1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/stream.h> 28 #include <sys/stropts.h> 29 #include <sys/errno.h> 30 #include <sys/strlog.h> 31 #include <sys/tihdr.h> 32 #include <sys/socket.h> 33 #include <sys/ddi.h> 34 #include <sys/sunddi.h> 35 #include <sys/kmem.h> 36 #include <sys/zone.h> 37 #include <sys/sysmacros.h> 38 #include <sys/cmn_err.h> 39 #include <sys/vtrace.h> 40 #include <sys/debug.h> 41 #include <sys/atomic.h> 42 #include <sys/strsun.h> 43 #include <sys/random.h> 44 #include <netinet/in.h> 45 #include <net/if.h> 46 #include <netinet/ip6.h> 47 #include <net/pfkeyv2.h> 48 #include <net/pfpolicy.h> 49 50 #include <inet/common.h> 51 #include <inet/mi.h> 52 #include <inet/nd.h> 53 #include <inet/ip.h> 54 #include <inet/ip_impl.h> 55 #include <inet/ip6.h> 56 #include <inet/ip_if.h> 57 #include <inet/ip_ndp.h> 58 #include <inet/sadb.h> 59 #include <inet/ipsec_info.h> 60 #include <inet/ipsec_impl.h> 61 #include <inet/ipsecesp.h> 62 #include <inet/ipdrop.h> 63 #include <inet/tcp.h> 64 #include <sys/kstat.h> 65 #include <sys/policy.h> 66 #include <sys/strsun.h> 67 #include <sys/strsubr.h> 68 #include <inet/udp_impl.h> 69 #include <sys/taskq.h> 70 #include <sys/note.h> 71 72 #include <sys/tsol/tnet.h> 73 74 /* 75 * Table of ND variables supported by ipsecesp. These are loaded into 76 * ipsecesp_g_nd in ipsecesp_init_nd. 77 * All of these are alterable, within the min/max values given, at run time. 78 */ 79 static ipsecespparam_t lcl_param_arr[] = { 80 /* min max value name */ 81 { 0, 3, 0, "ipsecesp_debug"}, 82 { 125, 32000, SADB_AGE_INTERVAL_DEFAULT, "ipsecesp_age_interval"}, 83 { 1, 10, 1, "ipsecesp_reap_delay"}, 84 { 1, SADB_MAX_REPLAY, 64, "ipsecesp_replay_size"}, 85 { 1, 300, 15, "ipsecesp_acquire_timeout"}, 86 { 1, 1800, 90, "ipsecesp_larval_timeout"}, 87 /* Default lifetime values for ACQUIRE messages. */ 88 { 0, 0xffffffffU, 0, "ipsecesp_default_soft_bytes"}, 89 { 0, 0xffffffffU, 0, "ipsecesp_default_hard_bytes"}, 90 { 0, 0xffffffffU, 24000, "ipsecesp_default_soft_addtime"}, 91 { 0, 0xffffffffU, 28800, "ipsecesp_default_hard_addtime"}, 92 { 0, 0xffffffffU, 0, "ipsecesp_default_soft_usetime"}, 93 { 0, 0xffffffffU, 0, "ipsecesp_default_hard_usetime"}, 94 { 0, 1, 0, "ipsecesp_log_unknown_spi"}, 95 { 0, 2, 1, "ipsecesp_padding_check"}, 96 { 0, 600, 20, "ipsecesp_nat_keepalive_interval"}, 97 }; 98 #define ipsecesp_debug ipsecesp_params[0].ipsecesp_param_value 99 #define ipsecesp_age_interval ipsecesp_params[1].ipsecesp_param_value 100 #define ipsecesp_age_int_max ipsecesp_params[1].ipsecesp_param_max 101 #define ipsecesp_reap_delay ipsecesp_params[2].ipsecesp_param_value 102 #define ipsecesp_replay_size ipsecesp_params[3].ipsecesp_param_value 103 #define ipsecesp_acquire_timeout \ 104 ipsecesp_params[4].ipsecesp_param_value 105 #define ipsecesp_larval_timeout \ 106 ipsecesp_params[5].ipsecesp_param_value 107 #define ipsecesp_default_soft_bytes \ 108 ipsecesp_params[6].ipsecesp_param_value 109 #define ipsecesp_default_hard_bytes \ 110 ipsecesp_params[7].ipsecesp_param_value 111 #define ipsecesp_default_soft_addtime \ 112 ipsecesp_params[8].ipsecesp_param_value 113 #define ipsecesp_default_hard_addtime \ 114 ipsecesp_params[9].ipsecesp_param_value 115 #define ipsecesp_default_soft_usetime \ 116 ipsecesp_params[10].ipsecesp_param_value 117 #define ipsecesp_default_hard_usetime \ 118 ipsecesp_params[11].ipsecesp_param_value 119 #define ipsecesp_log_unknown_spi \ 120 ipsecesp_params[12].ipsecesp_param_value 121 #define ipsecesp_padding_check \ 122 ipsecesp_params[13].ipsecesp_param_value 123 /* For ipsecesp_nat_keepalive_interval, see ipsecesp.h. */ 124 125 #define esp0dbg(a) printf a 126 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */ 127 #define esp1dbg(espstack, a) if (espstack->ipsecesp_debug != 0) printf a 128 #define esp2dbg(espstack, a) if (espstack->ipsecesp_debug > 1) printf a 129 #define esp3dbg(espstack, a) if (espstack->ipsecesp_debug > 2) printf a 130 131 static int ipsecesp_open(queue_t *, dev_t *, int, int, cred_t *); 132 static int ipsecesp_close(queue_t *); 133 static void ipsecesp_wput(queue_t *, mblk_t *); 134 static void *ipsecesp_stack_init(netstackid_t stackid, netstack_t *ns); 135 static void ipsecesp_stack_fini(netstackid_t stackid, void *arg); 136 static void esp_send_acquire(ipsacq_t *, mblk_t *, netstack_t *); 137 138 static void esp_prepare_udp(netstack_t *, mblk_t *, ipha_t *); 139 static void esp_outbound_finish(mblk_t *, ip_xmit_attr_t *); 140 static void esp_inbound_restart(mblk_t *, ip_recv_attr_t *); 141 142 static boolean_t esp_register_out(uint32_t, uint32_t, uint_t, 143 ipsecesp_stack_t *, cred_t *); 144 static boolean_t esp_strip_header(mblk_t *, boolean_t, uint32_t, 145 kstat_named_t **, ipsecesp_stack_t *); 146 static mblk_t *esp_submit_req_inbound(mblk_t *, ip_recv_attr_t *, 147 ipsa_t *, uint_t); 148 static mblk_t *esp_submit_req_outbound(mblk_t *, ip_xmit_attr_t *, 149 ipsa_t *, uchar_t *, uint_t); 150 151 /* Setable in /etc/system */ 152 uint32_t esp_hash_size = IPSEC_DEFAULT_HASH_SIZE; 153 154 static struct module_info info = { 155 5137, "ipsecesp", 0, INFPSZ, 65536, 1024 156 }; 157 158 static struct qinit rinit = { 159 (pfi_t)putnext, NULL, ipsecesp_open, ipsecesp_close, NULL, &info, 160 NULL 161 }; 162 163 static struct qinit winit = { 164 (pfi_t)ipsecesp_wput, NULL, ipsecesp_open, ipsecesp_close, NULL, &info, 165 NULL 166 }; 167 168 struct streamtab ipsecespinfo = { 169 &rinit, &winit, NULL, NULL 170 }; 171 172 static taskq_t *esp_taskq; 173 174 /* 175 * OTOH, this one is set at open/close, and I'm D_MTQPAIR for now. 176 * 177 * Question: Do I need this, given that all instance's esps->esps_wq point 178 * to IP? 179 * 180 * Answer: Yes, because I need to know which queue is BOUND to 181 * IPPROTO_ESP 182 */ 183 184 /* 185 * Stats. This may eventually become a full-blown SNMP MIB once that spec 186 * stabilizes. 187 */ 188 189 typedef struct esp_kstats_s { 190 kstat_named_t esp_stat_num_aalgs; 191 kstat_named_t esp_stat_good_auth; 192 kstat_named_t esp_stat_bad_auth; 193 kstat_named_t esp_stat_bad_padding; 194 kstat_named_t esp_stat_replay_failures; 195 kstat_named_t esp_stat_replay_early_failures; 196 kstat_named_t esp_stat_keysock_in; 197 kstat_named_t esp_stat_out_requests; 198 kstat_named_t esp_stat_acquire_requests; 199 kstat_named_t esp_stat_bytes_expired; 200 kstat_named_t esp_stat_out_discards; 201 kstat_named_t esp_stat_crypto_sync; 202 kstat_named_t esp_stat_crypto_async; 203 kstat_named_t esp_stat_crypto_failures; 204 kstat_named_t esp_stat_num_ealgs; 205 kstat_named_t esp_stat_bad_decrypt; 206 kstat_named_t esp_stat_sa_port_renumbers; 207 } esp_kstats_t; 208 209 /* 210 * espstack->esp_kstats is equal to espstack->esp_ksp->ks_data if 211 * kstat_create_netstack for espstack->esp_ksp succeeds, but when it 212 * fails, it will be NULL. Note this is done for all stack instances, 213 * so it *could* fail. hence a non-NULL checking is done for 214 * ESP_BUMP_STAT and ESP_DEBUMP_STAT 215 */ 216 #define ESP_BUMP_STAT(espstack, x) \ 217 do { \ 218 if (espstack->esp_kstats != NULL) \ 219 (espstack->esp_kstats->esp_stat_ ## x).value.ui64++; \ 220 _NOTE(CONSTCOND) \ 221 } while (0) 222 223 #define ESP_DEBUMP_STAT(espstack, x) \ 224 do { \ 225 if (espstack->esp_kstats != NULL) \ 226 (espstack->esp_kstats->esp_stat_ ## x).value.ui64--; \ 227 _NOTE(CONSTCOND) \ 228 } while (0) 229 230 static int esp_kstat_update(kstat_t *, int); 231 232 static boolean_t 233 esp_kstat_init(ipsecesp_stack_t *espstack, netstackid_t stackid) 234 { 235 espstack->esp_ksp = kstat_create_netstack("ipsecesp", 0, "esp_stat", 236 "net", KSTAT_TYPE_NAMED, 237 sizeof (esp_kstats_t) / sizeof (kstat_named_t), 238 KSTAT_FLAG_PERSISTENT, stackid); 239 240 if (espstack->esp_ksp == NULL || espstack->esp_ksp->ks_data == NULL) 241 return (B_FALSE); 242 243 espstack->esp_kstats = espstack->esp_ksp->ks_data; 244 245 espstack->esp_ksp->ks_update = esp_kstat_update; 246 espstack->esp_ksp->ks_private = (void *)(uintptr_t)stackid; 247 248 #define K64 KSTAT_DATA_UINT64 249 #define KI(x) kstat_named_init(&(espstack->esp_kstats->esp_stat_##x), #x, K64) 250 251 KI(num_aalgs); 252 KI(num_ealgs); 253 KI(good_auth); 254 KI(bad_auth); 255 KI(bad_padding); 256 KI(replay_failures); 257 KI(replay_early_failures); 258 KI(keysock_in); 259 KI(out_requests); 260 KI(acquire_requests); 261 KI(bytes_expired); 262 KI(out_discards); 263 KI(crypto_sync); 264 KI(crypto_async); 265 KI(crypto_failures); 266 KI(bad_decrypt); 267 KI(sa_port_renumbers); 268 269 #undef KI 270 #undef K64 271 272 kstat_install(espstack->esp_ksp); 273 274 return (B_TRUE); 275 } 276 277 static int 278 esp_kstat_update(kstat_t *kp, int rw) 279 { 280 esp_kstats_t *ekp; 281 netstackid_t stackid = (zoneid_t)(uintptr_t)kp->ks_private; 282 netstack_t *ns; 283 ipsec_stack_t *ipss; 284 285 if ((kp == NULL) || (kp->ks_data == NULL)) 286 return (EIO); 287 288 if (rw == KSTAT_WRITE) 289 return (EACCES); 290 291 ns = netstack_find_by_stackid(stackid); 292 if (ns == NULL) 293 return (-1); 294 ipss = ns->netstack_ipsec; 295 if (ipss == NULL) { 296 netstack_rele(ns); 297 return (-1); 298 } 299 ekp = (esp_kstats_t *)kp->ks_data; 300 301 mutex_enter(&ipss->ipsec_alg_lock); 302 ekp->esp_stat_num_aalgs.value.ui64 = 303 ipss->ipsec_nalgs[IPSEC_ALG_AUTH]; 304 ekp->esp_stat_num_ealgs.value.ui64 = 305 ipss->ipsec_nalgs[IPSEC_ALG_ENCR]; 306 mutex_exit(&ipss->ipsec_alg_lock); 307 308 netstack_rele(ns); 309 return (0); 310 } 311 312 #ifdef DEBUG 313 /* 314 * Debug routine, useful to see pre-encryption data. 315 */ 316 static char * 317 dump_msg(mblk_t *mp) 318 { 319 char tmp_str[3], tmp_line[256]; 320 321 while (mp != NULL) { 322 unsigned char *ptr; 323 324 printf("mblk address 0x%p, length %ld, db_ref %d " 325 "type %d, base 0x%p, lim 0x%p\n", 326 (void *) mp, (long)(mp->b_wptr - mp->b_rptr), 327 mp->b_datap->db_ref, mp->b_datap->db_type, 328 (void *)mp->b_datap->db_base, (void *)mp->b_datap->db_lim); 329 ptr = mp->b_rptr; 330 331 tmp_line[0] = '\0'; 332 while (ptr < mp->b_wptr) { 333 uint_t diff; 334 335 diff = (ptr - mp->b_rptr); 336 if (!(diff & 0x1f)) { 337 if (strlen(tmp_line) > 0) { 338 printf("bytes: %s\n", tmp_line); 339 tmp_line[0] = '\0'; 340 } 341 } 342 if (!(diff & 0x3)) 343 (void) strcat(tmp_line, " "); 344 (void) sprintf(tmp_str, "%02x", *ptr); 345 (void) strcat(tmp_line, tmp_str); 346 ptr++; 347 } 348 if (strlen(tmp_line) > 0) 349 printf("bytes: %s\n", tmp_line); 350 351 mp = mp->b_cont; 352 } 353 354 return ("\n"); 355 } 356 357 #else /* DEBUG */ 358 static char * 359 dump_msg(mblk_t *mp) 360 { 361 printf("Find value of mp %p.\n", mp); 362 return ("\n"); 363 } 364 #endif /* DEBUG */ 365 366 /* 367 * Don't have to lock age_interval, as only one thread will access it at 368 * a time, because I control the one function that does with timeout(). 369 */ 370 static void 371 esp_ager(void *arg) 372 { 373 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)arg; 374 netstack_t *ns = espstack->ipsecesp_netstack; 375 hrtime_t begin = gethrtime(); 376 377 sadb_ager(&espstack->esp_sadb.s_v4, espstack->esp_pfkey_q, 378 espstack->ipsecesp_reap_delay, ns); 379 sadb_ager(&espstack->esp_sadb.s_v6, espstack->esp_pfkey_q, 380 espstack->ipsecesp_reap_delay, ns); 381 382 espstack->esp_event = sadb_retimeout(begin, espstack->esp_pfkey_q, 383 esp_ager, espstack, 384 &espstack->ipsecesp_age_interval, espstack->ipsecesp_age_int_max, 385 info.mi_idnum); 386 } 387 388 /* 389 * Get an ESP NDD parameter. 390 */ 391 /* ARGSUSED */ 392 static int 393 ipsecesp_param_get(q, mp, cp, cr) 394 queue_t *q; 395 mblk_t *mp; 396 caddr_t cp; 397 cred_t *cr; 398 { 399 ipsecespparam_t *ipsecesppa = (ipsecespparam_t *)cp; 400 uint_t value; 401 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 402 403 mutex_enter(&espstack->ipsecesp_param_lock); 404 value = ipsecesppa->ipsecesp_param_value; 405 mutex_exit(&espstack->ipsecesp_param_lock); 406 407 (void) mi_mpprintf(mp, "%u", value); 408 return (0); 409 } 410 411 /* 412 * This routine sets an NDD variable in a ipsecespparam_t structure. 413 */ 414 /* ARGSUSED */ 415 static int 416 ipsecesp_param_set(q, mp, value, cp, cr) 417 queue_t *q; 418 mblk_t *mp; 419 char *value; 420 caddr_t cp; 421 cred_t *cr; 422 { 423 ulong_t new_value; 424 ipsecespparam_t *ipsecesppa = (ipsecespparam_t *)cp; 425 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 426 427 /* 428 * Fail the request if the new value does not lie within the 429 * required bounds. 430 */ 431 if (ddi_strtoul(value, NULL, 10, &new_value) != 0 || 432 new_value < ipsecesppa->ipsecesp_param_min || 433 new_value > ipsecesppa->ipsecesp_param_max) { 434 return (EINVAL); 435 } 436 437 /* Set the new value */ 438 mutex_enter(&espstack->ipsecesp_param_lock); 439 ipsecesppa->ipsecesp_param_value = new_value; 440 mutex_exit(&espstack->ipsecesp_param_lock); 441 return (0); 442 } 443 444 /* 445 * Using lifetime NDD variables, fill in an extended combination's 446 * lifetime information. 447 */ 448 void 449 ipsecesp_fill_defs(sadb_x_ecomb_t *ecomb, netstack_t *ns) 450 { 451 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 452 453 ecomb->sadb_x_ecomb_soft_bytes = espstack->ipsecesp_default_soft_bytes; 454 ecomb->sadb_x_ecomb_hard_bytes = espstack->ipsecesp_default_hard_bytes; 455 ecomb->sadb_x_ecomb_soft_addtime = 456 espstack->ipsecesp_default_soft_addtime; 457 ecomb->sadb_x_ecomb_hard_addtime = 458 espstack->ipsecesp_default_hard_addtime; 459 ecomb->sadb_x_ecomb_soft_usetime = 460 espstack->ipsecesp_default_soft_usetime; 461 ecomb->sadb_x_ecomb_hard_usetime = 462 espstack->ipsecesp_default_hard_usetime; 463 } 464 465 /* 466 * Initialize things for ESP at module load time. 467 */ 468 boolean_t 469 ipsecesp_ddi_init(void) 470 { 471 esp_taskq = taskq_create("esp_taskq", 1, minclsyspri, 472 IPSEC_TASKQ_MIN, IPSEC_TASKQ_MAX, 0); 473 474 /* 475 * We want to be informed each time a stack is created or 476 * destroyed in the kernel, so we can maintain the 477 * set of ipsecesp_stack_t's. 478 */ 479 netstack_register(NS_IPSECESP, ipsecesp_stack_init, NULL, 480 ipsecesp_stack_fini); 481 482 return (B_TRUE); 483 } 484 485 /* 486 * Walk through the param array specified registering each element with the 487 * named dispatch handler. 488 */ 489 static boolean_t 490 ipsecesp_param_register(IDP *ndp, ipsecespparam_t *espp, int cnt) 491 { 492 for (; cnt-- > 0; espp++) { 493 if (espp->ipsecesp_param_name != NULL && 494 espp->ipsecesp_param_name[0]) { 495 if (!nd_load(ndp, 496 espp->ipsecesp_param_name, 497 ipsecesp_param_get, ipsecesp_param_set, 498 (caddr_t)espp)) { 499 nd_free(ndp); 500 return (B_FALSE); 501 } 502 } 503 } 504 return (B_TRUE); 505 } 506 /* 507 * Initialize things for ESP for each stack instance 508 */ 509 static void * 510 ipsecesp_stack_init(netstackid_t stackid, netstack_t *ns) 511 { 512 ipsecesp_stack_t *espstack; 513 ipsecespparam_t *espp; 514 515 espstack = (ipsecesp_stack_t *)kmem_zalloc(sizeof (*espstack), 516 KM_SLEEP); 517 espstack->ipsecesp_netstack = ns; 518 519 espp = (ipsecespparam_t *)kmem_alloc(sizeof (lcl_param_arr), KM_SLEEP); 520 espstack->ipsecesp_params = espp; 521 bcopy(lcl_param_arr, espp, sizeof (lcl_param_arr)); 522 523 (void) ipsecesp_param_register(&espstack->ipsecesp_g_nd, espp, 524 A_CNT(lcl_param_arr)); 525 526 (void) esp_kstat_init(espstack, stackid); 527 528 espstack->esp_sadb.s_acquire_timeout = 529 &espstack->ipsecesp_acquire_timeout; 530 espstack->esp_sadb.s_acqfn = esp_send_acquire; 531 sadbp_init("ESP", &espstack->esp_sadb, SADB_SATYPE_ESP, esp_hash_size, 532 espstack->ipsecesp_netstack); 533 534 mutex_init(&espstack->ipsecesp_param_lock, NULL, MUTEX_DEFAULT, 0); 535 536 ip_drop_register(&espstack->esp_dropper, "IPsec ESP"); 537 return (espstack); 538 } 539 540 /* 541 * Destroy things for ESP at module unload time. 542 */ 543 void 544 ipsecesp_ddi_destroy(void) 545 { 546 netstack_unregister(NS_IPSECESP); 547 taskq_destroy(esp_taskq); 548 } 549 550 /* 551 * Destroy things for ESP for one stack instance 552 */ 553 static void 554 ipsecesp_stack_fini(netstackid_t stackid, void *arg) 555 { 556 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)arg; 557 558 if (espstack->esp_pfkey_q != NULL) { 559 (void) quntimeout(espstack->esp_pfkey_q, espstack->esp_event); 560 } 561 espstack->esp_sadb.s_acqfn = NULL; 562 espstack->esp_sadb.s_acquire_timeout = NULL; 563 sadbp_destroy(&espstack->esp_sadb, espstack->ipsecesp_netstack); 564 ip_drop_unregister(&espstack->esp_dropper); 565 mutex_destroy(&espstack->ipsecesp_param_lock); 566 nd_free(&espstack->ipsecesp_g_nd); 567 568 kmem_free(espstack->ipsecesp_params, sizeof (lcl_param_arr)); 569 espstack->ipsecesp_params = NULL; 570 kstat_delete_netstack(espstack->esp_ksp, stackid); 571 espstack->esp_ksp = NULL; 572 espstack->esp_kstats = NULL; 573 kmem_free(espstack, sizeof (*espstack)); 574 } 575 576 /* 577 * ESP module open routine, which is here for keysock plumbing. 