1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _INET_SADB_H 27 #define _INET_SADB_H 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 #include <inet/ipsec_info.h> 34 #include <sys/crypto/common.h> 35 #include <sys/crypto/api.h> 36 #include <sys/note.h> 37 38 #define IPSA_MAX_ADDRLEN 4 /* Max address len. (in 32-bits) for an SA. */ 39 40 /* 41 * Return codes of IPsec processing functions. 42 */ 43 typedef enum { 44 IPSEC_STATUS_SUCCESS = 1, 45 IPSEC_STATUS_FAILED = 2, 46 IPSEC_STATUS_PENDING = 3 47 } ipsec_status_t; 48 49 /* 50 * The Initialization Vector (also known as IV or Nonce) used to 51 * initialize the Block Cipher, is made up of a Counter and a Salt. 52 * The Counter is fixed at 64 bits and is incremented for each packet. 53 * The Salt value can be any whole byte value upto 64 bits. This is 54 * algorithm mode specific and can be configured with ipsecalgs(1m). 55 * 56 * We only support whole byte salt lengths, this is because the salt is 57 * stored in an array of uint8_t's. This is enforced by ipsecalgs(1m) 58 * which configures the salt length as a number of bytes. Checks are 59 * made to ensure the salt length defined in ipsecalgs(1m) fits in 60 * the ipsec_nonce_t. 61 * 62 * The Salt value remains constant for the life of the SA, the Salt is 63 * know to both peers, but NOT transmitted on the network. The Counter 64 * portion of the nonce is transmitted over the network with each packet 65 * and is confusingly described as the Initialization Vector by RFCs 66 * 4309/4106. 67 * 68 * The maximum Initialization Vector length is 128 bits, if the actual 69 * size is less, its padded internally by the algorithm. 70 * 71 * The nonce structure is defined like this in the SA (ipsa_t)to ensure 72 * the Initilization Vector (counter) is 64 bit aligned, because it will 73 * be incremented as an uint64_t. The nonce as used by the algorithms is 74 * a straight uint8_t array. 75 * 76 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 77 * | | | | |x|x|x|x| | 78 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 79 * salt_offset <------> 80 * ipsa_saltlen <-------> 81 * ipsa_nonce_buf------^ 82 * ipsa_salt-------------~~~~~~^ 83 * ipsa_nonce------------~~~~~~^ 84 * ipsa_iv-----------------------------^ 85 */ 86 typedef struct ipsec_nonce_s { 87 uint8_t salt[MAXSALTSIZE]; 88 uint64_t iv; 89 } ipsec_nonce_t; 90 91 /* 92 * IP security association. Synchronization assumes 32-bit loads, so 93 * the 64-bit quantities can't even be be read w/o locking it down! 94 */ 95 96 /* keying info */ 97 typedef struct ipsa_key_s { 98 uint8_t *sak_key; /* Algorithm key. */ 99 uint_t sak_keylen; /* Algorithm key length (in bytes). */ 100 uint_t sak_keybits; /* Algorithm key length (in bits) */ 101 uint_t sak_algid; /* Algorithm ID number. */ 102 } ipsa_key_t; 103 104 typedef struct ipsa_s { 105 struct ipsa_s *ipsa_next; /* Next in hash bucket */ 106 struct ipsa_s **ipsa_ptpn; /* Pointer to previous next pointer. */ 107 kmutex_t *ipsa_linklock; /* Pointer to hash-chain lock. */ 108 void (*ipsa_freefunc)(struct ipsa_s *); /* freeassoc function */ 109 void (*ipsa_noncefunc)(struct ipsa_s *, uchar_t *, 110 uint_t, uchar_t *, ipsa_cm_mech_t *, crypto_data_t *); 111 /* 112 * NOTE: I may need more pointers, depending on future SA 113 * requirements. 114 */ 115 ipsa_key_t ipsa_authkeydata; 116 #define ipsa_authkey ipsa_authkeydata.sak_key 117 #define ipsa_authkeylen ipsa_authkeydata.sak_keylen 118 #define ipsa_authkeybits ipsa_authkeydata.sak_keybits 119 #define ipsa_auth_alg ipsa_authkeydata.sak_algid 120 ipsa_key_t ipsa_encrkeydata; 121 #define ipsa_encrkey ipsa_encrkeydata.sak_key 122 #define ipsa_encrkeylen ipsa_encrkeydata.sak_keylen 123 #define ipsa_encrkeybits ipsa_encrkeydata.sak_keybits 124 #define ipsa_encr_alg ipsa_encrkeydata.sak_algid 125 126 struct ipsid_s *ipsa_src_cid; /* Source certificate identity */ 127 struct ipsid_s *ipsa_dst_cid; /* Destination certificate identity */ 128 uint64_t *ipsa_integ; /* Integrity bitmap */ 129 uint64_t *ipsa_sens; /* Sensitivity bitmap */ 130 mblk_t *ipsa_lpkt; /* Packet received while larval (CAS me) */ 131 mblk_t *ipsa_bpkt_head; /* Packets received while idle */ 132 mblk_t *ipsa_bpkt_tail; 133 #define SADB_MAX_IDLEPKTS 100 134 uint8_t ipsa_mblkcnt; /* Number of packets received while idle */ 135 136 /* 137 * PF_KEYv2 supports a replay window size of 255. Hence there is a 138 * need a bit vector to support a replay window of 255. 