1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/stream.h> 28 #include <sys/stropts.h> 29 #include <sys/errno.h> 30 #include <sys/strlog.h> 31 #include <sys/tihdr.h> 32 #include <sys/socket.h> 33 #include <sys/ddi.h> 34 #include <sys/sunddi.h> 35 #include <sys/kmem.h> 36 #include <sys/zone.h> 37 #include <sys/sysmacros.h> 38 #include <sys/cmn_err.h> 39 #include <sys/vtrace.h> 40 #include <sys/debug.h> 41 #include <sys/atomic.h> 42 #include <sys/strsun.h> 43 #include <sys/random.h> 44 #include <netinet/in.h> 45 #include <net/if.h> 46 #include <netinet/ip6.h> 47 #include <net/pfkeyv2.h> 48 #include <net/pfpolicy.h> 49 50 #include <inet/common.h> 51 #include <inet/mi.h> 52 #include <inet/nd.h> 53 #include <inet/ip.h> 54 #include <inet/ip_impl.h> 55 #include <inet/ip6.h> 56 #include <inet/sadb.h> 57 #include <inet/ipsec_info.h> 58 #include <inet/ipsec_impl.h> 59 #include <inet/ipsecesp.h> 60 #include <inet/ipdrop.h> 61 #include <inet/tcp.h> 62 #include <sys/kstat.h> 63 #include <sys/policy.h> 64 #include <sys/strsun.h> 65 #include <inet/udp_impl.h> 66 #include <sys/taskq.h> 67 #include <sys/note.h> 68 69 #include <sys/iphada.h> 70 71 /* 72 * Table of ND variables supported by ipsecesp. These are loaded into 73 * ipsecesp_g_nd in ipsecesp_init_nd. 74 * All of these are alterable, within the min/max values given, at run time. 75 */ 76 static ipsecespparam_t lcl_param_arr[] = { 77 /* min max value name */ 78 { 0, 3, 0, "ipsecesp_debug"}, 79 { 125, 32000, SADB_AGE_INTERVAL_DEFAULT, "ipsecesp_age_interval"}, 80 { 1, 10, 1, "ipsecesp_reap_delay"}, 81 { 1, SADB_MAX_REPLAY, 64, "ipsecesp_replay_size"}, 82 { 1, 300, 15, "ipsecesp_acquire_timeout"}, 83 { 1, 1800, 90, "ipsecesp_larval_timeout"}, 84 /* Default lifetime values for ACQUIRE messages. */ 85 { 0, 0xffffffffU, 0, "ipsecesp_default_soft_bytes"}, 86 { 0, 0xffffffffU, 0, "ipsecesp_default_hard_bytes"}, 87 { 0, 0xffffffffU, 24000, "ipsecesp_default_soft_addtime"}, 88 { 0, 0xffffffffU, 28800, "ipsecesp_default_hard_addtime"}, 89 { 0, 0xffffffffU, 0, "ipsecesp_default_soft_usetime"}, 90 { 0, 0xffffffffU, 0, "ipsecesp_default_hard_usetime"}, 91 { 0, 1, 0, "ipsecesp_log_unknown_spi"}, 92 { 0, 2, 1, "ipsecesp_padding_check"}, 93 { 0, 600, 20, "ipsecesp_nat_keepalive_interval"}, 94 }; 95 #define ipsecesp_debug ipsecesp_params[0].ipsecesp_param_value 96 #define ipsecesp_age_interval ipsecesp_params[1].ipsecesp_param_value 97 #define ipsecesp_age_int_max ipsecesp_params[1].ipsecesp_param_max 98 #define ipsecesp_reap_delay ipsecesp_params[2].ipsecesp_param_value 99 #define ipsecesp_replay_size ipsecesp_params[3].ipsecesp_param_value 100 #define ipsecesp_acquire_timeout \ 101 ipsecesp_params[4].ipsecesp_param_value 102 #define ipsecesp_larval_timeout \ 103 ipsecesp_params[5].ipsecesp_param_value 104 #define ipsecesp_default_soft_bytes \ 105 ipsecesp_params[6].ipsecesp_param_value 106 #define ipsecesp_default_hard_bytes \ 107 ipsecesp_params[7].ipsecesp_param_value 108 #define ipsecesp_default_soft_addtime \ 109 ipsecesp_params[8].ipsecesp_param_value 110 #define ipsecesp_default_hard_addtime \ 111 ipsecesp_params[9].ipsecesp_param_value 112 #define ipsecesp_default_soft_usetime \ 113 ipsecesp_params[10].ipsecesp_param_value 114 #define ipsecesp_default_hard_usetime \ 115 ipsecesp_params[11].ipsecesp_param_value 116 #define ipsecesp_log_unknown_spi \ 117 ipsecesp_params[12].ipsecesp_param_value 118 #define ipsecesp_padding_check \ 119 ipsecesp_params[13].ipsecesp_param_value 120 /* For ipsecesp_nat_keepalive_interval, see ipsecesp.h. */ 121 122 #define esp0dbg(a) printf a 123 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */ 124 #define esp1dbg(espstack, a) if (espstack->ipsecesp_debug != 0) printf a 125 #define esp2dbg(espstack, a) if (espstack->ipsecesp_debug > 1) printf a 126 #define esp3dbg(espstack, a) if (espstack->ipsecesp_debug > 2) printf a 127 128 static int ipsecesp_open(queue_t *, dev_t *, int, int, cred_t *); 129 static int ipsecesp_close(queue_t *); 130 static void ipsecesp_rput(queue_t *, mblk_t *); 131 static void ipsecesp_wput(queue_t *, mblk_t *); 132 static void *ipsecesp_stack_init(netstackid_t stackid, netstack_t *ns); 133 static void ipsecesp_stack_fini(netstackid_t stackid, void *arg); 134 static void esp_send_acquire(ipsacq_t *, mblk_t *, netstack_t *); 135 136 static void esp_prepare_udp(netstack_t *, mblk_t *, ipha_t *); 137 static ipsec_status_t esp_outbound_accelerated(mblk_t *, uint_t); 138 static ipsec_status_t esp_inbound_accelerated(mblk_t *, mblk_t *, 139 boolean_t, ipsa_t *); 140 141 static boolean_t esp_register_out(uint32_t, uint32_t, uint_t, 142 ipsecesp_stack_t *); 143 static boolean_t esp_strip_header(mblk_t *, boolean_t, uint32_t, 144 kstat_named_t **, ipsecesp_stack_t *); 145 static ipsec_status_t esp_submit_req_inbound(mblk_t *, ipsa_t *, uint_t); 146 static ipsec_status_t esp_submit_req_outbound(mblk_t *, ipsa_t *, uchar_t *, 147 uint_t); 148 extern void (*cl_inet_getspi)(netstackid_t, uint8_t, uint8_t *, size_t, 149 void *); 150 151 /* Setable in /etc/system */ 152 uint32_t esp_hash_size = IPSEC_DEFAULT_HASH_SIZE; 153 154 static struct module_info info = { 155 5137, "ipsecesp", 0, INFPSZ, 65536, 1024 156 }; 157 158 static struct qinit rinit = { 159 (pfi_t)ipsecesp_rput, NULL, ipsecesp_open, ipsecesp_close, NULL, &info, 160 NULL 161 }; 162 163 static struct qinit winit = { 164 (pfi_t)ipsecesp_wput, NULL, ipsecesp_open, ipsecesp_close, NULL, &info, 165 NULL 166 }; 167 168 struct streamtab ipsecespinfo = { 169 &rinit, &winit, NULL, NULL 170 }; 171 172 static taskq_t *esp_taskq; 173 174 /* 175 * OTOH, this one is set at open/close, and I'm D_MTQPAIR for now. 176 * 177 * Question: Do I need this, given that all instance's esps->esps_wq point 178 * to IP? 179 * 180 * Answer: Yes, because I need to know which queue is BOUND to 181 * IPPROTO_ESP 182 */ 183 184 /* 185 * Stats. This may eventually become a full-blown SNMP MIB once that spec 186 * stabilizes. 187 */ 188 189 typedef struct esp_kstats_s { 190 kstat_named_t esp_stat_num_aalgs; 191 kstat_named_t esp_stat_good_auth; 192 kstat_named_t esp_stat_bad_auth; 193 kstat_named_t esp_stat_bad_padding; 194 kstat_named_t esp_stat_replay_failures; 195 kstat_named_t esp_stat_replay_early_failures; 196 kstat_named_t esp_stat_keysock_in; 197 kstat_named_t esp_stat_out_requests; 198 kstat_named_t esp_stat_acquire_requests; 199 kstat_named_t esp_stat_bytes_expired; 200 kstat_named_t esp_stat_out_discards; 201 kstat_named_t esp_stat_in_accelerated; 202 kstat_named_t esp_stat_out_accelerated; 203 kstat_named_t esp_stat_noaccel; 204 kstat_named_t esp_stat_crypto_sync; 205 kstat_named_t esp_stat_crypto_async; 206 kstat_named_t esp_stat_crypto_failures; 207 kstat_named_t esp_stat_num_ealgs; 208 kstat_named_t esp_stat_bad_decrypt; 209 kstat_named_t esp_stat_sa_port_renumbers; 210 } esp_kstats_t; 211 212 /* 213 * espstack->esp_kstats is equal to espstack->esp_ksp->ks_data if 214 * kstat_create_netstack for espstack->esp_ksp succeeds, but when it 215 * fails, it will be NULL. Note this is done for all stack instances, 216 * so it *could* fail. hence a non-NULL checking is done for 217 * ESP_BUMP_STAT and ESP_DEBUMP_STAT 218 */ 219 #define ESP_BUMP_STAT(espstack, x) \ 220 do { \ 221 if (espstack->esp_kstats != NULL) \ 222 (espstack->esp_kstats->esp_stat_ ## x).value.ui64++; \ 223 _NOTE(CONSTCOND) \ 224 } while (0) 225 226 #define ESP_DEBUMP_STAT(espstack, x) \ 227 do { \ 228 if (espstack->esp_kstats != NULL) \ 229 (espstack->esp_kstats->esp_stat_ ## x).value.ui64--; \ 230 _NOTE(CONSTCOND) \ 231 } while (0) 232 233 static int esp_kstat_update(kstat_t *, int); 234 235 static boolean_t 236 esp_kstat_init(ipsecesp_stack_t *espstack, netstackid_t stackid) 237 { 238 espstack->esp_ksp = kstat_create_netstack("ipsecesp", 0, "esp_stat", 239 "net", KSTAT_TYPE_NAMED, 240 sizeof (esp_kstats_t) / sizeof (kstat_named_t), 241 KSTAT_FLAG_PERSISTENT, stackid); 242 243 if (espstack->esp_ksp == NULL || espstack->esp_ksp->ks_data == NULL) 244 return (B_FALSE); 245 246 espstack->esp_kstats = espstack->esp_ksp->ks_data; 247 248 espstack->esp_ksp->ks_update = esp_kstat_update; 249 espstack->esp_ksp->ks_private = (void *)(uintptr_t)stackid; 250 251 #define K64 KSTAT_DATA_UINT64 252 #define KI(x) kstat_named_init(&(espstack->esp_kstats->esp_stat_##x), #x, K64) 253 254 KI(num_aalgs); 255 KI(num_ealgs); 256 KI(good_auth); 257 KI(bad_auth); 258 KI(bad_padding); 259 KI(replay_failures); 260 KI(replay_early_failures); 261 KI(keysock_in); 262 KI(out_requests); 263 KI(acquire_requests); 264 KI(bytes_expired); 265 KI(out_discards); 266 KI(in_accelerated); 267 KI(out_accelerated); 268 KI(noaccel); 269 KI(crypto_sync); 270 KI(crypto_async); 271 KI(crypto_failures); 272 KI(bad_decrypt); 273 KI(sa_port_renumbers); 274 275 #undef KI 276 #undef K64 277 278 kstat_install(espstack->esp_ksp); 279 280 return (B_TRUE); 281 } 282 283 static int 284 esp_kstat_update(kstat_t *kp, int rw) 285 { 286 esp_kstats_t *ekp; 287 netstackid_t stackid = (zoneid_t)(uintptr_t)kp->ks_private; 288 netstack_t *ns; 289 ipsec_stack_t *ipss; 290 291 if ((kp == NULL) || (kp->ks_data == NULL)) 292 return (EIO); 293 294 if (rw == KSTAT_WRITE) 295 return (EACCES); 296 297 ns = netstack_find_by_stackid(stackid); 298 if (ns == NULL) 299 return (-1); 300 ipss = ns->netstack_ipsec; 301 if (ipss == NULL) { 302 netstack_rele(ns); 303 return (-1); 304 } 305 ekp = (esp_kstats_t *)kp->ks_data; 306 307 mutex_enter(&ipss->ipsec_alg_lock); 308 ekp->esp_stat_num_aalgs.value.ui64 = 309 ipss->ipsec_nalgs[IPSEC_ALG_AUTH]; 310 ekp->esp_stat_num_ealgs.value.ui64 = 311 ipss->ipsec_nalgs[IPSEC_ALG_ENCR]; 312 mutex_exit(&ipss->ipsec_alg_lock); 313 314 netstack_rele(ns); 315 return (0); 316 } 317 318 #ifdef DEBUG 319 /* 320 * Debug routine, useful to see pre-encryption data. 321 */ 322 static char * 323 dump_msg(mblk_t *mp) 324 { 325 char tmp_str[3], tmp_line[256]; 326 327 while (mp != NULL) { 328 unsigned char *ptr; 329 330 printf("mblk address 0x%p, length %ld, db_ref %d " 331 "type %d, base 0x%p, lim 0x%p\n", 332 (void *) mp, (long)(mp->b_wptr - mp->b_rptr), 333 mp->b_datap->db_ref, mp->b_datap->db_type, 334 (void *)mp->b_datap->db_base, (void *)mp->b_datap->db_lim); 335 ptr = mp->b_rptr; 336 337 tmp_line[0] = '\0'; 338 while (ptr < mp->b_wptr) { 339 uint_t diff; 340 341 diff = (ptr - mp->b_rptr); 342 if (!(diff & 0x1f)) { 343 if (strlen(tmp_line) > 0) { 344 printf("bytes: %s\n", tmp_line); 345 tmp_line[0] = '\0'; 346 } 347 } 348 if (!(diff & 0x3)) 349 (void) strcat(tmp_line, " "); 350 (void) sprintf(tmp_str, "%02x", *ptr); 351 (void) strcat(tmp_line, tmp_str); 352 ptr++; 353 } 354 if (strlen(tmp_line) > 0) 355 printf("bytes: %s\n", tmp_line); 356 357 mp = mp->b_cont; 358 } 359 360 return ("\n"); 361 } 362 363 #else /* DEBUG */ 364 static char * 365 dump_msg(mblk_t *mp) 366 { 367 printf("Find value of mp %p.\n", mp); 368 return ("\n"); 369 } 370 #endif /* DEBUG */ 371 372 /* 373 * Don't have to lock age_interval, as only one thread will access it at 374 * a time, because I control the one function that does with timeout(). 375 */ 376 static void 377 esp_ager(void *arg) 378 { 379 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)arg; 380 netstack_t *ns = espstack->ipsecesp_netstack; 381 hrtime_t begin = gethrtime(); 382 383 sadb_ager(&espstack->esp_sadb.s_v4, espstack->esp_pfkey_q, 384 espstack->esp_sadb.s_ip_q, espstack->ipsecesp_reap_delay, ns); 385 sadb_ager(&espstack->esp_sadb.s_v6, espstack->esp_pfkey_q, 386 espstack->esp_sadb.s_ip_q, espstack->ipsecesp_reap_delay, ns); 387 388 espstack->esp_event = sadb_retimeout(begin, espstack->esp_pfkey_q, 389 esp_ager, espstack, 390 &espstack->ipsecesp_age_interval, espstack->ipsecesp_age_int_max, 391 info.mi_idnum); 392 } 393 394 /* 395 * Get an ESP NDD parameter. 396 */ 397 /* ARGSUSED */ 398 static int 399 ipsecesp_param_get(q, mp, cp, cr) 400 queue_t *q; 401 mblk_t *mp; 402 caddr_t cp; 403 cred_t *cr; 404 { 405 ipsecespparam_t *ipsecesppa = (ipsecespparam_t *)cp; 406 uint_t value; 407 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 408 409 mutex_enter(&espstack->ipsecesp_param_lock); 410 value = ipsecesppa->ipsecesp_param_value; 411 mutex_exit(&espstack->ipsecesp_param_lock); 412 413 (void) mi_mpprintf(mp, "%u", value); 414 return (0); 415 } 416 417 /* 418 * This routine sets an NDD variable in a ipsecespparam_t structure. 419 */ 420 /* ARGSUSED */ 421 static int 422 ipsecesp_param_set(q, mp, value, cp, cr) 423 queue_t *q; 424 mblk_t *mp; 425 char *value; 426 caddr_t cp; 427 cred_t *cr; 428 { 429 ulong_t new_value; 430 ipsecespparam_t *ipsecesppa = (ipsecespparam_t *)cp; 431 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 432 433 /* 434 * Fail the request if the new value does not lie within the 435 * required bounds. 436 */ 437 if (ddi_strtoul(value, NULL, 10, &new_value) != 0 || 438 new_value < ipsecesppa->ipsecesp_param_min || 439 new_value > ipsecesppa->ipsecesp_param_max) { 440 return (EINVAL); 441 } 442 443 /* Set the new value */ 444 mutex_enter(&espstack->ipsecesp_param_lock); 445 ipsecesppa->ipsecesp_param_value = new_value; 446 mutex_exit(&espstack->ipsecesp_param_lock); 447 return (0); 448 } 449 450 /* 451 * Using lifetime NDD variables, fill in an extended combination's 452 * lifetime information. 453 */ 454 void 455 ipsecesp_fill_defs(sadb_x_ecomb_t *ecomb, netstack_t *ns) 456 { 457 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 458 459 ecomb->sadb_x_ecomb_soft_bytes = espstack->ipsecesp_default_soft_bytes; 460 ecomb->sadb_x_ecomb_hard_bytes = espstack->ipsecesp_default_hard_bytes; 461 ecomb->sadb_x_ecomb_soft_addtime = 462 espstack->ipsecesp_default_soft_addtime; 463 ecomb->sadb_x_ecomb_hard_addtime = 464 espstack->ipsecesp_default_hard_addtime; 465 ecomb->sadb_x_ecomb_soft_usetime = 466 espstack->ipsecesp_default_soft_usetime; 467 ecomb->sadb_x_ecomb_hard_usetime = 468 espstack->ipsecesp_default_hard_usetime; 469 } 470 471 /* 472 * Initialize things for ESP at module load time. 473 */ 474 boolean_t 475 ipsecesp_ddi_init(void) 476 { 477 esp_taskq = taskq_create("esp_taskq", 1, minclsyspri, 478 IPSEC_TASKQ_MIN, IPSEC_TASKQ_MAX, 0); 479 480 /* 481 * We want to be informed each time a stack is created or 482 * destroyed in the kernel, so we can maintain the 483 * set of ipsecesp_stack_t's. 484 */ 485 netstack_register(NS_IPSECESP, ipsecesp_stack_init, NULL, 486 ipsecesp_stack_fini); 487 488 return (B_TRUE); 489 } 490 491 /* 492 * Walk through the param array specified registering each element with the 493 * named dispatch handler. 494 */ 495 static boolean_t 496 ipsecesp_param_register(IDP *ndp, ipsecespparam_t *espp, int cnt) 497 { 498 for (; cnt-- > 0; espp++) { 499 if (espp->ipsecesp_param_name != NULL && 500 espp->ipsecesp_param_name[0]) { 501 if (!nd_load(ndp, 502 espp->ipsecesp_param_name, 503 ipsecesp_param_get, ipsecesp_param_set, 504 (caddr_t)espp)) { 505 nd_free(ndp); 506 return (B_FALSE); 507 } 508 } 509 } 510 return (B_TRUE); 511 } 512 /* 513 * Initialize things for ESP for each stack instance 514 */ 515 static void * 516 ipsecesp_stack_init(netstackid_t stackid, netstack_t *ns) 517 { 518 ipsecesp_stack_t *espstack; 519 ipsecespparam_t *espp; 520 521 espstack = (ipsecesp_stack_t *)kmem_zalloc(sizeof (*espstack), 522 KM_SLEEP); 523 espstack->ipsecesp_netstack = ns; 524 525 espp = (ipsecespparam_t *)kmem_alloc(sizeof (lcl_param_arr), KM_SLEEP); 526 espstack->ipsecesp_params = espp; 527 bcopy(lcl_param_arr, espp, sizeof (lcl_param_arr)); 528 529 (void) ipsecesp_param_register(&espstack->ipsecesp_g_nd, espp, 530 A_CNT(lcl_param_arr)); 531 532 (void) esp_kstat_init(espstack, stackid); 533 534 espstack->esp_sadb.s_acquire_timeout = 535 &espstack->ipsecesp_acquire_timeout; 536 espstack->esp_sadb.s_acqfn = esp_send_acquire; 537 sadbp_init("ESP", &espstack->esp_sadb, SADB_SATYPE_ESP, esp_hash_size, 538 espstack->ipsecesp_netstack); 539 540 mutex_init(&espstack->ipsecesp_param_lock, NULL, MUTEX_DEFAULT, 0); 541 542 ip_drop_register(&espstack->esp_dropper, "IPsec ESP"); 543 return (espstack); 544 } 545 546 /* 547 * Destroy things for ESP at module unload time. 548 */ 549 void 550 ipsecesp_ddi_destroy(void) 551 { 552 netstack_unregister(NS_IPSECESP); 553 taskq_destroy(esp_taskq); 554 } 555 556 /* 557 * Destroy things for ESP for one stack instance 558 */ 559 static void 560 ipsecesp_stack_fini(netstackid_t stackid, void *arg) 561 { 562 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)arg; 563 564 if (espstack->esp_pfkey_q != NULL) { 565 (void) quntimeout(espstack->esp_pfkey_q, espstack->esp_event); 566 } 567 espstack->esp_sadb.s_acqfn = NULL; 568 espstack->esp_sadb.s_acquire_timeout = NULL; 569 sadbp_destroy(&espstack->esp_sadb, espstack->ipsecesp_netstack); 570 ip_drop_unregister(&espstack->esp_dropper); 571 mutex_destroy(&espstack->ipsecesp_param_lock); 572 nd_free(&espstack->ipsecesp_g_nd); 573 574 kmem_free(espstack->ipsecesp_params, sizeof (lcl_param_arr)); 575 espstack->ipsecesp_params = NULL; 576 kstat_delete_netstack(espstack->esp_ksp, stackid); 577 espstack->esp_ksp = NULL; 578 espstack->esp_kstats = NULL; 579 kmem_free(espstack, sizeof (*espstack)); 580 } 581 582 /* 583 * ESP module open routine. 