1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <sys/types.h> 30 #include <sys/stream.h> 31 #include <sys/stropts.h> 32 #include <sys/errno.h> 33 #include <sys/strlog.h> 34 #include <sys/tihdr.h> 35 #include <sys/socket.h> 36 #include <sys/ddi.h> 37 #include <sys/sunddi.h> 38 #include <sys/kmem.h> 39 #include <sys/sysmacros.h> 40 #include <sys/cmn_err.h> 41 #include <sys/vtrace.h> 42 #include <sys/debug.h> 43 #include <sys/atomic.h> 44 #include <sys/strsun.h> 45 #include <sys/random.h> 46 #include <netinet/in.h> 47 #include <net/if.h> 48 #include <netinet/ip6.h> 49 #include <net/pfkeyv2.h> 50 51 #include <inet/common.h> 52 #include <inet/mi.h> 53 #include <inet/nd.h> 54 #include <inet/ip.h> 55 #include <inet/ip6.h> 56 #include <inet/sadb.h> 57 #include <inet/ipsec_info.h> 58 #include <inet/ipsec_impl.h> 59 #include <inet/ipsecesp.h> 60 #include <inet/ipdrop.h> 61 #include <inet/tcp.h> 62 #include <sys/kstat.h> 63 #include <sys/policy.h> 64 #include <sys/strsun.h> 65 #include <inet/udp_impl.h> 66 #include <sys/taskq.h> 67 68 #include <sys/iphada.h> 69 70 /* Packet dropper for ESP drops. */ 71 static ipdropper_t esp_dropper; 72 73 static kmutex_t ipsecesp_param_lock; /* Protects ipsecesp_param_arr[] below. */ 74 /* 75 * Table of ND variables supported by ipsecesp. These are loaded into 76 * ipsecesp_g_nd in ipsecesp_init_nd. 77 * All of these are alterable, within the min/max values given, at run time. 78 */ 79 static ipsecespparam_t ipsecesp_param_arr[] = { 80 /* min max value name */ 81 { 0, 3, 0, "ipsecesp_debug"}, 82 { 125, 32000, SADB_AGE_INTERVAL_DEFAULT, "ipsecesp_age_interval"}, 83 { 1, 10, 1, "ipsecesp_reap_delay"}, 84 { 1, SADB_MAX_REPLAY, 64, "ipsecesp_replay_size"}, 85 { 1, 300, 15, "ipsecesp_acquire_timeout"}, 86 { 1, 1800, 90, "ipsecesp_larval_timeout"}, 87 /* Default lifetime values for ACQUIRE messages. */ 88 { 0, 0xffffffffU, 0, "ipsecesp_default_soft_bytes"}, 89 { 0, 0xffffffffU, 0, "ipsecesp_default_hard_bytes"}, 90 { 0, 0xffffffffU, 24000, "ipsecesp_default_soft_addtime"}, 91 { 0, 0xffffffffU, 28800, "ipsecesp_default_hard_addtime"}, 92 { 0, 0xffffffffU, 0, "ipsecesp_default_soft_usetime"}, 93 { 0, 0xffffffffU, 0, "ipsecesp_default_hard_usetime"}, 94 { 0, 1, 0, "ipsecesp_log_unknown_spi"}, 95 { 0, 2, 1, "ipsecesp_padding_check"}, 96 }; 97 #define ipsecesp_debug ipsecesp_param_arr[0].ipsecesp_param_value 98 #define ipsecesp_age_interval ipsecesp_param_arr[1].ipsecesp_param_value 99 #define ipsecesp_age_int_max ipsecesp_param_arr[1].ipsecesp_param_max 100 #define ipsecesp_reap_delay ipsecesp_param_arr[2].ipsecesp_param_value 101 #define ipsecesp_replay_size ipsecesp_param_arr[3].ipsecesp_param_value 102 #define ipsecesp_acquire_timeout ipsecesp_param_arr[4].ipsecesp_param_value 103 #define ipsecesp_larval_timeout ipsecesp_param_arr[5].ipsecesp_param_value 104 #define ipsecesp_default_soft_bytes \ 105 ipsecesp_param_arr[6].ipsecesp_param_value 106 #define ipsecesp_default_hard_bytes \ 107 ipsecesp_param_arr[7].ipsecesp_param_value 108 #define ipsecesp_default_soft_addtime \ 109 ipsecesp_param_arr[8].ipsecesp_param_value 110 #define ipsecesp_default_hard_addtime \ 111 ipsecesp_param_arr[9].ipsecesp_param_value 112 #define ipsecesp_default_soft_usetime \ 113 ipsecesp_param_arr[10].ipsecesp_param_value 114 #define ipsecesp_default_hard_usetime \ 115 ipsecesp_param_arr[11].ipsecesp_param_value 116 #define ipsecesp_log_unknown_spi \ 117 ipsecesp_param_arr[12].ipsecesp_param_value 118 #define ipsecesp_padding_check \ 119 ipsecesp_param_arr[13].ipsecesp_param_value 120 121 #define esp0dbg(a) printf a 122 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */ 123 #define esp1dbg(a) if (ipsecesp_debug != 0) printf a 124 #define esp2dbg(a) if (ipsecesp_debug > 1) printf a 125 #define esp3dbg(a) if (ipsecesp_debug > 2) printf a 126 127 static IDP ipsecesp_g_nd; 128 129 static int ipsecesp_open(queue_t *, dev_t *, int, int, cred_t *); 130 static int ipsecesp_close(queue_t *); 131 static void ipsecesp_rput(queue_t *, mblk_t *); 132 static void ipsecesp_wput(queue_t *, mblk_t *); 133 static void esp_send_acquire(ipsacq_t *, mblk_t *); 134 135 static ipsec_status_t esp_outbound_accelerated(mblk_t *, uint_t); 136 static ipsec_status_t esp_inbound_accelerated(mblk_t *, mblk_t *, 137 boolean_t, ipsa_t *); 138 139 static boolean_t esp_register_out(uint32_t, uint32_t, uint_t); 140 static boolean_t esp_strip_header(mblk_t *, boolean_t, uint32_t, 141 kstat_named_t **); 142 static ipsec_status_t esp_submit_req_inbound(mblk_t *, ipsa_t *, uint_t); 143 static ipsec_status_t esp_submit_req_outbound(mblk_t *, ipsa_t *, uchar_t *, 144 uint_t); 145 146 static struct module_info info = { 147 5137, "ipsecesp", 0, INFPSZ, 65536, 1024 148 }; 149 150 static struct qinit rinit = { 151 (pfi_t)ipsecesp_rput, NULL, ipsecesp_open, ipsecesp_close, NULL, &info, 152 NULL 153 }; 154 155 static struct qinit winit = { 156 (pfi_t)ipsecesp_wput, NULL, ipsecesp_open, ipsecesp_close, NULL, &info, 157 NULL 158 }; 159 160 struct streamtab ipsecespinfo = { 161 &rinit, &winit, NULL, NULL 162 }; 163 164 /* 165 * Keysock instance of ESP. "There can be only one." :) 166 * Use casptr() on this because I don't set it until KEYSOCK_HELLO comes down. 167 * Paired up with the esp_pfkey_q is the esp_event, which will age SAs. 168 */ 169 static queue_t *esp_pfkey_q; 170 static timeout_id_t esp_event; 171 static taskq_t *esp_taskq; 172 173 /* 174 * OTOH, this one is set at open/close, and I'm D_MTQPAIR for now. 175 * 176 * Question: Do I need this, given that all instance's esps->esps_wq point 177 * to IP? 178 * 179 * Answer: Yes, because I need to know which queue is BOUND to 180 * IPPROTO_ESP 181 */ 182 static mblk_t *esp_ip_unbind; 183 184 /* 185 * Stats. This may eventually become a full-blown SNMP MIB once that spec 186 * stabilizes. 187 */ 188 189 typedef struct { 190 kstat_named_t esp_stat_num_aalgs; 191 kstat_named_t esp_stat_good_auth; 192 kstat_named_t esp_stat_bad_auth; 193 kstat_named_t esp_stat_bad_padding; 194 kstat_named_t esp_stat_replay_failures; 195 kstat_named_t esp_stat_replay_early_failures; 196 kstat_named_t esp_stat_keysock_in; 197 kstat_named_t esp_stat_out_requests; 198 kstat_named_t esp_stat_acquire_requests; 199 kstat_named_t esp_stat_bytes_expired; 200 kstat_named_t esp_stat_out_discards; 201 kstat_named_t esp_stat_in_accelerated; 202 kstat_named_t esp_stat_out_accelerated; 203 kstat_named_t esp_stat_noaccel; 204 kstat_named_t esp_stat_crypto_sync; 205 kstat_named_t esp_stat_crypto_async; 206 kstat_named_t esp_stat_crypto_failures; 207 kstat_named_t esp_stat_num_ealgs; 208 kstat_named_t esp_stat_bad_decrypt; 209 } esp_kstats_t; 210 211 #define ESP_BUMP_STAT(x) (esp_kstats->esp_stat_ ## x).value.ui64++ 212 #define ESP_DEBUMP_STAT(x) (esp_kstats->esp_stat_ ## x).value.ui64-- 213 214 static kstat_t *esp_ksp; 215 static esp_kstats_t *esp_kstats; 216 217 static int esp_kstat_update(kstat_t *, int); 218 219 static boolean_t 220 esp_kstat_init(void) 221 { 222 esp_ksp = kstat_create("ipsecesp", 0, "esp_stat", "net", 223 KSTAT_TYPE_NAMED, sizeof (*esp_kstats) / sizeof (kstat_named_t), 224 KSTAT_FLAG_PERSISTENT); 225 226 if (esp_ksp == NULL) 227 return (B_FALSE); 228 229 esp_kstats = esp_ksp->ks_data; 230 231 esp_ksp->ks_update = esp_kstat_update; 232 233 #define K64 KSTAT_DATA_UINT64 234 #define KI(x) kstat_named_init(&(esp_kstats->esp_stat_##x), #x, K64) 235 236 KI(num_aalgs); 237 KI(num_ealgs); 238 KI(good_auth); 239 KI(bad_auth); 240 KI(bad_padding); 241 KI(replay_failures); 242 KI(replay_early_failures); 243 KI(keysock_in); 244 KI(out_requests); 245 KI(acquire_requests); 246 KI(bytes_expired); 247 KI(out_discards); 248 KI(in_accelerated); 249 KI(out_accelerated); 250 KI(noaccel); 251 KI(crypto_sync); 252 KI(crypto_async); 253 KI(crypto_failures); 254 KI(bad_decrypt); 255 256 #undef KI 257 #undef K64 258 259 kstat_install(esp_ksp); 260 261 return (B_TRUE); 262 } 263 264 static int 265 esp_kstat_update(kstat_t *kp, int rw) 266 { 267 esp_kstats_t *ekp; 268 269 if ((kp == NULL) || (kp->ks_data == NULL)) 270 return (EIO); 271 272 if (rw == KSTAT_WRITE) 273 return (EACCES); 274 275 ASSERT(kp == esp_ksp); 276 ekp = (esp_kstats_t *)kp->ks_data; 277 ASSERT(ekp == esp_kstats); 278 279 mutex_enter(&alg_lock); 280 ekp->esp_stat_num_aalgs.value.ui64 = ipsec_nalgs[IPSEC_ALG_AUTH]; 281 ekp->esp_stat_num_ealgs.value.ui64 = ipsec_nalgs[IPSEC_ALG_ENCR]; 282 mutex_exit(&alg_lock); 283 284 return (0); 285 } 286 287 #ifdef DEBUG 288 /* 289 * Debug routine, useful to see pre-encryption data. 290 */ 291 static char * 292 dump_msg(mblk_t *mp) 293 { 294 char tmp_str[3], tmp_line[256]; 295 296 while (mp != NULL) { 297 unsigned char *ptr; 298 299 printf("mblk address 0x%p, length %ld, db_ref %d " 300 "type %d, base 0x%p, lim 0x%p\n", 301 (void *) mp, (long)(mp->b_wptr - mp->b_rptr), 302 mp->b_datap->db_ref, mp->b_datap->db_type, 303 (void *)mp->b_datap->db_base, (void *)mp->b_datap->db_lim); 304 ptr = mp->b_rptr; 305 306 tmp_line[0] = '\0'; 307 while (ptr < mp->b_wptr) { 308 uint_t diff; 309 310 diff = (ptr - mp->b_rptr); 311 if (!(diff & 0x1f)) { 312 if (strlen(tmp_line) > 0) { 313 printf("bytes: %s\n", tmp_line); 314 tmp_line[0] = '\0'; 315 } 316 } 317 if (!(diff & 0x3)) 318 (void) strcat(tmp_line, " "); 319 (void) sprintf(tmp_str, "%02x", *ptr); 320 (void) strcat(tmp_line, tmp_str); 321 ptr++; 322 } 323 if (strlen(tmp_line) > 0) 324 printf("bytes: %s\n", tmp_line); 325 326 mp = mp->b_cont; 327 } 328 329 return ("\n"); 330 } 331 332 #else /* DEBUG */ 333 static char * 334 dump_msg(mblk_t *mp) 335 { 336 printf("Find value of mp %p.\n", mp); 337 return ("\n"); 338 } 339 #endif /* DEBUG */ 340 341 /* 342 * Don't have to lock age_interval, as only one thread will access it at 343 * a time, because I control the one function that does with timeout(). 344 */ 345 /* ARGSUSED */ 346 static void 347 esp_ager(void *ignoreme) 348 { 349 hrtime_t begin = gethrtime(); 350 351 sadb_ager(&esp_sadb.s_v4, esp_pfkey_q, esp_sadb.s_ip_q, 352 ipsecesp_reap_delay); 353 sadb_ager(&esp_sadb.s_v6, esp_pfkey_q, esp_sadb.s_ip_q, 354 ipsecesp_reap_delay); 355 356 esp_event = sadb_retimeout(begin, esp_pfkey_q, esp_ager, 357 &(ipsecesp_age_interval), ipsecesp_age_int_max, info.mi_idnum); 358 } 359 360 /* 361 * Get an ESP NDD parameter. 362 */ 363 /* ARGSUSED */ 364 static int 365 ipsecesp_param_get(q, mp, cp, cr) 366 queue_t *q; 367 mblk_t *mp; 368 caddr_t cp; 369 cred_t *cr; 370 { 371 ipsecespparam_t *ipsecesppa = (ipsecespparam_t *)cp; 372 uint_t value; 373 374 mutex_enter(&ipsecesp_param_lock); 375 value = ipsecesppa->ipsecesp_param_value; 376 mutex_exit(&ipsecesp_param_lock); 377 378 (void) mi_mpprintf(mp, "%u", value); 379 return (0); 380 } 381 382 /* 383 * This routine sets an NDD variable in a ipsecespparam_t structure. 384 */ 385 /* ARGSUSED */ 386 static int 387 ipsecesp_param_set(q, mp, value, cp, cr) 388 queue_t *q; 389 mblk_t *mp; 390 char *value; 391 caddr_t cp; 392 cred_t *cr; 393 { 394 ulong_t new_value; 395 ipsecespparam_t *ipsecesppa = (ipsecespparam_t *)cp; 396 397 /* 398 * Fail the request if the new value does not lie within the 399 * required bounds. 400 */ 401 if (ddi_strtoul(value, NULL, 10, &new_value) != 0 || 402 new_value < ipsecesppa->ipsecesp_param_min || 403 new_value > ipsecesppa->ipsecesp_param_max) { 404 return (EINVAL); 405 } 406 407 /* Set the new value */ 408 mutex_enter(&ipsecesp_param_lock); 409 ipsecesppa->ipsecesp_param_value = new_value; 410 mutex_exit(&ipsecesp_param_lock); 411 return (0); 412 } 413 414 /* 415 * Using lifetime NDD variables, fill in an extended combination's 416 * lifetime information. 417 */ 418 void 419 ipsecesp_fill_defs(sadb_x_ecomb_t *ecomb) 420 { 421 ecomb->sadb_x_ecomb_soft_bytes = ipsecesp_default_soft_bytes; 422 ecomb->sadb_x_ecomb_hard_bytes = ipsecesp_default_hard_bytes; 423 ecomb->sadb_x_ecomb_soft_addtime = ipsecesp_default_soft_addtime; 424 ecomb->sadb_x_ecomb_hard_addtime = ipsecesp_default_hard_addtime; 425 ecomb->sadb_x_ecomb_soft_usetime = ipsecesp_default_soft_usetime; 426 ecomb->sadb_x_ecomb_hard_usetime = ipsecesp_default_hard_usetime; 427 } 428 429 /* 430 * Initialize things for ESP at module load time. 431 */ 432 boolean_t 433 ipsecesp_ddi_init(void) 434 { 435 int count; 436 ipsecespparam_t *espp = ipsecesp_param_arr; 437 438 for (count = A_CNT(ipsecesp_param_arr); count-- > 0; espp++) { 439 if (espp->ipsecesp_param_name != NULL && 440 espp->ipsecesp_param_name[0]) { 441 if (!nd_load(&ipsecesp_g_nd, espp->ipsecesp_param_name, 442 ipsecesp_param_get, ipsecesp_param_set, 443 (caddr_t)espp)) { 444 nd_free(&ipsecesp_g_nd); 445 return (B_FALSE); 446 } 447 } 448 } 449 450 if (!esp_kstat_init()) { 451 nd_free(&ipsecesp_g_nd); 452 return (B_FALSE); 453 } 454 455 esp_sadb.s_acquire_timeout = &ipsecesp_acquire_timeout; 456 esp_sadb.s_acqfn = esp_send_acquire; 457 sadbp_init(&esp_sadb, SADB_SATYPE_ESP); 458 459 esp_taskq = taskq_create("esp_taskq", 1, minclsyspri, 460 IPSEC_TASKQ_MIN, IPSEC_TASKQ_MAX, 0); 461 462 mutex_init(&ipsecesp_param_lock, NULL, MUTEX_DEFAULT, 0); 463 464 ip_drop_register(&esp_dropper, "IPsec ESP"); 465 466 return (B_TRUE); 467 } 468 469 /* 470 * Destroy things for ESP at module unload time. 471 */ 472 void 473 ipsecesp_ddi_destroy(void) 474 { 475 esp1dbg(("In ipsecesp_ddi_destroy.\n")); 476 477 sadbp_destroy(&esp_sadb); 478 ip_drop_unregister(&esp_dropper); 479 taskq_destroy(esp_taskq); 480 mutex_destroy(&ipsecesp_param_lock); 481 nd_free(&ipsecesp_g_nd); 482 kstat_delete(esp_ksp); 483 } 484 485 /* 486 * ESP module open routine. 487 */ 488 /* ARGSUSED */ 489 static int 490 ipsecesp_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp) 491 { 492 if (secpolicy_net_config(credp, B_FALSE) != 0) { 493 esp1dbg(("Non-privileged user trying to open ipsecesp.\n")); 494 return (EPERM); 495 } 496 497 if (q->q_ptr != NULL) 498 return (0); /* Re-open of an already open instance. */ 499 500 if (sflag != MODOPEN) 501 return (EINVAL); 502 503 /* 504 * ASSUMPTIONS (because I'm MT_OCEXCL): 505 * 506 * * I'm being pushed on top of IP for all my opens (incl. #1). 507 * * Only ipsecesp_open() can write into esp_sadb.s_ip_q. 508 * * Because of this, I can check lazily for esp_sadb.s_ip_q. 509 * 510 * If these assumptions are wrong, I'm in BIG trouble... 