1 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 2 3 /*- 4 * SPDX-License-Identifier: BSD-3-Clause 5 * 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. Neither the name of the project nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* 35 * This code is referd to RFC 2367 36 */ 37 38 #include "opt_inet.h" 39 #include "opt_inet6.h" 40 #include "opt_ipsec.h" 41 42 #include <sys/types.h> 43 #include <sys/param.h> 44 #include <sys/systm.h> 45 #include <sys/kernel.h> 46 #include <sys/fnv_hash.h> 47 #include <sys/lock.h> 48 #include <sys/mutex.h> 49 #include <sys/mbuf.h> 50 #include <sys/domain.h> 51 #include <sys/protosw.h> 52 #include <sys/malloc.h> 53 #include <sys/rmlock.h> 54 #include <sys/socket.h> 55 #include <sys/socketvar.h> 56 #include <sys/sysctl.h> 57 #include <sys/errno.h> 58 #include <sys/proc.h> 59 #include <sys/queue.h> 60 #include <sys/refcount.h> 61 #include <sys/syslog.h> 62 63 #include <vm/uma.h> 64 65 #include <net/if.h> 66 #include <net/if_var.h> 67 #include <net/vnet.h> 68 69 #include <netinet/in.h> 70 #include <netinet/in_systm.h> 71 #include <netinet/ip.h> 72 #include <netinet/in_var.h> 73 #include <netinet/udp.h> 74 75 #ifdef INET6 76 #include <netinet/ip6.h> 77 #include <netinet6/in6_var.h> 78 #include <netinet6/ip6_var.h> 79 #endif /* INET6 */ 80 81 #include <net/pfkeyv2.h> 82 #include <netipsec/keydb.h> 83 #include <netipsec/key.h> 84 #include <netipsec/keysock.h> 85 #include <netipsec/key_debug.h> 86 87 #include <netipsec/ipsec.h> 88 #ifdef INET6 89 #include <netipsec/ipsec6.h> 90 #endif 91 92 #include <netipsec/xform.h> 93 #include <machine/in_cksum.h> 94 #include <machine/stdarg.h> 95 96 /* randomness */ 97 #include <sys/random.h> 98 99 #define FULLMASK 0xff 100 #define _BITS(bytes) ((bytes) << 3) 101 102 #define UINT32_80PCT 0xcccccccc 103 /* 104 * Note on SA reference counting: 105 * - SAs that are not in DEAD state will have (total external reference + 1) 106 * following value in reference count field. they cannot be freed and are 107 * referenced from SA header. 108 * - SAs that are in DEAD state will have (total external reference) 109 * in reference count field. they are ready to be freed. reference from 110 * SA header will be removed in key_delsav(), when the reference count 111 * field hits 0 (= no external reference other than from SA header. 112 */ 113 114 VNET_DEFINE(u_int32_t, key_debug_level) = 0; 115 VNET_DEFINE_STATIC(u_int, key_spi_trycnt) = 1000; 116 VNET_DEFINE_STATIC(u_int32_t, key_spi_minval) = 0x100; 117 VNET_DEFINE_STATIC(u_int32_t, key_spi_maxval) = 0x0fffffff; /* XXX */ 118 VNET_DEFINE_STATIC(u_int32_t, policy_id) = 0; 119 /*interval to initialize randseed,1(m)*/ 120 VNET_DEFINE_STATIC(u_int, key_int_random) = 60; 121 /* interval to expire acquiring, 30(s)*/ 122 VNET_DEFINE_STATIC(u_int, key_larval_lifetime) = 30; 123 /* counter for blocking SADB_ACQUIRE.*/ 124 VNET_DEFINE_STATIC(int, key_blockacq_count) = 10; 125 /* lifetime for blocking SADB_ACQUIRE.*/ 126 VNET_DEFINE_STATIC(int, key_blockacq_lifetime) = 20; 127 /* preferred old sa rather than new sa.*/ 128 VNET_DEFINE_STATIC(int, key_preferred_oldsa) = 1; 129 #define V_key_spi_trycnt VNET(key_spi_trycnt) 130 #define V_key_spi_minval VNET(key_spi_minval) 131 #define V_key_spi_maxval VNET(key_spi_maxval) 132 #define V_policy_id VNET(policy_id) 133 #define V_key_int_random VNET(key_int_random) 134 #define V_key_larval_lifetime VNET(key_larval_lifetime) 135 #define V_key_blockacq_count VNET(key_blockacq_count) 136 #define V_key_blockacq_lifetime VNET(key_blockacq_lifetime) 137 #define V_key_preferred_oldsa VNET(key_preferred_oldsa) 138 139 VNET_DEFINE_STATIC(u_int32_t, acq_seq) = 0; 140 #define V_acq_seq VNET(acq_seq) 141 142 VNET_DEFINE_STATIC(uint32_t, sp_genid) = 0; 143 #define V_sp_genid VNET(sp_genid) 144 145 /* SPD */ 146 TAILQ_HEAD(secpolicy_queue, secpolicy); 147 LIST_HEAD(secpolicy_list, secpolicy); 148 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree[IPSEC_DIR_MAX]); 149 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree_ifnet[IPSEC_DIR_MAX]); 150 static struct rmlock sptree_lock; 151 #define V_sptree VNET(sptree) 152 #define V_sptree_ifnet VNET(sptree_ifnet) 153 #define SPTREE_LOCK_INIT() rm_init(&sptree_lock, "sptree") 154 #define SPTREE_LOCK_DESTROY() rm_destroy(&sptree_lock) 155 #define SPTREE_RLOCK_TRACKER struct rm_priotracker sptree_tracker 156 #define SPTREE_RLOCK() rm_rlock(&sptree_lock, &sptree_tracker) 157 #define SPTREE_RUNLOCK() rm_runlock(&sptree_lock, &sptree_tracker) 158 #define SPTREE_RLOCK_ASSERT() rm_assert(&sptree_lock, RA_RLOCKED) 159 #define SPTREE_WLOCK() rm_wlock(&sptree_lock) 160 #define SPTREE_WUNLOCK() rm_wunlock(&sptree_lock) 161 #define SPTREE_WLOCK_ASSERT() rm_assert(&sptree_lock, RA_WLOCKED) 162 #define SPTREE_UNLOCK_ASSERT() rm_assert(&sptree_lock, RA_UNLOCKED) 163 164 /* Hash table for lookup SP using unique id */ 165 VNET_DEFINE_STATIC(struct secpolicy_list *, sphashtbl); 166 VNET_DEFINE_STATIC(u_long, sphash_mask); 167 #define V_sphashtbl VNET(sphashtbl) 168 #define V_sphash_mask VNET(sphash_mask) 169 170 #define SPHASH_NHASH_LOG2 7 171 #define SPHASH_NHASH (1 << SPHASH_NHASH_LOG2) 172 #define SPHASH_HASHVAL(id) (key_u32hash(id) & V_sphash_mask) 173 #define SPHASH_HASH(id) &V_sphashtbl[SPHASH_HASHVAL(id)] 174 175 /* SPD cache */ 176 struct spdcache_entry { 177 struct secpolicyindex spidx; /* secpolicyindex */ 178 struct secpolicy *sp; /* cached policy to be used */ 179 180 LIST_ENTRY(spdcache_entry) chain; 181 }; 182 LIST_HEAD(spdcache_entry_list, spdcache_entry); 183 184 #define SPDCACHE_MAX_ENTRIES_PER_HASH 8 185 186 VNET_DEFINE_STATIC(u_int, key_spdcache_maxentries) = 0; 187 #define V_key_spdcache_maxentries VNET(key_spdcache_maxentries) 188 VNET_DEFINE_STATIC(u_int, key_spdcache_threshold) = 32; 189 #define V_key_spdcache_threshold VNET(key_spdcache_threshold) 190 VNET_DEFINE_STATIC(unsigned long, spd_size) = 0; 191 #define V_spd_size VNET(spd_size) 192 193 #define SPDCACHE_ENABLED() (V_key_spdcache_maxentries != 0) 194 #define SPDCACHE_ACTIVE() \ 195 (SPDCACHE_ENABLED() && V_spd_size >= V_key_spdcache_threshold) 196 197 VNET_DEFINE_STATIC(struct spdcache_entry_list *, spdcachehashtbl); 198 VNET_DEFINE_STATIC(u_long, spdcachehash_mask); 199 #define V_spdcachehashtbl VNET(spdcachehashtbl) 200 #define V_spdcachehash_mask VNET(spdcachehash_mask) 201 202 #define SPDCACHE_HASHVAL(idx) \ 203 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->ul_proto) & \ 204 V_spdcachehash_mask) 205 206 /* Each cache line is protected by a mutex */ 207 VNET_DEFINE_STATIC(struct mtx *, spdcache_lock); 208 #define V_spdcache_lock VNET(spdcache_lock) 209 210 #define SPDCACHE_LOCK_INIT(a) \ 211 mtx_init(&V_spdcache_lock[a], "spdcache", \ 212 "fast ipsec SPD cache", MTX_DEF|MTX_DUPOK) 213 #define SPDCACHE_LOCK_DESTROY(a) mtx_destroy(&V_spdcache_lock[a]) 214 #define SPDCACHE_LOCK(a) mtx_lock(&V_spdcache_lock[a]); 215 #define SPDCACHE_UNLOCK(a) mtx_unlock(&V_spdcache_lock[a]); 216 217 static struct sx spi_alloc_lock; 218 #define SPI_ALLOC_LOCK_INIT() sx_init(&spi_alloc_lock, "spialloc") 219 #define SPI_ALLOC_LOCK_DESTROY() sx_destroy(&spi_alloc_lock) 220 #define SPI_ALLOC_LOCK() sx_xlock(&spi_alloc_lock) 221 #define SPI_ALLOC_UNLOCK() sx_unlock(&spi_alloc_lock) 222 #define SPI_ALLOC_LOCK_ASSERT() sx_assert(&spi_alloc_lock, SA_XLOCKED) 223 224 /* SAD */ 225 TAILQ_HEAD(secashead_queue, secashead); 226 LIST_HEAD(secashead_list, secashead); 227 VNET_DEFINE_STATIC(struct secashead_queue, sahtree); 228 static struct rmlock sahtree_lock; 229 #define V_sahtree VNET(sahtree) 230 #define SAHTREE_LOCK_INIT() rm_init(&sahtree_lock, "sahtree") 231 #define SAHTREE_LOCK_DESTROY() rm_destroy(&sahtree_lock) 232 #define SAHTREE_RLOCK_TRACKER struct rm_priotracker sahtree_tracker 233 #define SAHTREE_RLOCK() rm_rlock(&sahtree_lock, &sahtree_tracker) 234 #define SAHTREE_RUNLOCK() rm_runlock(&sahtree_lock, &sahtree_tracker) 235 #define SAHTREE_RLOCK_ASSERT() rm_assert(&sahtree_lock, RA_RLOCKED) 236 #define SAHTREE_WLOCK() rm_wlock(&sahtree_lock) 237 #define SAHTREE_WUNLOCK() rm_wunlock(&sahtree_lock) 238 #define SAHTREE_WLOCK_ASSERT() rm_assert(&sahtree_lock, RA_WLOCKED) 239 #define SAHTREE_UNLOCK_ASSERT() rm_assert(&sahtree_lock, RA_UNLOCKED) 240 241 /* Hash table for lookup in SAD using SA addresses */ 242 VNET_DEFINE_STATIC(struct secashead_list *, sahaddrhashtbl); 243 VNET_DEFINE_STATIC(u_long, sahaddrhash_mask); 244 #define V_sahaddrhashtbl VNET(sahaddrhashtbl) 245 #define V_sahaddrhash_mask VNET(sahaddrhash_mask) 246 247 #define SAHHASH_NHASH_LOG2 7 248 #define SAHHASH_NHASH (1 << SAHHASH_NHASH_LOG2) 249 #define SAHADDRHASH_HASHVAL(idx) \ 250 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 251 V_sahaddrhash_mask) 252 #define SAHADDRHASH_HASH(saidx) \ 253 &V_sahaddrhashtbl[SAHADDRHASH_HASHVAL(saidx)] 254 255 /* Hash table for lookup in SAD using SPI */ 256 LIST_HEAD(secasvar_list, secasvar); 257 VNET_DEFINE_STATIC(struct secasvar_list *, savhashtbl); 258 VNET_DEFINE_STATIC(u_long, savhash_mask); 259 #define V_savhashtbl VNET(savhashtbl) 260 #define V_savhash_mask VNET(savhash_mask) 261 #define SAVHASH_NHASH_LOG2 7 262 #define SAVHASH_NHASH (1 << SAVHASH_NHASH_LOG2) 263 #define SAVHASH_HASHVAL(spi) (key_u32hash(spi) & V_savhash_mask) 264 #define SAVHASH_HASH(spi) &V_savhashtbl[SAVHASH_HASHVAL(spi)] 265 266 static uint32_t 267 key_addrprotohash(const union sockaddr_union *src, 268 const union sockaddr_union *dst, const uint8_t *proto) 269 { 270 uint32_t hval; 271 272 hval = fnv_32_buf(proto, sizeof(*proto), 273 FNV1_32_INIT); 274 switch (dst->sa.sa_family) { 275 #ifdef INET 276 case AF_INET: 277 hval = fnv_32_buf(&src->sin.sin_addr, 278 sizeof(in_addr_t), hval); 279 hval = fnv_32_buf(&dst->sin.sin_addr, 280 sizeof(in_addr_t), hval); 281 break; 282 #endif 283 #ifdef INET6 284 case AF_INET6: 285 hval = fnv_32_buf(&src->sin6.sin6_addr, 286 sizeof(struct in6_addr), hval); 287 hval = fnv_32_buf(&dst->sin6.sin6_addr, 288 sizeof(struct in6_addr), hval); 289 break; 290 #endif 291 default: 292 hval = 0; 293 ipseclog((LOG_DEBUG, "%s: unknown address family %d\n", 294 __func__, dst->sa.sa_family)); 295 } 296 return (hval); 297 } 298 299 static uint32_t 300 key_u32hash(uint32_t val) 301 { 302 303 return (fnv_32_buf(&val, sizeof(val), FNV1_32_INIT)); 304 } 305 306 /* registed list */ 307 VNET_DEFINE_STATIC(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]); 308 #define V_regtree VNET(regtree) 309 static struct mtx regtree_lock; 310 #define REGTREE_LOCK_INIT() \ 311 mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF) 312 #define REGTREE_LOCK_DESTROY() mtx_destroy(®tree_lock) 313 #define REGTREE_LOCK() mtx_lock(®tree_lock) 314 #define REGTREE_UNLOCK() mtx_unlock(®tree_lock) 315 #define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED) 316 317 /* Acquiring list */ 318 LIST_HEAD(secacq_list, secacq); 319 VNET_DEFINE_STATIC(struct secacq_list, acqtree); 320 #define V_acqtree VNET(acqtree) 321 static struct mtx acq_lock; 322 #define ACQ_LOCK_INIT() \ 323 mtx_init(&acq_lock, "acqtree", "ipsec SA acquiring list", MTX_DEF) 324 #define ACQ_LOCK_DESTROY() mtx_destroy(&acq_lock) 325 #define ACQ_LOCK() mtx_lock(&acq_lock) 326 #define ACQ_UNLOCK() mtx_unlock(&acq_lock) 327 #define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED) 328 329 /* Hash table for lookup in ACQ list using SA addresses */ 330 VNET_DEFINE_STATIC(struct secacq_list *, acqaddrhashtbl); 331 VNET_DEFINE_STATIC(u_long, acqaddrhash_mask); 332 #define V_acqaddrhashtbl VNET(acqaddrhashtbl) 333 #define V_acqaddrhash_mask VNET(acqaddrhash_mask) 334 335 /* Hash table for lookup in ACQ list using SEQ number */ 336 VNET_DEFINE_STATIC(struct secacq_list *, acqseqhashtbl); 337 VNET_DEFINE_STATIC(u_long, acqseqhash_mask); 338 #define V_acqseqhashtbl VNET(acqseqhashtbl) 339 #define V_acqseqhash_mask VNET(acqseqhash_mask) 340 341 #define ACQHASH_NHASH_LOG2 7 342 #define ACQHASH_NHASH (1 << ACQHASH_NHASH_LOG2) 343 #define ACQADDRHASH_HASHVAL(idx) \ 344 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 345 V_acqaddrhash_mask) 346 #define ACQSEQHASH_HASHVAL(seq) \ 347 (key_u32hash(seq) & V_acqseqhash_mask) 348 #define ACQADDRHASH_HASH(saidx) \ 349 &V_acqaddrhashtbl[ACQADDRHASH_HASHVAL(saidx)] 350 #define ACQSEQHASH_HASH(seq) \ 351 &V_acqseqhashtbl[ACQSEQHASH_HASHVAL(seq)] 352 /* SP acquiring list */ 353 VNET_DEFINE_STATIC(LIST_HEAD(_spacqtree, secspacq), spacqtree); 354 #define V_spacqtree VNET(spacqtree) 355 static struct mtx spacq_lock; 356 #define SPACQ_LOCK_INIT() \ 357 mtx_init(&spacq_lock, "spacqtree", \ 358 "fast ipsec security policy acquire list", MTX_DEF) 359 #define SPACQ_LOCK_DESTROY() mtx_destroy(&spacq_lock) 360 #define SPACQ_LOCK() mtx_lock(&spacq_lock) 361 #define SPACQ_UNLOCK() mtx_unlock(&spacq_lock) 362 #define SPACQ_LOCK_ASSERT() mtx_assert(&spacq_lock, MA_OWNED) 363 364 static const int minsize[] = { 365 [SADB_EXT_RESERVED] = sizeof(struct sadb_msg), 366 [SADB_EXT_SA] = sizeof(struct sadb_sa), 367 [SADB_EXT_LIFETIME_CURRENT] = sizeof(struct sadb_lifetime), 368 [SADB_EXT_LIFETIME_HARD] = sizeof(struct sadb_lifetime), 369 [SADB_EXT_LIFETIME_SOFT] = sizeof(struct sadb_lifetime), 370 [SADB_EXT_ADDRESS_SRC] = sizeof(struct sadb_address), 371 [SADB_EXT_ADDRESS_DST] = sizeof(struct sadb_address), 372 [SADB_EXT_ADDRESS_PROXY] = sizeof(struct sadb_address), 373 [SADB_EXT_KEY_AUTH] = sizeof(struct sadb_key), 374 [SADB_EXT_KEY_ENCRYPT] = sizeof(struct sadb_key), 375 [SADB_EXT_IDENTITY_SRC] = sizeof(struct sadb_ident), 376 [SADB_EXT_IDENTITY_DST] = sizeof(struct sadb_ident), 377 [SADB_EXT_SENSITIVITY] = sizeof(struct sadb_sens), 378 [SADB_EXT_PROPOSAL] = sizeof(struct sadb_prop), 379 [SADB_EXT_SUPPORTED_AUTH] = sizeof(struct sadb_supported), 380 [SADB_EXT_SUPPORTED_ENCRYPT] = sizeof(struct sadb_supported), 381 [SADB_EXT_SPIRANGE] = sizeof(struct sadb_spirange), 382 [SADB_X_EXT_KMPRIVATE] = 0, 383 [SADB_X_EXT_POLICY] = sizeof(struct sadb_x_policy), 384 [SADB_X_EXT_SA2] = sizeof(struct sadb_x_sa2), 385 [SADB_X_EXT_NAT_T_TYPE] = sizeof(struct sadb_x_nat_t_type), 386 [SADB_X_EXT_NAT_T_SPORT] = sizeof(struct sadb_x_nat_t_port), 387 [SADB_X_EXT_NAT_T_DPORT] = sizeof(struct sadb_x_nat_t_port), 388 [SADB_X_EXT_NAT_T_OAI] = sizeof(struct sadb_address), 389 [SADB_X_EXT_NAT_T_OAR] = sizeof(struct sadb_address), 390 [SADB_X_EXT_NAT_T_FRAG] = sizeof(struct sadb_x_nat_t_frag), 391 [SADB_X_EXT_SA_REPLAY] = sizeof(struct sadb_x_sa_replay), 392 [SADB_X_EXT_NEW_ADDRESS_SRC] = sizeof(struct sadb_address), 393 [SADB_X_EXT_NEW_ADDRESS_DST] = sizeof(struct sadb_address), 394 }; 395 _Static_assert(nitems(minsize) == SADB_EXT_MAX + 1, "minsize size mismatch"); 396 397 static const int maxsize[] = { 398 [SADB_EXT_RESERVED] = sizeof(struct sadb_msg), 399 [SADB_EXT_SA] = sizeof(struct sadb_sa), 400 [SADB_EXT_LIFETIME_CURRENT] = sizeof(struct sadb_lifetime), 401 [SADB_EXT_LIFETIME_HARD] = sizeof(struct sadb_lifetime), 402 [SADB_EXT_LIFETIME_SOFT] = sizeof(struct sadb_lifetime), 403 [SADB_EXT_ADDRESS_SRC] = 0, 404 [SADB_EXT_ADDRESS_DST] = 0, 405 [SADB_EXT_ADDRESS_PROXY] = 0, 406 [SADB_EXT_KEY_AUTH] = 0, 407 [SADB_EXT_KEY_ENCRYPT] = 0, 408 [SADB_EXT_IDENTITY_SRC] = 0, 409 [SADB_EXT_IDENTITY_DST] = 0, 410 [SADB_EXT_SENSITIVITY] = 0, 411 [SADB_EXT_PROPOSAL] = 0, 412 [SADB_EXT_SUPPORTED_AUTH] = 0, 413 [SADB_EXT_SUPPORTED_ENCRYPT] = 0, 414 [SADB_EXT_SPIRANGE] = sizeof(struct sadb_spirange), 415 [SADB_X_EXT_KMPRIVATE] = 0, 416 [SADB_X_EXT_POLICY] = 0, 417 [SADB_X_EXT_SA2] = sizeof(struct sadb_x_sa2), 418 [SADB_X_EXT_NAT_T_TYPE] = sizeof(struct sadb_x_nat_t_type), 419 [SADB_X_EXT_NAT_T_SPORT] = sizeof(struct sadb_x_nat_t_port), 420 [SADB_X_EXT_NAT_T_DPORT] = sizeof(struct sadb_x_nat_t_port), 421 [SADB_X_EXT_NAT_T_OAI] = 0, 422 [SADB_X_EXT_NAT_T_OAR] = 0, 423 [SADB_X_EXT_NAT_T_FRAG] = sizeof(struct sadb_x_nat_t_frag), 424 [SADB_X_EXT_SA_REPLAY] = sizeof(struct sadb_x_sa_replay), 425 [SADB_X_EXT_NEW_ADDRESS_SRC] = 0, 426 [SADB_X_EXT_NEW_ADDRESS_DST] = 0, 427 }; 428 _Static_assert(nitems(maxsize) == SADB_EXT_MAX + 1, "maxsize size mismatch"); 429 430 /* 431 * Internal values for SA flags: 432 * SADB_X_EXT_F_CLONED means that SA was cloned by key_updateaddresses, 433 * thus we will not free the most of SA content in key_delsav(). 434 */ 435 #define SADB_X_EXT_F_CLONED 0x80000000 436 437 #define SADB_CHECKLEN(_mhp, _ext) \ 438 ((_mhp)->extlen[(_ext)] < minsize[(_ext)] || (maxsize[(_ext)] != 0 && \ 439 ((_mhp)->extlen[(_ext)] > maxsize[(_ext)]))) 440 #define SADB_CHECKHDR(_mhp, _ext) ((_mhp)->ext[(_ext)] == NULL) 441 442 VNET_DEFINE_STATIC(int, ipsec_esp_keymin) = 256; 443 VNET_DEFINE_STATIC(int, ipsec_esp_auth) = 0; 444 VNET_DEFINE_STATIC(int, ipsec_ah_keymin) = 128; 445 446 #define V_ipsec_esp_keymin VNET(ipsec_esp_keymin) 447 #define V_ipsec_esp_auth VNET(ipsec_esp_auth) 448 #define V_ipsec_ah_keymin VNET(ipsec_ah_keymin) 449 450 #ifdef IPSEC_DEBUG 451 VNET_DEFINE(int, ipsec_debug) = 1; 452 #else 453 VNET_DEFINE(int, ipsec_debug) = 0; 454 #endif 455 456 #ifdef INET 457 SYSCTL_DECL(_net_inet_ipsec); 458 SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, debug, 459 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 460 "Enable IPsec debugging output when set."); 461 #endif 462 #ifdef INET6 463 SYSCTL_DECL(_net_inet6_ipsec6); 464 SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, debug, 465 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 466 "Enable IPsec debugging output when set."); 467 #endif 468 469 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, 470 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, ""); 471 472 /* max count of trial for the decision of spi value */ 473 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, 474 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, ""); 475 476 /* minimum spi value to allocate automatically. */ 477 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, 478 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, ""); 479 480 /* maximun spi value to allocate automatically. */ 481 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, 482 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, ""); 483 484 /* interval to initialize randseed */ 485 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, 486 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_int_random), 0, ""); 487 488 /* lifetime for larval SA */ 489 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, 490 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, ""); 491 492 /* counter for blocking to send SADB_ACQUIRE to IKEd */ 493 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, 494 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, ""); 495 496 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ 497 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, 498 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, ""); 499 500 /* ESP auth */ 501 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, 502 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, ""); 503 504 /* minimum ESP key length */ 505 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, 506 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, ""); 507 508 /* minimum AH key length */ 509 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, 510 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, ""); 511 512 /* perfered old SA rather than new SA */ 513 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, 514 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, ""); 515 516 SYSCTL_NODE(_net_key, OID_AUTO, spdcache, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 517 "SPD cache"); 518 519 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, maxentries, 520 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_maxentries), 0, 521 "Maximum number of entries in the SPD cache" 522 " (power of 2, 0 to disable)"); 523 524 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, threshold, 525 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_threshold), 0, 526 "Number of SPs that make the SPD cache active"); 527 528 #define __LIST_CHAINED(elm) \ 529 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) 530 531 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association"); 532 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head"); 533 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy"); 534 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request"); 535 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous"); 536 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire"); 537 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire"); 538 MALLOC_DEFINE(M_IPSEC_SPDCACHE, "ipsec-spdcache", "ipsec SPD cache"); 539 540 static uma_zone_t __read_mostly ipsec_key_lft_zone; 541 542 /* 543 * set parameters into secpolicyindex buffer. 544 * Must allocate secpolicyindex buffer passed to this function. 545 */ 546 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \ 547 do { \ 548 bzero((idx), sizeof(struct secpolicyindex)); \ 549 (idx)->dir = (_dir); \ 550 (idx)->prefs = (ps); \ 551 (idx)->prefd = (pd); \ 552 (idx)->ul_proto = (ulp); \ 553 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 554 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 555 } while (0) 556 557 /* 558 * set parameters into secasindex buffer. 559 * Must allocate secasindex buffer before calling this function. 560 */ 561 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \ 562 do { \ 563 bzero((idx), sizeof(struct secasindex)); \ 564 (idx)->proto = (p); \ 565 (idx)->mode = (m); \ 566 (idx)->reqid = (r); \ 567 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 568 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 569 key_porttosaddr(&(idx)->src.sa, 0); \ 570 key_porttosaddr(&(idx)->dst.sa, 0); \ 571 } while (0) 572 573 /* key statistics */ 574 struct _keystat { 575 u_long getspi_count; /* the avarage of count to try to get new SPI */ 576 } keystat; 577 578 struct sadb_msghdr { 579 struct sadb_msg *msg; 580 struct sadb_ext *ext[SADB_EXT_MAX + 1]; 581 int extoff[SADB_EXT_MAX + 1]; 582 int extlen[SADB_EXT_MAX + 1]; 583 }; 584 585 static const struct supported_ealgs { 586 int sadb_alg; 587 const struct enc_xform *xform; 588 } supported_ealgs[] = { 589 { SADB_X_EALG_AES, &enc_xform_aes_cbc }, 590 { SADB_EALG_NULL, &enc_xform_null }, 591 { SADB_X_EALG_AESCTR, &enc_xform_aes_icm }, 592 { SADB_X_EALG_AESGCM16, &enc_xform_aes_nist_gcm }, 593 { SADB_X_EALG_AESGMAC, &enc_xform_aes_nist_gmac }, 594 { SADB_X_EALG_CHACHA20POLY1305, &enc_xform_chacha20_poly1305 }, 595 }; 596 597 static const struct supported_aalgs { 598 int sadb_alg; 599 const struct auth_hash *xform; 600 } supported_aalgs[] = { 601 { SADB_X_AALG_NULL, &auth_hash_null }, 602 { SADB_AALG_SHA1HMAC, &auth_hash_hmac_sha1 }, 603 { SADB_X_AALG_SHA2_256, &auth_hash_hmac_sha2_256 }, 604 { SADB_X_AALG_SHA2_384, &auth_hash_hmac_sha2_384 }, 605 { SADB_X_AALG_SHA2_512, &auth_hash_hmac_sha2_512 }, 606 { SADB_X_AALG_AES128GMAC, &auth_hash_nist_gmac_aes_128 }, 607 { SADB_X_AALG_AES192GMAC, &auth_hash_nist_gmac_aes_192 }, 608 { SADB_X_AALG_AES256GMAC, &auth_hash_nist_gmac_aes_256 }, 609 { SADB_X_AALG_CHACHA20POLY1305, &auth_hash_poly1305 }, 610 }; 611 612 static const struct supported_calgs { 613 int sadb_alg; 614 const struct comp_algo *xform; 615 } supported_calgs[] = { 616 { SADB_X_CALG_DEFLATE, &comp_algo_deflate }, 617 }; 618 619 #ifndef IPSEC_DEBUG2 620 static struct callout key_timer; 621 #endif 622 623 static void key_unlink(struct secpolicy *); 624 static void key_detach(struct secpolicy *); 625 static struct secpolicy *key_do_allocsp(struct secpolicyindex *spidx, u_int dir); 626 static struct secpolicy *key_getsp(struct secpolicyindex *); 627 static struct secpolicy *key_getspbyid(u_int32_t); 628 static struct mbuf *key_gather_mbuf(struct mbuf *, 629 const struct sadb_msghdr *, int, int, ...); 630 static int key_spdadd(struct socket *, struct mbuf *, 631 const struct sadb_msghdr *); 632 static uint32_t key_getnewspid(void); 633 static int key_spddelete(struct socket *, struct mbuf *, 634 const struct sadb_msghdr *); 635 static int key_spddelete2(struct socket *, struct mbuf *, 636 const struct sadb_msghdr *); 637 static int key_spdget(struct socket *, struct mbuf *, 638 const struct sadb_msghdr *); 639 static int key_spdflush(struct socket *, struct mbuf *, 640 const struct sadb_msghdr *); 641 static int key_spddump(struct socket *, struct mbuf *, 642 const struct sadb_msghdr *); 643 static struct mbuf *key_setdumpsp(struct secpolicy *, 644 u_int8_t, u_int32_t, u_int32_t); 645 static struct mbuf *key_sp2mbuf(struct secpolicy *); 646 static size_t key_getspreqmsglen(struct secpolicy *); 647 static int key_spdexpire(struct secpolicy *); 648 static struct secashead *key_newsah(struct secasindex *); 649 static void key_freesah(struct secashead **); 650 static void key_delsah(struct secashead *); 651 static struct secasvar *key_newsav(const struct sadb_msghdr *, 652 struct secasindex *, uint32_t, int *); 653 static void key_delsav(struct secasvar *); 654 static void key_unlinksav(struct secasvar *); 655 static struct secashead *key_getsah(struct secasindex *); 656 static int key_checkspidup(uint32_t); 657 static struct secasvar *key_getsavbyspi(uint32_t); 658 static int key_setnatt(struct secasvar *, const struct sadb_msghdr *); 659 static int key_setsaval(struct secasvar *, const struct sadb_msghdr *); 660 static int key_updatelifetimes(struct secasvar *, const struct sadb_msghdr *); 661 static int key_updateaddresses(struct socket *, struct mbuf *, 662 const struct sadb_msghdr *, struct secasvar *, struct secasindex *); 663 664 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t, 665 u_int8_t, u_int32_t, u_int32_t); 666 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t, 667 u_int32_t, pid_t, u_int16_t); 668 static struct mbuf *key_setsadbsa(struct secasvar *); 669 static struct mbuf *key_setsadbaddr(u_int16_t, 670 const struct sockaddr *, u_int8_t, u_int16_t); 671 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t); 672 static struct mbuf *key_setsadbxtype(u_int16_t); 673 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t); 674 static struct mbuf *key_setsadbxsareplay(u_int32_t); 675 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t, 676 u_int32_t, u_int32_t); 677 static struct seckey *key_dup_keymsg(const struct sadb_key *, size_t, 678 struct malloc_type *); 679 static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src, 680 struct malloc_type *); 681 682 /* flags for key_cmpsaidx() */ 683 #define CMP_HEAD 1 /* protocol, addresses. */ 684 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */ 685 #define CMP_REQID 3 /* additionally HEAD, reaid. */ 686 #define CMP_EXACTLY 4 /* all elements. */ 687 static int key_cmpsaidx(const struct secasindex *, 688 const struct secasindex *, int); 689 static int key_cmpspidx_exactly(struct secpolicyindex *, 690 struct secpolicyindex *); 691 static int key_cmpspidx_withmask(struct secpolicyindex *, 692 struct secpolicyindex *); 693 static int key_bbcmp(const void *, const void *, u_int); 694 static uint8_t key_satype2proto(uint8_t); 695 static uint8_t key_proto2satype(uint8_t); 696 697 static int key_getspi(struct socket *, struct mbuf *, 698 const struct sadb_msghdr *); 699 static uint32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *); 700 static int key_update(struct socket *, struct mbuf *, 701 const struct sadb_msghdr *); 702 static int key_add(struct socket *, struct mbuf *, 703 const struct sadb_msghdr *); 704 static int key_setident(struct secashead *, const struct sadb_msghdr *); 705 static struct mbuf *key_getmsgbuf_x1(struct mbuf *, 706 const struct sadb_msghdr *); 707 static int key_delete(struct socket *, struct mbuf *, 708 const struct sadb_msghdr *); 709 static int key_delete_all(struct socket *, struct mbuf *, 710 const struct sadb_msghdr *, struct secasindex *); 711 static int key_get(struct socket *, struct mbuf *, 712 const struct sadb_msghdr *); 713 714 static void key_getcomb_setlifetime(struct sadb_comb *); 715 static struct mbuf *key_getcomb_ealg(void); 716 static struct mbuf *key_getcomb_ah(void); 717 static struct mbuf *key_getcomb_ipcomp(void); 718 static struct mbuf *key_getprop(const struct secasindex *); 719 720 static int key_acquire(const struct secasindex *, struct secpolicy *); 721 static uint32_t key_newacq(const struct secasindex *, int *); 722 static uint32_t key_getacq(const struct secasindex *, int *); 723 static int key_acqdone(const struct secasindex *, uint32_t); 724 static int key_acqreset(uint32_t); 725 static struct secspacq *key_newspacq(struct secpolicyindex *); 726 static struct secspacq *key_getspacq(struct secpolicyindex *); 727 static int key_acquire2(struct socket *, struct mbuf *, 728 const struct sadb_msghdr *); 729 static int key_register(struct socket *, struct mbuf *, 730 const struct sadb_msghdr *); 731 static int key_expire(struct secasvar *, int); 732 static int key_flush(struct socket *, struct mbuf *, 733 const struct sadb_msghdr *); 734 static int key_dump(struct socket *, struct mbuf *, 735 const struct sadb_msghdr *); 736 static int key_promisc(struct socket *, struct mbuf *, 737 const struct sadb_msghdr *); 738 static int key_senderror(struct socket *, struct mbuf *, int); 739 static int key_validate_ext(const struct sadb_ext *, int); 740 static int key_align(struct mbuf *, struct sadb_msghdr *); 741 static struct mbuf *key_setlifetime(struct seclifetime *, uint16_t); 742 static struct mbuf *key_setkey(struct seckey *, uint16_t); 743 744 static void spdcache_init(void); 745 static void spdcache_clear(void); 746 static struct spdcache_entry *spdcache_entry_alloc( 747 const struct secpolicyindex *spidx, 748 struct secpolicy *policy); 749 static void spdcache_entry_free(struct spdcache_entry *entry); 750 #ifdef VIMAGE 751 static void spdcache_destroy(void); 752 #endif 753 754 #define DBG_IPSEC_INITREF(t, p) do { \ 755 refcount_init(&(p)->refcnt, 1); \ 756 KEYDBG(KEY_STAMP, \ 757 printf("%s: Initialize refcnt %s(%p) = %u\n", \ 758 __func__, #t, (p), (p)->refcnt)); \ 759 } while (0) 760 #define DBG_IPSEC_ADDREF(t, p) do { \ 761 refcount_acquire(&(p)->refcnt); \ 762 KEYDBG(KEY_STAMP, \ 763 printf("%s: Acquire refcnt %s(%p) -> %u\n", \ 764 __func__, #t, (p), (p)->refcnt)); \ 765 } while (0) 766 #define DBG_IPSEC_DELREF(t, p) do { \ 767 KEYDBG(KEY_STAMP, \ 768 printf("%s: Release refcnt %s(%p) -> %u\n", \ 769 __func__, #t, (p), (p)->refcnt - 1)); \ 770 refcount_release(&(p)->refcnt); \ 771 } while (0) 772 773 #define IPSEC_INITREF(t, p) refcount_init(&(p)->refcnt, 1) 774 #define IPSEC_ADDREF(t, p) refcount_acquire(&(p)->refcnt) 775 #define IPSEC_DELREF(t, p) refcount_release(&(p)->refcnt) 776 777 #define SP_INITREF(p) IPSEC_INITREF(SP, p) 778 #define SP_ADDREF(p) IPSEC_ADDREF(SP, p) 779 #define SP_DELREF(p) IPSEC_DELREF(SP, p) 780 781 #define SAH_INITREF(p) IPSEC_INITREF(SAH, p) 782 #define SAH_ADDREF(p) IPSEC_ADDREF(SAH, p) 783 #define SAH_DELREF(p) IPSEC_DELREF(SAH, p) 784 785 #define SAV_INITREF(p) IPSEC_INITREF(SAV, p) 786 #define SAV_ADDREF(p) IPSEC_ADDREF(SAV, p) 787 #define SAV_DELREF(p) IPSEC_DELREF(SAV, p) 788 789 /* 790 * Update the refcnt while holding the SPTREE lock. 791 */ 792 void 793 key_addref(struct secpolicy *sp) 794 { 795 796 SP_ADDREF(sp); 797 } 798 799 /* 800 * Return 0 when there are known to be no SP's for the specified 801 * direction. Otherwise return 1. This is used by IPsec code 802 * to optimize performance. 803 */ 804 int 805 key_havesp(u_int dir) 806 { 807 808 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 809 ("invalid direction %u", dir)); 810 return (TAILQ_FIRST(&V_sptree[dir]) != NULL); 811 } 812 813 int 814 key_havesp_any(void) 815 { 816 817 return (V_spd_size != 0); 818 } 819 820 /* 821 * Allocate a single mbuf with a buffer of the desired length. The buffer is 822 * pre-zeroed to help ensure that uninitialized pad bytes are not leaked. 823 */ 824 static struct mbuf * 825 key_mget(u_int len) 826 { 827 struct mbuf *m; 828 829 KASSERT(len <= MCLBYTES, 830 ("%s: invalid buffer length %u", __func__, len)); 831 832 m = m_get2(len, M_NOWAIT, MT_DATA, M_PKTHDR); 833 if (m == NULL) 834 return (NULL); 835 memset(mtod(m, void *), 0, len); 836 return (m); 837 } 838 839 /* %%% IPsec policy management */ 840 /* 841 * Return current SPDB generation. 