xref: /illumos-gate/usr/src/uts/common/inet/sadb.h (revision 46b592853d0f4f11781b6b0a7533f267c6aee132)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_INET_SADB_H
27 #define	_INET_SADB_H
28 
29 #ifdef	__cplusplus
30 extern "C" {
31 #endif
32 
33 #include <inet/ipsec_info.h>
34 #include <sys/crypto/common.h>
35 #include <sys/crypto/api.h>
36 #include <sys/note.h>
37 
38 #define	IPSA_MAX_ADDRLEN 4	/* Max address len. (in 32-bits) for an SA. */
39 
40 /*
41  * Return codes of IPsec processing functions.
42  */
43 typedef enum {
44 	IPSEC_STATUS_SUCCESS = 1,
45 	IPSEC_STATUS_FAILED = 2,
46 	IPSEC_STATUS_PENDING = 3
47 } ipsec_status_t;
48 
49 /*
50  * The Initialization Vector (also known as IV or Nonce) used to
51  * initialize the Block Cipher, is made up of a Counter and a Salt.
52  * The Counter is fixed at 64 bits and is incremented for each packet.
53  * The Salt value can be any whole byte value upto 64 bits. This is
54  * algorithm mode specific and can be configured with ipsecalgs(1m).
55  *
56  * We only support whole byte salt lengths, this is because the salt is
57  * stored in an array of uint8_t's. This is enforced by ipsecalgs(1m)
58  * which configures the salt length as a number of bytes. Checks are
59  * made to ensure the salt length defined in ipsecalgs(1m) fits in
60  * the ipsec_nonce_t.
61  *
62  * The Salt value remains constant for the life of the SA, the Salt is
63  * know to both peers, but NOT transmitted on the network. The Counter
64  * portion of the nonce is transmitted over the network with each packet
65  * and is confusingly described as the Initialization Vector by RFCs
66  * 4309/4106.
67  *
68  * The maximum Initialization Vector length is 128 bits, if the actual
69  * size is less, its padded internally by the algorithm.
70  *
71  * The nonce structure is defined like this in the SA (ipsa_t)to ensure
72  * the Initilization Vector (counter) is 64 bit aligned, because it will
73  * be incremented as an uint64_t. The nonce as used by the algorithms is
74  * a straight uint8_t array.
75  *
76  *                     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
77  *                     | | | | |x|x|x|x|               |
78  *                     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
79  * salt_offset         <------>
80  * ipsa_saltlen                <------->
81  * ipsa_nonce_buf------^
82  * ipsa_salt-------------~~~~~~^
83  * ipsa_nonce------------~~~~~~^
84  * ipsa_iv-----------------------------^
85  */
86 typedef struct ipsec_nonce_s {
87 	uint8_t		salt[MAXSALTSIZE];
88 	uint64_t	iv;
89 } ipsec_nonce_t;
90 
91 /*
92  * IP security association.  Synchronization assumes 32-bit loads, so
93  * the 64-bit quantities can't even be be read w/o locking it down!
94  */
95 
96 /* keying info */
97 typedef struct ipsa_key_s {
98 	uint8_t *sak_key;		/* Algorithm key. */
99 	uint_t sak_keylen;	/* Algorithm key length (in bytes). */
100 	uint_t sak_keybits;	/* Algorithm key length (in bits) */
101 	uint_t sak_algid;	/* Algorithm ID number. */
102 } ipsa_key_t;
103 
104 typedef struct ipsa_s {
105 	struct ipsa_s *ipsa_next;	/* Next in hash bucket */
106 	struct ipsa_s **ipsa_ptpn;	/* Pointer to previous next pointer. */
107 	kmutex_t *ipsa_linklock;	/* Pointer to hash-chain lock. */
108 	void (*ipsa_freefunc)(struct ipsa_s *); /* freeassoc function */
109 	void (*ipsa_noncefunc)(struct ipsa_s *, uchar_t *,
110 	    uint_t, uchar_t *, ipsa_cm_mech_t *, crypto_data_t *);
111 	/*
112 	 * NOTE: I may need more pointers, depending on future SA
113 	 * requirements.
114 	 */
115 	ipsa_key_t ipsa_authkeydata;
116 #define	ipsa_authkey ipsa_authkeydata.sak_key
117 #define	ipsa_authkeylen ipsa_authkeydata.sak_keylen
118 #define	ipsa_authkeybits ipsa_authkeydata.sak_keybits
119 #define	ipsa_auth_alg ipsa_authkeydata.sak_algid
120 	ipsa_key_t ipsa_encrkeydata;
121 #define	ipsa_encrkey ipsa_encrkeydata.sak_key
122 #define	ipsa_encrkeylen ipsa_encrkeydata.sak_keylen
123 #define	ipsa_encrkeybits ipsa_encrkeydata.sak_keybits
124 #define	ipsa_encr_alg ipsa_encrkeydata.sak_algid
125 
126 	struct ipsid_s *ipsa_src_cid;	/* Source certificate identity */
127 	struct ipsid_s *ipsa_dst_cid;	/* Destination certificate identity */
128 	uint64_t *ipsa_integ;	/* Integrity bitmap */
129 	uint64_t *ipsa_sens;	/* Sensitivity bitmap */
130 	mblk_t	*ipsa_lpkt;	/* Packet received while larval (CAS me) */
131 	mblk_t	*ipsa_bpkt_head;	/* Packets received while idle */
132 	mblk_t	*ipsa_bpkt_tail;
133 #define	SADB_MAX_IDLEPKTS	100
134 	uint8_t	ipsa_mblkcnt;	/* Number of packets received while idle */
135 
136 	/*
137 	 * PF_KEYv2 supports a replay window size of 255.  Hence there is a
138 	 * need a bit vector to support a replay window of 255.  256 is a nice
139 	 * round number, so I support that.
140 	 *
141 	 * Use an array of uint64_t for best performance on 64-bit
142 	 * processors.  (And hope that 32-bit compilers can handle things
143 	 * okay.)  The " >> 6 " is to get the appropriate number of 64-bit
144 	 * ints.
