1 /* $FreeBSD$ */ 2 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 3 4 /*- 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * This code is referd to RFC 2367 35 */ 36 37 #include "opt_inet.h" 38 #include "opt_inet6.h" 39 #include "opt_ipsec.h" 40 41 #include <sys/types.h> 42 #include <sys/param.h> 43 #include <sys/systm.h> 44 #include <sys/kernel.h> 45 #include <sys/lock.h> 46 #include <sys/mutex.h> 47 #include <sys/mbuf.h> 48 #include <sys/domain.h> 49 #include <sys/protosw.h> 50 #include <sys/malloc.h> 51 #include <sys/rmlock.h> 52 #include <sys/socket.h> 53 #include <sys/socketvar.h> 54 #include <sys/sysctl.h> 55 #include <sys/errno.h> 56 #include <sys/proc.h> 57 #include <sys/queue.h> 58 #include <sys/refcount.h> 59 #include <sys/syslog.h> 60 61 #include <net/if.h> 62 #include <net/if_var.h> 63 #include <net/vnet.h> 64 #include <net/raw_cb.h> 65 66 #include <netinet/in.h> 67 #include <netinet/in_systm.h> 68 #include <netinet/ip.h> 69 #include <netinet/in_var.h> 70 71 #ifdef INET6 72 #include <netinet/ip6.h> 73 #include <netinet6/in6_var.h> 74 #include <netinet6/ip6_var.h> 75 #endif /* INET6 */ 76 77 #if defined(INET) || defined(INET6) 78 #include <netinet/in_pcb.h> 79 #endif 80 #ifdef INET6 81 #include <netinet6/in6_pcb.h> 82 #endif /* INET6 */ 83 84 #include <net/pfkeyv2.h> 85 #include <netipsec/keydb.h> 86 #include <netipsec/key.h> 87 #include <netipsec/keysock.h> 88 #include <netipsec/key_debug.h> 89 90 #include <netipsec/ipsec.h> 91 #ifdef INET6 92 #include <netipsec/ipsec6.h> 93 #endif 94 95 #include <netipsec/xform.h> 96 97 #include <machine/stdarg.h> 98 99 /* randomness */ 100 #include <sys/random.h> 101 102 #define FULLMASK 0xff 103 #define _BITS(bytes) ((bytes) << 3) 104 105 /* 106 * Note on SA reference counting: 107 * - SAs that are not in DEAD state will have (total external reference + 1) 108 * following value in reference count field. they cannot be freed and are 109 * referenced from SA header. 110 * - SAs that are in DEAD state will have (total external reference) 111 * in reference count field. they are ready to be freed. reference from 112 * SA header will be removed in key_delsav(), when the reference count 113 * field hits 0 (= no external reference other than from SA header. 114 */ 115 116 VNET_DEFINE(u_int32_t, key_debug_level) = 0; 117 static VNET_DEFINE(u_int, key_spi_trycnt) = 1000; 118 static VNET_DEFINE(u_int32_t, key_spi_minval) = 0x100; 119 static VNET_DEFINE(u_int32_t, key_spi_maxval) = 0x0fffffff; /* XXX */ 120 static VNET_DEFINE(u_int32_t, policy_id) = 0; 121 /*interval to initialize randseed,1(m)*/ 122 static VNET_DEFINE(u_int, key_int_random) = 60; 123 /* interval to expire acquiring, 30(s)*/ 124 static VNET_DEFINE(u_int, key_larval_lifetime) = 30; 125 /* counter for blocking SADB_ACQUIRE.*/ 126 static VNET_DEFINE(int, key_blockacq_count) = 10; 127 /* lifetime for blocking SADB_ACQUIRE.*/ 128 static VNET_DEFINE(int, key_blockacq_lifetime) = 20; 129 /* preferred old sa rather than new sa.*/ 130 static VNET_DEFINE(int, key_preferred_oldsa) = 1; 131 #define V_key_spi_trycnt VNET(key_spi_trycnt) 132 #define V_key_spi_minval VNET(key_spi_minval) 133 #define V_key_spi_maxval VNET(key_spi_maxval) 134 #define V_policy_id VNET(policy_id) 135 #define V_key_int_random VNET(key_int_random) 136 #define V_key_larval_lifetime VNET(key_larval_lifetime) 137 #define V_key_blockacq_count VNET(key_blockacq_count) 138 #define V_key_blockacq_lifetime VNET(key_blockacq_lifetime) 139 #define V_key_preferred_oldsa VNET(key_preferred_oldsa) 140 141 static VNET_DEFINE(u_int32_t, acq_seq) = 0; 142 #define V_acq_seq VNET(acq_seq) 143 144 /* SPD */ 145 static VNET_DEFINE(TAILQ_HEAD(_sptree, secpolicy), sptree[IPSEC_DIR_MAX]); 146 static struct rmlock sptree_lock; 147 #define V_sptree VNET(sptree) 148 #define SPTREE_LOCK_INIT() rm_init(&sptree_lock, "sptree") 149 #define SPTREE_LOCK_DESTROY() rm_destroy(&sptree_lock) 150 #define SPTREE_RLOCK_TRACKER struct rm_priotracker sptree_tracker 151 #define SPTREE_RLOCK() rm_rlock(&sptree_lock, &sptree_tracker) 152 #define SPTREE_RUNLOCK() rm_runlock(&sptree_lock, &sptree_tracker) 153 #define SPTREE_RLOCK_ASSERT() rm_assert(&sptree_lock, RA_RLOCKED) 154 #define SPTREE_WLOCK() rm_wlock(&sptree_lock) 155 #define SPTREE_WUNLOCK() rm_wunlock(&sptree_lock) 156 #define SPTREE_WLOCK_ASSERT() rm_assert(&sptree_lock, RA_WLOCKED) 157 #define SPTREE_UNLOCK_ASSERT() rm_assert(&sptree_lock, RA_UNLOCKED) 158 159 static VNET_DEFINE(LIST_HEAD(_sahtree, secashead), sahtree); /* SAD */ 160 #define V_sahtree VNET(sahtree) 161 static struct mtx sahtree_lock; 162 #define SAHTREE_LOCK_INIT() \ 163 mtx_init(&sahtree_lock, "sahtree", \ 164 "fast ipsec security association database", MTX_DEF) 165 #define SAHTREE_LOCK_DESTROY() mtx_destroy(&sahtree_lock) 166 #define SAHTREE_LOCK() mtx_lock(&sahtree_lock) 167 #define SAHTREE_UNLOCK() mtx_unlock(&sahtree_lock) 168 #define SAHTREE_LOCK_ASSERT() mtx_assert(&sahtree_lock, MA_OWNED) 169 170 /* registed list */ 171 static VNET_DEFINE(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]); 172 #define V_regtree VNET(regtree) 173 static struct mtx regtree_lock; 174 #define REGTREE_LOCK_INIT() \ 175 mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF) 176 #define REGTREE_LOCK_DESTROY() mtx_destroy(®tree_lock) 177 #define REGTREE_LOCK() mtx_lock(®tree_lock) 178 #define REGTREE_UNLOCK() mtx_unlock(®tree_lock) 179 #define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED) 180 181 static VNET_DEFINE(LIST_HEAD(_acqtree, secacq), acqtree); /* acquiring list */ 182 #define V_acqtree VNET(acqtree) 183 static struct mtx acq_lock; 184 #define ACQ_LOCK_INIT() \ 185 mtx_init(&acq_lock, "acqtree", "fast ipsec acquire list", MTX_DEF) 186 #define ACQ_LOCK_DESTROY() mtx_destroy(&acq_lock) 187 #define ACQ_LOCK() mtx_lock(&acq_lock) 188 #define ACQ_UNLOCK() mtx_unlock(&acq_lock) 189 #define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED) 190 191 /* SP acquiring list */ 192 static VNET_DEFINE(LIST_HEAD(_spacqtree, secspacq), spacqtree); 193 #define V_spacqtree VNET(spacqtree) 194 static struct mtx spacq_lock; 195 #define SPACQ_LOCK_INIT() \ 196 mtx_init(&spacq_lock, "spacqtree", \ 197 "fast ipsec security policy acquire list", MTX_DEF) 198 #define SPACQ_LOCK_DESTROY() mtx_destroy(&spacq_lock) 199 #define SPACQ_LOCK() mtx_lock(&spacq_lock) 200 #define SPACQ_UNLOCK() mtx_unlock(&spacq_lock) 201 #define SPACQ_LOCK_ASSERT() mtx_assert(&spacq_lock, MA_OWNED) 202 203 /* search order for SAs */ 204 static const u_int saorder_state_valid_prefer_old[] = { 205 SADB_SASTATE_DYING, SADB_SASTATE_MATURE, 206 }; 207 static const u_int saorder_state_valid_prefer_new[] = { 208 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, 209 }; 210 static const u_int saorder_state_alive[] = { 211 /* except DEAD */ 212 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL 213 }; 214 static const u_int saorder_state_any[] = { 215 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, 216 SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD 217 }; 218 219 static const int minsize[] = { 220 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 221 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 222 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 223 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 224 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 225 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */ 226 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */ 227 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */ 228 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */ 229 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */ 230 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */ 231 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */ 232 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */ 233 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */ 234 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */ 235 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */ 236 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 237 0, /* SADB_X_EXT_KMPRIVATE */ 238 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */ 239 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 240 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 241 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 242 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 243 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAI */ 244 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAR */ 245 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 246 }; 247 static const int maxsize[] = { 248 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 249 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 250 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 251 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 252 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 253 0, /* SADB_EXT_ADDRESS_SRC */ 254 0, /* SADB_EXT_ADDRESS_DST */ 255 0, /* SADB_EXT_ADDRESS_PROXY */ 256 0, /* SADB_EXT_KEY_AUTH */ 257 0, /* SADB_EXT_KEY_ENCRYPT */ 258 0, /* SADB_EXT_IDENTITY_SRC */ 259 0, /* SADB_EXT_IDENTITY_DST */ 260 0, /* SADB_EXT_SENSITIVITY */ 261 0, /* SADB_EXT_PROPOSAL */ 262 0, /* SADB_EXT_SUPPORTED_AUTH */ 263 0, /* SADB_EXT_SUPPORTED_ENCRYPT */ 264 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 265 0, /* SADB_X_EXT_KMPRIVATE */ 266 0, /* SADB_X_EXT_POLICY */ 267 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 268 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 269 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 270 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 271 0, /* SADB_X_EXT_NAT_T_OAI */ 272 0, /* SADB_X_EXT_NAT_T_OAR */ 273 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 274 }; 275 276 static VNET_DEFINE(int, ipsec_esp_keymin) = 256; 277 static VNET_DEFINE(int, ipsec_esp_auth) = 0; 278 static VNET_DEFINE(int, ipsec_ah_keymin) = 128; 279 280 #define V_ipsec_esp_keymin VNET(ipsec_esp_keymin) 281 #define V_ipsec_esp_auth VNET(ipsec_esp_auth) 282 #define V_ipsec_ah_keymin VNET(ipsec_ah_keymin) 283 284 #ifdef SYSCTL_DECL 285 SYSCTL_DECL(_net_key); 286 #endif 287 288 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, 289 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, ""); 290 291 /* max count of trial for the decision of spi value */ 292 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, 293 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, ""); 294 295 /* minimum spi value to allocate automatically. */ 296 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, 297 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, ""); 298 299 /* maximun spi value to allocate automatically. */ 300 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, 301 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, ""); 302 303 /* interval to initialize randseed */ 304 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, 305 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_int_random), 0, ""); 306 307 /* lifetime for larval SA */ 308 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, 309 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, ""); 310 311 /* counter for blocking to send SADB_ACQUIRE to IKEd */ 312 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, 313 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, ""); 314 315 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ 316 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, 317 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, ""); 318 319 /* ESP auth */ 320 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, 321 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, ""); 322 323 /* minimum ESP key length */ 324 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, 325 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, ""); 326 327 /* minimum AH key length */ 328 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, 329 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, ""); 330 331 /* perfered old SA rather than new SA */ 332 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, 333 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, ""); 334 335 #define __LIST_CHAINED(elm) \ 336 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) 337 #define LIST_INSERT_TAIL(head, elm, type, field) \ 338 do {\ 339 struct type *curelm = LIST_FIRST(head); \ 340 if (curelm == NULL) {\ 341 LIST_INSERT_HEAD(head, elm, field); \ 342 } else { \ 343 while (LIST_NEXT(curelm, field)) \ 344 curelm = LIST_NEXT(curelm, field);\ 345 LIST_INSERT_AFTER(curelm, elm, field);\ 346 }\ 347 } while (0) 348 349 #define KEY_CHKSASTATE(head, sav, name) \ 350 do { \ 351 if ((head) != (sav)) { \ 352 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%d SA=%d)\n", \ 353 (name), (head), (sav))); \ 354 continue; \ 355 } \ 356 } while (0) 357 358 #define KEY_CHKSPDIR(head, sp, name) \ 359 do { \ 360 if ((head) != (sp)) { \ 361 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%d SP=%d), " \ 362 "anyway continue.\n", \ 363 (name), (head), (sp))); \ 364 } \ 365 } while (0) 366 367 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association"); 368 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head"); 369 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy"); 370 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request"); 371 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous"); 372 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire"); 373 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire"); 374 375 /* 376 * set parameters into secpolicyindex buffer. 377 * Must allocate secpolicyindex buffer passed to this function. 378 */ 379 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \ 380 do { \ 381 bzero((idx), sizeof(struct secpolicyindex)); \ 382 (idx)->dir = (_dir); \ 383 (idx)->prefs = (ps); \ 384 (idx)->prefd = (pd); \ 385 (idx)->ul_proto = (ulp); \ 386 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 387 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 388 } while (0) 389 390 /* 391 * set parameters into secasindex buffer. 392 * Must allocate secasindex buffer before calling this function. 393 */ 394 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \ 395 do { \ 396 bzero((idx), sizeof(struct secasindex)); \ 397 (idx)->proto = (p); \ 398 (idx)->mode = (m); \ 399 (idx)->reqid = (r); \ 400 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 401 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 402 } while (0) 403 404 /* key statistics */ 405 struct _keystat { 406 u_long getspi_count; /* the avarage of count to try to get new SPI */ 407 } keystat; 408 409 struct sadb_msghdr { 410 struct sadb_msg *msg; 411 struct sadb_ext *ext[SADB_EXT_MAX + 1]; 412 int extoff[SADB_EXT_MAX + 1]; 413 int extlen[SADB_EXT_MAX + 1]; 414 }; 415 416 #ifndef IPSEC_DEBUG2 417 static struct callout key_timer; 418 #endif 419 420 static struct secasvar *key_allocsa_policy(const struct secasindex *); 421 static void key_freesp_so(struct secpolicy **); 422 static struct secasvar *key_do_allocsa_policy(struct secashead *, u_int); 423 static void key_unlink(struct secpolicy *); 424 static struct secpolicy *key_getsp(struct secpolicyindex *); 425 static struct secpolicy *key_getspbyid(u_int32_t); 426 static u_int32_t key_newreqid(void); 427 static struct mbuf *key_gather_mbuf(struct mbuf *, 428 const struct sadb_msghdr *, int, int, ...); 429 static int key_spdadd(struct socket *, struct mbuf *, 430 const struct sadb_msghdr *); 431 static u_int32_t key_getnewspid(void); 432 static int key_spddelete(struct socket *, struct mbuf *, 433 const struct sadb_msghdr *); 434 static int key_spddelete2(struct socket *, struct mbuf *, 435 const struct sadb_msghdr *); 436 static int key_spdget(struct socket *, struct mbuf *, 437 const struct sadb_msghdr *); 438 static int key_spdflush(struct socket *, struct mbuf *, 439 const struct sadb_msghdr *); 440 static int key_spddump(struct socket *, struct mbuf *, 441 const struct sadb_msghdr *); 442 static struct mbuf *key_setdumpsp(struct secpolicy *, 443 u_int8_t, u_int32_t, u_int32_t); 444 static u_int key_getspreqmsglen(struct secpolicy *); 445 static int key_spdexpire(struct secpolicy *); 446 static struct secashead *key_newsah(struct secasindex *); 447 static void key_delsah(struct secashead *); 448 static struct secasvar *key_newsav(struct mbuf *, 449 const struct sadb_msghdr *, struct secashead *, int *, 450 const char*, int); 451 #define KEY_NEWSAV(m, sadb, sah, e) \ 452 key_newsav(m, sadb, sah, e, __FILE__, __LINE__) 453 static void key_delsav(struct secasvar *); 454 static struct secashead *key_getsah(struct secasindex *); 455 static struct secasvar *key_checkspidup(struct secasindex *, u_int32_t); 456 static struct secasvar *key_getsavbyspi(struct secashead *, u_int32_t); 457 static int key_setsaval(struct secasvar *, struct mbuf *, 458 const struct sadb_msghdr *); 459 static int key_mature(struct secasvar *); 460 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t, 461 u_int8_t, u_int32_t, u_int32_t); 462 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t, 463 u_int32_t, pid_t, u_int16_t); 464 static struct mbuf *key_setsadbsa(struct secasvar *); 465 static struct mbuf *key_setsadbaddr(u_int16_t, 466 const struct sockaddr *, u_int8_t, u_int16_t); 467 #ifdef IPSEC_NAT_T 468 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t); 469 static struct mbuf *key_setsadbxtype(u_int16_t); 470 #endif 471 static void key_porttosaddr(struct sockaddr *, u_int16_t); 472 #define KEY_PORTTOSADDR(saddr, port) \ 473 key_porttosaddr((struct sockaddr *)(saddr), (port)) 474 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t); 475 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t, 476 u_int32_t, u_int32_t); 477 static struct seckey *key_dup_keymsg(const struct sadb_key *, u_int, 478 struct malloc_type *); 479 static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src, 480 struct malloc_type *type); 481 #ifdef INET6 482 static int key_ismyaddr6(struct sockaddr_in6 *); 483 #endif 484 485 /* flags for key_cmpsaidx() */ 486 #define CMP_HEAD 1 /* protocol, addresses. */ 487 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */ 488 #define CMP_REQID 3 /* additionally HEAD, reaid. */ 489 #define CMP_EXACTLY 4 /* all elements. */ 490 static int key_cmpsaidx(const struct secasindex *, 491 const struct secasindex *, int); 492 static int key_cmpspidx_exactly(struct secpolicyindex *, 493 struct secpolicyindex *); 494 static int key_cmpspidx_withmask(struct secpolicyindex *, 495 struct secpolicyindex *); 496 static int key_sockaddrcmp(const struct sockaddr *, 497 const struct sockaddr *, int); 498 static int key_bbcmp(const void *, const void *, u_int); 499 static u_int16_t key_satype2proto(u_int8_t); 500 static u_int8_t key_proto2satype(u_int16_t); 501 502 static int key_getspi(struct socket *, struct mbuf *, 503 const struct sadb_msghdr *); 504 static u_int32_t key_do_getnewspi(struct sadb_spirange *, 505 struct secasindex *); 506 static int key_update(struct socket *, struct mbuf *, 507 const struct sadb_msghdr *); 508 #ifdef IPSEC_DOSEQCHECK 509 static struct secasvar *key_getsavbyseq(struct secashead *, u_int32_t); 510 #endif 511 static int key_add(struct socket *, struct mbuf *, 512 const struct sadb_msghdr *); 513 static int key_setident(struct secashead *, struct mbuf *, 514 const struct sadb_msghdr *); 515 static struct mbuf *key_getmsgbuf_x1(struct mbuf *, 516 const struct sadb_msghdr *); 517 static int key_delete(struct socket *, struct mbuf *, 518 const struct sadb_msghdr *); 519 static int key_delete_all(struct socket *, struct mbuf *, 520 const struct sadb_msghdr *, u_int16_t); 521 static int key_get(struct socket *, struct mbuf *, 522 const struct sadb_msghdr *); 523 524 static void key_getcomb_setlifetime(struct sadb_comb *); 525 static struct mbuf *key_getcomb_esp(void); 526 static struct mbuf *key_getcomb_ah(void); 527 static struct mbuf *key_getcomb_ipcomp(void); 528 static struct mbuf *key_getprop(const struct secasindex *); 529 530 static int key_acquire(const struct secasindex *, struct secpolicy *); 531 static struct secacq *key_newacq(const struct secasindex *); 532 static struct secacq *key_getacq(const struct secasindex *); 533 static struct secacq *key_getacqbyseq(u_int32_t); 534 static struct secspacq *key_newspacq(struct secpolicyindex *); 535 static struct secspacq *key_getspacq(struct secpolicyindex *); 536 static int key_acquire2(struct socket *, struct mbuf *, 537 const struct sadb_msghdr *); 538 static int key_register(struct socket *, struct mbuf *, 539 const struct sadb_msghdr *); 540 static int key_expire(struct secasvar *, int); 541 static int key_flush(struct socket *, struct mbuf *, 542 const struct sadb_msghdr *); 543 static int key_dump(struct socket *, struct mbuf *, 544 const struct sadb_msghdr *); 545 static int key_promisc(struct socket *, struct mbuf *, 546 const struct sadb_msghdr *); 547 static int key_senderror(struct socket *, struct mbuf *, int); 548 static int key_validate_ext(const struct sadb_ext *, int); 549 static int key_align(struct mbuf *, struct sadb_msghdr *); 550 static struct mbuf *key_setlifetime(struct seclifetime *src, 551 u_int16_t exttype); 552 static struct mbuf *key_setkey(struct seckey *src, u_int16_t exttype); 553 554 #if 0 555 static const char *key_getfqdn(void); 556 static const char *key_getuserfqdn(void); 557 #endif 558 static void key_sa_chgstate(struct secasvar *, u_int8_t); 559 560 static __inline void 561 sa_initref(struct secasvar *sav) 562 { 563 564 refcount_init(&sav->refcnt, 1); 565 } 566 static __inline void 567 sa_addref(struct secasvar *sav) 568 { 569 570 refcount_acquire(&sav->refcnt); 571 IPSEC_ASSERT(sav->refcnt != 0, ("SA refcnt overflow")); 572 } 573 static __inline int 574 sa_delref(struct secasvar *sav) 575 { 576 577 IPSEC_ASSERT(sav->refcnt > 0, ("SA refcnt underflow")); 578 return (refcount_release(&sav->refcnt)); 579 } 580 581 #define SP_ADDREF(p) refcount_acquire(&(p)->refcnt) 582 #define SP_DELREF(p) refcount_release(&(p)->refcnt) 583 584 /* 585 * Update the refcnt while holding the SPTREE lock. 586 */ 587 void 588 key_addref(struct secpolicy *sp) 589 { 590 591 SP_ADDREF(sp); 592 } 593 594 /* 595 * Return 0 when there are known to be no SP's for the specified 596 * direction. Otherwise return 1. This is used by IPsec code 597 * to optimize performance. 598 */ 599 int 600 key_havesp(u_int dir) 601 { 602 603 return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ? 604 TAILQ_FIRST(&V_sptree[dir]) != NULL : 1); 605 } 606 607 /* %%% IPsec policy management */ 608 /* 609 * allocating a SP for OUTBOUND or INBOUND packet. 610 * Must call key_freesp() later. 611 * OUT: NULL: not found 612 * others: found and return the pointer. 613 */ 614 struct secpolicy * 615 key_allocsp(struct secpolicyindex *spidx, u_int dir, const char* where, 616 int tag) 617 { 618 SPTREE_RLOCK_TRACKER; 619 struct secpolicy *sp; 620 621 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 622 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 623 ("invalid direction %u", dir)); 624 625 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 626 printf("DP %s from %s:%u\n", __func__, where, tag)); 627 628 /* get a SP entry */ 629 KEYDEBUG(KEYDEBUG_IPSEC_DATA, 630 printf("*** objects\n"); 631 kdebug_secpolicyindex(spidx)); 632 633 SPTREE_RLOCK(); 634 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 635 KEYDEBUG(KEYDEBUG_IPSEC_DATA, 636 printf("*** in SPD\n"); 637 kdebug_secpolicyindex(&sp->spidx)); 638 if (key_cmpspidx_withmask(&sp->spidx, spidx)) 639 goto found; 640 } 641 sp = NULL; 642 found: 643 if (sp) { 644 /* sanity check */ 645 KEY_CHKSPDIR(sp->spidx.dir, dir, __func__); 646 647 /* found a SPD entry */ 648 sp->lastused = time_second; 649 SP_ADDREF(sp); 650 } 651 SPTREE_RUNLOCK(); 652 653 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 654 printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__, 655 sp, sp ? sp->id : 0, sp ? sp->refcnt : 0)); 656 return sp; 657 } 658 659 /* 660 * allocating a SP for OUTBOUND or INBOUND packet. 661 * Must call key_freesp() later. 662 * OUT: NULL: not found 663 * others: found and return the pointer. 664 */ 665 struct secpolicy * 666 key_allocsp2(u_int32_t spi, union sockaddr_union *dst, u_int8_t proto, 667 u_int dir, const char* where, int tag) 668 { 669 SPTREE_RLOCK_TRACKER; 670 struct secpolicy *sp; 671 672 IPSEC_ASSERT(dst != NULL, ("null dst")); 673 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 674 ("invalid direction %u", dir)); 675 676 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 677 printf("DP %s from %s:%u\n", __func__, where, tag)); 678 679 /* get a SP entry */ 680 KEYDEBUG(KEYDEBUG_IPSEC_DATA, 681 printf("*** objects\n"); 682 printf("spi %u proto %u dir %u\n", spi, proto, dir); 683 kdebug_sockaddr(&dst->sa)); 684 685 SPTREE_RLOCK(); 686 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 687 KEYDEBUG(KEYDEBUG_IPSEC_DATA, 688 printf("*** in SPD\n"); 689 kdebug_secpolicyindex(&sp->spidx)); 690 /* compare simple values, then dst address */ 691 if (sp->spidx.ul_proto != proto) 692 continue; 693 /* NB: spi's must exist and match */ 694 if (!sp->req || !sp->req->sav || sp->req->sav->spi != spi) 695 continue; 696 if (key_sockaddrcmp(&sp->spidx.dst.sa, &dst->sa, 1) == 0) 697 goto found; 698 } 699 sp = NULL; 700 found: 701 if (sp) { 702 /* sanity check */ 703 KEY_CHKSPDIR(sp->spidx.dir, dir, __func__); 704 705 /* found a SPD entry */ 706 sp->lastused = time_second; 707 SP_ADDREF(sp); 708 } 709 SPTREE_RUNLOCK(); 710 711 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 712 printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__, 713 sp, sp ? sp->id : 0, sp ? sp->refcnt : 0)); 714 return sp; 715 } 716 717 #if 0 718 /* 719 * return a policy that matches this particular inbound packet. 720 * XXX slow 721 */ 722 struct secpolicy * 723 key_gettunnel(const struct sockaddr *osrc, 724 const struct sockaddr *odst, 725 const struct sockaddr *isrc, 726 const struct sockaddr *idst, 727 const char* where, int tag) 728 { 729 struct secpolicy *sp; 730 const int dir = IPSEC_DIR_INBOUND; 731 struct ipsecrequest *r1, *r2, *p; 732 struct secpolicyindex spidx; 733 734 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 735 printf("DP %s from %s:%u\n", __func__, where, tag)); 736 737 if (isrc->sa_family != idst->sa_family) { 738 ipseclog((LOG_ERR, "%s: protocol family mismatched %d != %d\n.", 739 __func__, isrc->sa_family, idst->sa_family)); 740 sp = NULL; 741 goto done; 742 } 743 744 SPTREE_LOCK(); 745 LIST_FOREACH(sp, &V_sptree[dir], chain) { 746 if (sp->state == IPSEC_SPSTATE_DEAD) 747 continue; 748 749 r1 = r2 = NULL; 750 for (p = sp->req; p; p = p->next) { 751 if (p->saidx.mode != IPSEC_MODE_TUNNEL) 752 continue; 753 754 r1 = r2; 755 r2 = p; 756 757 if (!r1) { 758 /* here we look at address matches only */ 759 spidx = sp->spidx; 760 if (isrc->sa_len > sizeof(spidx.src) || 761 idst->sa_len > sizeof(spidx.dst)) 762 continue; 763 bcopy(isrc, &spidx.src, isrc->sa_len); 764 bcopy(idst, &spidx.dst, idst->sa_len); 765 if (!key_cmpspidx_withmask(&sp->spidx, &spidx)) 766 continue; 767 } else { 768 if (key_sockaddrcmp(&r1->saidx.src.sa, isrc, 0) || 769 key_sockaddrcmp(&r1->saidx.dst.sa, idst, 0)) 770 continue; 771 } 772 773 if (key_sockaddrcmp(&r2->saidx.src.sa, osrc, 0) || 774 key_sockaddrcmp(&r2->saidx.dst.sa, odst, 0)) 775 continue; 776 777 goto found; 778 } 779 } 780 sp = NULL; 781 found: 782 if (sp) { 783 sp->lastused = time_second; 784 SP_ADDREF(sp); 785 } 786 SPTREE_UNLOCK(); 787 done: 788 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 789 printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__, 790 sp, sp ? sp->id : 0, sp ? sp->refcnt : 0)); 791 return sp; 792 } 793 #endif 794 795 /* 796 * allocating an SA entry for an *OUTBOUND* packet. 797 * checking each request entries in SP, and acquire an SA if need. 798 * OUT: 0: there are valid requests. 