256 is a nice 139 * round number, so I support that. 140 * 141 * Use an array of uint64_t for best performance on 64-bit 142 * processors. (And hope that 32-bit compilers can handle things 143 * okay.) The " >> 6 " is to get the appropriate number of 64-bit 144 * ints. 145 */ 146 #define SADB_MAX_REPLAY 256 /* Must be 0 mod 64. */ 147 uint64_t ipsa_replay_arr[SADB_MAX_REPLAY >> 6]; 148 149 uint64_t ipsa_unique_id; /* Non-zero for unique SAs */ 150 uint64_t ipsa_unique_mask; /* mask value for unique_id */ 151 152 /* 153 * Reference count semantics: 154 * 155 * An SA has a reference count of 1 if something's pointing 156 * to it. This includes being in a hash table. So if an 157 * SA is in a hash table, it has a reference count of at least 1. 158 * 159 * When a ptr. to an IPSA is assigned, you MUST REFHOLD after 160 * said assignment. When a ptr. to an IPSA is released 161 * you MUST REFRELE. When the refcount hits 0, REFRELE 162 * will free the IPSA. 163 */ 164 kmutex_t ipsa_lock; /* Locks non-linkage/refcnt fields. */ 165 /* Q: Since I may be doing refcnts differently, will I need cv? */ 166 uint_t ipsa_refcnt; /* Reference count. */ 167 168 /* 169 * The following four time fields are the ones monitored by ah_ager() 170 * and esp_ager() respectively. They are all absolute wall-clock 171 * times. The times of creation (i.e. add time) and first use are 172 * pretty straightforward. The soft and hard expire times are 173 * derived from the times of first use and creation, plus the minimum 174 * expiration times in the fields that follow this. 175 * 176 * For example, if I had a hard add time of 30 seconds, and a hard 177 * use time of 15, the ipsa_hardexpiretime would be time of add, plus 178 * 30 seconds. If I USE the SA such that time of first use plus 15 179 * seconds would be earlier than the add time plus 30 seconds, then 180 * ipsa_hardexpiretime would become this earlier time. 181 */ 182 time_t ipsa_addtime; /* Time I was added. */ 183 time_t ipsa_usetime; /* Time of my first use. */ 184 time_t ipsa_lastuse; /* Time of my last use. */ 185 time_t ipsa_idletime; /* Seconds of idle time */ 186 time_t ipsa_last_nat_t_ka; /* Time of my last NAT-T keepalive. */ 187 time_t ipsa_softexpiretime; /* Time of my first soft expire. */ 188 time_t ipsa_hardexpiretime; /* Time of my first hard expire. */ 189 time_t ipsa_idleexpiretime; /* Time of my next idle expire time */ 190 191 struct ipsec_nonce_s *ipsa_nonce_buf; 192 uint8_t *ipsa_nonce; 193 uint_t ipsa_nonce_len; 194 uint8_t *ipsa_salt; 195 uint_t ipsa_saltbits; 196 uint_t ipsa_saltlen; 197 uint64_t *ipsa_iv; 198 199 uint64_t ipsa_iv_hardexpire; 200 uint64_t ipsa_iv_softexpire; 201 /* 202 * The following fields are directly reflected in PF_KEYv2 LIFETIME 203 * extensions. The time_ts are in number-of-seconds, and the bytes 204 * are in... bytes. 205 */ 206 time_t ipsa_softaddlt; /* Seconds of soft lifetime after add. */ 207 time_t ipsa_softuselt; /* Seconds of soft lifetime after first use. */ 208 time_t ipsa_hardaddlt; /* Seconds of hard lifetime after add. */ 209 time_t ipsa_harduselt; /* Seconds of hard lifetime after first use. */ 210 time_t ipsa_idleaddlt; /* Seconds of idle time after add */ 211 time_t ipsa_idleuselt; /* Seconds of idle time after first use */ 212 uint64_t ipsa_softbyteslt; /* Bytes of soft lifetime. */ 213 uint64_t ipsa_hardbyteslt; /* Bytes of hard lifetime. */ 214 uint64_t ipsa_bytes; /* Bytes encrypted/authed by this SA. */ 215 216 /* 217 * "Allocations" are a concept mentioned in PF_KEYv2. We do not 218 * support them, except to record them per the PF_KEYv2 spec. 219 */ 220 uint_t ipsa_softalloc; /* Allocations allowed (soft). */ 221 uint_t ipsa_hardalloc; /* Allocations allowed (hard). */ 222 uint_t ipsa_alloc; /* Allocations made. */ 223 224 uint_t ipsa_integlen; /* Length of the integrity bitmap (bytes). */ 225 uint_t ipsa_senslen; /* Length of the sensitivity bitmap (bytes). */ 226 227 uint_t