145 	 */
146 #define	SADB_MAX_REPLAY 256	/* Must be 0 mod 64. */
147 	uint64_t ipsa_replay_arr[SADB_MAX_REPLAY >> 6];
148 
149 	uint64_t ipsa_unique_id;	/* Non-zero for unique SAs */
150 	uint64_t ipsa_unique_mask;	/* mask value for unique_id */
151 
152 	/*
153 	 * Reference count semantics:
154 	 *
155 	 *	An SA has a reference count of 1 if something's pointing
156 	 *	to it.  This includes being in a hash table.  So if an
157 	 *	SA is in a hash table, it has a reference count of at least 1.
158 	 *
159 	 *	When a ptr. to an IPSA is assigned, you MUST REFHOLD after
160 	 *	said assignment.  When a ptr. to an IPSA is released
161 	 *	you MUST REFRELE.  When the refcount hits 0, REFRELE
162 	 *	will free the IPSA.
163 	 */
164 	kmutex_t ipsa_lock;	/* Locks non-linkage/refcnt fields. */
165 	/* Q:  Since I may be doing refcnts differently, will I need cv? */
166 	uint_t ipsa_refcnt;	/* Reference count. */
167 
168 	/*
169 	 * The following four time fields are the ones monitored by ah_ager()
170 	 * and esp_ager() respectively.  They are all absolute wall-clock
171 	 * times.  The times of creation (i.e. add time) and first use are
172 	 * pretty straightforward.  The soft and hard expire times are
173 	 * derived from the times of first use and creation, plus the minimum
174 	 * expiration times in the fields that follow this.
175 	 *
176 	 * For example, if I had a hard add time of 30 seconds, and a hard
177 	 * use time of 15, the ipsa_hardexpiretime would be time of add, plus
178 	 * 30 seconds.  If I USE the SA such that time of first use plus 15
179 	 * seconds would be earlier than the add time plus 30 seconds, then
180 	 * ipsa_hardexpiretime would become this earlier time.
181 	 */
182 	time_t ipsa_addtime;	/* Time I was added. */
183 	time_t ipsa_usetime;	/* Time of my first use. */
184 	time_t ipsa_lastuse;	/* Time of my last use. */
185 	time_t ipsa_idletime;	/* Seconds of idle time */
186 	time_t ipsa_last_nat_t_ka;	/* Time of my last NAT-T keepalive. */
187 	time_t ipsa_softexpiretime;	/* Time of my first soft expire. */
188 	time_t ipsa_hardexpiretime;	/* Time of my first hard expire. */
189 	time_t ipsa_idleexpiretime;	/* Time of my next idle expire time */
190 
191 	struct ipsec_nonce_s *ipsa_nonce_buf;
192 	uint8_t	*ipsa_nonce;
193 	uint_t ipsa_nonce_len;
194 	uint8_t	*ipsa_salt;
195 	uint_t ipsa_saltbits;
196 	uint_t ipsa_saltlen;
197 	uint64_t *ipsa_iv;
198 
199 	uint64_t ipsa_iv_hardexpire;
200 	uint64_t ipsa_iv_softexpire;
201 	/*
202 	 * The following fields are directly reflected in PF_KEYv2 LIFETIME
203 	 * extensions.  The time_ts are in number-of-seconds, and the bytes
204 	 * are in... bytes.
205 	 */
206 	time_t ipsa_softaddlt;	/* Seconds of soft lifetime after add. */
207 	time_t ipsa_softuselt;	/* Seconds of soft lifetime after first use. */
208 	time_t ipsa_hardaddlt;	/* Seconds of hard lifetime after add. */
209 	time_t ipsa_harduselt;	/* Seconds of hard lifetime after first use. */
210 	time_t ipsa_idleaddlt;	/* Seconds of idle time after add */
211 	time_t ipsa_idleuselt;	/* Seconds of idle time after first use */
212 	uint64_t ipsa_softbyteslt;	/* Bytes of soft lifetime. */
213 	uint64_t ipsa_hardbyteslt;	/* Bytes of hard lifetime. */
214 	uint64_t ipsa_bytes;	/* Bytes encrypted/authed by this SA. */
215 
216 	/*
217 	 * "Allocations" are a concept mentioned in PF_KEYv2.  We do not
218 	 * support them, except to record them per the PF_KEYv2 spec.
219 	 */
220 	uint_t ipsa_softalloc;	/* Allocations allowed (soft). */
221 	uint_t ipsa_hardalloc;	/* Allocations allowed (hard). */
222 	uint_t ipsa_alloc;	/* Allocations made. */
223 
224 	uint_t ipsa_integlen;	/* Length of the integrity bitmap (bytes). */
225 	uint_t ipsa_senslen;	/* Length of the sensitivity bitmap (bytes). */
226 
227 	uint_t ipsa_type;	/* Type of security association. (AH/etc.) */
228 	uint_t ipsa_dpd;	/* Domain for sensitivity bit vectors. */
229 	uint_t ipsa_senslevel;	/* Sensitivity level. */
230 	uint_t ipsa_integlevel;	/* Integrity level. */
231 	uint_t ipsa_state;	/* State of my association. */
232 	uint_t ipsa_replay_wsize; /* Size of replay window */
233 	uint32_t ipsa_flags;	/* Flags for security association. */
234 	uint32_t ipsa_spi;	/* Security parameters index. */
235 	uint32_t ipsa_replay;	/* Highest seen replay value for this SA. */
236 	uint32_t ipsa_kmp;	/* key management proto */
237 	uint32_t ipsa_kmc;	/* key management cookie */
238 
239 	boolean_t ipsa_haspeer;		/* Has peer in another table. */
240 
241 	/*
242 	 * Address storage.
243 	 * The source address can be INADDR_ANY, IN6ADDR_ANY, etc.
