934 /* 1935 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing 1936 * add an entry to SP database, when received 1937 * <base, address(SD), (lifetime(H),) policy> 1938 * from the user(?). 1939 * Adding to SP database, 1940 * and send 1941 * <base, address(SD), (lifetime(H),) policy> 1942 * to the socket which was send. 1943 * 1944 * SPDADD set a unique policy entry. 1945 * SPDSETIDX like SPDADD without a part of policy requests. 1946 * SPDUPDATE replace a unique policy entry. 1947 * 1948 * XXXAE: serialize this in PF_KEY to avoid races. 1949 * m will always be freed. 1950 */ 1951 static int 1952 key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 1953 { 1954 struct secpolicyindex spidx; 1955 struct sadb_address *src0, *dst0; 1956 struct sadb_x_policy *xpl0, *xpl; 1957 struct sadb_lifetime *lft = NULL; 1958 struct secpolicy *newsp, *oldsp; 1959 int error; 1960 1961 IPSEC_ASSERT(so != NULL, ("null socket")); 1962 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1963 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1964 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 1965 1966 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 1967 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 1968 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 1969 ipseclog((LOG_DEBUG, 1970 "%s: invalid message: missing required header.\n", 1971 __func__)); 1972 return key_senderror(so, m, EINVAL); 1973 } 1974 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 1975 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 1976 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 1977 ipseclog((LOG_DEBUG, 1978 "%s: invalid message: wrong header size.\n", __func__)); 1979 return key_senderror(so, m, EINVAL); 1980 } 1981 if (!SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD)) { 1982 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD)) { 1983 ipseclog((LOG_DEBUG, 1984 "%s: invalid message: wrong header size.\n", 1985 __func__)); 1986 return key_senderror(so, m, EINVAL); 1987 } 1988 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 1989 } 1990 1991 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 1992 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 1993 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 1994 1995 /* check the direciton */ 1996 switch (xpl0->sadb_x_policy_dir) { 1997 case IPSEC_DIR_INBOUND: 1998 case IPSEC_DIR_OUTBOUND: 1999 break; 2000 default: 2001 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2002 return key_senderror(so, m, EINVAL); 2003 } 2004 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */ 2005 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2006 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2007 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2008 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2009 return key_senderror(so, m, EINVAL); 2010 } 2011 2012 /* policy requests are mandatory when action is ipsec. */ 2013 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 2014 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { 2015 ipseclog((LOG_DEBUG, 2016 "%s: policy requests required.\n", __func__)); 2017 return key_senderror(so, m, EINVAL); 2018 } 2019 2020 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 2021 (struct sockaddr *)(dst0 + 1)); 2022 if (error != 0 || 2023 src0->sadb_address_proto != dst0->sadb_address_proto) { 2024 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2025 return key_senderror(so, m, error); 2026 } 2027 /* make secindex */ 2028 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2029 src0 + 1, 2030 dst0 + 1, 2031 src0->sadb_address_prefixlen, 2032 dst0->sadb_address_prefixlen, 2033 src0->sadb_address_proto, 2034 &spidx); 2035 /* Checking there is SP already or not. */ 2036 oldsp = key_getsp(&spidx); 2037 if (oldsp != NULL) { 2038 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 2039 KEYDBG(KEY_STAMP, 2040 printf("%s: unlink SP(%p) for SPDUPDATE\n", 2041 __func__, oldsp)); 2042 KEYDBG(KEY_DATA, kdebug_secpolicy(oldsp)); 2043 } else { 2044 key_freesp(&oldsp); 2045 ipseclog((LOG_DEBUG, 2046 "%s: a SP entry exists already.\n", __func__)); 2047 return (key_senderror(so, m, EEXIST)); 2048 } 2049 } 2050 2051 /* allocate new SP entry */ 2052 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) { 2053 if (oldsp != NULL) { 2054 key_unlink(oldsp); 2055 key_freesp(&oldsp); /* second for our reference */ 2056 } 2057 return key_senderror(so, m, error); 2058 } 2059 2060 newsp->lastused = newsp->created = time_second; 2061 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; 2062 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; 2063 bcopy(&spidx, &newsp->spidx, sizeof(spidx)); 2064 2065 SPTREE_WLOCK(); 2066 if ((newsp->id = key_getnewspid()) == 0) { 2067 if (oldsp != NULL) 2068 key_detach(oldsp); 2069 SPTREE_WUNLOCK(); 2070 if (oldsp != NULL) { 2071 key_freesp(&oldsp); /* first for key_detach */ 2072 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug")); 2073 key_freesp(&oldsp); /* second for our reference */ 2074 if (SPDCACHE_ENABLED()) /* refresh cache because of key_detach */ 2075 spdcache_clear(); 2076 } 2077 key_freesp(&newsp); 2078 return key_senderror(so, m, ENOBUFS); 2079 } 2080 if (oldsp != NULL) 2081 key_detach(oldsp); 2082 key_insertsp(newsp); 2083 SPTREE_WUNLOCK(); 2084 if (oldsp != NULL) { 2085 key_freesp(&oldsp); /* first for key_detach */ 2086 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug")); 2087 key_freesp(&oldsp); /* second for our reference */ 2088 } 2089 if (SPDCACHE_ENABLED()) 2090 spdcache_clear(); 2091 KEYDBG(KEY_STAMP, 2092 printf("%s: SP(%p)\n", __func__, newsp)); 2093 KEYDBG(KEY_DATA, kdebug_secpolicy(newsp)); 2094 2095 { 2096 struct mbuf *n, *mpolicy; 2097 struct sadb_msg *newmsg; 2098 int off; 2099 2100 /* create new sadb_msg to reply. */ 2101 if (lft) { 2102 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, 2103 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, 2104 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2105 } else { 2106 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, 2107 SADB_X_EXT_POLICY, 2108 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2109 } 2110 if (!n) 2111 return key_senderror(so, m, ENOBUFS); 2112 2113 if (n->m_len < sizeof(*newmsg)) { 2114 n = m_pullup(n, sizeof(*newmsg)); 2115 if (!n) 2116 return key_senderror(so, m, ENOBUFS); 2117 } 2118 newmsg = mtod(n, struct sadb_msg *); 2119 newmsg->sadb_msg_errno = 0; 2120 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2121 2122 off = 0; 2123 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), 2124 sizeof(*xpl), &off); 2125 if (mpolicy == NULL) { 2126 /* n is already freed */ 2127 return key_senderror(so, m, ENOBUFS); 2128 } 2129 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off); 2130 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { 2131 m_freem(n); 2132 return key_senderror(so, m, EINVAL); 2133 } 2134 xpl->sadb_x_policy_id = newsp->id; 2135 2136 m_freem(m); 2137 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2138 } 2139 } 2140 2141 /* 2142 * get new policy id. 2143 * OUT: 2144 * 0: failure. 2145 * others: success. 2146 */ 2147 static uint32_t 2148 key_getnewspid(void) 2149 { 2150 struct secpolicy *sp; 2151 uint32_t newid = 0; 2152 int tries, limit; 2153 2154 SPTREE_WLOCK_ASSERT(); 2155 2156 limit = atomic_load_int(&V_key_spi_trycnt); 2157 for (tries = 0; tries < limit; tries++) { 2158 if (V_policy_id == ~0) /* overflowed */ 2159 newid = V_policy_id = 1; 2160 else 2161 newid = ++V_policy_id; 2162 LIST_FOREACH(sp, SPHASH_HASH(newid), idhash) { 2163 if (sp->id == newid) 2164 break; 2165 } 2166 if (sp == NULL) 2167 break; 2168 } 2169 if (tries == limit || newid == 0) { 2170 ipseclog((LOG_DEBUG, "%s: failed to allocate policy id.\n", 2171 __func__)); 2172 return (0); 2173 } 2174 return (newid); 2175 } 2176 2177 /* 2178 * SADB_SPDDELETE processing 2179 * receive 2180 * <base, address(SD), policy(*)> 2181 * from the user(?), and set SADB_SASTATE_DEAD, 2182 * and send, 2183 * <base, address(SD), policy(*)> 2184 * to the ikmpd. 2185 * policy(*) including direction of policy. 2186 * 2187 * m will always be freed. 2188 */ 2189 static int 2190 key_spddelete(struct socket *so, struct mbuf *m, 2191 const struct sadb_msghdr *mhp) 2192 { 2193 struct secpolicyindex spidx; 2194 struct sadb_address *src0, *dst0; 2195 struct sadb_x_policy *xpl0; 2196 struct secpolicy *sp; 2197 2198 IPSEC_ASSERT(so != NULL, ("null so")); 2199 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2200 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2201 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2202 2203 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 2204 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 2205 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 2206 ipseclog((LOG_DEBUG, 2207 "%s: invalid message: missing required header.\n", 2208 __func__)); 2209 return key_senderror(so, m, EINVAL); 2210 } 2211 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 2212 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 2213 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2214 ipseclog((LOG_DEBUG, 2215 "%s: invalid message: wrong header size.\n", __func__)); 2216 return key_senderror(so, m, EINVAL); 2217 } 2218 2219 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 2220 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2221 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2222 2223 /* check the direciton */ 2224 switch (xpl0->sadb_x_policy_dir) { 2225 case IPSEC_DIR_INBOUND: 2226 case IPSEC_DIR_OUTBOUND: 2227 break; 2228 default: 2229 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2230 return key_senderror(so, m, EINVAL); 2231 } 2232 /* Only DISCARD, NONE and IPSEC are allowed */ 2233 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2234 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2235 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2236 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2237 return key_senderror(so, m, EINVAL); 2238 } 2239 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 2240 (struct sockaddr *)(dst0 + 1)) != 0 || 2241 src0->sadb_address_proto != dst0->sadb_address_proto) { 2242 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2243 return key_senderror(so, m, EINVAL); 2244 } 2245 /* make secindex */ 2246 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2247 src0 + 1, 2248 dst0 + 1, 2249 src0->sadb_address_prefixlen, 2250 dst0->sadb_address_prefixlen, 2251 src0->sadb_address_proto, 2252 &spidx); 2253 2254 /* Is there SP in SPD ? */ 2255 if ((sp = key_getsp(&spidx)) == NULL) { 2256 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__)); 2257 return key_senderror(so, m, EINVAL); 2258 } 2259 2260 /* save policy id to buffer to be returned. */ 2261 xpl0->sadb_x_policy_id = sp->id; 2262 2263 KEYDBG(KEY_STAMP, 2264 printf("%s: SP(%p)\n", __func__, sp)); 2265 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2266 key_unlink(sp); 2267 key_freesp(&sp); 2268 2269 { 2270 struct mbuf *n; 2271 struct sadb_msg *newmsg; 2272 2273 /* create new sadb_msg to reply. */ 2274 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 2275 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2276 if (!n) 2277 return key_senderror(so, m, ENOBUFS); 2278 2279 newmsg = mtod(n, struct sadb_msg *); 2280 newmsg->sadb_msg_errno = 0; 2281 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2282 2283 m_freem(m); 2284 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2285 } 2286 } 2287 2288 /* 2289 * SADB_SPDDELETE2 processing 2290 * receive 2291 * <base, policy(*)> 2292 * from the user(?), and set SADB_SASTATE_DEAD, 2293 * and send, 2294 * <base, policy(*)> 2295 * to the ikmpd. 2296 * policy(*) including direction of policy. 2297 * 2298 * m will always be freed. 2299 */ 2300 static int 2301 key_spddelete2(struct socket *so, struct mbuf *m, 2302 const struct sadb_msghdr *mhp) 2303 { 2304 struct secpolicy *sp; 2305 uint32_t id; 2306 2307 IPSEC_ASSERT(so != NULL, ("null socket")); 2308 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2309 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2310 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2311 2312 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2313 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2314 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2315 __func__)); 2316 return key_senderror(so, m, EINVAL); 2317 } 2318 2319 id = ((struct sadb_x_policy *) 2320 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2321 2322 /* Is there SP in SPD ? */ 2323 if ((sp = key_getspbyid(id)) == NULL) { 2324 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2325 __func__, id)); 2326 return key_senderror(so, m, EINVAL); 2327 } 2328 2329 KEYDBG(KEY_STAMP, 2330 printf("%s: SP(%p)\n", __func__, sp)); 2331 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2332 key_unlink(sp); 2333 if (sp->state != IPSEC_SPSTATE_DEAD) { 2334 ipseclog((LOG_DEBUG, "%s: failed to delete SP with id %u.\n", 2335 __func__, id)); 2336 key_freesp(&sp); 2337 return (key_senderror(so, m, EACCES)); 2338 } 2339 key_freesp(&sp); 2340 2341 { 2342 struct mbuf *n, *nn; 2343 struct sadb_msg *newmsg; 2344 int off, len; 2345 2346 /* create new sadb_msg to reply. */ 2347 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2348 2349 MGETHDR(n, M_NOWAIT, MT_DATA); 2350 if (n && len > MHLEN) { 2351 if (!(MCLGET(n, M_NOWAIT))) { 2352 m_freem(n); 2353 n = NULL; 2354 } 2355 } 2356 if (!n) 2357 return key_senderror(so, m, ENOBUFS); 2358 2359 n->m_len = len; 2360 n->m_next = NULL; 2361 off = 0; 2362 2363 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 2364 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2365 2366 IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)", 2367 off, len)); 2368 2369 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], 2370 mhp->extlen[SADB_X_EXT_POLICY], M_NOWAIT); 2371 if (!n->m_next) { 2372 m_freem(n); 2373 return key_senderror(so, m, ENOBUFS); 2374 } 2375 2376 n->m_pkthdr.len = 0; 2377 for (nn = n; nn; nn = nn->m_next) 2378 n->m_pkthdr.len += nn->m_len; 2379 2380 newmsg = mtod(n, struct sadb_msg *); 2381 newmsg->sadb_msg_errno = 0; 2382 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2383 2384 m_freem(m); 2385 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2386 } 2387 } 2388 2389 /* 2390 * SADB_X_SPDGET processing 2391 * receive 2392 * <base, policy(*)> 2393 * from the user(?), 2394 * and send, 2395 * <base, address(SD), policy> 2396 * to the ikmpd. 2397 * policy(*) including direction of policy. 2398 * 2399 * m will always be freed. 2400 */ 2401 static int 2402 key_spdget(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2403 { 2404 struct secpolicy *sp; 2405 struct mbuf *n; 2406 uint32_t id; 2407 2408 IPSEC_ASSERT(so != NULL, ("null socket")); 2409 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2410 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2411 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2412 2413 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2414 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2415 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2416 __func__)); 2417 return key_senderror(so, m, EINVAL); 2418 } 2419 2420 id = ((struct sadb_x_policy *) 2421 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2422 2423 /* Is there SP in SPD ? */ 2424 if ((sp = key_getspbyid(id)) == NULL) { 2425 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2426 __func__, id)); 2427 return key_senderror(so, m, ENOENT); 2428 } 2429 2430 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq, 2431 mhp->msg->sadb_msg_pid); 2432 key_freesp(&sp); 2433 if (n != NULL) { 2434 m_freem(m); 2435 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2436 } else 2437 return key_senderror(so, m, ENOBUFS); 2438 } 2439 2440 /* 2441 * SADB_X_SPDACQUIRE processing. 2442 * Acquire policy and SA(s) for a *OUTBOUND* packet. 2443 * send 2444 * <base, policy(*)> 2445 * to KMD, and expect to receive 2446 * <base> with SADB_X_SPDACQUIRE if error occurred, 2447 * or 2448 * <base, policy> 2449 * with SADB_X_SPDUPDATE from KMD by PF_KEY. 2450 * policy(*) is without policy requests. 2451 * 2452 * 0 : succeed 2453 * others: error number 2454 */ 2455 int 2456 key_spdacquire(struct secpolicy *sp) 2457 { 2458 struct mbuf *result = NULL, *m; 2459 struct secspacq *newspacq; 2460 2461 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2462 IPSEC_ASSERT(sp->req == NULL, ("policy exists")); 2463 IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, 2464 ("policy not IPSEC %u", sp->policy)); 2465 2466 /* Get an entry to check whether sent message or not. */ 2467 newspacq = key_getspacq(&sp->spidx); 2468 if (newspacq != NULL) { 2469 if (V_key_blockacq_count < newspacq->count) { 2470 /* reset counter and do send message. */ 2471 newspacq->count = 0; 2472 } else { 2473 /* increment counter and do nothing. */ 2474 newspacq->count++; 2475 SPACQ_UNLOCK(); 2476 return (0); 2477 } 2478 SPACQ_UNLOCK(); 2479 } else { 2480 /* make new entry for blocking to send SADB_ACQUIRE. */ 2481 newspacq = key_newspacq(&sp->spidx); 2482 if (newspacq == NULL) 2483 return ENOBUFS; 2484 } 2485 2486 /* create new sadb_msg to reply. */ 2487 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); 2488 if (!m) 2489 return ENOBUFS; 2490 2491 result = m; 2492 2493 result->m_pkthdr.len = 0; 2494 for (m = result; m; m = m->m_next) 2495 result->m_pkthdr.len += m->m_len; 2496 2497 mtod(result, struct sadb_msg *)->sadb_msg_len = 2498 PFKEY_UNIT64(result->m_pkthdr.len); 2499 2500 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED); 2501 } 2502 2503 /* 2504 * SADB_SPDFLUSH processing 2505 * receive 2506 * <base> 2507 * from the user, and free all entries in secpctree. 2508 * and send, 2509 * <base> 2510 * to the user. 2511 * NOTE: what to do is only marking SADB_SASTATE_DEAD. 2512 * 2513 * m will always be freed. 2514 */ 2515 static int 2516 key_spdflush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2517 { 2518 struct secpolicy_queue drainq; 2519 struct sadb_msg *newmsg; 2520 struct secpolicy *sp, *nextsp; 2521 u_int dir; 2522 2523 IPSEC_ASSERT(so != NULL, ("null socket")); 2524 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2525 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2526 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2527 2528 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) 2529 return key_senderror(so, m, EINVAL); 2530 2531 TAILQ_INIT(&drainq); 2532 SPTREE_WLOCK(); 2533 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2534 TAILQ_CONCAT(&drainq, &V_sptree[dir], chain); 2535 } 2536 /* 2537 * We need to set state to DEAD for each policy to be sure, 2538 * that another thread won't try to unlink it. 2539 * Also remove SP from sphash. 2540 */ 2541 TAILQ_FOREACH(sp, &drainq, chain) { 2542 sp->state = IPSEC_SPSTATE_DEAD; 2543 LIST_REMOVE(sp, idhash); 2544 } 2545 V_sp_genid++; 2546 V_spd_size = 0; 2547 SPTREE_WUNLOCK(); 2548 if (SPDCACHE_ENABLED()) 2549 spdcache_clear(); 2550 sp = TAILQ_FIRST(&drainq); 2551 while (sp != NULL) { 2552 nextsp = TAILQ_NEXT(sp, chain); 2553 key_freesp(&sp); 2554 sp = nextsp; 2555 } 2556 2557 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 2558 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 2559 return key_senderror(so, m, ENOBUFS); 2560 } 2561 2562 if (m->m_next) 2563 m_freem(m->m_next); 2564 m->m_next = NULL; 2565 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2566 newmsg = mtod(m, struct sadb_msg *); 2567 newmsg->sadb_msg_errno = 0; 2568 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 2569 2570 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 2571 } 2572 2573 static uint8_t 2574 key_satype2scopemask(uint8_t satype) 2575 { 2576 2577 if (satype == IPSEC_POLICYSCOPE_ANY) 2578 return (0xff); 2579 return (satype); 2580 } 2581 /* 2582 * SADB_SPDDUMP processing 2583 * receive 2584 * <base> 2585 * from the user, and dump all SP leaves and send, 2586 * <base> ..... 2587 * to the ikmpd. 2588 * 2589 * NOTE: 2590 * sadb_msg_satype is considered as mask of policy scopes. 2591 * m will always be freed. 2592 */ 2593 static int 2594 key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2595 { 2596 SPTREE_RLOCK_TRACKER; 2597 struct secpolicy *sp; 2598 struct mbuf *n; 2599 int cnt; 2600 u_int dir, scope; 2601 2602 IPSEC_ASSERT(so != NULL, ("null socket")); 2603 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2604 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2605 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2606 2607 /* search SPD entry and get buffer size. */ 2608 cnt = 0; 2609 scope = key_satype2scopemask(mhp->msg->sadb_msg_satype); 2610 SPTREE_RLOCK(); 2611 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2612 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2613 TAILQ_FOREACH(sp, &V_sptree[dir], chain) 2614 cnt++; 2615 } 2616 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2617 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) 2618 cnt++; 2619 } 2620 } 2621 2622 if (cnt == 0) { 2623 SPTREE_RUNLOCK(); 2624 return key_senderror(so, m, ENOENT); 2625 } 2626 2627 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2628 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2629 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 2630 --cnt; 2631 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2632 mhp->msg->sadb_msg_pid); 2633 2634 if (n != NULL) 2635 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2636 } 2637 } 2638 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2639 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) { 2640 --cnt; 2641 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2642 mhp->msg->sadb_msg_pid); 2643 2644 if (n != NULL) 2645 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2646 } 2647 } 2648 } 2649 2650 SPTREE_RUNLOCK(); 2651 m_freem(m); 2652 return (0); 2653 } 2654 2655 static struct mbuf * 2656 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, 2657 u_int32_t pid) 2658 { 2659 struct mbuf *result = NULL, *m; 2660 struct seclifetime lt; 2661 2662 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt); 2663 if (!m) 2664 goto fail; 2665 result = m; 2666 2667 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2668 &sp->spidx.src.sa, sp->spidx.prefs, 2669 sp->spidx.ul_proto); 2670 if (!m) 2671 goto fail; 2672 m_cat(result, m); 2673 2674 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2675 &sp->spidx.dst.sa, sp->spidx.prefd, 2676 sp->spidx.ul_proto); 2677 if (!m) 2678 goto fail; 2679 m_cat(result, m); 2680 2681 m = key_sp2mbuf(sp); 2682 if (!m) 2683 goto fail; 2684 m_cat(result, m); 2685 2686 if(sp->lifetime){ 2687 lt.addtime=sp->created; 2688 lt.usetime= sp->lastused; 2689 m = key_setlifetime(<, SADB_EXT_LIFETIME_CURRENT); 2690 if (!m) 2691 goto fail; 2692 m_cat(result, m); 2693 2694 lt.addtime=sp->lifetime; 2695 lt.usetime= sp->validtime; 2696 m = key_setlifetime(<, SADB_EXT_LIFETIME_HARD); 2697 if (!m) 2698 goto fail; 2699 m_cat(result, m); 2700 } 2701 2702 if ((result->m_flags & M_PKTHDR) == 0) 2703 goto fail; 2704 2705 if (result->m_len < sizeof(struct sadb_msg)) { 2706 result = m_pullup(result, sizeof(struct sadb_msg)); 2707 if (result == NULL) 2708 goto fail; 2709 } 2710 2711 result->m_pkthdr.len = 0; 2712 for (m = result; m; m = m->m_next) 2713 result->m_pkthdr.len += m->m_len; 2714 2715 mtod(result, struct sadb_msg *)->sadb_msg_len = 2716 PFKEY_UNIT64(result->m_pkthdr.len); 2717 2718 return result; 2719 2720 fail: 2721 m_freem(result); 2722 return NULL; 2723 } 2724 /* 2725 * get PFKEY message length for security policy and request. 