1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <sys/types.h> 30 #include <sys/stream.h> 31 #include <sys/stropts.h> 32 #include <sys/errno.h> 33 #include <sys/strlog.h> 34 #include <sys/tihdr.h> 35 #include <sys/socket.h> 36 #include <sys/ddi.h> 37 #include <sys/sunddi.h> 38 #include <sys/kmem.h> 39 #include <sys/sysmacros.h> 40 #include <sys/cmn_err.h> 41 #include <sys/vtrace.h> 42 #include <sys/debug.h> 43 #include <sys/atomic.h> 44 #include <sys/strsun.h> 45 #include <sys/random.h> 46 #include <netinet/in.h> 47 #include <net/if.h> 48 #include <netinet/ip6.h> 49 #include <net/pfkeyv2.h> 50 51 #include <inet/common.h> 52 #include <inet/mi.h> 53 #include <inet/nd.h> 54 #include <inet/ip.h> 55 #include <inet/ip6.h> 56 #include <inet/sadb.h> 57 #include <inet/ipsec_info.h> 58 #include <inet/ipsec_impl.h> 59 #include <inet/ipsecesp.h> 60 #include <inet/ipdrop.h> 61 #include <inet/tcp.h> 62 #include <sys/kstat.h> 63 #include <sys/policy.h> 64 #include <sys/strsun.h> 65 #include <inet/udp_impl.h> 66 #include <sys/taskq.h> 67 68 #include <sys/iphada.h> 69 70 /* Packet dropper for ESP drops. */ 71 static ipdropper_t esp_dropper; 72 73 static kmutex_t ipsecesp_param_lock; /* Protects ipsecesp_param_arr[] below. */ 74 /* 75 * Table of ND variables supported by ipsecesp. These are loaded into 76 * ipsecesp_g_nd in ipsecesp_init_nd. 77 * All of these are alterable, within the min/max values given, at run time. 78 */ 79 static ipsecespparam_t ipsecesp_param_arr[] = { 80 /* min max value name */ 81 { 0, 3, 0, "ipsecesp_debug"}, 82 { 125, 32000, SADB_AGE_INTERVAL_DEFAULT, "ipsecesp_age_interval"}, 83 { 1, 10, 1, "ipsecesp_reap_delay"}, 84 { 1, SADB_MAX_REPLAY, 64, "ipsecesp_replay_size"}, 85 { 1, 300, 15, "ipsecesp_acquire_timeout"}, 86 { 1, 1800, 90, "ipsecesp_larval_timeout"}, 87 /* Default lifetime values for ACQUIRE messages. */ 88 { 0, 0xffffffffU, 0, "ipsecesp_default_soft_bytes"}, 89 { 0, 0xffffffffU, 0, "ipsecesp_default_hard_bytes"}, 90 { 0, 0xffffffffU, 24000, "ipsecesp_default_soft_addtime"}, 91 { 0, 0xffffffffU, 28800, "ipsecesp_default_hard_addtime"}, 92 { 0, 0xffffffffU, 0, "ipsecesp_default_soft_usetime"}, 93 { 0, 0xffffffffU, 0, "ipsecesp_default_hard_usetime"}, 94 { 0, 1, 0, "ipsecesp_log_unknown_spi"}, 95 { 0, 2, 1, "ipsecesp_padding_check"}, 96 }; 97 #define ipsecesp_debug ipsecesp_param_arr[0].ipsecesp_param_value 98 #define ipsecesp_age_interval ipsecesp_param_arr[1].ipsecesp_param_value 99 #define ipsecesp_age_int_max ipsecesp_param_arr[1].ipsecesp_param_max 100 #define ipsecesp_reap_delay ipsecesp_param_arr[2].ipsecesp_param_value 101 #define ipsecesp_replay_size ipsecesp_param_arr[3].ipsecesp_param_value 102 #define ipsecesp_acquire_timeout ipsecesp_param_arr[4].ipsecesp_param_value 103 #define ipsecesp_larval_timeout ipsecesp_param_arr[5].ipsecesp_param_value 104 #define ipsecesp_default_soft_bytes \ 105 ipsecesp_param_arr[6].ipsecesp_param_value 106 #define ipsecesp_default_hard_bytes \ 107 ipsecesp_param_arr[7].ipsecesp_param_value 108 #define ipsecesp_default_soft_addtime \ 109 ipsecesp_param_arr[8].ipsecesp_param_value 110 #define ipsecesp_default_hard_addtime \ 111 ipsecesp_param_arr[9].ipsecesp_param_value 112 #define ipsecesp_default_soft_usetime \ 113 ipsecesp_param_arr[10].ipsecesp_param_value 114 #define ipsecesp_default_hard_usetime \ 115 ipsecesp_param_arr[11].ipsecesp_param_value 116 #define ipsecesp_log_unknown_spi \ 117 ipsecesp_param_arr[12].ipsecesp_param_value 118 #define ipsecesp_padding_check \ 119 ipsecesp_param_arr[13].ipsecesp_param_value 120 121 #define esp0dbg(a) printf a 122 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */ 123 #define esp1dbg(a) if (ipsecesp_debug != 0) printf a 124 #define esp2dbg(a) if (ipsecesp_debug > 1) printf a 125 #define esp3dbg(a) if (ipsecesp_debug > 2) printf a 126 127 static IDP ipsecesp_g_nd; 128 129 static int ipsecesp_open(queue_t *, dev_t *, int, int, cred_t *); 130 static int ipsecesp_close(queue_t *); 131 static void ipsecesp_rput(queue_t *, mblk_t *); 132 static void ipsecesp_wput(queue_t *, mblk_t *); 133 static void esp_send_acquire(ipsacq_t *, mblk_t *); 134 135 static ipsec_status_t esp_outbound_accelerated(mblk_t *, uint_t); 136 static ipsec_status_t esp_inbound_accelerated(mblk_t *, mblk_t *, 137 boolean_t, ipsa_t *); 138 139 static boolean_t esp_register_out(uint32_t, uint32_t, uint_t); 140 static boolean_t esp_strip_header(mblk_t *, boolean_t, uint32_t, 141 kstat_named_t **); 142 static ipsec_status_t esp_submit_req_inbound(mblk_t *, ipsa_t *, uint_t); 143 static ipsec_status_t esp_submit_req_outbound(mblk_t *, ipsa_t *, uchar_t *, 144 uint_t); 145 146 static struct module_info info = { 147 5137, "ipsecesp", 0, INFPSZ, 65536, 1024 148 }; 149 150 static struct qinit rinit = { 151 (pfi_t)ipsecesp_rput, NULL, ipsecesp_open, ipsecesp_close, NULL, &info, 152 NULL 153 }; 154 155 static struct qinit winit = { 156 (pfi_t)ipsecesp_wput, NULL, ipsecesp_open, ipsecesp_close, NULL, &info, 157 NULL 158 }; 159 160 struct streamtab ipsecespinfo = { 161 &rinit, &winit, NULL, NULL 162 }; 163 164 /* 165 * Keysock instance of ESP. "There can be only one." :) 166 * Use casptr() on this because I don't set it until KEYSOCK_HELLO comes down. 167 * Paired up with the esp_pfkey_q is the esp_event, which will age SAs. 168 */ 169 static queue_t *esp_pfkey_q; 170 static timeout_id_t esp_event; 171 static taskq_t *esp_taskq; 172 173 /* 174 * OTOH, this one is set at open/close, and I'm D_MTQPAIR for now. 175 * 176 * Question: Do I need this, given that all instance's esps->esps_wq point 177 * to IP? 178 * 179 * Answer: Yes, because I need to know which queue is BOUND to 180 * IPPROTO_ESP 181 */ 182 static mblk_t *esp_ip_unbind; 183 184 /* 185 * Stats. This may eventually become a full-blown SNMP MIB once that spec 186 * stabilizes. 187 */ 188 189 typedef struct { 190 kstat_named_t esp_stat_num_aalgs; 191 kstat_named_t esp_stat_good_auth; 192 kstat_named_t esp_stat_bad_auth; 193 kstat_named_t esp_stat_bad_padding; 194 kstat_named_t esp_stat_replay_failures; 195 kstat_named_t esp_stat_replay_early_failures; 196 kstat_named_t esp_stat_keysock_in; 197 kstat_named_t esp_stat_out_requests; 198 kstat_named_t esp_stat_acquire_requests; 199 kstat_named_t esp_stat_bytes_expired; 200 kstat_named_t esp_stat_out_discards; 201 kstat_named_t esp_stat_in_accelerated; 202 kstat_named_t esp_stat_out_accelerated; 203 kstat_named_t esp_stat_noaccel; 204 kstat_named_t esp_stat_crypto_sync; 205 kstat_named_t esp_stat_crypto_async; 206 kstat_named_t esp_stat_crypto_failures; 207 kstat_named_t esp_stat_num_ealgs; 208 kstat_named_t esp_stat_bad_decrypt; 209 } esp_kstats_t; 210 211 uint32_t esp_hash_size = IPSEC_DEFAULT_HASH_SIZE; 212 #define ESP_BUMP_STAT(x) (esp_kstats->esp_stat_ ## x).value.ui64++ 213 #define ESP_DEBUMP_STAT(x) (esp_kstats->esp_stat_ ## x).value.ui64-- 214 215 static kstat_t *esp_ksp; 216 static esp_kstats_t *esp_kstats; 217 218 static int esp_kstat_update(kstat_t *, int); 219 220 static boolean_t 221 esp_kstat_init(void) 222 { 223 esp_ksp = kstat_create("ipsecesp", 0, "esp_stat", "net", 224 KSTAT_TYPE_NAMED, sizeof (*esp_kstats) / sizeof (kstat_named_t), 225 KSTAT_FLAG_PERSISTENT); 226 227 if (esp_ksp == NULL) 228 return (B_FALSE); 229 230 esp_kstats = esp_ksp->ks_data; 231 232 esp_ksp->ks_update = esp_kstat_update; 233 234 #define K64 KSTAT_DATA_UINT64 235 #define KI(x) kstat_named_init(&(esp_kstats->esp_stat_##x), #x, K64) 236 237 KI(num_aalgs); 238 KI(num_ealgs); 239 KI(good_auth); 240 KI(bad_auth); 241 KI(bad_padding); 242 KI(replay_failures); 243 KI(replay_early_failures); 244 KI(keysock_in); 245 KI(out_requests); 246 KI(acquire_requests); 247 KI(bytes_expired); 248 KI(out_discards); 249 KI(in_accelerated); 250 KI(out_accelerated); 251 KI(noaccel); 252 KI(crypto_sync); 253 KI(crypto_async); 254 KI(crypto_failures); 255 KI(bad_decrypt); 256 257 #undef KI 258 #undef K64 259 260 kstat_install(esp_ksp); 261 262 return (B_TRUE); 263 } 264 265 static int 266 esp_kstat_update(kstat_t *kp, int rw) 267 { 268 esp_kstats_t *ekp; 269 270 if ((kp == NULL) || (kp->ks_data == NULL)) 271 return (EIO); 272 273 if (rw == KSTAT_WRITE) 274 return (EACCES); 275 276 ASSERT(kp == esp_ksp); 277 ekp = (esp_kstats_t *)kp->ks_data; 278 ASSERT(ekp == esp_kstats); 279 280 mutex_enter(&alg_lock); 281 ekp->esp_stat_num_aalgs.value.ui64 = ipsec_nalgs[IPSEC_ALG_AUTH]; 282 ekp->esp_stat_num_ealgs.value.ui64 = ipsec_nalgs[IPSEC_ALG_ENCR]; 283 mutex_exit(&alg_lock); 284 285 return (0); 286 } 287 288 #ifdef DEBUG 289 /* 290 * Debug routine, useful to see pre-encryption data. 291 */ 292 static char * 293 dump_msg(mblk_t *mp) 294 { 295 char tmp_str[3], tmp_line[256]; 296 297 while (mp != NULL) { 298 unsigned char *ptr; 299 300 printf("mblk address 0x%p, length %ld, db_ref %d " 301 "type %d, base 0x%p, lim 0x%p\n", 302 (void *) mp, (long)(mp->b_wptr - mp->b_rptr), 303 mp->b_datap->db_ref, mp->b_datap->db_type, 304 (void *)mp->b_datap->db_base, (void *)mp->b_datap->db_lim); 305 ptr = mp->b_rptr; 306 307 tmp_line[0] = '\0'; 308 while (ptr < mp->b_wptr) { 309 uint_t diff; 310 311 diff = (ptr - mp->b_rptr); 312 if (!(diff & 0x1f)) { 313 if (strlen(tmp_line) > 0) { 314 printf("bytes: %s\n", tmp_line); 315 tmp_line[0] = '\0'; 316 } 317 } 318 if (!(diff & 0x3)) 319 (void) strcat(tmp_line, " "); 320 (void) sprintf(tmp_str, "%02x", *ptr); 321 (void) strcat(tmp_line, tmp_str); 322 ptr++; 323 } 324 if (strlen(tmp_line) > 0) 325 printf("bytes: %s\n", tmp_line); 326 327 mp = mp->b_cont; 328 } 329 330 return ("\n"); 331 } 332 333 #else /* DEBUG */ 334 static char * 335 dump_msg(mblk_t *mp) 336 { 337 printf("Find value of mp %p.\n", mp); 338 return ("\n"); 339 } 340 #endif /* DEBUG */ 341 342 /* 343 * Don't have to lock age_interval, as only one thread will access it at 344 * a time, because I control the one function that does with timeout(). 345 */ 346 /* ARGSUSED */ 347 static void 348 esp_ager(void *ignoreme) 349 { 350 hrtime_t begin = gethrtime(); 351 352 sadb_ager(&esp_sadb.s_v4, esp_pfkey_q, esp_sadb.s_ip_q, 353 ipsecesp_reap_delay); 354 sadb_ager(&esp_sadb.s_v6, esp_pfkey_q, esp_sadb.s_ip_q, 355 ipsecesp_reap_delay); 356 357 esp_event = sadb_retimeout(begin, esp_pfkey_q, esp_ager, 358 &(ipsecesp_age_interval), ipsecesp_age_int_max, info.mi_idnum); 359 } 360 361 /* 362 * Get an ESP NDD parameter. 363 */ 364 /* ARGSUSED */ 365 static int 366 ipsecesp_param_get(q, mp, cp, cr) 367 queue_t *q; 368 mblk_t *mp; 369 caddr_t cp; 370 cred_t *cr; 371 { 372 ipsecespparam_t *ipsecesppa = (ipsecespparam_t *)cp; 373 uint_t value; 374 375 mutex_enter(&ipsecesp_param_lock); 376 value = ipsecesppa->ipsecesp_param_value; 377 mutex_exit(&ipsecesp_param_lock); 378 379 (void) mi_mpprintf(mp, "%u", value); 380 return (0); 381 } 382 383 /* 384 * This routine sets an NDD variable in a ipsecespparam_t structure. 385 */ 386 /* ARGSUSED */ 387 static int 388 ipsecesp_param_set(q, mp, value, cp, cr) 389 queue_t *q; 390 mblk_t *mp; 391 char *value; 392 caddr_t cp; 393 cred_t *cr; 394 { 395 ulong_t new_value; 396 ipsecespparam_t *ipsecesppa = (ipsecespparam_t *)cp; 397 398 /* 399 * Fail the request if the new value does not lie within the 400 * required bounds. 401 */ 402 if (ddi_strtoul(value, NULL, 10, &new_value) != 0 || 403 new_value < ipsecesppa->ipsecesp_param_min || 404 new_value > ipsecesppa->ipsecesp_param_max) { 405 return (EINVAL); 406 } 407 408 /* Set the new value */ 409 mutex_enter(&ipsecesp_param_lock); 410 ipsecesppa->ipsecesp_param_value = new_value; 411 mutex_exit(&ipsecesp_param_lock); 412 return (0); 413 } 414 415 /* 416 * Using lifetime NDD variables, fill in an extended combination's 417 * lifetime information. 418 */ 419 void 420 ipsecesp_fill_defs(sadb_x_ecomb_t *ecomb) 421 { 422 ecomb->sadb_x_ecomb_soft_bytes = ipsecesp_default_soft_bytes; 423 ecomb->sadb_x_ecomb_hard_bytes = ipsecesp_default_hard_bytes; 424 ecomb->sadb_x_ecomb_soft_addtime = ipsecesp_default_soft_addtime; 425 ecomb->sadb_x_ecomb_hard_addtime = ipsecesp_default_hard_addtime; 426 ecomb->sadb_x_ecomb_soft_usetime = ipsecesp_default_soft_usetime; 427 ecomb->sadb_x_ecomb_hard_usetime = ipsecesp_default_hard_usetime; 428 } 429 430 /* 431 * Initialize things for ESP at module load time. 432 */ 433 boolean_t 434 ipsecesp_ddi_init(void) 435 { 436 int count; 437 ipsecespparam_t *espp = ipsecesp_param_arr; 438 439 for (count = A_CNT(ipsecesp_param_arr); count-- > 0; espp++) { 440 if (espp->ipsecesp_param_name != NULL && 441 espp->ipsecesp_param_name[0]) { 442 if (!nd_load(&ipsecesp_g_nd, espp->ipsecesp_param_name, 443 ipsecesp_param_get, ipsecesp_param_set, 444 (caddr_t)espp)) { 445 nd_free(&ipsecesp_g_nd); 446 return (B_FALSE); 447 } 448 } 449 } 450 451 if (!esp_kstat_init()) { 452 nd_free(&ipsecesp_g_nd); 453 return (B_FALSE); 454 } 455 456 esp_sadb.s_acquire_timeout = &ipsecesp_acquire_timeout; 457 esp_sadb.s_acqfn = esp_send_acquire; 458 sadbp_init("ESP", &esp_sadb, SADB_SATYPE_ESP, esp_hash_size); 459 460 esp_taskq = taskq_create("esp_taskq", 1, minclsyspri, 461 IPSEC_TASKQ_MIN, IPSEC_TASKQ_MAX, 0); 462 463 mutex_init(&ipsecesp_param_lock, NULL, MUTEX_DEFAULT, 0); 464 465 ip_drop_register(&esp_dropper, "IPsec ESP"); 466 467 return (B_TRUE); 468 } 469 470 /* 471 * Destroy things for ESP at module unload time. 472 */ 473 void 474 ipsecesp_ddi_destroy(void) 475 { 476 esp1dbg(("In ipsecesp_ddi_destroy.\n")); 477 478 sadbp_destroy(&esp_sadb); 479 ip_drop_unregister(&esp_dropper); 480 taskq_destroy(esp_taskq); 481 mutex_destroy(&ipsecesp_param_lock); 482 nd_free(&ipsecesp_g_nd); 483 kstat_delete(esp_ksp); 484 } 485 486 /* 487 * ESP module open routine. 488 */ 489 /* ARGSUSED */ 490 static int 491 ipsecesp_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp) 492 { 493 if (secpolicy_net_config(credp, B_FALSE) != 0) { 494 esp1dbg(("Non-privileged user trying to open ipsecesp.\n")); 495 return (EPERM); 496 } 497 498 if (q->q_ptr != NULL) 499 return (0); /* Re-open of an already open instance. */ 500 501 if (sflag != MODOPEN) 502 return (EINVAL); 503 504 /* 505 * ASSUMPTIONS (because I'm MT_OCEXCL): 506 * 507 * * I'm being pushed on top of IP for all my opens (incl. #1). 508 * * Only ipsecesp_open() can write into esp_sadb.s_ip_q. 509 * * Because of this, I can check lazily for esp_sadb.s_ip_q. 510 * 511 * If these assumptions are wrong, I'm in BIG trouble... 