244 	 *
245 	 * Address families (per sys/socket.h) guide us.  We could have just
246 	 * used sockaddr_storage
247 	 */
248 	sa_family_t ipsa_addrfam;
249 	sa_family_t ipsa_innerfam;	/* Inner AF can be != src/dst AF. */
250 
251 	uint32_t ipsa_srcaddr[IPSA_MAX_ADDRLEN];
252 	uint32_t ipsa_dstaddr[IPSA_MAX_ADDRLEN];
253 	uint32_t ipsa_innersrc[IPSA_MAX_ADDRLEN];
254 	uint32_t ipsa_innerdst[IPSA_MAX_ADDRLEN];
255 
256 	uint8_t ipsa_innersrcpfx;
257 	uint8_t ipsa_innerdstpfx;
258 
259 	uint16_t ipsa_inbound_cksum; /* cksum correction for inbound packets */
260 	uint16_t ipsa_local_nat_port;	/* Local NAT-T port.  (0 --> 4500) */
261 	uint16_t ipsa_remote_nat_port; /* The other port that isn't 4500 */
262 
263 	/* these can only be v4 */
264 	uint32_t ipsa_natt_addr_loc;
265 	uint32_t ipsa_natt_addr_rem;
266 
267 	/*
268 	 * icmp type and code. *_end are to specify ranges. if only
269 	 * a single value, * and *_end are the same value.
270 	 */
271 	uint8_t ipsa_icmp_type;
272 	uint8_t ipsa_icmp_type_end;
273 	uint8_t ipsa_icmp_code;
274 	uint8_t ipsa_icmp_code_end;
275 
276 	/*
277 	 * For the kernel crypto framework.
278 	 */
279 	crypto_key_t ipsa_kcfauthkey;		/* authentication key */
280 	crypto_key_t ipsa_kcfencrkey;		/* encryption key */
281 	crypto_ctx_template_t ipsa_authtmpl;	/* auth context template */
282 	crypto_ctx_template_t ipsa_encrtmpl;	/* encr context template */
283 	crypto_mechanism_t ipsa_amech;		/* auth mech type and ICV len */
284 	crypto_mechanism_t ipsa_emech;		/* encr mech type */
285 	size_t ipsa_mac_len;			/* auth MAC/ICV length */
286 	size_t ipsa_iv_len;			/* encr IV length */
287 	size_t ipsa_datalen;			/* block length in bytes. */
288 
289 	/*
290 	 * Input and output processing functions called from IP.
291 	 */
292 	ipsec_status_t (*ipsa_output_func)(mblk_t *);
293 	ipsec_status_t (*ipsa_input_func)(mblk_t *, void *);
294 
295 	/*
296 	 * Soft reference to paired SA
297 	 */
298 	uint32_t	ipsa_otherspi;
299 
300 	/* MLS boxen will probably need more fields in here. */
301 
302 	netstack_t	*ipsa_netstack;	/* Does not have a netstack_hold */
303 } ipsa_t;
304 
305 /*
306  * ipsa_t address handling macros.  We want these to be inlined, and deal
307  * with 32-bit words to avoid bcmp/bcopy calls.
308  *
309  * Assume we only have AF_INET and AF_INET6 addresses for now.  Also assume
310  * that we have 32-bit alignment on everything.
311  */
312 #define	IPSA_IS_ADDR_UNSPEC(addr, fam) ((((uint32_t *)(addr))[0] == 0) && \
313 	(((fam) == AF_INET) || (((uint32_t *)(addr))[3] == 0 && \
314 	((uint32_t *)(addr))[2] == 0 && ((uint32_t *)(addr))[1] == 0)))
315 #define	IPSA_ARE_ADDR_EQUAL(addr1, addr2, fam) \
316 	((((uint32_t *)(addr1))[0] == ((uint32_t *)(addr2))[0]) && \
317 	(((fam) == AF_INET) || \
318 	(((uint32_t *)(addr1))[3] == ((uint32_t *)(addr2))[3] && \
319 	((uint32_t *)(addr1))[2] == ((uint32_t *)(addr2))[2] && \
320 	((uint32_t *)(addr1))[1] == ((uint32_t *)(addr2))[1])))
321 #define	IPSA_COPY_ADDR(dstaddr, srcaddr, fam) { \
322 	((uint32_t *)(dstaddr))[0] = ((uint32_t *)(srcaddr))[0]; \
323 	if ((fam) == AF_INET6) {\
324 		((uint32_t *)(dstaddr))[1] = ((uint32_t *)(srcaddr))[1]; \
325 		((uint32_t *)(dstaddr))[2] = ((uint32_t *)(srcaddr))[2]; \
326 		((uint32_t *)(dstaddr))[3] = ((uint32_t *)(srcaddr))[3]; } }
327 
328 /*
329  * ipsa_t reference hold/release macros.
330  *
331  * If you have a pointer, you REFHOLD.  If you are releasing a pointer, you
332  * REFRELE.  An ipsa_t that is newly inserted into the table should have
333  * a reference count of 1 (for the table's pointer), plus 1 more for every
334  * pointer that is referencing the ipsa_t.
335  */
336 
337 #define	IPSA_REFHOLD(ipsa) {			\
338 	atomic_add_32(&(ipsa)->ipsa_refcnt, 1);	\
339 	ASSERT((ipsa)->ipsa_refcnt != 0);	\
340 }
341 
342 /*
343  * Decrement the reference count on the SA.
344  * In architectures e.g sun4u, where atomic_add_32_nv is just
345  * a cas, we need to maintain the right memory barrier semantics
346  * as that of mutex_exit i.e all the loads and stores should complete
347  * before the cas is executed. membar_exit() does that here.
348  */
349 
350 #define	IPSA_REFRELE(ipsa) {					\
351 	ASSERT((ipsa)->ipsa_refcnt != 0);			\
352 	membar_exit();						\
353 	if (atomic_add_32_nv(&(ipsa)->ipsa_refcnt, -1) == 0)	\
354 		((ipsa)->ipsa_freefunc)(ipsa);			\
355 }
356 
357 /*
358  * Security association hash macros and definitions.  For now, assume the
359  * IPsec model, and hash outbounds on destination address, and inbounds on
360  * SPI.