2726 */ 2727 static size_t 2728 key_getspreqmsglen(struct secpolicy *sp) 2729 { 2730 size_t tlen, len; 2731 int i; 2732 2733 tlen = sizeof(struct sadb_x_policy); 2734 /* if is the policy for ipsec ? */ 2735 if (sp->policy != IPSEC_POLICY_IPSEC) 2736 return (tlen); 2737 2738 /* get length of ipsec requests */ 2739 for (i = 0; i < sp->tcount; i++) { 2740 len = sizeof(struct sadb_x_ipsecrequest) 2741 + sp->req[i]->saidx.src.sa.sa_len 2742 + sp->req[i]->saidx.dst.sa.sa_len; 2743 2744 tlen += PFKEY_ALIGN8(len); 2745 } 2746 return (tlen); 2747 } 2748 2749 /* 2750 * SADB_SPDEXPIRE processing 2751 * send 2752 * <base, address(SD), lifetime(CH), policy> 2753 * to KMD by PF_KEY. 2754 * 2755 * OUT: 0 : succeed 2756 * others : error number 2757 */ 2758 static int 2759 key_spdexpire(struct secpolicy *sp) 2760 { 2761 struct sadb_lifetime *lt; 2762 struct mbuf *result = NULL, *m; 2763 int len, error = -1; 2764 2765 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2766 2767 KEYDBG(KEY_STAMP, 2768 printf("%s: SP(%p)\n", __func__, sp)); 2769 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2770 2771 /* set msg header */ 2772 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); 2773 if (!m) { 2774 error = ENOBUFS; 2775 goto fail; 2776 } 2777 result = m; 2778 2779 /* create lifetime extension (current and hard) */ 2780 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 2781 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 2782 if (m == NULL) { 2783 error = ENOBUFS; 2784 goto fail; 2785 } 2786 m_align(m, len); 2787 m->m_len = len; 2788 bzero(mtod(m, caddr_t), len); 2789 lt = mtod(m, struct sadb_lifetime *); 2790 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2791 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2792 lt->sadb_lifetime_allocations = 0; 2793 lt->sadb_lifetime_bytes = 0; 2794 lt->sadb_lifetime_addtime = sp->created; 2795 lt->sadb_lifetime_usetime = sp->lastused; 2796 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 2797 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2798 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2799 lt->sadb_lifetime_allocations = 0; 2800 lt->sadb_lifetime_bytes = 0; 2801 lt->sadb_lifetime_addtime = sp->lifetime; 2802 lt->sadb_lifetime_usetime = sp->validtime; 2803 m_cat(result, m); 2804 2805 /* set sadb_address for source */ 2806 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2807 &sp->spidx.src.sa, 2808 sp->spidx.prefs, sp->spidx.ul_proto); 2809 if (!m) { 2810 error = ENOBUFS; 2811 goto fail; 2812 } 2813 m_cat(result, m); 2814 2815 /* set sadb_address for destination */ 2816 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2817 &sp->spidx.dst.sa, 2818 sp->spidx.prefd, sp->spidx.ul_proto); 2819 if (!m) { 2820 error = ENOBUFS; 2821 goto fail; 2822 } 2823 m_cat(result, m); 2824 2825 /* set secpolicy */ 2826 m = key_sp2mbuf(sp); 2827 if (!m) { 2828 error = ENOBUFS; 2829 goto fail; 2830 } 2831 m_cat(result, m); 2832 2833 if ((result->m_flags & M_PKTHDR) == 0) { 2834 error = EINVAL; 2835 goto fail; 2836 } 2837 2838 if (result->m_len < sizeof(struct sadb_msg)) { 2839 result = m_pullup(result, sizeof(struct sadb_msg)); 2840 if (result == NULL) { 2841 error = ENOBUFS; 2842 goto fail; 2843 } 2844 } 2845 2846 result->m_pkthdr.len = 0; 2847 for (m = result; m; m = m->m_next) 2848 result->m_pkthdr.len += m->m_len; 2849 2850 mtod(result, struct sadb_msg *)->sadb_msg_len = 2851 PFKEY_UNIT64(result->m_pkthdr.len); 2852 2853 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2854 2855 fail: 2856 if (result) 2857 m_freem(result); 2858 return error; 2859 } 2860 2861 /* %%% SAD management */ 2862 /* 2863 * allocating and initialize new SA head. 2864 * OUT: NULL : failure due to the lack of memory. 2865 * others : pointer to new SA head. 2866 */ 2867 static struct secashead * 2868 key_newsah(struct secasindex *saidx) 2869 { 2870 struct secashead *sah; 2871 2872 sah = malloc(sizeof(struct secashead), M_IPSEC_SAH, 2873 M_NOWAIT | M_ZERO); 2874 if (sah == NULL) { 2875 PFKEYSTAT_INC(in_nomem); 2876 return (NULL); 2877 } 2878 TAILQ_INIT(&sah->savtree_larval); 2879 TAILQ_INIT(&sah->savtree_alive); 2880 sah->saidx = *saidx; 2881 sah->state = SADB_SASTATE_DEAD; 2882 SAH_INITREF(sah); 2883 2884 KEYDBG(KEY_STAMP, 2885 printf("%s: SAH(%p)\n", __func__, sah)); 2886 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2887 return (sah); 2888 } 2889 2890 static void 2891 key_freesah(struct secashead **psah) 2892 { 2893 struct secashead *sah = *psah; 2894 2895 CURVNET_ASSERT_SET(); 2896 2897 if (SAH_DELREF(sah) == 0) 2898 return; 2899 2900 KEYDBG(KEY_STAMP, 2901 printf("%s: last reference to SAH(%p)\n", __func__, sah)); 2902 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2903 2904 *psah = NULL; 2905 key_delsah(sah); 2906 } 2907 2908 static void 2909 key_delsah(struct secashead *sah) 2910 { 2911 IPSEC_ASSERT(sah != NULL, ("NULL sah")); 2912 IPSEC_ASSERT(sah->state == SADB_SASTATE_DEAD, 2913 ("Attempt to free non DEAD SAH %p", sah)); 2914 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_larval), 2915 ("Attempt to free SAH %p with LARVAL SA", sah)); 2916 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_alive), 2917 ("Attempt to free SAH %p with ALIVE SA", sah)); 2918 2919 free(sah, M_IPSEC_SAH); 2920 } 2921 2922 /* 2923 * allocating a new SA for key_add() and key_getspi() call, 2924 * and copy the values of mhp into new buffer. 2925 * When SAD message type is SADB_GETSPI set SA state to LARVAL. 2926 * For SADB_ADD create and initialize SA with MATURE state. 2927 * OUT: NULL : fail 2928 * others : pointer to new secasvar. 2929 */ 2930 static struct secasvar * 2931 key_newsav(const struct sadb_msghdr *mhp, struct secasindex *saidx, 2932 uint32_t spi, int *errp) 2933 { 2934 struct secashead *sah; 2935 struct secasvar *sav; 2936 int isnew; 2937 2938 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2939 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2940 IPSEC_ASSERT(mhp->msg->sadb_msg_type == SADB_GETSPI || 2941 mhp->msg->sadb_msg_type == SADB_ADD, ("wrong message type")); 2942 2943 sav = NULL; 2944 sah = NULL; 2945 /* check SPI value */ 2946 switch (saidx->proto) { 2947 case IPPROTO_ESP: 2948 case IPPROTO_AH: 2949 /* 2950 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values 2951 * 1-255 reserved by IANA for future use, 2952 * 0 for implementation specific, local use. 2953 */ 2954 if (ntohl(spi) <= 255) { 2955 ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n", 2956 __func__, ntohl(spi))); 2957 *errp = EINVAL; 2958 goto done; 2959 } 2960 break; 2961 } 2962 2963 sav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT | M_ZERO); 2964 if (sav == NULL) { 2965 *errp = ENOBUFS; 2966 goto done; 2967 } 2968 sav->lock = malloc_aligned(max(sizeof(struct rmlock), 2969 CACHE_LINE_SIZE), CACHE_LINE_SIZE, M_IPSEC_MISC, 2970 M_NOWAIT | M_ZERO); 2971 if (sav->lock == NULL) { 2972 *errp = ENOBUFS; 2973 goto done; 2974 } 2975 rm_init(sav->lock, "ipsec association"); 2976 sav->lft_c = uma_zalloc_pcpu(ipsec_key_lft_zone, M_NOWAIT | M_ZERO); 2977 if (sav->lft_c == NULL) { 2978 *errp = ENOBUFS; 2979 goto done; 2980 } 2981 2982 sav->spi = spi; 2983 sav->seq = mhp->msg->sadb_msg_seq; 2984 sav->state = SADB_SASTATE_LARVAL; 2985 sav->pid = (pid_t)mhp->msg->sadb_msg_pid; 2986 SAV_INITREF(sav); 2987 again: 2988 sah = key_getsah(saidx); 2989 if (sah == NULL) { 2990 /* create a new SA index */ 2991 sah = key_newsah(saidx); 2992 if (sah == NULL) { 2993 ipseclog((LOG_DEBUG, 2994 "%s: No more memory.\n", __func__)); 2995 *errp = ENOBUFS; 2996 goto done; 2997 } 2998 isnew = 1; 2999 } else 3000 isnew = 0; 3001 3002 sav->sah = sah; 3003 if (mhp->msg->sadb_msg_type == SADB_GETSPI) { 3004 sav->created = time_second; 3005 } else if (sav->state == SADB_SASTATE_LARVAL) { 3006 /* 3007 * Do not call key_setsaval() second time in case 3008 * of `goto again`. We will have MATURE state. 3009 */ 3010 *errp = key_setsaval(sav, mhp); 3011 if (*errp != 0) 3012 goto done; 3013 sav->state = SADB_SASTATE_MATURE; 3014 } 3015 3016 SAHTREE_WLOCK(); 3017 /* 3018 * Check that existing SAH wasn't unlinked. 3019 * Since we didn't hold the SAHTREE lock, it is possible, 3020 * that callout handler or key_flush() or key_delete() could 3021 * unlink this SAH. 3022 */ 3023 if (isnew == 0 && sah->state == SADB_SASTATE_DEAD) { 3024 SAHTREE_WUNLOCK(); 3025 key_freesah(&sah); /* reference from key_getsah() */ 3026 goto again; 3027 } 3028 if (isnew != 0) { 3029 /* 3030 * Add new SAH into SADB. 3031 * 3032 * XXXAE: we can serialize key_add and key_getspi calls, so 3033 * several threads will not fight in the race. 3034 * Otherwise we should check under SAHTREE lock, that this 3035 * SAH would not added twice. 3036 */ 3037 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 3038 /* Add new SAH into hash by addresses */ 3039 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 3040 /* Now we are linked in the chain */ 3041 sah->state = SADB_SASTATE_MATURE; 3042 /* 3043 * SAV references this new SAH. 3044 * In case of existing SAH we reuse reference 3045 * from key_getsah(). 3046 */ 3047 SAH_ADDREF(sah); 3048 } 3049 /* Link SAV with SAH */ 3050 if (sav->state == SADB_SASTATE_MATURE) 3051 TAILQ_INSERT_HEAD(&sah->savtree_alive, sav, chain); 3052 else 3053 TAILQ_INSERT_HEAD(&sah->savtree_larval, sav, chain); 3054 /* Add SAV into SPI hash */ 3055 LIST_INSERT_HEAD(SAVHASH_HASH(sav->spi), sav, spihash); 3056 SAHTREE_WUNLOCK(); 3057 *errp = 0; /* success */ 3058 done: 3059 if (*errp != 0) { 3060 if (sav != NULL) { 3061 if (sav->lock != NULL) { 3062 rm_destroy(sav->lock); 3063 free(sav->lock, M_IPSEC_MISC); 3064 } 3065 if (sav->lft_c != NULL) 3066 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c); 3067 free(sav, M_IPSEC_SA), sav = NULL; 3068 } 3069 if (sah != NULL) 3070 key_freesah(&sah); 3071 if (*errp == ENOBUFS) { 3072 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3073 __func__)); 3074 PFKEYSTAT_INC(in_nomem); 3075 } 3076 } 3077 return (sav); 3078 } 3079 3080 /* 3081 * free() SA variable entry. 3082 */ 3083 static void 3084 key_cleansav(struct secasvar *sav) 3085 { 3086 3087 if (sav->natt != NULL) { 3088 free(sav->natt, M_IPSEC_MISC); 3089 sav->natt = NULL; 3090 } 3091 if (sav->flags & SADB_X_EXT_F_CLONED) 3092 return; 3093 if (sav->tdb_xform != NULL) { 3094 sav->tdb_xform->xf_cleanup(sav); 3095 sav->tdb_xform = NULL; 3096 } 3097 if (sav->key_auth != NULL) { 3098 zfree(sav->key_auth->key_data, M_IPSEC_MISC); 3099 free(sav->key_auth, M_IPSEC_MISC); 3100 sav->key_auth = NULL; 3101 } 3102 if (sav->key_enc != NULL) { 3103 zfree(sav->key_enc->key_data, M_IPSEC_MISC); 3104 free(sav->key_enc, M_IPSEC_MISC); 3105 sav->key_enc = NULL; 3106 } 3107 if (sav->replay != NULL) { 3108 mtx_destroy(&sav->replay->lock); 3109 if (sav->replay->bitmap != NULL) 3110 free(sav->replay->bitmap, M_IPSEC_MISC); 3111 free(sav->replay, M_IPSEC_MISC); 3112 sav->replay = NULL; 3113 } 3114 if (sav->lft_h != NULL) { 3115 free(sav->lft_h, M_IPSEC_MISC); 3116 sav->lft_h = NULL; 3117 } 3118 if (sav->lft_s != NULL) { 3119 free(sav->lft_s, M_IPSEC_MISC); 3120 sav->lft_s = NULL; 3121 } 3122 } 3123 3124 /* 3125 * free() SA variable entry. 3126 */ 3127 static void 3128 key_delsav(struct secasvar *sav) 3129 { 3130 IPSEC_ASSERT(sav != NULL, ("null sav")); 3131 IPSEC_ASSERT(sav->state == SADB_SASTATE_DEAD, 3132 ("attempt to free non DEAD SA %p", sav)); 3133 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", 3134 sav->refcnt)); 3135 3136 /* 3137 * SA must be unlinked from the chain and hashtbl. 3138 * If SA was cloned, we leave all fields untouched, 3139 * except NAT-T config. 3140 */ 3141 key_cleansav(sav); 3142 if ((sav->flags & SADB_X_EXT_F_CLONED) == 0) { 3143 rm_destroy(sav->lock); 3144 free(sav->lock, M_IPSEC_MISC); 3145 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c); 3146 } 3147 free(sav, M_IPSEC_SA); 3148 } 3149 3150 /* 3151 * search SAH. 3152 * OUT: 3153 * NULL : not found 3154 * others : found, referenced pointer to a SAH. 3155 */ 3156 static struct secashead * 3157 key_getsah(struct secasindex *saidx) 3158 { 3159 SAHTREE_RLOCK_TRACKER; 3160 struct secashead *sah; 3161 3162 SAHTREE_RLOCK(); 3163 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 3164 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID) != 0) { 3165 SAH_ADDREF(sah); 3166 break; 3167 } 3168 } 3169 SAHTREE_RUNLOCK(); 3170 return (sah); 3171 } 3172 3173 /* 3174 * Check not to be duplicated SPI. 3175 * OUT: 3176 * 0 : not found 3177 * 1 : found SA with given SPI. 3178 */ 3179 static int 3180 key_checkspidup(uint32_t spi) 3181 { 3182 SAHTREE_RLOCK_TRACKER; 3183 struct secasvar *sav; 3184 3185 /* Assume SPI is in network byte order */ 3186 SAHTREE_RLOCK(); 3187 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3188 if (sav->spi == spi) 3189 break; 3190 } 3191 SAHTREE_RUNLOCK(); 3192 return (sav != NULL); 3193 } 3194 3195 /* 3196 * Search SA by SPI. 3197 * OUT: 3198 * NULL : not found 3199 * others : found, referenced pointer to a SA. 3200 */ 3201 static struct secasvar * 3202 key_getsavbyspi(uint32_t spi) 3203 { 3204 SAHTREE_RLOCK_TRACKER; 3205 struct secasvar *sav; 3206 3207 /* Assume SPI is in network byte order */ 3208 SAHTREE_RLOCK(); 3209 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3210 if (sav->spi != spi) 3211 continue; 3212 SAV_ADDREF(sav); 3213 break; 3214 } 3215 SAHTREE_RUNLOCK(); 3216 return (sav); 3217 } 3218 3219 static int 3220 key_updatelifetimes(struct secasvar *sav, const struct sadb_msghdr *mhp) 3221 { 3222 struct seclifetime *lft_h, *lft_s, *tmp; 3223 3224 /* Lifetime extension is optional, check that it is present. */ 3225 if (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3226 SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) { 3227 /* 3228 * In case of SADB_UPDATE we may need to change 3229 * existing lifetimes. 3230 */ 3231 if (sav->state == SADB_SASTATE_MATURE) { 3232 lft_h = lft_s = NULL; 3233 goto reset; 3234 } 3235 return (0); 3236 } 3237 /* Both HARD and SOFT extensions must present */ 3238 if ((SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3239 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 3240 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 3241 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 3242 ipseclog((LOG_DEBUG, 3243 "%s: invalid message: missing required header.\n", 3244 __func__)); 3245 return (EINVAL); 3246 } 3247 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD) || 3248 SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_SOFT)) { 3249 ipseclog((LOG_DEBUG, 3250 "%s: invalid message: wrong header size.\n", __func__)); 3251 return (EINVAL); 3252 } 3253 lft_h = key_dup_lifemsg((const struct sadb_lifetime *) 3254 mhp->ext[SADB_EXT_LIFETIME_HARD], M_IPSEC_MISC); 3255 if (lft_h == NULL) { 3256 PFKEYSTAT_INC(in_nomem); 3257 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3258 return (ENOBUFS); 3259 } 3260 lft_s = key_dup_lifemsg((const struct sadb_lifetime *) 3261 mhp->ext[SADB_EXT_LIFETIME_SOFT], M_IPSEC_MISC); 3262 if (lft_s == NULL) { 3263 PFKEYSTAT_INC(in_nomem); 3264 free(lft_h, M_IPSEC_MISC); 3265 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3266 return (ENOBUFS); 3267 } 3268 reset: 3269 if (sav->state != SADB_SASTATE_LARVAL) { 3270 /* 3271 * key_update() holds reference to this SA, 3272 * so it won't be deleted in meanwhile. 3273 */ 3274 SECASVAR_WLOCK(sav); 3275 tmp = sav->lft_h; 3276 sav->lft_h = lft_h; 3277 lft_h = tmp; 3278 3279 tmp = sav->lft_s; 3280 sav->lft_s = lft_s; 3281 lft_s = tmp; 3282 SECASVAR_WUNLOCK(sav); 3283 if (lft_h != NULL) 3284 free(lft_h, M_IPSEC_MISC); 3285 if (lft_s != NULL) 3286 free(lft_s, M_IPSEC_MISC); 3287 return (0); 3288 } 3289 /* We can update lifetime without holding a lock */ 3290 IPSEC_ASSERT(sav->lft_h == NULL, ("lft_h is already initialized\n")); 3291 IPSEC_ASSERT(sav->lft_s == NULL, ("lft_s is already initialized\n")); 3292 sav->lft_h = lft_h; 3293 sav->lft_s = lft_s; 3294 return (0); 3295 } 3296 3297 /* 3298 * copy SA values from PF_KEY message except *SPI, SEQ, PID and TYPE*. 3299 * You must update these if need. Expects only LARVAL SAs. 3300 * OUT: 0: success. 3301 * !0: failure. 3302 */ 3303 static int 3304 key_setsaval(struct secasvar *sav, const struct sadb_msghdr *mhp) 3305 { 3306 const struct sadb_sa *sa0; 3307 const struct sadb_key *key0; 3308 uint32_t replay; 3309 size_t len; 3310 int error; 3311 3312 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 3313 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 3314 IPSEC_ASSERT(sav->state == SADB_SASTATE_LARVAL, 3315 ("Attempt to update non LARVAL SA")); 3316 3317 /* XXX rewrite */ 3318 error = key_setident(sav->sah, mhp); 3319 if (error != 0) 3320 goto fail; 3321 3322 /* SA */ 3323 if (!SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 3324 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 3325 error = EINVAL; 3326 goto fail; 3327 } 3328 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 3329 sav->alg_auth = sa0->sadb_sa_auth; 3330 sav->alg_enc = sa0->sadb_sa_encrypt; 3331 sav->flags = sa0->sadb_sa_flags; 3332 if ((sav->flags & SADB_KEY_FLAGS_MAX) != sav->flags) { 3333 ipseclog((LOG_DEBUG, 3334 "%s: invalid sa_flags 0x%08x.\n", __func__, 3335 sav->flags)); 3336 error = EINVAL; 3337 goto fail; 3338 } 3339 3340 /* Optional replay window */ 3341 replay = 0; 3342 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) 3343 replay = sa0->sadb_sa_replay; 3344 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_SA_REPLAY)) { 3345 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA_REPLAY)) { 3346 error = EINVAL; 3347 goto fail; 3348 } 3349 replay = ((const struct sadb_x_sa_replay *) 3350 mhp->ext[SADB_X_EXT_SA_REPLAY])->sadb_x_sa_replay_replay; 3351 3352 if (replay > UINT32_MAX - 32) { 3353 ipseclog((LOG_DEBUG, 3354 "%s: replay window too big.\n", __func__)); 3355 error = EINVAL; 3356 goto fail; 3357 } 3358 3359 replay = (replay + 7) >> 3; 3360 } 3361 3362 sav->replay = malloc(sizeof(struct secreplay), M_IPSEC_MISC, 3363 M_NOWAIT | M_ZERO); 3364 if (sav->replay == NULL) { 3365 PFKEYSTAT_INC(in_nomem); 3366 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3367 __func__)); 3368 error = ENOBUFS; 3369 goto fail; 3370 } 3371 mtx_init(&sav->replay->lock, "ipsec replay", NULL, MTX_DEF); 3372 3373 if (replay != 0) { 3374 /* number of 32b blocks to be allocated */ 3375 uint32_t bitmap_size; 3376 3377 /* RFC 6479: 3378 * - the allocated replay window size must be 3379 * a power of two. 3380 * - use an extra 32b block as a redundant window. 3381 */ 3382 bitmap_size = 1; 3383 while (replay + 4 > bitmap_size) 3384 bitmap_size <<= 1; 3385 bitmap_size = bitmap_size / 4; 3386 3387 sav->replay->bitmap = malloc( 3388 bitmap_size * sizeof(uint32_t), M_IPSEC_MISC, 3389 M_NOWAIT | M_ZERO); 3390 if (sav->replay->bitmap == NULL) { 3391 PFKEYSTAT_INC(in_nomem); 3392 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3393 __func__)); 3394 error = ENOBUFS; 3395 goto fail; 3396 } 3397 sav->replay->bitmap_size = bitmap_size; 3398 sav->replay->wsize = replay; 3399 } 3400 } 3401 3402 /* Authentication keys */ 3403 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 3404 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH)) { 3405 error = EINVAL; 3406 goto fail; 3407 } 3408 error = 0; 3409 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH]; 3410 len = mhp->extlen[SADB_EXT_KEY_AUTH]; 3411 switch (mhp->msg->sadb_msg_satype) { 3412 case SADB_SATYPE_AH: 3413 case SADB_SATYPE_ESP: 3414 case SADB_X_SATYPE_TCPSIGNATURE: 3415 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3416 sav->alg_auth != SADB_X_AALG_NULL) 3417 error = EINVAL; 3418 break; 3419 case SADB_X_SATYPE_IPCOMP: 3420 default: 3421 error = EINVAL; 3422 break; 3423 } 3424 if (error) { 3425 ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n", 3426 __func__)); 3427 goto fail; 3428 } 3429 3430 sav->key_auth = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3431 if (sav->key_auth == NULL ) { 3432 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3433 __func__)); 3434 PFKEYSTAT_INC(in_nomem); 3435 error = ENOBUFS; 3436 goto fail; 3437 } 3438 } 3439 3440 /* Encryption key */ 3441 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) { 3442 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT)) { 3443 error = EINVAL; 3444 goto fail; 3445 } 3446 error = 0; 3447 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT]; 3448 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; 3449 switch (mhp->msg->sadb_msg_satype) { 3450 case SADB_SATYPE_ESP: 3451 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3452 sav->alg_enc != SADB_EALG_NULL) { 3453 error = EINVAL; 3454 break; 3455 } 3456 sav->key_enc = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3457 if (sav->key_enc == NULL) { 3458 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3459 __func__)); 3460 PFKEYSTAT_INC(in_nomem); 3461 error = ENOBUFS; 3462 goto fail; 3463 } 3464 break; 3465 case SADB_X_SATYPE_IPCOMP: 3466 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) 3467 error = EINVAL; 3468 sav->key_enc = NULL; /*just in case*/ 3469 break; 3470 case SADB_SATYPE_AH: 3471 case SADB_X_SATYPE_TCPSIGNATURE: 3472 default: 3473 error = EINVAL; 3474 break; 3475 } 3476 if (error) { 3477 ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n", 3478 __func__)); 3479 goto fail; 3480 } 3481 } 3482 3483 /* set iv */ 3484 sav->ivlen = 0; 3485 switch (mhp->msg->sadb_msg_satype) { 3486 case SADB_SATYPE_AH: 3487 if (sav->flags & SADB_X_EXT_DERIV) { 3488 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3489 "given to AH SA.\n", __func__)); 3490 error = EINVAL; 3491 goto fail; 3492 } 3493 if (sav->alg_enc != SADB_EALG_NONE) { 3494 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3495 "mismated.\n", __func__)); 3496 error = EINVAL; 3497 goto fail; 3498 } 3499 error = xform_init(sav, XF_AH); 3500 break; 3501 case SADB_SATYPE_ESP: 3502 if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) == 3503 (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) { 3504 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3505 "given to old-esp.\n", __func__)); 3506 error = EINVAL; 3507 goto fail; 3508 } 3509 error = xform_init(sav, XF_ESP); 3510 break; 3511 case SADB_X_SATYPE_IPCOMP: 3512 if (sav->alg_auth != SADB_AALG_NONE) { 3513 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3514 "mismated.\n", __func__)); 3515 error = EINVAL; 3516 goto fail; 3517 } 3518 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 && 3519 ntohl(sav->spi) >= 0x10000) { 3520 ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n", 3521 __func__)); 3522 error = EINVAL; 3523 goto fail; 3524 } 3525 error = xform_init(sav, XF_IPCOMP); 3526 break; 3527 case SADB_X_SATYPE_TCPSIGNATURE: 3528 if (sav->alg_enc != SADB_EALG_NONE) { 3529 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3530 "mismated.