1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/stream.h> 28 #include <sys/stropts.h> 29 #include <sys/errno.h> 30 #include <sys/strlog.h> 31 #include <sys/tihdr.h> 32 #include <sys/socket.h> 33 #include <sys/ddi.h> 34 #include <sys/sunddi.h> 35 #include <sys/kmem.h> 36 #include <sys/zone.h> 37 #include <sys/sysmacros.h> 38 #include <sys/cmn_err.h> 39 #include <sys/vtrace.h> 40 #include <sys/debug.h> 41 #include <sys/atomic.h> 42 #include <sys/strsun.h> 43 #include <sys/random.h> 44 #include <netinet/in.h> 45 #include <net/if.h> 46 #include <netinet/ip6.h> 47 #include <net/pfkeyv2.h> 48 49 #include <inet/common.h> 50 #include <inet/mi.h> 51 #include <inet/nd.h> 52 #include <inet/ip.h> 53 #include <inet/ip_impl.h> 54 #include <inet/ip6.h> 55 #include <inet/sadb.h> 56 #include <inet/ipsec_info.h> 57 #include <inet/ipsec_impl.h> 58 #include <inet/ipsecesp.h> 59 #include <inet/ipdrop.h> 60 #include <inet/tcp.h> 61 #include <sys/kstat.h> 62 #include <sys/policy.h> 63 #include <sys/strsun.h> 64 #include <inet/udp_impl.h> 65 #include <sys/taskq.h> 66 #include <sys/note.h> 67 68 #include <sys/iphada.h> 69 70 /* 71 * Table of ND variables supported by ipsecesp. These are loaded into 72 * ipsecesp_g_nd in ipsecesp_init_nd. 73 * All of these are alterable, within the min/max values given, at run time. 74 */ 75 static ipsecespparam_t lcl_param_arr[] = { 76 /* min max value name */ 77 { 0, 3, 0, "ipsecesp_debug"}, 78 { 125, 32000, SADB_AGE_INTERVAL_DEFAULT, "ipsecesp_age_interval"}, 79 { 1, 10, 1, "ipsecesp_reap_delay"}, 80 { 1, SADB_MAX_REPLAY, 64, "ipsecesp_replay_size"}, 81 { 1, 300, 15, "ipsecesp_acquire_timeout"}, 82 { 1, 1800, 90, "ipsecesp_larval_timeout"}, 83 /* Default lifetime values for ACQUIRE messages. */ 84 { 0, 0xffffffffU, 0, "ipsecesp_default_soft_bytes"}, 85 { 0, 0xffffffffU, 0, "ipsecesp_default_hard_bytes"}, 86 { 0, 0xffffffffU, 24000, "ipsecesp_default_soft_addtime"}, 87 { 0, 0xffffffffU, 28800, "ipsecesp_default_hard_addtime"}, 88 { 0, 0xffffffffU, 0, "ipsecesp_default_soft_usetime"}, 89 { 0, 0xffffffffU, 0, "ipsecesp_default_hard_usetime"}, 90 { 0, 1, 0, "ipsecesp_log_unknown_spi"}, 91 { 0, 2, 1, "ipsecesp_padding_check"}, 92 { 0, 600, 20, "ipsecesp_nat_keepalive_interval"}, 93 }; 94 #define ipsecesp_debug ipsecesp_params[0].ipsecesp_param_value 95 #define ipsecesp_age_interval ipsecesp_params[1].ipsecesp_param_value 96 #define ipsecesp_age_int_max ipsecesp_params[1].ipsecesp_param_max 97 #define ipsecesp_reap_delay ipsecesp_params[2].ipsecesp_param_value 98 #define ipsecesp_replay_size ipsecesp_params[3].ipsecesp_param_value 99 #define ipsecesp_acquire_timeout \ 100 ipsecesp_params[4].ipsecesp_param_value 101 #define ipsecesp_larval_timeout \ 102 ipsecesp_params[5].ipsecesp_param_value 103 #define ipsecesp_default_soft_bytes \ 104 ipsecesp_params[6].ipsecesp_param_value 105 #define ipsecesp_default_hard_bytes \ 106 ipsecesp_params[7].ipsecesp_param_value 107 #define ipsecesp_default_soft_addtime \ 108 ipsecesp_params[8].ipsecesp_param_value 109 #define ipsecesp_default_hard_addtime \ 110 ipsecesp_params[9].ipsecesp_param_value 111 #define ipsecesp_default_soft_usetime \ 112 ipsecesp_params[10].ipsecesp_param_value 113 #define ipsecesp_default_hard_usetime \ 114 ipsecesp_params[11].ipsecesp_param_value 115 #define ipsecesp_log_unknown_spi \ 116 ipsecesp_params[12].ipsecesp_param_value 117 #define ipsecesp_padding_check \ 118 ipsecesp_params[13].ipsecesp_param_value 119 /* For ipsecesp_nat_keepalive_interval, see ipsecesp.h. */ 120 121 #define esp0dbg(a) printf a 122 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */ 123 #define esp1dbg(espstack, a) if (espstack->ipsecesp_debug != 0) printf a 124 #define esp2dbg(espstack, a) if (espstack->ipsecesp_debug > 1) printf a 125 #define esp3dbg(espstack, a) if (espstack->ipsecesp_debug > 2) printf a 126 127 static int ipsecesp_open(queue_t *, dev_t *, int, int, cred_t *); 128 static int ipsecesp_close(queue_t *); 129 static void ipsecesp_rput(queue_t *, mblk_t *); 130 static void ipsecesp_wput(queue_t *, mblk_t *); 131 static void *ipsecesp_stack_init(netstackid_t stackid, netstack_t *ns); 132 static void ipsecesp_stack_fini(netstackid_t stackid, void *arg); 133 static void esp_send_acquire(ipsacq_t *, mblk_t *, netstack_t *); 134 135 static void esp_prepare_udp(netstack_t *, mblk_t *, ipha_t *); 136 static ipsec_status_t esp_outbound_accelerated(mblk_t *, uint_t); 137 static ipsec_status_t esp_inbound_accelerated(mblk_t *, mblk_t *, 138 boolean_t, ipsa_t *); 139 140 static boolean_t esp_register_out(uint32_t, uint32_t, uint_t, 141 ipsecesp_stack_t *); 142 static boolean_t esp_strip_header(mblk_t *, boolean_t, uint32_t, 143 kstat_named_t **, ipsecesp_stack_t *); 144 static ipsec_status_t esp_submit_req_inbound(mblk_t *, ipsa_t *, uint_t); 145 static ipsec_status_t esp_submit_req_outbound(mblk_t *, ipsa_t *, uchar_t *, 146 uint_t); 147 extern void (*cl_inet_getspi)(uint8_t, uint8_t *, size_t); 148 149 /* Setable in /etc/system */ 150 uint32_t esp_hash_size = IPSEC_DEFAULT_HASH_SIZE; 151 152 static struct module_info info = { 153 5137, "ipsecesp", 0, INFPSZ, 65536, 1024 154 }; 155 156 static struct qinit rinit = { 157 (pfi_t)ipsecesp_rput, NULL, ipsecesp_open, ipsecesp_close, NULL, &info, 158 NULL 159 }; 160 161 static struct qinit winit = { 162 (pfi_t)ipsecesp_wput, NULL, ipsecesp_open, ipsecesp_close, NULL, &info, 163 NULL 164 }; 165 166 struct streamtab ipsecespinfo = { 167 &rinit, &winit, NULL, NULL 168 }; 169 170 static taskq_t *esp_taskq; 171 172 /* 173 * OTOH, this one is set at open/close, and I'm D_MTQPAIR for now. 174 * 175 * Question: Do I need this, given that all instance's esps->esps_wq point 176 * to IP? 177 * 178 * Answer: Yes, because I need to know which queue is BOUND to 179 * IPPROTO_ESP 180 */ 181 182 /* 183 * Stats. This may eventually become a full-blown SNMP MIB once that spec 184 * stabilizes. 185 */ 186 187 typedef struct esp_kstats_s { 188 kstat_named_t esp_stat_num_aalgs; 189 kstat_named_t esp_stat_good_auth; 190 kstat_named_t esp_stat_bad_auth; 191 kstat_named_t esp_stat_bad_padding; 192 kstat_named_t esp_stat_replay_failures; 193 kstat_named_t esp_stat_replay_early_failures; 194 kstat_named_t esp_stat_keysock_in; 195 kstat_named_t esp_stat_out_requests; 196 kstat_named_t esp_stat_acquire_requests; 197 kstat_named_t esp_stat_bytes_expired; 198 kstat_named_t esp_stat_out_discards; 199 kstat_named_t esp_stat_in_accelerated; 200 kstat_named_t esp_stat_out_accelerated; 201 kstat_named_t esp_stat_noaccel; 202 kstat_named_t esp_stat_crypto_sync; 203 kstat_named_t esp_stat_crypto_async; 204 kstat_named_t esp_stat_crypto_failures; 205 kstat_named_t esp_stat_num_ealgs; 206 kstat_named_t esp_stat_bad_decrypt; 207 kstat_named_t esp_stat_sa_port_renumbers; 208 } esp_kstats_t; 209 210 /* 211 * espstack->esp_kstats is equal to espstack->esp_ksp->ks_data if 212 * kstat_create_netstack for espstack->esp_ksp succeeds, but when it 213 * fails, it will be NULL. Note this is done for all stack instances, 214 * so it *could* fail. hence a non-NULL checking is done for 215 * ESP_BUMP_STAT and ESP_DEBUMP_STAT 216 */ 217 #define ESP_BUMP_STAT(espstack, x) \ 218 do { \ 219 if (espstack->esp_kstats != NULL) \ 220 (espstack->esp_kstats->esp_stat_ ## x).value.ui64++; \ 221 _NOTE(CONSTCOND) \ 222 } while (0) 223 224 #define ESP_DEBUMP_STAT(espstack, x) \ 225 do { \ 226 if (espstack->esp_kstats != NULL) \ 227 (espstack->esp_kstats->esp_stat_ ## x).value.ui64--; \ 228 _NOTE(CONSTCOND) \ 229 } while (0) 230 231 static int esp_kstat_update(kstat_t *, int); 232 233 static boolean_t 234 esp_kstat_init(ipsecesp_stack_t *espstack, netstackid_t stackid) 235 { 236 espstack->esp_ksp = kstat_create_netstack("ipsecesp", 0, "esp_stat", 237 "net", KSTAT_TYPE_NAMED, 238 sizeof (esp_kstats_t) / sizeof (kstat_named_t), 239 KSTAT_FLAG_PERSISTENT, stackid); 240 241 if (espstack->esp_ksp == NULL || espstack->esp_ksp->ks_data == NULL) 242 return (B_FALSE); 243 244 espstack->esp_kstats = espstack->esp_ksp->ks_data; 245 246 espstack->esp_ksp->ks_update = esp_kstat_update; 247 espstack->esp_ksp->ks_private = (void *)(uintptr_t)stackid; 248 249 #define K64 KSTAT_DATA_UINT64 250 #define KI(x) kstat_named_init(&(espstack->esp_kstats->esp_stat_##x), #x, K64) 251 252 KI(num_aalgs); 253 KI(num_ealgs); 254 KI(good_auth); 255 KI(bad_auth); 256 KI(bad_padding); 257 KI(replay_failures); 258 KI(replay_early_failures); 259 KI(keysock_in); 260 KI(out_requests); 261 KI(acquire_requests); 262 KI(bytes_expired); 263 KI(out_discards); 264 KI(in_accelerated); 265 KI(out_accelerated); 266 KI(noaccel); 267 KI(crypto_sync); 268 KI(crypto_async); 269 KI(crypto_failures); 270 KI(bad_decrypt); 271 KI(sa_port_renumbers); 272 273 #undef KI 274 #undef K64 275 276 kstat_install(espstack->esp_ksp); 277 278 return (B_TRUE); 279 } 280 281 static int 282 esp_kstat_update(kstat_t *kp, int rw) 283 { 284 esp_kstats_t *ekp; 285 netstackid_t stackid = (zoneid_t)(uintptr_t)kp->ks_private; 286 netstack_t *ns; 287 ipsec_stack_t *ipss; 288 289 if ((kp == NULL) || (kp->ks_data == NULL)) 290 return (EIO); 291 292 if (rw == KSTAT_WRITE) 293 return (EACCES); 294 295 ns = netstack_find_by_stackid(stackid); 296 if (ns == NULL) 297 return (-1); 298 ipss = ns->netstack_ipsec; 299 if (ipss == NULL) { 300 netstack_rele(ns); 301 return (-1); 302 } 303 ekp = (esp_kstats_t *)kp->ks_data; 304 305 mutex_enter(&ipss->ipsec_alg_lock); 306 ekp->esp_stat_num_aalgs.value.ui64 = 307 ipss->ipsec_nalgs[IPSEC_ALG_AUTH]; 308 ekp->esp_stat_num_ealgs.value.ui64 = 309 ipss->ipsec_nalgs[IPSEC_ALG_ENCR]; 310 mutex_exit(&ipss->ipsec_alg_lock); 311 312 netstack_rele(ns); 313 return (0); 314 } 315 316 #ifdef DEBUG 317 /* 318 * Debug routine, useful to see pre-encryption data. 319 */ 320 static char * 321 dump_msg(mblk_t *mp) 322 { 323 char tmp_str[3], tmp_line[256]; 324 325 while (mp != NULL) { 326 unsigned char *ptr; 327 328 printf("mblk address 0x%p, length %ld, db_ref %d " 329 "type %d, base 0x%p, lim 0x%p\n", 330 (void *) mp, (long)(mp->b_wptr - mp->b_rptr), 331 mp->b_datap->db_ref, mp->b_datap->db_type, 332 (void *)mp->b_datap->db_base, (void *)mp->b_datap->db_lim); 333 ptr = mp->b_rptr; 334 335 tmp_line[0] = '\0'; 336 while (ptr < mp->b_wptr) { 337 uint_t diff; 338 339 diff = (ptr - mp->b_rptr); 340 if (!(diff & 0x1f)) { 341 if (strlen(tmp_line) > 0) { 342 printf("bytes: %s\n", tmp_line); 343 tmp_line[0] = '\0'; 344 } 345 } 346 if (!(diff & 0x3)) 347 (void) strcat(tmp_line, " "); 348 (void) sprintf(tmp_str, "%02x", *ptr); 349 (void) strcat(tmp_line, tmp_str); 350 ptr++; 351 } 352 if (strlen(tmp_line) > 0) 353 printf("bytes: %s\n", tmp_line); 354 355 mp = mp->b_cont; 356 } 357 358 return ("\n"); 359 } 360 361 #else /* DEBUG */ 362 static char * 363 dump_msg(mblk_t *mp) 364 { 365 printf("Find value of mp %p.\n", mp); 366 return ("\n"); 367 } 368 #endif /* DEBUG */ 369 370 /* 371 * Don't have to lock age_interval, as only one thread will access it at 372 * a time, because I control the one function that does with timeout(). 373 */ 374 static void 375 esp_ager(void *arg) 376 { 377 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)arg; 378 netstack_t *ns = espstack->ipsecesp_netstack; 379 hrtime_t begin = gethrtime(); 380 381 sadb_ager(&espstack->esp_sadb.s_v4, espstack->esp_pfkey_q, 382 espstack->esp_sadb.s_ip_q, espstack->ipsecesp_reap_delay, ns); 383 sadb_ager(&espstack->esp_sadb.s_v6, espstack->esp_pfkey_q, 384 espstack->esp_sadb.s_ip_q, espstack->ipsecesp_reap_delay, ns); 385 386 espstack->esp_event = sadb_retimeout(begin, espstack->esp_pfkey_q, 387 esp_ager, espstack, 388 &espstack->ipsecesp_age_interval, espstack->ipsecesp_age_int_max, 389 info.mi_idnum); 390 } 391 392 /* 393 * Get an ESP NDD parameter. 394 */ 395 /* ARGSUSED */ 396 static int 397 ipsecesp_param_get(q, mp, cp, cr) 398 queue_t *q; 399 mblk_t *mp; 400 caddr_t cp; 401 cred_t *cr; 402 { 403 ipsecespparam_t *ipsecesppa = (ipsecespparam_t *)cp; 404 uint_t value; 405 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 406 407 mutex_enter(&espstack->ipsecesp_param_lock); 408 value = ipsecesppa->ipsecesp_param_value; 409 mutex_exit(&espstack->ipsecesp_param_lock); 410 411 (void) mi_mpprintf(mp, "%u", value); 412 return (0); 413 } 414 415 /* 416 * This routine sets an NDD variable in a ipsecespparam_t structure. 417 */ 418 /* ARGSUSED */ 419 static int 420 ipsecesp_param_set(q, mp, value, cp, cr) 421 queue_t *q; 422 mblk_t *mp; 423 char *value; 424 caddr_t cp; 425 cred_t *cr; 426 { 427 ulong_t new_value; 428 ipsecespparam_t *ipsecesppa = (ipsecespparam_t *)cp; 429 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 430 431 /* 432 * Fail the request if the new value does not lie within the 433 * required bounds. 434 */ 435 if (ddi_strtoul(value, NULL, 10, &new_value) != 0 || 436 new_value < ipsecesppa->ipsecesp_param_min || 437 new_value > ipsecesppa->ipsecesp_param_max) { 438 return (EINVAL); 439 } 440 441 /* Set the new value */ 442 mutex_enter(&espstack->ipsecesp_param_lock); 443 ipsecesppa->ipsecesp_param_value = new_value; 444 mutex_exit(&espstack->ipsecesp_param_lock); 445 return (0); 446 } 447 448 /* 449 * Using lifetime NDD variables, fill in an extended combination's 450 * lifetime information. 451 */ 452 void 453 ipsecesp_fill_defs(sadb_x_ecomb_t *ecomb, netstack_t *ns) 454 { 455 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 456 457 ecomb->sadb_x_ecomb_soft_bytes = espstack->ipsecesp_default_soft_bytes; 458 ecomb->sadb_x_ecomb_hard_bytes = espstack->ipsecesp_default_hard_bytes; 459 ecomb->sadb_x_ecomb_soft_addtime = 460 espstack->ipsecesp_default_soft_addtime; 461 ecomb->sadb_x_ecomb_hard_addtime = 462 espstack->ipsecesp_default_hard_addtime; 463 ecomb->sadb_x_ecomb_soft_usetime = 464 espstack->ipsecesp_default_soft_usetime; 465 ecomb->sadb_x_ecomb_hard_usetime = 466 espstack->ipsecesp_default_hard_usetime; 467 } 468 469 /* 470 * Initialize things for ESP at module load time. 471 */ 472 boolean_t 473 ipsecesp_ddi_init(void) 474 { 475 esp_taskq = taskq_create("esp_taskq", 1, minclsyspri, 476 IPSEC_TASKQ_MIN, IPSEC_TASKQ_MAX, 0); 477 478 /* 479 * We want to be informed each time a stack is created or 480 * destroyed in the kernel, so we can maintain the 481 * set of ipsecesp_stack_t's. 482 */ 483 netstack_register(NS_IPSECESP, ipsecesp_stack_init, NULL, 484 ipsecesp_stack_fini); 485 486 return (B_TRUE); 487 } 488 489 /* 490 * Walk through the param array specified registering each element with the 491 * named dispatch handler. 492 */ 493 static boolean_t 494 ipsecesp_param_register(IDP *ndp, ipsecespparam_t *espp, int cnt) 495 { 496 for (; cnt-- > 0; espp++) { 497 if (espp->ipsecesp_param_name != NULL && 498 espp->ipsecesp_param_name[0]) { 499 if (!nd_load(ndp, 500 espp->ipsecesp_param_name, 501 ipsecesp_param_get, ipsecesp_param_set, 502 (caddr_t)espp)) { 503 nd_free(ndp); 504 return (B_FALSE); 505 } 506 } 507 } 508 return (B_TRUE); 509 } 510 /* 511 * Initialize things for ESP for each stack instance 512 */ 513 static void * 514 ipsecesp_stack_init(netstackid_t stackid, netstack_t *ns) 515 { 516 ipsecesp_stack_t *espstack; 517 ipsecespparam_t *espp; 518 519 espstack = (ipsecesp_stack_t *)kmem_zalloc(sizeof (*espstack), 520 KM_SLEEP); 521 espstack->ipsecesp_netstack = ns; 522 523 espp = (ipsecespparam_t *)kmem_alloc(sizeof (lcl_param_arr), KM_SLEEP); 524 espstack->ipsecesp_params = espp; 525 bcopy(lcl_param_arr, espp, sizeof (lcl_param_arr)); 526 527 (void) ipsecesp_param_register(&espstack->ipsecesp_g_nd, espp, 528 A_CNT(lcl_param_arr)); 529 530 (void) esp_kstat_init(espstack, stackid); 531 532 espstack->esp_sadb.s_acquire_timeout = 533 &espstack->ipsecesp_acquire_timeout; 534 espstack->esp_sadb.s_acqfn = esp_send_acquire; 535 sadbp_init("ESP", &espstack->esp_sadb, SADB_SATYPE_ESP, esp_hash_size, 536 espstack->ipsecesp_netstack); 537 538 mutex_init(&espstack->ipsecesp_param_lock, NULL, MUTEX_DEFAULT, 0); 539 540 ip_drop_register(&espstack->esp_dropper, "IPsec ESP"); 541 return (espstack); 542 } 543 544 /* 545 * Destroy things for ESP at module unload time. 546 */ 547 void 548 ipsecesp_ddi_destroy(void) 549 { 550 netstack_unregister(NS_IPSECESP); 551 taskq_destroy(esp_taskq); 552 } 553 554 /* 555 * Destroy things for ESP for one stack instance 556 */ 557 static void 558 ipsecesp_stack_fini(netstackid_t stackid, void *arg) 559 { 560 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)arg; 561 562 if (espstack->esp_pfkey_q != NULL) { 563 (void) quntimeout(espstack->esp_pfkey_q, espstack->esp_event); 564 } 565 espstack->esp_sadb.s_acqfn = NULL; 566 espstack->esp_sadb.s_acquire_timeout = NULL; 567 sadbp_destroy(&espstack->esp_sadb, espstack->ipsecesp_netstack); 568 ip_drop_unregister(&espstack->esp_dropper); 569 mutex_destroy(&espstack->ipsecesp_param_lock); 570 nd_free(&espstack->ipsecesp_g_nd); 571 572 kmem_free(espstack->ipsecesp_params, sizeof (lcl_param_arr)); 573 espstack->ipsecesp_params = NULL; 574 kstat_delete_netstack(espstack->esp_ksp, stackid); 575 espstack->esp_ksp = NULL; 576 espstack->esp_kstats = NULL; 577 kmem_free(espstack, sizeof (*espstack)); 578 } 579 580 /* 581 * ESP module open routine. 