578 * Keysock is pushed over {AH,ESP} which is an artifact from the Bad Old 579 * Days of export control, and fears that ESP would not be allowed 580 * to be shipped at all by default. Eventually, keysock should 581 * either access AH and ESP via modstubs or krtld dependencies, or 582 * perhaps be folded in with AH and ESP into a single IPsec/netsec 583 * module ("netsec" if PF_KEY provides more than AH/ESP keying tables). 584 */ 585 /* ARGSUSED */ 586 static int 587 ipsecesp_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp) 588 { 589 netstack_t *ns; 590 ipsecesp_stack_t *espstack; 591 592 if (secpolicy_ip_config(credp, B_FALSE) != 0) 593 return (EPERM); 594 595 if (q->q_ptr != NULL) 596 return (0); /* Re-open of an already open instance. */ 597 598 if (sflag != MODOPEN) 599 return (EINVAL); 600 601 ns = netstack_find_by_cred(credp); 602 ASSERT(ns != NULL); 603 espstack = ns->netstack_ipsecesp; 604 ASSERT(espstack != NULL); 605 606 q->q_ptr = espstack; 607 WR(q)->q_ptr = q->q_ptr; 608 609 qprocson(q); 610 return (0); 611 } 612 613 /* 614 * ESP module close routine. 615 */ 616 static int 617 ipsecesp_close(queue_t *q) 618 { 619 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 620 621 /* 622 * Clean up q_ptr, if needed. 623 */ 624 qprocsoff(q); 625 626 /* Keysock queue check is safe, because of OCEXCL perimeter. */ 627 628 if (q == espstack->esp_pfkey_q) { 629 esp1dbg(espstack, 630 ("ipsecesp_close: Ummm... keysock is closing ESP.\n")); 631 espstack->esp_pfkey_q = NULL; 632 /* Detach qtimeouts. */ 633 (void) quntimeout(q, espstack->esp_event); 634 } 635 636 netstack_rele(espstack->ipsecesp_netstack); 637 return (0); 638 } 639 640 /* 641 * Add a number of bytes to what the SA has protected so far. Return 642 * B_TRUE if the SA can still protect that many bytes. 643 * 644 * Caller must REFRELE the passed-in assoc. This function must REFRELE 645 * any obtained peer SA. 646 */ 647 static boolean_t 648 esp_age_bytes(ipsa_t *assoc, uint64_t bytes, boolean_t inbound) 649 { 650 ipsa_t *inassoc, *outassoc; 651 isaf_t *bucket; 652 boolean_t inrc, outrc, isv6; 653 sadb_t *sp; 654 int outhash; 655 netstack_t *ns = assoc->ipsa_netstack; 656 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 657 658 /* No peer? No problem! */ 659 if (!assoc->ipsa_haspeer) { 660 return (sadb_age_bytes(espstack->esp_pfkey_q, assoc, bytes, 661 B_TRUE)); 662 } 663 664 /* 665 * Otherwise, we want to grab both the original assoc and its peer. 666 * There might be a race for this, but if it's a real race, two 667 * expire messages may occur. We limit this by only sending the 668 * expire message on one of the peers, we'll pick the inbound 669 * arbitrarily. 670 * 671 * If we need tight synchronization on the peer SA, then we need to 672 * reconsider. 673 */ 674 675 /* Use address length to select IPv6/IPv4 */ 676 isv6 = (assoc->ipsa_addrfam == AF_INET6); 677 sp = isv6 ? &espstack->esp_sadb.s_v6 : &espstack->esp_sadb.s_v4; 678 679 if (inbound) { 680 inassoc = assoc; 681 if (isv6) { 682 outhash = OUTBOUND_HASH_V6(sp, *((in6_addr_t *) 683 &inassoc->ipsa_dstaddr)); 684 } else { 685 outhash = OUTBOUND_HASH_V4(sp, *((ipaddr_t *) 686 &inassoc->ipsa_dstaddr)); 687 } 688 bucket = &sp->sdb_of[outhash]; 689 mutex_enter(&bucket->isaf_lock); 690 outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi, 691 inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr, 692 inassoc->ipsa_addrfam); 693 mutex_exit(&bucket->isaf_lock); 694 if (outassoc == NULL) { 695 /* Q: Do we wish to set haspeer == B_FALSE? */ 696 esp0dbg(("esp_age_bytes: " 697 "can't find peer for inbound.\n")); 698 return (sadb_age_bytes(espstack->esp_pfkey_q, inassoc, 699 bytes, B_TRUE)); 700 } 701 } else { 702 outassoc = assoc; 703 bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi); 704 mutex_enter(&bucket->isaf_lock); 705 inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi, 706 outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr, 707 outassoc->ipsa_addrfam); 708 mutex_exit(&bucket->isaf_lock); 709 if (inassoc == NULL) { 710 /* Q: Do we wish to set haspeer == B_FALSE? */ 711 esp0dbg(("esp_age_bytes: " 712 "can't find peer for outbound.\n")); 713 return (sadb_age_bytes(espstack->esp_pfkey_q, outassoc, 714 bytes, B_TRUE)); 715 } 716 } 717 718 inrc = sadb_age_bytes(espstack->esp_pfkey_q, inassoc, bytes, B_TRUE); 719 outrc = sadb_age_bytes(espstack->esp_pfkey_q, outassoc, bytes, B_FALSE); 720 721 /* 722 * REFRELE any peer SA. 723 * 724 * Because of the multi-line macro nature of IPSA_REFRELE, keep 725 * them in { }. 726 */ 727 if (inbound) { 728 IPSA_REFRELE(outassoc); 729 } else { 730 IPSA_REFRELE(inassoc); 731 } 732 733 return (inrc && outrc); 734 } 735 736 /* 737 * Do incoming NAT-T manipulations for packet. 738 * Returns NULL if the mblk chain is consumed. 739 */ 740 static mblk_t * 741 esp_fix_natt_checksums(mblk_t *data_mp, ipsa_t *assoc) 742 { 743 ipha_t *ipha = (ipha_t *)data_mp->b_rptr; 744 tcpha_t *tcpha; 745 udpha_t *udpha; 746 /* Initialize to our inbound cksum adjustment... */ 747 uint32_t sum = assoc->ipsa_inbound_cksum; 748 749 switch (ipha->ipha_protocol) { 750 case IPPROTO_TCP: 751 tcpha = (tcpha_t *)(data_mp->b_rptr + 752 IPH_HDR_LENGTH(ipha)); 753 754 #define DOWN_SUM(x) (x) = ((x) & 0xFFFF) + ((x) >> 16) 755 sum += ~ntohs(tcpha->tha_sum) & 0xFFFF; 756 DOWN_SUM(sum); 757 DOWN_SUM(sum); 758 tcpha->tha_sum = ~htons(sum); 759 break; 760 case IPPROTO_UDP: 761 udpha = (udpha_t *)(data_mp->b_rptr + IPH_HDR_LENGTH(ipha)); 762 763 if (udpha->uha_checksum != 0) { 764 /* Adujst if the inbound one was not zero. */ 765 sum += ~ntohs(udpha->uha_checksum) & 0xFFFF; 766 DOWN_SUM(sum); 767 DOWN_SUM(sum); 768 udpha->uha_checksum = ~htons(sum); 769 if (udpha->uha_checksum == 0) 770 udpha->uha_checksum = 0xFFFF; 771 } 772 #undef DOWN_SUM 773 break; 774 case IPPROTO_IP: 775 /* 776 * This case is only an issue for self-encapsulated 777 * packets. So for now, fall through. 778 */ 779 break; 780 } 781 return (data_mp); 782 } 783 784 785 /* 786 * Strip ESP header, check padding, and fix IP header. 787 * Returns B_TRUE on success, B_FALSE if an error occured. 788 */ 789 static boolean_t 790 esp_strip_header(mblk_t *data_mp, boolean_t isv4, uint32_t ivlen, 791 kstat_named_t **counter, ipsecesp_stack_t *espstack) 792 { 793 ipha_t *ipha; 794 ip6_t *ip6h; 795 uint_t divpoint; 796 mblk_t *scratch; 797 uint8_t nexthdr, padlen; 798 uint8_t lastpad; 799 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 800 uint8_t *lastbyte; 801 802 /* 803 * Strip ESP data and fix IP header. 804 * 805 * XXX In case the beginning of esp_inbound() changes to not do a 806 * pullup, this part of the code can remain unchanged. 807 */ 808 if (isv4) { 809 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (ipha_t)); 810 ipha = (ipha_t *)data_mp->b_rptr; 811 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (esph_t) + 812 IPH_HDR_LENGTH(ipha)); 813 divpoint = IPH_HDR_LENGTH(ipha); 814 } else { 815 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (ip6_t)); 816 ip6h = (ip6_t *)data_mp->b_rptr; 817 divpoint = ip_hdr_length_v6(data_mp, ip6h); 818 } 819 820 scratch = data_mp; 821 while (scratch->b_cont != NULL) 822 scratch = scratch->b_cont; 823 824 ASSERT((scratch->b_wptr - scratch->b_rptr) >= 3); 825 826 /* 827 * "Next header" and padding length are the last two bytes in the 828 * ESP-protected datagram, thus the explicit - 1 and - 2. 829 * lastpad is the last byte of the padding, which can be used for 830 * a quick check to see if the padding is correct. 831 */ 832 lastbyte = scratch->b_wptr - 1; 833 nexthdr = *lastbyte--; 834 padlen = *lastbyte--; 835 836 if (isv4) { 837 /* Fix part of the IP header. */ 838 ipha->ipha_protocol = nexthdr; 839 /* 840 * Reality check the padlen. The explicit - 2 is for the 841 * padding length and the next-header bytes. 842 */ 843 if (padlen >= ntohs(ipha->ipha_length) - sizeof (ipha_t) - 2 - 844 sizeof (esph_t) - ivlen) { 845 ESP_BUMP_STAT(espstack, bad_decrypt); 846 ipsec_rl_strlog(espstack->ipsecesp_netstack, 847 info.mi_idnum, 0, 0, 848 SL_ERROR | SL_WARN, 849 "Corrupt ESP packet (padlen too big).\n"); 850 esp1dbg(espstack, ("padlen (%d) is greater than:\n", 851 padlen)); 852 esp1dbg(espstack, ("pkt len(%d) - ip hdr - esp " 853 "hdr - ivlen(%d) = %d.\n", 854 ntohs(ipha->ipha_length), ivlen, 855 (int)(ntohs(ipha->ipha_length) - sizeof (ipha_t) - 856 2 - sizeof (esph_t) - ivlen))); 857 *counter = DROPPER(ipss, ipds_esp_bad_padlen); 858 return (B_FALSE); 859 } 860 861 /* 862 * Fix the rest of the header. The explicit - 2 is for the 863 * padding length and the next-header bytes. 864 */ 865 ipha->ipha_length = htons(ntohs(ipha->ipha_length) - padlen - 866 2 - sizeof (esph_t) - ivlen); 867 ipha->ipha_hdr_checksum = 0; 868 ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha); 869 } else { 870 if (ip6h->ip6_nxt == IPPROTO_ESP) { 871 ip6h->ip6_nxt = nexthdr; 872 } else { 873 ip_pkt_t ipp; 874 875 bzero(&ipp, sizeof (ipp)); 876 (void) ip_find_hdr_v6(data_mp, ip6h, B_FALSE, &ipp, 877 NULL); 878 if (ipp.ipp_dstopts != NULL) { 879 ipp.ipp_dstopts->ip6d_nxt = nexthdr; 880 } else if (ipp.ipp_rthdr != NULL) { 881 ipp.ipp_rthdr->ip6r_nxt = nexthdr; 882 } else if (ipp.ipp_hopopts != NULL) { 883 ipp.ipp_hopopts->ip6h_nxt = nexthdr; 884 } else { 885 /* Panic a DEBUG kernel. */ 886 ASSERT(ipp.ipp_hopopts != NULL); 887 /* Otherwise, pretend it's IP + ESP. */ 888 cmn_err(CE_WARN, "ESP IPv6 headers wrong.\n"); 889 ip6h->ip6_nxt = nexthdr; 890 } 891 } 892 893 if (padlen >= ntohs(ip6h->ip6_plen) - 2 - sizeof (esph_t) - 894 ivlen) { 895 ESP_BUMP_STAT(espstack, bad_decrypt); 896 ipsec_rl_strlog(espstack->ipsecesp_netstack, 897 info.mi_idnum, 0, 0, 898 SL_ERROR | SL_WARN, 899 "Corrupt ESP packet (v6 padlen too big).\n"); 900 esp1dbg(espstack, ("padlen (%d) is greater than:\n", 901 padlen)); 902 esp1dbg(espstack, 903 ("pkt len(%u) - ip hdr - esp hdr - ivlen(%d) = " 904 "%u.\n", (unsigned)(ntohs(ip6h->ip6_plen) 905 + sizeof (ip6_t)), ivlen, 906 (unsigned)(ntohs(ip6h->ip6_plen) - 2 - 907 sizeof (esph_t) - ivlen))); 908 *counter = DROPPER(ipss, ipds_esp_bad_padlen); 909 return (B_FALSE); 910 } 911 912 913 /* 914 * Fix the rest of the header. The explicit - 2 is for the 915 * padding length and the next-header bytes. IPv6 is nice, 916 * because there's no hdr checksum! 917 */ 918 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - padlen - 919 2 - sizeof (esph_t) - ivlen); 920 } 921 922 if (espstack->ipsecesp_padding_check > 0 && padlen > 0) { 923 /* 924 * Weak padding check: compare last-byte to length, they 925 * should be equal. 926 */ 927 lastpad = *lastbyte--; 928 929 if (padlen != lastpad) { 930 ipsec_rl_strlog(espstack->ipsecesp_netstack, 931 info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 932 "Corrupt ESP packet (lastpad != padlen).\n"); 933 esp1dbg(espstack, 934 ("lastpad (%d) not equal to padlen (%d):\n", 935 lastpad, padlen)); 936 ESP_BUMP_STAT(espstack, bad_padding); 937 *counter = DROPPER(ipss, ipds_esp_bad_padding); 938 return (B_FALSE); 939 } 940 941 /* 942 * Strong padding check: Check all pad bytes to see that 943 * they're ascending. Go backwards using a descending counter 944 * to verify. padlen == 1 is checked by previous block, so 945 * only bother if we've more than 1 byte of padding. 946 * Consequently, start the check one byte before the location 947 * of "lastpad". 948 */ 949 if (espstack->ipsecesp_padding_check > 1) { 950 /* 951 * This assert may have to become an if and a pullup 952 * if we start accepting multi-dblk mblks. For now, 953 * though, any packet here will have been pulled up in 954 * esp_inbound. 955 */ 956 ASSERT(MBLKL(scratch) >= lastpad + 3); 957 958 /* 959 * Use "--lastpad" because we already checked the very 960 * last pad byte previously. 961 */ 962 while (--lastpad != 0) { 963 if (lastpad != *lastbyte) { 964 ipsec_rl_strlog( 965 espstack->ipsecesp_netstack, 966 info.mi_idnum, 0, 0, 967 SL_ERROR | SL_WARN, "Corrupt ESP " 968 "packet (bad padding).\n"); 969 esp1dbg(espstack, 970 ("padding not in correct" 971 " format:\n")); 972 ESP_BUMP_STAT(espstack, bad_padding); 973 *counter = DROPPER(ipss, 974 ipds_esp_bad_padding); 975 return (B_FALSE); 976 } 977 lastbyte--; 978 } 979 } 980 } 981 982 /* Trim off the padding. */ 983 ASSERT(data_mp->b_cont == NULL); 984 data_mp->b_wptr -= (padlen + 2); 985 986 /* 987 * Remove the ESP header. 988 * 989 * The above assertions about data_mp's size will make this work. 990 * 991 * XXX Question: If I send up and get back a contiguous mblk, 992 * would it be quicker to bcopy over, or keep doing the dupb stuff? 993 * I go with copying for now. 994 */ 995 996 if (IS_P2ALIGNED(data_mp->b_rptr, sizeof (uint32_t)) && 997 IS_P2ALIGNED(ivlen, sizeof (uint32_t))) { 998 uint8_t *start = data_mp->b_rptr; 999 uint32_t *src, *dst; 1000 1001 src = (uint32_t *)(start + divpoint); 1002 dst = (uint32_t *)(start + divpoint + sizeof (esph_t) + ivlen); 1003 1004 ASSERT(IS_P2ALIGNED(dst, sizeof (uint32_t)) && 1005 IS_P2ALIGNED(src, sizeof (uint32_t))); 1006 1007 do { 1008 src--; 1009 dst--; 1010 *dst = *src; 1011 } while (src != (uint32_t *)start); 1012 1013 data_mp->b_rptr = (uchar_t *)dst; 1014 } else { 1015 uint8_t *start = data_mp->b_rptr; 1016 uint8_t *src, *dst; 1017 1018 src = start + divpoint; 1019 dst = src + sizeof (esph_t) + ivlen; 1020 1021 do { 1022 src--; 1023 dst--; 1024 *dst = *src; 1025 } while (src != start); 1026 1027 data_mp->b_rptr = dst; 1028 } 1029 1030 esp2dbg(espstack, ("data_mp after inbound ESP adjustment:\n")); 1031 esp2dbg(espstack, (dump_msg(data_mp))); 1032 1033 return (B_TRUE); 1034 } 1035 1036 /* 1037 * Updating use times can be tricky business if the ipsa_haspeer flag is 1038 * set. This function is called once in an SA's lifetime. 1039 * 1040 * Caller has to REFRELE "assoc" which is passed in. This function has 1041 * to REFRELE any peer SA that is obtained. 1042 */ 1043 static void 1044 esp_set_usetime(ipsa_t *assoc, boolean_t inbound) 1045 { 1046 ipsa_t *inassoc, *outassoc; 1047 isaf_t *bucket; 1048 sadb_t *sp; 1049 int outhash; 1050 boolean_t isv6; 1051 netstack_t *ns = assoc->ipsa_netstack; 1052 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1053 1054 /* No peer? No problem! */ 1055 if (!assoc->ipsa_haspeer) { 1056 sadb_set_usetime(assoc); 1057 return; 1058 } 1059 1060 /* 1061 * Otherwise, we want to grab both the original assoc and its peer. 1062 * There might be a race for this, but if it's a real race, the times 1063 * will be out-of-synch by at most a second, and since our time 1064 * granularity is a second, this won't be a problem. 1065 * 1066 * If we need tight synchronization on the peer SA, then we need to 1067 * reconsider. 1068 */ 1069 1070 /* Use address length to select IPv6/IPv4 */ 1071 isv6 = (assoc->ipsa_addrfam == AF_INET6); 1072 sp = isv6 ? &espstack->esp_sadb.s_v6 : &espstack->esp_sadb.s_v4; 1073 1074 if (inbound) { 1075 inassoc = assoc; 1076 if (isv6) { 1077 outhash = OUTBOUND_HASH_V6(sp, *((in6_addr_t *) 1078 &inassoc->ipsa_dstaddr)); 1079 } else { 1080 outhash = OUTBOUND_HASH_V4(sp, *((ipaddr_t *) 1081 &inassoc->ipsa_dstaddr)); 1082 } 1083 bucket = &sp->sdb_of[outhash]; 1084 mutex_enter(&bucket->isaf_lock); 1085 outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi, 1086 inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr, 1087 inassoc->ipsa_addrfam); 1088 mutex_exit(&bucket->isaf_lock); 1089 if (outassoc == NULL) { 1090 /* Q: Do we wish to set haspeer == B_FALSE? */ 1091 esp0dbg(("esp_set_usetime: " 1092 "can't find peer for inbound.\n")); 1093 sadb_set_usetime(inassoc); 1094 return; 1095 } 1096 } else { 1097 outassoc = assoc; 1098 bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi); 1099 mutex_enter(&bucket->isaf_lock); 1100 inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi, 1101 outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr, 1102 outassoc->ipsa_addrfam); 1103 mutex_exit(&bucket->isaf_lock); 1104 if (inassoc == NULL) { 1105 /* Q: Do we wish to set haspeer == B_FALSE? */ 1106 esp0dbg(("esp_set_usetime: " 1107 "can't find peer for outbound.\n")); 1108 sadb_set_usetime(outassoc); 1109 return; 1110 } 1111 } 1112 1113 /* Update usetime on both. */ 1114 sadb_set_usetime(inassoc); 1115 sadb_set_usetime(outassoc); 1116 1117 /* 1118 * REFRELE any peer SA. 1119 * 1120 * Because of the multi-line macro nature of IPSA_REFRELE, keep 1121 * them in { }. 