799 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring. 800 */ 801 int 802 key_checkrequest(struct ipsecrequest *isr, const struct secasindex *saidx) 803 { 804 u_int level; 805 int error; 806 struct secasvar *sav; 807 808 IPSEC_ASSERT(isr != NULL, ("null isr")); 809 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 810 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || 811 saidx->mode == IPSEC_MODE_TUNNEL, 812 ("unexpected policy %u", saidx->mode)); 813 814 /* 815 * XXX guard against protocol callbacks from the crypto 816 * thread as they reference ipsecrequest.sav which we 817 * temporarily null out below. Need to rethink how we 818 * handle bundled SA's in the callback thread. 819 */ 820 IPSECREQUEST_LOCK_ASSERT(isr); 821 822 /* get current level */ 823 level = ipsec_get_reqlevel(isr); 824 825 /* 826 * We check new SA in the IPsec request because a different 827 * SA may be involved each time this request is checked, either 828 * because new SAs are being configured, or this request is 829 * associated with an unconnected datagram socket, or this request 830 * is associated with a system default policy. 831 * 832 * key_allocsa_policy should allocate the oldest SA available. 833 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt. 834 */ 835 sav = key_allocsa_policy(saidx); 836 if (sav != isr->sav) { 837 /* SA need to be updated. */ 838 if (!IPSECREQUEST_UPGRADE(isr)) { 839 /* Kick everyone off. */ 840 IPSECREQUEST_UNLOCK(isr); 841 IPSECREQUEST_WLOCK(isr); 842 } 843 if (isr->sav != NULL) 844 KEY_FREESAV(&isr->sav); 845 isr->sav = sav; 846 IPSECREQUEST_DOWNGRADE(isr); 847 } else if (sav != NULL) 848 KEY_FREESAV(&sav); 849 850 /* When there is SA. */ 851 if (isr->sav != NULL) { 852 if (isr->sav->state != SADB_SASTATE_MATURE && 853 isr->sav->state != SADB_SASTATE_DYING) 854 return EINVAL; 855 return 0; 856 } 857 858 /* there is no SA */ 859 error = key_acquire(saidx, isr->sp); 860 if (error != 0) { 861 /* XXX What should I do ? */ 862 ipseclog((LOG_DEBUG, "%s: error %d returned from key_acquire\n", 863 __func__, error)); 864 return error; 865 } 866 867 if (level != IPSEC_LEVEL_REQUIRE) { 868 /* XXX sigh, the interface to this routine is botched */ 869 IPSEC_ASSERT(isr->sav == NULL, ("unexpected SA")); 870 return 0; 871 } else { 872 return ENOENT; 873 } 874 } 875 876 /* 877 * allocating a SA for policy entry from SAD. 878 * NOTE: searching SAD of aliving state. 879 * OUT: NULL: not found. 880 * others: found and return the pointer. 881 */ 882 static struct secasvar * 883 key_allocsa_policy(const struct secasindex *saidx) 884 { 885 #define N(a) _ARRAYLEN(a) 886 struct secashead *sah; 887 struct secasvar *sav; 888 u_int stateidx, arraysize; 889 const u_int *state_valid; 890 891 state_valid = NULL; /* silence gcc */ 892 arraysize = 0; /* silence gcc */ 893 894 SAHTREE_LOCK(); 895 LIST_FOREACH(sah, &V_sahtree, chain) { 896 if (sah->state == SADB_SASTATE_DEAD) 897 continue; 898 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) { 899 if (V_key_preferred_oldsa) { 900 state_valid = saorder_state_valid_prefer_old; 901 arraysize = N(saorder_state_valid_prefer_old); 902 } else { 903 state_valid = saorder_state_valid_prefer_new; 904 arraysize = N(saorder_state_valid_prefer_new); 905 } 906 break; 907 } 908 } 909 SAHTREE_UNLOCK(); 910 if (sah == NULL) 911 return NULL; 912 913 /* search valid state */ 914 for (stateidx = 0; stateidx < arraysize; stateidx++) { 915 sav = key_do_allocsa_policy(sah, state_valid[stateidx]); 916 if (sav != NULL) 917 return sav; 918 } 919 920 return NULL; 921 #undef N 922 } 923 924 /* 925 * searching SAD with direction, protocol, mode and state. 926 * called by key_allocsa_policy(). 927 * OUT: 928 * NULL : not found 929 * others : found, pointer to a SA. 930 */ 931 static struct secasvar * 932 key_do_allocsa_policy(struct secashead *sah, u_int state) 933 { 934 struct secasvar *sav, *nextsav, *candidate, *d; 935 936 /* initilize */ 937 candidate = NULL; 938 939 SAHTREE_LOCK(); 940 for (sav = LIST_FIRST(&sah->savtree[state]); 941 sav != NULL; 942 sav = nextsav) { 943 944 nextsav = LIST_NEXT(sav, chain); 945 946 /* sanity check */ 947 KEY_CHKSASTATE(sav->state, state, __func__); 948 949 /* initialize */ 950 if (candidate == NULL) { 951 candidate = sav; 952 continue; 953 } 954 955 /* Which SA is the better ? */ 956 957 IPSEC_ASSERT(candidate->lft_c != NULL, 958 ("null candidate lifetime")); 959 IPSEC_ASSERT(sav->lft_c != NULL, ("null sav lifetime")); 960 961 /* What the best method is to compare ? */ 962 if (V_key_preferred_oldsa) { 963 if (candidate->lft_c->addtime > 964 sav->lft_c->addtime) { 965 candidate = sav; 966 } 967 continue; 968 /*NOTREACHED*/ 969 } 970 971 /* preferred new sa rather than old sa */ 972 if (candidate->lft_c->addtime < 973 sav->lft_c->addtime) { 974 d = candidate; 975 candidate = sav; 976 } else 977 d = sav; 978 979 /* 980 * prepared to delete the SA when there is more 981 * suitable candidate and the lifetime of the SA is not 982 * permanent. 983 */ 984 if (d->lft_h->addtime != 0) { 985 struct mbuf *m, *result; 986 u_int8_t satype; 987 988 key_sa_chgstate(d, SADB_SASTATE_DEAD); 989 990 IPSEC_ASSERT(d->refcnt > 0, ("bogus ref count")); 991 992 satype = key_proto2satype(d->sah->saidx.proto); 993 if (satype == 0) 994 goto msgfail; 995 996 m = key_setsadbmsg(SADB_DELETE, 0, 997 satype, 0, 0, d->refcnt - 1); 998 if (!m) 999 goto msgfail; 1000 result = m; 1001 1002 /* set sadb_address for saidx's. */ 1003 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 1004 &d->sah->saidx.src.sa, 1005 d->sah->saidx.src.sa.sa_len << 3, 1006 IPSEC_ULPROTO_ANY); 1007 if (!m) 1008 goto msgfail; 1009 m_cat(result, m); 1010 1011 /* set sadb_address for saidx's. */ 1012 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 1013 &d->sah->saidx.dst.sa, 1014 d->sah->saidx.dst.sa.sa_len << 3, 1015 IPSEC_ULPROTO_ANY); 1016 if (!m) 1017 goto msgfail; 1018 m_cat(result, m); 1019 1020 /* create SA extension */ 1021 m = key_setsadbsa(d); 1022 if (!m) 1023 goto msgfail; 1024 m_cat(result, m); 1025 1026 if (result->m_len < sizeof(struct sadb_msg)) { 1027 result = m_pullup(result, 1028 sizeof(struct sadb_msg)); 1029 if (result == NULL) 1030 goto msgfail; 1031 } 1032 1033 result->m_pkthdr.len = 0; 1034 for (m = result; m; m = m->m_next) 1035 result->m_pkthdr.len += m->m_len; 1036 mtod(result, struct sadb_msg *)->sadb_msg_len = 1037 PFKEY_UNIT64(result->m_pkthdr.len); 1038 1039 if (key_sendup_mbuf(NULL, result, 1040 KEY_SENDUP_REGISTERED)) 1041 goto msgfail; 1042 msgfail: 1043 KEY_FREESAV(&d); 1044 } 1045 } 1046 if (candidate) { 1047 sa_addref(candidate); 1048 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1049 printf("DP %s cause refcnt++:%d SA:%p\n", 1050 __func__, candidate->refcnt, candidate)); 1051 } 1052 SAHTREE_UNLOCK(); 1053 1054 return candidate; 1055 } 1056 1057 /* 1058 * allocating a usable SA entry for a *INBOUND* packet. 1059 * Must call key_freesav() later. 1060 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state). 1061 * NULL: not found, or error occured. 1062 * 1063 * In the comparison, no source address is used--for RFC2401 conformance. 1064 * To quote, from section 4.1: 1065 * A security association is uniquely identified by a triple consisting 1066 * of a Security Parameter Index (SPI), an IP Destination Address, and a 1067 * security protocol (AH or ESP) identifier. 1068 * Note that, however, we do need to keep source address in IPsec SA. 1069 * IKE specification and PF_KEY specification do assume that we 1070 * keep source address in IPsec SA. We see a tricky situation here. 1071 */ 1072 struct secasvar * 1073 key_allocsa(union sockaddr_union *dst, u_int proto, u_int32_t spi, 1074 const char* where, int tag) 1075 { 1076 struct secashead *sah; 1077 struct secasvar *sav; 1078 u_int stateidx, arraysize, state; 1079 const u_int *saorder_state_valid; 1080 #ifdef IPSEC_NAT_T 1081 int natt_chkport; 1082 #endif 1083 1084 IPSEC_ASSERT(dst != NULL, ("null dst address")); 1085 1086 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1087 printf("DP %s from %s:%u\n", __func__, where, tag)); 1088 1089 #ifdef IPSEC_NAT_T 1090 natt_chkport = (dst->sa.sa_family == AF_INET && 1091 dst->sa.sa_len == sizeof(struct sockaddr_in) && 1092 dst->sin.sin_port != 0); 1093 #endif 1094 1095 /* 1096 * searching SAD. 1097 * XXX: to be checked internal IP header somewhere. Also when 1098 * IPsec tunnel packet is received. But ESP tunnel mode is 1099 * encrypted so we can't check internal IP header. 1100 */ 1101 SAHTREE_LOCK(); 1102 if (V_key_preferred_oldsa) { 1103 saorder_state_valid = saorder_state_valid_prefer_old; 1104 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old); 1105 } else { 1106 saorder_state_valid = saorder_state_valid_prefer_new; 1107 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new); 1108 } 1109 LIST_FOREACH(sah, &V_sahtree, chain) { 1110 int checkport; 1111 1112 /* search valid state */ 1113 for (stateidx = 0; stateidx < arraysize; stateidx++) { 1114 state = saorder_state_valid[stateidx]; 1115 LIST_FOREACH(sav, &sah->savtree[state], chain) { 1116 /* sanity check */ 1117 KEY_CHKSASTATE(sav->state, state, __func__); 1118 /* do not return entries w/ unusable state */ 1119 if (sav->state != SADB_SASTATE_MATURE && 1120 sav->state != SADB_SASTATE_DYING) 1121 continue; 1122 if (proto != sav->sah->saidx.proto) 1123 continue; 1124 if (spi != sav->spi) 1125 continue; 1126 checkport = 0; 1127 #ifdef IPSEC_NAT_T 1128 /* 1129 * Really only check ports when this is a NAT-T 1130 * SA. Otherwise other lookups providing ports 1131 * might suffer. 1132 */ 1133 if (sav->natt_type && natt_chkport) 1134 checkport = 1; 1135 #endif 1136 #if 0 /* don't check src */ 1137 /* check src address */ 1138 if (key_sockaddrcmp(&src->sa, 1139 &sav->sah->saidx.src.sa, checkport) != 0) 1140 continue; 1141 #endif 1142 /* check dst address */ 1143 if (key_sockaddrcmp(&dst->sa, 1144 &sav->sah->saidx.dst.sa, checkport) != 0) 1145 continue; 1146 sa_addref(sav); 1147 goto done; 1148 } 1149 } 1150 } 1151 sav = NULL; 1152 done: 1153 SAHTREE_UNLOCK(); 1154 1155 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1156 printf("DP %s return SA:%p; refcnt %u\n", __func__, 1157 sav, sav ? sav->refcnt : 0)); 1158 return sav; 1159 } 1160 1161 /* 1162 * Must be called after calling key_allocsp(). 1163 * For both the packet without socket and key_freeso(). 1164 */ 1165 void 1166 _key_freesp(struct secpolicy **spp, const char* where, int tag) 1167 { 1168 struct ipsecrequest *isr, *nextisr; 1169 struct secpolicy *sp = *spp; 1170 1171 IPSEC_ASSERT(sp != NULL, ("null sp")); 1172 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1173 printf("DP %s SP:%p (ID=%u) from %s:%u; refcnt now %u\n", 1174 __func__, sp, sp->id, where, tag, sp->refcnt)); 1175 1176 if (SP_DELREF(sp) == 0) 1177 return; 1178 *spp = NULL; 1179 for (isr = sp->req; isr != NULL; isr = nextisr) { 1180 if (isr->sav != NULL) { 1181 KEY_FREESAV(&isr->sav); 1182 isr->sav = NULL; 1183 } 1184 nextisr = isr->next; 1185 ipsec_delisr(isr); 1186 } 1187 free(sp, M_IPSEC_SP); 1188 } 1189 1190 static void 1191 key_unlink(struct secpolicy *sp) 1192 { 1193 1194 IPSEC_ASSERT(sp != NULL, ("null sp")); 1195 IPSEC_ASSERT(sp->spidx.dir == IPSEC_DIR_INBOUND || 1196 sp->spidx.dir == IPSEC_DIR_OUTBOUND, 1197 ("invalid direction %u", sp->spidx.dir)); 1198 SPTREE_UNLOCK_ASSERT(); 1199 1200 SPTREE_WLOCK(); 1201 if (sp->state == IPSEC_SPSTATE_DEAD) { 1202 SPTREE_WUNLOCK(); 1203 return; 1204 } 1205 sp->state = IPSEC_SPSTATE_DEAD; 1206 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 1207 SPTREE_WUNLOCK(); 1208 KEY_FREESP(&sp); 1209 } 1210 1211 /* 1212 * insert a secpolicy into the SP database. Lower priorities first 1213 */ 1214 static void 1215 key_insertsp(struct secpolicy *newsp) 1216 { 1217 struct secpolicy *sp; 1218 1219 SPTREE_WLOCK(); 1220 TAILQ_FOREACH(sp, &V_sptree[newsp->spidx.dir], chain) { 1221 if (newsp->priority < sp->priority) { 1222 TAILQ_INSERT_BEFORE(sp, newsp, chain); 1223 goto done; 1224 } 1225 } 1226 1227 TAILQ_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, chain); 1228 1229 done: 1230 newsp->state = IPSEC_SPSTATE_ALIVE; 1231 SPTREE_WUNLOCK(); 1232 } 1233 1234 /* 1235 * Must be called after calling key_allocsp(). 1236 * For the packet with socket. 1237 */ 1238 void 1239 key_freeso(struct socket *so) 1240 { 1241 IPSEC_ASSERT(so != NULL, ("null so")); 1242 1243 switch (so->so_proto->pr_domain->dom_family) { 1244 #if defined(INET) || defined(INET6) 1245 #ifdef INET 1246 case PF_INET: 1247 #endif 1248 #ifdef INET6 1249 case PF_INET6: 1250 #endif 1251 { 1252 struct inpcb *pcb = sotoinpcb(so); 1253 1254 /* Does it have a PCB ? */ 1255 if (pcb == NULL) 1256 return; 1257 key_freesp_so(&pcb->inp_sp->sp_in); 1258 key_freesp_so(&pcb->inp_sp->sp_out); 1259 } 1260 break; 1261 #endif /* INET || INET6 */ 1262 default: 1263 ipseclog((LOG_DEBUG, "%s: unknown address family=%d.\n", 1264 __func__, so->so_proto->pr_domain->dom_family)); 1265 return; 1266 } 1267 } 1268 1269 static void 1270 key_freesp_so(struct secpolicy **sp) 1271 { 1272 IPSEC_ASSERT(sp != NULL && *sp != NULL, ("null sp")); 1273 1274 if ((*sp)->policy == IPSEC_POLICY_ENTRUST || 1275 (*sp)->policy == IPSEC_POLICY_BYPASS) 1276 return; 1277 1278 IPSEC_ASSERT((*sp)->policy == IPSEC_POLICY_IPSEC, 1279 ("invalid policy %u", (*sp)->policy)); 1280 KEY_FREESP(sp); 1281 } 1282 1283 void 1284 key_addrefsa(struct secasvar *sav, const char* where, int tag) 1285 { 1286 1287 IPSEC_ASSERT(sav != NULL, ("null sav")); 1288 IPSEC_ASSERT(sav->refcnt > 0, ("refcount must exist")); 1289 1290 sa_addref(sav); 1291 } 1292 1293 /* 1294 * Must be called after calling key_allocsa(). 1295 * This function is called by key_freesp() to free some SA allocated 1296 * for a policy. 1297 */ 1298 void 1299 key_freesav(struct secasvar **psav, const char* where, int tag) 1300 { 1301 struct secasvar *sav = *psav; 1302 1303 IPSEC_ASSERT(sav != NULL, ("null sav")); 1304 1305 if (sa_delref(sav)) { 1306 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1307 printf("DP %s SA:%p (SPI %u) from %s:%u; refcnt now %u\n", 1308 __func__, sav, ntohl(sav->spi), where, tag, sav->refcnt)); 1309 *psav = NULL; 1310 key_delsav(sav); 1311 } else { 1312 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1313 printf("DP %s SA:%p (SPI %u) from %s:%u; refcnt now %u\n", 1314 __func__, sav, ntohl(sav->spi), where, tag, sav->refcnt)); 1315 } 1316 } 1317 1318 /* %%% SPD management */ 1319 /* 1320 * search SPD 1321 * OUT: NULL : not found 1322 * others : found, pointer to a SP. 1323 */ 1324 static struct secpolicy * 1325 key_getsp(struct secpolicyindex *spidx) 1326 { 1327 SPTREE_RLOCK_TRACKER; 1328 struct secpolicy *sp; 1329 1330 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 1331 1332 SPTREE_RLOCK(); 1333 TAILQ_FOREACH(sp, &V_sptree[spidx->dir], chain) { 1334 if (key_cmpspidx_exactly(spidx, &sp->spidx)) { 1335 SP_ADDREF(sp); 1336 break; 1337 } 1338 } 1339 SPTREE_RUNLOCK(); 1340 1341 return sp; 1342 } 1343 1344 /* 1345 * get SP by index. 1346 * OUT: NULL : not found 1347 * others : found, pointer to a SP. 1348 */ 1349 static struct secpolicy * 1350 key_getspbyid(u_int32_t id) 1351 { 1352 SPTREE_RLOCK_TRACKER; 1353 struct secpolicy *sp; 1354 1355 SPTREE_RLOCK(); 1356 TAILQ_FOREACH(sp, &V_sptree[IPSEC_DIR_INBOUND], chain) { 1357 if (sp->id == id) { 1358 SP_ADDREF(sp); 1359 goto done; 1360 } 1361 } 1362 1363 TAILQ_FOREACH(sp, &V_sptree[IPSEC_DIR_OUTBOUND], chain) { 1364 if (sp->id == id) { 1365 SP_ADDREF(sp); 1366 goto done; 1367 } 1368 } 1369 done: 1370 SPTREE_RUNLOCK(); 1371 1372 return sp; 1373 } 1374 1375 struct secpolicy * 1376 key_newsp(const char* where, int tag) 1377 { 1378 struct secpolicy *newsp = NULL; 1379 1380 newsp = (struct secpolicy *) 1381 malloc(sizeof(struct secpolicy), M_IPSEC_SP, M_NOWAIT|M_ZERO); 1382 if (newsp) 1383 refcount_init(&newsp->refcnt, 1); 1384 1385 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1386 printf("DP %s from %s:%u return SP:%p\n", __func__, 1387 where, tag, newsp)); 1388 return newsp; 1389 } 1390 1391 /* 1392 * create secpolicy structure from sadb_x_policy structure. 1393 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set, 1394 * so must be set properly later. 1395 */ 1396 struct secpolicy * 1397 key_msg2sp(struct sadb_x_policy *xpl0, size_t len, int *error) 1398 { 1399 struct secpolicy *newsp; 1400 1401 IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); 1402 IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len)); 1403 1404 if (len != PFKEY_EXTLEN(xpl0)) { 1405 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__)); 1406 *error = EINVAL; 1407 return NULL; 1408 } 1409 1410 if ((newsp = KEY_NEWSP()) == NULL) { 1411 *error = ENOBUFS; 1412 return NULL; 1413 } 1414 1415 newsp->spidx.dir = xpl0->sadb_x_policy_dir; 1416 newsp->policy = xpl0->sadb_x_policy_type; 1417 newsp->priority = xpl0->sadb_x_policy_priority; 1418 1419 /* check policy */ 1420 switch (xpl0->sadb_x_policy_type) { 1421 case IPSEC_POLICY_DISCARD: 1422 case IPSEC_POLICY_NONE: 1423 case IPSEC_POLICY_ENTRUST: 1424 case IPSEC_POLICY_BYPASS: 1425 newsp->req = NULL; 1426 break; 1427 1428 case IPSEC_POLICY_IPSEC: 1429 { 1430 int tlen; 1431 struct sadb_x_ipsecrequest *xisr; 1432 struct ipsecrequest **p_isr = &newsp->req; 1433 1434 /* validity check */ 1435 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { 1436 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", 1437 __func__)); 1438 KEY_FREESP(&newsp); 1439 *error = EINVAL; 1440 return NULL; 1441 } 1442 1443 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); 1444 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1); 1445 1446 while (tlen > 0) { 1447 /* length check */ 1448 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) { 1449 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest " 1450 "length.\n", __func__)); 1451 KEY_FREESP(&newsp); 1452 *error = EINVAL; 1453 return NULL; 1454 } 1455 1456 /* allocate request buffer */ 1457 /* NB: data structure is zero'd */ 1458 *p_isr = ipsec_newisr(); 1459 if ((*p_isr) == NULL) { 1460 ipseclog((LOG_DEBUG, 1461 "%s: No more memory.\n", __func__)); 1462 KEY_FREESP(&newsp); 1463 *error = ENOBUFS; 1464 return NULL; 1465 } 1466 1467 /* set values */ 1468 switch (xisr->sadb_x_ipsecrequest_proto) { 1469 case IPPROTO_ESP: 1470 case IPPROTO_AH: 1471 case IPPROTO_IPCOMP: 1472 break; 1473 default: 1474 ipseclog((LOG_DEBUG, 1475 "%s: invalid proto type=%u\n", __func__, 1476 xisr->sadb_x_ipsecrequest_proto)); 1477 KEY_FREESP(&newsp); 1478 *error = EPROTONOSUPPORT; 1479 return NULL; 1480 } 1481 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto; 1482 1483 switch (xisr->sadb_x_ipsecrequest_mode) { 1484 case IPSEC_MODE_TRANSPORT: 1485 case IPSEC_MODE_TUNNEL: 1486 break; 1487 case IPSEC_MODE_ANY: 1488 default: 1489 ipseclog((LOG_DEBUG, 1490 "%s: invalid mode=%u\n", __func__, 1491 xisr->sadb_x_ipsecrequest_mode)); 1492 KEY_FREESP(&newsp); 1493 *error = EINVAL; 1494 return NULL; 1495 } 1496 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode; 1497 1498 switch (xisr->sadb_x_ipsecrequest_level) { 1499 case IPSEC_LEVEL_DEFAULT: 1500 case IPSEC_LEVEL_USE: 1501 case IPSEC_LEVEL_REQUIRE: 1502 break; 1503 case IPSEC_LEVEL_UNIQUE: 1504 /* validity check */ 1505 /* 1506 * If range violation of reqid, kernel will 1507 * update it, don't refuse it. 1508 */ 1509 if (xisr->sadb_x_ipsecrequest_reqid 1510 > IPSEC_MANUAL_REQID_MAX) { 1511 ipseclog((LOG_DEBUG, 1512 "%s: reqid=%d range " 1513 "violation, updated by kernel.\n", 1514 __func__, 1515 xisr->sadb_x_ipsecrequest_reqid)); 1516 xisr->sadb_x_ipsecrequest_reqid = 0; 1517 } 1518 1519 /* allocate new reqid id if reqid is zero. */ 1520 if (xisr->sadb_x_ipsecrequest_reqid == 0) { 1521 u_int32_t reqid; 1522 if ((reqid = key_newreqid()) == 0) { 1523 KEY_FREESP(&newsp); 1524 *error = ENOBUFS; 1525 return NULL; 1526 } 1527 (*p_isr)->saidx.reqid = reqid; 1528 xisr->sadb_x_ipsecrequest_reqid = reqid; 1529 } else { 1530 /* set it for manual keying. */ 1531 (*p_isr)->saidx.reqid = 1532 xisr->sadb_x_ipsecrequest_reqid; 1533 } 1534 break; 1535 1536 default: 1537 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n", 1538 __func__, 1539 xisr->sadb_x_ipsecrequest_level)); 1540 KEY_FREESP(&newsp); 1541 *error = EINVAL; 1542 return NULL; 1543 } 1544 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level; 1545 1546 /* set IP addresses if there */ 1547 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 1548 struct sockaddr *paddr; 1549 1550 paddr = (struct sockaddr *)(xisr + 1); 1551 1552 /* validity check */ 1553 if (paddr->sa_len 1554 > sizeof((*p_isr)->saidx.src)) { 1555 ipseclog((LOG_DEBUG, "%s: invalid " 1556 "request address length.\n", 1557 __func__)); 1558 KEY_FREESP(&newsp); 1559 *error = EINVAL; 1560 return NULL; 1561 } 1562 bcopy(paddr, &(*p_isr)->saidx.src, 1563 paddr->sa_len); 1564 1565 paddr = (struct sockaddr *)((caddr_t)paddr 1566 + paddr->sa_len); 1567 1568 /* validity check */ 1569 if (paddr->sa_len 1570 > sizeof((*p_isr)->saidx.dst)) { 1571 ipseclog((LOG_DEBUG, "%s: invalid " 1572 "request address length.\n", 1573 __func__)); 1574 KEY_FREESP(&newsp); 1575 *error = EINVAL; 1576 return NULL; 1577 } 1578 bcopy(paddr, &(*p_isr)->saidx.dst, 1579 paddr->sa_len); 1580 } 1581 1582 (*p_isr)->sp = newsp; 1583 1584 /* initialization for the next. */ 1585 p_isr = &(*p_isr)->next; 1586 tlen -= xisr->sadb_x_ipsecrequest_len; 1587 1588 /* validity check */ 1589 if (tlen < 0) { 1590 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n", 1591 __func__)); 1592 KEY_FREESP(&newsp); 1593 *error = EINVAL; 1594 return NULL; 1595 } 1596 1597 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 1598 + xisr->sadb_x_ipsecrequest_len); 1599 } 1600 } 1601 break; 1602 default: 1603 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 1604 KEY_FREESP(&newsp); 1605 *error = EINVAL; 1606 return NULL; 1607 } 1608 1609 *error = 0; 1610 return newsp; 1611 } 1612 1613 static u_int32_t 1614 key_newreqid() 1615 { 1616 static u_int32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1617 1618 auto_reqid = (auto_reqid == ~0 1619 ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1); 1620 1621 /* XXX should be unique check */ 1622 1623 return auto_reqid; 1624 } 1625 1626 /* 1627 * copy secpolicy struct to sadb_x_policy structure indicated. 1628 */ 1629 struct mbuf * 1630 key_sp2msg(struct secpolicy *sp) 1631 { 1632 struct sadb_x_policy *xpl; 1633 int tlen; 1634 caddr_t p; 1635 struct mbuf *m; 1636 1637 IPSEC_ASSERT(sp != NULL, ("null policy")); 1638 1639 tlen = key_getspreqmsglen(sp); 1640 1641 m = m_get2(tlen, M_NOWAIT, MT_DATA, 0); 1642 if (m == NULL) 1643 return (NULL); 1644 m_align(m, tlen); 1645 m->m_len = tlen; 1646 xpl = mtod(m, struct sadb_x_policy *); 1647 bzero(xpl, tlen); 1648 1649 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen); 1650 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1651 xpl->sadb_x_policy_type = sp->policy; 1652 xpl->sadb_x_policy_dir = sp->spidx.dir; 1653 xpl->sadb_x_policy_id = sp->id; 1654 xpl->sadb_x_policy_priority = sp->priority; 1655 p = (caddr_t)xpl + sizeof(*xpl); 1656 1657 /* if is the policy for ipsec ? */ 1658 if (sp->policy == IPSEC_POLICY_IPSEC) { 1659 struct sadb_x_ipsecrequest *xisr; 1660 struct ipsecrequest *isr; 1661 1662 for (isr = sp->req; isr != NULL; isr = isr->next) { 1663 1664 xisr = (struct sadb_x_ipsecrequest *)p; 1665 1666 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 1667 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 1668 xisr->sadb_x_ipsecrequest_level = isr->level; 1669 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; 1670 1671 p += sizeof(*xisr); 1672 bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len); 1673 p += isr->saidx.src.sa.sa_len; 1674 bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len); 1675 p += isr->saidx.src.sa.sa_len; 1676 1677 xisr->sadb_x_ipsecrequest_len = 1678 PFKEY_ALIGN8(sizeof(*xisr) 1679 + isr->saidx.src.sa.sa_len 1680 + isr->saidx.dst.sa.sa_len); 1681 } 1682 } 1683 1684 return m; 1685 } 1686 1687 /* m will not be freed nor modified */ 1688 static struct mbuf * 1689 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, 1690 int ndeep, int nitem, ...) 1691 { 1692 va_list ap; 1693 int idx; 1694 int i; 1695 struct mbuf *result = NULL, *n; 1696 int len; 1697 1698 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1699 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1700 1701 va_start(ap, nitem); 1702 for (i = 0; i < nitem; i++) { 1703 idx = va_arg(ap, int); 1704 if (idx < 0 || idx > SADB_EXT_MAX) 1705 goto fail; 1706 /* don't attempt to pull empty extension */ 1707 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) 1708 continue; 1709 if (idx != SADB_EXT_RESERVED && 1710 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) 1711 continue; 1712 1713 if (idx == SADB_EXT_RESERVED) { 1714 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 1715 1716 IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len)); 1717 1718 MGETHDR(n, M_NOWAIT, MT_DATA); 1719 if (!n) 1720 goto fail; 1721 n->m_len = len; 1722 n->m_next = NULL; 1723 m_copydata(m, 0, sizeof(struct sadb_msg), 1724 mtod(n, caddr_t)); 1725 } else if (i < ndeep) { 1726 len = mhp->extlen[idx]; 1727 n = m_get2(len, M_NOWAIT, MT_DATA, 0); 1728 if (n == NULL) 1729 goto fail; 1730 m_align(n, len); 1731 n->m_len = len; 1732 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], 1733 mtod(n, caddr_t)); 1734 } else { 1735 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], 1736 M_NOWAIT); 1737 } 1738 if (n == NULL) 1739 goto fail; 1740 1741 if (result) 1742 m_cat(result, n); 1743 else 1744 result = n; 1745 } 1746 va_end(ap); 1747 1748 if ((result->m_flags & M_PKTHDR) != 0) { 1749 result->m_pkthdr.len = 0; 1750 for (n = result; n; n = n->m_next) 1751 result->m_pkthdr.len += n->m_len; 1752 } 1753 1754 return result; 1755 1756 fail: 1757 m_freem(result); 1758 va_end(ap); 1759 return NULL; 1760 } 1761 1762 /* 1763 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing 1764 * add an entry to SP database, when received 1765 * <base, address(SD), (lifetime(H),) policy> 1766 * from the user(?). 1767 * Adding to SP database, 1768 * and send 1769 * <base, address(SD), (lifetime(H),) policy> 1770 * to the socket which was send. 1771 * 1772 * SPDADD set a unique policy entry. 1773 * SPDSETIDX like SPDADD without a part of policy requests. 1774 * SPDUPDATE replace a unique policy entry. 1775 * 1776 * m will always be freed. 1777 */ 1778 static int 1779 key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 1780 { 1781 struct sadb_address *src0, *dst0; 1782 struct sadb_x_policy *xpl0, *xpl; 1783 struct sadb_lifetime *lft = NULL; 1784 struct secpolicyindex spidx; 1785 struct secpolicy *newsp; 1786 int error; 1787 1788 IPSEC_ASSERT(so != NULL, ("null socket")); 1789 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1790 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1791 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 1792 1793 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 1794 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 1795 mhp->ext[SADB_X_EXT_POLICY] == NULL) { 1796 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n")); 1797 return key_senderror(so, m, EINVAL); 1798 } 1799 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 1800 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || 1801 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 1802 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 1803 __func__)); 1804 return key_senderror(so, m, EINVAL); 1805 } 1806 if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) { 1807 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] 1808 < sizeof(struct sadb_lifetime)) { 1809 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 1810 __func__)); 1811 return key_senderror(so, m, EINVAL); 1812 } 1813 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 1814 } 1815 1816 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 1817 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 1818 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 1819 1820 /* 1821 * Note: do not parse SADB_X_EXT_NAT_T_* here: 1822 * we are processing traffic endpoints. 1823 */ 1824 1825 /* make secindex */ 1826 /* XXX boundary check against sa_len */ 1827 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 1828 src0 + 1, 1829 dst0 + 1, 1830 src0->sadb_address_prefixlen, 1831 dst0->sadb_address_prefixlen, 1832 src0->sadb_address_proto, 1833 &spidx); 1834 1835 /* checking the direciton. */ 1836 switch (xpl0->sadb_x_policy_dir) { 1837 case IPSEC_DIR_INBOUND: 1838 case IPSEC_DIR_OUTBOUND: 1839 break; 1840 default: 1841 ipseclog((LOG_DEBUG, "%s: Invalid SP direction.