ipsa_type; /* Type of security association. (AH/etc.) */ 228 uint_t ipsa_dpd; /* Domain for sensitivity bit vectors. */ 229 uint_t ipsa_senslevel; /* Sensitivity level. */ 230 uint_t ipsa_integlevel; /* Integrity level. */ 231 uint_t ipsa_state; /* State of my association. */ 232 uint_t ipsa_replay_wsize; /* Size of replay window */ 233 uint32_t ipsa_flags; /* Flags for security association. */ 234 uint32_t ipsa_spi; /* Security parameters index. */ 235 uint32_t ipsa_replay; /* Highest seen replay value for this SA. */ 236 uint32_t ipsa_kmp; /* key management proto */ 237 uint32_t ipsa_kmc; /* key management cookie */ 238 239 boolean_t ipsa_haspeer; /* Has peer in another table. */ 240 241 /* 242 * Address storage. 243 * The source address can be INADDR_ANY, IN6ADDR_ANY, etc. 244 * 245 * Address families (per sys/socket.h) guide us. We could have just 246 * used sockaddr_storage 247 */ 248 sa_family_t ipsa_addrfam; 249 sa_family_t ipsa_innerfam; /* Inner AF can be != src/dst AF. */ 250 251 uint32_t ipsa_srcaddr[IPSA_MAX_ADDRLEN]; 252 uint32_t ipsa_dstaddr[IPSA_MAX_ADDRLEN]; 253 uint32_t ipsa_innersrc[IPSA_MAX_ADDRLEN]; 254 uint32_t ipsa_innerdst[IPSA_MAX_ADDRLEN]; 255 256 uint8_t ipsa_innersrcpfx; 257 uint8_t ipsa_innerdstpfx; 258 259 uint16_t ipsa_inbound_cksum; /* cksum correction for inbound packets */ 260 uint16_t ipsa_local_nat_port; /* Local NAT-T port. (0 --> 4500) */ 261 uint16_t ipsa_remote_nat_port; /* The other port that isn't 4500 */ 262 263 /* these can only be v4 */ 264 uint32_t ipsa_natt_addr_loc; 265 uint32_t ipsa_natt_addr_rem; 266 267 /* 268 * icmp type and code. *_end are to specify ranges. if only 269 * a single value, * and *_end are the same value. 270 */ 271 uint8_t ipsa_icmp_type; 272 uint8_t ipsa_icmp_type_end; 273 uint8_t ipsa_icmp_code; 274 uint8_t ipsa_icmp_code_end; 275 276 /* 277 * For the kernel crypto framework. 278 */ 279 crypto_key_t ipsa_kcfauthkey; /* authentication key */ 280 crypto_key_t ipsa_kcfencrkey; /* encryption key */ 281 crypto_ctx_template_t ipsa_authtmpl; /* auth context template */ 282 crypto_ctx_template_t ipsa_encrtmpl; /* encr context template */ 283 crypto_mechanism_t ipsa_amech; /* auth mech type and ICV len */ 284 crypto_mechanism_t ipsa_emech; /* encr mech type */ 285 size_t ipsa_mac_len; /* auth MAC/ICV length */ 286 size_t ipsa_iv_len; /* encr IV length */ 287 size_t ipsa_datalen; /* block length in bytes. */ 288 289 /* 290 * Input and output processing functions called from IP. 291 */ 292 ipsec_status_t (*ipsa_output_func)(mblk_t *); 293 ipsec_status_t (*ipsa_input_func)(mblk_t *, void *); 294 295 /* 296 * Soft reference to paired SA 297 */ 298 uint32_t ipsa_otherspi; 299 300 /* MLS boxen will probably need more fields in here. */ 301 302 netstack_t *ipsa_netstack; /* Does not have a netstack_hold */ 303 } ipsa_t; 304 305 /* 306 * ipsa_t address handling macros. We want these to be inlined, and deal 307 * with 32-bit words to avoid bcmp/bcopy calls. 308 * 309 * Assume we only have AF_INET and AF_INET6 addresses for now. Also assume 310 * that we have 32-bit alignment on everything. 311 */ 312 #define IPSA_IS_ADDR_UNSPEC(addr, fam) ((((uint32_t *)(addr))[0] == 0) && \ 313 (((fam) == AF_INET) || (((uint32_t *)(addr))[3] == 0 && \ 314 ((uint32_t *)(addr))[2] == 0 && ((uint32_t *)(addr))[1] == 0))) 315 #define IPSA_ARE_ADDR_EQUAL(addr1, addr2, fam) \ 316 ((((uint32_t *)(addr1))[0] == ((uint32_t *)(addr2))[0]) && \ 317 (((fam) == AF_INET) || \ 318 (((uint32_t *)(addr1))[3] == ((uint32_t *)(addr2))[3] && \ 319 ((uint32_t *)(addr1))[2] == ((uint32_t *)(addr2))[2] && \ 320 ((uint32_t *)(addr1))[1] == ((uint32_t *)(addr2))[1]))) 321 #define IPSA_COPY_ADDR(dstaddr, srcaddr, fam) { \ 322 ((uint32_t *)(dstaddr))[0] = ((uint32_t *)(srcaddr))[0]; \ 323 if ((fam) == AF_INET6) {\ 324 ((uint32_t *)(dstaddr))[1] = ((uint32_t *)(srcaddr))[1]; \ 325 ((uint32_t *)(dstaddr))[2] = ((uint32_t *)(srcaddr))[2]; \ 326 ((uint32_t *)(dstaddr))[3] = ((uint32_t *)(srcaddr))[3]; } } 327 328 /* 329 * ipsa_t reference hold/release macros. 