1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <sys/types.h> 29 #include <sys/stream.h> 30 #include <sys/stropts.h> 31 #include <sys/errno.h> 32 #include <sys/strlog.h> 33 #include <sys/tihdr.h> 34 #include <sys/socket.h> 35 #include <sys/ddi.h> 36 #include <sys/sunddi.h> 37 #include <sys/kmem.h> 38 #include <sys/zone.h> 39 #include <sys/sysmacros.h> 40 #include <sys/cmn_err.h> 41 #include <sys/vtrace.h> 42 #include <sys/debug.h> 43 #include <sys/atomic.h> 44 #include <sys/strsun.h> 45 #include <sys/random.h> 46 #include <netinet/in.h> 47 #include <net/if.h> 48 #include <netinet/ip6.h> 49 #include <net/pfkeyv2.h> 50 51 #include <inet/common.h> 52 #include <inet/mi.h> 53 #include <inet/nd.h> 54 #include <inet/ip.h> 55 #include <inet/ip_impl.h> 56 #include <inet/ip6.h> 57 #include <inet/sadb.h> 58 #include <inet/ipsec_info.h> 59 #include <inet/ipsec_impl.h> 60 #include <inet/ipsecesp.h> 61 #include <inet/ipdrop.h> 62 #include <inet/tcp.h> 63 #include <sys/kstat.h> 64 #include <sys/policy.h> 65 #include <sys/strsun.h> 66 #include <inet/udp_impl.h> 67 #include <sys/taskq.h> 68 #include <sys/note.h> 69 70 #include <sys/iphada.h> 71 72 /* 73 * Table of ND variables supported by ipsecesp. These are loaded into 74 * ipsecesp_g_nd in ipsecesp_init_nd. 75 * All of these are alterable, within the min/max values given, at run time. 76 */ 77 static ipsecespparam_t lcl_param_arr[] = { 78 /* min max value name */ 79 { 0, 3, 0, "ipsecesp_debug"}, 80 { 125, 32000, SADB_AGE_INTERVAL_DEFAULT, "ipsecesp_age_interval"}, 81 { 1, 10, 1, "ipsecesp_reap_delay"}, 82 { 1, SADB_MAX_REPLAY, 64, "ipsecesp_replay_size"}, 83 { 1, 300, 15, "ipsecesp_acquire_timeout"}, 84 { 1, 1800, 90, "ipsecesp_larval_timeout"}, 85 /* Default lifetime values for ACQUIRE messages. */ 86 { 0, 0xffffffffU, 0, "ipsecesp_default_soft_bytes"}, 87 { 0, 0xffffffffU, 0, "ipsecesp_default_hard_bytes"}, 88 { 0, 0xffffffffU, 24000, "ipsecesp_default_soft_addtime"}, 89 { 0, 0xffffffffU, 28800, "ipsecesp_default_hard_addtime"}, 90 { 0, 0xffffffffU, 0, "ipsecesp_default_soft_usetime"}, 91 { 0, 0xffffffffU, 0, "ipsecesp_default_hard_usetime"}, 92 { 0, 1, 0, "ipsecesp_log_unknown_spi"}, 93 { 0, 2, 1, "ipsecesp_padding_check"}, 94 { 0, 600, 20, "ipsecesp_nat_keepalive_interval"}, 95 }; 96 #define ipsecesp_debug ipsecesp_params[0].ipsecesp_param_value 97 #define ipsecesp_age_interval ipsecesp_params[1].ipsecesp_param_value 98 #define ipsecesp_age_int_max ipsecesp_params[1].ipsecesp_param_max 99 #define ipsecesp_reap_delay ipsecesp_params[2].ipsecesp_param_value 100 #define ipsecesp_replay_size ipsecesp_params[3].ipsecesp_param_value 101 #define ipsecesp_acquire_timeout \ 102 ipsecesp_params[4].ipsecesp_param_value 103 #define ipsecesp_larval_timeout \ 104 ipsecesp_params[5].ipsecesp_param_value 105 #define ipsecesp_default_soft_bytes \ 106 ipsecesp_params[6].ipsecesp_param_value 107 #define ipsecesp_default_hard_bytes \ 108 ipsecesp_params[7].ipsecesp_param_value 109 #define ipsecesp_default_soft_addtime \ 110 ipsecesp_params[8].ipsecesp_param_value 111 #define ipsecesp_default_hard_addtime \ 112 ipsecesp_params[9].ipsecesp_param_value 113 #define ipsecesp_default_soft_usetime \ 114 ipsecesp_params[10].ipsecesp_param_value 115 #define ipsecesp_default_hard_usetime \ 116 ipsecesp_params[11].ipsecesp_param_value 117 #define ipsecesp_log_unknown_spi \ 118 ipsecesp_params[12].ipsecesp_param_value 119 #define ipsecesp_padding_check \ 120 ipsecesp_params[13].ipsecesp_param_value 121 /* For ipsecesp_nat_keepalive_interval, see ipsecesp.h. */ 122 123 #define esp0dbg(a) printf a 124 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */ 125 #define esp1dbg(espstack, a) if (espstack->ipsecesp_debug != 0) printf a 126 #define esp2dbg(espstack, a) if (espstack->ipsecesp_debug > 1) printf a 127 #define esp3dbg(espstack, a) if (espstack->ipsecesp_debug > 2) printf a 128 129 static int ipsecesp_open(queue_t *, dev_t *, int, int, cred_t *); 130 static int ipsecesp_close(queue_t *); 131 static void ipsecesp_rput(queue_t *, mblk_t *); 132 static void ipsecesp_wput(queue_t *, mblk_t *); 133 static void *ipsecesp_stack_init(netstackid_t stackid, netstack_t *ns); 134 static void ipsecesp_stack_fini(netstackid_t stackid, void *arg); 135 static void esp_send_acquire(ipsacq_t *, mblk_t *, netstack_t *); 136 137 static void esp_prepare_udp(netstack_t *, mblk_t *, ipha_t *); 138 static ipsec_status_t esp_outbound_accelerated(mblk_t *, uint_t); 139 static ipsec_status_t esp_inbound_accelerated(mblk_t *, mblk_t *, 140 boolean_t, ipsa_t *); 141 142 static boolean_t esp_register_out(uint32_t, uint32_t, uint_t, 143 ipsecesp_stack_t *); 144 static boolean_t esp_strip_header(mblk_t *, boolean_t, uint32_t, 145 kstat_named_t **, ipsecesp_stack_t *); 146 static ipsec_status_t esp_submit_req_inbound(mblk_t *, ipsa_t *, uint_t); 147 static ipsec_status_t esp_submit_req_outbound(mblk_t *, ipsa_t *, uchar_t *, 148 uint_t); 149 /* Setable in /etc/system */ 150 uint32_t esp_hash_size = IPSEC_DEFAULT_HASH_SIZE; 151 152 static struct module_info info = { 153 5137, "ipsecesp", 0, INFPSZ, 65536, 1024 154 }; 155 156 static struct qinit rinit = { 157 (pfi_t)ipsecesp_rput, NULL, ipsecesp_open, ipsecesp_close, NULL, &info, 158 NULL 159 }; 160 161 static struct qinit winit = { 162 (pfi_t)ipsecesp_wput, NULL, ipsecesp_open, ipsecesp_close, NULL, &info, 163 NULL 164 }; 165 166 struct streamtab ipsecespinfo = { 167 &rinit, &winit, NULL, NULL 168 }; 169 170 static taskq_t *esp_taskq; 171 172 /* 173 * OTOH, this one is set at open/close, and I'm D_MTQPAIR for now. 174 * 175 * Question: Do I need this, given that all instance's esps->esps_wq point 176 * to IP? 177 * 178 * Answer: Yes, because I need to know which queue is BOUND to 179 * IPPROTO_ESP 180 */ 181 182 /* 183 * Stats. This may eventually become a full-blown SNMP MIB once that spec 184 * stabilizes. 