584 */ 585 /* ARGSUSED */ 586 static int 587 ipsecesp_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp) 588 { 589 netstack_t *ns; 590 ipsecesp_stack_t *espstack; 591 592 if (secpolicy_ip_config(credp, B_FALSE) != 0) 593 return (EPERM); 594 595 if (q->q_ptr != NULL) 596 return (0); /* Re-open of an already open instance. */ 597 598 if (sflag != MODOPEN) 599 return (EINVAL); 600 601 ns = netstack_find_by_cred(credp); 602 ASSERT(ns != NULL); 603 espstack = ns->netstack_ipsecesp; 604 ASSERT(espstack != NULL); 605 606 /* 607 * ASSUMPTIONS (because I'm MT_OCEXCL): 608 * 609 * * I'm being pushed on top of IP for all my opens (incl. #1). 610 * * Only ipsecesp_open() can write into esp_sadb.s_ip_q. 611 * * Because of this, I can check lazily for esp_sadb.s_ip_q. 612 * 613 * If these assumptions are wrong, I'm in BIG trouble... 614 */ 615 616 q->q_ptr = espstack; 617 WR(q)->q_ptr = q->q_ptr; 618 619 if (espstack->esp_sadb.s_ip_q == NULL) { 620 struct T_unbind_req *tur; 621 622 espstack->esp_sadb.s_ip_q = WR(q); 623 /* Allocate an unbind... */ 624 espstack->esp_ip_unbind = allocb(sizeof (struct T_unbind_req), 625 BPRI_HI); 626 627 /* 628 * Send down T_BIND_REQ to bind IPPROTO_ESP. 629 * Handle the ACK here in ESP. 630 */ 631 qprocson(q); 632 if (espstack->esp_ip_unbind == NULL || 633 !sadb_t_bind_req(espstack->esp_sadb.s_ip_q, IPPROTO_ESP)) { 634 if (espstack->esp_ip_unbind != NULL) { 635 freeb(espstack->esp_ip_unbind); 636 espstack->esp_ip_unbind = NULL; 637 } 638 q->q_ptr = NULL; 639 netstack_rele(espstack->ipsecesp_netstack); 640 return (ENOMEM); 641 } 642 643 espstack->esp_ip_unbind->b_datap->db_type = M_PROTO; 644 tur = (struct T_unbind_req *)espstack->esp_ip_unbind->b_rptr; 645 tur->PRIM_type = T_UNBIND_REQ; 646 } else { 647 qprocson(q); 648 } 649 650 /* 651 * For now, there's not much I can do. I'll be getting a message 652 * passed down to me from keysock (in my wput), and a T_BIND_ACK 653 * up from IP (in my rput). 654 */ 655 656 return (0); 657 } 658 659 /* 660 * ESP module close routine. 661 */ 662 static int 663 ipsecesp_close(queue_t *q) 664 { 665 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 666 667 /* 668 * If esp_sadb.s_ip_q is attached to this instance, send a 669 * T_UNBIND_REQ to IP for the instance before doing 670 * a qprocsoff(). 671 */ 672 if (WR(q) == espstack->esp_sadb.s_ip_q && 673 espstack->esp_ip_unbind != NULL) { 674 putnext(WR(q), espstack->esp_ip_unbind); 675 espstack->esp_ip_unbind = NULL; 676 } 677 678 /* 679 * Clean up q_ptr, if needed. 680 */ 681 qprocsoff(q); 682 683 /* Keysock queue check is safe, because of OCEXCL perimeter. */ 684 685 if (q == espstack->esp_pfkey_q) { 686 esp1dbg(espstack, 687 ("ipsecesp_close: Ummm... keysock is closing ESP.\n")); 688 espstack->esp_pfkey_q = NULL; 689 /* Detach qtimeouts. */ 690 (void) quntimeout(q, espstack->esp_event); 691 } 692 693 if (WR(q) == espstack->esp_sadb.s_ip_q) { 694 /* 695 * If the esp_sadb.s_ip_q is attached to this instance, find 696 * another. The OCEXCL outer perimeter helps us here. 697 */ 698 espstack->esp_sadb.s_ip_q = NULL; 699 700 /* 701 * Find a replacement queue for esp_sadb.s_ip_q. 702 */ 703 if (espstack->esp_pfkey_q != NULL && 704 espstack->esp_pfkey_q != RD(q)) { 705 /* 706 * See if we can use the pfkey_q. 707 */ 708 espstack->esp_sadb.s_ip_q = WR(espstack->esp_pfkey_q); 709 } 710 711 if (espstack->esp_sadb.s_ip_q == NULL || 712 !sadb_t_bind_req(espstack->esp_sadb.s_ip_q, IPPROTO_ESP)) { 713 esp1dbg(espstack, ("ipsecesp: Can't reassign ip_q.\n")); 714 espstack->esp_sadb.s_ip_q = NULL; 715 } else { 716 espstack->esp_ip_unbind = 717 allocb(sizeof (struct T_unbind_req), BPRI_HI); 718 719 if (espstack->esp_ip_unbind != NULL) { 720 struct T_unbind_req *tur; 721 722 espstack->esp_ip_unbind->b_datap->db_type = 723 M_PROTO; 724 tur = (struct T_unbind_req *) 725 espstack->esp_ip_unbind->b_rptr; 726 tur->PRIM_type = T_UNBIND_REQ; 727 } 728 /* If it's NULL, I can't do much here. */ 729 } 730 } 731 732 netstack_rele(espstack->ipsecesp_netstack); 733 return (0); 734 } 735 736 /* 737 * Add a number of bytes to what the SA has protected so far. Return 738 * B_TRUE if the SA can still protect that many bytes. 739 * 740 * Caller must REFRELE the passed-in assoc. This function must REFRELE 741 * any obtained peer SA. 742 */ 743 static boolean_t 744 esp_age_bytes(ipsa_t *assoc, uint64_t bytes, boolean_t inbound) 745 { 746 ipsa_t *inassoc, *outassoc; 747 isaf_t *bucket; 748 boolean_t inrc, outrc, isv6; 749 sadb_t *sp; 750 int outhash; 751 netstack_t *ns = assoc->ipsa_netstack; 752 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 753 754 /* No peer? No problem! */ 755 if (!assoc->ipsa_haspeer) { 756 return (sadb_age_bytes(espstack->esp_pfkey_q, assoc, bytes, 757 B_TRUE)); 758 } 759 760 /* 761 * Otherwise, we want to grab both the original assoc and its peer. 762 * There might be a race for this, but if it's a real race, two 763 * expire messages may occur. We limit this by only sending the 764 * expire message on one of the peers, we'll pick the inbound 765 * arbitrarily. 766 * 767 * If we need tight synchronization on the peer SA, then we need to 768 * reconsider. 769 */ 770 771 /* Use address length to select IPv6/IPv4 */ 772 isv6 = (assoc->ipsa_addrfam == AF_INET6); 773 sp = isv6 ? &espstack->esp_sadb.s_v6 : &espstack->esp_sadb.s_v4; 774 775 if (inbound) { 776 inassoc = assoc; 777 if (isv6) { 778 outhash = OUTBOUND_HASH_V6(sp, *((in6_addr_t *) 779 &inassoc->ipsa_dstaddr)); 780 } else { 781 outhash = OUTBOUND_HASH_V4(sp, *((ipaddr_t *) 782 &inassoc->ipsa_dstaddr)); 783 } 784 bucket = &sp->sdb_of[outhash]; 785 mutex_enter(&bucket->isaf_lock); 786 outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi, 787 inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr, 788 inassoc->ipsa_addrfam); 789 mutex_exit(&bucket->isaf_lock); 790 if (outassoc == NULL) { 791 /* Q: Do we wish to set haspeer == B_FALSE? */ 792 esp0dbg(("esp_age_bytes: " 793 "can't find peer for inbound.\n")); 794 return (sadb_age_bytes(espstack->esp_pfkey_q, inassoc, 795 bytes, B_TRUE)); 796 } 797 } else { 798 outassoc = assoc; 799 bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi); 800 mutex_enter(&bucket->isaf_lock); 801 inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi, 802 outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr, 803 outassoc->ipsa_addrfam); 804 mutex_exit(&bucket->isaf_lock); 805 if (inassoc == NULL) { 806 /* Q: Do we wish to set haspeer == B_FALSE? */ 807 esp0dbg(("esp_age_bytes: " 808 "can't find peer for outbound.\n")); 809 return (sadb_age_bytes(espstack->esp_pfkey_q, outassoc, 810 bytes, B_TRUE)); 811 } 812 } 813 814 inrc = sadb_age_bytes(espstack->esp_pfkey_q, inassoc, bytes, B_TRUE); 815 outrc = sadb_age_bytes(espstack->esp_pfkey_q, outassoc, bytes, B_FALSE); 816 817 /* 818 * REFRELE any peer SA. 819 * 820 * Because of the multi-line macro nature of IPSA_REFRELE, keep 821 * them in { }. 822 */ 823 if (inbound) { 824 IPSA_REFRELE(outassoc); 825 } else { 826 IPSA_REFRELE(inassoc); 827 } 828 829 return (inrc && outrc); 830 } 831 832 /* 833 * Do incoming NAT-T manipulations for packet. 834 */ 835 static ipsec_status_t 836 esp_fix_natt_checksums(mblk_t *data_mp, ipsa_t *assoc) 837 { 838 ipha_t *ipha = (ipha_t *)data_mp->b_rptr; 839 tcpha_t *tcph; 840 udpha_t *udpha; 841 /* Initialize to our inbound cksum adjustment... */ 842 uint32_t sum = assoc->ipsa_inbound_cksum; 843 844 switch (ipha->ipha_protocol) { 845 case IPPROTO_TCP: 846 tcph = (tcpha_t *)(data_mp->b_rptr + 847 IPH_HDR_LENGTH(ipha)); 848 849 #define DOWN_SUM(x) (x) = ((x) & 0xFFFF) + ((x) >> 16) 850 sum += ~ntohs(tcph->tha_sum) & 0xFFFF; 851 DOWN_SUM(sum); 852 DOWN_SUM(sum); 853 tcph->tha_sum = ~htons(sum); 854 break; 855 case IPPROTO_UDP: 856 udpha = (udpha_t *)(data_mp->b_rptr + IPH_HDR_LENGTH(ipha)); 857 858 if (udpha->uha_checksum != 0) { 859 /* Adujst if the inbound one was not zero. */ 860 sum += ~ntohs(udpha->uha_checksum) & 0xFFFF; 861 DOWN_SUM(sum); 862 DOWN_SUM(sum); 863 udpha->uha_checksum = ~htons(sum); 864 if (udpha->uha_checksum == 0) 865 udpha->uha_checksum = 0xFFFF; 866 } 867 #undef DOWN_SUM 868 break; 869 case IPPROTO_IP: 870 /* 871 * This case is only an issue for self-encapsulated 872 * packets. So for now, fall through. 873 */ 874 break; 875 } 876 return (IPSEC_STATUS_SUCCESS); 877 } 878 879 880 /* 881 * Strip ESP header, check padding, and fix IP header. 882 * Returns B_TRUE on success, B_FALSE if an error occured. 883 */ 884 static boolean_t 885 esp_strip_header(mblk_t *data_mp, boolean_t isv4, uint32_t ivlen, 886 kstat_named_t **counter, ipsecesp_stack_t *espstack) 887 { 888 ipha_t *ipha; 889 ip6_t *ip6h; 890 uint_t divpoint; 891 mblk_t *scratch; 892 uint8_t nexthdr, padlen; 893 uint8_t lastpad; 894 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 895 uint8_t *lastbyte; 896 897 /* 898 * Strip ESP data and fix IP header. 899 * 900 * XXX In case the beginning of esp_inbound() changes to not do a 901 * pullup, this part of the code can remain unchanged. 902 */ 903 if (isv4) { 904 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (ipha_t)); 905 ipha = (ipha_t *)data_mp->b_rptr; 906 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (esph_t) + 907 IPH_HDR_LENGTH(ipha)); 908 divpoint = IPH_HDR_LENGTH(ipha); 909 } else { 910 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (ip6_t)); 911 ip6h = (ip6_t *)data_mp->b_rptr; 912 divpoint = ip_hdr_length_v6(data_mp, ip6h); 913 } 914 915 scratch = data_mp; 916 while (scratch->b_cont != NULL) 917 scratch = scratch->b_cont; 918 919 ASSERT((scratch->b_wptr - scratch->b_rptr) >= 3); 920 921 /* 922 * "Next header" and padding length are the last two bytes in the 923 * ESP-protected datagram, thus the explicit - 1 and - 2. 924 * lastpad is the last byte of the padding, which can be used for 925 * a quick check to see if the padding is correct. 926 */ 927 lastbyte = scratch->b_wptr - 1; 928 nexthdr = *lastbyte--; 929 padlen = *lastbyte--; 930 931 if (isv4) { 932 /* Fix part of the IP header. */ 933 ipha->ipha_protocol = nexthdr; 934 /* 935 * Reality check the padlen. The explicit - 2 is for the 936 * padding length and the next-header bytes. 937 */ 938 if (padlen >= ntohs(ipha->ipha_length) - sizeof (ipha_t) - 2 - 939 sizeof (esph_t) - ivlen) { 940 ESP_BUMP_STAT(espstack, bad_decrypt); 941 ipsec_rl_strlog(espstack->ipsecesp_netstack, 942 info.mi_idnum, 0, 0, 943 SL_ERROR | SL_WARN, 944 "Corrupt ESP packet (padlen too big).\n"); 945 esp1dbg(espstack, ("padlen (%d) is greater than:\n", 946 padlen)); 947 esp1dbg(espstack, ("pkt len(%d) - ip hdr - esp " 948 "hdr - ivlen(%d) = %d.\n", 949 ntohs(ipha->ipha_length), ivlen, 950 (int)(ntohs(ipha->ipha_length) - sizeof (ipha_t) - 951 2 - sizeof (esph_t) - ivlen))); 952 *counter = DROPPER(ipss, ipds_esp_bad_padlen); 953 return (B_FALSE); 954 } 955 956 /* 957 * Fix the rest of the header. The explicit - 2 is for the 958 * padding length and the next-header bytes. 959 */ 960 ipha->ipha_length = htons(ntohs(ipha->ipha_length) - padlen - 961 2 - sizeof (esph_t) - ivlen); 962 ipha->ipha_hdr_checksum = 0; 963 ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha); 964 } else { 965 if (ip6h->ip6_nxt == IPPROTO_ESP) { 966 ip6h->ip6_nxt = nexthdr; 967 } else { 968 ip6_pkt_t ipp; 969 970 bzero(&ipp, sizeof (ipp)); 971 (void) ip_find_hdr_v6(data_mp, ip6h, &ipp, NULL); 972 if (ipp.ipp_dstopts != NULL) { 973 ipp.ipp_dstopts->ip6d_nxt = nexthdr; 974 } else if (ipp.ipp_rthdr != NULL) { 975 ipp.ipp_rthdr->ip6r_nxt = nexthdr; 976 } else if (ipp.ipp_hopopts != NULL) { 977 ipp.ipp_hopopts->ip6h_nxt = nexthdr; 978 } else { 979 /* Panic a DEBUG kernel. */ 980 ASSERT(ipp.ipp_hopopts != NULL); 981 /* Otherwise, pretend it's IP + ESP. */ 982 cmn_err(CE_WARN, "ESP IPv6 headers wrong.\n"); 983 ip6h->ip6_nxt = nexthdr; 984 } 985 } 986 987 if (padlen >= ntohs(ip6h->ip6_plen) - 2 - sizeof (esph_t) - 988 ivlen) { 989 ESP_BUMP_STAT(espstack, bad_decrypt); 990 ipsec_rl_strlog(espstack->ipsecesp_netstack, 991 info.mi_idnum, 0, 0, 992 SL_ERROR | SL_WARN, 993 "Corrupt ESP packet (v6 padlen too big).\n"); 994 esp1dbg(espstack, ("padlen (%d) is greater than:\n", 995 padlen)); 996 esp1dbg(espstack, 997 ("pkt len(%u) - ip hdr - esp hdr - ivlen(%d) = " 998 "%u.\n", (unsigned)(ntohs(ip6h->ip6_plen) 999 + sizeof (ip6_t)), ivlen, 1000 (unsigned)(ntohs(ip6h->ip6_plen) - 2 - 1001 sizeof (esph_t) - ivlen))); 1002 *counter = DROPPER(ipss, ipds_esp_bad_padlen); 1003 return (B_FALSE); 1004 } 1005 1006 1007 /* 1008 * Fix the rest of the header. The explicit - 2 is for the 1009 * padding length and the next-header bytes. IPv6 is nice, 1010 * because there's no hdr checksum! 1011 */ 1012 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - padlen - 1013 2 - sizeof (esph_t) - ivlen); 1014 } 1015 1016 if (espstack->ipsecesp_padding_check > 0 && padlen > 0) { 1017 /* 1018 * Weak padding check: compare last-byte to length, they 1019 * should be equal. 1020 */ 1021 lastpad = *lastbyte--; 1022 1023 if (padlen != lastpad) { 1024 ipsec_rl_strlog(espstack->ipsecesp_netstack, 1025 info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 1026 "Corrupt ESP packet (lastpad != padlen).\n"); 1027 esp1dbg(espstack, 1028 ("lastpad (%d) not equal to padlen (%d):\n", 1029 lastpad, padlen)); 1030 ESP_BUMP_STAT(espstack, bad_padding); 1031 *counter = DROPPER(ipss, ipds_esp_bad_padding); 1032 return (B_FALSE); 1033 } 1034 1035 /* 1036 * Strong padding check: Check all pad bytes to see that 1037 * they're ascending. Go backwards using a descending counter 1038 * to verify. padlen == 1 is checked by previous block, so 1039 * only bother if we've more than 1 byte of padding. 1040 * Consequently, start the check one byte before the location 1041 * of "lastpad". 1042 */ 1043 if (espstack->ipsecesp_padding_check > 1) { 1044 /* 1045 * This assert may have to become an if and a pullup 1046 * if we start accepting multi-dblk mblks. For now, 1047 * though, any packet here will have been pulled up in 1048 * esp_inbound. 1049 */ 1050 ASSERT(MBLKL(scratch) >= lastpad + 3); 1051 1052 /* 1053 * Use "--lastpad" because we already checked the very 1054 * last pad byte previously. 1055 */ 1056 while (--lastpad != 0) { 1057 if (lastpad != *lastbyte) { 1058 ipsec_rl_strlog( 1059 espstack->ipsecesp_netstack, 1060 info.mi_idnum, 0, 0, 1061 SL_ERROR | SL_WARN, "Corrupt ESP " 1062 "packet (bad padding).\n"); 1063 esp1dbg(espstack, 1064 ("padding not in correct" 1065 " format:\n")); 1066 ESP_BUMP_STAT(espstack, bad_padding); 1067 *counter = DROPPER(ipss, 1068 ipds_esp_bad_padding); 1069 return (B_FALSE); 1070 } 1071 lastbyte--; 1072 } 1073 } 1074 } 1075 1076 /* Trim off the padding. */ 1077 ASSERT(data_mp->b_cont == NULL); 1078 data_mp->b_wptr -= (padlen + 2); 1079 1080 /* 1081 * Remove the ESP header. 1082 * 1083 * The above assertions about data_mp's size will make this work. 1084 * 1085 * XXX Question: If I send up and get back a contiguous mblk, 1086 * would it be quicker to bcopy over, or keep doing the dupb stuff? 1087 * I go with copying for now. 1088 */ 1089 1090 if (IS_P2ALIGNED(data_mp->b_rptr, sizeof (uint32_t)) && 1091 IS_P2ALIGNED(ivlen, sizeof (uint32_t))) { 1092 uint8_t *start = data_mp->b_rptr; 1093 uint32_t *src, *dst; 1094 1095 src = (uint32_t *)(start + divpoint); 1096 dst = (uint32_t *)(start + divpoint + sizeof (esph_t) + ivlen); 1097 1098 ASSERT(IS_P2ALIGNED(dst, sizeof (uint32_t)) && 1099 IS_P2ALIGNED(src, sizeof (uint32_t))); 1100 1101 do { 1102 src--; 1103 dst--; 1104 *dst = *src; 1105 } while (src != (uint32_t *)start); 1106 1107 data_mp->b_rptr = (uchar_t *)dst; 1108 } else { 1109 uint8_t *start = data_mp->b_rptr; 1110 uint8_t *src, *dst; 1111 1112 src = start + divpoint; 1113 dst = src + sizeof (esph_t) + ivlen; 1114 1115 do { 1116 src--; 1117 dst--; 1118 *dst = *src; 1119 } while (src != start); 1120 1121 data_mp->b_rptr = dst; 1122 } 1123 1124 esp2dbg(espstack, ("data_mp after inbound ESP adjustment:\n")); 1125 esp2dbg(espstack, (dump_msg(data_mp))); 1126 1127 return (B_TRUE); 1128 } 1129 1130 /* 1131 * Updating use times can be tricky business if the ipsa_haspeer flag is 1132 * set. This function is called once in an SA's lifetime. 1133 * 1134 * Caller has to REFRELE "assoc" which is passed in. This function has 1135 * to REFRELE any peer SA that is obtained. 1136 */ 1137 static void 1138 esp_set_usetime(ipsa_t *assoc, boolean_t inbound) 1139 { 1140 ipsa_t *inassoc, *outassoc; 1141 isaf_t *bucket; 1142 sadb_t *sp; 1143 int outhash; 1144 boolean_t isv6; 1145 netstack_t *ns = assoc->ipsa_netstack; 1146 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1147 1148 /* No peer? No problem! */ 1149 if (!assoc->ipsa_haspeer) { 1150 sadb_set_usetime(assoc); 1151 return; 1152 } 1153 1154 /* 1155 * Otherwise, we want to grab both the original assoc and its peer. 1156 * There might be a race for this, but if it's a real race, the times 1157 * will be out-of-synch by at most a second, and since our time 1158 * granularity is a second, this won't be a problem. 1159 * 1160 * If we need tight synchronization on the peer SA, then we need to 1161 * reconsider. 1162 */ 1163 1164 /* Use address length to select IPv6/IPv4 */ 1165 isv6 = (assoc->ipsa_addrfam == AF_INET6); 1166 sp = isv6 ? &espstack->esp_sadb.s_v6 : &espstack->esp_sadb.s_v4; 1167 1168 if (inbound) { 1169 inassoc = assoc; 1170 if (isv6) { 1171 outhash = OUTBOUND_HASH_V6(sp, *((in6_addr_t *) 1172 &inassoc->ipsa_dstaddr)); 1173 } else { 1174 outhash = OUTBOUND_HASH_V4(sp, *((ipaddr_t *) 1175 &inassoc->ipsa_dstaddr)); 1176 } 1177 bucket = &sp->sdb_of[outhash]; 1178 mutex_enter(&bucket->isaf_lock); 1179 outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi, 1180 inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr, 1181 inassoc->ipsa_addrfam); 1182 mutex_exit(&bucket->isaf_lock); 1183 if (outassoc == NULL) { 1184 /* Q: Do we wish to set haspeer == B_FALSE? */ 1185 esp0dbg(("esp_set_usetime: " 1186 "can't find peer for inbound.