842 */ 843 uint32_t 844 key_getspgen(void) 845 { 846 847 return (V_sp_genid); 848 } 849 850 void 851 key_bumpspgen(void) 852 { 853 854 V_sp_genid++; 855 } 856 857 static int 858 key_checksockaddrs(struct sockaddr *src, struct sockaddr *dst) 859 { 860 861 /* family match */ 862 if (src->sa_family != dst->sa_family) 863 return (EINVAL); 864 /* sa_len match */ 865 if (src->sa_len != dst->sa_len) 866 return (EINVAL); 867 switch (src->sa_family) { 868 #ifdef INET 869 case AF_INET: 870 if (src->sa_len != sizeof(struct sockaddr_in)) 871 return (EINVAL); 872 break; 873 #endif 874 #ifdef INET6 875 case AF_INET6: 876 if (src->sa_len != sizeof(struct sockaddr_in6)) 877 return (EINVAL); 878 break; 879 #endif 880 default: 881 return (EAFNOSUPPORT); 882 } 883 return (0); 884 } 885 886 struct secpolicy * 887 key_do_allocsp(struct secpolicyindex *spidx, u_int dir) 888 { 889 SPTREE_RLOCK_TRACKER; 890 struct secpolicy *sp; 891 892 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 893 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 894 ("invalid direction %u", dir)); 895 896 SPTREE_RLOCK(); 897 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 898 if (key_cmpspidx_withmask(&sp->spidx, spidx)) { 899 SP_ADDREF(sp); 900 break; 901 } 902 } 903 SPTREE_RUNLOCK(); 904 return (sp); 905 } 906 907 /* 908 * allocating a SP for OUTBOUND or INBOUND packet. 909 * Must call key_freesp() later. 910 * OUT: NULL: not found 911 * others: found and return the pointer. 912 */ 913 struct secpolicy * 914 key_allocsp(struct secpolicyindex *spidx, u_int dir) 915 { 916 struct spdcache_entry *entry, *lastentry, *tmpentry; 917 struct secpolicy *sp; 918 uint32_t hashv; 919 time_t ts; 920 int nb_entries; 921 922 if (!SPDCACHE_ACTIVE()) { 923 sp = key_do_allocsp(spidx, dir); 924 goto out; 925 } 926 927 hashv = SPDCACHE_HASHVAL(spidx); 928 SPDCACHE_LOCK(hashv); 929 nb_entries = 0; 930 LIST_FOREACH_SAFE(entry, &V_spdcachehashtbl[hashv], chain, tmpentry) { 931 /* Removed outdated entries */ 932 if (entry->sp != NULL && 933 entry->sp->state == IPSEC_SPSTATE_DEAD) { 934 LIST_REMOVE(entry, chain); 935 spdcache_entry_free(entry); 936 continue; 937 } 938 939 nb_entries++; 940 if (!key_cmpspidx_exactly(&entry->spidx, spidx)) { 941 lastentry = entry; 942 continue; 943 } 944 945 sp = entry->sp; 946 if (entry->sp != NULL) 947 SP_ADDREF(sp); 948 949 /* IPSECSTAT_INC(ips_spdcache_hits); */ 950 951 SPDCACHE_UNLOCK(hashv); 952 goto out; 953 } 954 955 /* IPSECSTAT_INC(ips_spdcache_misses); */ 956 957 sp = key_do_allocsp(spidx, dir); 958 entry = spdcache_entry_alloc(spidx, sp); 959 if (entry != NULL) { 960 if (nb_entries >= SPDCACHE_MAX_ENTRIES_PER_HASH) { 961 LIST_REMOVE(lastentry, chain); 962 spdcache_entry_free(lastentry); 963 } 964 965 LIST_INSERT_HEAD(&V_spdcachehashtbl[hashv], entry, chain); 966 } 967 968 SPDCACHE_UNLOCK(hashv); 969 970 out: 971 if (sp != NULL) { /* found a SPD entry */ 972 ts = time_second; 973 if (__predict_false(sp->lastused != ts)) 974 sp->lastused = ts; 975 KEYDBG(IPSEC_STAMP, 976 printf("%s: return SP(%p)\n", __func__, sp)); 977 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 978 } else { 979 KEYDBG(IPSEC_DATA, 980 printf("%s: lookup failed for ", __func__); 981 kdebug_secpolicyindex(spidx, NULL)); 982 } 983 return (sp); 984 } 985 986 /* 987 * Allocating an SA entry for an *INBOUND* or *OUTBOUND* TCP packet, signed 988 * or should be signed by MD5 signature. 989 * We don't use key_allocsa() for such lookups, because we don't know SPI. 990 * Unlike ESP and AH protocols, SPI isn't transmitted in the TCP header with 991 * signed packet. We use SADB only as storage for password. 992 * OUT: positive: corresponding SA for given saidx found. 993 * NULL: SA not found 994 */ 995 struct secasvar * 996 key_allocsa_tcpmd5(struct secasindex *saidx) 997 { 998 SAHTREE_RLOCK_TRACKER; 999 struct secashead *sah; 1000 struct secasvar *sav; 1001 1002 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, 1003 ("unexpected security protocol %u", saidx->proto)); 1004 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TCPMD5, 1005 ("unexpected mode %u", saidx->mode)); 1006 1007 SAHTREE_RLOCK(); 1008 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 1009 KEYDBG(IPSEC_DUMP, 1010 printf("%s: checking SAH\n", __func__); 1011 kdebug_secash(sah, " ")); 1012 if (sah->saidx.proto != IPPROTO_TCP) 1013 continue; 1014 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 1015 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 1016 break; 1017 } 1018 if (sah != NULL) { 1019 if (V_key_preferred_oldsa) 1020 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1021 else 1022 sav = TAILQ_FIRST(&sah->savtree_alive); 1023 if (sav != NULL) 1024 SAV_ADDREF(sav); 1025 } else 1026 sav = NULL; 1027 SAHTREE_RUNLOCK(); 1028 1029 if (sav != NULL) { 1030 KEYDBG(IPSEC_STAMP, 1031 printf("%s: return SA(%p)\n", __func__, sav)); 1032 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1033 } else { 1034 KEYDBG(IPSEC_STAMP, 1035 printf("%s: SA not found\n", __func__)); 1036 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1037 } 1038 return (sav); 1039 } 1040 1041 /* 1042 * Allocating an SA entry for an *OUTBOUND* packet. 1043 * OUT: positive: corresponding SA for given saidx found. 1044 * NULL: SA not found, but will be acquired, check *error 1045 * for acquiring status. 1046 */ 1047 struct secasvar * 1048 key_allocsa_policy(struct secpolicy *sp, const struct secasindex *saidx, 1049 int *error) 1050 { 1051 SAHTREE_RLOCK_TRACKER; 1052 struct secashead *sah; 1053 struct secasvar *sav; 1054 1055 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 1056 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || 1057 saidx->mode == IPSEC_MODE_TUNNEL, 1058 ("unexpected policy %u", saidx->mode)); 1059 1060 /* 1061 * We check new SA in the IPsec request because a different 1062 * SA may be involved each time this request is checked, either 1063 * because new SAs are being configured, or this request is 1064 * associated with an unconnected datagram socket, or this request 1065 * is associated with a system default policy. 1066 */ 1067 SAHTREE_RLOCK(); 1068 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 1069 KEYDBG(IPSEC_DUMP, 1070 printf("%s: checking SAH\n", __func__); 1071 kdebug_secash(sah, " ")); 1072 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) 1073 break; 1074 } 1075 if (sah != NULL) { 1076 /* 1077 * Allocate the oldest SA available according to 1078 * draft-jenkins-ipsec-rekeying-03. 1079 */ 1080 if (V_key_preferred_oldsa) 1081 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1082 else 1083 sav = TAILQ_FIRST(&sah->savtree_alive); 1084 if (sav != NULL) 1085 SAV_ADDREF(sav); 1086 } else 1087 sav = NULL; 1088 SAHTREE_RUNLOCK(); 1089 1090 if (sav != NULL) { 1091 *error = 0; 1092 KEYDBG(IPSEC_STAMP, 1093 printf("%s: chosen SA(%p) for SP(%p)\n", __func__, 1094 sav, sp)); 1095 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1096 return (sav); /* return referenced SA */ 1097 } 1098 1099 /* there is no SA */ 1100 *error = key_acquire(saidx, sp); 1101 if ((*error) != 0) 1102 ipseclog((LOG_DEBUG, 1103 "%s: error %d returned from key_acquire()\n", 1104 __func__, *error)); 1105 KEYDBG(IPSEC_STAMP, 1106 printf("%s: acquire SA for SP(%p), error %d\n", 1107 __func__, sp, *error)); 1108 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1109 return (NULL); 1110 } 1111 1112 /* 1113 * allocating a usable SA entry for a *INBOUND* packet. 1114 * Must call key_freesav() later. 1115 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state). 1116 * NULL: not found, or error occurred. 1117 * 1118 * According to RFC 2401 SA is uniquely identified by a triple SPI, 1119 * destination address, and security protocol. But according to RFC 4301, 1120 * SPI by itself suffices to specify an SA. 1121 * 1122 * Note that, however, we do need to keep source address in IPsec SA. 1123 * IKE specification and PF_KEY specification do assume that we 1124 * keep source address in IPsec SA. We see a tricky situation here. 1125 */ 1126 struct secasvar * 1127 key_allocsa(union sockaddr_union *dst, uint8_t proto, uint32_t spi) 1128 { 1129 SAHTREE_RLOCK_TRACKER; 1130 struct secasvar *sav; 1131 1132 IPSEC_ASSERT(proto == IPPROTO_ESP || proto == IPPROTO_AH || 1133 proto == IPPROTO_IPCOMP, ("unexpected security protocol %u", 1134 proto)); 1135 1136 SAHTREE_RLOCK(); 1137 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 1138 if (sav->spi == spi) 1139 break; 1140 } 1141 /* 1142 * We use single SPI namespace for all protocols, so it is 1143 * impossible to have SPI duplicates in the SAVHASH. 1144 */ 1145 if (sav != NULL) { 1146 if (sav->state != SADB_SASTATE_LARVAL && 1147 sav->sah->saidx.proto == proto && 1148 key_sockaddrcmp(&dst->sa, 1149 &sav->sah->saidx.dst.sa, 0) == 0) 1150 SAV_ADDREF(sav); 1151 else 1152 sav = NULL; 1153 } 1154 SAHTREE_RUNLOCK(); 1155 1156 if (sav == NULL) { 1157 KEYDBG(IPSEC_STAMP, 1158 char buf[IPSEC_ADDRSTRLEN]; 1159 printf("%s: SA not found for spi %u proto %u dst %s\n", 1160 __func__, ntohl(spi), proto, ipsec_address(dst, buf, 1161 sizeof(buf)))); 1162 } else { 1163 KEYDBG(IPSEC_STAMP, 1164 printf("%s: return SA(%p)\n", __func__, sav)); 1165 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1166 } 1167 return (sav); 1168 } 1169 1170 struct secasvar * 1171 key_allocsa_tunnel(union sockaddr_union *src, union sockaddr_union *dst, 1172 uint8_t proto) 1173 { 1174 SAHTREE_RLOCK_TRACKER; 1175 struct secasindex saidx; 1176 struct secashead *sah; 1177 struct secasvar *sav; 1178 1179 IPSEC_ASSERT(src != NULL, ("null src address")); 1180 IPSEC_ASSERT(dst != NULL, ("null dst address")); 1181 1182 KEY_SETSECASIDX(proto, IPSEC_MODE_TUNNEL, 0, &src->sa, 1183 &dst->sa, &saidx); 1184 1185 sav = NULL; 1186 SAHTREE_RLOCK(); 1187 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 1188 if (IPSEC_MODE_TUNNEL != sah->saidx.mode) 1189 continue; 1190 if (proto != sah->saidx.proto) 1191 continue; 1192 if (key_sockaddrcmp(&src->sa, &sah->saidx.src.sa, 0) != 0) 1193 continue; 1194 if (key_sockaddrcmp(&dst->sa, &sah->saidx.dst.sa, 0) != 0) 1195 continue; 1196 /* XXXAE: is key_preferred_oldsa reasonably?*/ 1197 if (V_key_preferred_oldsa) 1198 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1199 else 1200 sav = TAILQ_FIRST(&sah->savtree_alive); 1201 if (sav != NULL) { 1202 SAV_ADDREF(sav); 1203 break; 1204 } 1205 } 1206 SAHTREE_RUNLOCK(); 1207 KEYDBG(IPSEC_STAMP, 1208 printf("%s: return SA(%p)\n", __func__, sav)); 1209 if (sav != NULL) 1210 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1211 return (sav); 1212 } 1213 1214 /* 1215 * Must be called after calling key_allocsp(). 1216 */ 1217 void 1218 key_freesp(struct secpolicy **spp) 1219 { 1220 struct secpolicy *sp = *spp; 1221 1222 IPSEC_ASSERT(sp != NULL, ("null sp")); 1223 if (SP_DELREF(sp) == 0) 1224 return; 1225 1226 KEYDBG(IPSEC_STAMP, 1227 printf("%s: last reference to SP(%p)\n", __func__, sp)); 1228 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 1229 1230 *spp = NULL; 1231 while (sp->tcount > 0) 1232 ipsec_delisr(sp->req[--sp->tcount]); 1233 free(sp, M_IPSEC_SP); 1234 } 1235 1236 static void 1237 key_unlink(struct secpolicy *sp) 1238 { 1239 SPTREE_WLOCK(); 1240 key_detach(sp); 1241 SPTREE_WUNLOCK(); 1242 if (SPDCACHE_ENABLED()) 1243 spdcache_clear(); 1244 key_freesp(&sp); 1245 } 1246 1247 static void 1248 key_detach(struct secpolicy *sp) 1249 { 1250 IPSEC_ASSERT(sp->spidx.dir == IPSEC_DIR_INBOUND || 1251 sp->spidx.dir == IPSEC_DIR_OUTBOUND, 1252 ("invalid direction %u", sp->spidx.dir)); 1253 SPTREE_WLOCK_ASSERT(); 1254 1255 KEYDBG(KEY_STAMP, 1256 printf("%s: SP(%p)\n", __func__, sp)); 1257 if (sp->state != IPSEC_SPSTATE_ALIVE) { 1258 /* SP is already unlinked */ 1259 return; 1260 } 1261 sp->state = IPSEC_SPSTATE_DEAD; 1262 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 1263 V_spd_size--; 1264 LIST_REMOVE(sp, idhash); 1265 V_sp_genid++; 1266 } 1267 1268 /* 1269 * insert a secpolicy into the SP database. Lower priorities first 1270 */ 1271 static void 1272 key_insertsp(struct secpolicy *newsp) 1273 { 1274 struct secpolicy *sp; 1275 1276 SPTREE_WLOCK_ASSERT(); 1277 TAILQ_FOREACH(sp, &V_sptree[newsp->spidx.dir], chain) { 1278 if (newsp->priority < sp->priority) { 1279 TAILQ_INSERT_BEFORE(sp, newsp, chain); 1280 goto done; 1281 } 1282 } 1283 TAILQ_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, chain); 1284 done: 1285 LIST_INSERT_HEAD(SPHASH_HASH(newsp->id), newsp, idhash); 1286 newsp->state = IPSEC_SPSTATE_ALIVE; 1287 V_spd_size++; 1288 V_sp_genid++; 1289 } 1290 1291 /* 1292 * Insert a bunch of VTI secpolicies into the SPDB. 1293 * We keep VTI policies in the separate list due to following reasons: 1294 * 1) they should be immutable to user's or some deamon's attempts to 1295 * delete. The only way delete such policies - destroy or unconfigure 1296 * corresponding virtual inteface. 1297 * 2) such policies have traffic selector that matches all traffic per 1298 * address family. 1299 * Since all VTI policies have the same priority, we don't care about 1300 * policies order. 1301 */ 1302 int 1303 key_register_ifnet(struct secpolicy **spp, u_int count) 1304 { 1305 struct mbuf *m; 1306 u_int i; 1307 1308 SPTREE_WLOCK(); 1309 /* 1310 * First of try to acquire id for each SP. 1311 */ 1312 for (i = 0; i < count; i++) { 1313 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1314 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1315 ("invalid direction %u", spp[i]->spidx.dir)); 1316 1317 if ((spp[i]->id = key_getnewspid()) == 0) { 1318 SPTREE_WUNLOCK(); 1319 return (EAGAIN); 1320 } 1321 } 1322 for (i = 0; i < count; i++) { 1323 TAILQ_INSERT_TAIL(&V_sptree_ifnet[spp[i]->spidx.dir], 1324 spp[i], chain); 1325 /* 1326 * NOTE: despite the fact that we keep VTI SP in the 1327 * separate list, SPHASH contains policies from both 1328 * sources. Thus SADB_X_SPDGET will correctly return 1329 * SP by id, because it uses SPHASH for lookups. 1330 */ 1331 LIST_INSERT_HEAD(SPHASH_HASH(spp[i]->id), spp[i], idhash); 1332 spp[i]->state = IPSEC_SPSTATE_IFNET; 1333 } 1334 SPTREE_WUNLOCK(); 1335 /* 1336 * Notify user processes about new SP. 1337 */ 1338 for (i = 0; i < count; i++) { 1339 m = key_setdumpsp(spp[i], SADB_X_SPDADD, 0, 0); 1340 if (m != NULL) 1341 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1342 } 1343 return (0); 1344 } 1345 1346 void 1347 key_unregister_ifnet(struct secpolicy **spp, u_int count) 1348 { 1349 struct mbuf *m; 1350 u_int i; 1351 1352 SPTREE_WLOCK(); 1353 for (i = 0; i < count; i++) { 1354 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1355 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1356 ("invalid direction %u", spp[i]->spidx.dir)); 1357 1358 if (spp[i]->state != IPSEC_SPSTATE_IFNET) 1359 continue; 1360 spp[i]->state = IPSEC_SPSTATE_DEAD; 1361 TAILQ_REMOVE(&V_sptree_ifnet[spp[i]->spidx.dir], 1362 spp[i], chain); 1363 V_spd_size--; 1364 LIST_REMOVE(spp[i], idhash); 1365 } 1366 SPTREE_WUNLOCK(); 1367 if (SPDCACHE_ENABLED()) 1368 spdcache_clear(); 1369 1370 for (i = 0; i < count; i++) { 1371 m = key_setdumpsp(spp[i], SADB_X_SPDDELETE, 0, 0); 1372 if (m != NULL) 1373 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1374 } 1375 } 1376 1377 /* 1378 * Must be called after calling key_allocsa(). 1379 * This function is called by key_freesp() to free some SA allocated 1380 * for a policy. 1381 */ 1382 void 1383 key_freesav(struct secasvar **psav) 1384 { 1385 struct secasvar *sav = *psav; 1386 1387 IPSEC_ASSERT(sav != NULL, ("null sav")); 1388 CURVNET_ASSERT_SET(); 1389 if (SAV_DELREF(sav) == 0) 1390 return; 1391 1392 KEYDBG(IPSEC_STAMP, 1393 printf("%s: last reference to SA(%p)\n", __func__, sav)); 1394 1395 *psav = NULL; 1396 key_delsav(sav); 1397 } 1398 1399 /* 1400 * Unlink SA from SAH and SPI hash under SAHTREE_WLOCK. 1401 * Expect that SA has extra reference due to lookup. 1402 * Release this references, also release SAH reference after unlink. 1403 */ 1404 static void 1405 key_unlinksav(struct secasvar *sav) 1406 { 1407 struct secashead *sah; 1408 1409 KEYDBG(KEY_STAMP, 1410 printf("%s: SA(%p)\n", __func__, sav)); 1411 1412 CURVNET_ASSERT_SET(); 1413 SAHTREE_UNLOCK_ASSERT(); 1414 SAHTREE_WLOCK(); 1415 if (sav->state == SADB_SASTATE_DEAD) { 1416 /* SA is already unlinked */ 1417 SAHTREE_WUNLOCK(); 1418 return; 1419 } 1420 /* Unlink from SAH */ 1421 if (sav->state == SADB_SASTATE_LARVAL) 1422 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 1423 else 1424 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 1425 /* Unlink from SPI hash */ 1426 LIST_REMOVE(sav, spihash); 1427 sav->state = SADB_SASTATE_DEAD; 1428 sah = sav->sah; 1429 SAHTREE_WUNLOCK(); 1430 key_freesav(&sav); 1431 /* Since we are unlinked, release reference to SAH */ 1432 key_freesah(&sah); 1433 } 1434 1435 /* %%% SPD management */ 1436 /* 1437 * search SPD 1438 * OUT: NULL : not found 1439 * others : found, pointer to a SP. 1440 */ 1441 static struct secpolicy * 1442 key_getsp(struct secpolicyindex *spidx) 1443 { 1444 SPTREE_RLOCK_TRACKER; 1445 struct secpolicy *sp; 1446 1447 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 1448 1449 SPTREE_RLOCK(); 1450 TAILQ_FOREACH(sp, &V_sptree[spidx->dir], chain) { 1451 if (key_cmpspidx_exactly(spidx, &sp->spidx)) { 1452 SP_ADDREF(sp); 1453 break; 1454 } 1455 } 1456 SPTREE_RUNLOCK(); 1457 1458 return sp; 1459 } 1460 1461 /* 1462 * get SP by index. 1463 * OUT: NULL : not found 1464 * others : found, pointer to referenced SP. 1465 */ 1466 static struct secpolicy * 1467 key_getspbyid(uint32_t id) 1468 { 1469 SPTREE_RLOCK_TRACKER; 1470 struct secpolicy *sp; 1471 1472 SPTREE_RLOCK(); 1473 LIST_FOREACH(sp, SPHASH_HASH(id), idhash) { 1474 if (sp->id == id) { 1475 SP_ADDREF(sp); 1476 break; 1477 } 1478 } 1479 SPTREE_RUNLOCK(); 1480 return (sp); 1481 } 1482 1483 struct secpolicy * 1484 key_newsp(void) 1485 { 1486 struct secpolicy *sp; 1487 1488 sp = malloc(sizeof(*sp), M_IPSEC_SP, M_NOWAIT | M_ZERO); 1489 if (sp != NULL) 1490 SP_INITREF(sp); 1491 return (sp); 1492 } 1493 1494 struct ipsecrequest * 1495 ipsec_newisr(void) 1496 { 1497 1498 return (malloc(sizeof(struct ipsecrequest), M_IPSEC_SR, 1499 M_NOWAIT | M_ZERO)); 1500 } 1501 1502 void 1503 ipsec_delisr(struct ipsecrequest *p) 1504 { 1505 1506 free(p, M_IPSEC_SR); 1507 } 1508 1509 /* 1510 * create secpolicy structure from sadb_x_policy structure. 1511 * NOTE: `state', `secpolicyindex' and 'id' in secpolicy structure 1512 * are not set, so must be set properly later. 1513 */ 1514 struct secpolicy * 1515 key_msg2sp(struct sadb_x_policy *xpl0, size_t len, int *error) 1516 { 1517 struct secpolicy *newsp; 1518 1519 IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); 1520 IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len)); 1521 1522 if (len != PFKEY_EXTLEN(xpl0)) { 1523 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__)); 1524 *error = EINVAL; 1525 return NULL; 1526 } 1527 1528 if ((newsp = key_newsp()) == NULL) { 1529 *error = ENOBUFS; 1530 return NULL; 1531 } 1532 1533 newsp->spidx.dir = xpl0->sadb_x_policy_dir; 1534 newsp->policy = xpl0->sadb_x_policy_type; 1535 newsp->priority = xpl0->sadb_x_policy_priority; 1536 newsp->tcount = 0; 1537 1538 /* check policy */ 1539 switch (xpl0->sadb_x_policy_type) { 1540 case IPSEC_POLICY_DISCARD: 1541 case IPSEC_POLICY_NONE: 1542 case IPSEC_POLICY_ENTRUST: 1543 case IPSEC_POLICY_BYPASS: 1544 break; 1545 1546 case IPSEC_POLICY_IPSEC: 1547 { 1548 struct sadb_x_ipsecrequest *xisr; 1549 struct ipsecrequest *isr; 1550 int tlen; 1551 1552 /* validity check */ 1553 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { 1554 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", 1555 __func__)); 1556 key_freesp(&newsp); 1557 *error = EINVAL; 1558 return NULL; 1559 } 1560 1561 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); 1562 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1); 1563 1564 while (tlen > 0) { 1565 /* length check */ 1566 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr) || 1567 xisr->sadb_x_ipsecrequest_len > tlen) { 1568 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest " 1569 "length.\n", __func__)); 1570 key_freesp(&newsp); 1571 *error = EINVAL; 1572 return NULL; 1573 } 1574 1575 if (newsp->tcount >= IPSEC_MAXREQ) { 1576 ipseclog((LOG_DEBUG, 1577 "%s: too many ipsecrequests.\n", 1578 __func__)); 1579 key_freesp(&newsp); 1580 *error = EINVAL; 1581 return (NULL); 1582 } 1583 1584 /* allocate request buffer */ 1585 /* NB: data structure is zero'd */ 1586 isr = ipsec_newisr(); 1587 if (isr == NULL) { 1588 ipseclog((LOG_DEBUG, 1589 "%s: No more memory.\n", __func__)); 1590 key_freesp(&newsp); 1591 *error = ENOBUFS; 1592 return NULL; 1593 } 1594 1595 newsp->req[newsp->tcount++] = isr; 1596 1597 /* set values */ 1598 switch (xisr->sadb_x_ipsecrequest_proto) { 1599 case IPPROTO_ESP: 1600 case IPPROTO_AH: 1601 case IPPROTO_IPCOMP: 1602 break; 1603 default: 1604 ipseclog((LOG_DEBUG, 1605 "%s: invalid proto type=%u\n", __func__, 1606 xisr->sadb_x_ipsecrequest_proto)); 1607 key_freesp(&newsp); 1608 *error = EPROTONOSUPPORT; 1609 return NULL; 1610 } 1611 isr->saidx.proto = 1612 (uint8_t)xisr->sadb_x_ipsecrequest_proto; 1613 1614 switch (xisr->sadb_x_ipsecrequest_mode) { 1615 case IPSEC_MODE_TRANSPORT: 1616 case IPSEC_MODE_TUNNEL: 1617 break; 1618 case IPSEC_MODE_ANY: 1619 default: 1620 ipseclog((LOG_DEBUG, 1621 "%s: invalid mode=%u\n", __func__, 1622 xisr->sadb_x_ipsecrequest_mode)); 1623 key_freesp(&newsp); 1624 *error = EINVAL; 1625 return NULL; 1626 } 1627 isr->saidx.mode = xisr->sadb_x_ipsecrequest_mode; 1628 1629 switch (xisr->sadb_x_ipsecrequest_level) { 1630 case IPSEC_LEVEL_DEFAULT: 1631 case IPSEC_LEVEL_USE: 1632 case IPSEC_LEVEL_REQUIRE: 1633 break; 1634 case IPSEC_LEVEL_UNIQUE: 1635 /* validity check */ 1636 /* 1637 * If range violation of reqid, kernel will 1638 * update it, don't refuse it. 1639 */ 1640 if (xisr->sadb_x_ipsecrequest_reqid 1641 > IPSEC_MANUAL_REQID_MAX) { 1642 ipseclog((LOG_DEBUG, 1643 "%s: reqid=%d range " 1644 "violation, updated by kernel.\n", 1645 __func__, 1646 xisr->sadb_x_ipsecrequest_reqid)); 1647 xisr->sadb_x_ipsecrequest_reqid = 0; 1648 } 1649 1650 /* allocate new reqid id if reqid is zero. */ 1651 if (xisr->sadb_x_ipsecrequest_reqid == 0) { 1652 u_int32_t reqid; 1653 if ((reqid = key_newreqid()) == 0) { 1654 key_freesp(&newsp); 1655 *error = ENOBUFS; 1656 return NULL; 1657 } 1658 isr->saidx.reqid = reqid; 1659 xisr->sadb_x_ipsecrequest_reqid = reqid; 1660 } else { 1661 /* set it for manual keying. */ 1662 isr->saidx.reqid = 1663 xisr->sadb_x_ipsecrequest_reqid; 1664 } 1665 break; 1666 1667 default: 1668 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n", 1669 __func__, 1670 xisr->sadb_x_ipsecrequest_level)); 1671 key_freesp(&newsp); 1672 *error = EINVAL; 1673 return NULL; 1674 } 1675 isr->level = xisr->sadb_x_ipsecrequest_level; 1676 1677 /* set IP addresses if there */ 1678 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 1679 struct sockaddr *paddr; 1680 1681 len = tlen - sizeof(*xisr); 1682 paddr = (struct sockaddr *)(xisr + 1); 1683 /* validity check */ 1684 if (len < sizeof(struct sockaddr) || 1685 len < 2 * paddr->sa_len || 1686 paddr->sa_len > sizeof(isr->saidx.src)) { 1687 ipseclog((LOG_DEBUG, "%s: invalid " 1688 "request address length.\n", 1689 __func__)); 1690 key_freesp(&newsp); 1691 *error = EINVAL; 1692 return NULL; 1693 } 1694 /* 1695 * Request length should be enough to keep 1696 * source and destination addresses. 1697 */ 1698 if (xisr->sadb_x_ipsecrequest_len < 1699 sizeof(*xisr) + 2 * paddr->sa_len) { 1700 ipseclog((LOG_DEBUG, "%s: invalid " 1701 "ipsecrequest length.\n", 1702 __func__)); 1703 key_freesp(&newsp); 1704 *error = EINVAL; 1705 return (NULL); 1706 } 1707 bcopy(paddr, &isr->saidx.src, paddr->sa_len); 1708 paddr = (struct sockaddr *)((caddr_t)paddr + 1709 paddr->sa_len); 1710 1711 /* validity check */ 1712 if (paddr->sa_len != 1713 isr->saidx.src.sa.sa_len) { 1714 ipseclog((LOG_DEBUG, "%s: invalid " 1715 "request address length.\n", 1716 __func__)); 1717 key_freesp(&newsp); 1718 *error = EINVAL; 1719 return NULL; 1720 } 1721 /* AF family should match */ 1722 if (paddr->sa_family != 1723 isr->saidx.src.sa.sa_family) { 1724 ipseclog((LOG_DEBUG, "%s: address " 1725 "family doesn't match.\n", 1726 __func__)); 1727 key_freesp(&newsp); 1728 *error = EINVAL; 1729 return (NULL); 1730 } 1731 bcopy(paddr, &isr->saidx.dst, paddr->sa_len); 1732 } else { 1733 /* 1734 * Addresses for TUNNEL mode requests are 1735 * mandatory. 1736 */ 1737 if (isr->saidx.mode == IPSEC_MODE_TUNNEL) { 1738 ipseclog((LOG_DEBUG, "%s: missing " 1739 "request addresses.\n", __func__)); 1740 key_freesp(&newsp); 1741 *error = EINVAL; 1742 return (NULL); 1743 } 1744 } 1745 tlen -= xisr->sadb_x_ipsecrequest_len; 1746 1747 /* validity check */ 1748 if (tlen < 0) { 1749 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n", 1750 __func__)); 1751 key_freesp(&newsp); 1752 *error = EINVAL; 1753 return NULL; 1754 } 1755 1756 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 1757 + xisr->sadb_x_ipsecrequest_len); 1758 } 1759 /* XXXAE: LARVAL SP */ 1760 if (newsp->tcount < 1) { 1761 ipseclog((LOG_DEBUG, "%s: valid IPSEC transforms " 1762 "not found.\n", __func__)); 1763 key_freesp(&newsp); 1764 *error = EINVAL; 1765 return (NULL); 1766 } 1767 } 1768 break; 1769 default: 1770 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 1771 key_freesp(&newsp); 1772 *error = EINVAL; 1773 return NULL; 1774 } 1775 1776 *error = 0; 1777 return (newsp); 1778 } 1779 1780 uint32_t 1781 key_newreqid(void) 1782 { 1783 static uint32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1784 1785 if (auto_reqid == ~0) 1786 auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1787 else 1788 auto_reqid++; 1789 1790 /* XXX should be unique check */ 1791 return (auto_reqid); 1792 } 1793 1794 /* 1795 * copy secpolicy struct to sadb_x_policy structure indicated. 1796 */ 1797 static struct mbuf * 1798 key_sp2mbuf(struct secpolicy *sp) 1799 { 1800 struct mbuf *m; 1801 size_t tlen; 1802 1803 tlen = key_getspreqmsglen(sp); 1804 m = m_get2(tlen, M_NOWAIT, MT_DATA, 0); 1805 if (m == NULL) 1806 return (NULL); 1807 m_align(m, tlen); 1808 m->m_len = tlen; 1809 if (key_sp2msg(sp, m->m_data, &tlen) != 0) { 1810 m_freem(m); 1811 return (NULL); 1812 } 1813 return (m); 1814 } 1815 1816 int 1817 key_sp2msg(struct secpolicy *sp, void *request, size_t *len) 1818 { 1819 struct sadb_x_ipsecrequest *xisr; 1820 struct sadb_x_policy *xpl; 1821 struct ipsecrequest *isr; 1822 size_t xlen, ilen; 1823 caddr_t p; 1824 int error, i; 1825 1826 IPSEC_ASSERT(sp != NULL, ("null policy")); 1827 1828 xlen = sizeof(*xpl); 1829 if (*len < xlen) 1830 return (EINVAL); 1831 1832 error = 0; 1833 bzero(request, *len); 1834 xpl = (struct sadb_x_policy *)request; 1835 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1836 xpl->sadb_x_policy_type = sp->policy; 1837 xpl->sadb_x_policy_dir = sp->spidx.dir; 1838 xpl->sadb_x_policy_id = sp->id; 1839 xpl->sadb_x_policy_priority = sp->priority; 1840 switch (sp->state) { 1841 case IPSEC_SPSTATE_IFNET: 1842 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_IFNET; 1843 break; 1844 case IPSEC_SPSTATE_PCB: 1845 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_PCB; 1846 break; 1847 default: 1848 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_GLOBAL; 1849 } 1850 1851 /* if is the policy for ipsec ? */ 1852 if (sp->policy == IPSEC_POLICY_IPSEC) { 1853 p = (caddr_t)xpl + sizeof(*xpl); 1854 for (i = 0; i < sp->tcount; i++) { 1855 isr = sp->req[i]; 1856 ilen = PFKEY_ALIGN8(sizeof(*xisr) + 1857 isr->saidx.src.sa.sa_len + 1858 isr->saidx.dst.sa.sa_len); 1859 xlen += ilen; 1860 if (xlen > *len) { 1861 error = ENOBUFS; 1862 /* Calculate needed size */ 1863 continue; 1864 } 1865 xisr = (struct sadb_x_ipsecrequest *)p; 1866 xisr->sadb_x_ipsecrequest_len = ilen; 1867 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 1868 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 1869 xisr->sadb_x_ipsecrequest_level = isr->level; 1870 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; 1871 1872 p += sizeof(*xisr); 1873 bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len); 1874 p += isr->saidx.src.sa.sa_len; 1875 bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len); 1876 p += isr->saidx.dst.sa.sa_len; 1877 } 1878 } 1879 xpl->sadb_x_policy_len = PFKEY_UNIT64(xlen); 1880 if (error == 0) 1881 *len = xlen; 1882 else 1883 *len = sizeof(*xpl); 1884 return (error); 1885 } 1886 1887 /* m will not be freed nor modified */ 1888 static struct mbuf * 1889 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, 1890 int ndeep, int nitem, ...) 1891 { 1892 va_list ap; 1893 int idx; 1894 int i; 1895 struct mbuf *result = NULL, *n; 1896 int len; 1897 1898 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1899 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1900 1901 va_start(ap, nitem); 1902 for (i = 0; i < nitem; i++) { 1903 idx = va_arg(ap, int); 1904 if (idx < 0 || idx > SADB_EXT_MAX) 1905 goto fail; 1906 /* don't attempt to pull empty extension */ 1907 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) 1908 continue; 1909 if (idx != SADB_EXT_RESERVED && 1910 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) 1911 continue; 1912 1913 if (idx == SADB_EXT_RESERVED) { 1914 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 1915 1916 IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len)); 1917 1918 MGETHDR(n, M_NOWAIT, MT_DATA); 1919 if (!n) 1920 goto fail; 1921 n->m_len = len; 1922 n->m_next = NULL; 1923 m_copydata(m, 0, sizeof(struct sadb_msg), 1924 mtod(n, caddr_t)); 1925 } else if (i < ndeep) { 1926 len = mhp->extlen[idx]; 1927 n = m_get2(len, M_NOWAIT, MT_DATA, 0); 1928 if (n == NULL) 1929 goto fail; 1930 m_align(n, len); 1931 n->m_len = len; 1932 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], 1933 mtod(n, caddr_t)); 1934 } else { 1935 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], 1936 M_NOWAIT); 1937 } 1938 if (n == NULL) 1939 goto fail; 1940 1941 if (result) 1942 m_cat(result, n); 1943 else 1944 result = n; 1945 } 1946 va_end(ap); 1947 1948 if ((result->m_flags & M_PKTHDR) != 0) { 1949 result->m_pkthdr.len = 0; 1950 for (n = result; n; n = n->m_next) 1951 result->m_pkthdr.len += n->m_len; 1952 } 1953 1954 return result; 1955 1956 fail: 1957 m_freem(result); 1958 va_end(ap); 1959 return NULL; 1960 } 1961 1962 /* 1963 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing 1964 * add an entry to SP database, when received 1965 * <base, address(SD), (lifetime(H),) policy> 1966 * from the user(?). 1967 * Adding to SP database, 1968 * and send 1969 * <base, address(SD), (lifetime(H),) policy> 1970 * to the socket which was send. 1971 * 1972 * SPDADD set a unique policy entry. 1973 * SPDSETIDX like SPDADD without a part of policy requests. 1974 * SPDUPDATE replace a unique policy entry. 1975 * 1976 * XXXAE: serialize this in PF_KEY to avoid races. 1977 * m will always be freed. 1978 */ 1979 static int 1980 key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 1981 { 1982 struct secpolicyindex spidx; 1983 struct sadb_address *src0, *dst0; 1984 struct sadb_x_policy *xpl0, *xpl; 1985 struct sadb_lifetime *lft = NULL; 1986 struct secpolicy *newsp, *oldsp; 1987 int error; 1988 1989 IPSEC_ASSERT(so != NULL, ("null socket")); 1990 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1991 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1992 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 1993 1994 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 1995 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 1996 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 1997 ipseclog((LOG_DEBUG, 1998 "%s: invalid message: missing required header.\n", 1999 __func__)); 2000 return key_senderror(so, m, EINVAL); 2001 } 2002 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 2003 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 2004 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2005 ipseclog((LOG_DEBUG, 2006 "%s: invalid message: wrong header size.