\n", __func__)); 3531 error = EINVAL; 3532 goto fail; 3533 } 3534 error = xform_init(sav, XF_TCPSIGNATURE); 3535 break; 3536 default: 3537 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__)); 3538 error = EPROTONOSUPPORT; 3539 goto fail; 3540 } 3541 if (error) { 3542 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n", 3543 __func__, mhp->msg->sadb_msg_satype)); 3544 goto fail; 3545 } 3546 3547 /* Handle NAT-T headers */ 3548 error = key_setnatt(sav, mhp); 3549 if (error != 0) 3550 goto fail; 3551 3552 /* Initialize lifetime for CURRENT */ 3553 sav->firstused = 0; 3554 sav->created = time_second; 3555 3556 /* lifetimes for HARD and SOFT */ 3557 error = key_updatelifetimes(sav, mhp); 3558 if (error == 0) 3559 return (0); 3560 fail: 3561 key_cleansav(sav); 3562 return (error); 3563 } 3564 3565 /* 3566 * subroutine for SADB_GET and SADB_DUMP. 3567 */ 3568 static struct mbuf * 3569 key_setdumpsa(struct secasvar *sav, uint8_t type, uint8_t satype, 3570 uint32_t seq, uint32_t pid) 3571 { 3572 struct seclifetime lft_c; 3573 struct mbuf *result = NULL, *tres = NULL, *m; 3574 int i, dumporder[] = { 3575 SADB_EXT_SA, SADB_X_EXT_SA2, SADB_X_EXT_SA_REPLAY, 3576 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 3577 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, 3578 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, 3579 SADB_EXT_KEY_AUTH, SADB_EXT_KEY_ENCRYPT, 3580 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 3581 SADB_EXT_SENSITIVITY, 3582 SADB_X_EXT_NAT_T_TYPE, 3583 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, 3584 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, 3585 SADB_X_EXT_NAT_T_FRAG, 3586 }; 3587 uint32_t replay_count; 3588 3589 SECASVAR_RLOCK_TRACKER; 3590 3591 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); 3592 if (m == NULL) 3593 goto fail; 3594 result = m; 3595 3596 for (i = nitems(dumporder) - 1; i >= 0; i--) { 3597 m = NULL; 3598 switch (dumporder[i]) { 3599 case SADB_EXT_SA: 3600 m = key_setsadbsa(sav); 3601 if (!m) 3602 goto fail; 3603 break; 3604 3605 case SADB_X_EXT_SA2: { 3606 SECASVAR_RLOCK(sav); 3607 replay_count = sav->replay ? sav->replay->count : 0; 3608 SECASVAR_RUNLOCK(sav); 3609 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 3610 sav->sah->saidx.reqid); 3611 if (!m) 3612 goto fail; 3613 break; 3614 } 3615 case SADB_X_EXT_SA_REPLAY: 3616 if (sav->replay == NULL || 3617 sav->replay->wsize <= UINT8_MAX) 3618 continue; 3619 3620 m = key_setsadbxsareplay(sav->replay->wsize); 3621 if (!m) 3622 goto fail; 3623 break; 3624 3625 case SADB_EXT_ADDRESS_SRC: 3626 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3627 &sav->sah->saidx.src.sa, 3628 FULLMASK, IPSEC_ULPROTO_ANY); 3629 if (!m) 3630 goto fail; 3631 break; 3632 3633 case SADB_EXT_ADDRESS_DST: 3634 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3635 &sav->sah->saidx.dst.sa, 3636 FULLMASK, IPSEC_ULPROTO_ANY); 3637 if (!m) 3638 goto fail; 3639 break; 3640 3641 case SADB_EXT_KEY_AUTH: 3642 if (!sav->key_auth) 3643 continue; 3644 m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH); 3645 if (!m) 3646 goto fail; 3647 break; 3648 3649 case SADB_EXT_KEY_ENCRYPT: 3650 if (!sav->key_enc) 3651 continue; 3652 m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT); 3653 if (!m) 3654 goto fail; 3655 break; 3656 3657 case SADB_EXT_LIFETIME_CURRENT: 3658 lft_c.addtime = sav->created; 3659 lft_c.allocations = (uint32_t)counter_u64_fetch( 3660 sav->lft_c_allocations); 3661 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes); 3662 lft_c.usetime = sav->firstused; 3663 m = key_setlifetime(&lft_c, SADB_EXT_LIFETIME_CURRENT); 3664 if (!m) 3665 goto fail; 3666 break; 3667 3668 case SADB_EXT_LIFETIME_HARD: 3669 if (!sav->lft_h) 3670 continue; 3671 m = key_setlifetime(sav->lft_h, 3672 SADB_EXT_LIFETIME_HARD); 3673 if (!m) 3674 goto fail; 3675 break; 3676 3677 case SADB_EXT_LIFETIME_SOFT: 3678 if (!sav->lft_s) 3679 continue; 3680 m = key_setlifetime(sav->lft_s, 3681 SADB_EXT_LIFETIME_SOFT); 3682 3683 if (!m) 3684 goto fail; 3685 break; 3686 3687 case SADB_X_EXT_NAT_T_TYPE: 3688 if (sav->natt == NULL) 3689 continue; 3690 m = key_setsadbxtype(UDP_ENCAP_ESPINUDP); 3691 if (!m) 3692 goto fail; 3693 break; 3694 3695 case SADB_X_EXT_NAT_T_DPORT: 3696 if (sav->natt == NULL) 3697 continue; 3698 m = key_setsadbxport(sav->natt->dport, 3699 SADB_X_EXT_NAT_T_DPORT); 3700 if (!m) 3701 goto fail; 3702 break; 3703 3704 case SADB_X_EXT_NAT_T_SPORT: 3705 if (sav->natt == NULL) 3706 continue; 3707 m = key_setsadbxport(sav->natt->sport, 3708 SADB_X_EXT_NAT_T_SPORT); 3709 if (!m) 3710 goto fail; 3711 break; 3712 3713 case SADB_X_EXT_NAT_T_OAI: 3714 if (sav->natt == NULL || 3715 (sav->natt->flags & IPSEC_NATT_F_OAI) == 0) 3716 continue; 3717 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAI, 3718 &sav->natt->oai.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3719 if (!m) 3720 goto fail; 3721 break; 3722 case SADB_X_EXT_NAT_T_OAR: 3723 if (sav->natt == NULL || 3724 (sav->natt->flags & IPSEC_NATT_F_OAR) == 0) 3725 continue; 3726 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAR, 3727 &sav->natt->oar.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3728 if (!m) 3729 goto fail; 3730 break; 3731 case SADB_X_EXT_NAT_T_FRAG: 3732 /* We do not (yet) support those. */ 3733 continue; 3734 3735 case SADB_EXT_ADDRESS_PROXY: 3736 case SADB_EXT_IDENTITY_SRC: 3737 case SADB_EXT_IDENTITY_DST: 3738 /* XXX: should we brought from SPD ? */ 3739 case SADB_EXT_SENSITIVITY: 3740 default: 3741 continue; 3742 } 3743 3744 if (!m) 3745 goto fail; 3746 if (tres) 3747 m_cat(m, tres); 3748 tres = m; 3749 } 3750 3751 m_cat(result, tres); 3752 tres = NULL; 3753 if (result->m_len < sizeof(struct sadb_msg)) { 3754 result = m_pullup(result, sizeof(struct sadb_msg)); 3755 if (result == NULL) 3756 goto fail; 3757 } 3758 3759 result->m_pkthdr.len = 0; 3760 for (m = result; m; m = m->m_next) 3761 result->m_pkthdr.len += m->m_len; 3762 3763 mtod(result, struct sadb_msg *)->sadb_msg_len = 3764 PFKEY_UNIT64(result->m_pkthdr.len); 3765 3766 return result; 3767 3768 fail: 3769 m_freem(result); 3770 m_freem(tres); 3771 return NULL; 3772 } 3773 3774 /* 3775 * set data into sadb_msg. 3776 */ 3777 static struct mbuf * 3778 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq, 3779 pid_t pid, u_int16_t reserved) 3780 { 3781 struct mbuf *m; 3782 struct sadb_msg *p; 3783 int len; 3784 3785 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 3786 if (len > MCLBYTES) 3787 return NULL; 3788 MGETHDR(m, M_NOWAIT, MT_DATA); 3789 if (m && len > MHLEN) { 3790 if (!(MCLGET(m, M_NOWAIT))) { 3791 m_freem(m); 3792 m = NULL; 3793 } 3794 } 3795 if (!m) 3796 return NULL; 3797 m->m_pkthdr.len = m->m_len = len; 3798 m->m_next = NULL; 3799 3800 p = mtod(m, struct sadb_msg *); 3801 3802 bzero(p, len); 3803 p->sadb_msg_version = PF_KEY_V2; 3804 p->sadb_msg_type = type; 3805 p->sadb_msg_errno = 0; 3806 p->sadb_msg_satype = satype; 3807 p->sadb_msg_len = PFKEY_UNIT64(tlen); 3808 p->sadb_msg_reserved = reserved; 3809 p->sadb_msg_seq = seq; 3810 p->sadb_msg_pid = (u_int32_t)pid; 3811 3812 return m; 3813 } 3814 3815 /* 3816 * copy secasvar data into sadb_address. 3817 */ 3818 static struct mbuf * 3819 key_setsadbsa(struct secasvar *sav) 3820 { 3821 struct mbuf *m; 3822 struct sadb_sa *p; 3823 int len; 3824 3825 len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); 3826 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3827 if (m == NULL) 3828 return (NULL); 3829 m_align(m, len); 3830 m->m_len = len; 3831 p = mtod(m, struct sadb_sa *); 3832 bzero(p, len); 3833 p->sadb_sa_len = PFKEY_UNIT64(len); 3834 p->sadb_sa_exttype = SADB_EXT_SA; 3835 p->sadb_sa_spi = sav->spi; 3836 p->sadb_sa_replay = sav->replay ? 3837 (sav->replay->wsize > UINT8_MAX ? UINT8_MAX : 3838 sav->replay->wsize): 0; 3839 p->sadb_sa_state = sav->state; 3840 p->sadb_sa_auth = sav->alg_auth; 3841 p->sadb_sa_encrypt = sav->alg_enc; 3842 p->sadb_sa_flags = sav->flags & SADB_KEY_FLAGS_MAX; 3843 return (m); 3844 } 3845 3846 /* 3847 * set data into sadb_address. 3848 */ 3849 static struct mbuf * 3850 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr, 3851 u_int8_t prefixlen, u_int16_t ul_proto) 3852 { 3853 struct mbuf *m; 3854 struct sadb_address *p; 3855 size_t len; 3856 3857 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + 3858 PFKEY_ALIGN8(saddr->sa_len); 3859 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3860 if (m == NULL) 3861 return (NULL); 3862 m_align(m, len); 3863 m->m_len = len; 3864 p = mtod(m, struct sadb_address *); 3865 3866 bzero(p, len); 3867 p->sadb_address_len = PFKEY_UNIT64(len); 3868 p->sadb_address_exttype = exttype; 3869 p->sadb_address_proto = ul_proto; 3870 if (prefixlen == FULLMASK) { 3871 switch (saddr->sa_family) { 3872 case AF_INET: 3873 prefixlen = sizeof(struct in_addr) << 3; 3874 break; 3875 case AF_INET6: 3876 prefixlen = sizeof(struct in6_addr) << 3; 3877 break; 3878 default: 3879 ; /*XXX*/ 3880 } 3881 } 3882 p->sadb_address_prefixlen = prefixlen; 3883 p->sadb_address_reserved = 0; 3884 3885 bcopy(saddr, 3886 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)), 3887 saddr->sa_len); 3888 3889 return m; 3890 } 3891 3892 /* 3893 * set data into sadb_x_sa2. 3894 */ 3895 static struct mbuf * 3896 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid) 3897 { 3898 struct mbuf *m; 3899 struct sadb_x_sa2 *p; 3900 size_t len; 3901 3902 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); 3903 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3904 if (m == NULL) 3905 return (NULL); 3906 m_align(m, len); 3907 m->m_len = len; 3908 p = mtod(m, struct sadb_x_sa2 *); 3909 3910 bzero(p, len); 3911 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 3912 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 3913 p->sadb_x_sa2_mode = mode; 3914 p->sadb_x_sa2_reserved1 = 0; 3915 p->sadb_x_sa2_reserved2 = 0; 3916 p->sadb_x_sa2_sequence = seq; 3917 p->sadb_x_sa2_reqid = reqid; 3918 3919 return m; 3920 } 3921 3922 /* 3923 * Set data into sadb_x_sa_replay. 3924 */ 3925 static struct mbuf * 3926 key_setsadbxsareplay(u_int32_t replay) 3927 { 3928 struct mbuf *m; 3929 struct sadb_x_sa_replay *p; 3930 size_t len; 3931 3932 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa_replay)); 3933 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3934 if (m == NULL) 3935 return (NULL); 3936 m_align(m, len); 3937 m->m_len = len; 3938 p = mtod(m, struct sadb_x_sa_replay *); 3939 3940 bzero(p, len); 3941 p->sadb_x_sa_replay_len = PFKEY_UNIT64(len); 3942 p->sadb_x_sa_replay_exttype = SADB_X_EXT_SA_REPLAY; 3943 p->sadb_x_sa_replay_replay = (replay << 3); 3944 3945 return m; 3946 } 3947 3948 /* 3949 * Set a type in sadb_x_nat_t_type. 3950 */ 3951 static struct mbuf * 3952 key_setsadbxtype(u_int16_t type) 3953 { 3954 struct mbuf *m; 3955 size_t len; 3956 struct sadb_x_nat_t_type *p; 3957 3958 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type)); 3959 3960 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3961 if (m == NULL) 3962 return (NULL); 3963 m_align(m, len); 3964 m->m_len = len; 3965 p = mtod(m, struct sadb_x_nat_t_type *); 3966 3967 bzero(p, len); 3968 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len); 3969 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 3970 p->sadb_x_nat_t_type_type = type; 3971 3972 return (m); 3973 } 3974 /* 3975 * Set a port in sadb_x_nat_t_port. 3976 * In contrast to default RFC 2367 behaviour, port is in network byte order. 3977 */ 3978 static struct mbuf * 3979 key_setsadbxport(u_int16_t port, u_int16_t type) 3980 { 3981 struct mbuf *m; 3982 size_t len; 3983 struct sadb_x_nat_t_port *p; 3984 3985 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port)); 3986 3987 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3988 if (m == NULL) 3989 return (NULL); 3990 m_align(m, len); 3991 m->m_len = len; 3992 p = mtod(m, struct sadb_x_nat_t_port *); 3993 3994 bzero(p, len); 3995 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len); 3996 p->sadb_x_nat_t_port_exttype = type; 3997 p->sadb_x_nat_t_port_port = port; 3998 3999 return (m); 4000 } 4001 4002 /* 4003 * Get port from sockaddr. Port is in network byte order. 4004 */ 4005 uint16_t 4006 key_portfromsaddr(struct sockaddr *sa) 4007 { 4008 4009 switch (sa->sa_family) { 4010 #ifdef INET 4011 case AF_INET: 4012 return ((struct sockaddr_in *)sa)->sin_port; 4013 #endif 4014 #ifdef INET6 4015 case AF_INET6: 4016 return ((struct sockaddr_in6 *)sa)->sin6_port; 4017 #endif 4018 } 4019 return (0); 4020 } 4021 4022 /* 4023 * Set port in struct sockaddr. Port is in network byte order. 4024 */ 4025 void 4026 key_porttosaddr(struct sockaddr *sa, uint16_t port) 4027 { 4028 4029 switch (sa->sa_family) { 4030 #ifdef INET 4031 case AF_INET: 4032 ((struct sockaddr_in *)sa)->sin_port = port; 4033 break; 4034 #endif 4035 #ifdef INET6 4036 case AF_INET6: 4037 ((struct sockaddr_in6 *)sa)->sin6_port = port; 4038 break; 4039 #endif 4040 default: 4041 ipseclog((LOG_DEBUG, "%s: unexpected address family %d.\n", 4042 __func__, sa->sa_family)); 4043 break; 4044 } 4045 } 4046 4047 /* 4048 * set data into sadb_x_policy 4049 */ 4050 static struct mbuf * 4051 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id, u_int32_t priority) 4052 { 4053 struct mbuf *m; 4054 struct sadb_x_policy *p; 4055 size_t len; 4056 4057 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); 4058 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4059 if (m == NULL) 4060 return (NULL); 4061 m_align(m, len); 4062 m->m_len = len; 4063 p = mtod(m, struct sadb_x_policy *); 4064 4065 bzero(p, len); 4066 p->sadb_x_policy_len = PFKEY_UNIT64(len); 4067 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 4068 p->sadb_x_policy_type = type; 4069 p->sadb_x_policy_dir = dir; 4070 p->sadb_x_policy_id = id; 4071 p->sadb_x_policy_priority = priority; 4072 4073 return m; 4074 } 4075 4076 /* %%% utilities */ 4077 /* Take a key message (sadb_key) from the socket and turn it into one 4078 * of the kernel's key structures (seckey). 4079 * 4080 * IN: pointer to the src 4081 * OUT: NULL no more memory 4082 */ 4083 struct seckey * 4084 key_dup_keymsg(const struct sadb_key *src, size_t len, 4085 struct malloc_type *type) 4086 { 4087 struct seckey *dst; 4088 4089 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4090 if (dst != NULL) { 4091 dst->bits = src->sadb_key_bits; 4092 dst->key_data = malloc(len, type, M_NOWAIT); 4093 if (dst->key_data != NULL) { 4094 bcopy((const char *)(src + 1), dst->key_data, len); 4095 } else { 4096 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4097 __func__)); 4098 free(dst, type); 4099 dst = NULL; 4100 } 4101 } else { 4102 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4103 __func__)); 4104 } 4105 return (dst); 4106 } 4107 4108 /* Take a lifetime message (sadb_lifetime) passed in on a socket and 4109 * turn it into one of the kernel's lifetime structures (seclifetime). 4110 * 4111 * IN: pointer to the destination, source and malloc type 4112 * OUT: NULL, no more memory 4113 */ 4114 4115 static struct seclifetime * 4116 key_dup_lifemsg(const struct sadb_lifetime *src, struct malloc_type *type) 4117 { 4118 struct seclifetime *dst; 4119 4120 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4121 if (dst == NULL) { 4122 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 4123 return (NULL); 4124 } 4125 dst->allocations = src->sadb_lifetime_allocations; 4126 dst->bytes = src->sadb_lifetime_bytes; 4127 dst->addtime = src->sadb_lifetime_addtime; 4128 dst->usetime = src->sadb_lifetime_usetime; 4129 return (dst); 4130 } 4131 4132 /* 4133 * compare two secasindex structure. 4134 * flag can specify to compare 2 saidxes. 4135 * compare two secasindex structure without both mode and reqid. 4136 * don't compare port. 4137 * IN: 4138 * saidx0: source, it can be in SAD. 4139 * saidx1: object. 4140 * OUT: 4141 * 1 : equal 4142 * 0 : not equal 4143 */ 4144 static int 4145 key_cmpsaidx(const struct secasindex *saidx0, const struct secasindex *saidx1, 4146 int flag) 4147 { 4148 4149 /* sanity */ 4150 if (saidx0 == NULL && saidx1 == NULL) 4151 return 1; 4152 4153 if (saidx0 == NULL || saidx1 == NULL) 4154 return 0; 4155 4156 if (saidx0->proto != saidx1->proto) 4157 return 0; 4158 4159 if (flag == CMP_EXACTLY) { 4160 if (saidx0->mode != saidx1->mode) 4161 return 0; 4162 if (saidx0->reqid != saidx1->reqid) 4163 return 0; 4164 if (bcmp(&saidx0->src, &saidx1->src, 4165 saidx0->src.sa.sa_len) != 0 || 4166 bcmp(&saidx0->dst, &saidx1->dst, 4167 saidx0->dst.sa.sa_len) != 0) 4168 return 0; 4169 } else { 4170 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */ 4171 if (flag == CMP_MODE_REQID || flag == CMP_REQID) { 4172 /* 4173 * If reqid of SPD is non-zero, unique SA is required. 4174 * The result must be of same reqid in this case. 4175 */ 4176 if (saidx1->reqid != 0 && 4177 saidx0->reqid != saidx1->reqid) 4178 return 0; 4179 } 4180 4181 if (flag == CMP_MODE_REQID) { 4182 if (saidx0->mode != IPSEC_MODE_ANY 4183 && saidx0->mode != saidx1->mode) 4184 return 0; 4185 } 4186 4187 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, 0) != 0) 4188 return 0; 4189 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, 0) != 0) 4190 return 0; 4191 } 4192 4193 return 1; 4194 } 4195 4196 /* 4197 * compare two secindex structure exactly. 4198 * IN: 4199 * spidx0: source, it is often in SPD. 4200 * spidx1: object, it is often from PFKEY message. 4201 * OUT: 4202 * 1 : equal 4203 * 0 : not equal 4204 */ 4205 static int 4206 key_cmpspidx_exactly(struct secpolicyindex *spidx0, 4207 struct secpolicyindex *spidx1) 4208 { 4209 /* sanity */ 4210 if (spidx0 == NULL && spidx1 == NULL) 4211 return 1; 4212 4213 if (spidx0 == NULL || spidx1 == NULL) 4214 return 0; 4215 4216 if (spidx0->prefs != spidx1->prefs 4217 || spidx0->prefd != spidx1->prefd 4218 || spidx0->ul_proto != spidx1->ul_proto 4219 || spidx0->dir != spidx1->dir) 4220 return 0; 4221 4222 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 && 4223 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0; 4224 } 4225 4226 /* 4227 * compare two secindex structure with mask. 4228 * IN: 4229 * spidx0: source, it is often in SPD. 4230 * spidx1: object, it is often from IP header. 4231 * OUT: 4232 * 1 : equal 4233 * 0 : not equal 4234 */ 4235 static int 4236 key_cmpspidx_withmask(struct secpolicyindex *spidx0, 4237 struct secpolicyindex *spidx1) 4238 { 4239 /* sanity */ 4240 if (spidx0 == NULL && spidx1 == NULL) 4241 return 1; 4242 4243 if (spidx0 == NULL || spidx1 == NULL) 4244 return 0; 4245 4246 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family || 4247 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family || 4248 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len || 4249 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) 4250 return 0; 4251 4252 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ 4253 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY 4254 && spidx0->ul_proto != spidx1->ul_proto) 4255 return 0; 4256 4257 switch (spidx0->src.sa.sa_family) { 4258 case AF_INET: 4259 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY 4260 && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) 4261 return 0; 4262 if (!key_bbcmp(&spidx0->src.sin.sin_addr, 4263 &spidx1->src.sin.sin_addr, spidx0->prefs)) 4264 return 0; 4265 break; 4266 case AF_INET6: 4267 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY 4268 && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) 4269 return 0; 4270 /* 4271 * scope_id check. if sin6_scope_id is 0, we regard it 4272 * as a wildcard scope, which matches any scope zone ID. 4273 */ 4274 if (spidx0->src.sin6.sin6_scope_id && 4275 spidx1->src.sin6.sin6_scope_id && 4276 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) 4277 return 0; 4278 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr, 4279 &spidx1->src.sin6.sin6_addr, spidx0->prefs)) 4280 return 0; 4281 break; 4282 default: 4283 /* XXX */ 4284 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) 4285 return 0; 4286 break; 4287 } 4288 4289 switch (spidx0->dst.sa.sa_family) { 4290 case AF_INET: 4291 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY 4292 && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) 4293 return 0; 4294 if (!key_bbcmp(&spidx0->dst.sin.sin_addr, 4295 &spidx1->dst.sin.sin_addr, spidx0->prefd)) 4296 return 0; 4297 break; 4298 case AF_INET6: 4299 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY 4300 && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) 4301 return 0; 4302 /* 4303 * scope_id check. if sin6_scope_id is 0, we regard it 4304 * as a wildcard scope, which matches any scope zone ID. 4305 */ 4306 if (spidx0->dst.sin6.sin6_scope_id && 4307 spidx1->dst.sin6.sin6_scope_id && 4308 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) 4309 return 0; 4310 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr, 4311 &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) 4312 return 0; 4313 break; 4314 default: 4315 /* XXX */ 4316 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) 4317 return 0; 4318 break; 4319 } 4320 4321 /* XXX Do we check other field ? e.g. flowinfo */ 4322 4323 return 1; 4324 } 4325 4326 #ifdef satosin 4327 #undef satosin 4328 #endif 4329 #define satosin(s) ((const struct sockaddr_in *)s) 4330 #ifdef satosin6 4331 #undef satosin6 4332 #endif 4333 #define satosin6(s) ((const struct sockaddr_in6 *)s) 4334 /* returns 0 on match */ 4335 int 4336 key_sockaddrcmp(const struct sockaddr *sa1, const struct sockaddr *sa2, 4337 int port) 4338 { 4339 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4340 return 1; 4341 4342 switch (sa1->sa_family) { 4343 #ifdef INET 4344 case AF_INET: 4345 if (sa1->sa_len != sizeof(struct sockaddr_in)) 4346 return 1; 4347 if (satosin(sa1)->sin_addr.s_addr != 4348 satosin(sa2)->sin_addr.s_addr) { 4349 return 1; 4350 } 4351 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port) 4352 return 1; 4353 break; 4354 #endif 4355 #ifdef INET6 4356 case AF_INET6: 4357 if (sa1->sa_len != sizeof(struct sockaddr_in6)) 4358 return 1; /*EINVAL*/ 4359 if (satosin6(sa1)->sin6_scope_id != 4360 satosin6(sa2)->sin6_scope_id) { 4361 return 1; 4362 } 4363 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr, 4364 &satosin6(sa2)->sin6_addr)) { 4365 return 1; 4366 } 4367 if (port && 4368 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) { 4369 return 1; 4370 } 4371 break; 4372 #endif 4373 default: 4374 if (bcmp(sa1, sa2, sa1->sa_len) != 0) 4375 return 1; 4376 break; 4377 } 4378 4379 return 0; 4380 } 4381 4382 /* returns 0 on match */ 4383 int 4384 key_sockaddrcmp_withmask(const struct sockaddr *sa1, 4385 const struct sockaddr *sa2, size_t mask) 4386 { 4387 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4388 return (1); 4389 4390 switch (sa1->sa_family) { 4391 #ifdef INET 4392 case AF_INET: 4393 return (!key_bbcmp(&satosin(sa1)->sin_addr, 4394 &satosin(sa2)->sin_addr, mask)); 4395 #endif 4396 #ifdef INET6 4397 case AF_INET6: 4398 if (satosin6(sa1)->sin6_scope_id != 4399 satosin6(sa2)->sin6_scope_id) 4400 return (1); 4401 return (!key_bbcmp(&satosin6(sa1)->sin6_addr, 4402 &satosin6(sa2)->sin6_addr, mask)); 4403 #endif 4404 } 4405 return (1); 4406 } 4407 #undef satosin 4408 #undef satosin6 4409 4410 /* 4411 * compare two buffers with mask. 4412 * IN: 4413 * addr1: source 4414 * addr2: object 4415 * bits: Number of bits to compare 4416 * OUT: 4417 * 1 : equal 4418 * 0 : not equal 4419 */ 4420 static int 4421 key_bbcmp(const void *a1, const void *a2, u_int bits) 4422 { 4423 const unsigned char *p1 = a1; 4424 const unsigned char *p2 = a2; 4425 4426 /* XXX: This could be considerably faster if we compare a word 4427 * at a time, but it is complicated on LSB Endian machines */ 4428 4429 /* Handle null pointers */ 4430 if (p1 == NULL || p2 == NULL) 4431 return (p1 == p2); 4432 4433 while (bits >= 8) { 4434 if (*p1++ != *p2++) 4435 return 0; 4436 bits -= 8; 4437 } 4438 4439 if (bits > 0) { 4440 u_int8_t mask = ~((1<<(8-bits))-1); 4441 if ((*p1 & mask) != (*p2 & mask)) 4442 return 0; 4443 } 4444 return 1; /* Match! */ 4445 } 4446 4447 static void 4448 key_flush_spd(time_t now) 4449 { 4450 SPTREE_RLOCK_TRACKER; 4451 struct secpolicy_list drainq; 4452 struct secpolicy *sp, *nextsp; 4453 u_int dir; 4454 4455 LIST_INIT(&drainq); 4456 SPTREE_RLOCK(); 4457 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 4458 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 4459 if (sp->lifetime == 0 && sp->validtime == 0) 4460 continue; 4461 if ((sp->lifetime && 4462 now - sp->created > sp->lifetime) || 4463 (sp->validtime && 4464 now - sp->lastused > sp->validtime)) { 4465 /* Hold extra reference to send SPDEXPIRE */ 4466 SP_ADDREF(sp); 4467 LIST_INSERT_HEAD(&drainq, sp, drainq); 4468 } 4469 } 4470 } 4471 SPTREE_RUNLOCK(); 4472 if (LIST_EMPTY(&drainq)) 4473 return; 4474 4475 SPTREE_WLOCK(); 4476 sp = LIST_FIRST(&drainq); 4477 while (sp != NULL) { 4478 nextsp = LIST_NEXT(sp, drainq); 4479 /* Check that SP is still linked */ 4480 if (sp->state != IPSEC_SPSTATE_ALIVE) { 4481 LIST_REMOVE(sp, drainq); 4482 key_freesp(&sp); /* release extra reference */ 4483 sp = nextsp; 4484 continue; 4485 } 4486 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 4487 V_spd_size--; 4488 LIST_REMOVE(sp, idhash); 4489 sp->state = IPSEC_SPSTATE_DEAD; 4490 sp = nextsp; 4491 } 4492 V_sp_genid++; 4493 SPTREE_WUNLOCK(); 4494 if (SPDCACHE_ENABLED()) 4495 spdcache_clear(); 4496 4497 sp = LIST_FIRST(&drainq); 4498 while (sp != NULL) { 4499 nextsp = LIST_NEXT(sp, drainq); 4500 key_spdexpire(sp); 4501 key_freesp(&sp); /* release extra reference */ 4502 key_freesp(&sp); /* release last reference */ 4503 sp = nextsp; 4504 } 4505 } 4506 4507 static void 4508 key_flush_sad(time_t now) 4509 { 4510 SAHTREE_RLOCK_TRACKER; 4511 struct secashead_list emptyq; 4512 struct secasvar_list drainq, hexpireq, sexpireq, freeq; 4513 struct secashead *sah, *nextsah; 4514 struct secasvar *sav, *nextsav; 4515 4516 SECASVAR_RLOCK_TRACKER; 4517 4518 LIST_INIT(&drainq); 4519 LIST_INIT(&hexpireq); 4520 LIST_INIT(&sexpireq); 4521 LIST_INIT(&emptyq); 4522 4523 SAHTREE_RLOCK(); 4524 TAILQ_FOREACH(sah, &V_sahtree, chain) { 4525 /* Check for empty SAH */ 4526 if (TAILQ_EMPTY(&sah->savtree_larval) && 4527 TAILQ_EMPTY(&sah->savtree_alive)) { 4528 SAH_ADDREF(sah); 4529 LIST_INSERT_HEAD(&emptyq, sah, drainq); 4530 continue; 4531 } 4532 /* Add all stale LARVAL SAs into drainq */ 4533 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 4534 if (now - sav->created < V_key_larval_lifetime) 4535 continue; 4536 SAV_ADDREF(sav); 4537 LIST_INSERT_HEAD(&drainq, sav, drainq); 4538 } 4539 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 4540 /* lifetimes aren't specified */ 4541 if (sav->lft_h == NULL) 4542 continue; 4543 SECASVAR_RLOCK(sav); 4544 /* 4545 * Check again with lock held, because it may 4546 * be updated by SADB_UPDATE. 