1122 */ 1123 if (inbound) { 1124 IPSA_REFRELE(outassoc); 1125 } else { 1126 IPSA_REFRELE(inassoc); 1127 } 1128 } 1129 1130 /* 1131 * Handle ESP inbound data for IPv4 and IPv6. 1132 * On success returns B_TRUE, on failure returns B_FALSE and frees the 1133 * mblk chain data_mp. 1134 */ 1135 mblk_t * 1136 esp_inbound(mblk_t *data_mp, void *arg, ip_recv_attr_t *ira) 1137 { 1138 esph_t *esph = (esph_t *)arg; 1139 ipsa_t *ipsa = ira->ira_ipsec_esp_sa; 1140 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack; 1141 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1142 ipsec_stack_t *ipss = ns->netstack_ipsec; 1143 1144 /* 1145 * We may wish to check replay in-range-only here as an optimization. 1146 * Include the reality check of ipsa->ipsa_replay > 1147 * ipsa->ipsa_replay_wsize for times when it's the first N packets, 1148 * where N == ipsa->ipsa_replay_wsize. 1149 * 1150 * Another check that may come here later is the "collision" check. 1151 * If legitimate packets flow quickly enough, this won't be a problem, 1152 * but collisions may cause authentication algorithm crunching to 1153 * take place when it doesn't need to. 1154 */ 1155 if (!sadb_replay_peek(ipsa, esph->esph_replay)) { 1156 ESP_BUMP_STAT(espstack, replay_early_failures); 1157 IP_ESP_BUMP_STAT(ipss, in_discards); 1158 ip_drop_packet(data_mp, B_TRUE, ira->ira_ill, 1159 DROPPER(ipss, ipds_esp_early_replay), 1160 &espstack->esp_dropper); 1161 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards); 1162 return (NULL); 1163 } 1164 1165 /* 1166 * Adjust the IP header's payload length to reflect the removal 1167 * of the ICV. 1168 */ 1169 if (!(ira->ira_flags & IRAF_IS_IPV4)) { 1170 ip6_t *ip6h = (ip6_t *)data_mp->b_rptr; 1171 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - 1172 ipsa->ipsa_mac_len); 1173 } else { 1174 ipha_t *ipha = (ipha_t *)data_mp->b_rptr; 1175 ipha->ipha_length = htons(ntohs(ipha->ipha_length) - 1176 ipsa->ipsa_mac_len); 1177 } 1178 1179 /* submit the request to the crypto framework */ 1180 return (esp_submit_req_inbound(data_mp, ira, ipsa, 1181 (uint8_t *)esph - data_mp->b_rptr)); 1182 } 1183 1184 /* 1185 * Perform the really difficult work of inserting the proposed situation. 1186 * Called while holding the algorithm lock. 1187 */ 1188 static void 1189 esp_insert_prop(sadb_prop_t *prop, ipsacq_t *acqrec, uint_t combs, 1190 netstack_t *ns) 1191 { 1192 sadb_comb_t *comb = (sadb_comb_t *)(prop + 1); 1193 ipsec_action_t *ap; 1194 ipsec_prot_t *prot; 1195 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1196 ipsec_stack_t *ipss = ns->netstack_ipsec; 1197 1198 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock)); 1199 1200 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 1201 prop->sadb_prop_len = SADB_8TO64(sizeof (sadb_prop_t)); 1202 *(uint32_t *)(&prop->sadb_prop_replay) = 0; /* Quick zero-out! */ 1203 1204 prop->sadb_prop_replay = espstack->ipsecesp_replay_size; 1205 1206 /* 1207 * Based upon algorithm properties, and what-not, prioritize a 1208 * proposal, based on the ordering of the ESP algorithms in the 1209 * alternatives in the policy rule or socket that was placed 1210 * in the acquire record. 1211 * 1212 * For each action in policy list 1213 * Add combination. If I've hit limit, return. 1214 */ 1215 1216 for (ap = acqrec->ipsacq_act; ap != NULL; 1217 ap = ap->ipa_next) { 1218 ipsec_alginfo_t *ealg = NULL; 1219 ipsec_alginfo_t *aalg = NULL; 1220 1221 if (ap->ipa_act.ipa_type != IPSEC_POLICY_APPLY) 1222 continue; 1223 1224 prot = &ap->ipa_act.ipa_apply; 1225 1226 if (!(prot->ipp_use_esp)) 1227 continue; 1228 1229 if (prot->ipp_esp_auth_alg != 0) { 1230 aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH] 1231 [prot->ipp_esp_auth_alg]; 1232 if (aalg == NULL || !ALG_VALID(aalg)) 1233 continue; 1234 } 1235 1236 ASSERT(prot->ipp_encr_alg > 0); 1237 ealg = ipss->ipsec_alglists[IPSEC_ALG_ENCR] 1238 [prot->ipp_encr_alg]; 1239 if (ealg == NULL || !ALG_VALID(ealg)) 1240 continue; 1241 1242 comb->sadb_comb_flags = 0; 1243 comb->sadb_comb_reserved = 0; 1244 comb->sadb_comb_encrypt = ealg->alg_id; 1245 comb->sadb_comb_encrypt_minbits = 1246 MAX(prot->ipp_espe_minbits, ealg->alg_ef_minbits); 1247 comb->sadb_comb_encrypt_maxbits = 1248 MIN(prot->ipp_espe_maxbits, ealg->alg_ef_maxbits); 1249 1250 if (aalg == NULL) { 1251 comb->sadb_comb_auth = 0; 1252 comb->sadb_comb_auth_minbits = 0; 1253 comb->sadb_comb_auth_maxbits = 0; 1254 } else { 1255 comb->sadb_comb_auth = aalg->alg_id; 1256 comb->sadb_comb_auth_minbits = 1257 MAX(prot->ipp_espa_minbits, aalg->alg_ef_minbits); 1258 comb->sadb_comb_auth_maxbits = 1259 MIN(prot->ipp_espa_maxbits, aalg->alg_ef_maxbits); 1260 } 1261 1262 /* 1263 * The following may be based on algorithm 1264 * properties, but in the meantime, we just pick 1265 * some good, sensible numbers. Key mgmt. can 1266 * (and perhaps should) be the place to finalize 1267 * such decisions. 1268 */ 1269 1270 /* 1271 * No limits on allocations, since we really don't 1272 * support that concept currently. 1273 */ 1274 comb->sadb_comb_soft_allocations = 0; 1275 comb->sadb_comb_hard_allocations = 0; 1276 1277 /* 1278 * These may want to come from policy rule.. 1279 */ 1280 comb->sadb_comb_soft_bytes = 1281 espstack->ipsecesp_default_soft_bytes; 1282 comb->sadb_comb_hard_bytes = 1283 espstack->ipsecesp_default_hard_bytes; 1284 comb->sadb_comb_soft_addtime = 1285 espstack->ipsecesp_default_soft_addtime; 1286 comb->sadb_comb_hard_addtime = 1287 espstack->ipsecesp_default_hard_addtime; 1288 comb->sadb_comb_soft_usetime = 1289 espstack->ipsecesp_default_soft_usetime; 1290 comb->sadb_comb_hard_usetime = 1291 espstack->ipsecesp_default_hard_usetime; 1292 1293 prop->sadb_prop_len += SADB_8TO64(sizeof (*comb)); 1294 if (--combs == 0) 1295 break; /* out of space.. */ 1296 comb++; 1297 } 1298 } 1299 1300 /* 1301 * Prepare and actually send the SADB_ACQUIRE message to PF_KEY. 1302 */ 1303 static void 1304 esp_send_acquire(ipsacq_t *acqrec, mblk_t *extended, netstack_t *ns) 1305 { 1306 uint_t combs; 1307 sadb_msg_t *samsg; 1308 sadb_prop_t *prop; 1309 mblk_t *pfkeymp, *msgmp; 1310 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1311 ipsec_stack_t *ipss = ns->netstack_ipsec; 1312 1313 ESP_BUMP_STAT(espstack, acquire_requests); 1314 1315 if (espstack->esp_pfkey_q == NULL) { 1316 mutex_exit(&acqrec->ipsacq_lock); 1317 return; 1318 } 1319 1320 /* Set up ACQUIRE. */ 1321 pfkeymp = sadb_setup_acquire(acqrec, SADB_SATYPE_ESP, 1322 ns->netstack_ipsec); 1323 if (pfkeymp == NULL) { 1324 esp0dbg(("sadb_setup_acquire failed.\n")); 1325 mutex_exit(&acqrec->ipsacq_lock); 1326 return; 1327 } 1328 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock)); 1329 combs = ipss->ipsec_nalgs[IPSEC_ALG_AUTH] * 1330 ipss->ipsec_nalgs[IPSEC_ALG_ENCR]; 1331 msgmp = pfkeymp->b_cont; 1332 samsg = (sadb_msg_t *)(msgmp->b_rptr); 1333 1334 /* Insert proposal here. */ 1335 1336 prop = (sadb_prop_t *)(((uint64_t *)samsg) + samsg->sadb_msg_len); 1337 esp_insert_prop(prop, acqrec, combs, ns); 1338 samsg->sadb_msg_len += prop->sadb_prop_len; 1339 msgmp->b_wptr += SADB_64TO8(samsg->sadb_msg_len); 1340 1341 mutex_exit(&ipss->ipsec_alg_lock); 1342 1343 /* 1344 * Must mutex_exit() before sending PF_KEY message up, in 1345 * order to avoid recursive mutex_enter() if there are no registered 1346 * listeners. 1347 * 1348 * Once I've sent the message, I'm cool anyway. 1349 */ 1350 mutex_exit(&acqrec->ipsacq_lock); 1351 if (extended != NULL) { 1352 putnext(espstack->esp_pfkey_q, extended); 1353 } 1354 putnext(espstack->esp_pfkey_q, pfkeymp); 1355 } 1356 1357 /* XXX refactor me */ 1358 /* 1359 * Handle the SADB_GETSPI message. Create a larval SA. 1360 */ 1361 static void 1362 esp_getspi(mblk_t *mp, keysock_in_t *ksi, ipsecesp_stack_t *espstack) 1363 { 1364 ipsa_t *newbie, *target; 1365 isaf_t *outbound, *inbound; 1366 int rc, diagnostic; 1367 sadb_sa_t *assoc; 1368 keysock_out_t *kso; 1369 uint32_t newspi; 1370 1371 /* 1372 * Randomly generate a proposed SPI value 1373 */ 1374 if (cl_inet_getspi != NULL) { 1375 cl_inet_getspi(espstack->ipsecesp_netstack->netstack_stackid, 1376 IPPROTO_ESP, (uint8_t *)&newspi, sizeof (uint32_t), NULL); 1377 } else { 1378 (void) random_get_pseudo_bytes((uint8_t *)&newspi, 1379 sizeof (uint32_t)); 1380 } 1381 newbie = sadb_getspi(ksi, newspi, &diagnostic, 1382 espstack->ipsecesp_netstack, IPPROTO_ESP); 1383 1384 if (newbie == NULL) { 1385 sadb_pfkey_error(espstack->esp_pfkey_q, mp, ENOMEM, diagnostic, 1386 ksi->ks_in_serial); 1387 return; 1388 } else if (newbie == (ipsa_t *)-1) { 1389 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, diagnostic, 1390 ksi->ks_in_serial); 1391 return; 1392 } 1393 1394 /* 1395 * XXX - We may randomly collide. We really should recover from this. 1396 * Unfortunately, that could require spending way-too-much-time 1397 * in here. For now, let the user retry. 1398 */ 1399 1400 if (newbie->ipsa_addrfam == AF_INET6) { 1401 outbound = OUTBOUND_BUCKET_V6(&espstack->esp_sadb.s_v6, 1402 *(uint32_t *)(newbie->ipsa_dstaddr)); 1403 inbound = INBOUND_BUCKET(&espstack->esp_sadb.s_v6, 1404 newbie->ipsa_spi); 1405 } else { 1406 ASSERT(newbie->ipsa_addrfam == AF_INET); 1407 outbound = OUTBOUND_BUCKET_V4(&espstack->esp_sadb.s_v4, 1408 *(uint32_t *)(newbie->ipsa_dstaddr)); 1409 inbound = INBOUND_BUCKET(&espstack->esp_sadb.s_v4, 1410 newbie->ipsa_spi); 1411 } 1412 1413 mutex_enter(&outbound->isaf_lock); 1414 mutex_enter(&inbound->isaf_lock); 1415 1416 /* 1417 * Check for collisions (i.e. did sadb_getspi() return with something 1418 * that already exists?). 1419 * 1420 * Try outbound first. Even though SADB_GETSPI is traditionally 1421 * for inbound SAs, you never know what a user might do. 1422 */ 1423 target = ipsec_getassocbyspi(outbound, newbie->ipsa_spi, 1424 newbie->ipsa_srcaddr, newbie->ipsa_dstaddr, newbie->ipsa_addrfam); 1425 if (target == NULL) { 1426 target = ipsec_getassocbyspi(inbound, newbie->ipsa_spi, 1427 newbie->ipsa_srcaddr, newbie->ipsa_dstaddr, 1428 newbie->ipsa_addrfam); 1429 } 1430 1431 /* 1432 * I don't have collisions elsewhere! 1433 * (Nor will I because I'm still holding inbound/outbound locks.) 1434 */ 1435 1436 if (target != NULL) { 1437 rc = EEXIST; 1438 IPSA_REFRELE(target); 1439 } else { 1440 /* 1441 * sadb_insertassoc() also checks for collisions, so 1442 * if there's a colliding entry, rc will be set 1443 * to EEXIST. 1444 */ 1445 rc = sadb_insertassoc(newbie, inbound); 1446 newbie->ipsa_hardexpiretime = gethrestime_sec(); 1447 newbie->ipsa_hardexpiretime += 1448 espstack->ipsecesp_larval_timeout; 1449 } 1450 1451 /* 1452 * Can exit outbound mutex. Hold inbound until we're done 1453 * with newbie. 1454 */ 1455 mutex_exit(&outbound->isaf_lock); 1456 1457 if (rc != 0) { 1458 mutex_exit(&inbound->isaf_lock); 1459 IPSA_REFRELE(newbie); 1460 sadb_pfkey_error(espstack->esp_pfkey_q, mp, rc, 1461 SADB_X_DIAGNOSTIC_NONE, ksi->ks_in_serial); 1462 return; 1463 } 1464 1465 1466 /* Can write here because I'm still holding the bucket lock. */ 1467 newbie->ipsa_type = SADB_SATYPE_ESP; 1468 1469 /* 1470 * Construct successful return message. We have one thing going 1471 * for us in PF_KEY v2. That's the fact that 1472 * sizeof (sadb_spirange_t) == sizeof (sadb_sa_t) 1473 */ 1474 assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SPIRANGE]; 1475 assoc->sadb_sa_exttype = SADB_EXT_SA; 1476 assoc->sadb_sa_spi = newbie->ipsa_spi; 1477 *((uint64_t *)(&assoc->sadb_sa_replay)) = 0; 1478 mutex_exit(&inbound->isaf_lock); 1479 1480 /* Convert KEYSOCK_IN to KEYSOCK_OUT. */ 1481 kso = (keysock_out_t *)ksi; 1482 kso->ks_out_len = sizeof (*kso); 1483 kso->ks_out_serial = ksi->ks_in_serial; 1484 kso->ks_out_type = KEYSOCK_OUT; 1485 1486 /* 1487 * Can safely putnext() to esp_pfkey_q, because this is a turnaround 1488 * from the esp_pfkey_q. 1489 */ 1490 putnext(espstack->esp_pfkey_q, mp); 1491 } 1492 1493 /* 1494 * Insert the ESP header into a packet. Duplicate an mblk, and insert a newly 1495 * allocated mblk with the ESP header in between the two. 1496 */ 1497 static boolean_t 1498 esp_insert_esp(mblk_t *mp, mblk_t *esp_mp, uint_t divpoint, 1499 ipsecesp_stack_t *espstack) 1500 { 1501 mblk_t *split_mp = mp; 1502 uint_t wheretodiv = divpoint; 1503 1504 while ((split_mp->b_wptr - split_mp->b_rptr) < wheretodiv) { 1505 wheretodiv -= (split_mp->b_wptr - split_mp->b_rptr); 1506 split_mp = split_mp->b_cont; 1507 ASSERT(split_mp != NULL); 1508 } 1509 1510 if (split_mp->b_wptr - split_mp->b_rptr != wheretodiv) { 1511 mblk_t *scratch; 1512 1513 /* "scratch" is the 2nd half, split_mp is the first. */ 1514 scratch = dupb(split_mp); 1515 if (scratch == NULL) { 1516 esp1dbg(espstack, 1517 ("esp_insert_esp: can't allocate scratch.\n")); 1518 return (B_FALSE); 1519 } 1520 /* NOTE: dupb() doesn't set b_cont appropriately. */ 1521 scratch->b_cont = split_mp->b_cont; 1522 scratch->b_rptr += wheretodiv; 1523 split_mp->b_wptr = split_mp->b_rptr + wheretodiv; 1524 split_mp->b_cont = scratch; 1525 } 1526 /* 1527 * At this point, split_mp is exactly "wheretodiv" bytes long, and 1528 * holds the end of the pre-ESP part of the datagram. 1529 */ 1530 esp_mp->b_cont = split_mp->b_cont; 1531 split_mp->b_cont = esp_mp; 1532 1533 return (B_TRUE); 1534 } 1535 1536 /* 1537 * Section 7 of RFC 3947 says: 1538 * 1539 * 7. Recovering from the Expiring NAT Mappings 1540 * 1541 * There are cases where NAT box decides to remove mappings that are still 1542 * alive (for example, when the keepalive interval is too long, or when the 1543 * NAT box is rebooted). To recover from this, ends that are NOT behind 1544 * NAT SHOULD use the last valid UDP encapsulated IKE or IPsec packet from 1545 * the other end to determine which IP and port addresses should be used. 1546 * The host behind dynamic NAT MUST NOT do this, as otherwise it opens a 1547 * DoS attack possibility because the IP address or port of the other host 1548 * will not change (it is not behind NAT). 1549 * 1550 * Keepalives cannot be used for these purposes, as they are not 1551 * authenticated, but any IKE authenticated IKE packet or ESP packet can be 1552 * used to detect whether the IP address or the port has changed. 1553 * 1554 * The following function will check an SA and its explicitly-set pair to see 1555 * if the NAT-T remote port matches the received packet (which must have 1556 * passed ESP authentication, see esp_in_done() for the caller context). If 1557 * there is a mismatch, the SAs are updated. It is not important if we race 1558 * with a transmitting thread, as if there is a transmitting thread, it will 1559 * merely emit a packet that will most-likely be dropped. 1560 * 1561 * "ports" are ordered src,dst, and assoc is an inbound SA, where src should 1562 * match ipsa_remote_nat_port and dst should match ipsa_local_nat_port. 1563 */ 1564 #ifdef _LITTLE_ENDIAN 1565 #define FIRST_16(x) ((x) & 0xFFFF) 1566 #define NEXT_16(x) (((x) >> 16) & 0xFFFF) 1567 #else 1568 #define FIRST_16(x) (((x) >> 16) & 0xFFFF) 1569 #define NEXT_16(x) ((x) & 0xFFFF) 1570 #endif 1571 static void 1572 esp_port_freshness(uint32_t ports, ipsa_t *assoc) 1573 { 1574 uint16_t remote = FIRST_16(ports); 1575 uint16_t local = NEXT_16(ports); 1576 ipsa_t *outbound_peer; 1577 isaf_t *bucket; 1578 ipsecesp_stack_t *espstack = assoc->ipsa_netstack->netstack_ipsecesp; 1579 1580 /* We found a conn_t, therefore local != 0. */ 1581 ASSERT(local != 0); 1582 /* Assume an IPv4 SA. */ 1583 ASSERT(assoc->ipsa_addrfam == AF_INET); 1584 1585 /* 1586 * On-the-wire rport == 0 means something's very wrong. 1587 * An unpaired SA is also useless to us. 1588 * If we are behind the NAT, don't bother. 1589 * A zero local NAT port defaults to 4500, so check that too. 1590 * And, of course, if the ports already match, we don't need to 1591 * bother. 1592 */ 1593 if (remote == 0 || assoc->ipsa_otherspi == 0 || 1594 (assoc->ipsa_flags & IPSA_F_BEHIND_NAT) || 1595 (assoc->ipsa_remote_nat_port == 0 && 1596 remote == htons(IPPORT_IKE_NATT)) || 1597 remote == assoc->ipsa_remote_nat_port) 1598 return; 1599 1600 /* Try and snag the peer. NOTE: Assume IPv4 for now. */ 1601 bucket = OUTBOUND_BUCKET_V4(&(espstack->esp_sadb.s_v4), 1602 assoc->ipsa_srcaddr[0]); 1603 mutex_enter(&bucket->isaf_lock); 1604 outbound_peer = ipsec_getassocbyspi(bucket, assoc->ipsa_otherspi, 1605 assoc->ipsa_dstaddr, assoc->ipsa_srcaddr, AF_INET); 1606 mutex_exit(&bucket->isaf_lock); 1607 1608 /* We probably lost a race to a deleting or expiring thread. */ 1609 if (outbound_peer == NULL) 1610 return; 1611 1612 /* 1613 * Hold the mutexes for both SAs so we don't race another inbound 1614 * thread. A lock-entry order shouldn't matter, since all other 1615 * per-ipsa locks are individually held-then-released. 