511 */ 512 513 q->q_ptr = q; /* just so I know I'm open */ 514 515 if (esp_sadb.s_ip_q == NULL) { 516 struct T_unbind_req *tur; 517 518 esp_sadb.s_ip_q = WR(q); 519 /* Allocate an unbind... */ 520 esp_ip_unbind = allocb(sizeof (struct T_unbind_req), BPRI_HI); 521 522 /* 523 * Send down T_BIND_REQ to bind IPPROTO_ESP. 524 * Handle the ACK here in ESP. 525 */ 526 qprocson(q); 527 if (esp_ip_unbind == NULL || 528 !sadb_t_bind_req(esp_sadb.s_ip_q, IPPROTO_ESP)) { 529 if (esp_ip_unbind != NULL) { 530 freeb(esp_ip_unbind); 531 esp_ip_unbind = NULL; 532 } 533 q->q_ptr = NULL; 534 return (ENOMEM); 535 } 536 537 esp_ip_unbind->b_datap->db_type = M_PROTO; 538 tur = (struct T_unbind_req *)esp_ip_unbind->b_rptr; 539 tur->PRIM_type = T_UNBIND_REQ; 540 } else { 541 qprocson(q); 542 } 543 544 /* 545 * For now, there's not much I can do. I'll be getting a message 546 * passed down to me from keysock (in my wput), and a T_BIND_ACK 547 * up from IP (in my rput). 548 */ 549 550 return (0); 551 } 552 553 /* 554 * ESP module close routine. 555 */ 556 static int 557 ipsecesp_close(queue_t *q) 558 { 559 /* 560 * If esp_sadb.s_ip_q is attached to this instance, send a 561 * T_UNBIND_REQ to IP for the instance before doing 562 * a qprocsoff(). 563 */ 564 if (WR(q) == esp_sadb.s_ip_q && esp_ip_unbind != NULL) { 565 putnext(WR(q), esp_ip_unbind); 566 esp_ip_unbind = NULL; 567 } 568 569 /* 570 * Clean up q_ptr, if needed. 571 */ 572 qprocsoff(q); 573 574 /* Keysock queue check is safe, because of OCEXCL perimeter. */ 575 576 if (q == esp_pfkey_q) { 577 esp0dbg(("ipsecesp_close: Ummm... keysock is closing ESP.\n")); 578 esp_pfkey_q = NULL; 579 /* Detach qtimeouts. */ 580 (void) quntimeout(q, esp_event); 581 } 582 583 if (WR(q) == esp_sadb.s_ip_q) { 584 /* 585 * If the esp_sadb.s_ip_q is attached to this instance, find 586 * another. The OCEXCL outer perimeter helps us here. 587 */ 588 esp_sadb.s_ip_q = NULL; 589 590 /* 591 * Find a replacement queue for esp_sadb.s_ip_q. 592 */ 593 if (esp_pfkey_q != NULL && esp_pfkey_q != RD(q)) { 594 /* 595 * See if we can use the pfkey_q. 596 */ 597 esp_sadb.s_ip_q = WR(esp_pfkey_q); 598 } 599 600 if (esp_sadb.s_ip_q == NULL || 601 !sadb_t_bind_req(esp_sadb.s_ip_q, IPPROTO_ESP)) { 602 esp1dbg(("ipsecesp: Can't reassign ip_q.\n")); 603 esp_sadb.s_ip_q = NULL; 604 } else { 605 esp_ip_unbind = allocb(sizeof (struct T_unbind_req), 606 BPRI_HI); 607 608 if (esp_ip_unbind != NULL) { 609 struct T_unbind_req *tur; 610 611 esp_ip_unbind->b_datap->db_type = M_PROTO; 612 tur = (struct T_unbind_req *) 613 esp_ip_unbind->b_rptr; 614 tur->PRIM_type = T_UNBIND_REQ; 615 } 616 /* If it's NULL, I can't do much here. */ 617 } 618 } 619 620 return (0); 621 } 622 623 /* 624 * Add a number of bytes to what the SA has protected so far. Return 625 * B_TRUE if the SA can still protect that many bytes. 626 * 627 * Caller must REFRELE the passed-in assoc. This function must REFRELE 628 * any obtained peer SA. 629 */ 630 static boolean_t 631 esp_age_bytes(ipsa_t *assoc, uint64_t bytes, boolean_t inbound) 632 { 633 ipsa_t *inassoc, *outassoc; 634 isaf_t *bucket; 635 boolean_t inrc, outrc, isv6; 636 sadb_t *sp; 637 int outhash; 638 639 /* No peer? No problem! */ 640 if (!assoc->ipsa_haspeer) { 641 return (sadb_age_bytes(esp_pfkey_q, assoc, bytes, 642 B_TRUE)); 643 } 644 645 /* 646 * Otherwise, we want to grab both the original assoc and its peer. 647 * There might be a race for this, but if it's a real race, two 648 * expire messages may occur. We limit this by only sending the 649 * expire message on one of the peers, we'll pick the inbound 650 * arbitrarily. 651 * 652 * If we need tight synchronization on the peer SA, then we need to 653 * reconsider. 654 */ 655 656 /* Use address length to select IPv6/IPv4 */ 657 isv6 = (assoc->ipsa_addrfam == AF_INET6); 658 sp = isv6 ? &esp_sadb.s_v6 : &esp_sadb.s_v4; 659 660 if (inbound) { 661 inassoc = assoc; 662 if (isv6) { 663 outhash = OUTBOUND_HASH_V6(*((in6_addr_t *) 664 &inassoc->ipsa_dstaddr)); 665 } else { 666 outhash = OUTBOUND_HASH_V4(*((ipaddr_t *) 667 &inassoc->ipsa_dstaddr)); 668 } 669 bucket = &sp->sdb_of[outhash]; 670 mutex_enter(&bucket->isaf_lock); 671 outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi, 672 inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr, 673 inassoc->ipsa_addrfam); 674 mutex_exit(&bucket->isaf_lock); 675 if (outassoc == NULL) { 676 /* Q: Do we wish to set haspeer == B_FALSE? */ 677 esp0dbg(("esp_age_bytes: " 678 "can't find peer for inbound.\n")); 679 return (sadb_age_bytes(esp_pfkey_q, inassoc, 680 bytes, B_TRUE)); 681 } 682 } else { 683 outassoc = assoc; 684 bucket = &sp->sdb_if[INBOUND_HASH(outassoc->ipsa_spi)]; 685 mutex_enter(&bucket->isaf_lock); 686 inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi, 687 outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr, 688 outassoc->ipsa_addrfam); 689 mutex_exit(&bucket->isaf_lock); 690 if (inassoc == NULL) { 691 /* Q: Do we wish to set haspeer == B_FALSE? */ 692 esp0dbg(("esp_age_bytes: " 693 "can't find peer for outbound.\n")); 694 return (sadb_age_bytes(esp_pfkey_q, outassoc, 695 bytes, B_TRUE)); 696 } 697 } 698 699 inrc = sadb_age_bytes(esp_pfkey_q, inassoc, bytes, B_TRUE); 700 outrc = sadb_age_bytes(esp_pfkey_q, outassoc, bytes, B_FALSE); 701 702 /* 703 * REFRELE any peer SA. 704 * 705 * Because of the multi-line macro nature of IPSA_REFRELE, keep 706 * them in { }. 707 */ 708 if (inbound) { 709 IPSA_REFRELE(outassoc); 710 } else { 711 IPSA_REFRELE(inassoc); 712 } 713 714 return (inrc && outrc); 715 } 716 717 /* 718 * Do incoming NAT-T manipulations for packet. 719 */ 720 static ipsec_status_t 721 esp_fix_natt_checksums(mblk_t *data_mp, ipsa_t *assoc) 722 { 723 ipha_t *ipha = (ipha_t *)data_mp->b_rptr; 724 tcpha_t *tcph; 725 udpha_t *udpha; 726 /* Initialize to our inbound cksum adjustment... */ 727 uint32_t sum = assoc->ipsa_inbound_cksum; 728 729 switch (ipha->ipha_protocol) { 730 case IPPROTO_TCP: 731 tcph = (tcpha_t *)(data_mp->b_rptr + 732 IPH_HDR_LENGTH(ipha)); 733 734 #define DOWN_SUM(x) (x) = ((x) & 0xFFFF) + ((x) >> 16) 735 sum += ~ntohs(tcph->tha_sum) & 0xFFFF; 736 DOWN_SUM(sum); 737 DOWN_SUM(sum); 738 tcph->tha_sum = ~htons(sum); 739 break; 740 case IPPROTO_UDP: 741 udpha = (udpha_t *)(data_mp->b_rptr + IPH_HDR_LENGTH(ipha)); 742 743 if (udpha->uha_checksum != 0) { 744 /* Adujst if the inbound one was not zero. */ 745 sum += ~ntohs(udpha->uha_checksum) & 0xFFFF; 746 DOWN_SUM(sum); 747 DOWN_SUM(sum); 748 udpha->uha_checksum = ~htons(sum); 749 if (udpha->uha_checksum == 0) 750 udpha->uha_checksum = 0xFFFF; 751 } 752 #undef DOWN_SUM 753 break; 754 case IPPROTO_IP: 755 /* 756 * This case is only an issue for self-encapsulated 757 * packets. So for now, fall through. 758 */ 759 break; 760 } 761 return (IPSEC_STATUS_SUCCESS); 762 } 763 764 765 /* 766 * Strip ESP header and fix IP header 767 * Returns B_TRUE on success, B_FALSE if an error occured. 768 */ 769 static boolean_t 770 esp_strip_header(mblk_t *data_mp, boolean_t isv4, uint32_t ivlen, 771 kstat_named_t **counter) 772 { 773 ipha_t *ipha; 774 ip6_t *ip6h; 775 uint_t divpoint; 776 mblk_t *scratch; 777 uint8_t nexthdr, padlen; 778 uint8_t lastpad; 779 780 /* 781 * Strip ESP data and fix IP header. 782 * 783 * XXX In case the beginning of esp_inbound() changes to not do a 784 * pullup, this part of the code can remain unchanged. 785 */ 786 if (isv4) { 787 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (ipha_t)); 788 ipha = (ipha_t *)data_mp->b_rptr; 789 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (esph_t) + 790 IPH_HDR_LENGTH(ipha)); 791 divpoint = IPH_HDR_LENGTH(ipha); 792 } else { 793 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (ip6_t)); 794 ip6h = (ip6_t *)data_mp->b_rptr; 795 divpoint = ip_hdr_length_v6(data_mp, ip6h); 796 } 797 798 scratch = data_mp; 799 while (scratch->b_cont != NULL) 800 scratch = scratch->b_cont; 801 802 ASSERT((scratch->b_wptr - scratch->b_rptr) >= 3); 803 804 /* 805 * "Next header" and padding length are the last two bytes in the 806 * ESP-protected datagram, thus the explicit - 1 and - 2. 807 * lastpad is the last byte of the padding, which can be used for 808 * a quick check to see if the padding is correct. 809 */ 810 nexthdr = *(scratch->b_wptr - 1); 811 padlen = *(scratch->b_wptr - 2); 812 lastpad = *(scratch->b_wptr - 3); 813 814 if (isv4) { 815 /* Fix part of the IP header. */ 816 ipha->ipha_protocol = nexthdr; 817 /* 818 * Reality check the padlen. The explicit - 2 is for the 819 * padding length and the next-header bytes. 820 */ 821 if (padlen >= ntohs(ipha->ipha_length) - sizeof (ipha_t) - 2 - 822 sizeof (esph_t) - ivlen) { 823 ESP_BUMP_STAT(bad_decrypt); 824 ipsec_rl_strlog(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 825 "Possibly corrupt ESP packet."); 826 esp1dbg(("padlen (%d) is greater than:\n", padlen)); 827 esp1dbg(("pkt len(%d) - ip hdr - esp hdr - ivlen(%d) " 828 "= %d.\n", ntohs(ipha->ipha_length), ivlen, 829 (int)(ntohs(ipha->ipha_length) - sizeof (ipha_t) - 830 2 - sizeof (esph_t) - ivlen))); 831 *counter = &ipdrops_esp_bad_padlen; 832 return (B_FALSE); 833 } 834 835 /* 836 * Fix the rest of the header. The explicit - 2 is for the 837 * padding length and the next-header bytes. 838 */ 839 ipha->ipha_length = htons(ntohs(ipha->ipha_length) - padlen - 840 2 - sizeof (esph_t) - ivlen); 841 ipha->ipha_hdr_checksum = 0; 842 ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha); 843 } else { 844 if (ip6h->ip6_nxt == IPPROTO_ESP) { 845 ip6h->ip6_nxt = nexthdr; 846 } else { 847 ip6_pkt_t ipp; 848 849 bzero(&ipp, sizeof (ipp)); 850 (void) ip_find_hdr_v6(data_mp, ip6h, &ipp, NULL); 851 if (ipp.ipp_dstopts != NULL) { 852 ipp.ipp_dstopts->ip6d_nxt = nexthdr; 853 } else if (ipp.ipp_rthdr != NULL) { 854 ipp.ipp_rthdr->ip6r_nxt = nexthdr; 855 } else if (ipp.ipp_hopopts != NULL) { 856 ipp.ipp_hopopts->ip6h_nxt = nexthdr; 857 } else { 858 /* Panic a DEBUG kernel. */ 859 ASSERT(ipp.ipp_hopopts != NULL); 860 /* Otherwise, pretend it's IP + ESP. */ 861 cmn_err(CE_WARN, "ESP IPv6 headers wrong.\n"); 862 ip6h->ip6_nxt = nexthdr; 863 } 864 } 865 866 if (padlen >= ntohs(ip6h->ip6_plen) - 2 - sizeof (esph_t) - 867 ivlen) { 868 ESP_BUMP_STAT(bad_decrypt); 869 ipsec_rl_strlog(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 870 "Possibly corrupt ESP packet."); 871 esp1dbg(("padlen (%d) is greater than:\n", padlen)); 872 esp1dbg(("pkt len(%u) - ip hdr - esp hdr - ivlen(%d)" 873 " = %u.\n", (unsigned)(ntohs(ip6h->ip6_plen) 874 + sizeof (ip6_t)), ivlen, 875 (unsigned)(ntohs(ip6h->ip6_plen) - 2 - 876 sizeof (esph_t) - ivlen))); 877 *counter = &ipdrops_esp_bad_padlen; 878 return (B_FALSE); 879 } 880 881 882 /* 883 * Fix the rest of the header. The explicit - 2 is for the 884 * padding length and the next-header bytes. IPv6 is nice, 885 * because there's no hdr checksum! 886 */ 887 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - padlen - 888 2 - sizeof (esph_t) - ivlen); 889 } 890 891 if (ipsecesp_padding_check > 0 && 892 padlen != lastpad && padlen != 0) { 893 ipsec_rl_strlog(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 894 "Possibly corrupt ESP packet."); 895 esp1dbg(("lastpad (%d) not equal to padlen (%d):\n", 896 lastpad, padlen)); 897 ESP_BUMP_STAT(bad_padding); 898 *counter = &ipdrops_esp_bad_padding; 899 return (B_FALSE); 900 } 901 902 if (ipsecesp_padding_check > 1) { 903 uint8_t *last = (uint8_t *)(scratch->b_wptr - 3); 904 uint8_t lastval = *last; 905 906 /* 907 * this assert may have to become an if 908 * and a pullup if we start accepting 909 * multi-dblk mblks. Any packet here will 910 * have been pulled up in esp_inbound. 911 */ 912 ASSERT(MBLKL(scratch) >= lastval + 3); 913 914 while (lastval != 0) { 915 if (lastval != *last) { 916 ipsec_rl_strlog(info.mi_idnum, 0, 0, 917 SL_ERROR | SL_WARN, 918 "Possibly corrupt ESP packet."); 919 esp1dbg(("padding not in correct" 920 " format:\n")); 921 ESP_BUMP_STAT(bad_padding); 922 *counter = &ipdrops_esp_bad_padding; 923 return (B_FALSE); 924 } 925 lastval--; last--; 926 } 927 } 928 929 /* Trim off the padding. */ 930 ASSERT(data_mp->b_cont == NULL); 931 data_mp->b_wptr -= (padlen + 2); 932 933 /* 934 * Remove the ESP header. 935 * 936 * The above assertions about data_mp's size will make this work. 937 * 938 * XXX Question: If I send up and get back a contiguous mblk, 939 * would it be quicker to bcopy over, or keep doing the dupb stuff? 940 * I go with copying for now. 941 */ 942 943 if (IS_P2ALIGNED(data_mp->b_rptr, sizeof (uint32_t)) && 944 IS_P2ALIGNED(ivlen, sizeof (uint32_t))) { 945 uint8_t *start = data_mp->b_rptr; 946 uint32_t *src, *dst; 947 948 src = (uint32_t *)(start + divpoint); 949 dst = (uint32_t *)(start + divpoint + sizeof (esph_t) + ivlen); 950 951 ASSERT(IS_P2ALIGNED(dst, sizeof (uint32_t)) && 952 IS_P2ALIGNED(src, sizeof (uint32_t))); 953 954 do { 955 src--; 956 dst--; 957 *dst = *src; 958 } while (src != (uint32_t *)start); 959 960 data_mp->b_rptr = (uchar_t *)dst; 961 } else { 962 uint8_t *start = data_mp->b_rptr; 963 uint8_t *src, *dst; 964 965 src = start + divpoint; 966 dst = src + sizeof (esph_t) + ivlen; 967 968 do { 969 src--; 970 dst--; 971 *dst = *src; 972 } while (src != start); 973 974 data_mp->b_rptr = dst; 975 } 976 977 esp2dbg(("data_mp after inbound ESP adjustment:\n")); 978 esp2dbg((dump_msg(data_mp))); 979 980 return (B_TRUE); 981 } 982 983 /* 984 * Updating use times can be tricky business if the ipsa_haspeer flag is 985 * set. This function is called once in an SA's lifetime. 986 * 987 * Caller has to REFRELE "assoc" which is passed in. This function has 988 * to REFRELE any peer SA that is obtained. 989 */ 990 static void 991 esp_set_usetime(ipsa_t *assoc, boolean_t inbound) 992 { 993 ipsa_t *inassoc, *outassoc; 994 isaf_t *bucket; 995 sadb_t *sp; 996 int outhash; 997 boolean_t isv6; 998 999 /* No peer? No problem! */ 1000 if (!assoc->ipsa_haspeer) { 1001 sadb_set_usetime(assoc); 1002 return; 1003 } 1004 1005 /* 1006 * Otherwise, we want to grab both the original assoc and its peer. 1007 * There might be a race for this, but if it's a real race, the times 1008 * will be out-of-synch by at most a second, and since our time 1009 * granularity is a second, this won't be a problem. 