4547 */ 4548 if (sav->lft_h == NULL) { 4549 SECASVAR_RUNLOCK(sav); 4550 continue; 4551 } 4552 /* 4553 * RFC 2367: 4554 * HARD lifetimes MUST take precedence over SOFT 4555 * lifetimes, meaning if the HARD and SOFT lifetimes 4556 * are the same, the HARD lifetime will appear on the 4557 * EXPIRE message. 4558 */ 4559 /* check HARD lifetime */ 4560 if ((sav->lft_h->addtime != 0 && 4561 now - sav->created > sav->lft_h->addtime) || 4562 (sav->lft_h->usetime != 0 && sav->firstused && 4563 now - sav->firstused > sav->lft_h->usetime) || 4564 (sav->lft_h->bytes != 0 && counter_u64_fetch( 4565 sav->lft_c_bytes) > sav->lft_h->bytes)) { 4566 SECASVAR_RUNLOCK(sav); 4567 SAV_ADDREF(sav); 4568 LIST_INSERT_HEAD(&hexpireq, sav, drainq); 4569 continue; 4570 } 4571 /* check SOFT lifetime (only for MATURE SAs) */ 4572 if (sav->state == SADB_SASTATE_MATURE && ( 4573 (sav->lft_s->addtime != 0 && 4574 now - sav->created > sav->lft_s->addtime) || 4575 (sav->lft_s->usetime != 0 && sav->firstused && 4576 now - sav->firstused > sav->lft_s->usetime) || 4577 (sav->lft_s->bytes != 0 && counter_u64_fetch( 4578 sav->lft_c_bytes) > sav->lft_s->bytes) || 4579 (!(sav->flags & SADB_X_SAFLAGS_ESN) && 4580 (sav->replay != NULL) && ( 4581 (sav->replay->count > UINT32_80PCT) || 4582 (sav->replay->last > UINT32_80PCT))))) { 4583 SECASVAR_RUNLOCK(sav); 4584 SAV_ADDREF(sav); 4585 LIST_INSERT_HEAD(&sexpireq, sav, drainq); 4586 continue; 4587 } 4588 SECASVAR_RUNLOCK(sav); 4589 } 4590 } 4591 SAHTREE_RUNLOCK(); 4592 4593 if (LIST_EMPTY(&emptyq) && LIST_EMPTY(&drainq) && 4594 LIST_EMPTY(&hexpireq) && LIST_EMPTY(&sexpireq)) 4595 return; 4596 4597 LIST_INIT(&freeq); 4598 SAHTREE_WLOCK(); 4599 /* Unlink stale LARVAL SAs */ 4600 sav = LIST_FIRST(&drainq); 4601 while (sav != NULL) { 4602 nextsav = LIST_NEXT(sav, drainq); 4603 /* Check that SA is still LARVAL */ 4604 if (sav->state != SADB_SASTATE_LARVAL) { 4605 LIST_REMOVE(sav, drainq); 4606 LIST_INSERT_HEAD(&freeq, sav, drainq); 4607 sav = nextsav; 4608 continue; 4609 } 4610 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 4611 LIST_REMOVE(sav, spihash); 4612 sav->state = SADB_SASTATE_DEAD; 4613 sav = nextsav; 4614 } 4615 /* Unlink all SAs with expired HARD lifetime */ 4616 sav = LIST_FIRST(&hexpireq); 4617 while (sav != NULL) { 4618 nextsav = LIST_NEXT(sav, drainq); 4619 /* Check that SA is not unlinked */ 4620 if (sav->state == SADB_SASTATE_DEAD) { 4621 LIST_REMOVE(sav, drainq); 4622 LIST_INSERT_HEAD(&freeq, sav, drainq); 4623 sav = nextsav; 4624 continue; 4625 } 4626 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 4627 LIST_REMOVE(sav, spihash); 4628 sav->state = SADB_SASTATE_DEAD; 4629 sav = nextsav; 4630 } 4631 /* Mark all SAs with expired SOFT lifetime as DYING */ 4632 sav = LIST_FIRST(&sexpireq); 4633 while (sav != NULL) { 4634 nextsav = LIST_NEXT(sav, drainq); 4635 /* Check that SA is not unlinked */ 4636 if (sav->state == SADB_SASTATE_DEAD) { 4637 LIST_REMOVE(sav, drainq); 4638 LIST_INSERT_HEAD(&freeq, sav, drainq); 4639 sav = nextsav; 4640 continue; 4641 } 4642 /* 4643 * NOTE: this doesn't change SA order in the chain. 4644 */ 4645 sav->state = SADB_SASTATE_DYING; 4646 sav = nextsav; 4647 } 4648 /* Unlink empty SAHs */ 4649 sah = LIST_FIRST(&emptyq); 4650 while (sah != NULL) { 4651 nextsah = LIST_NEXT(sah, drainq); 4652 /* Check that SAH is still empty and not unlinked */ 4653 if (sah->state == SADB_SASTATE_DEAD || 4654 !TAILQ_EMPTY(&sah->savtree_larval) || 4655 !TAILQ_EMPTY(&sah->savtree_alive)) { 4656 LIST_REMOVE(sah, drainq); 4657 key_freesah(&sah); /* release extra reference */ 4658 sah = nextsah; 4659 continue; 4660 } 4661 TAILQ_REMOVE(&V_sahtree, sah, chain); 4662 LIST_REMOVE(sah, addrhash); 4663 sah->state = SADB_SASTATE_DEAD; 4664 sah = nextsah; 4665 } 4666 SAHTREE_WUNLOCK(); 4667 4668 /* Send SPDEXPIRE messages */ 4669 sav = LIST_FIRST(&hexpireq); 4670 while (sav != NULL) { 4671 nextsav = LIST_NEXT(sav, drainq); 4672 key_expire(sav, 1); 4673 key_freesah(&sav->sah); /* release reference from SAV */ 4674 key_freesav(&sav); /* release extra reference */ 4675 key_freesav(&sav); /* release last reference */ 4676 sav = nextsav; 4677 } 4678 sav = LIST_FIRST(&sexpireq); 4679 while (sav != NULL) { 4680 nextsav = LIST_NEXT(sav, drainq); 4681 key_expire(sav, 0); 4682 key_freesav(&sav); /* release extra reference */ 4683 sav = nextsav; 4684 } 4685 /* Free stale LARVAL SAs */ 4686 sav = LIST_FIRST(&drainq); 4687 while (sav != NULL) { 4688 nextsav = LIST_NEXT(sav, drainq); 4689 key_freesah(&sav->sah); /* release reference from SAV */ 4690 key_freesav(&sav); /* release extra reference */ 4691 key_freesav(&sav); /* release last reference */ 4692 sav = nextsav; 4693 } 4694 /* Free SAs that were unlinked/changed by someone else */ 4695 sav = LIST_FIRST(&freeq); 4696 while (sav != NULL) { 4697 nextsav = LIST_NEXT(sav, drainq); 4698 key_freesav(&sav); /* release extra reference */ 4699 sav = nextsav; 4700 } 4701 /* Free empty SAH */ 4702 sah = LIST_FIRST(&emptyq); 4703 while (sah != NULL) { 4704 nextsah = LIST_NEXT(sah, drainq); 4705 key_freesah(&sah); /* release extra reference */ 4706 key_freesah(&sah); /* release last reference */ 4707 sah = nextsah; 4708 } 4709 } 4710 4711 static void 4712 key_flush_acq(time_t now) 4713 { 4714 struct secacq *acq, *nextacq; 4715 4716 /* ACQ tree */ 4717 ACQ_LOCK(); 4718 acq = LIST_FIRST(&V_acqtree); 4719 while (acq != NULL) { 4720 nextacq = LIST_NEXT(acq, chain); 4721 if (now - acq->created > V_key_blockacq_lifetime) { 4722 LIST_REMOVE(acq, chain); 4723 LIST_REMOVE(acq, addrhash); 4724 LIST_REMOVE(acq, seqhash); 4725 free(acq, M_IPSEC_SAQ); 4726 } 4727 acq = nextacq; 4728 } 4729 ACQ_UNLOCK(); 4730 } 4731 4732 static void 4733 key_flush_spacq(time_t now) 4734 { 4735 struct secspacq *acq, *nextacq; 4736 4737 /* SP ACQ tree */ 4738 SPACQ_LOCK(); 4739 for (acq = LIST_FIRST(&V_spacqtree); acq != NULL; acq = nextacq) { 4740 nextacq = LIST_NEXT(acq, chain); 4741 if (now - acq->created > V_key_blockacq_lifetime 4742 && __LIST_CHAINED(acq)) { 4743 LIST_REMOVE(acq, chain); 4744 free(acq, M_IPSEC_SAQ); 4745 } 4746 } 4747 SPACQ_UNLOCK(); 4748 } 4749 4750 /* 4751 * time handler. 4752 * scanning SPD and SAD to check status for each entries, 4753 * and do to remove or to expire. 4754 * XXX: year 2038 problem may remain. 4755 */ 4756 static void 4757 key_timehandler(void *arg) 4758 { 4759 VNET_ITERATOR_DECL(vnet_iter); 4760 time_t now = time_second; 4761 4762 VNET_LIST_RLOCK_NOSLEEP(); 4763 VNET_FOREACH(vnet_iter) { 4764 CURVNET_SET(vnet_iter); 4765 key_flush_spd(now); 4766 key_flush_sad(now); 4767 key_flush_acq(now); 4768 key_flush_spacq(now); 4769 CURVNET_RESTORE(); 4770 } 4771 VNET_LIST_RUNLOCK_NOSLEEP(); 4772 4773 #ifndef IPSEC_DEBUG2 4774 /* do exchange to tick time !! */ 4775 callout_schedule(&key_timer, hz); 4776 #endif /* IPSEC_DEBUG2 */ 4777 } 4778 4779 u_long 4780 key_random(void) 4781 { 4782 u_long value; 4783 4784 arc4random_buf(&value, sizeof(value)); 4785 return value; 4786 } 4787 4788 /* 4789 * map SADB_SATYPE_* to IPPROTO_*. 4790 * if satype == SADB_SATYPE then satype is mapped to ~0. 4791 * OUT: 4792 * 0: invalid satype. 4793 */ 4794 static uint8_t 4795 key_satype2proto(uint8_t satype) 4796 { 4797 switch (satype) { 4798 case SADB_SATYPE_UNSPEC: 4799 return IPSEC_PROTO_ANY; 4800 case SADB_SATYPE_AH: 4801 return IPPROTO_AH; 4802 case SADB_SATYPE_ESP: 4803 return IPPROTO_ESP; 4804 case SADB_X_SATYPE_IPCOMP: 4805 return IPPROTO_IPCOMP; 4806 case SADB_X_SATYPE_TCPSIGNATURE: 4807 return IPPROTO_TCP; 4808 default: 4809 return 0; 4810 } 4811 /* NOTREACHED */ 4812 } 4813 4814 /* 4815 * map IPPROTO_* to SADB_SATYPE_* 4816 * OUT: 4817 * 0: invalid protocol type. 4818 */ 4819 static uint8_t 4820 key_proto2satype(uint8_t proto) 4821 { 4822 switch (proto) { 4823 case IPPROTO_AH: 4824 return SADB_SATYPE_AH; 4825 case IPPROTO_ESP: 4826 return SADB_SATYPE_ESP; 4827 case IPPROTO_IPCOMP: 4828 return SADB_X_SATYPE_IPCOMP; 4829 case IPPROTO_TCP: 4830 return SADB_X_SATYPE_TCPSIGNATURE; 4831 default: 4832 return 0; 4833 } 4834 /* NOTREACHED */ 4835 } 4836 4837 /* %%% PF_KEY */ 4838 /* 4839 * SADB_GETSPI processing is to receive 4840 * <base, (SA2), src address, dst address, (SPI range)> 4841 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND 4842 * tree with the status of LARVAL, and send 4843 * <base, SA(*), address(SD)> 4844 * to the IKMPd. 4845 * 4846 * IN: mhp: pointer to the pointer to each header. 4847 * OUT: NULL if fail. 4848 * other if success, return pointer to the message to send. 4849 */ 4850 static int 4851 key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 4852 { 4853 struct secasindex saidx; 4854 struct sadb_address *src0, *dst0; 4855 struct secasvar *sav; 4856 uint32_t reqid, spi; 4857 int error; 4858 uint8_t mode, proto; 4859 4860 IPSEC_ASSERT(so != NULL, ("null socket")); 4861 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4862 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4863 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4864 4865 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 4866 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) 4867 #ifdef PFKEY_STRICT_CHECKS 4868 || SADB_CHECKHDR(mhp, SADB_EXT_SPIRANGE) 4869 #endif 4870 ) { 4871 ipseclog((LOG_DEBUG, 4872 "%s: invalid message: missing required header.\n", 4873 __func__)); 4874 error = EINVAL; 4875 goto fail; 4876 } 4877 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 4878 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) 4879 #ifdef PFKEY_STRICT_CHECKS 4880 || SADB_CHECKLEN(mhp, SADB_EXT_SPIRANGE) 4881 #endif 4882 ) { 4883 ipseclog((LOG_DEBUG, 4884 "%s: invalid message: wrong header size.\n", __func__)); 4885 error = EINVAL; 4886 goto fail; 4887 } 4888 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 4889 mode = IPSEC_MODE_ANY; 4890 reqid = 0; 4891 } else { 4892 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 4893 ipseclog((LOG_DEBUG, 4894 "%s: invalid message: wrong header size.\n", 4895 __func__)); 4896 error = EINVAL; 4897 goto fail; 4898 } 4899 mode = ((struct sadb_x_sa2 *) 4900 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 4901 reqid = ((struct sadb_x_sa2 *) 4902 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 4903 } 4904 4905 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 4906 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 4907 4908 /* map satype to proto */ 4909 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 4910 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 4911 __func__)); 4912 error = EINVAL; 4913 goto fail; 4914 } 4915 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 4916 (struct sockaddr *)(dst0 + 1)); 4917 if (error != 0) { 4918 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 4919 error = EINVAL; 4920 goto fail; 4921 } 4922 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 4923 4924 /* SPI allocation */ 4925 SPI_ALLOC_LOCK(); 4926 spi = key_do_getnewspi( 4927 (struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], &saidx); 4928 if (spi == 0) { 4929 /* 4930 * Requested SPI or SPI range is not available or 4931 * already used. 4932 */ 4933 SPI_ALLOC_UNLOCK(); 4934 error = EEXIST; 4935 goto fail; 4936 } 4937 sav = key_newsav(mhp, &saidx, spi, &error); 4938 SPI_ALLOC_UNLOCK(); 4939 if (sav == NULL) 4940 goto fail; 4941 4942 if (sav->seq != 0) { 4943 /* 4944 * RFC2367: 4945 * If the SADB_GETSPI message is in response to a 4946 * kernel-generated SADB_ACQUIRE, the sadb_msg_seq 4947 * MUST be the same as the SADB_ACQUIRE message. 4948 * 4949 * XXXAE: However it doesn't definethe behaviour how to 4950 * check this and what to do if it doesn't match. 4951 * Also what we should do if it matches? 4952 * 4953 * We can compare saidx used in SADB_ACQUIRE with saidx 4954 * used in SADB_GETSPI, but this probably can break 4955 * existing software. For now just warn if it doesn't match. 4956 * 4957 * XXXAE: anyway it looks useless. 4958 */ 4959 key_acqdone(&saidx, sav->seq); 4960 } 4961 KEYDBG(KEY_STAMP, 4962 printf("%s: SA(%p)\n", __func__, sav)); 4963 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 4964 4965 { 4966 struct mbuf *n, *nn; 4967 struct sadb_sa *m_sa; 4968 struct sadb_msg *newmsg; 4969 int off, len; 4970 4971 /* create new sadb_msg to reply. */ 4972 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 4973 PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4974 4975 MGETHDR(n, M_NOWAIT, MT_DATA); 4976 if (len > MHLEN) { 4977 if (!(MCLGET(n, M_NOWAIT))) { 4978 m_freem(n); 4979 n = NULL; 4980 } 4981 } 4982 if (!n) { 4983 error = ENOBUFS; 4984 goto fail; 4985 } 4986 4987 n->m_len = len; 4988 n->m_next = NULL; 4989 off = 0; 4990 4991 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 4992 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 4993 4994 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off); 4995 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); 4996 m_sa->sadb_sa_exttype = SADB_EXT_SA; 4997 m_sa->sadb_sa_spi = spi; /* SPI is already in network byte order */ 4998 off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4999 5000 IPSEC_ASSERT(off == len, 5001 ("length inconsistency (off %u len %u)", off, len)); 5002 5003 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, 5004 SADB_EXT_ADDRESS_DST); 5005 if (!n->m_next) { 5006 m_freem(n); 5007 error = ENOBUFS; 5008 goto fail; 5009 } 5010 5011 if (n->m_len < sizeof(struct sadb_msg)) { 5012 n = m_pullup(n, sizeof(struct sadb_msg)); 5013 if (n == NULL) 5014 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 5015 } 5016 5017 n->m_pkthdr.len = 0; 5018 for (nn = n; nn; nn = nn->m_next) 5019 n->m_pkthdr.len += nn->m_len; 5020 5021 newmsg = mtod(n, struct sadb_msg *); 5022 newmsg->sadb_msg_seq = sav->seq; 5023 newmsg->sadb_msg_errno = 0; 5024 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5025 5026 m_freem(m); 5027 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 5028 } 5029 5030 fail: 5031 return (key_senderror(so, m, error)); 5032 } 5033 5034 /* 5035 * allocating new SPI 5036 * called by key_getspi(). 5037 * OUT: 5038 * 0: failure. 5039 * others: success, SPI in network byte order. 5040 */ 5041 static uint32_t 5042 key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx) 5043 { 5044 uint32_t min, max, newspi, t; 5045 int tries, limit; 5046 5047 SPI_ALLOC_LOCK_ASSERT(); 5048 5049 /* set spi range to allocate */ 5050 if (spirange != NULL) { 5051 min = spirange->sadb_spirange_min; 5052 max = spirange->sadb_spirange_max; 5053 } else { 5054 min = V_key_spi_minval; 5055 max = V_key_spi_maxval; 5056 } 5057 /* IPCOMP needs 2-byte SPI */ 5058 if (saidx->proto == IPPROTO_IPCOMP) { 5059 if (min >= 0x10000) 5060 min = 0xffff; 5061 if (max >= 0x10000) 5062 max = 0xffff; 5063 if (min > max) { 5064 t = min; min = max; max = t; 5065 } 5066 } 5067 5068 if (min == max) { 5069 if (key_checkspidup(htonl(min))) { 5070 ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n", 5071 __func__, min)); 5072 return 0; 5073 } 5074 5075 tries = 1; 5076 newspi = min; 5077 } else { 5078 /* init SPI */ 5079 newspi = 0; 5080 5081 limit = atomic_load_int(&V_key_spi_trycnt); 5082 /* when requesting to allocate spi ranged */ 5083 for (tries = 0; tries < limit; tries++) { 5084 /* generate pseudo-random SPI value ranged. */ 5085 newspi = min + (key_random() % (max - min + 1)); 5086 if (!key_checkspidup(htonl(newspi))) 5087 break; 5088 } 5089 5090 if (tries == limit || newspi == 0) { 5091 ipseclog((LOG_DEBUG, 5092 "%s: failed to allocate SPI.\n", __func__)); 5093 return 0; 5094 } 5095 } 5096 5097 /* statistics */ 5098 keystat.getspi_count = 5099 (keystat.getspi_count + tries) / 2; 5100 5101 return (htonl(newspi)); 5102 } 5103 5104 /* 5105 * Find TCP-MD5 SA with corresponding secasindex. 5106 * If not found, return NULL and fill SPI with usable value if needed. 5107 */ 5108 static struct secasvar * 5109 key_getsav_tcpmd5(struct secasindex *saidx, uint32_t *spi) 5110 { 5111 SAHTREE_RLOCK_TRACKER; 5112 struct secashead *sah; 5113 struct secasvar *sav; 5114 5115 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, ("wrong proto")); 5116 SAHTREE_RLOCK(); 5117 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 5118 if (sah->saidx.proto != IPPROTO_TCP) 5119 continue; 5120 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 5121 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 5122 break; 5123 } 5124 if (sah != NULL) { 5125 if (V_key_preferred_oldsa) 5126 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 5127 else 5128 sav = TAILQ_FIRST(&sah->savtree_alive); 5129 if (sav != NULL) { 5130 SAV_ADDREF(sav); 5131 SAHTREE_RUNLOCK(); 5132 return (sav); 5133 } 5134 } 5135 if (spi == NULL) { 5136 /* No SPI required */ 5137 SAHTREE_RUNLOCK(); 5138 return (NULL); 5139 } 5140 /* Check that SPI is unique */ 5141 LIST_FOREACH(sav, SAVHASH_HASH(*spi), spihash) { 5142 if (sav->spi == *spi) 5143 break; 5144 } 5145 if (sav == NULL) { 5146 SAHTREE_RUNLOCK(); 5147 /* SPI is already unique */ 5148 return (NULL); 5149 } 5150 SAHTREE_RUNLOCK(); 5151 /* XXX: not optimal */ 5152 *spi = key_do_getnewspi(NULL, saidx); 5153 return (NULL); 5154 } 5155 5156 static int 5157 key_updateaddresses(struct socket *so, struct mbuf *m, 5158 const struct sadb_msghdr *mhp, struct secasvar *sav, 5159 struct secasindex *saidx) 5160 { 5161 struct sockaddr *newaddr; 5162 struct secashead *sah; 5163 struct secasvar *newsav, *tmp; 5164 struct mbuf *n; 5165 int error, isnew; 5166 5167 /* Check that we need to change SAH */ 5168 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC)) { 5169 newaddr = (struct sockaddr *)( 5170 ((struct sadb_address *) 5171 mhp->ext[SADB_X_EXT_NEW_ADDRESS_SRC]) + 1); 5172 bcopy(newaddr, &saidx->src, newaddr->sa_len); 5173 key_porttosaddr(&saidx->src.sa, 0); 5174 } 5175 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5176 newaddr = (struct sockaddr *)( 5177 ((struct sadb_address *) 5178 mhp->ext[SADB_X_EXT_NEW_ADDRESS_DST]) + 1); 5179 bcopy(newaddr, &saidx->dst, newaddr->sa_len); 5180 key_porttosaddr(&saidx->dst.sa, 0); 5181 } 5182 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5183 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5184 error = key_checksockaddrs(&saidx->src.sa, &saidx->dst.sa); 5185 if (error != 0) { 5186 ipseclog((LOG_DEBUG, "%s: invalid new sockaddr.\n", 5187 __func__)); 5188 return (error); 5189 } 5190 5191 sah = key_getsah(saidx); 5192 if (sah == NULL) { 5193 /* create a new SA index */ 5194 sah = key_newsah(saidx); 5195 if (sah == NULL) { 5196 ipseclog((LOG_DEBUG, 5197 "%s: No more memory.\n", __func__)); 5198 return (ENOBUFS); 5199 } 5200 isnew = 2; /* SAH is new */ 5201 } else 5202 isnew = 1; /* existing SAH is referenced */ 5203 } else { 5204 /* 5205 * src and dst addresses are still the same. 5206 * Do we want to change NAT-T config? 5207 */ 5208 if (sav->sah->saidx.proto != IPPROTO_ESP || 5209 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5210 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) || 5211 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5212 ipseclog((LOG_DEBUG, 5213 "%s: invalid message: missing required header.\n", 5214 __func__)); 5215 return (EINVAL); 5216 } 5217 /* We hold reference to SA, thus SAH will be referenced too. */ 5218 sah = sav->sah; 5219 isnew = 0; 5220 } 5221 5222 newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, 5223 M_NOWAIT | M_ZERO); 5224 if (newsav == NULL) { 5225 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5226 error = ENOBUFS; 5227 goto fail; 5228 } 5229 5230 /* Clone SA's content into newsav */ 5231 SAV_INITREF(newsav); 5232 bcopy(sav, newsav, offsetof(struct secasvar, chain)); 5233 /* 5234 * We create new NAT-T config if it is needed. 5235 * Old NAT-T config will be freed by key_cleansav() when 5236 * last reference to SA will be released. 5237 */ 5238 newsav->natt = NULL; 5239 newsav->sah = sah; 5240 newsav->state = SADB_SASTATE_MATURE; 5241 error = key_setnatt(newsav, mhp); 5242 if (error != 0) 5243 goto fail; 5244 5245 SAHTREE_WLOCK(); 5246 /* Check that SA is still alive */ 5247 if (sav->state == SADB_SASTATE_DEAD) { 5248 /* SA was unlinked */ 5249 SAHTREE_WUNLOCK(); 5250 error = ESRCH; 5251 goto fail; 5252 } 5253 5254 /* Unlink SA from SAH and SPI hash */ 5255 IPSEC_ASSERT((sav->flags & SADB_X_EXT_F_CLONED) == 0, 5256 ("SA is already cloned")); 5257 IPSEC_ASSERT(sav->state == SADB_SASTATE_MATURE || 5258 sav->state == SADB_SASTATE_DYING, 5259 ("Wrong SA state %u\n", sav->state)); 5260 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 5261 LIST_REMOVE(sav, spihash); 5262 sav->state = SADB_SASTATE_DEAD; 5263 5264 /* 5265 * Link new SA with SAH. Keep SAs ordered by 5266 * create time (newer are first). 5267 */ 5268 TAILQ_FOREACH(tmp, &sah->savtree_alive, chain) { 5269 if (newsav->created > tmp->created) { 5270 TAILQ_INSERT_BEFORE(tmp, newsav, chain); 5271 break; 5272 } 5273 } 5274 if (tmp == NULL) 5275 TAILQ_INSERT_TAIL(&sah->savtree_alive, newsav, chain); 5276 5277 /* Add new SA into SPI hash. */ 5278 LIST_INSERT_HEAD(SAVHASH_HASH(newsav->spi), newsav, spihash); 5279 5280 /* Add new SAH into SADB. */ 5281 if (isnew == 2) { 5282 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 5283 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 5284 sah->state = SADB_SASTATE_MATURE; 5285 SAH_ADDREF(sah); /* newsav references new SAH */ 5286 } 5287 /* 5288 * isnew == 1 -> @sah was referenced by key_getsah(). 5289 * isnew == 0 -> we use the same @sah, that was used by @sav, 5290 * and we use its reference for @newsav. 5291 */ 5292 SECASVAR_WLOCK(sav); 5293 /* XXX: replace cntr with pointer? */ 5294 newsav->cntr = sav->cntr; 5295 sav->flags |= SADB_X_EXT_F_CLONED; 5296 SECASVAR_WUNLOCK(sav); 5297 5298 SAHTREE_WUNLOCK(); 5299 5300 KEYDBG(KEY_STAMP, 5301 printf("%s: SA(%p) cloned into SA(%p)\n", 5302 __func__, sav, newsav)); 5303 KEYDBG(KEY_DATA, kdebug_secasv(newsav)); 5304 5305 key_freesav(&sav); /* release last reference */ 5306 5307 /* set msg buf from mhp */ 5308 n = key_getmsgbuf_x1(m, mhp); 5309 if (n == NULL) { 5310 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5311 return (ENOBUFS); 5312 } 5313 m_freem(m); 5314 key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5315 return (0); 5316 fail: 5317 if (isnew != 0) 5318 key_freesah(&sah); 5319 if (newsav != NULL) { 5320 if (newsav->natt != NULL) 5321 free(newsav->natt, M_IPSEC_MISC); 5322 free(newsav, M_IPSEC_SA); 5323 } 5324 return (error); 5325 } 5326 5327 /* 5328 * SADB_UPDATE processing 5329 * receive 5330 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5331 * key(AE), (identity(SD),) (sensitivity)> 5332 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. 5333 * and send 5334 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5335 * (identity(SD),) (sensitivity)> 5336 * to the ikmpd. 5337 * 5338 * m will always be freed. 5339 */ 5340 static int 5341 key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5342 { 5343 struct secasindex saidx; 5344 struct sadb_address *src0, *dst0; 5345 struct sadb_sa *sa0; 5346 struct secasvar *sav; 5347 uint32_t reqid; 5348 int error; 5349 uint8_t mode, proto; 5350 5351 IPSEC_ASSERT(so != NULL, ("null socket")); 5352 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5353 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5354 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5355 5356 /* map satype to proto */ 5357 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5358 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5359 __func__)); 5360 return key_senderror(so, m, EINVAL); 5361 } 5362 5363 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5364 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5365 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5366 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5367 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5368 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5369 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5370 ipseclog((LOG_DEBUG, 5371 "%s: invalid message: missing required header.\n", 5372 __func__)); 5373 return key_senderror(so, m, EINVAL); 5374 } 5375 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5376 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5377 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5378 ipseclog((LOG_DEBUG, 5379 "%s: invalid message: wrong header size.