\n", __func__)); 2007 return key_senderror(so, m, EINVAL); 2008 } 2009 if (!SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD)) { 2010 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD)) { 2011 ipseclog((LOG_DEBUG, 2012 "%s: invalid message: wrong header size.\n", 2013 __func__)); 2014 return key_senderror(so, m, EINVAL); 2015 } 2016 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 2017 } 2018 2019 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 2020 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2021 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2022 2023 /* check the direciton */ 2024 switch (xpl0->sadb_x_policy_dir) { 2025 case IPSEC_DIR_INBOUND: 2026 case IPSEC_DIR_OUTBOUND: 2027 break; 2028 default: 2029 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2030 return key_senderror(so, m, EINVAL); 2031 } 2032 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */ 2033 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2034 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2035 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2036 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2037 return key_senderror(so, m, EINVAL); 2038 } 2039 2040 /* policy requests are mandatory when action is ipsec. */ 2041 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 2042 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { 2043 ipseclog((LOG_DEBUG, 2044 "%s: policy requests required.\n", __func__)); 2045 return key_senderror(so, m, EINVAL); 2046 } 2047 2048 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 2049 (struct sockaddr *)(dst0 + 1)); 2050 if (error != 0 || 2051 src0->sadb_address_proto != dst0->sadb_address_proto) { 2052 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2053 return key_senderror(so, m, error); 2054 } 2055 /* make secindex */ 2056 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2057 src0 + 1, 2058 dst0 + 1, 2059 src0->sadb_address_prefixlen, 2060 dst0->sadb_address_prefixlen, 2061 src0->sadb_address_proto, 2062 &spidx); 2063 /* Checking there is SP already or not. */ 2064 oldsp = key_getsp(&spidx); 2065 if (oldsp != NULL) { 2066 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 2067 KEYDBG(KEY_STAMP, 2068 printf("%s: unlink SP(%p) for SPDUPDATE\n", 2069 __func__, oldsp)); 2070 KEYDBG(KEY_DATA, kdebug_secpolicy(oldsp)); 2071 } else { 2072 key_freesp(&oldsp); 2073 ipseclog((LOG_DEBUG, 2074 "%s: a SP entry exists already.\n", __func__)); 2075 return (key_senderror(so, m, EEXIST)); 2076 } 2077 } 2078 2079 /* allocate new SP entry */ 2080 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) { 2081 if (oldsp != NULL) { 2082 key_unlink(oldsp); 2083 key_freesp(&oldsp); /* second for our reference */ 2084 } 2085 return key_senderror(so, m, error); 2086 } 2087 2088 newsp->lastused = newsp->created = time_second; 2089 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; 2090 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; 2091 bcopy(&spidx, &newsp->spidx, sizeof(spidx)); 2092 2093 SPTREE_WLOCK(); 2094 if ((newsp->id = key_getnewspid()) == 0) { 2095 if (oldsp != NULL) 2096 key_detach(oldsp); 2097 SPTREE_WUNLOCK(); 2098 if (oldsp != NULL) { 2099 key_freesp(&oldsp); /* first for key_detach */ 2100 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug")); 2101 key_freesp(&oldsp); /* second for our reference */ 2102 if (SPDCACHE_ENABLED()) /* refresh cache because of key_detach */ 2103 spdcache_clear(); 2104 } 2105 key_freesp(&newsp); 2106 return key_senderror(so, m, ENOBUFS); 2107 } 2108 if (oldsp != NULL) 2109 key_detach(oldsp); 2110 key_insertsp(newsp); 2111 SPTREE_WUNLOCK(); 2112 if (oldsp != NULL) { 2113 key_freesp(&oldsp); /* first for key_detach */ 2114 IPSEC_ASSERT(oldsp != NULL, ("null oldsp: refcount bug")); 2115 key_freesp(&oldsp); /* second for our reference */ 2116 } 2117 if (SPDCACHE_ENABLED()) 2118 spdcache_clear(); 2119 KEYDBG(KEY_STAMP, 2120 printf("%s: SP(%p)\n", __func__, newsp)); 2121 KEYDBG(KEY_DATA, kdebug_secpolicy(newsp)); 2122 2123 { 2124 struct mbuf *n, *mpolicy; 2125 struct sadb_msg *newmsg; 2126 int off; 2127 2128 /* create new sadb_msg to reply. */ 2129 if (lft) { 2130 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, 2131 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, 2132 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2133 } else { 2134 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, 2135 SADB_X_EXT_POLICY, 2136 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2137 } 2138 if (!n) 2139 return key_senderror(so, m, ENOBUFS); 2140 2141 if (n->m_len < sizeof(*newmsg)) { 2142 n = m_pullup(n, sizeof(*newmsg)); 2143 if (!n) 2144 return key_senderror(so, m, ENOBUFS); 2145 } 2146 newmsg = mtod(n, struct sadb_msg *); 2147 newmsg->sadb_msg_errno = 0; 2148 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2149 2150 off = 0; 2151 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), 2152 sizeof(*xpl), &off); 2153 if (mpolicy == NULL) { 2154 /* n is already freed */ 2155 return key_senderror(so, m, ENOBUFS); 2156 } 2157 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off); 2158 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { 2159 m_freem(n); 2160 return key_senderror(so, m, EINVAL); 2161 } 2162 xpl->sadb_x_policy_id = newsp->id; 2163 2164 m_freem(m); 2165 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2166 } 2167 } 2168 2169 /* 2170 * get new policy id. 2171 * OUT: 2172 * 0: failure. 2173 * others: success. 2174 */ 2175 static uint32_t 2176 key_getnewspid(void) 2177 { 2178 struct secpolicy *sp; 2179 uint32_t newid = 0; 2180 int tries, limit; 2181 2182 SPTREE_WLOCK_ASSERT(); 2183 2184 limit = atomic_load_int(&V_key_spi_trycnt); 2185 for (tries = 0; tries < limit; tries++) { 2186 if (V_policy_id == ~0) /* overflowed */ 2187 newid = V_policy_id = 1; 2188 else 2189 newid = ++V_policy_id; 2190 LIST_FOREACH(sp, SPHASH_HASH(newid), idhash) { 2191 if (sp->id == newid) 2192 break; 2193 } 2194 if (sp == NULL) 2195 break; 2196 } 2197 if (tries == limit || newid == 0) { 2198 ipseclog((LOG_DEBUG, "%s: failed to allocate policy id.\n", 2199 __func__)); 2200 return (0); 2201 } 2202 return (newid); 2203 } 2204 2205 /* 2206 * SADB_SPDDELETE processing 2207 * receive 2208 * <base, address(SD), policy(*)> 2209 * from the user(?), and set SADB_SASTATE_DEAD, 2210 * and send, 2211 * <base, address(SD), policy(*)> 2212 * to the ikmpd. 2213 * policy(*) including direction of policy. 2214 * 2215 * m will always be freed. 2216 */ 2217 static int 2218 key_spddelete(struct socket *so, struct mbuf *m, 2219 const struct sadb_msghdr *mhp) 2220 { 2221 struct secpolicyindex spidx; 2222 struct sadb_address *src0, *dst0; 2223 struct sadb_x_policy *xpl0; 2224 struct secpolicy *sp; 2225 2226 IPSEC_ASSERT(so != NULL, ("null so")); 2227 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2228 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2229 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2230 2231 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 2232 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 2233 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 2234 ipseclog((LOG_DEBUG, 2235 "%s: invalid message: missing required header.\n", 2236 __func__)); 2237 return key_senderror(so, m, EINVAL); 2238 } 2239 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 2240 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 2241 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2242 ipseclog((LOG_DEBUG, 2243 "%s: invalid message: wrong header size.\n", __func__)); 2244 return key_senderror(so, m, EINVAL); 2245 } 2246 2247 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 2248 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2249 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2250 2251 /* check the direciton */ 2252 switch (xpl0->sadb_x_policy_dir) { 2253 case IPSEC_DIR_INBOUND: 2254 case IPSEC_DIR_OUTBOUND: 2255 break; 2256 default: 2257 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2258 return key_senderror(so, m, EINVAL); 2259 } 2260 /* Only DISCARD, NONE and IPSEC are allowed */ 2261 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2262 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2263 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2264 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2265 return key_senderror(so, m, EINVAL); 2266 } 2267 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 2268 (struct sockaddr *)(dst0 + 1)) != 0 || 2269 src0->sadb_address_proto != dst0->sadb_address_proto) { 2270 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2271 return key_senderror(so, m, EINVAL); 2272 } 2273 /* make secindex */ 2274 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2275 src0 + 1, 2276 dst0 + 1, 2277 src0->sadb_address_prefixlen, 2278 dst0->sadb_address_prefixlen, 2279 src0->sadb_address_proto, 2280 &spidx); 2281 2282 /* Is there SP in SPD ? */ 2283 if ((sp = key_getsp(&spidx)) == NULL) { 2284 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__)); 2285 return key_senderror(so, m, EINVAL); 2286 } 2287 2288 /* save policy id to buffer to be returned. */ 2289 xpl0->sadb_x_policy_id = sp->id; 2290 2291 KEYDBG(KEY_STAMP, 2292 printf("%s: SP(%p)\n", __func__, sp)); 2293 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2294 key_unlink(sp); 2295 key_freesp(&sp); 2296 2297 { 2298 struct mbuf *n; 2299 struct sadb_msg *newmsg; 2300 2301 /* create new sadb_msg to reply. */ 2302 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 2303 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2304 if (!n) 2305 return key_senderror(so, m, ENOBUFS); 2306 2307 newmsg = mtod(n, struct sadb_msg *); 2308 newmsg->sadb_msg_errno = 0; 2309 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2310 2311 m_freem(m); 2312 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2313 } 2314 } 2315 2316 /* 2317 * SADB_SPDDELETE2 processing 2318 * receive 2319 * <base, policy(*)> 2320 * from the user(?), and set SADB_SASTATE_DEAD, 2321 * and send, 2322 * <base, policy(*)> 2323 * to the ikmpd. 2324 * policy(*) including direction of policy. 2325 * 2326 * m will always be freed. 2327 */ 2328 static int 2329 key_spddelete2(struct socket *so, struct mbuf *m, 2330 const struct sadb_msghdr *mhp) 2331 { 2332 struct secpolicy *sp; 2333 uint32_t id; 2334 2335 IPSEC_ASSERT(so != NULL, ("null socket")); 2336 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2337 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2338 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2339 2340 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2341 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2342 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2343 __func__)); 2344 return key_senderror(so, m, EINVAL); 2345 } 2346 2347 id = ((struct sadb_x_policy *) 2348 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2349 2350 /* Is there SP in SPD ? */ 2351 if ((sp = key_getspbyid(id)) == NULL) { 2352 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2353 __func__, id)); 2354 return key_senderror(so, m, EINVAL); 2355 } 2356 2357 KEYDBG(KEY_STAMP, 2358 printf("%s: SP(%p)\n", __func__, sp)); 2359 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2360 key_unlink(sp); 2361 if (sp->state != IPSEC_SPSTATE_DEAD) { 2362 ipseclog((LOG_DEBUG, "%s: failed to delete SP with id %u.\n", 2363 __func__, id)); 2364 key_freesp(&sp); 2365 return (key_senderror(so, m, EACCES)); 2366 } 2367 key_freesp(&sp); 2368 2369 { 2370 struct mbuf *n, *nn; 2371 struct sadb_msg *newmsg; 2372 int off, len; 2373 2374 /* create new sadb_msg to reply. */ 2375 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2376 2377 n = key_mget(len); 2378 if (n == NULL) 2379 return key_senderror(so, m, ENOBUFS); 2380 2381 n->m_len = len; 2382 n->m_next = NULL; 2383 off = 0; 2384 2385 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 2386 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2387 2388 IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)", 2389 off, len)); 2390 2391 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], 2392 mhp->extlen[SADB_X_EXT_POLICY], M_NOWAIT); 2393 if (!n->m_next) { 2394 m_freem(n); 2395 return key_senderror(so, m, ENOBUFS); 2396 } 2397 2398 n->m_pkthdr.len = 0; 2399 for (nn = n; nn; nn = nn->m_next) 2400 n->m_pkthdr.len += nn->m_len; 2401 2402 newmsg = mtod(n, struct sadb_msg *); 2403 newmsg->sadb_msg_errno = 0; 2404 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2405 2406 m_freem(m); 2407 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2408 } 2409 } 2410 2411 /* 2412 * SADB_X_SPDGET processing 2413 * receive 2414 * <base, policy(*)> 2415 * from the user(?), 2416 * and send, 2417 * <base, address(SD), policy> 2418 * to the ikmpd. 2419 * policy(*) including direction of policy. 2420 * 2421 * m will always be freed. 2422 */ 2423 static int 2424 key_spdget(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2425 { 2426 struct secpolicy *sp; 2427 struct mbuf *n; 2428 uint32_t id; 2429 2430 IPSEC_ASSERT(so != NULL, ("null socket")); 2431 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2432 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2433 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2434 2435 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2436 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2437 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2438 __func__)); 2439 return key_senderror(so, m, EINVAL); 2440 } 2441 2442 id = ((struct sadb_x_policy *) 2443 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2444 2445 /* Is there SP in SPD ? */ 2446 if ((sp = key_getspbyid(id)) == NULL) { 2447 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2448 __func__, id)); 2449 return key_senderror(so, m, ENOENT); 2450 } 2451 2452 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq, 2453 mhp->msg->sadb_msg_pid); 2454 key_freesp(&sp); 2455 if (n != NULL) { 2456 m_freem(m); 2457 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2458 } else 2459 return key_senderror(so, m, ENOBUFS); 2460 } 2461 2462 /* 2463 * SADB_X_SPDACQUIRE processing. 2464 * Acquire policy and SA(s) for a *OUTBOUND* packet. 2465 * send 2466 * <base, policy(*)> 2467 * to KMD, and expect to receive 2468 * <base> with SADB_X_SPDACQUIRE if error occurred, 2469 * or 2470 * <base, policy> 2471 * with SADB_X_SPDUPDATE from KMD by PF_KEY. 2472 * policy(*) is without policy requests. 2473 * 2474 * 0 : succeed 2475 * others: error number 2476 */ 2477 int 2478 key_spdacquire(struct secpolicy *sp) 2479 { 2480 struct mbuf *result = NULL, *m; 2481 struct secspacq *newspacq; 2482 2483 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2484 IPSEC_ASSERT(sp->req == NULL, ("policy exists")); 2485 IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, 2486 ("policy not IPSEC %u", sp->policy)); 2487 2488 /* Get an entry to check whether sent message or not. */ 2489 newspacq = key_getspacq(&sp->spidx); 2490 if (newspacq != NULL) { 2491 if (V_key_blockacq_count < newspacq->count) { 2492 /* reset counter and do send message. */ 2493 newspacq->count = 0; 2494 } else { 2495 /* increment counter and do nothing. */ 2496 newspacq->count++; 2497 SPACQ_UNLOCK(); 2498 return (0); 2499 } 2500 SPACQ_UNLOCK(); 2501 } else { 2502 /* make new entry for blocking to send SADB_ACQUIRE. */ 2503 newspacq = key_newspacq(&sp->spidx); 2504 if (newspacq == NULL) 2505 return ENOBUFS; 2506 } 2507 2508 /* create new sadb_msg to reply. */ 2509 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); 2510 if (!m) 2511 return ENOBUFS; 2512 2513 result = m; 2514 2515 result->m_pkthdr.len = 0; 2516 for (m = result; m; m = m->m_next) 2517 result->m_pkthdr.len += m->m_len; 2518 2519 mtod(result, struct sadb_msg *)->sadb_msg_len = 2520 PFKEY_UNIT64(result->m_pkthdr.len); 2521 2522 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED); 2523 } 2524 2525 /* 2526 * SADB_SPDFLUSH processing 2527 * receive 2528 * <base> 2529 * from the user, and free all entries in secpctree. 2530 * and send, 2531 * <base> 2532 * to the user. 2533 * NOTE: what to do is only marking SADB_SASTATE_DEAD. 2534 * 2535 * m will always be freed. 2536 */ 2537 static int 2538 key_spdflush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2539 { 2540 struct secpolicy_queue drainq; 2541 struct sadb_msg *newmsg; 2542 struct secpolicy *sp, *nextsp; 2543 u_int dir; 2544 2545 IPSEC_ASSERT(so != NULL, ("null socket")); 2546 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2547 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2548 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2549 2550 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) 2551 return key_senderror(so, m, EINVAL); 2552 2553 TAILQ_INIT(&drainq); 2554 SPTREE_WLOCK(); 2555 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2556 TAILQ_CONCAT(&drainq, &V_sptree[dir], chain); 2557 } 2558 /* 2559 * We need to set state to DEAD for each policy to be sure, 2560 * that another thread won't try to unlink it. 2561 * Also remove SP from sphash. 2562 */ 2563 TAILQ_FOREACH(sp, &drainq, chain) { 2564 sp->state = IPSEC_SPSTATE_DEAD; 2565 LIST_REMOVE(sp, idhash); 2566 } 2567 V_sp_genid++; 2568 V_spd_size = 0; 2569 SPTREE_WUNLOCK(); 2570 if (SPDCACHE_ENABLED()) 2571 spdcache_clear(); 2572 sp = TAILQ_FIRST(&drainq); 2573 while (sp != NULL) { 2574 nextsp = TAILQ_NEXT(sp, chain); 2575 key_freesp(&sp); 2576 sp = nextsp; 2577 } 2578 2579 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 2580 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 2581 return key_senderror(so, m, ENOBUFS); 2582 } 2583 2584 if (m->m_next) 2585 m_freem(m->m_next); 2586 m->m_next = NULL; 2587 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2588 newmsg = mtod(m, struct sadb_msg *); 2589 newmsg->sadb_msg_errno = 0; 2590 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 2591 2592 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 2593 } 2594 2595 static uint8_t 2596 key_satype2scopemask(uint8_t satype) 2597 { 2598 2599 if (satype == IPSEC_POLICYSCOPE_ANY) 2600 return (0xff); 2601 return (satype); 2602 } 2603 /* 2604 * SADB_SPDDUMP processing 2605 * receive 2606 * <base> 2607 * from the user, and dump all SP leaves and send, 2608 * <base> ..... 2609 * to the ikmpd. 2610 * 2611 * NOTE: 2612 * sadb_msg_satype is considered as mask of policy scopes. 2613 * m will always be freed. 2614 */ 2615 static int 2616 key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2617 { 2618 SPTREE_RLOCK_TRACKER; 2619 struct secpolicy *sp; 2620 struct mbuf *n; 2621 int cnt; 2622 u_int dir, scope; 2623 2624 IPSEC_ASSERT(so != NULL, ("null socket")); 2625 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2626 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2627 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2628 2629 /* search SPD entry and get buffer size. */ 2630 cnt = 0; 2631 scope = key_satype2scopemask(mhp->msg->sadb_msg_satype); 2632 SPTREE_RLOCK(); 2633 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2634 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2635 TAILQ_FOREACH(sp, &V_sptree[dir], chain) 2636 cnt++; 2637 } 2638 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2639 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) 2640 cnt++; 2641 } 2642 } 2643 2644 if (cnt == 0) { 2645 SPTREE_RUNLOCK(); 2646 return key_senderror(so, m, ENOENT); 2647 } 2648 2649 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2650 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2651 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 2652 --cnt; 2653 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2654 mhp->msg->sadb_msg_pid); 2655 2656 if (n != NULL) 2657 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2658 } 2659 } 2660 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2661 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) { 2662 --cnt; 2663 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2664 mhp->msg->sadb_msg_pid); 2665 2666 if (n != NULL) 2667 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2668 } 2669 } 2670 } 2671 2672 SPTREE_RUNLOCK(); 2673 m_freem(m); 2674 return (0); 2675 } 2676 2677 static struct mbuf * 2678 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, 2679 u_int32_t pid) 2680 { 2681 struct mbuf *result = NULL, *m; 2682 struct seclifetime lt; 2683 2684 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt); 2685 if (!m) 2686 goto fail; 2687 result = m; 2688 2689 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2690 &sp->spidx.src.sa, sp->spidx.prefs, 2691 sp->spidx.ul_proto); 2692 if (!m) 2693 goto fail; 2694 m_cat(result, m); 2695 2696 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2697 &sp->spidx.dst.sa, sp->spidx.prefd, 2698 sp->spidx.ul_proto); 2699 if (!m) 2700 goto fail; 2701 m_cat(result, m); 2702 2703 m = key_sp2mbuf(sp); 2704 if (!m) 2705 goto fail; 2706 m_cat(result, m); 2707 2708 if(sp->lifetime){ 2709 lt.addtime=sp->created; 2710 lt.usetime= sp->lastused; 2711 m = key_setlifetime(<, SADB_EXT_LIFETIME_CURRENT); 2712 if (!m) 2713 goto fail; 2714 m_cat(result, m); 2715 2716 lt.addtime=sp->lifetime; 2717 lt.usetime= sp->validtime; 2718 m = key_setlifetime(<, SADB_EXT_LIFETIME_HARD); 2719 if (!m) 2720 goto fail; 2721 m_cat(result, m); 2722 } 2723 2724 if ((result->m_flags & M_PKTHDR) == 0) 2725 goto fail; 2726 2727 if (result->m_len < sizeof(struct sadb_msg)) { 2728 result = m_pullup(result, sizeof(struct sadb_msg)); 2729 if (result == NULL) 2730 goto fail; 2731 } 2732 2733 result->m_pkthdr.len = 0; 2734 for (m = result; m; m = m->m_next) 2735 result->m_pkthdr.len += m->m_len; 2736 2737 mtod(result, struct sadb_msg *)->sadb_msg_len = 2738 PFKEY_UNIT64(result->m_pkthdr.len); 2739 2740 return result; 2741 2742 fail: 2743 m_freem(result); 2744 return NULL; 2745 } 2746 /* 2747 * get PFKEY message length for security policy and request. 2748 */ 2749 static size_t 2750 key_getspreqmsglen(struct secpolicy *sp) 2751 { 2752 size_t tlen, len; 2753 int i; 2754 2755 tlen = sizeof(struct sadb_x_policy); 2756 /* if is the policy for ipsec ? */ 2757 if (sp->policy != IPSEC_POLICY_IPSEC) 2758 return (tlen); 2759 2760 /* get length of ipsec requests */ 2761 for (i = 0; i < sp->tcount; i++) { 2762 len = sizeof(struct sadb_x_ipsecrequest) 2763 + sp->req[i]->saidx.src.sa.sa_len 2764 + sp->req[i]->saidx.dst.sa.sa_len; 2765 2766 tlen += PFKEY_ALIGN8(len); 2767 } 2768 return (tlen); 2769 } 2770 2771 /* 2772 * SADB_SPDEXPIRE processing 2773 * send 2774 * <base, address(SD), lifetime(CH), policy> 2775 * to KMD by PF_KEY. 2776 * 2777 * OUT: 0 : succeed 2778 * others : error number 2779 */ 2780 static int 2781 key_spdexpire(struct secpolicy *sp) 2782 { 2783 struct sadb_lifetime *lt; 2784 struct mbuf *result = NULL, *m; 2785 int len, error = -1; 2786 2787 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2788 2789 KEYDBG(KEY_STAMP, 2790 printf("%s: SP(%p)\n", __func__, sp)); 2791 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2792 2793 /* set msg header */ 2794 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); 2795 if (!m) { 2796 error = ENOBUFS; 2797 goto fail; 2798 } 2799 result = m; 2800 2801 /* create lifetime extension (current and hard) */ 2802 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 2803 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 2804 if (m == NULL) { 2805 error = ENOBUFS; 2806 goto fail; 2807 } 2808 m_align(m, len); 2809 m->m_len = len; 2810 bzero(mtod(m, caddr_t), len); 2811 lt = mtod(m, struct sadb_lifetime *); 2812 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2813 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2814 lt->sadb_lifetime_allocations = 0; 2815 lt->sadb_lifetime_bytes = 0; 2816 lt->sadb_lifetime_addtime = sp->created; 2817 lt->sadb_lifetime_usetime = sp->lastused; 2818 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 2819 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2820 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2821 lt->sadb_lifetime_allocations = 0; 2822 lt->sadb_lifetime_bytes = 0; 2823 lt->sadb_lifetime_addtime = sp->lifetime; 2824 lt->sadb_lifetime_usetime = sp->validtime; 2825 m_cat(result, m); 2826 2827 /* set sadb_address for source */ 2828 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2829 &sp->spidx.src.sa, 2830 sp->spidx.prefs, sp->spidx.ul_proto); 2831 if (!m) { 2832 error = ENOBUFS; 2833 goto fail; 2834 } 2835 m_cat(result, m); 2836 2837 /* set sadb_address for destination */ 2838 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2839 &sp->spidx.dst.sa, 2840 sp->spidx.prefd, sp->spidx.ul_proto); 2841 if (!m) { 2842 error = ENOBUFS; 2843 goto fail; 2844 } 2845 m_cat(result, m); 2846 2847 /* set secpolicy */ 2848 m = key_sp2mbuf(sp); 2849 if (!m) { 2850 error = ENOBUFS; 2851 goto fail; 2852 } 2853 m_cat(result, m); 2854 2855 if ((result->m_flags & M_PKTHDR) == 0) { 2856 error = EINVAL; 2857 goto fail; 2858 } 2859 2860 if (result->m_len < sizeof(struct sadb_msg)) { 2861 result = m_pullup(result, sizeof(struct sadb_msg)); 2862 if (result == NULL) { 2863 error = ENOBUFS; 2864 goto fail; 2865 } 2866 } 2867 2868 result->m_pkthdr.len = 0; 2869 for (m = result; m; m = m->m_next) 2870 result->m_pkthdr.len += m->m_len; 2871 2872 mtod(result, struct sadb_msg *)->sadb_msg_len = 2873 PFKEY_UNIT64(result->m_pkthdr.len); 2874 2875 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2876 2877 fail: 2878 if (result) 2879 m_freem(result); 2880 return error; 2881 } 2882 2883 /* %%% SAD management */ 2884 /* 2885 * allocating and initialize new SA head. 2886 * OUT: NULL : failure due to the lack of memory. 2887 * others : pointer to new SA head. 2888 */ 2889 static struct secashead * 2890 key_newsah(struct secasindex *saidx) 2891 { 2892 struct secashead *sah; 2893 2894 sah = malloc(sizeof(struct secashead), M_IPSEC_SAH, 2895 M_NOWAIT | M_ZERO); 2896 if (sah == NULL) { 2897 PFKEYSTAT_INC(in_nomem); 2898 return (NULL); 2899 } 2900 TAILQ_INIT(&sah->savtree_larval); 2901 TAILQ_INIT(&sah->savtree_alive); 2902 sah->saidx = *saidx; 2903 sah->state = SADB_SASTATE_DEAD; 2904 SAH_INITREF(sah); 2905 2906 KEYDBG(KEY_STAMP, 2907 printf("%s: SAH(%p)\n", __func__, sah)); 2908 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2909 return (sah); 2910 } 2911 2912 static void 2913 key_freesah(struct secashead **psah) 2914 { 2915 struct secashead *sah = *psah; 2916 2917 CURVNET_ASSERT_SET(); 2918 2919 if (SAH_DELREF(sah) == 0) 2920 return; 2921 2922 KEYDBG(KEY_STAMP, 2923 printf("%s: last reference to SAH(%p)\n", __func__, sah)); 2924 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2925 2926 *psah = NULL; 2927 key_delsah(sah); 2928 } 2929 2930 static void 2931 key_delsah(struct secashead *sah) 2932 { 2933 IPSEC_ASSERT(sah != NULL, ("NULL sah")); 2934 IPSEC_ASSERT(sah->state == SADB_SASTATE_DEAD, 2935 ("Attempt to free non DEAD SAH %p", sah)); 2936 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_larval), 2937 ("Attempt to free SAH %p with LARVAL SA", sah)); 2938 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_alive), 2939 ("Attempt to free SAH %p with ALIVE SA", sah)); 2940 2941 free(sah, M_IPSEC_SAH); 2942 } 2943 2944 /* 2945 * allocating a new SA for key_add() and key_getspi() call, 2946 * and copy the values of mhp into new buffer. 2947 * When SAD message type is SADB_GETSPI set SA state to LARVAL. 2948 * For SADB_ADD create and initialize SA with MATURE state. 2949 * OUT: NULL : fail 2950 * others : pointer to new secasvar. 2951 */ 2952 static struct secasvar * 2953 key_newsav(const struct sadb_msghdr *mhp, struct secasindex *saidx, 2954 uint32_t spi, int *errp) 2955 { 2956 struct secashead *sah; 2957 struct secasvar *sav; 2958 int isnew; 2959 2960 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2961 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2962 IPSEC_ASSERT(mhp->msg->sadb_msg_type == SADB_GETSPI || 2963 mhp->msg->sadb_msg_type == SADB_ADD, ("wrong message type")); 2964 2965 sav = NULL; 2966 sah = NULL; 2967 /* check SPI value */ 2968 switch (saidx->proto) { 2969 case IPPROTO_ESP: 2970 case IPPROTO_AH: 2971 /* 2972 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values 2973 * 1-255 reserved by IANA for future use, 2974 * 0 for implementation specific, local use. 2975 */ 2976 if (ntohl(spi) <= 255) { 2977 ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n", 2978 __func__, ntohl(spi))); 2979 *errp = EINVAL; 2980 goto done; 2981 } 2982 break; 2983 } 2984 2985 sav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT | M_ZERO); 2986 if (sav == NULL) { 2987 *errp = ENOBUFS; 2988 goto done; 2989 } 2990 sav->lock = malloc_aligned(max(sizeof(struct rmlock), 2991 CACHE_LINE_SIZE), CACHE_LINE_SIZE, M_IPSEC_MISC, 2992 M_NOWAIT | M_ZERO); 2993 if (sav->lock == NULL) { 2994 *errp = ENOBUFS; 2995 goto done; 2996 } 2997 rm_init(sav->lock, "ipsec association"); 2998 sav->lft_c = uma_zalloc_pcpu(ipsec_key_lft_zone, M_NOWAIT | M_ZERO); 2999 if (sav->lft_c == NULL) { 3000 *errp = ENOBUFS; 3001 goto done; 3002 } 3003 3004 sav->spi = spi; 3005 sav->seq = mhp->msg->sadb_msg_seq; 3006 sav->state = SADB_SASTATE_LARVAL; 3007 sav->pid = (pid_t)mhp->msg->sadb_msg_pid; 3008 SAV_INITREF(sav); 3009 again: 3010 sah = key_getsah(saidx); 3011 if (sah == NULL) { 3012 /* create a new SA index */ 3013 sah = key_newsah(saidx); 3014 if (sah == NULL) { 3015 ipseclog((LOG_DEBUG, 3016 "%s: No more memory.\n", __func__)); 3017 *errp = ENOBUFS; 3018 goto done; 3019 } 3020 isnew = 1; 3021 } else 3022 isnew = 0; 3023 3024 sav->sah = sah; 3025 if (mhp->msg->sadb_msg_type == SADB_GETSPI) { 3026 sav->created = time_second; 3027 } else if (sav->state == SADB_SASTATE_LARVAL) { 3028 /* 3029 * Do not call key_setsaval() second time in case 3030 * of `goto again`. We will have MATURE state. 3031 */ 3032 *errp = key_setsaval(sav, mhp); 3033 if (*errp != 0) 3034 goto done; 3035 sav->state = SADB_SASTATE_MATURE; 3036 } 3037 3038 SAHTREE_WLOCK(); 3039 /* 3040 * Check that existing SAH wasn't unlinked. 3041 * Since we didn't hold the SAHTREE lock, it is possible, 3042 * that callout handler or key_flush() or key_delete() could 3043 * unlink this SAH. 3044 */ 3045 if (isnew == 0 && sah->state == SADB_SASTATE_DEAD) { 3046 SAHTREE_WUNLOCK(); 3047 key_freesah(&sah); /* reference from key_getsah() */ 3048 goto again; 3049 } 3050 if (isnew != 0) { 3051 /* 3052 * Add new SAH into SADB. 3053 * 3054 * XXXAE: we can serialize key_add and key_getspi calls, so 3055 * several threads will not fight in the race. 3056 * Otherwise we should check under SAHTREE lock, that this 3057 * SAH would not added twice. 3058 */ 3059 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 3060 /* Add new SAH into hash by addresses */ 3061 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 3062 /* Now we are linked in the chain */ 3063 sah->state = SADB_SASTATE_MATURE; 3064 /* 3065 * SAV references this new SAH. 3066 * In case of existing SAH we reuse reference 3067 * from key_getsah(). 3068 */ 3069 SAH_ADDREF(sah); 3070 } 3071 /* Link SAV with SAH */ 3072 if (sav->state == SADB_SASTATE_MATURE) 3073 TAILQ_INSERT_HEAD(&sah->savtree_alive, sav, chain); 3074 else 3075 TAILQ_INSERT_HEAD(&sah->savtree_larval, sav, chain); 3076 /* Add SAV into SPI hash */ 3077 LIST_INSERT_HEAD(SAVHASH_HASH(sav->spi), sav, spihash); 3078 SAHTREE_WUNLOCK(); 3079 *errp = 0; /* success */ 3080 done: 3081 if (*errp != 0) { 3082 if (sav != NULL) { 3083 if (sav->lock != NULL) { 3084 rm_destroy(sav->lock); 3085 free(sav->lock, M_IPSEC_MISC); 3086 } 3087 if (sav->lft_c != NULL) 3088 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c); 3089 free(sav, M_IPSEC_SA), sav = NULL; 3090 } 3091 if (sah != NULL) 3092 key_freesah(&sah); 3093 if (*errp == ENOBUFS) { 3094 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3095 __func__)); 3096 PFKEYSTAT_INC(in_nomem); 3097 } 3098 } 3099 return (sav); 3100 } 3101 3102 /* 3103 * free() SA variable entry. 