1010 * 1011 * If we need tight synchronization on the peer SA, then we need to 1012 * reconsider. 1013 */ 1014 1015 /* Use address length to select IPv6/IPv4 */ 1016 isv6 = (assoc->ipsa_addrfam == AF_INET6); 1017 sp = isv6 ? &esp_sadb.s_v6 : &esp_sadb.s_v4; 1018 1019 if (inbound) { 1020 inassoc = assoc; 1021 if (isv6) { 1022 outhash = OUTBOUND_HASH_V6(*((in6_addr_t *) 1023 &inassoc->ipsa_dstaddr)); 1024 } else { 1025 outhash = OUTBOUND_HASH_V4(*((ipaddr_t *) 1026 &inassoc->ipsa_dstaddr)); 1027 } 1028 bucket = &sp->sdb_of[outhash]; 1029 mutex_enter(&bucket->isaf_lock); 1030 outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi, 1031 inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr, 1032 inassoc->ipsa_addrfam); 1033 mutex_exit(&bucket->isaf_lock); 1034 if (outassoc == NULL) { 1035 /* Q: Do we wish to set haspeer == B_FALSE? */ 1036 esp0dbg(("esp_set_usetime: " 1037 "can't find peer for inbound.\n")); 1038 sadb_set_usetime(inassoc); 1039 return; 1040 } 1041 } else { 1042 outassoc = assoc; 1043 bucket = &sp->sdb_if[INBOUND_HASH(outassoc->ipsa_spi)]; 1044 mutex_enter(&bucket->isaf_lock); 1045 inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi, 1046 outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr, 1047 outassoc->ipsa_addrfam); 1048 mutex_exit(&bucket->isaf_lock); 1049 if (inassoc == NULL) { 1050 /* Q: Do we wish to set haspeer == B_FALSE? */ 1051 esp0dbg(("esp_set_usetime: " 1052 "can't find peer for outbound.\n")); 1053 sadb_set_usetime(outassoc); 1054 return; 1055 } 1056 } 1057 1058 /* Update usetime on both. */ 1059 sadb_set_usetime(inassoc); 1060 sadb_set_usetime(outassoc); 1061 1062 /* 1063 * REFRELE any peer SA. 1064 * 1065 * Because of the multi-line macro nature of IPSA_REFRELE, keep 1066 * them in { }. 1067 */ 1068 if (inbound) { 1069 IPSA_REFRELE(outassoc); 1070 } else { 1071 IPSA_REFRELE(inassoc); 1072 } 1073 } 1074 1075 /* 1076 * Handle ESP inbound data for IPv4 and IPv6. 1077 * On success returns B_TRUE, on failure returns B_FALSE and frees the 1078 * mblk chain ipsec_in_mp. 1079 */ 1080 ipsec_status_t 1081 esp_inbound(mblk_t *ipsec_in_mp, void *arg) 1082 { 1083 mblk_t *data_mp = ipsec_in_mp->b_cont; 1084 ipsec_in_t *ii = (ipsec_in_t *)ipsec_in_mp->b_rptr; 1085 esph_t *esph = (esph_t *)arg; 1086 ipsa_t *ipsa = ii->ipsec_in_esp_sa; 1087 1088 if (ipsa->ipsa_usetime == 0) 1089 esp_set_usetime(ipsa, B_TRUE); 1090 1091 /* 1092 * We may wish to check replay in-range-only here as an optimization. 1093 * Include the reality check of ipsa->ipsa_replay > 1094 * ipsa->ipsa_replay_wsize for times when it's the first N packets, 1095 * where N == ipsa->ipsa_replay_wsize. 1096 * 1097 * Another check that may come here later is the "collision" check. 1098 * If legitimate packets flow quickly enough, this won't be a problem, 1099 * but collisions may cause authentication algorithm crunching to 1100 * take place when it doesn't need to. 1101 */ 1102 if (!sadb_replay_peek(ipsa, esph->esph_replay)) { 1103 ESP_BUMP_STAT(replay_early_failures); 1104 IP_ESP_BUMP_STAT(in_discards); 1105 /* 1106 * TODO: Extract inbound interface from the IPSEC_IN 1107 * message's ii->ipsec_in_rill_index. 1108 */ 1109 ip_drop_packet(ipsec_in_mp, B_TRUE, NULL, NULL, 1110 &ipdrops_esp_early_replay, &esp_dropper); 1111 return (IPSEC_STATUS_FAILED); 1112 } 1113 1114 /* 1115 * Has this packet already been processed by a hardware 1116 * IPsec accelerator? 1117 */ 1118 if (ii->ipsec_in_accelerated) { 1119 ipsec_status_t rv; 1120 esp3dbg(("esp_inbound: pkt processed by ill=%d isv6=%d\n", 1121 ii->ipsec_in_ill_index, !ii->ipsec_in_v4)); 1122 rv = esp_inbound_accelerated(ipsec_in_mp, 1123 data_mp, ii->ipsec_in_v4, ipsa); 1124 return (rv); 1125 } 1126 ESP_BUMP_STAT(noaccel); 1127 1128 /* 1129 * Adjust the IP header's payload length to reflect the removal 1130 * of the ICV. 1131 */ 1132 if (!ii->ipsec_in_v4) { 1133 ip6_t *ip6h = (ip6_t *)data_mp->b_rptr; 1134 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - 1135 ipsa->ipsa_mac_len); 1136 } else { 1137 ipha_t *ipha = (ipha_t *)data_mp->b_rptr; 1138 ipha->ipha_length = htons(ntohs(ipha->ipha_length) - 1139 ipsa->ipsa_mac_len); 1140 } 1141 1142 /* submit the request to the crypto framework */ 1143 return (esp_submit_req_inbound(ipsec_in_mp, ipsa, 1144 (uint8_t *)esph - data_mp->b_rptr)); 1145 } 1146 1147 /* 1148 * Perform the really difficult work of inserting the proposed situation. 1149 * Called while holding the algorithm lock. 1150 */ 1151 static void 1152 esp_insert_prop(sadb_prop_t *prop, ipsacq_t *acqrec, uint_t combs) 1153 { 1154 sadb_comb_t *comb = (sadb_comb_t *)(prop + 1); 1155 ipsec_out_t *io; 1156 ipsec_action_t *ap; 1157 ipsec_prot_t *prot; 1158 1159 ASSERT(MUTEX_HELD(&alg_lock)); 1160 io = (ipsec_out_t *)acqrec->ipsacq_mp->b_rptr; 1161 ASSERT(io->ipsec_out_type == IPSEC_OUT); 1162 1163 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 1164 prop->sadb_prop_len = SADB_8TO64(sizeof (sadb_prop_t)); 1165 *(uint32_t *)(&prop->sadb_prop_replay) = 0; /* Quick zero-out! */ 1166 1167 prop->sadb_prop_replay = ipsecesp_replay_size; 1168 1169 /* 1170 * Based upon algorithm properties, and what-not, prioritize 1171 * a proposal. If the IPSEC_OUT message has an algorithm specified, 1172 * use it first and foremost. 1173 * 1174 * For each action in policy list 1175 * Add combination. If I've hit limit, return. 1176 */ 1177 1178 for (ap = acqrec->ipsacq_act; ap != NULL; 1179 ap = ap->ipa_next) { 1180 ipsec_alginfo_t *ealg = NULL; 1181 ipsec_alginfo_t *aalg = NULL; 1182 1183 if (ap->ipa_act.ipa_type != IPSEC_POLICY_APPLY) 1184 continue; 1185 1186 prot = &ap->ipa_act.ipa_apply; 1187 1188 if (!(prot->ipp_use_esp)) 1189 continue; 1190 1191 if (prot->ipp_esp_auth_alg != 0) { 1192 aalg = ipsec_alglists[IPSEC_ALG_AUTH] 1193 [prot->ipp_esp_auth_alg]; 1194 if (aalg == NULL || !ALG_VALID(aalg)) 1195 continue; 1196 } 1197 1198 ASSERT(prot->ipp_encr_alg > 0); 1199 ealg = ipsec_alglists[IPSEC_ALG_ENCR][prot->ipp_encr_alg]; 1200 if (ealg == NULL || !ALG_VALID(ealg)) 1201 continue; 1202 1203 comb->sadb_comb_flags = 0; 1204 comb->sadb_comb_reserved = 0; 1205 comb->sadb_comb_encrypt = ealg->alg_id; 1206 comb->sadb_comb_encrypt_minbits = prot->ipp_espe_minbits; 1207 comb->sadb_comb_encrypt_maxbits = prot->ipp_espe_maxbits; 1208 if (aalg == NULL) { 1209 comb->sadb_comb_auth = 0; 1210 comb->sadb_comb_auth_minbits = 0; 1211 comb->sadb_comb_auth_maxbits = 0; 1212 } else { 1213 comb->sadb_comb_auth = aalg->alg_id; 1214 comb->sadb_comb_auth_minbits = prot->ipp_espa_minbits; 1215 comb->sadb_comb_auth_maxbits = prot->ipp_espa_maxbits; 1216 } 1217 1218 /* 1219 * The following may be based on algorithm 1220 * properties, but in the meantime, we just pick 1221 * some good, sensible numbers. Key mgmt. can 1222 * (and perhaps should) be the place to finalize 1223 * such decisions. 1224 */ 1225 1226 /* 1227 * No limits on allocations, since we really don't 1228 * support that concept currently. 1229 */ 1230 comb->sadb_comb_soft_allocations = 0; 1231 comb->sadb_comb_hard_allocations = 0; 1232 1233 /* 1234 * These may want to come from policy rule.. 1235 */ 1236 comb->sadb_comb_soft_bytes = ipsecesp_default_soft_bytes; 1237 comb->sadb_comb_hard_bytes = ipsecesp_default_hard_bytes; 1238 comb->sadb_comb_soft_addtime = ipsecesp_default_soft_addtime; 1239 comb->sadb_comb_hard_addtime = ipsecesp_default_hard_addtime; 1240 comb->sadb_comb_soft_usetime = ipsecesp_default_soft_usetime; 1241 comb->sadb_comb_hard_usetime = ipsecesp_default_hard_usetime; 1242 1243 prop->sadb_prop_len += SADB_8TO64(sizeof (*comb)); 1244 if (--combs == 0) 1245 break; /* out of space.. */ 1246 comb++; 1247 } 1248 } 1249 1250 /* 1251 * Prepare and actually send the SADB_ACQUIRE message to PF_KEY. 1252 */ 1253 static void 1254 esp_send_acquire(ipsacq_t *acqrec, mblk_t *extended) 1255 { 1256 mblk_t *pfkeymp, *msgmp; 1257 uint_t allocsize, combs; 1258 sadb_msg_t *samsg; 1259 sadb_prop_t *prop; 1260 uint8_t *cur, *end; 1261 1262 ESP_BUMP_STAT(acquire_requests); 1263 1264 ASSERT(MUTEX_HELD(&acqrec->ipsacq_lock)); 1265 1266 pfkeymp = sadb_keysock_out(0); 1267 if (pfkeymp == NULL) { 1268 esp0dbg(("esp_send_acquire: 1st allocb() failed.\n")); 1269 /* Just bail. */ 1270 goto done; 1271 } 1272 1273 /* 1274 * First, allocate a basic ACQUIRE message. Beyond that, 1275 * you need to extract certificate info from 1276 */ 1277 allocsize = sizeof (sadb_msg_t) + sizeof (sadb_address_t) + 1278 sizeof (sadb_address_t) + sizeof (sadb_prop_t); 1279 1280 switch (acqrec->ipsacq_addrfam) { 1281 case AF_INET: 1282 allocsize += 2 * sizeof (struct sockaddr_in); 1283 break; 1284 case AF_INET6: 1285 allocsize += 2 * sizeof (struct sockaddr_in6); 1286 break; 1287 } 1288 1289 mutex_enter(&alg_lock); 1290 1291 combs = ipsec_nalgs[IPSEC_ALG_AUTH] * ipsec_nalgs[IPSEC_ALG_ENCR]; 1292 1293 allocsize += combs * sizeof (sadb_comb_t); 1294 1295 /* 1296 * XXX If there are: 1297 * certificate IDs 1298 * proxy address 1299 * <Others> 1300 * add additional allocation size. 1301 */ 1302 1303 msgmp = allocb(allocsize, BPRI_HI); 1304 if (msgmp == NULL) { 1305 esp0dbg(("esp_send_acquire: 2nd allocb() failed.\n")); 1306 /* Just bail. */ 1307 freemsg(pfkeymp); 1308 pfkeymp = NULL; 1309 goto done; 1310 } 1311 1312 cur = msgmp->b_rptr; 1313 end = cur + allocsize; 1314 samsg = (sadb_msg_t *)cur; 1315 pfkeymp->b_cont = msgmp; 1316 1317 /* Set up ACQUIRE. */ 1318 cur = sadb_setup_acquire(cur, end, acqrec); 1319 if (cur == NULL) { 1320 esp0dbg(("sadb_setup_acquire failed.\n")); 1321 /* Just bail. */ 1322 freemsg(pfkeymp); 1323 pfkeymp = NULL; 1324 goto done; 1325 } 1326 samsg->sadb_msg_satype = SADB_SATYPE_ESP; 1327 1328 /* XXX Insert proxy address information here. */ 1329 1330 /* XXX Insert identity information here. */ 1331 1332 /* XXXMLS Insert sensitivity information here. */ 1333 1334 /* Insert proposal here. */ 1335 1336 prop = (sadb_prop_t *)(((uint64_t *)samsg) + samsg->sadb_msg_len); 1337 esp_insert_prop(prop, acqrec, combs); 1338 samsg->sadb_msg_len += prop->sadb_prop_len; 1339 msgmp->b_wptr += SADB_64TO8(samsg->sadb_msg_len); 1340 1341 done: 1342 mutex_exit(&alg_lock); 1343 1344 /* 1345 * Must mutex_exit() before sending PF_KEY message up, in 1346 * order to avoid recursive mutex_enter() if there are no registered 1347 * listeners. 1348 * 1349 * Once I've sent the message, I'm cool anyway. 1350 */ 1351 mutex_exit(&acqrec->ipsacq_lock); 1352 if (esp_pfkey_q != NULL && pfkeymp != NULL) { 1353 if (extended != NULL) { 1354 putnext(esp_pfkey_q, extended); 1355 } 1356 putnext(esp_pfkey_q, pfkeymp); 1357 return; 1358 } 1359 /* XXX freemsg() works for extended == NULL. */ 1360 freemsg(extended); 1361 freemsg(pfkeymp); 1362 } 1363 1364 /* 1365 * Handle the SADB_GETSPI message. Create a larval SA. 1366 */ 1367 static void 1368 esp_getspi(mblk_t *mp, keysock_in_t *ksi) 1369 { 1370 ipsa_t *newbie, *target; 1371 isaf_t *outbound, *inbound; 1372 int rc, diagnostic; 1373 sadb_sa_t *assoc; 1374 keysock_out_t *kso; 1375 uint32_t newspi; 1376 1377 /* 1378 * Randomly generate a proposed SPI value 1379 */ 1380 (void) random_get_pseudo_bytes((uint8_t *)&newspi, sizeof (uint32_t)); 1381 newbie = sadb_getspi(ksi, newspi, &diagnostic); 1382 1383 if (newbie == NULL) { 1384 sadb_pfkey_error(esp_pfkey_q, mp, ENOMEM, diagnostic, 1385 ksi->ks_in_serial); 1386 return; 1387 } else if (newbie == (ipsa_t *)-1) { 1388 sadb_pfkey_error(esp_pfkey_q, mp, EINVAL, diagnostic, 1389 ksi->ks_in_serial); 1390 return; 1391 } 1392 1393 /* 1394 * XXX - We may randomly collide. We really should recover from this. 1395 * Unfortunately, that could require spending way-too-much-time 1396 * in here. For now, let the user retry. 1397 */ 1398 1399 if (newbie->ipsa_addrfam == AF_INET6) { 1400 outbound = &esp_sadb.s_v6.sdb_of[ 1401 OUTBOUND_HASH_V6(*(uint32_t *)(newbie->ipsa_dstaddr))]; 1402 inbound = &esp_sadb.s_v6.sdb_if[INBOUND_HASH(newbie->ipsa_spi)]; 1403 } else { 1404 ASSERT(newbie->ipsa_addrfam == AF_INET); 1405 outbound = &esp_sadb.s_v4.sdb_of[ 1406 OUTBOUND_HASH_V4(*(uint32_t *)(newbie->ipsa_dstaddr))]; 1407 inbound = &esp_sadb.s_v4.sdb_if[INBOUND_HASH(newbie->ipsa_spi)]; 1408 } 1409 1410 mutex_enter(&outbound->isaf_lock); 1411 mutex_enter(&inbound->isaf_lock); 1412 1413 /* 1414 * Check for collisions (i.e. did sadb_getspi() return with something 1415 * that already exists?). 1416 * 1417 * Try outbound first. Even though SADB_GETSPI is traditionally 1418 * for inbound SAs, you never know what a user might do. 1419 */ 1420 target = ipsec_getassocbyspi(outbound, newbie->ipsa_spi, 1421 newbie->ipsa_srcaddr, newbie->ipsa_dstaddr, newbie->ipsa_addrfam); 1422 if (target == NULL) { 1423 target = ipsec_getassocbyspi(inbound, newbie->ipsa_spi, 1424 newbie->ipsa_srcaddr, newbie->ipsa_dstaddr, 1425 newbie->ipsa_addrfam); 1426 } 1427 1428 /* 1429 * I don't have collisions elsewhere! 1430 * (Nor will I because I'm still holding inbound/outbound locks.) 1431 */ 1432 1433 if (target != NULL) { 1434 rc = EEXIST; 1435 IPSA_REFRELE(target); 1436 } else { 1437 /* 1438 * sadb_insertassoc() also checks for collisions, so 1439 * if there's a colliding entry, rc will be set 1440 * to EEXIST. 1441 */ 1442 rc = sadb_insertassoc(newbie, inbound); 1443 (void) drv_getparm(TIME, &newbie->ipsa_hardexpiretime); 1444 newbie->ipsa_hardexpiretime += ipsecesp_larval_timeout; 1445 } 1446 1447 /* 1448 * Can exit outbound mutex. Hold inbound until we're done 1449 * with newbie. 