\n")); 1187 sadb_set_usetime(inassoc); 1188 return; 1189 } 1190 } else { 1191 outassoc = assoc; 1192 bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi); 1193 mutex_enter(&bucket->isaf_lock); 1194 inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi, 1195 outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr, 1196 outassoc->ipsa_addrfam); 1197 mutex_exit(&bucket->isaf_lock); 1198 if (inassoc == NULL) { 1199 /* Q: Do we wish to set haspeer == B_FALSE? */ 1200 esp0dbg(("esp_set_usetime: " 1201 "can't find peer for outbound.\n")); 1202 sadb_set_usetime(outassoc); 1203 return; 1204 } 1205 } 1206 1207 /* Update usetime on both. */ 1208 sadb_set_usetime(inassoc); 1209 sadb_set_usetime(outassoc); 1210 1211 /* 1212 * REFRELE any peer SA. 1213 * 1214 * Because of the multi-line macro nature of IPSA_REFRELE, keep 1215 * them in { }. 1216 */ 1217 if (inbound) { 1218 IPSA_REFRELE(outassoc); 1219 } else { 1220 IPSA_REFRELE(inassoc); 1221 } 1222 } 1223 1224 /* 1225 * Handle ESP inbound data for IPv4 and IPv6. 1226 * On success returns B_TRUE, on failure returns B_FALSE and frees the 1227 * mblk chain ipsec_in_mp. 1228 */ 1229 ipsec_status_t 1230 esp_inbound(mblk_t *ipsec_in_mp, void *arg) 1231 { 1232 mblk_t *data_mp = ipsec_in_mp->b_cont; 1233 ipsec_in_t *ii = (ipsec_in_t *)ipsec_in_mp->b_rptr; 1234 esph_t *esph = (esph_t *)arg; 1235 ipsa_t *ipsa = ii->ipsec_in_esp_sa; 1236 netstack_t *ns = ii->ipsec_in_ns; 1237 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1238 ipsec_stack_t *ipss = ns->netstack_ipsec; 1239 1240 /* 1241 * We may wish to check replay in-range-only here as an optimization. 1242 * Include the reality check of ipsa->ipsa_replay > 1243 * ipsa->ipsa_replay_wsize for times when it's the first N packets, 1244 * where N == ipsa->ipsa_replay_wsize. 1245 * 1246 * Another check that may come here later is the "collision" check. 1247 * If legitimate packets flow quickly enough, this won't be a problem, 1248 * but collisions may cause authentication algorithm crunching to 1249 * take place when it doesn't need to. 1250 */ 1251 if (!sadb_replay_peek(ipsa, esph->esph_replay)) { 1252 ESP_BUMP_STAT(espstack, replay_early_failures); 1253 IP_ESP_BUMP_STAT(ipss, in_discards); 1254 /* 1255 * TODO: Extract inbound interface from the IPSEC_IN 1256 * message's ii->ipsec_in_rill_index. 1257 */ 1258 ip_drop_packet(ipsec_in_mp, B_TRUE, NULL, NULL, 1259 DROPPER(ipss, ipds_esp_early_replay), 1260 &espstack->esp_dropper); 1261 return (IPSEC_STATUS_FAILED); 1262 } 1263 1264 /* 1265 * Has this packet already been processed by a hardware 1266 * IPsec accelerator? 1267 */ 1268 if (ii->ipsec_in_accelerated) { 1269 ipsec_status_t rv; 1270 esp3dbg(espstack, 1271 ("esp_inbound: pkt processed by ill=%d isv6=%d\n", 1272 ii->ipsec_in_ill_index, !ii->ipsec_in_v4)); 1273 rv = esp_inbound_accelerated(ipsec_in_mp, 1274 data_mp, ii->ipsec_in_v4, ipsa); 1275 return (rv); 1276 } 1277 ESP_BUMP_STAT(espstack, noaccel); 1278 1279 /* 1280 * Adjust the IP header's payload length to reflect the removal 1281 * of the ICV. 1282 */ 1283 if (!ii->ipsec_in_v4) { 1284 ip6_t *ip6h = (ip6_t *)data_mp->b_rptr; 1285 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - 1286 ipsa->ipsa_mac_len); 1287 } else { 1288 ipha_t *ipha = (ipha_t *)data_mp->b_rptr; 1289 ipha->ipha_length = htons(ntohs(ipha->ipha_length) - 1290 ipsa->ipsa_mac_len); 1291 } 1292 1293 /* submit the request to the crypto framework */ 1294 return (esp_submit_req_inbound(ipsec_in_mp, ipsa, 1295 (uint8_t *)esph - data_mp->b_rptr)); 1296 } 1297 1298 /* 1299 * Perform the really difficult work of inserting the proposed situation. 1300 * Called while holding the algorithm lock. 1301 */ 1302 static void 1303 esp_insert_prop(sadb_prop_t *prop, ipsacq_t *acqrec, uint_t combs) 1304 { 1305 sadb_comb_t *comb = (sadb_comb_t *)(prop + 1); 1306 ipsec_out_t *io; 1307 ipsec_action_t *ap; 1308 ipsec_prot_t *prot; 1309 netstack_t *ns; 1310 ipsecesp_stack_t *espstack; 1311 ipsec_stack_t *ipss; 1312 1313 io = (ipsec_out_t *)acqrec->ipsacq_mp->b_rptr; 1314 ASSERT(io->ipsec_out_type == IPSEC_OUT); 1315 ns = io->ipsec_out_ns; 1316 espstack = ns->netstack_ipsecesp; 1317 ipss = ns->netstack_ipsec; 1318 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock)); 1319 1320 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 1321 prop->sadb_prop_len = SADB_8TO64(sizeof (sadb_prop_t)); 1322 *(uint32_t *)(&prop->sadb_prop_replay) = 0; /* Quick zero-out! */ 1323 1324 prop->sadb_prop_replay = espstack->ipsecesp_replay_size; 1325 1326 /* 1327 * Based upon algorithm properties, and what-not, prioritize 1328 * a proposal. If the IPSEC_OUT message has an algorithm specified, 1329 * use it first and foremost. 1330 * 1331 * For each action in policy list 1332 * Add combination. If I've hit limit, return. 1333 */ 1334 1335 for (ap = acqrec->ipsacq_act; ap != NULL; 1336 ap = ap->ipa_next) { 1337 ipsec_alginfo_t *ealg = NULL; 1338 ipsec_alginfo_t *aalg = NULL; 1339 1340 if (ap->ipa_act.ipa_type != IPSEC_POLICY_APPLY) 1341 continue; 1342 1343 prot = &ap->ipa_act.ipa_apply; 1344 1345 if (!(prot->ipp_use_esp)) 1346 continue; 1347 1348 if (prot->ipp_esp_auth_alg != 0) { 1349 aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH] 1350 [prot->ipp_esp_auth_alg]; 1351 if (aalg == NULL || !ALG_VALID(aalg)) 1352 continue; 1353 } 1354 1355 ASSERT(prot->ipp_encr_alg > 0); 1356 ealg = ipss->ipsec_alglists[IPSEC_ALG_ENCR] 1357 [prot->ipp_encr_alg]; 1358 if (ealg == NULL || !ALG_VALID(ealg)) 1359 continue; 1360 1361 comb->sadb_comb_flags = 0; 1362 comb->sadb_comb_reserved = 0; 1363 comb->sadb_comb_encrypt = ealg->alg_id; 1364 comb->sadb_comb_encrypt_minbits = 1365 MAX(prot->ipp_espe_minbits, ealg->alg_ef_minbits); 1366 comb->sadb_comb_encrypt_maxbits = 1367 MIN(prot->ipp_espe_maxbits, ealg->alg_ef_maxbits); 1368 1369 if (aalg == NULL) { 1370 comb->sadb_comb_auth = 0; 1371 comb->sadb_comb_auth_minbits = 0; 1372 comb->sadb_comb_auth_maxbits = 0; 1373 } else { 1374 comb->sadb_comb_auth = aalg->alg_id; 1375 comb->sadb_comb_auth_minbits = 1376 MAX(prot->ipp_espa_minbits, aalg->alg_ef_minbits); 1377 comb->sadb_comb_auth_maxbits = 1378 MIN(prot->ipp_espa_maxbits, aalg->alg_ef_maxbits); 1379 } 1380 1381 /* 1382 * The following may be based on algorithm 1383 * properties, but in the meantime, we just pick 1384 * some good, sensible numbers. Key mgmt. can 1385 * (and perhaps should) be the place to finalize 1386 * such decisions. 1387 */ 1388 1389 /* 1390 * No limits on allocations, since we really don't 1391 * support that concept currently. 1392 */ 1393 comb->sadb_comb_soft_allocations = 0; 1394 comb->sadb_comb_hard_allocations = 0; 1395 1396 /* 1397 * These may want to come from policy rule.. 1398 */ 1399 comb->sadb_comb_soft_bytes = 1400 espstack->ipsecesp_default_soft_bytes; 1401 comb->sadb_comb_hard_bytes = 1402 espstack->ipsecesp_default_hard_bytes; 1403 comb->sadb_comb_soft_addtime = 1404 espstack->ipsecesp_default_soft_addtime; 1405 comb->sadb_comb_hard_addtime = 1406 espstack->ipsecesp_default_hard_addtime; 1407 comb->sadb_comb_soft_usetime = 1408 espstack->ipsecesp_default_soft_usetime; 1409 comb->sadb_comb_hard_usetime = 1410 espstack->ipsecesp_default_hard_usetime; 1411 1412 prop->sadb_prop_len += SADB_8TO64(sizeof (*comb)); 1413 if (--combs == 0) 1414 break; /* out of space.. */ 1415 comb++; 1416 } 1417 } 1418 1419 /* 1420 * Prepare and actually send the SADB_ACQUIRE message to PF_KEY. 1421 */ 1422 static void 1423 esp_send_acquire(ipsacq_t *acqrec, mblk_t *extended, netstack_t *ns) 1424 { 1425 uint_t combs; 1426 sadb_msg_t *samsg; 1427 sadb_prop_t *prop; 1428 mblk_t *pfkeymp, *msgmp; 1429 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1430 ipsec_stack_t *ipss = ns->netstack_ipsec; 1431 1432 ESP_BUMP_STAT(espstack, acquire_requests); 1433 1434 if (espstack->esp_pfkey_q == NULL) { 1435 mutex_exit(&acqrec->ipsacq_lock); 1436 return; 1437 } 1438 1439 /* Set up ACQUIRE. */ 1440 pfkeymp = sadb_setup_acquire(acqrec, SADB_SATYPE_ESP, 1441 ns->netstack_ipsec); 1442 if (pfkeymp == NULL) { 1443 esp0dbg(("sadb_setup_acquire failed.\n")); 1444 mutex_exit(&acqrec->ipsacq_lock); 1445 return; 1446 } 1447 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock)); 1448 combs = ipss->ipsec_nalgs[IPSEC_ALG_AUTH] * 1449 ipss->ipsec_nalgs[IPSEC_ALG_ENCR]; 1450 msgmp = pfkeymp->b_cont; 1451 samsg = (sadb_msg_t *)(msgmp->b_rptr); 1452 1453 /* Insert proposal here. */ 1454 1455 prop = (sadb_prop_t *)(((uint64_t *)samsg) + samsg->sadb_msg_len); 1456 esp_insert_prop(prop, acqrec, combs); 1457 samsg->sadb_msg_len += prop->sadb_prop_len; 1458 msgmp->b_wptr += SADB_64TO8(samsg->sadb_msg_len); 1459 1460 mutex_exit(&ipss->ipsec_alg_lock); 1461 1462 /* 1463 * Must mutex_exit() before sending PF_KEY message up, in 1464 * order to avoid recursive mutex_enter() if there are no registered 1465 * listeners. 1466 * 1467 * Once I've sent the message, I'm cool anyway. 1468 */ 1469 mutex_exit(&acqrec->ipsacq_lock); 1470 if (extended != NULL) { 1471 putnext(espstack->esp_pfkey_q, extended); 1472 } 1473 putnext(espstack->esp_pfkey_q, pfkeymp); 1474 } 1475 1476 /* 1477 * Handle the SADB_GETSPI message. Create a larval SA. 1478 */ 1479 static void 1480 esp_getspi(mblk_t *mp, keysock_in_t *ksi, ipsecesp_stack_t *espstack) 1481 { 1482 ipsa_t *newbie, *target; 1483 isaf_t *outbound, *inbound; 1484 int rc, diagnostic; 1485 sadb_sa_t *assoc; 1486 keysock_out_t *kso; 1487 uint32_t newspi; 1488 1489 /* 1490 * Randomly generate a proposed SPI value 1491 */ 1492 if (cl_inet_getspi != NULL) { 1493 cl_inet_getspi(espstack->ipsecesp_netstack->netstack_stackid, 1494 IPPROTO_ESP, (uint8_t *)&newspi, sizeof (uint32_t), NULL); 1495 } else { 1496 (void) random_get_pseudo_bytes((uint8_t *)&newspi, 1497 sizeof (uint32_t)); 1498 } 1499 newbie = sadb_getspi(ksi, newspi, &diagnostic, 1500 espstack->ipsecesp_netstack, IPPROTO_ESP); 1501 1502 if (newbie == NULL) { 1503 sadb_pfkey_error(espstack->esp_pfkey_q, mp, ENOMEM, diagnostic, 1504 ksi->ks_in_serial); 1505 return; 1506 } else if (newbie == (ipsa_t *)-1) { 1507 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, diagnostic, 1508 ksi->ks_in_serial); 1509 return; 1510 } 1511 1512 /* 1513 * XXX - We may randomly collide. We really should recover from this. 1514 * Unfortunately, that could require spending way-too-much-time 1515 * in here. For now, let the user retry. 1516 */ 1517 1518 if (newbie->ipsa_addrfam == AF_INET6) { 1519 outbound = OUTBOUND_BUCKET_V6(&espstack->esp_sadb.s_v6, 1520 *(uint32_t *)(newbie->ipsa_dstaddr)); 1521 inbound = INBOUND_BUCKET(&espstack->esp_sadb.s_v6, 1522 newbie->ipsa_spi); 1523 } else { 1524 ASSERT(newbie->ipsa_addrfam == AF_INET); 1525 outbound = OUTBOUND_BUCKET_V4(&espstack->esp_sadb.s_v4, 1526 *(uint32_t *)(newbie->ipsa_dstaddr)); 1527 inbound = INBOUND_BUCKET(&espstack->esp_sadb.s_v4, 1528 newbie->ipsa_spi); 1529 } 1530 1531 mutex_enter(&outbound->isaf_lock); 1532 mutex_enter(&inbound->isaf_lock); 1533 1534 /* 1535 * Check for collisions (i.e. did sadb_getspi() return with something 1536 * that already exists?). 1537 * 1538 * Try outbound first. Even though SADB_GETSPI is traditionally 1539 * for inbound SAs, you never know what a user might do. 1540 */ 1541 target = ipsec_getassocbyspi(outbound, newbie->ipsa_spi, 1542 newbie->ipsa_srcaddr, newbie->ipsa_dstaddr, newbie->ipsa_addrfam); 1543 if (target == NULL) { 1544 target = ipsec_getassocbyspi(inbound, newbie->ipsa_spi, 1545 newbie->ipsa_srcaddr, newbie->ipsa_dstaddr, 1546 newbie->ipsa_addrfam); 1547 } 1548 1549 /* 1550 * I don't have collisions elsewhere! 1551 * (Nor will I because I'm still holding inbound/outbound locks.) 1552 */ 1553 1554 if (target != NULL) { 1555 rc = EEXIST; 1556 IPSA_REFRELE(target); 1557 } else { 1558 /* 1559 * sadb_insertassoc() also checks for collisions, so 1560 * if there's a colliding entry, rc will be set 1561 * to EEXIST. 1562 */ 1563 rc = sadb_insertassoc(newbie, inbound); 1564 newbie->ipsa_hardexpiretime = gethrestime_sec(); 1565 newbie->ipsa_hardexpiretime += 1566 espstack->ipsecesp_larval_timeout; 1567 } 1568 1569 /* 1570 * Can exit outbound mutex. Hold inbound until we're done 1571 * with newbie. 1572 */ 1573 mutex_exit(&outbound->isaf_lock); 1574 1575 if (rc != 0) { 1576 mutex_exit(&inbound->isaf_lock); 1577 IPSA_REFRELE(newbie); 1578 sadb_pfkey_error(espstack->esp_pfkey_q, mp, rc, 1579 SADB_X_DIAGNOSTIC_NONE, ksi->ks_in_serial); 1580 return; 1581 } 1582 1583 1584 /* Can write here because I'm still holding the bucket lock. */ 1585 newbie->ipsa_type = SADB_SATYPE_ESP; 1586 1587 /* 1588 * Construct successful return message. We have one thing going 1589 * for us in PF_KEY v2. That's the fact that 1590 * sizeof (sadb_spirange_t) == sizeof (sadb_sa_t) 1591 */ 1592 assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SPIRANGE]; 1593 assoc->sadb_sa_exttype = SADB_EXT_SA; 1594 assoc->sadb_sa_spi = newbie->ipsa_spi; 1595 *((uint64_t *)(&assoc->sadb_sa_replay)) = 0; 1596 mutex_exit(&inbound->isaf_lock); 1597 1598 /* Convert KEYSOCK_IN to KEYSOCK_OUT. */ 1599 kso = (keysock_out_t *)ksi; 1600 kso->ks_out_len = sizeof (*kso); 1601 kso->ks_out_serial = ksi->ks_in_serial; 1602 kso->ks_out_type = KEYSOCK_OUT; 1603 1604 /* 1605 * Can safely putnext() to esp_pfkey_q, because this is a turnaround 1606 * from the esp_pfkey_q. 1607 */ 1608 putnext(espstack->esp_pfkey_q, mp); 1609 } 1610 1611 /* 1612 * Insert the ESP header into a packet. Duplicate an mblk, and insert a newly 1613 * allocated mblk with the ESP header in between the two. 1614 */ 1615 static boolean_t 1616 esp_insert_esp(mblk_t *mp, mblk_t *esp_mp, uint_t divpoint, 1617 ipsecesp_stack_t *espstack) 1618 { 1619 mblk_t *split_mp = mp; 1620 uint_t wheretodiv = divpoint; 1621 1622 while ((split_mp->b_wptr - split_mp->b_rptr) < wheretodiv) { 1623 wheretodiv -= (split_mp->b_wptr - split_mp->b_rptr); 1624 split_mp = split_mp->b_cont; 1625 ASSERT(split_mp != NULL); 1626 } 1627 1628 if (split_mp->b_wptr - split_mp->b_rptr != wheretodiv) { 1629 mblk_t *scratch; 1630 1631 /* "scratch" is the 2nd half, split_mp is the first. */ 1632 scratch = dupb(split_mp); 1633 if (scratch == NULL) { 1634 esp1dbg(espstack, 1635 ("esp_insert_esp: can't allocate scratch.\n")); 1636 return (B_FALSE); 1637 } 1638 /* NOTE: dupb() doesn't set b_cont appropriately. */ 1639 scratch->b_cont = split_mp->b_cont; 1640 scratch->b_rptr += wheretodiv; 1641 split_mp->b_wptr = split_mp->b_rptr + wheretodiv; 1642 split_mp->b_cont = scratch; 1643 } 1644 /* 1645 * At this point, split_mp is exactly "wheretodiv" bytes long, and 1646 * holds the end of the pre-ESP part of the datagram. 1647 */ 1648 esp_mp->b_cont = split_mp->b_cont; 1649 split_mp->b_cont = esp_mp; 1650 1651 return (B_TRUE); 1652 } 1653 1654 /* 1655 * Section 7 of RFC 3947 says: 1656 * 1657 * 7. Recovering from the Expiring NAT Mappings 1658 * 1659 * There are cases where NAT box decides to remove mappings that are still 1660 * alive (for example, when the keepalive interval is too long, or when the 1661 * NAT box is rebooted). To recover from this, ends that are NOT behind 1662 * NAT SHOULD use the last valid UDP encapsulated IKE or IPsec packet from 1663 * the other end to determine which IP and port addresses should be used. 1664 * The host behind dynamic NAT MUST NOT do this, as otherwise it opens a 1665 * DoS attack possibility because the IP address or port of the other host 1666 * will not change (it is not behind NAT). 1667 * 1668 * Keepalives cannot be used for these purposes, as they are not 1669 * authenticated, but any IKE authenticated IKE packet or ESP packet can be 1670 * used to detect whether the IP address or the port has changed. 1671 * 1672 * The following function will check an SA and its explicitly-set pair to see 1673 * if the NAT-T remote port matches the received packet (which must have 1674 * passed ESP authentication, see esp_in_done() for the caller context). If 1675 * there is a mismatch, the SAs are updated. It is not important if we race 1676 * with a transmitting thread, as if there is a transmitting thread, it will 1677 * merely emit a packet that will most-likely be dropped. 1678 * 1679 * "ports" are ordered src,dst, and assoc is an inbound SA, where src should 1680 * match ipsa_remote_nat_port and dst should match ipsa_local_nat_port. 1681 */ 1682 #ifdef _LITTLE_ENDIAN 1683 #define FIRST_16(x) ((x) & 0xFFFF) 1684 #define NEXT_16(x) (((x) >> 16) & 0xFFFF) 1685 #else 1686 #define FIRST_16(x) (((x) >> 16) & 0xFFFF) 1687 #define NEXT_16(x) ((x) & 0xFFFF) 1688 #endif 1689 static void 1690 esp_port_freshness(uint32_t ports, ipsa_t *assoc) 1691 { 1692 uint16_t remote = FIRST_16(ports); 1693 uint16_t local = NEXT_16(ports); 1694 ipsa_t *outbound_peer; 1695 isaf_t *bucket; 1696 ipsecesp_stack_t *espstack = assoc->ipsa_netstack->netstack_ipsecesp; 1697 1698 /* We found a conn_t, therefore local != 0. */ 1699 ASSERT(local != 0); 1700 /* Assume an IPv4 SA. */ 1701 ASSERT(assoc->ipsa_addrfam == AF_INET); 1702 1703 /* 1704 * On-the-wire rport == 0 means something's very wrong. 1705 * An unpaired SA is also useless to us. 1706 * If we are behind the NAT, don't bother. 