1616 * 1617 * Luckily, this has nothing to do with the remote-NAT address, 1618 * so we don't have to re-scribble the cached-checksum differential. 1619 */ 1620 mutex_enter(&outbound_peer->ipsa_lock); 1621 mutex_enter(&assoc->ipsa_lock); 1622 outbound_peer->ipsa_remote_nat_port = assoc->ipsa_remote_nat_port = 1623 remote; 1624 mutex_exit(&assoc->ipsa_lock); 1625 mutex_exit(&outbound_peer->ipsa_lock); 1626 IPSA_REFRELE(outbound_peer); 1627 ESP_BUMP_STAT(espstack, sa_port_renumbers); 1628 } 1629 /* 1630 * Finish processing of an inbound ESP packet after processing by the 1631 * crypto framework. 1632 * - Remove the ESP header. 1633 * - Send packet back to IP. 1634 * If authentication was performed on the packet, this function is called 1635 * only if the authentication succeeded. 1636 * On success returns B_TRUE, on failure returns B_FALSE and frees the 1637 * mblk chain data_mp. 1638 */ 1639 static mblk_t * 1640 esp_in_done(mblk_t *data_mp, ip_recv_attr_t *ira, ipsec_crypto_t *ic) 1641 { 1642 ipsa_t *assoc; 1643 uint_t espstart; 1644 uint32_t ivlen = 0; 1645 uint_t processed_len; 1646 esph_t *esph; 1647 kstat_named_t *counter; 1648 boolean_t is_natt; 1649 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack; 1650 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1651 ipsec_stack_t *ipss = ns->netstack_ipsec; 1652 1653 assoc = ira->ira_ipsec_esp_sa; 1654 ASSERT(assoc != NULL); 1655 1656 is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0); 1657 1658 /* get the pointer to the ESP header */ 1659 if (assoc->ipsa_encr_alg == SADB_EALG_NULL) { 1660 /* authentication-only ESP */ 1661 espstart = ic->ic_crypto_data.cd_offset; 1662 processed_len = ic->ic_crypto_data.cd_length; 1663 } else { 1664 /* encryption present */ 1665 ivlen = assoc->ipsa_iv_len; 1666 if (assoc->ipsa_auth_alg == SADB_AALG_NONE) { 1667 /* encryption-only ESP */ 1668 espstart = ic->ic_crypto_data.cd_offset - 1669 sizeof (esph_t) - assoc->ipsa_iv_len; 1670 processed_len = ic->ic_crypto_data.cd_length + 1671 ivlen; 1672 } else { 1673 /* encryption with authentication */ 1674 espstart = ic->ic_crypto_dual_data.dd_offset1; 1675 processed_len = ic->ic_crypto_dual_data.dd_len2 + 1676 ivlen; 1677 } 1678 } 1679 1680 esph = (esph_t *)(data_mp->b_rptr + espstart); 1681 1682 if (assoc->ipsa_auth_alg != IPSA_AALG_NONE || 1683 (assoc->ipsa_flags & IPSA_F_COMBINED)) { 1684 /* 1685 * Authentication passed if we reach this point. 1686 * Packets with authentication will have the ICV 1687 * after the crypto data. Adjust b_wptr before 1688 * making padlen checks. 1689 */ 1690 ESP_BUMP_STAT(espstack, good_auth); 1691 data_mp->b_wptr -= assoc->ipsa_mac_len; 1692 1693 /* 1694 * Check replay window here! 1695 * For right now, assume keysock will set the replay window 1696 * size to zero for SAs that have an unspecified sender. 1697 * This may change... 1698 */ 1699 1700 if (!sadb_replay_check(assoc, esph->esph_replay)) { 1701 /* 1702 * Log the event. As of now we print out an event. 1703 * Do not print the replay failure number, or else 1704 * syslog cannot collate the error messages. Printing 1705 * the replay number that failed opens a denial-of- 1706 * service attack. 1707 */ 1708 ipsec_assocfailure(info.mi_idnum, 0, 0, 1709 SL_ERROR | SL_WARN, 1710 "Replay failed for ESP spi 0x%x, dst %s.\n", 1711 assoc->ipsa_spi, assoc->ipsa_dstaddr, 1712 assoc->ipsa_addrfam, espstack->ipsecesp_netstack); 1713 ESP_BUMP_STAT(espstack, replay_failures); 1714 counter = DROPPER(ipss, ipds_esp_replay); 1715 goto drop_and_bail; 1716 } 1717 1718 if (is_natt) { 1719 ASSERT(ira->ira_flags & IRAF_ESP_UDP_PORTS); 1720 ASSERT(ira->ira_esp_udp_ports != 0); 1721 esp_port_freshness(ira->ira_esp_udp_ports, assoc); 1722 } 1723 } 1724 1725 esp_set_usetime(assoc, B_TRUE); 1726 1727 if (!esp_age_bytes(assoc, processed_len, B_TRUE)) { 1728 /* The ipsa has hit hard expiration, LOG and AUDIT. */ 1729 ipsec_assocfailure(info.mi_idnum, 0, 0, 1730 SL_ERROR | SL_WARN, 1731 "ESP association 0x%x, dst %s had bytes expire.\n", 1732 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam, 1733 espstack->ipsecesp_netstack); 1734 ESP_BUMP_STAT(espstack, bytes_expired); 1735 counter = DROPPER(ipss, ipds_esp_bytes_expire); 1736 goto drop_and_bail; 1737 } 1738 1739 /* 1740 * Remove ESP header and padding from packet. I hope the compiler 1741 * spews "branch, predict taken" code for this. 1742 */ 1743 1744 if (esp_strip_header(data_mp, (ira->ira_flags & IRAF_IS_IPV4), 1745 ivlen, &counter, espstack)) { 1746 1747 if (is_system_labeled() && assoc->ipsa_tsl != NULL) { 1748 if (!ip_recv_attr_replace_label(ira, assoc->ipsa_tsl)) { 1749 ip_drop_packet(data_mp, B_TRUE, ira->ira_ill, 1750 DROPPER(ipss, ipds_ah_nomem), 1751 &espstack->esp_dropper); 1752 BUMP_MIB(ira->ira_ill->ill_ip_mib, 1753 ipIfStatsInDiscards); 1754 return (NULL); 1755 } 1756 } 1757 if (is_natt) 1758 return (esp_fix_natt_checksums(data_mp, assoc)); 1759 1760 if (assoc->ipsa_state == IPSA_STATE_IDLE) { 1761 /* 1762 * Cluster buffering case. Tell caller that we're 1763 * handling the packet. 1764 */ 1765 sadb_buf_pkt(assoc, data_mp, ira); 1766 return (NULL); 1767 } 1768 1769 return (data_mp); 1770 } 1771 1772 esp1dbg(espstack, ("esp_in_done: esp_strip_header() failed\n")); 1773 drop_and_bail: 1774 IP_ESP_BUMP_STAT(ipss, in_discards); 1775 ip_drop_packet(data_mp, B_TRUE, ira->ira_ill, counter, 1776 &espstack->esp_dropper); 1777 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards); 1778 return (NULL); 1779 } 1780 1781 /* 1782 * Called upon failing the inbound ICV check. The message passed as 1783 * argument is freed. 1784 */ 1785 static void 1786 esp_log_bad_auth(mblk_t *mp, ip_recv_attr_t *ira) 1787 { 1788 ipsa_t *assoc = ira->ira_ipsec_esp_sa; 1789 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack; 1790 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1791 ipsec_stack_t *ipss = ns->netstack_ipsec; 1792 1793 /* 1794 * Log the event. Don't print to the console, block 1795 * potential denial-of-service attack. 1796 */ 1797 ESP_BUMP_STAT(espstack, bad_auth); 1798 1799 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 1800 "ESP Authentication failed for spi 0x%x, dst %s.\n", 1801 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam, 1802 espstack->ipsecesp_netstack); 1803 1804 IP_ESP_BUMP_STAT(ipss, in_discards); 1805 ip_drop_packet(mp, B_TRUE, ira->ira_ill, 1806 DROPPER(ipss, ipds_esp_bad_auth), 1807 &espstack->esp_dropper); 1808 } 1809 1810 1811 /* 1812 * Invoked for outbound packets after ESP processing. If the packet 1813 * also requires AH, performs the AH SA selection and AH processing. 1814 * Returns B_TRUE if the AH processing was not needed or if it was 1815 * performed successfully. Returns B_FALSE and consumes the passed mblk 1816 * if AH processing was required but could not be performed. 1817 * 1818 * Returns data_mp unless data_mp was consumed/queued. 1819 */ 1820 static mblk_t * 1821 esp_do_outbound_ah(mblk_t *data_mp, ip_xmit_attr_t *ixa) 1822 { 1823 ipsec_action_t *ap; 1824 1825 ap = ixa->ixa_ipsec_action; 1826 if (ap == NULL) { 1827 ipsec_policy_t *pp = ixa->ixa_ipsec_policy; 1828 ap = pp->ipsp_act; 1829 } 1830 1831 if (!ap->ipa_want_ah) 1832 return (data_mp); 1833 1834 /* 1835 * Normally the AH SA would have already been put in place 1836 * but it could have been flushed so we need to look for it. 1837 */ 1838 if (ixa->ixa_ipsec_ah_sa == NULL) { 1839 if (!ipsec_outbound_sa(data_mp, ixa, IPPROTO_AH)) { 1840 sadb_acquire(data_mp, ixa, B_TRUE, B_FALSE); 1841 return (NULL); 1842 } 1843 } 1844 ASSERT(ixa->ixa_ipsec_ah_sa != NULL); 1845 1846 data_mp = ixa->ixa_ipsec_ah_sa->ipsa_output_func(data_mp, ixa); 1847 return (data_mp); 1848 } 1849 1850 1851 /* 1852 * Kernel crypto framework callback invoked after completion of async 1853 * crypto requests for outbound packets. 1854 */ 1855 static void 1856 esp_kcf_callback_outbound(void *arg, int status) 1857 { 1858 mblk_t *mp = (mblk_t *)arg; 1859 mblk_t *async_mp; 1860 netstack_t *ns; 1861 ipsec_stack_t *ipss; 1862 ipsecesp_stack_t *espstack; 1863 mblk_t *data_mp; 1864 ip_xmit_attr_t ixas; 1865 ipsec_crypto_t *ic; 1866 ill_t *ill; 1867 1868 /* 1869 * First remove the ipsec_crypto_t mblk 1870 * Note that we need to ipsec_free_crypto_data(mp) once done with ic. 1871 */ 1872 async_mp = ipsec_remove_crypto_data(mp, &ic); 1873 ASSERT(async_mp != NULL); 1874 1875 /* 1876 * Extract the ip_xmit_attr_t from the first mblk. 1877 * Verifies that the netstack and ill is still around; could 1878 * have vanished while kEf was doing its work. 1879 * On succesful return we have a nce_t and the ill/ipst can't 1880 * disappear until we do the nce_refrele in ixa_cleanup. 1881 */ 1882 data_mp = async_mp->b_cont; 1883 async_mp->b_cont = NULL; 1884 if (!ip_xmit_attr_from_mblk(async_mp, &ixas)) { 1885 /* Disappeared on us - no ill/ipst for MIB */ 1886 /* We have nowhere to do stats since ixa_ipst could be NULL */ 1887 if (ixas.ixa_nce != NULL) { 1888 ill = ixas.ixa_nce->nce_ill; 1889 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 1890 ip_drop_output("ipIfStatsOutDiscards", data_mp, ill); 1891 } 1892 freemsg(data_mp); 1893 goto done; 1894 } 1895 ns = ixas.ixa_ipst->ips_netstack; 1896 espstack = ns->netstack_ipsecesp; 1897 ipss = ns->netstack_ipsec; 1898 ill = ixas.ixa_nce->nce_ill; 1899 1900 if (status == CRYPTO_SUCCESS) { 1901 /* 1902 * If a ICV was computed, it was stored by the 1903 * crypto framework at the end of the packet. 1904 */ 1905 ipha_t *ipha = (ipha_t *)data_mp->b_rptr; 1906 1907 esp_set_usetime(ixas.ixa_ipsec_esp_sa, B_FALSE); 1908 /* NAT-T packet. */ 1909 if (IPH_HDR_VERSION(ipha) == IP_VERSION && 1910 ipha->ipha_protocol == IPPROTO_UDP) 1911 esp_prepare_udp(ns, data_mp, ipha); 1912 1913 /* do AH processing if needed */ 1914 data_mp = esp_do_outbound_ah(data_mp, &ixas); 1915 if (data_mp == NULL) 1916 goto done; 1917 1918 (void) ip_output_post_ipsec(data_mp, &ixas); 1919 } else { 1920 /* Outbound shouldn't see invalid MAC */ 1921 ASSERT(status != CRYPTO_INVALID_MAC); 1922 1923 esp1dbg(espstack, 1924 ("esp_kcf_callback_outbound: crypto failed with 0x%x\n", 1925 status)); 1926 ESP_BUMP_STAT(espstack, crypto_failures); 1927 ESP_BUMP_STAT(espstack, out_discards); 1928 ip_drop_packet(data_mp, B_FALSE, ill, 1929 DROPPER(ipss, ipds_esp_crypto_failed), 1930 &espstack->esp_dropper); 1931 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 1932 } 1933 done: 1934 ixa_cleanup(&ixas); 1935 (void) ipsec_free_crypto_data(mp); 1936 } 1937 1938 /* 1939 * Kernel crypto framework callback invoked after completion of async 1940 * crypto requests for inbound packets. 1941 */ 1942 static void 1943 esp_kcf_callback_inbound(void *arg, int status) 1944 { 1945 mblk_t *mp = (mblk_t *)arg; 1946 mblk_t *async_mp; 1947 netstack_t *ns; 1948 ipsecesp_stack_t *espstack; 1949 ipsec_stack_t *ipss; 1950 mblk_t *data_mp; 1951 ip_recv_attr_t iras; 1952 ipsec_crypto_t *ic; 1953 1954 /* 1955 * First remove the ipsec_crypto_t mblk 1956 * Note that we need to ipsec_free_crypto_data(mp) once done with ic. 1957 */ 1958 async_mp = ipsec_remove_crypto_data(mp, &ic); 1959 ASSERT(async_mp != NULL); 1960 1961 /* 1962 * Extract the ip_recv_attr_t from the first mblk. 1963 * Verifies that the netstack and ill is still around; could 1964 * have vanished while kEf was doing its work. 1965 */ 1966 data_mp = async_mp->b_cont; 1967 async_mp->b_cont = NULL; 1968 if (!ip_recv_attr_from_mblk(async_mp, &iras)) { 1969 /* The ill or ip_stack_t disappeared on us */ 1970 ip_drop_input("ip_recv_attr_from_mblk", data_mp, NULL); 1971 freemsg(data_mp); 1972 goto done; 1973 } 1974 1975 ns = iras.ira_ill->ill_ipst->ips_netstack; 1976 espstack = ns->netstack_ipsecesp; 1977 ipss = ns->netstack_ipsec; 1978 1979 if (status == CRYPTO_SUCCESS) { 1980 data_mp = esp_in_done(data_mp, &iras, ic); 1981 if (data_mp == NULL) 1982 goto done; 1983 1984 /* finish IPsec processing */ 1985 ip_input_post_ipsec(data_mp, &iras); 1986 } else if (status == CRYPTO_INVALID_MAC) { 1987 esp_log_bad_auth(data_mp, &iras); 1988 } else { 1989 esp1dbg(espstack, 1990 ("esp_kcf_callback: crypto failed with 0x%x\n", 1991 status)); 1992 ESP_BUMP_STAT(espstack, crypto_failures); 1993 IP_ESP_BUMP_STAT(ipss, in_discards); 1994 ip_drop_packet(data_mp, B_TRUE, iras.ira_ill, 1995 DROPPER(ipss, ipds_esp_crypto_failed), 1996 &espstack->esp_dropper); 1997 BUMP_MIB(iras.ira_ill->ill_ip_mib, ipIfStatsInDiscards); 1998 } 1999 done: 2000 ira_cleanup(&iras, B_TRUE); 2001 (void) ipsec_free_crypto_data(mp); 2002 } 2003 2004 /* 2005 * Invoked on crypto framework failure during inbound and outbound processing. 2006 */ 2007 static void 2008 esp_crypto_failed(mblk_t *data_mp, boolean_t is_inbound, int kef_rc, 2009 ill_t *ill, ipsecesp_stack_t *espstack) 2010 { 2011 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 2012 2013 esp1dbg(espstack, ("crypto failed for %s ESP with 0x%x\n", 2014 is_inbound ? "inbound" : "outbound", kef_rc)); 2015 ip_drop_packet(data_mp, is_inbound, ill, 2016 DROPPER(ipss, ipds_esp_crypto_failed), 2017 &espstack->esp_dropper); 2018 ESP_BUMP_STAT(espstack, crypto_failures); 2019 if (is_inbound) 2020 IP_ESP_BUMP_STAT(ipss, in_discards); 2021 else 2022 ESP_BUMP_STAT(espstack, out_discards); 2023 } 2024 2025 /* 2026 * A statement-equivalent macro, _cr MUST point to a modifiable 2027 * crypto_call_req_t. 2028 */ 2029 #define ESP_INIT_CALLREQ(_cr, _mp, _callback) \ 2030 (_cr)->cr_flag = CRYPTO_SKIP_REQID|CRYPTO_ALWAYS_QUEUE; \ 2031 (_cr)->cr_callback_arg = (_mp); \ 2032 (_cr)->cr_callback_func = (_callback) 2033 2034 #define ESP_INIT_CRYPTO_MAC(mac, icvlen, icvbuf) { \ 2035 (mac)->cd_format = CRYPTO_DATA_RAW; \ 2036 (mac)->cd_offset = 0; \ 2037 (mac)->cd_length = icvlen; \ 2038 (mac)->cd_raw.iov_base = (char *)icvbuf; \ 2039 (mac)->cd_raw.iov_len = icvlen; \ 2040 } 2041 2042 #define ESP_INIT_CRYPTO_DATA(data, mp, off, len) { \ 2043 if (MBLKL(mp) >= (len) + (off)) { \ 2044 (data)->cd_format = CRYPTO_DATA_RAW; \ 2045 (data)->cd_raw.iov_base = (char *)(mp)->b_rptr; \ 2046 (data)->cd_raw.iov_len = MBLKL(mp); \ 2047 (data)->cd_offset = off; \ 2048 } else { \ 2049 (data)->cd_format = CRYPTO_DATA_MBLK; \ 2050 (data)->cd_mp = mp; \ 2051 (data)->cd_offset = off; \ 2052 } \ 2053 (data)->cd_length = len; \ 2054 } 2055 2056 #define ESP_INIT_CRYPTO_DUAL_DATA(data, mp, off1, len1, off2, len2) { \ 2057 (data)->dd_format = CRYPTO_DATA_MBLK; \ 2058 (data)->dd_mp = mp; \ 2059 (data)->dd_len1 = len1; \ 2060 (data)->dd_offset1 = off1; \ 2061 (data)->dd_len2 = len2; \ 2062 (data)->dd_offset2 = off2; \ 2063 } 2064 2065 /* 2066 * Returns data_mp if successfully completed the request. Returns 2067 * NULL if it failed (and increments InDiscards) or if it is pending. 2068 */ 2069 static mblk_t * 2070 esp_submit_req_inbound(mblk_t *esp_mp, ip_recv_attr_t *ira, 2071 ipsa_t *assoc, uint_t esph_offset) 2072 { 2073 uint_t auth_offset, msg_len, auth_len; 2074 crypto_call_req_t call_req, *callrp; 2075 mblk_t *mp; 2076 esph_t *esph_ptr; 2077 int kef_rc; 2078 uint_t icv_len = assoc->ipsa_mac_len; 2079 crypto_ctx_template_t auth_ctx_tmpl; 2080 boolean_t do_auth, do_encr, force; 2081 uint_t encr_offset, encr_len; 2082 uint_t iv_len = assoc->ipsa_iv_len; 2083 crypto_ctx_template_t encr_ctx_tmpl; 2084 ipsec_crypto_t *ic, icstack; 2085 uchar_t *iv_ptr; 2086 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack; 2087 ipsec_stack_t *ipss = ns->netstack_ipsec; 2088 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 2089 2090 do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE; 2091 do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL; 2092 force = (assoc->ipsa_flags & IPSA_F_ASYNC); 2093 2094 #ifdef IPSEC_LATENCY_TEST 2095 kef_rc = CRYPTO_SUCCESS; 2096 #else 2097 kef_rc = CRYPTO_FAILED; 2098 #endif 2099 2100 /* 2101 * An inbound packet is of the form: 2102 * [IP,options,ESP,IV,data,ICV,pad] 2103 */ 2104 esph_ptr = (esph_t *)(esp_mp->b_rptr + esph_offset); 2105 iv_ptr = (uchar_t *)(esph_ptr + 1); 2106 /* Packet length starting at IP header ending after ESP ICV. */ 2107 msg_len = MBLKL(esp_mp); 2108 2109 encr_offset = esph_offset + sizeof (esph_t) + iv_len; 2110 encr_len = msg_len - encr_offset; 2111 2112 /* 2113 * Counter mode algs need a nonce. This is setup in sadb_common_add(). 