330 * 331 * If you have a pointer, you REFHOLD. If you are releasing a pointer, you 332 * REFRELE. An ipsa_t that is newly inserted into the table should have 333 * a reference count of 1 (for the table's pointer), plus 1 more for every 334 * pointer that is referencing the ipsa_t. 335 */ 336 337 #define IPSA_REFHOLD(ipsa) { \ 338 atomic_add_32(&(ipsa)->ipsa_refcnt, 1); \ 339 ASSERT((ipsa)->ipsa_refcnt != 0); \ 340 } 341 342 /* 343 * Decrement the reference count on the SA. 344 * In architectures e.g sun4u, where atomic_add_32_nv is just 345 * a cas, we need to maintain the right memory barrier semantics 346 * as that of mutex_exit i.e all the loads and stores should complete 347 * before the cas is executed. membar_exit() does that here. 348 */ 349 350 #define IPSA_REFRELE(ipsa) { \ 351 ASSERT((ipsa)->ipsa_refcnt != 0); \ 352 membar_exit(); \ 353 if (atomic_add_32_nv(&(ipsa)->ipsa_refcnt, -1) == 0) \ 354 ((ipsa)->ipsa_freefunc)(ipsa); \ 355 } 356 357 /* 358 * Security association hash macros and definitions. For now, assume the 359 * IPsec model, and hash outbounds on destination address, and inbounds on 360 * SPI. 361 */ 362 363 #define IPSEC_DEFAULT_HASH_SIZE 256 364 365 #define INBOUND_HASH(sadb, spi) ((spi) % ((sadb)->sdb_hashsize)) 366 #define OUTBOUND_HASH_V4(sadb, v4addr) ((v4addr) % ((sadb)->sdb_hashsize)) 367 #define OUTBOUND_HASH_V6(sadb, v6addr) OUTBOUND_HASH_V4((sadb), \ 368 (*(uint32_t *)&(v6addr)) ^ (*(((uint32_t *)&(v6addr)) + 1)) ^ \ 369 (*(((uint32_t *)&(v6addr)) + 2)) ^ (*(((uint32_t *)&(v6addr)) + 3))) 370 371 /* 372 * Syntactic sugar to find the appropriate hash bucket directly. 373 */ 374 375 #define INBOUND_BUCKET(sadb, spi) &(((sadb)->sdb_if)[INBOUND_HASH(sadb, spi)]) 376 #define OUTBOUND_BUCKET_V4(sadb, v4addr) \ 377 &(((sadb)->sdb_of)[OUTBOUND_HASH_V4(sadb, v4addr)]) 378 #define OUTBOUND_BUCKET_V6(sadb, v6addr) \ 379 &(((sadb)->sdb_of)[OUTBOUND_HASH_V6(sadb, v6addr)]) 380 381 #define IPSA_F_PFS SADB_SAFLAGS_PFS /* PFS in use for this SA? */ 382 #define IPSA_F_NOREPFLD SADB_SAFLAGS_NOREPLAY /* No replay field, for */ 383 /* backward compat. */ 384 #define IPSA_F_USED SADB_X_SAFLAGS_USED /* SA has been used. */ 385 #define IPSA_F_UNIQUE SADB_X_SAFLAGS_UNIQUE /* SA is unique */ 386 #define IPSA_F_AALG1 SADB_X_SAFLAGS_AALG1 /* Auth alg flag 1 */ 387 #define IPSA_F_AALG2 SADB_X_SAFLAGS_AALG2 /* Auth alg flag 2 */ 388 #define IPSA_F_EALG1 SADB_X_SAFLAGS_EALG1 /* Encrypt alg flag 1 */ 389 #define IPSA_F_EALG2 SADB_X_SAFLAGS_EALG2 /* Encrypt alg flag 2 */ 390 391 #define IPSA_F_HW 0x200000 /* hwaccel capable SA */ 392 #define IPSA_F_NATT_LOC SADB_X_SAFLAGS_NATT_LOC 393 #define IPSA_F_NATT_REM SADB_X_SAFLAGS_NATT_REM 394 #define IPSA_F_BEHIND_NAT SADB_X_SAFLAGS_NATTED 395 #define IPSA_F_NATT (SADB_X_SAFLAGS_NATT_LOC | SADB_X_SAFLAGS_NATT_REM | \ 396 SADB_X_SAFLAGS_NATTED) 397 #define IPSA_F_CINVALID 0x40000 /* SA shouldn't be cached */ 398 #define IPSA_F_PAIRED SADB_X_SAFLAGS_PAIRED /* SA is one of a pair */ 399 #define IPSA_F_OUTBOUND SADB_X_SAFLAGS_OUTBOUND /* SA direction bit */ 400 #define IPSA_F_INBOUND SADB_X_SAFLAGS_INBOUND /* SA direction bit */ 401 #define IPSA_F_TUNNEL SADB_X_SAFLAGS_TUNNEL 402 /* 403 * These flags are only defined here to prevent a flag value collision. 404 */ 405 #define IPSA_F_COMBINED SADB_X_SAFLAGS_EALG1 /* Defined in pfkeyv2.h */ 406 #define IPSA_F_COUNTERMODE SADB_X_SAFLAGS_EALG2 /* Defined in pfkeyv2.h */ 407 408 /* 409 * Sets of flags that are allowed to by set or modified by PF_KEY apps. 410 */ 411 #define AH_UPDATE_SETTABLE_FLAGS \ 412 (SADB_X_SAFLAGS_PAIRED | SADB_SAFLAGS_NOREPLAY | \ 413 SADB_X_SAFLAGS_OUTBOUND | SADB_X_SAFLAGS_INBOUND | \ 414 SADB_X_SAFLAGS_KM1 | SADB_X_SAFLAGS_KM2 | \ 415 SADB_X_SAFLAGS_KM3 | SADB_X_SAFLAGS_KM4) 416 417 /* AH can't set NAT flags (or even use NAT). Add NAT flags to the ESP set. */ 418 #define ESP_UPDATE_SETTABLE_FLAGS (AH_UPDATE_SETTABLE_FLAGS | IPSA_F_NATT) 419 420 #define AH_ADD_SETTABLE_FLAGS \ 421 (AH_UPDATE_SETTABLE_FLAGS | SADB_X_SAFLAGS_AALG1 | \ 422 SADB_X_SAFLAGS_AALG2 | SADB_X_SAFLAGS_TUNNEL | \ 423 SADB_SAFLAGS_NOREPLAY) 424 425 /* AH can't set NAT flags (or even use NAT). Add NAT flags to the ESP set. */ 426 #define ESP_ADD_SETTABLE_FLAGS (AH_ADD_SETTABLE_FLAGS | IPSA_F_NATT | \ 427 SADB_X_SAFLAGS_EALG1 | SADB_X_SAFLAGS_EALG2) 428 429 430 431 /* SA states are important