185 */ 186 187 typedef struct esp_kstats_s { 188 kstat_named_t esp_stat_num_aalgs; 189 kstat_named_t esp_stat_good_auth; 190 kstat_named_t esp_stat_bad_auth; 191 kstat_named_t esp_stat_bad_padding; 192 kstat_named_t esp_stat_replay_failures; 193 kstat_named_t esp_stat_replay_early_failures; 194 kstat_named_t esp_stat_keysock_in; 195 kstat_named_t esp_stat_out_requests; 196 kstat_named_t esp_stat_acquire_requests; 197 kstat_named_t esp_stat_bytes_expired; 198 kstat_named_t esp_stat_out_discards; 199 kstat_named_t esp_stat_in_accelerated; 200 kstat_named_t esp_stat_out_accelerated; 201 kstat_named_t esp_stat_noaccel; 202 kstat_named_t esp_stat_crypto_sync; 203 kstat_named_t esp_stat_crypto_async; 204 kstat_named_t esp_stat_crypto_failures; 205 kstat_named_t esp_stat_num_ealgs; 206 kstat_named_t esp_stat_bad_decrypt; 207 kstat_named_t esp_stat_sa_port_renumbers; 208 } esp_kstats_t; 209 210 /* 211 * espstack->esp_kstats is equal to espstack->esp_ksp->ks_data if 212 * kstat_create_netstack for espstack->esp_ksp succeeds, but when it 213 * fails, it will be NULL. Note this is done for all stack instances, 214 * so it *could* fail. hence a non-NULL checking is done for 215 * ESP_BUMP_STAT and ESP_DEBUMP_STAT 216 */ 217 #define ESP_BUMP_STAT(espstack, x) \ 218 do { \ 219 if (espstack->esp_kstats != NULL) \ 220 (espstack->esp_kstats->esp_stat_ ## x).value.ui64++; \ 221 _NOTE(CONSTCOND) \ 222 } while (0) 223 224 #define ESP_DEBUMP_STAT(espstack, x) \ 225 do { \ 226 if (espstack->esp_kstats != NULL) \ 227 (espstack->esp_kstats->esp_stat_ ## x).value.ui64--; \ 228 _NOTE(CONSTCOND) \ 229 } while (0) 230 231 static int esp_kstat_update(kstat_t *, int); 232 233 static boolean_t 234 esp_kstat_init(ipsecesp_stack_t *espstack, netstackid_t stackid) 235 { 236 espstack->esp_ksp = kstat_create_netstack("ipsecesp", 0, "esp_stat", 237 "net", KSTAT_TYPE_NAMED, 238 sizeof (esp_kstats_t) / sizeof (kstat_named_t), 239 KSTAT_FLAG_PERSISTENT, stackid); 240 241 if (espstack->esp_ksp == NULL || espstack->esp_ksp->ks_data == NULL) 242 return (B_FALSE); 243 244 espstack->esp_kstats = espstack->esp_ksp->ks_data; 245 246 espstack->esp_ksp->ks_update = esp_kstat_update; 247 espstack->esp_ksp->ks_private = (void *)(uintptr_t)stackid; 248 249 #define K64 KSTAT_DATA_UINT64 250 #define KI(x) kstat_named_init(&(espstack->esp_kstats->esp_stat_##x), #x, K64) 251 252 KI(num_aalgs); 253 KI(num_ealgs); 254 KI(good_auth); 255 KI(bad_auth); 256 KI(bad_padding); 257 KI(replay_failures); 258 KI(replay_early_failures); 259 KI(keysock_in); 260 KI(out_requests); 261 KI(acquire_requests); 262 KI(bytes_expired); 263 KI(out_discards); 264 KI(in_accelerated); 265 KI(out_accelerated); 266 KI(noaccel); 267 KI(crypto_sync); 268 KI(crypto_async); 269 KI(crypto_failures); 270 KI(bad_decrypt); 271 KI(sa_port_renumbers); 272 273 #undef KI 274 #undef K64 275 276 kstat_install(espstack->esp_ksp); 277 278 return (B_TRUE); 279 } 280 281 static int 282 esp_kstat_update(kstat_t *kp, int rw) 283 { 284 esp_kstats_t *ekp; 285 netstackid_t stackid = (zoneid_t)(uintptr_t)kp->ks_private; 286 netstack_t *ns; 287 ipsec_stack_t *ipss; 288 289 if ((kp == NULL) || (kp->ks_data == NULL)) 290 return (EIO); 291 292 if (rw == KSTAT_WRITE) 293 return (EACCES); 294 295 ns = netstack_find_by_stackid(stackid); 296 if (ns == NULL) 297 return (-1); 298 ipss = ns->netstack_ipsec; 299 if (ipss == NULL) { 300 netstack_rele(ns); 301 return (-1); 302 } 303 ekp = (esp_kstats_t *)kp->ks_data; 304 305 mutex_enter(&ipss->ipsec_alg_lock); 306 ekp->esp_stat_num_aalgs.value.ui64 = 307 ipss->ipsec_nalgs[IPSEC_ALG_AUTH]; 308 ekp->esp_stat_num_ealgs.value.ui64 = 309 ipss->ipsec_nalgs[IPSEC_ALG_ENCR]; 310 mutex_exit(&ipss->ipsec_alg_lock); 311 312 netstack_rele(ns); 313 return (0); 314 } 315 316 #ifdef DEBUG 317 /* 318 * Debug routine, useful to see pre-encryption data. 319 */ 320 static char * 321 dump_msg(mblk_t *mp) 322 { 323 char tmp_str[3], tmp_line[256]; 324 325 while (mp != NULL) { 326 unsigned char *ptr; 327 328 printf("mblk address 0x%p, length %ld, db_ref %d " 329 "type %d, base 0x%p, lim 0x%p\n", 330 (void *) mp, (long)(mp->b_wptr - mp->b_rptr), 331 mp->b_datap->db_ref, mp->b_datap->db_type, 332 (void *)mp->b_datap->db_base, (void *)mp->b_datap->db_lim); 333 ptr = mp->b_rptr; 334 335 tmp_line[0] = '\0'; 336 while (ptr < mp->b_wptr) { 337 uint_t diff; 338 339 diff = (ptr - mp->b_rptr); 340 if (!(diff & 0x1f)) { 341 if (strlen(tmp_line) > 0) { 342 printf("bytes: %s\n", tmp_line); 343 tmp_line[0] = '\0'; 344 } 345 } 346 if (!(diff & 0x3)) 347 (void) strcat(tmp_line, " "); 348 (void) sprintf(tmp_str, "%02x", *ptr); 349 (void) strcat(tmp_line, tmp_str); 350 ptr++; 351 } 352 if (strlen(tmp_line) > 0) 353 printf("bytes: %s\n", tmp_line); 354 355 mp = mp->b_cont; 356 } 357 358 return ("\n"); 359 } 360 361 #else /* DEBUG */ 362 static char * 363 dump_msg(mblk_t *mp) 364 { 365 printf("Find value of mp %p.\n", mp); 366 return ("\n"); 367 } 368 #endif /* DEBUG */ 369 370 /* 371 * Don't have to lock age_interval, as only one thread will access it at 372 * a time, because I control the one function that does with timeout(). 373 */ 374 static void 375 esp_ager(void *arg) 376 { 377 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)arg; 378 netstack_t *ns = espstack->ipsecesp_netstack; 379 hrtime_t begin = gethrtime(); 380 381 sadb_ager(&espstack->esp_sadb.s_v4, espstack->esp_pfkey_q, 382 espstack->esp_sadb.s_ip_q, espstack->ipsecesp_reap_delay, ns); 383 sadb_ager(&espstack->esp_sadb.s_v6, espstack->esp_pfkey_q, 384 espstack->esp_sadb.s_ip_q, espstack->ipsecesp_reap_delay, ns); 385 386 espstack->esp_event = sadb_retimeout(begin, espstack->esp_pfkey_q, 387 esp_ager, espstack, 388 &espstack->ipsecesp_age_interval, espstack->ipsecesp_age_int_max, 389 info.mi_idnum); 390 } 391 392 /* 393 * Get an ESP NDD parameter. 