361  */
362 
363 #define	IPSEC_DEFAULT_HASH_SIZE 256
364 
365 #define	INBOUND_HASH(sadb, spi) ((spi) % ((sadb)->sdb_hashsize))
366 #define	OUTBOUND_HASH_V4(sadb, v4addr) ((v4addr) % ((sadb)->sdb_hashsize))
367 #define	OUTBOUND_HASH_V6(sadb, v6addr) OUTBOUND_HASH_V4((sadb), \
368 	(*(uint32_t *)&(v6addr)) ^ (*(((uint32_t *)&(v6addr)) + 1)) ^ \
369 	(*(((uint32_t *)&(v6addr)) + 2)) ^ (*(((uint32_t *)&(v6addr)) + 3)))
370 
371 /*
372  * Syntactic sugar to find the appropriate hash bucket directly.
373  */
374 
375 #define	INBOUND_BUCKET(sadb, spi) &(((sadb)->sdb_if)[INBOUND_HASH(sadb, spi)])
376 #define	OUTBOUND_BUCKET_V4(sadb, v4addr) \
377 	&(((sadb)->sdb_of)[OUTBOUND_HASH_V4(sadb, v4addr)])
378 #define	OUTBOUND_BUCKET_V6(sadb, v6addr) \
379 	&(((sadb)->sdb_of)[OUTBOUND_HASH_V6(sadb, v6addr)])
380 
381 #define	IPSA_F_PFS	SADB_SAFLAGS_PFS	/* PFS in use for this SA? */
382 #define	IPSA_F_NOREPFLD	SADB_SAFLAGS_NOREPLAY	/* No replay field, for */
383 						/* backward compat. */
384 #define	IPSA_F_USED	SADB_X_SAFLAGS_USED	/* SA has been used. */
385 #define	IPSA_F_UNIQUE	SADB_X_SAFLAGS_UNIQUE	/* SA is unique */
386 #define	IPSA_F_AALG1	SADB_X_SAFLAGS_AALG1	/* Auth alg flag 1 */
387 #define	IPSA_F_AALG2	SADB_X_SAFLAGS_AALG2	/* Auth alg flag 2 */
388 #define	IPSA_F_EALG1	SADB_X_SAFLAGS_EALG1	/* Encrypt alg flag 1 */
389 #define	IPSA_F_EALG2	SADB_X_SAFLAGS_EALG2	/* Encrypt alg flag 2 */
390 
391 #define	IPSA_F_HW	0x200000		/* hwaccel capable SA */
392 #define	IPSA_F_NATT_LOC	SADB_X_SAFLAGS_NATT_LOC
393 #define	IPSA_F_NATT_REM	SADB_X_SAFLAGS_NATT_REM
394 #define	IPSA_F_BEHIND_NAT SADB_X_SAFLAGS_NATTED
395 #define	IPSA_F_NATT	(SADB_X_SAFLAGS_NATT_LOC | SADB_X_SAFLAGS_NATT_REM | \
396 	SADB_X_SAFLAGS_NATTED)
397 #define	IPSA_F_CINVALID	0x40000		/* SA shouldn't be cached */
398 #define	IPSA_F_PAIRED	SADB_X_SAFLAGS_PAIRED	/* SA is one of a pair */
399 #define	IPSA_F_OUTBOUND	SADB_X_SAFLAGS_OUTBOUND	/* SA direction bit */
400 #define	IPSA_F_INBOUND	SADB_X_SAFLAGS_INBOUND	/* SA direction bit */
401 #define	IPSA_F_TUNNEL	SADB_X_SAFLAGS_TUNNEL
402 /*
403  * These flags are only defined here to prevent a flag value collision.
404  */
405 #define	IPSA_F_COMBINED	SADB_X_SAFLAGS_EALG1	/* Defined in pfkeyv2.h */
406 #define	IPSA_F_COUNTERMODE SADB_X_SAFLAGS_EALG2	/* Defined in pfkeyv2.h */
407 
408 /*
409  * Sets of flags that are allowed to by set or modified by PF_KEY apps.
410  */
411 #define	AH_UPDATE_SETTABLE_FLAGS \
412 	(SADB_X_SAFLAGS_PAIRED | SADB_SAFLAGS_NOREPLAY | \
413 	SADB_X_SAFLAGS_OUTBOUND | SADB_X_SAFLAGS_INBOUND | \
414 	SADB_X_SAFLAGS_KM1 | SADB_X_SAFLAGS_KM2 | \
415 	SADB_X_SAFLAGS_KM3 | SADB_X_SAFLAGS_KM4)
416 
417 /* AH can't set NAT flags (or even use NAT).  Add NAT flags to the ESP set. */
418 #define	ESP_UPDATE_SETTABLE_FLAGS (AH_UPDATE_SETTABLE_FLAGS | IPSA_F_NATT)
419 
420 #define	AH_ADD_SETTABLE_FLAGS \
421 	(AH_UPDATE_SETTABLE_FLAGS | SADB_X_SAFLAGS_AALG1 | \
422 	SADB_X_SAFLAGS_AALG2 | SADB_X_SAFLAGS_TUNNEL | \
423 	SADB_SAFLAGS_NOREPLAY)
424 
425 /* AH can't set NAT flags (or even use NAT).  Add NAT flags to the ESP set. */
426 #define	ESP_ADD_SETTABLE_FLAGS (AH_ADD_SETTABLE_FLAGS | IPSA_F_NATT | \
427 	SADB_X_SAFLAGS_EALG1 | SADB_X_SAFLAGS_EALG2)
428 
429 
430 
431 /* SA states are important for handling UPDATE PF_KEY messages. */
432 #define	IPSA_STATE_LARVAL		SADB_SASTATE_LARVAL
433 #define	IPSA_STATE_MATURE		SADB_SASTATE_MATURE
434 #define	IPSA_STATE_DYING		SADB_SASTATE_DYING
435 #define	IPSA_STATE_DEAD			SADB_SASTATE_DEAD
436 #define	IPSA_STATE_IDLE			SADB_X_SASTATE_IDLE
437 #define	IPSA_STATE_ACTIVE_ELSEWHERE	SADB_X_SASTATE_ACTIVE_ELSEWHERE
438 
439 /*
440  * NOTE:  If the document authors do things right in defining algorithms, we'll
441  *	  probably have flags for what all is here w.r.t. replay, ESP w/HMAC,
442  *	  etc.