\n", __func__)); 1842 mhp->msg->sadb_msg_errno = EINVAL; 1843 return 0; 1844 } 1845 1846 /* check policy */ 1847 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */ 1848 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST 1849 || xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) { 1850 ipseclog((LOG_DEBUG, "%s: Invalid policy type.\n", __func__)); 1851 return key_senderror(so, m, EINVAL); 1852 } 1853 1854 /* policy requests are mandatory when action is ipsec. */ 1855 if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX 1856 && xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC 1857 && mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { 1858 ipseclog((LOG_DEBUG, "%s: some policy requests part required\n", 1859 __func__)); 1860 return key_senderror(so, m, EINVAL); 1861 } 1862 1863 /* 1864 * checking there is SP already or not. 1865 * SPDUPDATE doesn't depend on whether there is a SP or not. 1866 * If the type is either SPDADD or SPDSETIDX AND a SP is found, 1867 * then error. 1868 */ 1869 newsp = key_getsp(&spidx); 1870 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 1871 if (newsp) { 1872 key_unlink(newsp); 1873 KEY_FREESP(&newsp); 1874 } 1875 } else { 1876 if (newsp != NULL) { 1877 KEY_FREESP(&newsp); 1878 ipseclog((LOG_DEBUG, "%s: a SP entry exists already.\n", 1879 __func__)); 1880 return key_senderror(so, m, EEXIST); 1881 } 1882 } 1883 1884 /* XXX: there is race between key_getsp and key_msg2sp. */ 1885 1886 /* allocation new SP entry */ 1887 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) { 1888 return key_senderror(so, m, error); 1889 } 1890 1891 if ((newsp->id = key_getnewspid()) == 0) { 1892 KEY_FREESP(&newsp); 1893 return key_senderror(so, m, ENOBUFS); 1894 } 1895 1896 /* XXX boundary check against sa_len */ 1897 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 1898 src0 + 1, 1899 dst0 + 1, 1900 src0->sadb_address_prefixlen, 1901 dst0->sadb_address_prefixlen, 1902 src0->sadb_address_proto, 1903 &newsp->spidx); 1904 1905 /* sanity check on addr pair */ 1906 if (((struct sockaddr *)(src0 + 1))->sa_family != 1907 ((struct sockaddr *)(dst0+ 1))->sa_family) { 1908 KEY_FREESP(&newsp); 1909 return key_senderror(so, m, EINVAL); 1910 } 1911 if (((struct sockaddr *)(src0 + 1))->sa_len != 1912 ((struct sockaddr *)(dst0+ 1))->sa_len) { 1913 KEY_FREESP(&newsp); 1914 return key_senderror(so, m, EINVAL); 1915 } 1916 #if 1 1917 if (newsp->req && newsp->req->saidx.src.sa.sa_family && 1918 newsp->req->saidx.dst.sa.sa_family) { 1919 if (newsp->req->saidx.src.sa.sa_family != 1920 newsp->req->saidx.dst.sa.sa_family) { 1921 KEY_FREESP(&newsp); 1922 return key_senderror(so, m, EINVAL); 1923 } 1924 } 1925 #endif 1926 1927 newsp->created = time_second; 1928 newsp->lastused = newsp->created; 1929 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; 1930 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; 1931 1932 key_insertsp(newsp); 1933 1934 /* delete the entry in spacqtree */ 1935 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 1936 struct secspacq *spacq = key_getspacq(&spidx); 1937 if (spacq != NULL) { 1938 /* reset counter in order to deletion by timehandler. */ 1939 spacq->created = time_second; 1940 spacq->count = 0; 1941 SPACQ_UNLOCK(); 1942 } 1943 } 1944 1945 { 1946 struct mbuf *n, *mpolicy; 1947 struct sadb_msg *newmsg; 1948 int off; 1949 1950 /* 1951 * Note: do not send SADB_X_EXT_NAT_T_* here: 1952 * we are sending traffic endpoints. 1953 */ 1954 1955 /* create new sadb_msg to reply. */ 1956 if (lft) { 1957 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, 1958 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, 1959 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 1960 } else { 1961 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, 1962 SADB_X_EXT_POLICY, 1963 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 1964 } 1965 if (!n) 1966 return key_senderror(so, m, ENOBUFS); 1967 1968 if (n->m_len < sizeof(*newmsg)) { 1969 n = m_pullup(n, sizeof(*newmsg)); 1970 if (!n) 1971 return key_senderror(so, m, ENOBUFS); 1972 } 1973 newmsg = mtod(n, struct sadb_msg *); 1974 newmsg->sadb_msg_errno = 0; 1975 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 1976 1977 off = 0; 1978 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), 1979 sizeof(*xpl), &off); 1980 if (mpolicy == NULL) { 1981 /* n is already freed */ 1982 return key_senderror(so, m, ENOBUFS); 1983 } 1984 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off); 1985 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { 1986 m_freem(n); 1987 return key_senderror(so, m, EINVAL); 1988 } 1989 xpl->sadb_x_policy_id = newsp->id; 1990 1991 m_freem(m); 1992 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 1993 } 1994 } 1995 1996 /* 1997 * get new policy id. 1998 * OUT: 1999 * 0: failure. 2000 * others: success. 2001 */ 2002 static u_int32_t 2003 key_getnewspid() 2004 { 2005 u_int32_t newid = 0; 2006 int count = V_key_spi_trycnt; /* XXX */ 2007 struct secpolicy *sp; 2008 2009 /* when requesting to allocate spi ranged */ 2010 while (count--) { 2011 newid = (V_policy_id = (V_policy_id == ~0 ? 1 : V_policy_id + 1)); 2012 2013 if ((sp = key_getspbyid(newid)) == NULL) 2014 break; 2015 2016 KEY_FREESP(&sp); 2017 } 2018 2019 if (count == 0 || newid == 0) { 2020 ipseclog((LOG_DEBUG, "%s: to allocate policy id is failed.\n", 2021 __func__)); 2022 return 0; 2023 } 2024 2025 return newid; 2026 } 2027 2028 /* 2029 * SADB_SPDDELETE processing 2030 * receive 2031 * <base, address(SD), policy(*)> 2032 * from the user(?), and set SADB_SASTATE_DEAD, 2033 * and send, 2034 * <base, address(SD), policy(*)> 2035 * to the ikmpd. 2036 * policy(*) including direction of policy. 2037 * 2038 * m will always be freed. 2039 */ 2040 static int 2041 key_spddelete(struct socket *so, struct mbuf *m, 2042 const struct sadb_msghdr *mhp) 2043 { 2044 struct sadb_address *src0, *dst0; 2045 struct sadb_x_policy *xpl0; 2046 struct secpolicyindex spidx; 2047 struct secpolicy *sp; 2048 2049 IPSEC_ASSERT(so != NULL, ("null so")); 2050 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2051 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2052 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2053 2054 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 2055 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 2056 mhp->ext[SADB_X_EXT_POLICY] == NULL) { 2057 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2058 __func__)); 2059 return key_senderror(so, m, EINVAL); 2060 } 2061 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 2062 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || 2063 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2064 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2065 __func__)); 2066 return key_senderror(so, m, EINVAL); 2067 } 2068 2069 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 2070 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2071 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2072 2073 /* 2074 * Note: do not parse SADB_X_EXT_NAT_T_* here: 2075 * we are processing traffic endpoints. 2076 */ 2077 2078 /* make secindex */ 2079 /* XXX boundary check against sa_len */ 2080 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2081 src0 + 1, 2082 dst0 + 1, 2083 src0->sadb_address_prefixlen, 2084 dst0->sadb_address_prefixlen, 2085 src0->sadb_address_proto, 2086 &spidx); 2087 2088 /* checking the direciton. */ 2089 switch (xpl0->sadb_x_policy_dir) { 2090 case IPSEC_DIR_INBOUND: 2091 case IPSEC_DIR_OUTBOUND: 2092 break; 2093 default: 2094 ipseclog((LOG_DEBUG, "%s: Invalid SP direction.\n", __func__)); 2095 return key_senderror(so, m, EINVAL); 2096 } 2097 2098 /* Is there SP in SPD ? */ 2099 if ((sp = key_getsp(&spidx)) == NULL) { 2100 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__)); 2101 return key_senderror(so, m, EINVAL); 2102 } 2103 2104 /* save policy id to buffer to be returned. */ 2105 xpl0->sadb_x_policy_id = sp->id; 2106 2107 key_unlink(sp); 2108 KEY_FREESP(&sp); 2109 2110 { 2111 struct mbuf *n; 2112 struct sadb_msg *newmsg; 2113 2114 /* 2115 * Note: do not send SADB_X_EXT_NAT_T_* here: 2116 * we are sending traffic endpoints. 2117 */ 2118 2119 /* create new sadb_msg to reply. */ 2120 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 2121 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2122 if (!n) 2123 return key_senderror(so, m, ENOBUFS); 2124 2125 newmsg = mtod(n, struct sadb_msg *); 2126 newmsg->sadb_msg_errno = 0; 2127 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2128 2129 m_freem(m); 2130 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2131 } 2132 } 2133 2134 /* 2135 * SADB_SPDDELETE2 processing 2136 * receive 2137 * <base, policy(*)> 2138 * from the user(?), and set SADB_SASTATE_DEAD, 2139 * and send, 2140 * <base, policy(*)> 2141 * to the ikmpd. 2142 * policy(*) including direction of policy. 2143 * 2144 * m will always be freed. 2145 */ 2146 static int 2147 key_spddelete2(struct socket *so, struct mbuf *m, 2148 const struct sadb_msghdr *mhp) 2149 { 2150 u_int32_t id; 2151 struct secpolicy *sp; 2152 2153 IPSEC_ASSERT(so != NULL, ("null socket")); 2154 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2155 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2156 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2157 2158 if (mhp->ext[SADB_X_EXT_POLICY] == NULL || 2159 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2160 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", __func__)); 2161 return key_senderror(so, m, EINVAL); 2162 } 2163 2164 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2165 2166 /* Is there SP in SPD ? */ 2167 if ((sp = key_getspbyid(id)) == NULL) { 2168 ipseclog((LOG_DEBUG, "%s: no SP found id:%u.\n", __func__, id)); 2169 return key_senderror(so, m, EINVAL); 2170 } 2171 2172 key_unlink(sp); 2173 KEY_FREESP(&sp); 2174 2175 { 2176 struct mbuf *n, *nn; 2177 struct sadb_msg *newmsg; 2178 int off, len; 2179 2180 /* create new sadb_msg to reply. */ 2181 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2182 2183 MGETHDR(n, M_NOWAIT, MT_DATA); 2184 if (n && len > MHLEN) { 2185 if (!(MCLGET(n, M_NOWAIT))) { 2186 m_freem(n); 2187 n = NULL; 2188 } 2189 } 2190 if (!n) 2191 return key_senderror(so, m, ENOBUFS); 2192 2193 n->m_len = len; 2194 n->m_next = NULL; 2195 off = 0; 2196 2197 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 2198 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2199 2200 IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)", 2201 off, len)); 2202 2203 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], 2204 mhp->extlen[SADB_X_EXT_POLICY], M_NOWAIT); 2205 if (!n->m_next) { 2206 m_freem(n); 2207 return key_senderror(so, m, ENOBUFS); 2208 } 2209 2210 n->m_pkthdr.len = 0; 2211 for (nn = n; nn; nn = nn->m_next) 2212 n->m_pkthdr.len += nn->m_len; 2213 2214 newmsg = mtod(n, struct sadb_msg *); 2215 newmsg->sadb_msg_errno = 0; 2216 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2217 2218 m_freem(m); 2219 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2220 } 2221 } 2222 2223 /* 2224 * SADB_X_SPDGET processing 2225 * receive 2226 * <base, policy(*)> 2227 * from the user(?), 2228 * and send, 2229 * <base, address(SD), policy> 2230 * to the ikmpd. 2231 * policy(*) including direction of policy. 2232 * 2233 * m will always be freed. 2234 */ 2235 static int 2236 key_spdget(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2237 { 2238 u_int32_t id; 2239 struct secpolicy *sp; 2240 struct mbuf *n; 2241 2242 IPSEC_ASSERT(so != NULL, ("null socket")); 2243 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2244 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2245 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2246 2247 if (mhp->ext[SADB_X_EXT_POLICY] == NULL || 2248 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2249 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2250 __func__)); 2251 return key_senderror(so, m, EINVAL); 2252 } 2253 2254 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2255 2256 /* Is there SP in SPD ? */ 2257 if ((sp = key_getspbyid(id)) == NULL) { 2258 ipseclog((LOG_DEBUG, "%s: no SP found id:%u.\n", __func__, id)); 2259 return key_senderror(so, m, ENOENT); 2260 } 2261 2262 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq, 2263 mhp->msg->sadb_msg_pid); 2264 KEY_FREESP(&sp); 2265 if (n != NULL) { 2266 m_freem(m); 2267 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2268 } else 2269 return key_senderror(so, m, ENOBUFS); 2270 } 2271 2272 /* 2273 * SADB_X_SPDACQUIRE processing. 2274 * Acquire policy and SA(s) for a *OUTBOUND* packet. 2275 * send 2276 * <base, policy(*)> 2277 * to KMD, and expect to receive 2278 * <base> with SADB_X_SPDACQUIRE if error occured, 2279 * or 2280 * <base, policy> 2281 * with SADB_X_SPDUPDATE from KMD by PF_KEY. 2282 * policy(*) is without policy requests. 2283 * 2284 * 0 : succeed 2285 * others: error number 2286 */ 2287 int 2288 key_spdacquire(struct secpolicy *sp) 2289 { 2290 struct mbuf *result = NULL, *m; 2291 struct secspacq *newspacq; 2292 2293 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2294 IPSEC_ASSERT(sp->req == NULL, ("policy exists")); 2295 IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, 2296 ("policy not IPSEC %u", sp->policy)); 2297 2298 /* Get an entry to check whether sent message or not. */ 2299 newspacq = key_getspacq(&sp->spidx); 2300 if (newspacq != NULL) { 2301 if (V_key_blockacq_count < newspacq->count) { 2302 /* reset counter and do send message. */ 2303 newspacq->count = 0; 2304 } else { 2305 /* increment counter and do nothing. */ 2306 newspacq->count++; 2307 SPACQ_UNLOCK(); 2308 return (0); 2309 } 2310 SPACQ_UNLOCK(); 2311 } else { 2312 /* make new entry for blocking to send SADB_ACQUIRE. */ 2313 newspacq = key_newspacq(&sp->spidx); 2314 if (newspacq == NULL) 2315 return ENOBUFS; 2316 } 2317 2318 /* create new sadb_msg to reply. */ 2319 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); 2320 if (!m) 2321 return ENOBUFS; 2322 2323 result = m; 2324 2325 result->m_pkthdr.len = 0; 2326 for (m = result; m; m = m->m_next) 2327 result->m_pkthdr.len += m->m_len; 2328 2329 mtod(result, struct sadb_msg *)->sadb_msg_len = 2330 PFKEY_UNIT64(result->m_pkthdr.len); 2331 2332 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED); 2333 } 2334 2335 /* 2336 * SADB_SPDFLUSH processing 2337 * receive 2338 * <base> 2339 * from the user, and free all entries in secpctree. 2340 * and send, 2341 * <base> 2342 * to the user. 2343 * NOTE: what to do is only marking SADB_SASTATE_DEAD. 2344 * 2345 * m will always be freed. 2346 */ 2347 static int 2348 key_spdflush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2349 { 2350 TAILQ_HEAD(, secpolicy) drainq; 2351 struct sadb_msg *newmsg; 2352 struct secpolicy *sp, *nextsp; 2353 u_int dir; 2354 2355 IPSEC_ASSERT(so != NULL, ("null socket")); 2356 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2357 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2358 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2359 2360 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) 2361 return key_senderror(so, m, EINVAL); 2362 2363 TAILQ_INIT(&drainq); 2364 SPTREE_WLOCK(); 2365 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2366 TAILQ_CONCAT(&drainq, &V_sptree[dir], chain); 2367 } 2368 /* 2369 * We need to set state to DEAD for each policy to be sure, 2370 * that another thread won't try to unlink it. 2371 */ 2372 TAILQ_FOREACH(sp, &drainq, chain) 2373 sp->state = IPSEC_SPSTATE_DEAD; 2374 SPTREE_WUNLOCK(); 2375 sp = TAILQ_FIRST(&drainq); 2376 while (sp != NULL) { 2377 nextsp = TAILQ_NEXT(sp, chain); 2378 KEY_FREESP(&sp); 2379 sp = nextsp; 2380 } 2381 2382 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 2383 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 2384 return key_senderror(so, m, ENOBUFS); 2385 } 2386 2387 if (m->m_next) 2388 m_freem(m->m_next); 2389 m->m_next = NULL; 2390 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2391 newmsg = mtod(m, struct sadb_msg *); 2392 newmsg->sadb_msg_errno = 0; 2393 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 2394 2395 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 2396 } 2397 2398 /* 2399 * SADB_SPDDUMP processing 2400 * receive 2401 * <base> 2402 * from the user, and dump all SP leaves 2403 * and send, 2404 * <base> ..... 2405 * to the ikmpd. 2406 * 2407 * m will always be freed. 2408 */ 2409 static int 2410 key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2411 { 2412 SPTREE_RLOCK_TRACKER; 2413 struct secpolicy *sp; 2414 int cnt; 2415 u_int dir; 2416 struct mbuf *n; 2417 2418 IPSEC_ASSERT(so != NULL, ("null socket")); 2419 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2420 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2421 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2422 2423 /* search SPD entry and get buffer size. */ 2424 cnt = 0; 2425 SPTREE_RLOCK(); 2426 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2427 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 2428 cnt++; 2429 } 2430 } 2431 2432 if (cnt == 0) { 2433 SPTREE_RUNLOCK(); 2434 return key_senderror(so, m, ENOENT); 2435 } 2436 2437 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2438 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 2439 --cnt; 2440 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2441 mhp->msg->sadb_msg_pid); 2442 2443 if (n) 2444 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2445 } 2446 } 2447 2448 SPTREE_RUNLOCK(); 2449 m_freem(m); 2450 return 0; 2451 } 2452 2453 static struct mbuf * 2454 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, 2455 u_int32_t pid) 2456 { 2457 struct mbuf *result = NULL, *m; 2458 struct seclifetime lt; 2459 2460 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt); 2461 if (!m) 2462 goto fail; 2463 result = m; 2464 2465 /* 2466 * Note: do not send SADB_X_EXT_NAT_T_* here: 2467 * we are sending traffic endpoints. 2468 */ 2469 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2470 &sp->spidx.src.sa, sp->spidx.prefs, 2471 sp->spidx.ul_proto); 2472 if (!m) 2473 goto fail; 2474 m_cat(result, m); 2475 2476 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2477 &sp->spidx.dst.sa, sp->spidx.prefd, 2478 sp->spidx.ul_proto); 2479 if (!m) 2480 goto fail; 2481 m_cat(result, m); 2482 2483 m = key_sp2msg(sp); 2484 if (!m) 2485 goto fail; 2486 m_cat(result, m); 2487 2488 if(sp->lifetime){ 2489 lt.addtime=sp->created; 2490 lt.usetime= sp->lastused; 2491 m = key_setlifetime(<, SADB_EXT_LIFETIME_CURRENT); 2492 if (!m) 2493 goto fail; 2494 m_cat(result, m); 2495 2496 lt.addtime=sp->lifetime; 2497 lt.usetime= sp->validtime; 2498 m = key_setlifetime(<, SADB_EXT_LIFETIME_HARD); 2499 if (!m) 2500 goto fail; 2501 m_cat(result, m); 2502 } 2503 2504 if ((result->m_flags & M_PKTHDR) == 0) 2505 goto fail; 2506 2507 if (result->m_len < sizeof(struct sadb_msg)) { 2508 result = m_pullup(result, sizeof(struct sadb_msg)); 2509 if (result == NULL) 2510 goto fail; 2511 } 2512 2513 result->m_pkthdr.len = 0; 2514 for (m = result; m; m = m->m_next) 2515 result->m_pkthdr.len += m->m_len; 2516 2517 mtod(result, struct sadb_msg *)->sadb_msg_len = 2518 PFKEY_UNIT64(result->m_pkthdr.len); 2519 2520 return result; 2521 2522 fail: 2523 m_freem(result); 2524 return NULL; 2525 } 2526 2527 /* 2528 * get PFKEY message length for security policy and request. 2529 */ 2530 static u_int 2531 key_getspreqmsglen(struct secpolicy *sp) 2532 { 2533 u_int tlen; 2534 2535 tlen = sizeof(struct sadb_x_policy); 2536 2537 /* if is the policy for ipsec ? */ 2538 if (sp->policy != IPSEC_POLICY_IPSEC) 2539 return tlen; 2540 2541 /* get length of ipsec requests */ 2542 { 2543 struct ipsecrequest *isr; 2544 int len; 2545 2546 for (isr = sp->req; isr != NULL; isr = isr->next) { 2547 len = sizeof(struct sadb_x_ipsecrequest) 2548 + isr->saidx.src.sa.sa_len 2549 + isr->saidx.dst.sa.sa_len; 2550 2551 tlen += PFKEY_ALIGN8(len); 2552 } 2553 } 2554 2555 return tlen; 2556 } 2557 2558 /* 2559 * SADB_SPDEXPIRE processing 2560 * send 2561 * <base, address(SD), lifetime(CH), policy> 2562 * to KMD by PF_KEY. 2563 * 2564 * OUT: 0 : succeed 2565 * others : error number 2566 */ 2567 static int 2568 key_spdexpire(struct secpolicy *sp) 2569 { 2570 struct mbuf *result = NULL, *m; 2571 int len; 2572 int error = -1; 2573 struct sadb_lifetime *lt; 2574 2575 /* XXX: Why do we lock ? */ 2576 2577 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2578 2579 /* set msg header */ 2580 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); 2581 if (!m) { 2582 error = ENOBUFS; 2583 goto fail; 2584 } 2585 result = m; 2586 2587 /* create lifetime extension (current and hard) */ 2588 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 2589 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 2590 if (m == NULL) { 2591 error = ENOBUFS; 2592 goto fail; 2593 } 2594 m_align(m, len); 2595 m->m_len = len; 2596 bzero(mtod(m, caddr_t), len); 2597 lt = mtod(m, struct sadb_lifetime *); 2598 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2599 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2600 lt->sadb_lifetime_allocations = 0; 2601 lt->sadb_lifetime_bytes = 0; 2602 lt->sadb_lifetime_addtime = sp->created; 2603 lt->sadb_lifetime_usetime = sp->lastused; 2604 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 2605 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2606 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2607 lt->sadb_lifetime_allocations = 0; 2608 lt->sadb_lifetime_bytes = 0; 2609 lt->sadb_lifetime_addtime = sp->lifetime; 2610 lt->sadb_lifetime_usetime = sp->validtime; 2611 m_cat(result, m); 2612 2613 /* 2614 * Note: do not send SADB_X_EXT_NAT_T_* here: 2615 * we are sending traffic endpoints. 2616 */ 2617 2618 /* set sadb_address for source */ 2619 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2620 &sp->spidx.src.sa, 2621 sp->spidx.prefs, sp->spidx.ul_proto); 2622 if (!m) { 2623 error = ENOBUFS; 2624 goto fail; 2625 } 2626 m_cat(result, m); 2627 2628 /* set sadb_address for destination */ 2629 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2630 &sp->spidx.dst.sa, 2631 sp->spidx.prefd, sp->spidx.ul_proto); 2632 if (!m) { 2633 error = ENOBUFS; 2634 goto fail; 2635 } 2636 m_cat(result, m); 2637 2638 /* set secpolicy */ 2639 m = key_sp2msg(sp); 2640 if (!m) { 2641 error = ENOBUFS; 2642 goto fail; 2643 } 2644 m_cat(result, m); 2645 2646 if ((result->m_flags & M_PKTHDR) == 0) { 2647 error = EINVAL; 2648 goto fail; 2649 } 2650 2651 if (result->m_len < sizeof(struct sadb_msg)) { 2652 result = m_pullup(result, sizeof(struct sadb_msg)); 2653 if (result == NULL) { 2654 error = ENOBUFS; 2655 goto fail; 2656 } 2657 } 2658 2659 result->m_pkthdr.len = 0; 2660 for (m = result; m; m = m->m_next) 2661 result->m_pkthdr.len += m->m_len; 2662 2663 mtod(result, struct sadb_msg *)->sadb_msg_len = 2664 PFKEY_UNIT64(result->m_pkthdr.len); 2665 2666 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2667 2668 fail: 2669 if (result) 2670 m_freem(result); 2671 return error; 2672 } 2673 2674 /* %%% SAD management */ 2675 /* 2676 * allocating a memory for new SA head, and copy from the values of mhp. 2677 * OUT: NULL : failure due to the lack of memory. 2678 * others : pointer to new SA head. 2679 */ 2680 static struct secashead * 2681 key_newsah(struct secasindex *saidx) 2682 { 2683 struct secashead *newsah; 2684 2685 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 2686 2687 newsah = malloc(sizeof(struct secashead), M_IPSEC_SAH, M_NOWAIT|M_ZERO); 2688 if (newsah != NULL) { 2689 int i; 2690 for (i = 0; i < sizeof(newsah->savtree)/sizeof(newsah->savtree[0]); i++) 2691 LIST_INIT(&newsah->savtree[i]); 2692 newsah->saidx = *saidx; 2693 2694 /* add to saidxtree */ 2695 newsah->state = SADB_SASTATE_MATURE; 2696 2697 SAHTREE_LOCK(); 2698 LIST_INSERT_HEAD(&V_sahtree, newsah, chain); 2699 SAHTREE_UNLOCK(); 2700 } 2701 return(newsah); 2702 } 2703 2704 /* 2705 * delete SA index and all SA registerd. 2706 */ 2707 static void 2708 key_delsah(struct secashead *sah) 2709 { 2710 struct secasvar *sav, *nextsav; 2711 u_int stateidx; 2712 int zombie = 0; 2713 2714 IPSEC_ASSERT(sah != NULL, ("NULL sah")); 2715 SAHTREE_LOCK_ASSERT(); 2716 2717 /* searching all SA registerd in the secindex. */ 2718 for (stateidx = 0; 2719 stateidx < _ARRAYLEN(saorder_state_any); 2720 stateidx++) { 2721 u_int state = saorder_state_any[stateidx]; 2722 LIST_FOREACH_SAFE(sav, &sah->savtree[state], chain, nextsav) { 2723 if (sav->refcnt == 0) { 2724 /* sanity check */ 2725 KEY_CHKSASTATE(state, sav->state, __func__); 2726 /* 2727 * do NOT call KEY_FREESAV here: 2728 * it will only delete the sav if refcnt == 1, 2729 * where we already know that refcnt == 0 2730 */ 2731 key_delsav(sav); 2732 } else { 2733 /* give up to delete this sa */ 2734 zombie++; 2735 } 2736 } 2737 } 2738 if (!zombie) { /* delete only if there are savs */ 2739 /* remove from tree of SA index */ 2740 if (__LIST_CHAINED(sah)) 2741 LIST_REMOVE(sah, chain); 2742 free(sah, M_IPSEC_SAH); 2743 } 2744 } 2745 2746 /* 2747 * allocating a new SA with LARVAL state. key_add() and key_getspi() call, 2748 * and copy the values of mhp into new buffer. 2749 * When SAD message type is GETSPI: 2750 * to set sequence number from acq_seq++, 2751 * to set zero to SPI. 2752 * not to call key_setsava(). 2753 * OUT: NULL : fail 2754 * others : pointer to new secasvar. 2755 * 2756 * does not modify mbuf. does not free mbuf on error. 2757 */ 2758 static struct secasvar * 2759 key_newsav(struct mbuf *m, const struct sadb_msghdr *mhp, 2760 struct secashead *sah, int *errp, const char *where, int tag) 2761 { 2762 struct secasvar *newsav; 2763 const struct sadb_sa *xsa; 2764 2765 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2766 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2767 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2768 IPSEC_ASSERT(sah != NULL, ("null secashead")); 2769 2770 newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT|M_ZERO); 2771 if (newsav == NULL) { 2772 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 2773 *errp = ENOBUFS; 2774 goto done; 2775 } 2776 2777 switch (mhp->msg->sadb_msg_type) { 2778 case SADB_GETSPI: 2779 newsav->spi = 0; 2780 2781 #ifdef IPSEC_DOSEQCHECK 2782 /* sync sequence number */ 2783 if (mhp->msg->sadb_msg_seq == 0) 2784 newsav->seq = 2785 (V_acq_seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq)); 2786 else 2787 #endif 2788 newsav->seq = mhp->msg->sadb_msg_seq; 2789 break; 2790 2791 case SADB_ADD: 2792 /* sanity check */ 2793 if (mhp->ext[SADB_EXT_SA] == NULL) { 2794 free(newsav, M_IPSEC_SA); 2795 newsav = NULL; 2796 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2797 __func__)); 2798 *errp = EINVAL; 2799 goto done; 2800 } 2801 xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 2802 newsav->spi = xsa->sadb_sa_spi; 2803 newsav->seq = mhp->msg->sadb_msg_seq; 2804 break; 2805 default: 2806 free(newsav, M_IPSEC_SA); 2807 newsav = NULL; 2808 *errp = EINVAL; 2809 goto done; 2810 } 2811 2812 2813 /* copy sav values */ 2814 if (mhp->msg->sadb_msg_type != SADB_GETSPI) { 2815 *errp = key_setsaval(newsav, m, mhp); 2816 if (*errp) { 2817 free(newsav, M_IPSEC_SA); 2818 newsav = NULL; 2819 goto done; 2820 } 2821 } 2822 2823 SECASVAR_LOCK_INIT(newsav); 2824 2825 /* reset created */ 2826 newsav->created = time_second; 2827 newsav->pid = mhp->msg->sadb_msg_pid; 2828 2829 /* add to satree */ 2830 newsav->sah = sah; 2831 sa_initref(newsav); 2832 newsav->state = SADB_SASTATE_LARVAL; 2833 2834 SAHTREE_LOCK(); 2835 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav, 2836 secasvar, chain); 2837 SAHTREE_UNLOCK(); 2838 done: 2839 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 2840 printf("DP %s from %s:%u return SP:%p\n", __func__, 2841 where, tag, newsav)); 2842 2843 return newsav; 2844 } 2845 2846 /* 2847 * free() SA variable entry. 2848 */ 2849 static void 2850 key_cleansav(struct secasvar *sav) 2851 { 2852 /* 2853 * Cleanup xform state. Note that zeroize'ing causes the 2854 * keys to be cleared; otherwise we must do it ourself. 