1450 */ 1451 mutex_exit(&outbound->isaf_lock); 1452 1453 if (rc != 0) { 1454 mutex_exit(&inbound->isaf_lock); 1455 IPSA_REFRELE(newbie); 1456 sadb_pfkey_error(esp_pfkey_q, mp, rc, SADB_X_DIAGNOSTIC_NONE, 1457 ksi->ks_in_serial); 1458 return; 1459 } 1460 1461 1462 /* Can write here because I'm still holding the bucket lock. */ 1463 newbie->ipsa_type = SADB_SATYPE_ESP; 1464 1465 /* 1466 * Construct successful return message. We have one thing going 1467 * for us in PF_KEY v2. That's the fact that 1468 * sizeof (sadb_spirange_t) == sizeof (sadb_sa_t) 1469 */ 1470 assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SPIRANGE]; 1471 assoc->sadb_sa_exttype = SADB_EXT_SA; 1472 assoc->sadb_sa_spi = newbie->ipsa_spi; 1473 *((uint64_t *)(&assoc->sadb_sa_replay)) = 0; 1474 mutex_exit(&inbound->isaf_lock); 1475 1476 /* Convert KEYSOCK_IN to KEYSOCK_OUT. */ 1477 kso = (keysock_out_t *)ksi; 1478 kso->ks_out_len = sizeof (*kso); 1479 kso->ks_out_serial = ksi->ks_in_serial; 1480 kso->ks_out_type = KEYSOCK_OUT; 1481 1482 /* 1483 * Can safely putnext() to esp_pfkey_q, because this is a turnaround 1484 * from the esp_pfkey_q. 1485 */ 1486 putnext(esp_pfkey_q, mp); 1487 } 1488 1489 /* 1490 * Insert the ESP header into a packet. Duplicate an mblk, and insert a newly 1491 * allocated mblk with the ESP header in between the two. 1492 */ 1493 static boolean_t 1494 esp_insert_esp(mblk_t *mp, mblk_t *esp_mp, uint_t divpoint) 1495 { 1496 mblk_t *split_mp = mp; 1497 uint_t wheretodiv = divpoint; 1498 1499 while ((split_mp->b_wptr - split_mp->b_rptr) < wheretodiv) { 1500 wheretodiv -= (split_mp->b_wptr - split_mp->b_rptr); 1501 split_mp = split_mp->b_cont; 1502 ASSERT(split_mp != NULL); 1503 } 1504 1505 if (split_mp->b_wptr - split_mp->b_rptr != wheretodiv) { 1506 mblk_t *scratch; 1507 1508 /* "scratch" is the 2nd half, split_mp is the first. */ 1509 scratch = dupb(split_mp); 1510 if (scratch == NULL) { 1511 esp1dbg(("esp_insert_esp: can't allocate scratch.\n")); 1512 return (B_FALSE); 1513 } 1514 /* NOTE: dupb() doesn't set b_cont appropriately. */ 1515 scratch->b_cont = split_mp->b_cont; 1516 scratch->b_rptr += wheretodiv; 1517 split_mp->b_wptr = split_mp->b_rptr + wheretodiv; 1518 split_mp->b_cont = scratch; 1519 } 1520 /* 1521 * At this point, split_mp is exactly "wheretodiv" bytes long, and 1522 * holds the end of the pre-ESP part of the datagram. 1523 */ 1524 esp_mp->b_cont = split_mp->b_cont; 1525 split_mp->b_cont = esp_mp; 1526 1527 return (B_TRUE); 1528 } 1529 1530 /* 1531 * Finish processing of an inbound ESP packet after processing by the 1532 * crypto framework. 1533 * - Remove the ESP header. 1534 * - Send packet back to IP. 1535 * If authentication was performed on the packet, this function is called 1536 * only if the authentication succeeded. 1537 * On success returns B_TRUE, on failure returns B_FALSE and frees the 1538 * mblk chain ipsec_in_mp. 1539 */ 1540 static ipsec_status_t 1541 esp_in_done(mblk_t *ipsec_in_mp) 1542 { 1543 ipsec_in_t *ii = (ipsec_in_t *)ipsec_in_mp->b_rptr; 1544 mblk_t *data_mp; 1545 ipsa_t *assoc; 1546 uint_t espstart; 1547 uint32_t ivlen = 0; 1548 uint_t processed_len; 1549 esph_t *esph; 1550 kstat_named_t *counter; 1551 boolean_t is_natt; 1552 1553 assoc = ii->ipsec_in_esp_sa; 1554 ASSERT(assoc != NULL); 1555 1556 is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0); 1557 1558 /* get the pointer to the ESP header */ 1559 if (assoc->ipsa_encr_alg == SADB_EALG_NULL) { 1560 /* authentication-only ESP */ 1561 espstart = ii->ipsec_in_crypto_data.cd_offset; 1562 processed_len = ii->ipsec_in_crypto_data.cd_length; 1563 } else { 1564 /* encryption present */ 1565 ivlen = assoc->ipsa_iv_len; 1566 if (assoc->ipsa_auth_alg == SADB_AALG_NONE) { 1567 /* encryption-only ESP */ 1568 espstart = ii->ipsec_in_crypto_data.cd_offset - 1569 sizeof (esph_t) - assoc->ipsa_iv_len; 1570 processed_len = ii->ipsec_in_crypto_data.cd_length + 1571 ivlen; 1572 } else { 1573 /* encryption with authentication */ 1574 espstart = ii->ipsec_in_crypto_dual_data.dd_offset1; 1575 processed_len = ii->ipsec_in_crypto_dual_data.dd_len2 + 1576 ivlen; 1577 } 1578 } 1579 1580 data_mp = ipsec_in_mp->b_cont; 1581 esph = (esph_t *)(data_mp->b_rptr + espstart); 1582 1583 if (assoc->ipsa_auth_alg != IPSA_AALG_NONE) { 1584 /* authentication passed if we reach this point */ 1585 ESP_BUMP_STAT(good_auth); 1586 data_mp->b_wptr -= assoc->ipsa_mac_len; 1587 1588 /* 1589 * Check replay window here! 1590 * For right now, assume keysock will set the replay window 1591 * size to zero for SAs that have an unspecified sender. 1592 * This may change... 1593 */ 1594 1595 if (!sadb_replay_check(assoc, esph->esph_replay)) { 1596 /* 1597 * Log the event. As of now we print out an event. 1598 * Do not print the replay failure number, or else 1599 * syslog cannot collate the error messages. Printing 1600 * the replay number that failed opens a denial-of- 1601 * service attack. 1602 */ 1603 ipsec_assocfailure(info.mi_idnum, 0, 0, 1604 SL_ERROR | SL_WARN, 1605 "Replay failed for ESP spi 0x%x, dst %s.\n", 1606 assoc->ipsa_spi, assoc->ipsa_dstaddr, 1607 assoc->ipsa_addrfam); 1608 ESP_BUMP_STAT(replay_failures); 1609 counter = &ipdrops_esp_replay; 1610 goto drop_and_bail; 1611 } 1612 } 1613 1614 if (!esp_age_bytes(assoc, processed_len, B_TRUE)) { 1615 /* The ipsa has hit hard expiration, LOG and AUDIT. */ 1616 ipsec_assocfailure(info.mi_idnum, 0, 0, 1617 SL_ERROR | SL_WARN, 1618 "ESP association 0x%x, dst %s had bytes expire.\n", 1619 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam); 1620 ESP_BUMP_STAT(bytes_expired); 1621 counter = &ipdrops_esp_bytes_expire; 1622 goto drop_and_bail; 1623 } 1624 1625 /* 1626 * Remove ESP header and padding from packet. I hope the compiler 1627 * spews "branch, predict taken" code for this. 1628 */ 1629 1630 if (esp_strip_header(data_mp, ii->ipsec_in_v4, ivlen, &counter)) { 1631 if (is_natt) 1632 return (esp_fix_natt_checksums(data_mp, assoc)); 1633 return (IPSEC_STATUS_SUCCESS); 1634 } 1635 1636 esp1dbg(("esp_in_done: esp_strip_header() failed\n")); 1637 drop_and_bail: 1638 IP_ESP_BUMP_STAT(in_discards); 1639 /* 1640 * TODO: Extract inbound interface from the IPSEC_IN message's 1641 * ii->ipsec_in_rill_index. 1642 */ 1643 ip_drop_packet(ipsec_in_mp, B_TRUE, NULL, NULL, counter, &esp_dropper); 1644 return (IPSEC_STATUS_FAILED); 1645 } 1646 1647 /* 1648 * Called upon failing the inbound ICV check. The message passed as 1649 * argument is freed. 1650 */ 1651 static void 1652 esp_log_bad_auth(mblk_t *ipsec_in) 1653 { 1654 ipsec_in_t *ii = (ipsec_in_t *)ipsec_in->b_rptr; 1655 ipsa_t *assoc = ii->ipsec_in_esp_sa; 1656 1657 /* 1658 * Log the event. Don't print to the console, block 1659 * potential denial-of-service attack. 1660 */ 1661 ESP_BUMP_STAT(bad_auth); 1662 1663 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 1664 "ESP Authentication failed for spi 0x%x, dst %s.\n", 1665 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam); 1666 1667 IP_ESP_BUMP_STAT(in_discards); 1668 /* 1669 * TODO: Extract inbound interface from the IPSEC_IN 1670 * message's ii->ipsec_in_rill_index. 1671 */ 1672 ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL, &ipdrops_esp_bad_auth, 1673 &esp_dropper); 1674 } 1675 1676 1677 /* 1678 * Invoked for outbound packets after ESP processing. If the packet 1679 * also requires AH, performs the AH SA selection and AH processing. 1680 * Returns B_TRUE if the AH processing was not needed or if it was 1681 * performed successfully. Returns B_FALSE and consumes the passed mblk 1682 * if AH processing was required but could not be performed. 1683 */ 1684 static boolean_t 1685 esp_do_outbound_ah(mblk_t *ipsec_mp) 1686 { 1687 ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr; 1688 ipsec_status_t ipsec_rc; 1689 ipsec_action_t *ap; 1690 1691 ap = io->ipsec_out_act; 1692 if (ap == NULL) { 1693 ipsec_policy_t *pp = io->ipsec_out_policy; 1694 ap = pp->ipsp_act; 1695 } 1696 1697 if (!ap->ipa_want_ah) 1698 return (B_TRUE); 1699 1700 ASSERT(io->ipsec_out_ah_done == B_FALSE); 1701 1702 if (io->ipsec_out_ah_sa == NULL) { 1703 if (!ipsec_outbound_sa(ipsec_mp, IPPROTO_AH)) { 1704 sadb_acquire(ipsec_mp, io, B_TRUE, B_FALSE); 1705 return (B_FALSE); 1706 } 1707 } 1708 ASSERT(io->ipsec_out_ah_sa != NULL); 1709 1710 io->ipsec_out_ah_done = B_TRUE; 1711 ipsec_rc = io->ipsec_out_ah_sa->ipsa_output_func(ipsec_mp); 1712 return (ipsec_rc == IPSEC_STATUS_SUCCESS); 1713 } 1714 1715 1716 /* 1717 * Kernel crypto framework callback invoked after completion of async 1718 * crypto requests. 1719 */ 1720 static void 1721 esp_kcf_callback(void *arg, int status) 1722 { 1723 mblk_t *ipsec_mp = (mblk_t *)arg; 1724 ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr; 1725 boolean_t is_inbound = (ii->ipsec_in_type == IPSEC_IN); 1726 1727 ASSERT(ipsec_mp->b_cont != NULL); 1728 1729 if (status == CRYPTO_SUCCESS) { 1730 if (is_inbound) { 1731 if (esp_in_done(ipsec_mp) != IPSEC_STATUS_SUCCESS) 1732 return; 1733 1734 /* finish IPsec processing */ 1735 ip_fanout_proto_again(ipsec_mp, NULL, NULL, NULL); 1736 } else { 1737 /* 1738 * If a ICV was computed, it was stored by the 1739 * crypto framework at the end of the packet. 1740 */ 1741 ipha_t *ipha = (ipha_t *)ipsec_mp->b_cont->b_rptr; 1742 1743 /* do AH processing if needed */ 1744 if (!esp_do_outbound_ah(ipsec_mp)) 1745 return; 1746 1747 /* finish IPsec processing */ 1748 if (IPH_HDR_VERSION(ipha) == IP_VERSION) { 1749 ip_wput_ipsec_out(NULL, ipsec_mp, ipha, NULL, 1750 NULL); 1751 } else { 1752 ip6_t *ip6h = (ip6_t *)ipha; 1753 ip_wput_ipsec_out_v6(NULL, ipsec_mp, ip6h, 1754 NULL, NULL); 1755 } 1756 } 1757 1758 } else if (status == CRYPTO_INVALID_MAC) { 1759 esp_log_bad_auth(ipsec_mp); 1760 1761 } else { 1762 esp1dbg(("esp_kcf_callback: crypto failed with 0x%x\n", 1763 status)); 1764 ESP_BUMP_STAT(crypto_failures); 1765 if (is_inbound) 1766 IP_ESP_BUMP_STAT(in_discards); 1767 else 1768 ESP_BUMP_STAT(out_discards); 1769 ip_drop_packet(ipsec_mp, is_inbound, NULL, NULL, 1770 &ipdrops_esp_crypto_failed, &esp_dropper); 1771 } 1772 } 1773 1774 /* 1775 * Invoked on crypto framework failure during inbound and outbound processing. 1776 */ 1777 static void 1778 esp_crypto_failed(mblk_t *mp, boolean_t is_inbound, int kef_rc) 1779 { 1780 esp1dbg(("crypto failed for %s ESP with 0x%x\n", 1781 is_inbound ? "inbound" : "outbound", kef_rc)); 1782 ip_drop_packet(mp, is_inbound, NULL, NULL, &ipdrops_esp_crypto_failed, 1783 &esp_dropper); 1784 ESP_BUMP_STAT(crypto_failures); 1785 if (is_inbound) 1786 IP_ESP_BUMP_STAT(in_discards); 1787 else 1788 ESP_BUMP_STAT(out_discards); 1789 } 1790 1791 #define ESP_INIT_CALLREQ(_cr) { \ 1792 (_cr)->cr_flag = CRYPTO_SKIP_REQID|CRYPTO_RESTRICTED; \ 1793 (_cr)->cr_callback_arg = ipsec_mp; \ 1794 (_cr)->cr_callback_func = esp_kcf_callback; \ 1795 } 1796 1797 #define ESP_INIT_CRYPTO_MAC(mac, icvlen, icvbuf) { \ 1798 (mac)->cd_format = CRYPTO_DATA_RAW; \ 1799 (mac)->cd_offset = 0; \ 1800 (mac)->cd_length = icvlen; \ 1801 (mac)->cd_raw.iov_base = (char *)icvbuf; \ 1802 (mac)->cd_raw.iov_len = icvlen; \ 1803 } 1804 1805 #define ESP_INIT_CRYPTO_DATA(data, mp, off, len) { \ 1806 if (MBLKL(mp) >= (len) + (off)) { \ 1807 (data)->cd_format = CRYPTO_DATA_RAW; \ 1808 (data)->cd_raw.iov_base = (char *)(mp)->b_rptr; \ 1809 (data)->cd_raw.iov_len = MBLKL(mp); \ 1810 (data)->cd_offset = off; \ 1811 } else { \ 1812 (data)->cd_format = CRYPTO_DATA_MBLK; \ 1813 (data)->cd_mp = mp; \ 1814 (data)->cd_offset = off; \ 1815 } \ 1816 (data)->cd_length = len; \ 1817 } 1818 1819 #define ESP_INIT_CRYPTO_DUAL_DATA(data, mp, off1, len1, off2, len2) { \ 1820 (data)->dd_format = CRYPTO_DATA_MBLK; \ 1821 (data)->dd_mp = mp; \ 1822 (data)->dd_len1 = len1; \ 1823 (data)->dd_offset1 = off1; \ 1824 (data)->dd_len2 = len2; \ 1825 (data)->dd_offset2 = off2; \ 1826 } 1827 1828 static ipsec_status_t 1829 esp_submit_req_inbound(mblk_t *ipsec_mp, ipsa_t *assoc, uint_t esph_offset) 1830 { 1831 ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr; 1832 boolean_t do_auth; 1833 uint_t auth_offset, msg_len, auth_len; 1834 crypto_call_req_t call_req; 1835 mblk_t *esp_mp; 1836 int kef_rc = CRYPTO_FAILED; 1837 uint_t icv_len = assoc->ipsa_mac_len; 1838 crypto_ctx_template_t auth_ctx_tmpl; 1839 boolean_t do_encr; 1840 uint_t encr_offset, encr_len; 1841 uint_t iv_len = assoc->ipsa_iv_len; 1842 crypto_ctx_template_t encr_ctx_tmpl; 1843 1844 ASSERT(ii->ipsec_in_type == IPSEC_IN); 1845 1846 do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE; 1847 do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL; 1848 1849 /* 1850 * An inbound packet is of the form: 1851 * IPSEC_IN -> [IP,options,ESP,IV,data,ICV,pad] 1852 */ 1853 esp_mp = ipsec_mp->b_cont; 1854 msg_len = MBLKL(esp_mp); 1855 1856 ESP_INIT_CALLREQ(&call_req); 1857 1858 if (do_auth) { 1859 /* force asynchronous processing? */ 1860 if (ipsec_algs_exec_mode[IPSEC_ALG_AUTH] == 1861 IPSEC_ALGS_EXEC_ASYNC) 1862 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 1863 1864 /* authentication context template */ 1865 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH, 1866 auth_ctx_tmpl); 1867 1868 /* ICV to be verified */ 1869 ESP_INIT_CRYPTO_MAC(&ii->ipsec_in_crypto_mac, 1870 icv_len, esp_mp->b_wptr - icv_len); 1871 1872 /* authentication starts at the ESP header */ 1873 auth_offset = esph_offset; 1874 auth_len = msg_len - auth_offset - icv_len; 1875 if (!do_encr) { 1876 /* authentication only */ 1877 /* initialize input data argument */ 1878 ESP_INIT_CRYPTO_DATA(&ii->ipsec_in_crypto_data, 1879 esp_mp, auth_offset, auth_len); 1880 1881 /* call the crypto framework */ 1882 kef_rc = crypto_mac_verify(&assoc->ipsa_amech, 1883 &ii->ipsec_in_crypto_data, 1884 &assoc->ipsa_kcfauthkey, auth_ctx_tmpl, 1885 &ii->ipsec_in_crypto_mac, &call_req); 1886 } 1887 } 1888 1889 if (do_encr) { 1890 /* force asynchronous processing? */ 1891 if (ipsec_algs_exec_mode[IPSEC_ALG_ENCR] == 1892 IPSEC_ALGS_EXEC_ASYNC) 1893 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 1894 1895 /* encryption template */ 1896 IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR, 1897 encr_ctx_tmpl); 1898 1899 /* skip IV, since it is passed separately */ 1900 encr_offset = esph_offset + sizeof (esph_t) + iv_len; 1901 encr_len = msg_len - encr_offset; 1902 1903 if (!do_auth) { 1904 /* decryption only */ 1905 /* initialize input data argument */ 1906 ESP_INIT_CRYPTO_DATA(&ii->ipsec_in_crypto_data, 1907 esp_mp, encr_offset, encr_len); 1908 1909 /* specify IV */ 1910 ii->ipsec_in_crypto_data.cd_miscdata = 1911 (char *)esp_mp->b_rptr + sizeof (esph_t) + 1912 esph_offset; 1913 1914 /* call the crypto framework */ 1915 kef_rc = crypto_decrypt(&assoc->ipsa_emech, 1916 &ii->ipsec_in_crypto_data, 1917 &assoc->ipsa_kcfencrkey, encr_ctx_tmpl, 1918 NULL, &call_req); 1919 } 1920 } 1921 1922 if (do_auth && do_encr) { 1923 /* dual operation */ 1924 /* initialize input data argument */ 1925 ESP_INIT_CRYPTO_DUAL_DATA(&ii->ipsec_in_crypto_dual_data, 1926 esp_mp, auth_offset, auth_len, 1927 encr_offset, encr_len - icv_len); 1928 1929 /* specify IV */ 1930 ii->ipsec_in_crypto_dual_data.dd_miscdata = 1931 (char *)esp_mp->b_rptr + sizeof (esph_t) + esph_offset; 1932 1933 /* call the framework */ 1934 kef_rc = crypto_mac_verify_decrypt(&assoc->ipsa_amech, 1935 &assoc->ipsa_emech, &ii->ipsec_in_crypto_dual_data, 1936 &assoc->ipsa_kcfauthkey, &assoc->ipsa_kcfencrkey, 1937 auth_ctx_tmpl, encr_ctx_tmpl, &ii->ipsec_in_crypto_mac, 1938 NULL, &call_req); 1939 } 1940 1941 switch (kef_rc) { 1942 case CRYPTO_SUCCESS: 1943 ESP_BUMP_STAT(crypto_sync); 1944 return (esp_in_done(ipsec_mp)); 1945 case CRYPTO_QUEUED: 1946 /* esp_kcf_callback() will be invoked on completion */ 1947 ESP_BUMP_STAT(crypto_async); 1948 return (IPSEC_STATUS_PENDING); 1949 case CRYPTO_INVALID_MAC: 1950 ESP_BUMP_STAT(crypto_sync); 1951 esp_log_bad_auth(ipsec_mp); 1952 return (IPSEC_STATUS_FAILED); 1953 } 1954 1955 esp_crypto_failed(ipsec_mp, B_TRUE, kef_rc); 1956 return (IPSEC_STATUS_FAILED); 1957 } 1958 1959 static ipsec_status_t 1960 esp_submit_req_outbound(mblk_t *ipsec_mp, ipsa_t *assoc, uchar_t *icv_buf, 1961 uint_t payload_len) 1962 { 1963 ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr; 1964 uint_t auth_len; 1965 crypto_call_req_t call_req; 1966 mblk_t *esp_mp; 1967 int kef_rc = CRYPTO_FAILED; 1968 uint_t icv_len = assoc->ipsa_mac_len; 1969 crypto_ctx_template_t auth_ctx_tmpl; 1970 boolean_t do_auth; 1971 boolean_t do_encr; 1972 uint_t iv_len = assoc->ipsa_iv_len; 1973 crypto_ctx_template_t encr_ctx_tmpl; 1974 boolean_t is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0); 1975 size_t esph_offset = (is_natt ? UDPH_SIZE : 0); 1976 1977 esp3dbg(("esp_submit_req_outbound:%s", is_natt ? "natt" : "not natt")); 1978 1979 ASSERT(io->ipsec_out_type == IPSEC_OUT); 1980 1981 do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL; 1982 do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE; 1983 1984 /* 1985 * Outbound IPsec packets are of the form: 1986 * IPSEC_OUT -> [IP,options] -> [ESP,IV] -> [data] -> [pad,ICV] 1987 * unless it's NATT, then it's 1988 * IPSEC_OUT -> [IP,options] -> [udp][ESP,IV] -> [data] -> [pad,ICV] 1989 * Get a pointer to the mblk containing the ESP header. 