for handling UPDATE PF_KEY messages. */ 432 #define IPSA_STATE_LARVAL SADB_SASTATE_LARVAL 433 #define IPSA_STATE_MATURE SADB_SASTATE_MATURE 434 #define IPSA_STATE_DYING SADB_SASTATE_DYING 435 #define IPSA_STATE_DEAD SADB_SASTATE_DEAD 436 #define IPSA_STATE_IDLE SADB_X_SASTATE_IDLE 437 #define IPSA_STATE_ACTIVE_ELSEWHERE SADB_X_SASTATE_ACTIVE_ELSEWHERE 438 439 /* 440 * NOTE: If the document authors do things right in defining algorithms, we'll 441 * probably have flags for what all is here w.r.t. replay, ESP w/HMAC, 442 * etc. 443 */ 444 445 #define IPSA_T_ACQUIRE SEC_TYPE_NONE /* If this typed returned, sa needed */ 446 #define IPSA_T_AH SEC_TYPE_AH /* IPsec AH association */ 447 #define IPSA_T_ESP SEC_TYPE_ESP /* IPsec ESP association */ 448 449 #define IPSA_AALG_NONE SADB_AALG_NONE /* No auth. algorithm */ 450 #define IPSA_AALG_MD5H SADB_AALG_MD5HMAC /* MD5-HMAC algorithm */ 451 #define IPSA_AALG_SHA1H SADB_AALG_SHA1HMAC /* SHA1-HMAC algorithm */ 452 453 #define IPSA_EALG_NONE SADB_EALG_NONE /* No encryption algorithm */ 454 #define IPSA_EALG_DES_CBC SADB_EALG_DESCBC 455 #define IPSA_EALG_3DES SADB_EALG_3DESCBC 456 457 /* 458 * Protect each ipsa_t bucket (and linkage) with a lock. 459 */ 460 461 typedef struct isaf_s { 462 ipsa_t *isaf_ipsa; 463 kmutex_t isaf_lock; 464 uint64_t isaf_gen; 465 } isaf_t; 466 467 /* 468 * ACQUIRE record. If AH/ESP/whatever cannot find an association for outbound 469 * traffic, it sends up an SADB_ACQUIRE message and create an ACQUIRE record. 470 */ 471 472 #define IPSACQ_MAXPACKETS 4 /* Number of packets that can be queued up */ 473 /* waiting for an ACQUIRE to finish. */ 474 475 typedef struct ipsacq_s { 476 struct ipsacq_s *ipsacq_next; 477 struct ipsacq_s **ipsacq_ptpn; 478 kmutex_t *ipsacq_linklock; 479 struct ipsec_policy_s *ipsacq_policy; 480 struct ipsec_action_s *ipsacq_act; 481 482 sa_family_t ipsacq_addrfam; /* Address family. */ 483 sa_family_t ipsacq_inneraddrfam; /* Inner-packet address family. */ 484 int ipsacq_numpackets; /* How many packets queued up so far. */ 485 uint32_t ipsacq_seq; /* PF_KEY sequence number. */ 486 uint64_t ipsacq_unique_id; /* Unique ID for SAs that need it. */ 487 488 kmutex_t ipsacq_lock; /* Protects non-linkage fields. */ 489 time_t ipsacq_expire; /* Wall-clock time when this record expires. */ 490 mblk_t *ipsacq_mp; /* List of datagrams waiting for an SA. */ 491 492 /* These two point inside the last mblk inserted. */ 493 uint32_t *ipsacq_srcaddr; 494 uint32_t *ipsacq_dstaddr; 495 496 /* Cache these instead of point so we can mask off accordingly */ 497 uint32_t ipsacq_innersrc[IPSA_MAX_ADDRLEN]; 498 uint32_t ipsacq_innerdst[IPSA_MAX_ADDRLEN]; 499 500 /* These may change per-acquire. */ 501 uint16_t ipsacq_srcport; 502 uint16_t ipsacq_dstport; 503 uint8_t ipsacq_proto; 504 uint8_t ipsacq_inner_proto; 505 uint8_t ipsacq_innersrcpfx; 506 uint8_t ipsacq_innerdstpfx; 507 508 /* icmp type and code of triggering packet (if applicable) */ 509 uint8_t ipsacq_icmp_type; 510 uint8_t ipsacq_icmp_code; 511 } ipsacq_t; 512 513 /* 514 * Kernel-generated sequence numbers will be no less than 0x80000000 to 515 * forestall any cretinous problems with manual keying accidentally updating 516 * an ACQUIRE entry. 517 */ 518 #define IACQF_LOWEST_SEQ 0x80000000 519 520 #define SADB_AGE_INTERVAL_DEFAULT 8000 521 522 /* 523 * ACQUIRE fanout. Protect each linkage with a lock. 524 */ 525 526 typedef struct iacqf_s { 527 ipsacq_t *iacqf_ipsacq; 528 kmutex_t iacqf_lock; 529 } iacqf_t; 530 531 /* 532 * A (network protocol, ipsec protocol) specific SADB. 533 * (i.e., one each for {ah, esp} and {v4, v6}. 534 * 535 * Keep outbound assocs about the same as ire_cache entries for now. 536 * One danger point, multiple SAs for a single dest will clog a bucket. 537 * For the future, consider two-level hashing (2nd hash on IPC?), then probe. 538 */ 539 540 typedef struct sadb_s 541 { 542 isaf_t *sdb_of; 543 isaf_t *sdb_if; 544 iacqf_t *sdb_acq; 545 int sdb_hashsize; 546 } sadb_t; 547 548 /* 549 * A pair of SADB's (one for v4, one for v6), and related state (including 550 * acquire callbacks). 