2114 * If for some reason we are using a SA which does not have a nonce 2115 * then we must fail here. 2116 */ 2117 if ((assoc->ipsa_flags & IPSA_F_COUNTERMODE) && 2118 (assoc->ipsa_nonce == NULL)) { 2119 ip_drop_packet(esp_mp, B_TRUE, ira->ira_ill, 2120 DROPPER(ipss, ipds_esp_nomem), &espstack->esp_dropper); 2121 return (NULL); 2122 } 2123 2124 if (force) { 2125 /* We are doing asynch; allocate mblks to hold state */ 2126 if ((mp = ip_recv_attr_to_mblk(ira)) == NULL || 2127 (mp = ipsec_add_crypto_data(mp, &ic)) == NULL) { 2128 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards); 2129 ip_drop_input("ipIfStatsInDiscards", esp_mp, 2130 ira->ira_ill); 2131 return (NULL); 2132 } 2133 linkb(mp, esp_mp); 2134 callrp = &call_req; 2135 ESP_INIT_CALLREQ(callrp, mp, esp_kcf_callback_inbound); 2136 } else { 2137 /* 2138 * If we know we are going to do sync then ipsec_crypto_t 2139 * should be on the stack. 2140 */ 2141 ic = &icstack; 2142 bzero(ic, sizeof (*ic)); 2143 callrp = NULL; 2144 } 2145 2146 if (do_auth) { 2147 /* authentication context template */ 2148 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH, 2149 auth_ctx_tmpl); 2150 2151 /* ICV to be verified */ 2152 ESP_INIT_CRYPTO_MAC(&ic->ic_crypto_mac, 2153 icv_len, esp_mp->b_wptr - icv_len); 2154 2155 /* authentication starts at the ESP header */ 2156 auth_offset = esph_offset; 2157 auth_len = msg_len - auth_offset - icv_len; 2158 if (!do_encr) { 2159 /* authentication only */ 2160 /* initialize input data argument */ 2161 ESP_INIT_CRYPTO_DATA(&ic->ic_crypto_data, 2162 esp_mp, auth_offset, auth_len); 2163 2164 /* call the crypto framework */ 2165 kef_rc = crypto_mac_verify(&assoc->ipsa_amech, 2166 &ic->ic_crypto_data, 2167 &assoc->ipsa_kcfauthkey, auth_ctx_tmpl, 2168 &ic->ic_crypto_mac, callrp); 2169 } 2170 } 2171 2172 if (do_encr) { 2173 /* encryption template */ 2174 IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR, 2175 encr_ctx_tmpl); 2176 2177 /* Call the nonce update function. Also passes in IV */ 2178 (assoc->ipsa_noncefunc)(assoc, (uchar_t *)esph_ptr, encr_len, 2179 iv_ptr, &ic->ic_cmm, &ic->ic_crypto_data); 2180 2181 if (!do_auth) { 2182 /* decryption only */ 2183 /* initialize input data argument */ 2184 ESP_INIT_CRYPTO_DATA(&ic->ic_crypto_data, 2185 esp_mp, encr_offset, encr_len); 2186 2187 /* call the crypto framework */ 2188 kef_rc = crypto_decrypt((crypto_mechanism_t *) 2189 &ic->ic_cmm, &ic->ic_crypto_data, 2190 &assoc->ipsa_kcfencrkey, encr_ctx_tmpl, 2191 NULL, callrp); 2192 } 2193 } 2194 2195 if (do_auth && do_encr) { 2196 /* dual operation */ 2197 /* initialize input data argument */ 2198 ESP_INIT_CRYPTO_DUAL_DATA(&ic->ic_crypto_dual_data, 2199 esp_mp, auth_offset, auth_len, 2200 encr_offset, encr_len - icv_len); 2201 2202 /* specify IV */ 2203 ic->ic_crypto_dual_data.dd_miscdata = (char *)iv_ptr; 2204 2205 /* call the framework */ 2206 kef_rc = crypto_mac_verify_decrypt(&assoc->ipsa_amech, 2207 &assoc->ipsa_emech, &ic->ic_crypto_dual_data, 2208 &assoc->ipsa_kcfauthkey, &assoc->ipsa_kcfencrkey, 2209 auth_ctx_tmpl, encr_ctx_tmpl, &ic->ic_crypto_mac, 2210 NULL, callrp); 2211 } 2212 2213 switch (kef_rc) { 2214 case CRYPTO_SUCCESS: 2215 ESP_BUMP_STAT(espstack, crypto_sync); 2216 esp_mp = esp_in_done(esp_mp, ira, ic); 2217 if (force) { 2218 /* Free mp after we are done with ic */ 2219 mp = ipsec_free_crypto_data(mp); 2220 (void) ip_recv_attr_free_mblk(mp); 2221 } 2222 return (esp_mp); 2223 case CRYPTO_QUEUED: 2224 /* esp_kcf_callback_inbound() will be invoked on completion */ 2225 ESP_BUMP_STAT(espstack, crypto_async); 2226 return (NULL); 2227 case CRYPTO_INVALID_MAC: 2228 if (force) { 2229 mp = ipsec_free_crypto_data(mp); 2230 esp_mp = ip_recv_attr_free_mblk(mp); 2231 } 2232 ESP_BUMP_STAT(espstack, crypto_sync); 2233 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards); 2234 esp_log_bad_auth(esp_mp, ira); 2235 /* esp_mp was passed to ip_drop_packet */ 2236 return (NULL); 2237 } 2238 2239 if (force) { 2240 mp = ipsec_free_crypto_data(mp); 2241 esp_mp = ip_recv_attr_free_mblk(mp); 2242 } 2243 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards); 2244 esp_crypto_failed(esp_mp, B_TRUE, kef_rc, ira->ira_ill, espstack); 2245 /* esp_mp was passed to ip_drop_packet */ 2246 return (NULL); 2247 } 2248 2249 /* 2250 * Compute the IP and UDP checksums -- common code for both keepalives and 2251 * actual ESP-in-UDP packets. Be flexible with multiple mblks because ESP 2252 * uses mblk-insertion to insert the UDP header. 2253 * TODO - If there is an easy way to prep a packet for HW checksums, make 2254 * it happen here. 2255 * Note that this is used before both before calling ip_output_simple and 2256 * in the esp datapath. The former could use IXAF_SET_ULP_CKSUM but not the 2257 * latter. 2258 */ 2259 static void 2260 esp_prepare_udp(netstack_t *ns, mblk_t *mp, ipha_t *ipha) 2261 { 2262 int offset; 2263 uint32_t cksum; 2264 uint16_t *arr; 2265 mblk_t *udpmp = mp; 2266 uint_t hlen = IPH_HDR_LENGTH(ipha); 2267 2268 ASSERT(MBLKL(mp) >= sizeof (ipha_t)); 2269 2270 ipha->ipha_hdr_checksum = 0; 2271 ipha->ipha_hdr_checksum = ip_csum_hdr(ipha); 2272 2273 if (ns->netstack_udp->us_do_checksum) { 2274 ASSERT(MBLKL(udpmp) >= sizeof (udpha_t)); 2275 /* arr points to the IP header. */ 2276 arr = (uint16_t *)ipha; 2277 IP_STAT(ns->netstack_ip, ip_out_sw_cksum); 2278 IP_STAT_UPDATE(ns->netstack_ip, ip_out_sw_cksum_bytes, 2279 ntohs(htons(ipha->ipha_length) - hlen)); 2280 /* arr[6-9] are the IP addresses. */ 2281 cksum = IP_UDP_CSUM_COMP + arr[6] + arr[7] + arr[8] + arr[9] + 2282 ntohs(htons(ipha->ipha_length) - hlen); 2283 cksum = IP_CSUM(mp, hlen, cksum); 2284 offset = hlen + UDP_CHECKSUM_OFFSET; 2285 while (offset >= MBLKL(udpmp)) { 2286 offset -= MBLKL(udpmp); 2287 udpmp = udpmp->b_cont; 2288 } 2289 /* arr points to the UDP header's checksum field. */ 2290 arr = (uint16_t *)(udpmp->b_rptr + offset); 2291 *arr = cksum; 2292 } 2293 } 2294 2295 /* 2296 * taskq handler so we can send the NAT-T keepalive on a separate thread. 2297 */ 2298 static void 2299 actually_send_keepalive(void *arg) 2300 { 2301 mblk_t *mp = (mblk_t *)arg; 2302 ip_xmit_attr_t ixas; 2303 netstack_t *ns; 2304 netstackid_t stackid; 2305 2306 stackid = (netstackid_t)(uintptr_t)mp->b_prev; 2307 mp->b_prev = NULL; 2308 ns = netstack_find_by_stackid(stackid); 2309 if (ns == NULL) { 2310 /* Disappeared */ 2311 ip_drop_output("ipIfStatsOutDiscards", mp, NULL); 2312 freemsg(mp); 2313 return; 2314 } 2315 2316 bzero(&ixas, sizeof (ixas)); 2317 ixas.ixa_zoneid = ALL_ZONES; 2318 ixas.ixa_cred = kcred; 2319 ixas.ixa_cpid = NOPID; 2320 ixas.ixa_tsl = NULL; 2321 ixas.ixa_ipst = ns->netstack_ip; 2322 /* No ULP checksum; done by esp_prepare_udp */ 2323 ixas.ixa_flags = (IXAF_IS_IPV4 | IXAF_NO_IPSEC | IXAF_VERIFY_SOURCE); 2324 2325 (void) ip_output_simple(mp, &ixas); 2326 ixa_cleanup(&ixas); 2327 netstack_rele(ns); 2328 } 2329 2330 /* 2331 * Send a one-byte UDP NAT-T keepalive. 2332 */ 2333 void 2334 ipsecesp_send_keepalive(ipsa_t *assoc) 2335 { 2336 mblk_t *mp; 2337 ipha_t *ipha; 2338 udpha_t *udpha; 2339 netstack_t *ns = assoc->ipsa_netstack; 2340 2341 ASSERT(MUTEX_NOT_HELD(&assoc->ipsa_lock)); 2342 2343 mp = allocb(sizeof (ipha_t) + sizeof (udpha_t) + 1, BPRI_HI); 2344 if (mp == NULL) 2345 return; 2346 ipha = (ipha_t *)mp->b_rptr; 2347 ipha->ipha_version_and_hdr_length = IP_SIMPLE_HDR_VERSION; 2348 ipha->ipha_type_of_service = 0; 2349 ipha->ipha_length = htons(sizeof (ipha_t) + sizeof (udpha_t) + 1); 2350 /* Use the low-16 of the SPI so we have some clue where it came from. */ 2351 ipha->ipha_ident = *(((uint16_t *)(&assoc->ipsa_spi)) + 1); 2352 ipha->ipha_fragment_offset_and_flags = 0; /* Too small to fragment! */ 2353 ipha->ipha_ttl = 0xFF; 2354 ipha->ipha_protocol = IPPROTO_UDP; 2355 ipha->ipha_hdr_checksum = 0; 2356 ipha->ipha_src = assoc->ipsa_srcaddr[0]; 2357 ipha->ipha_dst = assoc->ipsa_dstaddr[0]; 2358 udpha = (udpha_t *)(ipha + 1); 2359 udpha->uha_src_port = (assoc->ipsa_local_nat_port != 0) ? 2360 assoc->ipsa_local_nat_port : htons(IPPORT_IKE_NATT); 2361 udpha->uha_dst_port = (assoc->ipsa_remote_nat_port != 0) ? 2362 assoc->ipsa_remote_nat_port : htons(IPPORT_IKE_NATT); 2363 udpha->uha_length = htons(sizeof (udpha_t) + 1); 2364 udpha->uha_checksum = 0; 2365 mp->b_wptr = (uint8_t *)(udpha + 1); 2366 *(mp->b_wptr++) = 0xFF; 2367 2368 esp_prepare_udp(ns, mp, ipha); 2369 2370 /* 2371 * We're holding an isaf_t bucket lock, so pawn off the actual 2372 * packet transmission to another thread. Just in case syncq 2373 * processing causes a same-bucket packet to be processed. 2374 */ 2375 mp->b_prev = (mblk_t *)(uintptr_t)ns->netstack_stackid; 2376 2377 if (taskq_dispatch(esp_taskq, actually_send_keepalive, mp, 2378 TQ_NOSLEEP) == 0) { 2379 /* Assume no memory if taskq_dispatch() fails. */ 2380 mp->b_prev = NULL; 2381 ip_drop_packet(mp, B_FALSE, NULL, 2382 DROPPER(ns->netstack_ipsec, ipds_esp_nomem), 2383 &ns->netstack_ipsecesp->esp_dropper); 2384 } 2385 } 2386 2387 /* 2388 * Returns mp if successfully completed the request. Returns 2389 * NULL if it failed (and increments InDiscards) or if it is pending. 2390 */ 2391 static mblk_t * 2392 esp_submit_req_outbound(mblk_t *data_mp, ip_xmit_attr_t *ixa, ipsa_t *assoc, 2393 uchar_t *icv_buf, uint_t payload_len) 2394 { 2395 uint_t auth_len; 2396 crypto_call_req_t call_req, *callrp; 2397 mblk_t *esp_mp; 2398 esph_t *esph_ptr; 2399 mblk_t *mp; 2400 int kef_rc = CRYPTO_FAILED; 2401 uint_t icv_len = assoc->ipsa_mac_len; 2402 crypto_ctx_template_t auth_ctx_tmpl; 2403 boolean_t do_auth, do_encr, force; 2404 uint_t iv_len = assoc->ipsa_iv_len; 2405 crypto_ctx_template_t encr_ctx_tmpl; 2406 boolean_t is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0); 2407 size_t esph_offset = (is_natt ? UDPH_SIZE : 0); 2408 netstack_t *ns = ixa->ixa_ipst->ips_netstack; 2409 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 2410 ipsec_crypto_t *ic, icstack; 2411 uchar_t *iv_ptr; 2412 crypto_data_t *cd_ptr = NULL; 2413 ill_t *ill = ixa->ixa_nce->nce_ill; 2414 ipsec_stack_t *ipss = ns->netstack_ipsec; 2415 2416 esp3dbg(espstack, ("esp_submit_req_outbound:%s", 2417 is_natt ? "natt" : "not natt")); 2418 2419 do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL; 2420 do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE; 2421 force = (assoc->ipsa_flags & IPSA_F_ASYNC); 2422 2423 #ifdef IPSEC_LATENCY_TEST 2424 kef_rc = CRYPTO_SUCCESS; 2425 #else 2426 kef_rc = CRYPTO_FAILED; 2427 #endif 2428 2429 /* 2430 * Outbound IPsec packets are of the form: 2431 * [IP,options] -> [ESP,IV] -> [data] -> [pad,ICV] 2432 * unless it's NATT, then it's 2433 * [IP,options] -> [udp][ESP,IV] -> [data] -> [pad,ICV] 2434 * Get a pointer to the mblk containing the ESP header. 2435 */ 2436 ASSERT(data_mp->b_cont != NULL); 2437 esp_mp = data_mp->b_cont; 2438 esph_ptr = (esph_t *)(esp_mp->b_rptr + esph_offset); 2439 iv_ptr = (uchar_t *)(esph_ptr + 1); 2440 2441 /* 2442 * Combined mode algs need a nonce. This is setup in sadb_common_add(). 2443 * If for some reason we are using a SA which does not have a nonce 2444 * then we must fail here. 2445 */ 2446 if ((assoc->ipsa_flags & IPSA_F_COUNTERMODE) && 2447 (assoc->ipsa_nonce == NULL)) { 2448 ip_drop_packet(data_mp, B_FALSE, NULL, 2449 DROPPER(ipss, ipds_esp_nomem), &espstack->esp_dropper); 2450 return (NULL); 2451 } 2452 2453 if (force) { 2454 /* We are doing asynch; allocate mblks to hold state */ 2455 if ((mp = ip_xmit_attr_to_mblk(ixa)) == NULL || 2456 (mp = ipsec_add_crypto_data(mp, &ic)) == NULL) { 2457 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 2458 ip_drop_output("ipIfStatsOutDiscards", data_mp, ill); 2459 freemsg(data_mp); 2460 return (NULL); 2461 } 2462 2463 linkb(mp, data_mp); 2464 callrp = &call_req; 2465 ESP_INIT_CALLREQ(callrp, mp, esp_kcf_callback_outbound); 2466 } else { 2467 /* 2468 * If we know we are going to do sync then ipsec_crypto_t 2469 * should be on the stack. 2470 */ 2471 ic = &icstack; 2472 bzero(ic, sizeof (*ic)); 2473 callrp = NULL; 2474 } 2475 2476 2477 if (do_auth) { 2478 /* authentication context template */ 2479 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH, 2480 auth_ctx_tmpl); 2481 2482 /* where to store the computed mac */ 2483 ESP_INIT_CRYPTO_MAC(&ic->ic_crypto_mac, 2484 icv_len, icv_buf); 2485 2486 /* authentication starts at the ESP header */ 2487 auth_len = payload_len + iv_len + sizeof (esph_t); 2488 if (!do_encr) { 2489 /* authentication only */ 2490 /* initialize input data argument */ 2491 ESP_INIT_CRYPTO_DATA(&ic->ic_crypto_data, 2492 esp_mp, esph_offset, auth_len); 2493 2494 /* call the crypto framework */ 2495 kef_rc = crypto_mac(&assoc->ipsa_amech, 2496 &ic->ic_crypto_data, 2497 &assoc->ipsa_kcfauthkey, auth_ctx_tmpl, 2498 &ic->ic_crypto_mac, callrp); 2499 } 2500 } 2501 2502 if (do_encr) { 2503 /* encryption context template */ 2504 IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR, 2505 encr_ctx_tmpl); 2506 /* Call the nonce update function. */ 2507 (assoc->ipsa_noncefunc)(assoc, (uchar_t *)esph_ptr, payload_len, 2508 iv_ptr, &ic->ic_cmm, &ic->ic_crypto_data); 2509 2510 if (!do_auth) { 2511 /* encryption only, skip mblk that contains ESP hdr */ 2512 /* initialize input data argument */ 2513 ESP_INIT_CRYPTO_DATA(&ic->ic_crypto_data, 2514 esp_mp->b_cont, 0, payload_len); 2515 2516 /* 2517 * For combined mode ciphers, the ciphertext is the same 2518 * size as the clear text, the ICV should follow the 2519 * ciphertext. To convince the kcf to allow in-line 2520 * encryption, with an ICV, use ipsec_out_crypto_mac 2521 * to point to the same buffer as the data. The calling 2522 * function need to ensure the buffer is large enough to 2523 * include the ICV. 2524 * 2525 * The IV is already written to the packet buffer, the 2526 * nonce setup function copied it to the params struct 2527 * for the cipher to use. 2528 */ 2529 if (assoc->ipsa_flags & IPSA_F_COMBINED) { 2530 bcopy(&ic->ic_crypto_data, 2531 &ic->ic_crypto_mac, 2532 sizeof (crypto_data_t)); 2533 ic->ic_crypto_mac.cd_length = 2534 payload_len + icv_len; 2535 cd_ptr = &ic->ic_crypto_mac; 2536 } 2537 2538 /* call the crypto framework */ 2539 kef_rc = crypto_encrypt((crypto_mechanism_t *) 2540 &ic->ic_cmm, &ic->ic_crypto_data, 2541 &assoc->ipsa_kcfencrkey, encr_ctx_tmpl, 2542 cd_ptr, callrp); 2543 2544 } 2545 } 2546 2547 if (do_auth && do_encr) { 2548 /* 2549 * Encryption and authentication: 2550 * Pass the pointer to the mblk chain starting at the ESP 2551 * header to the framework. Skip the ESP header mblk 2552 * for encryption, which is reflected by an encryption 2553 * offset equal to the length of that mblk. Start 2554 * the authentication at the ESP header, i.e. use an 2555 * authentication offset of zero. 2556 */ 2557 ESP_INIT_CRYPTO_DUAL_DATA(&ic->ic_crypto_dual_data, 2558 esp_mp, MBLKL(esp_mp), payload_len, esph_offset, auth_len); 2559 2560 /* specify IV */ 2561 ic->ic_crypto_dual_data.dd_miscdata = (char *)iv_ptr; 2562 2563 /* call the framework */ 2564 kef_rc = crypto_encrypt_mac(&assoc->ipsa_emech, 2565 &assoc->ipsa_amech, NULL, 2566 &assoc->ipsa_kcfencrkey, &assoc->ipsa_kcfauthkey, 2567 encr_ctx_tmpl, auth_ctx_tmpl, 2568 &ic->ic_crypto_dual_data, 2569 &ic->ic_crypto_mac, callrp); 2570 } 2571 2572 switch (kef_rc) { 2573 case CRYPTO_SUCCESS: 2574 ESP_BUMP_STAT(espstack, crypto_sync); 2575 esp_set_usetime(assoc, B_FALSE); 2576 if (force) { 2577 mp = ipsec_free_crypto_data(mp); 2578 data_mp = ip_xmit_attr_free_mblk(mp); 2579 } 2580 if (is_natt) 2581 esp_prepare_udp(ns, data_mp, (ipha_t *)data_mp->b_rptr); 2582 return (data_mp); 2583 case CRYPTO_QUEUED: 2584 /* esp_kcf_callback_outbound() will be invoked on completion */ 2585 ESP_BUMP_STAT(espstack, crypto_async); 2586 return (NULL); 2587 } 2588 2589 if (force) { 2590 mp = ipsec_free_crypto_data(mp); 2591 data_mp = ip_xmit_attr_free_mblk(mp); 2592 } 2593 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 2594 esp_crypto_failed(data_mp, B_FALSE, kef_rc, NULL, espstack); 2595 /* data_mp was passed to ip_drop_packet */ 2596 return (NULL); 2597 } 2598 2599 /* 2600 * Handle outbound IPsec processing for IPv4 and IPv6 2601 * 2602 * Returns data_mp if successfully completed the request. Returns 2603 * NULL if it failed (and increments InDiscards) or if it is pending. 2604 */ 2605 static mblk_t * 2606 esp_outbound(mblk_t *data_mp, ip_xmit_attr_t *ixa) 2607 { 2608 mblk_t *espmp, *tailmp; 2609 ipha_t *ipha; 2610 ip6_t *ip6h; 2611 esph_t *esph_ptr, *iv_ptr; 2612 uint_t af; 2613 uint8_t *nhp; 2614 uintptr_t divpoint, datalen, adj, padlen, i, alloclen; 2615 uintptr_t esplen = sizeof (esph_t); 2616 uint8_t protocol; 2617 ipsa_t *assoc; 2618 uint_t iv_len, block_size, mac_len = 0; 2619 uchar_t *icv_buf; 2620 udpha_t *udpha; 2621 boolean_t is_natt = B_FALSE; 2622 netstack_t *ns = ixa->ixa_ipst->ips_netstack; 2623 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 2624 ipsec_stack_t *ipss = ns->netstack_ipsec; 2625 ill_t *ill = ixa->ixa_nce->nce_ill; 2626 boolean_t need_refrele = B_FALSE; 2627 2628 ESP_BUMP_STAT(espstack, out_requests); 2629 2630 /* 2631 * <sigh> We have to copy the message here, because TCP (for example) 2632 * keeps a dupb() of the message lying around for retransmission. 