512 */ 513 514 q->q_ptr = q; /* just so I know I'm open */ 515 516 if (esp_sadb.s_ip_q == NULL) { 517 struct T_unbind_req *tur; 518 519 esp_sadb.s_ip_q = WR(q); 520 /* Allocate an unbind... */ 521 esp_ip_unbind = allocb(sizeof (struct T_unbind_req), BPRI_HI); 522 523 /* 524 * Send down T_BIND_REQ to bind IPPROTO_ESP. 525 * Handle the ACK here in ESP. 526 */ 527 qprocson(q); 528 if (esp_ip_unbind == NULL || 529 !sadb_t_bind_req(esp_sadb.s_ip_q, IPPROTO_ESP)) { 530 if (esp_ip_unbind != NULL) { 531 freeb(esp_ip_unbind); 532 esp_ip_unbind = NULL; 533 } 534 q->q_ptr = NULL; 535 return (ENOMEM); 536 } 537 538 esp_ip_unbind->b_datap->db_type = M_PROTO; 539 tur = (struct T_unbind_req *)esp_ip_unbind->b_rptr; 540 tur->PRIM_type = T_UNBIND_REQ; 541 } else { 542 qprocson(q); 543 } 544 545 /* 546 * For now, there's not much I can do. I'll be getting a message 547 * passed down to me from keysock (in my wput), and a T_BIND_ACK 548 * up from IP (in my rput). 549 */ 550 551 return (0); 552 } 553 554 /* 555 * ESP module close routine. 556 */ 557 static int 558 ipsecesp_close(queue_t *q) 559 { 560 /* 561 * If esp_sadb.s_ip_q is attached to this instance, send a 562 * T_UNBIND_REQ to IP for the instance before doing 563 * a qprocsoff(). 564 */ 565 if (WR(q) == esp_sadb.s_ip_q && esp_ip_unbind != NULL) { 566 putnext(WR(q), esp_ip_unbind); 567 esp_ip_unbind = NULL; 568 } 569 570 /* 571 * Clean up q_ptr, if needed. 572 */ 573 qprocsoff(q); 574 575 /* Keysock queue check is safe, because of OCEXCL perimeter. */ 576 577 if (q == esp_pfkey_q) { 578 esp0dbg(("ipsecesp_close: Ummm... keysock is closing ESP.\n")); 579 esp_pfkey_q = NULL; 580 /* Detach qtimeouts. */ 581 (void) quntimeout(q, esp_event); 582 } 583 584 if (WR(q) == esp_sadb.s_ip_q) { 585 /* 586 * If the esp_sadb.s_ip_q is attached to this instance, find 587 * another. The OCEXCL outer perimeter helps us here. 588 */ 589 esp_sadb.s_ip_q = NULL; 590 591 /* 592 * Find a replacement queue for esp_sadb.s_ip_q. 593 */ 594 if (esp_pfkey_q != NULL && esp_pfkey_q != RD(q)) { 595 /* 596 * See if we can use the pfkey_q. 597 */ 598 esp_sadb.s_ip_q = WR(esp_pfkey_q); 599 } 600 601 if (esp_sadb.s_ip_q == NULL || 602 !sadb_t_bind_req(esp_sadb.s_ip_q, IPPROTO_ESP)) { 603 esp1dbg(("ipsecesp: Can't reassign ip_q.\n")); 604 esp_sadb.s_ip_q = NULL; 605 } else { 606 esp_ip_unbind = allocb(sizeof (struct T_unbind_req), 607 BPRI_HI); 608 609 if (esp_ip_unbind != NULL) { 610 struct T_unbind_req *tur; 611 612 esp_ip_unbind->b_datap->db_type = M_PROTO; 613 tur = (struct T_unbind_req *) 614 esp_ip_unbind->b_rptr; 615 tur->PRIM_type = T_UNBIND_REQ; 616 } 617 /* If it's NULL, I can't do much here. */ 618 } 619 } 620 621 return (0); 622 } 623 624 /* 625 * Add a number of bytes to what the SA has protected so far. Return 626 * B_TRUE if the SA can still protect that many bytes. 627 * 628 * Caller must REFRELE the passed-in assoc. This function must REFRELE 629 * any obtained peer SA. 630 */ 631 static boolean_t 632 esp_age_bytes(ipsa_t *assoc, uint64_t bytes, boolean_t inbound) 633 { 634 ipsa_t *inassoc, *outassoc; 635 isaf_t *bucket; 636 boolean_t inrc, outrc, isv6; 637 sadb_t *sp; 638 int outhash; 639 640 /* No peer? No problem! */ 641 if (!assoc->ipsa_haspeer) { 642 return (sadb_age_bytes(esp_pfkey_q, assoc, bytes, 643 B_TRUE)); 644 } 645 646 /* 647 * Otherwise, we want to grab both the original assoc and its peer. 648 * There might be a race for this, but if it's a real race, two 649 * expire messages may occur. We limit this by only sending the 650 * expire message on one of the peers, we'll pick the inbound 651 * arbitrarily. 652 * 653 * If we need tight synchronization on the peer SA, then we need to 654 * reconsider. 655 */ 656 657 /* Use address length to select IPv6/IPv4 */ 658 isv6 = (assoc->ipsa_addrfam == AF_INET6); 659 sp = isv6 ? &esp_sadb.s_v6 : &esp_sadb.s_v4; 660 661 if (inbound) { 662 inassoc = assoc; 663 if (isv6) { 664 outhash = OUTBOUND_HASH_V6(sp, *((in6_addr_t *) 665 &inassoc->ipsa_dstaddr)); 666 } else { 667 outhash = OUTBOUND_HASH_V4(sp, *((ipaddr_t *) 668 &inassoc->ipsa_dstaddr)); 669 } 670 bucket = &sp->sdb_of[outhash]; 671 mutex_enter(&bucket->isaf_lock); 672 outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi, 673 inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr, 674 inassoc->ipsa_addrfam); 675 mutex_exit(&bucket->isaf_lock); 676 if (outassoc == NULL) { 677 /* Q: Do we wish to set haspeer == B_FALSE? */ 678 esp0dbg(("esp_age_bytes: " 679 "can't find peer for inbound.\n")); 680 return (sadb_age_bytes(esp_pfkey_q, inassoc, 681 bytes, B_TRUE)); 682 } 683 } else { 684 outassoc = assoc; 685 bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi); 686 mutex_enter(&bucket->isaf_lock); 687 inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi, 688 outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr, 689 outassoc->ipsa_addrfam); 690 mutex_exit(&bucket->isaf_lock); 691 if (inassoc == NULL) { 692 /* Q: Do we wish to set haspeer == B_FALSE? */ 693 esp0dbg(("esp_age_bytes: " 694 "can't find peer for outbound.\n")); 695 return (sadb_age_bytes(esp_pfkey_q, outassoc, 696 bytes, B_TRUE)); 697 } 698 } 699 700 inrc = sadb_age_bytes(esp_pfkey_q, inassoc, bytes, B_TRUE); 701 outrc = sadb_age_bytes(esp_pfkey_q, outassoc, bytes, B_FALSE); 702 703 /* 704 * REFRELE any peer SA. 705 * 706 * Because of the multi-line macro nature of IPSA_REFRELE, keep 707 * them in { }. 708 */ 709 if (inbound) { 710 IPSA_REFRELE(outassoc); 711 } else { 712 IPSA_REFRELE(inassoc); 713 } 714 715 return (inrc && outrc); 716 } 717 718 /* 719 * Do incoming NAT-T manipulations for packet. 720 */ 721 static ipsec_status_t 722 esp_fix_natt_checksums(mblk_t *data_mp, ipsa_t *assoc) 723 { 724 ipha_t *ipha = (ipha_t *)data_mp->b_rptr; 725 tcpha_t *tcph; 726 udpha_t *udpha; 727 /* Initialize to our inbound cksum adjustment... */ 728 uint32_t sum = assoc->ipsa_inbound_cksum; 729 730 switch (ipha->ipha_protocol) { 731 case IPPROTO_TCP: 732 tcph = (tcpha_t *)(data_mp->b_rptr + 733 IPH_HDR_LENGTH(ipha)); 734 735 #define DOWN_SUM(x) (x) = ((x) & 0xFFFF) + ((x) >> 16) 736 sum += ~ntohs(tcph->tha_sum) & 0xFFFF; 737 DOWN_SUM(sum); 738 DOWN_SUM(sum); 739 tcph->tha_sum = ~htons(sum); 740 break; 741 case IPPROTO_UDP: 742 udpha = (udpha_t *)(data_mp->b_rptr + IPH_HDR_LENGTH(ipha)); 743 744 if (udpha->uha_checksum != 0) { 745 /* Adujst if the inbound one was not zero. */ 746 sum += ~ntohs(udpha->uha_checksum) & 0xFFFF; 747 DOWN_SUM(sum); 748 DOWN_SUM(sum); 749 udpha->uha_checksum = ~htons(sum); 750 if (udpha->uha_checksum == 0) 751 udpha->uha_checksum = 0xFFFF; 752 } 753 #undef DOWN_SUM 754 break; 755 case IPPROTO_IP: 756 /* 757 * This case is only an issue for self-encapsulated 758 * packets. So for now, fall through. 759 */ 760 break; 761 } 762 return (IPSEC_STATUS_SUCCESS); 763 } 764 765 766 /* 767 * Strip ESP header and fix IP header 768 * Returns B_TRUE on success, B_FALSE if an error occured. 769 */ 770 static boolean_t 771 esp_strip_header(mblk_t *data_mp, boolean_t isv4, uint32_t ivlen, 772 kstat_named_t **counter) 773 { 774 ipha_t *ipha; 775 ip6_t *ip6h; 776 uint_t divpoint; 777 mblk_t *scratch; 778 uint8_t nexthdr, padlen; 779 uint8_t lastpad; 780 781 /* 782 * Strip ESP data and fix IP header. 783 * 784 * XXX In case the beginning of esp_inbound() changes to not do a 785 * pullup, this part of the code can remain unchanged. 786 */ 787 if (isv4) { 788 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (ipha_t)); 789 ipha = (ipha_t *)data_mp->b_rptr; 790 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (esph_t) + 791 IPH_HDR_LENGTH(ipha)); 792 divpoint = IPH_HDR_LENGTH(ipha); 793 } else { 794 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (ip6_t)); 795 ip6h = (ip6_t *)data_mp->b_rptr; 796 divpoint = ip_hdr_length_v6(data_mp, ip6h); 797 } 798 799 scratch = data_mp; 800 while (scratch->b_cont != NULL) 801 scratch = scratch->b_cont; 802 803 ASSERT((scratch->b_wptr - scratch->b_rptr) >= 3); 804 805 /* 806 * "Next header" and padding length are the last two bytes in the 807 * ESP-protected datagram, thus the explicit - 1 and - 2. 808 * lastpad is the last byte of the padding, which can be used for 809 * a quick check to see if the padding is correct. 810 */ 811 nexthdr = *(scratch->b_wptr - 1); 812 padlen = *(scratch->b_wptr - 2); 813 lastpad = *(scratch->b_wptr - 3); 814 815 if (isv4) { 816 /* Fix part of the IP header. */ 817 ipha->ipha_protocol = nexthdr; 818 /* 819 * Reality check the padlen. The explicit - 2 is for the 820 * padding length and the next-header bytes. 821 */ 822 if (padlen >= ntohs(ipha->ipha_length) - sizeof (ipha_t) - 2 - 823 sizeof (esph_t) - ivlen) { 824 ESP_BUMP_STAT(bad_decrypt); 825 ipsec_rl_strlog(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 826 "Possibly corrupt ESP packet."); 827 esp1dbg(("padlen (%d) is greater than:\n", padlen)); 828 esp1dbg(("pkt len(%d) - ip hdr - esp hdr - ivlen(%d) " 829 "= %d.\n", ntohs(ipha->ipha_length), ivlen, 830 (int)(ntohs(ipha->ipha_length) - sizeof (ipha_t) - 831 2 - sizeof (esph_t) - ivlen))); 832 *counter = &ipdrops_esp_bad_padlen; 833 return (B_FALSE); 834 } 835 836 /* 837 * Fix the rest of the header. The explicit - 2 is for the 838 * padding length and the next-header bytes. 839 */ 840 ipha->ipha_length = htons(ntohs(ipha->ipha_length) - padlen - 841 2 - sizeof (esph_t) - ivlen); 842 ipha->ipha_hdr_checksum = 0; 843 ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha); 844 } else { 845 if (ip6h->ip6_nxt == IPPROTO_ESP) { 846 ip6h->ip6_nxt = nexthdr; 847 } else { 848 ip6_pkt_t ipp; 849 850 bzero(&ipp, sizeof (ipp)); 851 (void) ip_find_hdr_v6(data_mp, ip6h, &ipp, NULL); 852 if (ipp.ipp_dstopts != NULL) { 853 ipp.ipp_dstopts->ip6d_nxt = nexthdr; 854 } else if (ipp.ipp_rthdr != NULL) { 855 ipp.ipp_rthdr->ip6r_nxt = nexthdr; 856 } else if (ipp.ipp_hopopts != NULL) { 857 ipp.ipp_hopopts->ip6h_nxt = nexthdr; 858 } else { 859 /* Panic a DEBUG kernel. */ 860 ASSERT(ipp.ipp_hopopts != NULL); 861 /* Otherwise, pretend it's IP + ESP. */ 862 cmn_err(CE_WARN, "ESP IPv6 headers wrong.\n"); 863 ip6h->ip6_nxt = nexthdr; 864 } 865 } 866 867 if (padlen >= ntohs(ip6h->ip6_plen) - 2 - sizeof (esph_t) - 868 ivlen) { 869 ESP_BUMP_STAT(bad_decrypt); 870 ipsec_rl_strlog(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 871 "Possibly corrupt ESP packet."); 872 esp1dbg(("padlen (%d) is greater than:\n", padlen)); 873 esp1dbg(("pkt len(%u) - ip hdr - esp hdr - ivlen(%d)" 874 " = %u.\n", (unsigned)(ntohs(ip6h->ip6_plen) 875 + sizeof (ip6_t)), ivlen, 876 (unsigned)(ntohs(ip6h->ip6_plen) - 2 - 877 sizeof (esph_t) - ivlen))); 878 *counter = &ipdrops_esp_bad_padlen; 879 return (B_FALSE); 880 } 881 882 883 /* 884 * Fix the rest of the header. The explicit - 2 is for the 885 * padding length and the next-header bytes. IPv6 is nice, 886 * because there's no hdr checksum! 887 */ 888 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - padlen - 889 2 - sizeof (esph_t) - ivlen); 890 } 891 892 if (ipsecesp_padding_check > 0 && 893 padlen != lastpad && padlen != 0) { 894 ipsec_rl_strlog(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 895 "Possibly corrupt ESP packet."); 896 esp1dbg(("lastpad (%d) not equal to padlen (%d):\n", 897 lastpad, padlen)); 898 ESP_BUMP_STAT(bad_padding); 899 *counter = &ipdrops_esp_bad_padding; 900 return (B_FALSE); 901 } 902 903 if (ipsecesp_padding_check > 1) { 904 uint8_t *last = (uint8_t *)(scratch->b_wptr - 3); 905 uint8_t lastval = *last; 906 907 /* 908 * this assert may have to become an if 909 * and a pullup if we start accepting 910 * multi-dblk mblks. Any packet here will 911 * have been pulled up in esp_inbound. 912 */ 913 ASSERT(MBLKL(scratch) >= lastval + 3); 914 915 while (lastval != 0) { 916 if (lastval != *last) { 917 ipsec_rl_strlog(info.mi_idnum, 0, 0, 918 SL_ERROR | SL_WARN, 919 "Possibly corrupt ESP packet."); 920 esp1dbg(("padding not in correct" 921 " format:\n")); 922 ESP_BUMP_STAT(bad_padding); 923 *counter = &ipdrops_esp_bad_padding; 924 return (B_FALSE); 925 } 926 lastval--; last--; 927 } 928 } 929 930 /* Trim off the padding. */ 931 ASSERT(data_mp->b_cont == NULL); 932 data_mp->b_wptr -= (padlen + 2); 933 934 /* 935 * Remove the ESP header. 936 * 937 * The above assertions about data_mp's size will make this work. 938 * 939 * XXX Question: If I send up and get back a contiguous mblk, 940 * would it be quicker to bcopy over, or keep doing the dupb stuff? 941 * I go with copying for now. 942 */ 943 944 if (IS_P2ALIGNED(data_mp->b_rptr, sizeof (uint32_t)) && 945 IS_P2ALIGNED(ivlen, sizeof (uint32_t))) { 946 uint8_t *start = data_mp->b_rptr; 947 uint32_t *src, *dst; 948 949 src = (uint32_t *)(start + divpoint); 950 dst = (uint32_t *)(start + divpoint + sizeof (esph_t) + ivlen); 951 952 ASSERT(IS_P2ALIGNED(dst, sizeof (uint32_t)) && 953 IS_P2ALIGNED(src, sizeof (uint32_t))); 954 955 do { 956 src--; 957 dst--; 958 *dst = *src; 959 } while (src != (uint32_t *)start); 960 961 data_mp->b_rptr = (uchar_t *)dst; 962 } else { 963 uint8_t *start = data_mp->b_rptr; 964 uint8_t *src, *dst; 965 966 src = start + divpoint; 967 dst = src + sizeof (esph_t) + ivlen; 968 969 do { 970 src--; 971 dst--; 972 *dst = *src; 973 } while (src != start); 974 975 data_mp->b_rptr = dst; 976 } 977 978 esp2dbg(("data_mp after inbound ESP adjustment:\n")); 979 esp2dbg((dump_msg(data_mp))); 980 981 return (B_TRUE); 982 } 983 984 /* 985 * Updating use times can be tricky business if the ipsa_haspeer flag is 986 * set. This function is called once in an SA's lifetime. 987 * 988 * Caller has to REFRELE "assoc" which is passed in. This function has 989 * to REFRELE any peer SA that is obtained. 990 */ 991 static void 992 esp_set_usetime(ipsa_t *assoc, boolean_t inbound) 993 { 994 ipsa_t *inassoc, *outassoc; 995 isaf_t *bucket; 996 sadb_t *sp; 997 int outhash; 998 boolean_t isv6; 999 1000 /* No peer? No problem! */ 1001 if (!assoc->ipsa_haspeer) { 1002 sadb_set_usetime(assoc); 1003 return; 1004 } 1005 1006 /* 1007 * Otherwise, we want to grab both the original assoc and its peer. 1008 * There might be a race for this, but if it's a real race, the times 1009 * will be out-of-synch by at most a second, and since our time 1010 * granularity is a second, this won't be a problem. 