\n", __func__)); 5380 return key_senderror(so, m, EINVAL); 5381 } 5382 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5383 mode = IPSEC_MODE_ANY; 5384 reqid = 0; 5385 } else { 5386 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5387 ipseclog((LOG_DEBUG, 5388 "%s: invalid message: wrong header size.\n", 5389 __func__)); 5390 return key_senderror(so, m, EINVAL); 5391 } 5392 mode = ((struct sadb_x_sa2 *) 5393 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5394 reqid = ((struct sadb_x_sa2 *) 5395 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5396 } 5397 5398 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5399 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5400 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5401 5402 /* 5403 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5404 * SADB_UPDATE message. 5405 */ 5406 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5407 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5408 #ifdef PFKEY_STRICT_CHECKS 5409 return key_senderror(so, m, EINVAL); 5410 #endif 5411 } 5412 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5413 (struct sockaddr *)(dst0 + 1)); 5414 if (error != 0) { 5415 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5416 return key_senderror(so, m, error); 5417 } 5418 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5419 sav = key_getsavbyspi(sa0->sadb_sa_spi); 5420 if (sav == NULL) { 5421 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u\n", 5422 __func__, ntohl(sa0->sadb_sa_spi))); 5423 return key_senderror(so, m, EINVAL); 5424 } 5425 /* 5426 * Check that SADB_UPDATE issued by the same process that did 5427 * SADB_GETSPI or SADB_ADD. 5428 */ 5429 if (sav->pid != mhp->msg->sadb_msg_pid) { 5430 ipseclog((LOG_DEBUG, 5431 "%s: pid mismatched (SPI %u, pid %u vs. %u)\n", __func__, 5432 ntohl(sav->spi), sav->pid, mhp->msg->sadb_msg_pid)); 5433 key_freesav(&sav); 5434 return key_senderror(so, m, EINVAL); 5435 } 5436 /* saidx should match with SA. */ 5437 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_MODE_REQID) == 0) { 5438 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u\n", 5439 __func__, ntohl(sav->spi))); 5440 key_freesav(&sav); 5441 return key_senderror(so, m, ESRCH); 5442 } 5443 5444 if (sav->state == SADB_SASTATE_LARVAL) { 5445 if ((mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5446 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) || 5447 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5448 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH))) { 5449 ipseclog((LOG_DEBUG, 5450 "%s: invalid message: missing required header.\n", 5451 __func__)); 5452 key_freesav(&sav); 5453 return key_senderror(so, m, EINVAL); 5454 } 5455 /* 5456 * We can set any values except src, dst and SPI. 5457 */ 5458 error = key_setsaval(sav, mhp); 5459 if (error != 0) { 5460 key_freesav(&sav); 5461 return (key_senderror(so, m, error)); 5462 } 5463 /* Change SA state to MATURE */ 5464 SAHTREE_WLOCK(); 5465 if (sav->state != SADB_SASTATE_LARVAL) { 5466 /* SA was deleted or another thread made it MATURE. */ 5467 SAHTREE_WUNLOCK(); 5468 key_freesav(&sav); 5469 return (key_senderror(so, m, ESRCH)); 5470 } 5471 /* 5472 * NOTE: we keep SAs in savtree_alive ordered by created 5473 * time. When SA's state changed from LARVAL to MATURE, 5474 * we update its created time in key_setsaval() and move 5475 * it into head of savtree_alive. 5476 */ 5477 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 5478 TAILQ_INSERT_HEAD(&sav->sah->savtree_alive, sav, chain); 5479 sav->state = SADB_SASTATE_MATURE; 5480 SAHTREE_WUNLOCK(); 5481 } else { 5482 /* 5483 * For DYING and MATURE SA we can change only state 5484 * and lifetimes. Report EINVAL if something else attempted 5485 * to change. 5486 */ 5487 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5488 !SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 5489 key_freesav(&sav); 5490 return (key_senderror(so, m, EINVAL)); 5491 } 5492 error = key_updatelifetimes(sav, mhp); 5493 if (error != 0) { 5494 key_freesav(&sav); 5495 return (key_senderror(so, m, error)); 5496 } 5497 /* 5498 * This is FreeBSD extension to RFC2367. 5499 * IKEd can specify SADB_X_EXT_NEW_ADDRESS_SRC and/or 5500 * SADB_X_EXT_NEW_ADDRESS_DST when it wants to change 5501 * SA addresses (for example to implement MOBIKE protocol 5502 * as described in RFC4555). Also we allow to change 5503 * NAT-T config. 5504 */ 5505 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5506 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST) || 5507 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5508 sav->natt != NULL) { 5509 error = key_updateaddresses(so, m, mhp, sav, &saidx); 5510 key_freesav(&sav); 5511 if (error != 0) 5512 return (key_senderror(so, m, error)); 5513 return (0); 5514 } 5515 /* Check that SA is still alive */ 5516 SAHTREE_WLOCK(); 5517 if (sav->state == SADB_SASTATE_DEAD) { 5518 /* SA was unlinked */ 5519 SAHTREE_WUNLOCK(); 5520 key_freesav(&sav); 5521 return (key_senderror(so, m, ESRCH)); 5522 } 5523 /* 5524 * NOTE: there is possible state moving from DYING to MATURE, 5525 * but this doesn't change created time, so we won't reorder 5526 * this SA. 5527 */ 5528 sav->state = SADB_SASTATE_MATURE; 5529 SAHTREE_WUNLOCK(); 5530 } 5531 KEYDBG(KEY_STAMP, 5532 printf("%s: SA(%p)\n", __func__, sav)); 5533 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5534 key_freesav(&sav); 5535 5536 { 5537 struct mbuf *n; 5538 5539 /* set msg buf from mhp */ 5540 n = key_getmsgbuf_x1(m, mhp); 5541 if (n == NULL) { 5542 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5543 return key_senderror(so, m, ENOBUFS); 5544 } 5545 5546 m_freem(m); 5547 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5548 } 5549 } 5550 5551 /* 5552 * SADB_ADD processing 5553 * add an entry to SA database, when received 5554 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5555 * key(AE), (identity(SD),) (sensitivity)> 5556 * from the ikmpd, 5557 * and send 5558 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5559 * (identity(SD),) (sensitivity)> 5560 * to the ikmpd. 5561 * 5562 * IGNORE identity and sensitivity messages. 5563 * 5564 * m will always be freed. 5565 */ 5566 static int 5567 key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5568 { 5569 struct secasindex saidx; 5570 struct sadb_address *src0, *dst0; 5571 struct sadb_sa *sa0; 5572 struct secasvar *sav; 5573 uint32_t reqid, spi; 5574 uint8_t mode, proto; 5575 int error; 5576 5577 IPSEC_ASSERT(so != NULL, ("null socket")); 5578 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5579 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5580 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5581 5582 /* map satype to proto */ 5583 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5584 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5585 __func__)); 5586 return key_senderror(so, m, EINVAL); 5587 } 5588 5589 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5590 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5591 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5592 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && ( 5593 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5594 SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT))) || 5595 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && ( 5596 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH) || 5597 SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH))) || 5598 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5599 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5600 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5601 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5602 ipseclog((LOG_DEBUG, 5603 "%s: invalid message: missing required header.\n", 5604 __func__)); 5605 return key_senderror(so, m, EINVAL); 5606 } 5607 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5608 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5609 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5610 ipseclog((LOG_DEBUG, 5611 "%s: invalid message: wrong header size.\n", __func__)); 5612 return key_senderror(so, m, EINVAL); 5613 } 5614 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5615 mode = IPSEC_MODE_ANY; 5616 reqid = 0; 5617 } else { 5618 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5619 ipseclog((LOG_DEBUG, 5620 "%s: invalid message: wrong header size.\n", 5621 __func__)); 5622 return key_senderror(so, m, EINVAL); 5623 } 5624 mode = ((struct sadb_x_sa2 *) 5625 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5626 reqid = ((struct sadb_x_sa2 *) 5627 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5628 } 5629 5630 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5631 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 5632 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 5633 5634 /* 5635 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5636 * SADB_ADD message. 5637 */ 5638 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5639 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5640 #ifdef PFKEY_STRICT_CHECKS 5641 return key_senderror(so, m, EINVAL); 5642 #endif 5643 } 5644 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5645 (struct sockaddr *)(dst0 + 1)); 5646 if (error != 0) { 5647 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5648 return key_senderror(so, m, error); 5649 } 5650 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5651 spi = sa0->sadb_sa_spi; 5652 /* 5653 * For TCP-MD5 SAs we don't use SPI. Check the uniqueness using 5654 * secasindex. 5655 * XXXAE: IPComp seems also doesn't use SPI. 5656 */ 5657 SPI_ALLOC_LOCK(); 5658 if (proto == IPPROTO_TCP) { 5659 sav = key_getsav_tcpmd5(&saidx, &spi); 5660 if (sav == NULL && spi == 0) { 5661 SPI_ALLOC_UNLOCK(); 5662 /* Failed to allocate SPI */ 5663 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", 5664 __func__)); 5665 return key_senderror(so, m, EEXIST); 5666 } 5667 /* XXX: SPI that we report back can have another value */ 5668 } else { 5669 /* We can create new SA only if SPI is different. */ 5670 sav = key_getsavbyspi(spi); 5671 } 5672 if (sav != NULL) { 5673 SPI_ALLOC_UNLOCK(); 5674 key_freesav(&sav); 5675 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__)); 5676 return key_senderror(so, m, EEXIST); 5677 } 5678 5679 sav = key_newsav(mhp, &saidx, spi, &error); 5680 SPI_ALLOC_UNLOCK(); 5681 if (sav == NULL) 5682 return key_senderror(so, m, error); 5683 KEYDBG(KEY_STAMP, 5684 printf("%s: return SA(%p)\n", __func__, sav)); 5685 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5686 /* 5687 * If SADB_ADD was in response to SADB_ACQUIRE, we need to schedule 5688 * ACQ for deletion. 5689 */ 5690 if (sav->seq != 0) 5691 key_acqdone(&saidx, sav->seq); 5692 5693 { 5694 /* 5695 * Don't call key_freesav() on error here, as we would like to 5696 * keep the SA in the database. 5697 */ 5698 struct mbuf *n; 5699 5700 /* set msg buf from mhp */ 5701 n = key_getmsgbuf_x1(m, mhp); 5702 if (n == NULL) { 5703 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5704 return key_senderror(so, m, ENOBUFS); 5705 } 5706 5707 m_freem(m); 5708 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5709 } 5710 } 5711 5712 /* 5713 * NAT-T support. 5714 * IKEd may request the use ESP in UDP encapsulation when it detects the 5715 * presence of NAT. It uses NAT-T extension headers for such SAs to specify 5716 * parameters needed for encapsulation and decapsulation. These PF_KEY 5717 * extension headers are not standardized, so this comment addresses our 5718 * implementation. 5719 * SADB_X_EXT_NAT_T_TYPE specifies type of encapsulation, we support only 5720 * UDP_ENCAP_ESPINUDP as described in RFC3948. 5721 * SADB_X_EXT_NAT_T_SPORT/DPORT specifies source and destination ports for 5722 * UDP header. We use these ports in UDP encapsulation procedure, also we 5723 * can check them in UDP decapsulation procedure. 5724 * SADB_X_EXT_NAT_T_OA[IR] specifies original address of initiator or 5725 * responder. These addresses can be used for transport mode to adjust 5726 * checksum after decapsulation and decryption. Since original IP addresses 5727 * used by peer usually different (we detected presence of NAT), TCP/UDP 5728 * pseudo header checksum and IP header checksum was calculated using original 5729 * addresses. After decapsulation and decryption we need to adjust checksum 5730 * to have correct datagram. 5731 * 5732 * We expect presence of NAT-T extension headers only in SADB_ADD and 5733 * SADB_UPDATE messages. We report NAT-T extension headers in replies 5734 * to SADB_ADD, SADB_UPDATE, SADB_GET, and SADB_DUMP messages. 5735 */ 5736 static int 5737 key_setnatt(struct secasvar *sav, const struct sadb_msghdr *mhp) 5738 { 5739 struct sadb_x_nat_t_port *port; 5740 struct sadb_x_nat_t_type *type; 5741 struct sadb_address *oai, *oar; 5742 struct sockaddr *sa; 5743 uint32_t addr; 5744 uint16_t cksum; 5745 5746 IPSEC_ASSERT(sav->natt == NULL, ("natt is already initialized")); 5747 /* 5748 * Ignore NAT-T headers if sproto isn't ESP. 5749 */ 5750 if (sav->sah->saidx.proto != IPPROTO_ESP) 5751 return (0); 5752 5753 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) && 5754 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) && 5755 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5756 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_TYPE) || 5757 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_SPORT) || 5758 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5759 ipseclog((LOG_DEBUG, 5760 "%s: invalid message: wrong header size.\n", 5761 __func__)); 5762 return (EINVAL); 5763 } 5764 } else 5765 return (0); 5766 5767 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5768 if (type->sadb_x_nat_t_type_type != UDP_ENCAP_ESPINUDP) { 5769 ipseclog((LOG_DEBUG, "%s: unsupported NAT-T type %u.\n", 5770 __func__, type->sadb_x_nat_t_type_type)); 5771 return (EINVAL); 5772 } 5773 /* 5774 * Allocate storage for NAT-T config. 5775 * On error it will be released by key_cleansav(). 5776 */ 5777 sav->natt = malloc(sizeof(struct secnatt), M_IPSEC_MISC, 5778 M_NOWAIT | M_ZERO); 5779 if (sav->natt == NULL) { 5780 PFKEYSTAT_INC(in_nomem); 5781 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5782 return (ENOBUFS); 5783 } 5784 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5785 if (port->sadb_x_nat_t_port_port == 0) { 5786 ipseclog((LOG_DEBUG, "%s: invalid NAT-T sport specified.\n", 5787 __func__)); 5788 return (EINVAL); 5789 } 5790 sav->natt->sport = port->sadb_x_nat_t_port_port; 5791 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5792 if (port->sadb_x_nat_t_port_port == 0) { 5793 ipseclog((LOG_DEBUG, "%s: invalid NAT-T dport specified.\n", 5794 __func__)); 5795 return (EINVAL); 5796 } 5797 sav->natt->dport = port->sadb_x_nat_t_port_port; 5798 5799 /* 5800 * SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR are optional 5801 * and needed only for transport mode IPsec. 5802 * Usually NAT translates only one address, but it is possible, 5803 * that both addresses could be translated. 5804 * NOTE: Value of SADB_X_EXT_NAT_T_OAI is equal to SADB_X_EXT_NAT_T_OA. 5805 */ 5806 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAI)) { 5807 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAI)) { 5808 ipseclog((LOG_DEBUG, 5809 "%s: invalid message: wrong header size.\n", 5810 __func__)); 5811 return (EINVAL); 5812 } 5813 oai = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI]; 5814 } else 5815 oai = NULL; 5816 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAR)) { 5817 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAR)) { 5818 ipseclog((LOG_DEBUG, 5819 "%s: invalid message: wrong header size.\n", 5820 __func__)); 5821 return (EINVAL); 5822 } 5823 oar = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR]; 5824 } else 5825 oar = NULL; 5826 5827 /* Initialize addresses only for transport mode */ 5828 if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) { 5829 cksum = 0; 5830 if (oai != NULL) { 5831 /* Currently we support only AF_INET */ 5832 sa = (struct sockaddr *)(oai + 1); 5833 if (sa->sa_family != AF_INET || 5834 sa->sa_len != sizeof(struct sockaddr_in)) { 5835 ipseclog((LOG_DEBUG, 5836 "%s: wrong NAT-OAi header.\n", 5837 __func__)); 5838 return (EINVAL); 5839 } 5840 /* Ignore address if it the same */ 5841 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5842 sav->sah->saidx.src.sin.sin_addr.s_addr) { 5843 bcopy(sa, &sav->natt->oai.sa, sa->sa_len); 5844 sav->natt->flags |= IPSEC_NATT_F_OAI; 5845 /* Calculate checksum delta */ 5846 addr = sav->sah->saidx.src.sin.sin_addr.s_addr; 5847 cksum = in_addword(cksum, ~addr >> 16); 5848 cksum = in_addword(cksum, ~addr & 0xffff); 5849 addr = sav->natt->oai.sin.sin_addr.s_addr; 5850 cksum = in_addword(cksum, addr >> 16); 5851 cksum = in_addword(cksum, addr & 0xffff); 5852 } 5853 } 5854 if (oar != NULL) { 5855 /* Currently we support only AF_INET */ 5856 sa = (struct sockaddr *)(oar + 1); 5857 if (sa->sa_family != AF_INET || 5858 sa->sa_len != sizeof(struct sockaddr_in)) { 5859 ipseclog((LOG_DEBUG, 5860 "%s: wrong NAT-OAr header.\n", 5861 __func__)); 5862 return (EINVAL); 5863 } 5864 /* Ignore address if it the same */ 5865 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5866 sav->sah->saidx.dst.sin.sin_addr.s_addr) { 5867 bcopy(sa, &sav->natt->oar.sa, sa->sa_len); 5868 sav->natt->flags |= IPSEC_NATT_F_OAR; 5869 /* Calculate checksum delta */ 5870 addr = sav->sah->saidx.dst.sin.sin_addr.s_addr; 5871 cksum = in_addword(cksum, ~addr >> 16); 5872 cksum = in_addword(cksum, ~addr & 0xffff); 5873 addr = sav->natt->oar.sin.sin_addr.s_addr; 5874 cksum = in_addword(cksum, addr >> 16); 5875 cksum = in_addword(cksum, addr & 0xffff); 5876 } 5877 } 5878 sav->natt->cksum = cksum; 5879 } 5880 return (0); 5881 } 5882 5883 static int 5884 key_setident(struct secashead *sah, const struct sadb_msghdr *mhp) 5885 { 5886 const struct sadb_ident *idsrc, *iddst; 5887 5888 IPSEC_ASSERT(sah != NULL, ("null secashead")); 5889 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5890 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5891 5892 /* don't make buffer if not there */ 5893 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) && 5894 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5895 sah->idents = NULL; 5896 sah->identd = NULL; 5897 return (0); 5898 } 5899 5900 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) || 5901 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5902 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__)); 5903 return (EINVAL); 5904 } 5905 5906 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC]; 5907 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST]; 5908 5909 /* validity check */ 5910 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { 5911 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__)); 5912 return EINVAL; 5913 } 5914 5915 switch (idsrc->sadb_ident_type) { 5916 case SADB_IDENTTYPE_PREFIX: 5917 case SADB_IDENTTYPE_FQDN: 5918 case SADB_IDENTTYPE_USERFQDN: 5919 default: 5920 /* XXX do nothing */ 5921 sah->idents = NULL; 5922 sah->identd = NULL; 5923 return 0; 5924 } 5925 5926 /* make structure */ 5927 sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5928 if (sah->idents == NULL) { 5929 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5930 return ENOBUFS; 5931 } 5932 sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5933 if (sah->identd == NULL) { 5934 free(sah->idents, M_IPSEC_MISC); 5935 sah->idents = NULL; 5936 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5937 return ENOBUFS; 5938 } 5939 sah->idents->type = idsrc->sadb_ident_type; 5940 sah->idents->id = idsrc->sadb_ident_id; 5941 5942 sah->identd->type = iddst->sadb_ident_type; 5943 sah->identd->id = iddst->sadb_ident_id; 5944 5945 return 0; 5946 } 5947 5948 /* 5949 * m will not be freed on return. 5950 * it is caller's responsibility to free the result. 5951 * 5952 * Called from SADB_ADD and SADB_UPDATE. Reply will contain headers 5953 * from the request in defined order. 5954 */ 5955 static struct mbuf * 5956 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp) 5957 { 5958 struct mbuf *n; 5959 5960 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5961 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5962 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5963 5964 /* create new sadb_msg to reply. */ 5965 n = key_gather_mbuf(m, mhp, 1, 16, SADB_EXT_RESERVED, 5966 SADB_EXT_SA, SADB_X_EXT_SA2, 5967 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, 5968 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 5969 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 5970 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT, 5971 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, 5972 SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NEW_ADDRESS_SRC, 5973 SADB_X_EXT_NEW_ADDRESS_DST); 5974 if (!n) 5975 return NULL; 5976 5977 if (n->m_len < sizeof(struct sadb_msg)) { 5978 n = m_pullup(n, sizeof(struct sadb_msg)); 5979 if (n == NULL) 5980 return NULL; 5981 } 5982 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; 5983 mtod(n, struct sadb_msg *)->sadb_msg_len = 5984 PFKEY_UNIT64(n->m_pkthdr.len); 5985 5986 return n; 5987 } 5988 5989 /* 5990 * SADB_DELETE processing 5991 * receive 5992 * <base, SA(*), address(SD)> 5993 * from the ikmpd, and set SADB_SASTATE_DEAD, 5994 * and send, 5995 * <base, SA(*), address(SD)> 5996 * to the ikmpd. 5997 * 5998 * m will always be freed. 5999 */ 6000 static int 6001 key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6002 { 6003 struct secasindex saidx; 6004 struct sadb_address *src0, *dst0; 6005 struct secasvar *sav; 6006 struct sadb_sa *sa0; 6007 uint8_t proto; 6008 6009 IPSEC_ASSERT(so != NULL, ("null socket")); 6010 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6011 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6012 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6013 6014 /* map satype to proto */ 6015 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6016 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6017 __func__)); 6018 return key_senderror(so, m, EINVAL); 6019 } 6020 6021 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6022 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 6023 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6024 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6025 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 6026 __func__)); 6027 return key_senderror(so, m, EINVAL); 6028 } 6029 6030 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 6031 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 6032 6033 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6034 (struct sockaddr *)(dst0 + 1)) != 0) { 6035 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6036 return (key_senderror(so, m, EINVAL)); 6037 } 6038 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6039 if (SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 6040 /* 6041 * Caller wants us to delete all non-LARVAL SAs 6042 * that match the src/dst. This is used during 6043 * IKE INITIAL-CONTACT. 6044 * XXXAE: this looks like some extension to RFC2367. 6045 */ 6046 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__)); 6047 return (key_delete_all(so, m, mhp, &saidx)); 6048 } 6049 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 6050 ipseclog((LOG_DEBUG, 6051 "%s: invalid message: wrong header size.\n", __func__)); 6052 return (key_senderror(so, m, EINVAL)); 6053 } 6054 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6055 SPI_ALLOC_LOCK(); 6056 if (proto == IPPROTO_TCP) 6057 sav = key_getsav_tcpmd5(&saidx, NULL); 6058 else 6059 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6060 SPI_ALLOC_UNLOCK(); 6061 if (sav == NULL) { 6062 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u.\n", 6063 __func__, ntohl(sa0->sadb_sa_spi))); 6064 return (key_senderror(so, m, ESRCH)); 6065 } 6066 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6067 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6068 __func__, ntohl(sav->spi))); 6069 key_freesav(&sav); 6070 return (key_senderror(so, m, ESRCH)); 6071 } 6072 KEYDBG(KEY_STAMP, 6073 printf("%s: SA(%p)\n", __func__, sav)); 6074 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6075 key_unlinksav(sav); 6076 key_freesav(&sav); 6077 6078 { 6079 struct mbuf *n; 6080 struct sadb_msg *newmsg; 6081 6082 /* create new sadb_msg to reply. */ 6083 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 6084 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6085 if (!n) 6086 return key_senderror(so, m, ENOBUFS); 6087 6088 if (n->m_len < sizeof(struct sadb_msg)) { 6089 n = m_pullup(n, sizeof(struct sadb_msg)); 6090 if (n == NULL) 6091 return key_senderror(so, m, ENOBUFS); 6092 } 6093 newmsg = mtod(n, struct sadb_msg *); 6094 newmsg->sadb_msg_errno = 0; 6095 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6096 6097 m_freem(m); 6098 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6099 } 6100 } 6101 6102 /* 6103 * delete all SAs for src/dst. Called from key_delete(). 