1707 * A zero local NAT port defaults to 4500, so check that too. 1708 * And, of course, if the ports already match, we don't need to 1709 * bother. 1710 */ 1711 if (remote == 0 || assoc->ipsa_otherspi == 0 || 1712 (assoc->ipsa_flags & IPSA_F_BEHIND_NAT) || 1713 (assoc->ipsa_remote_nat_port == 0 && 1714 remote == htons(IPPORT_IKE_NATT)) || 1715 remote == assoc->ipsa_remote_nat_port) 1716 return; 1717 1718 /* Try and snag the peer. NOTE: Assume IPv4 for now. */ 1719 bucket = OUTBOUND_BUCKET_V4(&(espstack->esp_sadb.s_v4), 1720 assoc->ipsa_srcaddr[0]); 1721 mutex_enter(&bucket->isaf_lock); 1722 outbound_peer = ipsec_getassocbyspi(bucket, assoc->ipsa_otherspi, 1723 assoc->ipsa_dstaddr, assoc->ipsa_srcaddr, AF_INET); 1724 mutex_exit(&bucket->isaf_lock); 1725 1726 /* We probably lost a race to a deleting or expiring thread. */ 1727 if (outbound_peer == NULL) 1728 return; 1729 1730 /* 1731 * Hold the mutexes for both SAs so we don't race another inbound 1732 * thread. A lock-entry order shouldn't matter, since all other 1733 * per-ipsa locks are individually held-then-released. 1734 * 1735 * Luckily, this has nothing to do with the remote-NAT address, 1736 * so we don't have to re-scribble the cached-checksum differential. 1737 */ 1738 mutex_enter(&outbound_peer->ipsa_lock); 1739 mutex_enter(&assoc->ipsa_lock); 1740 outbound_peer->ipsa_remote_nat_port = assoc->ipsa_remote_nat_port = 1741 remote; 1742 mutex_exit(&assoc->ipsa_lock); 1743 mutex_exit(&outbound_peer->ipsa_lock); 1744 IPSA_REFRELE(outbound_peer); 1745 ESP_BUMP_STAT(espstack, sa_port_renumbers); 1746 } 1747 /* 1748 * Finish processing of an inbound ESP packet after processing by the 1749 * crypto framework. 1750 * - Remove the ESP header. 1751 * - Send packet back to IP. 1752 * If authentication was performed on the packet, this function is called 1753 * only if the authentication succeeded. 1754 * On success returns B_TRUE, on failure returns B_FALSE and frees the 1755 * mblk chain ipsec_in_mp. 1756 */ 1757 static ipsec_status_t 1758 esp_in_done(mblk_t *ipsec_in_mp) 1759 { 1760 ipsec_in_t *ii = (ipsec_in_t *)ipsec_in_mp->b_rptr; 1761 mblk_t *data_mp; 1762 ipsa_t *assoc; 1763 uint_t espstart; 1764 uint32_t ivlen = 0; 1765 uint_t processed_len; 1766 esph_t *esph; 1767 kstat_named_t *counter; 1768 boolean_t is_natt; 1769 netstack_t *ns = ii->ipsec_in_ns; 1770 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1771 ipsec_stack_t *ipss = ns->netstack_ipsec; 1772 1773 assoc = ii->ipsec_in_esp_sa; 1774 ASSERT(assoc != NULL); 1775 1776 is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0); 1777 1778 /* get the pointer to the ESP header */ 1779 if (assoc->ipsa_encr_alg == SADB_EALG_NULL) { 1780 /* authentication-only ESP */ 1781 espstart = ii->ipsec_in_crypto_data.cd_offset; 1782 processed_len = ii->ipsec_in_crypto_data.cd_length; 1783 } else { 1784 /* encryption present */ 1785 ivlen = assoc->ipsa_iv_len; 1786 if (assoc->ipsa_auth_alg == SADB_AALG_NONE) { 1787 /* encryption-only ESP */ 1788 espstart = ii->ipsec_in_crypto_data.cd_offset - 1789 sizeof (esph_t) - assoc->ipsa_iv_len; 1790 processed_len = ii->ipsec_in_crypto_data.cd_length + 1791 ivlen; 1792 } else { 1793 /* encryption with authentication */ 1794 espstart = ii->ipsec_in_crypto_dual_data.dd_offset1; 1795 processed_len = ii->ipsec_in_crypto_dual_data.dd_len2 + 1796 ivlen; 1797 } 1798 } 1799 1800 data_mp = ipsec_in_mp->b_cont; 1801 esph = (esph_t *)(data_mp->b_rptr + espstart); 1802 1803 if (assoc->ipsa_auth_alg != IPSA_AALG_NONE || 1804 (assoc->ipsa_flags & IPSA_F_COMBINED)) { 1805 /* 1806 * Authentication passed if we reach this point. 1807 * Packets with authentication will have the ICV 1808 * after the crypto data. Adjust b_wptr before 1809 * making padlen checks. 1810 */ 1811 ESP_BUMP_STAT(espstack, good_auth); 1812 data_mp->b_wptr -= assoc->ipsa_mac_len; 1813 1814 /* 1815 * Check replay window here! 1816 * For right now, assume keysock will set the replay window 1817 * size to zero for SAs that have an unspecified sender. 1818 * This may change... 1819 */ 1820 1821 if (!sadb_replay_check(assoc, esph->esph_replay)) { 1822 /* 1823 * Log the event. As of now we print out an event. 1824 * Do not print the replay failure number, or else 1825 * syslog cannot collate the error messages. Printing 1826 * the replay number that failed opens a denial-of- 1827 * service attack. 1828 */ 1829 ipsec_assocfailure(info.mi_idnum, 0, 0, 1830 SL_ERROR | SL_WARN, 1831 "Replay failed for ESP spi 0x%x, dst %s.\n", 1832 assoc->ipsa_spi, assoc->ipsa_dstaddr, 1833 assoc->ipsa_addrfam, espstack->ipsecesp_netstack); 1834 ESP_BUMP_STAT(espstack, replay_failures); 1835 counter = DROPPER(ipss, ipds_esp_replay); 1836 goto drop_and_bail; 1837 } 1838 1839 if (is_natt) 1840 esp_port_freshness(ii->ipsec_in_esp_udp_ports, assoc); 1841 } 1842 1843 esp_set_usetime(assoc, B_TRUE); 1844 1845 if (!esp_age_bytes(assoc, processed_len, B_TRUE)) { 1846 /* The ipsa has hit hard expiration, LOG and AUDIT. */ 1847 ipsec_assocfailure(info.mi_idnum, 0, 0, 1848 SL_ERROR | SL_WARN, 1849 "ESP association 0x%x, dst %s had bytes expire.\n", 1850 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam, 1851 espstack->ipsecesp_netstack); 1852 ESP_BUMP_STAT(espstack, bytes_expired); 1853 counter = DROPPER(ipss, ipds_esp_bytes_expire); 1854 goto drop_and_bail; 1855 } 1856 1857 /* 1858 * Remove ESP header and padding from packet. I hope the compiler 1859 * spews "branch, predict taken" code for this. 1860 */ 1861 1862 if (esp_strip_header(data_mp, ii->ipsec_in_v4, ivlen, &counter, 1863 espstack)) { 1864 if (is_natt) 1865 return (esp_fix_natt_checksums(data_mp, assoc)); 1866 1867 if (assoc->ipsa_state == IPSA_STATE_IDLE) { 1868 /* 1869 * Cluster buffering case. Tell caller that we're 1870 * handling the packet. 1871 */ 1872 sadb_buf_pkt(assoc, ipsec_in_mp, ns); 1873 return (IPSEC_STATUS_PENDING); 1874 } 1875 1876 return (IPSEC_STATUS_SUCCESS); 1877 } 1878 1879 esp1dbg(espstack, ("esp_in_done: esp_strip_header() failed\n")); 1880 drop_and_bail: 1881 IP_ESP_BUMP_STAT(ipss, in_discards); 1882 /* 1883 * TODO: Extract inbound interface from the IPSEC_IN message's 1884 * ii->ipsec_in_rill_index. 1885 */ 1886 ip_drop_packet(ipsec_in_mp, B_TRUE, NULL, NULL, counter, 1887 &espstack->esp_dropper); 1888 return (IPSEC_STATUS_FAILED); 1889 } 1890 1891 /* 1892 * Called upon failing the inbound ICV check. The message passed as 1893 * argument is freed. 1894 */ 1895 static void 1896 esp_log_bad_auth(mblk_t *ipsec_in) 1897 { 1898 ipsec_in_t *ii = (ipsec_in_t *)ipsec_in->b_rptr; 1899 ipsa_t *assoc = ii->ipsec_in_esp_sa; 1900 netstack_t *ns = ii->ipsec_in_ns; 1901 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1902 ipsec_stack_t *ipss = ns->netstack_ipsec; 1903 1904 /* 1905 * Log the event. Don't print to the console, block 1906 * potential denial-of-service attack. 1907 */ 1908 ESP_BUMP_STAT(espstack, bad_auth); 1909 1910 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 1911 "ESP Authentication failed for spi 0x%x, dst %s.\n", 1912 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam, 1913 espstack->ipsecesp_netstack); 1914 1915 IP_ESP_BUMP_STAT(ipss, in_discards); 1916 /* 1917 * TODO: Extract inbound interface from the IPSEC_IN 1918 * message's ii->ipsec_in_rill_index. 1919 */ 1920 ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL, 1921 DROPPER(ipss, ipds_esp_bad_auth), 1922 &espstack->esp_dropper); 1923 } 1924 1925 1926 /* 1927 * Invoked for outbound packets after ESP processing. If the packet 1928 * also requires AH, performs the AH SA selection and AH processing. 1929 * Returns B_TRUE if the AH processing was not needed or if it was 1930 * performed successfully. Returns B_FALSE and consumes the passed mblk 1931 * if AH processing was required but could not be performed. 1932 */ 1933 static boolean_t 1934 esp_do_outbound_ah(mblk_t *ipsec_mp) 1935 { 1936 ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr; 1937 ipsec_status_t ipsec_rc; 1938 ipsec_action_t *ap; 1939 1940 ap = io->ipsec_out_act; 1941 if (ap == NULL) { 1942 ipsec_policy_t *pp = io->ipsec_out_policy; 1943 ap = pp->ipsp_act; 1944 } 1945 1946 if (!ap->ipa_want_ah) 1947 return (B_TRUE); 1948 1949 ASSERT(io->ipsec_out_ah_done == B_FALSE); 1950 1951 if (io->ipsec_out_ah_sa == NULL) { 1952 if (!ipsec_outbound_sa(ipsec_mp, IPPROTO_AH)) { 1953 sadb_acquire(ipsec_mp, io, B_TRUE, B_FALSE); 1954 return (B_FALSE); 1955 } 1956 } 1957 ASSERT(io->ipsec_out_ah_sa != NULL); 1958 1959 io->ipsec_out_ah_done = B_TRUE; 1960 ipsec_rc = io->ipsec_out_ah_sa->ipsa_output_func(ipsec_mp); 1961 return (ipsec_rc == IPSEC_STATUS_SUCCESS); 1962 } 1963 1964 1965 /* 1966 * Kernel crypto framework callback invoked after completion of async 1967 * crypto requests. 1968 */ 1969 static void 1970 esp_kcf_callback(void *arg, int status) 1971 { 1972 mblk_t *ipsec_mp = (mblk_t *)arg; 1973 ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr; 1974 ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr; 1975 boolean_t is_inbound = (ii->ipsec_in_type == IPSEC_IN); 1976 netstackid_t stackid; 1977 netstack_t *ns, *ns_arg; 1978 ipsecesp_stack_t *espstack; 1979 ipsec_stack_t *ipss; 1980 1981 ASSERT(ipsec_mp->b_cont != NULL); 1982 1983 if (is_inbound) { 1984 stackid = ii->ipsec_in_stackid; 1985 ns_arg = ii->ipsec_in_ns; 1986 } else { 1987 stackid = io->ipsec_out_stackid; 1988 ns_arg = io->ipsec_out_ns; 1989 } 1990 1991 /* 1992 * Verify that the netstack is still around; could have vanished 1993 * while kEf was doing its work. 1994 */ 1995 ns = netstack_find_by_stackid(stackid); 1996 if (ns == NULL || ns != ns_arg) { 1997 /* Disappeared on us */ 1998 if (ns != NULL) 1999 netstack_rele(ns); 2000 freemsg(ipsec_mp); 2001 return; 2002 } 2003 2004 espstack = ns->netstack_ipsecesp; 2005 ipss = ns->netstack_ipsec; 2006 2007 if (status == CRYPTO_SUCCESS) { 2008 if (is_inbound) { 2009 if (esp_in_done(ipsec_mp) != IPSEC_STATUS_SUCCESS) { 2010 netstack_rele(ns); 2011 return; 2012 } 2013 /* finish IPsec processing */ 2014 ip_fanout_proto_again(ipsec_mp, NULL, NULL, NULL); 2015 } else { 2016 /* 2017 * If a ICV was computed, it was stored by the 2018 * crypto framework at the end of the packet. 2019 */ 2020 ipha_t *ipha = (ipha_t *)ipsec_mp->b_cont->b_rptr; 2021 2022 esp_set_usetime(io->ipsec_out_esp_sa, B_FALSE); 2023 /* NAT-T packet. */ 2024 if (ipha->ipha_protocol == IPPROTO_UDP) 2025 esp_prepare_udp(ns, ipsec_mp->b_cont, ipha); 2026 2027 /* do AH processing if needed */ 2028 if (!esp_do_outbound_ah(ipsec_mp)) { 2029 netstack_rele(ns); 2030 return; 2031 } 2032 /* finish IPsec processing */ 2033 if (IPH_HDR_VERSION(ipha) == IP_VERSION) { 2034 ip_wput_ipsec_out(NULL, ipsec_mp, ipha, NULL, 2035 NULL); 2036 } else { 2037 ip6_t *ip6h = (ip6_t *)ipha; 2038 ip_wput_ipsec_out_v6(NULL, ipsec_mp, ip6h, 2039 NULL, NULL); 2040 } 2041 } 2042 2043 } else if (status == CRYPTO_INVALID_MAC) { 2044 esp_log_bad_auth(ipsec_mp); 2045 2046 } else { 2047 esp1dbg(espstack, 2048 ("esp_kcf_callback: crypto failed with 0x%x\n", 2049 status)); 2050 ESP_BUMP_STAT(espstack, crypto_failures); 2051 if (is_inbound) 2052 IP_ESP_BUMP_STAT(ipss, in_discards); 2053 else 2054 ESP_BUMP_STAT(espstack, out_discards); 2055 ip_drop_packet(ipsec_mp, is_inbound, NULL, NULL, 2056 DROPPER(ipss, ipds_esp_crypto_failed), 2057 &espstack->esp_dropper); 2058 } 2059 netstack_rele(ns); 2060 } 2061 2062 /* 2063 * Invoked on crypto framework failure during inbound and outbound processing. 2064 */ 2065 static void 2066 esp_crypto_failed(mblk_t *mp, boolean_t is_inbound, int kef_rc, 2067 ipsecesp_stack_t *espstack) 2068 { 2069 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 2070 2071 esp1dbg(espstack, ("crypto failed for %s ESP with 0x%x\n", 2072 is_inbound ? "inbound" : "outbound", kef_rc)); 2073 ip_drop_packet(mp, is_inbound, NULL, NULL, 2074 DROPPER(ipss, ipds_esp_crypto_failed), 2075 &espstack->esp_dropper); 2076 ESP_BUMP_STAT(espstack, crypto_failures); 2077 if (is_inbound) 2078 IP_ESP_BUMP_STAT(ipss, in_discards); 2079 else 2080 ESP_BUMP_STAT(espstack, out_discards); 2081 } 2082 2083 #define ESP_INIT_CALLREQ(_cr) { \ 2084 (_cr)->cr_flag = CRYPTO_SKIP_REQID|CRYPTO_RESTRICTED; \ 2085 (_cr)->cr_callback_arg = ipsec_mp; \ 2086 (_cr)->cr_callback_func = esp_kcf_callback; \ 2087 } 2088 2089 #define ESP_INIT_CRYPTO_MAC(mac, icvlen, icvbuf) { \ 2090 (mac)->cd_format = CRYPTO_DATA_RAW; \ 2091 (mac)->cd_offset = 0; \ 2092 (mac)->cd_length = icvlen; \ 2093 (mac)->cd_raw.iov_base = (char *)icvbuf; \ 2094 (mac)->cd_raw.iov_len = icvlen; \ 2095 } 2096 2097 #define ESP_INIT_CRYPTO_DATA(data, mp, off, len) { \ 2098 if (MBLKL(mp) >= (len) + (off)) { \ 2099 (data)->cd_format = CRYPTO_DATA_RAW; \ 2100 (data)->cd_raw.iov_base = (char *)(mp)->b_rptr; \ 2101 (data)->cd_raw.iov_len = MBLKL(mp); \ 2102 (data)->cd_offset = off; \ 2103 } else { \ 2104 (data)->cd_format = CRYPTO_DATA_MBLK; \ 2105 (data)->cd_mp = mp; \ 2106 (data)->cd_offset = off; \ 2107 } \ 2108 (data)->cd_length = len; \ 2109 } 2110 2111 #define ESP_INIT_CRYPTO_DUAL_DATA(data, mp, off1, len1, off2, len2) { \ 2112 (data)->dd_format = CRYPTO_DATA_MBLK; \ 2113 (data)->dd_mp = mp; \ 2114 (data)->dd_len1 = len1; \ 2115 (data)->dd_offset1 = off1; \ 2116 (data)->dd_len2 = len2; \ 2117 (data)->dd_offset2 = off2; \ 2118 } 2119 2120 static ipsec_status_t 2121 esp_submit_req_inbound(mblk_t *ipsec_mp, ipsa_t *assoc, uint_t esph_offset) 2122 { 2123 ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr; 2124 boolean_t do_auth; 2125 uint_t auth_offset, msg_len, auth_len; 2126 crypto_call_req_t call_req; 2127 mblk_t *esp_mp; 2128 esph_t *esph_ptr; 2129 int kef_rc = CRYPTO_FAILED; 2130 uint_t icv_len = assoc->ipsa_mac_len; 2131 crypto_ctx_template_t auth_ctx_tmpl; 2132 boolean_t do_encr; 2133 uint_t encr_offset, encr_len; 2134 uint_t iv_len = assoc->ipsa_iv_len; 2135 crypto_ctx_template_t encr_ctx_tmpl; 2136 netstack_t *ns = ii->ipsec_in_ns; 2137 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 2138 ipsec_stack_t *ipss = ns->netstack_ipsec; 2139 uchar_t *iv_ptr; 2140 2141 ASSERT(ii->ipsec_in_type == IPSEC_IN); 2142 2143 /* 2144 * In case kEF queues and calls back, keep netstackid_t for 2145 * verification that the IP instance is still around in 2146 * esp_kcf_callback(). 2147 */ 2148 ASSERT(ii->ipsec_in_stackid == ns->netstack_stackid); 2149 2150 do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE; 2151 do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL; 2152 2153 /* 2154 * An inbound packet is of the form: 2155 * IPSEC_IN -> [IP,options,ESP,IV,data,ICV,pad] 2156 */ 2157 esp_mp = ipsec_mp->b_cont; 2158 esph_ptr = (esph_t *)(esp_mp->b_rptr + esph_offset); 2159 iv_ptr = (uchar_t *)(esph_ptr + 1); 2160 /* Packet length starting at IP header ending after ESP ICV. */ 2161 msg_len = MBLKL(esp_mp); 2162 2163 encr_offset = esph_offset + sizeof (esph_t) + iv_len; 2164 encr_len = msg_len - encr_offset; 2165 2166 ESP_INIT_CALLREQ(&call_req); 2167 2168 /* 2169 * Counter mode algs need a nonce. This is setup in sadb_common_add(). 2170 * If for some reason we are using a SA which does not have a nonce 2171 * then we must fail here. 2172 */ 2173 if ((assoc->ipsa_flags & IPSA_F_COUNTERMODE) && 2174 (assoc->ipsa_nonce == NULL)) { 2175 ip_drop_packet(ipsec_mp, B_FALSE, NULL, NULL, 2176 DROPPER(ipss, ipds_esp_nomem), &espstack->esp_dropper); 2177 return (IPSEC_STATUS_FAILED); 2178 } 2179 2180 if (do_auth) { 2181 /* force asynchronous processing? */ 2182 if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_AUTH] == 2183 IPSEC_ALGS_EXEC_ASYNC) 2184 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 2185 2186 /* authentication context template */ 2187 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH, 2188 auth_ctx_tmpl); 2189 2190 /* ICV to be verified */ 2191 ESP_INIT_CRYPTO_MAC(&ii->ipsec_in_crypto_mac, 2192 icv_len, esp_mp->b_wptr - icv_len); 2193 2194 /* authentication starts at the ESP header */ 2195 auth_offset = esph_offset; 2196 auth_len = msg_len - auth_offset - icv_len; 2197 if (!do_encr) { 2198 /* authentication only */ 2199 /* initialize input data argument */ 2200 ESP_INIT_CRYPTO_DATA(&ii->ipsec_in_crypto_data, 2201 esp_mp, auth_offset, auth_len); 2202 2203 /* call the crypto framework */ 2204 kef_rc = crypto_mac_verify(&assoc->ipsa_amech, 2205 &ii->ipsec_in_crypto_data, 2206 &assoc->ipsa_kcfauthkey, auth_ctx_tmpl, 2207 &ii->ipsec_in_crypto_mac, &call_req); 2208 } 2209 } 2210 2211 if (do_encr) { 2212 /* force asynchronous processing? */ 2213 if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_ENCR] == 2214 IPSEC_ALGS_EXEC_ASYNC) 2215 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 2216 2217 /* encryption template */ 2218 IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR, 2219 encr_ctx_tmpl); 2220 2221 /* Call the nonce update function. Also passes in IV */ 2222 (assoc->ipsa_noncefunc)(assoc, (uchar_t *)esph_ptr, encr_len, 2223 iv_ptr, &ii->ipsec_in_cmm, &ii->ipsec_in_crypto_data); 2224 2225 if (!do_auth) { 2226 /* decryption only */ 2227 /* initialize input data argument */ 2228 ESP_INIT_CRYPTO_DATA(&ii->ipsec_in_crypto_data, 2229 esp_mp, encr_offset, encr_len); 2230 2231 /* call the crypto framework */ 2232 kef_rc = crypto_decrypt((crypto_mechanism_t *) 2233 &ii->ipsec_in_cmm, &ii->ipsec_in_crypto_data, 2234 &assoc->ipsa_kcfencrkey, encr_ctx_tmpl, 2235 NULL, &call_req); 2236 } 2237 } 2238 2239 if (do_auth && do_encr) { 2240 /* dual operation */ 2241 /* initialize input data argument */ 2242 ESP_INIT_CRYPTO_DUAL_DATA(&ii->ipsec_in_crypto_dual_data, 2243 esp_mp, auth_offset, auth_len, 2244 encr_offset, encr_len - icv_len); 2245 2246 /* specify IV */ 2247 ii->ipsec_in_crypto_dual_data.dd_miscdata = (char *)iv_ptr; 2248 2249 /* call the framework */ 2250 kef_rc = crypto_mac_verify_decrypt(&assoc->ipsa_amech, 2251 &assoc->ipsa_emech, &ii->ipsec_in_crypto_dual_data, 2252 &assoc->ipsa_kcfauthkey, &assoc->ipsa_kcfencrkey, 2253 auth_ctx_tmpl, encr_ctx_tmpl, &ii->ipsec_in_crypto_mac, 2254 NULL, &call_req); 2255 } 2256 2257 switch (kef_rc) { 2258 case CRYPTO_SUCCESS: 2259 ESP_BUMP_STAT(espstack, crypto_sync); 2260 return (esp_in_done(ipsec_mp)); 2261 case CRYPTO_QUEUED: 2262 /* esp_kcf_callback() will be invoked on completion */ 2263 ESP_BUMP_STAT(espstack, crypto_async); 2264 return (IPSEC_STATUS_PENDING); 2265 case CRYPTO_INVALID_MAC: 2266 ESP_BUMP_STAT(espstack, crypto_sync); 2267 esp_log_bad_auth(ipsec_mp); 2268 return (IPSEC_STATUS_FAILED); 2269 } 2270 2271 esp_crypto_failed(ipsec_mp, B_TRUE, kef_rc, espstack); 2272 return (IPSEC_STATUS_FAILED); 2273 } 2274 2275 /* 2276 * Compute the IP and UDP checksums -- common code for both keepalives and 2277 * actual ESP-in-UDP packets. Be flexible with multiple mblks because ESP 2278 * uses mblk-insertion to insert the UDP header. 