2855 */ 2856 if (sav->tdb_xform != NULL) { 2857 sav->tdb_xform->xf_zeroize(sav); 2858 sav->tdb_xform = NULL; 2859 } else { 2860 if (sav->key_auth != NULL) 2861 bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth)); 2862 if (sav->key_enc != NULL) 2863 bzero(sav->key_enc->key_data, _KEYLEN(sav->key_enc)); 2864 } 2865 if (sav->key_auth != NULL) { 2866 if (sav->key_auth->key_data != NULL) 2867 free(sav->key_auth->key_data, M_IPSEC_MISC); 2868 free(sav->key_auth, M_IPSEC_MISC); 2869 sav->key_auth = NULL; 2870 } 2871 if (sav->key_enc != NULL) { 2872 if (sav->key_enc->key_data != NULL) 2873 free(sav->key_enc->key_data, M_IPSEC_MISC); 2874 free(sav->key_enc, M_IPSEC_MISC); 2875 sav->key_enc = NULL; 2876 } 2877 if (sav->sched) { 2878 bzero(sav->sched, sav->schedlen); 2879 free(sav->sched, M_IPSEC_MISC); 2880 sav->sched = NULL; 2881 } 2882 if (sav->replay != NULL) { 2883 free(sav->replay, M_IPSEC_MISC); 2884 sav->replay = NULL; 2885 } 2886 if (sav->lft_c != NULL) { 2887 free(sav->lft_c, M_IPSEC_MISC); 2888 sav->lft_c = NULL; 2889 } 2890 if (sav->lft_h != NULL) { 2891 free(sav->lft_h, M_IPSEC_MISC); 2892 sav->lft_h = NULL; 2893 } 2894 if (sav->lft_s != NULL) { 2895 free(sav->lft_s, M_IPSEC_MISC); 2896 sav->lft_s = NULL; 2897 } 2898 } 2899 2900 /* 2901 * free() SA variable entry. 2902 */ 2903 static void 2904 key_delsav(struct secasvar *sav) 2905 { 2906 IPSEC_ASSERT(sav != NULL, ("null sav")); 2907 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", sav->refcnt)); 2908 2909 /* remove from SA header */ 2910 if (__LIST_CHAINED(sav)) 2911 LIST_REMOVE(sav, chain); 2912 key_cleansav(sav); 2913 SECASVAR_LOCK_DESTROY(sav); 2914 free(sav, M_IPSEC_SA); 2915 } 2916 2917 /* 2918 * search SAD. 2919 * OUT: 2920 * NULL : not found 2921 * others : found, pointer to a SA. 2922 */ 2923 static struct secashead * 2924 key_getsah(struct secasindex *saidx) 2925 { 2926 struct secashead *sah; 2927 2928 SAHTREE_LOCK(); 2929 LIST_FOREACH(sah, &V_sahtree, chain) { 2930 if (sah->state == SADB_SASTATE_DEAD) 2931 continue; 2932 if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID)) 2933 break; 2934 } 2935 SAHTREE_UNLOCK(); 2936 2937 return sah; 2938 } 2939 2940 /* 2941 * check not to be duplicated SPI. 2942 * NOTE: this function is too slow due to searching all SAD. 2943 * OUT: 2944 * NULL : not found 2945 * others : found, pointer to a SA. 2946 */ 2947 static struct secasvar * 2948 key_checkspidup(struct secasindex *saidx, u_int32_t spi) 2949 { 2950 struct secashead *sah; 2951 struct secasvar *sav; 2952 2953 /* check address family */ 2954 if (saidx->src.sa.sa_family != saidx->dst.sa.sa_family) { 2955 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", 2956 __func__)); 2957 return NULL; 2958 } 2959 2960 sav = NULL; 2961 /* check all SAD */ 2962 SAHTREE_LOCK(); 2963 LIST_FOREACH(sah, &V_sahtree, chain) { 2964 if (!key_ismyaddr((struct sockaddr *)&sah->saidx.dst)) 2965 continue; 2966 sav = key_getsavbyspi(sah, spi); 2967 if (sav != NULL) 2968 break; 2969 } 2970 SAHTREE_UNLOCK(); 2971 2972 return sav; 2973 } 2974 2975 /* 2976 * search SAD litmited alive SA, protocol, SPI. 2977 * OUT: 2978 * NULL : not found 2979 * others : found, pointer to a SA. 2980 */ 2981 static struct secasvar * 2982 key_getsavbyspi(struct secashead *sah, u_int32_t spi) 2983 { 2984 struct secasvar *sav; 2985 u_int stateidx, state; 2986 2987 sav = NULL; 2988 SAHTREE_LOCK_ASSERT(); 2989 /* search all status */ 2990 for (stateidx = 0; 2991 stateidx < _ARRAYLEN(saorder_state_alive); 2992 stateidx++) { 2993 2994 state = saorder_state_alive[stateidx]; 2995 LIST_FOREACH(sav, &sah->savtree[state], chain) { 2996 2997 /* sanity check */ 2998 if (sav->state != state) { 2999 ipseclog((LOG_DEBUG, "%s: " 3000 "invalid sav->state (queue: %d SA: %d)\n", 3001 __func__, state, sav->state)); 3002 continue; 3003 } 3004 3005 if (sav->spi == spi) 3006 return sav; 3007 } 3008 } 3009 3010 return NULL; 3011 } 3012 3013 /* 3014 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*. 3015 * You must update these if need. 3016 * OUT: 0: success. 3017 * !0: failure. 3018 * 3019 * does not modify mbuf. does not free mbuf on error. 3020 */ 3021 static int 3022 key_setsaval(struct secasvar *sav, struct mbuf *m, 3023 const struct sadb_msghdr *mhp) 3024 { 3025 int error = 0; 3026 3027 IPSEC_ASSERT(m != NULL, ("null mbuf")); 3028 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 3029 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 3030 3031 /* initialization */ 3032 sav->replay = NULL; 3033 sav->key_auth = NULL; 3034 sav->key_enc = NULL; 3035 sav->sched = NULL; 3036 sav->schedlen = 0; 3037 sav->lft_c = NULL; 3038 sav->lft_h = NULL; 3039 sav->lft_s = NULL; 3040 sav->tdb_xform = NULL; /* transform */ 3041 sav->tdb_encalgxform = NULL; /* encoding algorithm */ 3042 sav->tdb_authalgxform = NULL; /* authentication algorithm */ 3043 sav->tdb_compalgxform = NULL; /* compression algorithm */ 3044 /* Initialize even if NAT-T not compiled in: */ 3045 sav->natt_type = 0; 3046 sav->natt_esp_frag_len = 0; 3047 3048 /* SA */ 3049 if (mhp->ext[SADB_EXT_SA] != NULL) { 3050 const struct sadb_sa *sa0; 3051 3052 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 3053 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) { 3054 error = EINVAL; 3055 goto fail; 3056 } 3057 3058 sav->alg_auth = sa0->sadb_sa_auth; 3059 sav->alg_enc = sa0->sadb_sa_encrypt; 3060 sav->flags = sa0->sadb_sa_flags; 3061 3062 /* replay window */ 3063 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) { 3064 sav->replay = (struct secreplay *) 3065 malloc(sizeof(struct secreplay)+sa0->sadb_sa_replay, M_IPSEC_MISC, M_NOWAIT|M_ZERO); 3066 if (sav->replay == NULL) { 3067 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3068 __func__)); 3069 error = ENOBUFS; 3070 goto fail; 3071 } 3072 if (sa0->sadb_sa_replay != 0) 3073 sav->replay->bitmap = (caddr_t)(sav->replay+1); 3074 sav->replay->wsize = sa0->sadb_sa_replay; 3075 } 3076 } 3077 3078 /* Authentication keys */ 3079 if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) { 3080 const struct sadb_key *key0; 3081 int len; 3082 3083 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH]; 3084 len = mhp->extlen[SADB_EXT_KEY_AUTH]; 3085 3086 error = 0; 3087 if (len < sizeof(*key0)) { 3088 error = EINVAL; 3089 goto fail; 3090 } 3091 switch (mhp->msg->sadb_msg_satype) { 3092 case SADB_SATYPE_AH: 3093 case SADB_SATYPE_ESP: 3094 case SADB_X_SATYPE_TCPSIGNATURE: 3095 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3096 sav->alg_auth != SADB_X_AALG_NULL) 3097 error = EINVAL; 3098 break; 3099 case SADB_X_SATYPE_IPCOMP: 3100 default: 3101 error = EINVAL; 3102 break; 3103 } 3104 if (error) { 3105 ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n", 3106 __func__)); 3107 goto fail; 3108 } 3109 3110 sav->key_auth = (struct seckey *)key_dup_keymsg(key0, len, 3111 M_IPSEC_MISC); 3112 if (sav->key_auth == NULL ) { 3113 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3114 __func__)); 3115 error = ENOBUFS; 3116 goto fail; 3117 } 3118 } 3119 3120 /* Encryption key */ 3121 if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) { 3122 const struct sadb_key *key0; 3123 int len; 3124 3125 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT]; 3126 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; 3127 3128 error = 0; 3129 if (len < sizeof(*key0)) { 3130 error = EINVAL; 3131 goto fail; 3132 } 3133 switch (mhp->msg->sadb_msg_satype) { 3134 case SADB_SATYPE_ESP: 3135 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3136 sav->alg_enc != SADB_EALG_NULL) { 3137 error = EINVAL; 3138 break; 3139 } 3140 sav->key_enc = (struct seckey *)key_dup_keymsg(key0, 3141 len, 3142 M_IPSEC_MISC); 3143 if (sav->key_enc == NULL) { 3144 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3145 __func__)); 3146 error = ENOBUFS; 3147 goto fail; 3148 } 3149 break; 3150 case SADB_X_SATYPE_IPCOMP: 3151 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) 3152 error = EINVAL; 3153 sav->key_enc = NULL; /*just in case*/ 3154 break; 3155 case SADB_SATYPE_AH: 3156 case SADB_X_SATYPE_TCPSIGNATURE: 3157 default: 3158 error = EINVAL; 3159 break; 3160 } 3161 if (error) { 3162 ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n", 3163 __func__)); 3164 goto fail; 3165 } 3166 } 3167 3168 /* set iv */ 3169 sav->ivlen = 0; 3170 3171 switch (mhp->msg->sadb_msg_satype) { 3172 case SADB_SATYPE_AH: 3173 error = xform_init(sav, XF_AH); 3174 break; 3175 case SADB_SATYPE_ESP: 3176 error = xform_init(sav, XF_ESP); 3177 break; 3178 case SADB_X_SATYPE_IPCOMP: 3179 error = xform_init(sav, XF_IPCOMP); 3180 break; 3181 case SADB_X_SATYPE_TCPSIGNATURE: 3182 error = xform_init(sav, XF_TCPSIGNATURE); 3183 break; 3184 } 3185 if (error) { 3186 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n", 3187 __func__, mhp->msg->sadb_msg_satype)); 3188 goto fail; 3189 } 3190 3191 /* reset created */ 3192 sav->created = time_second; 3193 3194 /* make lifetime for CURRENT */ 3195 sav->lft_c = malloc(sizeof(struct seclifetime), M_IPSEC_MISC, M_NOWAIT); 3196 if (sav->lft_c == NULL) { 3197 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3198 error = ENOBUFS; 3199 goto fail; 3200 } 3201 3202 sav->lft_c->allocations = 0; 3203 sav->lft_c->bytes = 0; 3204 sav->lft_c->addtime = time_second; 3205 sav->lft_c->usetime = 0; 3206 3207 /* lifetimes for HARD and SOFT */ 3208 { 3209 const struct sadb_lifetime *lft0; 3210 3211 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 3212 if (lft0 != NULL) { 3213 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) { 3214 error = EINVAL; 3215 goto fail; 3216 } 3217 sav->lft_h = key_dup_lifemsg(lft0, M_IPSEC_MISC); 3218 if (sav->lft_h == NULL) { 3219 ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); 3220 error = ENOBUFS; 3221 goto fail; 3222 } 3223 /* to be initialize ? */ 3224 } 3225 3226 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT]; 3227 if (lft0 != NULL) { 3228 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) { 3229 error = EINVAL; 3230 goto fail; 3231 } 3232 sav->lft_s = key_dup_lifemsg(lft0, M_IPSEC_MISC); 3233 if (sav->lft_s == NULL) { 3234 ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); 3235 error = ENOBUFS; 3236 goto fail; 3237 } 3238 /* to be initialize ? */ 3239 } 3240 } 3241 3242 return 0; 3243 3244 fail: 3245 /* initialization */ 3246 key_cleansav(sav); 3247 3248 return error; 3249 } 3250 3251 /* 3252 * validation with a secasvar entry, and set SADB_SATYPE_MATURE. 3253 * OUT: 0: valid 3254 * other: errno 3255 */ 3256 static int 3257 key_mature(struct secasvar *sav) 3258 { 3259 int error; 3260 3261 /* check SPI value */ 3262 switch (sav->sah->saidx.proto) { 3263 case IPPROTO_ESP: 3264 case IPPROTO_AH: 3265 /* 3266 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values 3267 * 1-255 reserved by IANA for future use, 3268 * 0 for implementation specific, local use. 3269 */ 3270 if (ntohl(sav->spi) <= 255) { 3271 ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n", 3272 __func__, (u_int32_t)ntohl(sav->spi))); 3273 return EINVAL; 3274 } 3275 break; 3276 } 3277 3278 /* check satype */ 3279 switch (sav->sah->saidx.proto) { 3280 case IPPROTO_ESP: 3281 /* check flags */ 3282 if ((sav->flags & (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) == 3283 (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) { 3284 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3285 "given to old-esp.\n", __func__)); 3286 return EINVAL; 3287 } 3288 error = xform_init(sav, XF_ESP); 3289 break; 3290 case IPPROTO_AH: 3291 /* check flags */ 3292 if (sav->flags & SADB_X_EXT_DERIV) { 3293 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3294 "given to AH SA.\n", __func__)); 3295 return EINVAL; 3296 } 3297 if (sav->alg_enc != SADB_EALG_NONE) { 3298 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3299 "mismated.\n", __func__)); 3300 return(EINVAL); 3301 } 3302 error = xform_init(sav, XF_AH); 3303 break; 3304 case IPPROTO_IPCOMP: 3305 if (sav->alg_auth != SADB_AALG_NONE) { 3306 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3307 "mismated.\n", __func__)); 3308 return(EINVAL); 3309 } 3310 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 3311 && ntohl(sav->spi) >= 0x10000) { 3312 ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n", 3313 __func__)); 3314 return(EINVAL); 3315 } 3316 error = xform_init(sav, XF_IPCOMP); 3317 break; 3318 case IPPROTO_TCP: 3319 if (sav->alg_enc != SADB_EALG_NONE) { 3320 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3321 "mismated.\n", __func__)); 3322 return(EINVAL); 3323 } 3324 error = xform_init(sav, XF_TCPSIGNATURE); 3325 break; 3326 default: 3327 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__)); 3328 error = EPROTONOSUPPORT; 3329 break; 3330 } 3331 if (error == 0) { 3332 SAHTREE_LOCK(); 3333 key_sa_chgstate(sav, SADB_SASTATE_MATURE); 3334 SAHTREE_UNLOCK(); 3335 } 3336 return (error); 3337 } 3338 3339 /* 3340 * subroutine for SADB_GET and SADB_DUMP. 3341 */ 3342 static struct mbuf * 3343 key_setdumpsa(struct secasvar *sav, u_int8_t type, u_int8_t satype, 3344 u_int32_t seq, u_int32_t pid) 3345 { 3346 struct mbuf *result = NULL, *tres = NULL, *m; 3347 int i; 3348 int dumporder[] = { 3349 SADB_EXT_SA, SADB_X_EXT_SA2, 3350 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 3351 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, 3352 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH, 3353 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC, 3354 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY, 3355 #ifdef IPSEC_NAT_T 3356 SADB_X_EXT_NAT_T_TYPE, 3357 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, 3358 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, 3359 SADB_X_EXT_NAT_T_FRAG, 3360 #endif 3361 }; 3362 3363 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); 3364 if (m == NULL) 3365 goto fail; 3366 result = m; 3367 3368 for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) { 3369 m = NULL; 3370 switch (dumporder[i]) { 3371 case SADB_EXT_SA: 3372 m = key_setsadbsa(sav); 3373 if (!m) 3374 goto fail; 3375 break; 3376 3377 case SADB_X_EXT_SA2: 3378 m = key_setsadbxsa2(sav->sah->saidx.mode, 3379 sav->replay ? sav->replay->count : 0, 3380 sav->sah->saidx.reqid); 3381 if (!m) 3382 goto fail; 3383 break; 3384 3385 case SADB_EXT_ADDRESS_SRC: 3386 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3387 &sav->sah->saidx.src.sa, 3388 FULLMASK, IPSEC_ULPROTO_ANY); 3389 if (!m) 3390 goto fail; 3391 break; 3392 3393 case SADB_EXT_ADDRESS_DST: 3394 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3395 &sav->sah->saidx.dst.sa, 3396 FULLMASK, IPSEC_ULPROTO_ANY); 3397 if (!m) 3398 goto fail; 3399 break; 3400 3401 case SADB_EXT_KEY_AUTH: 3402 if (!sav->key_auth) 3403 continue; 3404 m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH); 3405 if (!m) 3406 goto fail; 3407 break; 3408 3409 case SADB_EXT_KEY_ENCRYPT: 3410 if (!sav->key_enc) 3411 continue; 3412 m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT); 3413 if (!m) 3414 goto fail; 3415 break; 3416 3417 case SADB_EXT_LIFETIME_CURRENT: 3418 if (!sav->lft_c) 3419 continue; 3420 m = key_setlifetime(sav->lft_c, 3421 SADB_EXT_LIFETIME_CURRENT); 3422 if (!m) 3423 goto fail; 3424 break; 3425 3426 case SADB_EXT_LIFETIME_HARD: 3427 if (!sav->lft_h) 3428 continue; 3429 m = key_setlifetime(sav->lft_h, 3430 SADB_EXT_LIFETIME_HARD); 3431 if (!m) 3432 goto fail; 3433 break; 3434 3435 case SADB_EXT_LIFETIME_SOFT: 3436 if (!sav->lft_s) 3437 continue; 3438 m = key_setlifetime(sav->lft_s, 3439 SADB_EXT_LIFETIME_SOFT); 3440 3441 if (!m) 3442 goto fail; 3443 break; 3444 3445 #ifdef IPSEC_NAT_T 3446 case SADB_X_EXT_NAT_T_TYPE: 3447 m = key_setsadbxtype(sav->natt_type); 3448 if (!m) 3449 goto fail; 3450 break; 3451 3452 case SADB_X_EXT_NAT_T_DPORT: 3453 m = key_setsadbxport( 3454 KEY_PORTFROMSADDR(&sav->sah->saidx.dst), 3455 SADB_X_EXT_NAT_T_DPORT); 3456 if (!m) 3457 goto fail; 3458 break; 3459 3460 case SADB_X_EXT_NAT_T_SPORT: 3461 m = key_setsadbxport( 3462 KEY_PORTFROMSADDR(&sav->sah->saidx.src), 3463 SADB_X_EXT_NAT_T_SPORT); 3464 if (!m) 3465 goto fail; 3466 break; 3467 3468 case SADB_X_EXT_NAT_T_OAI: 3469 case SADB_X_EXT_NAT_T_OAR: 3470 case SADB_X_EXT_NAT_T_FRAG: 3471 /* We do not (yet) support those. */ 3472 continue; 3473 #endif 3474 3475 case SADB_EXT_ADDRESS_PROXY: 3476 case SADB_EXT_IDENTITY_SRC: 3477 case SADB_EXT_IDENTITY_DST: 3478 /* XXX: should we brought from SPD ? */ 3479 case SADB_EXT_SENSITIVITY: 3480 default: 3481 continue; 3482 } 3483 3484 if (!m) 3485 goto fail; 3486 if (tres) 3487 m_cat(m, tres); 3488 tres = m; 3489 3490 } 3491 3492 m_cat(result, tres); 3493 tres = NULL; 3494 if (result->m_len < sizeof(struct sadb_msg)) { 3495 result = m_pullup(result, sizeof(struct sadb_msg)); 3496 if (result == NULL) 3497 goto fail; 3498 } 3499 3500 result->m_pkthdr.len = 0; 3501 for (m = result; m; m = m->m_next) 3502 result->m_pkthdr.len += m->m_len; 3503 3504 mtod(result, struct sadb_msg *)->sadb_msg_len = 3505 PFKEY_UNIT64(result->m_pkthdr.len); 3506 3507 return result; 3508 3509 fail: 3510 m_freem(result); 3511 m_freem(tres); 3512 return NULL; 3513 } 3514 3515 /* 3516 * set data into sadb_msg. 3517 */ 3518 static struct mbuf * 3519 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq, 3520 pid_t pid, u_int16_t reserved) 3521 { 3522 struct mbuf *m; 3523 struct sadb_msg *p; 3524 int len; 3525 3526 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 3527 if (len > MCLBYTES) 3528 return NULL; 3529 MGETHDR(m, M_NOWAIT, MT_DATA); 3530 if (m && len > MHLEN) { 3531 if (!(MCLGET(m, M_NOWAIT))) { 3532 m_freem(m); 3533 m = NULL; 3534 } 3535 } 3536 if (!m) 3537 return NULL; 3538 m->m_pkthdr.len = m->m_len = len; 3539 m->m_next = NULL; 3540 3541 p = mtod(m, struct sadb_msg *); 3542 3543 bzero(p, len); 3544 p->sadb_msg_version = PF_KEY_V2; 3545 p->sadb_msg_type = type; 3546 p->sadb_msg_errno = 0; 3547 p->sadb_msg_satype = satype; 3548 p->sadb_msg_len = PFKEY_UNIT64(tlen); 3549 p->sadb_msg_reserved = reserved; 3550 p->sadb_msg_seq = seq; 3551 p->sadb_msg_pid = (u_int32_t)pid; 3552 3553 return m; 3554 } 3555 3556 /* 3557 * copy secasvar data into sadb_address. 3558 */ 3559 static struct mbuf * 3560 key_setsadbsa(struct secasvar *sav) 3561 { 3562 struct mbuf *m; 3563 struct sadb_sa *p; 3564 int len; 3565 3566 len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); 3567 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3568 if (m == NULL) 3569 return (NULL); 3570 m_align(m, len); 3571 m->m_len = len; 3572 p = mtod(m, struct sadb_sa *); 3573 bzero(p, len); 3574 p->sadb_sa_len = PFKEY_UNIT64(len); 3575 p->sadb_sa_exttype = SADB_EXT_SA; 3576 p->sadb_sa_spi = sav->spi; 3577 p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0); 3578 p->sadb_sa_state = sav->state; 3579 p->sadb_sa_auth = sav->alg_auth; 3580 p->sadb_sa_encrypt = sav->alg_enc; 3581 p->sadb_sa_flags = sav->flags; 3582 3583 return m; 3584 } 3585 3586 /* 3587 * set data into sadb_address. 3588 */ 3589 static struct mbuf * 3590 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr, 3591 u_int8_t prefixlen, u_int16_t ul_proto) 3592 { 3593 struct mbuf *m; 3594 struct sadb_address *p; 3595 size_t len; 3596 3597 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + 3598 PFKEY_ALIGN8(saddr->sa_len); 3599 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3600 if (m == NULL) 3601 return (NULL); 3602 m_align(m, len); 3603 m->m_len = len; 3604 p = mtod(m, struct sadb_address *); 3605 3606 bzero(p, len); 3607 p->sadb_address_len = PFKEY_UNIT64(len); 3608 p->sadb_address_exttype = exttype; 3609 p->sadb_address_proto = ul_proto; 3610 if (prefixlen == FULLMASK) { 3611 switch (saddr->sa_family) { 3612 case AF_INET: 3613 prefixlen = sizeof(struct in_addr) << 3; 3614 break; 3615 case AF_INET6: 3616 prefixlen = sizeof(struct in6_addr) << 3; 3617 break; 3618 default: 3619 ; /*XXX*/ 3620 } 3621 } 3622 p->sadb_address_prefixlen = prefixlen; 3623 p->sadb_address_reserved = 0; 3624 3625 bcopy(saddr, 3626 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)), 3627 saddr->sa_len); 3628 3629 return m; 3630 } 3631 3632 /* 3633 * set data into sadb_x_sa2. 3634 */ 3635 static struct mbuf * 3636 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid) 3637 { 3638 struct mbuf *m; 3639 struct sadb_x_sa2 *p; 3640 size_t len; 3641 3642 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); 3643 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3644 if (m == NULL) 3645 return (NULL); 3646 m_align(m, len); 3647 m->m_len = len; 3648 p = mtod(m, struct sadb_x_sa2 *); 3649 3650 bzero(p, len); 3651 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 3652 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 3653 p->sadb_x_sa2_mode = mode; 3654 p->sadb_x_sa2_reserved1 = 0; 3655 p->sadb_x_sa2_reserved2 = 0; 3656 p->sadb_x_sa2_sequence = seq; 3657 p->sadb_x_sa2_reqid = reqid; 3658 3659 return m; 3660 } 3661 3662 #ifdef IPSEC_NAT_T 3663 /* 3664 * Set a type in sadb_x_nat_t_type. 3665 */ 3666 static struct mbuf * 3667 key_setsadbxtype(u_int16_t type) 3668 { 3669 struct mbuf *m; 3670 size_t len; 3671 struct sadb_x_nat_t_type *p; 3672 3673 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type)); 3674 3675 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3676 if (m == NULL) 3677 return (NULL); 3678 m_align(m, len); 3679 m->m_len = len; 3680 p = mtod(m, struct sadb_x_nat_t_type *); 3681 3682 bzero(p, len); 3683 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len); 3684 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 3685 p->sadb_x_nat_t_type_type = type; 3686 3687 return (m); 3688 } 3689 /* 3690 * Set a port in sadb_x_nat_t_port. 3691 * In contrast to default RFC 2367 behaviour, port is in network byte order. 3692 */ 3693 static struct mbuf * 3694 key_setsadbxport(u_int16_t port, u_int16_t type) 3695 { 3696 struct mbuf *m; 3697 size_t len; 3698 struct sadb_x_nat_t_port *p; 3699 3700 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port)); 3701 3702 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3703 if (m == NULL) 3704 return (NULL); 3705 m_align(m, len); 3706 m->m_len = len; 3707 p = mtod(m, struct sadb_x_nat_t_port *); 3708 3709 bzero(p, len); 3710 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len); 3711 p->sadb_x_nat_t_port_exttype = type; 3712 p->sadb_x_nat_t_port_port = port; 3713 3714 return (m); 3715 } 3716 3717 /* 3718 * Get port from sockaddr. Port is in network byte order. 3719 */ 3720 u_int16_t 3721 key_portfromsaddr(struct sockaddr *sa) 3722 { 3723 3724 switch (sa->sa_family) { 3725 #ifdef INET 3726 case AF_INET: 3727 return ((struct sockaddr_in *)sa)->sin_port; 3728 #endif 3729 #ifdef INET6 3730 case AF_INET6: 3731 return ((struct sockaddr_in6 *)sa)->sin6_port; 3732 #endif 3733 } 3734 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 3735 printf("DP %s unexpected address family %d\n", 3736 __func__, sa->sa_family)); 3737 return (0); 3738 } 3739 #endif /* IPSEC_NAT_T */ 3740 3741 /* 3742 * Set port in struct sockaddr. Port is in network byte order. 3743 */ 3744 static void 3745 key_porttosaddr(struct sockaddr *sa, u_int16_t port) 3746 { 3747 3748 switch (sa->sa_family) { 3749 #ifdef INET 3750 case AF_INET: 3751 ((struct sockaddr_in *)sa)->sin_port = port; 3752 break; 3753 #endif 3754 #ifdef INET6 3755 case AF_INET6: 3756 ((struct sockaddr_in6 *)sa)->sin6_port = port; 3757 break; 3758 #endif 3759 default: 3760 ipseclog((LOG_DEBUG, "%s: unexpected address family %d.\n", 3761 __func__, sa->sa_family)); 3762 break; 3763 } 3764 } 3765 3766 /* 3767 * set data into sadb_x_policy 3768 */ 3769 static struct mbuf * 3770 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id, u_int32_t priority) 3771 { 3772 struct mbuf *m; 3773 struct sadb_x_policy *p; 3774 size_t len; 3775 3776 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); 3777 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3778 if (m == NULL) 3779 return (NULL); 3780 m_align(m, len); 3781 m->m_len = len; 3782 p = mtod(m, struct sadb_x_policy *); 3783 3784 bzero(p, len); 3785 p->sadb_x_policy_len = PFKEY_UNIT64(len); 3786 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 3787 p->sadb_x_policy_type = type; 3788 p->sadb_x_policy_dir = dir; 3789 p->sadb_x_policy_id = id; 3790 p->sadb_x_policy_priority = priority; 3791 3792 return m; 3793 } 3794 3795 /* %%% utilities */ 3796 /* Take a key message (sadb_key) from the socket and turn it into one 3797 * of the kernel's key structures (seckey). 3798 * 3799 * IN: pointer to the src 3800 * OUT: NULL no more memory 3801 */ 3802 struct seckey * 3803 key_dup_keymsg(const struct sadb_key *src, u_int len, 3804 struct malloc_type *type) 3805 { 3806 struct seckey *dst; 3807 dst = (struct seckey *)malloc(sizeof(struct seckey), type, M_NOWAIT); 3808 if (dst != NULL) { 3809 dst->bits = src->sadb_key_bits; 3810 dst->key_data = (char *)malloc(len, type, M_NOWAIT); 3811 if (dst->key_data != NULL) { 3812 bcopy((const char *)src + sizeof(struct sadb_key), 3813 dst->key_data, len); 3814 } else { 3815 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3816 __func__)); 3817 free(dst, type); 3818 dst = NULL; 3819 } 3820 } else { 3821 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3822 __func__)); 3823 3824 } 3825 return dst; 3826 } 3827 3828 /* Take a lifetime message (sadb_lifetime) passed in on a socket and 3829 * turn it into one of the kernel's lifetime structures (seclifetime). 3830 * 3831 * IN: pointer to the destination, source and malloc type 3832 * OUT: NULL, no more memory 3833 */ 3834 3835 static struct seclifetime * 3836 key_dup_lifemsg(const struct sadb_lifetime *src, struct malloc_type *type) 3837 { 3838 struct seclifetime *dst = NULL; 3839 3840 dst = (struct seclifetime *)malloc(sizeof(struct seclifetime), 3841 type, M_NOWAIT); 3842 if (dst == NULL) { 3843 /* XXX counter */ 3844 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3845 } else { 3846 dst->allocations = src->sadb_lifetime_allocations; 3847 dst->bytes = src->sadb_lifetime_bytes; 3848 dst->addtime = src->sadb_lifetime_addtime; 3849 dst->usetime = src->sadb_lifetime_usetime; 3850 } 3851 return dst; 3852 } 3853 3854 /* compare my own address 3855 * OUT: 1: true, i.e. my address. 3856 * 0: false 3857 */ 3858 int 3859 key_ismyaddr(struct sockaddr *sa) 3860 { 3861 3862 IPSEC_ASSERT(sa != NULL, ("null sockaddr")); 3863 switch (sa->sa_family) { 3864 #ifdef INET 3865 case AF_INET: 3866 return (in_localip(satosin(sa)->sin_addr)); 3867 #endif 3868 #ifdef INET6 3869 case AF_INET6: 3870 return key_ismyaddr6((struct sockaddr_in6 *)sa); 3871 #endif 3872 } 3873 3874 return 0; 3875 } 3876 3877 #ifdef INET6 3878 /* 3879 * compare my own address for IPv6. 3880 * 1: ours 3881 * 0: other 3882 */ 3883 static int 3884 key_ismyaddr6(struct sockaddr_in6 *sin6) 3885 { 3886 struct in6_addr in6; 3887 3888 if (!IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr)) 3889 return (in6_localip(&sin6->sin6_addr)); 3890 3891 /* Convert address into kernel-internal form */ 3892 in6 = sin6->sin6_addr; 3893 in6.s6_addr16[1] = htons(sin6->sin6_scope_id & 0xffff); 3894 return (in6_localip(&in6)); 3895 } 3896 #endif /*INET6*/ 3897 3898 /* 3899 * compare two secasindex structure. 3900 * flag can specify to compare 2 saidxes. 3901 * compare two secasindex structure without both mode and reqid. 3902 * don't compare port. 3903 * IN: 3904 * saidx0: source, it can be in SAD. 3905 * saidx1: object. 3906 * OUT: 3907 * 1 : equal 3908 * 0 : not equal 3909 */ 3910 static int 3911 key_cmpsaidx(const struct secasindex *saidx0, const struct secasindex *saidx1, 3912 int flag) 3913 { 3914 int chkport = 0; 3915 3916 /* sanity */ 3917 if (saidx0 == NULL && saidx1 == NULL) 3918 return 1; 3919 3920 if (saidx0 == NULL || saidx1 == NULL) 3921 return 0; 3922 3923 if (saidx0->proto != saidx1->proto) 3924 return 0; 3925 3926 if (flag == CMP_EXACTLY) { 3927 if (saidx0->mode != saidx1->mode) 3928 return 0; 3929 if (saidx0->reqid != saidx1->reqid) 3930 return 0; 3931 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.sa.sa_len) != 0 || 3932 bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.sa.sa_len) != 0) 3933 return 0; 3934 } else { 3935 3936 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */ 3937 if (flag == CMP_MODE_REQID 3938 ||flag == CMP_REQID) { 3939 /* 3940 * If reqid of SPD is non-zero, unique SA is required. 