6104 */ 6105 static int 6106 key_delete_all(struct socket *so, struct mbuf *m, 6107 const struct sadb_msghdr *mhp, struct secasindex *saidx) 6108 { 6109 struct secasvar_queue drainq; 6110 struct secashead *sah; 6111 struct secasvar *sav, *nextsav; 6112 6113 TAILQ_INIT(&drainq); 6114 SAHTREE_WLOCK(); 6115 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 6116 if (key_cmpsaidx(&sah->saidx, saidx, CMP_HEAD) == 0) 6117 continue; 6118 /* Move all ALIVE SAs into drainq */ 6119 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6120 } 6121 /* Unlink all queued SAs from SPI hash */ 6122 TAILQ_FOREACH(sav, &drainq, chain) { 6123 sav->state = SADB_SASTATE_DEAD; 6124 LIST_REMOVE(sav, spihash); 6125 } 6126 SAHTREE_WUNLOCK(); 6127 /* Now we can release reference for all SAs in drainq */ 6128 sav = TAILQ_FIRST(&drainq); 6129 while (sav != NULL) { 6130 KEYDBG(KEY_STAMP, 6131 printf("%s: SA(%p)\n", __func__, sav)); 6132 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6133 nextsav = TAILQ_NEXT(sav, chain); 6134 key_freesah(&sav->sah); /* release reference from SAV */ 6135 key_freesav(&sav); /* release last reference */ 6136 sav = nextsav; 6137 } 6138 6139 { 6140 struct mbuf *n; 6141 struct sadb_msg *newmsg; 6142 6143 /* create new sadb_msg to reply. */ 6144 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, 6145 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6146 if (!n) 6147 return key_senderror(so, m, ENOBUFS); 6148 6149 if (n->m_len < sizeof(struct sadb_msg)) { 6150 n = m_pullup(n, sizeof(struct sadb_msg)); 6151 if (n == NULL) 6152 return key_senderror(so, m, ENOBUFS); 6153 } 6154 newmsg = mtod(n, struct sadb_msg *); 6155 newmsg->sadb_msg_errno = 0; 6156 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6157 6158 m_freem(m); 6159 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6160 } 6161 } 6162 6163 /* 6164 * Delete all alive SAs for corresponding xform. 6165 * Larval SAs have not initialized tdb_xform, so it is safe to leave them 6166 * here when xform disappears. 6167 */ 6168 void 6169 key_delete_xform(const struct xformsw *xsp) 6170 { 6171 struct secasvar_queue drainq; 6172 struct secashead *sah; 6173 struct secasvar *sav, *nextsav; 6174 6175 TAILQ_INIT(&drainq); 6176 SAHTREE_WLOCK(); 6177 TAILQ_FOREACH(sah, &V_sahtree, chain) { 6178 sav = TAILQ_FIRST(&sah->savtree_alive); 6179 if (sav == NULL) 6180 continue; 6181 if (sav->tdb_xform != xsp) 6182 continue; 6183 /* 6184 * It is supposed that all SAs in the chain are related to 6185 * one xform. 6186 */ 6187 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6188 } 6189 /* Unlink all queued SAs from SPI hash */ 6190 TAILQ_FOREACH(sav, &drainq, chain) { 6191 sav->state = SADB_SASTATE_DEAD; 6192 LIST_REMOVE(sav, spihash); 6193 } 6194 SAHTREE_WUNLOCK(); 6195 6196 /* Now we can release reference for all SAs in drainq */ 6197 sav = TAILQ_FIRST(&drainq); 6198 while (sav != NULL) { 6199 KEYDBG(KEY_STAMP, 6200 printf("%s: SA(%p)\n", __func__, sav)); 6201 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6202 nextsav = TAILQ_NEXT(sav, chain); 6203 key_freesah(&sav->sah); /* release reference from SAV */ 6204 key_freesav(&sav); /* release last reference */ 6205 sav = nextsav; 6206 } 6207 } 6208 6209 /* 6210 * SADB_GET processing 6211 * receive 6212 * <base, SA(*), address(SD)> 6213 * from the ikmpd, and get a SP and a SA to respond, 6214 * and send, 6215 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), 6216 * (identity(SD),) (sensitivity)> 6217 * to the ikmpd. 6218 * 6219 * m will always be freed. 6220 */ 6221 static int 6222 key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6223 { 6224 struct secasindex saidx; 6225 struct sadb_address *src0, *dst0; 6226 struct sadb_sa *sa0; 6227 struct secasvar *sav; 6228 uint8_t proto; 6229 6230 IPSEC_ASSERT(so != NULL, ("null socket")); 6231 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6232 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6233 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6234 6235 /* map satype to proto */ 6236 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6237 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6238 __func__)); 6239 return key_senderror(so, m, EINVAL); 6240 } 6241 6242 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 6243 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6244 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST)) { 6245 ipseclog((LOG_DEBUG, 6246 "%s: invalid message: missing required header.\n", 6247 __func__)); 6248 return key_senderror(so, m, EINVAL); 6249 } 6250 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 6251 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6252 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6253 ipseclog((LOG_DEBUG, 6254 "%s: invalid message: wrong header size.\n", __func__)); 6255 return key_senderror(so, m, EINVAL); 6256 } 6257 6258 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6259 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 6260 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 6261 6262 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6263 (struct sockaddr *)(dst0 + 1)) != 0) { 6264 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6265 return key_senderror(so, m, EINVAL); 6266 } 6267 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6268 6269 SPI_ALLOC_LOCK(); 6270 if (proto == IPPROTO_TCP) 6271 sav = key_getsav_tcpmd5(&saidx, NULL); 6272 else 6273 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6274 SPI_ALLOC_UNLOCK(); 6275 if (sav == NULL) { 6276 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); 6277 return key_senderror(so, m, ESRCH); 6278 } 6279 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6280 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6281 __func__, ntohl(sa0->sadb_sa_spi))); 6282 key_freesav(&sav); 6283 return (key_senderror(so, m, ESRCH)); 6284 } 6285 6286 { 6287 struct mbuf *n; 6288 uint8_t satype; 6289 6290 /* map proto to satype */ 6291 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { 6292 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n", 6293 __func__)); 6294 key_freesav(&sav); 6295 return key_senderror(so, m, EINVAL); 6296 } 6297 6298 /* create new sadb_msg to reply. */ 6299 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, 6300 mhp->msg->sadb_msg_pid); 6301 6302 key_freesav(&sav); 6303 if (!n) 6304 return key_senderror(so, m, ENOBUFS); 6305 6306 m_freem(m); 6307 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 6308 } 6309 } 6310 6311 /* XXX make it sysctl-configurable? */ 6312 static void 6313 key_getcomb_setlifetime(struct sadb_comb *comb) 6314 { 6315 6316 comb->sadb_comb_soft_allocations = 1; 6317 comb->sadb_comb_hard_allocations = 1; 6318 comb->sadb_comb_soft_bytes = 0; 6319 comb->sadb_comb_hard_bytes = 0; 6320 comb->sadb_comb_hard_addtime = 86400; /* 1 day */ 6321 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; 6322 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */ 6323 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100; 6324 } 6325 6326 /* 6327 * XXX reorder combinations by preference 6328 * XXX no idea if the user wants ESP authentication or not 6329 */ 6330 static struct mbuf * 6331 key_getcomb_ealg(void) 6332 { 6333 struct sadb_comb *comb; 6334 const struct enc_xform *algo; 6335 struct mbuf *result = NULL, *m, *n; 6336 int encmin; 6337 int i, off, o; 6338 int totlen; 6339 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6340 6341 m = NULL; 6342 for (i = 1; i <= SADB_EALG_MAX; i++) { 6343 algo = enc_algorithm_lookup(i); 6344 if (algo == NULL) 6345 continue; 6346 6347 /* discard algorithms with key size smaller than system min */ 6348 if (_BITS(algo->maxkey) < V_ipsec_esp_keymin) 6349 continue; 6350 if (_BITS(algo->minkey) < V_ipsec_esp_keymin) 6351 encmin = V_ipsec_esp_keymin; 6352 else 6353 encmin = _BITS(algo->minkey); 6354 6355 if (V_ipsec_esp_auth) 6356 m = key_getcomb_ah(); 6357 else { 6358 IPSEC_ASSERT(l <= MLEN, 6359 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6360 MGET(m, M_NOWAIT, MT_DATA); 6361 if (m) { 6362 M_ALIGN(m, l); 6363 m->m_len = l; 6364 m->m_next = NULL; 6365 bzero(mtod(m, caddr_t), m->m_len); 6366 } 6367 } 6368 if (!m) 6369 goto fail; 6370 6371 totlen = 0; 6372 for (n = m; n; n = n->m_next) 6373 totlen += n->m_len; 6374 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l)); 6375 6376 for (off = 0; off < totlen; off += l) { 6377 n = m_pulldown(m, off, l, &o); 6378 if (!n) { 6379 /* m is already freed */ 6380 goto fail; 6381 } 6382 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o); 6383 bzero(comb, sizeof(*comb)); 6384 key_getcomb_setlifetime(comb); 6385 comb->sadb_comb_encrypt = i; 6386 comb->sadb_comb_encrypt_minbits = encmin; 6387 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey); 6388 } 6389 6390 if (!result) 6391 result = m; 6392 else 6393 m_cat(result, m); 6394 } 6395 6396 return result; 6397 6398 fail: 6399 if (result) 6400 m_freem(result); 6401 return NULL; 6402 } 6403 6404 static void 6405 key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min, 6406 u_int16_t* max) 6407 { 6408 6409 *min = *max = ah->hashsize; 6410 if (ah->keysize == 0) { 6411 /* 6412 * Transform takes arbitrary key size but algorithm 6413 * key size is restricted. Enforce this here. 6414 */ 6415 switch (alg) { 6416 case SADB_X_AALG_NULL: *min = 1; *max = 256; break; 6417 case SADB_X_AALG_SHA2_256: *min = *max = 32; break; 6418 case SADB_X_AALG_SHA2_384: *min = *max = 48; break; 6419 case SADB_X_AALG_SHA2_512: *min = *max = 64; break; 6420 default: 6421 DPRINTF(("%s: unknown AH algorithm %u\n", 6422 __func__, alg)); 6423 break; 6424 } 6425 } 6426 } 6427 6428 /* 6429 * XXX reorder combinations by preference 6430 */ 6431 static struct mbuf * 6432 key_getcomb_ah() 6433 { 6434 const struct auth_hash *algo; 6435 struct sadb_comb *comb; 6436 struct mbuf *m; 6437 u_int16_t minkeysize, maxkeysize; 6438 int i; 6439 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6440 6441 m = NULL; 6442 for (i = 1; i <= SADB_AALG_MAX; i++) { 6443 #if 1 6444 /* we prefer HMAC algorithms, not old algorithms */ 6445 if (i != SADB_AALG_SHA1HMAC && 6446 i != SADB_X_AALG_SHA2_256 && 6447 i != SADB_X_AALG_SHA2_384 && 6448 i != SADB_X_AALG_SHA2_512) 6449 continue; 6450 #endif 6451 algo = auth_algorithm_lookup(i); 6452 if (!algo) 6453 continue; 6454 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize); 6455 /* discard algorithms with key size smaller than system min */ 6456 if (_BITS(minkeysize) < V_ipsec_ah_keymin) 6457 continue; 6458 6459 if (!m) { 6460 IPSEC_ASSERT(l <= MLEN, 6461 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6462 MGET(m, M_NOWAIT, MT_DATA); 6463 if (m) { 6464 M_ALIGN(m, l); 6465 m->m_len = l; 6466 m->m_next = NULL; 6467 } 6468 } else 6469 M_PREPEND(m, l, M_NOWAIT); 6470 if (!m) 6471 return NULL; 6472 6473 comb = mtod(m, struct sadb_comb *); 6474 bzero(comb, sizeof(*comb)); 6475 key_getcomb_setlifetime(comb); 6476 comb->sadb_comb_auth = i; 6477 comb->sadb_comb_auth_minbits = _BITS(minkeysize); 6478 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize); 6479 } 6480 6481 return m; 6482 } 6483 6484 /* 6485 * not really an official behavior. discussed in pf_key@inner.net in Sep2000. 6486 * XXX reorder combinations by preference 6487 */ 6488 static struct mbuf * 6489 key_getcomb_ipcomp() 6490 { 6491 const struct comp_algo *algo; 6492 struct sadb_comb *comb; 6493 struct mbuf *m; 6494 int i; 6495 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6496 6497 m = NULL; 6498 for (i = 1; i <= SADB_X_CALG_MAX; i++) { 6499 algo = comp_algorithm_lookup(i); 6500 if (!algo) 6501 continue; 6502 6503 if (!m) { 6504 IPSEC_ASSERT(l <= MLEN, 6505 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6506 MGET(m, M_NOWAIT, MT_DATA); 6507 if (m) { 6508 M_ALIGN(m, l); 6509 m->m_len = l; 6510 m->m_next = NULL; 6511 } 6512 } else 6513 M_PREPEND(m, l, M_NOWAIT); 6514 if (!m) 6515 return NULL; 6516 6517 comb = mtod(m, struct sadb_comb *); 6518 bzero(comb, sizeof(*comb)); 6519 key_getcomb_setlifetime(comb); 6520 comb->sadb_comb_encrypt = i; 6521 /* what should we set into sadb_comb_*_{min,max}bits? */ 6522 } 6523 6524 return m; 6525 } 6526 6527 /* 6528 * XXX no way to pass mode (transport/tunnel) to userland 6529 * XXX replay checking? 6530 * XXX sysctl interface to ipsec_{ah,esp}_keymin 6531 */ 6532 static struct mbuf * 6533 key_getprop(const struct secasindex *saidx) 6534 { 6535 struct sadb_prop *prop; 6536 struct mbuf *m, *n; 6537 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop)); 6538 int totlen; 6539 6540 switch (saidx->proto) { 6541 case IPPROTO_ESP: 6542 m = key_getcomb_ealg(); 6543 break; 6544 case IPPROTO_AH: 6545 m = key_getcomb_ah(); 6546 break; 6547 case IPPROTO_IPCOMP: 6548 m = key_getcomb_ipcomp(); 6549 break; 6550 default: 6551 return NULL; 6552 } 6553 6554 if (!m) 6555 return NULL; 6556 M_PREPEND(m, l, M_NOWAIT); 6557 if (!m) 6558 return NULL; 6559 6560 totlen = 0; 6561 for (n = m; n; n = n->m_next) 6562 totlen += n->m_len; 6563 6564 prop = mtod(m, struct sadb_prop *); 6565 bzero(prop, sizeof(*prop)); 6566 prop->sadb_prop_len = PFKEY_UNIT64(totlen); 6567 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 6568 prop->sadb_prop_replay = 32; /* XXX */ 6569 6570 return m; 6571 } 6572 6573 /* 6574 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2(). 6575 * send 6576 * <base, SA, address(SD), (address(P)), x_policy, 6577 * (identity(SD),) (sensitivity,) proposal> 6578 * to KMD, and expect to receive 6579 * <base> with SADB_ACQUIRE if error occurred, 6580 * or 6581 * <base, src address, dst address, (SPI range)> with SADB_GETSPI 6582 * from KMD by PF_KEY. 6583 * 6584 * XXX x_policy is outside of RFC2367 (KAME extension). 6585 * XXX sensitivity is not supported. 6586 * XXX for ipcomp, RFC2367 does not define how to fill in proposal. 6587 * see comment for key_getcomb_ipcomp(). 6588 * 6589 * OUT: 6590 * 0 : succeed 6591 * others: error number 6592 */ 6593 static int 6594 key_acquire(const struct secasindex *saidx, struct secpolicy *sp) 6595 { 6596 union sockaddr_union addr; 6597 struct mbuf *result, *m; 6598 uint32_t seq; 6599 int error; 6600 uint16_t ul_proto; 6601 uint8_t mask, satype; 6602 6603 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 6604 satype = key_proto2satype(saidx->proto); 6605 IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto)); 6606 6607 error = -1; 6608 result = NULL; 6609 ul_proto = IPSEC_ULPROTO_ANY; 6610 6611 /* Get seq number to check whether sending message or not. */ 6612 seq = key_getacq(saidx, &error); 6613 if (seq == 0) 6614 return (error); 6615 6616 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0); 6617 if (!m) { 6618 error = ENOBUFS; 6619 goto fail; 6620 } 6621 result = m; 6622 6623 /* 6624 * set sadb_address for saidx's. 6625 * 6626 * Note that if sp is supplied, then we're being called from 6627 * key_allocsa_policy() and should supply port and protocol 6628 * information. 6629 * XXXAE: why only TCP and UDP? ICMP and SCTP looks applicable too. 6630 * XXXAE: probably we can handle this in the ipsec[46]_allocsa(). 6631 * XXXAE: it looks like we should save this info in the ACQ entry. 6632 */ 6633 if (sp != NULL && (sp->spidx.ul_proto == IPPROTO_TCP || 6634 sp->spidx.ul_proto == IPPROTO_UDP)) 6635 ul_proto = sp->spidx.ul_proto; 6636 6637 addr = saidx->src; 6638 mask = FULLMASK; 6639 if (ul_proto != IPSEC_ULPROTO_ANY) { 6640 switch (sp->spidx.src.sa.sa_family) { 6641 case AF_INET: 6642 if (sp->spidx.src.sin.sin_port != IPSEC_PORT_ANY) { 6643 addr.sin.sin_port = sp->spidx.src.sin.sin_port; 6644 mask = sp->spidx.prefs; 6645 } 6646 break; 6647 case AF_INET6: 6648 if (sp->spidx.src.sin6.sin6_port != IPSEC_PORT_ANY) { 6649 addr.sin6.sin6_port = 6650 sp->spidx.src.sin6.sin6_port; 6651 mask = sp->spidx.prefs; 6652 } 6653 break; 6654 default: 6655 break; 6656 } 6657 } 6658 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &addr.sa, mask, ul_proto); 6659 if (!m) { 6660 error = ENOBUFS; 6661 goto fail; 6662 } 6663 m_cat(result, m); 6664 6665 addr = saidx->dst; 6666 mask = FULLMASK; 6667 if (ul_proto != IPSEC_ULPROTO_ANY) { 6668 switch (sp->spidx.dst.sa.sa_family) { 6669 case AF_INET: 6670 if (sp->spidx.dst.sin.sin_port != IPSEC_PORT_ANY) { 6671 addr.sin.sin_port = sp->spidx.dst.sin.sin_port; 6672 mask = sp->spidx.prefd; 6673 } 6674 break; 6675 case AF_INET6: 6676 if (sp->spidx.dst.sin6.sin6_port != IPSEC_PORT_ANY) { 6677 addr.sin6.sin6_port = 6678 sp->spidx.dst.sin6.sin6_port; 6679 mask = sp->spidx.prefd; 6680 } 6681 break; 6682 default: 6683 break; 6684 } 6685 } 6686 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &addr.sa, mask, ul_proto); 6687 if (!m) { 6688 error = ENOBUFS; 6689 goto fail; 6690 } 6691 m_cat(result, m); 6692 6693 /* XXX proxy address (optional) */ 6694 6695 /* 6696 * Set sadb_x_policy. This is KAME extension to RFC2367. 6697 */ 6698 if (sp != NULL) { 6699 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, 6700 sp->priority); 6701 if (!m) { 6702 error = ENOBUFS; 6703 goto fail; 6704 } 6705 m_cat(result, m); 6706 } 6707 6708 /* 6709 * Set sadb_x_sa2 extension if saidx->reqid is not zero. 6710 * This is FreeBSD extension to RFC2367. 6711 */ 6712 if (saidx->reqid != 0) { 6713 m = key_setsadbxsa2(saidx->mode, 0, saidx->reqid); 6714 if (m == NULL) { 6715 error = ENOBUFS; 6716 goto fail; 6717 } 6718 m_cat(result, m); 6719 } 6720 /* XXX identity (optional) */ 6721 #if 0 6722 if (idexttype && fqdn) { 6723 /* create identity extension (FQDN) */ 6724 struct sadb_ident *id; 6725 int fqdnlen; 6726 6727 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */ 6728 id = (struct sadb_ident *)p; 6729 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6730 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6731 id->sadb_ident_exttype = idexttype; 6732 id->sadb_ident_type = SADB_IDENTTYPE_FQDN; 6733 bcopy(fqdn, id + 1, fqdnlen); 6734 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen); 6735 } 6736 6737 if (idexttype) { 6738 /* create identity extension (USERFQDN) */ 6739 struct sadb_ident *id; 6740 int userfqdnlen; 6741 6742 if (userfqdn) { 6743 /* +1 for terminating-NUL */ 6744 userfqdnlen = strlen(userfqdn) + 1; 6745 } else 6746 userfqdnlen = 0; 6747 id = (struct sadb_ident *)p; 6748 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6749 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6750 id->sadb_ident_exttype = idexttype; 6751 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; 6752 /* XXX is it correct? */ 6753 if (curproc && curproc->p_cred) 6754 id->sadb_ident_id = curproc->p_cred->p_ruid; 6755 if (userfqdn && userfqdnlen) 6756 bcopy(userfqdn, id + 1, userfqdnlen); 6757 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen); 6758 } 6759 #endif 6760 6761 /* XXX sensitivity (optional) */ 6762 6763 /* create proposal/combination extension */ 6764 m = key_getprop(saidx); 6765 #if 0 6766 /* 6767 * spec conformant: always attach proposal/combination extension, 6768 * the problem is that we have no way to attach it for ipcomp, 6769 * due to the way sadb_comb is declared in RFC2367. 6770 */ 6771 if (!m) { 6772 error = ENOBUFS; 6773 goto fail; 6774 } 6775 m_cat(result, m); 6776 #else 6777 /* 6778 * outside of spec; make proposal/combination extension optional. 6779 */ 6780 if (m) 6781 m_cat(result, m); 6782 #endif 6783 6784 if ((result->m_flags & M_PKTHDR) == 0) { 6785 error = EINVAL; 6786 goto fail; 6787 } 6788 6789 if (result->m_len < sizeof(struct sadb_msg)) { 6790 result = m_pullup(result, sizeof(struct sadb_msg)); 6791 if (result == NULL) { 6792 error = ENOBUFS; 6793 goto fail; 6794 } 6795 } 6796 6797 result->m_pkthdr.len = 0; 6798 for (m = result; m; m = m->m_next) 6799 result->m_pkthdr.len += m->m_len; 6800 6801 mtod(result, struct sadb_msg *)->sadb_msg_len = 6802 PFKEY_UNIT64(result->m_pkthdr.len); 6803 6804 KEYDBG(KEY_STAMP, 6805 printf("%s: SP(%p)\n", __func__, sp)); 6806 KEYDBG(KEY_DATA, kdebug_secasindex(saidx, NULL)); 6807 6808 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 6809 6810 fail: 6811 if (result) 6812 m_freem(result); 6813 return error; 6814 } 6815 6816 static uint32_t 6817 key_newacq(const struct secasindex *saidx, int *perror) 6818 { 6819 struct secacq *acq; 6820 uint32_t seq; 6821 6822 acq = malloc(sizeof(*acq), M_IPSEC_SAQ, M_NOWAIT | M_ZERO); 6823 if (acq == NULL) { 6824 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6825 *perror = ENOBUFS; 6826 return (0); 6827 } 6828 6829 /* copy secindex */ 6830 bcopy(saidx, &acq->saidx, sizeof(acq->saidx)); 6831 acq->created = time_second; 6832 acq->count = 0; 6833 6834 /* add to acqtree */ 6835 ACQ_LOCK(); 6836 seq = acq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq); 6837 LIST_INSERT_HEAD(&V_acqtree, acq, chain); 6838 LIST_INSERT_HEAD(ACQADDRHASH_HASH(saidx), acq, addrhash); 6839 LIST_INSERT_HEAD(ACQSEQHASH_HASH(seq), acq, seqhash); 6840 ACQ_UNLOCK(); 6841 *perror = 0; 6842 return (seq); 6843 } 6844 6845 static uint32_t 6846 key_getacq(const struct secasindex *saidx, int *perror) 6847 { 6848 struct secacq *acq; 6849 uint32_t seq; 6850 6851 ACQ_LOCK(); 6852 LIST_FOREACH(acq, ACQADDRHASH_HASH(saidx), addrhash) { 6853 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY)) { 6854 if (acq->count > V_key_blockacq_count) { 6855 /* 6856 * Reset counter and send message. 6857 * Also reset created time to keep ACQ for 6858 * this saidx. 6859 */ 6860 acq->created = time_second; 6861 acq->count = 0; 6862 seq = acq->seq; 6863 } else { 6864 /* 6865 * Increment counter and do nothing. 6866 * We send SADB_ACQUIRE message only 6867 * for each V_key_blockacq_count packet. 6868 */ 6869 acq->count++; 6870 seq = 0; 6871 } 6872 break; 6873 } 6874 } 6875 ACQ_UNLOCK(); 6876 if (acq != NULL) { 6877 *perror = 0; 6878 return (seq); 6879 } 6880 /* allocate new entry */ 6881 return (key_newacq(saidx, perror)); 6882 } 6883 6884 static int 6885 key_acqreset(uint32_t seq) 6886 { 6887 struct secacq *acq; 6888 6889 ACQ_LOCK(); 6890 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6891 if (acq->seq == seq) { 6892 acq->count = 0; 6893 acq->created = time_second; 6894 break; 6895 } 6896 } 6897 ACQ_UNLOCK(); 6898 if (acq == NULL) 6899 return (ESRCH); 6900 return (0); 6901 } 6902 /* 6903 * Mark ACQ entry as stale to remove it in key_flush_acq(). 6904 * Called after successful SADB_GETSPI message. 6905 */ 6906 static int 6907 key_acqdone(const struct secasindex *saidx, uint32_t seq) 6908 { 6909 struct secacq *acq; 6910 6911 ACQ_LOCK(); 6912 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6913 if (acq->seq == seq) 6914 break; 6915 } 6916 if (acq != NULL) { 6917 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY) == 0) { 6918 ipseclog((LOG_DEBUG, 6919 "%s: Mismatched saidx for ACQ %u\n", __func__, seq)); 6920 acq = NULL; 6921 } else { 6922 acq->created = 0; 6923 } 6924 } else { 6925 ipseclog((LOG_DEBUG, 6926 "%s: ACQ %u is not found.\n", __func__, seq)); 6927 } 6928 ACQ_UNLOCK(); 6929 if (acq == NULL) 6930 return (ESRCH); 6931 return (0); 6932 } 6933 6934 static struct secspacq * 6935 key_newspacq(struct secpolicyindex *spidx) 6936 { 6937 struct secspacq *acq; 6938 6939 /* get new entry */ 6940 acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO); 6941 if (acq == NULL) { 6942 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6943 return NULL; 6944 } 6945 6946 /* copy secindex */ 6947 bcopy(spidx, &acq->spidx, sizeof(acq->spidx)); 6948 acq->created = time_second; 6949 acq->count = 0; 6950 6951 /* add to spacqtree */ 6952 SPACQ_LOCK(); 6953 LIST_INSERT_HEAD(&V_spacqtree, acq, chain); 6954 SPACQ_UNLOCK(); 6955 6956 return acq; 6957 } 6958 6959 static struct secspacq * 6960 key_getspacq(struct secpolicyindex *spidx) 6961 { 6962 struct secspacq *acq; 6963 6964 SPACQ_LOCK(); 6965 LIST_FOREACH(acq, &V_spacqtree, chain) { 6966 if (key_cmpspidx_exactly(spidx, &acq->spidx)) { 6967 /* NB: return holding spacq_lock */ 6968 return acq; 6969 } 6970 } 6971 SPACQ_UNLOCK(); 6972 6973 return NULL; 6974 } 6975 6976 /* 6977 * SADB_ACQUIRE processing, 6978 * in first situation, is receiving 6979 * <base> 6980 * from the ikmpd, and clear sequence of its secasvar entry. 