394 */ 395 /* ARGSUSED */ 396 static int 397 ipsecesp_param_get(q, mp, cp, cr) 398 queue_t *q; 399 mblk_t *mp; 400 caddr_t cp; 401 cred_t *cr; 402 { 403 ipsecespparam_t *ipsecesppa = (ipsecespparam_t *)cp; 404 uint_t value; 405 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 406 407 mutex_enter(&espstack->ipsecesp_param_lock); 408 value = ipsecesppa->ipsecesp_param_value; 409 mutex_exit(&espstack->ipsecesp_param_lock); 410 411 (void) mi_mpprintf(mp, "%u", value); 412 return (0); 413 } 414 415 /* 416 * This routine sets an NDD variable in a ipsecespparam_t structure. 417 */ 418 /* ARGSUSED */ 419 static int 420 ipsecesp_param_set(q, mp, value, cp, cr) 421 queue_t *q; 422 mblk_t *mp; 423 char *value; 424 caddr_t cp; 425 cred_t *cr; 426 { 427 ulong_t new_value; 428 ipsecespparam_t *ipsecesppa = (ipsecespparam_t *)cp; 429 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 430 431 /* 432 * Fail the request if the new value does not lie within the 433 * required bounds. 434 */ 435 if (ddi_strtoul(value, NULL, 10, &new_value) != 0 || 436 new_value < ipsecesppa->ipsecesp_param_min || 437 new_value > ipsecesppa->ipsecesp_param_max) { 438 return (EINVAL); 439 } 440 441 /* Set the new value */ 442 mutex_enter(&espstack->ipsecesp_param_lock); 443 ipsecesppa->ipsecesp_param_value = new_value; 444 mutex_exit(&espstack->ipsecesp_param_lock); 445 return (0); 446 } 447 448 /* 449 * Using lifetime NDD variables, fill in an extended combination's 450 * lifetime information. 451 */ 452 void 453 ipsecesp_fill_defs(sadb_x_ecomb_t *ecomb, netstack_t *ns) 454 { 455 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 456 457 ecomb->sadb_x_ecomb_soft_bytes = espstack->ipsecesp_default_soft_bytes; 458 ecomb->sadb_x_ecomb_hard_bytes = espstack->ipsecesp_default_hard_bytes; 459 ecomb->sadb_x_ecomb_soft_addtime = 460 espstack->ipsecesp_default_soft_addtime; 461 ecomb->sadb_x_ecomb_hard_addtime = 462 espstack->ipsecesp_default_hard_addtime; 463 ecomb->sadb_x_ecomb_soft_usetime = 464 espstack->ipsecesp_default_soft_usetime; 465 ecomb->sadb_x_ecomb_hard_usetime = 466 espstack->ipsecesp_default_hard_usetime; 467 } 468 469 /* 470 * Initialize things for ESP at module load time. 471 */ 472 boolean_t 473 ipsecesp_ddi_init(void) 474 { 475 esp_taskq = taskq_create("esp_taskq", 1, minclsyspri, 476 IPSEC_TASKQ_MIN, IPSEC_TASKQ_MAX, 0); 477 478 /* 479 * We want to be informed each time a stack is created or 480 * destroyed in the kernel, so we can maintain the 481 * set of ipsecesp_stack_t's. 482 */ 483 netstack_register(NS_IPSECESP, ipsecesp_stack_init, NULL, 484 ipsecesp_stack_fini); 485 486 return (B_TRUE); 487 } 488 489 /* 490 * Walk through the param array specified registering each element with the 491 * named dispatch handler. 492 */ 493 static boolean_t 494 ipsecesp_param_register(IDP *ndp, ipsecespparam_t *espp, int cnt) 495 { 496 for (; cnt-- > 0; espp++) { 497 if (espp->ipsecesp_param_name != NULL && 498 espp->ipsecesp_param_name[0]) { 499 if (!nd_load(ndp, 500 espp->ipsecesp_param_name, 501 ipsecesp_param_get, ipsecesp_param_set, 502 (caddr_t)espp)) { 503 nd_free(ndp); 504 return (B_FALSE); 505 } 506 } 507 } 508 return (B_TRUE); 509 } 510 /* 511 * Initialize things for ESP for each stack instance 512 */ 513 static void * 514 