3104 */ 3105 static void 3106 key_cleansav(struct secasvar *sav) 3107 { 3108 3109 if (sav->natt != NULL) { 3110 free(sav->natt, M_IPSEC_MISC); 3111 sav->natt = NULL; 3112 } 3113 if (sav->flags & SADB_X_EXT_F_CLONED) 3114 return; 3115 if (sav->tdb_xform != NULL) { 3116 sav->tdb_xform->xf_cleanup(sav); 3117 sav->tdb_xform = NULL; 3118 } 3119 if (sav->key_auth != NULL) { 3120 zfree(sav->key_auth->key_data, M_IPSEC_MISC); 3121 free(sav->key_auth, M_IPSEC_MISC); 3122 sav->key_auth = NULL; 3123 } 3124 if (sav->key_enc != NULL) { 3125 zfree(sav->key_enc->key_data, M_IPSEC_MISC); 3126 free(sav->key_enc, M_IPSEC_MISC); 3127 sav->key_enc = NULL; 3128 } 3129 if (sav->replay != NULL) { 3130 mtx_destroy(&sav->replay->lock); 3131 if (sav->replay->bitmap != NULL) 3132 free(sav->replay->bitmap, M_IPSEC_MISC); 3133 free(sav->replay, M_IPSEC_MISC); 3134 sav->replay = NULL; 3135 } 3136 if (sav->lft_h != NULL) { 3137 free(sav->lft_h, M_IPSEC_MISC); 3138 sav->lft_h = NULL; 3139 } 3140 if (sav->lft_s != NULL) { 3141 free(sav->lft_s, M_IPSEC_MISC); 3142 sav->lft_s = NULL; 3143 } 3144 } 3145 3146 /* 3147 * free() SA variable entry. 3148 */ 3149 static void 3150 key_delsav(struct secasvar *sav) 3151 { 3152 IPSEC_ASSERT(sav != NULL, ("null sav")); 3153 IPSEC_ASSERT(sav->state == SADB_SASTATE_DEAD, 3154 ("attempt to free non DEAD SA %p", sav)); 3155 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", 3156 sav->refcnt)); 3157 3158 /* 3159 * SA must be unlinked from the chain and hashtbl. 3160 * If SA was cloned, we leave all fields untouched, 3161 * except NAT-T config. 3162 */ 3163 key_cleansav(sav); 3164 if ((sav->flags & SADB_X_EXT_F_CLONED) == 0) { 3165 rm_destroy(sav->lock); 3166 free(sav->lock, M_IPSEC_MISC); 3167 uma_zfree_pcpu(ipsec_key_lft_zone, sav->lft_c); 3168 } 3169 free(sav, M_IPSEC_SA); 3170 } 3171 3172 /* 3173 * search SAH. 3174 * OUT: 3175 * NULL : not found 3176 * others : found, referenced pointer to a SAH. 3177 */ 3178 static struct secashead * 3179 key_getsah(struct secasindex *saidx) 3180 { 3181 SAHTREE_RLOCK_TRACKER; 3182 struct secashead *sah; 3183 3184 SAHTREE_RLOCK(); 3185 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 3186 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID) != 0) { 3187 SAH_ADDREF(sah); 3188 break; 3189 } 3190 } 3191 SAHTREE_RUNLOCK(); 3192 return (sah); 3193 } 3194 3195 /* 3196 * Check not to be duplicated SPI. 3197 * OUT: 3198 * 0 : not found 3199 * 1 : found SA with given SPI. 3200 */ 3201 static int 3202 key_checkspidup(uint32_t spi) 3203 { 3204 SAHTREE_RLOCK_TRACKER; 3205 struct secasvar *sav; 3206 3207 /* Assume SPI is in network byte order */ 3208 SAHTREE_RLOCK(); 3209 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3210 if (sav->spi == spi) 3211 break; 3212 } 3213 SAHTREE_RUNLOCK(); 3214 return (sav != NULL); 3215 } 3216 3217 /* 3218 * Search SA by SPI. 3219 * OUT: 3220 * NULL : not found 3221 * others : found, referenced pointer to a SA. 3222 */ 3223 static struct secasvar * 3224 key_getsavbyspi(uint32_t spi) 3225 { 3226 SAHTREE_RLOCK_TRACKER; 3227 struct secasvar *sav; 3228 3229 /* Assume SPI is in network byte order */ 3230 SAHTREE_RLOCK(); 3231 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3232 if (sav->spi != spi) 3233 continue; 3234 SAV_ADDREF(sav); 3235 break; 3236 } 3237 SAHTREE_RUNLOCK(); 3238 return (sav); 3239 } 3240 3241 static int 3242 key_updatelifetimes(struct secasvar *sav, const struct sadb_msghdr *mhp) 3243 { 3244 struct seclifetime *lft_h, *lft_s, *tmp; 3245 3246 /* Lifetime extension is optional, check that it is present. */ 3247 if (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3248 SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) { 3249 /* 3250 * In case of SADB_UPDATE we may need to change 3251 * existing lifetimes. 3252 */ 3253 if (sav->state == SADB_SASTATE_MATURE) { 3254 lft_h = lft_s = NULL; 3255 goto reset; 3256 } 3257 return (0); 3258 } 3259 /* Both HARD and SOFT extensions must present */ 3260 if ((SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3261 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 3262 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 3263 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 3264 ipseclog((LOG_DEBUG, 3265 "%s: invalid message: missing required header.\n", 3266 __func__)); 3267 return (EINVAL); 3268 } 3269 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD) || 3270 SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_SOFT)) { 3271 ipseclog((LOG_DEBUG, 3272 "%s: invalid message: wrong header size.\n", __func__)); 3273 return (EINVAL); 3274 } 3275 lft_h = key_dup_lifemsg((const struct sadb_lifetime *) 3276 mhp->ext[SADB_EXT_LIFETIME_HARD], M_IPSEC_MISC); 3277 if (lft_h == NULL) { 3278 PFKEYSTAT_INC(in_nomem); 3279 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3280 return (ENOBUFS); 3281 } 3282 lft_s = key_dup_lifemsg((const struct sadb_lifetime *) 3283 mhp->ext[SADB_EXT_LIFETIME_SOFT], M_IPSEC_MISC); 3284 if (lft_s == NULL) { 3285 PFKEYSTAT_INC(in_nomem); 3286 free(lft_h, M_IPSEC_MISC); 3287 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3288 return (ENOBUFS); 3289 } 3290 reset: 3291 if (sav->state != SADB_SASTATE_LARVAL) { 3292 /* 3293 * key_update() holds reference to this SA, 3294 * so it won't be deleted in meanwhile. 3295 */ 3296 SECASVAR_WLOCK(sav); 3297 tmp = sav->lft_h; 3298 sav->lft_h = lft_h; 3299 lft_h = tmp; 3300 3301 tmp = sav->lft_s; 3302 sav->lft_s = lft_s; 3303 lft_s = tmp; 3304 SECASVAR_WUNLOCK(sav); 3305 if (lft_h != NULL) 3306 free(lft_h, M_IPSEC_MISC); 3307 if (lft_s != NULL) 3308 free(lft_s, M_IPSEC_MISC); 3309 return (0); 3310 } 3311 /* We can update lifetime without holding a lock */ 3312 IPSEC_ASSERT(sav->lft_h == NULL, ("lft_h is already initialized\n")); 3313 IPSEC_ASSERT(sav->lft_s == NULL, ("lft_s is already initialized\n")); 3314 sav->lft_h = lft_h; 3315 sav->lft_s = lft_s; 3316 return (0); 3317 } 3318 3319 /* 3320 * copy SA values from PF_KEY message except *SPI, SEQ, PID and TYPE*. 3321 * You must update these if need. Expects only LARVAL SAs. 3322 * OUT: 0: success. 3323 * !0: failure. 3324 */ 3325 static int 3326 key_setsaval(struct secasvar *sav, const struct sadb_msghdr *mhp) 3327 { 3328 const struct sadb_sa *sa0; 3329 const struct sadb_key *key0; 3330 uint32_t replay; 3331 size_t len; 3332 int error; 3333 3334 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 3335 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 3336 IPSEC_ASSERT(sav->state == SADB_SASTATE_LARVAL, 3337 ("Attempt to update non LARVAL SA")); 3338 3339 /* XXX rewrite */ 3340 error = key_setident(sav->sah, mhp); 3341 if (error != 0) 3342 goto fail; 3343 3344 /* SA */ 3345 if (!SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 3346 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 3347 error = EINVAL; 3348 goto fail; 3349 } 3350 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 3351 sav->alg_auth = sa0->sadb_sa_auth; 3352 sav->alg_enc = sa0->sadb_sa_encrypt; 3353 sav->flags = sa0->sadb_sa_flags; 3354 if ((sav->flags & SADB_KEY_FLAGS_MAX) != sav->flags) { 3355 ipseclog((LOG_DEBUG, 3356 "%s: invalid sa_flags 0x%08x.\n", __func__, 3357 sav->flags)); 3358 error = EINVAL; 3359 goto fail; 3360 } 3361 3362 /* Optional replay window */ 3363 replay = 0; 3364 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) 3365 replay = sa0->sadb_sa_replay; 3366 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_SA_REPLAY)) { 3367 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA_REPLAY)) { 3368 error = EINVAL; 3369 goto fail; 3370 } 3371 replay = ((const struct sadb_x_sa_replay *) 3372 mhp->ext[SADB_X_EXT_SA_REPLAY])->sadb_x_sa_replay_replay; 3373 3374 if (replay > UINT32_MAX - 32) { 3375 ipseclog((LOG_DEBUG, 3376 "%s: replay window too big.\n", __func__)); 3377 error = EINVAL; 3378 goto fail; 3379 } 3380 3381 replay = (replay + 7) >> 3; 3382 } 3383 3384 sav->replay = malloc(sizeof(struct secreplay), M_IPSEC_MISC, 3385 M_NOWAIT | M_ZERO); 3386 if (sav->replay == NULL) { 3387 PFKEYSTAT_INC(in_nomem); 3388 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3389 __func__)); 3390 error = ENOBUFS; 3391 goto fail; 3392 } 3393 mtx_init(&sav->replay->lock, "ipsec replay", NULL, MTX_DEF); 3394 3395 if (replay != 0) { 3396 /* number of 32b blocks to be allocated */ 3397 uint32_t bitmap_size; 3398 3399 /* RFC 6479: 3400 * - the allocated replay window size must be 3401 * a power of two. 3402 * - use an extra 32b block as a redundant window. 3403 */ 3404 bitmap_size = 1; 3405 while (replay + 4 > bitmap_size) 3406 bitmap_size <<= 1; 3407 bitmap_size = bitmap_size / 4; 3408 3409 sav->replay->bitmap = malloc( 3410 bitmap_size * sizeof(uint32_t), M_IPSEC_MISC, 3411 M_NOWAIT | M_ZERO); 3412 if (sav->replay->bitmap == NULL) { 3413 PFKEYSTAT_INC(in_nomem); 3414 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3415 __func__)); 3416 error = ENOBUFS; 3417 goto fail; 3418 } 3419 sav->replay->bitmap_size = bitmap_size; 3420 sav->replay->wsize = replay; 3421 } 3422 } 3423 3424 /* Authentication keys */ 3425 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 3426 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH)) { 3427 error = EINVAL; 3428 goto fail; 3429 } 3430 error = 0; 3431 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH]; 3432 len = mhp->extlen[SADB_EXT_KEY_AUTH]; 3433 switch (mhp->msg->sadb_msg_satype) { 3434 case SADB_SATYPE_AH: 3435 case SADB_SATYPE_ESP: 3436 case SADB_X_SATYPE_TCPSIGNATURE: 3437 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3438 sav->alg_auth != SADB_X_AALG_NULL) 3439 error = EINVAL; 3440 break; 3441 case SADB_X_SATYPE_IPCOMP: 3442 default: 3443 error = EINVAL; 3444 break; 3445 } 3446 if (error) { 3447 ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n", 3448 __func__)); 3449 goto fail; 3450 } 3451 3452 sav->key_auth = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3453 if (sav->key_auth == NULL ) { 3454 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3455 __func__)); 3456 PFKEYSTAT_INC(in_nomem); 3457 error = ENOBUFS; 3458 goto fail; 3459 } 3460 } 3461 3462 /* Encryption key */ 3463 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) { 3464 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT)) { 3465 error = EINVAL; 3466 goto fail; 3467 } 3468 error = 0; 3469 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT]; 3470 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; 3471 switch (mhp->msg->sadb_msg_satype) { 3472 case SADB_SATYPE_ESP: 3473 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3474 sav->alg_enc != SADB_EALG_NULL) { 3475 error = EINVAL; 3476 break; 3477 } 3478 sav->key_enc = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3479 if (sav->key_enc == NULL) { 3480 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3481 __func__)); 3482 PFKEYSTAT_INC(in_nomem); 3483 error = ENOBUFS; 3484 goto fail; 3485 } 3486 break; 3487 case SADB_X_SATYPE_IPCOMP: 3488 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) 3489 error = EINVAL; 3490 sav->key_enc = NULL; /*just in case*/ 3491 break; 3492 case SADB_SATYPE_AH: 3493 case SADB_X_SATYPE_TCPSIGNATURE: 3494 default: 3495 error = EINVAL; 3496 break; 3497 } 3498 if (error) { 3499 ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n", 3500 __func__)); 3501 goto fail; 3502 } 3503 } 3504 3505 /* set iv */ 3506 sav->ivlen = 0; 3507 switch (mhp->msg->sadb_msg_satype) { 3508 case SADB_SATYPE_AH: 3509 if (sav->flags & SADB_X_EXT_DERIV) { 3510 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3511 "given to AH SA.\n", __func__)); 3512 error = EINVAL; 3513 goto fail; 3514 } 3515 if (sav->alg_enc != SADB_EALG_NONE) { 3516 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3517 "mismated.\n", __func__)); 3518 error = EINVAL; 3519 goto fail; 3520 } 3521 error = xform_init(sav, XF_AH); 3522 break; 3523 case SADB_SATYPE_ESP: 3524 if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) == 3525 (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) { 3526 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3527 "given to old-esp.\n", __func__)); 3528 error = EINVAL; 3529 goto fail; 3530 } 3531 error = xform_init(sav, XF_ESP); 3532 break; 3533 case SADB_X_SATYPE_IPCOMP: 3534 if (sav->alg_auth != SADB_AALG_NONE) { 3535 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3536 "mismated.\n", __func__)); 3537 error = EINVAL; 3538 goto fail; 3539 } 3540 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 && 3541 ntohl(sav->spi) >= 0x10000) { 3542 ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n", 3543 __func__)); 3544 error = EINVAL; 3545 goto fail; 3546 } 3547 error = xform_init(sav, XF_IPCOMP); 3548 break; 3549 case SADB_X_SATYPE_TCPSIGNATURE: 3550 if (sav->alg_enc != SADB_EALG_NONE) { 3551 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3552 "mismated.\n", __func__)); 3553 error = EINVAL; 3554 goto fail; 3555 } 3556 error = xform_init(sav, XF_TCPSIGNATURE); 3557 break; 3558 default: 3559 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__)); 3560 error = EPROTONOSUPPORT; 3561 goto fail; 3562 } 3563 if (error) { 3564 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n", 3565 __func__, mhp->msg->sadb_msg_satype)); 3566 goto fail; 3567 } 3568 3569 /* Handle NAT-T headers */ 3570 error = key_setnatt(sav, mhp); 3571 if (error != 0) 3572 goto fail; 3573 3574 /* Initialize lifetime for CURRENT */ 3575 sav->firstused = 0; 3576 sav->created = time_second; 3577 3578 /* lifetimes for HARD and SOFT */ 3579 error = key_updatelifetimes(sav, mhp); 3580 if (error == 0) 3581 return (0); 3582 fail: 3583 key_cleansav(sav); 3584 return (error); 3585 } 3586 3587 /* 3588 * subroutine for SADB_GET and SADB_DUMP. 3589 */ 3590 static struct mbuf * 3591 key_setdumpsa(struct secasvar *sav, uint8_t type, uint8_t satype, 3592 uint32_t seq, uint32_t pid) 3593 { 3594 struct seclifetime lft_c; 3595 struct mbuf *result = NULL, *tres = NULL, *m; 3596 int i, dumporder[] = { 3597 SADB_EXT_SA, SADB_X_EXT_SA2, SADB_X_EXT_SA_REPLAY, 3598 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 3599 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, 3600 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, 3601 SADB_EXT_KEY_AUTH, SADB_EXT_KEY_ENCRYPT, 3602 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 3603 SADB_EXT_SENSITIVITY, 3604 SADB_X_EXT_NAT_T_TYPE, 3605 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, 3606 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, 3607 SADB_X_EXT_NAT_T_FRAG, 3608 }; 3609 uint32_t replay_count; 3610 3611 SECASVAR_RLOCK_TRACKER; 3612 3613 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); 3614 if (m == NULL) 3615 goto fail; 3616 result = m; 3617 3618 for (i = nitems(dumporder) - 1; i >= 0; i--) { 3619 m = NULL; 3620 switch (dumporder[i]) { 3621 case SADB_EXT_SA: 3622 m = key_setsadbsa(sav); 3623 if (!m) 3624 goto fail; 3625 break; 3626 3627 case SADB_X_EXT_SA2: { 3628 SECASVAR_RLOCK(sav); 3629 replay_count = sav->replay ? sav->replay->count : 0; 3630 SECASVAR_RUNLOCK(sav); 3631 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 3632 sav->sah->saidx.reqid); 3633 if (!m) 3634 goto fail; 3635 break; 3636 } 3637 case SADB_X_EXT_SA_REPLAY: 3638 if (sav->replay == NULL || 3639 sav->replay->wsize <= UINT8_MAX) 3640 continue; 3641 3642 m = key_setsadbxsareplay(sav->replay->wsize); 3643 if (!m) 3644 goto fail; 3645 break; 3646 3647 case SADB_EXT_ADDRESS_SRC: 3648 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3649 &sav->sah->saidx.src.sa, 3650 FULLMASK, IPSEC_ULPROTO_ANY); 3651 if (!m) 3652 goto fail; 3653 break; 3654 3655 case SADB_EXT_ADDRESS_DST: 3656 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3657 &sav->sah->saidx.dst.sa, 3658 FULLMASK, IPSEC_ULPROTO_ANY); 3659 if (!m) 3660 goto fail; 3661 break; 3662 3663 case SADB_EXT_KEY_AUTH: 3664 if (!sav->key_auth) 3665 continue; 3666 m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH); 3667 if (!m) 3668 goto fail; 3669 break; 3670 3671 case SADB_EXT_KEY_ENCRYPT: 3672 if (!sav->key_enc) 3673 continue; 3674 m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT); 3675 if (!m) 3676 goto fail; 3677 break; 3678 3679 case SADB_EXT_LIFETIME_CURRENT: 3680 lft_c.addtime = sav->created; 3681 lft_c.allocations = (uint32_t)counter_u64_fetch( 3682 sav->lft_c_allocations); 3683 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes); 3684 lft_c.usetime = sav->firstused; 3685 m = key_setlifetime(&lft_c, SADB_EXT_LIFETIME_CURRENT); 3686 if (!m) 3687 goto fail; 3688 break; 3689 3690 case SADB_EXT_LIFETIME_HARD: 3691 if (!sav->lft_h) 3692 continue; 3693 m = key_setlifetime(sav->lft_h, 3694 SADB_EXT_LIFETIME_HARD); 3695 if (!m) 3696 goto fail; 3697 break; 3698 3699 case SADB_EXT_LIFETIME_SOFT: 3700 if (!sav->lft_s) 3701 continue; 3702 m = key_setlifetime(sav->lft_s, 3703 SADB_EXT_LIFETIME_SOFT); 3704 3705 if (!m) 3706 goto fail; 3707 break; 3708 3709 case SADB_X_EXT_NAT_T_TYPE: 3710 if (sav->natt == NULL) 3711 continue; 3712 m = key_setsadbxtype(UDP_ENCAP_ESPINUDP); 3713 if (!m) 3714 goto fail; 3715 break; 3716 3717 case SADB_X_EXT_NAT_T_DPORT: 3718 if (sav->natt == NULL) 3719 continue; 3720 m = key_setsadbxport(sav->natt->dport, 3721 SADB_X_EXT_NAT_T_DPORT); 3722 if (!m) 3723 goto fail; 3724 break; 3725 3726 case SADB_X_EXT_NAT_T_SPORT: 3727 if (sav->natt == NULL) 3728 continue; 3729 m = key_setsadbxport(sav->natt->sport, 3730 SADB_X_EXT_NAT_T_SPORT); 3731 if (!m) 3732 goto fail; 3733 break; 3734 3735 case SADB_X_EXT_NAT_T_OAI: 3736 if (sav->natt == NULL || 3737 (sav->natt->flags & IPSEC_NATT_F_OAI) == 0) 3738 continue; 3739 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAI, 3740 &sav->natt->oai.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3741 if (!m) 3742 goto fail; 3743 break; 3744 case SADB_X_EXT_NAT_T_OAR: 3745 if (sav->natt == NULL || 3746 (sav->natt->flags & IPSEC_NATT_F_OAR) == 0) 3747 continue; 3748 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAR, 3749 &sav->natt->oar.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3750 if (!m) 3751 goto fail; 3752 break; 3753 case SADB_X_EXT_NAT_T_FRAG: 3754 /* We do not (yet) support those. */ 3755 continue; 3756 3757 case SADB_EXT_ADDRESS_PROXY: 3758 case SADB_EXT_IDENTITY_SRC: 3759 case SADB_EXT_IDENTITY_DST: 3760 /* XXX: should we brought from SPD ? */ 3761 case SADB_EXT_SENSITIVITY: 3762 default: 3763 continue; 3764 } 3765 3766 if (!m) 3767 goto fail; 3768 if (tres) 3769 m_cat(m, tres); 3770 tres = m; 3771 } 3772 3773 m_cat(result, tres); 3774 tres = NULL; 3775 if (result->m_len < sizeof(struct sadb_msg)) { 3776 result = m_pullup(result, sizeof(struct sadb_msg)); 3777 if (result == NULL) 3778 goto fail; 3779 } 3780 3781 result->m_pkthdr.len = 0; 3782 for (m = result; m; m = m->m_next) 3783 result->m_pkthdr.len += m->m_len; 3784 3785 mtod(result, struct sadb_msg *)->sadb_msg_len = 3786 PFKEY_UNIT64(result->m_pkthdr.len); 3787 3788 return result; 3789 3790 fail: 3791 m_freem(result); 3792 m_freem(tres); 3793 return NULL; 3794 } 3795 3796 /* 3797 * set data into sadb_msg. 3798 */ 3799 static struct mbuf * 3800 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq, 3801 pid_t pid, u_int16_t reserved) 3802 { 3803 struct mbuf *m; 3804 struct sadb_msg *p; 3805 int len; 3806 3807 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 3808 if (len > MCLBYTES) 3809 return NULL; 3810 m = key_mget(len); 3811 if (m == NULL) 3812 return NULL; 3813 m->m_pkthdr.len = m->m_len = len; 3814 m->m_next = NULL; 3815 3816 p = mtod(m, struct sadb_msg *); 3817 3818 bzero(p, len); 3819 p->sadb_msg_version = PF_KEY_V2; 3820 p->sadb_msg_type = type; 3821 p->sadb_msg_errno = 0; 3822 p->sadb_msg_satype = satype; 3823 p->sadb_msg_len = PFKEY_UNIT64(tlen); 3824 p->sadb_msg_reserved = reserved; 3825 p->sadb_msg_seq = seq; 3826 p->sadb_msg_pid = (u_int32_t)pid; 3827 3828 return m; 3829 } 3830 3831 /* 3832 * copy secasvar data into sadb_address. 3833 */ 3834 static struct mbuf * 3835 key_setsadbsa(struct secasvar *sav) 3836 { 3837 struct mbuf *m; 3838 struct sadb_sa *p; 3839 int len; 3840 3841 len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); 3842 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3843 if (m == NULL) 3844 return (NULL); 3845 m_align(m, len); 3846 m->m_len = len; 3847 p = mtod(m, struct sadb_sa *); 3848 bzero(p, len); 3849 p->sadb_sa_len = PFKEY_UNIT64(len); 3850 p->sadb_sa_exttype = SADB_EXT_SA; 3851 p->sadb_sa_spi = sav->spi; 3852 p->sadb_sa_replay = sav->replay ? 3853 (sav->replay->wsize > UINT8_MAX ? UINT8_MAX : 3854 sav->replay->wsize): 0; 3855 p->sadb_sa_state = sav->state; 3856 p->sadb_sa_auth = sav->alg_auth; 3857 p->sadb_sa_encrypt = sav->alg_enc; 3858 p->sadb_sa_flags = sav->flags & SADB_KEY_FLAGS_MAX; 3859 return (m); 3860 } 3861 3862 /* 3863 * set data into sadb_address. 3864 */ 3865 static struct mbuf * 3866 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr, 3867 u_int8_t prefixlen, u_int16_t ul_proto) 3868 { 3869 struct mbuf *m; 3870 struct sadb_address *p; 3871 size_t len; 3872 3873 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + 3874 PFKEY_ALIGN8(saddr->sa_len); 3875 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3876 if (m == NULL) 3877 return (NULL); 3878 m_align(m, len); 3879 m->m_len = len; 3880 p = mtod(m, struct sadb_address *); 3881 3882 bzero(p, len); 3883 p->sadb_address_len = PFKEY_UNIT64(len); 3884 p->sadb_address_exttype = exttype; 3885 p->sadb_address_proto = ul_proto; 3886 if (prefixlen == FULLMASK) { 3887 switch (saddr->sa_family) { 3888 case AF_INET: 3889 prefixlen = sizeof(struct in_addr) << 3; 3890 break; 3891 case AF_INET6: 3892 prefixlen = sizeof(struct in6_addr) << 3; 3893 break; 3894 default: 3895 ; /*XXX*/ 3896 } 3897 } 3898 p->sadb_address_prefixlen = prefixlen; 3899 p->sadb_address_reserved = 0; 3900 3901 bcopy(saddr, 3902 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)), 3903 saddr->sa_len); 3904 3905 return m; 3906 } 3907 3908 /* 3909 * set data into sadb_x_sa2. 3910 */ 3911 static struct mbuf * 3912 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid) 3913 { 3914 struct mbuf *m; 3915 struct sadb_x_sa2 *p; 3916 size_t len; 3917 3918 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); 3919 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3920 if (m == NULL) 3921 return (NULL); 3922 m_align(m, len); 3923 m->m_len = len; 3924 p = mtod(m, struct sadb_x_sa2 *); 3925 3926 bzero(p, len); 3927 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 3928 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 3929 p->sadb_x_sa2_mode = mode; 3930 p->sadb_x_sa2_reserved1 = 0; 3931 p->sadb_x_sa2_reserved2 = 0; 3932 p->sadb_x_sa2_sequence = seq; 3933 p->sadb_x_sa2_reqid = reqid; 3934 3935 return m; 3936 } 3937 3938 /* 3939 * Set data into sadb_x_sa_replay. 3940 */ 3941 static struct mbuf * 3942 key_setsadbxsareplay(u_int32_t replay) 3943 { 3944 struct mbuf *m; 3945 struct sadb_x_sa_replay *p; 3946 size_t len; 3947 3948 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa_replay)); 3949 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3950 if (m == NULL) 3951 return (NULL); 3952 m_align(m, len); 3953 m->m_len = len; 3954 p = mtod(m, struct sadb_x_sa_replay *); 3955 3956 bzero(p, len); 3957 p->sadb_x_sa_replay_len = PFKEY_UNIT64(len); 3958 p->sadb_x_sa_replay_exttype = SADB_X_EXT_SA_REPLAY; 3959 p->sadb_x_sa_replay_replay = (replay << 3); 3960 3961 return m; 3962 } 3963 3964 /* 3965 * Set a type in sadb_x_nat_t_type. 3966 */ 3967 static struct mbuf * 3968 key_setsadbxtype(u_int16_t type) 3969 { 3970 struct mbuf *m; 3971 size_t len; 3972 struct sadb_x_nat_t_type *p; 3973 3974 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type)); 3975 3976 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3977 if (m == NULL) 3978 return (NULL); 3979 m_align(m, len); 3980 m->m_len = len; 3981 p = mtod(m, struct sadb_x_nat_t_type *); 3982 3983 bzero(p, len); 3984 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len); 3985 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 3986 p->sadb_x_nat_t_type_type = type; 3987 3988 return (m); 3989 } 3990 /* 3991 * Set a port in sadb_x_nat_t_port. 3992 * In contrast to default RFC 2367 behaviour, port is in network byte order. 3993 */ 3994 static struct mbuf * 3995 key_setsadbxport(u_int16_t port, u_int16_t type) 3996 { 3997 struct mbuf *m; 3998 size_t len; 3999 struct sadb_x_nat_t_port *p; 4000 4001 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port)); 4002 4003 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4004 if (m == NULL) 4005 return (NULL); 4006 m_align(m, len); 4007 m->m_len = len; 4008 p = mtod(m, struct sadb_x_nat_t_port *); 4009 4010 bzero(p, len); 4011 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len); 4012 p->sadb_x_nat_t_port_exttype = type; 4013 p->sadb_x_nat_t_port_port = port; 4014 4015 return (m); 4016 } 4017 4018 /* 4019 * Get port from sockaddr. Port is in network byte order. 4020 */ 4021 uint16_t 4022 key_portfromsaddr(struct sockaddr *sa) 4023 { 4024 4025 switch (sa->sa_family) { 4026 #ifdef INET 4027 case AF_INET: 4028 return ((struct sockaddr_in *)sa)->sin_port; 4029 #endif 4030 #ifdef INET6 4031 case AF_INET6: 4032 return ((struct sockaddr_in6 *)sa)->sin6_port; 4033 #endif 4034 } 4035 return (0); 4036 } 4037 4038 /* 4039 * Set port in struct sockaddr. Port is in network byte order. 4040 */ 4041 void 4042 key_porttosaddr(struct sockaddr *sa, uint16_t port) 4043 { 4044 4045 switch (sa->sa_family) { 4046 #ifdef INET 4047 case AF_INET: 4048 ((struct sockaddr_in *)sa)->sin_port = port; 4049 break; 4050 #endif 4051 #ifdef INET6 4052 case AF_INET6: 4053 ((struct sockaddr_in6 *)sa)->sin6_port = port; 4054 break; 4055 #endif 4056 default: 4057 ipseclog((LOG_DEBUG, "%s: unexpected address family %d.\n", 4058 __func__, sa->sa_family)); 4059 break; 4060 } 4061 } 4062 4063 /* 4064 * set data into sadb_x_policy 4065 */ 4066 static struct mbuf * 4067 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id, u_int32_t priority) 4068 { 4069 struct mbuf *m; 4070 struct sadb_x_policy *p; 4071 size_t len; 4072 4073 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); 4074 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4075 if (m == NULL) 4076 return (NULL); 4077 m_align(m, len); 4078 m->m_len = len; 4079 p = mtod(m, struct sadb_x_policy *); 4080 4081 bzero(p, len); 4082 p->sadb_x_policy_len = PFKEY_UNIT64(len); 4083 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 4084 p->sadb_x_policy_type = type; 4085 p->sadb_x_policy_dir = dir; 4086 p->sadb_x_policy_id = id; 4087 p->sadb_x_policy_priority = priority; 4088 4089 return m; 4090 } 4091 4092 /* %%% utilities */ 4093 /* Take a key message (sadb_key) from the socket and turn it into one 4094 * of the kernel's key structures (seckey). 4095 * 4096 * IN: pointer to the src 4097 * OUT: NULL no more memory 4098 */ 4099 struct seckey * 4100 key_dup_keymsg(const struct sadb_key *src, size_t len, 4101 struct malloc_type *type) 4102 { 4103 struct seckey *dst; 4104 4105 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4106 if (dst != NULL) { 4107 dst->bits = src->sadb_key_bits; 4108 dst->key_data = malloc(len, type, M_NOWAIT); 4109 if (dst->key_data != NULL) { 4110 bcopy((const char *)(src + 1), dst->key_data, len); 4111 } else { 4112 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4113 __func__)); 4114 free(dst, type); 4115 dst = NULL; 4116 } 4117 } else { 4118 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4119 __func__)); 4120 } 4121 return (dst); 4122 } 4123 4124 /* Take a lifetime message (sadb_lifetime) passed in on a socket and 4125 * turn it into one of the kernel's lifetime structures (seclifetime). 4126 * 4127 * IN: pointer to the destination, source and malloc type 4128 * OUT: NULL, no more memory 4129 */ 4130 4131 static struct seclifetime * 4132 key_dup_lifemsg(const struct sadb_lifetime *src, struct malloc_type *type) 4133 { 4134 struct seclifetime *dst; 4135 4136 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4137 if (dst == NULL) { 4138 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 4139 return (NULL); 4140 } 4141 dst->allocations = src->sadb_lifetime_allocations; 4142 dst->bytes = src->sadb_lifetime_bytes; 4143 dst->addtime = src->sadb_lifetime_addtime; 4144 dst->usetime = src->sadb_lifetime_usetime; 4145 return (dst); 4146 } 4147 4148 /* 4149 * compare two secasindex structure. 4150 * flag can specify to compare 2 saidxes. 4151 * compare two secasindex structure without both mode and reqid. 4152 * don't compare port. 4153 * IN: 4154 * saidx0: source, it can be in SAD. 4155 * saidx1: object. 4156 * OUT: 4157 * 1 : equal 4158 * 0 : not equal 4159 */ 4160 static int 4161 key_cmpsaidx(const struct secasindex *saidx0, const struct secasindex *saidx1, 4162 int flag) 4163 { 4164 4165 /* sanity */ 4166 if (saidx0 == NULL && saidx1 == NULL) 4167 return 1; 4168 4169 if (saidx0 == NULL || saidx1 == NULL) 4170 return 0; 4171 4172 if (saidx0->proto != saidx1->proto) 4173 return 0; 4174 4175 if (flag == CMP_EXACTLY) { 4176 if (saidx0->mode != saidx1->mode) 4177 return 0; 4178 if (saidx0->reqid != saidx1->reqid) 4179 return 0; 4180 if (bcmp(&saidx0->src, &saidx1->src, 4181 saidx0->src.sa.sa_len) != 0 || 4182 bcmp(&saidx0->dst, &saidx1->dst, 4183 saidx0->dst.sa.sa_len) != 0) 4184 return 0; 4185 } else { 4186 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */ 4187 if (flag == CMP_MODE_REQID || flag == CMP_REQID) { 4188 /* 4189 * If reqid of SPD is non-zero, unique SA is required. 4190 * The result must be of same reqid in this case. 4191 */ 4192 if (saidx1->reqid != 0 && 4193 saidx0->reqid != saidx1->reqid) 4194 return 0; 4195 } 4196 4197 if (flag == CMP_MODE_REQID) { 4198 if (saidx0->mode != IPSEC_MODE_ANY 4199 && saidx0->mode != saidx1->mode) 4200 return 0; 4201 } 4202 4203 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, 0) != 0) 4204 return 0; 4205 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, 0) != 0) 4206 return 0; 4207 } 4208 4209 return 1; 4210 } 4211 4212 /* 4213 * compare two secindex structure exactly. 4214 * IN: 4215 * spidx0: source, it is often in SPD. 4216 * spidx1: object, it is often from PFKEY message. 4217 * OUT: 4218 * 1 : equal 4219 * 0 : not equal 4220 */ 4221 static int 4222 key_cmpspidx_exactly(struct secpolicyindex *spidx0, 4223 struct secpolicyindex *spidx1) 4224 { 4225 /* sanity */ 4226 if (spidx0 == NULL && spidx1 == NULL) 4227 return 1; 4228 4229 if (spidx0 == NULL || spidx1 == NULL) 4230 return 0; 4231 4232 if (spidx0->prefs != spidx1->prefs 4233 || spidx0->prefd != spidx1->prefd 4234 || spidx0->ul_proto != spidx1->ul_proto 4235 || spidx0->dir != spidx1->dir) 4236 return 0; 4237 4238 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 && 4239 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0; 4240 } 4241 4242 /* 4243 * compare two secindex structure with mask. 4244 * IN: 4245 * spidx0: source, it is often in SPD. 4246 * spidx1: object, it is often from IP header. 