582 */ 583 /* ARGSUSED */ 584 static int 585 ipsecesp_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp) 586 { 587 netstack_t *ns; 588 ipsecesp_stack_t *espstack; 589 590 if (secpolicy_ip_config(credp, B_FALSE) != 0) 591 return (EPERM); 592 593 if (q->q_ptr != NULL) 594 return (0); /* Re-open of an already open instance. */ 595 596 if (sflag != MODOPEN) 597 return (EINVAL); 598 599 ns = netstack_find_by_cred(credp); 600 ASSERT(ns != NULL); 601 espstack = ns->netstack_ipsecesp; 602 ASSERT(espstack != NULL); 603 604 /* 605 * ASSUMPTIONS (because I'm MT_OCEXCL): 606 * 607 * * I'm being pushed on top of IP for all my opens (incl. #1). 608 * * Only ipsecesp_open() can write into esp_sadb.s_ip_q. 609 * * Because of this, I can check lazily for esp_sadb.s_ip_q. 610 * 611 * If these assumptions are wrong, I'm in BIG trouble... 612 */ 613 614 q->q_ptr = espstack; 615 WR(q)->q_ptr = q->q_ptr; 616 617 if (espstack->esp_sadb.s_ip_q == NULL) { 618 struct T_unbind_req *tur; 619 620 espstack->esp_sadb.s_ip_q = WR(q); 621 /* Allocate an unbind... */ 622 espstack->esp_ip_unbind = allocb(sizeof (struct T_unbind_req), 623 BPRI_HI); 624 625 /* 626 * Send down T_BIND_REQ to bind IPPROTO_ESP. 627 * Handle the ACK here in ESP. 628 */ 629 qprocson(q); 630 if (espstack->esp_ip_unbind == NULL || 631 !sadb_t_bind_req(espstack->esp_sadb.s_ip_q, IPPROTO_ESP)) { 632 if (espstack->esp_ip_unbind != NULL) { 633 freeb(espstack->esp_ip_unbind); 634 espstack->esp_ip_unbind = NULL; 635 } 636 q->q_ptr = NULL; 637 netstack_rele(espstack->ipsecesp_netstack); 638 return (ENOMEM); 639 } 640 641 espstack->esp_ip_unbind->b_datap->db_type = M_PROTO; 642 tur = (struct T_unbind_req *)espstack->esp_ip_unbind->b_rptr; 643 tur->PRIM_type = T_UNBIND_REQ; 644 } else { 645 qprocson(q); 646 } 647 648 /* 649 * For now, there's not much I can do. I'll be getting a message 650 * passed down to me from keysock (in my wput), and a T_BIND_ACK 651 * up from IP (in my rput). 652 */ 653 654 return (0); 655 } 656 657 /* 658 * ESP module close routine. 659 */ 660 static int 661 ipsecesp_close(queue_t *q) 662 { 663 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 664 665 /* 666 * If esp_sadb.s_ip_q is attached to this instance, send a 667 * T_UNBIND_REQ to IP for the instance before doing 668 * a qprocsoff(). 669 */ 670 if (WR(q) == espstack->esp_sadb.s_ip_q && 671 espstack->esp_ip_unbind != NULL) { 672 putnext(WR(q), espstack->esp_ip_unbind); 673 espstack->esp_ip_unbind = NULL; 674 } 675 676 /* 677 * Clean up q_ptr, if needed. 678 */ 679 qprocsoff(q); 680 681 /* Keysock queue check is safe, because of OCEXCL perimeter. */ 682 683 if (q == espstack->esp_pfkey_q) { 684 esp1dbg(espstack, 685 ("ipsecesp_close: Ummm... keysock is closing ESP.\n")); 686 espstack->esp_pfkey_q = NULL; 687 /* Detach qtimeouts. */ 688 (void) quntimeout(q, espstack->esp_event); 689 } 690 691 if (WR(q) == espstack->esp_sadb.s_ip_q) { 692 /* 693 * If the esp_sadb.s_ip_q is attached to this instance, find 694 * another. The OCEXCL outer perimeter helps us here. 695 */ 696 espstack->esp_sadb.s_ip_q = NULL; 697 698 /* 699 * Find a replacement queue for esp_sadb.s_ip_q. 700 */ 701 if (espstack->esp_pfkey_q != NULL && 702 espstack->esp_pfkey_q != RD(q)) { 703 /* 704 * See if we can use the pfkey_q. 705 */ 706 espstack->esp_sadb.s_ip_q = WR(espstack->esp_pfkey_q); 707 } 708 709 if (espstack->esp_sadb.s_ip_q == NULL || 710 !sadb_t_bind_req(espstack->esp_sadb.s_ip_q, IPPROTO_ESP)) { 711 esp1dbg(espstack, ("ipsecesp: Can't reassign ip_q.\n")); 712 espstack->esp_sadb.s_ip_q = NULL; 713 } else { 714 espstack->esp_ip_unbind = 715 allocb(sizeof (struct T_unbind_req), BPRI_HI); 716 717 if (espstack->esp_ip_unbind != NULL) { 718 struct T_unbind_req *tur; 719 720 espstack->esp_ip_unbind->b_datap->db_type = 721 M_PROTO; 722 tur = (struct T_unbind_req *) 723 espstack->esp_ip_unbind->b_rptr; 724 tur->PRIM_type = T_UNBIND_REQ; 725 } 726 /* If it's NULL, I can't do much here. */ 727 } 728 } 729 730 netstack_rele(espstack->ipsecesp_netstack); 731 return (0); 732 } 733 734 /* 735 * Add a number of bytes to what the SA has protected so far. Return 736 * B_TRUE if the SA can still protect that many bytes. 737 * 738 * Caller must REFRELE the passed-in assoc. This function must REFRELE 739 * any obtained peer SA. 740 */ 741 static boolean_t 742 esp_age_bytes(ipsa_t *assoc, uint64_t bytes, boolean_t inbound) 743 { 744 ipsa_t *inassoc, *outassoc; 745 isaf_t *bucket; 746 boolean_t inrc, outrc, isv6; 747 sadb_t *sp; 748 int outhash; 749 netstack_t *ns = assoc->ipsa_netstack; 750 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 751 752 /* No peer? No problem! */ 753 if (!assoc->ipsa_haspeer) { 754 return (sadb_age_bytes(espstack->esp_pfkey_q, assoc, bytes, 755 B_TRUE)); 756 } 757 758 /* 759 * Otherwise, we want to grab both the original assoc and its peer. 760 * There might be a race for this, but if it's a real race, two 761 * expire messages may occur. We limit this by only sending the 762 * expire message on one of the peers, we'll pick the inbound 763 * arbitrarily. 764 * 765 * If we need tight synchronization on the peer SA, then we need to 766 * reconsider. 767 */ 768 769 /* Use address length to select IPv6/IPv4 */ 770 isv6 = (assoc->ipsa_addrfam == AF_INET6); 771 sp = isv6 ? &espstack->esp_sadb.s_v6 : &espstack->esp_sadb.s_v4; 772 773 if (inbound) { 774 inassoc = assoc; 775 if (isv6) { 776 outhash = OUTBOUND_HASH_V6(sp, *((in6_addr_t *) 777 &inassoc->ipsa_dstaddr)); 778 } else { 779 outhash = OUTBOUND_HASH_V4(sp, *((ipaddr_t *) 780 &inassoc->ipsa_dstaddr)); 781 } 782 bucket = &sp->sdb_of[outhash]; 783 mutex_enter(&bucket->isaf_lock); 784 outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi, 785 inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr, 786 inassoc->ipsa_addrfam); 787 mutex_exit(&bucket->isaf_lock); 788 if (outassoc == NULL) { 789 /* Q: Do we wish to set haspeer == B_FALSE? */ 790 esp0dbg(("esp_age_bytes: " 791 "can't find peer for inbound.\n")); 792 return (sadb_age_bytes(espstack->esp_pfkey_q, inassoc, 793 bytes, B_TRUE)); 794 } 795 } else { 796 outassoc = assoc; 797 bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi); 798 mutex_enter(&bucket->isaf_lock); 799 inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi, 800 outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr, 801 outassoc->ipsa_addrfam); 802 mutex_exit(&bucket->isaf_lock); 803 if (inassoc == NULL) { 804 /* Q: Do we wish to set haspeer == B_FALSE? */ 805 esp0dbg(("esp_age_bytes: " 806 "can't find peer for outbound.\n")); 807 return (sadb_age_bytes(espstack->esp_pfkey_q, outassoc, 808 bytes, B_TRUE)); 809 } 810 } 811 812 inrc = sadb_age_bytes(espstack->esp_pfkey_q, inassoc, bytes, B_TRUE); 813 outrc = sadb_age_bytes(espstack->esp_pfkey_q, outassoc, bytes, B_FALSE); 814 815 /* 816 * REFRELE any peer SA. 817 * 818 * Because of the multi-line macro nature of IPSA_REFRELE, keep 819 * them in { }. 820 */ 821 if (inbound) { 822 IPSA_REFRELE(outassoc); 823 } else { 824 IPSA_REFRELE(inassoc); 825 } 826 827 return (inrc && outrc); 828 } 829 830 /* 831 * Do incoming NAT-T manipulations for packet. 832 */ 833 static ipsec_status_t 834 esp_fix_natt_checksums(mblk_t *data_mp, ipsa_t *assoc) 835 { 836 ipha_t *ipha = (ipha_t *)data_mp->b_rptr; 837 tcpha_t *tcph; 838 udpha_t *udpha; 839 /* Initialize to our inbound cksum adjustment... */ 840 uint32_t sum = assoc->ipsa_inbound_cksum; 841 842 switch (ipha->ipha_protocol) { 843 case IPPROTO_TCP: 844 tcph = (tcpha_t *)(data_mp->b_rptr + 845 IPH_HDR_LENGTH(ipha)); 846 847 #define DOWN_SUM(x) (x) = ((x) & 0xFFFF) + ((x) >> 16) 848 sum += ~ntohs(tcph->tha_sum) & 0xFFFF; 849 DOWN_SUM(sum); 850 DOWN_SUM(sum); 851 tcph->tha_sum = ~htons(sum); 852 break; 853 case IPPROTO_UDP: 854 udpha = (udpha_t *)(data_mp->b_rptr + IPH_HDR_LENGTH(ipha)); 855 856 if (udpha->uha_checksum != 0) { 857 /* Adujst if the inbound one was not zero. */ 858 sum += ~ntohs(udpha->uha_checksum) & 0xFFFF; 859 DOWN_SUM(sum); 860 DOWN_SUM(sum); 861 udpha->uha_checksum = ~htons(sum); 862 if (udpha->uha_checksum == 0) 863 udpha->uha_checksum = 0xFFFF; 864 } 865 #undef DOWN_SUM 866 break; 867 case IPPROTO_IP: 868 /* 869 * This case is only an issue for self-encapsulated 870 * packets. So for now, fall through. 871 */ 872 break; 873 } 874 return (IPSEC_STATUS_SUCCESS); 875 } 876 877 878 /* 879 * Strip ESP header, check padding, and fix IP header. 880 * Returns B_TRUE on success, B_FALSE if an error occured. 881 */ 882 static boolean_t 883 esp_strip_header(mblk_t *data_mp, boolean_t isv4, uint32_t ivlen, 884 kstat_named_t **counter, ipsecesp_stack_t *espstack) 885 { 886 ipha_t *ipha; 887 ip6_t *ip6h; 888 uint_t divpoint; 889 mblk_t *scratch; 890 uint8_t nexthdr, padlen; 891 uint8_t lastpad; 892 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 893 uint8_t *lastbyte; 894 895 /* 896 * Strip ESP data and fix IP header. 897 * 898 * XXX In case the beginning of esp_inbound() changes to not do a 899 * pullup, this part of the code can remain unchanged. 900 */ 901 if (isv4) { 902 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (ipha_t)); 903 ipha = (ipha_t *)data_mp->b_rptr; 904 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (esph_t) + 905 IPH_HDR_LENGTH(ipha)); 906 divpoint = IPH_HDR_LENGTH(ipha); 907 } else { 908 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (ip6_t)); 909 ip6h = (ip6_t *)data_mp->b_rptr; 910 divpoint = ip_hdr_length_v6(data_mp, ip6h); 911 } 912 913 scratch = data_mp; 914 while (scratch->b_cont != NULL) 915 scratch = scratch->b_cont; 916 917 ASSERT((scratch->b_wptr - scratch->b_rptr) >= 3); 918 919 /* 920 * "Next header" and padding length are the last two bytes in the 921 * ESP-protected datagram, thus the explicit - 1 and - 2. 922 * lastpad is the last byte of the padding, which can be used for 923 * a quick check to see if the padding is correct. 924 */ 925 lastbyte = scratch->b_wptr - 1; 926 nexthdr = *lastbyte--; 927 padlen = *lastbyte--; 928 929 if (isv4) { 930 /* Fix part of the IP header. */ 931 ipha->ipha_protocol = nexthdr; 932 /* 933 * Reality check the padlen. The explicit - 2 is for the 934 * padding length and the next-header bytes. 935 */ 936 if (padlen >= ntohs(ipha->ipha_length) - sizeof (ipha_t) - 2 - 937 sizeof (esph_t) - ivlen) { 938 ESP_BUMP_STAT(espstack, bad_decrypt); 939 ipsec_rl_strlog(espstack->ipsecesp_netstack, 940 info.mi_idnum, 0, 0, 941 SL_ERROR | SL_WARN, 942 "Corrupt ESP packet (padlen too big).\n"); 943 esp1dbg(espstack, ("padlen (%d) is greater than:\n", 944 padlen)); 945 esp1dbg(espstack, ("pkt len(%d) - ip hdr - esp " 946 "hdr - ivlen(%d) = %d.\n", 947 ntohs(ipha->ipha_length), ivlen, 948 (int)(ntohs(ipha->ipha_length) - sizeof (ipha_t) - 949 2 - sizeof (esph_t) - ivlen))); 950 *counter = DROPPER(ipss, ipds_esp_bad_padlen); 951 return (B_FALSE); 952 } 953 954 /* 955 * Fix the rest of the header. The explicit - 2 is for the 956 * padding length and the next-header bytes. 957 */ 958 ipha->ipha_length = htons(ntohs(ipha->ipha_length) - padlen - 959 2 - sizeof (esph_t) - ivlen); 960 ipha->ipha_hdr_checksum = 0; 961 ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha); 962 } else { 963 if (ip6h->ip6_nxt == IPPROTO_ESP) { 964 ip6h->ip6_nxt = nexthdr; 965 } else { 966 ip6_pkt_t ipp; 967 968 bzero(&ipp, sizeof (ipp)); 969 (void) ip_find_hdr_v6(data_mp, ip6h, &ipp, NULL); 970 if (ipp.ipp_dstopts != NULL) { 971 ipp.ipp_dstopts->ip6d_nxt = nexthdr; 972 } else if (ipp.ipp_rthdr != NULL) { 973 ipp.ipp_rthdr->ip6r_nxt = nexthdr; 974 } else if (ipp.ipp_hopopts != NULL) { 975 ipp.ipp_hopopts->ip6h_nxt = nexthdr; 976 } else { 977 /* Panic a DEBUG kernel. */ 978 ASSERT(ipp.ipp_hopopts != NULL); 979 /* Otherwise, pretend it's IP + ESP. */ 980 cmn_err(CE_WARN, "ESP IPv6 headers wrong.\n"); 981 ip6h->ip6_nxt = nexthdr; 982 } 983 } 984 985 if (padlen >= ntohs(ip6h->ip6_plen) - 2 - sizeof (esph_t) - 986 ivlen) { 987 ESP_BUMP_STAT(espstack, bad_decrypt); 988 ipsec_rl_strlog(espstack->ipsecesp_netstack, 989 info.mi_idnum, 0, 0, 990 SL_ERROR | SL_WARN, 991 "Corrupt ESP packet (v6 padlen too big).\n"); 992 esp1dbg(espstack, ("padlen (%d) is greater than:\n", 993 padlen)); 994 esp1dbg(espstack, 995 ("pkt len(%u) - ip hdr - esp hdr - ivlen(%d) = " 996 "%u.\n", (unsigned)(ntohs(ip6h->ip6_plen) 997 + sizeof (ip6_t)), ivlen, 998 (unsigned)(ntohs(ip6h->ip6_plen) - 2 - 999 sizeof (esph_t) - ivlen))); 1000 *counter = DROPPER(ipss, ipds_esp_bad_padlen); 1001 return (B_FALSE); 1002 } 1003 1004 1005 /* 1006 * Fix the rest of the header. The explicit - 2 is for the 1007 * padding length and the next-header bytes. IPv6 is nice, 1008 * because there's no hdr checksum! 1009 */ 1010 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - padlen - 1011 2 - sizeof (esph_t) - ivlen); 1012 } 1013 1014 if (espstack->ipsecesp_padding_check > 0 && padlen > 0) { 1015 /* 1016 * Weak padding check: compare last-byte to length, they 1017 * should be equal. 1018 */ 1019 lastpad = *lastbyte--; 1020 1021 if (padlen != lastpad) { 1022 ipsec_rl_strlog(espstack->ipsecesp_netstack, 1023 info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 1024 "Corrupt ESP packet (lastpad != padlen).\n"); 1025 esp1dbg(espstack, 1026 ("lastpad (%d) not equal to padlen (%d):\n", 1027 lastpad, padlen)); 1028 ESP_BUMP_STAT(espstack, bad_padding); 1029 *counter = DROPPER(ipss, ipds_esp_bad_padding); 1030 return (B_FALSE); 1031 } 1032 1033 /* 1034 * Strong padding check: Check all pad bytes to see that 1035 * they're ascending. Go backwards using a descending counter 1036 * to verify. padlen == 1 is checked by previous block, so 1037 * only bother if we've more than 1 byte of padding. 1038 * Consequently, start the check one byte before the location 1039 * of "lastpad". 1040 */ 1041 if (espstack->ipsecesp_padding_check > 1) { 1042 /* 1043 * This assert may have to become an if and a pullup 1044 * if we start accepting multi-dblk mblks. For now, 1045 * though, any packet here will have been pulled up in 1046 * esp_inbound. 1047 */ 1048 ASSERT(MBLKL(scratch) >= lastpad + 3); 1049 1050 /* 1051 * Use "--lastpad" because we already checked the very 1052 * last pad byte previously. 1053 */ 1054 while (--lastpad != 0) { 1055 if (lastpad != *lastbyte) { 1056 ipsec_rl_strlog( 1057 espstack->ipsecesp_netstack, 1058 info.mi_idnum, 0, 0, 1059 SL_ERROR | SL_WARN, "Corrupt ESP " 1060 "packet (bad padding).\n"); 1061 esp1dbg(espstack, 1062 ("padding not in correct" 1063 " format:\n")); 1064 ESP_BUMP_STAT(espstack, bad_padding); 1065 *counter = DROPPER(ipss, 1066 ipds_esp_bad_padding); 1067 return (B_FALSE); 1068 } 1069 lastbyte--; 1070 } 1071 } 1072 } 1073 1074 /* Trim off the padding. */ 1075 ASSERT(data_mp->b_cont == NULL); 1076 data_mp->b_wptr -= (padlen + 2); 1077 1078 /* 1079 * Remove the ESP header. 1080 * 1081 * The above assertions about data_mp's size will make this work. 1082 * 1083 * XXX Question: If I send up and get back a contiguous mblk, 1084 * would it be quicker to bcopy over, or keep doing the dupb stuff? 1085 * I go with copying for now. 1086 */ 1087 1088 if (IS_P2ALIGNED(data_mp->b_rptr, sizeof (uint32_t)) && 1089 IS_P2ALIGNED(ivlen, sizeof (uint32_t))) { 1090 uint8_t *start = data_mp->b_rptr; 1091 uint32_t *src, *dst; 1092 1093 src = (uint32_t *)(start + divpoint); 1094 dst = (uint32_t *)(start + divpoint + sizeof (esph_t) + ivlen); 1095 1096 ASSERT(IS_P2ALIGNED(dst, sizeof (uint32_t)) && 1097 IS_P2ALIGNED(src, sizeof (uint32_t))); 1098 1099 do { 1100 src--; 1101 dst--; 1102 *dst = *src; 1103 } while (src != (uint32_t *)start); 1104 1105 data_mp->b_rptr = (uchar_t *)dst; 1106 } else { 1107 uint8_t *start = data_mp->b_rptr; 1108 uint8_t *src, *dst; 1109 1110 src = start + divpoint; 1111 dst = src + sizeof (esph_t) + ivlen; 1112 1113 do { 1114 src--; 1115 dst--; 1116 *dst = *src; 1117 } while (src != start); 1118 1119 data_mp->b_rptr = dst; 1120 } 1121 1122 esp2dbg(espstack, ("data_mp after inbound ESP adjustment:\n")); 1123 esp2dbg(espstack, (dump_msg(data_mp))); 1124 1125 return (B_TRUE); 1126 } 1127 1128 /* 1129 * Updating use times can be tricky business if the ipsa_haspeer flag is 1130 * set. This function is called once in an SA's lifetime. 