2633 * Since ESP changes the whole of the datagram, we have to create our 2634 * own copy lest we clobber TCP's data. Since we have to copy anyway, 2635 * we might as well make use of msgpullup() and get the mblk into one 2636 * contiguous piece! 2637 */ 2638 tailmp = msgpullup(data_mp, -1); 2639 if (tailmp == NULL) { 2640 esp0dbg(("esp_outbound: msgpullup() failed, " 2641 "dropping packet.\n")); 2642 ip_drop_packet(data_mp, B_FALSE, ill, 2643 DROPPER(ipss, ipds_esp_nomem), 2644 &espstack->esp_dropper); 2645 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 2646 return (NULL); 2647 } 2648 freemsg(data_mp); 2649 data_mp = tailmp; 2650 2651 assoc = ixa->ixa_ipsec_esp_sa; 2652 ASSERT(assoc != NULL); 2653 2654 /* 2655 * Get the outer IP header in shape to escape this system.. 2656 */ 2657 if (is_system_labeled() && (assoc->ipsa_otsl != NULL)) { 2658 /* 2659 * Need to update packet with any CIPSO option and update 2660 * ixa_tsl to capture the new label. 2661 * We allocate a separate ixa for that purpose. 2662 */ 2663 ixa = ip_xmit_attr_duplicate(ixa); 2664 if (ixa == NULL) { 2665 ip_drop_packet(data_mp, B_FALSE, ill, 2666 DROPPER(ipss, ipds_esp_nomem), 2667 &espstack->esp_dropper); 2668 return (NULL); 2669 } 2670 need_refrele = B_TRUE; 2671 2672 label_hold(assoc->ipsa_otsl); 2673 ip_xmit_attr_replace_tsl(ixa, assoc->ipsa_otsl); 2674 2675 data_mp = sadb_whack_label(data_mp, assoc, ixa, 2676 DROPPER(ipss, ipds_esp_nomem), &espstack->esp_dropper); 2677 if (data_mp == NULL) { 2678 /* Packet dropped by sadb_whack_label */ 2679 ixa_refrele(ixa); 2680 return (NULL); 2681 } 2682 } 2683 2684 /* 2685 * Reality check.... 2686 */ 2687 ipha = (ipha_t *)data_mp->b_rptr; /* So we can call esp_acquire(). */ 2688 2689 if (ixa->ixa_flags & IXAF_IS_IPV4) { 2690 ASSERT(IPH_HDR_VERSION(ipha) == IPV4_VERSION); 2691 2692 af = AF_INET; 2693 divpoint = IPH_HDR_LENGTH(ipha); 2694 datalen = ntohs(ipha->ipha_length) - divpoint; 2695 nhp = (uint8_t *)&ipha->ipha_protocol; 2696 } else { 2697 ip_pkt_t ipp; 2698 2699 ASSERT(IPH_HDR_VERSION(ipha) == IPV6_VERSION); 2700 2701 af = AF_INET6; 2702 ip6h = (ip6_t *)ipha; 2703 bzero(&ipp, sizeof (ipp)); 2704 divpoint = ip_find_hdr_v6(data_mp, ip6h, B_FALSE, &ipp, NULL); 2705 if (ipp.ipp_dstopts != NULL && 2706 ipp.ipp_dstopts->ip6d_nxt != IPPROTO_ROUTING) { 2707 /* 2708 * Destination options are tricky. If we get in here, 2709 * then we have a terminal header following the 2710 * destination options. We need to adjust backwards 2711 * so we insert ESP BEFORE the destination options 2712 * bag. (So that the dstopts get encrypted!) 2713 * 2714 * Since this is for outbound packets only, we know 2715 * that non-terminal destination options only precede 2716 * routing headers. 2717 */ 2718 divpoint -= ipp.ipp_dstoptslen; 2719 } 2720 datalen = ntohs(ip6h->ip6_plen) + sizeof (ip6_t) - divpoint; 2721 2722 if (ipp.ipp_rthdr != NULL) { 2723 nhp = &ipp.ipp_rthdr->ip6r_nxt; 2724 } else if (ipp.ipp_hopopts != NULL) { 2725 nhp = &ipp.ipp_hopopts->ip6h_nxt; 2726 } else { 2727 ASSERT(divpoint == sizeof (ip6_t)); 2728 /* It's probably IP + ESP. */ 2729 nhp = &ip6h->ip6_nxt; 2730 } 2731 } 2732 2733 mac_len = assoc->ipsa_mac_len; 2734 2735 if (assoc->ipsa_flags & IPSA_F_NATT) { 2736 /* wedge in UDP header */ 2737 is_natt = B_TRUE; 2738 esplen += UDPH_SIZE; 2739 } 2740 2741 /* 2742 * Set up ESP header and encryption padding for ENCR PI request. 2743 */ 2744 2745 /* Determine the padding length. Pad to 4-bytes for no-encryption. */ 2746 if (assoc->ipsa_encr_alg != SADB_EALG_NULL) { 2747 iv_len = assoc->ipsa_iv_len; 2748 block_size = assoc->ipsa_datalen; 2749 2750 /* 2751 * Pad the data to the length of the cipher block size. 2752 * Include the two additional bytes (hence the - 2) for the 2753 * padding length and the next header. Take this into account 2754 * when calculating the actual length of the padding. 2755 */ 2756 ASSERT(ISP2(iv_len)); 2757 padlen = ((unsigned)(block_size - datalen - 2)) & 2758 (block_size - 1); 2759 } else { 2760 iv_len = 0; 2761 padlen = ((unsigned)(sizeof (uint32_t) - datalen - 2)) & 2762 (sizeof (uint32_t) - 1); 2763 } 2764 2765 /* Allocate ESP header and IV. */ 2766 esplen += iv_len; 2767 2768 /* 2769 * Update association byte-count lifetimes. Don't forget to take 2770 * into account the padding length and next-header (hence the + 2). 2771 * 2772 * Use the amount of data fed into the "encryption algorithm". This 2773 * is the IV, the data length, the padding length, and the final two 2774 * bytes (padlen, and next-header). 2775 * 2776 */ 2777 2778 if (!esp_age_bytes(assoc, datalen + padlen + iv_len + 2, B_FALSE)) { 2779 ip_drop_packet(data_mp, B_FALSE, ill, 2780 DROPPER(ipss, ipds_esp_bytes_expire), 2781 &espstack->esp_dropper); 2782 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 2783 if (need_refrele) 2784 ixa_refrele(ixa); 2785 return (NULL); 2786 } 2787 2788 espmp = allocb(esplen, BPRI_HI); 2789 if (espmp == NULL) { 2790 ESP_BUMP_STAT(espstack, out_discards); 2791 esp1dbg(espstack, ("esp_outbound: can't allocate espmp.\n")); 2792 ip_drop_packet(data_mp, B_FALSE, ill, 2793 DROPPER(ipss, ipds_esp_nomem), 2794 &espstack->esp_dropper); 2795 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 2796 if (need_refrele) 2797 ixa_refrele(ixa); 2798 return (NULL); 2799 } 2800 espmp->b_wptr += esplen; 2801 esph_ptr = (esph_t *)espmp->b_rptr; 2802 2803 if (is_natt) { 2804 esp3dbg(espstack, ("esp_outbound: NATT")); 2805 2806 udpha = (udpha_t *)espmp->b_rptr; 2807 udpha->uha_src_port = (assoc->ipsa_local_nat_port != 0) ? 2808 assoc->ipsa_local_nat_port : htons(IPPORT_IKE_NATT); 2809 udpha->uha_dst_port = (assoc->ipsa_remote_nat_port != 0) ? 2810 assoc->ipsa_remote_nat_port : htons(IPPORT_IKE_NATT); 2811 /* 2812 * Set the checksum to 0, so that the esp_prepare_udp() call 2813 * can do the right thing. 2814 */ 2815 udpha->uha_checksum = 0; 2816 esph_ptr = (esph_t *)(udpha + 1); 2817 } 2818 2819 esph_ptr->esph_spi = assoc->ipsa_spi; 2820 2821 esph_ptr->esph_replay = htonl(atomic_add_32_nv(&assoc->ipsa_replay, 1)); 2822 if (esph_ptr->esph_replay == 0 && assoc->ipsa_replay_wsize != 0) { 2823 /* 2824 * XXX We have replay counter wrapping. 2825 * We probably want to nuke this SA (and its peer). 2826 */ 2827 ipsec_assocfailure(info.mi_idnum, 0, 0, 2828 SL_ERROR | SL_CONSOLE | SL_WARN, 2829 "Outbound ESP SA (0x%x, %s) has wrapped sequence.\n", 2830 esph_ptr->esph_spi, assoc->ipsa_dstaddr, af, 2831 espstack->ipsecesp_netstack); 2832 2833 ESP_BUMP_STAT(espstack, out_discards); 2834 sadb_replay_delete(assoc); 2835 ip_drop_packet(data_mp, B_FALSE, ill, 2836 DROPPER(ipss, ipds_esp_replay), 2837 &espstack->esp_dropper); 2838 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 2839 if (need_refrele) 2840 ixa_refrele(ixa); 2841 return (NULL); 2842 } 2843 2844 iv_ptr = (esph_ptr + 1); 2845 /* 2846 * iv_ptr points to the mblk which will contain the IV once we have 2847 * written it there. This mblk will be part of a mblk chain that 2848 * will make up the packet. 2849 * 2850 * For counter mode algorithms, the IV is a 64 bit quantity, it 2851 * must NEVER repeat in the lifetime of the SA, otherwise an 2852 * attacker who had recorded enough packets might be able to 2853 * determine some clear text. 2854 * 2855 * To ensure this does not happen, the IV is stored in the SA and 2856 * incremented for each packet, the IV is then copied into the 2857 * "packet" for transmission to the receiving system. The IV will 2858 * also be copied into the nonce, when the packet is encrypted. 2859 * 2860 * CBC mode algorithms use a random IV for each packet. We do not 2861 * require the highest quality random bits, but for best security 2862 * with CBC mode ciphers, the value must be unlikely to repeat and 2863 * must not be known in advance to an adversary capable of influencing 2864 * the clear text. 2865 */ 2866 if (!update_iv((uint8_t *)iv_ptr, espstack->esp_pfkey_q, assoc, 2867 espstack)) { 2868 ip_drop_packet(data_mp, B_FALSE, ill, 2869 DROPPER(ipss, ipds_esp_iv_wrap), &espstack->esp_dropper); 2870 if (need_refrele) 2871 ixa_refrele(ixa); 2872 return (NULL); 2873 } 2874 2875 /* Fix the IP header. */ 2876 alloclen = padlen + 2 + mac_len; 2877 adj = alloclen + (espmp->b_wptr - espmp->b_rptr); 2878 2879 protocol = *nhp; 2880 2881 if (ixa->ixa_flags & IXAF_IS_IPV4) { 2882 ipha->ipha_length = htons(ntohs(ipha->ipha_length) + adj); 2883 if (is_natt) { 2884 *nhp = IPPROTO_UDP; 2885 udpha->uha_length = htons(ntohs(ipha->ipha_length) - 2886 IPH_HDR_LENGTH(ipha)); 2887 } else { 2888 *nhp = IPPROTO_ESP; 2889 } 2890 ipha->ipha_hdr_checksum = 0; 2891 ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha); 2892 } else { 2893 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) + adj); 2894 *nhp = IPPROTO_ESP; 2895 } 2896 2897 /* I've got the two ESP mblks, now insert them. */ 2898 2899 esp2dbg(espstack, ("data_mp before outbound ESP adjustment:\n")); 2900 esp2dbg(espstack, (dump_msg(data_mp))); 2901 2902 if (!esp_insert_esp(data_mp, espmp, divpoint, espstack)) { 2903 ESP_BUMP_STAT(espstack, out_discards); 2904 /* NOTE: esp_insert_esp() only fails if there's no memory. */ 2905 ip_drop_packet(data_mp, B_FALSE, ill, 2906 DROPPER(ipss, ipds_esp_nomem), 2907 &espstack->esp_dropper); 2908 freeb(espmp); 2909 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 2910 if (need_refrele) 2911 ixa_refrele(ixa); 2912 return (NULL); 2913 } 2914 2915 /* Append padding (and leave room for ICV). */ 2916 for (tailmp = data_mp; tailmp->b_cont != NULL; tailmp = tailmp->b_cont) 2917 ; 2918 if (tailmp->b_wptr + alloclen > tailmp->b_datap->db_lim) { 2919 tailmp->b_cont = allocb(alloclen, BPRI_HI); 2920 if (tailmp->b_cont == NULL) { 2921 ESP_BUMP_STAT(espstack, out_discards); 2922 esp0dbg(("esp_outbound: Can't allocate tailmp.\n")); 2923 ip_drop_packet(data_mp, B_FALSE, ill, 2924 DROPPER(ipss, ipds_esp_nomem), 2925 &espstack->esp_dropper); 2926 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 2927 if (need_refrele) 2928 ixa_refrele(ixa); 2929 return (NULL); 2930 } 2931 tailmp = tailmp->b_cont; 2932 } 2933 2934 /* 2935 * If there's padding, N bytes of padding must be of the form 0x1, 2936 * 0x2, 0x3... 0xN. 2937 */ 2938 for (i = 0; i < padlen; ) { 2939 i++; 2940 *tailmp->b_wptr++ = i; 2941 } 2942 *tailmp->b_wptr++ = i; 2943 *tailmp->b_wptr++ = protocol; 2944 2945 esp2dbg(espstack, ("data_Mp before encryption:\n")); 2946 esp2dbg(espstack, (dump_msg(data_mp))); 2947 2948 /* 2949 * Okay. I've set up the pre-encryption ESP. Let's do it! 2950 */ 2951 2952 if (mac_len > 0) { 2953 ASSERT(tailmp->b_wptr + mac_len <= tailmp->b_datap->db_lim); 2954 icv_buf = tailmp->b_wptr; 2955 tailmp->b_wptr += mac_len; 2956 } else { 2957 icv_buf = NULL; 2958 } 2959 2960 data_mp = esp_submit_req_outbound(data_mp, ixa, assoc, icv_buf, 2961 datalen + padlen + 2); 2962 if (need_refrele) 2963 ixa_refrele(ixa); 2964 return (data_mp); 2965 } 2966 2967 /* 2968 * IP calls this to validate the ICMP errors that 2969 * we got from the network. 2970 */ 2971 mblk_t * 2972 ipsecesp_icmp_error(mblk_t *data_mp, ip_recv_attr_t *ira) 2973 { 2974 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack; 2975 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 2976 ipsec_stack_t *ipss = ns->netstack_ipsec; 2977 2978 /* 2979 * Unless we get an entire packet back, this function is useless. 2980 * Why? 2981 * 2982 * 1.) Partial packets are useless, because the "next header" 2983 * is at the end of the decrypted ESP packet. Without the 2984 * whole packet, this is useless. 2985 * 2986 * 2.) If we every use a stateful cipher, such as a stream or a 2987 * one-time pad, we can't do anything. 2988 * 2989 * Since the chances of us getting an entire packet back are very 2990 * very small, we discard here. 2991 */ 2992 IP_ESP_BUMP_STAT(ipss, in_discards); 2993 ip_drop_packet(data_mp, B_TRUE, ira->ira_ill, 2994 DROPPER(ipss, ipds_esp_icmp), 2995 &espstack->esp_dropper); 2996 return (NULL); 2997 } 2998 2999 /* 3000 * Construct an SADB_REGISTER message with the current algorithms. 3001 * This function gets called when 'ipsecalgs -s' is run or when 3002 * in.iked (or other KMD) starts. 3003 */ 3004 static boolean_t 3005 esp_register_out(uint32_t sequence, uint32_t pid, uint_t serial, 3006 ipsecesp_stack_t *espstack, cred_t *cr) 3007 { 3008 mblk_t *pfkey_msg_mp, *keysock_out_mp; 3009 sadb_msg_t *samsg; 3010 sadb_supported_t *sasupp_auth = NULL; 3011 sadb_supported_t *sasupp_encr = NULL; 3012 sadb_alg_t *saalg; 3013 uint_t allocsize = sizeof (*samsg); 3014 uint_t i, numalgs_snap; 3015 int current_aalgs; 3016 ipsec_alginfo_t **authalgs; 3017 uint_t num_aalgs; 3018 int current_ealgs; 3019 ipsec_alginfo_t **encralgs; 3020 uint_t num_ealgs; 3021 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 3022 sadb_sens_t *sens; 3023 size_t sens_len = 0; 3024 sadb_ext_t *nextext; 3025 ts_label_t *sens_tsl = NULL; 3026 3027 /* Allocate the KEYSOCK_OUT. */ 3028 keysock_out_mp = sadb_keysock_out(serial); 3029 if (keysock_out_mp == NULL) { 3030 esp0dbg(("esp_register_out: couldn't allocate mblk.\n")); 3031 return (B_FALSE); 3032 } 3033 3034 if (is_system_labeled() && (cr != NULL)) { 3035 sens_tsl = crgetlabel(cr); 3036 if (sens_tsl != NULL) { 3037 sens_len = sadb_sens_len_from_label(sens_tsl); 3038 allocsize += sens_len; 3039 } 3040 } 3041 3042 /* 3043 * Allocate the PF_KEY message that follows KEYSOCK_OUT. 3044 */ 3045 3046 mutex_enter(&ipss->ipsec_alg_lock); 3047 /* 3048 * Fill SADB_REGISTER message's algorithm descriptors. Hold 3049 * down the lock while filling it. 3050 * 3051 * Return only valid algorithms, so the number of algorithms 3052 * to send up may be less than the number of algorithm entries 3053 * in the table. 3054 */ 3055 authalgs = ipss->ipsec_alglists[IPSEC_ALG_AUTH]; 3056 for (num_aalgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++) 3057 if (authalgs[i] != NULL && ALG_VALID(authalgs[i])) 3058 num_aalgs++; 3059 3060 if (num_aalgs != 0) { 3061 allocsize += (num_aalgs * sizeof (*saalg)); 3062 allocsize += sizeof (*sasupp_auth); 3063 } 3064 encralgs = ipss->ipsec_alglists[IPSEC_ALG_ENCR]; 3065 for (num_ealgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++) 3066 if (encralgs[i] != NULL && ALG_VALID(encralgs[i])) 3067 num_ealgs++; 3068 3069 if (num_ealgs != 0) { 3070 allocsize += (num_ealgs * sizeof (*saalg)); 3071 allocsize += sizeof (*sasupp_encr); 3072 } 3073 keysock_out_mp->b_cont = allocb(allocsize, BPRI_HI); 3074 if (keysock_out_mp->b_cont == NULL) { 3075 mutex_exit(&ipss->ipsec_alg_lock); 3076 freemsg(keysock_out_mp); 3077 return (B_FALSE); 3078 } 3079 pfkey_msg_mp = keysock_out_mp->b_cont; 3080 pfkey_msg_mp->b_wptr += allocsize; 3081 3082 nextext = (sadb_ext_t *)(pfkey_msg_mp->b_rptr + sizeof (*samsg)); 3083 3084 if (num_aalgs != 0) { 3085 sasupp_auth = (sadb_supported_t *)nextext; 3086 saalg = (sadb_alg_t *)(sasupp_auth + 1); 3087 3088 ASSERT(((ulong_t)saalg & 0x7) == 0); 3089 3090 numalgs_snap = 0; 3091 for (i = 0; 3092 ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_aalgs)); 3093 i++) { 3094 if (authalgs[i] == NULL || !ALG_VALID(authalgs[i])) 3095 continue; 3096 3097 saalg->sadb_alg_id = authalgs[i]->alg_id; 3098 saalg->sadb_alg_ivlen = 0; 3099 saalg->sadb_alg_minbits = authalgs[i]->alg_ef_minbits; 3100 saalg->sadb_alg_maxbits = authalgs[i]->alg_ef_maxbits; 3101 saalg->sadb_x_alg_increment = 3102 authalgs[i]->alg_increment; 3103 saalg->sadb_x_alg_saltbits = SADB_8TO1( 3104 authalgs[i]->alg_saltlen); 3105 numalgs_snap++; 3106 saalg++; 3107 } 3108 ASSERT(numalgs_snap == num_aalgs); 3109 #ifdef DEBUG 3110 /* 3111 * Reality check to make sure I snagged all of the 3112 * algorithms. 3113 */ 3114 for (; i < IPSEC_MAX_ALGS; i++) { 3115 if (authalgs[i] != NULL && ALG_VALID(authalgs[i])) { 3116 cmn_err(CE_PANIC, "esp_register_out()! " 3117 "Missed aalg #%d.\n", i); 3118 } 3119 } 3120 #endif /* DEBUG */ 3121 nextext = (sadb_ext_t *)saalg; 3122 } 3123 3124 if (num_ealgs != 0) { 3125 sasupp_encr = (sadb_supported_t *)nextext; 3126 saalg = (sadb_alg_t *)(sasupp_encr + 1); 3127 3128 numalgs_snap = 0; 3129 for (i = 0; 3130 ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_ealgs)); i++) { 3131 if (encralgs[i] == NULL || !ALG_VALID(encralgs[i])) 3132 continue; 3133 saalg->sadb_alg_id = encralgs[i]->alg_id; 3134 saalg->sadb_alg_ivlen = encralgs[i]->alg_ivlen; 3135 saalg->sadb_alg_minbits = encralgs[i]->alg_ef_minbits; 3136 saalg->sadb_alg_maxbits = encralgs[i]->alg_ef_maxbits; 3137 /* 3138 * We could advertise the ICV length, except there 3139 * is not a value in sadb_x_algb to do this. 3140 * saalg->sadb_alg_maclen = encralgs[i]->alg_maclen; 3141 */ 3142 saalg->sadb_x_alg_increment = 3143 encralgs[i]->alg_increment; 3144 saalg->sadb_x_alg_saltbits = 3145 SADB_8TO1(encralgs[i]->alg_saltlen); 3146 3147 numalgs_snap++; 3148 saalg++; 3149 } 3150 ASSERT(numalgs_snap == num_ealgs); 3151 #ifdef DEBUG 3152 /* 3153 * Reality check to make sure I snagged all of the 3154 * algorithms. 