4247 * OUT: 4248 * 1 : equal 4249 * 0 : not equal 4250 */ 4251 static int 4252 key_cmpspidx_withmask(struct secpolicyindex *spidx0, 4253 struct secpolicyindex *spidx1) 4254 { 4255 /* sanity */ 4256 if (spidx0 == NULL && spidx1 == NULL) 4257 return 1; 4258 4259 if (spidx0 == NULL || spidx1 == NULL) 4260 return 0; 4261 4262 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family || 4263 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family || 4264 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len || 4265 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) 4266 return 0; 4267 4268 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ 4269 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY 4270 && spidx0->ul_proto != spidx1->ul_proto) 4271 return 0; 4272 4273 switch (spidx0->src.sa.sa_family) { 4274 case AF_INET: 4275 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY 4276 && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) 4277 return 0; 4278 if (!key_bbcmp(&spidx0->src.sin.sin_addr, 4279 &spidx1->src.sin.sin_addr, spidx0->prefs)) 4280 return 0; 4281 break; 4282 case AF_INET6: 4283 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY 4284 && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) 4285 return 0; 4286 /* 4287 * scope_id check. if sin6_scope_id is 0, we regard it 4288 * as a wildcard scope, which matches any scope zone ID. 4289 */ 4290 if (spidx0->src.sin6.sin6_scope_id && 4291 spidx1->src.sin6.sin6_scope_id && 4292 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) 4293 return 0; 4294 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr, 4295 &spidx1->src.sin6.sin6_addr, spidx0->prefs)) 4296 return 0; 4297 break; 4298 default: 4299 /* XXX */ 4300 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) 4301 return 0; 4302 break; 4303 } 4304 4305 switch (spidx0->dst.sa.sa_family) { 4306 case AF_INET: 4307 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY 4308 && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) 4309 return 0; 4310 if (!key_bbcmp(&spidx0->dst.sin.sin_addr, 4311 &spidx1->dst.sin.sin_addr, spidx0->prefd)) 4312 return 0; 4313 break; 4314 case AF_INET6: 4315 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY 4316 && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) 4317 return 0; 4318 /* 4319 * scope_id check. if sin6_scope_id is 0, we regard it 4320 * as a wildcard scope, which matches any scope zone ID. 4321 */ 4322 if (spidx0->dst.sin6.sin6_scope_id && 4323 spidx1->dst.sin6.sin6_scope_id && 4324 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) 4325 return 0; 4326 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr, 4327 &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) 4328 return 0; 4329 break; 4330 default: 4331 /* XXX */ 4332 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) 4333 return 0; 4334 break; 4335 } 4336 4337 /* XXX Do we check other field ? e.g. flowinfo */ 4338 4339 return 1; 4340 } 4341 4342 #ifdef satosin 4343 #undef satosin 4344 #endif 4345 #define satosin(s) ((const struct sockaddr_in *)s) 4346 #ifdef satosin6 4347 #undef satosin6 4348 #endif 4349 #define satosin6(s) ((const struct sockaddr_in6 *)s) 4350 /* returns 0 on match */ 4351 int 4352 key_sockaddrcmp(const struct sockaddr *sa1, const struct sockaddr *sa2, 4353 int port) 4354 { 4355 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4356 return 1; 4357 4358 switch (sa1->sa_family) { 4359 #ifdef INET 4360 case AF_INET: 4361 if (sa1->sa_len != sizeof(struct sockaddr_in)) 4362 return 1; 4363 if (satosin(sa1)->sin_addr.s_addr != 4364 satosin(sa2)->sin_addr.s_addr) { 4365 return 1; 4366 } 4367 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port) 4368 return 1; 4369 break; 4370 #endif 4371 #ifdef INET6 4372 case AF_INET6: 4373 if (sa1->sa_len != sizeof(struct sockaddr_in6)) 4374 return 1; /*EINVAL*/ 4375 if (satosin6(sa1)->sin6_scope_id != 4376 satosin6(sa2)->sin6_scope_id) { 4377 return 1; 4378 } 4379 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr, 4380 &satosin6(sa2)->sin6_addr)) { 4381 return 1; 4382 } 4383 if (port && 4384 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) { 4385 return 1; 4386 } 4387 break; 4388 #endif 4389 default: 4390 if (bcmp(sa1, sa2, sa1->sa_len) != 0) 4391 return 1; 4392 break; 4393 } 4394 4395 return 0; 4396 } 4397 4398 /* returns 0 on match */ 4399 int 4400 key_sockaddrcmp_withmask(const struct sockaddr *sa1, 4401 const struct sockaddr *sa2, size_t mask) 4402 { 4403 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4404 return (1); 4405 4406 switch (sa1->sa_family) { 4407 #ifdef INET 4408 case AF_INET: 4409 return (!key_bbcmp(&satosin(sa1)->sin_addr, 4410 &satosin(sa2)->sin_addr, mask)); 4411 #endif 4412 #ifdef INET6 4413 case AF_INET6: 4414 if (satosin6(sa1)->sin6_scope_id != 4415 satosin6(sa2)->sin6_scope_id) 4416 return (1); 4417 return (!key_bbcmp(&satosin6(sa1)->sin6_addr, 4418 &satosin6(sa2)->sin6_addr, mask)); 4419 #endif 4420 } 4421 return (1); 4422 } 4423 #undef satosin 4424 #undef satosin6 4425 4426 /* 4427 * compare two buffers with mask. 4428 * IN: 4429 * addr1: source 4430 * addr2: object 4431 * bits: Number of bits to compare 4432 * OUT: 4433 * 1 : equal 4434 * 0 : not equal 4435 */ 4436 static int 4437 key_bbcmp(const void *a1, const void *a2, u_int bits) 4438 { 4439 const unsigned char *p1 = a1; 4440 const unsigned char *p2 = a2; 4441 4442 /* XXX: This could be considerably faster if we compare a word 4443 * at a time, but it is complicated on LSB Endian machines */ 4444 4445 /* Handle null pointers */ 4446 if (p1 == NULL || p2 == NULL) 4447 return (p1 == p2); 4448 4449 while (bits >= 8) { 4450 if (*p1++ != *p2++) 4451 return 0; 4452 bits -= 8; 4453 } 4454 4455 if (bits > 0) { 4456 u_int8_t mask = ~((1<<(8-bits))-1); 4457 if ((*p1 & mask) != (*p2 & mask)) 4458 return 0; 4459 } 4460 return 1; /* Match! */ 4461 } 4462 4463 static void 4464 key_flush_spd(time_t now) 4465 { 4466 SPTREE_RLOCK_TRACKER; 4467 struct secpolicy_list drainq; 4468 struct secpolicy *sp, *nextsp; 4469 u_int dir; 4470 4471 LIST_INIT(&drainq); 4472 SPTREE_RLOCK(); 4473 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 4474 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 4475 if (sp->lifetime == 0 && sp->validtime == 0) 4476 continue; 4477 if ((sp->lifetime && 4478 now - sp->created > sp->lifetime) || 4479 (sp->validtime && 4480 now - sp->lastused > sp->validtime)) { 4481 /* Hold extra reference to send SPDEXPIRE */ 4482 SP_ADDREF(sp); 4483 LIST_INSERT_HEAD(&drainq, sp, drainq); 4484 } 4485 } 4486 } 4487 SPTREE_RUNLOCK(); 4488 if (LIST_EMPTY(&drainq)) 4489 return; 4490 4491 SPTREE_WLOCK(); 4492 sp = LIST_FIRST(&drainq); 4493 while (sp != NULL) { 4494 nextsp = LIST_NEXT(sp, drainq); 4495 /* Check that SP is still linked */ 4496 if (sp->state != IPSEC_SPSTATE_ALIVE) { 4497 LIST_REMOVE(sp, drainq); 4498 key_freesp(&sp); /* release extra reference */ 4499 sp = nextsp; 4500 continue; 4501 } 4502 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 4503 V_spd_size--; 4504 LIST_REMOVE(sp, idhash); 4505 sp->state = IPSEC_SPSTATE_DEAD; 4506 sp = nextsp; 4507 } 4508 V_sp_genid++; 4509 SPTREE_WUNLOCK(); 4510 if (SPDCACHE_ENABLED()) 4511 spdcache_clear(); 4512 4513 sp = LIST_FIRST(&drainq); 4514 while (sp != NULL) { 4515 nextsp = LIST_NEXT(sp, drainq); 4516 key_spdexpire(sp); 4517 key_freesp(&sp); /* release extra reference */ 4518 key_freesp(&sp); /* release last reference */ 4519 sp = nextsp; 4520 } 4521 } 4522 4523 static void 4524 key_flush_sad(time_t now) 4525 { 4526 SAHTREE_RLOCK_TRACKER; 4527 struct secashead_list emptyq; 4528 struct secasvar_list drainq, hexpireq, sexpireq, freeq; 4529 struct secashead *sah, *nextsah; 4530 struct secasvar *sav, *nextsav; 4531 4532 SECASVAR_RLOCK_TRACKER; 4533 4534 LIST_INIT(&drainq); 4535 LIST_INIT(&hexpireq); 4536 LIST_INIT(&sexpireq); 4537 LIST_INIT(&emptyq); 4538 4539 SAHTREE_RLOCK(); 4540 TAILQ_FOREACH(sah, &V_sahtree, chain) { 4541 /* Check for empty SAH */ 4542 if (TAILQ_EMPTY(&sah->savtree_larval) && 4543 TAILQ_EMPTY(&sah->savtree_alive)) { 4544 SAH_ADDREF(sah); 4545 LIST_INSERT_HEAD(&emptyq, sah, drainq); 4546 continue; 4547 } 4548 /* Add all stale LARVAL SAs into drainq */ 4549 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 4550 if (now - sav->created < V_key_larval_lifetime) 4551 continue; 4552 SAV_ADDREF(sav); 4553 LIST_INSERT_HEAD(&drainq, sav, drainq); 4554 } 4555 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 4556 /* lifetimes aren't specified */ 4557 if (sav->lft_h == NULL) 4558 continue; 4559 SECASVAR_RLOCK(sav); 4560 /* 4561 * Check again with lock held, because it may 4562 * be updated by SADB_UPDATE. 4563 */ 4564 if (sav->lft_h == NULL) { 4565 SECASVAR_RUNLOCK(sav); 4566 continue; 4567 } 4568 /* 4569 * RFC 2367: 4570 * HARD lifetimes MUST take precedence over SOFT 4571 * lifetimes, meaning if the HARD and SOFT lifetimes 4572 * are the same, the HARD lifetime will appear on the 4573 * EXPIRE message. 4574 */ 4575 /* check HARD lifetime */ 4576 if ((sav->lft_h->addtime != 0 && 4577 now - sav->created > sav->lft_h->addtime) || 4578 (sav->lft_h->usetime != 0 && sav->firstused && 4579 now - sav->firstused > sav->lft_h->usetime) || 4580 (sav->lft_h->bytes != 0 && counter_u64_fetch( 4581 sav->lft_c_bytes) > sav->lft_h->bytes)) { 4582 SECASVAR_RUNLOCK(sav); 4583 SAV_ADDREF(sav); 4584 LIST_INSERT_HEAD(&hexpireq, sav, drainq); 4585 continue; 4586 } 4587 /* check SOFT lifetime (only for MATURE SAs) */ 4588 if (sav->state == SADB_SASTATE_MATURE && ( 4589 (sav->lft_s->addtime != 0 && 4590 now - sav->created > sav->lft_s->addtime) || 4591 (sav->lft_s->usetime != 0 && sav->firstused && 4592 now - sav->firstused > sav->lft_s->usetime) || 4593 (sav->lft_s->bytes != 0 && counter_u64_fetch( 4594 sav->lft_c_bytes) > sav->lft_s->bytes) || 4595 (!(sav->flags & SADB_X_SAFLAGS_ESN) && 4596 (sav->replay != NULL) && ( 4597 (sav->replay->count > UINT32_80PCT) || 4598 (sav->replay->last > UINT32_80PCT))))) { 4599 SECASVAR_RUNLOCK(sav); 4600 SAV_ADDREF(sav); 4601 LIST_INSERT_HEAD(&sexpireq, sav, drainq); 4602 continue; 4603 } 4604 SECASVAR_RUNLOCK(sav); 4605 } 4606 } 4607 SAHTREE_RUNLOCK(); 4608 4609 if (LIST_EMPTY(&emptyq) && LIST_EMPTY(&drainq) && 4610 LIST_EMPTY(&hexpireq) && LIST_EMPTY(&sexpireq)) 4611 return; 4612 4613 LIST_INIT(&freeq); 4614 SAHTREE_WLOCK(); 4615 /* Unlink stale LARVAL SAs */ 4616 sav = LIST_FIRST(&drainq); 4617 while (sav != NULL) { 4618 nextsav = LIST_NEXT(sav, drainq); 4619 /* Check that SA is still LARVAL */ 4620 if (sav->state != SADB_SASTATE_LARVAL) { 4621 LIST_REMOVE(sav, drainq); 4622 LIST_INSERT_HEAD(&freeq, sav, drainq); 4623 sav = nextsav; 4624 continue; 4625 } 4626 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 4627 LIST_REMOVE(sav, spihash); 4628 sav->state = SADB_SASTATE_DEAD; 4629 sav = nextsav; 4630 } 4631 /* Unlink all SAs with expired HARD lifetime */ 4632 sav = LIST_FIRST(&hexpireq); 4633 while (sav != NULL) { 4634 nextsav = LIST_NEXT(sav, drainq); 4635 /* Check that SA is not unlinked */ 4636 if (sav->state == SADB_SASTATE_DEAD) { 4637 LIST_REMOVE(sav, drainq); 4638 LIST_INSERT_HEAD(&freeq, sav, drainq); 4639 sav = nextsav; 4640 continue; 4641 } 4642 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 4643 LIST_REMOVE(sav, spihash); 4644 sav->state = SADB_SASTATE_DEAD; 4645 sav = nextsav; 4646 } 4647 /* Mark all SAs with expired SOFT lifetime as DYING */ 4648 sav = LIST_FIRST(&sexpireq); 4649 while (sav != NULL) { 4650 nextsav = LIST_NEXT(sav, drainq); 4651 /* Check that SA is not unlinked */ 4652 if (sav->state == SADB_SASTATE_DEAD) { 4653 LIST_REMOVE(sav, drainq); 4654 LIST_INSERT_HEAD(&freeq, sav, drainq); 4655 sav = nextsav; 4656 continue; 4657 } 4658 /* 4659 * NOTE: this doesn't change SA order in the chain. 4660 */ 4661 sav->state = SADB_SASTATE_DYING; 4662 sav = nextsav; 4663 } 4664 /* Unlink empty SAHs */ 4665 sah = LIST_FIRST(&emptyq); 4666 while (sah != NULL) { 4667 nextsah = LIST_NEXT(sah, drainq); 4668 /* Check that SAH is still empty and not unlinked */ 4669 if (sah->state == SADB_SASTATE_DEAD || 4670 !TAILQ_EMPTY(&sah->savtree_larval) || 4671 !TAILQ_EMPTY(&sah->savtree_alive)) { 4672 LIST_REMOVE(sah, drainq); 4673 key_freesah(&sah); /* release extra reference */ 4674 sah = nextsah; 4675 continue; 4676 } 4677 TAILQ_REMOVE(&V_sahtree, sah, chain); 4678 LIST_REMOVE(sah, addrhash); 4679 sah->state = SADB_SASTATE_DEAD; 4680 sah = nextsah; 4681 } 4682 SAHTREE_WUNLOCK(); 4683 4684 /* Send SPDEXPIRE messages */ 4685 sav = LIST_FIRST(&hexpireq); 4686 while (sav != NULL) { 4687 nextsav = LIST_NEXT(sav, drainq); 4688 key_expire(sav, 1); 4689 key_freesah(&sav->sah); /* release reference from SAV */ 4690 key_freesav(&sav); /* release extra reference */ 4691 key_freesav(&sav); /* release last reference */ 4692 sav = nextsav; 4693 } 4694 sav = LIST_FIRST(&sexpireq); 4695 while (sav != NULL) { 4696 nextsav = LIST_NEXT(sav, drainq); 4697 key_expire(sav, 0); 4698 key_freesav(&sav); /* release extra reference */ 4699 sav = nextsav; 4700 } 4701 /* Free stale LARVAL SAs */ 4702 sav = LIST_FIRST(&drainq); 4703 while (sav != NULL) { 4704 nextsav = LIST_NEXT(sav, drainq); 4705 key_freesah(&sav->sah); /* release reference from SAV */ 4706 key_freesav(&sav); /* release extra reference */ 4707 key_freesav(&sav); /* release last reference */ 4708 sav = nextsav; 4709 } 4710 /* Free SAs that were unlinked/changed by someone else */ 4711 sav = LIST_FIRST(&freeq); 4712 while (sav != NULL) { 4713 nextsav = LIST_NEXT(sav, drainq); 4714 key_freesav(&sav); /* release extra reference */ 4715 sav = nextsav; 4716 } 4717 /* Free empty SAH */ 4718 sah = LIST_FIRST(&emptyq); 4719 while (sah != NULL) { 4720 nextsah = LIST_NEXT(sah, drainq); 4721 key_freesah(&sah); /* release extra reference */ 4722 key_freesah(&sah); /* release last reference */ 4723 sah = nextsah; 4724 } 4725 } 4726 4727 static void 4728 key_flush_acq(time_t now) 4729 { 4730 struct secacq *acq, *nextacq; 4731 4732 /* ACQ tree */ 4733 ACQ_LOCK(); 4734 acq = LIST_FIRST(&V_acqtree); 4735 while (acq != NULL) { 4736 nextacq = LIST_NEXT(acq, chain); 4737 if (now - acq->created > V_key_blockacq_lifetime) { 4738 LIST_REMOVE(acq, chain); 4739 LIST_REMOVE(acq, addrhash); 4740 LIST_REMOVE(acq, seqhash); 4741 free(acq, M_IPSEC_SAQ); 4742 } 4743 acq = nextacq; 4744 } 4745 ACQ_UNLOCK(); 4746 } 4747 4748 static void 4749 key_flush_spacq(time_t now) 4750 { 4751 struct secspacq *acq, *nextacq; 4752 4753 /* SP ACQ tree */ 4754 SPACQ_LOCK(); 4755 for (acq = LIST_FIRST(&V_spacqtree); acq != NULL; acq = nextacq) { 4756 nextacq = LIST_NEXT(acq, chain); 4757 if (now - acq->created > V_key_blockacq_lifetime 4758 && __LIST_CHAINED(acq)) { 4759 LIST_REMOVE(acq, chain); 4760 free(acq, M_IPSEC_SAQ); 4761 } 4762 } 4763 SPACQ_UNLOCK(); 4764 } 4765 4766 /* 4767 * time handler. 4768 * scanning SPD and SAD to check status for each entries, 4769 * and do to remove or to expire. 4770 * XXX: year 2038 problem may remain. 4771 */ 4772 static void 4773 key_timehandler(void *arg) 4774 { 4775 VNET_ITERATOR_DECL(vnet_iter); 4776 time_t now = time_second; 4777 4778 VNET_LIST_RLOCK_NOSLEEP(); 4779 VNET_FOREACH(vnet_iter) { 4780 CURVNET_SET(vnet_iter); 4781 key_flush_spd(now); 4782 key_flush_sad(now); 4783 key_flush_acq(now); 4784 key_flush_spacq(now); 4785 CURVNET_RESTORE(); 4786 } 4787 VNET_LIST_RUNLOCK_NOSLEEP(); 4788 4789 #ifndef IPSEC_DEBUG2 4790 /* do exchange to tick time !! */ 4791 callout_schedule(&key_timer, hz); 4792 #endif /* IPSEC_DEBUG2 */ 4793 } 4794 4795 u_long 4796 key_random(void) 4797 { 4798 u_long value; 4799 4800 arc4random_buf(&value, sizeof(value)); 4801 return value; 4802 } 4803 4804 /* 4805 * map SADB_SATYPE_* to IPPROTO_*. 4806 * if satype == SADB_SATYPE then satype is mapped to ~0. 4807 * OUT: 4808 * 0: invalid satype. 4809 */ 4810 static uint8_t 4811 key_satype2proto(uint8_t satype) 4812 { 4813 switch (satype) { 4814 case SADB_SATYPE_UNSPEC: 4815 return IPSEC_PROTO_ANY; 4816 case SADB_SATYPE_AH: 4817 return IPPROTO_AH; 4818 case SADB_SATYPE_ESP: 4819 return IPPROTO_ESP; 4820 case SADB_X_SATYPE_IPCOMP: 4821 return IPPROTO_IPCOMP; 4822 case SADB_X_SATYPE_TCPSIGNATURE: 4823 return IPPROTO_TCP; 4824 default: 4825 return 0; 4826 } 4827 /* NOTREACHED */ 4828 } 4829 4830 /* 4831 * map IPPROTO_* to SADB_SATYPE_* 4832 * OUT: 4833 * 0: invalid protocol type. 4834 */ 4835 static uint8_t 4836 key_proto2satype(uint8_t proto) 4837 { 4838 switch (proto) { 4839 case IPPROTO_AH: 4840 return SADB_SATYPE_AH; 4841 case IPPROTO_ESP: 4842 return SADB_SATYPE_ESP; 4843 case IPPROTO_IPCOMP: 4844 return SADB_X_SATYPE_IPCOMP; 4845 case IPPROTO_TCP: 4846 return SADB_X_SATYPE_TCPSIGNATURE; 4847 default: 4848 return 0; 4849 } 4850 /* NOTREACHED */ 4851 } 4852 4853 /* %%% PF_KEY */ 4854 /* 4855 * SADB_GETSPI processing is to receive 4856 * <base, (SA2), src address, dst address, (SPI range)> 4857 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND 4858 * tree with the status of LARVAL, and send 4859 * <base, SA(*), address(SD)> 4860 * to the IKMPd. 4861 * 4862 * IN: mhp: pointer to the pointer to each header. 4863 * OUT: NULL if fail. 4864 * other if success, return pointer to the message to send. 4865 */ 4866 static int 4867 key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 4868 { 4869 struct secasindex saidx; 4870 struct sadb_address *src0, *dst0; 4871 struct secasvar *sav; 4872 uint32_t reqid, spi; 4873 int error; 4874 uint8_t mode, proto; 4875 4876 IPSEC_ASSERT(so != NULL, ("null socket")); 4877 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4878 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4879 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4880 4881 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 4882 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) 4883 #ifdef PFKEY_STRICT_CHECKS 4884 || SADB_CHECKHDR(mhp, SADB_EXT_SPIRANGE) 4885 #endif 4886 ) { 4887 ipseclog((LOG_DEBUG, 4888 "%s: invalid message: missing required header.\n", 4889 __func__)); 4890 error = EINVAL; 4891 goto fail; 4892 } 4893 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 4894 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) 4895 #ifdef PFKEY_STRICT_CHECKS 4896 || SADB_CHECKLEN(mhp, SADB_EXT_SPIRANGE) 4897 #endif 4898 ) { 4899 ipseclog((LOG_DEBUG, 4900 "%s: invalid message: wrong header size.\n", __func__)); 4901 error = EINVAL; 4902 goto fail; 4903 } 4904 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 4905 mode = IPSEC_MODE_ANY; 4906 reqid = 0; 4907 } else { 4908 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 4909 ipseclog((LOG_DEBUG, 4910 "%s: invalid message: wrong header size.\n", 4911 __func__)); 4912 error = EINVAL; 4913 goto fail; 4914 } 4915 mode = ((struct sadb_x_sa2 *) 4916 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 4917 reqid = ((struct sadb_x_sa2 *) 4918 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 4919 } 4920 4921 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 4922 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 4923 4924 /* map satype to proto */ 4925 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 4926 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 4927 __func__)); 4928 error = EINVAL; 4929 goto fail; 4930 } 4931 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 4932 (struct sockaddr *)(dst0 + 1)); 4933 if (error != 0) { 4934 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 4935 error = EINVAL; 4936 goto fail; 4937 } 4938 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 4939 4940 /* SPI allocation */ 4941 SPI_ALLOC_LOCK(); 4942 spi = key_do_getnewspi( 4943 (struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], &saidx); 4944 if (spi == 0) { 4945 /* 4946 * Requested SPI or SPI range is not available or 4947 * already used. 4948 */ 4949 SPI_ALLOC_UNLOCK(); 4950 error = EEXIST; 4951 goto fail; 4952 } 4953 sav = key_newsav(mhp, &saidx, spi, &error); 4954 SPI_ALLOC_UNLOCK(); 4955 if (sav == NULL) 4956 goto fail; 4957 4958 if (sav->seq != 0) { 4959 /* 4960 * RFC2367: 4961 * If the SADB_GETSPI message is in response to a 4962 * kernel-generated SADB_ACQUIRE, the sadb_msg_seq 4963 * MUST be the same as the SADB_ACQUIRE message. 4964 * 4965 * XXXAE: However it doesn't definethe behaviour how to 4966 * check this and what to do if it doesn't match. 4967 * Also what we should do if it matches? 4968 * 4969 * We can compare saidx used in SADB_ACQUIRE with saidx 4970 * used in SADB_GETSPI, but this probably can break 4971 * existing software. For now just warn if it doesn't match. 4972 * 4973 * XXXAE: anyway it looks useless. 4974 */ 4975 key_acqdone(&saidx, sav->seq); 4976 } 4977 KEYDBG(KEY_STAMP, 4978 printf("%s: SA(%p)\n", __func__, sav)); 4979 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 4980 4981 { 4982 struct mbuf *n, *nn; 4983 struct sadb_sa *m_sa; 4984 struct sadb_msg *newmsg; 4985 int off, len; 4986 4987 /* create new sadb_msg to reply. */ 4988 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 4989 PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4990 4991 n = key_mget(len); 4992 if (n == NULL) { 4993 error = ENOBUFS; 4994 goto fail; 4995 } 4996 4997 n->m_len = len; 4998 n->m_next = NULL; 4999 off = 0; 5000 5001 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 5002 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 5003 5004 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off); 5005 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); 5006 m_sa->sadb_sa_exttype = SADB_EXT_SA; 5007 m_sa->sadb_sa_spi = spi; /* SPI is already in network byte order */ 5008 off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); 5009 5010 IPSEC_ASSERT(off == len, 5011 ("length inconsistency (off %u len %u)", off, len)); 5012 5013 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, 5014 SADB_EXT_ADDRESS_DST); 5015 if (!n->m_next) { 5016 m_freem(n); 5017 error = ENOBUFS; 5018 goto fail; 5019 } 5020 5021 if (n->m_len < sizeof(struct sadb_msg)) { 5022 n = m_pullup(n, sizeof(struct sadb_msg)); 5023 if (n == NULL) 5024 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 5025 } 5026 5027 n->m_pkthdr.len = 0; 5028 for (nn = n; nn; nn = nn->m_next) 5029 n->m_pkthdr.len += nn->m_len; 5030 5031 newmsg = mtod(n, struct sadb_msg *); 5032 newmsg->sadb_msg_seq = sav->seq; 5033 newmsg->sadb_msg_errno = 0; 5034 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5035 5036 m_freem(m); 5037 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 5038 } 5039 5040 fail: 5041 return (key_senderror(so, m, error)); 5042 } 5043 5044 /* 5045 * allocating new SPI 5046 * called by key_getspi(). 5047 * OUT: 5048 * 0: failure. 5049 * others: success, SPI in network byte order. 5050 */ 5051 static uint32_t 5052 key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx) 5053 { 5054 uint32_t min, max, newspi, t; 5055 int tries, limit; 5056 5057 SPI_ALLOC_LOCK_ASSERT(); 5058 5059 /* set spi range to allocate */ 5060 if (spirange != NULL) { 5061 min = spirange->sadb_spirange_min; 5062 max = spirange->sadb_spirange_max; 5063 } else { 5064 min = V_key_spi_minval; 5065 max = V_key_spi_maxval; 5066 } 5067 /* IPCOMP needs 2-byte SPI */ 5068 if (saidx->proto == IPPROTO_IPCOMP) { 5069 if (min >= 0x10000) 5070 min = 0xffff; 5071 if (max >= 0x10000) 5072 max = 0xffff; 5073 if (min > max) { 5074 t = min; min = max; max = t; 5075 } 5076 } 5077 5078 if (min == max) { 5079 if (key_checkspidup(htonl(min))) { 5080 ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n", 5081 __func__, min)); 5082 return 0; 5083 } 5084 5085 tries = 1; 5086 newspi = min; 5087 } else { 5088 /* init SPI */ 5089 newspi = 0; 5090 5091 limit = atomic_load_int(&V_key_spi_trycnt); 5092 /* when requesting to allocate spi ranged */ 5093 for (tries = 0; tries < limit; tries++) { 5094 /* generate pseudo-random SPI value ranged. */ 5095 newspi = min + (key_random() % (max - min + 1)); 5096 if (!key_checkspidup(htonl(newspi))) 5097 break; 5098 } 5099 5100 if (tries == limit || newspi == 0) { 5101 ipseclog((LOG_DEBUG, 5102 "%s: failed to allocate SPI.\n", __func__)); 5103 return 0; 5104 } 5105 } 5106 5107 /* statistics */ 5108 keystat.getspi_count = 5109 (keystat.getspi_count + tries) / 2; 5110 5111 return (htonl(newspi)); 5112 } 5113 5114 /* 5115 * Find TCP-MD5 SA with corresponding secasindex. 5116 * If not found, return NULL and fill SPI with usable value if needed. 5117 */ 5118 static struct secasvar * 5119 key_getsav_tcpmd5(struct secasindex *saidx, uint32_t *spi) 5120 { 5121 SAHTREE_RLOCK_TRACKER; 5122 struct secashead *sah; 5123 struct secasvar *sav; 5124 5125 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, ("wrong proto")); 5126 SAHTREE_RLOCK(); 5127 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 5128 if (sah->saidx.proto != IPPROTO_TCP) 5129 continue; 5130 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 5131 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 5132 break; 5133 } 5134 if (sah != NULL) { 5135 if (V_key_preferred_oldsa) 5136 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 5137 else 5138 sav = TAILQ_FIRST(&sah->savtree_alive); 5139 if (sav != NULL) { 5140 SAV_ADDREF(sav); 5141 SAHTREE_RUNLOCK(); 5142 return (sav); 5143 } 5144 } 5145 if (spi == NULL) { 5146 /* No SPI required */ 5147 SAHTREE_RUNLOCK(); 5148 return (NULL); 5149 } 5150 /* Check that SPI is unique */ 5151 LIST_FOREACH(sav, SAVHASH_HASH(*spi), spihash) { 5152 if (sav->spi == *spi) 5153 break; 5154 } 5155 if (sav == NULL) { 5156 SAHTREE_RUNLOCK(); 5157 /* SPI is already unique */ 5158 return (NULL); 5159 } 5160 SAHTREE_RUNLOCK(); 5161 /* XXX: not optimal */ 5162 *spi = key_do_getnewspi(NULL, saidx); 5163 return (NULL); 5164 } 5165 5166 static int 5167 key_updateaddresses(struct socket *so, struct mbuf *m, 5168 const struct sadb_msghdr *mhp, struct secasvar *sav, 5169 struct secasindex *saidx) 5170 { 5171 struct sockaddr *newaddr; 5172 struct secashead *sah; 5173 struct secasvar *newsav, *tmp; 5174 struct mbuf *n; 5175 int error, isnew; 5176 5177 /* Check that we need to change SAH */ 5178 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC)) { 5179 newaddr = (struct sockaddr *)( 5180 ((struct sadb_address *) 5181 mhp->ext[SADB_X_EXT_NEW_ADDRESS_SRC]) + 1); 5182 bcopy(newaddr, &saidx->src, newaddr->sa_len); 5183 key_porttosaddr(&saidx->src.sa, 0); 5184 } 5185 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5186 newaddr = (struct sockaddr *)( 5187 ((struct sadb_address *) 5188 mhp->ext[SADB_X_EXT_NEW_ADDRESS_DST]) + 1); 5189 bcopy(newaddr, &saidx->dst, newaddr->sa_len); 5190 key_porttosaddr(&saidx->dst.sa, 0); 5191 } 5192 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5193 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5194 error = key_checksockaddrs(&saidx->src.sa, &saidx->dst.sa); 5195 if (error != 0) { 5196 ipseclog((LOG_DEBUG, "%s: invalid new sockaddr.\n", 5197 __func__)); 5198 return (error); 5199 } 5200 5201 sah = key_getsah(saidx); 5202 if (sah == NULL) { 5203 /* create a new SA index */ 5204 sah = key_newsah(saidx); 5205 if (sah == NULL) { 5206 ipseclog((LOG_DEBUG, 5207 "%s: No more memory.\n", __func__)); 5208 return (ENOBUFS); 5209 } 5210 isnew = 2; /* SAH is new */ 5211 } else 5212 isnew = 1; /* existing SAH is referenced */ 5213 } else { 5214 /* 5215 * src and dst addresses are still the same. 5216 * Do we want to change NAT-T config? 5217 */ 5218 if (sav->sah->saidx.proto != IPPROTO_ESP || 5219 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5220 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) || 5221 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5222 ipseclog((LOG_DEBUG, 5223 "%s: invalid message: missing required header.\n", 5224 __func__)); 5225 return (EINVAL); 5226 } 5227 /* We hold reference to SA, thus SAH will be referenced too. */ 5228 sah = sav->sah; 5229 isnew = 0; 5230 } 5231 5232 newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, 5233 M_NOWAIT | M_ZERO); 5234 if (newsav == NULL) { 5235 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5236 error = ENOBUFS; 5237 goto fail; 5238 } 5239 5240 /* Clone SA's content into newsav */ 5241 SAV_INITREF(newsav); 5242 bcopy(sav, newsav, offsetof(struct secasvar, chain)); 5243 /* 5244 * We create new NAT-T config if it is needed. 5245 * Old NAT-T config will be freed by key_cleansav() when 5246 * last reference to SA will be released. 5247 */ 5248 newsav->natt = NULL; 5249 newsav->sah = sah; 5250 newsav->state = SADB_SASTATE_MATURE; 5251 error = key_setnatt(newsav, mhp); 5252 if (error != 0) 5253 goto fail; 5254 5255 SAHTREE_WLOCK(); 5256 /* Check that SA is still alive */ 5257 if (sav->state == SADB_SASTATE_DEAD) { 5258 /* SA was unlinked */ 5259 SAHTREE_WUNLOCK(); 5260 error = ESRCH; 5261 goto fail; 5262 } 5263 5264 /* Unlink SA from SAH and SPI hash */ 5265 IPSEC_ASSERT((sav->flags & SADB_X_EXT_F_CLONED) == 0, 5266 ("SA is already cloned")); 5267 IPSEC_ASSERT(sav->state == SADB_SASTATE_MATURE || 5268 sav->state == SADB_SASTATE_DYING, 5269 ("Wrong SA state %u\n", sav->state)); 5270 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 5271 LIST_REMOVE(sav, spihash); 5272 sav->state = SADB_SASTATE_DEAD; 5273 5274 /* 5275 * Link new SA with SAH. Keep SAs ordered by 5276 * create time (newer are first). 5277 */ 5278 TAILQ_FOREACH(tmp, &sah->savtree_alive, chain) { 5279 if (newsav->created > tmp->created) { 5280 TAILQ_INSERT_BEFORE(tmp, newsav, chain); 5281 break; 5282 } 5283 } 5284 if (tmp == NULL) 5285 TAILQ_INSERT_TAIL(&sah->savtree_alive, newsav, chain); 5286 5287 /* Add new SA into SPI hash. */ 5288 LIST_INSERT_HEAD(SAVHASH_HASH(newsav->spi), newsav, spihash); 5289 5290 /* Add new SAH into SADB. */ 5291 if (isnew == 2) { 5292 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 5293 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 5294 sah->state = SADB_SASTATE_MATURE; 5295 SAH_ADDREF(sah); /* newsav references new SAH */ 5296 } 5297 /* 5298 * isnew == 1 -> @sah was referenced by key_getsah(). 5299 * isnew == 0 -> we use the same @sah, that was used by @sav, 5300 * and we use its reference for @newsav. 5301 */ 5302 SECASVAR_WLOCK(sav); 5303 /* XXX: replace cntr with pointer? */ 5304 newsav->cntr = sav->cntr; 5305 sav->flags |= SADB_X_EXT_F_CLONED; 5306 SECASVAR_WUNLOCK(sav); 5307 5308 SAHTREE_WUNLOCK(); 5309 5310 KEYDBG(KEY_STAMP, 5311 printf("%s: SA(%p) cloned into SA(%p)\n", 5312 __func__, sav, newsav)); 5313 KEYDBG(KEY_DATA, kdebug_secasv(newsav)); 5314 5315 key_freesav(&sav); /* release last reference */ 5316 5317 /* set msg buf from mhp */ 5318 n = key_getmsgbuf_x1(m, mhp); 5319 if (n == NULL) { 5320 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5321 return (ENOBUFS); 5322 } 5323 m_freem(m); 5324 key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5325 return (0); 5326 fail: 5327 if (isnew != 0) 5328 key_freesah(&sah); 5329 if (newsav != NULL) { 5330 if (newsav->natt != NULL) 5331 free(newsav->natt, M_IPSEC_MISC); 5332 free(newsav, M_IPSEC_SA); 5333 } 5334 return (error); 5335 } 5336 5337 /* 5338 * SADB_UPDATE processing 5339 * receive 5340 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5341 * key(AE), (identity(SD),) (sensitivity)> 5342 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. 5343 * and send 5344 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5345 * (identity(SD),) (sensitivity)> 5346 * to the ikmpd. 5347 * 5348 * m will always be freed. 5349 */ 5350 static int 5351 key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5352 { 5353 struct secasindex saidx; 5354 struct sadb_address *src0, *dst0; 5355 struct sadb_sa *sa0; 5356 struct secasvar *sav; 5357 uint32_t reqid; 5358 int error; 5359 uint8_t mode, proto; 5360 5361 IPSEC_ASSERT(so != NULL, ("null socket")); 5362 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5363 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5364 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5365 5366 /* map satype to proto */ 5367 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5368 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5369 __func__)); 5370 return key_senderror(so, m, EINVAL); 5371 } 5372 5373 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5374 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5375 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5376 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5377 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5378 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5379 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5380 ipseclog((LOG_DEBUG, 5381 "%s: invalid message: missing required header.\n", 5382 __func__)); 5383 return key_senderror(so, m, EINVAL); 5384 } 5385 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5386 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5387 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5388 ipseclog((LOG_DEBUG, 5389 "%s: invalid message: wrong header size.\n", __func__)); 5390 return key_senderror(so, m, EINVAL); 5391 } 5392 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5393 mode = IPSEC_MODE_ANY; 5394 reqid = 0; 5395 } else { 5396 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5397 ipseclog((LOG_DEBUG, 5398 "%s: invalid message: wrong header size.\n", 5399 __func__)); 5400 return key_senderror(so, m, EINVAL); 5401 } 5402 mode = ((struct sadb_x_sa2 *) 5403 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5404 reqid = ((struct sadb_x_sa2 *) 5405 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5406 } 5407 5408 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5409 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5410 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5411 5412 /* 5413 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5414 * SADB_UPDATE message. 