443  */
444 
445 #define	IPSA_T_ACQUIRE	SEC_TYPE_NONE	/* If this typed returned, sa needed */
446 #define	IPSA_T_AH	SEC_TYPE_AH	/* IPsec AH association */
447 #define	IPSA_T_ESP	SEC_TYPE_ESP	/* IPsec ESP association */
448 
449 #define	IPSA_AALG_NONE	SADB_AALG_NONE		/* No auth. algorithm */
450 #define	IPSA_AALG_MD5H	SADB_AALG_MD5HMAC	/* MD5-HMAC algorithm */
451 #define	IPSA_AALG_SHA1H	SADB_AALG_SHA1HMAC	/* SHA1-HMAC algorithm */
452 
453 #define	IPSA_EALG_NONE		SADB_EALG_NONE	/* No encryption algorithm */
454 #define	IPSA_EALG_DES_CBC	SADB_EALG_DESCBC
455 #define	IPSA_EALG_3DES		SADB_EALG_3DESCBC
456 
457 /*
458  * Protect each ipsa_t bucket (and linkage) with a lock.
459  */
460 
461 typedef struct isaf_s {
462 	ipsa_t *isaf_ipsa;
463 	kmutex_t isaf_lock;
464 	uint64_t isaf_gen;
465 } isaf_t;
466 
467 /*
468  * ACQUIRE record.  If AH/ESP/whatever cannot find an association for outbound
469  * traffic, it sends up an SADB_ACQUIRE message and create an ACQUIRE record.
470  */
471 
472 #define	IPSACQ_MAXPACKETS 4	/* Number of packets that can be queued up */
473 				/* waiting for an ACQUIRE to finish. */
474 
475 typedef struct ipsacq_s {
476 	struct ipsacq_s *ipsacq_next;
477 	struct ipsacq_s **ipsacq_ptpn;
478 	kmutex_t *ipsacq_linklock;
479 	struct ipsec_policy_s  *ipsacq_policy;
480 	struct ipsec_action_s  *ipsacq_act;
481 
482 	sa_family_t ipsacq_addrfam;	/* Address family. */
483 	sa_family_t ipsacq_inneraddrfam; /* Inner-packet address family. */
484 	int ipsacq_numpackets;		/* How many packets queued up so far. */
485 	uint32_t ipsacq_seq;		/* PF_KEY sequence number. */
486 	uint64_t ipsacq_unique_id;	/* Unique ID for SAs that need it. */
487 
488 	kmutex_t ipsacq_lock;	/* Protects non-linkage fields. */
489 	time_t ipsacq_expire;	/* Wall-clock time when this record expires. */
490 	mblk_t *ipsacq_mp;	/* List of datagrams waiting for an SA. */
491 
492 	/* These two point inside the last mblk inserted. */
493 	uint32_t *ipsacq_srcaddr;
494 	uint32_t *ipsacq_dstaddr;
495 
496 	/* Cache these instead of point so we can mask off accordingly */
497 	uint32_t ipsacq_innersrc[IPSA_MAX_ADDRLEN];
498 	uint32_t ipsacq_innerdst[IPSA_MAX_ADDRLEN];
499 
500 	/* These may change per-acquire. */
501 	uint16_t ipsacq_srcport;
502 	uint16_t ipsacq_dstport;
503 	uint8_t ipsacq_proto;
504 	uint8_t ipsacq_inner_proto;
505 	uint8_t ipsacq_innersrcpfx;
506 	uint8_t ipsacq_innerdstpfx;
507 
508 	/* icmp type and code of triggering packet (if applicable) */
509 	uint8_t	ipsacq_icmp_type;
510 	uint8_t ipsacq_icmp_code;
511 } ipsacq_t;
512 
513 /*
514  * Kernel-generated sequence numbers will be no less than 0x80000000 to
515  * forestall any cretinous problems with manual keying accidentally updating
516  * an ACQUIRE entry.
517  */
518 #define	IACQF_LOWEST_SEQ 0x80000000
519 
520 #define	SADB_AGE_INTERVAL_DEFAULT 8000
521 
522 /*
523  * ACQUIRE fanout.  Protect each linkage with a lock.
524  */
525 
526 typedef struct iacqf_s {
527 	ipsacq_t *iacqf_ipsacq;
528 	kmutex_t iacqf_lock;
529 } iacqf_t;
530 
531 /*
532  * A (network protocol, ipsec protocol) specific SADB.
533  * (i.e., one each for {ah, esp} and {v4, v6}.
534  *
535  * Keep outbound assocs about the same as ire_cache entries for now.
536  * One danger point, multiple SAs for a single dest will clog a bucket.
537  * For the future, consider two-level hashing (2nd hash on IPC?), then probe.
538  */
539 
540 typedef struct sadb_s
541 {
542 	isaf_t	*sdb_of;
543 	isaf_t	*sdb_if;
544 	iacqf_t	*sdb_acq;
545 	int	sdb_hashsize;
546 } sadb_t;
547 
548 /*
549  * A pair of SADB's (one for v4, one for v6), and related state (including
550  * acquire callbacks).
551  */
552 
553 typedef struct sadbp_s
554 {
555 	uint32_t	s_satype;
556 	queue_t		*s_ip_q;
557 	uint32_t	*s_acquire_timeout;
558 	void 		(*s_acqfn)(ipsacq_t *, mblk_t *, netstack_t *);
559 	sadb_t		s_v4;
560 	sadb_t		s_v6;
561 	uint32_t	s_addflags;
562 	uint32_t	s_updateflags;
563 } sadbp_t;
564 
565 /*
566  * A pair of SA's for a single connection, the structure contains a
567  * pointer to a SA and the SA its paired with (opposite direction) as well
568  * as the SA's respective hash buckets.