2279 * TODO - If there is an easy way to prep a packet for HW checksums, make 2280 * it happen here. 2281 */ 2282 static void 2283 esp_prepare_udp(netstack_t *ns, mblk_t *mp, ipha_t *ipha) 2284 { 2285 int offset; 2286 uint32_t cksum; 2287 uint16_t *arr; 2288 mblk_t *udpmp = mp; 2289 uint_t hlen = IPH_HDR_LENGTH(ipha); 2290 2291 ASSERT(MBLKL(mp) >= sizeof (ipha_t)); 2292 2293 ipha->ipha_hdr_checksum = 0; 2294 ipha->ipha_hdr_checksum = ip_csum_hdr(ipha); 2295 2296 if (ns->netstack_udp->us_do_checksum) { 2297 ASSERT(MBLKL(udpmp) >= sizeof (udpha_t)); 2298 /* arr points to the IP header. */ 2299 arr = (uint16_t *)ipha; 2300 IP_STAT(ns->netstack_ip, ip_out_sw_cksum); 2301 IP_STAT_UPDATE(ns->netstack_ip, ip_udp_out_sw_cksum_bytes, 2302 ntohs(htons(ipha->ipha_length) - hlen)); 2303 /* arr[6-9] are the IP addresses. */ 2304 cksum = IP_UDP_CSUM_COMP + arr[6] + arr[7] + arr[8] + arr[9] + 2305 ntohs(htons(ipha->ipha_length) - hlen); 2306 cksum = IP_CSUM(mp, hlen, cksum); 2307 offset = hlen + UDP_CHECKSUM_OFFSET; 2308 while (offset >= MBLKL(udpmp)) { 2309 offset -= MBLKL(udpmp); 2310 udpmp = udpmp->b_cont; 2311 } 2312 /* arr points to the UDP header's checksum field. */ 2313 arr = (uint16_t *)(udpmp->b_rptr + offset); 2314 *arr = cksum; 2315 } 2316 } 2317 2318 /* 2319 * taskq handler so we can send the NAT-T keepalive on a separate thread. 2320 */ 2321 static void 2322 actually_send_keepalive(void *arg) 2323 { 2324 mblk_t *ipsec_mp = (mblk_t *)arg; 2325 ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr; 2326 ipha_t *ipha; 2327 netstack_t *ns; 2328 2329 ASSERT(DB_TYPE(ipsec_mp) == M_CTL); 2330 ASSERT(io->ipsec_out_type == IPSEC_OUT); 2331 ASSERT(ipsec_mp->b_cont != NULL); 2332 ASSERT(DB_TYPE(ipsec_mp->b_cont) == M_DATA); 2333 2334 ns = netstack_find_by_stackid(io->ipsec_out_stackid); 2335 if (ns == NULL || ns != io->ipsec_out_ns) { 2336 /* Just freemsg(). */ 2337 if (ns != NULL) 2338 netstack_rele(ns); 2339 freemsg(ipsec_mp); 2340 return; 2341 } 2342 2343 ipha = (ipha_t *)ipsec_mp->b_cont->b_rptr; 2344 ip_wput_ipsec_out(NULL, ipsec_mp, ipha, NULL, NULL); 2345 netstack_rele(ns); 2346 } 2347 2348 /* 2349 * Send a one-byte UDP NAT-T keepalive. Construct an IPSEC_OUT too that'll 2350 * get fed into esp_send_udp/ip_wput_ipsec_out. 2351 */ 2352 void 2353 ipsecesp_send_keepalive(ipsa_t *assoc) 2354 { 2355 mblk_t *mp = NULL, *ipsec_mp = NULL; 2356 ipha_t *ipha; 2357 udpha_t *udpha; 2358 ipsec_out_t *io; 2359 2360 ASSERT(MUTEX_NOT_HELD(&assoc->ipsa_lock)); 2361 2362 mp = allocb(sizeof (ipha_t) + sizeof (udpha_t) + 1, BPRI_HI); 2363 if (mp == NULL) 2364 return; 2365 ipha = (ipha_t *)mp->b_rptr; 2366 ipha->ipha_version_and_hdr_length = IP_SIMPLE_HDR_VERSION; 2367 ipha->ipha_type_of_service = 0; 2368 ipha->ipha_length = htons(sizeof (ipha_t) + sizeof (udpha_t) + 1); 2369 /* Use the low-16 of the SPI so we have some clue where it came from. */ 2370 ipha->ipha_ident = *(((uint16_t *)(&assoc->ipsa_spi)) + 1); 2371 ipha->ipha_fragment_offset_and_flags = 0; /* Too small to fragment! */ 2372 ipha->ipha_ttl = 0xFF; 2373 ipha->ipha_protocol = IPPROTO_UDP; 2374 ipha->ipha_hdr_checksum = 0; 2375 ipha->ipha_src = assoc->ipsa_srcaddr[0]; 2376 ipha->ipha_dst = assoc->ipsa_dstaddr[0]; 2377 udpha = (udpha_t *)(ipha + 1); 2378 udpha->uha_src_port = (assoc->ipsa_local_nat_port != 0) ? 2379 assoc->ipsa_local_nat_port : htons(IPPORT_IKE_NATT); 2380 udpha->uha_dst_port = (assoc->ipsa_remote_nat_port != 0) ? 2381 assoc->ipsa_remote_nat_port : htons(IPPORT_IKE_NATT); 2382 udpha->uha_length = htons(sizeof (udpha_t) + 1); 2383 udpha->uha_checksum = 0; 2384 mp->b_wptr = (uint8_t *)(udpha + 1); 2385 *(mp->b_wptr++) = 0xFF; 2386 2387 ipsec_mp = ipsec_alloc_ipsec_out(assoc->ipsa_netstack); 2388 if (ipsec_mp == NULL) { 2389 freeb(mp); 2390 return; 2391 } 2392 ipsec_mp->b_cont = mp; 2393 io = (ipsec_out_t *)ipsec_mp->b_rptr; 2394 io->ipsec_out_zoneid = 2395 netstackid_to_zoneid(assoc->ipsa_netstack->netstack_stackid); 2396 io->ipsec_out_stackid = assoc->ipsa_netstack->netstack_stackid; 2397 2398 esp_prepare_udp(assoc->ipsa_netstack, mp, ipha); 2399 /* 2400 * We're holding an isaf_t bucket lock, so pawn off the actual 2401 * packet transmission to another thread. Just in case syncq 2402 * processing causes a same-bucket packet to be processed. 2403 */ 2404 if (taskq_dispatch(esp_taskq, actually_send_keepalive, ipsec_mp, 2405 TQ_NOSLEEP) == 0) { 2406 /* Assume no memory if taskq_dispatch() fails. */ 2407 ip_drop_packet(ipsec_mp, B_FALSE, NULL, NULL, 2408 DROPPER(assoc->ipsa_netstack->netstack_ipsec, 2409 ipds_esp_nomem), 2410 &assoc->ipsa_netstack->netstack_ipsecesp->esp_dropper); 2411 } 2412 } 2413 2414 static ipsec_status_t 2415 esp_submit_req_outbound(mblk_t *ipsec_mp, ipsa_t *assoc, uchar_t *icv_buf, 2416 uint_t payload_len) 2417 { 2418 ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr; 2419 uint_t auth_len; 2420 crypto_call_req_t call_req; 2421 mblk_t *esp_mp, *data_mp, *ip_mp; 2422 esph_t *esph_ptr; 2423 int kef_rc = CRYPTO_FAILED; 2424 uint_t icv_len = assoc->ipsa_mac_len; 2425 crypto_ctx_template_t auth_ctx_tmpl; 2426 boolean_t do_auth; 2427 boolean_t do_encr; 2428 uint_t iv_len = assoc->ipsa_iv_len; 2429 crypto_ctx_template_t encr_ctx_tmpl; 2430 boolean_t is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0); 2431 size_t esph_offset = (is_natt ? UDPH_SIZE : 0); 2432 netstack_t *ns = io->ipsec_out_ns; 2433 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 2434 ipsec_stack_t *ipss = ns->netstack_ipsec; 2435 uchar_t *iv_ptr; 2436 crypto_data_t *cd_ptr = NULL; 2437 2438 esp3dbg(espstack, ("esp_submit_req_outbound:%s", 2439 is_natt ? "natt" : "not natt")); 2440 2441 ASSERT(io->ipsec_out_type == IPSEC_OUT); 2442 2443 /* 2444 * In case kEF queues and calls back, keep netstackid_t for 2445 * verification that the IP instance is still around in 2446 * esp_kcf_callback(). 2447 */ 2448 io->ipsec_out_stackid = ns->netstack_stackid; 2449 2450 do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL; 2451 do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE; 2452 2453 /* 2454 * Outbound IPsec packets are of the form: 2455 * IPSEC_OUT -> [IP,options] -> [ESP,IV] -> [data] -> [pad,ICV] 2456 * unless it's NATT, then it's 2457 * IPSEC_OUT -> [IP,options] -> [udp][ESP,IV] -> [data] -> [pad,ICV] 2458 * Get a pointer to the mblk containing the ESP header. 2459 */ 2460 ip_mp = ipsec_mp->b_cont; 2461 esp_mp = ipsec_mp->b_cont->b_cont; 2462 ASSERT(ip_mp != NULL && esp_mp != NULL); 2463 esph_ptr = (esph_t *)(esp_mp->b_rptr + esph_offset); 2464 iv_ptr = (uchar_t *)(esph_ptr + 1); 2465 data_mp = ipsec_mp->b_cont->b_cont->b_cont; 2466 2467 /* 2468 * Combined mode algs need a nonce. This is setup in sadb_common_add(). 2469 * If for some reason we are using a SA which does not have a nonce 2470 * then we must fail here. 2471 */ 2472 if ((assoc->ipsa_flags & IPSA_F_COUNTERMODE) && 2473 (assoc->ipsa_nonce == NULL)) { 2474 ip_drop_packet(ipsec_mp, B_FALSE, NULL, NULL, 2475 DROPPER(ipss, ipds_esp_nomem), &espstack->esp_dropper); 2476 return (IPSEC_STATUS_FAILED); 2477 } 2478 2479 ESP_INIT_CALLREQ(&call_req); 2480 2481 if (do_auth) { 2482 /* force asynchronous processing? */ 2483 if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_AUTH] == 2484 IPSEC_ALGS_EXEC_ASYNC) 2485 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 2486 2487 /* authentication context template */ 2488 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH, 2489 auth_ctx_tmpl); 2490 2491 /* where to store the computed mac */ 2492 ESP_INIT_CRYPTO_MAC(&io->ipsec_out_crypto_mac, 2493 icv_len, icv_buf); 2494 2495 /* authentication starts at the ESP header */ 2496 auth_len = payload_len + iv_len + sizeof (esph_t); 2497 if (!do_encr) { 2498 /* authentication only */ 2499 /* initialize input data argument */ 2500 ESP_INIT_CRYPTO_DATA(&io->ipsec_out_crypto_data, 2501 esp_mp, esph_offset, auth_len); 2502 2503 /* call the crypto framework */ 2504 kef_rc = crypto_mac(&assoc->ipsa_amech, 2505 &io->ipsec_out_crypto_data, 2506 &assoc->ipsa_kcfauthkey, auth_ctx_tmpl, 2507 &io->ipsec_out_crypto_mac, &call_req); 2508 } 2509 } 2510 2511 if (do_encr) { 2512 /* force asynchronous processing? */ 2513 if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_ENCR] == 2514 IPSEC_ALGS_EXEC_ASYNC) 2515 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 2516 2517 /* encryption context template */ 2518 IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR, 2519 encr_ctx_tmpl); 2520 /* Call the nonce update function. */ 2521 (assoc->ipsa_noncefunc)(assoc, (uchar_t *)esph_ptr, payload_len, 2522 iv_ptr, &io->ipsec_out_cmm, &io->ipsec_out_crypto_data); 2523 2524 if (!do_auth) { 2525 /* encryption only, skip mblk that contains ESP hdr */ 2526 /* initialize input data argument */ 2527 ESP_INIT_CRYPTO_DATA(&io->ipsec_out_crypto_data, 2528 data_mp, 0, payload_len); 2529 2530 /* 2531 * For combined mode ciphers, the ciphertext is the same 2532 * size as the clear text, the ICV should follow the 2533 * ciphertext. To convince the kcf to allow in-line 2534 * encryption, with an ICV, use ipsec_out_crypto_mac 2535 * to point to the same buffer as the data. The calling 2536 * function need to ensure the buffer is large enough to 2537 * include the ICV. 2538 * 2539 * The IV is already written to the packet buffer, the 2540 * nonce setup function copied it to the params struct 2541 * for the cipher to use. 2542 */ 2543 if (assoc->ipsa_flags & IPSA_F_COMBINED) { 2544 bcopy(&io->ipsec_out_crypto_data, 2545 &io->ipsec_out_crypto_mac, 2546 sizeof (crypto_data_t)); 2547 io->ipsec_out_crypto_mac.cd_length = 2548 payload_len + icv_len; 2549 cd_ptr = &io->ipsec_out_crypto_mac; 2550 } 2551 2552 /* call the crypto framework */ 2553 kef_rc = crypto_encrypt((crypto_mechanism_t *) 2554 &io->ipsec_out_cmm, 2555 &io->ipsec_out_crypto_data, 2556 &assoc->ipsa_kcfencrkey, encr_ctx_tmpl, 2557 cd_ptr, &call_req); 2558 2559 } 2560 } 2561 2562 if (do_auth && do_encr) { 2563 /* 2564 * Encryption and authentication: 2565 * Pass the pointer to the mblk chain starting at the ESP 2566 * header to the framework. Skip the ESP header mblk 2567 * for encryption, which is reflected by an encryption 2568 * offset equal to the length of that mblk. Start 2569 * the authentication at the ESP header, i.e. use an 2570 * authentication offset of zero. 2571 */ 2572 ESP_INIT_CRYPTO_DUAL_DATA(&io->ipsec_out_crypto_dual_data, 2573 esp_mp, MBLKL(esp_mp), payload_len, esph_offset, auth_len); 2574 2575 /* specify IV */ 2576 io->ipsec_out_crypto_dual_data.dd_miscdata = (char *)iv_ptr; 2577 2578 /* call the framework */ 2579 kef_rc = crypto_encrypt_mac(&assoc->ipsa_emech, 2580 &assoc->ipsa_amech, NULL, 2581 &assoc->ipsa_kcfencrkey, &assoc->ipsa_kcfauthkey, 2582 encr_ctx_tmpl, auth_ctx_tmpl, 2583 &io->ipsec_out_crypto_dual_data, 2584 &io->ipsec_out_crypto_mac, &call_req); 2585 } 2586 2587 switch (kef_rc) { 2588 case CRYPTO_SUCCESS: 2589 ESP_BUMP_STAT(espstack, crypto_sync); 2590 esp_set_usetime(assoc, B_FALSE); 2591 if (is_natt) 2592 esp_prepare_udp(ns, ipsec_mp->b_cont, 2593 (ipha_t *)ipsec_mp->b_cont->b_rptr); 2594 return (IPSEC_STATUS_SUCCESS); 2595 case CRYPTO_QUEUED: 2596 /* esp_kcf_callback() will be invoked on completion */ 2597 ESP_BUMP_STAT(espstack, crypto_async); 2598 return (IPSEC_STATUS_PENDING); 2599 } 2600 2601 esp_crypto_failed(ipsec_mp, B_FALSE, kef_rc, espstack); 2602 return (IPSEC_STATUS_FAILED); 2603 } 2604 2605 /* 2606 * Handle outbound IPsec processing for IPv4 and IPv6 2607 * On success returns B_TRUE, on failure returns B_FALSE and frees the 2608 * mblk chain ipsec_in_mp. 2609 */ 2610 static ipsec_status_t 2611 esp_outbound(mblk_t *mp) 2612 { 2613 mblk_t *ipsec_out_mp, *data_mp, *espmp, *tailmp; 2614 ipsec_out_t *io; 2615 ipha_t *ipha; 2616 ip6_t *ip6h; 2617 esph_t *esph_ptr, *iv_ptr; 2618 uint_t af; 2619 uint8_t *nhp; 2620 uintptr_t divpoint, datalen, adj, padlen, i, alloclen; 2621 uintptr_t esplen = sizeof (esph_t); 2622 uint8_t protocol; 2623 ipsa_t *assoc; 2624 uint_t iv_len, block_size, mac_len = 0; 2625 uchar_t *icv_buf; 2626 udpha_t *udpha; 2627 boolean_t is_natt = B_FALSE; 2628 netstack_t *ns; 2629 ipsecesp_stack_t *espstack; 2630 ipsec_stack_t *ipss; 2631 2632 ipsec_out_mp = mp; 2633 data_mp = ipsec_out_mp->b_cont; 2634 2635 io = (ipsec_out_t *)ipsec_out_mp->b_rptr; 2636 ns = io->ipsec_out_ns; 2637 espstack = ns->netstack_ipsecesp; 2638 ipss = ns->netstack_ipsec; 2639 2640 ESP_BUMP_STAT(espstack, out_requests); 2641 2642 /* 2643 * <sigh> We have to copy the message here, because TCP (for example) 2644 * keeps a dupb() of the message lying around for retransmission. 2645 * Since ESP changes the whole of the datagram, we have to create our 2646 * own copy lest we clobber TCP's data. Since we have to copy anyway, 2647 * we might as well make use of msgpullup() and get the mblk into one 2648 * contiguous piece! 2649 */ 2650 ipsec_out_mp->b_cont = msgpullup(data_mp, -1); 2651 if (ipsec_out_mp->b_cont == NULL) { 2652 esp0dbg(("esp_outbound: msgpullup() failed, " 2653 "dropping packet.\n")); 2654 ipsec_out_mp->b_cont = data_mp; 2655 /* 2656 * TODO: Find the outbound IRE for this packet and 2657 * pass it to ip_drop_packet(). 2658 */ 2659 ip_drop_packet(ipsec_out_mp, B_FALSE, NULL, NULL, 2660 DROPPER(ipss, ipds_esp_nomem), 2661 &espstack->esp_dropper); 2662 return (IPSEC_STATUS_FAILED); 2663 } else { 2664 freemsg(data_mp); 2665 data_mp = ipsec_out_mp->b_cont; 2666 } 2667 2668 /* 2669 * Reality check.... 2670 */ 2671 2672 ipha = (ipha_t *)data_mp->b_rptr; /* So we can call esp_acquire(). */ 2673 2674 if (io->ipsec_out_v4) { 2675 af = AF_INET; 2676 divpoint = IPH_HDR_LENGTH(ipha); 2677 datalen = ntohs(ipha->ipha_length) - divpoint; 2678 nhp = (uint8_t *)&ipha->ipha_protocol; 2679 } else { 2680 ip6_pkt_t ipp; 2681 2682 af = AF_INET6; 2683 ip6h = (ip6_t *)ipha; 2684 bzero(&ipp, sizeof (ipp)); 2685 divpoint = ip_find_hdr_v6(data_mp, ip6h, &ipp, NULL); 2686 if (ipp.ipp_dstopts != NULL && 2687 ipp.ipp_dstopts->ip6d_nxt != IPPROTO_ROUTING) { 2688 /* 2689 * Destination options are tricky. If we get in here, 2690 * then we have a terminal header following the 2691 * destination options. We need to adjust backwards 2692 * so we insert ESP BEFORE the destination options 2693 * bag. (So that the dstopts get encrypted!) 2694 * 2695 * Since this is for outbound packets only, we know 2696 * that non-terminal destination options only precede 2697 * routing headers. 2698 */ 2699 divpoint -= ipp.ipp_dstoptslen; 2700 } 2701 datalen = ntohs(ip6h->ip6_plen) + sizeof (ip6_t) - divpoint; 2702 2703 if (ipp.ipp_rthdr != NULL) { 2704 nhp = &ipp.ipp_rthdr->ip6r_nxt; 2705 } else if (ipp.ipp_hopopts != NULL) { 2706 nhp = &ipp.ipp_hopopts->ip6h_nxt; 2707 } else { 2708 ASSERT(divpoint == sizeof (ip6_t)); 2709 /* It's probably IP + ESP. */ 2710 nhp = &ip6h->ip6_nxt; 2711 } 2712 } 2713 assoc = io->ipsec_out_esp_sa; 2714 ASSERT(assoc != NULL); 2715 2716 mac_len = assoc->ipsa_mac_len; 2717 2718 if (assoc->ipsa_flags & IPSA_F_NATT) { 2719 /* wedge in fake UDP */ 2720 is_natt = B_TRUE; 2721 esplen += UDPH_SIZE; 2722 } 2723 2724 /* 2725 * Set up ESP header and encryption padding for ENCR PI request. 2726 */ 2727 2728 /* Determine the padding length. Pad to 4-bytes for no-encryption. */ 2729 if (assoc->ipsa_encr_alg != SADB_EALG_NULL) { 2730 iv_len = assoc->ipsa_iv_len; 2731 block_size = assoc->ipsa_datalen; 2732 2733 /* 2734 * Pad the data to the length of the cipher block size. 2735 * Include the two additional bytes (hence the - 2) for the 2736 * padding length and the next header. Take this into account 2737 * when calculating the actual length of the padding. 2738 */ 2739 ASSERT(ISP2(iv_len)); 2740 padlen = ((unsigned)(block_size - datalen - 2)) & 2741 (block_size - 1); 2742 } else { 2743 iv_len = 0; 2744 padlen = ((unsigned)(sizeof (uint32_t) - datalen - 2)) & 2745 (sizeof (uint32_t) - 1); 2746 } 2747 2748 /* Allocate ESP header and IV. */ 2749 esplen += iv_len; 2750 2751 /* 2752 * Update association byte-count lifetimes. Don't forget to take 2753 * into account the padding length and next-header (hence the + 2). 