5415 */ 5416 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5417 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5418 #ifdef PFKEY_STRICT_CHECKS 5419 return key_senderror(so, m, EINVAL); 5420 #endif 5421 } 5422 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5423 (struct sockaddr *)(dst0 + 1)); 5424 if (error != 0) { 5425 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5426 return key_senderror(so, m, error); 5427 } 5428 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5429 sav = key_getsavbyspi(sa0->sadb_sa_spi); 5430 if (sav == NULL) { 5431 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u\n", 5432 __func__, ntohl(sa0->sadb_sa_spi))); 5433 return key_senderror(so, m, EINVAL); 5434 } 5435 /* 5436 * Check that SADB_UPDATE issued by the same process that did 5437 * SADB_GETSPI or SADB_ADD. 5438 */ 5439 if (sav->pid != mhp->msg->sadb_msg_pid) { 5440 ipseclog((LOG_DEBUG, 5441 "%s: pid mismatched (SPI %u, pid %u vs. %u)\n", __func__, 5442 ntohl(sav->spi), sav->pid, mhp->msg->sadb_msg_pid)); 5443 key_freesav(&sav); 5444 return key_senderror(so, m, EINVAL); 5445 } 5446 /* saidx should match with SA. */ 5447 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_MODE_REQID) == 0) { 5448 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u\n", 5449 __func__, ntohl(sav->spi))); 5450 key_freesav(&sav); 5451 return key_senderror(so, m, ESRCH); 5452 } 5453 5454 if (sav->state == SADB_SASTATE_LARVAL) { 5455 if ((mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5456 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) || 5457 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5458 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH))) { 5459 ipseclog((LOG_DEBUG, 5460 "%s: invalid message: missing required header.\n", 5461 __func__)); 5462 key_freesav(&sav); 5463 return key_senderror(so, m, EINVAL); 5464 } 5465 /* 5466 * We can set any values except src, dst and SPI. 5467 */ 5468 error = key_setsaval(sav, mhp); 5469 if (error != 0) { 5470 key_freesav(&sav); 5471 return (key_senderror(so, m, error)); 5472 } 5473 /* Change SA state to MATURE */ 5474 SAHTREE_WLOCK(); 5475 if (sav->state != SADB_SASTATE_LARVAL) { 5476 /* SA was deleted or another thread made it MATURE. */ 5477 SAHTREE_WUNLOCK(); 5478 key_freesav(&sav); 5479 return (key_senderror(so, m, ESRCH)); 5480 } 5481 /* 5482 * NOTE: we keep SAs in savtree_alive ordered by created 5483 * time. When SA's state changed from LARVAL to MATURE, 5484 * we update its created time in key_setsaval() and move 5485 * it into head of savtree_alive. 5486 */ 5487 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 5488 TAILQ_INSERT_HEAD(&sav->sah->savtree_alive, sav, chain); 5489 sav->state = SADB_SASTATE_MATURE; 5490 SAHTREE_WUNLOCK(); 5491 } else { 5492 /* 5493 * For DYING and MATURE SA we can change only state 5494 * and lifetimes. Report EINVAL if something else attempted 5495 * to change. 5496 */ 5497 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5498 !SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 5499 key_freesav(&sav); 5500 return (key_senderror(so, m, EINVAL)); 5501 } 5502 error = key_updatelifetimes(sav, mhp); 5503 if (error != 0) { 5504 key_freesav(&sav); 5505 return (key_senderror(so, m, error)); 5506 } 5507 /* 5508 * This is FreeBSD extension to RFC2367. 5509 * IKEd can specify SADB_X_EXT_NEW_ADDRESS_SRC and/or 5510 * SADB_X_EXT_NEW_ADDRESS_DST when it wants to change 5511 * SA addresses (for example to implement MOBIKE protocol 5512 * as described in RFC4555). Also we allow to change 5513 * NAT-T config. 5514 */ 5515 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5516 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST) || 5517 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5518 sav->natt != NULL) { 5519 error = key_updateaddresses(so, m, mhp, sav, &saidx); 5520 key_freesav(&sav); 5521 if (error != 0) 5522 return (key_senderror(so, m, error)); 5523 return (0); 5524 } 5525 /* Check that SA is still alive */ 5526 SAHTREE_WLOCK(); 5527 if (sav->state == SADB_SASTATE_DEAD) { 5528 /* SA was unlinked */ 5529 SAHTREE_WUNLOCK(); 5530 key_freesav(&sav); 5531 return (key_senderror(so, m, ESRCH)); 5532 } 5533 /* 5534 * NOTE: there is possible state moving from DYING to MATURE, 5535 * but this doesn't change created time, so we won't reorder 5536 * this SA. 5537 */ 5538 sav->state = SADB_SASTATE_MATURE; 5539 SAHTREE_WUNLOCK(); 5540 } 5541 KEYDBG(KEY_STAMP, 5542 printf("%s: SA(%p)\n", __func__, sav)); 5543 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5544 key_freesav(&sav); 5545 5546 { 5547 struct mbuf *n; 5548 5549 /* set msg buf from mhp */ 5550 n = key_getmsgbuf_x1(m, mhp); 5551 if (n == NULL) { 5552 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5553 return key_senderror(so, m, ENOBUFS); 5554 } 5555 5556 m_freem(m); 5557 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5558 } 5559 } 5560 5561 /* 5562 * SADB_ADD processing 5563 * add an entry to SA database, when received 5564 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5565 * key(AE), (identity(SD),) (sensitivity)> 5566 * from the ikmpd, 5567 * and send 5568 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5569 * (identity(SD),) (sensitivity)> 5570 * to the ikmpd. 5571 * 5572 * IGNORE identity and sensitivity messages. 5573 * 5574 * m will always be freed. 5575 */ 5576 static int 5577 key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5578 { 5579 struct secasindex saidx; 5580 struct sadb_address *src0, *dst0; 5581 struct sadb_sa *sa0; 5582 struct secasvar *sav; 5583 uint32_t reqid, spi; 5584 uint8_t mode, proto; 5585 int error; 5586 5587 IPSEC_ASSERT(so != NULL, ("null socket")); 5588 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5589 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5590 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5591 5592 /* map satype to proto */ 5593 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5594 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5595 __func__)); 5596 return key_senderror(so, m, EINVAL); 5597 } 5598 5599 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5600 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5601 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5602 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && ( 5603 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5604 SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT))) || 5605 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && ( 5606 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH) || 5607 SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH))) || 5608 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5609 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5610 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5611 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5612 ipseclog((LOG_DEBUG, 5613 "%s: invalid message: missing required header.\n", 5614 __func__)); 5615 return key_senderror(so, m, EINVAL); 5616 } 5617 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5618 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5619 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5620 ipseclog((LOG_DEBUG, 5621 "%s: invalid message: wrong header size.\n", __func__)); 5622 return key_senderror(so, m, EINVAL); 5623 } 5624 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5625 mode = IPSEC_MODE_ANY; 5626 reqid = 0; 5627 } else { 5628 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5629 ipseclog((LOG_DEBUG, 5630 "%s: invalid message: wrong header size.\n", 5631 __func__)); 5632 return key_senderror(so, m, EINVAL); 5633 } 5634 mode = ((struct sadb_x_sa2 *) 5635 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5636 reqid = ((struct sadb_x_sa2 *) 5637 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5638 } 5639 5640 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5641 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 5642 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 5643 5644 /* 5645 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5646 * SADB_ADD message. 5647 */ 5648 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5649 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5650 #ifdef PFKEY_STRICT_CHECKS 5651 return key_senderror(so, m, EINVAL); 5652 #endif 5653 } 5654 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5655 (struct sockaddr *)(dst0 + 1)); 5656 if (error != 0) { 5657 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5658 return key_senderror(so, m, error); 5659 } 5660 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5661 spi = sa0->sadb_sa_spi; 5662 /* 5663 * For TCP-MD5 SAs we don't use SPI. Check the uniqueness using 5664 * secasindex. 5665 * XXXAE: IPComp seems also doesn't use SPI. 5666 */ 5667 SPI_ALLOC_LOCK(); 5668 if (proto == IPPROTO_TCP) { 5669 sav = key_getsav_tcpmd5(&saidx, &spi); 5670 if (sav == NULL && spi == 0) { 5671 SPI_ALLOC_UNLOCK(); 5672 /* Failed to allocate SPI */ 5673 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", 5674 __func__)); 5675 return key_senderror(so, m, EEXIST); 5676 } 5677 /* XXX: SPI that we report back can have another value */ 5678 } else { 5679 /* We can create new SA only if SPI is different. */ 5680 sav = key_getsavbyspi(spi); 5681 } 5682 if (sav != NULL) { 5683 SPI_ALLOC_UNLOCK(); 5684 key_freesav(&sav); 5685 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__)); 5686 return key_senderror(so, m, EEXIST); 5687 } 5688 5689 sav = key_newsav(mhp, &saidx, spi, &error); 5690 SPI_ALLOC_UNLOCK(); 5691 if (sav == NULL) 5692 return key_senderror(so, m, error); 5693 KEYDBG(KEY_STAMP, 5694 printf("%s: return SA(%p)\n", __func__, sav)); 5695 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5696 /* 5697 * If SADB_ADD was in response to SADB_ACQUIRE, we need to schedule 5698 * ACQ for deletion. 5699 */ 5700 if (sav->seq != 0) 5701 key_acqdone(&saidx, sav->seq); 5702 5703 { 5704 /* 5705 * Don't call key_freesav() on error here, as we would like to 5706 * keep the SA in the database. 5707 */ 5708 struct mbuf *n; 5709 5710 /* set msg buf from mhp */ 5711 n = key_getmsgbuf_x1(m, mhp); 5712 if (n == NULL) { 5713 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5714 return key_senderror(so, m, ENOBUFS); 5715 } 5716 5717 m_freem(m); 5718 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5719 } 5720 } 5721 5722 /* 5723 * NAT-T support. 5724 * IKEd may request the use ESP in UDP encapsulation when it detects the 5725 * presence of NAT. It uses NAT-T extension headers for such SAs to specify 5726 * parameters needed for encapsulation and decapsulation. These PF_KEY 5727 * extension headers are not standardized, so this comment addresses our 5728 * implementation. 5729 * SADB_X_EXT_NAT_T_TYPE specifies type of encapsulation, we support only 5730 * UDP_ENCAP_ESPINUDP as described in RFC3948. 5731 * SADB_X_EXT_NAT_T_SPORT/DPORT specifies source and destination ports for 5732 * UDP header. We use these ports in UDP encapsulation procedure, also we 5733 * can check them in UDP decapsulation procedure. 5734 * SADB_X_EXT_NAT_T_OA[IR] specifies original address of initiator or 5735 * responder. These addresses can be used for transport mode to adjust 5736 * checksum after decapsulation and decryption. Since original IP addresses 5737 * used by peer usually different (we detected presence of NAT), TCP/UDP 5738 * pseudo header checksum and IP header checksum was calculated using original 5739 * addresses. After decapsulation and decryption we need to adjust checksum 5740 * to have correct datagram. 5741 * 5742 * We expect presence of NAT-T extension headers only in SADB_ADD and 5743 * SADB_UPDATE messages. We report NAT-T extension headers in replies 5744 * to SADB_ADD, SADB_UPDATE, SADB_GET, and SADB_DUMP messages. 5745 */ 5746 static int 5747 key_setnatt(struct secasvar *sav, const struct sadb_msghdr *mhp) 5748 { 5749 struct sadb_x_nat_t_port *port; 5750 struct sadb_x_nat_t_type *type; 5751 struct sadb_address *oai, *oar; 5752 struct sockaddr *sa; 5753 uint32_t addr; 5754 uint16_t cksum; 5755 5756 IPSEC_ASSERT(sav->natt == NULL, ("natt is already initialized")); 5757 /* 5758 * Ignore NAT-T headers if sproto isn't ESP. 5759 */ 5760 if (sav->sah->saidx.proto != IPPROTO_ESP) 5761 return (0); 5762 5763 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) && 5764 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) && 5765 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5766 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_TYPE) || 5767 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_SPORT) || 5768 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5769 ipseclog((LOG_DEBUG, 5770 "%s: invalid message: wrong header size.\n", 5771 __func__)); 5772 return (EINVAL); 5773 } 5774 } else 5775 return (0); 5776 5777 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5778 if (type->sadb_x_nat_t_type_type != UDP_ENCAP_ESPINUDP) { 5779 ipseclog((LOG_DEBUG, "%s: unsupported NAT-T type %u.\n", 5780 __func__, type->sadb_x_nat_t_type_type)); 5781 return (EINVAL); 5782 } 5783 /* 5784 * Allocate storage for NAT-T config. 5785 * On error it will be released by key_cleansav(). 5786 */ 5787 sav->natt = malloc(sizeof(struct secnatt), M_IPSEC_MISC, 5788 M_NOWAIT | M_ZERO); 5789 if (sav->natt == NULL) { 5790 PFKEYSTAT_INC(in_nomem); 5791 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5792 return (ENOBUFS); 5793 } 5794 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5795 if (port->sadb_x_nat_t_port_port == 0) { 5796 ipseclog((LOG_DEBUG, "%s: invalid NAT-T sport specified.\n", 5797 __func__)); 5798 return (EINVAL); 5799 } 5800 sav->natt->sport = port->sadb_x_nat_t_port_port; 5801 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5802 if (port->sadb_x_nat_t_port_port == 0) { 5803 ipseclog((LOG_DEBUG, "%s: invalid NAT-T dport specified.\n", 5804 __func__)); 5805 return (EINVAL); 5806 } 5807 sav->natt->dport = port->sadb_x_nat_t_port_port; 5808 5809 /* 5810 * SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR are optional 5811 * and needed only for transport mode IPsec. 5812 * Usually NAT translates only one address, but it is possible, 5813 * that both addresses could be translated. 5814 * NOTE: Value of SADB_X_EXT_NAT_T_OAI is equal to SADB_X_EXT_NAT_T_OA. 5815 */ 5816 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAI)) { 5817 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAI)) { 5818 ipseclog((LOG_DEBUG, 5819 "%s: invalid message: wrong header size.\n", 5820 __func__)); 5821 return (EINVAL); 5822 } 5823 oai = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI]; 5824 } else 5825 oai = NULL; 5826 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAR)) { 5827 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAR)) { 5828 ipseclog((LOG_DEBUG, 5829 "%s: invalid message: wrong header size.\n", 5830 __func__)); 5831 return (EINVAL); 5832 } 5833 oar = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR]; 5834 } else 5835 oar = NULL; 5836 5837 /* Initialize addresses only for transport mode */ 5838 if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) { 5839 cksum = 0; 5840 if (oai != NULL) { 5841 /* Currently we support only AF_INET */ 5842 sa = (struct sockaddr *)(oai + 1); 5843 if (sa->sa_family != AF_INET || 5844 sa->sa_len != sizeof(struct sockaddr_in)) { 5845 ipseclog((LOG_DEBUG, 5846 "%s: wrong NAT-OAi header.\n", 5847 __func__)); 5848 return (EINVAL); 5849 } 5850 /* Ignore address if it the same */ 5851 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5852 sav->sah->saidx.src.sin.sin_addr.s_addr) { 5853 bcopy(sa, &sav->natt->oai.sa, sa->sa_len); 5854 sav->natt->flags |= IPSEC_NATT_F_OAI; 5855 /* Calculate checksum delta */ 5856 addr = sav->sah->saidx.src.sin.sin_addr.s_addr; 5857 cksum = in_addword(cksum, ~addr >> 16); 5858 cksum = in_addword(cksum, ~addr & 0xffff); 5859 addr = sav->natt->oai.sin.sin_addr.s_addr; 5860 cksum = in_addword(cksum, addr >> 16); 5861 cksum = in_addword(cksum, addr & 0xffff); 5862 } 5863 } 5864 if (oar != NULL) { 5865 /* Currently we support only AF_INET */ 5866 sa = (struct sockaddr *)(oar + 1); 5867 if (sa->sa_family != AF_INET || 5868 sa->sa_len != sizeof(struct sockaddr_in)) { 5869 ipseclog((LOG_DEBUG, 5870 "%s: wrong NAT-OAr header.\n", 5871 __func__)); 5872 return (EINVAL); 5873 } 5874 /* Ignore address if it the same */ 5875 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5876 sav->sah->saidx.dst.sin.sin_addr.s_addr) { 5877 bcopy(sa, &sav->natt->oar.sa, sa->sa_len); 5878 sav->natt->flags |= IPSEC_NATT_F_OAR; 5879 /* Calculate checksum delta */ 5880 addr = sav->sah->saidx.dst.sin.sin_addr.s_addr; 5881 cksum = in_addword(cksum, ~addr >> 16); 5882 cksum = in_addword(cksum, ~addr & 0xffff); 5883 addr = sav->natt->oar.sin.sin_addr.s_addr; 5884 cksum = in_addword(cksum, addr >> 16); 5885 cksum = in_addword(cksum, addr & 0xffff); 5886 } 5887 } 5888 sav->natt->cksum = cksum; 5889 } 5890 return (0); 5891 } 5892 5893 static int 5894 key_setident(struct secashead *sah, const struct sadb_msghdr *mhp) 5895 { 5896 const struct sadb_ident *idsrc, *iddst; 5897 5898 IPSEC_ASSERT(sah != NULL, ("null secashead")); 5899 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5900 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5901 5902 /* don't make buffer if not there */ 5903 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) && 5904 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5905 sah->idents = NULL; 5906 sah->identd = NULL; 5907 return (0); 5908 } 5909 5910 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) || 5911 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5912 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__)); 5913 return (EINVAL); 5914 } 5915 5916 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC]; 5917 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST]; 5918 5919 /* validity check */ 5920 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { 5921 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__)); 5922 return EINVAL; 5923 } 5924 5925 switch (idsrc->sadb_ident_type) { 5926 case SADB_IDENTTYPE_PREFIX: 5927 case SADB_IDENTTYPE_FQDN: 5928 case SADB_IDENTTYPE_USERFQDN: 5929 default: 5930 /* XXX do nothing */ 5931 sah->idents = NULL; 5932 sah->identd = NULL; 5933 return 0; 5934 } 5935 5936 /* make structure */ 5937 sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5938 if (sah->idents == NULL) { 5939 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5940 return ENOBUFS; 5941 } 5942 sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5943 if (sah->identd == NULL) { 5944 free(sah->idents, M_IPSEC_MISC); 5945 sah->idents = NULL; 5946 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5947 return ENOBUFS; 5948 } 5949 sah->idents->type = idsrc->sadb_ident_type; 5950 sah->idents->id = idsrc->sadb_ident_id; 5951 5952 sah->identd->type = iddst->sadb_ident_type; 5953 sah->identd->id = iddst->sadb_ident_id; 5954 5955 return 0; 5956 } 5957 5958 /* 5959 * m will not be freed on return. 5960 * it is caller's responsibility to free the result. 5961 * 5962 * Called from SADB_ADD and SADB_UPDATE. Reply will contain headers 5963 * from the request in defined order. 5964 */ 5965 static struct mbuf * 5966 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp) 5967 { 5968 struct mbuf *n; 5969 5970 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5971 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5972 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5973 5974 /* create new sadb_msg to reply. */ 5975 n = key_gather_mbuf(m, mhp, 1, 16, SADB_EXT_RESERVED, 5976 SADB_EXT_SA, SADB_X_EXT_SA2, 5977 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, 5978 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 5979 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 5980 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT, 5981 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, 5982 SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NEW_ADDRESS_SRC, 5983 SADB_X_EXT_NEW_ADDRESS_DST); 5984 if (!n) 5985 return NULL; 5986 5987 if (n->m_len < sizeof(struct sadb_msg)) { 5988 n = m_pullup(n, sizeof(struct sadb_msg)); 5989 if (n == NULL) 5990 return NULL; 5991 } 5992 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; 5993 mtod(n, struct sadb_msg *)->sadb_msg_len = 5994 PFKEY_UNIT64(n->m_pkthdr.len); 5995 5996 return n; 5997 } 5998 5999 /* 6000 * SADB_DELETE processing 6001 * receive 6002 * <base, SA(*), address(SD)> 6003 * from the ikmpd, and set SADB_SASTATE_DEAD, 6004 * and send, 6005 * <base, SA(*), address(SD)> 6006 * to the ikmpd. 6007 * 6008 * m will always be freed. 6009 */ 6010 static int 6011 key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6012 { 6013 struct secasindex saidx; 6014 struct sadb_address *src0, *dst0; 6015 struct secasvar *sav; 6016 struct sadb_sa *sa0; 6017 uint8_t proto; 6018 6019 IPSEC_ASSERT(so != NULL, ("null socket")); 6020 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6021 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6022 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6023 6024 /* map satype to proto */ 6025 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6026 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6027 __func__)); 6028 return key_senderror(so, m, EINVAL); 6029 } 6030 6031 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6032 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 6033 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6034 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6035 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 6036 __func__)); 6037 return key_senderror(so, m, EINVAL); 6038 } 6039 6040 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 6041 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 6042 6043 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6044 (struct sockaddr *)(dst0 + 1)) != 0) { 6045 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6046 return (key_senderror(so, m, EINVAL)); 6047 } 6048 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6049 if (SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 6050 /* 6051 * Caller wants us to delete all non-LARVAL SAs 6052 * that match the src/dst. This is used during 6053 * IKE INITIAL-CONTACT. 6054 * XXXAE: this looks like some extension to RFC2367. 6055 */ 6056 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__)); 6057 return (key_delete_all(so, m, mhp, &saidx)); 6058 } 6059 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 6060 ipseclog((LOG_DEBUG, 6061 "%s: invalid message: wrong header size.\n", __func__)); 6062 return (key_senderror(so, m, EINVAL)); 6063 } 6064 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6065 SPI_ALLOC_LOCK(); 6066 if (proto == IPPROTO_TCP) 6067 sav = key_getsav_tcpmd5(&saidx, NULL); 6068 else 6069 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6070 SPI_ALLOC_UNLOCK(); 6071 if (sav == NULL) { 6072 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u.\n", 6073 __func__, ntohl(sa0->sadb_sa_spi))); 6074 return (key_senderror(so, m, ESRCH)); 6075 } 6076 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6077 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6078 __func__, ntohl(sav->spi))); 6079 key_freesav(&sav); 6080 return (key_senderror(so, m, ESRCH)); 6081 } 6082 KEYDBG(KEY_STAMP, 6083 printf("%s: SA(%p)\n", __func__, sav)); 6084 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6085 key_unlinksav(sav); 6086 key_freesav(&sav); 6087 6088 { 6089 struct mbuf *n; 6090 struct sadb_msg *newmsg; 6091 6092 /* create new sadb_msg to reply. */ 6093 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 6094 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6095 if (!n) 6096 return key_senderror(so, m, ENOBUFS); 6097 6098 if (n->m_len < sizeof(struct sadb_msg)) { 6099 n = m_pullup(n, sizeof(struct sadb_msg)); 6100 if (n == NULL) 6101 return key_senderror(so, m, ENOBUFS); 6102 } 6103 newmsg = mtod(n, struct sadb_msg *); 6104 newmsg->sadb_msg_errno = 0; 6105 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6106 6107 m_freem(m); 6108 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6109 } 6110 } 6111 6112 /* 6113 * delete all SAs for src/dst. Called from key_delete(). 6114 */ 6115 static int 6116 key_delete_all(struct socket *so, struct mbuf *m, 6117 const struct sadb_msghdr *mhp, struct secasindex *saidx) 6118 { 6119 struct secasvar_queue drainq; 6120 struct secashead *sah; 6121 struct secasvar *sav, *nextsav; 6122 6123 TAILQ_INIT(&drainq); 6124 SAHTREE_WLOCK(); 6125 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 6126 if (key_cmpsaidx(&sah->saidx, saidx, CMP_HEAD) == 0) 6127 continue; 6128 /* Move all ALIVE SAs into drainq */ 6129 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6130 } 6131 /* Unlink all queued SAs from SPI hash */ 6132 TAILQ_FOREACH(sav, &drainq, chain) { 6133 sav->state = SADB_SASTATE_DEAD; 6134 LIST_REMOVE(sav, spihash); 6135 } 6136 SAHTREE_WUNLOCK(); 6137 /* Now we can release reference for all SAs in drainq */ 6138 sav = TAILQ_FIRST(&drainq); 6139 while (sav != NULL) { 6140 KEYDBG(KEY_STAMP, 6141 printf("%s: SA(%p)\n", __func__, sav)); 6142 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6143 nextsav = TAILQ_NEXT(sav, chain); 6144 key_freesah(&sav->sah); /* release reference from SAV */ 6145 key_freesav(&sav); /* release last reference */ 6146 sav = nextsav; 6147 } 6148 6149 { 6150 struct mbuf *n; 6151 struct sadb_msg *newmsg; 6152 6153 /* create new sadb_msg to reply. */ 6154 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, 6155 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6156 if (!n) 6157 return key_senderror(so, m, ENOBUFS); 6158 6159 if (n->m_len < sizeof(struct sadb_msg)) { 6160 n = m_pullup(n, sizeof(struct sadb_msg)); 6161 if (n == NULL) 6162 return key_senderror(so, m, ENOBUFS); 6163 } 6164 newmsg = mtod(n, struct sadb_msg *); 6165 newmsg->sadb_msg_errno = 0; 6166 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6167 6168 m_freem(m); 6169 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6170 } 6171 } 6172 6173 /* 6174 * Delete all alive SAs for corresponding xform. 6175 * Larval SAs have not initialized tdb_xform, so it is safe to leave them 6176 * here when xform disappears. 6177 */ 6178 void 6179 key_delete_xform(const struct xformsw *xsp) 6180 { 6181 struct secasvar_queue drainq; 6182 struct secashead *sah; 6183 struct secasvar *sav, *nextsav; 6184 6185 TAILQ_INIT(&drainq); 6186 SAHTREE_WLOCK(); 6187 TAILQ_FOREACH(sah, &V_sahtree, chain) { 6188 sav = TAILQ_FIRST(&sah->savtree_alive); 6189 if (sav == NULL) 6190 continue; 6191 if (sav->tdb_xform != xsp) 6192 continue; 6193 /* 6194 * It is supposed that all SAs in the chain are related to 6195 * one xform. 6196 */ 6197 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6198 } 6199 /* Unlink all queued SAs from SPI hash */ 6200 TAILQ_FOREACH(sav, &drainq, chain) { 6201 sav->state = SADB_SASTATE_DEAD; 6202 LIST_REMOVE(sav, spihash); 6203 } 6204 SAHTREE_WUNLOCK(); 6205 6206 /* Now we can release reference for all SAs in drainq */ 6207 sav = TAILQ_FIRST(&drainq); 6208 while (sav != NULL) { 6209 KEYDBG(KEY_STAMP, 6210 printf("%s: SA(%p)\n", __func__, sav)); 6211 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6212 nextsav = TAILQ_NEXT(sav, chain); 6213 key_freesah(&sav->sah); /* release reference from SAV */ 6214 key_freesav(&sav); /* release last reference */ 6215 sav = nextsav; 6216 } 6217 } 6218 6219 /* 6220 * SADB_GET processing 6221 * receive 6222 * <base, SA(*), address(SD)> 6223 * from the ikmpd, and get a SP and a SA to respond, 6224 * and send, 6225 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), 6226 * (identity(SD),) (sensitivity)> 6227 * to the ikmpd. 6228 * 6229 * m will always be freed. 6230 */ 6231 static int 6232 key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6233 { 6234 struct secasindex saidx; 6235 struct sadb_address *src0, *dst0; 6236 struct sadb_sa *sa0; 6237 struct secasvar *sav; 6238 uint8_t proto; 6239 6240 IPSEC_ASSERT(so != NULL, ("null socket")); 6241 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6242 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6243 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6244 6245 /* map satype to proto */ 6246 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6247 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6248 __func__)); 6249 return key_senderror(so, m, EINVAL); 6250 } 6251 6252 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 6253 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6254 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST)) { 6255 ipseclog((LOG_DEBUG, 6256 "%s: invalid message: missing required header.\n", 6257 __func__)); 6258 return key_senderror(so, m, EINVAL); 6259 } 6260 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 6261 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6262 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6263 ipseclog((LOG_DEBUG, 6264 "%s: invalid message: wrong header size.\n", __func__)); 6265 return key_senderror(so, m, EINVAL); 6266 } 6267 6268 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6269 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 6270 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 6271 6272 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6273 (struct sockaddr *)(dst0 + 1)) != 0) { 6274 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6275 return key_senderror(so, m, EINVAL); 6276 } 6277 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6278 6279 SPI_ALLOC_LOCK(); 6280 if (proto == IPPROTO_TCP) 6281 sav = key_getsav_tcpmd5(&saidx, NULL); 6282 else 6283 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6284 SPI_ALLOC_UNLOCK(); 6285 if (sav == NULL) { 6286 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); 6287 return key_senderror(so, m, ESRCH); 6288 } 6289 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6290 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6291 __func__, ntohl(sa0->sadb_sa_spi))); 6292 key_freesav(&sav); 6293 return (key_senderror(so, m, ESRCH)); 6294 } 6295 6296 { 6297 struct mbuf *n; 6298 uint8_t satype; 6299 6300 /* map proto to satype */ 6301 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { 6302 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n", 6303 __func__)); 6304 key_freesav(&sav); 6305 return key_senderror(so, m, EINVAL); 6306 } 6307 6308 /* create new sadb_msg to reply. */ 6309 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, 6310 mhp->msg->sadb_msg_pid); 6311 6312 key_freesav(&sav); 6313 if (!n) 6314 return key_senderror(so, m, ENOBUFS); 6315 6316 m_freem(m); 6317 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 6318 } 6319 } 6320 6321 /* XXX make it sysctl-configurable? */ 6322 static void 6323 key_getcomb_setlifetime(struct sadb_comb *comb) 6324 { 6325 6326 comb->sadb_comb_soft_allocations = 1; 6327 comb->sadb_comb_hard_allocations = 1; 6328 comb->sadb_comb_soft_bytes = 0; 6329 comb->sadb_comb_hard_bytes = 0; 6330 comb->sadb_comb_hard_addtime = 86400; /* 1 day */ 6331 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; 6332 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */ 6333 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100; 6334 } 6335 6336 /* 6337 * XXX reorder combinations by preference 6338 * XXX no idea if the user wants ESP authentication or not 6339 */ 6340 static struct mbuf * 6341 key_getcomb_ealg(void) 6342 { 6343 struct sadb_comb *comb; 6344 const struct enc_xform *algo; 6345 struct mbuf *result = NULL, *m, *n; 6346 int encmin; 6347 int i, off, o; 6348 int totlen; 6349 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6350 6351 m = NULL; 6352 for (i = 1; i <= SADB_EALG_MAX; i++) { 6353 algo = enc_algorithm_lookup(i); 6354 if (algo == NULL) 6355 continue; 6356 6357 /* discard algorithms with key size smaller than system min */ 6358 if (_BITS(algo->maxkey) < V_ipsec_esp_keymin) 6359 continue; 6360 if (_BITS(algo->minkey) < V_ipsec_esp_keymin) 6361 encmin = V_ipsec_esp_keymin; 6362 else 6363 encmin = _BITS(algo->minkey); 6364 6365 if (V_ipsec_esp_auth) 6366 m = key_getcomb_ah(); 6367 else { 6368 IPSEC_ASSERT(l <= MLEN, 6369 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6370 MGET(m, M_NOWAIT, MT_DATA); 6371 if (m) { 6372 M_ALIGN(m, l); 6373 m->m_len = l; 6374 m->m_next = NULL; 6375 bzero(mtod(m, caddr_t), m->m_len); 6376 } 6377 } 6378 if (!m) 6379 goto fail; 6380 6381 totlen = 0; 6382 for (n = m; n; n = n->m_next) 6383 totlen += n->m_len; 6384 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l)); 6385 6386 for (off = 0; off < totlen; off += l) { 6387 n = m_pulldown(m, off, l, &o); 6388 if (!n) { 6389 /* m is already freed */ 6390 goto fail; 6391 } 6392 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o); 6393 bzero(comb, sizeof(*comb)); 6394 key_getcomb_setlifetime(comb); 6395 comb->sadb_comb_encrypt = i; 6396 comb->sadb_comb_encrypt_minbits = encmin; 6397 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey); 6398 } 6399 6400 if (!result) 6401 result = m; 6402 else 6403 m_cat(result, m); 6404 } 6405 6406 return result; 6407 6408 fail: 6409 if (result) 6410 m_freem(result); 6411 return NULL; 6412 } 6413 6414 static void 6415 key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min, 6416 u_int16_t* max) 6417 { 6418 6419 *min = *max = ah->hashsize; 6420 if (ah->keysize == 0) { 6421 /* 6422 * Transform takes arbitrary key size but algorithm 6423 * key size is restricted. Enforce this here. 6424 */ 6425 switch (alg) { 6426 case SADB_X_AALG_NULL: *min = 1; *max = 256; break; 6427 case SADB_X_AALG_SHA2_256: *min = *max = 32; break; 6428 case SADB_X_AALG_SHA2_384: *min = *max = 48; break; 6429 case SADB_X_AALG_SHA2_512: *min = *max = 64; break; 6430 default: 6431 DPRINTF(("%s: unknown AH algorithm %u\n", 6432 __func__, alg)); 6433 break; 6434 } 6435 } 6436 } 6437 6438 /* 6439 * XXX reorder combinations by preference 6440 */ 6441 static struct mbuf * 6442 key_getcomb_ah(void) 6443 { 6444 const struct auth_hash *algo; 6445 struct sadb_comb *comb; 6446 struct mbuf *m; 6447 u_int16_t minkeysize, maxkeysize; 6448 int i; 6449 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6450 6451 m = NULL; 6452 for (i = 1; i <= SADB_AALG_MAX; i++) { 6453 #if 1 6454 /* we prefer HMAC algorithms, not old algorithms */ 6455 if (i != SADB_AALG_SHA1HMAC && 6456 i != SADB_X_AALG_SHA2_256 && 6457 i != SADB_X_AALG_SHA2_384 && 6458 i != SADB_X_AALG_SHA2_512) 6459 continue; 6460 #endif 6461 algo = auth_algorithm_lookup(i); 6462 if (!algo) 6463 continue; 6464 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize); 6465 /* discard algorithms with key size smaller than system min */ 6466 if (_BITS(minkeysize) < V_ipsec_ah_keymin) 6467 continue; 6468 6469 if (!m) { 6470 IPSEC_ASSERT(l <= MLEN, 6471 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6472 MGET(m, M_NOWAIT, MT_DATA); 6473 if (m) { 6474 M_ALIGN(m, l); 6475 m->m_len = l; 6476 m->m_next = NULL; 6477 } 6478 } else 6479 M_PREPEND(m, l, M_NOWAIT); 6480 if (!m) 6481 return NULL; 6482 6483 comb = mtod(m, struct sadb_comb *); 6484 bzero(comb, sizeof(*comb)); 6485 key_getcomb_setlifetime(comb); 6486 comb->sadb_comb_auth = i; 6487 comb->sadb_comb_auth_minbits = _BITS(minkeysize); 6488 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize); 6489 } 6490 6491 return m; 6492 } 6493 6494 /* 6495 * not really an official behavior. discussed in pf_key@inner.net in Sep2000. 