1131 * 1132 * Caller has to REFRELE "assoc" which is passed in. This function has 1133 * to REFRELE any peer SA that is obtained. 1134 */ 1135 static void 1136 esp_set_usetime(ipsa_t *assoc, boolean_t inbound) 1137 { 1138 ipsa_t *inassoc, *outassoc; 1139 isaf_t *bucket; 1140 sadb_t *sp; 1141 int outhash; 1142 boolean_t isv6; 1143 netstack_t *ns = assoc->ipsa_netstack; 1144 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1145 1146 /* No peer? No problem! */ 1147 if (!assoc->ipsa_haspeer) { 1148 sadb_set_usetime(assoc); 1149 return; 1150 } 1151 1152 /* 1153 * Otherwise, we want to grab both the original assoc and its peer. 1154 * There might be a race for this, but if it's a real race, the times 1155 * will be out-of-synch by at most a second, and since our time 1156 * granularity is a second, this won't be a problem. 1157 * 1158 * If we need tight synchronization on the peer SA, then we need to 1159 * reconsider. 1160 */ 1161 1162 /* Use address length to select IPv6/IPv4 */ 1163 isv6 = (assoc->ipsa_addrfam == AF_INET6); 1164 sp = isv6 ? &espstack->esp_sadb.s_v6 : &espstack->esp_sadb.s_v4; 1165 1166 if (inbound) { 1167 inassoc = assoc; 1168 if (isv6) { 1169 outhash = OUTBOUND_HASH_V6(sp, *((in6_addr_t *) 1170 &inassoc->ipsa_dstaddr)); 1171 } else { 1172 outhash = OUTBOUND_HASH_V4(sp, *((ipaddr_t *) 1173 &inassoc->ipsa_dstaddr)); 1174 } 1175 bucket = &sp->sdb_of[outhash]; 1176 mutex_enter(&bucket->isaf_lock); 1177 outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi, 1178 inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr, 1179 inassoc->ipsa_addrfam); 1180 mutex_exit(&bucket->isaf_lock); 1181 if (outassoc == NULL) { 1182 /* Q: Do we wish to set haspeer == B_FALSE? */ 1183 esp0dbg(("esp_set_usetime: " 1184 "can't find peer for inbound.\n")); 1185 sadb_set_usetime(inassoc); 1186 return; 1187 } 1188 } else { 1189 outassoc = assoc; 1190 bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi); 1191 mutex_enter(&bucket->isaf_lock); 1192 inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi, 1193 outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr, 1194 outassoc->ipsa_addrfam); 1195 mutex_exit(&bucket->isaf_lock); 1196 if (inassoc == NULL) { 1197 /* Q: Do we wish to set haspeer == B_FALSE? */ 1198 esp0dbg(("esp_set_usetime: " 1199 "can't find peer for outbound.\n")); 1200 sadb_set_usetime(outassoc); 1201 return; 1202 } 1203 } 1204 1205 /* Update usetime on both. */ 1206 sadb_set_usetime(inassoc); 1207 sadb_set_usetime(outassoc); 1208 1209 /* 1210 * REFRELE any peer SA. 1211 * 1212 * Because of the multi-line macro nature of IPSA_REFRELE, keep 1213 * them in { }. 1214 */ 1215 if (inbound) { 1216 IPSA_REFRELE(outassoc); 1217 } else { 1218 IPSA_REFRELE(inassoc); 1219 } 1220 } 1221 1222 /* 1223 * Handle ESP inbound data for IPv4 and IPv6. 1224 * On success returns B_TRUE, on failure returns B_FALSE and frees the 1225 * mblk chain ipsec_in_mp. 1226 */ 1227 ipsec_status_t 1228 esp_inbound(mblk_t *ipsec_in_mp, void *arg) 1229 { 1230 mblk_t *data_mp = ipsec_in_mp->b_cont; 1231 ipsec_in_t *ii = (ipsec_in_t *)ipsec_in_mp->b_rptr; 1232 esph_t *esph = (esph_t *)arg; 1233 ipsa_t *ipsa = ii->ipsec_in_esp_sa; 1234 netstack_t *ns = ii->ipsec_in_ns; 1235 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1236 ipsec_stack_t *ipss = ns->netstack_ipsec; 1237 1238 /* 1239 * We may wish to check replay in-range-only here as an optimization. 1240 * Include the reality check of ipsa->ipsa_replay > 1241 * ipsa->ipsa_replay_wsize for times when it's the first N packets, 1242 * where N == ipsa->ipsa_replay_wsize. 1243 * 1244 * Another check that may come here later is the "collision" check. 1245 * If legitimate packets flow quickly enough, this won't be a problem, 1246 * but collisions may cause authentication algorithm crunching to 1247 * take place when it doesn't need to. 1248 */ 1249 if (!sadb_replay_peek(ipsa, esph->esph_replay)) { 1250 ESP_BUMP_STAT(espstack, replay_early_failures); 1251 IP_ESP_BUMP_STAT(ipss, in_discards); 1252 /* 1253 * TODO: Extract inbound interface from the IPSEC_IN 1254 * message's ii->ipsec_in_rill_index. 1255 */ 1256 ip_drop_packet(ipsec_in_mp, B_TRUE, NULL, NULL, 1257 DROPPER(ipss, ipds_esp_early_replay), 1258 &espstack->esp_dropper); 1259 return (IPSEC_STATUS_FAILED); 1260 } 1261 1262 /* 1263 * Has this packet already been processed by a hardware 1264 * IPsec accelerator? 1265 */ 1266 if (ii->ipsec_in_accelerated) { 1267 ipsec_status_t rv; 1268 esp3dbg(espstack, 1269 ("esp_inbound: pkt processed by ill=%d isv6=%d\n", 1270 ii->ipsec_in_ill_index, !ii->ipsec_in_v4)); 1271 rv = esp_inbound_accelerated(ipsec_in_mp, 1272 data_mp, ii->ipsec_in_v4, ipsa); 1273 return (rv); 1274 } 1275 ESP_BUMP_STAT(espstack, noaccel); 1276 1277 /* 1278 * Adjust the IP header's payload length to reflect the removal 1279 * of the ICV. 1280 */ 1281 if (!ii->ipsec_in_v4) { 1282 ip6_t *ip6h = (ip6_t *)data_mp->b_rptr; 1283 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - 1284 ipsa->ipsa_mac_len); 1285 } else { 1286 ipha_t *ipha = (ipha_t *)data_mp->b_rptr; 1287 ipha->ipha_length = htons(ntohs(ipha->ipha_length) - 1288 ipsa->ipsa_mac_len); 1289 } 1290 1291 /* submit the request to the crypto framework */ 1292 return (esp_submit_req_inbound(ipsec_in_mp, ipsa, 1293 (uint8_t *)esph - data_mp->b_rptr)); 1294 } 1295 1296 /* 1297 * Perform the really difficult work of inserting the proposed situation. 1298 * Called while holding the algorithm lock. 1299 */ 1300 static void 1301 esp_insert_prop(sadb_prop_t *prop, ipsacq_t *acqrec, uint_t combs) 1302 { 1303 sadb_comb_t *comb = (sadb_comb_t *)(prop + 1); 1304 ipsec_out_t *io; 1305 ipsec_action_t *ap; 1306 ipsec_prot_t *prot; 1307 netstack_t *ns; 1308 ipsecesp_stack_t *espstack; 1309 ipsec_stack_t *ipss; 1310 1311 io = (ipsec_out_t *)acqrec->ipsacq_mp->b_rptr; 1312 ASSERT(io->ipsec_out_type == IPSEC_OUT); 1313 ns = io->ipsec_out_ns; 1314 espstack = ns->netstack_ipsecesp; 1315 ipss = ns->netstack_ipsec; 1316 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock)); 1317 1318 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 1319 prop->sadb_prop_len = SADB_8TO64(sizeof (sadb_prop_t)); 1320 *(uint32_t *)(&prop->sadb_prop_replay) = 0; /* Quick zero-out! */ 1321 1322 prop->sadb_prop_replay = espstack->ipsecesp_replay_size; 1323 1324 /* 1325 * Based upon algorithm properties, and what-not, prioritize 1326 * a proposal. If the IPSEC_OUT message has an algorithm specified, 1327 * use it first and foremost. 1328 * 1329 * For each action in policy list 1330 * Add combination. If I've hit limit, return. 1331 */ 1332 1333 for (ap = acqrec->ipsacq_act; ap != NULL; 1334 ap = ap->ipa_next) { 1335 ipsec_alginfo_t *ealg = NULL; 1336 ipsec_alginfo_t *aalg = NULL; 1337 1338 if (ap->ipa_act.ipa_type != IPSEC_POLICY_APPLY) 1339 continue; 1340 1341 prot = &ap->ipa_act.ipa_apply; 1342 1343 if (!(prot->ipp_use_esp)) 1344 continue; 1345 1346 if (prot->ipp_esp_auth_alg != 0) { 1347 aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH] 1348 [prot->ipp_esp_auth_alg]; 1349 if (aalg == NULL || !ALG_VALID(aalg)) 1350 continue; 1351 } 1352 1353 ASSERT(prot->ipp_encr_alg > 0); 1354 ealg = ipss->ipsec_alglists[IPSEC_ALG_ENCR] 1355 [prot->ipp_encr_alg]; 1356 if (ealg == NULL || !ALG_VALID(ealg)) 1357 continue; 1358 1359 comb->sadb_comb_flags = 0; 1360 comb->sadb_comb_reserved = 0; 1361 comb->sadb_comb_encrypt = ealg->alg_id; 1362 comb->sadb_comb_encrypt_minbits = 1363 MAX(prot->ipp_espe_minbits, ealg->alg_ef_minbits); 1364 comb->sadb_comb_encrypt_maxbits = 1365 MIN(prot->ipp_espe_maxbits, ealg->alg_ef_maxbits); 1366 if (aalg == NULL) { 1367 comb->sadb_comb_auth = 0; 1368 comb->sadb_comb_auth_minbits = 0; 1369 comb->sadb_comb_auth_maxbits = 0; 1370 } else { 1371 comb->sadb_comb_auth = aalg->alg_id; 1372 comb->sadb_comb_auth_minbits = 1373 MAX(prot->ipp_espa_minbits, aalg->alg_ef_minbits); 1374 comb->sadb_comb_auth_maxbits = 1375 MIN(prot->ipp_espa_maxbits, aalg->alg_ef_maxbits); 1376 } 1377 1378 /* 1379 * The following may be based on algorithm 1380 * properties, but in the meantime, we just pick 1381 * some good, sensible numbers. Key mgmt. can 1382 * (and perhaps should) be the place to finalize 1383 * such decisions. 1384 */ 1385 1386 /* 1387 * No limits on allocations, since we really don't 1388 * support that concept currently. 1389 */ 1390 comb->sadb_comb_soft_allocations = 0; 1391 comb->sadb_comb_hard_allocations = 0; 1392 1393 /* 1394 * These may want to come from policy rule.. 1395 */ 1396 comb->sadb_comb_soft_bytes = 1397 espstack->ipsecesp_default_soft_bytes; 1398 comb->sadb_comb_hard_bytes = 1399 espstack->ipsecesp_default_hard_bytes; 1400 comb->sadb_comb_soft_addtime = 1401 espstack->ipsecesp_default_soft_addtime; 1402 comb->sadb_comb_hard_addtime = 1403 espstack->ipsecesp_default_hard_addtime; 1404 comb->sadb_comb_soft_usetime = 1405 espstack->ipsecesp_default_soft_usetime; 1406 comb->sadb_comb_hard_usetime = 1407 espstack->ipsecesp_default_hard_usetime; 1408 1409 prop->sadb_prop_len += SADB_8TO64(sizeof (*comb)); 1410 if (--combs == 0) 1411 break; /* out of space.. */ 1412 comb++; 1413 } 1414 } 1415 1416 /* 1417 * Prepare and actually send the SADB_ACQUIRE message to PF_KEY. 1418 */ 1419 static void 1420 esp_send_acquire(ipsacq_t *acqrec, mblk_t *extended, netstack_t *ns) 1421 { 1422 uint_t combs; 1423 sadb_msg_t *samsg; 1424 sadb_prop_t *prop; 1425 mblk_t *pfkeymp, *msgmp; 1426 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1427 ipsec_stack_t *ipss = ns->netstack_ipsec; 1428 1429 ESP_BUMP_STAT(espstack, acquire_requests); 1430 1431 if (espstack->esp_pfkey_q == NULL) { 1432 mutex_exit(&acqrec->ipsacq_lock); 1433 return; 1434 } 1435 1436 /* Set up ACQUIRE. */ 1437 pfkeymp = sadb_setup_acquire(acqrec, SADB_SATYPE_ESP, 1438 ns->netstack_ipsec); 1439 if (pfkeymp == NULL) { 1440 esp0dbg(("sadb_setup_acquire failed.\n")); 1441 mutex_exit(&acqrec->ipsacq_lock); 1442 return; 1443 } 1444 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock)); 1445 combs = ipss->ipsec_nalgs[IPSEC_ALG_AUTH] * 1446 ipss->ipsec_nalgs[IPSEC_ALG_ENCR]; 1447 msgmp = pfkeymp->b_cont; 1448 samsg = (sadb_msg_t *)(msgmp->b_rptr); 1449 1450 /* Insert proposal here. */ 1451 1452 prop = (sadb_prop_t *)(((uint64_t *)samsg) + samsg->sadb_msg_len); 1453 esp_insert_prop(prop, acqrec, combs); 1454 samsg->sadb_msg_len += prop->sadb_prop_len; 1455 msgmp->b_wptr += SADB_64TO8(samsg->sadb_msg_len); 1456 1457 mutex_exit(&ipss->ipsec_alg_lock); 1458 1459 /* 1460 * Must mutex_exit() before sending PF_KEY message up, in 1461 * order to avoid recursive mutex_enter() if there are no registered 1462 * listeners. 1463 * 1464 * Once I've sent the message, I'm cool anyway. 1465 */ 1466 mutex_exit(&acqrec->ipsacq_lock); 1467 if (extended != NULL) { 1468 putnext(espstack->esp_pfkey_q, extended); 1469 } 1470 putnext(espstack->esp_pfkey_q, pfkeymp); 1471 } 1472 1473 /* 1474 * Handle the SADB_GETSPI message. Create a larval SA. 1475 */ 1476 static void 1477 esp_getspi(mblk_t *mp, keysock_in_t *ksi, ipsecesp_stack_t *espstack) 1478 { 1479 ipsa_t *newbie, *target; 1480 isaf_t *outbound, *inbound; 1481 int rc, diagnostic; 1482 sadb_sa_t *assoc; 1483 keysock_out_t *kso; 1484 uint32_t newspi; 1485 1486 /* 1487 * Randomly generate a proposed SPI value 1488 */ 1489 if (cl_inet_getspi != NULL) { 1490 cl_inet_getspi(IPPROTO_ESP, (uint8_t *)&newspi, 1491 sizeof (uint32_t)); 1492 } else { 1493 (void) random_get_pseudo_bytes((uint8_t *)&newspi, 1494 sizeof (uint32_t)); 1495 } 1496 newbie = sadb_getspi(ksi, newspi, &diagnostic, 1497 espstack->ipsecesp_netstack, IPPROTO_ESP); 1498 1499 if (newbie == NULL) { 1500 sadb_pfkey_error(espstack->esp_pfkey_q, mp, ENOMEM, diagnostic, 1501 ksi->ks_in_serial); 1502 return; 1503 } else if (newbie == (ipsa_t *)-1) { 1504 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, diagnostic, 1505 ksi->ks_in_serial); 1506 return; 1507 } 1508 1509 /* 1510 * XXX - We may randomly collide. We really should recover from this. 1511 * Unfortunately, that could require spending way-too-much-time 1512 * in here. For now, let the user retry. 1513 */ 1514 1515 if (newbie->ipsa_addrfam == AF_INET6) { 1516 outbound = OUTBOUND_BUCKET_V6(&espstack->esp_sadb.s_v6, 1517 *(uint32_t *)(newbie->ipsa_dstaddr)); 1518 inbound = INBOUND_BUCKET(&espstack->esp_sadb.s_v6, 1519 newbie->ipsa_spi); 1520 } else { 1521 ASSERT(newbie->ipsa_addrfam == AF_INET); 1522 outbound = OUTBOUND_BUCKET_V4(&espstack->esp_sadb.s_v4, 1523 *(uint32_t *)(newbie->ipsa_dstaddr)); 1524 inbound = INBOUND_BUCKET(&espstack->esp_sadb.s_v4, 1525 newbie->ipsa_spi); 1526 } 1527 1528 mutex_enter(&outbound->isaf_lock); 1529 mutex_enter(&inbound->isaf_lock); 1530 1531 /* 1532 * Check for collisions (i.e. did sadb_getspi() return with something 1533 * that already exists?). 1534 * 1535 * Try outbound first. Even though SADB_GETSPI is traditionally 1536 * for inbound SAs, you never know what a user might do. 1537 */ 1538 target = ipsec_getassocbyspi(outbound, newbie->ipsa_spi, 1539 newbie->ipsa_srcaddr, newbie->ipsa_dstaddr, newbie->ipsa_addrfam); 1540 if (target == NULL) { 1541 target = ipsec_getassocbyspi(inbound, newbie->ipsa_spi, 1542 newbie->ipsa_srcaddr, newbie->ipsa_dstaddr, 1543 newbie->ipsa_addrfam); 1544 } 1545 1546 /* 1547 * I don't have collisions elsewhere! 1548 * (Nor will I because I'm still holding inbound/outbound locks.) 1549 */ 1550 1551 if (target != NULL) { 1552 rc = EEXIST; 1553 IPSA_REFRELE(target); 1554 } else { 1555 /* 1556 * sadb_insertassoc() also checks for collisions, so 1557 * if there's a colliding entry, rc will be set 1558 * to EEXIST. 1559 */ 1560 rc = sadb_insertassoc(newbie, inbound); 1561 newbie->ipsa_hardexpiretime = gethrestime_sec(); 1562 newbie->ipsa_hardexpiretime += 1563 espstack->ipsecesp_larval_timeout; 1564 } 1565 1566 /* 1567 * Can exit outbound mutex. Hold inbound until we're done 1568 * with newbie. 1569 */ 1570 mutex_exit(&outbound->isaf_lock); 1571 1572 if (rc != 0) { 1573 mutex_exit(&inbound->isaf_lock); 1574 IPSA_REFRELE(newbie); 1575 sadb_pfkey_error(espstack->esp_pfkey_q, mp, rc, 1576 SADB_X_DIAGNOSTIC_NONE, ksi->ks_in_serial); 1577 return; 1578 } 1579 1580 1581 /* Can write here because I'm still holding the bucket lock. */ 1582 newbie->ipsa_type = SADB_SATYPE_ESP; 1583 1584 /* 1585 * Construct successful return message. We have one thing going 1586 * for us in PF_KEY v2. That's the fact that 1587 * sizeof (sadb_spirange_t) == sizeof (sadb_sa_t) 1588 */ 1589 assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SPIRANGE]; 1590 assoc->sadb_sa_exttype = SADB_EXT_SA; 1591 assoc->sadb_sa_spi = newbie->ipsa_spi; 1592 *((uint64_t *)(&assoc->sadb_sa_replay)) = 0; 1593 mutex_exit(&inbound->isaf_lock); 1594 1595 /* Convert KEYSOCK_IN to KEYSOCK_OUT. */ 1596 kso = (keysock_out_t *)ksi; 1597 kso->ks_out_len = sizeof (*kso); 1598 kso->ks_out_serial = ksi->ks_in_serial; 1599 kso->ks_out_type = KEYSOCK_OUT; 1600 1601 /* 1602 * Can safely putnext() to esp_pfkey_q, because this is a turnaround 1603 * from the esp_pfkey_q. 1604 */ 1605 putnext(espstack->esp_pfkey_q, mp); 1606 } 1607 1608 /* 1609 * Insert the ESP header into a packet. Duplicate an mblk, and insert a newly 1610 * allocated mblk with the ESP header in between the two. 1611 */ 1612 static boolean_t 1613 esp_insert_esp(mblk_t *mp, mblk_t *esp_mp, uint_t divpoint, 1614 ipsecesp_stack_t *espstack) 1615 { 1616 mblk_t *split_mp = mp; 1617 uint_t wheretodiv = divpoint; 1618 1619 while ((split_mp->b_wptr - split_mp->b_rptr) < wheretodiv) { 1620 wheretodiv -= (split_mp->b_wptr - split_mp->b_rptr); 1621 split_mp = split_mp->b_cont; 1622 ASSERT(split_mp != NULL); 1623 } 1624 1625 if (split_mp->b_wptr - split_mp->b_rptr != wheretodiv) { 1626 mblk_t *scratch; 1627 1628 /* "scratch" is the 2nd half, split_mp is the first. */ 1629 scratch = dupb(split_mp); 1630 if (scratch == NULL) { 1631 esp1dbg(espstack, 1632 ("esp_insert_esp: can't allocate scratch.\n")); 1633 return (B_FALSE); 1634 } 1635 /* NOTE: dupb() doesn't set b_cont appropriately. */ 1636 scratch->b_cont = split_mp->b_cont; 1637 scratch->b_rptr += wheretodiv; 1638 split_mp->b_wptr = split_mp->b_rptr + wheretodiv; 1639 split_mp->b_cont = scratch; 1640 } 1641 /* 1642 * At this point, split_mp is exactly "wheretodiv" bytes long, and 1643 * holds the end of the pre-ESP part of the datagram. 1644 */ 1645 esp_mp->b_cont = split_mp->b_cont; 1646 split_mp->b_cont = esp_mp; 1647 1648 return (B_TRUE); 1649 } 1650 1651 /* 1652 * Section 7 of RFC 3947 says: 1653 * 1654 * 7. Recovering from the Expiring NAT Mappings 1655 * 1656 * There are cases where NAT box decides to remove mappings that are still 1657 * alive (for example, when the keepalive interval is too long, or when the 1658 * NAT box is rebooted). To recover from this, ends that are NOT behind 1659 * NAT SHOULD use the last valid UDP encapsulated IKE or IPsec packet from 1660 * the other end to determine which IP and port addresses should be used. 1661 * The host behind dynamic NAT MUST NOT do this, as otherwise it opens a 1662 * DoS attack possibility because the IP address or port of the other host 1663 * will not change (it is not behind NAT). 