2754 * 2755 * Use the amount of data fed into the "encryption algorithm". This 2756 * is the IV, the data length, the padding length, and the final two 2757 * bytes (padlen, and next-header). 2758 * 2759 */ 2760 2761 if (!esp_age_bytes(assoc, datalen + padlen + iv_len + 2, B_FALSE)) { 2762 /* 2763 * TODO: Find the outbound IRE for this packet and 2764 * pass it to ip_drop_packet(). 2765 */ 2766 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2767 DROPPER(ipss, ipds_esp_bytes_expire), 2768 &espstack->esp_dropper); 2769 return (IPSEC_STATUS_FAILED); 2770 } 2771 2772 espmp = allocb(esplen, BPRI_HI); 2773 if (espmp == NULL) { 2774 ESP_BUMP_STAT(espstack, out_discards); 2775 esp1dbg(espstack, ("esp_outbound: can't allocate espmp.\n")); 2776 /* 2777 * TODO: Find the outbound IRE for this packet and 2778 * pass it to ip_drop_packet(). 2779 */ 2780 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2781 DROPPER(ipss, ipds_esp_nomem), 2782 &espstack->esp_dropper); 2783 return (IPSEC_STATUS_FAILED); 2784 } 2785 espmp->b_wptr += esplen; 2786 esph_ptr = (esph_t *)espmp->b_rptr; 2787 2788 if (is_natt) { 2789 esp3dbg(espstack, ("esp_outbound: NATT")); 2790 2791 udpha = (udpha_t *)espmp->b_rptr; 2792 udpha->uha_src_port = (assoc->ipsa_local_nat_port != 0) ? 2793 assoc->ipsa_local_nat_port : htons(IPPORT_IKE_NATT); 2794 udpha->uha_dst_port = (assoc->ipsa_remote_nat_port != 0) ? 2795 assoc->ipsa_remote_nat_port : htons(IPPORT_IKE_NATT); 2796 /* 2797 * Set the checksum to 0, so that the esp_prepare_udp() call 2798 * can do the right thing. 2799 */ 2800 udpha->uha_checksum = 0; 2801 esph_ptr = (esph_t *)(udpha + 1); 2802 } 2803 2804 esph_ptr->esph_spi = assoc->ipsa_spi; 2805 2806 esph_ptr->esph_replay = htonl(atomic_add_32_nv(&assoc->ipsa_replay, 1)); 2807 if (esph_ptr->esph_replay == 0 && assoc->ipsa_replay_wsize != 0) { 2808 /* 2809 * XXX We have replay counter wrapping. 2810 * We probably want to nuke this SA (and its peer). 2811 */ 2812 ipsec_assocfailure(info.mi_idnum, 0, 0, 2813 SL_ERROR | SL_CONSOLE | SL_WARN, 2814 "Outbound ESP SA (0x%x, %s) has wrapped sequence.\n", 2815 esph_ptr->esph_spi, assoc->ipsa_dstaddr, af, 2816 espstack->ipsecesp_netstack); 2817 2818 ESP_BUMP_STAT(espstack, out_discards); 2819 sadb_replay_delete(assoc); 2820 /* 2821 * TODO: Find the outbound IRE for this packet and 2822 * pass it to ip_drop_packet(). 2823 */ 2824 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2825 DROPPER(ipss, ipds_esp_replay), 2826 &espstack->esp_dropper); 2827 return (IPSEC_STATUS_FAILED); 2828 } 2829 2830 iv_ptr = (esph_ptr + 1); 2831 /* 2832 * iv_ptr points to the mblk which will contain the IV once we have 2833 * written it there. This mblk will be part of a mblk chain that 2834 * will make up the packet. 2835 * 2836 * For counter mode algorithms, the IV is a 64 bit quantity, it 2837 * must NEVER repeat in the lifetime of the SA, otherwise an 2838 * attacker who had recorded enough packets might be able to 2839 * determine some clear text. 2840 * 2841 * To ensure this does not happen, the IV is stored in the SA and 2842 * incremented for each packet, the IV is then copied into the 2843 * "packet" for transmission to the receiving system. The IV will 2844 * also be copied into the nonce, when the packet is encrypted. 2845 * 2846 * CBC mode algorithms use a random IV for each packet. We do not 2847 * require the highest quality random bits, but for best security 2848 * with CBC mode ciphers, the value must be unlikely to repeat and 2849 * must not be known in advance to an adversary capable of influencing 2850 * the clear text. 2851 */ 2852 if (!update_iv((uint8_t *)iv_ptr, espstack->esp_pfkey_q, assoc, 2853 espstack)) { 2854 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2855 DROPPER(ipss, ipds_esp_iv_wrap), &espstack->esp_dropper); 2856 return (IPSEC_STATUS_FAILED); 2857 } 2858 2859 /* Fix the IP header. */ 2860 alloclen = padlen + 2 + mac_len; 2861 adj = alloclen + (espmp->b_wptr - espmp->b_rptr); 2862 2863 protocol = *nhp; 2864 2865 if (io->ipsec_out_v4) { 2866 ipha->ipha_length = htons(ntohs(ipha->ipha_length) + adj); 2867 if (is_natt) { 2868 *nhp = IPPROTO_UDP; 2869 udpha->uha_length = htons(ntohs(ipha->ipha_length) - 2870 IPH_HDR_LENGTH(ipha)); 2871 } else { 2872 *nhp = IPPROTO_ESP; 2873 } 2874 ipha->ipha_hdr_checksum = 0; 2875 ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha); 2876 } else { 2877 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) + adj); 2878 *nhp = IPPROTO_ESP; 2879 } 2880 2881 /* I've got the two ESP mblks, now insert them. */ 2882 2883 esp2dbg(espstack, ("data_mp before outbound ESP adjustment:\n")); 2884 esp2dbg(espstack, (dump_msg(data_mp))); 2885 2886 if (!esp_insert_esp(data_mp, espmp, divpoint, espstack)) { 2887 ESP_BUMP_STAT(espstack, out_discards); 2888 /* NOTE: esp_insert_esp() only fails if there's no memory. */ 2889 /* 2890 * TODO: Find the outbound IRE for this packet and 2891 * pass it to ip_drop_packet(). 2892 */ 2893 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2894 DROPPER(ipss, ipds_esp_nomem), 2895 &espstack->esp_dropper); 2896 freeb(espmp); 2897 return (IPSEC_STATUS_FAILED); 2898 } 2899 2900 /* Append padding (and leave room for ICV). */ 2901 for (tailmp = data_mp; tailmp->b_cont != NULL; tailmp = tailmp->b_cont) 2902 ; 2903 if (tailmp->b_wptr + alloclen > tailmp->b_datap->db_lim) { 2904 tailmp->b_cont = allocb(alloclen, BPRI_HI); 2905 if (tailmp->b_cont == NULL) { 2906 ESP_BUMP_STAT(espstack, out_discards); 2907 esp0dbg(("esp_outbound: Can't allocate tailmp.\n")); 2908 /* 2909 * TODO: Find the outbound IRE for this packet and 2910 * pass it to ip_drop_packet(). 2911 */ 2912 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2913 DROPPER(ipss, ipds_esp_nomem), 2914 &espstack->esp_dropper); 2915 return (IPSEC_STATUS_FAILED); 2916 } 2917 tailmp = tailmp->b_cont; 2918 } 2919 2920 /* 2921 * If there's padding, N bytes of padding must be of the form 0x1, 2922 * 0x2, 0x3... 0xN. 2923 */ 2924 for (i = 0; i < padlen; ) { 2925 i++; 2926 *tailmp->b_wptr++ = i; 2927 } 2928 *tailmp->b_wptr++ = i; 2929 *tailmp->b_wptr++ = protocol; 2930 2931 esp2dbg(espstack, ("data_Mp before encryption:\n")); 2932 esp2dbg(espstack, (dump_msg(data_mp))); 2933 2934 /* 2935 * The packet is eligible for hardware acceleration if the 2936 * following conditions are satisfied: 2937 * 2938 * 1. the packet will not be fragmented 2939 * 2. the provider supports the algorithms specified by SA 2940 * 3. there is no pending control message being exchanged 2941 * 4. snoop is not attached 2942 * 5. the destination address is not a multicast address 2943 * 2944 * All five of these conditions are checked by IP prior to 2945 * sending the packet to ESP. 2946 * 2947 * But We, and We Alone, can, nay MUST check if the packet 2948 * is over NATT, and then disqualify it from hardware 2949 * acceleration. 2950 */ 2951 2952 if (io->ipsec_out_is_capab_ill && !(assoc->ipsa_flags & IPSA_F_NATT)) { 2953 return (esp_outbound_accelerated(ipsec_out_mp, mac_len)); 2954 } 2955 ESP_BUMP_STAT(espstack, noaccel); 2956 2957 /* 2958 * Okay. I've set up the pre-encryption ESP. Let's do it! 2959 */ 2960 2961 if (mac_len > 0) { 2962 ASSERT(tailmp->b_wptr + mac_len <= tailmp->b_datap->db_lim); 2963 icv_buf = tailmp->b_wptr; 2964 tailmp->b_wptr += mac_len; 2965 } else { 2966 icv_buf = NULL; 2967 } 2968 2969 return (esp_submit_req_outbound(ipsec_out_mp, assoc, icv_buf, 2970 datalen + padlen + 2)); 2971 } 2972 2973 /* 2974 * IP calls this to validate the ICMP errors that 2975 * we got from the network. 2976 */ 2977 ipsec_status_t 2978 ipsecesp_icmp_error(mblk_t *ipsec_mp) 2979 { 2980 ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr; 2981 boolean_t is_inbound = (ii->ipsec_in_type == IPSEC_IN); 2982 netstack_t *ns; 2983 ipsecesp_stack_t *espstack; 2984 ipsec_stack_t *ipss; 2985 2986 if (is_inbound) { 2987 ns = ii->ipsec_in_ns; 2988 } else { 2989 ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr; 2990 2991 ns = io->ipsec_out_ns; 2992 } 2993 espstack = ns->netstack_ipsecesp; 2994 ipss = ns->netstack_ipsec; 2995 2996 /* 2997 * Unless we get an entire packet back, this function is useless. 2998 * Why? 2999 * 3000 * 1.) Partial packets are useless, because the "next header" 3001 * is at the end of the decrypted ESP packet. Without the 3002 * whole packet, this is useless. 3003 * 3004 * 2.) If we every use a stateful cipher, such as a stream or a 3005 * one-time pad, we can't do anything. 3006 * 3007 * Since the chances of us getting an entire packet back are very 3008 * very small, we discard here. 3009 */ 3010 IP_ESP_BUMP_STAT(ipss, in_discards); 3011 ip_drop_packet(ipsec_mp, B_TRUE, NULL, NULL, 3012 DROPPER(ipss, ipds_esp_icmp), 3013 &espstack->esp_dropper); 3014 return (IPSEC_STATUS_FAILED); 3015 } 3016 3017 /* 3018 * ESP module read put routine. 3019 */ 3020 /* ARGSUSED */ 3021 static void 3022 ipsecesp_rput(queue_t *q, mblk_t *mp) 3023 { 3024 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 3025 3026 ASSERT(mp->b_datap->db_type != M_CTL); /* No more IRE_DB_REQ. */ 3027 3028 switch (mp->b_datap->db_type) { 3029 case M_PROTO: 3030 case M_PCPROTO: 3031 /* TPI message of some sort. */ 3032 switch (*((t_scalar_t *)mp->b_rptr)) { 3033 case T_BIND_ACK: 3034 esp3dbg(espstack, 3035 ("Thank you IP from ESP for T_BIND_ACK\n")); 3036 break; 3037 case T_ERROR_ACK: 3038 cmn_err(CE_WARN, 3039 "ipsecesp: ESP received T_ERROR_ACK from IP."); 3040 /* 3041 * Make esp_sadb.s_ip_q NULL, and in the 3042 * future, perhaps try again. 3043 */ 3044 espstack->esp_sadb.s_ip_q = NULL; 3045 break; 3046 case T_OK_ACK: 3047 /* Probably from a (rarely sent) T_UNBIND_REQ. */ 3048 break; 3049 default: 3050 esp0dbg(("Unknown M_{,PC}PROTO message.\n")); 3051 } 3052 freemsg(mp); 3053 break; 3054 default: 3055 /* For now, passthru message. */ 3056 esp2dbg(espstack, ("ESP got unknown mblk type %d.\n", 3057 mp->b_datap->db_type)); 3058 putnext(q, mp); 3059 } 3060 } 3061 3062 /* 3063 * Construct an SADB_REGISTER message with the current algorithms. 3064 * This function gets called when 'ipsecalgs -s' is run or when 3065 * in.iked (or other KMD) starts. 3066 */ 3067 static boolean_t 3068 esp_register_out(uint32_t sequence, uint32_t pid, uint_t serial, 3069 ipsecesp_stack_t *espstack) 3070 { 3071 mblk_t *pfkey_msg_mp, *keysock_out_mp; 3072 sadb_msg_t *samsg; 3073 sadb_supported_t *sasupp_auth = NULL; 3074 sadb_supported_t *sasupp_encr = NULL; 3075 sadb_alg_t *saalg; 3076 uint_t allocsize = sizeof (*samsg); 3077 uint_t i, numalgs_snap; 3078 int current_aalgs; 3079 ipsec_alginfo_t **authalgs; 3080 uint_t num_aalgs; 3081 int current_ealgs; 3082 ipsec_alginfo_t **encralgs; 3083 uint_t num_ealgs; 3084 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 3085 3086 /* Allocate the KEYSOCK_OUT. */ 3087 keysock_out_mp = sadb_keysock_out(serial); 3088 if (keysock_out_mp == NULL) { 3089 esp0dbg(("esp_register_out: couldn't allocate mblk.\n")); 3090 return (B_FALSE); 3091 } 3092 3093 /* 3094 * Allocate the PF_KEY message that follows KEYSOCK_OUT. 3095 */ 3096 3097 mutex_enter(&ipss->ipsec_alg_lock); 3098 3099 /* 3100 * Fill SADB_REGISTER message's algorithm descriptors. Hold 3101 * down the lock while filling it. 3102 * 3103 * Return only valid algorithms, so the number of algorithms 3104 * to send up may be less than the number of algorithm entries 3105 * in the table. 3106 */ 3107 authalgs = ipss->ipsec_alglists[IPSEC_ALG_AUTH]; 3108 for (num_aalgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++) 3109 if (authalgs[i] != NULL && ALG_VALID(authalgs[i])) 3110 num_aalgs++; 3111 3112 if (num_aalgs != 0) { 3113 allocsize += (num_aalgs * sizeof (*saalg)); 3114 allocsize += sizeof (*sasupp_auth); 3115 } 3116 encralgs = ipss->ipsec_alglists[IPSEC_ALG_ENCR]; 3117 for (num_ealgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++) 3118 if (encralgs[i] != NULL && ALG_VALID(encralgs[i])) 3119 num_ealgs++; 3120 3121 if (num_ealgs != 0) { 3122 allocsize += (num_ealgs * sizeof (*saalg)); 3123 allocsize += sizeof (*sasupp_encr); 3124 } 3125 keysock_out_mp->b_cont = allocb(allocsize, BPRI_HI); 3126 if (keysock_out_mp->b_cont == NULL) { 3127 mutex_exit(&ipss->ipsec_alg_lock); 3128 freemsg(keysock_out_mp); 3129 return (B_FALSE); 3130 } 3131 3132 pfkey_msg_mp = keysock_out_mp->b_cont; 3133 pfkey_msg_mp->b_wptr += allocsize; 3134 if (num_aalgs != 0) { 3135 sasupp_auth = (sadb_supported_t *) 3136 (pfkey_msg_mp->b_rptr + sizeof (*samsg)); 3137 saalg = (sadb_alg_t *)(sasupp_auth + 1); 3138 3139 ASSERT(((ulong_t)saalg & 0x7) == 0); 3140 3141 numalgs_snap = 0; 3142 for (i = 0; 3143 ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_aalgs)); 3144 i++) { 3145 if (authalgs[i] == NULL || !ALG_VALID(authalgs[i])) 3146 continue; 3147 3148 saalg->sadb_alg_id = authalgs[i]->alg_id; 3149 saalg->sadb_alg_ivlen = 0; 3150 saalg->sadb_alg_minbits = authalgs[i]->alg_ef_minbits; 3151 saalg->sadb_alg_maxbits = authalgs[i]->alg_ef_maxbits; 3152 saalg->sadb_x_alg_increment = 3153 authalgs[i]->alg_increment; 3154 saalg->sadb_x_alg_saltbits = SADB_8TO1( 3155 authalgs[i]->alg_saltlen); 3156 numalgs_snap++; 3157 saalg++; 3158 } 3159 ASSERT(numalgs_snap == num_aalgs); 3160 #ifdef DEBUG 3161 /* 3162 * Reality check to make sure I snagged all of the 3163 * algorithms. 3164 */ 3165 for (; i < IPSEC_MAX_ALGS; i++) { 3166 if (authalgs[i] != NULL && ALG_VALID(authalgs[i])) { 3167 cmn_err(CE_PANIC, "esp_register_out()! " 3168 "Missed aalg #%d.\n", i); 3169 } 3170 } 3171 #endif /* DEBUG */ 3172 } else { 3173 saalg = (sadb_alg_t *)(pfkey_msg_mp->b_rptr + sizeof (*samsg)); 3174 } 3175 3176 if (num_ealgs != 0) { 3177 sasupp_encr = (sadb_supported_t *)saalg; 3178 saalg = (sadb_alg_t *)(sasupp_encr + 1); 3179 3180 numalgs_snap = 0; 3181 for (i = 0; 3182 ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_ealgs)); i++) { 3183 if (encralgs[i] == NULL || !ALG_VALID(encralgs[i])) 3184 continue; 3185 saalg->sadb_alg_id = encralgs[i]->alg_id; 3186 saalg->sadb_alg_ivlen = encralgs[i]->alg_ivlen; 3187 saalg->sadb_alg_minbits = encralgs[i]->alg_ef_minbits; 3188 saalg->sadb_alg_maxbits = encralgs[i]->alg_ef_maxbits; 3189 /* 3190 * We could advertise the ICV length, except there 3191 * is not a value in sadb_x_algb to do this. 3192 * saalg->sadb_alg_maclen = encralgs[i]->alg_maclen; 3193 */ 3194 saalg->sadb_x_alg_increment = 3195 encralgs[i]->alg_increment; 3196 saalg->sadb_x_alg_saltbits = 3197 SADB_8TO1(encralgs[i]->alg_saltlen); 3198 3199 numalgs_snap++; 3200 saalg++; 3201 } 3202 ASSERT(numalgs_snap == num_ealgs); 3203 #ifdef DEBUG 3204 /* 3205 * Reality check to make sure I snagged all of the 3206 * algorithms. 3207 */ 3208 for (; i < IPSEC_MAX_ALGS; i++) { 3209 if (encralgs[i] != NULL && ALG_VALID(encralgs[i])) { 3210 cmn_err(CE_PANIC, "esp_register_out()! " 3211 "Missed ealg #%d.\n", i); 3212 } 3213 } 3214 #endif /* DEBUG */ 3215 } 3216 3217 current_aalgs = num_aalgs; 3218 current_ealgs = num_ealgs; 3219 3220 mutex_exit(&ipss->ipsec_alg_lock); 3221 3222 /* Now fill the rest of the SADB_REGISTER message. */ 3223 3224 samsg = (sadb_msg_t *)pfkey_msg_mp->b_rptr; 3225 samsg->sadb_msg_version = PF_KEY_V2; 3226 samsg->sadb_msg_type = SADB_REGISTER; 3227 samsg->sadb_msg_errno = 0; 3228 samsg->sadb_msg_satype = SADB_SATYPE_ESP; 3229 samsg->sadb_msg_len = SADB_8TO64(allocsize); 3230 samsg->sadb_msg_reserved = 0; 3231 /* 3232 * Assume caller has sufficient sequence/pid number info. If it's one 3233 * from me over a new alg., I could give two hoots about sequence. 3234 */ 3235 samsg->sadb_msg_seq = sequence; 3236 samsg->sadb_msg_pid = pid; 3237 3238 if (sasupp_auth != NULL) { 3239 sasupp_auth->sadb_supported_len = SADB_8TO64( 3240 sizeof (*sasupp_auth) + sizeof (*saalg) * current_aalgs); 3241 sasupp_auth->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 3242 sasupp_auth->sadb_supported_reserved = 0; 3243 } 3244 3245 if (sasupp_encr != NULL) { 3246 sasupp_encr->sadb_supported_len = SADB_8TO64( 3247 sizeof (*sasupp_encr) + sizeof (*saalg) * current_ealgs); 3248 sasupp_encr->sadb_supported_exttype = 3249 SADB_EXT_SUPPORTED_ENCRYPT; 3250 sasupp_encr->sadb_supported_reserved = 0; 3251 } 3252 3253 if (espstack->esp_pfkey_q != NULL) 3254 putnext(espstack->esp_pfkey_q, keysock_out_mp); 3255 else { 3256 freemsg(keysock_out_mp); 3257 return (B_FALSE); 3258 } 3259 3260 return (B_TRUE); 3261 } 3262 3263 /* 3264 * Invoked when the algorithm table changes. Causes SADB_REGISTER 3265 * messages continaining the current list of algorithms to be 3266 * sent up to the ESP listeners. 3267 */ 3268 void 3269 ipsecesp_algs_changed(netstack_t *ns) 3270 { 3271 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 3272 3273 /* 3274 * Time to send a PF_KEY SADB_REGISTER message to ESP listeners 3275 * everywhere. (The function itself checks for NULL esp_pfkey_q.) 3276 */ 3277 (void) esp_register_out(0, 0, 0, espstack); 3278 } 3279 3280 /* 3281 * Stub function that taskq_dispatch() invokes to take the mblk (in arg) 3282 * and put() it into AH and STREAMS again. 