569  */
570 typedef struct ipsap_s
571 {
572 	boolean_t	in_inbound_table;
573 	isaf_t		*ipsap_bucket;
574 	ipsa_t		*ipsap_sa_ptr;
575 	isaf_t		*ipsap_pbucket;
576 	ipsa_t		*ipsap_psa_ptr;
577 } ipsap_t;
578 
579 typedef struct templist_s
580 {
581 	ipsa_t		*ipsa;
582 	struct templist_s	*next;
583 } templist_t;
584 
585 /* Pointer to an all-zeroes IPv6 address. */
586 #define	ALL_ZEROES_PTR	((uint32_t *)&ipv6_all_zeros)
587 
588 /*
589  * Form unique id from ipsec_out_t
590  */
591 
592 #define	SA_FORM_UNIQUE_ID(io)				\
593 	SA_UNIQUE_ID((io)->ipsec_out_src_port, (io)->ipsec_out_dst_port, \
594 		((io)->ipsec_out_tunnel ? ((io)->ipsec_out_inaf == AF_INET6 ? \
595 		    IPPROTO_IPV6 : IPPROTO_ENCAP) : (io)->ipsec_out_proto), \
596 		((io)->ipsec_out_tunnel ? (io)->ipsec_out_proto : 0))
597 
598 /*
599  * This macro is used to generate unique ids (along with the addresses, both
600  * inner and outer) for outbound datagrams that require unique SAs.
601  *
602  * N.B. casts and unsigned shift amounts discourage unwarranted
603  * sign extension of dstport, proto, and iproto.
604  *
605  * Unique ID is 64-bits allocated as follows (pardon my big-endian bias):
606  *
607  *   6               4      43      33              11
608  *   3               7      09      21              65              0
609  *   +---------------*-------+-------+--------------+---------------+
610  *   |  MUST-BE-ZERO |<iprot>|<proto>| <src port>   |  <dest port>  |
611  *   +---------------*-------+-------+--------------+---------------+
612  *
613  * If there are inner addresses (tunnel mode) the ports come from the
614  * inner addresses.  If there are no inner addresses, the ports come from
615  * the outer addresses (transport mode).  Tunnel mode MUST have <proto>
616  * set to either IPPROTO_ENCAP or IPPPROTO_IPV6.
617  */
618 #define	SA_UNIQUE_ID(srcport, dstport, proto, iproto) 	\
619 	((srcport) | ((uint64_t)(dstport) << 16U) | \
620 	((uint64_t)(proto) << 32U) | ((uint64_t)(iproto) << 40U))
621 
622 /*
623  * SA_UNIQUE_MASK generates a mask value to use when comparing the unique value
624  * from a packet to an SA.
625  */
626 
627 #define	SA_UNIQUE_MASK(srcport, dstport, proto, iproto) 	\
628 	SA_UNIQUE_ID((srcport != 0) ? 0xffff : 0,		\
629 		    (dstport != 0) ? 0xffff : 0,		\
630 		    (proto != 0) ? 0xff : 0,			\
631 		    (iproto != 0) ? 0xff : 0)
632 
633 /*
634  * Decompose unique id back into its original fields.
635  */
636 #define	SA_IPROTO(ipsa) ((ipsa)->ipsa_unique_id>>40)&0xff
637 #define	SA_PROTO(ipsa) ((ipsa)->ipsa_unique_id>>32)&0xff
638 #define	SA_SRCPORT(ipsa) ((ipsa)->ipsa_unique_id & 0xffff)
639 #define	SA_DSTPORT(ipsa) (((ipsa)->ipsa_unique_id >> 16) & 0xffff)
640 
641 /*
642  * All functions that return an ipsa_t will return it with IPSA_REFHOLD()
643  * already called.
644  */
645 
646 /* SA retrieval (inbound and outbound) */
647 ipsa_t *ipsec_getassocbyspi(isaf_t *, uint32_t, uint32_t *, uint32_t *,
648     sa_family_t);
649 ipsa_t *ipsec_getassocbyconn(isaf_t *, ipsec_out_t *, uint32_t *, uint32_t *,
650     sa_family_t, uint8_t);
651 ipsap_t *get_ipsa_pair(sadb_sa_t *, sadb_address_t *, sadb_address_t *,
652     sadbp_t *);
653 void destroy_ipsa_pair(ipsap_t *);
654 int update_pairing(ipsap_t *, keysock_in_t *, int *, sadbp_t *);
655 
656 /* SA insertion. */
657 int sadb_insertassoc(ipsa_t *, isaf_t *);
658 
659 /* SA table construction and destruction. */
660 void sadbp_init(const char *name, sadbp_t *, int, int, netstack_t *);
661 void sadbp_flush(sadbp_t *, netstack_t *);
662 void sadbp_destroy(sadbp_t *, netstack_t *);
663 
664 /* SA insertion and deletion. */
665 int sadb_insertassoc(ipsa_t *, isaf_t *);
666 void sadb_unlinkassoc(ipsa_t *);
667 
668 /* Support routines to interface a keysock consumer to PF_KEY. */
669 mblk_t *sadb_keysock_out(minor_t);
670 int sadb_hardsoftchk(sadb_lifetime_t *, sadb_lifetime_t *, sadb_lifetime_t *);
671 void sadb_pfkey_echo(queue_t *, mblk_t *, sadb_msg_t *, struct keysock_in_s *,
672     ipsa_t *);
673 void sadb_pfkey_error(queue_t *, mblk_t *, int, int, uint_t);
674 void sadb_keysock_hello(queue_t **, queue_t *, mblk_t *, void (*)(void *),
675     void *, timeout_id_t *, int);