3941 * The result must be of same reqid in this case. 3942 */ 3943 if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid) 3944 return 0; 3945 } 3946 3947 if (flag == CMP_MODE_REQID) { 3948 if (saidx0->mode != IPSEC_MODE_ANY 3949 && saidx0->mode != saidx1->mode) 3950 return 0; 3951 } 3952 3953 #ifdef IPSEC_NAT_T 3954 /* 3955 * If NAT-T is enabled, check ports for tunnel mode. 3956 * Do not check ports if they are set to zero in the SPD. 3957 * Also do not do it for native transport mode, as there 3958 * is no port information available in the SP. 3959 */ 3960 if ((saidx1->mode == IPSEC_MODE_TUNNEL || 3961 (saidx1->mode == IPSEC_MODE_TRANSPORT && 3962 saidx1->proto == IPPROTO_ESP)) && 3963 saidx1->src.sa.sa_family == AF_INET && 3964 saidx1->dst.sa.sa_family == AF_INET && 3965 ((const struct sockaddr_in *)(&saidx1->src))->sin_port && 3966 ((const struct sockaddr_in *)(&saidx1->dst))->sin_port) 3967 chkport = 1; 3968 #endif /* IPSEC_NAT_T */ 3969 3970 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, chkport) != 0) { 3971 return 0; 3972 } 3973 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, chkport) != 0) { 3974 return 0; 3975 } 3976 } 3977 3978 return 1; 3979 } 3980 3981 /* 3982 * compare two secindex structure exactly. 3983 * IN: 3984 * spidx0: source, it is often in SPD. 3985 * spidx1: object, it is often from PFKEY message. 3986 * OUT: 3987 * 1 : equal 3988 * 0 : not equal 3989 */ 3990 static int 3991 key_cmpspidx_exactly(struct secpolicyindex *spidx0, 3992 struct secpolicyindex *spidx1) 3993 { 3994 /* sanity */ 3995 if (spidx0 == NULL && spidx1 == NULL) 3996 return 1; 3997 3998 if (spidx0 == NULL || spidx1 == NULL) 3999 return 0; 4000 4001 if (spidx0->prefs != spidx1->prefs 4002 || spidx0->prefd != spidx1->prefd 4003 || spidx0->ul_proto != spidx1->ul_proto) 4004 return 0; 4005 4006 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 && 4007 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0; 4008 } 4009 4010 /* 4011 * compare two secindex structure with mask. 4012 * IN: 4013 * spidx0: source, it is often in SPD. 4014 * spidx1: object, it is often from IP header. 4015 * OUT: 4016 * 1 : equal 4017 * 0 : not equal 4018 */ 4019 static int 4020 key_cmpspidx_withmask(struct secpolicyindex *spidx0, 4021 struct secpolicyindex *spidx1) 4022 { 4023 /* sanity */ 4024 if (spidx0 == NULL && spidx1 == NULL) 4025 return 1; 4026 4027 if (spidx0 == NULL || spidx1 == NULL) 4028 return 0; 4029 4030 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family || 4031 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family || 4032 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len || 4033 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) 4034 return 0; 4035 4036 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ 4037 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY 4038 && spidx0->ul_proto != spidx1->ul_proto) 4039 return 0; 4040 4041 switch (spidx0->src.sa.sa_family) { 4042 case AF_INET: 4043 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY 4044 && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) 4045 return 0; 4046 if (!key_bbcmp(&spidx0->src.sin.sin_addr, 4047 &spidx1->src.sin.sin_addr, spidx0->prefs)) 4048 return 0; 4049 break; 4050 case AF_INET6: 4051 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY 4052 && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) 4053 return 0; 4054 /* 4055 * scope_id check. if sin6_scope_id is 0, we regard it 4056 * as a wildcard scope, which matches any scope zone ID. 4057 */ 4058 if (spidx0->src.sin6.sin6_scope_id && 4059 spidx1->src.sin6.sin6_scope_id && 4060 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) 4061 return 0; 4062 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr, 4063 &spidx1->src.sin6.sin6_addr, spidx0->prefs)) 4064 return 0; 4065 break; 4066 default: 4067 /* XXX */ 4068 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) 4069 return 0; 4070 break; 4071 } 4072 4073 switch (spidx0->dst.sa.sa_family) { 4074 case AF_INET: 4075 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY 4076 && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) 4077 return 0; 4078 if (!key_bbcmp(&spidx0->dst.sin.sin_addr, 4079 &spidx1->dst.sin.sin_addr, spidx0->prefd)) 4080 return 0; 4081 break; 4082 case AF_INET6: 4083 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY 4084 && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) 4085 return 0; 4086 /* 4087 * scope_id check. if sin6_scope_id is 0, we regard it 4088 * as a wildcard scope, which matches any scope zone ID. 4089 */ 4090 if (spidx0->dst.sin6.sin6_scope_id && 4091 spidx1->dst.sin6.sin6_scope_id && 4092 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) 4093 return 0; 4094 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr, 4095 &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) 4096 return 0; 4097 break; 4098 default: 4099 /* XXX */ 4100 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) 4101 return 0; 4102 break; 4103 } 4104 4105 /* XXX Do we check other field ? e.g. flowinfo */ 4106 4107 return 1; 4108 } 4109 4110 /* returns 0 on match */ 4111 static int 4112 key_sockaddrcmp(const struct sockaddr *sa1, const struct sockaddr *sa2, 4113 int port) 4114 { 4115 #ifdef satosin 4116 #undef satosin 4117 #endif 4118 #define satosin(s) ((const struct sockaddr_in *)s) 4119 #ifdef satosin6 4120 #undef satosin6 4121 #endif 4122 #define satosin6(s) ((const struct sockaddr_in6 *)s) 4123 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4124 return 1; 4125 4126 switch (sa1->sa_family) { 4127 case AF_INET: 4128 if (sa1->sa_len != sizeof(struct sockaddr_in)) 4129 return 1; 4130 if (satosin(sa1)->sin_addr.s_addr != 4131 satosin(sa2)->sin_addr.s_addr) { 4132 return 1; 4133 } 4134 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port) 4135 return 1; 4136 break; 4137 case AF_INET6: 4138 if (sa1->sa_len != sizeof(struct sockaddr_in6)) 4139 return 1; /*EINVAL*/ 4140 if (satosin6(sa1)->sin6_scope_id != 4141 satosin6(sa2)->sin6_scope_id) { 4142 return 1; 4143 } 4144 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr, 4145 &satosin6(sa2)->sin6_addr)) { 4146 return 1; 4147 } 4148 if (port && 4149 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) { 4150 return 1; 4151 } 4152 break; 4153 default: 4154 if (bcmp(sa1, sa2, sa1->sa_len) != 0) 4155 return 1; 4156 break; 4157 } 4158 4159 return 0; 4160 #undef satosin 4161 #undef satosin6 4162 } 4163 4164 /* 4165 * compare two buffers with mask. 4166 * IN: 4167 * addr1: source 4168 * addr2: object 4169 * bits: Number of bits to compare 4170 * OUT: 4171 * 1 : equal 4172 * 0 : not equal 4173 */ 4174 static int 4175 key_bbcmp(const void *a1, const void *a2, u_int bits) 4176 { 4177 const unsigned char *p1 = a1; 4178 const unsigned char *p2 = a2; 4179 4180 /* XXX: This could be considerably faster if we compare a word 4181 * at a time, but it is complicated on LSB Endian machines */ 4182 4183 /* Handle null pointers */ 4184 if (p1 == NULL || p2 == NULL) 4185 return (p1 == p2); 4186 4187 while (bits >= 8) { 4188 if (*p1++ != *p2++) 4189 return 0; 4190 bits -= 8; 4191 } 4192 4193 if (bits > 0) { 4194 u_int8_t mask = ~((1<<(8-bits))-1); 4195 if ((*p1 & mask) != (*p2 & mask)) 4196 return 0; 4197 } 4198 return 1; /* Match! */ 4199 } 4200 4201 static void 4202 key_flush_spd(time_t now) 4203 { 4204 SPTREE_RLOCK_TRACKER; 4205 struct secpolicy *sp; 4206 u_int dir; 4207 4208 /* SPD */ 4209 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 4210 restart: 4211 SPTREE_RLOCK(); 4212 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 4213 if (sp->lifetime == 0 && sp->validtime == 0) 4214 continue; 4215 if ((sp->lifetime && 4216 now - sp->created > sp->lifetime) || 4217 (sp->validtime && 4218 now - sp->lastused > sp->validtime)) { 4219 SP_ADDREF(sp); 4220 SPTREE_RUNLOCK(); 4221 key_spdexpire(sp); 4222 key_unlink(sp); 4223 KEY_FREESP(&sp); 4224 goto restart; 4225 } 4226 } 4227 SPTREE_RUNLOCK(); 4228 } 4229 } 4230 4231 static void 4232 key_flush_sad(time_t now) 4233 { 4234 struct secashead *sah, *nextsah; 4235 struct secasvar *sav, *nextsav; 4236 4237 /* SAD */ 4238 SAHTREE_LOCK(); 4239 LIST_FOREACH_SAFE(sah, &V_sahtree, chain, nextsah) { 4240 /* if sah has been dead, then delete it and process next sah. */ 4241 if (sah->state == SADB_SASTATE_DEAD) { 4242 key_delsah(sah); 4243 continue; 4244 } 4245 4246 /* if LARVAL entry doesn't become MATURE, delete it. */ 4247 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_LARVAL], chain, nextsav) { 4248 /* Need to also check refcnt for a larval SA ??? */ 4249 if (now - sav->created > V_key_larval_lifetime) 4250 KEY_FREESAV(&sav); 4251 } 4252 4253 /* 4254 * check MATURE entry to start to send expire message 4255 * whether or not. 4256 */ 4257 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_MATURE], chain, nextsav) { 4258 /* we don't need to check. */ 4259 if (sav->lft_s == NULL) 4260 continue; 4261 4262 /* sanity check */ 4263 if (sav->lft_c == NULL) { 4264 ipseclog((LOG_DEBUG,"%s: there is no CURRENT " 4265 "time, why?\n", __func__)); 4266 continue; 4267 } 4268 /* 4269 * RFC 2367: 4270 * HARD lifetimes MUST take precedence over SOFT 4271 * lifetimes, meaning if the HARD and SOFT lifetimes 4272 * are the same, the HARD lifetime will appear on the 4273 * EXPIRE message. 4274 */ 4275 /* check HARD lifetime */ 4276 if ((sav->lft_h->addtime != 0 && 4277 now - sav->created > sav->lft_h->addtime) || 4278 (sav->lft_h->bytes != 0 && 4279 sav->lft_h->bytes < sav->lft_c->bytes)) { 4280 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 4281 key_expire(sav, 1); 4282 KEY_FREESAV(&sav); 4283 } 4284 /* check SOFT lifetime */ 4285 else if ((sav->lft_s->addtime != 0 && 4286 now - sav->created > sav->lft_s->addtime) || 4287 (sav->lft_s->bytes != 0 && 4288 sav->lft_s->bytes < sav->lft_c->bytes)) { 4289 key_sa_chgstate(sav, SADB_SASTATE_DYING); 4290 key_expire(sav, 0); 4291 } 4292 } 4293 4294 /* check DYING entry to change status to DEAD. */ 4295 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_DYING], chain, nextsav) { 4296 /* we don't need to check. */ 4297 if (sav->lft_h == NULL) 4298 continue; 4299 4300 /* sanity check */ 4301 if (sav->lft_c == NULL) { 4302 ipseclog((LOG_DEBUG, "%s: there is no CURRENT " 4303 "time, why?\n", __func__)); 4304 continue; 4305 } 4306 4307 if (sav->lft_h->addtime != 0 && 4308 now - sav->created > sav->lft_h->addtime) { 4309 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 4310 key_expire(sav, 1); 4311 KEY_FREESAV(&sav); 4312 } 4313 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */ 4314 else if (sav->lft_s != NULL 4315 && sav->lft_s->addtime != 0 4316 && now - sav->created > sav->lft_s->addtime) { 4317 /* 4318 * XXX: should be checked to be 4319 * installed the valid SA. 4320 */ 4321 4322 /* 4323 * If there is no SA then sending 4324 * expire message. 4325 */ 4326 key_expire(sav, 0); 4327 } 4328 #endif 4329 /* check HARD lifetime by bytes */ 4330 else if (sav->lft_h->bytes != 0 && 4331 sav->lft_h->bytes < sav->lft_c->bytes) { 4332 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 4333 key_expire(sav, 1); 4334 KEY_FREESAV(&sav); 4335 } 4336 } 4337 4338 /* delete entry in DEAD */ 4339 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_DEAD], chain, nextsav) { 4340 /* sanity check */ 4341 if (sav->state != SADB_SASTATE_DEAD) { 4342 ipseclog((LOG_DEBUG, "%s: invalid sav->state " 4343 "(queue: %d SA: %d): kill it anyway\n", 4344 __func__, 4345 SADB_SASTATE_DEAD, sav->state)); 4346 } 4347 /* 4348 * do not call key_freesav() here. 4349 * sav should already be freed, and sav->refcnt 4350 * shows other references to sav 4351 * (such as from SPD). 4352 */ 4353 } 4354 } 4355 SAHTREE_UNLOCK(); 4356 } 4357 4358 static void 4359 key_flush_acq(time_t now) 4360 { 4361 struct secacq *acq, *nextacq; 4362 4363 /* ACQ tree */ 4364 ACQ_LOCK(); 4365 for (acq = LIST_FIRST(&V_acqtree); acq != NULL; acq = nextacq) { 4366 nextacq = LIST_NEXT(acq, chain); 4367 if (now - acq->created > V_key_blockacq_lifetime 4368 && __LIST_CHAINED(acq)) { 4369 LIST_REMOVE(acq, chain); 4370 free(acq, M_IPSEC_SAQ); 4371 } 4372 } 4373 ACQ_UNLOCK(); 4374 } 4375 4376 static void 4377 key_flush_spacq(time_t now) 4378 { 4379 struct secspacq *acq, *nextacq; 4380 4381 /* SP ACQ tree */ 4382 SPACQ_LOCK(); 4383 for (acq = LIST_FIRST(&V_spacqtree); acq != NULL; acq = nextacq) { 4384 nextacq = LIST_NEXT(acq, chain); 4385 if (now - acq->created > V_key_blockacq_lifetime 4386 && __LIST_CHAINED(acq)) { 4387 LIST_REMOVE(acq, chain); 4388 free(acq, M_IPSEC_SAQ); 4389 } 4390 } 4391 SPACQ_UNLOCK(); 4392 } 4393 4394 /* 4395 * time handler. 4396 * scanning SPD and SAD to check status for each entries, 4397 * and do to remove or to expire. 4398 * XXX: year 2038 problem may remain. 4399 */ 4400 static void 4401 key_timehandler(void *arg) 4402 { 4403 VNET_ITERATOR_DECL(vnet_iter); 4404 time_t now = time_second; 4405 4406 VNET_LIST_RLOCK_NOSLEEP(); 4407 VNET_FOREACH(vnet_iter) { 4408 CURVNET_SET(vnet_iter); 4409 key_flush_spd(now); 4410 key_flush_sad(now); 4411 key_flush_acq(now); 4412 key_flush_spacq(now); 4413 CURVNET_RESTORE(); 4414 } 4415 VNET_LIST_RUNLOCK_NOSLEEP(); 4416 4417 #ifndef IPSEC_DEBUG2 4418 /* do exchange to tick time !! */ 4419 callout_schedule(&key_timer, hz); 4420 #endif /* IPSEC_DEBUG2 */ 4421 } 4422 4423 u_long 4424 key_random() 4425 { 4426 u_long value; 4427 4428 key_randomfill(&value, sizeof(value)); 4429 return value; 4430 } 4431 4432 void 4433 key_randomfill(void *p, size_t l) 4434 { 4435 size_t n; 4436 u_long v; 4437 static int warn = 1; 4438 4439 n = 0; 4440 n = (size_t)read_random(p, (u_int)l); 4441 /* last resort */ 4442 while (n < l) { 4443 v = random(); 4444 bcopy(&v, (u_int8_t *)p + n, 4445 l - n < sizeof(v) ? l - n : sizeof(v)); 4446 n += sizeof(v); 4447 4448 if (warn) { 4449 printf("WARNING: pseudo-random number generator " 4450 "used for IPsec processing\n"); 4451 warn = 0; 4452 } 4453 } 4454 } 4455 4456 /* 4457 * map SADB_SATYPE_* to IPPROTO_*. 4458 * if satype == SADB_SATYPE then satype is mapped to ~0. 4459 * OUT: 4460 * 0: invalid satype. 4461 */ 4462 static u_int16_t 4463 key_satype2proto(u_int8_t satype) 4464 { 4465 switch (satype) { 4466 case SADB_SATYPE_UNSPEC: 4467 return IPSEC_PROTO_ANY; 4468 case SADB_SATYPE_AH: 4469 return IPPROTO_AH; 4470 case SADB_SATYPE_ESP: 4471 return IPPROTO_ESP; 4472 case SADB_X_SATYPE_IPCOMP: 4473 return IPPROTO_IPCOMP; 4474 case SADB_X_SATYPE_TCPSIGNATURE: 4475 return IPPROTO_TCP; 4476 default: 4477 return 0; 4478 } 4479 /* NOTREACHED */ 4480 } 4481 4482 /* 4483 * map IPPROTO_* to SADB_SATYPE_* 4484 * OUT: 4485 * 0: invalid protocol type. 4486 */ 4487 static u_int8_t 4488 key_proto2satype(u_int16_t proto) 4489 { 4490 switch (proto) { 4491 case IPPROTO_AH: 4492 return SADB_SATYPE_AH; 4493 case IPPROTO_ESP: 4494 return SADB_SATYPE_ESP; 4495 case IPPROTO_IPCOMP: 4496 return SADB_X_SATYPE_IPCOMP; 4497 case IPPROTO_TCP: 4498 return SADB_X_SATYPE_TCPSIGNATURE; 4499 default: 4500 return 0; 4501 } 4502 /* NOTREACHED */ 4503 } 4504 4505 /* %%% PF_KEY */ 4506 /* 4507 * SADB_GETSPI processing is to receive 4508 * <base, (SA2), src address, dst address, (SPI range)> 4509 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND 4510 * tree with the status of LARVAL, and send 4511 * <base, SA(*), address(SD)> 4512 * to the IKMPd. 4513 * 4514 * IN: mhp: pointer to the pointer to each header. 4515 * OUT: NULL if fail. 4516 * other if success, return pointer to the message to send. 4517 */ 4518 static int 4519 key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 4520 { 4521 struct sadb_address *src0, *dst0; 4522 struct secasindex saidx; 4523 struct secashead *newsah; 4524 struct secasvar *newsav; 4525 u_int8_t proto; 4526 u_int32_t spi; 4527 u_int8_t mode; 4528 u_int32_t reqid; 4529 int error; 4530 4531 IPSEC_ASSERT(so != NULL, ("null socket")); 4532 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4533 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4534 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4535 4536 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 4537 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { 4538 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 4539 __func__)); 4540 return key_senderror(so, m, EINVAL); 4541 } 4542 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 4543 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 4544 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 4545 __func__)); 4546 return key_senderror(so, m, EINVAL); 4547 } 4548 if (mhp->ext[SADB_X_EXT_SA2] != NULL) { 4549 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 4550 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 4551 } else { 4552 mode = IPSEC_MODE_ANY; 4553 reqid = 0; 4554 } 4555 4556 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 4557 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 4558 4559 /* map satype to proto */ 4560 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 4561 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 4562 __func__)); 4563 return key_senderror(so, m, EINVAL); 4564 } 4565 4566 /* 4567 * Make sure the port numbers are zero. 4568 * In case of NAT-T we will update them later if needed. 4569 */ 4570 switch (((struct sockaddr *)(src0 + 1))->sa_family) { 4571 case AF_INET: 4572 if (((struct sockaddr *)(src0 + 1))->sa_len != 4573 sizeof(struct sockaddr_in)) 4574 return key_senderror(so, m, EINVAL); 4575 ((struct sockaddr_in *)(src0 + 1))->sin_port = 0; 4576 break; 4577 case AF_INET6: 4578 if (((struct sockaddr *)(src0 + 1))->sa_len != 4579 sizeof(struct sockaddr_in6)) 4580 return key_senderror(so, m, EINVAL); 4581 ((struct sockaddr_in6 *)(src0 + 1))->sin6_port = 0; 4582 break; 4583 default: 4584 ; /*???*/ 4585 } 4586 switch (((struct sockaddr *)(dst0 + 1))->sa_family) { 4587 case AF_INET: 4588 if (((struct sockaddr *)(dst0 + 1))->sa_len != 4589 sizeof(struct sockaddr_in)) 4590 return key_senderror(so, m, EINVAL); 4591 ((struct sockaddr_in *)(dst0 + 1))->sin_port = 0; 4592 break; 4593 case AF_INET6: 4594 if (((struct sockaddr *)(dst0 + 1))->sa_len != 4595 sizeof(struct sockaddr_in6)) 4596 return key_senderror(so, m, EINVAL); 4597 ((struct sockaddr_in6 *)(dst0 + 1))->sin6_port = 0; 4598 break; 4599 default: 4600 ; /*???*/ 4601 } 4602 4603 /* XXX boundary check against sa_len */ 4604 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 4605 4606 #ifdef IPSEC_NAT_T 4607 /* 4608 * Handle NAT-T info if present. 4609 * We made sure the port numbers are zero above, so we do 4610 * not have to worry in case we do not update them. 4611 */ 4612 if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) 4613 ipseclog((LOG_DEBUG, "%s: NAT-T OAi present\n", __func__)); 4614 if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) 4615 ipseclog((LOG_DEBUG, "%s: NAT-T OAr present\n", __func__)); 4616 4617 if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL && 4618 mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL && 4619 mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) { 4620 struct sadb_x_nat_t_type *type; 4621 struct sadb_x_nat_t_port *sport, *dport; 4622 4623 if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type) || 4624 mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) || 4625 mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) { 4626 ipseclog((LOG_DEBUG, "%s: invalid nat-t message " 4627 "passed.\n", __func__)); 4628 return key_senderror(so, m, EINVAL); 4629 } 4630 4631 sport = (struct sadb_x_nat_t_port *) 4632 mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 4633 dport = (struct sadb_x_nat_t_port *) 4634 mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 4635 4636 if (sport) 4637 KEY_PORTTOSADDR(&saidx.src, sport->sadb_x_nat_t_port_port); 4638 if (dport) 4639 KEY_PORTTOSADDR(&saidx.dst, dport->sadb_x_nat_t_port_port); 4640 } 4641 #endif 4642 4643 /* SPI allocation */ 4644 spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], 4645 &saidx); 4646 if (spi == 0) 4647 return key_senderror(so, m, EINVAL); 4648 4649 /* get a SA index */ 4650 if ((newsah = key_getsah(&saidx)) == NULL) { 4651 /* create a new SA index */ 4652 if ((newsah = key_newsah(&saidx)) == NULL) { 4653 ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); 4654 return key_senderror(so, m, ENOBUFS); 4655 } 4656 } 4657 4658 /* get a new SA */ 4659 /* XXX rewrite */ 4660 newsav = KEY_NEWSAV(m, mhp, newsah, &error); 4661 if (newsav == NULL) { 4662 /* XXX don't free new SA index allocated in above. */ 4663 return key_senderror(so, m, error); 4664 } 4665 4666 /* set spi */ 4667 newsav->spi = htonl(spi); 4668 4669 /* delete the entry in acqtree */ 4670 if (mhp->msg->sadb_msg_seq != 0) { 4671 struct secacq *acq; 4672 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) { 4673 /* reset counter in order to deletion by timehandler. */ 4674 acq->created = time_second; 4675 acq->count = 0; 4676 } 4677 } 4678 4679 { 4680 struct mbuf *n, *nn; 4681 struct sadb_sa *m_sa; 4682 struct sadb_msg *newmsg; 4683 int off, len; 4684 4685 /* create new sadb_msg to reply. */ 4686 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 4687 PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4688 4689 MGETHDR(n, M_NOWAIT, MT_DATA); 4690 if (len > MHLEN) { 4691 if (!(MCLGET(n, M_NOWAIT))) { 4692 m_freem(n); 4693 n = NULL; 4694 } 4695 } 4696 if (!n) 4697 return key_senderror(so, m, ENOBUFS); 4698 4699 n->m_len = len; 4700 n->m_next = NULL; 4701 off = 0; 4702 4703 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 4704 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 4705 4706 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off); 4707 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); 4708 m_sa->sadb_sa_exttype = SADB_EXT_SA; 4709 m_sa->sadb_sa_spi = htonl(spi); 4710 off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4711 4712 IPSEC_ASSERT(off == len, 4713 ("length inconsistency (off %u len %u)", off, len)); 4714 4715 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, 4716 SADB_EXT_ADDRESS_DST); 4717 if (!n->m_next) { 4718 m_freem(n); 4719 return key_senderror(so, m, ENOBUFS); 4720 } 4721 4722 if (n->m_len < sizeof(struct sadb_msg)) { 4723 n = m_pullup(n, sizeof(struct sadb_msg)); 4724 if (n == NULL) 4725 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 4726 } 4727 4728 n->m_pkthdr.len = 0; 4729 for (nn = n; nn; nn = nn->m_next) 4730 n->m_pkthdr.len += nn->m_len; 4731 4732 newmsg = mtod(n, struct sadb_msg *); 4733 newmsg->sadb_msg_seq = newsav->seq; 4734 newmsg->sadb_msg_errno = 0; 4735 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 4736 4737 m_freem(m); 4738 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 4739 } 4740 } 4741 4742 /* 4743 * allocating new SPI 4744 * called by key_getspi(). 4745 * OUT: 4746 * 0: failure. 4747 * others: success. 4748 */ 4749 static u_int32_t 4750 key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx) 4751 { 4752 u_int32_t newspi; 4753 u_int32_t min, max; 4754 int count = V_key_spi_trycnt; 4755 4756 /* set spi range to allocate */ 4757 if (spirange != NULL) { 4758 min = spirange->sadb_spirange_min; 4759 max = spirange->sadb_spirange_max; 4760 } else { 4761 min = V_key_spi_minval; 4762 max = V_key_spi_maxval; 4763 } 4764 /* IPCOMP needs 2-byte SPI */ 4765 if (saidx->proto == IPPROTO_IPCOMP) { 4766 u_int32_t t; 4767 if (min >= 0x10000) 4768 min = 0xffff; 4769 if (max >= 0x10000) 4770 max = 0xffff; 4771 if (min > max) { 4772 t = min; min = max; max = t; 4773 } 4774 } 4775 4776 if (min == max) { 4777 if (key_checkspidup(saidx, min) != NULL) { 4778 ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n", 4779 __func__, min)); 4780 return 0; 4781 } 4782 4783 count--; /* taking one cost. */ 4784 newspi = min; 4785 4786 } else { 4787 4788 /* init SPI */ 4789 newspi = 0; 4790 4791 /* when requesting to allocate spi ranged */ 4792 while (count--) { 4793 /* generate pseudo-random SPI value ranged. */ 4794 newspi = min + (key_random() % (max - min + 1)); 4795 4796 if (key_checkspidup(saidx, newspi) == NULL) 4797 break; 4798 } 4799 4800 if (count == 0 || newspi == 0) { 4801 ipseclog((LOG_DEBUG, "%s: to allocate spi is failed.\n", 4802 __func__)); 4803 return 0; 4804 } 4805 } 4806 4807 /* statistics */ 4808 keystat.getspi_count = 4809 (keystat.getspi_count + V_key_spi_trycnt - count) / 2; 4810 4811 return newspi; 4812 } 4813 4814 /* 4815 * SADB_UPDATE processing 4816 * receive 4817 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 4818 * key(AE), (identity(SD),) (sensitivity)> 4819 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. 4820 * and send 4821 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 4822 * (identity(SD),) (sensitivity)> 4823 * to the ikmpd. 4824 * 4825 * m will always be freed. 4826 */ 4827 static int 4828 key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 4829 { 4830 struct sadb_sa *sa0; 4831 struct sadb_address *src0, *dst0; 4832 #ifdef IPSEC_NAT_T 4833 struct sadb_x_nat_t_type *type; 4834 struct sadb_x_nat_t_port *sport, *dport; 4835 struct sadb_address *iaddr, *raddr; 4836 struct sadb_x_nat_t_frag *frag; 4837 #endif 4838 struct secasindex saidx; 4839 struct secashead *sah; 4840 struct secasvar *sav; 4841 u_int16_t proto; 4842 u_int8_t mode; 4843 u_int32_t reqid; 4844 int error; 4845 4846 IPSEC_ASSERT(so != NULL, ("null socket")); 4847 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4848 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4849 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4850 4851 /* map satype to proto */ 4852 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 4853 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 4854 __func__)); 4855 return key_senderror(so, m, EINVAL); 4856 } 4857 4858 if (mhp->ext[SADB_EXT_SA] == NULL || 4859 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 4860 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 4861 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 4862 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) || 4863 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 4864 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) || 4865 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL && 4866 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) || 4867 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL && 4868 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) { 4869 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 4870 __func__)); 4871 return key_senderror(so, m, EINVAL); 4872 } 4873 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || 4874 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 4875 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 4876 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 4877 __func__)); 4878 return key_senderror(so, m, EINVAL); 4879 } 4880 if (mhp->ext[SADB_X_EXT_SA2] != NULL) { 4881 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 4882 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 4883 } else { 4884 mode = IPSEC_MODE_ANY; 4885 reqid = 0; 4886 } 4887 /* XXX boundary checking for other extensions */ 4888 4889 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 4890 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 4891 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 4892 4893 /* XXX boundary check against sa_len */ 4894 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 4895 4896 /* 4897 * Make sure the port numbers are zero. 4898 * In case of NAT-T we will update them later if needed. 4899 */ 4900 KEY_PORTTOSADDR(&saidx.src, 0); 4901 KEY_PORTTOSADDR(&saidx.dst, 0); 4902 4903 #ifdef IPSEC_NAT_T 4904 /* 4905 * Handle NAT-T info if present. 4906 */ 4907 if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL && 4908 mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL && 4909 mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) { 4910 4911 if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type) || 4912 mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) || 4913 mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) { 4914 ipseclog((LOG_DEBUG, "%s: invalid message.