ipsecesp_stack_init(netstackid_t stackid, netstack_t *ns) 515 { 516 ipsecesp_stack_t *espstack; 517 ipsecespparam_t *espp; 518 519 espstack = (ipsecesp_stack_t *)kmem_zalloc(sizeof (*espstack), 520 KM_SLEEP); 521 espstack->ipsecesp_netstack = ns; 522 523 espp = (ipsecespparam_t *)kmem_alloc(sizeof (lcl_param_arr), KM_SLEEP); 524 espstack->ipsecesp_params = espp; 525 bcopy(lcl_param_arr, espp, sizeof (lcl_param_arr)); 526 527 (void) ipsecesp_param_register(&espstack->ipsecesp_g_nd, espp, 528 A_CNT(lcl_param_arr)); 529 530 (void) esp_kstat_init(espstack, stackid); 531 532 espstack->esp_sadb.s_acquire_timeout = 533 &espstack->ipsecesp_acquire_timeout; 534 espstack->esp_sadb.s_acqfn = esp_send_acquire; 535 sadbp_init("ESP", &espstack->esp_sadb, SADB_SATYPE_ESP, esp_hash_size, 536 espstack->ipsecesp_netstack); 537 538 mutex_init(&espstack->ipsecesp_param_lock, NULL, MUTEX_DEFAULT, 0); 539 540 ip_drop_register(&espstack->esp_dropper, "IPsec ESP"); 541 return (espstack); 542 } 543 544 /* 545 * Destroy things for ESP at module unload time. 546 */ 547 void 548 ipsecesp_ddi_destroy(void) 549 { 550 netstack_unregister(NS_IPSECESP); 551 taskq_destroy(esp_taskq); 552 } 553 554 /* 555 * Destroy things for ESP for one stack instance 556 */ 557 static void 558 ipsecesp_stack_fini(netstackid_t stackid, void *arg) 559 { 560 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)arg; 561 562 if (espstack->esp_pfkey_q != NULL) { 563 (void) quntimeout(espstack->esp_pfkey_q, espstack->esp_event); 564 } 565 espstack->esp_sadb.s_acqfn = NULL; 566 espstack->esp_sadb.s_acquire_timeout = NULL; 567 sadbp_destroy(&espstack->esp_sadb, espstack->ipsecesp_netstack); 568 ip_drop_unregister(&espstack->esp_dropper); 569 mutex_destroy(&espstack->ipsecesp_param_lock); 570 nd_free(&espstack->ipsecesp_g_nd); 571 572 kmem_free(espstack->ipsecesp_params, sizeof (lcl_param_arr)); 573 espstack->ipsecesp_params = NULL; 574 kstat_delete_netstack(espstack->esp_ksp, stackid); 575 espstack->esp_ksp = NULL; 576 espstack->esp_kstats = NULL; 577 kmem_free(espstack, sizeof (*espstack)); 578 } 579 580 /* 581 * ESP module open routine. 582 */ 583 /* ARGSUSED */ 584 static int 585 ipsecesp_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp) 586 { 587 netstack_t *ns; 588 ipsecesp_stack_t *espstack; 589 590 if (secpolicy_ip_config(credp, B_FALSE) != 0) { 591 esp0dbg(("Non-privileged user trying to open ipsecesp.\n")); 592 return (EPERM); 593 } 594 595 if (q->q_ptr != NULL) 596 return (0); /* Re-open of an already open instance. */ 597 598 if (sflag != MODOPEN) 599 return (EINVAL); 600 601 ns = netstack_find_by_cred(credp); 602 ASSERT(ns != NULL); 603 espstack = ns->netstack_ipsecesp; 604 ASSERT(espstack != NULL); 605 606 /* 607 * ASSUMPTIONS (because I'm MT_OCEXCL): 608 * 609 * * I'm being pushed on top of IP for all my opens (incl. #1). 610 * * Only ipsecesp_open() can write into esp_sadb.s_ip_q. 611 * * Because of this, I can check lazily for esp_sadb.s_ip_q. 612 * 613 * If these assumptions are wrong, I'm in BIG trouble... 