1664 * 1665 * Keepalives cannot be used for these purposes, as they are not 1666 * authenticated, but any IKE authenticated IKE packet or ESP packet can be 1667 * used to detect whether the IP address or the port has changed. 1668 * 1669 * The following function will check an SA and its explicitly-set pair to see 1670 * if the NAT-T remote port matches the received packet (which must have 1671 * passed ESP authentication, see esp_in_done() for the caller context). If 1672 * there is a mismatch, the SAs are updated. It is not important if we race 1673 * with a transmitting thread, as if there is a transmitting thread, it will 1674 * merely emit a packet that will most-likely be dropped. 1675 * 1676 * "ports" are ordered src,dst, and assoc is an inbound SA, where src should 1677 * match ipsa_remote_nat_port and dst should match ipsa_local_nat_port. 1678 */ 1679 #ifdef _LITTLE_ENDIAN 1680 #define FIRST_16(x) ((x) & 0xFFFF) 1681 #define NEXT_16(x) (((x) >> 16) & 0xFFFF) 1682 #else 1683 #define FIRST_16(x) (((x) >> 16) & 0xFFFF) 1684 #define NEXT_16(x) ((x) & 0xFFFF) 1685 #endif 1686 static void 1687 esp_port_freshness(uint32_t ports, ipsa_t *assoc) 1688 { 1689 uint16_t remote = FIRST_16(ports); 1690 uint16_t local = NEXT_16(ports); 1691 ipsa_t *outbound_peer; 1692 isaf_t *bucket; 1693 ipsecesp_stack_t *espstack = assoc->ipsa_netstack->netstack_ipsecesp; 1694 1695 /* We found a conn_t, therefore local != 0. */ 1696 ASSERT(local != 0); 1697 /* Assume an IPv4 SA. */ 1698 ASSERT(assoc->ipsa_addrfam == AF_INET); 1699 1700 /* 1701 * On-the-wire rport == 0 means something's very wrong. 1702 * An unpaired SA is also useless to us. 1703 * If we are behind the NAT, don't bother. 1704 * A zero local NAT port defaults to 4500, so check that too. 1705 * And, of course, if the ports already match, we don't need to 1706 * bother. 1707 */ 1708 if (remote == 0 || assoc->ipsa_otherspi == 0 || 1709 (assoc->ipsa_flags & IPSA_F_BEHIND_NAT) || 1710 (assoc->ipsa_remote_nat_port == 0 && 1711 remote == htons(IPPORT_IKE_NATT)) || 1712 remote == assoc->ipsa_remote_nat_port) 1713 return; 1714 1715 /* Try and snag the peer. NOTE: Assume IPv4 for now. */ 1716 bucket = OUTBOUND_BUCKET_V4(&(espstack->esp_sadb.s_v4), 1717 assoc->ipsa_srcaddr[0]); 1718 mutex_enter(&bucket->isaf_lock); 1719 outbound_peer = ipsec_getassocbyspi(bucket, assoc->ipsa_otherspi, 1720 assoc->ipsa_dstaddr, assoc->ipsa_srcaddr, AF_INET); 1721 mutex_exit(&bucket->isaf_lock); 1722 1723 /* We probably lost a race to a deleting or expiring thread. */ 1724 if (outbound_peer == NULL) 1725 return; 1726 1727 /* 1728 * Hold the mutexes for both SAs so we don't race another inbound 1729 * thread. A lock-entry order shouldn't matter, since all other 1730 * per-ipsa locks are individually held-then-released. 1731 * 1732 * Luckily, this has nothing to do with the remote-NAT address, 1733 * so we don't have to re-scribble the cached-checksum differential. 1734 */ 1735 mutex_enter(&outbound_peer->ipsa_lock); 1736 mutex_enter(&assoc->ipsa_lock); 1737 outbound_peer->ipsa_remote_nat_port = assoc->ipsa_remote_nat_port = 1738 remote; 1739 mutex_exit(&assoc->ipsa_lock); 1740 mutex_exit(&outbound_peer->ipsa_lock); 1741 IPSA_REFRELE(outbound_peer); 1742 ESP_BUMP_STAT(espstack, sa_port_renumbers); 1743 } 1744 /* 1745 * Finish processing of an inbound ESP packet after processing by the 1746 * crypto framework. 1747 * - Remove the ESP header. 1748 * - Send packet back to IP. 1749 * If authentication was performed on the packet, this function is called 1750 * only if the authentication succeeded. 1751 * On success returns B_TRUE, on failure returns B_FALSE and frees the 1752 * mblk chain ipsec_in_mp. 1753 */ 1754 static ipsec_status_t 1755 esp_in_done(mblk_t *ipsec_in_mp) 1756 { 1757 ipsec_in_t *ii = (ipsec_in_t *)ipsec_in_mp->b_rptr; 1758 mblk_t *data_mp; 1759 ipsa_t *assoc; 1760 uint_t espstart; 1761 uint32_t ivlen = 0; 1762 uint_t processed_len; 1763 esph_t *esph; 1764 kstat_named_t *counter; 1765 boolean_t is_natt; 1766 netstack_t *ns = ii->ipsec_in_ns; 1767 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1768 ipsec_stack_t *ipss = ns->netstack_ipsec; 1769 1770 assoc = ii->ipsec_in_esp_sa; 1771 ASSERT(assoc != NULL); 1772 1773 is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0); 1774 1775 /* get the pointer to the ESP header */ 1776 if (assoc->ipsa_encr_alg == SADB_EALG_NULL) { 1777 /* authentication-only ESP */ 1778 espstart = ii->ipsec_in_crypto_data.cd_offset; 1779 processed_len = ii->ipsec_in_crypto_data.cd_length; 1780 } else { 1781 /* encryption present */ 1782 ivlen = assoc->ipsa_iv_len; 1783 if (assoc->ipsa_auth_alg == SADB_AALG_NONE) { 1784 /* encryption-only ESP */ 1785 espstart = ii->ipsec_in_crypto_data.cd_offset - 1786 sizeof (esph_t) - assoc->ipsa_iv_len; 1787 processed_len = ii->ipsec_in_crypto_data.cd_length + 1788 ivlen; 1789 } else { 1790 /* encryption with authentication */ 1791 espstart = ii->ipsec_in_crypto_dual_data.dd_offset1; 1792 processed_len = ii->ipsec_in_crypto_dual_data.dd_len2 + 1793 ivlen; 1794 } 1795 } 1796 1797 data_mp = ipsec_in_mp->b_cont; 1798 esph = (esph_t *)(data_mp->b_rptr + espstart); 1799 1800 if (assoc->ipsa_auth_alg != IPSA_AALG_NONE) { 1801 /* authentication passed if we reach this point */ 1802 ESP_BUMP_STAT(espstack, good_auth); 1803 data_mp->b_wptr -= assoc->ipsa_mac_len; 1804 1805 /* 1806 * Check replay window here! 1807 * For right now, assume keysock will set the replay window 1808 * size to zero for SAs that have an unspecified sender. 1809 * This may change... 1810 */ 1811 1812 if (!sadb_replay_check(assoc, esph->esph_replay)) { 1813 /* 1814 * Log the event. As of now we print out an event. 1815 * Do not print the replay failure number, or else 1816 * syslog cannot collate the error messages. Printing 1817 * the replay number that failed opens a denial-of- 1818 * service attack. 1819 */ 1820 ipsec_assocfailure(info.mi_idnum, 0, 0, 1821 SL_ERROR | SL_WARN, 1822 "Replay failed for ESP spi 0x%x, dst %s.\n", 1823 assoc->ipsa_spi, assoc->ipsa_dstaddr, 1824 assoc->ipsa_addrfam, espstack->ipsecesp_netstack); 1825 ESP_BUMP_STAT(espstack, replay_failures); 1826 counter = DROPPER(ipss, ipds_esp_replay); 1827 goto drop_and_bail; 1828 } 1829 1830 if (is_natt) 1831 esp_port_freshness(ii->ipsec_in_esp_udp_ports, assoc); 1832 } 1833 1834 esp_set_usetime(assoc, B_TRUE); 1835 1836 if (!esp_age_bytes(assoc, processed_len, B_TRUE)) { 1837 /* The ipsa has hit hard expiration, LOG and AUDIT. */ 1838 ipsec_assocfailure(info.mi_idnum, 0, 0, 1839 SL_ERROR | SL_WARN, 1840 "ESP association 0x%x, dst %s had bytes expire.\n", 1841 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam, 1842 espstack->ipsecesp_netstack); 1843 ESP_BUMP_STAT(espstack, bytes_expired); 1844 counter = DROPPER(ipss, ipds_esp_bytes_expire); 1845 goto drop_and_bail; 1846 } 1847 1848 /* 1849 * Remove ESP header and padding from packet. I hope the compiler 1850 * spews "branch, predict taken" code for this. 1851 */ 1852 1853 if (esp_strip_header(data_mp, ii->ipsec_in_v4, ivlen, &counter, 1854 espstack)) { 1855 if (is_natt) 1856 return (esp_fix_natt_checksums(data_mp, assoc)); 1857 1858 if (assoc->ipsa_state == IPSA_STATE_IDLE) { 1859 /* 1860 * Cluster buffering case. Tell caller that we're 1861 * handling the packet. 1862 */ 1863 sadb_buf_pkt(assoc, ipsec_in_mp, ns); 1864 return (IPSEC_STATUS_PENDING); 1865 } 1866 1867 return (IPSEC_STATUS_SUCCESS); 1868 } 1869 1870 esp1dbg(espstack, ("esp_in_done: esp_strip_header() failed\n")); 1871 drop_and_bail: 1872 IP_ESP_BUMP_STAT(ipss, in_discards); 1873 /* 1874 * TODO: Extract inbound interface from the IPSEC_IN message's 1875 * ii->ipsec_in_rill_index. 1876 */ 1877 ip_drop_packet(ipsec_in_mp, B_TRUE, NULL, NULL, counter, 1878 &espstack->esp_dropper); 1879 return (IPSEC_STATUS_FAILED); 1880 } 1881 1882 /* 1883 * Called upon failing the inbound ICV check. The message passed as 1884 * argument is freed. 1885 */ 1886 static void 1887 esp_log_bad_auth(mblk_t *ipsec_in) 1888 { 1889 ipsec_in_t *ii = (ipsec_in_t *)ipsec_in->b_rptr; 1890 ipsa_t *assoc = ii->ipsec_in_esp_sa; 1891 netstack_t *ns = ii->ipsec_in_ns; 1892 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1893 ipsec_stack_t *ipss = ns->netstack_ipsec; 1894 1895 /* 1896 * Log the event. Don't print to the console, block 1897 * potential denial-of-service attack. 1898 */ 1899 ESP_BUMP_STAT(espstack, bad_auth); 1900 1901 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 1902 "ESP Authentication failed for spi 0x%x, dst %s.\n", 1903 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam, 1904 espstack->ipsecesp_netstack); 1905 1906 IP_ESP_BUMP_STAT(ipss, in_discards); 1907 /* 1908 * TODO: Extract inbound interface from the IPSEC_IN 1909 * message's ii->ipsec_in_rill_index. 1910 */ 1911 ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL, 1912 DROPPER(ipss, ipds_esp_bad_auth), 1913 &espstack->esp_dropper); 1914 } 1915 1916 1917 /* 1918 * Invoked for outbound packets after ESP processing. If the packet 1919 * also requires AH, performs the AH SA selection and AH processing. 1920 * Returns B_TRUE if the AH processing was not needed or if it was 1921 * performed successfully. Returns B_FALSE and consumes the passed mblk 1922 * if AH processing was required but could not be performed. 1923 */ 1924 static boolean_t 1925 esp_do_outbound_ah(mblk_t *ipsec_mp) 1926 { 1927 ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr; 1928 ipsec_status_t ipsec_rc; 1929 ipsec_action_t *ap; 1930 1931 ap = io->ipsec_out_act; 1932 if (ap == NULL) { 1933 ipsec_policy_t *pp = io->ipsec_out_policy; 1934 ap = pp->ipsp_act; 1935 } 1936 1937 if (!ap->ipa_want_ah) 1938 return (B_TRUE); 1939 1940 ASSERT(io->ipsec_out_ah_done == B_FALSE); 1941 1942 if (io->ipsec_out_ah_sa == NULL) { 1943 if (!ipsec_outbound_sa(ipsec_mp, IPPROTO_AH)) { 1944 sadb_acquire(ipsec_mp, io, B_TRUE, B_FALSE); 1945 return (B_FALSE); 1946 } 1947 } 1948 ASSERT(io->ipsec_out_ah_sa != NULL); 1949 1950 io->ipsec_out_ah_done = B_TRUE; 1951 ipsec_rc = io->ipsec_out_ah_sa->ipsa_output_func(ipsec_mp); 1952 return (ipsec_rc == IPSEC_STATUS_SUCCESS); 1953 } 1954 1955 1956 /* 1957 * Kernel crypto framework callback invoked after completion of async 1958 * crypto requests. 1959 */ 1960 static void 1961 esp_kcf_callback(void *arg, int status) 1962 { 1963 mblk_t *ipsec_mp = (mblk_t *)arg; 1964 ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr; 1965 ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr; 1966 boolean_t is_inbound = (ii->ipsec_in_type == IPSEC_IN); 1967 netstackid_t stackid; 1968 netstack_t *ns, *ns_arg; 1969 ipsecesp_stack_t *espstack; 1970 ipsec_stack_t *ipss; 1971 1972 ASSERT(ipsec_mp->b_cont != NULL); 1973 1974 if (is_inbound) { 1975 stackid = ii->ipsec_in_stackid; 1976 ns_arg = ii->ipsec_in_ns; 1977 } else { 1978 stackid = io->ipsec_out_stackid; 1979 ns_arg = io->ipsec_out_ns; 1980 } 1981 1982 /* 1983 * Verify that the netstack is still around; could have vanished 1984 * while kEf was doing its work. 1985 */ 1986 ns = netstack_find_by_stackid(stackid); 1987 if (ns == NULL || ns != ns_arg) { 1988 /* Disappeared on us */ 1989 if (ns != NULL) 1990 netstack_rele(ns); 1991 freemsg(ipsec_mp); 1992 return; 1993 } 1994 1995 espstack = ns->netstack_ipsecesp; 1996 ipss = ns->netstack_ipsec; 1997 1998 if (status == CRYPTO_SUCCESS) { 1999 if (is_inbound) { 2000 if (esp_in_done(ipsec_mp) != IPSEC_STATUS_SUCCESS) { 2001 netstack_rele(ns); 2002 return; 2003 } 2004 /* finish IPsec processing */ 2005 ip_fanout_proto_again(ipsec_mp, NULL, NULL, NULL); 2006 } else { 2007 /* 2008 * If a ICV was computed, it was stored by the 2009 * crypto framework at the end of the packet. 2010 */ 2011 ipha_t *ipha = (ipha_t *)ipsec_mp->b_cont->b_rptr; 2012 2013 esp_set_usetime(io->ipsec_out_esp_sa, B_FALSE); 2014 /* NAT-T packet. */ 2015 if (ipha->ipha_protocol == IPPROTO_UDP) 2016 esp_prepare_udp(ns, ipsec_mp->b_cont, ipha); 2017 2018 /* do AH processing if needed */ 2019 if (!esp_do_outbound_ah(ipsec_mp)) { 2020 netstack_rele(ns); 2021 return; 2022 } 2023 /* finish IPsec processing */ 2024 if (IPH_HDR_VERSION(ipha) == IP_VERSION) { 2025 ip_wput_ipsec_out(NULL, ipsec_mp, ipha, NULL, 2026 NULL); 2027 } else { 2028 ip6_t *ip6h = (ip6_t *)ipha; 2029 ip_wput_ipsec_out_v6(NULL, ipsec_mp, ip6h, 2030 NULL, NULL); 2031 } 2032 } 2033 2034 } else if (status == CRYPTO_INVALID_MAC) { 2035 esp_log_bad_auth(ipsec_mp); 2036 2037 } else { 2038 esp1dbg(espstack, 2039 ("esp_kcf_callback: crypto failed with 0x%x\n", 2040 status)); 2041 ESP_BUMP_STAT(espstack, crypto_failures); 2042 if (is_inbound) 2043 IP_ESP_BUMP_STAT(ipss, in_discards); 2044 else 2045 ESP_BUMP_STAT(espstack, out_discards); 2046 ip_drop_packet(ipsec_mp, is_inbound, NULL, NULL, 2047 DROPPER(ipss, ipds_esp_crypto_failed), 2048 &espstack->esp_dropper); 2049 } 2050 netstack_rele(ns); 2051 } 2052 2053 /* 2054 * Invoked on crypto framework failure during inbound and outbound processing. 2055 */ 2056 static void 2057 esp_crypto_failed(mblk_t *mp, boolean_t is_inbound, int kef_rc, 2058 ipsecesp_stack_t *espstack) 2059 { 2060 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 2061 2062 esp1dbg(espstack, ("crypto failed for %s ESP with 0x%x\n", 2063 is_inbound ? "inbound" : "outbound", kef_rc)); 2064 ip_drop_packet(mp, is_inbound, NULL, NULL, 2065 DROPPER(ipss, ipds_esp_crypto_failed), 2066 &espstack->esp_dropper); 2067 ESP_BUMP_STAT(espstack, crypto_failures); 2068 if (is_inbound) 2069 IP_ESP_BUMP_STAT(ipss, in_discards); 2070 else 2071 ESP_BUMP_STAT(espstack, out_discards); 2072 } 2073 2074 #define ESP_INIT_CALLREQ(_cr) { \ 2075 (_cr)->cr_flag = CRYPTO_SKIP_REQID|CRYPTO_RESTRICTED; \ 2076 (_cr)->cr_callback_arg = ipsec_mp; \ 2077 (_cr)->cr_callback_func = esp_kcf_callback; \ 2078 } 2079 2080 #define ESP_INIT_CRYPTO_MAC(mac, icvlen, icvbuf) { \ 2081 (mac)->cd_format = CRYPTO_DATA_RAW; \ 2082 (mac)->cd_offset = 0; \ 2083 (mac)->cd_length = icvlen; \ 2084 (mac)->cd_raw.iov_base = (char *)icvbuf; \ 2085 (mac)->cd_raw.iov_len = icvlen; \ 2086 } 2087 2088 #define ESP_INIT_CRYPTO_DATA(data, mp, off, len) { \ 2089 if (MBLKL(mp) >= (len) + (off)) { \ 2090 (data)->cd_format = CRYPTO_DATA_RAW; \ 2091 (data)->cd_raw.iov_base = (char *)(mp)->b_rptr; \ 2092 (data)->cd_raw.iov_len = MBLKL(mp); \ 2093 (data)->cd_offset = off; \ 2094 } else { \ 2095 (data)->cd_format = CRYPTO_DATA_MBLK; \ 2096 (data)->cd_mp = mp; \ 2097 (data)->cd_offset = off; \ 2098 } \ 2099 (data)->cd_length = len; \ 2100 } 2101 2102 #define ESP_INIT_CRYPTO_DUAL_DATA(data, mp, off1, len1, off2, len2) { \ 2103 (data)->dd_format = CRYPTO_DATA_MBLK; \ 2104 (data)->dd_mp = mp; \ 2105 (data)->dd_len1 = len1; \ 2106 (data)->dd_offset1 = off1; \ 2107 (data)->dd_len2 = len2; \ 2108 (data)->dd_offset2 = off2; \ 2109 } 2110 2111 static ipsec_status_t 2112 esp_submit_req_inbound(mblk_t *ipsec_mp, ipsa_t *assoc, uint_t esph_offset) 2113 { 2114 ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr; 2115 boolean_t do_auth; 2116 uint_t auth_offset, msg_len, auth_len; 2117 crypto_call_req_t call_req; 2118 mblk_t *esp_mp; 2119 int kef_rc = CRYPTO_FAILED; 2120 uint_t icv_len = assoc->ipsa_mac_len; 2121 crypto_ctx_template_t auth_ctx_tmpl; 2122 boolean_t do_encr; 2123 uint_t encr_offset, encr_len; 2124 uint_t iv_len = assoc->ipsa_iv_len; 2125 crypto_ctx_template_t encr_ctx_tmpl; 2126 netstack_t *ns = ii->ipsec_in_ns; 2127 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 2128 ipsec_stack_t *ipss = ns->netstack_ipsec; 2129 2130 ASSERT(ii->ipsec_in_type == IPSEC_IN); 2131 2132 /* 2133 * In case kEF queues and calls back, keep netstackid_t for 2134 * verification that the IP instance is still around in 2135 * esp_kcf_callback(). 