1011 * 1012 * If we need tight synchronization on the peer SA, then we need to 1013 * reconsider. 1014 */ 1015 1016 /* Use address length to select IPv6/IPv4 */ 1017 isv6 = (assoc->ipsa_addrfam == AF_INET6); 1018 sp = isv6 ? &esp_sadb.s_v6 : &esp_sadb.s_v4; 1019 1020 if (inbound) { 1021 inassoc = assoc; 1022 if (isv6) { 1023 outhash = OUTBOUND_HASH_V6(sp, *((in6_addr_t *) 1024 &inassoc->ipsa_dstaddr)); 1025 } else { 1026 outhash = OUTBOUND_HASH_V4(sp, *((ipaddr_t *) 1027 &inassoc->ipsa_dstaddr)); 1028 } 1029 bucket = &sp->sdb_of[outhash]; 1030 mutex_enter(&bucket->isaf_lock); 1031 outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi, 1032 inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr, 1033 inassoc->ipsa_addrfam); 1034 mutex_exit(&bucket->isaf_lock); 1035 if (outassoc == NULL) { 1036 /* Q: Do we wish to set haspeer == B_FALSE? */ 1037 esp0dbg(("esp_set_usetime: " 1038 "can't find peer for inbound.\n")); 1039 sadb_set_usetime(inassoc); 1040 return; 1041 } 1042 } else { 1043 outassoc = assoc; 1044 bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi); 1045 mutex_enter(&bucket->isaf_lock); 1046 inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi, 1047 outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr, 1048 outassoc->ipsa_addrfam); 1049 mutex_exit(&bucket->isaf_lock); 1050 if (inassoc == NULL) { 1051 /* Q: Do we wish to set haspeer == B_FALSE? */ 1052 esp0dbg(("esp_set_usetime: " 1053 "can't find peer for outbound.\n")); 1054 sadb_set_usetime(outassoc); 1055 return; 1056 } 1057 } 1058 1059 /* Update usetime on both. */ 1060 sadb_set_usetime(inassoc); 1061 sadb_set_usetime(outassoc); 1062 1063 /* 1064 * REFRELE any peer SA. 1065 * 1066 * Because of the multi-line macro nature of IPSA_REFRELE, keep 1067 * them in { }. 1068 */ 1069 if (inbound) { 1070 IPSA_REFRELE(outassoc); 1071 } else { 1072 IPSA_REFRELE(inassoc); 1073 } 1074 } 1075 1076 /* 1077 * Handle ESP inbound data for IPv4 and IPv6. 1078 * On success returns B_TRUE, on failure returns B_FALSE and frees the 1079 * mblk chain ipsec_in_mp. 1080 */ 1081 ipsec_status_t 1082 esp_inbound(mblk_t *ipsec_in_mp, void *arg) 1083 { 1084 mblk_t *data_mp = ipsec_in_mp->b_cont; 1085 ipsec_in_t *ii = (ipsec_in_t *)ipsec_in_mp->b_rptr; 1086 esph_t *esph = (esph_t *)arg; 1087 ipsa_t *ipsa = ii->ipsec_in_esp_sa; 1088 1089 if (ipsa->ipsa_usetime == 0) 1090 esp_set_usetime(ipsa, B_TRUE); 1091 1092 /* 1093 * We may wish to check replay in-range-only here as an optimization. 1094 * Include the reality check of ipsa->ipsa_replay > 1095 * ipsa->ipsa_replay_wsize for times when it's the first N packets, 1096 * where N == ipsa->ipsa_replay_wsize. 1097 * 1098 * Another check that may come here later is the "collision" check. 1099 * If legitimate packets flow quickly enough, this won't be a problem, 1100 * but collisions may cause authentication algorithm crunching to 1101 * take place when it doesn't need to. 1102 */ 1103 if (!sadb_replay_peek(ipsa, esph->esph_replay)) { 1104 ESP_BUMP_STAT(replay_early_failures); 1105 IP_ESP_BUMP_STAT(in_discards); 1106 /* 1107 * TODO: Extract inbound interface from the IPSEC_IN 1108 * message's ii->ipsec_in_rill_index. 1109 */ 1110 ip_drop_packet(ipsec_in_mp, B_TRUE, NULL, NULL, 1111 &ipdrops_esp_early_replay, &esp_dropper); 1112 return (IPSEC_STATUS_FAILED); 1113 } 1114 1115 /* 1116 * Has this packet already been processed by a hardware 1117 * IPsec accelerator? 1118 */ 1119 if (ii->ipsec_in_accelerated) { 1120 ipsec_status_t rv; 1121 esp3dbg(("esp_inbound: pkt processed by ill=%d isv6=%d\n", 1122 ii->ipsec_in_ill_index, !ii->ipsec_in_v4)); 1123 rv = esp_inbound_accelerated(ipsec_in_mp, 1124 data_mp, ii->ipsec_in_v4, ipsa); 1125 return (rv); 1126 } 1127 ESP_BUMP_STAT(noaccel); 1128 1129 /* 1130 * Adjust the IP header's payload length to reflect the removal 1131 * of the ICV. 1132 */ 1133 if (!ii->ipsec_in_v4) { 1134 ip6_t *ip6h = (ip6_t *)data_mp->b_rptr; 1135 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - 1136 ipsa->ipsa_mac_len); 1137 } else { 1138 ipha_t *ipha = (ipha_t *)data_mp->b_rptr; 1139 ipha->ipha_length = htons(ntohs(ipha->ipha_length) - 1140 ipsa->ipsa_mac_len); 1141 } 1142 1143 /* submit the request to the crypto framework */ 1144 return (esp_submit_req_inbound(ipsec_in_mp, ipsa, 1145 (uint8_t *)esph - data_mp->b_rptr)); 1146 } 1147 1148 /* 1149 * Perform the really difficult work of inserting the proposed situation. 1150 * Called while holding the algorithm lock. 1151 */ 1152 static void 1153 esp_insert_prop(sadb_prop_t *prop, ipsacq_t *acqrec, uint_t combs) 1154 { 1155 sadb_comb_t *comb = (sadb_comb_t *)(prop + 1); 1156 ipsec_out_t *io; 1157 ipsec_action_t *ap; 1158 ipsec_prot_t *prot; 1159 1160 ASSERT(MUTEX_HELD(&alg_lock)); 1161 io = (ipsec_out_t *)acqrec->ipsacq_mp->b_rptr; 1162 ASSERT(io->ipsec_out_type == IPSEC_OUT); 1163 1164 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 1165 prop->sadb_prop_len = SADB_8TO64(sizeof (sadb_prop_t)); 1166 *(uint32_t *)(&prop->sadb_prop_replay) = 0; /* Quick zero-out! */ 1167 1168 prop->sadb_prop_replay = ipsecesp_replay_size; 1169 1170 /* 1171 * Based upon algorithm properties, and what-not, prioritize 1172 * a proposal. If the IPSEC_OUT message has an algorithm specified, 1173 * use it first and foremost. 1174 * 1175 * For each action in policy list 1176 * Add combination. If I've hit limit, return. 1177 */ 1178 1179 for (ap = acqrec->ipsacq_act; ap != NULL; 1180 ap = ap->ipa_next) { 1181 ipsec_alginfo_t *ealg = NULL; 1182 ipsec_alginfo_t *aalg = NULL; 1183 1184 if (ap->ipa_act.ipa_type != IPSEC_POLICY_APPLY) 1185 continue; 1186 1187 prot = &ap->ipa_act.ipa_apply; 1188 1189 if (!(prot->ipp_use_esp)) 1190 continue; 1191 1192 if (prot->ipp_esp_auth_alg != 0) { 1193 aalg = ipsec_alglists[IPSEC_ALG_AUTH] 1194 [prot->ipp_esp_auth_alg]; 1195 if (aalg == NULL || !ALG_VALID(aalg)) 1196 continue; 1197 } 1198 1199 ASSERT(prot->ipp_encr_alg > 0); 1200 ealg = ipsec_alglists[IPSEC_ALG_ENCR][prot->ipp_encr_alg]; 1201 if (ealg == NULL || !ALG_VALID(ealg)) 1202 continue; 1203 1204 comb->sadb_comb_flags = 0; 1205 comb->sadb_comb_reserved = 0; 1206 comb->sadb_comb_encrypt = ealg->alg_id; 1207 comb->sadb_comb_encrypt_minbits = prot->ipp_espe_minbits; 1208 comb->sadb_comb_encrypt_maxbits = prot->ipp_espe_maxbits; 1209 if (aalg == NULL) { 1210 comb->sadb_comb_auth = 0; 1211 comb->sadb_comb_auth_minbits = 0; 1212 comb->sadb_comb_auth_maxbits = 0; 1213 } else { 1214 comb->sadb_comb_auth = aalg->alg_id; 1215 comb->sadb_comb_auth_minbits = prot->ipp_espa_minbits; 1216 comb->sadb_comb_auth_maxbits = prot->ipp_espa_maxbits; 1217 } 1218 1219 /* 1220 * The following may be based on algorithm 1221 * properties, but in the meantime, we just pick 1222 * some good, sensible numbers. Key mgmt. can 1223 * (and perhaps should) be the place to finalize 1224 * such decisions. 1225 */ 1226 1227 /* 1228 * No limits on allocations, since we really don't 1229 * support that concept currently. 1230 */ 1231 comb->sadb_comb_soft_allocations = 0; 1232 comb->sadb_comb_hard_allocations = 0; 1233 1234 /* 1235 * These may want to come from policy rule.. 1236 */ 1237 comb->sadb_comb_soft_bytes = ipsecesp_default_soft_bytes; 1238 comb->sadb_comb_hard_bytes = ipsecesp_default_hard_bytes; 1239 comb->sadb_comb_soft_addtime = ipsecesp_default_soft_addtime; 1240 comb->sadb_comb_hard_addtime = ipsecesp_default_hard_addtime; 1241 comb->sadb_comb_soft_usetime = ipsecesp_default_soft_usetime; 1242 comb->sadb_comb_hard_usetime = ipsecesp_default_hard_usetime; 1243 1244 prop->sadb_prop_len += SADB_8TO64(sizeof (*comb)); 1245 if (--combs == 0) 1246 break; /* out of space.. */ 1247 comb++; 1248 } 1249 } 1250 1251 /* 1252 * Prepare and actually send the SADB_ACQUIRE message to PF_KEY. 1253 */ 1254 static void 1255 esp_send_acquire(ipsacq_t *acqrec, mblk_t *extended) 1256 { 1257 mblk_t *pfkeymp, *msgmp; 1258 uint_t allocsize, combs; 1259 sadb_msg_t *samsg; 1260 sadb_prop_t *prop; 1261 uint8_t *cur, *end; 1262 1263 ESP_BUMP_STAT(acquire_requests); 1264 1265 ASSERT(MUTEX_HELD(&acqrec->ipsacq_lock)); 1266 1267 pfkeymp = sadb_keysock_out(0); 1268 if (pfkeymp == NULL) { 1269 esp0dbg(("esp_send_acquire: 1st allocb() failed.\n")); 1270 /* Just bail. */ 1271 goto done; 1272 } 1273 1274 /* 1275 * First, allocate a basic ACQUIRE message. Beyond that, 1276 * you need to extract certificate info from 1277 */ 1278 allocsize = sizeof (sadb_msg_t) + sizeof (sadb_address_t) + 1279 sizeof (sadb_address_t) + sizeof (sadb_prop_t); 1280 1281 switch (acqrec->ipsacq_addrfam) { 1282 case AF_INET: 1283 allocsize += 2 * sizeof (struct sockaddr_in); 1284 break; 1285 case AF_INET6: 1286 allocsize += 2 * sizeof (struct sockaddr_in6); 1287 break; 1288 } 1289 1290 mutex_enter(&alg_lock); 1291 1292 combs = ipsec_nalgs[IPSEC_ALG_AUTH] * ipsec_nalgs[IPSEC_ALG_ENCR]; 1293 1294 allocsize += combs * sizeof (sadb_comb_t); 1295 1296 /* 1297 * XXX If there are: 1298 * certificate IDs 1299 * proxy address 1300 * <Others> 1301 * add additional allocation size. 1302 */ 1303 1304 msgmp = allocb(allocsize, BPRI_HI); 1305 if (msgmp == NULL) { 1306 esp0dbg(("esp_send_acquire: 2nd allocb() failed.\n")); 1307 /* Just bail. */ 1308 freemsg(pfkeymp); 1309 pfkeymp = NULL; 1310 goto done; 1311 } 1312 1313 cur = msgmp->b_rptr; 1314 end = cur + allocsize; 1315 samsg = (sadb_msg_t *)cur; 1316 pfkeymp->b_cont = msgmp; 1317 1318 /* Set up ACQUIRE. */ 1319 cur = sadb_setup_acquire(cur, end, acqrec); 1320 if (cur == NULL) { 1321 esp0dbg(("sadb_setup_acquire failed.\n")); 1322 /* Just bail. */ 1323 freemsg(pfkeymp); 1324 pfkeymp = NULL; 1325 goto done; 1326 } 1327 samsg->sadb_msg_satype = SADB_SATYPE_ESP; 1328 1329 /* XXX Insert proxy address information here. */ 1330 1331 /* XXX Insert identity information here. */ 1332 1333 /* XXXMLS Insert sensitivity information here. */ 1334 1335 /* Insert proposal here. */ 1336 1337 prop = (sadb_prop_t *)(((uint64_t *)samsg) + samsg->sadb_msg_len); 1338 esp_insert_prop(prop, acqrec, combs); 1339 samsg->sadb_msg_len += prop->sadb_prop_len; 1340 msgmp->b_wptr += SADB_64TO8(samsg->sadb_msg_len); 1341 1342 done: 1343 mutex_exit(&alg_lock); 1344 1345 /* 1346 * Must mutex_exit() before sending PF_KEY message up, in 1347 * order to avoid recursive mutex_enter() if there are no registered 1348 * listeners. 1349 * 1350 * Once I've sent the message, I'm cool anyway. 1351 */ 1352 mutex_exit(&acqrec->ipsacq_lock); 1353 if (esp_pfkey_q != NULL && pfkeymp != NULL) { 1354 if (extended != NULL) { 1355 putnext(esp_pfkey_q, extended); 1356 } 1357 putnext(esp_pfkey_q, pfkeymp); 1358 return; 1359 } 1360 /* XXX freemsg() works for extended == NULL. */ 1361 freemsg(extended); 1362 freemsg(pfkeymp); 1363 } 1364 1365 /* 1366 * Handle the SADB_GETSPI message. Create a larval SA. 1367 */ 1368 static void 1369 esp_getspi(mblk_t *mp, keysock_in_t *ksi) 1370 { 1371 ipsa_t *newbie, *target; 1372 isaf_t *outbound, *inbound; 1373 int rc, diagnostic; 1374 sadb_sa_t *assoc; 1375 keysock_out_t *kso; 1376 uint32_t newspi; 1377 1378 /* 1379 * Randomly generate a proposed SPI value 1380 */ 1381 (void) random_get_pseudo_bytes((uint8_t *)&newspi, sizeof (uint32_t)); 1382 newbie = sadb_getspi(ksi, newspi, &diagnostic); 1383 1384 if (newbie == NULL) { 1385 sadb_pfkey_error(esp_pfkey_q, mp, ENOMEM, diagnostic, 1386 ksi->ks_in_serial); 1387 return; 1388 } else if (newbie == (ipsa_t *)-1) { 1389 sadb_pfkey_error(esp_pfkey_q, mp, EINVAL, diagnostic, 1390 ksi->ks_in_serial); 1391 return; 1392 } 1393 1394 /* 1395 * XXX - We may randomly collide. We really should recover from this. 1396 * Unfortunately, that could require spending way-too-much-time 1397 * in here. For now, let the user retry. 1398 */ 1399 1400 if (newbie->ipsa_addrfam == AF_INET6) { 1401 outbound = OUTBOUND_BUCKET_V6(&esp_sadb.s_v6, 1402 *(uint32_t *)(newbie->ipsa_dstaddr)); 1403 inbound = INBOUND_BUCKET(&esp_sadb.s_v6, newbie->ipsa_spi); 1404 } else { 1405 ASSERT(newbie->ipsa_addrfam == AF_INET); 1406 outbound = OUTBOUND_BUCKET_V4(&esp_sadb.s_v4, 1407 *(uint32_t *)(newbie->ipsa_dstaddr)); 1408 inbound = INBOUND_BUCKET(&esp_sadb.s_v4, newbie->ipsa_spi); 1409 } 1410 1411 mutex_enter(&outbound->isaf_lock); 1412 mutex_enter(&inbound->isaf_lock); 1413 1414 /* 1415 * Check for collisions (i.e. did sadb_getspi() return with something 1416 * that already exists?). 1417 * 1418 * Try outbound first. Even though SADB_GETSPI is traditionally 1419 * for inbound SAs, you never know what a user might do. 1420 */ 1421 target = ipsec_getassocbyspi(outbound, newbie->ipsa_spi, 1422 newbie->ipsa_srcaddr, newbie->ipsa_dstaddr, newbie->ipsa_addrfam); 1423 if (target == NULL) { 1424 target = ipsec_getassocbyspi(inbound, newbie->ipsa_spi, 1425 newbie->ipsa_srcaddr, newbie->ipsa_dstaddr, 1426 newbie->ipsa_addrfam); 1427 } 1428 1429 /* 1430 * I don't have collisions elsewhere! 1431 * (Nor will I because I'm still holding inbound/outbound locks.) 1432 */ 1433 1434 if (target != NULL) { 1435 rc = EEXIST; 1436 IPSA_REFRELE(target); 1437 } else { 1438 /* 1439 * sadb_insertassoc() also checks for collisions, so 1440 * if there's a colliding entry, rc will be set 1441 * to EEXIST. 1442 */ 1443 rc = sadb_insertassoc(newbie, inbound); 1444 (void) drv_getparm(TIME, &newbie->ipsa_hardexpiretime); 1445 newbie->ipsa_hardexpiretime += ipsecesp_larval_timeout; 1446 } 1447 1448 /* 1449 * Can exit outbound mutex. Hold inbound until we're done 1450 * with newbie. 