551 */ 552 553 typedef struct sadbp_s 554 { 555 uint32_t s_satype; 556 queue_t *s_ip_q; 557 uint32_t *s_acquire_timeout; 558 void (*s_acqfn)(ipsacq_t *, mblk_t *, netstack_t *); 559 sadb_t s_v4; 560 sadb_t s_v6; 561 uint32_t s_addflags; 562 uint32_t s_updateflags; 563 } sadbp_t; 564 565 /* 566 * A pair of SA's for a single connection, the structure contains a 567 * pointer to a SA and the SA its paired with (opposite direction) as well 568 * as the SA's respective hash buckets. 569 */ 570 typedef struct ipsap_s 571 { 572 boolean_t in_inbound_table; 573 isaf_t *ipsap_bucket; 574 ipsa_t *ipsap_sa_ptr; 575 isaf_t *ipsap_pbucket; 576 ipsa_t *ipsap_psa_ptr; 577 } ipsap_t; 578 579 typedef struct templist_s 580 { 581 ipsa_t *ipsa; 582 struct templist_s *next; 583 } templist_t; 584 585 /* Pointer to an all-zeroes IPv6 address. */ 586 #define ALL_ZEROES_PTR ((uint32_t *)&ipv6_all_zeros) 587 588 /* 589 * Form unique id from ipsec_out_t 590 */ 591 592 #define SA_FORM_UNIQUE_ID(io) \ 593 SA_UNIQUE_ID((io)->ipsec_out_src_port, (io)->ipsec_out_dst_port, \ 594 ((io)->ipsec_out_tunnel ? ((io)->ipsec_out_inaf == AF_INET6 ? \ 595 IPPROTO_IPV6 : IPPROTO_ENCAP) : (io)->ipsec_out_proto), \ 596 ((io)->ipsec_out_tunnel ? (io)->ipsec_out_proto : 0)) 597 598 /* 599 * This macro is used to generate unique ids (along with the addresses, both 600 * inner and outer) for outbound datagrams that require unique SAs. 601 * 602 * N.B. casts and unsigned shift amounts discourage unwarranted 603 * sign extension of dstport, proto, and iproto. 604 * 605 * Unique ID is 64-bits allocated as follows (pardon my big-endian bias): 606 * 607 * 6 4 43 33 11 608 * 3 7 09 21 65 0 609 * +---------------*-------+-------+--------------+---------------+ 610 * | MUST-BE-ZERO |<iprot>|<proto>| <src port> | <dest port> | 611 * +---------------*-------+-------+--------------+---------------+ 612 * 613 * If there are inner addresses (tunnel mode) the ports come from the 614 * inner addresses. If there are no inner addresses, the ports come from 615 * the outer addresses (transport mode). Tunnel mode MUST have <proto> 616 * set to either IPPROTO_ENCAP or IPPPROTO_IPV6. 617 */ 618 #define SA_UNIQUE_ID(srcport, dstport, proto, iproto) \ 619 ((srcport) | ((uint64_t)(dstport) << 16U) | \ 620 ((uint64_t)(proto) << 32U) | ((uint64_t)(iproto) << 40U)) 621 622 /* 623 * SA_UNIQUE_MASK generates a mask value to use when comparing the unique value 624 * from a packet to an SA. 625 */ 626 627 #define SA_UNIQUE_MASK(srcport, dstport, proto, iproto) \ 628 SA_UNIQUE_ID((srcport != 0) ? 0xffff : 0, \ 629 (dstport != 0) ? 0xffff : 0, \ 630 (proto != 0) ? 0xff : 0, \ 631 (iproto != 0) ? 0xff : 0) 632 633 /* 634 * Decompose unique id back into its original fields. 635 */ 636 #define SA_IPROTO(ipsa) ((ipsa)->ipsa_unique_id>>40)&0xff 637 #define SA_PROTO(ipsa) ((ipsa)->ipsa_unique_id>>32)&0xff 638 #define SA_SRCPORT(ipsa) ((ipsa)->ipsa_unique_id & 0xffff) 639 #define SA_DSTPORT(ipsa) (((ipsa)->ipsa_unique_id >> 16) & 0xffff) 640 641 /* 642 * All functions that return an ipsa_t will return it with IPSA_REFHOLD() 643 * already called. 644 */ 645 646 /* SA retrieval (inbound and outbound) */ 647 ipsa_t *ipsec_getassocbyspi(isaf_t *, uint32_t, uint32_t *, uint32_t *, 648 sa_family_t); 649 ipsa_t *ipsec_getassocbyconn(isaf_t *, ipsec_out_t *, uint32_t *, uint32_t *, 650 sa_family_t, uint8_t); 651 ipsap_t *get_ipsa_pair(sadb_sa_t *, sadb_address_t *, sadb_address_t *, 652 sadbp_t *); 653 void destroy_ipsa_pair(ipsap_t *); 654 int update_pairing(ipsap_t *, keysock_in_t *, int *, sadbp_t *); 655 656 /* SA insertion. */ 657 int sadb_insertassoc(ipsa_t *, isaf_t *); 658 659 /* SA table construction and destruction. */ 660 void sadbp_init(const char *name, sadbp_t *, int, int, netstack_t *); 661 void sadbp_flush(sadbp_t *, netstack_t *); 662 void sadbp_destroy(sadbp_t *, netstack_t *); 663 664 /* SA insertion and deletion. */ 665 int sadb_insertassoc(ipsa_t *, isaf_t *); 666 void sadb_unlinkassoc(ipsa_t *); 667 668 /* Support routines to interface a keysock consumer to PF_KEY. */ 669 mblk_t *sadb_keysock_out(minor_t); 670 int sadb_hardsoftchk(sadb_lifetime_t *, sadb_lifetime_t *, sadb_lifetime_t *); 671 void sadb_pfkey_echo(queue_t *, mblk_t *, sadb_msg_t *, struct keysock_in_s *, 672 ipsa_t *); 