3155 */ 3156 for (; i < IPSEC_MAX_ALGS; i++) { 3157 if (encralgs[i] != NULL && ALG_VALID(encralgs[i])) { 3158 cmn_err(CE_PANIC, "esp_register_out()! " 3159 "Missed ealg #%d.\n", i); 3160 } 3161 } 3162 #endif /* DEBUG */ 3163 nextext = (sadb_ext_t *)saalg; 3164 } 3165 3166 current_aalgs = num_aalgs; 3167 current_ealgs = num_ealgs; 3168 3169 mutex_exit(&ipss->ipsec_alg_lock); 3170 3171 if (sens_tsl != NULL) { 3172 sens = (sadb_sens_t *)nextext; 3173 sadb_sens_from_label(sens, SADB_EXT_SENSITIVITY, 3174 sens_tsl, sens_len); 3175 3176 nextext = (sadb_ext_t *)(((uint8_t *)sens) + sens_len); 3177 } 3178 3179 /* Now fill the rest of the SADB_REGISTER message. */ 3180 3181 samsg = (sadb_msg_t *)pfkey_msg_mp->b_rptr; 3182 samsg->sadb_msg_version = PF_KEY_V2; 3183 samsg->sadb_msg_type = SADB_REGISTER; 3184 samsg->sadb_msg_errno = 0; 3185 samsg->sadb_msg_satype = SADB_SATYPE_ESP; 3186 samsg->sadb_msg_len = SADB_8TO64(allocsize); 3187 samsg->sadb_msg_reserved = 0; 3188 /* 3189 * Assume caller has sufficient sequence/pid number info. If it's one 3190 * from me over a new alg., I could give two hoots about sequence. 3191 */ 3192 samsg->sadb_msg_seq = sequence; 3193 samsg->sadb_msg_pid = pid; 3194 3195 if (sasupp_auth != NULL) { 3196 sasupp_auth->sadb_supported_len = SADB_8TO64( 3197 sizeof (*sasupp_auth) + sizeof (*saalg) * current_aalgs); 3198 sasupp_auth->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 3199 sasupp_auth->sadb_supported_reserved = 0; 3200 } 3201 3202 if (sasupp_encr != NULL) { 3203 sasupp_encr->sadb_supported_len = SADB_8TO64( 3204 sizeof (*sasupp_encr) + sizeof (*saalg) * current_ealgs); 3205 sasupp_encr->sadb_supported_exttype = 3206 SADB_EXT_SUPPORTED_ENCRYPT; 3207 sasupp_encr->sadb_supported_reserved = 0; 3208 } 3209 3210 if (espstack->esp_pfkey_q != NULL) 3211 putnext(espstack->esp_pfkey_q, keysock_out_mp); 3212 else { 3213 freemsg(keysock_out_mp); 3214 return (B_FALSE); 3215 } 3216 3217 return (B_TRUE); 3218 } 3219 3220 /* 3221 * Invoked when the algorithm table changes. Causes SADB_REGISTER 3222 * messages continaining the current list of algorithms to be 3223 * sent up to the ESP listeners. 3224 */ 3225 void 3226 ipsecesp_algs_changed(netstack_t *ns) 3227 { 3228 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 3229 3230 /* 3231 * Time to send a PF_KEY SADB_REGISTER message to ESP listeners 3232 * everywhere. (The function itself checks for NULL esp_pfkey_q.) 3233 */ 3234 (void) esp_register_out(0, 0, 0, espstack, NULL); 3235 } 3236 3237 /* 3238 * Stub function that taskq_dispatch() invokes to take the mblk (in arg) 3239 * and send() it into ESP and IP again. 3240 */ 3241 static void 3242 inbound_task(void *arg) 3243 { 3244 mblk_t *mp = (mblk_t *)arg; 3245 mblk_t *async_mp; 3246 ip_recv_attr_t iras; 3247 3248 async_mp = mp; 3249 mp = async_mp->b_cont; 3250 async_mp->b_cont = NULL; 3251 if (!ip_recv_attr_from_mblk(async_mp, &iras)) { 3252 /* The ill or ip_stack_t disappeared on us */ 3253 ip_drop_input("ip_recv_attr_from_mblk", mp, NULL); 3254 freemsg(mp); 3255 goto done; 3256 } 3257 3258 esp_inbound_restart(mp, &iras); 3259 done: 3260 ira_cleanup(&iras, B_TRUE); 3261 } 3262 3263 /* 3264 * Restart ESP after the SA has been added. 3265 */ 3266 static void 3267 esp_inbound_restart(mblk_t *mp, ip_recv_attr_t *ira) 3268 { 3269 esph_t *esph; 3270 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack; 3271 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 3272 3273 esp2dbg(espstack, ("in ESP inbound_task")); 3274 ASSERT(espstack != NULL); 3275 3276 mp = ipsec_inbound_esp_sa(mp, ira, &esph); 3277 if (mp == NULL) 3278 return; 3279 3280 ASSERT(esph != NULL); 3281 ASSERT(ira->ira_flags & IRAF_IPSEC_SECURE); 3282 ASSERT(ira->ira_ipsec_esp_sa != NULL); 3283 3284 mp = ira->ira_ipsec_esp_sa->ipsa_input_func(mp, esph, ira); 3285 if (mp == NULL) { 3286 /* 3287 * Either it failed or is pending. In the former case 3288 * ipIfStatsInDiscards was increased. 3289 */ 3290 return; 3291 } 3292 3293 ip_input_post_ipsec(mp, ira); 3294 } 3295 3296 /* 3297 * Now that weak-key passed, actually ADD the security association, and 3298 * send back a reply ADD message. 3299 */ 3300 static int 3301 esp_add_sa_finish(mblk_t *mp, sadb_msg_t *samsg, keysock_in_t *ksi, 3302 int *diagnostic, ipsecesp_stack_t *espstack) 3303 { 3304 isaf_t *primary = NULL, *secondary; 3305 boolean_t clone = B_FALSE, is_inbound = B_FALSE; 3306 ipsa_t *larval = NULL; 3307 ipsacq_t *acqrec; 3308 iacqf_t *acq_bucket; 3309 mblk_t *acq_msgs = NULL; 3310 int rc; 3311 mblk_t *lpkt; 3312 int error; 3313 ipsa_query_t sq; 3314 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 3315 3316 /* 3317 * Locate the appropriate table(s). 3318 */ 3319 sq.spp = &espstack->esp_sadb; /* XXX */ 3320 error = sadb_form_query(ksi, IPSA_Q_SA|IPSA_Q_DST, 3321 IPSA_Q_SA|IPSA_Q_DST|IPSA_Q_INBOUND|IPSA_Q_OUTBOUND, 3322 &sq, diagnostic); 3323 if (error) 3324 return (error); 3325 3326 /* 3327 * Use the direction flags provided by the KMD to determine 3328 * if the inbound or outbound table should be the primary 3329 * for this SA. If these flags were absent then make this 3330 * decision based on the addresses. 3331 */ 3332 if (sq.assoc->sadb_sa_flags & IPSA_F_INBOUND) { 3333 primary = sq.inbound; 3334 secondary = sq.outbound; 3335 is_inbound = B_TRUE; 3336 if (sq.assoc->sadb_sa_flags & IPSA_F_OUTBOUND) 3337 clone = B_TRUE; 3338 } else if (sq.assoc->sadb_sa_flags & IPSA_F_OUTBOUND) { 3339 primary = sq.outbound; 3340 secondary = sq.inbound; 3341 } 3342 3343 if (primary == NULL) { 3344 /* 3345 * The KMD did not set a direction flag, determine which 3346 * table to insert the SA into based on addresses. 3347 */ 3348 switch (ksi->ks_in_dsttype) { 3349 case KS_IN_ADDR_MBCAST: 3350 clone = B_TRUE; /* All mcast SAs can be bidirectional */ 3351 sq.assoc->sadb_sa_flags |= IPSA_F_OUTBOUND; 3352 /* FALLTHRU */ 3353 /* 3354 * If the source address is either one of mine, or unspecified 3355 * (which is best summed up by saying "not 'not mine'"), 3356 * then the association is potentially bi-directional, 3357 * in that it can be used for inbound traffic and outbound 3358 * traffic. The best example of such an SA is a multicast 3359 * SA (which allows me to receive the outbound traffic). 3360 */ 3361 case KS_IN_ADDR_ME: 3362 sq.assoc->sadb_sa_flags |= IPSA_F_INBOUND; 3363 primary = sq.inbound; 3364 secondary = sq.outbound; 3365 if (ksi->ks_in_srctype != KS_IN_ADDR_NOTME) 3366 clone = B_TRUE; 3367 is_inbound = B_TRUE; 3368 break; 3369 /* 3370 * If the source address literally not mine (either 3371 * unspecified or not mine), then this SA may have an 3372 * address that WILL be mine after some configuration. 3373 * We pay the price for this by making it a bi-directional 3374 * SA. 3375 */ 3376 case KS_IN_ADDR_NOTME: 3377 sq.assoc->sadb_sa_flags |= IPSA_F_OUTBOUND; 3378 primary = sq.outbound; 3379 secondary = sq.inbound; 3380 if (ksi->ks_in_srctype != KS_IN_ADDR_ME) { 3381 sq.assoc->sadb_sa_flags |= IPSA_F_INBOUND; 3382 clone = B_TRUE; 3383 } 3384 break; 3385 default: 3386 *diagnostic = SADB_X_DIAGNOSTIC_BAD_DST; 3387 return (EINVAL); 3388 } 3389 } 3390 3391 /* 3392 * Find a ACQUIRE list entry if possible. If we've added an SA that 3393 * suits the needs of an ACQUIRE list entry, we can eliminate the 3394 * ACQUIRE list entry and transmit the enqueued packets. Use the 3395 * high-bit of the sequence number to queue it. Key off destination 3396 * addr, and change acqrec's state. 3397 */ 3398 3399 if (samsg->sadb_msg_seq & IACQF_LOWEST_SEQ) { 3400 acq_bucket = &(sq.sp->sdb_acq[sq.outhash]); 3401 mutex_enter(&acq_bucket->iacqf_lock); 3402 for (acqrec = acq_bucket->iacqf_ipsacq; acqrec != NULL; 3403 acqrec = acqrec->ipsacq_next) { 3404 mutex_enter(&acqrec->ipsacq_lock); 3405 /* 3406 * Q: I only check sequence. Should I check dst? 3407 * A: Yes, check dest because those are the packets 3408 * that are queued up. 3409 */ 3410 if (acqrec->ipsacq_seq == samsg->sadb_msg_seq && 3411 IPSA_ARE_ADDR_EQUAL(sq.dstaddr, 3412 acqrec->ipsacq_dstaddr, acqrec->ipsacq_addrfam)) 3413 break; 3414 mutex_exit(&acqrec->ipsacq_lock); 3415 } 3416 if (acqrec != NULL) { 3417 /* 3418 * AHA! I found an ACQUIRE record for this SA. 3419 * Grab the msg list, and free the acquire record. 3420 * I already am holding the lock for this record, 3421 * so all I have to do is free it. 3422 */ 3423 acq_msgs = acqrec->ipsacq_mp; 3424 acqrec->ipsacq_mp = NULL; 3425 mutex_exit(&acqrec->ipsacq_lock); 3426 sadb_destroy_acquire(acqrec, 3427 espstack->ipsecesp_netstack); 3428 } 3429 mutex_exit(&acq_bucket->iacqf_lock); 3430 } 3431 3432 /* 3433 * Find PF_KEY message, and see if I'm an update. If so, find entry 3434 * in larval list (if there). 3435 */ 3436 if (samsg->sadb_msg_type == SADB_UPDATE) { 3437 mutex_enter(&sq.inbound->isaf_lock); 3438 larval = ipsec_getassocbyspi(sq.inbound, sq.assoc->sadb_sa_spi, 3439 ALL_ZEROES_PTR, sq.dstaddr, sq.dst->sin_family); 3440 mutex_exit(&sq.inbound->isaf_lock); 3441 3442 if ((larval == NULL) || 3443 (larval->ipsa_state != IPSA_STATE_LARVAL)) { 3444 *diagnostic = SADB_X_DIAGNOSTIC_SA_NOTFOUND; 3445 if (larval != NULL) { 3446 IPSA_REFRELE(larval); 3447 } 3448 esp0dbg(("Larval update, but larval disappeared.\n")); 3449 return (ESRCH); 3450 } /* Else sadb_common_add unlinks it for me! */ 3451 } 3452 3453 if (larval != NULL) { 3454 /* 3455 * Hold again, because sadb_common_add() consumes a reference, 3456 * and we don't want to clear_lpkt() without a reference. 3457 */ 3458 IPSA_REFHOLD(larval); 3459 } 3460 3461 rc = sadb_common_add(espstack->esp_pfkey_q, 3462 mp, samsg, ksi, primary, secondary, larval, clone, is_inbound, 3463 diagnostic, espstack->ipsecesp_netstack, &espstack->esp_sadb); 3464 3465 if (larval != NULL) { 3466 if (rc == 0) { 3467 lpkt = sadb_clear_lpkt(larval); 3468 if (lpkt != NULL) { 3469 rc = !taskq_dispatch(esp_taskq, inbound_task, 3470 lpkt, TQ_NOSLEEP); 3471 } 3472 } 3473 IPSA_REFRELE(larval); 3474 } 3475 3476 /* 3477 * How much more stack will I create with all of these 3478 * esp_outbound() calls? 3479 */ 3480 3481 /* Handle the packets queued waiting for the SA */ 3482 while (acq_msgs != NULL) { 3483 mblk_t *asyncmp; 3484 mblk_t *data_mp; 3485 ip_xmit_attr_t ixas; 3486 ill_t *ill; 3487 3488 asyncmp = acq_msgs; 3489 acq_msgs = acq_msgs->b_next; 3490 asyncmp->b_next = NULL; 3491 3492 /* 3493 * Extract the ip_xmit_attr_t from the first mblk. 3494 * Verifies that the netstack and ill is still around; could 3495 * have vanished while iked was doing its work. 3496 * On succesful return we have a nce_t and the ill/ipst can't 3497 * disappear until we do the nce_refrele in ixa_cleanup. 3498 */ 3499 data_mp = asyncmp->b_cont; 3500 asyncmp->b_cont = NULL; 3501 if (!ip_xmit_attr_from_mblk(asyncmp, &ixas)) { 3502 ESP_BUMP_STAT(espstack, out_discards); 3503 ip_drop_packet(data_mp, B_FALSE, NULL, 3504 DROPPER(ipss, ipds_sadb_acquire_timeout), 3505 &espstack->esp_dropper); 3506 } else if (rc != 0) { 3507 ill = ixas.ixa_nce->nce_ill; 3508 ESP_BUMP_STAT(espstack, out_discards); 3509 ip_drop_packet(data_mp, B_FALSE, ill, 3510 DROPPER(ipss, ipds_sadb_acquire_timeout), 3511 &espstack->esp_dropper); 3512 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 3513 } else { 3514 esp_outbound_finish(data_mp, &ixas); 3515 } 3516 ixa_cleanup(&ixas); 3517 } 3518 3519 return (rc); 3520 } 3521 3522 /* 3523 * Process one of the queued messages (from ipsacq_mp) once the SA 3524 * has been added. 3525 */ 3526 static void 3527 esp_outbound_finish(mblk_t *data_mp, ip_xmit_attr_t *ixa) 3528 { 3529 netstack_t *ns = ixa->ixa_ipst->ips_netstack; 3530 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 3531 ipsec_stack_t *ipss = ns->netstack_ipsec; 3532 ill_t *ill = ixa->ixa_nce->nce_ill; 3533 3534 if (!ipsec_outbound_sa(data_mp, ixa, IPPROTO_ESP)) { 3535 ESP_BUMP_STAT(espstack, out_discards); 3536 ip_drop_packet(data_mp, B_FALSE, ill, 3537 DROPPER(ipss, ipds_sadb_acquire_timeout), 3538 &espstack->esp_dropper); 3539 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 3540 return; 3541 } 3542 3543 data_mp = esp_outbound(data_mp, ixa); 3544 if (data_mp == NULL) 3545 return; 3546 3547 /* do AH processing if needed */ 3548 data_mp = esp_do_outbound_ah(data_mp, ixa); 3549 if (data_mp == NULL) 3550 return; 3551 3552 (void) ip_output_post_ipsec(data_mp, ixa); 3553 } 3554 3555 /* 3556 * Add new ESP security association. This may become a generic AH/ESP 3557 * routine eventually. 3558 */ 3559 static int 3560 esp_add_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic, netstack_t *ns) 3561 { 3562 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 3563 sadb_address_t *srcext = 3564 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC]; 3565 sadb_address_t *dstext = 3566 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3567 sadb_address_t *isrcext = 3568 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_INNER_SRC]; 3569 sadb_address_t *idstext = 3570 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_INNER_DST]; 3571 sadb_address_t *nttext_loc = 3572 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_NATT_LOC]; 3573 sadb_address_t *nttext_rem = 3574 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_NATT_REM]; 3575 sadb_key_t *akey = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_AUTH]; 3576 sadb_key_t *ekey = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_ENCRYPT]; 3577 struct sockaddr_in *src, *dst; 3578 struct sockaddr_in *natt_loc, *natt_rem; 3579 struct sockaddr_in6 *natt_loc6, *natt_rem6; 3580 sadb_lifetime_t *soft = 3581 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_SOFT]; 3582 sadb_lifetime_t *hard = 3583 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_HARD]; 3584 sadb_lifetime_t *idle = 3585 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_X_EXT_LIFETIME_IDLE]; 3586 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 3587 ipsec_stack_t *ipss = ns->netstack_ipsec; 3588 3589 3590 3591 /* I need certain extensions present for an ADD message. */ 3592 if (srcext == NULL) { 3593 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SRC; 3594 return (EINVAL); 3595 } 3596 if (dstext == NULL) { 3597 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST; 3598 return (EINVAL); 3599 } 3600 if (isrcext == NULL && idstext != NULL) { 3601 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_INNER_SRC; 3602 return (EINVAL); 3603 } 3604 if (isrcext != NULL && idstext == NULL) { 3605 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_INNER_DST; 3606 return (EINVAL); 3607 } 3608 if (assoc == NULL) { 3609 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA; 3610 return (EINVAL); 3611 } 3612 if (ekey == NULL && assoc->sadb_sa_encrypt != SADB_EALG_NULL) { 3613 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_EKEY; 3614 return (EINVAL); 3615 } 3616 3617 src = (struct sockaddr_in *)(srcext + 1); 3618 dst = (struct sockaddr_in *)(dstext + 1); 3619 natt_loc = (struct sockaddr_in *)(nttext_loc + 1); 3620 natt_loc6 = (struct sockaddr_in6 *)(nttext_loc + 1); 3621 natt_rem = (struct sockaddr_in *)(nttext_rem + 1); 3622 natt_rem6 = (struct sockaddr_in6 *)(nttext_rem + 1); 3623 3624 /* Sundry ADD-specific reality checks. */ 3625 /* XXX STATS : Logging/stats here? */ 3626 3627 if ((assoc->sadb_sa_state != SADB_SASTATE_MATURE) && 3628 (assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE_ELSEWHERE)) { 3629 *diagnostic = SADB_X_DIAGNOSTIC_BAD_SASTATE; 3630 return (EINVAL); 3631 } 3632 if (assoc->sadb_sa_encrypt == SADB_EALG_NONE) { 3633 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG; 3634 return (EINVAL); 3635 } 3636 3637 #ifndef IPSEC_LATENCY_TEST 3638 if (assoc->sadb_sa_encrypt == SADB_EALG_NULL && 3639 assoc->sadb_sa_auth == SADB_AALG_NONE) { 3640 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG; 3641 return (EINVAL); 3642 } 3643 #endif 3644 3645 if (assoc->sadb_sa_flags & ~espstack->esp_sadb.s_addflags) { 3646 *diagnostic = SADB_X_DIAGNOSTIC_BAD_SAFLAGS; 3647 return (EINVAL); 3648 } 3649 3650 if ((*diagnostic = sadb_hardsoftchk(hard, soft, idle)) != 0) { 3651 return (EINVAL); 3652 } 3653 ASSERT(src->sin_family == dst->sin_family); 3654 3655 if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_LOC) { 3656 if (nttext_loc == NULL) { 3657 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_NATT_LOC; 3658 return (EINVAL); 3659 } 3660 3661 if (natt_loc->sin_family == AF_INET6 && 3662 !IN6_IS_ADDR_V4MAPPED(&natt_loc6->sin6_addr)) { 3663 *diagnostic = SADB_X_DIAGNOSTIC_MALFORMED_NATT_LOC; 3664 return (EINVAL); 3665 } 3666 } 3667 3668 if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_REM) { 3669 if (nttext_rem == NULL) { 3670 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_NATT_REM; 3671 return (EINVAL); 3672 } 3673 if (natt_rem->sin_family == AF_INET6 && 3674 !IN6_IS_ADDR_V4MAPPED(&natt_rem6->sin6_addr)) { 3675 *diagnostic = SADB_X_DIAGNOSTIC_MALFORMED_NATT_REM; 3676 return (EINVAL); 3677 } 3678 } 3679 3680 3681 /* Stuff I don't support, for now. XXX Diagnostic? */ 3682 if (ksi->ks_in_extv[SADB_EXT_LIFETIME_CURRENT] != NULL) 3683 return (EOPNOTSUPP); 3684 3685 if ((*diagnostic = sadb_labelchk(ksi)) != 0) 3686 return (EINVAL); 3687 3688 /* 3689 * XXX Policy : I'm not checking identities at this time, 3690 * but if I did, I'd do them here, before I sent 3691 * the weak key check up to the algorithm. 