1451 */ 1452 mutex_exit(&outbound->isaf_lock); 1453 1454 if (rc != 0) { 1455 mutex_exit(&inbound->isaf_lock); 1456 IPSA_REFRELE(newbie); 1457 sadb_pfkey_error(esp_pfkey_q, mp, rc, SADB_X_DIAGNOSTIC_NONE, 1458 ksi->ks_in_serial); 1459 return; 1460 } 1461 1462 1463 /* Can write here because I'm still holding the bucket lock. */ 1464 newbie->ipsa_type = SADB_SATYPE_ESP; 1465 1466 /* 1467 * Construct successful return message. We have one thing going 1468 * for us in PF_KEY v2. That's the fact that 1469 * sizeof (sadb_spirange_t) == sizeof (sadb_sa_t) 1470 */ 1471 assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SPIRANGE]; 1472 assoc->sadb_sa_exttype = SADB_EXT_SA; 1473 assoc->sadb_sa_spi = newbie->ipsa_spi; 1474 *((uint64_t *)(&assoc->sadb_sa_replay)) = 0; 1475 mutex_exit(&inbound->isaf_lock); 1476 1477 /* Convert KEYSOCK_IN to KEYSOCK_OUT. */ 1478 kso = (keysock_out_t *)ksi; 1479 kso->ks_out_len = sizeof (*kso); 1480 kso->ks_out_serial = ksi->ks_in_serial; 1481 kso->ks_out_type = KEYSOCK_OUT; 1482 1483 /* 1484 * Can safely putnext() to esp_pfkey_q, because this is a turnaround 1485 * from the esp_pfkey_q. 1486 */ 1487 putnext(esp_pfkey_q, mp); 1488 } 1489 1490 /* 1491 * Insert the ESP header into a packet. Duplicate an mblk, and insert a newly 1492 * allocated mblk with the ESP header in between the two. 1493 */ 1494 static boolean_t 1495 esp_insert_esp(mblk_t *mp, mblk_t *esp_mp, uint_t divpoint) 1496 { 1497 mblk_t *split_mp = mp; 1498 uint_t wheretodiv = divpoint; 1499 1500 while ((split_mp->b_wptr - split_mp->b_rptr) < wheretodiv) { 1501 wheretodiv -= (split_mp->b_wptr - split_mp->b_rptr); 1502 split_mp = split_mp->b_cont; 1503 ASSERT(split_mp != NULL); 1504 } 1505 1506 if (split_mp->b_wptr - split_mp->b_rptr != wheretodiv) { 1507 mblk_t *scratch; 1508 1509 /* "scratch" is the 2nd half, split_mp is the first. */ 1510 scratch = dupb(split_mp); 1511 if (scratch == NULL) { 1512 esp1dbg(("esp_insert_esp: can't allocate scratch.\n")); 1513 return (B_FALSE); 1514 } 1515 /* NOTE: dupb() doesn't set b_cont appropriately. */ 1516 scratch->b_cont = split_mp->b_cont; 1517 scratch->b_rptr += wheretodiv; 1518 split_mp->b_wptr = split_mp->b_rptr + wheretodiv; 1519 split_mp->b_cont = scratch; 1520 } 1521 /* 1522 * At this point, split_mp is exactly "wheretodiv" bytes long, and 1523 * holds the end of the pre-ESP part of the datagram. 1524 */ 1525 esp_mp->b_cont = split_mp->b_cont; 1526 split_mp->b_cont = esp_mp; 1527 1528 return (B_TRUE); 1529 } 1530 1531 /* 1532 * Finish processing of an inbound ESP packet after processing by the 1533 * crypto framework. 1534 * - Remove the ESP header. 1535 * - Send packet back to IP. 1536 * If authentication was performed on the packet, this function is called 1537 * only if the authentication succeeded. 1538 * On success returns B_TRUE, on failure returns B_FALSE and frees the 1539 * mblk chain ipsec_in_mp. 1540 */ 1541 static ipsec_status_t 1542 esp_in_done(mblk_t *ipsec_in_mp) 1543 { 1544 ipsec_in_t *ii = (ipsec_in_t *)ipsec_in_mp->b_rptr; 1545 mblk_t *data_mp; 1546 ipsa_t *assoc; 1547 uint_t espstart; 1548 uint32_t ivlen = 0; 1549 uint_t processed_len; 1550 esph_t *esph; 1551 kstat_named_t *counter; 1552 boolean_t is_natt; 1553 1554 assoc = ii->ipsec_in_esp_sa; 1555 ASSERT(assoc != NULL); 1556 1557 is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0); 1558 1559 /* get the pointer to the ESP header */ 1560 if (assoc->ipsa_encr_alg == SADB_EALG_NULL) { 1561 /* authentication-only ESP */ 1562 espstart = ii->ipsec_in_crypto_data.cd_offset; 1563 processed_len = ii->ipsec_in_crypto_data.cd_length; 1564 } else { 1565 /* encryption present */ 1566 ivlen = assoc->ipsa_iv_len; 1567 if (assoc->ipsa_auth_alg == SADB_AALG_NONE) { 1568 /* encryption-only ESP */ 1569 espstart = ii->ipsec_in_crypto_data.cd_offset - 1570 sizeof (esph_t) - assoc->ipsa_iv_len; 1571 processed_len = ii->ipsec_in_crypto_data.cd_length + 1572 ivlen; 1573 } else { 1574 /* encryption with authentication */ 1575 espstart = ii->ipsec_in_crypto_dual_data.dd_offset1; 1576 processed_len = ii->ipsec_in_crypto_dual_data.dd_len2 + 1577 ivlen; 1578 } 1579 } 1580 1581 data_mp = ipsec_in_mp->b_cont; 1582 esph = (esph_t *)(data_mp->b_rptr + espstart); 1583 1584 if (assoc->ipsa_auth_alg != IPSA_AALG_NONE) { 1585 /* authentication passed if we reach this point */ 1586 ESP_BUMP_STAT(good_auth); 1587 data_mp->b_wptr -= assoc->ipsa_mac_len; 1588 1589 /* 1590 * Check replay window here! 1591 * For right now, assume keysock will set the replay window 1592 * size to zero for SAs that have an unspecified sender. 1593 * This may change... 1594 */ 1595 1596 if (!sadb_replay_check(assoc, esph->esph_replay)) { 1597 /* 1598 * Log the event. As of now we print out an event. 1599 * Do not print the replay failure number, or else 1600 * syslog cannot collate the error messages. Printing 1601 * the replay number that failed opens a denial-of- 1602 * service attack. 1603 */ 1604 ipsec_assocfailure(info.mi_idnum, 0, 0, 1605 SL_ERROR | SL_WARN, 1606 "Replay failed for ESP spi 0x%x, dst %s.\n", 1607 assoc->ipsa_spi, assoc->ipsa_dstaddr, 1608 assoc->ipsa_addrfam); 1609 ESP_BUMP_STAT(replay_failures); 1610 counter = &ipdrops_esp_replay; 1611 goto drop_and_bail; 1612 } 1613 } 1614 1615 if (!esp_age_bytes(assoc, processed_len, B_TRUE)) { 1616 /* The ipsa has hit hard expiration, LOG and AUDIT. */ 1617 ipsec_assocfailure(info.mi_idnum, 0, 0, 1618 SL_ERROR | SL_WARN, 1619 "ESP association 0x%x, dst %s had bytes expire.\n", 1620 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam); 1621 ESP_BUMP_STAT(bytes_expired); 1622 counter = &ipdrops_esp_bytes_expire; 1623 goto drop_and_bail; 1624 } 1625 1626 /* 1627 * Remove ESP header and padding from packet. I hope the compiler 1628 * spews "branch, predict taken" code for this. 1629 */ 1630 1631 if (esp_strip_header(data_mp, ii->ipsec_in_v4, ivlen, &counter)) { 1632 if (is_natt) 1633 return (esp_fix_natt_checksums(data_mp, assoc)); 1634 return (IPSEC_STATUS_SUCCESS); 1635 } 1636 1637 esp1dbg(("esp_in_done: esp_strip_header() failed\n")); 1638 drop_and_bail: 1639 IP_ESP_BUMP_STAT(in_discards); 1640 /* 1641 * TODO: Extract inbound interface from the IPSEC_IN message's 1642 * ii->ipsec_in_rill_index. 1643 */ 1644 ip_drop_packet(ipsec_in_mp, B_TRUE, NULL, NULL, counter, &esp_dropper); 1645 return (IPSEC_STATUS_FAILED); 1646 } 1647 1648 /* 1649 * Called upon failing the inbound ICV check. The message passed as 1650 * argument is freed. 1651 */ 1652 static void 1653 esp_log_bad_auth(mblk_t *ipsec_in) 1654 { 1655 ipsec_in_t *ii = (ipsec_in_t *)ipsec_in->b_rptr; 1656 ipsa_t *assoc = ii->ipsec_in_esp_sa; 1657 1658 /* 1659 * Log the event. Don't print to the console, block 1660 * potential denial-of-service attack. 1661 */ 1662 ESP_BUMP_STAT(bad_auth); 1663 1664 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 1665 "ESP Authentication failed for spi 0x%x, dst %s.\n", 1666 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam); 1667 1668 IP_ESP_BUMP_STAT(in_discards); 1669 /* 1670 * TODO: Extract inbound interface from the IPSEC_IN 1671 * message's ii->ipsec_in_rill_index. 1672 */ 1673 ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL, &ipdrops_esp_bad_auth, 1674 &esp_dropper); 1675 } 1676 1677 1678 /* 1679 * Invoked for outbound packets after ESP processing. If the packet 1680 * also requires AH, performs the AH SA selection and AH processing. 1681 * Returns B_TRUE if the AH processing was not needed or if it was 1682 * performed successfully. Returns B_FALSE and consumes the passed mblk 1683 * if AH processing was required but could not be performed. 1684 */ 1685 static boolean_t 1686 esp_do_outbound_ah(mblk_t *ipsec_mp) 1687 { 1688 ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr; 1689 ipsec_status_t ipsec_rc; 1690 ipsec_action_t *ap; 1691 1692 ap = io->ipsec_out_act; 1693 if (ap == NULL) { 1694 ipsec_policy_t *pp = io->ipsec_out_policy; 1695 ap = pp->ipsp_act; 1696 } 1697 1698 if (!ap->ipa_want_ah) 1699 return (B_TRUE); 1700 1701 ASSERT(io->ipsec_out_ah_done == B_FALSE); 1702 1703 if (io->ipsec_out_ah_sa == NULL) { 1704 if (!ipsec_outbound_sa(ipsec_mp, IPPROTO_AH)) { 1705 sadb_acquire(ipsec_mp, io, B_TRUE, B_FALSE); 1706 return (B_FALSE); 1707 } 1708 } 1709 ASSERT(io->ipsec_out_ah_sa != NULL); 1710 1711 io->ipsec_out_ah_done = B_TRUE; 1712 ipsec_rc = io->ipsec_out_ah_sa->ipsa_output_func(ipsec_mp); 1713 return (ipsec_rc == IPSEC_STATUS_SUCCESS); 1714 } 1715 1716 1717 /* 1718 * Kernel crypto framework callback invoked after completion of async 1719 * crypto requests. 1720 */ 1721 static void 1722 esp_kcf_callback(void *arg, int status) 1723 { 1724 mblk_t *ipsec_mp = (mblk_t *)arg; 1725 ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr; 1726 boolean_t is_inbound = (ii->ipsec_in_type == IPSEC_IN); 1727 1728 ASSERT(ipsec_mp->b_cont != NULL); 1729 1730 if (status == CRYPTO_SUCCESS) { 1731 if (is_inbound) { 1732 if (esp_in_done(ipsec_mp) != IPSEC_STATUS_SUCCESS) 1733 return; 1734 1735 /* finish IPsec processing */ 1736 ip_fanout_proto_again(ipsec_mp, NULL, NULL, NULL); 1737 } else { 1738 /* 1739 * If a ICV was computed, it was stored by the 1740 * crypto framework at the end of the packet. 1741 */ 1742 ipha_t *ipha = (ipha_t *)ipsec_mp->b_cont->b_rptr; 1743 1744 /* do AH processing if needed */ 1745 if (!esp_do_outbound_ah(ipsec_mp)) 1746 return; 1747 1748 /* finish IPsec processing */ 1749 if (IPH_HDR_VERSION(ipha) == IP_VERSION) { 1750 ip_wput_ipsec_out(NULL, ipsec_mp, ipha, NULL, 1751 NULL); 1752 } else { 1753 ip6_t *ip6h = (ip6_t *)ipha; 1754 ip_wput_ipsec_out_v6(NULL, ipsec_mp, ip6h, 1755 NULL, NULL); 1756 } 1757 } 1758 1759 } else if (status == CRYPTO_INVALID_MAC) { 1760 esp_log_bad_auth(ipsec_mp); 1761 1762 } else { 1763 esp1dbg(("esp_kcf_callback: crypto failed with 0x%x\n", 1764 status)); 1765 ESP_BUMP_STAT(crypto_failures); 1766 if (is_inbound) 1767 IP_ESP_BUMP_STAT(in_discards); 1768 else 1769 ESP_BUMP_STAT(out_discards); 1770 ip_drop_packet(ipsec_mp, is_inbound, NULL, NULL, 1771 &ipdrops_esp_crypto_failed, &esp_dropper); 1772 } 1773 } 1774 1775 /* 1776 * Invoked on crypto framework failure during inbound and outbound processing. 1777 */ 1778 static void 1779 esp_crypto_failed(mblk_t *mp, boolean_t is_inbound, int kef_rc) 1780 { 1781 esp1dbg(("crypto failed for %s ESP with 0x%x\n", 1782 is_inbound ? "inbound" : "outbound", kef_rc)); 1783 ip_drop_packet(mp, is_inbound, NULL, NULL, &ipdrops_esp_crypto_failed, 1784 &esp_dropper); 1785 ESP_BUMP_STAT(crypto_failures); 1786 if (is_inbound) 1787 IP_ESP_BUMP_STAT(in_discards); 1788 else 1789 ESP_BUMP_STAT(out_discards); 1790 } 1791 1792 #define ESP_INIT_CALLREQ(_cr) { \ 1793 (_cr)->cr_flag = CRYPTO_SKIP_REQID|CRYPTO_RESTRICTED; \ 1794 (_cr)->cr_callback_arg = ipsec_mp; \ 1795 (_cr)->cr_callback_func = esp_kcf_callback; \ 1796 } 1797 1798 #define ESP_INIT_CRYPTO_MAC(mac, icvlen, icvbuf) { \ 1799 (mac)->cd_format = CRYPTO_DATA_RAW; \ 1800 (mac)->cd_offset = 0; \ 1801 (mac)->cd_length = icvlen; \ 1802 (mac)->cd_raw.iov_base = (char *)icvbuf; \ 1803 (mac)->cd_raw.iov_len = icvlen; \ 1804 } 1805 1806 #define ESP_INIT_CRYPTO_DATA(data, mp, off, len) { \ 1807 if (MBLKL(mp) >= (len) + (off)) { \ 1808 (data)->cd_format = CRYPTO_DATA_RAW; \ 1809 (data)->cd_raw.iov_base = (char *)(mp)->b_rptr; \ 1810 (data)->cd_raw.iov_len = MBLKL(mp); \ 1811 (data)->cd_offset = off; \ 1812 } else { \ 1813 (data)->cd_format = CRYPTO_DATA_MBLK; \ 1814 (data)->cd_mp = mp; \ 1815 (data)->cd_offset = off; \ 1816 } \ 1817 (data)->cd_length = len; \ 1818 } 1819 1820 #define ESP_INIT_CRYPTO_DUAL_DATA(data, mp, off1, len1, off2, len2) { \ 1821 (data)->dd_format = CRYPTO_DATA_MBLK; \ 1822 (data)->dd_mp = mp; \ 1823 (data)->dd_len1 = len1; \ 1824 (data)->dd_offset1 = off1; \ 1825 (data)->dd_len2 = len2; \ 1826 (data)->dd_offset2 = off2; \ 1827 } 1828 1829 static ipsec_status_t 1830 esp_submit_req_inbound(mblk_t *ipsec_mp, ipsa_t *assoc, uint_t esph_offset) 1831 { 1832 ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr; 1833 boolean_t do_auth; 1834 uint_t auth_offset, msg_len, auth_len; 1835 crypto_call_req_t call_req; 1836 mblk_t *esp_mp; 1837 int kef_rc = CRYPTO_FAILED; 1838 uint_t icv_len = assoc->ipsa_mac_len; 1839 crypto_ctx_template_t auth_ctx_tmpl; 1840 boolean_t do_encr; 1841 uint_t encr_offset, encr_len; 1842 uint_t iv_len = assoc->ipsa_iv_len; 1843 crypto_ctx_template_t encr_ctx_tmpl; 1844 1845 ASSERT(ii->ipsec_in_type == IPSEC_IN); 1846 1847 do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE; 1848 do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL; 1849 1850 /* 1851 * An inbound packet is of the form: 1852 * IPSEC_IN -> [IP,options,ESP,IV,data,ICV,pad] 1853 */ 1854 esp_mp = ipsec_mp->b_cont; 1855 msg_len = MBLKL(esp_mp); 1856 1857 ESP_INIT_CALLREQ(&call_req); 1858 1859 if (do_auth) { 1860 /* force asynchronous processing? */ 1861 if (ipsec_algs_exec_mode[IPSEC_ALG_AUTH] == 1862 IPSEC_ALGS_EXEC_ASYNC) 1863 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 1864 1865 /* authentication context template */ 1866 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH, 1867 auth_ctx_tmpl); 1868 1869 /* ICV to be verified */ 1870 ESP_INIT_CRYPTO_MAC(&ii->ipsec_in_crypto_mac, 1871 icv_len, esp_mp->b_wptr - icv_len); 1872 1873 /* authentication starts at the ESP header */ 1874 auth_offset = esph_offset; 1875 auth_len = msg_len - auth_offset - icv_len; 1876 if (!do_encr) { 1877 /* authentication only */ 1878 /* initialize input data argument */ 1879 ESP_INIT_CRYPTO_DATA(&ii->ipsec_in_crypto_data, 1880 esp_mp, auth_offset, auth_len); 1881 1882 /* call the crypto framework */ 1883 kef_rc = crypto_mac_verify(&assoc->ipsa_amech, 1884 &ii->ipsec_in_crypto_data, 1885 &assoc->ipsa_kcfauthkey, auth_ctx_tmpl, 1886 &ii->ipsec_in_crypto_mac, &call_req); 1887 } 1888 } 1889 1890 if (do_encr) { 1891 /* force asynchronous processing? */ 1892 if (ipsec_algs_exec_mode[IPSEC_ALG_ENCR] == 1893 IPSEC_ALGS_EXEC_ASYNC) 1894 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 1895 1896 /* encryption template */ 1897 IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR, 1898 encr_ctx_tmpl); 1899 1900 /* skip IV, since it is passed separately */ 1901 encr_offset = esph_offset + sizeof (esph_t) + iv_len; 1902 encr_len = msg_len - encr_offset; 1903 1904 if (!do_auth) { 1905 /* decryption only */ 1906 /* initialize input data argument */ 1907 ESP_INIT_CRYPTO_DATA(&ii->ipsec_in_crypto_data, 1908 esp_mp, encr_offset, encr_len); 1909 1910 /* specify IV */ 1911 ii->ipsec_in_crypto_data.cd_miscdata = 1912 (char *)esp_mp->b_rptr + sizeof (esph_t) + 1913 esph_offset; 1914 1915 /* call the crypto framework */ 1916 kef_rc = crypto_decrypt(&assoc->ipsa_emech, 1917 &ii->ipsec_in_crypto_data, 1918 &assoc->ipsa_kcfencrkey, encr_ctx_tmpl, 1919 NULL, &call_req); 1920 } 1921 } 1922 1923 if (do_auth && do_encr) { 1924 /* dual operation */ 1925 /* initialize input data argument */ 1926 ESP_INIT_CRYPTO_DUAL_DATA(&ii->ipsec_in_crypto_dual_data, 1927 esp_mp, auth_offset, auth_len, 1928 encr_offset, encr_len - icv_len); 1929 1930 /* specify IV */ 1931 ii->ipsec_in_crypto_dual_data.dd_miscdata = 1932 (char *)esp_mp->b_rptr + sizeof (esph_t) + esph_offset; 1933 1934 /* call the framework */ 1935 kef_rc = crypto_mac_verify_decrypt(&assoc->ipsa_amech, 1936 &assoc->ipsa_emech, &ii->ipsec_in_crypto_dual_data, 1937 &assoc->ipsa_kcfauthkey, &assoc->ipsa_kcfencrkey, 1938 auth_ctx_tmpl, encr_ctx_tmpl, &ii->ipsec_in_crypto_mac, 1939 NULL, &call_req); 1940 } 1941 1942 switch (kef_rc) { 1943 case CRYPTO_SUCCESS: 1944 ESP_BUMP_STAT(crypto_sync); 1945 return (esp_in_done(ipsec_mp)); 1946 case CRYPTO_QUEUED: 1947 /* esp_kcf_callback() will be invoked on completion */ 1948 ESP_BUMP_STAT(crypto_async); 1949 return (IPSEC_STATUS_PENDING); 1950 case CRYPTO_INVALID_MAC: 1951 ESP_BUMP_STAT(crypto_sync); 1952 esp_log_bad_auth(ipsec_mp); 1953 return (IPSEC_STATUS_FAILED); 1954 } 1955 1956 esp_crypto_failed(ipsec_mp, B_TRUE, kef_rc); 1957 return (IPSEC_STATUS_FAILED); 1958 } 1959 1960 static ipsec_status_t 1961 esp_submit_req_outbound(mblk_t *ipsec_mp, ipsa_t *assoc, uchar_t *icv_buf, 1962 uint_t payload_len) 1963 { 1964 ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr; 1965 uint_t auth_len; 1966 crypto_call_req_t call_req; 1967 mblk_t *esp_mp; 1968 int kef_rc = CRYPTO_FAILED; 1969 uint_t icv_len = assoc->ipsa_mac_len; 1970 crypto_ctx_template_t auth_ctx_tmpl; 1971 boolean_t do_auth; 1972 boolean_t do_encr; 1973 uint_t iv_len = assoc->ipsa_iv_len; 1974 crypto_ctx_template_t encr_ctx_tmpl; 1975 boolean_t is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0); 1976 size_t esph_offset = (is_natt ? UDPH_SIZE : 0); 1977 1978 esp3dbg(("esp_submit_req_outbound:%s", is_natt ? "natt" : "not natt")); 1979 1980 ASSERT(io->ipsec_out_type == IPSEC_OUT); 1981 1982 do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL; 1983 do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE; 1984 1985 /* 1986 * Outbound IPsec packets are of the form: 1987 * IPSEC_OUT -> [IP,options] -> [ESP,IV] -> [data] -> [pad,ICV] 1988 * unless it's NATT, then it's 1989 * IPSEC_OUT -> [IP,options] -> [udp][ESP,IV] -> [data] -> [pad,ICV] 1990 * Get a pointer to the mblk containing the ESP header. 