\n", 4915 __func__)); 4916 return key_senderror(so, m, EINVAL); 4917 } 4918 4919 type = (struct sadb_x_nat_t_type *) 4920 mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 4921 sport = (struct sadb_x_nat_t_port *) 4922 mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 4923 dport = (struct sadb_x_nat_t_port *) 4924 mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 4925 } else { 4926 type = NULL; 4927 sport = dport = NULL; 4928 } 4929 if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL && 4930 mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) { 4931 if (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr) || 4932 mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr)) { 4933 ipseclog((LOG_DEBUG, "%s: invalid message\n", 4934 __func__)); 4935 return key_senderror(so, m, EINVAL); 4936 } 4937 iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI]; 4938 raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR]; 4939 ipseclog((LOG_DEBUG, "%s: NAT-T OAi/r present\n", __func__)); 4940 } else { 4941 iaddr = raddr = NULL; 4942 } 4943 if (mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) { 4944 if (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag)) { 4945 ipseclog((LOG_DEBUG, "%s: invalid message\n", 4946 __func__)); 4947 return key_senderror(so, m, EINVAL); 4948 } 4949 frag = (struct sadb_x_nat_t_frag *) 4950 mhp->ext[SADB_X_EXT_NAT_T_FRAG]; 4951 } else { 4952 frag = NULL; 4953 } 4954 #endif 4955 4956 /* get a SA header */ 4957 if ((sah = key_getsah(&saidx)) == NULL) { 4958 ipseclog((LOG_DEBUG, "%s: no SA index found.\n", __func__)); 4959 return key_senderror(so, m, ENOENT); 4960 } 4961 4962 /* set spidx if there */ 4963 /* XXX rewrite */ 4964 error = key_setident(sah, m, mhp); 4965 if (error) 4966 return key_senderror(so, m, error); 4967 4968 /* find a SA with sequence number. */ 4969 #ifdef IPSEC_DOSEQCHECK 4970 if (mhp->msg->sadb_msg_seq != 0 4971 && (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) { 4972 ipseclog((LOG_DEBUG, "%s: no larval SA with sequence %u " 4973 "exists.\n", __func__, mhp->msg->sadb_msg_seq)); 4974 return key_senderror(so, m, ENOENT); 4975 } 4976 #else 4977 SAHTREE_LOCK(); 4978 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); 4979 SAHTREE_UNLOCK(); 4980 if (sav == NULL) { 4981 ipseclog((LOG_DEBUG, "%s: no such a SA found (spi:%u)\n", 4982 __func__, (u_int32_t)ntohl(sa0->sadb_sa_spi))); 4983 return key_senderror(so, m, EINVAL); 4984 } 4985 #endif 4986 4987 /* validity check */ 4988 if (sav->sah->saidx.proto != proto) { 4989 ipseclog((LOG_DEBUG, "%s: protocol mismatched " 4990 "(DB=%u param=%u)\n", __func__, 4991 sav->sah->saidx.proto, proto)); 4992 return key_senderror(so, m, EINVAL); 4993 } 4994 #ifdef IPSEC_DOSEQCHECK 4995 if (sav->spi != sa0->sadb_sa_spi) { 4996 ipseclog((LOG_DEBUG, "%s: SPI mismatched (DB:%u param:%u)\n", 4997 __func__, 4998 (u_int32_t)ntohl(sav->spi), 4999 (u_int32_t)ntohl(sa0->sadb_sa_spi))); 5000 return key_senderror(so, m, EINVAL); 5001 } 5002 #endif 5003 if (sav->pid != mhp->msg->sadb_msg_pid) { 5004 ipseclog((LOG_DEBUG, "%s: pid mismatched (DB:%u param:%u)\n", 5005 __func__, sav->pid, mhp->msg->sadb_msg_pid)); 5006 return key_senderror(so, m, EINVAL); 5007 } 5008 5009 /* copy sav values */ 5010 error = key_setsaval(sav, m, mhp); 5011 if (error) { 5012 KEY_FREESAV(&sav); 5013 return key_senderror(so, m, error); 5014 } 5015 5016 #ifdef IPSEC_NAT_T 5017 /* 5018 * Handle more NAT-T info if present, 5019 * now that we have a sav to fill. 5020 */ 5021 if (type) 5022 sav->natt_type = type->sadb_x_nat_t_type_type; 5023 5024 if (sport) 5025 KEY_PORTTOSADDR(&sav->sah->saidx.src, 5026 sport->sadb_x_nat_t_port_port); 5027 if (dport) 5028 KEY_PORTTOSADDR(&sav->sah->saidx.dst, 5029 dport->sadb_x_nat_t_port_port); 5030 5031 #if 0 5032 /* 5033 * In case SADB_X_EXT_NAT_T_FRAG was not given, leave it at 0. 5034 * We should actually check for a minimum MTU here, if we 5035 * want to support it in ip_output. 5036 */ 5037 if (frag) 5038 sav->natt_esp_frag_len = frag->sadb_x_nat_t_frag_fraglen; 5039 #endif 5040 #endif 5041 5042 /* check SA values to be mature. */ 5043 if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) { 5044 KEY_FREESAV(&sav); 5045 return key_senderror(so, m, 0); 5046 } 5047 5048 { 5049 struct mbuf *n; 5050 5051 /* set msg buf from mhp */ 5052 n = key_getmsgbuf_x1(m, mhp); 5053 if (n == NULL) { 5054 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5055 return key_senderror(so, m, ENOBUFS); 5056 } 5057 5058 m_freem(m); 5059 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5060 } 5061 } 5062 5063 /* 5064 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL. 5065 * only called by key_update(). 5066 * OUT: 5067 * NULL : not found 5068 * others : found, pointer to a SA. 5069 */ 5070 #ifdef IPSEC_DOSEQCHECK 5071 static struct secasvar * 5072 key_getsavbyseq(struct secashead *sah, u_int32_t seq) 5073 { 5074 struct secasvar *sav; 5075 u_int state; 5076 5077 state = SADB_SASTATE_LARVAL; 5078 5079 /* search SAD with sequence number ? */ 5080 LIST_FOREACH(sav, &sah->savtree[state], chain) { 5081 5082 KEY_CHKSASTATE(state, sav->state, __func__); 5083 5084 if (sav->seq == seq) { 5085 sa_addref(sav); 5086 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 5087 printf("DP %s cause refcnt++:%d SA:%p\n", 5088 __func__, sav->refcnt, sav)); 5089 return sav; 5090 } 5091 } 5092 5093 return NULL; 5094 } 5095 #endif 5096 5097 /* 5098 * SADB_ADD processing 5099 * add an entry to SA database, when received 5100 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5101 * key(AE), (identity(SD),) (sensitivity)> 5102 * from the ikmpd, 5103 * and send 5104 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5105 * (identity(SD),) (sensitivity)> 5106 * to the ikmpd. 5107 * 5108 * IGNORE identity and sensitivity messages. 5109 * 5110 * m will always be freed. 5111 */ 5112 static int 5113 key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5114 { 5115 struct sadb_sa *sa0; 5116 struct sadb_address *src0, *dst0; 5117 #ifdef IPSEC_NAT_T 5118 struct sadb_x_nat_t_type *type; 5119 struct sadb_address *iaddr, *raddr; 5120 struct sadb_x_nat_t_frag *frag; 5121 #endif 5122 struct secasindex saidx; 5123 struct secashead *newsah; 5124 struct secasvar *newsav; 5125 u_int16_t proto; 5126 u_int8_t mode; 5127 u_int32_t reqid; 5128 int error; 5129 5130 IPSEC_ASSERT(so != NULL, ("null socket")); 5131 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5132 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5133 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5134 5135 /* map satype to proto */ 5136 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5137 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5138 __func__)); 5139 return key_senderror(so, m, EINVAL); 5140 } 5141 5142 if (mhp->ext[SADB_EXT_SA] == NULL || 5143 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 5144 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 5145 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5146 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) || 5147 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5148 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) || 5149 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL && 5150 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) || 5151 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL && 5152 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) { 5153 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5154 __func__)); 5155 return key_senderror(so, m, EINVAL); 5156 } 5157 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || 5158 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 5159 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 5160 /* XXX need more */ 5161 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5162 __func__)); 5163 return key_senderror(so, m, EINVAL); 5164 } 5165 if (mhp->ext[SADB_X_EXT_SA2] != NULL) { 5166 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5167 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5168 } else { 5169 mode = IPSEC_MODE_ANY; 5170 reqid = 0; 5171 } 5172 5173 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5174 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 5175 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 5176 5177 /* XXX boundary check against sa_len */ 5178 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5179 5180 /* 5181 * Make sure the port numbers are zero. 5182 * In case of NAT-T we will update them later if needed. 5183 */ 5184 KEY_PORTTOSADDR(&saidx.src, 0); 5185 KEY_PORTTOSADDR(&saidx.dst, 0); 5186 5187 #ifdef IPSEC_NAT_T 5188 /* 5189 * Handle NAT-T info if present. 5190 */ 5191 if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL && 5192 mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL && 5193 mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) { 5194 struct sadb_x_nat_t_port *sport, *dport; 5195 5196 if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type) || 5197 mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) || 5198 mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) { 5199 ipseclog((LOG_DEBUG, "%s: invalid message.\n", 5200 __func__)); 5201 return key_senderror(so, m, EINVAL); 5202 } 5203 5204 type = (struct sadb_x_nat_t_type *) 5205 mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5206 sport = (struct sadb_x_nat_t_port *) 5207 mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5208 dport = (struct sadb_x_nat_t_port *) 5209 mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5210 5211 if (sport) 5212 KEY_PORTTOSADDR(&saidx.src, 5213 sport->sadb_x_nat_t_port_port); 5214 if (dport) 5215 KEY_PORTTOSADDR(&saidx.dst, 5216 dport->sadb_x_nat_t_port_port); 5217 } else { 5218 type = NULL; 5219 } 5220 if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL && 5221 mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) { 5222 if (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr) || 5223 mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr)) { 5224 ipseclog((LOG_DEBUG, "%s: invalid message\n", 5225 __func__)); 5226 return key_senderror(so, m, EINVAL); 5227 } 5228 iaddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI]; 5229 raddr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR]; 5230 ipseclog((LOG_DEBUG, "%s: NAT-T OAi/r present\n", __func__)); 5231 } else { 5232 iaddr = raddr = NULL; 5233 } 5234 if (mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) { 5235 if (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag)) { 5236 ipseclog((LOG_DEBUG, "%s: invalid message\n", 5237 __func__)); 5238 return key_senderror(so, m, EINVAL); 5239 } 5240 frag = (struct sadb_x_nat_t_frag *) 5241 mhp->ext[SADB_X_EXT_NAT_T_FRAG]; 5242 } else { 5243 frag = NULL; 5244 } 5245 #endif 5246 5247 /* get a SA header */ 5248 if ((newsah = key_getsah(&saidx)) == NULL) { 5249 /* create a new SA header */ 5250 if ((newsah = key_newsah(&saidx)) == NULL) { 5251 ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); 5252 return key_senderror(so, m, ENOBUFS); 5253 } 5254 } 5255 5256 /* set spidx if there */ 5257 /* XXX rewrite */ 5258 error = key_setident(newsah, m, mhp); 5259 if (error) { 5260 return key_senderror(so, m, error); 5261 } 5262 5263 /* create new SA entry. */ 5264 /* We can create new SA only if SPI is differenct. */ 5265 SAHTREE_LOCK(); 5266 newsav = key_getsavbyspi(newsah, sa0->sadb_sa_spi); 5267 SAHTREE_UNLOCK(); 5268 if (newsav != NULL) { 5269 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__)); 5270 return key_senderror(so, m, EEXIST); 5271 } 5272 newsav = KEY_NEWSAV(m, mhp, newsah, &error); 5273 if (newsav == NULL) { 5274 return key_senderror(so, m, error); 5275 } 5276 5277 #ifdef IPSEC_NAT_T 5278 /* 5279 * Handle more NAT-T info if present, 5280 * now that we have a sav to fill. 5281 */ 5282 if (type) 5283 newsav->natt_type = type->sadb_x_nat_t_type_type; 5284 5285 #if 0 5286 /* 5287 * In case SADB_X_EXT_NAT_T_FRAG was not given, leave it at 0. 5288 * We should actually check for a minimum MTU here, if we 5289 * want to support it in ip_output. 5290 */ 5291 if (frag) 5292 newsav->natt_esp_frag_len = frag->sadb_x_nat_t_frag_fraglen; 5293 #endif 5294 #endif 5295 5296 /* check SA values to be mature. */ 5297 if ((error = key_mature(newsav)) != 0) { 5298 KEY_FREESAV(&newsav); 5299 return key_senderror(so, m, error); 5300 } 5301 5302 /* 5303 * don't call key_freesav() here, as we would like to keep the SA 5304 * in the database on success. 5305 */ 5306 5307 { 5308 struct mbuf *n; 5309 5310 /* set msg buf from mhp */ 5311 n = key_getmsgbuf_x1(m, mhp); 5312 if (n == NULL) { 5313 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5314 return key_senderror(so, m, ENOBUFS); 5315 } 5316 5317 m_freem(m); 5318 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5319 } 5320 } 5321 5322 /* m is retained */ 5323 static int 5324 key_setident(struct secashead *sah, struct mbuf *m, 5325 const struct sadb_msghdr *mhp) 5326 { 5327 const struct sadb_ident *idsrc, *iddst; 5328 int idsrclen, iddstlen; 5329 5330 IPSEC_ASSERT(sah != NULL, ("null secashead")); 5331 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5332 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5333 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5334 5335 /* don't make buffer if not there */ 5336 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL && 5337 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { 5338 sah->idents = NULL; 5339 sah->identd = NULL; 5340 return 0; 5341 } 5342 5343 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL || 5344 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { 5345 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__)); 5346 return EINVAL; 5347 } 5348 5349 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC]; 5350 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST]; 5351 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC]; 5352 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST]; 5353 5354 /* validity check */ 5355 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { 5356 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__)); 5357 return EINVAL; 5358 } 5359 5360 switch (idsrc->sadb_ident_type) { 5361 case SADB_IDENTTYPE_PREFIX: 5362 case SADB_IDENTTYPE_FQDN: 5363 case SADB_IDENTTYPE_USERFQDN: 5364 default: 5365 /* XXX do nothing */ 5366 sah->idents = NULL; 5367 sah->identd = NULL; 5368 return 0; 5369 } 5370 5371 /* make structure */ 5372 sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5373 if (sah->idents == NULL) { 5374 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5375 return ENOBUFS; 5376 } 5377 sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5378 if (sah->identd == NULL) { 5379 free(sah->idents, M_IPSEC_MISC); 5380 sah->idents = NULL; 5381 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5382 return ENOBUFS; 5383 } 5384 sah->idents->type = idsrc->sadb_ident_type; 5385 sah->idents->id = idsrc->sadb_ident_id; 5386 5387 sah->identd->type = iddst->sadb_ident_type; 5388 sah->identd->id = iddst->sadb_ident_id; 5389 5390 return 0; 5391 } 5392 5393 /* 5394 * m will not be freed on return. 5395 * it is caller's responsibility to free the result. 5396 */ 5397 static struct mbuf * 5398 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp) 5399 { 5400 struct mbuf *n; 5401 5402 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5403 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5404 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5405 5406 /* create new sadb_msg to reply. */ 5407 n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED, 5408 SADB_EXT_SA, SADB_X_EXT_SA2, 5409 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, 5410 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 5411 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST); 5412 if (!n) 5413 return NULL; 5414 5415 if (n->m_len < sizeof(struct sadb_msg)) { 5416 n = m_pullup(n, sizeof(struct sadb_msg)); 5417 if (n == NULL) 5418 return NULL; 5419 } 5420 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; 5421 mtod(n, struct sadb_msg *)->sadb_msg_len = 5422 PFKEY_UNIT64(n->m_pkthdr.len); 5423 5424 return n; 5425 } 5426 5427 /* 5428 * SADB_DELETE processing 5429 * receive 5430 * <base, SA(*), address(SD)> 5431 * from the ikmpd, and set SADB_SASTATE_DEAD, 5432 * and send, 5433 * <base, SA(*), address(SD)> 5434 * to the ikmpd. 5435 * 5436 * m will always be freed. 5437 */ 5438 static int 5439 key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5440 { 5441 struct sadb_sa *sa0; 5442 struct sadb_address *src0, *dst0; 5443 struct secasindex saidx; 5444 struct secashead *sah; 5445 struct secasvar *sav = NULL; 5446 u_int16_t proto; 5447 5448 IPSEC_ASSERT(so != NULL, ("null socket")); 5449 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5450 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5451 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5452 5453 /* map satype to proto */ 5454 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5455 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5456 __func__)); 5457 return key_senderror(so, m, EINVAL); 5458 } 5459 5460 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 5461 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { 5462 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5463 __func__)); 5464 return key_senderror(so, m, EINVAL); 5465 } 5466 5467 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 5468 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 5469 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5470 __func__)); 5471 return key_senderror(so, m, EINVAL); 5472 } 5473 5474 if (mhp->ext[SADB_EXT_SA] == NULL) { 5475 /* 5476 * Caller wants us to delete all non-LARVAL SAs 5477 * that match the src/dst. This is used during 5478 * IKE INITIAL-CONTACT. 5479 */ 5480 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__)); 5481 return key_delete_all(so, m, mhp, proto); 5482 } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) { 5483 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5484 __func__)); 5485 return key_senderror(so, m, EINVAL); 5486 } 5487 5488 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5489 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5490 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5491 5492 /* XXX boundary check against sa_len */ 5493 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 5494 5495 /* 5496 * Make sure the port numbers are zero. 5497 * In case of NAT-T we will update them later if needed. 5498 */ 5499 KEY_PORTTOSADDR(&saidx.src, 0); 5500 KEY_PORTTOSADDR(&saidx.dst, 0); 5501 5502 #ifdef IPSEC_NAT_T 5503 /* 5504 * Handle NAT-T info if present. 5505 */ 5506 if (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL && 5507 mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) { 5508 struct sadb_x_nat_t_port *sport, *dport; 5509 5510 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) || 5511 mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) { 5512 ipseclog((LOG_DEBUG, "%s: invalid message.\n", 5513 __func__)); 5514 return key_senderror(so, m, EINVAL); 5515 } 5516 5517 sport = (struct sadb_x_nat_t_port *) 5518 mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5519 dport = (struct sadb_x_nat_t_port *) 5520 mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5521 5522 if (sport) 5523 KEY_PORTTOSADDR(&saidx.src, 5524 sport->sadb_x_nat_t_port_port); 5525 if (dport) 5526 KEY_PORTTOSADDR(&saidx.dst, 5527 dport->sadb_x_nat_t_port_port); 5528 } 5529 #endif 5530 5531 /* get a SA header */ 5532 SAHTREE_LOCK(); 5533 LIST_FOREACH(sah, &V_sahtree, chain) { 5534 if (sah->state == SADB_SASTATE_DEAD) 5535 continue; 5536 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) 5537 continue; 5538 5539 /* get a SA with SPI. */ 5540 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); 5541 if (sav) 5542 break; 5543 } 5544 if (sah == NULL) { 5545 SAHTREE_UNLOCK(); 5546 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); 5547 return key_senderror(so, m, ENOENT); 5548 } 5549 5550 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 5551 KEY_FREESAV(&sav); 5552 SAHTREE_UNLOCK(); 5553 5554 { 5555 struct mbuf *n; 5556 struct sadb_msg *newmsg; 5557 5558 /* create new sadb_msg to reply. */ 5559 /* XXX-BZ NAT-T extensions? */ 5560 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 5561 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 5562 if (!n) 5563 return key_senderror(so, m, ENOBUFS); 5564 5565 if (n->m_len < sizeof(struct sadb_msg)) { 5566 n = m_pullup(n, sizeof(struct sadb_msg)); 5567 if (n == NULL) 5568 return key_senderror(so, m, ENOBUFS); 5569 } 5570 newmsg = mtod(n, struct sadb_msg *); 5571 newmsg->sadb_msg_errno = 0; 5572 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5573 5574 m_freem(m); 5575 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5576 } 5577 } 5578 5579 /* 5580 * delete all SAs for src/dst. Called from key_delete(). 5581 */ 5582 static int 5583 key_delete_all(struct socket *so, struct mbuf *m, 5584 const struct sadb_msghdr *mhp, u_int16_t proto) 5585 { 5586 struct sadb_address *src0, *dst0; 5587 struct secasindex saidx; 5588 struct secashead *sah; 5589 struct secasvar *sav, *nextsav; 5590 u_int stateidx, state; 5591 5592 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5593 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5594 5595 /* XXX boundary check against sa_len */ 5596 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 5597 5598 /* 5599 * Make sure the port numbers are zero. 5600 * In case of NAT-T we will update them later if needed. 5601 */ 5602 KEY_PORTTOSADDR(&saidx.src, 0); 5603 KEY_PORTTOSADDR(&saidx.dst, 0); 5604 5605 #ifdef IPSEC_NAT_T 5606 /* 5607 * Handle NAT-T info if present. 5608 */ 5609 5610 if (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL && 5611 mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) { 5612 struct sadb_x_nat_t_port *sport, *dport; 5613 5614 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) || 5615 mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) { 5616 ipseclog((LOG_DEBUG, "%s: invalid message.\n", 5617 __func__)); 5618 return key_senderror(so, m, EINVAL); 5619 } 5620 5621 sport = (struct sadb_x_nat_t_port *) 5622 mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5623 dport = (struct sadb_x_nat_t_port *) 5624 mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5625 5626 if (sport) 5627 KEY_PORTTOSADDR(&saidx.src, 5628 sport->sadb_x_nat_t_port_port); 5629 if (dport) 5630 KEY_PORTTOSADDR(&saidx.dst, 5631 dport->sadb_x_nat_t_port_port); 5632 } 5633 #endif 5634 5635 SAHTREE_LOCK(); 5636 LIST_FOREACH(sah, &V_sahtree, chain) { 5637 if (sah->state == SADB_SASTATE_DEAD) 5638 continue; 5639 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) 5640 continue; 5641 5642 /* Delete all non-LARVAL SAs. */ 5643 for (stateidx = 0; 5644 stateidx < _ARRAYLEN(saorder_state_alive); 5645 stateidx++) { 5646 state = saorder_state_alive[stateidx]; 5647 if (state == SADB_SASTATE_LARVAL) 5648 continue; 5649 for (sav = LIST_FIRST(&sah->savtree[state]); 5650 sav != NULL; sav = nextsav) { 5651 nextsav = LIST_NEXT(sav, chain); 5652 /* sanity check */ 5653 if (sav->state != state) { 5654 ipseclog((LOG_DEBUG, "%s: invalid " 5655 "sav->state (queue %d SA %d)\n", 5656 __func__, state, sav->state)); 5657 continue; 5658 } 5659 5660 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 5661 KEY_FREESAV(&sav); 5662 } 5663 } 5664 } 5665 SAHTREE_UNLOCK(); 5666 { 5667 struct mbuf *n; 5668 struct sadb_msg *newmsg; 5669 5670 /* create new sadb_msg to reply. */ 5671 /* XXX-BZ NAT-T extensions? */ 5672 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, 5673 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 5674 if (!n) 5675 return key_senderror(so, m, ENOBUFS); 5676 5677 if (n->m_len < sizeof(struct sadb_msg)) { 5678 n = m_pullup(n, sizeof(struct sadb_msg)); 5679 if (n == NULL) 5680 return key_senderror(so, m, ENOBUFS); 5681 } 5682 newmsg = mtod(n, struct sadb_msg *); 5683 newmsg->sadb_msg_errno = 0; 5684 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5685 5686 m_freem(m); 5687 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5688 } 5689 } 5690 5691 /* 5692 * SADB_GET processing 5693 * receive 5694 * <base, SA(*), address(SD)> 5695 * from the ikmpd, and get a SP and a SA to respond, 5696 * and send, 5697 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), 5698 * (identity(SD),) (sensitivity)> 5699 * to the ikmpd. 5700 * 5701 * m will always be freed. 5702 */ 5703 static int 5704 key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5705 { 5706 struct sadb_sa *sa0; 5707 struct sadb_address *src0, *dst0; 5708 struct secasindex saidx; 5709 struct secashead *sah; 5710 struct secasvar *sav = NULL; 5711 u_int16_t proto; 5712 5713 IPSEC_ASSERT(so != NULL, ("null socket")); 5714 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5715 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5716 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5717 5718 /* map satype to proto */ 5719 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5720 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5721 __func__)); 5722 return key_senderror(so, m, EINVAL); 5723 } 5724 5725 if (mhp->ext[SADB_EXT_SA] == NULL || 5726 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 5727 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { 5728 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5729 __func__)); 5730 return key_senderror(so, m, EINVAL); 5731 } 5732 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || 5733 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 5734 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 5735 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5736 __func__)); 5737 return key_senderror(so, m, EINVAL); 5738 } 5739 5740 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5741 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 5742 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 5743 5744 /* XXX boundary check against sa_len */ 5745 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 5746 5747 /* 5748 * Make sure the port numbers are zero. 5749 * In case of NAT-T we will update them later if needed. 5750 */ 5751 KEY_PORTTOSADDR(&saidx.src, 0); 5752 KEY_PORTTOSADDR(&saidx.dst, 0); 5753 5754 #ifdef IPSEC_NAT_T 5755 /* 5756 * Handle NAT-T info if present. 5757 */ 5758 5759 if (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL && 5760 mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) { 5761 struct sadb_x_nat_t_port *sport, *dport; 5762 5763 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) || 5764 mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) { 5765 ipseclog((LOG_DEBUG, "%s: invalid message.