2136 */ 2137 ii->ipsec_in_stackid = ns->netstack_stackid; 2138 2139 do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE; 2140 do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL; 2141 2142 /* 2143 * An inbound packet is of the form: 2144 * IPSEC_IN -> [IP,options,ESP,IV,data,ICV,pad] 2145 */ 2146 esp_mp = ipsec_mp->b_cont; 2147 msg_len = MBLKL(esp_mp); 2148 2149 ESP_INIT_CALLREQ(&call_req); 2150 2151 if (do_auth) { 2152 /* force asynchronous processing? */ 2153 if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_AUTH] == 2154 IPSEC_ALGS_EXEC_ASYNC) 2155 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 2156 2157 /* authentication context template */ 2158 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH, 2159 auth_ctx_tmpl); 2160 2161 /* ICV to be verified */ 2162 ESP_INIT_CRYPTO_MAC(&ii->ipsec_in_crypto_mac, 2163 icv_len, esp_mp->b_wptr - icv_len); 2164 2165 /* authentication starts at the ESP header */ 2166 auth_offset = esph_offset; 2167 auth_len = msg_len - auth_offset - icv_len; 2168 if (!do_encr) { 2169 /* authentication only */ 2170 /* initialize input data argument */ 2171 ESP_INIT_CRYPTO_DATA(&ii->ipsec_in_crypto_data, 2172 esp_mp, auth_offset, auth_len); 2173 2174 /* call the crypto framework */ 2175 kef_rc = crypto_mac_verify(&assoc->ipsa_amech, 2176 &ii->ipsec_in_crypto_data, 2177 &assoc->ipsa_kcfauthkey, auth_ctx_tmpl, 2178 &ii->ipsec_in_crypto_mac, &call_req); 2179 } 2180 } 2181 2182 if (do_encr) { 2183 /* force asynchronous processing? */ 2184 if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_ENCR] == 2185 IPSEC_ALGS_EXEC_ASYNC) 2186 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 2187 2188 /* encryption template */ 2189 IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR, 2190 encr_ctx_tmpl); 2191 2192 /* skip IV, since it is passed separately */ 2193 encr_offset = esph_offset + sizeof (esph_t) + iv_len; 2194 encr_len = msg_len - encr_offset; 2195 2196 if (!do_auth) { 2197 /* decryption only */ 2198 /* initialize input data argument */ 2199 ESP_INIT_CRYPTO_DATA(&ii->ipsec_in_crypto_data, 2200 esp_mp, encr_offset, encr_len); 2201 2202 /* specify IV */ 2203 ii->ipsec_in_crypto_data.cd_miscdata = 2204 (char *)esp_mp->b_rptr + sizeof (esph_t) + 2205 esph_offset; 2206 2207 /* call the crypto framework */ 2208 kef_rc = crypto_decrypt(&assoc->ipsa_emech, 2209 &ii->ipsec_in_crypto_data, 2210 &assoc->ipsa_kcfencrkey, encr_ctx_tmpl, 2211 NULL, &call_req); 2212 } 2213 } 2214 2215 if (do_auth && do_encr) { 2216 /* dual operation */ 2217 /* initialize input data argument */ 2218 ESP_INIT_CRYPTO_DUAL_DATA(&ii->ipsec_in_crypto_dual_data, 2219 esp_mp, auth_offset, auth_len, 2220 encr_offset, encr_len - icv_len); 2221 2222 /* specify IV */ 2223 ii->ipsec_in_crypto_dual_data.dd_miscdata = 2224 (char *)esp_mp->b_rptr + sizeof (esph_t) + esph_offset; 2225 2226 /* call the framework */ 2227 kef_rc = crypto_mac_verify_decrypt(&assoc->ipsa_amech, 2228 &assoc->ipsa_emech, &ii->ipsec_in_crypto_dual_data, 2229 &assoc->ipsa_kcfauthkey, &assoc->ipsa_kcfencrkey, 2230 auth_ctx_tmpl, encr_ctx_tmpl, &ii->ipsec_in_crypto_mac, 2231 NULL, &call_req); 2232 } 2233 2234 switch (kef_rc) { 2235 case CRYPTO_SUCCESS: 2236 ESP_BUMP_STAT(espstack, crypto_sync); 2237 return (esp_in_done(ipsec_mp)); 2238 case CRYPTO_QUEUED: 2239 /* esp_kcf_callback() will be invoked on completion */ 2240 ESP_BUMP_STAT(espstack, crypto_async); 2241 return (IPSEC_STATUS_PENDING); 2242 case CRYPTO_INVALID_MAC: 2243 ESP_BUMP_STAT(espstack, crypto_sync); 2244 esp_log_bad_auth(ipsec_mp); 2245 return (IPSEC_STATUS_FAILED); 2246 } 2247 2248 esp_crypto_failed(ipsec_mp, B_TRUE, kef_rc, espstack); 2249 return (IPSEC_STATUS_FAILED); 2250 } 2251 2252 /* 2253 * Compute the IP and UDP checksums -- common code for both keepalives and 2254 * actual ESP-in-UDP packets. Be flexible with multiple mblks because ESP 2255 * uses mblk-insertion to insert the UDP header. 2256 * TODO - If there is an easy way to prep a packet for HW checksums, make 2257 * it happen here. 2258 */ 2259 static void 2260 esp_prepare_udp(netstack_t *ns, mblk_t *mp, ipha_t *ipha) 2261 { 2262 int offset; 2263 uint32_t cksum; 2264 uint16_t *arr; 2265 mblk_t *udpmp = mp; 2266 uint_t hlen = IPH_HDR_LENGTH(ipha); 2267 2268 ASSERT(MBLKL(mp) >= sizeof (ipha_t)); 2269 2270 ipha->ipha_hdr_checksum = 0; 2271 ipha->ipha_hdr_checksum = ip_csum_hdr(ipha); 2272 2273 if (ns->netstack_udp->us_do_checksum) { 2274 ASSERT(MBLKL(udpmp) >= sizeof (udpha_t)); 2275 /* arr points to the IP header. */ 2276 arr = (uint16_t *)ipha; 2277 IP_STAT(ns->netstack_ip, ip_out_sw_cksum); 2278 IP_STAT_UPDATE(ns->netstack_ip, ip_udp_out_sw_cksum_bytes, 2279 ntohs(htons(ipha->ipha_length) - hlen)); 2280 /* arr[6-9] are the IP addresses. */ 2281 cksum = IP_UDP_CSUM_COMP + arr[6] + arr[7] + arr[8] + arr[9] + 2282 ntohs(htons(ipha->ipha_length) - hlen); 2283 cksum = IP_CSUM(mp, hlen, cksum); 2284 offset = hlen + UDP_CHECKSUM_OFFSET; 2285 while (offset >= MBLKL(udpmp)) { 2286 offset -= MBLKL(udpmp); 2287 udpmp = udpmp->b_cont; 2288 } 2289 /* arr points to the UDP header's checksum field. */ 2290 arr = (uint16_t *)(udpmp->b_rptr + offset); 2291 *arr = cksum; 2292 } 2293 } 2294 2295 /* 2296 * Send a one-byte UDP NAT-T keepalive. Construct an IPSEC_OUT too that'll 2297 * get fed into esp_send_udp/ip_wput_ipsec_out. 2298 */ 2299 void 2300 ipsecesp_send_keepalive(ipsa_t *assoc) 2301 { 2302 mblk_t *mp = NULL, *ipsec_mp = NULL; 2303 ipha_t *ipha; 2304 udpha_t *udpha; 2305 ipsec_out_t *io; 2306 2307 ASSERT(MUTEX_NOT_HELD(&assoc->ipsa_lock)); 2308 2309 mp = allocb(sizeof (ipha_t) + sizeof (udpha_t) + 1, BPRI_HI); 2310 if (mp == NULL) 2311 return; 2312 ipha = (ipha_t *)mp->b_rptr; 2313 ipha->ipha_version_and_hdr_length = IP_SIMPLE_HDR_VERSION; 2314 ipha->ipha_type_of_service = 0; 2315 ipha->ipha_length = htons(sizeof (ipha_t) + sizeof (udpha_t) + 1); 2316 /* Use the low-16 of the SPI so we have some clue where it came from. */ 2317 ipha->ipha_ident = *(((uint16_t *)(&assoc->ipsa_spi)) + 1); 2318 ipha->ipha_fragment_offset_and_flags = 0; /* Too small to fragment! */ 2319 ipha->ipha_ttl = 0xFF; 2320 ipha->ipha_protocol = IPPROTO_UDP; 2321 ipha->ipha_hdr_checksum = 0; 2322 ipha->ipha_src = assoc->ipsa_srcaddr[0]; 2323 ipha->ipha_dst = assoc->ipsa_dstaddr[0]; 2324 udpha = (udpha_t *)(ipha + 1); 2325 udpha->uha_src_port = (assoc->ipsa_local_nat_port != 0) ? 2326 assoc->ipsa_local_nat_port : htons(IPPORT_IKE_NATT); 2327 udpha->uha_dst_port = (assoc->ipsa_remote_nat_port != 0) ? 2328 assoc->ipsa_remote_nat_port : htons(IPPORT_IKE_NATT); 2329 udpha->uha_length = htons(sizeof (udpha_t) + 1); 2330 udpha->uha_checksum = 0; 2331 mp->b_wptr = (uint8_t *)(udpha + 1); 2332 *(mp->b_wptr++) = 0xFF; 2333 2334 ipsec_mp = ipsec_alloc_ipsec_out(assoc->ipsa_netstack); 2335 if (ipsec_mp == NULL) { 2336 freeb(mp); 2337 return; 2338 } 2339 ipsec_mp->b_cont = mp; 2340 io = (ipsec_out_t *)ipsec_mp->b_rptr; 2341 io->ipsec_out_zoneid = 2342 netstackid_to_zoneid(assoc->ipsa_netstack->netstack_stackid); 2343 2344 esp_prepare_udp(assoc->ipsa_netstack, mp, ipha); 2345 ip_wput_ipsec_out(NULL, ipsec_mp, ipha, NULL, NULL); 2346 } 2347 2348 static ipsec_status_t 2349 esp_submit_req_outbound(mblk_t *ipsec_mp, ipsa_t *assoc, uchar_t *icv_buf, 2350 uint_t payload_len) 2351 { 2352 ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr; 2353 uint_t auth_len; 2354 crypto_call_req_t call_req; 2355 mblk_t *esp_mp; 2356 int kef_rc = CRYPTO_FAILED; 2357 uint_t icv_len = assoc->ipsa_mac_len; 2358 crypto_ctx_template_t auth_ctx_tmpl; 2359 boolean_t do_auth; 2360 boolean_t do_encr; 2361 uint_t iv_len = assoc->ipsa_iv_len; 2362 crypto_ctx_template_t encr_ctx_tmpl; 2363 boolean_t is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0); 2364 size_t esph_offset = (is_natt ? UDPH_SIZE : 0); 2365 netstack_t *ns = io->ipsec_out_ns; 2366 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 2367 ipsec_stack_t *ipss = ns->netstack_ipsec; 2368 2369 esp3dbg(espstack, ("esp_submit_req_outbound:%s", 2370 is_natt ? "natt" : "not natt")); 2371 2372 ASSERT(io->ipsec_out_type == IPSEC_OUT); 2373 2374 /* 2375 * In case kEF queues and calls back, keep netstackid_t for 2376 * verification that the IP instance is still around in 2377 * esp_kcf_callback(). 2378 */ 2379 io->ipsec_out_stackid = ns->netstack_stackid; 2380 2381 do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL; 2382 do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE; 2383 2384 /* 2385 * Outbound IPsec packets are of the form: 2386 * IPSEC_OUT -> [IP,options] -> [ESP,IV] -> [data] -> [pad,ICV] 2387 * unless it's NATT, then it's 2388 * IPSEC_OUT -> [IP,options] -> [udp][ESP,IV] -> [data] -> [pad,ICV] 2389 * Get a pointer to the mblk containing the ESP header. 2390 */ 2391 ASSERT(ipsec_mp->b_cont != NULL && ipsec_mp->b_cont->b_cont != NULL); 2392 esp_mp = ipsec_mp->b_cont->b_cont; 2393 2394 ESP_INIT_CALLREQ(&call_req); 2395 2396 if (do_auth) { 2397 /* force asynchronous processing? */ 2398 if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_AUTH] == 2399 IPSEC_ALGS_EXEC_ASYNC) 2400 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 2401 2402 /* authentication context template */ 2403 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH, 2404 auth_ctx_tmpl); 2405 2406 /* where to store the computed mac */ 2407 ESP_INIT_CRYPTO_MAC(&io->ipsec_out_crypto_mac, 2408 icv_len, icv_buf); 2409 2410 /* authentication starts at the ESP header */ 2411 auth_len = payload_len + iv_len + sizeof (esph_t); 2412 if (!do_encr) { 2413 /* authentication only */ 2414 /* initialize input data argument */ 2415 ESP_INIT_CRYPTO_DATA(&io->ipsec_out_crypto_data, 2416 esp_mp, esph_offset, auth_len); 2417 2418 /* call the crypto framework */ 2419 kef_rc = crypto_mac(&assoc->ipsa_amech, 2420 &io->ipsec_out_crypto_data, 2421 &assoc->ipsa_kcfauthkey, auth_ctx_tmpl, 2422 &io->ipsec_out_crypto_mac, &call_req); 2423 } 2424 } 2425 2426 if (do_encr) { 2427 /* force asynchronous processing? */ 2428 if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_ENCR] == 2429 IPSEC_ALGS_EXEC_ASYNC) 2430 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 2431 2432 /* encryption context template */ 2433 IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR, 2434 encr_ctx_tmpl); 2435 2436 if (!do_auth) { 2437 /* encryption only, skip mblk that contains ESP hdr */ 2438 /* initialize input data argument */ 2439 ESP_INIT_CRYPTO_DATA(&io->ipsec_out_crypto_data, 2440 esp_mp->b_cont, 0, payload_len); 2441 2442 /* specify IV */ 2443 io->ipsec_out_crypto_data.cd_miscdata = 2444 (char *)esp_mp->b_rptr + sizeof (esph_t) + 2445 esph_offset; 2446 2447 /* call the crypto framework */ 2448 kef_rc = crypto_encrypt(&assoc->ipsa_emech, 2449 &io->ipsec_out_crypto_data, 2450 &assoc->ipsa_kcfencrkey, encr_ctx_tmpl, 2451 NULL, &call_req); 2452 } 2453 } 2454 2455 if (do_auth && do_encr) { 2456 /* 2457 * Encryption and authentication: 2458 * Pass the pointer to the mblk chain starting at the ESP 2459 * header to the framework. Skip the ESP header mblk 2460 * for encryption, which is reflected by an encryption 2461 * offset equal to the length of that mblk. Start 2462 * the authentication at the ESP header, i.e. use an 2463 * authentication offset of zero. 2464 */ 2465 ESP_INIT_CRYPTO_DUAL_DATA(&io->ipsec_out_crypto_dual_data, 2466 esp_mp, MBLKL(esp_mp), payload_len, esph_offset, auth_len); 2467 2468 /* specify IV */ 2469 io->ipsec_out_crypto_dual_data.dd_miscdata = 2470 (char *)esp_mp->b_rptr + sizeof (esph_t) + esph_offset; 2471 2472 /* call the framework */ 2473 kef_rc = crypto_encrypt_mac(&assoc->ipsa_emech, 2474 &assoc->ipsa_amech, NULL, 2475 &assoc->ipsa_kcfencrkey, &assoc->ipsa_kcfauthkey, 2476 encr_ctx_tmpl, auth_ctx_tmpl, 2477 &io->ipsec_out_crypto_dual_data, 2478 &io->ipsec_out_crypto_mac, &call_req); 2479 } 2480 2481 switch (kef_rc) { 2482 case CRYPTO_SUCCESS: 2483 ESP_BUMP_STAT(espstack, crypto_sync); 2484 esp_set_usetime(assoc, B_FALSE); 2485 if (is_natt) 2486 esp_prepare_udp(ns, ipsec_mp->b_cont, 2487 (ipha_t *)ipsec_mp->b_cont->b_rptr); 2488 return (IPSEC_STATUS_SUCCESS); 2489 case CRYPTO_QUEUED: 2490 /* esp_kcf_callback() will be invoked on completion */ 2491 ESP_BUMP_STAT(espstack, crypto_async); 2492 return (IPSEC_STATUS_PENDING); 2493 } 2494 2495 esp_crypto_failed(ipsec_mp, B_TRUE, kef_rc, espstack); 2496 return (IPSEC_STATUS_FAILED); 2497 } 2498 2499 /* 2500 * Handle outbound IPsec processing for IPv4 and IPv6 2501 * On success returns B_TRUE, on failure returns B_FALSE and frees the 2502 * mblk chain ipsec_in_mp. 2503 */ 2504 static ipsec_status_t 2505 esp_outbound(mblk_t *mp) 2506 { 2507 mblk_t *ipsec_out_mp, *data_mp, *espmp, *tailmp; 2508 ipsec_out_t *io; 2509 ipha_t *ipha; 2510 ip6_t *ip6h; 2511 esph_t *esph; 2512 uint_t af; 2513 uint8_t *nhp; 2514 uintptr_t divpoint, datalen, adj, padlen, i, alloclen; 2515 uintptr_t esplen = sizeof (esph_t); 2516 uint8_t protocol; 2517 ipsa_t *assoc; 2518 uint_t iv_len, mac_len = 0; 2519 uchar_t *icv_buf; 2520 udpha_t *udpha; 2521 boolean_t is_natt = B_FALSE; 2522 netstack_t *ns; 2523 ipsecesp_stack_t *espstack; 2524 ipsec_stack_t *ipss; 2525 2526 ipsec_out_mp = mp; 2527 data_mp = ipsec_out_mp->b_cont; 2528 2529 io = (ipsec_out_t *)ipsec_out_mp->b_rptr; 2530 ns = io->ipsec_out_ns; 2531 espstack = ns->netstack_ipsecesp; 2532 ipss = ns->netstack_ipsec; 2533 2534 ESP_BUMP_STAT(espstack, out_requests); 2535 2536 /* 2537 * <sigh> We have to copy the message here, because TCP (for example) 2538 * keeps a dupb() of the message lying around for retransmission. 2539 * Since ESP changes the whole of the datagram, we have to create our 2540 * own copy lest we clobber TCP's data. Since we have to copy anyway, 2541 * we might as well make use of msgpullup() and get the mblk into one 2542 * contiguous piece! 2543 */ 2544 ipsec_out_mp->b_cont = msgpullup(data_mp, -1); 2545 if (ipsec_out_mp->b_cont == NULL) { 2546 esp0dbg(("esp_outbound: msgpullup() failed, " 2547 "dropping packet.\n")); 2548 ipsec_out_mp->b_cont = data_mp; 2549 /* 2550 * TODO: Find the outbound IRE for this packet and 2551 * pass it to ip_drop_packet(). 2552 */ 2553 ip_drop_packet(ipsec_out_mp, B_FALSE, NULL, NULL, 2554 DROPPER(ipss, ipds_esp_nomem), 2555 &espstack->esp_dropper); 2556 return (IPSEC_STATUS_FAILED); 2557 } else { 2558 freemsg(data_mp); 2559 data_mp = ipsec_out_mp->b_cont; 2560 } 2561 2562 /* 2563 * Reality check.... 2564 */ 2565 2566 ipha = (ipha_t *)data_mp->b_rptr; /* So we can call esp_acquire(). */ 2567 2568 if (io->ipsec_out_v4) { 2569 af = AF_INET; 2570 divpoint = IPH_HDR_LENGTH(ipha); 2571 datalen = ntohs(ipha->ipha_length) - divpoint; 2572 nhp = (uint8_t *)&ipha->ipha_protocol; 2573 } else { 2574 ip6_pkt_t ipp; 2575 2576 af = AF_INET6; 2577 ip6h = (ip6_t *)ipha; 2578 bzero(&ipp, sizeof (ipp)); 2579 divpoint = ip_find_hdr_v6(data_mp, ip6h, &ipp, NULL); 2580 if (ipp.ipp_dstopts != NULL && 2581 ipp.ipp_dstopts->ip6d_nxt != IPPROTO_ROUTING) { 2582 /* 2583 * Destination options are tricky. If we get in here, 2584 * then we have a terminal header following the 2585 * destination options. We need to adjust backwards 2586 * so we insert ESP BEFORE the destination options 2587 * bag. (So that the dstopts get encrypted!) 2588 * 2589 * Since this is for outbound packets only, we know 2590 * that non-terminal destination options only precede 2591 * routing headers. 2592 */ 2593 divpoint -= ipp.ipp_dstoptslen; 2594 } 2595 datalen = ntohs(ip6h->ip6_plen) + sizeof (ip6_t) - divpoint; 2596 2597 if (ipp.ipp_rthdr != NULL) { 2598 nhp = &ipp.ipp_rthdr->ip6r_nxt; 2599 } else if (ipp.ipp_hopopts != NULL) { 2600 nhp = &ipp.ipp_hopopts->ip6h_nxt; 2601 } else { 2602 ASSERT(divpoint == sizeof (ip6_t)); 2603 /* It's probably IP + ESP. */ 2604 nhp = &ip6h->ip6_nxt; 2605 } 2606 } 2607 assoc = io->ipsec_out_esp_sa; 2608 ASSERT(assoc != NULL); 2609 2610 if (assoc->ipsa_auth_alg != SADB_AALG_NONE) 2611 mac_len = assoc->ipsa_mac_len; 2612 2613 if (assoc->ipsa_flags & IPSA_F_NATT) { 2614 /* wedge in fake UDP */ 2615 is_natt = B_TRUE; 2616 esplen += UDPH_SIZE; 2617 } 2618 2619 /* 2620 * Set up ESP header and encryption padding for ENCR PI request. 2621 */ 2622 2623 /* Determine the padding length. Pad to 4-bytes for no-encryption. */ 2624 if (assoc->ipsa_encr_alg != SADB_EALG_NULL) { 2625 iv_len = assoc->ipsa_iv_len; 2626 2627 /* 2628 * Include the two additional bytes (hence the - 2) for the 2629 * padding length and the next header. Take this into account 2630 * when calculating the actual length of the padding. 2631 */ 2632 ASSERT(ISP2(iv_len)); 2633 padlen = ((unsigned)(iv_len - datalen - 2)) & (iv_len - 1); 2634 } else { 2635 iv_len = 0; 2636 padlen = ((unsigned)(sizeof (uint32_t) - datalen - 2)) & 2637 (sizeof (uint32_t) - 1); 2638 } 2639 2640 /* Allocate ESP header and IV. */ 2641 esplen += iv_len; 2642 2643 /* 2644 * Update association byte-count lifetimes. Don't forget to take 2645 * into account the padding length and next-header (hence the + 2). 2646 * 2647 * Use the amount of data fed into the "encryption algorithm". This 2648 * is the IV, the data length, the padding length, and the final two 2649 * bytes (padlen, and next-header). 2650 * 2651 */ 2652 2653 if (!esp_age_bytes(assoc, datalen + padlen + iv_len + 2, B_FALSE)) { 2654 /* 2655 * TODO: Find the outbound IRE for this packet and 2656 * pass it to ip_drop_packet(). 