1991 */ 1992 ASSERT(ipsec_mp->b_cont != NULL && ipsec_mp->b_cont->b_cont != NULL); 1993 esp_mp = ipsec_mp->b_cont->b_cont; 1994 1995 ESP_INIT_CALLREQ(&call_req); 1996 1997 if (do_auth) { 1998 /* force asynchronous processing? */ 1999 if (ipsec_algs_exec_mode[IPSEC_ALG_AUTH] == 2000 IPSEC_ALGS_EXEC_ASYNC) 2001 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 2002 2003 /* authentication context template */ 2004 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH, 2005 auth_ctx_tmpl); 2006 2007 /* where to store the computed mac */ 2008 ESP_INIT_CRYPTO_MAC(&io->ipsec_out_crypto_mac, 2009 icv_len, icv_buf); 2010 2011 /* authentication starts at the ESP header */ 2012 auth_len = payload_len + iv_len + sizeof (esph_t); 2013 if (!do_encr) { 2014 /* authentication only */ 2015 /* initialize input data argument */ 2016 ESP_INIT_CRYPTO_DATA(&io->ipsec_out_crypto_data, 2017 esp_mp, esph_offset, auth_len); 2018 2019 /* call the crypto framework */ 2020 kef_rc = crypto_mac(&assoc->ipsa_amech, 2021 &io->ipsec_out_crypto_data, 2022 &assoc->ipsa_kcfauthkey, auth_ctx_tmpl, 2023 &io->ipsec_out_crypto_mac, &call_req); 2024 } 2025 } 2026 2027 if (do_encr) { 2028 /* force asynchronous processing? */ 2029 if (ipsec_algs_exec_mode[IPSEC_ALG_ENCR] == 2030 IPSEC_ALGS_EXEC_ASYNC) 2031 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 2032 2033 /* encryption context template */ 2034 IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR, 2035 encr_ctx_tmpl); 2036 2037 if (!do_auth) { 2038 /* encryption only, skip mblk that contains ESP hdr */ 2039 /* initialize input data argument */ 2040 ESP_INIT_CRYPTO_DATA(&io->ipsec_out_crypto_data, 2041 esp_mp->b_cont, 0, payload_len); 2042 2043 /* specify IV */ 2044 io->ipsec_out_crypto_data.cd_miscdata = 2045 (char *)esp_mp->b_rptr + sizeof (esph_t) + 2046 esph_offset; 2047 2048 /* call the crypto framework */ 2049 kef_rc = crypto_encrypt(&assoc->ipsa_emech, 2050 &io->ipsec_out_crypto_data, 2051 &assoc->ipsa_kcfencrkey, encr_ctx_tmpl, 2052 NULL, &call_req); 2053 } 2054 } 2055 2056 if (do_auth && do_encr) { 2057 /* 2058 * Encryption and authentication: 2059 * Pass the pointer to the mblk chain starting at the ESP 2060 * header to the framework. Skip the ESP header mblk 2061 * for encryption, which is reflected by an encryption 2062 * offset equal to the length of that mblk. Start 2063 * the authentication at the ESP header, i.e. use an 2064 * authentication offset of zero. 2065 */ 2066 ESP_INIT_CRYPTO_DUAL_DATA(&io->ipsec_out_crypto_dual_data, 2067 esp_mp, MBLKL(esp_mp), payload_len, esph_offset, auth_len); 2068 2069 /* specify IV */ 2070 io->ipsec_out_crypto_dual_data.dd_miscdata = 2071 (char *)esp_mp->b_rptr + sizeof (esph_t) + esph_offset; 2072 2073 /* call the framework */ 2074 kef_rc = crypto_encrypt_mac(&assoc->ipsa_emech, 2075 &assoc->ipsa_amech, NULL, 2076 &assoc->ipsa_kcfencrkey, &assoc->ipsa_kcfauthkey, 2077 encr_ctx_tmpl, auth_ctx_tmpl, 2078 &io->ipsec_out_crypto_dual_data, 2079 &io->ipsec_out_crypto_mac, &call_req); 2080 } 2081 2082 switch (kef_rc) { 2083 case CRYPTO_SUCCESS: 2084 ESP_BUMP_STAT(crypto_sync); 2085 return (IPSEC_STATUS_SUCCESS); 2086 case CRYPTO_QUEUED: 2087 /* esp_kcf_callback() will be invoked on completion */ 2088 ESP_BUMP_STAT(crypto_async); 2089 return (IPSEC_STATUS_PENDING); 2090 } 2091 2092 esp_crypto_failed(ipsec_mp, B_TRUE, kef_rc); 2093 return (IPSEC_STATUS_FAILED); 2094 } 2095 2096 /* 2097 * Handle outbound IPsec processing for IPv4 and IPv6 2098 * On success returns B_TRUE, on failure returns B_FALSE and frees the 2099 * mblk chain ipsec_in_mp. 2100 */ 2101 static ipsec_status_t 2102 esp_outbound(mblk_t *mp) 2103 { 2104 mblk_t *ipsec_out_mp, *data_mp, *espmp, *tailmp; 2105 ipsec_out_t *io; 2106 ipha_t *ipha; 2107 ip6_t *ip6h; 2108 esph_t *esph; 2109 uint_t af; 2110 uint8_t *nhp; 2111 uintptr_t divpoint, datalen, adj, padlen, i, alloclen; 2112 uintptr_t esplen = sizeof (esph_t); 2113 uint8_t protocol; 2114 ipsa_t *assoc; 2115 uint_t iv_len = 0, mac_len = 0; 2116 uchar_t *icv_buf; 2117 udpha_t *udpha; 2118 boolean_t is_natt = B_FALSE; 2119 2120 ESP_BUMP_STAT(out_requests); 2121 2122 ipsec_out_mp = mp; 2123 data_mp = ipsec_out_mp->b_cont; 2124 2125 /* 2126 * <sigh> We have to copy the message here, because TCP (for example) 2127 * keeps a dupb() of the message lying around for retransmission. 2128 * Since ESP changes the whole of the datagram, we have to create our 2129 * own copy lest we clobber TCP's data. Since we have to copy anyway, 2130 * we might as well make use of msgpullup() and get the mblk into one 2131 * contiguous piece! 2132 */ 2133 ipsec_out_mp->b_cont = msgpullup(data_mp, -1); 2134 if (ipsec_out_mp->b_cont == NULL) { 2135 esp0dbg(("esp_outbound: msgpullup() failed, " 2136 "dropping packet.\n")); 2137 ipsec_out_mp->b_cont = data_mp; 2138 /* 2139 * TODO: Find the outbound IRE for this packet and 2140 * pass it to ip_drop_packet(). 2141 */ 2142 ip_drop_packet(ipsec_out_mp, B_FALSE, NULL, NULL, 2143 &ipdrops_esp_nomem, &esp_dropper); 2144 return (IPSEC_STATUS_FAILED); 2145 } else { 2146 freemsg(data_mp); 2147 data_mp = ipsec_out_mp->b_cont; 2148 } 2149 2150 io = (ipsec_out_t *)ipsec_out_mp->b_rptr; 2151 2152 /* 2153 * Reality check.... 2154 */ 2155 2156 ipha = (ipha_t *)data_mp->b_rptr; /* So we can call esp_acquire(). */ 2157 2158 if (io->ipsec_out_v4) { 2159 af = AF_INET; 2160 divpoint = IPH_HDR_LENGTH(ipha); 2161 datalen = ntohs(ipha->ipha_length) - divpoint; 2162 nhp = (uint8_t *)&ipha->ipha_protocol; 2163 } else { 2164 ip6_pkt_t ipp; 2165 2166 af = AF_INET6; 2167 ip6h = (ip6_t *)ipha; 2168 bzero(&ipp, sizeof (ipp)); 2169 divpoint = ip_find_hdr_v6(data_mp, ip6h, &ipp, NULL); 2170 if (ipp.ipp_dstopts != NULL && 2171 ipp.ipp_dstopts->ip6d_nxt != IPPROTO_ROUTING) { 2172 /* 2173 * Destination options are tricky. If we get in here, 2174 * then we have a terminal header following the 2175 * destination options. We need to adjust backwards 2176 * so we insert ESP BEFORE the destination options 2177 * bag. (So that the dstopts get encrypted!) 2178 * 2179 * Since this is for outbound packets only, we know 2180 * that non-terminal destination options only precede 2181 * routing headers. 2182 */ 2183 divpoint -= ipp.ipp_dstoptslen; 2184 } 2185 datalen = ntohs(ip6h->ip6_plen) + sizeof (ip6_t) - divpoint; 2186 2187 if (ipp.ipp_rthdr != NULL) { 2188 nhp = &ipp.ipp_rthdr->ip6r_nxt; 2189 } else if (ipp.ipp_hopopts != NULL) { 2190 nhp = &ipp.ipp_hopopts->ip6h_nxt; 2191 } else { 2192 ASSERT(divpoint == sizeof (ip6_t)); 2193 /* It's probably IP + ESP. */ 2194 nhp = &ip6h->ip6_nxt; 2195 } 2196 } 2197 assoc = io->ipsec_out_esp_sa; 2198 ASSERT(assoc != NULL); 2199 2200 if (assoc->ipsa_usetime == 0) 2201 esp_set_usetime(assoc, B_FALSE); 2202 2203 if (assoc->ipsa_auth_alg != SADB_AALG_NONE) 2204 mac_len = assoc->ipsa_mac_len; 2205 2206 if (assoc->ipsa_flags & IPSA_F_NATT) { 2207 /* wedge in fake UDP */ 2208 is_natt = B_TRUE; 2209 esplen += UDPH_SIZE; 2210 } 2211 2212 if (assoc->ipsa_encr_alg != SADB_EALG_NULL) 2213 iv_len = assoc->ipsa_iv_len; 2214 2215 /* 2216 * Set up ESP header and encryption padding for ENCR PI request. 2217 */ 2218 2219 /* 2220 * Determine the padding length. Pad to 4-bytes. 2221 * 2222 * Include the two additional bytes (hence the - 2) for the padding 2223 * length and the next header. Take this into account when 2224 * calculating the actual length of the padding. 2225 */ 2226 2227 if (assoc->ipsa_encr_alg != SADB_EALG_NULL) { 2228 padlen = ((unsigned)(iv_len - datalen - 2)) % iv_len; 2229 } else { 2230 padlen = ((unsigned)(sizeof (uint32_t) - datalen - 2)) % 2231 sizeof (uint32_t); 2232 } 2233 2234 /* Allocate ESP header and IV. */ 2235 esplen += iv_len; 2236 2237 /* 2238 * Update association byte-count lifetimes. Don't forget to take 2239 * into account the padding length and next-header (hence the + 2). 2240 * 2241 * Use the amount of data fed into the "encryption algorithm". This 2242 * is the IV, the data length, the padding length, and the final two 2243 * bytes (padlen, and next-header). 2244 * 2245 */ 2246 2247 if (!esp_age_bytes(assoc, datalen + padlen + iv_len + 2, B_FALSE)) { 2248 /* 2249 * TODO: Find the outbound IRE for this packet and 2250 * pass it to ip_drop_packet(). 2251 */ 2252 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2253 &ipdrops_esp_bytes_expire, &esp_dropper); 2254 return (IPSEC_STATUS_FAILED); 2255 } 2256 2257 espmp = allocb(esplen, BPRI_HI); 2258 if (espmp == NULL) { 2259 ESP_BUMP_STAT(out_discards); 2260 esp1dbg(("esp_outbound: can't allocate espmp.\n")); 2261 /* 2262 * TODO: Find the outbound IRE for this packet and 2263 * pass it to ip_drop_packet(). 2264 */ 2265 ip_drop_packet(mp, B_FALSE, NULL, NULL, &ipdrops_esp_nomem, 2266 &esp_dropper); 2267 return (IPSEC_STATUS_FAILED); 2268 } 2269 espmp->b_wptr += esplen; 2270 esph = (esph_t *)espmp->b_rptr; 2271 2272 if (is_natt) { 2273 esp3dbg(("esp_outbound: NATT")); 2274 2275 udpha = (udpha_t *)espmp->b_rptr; 2276 udpha->uha_src_port = htons(IPPORT_IKE_NATT); 2277 if (assoc->ipsa_remote_port != 0) 2278 udpha->uha_dst_port = assoc->ipsa_remote_port; 2279 else 2280 udpha->uha_dst_port = htons(IPPORT_IKE_NATT); 2281 /* 2282 * Set the checksum to 0, so that the ip_wput_ipsec_out() 2283 * can do the right thing. 2284 */ 2285 udpha->uha_checksum = 0; 2286 esph = (esph_t *)(udpha + 1); 2287 } 2288 2289 esph->esph_spi = assoc->ipsa_spi; 2290 2291 esph->esph_replay = htonl(atomic_add_32_nv(&assoc->ipsa_replay, 1)); 2292 if (esph->esph_replay == 0 && assoc->ipsa_replay_wsize != 0) { 2293 /* 2294 * XXX We have replay counter wrapping. 2295 * We probably want to nuke this SA (and its peer). 2296 */ 2297 ipsec_assocfailure(info.mi_idnum, 0, 0, 2298 SL_ERROR | SL_CONSOLE | SL_WARN, 2299 "Outbound ESP SA (0x%x, %s) has wrapped sequence.\n", 2300 esph->esph_spi, assoc->ipsa_dstaddr, af); 2301 2302 ESP_BUMP_STAT(out_discards); 2303 sadb_replay_delete(assoc); 2304 /* 2305 * TODO: Find the outbound IRE for this packet and 2306 * pass it to ip_drop_packet(). 2307 */ 2308 ip_drop_packet(mp, B_FALSE, NULL, NULL, &ipdrops_esp_replay, 2309 &esp_dropper); 2310 return (IPSEC_STATUS_FAILED); 2311 } 2312 2313 /* 2314 * Set the IV to a random quantity. We do not require the 2315 * highest quality random bits, but for best security with CBC 2316 * mode ciphers, the value must be unlikely to repeat and also 2317 * must not be known in advance to an adversary capable of 2318 * influencing the plaintext. 2319 */ 2320 (void) random_get_pseudo_bytes((uint8_t *)(esph + 1), iv_len); 2321 2322 /* Fix the IP header. */ 2323 alloclen = padlen + 2 + mac_len; 2324 adj = alloclen + (espmp->b_wptr - espmp->b_rptr); 2325 2326 protocol = *nhp; 2327 2328 if (io->ipsec_out_v4) { 2329 ipha->ipha_length = htons(ntohs(ipha->ipha_length) + adj); 2330 if (is_natt) { 2331 *nhp = IPPROTO_UDP; 2332 udpha->uha_length = htons(ntohs(ipha->ipha_length) - 2333 IPH_HDR_LENGTH(ipha)); 2334 } else { 2335 *nhp = IPPROTO_ESP; 2336 } 2337 ipha->ipha_hdr_checksum = 0; 2338 ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha); 2339 } else { 2340 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) + adj); 2341 *nhp = IPPROTO_ESP; 2342 } 2343 2344 /* I've got the two ESP mblks, now insert them. */ 2345 2346 esp2dbg(("data_mp before outbound ESP adjustment:\n")); 2347 esp2dbg((dump_msg(data_mp))); 2348 2349 if (!esp_insert_esp(data_mp, espmp, divpoint)) { 2350 ESP_BUMP_STAT(out_discards); 2351 /* NOTE: esp_insert_esp() only fails if there's no memory. */ 2352 /* 2353 * TODO: Find the outbound IRE for this packet and 2354 * pass it to ip_drop_packet(). 2355 */ 2356 ip_drop_packet(mp, B_FALSE, NULL, NULL, &ipdrops_esp_nomem, 2357 &esp_dropper); 2358 freeb(espmp); 2359 return (IPSEC_STATUS_FAILED); 2360 } 2361 2362 /* Append padding (and leave room for ICV). */ 2363 for (tailmp = data_mp; tailmp->b_cont != NULL; tailmp = tailmp->b_cont) 2364 ; 2365 if (tailmp->b_wptr + alloclen > tailmp->b_datap->db_lim) { 2366 tailmp->b_cont = allocb(alloclen, BPRI_HI); 2367 if (tailmp->b_cont == NULL) { 2368 ESP_BUMP_STAT(out_discards); 2369 esp0dbg(("esp_outbound: Can't allocate tailmp.