676 int sadb_addrcheck(queue_t *, mblk_t *, sadb_ext_t *, uint_t, netstack_t *);
677 boolean_t sadb_addrfix(keysock_in_t *, queue_t *, mblk_t *, netstack_t *);
678 int sadb_addrset(ire_t *);
679 int sadb_delget_sa(mblk_t *, keysock_in_t *, sadbp_t *, int *, queue_t *,
680     uint8_t);
681 
682 int sadb_purge_sa(mblk_t *, keysock_in_t *, sadb_t *, queue_t *, queue_t *);
683 int sadb_common_add(queue_t *, queue_t *, mblk_t *, sadb_msg_t *,
684     keysock_in_t *, isaf_t *, isaf_t *, ipsa_t *, boolean_t, boolean_t, int *,
685     netstack_t *, sadbp_t *);
686 void sadb_set_usetime(ipsa_t *);
687 boolean_t sadb_age_bytes(queue_t *, ipsa_t *, uint64_t, boolean_t);
688 int sadb_update_sa(mblk_t *, keysock_in_t *, mblk_t **, sadbp_t *,
689     int *, queue_t *, int (*)(mblk_t *, keysock_in_t *, int *, netstack_t *),
690     netstack_t *, uint8_t);
691 void sadb_acquire(mblk_t *, ipsec_out_t *, boolean_t, boolean_t);
692 void gcm_params_init(ipsa_t *, uchar_t *, uint_t, uchar_t *, ipsa_cm_mech_t *,
693     crypto_data_t *);
694 void ccm_params_init(ipsa_t *, uchar_t *, uint_t, uchar_t *, ipsa_cm_mech_t *,
695     crypto_data_t *);
696 void cbc_params_init(ipsa_t *, uchar_t *, uint_t, uchar_t *, ipsa_cm_mech_t *,
697     crypto_data_t *);
698 
699 void sadb_destroy_acquire(ipsacq_t *, netstack_t *);
700 struct ipsec_stack;
701 mblk_t *sadb_setup_acquire(ipsacq_t *, uint8_t, struct ipsec_stack *);
702 ipsa_t *sadb_getspi(keysock_in_t *, uint32_t, int *, netstack_t *, uint_t);
703 void sadb_in_acquire(sadb_msg_t *, sadbp_t *, queue_t *, netstack_t *);
704 boolean_t sadb_replay_check(ipsa_t *, uint32_t);
705 boolean_t sadb_replay_peek(ipsa_t *, uint32_t);
706 int sadb_dump(queue_t *, mblk_t *, keysock_in_t *, sadb_t *);
707 void sadb_replay_delete(ipsa_t *);
708 void sadb_ager(sadb_t *, queue_t *, queue_t *, int, netstack_t *);
709 
710 timeout_id_t sadb_retimeout(hrtime_t, queue_t *, void (*)(void *), void *,
711     uint_t *, uint_t, short);
712 void sadb_sa_refrele(void *target);
713 boolean_t sadb_set_lpkt(ipsa_t *, mblk_t *, netstack_t *);
714 mblk_t *sadb_clear_lpkt(ipsa_t *);
715 void sadb_buf_pkt(ipsa_t *, mblk_t *, netstack_t *);
716 void sadb_clear_buf_pkt(void *ipkt);
717 
718 #define	HANDLE_BUF_PKT(taskq, stack, dropper, buf_pkt)			\
719 {									\
720 	if (buf_pkt != NULL) {						\
721 		if (taskq_dispatch(taskq, sadb_clear_buf_pkt,		\
722 		    (void *) buf_pkt, TQ_NOSLEEP) == 0) {		\
723 		    /* Dispatch was unsuccessful drop the packets. */	\
724 			mblk_t		*tmp;				\
725 			while (buf_pkt != NULL) {			\
726 				tmp = buf_pkt->b_next;			\
727 				buf_pkt->b_next = NULL;			\
728 				ip_drop_packet(buf_pkt, B_TRUE, NULL,	\
729 				    NULL, DROPPER(stack,		\
730 				    ipds_sadb_inidle_timeout),		\
731 				    &dropper);				\
732 				buf_pkt = tmp;				\
733 			}						\
734 		}							\
735 	}								\
736 }									\
737 
738 /*
739  * Hw accel-related calls (downloading sadb to driver)
740  */
741 void sadb_ill_download(ill_t *, uint_t);
742 mblk_t *sadb_fmt_sa_req(uint_t, uint_t, ipsa_t *, boolean_t);
743 /*
744  * Sub-set of the IPsec hardware acceleration capabilities functions
745  * implemented by ip_if.c
746  */
747 extern	boolean_t ipsec_capab_match(ill_t *, uint_t, boolean_t, ipsa_t *,
748     netstack_t *);
749 extern	void	ill_ipsec_capab_send_all(uint_t, mblk_t *, ipsa_t *,
750     netstack_t *);
751 
752 
753 /*
754  * One IPsec -> IP linking routine, and two IPsec rate-limiting routines.
755  */
756 extern boolean_t sadb_t_bind_req(queue_t *, int);
757 /*PRINTFLIKE6*/
758 extern void ipsec_rl_strlog(netstack_t *, short, short, char,
759     ushort_t, char *, ...)
760     __KPRINTFLIKE(6);
761 extern void ipsec_assocfailure(short, short, char, ushort_t, char *, uint32_t,
762     void *, int, netstack_t *);
763 
764 /*
765  * Algorithm types.
766  */
767 
768 #define	IPSEC_NALGTYPES 	2
769 
770 typedef enum ipsec_algtype {
771 	IPSEC_ALG_AUTH = 0,
772 	IPSEC_ALG_ENCR = 1
773 } ipsec_algtype_t;
774 
775 /*
776  * Definitions as per IPsec/ISAKMP DOI.
777  */
778 
779 #define	IPSEC_MAX_ALGS		256
780 #define	PROTO_IPSEC_AH		2
781 #define	PROTO_IPSEC_ESP		3
782 
783 /*
784  * Common algorithm info.