614 */ 615 616 q->q_ptr = espstack; 617 WR(q)->q_ptr = q->q_ptr; 618 619 if (espstack->esp_sadb.s_ip_q == NULL) { 620 struct T_unbind_req *tur; 621 622 espstack->esp_sadb.s_ip_q = WR(q); 623 /* Allocate an unbind... */ 624 espstack->esp_ip_unbind = allocb(sizeof (struct T_unbind_req), 625 BPRI_HI); 626 627 /* 628 * Send down T_BIND_REQ to bind IPPROTO_ESP. 629 * Handle the ACK here in ESP. 630 */ 631 qprocson(q); 632 if (espstack->esp_ip_unbind == NULL || 633 !sadb_t_bind_req(espstack->esp_sadb.s_ip_q, IPPROTO_ESP)) { 634 if (espstack->esp_ip_unbind != NULL) { 635 freeb(espstack->esp_ip_unbind); 636 espstack->esp_ip_unbind = NULL; 637 } 638 q->q_ptr = NULL; 639 netstack_rele(espstack->ipsecesp_netstack); 640 return (ENOMEM); 641 } 642 643 espstack->esp_ip_unbind->b_datap->db_type = M_PROTO; 644 tur = (struct T_unbind_req *)espstack->esp_ip_unbind->b_rptr; 645 tur->PRIM_type = T_UNBIND_REQ; 646 } else { 647 qprocson(q); 648 } 649 650 /* 651 * For now, there's not much I can do. I'll be getting a message 652 * passed down to me from keysock (in my wput), and a T_BIND_ACK 653 * up from IP (in my rput). 654 */ 655 656 return (0); 657 } 658 659 /* 660 * ESP module close routine. 661 */ 662 static int 663 ipsecesp_close(queue_t *q) 664 { 665 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 666 667 /* 668 * If esp_sadb.s_ip_q is attached to this instance, send a 669 * T_UNBIND_REQ to IP for the instance before doing 670 * a qprocsoff(). 671 */ 672 if (WR(q) == espstack->esp_sadb.s_ip_q && 673 espstack->esp_ip_unbind != NULL) { 674 putnext(WR(q), espstack->esp_ip_unbind); 675 espstack->esp_ip_unbind = NULL; 676 } 677 678 /* 679 * Clean up q_ptr, if needed. 680 */ 681 qprocsoff(q); 682 683 /* Keysock queue check is safe, because of OCEXCL perimeter. */ 684 685 if (q == espstack->esp_pfkey_q) { 686 esp1dbg(espstack, 687 ("ipsecesp_close: Ummm... keysock is closing ESP.\n")); 688 espstack->esp_pfkey_q = NULL; 689 /* Detach qtimeouts. */ 690 (void) quntimeout(q, espstack->esp_event); 691 } 692 693 if (WR(q) == espstack->esp_sadb.s_ip_q) { 694 /* 695 * If the esp_sadb.s_ip_q is attached to this instance, find 696 * another. The OCEXCL outer perimeter helps us here. 697 */ 698 espstack->esp_sadb.s_ip_q = NULL; 699 700 /* 701 * Find a replacement queue for esp_sadb.s_ip_q. 702 */ 703 if (espstack->esp_pfkey_q != NULL && 704 espstack->esp_pfkey_q != RD(q)) { 705 /* 706 * See if we can use the pfkey_q. 707 */ 708 espstack->esp_sadb.s_ip_q = WR(espstack->esp_pfkey_q); 709 } 710 711 if (espstack->esp_sadb.s_ip_q == NULL || 712 !sadb_t_bind_req(espstack->esp_sadb.s_ip_q, IPPROTO_ESP)) { 713 esp1dbg(espstack, ("ipsecesp: Can't reassign ip_q.