1990 */ 1991 ASSERT(ipsec_mp->b_cont != NULL && ipsec_mp->b_cont->b_cont != NULL); 1992 esp_mp = ipsec_mp->b_cont->b_cont; 1993 1994 ESP_INIT_CALLREQ(&call_req); 1995 1996 if (do_auth) { 1997 /* force asynchronous processing? */ 1998 if (ipsec_algs_exec_mode[IPSEC_ALG_AUTH] == 1999 IPSEC_ALGS_EXEC_ASYNC) 2000 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 2001 2002 /* authentication context template */ 2003 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH, 2004 auth_ctx_tmpl); 2005 2006 /* where to store the computed mac */ 2007 ESP_INIT_CRYPTO_MAC(&io->ipsec_out_crypto_mac, 2008 icv_len, icv_buf); 2009 2010 /* authentication starts at the ESP header */ 2011 auth_len = payload_len + iv_len + sizeof (esph_t); 2012 if (!do_encr) { 2013 /* authentication only */ 2014 /* initialize input data argument */ 2015 ESP_INIT_CRYPTO_DATA(&io->ipsec_out_crypto_data, 2016 esp_mp, esph_offset, auth_len); 2017 2018 /* call the crypto framework */ 2019 kef_rc = crypto_mac(&assoc->ipsa_amech, 2020 &io->ipsec_out_crypto_data, 2021 &assoc->ipsa_kcfauthkey, auth_ctx_tmpl, 2022 &io->ipsec_out_crypto_mac, &call_req); 2023 } 2024 } 2025 2026 if (do_encr) { 2027 /* force asynchronous processing? */ 2028 if (ipsec_algs_exec_mode[IPSEC_ALG_ENCR] == 2029 IPSEC_ALGS_EXEC_ASYNC) 2030 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 2031 2032 /* encryption context template */ 2033 IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR, 2034 encr_ctx_tmpl); 2035 2036 if (!do_auth) { 2037 /* encryption only, skip mblk that contains ESP hdr */ 2038 /* initialize input data argument */ 2039 ESP_INIT_CRYPTO_DATA(&io->ipsec_out_crypto_data, 2040 esp_mp->b_cont, 0, payload_len); 2041 2042 /* specify IV */ 2043 io->ipsec_out_crypto_data.cd_miscdata = 2044 (char *)esp_mp->b_rptr + sizeof (esph_t) + 2045 esph_offset; 2046 2047 /* call the crypto framework */ 2048 kef_rc = crypto_encrypt(&assoc->ipsa_emech, 2049 &io->ipsec_out_crypto_data, 2050 &assoc->ipsa_kcfencrkey, encr_ctx_tmpl, 2051 NULL, &call_req); 2052 } 2053 } 2054 2055 if (do_auth && do_encr) { 2056 /* 2057 * Encryption and authentication: 2058 * Pass the pointer to the mblk chain starting at the ESP 2059 * header to the framework. Skip the ESP header mblk 2060 * for encryption, which is reflected by an encryption 2061 * offset equal to the length of that mblk. Start 2062 * the authentication at the ESP header, i.e. use an 2063 * authentication offset of zero. 2064 */ 2065 ESP_INIT_CRYPTO_DUAL_DATA(&io->ipsec_out_crypto_dual_data, 2066 esp_mp, MBLKL(esp_mp), payload_len, esph_offset, auth_len); 2067 2068 /* specify IV */ 2069 io->ipsec_out_crypto_dual_data.dd_miscdata = 2070 (char *)esp_mp->b_rptr + sizeof (esph_t) + esph_offset; 2071 2072 /* call the framework */ 2073 kef_rc = crypto_encrypt_mac(&assoc->ipsa_emech, 2074 &assoc->ipsa_amech, NULL, 2075 &assoc->ipsa_kcfencrkey, &assoc->ipsa_kcfauthkey, 2076 encr_ctx_tmpl, auth_ctx_tmpl, 2077 &io->ipsec_out_crypto_dual_data, 2078 &io->ipsec_out_crypto_mac, &call_req); 2079 } 2080 2081 switch (kef_rc) { 2082 case CRYPTO_SUCCESS: 2083 ESP_BUMP_STAT(crypto_sync); 2084 return (IPSEC_STATUS_SUCCESS); 2085 case CRYPTO_QUEUED: 2086 /* esp_kcf_callback() will be invoked on completion */ 2087 ESP_BUMP_STAT(crypto_async); 2088 return (IPSEC_STATUS_PENDING); 2089 } 2090 2091 esp_crypto_failed(ipsec_mp, B_TRUE, kef_rc); 2092 return (IPSEC_STATUS_FAILED); 2093 } 2094 2095 /* 2096 * Handle outbound IPsec processing for IPv4 and IPv6 2097 * On success returns B_TRUE, on failure returns B_FALSE and frees the 2098 * mblk chain ipsec_in_mp. 2099 */ 2100 static ipsec_status_t 2101 esp_outbound(mblk_t *mp) 2102 { 2103 mblk_t *ipsec_out_mp, *data_mp, *espmp, *tailmp; 2104 ipsec_out_t *io; 2105 ipha_t *ipha; 2106 ip6_t *ip6h; 2107 esph_t *esph; 2108 uint_t af; 2109 uint8_t *nhp; 2110 uintptr_t divpoint, datalen, adj, padlen, i, alloclen; 2111 uintptr_t esplen = sizeof (esph_t); 2112 uint8_t protocol; 2113 ipsa_t *assoc; 2114 uint_t iv_len = 0, mac_len = 0; 2115 uchar_t *icv_buf; 2116 udpha_t *udpha; 2117 boolean_t is_natt = B_FALSE; 2118 2119 ESP_BUMP_STAT(out_requests); 2120 2121 ipsec_out_mp = mp; 2122 data_mp = ipsec_out_mp->b_cont; 2123 2124 /* 2125 * <sigh> We have to copy the message here, because TCP (for example) 2126 * keeps a dupb() of the message lying around for retransmission. 2127 * Since ESP changes the whole of the datagram, we have to create our 2128 * own copy lest we clobber TCP's data. Since we have to copy anyway, 2129 * we might as well make use of msgpullup() and get the mblk into one 2130 * contiguous piece! 2131 */ 2132 ipsec_out_mp->b_cont = msgpullup(data_mp, -1); 2133 if (ipsec_out_mp->b_cont == NULL) { 2134 esp0dbg(("esp_outbound: msgpullup() failed, " 2135 "dropping packet.\n")); 2136 ipsec_out_mp->b_cont = data_mp; 2137 /* 2138 * TODO: Find the outbound IRE for this packet and 2139 * pass it to ip_drop_packet(). 2140 */ 2141 ip_drop_packet(ipsec_out_mp, B_FALSE, NULL, NULL, 2142 &ipdrops_esp_nomem, &esp_dropper); 2143 return (IPSEC_STATUS_FAILED); 2144 } else { 2145 freemsg(data_mp); 2146 data_mp = ipsec_out_mp->b_cont; 2147 } 2148 2149 io = (ipsec_out_t *)ipsec_out_mp->b_rptr; 2150 2151 /* 2152 * Reality check.... 2153 */ 2154 2155 ipha = (ipha_t *)data_mp->b_rptr; /* So we can call esp_acquire(). */ 2156 2157 if (io->ipsec_out_v4) { 2158 af = AF_INET; 2159 divpoint = IPH_HDR_LENGTH(ipha); 2160 datalen = ntohs(ipha->ipha_length) - divpoint; 2161 nhp = (uint8_t *)&ipha->ipha_protocol; 2162 } else { 2163 ip6_pkt_t ipp; 2164 2165 af = AF_INET6; 2166 ip6h = (ip6_t *)ipha; 2167 bzero(&ipp, sizeof (ipp)); 2168 divpoint = ip_find_hdr_v6(data_mp, ip6h, &ipp, NULL); 2169 if (ipp.ipp_dstopts != NULL && 2170 ipp.ipp_dstopts->ip6d_nxt != IPPROTO_ROUTING) { 2171 /* 2172 * Destination options are tricky. If we get in here, 2173 * then we have a terminal header following the 2174 * destination options. We need to adjust backwards 2175 * so we insert ESP BEFORE the destination options 2176 * bag. (So that the dstopts get encrypted!) 2177 * 2178 * Since this is for outbound packets only, we know 2179 * that non-terminal destination options only precede 2180 * routing headers. 2181 */ 2182 divpoint -= ipp.ipp_dstoptslen; 2183 } 2184 datalen = ntohs(ip6h->ip6_plen) + sizeof (ip6_t) - divpoint; 2185 2186 if (ipp.ipp_rthdr != NULL) { 2187 nhp = &ipp.ipp_rthdr->ip6r_nxt; 2188 } else if (ipp.ipp_hopopts != NULL) { 2189 nhp = &ipp.ipp_hopopts->ip6h_nxt; 2190 } else { 2191 ASSERT(divpoint == sizeof (ip6_t)); 2192 /* It's probably IP + ESP. */ 2193 nhp = &ip6h->ip6_nxt; 2194 } 2195 } 2196 assoc = io->ipsec_out_esp_sa; 2197 ASSERT(assoc != NULL); 2198 2199 if (assoc->ipsa_usetime == 0) 2200 esp_set_usetime(assoc, B_FALSE); 2201 2202 if (assoc->ipsa_auth_alg != SADB_AALG_NONE) 2203 mac_len = assoc->ipsa_mac_len; 2204 2205 if (assoc->ipsa_flags & IPSA_F_NATT) { 2206 /* wedge in fake UDP */ 2207 is_natt = B_TRUE; 2208 esplen += UDPH_SIZE; 2209 } 2210 2211 if (assoc->ipsa_encr_alg != SADB_EALG_NULL) 2212 iv_len = assoc->ipsa_iv_len; 2213 2214 /* 2215 * Set up ESP header and encryption padding for ENCR PI request. 2216 */ 2217 2218 /* 2219 * Determine the padding length. Pad to 4-bytes. 2220 * 2221 * Include the two additional bytes (hence the - 2) for the padding 2222 * length and the next header. Take this into account when 2223 * calculating the actual length of the padding. 2224 */ 2225 2226 if (assoc->ipsa_encr_alg != SADB_EALG_NULL) { 2227 padlen = ((unsigned)(iv_len - datalen - 2)) % iv_len; 2228 } else { 2229 padlen = ((unsigned)(sizeof (uint32_t) - datalen - 2)) % 2230 sizeof (uint32_t); 2231 } 2232 2233 /* Allocate ESP header and IV. */ 2234 esplen += iv_len; 2235 2236 /* 2237 * Update association byte-count lifetimes. Don't forget to take 2238 * into account the padding length and next-header (hence the + 2). 2239 * 2240 * Use the amount of data fed into the "encryption algorithm". This 2241 * is the IV, the data length, the padding length, and the final two 2242 * bytes (padlen, and next-header). 2243 * 2244 */ 2245 2246 if (!esp_age_bytes(assoc, datalen + padlen + iv_len + 2, B_FALSE)) { 2247 /* 2248 * TODO: Find the outbound IRE for this packet and 2249 * pass it to ip_drop_packet(). 2250 */ 2251 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2252 &ipdrops_esp_bytes_expire, &esp_dropper); 2253 return (IPSEC_STATUS_FAILED); 2254 } 2255 2256 espmp = allocb(esplen, BPRI_HI); 2257 if (espmp == NULL) { 2258 ESP_BUMP_STAT(out_discards); 2259 esp1dbg(("esp_outbound: can't allocate espmp.\n")); 2260 /* 2261 * TODO: Find the outbound IRE for this packet and 2262 * pass it to ip_drop_packet(). 2263 */ 2264 ip_drop_packet(mp, B_FALSE, NULL, NULL, &ipdrops_esp_nomem, 2265 &esp_dropper); 2266 return (IPSEC_STATUS_FAILED); 2267 } 2268 espmp->b_wptr += esplen; 2269 esph = (esph_t *)espmp->b_rptr; 2270 2271 if (is_natt) { 2272 esp3dbg(("esp_outbound: NATT")); 2273 2274 udpha = (udpha_t *)espmp->b_rptr; 2275 udpha->uha_src_port = htons(IPPORT_IKE_NATT); 2276 if (assoc->ipsa_remote_port != 0) 2277 udpha->uha_dst_port = assoc->ipsa_remote_port; 2278 else 2279 udpha->uha_dst_port = htons(IPPORT_IKE_NATT); 2280 /* 2281 * Set the checksum to 0, so that the ip_wput_ipsec_out() 2282 * can do the right thing. 2283 */ 2284 udpha->uha_checksum = 0; 2285 esph = (esph_t *)(udpha + 1); 2286 } 2287 2288 esph->esph_spi = assoc->ipsa_spi; 2289 2290 esph->esph_replay = htonl(atomic_add_32_nv(&assoc->ipsa_replay, 1)); 2291 if (esph->esph_replay == 0 && assoc->ipsa_replay_wsize != 0) { 2292 /* 2293 * XXX We have replay counter wrapping. 2294 * We probably want to nuke this SA (and its peer). 2295 */ 2296 ipsec_assocfailure(info.mi_idnum, 0, 0, 2297 SL_ERROR | SL_CONSOLE | SL_WARN, 2298 "Outbound ESP SA (0x%x, %s) has wrapped sequence.\n", 2299 esph->esph_spi, assoc->ipsa_dstaddr, af); 2300 2301 ESP_BUMP_STAT(out_discards); 2302 sadb_replay_delete(assoc); 2303 /* 2304 * TODO: Find the outbound IRE for this packet and 2305 * pass it to ip_drop_packet(). 2306 */ 2307 ip_drop_packet(mp, B_FALSE, NULL, NULL, &ipdrops_esp_replay, 2308 &esp_dropper); 2309 return (IPSEC_STATUS_FAILED); 2310 } 2311 2312 /* 2313 * Set the IV to a random quantity. We do not require the 2314 * highest quality random bits, but for best security with CBC 2315 * mode ciphers, the value must be unlikely to repeat and also 2316 * must not be known in advance to an adversary capable of 2317 * influencing the plaintext. 2318 */ 2319 (void) random_get_pseudo_bytes((uint8_t *)(esph + 1), iv_len); 2320 2321 /* Fix the IP header. */ 2322 alloclen = padlen + 2 + mac_len; 2323 adj = alloclen + (espmp->b_wptr - espmp->b_rptr); 2324 2325 protocol = *nhp; 2326 2327 if (io->ipsec_out_v4) { 2328 ipha->ipha_length = htons(ntohs(ipha->ipha_length) + adj); 2329 if (is_natt) { 2330 *nhp = IPPROTO_UDP; 2331 udpha->uha_length = htons(ntohs(ipha->ipha_length) - 2332 IPH_HDR_LENGTH(ipha)); 2333 } else { 2334 *nhp = IPPROTO_ESP; 2335 } 2336 ipha->ipha_hdr_checksum = 0; 2337 ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha); 2338 } else { 2339 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) + adj); 2340 *nhp = IPPROTO_ESP; 2341 } 2342 2343 /* I've got the two ESP mblks, now insert them. */ 2344 2345 esp2dbg(("data_mp before outbound ESP adjustment:\n")); 2346 esp2dbg((dump_msg(data_mp))); 2347 2348 if (!esp_insert_esp(data_mp, espmp, divpoint)) { 2349 ESP_BUMP_STAT(out_discards); 2350 /* NOTE: esp_insert_esp() only fails if there's no memory. */ 2351 /* 2352 * TODO: Find the outbound IRE for this packet and 2353 * pass it to ip_drop_packet(). 2354 */ 2355 ip_drop_packet(mp, B_FALSE, NULL, NULL, &ipdrops_esp_nomem, 2356 &esp_dropper); 2357 freeb(espmp); 2358 return (IPSEC_STATUS_FAILED); 2359 } 2360 2361 /* Append padding (and leave room for ICV). */ 2362 for (tailmp = data_mp; tailmp->b_cont != NULL; tailmp = tailmp->b_cont) 2363 ; 2364 if (tailmp->b_wptr + alloclen > tailmp->b_datap->db_lim) { 2365 tailmp->b_cont = allocb(alloclen, BPRI_HI); 2366 if (tailmp->b_cont == NULL) { 2367 ESP_BUMP_STAT(out_discards); 2368 esp0dbg(("esp_outbound: Can't allocate tailmp.