785  */
786 typedef struct ipsec_alginfo
787 {
788 	uint8_t		alg_id;
789 	uint8_t		alg_flags;
790 	uint16_t	*alg_key_sizes;
791 	uint16_t	*alg_block_sizes;
792 	uint16_t	*alg_params;
793 	uint16_t	alg_nkey_sizes;
794 	uint16_t	alg_ivlen;
795 	uint16_t	alg_icvlen;
796 	uint8_t		alg_saltlen;
797 	uint16_t	alg_nblock_sizes;
798 	uint16_t	alg_nparams;
799 	uint16_t	alg_minbits;
800 	uint16_t	alg_maxbits;
801 	uint16_t	alg_datalen;
802 	/*
803 	 * increment: number of bits from keysize to keysize
804 	 * default: # of increments from min to default key len
805 	 */
806 	uint16_t	alg_increment;
807 	uint16_t	alg_default;
808 	uint16_t	alg_default_bits;
809 	/*
810 	 * Min, max, and default key sizes effectively supported
811 	 * by the encryption framework.
812 	 */
813 	uint16_t	alg_ef_minbits;
814 	uint16_t	alg_ef_maxbits;
815 	uint16_t	alg_ef_default;
816 	uint16_t	alg_ef_default_bits;
817 
818 	crypto_mech_type_t alg_mech_type;	/* KCF mechanism type */
819 	crypto_mech_name_t alg_mech_name;	/* KCF mechanism name */
820 } ipsec_alginfo_t;
821 
822 #define	alg_datalen alg_block_sizes[0]
823 #define	ALG_VALID(_alg)	((_alg)->alg_flags & ALG_FLAG_VALID)
824 
825 /*
826  * Software crypto execution mode.
827  */
828 typedef enum {
829 	IPSEC_ALGS_EXEC_SYNC = 0,
830 	IPSEC_ALGS_EXEC_ASYNC = 1
831 } ipsec_algs_exec_mode_t;
832 
833 extern void ipsec_alg_reg(ipsec_algtype_t, ipsec_alginfo_t *, netstack_t *);
834 extern void ipsec_alg_unreg(ipsec_algtype_t, uint8_t, netstack_t *);
835 extern void ipsec_alg_fix_min_max(ipsec_alginfo_t *, ipsec_algtype_t,
836     netstack_t *ns);
837 extern void alg_flag_check(ipsec_alginfo_t *);
838 extern void ipsec_alg_free(ipsec_alginfo_t *);
839 extern void ipsec_register_prov_update(void);
840 extern void sadb_alg_update(ipsec_algtype_t, uint8_t, boolean_t,
841     netstack_t *);
842 
843 /*
844  * Context templates management.
845  */
846 
847 #define	IPSEC_CTX_TMPL_ALLOC ((crypto_ctx_template_t)-1)
848 #define	IPSEC_CTX_TMPL(_sa, _which, _type, _tmpl) {			\
849 	if ((_tmpl = (_sa)->_which) == IPSEC_CTX_TMPL_ALLOC) {		\
850 		mutex_enter(&assoc->ipsa_lock);				\
851 		if ((_sa)->_which == IPSEC_CTX_TMPL_ALLOC) {		\
852 			ipsec_stack_t *ipss;				\
853 									\
854 			ipss = assoc->ipsa_netstack->netstack_ipsec;	\
855 			mutex_enter(&ipss->ipsec_alg_lock);		\
856 			(void) ipsec_create_ctx_tmpl(_sa, _type);	\
857 			mutex_exit(&ipss->ipsec_alg_lock);		\
858 		}							\
859 		mutex_exit(&assoc->ipsa_lock);				\
860 		if ((_tmpl = (_sa)->_which) == IPSEC_CTX_TMPL_ALLOC)	\
861 			_tmpl = NULL;					\
862 	}								\
863 }
864 
865 extern int ipsec_create_ctx_tmpl(ipsa_t *, ipsec_algtype_t);
866 extern void ipsec_destroy_ctx_tmpl(ipsa_t *, ipsec_algtype_t);
867 
868 /* key checking */
869 extern int ipsec_check_key(crypto_mech_type_t, sadb_key_t *, boolean_t, int *);
870 
871 typedef struct ipsec_kstats_s {
872 	kstat_named_t esp_stat_in_requests;
873 	kstat_named_t esp_stat_in_discards;
874 	kstat_named_t esp_stat_lookup_failure;
875 	kstat_named_t ah_stat_in_requests;
876 	kstat_named_t ah_stat_in_discards;
877 	kstat_named_t ah_stat_lookup_failure;
878 	kstat_named_t sadb_acquire_maxpackets;
879 	kstat_named_t sadb_acquire_qhiwater;
880 } ipsec_kstats_t;
881 
882 /*
883  * (ipss)->ipsec_kstats is equal to (ipss)->ipsec_ksp->ks_data if
884  * kstat_create_netstack for (ipss)->ipsec_ksp succeeds, but when it
885  * fails, it will be NULL. Note this is done for all stack instances,
886  * so it *could* fail. hence a non-NULL checking is done for
887  * IP_ESP_BUMP_STAT, IP_AH_BUMP_STAT and IP_ACQUIRE_STAT
888  */
889 #define	IP_ESP_BUMP_STAT(ipss, x)					\
890 do {									\
891 	if ((ipss)->ipsec_kstats != NULL)				\
892 		((ipss)->ipsec_kstats->esp_stat_ ## x).value.ui64++;	\
893 _NOTE(CONSTCOND)							\
894 } while (0)
895 
896 #define	IP_AH_BUMP_STAT(ipss, x)					\
897 do {									\
898 	if ((ipss)->ipsec_kstats != NULL)				\
899 		((ipss)->ipsec_kstats->ah_stat_ ## x).value.ui64++;	\
900 _NOTE(CONSTCOND)							\
901 } while (0)
902 
903 #define	IP_ACQUIRE_STAT(ipss, val, new)					\
904 do {									\
905 	if ((ipss)->ipsec_kstats != NULL &&				\
906 	    ((uint64_t)(new)) >						\
907 	    ((ipss)->ipsec_kstats->sadb_acquire_ ## val).value.ui64)	\
908 		((ipss)->ipsec_kstats->sadb_acquire_ ## val).value.ui64 = \
909 			((uint64_t)(new));				\
910 _NOTE(CONSTCOND)							\
911 } while (0)
912 
913 
914 #ifdef	__cplusplus
915 }
916 #endif
917 
918 #endif /* _INET_SADB_H */
919