2657 */ 2658 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2659 DROPPER(ipss, ipds_esp_bytes_expire), 2660 &espstack->esp_dropper); 2661 return (IPSEC_STATUS_FAILED); 2662 } 2663 2664 espmp = allocb(esplen, BPRI_HI); 2665 if (espmp == NULL) { 2666 ESP_BUMP_STAT(espstack, out_discards); 2667 esp1dbg(espstack, ("esp_outbound: can't allocate espmp.\n")); 2668 /* 2669 * TODO: Find the outbound IRE for this packet and 2670 * pass it to ip_drop_packet(). 2671 */ 2672 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2673 DROPPER(ipss, ipds_esp_nomem), 2674 &espstack->esp_dropper); 2675 return (IPSEC_STATUS_FAILED); 2676 } 2677 espmp->b_wptr += esplen; 2678 esph = (esph_t *)espmp->b_rptr; 2679 2680 if (is_natt) { 2681 esp3dbg(espstack, ("esp_outbound: NATT")); 2682 2683 udpha = (udpha_t *)espmp->b_rptr; 2684 udpha->uha_src_port = (assoc->ipsa_local_nat_port != 0) ? 2685 assoc->ipsa_local_nat_port : htons(IPPORT_IKE_NATT); 2686 udpha->uha_dst_port = (assoc->ipsa_remote_nat_port != 0) ? 2687 assoc->ipsa_remote_nat_port : htons(IPPORT_IKE_NATT); 2688 /* 2689 * Set the checksum to 0, so that the esp_prepare_udp() call 2690 * can do the right thing. 2691 */ 2692 udpha->uha_checksum = 0; 2693 esph = (esph_t *)(udpha + 1); 2694 } 2695 2696 esph->esph_spi = assoc->ipsa_spi; 2697 2698 esph->esph_replay = htonl(atomic_add_32_nv(&assoc->ipsa_replay, 1)); 2699 if (esph->esph_replay == 0 && assoc->ipsa_replay_wsize != 0) { 2700 /* 2701 * XXX We have replay counter wrapping. 2702 * We probably want to nuke this SA (and its peer). 2703 */ 2704 ipsec_assocfailure(info.mi_idnum, 0, 0, 2705 SL_ERROR | SL_CONSOLE | SL_WARN, 2706 "Outbound ESP SA (0x%x, %s) has wrapped sequence.\n", 2707 esph->esph_spi, assoc->ipsa_dstaddr, af, 2708 espstack->ipsecesp_netstack); 2709 2710 ESP_BUMP_STAT(espstack, out_discards); 2711 sadb_replay_delete(assoc); 2712 /* 2713 * TODO: Find the outbound IRE for this packet and 2714 * pass it to ip_drop_packet(). 2715 */ 2716 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2717 DROPPER(ipss, ipds_esp_replay), 2718 &espstack->esp_dropper); 2719 return (IPSEC_STATUS_FAILED); 2720 } 2721 2722 /* 2723 * Set the IV to a random quantity. We do not require the 2724 * highest quality random bits, but for best security with CBC 2725 * mode ciphers, the value must be unlikely to repeat and also 2726 * must not be known in advance to an adversary capable of 2727 * influencing the plaintext. 2728 */ 2729 (void) random_get_pseudo_bytes((uint8_t *)(esph + 1), iv_len); 2730 2731 /* Fix the IP header. */ 2732 alloclen = padlen + 2 + mac_len; 2733 adj = alloclen + (espmp->b_wptr - espmp->b_rptr); 2734 2735 protocol = *nhp; 2736 2737 if (io->ipsec_out_v4) { 2738 ipha->ipha_length = htons(ntohs(ipha->ipha_length) + adj); 2739 if (is_natt) { 2740 *nhp = IPPROTO_UDP; 2741 udpha->uha_length = htons(ntohs(ipha->ipha_length) - 2742 IPH_HDR_LENGTH(ipha)); 2743 } else { 2744 *nhp = IPPROTO_ESP; 2745 } 2746 ipha->ipha_hdr_checksum = 0; 2747 ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha); 2748 } else { 2749 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) + adj); 2750 *nhp = IPPROTO_ESP; 2751 } 2752 2753 /* I've got the two ESP mblks, now insert them. */ 2754 2755 esp2dbg(espstack, ("data_mp before outbound ESP adjustment:\n")); 2756 esp2dbg(espstack, (dump_msg(data_mp))); 2757 2758 if (!esp_insert_esp(data_mp, espmp, divpoint, espstack)) { 2759 ESP_BUMP_STAT(espstack, out_discards); 2760 /* NOTE: esp_insert_esp() only fails if there's no memory. */ 2761 /* 2762 * TODO: Find the outbound IRE for this packet and 2763 * pass it to ip_drop_packet(). 2764 */ 2765 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2766 DROPPER(ipss, ipds_esp_nomem), 2767 &espstack->esp_dropper); 2768 freeb(espmp); 2769 return (IPSEC_STATUS_FAILED); 2770 } 2771 2772 /* Append padding (and leave room for ICV). */ 2773 for (tailmp = data_mp; tailmp->b_cont != NULL; tailmp = tailmp->b_cont) 2774 ; 2775 if (tailmp->b_wptr + alloclen > tailmp->b_datap->db_lim) { 2776 tailmp->b_cont = allocb(alloclen, BPRI_HI); 2777 if (tailmp->b_cont == NULL) { 2778 ESP_BUMP_STAT(espstack, out_discards); 2779 esp0dbg(("esp_outbound: Can't allocate tailmp.\n")); 2780 /* 2781 * TODO: Find the outbound IRE for this packet and 2782 * pass it to ip_drop_packet(). 2783 */ 2784 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2785 DROPPER(ipss, ipds_esp_nomem), 2786 &espstack->esp_dropper); 2787 return (IPSEC_STATUS_FAILED); 2788 } 2789 tailmp = tailmp->b_cont; 2790 } 2791 2792 /* 2793 * If there's padding, N bytes of padding must be of the form 0x1, 2794 * 0x2, 0x3... 0xN. 2795 */ 2796 for (i = 0; i < padlen; ) { 2797 i++; 2798 *tailmp->b_wptr++ = i; 2799 } 2800 *tailmp->b_wptr++ = i; 2801 *tailmp->b_wptr++ = protocol; 2802 2803 esp2dbg(espstack, ("data_Mp before encryption:\n")); 2804 esp2dbg(espstack, (dump_msg(data_mp))); 2805 2806 /* 2807 * The packet is eligible for hardware acceleration if the 2808 * following conditions are satisfied: 2809 * 2810 * 1. the packet will not be fragmented 2811 * 2. the provider supports the algorithms specified by SA 2812 * 3. there is no pending control message being exchanged 2813 * 4. snoop is not attached 2814 * 5. the destination address is not a multicast address 2815 * 2816 * All five of these conditions are checked by IP prior to 2817 * sending the packet to ESP. 2818 * 2819 * But We, and We Alone, can, nay MUST check if the packet 2820 * is over NATT, and then disqualify it from hardware 2821 * acceleration. 2822 */ 2823 2824 if (io->ipsec_out_is_capab_ill && !(assoc->ipsa_flags & IPSA_F_NATT)) { 2825 return (esp_outbound_accelerated(ipsec_out_mp, mac_len)); 2826 } 2827 ESP_BUMP_STAT(espstack, noaccel); 2828 2829 /* 2830 * Okay. I've set up the pre-encryption ESP. Let's do it! 2831 */ 2832 2833 if (mac_len > 0) { 2834 ASSERT(tailmp->b_wptr + mac_len <= tailmp->b_datap->db_lim); 2835 icv_buf = tailmp->b_wptr; 2836 tailmp->b_wptr += mac_len; 2837 } else { 2838 icv_buf = NULL; 2839 } 2840 2841 return (esp_submit_req_outbound(ipsec_out_mp, assoc, icv_buf, 2842 datalen + padlen + 2)); 2843 } 2844 2845 /* 2846 * IP calls this to validate the ICMP errors that 2847 * we got from the network. 2848 */ 2849 ipsec_status_t 2850 ipsecesp_icmp_error(mblk_t *ipsec_mp) 2851 { 2852 ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr; 2853 boolean_t is_inbound = (ii->ipsec_in_type == IPSEC_IN); 2854 netstack_t *ns; 2855 ipsecesp_stack_t *espstack; 2856 ipsec_stack_t *ipss; 2857 2858 if (is_inbound) { 2859 ns = ii->ipsec_in_ns; 2860 } else { 2861 ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr; 2862 2863 ns = io->ipsec_out_ns; 2864 } 2865 espstack = ns->netstack_ipsecesp; 2866 ipss = ns->netstack_ipsec; 2867 2868 /* 2869 * Unless we get an entire packet back, this function is useless. 2870 * Why? 2871 * 2872 * 1.) Partial packets are useless, because the "next header" 2873 * is at the end of the decrypted ESP packet. Without the 2874 * whole packet, this is useless. 2875 * 2876 * 2.) If we every use a stateful cipher, such as a stream or a 2877 * one-time pad, we can't do anything. 2878 * 2879 * Since the chances of us getting an entire packet back are very 2880 * very small, we discard here. 2881 */ 2882 IP_ESP_BUMP_STAT(ipss, in_discards); 2883 ip_drop_packet(ipsec_mp, B_TRUE, NULL, NULL, 2884 DROPPER(ipss, ipds_esp_icmp), 2885 &espstack->esp_dropper); 2886 return (IPSEC_STATUS_FAILED); 2887 } 2888 2889 /* 2890 * ESP module read put routine. 2891 */ 2892 /* ARGSUSED */ 2893 static void 2894 ipsecesp_rput(queue_t *q, mblk_t *mp) 2895 { 2896 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 2897 2898 ASSERT(mp->b_datap->db_type != M_CTL); /* No more IRE_DB_REQ. */ 2899 2900 switch (mp->b_datap->db_type) { 2901 case M_PROTO: 2902 case M_PCPROTO: 2903 /* TPI message of some sort. */ 2904 switch (*((t_scalar_t *)mp->b_rptr)) { 2905 case T_BIND_ACK: 2906 esp3dbg(espstack, 2907 ("Thank you IP from ESP for T_BIND_ACK\n")); 2908 break; 2909 case T_ERROR_ACK: 2910 cmn_err(CE_WARN, 2911 "ipsecesp: ESP received T_ERROR_ACK from IP."); 2912 /* 2913 * Make esp_sadb.s_ip_q NULL, and in the 2914 * future, perhaps try again. 2915 */ 2916 espstack->esp_sadb.s_ip_q = NULL; 2917 break; 2918 case T_OK_ACK: 2919 /* Probably from a (rarely sent) T_UNBIND_REQ. */ 2920 break; 2921 default: 2922 esp0dbg(("Unknown M_{,PC}PROTO message.\n")); 2923 } 2924 freemsg(mp); 2925 break; 2926 default: 2927 /* For now, passthru message. */ 2928 esp2dbg(espstack, ("ESP got unknown mblk type %d.\n", 2929 mp->b_datap->db_type)); 2930 putnext(q, mp); 2931 } 2932 } 2933 2934 /* 2935 * Construct an SADB_REGISTER message with the current algorithms. 2936 */ 2937 static boolean_t 2938 esp_register_out(uint32_t sequence, uint32_t pid, uint_t serial, 2939 ipsecesp_stack_t *espstack) 2940 { 2941 mblk_t *pfkey_msg_mp, *keysock_out_mp; 2942 sadb_msg_t *samsg; 2943 sadb_supported_t *sasupp_auth = NULL; 2944 sadb_supported_t *sasupp_encr = NULL; 2945 sadb_alg_t *saalg; 2946 uint_t allocsize = sizeof (*samsg); 2947 uint_t i, numalgs_snap; 2948 int current_aalgs; 2949 ipsec_alginfo_t **authalgs; 2950 uint_t num_aalgs; 2951 int current_ealgs; 2952 ipsec_alginfo_t **encralgs; 2953 uint_t num_ealgs; 2954 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 2955 2956 /* Allocate the KEYSOCK_OUT. */ 2957 keysock_out_mp = sadb_keysock_out(serial); 2958 if (keysock_out_mp == NULL) { 2959 esp0dbg(("esp_register_out: couldn't allocate mblk.\n")); 2960 return (B_FALSE); 2961 } 2962 2963 /* 2964 * Allocate the PF_KEY message that follows KEYSOCK_OUT. 2965 */ 2966 2967 mutex_enter(&ipss->ipsec_alg_lock); 2968 2969 /* 2970 * Fill SADB_REGISTER message's algorithm descriptors. Hold 2971 * down the lock while filling it. 2972 * 2973 * Return only valid algorithms, so the number of algorithms 2974 * to send up may be less than the number of algorithm entries 2975 * in the table. 2976 */ 2977 authalgs = ipss->ipsec_alglists[IPSEC_ALG_AUTH]; 2978 for (num_aalgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++) 2979 if (authalgs[i] != NULL && ALG_VALID(authalgs[i])) 2980 num_aalgs++; 2981 2982 if (num_aalgs != 0) { 2983 allocsize += (num_aalgs * sizeof (*saalg)); 2984 allocsize += sizeof (*sasupp_auth); 2985 } 2986 encralgs = ipss->ipsec_alglists[IPSEC_ALG_ENCR]; 2987 for (num_ealgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++) 2988 if (encralgs[i] != NULL && ALG_VALID(encralgs[i])) 2989 num_ealgs++; 2990 2991 if (num_ealgs != 0) { 2992 allocsize += (num_ealgs * sizeof (*saalg)); 2993 allocsize += sizeof (*sasupp_encr); 2994 } 2995 keysock_out_mp->b_cont = allocb(allocsize, BPRI_HI); 2996 if (keysock_out_mp->b_cont == NULL) { 2997 mutex_exit(&ipss->ipsec_alg_lock); 2998 freemsg(keysock_out_mp); 2999 return (B_FALSE); 3000 } 3001 3002 pfkey_msg_mp = keysock_out_mp->b_cont; 3003 pfkey_msg_mp->b_wptr += allocsize; 3004 if (num_aalgs != 0) { 3005 sasupp_auth = (sadb_supported_t *) 3006 (pfkey_msg_mp->b_rptr + sizeof (*samsg)); 3007 saalg = (sadb_alg_t *)(sasupp_auth + 1); 3008 3009 ASSERT(((ulong_t)saalg & 0x7) == 0); 3010 3011 numalgs_snap = 0; 3012 for (i = 0; 3013 ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_aalgs)); 3014 i++) { 3015 if (authalgs[i] == NULL || !ALG_VALID(authalgs[i])) 3016 continue; 3017 3018 saalg->sadb_alg_id = authalgs[i]->alg_id; 3019 saalg->sadb_alg_ivlen = 0; 3020 saalg->sadb_alg_minbits = authalgs[i]->alg_ef_minbits; 3021 saalg->sadb_alg_maxbits = authalgs[i]->alg_ef_maxbits; 3022 saalg->sadb_x_alg_defincr = authalgs[i]->alg_ef_default; 3023 saalg->sadb_x_alg_increment = 3024 authalgs[i]->alg_increment; 3025 numalgs_snap++; 3026 saalg++; 3027 } 3028 ASSERT(numalgs_snap == num_aalgs); 3029 #ifdef DEBUG 3030 /* 3031 * Reality check to make sure I snagged all of the 3032 * algorithms. 3033 */ 3034 for (; i < IPSEC_MAX_ALGS; i++) { 3035 if (authalgs[i] != NULL && ALG_VALID(authalgs[i])) { 3036 cmn_err(CE_PANIC, "esp_register_out()! " 3037 "Missed aalg #%d.\n", i); 3038 } 3039 } 3040 #endif /* DEBUG */ 3041 } else { 3042 saalg = (sadb_alg_t *)(pfkey_msg_mp->b_rptr + sizeof (*samsg)); 3043 } 3044 3045 if (num_ealgs != 0) { 3046 sasupp_encr = (sadb_supported_t *)saalg; 3047 saalg = (sadb_alg_t *)(sasupp_encr + 1); 3048 3049 numalgs_snap = 0; 3050 for (i = 0; 3051 ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_ealgs)); i++) { 3052 if (encralgs[i] == NULL || !ALG_VALID(encralgs[i])) 3053 continue; 3054 saalg->sadb_alg_id = encralgs[i]->alg_id; 3055 saalg->sadb_alg_ivlen = encralgs[i]->alg_datalen; 3056 saalg->sadb_alg_minbits = encralgs[i]->alg_ef_minbits; 3057 saalg->sadb_alg_maxbits = encralgs[i]->alg_ef_maxbits; 3058 saalg->sadb_x_alg_defincr = encralgs[i]->alg_ef_default; 3059 saalg->sadb_x_alg_increment = 3060 encralgs[i]->alg_increment; 3061 numalgs_snap++; 3062 saalg++; 3063 } 3064 ASSERT(numalgs_snap == num_ealgs); 3065 #ifdef DEBUG 3066 /* 3067 * Reality check to make sure I snagged all of the 3068 * algorithms. 3069 */ 3070 for (; i < IPSEC_MAX_ALGS; i++) { 3071 if (encralgs[i] != NULL && ALG_VALID(encralgs[i])) { 3072 cmn_err(CE_PANIC, "esp_register_out()! " 3073 "Missed ealg #%d.\n", i); 3074 } 3075 } 3076 #endif /* DEBUG */ 3077 } 3078 3079 current_aalgs = num_aalgs; 3080 current_ealgs = num_ealgs; 3081 3082 mutex_exit(&ipss->ipsec_alg_lock); 3083 3084 /* Now fill the rest of the SADB_REGISTER message. */ 3085 3086 samsg = (sadb_msg_t *)pfkey_msg_mp->b_rptr; 3087 samsg->sadb_msg_version = PF_KEY_V2; 3088 samsg->sadb_msg_type = SADB_REGISTER; 3089 samsg->sadb_msg_errno = 0; 3090 samsg->sadb_msg_satype = SADB_SATYPE_ESP; 3091 samsg->sadb_msg_len = SADB_8TO64(allocsize); 3092 samsg->sadb_msg_reserved = 0; 3093 /* 3094 * Assume caller has sufficient sequence/pid number info. If it's one 3095 * from me over a new alg., I could give two hoots about sequence. 3096 */ 3097 samsg->sadb_msg_seq = sequence; 3098 samsg->sadb_msg_pid = pid; 3099 3100 if (sasupp_auth != NULL) { 3101 sasupp_auth->sadb_supported_len = SADB_8TO64( 3102 sizeof (*sasupp_auth) + sizeof (*saalg) * current_aalgs); 3103 sasupp_auth->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 3104 sasupp_auth->sadb_supported_reserved = 0; 3105 } 3106 3107 if (sasupp_encr != NULL) { 3108 sasupp_encr->sadb_supported_len = SADB_8TO64( 3109 sizeof (*sasupp_encr) + sizeof (*saalg) * current_ealgs); 3110 sasupp_encr->sadb_supported_exttype = 3111 SADB_EXT_SUPPORTED_ENCRYPT; 3112 sasupp_encr->sadb_supported_reserved = 0; 3113 } 3114 3115 if (espstack->esp_pfkey_q != NULL) 3116 putnext(espstack->esp_pfkey_q, keysock_out_mp); 3117 else { 3118 freemsg(keysock_out_mp); 3119 return (B_FALSE); 3120 } 3121 3122 return (B_TRUE); 3123 } 3124 3125 /* 3126 * Invoked when the algorithm table changes. Causes SADB_REGISTER 3127 * messages continaining the current list of algorithms to be 3128 * sent up to the ESP listeners. 3129 */ 3130 void 3131 ipsecesp_algs_changed(netstack_t *ns) 3132 { 3133 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 3134 3135 /* 3136 * Time to send a PF_KEY SADB_REGISTER message to ESP listeners 3137 * everywhere. (The function itself checks for NULL esp_pfkey_q.) 3138 */ 3139 (void) esp_register_out(0, 0, 0, espstack); 3140 } 3141 3142 /* 3143 * taskq_dispatch handler. 3144 */ 3145 static void 3146 inbound_task(void *arg) 3147 { 3148 esph_t *esph; 3149 mblk_t *mp = (mblk_t *)arg; 3150 ipsec_in_t *ii = (ipsec_in_t *)mp->b_rptr; 3151 netstack_t *ns = ii->ipsec_in_ns; 3152 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 3153 int ipsec_rc; 3154 3155 esp2dbg(espstack, ("in ESP inbound_task")); 3156 ASSERT(espstack != NULL); 3157 3158 esph = ipsec_inbound_esp_sa(mp, ns); 3159 if (esph == NULL) 3160 return; 3161 ASSERT(ii->ipsec_in_esp_sa != NULL); 3162 ipsec_rc = ii->ipsec_in_esp_sa->ipsa_input_func(mp, esph); 3163 if (ipsec_rc != IPSEC_STATUS_SUCCESS) 3164 return; 3165 ip_fanout_proto_again(mp, NULL, NULL, NULL); 3166 } 3167 3168 /* 3169 * Now that weak-key passed, actually ADD the security association, and 3170 * send back a reply ADD message. 3171 */ 3172 static int 3173 esp_add_sa_finish(mblk_t *mp, sadb_msg_t *samsg, keysock_in_t *ksi, 3174 int *diagnostic, ipsecesp_stack_t *espstack) 3175 { 3176 isaf_t *primary = NULL, *secondary, *inbound, *outbound; 3177 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 3178 sadb_address_t *dstext = 3179 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3180 struct sockaddr_in *dst; 3181 struct sockaddr_in6 *dst6; 3182 boolean_t is_ipv4, clone = B_FALSE, is_inbound = B_FALSE; 3183 uint32_t *dstaddr; 3184 ipsa_t *larval = NULL; 3185 ipsacq_t *acqrec; 3186 iacqf_t *acq_bucket; 3187 mblk_t *acq_msgs = NULL; 3188 int rc; 3189 sadb_t *sp; 3190 int outhash; 3191 mblk_t *lpkt; 3192 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 3193 3194 /* 3195 * Locate the appropriate table(s). 