6981 * 6982 * In second situation, is receiving 6983 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6984 * from a user land process, and return 6985 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6986 * to the socket. 6987 * 6988 * m will always be freed. 6989 */ 6990 static int 6991 key_acquire2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6992 { 6993 SAHTREE_RLOCK_TRACKER; 6994 struct sadb_address *src0, *dst0; 6995 struct secasindex saidx; 6996 struct secashead *sah; 6997 uint32_t reqid; 6998 int error; 6999 uint8_t mode, proto; 7000 7001 IPSEC_ASSERT(so != NULL, ("null socket")); 7002 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7003 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7004 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7005 7006 /* 7007 * Error message from KMd. 7008 * We assume that if error was occurred in IKEd, the length of PFKEY 7009 * message is equal to the size of sadb_msg structure. 7010 * We do not raise error even if error occurred in this function. 7011 */ 7012 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) { 7013 /* check sequence number */ 7014 if (mhp->msg->sadb_msg_seq == 0 || 7015 mhp->msg->sadb_msg_errno == 0) { 7016 ipseclog((LOG_DEBUG, "%s: must specify sequence " 7017 "number and errno.\n", __func__)); 7018 } else { 7019 /* 7020 * IKEd reported that error occurred. 7021 * XXXAE: what it expects from the kernel? 7022 * Probably we should send SADB_ACQUIRE again? 7023 * If so, reset ACQ's state. 7024 * XXXAE: it looks useless. 7025 */ 7026 key_acqreset(mhp->msg->sadb_msg_seq); 7027 } 7028 m_freem(m); 7029 return (0); 7030 } 7031 7032 /* 7033 * This message is from user land. 7034 */ 7035 7036 /* map satype to proto */ 7037 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7038 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7039 __func__)); 7040 return key_senderror(so, m, EINVAL); 7041 } 7042 7043 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 7044 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 7045 SADB_CHECKHDR(mhp, SADB_EXT_PROPOSAL)) { 7046 ipseclog((LOG_DEBUG, 7047 "%s: invalid message: missing required header.\n", 7048 __func__)); 7049 return key_senderror(so, m, EINVAL); 7050 } 7051 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 7052 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 7053 SADB_CHECKLEN(mhp, SADB_EXT_PROPOSAL)) { 7054 ipseclog((LOG_DEBUG, 7055 "%s: invalid message: wrong header size.\n", __func__)); 7056 return key_senderror(so, m, EINVAL); 7057 } 7058 7059 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 7060 mode = IPSEC_MODE_ANY; 7061 reqid = 0; 7062 } else { 7063 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 7064 ipseclog((LOG_DEBUG, 7065 "%s: invalid message: wrong header size.\n", 7066 __func__)); 7067 return key_senderror(so, m, EINVAL); 7068 } 7069 mode = ((struct sadb_x_sa2 *) 7070 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 7071 reqid = ((struct sadb_x_sa2 *) 7072 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 7073 } 7074 7075 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 7076 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 7077 7078 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 7079 (struct sockaddr *)(dst0 + 1)); 7080 if (error != 0) { 7081 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 7082 return key_senderror(so, m, EINVAL); 7083 } 7084 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 7085 7086 /* get a SA index */ 7087 SAHTREE_RLOCK(); 7088 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 7089 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID)) 7090 break; 7091 } 7092 SAHTREE_RUNLOCK(); 7093 if (sah != NULL) { 7094 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__)); 7095 return key_senderror(so, m, EEXIST); 7096 } 7097 7098 error = key_acquire(&saidx, NULL); 7099 if (error != 0) { 7100 ipseclog((LOG_DEBUG, 7101 "%s: error %d returned from key_acquire()\n", 7102 __func__, error)); 7103 return key_senderror(so, m, error); 7104 } 7105 m_freem(m); 7106 return (0); 7107 } 7108 7109 /* 7110 * SADB_REGISTER processing. 7111 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported. 7112 * receive 7113 * <base> 7114 * from the ikmpd, and register a socket to send PF_KEY messages, 7115 * and send 7116 * <base, supported> 7117 * to KMD by PF_KEY. 7118 * If socket is detached, must free from regnode. 7119 * 7120 * m will always be freed. 7121 */ 7122 static int 7123 key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7124 { 7125 struct secreg *reg, *newreg = NULL; 7126 7127 IPSEC_ASSERT(so != NULL, ("null socket")); 7128 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7129 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7130 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7131 7132 /* check for invalid register message */ 7133 if (mhp->msg->sadb_msg_satype >= sizeof(V_regtree)/sizeof(V_regtree[0])) 7134 return key_senderror(so, m, EINVAL); 7135 7136 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */ 7137 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 7138 goto setmsg; 7139 7140 /* check whether existing or not */ 7141 REGTREE_LOCK(); 7142 LIST_FOREACH(reg, &V_regtree[mhp->msg->sadb_msg_satype], chain) { 7143 if (reg->so == so) { 7144 REGTREE_UNLOCK(); 7145 ipseclog((LOG_DEBUG, "%s: socket exists already.\n", 7146 __func__)); 7147 return key_senderror(so, m, EEXIST); 7148 } 7149 } 7150 7151 /* create regnode */ 7152 newreg = malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO); 7153 if (newreg == NULL) { 7154 REGTREE_UNLOCK(); 7155 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7156 return key_senderror(so, m, ENOBUFS); 7157 } 7158 7159 newreg->so = so; 7160 ((struct keycb *)sotorawcb(so))->kp_registered++; 7161 7162 /* add regnode to regtree. */ 7163 LIST_INSERT_HEAD(&V_regtree[mhp->msg->sadb_msg_satype], newreg, chain); 7164 REGTREE_UNLOCK(); 7165 7166 setmsg: 7167 { 7168 struct mbuf *n; 7169 struct sadb_msg *newmsg; 7170 struct sadb_supported *sup; 7171 u_int len, alen, elen; 7172 int off; 7173 int i; 7174 struct sadb_alg *alg; 7175 7176 /* create new sadb_msg to reply. */ 7177 alen = 0; 7178 for (i = 1; i <= SADB_AALG_MAX; i++) { 7179 if (auth_algorithm_lookup(i)) 7180 alen += sizeof(struct sadb_alg); 7181 } 7182 if (alen) 7183 alen += sizeof(struct sadb_supported); 7184 elen = 0; 7185 for (i = 1; i <= SADB_EALG_MAX; i++) { 7186 if (enc_algorithm_lookup(i)) 7187 elen += sizeof(struct sadb_alg); 7188 } 7189 if (elen) 7190 elen += sizeof(struct sadb_supported); 7191 7192 len = sizeof(struct sadb_msg) + alen + elen; 7193 7194 if (len > MCLBYTES) 7195 return key_senderror(so, m, ENOBUFS); 7196 7197 MGETHDR(n, M_NOWAIT, MT_DATA); 7198 if (n != NULL && len > MHLEN) { 7199 if (!(MCLGET(n, M_NOWAIT))) { 7200 m_freem(n); 7201 n = NULL; 7202 } 7203 } 7204 if (!n) 7205 return key_senderror(so, m, ENOBUFS); 7206 7207 n->m_pkthdr.len = n->m_len = len; 7208 n->m_next = NULL; 7209 off = 0; 7210 7211 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 7212 newmsg = mtod(n, struct sadb_msg *); 7213 newmsg->sadb_msg_errno = 0; 7214 newmsg->sadb_msg_len = PFKEY_UNIT64(len); 7215 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 7216 7217 /* for authentication algorithm */ 7218 if (alen) { 7219 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7220 sup->sadb_supported_len = PFKEY_UNIT64(alen); 7221 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 7222 off += PFKEY_ALIGN8(sizeof(*sup)); 7223 7224 for (i = 1; i <= SADB_AALG_MAX; i++) { 7225 const struct auth_hash *aalgo; 7226 u_int16_t minkeysize, maxkeysize; 7227 7228 aalgo = auth_algorithm_lookup(i); 7229 if (!aalgo) 7230 continue; 7231 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7232 alg->sadb_alg_id = i; 7233 alg->sadb_alg_ivlen = 0; 7234 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize); 7235 alg->sadb_alg_minbits = _BITS(minkeysize); 7236 alg->sadb_alg_maxbits = _BITS(maxkeysize); 7237 off += PFKEY_ALIGN8(sizeof(*alg)); 7238 } 7239 } 7240 7241 /* for encryption algorithm */ 7242 if (elen) { 7243 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7244 sup->sadb_supported_len = PFKEY_UNIT64(elen); 7245 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 7246 off += PFKEY_ALIGN8(sizeof(*sup)); 7247 7248 for (i = 1; i <= SADB_EALG_MAX; i++) { 7249 const struct enc_xform *ealgo; 7250 7251 ealgo = enc_algorithm_lookup(i); 7252 if (!ealgo) 7253 continue; 7254 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7255 alg->sadb_alg_id = i; 7256 alg->sadb_alg_ivlen = ealgo->ivsize; 7257 alg->sadb_alg_minbits = _BITS(ealgo->minkey); 7258 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey); 7259 off += PFKEY_ALIGN8(sizeof(struct sadb_alg)); 7260 } 7261 } 7262 7263 IPSEC_ASSERT(off == len, 7264 ("length assumption failed (off %u len %u)", off, len)); 7265 7266 m_freem(m); 7267 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); 7268 } 7269 } 7270 7271 /* 7272 * free secreg entry registered. 7273 * XXX: I want to do free a socket marked done SADB_RESIGER to socket. 7274 */ 7275 void 7276 key_freereg(struct socket *so) 7277 { 7278 struct secreg *reg; 7279 int i; 7280 7281 IPSEC_ASSERT(so != NULL, ("NULL so")); 7282 7283 /* 7284 * check whether existing or not. 7285 * check all type of SA, because there is a potential that 7286 * one socket is registered to multiple type of SA. 7287 */ 7288 REGTREE_LOCK(); 7289 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 7290 LIST_FOREACH(reg, &V_regtree[i], chain) { 7291 if (reg->so == so && __LIST_CHAINED(reg)) { 7292 LIST_REMOVE(reg, chain); 7293 free(reg, M_IPSEC_SAR); 7294 break; 7295 } 7296 } 7297 } 7298 REGTREE_UNLOCK(); 7299 } 7300 7301 /* 7302 * SADB_EXPIRE processing 7303 * send 7304 * <base, SA, SA2, lifetime(C and one of HS), address(SD)> 7305 * to KMD by PF_KEY. 7306 * NOTE: We send only soft lifetime extension. 7307 * 7308 * OUT: 0 : succeed 7309 * others : error number 7310 */ 7311 static int 7312 key_expire(struct secasvar *sav, int hard) 7313 { 7314 struct mbuf *result = NULL, *m; 7315 struct sadb_lifetime *lt; 7316 uint32_t replay_count; 7317 int error, len; 7318 uint8_t satype; 7319 7320 SECASVAR_RLOCK_TRACKER; 7321 7322 IPSEC_ASSERT (sav != NULL, ("null sav")); 7323 IPSEC_ASSERT (sav->sah != NULL, ("null sa header")); 7324 7325 KEYDBG(KEY_STAMP, 7326 printf("%s: SA(%p) expired %s lifetime\n", __func__, 7327 sav, hard ? "hard": "soft")); 7328 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 7329 /* set msg header */ 7330 satype = key_proto2satype(sav->sah->saidx.proto); 7331 IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype)); 7332 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); 7333 if (!m) { 7334 error = ENOBUFS; 7335 goto fail; 7336 } 7337 result = m; 7338 7339 /* create SA extension */ 7340 m = key_setsadbsa(sav); 7341 if (!m) { 7342 error = ENOBUFS; 7343 goto fail; 7344 } 7345 m_cat(result, m); 7346 7347 /* create SA extension */ 7348 SECASVAR_RLOCK(sav); 7349 replay_count = sav->replay ? sav->replay->count : 0; 7350 SECASVAR_RUNLOCK(sav); 7351 7352 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 7353 sav->sah->saidx.reqid); 7354 if (!m) { 7355 error = ENOBUFS; 7356 goto fail; 7357 } 7358 m_cat(result, m); 7359 7360 if (sav->replay && sav->replay->wsize > UINT8_MAX) { 7361 m = key_setsadbxsareplay(sav->replay->wsize); 7362 if (!m) { 7363 error = ENOBUFS; 7364 goto fail; 7365 } 7366 m_cat(result, m); 7367 } 7368 7369 /* create lifetime extension (current and soft) */ 7370 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 7371 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 7372 if (m == NULL) { 7373 error = ENOBUFS; 7374 goto fail; 7375 } 7376 m_align(m, len); 7377 m->m_len = len; 7378 bzero(mtod(m, caddr_t), len); 7379 lt = mtod(m, struct sadb_lifetime *); 7380 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7381 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 7382 lt->sadb_lifetime_allocations = 7383 (uint32_t)counter_u64_fetch(sav->lft_c_allocations); 7384 lt->sadb_lifetime_bytes = 7385 counter_u64_fetch(sav->lft_c_bytes); 7386 lt->sadb_lifetime_addtime = sav->created; 7387 lt->sadb_lifetime_usetime = sav->firstused; 7388 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 7389 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7390 if (hard) { 7391 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 7392 lt->sadb_lifetime_allocations = sav->lft_h->allocations; 7393 lt->sadb_lifetime_bytes = sav->lft_h->bytes; 7394 lt->sadb_lifetime_addtime = sav->lft_h->addtime; 7395 lt->sadb_lifetime_usetime = sav->lft_h->usetime; 7396 } else { 7397 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 7398 lt->sadb_lifetime_allocations = sav->lft_s->allocations; 7399 lt->sadb_lifetime_bytes = sav->lft_s->bytes; 7400 lt->sadb_lifetime_addtime = sav->lft_s->addtime; 7401 lt->sadb_lifetime_usetime = sav->lft_s->usetime; 7402 } 7403 m_cat(result, m); 7404 7405 /* set sadb_address for source */ 7406 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 7407 &sav->sah->saidx.src.sa, 7408 FULLMASK, IPSEC_ULPROTO_ANY); 7409 if (!m) { 7410 error = ENOBUFS; 7411 goto fail; 7412 } 7413 m_cat(result, m); 7414 7415 /* set sadb_address for destination */ 7416 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 7417 &sav->sah->saidx.dst.sa, 7418 FULLMASK, IPSEC_ULPROTO_ANY); 7419 if (!m) { 7420 error = ENOBUFS; 7421 goto fail; 7422 } 7423 m_cat(result, m); 7424 7425 /* 7426 * XXX-BZ Handle NAT-T extensions here. 7427 * XXXAE: it doesn't seem quite useful. IKEs should not depend on 7428 * this information, we report only significant SA fields. 7429 */ 7430 7431 if ((result->m_flags & M_PKTHDR) == 0) { 7432 error = EINVAL; 7433 goto fail; 7434 } 7435 7436 if (result->m_len < sizeof(struct sadb_msg)) { 7437 result = m_pullup(result, sizeof(struct sadb_msg)); 7438 if (result == NULL) { 7439 error = ENOBUFS; 7440 goto fail; 7441 } 7442 } 7443 7444 result->m_pkthdr.len = 0; 7445 for (m = result; m; m = m->m_next) 7446 result->m_pkthdr.len += m->m_len; 7447 7448 mtod(result, struct sadb_msg *)->sadb_msg_len = 7449 PFKEY_UNIT64(result->m_pkthdr.len); 7450 7451 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 7452 7453 fail: 7454 if (result) 7455 m_freem(result); 7456 return error; 7457 } 7458 7459 static void 7460 key_freesah_flushed(struct secashead_queue *flushq) 7461 { 7462 struct secashead *sah, *nextsah; 7463 struct secasvar *sav, *nextsav; 7464 7465 sah = TAILQ_FIRST(flushq); 7466 while (sah != NULL) { 7467 sav = TAILQ_FIRST(&sah->savtree_larval); 7468 while (sav != NULL) { 7469 nextsav = TAILQ_NEXT(sav, chain); 7470 TAILQ_REMOVE(&sah->savtree_larval, sav, chain); 7471 key_freesav(&sav); /* release last reference */ 7472 key_freesah(&sah); /* release reference from SAV */ 7473 sav = nextsav; 7474 } 7475 sav = TAILQ_FIRST(&sah->savtree_alive); 7476 while (sav != NULL) { 7477 nextsav = TAILQ_NEXT(sav, chain); 7478 TAILQ_REMOVE(&sah->savtree_alive, sav, chain); 7479 key_freesav(&sav); /* release last reference */ 7480 key_freesah(&sah); /* release reference from SAV */ 7481 sav = nextsav; 7482 } 7483 nextsah = TAILQ_NEXT(sah, chain); 7484 key_freesah(&sah); /* release last reference */ 7485 sah = nextsah; 7486 } 7487 } 7488 7489 /* 7490 * SADB_FLUSH processing 7491 * receive 7492 * <base> 7493 * from the ikmpd, and free all entries in secastree. 7494 * and send, 7495 * <base> 7496 * to the ikmpd. 7497 * NOTE: to do is only marking SADB_SASTATE_DEAD. 7498 * 7499 * m will always be freed. 7500 */ 7501 static int 7502 key_flush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7503 { 7504 struct secashead_queue flushq; 7505 struct sadb_msg *newmsg; 7506 struct secashead *sah, *nextsah; 7507 struct secasvar *sav; 7508 uint8_t proto; 7509 int i; 7510 7511 IPSEC_ASSERT(so != NULL, ("null socket")); 7512 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7513 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7514 7515 /* map satype to proto */ 7516 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7517 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7518 __func__)); 7519 return key_senderror(so, m, EINVAL); 7520 } 7521 KEYDBG(KEY_STAMP, 7522 printf("%s: proto %u\n", __func__, proto)); 7523 7524 TAILQ_INIT(&flushq); 7525 if (proto == IPSEC_PROTO_ANY) { 7526 /* no SATYPE specified, i.e. flushing all SA. */ 7527 SAHTREE_WLOCK(); 7528 /* Move all SAHs into flushq */ 7529 TAILQ_CONCAT(&flushq, &V_sahtree, chain); 7530 /* Flush all buckets in SPI hash */ 7531 for (i = 0; i < V_savhash_mask + 1; i++) 7532 LIST_INIT(&V_savhashtbl[i]); 7533 /* Flush all buckets in SAHADDRHASH */ 7534 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 7535 LIST_INIT(&V_sahaddrhashtbl[i]); 7536 /* Mark all SAHs as unlinked */ 7537 TAILQ_FOREACH(sah, &flushq, chain) { 7538 sah->state = SADB_SASTATE_DEAD; 7539 /* 7540 * Callout handler makes its job using 7541 * RLOCK and drain queues. In case, when this 7542 * function will be called just before it 7543 * acquires WLOCK, we need to mark SAs as 7544 * unlinked to prevent second unlink. 7545 */ 7546 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7547 sav->state = SADB_SASTATE_DEAD; 7548 } 7549 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7550 sav->state = SADB_SASTATE_DEAD; 7551 } 7552 } 7553 SAHTREE_WUNLOCK(); 7554 } else { 7555 SAHTREE_WLOCK(); 7556 sah = TAILQ_FIRST(&V_sahtree); 7557 while (sah != NULL) { 7558 IPSEC_ASSERT(sah->state != SADB_SASTATE_DEAD, 7559 ("DEAD SAH %p in SADB_FLUSH", sah)); 7560 nextsah = TAILQ_NEXT(sah, chain); 7561 if (sah->saidx.proto != proto) { 7562 sah = nextsah; 7563 continue; 7564 } 7565 sah->state = SADB_SASTATE_DEAD; 7566 TAILQ_REMOVE(&V_sahtree, sah, chain); 7567 LIST_REMOVE(sah, addrhash); 7568 /* Unlink all SAs from SPI hash */ 7569 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7570 LIST_REMOVE(sav, spihash); 7571 sav->state = SADB_SASTATE_DEAD; 7572 } 7573 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7574 LIST_REMOVE(sav, spihash); 7575 sav->state = SADB_SASTATE_DEAD; 7576 } 7577 /* Add SAH into flushq */ 7578 TAILQ_INSERT_HEAD(&flushq, sah, chain); 7579 sah = nextsah; 7580 } 7581 SAHTREE_WUNLOCK(); 7582 } 7583 7584 key_freesah_flushed(&flushq); 7585 /* Free all queued SAs and SAHs */ 7586 if (m->m_len < sizeof(struct sadb_msg) || 7587 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 7588 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7589 return key_senderror(so, m, ENOBUFS); 7590 } 7591 7592 if (m->m_next) 7593 m_freem(m->m_next); 7594 m->m_next = NULL; 7595 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg); 7596 newmsg = mtod(m, struct sadb_msg *); 7597 newmsg->sadb_msg_errno = 0; 7598 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 7599 7600 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7601 } 7602 7603 /* 7604 * SADB_DUMP processing 7605 * dump all entries including status of DEAD in SAD. 7606 * receive 7607 * <base> 7608 * from the ikmpd, and dump all secasvar leaves 7609 * and send, 7610 * <base> ..... 7611 * to the ikmpd. 7612 * 7613 * m will always be freed. 7614 */ 7615 static int 7616 key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7617 { 7618 SAHTREE_RLOCK_TRACKER; 7619 struct secashead *sah; 7620 struct secasvar *sav; 7621 struct mbuf *n; 7622 uint32_t cnt; 7623 uint8_t proto, satype; 7624 7625 IPSEC_ASSERT(so != NULL, ("null socket")); 7626 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7627 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7628 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7629 7630 /* map satype to proto */ 7631 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7632 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7633 __func__)); 7634 return key_senderror(so, m, EINVAL); 7635 } 7636 7637 /* count sav entries to be sent to the userland. */ 7638 cnt = 0; 7639 SAHTREE_RLOCK(); 7640 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7641 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7642 proto != sah->saidx.proto) 7643 continue; 7644 7645 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) 7646 cnt++; 7647 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) 7648 cnt++; 7649 } 7650 7651 if (cnt == 0) { 7652 SAHTREE_RUNLOCK(); 7653 return key_senderror(so, m, ENOENT); 7654 } 7655 7656 /* send this to the userland, one at a time. */ 7657 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7658 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7659 proto != sah->saidx.proto) 7660 continue; 7661 7662 /* map proto to satype */ 7663 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 7664 SAHTREE_RUNLOCK(); 7665 ipseclog((LOG_DEBUG, "%s: there was invalid proto in " 7666 "SAD.\n", __func__)); 7667 return key_senderror(so, m, EINVAL); 7668 } 7669 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7670 n = key_setdumpsa(sav, SADB_DUMP, satype, 7671 --cnt, mhp->msg->sadb_msg_pid); 7672 if (n == NULL) { 7673 SAHTREE_RUNLOCK(); 7674 return key_senderror(so, m, ENOBUFS); 7675 } 7676 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7677 } 7678 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7679 n = key_setdumpsa(sav, SADB_DUMP, satype, 7680 --cnt, mhp->msg->sadb_msg_pid); 7681 if (n == NULL) { 7682 SAHTREE_RUNLOCK(); 7683 return key_senderror(so, m, ENOBUFS); 7684 } 7685 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7686 } 7687 } 7688 SAHTREE_RUNLOCK(); 7689 m_freem(m); 7690 return (0); 7691 } 7692 /* 7693 * SADB_X_PROMISC processing 7694 * 7695 * m will always be freed. 7696 */ 7697 static int 7698 key_promisc(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7699 { 7700 int olen; 7701 7702 IPSEC_ASSERT(so != NULL, ("null socket")); 7703 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7704 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7705 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7706 7707 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7708 7709 if (olen < sizeof(struct sadb_msg)) { 7710 #if 1 7711 return key_senderror(so, m, EINVAL); 7712 #else 7713 m_freem(m); 7714 return 0; 7715 #endif 7716 } else if (olen == sizeof(struct sadb_msg)) { 7717 /* enable/disable promisc mode */ 7718 struct keycb *kp; 7719 7720 if ((kp = (struct keycb *)sotorawcb(so)) == NULL) 7721 return key_senderror(so, m, EINVAL); 7722 mhp->msg->sadb_msg_errno = 0; 7723 switch (mhp->msg->sadb_msg_satype) { 7724 case 0: 7725 case 1: 7726 kp->kp_promisc = mhp->msg->sadb_msg_satype; 7727 break; 7728 default: 7729 return key_senderror(so, m, EINVAL); 7730 } 7731 7732 /* send the original message back to everyone */ 7733 mhp->msg->sadb_msg_errno = 0; 7734 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7735 } else { 7736 /* send packet as is */ 7737 7738 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg))); 7739 7740 /* TODO: if sadb_msg_seq is specified, send to specific pid */ 7741 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7742 } 7743 } 7744 7745 static int (*key_typesw[])(struct socket *, struct mbuf *, 7746 const struct sadb_msghdr *) = { 7747 NULL, /* SADB_RESERVED */ 7748 key_getspi, /* SADB_GETSPI */ 7749 key_update, /* SADB_UPDATE */ 7750 key_add, /* SADB_ADD */ 7751 key_delete, /* SADB_DELETE */ 7752 key_get, /* SADB_GET */ 7753 key_acquire2, /* SADB_ACQUIRE */ 7754 key_register, /* SADB_REGISTER */ 7755 NULL, /* SADB_EXPIRE */ 7756 key_flush, /* SADB_FLUSH */ 7757 key_dump, /* SADB_DUMP */ 7758 key_promisc, /* SADB_X_PROMISC */ 7759 NULL, /* SADB_X_PCHANGE */ 7760 key_spdadd, /* SADB_X_SPDUPDATE */ 7761 key_spdadd, /* SADB_X_SPDADD */ 7762 key_spddelete, /* SADB_X_SPDDELETE */ 7763 key_spdget, /* SADB_X_SPDGET */ 7764 NULL, /* SADB_X_SPDACQUIRE */ 7765 key_spddump, /* SADB_X_SPDDUMP */ 7766 key_spdflush, /* SADB_X_SPDFLUSH */ 7767 key_spdadd, /* SADB_X_SPDSETIDX */ 7768 NULL, /* SADB_X_SPDEXPIRE */ 7769 key_spddelete2, /* SADB_X_SPDDELETE2 */ 7770 }; 7771 7772 /* 7773 * parse sadb_msg buffer to process PFKEYv2, 7774 * and create a data to response if needed. 7775 * I think to be dealed with mbuf directly. 7776 * IN: 7777 * msgp : pointer to pointer to a received buffer pulluped. 7778 * This is rewrited to response. 