\n")); 2369 /* 2370 * TODO: Find the outbound IRE for this packet and 2371 * pass it to ip_drop_packet(). 2372 */ 2373 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2374 &ipdrops_esp_nomem, &esp_dropper); 2375 return (IPSEC_STATUS_FAILED); 2376 } 2377 tailmp = tailmp->b_cont; 2378 } 2379 2380 /* 2381 * If there's padding, N bytes of padding must be of the form 0x1, 2382 * 0x2, 0x3... 0xN. 2383 */ 2384 for (i = 0; i < padlen; ) { 2385 i++; 2386 *tailmp->b_wptr++ = i; 2387 } 2388 *tailmp->b_wptr++ = i; 2389 *tailmp->b_wptr++ = protocol; 2390 2391 esp2dbg(("data_Mp before encryption:\n")); 2392 esp2dbg((dump_msg(data_mp))); 2393 2394 /* 2395 * The packet is eligible for hardware acceleration if the 2396 * following conditions are satisfied: 2397 * 2398 * 1. the packet will not be fragmented 2399 * 2. the provider supports the algorithms specified by SA 2400 * 3. there is no pending control message being exchanged 2401 * 4. snoop is not attached 2402 * 5. the destination address is not a multicast address 2403 * 2404 * All five of these conditions are checked by IP prior to 2405 * sending the packet to ESP. 2406 * 2407 * But We, and We Alone, can, nay MUST check if the packet 2408 * is over NATT, and then disqualify it from hardware 2409 * acceleration. 2410 */ 2411 2412 if (io->ipsec_out_is_capab_ill && !(assoc->ipsa_flags & IPSA_F_NATT)) { 2413 return (esp_outbound_accelerated(ipsec_out_mp, mac_len)); 2414 } 2415 ESP_BUMP_STAT(noaccel); 2416 2417 /* 2418 * Okay. I've set up the pre-encryption ESP. Let's do it! 2419 */ 2420 2421 if (mac_len > 0) { 2422 ASSERT(tailmp->b_wptr + mac_len <= tailmp->b_datap->db_lim); 2423 icv_buf = tailmp->b_wptr; 2424 tailmp->b_wptr += mac_len; 2425 } else { 2426 icv_buf = NULL; 2427 } 2428 2429 return (esp_submit_req_outbound(ipsec_out_mp, assoc, icv_buf, 2430 datalen + padlen + 2)); 2431 } 2432 2433 /* 2434 * IP calls this to validate the ICMP errors that 2435 * we got from the network. 2436 */ 2437 ipsec_status_t 2438 ipsecesp_icmp_error(mblk_t *ipsec_mp) 2439 { 2440 /* 2441 * Unless we get an entire packet back, this function is useless. 2442 * Why? 2443 * 2444 * 1.) Partial packets are useless, because the "next header" 2445 * is at the end of the decrypted ESP packet. Without the 2446 * whole packet, this is useless. 2447 * 2448 * 2.) If we every use a stateful cipher, such as a stream or a 2449 * one-time pad, we can't do anything. 2450 * 2451 * Since the chances of us getting an entire packet back are very 2452 * very small, we discard here. 2453 */ 2454 IP_ESP_BUMP_STAT(in_discards); 2455 ip_drop_packet(ipsec_mp, B_TRUE, NULL, NULL, &ipdrops_esp_icmp, 2456 &esp_dropper); 2457 return (IPSEC_STATUS_FAILED); 2458 } 2459 2460 /* 2461 * ESP module read put routine. 2462 */ 2463 /* ARGSUSED */ 2464 static void 2465 ipsecesp_rput(queue_t *q, mblk_t *mp) 2466 { 2467 keysock_in_t *ksi; 2468 int *addrtype; 2469 ire_t *ire; 2470 mblk_t *ire_mp, *last_mp; 2471 2472 switch (mp->b_datap->db_type) { 2473 case M_CTL: 2474 /* 2475 * IPsec request of some variety from IP. IPSEC_{IN,OUT} 2476 * are the common cases, but even ICMP error messages from IP 2477 * may rise up here. 2478 * 2479 * Ummmm, actually, this can also be the reflected KEYSOCK_IN 2480 * message, with an IRE_DB_TYPE hung off at the end. 2481 */ 2482 switch (((ipsec_info_t *)(mp->b_rptr))->ipsec_info_type) { 2483 case KEYSOCK_IN: 2484 last_mp = mp; 2485 while (last_mp->b_cont != NULL && 2486 last_mp->b_cont->b_datap->db_type != IRE_DB_TYPE) 2487 last_mp = last_mp->b_cont; 2488 2489 if (last_mp->b_cont == NULL) { 2490 freemsg(mp); 2491 break; /* Out of switch. */ 2492 } 2493 2494 ire_mp = last_mp->b_cont; 2495 last_mp->b_cont = NULL; 2496 2497 ksi = (keysock_in_t *)mp->b_rptr; 2498 2499 if (ksi->ks_in_srctype == KS_IN_ADDR_UNKNOWN) 2500 addrtype = &ksi->ks_in_srctype; 2501 else if (ksi->ks_in_dsttype == KS_IN_ADDR_UNKNOWN) 2502 addrtype = &ksi->ks_in_dsttype; 2503 else if (ksi->ks_in_proxytype == KS_IN_ADDR_UNKNOWN) 2504 addrtype = &ksi->ks_in_proxytype; 2505 2506 ire = (ire_t *)ire_mp->b_rptr; 2507 2508 *addrtype = sadb_addrset(ire); 2509 2510 freemsg(ire_mp); 2511 if (esp_pfkey_q != NULL) { 2512 /* 2513 * Decrement counter to make up for 2514 * auto-increment in ipsecesp_wput(). 2515 * I'm running all MT-hot through here, so 2516 * don't worry about perimeters and lateral 2517 * puts. 2518 */ 2519 ESP_DEBUMP_STAT(keysock_in); 2520 ipsecesp_wput(WR(esp_pfkey_q), mp); 2521 } else { 2522 freemsg(mp); 2523 } 2524 break; 2525 default: 2526 freemsg(mp); 2527 break; 2528 } 2529 break; 2530 case M_PROTO: 2531 case M_PCPROTO: 2532 /* TPI message of some sort. */ 2533 switch (*((t_scalar_t *)mp->b_rptr)) { 2534 case T_BIND_ACK: 2535 esp3dbg(("Thank you IP from ESP for T_BIND_ACK\n")); 2536 break; 2537 case T_ERROR_ACK: 2538 cmn_err(CE_WARN, 2539 "ipsecesp: ESP received T_ERROR_ACK from IP."); 2540 /* 2541 * Make esp_sadb.s_ip_q NULL, and in the 2542 * future, perhaps try again. 2543 */ 2544 esp_sadb.s_ip_q = NULL; 2545 break; 2546 case T_OK_ACK: 2547 /* Probably from a (rarely sent) T_UNBIND_REQ. */ 2548 break; 2549 default: 2550 esp0dbg(("Unknown M_{,PC}PROTO message.\n")); 2551 } 2552 freemsg(mp); 2553 break; 2554 default: 2555 /* For now, passthru message. */ 2556 esp2dbg(("ESP got unknown mblk type %d.\n", 2557 mp->b_datap->db_type)); 2558 putnext(q, mp); 2559 } 2560 } 2561 2562 /* 2563 * Construct an SADB_REGISTER message with the current algorithms. 2564 */ 2565 static boolean_t 2566 esp_register_out(uint32_t sequence, uint32_t pid, uint_t serial) 2567 { 2568 mblk_t *pfkey_msg_mp, *keysock_out_mp; 2569 sadb_msg_t *samsg; 2570 sadb_supported_t *sasupp_auth = NULL; 2571 sadb_supported_t *sasupp_encr = NULL; 2572 sadb_alg_t *saalg; 2573 uint_t allocsize = sizeof (*samsg); 2574 uint_t i, numalgs_snap; 2575 int current_aalgs; 2576 ipsec_alginfo_t **authalgs; 2577 uint_t num_aalgs; 2578 int current_ealgs; 2579 ipsec_alginfo_t **encralgs; 2580 uint_t num_ealgs; 2581 2582 /* Allocate the KEYSOCK_OUT. */ 2583 keysock_out_mp = sadb_keysock_out(serial); 2584 if (keysock_out_mp == NULL) { 2585 esp0dbg(("esp_register_out: couldn't allocate mblk.\n")); 2586 return (B_FALSE); 2587 } 2588 2589 /* 2590 * Allocate the PF_KEY message that follows KEYSOCK_OUT. 2591 */ 2592 2593 mutex_enter(&alg_lock); 2594 2595 /* 2596 * Fill SADB_REGISTER message's algorithm descriptors. Hold 2597 * down the lock while filling it. 2598 * 2599 * Return only valid algorithms, so the number of algorithms 2600 * to send up may be less than the number of algorithm entries 2601 * in the table. 2602 */ 2603 authalgs = ipsec_alglists[IPSEC_ALG_AUTH]; 2604 for (num_aalgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++) 2605 if (authalgs[i] != NULL && ALG_VALID(authalgs[i])) 2606 num_aalgs++; 2607 2608 if (num_aalgs != 0) { 2609 allocsize += (num_aalgs * sizeof (*saalg)); 2610 allocsize += sizeof (*sasupp_auth); 2611 } 2612 encralgs = ipsec_alglists[IPSEC_ALG_ENCR]; 2613 for (num_ealgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++) 2614 if (encralgs[i] != NULL && ALG_VALID(encralgs[i])) 2615 num_ealgs++; 2616 2617 if (num_ealgs != 0) { 2618 allocsize += (num_ealgs * sizeof (*saalg)); 2619 allocsize += sizeof (*sasupp_encr); 2620 } 2621 keysock_out_mp->b_cont = allocb(allocsize, BPRI_HI); 2622 if (keysock_out_mp->b_cont == NULL) { 2623 mutex_exit(&alg_lock); 2624 freemsg(keysock_out_mp); 2625 return (B_FALSE); 2626 } 2627 2628 pfkey_msg_mp = keysock_out_mp->b_cont; 2629 pfkey_msg_mp->b_wptr += allocsize; 2630 if (num_aalgs != 0) { 2631 sasupp_auth = (sadb_supported_t *) 2632 (pfkey_msg_mp->b_rptr + sizeof (*samsg)); 2633 saalg = (sadb_alg_t *)(sasupp_auth + 1); 2634 2635 ASSERT(((ulong_t)saalg & 0x7) == 0); 2636 2637 numalgs_snap = 0; 2638 for (i = 0; 2639 ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_aalgs)); i++) { 2640 if (authalgs[i] == NULL || !ALG_VALID(authalgs[i])) 2641 continue; 2642 2643 saalg->sadb_alg_id = authalgs[i]->alg_id; 2644 saalg->sadb_alg_ivlen = 0; 2645 saalg->sadb_alg_minbits = authalgs[i]->alg_ef_minbits; 2646 saalg->sadb_alg_maxbits = authalgs[i]->alg_ef_maxbits; 2647 saalg->sadb_x_alg_defincr = authalgs[i]->alg_ef_default; 2648 saalg->sadb_x_alg_increment = 2649 authalgs[i]->alg_increment; 2650 numalgs_snap++; 2651 saalg++; 2652 } 2653 ASSERT(numalgs_snap == num_aalgs); 2654 #ifdef DEBUG 2655 /* 2656 * Reality check to make sure I snagged all of the 2657 * algorithms. 2658 */ 2659 for (; i < IPSEC_MAX_ALGS; i++) { 2660 if (authalgs[i] != NULL && ALG_VALID(authalgs[i])) { 2661 cmn_err(CE_PANIC, "esp_register_out()! " 2662 "Missed aalg #%d.\n", i); 2663 } 2664 } 2665 #endif /* DEBUG */ 2666 } else { 2667 saalg = (sadb_alg_t *)(pfkey_msg_mp->b_rptr + sizeof (*samsg)); 2668 } 2669 2670 if (num_ealgs != 0) { 2671 sasupp_encr = (sadb_supported_t *)saalg; 2672 saalg = (sadb_alg_t *)(sasupp_encr + 1); 2673 2674 numalgs_snap = 0; 2675 for (i = 0; 2676 ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_ealgs)); i++) { 2677 if (encralgs[i] == NULL || !ALG_VALID(encralgs[i])) 2678 continue; 2679 saalg->sadb_alg_id = encralgs[i]->alg_id; 2680 saalg->sadb_alg_ivlen = encralgs[i]->alg_datalen; 2681 saalg->sadb_alg_minbits = encralgs[i]->alg_ef_minbits; 2682 saalg->sadb_alg_maxbits = encralgs[i]->alg_ef_maxbits; 2683 saalg->sadb_x_alg_defincr = encralgs[i]->alg_ef_default; 2684 saalg->sadb_x_alg_increment = 2685 encralgs[i]->alg_increment; 2686 numalgs_snap++; 2687 saalg++; 2688 } 2689 ASSERT(numalgs_snap == num_ealgs); 2690 #ifdef DEBUG 2691 /* 2692 * Reality check to make sure I snagged all of the 2693 * algorithms. 2694 */ 2695 for (; i < IPSEC_MAX_ALGS; i++) { 2696 if (encralgs[i] != NULL && ALG_VALID(encralgs[i])) { 2697 cmn_err(CE_PANIC, "esp_register_out()! " 2698 "Missed ealg #%d.\n", i); 2699 } 2700 } 2701 #endif /* DEBUG */ 2702 } 2703 2704 current_aalgs = num_aalgs; 2705 current_ealgs = num_ealgs; 2706 2707 mutex_exit(&alg_lock); 2708 2709 /* Now fill the rest of the SADB_REGISTER message. */ 2710 2711 samsg = (sadb_msg_t *)pfkey_msg_mp->b_rptr; 2712 samsg->sadb_msg_version = PF_KEY_V2; 2713 samsg->sadb_msg_type = SADB_REGISTER; 2714 samsg->sadb_msg_errno = 0; 2715 samsg->sadb_msg_satype = SADB_SATYPE_ESP; 2716 samsg->sadb_msg_len = SADB_8TO64(allocsize); 2717 samsg->sadb_msg_reserved = 0; 2718 /* 2719 * Assume caller has sufficient sequence/pid number info. If it's one 2720 * from me over a new alg., I could give two hoots about sequence. 2721 */ 2722 samsg->sadb_msg_seq = sequence; 2723 samsg->sadb_msg_pid = pid; 2724 2725 if (sasupp_auth != NULL) { 2726 sasupp_auth->sadb_supported_len = 2727 SADB_8TO64(sizeof (*sasupp_auth) + 2728 sizeof (*saalg) * current_aalgs); 2729 sasupp_auth->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 2730 sasupp_auth->sadb_supported_reserved = 0; 2731 } 2732 2733 if (sasupp_encr != NULL) { 2734 sasupp_encr->sadb_supported_len = 2735 SADB_8TO64(sizeof (*sasupp_encr) + 2736 sizeof (*saalg) * current_ealgs); 2737 sasupp_encr->sadb_supported_exttype = 2738 SADB_EXT_SUPPORTED_ENCRYPT; 2739 sasupp_encr->sadb_supported_reserved = 0; 2740 } 2741 2742 if (esp_pfkey_q != NULL) 2743 putnext(esp_pfkey_q, keysock_out_mp); 2744 else { 2745 freemsg(keysock_out_mp); 2746 return (B_FALSE); 2747 } 2748 2749 return (B_TRUE); 2750 } 2751 2752 /* 2753 * Invoked when the algorithm table changes. Causes SADB_REGISTER 2754 * messages continaining the current list of algorithms to be 2755 * sent up to the ESP listeners. 2756 */ 2757 void 2758 ipsecesp_algs_changed(void) 2759 { 2760 /* 2761 * Time to send a PF_KEY SADB_REGISTER message to ESP listeners 2762 * everywhere. (The function itself checks for NULL esp_pfkey_q.) 2763 */ 2764 (void) esp_register_out(0, 0, 0); 2765 } 2766 2767 /* 2768 * taskq_dispatch handler. 2769 */ 2770 static void 2771 inbound_task(void *arg) 2772 { 2773 esph_t *esph; 2774 mblk_t *mp = (mblk_t *)arg; 2775 ipsec_in_t *ii = (ipsec_in_t *)mp->b_rptr; 2776 int ipsec_rc; 2777 2778 esp2dbg(("in ESP inbound_task")); 2779 2780 esph = ipsec_inbound_esp_sa(mp); 2781 if (esph == NULL) 2782 return; 2783 ASSERT(ii->ipsec_in_esp_sa != NULL); 2784 ipsec_rc = ii->ipsec_in_esp_sa->ipsa_input_func(mp, esph); 2785 if (ipsec_rc != IPSEC_STATUS_SUCCESS) 2786 return; 2787 ip_fanout_proto_again(mp, NULL, NULL, NULL); 2788 } 2789 2790 /* 2791 * Now that weak-key passed, actually ADD the security association, and 2792 * send back a reply ADD message. 2793 */ 2794 static int 2795 esp_add_sa_finish(mblk_t *mp, sadb_msg_t *samsg, keysock_in_t *ksi) 2796 { 2797 isaf_t *primary, *secondary, *inbound; 2798 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 2799 sadb_address_t *dstext = 2800 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 2801 struct sockaddr_in *dst; 2802 struct sockaddr_in6 *dst6; 2803 boolean_t is_ipv4, clone = B_FALSE, is_inbound = B_FALSE; 2804 uint32_t *dstaddr; 2805 ipsa_t *larval = NULL; 2806 ipsacq_t *acqrec; 2807 iacqf_t *acq_bucket; 2808 mblk_t *acq_msgs = NULL; 2809 int rc; 2810 sadb_t *sp; 2811 int outhash; 2812 mblk_t *lpkt; 2813 2814 /* 2815 * Locate the appropriate table(s). 2816 */ 2817 2818 dst = (struct sockaddr_in *)(dstext + 1); 2819 dst6 = (struct sockaddr_in6 *)dst; 2820 is_ipv4 = (dst->sin_family == AF_INET); 2821 if (is_ipv4) { 2822 sp = &esp_sadb.s_v4; 2823 dstaddr = (uint32_t *)(&dst->sin_addr); 2824 outhash = OUTBOUND_HASH_V4(*(ipaddr_t *)dstaddr); 2825 } else { 2826 sp = &esp_sadb.s_v6; 2827 dstaddr = (uint32_t *)(&dst6->sin6_addr); 2828 outhash = OUTBOUND_HASH_V6(*(in6_addr_t *)dstaddr); 2829 } 2830 inbound = &sp->sdb_if[INBOUND_HASH(assoc->sadb_sa_spi)]; 2831 switch (ksi->ks_in_dsttype) { 2832 case KS_IN_ADDR_MBCAST: 2833 clone = B_TRUE; /* All mcast SAs can be bidirectional */ 2834 /* FALLTHRU */ 2835 case KS_IN_ADDR_ME: 2836 primary = inbound; 2837 secondary = &sp->sdb_of[outhash]; 2838 /* 2839 * If the source address is either one of mine, or unspecified 2840 * (which is best summed up by saying "not 'not mine'"), 2841 * then the association is potentially bi-directional, 2842 * in that it can be used for inbound traffic and outbound 2843 * traffic. The best example of such an SA is a multicast 2844 * SA (which allows me to receive the outbound traffic). 