\n")); 2370 /* 2371 * TODO: Find the outbound IRE for this packet and 2372 * pass it to ip_drop_packet(). 2373 */ 2374 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2375 &ipdrops_esp_nomem, &esp_dropper); 2376 return (IPSEC_STATUS_FAILED); 2377 } 2378 tailmp = tailmp->b_cont; 2379 } 2380 2381 /* 2382 * If there's padding, N bytes of padding must be of the form 0x1, 2383 * 0x2, 0x3... 0xN. 2384 */ 2385 for (i = 0; i < padlen; ) { 2386 i++; 2387 *tailmp->b_wptr++ = i; 2388 } 2389 *tailmp->b_wptr++ = i; 2390 *tailmp->b_wptr++ = protocol; 2391 2392 esp2dbg(("data_Mp before encryption:\n")); 2393 esp2dbg((dump_msg(data_mp))); 2394 2395 /* 2396 * The packet is eligible for hardware acceleration if the 2397 * following conditions are satisfied: 2398 * 2399 * 1. the packet will not be fragmented 2400 * 2. the provider supports the algorithms specified by SA 2401 * 3. there is no pending control message being exchanged 2402 * 4. snoop is not attached 2403 * 5. the destination address is not a multicast address 2404 * 2405 * All five of these conditions are checked by IP prior to 2406 * sending the packet to ESP. 2407 * 2408 * But We, and We Alone, can, nay MUST check if the packet 2409 * is over NATT, and then disqualify it from hardware 2410 * acceleration. 2411 */ 2412 2413 if (io->ipsec_out_is_capab_ill && !(assoc->ipsa_flags & IPSA_F_NATT)) { 2414 return (esp_outbound_accelerated(ipsec_out_mp, mac_len)); 2415 } 2416 ESP_BUMP_STAT(noaccel); 2417 2418 /* 2419 * Okay. I've set up the pre-encryption ESP. Let's do it! 2420 */ 2421 2422 if (mac_len > 0) { 2423 ASSERT(tailmp->b_wptr + mac_len <= tailmp->b_datap->db_lim); 2424 icv_buf = tailmp->b_wptr; 2425 tailmp->b_wptr += mac_len; 2426 } else { 2427 icv_buf = NULL; 2428 } 2429 2430 return (esp_submit_req_outbound(ipsec_out_mp, assoc, icv_buf, 2431 datalen + padlen + 2)); 2432 } 2433 2434 /* 2435 * IP calls this to validate the ICMP errors that 2436 * we got from the network. 2437 */ 2438 ipsec_status_t 2439 ipsecesp_icmp_error(mblk_t *ipsec_mp) 2440 { 2441 /* 2442 * Unless we get an entire packet back, this function is useless. 2443 * Why? 2444 * 2445 * 1.) Partial packets are useless, because the "next header" 2446 * is at the end of the decrypted ESP packet. Without the 2447 * whole packet, this is useless. 2448 * 2449 * 2.) If we every use a stateful cipher, such as a stream or a 2450 * one-time pad, we can't do anything. 2451 * 2452 * Since the chances of us getting an entire packet back are very 2453 * very small, we discard here. 2454 */ 2455 IP_ESP_BUMP_STAT(in_discards); 2456 ip_drop_packet(ipsec_mp, B_TRUE, NULL, NULL, &ipdrops_esp_icmp, 2457 &esp_dropper); 2458 return (IPSEC_STATUS_FAILED); 2459 } 2460 2461 /* 2462 * ESP module read put routine. 2463 */ 2464 /* ARGSUSED */ 2465 static void 2466 ipsecesp_rput(queue_t *q, mblk_t *mp) 2467 { 2468 keysock_in_t *ksi; 2469 int *addrtype; 2470 ire_t *ire; 2471 mblk_t *ire_mp, *last_mp; 2472 2473 switch (mp->b_datap->db_type) { 2474 case M_CTL: 2475 /* 2476 * IPsec request of some variety from IP. IPSEC_{IN,OUT} 2477 * are the common cases, but even ICMP error messages from IP 2478 * may rise up here. 2479 * 2480 * Ummmm, actually, this can also be the reflected KEYSOCK_IN 2481 * message, with an IRE_DB_TYPE hung off at the end. 2482 */ 2483 switch (((ipsec_info_t *)(mp->b_rptr))->ipsec_info_type) { 2484 case KEYSOCK_IN: 2485 last_mp = mp; 2486 while (last_mp->b_cont != NULL && 2487 last_mp->b_cont->b_datap->db_type != IRE_DB_TYPE) 2488 last_mp = last_mp->b_cont; 2489 2490 if (last_mp->b_cont == NULL) { 2491 freemsg(mp); 2492 break; /* Out of switch. */ 2493 } 2494 2495 ire_mp = last_mp->b_cont; 2496 last_mp->b_cont = NULL; 2497 2498 ksi = (keysock_in_t *)mp->b_rptr; 2499 2500 if (ksi->ks_in_srctype == KS_IN_ADDR_UNKNOWN) 2501 addrtype = &ksi->ks_in_srctype; 2502 else if (ksi->ks_in_dsttype == KS_IN_ADDR_UNKNOWN) 2503 addrtype = &ksi->ks_in_dsttype; 2504 else if (ksi->ks_in_proxytype == KS_IN_ADDR_UNKNOWN) 2505 addrtype = &ksi->ks_in_proxytype; 2506 2507 ire = (ire_t *)ire_mp->b_rptr; 2508 2509 *addrtype = sadb_addrset(ire); 2510 2511 freemsg(ire_mp); 2512 if (esp_pfkey_q != NULL) { 2513 /* 2514 * Decrement counter to make up for 2515 * auto-increment in ipsecesp_wput(). 2516 * I'm running all MT-hot through here, so 2517 * don't worry about perimeters and lateral 2518 * puts. 2519 */ 2520 ESP_DEBUMP_STAT(keysock_in); 2521 ipsecesp_wput(WR(esp_pfkey_q), mp); 2522 } else { 2523 freemsg(mp); 2524 } 2525 break; 2526 default: 2527 freemsg(mp); 2528 break; 2529 } 2530 break; 2531 case M_PROTO: 2532 case M_PCPROTO: 2533 /* TPI message of some sort. */ 2534 switch (*((t_scalar_t *)mp->b_rptr)) { 2535 case T_BIND_ACK: 2536 esp3dbg(("Thank you IP from ESP for T_BIND_ACK\n")); 2537 break; 2538 case T_ERROR_ACK: 2539 cmn_err(CE_WARN, 2540 "ipsecesp: ESP received T_ERROR_ACK from IP."); 2541 /* 2542 * Make esp_sadb.s_ip_q NULL, and in the 2543 * future, perhaps try again. 2544 */ 2545 esp_sadb.s_ip_q = NULL; 2546 break; 2547 case T_OK_ACK: 2548 /* Probably from a (rarely sent) T_UNBIND_REQ. */ 2549 break; 2550 default: 2551 esp0dbg(("Unknown M_{,PC}PROTO message.\n")); 2552 } 2553 freemsg(mp); 2554 break; 2555 default: 2556 /* For now, passthru message. */ 2557 esp2dbg(("ESP got unknown mblk type %d.\n", 2558 mp->b_datap->db_type)); 2559 putnext(q, mp); 2560 } 2561 } 2562 2563 /* 2564 * Construct an SADB_REGISTER message with the current algorithms. 2565 */ 2566 static boolean_t 2567 esp_register_out(uint32_t sequence, uint32_t pid, uint_t serial) 2568 { 2569 mblk_t *pfkey_msg_mp, *keysock_out_mp; 2570 sadb_msg_t *samsg; 2571 sadb_supported_t *sasupp_auth = NULL; 2572 sadb_supported_t *sasupp_encr = NULL; 2573 sadb_alg_t *saalg; 2574 uint_t allocsize = sizeof (*samsg); 2575 uint_t i, numalgs_snap; 2576 int current_aalgs; 2577 ipsec_alginfo_t **authalgs; 2578 uint_t num_aalgs; 2579 int current_ealgs; 2580 ipsec_alginfo_t **encralgs; 2581 uint_t num_ealgs; 2582 2583 /* Allocate the KEYSOCK_OUT. */ 2584 keysock_out_mp = sadb_keysock_out(serial); 2585 if (keysock_out_mp == NULL) { 2586 esp0dbg(("esp_register_out: couldn't allocate mblk.\n")); 2587 return (B_FALSE); 2588 } 2589 2590 /* 2591 * Allocate the PF_KEY message that follows KEYSOCK_OUT. 2592 */ 2593 2594 mutex_enter(&alg_lock); 2595 2596 /* 2597 * Fill SADB_REGISTER message's algorithm descriptors. Hold 2598 * down the lock while filling it. 2599 * 2600 * Return only valid algorithms, so the number of algorithms 2601 * to send up may be less than the number of algorithm entries 2602 * in the table. 2603 */ 2604 authalgs = ipsec_alglists[IPSEC_ALG_AUTH]; 2605 for (num_aalgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++) 2606 if (authalgs[i] != NULL && ALG_VALID(authalgs[i])) 2607 num_aalgs++; 2608 2609 if (num_aalgs != 0) { 2610 allocsize += (num_aalgs * sizeof (*saalg)); 2611 allocsize += sizeof (*sasupp_auth); 2612 } 2613 encralgs = ipsec_alglists[IPSEC_ALG_ENCR]; 2614 for (num_ealgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++) 2615 if (encralgs[i] != NULL && ALG_VALID(encralgs[i])) 2616 num_ealgs++; 2617 2618 if (num_ealgs != 0) { 2619 allocsize += (num_ealgs * sizeof (*saalg)); 2620 allocsize += sizeof (*sasupp_encr); 2621 } 2622 keysock_out_mp->b_cont = allocb(allocsize, BPRI_HI); 2623 if (keysock_out_mp->b_cont == NULL) { 2624 mutex_exit(&alg_lock); 2625 freemsg(keysock_out_mp); 2626 return (B_FALSE); 2627 } 2628 2629 pfkey_msg_mp = keysock_out_mp->b_cont; 2630 pfkey_msg_mp->b_wptr += allocsize; 2631 if (num_aalgs != 0) { 2632 sasupp_auth = (sadb_supported_t *) 2633 (pfkey_msg_mp->b_rptr + sizeof (*samsg)); 2634 saalg = (sadb_alg_t *)(sasupp_auth + 1); 2635 2636 ASSERT(((ulong_t)saalg & 0x7) == 0); 2637 2638 numalgs_snap = 0; 2639 for (i = 0; 2640 ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_aalgs)); i++) { 2641 if (authalgs[i] == NULL || !ALG_VALID(authalgs[i])) 2642 continue; 2643 2644 saalg->sadb_alg_id = authalgs[i]->alg_id; 2645 saalg->sadb_alg_ivlen = 0; 2646 saalg->sadb_alg_minbits = authalgs[i]->alg_ef_minbits; 2647 saalg->sadb_alg_maxbits = authalgs[i]->alg_ef_maxbits; 2648 saalg->sadb_x_alg_defincr = authalgs[i]->alg_ef_default; 2649 saalg->sadb_x_alg_increment = 2650 authalgs[i]->alg_increment; 2651 numalgs_snap++; 2652 saalg++; 2653 } 2654 ASSERT(numalgs_snap == num_aalgs); 2655 #ifdef DEBUG 2656 /* 2657 * Reality check to make sure I snagged all of the 2658 * algorithms. 2659 */ 2660 for (; i < IPSEC_MAX_ALGS; i++) { 2661 if (authalgs[i] != NULL && ALG_VALID(authalgs[i])) { 2662 cmn_err(CE_PANIC, "esp_register_out()! " 2663 "Missed aalg #%d.\n", i); 2664 } 2665 } 2666 #endif /* DEBUG */ 2667 } else { 2668 saalg = (sadb_alg_t *)(pfkey_msg_mp->b_rptr + sizeof (*samsg)); 2669 } 2670 2671 if (num_ealgs != 0) { 2672 sasupp_encr = (sadb_supported_t *)saalg; 2673 saalg = (sadb_alg_t *)(sasupp_encr + 1); 2674 2675 numalgs_snap = 0; 2676 for (i = 0; 2677 ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_ealgs)); i++) { 2678 if (encralgs[i] == NULL || !ALG_VALID(encralgs[i])) 2679 continue; 2680 saalg->sadb_alg_id = encralgs[i]->alg_id; 2681 saalg->sadb_alg_ivlen = encralgs[i]->alg_datalen; 2682 saalg->sadb_alg_minbits = encralgs[i]->alg_ef_minbits; 2683 saalg->sadb_alg_maxbits = encralgs[i]->alg_ef_maxbits; 2684 saalg->sadb_x_alg_defincr = encralgs[i]->alg_ef_default; 2685 saalg->sadb_x_alg_increment = 2686 encralgs[i]->alg_increment; 2687 numalgs_snap++; 2688 saalg++; 2689 } 2690 ASSERT(numalgs_snap == num_ealgs); 2691 #ifdef DEBUG 2692 /* 2693 * Reality check to make sure I snagged all of the 2694 * algorithms. 2695 */ 2696 for (; i < IPSEC_MAX_ALGS; i++) { 2697 if (encralgs[i] != NULL && ALG_VALID(encralgs[i])) { 2698 cmn_err(CE_PANIC, "esp_register_out()! " 2699 "Missed ealg #%d.\n", i); 2700 } 2701 } 2702 #endif /* DEBUG */ 2703 } 2704 2705 current_aalgs = num_aalgs; 2706 current_ealgs = num_ealgs; 2707 2708 mutex_exit(&alg_lock); 2709 2710 /* Now fill the rest of the SADB_REGISTER message. */ 2711 2712 samsg = (sadb_msg_t *)pfkey_msg_mp->b_rptr; 2713 samsg->sadb_msg_version = PF_KEY_V2; 2714 samsg->sadb_msg_type = SADB_REGISTER; 2715 samsg->sadb_msg_errno = 0; 2716 samsg->sadb_msg_satype = SADB_SATYPE_ESP; 2717 samsg->sadb_msg_len = SADB_8TO64(allocsize); 2718 samsg->sadb_msg_reserved = 0; 2719 /* 2720 * Assume caller has sufficient sequence/pid number info. If it's one 2721 * from me over a new alg., I could give two hoots about sequence. 2722 */ 2723 samsg->sadb_msg_seq = sequence; 2724 samsg->sadb_msg_pid = pid; 2725 2726 if (sasupp_auth != NULL) { 2727 sasupp_auth->sadb_supported_len = 2728 SADB_8TO64(sizeof (*sasupp_auth) + 2729 sizeof (*saalg) * current_aalgs); 2730 sasupp_auth->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 2731 sasupp_auth->sadb_supported_reserved = 0; 2732 } 2733 2734 if (sasupp_encr != NULL) { 2735 sasupp_encr->sadb_supported_len = 2736 SADB_8TO64(sizeof (*sasupp_encr) + 2737 sizeof (*saalg) * current_ealgs); 2738 sasupp_encr->sadb_supported_exttype = 2739 SADB_EXT_SUPPORTED_ENCRYPT; 2740 sasupp_encr->sadb_supported_reserved = 0; 2741 } 2742 2743 if (esp_pfkey_q != NULL) 2744 putnext(esp_pfkey_q, keysock_out_mp); 2745 else { 2746 freemsg(keysock_out_mp); 2747 return (B_FALSE); 2748 } 2749 2750 return (B_TRUE); 2751 } 2752 2753 /* 2754 * Invoked when the algorithm table changes. Causes SADB_REGISTER 2755 * messages continaining the current list of algorithms to be 2756 * sent up to the ESP listeners. 2757 */ 2758 void 2759 ipsecesp_algs_changed(void) 2760 { 2761 /* 2762 * Time to send a PF_KEY SADB_REGISTER message to ESP listeners 2763 * everywhere. (The function itself checks for NULL esp_pfkey_q.) 2764 */ 2765 (void) esp_register_out(0, 0, 0); 2766 } 2767 2768 /* 2769 * taskq_dispatch handler. 2770 */ 2771 static void 2772 inbound_task(void *arg) 2773 { 2774 esph_t *esph; 2775 mblk_t *mp = (mblk_t *)arg; 2776 ipsec_in_t *ii = (ipsec_in_t *)mp->b_rptr; 2777 int ipsec_rc; 2778 2779 esp2dbg(("in ESP inbound_task")); 2780 2781 esph = ipsec_inbound_esp_sa(mp); 2782 if (esph == NULL) 2783 return; 2784 ASSERT(ii->ipsec_in_esp_sa != NULL); 2785 ipsec_rc = ii->ipsec_in_esp_sa->ipsa_input_func(mp, esph); 2786 if (ipsec_rc != IPSEC_STATUS_SUCCESS) 2787 return; 2788 ip_fanout_proto_again(mp, NULL, NULL, NULL); 2789 } 2790 2791 /* 2792 * Now that weak-key passed, actually ADD the security association, and 2793 * send back a reply ADD message. 2794 */ 2795 static int 2796 esp_add_sa_finish(mblk_t *mp, sadb_msg_t *samsg, keysock_in_t *ksi) 2797 { 2798 isaf_t *primary, *secondary, *inbound, *outbound; 2799 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 2800 sadb_address_t *dstext = 2801 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 2802 struct sockaddr_in *dst; 2803 struct sockaddr_in6 *dst6; 2804 boolean_t is_ipv4, clone = B_FALSE, is_inbound = B_FALSE; 2805 uint32_t *dstaddr; 2806 ipsa_t *larval = NULL; 2807 ipsacq_t *acqrec; 2808 iacqf_t *acq_bucket; 2809 mblk_t *acq_msgs = NULL; 2810 int rc; 2811 sadb_t *sp; 2812 int outhash; 2813 mblk_t *lpkt; 2814 2815 /* 2816 * Locate the appropriate table(s). 2817 */ 2818 2819 dst = (struct sockaddr_in *)(dstext + 1); 2820 dst6 = (struct sockaddr_in6 *)dst; 2821 is_ipv4 = (dst->sin_family == AF_INET); 2822 if (is_ipv4) { 2823 sp = &esp_sadb.s_v4; 2824 dstaddr = (uint32_t *)(&dst->sin_addr); 2825 outhash = OUTBOUND_HASH_V4(sp, *(ipaddr_t *)dstaddr); 2826 } else { 2827 sp = &esp_sadb.s_v6; 2828 dstaddr = (uint32_t *)(&dst6->sin6_addr); 2829 outhash = OUTBOUND_HASH_V6(sp, *(in6_addr_t *)dstaddr); 2830 } 2831 2832 inbound = INBOUND_BUCKET(sp, assoc->sadb_sa_spi); 2833 outbound = &sp->sdb_of[outhash]; 2834 2835 switch (ksi->ks_in_dsttype) { 2836 case KS_IN_ADDR_MBCAST: 2837 clone = B_TRUE; /* All mcast SAs can be bidirectional */ 2838 /* FALLTHRU */ 2839 case KS_IN_ADDR_ME: 2840 primary = inbound; 2841 secondary = outbound; 2842 /* 2843 * If the source address is either one of mine, or unspecified 2844 * (which is best summed up by saying "not 'not mine'"), 2845 * then the association is potentially bi-directional, 2846 * in that it can be used for inbound traffic and outbound 2847 * traffic. The best example of such an SA is a multicast 2848 * SA (which allows me to receive the outbound traffic). 