7779 * so : pointer to socket. 7780 * OUT: 7781 * length for buffer to send to user process. 7782 */ 7783 int 7784 key_parse(struct mbuf *m, struct socket *so) 7785 { 7786 struct sadb_msg *msg; 7787 struct sadb_msghdr mh; 7788 u_int orglen; 7789 int error; 7790 int target; 7791 7792 IPSEC_ASSERT(so != NULL, ("null socket")); 7793 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7794 7795 if (m->m_len < sizeof(struct sadb_msg)) { 7796 m = m_pullup(m, sizeof(struct sadb_msg)); 7797 if (!m) 7798 return ENOBUFS; 7799 } 7800 msg = mtod(m, struct sadb_msg *); 7801 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); 7802 target = KEY_SENDUP_ONE; 7803 7804 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != orglen) { 7805 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); 7806 PFKEYSTAT_INC(out_invlen); 7807 error = EINVAL; 7808 goto senderror; 7809 } 7810 7811 if (msg->sadb_msg_version != PF_KEY_V2) { 7812 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n", 7813 __func__, msg->sadb_msg_version)); 7814 PFKEYSTAT_INC(out_invver); 7815 error = EINVAL; 7816 goto senderror; 7817 } 7818 7819 if (msg->sadb_msg_type > SADB_MAX) { 7820 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7821 __func__, msg->sadb_msg_type)); 7822 PFKEYSTAT_INC(out_invmsgtype); 7823 error = EINVAL; 7824 goto senderror; 7825 } 7826 7827 /* for old-fashioned code - should be nuked */ 7828 if (m->m_pkthdr.len > MCLBYTES) { 7829 m_freem(m); 7830 return ENOBUFS; 7831 } 7832 if (m->m_next) { 7833 struct mbuf *n; 7834 7835 MGETHDR(n, M_NOWAIT, MT_DATA); 7836 if (n && m->m_pkthdr.len > MHLEN) { 7837 if (!(MCLGET(n, M_NOWAIT))) { 7838 m_free(n); 7839 n = NULL; 7840 } 7841 } 7842 if (!n) { 7843 m_freem(m); 7844 return ENOBUFS; 7845 } 7846 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t)); 7847 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len; 7848 n->m_next = NULL; 7849 m_freem(m); 7850 m = n; 7851 } 7852 7853 /* align the mbuf chain so that extensions are in contiguous region. */ 7854 error = key_align(m, &mh); 7855 if (error) 7856 return error; 7857 7858 msg = mh.msg; 7859 7860 /* We use satype as scope mask for spddump */ 7861 if (msg->sadb_msg_type == SADB_X_SPDDUMP) { 7862 switch (msg->sadb_msg_satype) { 7863 case IPSEC_POLICYSCOPE_ANY: 7864 case IPSEC_POLICYSCOPE_GLOBAL: 7865 case IPSEC_POLICYSCOPE_IFNET: 7866 case IPSEC_POLICYSCOPE_PCB: 7867 break; 7868 default: 7869 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7870 __func__, msg->sadb_msg_type)); 7871 PFKEYSTAT_INC(out_invsatype); 7872 error = EINVAL; 7873 goto senderror; 7874 } 7875 } else { 7876 switch (msg->sadb_msg_satype) { /* check SA type */ 7877 case SADB_SATYPE_UNSPEC: 7878 switch (msg->sadb_msg_type) { 7879 case SADB_GETSPI: 7880 case SADB_UPDATE: 7881 case SADB_ADD: 7882 case SADB_DELETE: 7883 case SADB_GET: 7884 case SADB_ACQUIRE: 7885 case SADB_EXPIRE: 7886 ipseclog((LOG_DEBUG, "%s: must specify satype " 7887 "when msg type=%u.\n", __func__, 7888 msg->sadb_msg_type)); 7889 PFKEYSTAT_INC(out_invsatype); 7890 error = EINVAL; 7891 goto senderror; 7892 } 7893 break; 7894 case SADB_SATYPE_AH: 7895 case SADB_SATYPE_ESP: 7896 case SADB_X_SATYPE_IPCOMP: 7897 case SADB_X_SATYPE_TCPSIGNATURE: 7898 switch (msg->sadb_msg_type) { 7899 case SADB_X_SPDADD: 7900 case SADB_X_SPDDELETE: 7901 case SADB_X_SPDGET: 7902 case SADB_X_SPDFLUSH: 7903 case SADB_X_SPDSETIDX: 7904 case SADB_X_SPDUPDATE: 7905 case SADB_X_SPDDELETE2: 7906 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7907 __func__, msg->sadb_msg_type)); 7908 PFKEYSTAT_INC(out_invsatype); 7909 error = EINVAL; 7910 goto senderror; 7911 } 7912 break; 7913 case SADB_SATYPE_RSVP: 7914 case SADB_SATYPE_OSPFV2: 7915 case SADB_SATYPE_RIPV2: 7916 case SADB_SATYPE_MIP: 7917 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n", 7918 __func__, msg->sadb_msg_satype)); 7919 PFKEYSTAT_INC(out_invsatype); 7920 error = EOPNOTSUPP; 7921 goto senderror; 7922 case 1: /* XXX: What does it do? */ 7923 if (msg->sadb_msg_type == SADB_X_PROMISC) 7924 break; 7925 /*FALLTHROUGH*/ 7926 default: 7927 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7928 __func__, msg->sadb_msg_satype)); 7929 PFKEYSTAT_INC(out_invsatype); 7930 error = EINVAL; 7931 goto senderror; 7932 } 7933 } 7934 7935 /* check field of upper layer protocol and address family */ 7936 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL 7937 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) { 7938 struct sadb_address *src0, *dst0; 7939 u_int plen; 7940 7941 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]); 7942 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]); 7943 7944 /* check upper layer protocol */ 7945 if (src0->sadb_address_proto != dst0->sadb_address_proto) { 7946 ipseclog((LOG_DEBUG, "%s: upper layer protocol " 7947 "mismatched.\n", __func__)); 7948 PFKEYSTAT_INC(out_invaddr); 7949 error = EINVAL; 7950 goto senderror; 7951 } 7952 7953 /* check family */ 7954 if (PFKEY_ADDR_SADDR(src0)->sa_family != 7955 PFKEY_ADDR_SADDR(dst0)->sa_family) { 7956 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", 7957 __func__)); 7958 PFKEYSTAT_INC(out_invaddr); 7959 error = EINVAL; 7960 goto senderror; 7961 } 7962 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7963 PFKEY_ADDR_SADDR(dst0)->sa_len) { 7964 ipseclog((LOG_DEBUG, "%s: address struct size " 7965 "mismatched.\n", __func__)); 7966 PFKEYSTAT_INC(out_invaddr); 7967 error = EINVAL; 7968 goto senderror; 7969 } 7970 7971 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7972 case AF_INET: 7973 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7974 sizeof(struct sockaddr_in)) { 7975 PFKEYSTAT_INC(out_invaddr); 7976 error = EINVAL; 7977 goto senderror; 7978 } 7979 break; 7980 case AF_INET6: 7981 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7982 sizeof(struct sockaddr_in6)) { 7983 PFKEYSTAT_INC(out_invaddr); 7984 error = EINVAL; 7985 goto senderror; 7986 } 7987 break; 7988 default: 7989 ipseclog((LOG_DEBUG, "%s: unsupported address family\n", 7990 __func__)); 7991 PFKEYSTAT_INC(out_invaddr); 7992 error = EAFNOSUPPORT; 7993 goto senderror; 7994 } 7995 7996 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7997 case AF_INET: 7998 plen = sizeof(struct in_addr) << 3; 7999 break; 8000 case AF_INET6: 8001 plen = sizeof(struct in6_addr) << 3; 8002 break; 8003 default: 8004 plen = 0; /*fool gcc*/ 8005 break; 8006 } 8007 8008 /* check max prefix length */ 8009 if (src0->sadb_address_prefixlen > plen || 8010 dst0->sadb_address_prefixlen > plen) { 8011 ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n", 8012 __func__)); 8013 PFKEYSTAT_INC(out_invaddr); 8014 error = EINVAL; 8015 goto senderror; 8016 } 8017 8018 /* 8019 * prefixlen == 0 is valid because there can be a case when 8020 * all addresses are matched. 8021 */ 8022 } 8023 8024 if (msg->sadb_msg_type >= nitems(key_typesw) || 8025 key_typesw[msg->sadb_msg_type] == NULL) { 8026 PFKEYSTAT_INC(out_invmsgtype); 8027 error = EINVAL; 8028 goto senderror; 8029 } 8030 8031 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh); 8032 8033 senderror: 8034 msg->sadb_msg_errno = error; 8035 return key_sendup_mbuf(so, m, target); 8036 } 8037 8038 static int 8039 key_senderror(struct socket *so, struct mbuf *m, int code) 8040 { 8041 struct sadb_msg *msg; 8042 8043 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8044 ("mbuf too small, len %u", m->m_len)); 8045 8046 msg = mtod(m, struct sadb_msg *); 8047 msg->sadb_msg_errno = code; 8048 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 8049 } 8050 8051 /* 8052 * set the pointer to each header into message buffer. 8053 * m will be freed on error. 8054 * XXX larger-than-MCLBYTES extension? 8055 */ 8056 static int 8057 key_align(struct mbuf *m, struct sadb_msghdr *mhp) 8058 { 8059 struct mbuf *n; 8060 struct sadb_ext *ext; 8061 size_t off, end; 8062 int extlen; 8063 int toff; 8064 8065 IPSEC_ASSERT(m != NULL, ("null mbuf")); 8066 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 8067 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8068 ("mbuf too small, len %u", m->m_len)); 8069 8070 /* initialize */ 8071 bzero(mhp, sizeof(*mhp)); 8072 8073 mhp->msg = mtod(m, struct sadb_msg *); 8074 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */ 8075 8076 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 8077 extlen = end; /*just in case extlen is not updated*/ 8078 for (off = sizeof(struct sadb_msg); off < end; off += extlen) { 8079 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff); 8080 if (!n) { 8081 /* m is already freed */ 8082 return ENOBUFS; 8083 } 8084 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8085 8086 /* set pointer */ 8087 switch (ext->sadb_ext_type) { 8088 case SADB_EXT_SA: 8089 case SADB_EXT_ADDRESS_SRC: 8090 case SADB_EXT_ADDRESS_DST: 8091 case SADB_EXT_ADDRESS_PROXY: 8092 case SADB_EXT_LIFETIME_CURRENT: 8093 case SADB_EXT_LIFETIME_HARD: 8094 case SADB_EXT_LIFETIME_SOFT: 8095 case SADB_EXT_KEY_AUTH: 8096 case SADB_EXT_KEY_ENCRYPT: 8097 case SADB_EXT_IDENTITY_SRC: 8098 case SADB_EXT_IDENTITY_DST: 8099 case SADB_EXT_SENSITIVITY: 8100 case SADB_EXT_PROPOSAL: 8101 case SADB_EXT_SUPPORTED_AUTH: 8102 case SADB_EXT_SUPPORTED_ENCRYPT: 8103 case SADB_EXT_SPIRANGE: 8104 case SADB_X_EXT_POLICY: 8105 case SADB_X_EXT_SA2: 8106 case SADB_X_EXT_NAT_T_TYPE: 8107 case SADB_X_EXT_NAT_T_SPORT: 8108 case SADB_X_EXT_NAT_T_DPORT: 8109 case SADB_X_EXT_NAT_T_OAI: 8110 case SADB_X_EXT_NAT_T_OAR: 8111 case SADB_X_EXT_NAT_T_FRAG: 8112 case SADB_X_EXT_SA_REPLAY: 8113 case SADB_X_EXT_NEW_ADDRESS_SRC: 8114 case SADB_X_EXT_NEW_ADDRESS_DST: 8115 /* duplicate check */ 8116 /* 8117 * XXX Are there duplication payloads of either 8118 * KEY_AUTH or KEY_ENCRYPT ? 8119 */ 8120 if (mhp->ext[ext->sadb_ext_type] != NULL) { 8121 ipseclog((LOG_DEBUG, "%s: duplicate ext_type " 8122 "%u\n", __func__, ext->sadb_ext_type)); 8123 m_freem(m); 8124 PFKEYSTAT_INC(out_dupext); 8125 return EINVAL; 8126 } 8127 break; 8128 default: 8129 ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n", 8130 __func__, ext->sadb_ext_type)); 8131 m_freem(m); 8132 PFKEYSTAT_INC(out_invexttype); 8133 return EINVAL; 8134 } 8135 8136 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 8137 8138 if (key_validate_ext(ext, extlen)) { 8139 m_freem(m); 8140 PFKEYSTAT_INC(out_invlen); 8141 return EINVAL; 8142 } 8143 8144 n = m_pulldown(m, off, extlen, &toff); 8145 if (!n) { 8146 /* m is already freed */ 8147 return ENOBUFS; 8148 } 8149 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8150 8151 mhp->ext[ext->sadb_ext_type] = ext; 8152 mhp->extoff[ext->sadb_ext_type] = off; 8153 mhp->extlen[ext->sadb_ext_type] = extlen; 8154 } 8155 8156 if (off != end) { 8157 m_freem(m); 8158 PFKEYSTAT_INC(out_invlen); 8159 return EINVAL; 8160 } 8161 8162 return 0; 8163 } 8164 8165 static int 8166 key_validate_ext(const struct sadb_ext *ext, int len) 8167 { 8168 const struct sockaddr *sa; 8169 enum { NONE, ADDR } checktype = NONE; 8170 int baselen = 0; 8171 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len); 8172 8173 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len)) 8174 return EINVAL; 8175 8176 /* if it does not match minimum/maximum length, bail */ 8177 if (ext->sadb_ext_type >= nitems(minsize) || 8178 ext->sadb_ext_type >= nitems(maxsize)) 8179 return EINVAL; 8180 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type]) 8181 return EINVAL; 8182 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type]) 8183 return EINVAL; 8184 8185 /* more checks based on sadb_ext_type XXX need more */ 8186 switch (ext->sadb_ext_type) { 8187 case SADB_EXT_ADDRESS_SRC: 8188 case SADB_EXT_ADDRESS_DST: 8189 case SADB_EXT_ADDRESS_PROXY: 8190 case SADB_X_EXT_NAT_T_OAI: 8191 case SADB_X_EXT_NAT_T_OAR: 8192 case SADB_X_EXT_NEW_ADDRESS_SRC: 8193 case SADB_X_EXT_NEW_ADDRESS_DST: 8194 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address)); 8195 checktype = ADDR; 8196 break; 8197 case SADB_EXT_IDENTITY_SRC: 8198 case SADB_EXT_IDENTITY_DST: 8199 if (((const struct sadb_ident *)ext)->sadb_ident_type == 8200 SADB_X_IDENTTYPE_ADDR) { 8201 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident)); 8202 checktype = ADDR; 8203 } else 8204 checktype = NONE; 8205 break; 8206 default: 8207 checktype = NONE; 8208 break; 8209 } 8210 8211 switch (checktype) { 8212 case NONE: 8213 break; 8214 case ADDR: 8215 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen); 8216 if (len < baselen + sal) 8217 return EINVAL; 8218 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len) 8219 return EINVAL; 8220 break; 8221 } 8222 8223 return 0; 8224 } 8225 8226 void 8227 spdcache_init(void) 8228 { 8229 int i; 8230 8231 TUNABLE_INT_FETCH("net.key.spdcache.maxentries", 8232 &V_key_spdcache_maxentries); 8233 TUNABLE_INT_FETCH("net.key.spdcache.threshold", 8234 &V_key_spdcache_threshold); 8235 8236 if (V_key_spdcache_maxentries) { 8237 V_key_spdcache_maxentries = MAX(V_key_spdcache_maxentries, 8238 SPDCACHE_MAX_ENTRIES_PER_HASH); 8239 V_spdcachehashtbl = hashinit(V_key_spdcache_maxentries / 8240 SPDCACHE_MAX_ENTRIES_PER_HASH, 8241 M_IPSEC_SPDCACHE, &V_spdcachehash_mask); 8242 V_key_spdcache_maxentries = (V_spdcachehash_mask + 1) 8243 * SPDCACHE_MAX_ENTRIES_PER_HASH; 8244 8245 V_spdcache_lock = malloc(sizeof(struct mtx) * 8246 (V_spdcachehash_mask + 1), 8247 M_IPSEC_SPDCACHE, M_WAITOK|M_ZERO); 8248 8249 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8250 SPDCACHE_LOCK_INIT(i); 8251 } 8252 } 8253 8254 struct spdcache_entry * 8255 spdcache_entry_alloc(const struct secpolicyindex *spidx, struct secpolicy *sp) 8256 { 8257 struct spdcache_entry *entry; 8258 8259 entry = malloc(sizeof(struct spdcache_entry), 8260 M_IPSEC_SPDCACHE, M_NOWAIT|M_ZERO); 8261 if (entry == NULL) 8262 return NULL; 8263 8264 if (sp != NULL) 8265 SP_ADDREF(sp); 8266 8267 entry->spidx = *spidx; 8268 entry->sp = sp; 8269 8270 return (entry); 8271 } 8272 8273 void 8274 spdcache_entry_free(struct spdcache_entry *entry) 8275 { 8276 8277 if (entry->sp != NULL) 8278 key_freesp(&entry->sp); 8279 free(entry, M_IPSEC_SPDCACHE); 8280 } 8281 8282 void 8283 spdcache_clear(void) 8284 { 8285 struct spdcache_entry *entry; 8286 int i; 8287 8288 for (i = 0; i < V_spdcachehash_mask + 1; ++i) { 8289 SPDCACHE_LOCK(i); 8290 while (!LIST_EMPTY(&V_spdcachehashtbl[i])) { 8291 entry = LIST_FIRST(&V_spdcachehashtbl[i]); 8292 LIST_REMOVE(entry, chain); 8293 spdcache_entry_free(entry); 8294 } 8295 SPDCACHE_UNLOCK(i); 8296 } 8297 } 8298 8299 #ifdef VIMAGE 8300 void 8301 spdcache_destroy(void) 8302 { 8303 int i; 8304 8305 if (SPDCACHE_ENABLED()) { 8306 spdcache_clear(); 8307 hashdestroy(V_spdcachehashtbl, M_IPSEC_SPDCACHE, V_spdcachehash_mask); 8308 8309 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8310 SPDCACHE_LOCK_DESTROY(i); 8311 8312 free(V_spdcache_lock, M_IPSEC_SPDCACHE); 8313 } 8314 } 8315 #endif 8316 8317 static void 8318 key_vnet_init(void *arg __unused) 8319 { 8320 int i; 8321 8322 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8323 TAILQ_INIT(&V_sptree[i]); 8324 TAILQ_INIT(&V_sptree_ifnet[i]); 8325 } 8326 8327 TAILQ_INIT(&V_sahtree); 8328 V_sphashtbl = hashinit(SPHASH_NHASH, M_IPSEC_SP, &V_sphash_mask); 8329 V_savhashtbl = hashinit(SAVHASH_NHASH, M_IPSEC_SA, &V_savhash_mask); 8330 V_sahaddrhashtbl = hashinit(SAHHASH_NHASH, M_IPSEC_SAH, 8331 &V_sahaddrhash_mask); 8332 V_acqaddrhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8333 &V_acqaddrhash_mask); 8334 V_acqseqhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8335 &V_acqseqhash_mask); 8336 8337 spdcache_init(); 8338 8339 for (i = 0; i <= SADB_SATYPE_MAX; i++) 8340 LIST_INIT(&V_regtree[i]); 8341 8342 LIST_INIT(&V_acqtree); 8343 LIST_INIT(&V_spacqtree); 8344 } 8345 VNET_SYSINIT(key_vnet_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_SECOND, 8346 key_vnet_init, NULL); 8347 8348 static void 8349 key_init(void *arg __unused) 8350 { 8351 8352 ipsec_key_lft_zone = uma_zcreate("IPsec SA lft_c", 8353 sizeof(uint64_t) * 2, NULL, NULL, NULL, NULL, 8354 UMA_ALIGN_PTR, UMA_ZONE_PCPU); 8355 8356 SPTREE_LOCK_INIT(); 8357 REGTREE_LOCK_INIT(); 8358 SAHTREE_LOCK_INIT(); 8359 ACQ_LOCK_INIT(); 8360 SPACQ_LOCK_INIT(); 8361 SPI_ALLOC_LOCK_INIT(); 8362 8363 #ifndef IPSEC_DEBUG2 8364 callout_init(&key_timer, 1); 8365 callout_reset(&key_timer, hz, key_timehandler, NULL); 8366 #endif /*IPSEC_DEBUG2*/ 8367 8368 /* initialize key statistics */ 8369 keystat.getspi_count = 1; 8370 8371 if (bootverbose) 8372 printf("IPsec: Initialized Security Association Processing.\n"); 8373 } 8374 SYSINIT(key_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, key_init, NULL); 8375 8376 #ifdef VIMAGE 8377 static void 8378 key_vnet_destroy(void *arg __unused) 8379 { 8380 struct secashead_queue sahdrainq; 8381 struct secpolicy_queue drainq; 8382 struct secpolicy *sp, *nextsp; 8383 struct secacq *acq, *nextacq; 8384 struct secspacq *spacq, *nextspacq; 8385 struct secashead *sah; 8386 struct secasvar *sav; 8387 struct secreg *reg; 8388 int i; 8389 8390 /* 8391 * XXX: can we just call free() for each object without 8392 * walking through safe way with releasing references? 8393 */ 8394 TAILQ_INIT(&drainq); 8395 SPTREE_WLOCK(); 8396 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8397 TAILQ_CONCAT(&drainq, &V_sptree[i], chain); 8398 TAILQ_CONCAT(&drainq, &V_sptree_ifnet[i], chain); 8399 } 8400 for (i = 0; i < V_sphash_mask + 1; i++) 8401 LIST_INIT(&V_sphashtbl[i]); 8402 SPTREE_WUNLOCK(); 8403 spdcache_destroy(); 8404 8405 sp = TAILQ_FIRST(&drainq); 8406 while (sp != NULL) { 8407 nextsp = TAILQ_NEXT(sp, chain); 8408 key_freesp(&sp); 8409 sp = nextsp; 8410 } 8411 8412 TAILQ_INIT(&sahdrainq); 8413 SAHTREE_WLOCK(); 8414 TAILQ_CONCAT(&sahdrainq, &V_sahtree, chain); 8415 for (i = 0; i < V_savhash_mask + 1; i++) 8416 LIST_INIT(&V_savhashtbl[i]); 8417 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 8418 LIST_INIT(&V_sahaddrhashtbl[i]); 8419 TAILQ_FOREACH(sah, &sahdrainq, chain) { 8420 sah->state = SADB_SASTATE_DEAD; 8421 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 8422 sav->state = SADB_SASTATE_DEAD; 8423 } 8424 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 8425 sav->state = SADB_SASTATE_DEAD; 8426 } 8427 } 8428 SAHTREE_WUNLOCK(); 8429 8430 key_freesah_flushed(&sahdrainq); 8431 hashdestroy(V_sphashtbl, M_IPSEC_SP, V_sphash_mask); 8432 hashdestroy(V_savhashtbl, M_IPSEC_SA, V_savhash_mask); 8433 hashdestroy(V_sahaddrhashtbl, M_IPSEC_SAH, V_sahaddrhash_mask); 8434 8435 REGTREE_LOCK(); 8436 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 8437 LIST_FOREACH(reg, &V_regtree[i], chain) { 8438 if (__LIST_CHAINED(reg)) { 8439 LIST_REMOVE(reg, chain); 8440 free(reg, M_IPSEC_SAR); 8441 break; 8442 } 8443 } 8444 } 8445 REGTREE_UNLOCK(); 8446 8447 ACQ_LOCK(); 8448 acq = LIST_FIRST(&V_acqtree); 8449 while (acq != NULL) { 8450 nextacq = LIST_NEXT(acq, chain); 8451 LIST_REMOVE(acq, chain); 8452 free(acq, M_IPSEC_SAQ); 8453 acq = nextacq; 8454 } 8455 for (i = 0; i < V_acqaddrhash_mask + 1; i++) 8456 LIST_INIT(&V_acqaddrhashtbl[i]); 8457 for (i = 0; i < V_acqseqhash_mask + 1; i++) 8458 LIST_INIT(&V_acqseqhashtbl[i]); 8459 ACQ_UNLOCK(); 8460 8461 SPACQ_LOCK(); 8462 for (spacq = LIST_FIRST(&V_spacqtree); spacq != NULL; 8463 spacq = nextspacq) { 8464 nextspacq = LIST_NEXT(spacq, chain); 8465 if (__LIST_CHAINED(spacq)) { 8466 LIST_REMOVE(spacq, chain); 8467 free(spacq, M_IPSEC_SAQ); 8468 } 8469 } 8470 SPACQ_UNLOCK(); 8471 hashdestroy(V_acqaddrhashtbl, M_IPSEC_SAQ, V_acqaddrhash_mask); 8472 hashdestroy(V_acqseqhashtbl, M_IPSEC_SAQ, V_acqseqhash_mask); 8473 } 8474 VNET_SYSUNINIT(key_vnet_destroy, SI_SUB_PROTO_DOMAIN, SI_ORDER_SECOND, 8475 key_vnet_destroy, NULL); 8476 #endif 8477 8478 /* 8479 * XXX: as long as domains are not unloadable, this function is never called, 8480 * provided for consistensy and future unload support. 8481 */ 8482 static void 8483 key_destroy(void *arg __unused) 8484 { 8485 uma_zdestroy(ipsec_key_lft_zone); 8486 8487 #ifndef IPSEC_DEBUG2 8488 callout_drain(&key_timer); 8489 #endif 8490 SPTREE_LOCK_DESTROY(); 8491 REGTREE_LOCK_DESTROY(); 8492 SAHTREE_LOCK_DESTROY(); 8493 ACQ_LOCK_DESTROY(); 8494 SPACQ_LOCK_DESTROY(); 8495 SPI_ALLOC_LOCK_DESTROY(); 8496 } 8497 SYSUNINIT(key_destroy, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, key_destroy, NULL); 8498 8499 /* record data transfer on SA, and update timestamps */ 8500 void 8501 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m) 8502 { 8503 IPSEC_ASSERT(sav != NULL, ("Null secasvar")); 8504 IPSEC_ASSERT(m != NULL, ("Null mbuf")); 8505 8506 /* 8507 * XXX Currently, there is a difference of bytes size 8508 * between inbound and outbound processing. 8509 */ 8510 counter_u64_add(sav->lft_c_bytes, m->m_pkthdr.len); 8511 8512 /* 8513 * We use the number of packets as the unit of 8514 * allocations. We increment the variable 8515 * whenever {esp,ah}_{in,out}put is called. 8516 */ 8517 counter_u64_add(sav->lft_c_allocations, 1); 8518 8519 /* 8520 * NOTE: We record CURRENT usetime by using wall clock, 8521 * in seconds. HARD and SOFT lifetime are measured by the time 8522 * difference (again in seconds) from usetime. 8523 * 8524 * usetime 8525 * v expire expire 8526 * -----+-----+--------+---> t 8527 * <--------------> HARD 8528 * <-----> SOFT 8529 */ 8530 if (sav->firstused == 0) 8531 sav->firstused = time_second; 8532 } 8533 8534 /* 8535 * Take one of the kernel's security keys and convert it into a PF_KEY 8536 * structure within an mbuf, suitable for sending up to a waiting 8537 * application in user land. 8538 * 8539 * IN: 8540 * src: A pointer to a kernel security key. 8541 * exttype: Which type of key this is. Refer to the PF_KEY data structures. 8542 * OUT: 8543 * a valid mbuf or NULL indicating an error 8544 * 8545 */ 8546 8547 static struct mbuf * 8548 key_setkey(struct seckey *src, uint16_t exttype) 8549 { 8550 struct mbuf *m; 8551 struct sadb_key *p; 8552 int len; 8553 8554 if (src == NULL) 8555 return NULL; 8556 8557 len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src)); 8558 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8559 if (m == NULL) 8560 return NULL; 8561 m_align(m, len); 8562 m->m_len = len; 8563 p = mtod(m, struct sadb_key *); 8564 bzero(p, len); 8565 p->sadb_key_len = PFKEY_UNIT64(len); 8566 p->sadb_key_exttype = exttype; 8567 p->sadb_key_bits = src->bits; 8568 bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src)); 8569 8570 return m; 8571 } 8572 8573 /* 8574 * Take one of the kernel's lifetime data structures and convert it 8575 * into a PF_KEY structure within an mbuf, suitable for sending up to 8576 * a waiting application in user land. 8577 * 8578 * IN: 8579 * src: A pointer to a kernel lifetime structure. 8580 * exttype: Which type of lifetime this is. Refer to the PF_KEY 8581 * data structures for more information. 8582 * OUT: 8583 * a valid mbuf or NULL indicating an error 8584 * 8585 */ 8586 8587 static struct mbuf * 8588 key_setlifetime(struct seclifetime *src, uint16_t exttype) 8589 { 8590 struct mbuf *m = NULL; 8591 struct sadb_lifetime *p; 8592 int len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime)); 8593 8594 if (src == NULL) 8595 return NULL; 8596 8597 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8598 if (m == NULL) 8599 return m; 8600 m_align(m, len); 8601 m->m_len = len; 8602 p = mtod(m, struct sadb_lifetime *); 8603 8604 bzero(p, len); 8605 p->sadb_lifetime_len = PFKEY_UNIT64(len); 8606 p->sadb_lifetime_exttype = exttype; 8607 p->sadb_lifetime_allocations = src->allocations; 8608 p->sadb_lifetime_bytes = src->bytes; 8609 p->sadb_lifetime_addtime = src->addtime; 8610 p->sadb_lifetime_usetime = src->usetime; 8611 8612 return m; 8613 8614 } 8615 8616 const struct enc_xform * 8617 enc_algorithm_lookup(int alg) 8618 { 8619 int i; 8620 8621 for (i = 0; i < nitems(supported_ealgs); i++) 8622 if (alg == supported_ealgs[i].sadb_alg) 8623 return (supported_ealgs[i].xform); 8624 return (NULL); 8625 } 8626 8627 const struct auth_hash * 8628 auth_algorithm_lookup(int alg) 8629 { 8630 int i; 8631 8632 for (i = 0; i < nitems(supported_aalgs); i++) 8633 if (alg == supported_aalgs[i].sadb_alg) 8634 return (supported_aalgs[i].xform); 8635 return (NULL); 8636 } 8637 8638 const struct comp_algo * 8639 comp_algorithm_lookup(int alg) 8640 { 8641 int i; 8642 8643 for (i = 0; i < nitems(supported_calgs); i++) 8644 if (alg == supported_calgs[i].sadb_alg) 8645 return (supported_calgs[i].xform); 8646 return (NULL); 8647 } 8648