3692 */ 3693 3694 mutex_enter(&ipss->ipsec_alg_lock); 3695 3696 /* 3697 * First locate the authentication algorithm. 3698 */ 3699 #ifdef IPSEC_LATENCY_TEST 3700 if (akey != NULL && assoc->sadb_sa_auth != SADB_AALG_NONE) { 3701 #else 3702 if (akey != NULL) { 3703 #endif 3704 ipsec_alginfo_t *aalg; 3705 3706 aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH] 3707 [assoc->sadb_sa_auth]; 3708 if (aalg == NULL || !ALG_VALID(aalg)) { 3709 mutex_exit(&ipss->ipsec_alg_lock); 3710 esp1dbg(espstack, ("Couldn't find auth alg #%d.\n", 3711 assoc->sadb_sa_auth)); 3712 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG; 3713 return (EINVAL); 3714 } 3715 3716 /* 3717 * Sanity check key sizes. 3718 * Note: It's not possible to use SADB_AALG_NONE because 3719 * this auth_alg is not defined with ALG_FLAG_VALID. If this 3720 * ever changes, the same check for SADB_AALG_NONE and 3721 * a auth_key != NULL should be made here ( see below). 3722 */ 3723 if (!ipsec_valid_key_size(akey->sadb_key_bits, aalg)) { 3724 mutex_exit(&ipss->ipsec_alg_lock); 3725 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AKEYBITS; 3726 return (EINVAL); 3727 } 3728 ASSERT(aalg->alg_mech_type != CRYPTO_MECHANISM_INVALID); 3729 3730 /* check key and fix parity if needed */ 3731 if (ipsec_check_key(aalg->alg_mech_type, akey, B_TRUE, 3732 diagnostic) != 0) { 3733 mutex_exit(&ipss->ipsec_alg_lock); 3734 return (EINVAL); 3735 } 3736 } 3737 3738 /* 3739 * Then locate the encryption algorithm. 3740 */ 3741 if (ekey != NULL) { 3742 uint_t keybits; 3743 ipsec_alginfo_t *ealg; 3744 3745 ealg = ipss->ipsec_alglists[IPSEC_ALG_ENCR] 3746 [assoc->sadb_sa_encrypt]; 3747 if (ealg == NULL || !ALG_VALID(ealg)) { 3748 mutex_exit(&ipss->ipsec_alg_lock); 3749 esp1dbg(espstack, ("Couldn't find encr alg #%d.\n", 3750 assoc->sadb_sa_encrypt)); 3751 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG; 3752 return (EINVAL); 3753 } 3754 3755 /* 3756 * Sanity check key sizes. If the encryption algorithm is 3757 * SADB_EALG_NULL but the encryption key is NOT 3758 * NULL then complain. 3759 * 3760 * The keying material includes salt bits if required by 3761 * algorithm and optionally the Initial IV, check the 3762 * length of whats left. 3763 */ 3764 keybits = ekey->sadb_key_bits; 3765 keybits -= ekey->sadb_key_reserved; 3766 keybits -= SADB_8TO1(ealg->alg_saltlen); 3767 if ((assoc->sadb_sa_encrypt == SADB_EALG_NULL) || 3768 (!ipsec_valid_key_size(keybits, ealg))) { 3769 mutex_exit(&ipss->ipsec_alg_lock); 3770 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EKEYBITS; 3771 return (EINVAL); 3772 } 3773 ASSERT(ealg->alg_mech_type != CRYPTO_MECHANISM_INVALID); 3774 3775 /* check key */ 3776 if (ipsec_check_key(ealg->alg_mech_type, ekey, B_FALSE, 3777 diagnostic) != 0) { 3778 mutex_exit(&ipss->ipsec_alg_lock); 3779 return (EINVAL); 3780 } 3781 } 3782 mutex_exit(&ipss->ipsec_alg_lock); 3783 3784 return (esp_add_sa_finish(mp, (sadb_msg_t *)mp->b_cont->b_rptr, ksi, 3785 diagnostic, espstack)); 3786 } 3787 3788 /* 3789 * Update a security association. Updates come in two varieties. The first 3790 * is an update of lifetimes on a non-larval SA. The second is an update of 3791 * a larval SA, which ends up looking a lot more like an add. 3792 */ 3793 static int 3794 esp_update_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic, 3795 ipsecesp_stack_t *espstack, uint8_t sadb_msg_type) 3796 { 3797 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 3798 mblk_t *buf_pkt; 3799 int rcode; 3800 3801 sadb_address_t *dstext = 3802 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3803 3804 if (dstext == NULL) { 3805 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST; 3806 return (EINVAL); 3807 } 3808 3809 rcode = sadb_update_sa(mp, ksi, &buf_pkt, &espstack->esp_sadb, 3810 diagnostic, espstack->esp_pfkey_q, esp_add_sa, 3811 espstack->ipsecesp_netstack, sadb_msg_type); 3812 3813 if ((assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE) || 3814 (rcode != 0)) { 3815 return (rcode); 3816 } 3817 3818 HANDLE_BUF_PKT(esp_taskq, espstack->ipsecesp_netstack->netstack_ipsec, 3819 espstack->esp_dropper, buf_pkt); 3820 3821 return (rcode); 3822 } 3823 3824 /* XXX refactor me */ 3825 /* 3826 * Delete a security association. This is REALLY likely to be code common to 3827 * both AH and ESP. Find the association, then unlink it. 3828 */ 3829 static int 3830 esp_del_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic, 3831 ipsecesp_stack_t *espstack, uint8_t sadb_msg_type) 3832 { 3833 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 3834 sadb_address_t *dstext = 3835 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3836 sadb_address_t *srcext = 3837 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC]; 3838 struct sockaddr_in *sin; 3839 3840 if (assoc == NULL) { 3841 if (dstext != NULL) { 3842 sin = (struct sockaddr_in *)(dstext + 1); 3843 } else if (srcext != NULL) { 3844 sin = (struct sockaddr_in *)(srcext + 1); 3845 } else { 3846 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA; 3847 return (EINVAL); 3848 } 3849 return (sadb_purge_sa(mp, ksi, 3850 (sin->sin_family == AF_INET6) ? &espstack->esp_sadb.s_v6 : 3851 &espstack->esp_sadb.s_v4, diagnostic, 3852 espstack->esp_pfkey_q)); 3853 } 3854 3855 return (sadb_delget_sa(mp, ksi, &espstack->esp_sadb, diagnostic, 3856 espstack->esp_pfkey_q, sadb_msg_type)); 3857 } 3858 3859 /* XXX refactor me */ 3860 /* 3861 * Convert the entire contents of all of ESP's SA tables into PF_KEY SADB_DUMP 3862 * messages. 3863 */ 3864 static void 3865 esp_dump(mblk_t *mp, keysock_in_t *ksi, ipsecesp_stack_t *espstack) 3866 { 3867 int error; 3868 sadb_msg_t *samsg; 3869 3870 /* 3871 * Dump each fanout, bailing if error is non-zero. 3872 */ 3873 3874 error = sadb_dump(espstack->esp_pfkey_q, mp, ksi, 3875 &espstack->esp_sadb.s_v4); 3876 if (error != 0) 3877 goto bail; 3878 3879 error = sadb_dump(espstack->esp_pfkey_q, mp, ksi, 3880 &espstack->esp_sadb.s_v6); 3881 bail: 3882 ASSERT(mp->b_cont != NULL); 3883 samsg = (sadb_msg_t *)mp->b_cont->b_rptr; 3884 samsg->sadb_msg_errno = (uint8_t)error; 3885 sadb_pfkey_echo(espstack->esp_pfkey_q, mp, 3886 (sadb_msg_t *)mp->b_cont->b_rptr, ksi, NULL); 3887 } 3888 3889 /* 3890 * First-cut reality check for an inbound PF_KEY message. 3891 */ 3892 static boolean_t 3893 esp_pfkey_reality_failures(mblk_t *mp, keysock_in_t *ksi, 3894 ipsecesp_stack_t *espstack) 3895 { 3896 int diagnostic; 3897 3898 if (ksi->ks_in_extv[SADB_EXT_PROPOSAL] != NULL) { 3899 diagnostic = SADB_X_DIAGNOSTIC_PROP_PRESENT; 3900 goto badmsg; 3901 } 3902 if (ksi->ks_in_extv[SADB_EXT_SUPPORTED_AUTH] != NULL || 3903 ksi->ks_in_extv[SADB_EXT_SUPPORTED_ENCRYPT] != NULL) { 3904 diagnostic = SADB_X_DIAGNOSTIC_SUPP_PRESENT; 3905 goto badmsg; 3906 } 3907 return (B_FALSE); /* False ==> no failures */ 3908 3909 badmsg: 3910 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, diagnostic, 3911 ksi->ks_in_serial); 3912 return (B_TRUE); /* True ==> failures */ 3913 } 3914 3915 /* 3916 * ESP parsing of PF_KEY messages. Keysock did most of the really silly 3917 * error cases. What I receive is a fully-formed, syntactically legal 3918 * PF_KEY message. I then need to check semantics... 3919 * 3920 * This code may become common to AH and ESP. Stay tuned. 3921 * 3922 * I also make the assumption that db_ref's are cool. If this assumption 3923 * is wrong, this means that someone other than keysock or me has been 3924 * mucking with PF_KEY messages. 3925 */ 3926 static void 3927 esp_parse_pfkey(mblk_t *mp, ipsecesp_stack_t *espstack) 3928 { 3929 mblk_t *msg = mp->b_cont; 3930 sadb_msg_t *samsg; 3931 keysock_in_t *ksi; 3932 int error; 3933 int diagnostic = SADB_X_DIAGNOSTIC_NONE; 3934 3935 ASSERT(msg != NULL); 3936 3937 samsg = (sadb_msg_t *)msg->b_rptr; 3938 ksi = (keysock_in_t *)mp->b_rptr; 3939 3940 /* 3941 * If applicable, convert unspecified AF_INET6 to unspecified 3942 * AF_INET. And do other address reality checks. 3943 */ 3944 if (!sadb_addrfix(ksi, espstack->esp_pfkey_q, mp, 3945 espstack->ipsecesp_netstack) || 3946 esp_pfkey_reality_failures(mp, ksi, espstack)) { 3947 return; 3948 } 3949 3950 switch (samsg->sadb_msg_type) { 3951 case SADB_ADD: 3952 error = esp_add_sa(mp, ksi, &diagnostic, 3953 espstack->ipsecesp_netstack); 3954 if (error != 0) { 3955 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error, 3956 diagnostic, ksi->ks_in_serial); 3957 } 3958 /* else esp_add_sa() took care of things. */ 3959 break; 3960 case SADB_DELETE: 3961 case SADB_X_DELPAIR: 3962 case SADB_X_DELPAIR_STATE: 3963 error = esp_del_sa(mp, ksi, &diagnostic, espstack, 3964 samsg->sadb_msg_type); 3965 if (error != 0) { 3966 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error, 3967 diagnostic, ksi->ks_in_serial); 3968 } 3969 /* Else esp_del_sa() took care of things. */ 3970 break; 3971 case SADB_GET: 3972 error = sadb_delget_sa(mp, ksi, &espstack->esp_sadb, 3973 &diagnostic, espstack->esp_pfkey_q, samsg->sadb_msg_type); 3974 if (error != 0) { 3975 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error, 3976 diagnostic, ksi->ks_in_serial); 3977 } 3978 /* Else sadb_get_sa() took care of things. */ 3979 break; 3980 case SADB_FLUSH: 3981 sadbp_flush(&espstack->esp_sadb, espstack->ipsecesp_netstack); 3982 sadb_pfkey_echo(espstack->esp_pfkey_q, mp, samsg, ksi, NULL); 3983 break; 3984 case SADB_REGISTER: 3985 /* 3986 * Hmmm, let's do it! Check for extensions (there should 3987 * be none), extract the fields, call esp_register_out(), 3988 * then either free or report an error. 3989 * 3990 * Keysock takes care of the PF_KEY bookkeeping for this. 3991 */ 3992 if (esp_register_out(samsg->sadb_msg_seq, samsg->sadb_msg_pid, 3993 ksi->ks_in_serial, espstack, msg_getcred(mp, NULL))) { 3994 freemsg(mp); 3995 } else { 3996 /* 3997 * Only way this path hits is if there is a memory 3998 * failure. It will not return B_FALSE because of 3999 * lack of esp_pfkey_q if I am in wput(). 4000 */ 4001 sadb_pfkey_error(espstack->esp_pfkey_q, mp, ENOMEM, 4002 diagnostic, ksi->ks_in_serial); 4003 } 4004 break; 4005 case SADB_UPDATE: 4006 case SADB_X_UPDATEPAIR: 4007 /* 4008 * Find a larval, if not there, find a full one and get 4009 * strict. 4010 */ 4011 error = esp_update_sa(mp, ksi, &diagnostic, espstack, 4012 samsg->sadb_msg_type); 4013 if (error != 0) { 4014 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error, 4015 diagnostic, ksi->ks_in_serial); 4016 } 4017 /* else esp_update_sa() took care of things. */ 4018 break; 4019 case SADB_GETSPI: 4020 /* 4021 * Reserve a new larval entry. 4022 */ 4023 esp_getspi(mp, ksi, espstack); 4024 break; 4025 case SADB_ACQUIRE: 4026 /* 4027 * Find larval and/or ACQUIRE record and kill it (them), I'm 4028 * most likely an error. Inbound ACQUIRE messages should only 4029 * have the base header. 4030 */ 4031 sadb_in_acquire(samsg, &espstack->esp_sadb, 4032 espstack->esp_pfkey_q, espstack->ipsecesp_netstack); 4033 freemsg(mp); 4034 break; 4035 case SADB_DUMP: 4036 /* 4037 * Dump all entries. 4038 */ 4039 esp_dump(mp, ksi, espstack); 4040 /* esp_dump will take care of the return message, etc. */ 4041 break; 4042 case SADB_EXPIRE: 4043 /* Should never reach me. */ 4044 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EOPNOTSUPP, 4045 diagnostic, ksi->ks_in_serial); 4046 break; 4047 default: 4048 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, 4049 SADB_X_DIAGNOSTIC_UNKNOWN_MSG, ksi->ks_in_serial); 4050 break; 4051 } 4052 } 4053 4054 /* 4055 * Handle case where PF_KEY says it can't find a keysock for one of my 4056 * ACQUIRE messages. 4057 */ 4058 static void 4059 esp_keysock_no_socket(mblk_t *mp, ipsecesp_stack_t *espstack) 4060 { 4061 sadb_msg_t *samsg; 4062 keysock_out_err_t *kse = (keysock_out_err_t *)mp->b_rptr; 4063 4064 if (mp->b_cont == NULL) { 4065 freemsg(mp); 4066 return; 4067 } 4068 samsg = (sadb_msg_t *)mp->b_cont->b_rptr; 4069 4070 /* 4071 * If keysock can't find any registered, delete the acquire record 4072 * immediately, and handle errors. 4073 */ 4074 if (samsg->sadb_msg_type == SADB_ACQUIRE) { 4075 samsg->sadb_msg_errno = kse->ks_err_errno; 4076 samsg->sadb_msg_len = SADB_8TO64(sizeof (*samsg)); 4077 /* 4078 * Use the write-side of the esp_pfkey_q 4079 */ 4080 sadb_in_acquire(samsg, &espstack->esp_sadb, 4081 WR(espstack->esp_pfkey_q), espstack->ipsecesp_netstack); 4082 } 4083 4084 freemsg(mp); 4085 } 4086 4087 /* 4088 * ESP module write put routine. 4089 */ 4090 static void 4091 ipsecesp_wput(queue_t *q, mblk_t *mp) 4092 { 4093 ipsec_info_t *ii; 4094 struct iocblk *iocp; 4095 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 4096 4097 esp3dbg(espstack, ("In esp_wput().\n")); 4098 4099 /* NOTE: Each case must take care of freeing or passing mp. */ 4100 switch (mp->b_datap->db_type) { 4101 case M_CTL: 4102 if ((mp->b_wptr - mp->b_rptr) < sizeof (ipsec_info_t)) { 4103 /* Not big enough message. */ 4104 freemsg(mp); 4105 break; 4106 } 4107 ii = (ipsec_info_t *)mp->b_rptr; 4108 4109 switch (ii->ipsec_info_type) { 4110 case KEYSOCK_OUT_ERR: 4111 esp1dbg(espstack, ("Got KEYSOCK_OUT_ERR message.\n")); 4112 esp_keysock_no_socket(mp, espstack); 4113 break; 4114 case KEYSOCK_IN: 4115 ESP_BUMP_STAT(espstack, keysock_in); 4116 esp3dbg(espstack, ("Got KEYSOCK_IN message.\n")); 4117 4118 /* Parse the message. */ 4119 esp_parse_pfkey(mp, espstack); 4120 break; 4121 case KEYSOCK_HELLO: 4122 sadb_keysock_hello(&espstack->esp_pfkey_q, q, mp, 4123 esp_ager, (void *)espstack, &espstack->esp_event, 4124 SADB_SATYPE_ESP); 4125 break; 4126 default: 4127 esp2dbg(espstack, ("Got M_CTL from above of 0x%x.\n", 4128 ii->ipsec_info_type)); 4129 freemsg(mp); 4130 break; 4131 } 4132 break; 4133 case M_IOCTL: 4134 iocp = (struct iocblk *)mp->b_rptr; 4135 switch (iocp->ioc_cmd) { 4136 case ND_SET: 4137 case ND_GET: 4138 if (nd_getset(q, espstack->ipsecesp_g_nd, mp)) { 4139 qreply(q, mp); 4140 return; 4141 } else { 4142 iocp->ioc_error = ENOENT; 4143 } 4144 /* FALLTHRU */ 4145 default: 4146 /* We really don't support any other ioctls, do we? */ 4147 4148 /* Return EINVAL */ 4149 if (iocp->ioc_error != ENOENT) 4150 iocp->ioc_error = EINVAL; 4151 iocp->ioc_count = 0; 4152 mp->b_datap->db_type = M_IOCACK; 4153 qreply(q, mp); 4154 return; 4155 } 4156 default: 4157 esp3dbg(espstack, 4158 ("Got default message, type %d, passing to IP.\n", 4159 mp->b_datap->db_type)); 4160 putnext(q, mp); 4161 } 4162 } 4163 4164 /* 4165 * Wrapper to allow IP to trigger an ESP association failure message 4166 * during inbound SA selection. 4167 */ 4168 void 4169 ipsecesp_in_assocfailure(mblk_t *mp, char level, ushort_t sl, char *fmt, 4170 uint32_t spi, void *addr, int af, ip_recv_attr_t *ira) 4171 { 4172 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack; 4173 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 4174 ipsec_stack_t *ipss = ns->netstack_ipsec; 4175 4176 if (espstack->ipsecesp_log_unknown_spi) { 4177 ipsec_assocfailure(info.mi_idnum, 0, level, sl, fmt, spi, 4178 addr, af, espstack->ipsecesp_netstack); 4179 } 4180 4181 ip_drop_packet(mp, B_TRUE, ira->ira_ill, 4182 DROPPER(ipss, ipds_esp_no_sa), 4183 &espstack->esp_dropper); 4184 } 4185 4186 /* 4187 * Initialize the ESP input and output processing functions. 4188 */ 4189 void 4190 ipsecesp_init_funcs(ipsa_t *sa) 4191 { 4192 if (sa->ipsa_output_func == NULL) 4193 sa->ipsa_output_func = esp_outbound; 4194 if (sa->ipsa_input_func == NULL) 4195 sa->ipsa_input_func = esp_inbound; 4196 } 4197