3283 */ 3284 static void 3285 inbound_task(void *arg) 3286 { 3287 esph_t *esph; 3288 mblk_t *mp = (mblk_t *)arg; 3289 ipsec_in_t *ii = (ipsec_in_t *)mp->b_rptr; 3290 netstack_t *ns; 3291 ipsecesp_stack_t *espstack; 3292 int ipsec_rc; 3293 3294 ns = netstack_find_by_stackid(ii->ipsec_in_stackid); 3295 if (ns == NULL || ns != ii->ipsec_in_ns) { 3296 /* Just freemsg(). */ 3297 if (ns != NULL) 3298 netstack_rele(ns); 3299 freemsg(mp); 3300 return; 3301 } 3302 3303 espstack = ns->netstack_ipsecesp; 3304 3305 esp2dbg(espstack, ("in ESP inbound_task")); 3306 ASSERT(espstack != NULL); 3307 3308 esph = ipsec_inbound_esp_sa(mp, ns); 3309 if (esph != NULL) { 3310 ASSERT(ii->ipsec_in_esp_sa != NULL); 3311 ipsec_rc = ii->ipsec_in_esp_sa->ipsa_input_func(mp, esph); 3312 if (ipsec_rc == IPSEC_STATUS_SUCCESS) 3313 ip_fanout_proto_again(mp, NULL, NULL, NULL); 3314 } 3315 netstack_rele(ns); 3316 } 3317 3318 /* 3319 * Now that weak-key passed, actually ADD the security association, and 3320 * send back a reply ADD message. 3321 */ 3322 static int 3323 esp_add_sa_finish(mblk_t *mp, sadb_msg_t *samsg, keysock_in_t *ksi, 3324 int *diagnostic, ipsecesp_stack_t *espstack) 3325 { 3326 isaf_t *primary = NULL, *secondary, *inbound, *outbound; 3327 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 3328 sadb_address_t *dstext = 3329 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3330 struct sockaddr_in *dst; 3331 struct sockaddr_in6 *dst6; 3332 boolean_t is_ipv4, clone = B_FALSE, is_inbound = B_FALSE; 3333 uint32_t *dstaddr; 3334 ipsa_t *larval = NULL; 3335 ipsacq_t *acqrec; 3336 iacqf_t *acq_bucket; 3337 mblk_t *acq_msgs = NULL; 3338 int rc; 3339 sadb_t *sp; 3340 int outhash; 3341 mblk_t *lpkt; 3342 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 3343 3344 /* 3345 * Locate the appropriate table(s). 3346 */ 3347 3348 dst = (struct sockaddr_in *)(dstext + 1); 3349 dst6 = (struct sockaddr_in6 *)dst; 3350 is_ipv4 = (dst->sin_family == AF_INET); 3351 if (is_ipv4) { 3352 sp = &espstack->esp_sadb.s_v4; 3353 dstaddr = (uint32_t *)(&dst->sin_addr); 3354 outhash = OUTBOUND_HASH_V4(sp, *(ipaddr_t *)dstaddr); 3355 } else { 3356 sp = &espstack->esp_sadb.s_v6; 3357 dstaddr = (uint32_t *)(&dst6->sin6_addr); 3358 outhash = OUTBOUND_HASH_V6(sp, *(in6_addr_t *)dstaddr); 3359 } 3360 3361 inbound = INBOUND_BUCKET(sp, assoc->sadb_sa_spi); 3362 outbound = &sp->sdb_of[outhash]; 3363 3364 /* 3365 * Use the direction flags provided by the KMD to determine 3366 * if the inbound or outbound table should be the primary 3367 * for this SA. If these flags were absent then make this 3368 * decision based on the addresses. 3369 */ 3370 if (assoc->sadb_sa_flags & IPSA_F_INBOUND) { 3371 primary = inbound; 3372 secondary = outbound; 3373 is_inbound = B_TRUE; 3374 if (assoc->sadb_sa_flags & IPSA_F_OUTBOUND) 3375 clone = B_TRUE; 3376 } else { 3377 if (assoc->sadb_sa_flags & IPSA_F_OUTBOUND) { 3378 primary = outbound; 3379 secondary = inbound; 3380 } 3381 } 3382 3383 if (primary == NULL) { 3384 /* 3385 * The KMD did not set a direction flag, determine which 3386 * table to insert the SA into based on addresses. 3387 */ 3388 switch (ksi->ks_in_dsttype) { 3389 case KS_IN_ADDR_MBCAST: 3390 clone = B_TRUE; /* All mcast SAs can be bidirectional */ 3391 assoc->sadb_sa_flags |= IPSA_F_OUTBOUND; 3392 /* FALLTHRU */ 3393 /* 3394 * If the source address is either one of mine, or unspecified 3395 * (which is best summed up by saying "not 'not mine'"), 3396 * then the association is potentially bi-directional, 3397 * in that it can be used for inbound traffic and outbound 3398 * traffic. The best example of such an SA is a multicast 3399 * SA (which allows me to receive the outbound traffic). 3400 */ 3401 case KS_IN_ADDR_ME: 3402 assoc->sadb_sa_flags |= IPSA_F_INBOUND; 3403 primary = inbound; 3404 secondary = outbound; 3405 if (ksi->ks_in_srctype != KS_IN_ADDR_NOTME) 3406 clone = B_TRUE; 3407 is_inbound = B_TRUE; 3408 break; 3409 /* 3410 * If the source address literally not mine (either 3411 * unspecified or not mine), then this SA may have an 3412 * address that WILL be mine after some configuration. 3413 * We pay the price for this by making it a bi-directional 3414 * SA. 3415 */ 3416 case KS_IN_ADDR_NOTME: 3417 assoc->sadb_sa_flags |= IPSA_F_OUTBOUND; 3418 primary = outbound; 3419 secondary = inbound; 3420 if (ksi->ks_in_srctype != KS_IN_ADDR_ME) { 3421 assoc->sadb_sa_flags |= IPSA_F_INBOUND; 3422 clone = B_TRUE; 3423 } 3424 break; 3425 default: 3426 *diagnostic = SADB_X_DIAGNOSTIC_BAD_DST; 3427 return (EINVAL); 3428 } 3429 } 3430 3431 /* 3432 * Find a ACQUIRE list entry if possible. If we've added an SA that 3433 * suits the needs of an ACQUIRE list entry, we can eliminate the 3434 * ACQUIRE list entry and transmit the enqueued packets. Use the 3435 * high-bit of the sequence number to queue it. Key off destination 3436 * addr, and change acqrec's state. 3437 */ 3438 3439 if (samsg->sadb_msg_seq & IACQF_LOWEST_SEQ) { 3440 acq_bucket = &sp->sdb_acq[outhash]; 3441 mutex_enter(&acq_bucket->iacqf_lock); 3442 for (acqrec = acq_bucket->iacqf_ipsacq; acqrec != NULL; 3443 acqrec = acqrec->ipsacq_next) { 3444 mutex_enter(&acqrec->ipsacq_lock); 3445 /* 3446 * Q: I only check sequence. Should I check dst? 3447 * A: Yes, check dest because those are the packets 3448 * that are queued up. 3449 */ 3450 if (acqrec->ipsacq_seq == samsg->sadb_msg_seq && 3451 IPSA_ARE_ADDR_EQUAL(dstaddr, 3452 acqrec->ipsacq_dstaddr, acqrec->ipsacq_addrfam)) 3453 break; 3454 mutex_exit(&acqrec->ipsacq_lock); 3455 } 3456 if (acqrec != NULL) { 3457 /* 3458 * AHA! I found an ACQUIRE record for this SA. 3459 * Grab the msg list, and free the acquire record. 3460 * I already am holding the lock for this record, 3461 * so all I have to do is free it. 3462 */ 3463 acq_msgs = acqrec->ipsacq_mp; 3464 acqrec->ipsacq_mp = NULL; 3465 mutex_exit(&acqrec->ipsacq_lock); 3466 sadb_destroy_acquire(acqrec, 3467 espstack->ipsecesp_netstack); 3468 } 3469 mutex_exit(&acq_bucket->iacqf_lock); 3470 } 3471 3472 /* 3473 * Find PF_KEY message, and see if I'm an update. If so, find entry 3474 * in larval list (if there). 3475 */ 3476 3477 if (samsg->sadb_msg_type == SADB_UPDATE) { 3478 mutex_enter(&inbound->isaf_lock); 3479 larval = ipsec_getassocbyspi(inbound, assoc->sadb_sa_spi, 3480 ALL_ZEROES_PTR, dstaddr, dst->sin_family); 3481 mutex_exit(&inbound->isaf_lock); 3482 3483 if ((larval == NULL) || 3484 (larval->ipsa_state != IPSA_STATE_LARVAL)) { 3485 *diagnostic = SADB_X_DIAGNOSTIC_SA_NOTFOUND; 3486 if (larval != NULL) { 3487 IPSA_REFRELE(larval); 3488 } 3489 esp0dbg(("Larval update, but larval disappeared.\n")); 3490 return (ESRCH); 3491 } /* Else sadb_common_add unlinks it for me! */ 3492 } 3493 3494 lpkt = NULL; 3495 if (larval != NULL) 3496 lpkt = sadb_clear_lpkt(larval); 3497 3498 rc = sadb_common_add(espstack->esp_sadb.s_ip_q, espstack->esp_pfkey_q, 3499 mp, samsg, ksi, primary, secondary, larval, clone, is_inbound, 3500 diagnostic, espstack->ipsecesp_netstack, &espstack->esp_sadb); 3501 3502 if (rc == 0 && lpkt != NULL) 3503 rc = !taskq_dispatch(esp_taskq, inbound_task, lpkt, TQ_NOSLEEP); 3504 3505 if (rc != 0) { 3506 ip_drop_packet(lpkt, B_TRUE, NULL, NULL, 3507 DROPPER(ipss, ipds_sadb_inlarval_timeout), 3508 &espstack->esp_dropper); 3509 } 3510 3511 /* 3512 * How much more stack will I create with all of these 3513 * esp_outbound() calls? 3514 */ 3515 3516 while (acq_msgs != NULL) { 3517 mblk_t *mp = acq_msgs; 3518 3519 acq_msgs = acq_msgs->b_next; 3520 mp->b_next = NULL; 3521 if (rc == 0) { 3522 if (ipsec_outbound_sa(mp, IPPROTO_ESP)) { 3523 ((ipsec_out_t *)(mp->b_rptr))-> 3524 ipsec_out_esp_done = B_TRUE; 3525 if (esp_outbound(mp) == IPSEC_STATUS_SUCCESS) { 3526 ipha_t *ipha; 3527 3528 /* do AH processing if needed */ 3529 if (!esp_do_outbound_ah(mp)) 3530 continue; 3531 3532 ipha = (ipha_t *)mp->b_cont->b_rptr; 3533 3534 /* finish IPsec processing */ 3535 if (is_ipv4) { 3536 ip_wput_ipsec_out(NULL, mp, 3537 ipha, NULL, NULL); 3538 } else { 3539 ip6_t *ip6h = (ip6_t *)ipha; 3540 ip_wput_ipsec_out_v6(NULL, 3541 mp, ip6h, NULL, NULL); 3542 } 3543 } 3544 continue; 3545 } 3546 } 3547 ESP_BUMP_STAT(espstack, out_discards); 3548 ip_drop_packet(mp, B_FALSE, NULL, NULL, 3549 DROPPER(ipss, ipds_sadb_acquire_timeout), 3550 &espstack->esp_dropper); 3551 } 3552 3553 return (rc); 3554 } 3555 3556 /* 3557 * Add new ESP security association. This may become a generic AH/ESP 3558 * routine eventually. 3559 */ 3560 static int 3561 esp_add_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic, netstack_t *ns) 3562 { 3563 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 3564 sadb_address_t *srcext = 3565 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC]; 3566 sadb_address_t *dstext = 3567 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3568 sadb_address_t *isrcext = 3569 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_INNER_SRC]; 3570 sadb_address_t *idstext = 3571 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_INNER_DST]; 3572 sadb_address_t *nttext_loc = 3573 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_NATT_LOC]; 3574 sadb_address_t *nttext_rem = 3575 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_NATT_REM]; 3576 sadb_key_t *akey = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_AUTH]; 3577 sadb_key_t *ekey = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_ENCRYPT]; 3578 struct sockaddr_in *src, *dst; 3579 struct sockaddr_in *natt_loc, *natt_rem; 3580 struct sockaddr_in6 *natt_loc6, *natt_rem6; 3581 sadb_lifetime_t *soft = 3582 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_SOFT]; 3583 sadb_lifetime_t *hard = 3584 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_HARD]; 3585 sadb_lifetime_t *idle = 3586 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_X_EXT_LIFETIME_IDLE]; 3587 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 3588 ipsec_stack_t *ipss = ns->netstack_ipsec; 3589 3590 /* I need certain extensions present for an ADD message. */ 3591 if (srcext == NULL) { 3592 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SRC; 3593 return (EINVAL); 3594 } 3595 if (dstext == NULL) { 3596 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST; 3597 return (EINVAL); 3598 } 3599 if (isrcext == NULL && idstext != NULL) { 3600 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_INNER_SRC; 3601 return (EINVAL); 3602 } 3603 if (isrcext != NULL && idstext == NULL) { 3604 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_INNER_DST; 3605 return (EINVAL); 3606 } 3607 if (assoc == NULL) { 3608 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA; 3609 return (EINVAL); 3610 } 3611 if (ekey == NULL && assoc->sadb_sa_encrypt != SADB_EALG_NULL) { 3612 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_EKEY; 3613 return (EINVAL); 3614 } 3615 3616 src = (struct sockaddr_in *)(srcext + 1); 3617 dst = (struct sockaddr_in *)(dstext + 1); 3618 natt_loc = (struct sockaddr_in *)(nttext_loc + 1); 3619 natt_loc6 = (struct sockaddr_in6 *)(nttext_loc + 1); 3620 natt_rem = (struct sockaddr_in *)(nttext_rem + 1); 3621 natt_rem6 = (struct sockaddr_in6 *)(nttext_rem + 1); 3622 3623 /* Sundry ADD-specific reality checks. */ 3624 /* XXX STATS : Logging/stats here? */ 3625 3626 if ((assoc->sadb_sa_state != SADB_SASTATE_MATURE) && 3627 (assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE_ELSEWHERE)) { 3628 *diagnostic = SADB_X_DIAGNOSTIC_BAD_SASTATE; 3629 return (EINVAL); 3630 } 3631 if (assoc->sadb_sa_encrypt == SADB_EALG_NONE) { 3632 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG; 3633 return (EINVAL); 3634 } 3635 3636 if (assoc->sadb_sa_encrypt == SADB_EALG_NULL && 3637 assoc->sadb_sa_auth == SADB_AALG_NONE) { 3638 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG; 3639 return (EINVAL); 3640 } 3641 3642 if (assoc->sadb_sa_flags & ~espstack->esp_sadb.s_addflags) { 3643 *diagnostic = SADB_X_DIAGNOSTIC_BAD_SAFLAGS; 3644 return (EINVAL); 3645 } 3646 3647 if ((*diagnostic = sadb_hardsoftchk(hard, soft, idle)) != 0) { 3648 return (EINVAL); 3649 } 3650 ASSERT(src->sin_family == dst->sin_family); 3651 3652 if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_LOC) { 3653 if (nttext_loc == NULL) { 3654 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_NATT_LOC; 3655 return (EINVAL); 3656 } 3657 3658 if (natt_loc->sin_family == AF_INET6 && 3659 !IN6_IS_ADDR_V4MAPPED(&natt_loc6->sin6_addr)) { 3660 *diagnostic = SADB_X_DIAGNOSTIC_MALFORMED_NATT_LOC; 3661 return (EINVAL); 3662 } 3663 } 3664 3665 if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_REM) { 3666 if (nttext_rem == NULL) { 3667 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_NATT_REM; 3668 return (EINVAL); 3669 } 3670 if (natt_rem->sin_family == AF_INET6 && 3671 !IN6_IS_ADDR_V4MAPPED(&natt_rem6->sin6_addr)) { 3672 *diagnostic = SADB_X_DIAGNOSTIC_MALFORMED_NATT_REM; 3673 return (EINVAL); 3674 } 3675 } 3676 3677 3678 /* Stuff I don't support, for now. XXX Diagnostic? */ 3679 if (ksi->ks_in_extv[SADB_EXT_LIFETIME_CURRENT] != NULL || 3680 ksi->ks_in_extv[SADB_EXT_SENSITIVITY] != NULL) 3681 return (EOPNOTSUPP); 3682 3683 /* 3684 * XXX Policy : I'm not checking identities or sensitivity 3685 * labels at this time, but if I did, I'd do them here, before I sent 3686 * the weak key check up to the algorithm. 3687 */ 3688 3689 mutex_enter(&ipss->ipsec_alg_lock); 3690 3691 /* 3692 * First locate the authentication algorithm. 3693 */ 3694 if (akey != NULL) { 3695 ipsec_alginfo_t *aalg; 3696 3697 aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH] 3698 [assoc->sadb_sa_auth]; 3699 if (aalg == NULL || !ALG_VALID(aalg)) { 3700 mutex_exit(&ipss->ipsec_alg_lock); 3701 esp1dbg(espstack, ("Couldn't find auth alg #%d.\n", 3702 assoc->sadb_sa_auth)); 3703 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG; 3704 return (EINVAL); 3705 } 3706 3707 /* 3708 * Sanity check key sizes. 3709 * Note: It's not possible to use SADB_AALG_NONE because 3710 * this auth_alg is not defined with ALG_FLAG_VALID. If this 3711 * ever changes, the same check for SADB_AALG_NONE and 3712 * a auth_key != NULL should be made here ( see below). 3713 */ 3714 if (!ipsec_valid_key_size(akey->sadb_key_bits, aalg)) { 3715 mutex_exit(&ipss->ipsec_alg_lock); 3716 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AKEYBITS; 3717 return (EINVAL); 3718 } 3719 ASSERT(aalg->alg_mech_type != CRYPTO_MECHANISM_INVALID); 3720 3721 /* check key and fix parity if needed */ 3722 if (ipsec_check_key(aalg->alg_mech_type, akey, B_TRUE, 3723 diagnostic) != 0) { 3724 mutex_exit(&ipss->ipsec_alg_lock); 3725 return (EINVAL); 3726 } 3727 } 3728 3729 /* 3730 * Then locate the encryption algorithm. 3731 */ 3732 if (ekey != NULL) { 3733 uint_t keybits; 3734 ipsec_alginfo_t *ealg; 3735 3736 ealg = ipss->ipsec_alglists[IPSEC_ALG_ENCR] 3737 [assoc->sadb_sa_encrypt]; 3738 if (ealg == NULL || !ALG_VALID(ealg)) { 3739 mutex_exit(&ipss->ipsec_alg_lock); 3740 esp1dbg(espstack, ("Couldn't find encr alg #%d.\n", 3741 assoc->sadb_sa_encrypt)); 3742 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG; 3743 return (EINVAL); 3744 } 3745 3746 /* 3747 * Sanity check key sizes. If the encryption algorithm is 3748 * SADB_EALG_NULL but the encryption key is NOT 3749 * NULL then complain. 3750 * 3751 * The keying material includes salt bits if required by 3752 * algorithm and optionally the Initial IV, check the 3753 * length of whats left. 3754 */ 3755 keybits = ekey->sadb_key_bits; 3756 keybits -= ekey->sadb_key_reserved; 3757 keybits -= SADB_8TO1(ealg->alg_saltlen); 3758 if ((assoc->sadb_sa_encrypt == SADB_EALG_NULL) || 3759 (!ipsec_valid_key_size(keybits, ealg))) { 3760 mutex_exit(&ipss->ipsec_alg_lock); 3761 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EKEYBITS; 3762 return (EINVAL); 3763 } 3764 ASSERT(ealg->alg_mech_type != CRYPTO_MECHANISM_INVALID); 3765 3766 /* check key */ 3767 if (ipsec_check_key(ealg->alg_mech_type, ekey, B_FALSE, 3768 diagnostic) != 0) { 3769 mutex_exit(&ipss->ipsec_alg_lock); 3770 return (EINVAL); 3771 } 3772 } 3773 mutex_exit(&ipss->ipsec_alg_lock); 3774 3775 return (esp_add_sa_finish(mp, (sadb_msg_t *)mp->b_cont->b_rptr, ksi, 3776 diagnostic, espstack)); 3777 } 3778 3779 /* 3780 * Update a security association. Updates come in two varieties. The first 3781 * is an update of lifetimes on a non-larval SA. The second is an update of 3782 * a larval SA, which ends up looking a lot more like an add. 3783 */ 3784 static int 3785 esp_update_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic, 3786 ipsecesp_stack_t *espstack, uint8_t sadb_msg_type) 3787 { 3788 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 3789 mblk_t *buf_pkt; 3790 int rcode; 3791 3792 sadb_address_t *dstext = 3793 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3794 3795 if (dstext == NULL) { 3796 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST; 3797 return (EINVAL); 3798 } 3799 3800 rcode = sadb_update_sa(mp, ksi, &buf_pkt, &espstack->esp_sadb, 3801 diagnostic, espstack->esp_pfkey_q, esp_add_sa, 3802 espstack->ipsecesp_netstack, sadb_msg_type); 3803 3804 if ((assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE) || 3805 (rcode != 0)) { 3806 return (rcode); 3807 } 3808 3809 HANDLE_BUF_PKT(esp_taskq, espstack->ipsecesp_netstack->netstack_ipsec, 3810 espstack->esp_dropper, buf_pkt); 3811 3812 return (rcode); 3813 } 3814 3815 /* 3816 * Delete a security association. This is REALLY likely to be code common to 3817 * both AH and ESP. Find the association, then unlink it. 3818 */ 3819 static int 3820 esp_del_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic, 3821 ipsecesp_stack_t *espstack, uint8_t sadb_msg_type) 3822 { 3823 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 3824 sadb_address_t *dstext = 3825 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3826 sadb_address_t *srcext = 3827 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC]; 3828 struct sockaddr_in *sin; 3829 3830 if (assoc == NULL) { 3831 if (dstext != NULL) { 3832 sin = (struct sockaddr_in *)(dstext + 1); 3833 } else if (srcext != NULL) { 3834 sin = (struct sockaddr_in *)(srcext + 1); 3835 } else { 3836 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA; 3837 return (EINVAL); 3838 } 3839 return (sadb_purge_sa(mp, ksi, 3840 (sin->sin_family == AF_INET6) ? &espstack->esp_sadb.s_v6 : 3841 &espstack->esp_sadb.s_v4, espstack->esp_pfkey_q, 3842 espstack->esp_sadb.s_ip_q)); 3843 } 3844 3845 return (sadb_delget_sa(mp, ksi, &espstack->esp_sadb, diagnostic, 3846 espstack->esp_pfkey_q, sadb_msg_type)); 3847 } 3848 3849 /* 3850 * Convert the entire contents of all of ESP's SA tables into PF_KEY SADB_DUMP 3851 * messages. 