2845 */ 2846 if (ksi->ks_in_srctype != KS_IN_ADDR_NOTME) 2847 clone = B_TRUE; 2848 is_inbound = B_TRUE; 2849 break; 2850 case KS_IN_ADDR_NOTME: 2851 primary = &sp->sdb_of[outhash]; 2852 secondary = inbound; 2853 /* 2854 * If the source address literally not mine (either 2855 * unspecified or not mine), then this SA may have an 2856 * address that WILL be mine after some configuration. 2857 * We pay the price for this by making it a bi-directional 2858 * SA. 2859 */ 2860 if (ksi->ks_in_srctype != KS_IN_ADDR_ME) 2861 clone = B_TRUE; 2862 break; 2863 default: 2864 samsg->sadb_x_msg_diagnostic = SADB_X_DIAGNOSTIC_BAD_DST; 2865 return (EINVAL); 2866 } 2867 2868 /* 2869 * Find a ACQUIRE list entry if possible. If we've added an SA that 2870 * suits the needs of an ACQUIRE list entry, we can eliminate the 2871 * ACQUIRE list entry and transmit the enqueued packets. Use the 2872 * high-bit of the sequence number to queue it. Key off destination 2873 * addr, and change acqrec's state. 2874 */ 2875 2876 if (samsg->sadb_msg_seq & IACQF_LOWEST_SEQ) { 2877 acq_bucket = &sp->sdb_acq[outhash]; 2878 mutex_enter(&acq_bucket->iacqf_lock); 2879 for (acqrec = acq_bucket->iacqf_ipsacq; acqrec != NULL; 2880 acqrec = acqrec->ipsacq_next) { 2881 mutex_enter(&acqrec->ipsacq_lock); 2882 /* 2883 * Q: I only check sequence. Should I check dst? 2884 * A: Yes, check dest because those are the packets 2885 * that are queued up. 2886 */ 2887 if (acqrec->ipsacq_seq == samsg->sadb_msg_seq && 2888 IPSA_ARE_ADDR_EQUAL(dstaddr, 2889 acqrec->ipsacq_dstaddr, acqrec->ipsacq_addrfam)) 2890 break; 2891 mutex_exit(&acqrec->ipsacq_lock); 2892 } 2893 if (acqrec != NULL) { 2894 /* 2895 * AHA! I found an ACQUIRE record for this SA. 2896 * Grab the msg list, and free the acquire record. 2897 * I already am holding the lock for this record, 2898 * so all I have to do is free it. 2899 */ 2900 acq_msgs = acqrec->ipsacq_mp; 2901 acqrec->ipsacq_mp = NULL; 2902 mutex_exit(&acqrec->ipsacq_lock); 2903 sadb_destroy_acquire(acqrec); 2904 } 2905 mutex_exit(&acq_bucket->iacqf_lock); 2906 } 2907 2908 /* 2909 * Find PF_KEY message, and see if I'm an update. If so, find entry 2910 * in larval list (if there). 2911 */ 2912 2913 if (samsg->sadb_msg_type == SADB_UPDATE) { 2914 mutex_enter(&inbound->isaf_lock); 2915 larval = ipsec_getassocbyspi(inbound, assoc->sadb_sa_spi, 2916 ALL_ZEROES_PTR, dstaddr, dst->sin_family); 2917 mutex_exit(&inbound->isaf_lock); 2918 2919 if (larval == NULL) { 2920 esp0dbg(("Larval update, but larval disappeared.\n")); 2921 return (ESRCH); 2922 } /* Else sadb_common_add unlinks it for me! */ 2923 } 2924 2925 lpkt = NULL; 2926 if (larval != NULL) 2927 lpkt = sadb_clear_lpkt(larval); 2928 2929 rc = sadb_common_add(esp_sadb.s_ip_q, esp_pfkey_q, mp, samsg, ksi, 2930 primary, secondary, larval, clone, is_inbound); 2931 2932 if (rc == 0 && lpkt != NULL) { 2933 rc = !taskq_dispatch(esp_taskq, inbound_task, 2934 (void *) lpkt, TQ_NOSLEEP); 2935 } 2936 2937 if (rc != 0) { 2938 ip_drop_packet(lpkt, B_TRUE, NULL, NULL, 2939 &ipdrops_sadb_inlarval_timeout, &esp_dropper); 2940 } 2941 2942 /* 2943 * How much more stack will I create with all of these 2944 * esp_outbound() calls? 2945 */ 2946 2947 while (acq_msgs != NULL) { 2948 mblk_t *mp = acq_msgs; 2949 2950 acq_msgs = acq_msgs->b_next; 2951 mp->b_next = NULL; 2952 if (rc == 0) { 2953 if (ipsec_outbound_sa(mp, IPPROTO_ESP)) { 2954 ((ipsec_out_t *)(mp->b_rptr))-> 2955 ipsec_out_esp_done = B_TRUE; 2956 if (esp_outbound(mp) == IPSEC_STATUS_SUCCESS) { 2957 ipha_t *ipha = (ipha_t *) 2958 mp->b_cont->b_rptr; 2959 2960 /* do AH processing if needed */ 2961 if (!esp_do_outbound_ah(mp)) 2962 continue; 2963 2964 /* finish IPsec processing */ 2965 if (is_ipv4) { 2966 ip_wput_ipsec_out(NULL, mp, 2967 ipha, NULL, NULL); 2968 } else { 2969 ip6_t *ip6h = (ip6_t *)ipha; 2970 ip_wput_ipsec_out_v6(NULL, 2971 mp, ip6h, NULL, NULL); 2972 } 2973 } 2974 continue; 2975 } 2976 } 2977 ESP_BUMP_STAT(out_discards); 2978 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2979 &ipdrops_sadb_acquire_timeout, &esp_dropper); 2980 } 2981 2982 return (rc); 2983 } 2984 2985 /* 2986 * Add new ESP security association. This may become a generic AH/ESP 2987 * routine eventually. 2988 */ 2989 static int 2990 esp_add_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic) 2991 { 2992 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 2993 sadb_address_t *srcext = 2994 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC]; 2995 sadb_address_t *dstext = 2996 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 2997 sadb_address_t *nttext_loc = 2998 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_NATT_LOC]; 2999 sadb_address_t *nttext_rem = 3000 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_NATT_REM]; 3001 sadb_key_t *akey = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_AUTH]; 3002 sadb_key_t *ekey = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_ENCRYPT]; 3003 struct sockaddr_in *src, *dst; 3004 struct sockaddr_in *natt_loc, *natt_rem; 3005 struct sockaddr_in6 *natt_loc6, *natt_rem6; 3006 3007 sadb_lifetime_t *soft = 3008 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_SOFT]; 3009 sadb_lifetime_t *hard = 3010 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_HARD]; 3011 3012 /* I need certain extensions present for an ADD message. */ 3013 if (srcext == NULL) { 3014 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SRC; 3015 return (EINVAL); 3016 } 3017 if (dstext == NULL) { 3018 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST; 3019 return (EINVAL); 3020 } 3021 if (assoc == NULL) { 3022 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA; 3023 return (EINVAL); 3024 } 3025 if (ekey == NULL && assoc->sadb_sa_encrypt != SADB_EALG_NULL) { 3026 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_EKEY; 3027 return (EINVAL); 3028 } 3029 3030 src = (struct sockaddr_in *)(srcext + 1); 3031 dst = (struct sockaddr_in *)(dstext + 1); 3032 natt_loc = (struct sockaddr_in *)(nttext_loc + 1); 3033 natt_loc6 = (struct sockaddr_in6 *)(nttext_loc + 1); 3034 natt_rem = (struct sockaddr_in *)(nttext_rem + 1); 3035 natt_rem6 = (struct sockaddr_in6 *)(nttext_rem + 1); 3036 3037 /* Sundry ADD-specific reality checks. */ 3038 /* XXX STATS : Logging/stats here? */ 3039 if (assoc->sadb_sa_state != SADB_SASTATE_MATURE) { 3040 *diagnostic = SADB_X_DIAGNOSTIC_BAD_SASTATE; 3041 return (EINVAL); 3042 } 3043 if (assoc->sadb_sa_encrypt == SADB_EALG_NONE) { 3044 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG; 3045 return (EINVAL); 3046 } 3047 3048 if (assoc->sadb_sa_encrypt == SADB_EALG_NULL && 3049 assoc->sadb_sa_auth == SADB_AALG_NONE) { 3050 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG; 3051 return (EINVAL); 3052 } 3053 3054 if (assoc->sadb_sa_flags & ~(SADB_SAFLAGS_NOREPLAY | 3055 SADB_X_SAFLAGS_NATT_LOC | SADB_X_SAFLAGS_NATT_REM)) { 3056 *diagnostic = SADB_X_DIAGNOSTIC_BAD_SAFLAGS; 3057 return (EINVAL); 3058 } 3059 3060 if ((*diagnostic = sadb_hardsoftchk(hard, soft)) != 0) { 3061 return (EINVAL); 3062 } 3063 if (src->sin_family != dst->sin_family) { 3064 *diagnostic = SADB_X_DIAGNOSTIC_AF_MISMATCH; 3065 return (EINVAL); 3066 } 3067 3068 3069 if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_LOC) { 3070 if (nttext_loc == NULL) { 3071 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_NATT_LOC; 3072 return (EINVAL); 3073 } 3074 3075 if (natt_loc->sin_family == AF_INET6 && 3076 !IN6_IS_ADDR_V4MAPPED(&natt_loc6->sin6_addr)) { 3077 *diagnostic = SADB_X_DIAGNOSTIC_MALFORMED_NATT_LOC; 3078 return (EINVAL); 3079 } 3080 } 3081 3082 if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_REM) { 3083 if (nttext_rem == NULL) { 3084 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_NATT_REM; 3085 return (EINVAL); 3086 } 3087 if (natt_rem->sin_family == AF_INET6 && 3088 !IN6_IS_ADDR_V4MAPPED(&natt_rem6->sin6_addr)) { 3089 *diagnostic = SADB_X_DIAGNOSTIC_MALFORMED_NATT_REM; 3090 return (EINVAL); 3091 } 3092 } 3093 3094 3095 /* Stuff I don't support, for now. XXX Diagnostic? */ 3096 if (ksi->ks_in_extv[SADB_EXT_LIFETIME_CURRENT] != NULL || 3097 ksi->ks_in_extv[SADB_EXT_SENSITIVITY] != NULL) 3098 return (EOPNOTSUPP); 3099 3100 /* 3101 * XXX Policy : I'm not checking identities or sensitivity 3102 * labels at this time, but if I did, I'd do them here, before I sent 3103 * the weak key check up to the algorithm. 3104 */ 3105 3106 mutex_enter(&alg_lock); 3107 3108 /* 3109 * First locate the authentication algorithm. 3110 */ 3111 if (akey != NULL) { 3112 ipsec_alginfo_t *aalg; 3113 3114 aalg = ipsec_alglists[IPSEC_ALG_AUTH][assoc->sadb_sa_auth]; 3115 if (aalg == NULL || !ALG_VALID(aalg)) { 3116 mutex_exit(&alg_lock); 3117 esp1dbg(("Couldn't find auth alg #%d.\n", 3118 assoc->sadb_sa_auth)); 3119 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG; 3120 return (EINVAL); 3121 } 3122 ASSERT(aalg->alg_mech_type != CRYPTO_MECHANISM_INVALID); 3123 3124 /* sanity check key sizes */ 3125 if (!ipsec_valid_key_size(akey->sadb_key_bits, aalg)) { 3126 mutex_exit(&alg_lock); 3127 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AKEYBITS; 3128 return (EINVAL); 3129 } 3130 3131 /* check key and fix parity if needed */ 3132 if (ipsec_check_key(aalg->alg_mech_type, akey, B_TRUE, 3133 diagnostic) != 0) { 3134 mutex_exit(&alg_lock); 3135 return (EINVAL); 3136 } 3137 } 3138 3139 /* 3140 * Then locate the encryption algorithm. 3141 */ 3142 if (ekey != NULL) { 3143 ipsec_alginfo_t *ealg; 3144 3145 ealg = ipsec_alglists[IPSEC_ALG_ENCR][assoc->sadb_sa_encrypt]; 3146 if (ealg == NULL || !ALG_VALID(ealg)) { 3147 mutex_exit(&alg_lock); 3148 esp1dbg(("Couldn't find encr alg #%d.\n", 3149 assoc->sadb_sa_encrypt)); 3150 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG; 3151 return (EINVAL); 3152 } 3153 ASSERT(ealg->alg_mech_type != CRYPTO_MECHANISM_INVALID); 3154 3155 /* sanity check key sizes */ 3156 if (!ipsec_valid_key_size(ekey->sadb_key_bits, ealg)) { 3157 mutex_exit(&alg_lock); 3158 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EKEYBITS; 3159 return (EINVAL); 3160 } 3161 3162 /* check key */ 3163 if (ipsec_check_key(ealg->alg_mech_type, ekey, B_FALSE, 3164 diagnostic) != 0) { 3165 mutex_exit(&alg_lock); 3166 return (EINVAL); 3167 } 3168 } 3169 mutex_exit(&alg_lock); 3170 3171 return (esp_add_sa_finish(mp, (sadb_msg_t *)mp->b_cont->b_rptr, ksi)); 3172 } 3173 3174 /* 3175 * Update a security association. Updates come in two varieties. The first 3176 * is an update of lifetimes on a non-larval SA. The second is an update of 3177 * a larval SA, which ends up looking a lot more like an add. 3178 */ 3179 static int 3180 esp_update_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic) 3181 { 3182 sadb_address_t *dstext = 3183 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3184 struct sockaddr_in *sin; 3185 3186 if (dstext == NULL) { 3187 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST; 3188 return (EINVAL); 3189 } 3190 3191 sin = (struct sockaddr_in *)(dstext + 1); 3192 return (sadb_update_sa(mp, ksi, 3193 (sin->sin_family == AF_INET6) ? &esp_sadb.s_v6 : &esp_sadb.s_v4, 3194 diagnostic, esp_pfkey_q, esp_add_sa)); 3195 } 3196 3197 /* 3198 * Delete a security association. This is REALLY likely to be code common to 3199 * both AH and ESP. Find the association, then unlink it. 3200 */ 3201 static int 3202 esp_del_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic) 3203 { 3204 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 3205 sadb_address_t *dstext = 3206 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3207 sadb_address_t *srcext = 3208 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC]; 3209 struct sockaddr_in *sin; 3210 3211 if (assoc == NULL) { 3212 if (dstext != NULL) { 3213 sin = (struct sockaddr_in *)(dstext + 1); 3214 } else if (srcext != NULL) { 3215 sin = (struct sockaddr_in *)(srcext + 1); 3216 } else { 3217 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA; 3218 return (EINVAL); 3219 } 3220 return sadb_purge_sa(mp, ksi, 3221 (sin->sin_family == AF_INET6) ? &esp_sadb.s_v6 : 3222 &esp_sadb.s_v4, 3223 diagnostic, esp_pfkey_q, esp_sadb.s_ip_q); 3224 } 3225 3226 return (sadb_del_sa(mp, ksi, &esp_sadb, diagnostic, esp_pfkey_q)); 3227 } 3228 3229 /* 3230 * Convert the entire contents of all of ESP's SA tables into PF_KEY SADB_DUMP 3231 * messages. 3232 */ 3233 static void 3234 esp_dump(mblk_t *mp, keysock_in_t *ksi) 3235 { 3236 int error; 3237 sadb_msg_t *samsg; 3238 3239 /* 3240 * Dump each fanout, bailing if error is non-zero. 3241 */ 3242 3243 error = sadb_dump(esp_pfkey_q, mp, ksi->ks_in_serial, &esp_sadb.s_v4); 3244 if (error != 0) 3245 goto bail; 3246 3247 error = sadb_dump(esp_pfkey_q, mp, ksi->ks_in_serial, &esp_sadb.s_v6); 3248 bail: 3249 ASSERT(mp->b_cont != NULL); 3250 samsg = (sadb_msg_t *)mp->b_cont->b_rptr; 3251 samsg->sadb_msg_errno = (uint8_t)error; 3252 sadb_pfkey_echo(esp_pfkey_q, mp, (sadb_msg_t *)mp->b_cont->b_rptr, ksi, 3253 NULL); 3254 } 3255 3256 /* 3257 * ESP parsing of PF_KEY messages. Keysock did most of the really silly 3258 * error cases. What I receive is a fully-formed, syntactically legal 3259 * PF_KEY message. I then need to check semantics... 3260 * 3261 * This code may become common to AH and ESP. Stay tuned. 3262 * 3263 * I also make the assumption that db_ref's are cool. If this assumption 3264 * is wrong, this means that someone other than keysock or me has been 3265 * mucking with PF_KEY messages. 3266 */ 3267 static void 3268 esp_parse_pfkey(mblk_t *mp) 3269 { 3270 mblk_t *msg = mp->b_cont; 3271 sadb_msg_t *samsg; 3272 keysock_in_t *ksi; 3273 int error; 3274 int diagnostic = SADB_X_DIAGNOSTIC_NONE; 3275 3276 ASSERT(msg != NULL); 3277 samsg = (sadb_msg_t *)msg->b_rptr; 3278 ksi = (keysock_in_t *)mp->b_rptr; 3279 3280 /* 3281 * If applicable, convert unspecified AF_INET6 to unspecified 3282 * AF_INET. 3283 */ 3284 sadb_srcaddrfix(ksi); 3285 3286 switch (samsg->sadb_msg_type) { 3287 case SADB_ADD: 3288 error = esp_add_sa(mp, ksi, &diagnostic); 3289 if (error != 0) { 3290 sadb_pfkey_error(esp_pfkey_q, mp, error, diagnostic, 3291 ksi->ks_in_serial); 3292 } 3293 /* else esp_add_sa() took care of things. */ 3294 break; 3295 case SADB_DELETE: 3296 error = esp_del_sa(mp, ksi, &diagnostic); 3297 if (error != 0) { 3298 sadb_pfkey_error(esp_pfkey_q, mp, error, diagnostic, 3299 ksi->ks_in_serial); 3300 } 3301 /* Else esp_del_sa() took care of things. */ 3302 break; 3303 case SADB_GET: 3304 error = sadb_get_sa(mp, ksi, &esp_sadb, &diagnostic, 3305 esp_pfkey_q); 3306 if (error != 0) { 3307 sadb_pfkey_error(esp_pfkey_q, mp, error, diagnostic, 3308 ksi->ks_in_serial); 3309 } 3310 /* Else sadb_get_sa() took care of things. */ 3311 break; 3312 case SADB_FLUSH: 3313 sadbp_flush(&esp_sadb); 3314 sadb_pfkey_echo(esp_pfkey_q, mp, samsg, ksi, NULL); 3315 break; 3316 case SADB_REGISTER: 3317 /* 3318 * Hmmm, let's do it! Check for extensions (there should 3319 * be none), extract the fields, call esp_register_out(), 3320 * then either free or report an error. 