\n", 5766 __func__)); 5767 return key_senderror(so, m, EINVAL); 5768 } 5769 5770 sport = (struct sadb_x_nat_t_port *) 5771 mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5772 dport = (struct sadb_x_nat_t_port *) 5773 mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5774 5775 if (sport) 5776 KEY_PORTTOSADDR(&saidx.src, 5777 sport->sadb_x_nat_t_port_port); 5778 if (dport) 5779 KEY_PORTTOSADDR(&saidx.dst, 5780 dport->sadb_x_nat_t_port_port); 5781 } 5782 #endif 5783 5784 /* get a SA header */ 5785 SAHTREE_LOCK(); 5786 LIST_FOREACH(sah, &V_sahtree, chain) { 5787 if (sah->state == SADB_SASTATE_DEAD) 5788 continue; 5789 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) 5790 continue; 5791 5792 /* get a SA with SPI. */ 5793 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); 5794 if (sav) 5795 break; 5796 } 5797 SAHTREE_UNLOCK(); 5798 if (sah == NULL) { 5799 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); 5800 return key_senderror(so, m, ENOENT); 5801 } 5802 5803 { 5804 struct mbuf *n; 5805 u_int8_t satype; 5806 5807 /* map proto to satype */ 5808 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 5809 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n", 5810 __func__)); 5811 return key_senderror(so, m, EINVAL); 5812 } 5813 5814 /* create new sadb_msg to reply. */ 5815 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, 5816 mhp->msg->sadb_msg_pid); 5817 if (!n) 5818 return key_senderror(so, m, ENOBUFS); 5819 5820 m_freem(m); 5821 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 5822 } 5823 } 5824 5825 /* XXX make it sysctl-configurable? */ 5826 static void 5827 key_getcomb_setlifetime(struct sadb_comb *comb) 5828 { 5829 5830 comb->sadb_comb_soft_allocations = 1; 5831 comb->sadb_comb_hard_allocations = 1; 5832 comb->sadb_comb_soft_bytes = 0; 5833 comb->sadb_comb_hard_bytes = 0; 5834 comb->sadb_comb_hard_addtime = 86400; /* 1 day */ 5835 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; 5836 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */ 5837 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100; 5838 } 5839 5840 /* 5841 * XXX reorder combinations by preference 5842 * XXX no idea if the user wants ESP authentication or not 5843 */ 5844 static struct mbuf * 5845 key_getcomb_esp() 5846 { 5847 struct sadb_comb *comb; 5848 struct enc_xform *algo; 5849 struct mbuf *result = NULL, *m, *n; 5850 int encmin; 5851 int i, off, o; 5852 int totlen; 5853 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 5854 5855 m = NULL; 5856 for (i = 1; i <= SADB_EALG_MAX; i++) { 5857 algo = esp_algorithm_lookup(i); 5858 if (algo == NULL) 5859 continue; 5860 5861 /* discard algorithms with key size smaller than system min */ 5862 if (_BITS(algo->maxkey) < V_ipsec_esp_keymin) 5863 continue; 5864 if (_BITS(algo->minkey) < V_ipsec_esp_keymin) 5865 encmin = V_ipsec_esp_keymin; 5866 else 5867 encmin = _BITS(algo->minkey); 5868 5869 if (V_ipsec_esp_auth) 5870 m = key_getcomb_ah(); 5871 else { 5872 IPSEC_ASSERT(l <= MLEN, 5873 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 5874 MGET(m, M_NOWAIT, MT_DATA); 5875 if (m) { 5876 M_ALIGN(m, l); 5877 m->m_len = l; 5878 m->m_next = NULL; 5879 bzero(mtod(m, caddr_t), m->m_len); 5880 } 5881 } 5882 if (!m) 5883 goto fail; 5884 5885 totlen = 0; 5886 for (n = m; n; n = n->m_next) 5887 totlen += n->m_len; 5888 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l)); 5889 5890 for (off = 0; off < totlen; off += l) { 5891 n = m_pulldown(m, off, l, &o); 5892 if (!n) { 5893 /* m is already freed */ 5894 goto fail; 5895 } 5896 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o); 5897 bzero(comb, sizeof(*comb)); 5898 key_getcomb_setlifetime(comb); 5899 comb->sadb_comb_encrypt = i; 5900 comb->sadb_comb_encrypt_minbits = encmin; 5901 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey); 5902 } 5903 5904 if (!result) 5905 result = m; 5906 else 5907 m_cat(result, m); 5908 } 5909 5910 return result; 5911 5912 fail: 5913 if (result) 5914 m_freem(result); 5915 return NULL; 5916 } 5917 5918 static void 5919 key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min, 5920 u_int16_t* max) 5921 { 5922 5923 *min = *max = ah->keysize; 5924 if (ah->keysize == 0) { 5925 /* 5926 * Transform takes arbitrary key size but algorithm 5927 * key size is restricted. Enforce this here. 5928 */ 5929 switch (alg) { 5930 case SADB_X_AALG_MD5: *min = *max = 16; break; 5931 case SADB_X_AALG_SHA: *min = *max = 20; break; 5932 case SADB_X_AALG_NULL: *min = 1; *max = 256; break; 5933 case SADB_X_AALG_SHA2_256: *min = *max = 32; break; 5934 case SADB_X_AALG_SHA2_384: *min = *max = 48; break; 5935 case SADB_X_AALG_SHA2_512: *min = *max = 64; break; 5936 default: 5937 DPRINTF(("%s: unknown AH algorithm %u\n", 5938 __func__, alg)); 5939 break; 5940 } 5941 } 5942 } 5943 5944 /* 5945 * XXX reorder combinations by preference 5946 */ 5947 static struct mbuf * 5948 key_getcomb_ah() 5949 { 5950 struct sadb_comb *comb; 5951 struct auth_hash *algo; 5952 struct mbuf *m; 5953 u_int16_t minkeysize, maxkeysize; 5954 int i; 5955 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 5956 5957 m = NULL; 5958 for (i = 1; i <= SADB_AALG_MAX; i++) { 5959 #if 1 5960 /* we prefer HMAC algorithms, not old algorithms */ 5961 if (i != SADB_AALG_SHA1HMAC && 5962 i != SADB_AALG_MD5HMAC && 5963 i != SADB_X_AALG_SHA2_256 && 5964 i != SADB_X_AALG_SHA2_384 && 5965 i != SADB_X_AALG_SHA2_512) 5966 continue; 5967 #endif 5968 algo = ah_algorithm_lookup(i); 5969 if (!algo) 5970 continue; 5971 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize); 5972 /* discard algorithms with key size smaller than system min */ 5973 if (_BITS(minkeysize) < V_ipsec_ah_keymin) 5974 continue; 5975 5976 if (!m) { 5977 IPSEC_ASSERT(l <= MLEN, 5978 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 5979 MGET(m, M_NOWAIT, MT_DATA); 5980 if (m) { 5981 M_ALIGN(m, l); 5982 m->m_len = l; 5983 m->m_next = NULL; 5984 } 5985 } else 5986 M_PREPEND(m, l, M_NOWAIT); 5987 if (!m) 5988 return NULL; 5989 5990 comb = mtod(m, struct sadb_comb *); 5991 bzero(comb, sizeof(*comb)); 5992 key_getcomb_setlifetime(comb); 5993 comb->sadb_comb_auth = i; 5994 comb->sadb_comb_auth_minbits = _BITS(minkeysize); 5995 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize); 5996 } 5997 5998 return m; 5999 } 6000 6001 /* 6002 * not really an official behavior. discussed in pf_key@inner.net in Sep2000. 6003 * XXX reorder combinations by preference 6004 */ 6005 static struct mbuf * 6006 key_getcomb_ipcomp() 6007 { 6008 struct sadb_comb *comb; 6009 struct comp_algo *algo; 6010 struct mbuf *m; 6011 int i; 6012 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6013 6014 m = NULL; 6015 for (i = 1; i <= SADB_X_CALG_MAX; i++) { 6016 algo = ipcomp_algorithm_lookup(i); 6017 if (!algo) 6018 continue; 6019 6020 if (!m) { 6021 IPSEC_ASSERT(l <= MLEN, 6022 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6023 MGET(m, M_NOWAIT, MT_DATA); 6024 if (m) { 6025 M_ALIGN(m, l); 6026 m->m_len = l; 6027 m->m_next = NULL; 6028 } 6029 } else 6030 M_PREPEND(m, l, M_NOWAIT); 6031 if (!m) 6032 return NULL; 6033 6034 comb = mtod(m, struct sadb_comb *); 6035 bzero(comb, sizeof(*comb)); 6036 key_getcomb_setlifetime(comb); 6037 comb->sadb_comb_encrypt = i; 6038 /* what should we set into sadb_comb_*_{min,max}bits? */ 6039 } 6040 6041 return m; 6042 } 6043 6044 /* 6045 * XXX no way to pass mode (transport/tunnel) to userland 6046 * XXX replay checking? 6047 * XXX sysctl interface to ipsec_{ah,esp}_keymin 6048 */ 6049 static struct mbuf * 6050 key_getprop(const struct secasindex *saidx) 6051 { 6052 struct sadb_prop *prop; 6053 struct mbuf *m, *n; 6054 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop)); 6055 int totlen; 6056 6057 switch (saidx->proto) { 6058 case IPPROTO_ESP: 6059 m = key_getcomb_esp(); 6060 break; 6061 case IPPROTO_AH: 6062 m = key_getcomb_ah(); 6063 break; 6064 case IPPROTO_IPCOMP: 6065 m = key_getcomb_ipcomp(); 6066 break; 6067 default: 6068 return NULL; 6069 } 6070 6071 if (!m) 6072 return NULL; 6073 M_PREPEND(m, l, M_NOWAIT); 6074 if (!m) 6075 return NULL; 6076 6077 totlen = 0; 6078 for (n = m; n; n = n->m_next) 6079 totlen += n->m_len; 6080 6081 prop = mtod(m, struct sadb_prop *); 6082 bzero(prop, sizeof(*prop)); 6083 prop->sadb_prop_len = PFKEY_UNIT64(totlen); 6084 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 6085 prop->sadb_prop_replay = 32; /* XXX */ 6086 6087 return m; 6088 } 6089 6090 /* 6091 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2(). 6092 * send 6093 * <base, SA, address(SD), (address(P)), x_policy, 6094 * (identity(SD),) (sensitivity,) proposal> 6095 * to KMD, and expect to receive 6096 * <base> with SADB_ACQUIRE if error occured, 6097 * or 6098 * <base, src address, dst address, (SPI range)> with SADB_GETSPI 6099 * from KMD by PF_KEY. 6100 * 6101 * XXX x_policy is outside of RFC2367 (KAME extension). 6102 * XXX sensitivity is not supported. 6103 * XXX for ipcomp, RFC2367 does not define how to fill in proposal. 6104 * see comment for key_getcomb_ipcomp(). 6105 * 6106 * OUT: 6107 * 0 : succeed 6108 * others: error number 6109 */ 6110 static int 6111 key_acquire(const struct secasindex *saidx, struct secpolicy *sp) 6112 { 6113 union sockaddr_union addr; 6114 struct mbuf *result, *m; 6115 struct secacq *newacq; 6116 u_int32_t seq; 6117 int error; 6118 u_int16_t ul_proto; 6119 u_int8_t mask, satype; 6120 6121 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 6122 satype = key_proto2satype(saidx->proto); 6123 IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto)); 6124 6125 error = -1; 6126 result = NULL; 6127 ul_proto = IPSEC_ULPROTO_ANY; 6128 /* 6129 * We never do anything about acquirng SA. There is anather 6130 * solution that kernel blocks to send SADB_ACQUIRE message until 6131 * getting something message from IKEd. In later case, to be 6132 * managed with ACQUIRING list. 6133 */ 6134 /* Get an entry to check whether sending message or not. */ 6135 if ((newacq = key_getacq(saidx)) != NULL) { 6136 if (V_key_blockacq_count < newacq->count) { 6137 /* reset counter and do send message. */ 6138 newacq->count = 0; 6139 } else { 6140 /* increment counter and do nothing. */ 6141 newacq->count++; 6142 return 0; 6143 } 6144 } else { 6145 /* make new entry for blocking to send SADB_ACQUIRE. */ 6146 if ((newacq = key_newacq(saidx)) == NULL) 6147 return ENOBUFS; 6148 } 6149 6150 6151 seq = newacq->seq; 6152 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0); 6153 if (!m) { 6154 error = ENOBUFS; 6155 goto fail; 6156 } 6157 result = m; 6158 6159 /* 6160 * No SADB_X_EXT_NAT_T_* here: we do not know 6161 * anything related to NAT-T at this time. 6162 */ 6163 6164 /* 6165 * set sadb_address for saidx's. 6166 * 6167 * Note that if sp is supplied, then we're being called from 6168 * key_checkrequest and should supply port and protocol information. 6169 */ 6170 if (sp != NULL && (sp->spidx.ul_proto == IPPROTO_TCP || 6171 sp->spidx.ul_proto == IPPROTO_UDP)) 6172 ul_proto = sp->spidx.ul_proto; 6173 6174 addr = saidx->src; 6175 mask = FULLMASK; 6176 if (ul_proto != IPSEC_ULPROTO_ANY) { 6177 switch (sp->spidx.src.sa.sa_family) { 6178 case AF_INET: 6179 if (sp->spidx.src.sin.sin_port != IPSEC_PORT_ANY) { 6180 addr.sin.sin_port = sp->spidx.src.sin.sin_port; 6181 mask = sp->spidx.prefs; 6182 } 6183 break; 6184 case AF_INET6: 6185 if (sp->spidx.src.sin6.sin6_port != IPSEC_PORT_ANY) { 6186 addr.sin6.sin6_port = sp->spidx.src.sin6.sin6_port; 6187 mask = sp->spidx.prefs; 6188 } 6189 break; 6190 default: 6191 break; 6192 } 6193 } 6194 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &addr.sa, mask, ul_proto); 6195 if (!m) { 6196 error = ENOBUFS; 6197 goto fail; 6198 } 6199 m_cat(result, m); 6200 6201 addr = saidx->dst; 6202 mask = FULLMASK; 6203 if (ul_proto != IPSEC_ULPROTO_ANY) { 6204 switch (sp->spidx.dst.sa.sa_family) { 6205 case AF_INET: 6206 if (sp->spidx.dst.sin.sin_port != IPSEC_PORT_ANY) { 6207 addr.sin.sin_port = sp->spidx.dst.sin.sin_port; 6208 mask = sp->spidx.prefd; 6209 } 6210 break; 6211 case AF_INET6: 6212 if (sp->spidx.dst.sin6.sin6_port != IPSEC_PORT_ANY) { 6213 addr.sin6.sin6_port = sp->spidx.dst.sin6.sin6_port; 6214 mask = sp->spidx.prefd; 6215 } 6216 break; 6217 default: 6218 break; 6219 } 6220 } 6221 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &addr.sa, mask, ul_proto); 6222 if (!m) { 6223 error = ENOBUFS; 6224 goto fail; 6225 } 6226 m_cat(result, m); 6227 6228 /* XXX proxy address (optional) */ 6229 6230 /* set sadb_x_policy */ 6231 if (sp) { 6232 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, sp->priority); 6233 if (!m) { 6234 error = ENOBUFS; 6235 goto fail; 6236 } 6237 m_cat(result, m); 6238 } 6239 6240 /* XXX identity (optional) */ 6241 #if 0 6242 if (idexttype && fqdn) { 6243 /* create identity extension (FQDN) */ 6244 struct sadb_ident *id; 6245 int fqdnlen; 6246 6247 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */ 6248 id = (struct sadb_ident *)p; 6249 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6250 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6251 id->sadb_ident_exttype = idexttype; 6252 id->sadb_ident_type = SADB_IDENTTYPE_FQDN; 6253 bcopy(fqdn, id + 1, fqdnlen); 6254 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen); 6255 } 6256 6257 if (idexttype) { 6258 /* create identity extension (USERFQDN) */ 6259 struct sadb_ident *id; 6260 int userfqdnlen; 6261 6262 if (userfqdn) { 6263 /* +1 for terminating-NUL */ 6264 userfqdnlen = strlen(userfqdn) + 1; 6265 } else 6266 userfqdnlen = 0; 6267 id = (struct sadb_ident *)p; 6268 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6269 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6270 id->sadb_ident_exttype = idexttype; 6271 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; 6272 /* XXX is it correct? */ 6273 if (curproc && curproc->p_cred) 6274 id->sadb_ident_id = curproc->p_cred->p_ruid; 6275 if (userfqdn && userfqdnlen) 6276 bcopy(userfqdn, id + 1, userfqdnlen); 6277 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen); 6278 } 6279 #endif 6280 6281 /* XXX sensitivity (optional) */ 6282 6283 /* create proposal/combination extension */ 6284 m = key_getprop(saidx); 6285 #if 0 6286 /* 6287 * spec conformant: always attach proposal/combination extension, 6288 * the problem is that we have no way to attach it for ipcomp, 6289 * due to the way sadb_comb is declared in RFC2367. 6290 */ 6291 if (!m) { 6292 error = ENOBUFS; 6293 goto fail; 6294 } 6295 m_cat(result, m); 6296 #else 6297 /* 6298 * outside of spec; make proposal/combination extension optional. 6299 */ 6300 if (m) 6301 m_cat(result, m); 6302 #endif 6303 6304 if ((result->m_flags & M_PKTHDR) == 0) { 6305 error = EINVAL; 6306 goto fail; 6307 } 6308 6309 if (result->m_len < sizeof(struct sadb_msg)) { 6310 result = m_pullup(result, sizeof(struct sadb_msg)); 6311 if (result == NULL) { 6312 error = ENOBUFS; 6313 goto fail; 6314 } 6315 } 6316 6317 result->m_pkthdr.len = 0; 6318 for (m = result; m; m = m->m_next) 6319 result->m_pkthdr.len += m->m_len; 6320 6321 mtod(result, struct sadb_msg *)->sadb_msg_len = 6322 PFKEY_UNIT64(result->m_pkthdr.len); 6323 6324 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 6325 6326 fail: 6327 if (result) 6328 m_freem(result); 6329 return error; 6330 } 6331 6332 static struct secacq * 6333 key_newacq(const struct secasindex *saidx) 6334 { 6335 struct secacq *newacq; 6336 6337 /* get new entry */ 6338 newacq = malloc(sizeof(struct secacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO); 6339 if (newacq == NULL) { 6340 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6341 return NULL; 6342 } 6343 6344 /* copy secindex */ 6345 bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx)); 6346 newacq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq); 6347 newacq->created = time_second; 6348 newacq->count = 0; 6349 6350 /* add to acqtree */ 6351 ACQ_LOCK(); 6352 LIST_INSERT_HEAD(&V_acqtree, newacq, chain); 6353 ACQ_UNLOCK(); 6354 6355 return newacq; 6356 } 6357 6358 static struct secacq * 6359 key_getacq(const struct secasindex *saidx) 6360 { 6361 struct secacq *acq; 6362 6363 ACQ_LOCK(); 6364 LIST_FOREACH(acq, &V_acqtree, chain) { 6365 if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY)) 6366 break; 6367 } 6368 ACQ_UNLOCK(); 6369 6370 return acq; 6371 } 6372 6373 static struct secacq * 6374 key_getacqbyseq(u_int32_t seq) 6375 { 6376 struct secacq *acq; 6377 6378 ACQ_LOCK(); 6379 LIST_FOREACH(acq, &V_acqtree, chain) { 6380 if (acq->seq == seq) 6381 break; 6382 } 6383 ACQ_UNLOCK(); 6384 6385 return acq; 6386 } 6387 6388 static struct secspacq * 6389 key_newspacq(struct secpolicyindex *spidx) 6390 { 6391 struct secspacq *acq; 6392 6393 /* get new entry */ 6394 acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO); 6395 if (acq == NULL) { 6396 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6397 return NULL; 6398 } 6399 6400 /* copy secindex */ 6401 bcopy(spidx, &acq->spidx, sizeof(acq->spidx)); 6402 acq->created = time_second; 6403 acq->count = 0; 6404 6405 /* add to spacqtree */ 6406 SPACQ_LOCK(); 6407 LIST_INSERT_HEAD(&V_spacqtree, acq, chain); 6408 SPACQ_UNLOCK(); 6409 6410 return acq; 6411 } 6412 6413 static struct secspacq * 6414 key_getspacq(struct secpolicyindex *spidx) 6415 { 6416 struct secspacq *acq; 6417 6418 SPACQ_LOCK(); 6419 LIST_FOREACH(acq, &V_spacqtree, chain) { 6420 if (key_cmpspidx_exactly(spidx, &acq->spidx)) { 6421 /* NB: return holding spacq_lock */ 6422 return acq; 6423 } 6424 } 6425 SPACQ_UNLOCK(); 6426 6427 return NULL; 6428 } 6429 6430 /* 6431 * SADB_ACQUIRE processing, 6432 * in first situation, is receiving 6433 * <base> 6434 * from the ikmpd, and clear sequence of its secasvar entry. 6435 * 6436 * In second situation, is receiving 6437 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6438 * from a user land process, and return 6439 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6440 * to the socket. 6441 * 6442 * m will always be freed. 6443 */ 6444 static int 6445 key_acquire2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6446 { 6447 const struct sadb_address *src0, *dst0; 6448 struct secasindex saidx; 6449 struct secashead *sah; 6450 u_int16_t proto; 6451 int error; 6452 6453 IPSEC_ASSERT(so != NULL, ("null socket")); 6454 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6455 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6456 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6457 6458 /* 6459 * Error message from KMd. 6460 * We assume that if error was occured in IKEd, the length of PFKEY 6461 * message is equal to the size of sadb_msg structure. 6462 * We do not raise error even if error occured in this function. 6463 */ 6464 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) { 6465 struct secacq *acq; 6466 6467 /* check sequence number */ 6468 if (mhp->msg->sadb_msg_seq == 0) { 6469 ipseclog((LOG_DEBUG, "%s: must specify sequence " 6470 "number.\n", __func__)); 6471 m_freem(m); 6472 return 0; 6473 } 6474 6475 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) { 6476 /* 6477 * the specified larval SA is already gone, or we got 6478 * a bogus sequence number. we can silently ignore it. 6479 */ 6480 m_freem(m); 6481 return 0; 6482 } 6483 6484 /* reset acq counter in order to deletion by timehander. */ 6485 acq->created = time_second; 6486 acq->count = 0; 6487 m_freem(m); 6488 return 0; 6489 } 6490 6491 /* 6492 * This message is from user land. 6493 */ 6494 6495 /* map satype to proto */ 6496 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6497 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6498 __func__)); 6499 return key_senderror(so, m, EINVAL); 6500 } 6501 6502 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 6503 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 6504 mhp->ext[SADB_EXT_PROPOSAL] == NULL) { 6505 /* error */ 6506 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 6507 __func__)); 6508 return key_senderror(so, m, EINVAL); 6509 } 6510 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 6511 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || 6512 mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) { 6513 /* error */ 6514 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 6515 __func__)); 6516 return key_senderror(so, m, EINVAL); 6517 } 6518 6519 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 6520 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 6521 6522 /* XXX boundary check against sa_len */ 6523 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6524 6525 /* 6526 * Make sure the port numbers are zero. 6527 * In case of NAT-T we will update them later if needed. 6528 */ 6529 KEY_PORTTOSADDR(&saidx.src, 0); 6530 KEY_PORTTOSADDR(&saidx.dst, 0); 6531 6532 #ifndef IPSEC_NAT_T 6533 /* 6534 * Handle NAT-T info if present. 6535 */ 6536 6537 if (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL && 6538 mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL) { 6539 struct sadb_x_nat_t_port *sport, *dport; 6540 6541 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport) || 6542 mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) { 6543 ipseclog((LOG_DEBUG, "%s: invalid message.\n", 6544 __func__)); 6545 return key_senderror(so, m, EINVAL); 6546 } 6547 6548 sport = (struct sadb_x_nat_t_port *) 6549 mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 6550 dport = (struct sadb_x_nat_t_port *) 6551 mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 6552 6553 if (sport) 6554 KEY_PORTTOSADDR(&saidx.src, 6555 sport->sadb_x_nat_t_port_port); 6556 if (dport) 6557 KEY_PORTTOSADDR(&saidx.dst, 6558 dport->sadb_x_nat_t_port_port); 6559 } 6560 #endif 6561 6562 /* get a SA index */ 6563 SAHTREE_LOCK(); 6564 LIST_FOREACH(sah, &V_sahtree, chain) { 6565 if (sah->state == SADB_SASTATE_DEAD) 6566 continue; 6567 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID)) 6568 break; 6569 } 6570 SAHTREE_UNLOCK(); 6571 if (sah != NULL) { 6572 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__)); 6573 return key_senderror(so, m, EEXIST); 6574 } 6575 6576 error = key_acquire(&saidx, NULL); 6577 if (error != 0) { 6578 ipseclog((LOG_DEBUG, "%s: error %d returned from key_acquire\n", 6579 __func__, mhp->msg->sadb_msg_errno)); 6580 return key_senderror(so, m, error); 6581 } 6582 6583 return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED); 6584 } 6585 6586 /* 6587 * SADB_REGISTER processing. 6588 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported. 6589 * receive 6590 * <base> 6591 * from the ikmpd, and register a socket to send PF_KEY messages, 6592 * and send 6593 * <base, supported> 6594 * to KMD by PF_KEY. 6595 * If socket is detached, must free from regnode. 6596 * 6597 * m will always be freed. 6598 */ 6599 static int 6600 key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6601 { 6602 struct secreg *reg, *newreg = NULL; 6603 6604 IPSEC_ASSERT(so != NULL, ("null socket")); 6605 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6606 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6607 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6608 6609 /* check for invalid register message */ 6610 if (mhp->msg->sadb_msg_satype >= sizeof(V_regtree)/sizeof(V_regtree[0])) 6611 return key_senderror(so, m, EINVAL); 6612 6613 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */ 6614 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 6615 goto setmsg; 6616 6617 /* check whether existing or not */ 6618 REGTREE_LOCK(); 6619 LIST_FOREACH(reg, &V_regtree[mhp->msg->sadb_msg_satype], chain) { 6620 if (reg->so == so) { 6621 REGTREE_UNLOCK(); 6622 ipseclog((LOG_DEBUG, "%s: socket exists already.\n", 6623 __func__)); 6624 return key_senderror(so, m, EEXIST); 6625 } 6626 } 6627 6628 /* create regnode */ 6629 newreg = malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO); 6630 if (newreg == NULL) { 6631 REGTREE_UNLOCK(); 6632 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6633 return key_senderror(so, m, ENOBUFS); 6634 } 6635 6636 newreg->so = so; 6637 ((struct keycb *)sotorawcb(so))->kp_registered++; 6638 6639 /* add regnode to regtree. */ 6640 LIST_INSERT_HEAD(&V_regtree[mhp->msg->sadb_msg_satype], newreg, chain); 6641 REGTREE_UNLOCK(); 6642 6643 setmsg: 6644 { 6645 struct mbuf *n; 6646 struct sadb_msg *newmsg; 6647 struct sadb_supported *sup; 6648 u_int len, alen, elen; 6649 int off; 6650 int i; 6651 struct sadb_alg *alg; 6652 6653 /* create new sadb_msg to reply. */ 6654 alen = 0; 6655 for (i = 1; i <= SADB_AALG_MAX; i++) { 6656 if (ah_algorithm_lookup(i)) 6657 alen += sizeof(struct sadb_alg); 6658 } 6659 if (alen) 6660 alen += sizeof(struct sadb_supported); 6661 elen = 0; 6662 for (i = 1; i <= SADB_EALG_MAX; i++) { 6663 if (esp_algorithm_lookup(i)) 6664 elen += sizeof(struct sadb_alg); 6665 } 6666 if (elen) 6667 elen += sizeof(struct sadb_supported); 6668 6669 len = sizeof(struct sadb_msg) + alen + elen; 6670 6671 if (len > MCLBYTES) 6672 return key_senderror(so, m, ENOBUFS); 6673 6674 MGETHDR(n, M_NOWAIT, MT_DATA); 6675 if (len > MHLEN) { 6676 if (!(MCLGET(n, M_NOWAIT))) { 6677 m_freem(n); 6678 n = NULL; 6679 } 6680 } 6681 if (!n) 6682 return key_senderror(so, m, ENOBUFS); 6683 6684 n->m_pkthdr.len = n->m_len = len; 6685 n->m_next = NULL; 6686 off = 0; 6687 6688 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 6689 newmsg = mtod(n, struct sadb_msg *); 6690 newmsg->sadb_msg_errno = 0; 6691 newmsg->sadb_msg_len = PFKEY_UNIT64(len); 6692 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 6693 6694 /* for authentication algorithm */ 6695 if (alen) { 6696 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 6697 sup->sadb_supported_len = PFKEY_UNIT64(alen); 6698 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 6699 off += PFKEY_ALIGN8(sizeof(*sup)); 6700 6701 for (i = 1; i <= SADB_AALG_MAX; i++) { 6702 struct auth_hash *aalgo; 6703 u_int16_t minkeysize, maxkeysize; 6704 6705 aalgo = ah_algorithm_lookup(i); 6706 if (!aalgo) 6707 continue; 6708 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 6709 alg->sadb_alg_id = i; 6710 alg->sadb_alg_ivlen = 0; 6711 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize); 6712 alg->sadb_alg_minbits = _BITS(minkeysize); 6713 alg->sadb_alg_maxbits = _BITS(maxkeysize); 6714 off += PFKEY_ALIGN8(sizeof(*alg)); 6715 } 6716 } 6717 6718 /* for encryption algorithm */ 6719 if (elen) { 6720 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 6721 sup->sadb_supported_len = PFKEY_UNIT64(elen); 6722 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 6723 off += PFKEY_ALIGN8(sizeof(*sup)); 6724 6725 for (i = 1; i <= SADB_EALG_MAX; i++) { 6726 struct enc_xform *ealgo; 6727 6728 ealgo = esp_algorithm_lookup(i); 6729 if (!ealgo) 6730 continue; 6731 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 6732 alg->sadb_alg_id = i; 6733 alg->sadb_alg_ivlen = ealgo->ivsize; 6734 alg->sadb_alg_minbits = _BITS(ealgo->minkey); 6735 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey); 6736 off += PFKEY_ALIGN8(sizeof(struct sadb_alg)); 6737 } 6738 } 6739 6740 IPSEC_ASSERT(off == len, 6741 ("length assumption failed (off %u len %u)", off, len)); 6742 6743 m_freem(m); 6744 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); 6745 } 6746 } 6747 6748 /* 6749 * free secreg entry registered. 6750 * XXX: I want to do free a socket marked done SADB_RESIGER to socket. 6751 */ 6752 void 6753 key_freereg(struct socket *so) 6754 { 6755 struct secreg *reg; 6756 int i; 6757 6758 IPSEC_ASSERT(so != NULL, ("NULL so")); 6759 6760 /* 6761 * check whether existing or not. 6762 * check all type of SA, because there is a potential that 6763 * one socket is registered to multiple type of SA. 6764 */ 6765 REGTREE_LOCK(); 6766 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 6767 LIST_FOREACH(reg, &V_regtree[i], chain) { 6768 if (reg->so == so && __LIST_CHAINED(reg)) { 6769 LIST_REMOVE(reg, chain); 6770 free(reg, M_IPSEC_SAR); 6771 break; 6772 } 6773 } 6774 } 6775 REGTREE_UNLOCK(); 6776 } 6777 6778 /* 6779 * SADB_EXPIRE processing 6780 * send 6781 * <base, SA, SA2, lifetime(C and one of HS), address(SD)> 6782 * to KMD by PF_KEY. 6783 * NOTE: We send only soft lifetime extension. 6784 * 6785 * OUT: 0 : succeed 6786 * others : error number 6787 */ 6788 static int 6789 key_expire(struct secasvar *sav, int hard) 6790 { 6791 int satype; 6792 struct mbuf *result = NULL, *m; 6793 int len; 6794 int error = -1; 6795 struct sadb_lifetime *lt; 6796 6797 IPSEC_ASSERT (sav != NULL, ("null sav")); 6798 IPSEC_ASSERT (sav->sah != NULL, ("null sa header")); 6799 6800 /* set msg header */ 6801 satype = key_proto2satype(sav->sah->saidx.proto); 6802 IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype)); 6803 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); 6804 if (!m) { 6805 error = ENOBUFS; 6806 goto fail; 6807 } 6808 result = m; 6809 6810 /* create SA extension */ 6811 m = key_setsadbsa(sav); 6812 if (!m) { 6813 error = ENOBUFS; 6814 goto fail; 6815 } 6816 m_cat(result, m); 6817 6818 /* create SA extension */ 6819 m = key_setsadbxsa2(sav->sah->saidx.mode, 6820 sav->replay ? sav->replay->count : 0, 6821 sav->sah->saidx.reqid); 6822 if (!m) { 6823 error = ENOBUFS; 6824 goto fail; 6825 } 6826 m_cat(result, m); 6827 6828 /* create lifetime extension (current and soft) */ 6829 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 6830 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 6831 if (m == NULL) { 6832 error = ENOBUFS; 6833 goto fail; 6834 } 6835 m_align(m, len); 6836 m->m_len = len; 6837 bzero(mtod(m, caddr_t), len); 6838 lt = mtod(m, struct sadb_lifetime *); 6839 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 6840 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 6841 lt->sadb_lifetime_allocations = sav->lft_c->allocations; 6842 lt->sadb_lifetime_bytes = sav->lft_c->bytes; 6843 lt->sadb_lifetime_addtime = sav->lft_c->addtime; 6844 lt->sadb_lifetime_usetime = sav->lft_c->usetime; 6845 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 6846 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 6847 if (hard) { 6848 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 6849 lt->sadb_lifetime_allocations = sav->lft_h->allocations; 6850 lt->sadb_lifetime_bytes = sav->lft_h->bytes; 6851 lt->sadb_lifetime_addtime = sav->lft_h->addtime; 6852 lt->sadb_lifetime_usetime = sav->lft_h->usetime; 6853 } else { 6854 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 6855 lt->sadb_lifetime_allocations = sav->lft_s->allocations; 6856 lt->sadb_lifetime_bytes = sav->lft_s->bytes; 6857 lt->sadb_lifetime_addtime = sav->lft_s->addtime; 6858 lt->sadb_lifetime_usetime = sav->lft_s->usetime; 6859 } 6860 m_cat(result, m); 6861 6862 /* set sadb_address for source */ 6863 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 6864 &sav->sah->saidx.src.sa, 6865 FULLMASK, IPSEC_ULPROTO_ANY); 6866 if (!m) { 6867 error = ENOBUFS; 6868 goto fail; 6869 } 6870 m_cat(result, m); 6871 6872 /* set sadb_address for destination */ 6873 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 6874 &sav->sah->saidx.dst.sa, 6875 FULLMASK, IPSEC_ULPROTO_ANY); 6876 if (!m) { 6877 error = ENOBUFS; 6878 goto fail; 6879 } 6880 m_cat(result, m); 6881 6882 /* 6883 * XXX-BZ Handle NAT-T extensions here. 6884 */ 6885 6886 if ((result->m_flags & M_PKTHDR) == 0) { 6887 error = EINVAL; 6888 goto fail; 6889 } 6890 6891 if (result->m_len < sizeof(struct sadb_msg)) { 6892 result = m_pullup(result, sizeof(struct sadb_msg)); 6893 if (result == NULL) { 6894 error = ENOBUFS; 6895 goto fail; 6896 } 6897 } 6898 6899 result->m_pkthdr.len = 0; 6900 for (m = result; m; m = m->m_next) 6901 result->m_pkthdr.len += m->m_len; 6902 6903 mtod(result, struct sadb_msg *)->sadb_msg_len = 6904 PFKEY_UNIT64(result->m_pkthdr.len); 6905 6906 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 6907 6908 fail: 6909 if (result) 6910 m_freem(result); 6911 return error; 6912 } 6913 6914 /* 6915 * SADB_FLUSH processing 6916 * receive 6917 * <base> 6918 * from the ikmpd, and free all entries in secastree. 