2849 */ 2850 if (ksi->ks_in_srctype != KS_IN_ADDR_NOTME) 2851 clone = B_TRUE; 2852 is_inbound = B_TRUE; 2853 break; 2854 case KS_IN_ADDR_NOTME: 2855 primary = outbound; 2856 secondary = inbound; 2857 /* 2858 * If the source address literally not mine (either 2859 * unspecified or not mine), then this SA may have an 2860 * address that WILL be mine after some configuration. 2861 * We pay the price for this by making it a bi-directional 2862 * SA. 2863 */ 2864 if (ksi->ks_in_srctype != KS_IN_ADDR_ME) 2865 clone = B_TRUE; 2866 break; 2867 default: 2868 samsg->sadb_x_msg_diagnostic = SADB_X_DIAGNOSTIC_BAD_DST; 2869 return (EINVAL); 2870 } 2871 2872 /* 2873 * Find a ACQUIRE list entry if possible. If we've added an SA that 2874 * suits the needs of an ACQUIRE list entry, we can eliminate the 2875 * ACQUIRE list entry and transmit the enqueued packets. Use the 2876 * high-bit of the sequence number to queue it. Key off destination 2877 * addr, and change acqrec's state. 2878 */ 2879 2880 if (samsg->sadb_msg_seq & IACQF_LOWEST_SEQ) { 2881 acq_bucket = &sp->sdb_acq[outhash]; 2882 mutex_enter(&acq_bucket->iacqf_lock); 2883 for (acqrec = acq_bucket->iacqf_ipsacq; acqrec != NULL; 2884 acqrec = acqrec->ipsacq_next) { 2885 mutex_enter(&acqrec->ipsacq_lock); 2886 /* 2887 * Q: I only check sequence. Should I check dst? 2888 * A: Yes, check dest because those are the packets 2889 * that are queued up. 2890 */ 2891 if (acqrec->ipsacq_seq == samsg->sadb_msg_seq && 2892 IPSA_ARE_ADDR_EQUAL(dstaddr, 2893 acqrec->ipsacq_dstaddr, acqrec->ipsacq_addrfam)) 2894 break; 2895 mutex_exit(&acqrec->ipsacq_lock); 2896 } 2897 if (acqrec != NULL) { 2898 /* 2899 * AHA! I found an ACQUIRE record for this SA. 2900 * Grab the msg list, and free the acquire record. 2901 * I already am holding the lock for this record, 2902 * so all I have to do is free it. 2903 */ 2904 acq_msgs = acqrec->ipsacq_mp; 2905 acqrec->ipsacq_mp = NULL; 2906 mutex_exit(&acqrec->ipsacq_lock); 2907 sadb_destroy_acquire(acqrec); 2908 } 2909 mutex_exit(&acq_bucket->iacqf_lock); 2910 } 2911 2912 /* 2913 * Find PF_KEY message, and see if I'm an update. If so, find entry 2914 * in larval list (if there). 2915 */ 2916 2917 if (samsg->sadb_msg_type == SADB_UPDATE) { 2918 mutex_enter(&inbound->isaf_lock); 2919 larval = ipsec_getassocbyspi(inbound, assoc->sadb_sa_spi, 2920 ALL_ZEROES_PTR, dstaddr, dst->sin_family); 2921 mutex_exit(&inbound->isaf_lock); 2922 2923 if (larval == NULL) { 2924 esp0dbg(("Larval update, but larval disappeared.\n")); 2925 return (ESRCH); 2926 } /* Else sadb_common_add unlinks it for me! */ 2927 } 2928 2929 lpkt = NULL; 2930 if (larval != NULL) 2931 lpkt = sadb_clear_lpkt(larval); 2932 2933 rc = sadb_common_add(esp_sadb.s_ip_q, esp_pfkey_q, mp, samsg, ksi, 2934 primary, secondary, larval, clone, is_inbound); 2935 2936 if (rc == 0 && lpkt != NULL) { 2937 rc = !taskq_dispatch(esp_taskq, inbound_task, 2938 (void *) lpkt, TQ_NOSLEEP); 2939 } 2940 2941 if (rc != 0) { 2942 ip_drop_packet(lpkt, B_TRUE, NULL, NULL, 2943 &ipdrops_sadb_inlarval_timeout, &esp_dropper); 2944 } 2945 2946 /* 2947 * How much more stack will I create with all of these 2948 * esp_outbound() calls? 2949 */ 2950 2951 while (acq_msgs != NULL) { 2952 mblk_t *mp = acq_msgs; 2953 2954 acq_msgs = acq_msgs->b_next; 2955 mp->b_next = NULL; 2956 if (rc == 0) { 2957 if (ipsec_outbound_sa(mp, IPPROTO_ESP)) { 2958 ((ipsec_out_t *)(mp->b_rptr))-> 2959 ipsec_out_esp_done = B_TRUE; 2960 if (esp_outbound(mp) == IPSEC_STATUS_SUCCESS) { 2961 ipha_t *ipha = (ipha_t *) 2962 mp->b_cont->b_rptr; 2963 2964 /* do AH processing if needed */ 2965 if (!esp_do_outbound_ah(mp)) 2966 continue; 2967 2968 /* finish IPsec processing */ 2969 if (is_ipv4) { 2970 ip_wput_ipsec_out(NULL, mp, 2971 ipha, NULL, NULL); 2972 } else { 2973 ip6_t *ip6h = (ip6_t *)ipha; 2974 ip_wput_ipsec_out_v6(NULL, 2975 mp, ip6h, NULL, NULL); 2976 } 2977 } 2978 continue; 2979 } 2980 } 2981 ESP_BUMP_STAT(out_discards); 2982 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2983 &ipdrops_sadb_acquire_timeout, &esp_dropper); 2984 } 2985 2986 return (rc); 2987 } 2988 2989 /* 2990 * Add new ESP security association. This may become a generic AH/ESP 2991 * routine eventually. 2992 */ 2993 static int 2994 esp_add_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic) 2995 { 2996 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 2997 sadb_address_t *srcext = 2998 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC]; 2999 sadb_address_t *dstext = 3000 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3001 sadb_address_t *nttext_loc = 3002 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_NATT_LOC]; 3003 sadb_address_t *nttext_rem = 3004 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_NATT_REM]; 3005 sadb_key_t *akey = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_AUTH]; 3006 sadb_key_t *ekey = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_ENCRYPT]; 3007 struct sockaddr_in *src, *dst; 3008 struct sockaddr_in *natt_loc, *natt_rem; 3009 struct sockaddr_in6 *natt_loc6, *natt_rem6; 3010 3011 sadb_lifetime_t *soft = 3012 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_SOFT]; 3013 sadb_lifetime_t *hard = 3014 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_HARD]; 3015 3016 /* I need certain extensions present for an ADD message. */ 3017 if (srcext == NULL) { 3018 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SRC; 3019 return (EINVAL); 3020 } 3021 if (dstext == NULL) { 3022 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST; 3023 return (EINVAL); 3024 } 3025 if (assoc == NULL) { 3026 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA; 3027 return (EINVAL); 3028 } 3029 if (ekey == NULL && assoc->sadb_sa_encrypt != SADB_EALG_NULL) { 3030 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_EKEY; 3031 return (EINVAL); 3032 } 3033 3034 src = (struct sockaddr_in *)(srcext + 1); 3035 dst = (struct sockaddr_in *)(dstext + 1); 3036 natt_loc = (struct sockaddr_in *)(nttext_loc + 1); 3037 natt_loc6 = (struct sockaddr_in6 *)(nttext_loc + 1); 3038 natt_rem = (struct sockaddr_in *)(nttext_rem + 1); 3039 natt_rem6 = (struct sockaddr_in6 *)(nttext_rem + 1); 3040 3041 /* Sundry ADD-specific reality checks. */ 3042 /* XXX STATS : Logging/stats here? */ 3043 if (assoc->sadb_sa_state != SADB_SASTATE_MATURE) { 3044 *diagnostic = SADB_X_DIAGNOSTIC_BAD_SASTATE; 3045 return (EINVAL); 3046 } 3047 if (assoc->sadb_sa_encrypt == SADB_EALG_NONE) { 3048 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG; 3049 return (EINVAL); 3050 } 3051 3052 if (assoc->sadb_sa_encrypt == SADB_EALG_NULL && 3053 assoc->sadb_sa_auth == SADB_AALG_NONE) { 3054 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG; 3055 return (EINVAL); 3056 } 3057 3058 if (assoc->sadb_sa_flags & ~(SADB_SAFLAGS_NOREPLAY | 3059 SADB_X_SAFLAGS_NATT_LOC | SADB_X_SAFLAGS_NATT_REM)) { 3060 *diagnostic = SADB_X_DIAGNOSTIC_BAD_SAFLAGS; 3061 return (EINVAL); 3062 } 3063 3064 if ((*diagnostic = sadb_hardsoftchk(hard, soft)) != 0) { 3065 return (EINVAL); 3066 } 3067 if (src->sin_family != dst->sin_family) { 3068 *diagnostic = SADB_X_DIAGNOSTIC_AF_MISMATCH; 3069 return (EINVAL); 3070 } 3071 3072 3073 if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_LOC) { 3074 if (nttext_loc == NULL) { 3075 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_NATT_LOC; 3076 return (EINVAL); 3077 } 3078 3079 if (natt_loc->sin_family == AF_INET6 && 3080 !IN6_IS_ADDR_V4MAPPED(&natt_loc6->sin6_addr)) { 3081 *diagnostic = SADB_X_DIAGNOSTIC_MALFORMED_NATT_LOC; 3082 return (EINVAL); 3083 } 3084 } 3085 3086 if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_REM) { 3087 if (nttext_rem == NULL) { 3088 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_NATT_REM; 3089 return (EINVAL); 3090 } 3091 if (natt_rem->sin_family == AF_INET6 && 3092 !IN6_IS_ADDR_V4MAPPED(&natt_rem6->sin6_addr)) { 3093 *diagnostic = SADB_X_DIAGNOSTIC_MALFORMED_NATT_REM; 3094 return (EINVAL); 3095 } 3096 } 3097 3098 3099 /* Stuff I don't support, for now. XXX Diagnostic? */ 3100 if (ksi->ks_in_extv[SADB_EXT_LIFETIME_CURRENT] != NULL || 3101 ksi->ks_in_extv[SADB_EXT_SENSITIVITY] != NULL) 3102 return (EOPNOTSUPP); 3103 3104 /* 3105 * XXX Policy : I'm not checking identities or sensitivity 3106 * labels at this time, but if I did, I'd do them here, before I sent 3107 * the weak key check up to the algorithm. 3108 */ 3109 3110 mutex_enter(&alg_lock); 3111 3112 /* 3113 * First locate the authentication algorithm. 3114 */ 3115 if (akey != NULL) { 3116 ipsec_alginfo_t *aalg; 3117 3118 aalg = ipsec_alglists[IPSEC_ALG_AUTH][assoc->sadb_sa_auth]; 3119 if (aalg == NULL || !ALG_VALID(aalg)) { 3120 mutex_exit(&alg_lock); 3121 esp1dbg(("Couldn't find auth alg #%d.\n", 3122 assoc->sadb_sa_auth)); 3123 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG; 3124 return (EINVAL); 3125 } 3126 ASSERT(aalg->alg_mech_type != CRYPTO_MECHANISM_INVALID); 3127 3128 /* sanity check key sizes */ 3129 if (!ipsec_valid_key_size(akey->sadb_key_bits, aalg)) { 3130 mutex_exit(&alg_lock); 3131 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AKEYBITS; 3132 return (EINVAL); 3133 } 3134 3135 /* check key and fix parity if needed */ 3136 if (ipsec_check_key(aalg->alg_mech_type, akey, B_TRUE, 3137 diagnostic) != 0) { 3138 mutex_exit(&alg_lock); 3139 return (EINVAL); 3140 } 3141 } 3142 3143 /* 3144 * Then locate the encryption algorithm. 3145 */ 3146 if (ekey != NULL) { 3147 ipsec_alginfo_t *ealg; 3148 3149 ealg = ipsec_alglists[IPSEC_ALG_ENCR][assoc->sadb_sa_encrypt]; 3150 if (ealg == NULL || !ALG_VALID(ealg)) { 3151 mutex_exit(&alg_lock); 3152 esp1dbg(("Couldn't find encr alg #%d.\n", 3153 assoc->sadb_sa_encrypt)); 3154 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG; 3155 return (EINVAL); 3156 } 3157 ASSERT(ealg->alg_mech_type != CRYPTO_MECHANISM_INVALID); 3158 3159 /* sanity check key sizes */ 3160 if (!ipsec_valid_key_size(ekey->sadb_key_bits, ealg)) { 3161 mutex_exit(&alg_lock); 3162 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EKEYBITS; 3163 return (EINVAL); 3164 } 3165 3166 /* check key */ 3167 if (ipsec_check_key(ealg->alg_mech_type, ekey, B_FALSE, 3168 diagnostic) != 0) { 3169 mutex_exit(&alg_lock); 3170 return (EINVAL); 3171 } 3172 } 3173 mutex_exit(&alg_lock); 3174 3175 return (esp_add_sa_finish(mp, (sadb_msg_t *)mp->b_cont->b_rptr, ksi)); 3176 } 3177 3178 /* 3179 * Update a security association. Updates come in two varieties. The first 3180 * is an update of lifetimes on a non-larval SA. The second is an update of 3181 * a larval SA, which ends up looking a lot more like an add. 3182 */ 3183 static int 3184 esp_update_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic) 3185 { 3186 sadb_address_t *dstext = 3187 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3188 struct sockaddr_in *sin; 3189 3190 if (dstext == NULL) { 3191 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST; 3192 return (EINVAL); 3193 } 3194 3195 sin = (struct sockaddr_in *)(dstext + 1); 3196 return (sadb_update_sa(mp, ksi, 3197 (sin->sin_family == AF_INET6) ? &esp_sadb.s_v6 : &esp_sadb.s_v4, 3198 diagnostic, esp_pfkey_q, esp_add_sa)); 3199 } 3200 3201 /* 3202 * Delete a security association. This is REALLY likely to be code common to 3203 * both AH and ESP. Find the association, then unlink it. 3204 */ 3205 static int 3206 esp_del_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic) 3207 { 3208 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 3209 sadb_address_t *dstext = 3210 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3211 sadb_address_t *srcext = 3212 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC]; 3213 struct sockaddr_in *sin; 3214 3215 if (assoc == NULL) { 3216 if (dstext != NULL) { 3217 sin = (struct sockaddr_in *)(dstext + 1); 3218 } else if (srcext != NULL) { 3219 sin = (struct sockaddr_in *)(srcext + 1); 3220 } else { 3221 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA; 3222 return (EINVAL); 3223 } 3224 return sadb_purge_sa(mp, ksi, 3225 (sin->sin_family == AF_INET6) ? &esp_sadb.s_v6 : 3226 &esp_sadb.s_v4, 3227 diagnostic, esp_pfkey_q, esp_sadb.s_ip_q); 3228 } 3229 3230 return (sadb_del_sa(mp, ksi, &esp_sadb, diagnostic, esp_pfkey_q)); 3231 } 3232 3233 /* 3234 * Convert the entire contents of all of ESP's SA tables into PF_KEY SADB_DUMP 3235 * messages. 3236 */ 3237 static void 3238 esp_dump(mblk_t *mp, keysock_in_t *ksi) 3239 { 3240 int error; 3241 sadb_msg_t *samsg; 3242 3243 /* 3244 * Dump each fanout, bailing if error is non-zero. 3245 */ 3246 3247 error = sadb_dump(esp_pfkey_q, mp, ksi->ks_in_serial, &esp_sadb.s_v4); 3248 if (error != 0) 3249 goto bail; 3250 3251 error = sadb_dump(esp_pfkey_q, mp, ksi->ks_in_serial, &esp_sadb.s_v6); 3252 bail: 3253 ASSERT(mp->b_cont != NULL); 3254 samsg = (sadb_msg_t *)mp->b_cont->b_rptr; 3255 samsg->sadb_msg_errno = (uint8_t)error; 3256 sadb_pfkey_echo(esp_pfkey_q, mp, (sadb_msg_t *)mp->b_cont->b_rptr, ksi, 3257 NULL); 3258 } 3259 3260 /* 3261 * ESP parsing of PF_KEY messages. Keysock did most of the really silly 3262 * error cases. What I receive is a fully-formed, syntactically legal 3263 * PF_KEY message. I then need to check semantics... 3264 * 3265 * This code may become common to AH and ESP. Stay tuned. 3266 * 3267 * I also make the assumption that db_ref's are cool. If this assumption 3268 * is wrong, this means that someone other than keysock or me has been 3269 * mucking with PF_KEY messages. 3270 */ 3271 static void 3272 esp_parse_pfkey(mblk_t *mp) 3273 { 3274 mblk_t *msg = mp->b_cont; 3275 sadb_msg_t *samsg; 3276 keysock_in_t *ksi; 3277 int error; 3278 int diagnostic = SADB_X_DIAGNOSTIC_NONE; 3279 3280 ASSERT(msg != NULL); 3281 samsg = (sadb_msg_t *)msg->b_rptr; 3282 ksi = (keysock_in_t *)mp->b_rptr; 3283 3284 /* 3285 * If applicable, convert unspecified AF_INET6 to unspecified 3286 * AF_INET. 3287 */ 3288 sadb_srcaddrfix(ksi); 3289 3290 switch (samsg->sadb_msg_type) { 3291 case SADB_ADD: 3292 error = esp_add_sa(mp, ksi, &diagnostic); 3293 if (error != 0) { 3294 sadb_pfkey_error(esp_pfkey_q, mp, error, diagnostic, 3295 ksi->ks_in_serial); 3296 } 3297 /* else esp_add_sa() took care of things. */ 3298 break; 3299 case SADB_DELETE: 3300 error = esp_del_sa(mp, ksi, &diagnostic); 3301 if (error != 0) { 3302 sadb_pfkey_error(esp_pfkey_q, mp, error, diagnostic, 3303 ksi->ks_in_serial); 3304 } 3305 /* Else esp_del_sa() took care of things. */ 3306 break; 3307 case SADB_GET: 3308 error = sadb_get_sa(mp, ksi, &esp_sadb, &diagnostic, 3309 esp_pfkey_q); 3310 if (error != 0) { 3311 sadb_pfkey_error(esp_pfkey_q, mp, error, diagnostic, 3312 ksi->ks_in_serial); 3313 } 3314 /* Else sadb_get_sa() took care of things. */ 3315 break; 3316 case SADB_FLUSH: 3317 sadbp_flush(&esp_sadb); 3318 sadb_pfkey_echo(esp_pfkey_q, mp, samsg, ksi, NULL); 3319 break; 3320 case SADB_REGISTER: 3321 /* 3322 * Hmmm, let's do it! Check for extensions (there should 3323 * be none), extract the fields, call esp_register_out(), 3324 * then either free or report an error. 