3321 * 3322 * Keysock takes care of the PF_KEY bookkeeping for this. 3323 */ 3324 if (esp_register_out(samsg->sadb_msg_seq, samsg->sadb_msg_pid, 3325 ksi->ks_in_serial)) { 3326 freemsg(mp); 3327 } else { 3328 /* 3329 * Only way this path hits is if there is a memory 3330 * failure. It will not return B_FALSE because of 3331 * lack of esp_pfkey_q if I am in wput(). 3332 */ 3333 sadb_pfkey_error(esp_pfkey_q, mp, ENOMEM, diagnostic, 3334 ksi->ks_in_serial); 3335 } 3336 break; 3337 case SADB_UPDATE: 3338 /* 3339 * Find a larval, if not there, find a full one and get 3340 * strict. 3341 */ 3342 error = esp_update_sa(mp, ksi, &diagnostic); 3343 if (error != 0) { 3344 sadb_pfkey_error(esp_pfkey_q, mp, error, diagnostic, 3345 ksi->ks_in_serial); 3346 } 3347 /* else esp_update_sa() took care of things. */ 3348 break; 3349 case SADB_GETSPI: 3350 /* 3351 * Reserve a new larval entry. 3352 */ 3353 esp_getspi(mp, ksi); 3354 break; 3355 case SADB_ACQUIRE: 3356 /* 3357 * Find larval and/or ACQUIRE record and kill it (them), I'm 3358 * most likely an error. Inbound ACQUIRE messages should only 3359 * have the base header. 3360 */ 3361 sadb_in_acquire(samsg, &esp_sadb, esp_pfkey_q); 3362 freemsg(mp); 3363 break; 3364 case SADB_DUMP: 3365 /* 3366 * Dump all entries. 3367 */ 3368 esp_dump(mp, ksi); 3369 /* esp_dump will take care of the return message, etc. */ 3370 break; 3371 case SADB_EXPIRE: 3372 /* Should never reach me. */ 3373 sadb_pfkey_error(esp_pfkey_q, mp, EOPNOTSUPP, diagnostic, 3374 ksi->ks_in_serial); 3375 break; 3376 default: 3377 sadb_pfkey_error(esp_pfkey_q, mp, EINVAL, 3378 SADB_X_DIAGNOSTIC_UNKNOWN_MSG, ksi->ks_in_serial); 3379 break; 3380 } 3381 } 3382 3383 /* 3384 * Handle case where PF_KEY says it can't find a keysock for one of my 3385 * ACQUIRE messages. 3386 */ 3387 static void 3388 esp_keysock_no_socket(mblk_t *mp) 3389 { 3390 sadb_msg_t *samsg; 3391 keysock_out_err_t *kse = (keysock_out_err_t *)mp->b_rptr; 3392 3393 if (mp->b_cont == NULL) { 3394 freemsg(mp); 3395 return; 3396 } 3397 samsg = (sadb_msg_t *)mp->b_cont->b_rptr; 3398 3399 /* 3400 * If keysock can't find any registered, delete the acquire record 3401 * immediately, and handle errors. 3402 */ 3403 if (samsg->sadb_msg_type == SADB_ACQUIRE) { 3404 samsg->sadb_msg_errno = kse->ks_err_errno; 3405 samsg->sadb_msg_len = SADB_8TO64(sizeof (*samsg)); 3406 /* 3407 * Use the write-side of the esp_pfkey_q, in case there is 3408 * no esp_sadb.s_ip_q. 3409 */ 3410 sadb_in_acquire(samsg, &esp_sadb, WR(esp_pfkey_q)); 3411 } 3412 3413 freemsg(mp); 3414 } 3415 3416 /* 3417 * First-cut reality check for an inbound PF_KEY message. 3418 */ 3419 static boolean_t 3420 esp_pfkey_reality_failures(mblk_t *mp, keysock_in_t *ksi) 3421 { 3422 int diagnostic; 3423 3424 if (ksi->ks_in_extv[SADB_EXT_PROPOSAL] != NULL) { 3425 diagnostic = SADB_X_DIAGNOSTIC_PROP_PRESENT; 3426 goto badmsg; 3427 } 3428 if (ksi->ks_in_extv[SADB_EXT_SUPPORTED_AUTH] != NULL || 3429 ksi->ks_in_extv[SADB_EXT_SUPPORTED_ENCRYPT] != NULL) { 3430 diagnostic = SADB_X_DIAGNOSTIC_SUPP_PRESENT; 3431 goto badmsg; 3432 } 3433 if (ksi->ks_in_srctype == KS_IN_ADDR_MBCAST) { 3434 diagnostic = SADB_X_DIAGNOSTIC_BAD_SRC; 3435 goto badmsg; 3436 } 3437 if (ksi->ks_in_dsttype == KS_IN_ADDR_UNSPEC) { 3438 diagnostic = SADB_X_DIAGNOSTIC_BAD_DST; 3439 goto badmsg; 3440 } 3441 3442 return (B_FALSE); /* False ==> no failures */ 3443 3444 badmsg: 3445 sadb_pfkey_error(esp_pfkey_q, mp, EINVAL, diagnostic, 3446 ksi->ks_in_serial); 3447 return (B_TRUE); /* True ==> failures */ 3448 } 3449 3450 /* 3451 * ESP module write put routine. 3452 */ 3453 static void 3454 ipsecesp_wput(queue_t *q, mblk_t *mp) 3455 { 3456 ipsec_info_t *ii; 3457 keysock_in_t *ksi; 3458 int rc; 3459 struct iocblk *iocp; 3460 3461 esp3dbg(("In esp_wput().\n")); 3462 3463 /* NOTE: Each case must take care of freeing or passing mp. */ 3464 switch (mp->b_datap->db_type) { 3465 case M_CTL: 3466 if ((mp->b_wptr - mp->b_rptr) < sizeof (ipsec_info_t)) { 3467 /* Not big enough message. */ 3468 freemsg(mp); 3469 break; 3470 } 3471 ii = (ipsec_info_t *)mp->b_rptr; 3472 3473 switch (ii->ipsec_info_type) { 3474 case KEYSOCK_OUT_ERR: 3475 esp1dbg(("Got KEYSOCK_OUT_ERR message.\n")); 3476 esp_keysock_no_socket(mp); 3477 break; 3478 case KEYSOCK_IN: 3479 ESP_BUMP_STAT(keysock_in); 3480 esp3dbg(("Got KEYSOCK_IN message.\n")); 3481 ksi = (keysock_in_t *)ii; 3482 /* 3483 * Some common reality checks. 3484 */ 3485 3486 if (esp_pfkey_reality_failures(mp, ksi)) 3487 return; 3488 3489 /* 3490 * Use 'q' instead of esp_sadb.s_ip_q, since 3491 * it's the write side already, and it'll go 3492 * down to IP. Use esp_pfkey_q because we 3493 * wouldn't get here if that weren't set, and 3494 * the RD(q) has been done already. 3495 */ 3496 if (ksi->ks_in_srctype == KS_IN_ADDR_UNKNOWN) { 3497 rc = sadb_addrcheck(q, esp_pfkey_q, mp, 3498 ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC], 3499 ksi->ks_in_serial); 3500 if (rc == KS_IN_ADDR_UNKNOWN) 3501 return; 3502 else 3503 ksi->ks_in_srctype = rc; 3504 } 3505 if (ksi->ks_in_dsttype == KS_IN_ADDR_UNKNOWN) { 3506 rc = sadb_addrcheck(q, esp_pfkey_q, mp, 3507 ksi->ks_in_extv[SADB_EXT_ADDRESS_DST], 3508 ksi->ks_in_serial); 3509 if (rc == KS_IN_ADDR_UNKNOWN) 3510 return; 3511 else 3512 ksi->ks_in_dsttype = rc; 3513 } 3514 /* 3515 * XXX Proxy may be a different address family. 3516 */ 3517 if (ksi->ks_in_proxytype == KS_IN_ADDR_UNKNOWN) { 3518 rc = sadb_addrcheck(q, esp_pfkey_q, mp, 3519 ksi->ks_in_extv[SADB_EXT_ADDRESS_PROXY], 3520 ksi->ks_in_serial); 3521 if (rc == KS_IN_ADDR_UNKNOWN) 3522 return; 3523 else 3524 ksi->ks_in_proxytype = rc; 3525 } 3526 esp_parse_pfkey(mp); 3527 break; 3528 case KEYSOCK_HELLO: 3529 sadb_keysock_hello(&esp_pfkey_q, q, mp, 3530 esp_ager, &esp_event, SADB_SATYPE_ESP); 3531 break; 3532 default: 3533 esp2dbg(("Got M_CTL from above of 0x%x.\n", 3534 ii->ipsec_info_type)); 3535 freemsg(mp); 3536 break; 3537 } 3538 break; 3539 case M_IOCTL: 3540 iocp = (struct iocblk *)mp->b_rptr; 3541 switch (iocp->ioc_cmd) { 3542 case ND_SET: 3543 case ND_GET: 3544 if (nd_getset(q, ipsecesp_g_nd, mp)) { 3545 qreply(q, mp); 3546 return; 3547 } else { 3548 iocp->ioc_error = ENOENT; 3549 } 3550 /* FALLTHRU */ 3551 default: 3552 /* We really don't support any other ioctls, do we? */ 3553 3554 /* Return EINVAL */ 3555 if (iocp->ioc_error != ENOENT) 3556 iocp->ioc_error = EINVAL; 3557 iocp->ioc_count = 0; 3558 mp->b_datap->db_type = M_IOCACK; 3559 qreply(q, mp); 3560 return; 3561 } 3562 default: 3563 esp3dbg(("Got default message, type %d, passing to IP.\n", 3564 mp->b_datap->db_type)); 3565 putnext(q, mp); 3566 } 3567 } 3568 3569 /* 3570 * Process an outbound ESP packet that can be accelerated by a IPsec 3571 * hardware acceleration capable Provider. 3572 * The caller already inserted and initialized the ESP header. 3573 * This function allocates a tagging M_CTL, and adds room at the end 3574 * of the packet to hold the ICV if authentication is needed. 3575 * 3576 * On success returns B_TRUE, on failure returns B_FALSE and frees the 3577 * mblk chain ipsec_out. 3578 */ 3579 static ipsec_status_t 3580 esp_outbound_accelerated(mblk_t *ipsec_out, uint_t icv_len) 3581 { 3582 ipsec_out_t *io; 3583 mblk_t *lastmp; 3584 3585 ESP_BUMP_STAT(out_accelerated); 3586 3587 io = (ipsec_out_t *)ipsec_out->b_rptr; 3588 3589 /* mark packet as being accelerated in IPSEC_OUT */ 3590 ASSERT(io->ipsec_out_accelerated == B_FALSE); 3591 io->ipsec_out_accelerated = B_TRUE; 3592 3593 /* 3594 * add room at the end of the packet for the ICV if needed 3595 */ 3596 if (icv_len > 0) { 3597 /* go to last mblk */ 3598 lastmp = ipsec_out; /* For following while loop. */ 3599 do { 3600 lastmp = lastmp->b_cont; 3601 } while (lastmp->b_cont != NULL); 3602 3603 /* if not enough available room, allocate new mblk */ 3604 if ((lastmp->b_wptr + icv_len) > lastmp->b_datap->db_lim) { 3605 lastmp->b_cont = allocb(icv_len, BPRI_HI); 3606 if (lastmp->b_cont == NULL) { 3607 ESP_BUMP_STAT(out_discards); 3608 ip_drop_packet(ipsec_out, B_FALSE, NULL, NULL, 3609 &ipdrops_esp_nomem, &esp_dropper); 3610 return (IPSEC_STATUS_FAILED); 3611 } 3612 lastmp = lastmp->b_cont; 3613 } 3614 lastmp->b_wptr += icv_len; 3615 } 3616 3617 return (IPSEC_STATUS_SUCCESS); 3618 } 3619 3620 /* 3621 * Process an inbound accelerated ESP packet. 3622 * On success returns B_TRUE, on failure returns B_FALSE and frees the 3623 * mblk chain ipsec_in. 3624 */ 3625 static ipsec_status_t 3626 esp_inbound_accelerated(mblk_t *ipsec_in, mblk_t *data_mp, boolean_t isv4, 3627 ipsa_t *assoc) 3628 { 3629 ipsec_in_t *ii; 3630 mblk_t *hada_mp; 3631 uint32_t icv_len = 0; 3632 da_ipsec_t *hada; 3633 ipha_t *ipha; 3634 ip6_t *ip6h; 3635 kstat_named_t *counter; 3636 3637 ESP_BUMP_STAT(in_accelerated); 3638 3639 ii = (ipsec_in_t *)ipsec_in->b_rptr; 3640 hada_mp = ii->ipsec_in_da; 3641 ASSERT(hada_mp != NULL); 3642 hada = (da_ipsec_t *)hada_mp->b_rptr; 3643 3644 /* 3645 * We only support one level of decapsulation in hardware, so 3646 * nuke the pointer. 3647 */ 3648 ii->ipsec_in_da = NULL; 3649 ii->ipsec_in_accelerated = B_FALSE; 3650 3651 if (assoc->ipsa_auth_alg != IPSA_AALG_NONE) { 3652 /* 3653 * ESP with authentication. We expect the Provider to have 3654 * computed the ICV and placed it in the hardware acceleration 3655 * data attributes. 3656 * 3657 * Extract ICV length from attributes M_CTL and sanity check 3658 * its value. We allow the mblk to be smaller than da_ipsec_t 3659 * for a small ICV, as long as the entire ICV fits within the 3660 * mblk. 3661 * 3662 * Also ensures that the ICV length computed by Provider 3663 * corresponds to the ICV length of the agorithm specified by 3664 * the SA. 3665 */ 3666 icv_len = hada->da_icv_len; 3667 if ((icv_len != assoc->ipsa_mac_len) || 3668 (icv_len > DA_ICV_MAX_LEN) || (MBLKL(hada_mp) < 3669 (sizeof (da_ipsec_t) - DA_ICV_MAX_LEN + icv_len))) { 3670 esp0dbg(("esp_inbound_accelerated: " 3671 "ICV len (%u) incorrect or mblk too small (%u)\n", 3672 icv_len, (uint32_t)(MBLKL(hada_mp)))); 3673 counter = &ipdrops_esp_bad_auth; 3674 goto esp_in_discard; 3675 } 3676 } 3677 3678 /* get pointers to IP header */ 3679 if (isv4) { 3680 ipha = (ipha_t *)data_mp->b_rptr; 3681 } else { 3682 ip6h = (ip6_t *)data_mp->b_rptr; 3683 } 3684 3685 /* 3686 * Compare ICV in ESP packet vs ICV computed by adapter. 3687 * We also remove the ICV from the end of the packet since 3688 * it will no longer be needed. 3689 * 3690 * Assume that esp_inbound() already ensured that the pkt 3691 * was in one mblk. 3692 */ 3693 ASSERT(data_mp->b_cont == NULL); 3694 data_mp->b_wptr -= icv_len; 3695 /* adjust IP header */ 3696 if (isv4) 3697 ipha->ipha_length = htons(ntohs(ipha->ipha_length) - icv_len); 3698 else 3699 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - icv_len); 3700 if (icv_len && bcmp(hada->da_icv, data_mp->b_wptr, icv_len)) { 3701 int af; 3702 void *addr; 3703 3704 if (isv4) { 3705 addr = &ipha->ipha_dst; 3706 af = AF_INET; 3707 } else { 3708 addr = &ip6h->ip6_dst; 3709 af = AF_INET6; 3710 } 3711 3712 /* 3713 * Log the event. Don't print to the console, block 3714 * potential denial-of-service attack. 3715 */ 3716 ESP_BUMP_STAT(bad_auth); 3717 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 3718 "ESP Authentication failed spi %x, dst_addr %s", 3719 assoc->ipsa_spi, addr, af); 3720 counter = &ipdrops_esp_bad_auth; 3721 goto esp_in_discard; 3722 } 3723 3724 esp3dbg(("esp_inbound_accelerated: ESP authentication succeeded, " 3725 "checking replay\n")); 3726 3727 ipsec_in->b_cont = data_mp; 3728 3729 /* 3730 * Remove ESP header and padding from packet. 3731 */ 3732 if (!esp_strip_header(data_mp, ii->ipsec_in_v4, assoc->ipsa_iv_len, 3733 &counter)) { 3734 esp1dbg(("esp_inbound_accelerated: " 3735 "esp_strip_header() failed\n")); 3736 goto esp_in_discard; 3737 } 3738 3739 freeb(hada_mp); 3740 3741 /* 3742 * Account for usage.. 3743 */ 3744 if (!esp_age_bytes(assoc, msgdsize(data_mp), B_TRUE)) { 3745 /* The ipsa has hit hard expiration, LOG and AUDIT. */ 3746 ESP_BUMP_STAT(bytes_expired); 3747 IP_ESP_BUMP_STAT(in_discards); 3748 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 3749 "ESP association 0x%x, dst %s had bytes expire.\n", 3750 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam); 3751 ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL, 3752 &ipdrops_esp_bytes_expire, &esp_dropper); 3753 return (IPSEC_STATUS_FAILED); 3754 } 3755 3756 /* done processing the packet */ 3757 return (IPSEC_STATUS_SUCCESS); 3758 3759 esp_in_discard: 3760 IP_ESP_BUMP_STAT(in_discards); 3761 freeb(hada_mp); 3762 3763 ipsec_in->b_cont = data_mp; /* For ip_drop_packet()'s sake... */ 3764 ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL, counter, &esp_dropper); 3765 3766 return (IPSEC_STATUS_FAILED); 3767 } 3768 3769 /* 3770 * Wrapper to allow IP to trigger an ESP association failure message 3771 * during inbound SA selection. 3772 */ 3773 void 3774 ipsecesp_in_assocfailure(mblk_t *mp, char level, ushort_t sl, char *fmt, 3775 uint32_t spi, void *addr, int af) 3776 { 3777 if (ipsecesp_log_unknown_spi) { 3778 ipsec_assocfailure(info.mi_idnum, 0, level, sl, fmt, spi, 3779 addr, af); 3780 } 3781 3782 ip_drop_packet(mp, B_TRUE, NULL, NULL, &ipdrops_esp_no_sa, 3783 &esp_dropper); 3784 } 3785 3786 /* 3787 * Initialize the ESP input and output processing functions. 3788 */ 3789 void 3790 ipsecesp_init_funcs(ipsa_t *sa) 3791 { 3792 if (sa->ipsa_output_func == NULL) 3793 sa->ipsa_output_func = esp_outbound; 3794 if (sa->ipsa_input_func == NULL) 3795 sa->ipsa_input_func = esp_inbound; 3796 } 3797