6919 * and send, 6920 * <base> 6921 * to the ikmpd. 6922 * NOTE: to do is only marking SADB_SASTATE_DEAD. 6923 * 6924 * m will always be freed. 6925 */ 6926 static int 6927 key_flush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6928 { 6929 struct sadb_msg *newmsg; 6930 struct secashead *sah, *nextsah; 6931 struct secasvar *sav, *nextsav; 6932 u_int16_t proto; 6933 u_int8_t state; 6934 u_int stateidx; 6935 6936 IPSEC_ASSERT(so != NULL, ("null socket")); 6937 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6938 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6939 6940 /* map satype to proto */ 6941 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6942 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6943 __func__)); 6944 return key_senderror(so, m, EINVAL); 6945 } 6946 6947 /* no SATYPE specified, i.e. flushing all SA. */ 6948 SAHTREE_LOCK(); 6949 for (sah = LIST_FIRST(&V_sahtree); 6950 sah != NULL; 6951 sah = nextsah) { 6952 nextsah = LIST_NEXT(sah, chain); 6953 6954 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC 6955 && proto != sah->saidx.proto) 6956 continue; 6957 6958 for (stateidx = 0; 6959 stateidx < _ARRAYLEN(saorder_state_alive); 6960 stateidx++) { 6961 state = saorder_state_any[stateidx]; 6962 for (sav = LIST_FIRST(&sah->savtree[state]); 6963 sav != NULL; 6964 sav = nextsav) { 6965 6966 nextsav = LIST_NEXT(sav, chain); 6967 6968 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 6969 KEY_FREESAV(&sav); 6970 } 6971 } 6972 6973 sah->state = SADB_SASTATE_DEAD; 6974 } 6975 SAHTREE_UNLOCK(); 6976 6977 if (m->m_len < sizeof(struct sadb_msg) || 6978 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 6979 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6980 return key_senderror(so, m, ENOBUFS); 6981 } 6982 6983 if (m->m_next) 6984 m_freem(m->m_next); 6985 m->m_next = NULL; 6986 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg); 6987 newmsg = mtod(m, struct sadb_msg *); 6988 newmsg->sadb_msg_errno = 0; 6989 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 6990 6991 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 6992 } 6993 6994 /* 6995 * SADB_DUMP processing 6996 * dump all entries including status of DEAD in SAD. 6997 * receive 6998 * <base> 6999 * from the ikmpd, and dump all secasvar leaves 7000 * and send, 7001 * <base> ..... 7002 * to the ikmpd. 7003 * 7004 * m will always be freed. 7005 */ 7006 static int 7007 key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7008 { 7009 struct secashead *sah; 7010 struct secasvar *sav; 7011 u_int16_t proto; 7012 u_int stateidx; 7013 u_int8_t satype; 7014 u_int8_t state; 7015 int cnt; 7016 struct sadb_msg *newmsg; 7017 struct mbuf *n; 7018 7019 IPSEC_ASSERT(so != NULL, ("null socket")); 7020 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7021 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7022 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7023 7024 /* map satype to proto */ 7025 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7026 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7027 __func__)); 7028 return key_senderror(so, m, EINVAL); 7029 } 7030 7031 /* count sav entries to be sent to the userland. */ 7032 cnt = 0; 7033 SAHTREE_LOCK(); 7034 LIST_FOREACH(sah, &V_sahtree, chain) { 7035 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC 7036 && proto != sah->saidx.proto) 7037 continue; 7038 7039 for (stateidx = 0; 7040 stateidx < _ARRAYLEN(saorder_state_any); 7041 stateidx++) { 7042 state = saorder_state_any[stateidx]; 7043 LIST_FOREACH(sav, &sah->savtree[state], chain) { 7044 cnt++; 7045 } 7046 } 7047 } 7048 7049 if (cnt == 0) { 7050 SAHTREE_UNLOCK(); 7051 return key_senderror(so, m, ENOENT); 7052 } 7053 7054 /* send this to the userland, one at a time. */ 7055 newmsg = NULL; 7056 LIST_FOREACH(sah, &V_sahtree, chain) { 7057 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC 7058 && proto != sah->saidx.proto) 7059 continue; 7060 7061 /* map proto to satype */ 7062 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 7063 SAHTREE_UNLOCK(); 7064 ipseclog((LOG_DEBUG, "%s: there was invalid proto in " 7065 "SAD.\n", __func__)); 7066 return key_senderror(so, m, EINVAL); 7067 } 7068 7069 for (stateidx = 0; 7070 stateidx < _ARRAYLEN(saorder_state_any); 7071 stateidx++) { 7072 state = saorder_state_any[stateidx]; 7073 LIST_FOREACH(sav, &sah->savtree[state], chain) { 7074 n = key_setdumpsa(sav, SADB_DUMP, satype, 7075 --cnt, mhp->msg->sadb_msg_pid); 7076 if (!n) { 7077 SAHTREE_UNLOCK(); 7078 return key_senderror(so, m, ENOBUFS); 7079 } 7080 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7081 } 7082 } 7083 } 7084 SAHTREE_UNLOCK(); 7085 7086 m_freem(m); 7087 return 0; 7088 } 7089 7090 /* 7091 * SADB_X_PROMISC processing 7092 * 7093 * m will always be freed. 7094 */ 7095 static int 7096 key_promisc(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7097 { 7098 int olen; 7099 7100 IPSEC_ASSERT(so != NULL, ("null socket")); 7101 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7102 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7103 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7104 7105 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7106 7107 if (olen < sizeof(struct sadb_msg)) { 7108 #if 1 7109 return key_senderror(so, m, EINVAL); 7110 #else 7111 m_freem(m); 7112 return 0; 7113 #endif 7114 } else if (olen == sizeof(struct sadb_msg)) { 7115 /* enable/disable promisc mode */ 7116 struct keycb *kp; 7117 7118 if ((kp = (struct keycb *)sotorawcb(so)) == NULL) 7119 return key_senderror(so, m, EINVAL); 7120 mhp->msg->sadb_msg_errno = 0; 7121 switch (mhp->msg->sadb_msg_satype) { 7122 case 0: 7123 case 1: 7124 kp->kp_promisc = mhp->msg->sadb_msg_satype; 7125 break; 7126 default: 7127 return key_senderror(so, m, EINVAL); 7128 } 7129 7130 /* send the original message back to everyone */ 7131 mhp->msg->sadb_msg_errno = 0; 7132 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7133 } else { 7134 /* send packet as is */ 7135 7136 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg))); 7137 7138 /* TODO: if sadb_msg_seq is specified, send to specific pid */ 7139 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7140 } 7141 } 7142 7143 static int (*key_typesw[])(struct socket *, struct mbuf *, 7144 const struct sadb_msghdr *) = { 7145 NULL, /* SADB_RESERVED */ 7146 key_getspi, /* SADB_GETSPI */ 7147 key_update, /* SADB_UPDATE */ 7148 key_add, /* SADB_ADD */ 7149 key_delete, /* SADB_DELETE */ 7150 key_get, /* SADB_GET */ 7151 key_acquire2, /* SADB_ACQUIRE */ 7152 key_register, /* SADB_REGISTER */ 7153 NULL, /* SADB_EXPIRE */ 7154 key_flush, /* SADB_FLUSH */ 7155 key_dump, /* SADB_DUMP */ 7156 key_promisc, /* SADB_X_PROMISC */ 7157 NULL, /* SADB_X_PCHANGE */ 7158 key_spdadd, /* SADB_X_SPDUPDATE */ 7159 key_spdadd, /* SADB_X_SPDADD */ 7160 key_spddelete, /* SADB_X_SPDDELETE */ 7161 key_spdget, /* SADB_X_SPDGET */ 7162 NULL, /* SADB_X_SPDACQUIRE */ 7163 key_spddump, /* SADB_X_SPDDUMP */ 7164 key_spdflush, /* SADB_X_SPDFLUSH */ 7165 key_spdadd, /* SADB_X_SPDSETIDX */ 7166 NULL, /* SADB_X_SPDEXPIRE */ 7167 key_spddelete2, /* SADB_X_SPDDELETE2 */ 7168 }; 7169 7170 /* 7171 * parse sadb_msg buffer to process PFKEYv2, 7172 * and create a data to response if needed. 7173 * I think to be dealed with mbuf directly. 7174 * IN: 7175 * msgp : pointer to pointer to a received buffer pulluped. 7176 * This is rewrited to response. 7177 * so : pointer to socket. 7178 * OUT: 7179 * length for buffer to send to user process. 7180 */ 7181 int 7182 key_parse(struct mbuf *m, struct socket *so) 7183 { 7184 struct sadb_msg *msg; 7185 struct sadb_msghdr mh; 7186 u_int orglen; 7187 int error; 7188 int target; 7189 7190 IPSEC_ASSERT(so != NULL, ("null socket")); 7191 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7192 7193 #if 0 /*kdebug_sadb assumes msg in linear buffer*/ 7194 KEYDEBUG(KEYDEBUG_KEY_DUMP, 7195 ipseclog((LOG_DEBUG, "%s: passed sadb_msg\n", __func__)); 7196 kdebug_sadb(msg)); 7197 #endif 7198 7199 if (m->m_len < sizeof(struct sadb_msg)) { 7200 m = m_pullup(m, sizeof(struct sadb_msg)); 7201 if (!m) 7202 return ENOBUFS; 7203 } 7204 msg = mtod(m, struct sadb_msg *); 7205 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); 7206 target = KEY_SENDUP_ONE; 7207 7208 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != orglen) { 7209 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); 7210 PFKEYSTAT_INC(out_invlen); 7211 error = EINVAL; 7212 goto senderror; 7213 } 7214 7215 if (msg->sadb_msg_version != PF_KEY_V2) { 7216 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n", 7217 __func__, msg->sadb_msg_version)); 7218 PFKEYSTAT_INC(out_invver); 7219 error = EINVAL; 7220 goto senderror; 7221 } 7222 7223 if (msg->sadb_msg_type > SADB_MAX) { 7224 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7225 __func__, msg->sadb_msg_type)); 7226 PFKEYSTAT_INC(out_invmsgtype); 7227 error = EINVAL; 7228 goto senderror; 7229 } 7230 7231 /* for old-fashioned code - should be nuked */ 7232 if (m->m_pkthdr.len > MCLBYTES) { 7233 m_freem(m); 7234 return ENOBUFS; 7235 } 7236 if (m->m_next) { 7237 struct mbuf *n; 7238 7239 MGETHDR(n, M_NOWAIT, MT_DATA); 7240 if (n && m->m_pkthdr.len > MHLEN) { 7241 if (!(MCLGET(n, M_NOWAIT))) { 7242 m_free(n); 7243 n = NULL; 7244 } 7245 } 7246 if (!n) { 7247 m_freem(m); 7248 return ENOBUFS; 7249 } 7250 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t)); 7251 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len; 7252 n->m_next = NULL; 7253 m_freem(m); 7254 m = n; 7255 } 7256 7257 /* align the mbuf chain so that extensions are in contiguous region. */ 7258 error = key_align(m, &mh); 7259 if (error) 7260 return error; 7261 7262 msg = mh.msg; 7263 7264 /* check SA type */ 7265 switch (msg->sadb_msg_satype) { 7266 case SADB_SATYPE_UNSPEC: 7267 switch (msg->sadb_msg_type) { 7268 case SADB_GETSPI: 7269 case SADB_UPDATE: 7270 case SADB_ADD: 7271 case SADB_DELETE: 7272 case SADB_GET: 7273 case SADB_ACQUIRE: 7274 case SADB_EXPIRE: 7275 ipseclog((LOG_DEBUG, "%s: must specify satype " 7276 "when msg type=%u.\n", __func__, 7277 msg->sadb_msg_type)); 7278 PFKEYSTAT_INC(out_invsatype); 7279 error = EINVAL; 7280 goto senderror; 7281 } 7282 break; 7283 case SADB_SATYPE_AH: 7284 case SADB_SATYPE_ESP: 7285 case SADB_X_SATYPE_IPCOMP: 7286 case SADB_X_SATYPE_TCPSIGNATURE: 7287 switch (msg->sadb_msg_type) { 7288 case SADB_X_SPDADD: 7289 case SADB_X_SPDDELETE: 7290 case SADB_X_SPDGET: 7291 case SADB_X_SPDDUMP: 7292 case SADB_X_SPDFLUSH: 7293 case SADB_X_SPDSETIDX: 7294 case SADB_X_SPDUPDATE: 7295 case SADB_X_SPDDELETE2: 7296 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7297 __func__, msg->sadb_msg_type)); 7298 PFKEYSTAT_INC(out_invsatype); 7299 error = EINVAL; 7300 goto senderror; 7301 } 7302 break; 7303 case SADB_SATYPE_RSVP: 7304 case SADB_SATYPE_OSPFV2: 7305 case SADB_SATYPE_RIPV2: 7306 case SADB_SATYPE_MIP: 7307 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n", 7308 __func__, msg->sadb_msg_satype)); 7309 PFKEYSTAT_INC(out_invsatype); 7310 error = EOPNOTSUPP; 7311 goto senderror; 7312 case 1: /* XXX: What does it do? */ 7313 if (msg->sadb_msg_type == SADB_X_PROMISC) 7314 break; 7315 /*FALLTHROUGH*/ 7316 default: 7317 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7318 __func__, msg->sadb_msg_satype)); 7319 PFKEYSTAT_INC(out_invsatype); 7320 error = EINVAL; 7321 goto senderror; 7322 } 7323 7324 /* check field of upper layer protocol and address family */ 7325 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL 7326 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) { 7327 struct sadb_address *src0, *dst0; 7328 u_int plen; 7329 7330 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]); 7331 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]); 7332 7333 /* check upper layer protocol */ 7334 if (src0->sadb_address_proto != dst0->sadb_address_proto) { 7335 ipseclog((LOG_DEBUG, "%s: upper layer protocol " 7336 "mismatched.\n", __func__)); 7337 PFKEYSTAT_INC(out_invaddr); 7338 error = EINVAL; 7339 goto senderror; 7340 } 7341 7342 /* check family */ 7343 if (PFKEY_ADDR_SADDR(src0)->sa_family != 7344 PFKEY_ADDR_SADDR(dst0)->sa_family) { 7345 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", 7346 __func__)); 7347 PFKEYSTAT_INC(out_invaddr); 7348 error = EINVAL; 7349 goto senderror; 7350 } 7351 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7352 PFKEY_ADDR_SADDR(dst0)->sa_len) { 7353 ipseclog((LOG_DEBUG, "%s: address struct size " 7354 "mismatched.\n", __func__)); 7355 PFKEYSTAT_INC(out_invaddr); 7356 error = EINVAL; 7357 goto senderror; 7358 } 7359 7360 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7361 case AF_INET: 7362 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7363 sizeof(struct sockaddr_in)) { 7364 PFKEYSTAT_INC(out_invaddr); 7365 error = EINVAL; 7366 goto senderror; 7367 } 7368 break; 7369 case AF_INET6: 7370 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7371 sizeof(struct sockaddr_in6)) { 7372 PFKEYSTAT_INC(out_invaddr); 7373 error = EINVAL; 7374 goto senderror; 7375 } 7376 break; 7377 default: 7378 ipseclog((LOG_DEBUG, "%s: unsupported address family\n", 7379 __func__)); 7380 PFKEYSTAT_INC(out_invaddr); 7381 error = EAFNOSUPPORT; 7382 goto senderror; 7383 } 7384 7385 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7386 case AF_INET: 7387 plen = sizeof(struct in_addr) << 3; 7388 break; 7389 case AF_INET6: 7390 plen = sizeof(struct in6_addr) << 3; 7391 break; 7392 default: 7393 plen = 0; /*fool gcc*/ 7394 break; 7395 } 7396 7397 /* check max prefix length */ 7398 if (src0->sadb_address_prefixlen > plen || 7399 dst0->sadb_address_prefixlen > plen) { 7400 ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n", 7401 __func__)); 7402 PFKEYSTAT_INC(out_invaddr); 7403 error = EINVAL; 7404 goto senderror; 7405 } 7406 7407 /* 7408 * prefixlen == 0 is valid because there can be a case when 7409 * all addresses are matched. 7410 */ 7411 } 7412 7413 if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) || 7414 key_typesw[msg->sadb_msg_type] == NULL) { 7415 PFKEYSTAT_INC(out_invmsgtype); 7416 error = EINVAL; 7417 goto senderror; 7418 } 7419 7420 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh); 7421 7422 senderror: 7423 msg->sadb_msg_errno = error; 7424 return key_sendup_mbuf(so, m, target); 7425 } 7426 7427 static int 7428 key_senderror(struct socket *so, struct mbuf *m, int code) 7429 { 7430 struct sadb_msg *msg; 7431 7432 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 7433 ("mbuf too small, len %u", m->m_len)); 7434 7435 msg = mtod(m, struct sadb_msg *); 7436 msg->sadb_msg_errno = code; 7437 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 7438 } 7439 7440 /* 7441 * set the pointer to each header into message buffer. 7442 * m will be freed on error. 7443 * XXX larger-than-MCLBYTES extension? 7444 */ 7445 static int 7446 key_align(struct mbuf *m, struct sadb_msghdr *mhp) 7447 { 7448 struct mbuf *n; 7449 struct sadb_ext *ext; 7450 size_t off, end; 7451 int extlen; 7452 int toff; 7453 7454 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7455 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7456 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 7457 ("mbuf too small, len %u", m->m_len)); 7458 7459 /* initialize */ 7460 bzero(mhp, sizeof(*mhp)); 7461 7462 mhp->msg = mtod(m, struct sadb_msg *); 7463 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */ 7464 7465 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7466 extlen = end; /*just in case extlen is not updated*/ 7467 for (off = sizeof(struct sadb_msg); off < end; off += extlen) { 7468 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff); 7469 if (!n) { 7470 /* m is already freed */ 7471 return ENOBUFS; 7472 } 7473 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 7474 7475 /* set pointer */ 7476 switch (ext->sadb_ext_type) { 7477 case SADB_EXT_SA: 7478 case SADB_EXT_ADDRESS_SRC: 7479 case SADB_EXT_ADDRESS_DST: 7480 case SADB_EXT_ADDRESS_PROXY: 7481 case SADB_EXT_LIFETIME_CURRENT: 7482 case SADB_EXT_LIFETIME_HARD: 7483 case SADB_EXT_LIFETIME_SOFT: 7484 case SADB_EXT_KEY_AUTH: 7485 case SADB_EXT_KEY_ENCRYPT: 7486 case SADB_EXT_IDENTITY_SRC: 7487 case SADB_EXT_IDENTITY_DST: 7488 case SADB_EXT_SENSITIVITY: 7489 case SADB_EXT_PROPOSAL: 7490 case SADB_EXT_SUPPORTED_AUTH: 7491 case SADB_EXT_SUPPORTED_ENCRYPT: 7492 case SADB_EXT_SPIRANGE: 7493 case SADB_X_EXT_POLICY: 7494 case SADB_X_EXT_SA2: 7495 #ifdef IPSEC_NAT_T 7496 case SADB_X_EXT_NAT_T_TYPE: 7497 case SADB_X_EXT_NAT_T_SPORT: 7498 case SADB_X_EXT_NAT_T_DPORT: 7499 case SADB_X_EXT_NAT_T_OAI: 7500 case SADB_X_EXT_NAT_T_OAR: 7501 case SADB_X_EXT_NAT_T_FRAG: 7502 #endif 7503 /* duplicate check */ 7504 /* 7505 * XXX Are there duplication payloads of either 7506 * KEY_AUTH or KEY_ENCRYPT ? 7507 */ 7508 if (mhp->ext[ext->sadb_ext_type] != NULL) { 7509 ipseclog((LOG_DEBUG, "%s: duplicate ext_type " 7510 "%u\n", __func__, ext->sadb_ext_type)); 7511 m_freem(m); 7512 PFKEYSTAT_INC(out_dupext); 7513 return EINVAL; 7514 } 7515 break; 7516 default: 7517 ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n", 7518 __func__, ext->sadb_ext_type)); 7519 m_freem(m); 7520 PFKEYSTAT_INC(out_invexttype); 7521 return EINVAL; 7522 } 7523 7524 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 7525 7526 if (key_validate_ext(ext, extlen)) { 7527 m_freem(m); 7528 PFKEYSTAT_INC(out_invlen); 7529 return EINVAL; 7530 } 7531 7532 n = m_pulldown(m, off, extlen, &toff); 7533 if (!n) { 7534 /* m is already freed */ 7535 return ENOBUFS; 7536 } 7537 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 7538 7539 mhp->ext[ext->sadb_ext_type] = ext; 7540 mhp->extoff[ext->sadb_ext_type] = off; 7541 mhp->extlen[ext->sadb_ext_type] = extlen; 7542 } 7543 7544 if (off != end) { 7545 m_freem(m); 7546 PFKEYSTAT_INC(out_invlen); 7547 return EINVAL; 7548 } 7549 7550 return 0; 7551 } 7552 7553 static int 7554 key_validate_ext(const struct sadb_ext *ext, int len) 7555 { 7556 const struct sockaddr *sa; 7557 enum { NONE, ADDR } checktype = NONE; 7558 int baselen = 0; 7559 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len); 7560 7561 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len)) 7562 return EINVAL; 7563 7564 /* if it does not match minimum/maximum length, bail */ 7565 if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) || 7566 ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0])) 7567 return EINVAL; 7568 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type]) 7569 return EINVAL; 7570 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type]) 7571 return EINVAL; 7572 7573 /* more checks based on sadb_ext_type XXX need more */ 7574 switch (ext->sadb_ext_type) { 7575 case SADB_EXT_ADDRESS_SRC: 7576 case SADB_EXT_ADDRESS_DST: 7577 case SADB_EXT_ADDRESS_PROXY: 7578 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address)); 7579 checktype = ADDR; 7580 break; 7581 case SADB_EXT_IDENTITY_SRC: 7582 case SADB_EXT_IDENTITY_DST: 7583 if (((const struct sadb_ident *)ext)->sadb_ident_type == 7584 SADB_X_IDENTTYPE_ADDR) { 7585 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident)); 7586 checktype = ADDR; 7587 } else 7588 checktype = NONE; 7589 break; 7590 default: 7591 checktype = NONE; 7592 break; 7593 } 7594 7595 switch (checktype) { 7596 case NONE: 7597 break; 7598 case ADDR: 7599 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen); 7600 if (len < baselen + sal) 7601 return EINVAL; 7602 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len) 7603 return EINVAL; 7604 break; 7605 } 7606 7607 return 0; 7608 } 7609 7610 void 7611 key_init(void) 7612 { 7613 int i; 7614 7615 for (i = 0; i < IPSEC_DIR_MAX; i++) 7616 TAILQ_INIT(&V_sptree[i]); 7617 7618 LIST_INIT(&V_sahtree); 7619 7620 for (i = 0; i <= SADB_SATYPE_MAX; i++) 7621 LIST_INIT(&V_regtree[i]); 7622 7623 LIST_INIT(&V_acqtree); 7624 LIST_INIT(&V_spacqtree); 7625 7626 if (!IS_DEFAULT_VNET(curvnet)) 7627 return; 7628 7629 SPTREE_LOCK_INIT(); 7630 REGTREE_LOCK_INIT(); 7631 SAHTREE_LOCK_INIT(); 7632 ACQ_LOCK_INIT(); 7633 SPACQ_LOCK_INIT(); 7634 7635 #ifndef IPSEC_DEBUG2 7636 callout_init(&key_timer, 1); 7637 callout_reset(&key_timer, hz, key_timehandler, NULL); 7638 #endif /*IPSEC_DEBUG2*/ 7639 7640 /* initialize key statistics */ 7641 keystat.getspi_count = 1; 7642 7643 if (bootverbose) 7644 printf("IPsec: Initialized Security Association Processing.\n"); 7645 } 7646 7647 #ifdef VIMAGE 7648 void 7649 key_destroy(void) 7650 { 7651 TAILQ_HEAD(, secpolicy) drainq; 7652 struct secpolicy *sp, *nextsp; 7653 struct secacq *acq, *nextacq; 7654 struct secspacq *spacq, *nextspacq; 7655 struct secashead *sah, *nextsah; 7656 struct secreg *reg; 7657 int i; 7658 7659 TAILQ_INIT(&drainq); 7660 SPTREE_WLOCK(); 7661 for (i = 0; i < IPSEC_DIR_MAX; i++) { 7662 TAILQ_CONCAT(&drainq, &V_sptree[i], chain); 7663 } 7664 SPTREE_WUNLOCK(); 7665 sp = TAILQ_FIRST(&drainq); 7666 while (sp != NULL) { 7667 nextsp = TAILQ_NEXT(sp, chain); 7668 KEY_FREESP(&sp); 7669 sp = nextsp; 7670 } 7671 7672 SAHTREE_LOCK(); 7673 for (sah = LIST_FIRST(&V_sahtree); sah != NULL; sah = nextsah) { 7674 nextsah = LIST_NEXT(sah, chain); 7675 if (__LIST_CHAINED(sah)) { 7676 LIST_REMOVE(sah, chain); 7677 free(sah, M_IPSEC_SAH); 7678 } 7679 } 7680 SAHTREE_UNLOCK(); 7681 7682 REGTREE_LOCK(); 7683 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 7684 LIST_FOREACH(reg, &V_regtree[i], chain) { 7685 if (__LIST_CHAINED(reg)) { 7686 LIST_REMOVE(reg, chain); 7687 free(reg, M_IPSEC_SAR); 7688 break; 7689 } 7690 } 7691 } 7692 REGTREE_UNLOCK(); 7693 7694 ACQ_LOCK(); 7695 for (acq = LIST_FIRST(&V_acqtree); acq != NULL; acq = nextacq) { 7696 nextacq = LIST_NEXT(acq, chain); 7697 if (__LIST_CHAINED(acq)) { 7698 LIST_REMOVE(acq, chain); 7699 free(acq, M_IPSEC_SAQ); 7700 } 7701 } 7702 ACQ_UNLOCK(); 7703 7704 SPACQ_LOCK(); 7705 for (spacq = LIST_FIRST(&V_spacqtree); spacq != NULL; 7706 spacq = nextspacq) { 7707 nextspacq = LIST_NEXT(spacq, chain); 7708 if (__LIST_CHAINED(spacq)) { 7709 LIST_REMOVE(spacq, chain); 7710 free(spacq, M_IPSEC_SAQ); 7711 } 7712 } 7713 SPACQ_UNLOCK(); 7714 } 7715 #endif 7716 7717 /* 7718 * XXX: maybe This function is called after INBOUND IPsec processing. 7719 * 7720 * Special check for tunnel-mode packets. 7721 * We must make some checks for consistency between inner and outer IP header. 7722 * 7723 * xxx more checks to be provided 7724 */ 7725 int 7726 key_checktunnelsanity(struct secasvar *sav, u_int family, caddr_t src, 7727 caddr_t dst) 7728 { 7729 IPSEC_ASSERT(sav->sah != NULL, ("null SA header")); 7730 7731 /* XXX: check inner IP header */ 7732 7733 return 1; 7734 } 7735 7736 /* record data transfer on SA, and update timestamps */ 7737 void 7738 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m) 7739 { 7740 IPSEC_ASSERT(sav != NULL, ("Null secasvar")); 7741 IPSEC_ASSERT(m != NULL, ("Null mbuf")); 7742 if (!sav->lft_c) 7743 return; 7744 7745 /* 7746 * XXX Currently, there is a difference of bytes size 7747 * between inbound and outbound processing. 7748 */ 7749 sav->lft_c->bytes += m->m_pkthdr.len; 7750 /* to check bytes lifetime is done in key_timehandler(). */ 7751 7752 /* 7753 * We use the number of packets as the unit of 7754 * allocations. We increment the variable 7755 * whenever {esp,ah}_{in,out}put is called. 7756 */ 7757 sav->lft_c->allocations++; 7758 /* XXX check for expires? */ 7759 7760 /* 7761 * NOTE: We record CURRENT usetime by using wall clock, 7762 * in seconds. HARD and SOFT lifetime are measured by the time 7763 * difference (again in seconds) from usetime. 7764 * 7765 * usetime 7766 * v expire expire 7767 * -----+-----+--------+---> t 7768 * <--------------> HARD 7769 * <-----> SOFT 7770 */ 7771 sav->lft_c->usetime = time_second; 7772 /* XXX check for expires? */ 7773 7774 return; 7775 } 7776 7777 static void 7778 key_sa_chgstate(struct secasvar *sav, u_int8_t state) 7779 { 7780 IPSEC_ASSERT(sav != NULL, ("NULL sav")); 7781 SAHTREE_LOCK_ASSERT(); 7782 7783 if (sav->state != state) { 7784 if (__LIST_CHAINED(sav)) 7785 LIST_REMOVE(sav, chain); 7786 sav->state = state; 7787 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain); 7788 } 7789 } 7790 7791 /* 7792 * Take one of the kernel's security keys and convert it into a PF_KEY 7793 * structure within an mbuf, suitable for sending up to a waiting 7794 * application in user land. 7795 * 7796 * IN: 7797 * src: A pointer to a kernel security key. 7798 * exttype: Which type of key this is. Refer to the PF_KEY data structures. 7799 * OUT: 7800 * a valid mbuf or NULL indicating an error 7801 * 7802 */ 7803 7804 static struct mbuf * 7805 key_setkey(struct seckey *src, u_int16_t exttype) 7806 { 7807 struct mbuf *m; 7808 struct sadb_key *p; 7809 int len; 7810 7811 if (src == NULL) 7812 return NULL; 7813 7814 len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src)); 7815 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 7816 if (m == NULL) 7817 return NULL; 7818 m_align(m, len); 7819 m->m_len = len; 7820 p = mtod(m, struct sadb_key *); 7821 bzero(p, len); 7822 p->sadb_key_len = PFKEY_UNIT64(len); 7823 p->sadb_key_exttype = exttype; 7824 p->sadb_key_bits = src->bits; 7825 bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src)); 7826 7827 return m; 7828 } 7829 7830 /* 7831 * Take one of the kernel's lifetime data structures and convert it 7832 * into a PF_KEY structure within an mbuf, suitable for sending up to 7833 * a waiting application in user land. 7834 * 7835 * IN: 7836 * src: A pointer to a kernel lifetime structure. 7837 * exttype: Which type of lifetime this is. Refer to the PF_KEY 7838 * data structures for more information. 7839 * OUT: 7840 * a valid mbuf or NULL indicating an error 7841 * 7842 */ 7843 7844 static struct mbuf * 7845 key_setlifetime(struct seclifetime *src, u_int16_t exttype) 7846 { 7847 struct mbuf *m = NULL; 7848 struct sadb_lifetime *p; 7849 int len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime)); 7850 7851 if (src == NULL) 7852 return NULL; 7853 7854 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 7855 if (m == NULL) 7856 return m; 7857 m_align(m, len); 7858 m->m_len = len; 7859 p = mtod(m, struct sadb_lifetime *); 7860 7861 bzero(p, len); 7862 p->sadb_lifetime_len = PFKEY_UNIT64(len); 7863 p->sadb_lifetime_exttype = exttype; 7864 p->sadb_lifetime_allocations = src->allocations; 7865 p->sadb_lifetime_bytes = src->bytes; 7866 p->sadb_lifetime_addtime = src->addtime; 7867 p->sadb_lifetime_usetime = src->usetime; 7868 7869 return m; 7870 7871 } 7872