6496 * XXX reorder combinations by preference 6497 */ 6498 static struct mbuf * 6499 key_getcomb_ipcomp(void) 6500 { 6501 const struct comp_algo *algo; 6502 struct sadb_comb *comb; 6503 struct mbuf *m; 6504 int i; 6505 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6506 6507 m = NULL; 6508 for (i = 1; i <= SADB_X_CALG_MAX; i++) { 6509 algo = comp_algorithm_lookup(i); 6510 if (!algo) 6511 continue; 6512 6513 if (!m) { 6514 IPSEC_ASSERT(l <= MLEN, 6515 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6516 MGET(m, M_NOWAIT, MT_DATA); 6517 if (m) { 6518 M_ALIGN(m, l); 6519 m->m_len = l; 6520 m->m_next = NULL; 6521 } 6522 } else 6523 M_PREPEND(m, l, M_NOWAIT); 6524 if (!m) 6525 return NULL; 6526 6527 comb = mtod(m, struct sadb_comb *); 6528 bzero(comb, sizeof(*comb)); 6529 key_getcomb_setlifetime(comb); 6530 comb->sadb_comb_encrypt = i; 6531 /* what should we set into sadb_comb_*_{min,max}bits? */ 6532 } 6533 6534 return m; 6535 } 6536 6537 /* 6538 * XXX no way to pass mode (transport/tunnel) to userland 6539 * XXX replay checking? 6540 * XXX sysctl interface to ipsec_{ah,esp}_keymin 6541 */ 6542 static struct mbuf * 6543 key_getprop(const struct secasindex *saidx) 6544 { 6545 struct sadb_prop *prop; 6546 struct mbuf *m, *n; 6547 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop)); 6548 int totlen; 6549 6550 switch (saidx->proto) { 6551 case IPPROTO_ESP: 6552 m = key_getcomb_ealg(); 6553 break; 6554 case IPPROTO_AH: 6555 m = key_getcomb_ah(); 6556 break; 6557 case IPPROTO_IPCOMP: 6558 m = key_getcomb_ipcomp(); 6559 break; 6560 default: 6561 return NULL; 6562 } 6563 6564 if (!m) 6565 return NULL; 6566 M_PREPEND(m, l, M_NOWAIT); 6567 if (!m) 6568 return NULL; 6569 6570 totlen = 0; 6571 for (n = m; n; n = n->m_next) 6572 totlen += n->m_len; 6573 6574 prop = mtod(m, struct sadb_prop *); 6575 bzero(prop, sizeof(*prop)); 6576 prop->sadb_prop_len = PFKEY_UNIT64(totlen); 6577 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 6578 prop->sadb_prop_replay = 32; /* XXX */ 6579 6580 return m; 6581 } 6582 6583 /* 6584 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2(). 6585 * send 6586 * <base, SA, address(SD), (address(P)), x_policy, 6587 * (identity(SD),) (sensitivity,) proposal> 6588 * to KMD, and expect to receive 6589 * <base> with SADB_ACQUIRE if error occurred, 6590 * or 6591 * <base, src address, dst address, (SPI range)> with SADB_GETSPI 6592 * from KMD by PF_KEY. 6593 * 6594 * XXX x_policy is outside of RFC2367 (KAME extension). 6595 * XXX sensitivity is not supported. 6596 * XXX for ipcomp, RFC2367 does not define how to fill in proposal. 6597 * see comment for key_getcomb_ipcomp(). 6598 * 6599 * OUT: 6600 * 0 : succeed 6601 * others: error number 6602 */ 6603 static int 6604 key_acquire(const struct secasindex *saidx, struct secpolicy *sp) 6605 { 6606 union sockaddr_union addr; 6607 struct mbuf *result, *m; 6608 uint32_t seq; 6609 int error; 6610 uint16_t ul_proto; 6611 uint8_t mask, satype; 6612 6613 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 6614 satype = key_proto2satype(saidx->proto); 6615 IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto)); 6616 6617 error = -1; 6618 result = NULL; 6619 ul_proto = IPSEC_ULPROTO_ANY; 6620 6621 /* Get seq number to check whether sending message or not. */ 6622 seq = key_getacq(saidx, &error); 6623 if (seq == 0) 6624 return (error); 6625 6626 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0); 6627 if (!m) { 6628 error = ENOBUFS; 6629 goto fail; 6630 } 6631 result = m; 6632 6633 /* 6634 * set sadb_address for saidx's. 6635 * 6636 * Note that if sp is supplied, then we're being called from 6637 * key_allocsa_policy() and should supply port and protocol 6638 * information. 6639 * XXXAE: why only TCP and UDP? ICMP and SCTP looks applicable too. 6640 * XXXAE: probably we can handle this in the ipsec[46]_allocsa(). 6641 * XXXAE: it looks like we should save this info in the ACQ entry. 6642 */ 6643 if (sp != NULL && (sp->spidx.ul_proto == IPPROTO_TCP || 6644 sp->spidx.ul_proto == IPPROTO_UDP)) 6645 ul_proto = sp->spidx.ul_proto; 6646 6647 addr = saidx->src; 6648 mask = FULLMASK; 6649 if (ul_proto != IPSEC_ULPROTO_ANY) { 6650 switch (sp->spidx.src.sa.sa_family) { 6651 case AF_INET: 6652 if (sp->spidx.src.sin.sin_port != IPSEC_PORT_ANY) { 6653 addr.sin.sin_port = sp->spidx.src.sin.sin_port; 6654 mask = sp->spidx.prefs; 6655 } 6656 break; 6657 case AF_INET6: 6658 if (sp->spidx.src.sin6.sin6_port != IPSEC_PORT_ANY) { 6659 addr.sin6.sin6_port = 6660 sp->spidx.src.sin6.sin6_port; 6661 mask = sp->spidx.prefs; 6662 } 6663 break; 6664 default: 6665 break; 6666 } 6667 } 6668 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &addr.sa, mask, ul_proto); 6669 if (!m) { 6670 error = ENOBUFS; 6671 goto fail; 6672 } 6673 m_cat(result, m); 6674 6675 addr = saidx->dst; 6676 mask = FULLMASK; 6677 if (ul_proto != IPSEC_ULPROTO_ANY) { 6678 switch (sp->spidx.dst.sa.sa_family) { 6679 case AF_INET: 6680 if (sp->spidx.dst.sin.sin_port != IPSEC_PORT_ANY) { 6681 addr.sin.sin_port = sp->spidx.dst.sin.sin_port; 6682 mask = sp->spidx.prefd; 6683 } 6684 break; 6685 case AF_INET6: 6686 if (sp->spidx.dst.sin6.sin6_port != IPSEC_PORT_ANY) { 6687 addr.sin6.sin6_port = 6688 sp->spidx.dst.sin6.sin6_port; 6689 mask = sp->spidx.prefd; 6690 } 6691 break; 6692 default: 6693 break; 6694 } 6695 } 6696 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &addr.sa, mask, ul_proto); 6697 if (!m) { 6698 error = ENOBUFS; 6699 goto fail; 6700 } 6701 m_cat(result, m); 6702 6703 /* XXX proxy address (optional) */ 6704 6705 /* 6706 * Set sadb_x_policy. This is KAME extension to RFC2367. 6707 */ 6708 if (sp != NULL) { 6709 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, 6710 sp->priority); 6711 if (!m) { 6712 error = ENOBUFS; 6713 goto fail; 6714 } 6715 m_cat(result, m); 6716 } 6717 6718 /* 6719 * Set sadb_x_sa2 extension if saidx->reqid is not zero. 6720 * This is FreeBSD extension to RFC2367. 6721 */ 6722 if (saidx->reqid != 0) { 6723 m = key_setsadbxsa2(saidx->mode, 0, saidx->reqid); 6724 if (m == NULL) { 6725 error = ENOBUFS; 6726 goto fail; 6727 } 6728 m_cat(result, m); 6729 } 6730 /* XXX identity (optional) */ 6731 #if 0 6732 if (idexttype && fqdn) { 6733 /* create identity extension (FQDN) */ 6734 struct sadb_ident *id; 6735 int fqdnlen; 6736 6737 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */ 6738 id = (struct sadb_ident *)p; 6739 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6740 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6741 id->sadb_ident_exttype = idexttype; 6742 id->sadb_ident_type = SADB_IDENTTYPE_FQDN; 6743 bcopy(fqdn, id + 1, fqdnlen); 6744 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen); 6745 } 6746 6747 if (idexttype) { 6748 /* create identity extension (USERFQDN) */ 6749 struct sadb_ident *id; 6750 int userfqdnlen; 6751 6752 if (userfqdn) { 6753 /* +1 for terminating-NUL */ 6754 userfqdnlen = strlen(userfqdn) + 1; 6755 } else 6756 userfqdnlen = 0; 6757 id = (struct sadb_ident *)p; 6758 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6759 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6760 id->sadb_ident_exttype = idexttype; 6761 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; 6762 /* XXX is it correct? */ 6763 if (curproc && curproc->p_cred) 6764 id->sadb_ident_id = curproc->p_cred->p_ruid; 6765 if (userfqdn && userfqdnlen) 6766 bcopy(userfqdn, id + 1, userfqdnlen); 6767 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen); 6768 } 6769 #endif 6770 6771 /* XXX sensitivity (optional) */ 6772 6773 /* create proposal/combination extension */ 6774 m = key_getprop(saidx); 6775 #if 0 6776 /* 6777 * spec conformant: always attach proposal/combination extension, 6778 * the problem is that we have no way to attach it for ipcomp, 6779 * due to the way sadb_comb is declared in RFC2367. 6780 */ 6781 if (!m) { 6782 error = ENOBUFS; 6783 goto fail; 6784 } 6785 m_cat(result, m); 6786 #else 6787 /* 6788 * outside of spec; make proposal/combination extension optional. 6789 */ 6790 if (m) 6791 m_cat(result, m); 6792 #endif 6793 6794 if ((result->m_flags & M_PKTHDR) == 0) { 6795 error = EINVAL; 6796 goto fail; 6797 } 6798 6799 if (result->m_len < sizeof(struct sadb_msg)) { 6800 result = m_pullup(result, sizeof(struct sadb_msg)); 6801 if (result == NULL) { 6802 error = ENOBUFS; 6803 goto fail; 6804 } 6805 } 6806 6807 result->m_pkthdr.len = 0; 6808 for (m = result; m; m = m->m_next) 6809 result->m_pkthdr.len += m->m_len; 6810 6811 mtod(result, struct sadb_msg *)->sadb_msg_len = 6812 PFKEY_UNIT64(result->m_pkthdr.len); 6813 6814 KEYDBG(KEY_STAMP, 6815 printf("%s: SP(%p)\n", __func__, sp)); 6816 KEYDBG(KEY_DATA, kdebug_secasindex(saidx, NULL)); 6817 6818 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 6819 6820 fail: 6821 if (result) 6822 m_freem(result); 6823 return error; 6824 } 6825 6826 static uint32_t 6827 key_newacq(const struct secasindex *saidx, int *perror) 6828 { 6829 struct secacq *acq; 6830 uint32_t seq; 6831 6832 acq = malloc(sizeof(*acq), M_IPSEC_SAQ, M_NOWAIT | M_ZERO); 6833 if (acq == NULL) { 6834 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6835 *perror = ENOBUFS; 6836 return (0); 6837 } 6838 6839 /* copy secindex */ 6840 bcopy(saidx, &acq->saidx, sizeof(acq->saidx)); 6841 acq->created = time_second; 6842 acq->count = 0; 6843 6844 /* add to acqtree */ 6845 ACQ_LOCK(); 6846 seq = acq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq); 6847 LIST_INSERT_HEAD(&V_acqtree, acq, chain); 6848 LIST_INSERT_HEAD(ACQADDRHASH_HASH(saidx), acq, addrhash); 6849 LIST_INSERT_HEAD(ACQSEQHASH_HASH(seq), acq, seqhash); 6850 ACQ_UNLOCK(); 6851 *perror = 0; 6852 return (seq); 6853 } 6854 6855 static uint32_t 6856 key_getacq(const struct secasindex *saidx, int *perror) 6857 { 6858 struct secacq *acq; 6859 uint32_t seq; 6860 6861 ACQ_LOCK(); 6862 LIST_FOREACH(acq, ACQADDRHASH_HASH(saidx), addrhash) { 6863 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY)) { 6864 if (acq->count > V_key_blockacq_count) { 6865 /* 6866 * Reset counter and send message. 6867 * Also reset created time to keep ACQ for 6868 * this saidx. 6869 */ 6870 acq->created = time_second; 6871 acq->count = 0; 6872 seq = acq->seq; 6873 } else { 6874 /* 6875 * Increment counter and do nothing. 6876 * We send SADB_ACQUIRE message only 6877 * for each V_key_blockacq_count packet. 6878 */ 6879 acq->count++; 6880 seq = 0; 6881 } 6882 break; 6883 } 6884 } 6885 ACQ_UNLOCK(); 6886 if (acq != NULL) { 6887 *perror = 0; 6888 return (seq); 6889 } 6890 /* allocate new entry */ 6891 return (key_newacq(saidx, perror)); 6892 } 6893 6894 static int 6895 key_acqreset(uint32_t seq) 6896 { 6897 struct secacq *acq; 6898 6899 ACQ_LOCK(); 6900 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6901 if (acq->seq == seq) { 6902 acq->count = 0; 6903 acq->created = time_second; 6904 break; 6905 } 6906 } 6907 ACQ_UNLOCK(); 6908 if (acq == NULL) 6909 return (ESRCH); 6910 return (0); 6911 } 6912 /* 6913 * Mark ACQ entry as stale to remove it in key_flush_acq(). 6914 * Called after successful SADB_GETSPI message. 6915 */ 6916 static int 6917 key_acqdone(const struct secasindex *saidx, uint32_t seq) 6918 { 6919 struct secacq *acq; 6920 6921 ACQ_LOCK(); 6922 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6923 if (acq->seq == seq) 6924 break; 6925 } 6926 if (acq != NULL) { 6927 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY) == 0) { 6928 ipseclog((LOG_DEBUG, 6929 "%s: Mismatched saidx for ACQ %u\n", __func__, seq)); 6930 acq = NULL; 6931 } else { 6932 acq->created = 0; 6933 } 6934 } else { 6935 ipseclog((LOG_DEBUG, 6936 "%s: ACQ %u is not found.\n", __func__, seq)); 6937 } 6938 ACQ_UNLOCK(); 6939 if (acq == NULL) 6940 return (ESRCH); 6941 return (0); 6942 } 6943 6944 static struct secspacq * 6945 key_newspacq(struct secpolicyindex *spidx) 6946 { 6947 struct secspacq *acq; 6948 6949 /* get new entry */ 6950 acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO); 6951 if (acq == NULL) { 6952 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6953 return NULL; 6954 } 6955 6956 /* copy secindex */ 6957 bcopy(spidx, &acq->spidx, sizeof(acq->spidx)); 6958 acq->created = time_second; 6959 acq->count = 0; 6960 6961 /* add to spacqtree */ 6962 SPACQ_LOCK(); 6963 LIST_INSERT_HEAD(&V_spacqtree, acq, chain); 6964 SPACQ_UNLOCK(); 6965 6966 return acq; 6967 } 6968 6969 static struct secspacq * 6970 key_getspacq(struct secpolicyindex *spidx) 6971 { 6972 struct secspacq *acq; 6973 6974 SPACQ_LOCK(); 6975 LIST_FOREACH(acq, &V_spacqtree, chain) { 6976 if (key_cmpspidx_exactly(spidx, &acq->spidx)) { 6977 /* NB: return holding spacq_lock */ 6978 return acq; 6979 } 6980 } 6981 SPACQ_UNLOCK(); 6982 6983 return NULL; 6984 } 6985 6986 /* 6987 * SADB_ACQUIRE processing, 6988 * in first situation, is receiving 6989 * <base> 6990 * from the ikmpd, and clear sequence of its secasvar entry. 6991 * 6992 * In second situation, is receiving 6993 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6994 * from a user land process, and return 6995 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6996 * to the socket. 6997 * 6998 * m will always be freed. 6999 */ 7000 static int 7001 key_acquire2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7002 { 7003 SAHTREE_RLOCK_TRACKER; 7004 struct sadb_address *src0, *dst0; 7005 struct secasindex saidx; 7006 struct secashead *sah; 7007 uint32_t reqid; 7008 int error; 7009 uint8_t mode, proto; 7010 7011 IPSEC_ASSERT(so != NULL, ("null socket")); 7012 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7013 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7014 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7015 7016 /* 7017 * Error message from KMd. 7018 * We assume that if error was occurred in IKEd, the length of PFKEY 7019 * message is equal to the size of sadb_msg structure. 7020 * We do not raise error even if error occurred in this function. 7021 */ 7022 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) { 7023 /* check sequence number */ 7024 if (mhp->msg->sadb_msg_seq == 0 || 7025 mhp->msg->sadb_msg_errno == 0) { 7026 ipseclog((LOG_DEBUG, "%s: must specify sequence " 7027 "number and errno.\n", __func__)); 7028 } else { 7029 /* 7030 * IKEd reported that error occurred. 7031 * XXXAE: what it expects from the kernel? 7032 * Probably we should send SADB_ACQUIRE again? 7033 * If so, reset ACQ's state. 7034 * XXXAE: it looks useless. 7035 */ 7036 key_acqreset(mhp->msg->sadb_msg_seq); 7037 } 7038 m_freem(m); 7039 return (0); 7040 } 7041 7042 /* 7043 * This message is from user land. 7044 */ 7045 7046 /* map satype to proto */ 7047 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7048 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7049 __func__)); 7050 return key_senderror(so, m, EINVAL); 7051 } 7052 7053 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 7054 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 7055 SADB_CHECKHDR(mhp, SADB_EXT_PROPOSAL)) { 7056 ipseclog((LOG_DEBUG, 7057 "%s: invalid message: missing required header.\n", 7058 __func__)); 7059 return key_senderror(so, m, EINVAL); 7060 } 7061 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 7062 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 7063 SADB_CHECKLEN(mhp, SADB_EXT_PROPOSAL)) { 7064 ipseclog((LOG_DEBUG, 7065 "%s: invalid message: wrong header size.\n", __func__)); 7066 return key_senderror(so, m, EINVAL); 7067 } 7068 7069 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 7070 mode = IPSEC_MODE_ANY; 7071 reqid = 0; 7072 } else { 7073 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 7074 ipseclog((LOG_DEBUG, 7075 "%s: invalid message: wrong header size.\n", 7076 __func__)); 7077 return key_senderror(so, m, EINVAL); 7078 } 7079 mode = ((struct sadb_x_sa2 *) 7080 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 7081 reqid = ((struct sadb_x_sa2 *) 7082 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 7083 } 7084 7085 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 7086 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 7087 7088 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 7089 (struct sockaddr *)(dst0 + 1)); 7090 if (error != 0) { 7091 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 7092 return key_senderror(so, m, EINVAL); 7093 } 7094 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 7095 7096 /* get a SA index */ 7097 SAHTREE_RLOCK(); 7098 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 7099 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID)) 7100 break; 7101 } 7102 SAHTREE_RUNLOCK(); 7103 if (sah != NULL) { 7104 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__)); 7105 return key_senderror(so, m, EEXIST); 7106 } 7107 7108 error = key_acquire(&saidx, NULL); 7109 if (error != 0) { 7110 ipseclog((LOG_DEBUG, 7111 "%s: error %d returned from key_acquire()\n", 7112 __func__, error)); 7113 return key_senderror(so, m, error); 7114 } 7115 m_freem(m); 7116 return (0); 7117 } 7118 7119 /* 7120 * SADB_REGISTER processing. 7121 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported. 7122 * receive 7123 * <base> 7124 * from the ikmpd, and register a socket to send PF_KEY messages, 7125 * and send 7126 * <base, supported> 7127 * to KMD by PF_KEY. 7128 * If socket is detached, must free from regnode. 7129 * 7130 * m will always be freed. 7131 */ 7132 static int 7133 key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7134 { 7135 struct secreg *reg, *newreg = NULL; 7136 7137 IPSEC_ASSERT(so != NULL, ("null socket")); 7138 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7139 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7140 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7141 7142 /* check for invalid register message */ 7143 if (mhp->msg->sadb_msg_satype >= sizeof(V_regtree)/sizeof(V_regtree[0])) 7144 return key_senderror(so, m, EINVAL); 7145 7146 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */ 7147 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 7148 goto setmsg; 7149 7150 /* check whether existing or not */ 7151 REGTREE_LOCK(); 7152 LIST_FOREACH(reg, &V_regtree[mhp->msg->sadb_msg_satype], chain) { 7153 if (reg->so == so) { 7154 REGTREE_UNLOCK(); 7155 ipseclog((LOG_DEBUG, "%s: socket exists already.\n", 7156 __func__)); 7157 return key_senderror(so, m, EEXIST); 7158 } 7159 } 7160 7161 /* create regnode */ 7162 newreg = malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO); 7163 if (newreg == NULL) { 7164 REGTREE_UNLOCK(); 7165 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7166 return key_senderror(so, m, ENOBUFS); 7167 } 7168 7169 newreg->so = so; 7170 ((struct keycb *)(so->so_pcb))->kp_registered++; 7171 7172 /* add regnode to regtree. */ 7173 LIST_INSERT_HEAD(&V_regtree[mhp->msg->sadb_msg_satype], newreg, chain); 7174 REGTREE_UNLOCK(); 7175 7176 setmsg: 7177 { 7178 struct mbuf *n; 7179 struct sadb_msg *newmsg; 7180 struct sadb_supported *sup; 7181 u_int len, alen, elen; 7182 int off; 7183 int i; 7184 struct sadb_alg *alg; 7185 7186 /* create new sadb_msg to reply. */ 7187 alen = 0; 7188 for (i = 1; i <= SADB_AALG_MAX; i++) { 7189 if (auth_algorithm_lookup(i)) 7190 alen += sizeof(struct sadb_alg); 7191 } 7192 if (alen) 7193 alen += sizeof(struct sadb_supported); 7194 elen = 0; 7195 for (i = 1; i <= SADB_EALG_MAX; i++) { 7196 if (enc_algorithm_lookup(i)) 7197 elen += sizeof(struct sadb_alg); 7198 } 7199 if (elen) 7200 elen += sizeof(struct sadb_supported); 7201 7202 len = sizeof(struct sadb_msg) + alen + elen; 7203 7204 if (len > MCLBYTES) 7205 return key_senderror(so, m, ENOBUFS); 7206 7207 n = key_mget(len); 7208 if (n == NULL) 7209 return key_senderror(so, m, ENOBUFS); 7210 7211 n->m_pkthdr.len = n->m_len = len; 7212 n->m_next = NULL; 7213 off = 0; 7214 7215 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 7216 newmsg = mtod(n, struct sadb_msg *); 7217 newmsg->sadb_msg_errno = 0; 7218 newmsg->sadb_msg_len = PFKEY_UNIT64(len); 7219 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 7220 7221 /* for authentication algorithm */ 7222 if (alen) { 7223 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7224 sup->sadb_supported_len = PFKEY_UNIT64(alen); 7225 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 7226 off += PFKEY_ALIGN8(sizeof(*sup)); 7227 7228 for (i = 1; i <= SADB_AALG_MAX; i++) { 7229 const struct auth_hash *aalgo; 7230 u_int16_t minkeysize, maxkeysize; 7231 7232 aalgo = auth_algorithm_lookup(i); 7233 if (!aalgo) 7234 continue; 7235 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7236 alg->sadb_alg_id = i; 7237 alg->sadb_alg_ivlen = 0; 7238 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize); 7239 alg->sadb_alg_minbits = _BITS(minkeysize); 7240 alg->sadb_alg_maxbits = _BITS(maxkeysize); 7241 off += PFKEY_ALIGN8(sizeof(*alg)); 7242 } 7243 } 7244 7245 /* for encryption algorithm */ 7246 if (elen) { 7247 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7248 sup->sadb_supported_len = PFKEY_UNIT64(elen); 7249 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 7250 off += PFKEY_ALIGN8(sizeof(*sup)); 7251 7252 for (i = 1; i <= SADB_EALG_MAX; i++) { 7253 const struct enc_xform *ealgo; 7254 7255 ealgo = enc_algorithm_lookup(i); 7256 if (!ealgo) 7257 continue; 7258 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7259 alg->sadb_alg_id = i; 7260 alg->sadb_alg_ivlen = ealgo->ivsize; 7261 alg->sadb_alg_minbits = _BITS(ealgo->minkey); 7262 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey); 7263 off += PFKEY_ALIGN8(sizeof(struct sadb_alg)); 7264 } 7265 } 7266 7267 IPSEC_ASSERT(off == len, 7268 ("length assumption failed (off %u len %u)", off, len)); 7269 7270 m_freem(m); 7271 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); 7272 } 7273 } 7274 7275 /* 7276 * free secreg entry registered. 7277 * XXX: I want to do free a socket marked done SADB_RESIGER to socket. 7278 */ 7279 void 7280 key_freereg(struct socket *so) 7281 { 7282 struct secreg *reg; 7283 int i; 7284 7285 IPSEC_ASSERT(so != NULL, ("NULL so")); 7286 7287 /* 7288 * check whether existing or not. 7289 * check all type of SA, because there is a potential that 7290 * one socket is registered to multiple type of SA. 7291 */ 7292 REGTREE_LOCK(); 7293 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 7294 LIST_FOREACH(reg, &V_regtree[i], chain) { 7295 if (reg->so == so && __LIST_CHAINED(reg)) { 7296 LIST_REMOVE(reg, chain); 7297 free(reg, M_IPSEC_SAR); 7298 break; 7299 } 7300 } 7301 } 7302 REGTREE_UNLOCK(); 7303 } 7304 7305 /* 7306 * SADB_EXPIRE processing 7307 * send 7308 * <base, SA, SA2, lifetime(C and one of HS), address(SD)> 7309 * to KMD by PF_KEY. 7310 * NOTE: We send only soft lifetime extension. 7311 * 7312 * OUT: 0 : succeed 7313 * others : error number 7314 */ 7315 static int 7316 key_expire(struct secasvar *sav, int hard) 7317 { 7318 struct mbuf *result = NULL, *m; 7319 struct sadb_lifetime *lt; 7320 uint32_t replay_count; 7321 int error, len; 7322 uint8_t satype; 7323 7324 SECASVAR_RLOCK_TRACKER; 7325 7326 IPSEC_ASSERT (sav != NULL, ("null sav")); 7327 IPSEC_ASSERT (sav->sah != NULL, ("null sa header")); 7328 7329 KEYDBG(KEY_STAMP, 7330 printf("%s: SA(%p) expired %s lifetime\n", __func__, 7331 sav, hard ? "hard": "soft")); 7332 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 7333 /* set msg header */ 7334 satype = key_proto2satype(sav->sah->saidx.proto); 7335 IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype)); 7336 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); 7337 if (!m) { 7338 error = ENOBUFS; 7339 goto fail; 7340 } 7341 result = m; 7342 7343 /* create SA extension */ 7344 m = key_setsadbsa(sav); 7345 if (!m) { 7346 error = ENOBUFS; 7347 goto fail; 7348 } 7349 m_cat(result, m); 7350 7351 /* create SA extension */ 7352 SECASVAR_RLOCK(sav); 7353 replay_count = sav->replay ? sav->replay->count : 0; 7354 SECASVAR_RUNLOCK(sav); 7355 7356 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 7357 sav->sah->saidx.reqid); 7358 if (!m) { 7359 error = ENOBUFS; 7360 goto fail; 7361 } 7362 m_cat(result, m); 7363 7364 if (sav->replay && sav->replay->wsize > UINT8_MAX) { 7365 m = key_setsadbxsareplay(sav->replay->wsize); 7366 if (!m) { 7367 error = ENOBUFS; 7368 goto fail; 7369 } 7370 m_cat(result, m); 7371 } 7372 7373 /* create lifetime extension (current and soft) */ 7374 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 7375 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 7376 if (m == NULL) { 7377 error = ENOBUFS; 7378 goto fail; 7379 } 7380 m_align(m, len); 7381 m->m_len = len; 7382 bzero(mtod(m, caddr_t), len); 7383 lt = mtod(m, struct sadb_lifetime *); 7384 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7385 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 7386 lt->sadb_lifetime_allocations = 7387 (uint32_t)counter_u64_fetch(sav->lft_c_allocations); 7388 lt->sadb_lifetime_bytes = 7389 counter_u64_fetch(sav->lft_c_bytes); 7390 lt->sadb_lifetime_addtime = sav->created; 7391 lt->sadb_lifetime_usetime = sav->firstused; 7392 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 7393 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7394 if (hard) { 7395 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 7396 lt->sadb_lifetime_allocations = sav->lft_h->allocations; 7397 lt->sadb_lifetime_bytes = sav->lft_h->bytes; 7398 lt->sadb_lifetime_addtime = sav->lft_h->addtime; 7399 lt->sadb_lifetime_usetime = sav->lft_h->usetime; 7400 } else { 7401 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 7402 lt->sadb_lifetime_allocations = sav->lft_s->allocations; 7403 lt->sadb_lifetime_bytes = sav->lft_s->bytes; 7404 lt->sadb_lifetime_addtime = sav->lft_s->addtime; 7405 lt->sadb_lifetime_usetime = sav->lft_s->usetime; 7406 } 7407 m_cat(result, m); 7408 7409 /* set sadb_address for source */ 7410 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 7411 &sav->sah->saidx.src.sa, 7412 FULLMASK, IPSEC_ULPROTO_ANY); 7413 if (!m) { 7414 error = ENOBUFS; 7415 goto fail; 7416 } 7417 m_cat(result, m); 7418 7419 /* set sadb_address for destination */ 7420 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 7421 &sav->sah->saidx.dst.sa, 7422 FULLMASK, IPSEC_ULPROTO_ANY); 7423 if (!m) { 7424 error = ENOBUFS; 7425 goto fail; 7426 } 7427 m_cat(result, m); 7428 7429 /* 7430 * XXX-BZ Handle NAT-T extensions here. 7431 * XXXAE: it doesn't seem quite useful. IKEs should not depend on 7432 * this information, we report only significant SA fields. 7433 */ 7434 7435 if ((result->m_flags & M_PKTHDR) == 0) { 7436 error = EINVAL; 7437 goto fail; 7438 } 7439 7440 if (result->m_len < sizeof(struct sadb_msg)) { 7441 result = m_pullup(result, sizeof(struct sadb_msg)); 7442 if (result == NULL) { 7443 error = ENOBUFS; 7444 goto fail; 7445 } 7446 } 7447 7448 result->m_pkthdr.len = 0; 7449 for (m = result; m; m = m->m_next) 7450 result->m_pkthdr.len += m->m_len; 7451 7452 mtod(result, struct sadb_msg *)->sadb_msg_len = 7453 PFKEY_UNIT64(result->m_pkthdr.len); 7454 7455 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 7456 7457 fail: 7458 if (result) 7459 m_freem(result); 7460 return error; 7461 } 7462 7463 static void 7464 key_freesah_flushed(struct secashead_queue *flushq) 7465 { 7466 struct secashead *sah, *nextsah; 7467 struct secasvar *sav, *nextsav; 7468 7469 sah = TAILQ_FIRST(flushq); 7470 while (sah != NULL) { 7471 sav = TAILQ_FIRST(&sah->savtree_larval); 7472 while (sav != NULL) { 7473 nextsav = TAILQ_NEXT(sav, chain); 7474 TAILQ_REMOVE(&sah->savtree_larval, sav, chain); 7475 key_freesav(&sav); /* release last reference */ 7476 key_freesah(&sah); /* release reference from SAV */ 7477 sav = nextsav; 7478 } 7479 sav = TAILQ_FIRST(&sah->savtree_alive); 7480 while (sav != NULL) { 7481 nextsav = TAILQ_NEXT(sav, chain); 7482 TAILQ_REMOVE(&sah->savtree_alive, sav, chain); 7483 key_freesav(&sav); /* release last reference */ 7484 key_freesah(&sah); /* release reference from SAV */ 7485 sav = nextsav; 7486 } 7487 nextsah = TAILQ_NEXT(sah, chain); 7488 key_freesah(&sah); /* release last reference */ 7489 sah = nextsah; 7490 } 7491 } 7492 7493 /* 7494 * SADB_FLUSH processing 7495 * receive 7496 * <base> 7497 * from the ikmpd, and free all entries in secastree. 7498 * and send, 7499 * <base> 7500 * to the ikmpd. 7501 * NOTE: to do is only marking SADB_SASTATE_DEAD. 7502 * 7503 * m will always be freed. 