673 void sadb_pfkey_error(queue_t *, mblk_t *, int, int, uint_t); 674 void sadb_keysock_hello(queue_t **, queue_t *, mblk_t *, void (*)(void *), 675 void *, timeout_id_t *, int); 676 int sadb_addrcheck(queue_t *, mblk_t *, sadb_ext_t *, uint_t, netstack_t *); 677 boolean_t sadb_addrfix(keysock_in_t *, queue_t *, mblk_t *, netstack_t *); 678 int sadb_addrset(ire_t *); 679 int sadb_delget_sa(mblk_t *, keysock_in_t *, sadbp_t *, int *, queue_t *, 680 uint8_t); 681 682 int sadb_purge_sa(mblk_t *, keysock_in_t *, sadb_t *, queue_t *, queue_t *); 683 int sadb_common_add(queue_t *, queue_t *, mblk_t *, sadb_msg_t *, 684 keysock_in_t *, isaf_t *, isaf_t *, ipsa_t *, boolean_t, boolean_t, int *, 685 netstack_t *, sadbp_t *); 686 void sadb_set_usetime(ipsa_t *); 687 boolean_t sadb_age_bytes(queue_t *, ipsa_t *, uint64_t, boolean_t); 688 int sadb_update_sa(mblk_t *, keysock_in_t *, mblk_t **, sadbp_t *, 689 int *, queue_t *, int (*)(mblk_t *, keysock_in_t *, int *, netstack_t *), 690 netstack_t *, uint8_t); 691 void sadb_acquire(mblk_t *, ipsec_out_t *, boolean_t, boolean_t); 692 void gcm_params_init(ipsa_t *, uchar_t *, uint_t, uchar_t *, ipsa_cm_mech_t *, 693 crypto_data_t *); 694 void ccm_params_init(ipsa_t *, uchar_t *, uint_t, uchar_t *, ipsa_cm_mech_t *, 695 crypto_data_t *); 696 void cbc_params_init(ipsa_t *, uchar_t *, uint_t, uchar_t *, ipsa_cm_mech_t *, 697 crypto_data_t *); 698 699 void sadb_destroy_acquire(ipsacq_t *, netstack_t *); 700 struct ipsec_stack; 701 mblk_t *sadb_setup_acquire(ipsacq_t *, uint8_t, struct ipsec_stack *); 702 ipsa_t *sadb_getspi(keysock_in_t *, uint32_t, int *, netstack_t *, uint_t); 703 void sadb_in_acquire(sadb_msg_t *, sadbp_t *, queue_t *, netstack_t *); 704 boolean_t sadb_replay_check(ipsa_t *, uint32_t); 705 boolean_t sadb_replay_peek(ipsa_t *, uint32_t); 706 int sadb_dump(queue_t *, mblk_t *, keysock_in_t *, sadb_t *); 707 void sadb_replay_delete(ipsa_t *); 708 void sadb_ager(sadb_t *, queue_t *, queue_t *, int, netstack_t *); 709 710 timeout_id_t sadb_retimeout(hrtime_t, queue_t *, void (*)(void *), void *, 711 uint_t *, uint_t, short); 712 void sadb_sa_refrele(void *target); 713 boolean_t sadb_set_lpkt(ipsa_t *, mblk_t *, netstack_t *); 714 mblk_t *sadb_clear_lpkt(ipsa_t *); 715 void sadb_buf_pkt(ipsa_t *, mblk_t *, netstack_t *); 716 void sadb_clear_buf_pkt(void *ipkt); 717 718 #define HANDLE_BUF_PKT(taskq, stack, dropper, buf_pkt) \ 719 { \ 720 if (buf_pkt != NULL) { \ 721 if (taskq_dispatch(taskq, sadb_clear_buf_pkt, \ 722 (void *) buf_pkt, TQ_NOSLEEP) == 0) { \ 723 /* Dispatch was unsuccessful drop the packets. */ \ 724 mblk_t *tmp; \ 725 while (buf_pkt != NULL) { \ 726 tmp = buf_pkt->b_next; \ 727 buf_pkt->b_next = NULL; \ 728 ip_drop_packet(buf_pkt, B_TRUE, NULL, \ 729 NULL, DROPPER(stack, \ 730 ipds_sadb_inidle_timeout), \ 731 &dropper); \ 732 buf_pkt = tmp; \ 733 } \ 734 } \ 735 } \ 736 } \ 737 738 /* 739 * Hw accel-related calls (downloading sadb to driver) 740 */ 741 void sadb_ill_download(ill_t *, uint_t); 742 mblk_t *sadb_fmt_sa_req(uint_t, uint_t, ipsa_t *, boolean_t); 743 /* 744 * Sub-set of the IPsec hardware acceleration capabilities functions 745 * implemented by ip_if.c 746 */ 747 extern boolean_t ipsec_capab_match(ill_t *, uint_t, boolean_t, ipsa_t *, 748 netstack_t *); 749 extern void ill_ipsec_capab_send_all(uint_t, mblk_t *, ipsa_t *, 750 netstack_t *); 751 752 753 /* 754 * One IPsec -> IP linking routine, and two IPsec rate-limiting routines. 755 */ 756 extern boolean_t sadb_t_bind_req(queue_t *, int); 757 /*PRINTFLIKE6*/ 758 extern void ipsec_rl_strlog(netstack_t *, short, short, char, 759 ushort_t, char *, ...) 760 __KPRINTFLIKE(6); 761 extern void ipsec_assocfailure(short, short, char, ushort_t, char *, uint32_t, 762 void *, int, netstack_t *); 763 764 /* 765 * Algorithm types. 