3196 */ 3197 3198 dst = (struct sockaddr_in *)(dstext + 1); 3199 dst6 = (struct sockaddr_in6 *)dst; 3200 is_ipv4 = (dst->sin_family == AF_INET); 3201 if (is_ipv4) { 3202 sp = &espstack->esp_sadb.s_v4; 3203 dstaddr = (uint32_t *)(&dst->sin_addr); 3204 outhash = OUTBOUND_HASH_V4(sp, *(ipaddr_t *)dstaddr); 3205 } else { 3206 sp = &espstack->esp_sadb.s_v6; 3207 dstaddr = (uint32_t *)(&dst6->sin6_addr); 3208 outhash = OUTBOUND_HASH_V6(sp, *(in6_addr_t *)dstaddr); 3209 } 3210 3211 inbound = INBOUND_BUCKET(sp, assoc->sadb_sa_spi); 3212 outbound = &sp->sdb_of[outhash]; 3213 3214 /* 3215 * Use the direction flags provided by the KMD to determine 3216 * if the inbound or outbound table should be the primary 3217 * for this SA. If these flags were absent then make this 3218 * decision based on the addresses. 3219 */ 3220 if (assoc->sadb_sa_flags & IPSA_F_INBOUND) { 3221 primary = inbound; 3222 secondary = outbound; 3223 is_inbound = B_TRUE; 3224 if (assoc->sadb_sa_flags & IPSA_F_OUTBOUND) 3225 clone = B_TRUE; 3226 } else { 3227 if (assoc->sadb_sa_flags & IPSA_F_OUTBOUND) { 3228 primary = outbound; 3229 secondary = inbound; 3230 } 3231 } 3232 3233 if (primary == NULL) { 3234 /* 3235 * The KMD did not set a direction flag, determine which 3236 * table to insert the SA into based on addresses. 3237 */ 3238 switch (ksi->ks_in_dsttype) { 3239 case KS_IN_ADDR_MBCAST: 3240 clone = B_TRUE; /* All mcast SAs can be bidirectional */ 3241 assoc->sadb_sa_flags |= IPSA_F_OUTBOUND; 3242 /* FALLTHRU */ 3243 /* 3244 * If the source address is either one of mine, or unspecified 3245 * (which is best summed up by saying "not 'not mine'"), 3246 * then the association is potentially bi-directional, 3247 * in that it can be used for inbound traffic and outbound 3248 * traffic. The best example of such an SA is a multicast 3249 * SA (which allows me to receive the outbound traffic). 3250 */ 3251 case KS_IN_ADDR_ME: 3252 assoc->sadb_sa_flags |= IPSA_F_INBOUND; 3253 primary = inbound; 3254 secondary = outbound; 3255 if (ksi->ks_in_srctype != KS_IN_ADDR_NOTME) 3256 clone = B_TRUE; 3257 is_inbound = B_TRUE; 3258 break; 3259 /* 3260 * If the source address literally not mine (either 3261 * unspecified or not mine), then this SA may have an 3262 * address that WILL be mine after some configuration. 3263 * We pay the price for this by making it a bi-directional 3264 * SA. 3265 */ 3266 case KS_IN_ADDR_NOTME: 3267 assoc->sadb_sa_flags |= IPSA_F_OUTBOUND; 3268 primary = outbound; 3269 secondary = inbound; 3270 if (ksi->ks_in_srctype != KS_IN_ADDR_ME) { 3271 assoc->sadb_sa_flags |= IPSA_F_INBOUND; 3272 clone = B_TRUE; 3273 } 3274 break; 3275 default: 3276 *diagnostic = SADB_X_DIAGNOSTIC_BAD_DST; 3277 return (EINVAL); 3278 } 3279 } 3280 3281 /* 3282 * Find a ACQUIRE list entry if possible. If we've added an SA that 3283 * suits the needs of an ACQUIRE list entry, we can eliminate the 3284 * ACQUIRE list entry and transmit the enqueued packets. Use the 3285 * high-bit of the sequence number to queue it. Key off destination 3286 * addr, and change acqrec's state. 3287 */ 3288 3289 if (samsg->sadb_msg_seq & IACQF_LOWEST_SEQ) { 3290 acq_bucket = &sp->sdb_acq[outhash]; 3291 mutex_enter(&acq_bucket->iacqf_lock); 3292 for (acqrec = acq_bucket->iacqf_ipsacq; acqrec != NULL; 3293 acqrec = acqrec->ipsacq_next) { 3294 mutex_enter(&acqrec->ipsacq_lock); 3295 /* 3296 * Q: I only check sequence. Should I check dst? 3297 * A: Yes, check dest because those are the packets 3298 * that are queued up. 3299 */ 3300 if (acqrec->ipsacq_seq == samsg->sadb_msg_seq && 3301 IPSA_ARE_ADDR_EQUAL(dstaddr, 3302 acqrec->ipsacq_dstaddr, acqrec->ipsacq_addrfam)) 3303 break; 3304 mutex_exit(&acqrec->ipsacq_lock); 3305 } 3306 if (acqrec != NULL) { 3307 /* 3308 * AHA! I found an ACQUIRE record for this SA. 3309 * Grab the msg list, and free the acquire record. 3310 * I already am holding the lock for this record, 3311 * so all I have to do is free it. 3312 */ 3313 acq_msgs = acqrec->ipsacq_mp; 3314 acqrec->ipsacq_mp = NULL; 3315 mutex_exit(&acqrec->ipsacq_lock); 3316 sadb_destroy_acquire(acqrec, 3317 espstack->ipsecesp_netstack); 3318 } 3319 mutex_exit(&acq_bucket->iacqf_lock); 3320 } 3321 3322 /* 3323 * Find PF_KEY message, and see if I'm an update. If so, find entry 3324 * in larval list (if there). 3325 */ 3326 3327 if (samsg->sadb_msg_type == SADB_UPDATE) { 3328 mutex_enter(&inbound->isaf_lock); 3329 larval = ipsec_getassocbyspi(inbound, assoc->sadb_sa_spi, 3330 ALL_ZEROES_PTR, dstaddr, dst->sin_family); 3331 mutex_exit(&inbound->isaf_lock); 3332 3333 if ((larval == NULL) || 3334 (larval->ipsa_state != IPSA_STATE_LARVAL)) { 3335 *diagnostic = SADB_X_DIAGNOSTIC_SA_NOTFOUND; 3336 if (larval != NULL) { 3337 IPSA_REFRELE(larval); 3338 } 3339 esp0dbg(("Larval update, but larval disappeared.\n")); 3340 return (ESRCH); 3341 } /* Else sadb_common_add unlinks it for me! */ 3342 } 3343 3344 lpkt = NULL; 3345 if (larval != NULL) 3346 lpkt = sadb_clear_lpkt(larval); 3347 3348 rc = sadb_common_add(espstack->esp_sadb.s_ip_q, espstack->esp_pfkey_q, 3349 mp, samsg, ksi, primary, secondary, larval, clone, is_inbound, 3350 diagnostic, espstack->ipsecesp_netstack, &espstack->esp_sadb); 3351 3352 if (rc == 0 && lpkt != NULL) { 3353 rc = !taskq_dispatch(esp_taskq, inbound_task, 3354 (void *) lpkt, TQ_NOSLEEP); 3355 } 3356 3357 if (rc != 0) { 3358 ip_drop_packet(lpkt, B_TRUE, NULL, NULL, 3359 DROPPER(ipss, ipds_sadb_inlarval_timeout), 3360 &espstack->esp_dropper); 3361 } 3362 3363 /* 3364 * How much more stack will I create with all of these 3365 * esp_outbound() calls? 3366 */ 3367 3368 while (acq_msgs != NULL) { 3369 mblk_t *mp = acq_msgs; 3370 3371 acq_msgs = acq_msgs->b_next; 3372 mp->b_next = NULL; 3373 if (rc == 0) { 3374 if (ipsec_outbound_sa(mp, IPPROTO_ESP)) { 3375 ((ipsec_out_t *)(mp->b_rptr))-> 3376 ipsec_out_esp_done = B_TRUE; 3377 if (esp_outbound(mp) == IPSEC_STATUS_SUCCESS) { 3378 ipha_t *ipha; 3379 3380 /* do AH processing if needed */ 3381 if (!esp_do_outbound_ah(mp)) 3382 continue; 3383 3384 ipha = (ipha_t *)mp->b_cont->b_rptr; 3385 3386 /* finish IPsec processing */ 3387 if (is_ipv4) { 3388 ip_wput_ipsec_out(NULL, mp, 3389 ipha, NULL, NULL); 3390 } else { 3391 ip6_t *ip6h = (ip6_t *)ipha; 3392 ip_wput_ipsec_out_v6(NULL, 3393 mp, ip6h, NULL, NULL); 3394 } 3395 } 3396 continue; 3397 } 3398 } 3399 ESP_BUMP_STAT(espstack, out_discards); 3400 ip_drop_packet(mp, B_FALSE, NULL, NULL, 3401 DROPPER(ipss, ipds_sadb_acquire_timeout), 3402 &espstack->esp_dropper); 3403 } 3404 3405 return (rc); 3406 } 3407 3408 /* 3409 * Add new ESP security association. This may become a generic AH/ESP 3410 * routine eventually. 3411 */ 3412 static int 3413 esp_add_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic, netstack_t *ns) 3414 { 3415 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 3416 sadb_address_t *srcext = 3417 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC]; 3418 sadb_address_t *dstext = 3419 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3420 sadb_address_t *isrcext = 3421 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_INNER_SRC]; 3422 sadb_address_t *idstext = 3423 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_INNER_DST]; 3424 sadb_address_t *nttext_loc = 3425 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_NATT_LOC]; 3426 sadb_address_t *nttext_rem = 3427 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_NATT_REM]; 3428 sadb_key_t *akey = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_AUTH]; 3429 sadb_key_t *ekey = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_ENCRYPT]; 3430 struct sockaddr_in *src, *dst; 3431 struct sockaddr_in *natt_loc, *natt_rem; 3432 struct sockaddr_in6 *natt_loc6, *natt_rem6; 3433 sadb_lifetime_t *soft = 3434 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_SOFT]; 3435 sadb_lifetime_t *hard = 3436 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_HARD]; 3437 sadb_lifetime_t *idle = 3438 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_X_EXT_LIFETIME_IDLE]; 3439 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 3440 ipsec_stack_t *ipss = ns->netstack_ipsec; 3441 3442 /* I need certain extensions present for an ADD message. */ 3443 if (srcext == NULL) { 3444 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SRC; 3445 return (EINVAL); 3446 } 3447 if (dstext == NULL) { 3448 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST; 3449 return (EINVAL); 3450 } 3451 if (isrcext == NULL && idstext != NULL) { 3452 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_INNER_SRC; 3453 return (EINVAL); 3454 } 3455 if (isrcext != NULL && idstext == NULL) { 3456 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_INNER_DST; 3457 return (EINVAL); 3458 } 3459 if (assoc == NULL) { 3460 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA; 3461 return (EINVAL); 3462 } 3463 if (ekey == NULL && assoc->sadb_sa_encrypt != SADB_EALG_NULL) { 3464 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_EKEY; 3465 return (EINVAL); 3466 } 3467 3468 src = (struct sockaddr_in *)(srcext + 1); 3469 dst = (struct sockaddr_in *)(dstext + 1); 3470 natt_loc = (struct sockaddr_in *)(nttext_loc + 1); 3471 natt_loc6 = (struct sockaddr_in6 *)(nttext_loc + 1); 3472 natt_rem = (struct sockaddr_in *)(nttext_rem + 1); 3473 natt_rem6 = (struct sockaddr_in6 *)(nttext_rem + 1); 3474 3475 /* Sundry ADD-specific reality checks. */ 3476 /* XXX STATS : Logging/stats here? */ 3477 3478 if ((assoc->sadb_sa_state != SADB_SASTATE_MATURE) && 3479 (assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE_ELSEWHERE)) { 3480 *diagnostic = SADB_X_DIAGNOSTIC_BAD_SASTATE; 3481 return (EINVAL); 3482 } 3483 if (assoc->sadb_sa_encrypt == SADB_EALG_NONE) { 3484 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG; 3485 return (EINVAL); 3486 } 3487 3488 if (assoc->sadb_sa_encrypt == SADB_EALG_NULL && 3489 assoc->sadb_sa_auth == SADB_AALG_NONE) { 3490 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG; 3491 return (EINVAL); 3492 } 3493 3494 if (assoc->sadb_sa_flags & ~espstack->esp_sadb.s_addflags) { 3495 *diagnostic = SADB_X_DIAGNOSTIC_BAD_SAFLAGS; 3496 return (EINVAL); 3497 } 3498 3499 if ((*diagnostic = sadb_hardsoftchk(hard, soft, idle)) != 0) { 3500 return (EINVAL); 3501 } 3502 ASSERT(src->sin_family == dst->sin_family); 3503 3504 if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_LOC) { 3505 if (nttext_loc == NULL) { 3506 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_NATT_LOC; 3507 return (EINVAL); 3508 } 3509 3510 if (natt_loc->sin_family == AF_INET6 && 3511 !IN6_IS_ADDR_V4MAPPED(&natt_loc6->sin6_addr)) { 3512 *diagnostic = SADB_X_DIAGNOSTIC_MALFORMED_NATT_LOC; 3513 return (EINVAL); 3514 } 3515 } 3516 3517 if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_REM) { 3518 if (nttext_rem == NULL) { 3519 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_NATT_REM; 3520 return (EINVAL); 3521 } 3522 if (natt_rem->sin_family == AF_INET6 && 3523 !IN6_IS_ADDR_V4MAPPED(&natt_rem6->sin6_addr)) { 3524 *diagnostic = SADB_X_DIAGNOSTIC_MALFORMED_NATT_REM; 3525 return (EINVAL); 3526 } 3527 } 3528 3529 3530 /* Stuff I don't support, for now. XXX Diagnostic? */ 3531 if (ksi->ks_in_extv[SADB_EXT_LIFETIME_CURRENT] != NULL || 3532 ksi->ks_in_extv[SADB_EXT_SENSITIVITY] != NULL) 3533 return (EOPNOTSUPP); 3534 3535 /* 3536 * XXX Policy : I'm not checking identities or sensitivity 3537 * labels at this time, but if I did, I'd do them here, before I sent 3538 * the weak key check up to the algorithm. 3539 */ 3540 3541 mutex_enter(&ipss->ipsec_alg_lock); 3542 3543 /* 3544 * First locate the authentication algorithm. 3545 */ 3546 if (akey != NULL) { 3547 ipsec_alginfo_t *aalg; 3548 3549 aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH] 3550 [assoc->sadb_sa_auth]; 3551 if (aalg == NULL || !ALG_VALID(aalg)) { 3552 mutex_exit(&ipss->ipsec_alg_lock); 3553 esp1dbg(espstack, ("Couldn't find auth alg #%d.\n", 3554 assoc->sadb_sa_auth)); 3555 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG; 3556 return (EINVAL); 3557 } 3558 3559 /* 3560 * Sanity check key sizes. 3561 * Note: It's not possible to use SADB_AALG_NONE because 3562 * this auth_alg is not defined with ALG_FLAG_VALID. If this 3563 * ever changes, the same check for SADB_AALG_NONE and 3564 * a auth_key != NULL should be made here ( see below). 3565 */ 3566 if (!ipsec_valid_key_size(akey->sadb_key_bits, aalg)) { 3567 mutex_exit(&ipss->ipsec_alg_lock); 3568 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AKEYBITS; 3569 return (EINVAL); 3570 } 3571 ASSERT(aalg->alg_mech_type != CRYPTO_MECHANISM_INVALID); 3572 3573 /* check key and fix parity if needed */ 3574 if (ipsec_check_key(aalg->alg_mech_type, akey, B_TRUE, 3575 diagnostic) != 0) { 3576 mutex_exit(&ipss->ipsec_alg_lock); 3577 return (EINVAL); 3578 } 3579 } 3580 3581 /* 3582 * Then locate the encryption algorithm. 3583 */ 3584 if (ekey != NULL) { 3585 ipsec_alginfo_t *ealg; 3586 3587 ealg = ipss->ipsec_alglists[IPSEC_ALG_ENCR] 3588 [assoc->sadb_sa_encrypt]; 3589 if (ealg == NULL || !ALG_VALID(ealg)) { 3590 mutex_exit(&ipss->ipsec_alg_lock); 3591 esp1dbg(espstack, ("Couldn't find encr alg #%d.\n", 3592 assoc->sadb_sa_encrypt)); 3593 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG; 3594 return (EINVAL); 3595 } 3596 3597 /* 3598 * Sanity check key sizes. If the encryption algorithm is 3599 * SADB_EALG_NULL but the encryption key is NOT 3600 * NULL then complain. 3601 */ 3602 if ((assoc->sadb_sa_encrypt == SADB_EALG_NULL) || 3603 (!ipsec_valid_key_size(ekey->sadb_key_bits, ealg))) { 3604 mutex_exit(&ipss->ipsec_alg_lock); 3605 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EKEYBITS; 3606 return (EINVAL); 3607 } 3608 ASSERT(ealg->alg_mech_type != CRYPTO_MECHANISM_INVALID); 3609 3610 /* check key */ 3611 if (ipsec_check_key(ealg->alg_mech_type, ekey, B_FALSE, 3612 diagnostic) != 0) { 3613 mutex_exit(&ipss->ipsec_alg_lock); 3614 return (EINVAL); 3615 } 3616 } 3617 mutex_exit(&ipss->ipsec_alg_lock); 3618 3619 return (esp_add_sa_finish(mp, (sadb_msg_t *)mp->b_cont->b_rptr, ksi, 3620 diagnostic, espstack)); 3621 } 3622 3623 /* 3624 * Update a security association. Updates come in two varieties. The first 3625 * is an update of lifetimes on a non-larval SA. The second is an update of 3626 * a larval SA, which ends up looking a lot more like an add. 3627 */ 3628 static int 3629 esp_update_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic, 3630 ipsecesp_stack_t *espstack, uint8_t sadb_msg_type) 3631 { 3632 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 3633 mblk_t *buf_pkt; 3634 int rcode; 3635 3636 sadb_address_t *dstext = 3637 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3638 3639 if (dstext == NULL) { 3640 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST; 3641 return (EINVAL); 3642 } 3643 3644 rcode = sadb_update_sa(mp, ksi, &buf_pkt, &espstack->esp_sadb, 3645 diagnostic, espstack->esp_pfkey_q, esp_add_sa, 3646 espstack->ipsecesp_netstack, sadb_msg_type); 3647 3648 if ((assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE) || 3649 (rcode != 0)) { 3650 return (rcode); 3651 } 3652 3653 HANDLE_BUF_PKT(esp_taskq, 3654 espstack->ipsecesp_netstack->netstack_ipsec, 3655 espstack->esp_dropper, buf_pkt); 3656 3657 return (rcode); 3658 } 3659 3660 /* 3661 * Delete a security association. This is REALLY likely to be code common to 3662 * both AH and ESP. Find the association, then unlink it. 3663 */ 3664 static int 3665 esp_del_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic, 3666 ipsecesp_stack_t *espstack, uint8_t sadb_msg_type) 3667 { 3668 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 3669 sadb_address_t *dstext = 3670 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3671 sadb_address_t *srcext = 3672 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC]; 3673 struct sockaddr_in *sin; 3674 3675 if (assoc == NULL) { 3676 if (dstext != NULL) { 3677 sin = (struct sockaddr_in *)(dstext + 1); 3678 } else if (srcext != NULL) { 3679 sin = (struct sockaddr_in *)(srcext + 1); 3680 } else { 3681 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA; 3682 return (EINVAL); 3683 } 3684 return (sadb_purge_sa(mp, ksi, 3685 (sin->sin_family == AF_INET6) ? &espstack->esp_sadb.s_v6 : 3686 &espstack->esp_sadb.s_v4, espstack->esp_pfkey_q, 3687 espstack->esp_sadb.s_ip_q)); 3688 } 3689 3690 return (sadb_delget_sa(mp, ksi, &espstack->esp_sadb, diagnostic, 3691 espstack->esp_pfkey_q, sadb_msg_type)); 3692 } 3693 3694 /* 3695 * Convert the entire contents of all of ESP's SA tables into PF_KEY SADB_DUMP 3696 * messages. 