3852 */ 3853 static void 3854 esp_dump(mblk_t *mp, keysock_in_t *ksi, ipsecesp_stack_t *espstack) 3855 { 3856 int error; 3857 sadb_msg_t *samsg; 3858 3859 /* 3860 * Dump each fanout, bailing if error is non-zero. 3861 */ 3862 3863 error = sadb_dump(espstack->esp_pfkey_q, mp, ksi, 3864 &espstack->esp_sadb.s_v4); 3865 if (error != 0) 3866 goto bail; 3867 3868 error = sadb_dump(espstack->esp_pfkey_q, mp, ksi, 3869 &espstack->esp_sadb.s_v6); 3870 bail: 3871 ASSERT(mp->b_cont != NULL); 3872 samsg = (sadb_msg_t *)mp->b_cont->b_rptr; 3873 samsg->sadb_msg_errno = (uint8_t)error; 3874 sadb_pfkey_echo(espstack->esp_pfkey_q, mp, 3875 (sadb_msg_t *)mp->b_cont->b_rptr, ksi, NULL); 3876 } 3877 3878 /* 3879 * First-cut reality check for an inbound PF_KEY message. 3880 */ 3881 static boolean_t 3882 esp_pfkey_reality_failures(mblk_t *mp, keysock_in_t *ksi, 3883 ipsecesp_stack_t *espstack) 3884 { 3885 int diagnostic; 3886 3887 if (ksi->ks_in_extv[SADB_EXT_PROPOSAL] != NULL) { 3888 diagnostic = SADB_X_DIAGNOSTIC_PROP_PRESENT; 3889 goto badmsg; 3890 } 3891 if (ksi->ks_in_extv[SADB_EXT_SUPPORTED_AUTH] != NULL || 3892 ksi->ks_in_extv[SADB_EXT_SUPPORTED_ENCRYPT] != NULL) { 3893 diagnostic = SADB_X_DIAGNOSTIC_SUPP_PRESENT; 3894 goto badmsg; 3895 } 3896 return (B_FALSE); /* False ==> no failures */ 3897 3898 badmsg: 3899 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, diagnostic, 3900 ksi->ks_in_serial); 3901 return (B_TRUE); /* True ==> failures */ 3902 } 3903 3904 /* 3905 * ESP parsing of PF_KEY messages. Keysock did most of the really silly 3906 * error cases. What I receive is a fully-formed, syntactically legal 3907 * PF_KEY message. I then need to check semantics... 3908 * 3909 * This code may become common to AH and ESP. Stay tuned. 3910 * 3911 * I also make the assumption that db_ref's are cool. If this assumption 3912 * is wrong, this means that someone other than keysock or me has been 3913 * mucking with PF_KEY messages. 3914 */ 3915 static void 3916 esp_parse_pfkey(mblk_t *mp, ipsecesp_stack_t *espstack) 3917 { 3918 mblk_t *msg = mp->b_cont; 3919 sadb_msg_t *samsg; 3920 keysock_in_t *ksi; 3921 int error; 3922 int diagnostic = SADB_X_DIAGNOSTIC_NONE; 3923 3924 ASSERT(msg != NULL); 3925 3926 samsg = (sadb_msg_t *)msg->b_rptr; 3927 ksi = (keysock_in_t *)mp->b_rptr; 3928 3929 /* 3930 * If applicable, convert unspecified AF_INET6 to unspecified 3931 * AF_INET. And do other address reality checks. 3932 */ 3933 if (!sadb_addrfix(ksi, espstack->esp_pfkey_q, mp, 3934 espstack->ipsecesp_netstack) || 3935 esp_pfkey_reality_failures(mp, ksi, espstack)) { 3936 return; 3937 } 3938 3939 switch (samsg->sadb_msg_type) { 3940 case SADB_ADD: 3941 error = esp_add_sa(mp, ksi, &diagnostic, 3942 espstack->ipsecesp_netstack); 3943 if (error != 0) { 3944 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error, 3945 diagnostic, ksi->ks_in_serial); 3946 } 3947 /* else esp_add_sa() took care of things. */ 3948 break; 3949 case SADB_DELETE: 3950 case SADB_X_DELPAIR: 3951 case SADB_X_DELPAIR_STATE: 3952 error = esp_del_sa(mp, ksi, &diagnostic, espstack, 3953 samsg->sadb_msg_type); 3954 if (error != 0) { 3955 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error, 3956 diagnostic, ksi->ks_in_serial); 3957 } 3958 /* Else esp_del_sa() took care of things. */ 3959 break; 3960 case SADB_GET: 3961 error = sadb_delget_sa(mp, ksi, &espstack->esp_sadb, 3962 &diagnostic, espstack->esp_pfkey_q, samsg->sadb_msg_type); 3963 if (error != 0) { 3964 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error, 3965 diagnostic, ksi->ks_in_serial); 3966 } 3967 /* Else sadb_get_sa() took care of things. */ 3968 break; 3969 case SADB_FLUSH: 3970 sadbp_flush(&espstack->esp_sadb, espstack->ipsecesp_netstack); 3971 sadb_pfkey_echo(espstack->esp_pfkey_q, mp, samsg, ksi, NULL); 3972 break; 3973 case SADB_REGISTER: 3974 /* 3975 * Hmmm, let's do it! Check for extensions (there should 3976 * be none), extract the fields, call esp_register_out(), 3977 * then either free or report an error. 3978 * 3979 * Keysock takes care of the PF_KEY bookkeeping for this. 3980 */ 3981 if (esp_register_out(samsg->sadb_msg_seq, samsg->sadb_msg_pid, 3982 ksi->ks_in_serial, espstack)) { 3983 freemsg(mp); 3984 } else { 3985 /* 3986 * Only way this path hits is if there is a memory 3987 * failure. It will not return B_FALSE because of 3988 * lack of esp_pfkey_q if I am in wput(). 3989 */ 3990 sadb_pfkey_error(espstack->esp_pfkey_q, mp, ENOMEM, 3991 diagnostic, ksi->ks_in_serial); 3992 } 3993 break; 3994 case SADB_UPDATE: 3995 case SADB_X_UPDATEPAIR: 3996 /* 3997 * Find a larval, if not there, find a full one and get 3998 * strict. 3999 */ 4000 error = esp_update_sa(mp, ksi, &diagnostic, espstack, 4001 samsg->sadb_msg_type); 4002 if (error != 0) { 4003 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error, 4004 diagnostic, ksi->ks_in_serial); 4005 } 4006 /* else esp_update_sa() took care of things. */ 4007 break; 4008 case SADB_GETSPI: 4009 /* 4010 * Reserve a new larval entry. 4011 */ 4012 esp_getspi(mp, ksi, espstack); 4013 break; 4014 case SADB_ACQUIRE: 4015 /* 4016 * Find larval and/or ACQUIRE record and kill it (them), I'm 4017 * most likely an error. Inbound ACQUIRE messages should only 4018 * have the base header. 4019 */ 4020 sadb_in_acquire(samsg, &espstack->esp_sadb, 4021 espstack->esp_pfkey_q, espstack->ipsecesp_netstack); 4022 freemsg(mp); 4023 break; 4024 case SADB_DUMP: 4025 /* 4026 * Dump all entries. 4027 */ 4028 esp_dump(mp, ksi, espstack); 4029 /* esp_dump will take care of the return message, etc. */ 4030 break; 4031 case SADB_EXPIRE: 4032 /* Should never reach me. */ 4033 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EOPNOTSUPP, 4034 diagnostic, ksi->ks_in_serial); 4035 break; 4036 default: 4037 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, 4038 SADB_X_DIAGNOSTIC_UNKNOWN_MSG, ksi->ks_in_serial); 4039 break; 4040 } 4041 } 4042 4043 /* 4044 * Handle case where PF_KEY says it can't find a keysock for one of my 4045 * ACQUIRE messages. 4046 */ 4047 static void 4048 esp_keysock_no_socket(mblk_t *mp, ipsecesp_stack_t *espstack) 4049 { 4050 sadb_msg_t *samsg; 4051 keysock_out_err_t *kse = (keysock_out_err_t *)mp->b_rptr; 4052 4053 if (mp->b_cont == NULL) { 4054 freemsg(mp); 4055 return; 4056 } 4057 samsg = (sadb_msg_t *)mp->b_cont->b_rptr; 4058 4059 /* 4060 * If keysock can't find any registered, delete the acquire record 4061 * immediately, and handle errors. 4062 */ 4063 if (samsg->sadb_msg_type == SADB_ACQUIRE) { 4064 samsg->sadb_msg_errno = kse->ks_err_errno; 4065 samsg->sadb_msg_len = SADB_8TO64(sizeof (*samsg)); 4066 /* 4067 * Use the write-side of the esp_pfkey_q, in case there is 4068 * no esp_sadb.s_ip_q. 4069 */ 4070 sadb_in_acquire(samsg, &espstack->esp_sadb, 4071 WR(espstack->esp_pfkey_q), espstack->ipsecesp_netstack); 4072 } 4073 4074 freemsg(mp); 4075 } 4076 4077 /* 4078 * ESP module write put routine. 4079 */ 4080 static void 4081 ipsecesp_wput(queue_t *q, mblk_t *mp) 4082 { 4083 ipsec_info_t *ii; 4084 struct iocblk *iocp; 4085 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 4086 4087 esp3dbg(espstack, ("In esp_wput().\n")); 4088 4089 /* NOTE: Each case must take care of freeing or passing mp. */ 4090 switch (mp->b_datap->db_type) { 4091 case M_CTL: 4092 if ((mp->b_wptr - mp->b_rptr) < sizeof (ipsec_info_t)) { 4093 /* Not big enough message. */ 4094 freemsg(mp); 4095 break; 4096 } 4097 ii = (ipsec_info_t *)mp->b_rptr; 4098 4099 switch (ii->ipsec_info_type) { 4100 case KEYSOCK_OUT_ERR: 4101 esp1dbg(espstack, ("Got KEYSOCK_OUT_ERR message.\n")); 4102 esp_keysock_no_socket(mp, espstack); 4103 break; 4104 case KEYSOCK_IN: 4105 ESP_BUMP_STAT(espstack, keysock_in); 4106 esp3dbg(espstack, ("Got KEYSOCK_IN message.\n")); 4107 4108 /* Parse the message. */ 4109 esp_parse_pfkey(mp, espstack); 4110 break; 4111 case KEYSOCK_HELLO: 4112 sadb_keysock_hello(&espstack->esp_pfkey_q, q, mp, 4113 esp_ager, (void *)espstack, &espstack->esp_event, 4114 SADB_SATYPE_ESP); 4115 break; 4116 default: 4117 esp2dbg(espstack, ("Got M_CTL from above of 0x%x.\n", 4118 ii->ipsec_info_type)); 4119 freemsg(mp); 4120 break; 4121 } 4122 break; 4123 case M_IOCTL: 4124 iocp = (struct iocblk *)mp->b_rptr; 4125 switch (iocp->ioc_cmd) { 4126 case ND_SET: 4127 case ND_GET: 4128 if (nd_getset(q, espstack->ipsecesp_g_nd, mp)) { 4129 qreply(q, mp); 4130 return; 4131 } else { 4132 iocp->ioc_error = ENOENT; 4133 } 4134 /* FALLTHRU */ 4135 default: 4136 /* We really don't support any other ioctls, do we? */ 4137 4138 /* Return EINVAL */ 4139 if (iocp->ioc_error != ENOENT) 4140 iocp->ioc_error = EINVAL; 4141 iocp->ioc_count = 0; 4142 mp->b_datap->db_type = M_IOCACK; 4143 qreply(q, mp); 4144 return; 4145 } 4146 default: 4147 esp3dbg(espstack, 4148 ("Got default message, type %d, passing to IP.\n", 4149 mp->b_datap->db_type)); 4150 putnext(q, mp); 4151 } 4152 } 4153 4154 /* 4155 * Process an outbound ESP packet that can be accelerated by a IPsec 4156 * hardware acceleration capable Provider. 4157 * The caller already inserted and initialized the ESP header. 4158 * This function allocates a tagging M_CTL, and adds room at the end 4159 * of the packet to hold the ICV if authentication is needed. 4160 * 4161 * On success returns B_TRUE, on failure returns B_FALSE and frees the 4162 * mblk chain ipsec_out. 4163 */ 4164 static ipsec_status_t 4165 esp_outbound_accelerated(mblk_t *ipsec_out, uint_t icv_len) 4166 { 4167 ipsec_out_t *io; 4168 mblk_t *lastmp; 4169 netstack_t *ns; 4170 ipsecesp_stack_t *espstack; 4171 ipsec_stack_t *ipss; 4172 4173 io = (ipsec_out_t *)ipsec_out->b_rptr; 4174 ns = io->ipsec_out_ns; 4175 espstack = ns->netstack_ipsecesp; 4176 ipss = ns->netstack_ipsec; 4177 4178 ESP_BUMP_STAT(espstack, out_accelerated); 4179 4180 /* mark packet as being accelerated in IPSEC_OUT */ 4181 ASSERT(io->ipsec_out_accelerated == B_FALSE); 4182 io->ipsec_out_accelerated = B_TRUE; 4183 4184 /* 4185 * add room at the end of the packet for the ICV if needed 4186 */ 4187 if (icv_len > 0) { 4188 /* go to last mblk */ 4189 lastmp = ipsec_out; /* For following while loop. */ 4190 do { 4191 lastmp = lastmp->b_cont; 4192 } while (lastmp->b_cont != NULL); 4193 4194 /* if not enough available room, allocate new mblk */ 4195 if ((lastmp->b_wptr + icv_len) > lastmp->b_datap->db_lim) { 4196 lastmp->b_cont = allocb(icv_len, BPRI_HI); 4197 if (lastmp->b_cont == NULL) { 4198 ESP_BUMP_STAT(espstack, out_discards); 4199 ip_drop_packet(ipsec_out, B_FALSE, NULL, NULL, 4200 DROPPER(ipss, ipds_esp_nomem), 4201 &espstack->esp_dropper); 4202 return (IPSEC_STATUS_FAILED); 4203 } 4204 lastmp = lastmp->b_cont; 4205 } 4206 lastmp->b_wptr += icv_len; 4207 } 4208 4209 return (IPSEC_STATUS_SUCCESS); 4210 } 4211 4212 /* 4213 * Process an inbound accelerated ESP packet. 4214 * On success returns B_TRUE, on failure returns B_FALSE and frees the 4215 * mblk chain ipsec_in. 4216 */ 4217 static ipsec_status_t 4218 esp_inbound_accelerated(mblk_t *ipsec_in, mblk_t *data_mp, boolean_t isv4, 4219 ipsa_t *assoc) 4220 { 4221 ipsec_in_t *ii = (ipsec_in_t *)ipsec_in->b_rptr; 4222 mblk_t *hada_mp; 4223 uint32_t icv_len = 0; 4224 da_ipsec_t *hada; 4225 ipha_t *ipha; 4226 ip6_t *ip6h; 4227 kstat_named_t *counter; 4228 netstack_t *ns = ii->ipsec_in_ns; 4229 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 4230 ipsec_stack_t *ipss = ns->netstack_ipsec; 4231 4232 ESP_BUMP_STAT(espstack, in_accelerated); 4233 4234 hada_mp = ii->ipsec_in_da; 4235 ASSERT(hada_mp != NULL); 4236 hada = (da_ipsec_t *)hada_mp->b_rptr; 4237 4238 /* 4239 * We only support one level of decapsulation in hardware, so 4240 * nuke the pointer. 4241 */ 4242 ii->ipsec_in_da = NULL; 4243 ii->ipsec_in_accelerated = B_FALSE; 4244 4245 if (assoc->ipsa_auth_alg != IPSA_AALG_NONE) { 4246 /* 4247 * ESP with authentication. We expect the Provider to have 4248 * computed the ICV and placed it in the hardware acceleration 4249 * data attributes. 4250 * 4251 * Extract ICV length from attributes M_CTL and sanity check 4252 * its value. We allow the mblk to be smaller than da_ipsec_t 4253 * for a small ICV, as long as the entire ICV fits within the 4254 * mblk. 4255 * 4256 * Also ensures that the ICV length computed by Provider 4257 * corresponds to the ICV length of the agorithm specified by 4258 * the SA. 4259 */ 4260 icv_len = hada->da_icv_len; 4261 if ((icv_len != assoc->ipsa_mac_len) || 4262 (icv_len > DA_ICV_MAX_LEN) || (MBLKL(hada_mp) < 4263 (sizeof (da_ipsec_t) - DA_ICV_MAX_LEN + icv_len))) { 4264 esp0dbg(("esp_inbound_accelerated: " 4265 "ICV len (%u) incorrect or mblk too small (%u)\n", 4266 icv_len, (uint32_t)(MBLKL(hada_mp)))); 4267 counter = DROPPER(ipss, ipds_esp_bad_auth); 4268 goto esp_in_discard; 4269 } 4270 } 4271 4272 /* get pointers to IP header */ 4273 if (isv4) { 4274 ipha = (ipha_t *)data_mp->b_rptr; 4275 } else { 4276 ip6h = (ip6_t *)data_mp->b_rptr; 4277 } 4278 4279 /* 4280 * Compare ICV in ESP packet vs ICV computed by adapter. 4281 * We also remove the ICV from the end of the packet since 4282 * it will no longer be needed. 4283 * 4284 * Assume that esp_inbound() already ensured that the pkt 4285 * was in one mblk. 4286 */ 4287 ASSERT(data_mp->b_cont == NULL); 4288 data_mp->b_wptr -= icv_len; 4289 /* adjust IP header */ 4290 if (isv4) 4291 ipha->ipha_length = htons(ntohs(ipha->ipha_length) - icv_len); 4292 else 4293 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - icv_len); 4294 if (icv_len && bcmp(hada->da_icv, data_mp->b_wptr, icv_len)) { 4295 int af; 4296 void *addr; 4297 4298 if (isv4) { 4299 addr = &ipha->ipha_dst; 4300 af = AF_INET; 4301 } else { 4302 addr = &ip6h->ip6_dst; 4303 af = AF_INET6; 4304 } 4305 4306 /* 4307 * Log the event. Don't print to the console, block 4308 * potential denial-of-service attack. 4309 */ 4310 ESP_BUMP_STAT(espstack, bad_auth); 4311 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 4312 "ESP Authentication failed spi %x, dst_addr %s", 4313 assoc->ipsa_spi, addr, af, espstack->ipsecesp_netstack); 4314 counter = DROPPER(ipss, ipds_esp_bad_auth); 4315 goto esp_in_discard; 4316 } 4317 4318 esp3dbg(espstack, ("esp_inbound_accelerated: ESP authentication " 4319 "succeeded, checking replay\n")); 4320 4321 ipsec_in->b_cont = data_mp; 4322 4323 /* 4324 * Remove ESP header and padding from packet. 4325 */ 4326 if (!esp_strip_header(data_mp, ii->ipsec_in_v4, assoc->ipsa_iv_len, 4327 &counter, espstack)) { 4328 esp1dbg(espstack, ("esp_inbound_accelerated: " 4329 "esp_strip_header() failed\n")); 4330 goto esp_in_discard; 4331 } 4332 4333 freeb(hada_mp); 4334 4335 /* 4336 * Account for usage.. 4337 */ 4338 if (!esp_age_bytes(assoc, msgdsize(data_mp), B_TRUE)) { 4339 /* The ipsa has hit hard expiration, LOG and AUDIT. */ 4340 ESP_BUMP_STAT(espstack, bytes_expired); 4341 IP_ESP_BUMP_STAT(ipss, in_discards); 4342 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 4343 "ESP association 0x%x, dst %s had bytes expire.\n", 4344 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam, 4345 espstack->ipsecesp_netstack); 4346 ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL, 4347 DROPPER(ipss, ipds_esp_bytes_expire), 4348 &espstack->esp_dropper); 4349 return (IPSEC_STATUS_FAILED); 4350 } 4351 4352 /* done processing the packet */ 4353 return (IPSEC_STATUS_SUCCESS); 4354 4355 esp_in_discard: 4356 IP_ESP_BUMP_STAT(ipss, in_discards); 4357 freeb(hada_mp); 4358 4359 ipsec_in->b_cont = data_mp; /* For ip_drop_packet()'s sake... */ 4360 ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL, counter, 4361 &espstack->esp_dropper); 4362 4363 return (IPSEC_STATUS_FAILED); 4364 } 4365 4366 /* 4367 * Wrapper to allow IP to trigger an ESP association failure message 4368 * during inbound SA selection. 4369 */ 4370 void 4371 ipsecesp_in_assocfailure(mblk_t *mp, char level, ushort_t sl, char *fmt, 4372 uint32_t spi, void *addr, int af, ipsecesp_stack_t *espstack) 4373 { 4374 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 4375 4376 if (espstack->ipsecesp_log_unknown_spi) { 4377 ipsec_assocfailure(info.mi_idnum, 0, level, sl, fmt, spi, 4378 addr, af, espstack->ipsecesp_netstack); 4379 } 4380 4381 ip_drop_packet(mp, B_TRUE, NULL, NULL, 4382 DROPPER(ipss, ipds_esp_no_sa), 4383 &espstack->esp_dropper); 4384 } 4385 4386 /* 4387 * Initialize the ESP input and output processing functions. 4388 */ 4389 void 4390 ipsecesp_init_funcs(ipsa_t *sa) 4391 { 4392 if (sa->ipsa_output_func == NULL) 4393 sa->ipsa_output_func = esp_outbound; 4394 if (sa->ipsa_input_func == NULL) 4395 sa->ipsa_input_func = esp_inbound; 4396 } 4397