7504 */ 7505 static int 7506 key_flush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7507 { 7508 struct secashead_queue flushq; 7509 struct sadb_msg *newmsg; 7510 struct secashead *sah, *nextsah; 7511 struct secasvar *sav; 7512 uint8_t proto; 7513 int i; 7514 7515 IPSEC_ASSERT(so != NULL, ("null socket")); 7516 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7517 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7518 7519 /* map satype to proto */ 7520 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7521 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7522 __func__)); 7523 return key_senderror(so, m, EINVAL); 7524 } 7525 KEYDBG(KEY_STAMP, 7526 printf("%s: proto %u\n", __func__, proto)); 7527 7528 TAILQ_INIT(&flushq); 7529 if (proto == IPSEC_PROTO_ANY) { 7530 /* no SATYPE specified, i.e. flushing all SA. */ 7531 SAHTREE_WLOCK(); 7532 /* Move all SAHs into flushq */ 7533 TAILQ_CONCAT(&flushq, &V_sahtree, chain); 7534 /* Flush all buckets in SPI hash */ 7535 for (i = 0; i < V_savhash_mask + 1; i++) 7536 LIST_INIT(&V_savhashtbl[i]); 7537 /* Flush all buckets in SAHADDRHASH */ 7538 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 7539 LIST_INIT(&V_sahaddrhashtbl[i]); 7540 /* Mark all SAHs as unlinked */ 7541 TAILQ_FOREACH(sah, &flushq, chain) { 7542 sah->state = SADB_SASTATE_DEAD; 7543 /* 7544 * Callout handler makes its job using 7545 * RLOCK and drain queues. In case, when this 7546 * function will be called just before it 7547 * acquires WLOCK, we need to mark SAs as 7548 * unlinked to prevent second unlink. 7549 */ 7550 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7551 sav->state = SADB_SASTATE_DEAD; 7552 } 7553 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7554 sav->state = SADB_SASTATE_DEAD; 7555 } 7556 } 7557 SAHTREE_WUNLOCK(); 7558 } else { 7559 SAHTREE_WLOCK(); 7560 sah = TAILQ_FIRST(&V_sahtree); 7561 while (sah != NULL) { 7562 IPSEC_ASSERT(sah->state != SADB_SASTATE_DEAD, 7563 ("DEAD SAH %p in SADB_FLUSH", sah)); 7564 nextsah = TAILQ_NEXT(sah, chain); 7565 if (sah->saidx.proto != proto) { 7566 sah = nextsah; 7567 continue; 7568 } 7569 sah->state = SADB_SASTATE_DEAD; 7570 TAILQ_REMOVE(&V_sahtree, sah, chain); 7571 LIST_REMOVE(sah, addrhash); 7572 /* Unlink all SAs from SPI hash */ 7573 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7574 LIST_REMOVE(sav, spihash); 7575 sav->state = SADB_SASTATE_DEAD; 7576 } 7577 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7578 LIST_REMOVE(sav, spihash); 7579 sav->state = SADB_SASTATE_DEAD; 7580 } 7581 /* Add SAH into flushq */ 7582 TAILQ_INSERT_HEAD(&flushq, sah, chain); 7583 sah = nextsah; 7584 } 7585 SAHTREE_WUNLOCK(); 7586 } 7587 7588 key_freesah_flushed(&flushq); 7589 /* Free all queued SAs and SAHs */ 7590 if (m->m_len < sizeof(struct sadb_msg) || 7591 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 7592 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7593 return key_senderror(so, m, ENOBUFS); 7594 } 7595 7596 if (m->m_next) 7597 m_freem(m->m_next); 7598 m->m_next = NULL; 7599 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg); 7600 newmsg = mtod(m, struct sadb_msg *); 7601 newmsg->sadb_msg_errno = 0; 7602 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 7603 7604 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7605 } 7606 7607 /* 7608 * SADB_DUMP processing 7609 * dump all entries including status of DEAD in SAD. 7610 * receive 7611 * <base> 7612 * from the ikmpd, and dump all secasvar leaves 7613 * and send, 7614 * <base> ..... 7615 * to the ikmpd. 7616 * 7617 * m will always be freed. 7618 */ 7619 static int 7620 key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7621 { 7622 SAHTREE_RLOCK_TRACKER; 7623 struct secashead *sah; 7624 struct secasvar *sav; 7625 struct mbuf *n; 7626 uint32_t cnt; 7627 uint8_t proto, satype; 7628 7629 IPSEC_ASSERT(so != NULL, ("null socket")); 7630 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7631 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7632 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7633 7634 /* map satype to proto */ 7635 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7636 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7637 __func__)); 7638 return key_senderror(so, m, EINVAL); 7639 } 7640 7641 /* count sav entries to be sent to the userland. */ 7642 cnt = 0; 7643 SAHTREE_RLOCK(); 7644 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7645 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7646 proto != sah->saidx.proto) 7647 continue; 7648 7649 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) 7650 cnt++; 7651 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) 7652 cnt++; 7653 } 7654 7655 if (cnt == 0) { 7656 SAHTREE_RUNLOCK(); 7657 return key_senderror(so, m, ENOENT); 7658 } 7659 7660 /* send this to the userland, one at a time. */ 7661 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7662 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7663 proto != sah->saidx.proto) 7664 continue; 7665 7666 /* map proto to satype */ 7667 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 7668 SAHTREE_RUNLOCK(); 7669 ipseclog((LOG_DEBUG, "%s: there was invalid proto in " 7670 "SAD.\n", __func__)); 7671 return key_senderror(so, m, EINVAL); 7672 } 7673 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7674 n = key_setdumpsa(sav, SADB_DUMP, satype, 7675 --cnt, mhp->msg->sadb_msg_pid); 7676 if (n == NULL) { 7677 SAHTREE_RUNLOCK(); 7678 return key_senderror(so, m, ENOBUFS); 7679 } 7680 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7681 } 7682 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7683 n = key_setdumpsa(sav, SADB_DUMP, satype, 7684 --cnt, mhp->msg->sadb_msg_pid); 7685 if (n == NULL) { 7686 SAHTREE_RUNLOCK(); 7687 return key_senderror(so, m, ENOBUFS); 7688 } 7689 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7690 } 7691 } 7692 SAHTREE_RUNLOCK(); 7693 m_freem(m); 7694 return (0); 7695 } 7696 /* 7697 * SADB_X_PROMISC processing 7698 * 7699 * m will always be freed. 7700 */ 7701 static int 7702 key_promisc(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7703 { 7704 int olen; 7705 7706 IPSEC_ASSERT(so != NULL, ("null socket")); 7707 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7708 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7709 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7710 7711 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7712 7713 if (olen < sizeof(struct sadb_msg)) { 7714 #if 1 7715 return key_senderror(so, m, EINVAL); 7716 #else 7717 m_freem(m); 7718 return 0; 7719 #endif 7720 } else if (olen == sizeof(struct sadb_msg)) { 7721 /* enable/disable promisc mode */ 7722 struct keycb *kp; 7723 7724 if ((kp = so->so_pcb) == NULL) 7725 return key_senderror(so, m, EINVAL); 7726 mhp->msg->sadb_msg_errno = 0; 7727 switch (mhp->msg->sadb_msg_satype) { 7728 case 0: 7729 case 1: 7730 kp->kp_promisc = mhp->msg->sadb_msg_satype; 7731 break; 7732 default: 7733 return key_senderror(so, m, EINVAL); 7734 } 7735 7736 /* send the original message back to everyone */ 7737 mhp->msg->sadb_msg_errno = 0; 7738 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7739 } else { 7740 /* send packet as is */ 7741 7742 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg))); 7743 7744 /* TODO: if sadb_msg_seq is specified, send to specific pid */ 7745 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7746 } 7747 } 7748 7749 static int (*key_typesw[])(struct socket *, struct mbuf *, 7750 const struct sadb_msghdr *) = { 7751 [SADB_RESERVED] = NULL, 7752 [SADB_GETSPI] = key_getspi, 7753 [SADB_UPDATE] = key_update, 7754 [SADB_ADD] = key_add, 7755 [SADB_DELETE] = key_delete, 7756 [SADB_GET] = key_get, 7757 [SADB_ACQUIRE] = key_acquire2, 7758 [SADB_REGISTER] = key_register, 7759 [SADB_EXPIRE] = NULL, 7760 [SADB_FLUSH] = key_flush, 7761 [SADB_DUMP] = key_dump, 7762 [SADB_X_PROMISC] = key_promisc, 7763 [SADB_X_PCHANGE] = NULL, 7764 [SADB_X_SPDUPDATE] = key_spdadd, 7765 [SADB_X_SPDADD] = key_spdadd, 7766 [SADB_X_SPDDELETE] = key_spddelete, 7767 [SADB_X_SPDGET] = key_spdget, 7768 [SADB_X_SPDACQUIRE] = NULL, 7769 [SADB_X_SPDDUMP] = key_spddump, 7770 [SADB_X_SPDFLUSH] = key_spdflush, 7771 [SADB_X_SPDSETIDX] = key_spdadd, 7772 [SADB_X_SPDEXPIRE] = NULL, 7773 [SADB_X_SPDDELETE2] = key_spddelete2, 7774 }; 7775 7776 /* 7777 * parse sadb_msg buffer to process PFKEYv2, 7778 * and create a data to response if needed. 7779 * I think to be dealed with mbuf directly. 7780 * IN: 7781 * msgp : pointer to pointer to a received buffer pulluped. 7782 * This is rewrited to response. 7783 * so : pointer to socket. 7784 * OUT: 7785 * length for buffer to send to user process. 7786 */ 7787 int 7788 key_parse(struct mbuf *m, struct socket *so) 7789 { 7790 struct sadb_msg *msg; 7791 struct sadb_msghdr mh; 7792 u_int orglen; 7793 int error; 7794 int target; 7795 7796 IPSEC_ASSERT(so != NULL, ("null socket")); 7797 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7798 7799 if (m->m_len < sizeof(struct sadb_msg)) { 7800 m = m_pullup(m, sizeof(struct sadb_msg)); 7801 if (!m) 7802 return ENOBUFS; 7803 } 7804 msg = mtod(m, struct sadb_msg *); 7805 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); 7806 target = KEY_SENDUP_ONE; 7807 7808 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != orglen) { 7809 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); 7810 PFKEYSTAT_INC(out_invlen); 7811 error = EINVAL; 7812 goto senderror; 7813 } 7814 7815 if (msg->sadb_msg_version != PF_KEY_V2) { 7816 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n", 7817 __func__, msg->sadb_msg_version)); 7818 PFKEYSTAT_INC(out_invver); 7819 error = EINVAL; 7820 goto senderror; 7821 } 7822 7823 if (msg->sadb_msg_type > SADB_MAX) { 7824 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7825 __func__, msg->sadb_msg_type)); 7826 PFKEYSTAT_INC(out_invmsgtype); 7827 error = EINVAL; 7828 goto senderror; 7829 } 7830 7831 /* for old-fashioned code - should be nuked */ 7832 if (m->m_pkthdr.len > MCLBYTES) { 7833 m_freem(m); 7834 return ENOBUFS; 7835 } 7836 if (m->m_next) { 7837 struct mbuf *n; 7838 7839 n = key_mget(m->m_pkthdr.len); 7840 if (n == NULL) { 7841 m_freem(m); 7842 return ENOBUFS; 7843 } 7844 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t)); 7845 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len; 7846 n->m_next = NULL; 7847 m_freem(m); 7848 m = n; 7849 } 7850 7851 /* align the mbuf chain so that extensions are in contiguous region. */ 7852 error = key_align(m, &mh); 7853 if (error) 7854 return error; 7855 7856 msg = mh.msg; 7857 7858 /* We use satype as scope mask for spddump */ 7859 if (msg->sadb_msg_type == SADB_X_SPDDUMP) { 7860 switch (msg->sadb_msg_satype) { 7861 case IPSEC_POLICYSCOPE_ANY: 7862 case IPSEC_POLICYSCOPE_GLOBAL: 7863 case IPSEC_POLICYSCOPE_IFNET: 7864 case IPSEC_POLICYSCOPE_PCB: 7865 break; 7866 default: 7867 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7868 __func__, msg->sadb_msg_type)); 7869 PFKEYSTAT_INC(out_invsatype); 7870 error = EINVAL; 7871 goto senderror; 7872 } 7873 } else { 7874 switch (msg->sadb_msg_satype) { /* check SA type */ 7875 case SADB_SATYPE_UNSPEC: 7876 switch (msg->sadb_msg_type) { 7877 case SADB_GETSPI: 7878 case SADB_UPDATE: 7879 case SADB_ADD: 7880 case SADB_DELETE: 7881 case SADB_GET: 7882 case SADB_ACQUIRE: 7883 case SADB_EXPIRE: 7884 ipseclog((LOG_DEBUG, "%s: must specify satype " 7885 "when msg type=%u.\n", __func__, 7886 msg->sadb_msg_type)); 7887 PFKEYSTAT_INC(out_invsatype); 7888 error = EINVAL; 7889 goto senderror; 7890 } 7891 break; 7892 case SADB_SATYPE_AH: 7893 case SADB_SATYPE_ESP: 7894 case SADB_X_SATYPE_IPCOMP: 7895 case SADB_X_SATYPE_TCPSIGNATURE: 7896 switch (msg->sadb_msg_type) { 7897 case SADB_X_SPDADD: 7898 case SADB_X_SPDDELETE: 7899 case SADB_X_SPDGET: 7900 case SADB_X_SPDFLUSH: 7901 case SADB_X_SPDSETIDX: 7902 case SADB_X_SPDUPDATE: 7903 case SADB_X_SPDDELETE2: 7904 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7905 __func__, msg->sadb_msg_type)); 7906 PFKEYSTAT_INC(out_invsatype); 7907 error = EINVAL; 7908 goto senderror; 7909 } 7910 break; 7911 case SADB_SATYPE_RSVP: 7912 case SADB_SATYPE_OSPFV2: 7913 case SADB_SATYPE_RIPV2: 7914 case SADB_SATYPE_MIP: 7915 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n", 7916 __func__, msg->sadb_msg_satype)); 7917 PFKEYSTAT_INC(out_invsatype); 7918 error = EOPNOTSUPP; 7919 goto senderror; 7920 case 1: /* XXX: What does it do? */ 7921 if (msg->sadb_msg_type == SADB_X_PROMISC) 7922 break; 7923 /*FALLTHROUGH*/ 7924 default: 7925 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7926 __func__, msg->sadb_msg_satype)); 7927 PFKEYSTAT_INC(out_invsatype); 7928 error = EINVAL; 7929 goto senderror; 7930 } 7931 } 7932 7933 /* check field of upper layer protocol and address family */ 7934 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL 7935 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) { 7936 struct sadb_address *src0, *dst0; 7937 u_int plen; 7938 7939 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]); 7940 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]); 7941 7942 /* check upper layer protocol */ 7943 if (src0->sadb_address_proto != dst0->sadb_address_proto) { 7944 ipseclog((LOG_DEBUG, "%s: upper layer protocol " 7945 "mismatched.\n", __func__)); 7946 PFKEYSTAT_INC(out_invaddr); 7947 error = EINVAL; 7948 goto senderror; 7949 } 7950 7951 /* check family */ 7952 if (PFKEY_ADDR_SADDR(src0)->sa_family != 7953 PFKEY_ADDR_SADDR(dst0)->sa_family) { 7954 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", 7955 __func__)); 7956 PFKEYSTAT_INC(out_invaddr); 7957 error = EINVAL; 7958 goto senderror; 7959 } 7960 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7961 PFKEY_ADDR_SADDR(dst0)->sa_len) { 7962 ipseclog((LOG_DEBUG, "%s: address struct size " 7963 "mismatched.\n", __func__)); 7964 PFKEYSTAT_INC(out_invaddr); 7965 error = EINVAL; 7966 goto senderror; 7967 } 7968 7969 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7970 case AF_INET: 7971 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7972 sizeof(struct sockaddr_in)) { 7973 PFKEYSTAT_INC(out_invaddr); 7974 error = EINVAL; 7975 goto senderror; 7976 } 7977 break; 7978 case AF_INET6: 7979 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7980 sizeof(struct sockaddr_in6)) { 7981 PFKEYSTAT_INC(out_invaddr); 7982 error = EINVAL; 7983 goto senderror; 7984 } 7985 break; 7986 default: 7987 ipseclog((LOG_DEBUG, "%s: unsupported address family\n", 7988 __func__)); 7989 PFKEYSTAT_INC(out_invaddr); 7990 error = EAFNOSUPPORT; 7991 goto senderror; 7992 } 7993 7994 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7995 case AF_INET: 7996 plen = sizeof(struct in_addr) << 3; 7997 break; 7998 case AF_INET6: 7999 plen = sizeof(struct in6_addr) << 3; 8000 break; 8001 default: 8002 plen = 0; /*fool gcc*/ 8003 break; 8004 } 8005 8006 /* check max prefix length */ 8007 if (src0->sadb_address_prefixlen > plen || 8008 dst0->sadb_address_prefixlen > plen) { 8009 ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n", 8010 __func__)); 8011 PFKEYSTAT_INC(out_invaddr); 8012 error = EINVAL; 8013 goto senderror; 8014 } 8015 8016 /* 8017 * prefixlen == 0 is valid because there can be a case when 8018 * all addresses are matched. 8019 */ 8020 } 8021 8022 if (msg->sadb_msg_type >= nitems(key_typesw) || 8023 key_typesw[msg->sadb_msg_type] == NULL) { 8024 PFKEYSTAT_INC(out_invmsgtype); 8025 error = EINVAL; 8026 goto senderror; 8027 } 8028 8029 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh); 8030 8031 senderror: 8032 msg->sadb_msg_errno = error; 8033 return key_sendup_mbuf(so, m, target); 8034 } 8035 8036 static int 8037 key_senderror(struct socket *so, struct mbuf *m, int code) 8038 { 8039 struct sadb_msg *msg; 8040 8041 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8042 ("mbuf too small, len %u", m->m_len)); 8043 8044 msg = mtod(m, struct sadb_msg *); 8045 msg->sadb_msg_errno = code; 8046 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 8047 } 8048 8049 /* 8050 * set the pointer to each header into message buffer. 8051 * m will be freed on error. 8052 * XXX larger-than-MCLBYTES extension? 8053 */ 8054 static int 8055 key_align(struct mbuf *m, struct sadb_msghdr *mhp) 8056 { 8057 struct mbuf *n; 8058 struct sadb_ext *ext; 8059 size_t off, end; 8060 int extlen; 8061 int toff; 8062 8063 IPSEC_ASSERT(m != NULL, ("null mbuf")); 8064 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 8065 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8066 ("mbuf too small, len %u", m->m_len)); 8067 8068 /* initialize */ 8069 bzero(mhp, sizeof(*mhp)); 8070 8071 mhp->msg = mtod(m, struct sadb_msg *); 8072 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */ 8073 8074 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 8075 extlen = end; /*just in case extlen is not updated*/ 8076 for (off = sizeof(struct sadb_msg); off < end; off += extlen) { 8077 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff); 8078 if (!n) { 8079 /* m is already freed */ 8080 return ENOBUFS; 8081 } 8082 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8083 8084 /* set pointer */ 8085 switch (ext->sadb_ext_type) { 8086 case SADB_EXT_SA: 8087 case SADB_EXT_ADDRESS_SRC: 8088 case SADB_EXT_ADDRESS_DST: 8089 case SADB_EXT_ADDRESS_PROXY: 8090 case SADB_EXT_LIFETIME_CURRENT: 8091 case SADB_EXT_LIFETIME_HARD: 8092 case SADB_EXT_LIFETIME_SOFT: 8093 case SADB_EXT_KEY_AUTH: 8094 case SADB_EXT_KEY_ENCRYPT: 8095 case SADB_EXT_IDENTITY_SRC: 8096 case SADB_EXT_IDENTITY_DST: 8097 case SADB_EXT_SENSITIVITY: 8098 case SADB_EXT_PROPOSAL: 8099 case SADB_EXT_SUPPORTED_AUTH: 8100 case SADB_EXT_SUPPORTED_ENCRYPT: 8101 case SADB_EXT_SPIRANGE: 8102 case SADB_X_EXT_POLICY: 8103 case SADB_X_EXT_SA2: 8104 case SADB_X_EXT_NAT_T_TYPE: 8105 case SADB_X_EXT_NAT_T_SPORT: 8106 case SADB_X_EXT_NAT_T_DPORT: 8107 case SADB_X_EXT_NAT_T_OAI: 8108 case SADB_X_EXT_NAT_T_OAR: 8109 case SADB_X_EXT_NAT_T_FRAG: 8110 case SADB_X_EXT_SA_REPLAY: 8111 case SADB_X_EXT_NEW_ADDRESS_SRC: 8112 case SADB_X_EXT_NEW_ADDRESS_DST: 8113 /* duplicate check */ 8114 /* 8115 * XXX Are there duplication payloads of either 8116 * KEY_AUTH or KEY_ENCRYPT ? 8117 */ 8118 if (mhp->ext[ext->sadb_ext_type] != NULL) { 8119 ipseclog((LOG_DEBUG, "%s: duplicate ext_type " 8120 "%u\n", __func__, ext->sadb_ext_type)); 8121 m_freem(m); 8122 PFKEYSTAT_INC(out_dupext); 8123 return EINVAL; 8124 } 8125 break; 8126 default: 8127 ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n", 8128 __func__, ext->sadb_ext_type)); 8129 m_freem(m); 8130 PFKEYSTAT_INC(out_invexttype); 8131 return EINVAL; 8132 } 8133 8134 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 8135 8136 if (key_validate_ext(ext, extlen)) { 8137 m_freem(m); 8138 PFKEYSTAT_INC(out_invlen); 8139 return EINVAL; 8140 } 8141 8142 n = m_pulldown(m, off, extlen, &toff); 8143 if (!n) { 8144 /* m is already freed */ 8145 return ENOBUFS; 8146 } 8147 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8148 8149 mhp->ext[ext->sadb_ext_type] = ext; 8150 mhp->extoff[ext->sadb_ext_type] = off; 8151 mhp->extlen[ext->sadb_ext_type] = extlen; 8152 } 8153 8154 if (off != end) { 8155 m_freem(m); 8156 PFKEYSTAT_INC(out_invlen); 8157 return EINVAL; 8158 } 8159 8160 return 0; 8161 } 8162 8163 static int 8164 key_validate_ext(const struct sadb_ext *ext, int len) 8165 { 8166 const struct sockaddr *sa; 8167 enum { NONE, ADDR } checktype = NONE; 8168 int baselen = 0; 8169 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len); 8170 8171 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len)) 8172 return EINVAL; 8173 8174 /* if it does not match minimum/maximum length, bail */ 8175 if (ext->sadb_ext_type >= nitems(minsize) || 8176 ext->sadb_ext_type >= nitems(maxsize)) 8177 return EINVAL; 8178 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type]) 8179 return EINVAL; 8180 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type]) 8181 return EINVAL; 8182 8183 /* more checks based on sadb_ext_type XXX need more */ 8184 switch (ext->sadb_ext_type) { 8185 case SADB_EXT_ADDRESS_SRC: 8186 case SADB_EXT_ADDRESS_DST: 8187 case SADB_EXT_ADDRESS_PROXY: 8188 case SADB_X_EXT_NAT_T_OAI: 8189 case SADB_X_EXT_NAT_T_OAR: 8190 case SADB_X_EXT_NEW_ADDRESS_SRC: 8191 case SADB_X_EXT_NEW_ADDRESS_DST: 8192 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address)); 8193 checktype = ADDR; 8194 break; 8195 case SADB_EXT_IDENTITY_SRC: 8196 case SADB_EXT_IDENTITY_DST: 8197 if (((const struct sadb_ident *)ext)->sadb_ident_type == 8198 SADB_X_IDENTTYPE_ADDR) { 8199 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident)); 8200 checktype = ADDR; 8201 } else 8202 checktype = NONE; 8203 break; 8204 default: 8205 checktype = NONE; 8206 break; 8207 } 8208 8209 switch (checktype) { 8210 case NONE: 8211 break; 8212 case ADDR: 8213 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen); 8214 if (len < baselen + sal) 8215 return EINVAL; 8216 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len) 8217 return EINVAL; 8218 break; 8219 } 8220 8221 return 0; 8222 } 8223 8224 void 8225 spdcache_init(void) 8226 { 8227 int i; 8228 8229 TUNABLE_INT_FETCH("net.key.spdcache.maxentries", 8230 &V_key_spdcache_maxentries); 8231 TUNABLE_INT_FETCH("net.key.spdcache.threshold", 8232 &V_key_spdcache_threshold); 8233 8234 if (V_key_spdcache_maxentries) { 8235 V_key_spdcache_maxentries = MAX(V_key_spdcache_maxentries, 8236 SPDCACHE_MAX_ENTRIES_PER_HASH); 8237 V_spdcachehashtbl = hashinit(V_key_spdcache_maxentries / 8238 SPDCACHE_MAX_ENTRIES_PER_HASH, 8239 M_IPSEC_SPDCACHE, &V_spdcachehash_mask); 8240 V_key_spdcache_maxentries = (V_spdcachehash_mask + 1) 8241 * SPDCACHE_MAX_ENTRIES_PER_HASH; 8242 8243 V_spdcache_lock = malloc(sizeof(struct mtx) * 8244 (V_spdcachehash_mask + 1), 8245 M_IPSEC_SPDCACHE, M_WAITOK | M_ZERO); 8246 8247 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8248 SPDCACHE_LOCK_INIT(i); 8249 } 8250 } 8251 8252 struct spdcache_entry * 8253 spdcache_entry_alloc(const struct secpolicyindex *spidx, struct secpolicy *sp) 8254 { 8255 struct spdcache_entry *entry; 8256 8257 entry = malloc(sizeof(struct spdcache_entry), M_IPSEC_SPDCACHE, 8258 M_NOWAIT | M_ZERO); 8259 if (entry == NULL) 8260 return (NULL); 8261 8262 if (sp != NULL) 8263 SP_ADDREF(sp); 8264 8265 entry->spidx = *spidx; 8266 entry->sp = sp; 8267 8268 return (entry); 8269 } 8270 8271 void 8272 spdcache_entry_free(struct spdcache_entry *entry) 8273 { 8274 8275 if (entry->sp != NULL) 8276 key_freesp(&entry->sp); 8277 free(entry, M_IPSEC_SPDCACHE); 8278 } 8279 8280 void 8281 spdcache_clear(void) 8282 { 8283 struct spdcache_entry *entry; 8284 int i; 8285 8286 for (i = 0; i < V_spdcachehash_mask + 1; ++i) { 8287 SPDCACHE_LOCK(i); 8288 while (!LIST_EMPTY(&V_spdcachehashtbl[i])) { 8289 entry = LIST_FIRST(&V_spdcachehashtbl[i]); 8290 LIST_REMOVE(entry, chain); 8291 spdcache_entry_free(entry); 8292 } 8293 SPDCACHE_UNLOCK(i); 8294 } 8295 } 8296 8297 #ifdef VIMAGE 8298 void 8299 spdcache_destroy(void) 8300 { 8301 int i; 8302 8303 if (SPDCACHE_ENABLED()) { 8304 spdcache_clear(); 8305 hashdestroy(V_spdcachehashtbl, M_IPSEC_SPDCACHE, V_spdcachehash_mask); 8306 8307 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8308 SPDCACHE_LOCK_DESTROY(i); 8309 8310 free(V_spdcache_lock, M_IPSEC_SPDCACHE); 8311 } 8312 } 8313 #endif 8314 8315 static void 8316 key_vnet_init(void *arg __unused) 8317 { 8318 int i; 8319 8320 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8321 TAILQ_INIT(&V_sptree[i]); 8322 TAILQ_INIT(&V_sptree_ifnet[i]); 8323 } 8324 8325 TAILQ_INIT(&V_sahtree); 8326 V_sphashtbl = hashinit(SPHASH_NHASH, M_IPSEC_SP, &V_sphash_mask); 8327 V_savhashtbl = hashinit(SAVHASH_NHASH, M_IPSEC_SA, &V_savhash_mask); 8328 V_sahaddrhashtbl = hashinit(SAHHASH_NHASH, M_IPSEC_SAH, 8329 &V_sahaddrhash_mask); 8330 V_acqaddrhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8331 &V_acqaddrhash_mask); 8332 V_acqseqhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8333 &V_acqseqhash_mask); 8334 8335 spdcache_init(); 8336 8337 for (i = 0; i <= SADB_SATYPE_MAX; i++) 8338 LIST_INIT(&V_regtree[i]); 8339 8340 LIST_INIT(&V_acqtree); 8341 LIST_INIT(&V_spacqtree); 8342 } 8343 VNET_SYSINIT(key_vnet_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_SECOND, 8344 key_vnet_init, NULL); 8345 8346 static void 8347 key_init(void *arg __unused) 8348 { 8349 8350 ipsec_key_lft_zone = uma_zcreate("IPsec SA lft_c", 8351 sizeof(uint64_t) * 2, NULL, NULL, NULL, NULL, 8352 UMA_ALIGN_PTR, UMA_ZONE_PCPU); 8353 8354 SPTREE_LOCK_INIT(); 8355 REGTREE_LOCK_INIT(); 8356 SAHTREE_LOCK_INIT(); 8357 ACQ_LOCK_INIT(); 8358 SPACQ_LOCK_INIT(); 8359 SPI_ALLOC_LOCK_INIT(); 8360 8361 #ifndef IPSEC_DEBUG2 8362 callout_init(&key_timer, 1); 8363 callout_reset(&key_timer, hz, key_timehandler, NULL); 8364 #endif /*IPSEC_DEBUG2*/ 8365 8366 /* initialize key statistics */ 8367 keystat.getspi_count = 1; 8368 8369 if (bootverbose) 8370 printf("IPsec: Initialized Security Association Processing.\n"); 8371 } 8372 SYSINIT(key_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, key_init, NULL); 8373 8374 #ifdef VIMAGE 8375 static void 8376 key_vnet_destroy(void *arg __unused) 8377 { 8378 struct secashead_queue sahdrainq; 8379 struct secpolicy_queue drainq; 8380 struct secpolicy *sp, *nextsp; 8381 struct secacq *acq, *nextacq; 8382 struct secspacq *spacq, *nextspacq; 8383 struct secashead *sah; 8384 struct secasvar *sav; 8385 struct secreg *reg; 8386 int i; 8387 8388 /* 8389 * XXX: can we just call free() for each object without 8390 * walking through safe way with releasing references? 8391 */ 8392 TAILQ_INIT(&drainq); 8393 SPTREE_WLOCK(); 8394 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8395 TAILQ_CONCAT(&drainq, &V_sptree[i], chain); 8396 TAILQ_CONCAT(&drainq, &V_sptree_ifnet[i], chain); 8397 } 8398 for (i = 0; i < V_sphash_mask + 1; i++) 8399 LIST_INIT(&V_sphashtbl[i]); 8400 SPTREE_WUNLOCK(); 8401 spdcache_destroy(); 8402 8403 sp = TAILQ_FIRST(&drainq); 8404 while (sp != NULL) { 8405 nextsp = TAILQ_NEXT(sp, chain); 8406 key_freesp(&sp); 8407 sp = nextsp; 8408 } 8409 8410 TAILQ_INIT(&sahdrainq); 8411 SAHTREE_WLOCK(); 8412 TAILQ_CONCAT(&sahdrainq, &V_sahtree, chain); 8413 for (i = 0; i < V_savhash_mask + 1; i++) 8414 LIST_INIT(&V_savhashtbl[i]); 8415 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 8416 LIST_INIT(&V_sahaddrhashtbl[i]); 8417 TAILQ_FOREACH(sah, &sahdrainq, chain) { 8418 sah->state = SADB_SASTATE_DEAD; 8419 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 8420 sav->state = SADB_SASTATE_DEAD; 8421 } 8422 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 8423 sav->state = SADB_SASTATE_DEAD; 8424 } 8425 } 8426 SAHTREE_WUNLOCK(); 8427 8428 key_freesah_flushed(&sahdrainq); 8429 hashdestroy(V_sphashtbl, M_IPSEC_SP, V_sphash_mask); 8430 hashdestroy(V_savhashtbl, M_IPSEC_SA, V_savhash_mask); 8431 hashdestroy(V_sahaddrhashtbl, M_IPSEC_SAH, V_sahaddrhash_mask); 8432 8433 REGTREE_LOCK(); 8434 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 8435 LIST_FOREACH(reg, &V_regtree[i], chain) { 8436 if (__LIST_CHAINED(reg)) { 8437 LIST_REMOVE(reg, chain); 8438 free(reg, M_IPSEC_SAR); 8439 break; 8440 } 8441 } 8442 } 8443 REGTREE_UNLOCK(); 8444 8445 ACQ_LOCK(); 8446 acq = LIST_FIRST(&V_acqtree); 8447 while (acq != NULL) { 8448 nextacq = LIST_NEXT(acq, chain); 8449 LIST_REMOVE(acq, chain); 8450 free(acq, M_IPSEC_SAQ); 8451 acq = nextacq; 8452 } 8453 for (i = 0; i < V_acqaddrhash_mask + 1; i++) 8454 LIST_INIT(&V_acqaddrhashtbl[i]); 8455 for (i = 0; i < V_acqseqhash_mask + 1; i++) 8456 LIST_INIT(&V_acqseqhashtbl[i]); 8457 ACQ_UNLOCK(); 8458 8459 SPACQ_LOCK(); 8460 for (spacq = LIST_FIRST(&V_spacqtree); spacq != NULL; 8461 spacq = nextspacq) { 8462 nextspacq = LIST_NEXT(spacq, chain); 8463 if (__LIST_CHAINED(spacq)) { 8464 LIST_REMOVE(spacq, chain); 8465 free(spacq, M_IPSEC_SAQ); 8466 } 8467 } 8468 SPACQ_UNLOCK(); 8469 hashdestroy(V_acqaddrhashtbl, M_IPSEC_SAQ, V_acqaddrhash_mask); 8470 hashdestroy(V_acqseqhashtbl, M_IPSEC_SAQ, V_acqseqhash_mask); 8471 } 8472 VNET_SYSUNINIT(key_vnet_destroy, SI_SUB_PROTO_DOMAIN, SI_ORDER_SECOND, 8473 key_vnet_destroy, NULL); 8474 #endif 8475 8476 /* 8477 * XXX: as long as domains are not unloadable, this function is never called, 8478 * provided for consistensy and future unload support. 8479 */ 8480 static void 8481 key_destroy(void *arg __unused) 8482 { 8483 uma_zdestroy(ipsec_key_lft_zone); 8484 8485 #ifndef IPSEC_DEBUG2 8486 callout_drain(&key_timer); 8487 #endif 8488 SPTREE_LOCK_DESTROY(); 8489 REGTREE_LOCK_DESTROY(); 8490 SAHTREE_LOCK_DESTROY(); 8491 ACQ_LOCK_DESTROY(); 8492 SPACQ_LOCK_DESTROY(); 8493 SPI_ALLOC_LOCK_DESTROY(); 8494 } 8495 SYSUNINIT(key_destroy, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, key_destroy, NULL); 8496 8497 /* record data transfer on SA, and update timestamps */ 8498 void 8499 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m) 8500 { 8501 IPSEC_ASSERT(sav != NULL, ("Null secasvar")); 8502 IPSEC_ASSERT(m != NULL, ("Null mbuf")); 8503 8504 /* 8505 * XXX Currently, there is a difference of bytes size 8506 * between inbound and outbound processing. 8507 */ 8508 counter_u64_add(sav->lft_c_bytes, m->m_pkthdr.len); 8509 8510 /* 8511 * We use the number of packets as the unit of 8512 * allocations. We increment the variable 8513 * whenever {esp,ah}_{in,out}put is called. 8514 */ 8515 counter_u64_add(sav->lft_c_allocations, 1); 8516 8517 /* 8518 * NOTE: We record CURRENT usetime by using wall clock, 8519 * in seconds. HARD and SOFT lifetime are measured by the time 8520 * difference (again in seconds) from usetime. 8521 * 8522 * usetime 8523 * v expire expire 8524 * -----+-----+--------+---> t 8525 * <--------------> HARD 8526 * <-----> SOFT 8527 */ 8528 if (sav->firstused == 0) 8529 sav->firstused = time_second; 8530 } 8531 8532 /* 8533 * Take one of the kernel's security keys and convert it into a PF_KEY 8534 * structure within an mbuf, suitable for sending up to a waiting 8535 * application in user land. 8536 * 8537 * IN: 8538 * src: A pointer to a kernel security key. 8539 * exttype: Which type of key this is. Refer to the PF_KEY data structures. 8540 * OUT: 8541 * a valid mbuf or NULL indicating an error 8542 * 8543 */ 8544 8545 static struct mbuf * 8546 key_setkey(struct seckey *src, uint16_t exttype) 8547 { 8548 struct mbuf *m; 8549 struct sadb_key *p; 8550 int len; 8551 8552 if (src == NULL) 8553 return NULL; 8554 8555 len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src)); 8556 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8557 if (m == NULL) 8558 return NULL; 8559 m_align(m, len); 8560 m->m_len = len; 8561 p = mtod(m, struct sadb_key *); 8562 bzero(p, len); 8563 p->sadb_key_len = PFKEY_UNIT64(len); 8564 p->sadb_key_exttype = exttype; 8565 p->sadb_key_bits = src->bits; 8566 bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src)); 8567 8568 return m; 8569 } 8570 8571 /* 8572 * Take one of the kernel's lifetime data structures and convert it 8573 * into a PF_KEY structure within an mbuf, suitable for sending up to 8574 * a waiting application in user land. 8575 * 8576 * IN: 8577 * src: A pointer to a kernel lifetime structure. 8578 * exttype: Which type of lifetime this is. Refer to the PF_KEY 8579 * data structures for more information. 8580 * OUT: 8581 * a valid mbuf or NULL indicating an error 8582 * 8583 */ 8584 8585 static struct mbuf * 8586 key_setlifetime(struct seclifetime *src, uint16_t exttype) 8587 { 8588 struct mbuf *m = NULL; 8589 struct sadb_lifetime *p; 8590 int len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime)); 8591 8592 if (src == NULL) 8593 return NULL; 8594 8595 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8596 if (m == NULL) 8597 return m; 8598 m_align(m, len); 8599 m->m_len = len; 8600 p = mtod(m, struct sadb_lifetime *); 8601 8602 bzero(p, len); 8603 p->sadb_lifetime_len = PFKEY_UNIT64(len); 8604 p->sadb_lifetime_exttype = exttype; 8605 p->sadb_lifetime_allocations = src->allocations; 8606 p->sadb_lifetime_bytes = src->bytes; 8607 p->sadb_lifetime_addtime = src->addtime; 8608 p->sadb_lifetime_usetime = src->usetime; 8609 8610 return m; 8611 8612 } 8613 8614 const struct enc_xform * 8615 enc_algorithm_lookup(int alg) 8616 { 8617 int i; 8618 8619 for (i = 0; i < nitems(supported_ealgs); i++) 8620 if (alg == supported_ealgs[i].sadb_alg) 8621 return (supported_ealgs[i].xform); 8622 return (NULL); 8623 } 8624 8625 const struct auth_hash * 8626 auth_algorithm_lookup(int alg) 8627 { 8628 int i; 8629 8630 for (i = 0; i < nitems(supported_aalgs); i++) 8631 if (alg == supported_aalgs[i].sadb_alg) 8632 return (supported_aalgs[i].xform); 8633 return (NULL); 8634 } 8635 8636 const struct comp_algo * 8637 comp_algorithm_lookup(int alg) 8638 { 8639 int i; 8640 8641 for (i = 0; i < nitems(supported_calgs); i++) 8642 if (alg == supported_calgs[i].sadb_alg) 8643 return (supported_calgs[i].xform); 8644 return (NULL); 8645 } 8646