766 */ 767 768 #define IPSEC_NALGTYPES 2 769 770 typedef enum ipsec_algtype { 771 IPSEC_ALG_AUTH = 0, 772 IPSEC_ALG_ENCR = 1 773 } ipsec_algtype_t; 774 775 /* 776 * Definitions as per IPsec/ISAKMP DOI. 777 */ 778 779 #define IPSEC_MAX_ALGS 256 780 #define PROTO_IPSEC_AH 2 781 #define PROTO_IPSEC_ESP 3 782 783 /* 784 * Common algorithm info. 785 */ 786 typedef struct ipsec_alginfo 787 { 788 uint8_t alg_id; 789 uint8_t alg_flags; 790 uint16_t *alg_key_sizes; 791 uint16_t *alg_block_sizes; 792 uint16_t *alg_params; 793 uint16_t alg_nkey_sizes; 794 uint16_t alg_ivlen; 795 uint16_t alg_icvlen; 796 uint8_t alg_saltlen; 797 uint16_t alg_nblock_sizes; 798 uint16_t alg_nparams; 799 uint16_t alg_minbits; 800 uint16_t alg_maxbits; 801 uint16_t alg_datalen; 802 /* 803 * increment: number of bits from keysize to keysize 804 * default: # of increments from min to default key len 805 */ 806 uint16_t alg_increment; 807 uint16_t alg_default; 808 uint16_t alg_default_bits; 809 /* 810 * Min, max, and default key sizes effectively supported 811 * by the encryption framework. 812 */ 813 uint16_t alg_ef_minbits; 814 uint16_t alg_ef_maxbits; 815 uint16_t alg_ef_default; 816 uint16_t alg_ef_default_bits; 817 818 crypto_mech_type_t alg_mech_type; /* KCF mechanism type */ 819 crypto_mech_name_t alg_mech_name; /* KCF mechanism name */ 820 } ipsec_alginfo_t; 821 822 #define alg_datalen alg_block_sizes[0] 823 #define ALG_VALID(_alg) ((_alg)->alg_flags & ALG_FLAG_VALID) 824 825 /* 826 * Software crypto execution mode. 827 */ 828 typedef enum { 829 IPSEC_ALGS_EXEC_SYNC = 0, 830 IPSEC_ALGS_EXEC_ASYNC = 1 831 } ipsec_algs_exec_mode_t; 832 833 extern void ipsec_alg_reg(ipsec_algtype_t, ipsec_alginfo_t *, netstack_t *); 834 extern void ipsec_alg_unreg(ipsec_algtype_t, uint8_t, netstack_t *); 835 extern void ipsec_alg_fix_min_max(ipsec_alginfo_t *, ipsec_algtype_t, 836 netstack_t *ns); 837 extern void alg_flag_check(ipsec_alginfo_t *); 838 extern void ipsec_alg_free(ipsec_alginfo_t *); 839 extern void ipsec_register_prov_update(void); 840 extern void sadb_alg_update(ipsec_algtype_t, uint8_t, boolean_t, 841 netstack_t *); 842 843 /* 844 * Context templates management. 845 */ 846 847 #define IPSEC_CTX_TMPL_ALLOC ((crypto_ctx_template_t)-1) 848 #define IPSEC_CTX_TMPL(_sa, _which, _type, _tmpl) { \ 849 if ((_tmpl = (_sa)->_which) == IPSEC_CTX_TMPL_ALLOC) { \ 850 mutex_enter(&assoc->ipsa_lock); \ 851 if ((_sa)->_which == IPSEC_CTX_TMPL_ALLOC) { \ 852 ipsec_stack_t *ipss; \ 853 \ 854 ipss = assoc->ipsa_netstack->netstack_ipsec; \ 855 mutex_enter(&ipss->ipsec_alg_lock); \ 856 (void) ipsec_create_ctx_tmpl(_sa, _type); \ 857 mutex_exit(&ipss->ipsec_alg_lock); \ 858 } \ 859 mutex_exit(&assoc->ipsa_lock); \ 860 if ((_tmpl = (_sa)->_which) == IPSEC_CTX_TMPL_ALLOC) \ 861 _tmpl = NULL; \ 862 } \ 863 } 864 865 extern int ipsec_create_ctx_tmpl(ipsa_t *, ipsec_algtype_t); 866 extern void ipsec_destroy_ctx_tmpl(ipsa_t *, ipsec_algtype_t); 867 868 /* key checking */ 869 extern int ipsec_check_key(crypto_mech_type_t, sadb_key_t *, boolean_t, int *); 870 871 typedef struct ipsec_kstats_s { 872 kstat_named_t esp_stat_in_requests; 873 kstat_named_t esp_stat_in_discards; 874 kstat_named_t esp_stat_lookup_failure; 875 kstat_named_t ah_stat_in_requests; 876 kstat_named_t ah_stat_in_discards; 877 kstat_named_t ah_stat_lookup_failure; 878 kstat_named_t sadb_acquire_maxpackets; 879 kstat_named_t sadb_acquire_qhiwater; 880 } ipsec_kstats_t; 881 882 /* 883 * (ipss)->ipsec_kstats is equal to (ipss)->ipsec_ksp->ks_data if 884 * kstat_create_netstack for (ipss)->ipsec_ksp succeeds, but when it 885 * fails, it will be NULL. Note this is done for all stack instances, 886 * so it *could* fail. hence a non-NULL checking is done for 887 * IP_ESP_BUMP_STAT, IP_AH_BUMP_STAT and IP_ACQUIRE_STAT 888 */ 889 #define IP_ESP_BUMP_STAT(ipss, x) \ 890 do { \ 891 if ((ipss)->ipsec_kstats != NULL) \ 892 ((ipss)->ipsec_kstats->esp_stat_ ## x).value.ui64++; \ 893 _NOTE(CONSTCOND) \ 894 } while (0) 895 896 #define IP_AH_BUMP_STAT(ipss, x) \ 897 do { \ 898 if ((ipss)->ipsec_kstats != NULL) \ 899 ((ipss)->ipsec_kstats->ah_stat_ ## x).value.ui64++; \ 900 _NOTE(CONSTCOND) \ 901 } while (0) 902 903 #define IP_ACQUIRE_STAT(ipss, val, new) \ 904 do { \ 905 if ((ipss)->ipsec_kstats != NULL && \ 906 ((uint64_t)(new)) > \ 907 ((ipss)->ipsec_kstats->sadb_acquire_ ## val).value.ui64) \ 908 ((ipss)->ipsec_kstats->sadb_acquire_ ## val).value.ui64 = \ 909 ((uint64_t)(new)); \ 910 _NOTE(CONSTCOND) \ 911 } while (0) 912 913 914 #ifdef __cplusplus 915 } 916 #endif 917 918 #endif /* _INET_SADB_H */ 919