3325 * 3326 * Keysock takes care of the PF_KEY bookkeeping for this. 3327 */ 3328 if (esp_register_out(samsg->sadb_msg_seq, samsg->sadb_msg_pid, 3329 ksi->ks_in_serial)) { 3330 freemsg(mp); 3331 } else { 3332 /* 3333 * Only way this path hits is if there is a memory 3334 * failure. It will not return B_FALSE because of 3335 * lack of esp_pfkey_q if I am in wput(). 3336 */ 3337 sadb_pfkey_error(esp_pfkey_q, mp, ENOMEM, diagnostic, 3338 ksi->ks_in_serial); 3339 } 3340 break; 3341 case SADB_UPDATE: 3342 /* 3343 * Find a larval, if not there, find a full one and get 3344 * strict. 3345 */ 3346 error = esp_update_sa(mp, ksi, &diagnostic); 3347 if (error != 0) { 3348 sadb_pfkey_error(esp_pfkey_q, mp, error, diagnostic, 3349 ksi->ks_in_serial); 3350 } 3351 /* else esp_update_sa() took care of things. */ 3352 break; 3353 case SADB_GETSPI: 3354 /* 3355 * Reserve a new larval entry. 3356 */ 3357 esp_getspi(mp, ksi); 3358 break; 3359 case SADB_ACQUIRE: 3360 /* 3361 * Find larval and/or ACQUIRE record and kill it (them), I'm 3362 * most likely an error. Inbound ACQUIRE messages should only 3363 * have the base header. 3364 */ 3365 sadb_in_acquire(samsg, &esp_sadb, esp_pfkey_q); 3366 freemsg(mp); 3367 break; 3368 case SADB_DUMP: 3369 /* 3370 * Dump all entries. 3371 */ 3372 esp_dump(mp, ksi); 3373 /* esp_dump will take care of the return message, etc. */ 3374 break; 3375 case SADB_EXPIRE: 3376 /* Should never reach me. */ 3377 sadb_pfkey_error(esp_pfkey_q, mp, EOPNOTSUPP, diagnostic, 3378 ksi->ks_in_serial); 3379 break; 3380 default: 3381 sadb_pfkey_error(esp_pfkey_q, mp, EINVAL, 3382 SADB_X_DIAGNOSTIC_UNKNOWN_MSG, ksi->ks_in_serial); 3383 break; 3384 } 3385 } 3386 3387 /* 3388 * Handle case where PF_KEY says it can't find a keysock for one of my 3389 * ACQUIRE messages. 3390 */ 3391 static void 3392 esp_keysock_no_socket(mblk_t *mp) 3393 { 3394 sadb_msg_t *samsg; 3395 keysock_out_err_t *kse = (keysock_out_err_t *)mp->b_rptr; 3396 3397 if (mp->b_cont == NULL) { 3398 freemsg(mp); 3399 return; 3400 } 3401 samsg = (sadb_msg_t *)mp->b_cont->b_rptr; 3402 3403 /* 3404 * If keysock can't find any registered, delete the acquire record 3405 * immediately, and handle errors. 3406 */ 3407 if (samsg->sadb_msg_type == SADB_ACQUIRE) { 3408 samsg->sadb_msg_errno = kse->ks_err_errno; 3409 samsg->sadb_msg_len = SADB_8TO64(sizeof (*samsg)); 3410 /* 3411 * Use the write-side of the esp_pfkey_q, in case there is 3412 * no esp_sadb.s_ip_q. 3413 */ 3414 sadb_in_acquire(samsg, &esp_sadb, WR(esp_pfkey_q)); 3415 } 3416 3417 freemsg(mp); 3418 } 3419 3420 /* 3421 * First-cut reality check for an inbound PF_KEY message. 3422 */ 3423 static boolean_t 3424 esp_pfkey_reality_failures(mblk_t *mp, keysock_in_t *ksi) 3425 { 3426 int diagnostic; 3427 3428 if (ksi->ks_in_extv[SADB_EXT_PROPOSAL] != NULL) { 3429 diagnostic = SADB_X_DIAGNOSTIC_PROP_PRESENT; 3430 goto badmsg; 3431 } 3432 if (ksi->ks_in_extv[SADB_EXT_SUPPORTED_AUTH] != NULL || 3433 ksi->ks_in_extv[SADB_EXT_SUPPORTED_ENCRYPT] != NULL) { 3434 diagnostic = SADB_X_DIAGNOSTIC_SUPP_PRESENT; 3435 goto badmsg; 3436 } 3437 if (ksi->ks_in_srctype == KS_IN_ADDR_MBCAST) { 3438 diagnostic = SADB_X_DIAGNOSTIC_BAD_SRC; 3439 goto badmsg; 3440 } 3441 if (ksi->ks_in_dsttype == KS_IN_ADDR_UNSPEC) { 3442 diagnostic = SADB_X_DIAGNOSTIC_BAD_DST; 3443 goto badmsg; 3444 } 3445 3446 return (B_FALSE); /* False ==> no failures */ 3447 3448 badmsg: 3449 sadb_pfkey_error(esp_pfkey_q, mp, EINVAL, diagnostic, 3450 ksi->ks_in_serial); 3451 return (B_TRUE); /* True ==> failures */ 3452 } 3453 3454 /* 3455 * ESP module write put routine. 3456 */ 3457 static void 3458 ipsecesp_wput(queue_t *q, mblk_t *mp) 3459 { 3460 ipsec_info_t *ii; 3461 keysock_in_t *ksi; 3462 int rc; 3463 struct iocblk *iocp; 3464 3465 esp3dbg(("In esp_wput().\n")); 3466 3467 /* NOTE: Each case must take care of freeing or passing mp. */ 3468 switch (mp->b_datap->db_type) { 3469 case M_CTL: 3470 if ((mp->b_wptr - mp->b_rptr) < sizeof (ipsec_info_t)) { 3471 /* Not big enough message. */ 3472 freemsg(mp); 3473 break; 3474 } 3475 ii = (ipsec_info_t *)mp->b_rptr; 3476 3477 switch (ii->ipsec_info_type) { 3478 case KEYSOCK_OUT_ERR: 3479 esp1dbg(("Got KEYSOCK_OUT_ERR message.\n")); 3480 esp_keysock_no_socket(mp); 3481 break; 3482 case KEYSOCK_IN: 3483 ESP_BUMP_STAT(keysock_in); 3484 esp3dbg(("Got KEYSOCK_IN message.\n")); 3485 ksi = (keysock_in_t *)ii; 3486 /* 3487 * Some common reality checks. 3488 */ 3489 3490 if (esp_pfkey_reality_failures(mp, ksi)) 3491 return; 3492 3493 /* 3494 * Use 'q' instead of esp_sadb.s_ip_q, since 3495 * it's the write side already, and it'll go 3496 * down to IP. Use esp_pfkey_q because we 3497 * wouldn't get here if that weren't set, and 3498 * the RD(q) has been done already. 3499 */ 3500 if (ksi->ks_in_srctype == KS_IN_ADDR_UNKNOWN) { 3501 rc = sadb_addrcheck(q, esp_pfkey_q, mp, 3502 ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC], 3503 ksi->ks_in_serial); 3504 if (rc == KS_IN_ADDR_UNKNOWN) 3505 return; 3506 else 3507 ksi->ks_in_srctype = rc; 3508 } 3509 if (ksi->ks_in_dsttype == KS_IN_ADDR_UNKNOWN) { 3510 rc = sadb_addrcheck(q, esp_pfkey_q, mp, 3511 ksi->ks_in_extv[SADB_EXT_ADDRESS_DST], 3512 ksi->ks_in_serial); 3513 if (rc == KS_IN_ADDR_UNKNOWN) 3514 return; 3515 else 3516 ksi->ks_in_dsttype = rc; 3517 } 3518 /* 3519 * XXX Proxy may be a different address family. 3520 */ 3521 if (ksi->ks_in_proxytype == KS_IN_ADDR_UNKNOWN) { 3522 rc = sadb_addrcheck(q, esp_pfkey_q, mp, 3523 ksi->ks_in_extv[SADB_EXT_ADDRESS_PROXY], 3524 ksi->ks_in_serial); 3525 if (rc == KS_IN_ADDR_UNKNOWN) 3526 return; 3527 else 3528 ksi->ks_in_proxytype = rc; 3529 } 3530 esp_parse_pfkey(mp); 3531 break; 3532 case KEYSOCK_HELLO: 3533 sadb_keysock_hello(&esp_pfkey_q, q, mp, 3534 esp_ager, &esp_event, SADB_SATYPE_ESP); 3535 break; 3536 default: 3537 esp2dbg(("Got M_CTL from above of 0x%x.\n", 3538 ii->ipsec_info_type)); 3539 freemsg(mp); 3540 break; 3541 } 3542 break; 3543 case M_IOCTL: 3544 iocp = (struct iocblk *)mp->b_rptr; 3545 switch (iocp->ioc_cmd) { 3546 case ND_SET: 3547 case ND_GET: 3548 if (nd_getset(q, ipsecesp_g_nd, mp)) { 3549 qreply(q, mp); 3550 return; 3551 } else { 3552 iocp->ioc_error = ENOENT; 3553 } 3554 /* FALLTHRU */ 3555 default: 3556 /* We really don't support any other ioctls, do we? */ 3557 3558 /* Return EINVAL */ 3559 if (iocp->ioc_error != ENOENT) 3560 iocp->ioc_error = EINVAL; 3561 iocp->ioc_count = 0; 3562 mp->b_datap->db_type = M_IOCACK; 3563 qreply(q, mp); 3564 return; 3565 } 3566 default: 3567 esp3dbg(("Got default message, type %d, passing to IP.\n", 3568 mp->b_datap->db_type)); 3569 putnext(q, mp); 3570 } 3571 } 3572 3573 /* 3574 * Process an outbound ESP packet that can be accelerated by a IPsec 3575 * hardware acceleration capable Provider. 3576 * The caller already inserted and initialized the ESP header. 3577 * This function allocates a tagging M_CTL, and adds room at the end 3578 * of the packet to hold the ICV if authentication is needed. 3579 * 3580 * On success returns B_TRUE, on failure returns B_FALSE and frees the 3581 * mblk chain ipsec_out. 3582 */ 3583 static ipsec_status_t 3584 esp_outbound_accelerated(mblk_t *ipsec_out, uint_t icv_len) 3585 { 3586 ipsec_out_t *io; 3587 mblk_t *lastmp; 3588 3589 ESP_BUMP_STAT(out_accelerated); 3590 3591 io = (ipsec_out_t *)ipsec_out->b_rptr; 3592 3593 /* mark packet as being accelerated in IPSEC_OUT */ 3594 ASSERT(io->ipsec_out_accelerated == B_FALSE); 3595 io->ipsec_out_accelerated = B_TRUE; 3596 3597 /* 3598 * add room at the end of the packet for the ICV if needed 3599 */ 3600 if (icv_len > 0) { 3601 /* go to last mblk */ 3602 lastmp = ipsec_out; /* For following while loop. */ 3603 do { 3604 lastmp = lastmp->b_cont; 3605 } while (lastmp->b_cont != NULL); 3606 3607 /* if not enough available room, allocate new mblk */ 3608 if ((lastmp->b_wptr + icv_len) > lastmp->b_datap->db_lim) { 3609 lastmp->b_cont = allocb(icv_len, BPRI_HI); 3610 if (lastmp->b_cont == NULL) { 3611 ESP_BUMP_STAT(out_discards); 3612 ip_drop_packet(ipsec_out, B_FALSE, NULL, NULL, 3613 &ipdrops_esp_nomem, &esp_dropper); 3614 return (IPSEC_STATUS_FAILED); 3615 } 3616 lastmp = lastmp->b_cont; 3617 } 3618 lastmp->b_wptr += icv_len; 3619 } 3620 3621 return (IPSEC_STATUS_SUCCESS); 3622 } 3623 3624 /* 3625 * Process an inbound accelerated ESP packet. 3626 * On success returns B_TRUE, on failure returns B_FALSE and frees the 3627 * mblk chain ipsec_in. 3628 */ 3629 static ipsec_status_t 3630 esp_inbound_accelerated(mblk_t *ipsec_in, mblk_t *data_mp, boolean_t isv4, 3631 ipsa_t *assoc) 3632 { 3633 ipsec_in_t *ii; 3634 mblk_t *hada_mp; 3635 uint32_t icv_len = 0; 3636 da_ipsec_t *hada; 3637 ipha_t *ipha; 3638 ip6_t *ip6h; 3639 kstat_named_t *counter; 3640 3641 ESP_BUMP_STAT(in_accelerated); 3642 3643 ii = (ipsec_in_t *)ipsec_in->b_rptr; 3644 hada_mp = ii->ipsec_in_da; 3645 ASSERT(hada_mp != NULL); 3646 hada = (da_ipsec_t *)hada_mp->b_rptr; 3647 3648 /* 3649 * We only support one level of decapsulation in hardware, so 3650 * nuke the pointer. 3651 */ 3652 ii->ipsec_in_da = NULL; 3653 ii->ipsec_in_accelerated = B_FALSE; 3654 3655 if (assoc->ipsa_auth_alg != IPSA_AALG_NONE) { 3656 /* 3657 * ESP with authentication. We expect the Provider to have 3658 * computed the ICV and placed it in the hardware acceleration 3659 * data attributes. 3660 * 3661 * Extract ICV length from attributes M_CTL and sanity check 3662 * its value. We allow the mblk to be smaller than da_ipsec_t 3663 * for a small ICV, as long as the entire ICV fits within the 3664 * mblk. 3665 * 3666 * Also ensures that the ICV length computed by Provider 3667 * corresponds to the ICV length of the agorithm specified by 3668 * the SA. 3669 */ 3670 icv_len = hada->da_icv_len; 3671 if ((icv_len != assoc->ipsa_mac_len) || 3672 (icv_len > DA_ICV_MAX_LEN) || (MBLKL(hada_mp) < 3673 (sizeof (da_ipsec_t) - DA_ICV_MAX_LEN + icv_len))) { 3674 esp0dbg(("esp_inbound_accelerated: " 3675 "ICV len (%u) incorrect or mblk too small (%u)\n", 3676 icv_len, (uint32_t)(MBLKL(hada_mp)))); 3677 counter = &ipdrops_esp_bad_auth; 3678 goto esp_in_discard; 3679 } 3680 } 3681 3682 /* get pointers to IP header */ 3683 if (isv4) { 3684 ipha = (ipha_t *)data_mp->b_rptr; 3685 } else { 3686 ip6h = (ip6_t *)data_mp->b_rptr; 3687 } 3688 3689 /* 3690 * Compare ICV in ESP packet vs ICV computed by adapter. 3691 * We also remove the ICV from the end of the packet since 3692 * it will no longer be needed. 3693 * 3694 * Assume that esp_inbound() already ensured that the pkt 3695 * was in one mblk. 3696 */ 3697 ASSERT(data_mp->b_cont == NULL); 3698 data_mp->b_wptr -= icv_len; 3699 /* adjust IP header */ 3700 if (isv4) 3701 ipha->ipha_length = htons(ntohs(ipha->ipha_length) - icv_len); 3702 else 3703 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - icv_len); 3704 if (icv_len && bcmp(hada->da_icv, data_mp->b_wptr, icv_len)) { 3705 int af; 3706 void *addr; 3707 3708 if (isv4) { 3709 addr = &ipha->ipha_dst; 3710 af = AF_INET; 3711 } else { 3712 addr = &ip6h->ip6_dst; 3713 af = AF_INET6; 3714 } 3715 3716 /* 3717 * Log the event. Don't print to the console, block 3718 * potential denial-of-service attack. 3719 */ 3720 ESP_BUMP_STAT(bad_auth); 3721 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 3722 "ESP Authentication failed spi %x, dst_addr %s", 3723 assoc->ipsa_spi, addr, af); 3724 counter = &ipdrops_esp_bad_auth; 3725 goto esp_in_discard; 3726 } 3727 3728 esp3dbg(("esp_inbound_accelerated: ESP authentication succeeded, " 3729 "checking replay\n")); 3730 3731 ipsec_in->b_cont = data_mp; 3732 3733 /* 3734 * Remove ESP header and padding from packet. 3735 */ 3736 if (!esp_strip_header(data_mp, ii->ipsec_in_v4, assoc->ipsa_iv_len, 3737 &counter)) { 3738 esp1dbg(("esp_inbound_accelerated: " 3739 "esp_strip_header() failed\n")); 3740 goto esp_in_discard; 3741 } 3742 3743 freeb(hada_mp); 3744 3745 /* 3746 * Account for usage.. 3747 */ 3748 if (!esp_age_bytes(assoc, msgdsize(data_mp), B_TRUE)) { 3749 /* The ipsa has hit hard expiration, LOG and AUDIT. */ 3750 ESP_BUMP_STAT(bytes_expired); 3751 IP_ESP_BUMP_STAT(in_discards); 3752 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 3753 "ESP association 0x%x, dst %s had bytes expire.\n", 3754 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam); 3755 ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL, 3756 &ipdrops_esp_bytes_expire, &esp_dropper); 3757 return (IPSEC_STATUS_FAILED); 3758 } 3759 3760 /* done processing the packet */ 3761 return (IPSEC_STATUS_SUCCESS); 3762 3763 esp_in_discard: 3764 IP_ESP_BUMP_STAT(in_discards); 3765 freeb(hada_mp); 3766 3767 ipsec_in->b_cont = data_mp; /* For ip_drop_packet()'s sake... */ 3768 ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL, counter, &esp_dropper); 3769 3770 return (IPSEC_STATUS_FAILED); 3771 } 3772 3773 /* 3774 * Wrapper to allow IP to trigger an ESP association failure message 3775 * during inbound SA selection. 3776 */ 3777 void 3778 ipsecesp_in_assocfailure(mblk_t *mp, char level, ushort_t sl, char *fmt, 3779 uint32_t spi, void *addr, int af) 3780 { 3781 if (ipsecesp_log_unknown_spi) { 3782 ipsec_assocfailure(info.mi_idnum, 0, level, sl, fmt, spi, 3783 addr, af); 3784 } 3785 3786 ip_drop_packet(mp, B_TRUE, NULL, NULL, &ipdrops_esp_no_sa, 3787 &esp_dropper); 3788 } 3789 3790 /* 3791 * Initialize the ESP input and output processing functions. 3792 */ 3793 void 3794 ipsecesp_init_funcs(ipsa_t *sa) 3795 { 3796 if (sa->ipsa_output_func == NULL) 3797 sa->ipsa_output_func = esp_outbound; 3798 if (sa->ipsa_input_func == NULL) 3799 sa->ipsa_input_func = esp_inbound; 3800 } 3801