3697 */ 3698 static void 3699 esp_dump(mblk_t *mp, keysock_in_t *ksi, ipsecesp_stack_t *espstack) 3700 { 3701 int error; 3702 sadb_msg_t *samsg; 3703 3704 /* 3705 * Dump each fanout, bailing if error is non-zero. 3706 */ 3707 3708 error = sadb_dump(espstack->esp_pfkey_q, mp, ksi, 3709 &espstack->esp_sadb.s_v4); 3710 if (error != 0) 3711 goto bail; 3712 3713 error = sadb_dump(espstack->esp_pfkey_q, mp, ksi, 3714 &espstack->esp_sadb.s_v6); 3715 bail: 3716 ASSERT(mp->b_cont != NULL); 3717 samsg = (sadb_msg_t *)mp->b_cont->b_rptr; 3718 samsg->sadb_msg_errno = (uint8_t)error; 3719 sadb_pfkey_echo(espstack->esp_pfkey_q, mp, 3720 (sadb_msg_t *)mp->b_cont->b_rptr, ksi, NULL); 3721 } 3722 3723 /* 3724 * First-cut reality check for an inbound PF_KEY message. 3725 */ 3726 static boolean_t 3727 esp_pfkey_reality_failures(mblk_t *mp, keysock_in_t *ksi, 3728 ipsecesp_stack_t *espstack) 3729 { 3730 int diagnostic; 3731 3732 if (ksi->ks_in_extv[SADB_EXT_PROPOSAL] != NULL) { 3733 diagnostic = SADB_X_DIAGNOSTIC_PROP_PRESENT; 3734 goto badmsg; 3735 } 3736 if (ksi->ks_in_extv[SADB_EXT_SUPPORTED_AUTH] != NULL || 3737 ksi->ks_in_extv[SADB_EXT_SUPPORTED_ENCRYPT] != NULL) { 3738 diagnostic = SADB_X_DIAGNOSTIC_SUPP_PRESENT; 3739 goto badmsg; 3740 } 3741 return (B_FALSE); /* False ==> no failures */ 3742 3743 badmsg: 3744 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, diagnostic, 3745 ksi->ks_in_serial); 3746 return (B_TRUE); /* True ==> failures */ 3747 } 3748 3749 /* 3750 * ESP parsing of PF_KEY messages. Keysock did most of the really silly 3751 * error cases. What I receive is a fully-formed, syntactically legal 3752 * PF_KEY message. I then need to check semantics... 3753 * 3754 * This code may become common to AH and ESP. Stay tuned. 3755 * 3756 * I also make the assumption that db_ref's are cool. If this assumption 3757 * is wrong, this means that someone other than keysock or me has been 3758 * mucking with PF_KEY messages. 3759 */ 3760 static void 3761 esp_parse_pfkey(mblk_t *mp, ipsecesp_stack_t *espstack) 3762 { 3763 mblk_t *msg = mp->b_cont; 3764 sadb_msg_t *samsg; 3765 keysock_in_t *ksi; 3766 int error; 3767 int diagnostic = SADB_X_DIAGNOSTIC_NONE; 3768 3769 ASSERT(msg != NULL); 3770 3771 samsg = (sadb_msg_t *)msg->b_rptr; 3772 ksi = (keysock_in_t *)mp->b_rptr; 3773 3774 /* 3775 * If applicable, convert unspecified AF_INET6 to unspecified 3776 * AF_INET. And do other address reality checks. 3777 */ 3778 if (!sadb_addrfix(ksi, espstack->esp_pfkey_q, mp, 3779 espstack->ipsecesp_netstack) || 3780 esp_pfkey_reality_failures(mp, ksi, espstack)) { 3781 return; 3782 } 3783 3784 switch (samsg->sadb_msg_type) { 3785 case SADB_ADD: 3786 error = esp_add_sa(mp, ksi, &diagnostic, 3787 espstack->ipsecesp_netstack); 3788 if (error != 0) { 3789 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error, 3790 diagnostic, ksi->ks_in_serial); 3791 } 3792 /* else esp_add_sa() took care of things. */ 3793 break; 3794 case SADB_DELETE: 3795 case SADB_X_DELPAIR: 3796 case SADB_X_DELPAIR_STATE: 3797 error = esp_del_sa(mp, ksi, &diagnostic, espstack, 3798 samsg->sadb_msg_type); 3799 if (error != 0) { 3800 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error, 3801 diagnostic, ksi->ks_in_serial); 3802 } 3803 /* Else esp_del_sa() took care of things. */ 3804 break; 3805 case SADB_GET: 3806 error = sadb_delget_sa(mp, ksi, &espstack->esp_sadb, 3807 &diagnostic, espstack->esp_pfkey_q, samsg->sadb_msg_type); 3808 if (error != 0) { 3809 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error, 3810 diagnostic, ksi->ks_in_serial); 3811 } 3812 /* Else sadb_get_sa() took care of things. */ 3813 break; 3814 case SADB_FLUSH: 3815 sadbp_flush(&espstack->esp_sadb, espstack->ipsecesp_netstack); 3816 sadb_pfkey_echo(espstack->esp_pfkey_q, mp, samsg, ksi, NULL); 3817 break; 3818 case SADB_REGISTER: 3819 /* 3820 * Hmmm, let's do it! Check for extensions (there should 3821 * be none), extract the fields, call esp_register_out(), 3822 * then either free or report an error. 3823 * 3824 * Keysock takes care of the PF_KEY bookkeeping for this. 3825 */ 3826 if (esp_register_out(samsg->sadb_msg_seq, samsg->sadb_msg_pid, 3827 ksi->ks_in_serial, espstack)) { 3828 freemsg(mp); 3829 } else { 3830 /* 3831 * Only way this path hits is if there is a memory 3832 * failure. It will not return B_FALSE because of 3833 * lack of esp_pfkey_q if I am in wput(). 3834 */ 3835 sadb_pfkey_error(espstack->esp_pfkey_q, mp, ENOMEM, 3836 diagnostic, ksi->ks_in_serial); 3837 } 3838 break; 3839 case SADB_UPDATE: 3840 case SADB_X_UPDATEPAIR: 3841 /* 3842 * Find a larval, if not there, find a full one and get 3843 * strict. 3844 */ 3845 error = esp_update_sa(mp, ksi, &diagnostic, espstack, 3846 samsg->sadb_msg_type); 3847 if (error != 0) { 3848 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error, 3849 diagnostic, ksi->ks_in_serial); 3850 } 3851 /* else esp_update_sa() took care of things. */ 3852 break; 3853 case SADB_GETSPI: 3854 /* 3855 * Reserve a new larval entry. 3856 */ 3857 esp_getspi(mp, ksi, espstack); 3858 break; 3859 case SADB_ACQUIRE: 3860 /* 3861 * Find larval and/or ACQUIRE record and kill it (them), I'm 3862 * most likely an error. Inbound ACQUIRE messages should only 3863 * have the base header. 3864 */ 3865 sadb_in_acquire(samsg, &espstack->esp_sadb, 3866 espstack->esp_pfkey_q, espstack->ipsecesp_netstack); 3867 freemsg(mp); 3868 break; 3869 case SADB_DUMP: 3870 /* 3871 * Dump all entries. 3872 */ 3873 esp_dump(mp, ksi, espstack); 3874 /* esp_dump will take care of the return message, etc. */ 3875 break; 3876 case SADB_EXPIRE: 3877 /* Should never reach me. */ 3878 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EOPNOTSUPP, 3879 diagnostic, ksi->ks_in_serial); 3880 break; 3881 default: 3882 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, 3883 SADB_X_DIAGNOSTIC_UNKNOWN_MSG, ksi->ks_in_serial); 3884 break; 3885 } 3886 } 3887 3888 /* 3889 * Handle case where PF_KEY says it can't find a keysock for one of my 3890 * ACQUIRE messages. 3891 */ 3892 static void 3893 esp_keysock_no_socket(mblk_t *mp, ipsecesp_stack_t *espstack) 3894 { 3895 sadb_msg_t *samsg; 3896 keysock_out_err_t *kse = (keysock_out_err_t *)mp->b_rptr; 3897 3898 if (mp->b_cont == NULL) { 3899 freemsg(mp); 3900 return; 3901 } 3902 samsg = (sadb_msg_t *)mp->b_cont->b_rptr; 3903 3904 /* 3905 * If keysock can't find any registered, delete the acquire record 3906 * immediately, and handle errors. 3907 */ 3908 if (samsg->sadb_msg_type == SADB_ACQUIRE) { 3909 samsg->sadb_msg_errno = kse->ks_err_errno; 3910 samsg->sadb_msg_len = SADB_8TO64(sizeof (*samsg)); 3911 /* 3912 * Use the write-side of the esp_pfkey_q, in case there is 3913 * no esp_sadb.s_ip_q. 3914 */ 3915 sadb_in_acquire(samsg, &espstack->esp_sadb, 3916 WR(espstack->esp_pfkey_q), espstack->ipsecesp_netstack); 3917 } 3918 3919 freemsg(mp); 3920 } 3921 3922 /* 3923 * ESP module write put routine. 3924 */ 3925 static void 3926 ipsecesp_wput(queue_t *q, mblk_t *mp) 3927 { 3928 ipsec_info_t *ii; 3929 struct iocblk *iocp; 3930 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 3931 3932 esp3dbg(espstack, ("In esp_wput().\n")); 3933 3934 /* NOTE: Each case must take care of freeing or passing mp. */ 3935 switch (mp->b_datap->db_type) { 3936 case M_CTL: 3937 if ((mp->b_wptr - mp->b_rptr) < sizeof (ipsec_info_t)) { 3938 /* Not big enough message. */ 3939 freemsg(mp); 3940 break; 3941 } 3942 ii = (ipsec_info_t *)mp->b_rptr; 3943 3944 switch (ii->ipsec_info_type) { 3945 case KEYSOCK_OUT_ERR: 3946 esp1dbg(espstack, ("Got KEYSOCK_OUT_ERR message.\n")); 3947 esp_keysock_no_socket(mp, espstack); 3948 break; 3949 case KEYSOCK_IN: 3950 ESP_BUMP_STAT(espstack, keysock_in); 3951 esp3dbg(espstack, ("Got KEYSOCK_IN message.\n")); 3952 3953 /* Parse the message. */ 3954 esp_parse_pfkey(mp, espstack); 3955 break; 3956 case KEYSOCK_HELLO: 3957 sadb_keysock_hello(&espstack->esp_pfkey_q, q, mp, 3958 esp_ager, (void *)espstack, &espstack->esp_event, 3959 SADB_SATYPE_ESP); 3960 break; 3961 default: 3962 esp2dbg(espstack, ("Got M_CTL from above of 0x%x.\n", 3963 ii->ipsec_info_type)); 3964 freemsg(mp); 3965 break; 3966 } 3967 break; 3968 case M_IOCTL: 3969 iocp = (struct iocblk *)mp->b_rptr; 3970 switch (iocp->ioc_cmd) { 3971 case ND_SET: 3972 case ND_GET: 3973 if (nd_getset(q, espstack->ipsecesp_g_nd, mp)) { 3974 qreply(q, mp); 3975 return; 3976 } else { 3977 iocp->ioc_error = ENOENT; 3978 } 3979 /* FALLTHRU */ 3980 default: 3981 /* We really don't support any other ioctls, do we? */ 3982 3983 /* Return EINVAL */ 3984 if (iocp->ioc_error != ENOENT) 3985 iocp->ioc_error = EINVAL; 3986 iocp->ioc_count = 0; 3987 mp->b_datap->db_type = M_IOCACK; 3988 qreply(q, mp); 3989 return; 3990 } 3991 default: 3992 esp3dbg(espstack, 3993 ("Got default message, type %d, passing to IP.\n", 3994 mp->b_datap->db_type)); 3995 putnext(q, mp); 3996 } 3997 } 3998 3999 /* 4000 * Process an outbound ESP packet that can be accelerated by a IPsec 4001 * hardware acceleration capable Provider. 4002 * The caller already inserted and initialized the ESP header. 4003 * This function allocates a tagging M_CTL, and adds room at the end 4004 * of the packet to hold the ICV if authentication is needed. 4005 * 4006 * On success returns B_TRUE, on failure returns B_FALSE and frees the 4007 * mblk chain ipsec_out. 4008 */ 4009 static ipsec_status_t 4010 esp_outbound_accelerated(mblk_t *ipsec_out, uint_t icv_len) 4011 { 4012 ipsec_out_t *io; 4013 mblk_t *lastmp; 4014 netstack_t *ns; 4015 ipsecesp_stack_t *espstack; 4016 ipsec_stack_t *ipss; 4017 4018 io = (ipsec_out_t *)ipsec_out->b_rptr; 4019 ns = io->ipsec_out_ns; 4020 espstack = ns->netstack_ipsecesp; 4021 ipss = ns->netstack_ipsec; 4022 4023 ESP_BUMP_STAT(espstack, out_accelerated); 4024 4025 /* mark packet as being accelerated in IPSEC_OUT */ 4026 ASSERT(io->ipsec_out_accelerated == B_FALSE); 4027 io->ipsec_out_accelerated = B_TRUE; 4028 4029 /* 4030 * add room at the end of the packet for the ICV if needed 4031 */ 4032 if (icv_len > 0) { 4033 /* go to last mblk */ 4034 lastmp = ipsec_out; /* For following while loop. */ 4035 do { 4036 lastmp = lastmp->b_cont; 4037 } while (lastmp->b_cont != NULL); 4038 4039 /* if not enough available room, allocate new mblk */ 4040 if ((lastmp->b_wptr + icv_len) > lastmp->b_datap->db_lim) { 4041 lastmp->b_cont = allocb(icv_len, BPRI_HI); 4042 if (lastmp->b_cont == NULL) { 4043 ESP_BUMP_STAT(espstack, out_discards); 4044 ip_drop_packet(ipsec_out, B_FALSE, NULL, NULL, 4045 DROPPER(ipss, ipds_esp_nomem), 4046 &espstack->esp_dropper); 4047 return (IPSEC_STATUS_FAILED); 4048 } 4049 lastmp = lastmp->b_cont; 4050 } 4051 lastmp->b_wptr += icv_len; 4052 } 4053 4054 return (IPSEC_STATUS_SUCCESS); 4055 } 4056 4057 /* 4058 * Process an inbound accelerated ESP packet. 4059 * On success returns B_TRUE, on failure returns B_FALSE and frees the 4060 * mblk chain ipsec_in. 4061 */ 4062 static ipsec_status_t 4063 esp_inbound_accelerated(mblk_t *ipsec_in, mblk_t *data_mp, boolean_t isv4, 4064 ipsa_t *assoc) 4065 { 4066 ipsec_in_t *ii = (ipsec_in_t *)ipsec_in->b_rptr; 4067 mblk_t *hada_mp; 4068 uint32_t icv_len = 0; 4069 da_ipsec_t *hada; 4070 ipha_t *ipha; 4071 ip6_t *ip6h; 4072 kstat_named_t *counter; 4073 netstack_t *ns = ii->ipsec_in_ns; 4074 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 4075 ipsec_stack_t *ipss = ns->netstack_ipsec; 4076 4077 ESP_BUMP_STAT(espstack, in_accelerated); 4078 4079 hada_mp = ii->ipsec_in_da; 4080 ASSERT(hada_mp != NULL); 4081 hada = (da_ipsec_t *)hada_mp->b_rptr; 4082 4083 /* 4084 * We only support one level of decapsulation in hardware, so 4085 * nuke the pointer. 4086 */ 4087 ii->ipsec_in_da = NULL; 4088 ii->ipsec_in_accelerated = B_FALSE; 4089 4090 if (assoc->ipsa_auth_alg != IPSA_AALG_NONE) { 4091 /* 4092 * ESP with authentication. We expect the Provider to have 4093 * computed the ICV and placed it in the hardware acceleration 4094 * data attributes. 4095 * 4096 * Extract ICV length from attributes M_CTL and sanity check 4097 * its value. We allow the mblk to be smaller than da_ipsec_t 4098 * for a small ICV, as long as the entire ICV fits within the 4099 * mblk. 4100 * 4101 * Also ensures that the ICV length computed by Provider 4102 * corresponds to the ICV length of the agorithm specified by 4103 * the SA. 4104 */ 4105 icv_len = hada->da_icv_len; 4106 if ((icv_len != assoc->ipsa_mac_len) || 4107 (icv_len > DA_ICV_MAX_LEN) || (MBLKL(hada_mp) < 4108 (sizeof (da_ipsec_t) - DA_ICV_MAX_LEN + icv_len))) { 4109 esp0dbg(("esp_inbound_accelerated: " 4110 "ICV len (%u) incorrect or mblk too small (%u)\n", 4111 icv_len, (uint32_t)(MBLKL(hada_mp)))); 4112 counter = DROPPER(ipss, ipds_esp_bad_auth); 4113 goto esp_in_discard; 4114 } 4115 } 4116 4117 /* get pointers to IP header */ 4118 if (isv4) { 4119 ipha = (ipha_t *)data_mp->b_rptr; 4120 } else { 4121 ip6h = (ip6_t *)data_mp->b_rptr; 4122 } 4123 4124 /* 4125 * Compare ICV in ESP packet vs ICV computed by adapter. 4126 * We also remove the ICV from the end of the packet since 4127 * it will no longer be needed. 4128 * 4129 * Assume that esp_inbound() already ensured that the pkt 4130 * was in one mblk. 4131 */ 4132 ASSERT(data_mp->b_cont == NULL); 4133 data_mp->b_wptr -= icv_len; 4134 /* adjust IP header */ 4135 if (isv4) 4136 ipha->ipha_length = htons(ntohs(ipha->ipha_length) - icv_len); 4137 else 4138 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - icv_len); 4139 if (icv_len && bcmp(hada->da_icv, data_mp->b_wptr, icv_len)) { 4140 int af; 4141 void *addr; 4142 4143 if (isv4) { 4144 addr = &ipha->ipha_dst; 4145 af = AF_INET; 4146 } else { 4147 addr = &ip6h->ip6_dst; 4148 af = AF_INET6; 4149 } 4150 4151 /* 4152 * Log the event. Don't print to the console, block 4153 * potential denial-of-service attack. 4154 */ 4155 ESP_BUMP_STAT(espstack, bad_auth); 4156 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 4157 "ESP Authentication failed spi %x, dst_addr %s", 4158 assoc->ipsa_spi, addr, af, espstack->ipsecesp_netstack); 4159 counter = DROPPER(ipss, ipds_esp_bad_auth); 4160 goto esp_in_discard; 4161 } 4162 4163 esp3dbg(espstack, ("esp_inbound_accelerated: ESP authentication " 4164 "succeeded, checking replay\n")); 4165 4166 ipsec_in->b_cont = data_mp; 4167 4168 /* 4169 * Remove ESP header and padding from packet. 4170 */ 4171 if (!esp_strip_header(data_mp, ii->ipsec_in_v4, assoc->ipsa_iv_len, 4172 &counter, espstack)) { 4173 esp1dbg(espstack, ("esp_inbound_accelerated: " 4174 "esp_strip_header() failed\n")); 4175 goto esp_in_discard; 4176 } 4177 4178 freeb(hada_mp); 4179 4180 /* 4181 * Account for usage.. 4182 */ 4183 if (!esp_age_bytes(assoc, msgdsize(data_mp), B_TRUE)) { 4184 /* The ipsa has hit hard expiration, LOG and AUDIT. */ 4185 ESP_BUMP_STAT(espstack, bytes_expired); 4186 IP_ESP_BUMP_STAT(ipss, in_discards); 4187 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 4188 "ESP association 0x%x, dst %s had bytes expire.\n", 4189 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam, 4190 espstack->ipsecesp_netstack); 4191 ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL, 4192 DROPPER(ipss, ipds_esp_bytes_expire), 4193 &espstack->esp_dropper); 4194 return (IPSEC_STATUS_FAILED); 4195 } 4196 4197 /* done processing the packet */ 4198 return (IPSEC_STATUS_SUCCESS); 4199 4200 esp_in_discard: 4201 IP_ESP_BUMP_STAT(ipss, in_discards); 4202 freeb(hada_mp); 4203 4204 ipsec_in->b_cont = data_mp; /* For ip_drop_packet()'s sake... */ 4205 ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL, counter, 4206 &espstack->esp_dropper); 4207 4208 return (IPSEC_STATUS_FAILED); 4209 } 4210 4211 /* 4212 * Wrapper to allow IP to trigger an ESP association failure message 4213 * during inbound SA selection. 4214 */ 4215 void 4216 ipsecesp_in_assocfailure(mblk_t *mp, char level, ushort_t sl, char *fmt, 4217 uint32_t spi, void *addr, int af, ipsecesp_stack_t *espstack) 4218 { 4219 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 4220 4221 if (espstack->ipsecesp_log_unknown_spi) { 4222 ipsec_assocfailure(info.mi_idnum, 0, level, sl, fmt, spi, 4223 addr, af, espstack->ipsecesp_netstack); 4224 } 4225 4226 ip_drop_packet(mp, B_TRUE, NULL, NULL, 4227 DROPPER(ipss, ipds_esp_no_sa), 4228 &espstack->esp_dropper); 4229 } 4230 4231 /* 4232 * Initialize the ESP input and output processing functions. 4233 */ 4234 void 4235 ipsecesp_init_funcs(ipsa_t *sa) 4236 { 4237 if (sa->ipsa_output_func == NULL) 4238 sa->ipsa_output_func = esp_outbound; 4239 if (sa->ipsa_input_func == NULL) 4240 sa->ipsa_input_func = esp_inbound; 4241 } 4242