\n")); 714 espstack->esp_sadb.s_ip_q = NULL; 715 } else { 716 espstack->esp_ip_unbind = 717 allocb(sizeof (struct T_unbind_req), BPRI_HI); 718 719 if (espstack->esp_ip_unbind != NULL) { 720 struct T_unbind_req *tur; 721 722 espstack->esp_ip_unbind->b_datap->db_type = 723 M_PROTO; 724 tur = (struct T_unbind_req *) 725 espstack->esp_ip_unbind->b_rptr; 726 tur->PRIM_type = T_UNBIND_REQ; 727 } 728 /* If it's NULL, I can't do much here. */ 729 } 730 } 731 732 netstack_rele(espstack->ipsecesp_netstack); 733 return (0); 734 } 735 736 /* 737 * Add a number of bytes to what the SA has protected so far. Return 738 * B_TRUE if the SA can still protect that many bytes. 739 * 740 * Caller must REFRELE the passed-in assoc. This function must REFRELE 741 * any obtained peer SA. 742 */ 743 static boolean_t 744 esp_age_bytes(ipsa_t *assoc, uint64_t bytes, boolean_t inbound) 745 { 746 ipsa_t *inassoc, *outassoc; 747 isaf_t *bucket; 748 boolean_t inrc, outrc, isv6; 749 sadb_t *sp; 750 int outhash; 751 netstack_t *ns = assoc->ipsa_netstack; 752 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 753 754 /* No peer? No problem! */ 755 if (!assoc->ipsa_haspeer) { 756 return (sadb_age_bytes(espstack->esp_pfkey_q, assoc, bytes, 757 B_TRUE)); 758 } 759 760 /* 761 * Otherwise, we want to grab both the original assoc and its peer. 762 * There might be a race for this, but if it's a real race, two 763 * expire messages may occur. We limit this by only sending the 764 * expire message on one of the peers, we'll pick the inbound 765 * arbitrarily. 766 * 767 * If we need tight synchronization on the peer SA, then we need to 768 * reconsider. 769 */ 770 771 /* Use address length to select IPv6/IPv4 */ 772 isv6 = (assoc->ipsa_addrfam == AF_INET6); 773 sp = isv6 ? &espstack->esp_sadb.s_v6 : &espstack->esp_sadb.s_v4; 774 775 if (inbound) { 776 inassoc = assoc; 777 if (isv6) { 778 outhash = OUTBOUND_HASH_V6(sp, *((in6_addr_t *) 779 &inassoc->ipsa_dstaddr)); 780 } else { 781 outhash = OUTBOUND_HASH_V4(sp, *((ipaddr_t *) 782 &inassoc->ipsa_dstaddr)); 783 } 784 bucket = &sp->sdb_of[outhash]; 785 mutex_enter(&bucket->isaf_lock); 786 outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi, 787 inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr, 788 inassoc->ipsa_addrfam); 789 mutex_exit(&bucket->isaf_lock); 790 if (outassoc == NULL) { 791 /* Q: Do we wish to set haspeer == B_FALSE? */ 792 esp0dbg(("esp_age_bytes: " 793 "can't find peer for inbound.\n")); 794 return (sadb_age_bytes(espstack->esp_pfkey_q, inassoc, 795 bytes, B_TRUE)); 796 } 797 } else { 798 outassoc = assoc; 799 bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi); 800 mutex_enter(&bucket->isaf_lock); 801 inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi, 802 outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr, 803 outassoc->ipsa_addrfam); 804 mutex_exit(&bucket->isaf_lock); 805 if (inassoc == NULL) { 806 /* Q: Do we wish to set haspeer == B_FALSE? */ 807 esp0dbg(("esp_age_bytes: " 808 "can't find peer for outbound.\n")); 809 return (sadb_age_bytes(espstack->esp_pfkey_q, outassoc, 810 bytes, B_TRUE)); 811 } 812 } 813 814 inrc = sadb_age_bytes(espstack->esp_pfkey_q, inassoc, bytes, B_TRUE); 815 outrc = sadb_age_bytes(espstack->esp_pfkey_q, outassoc, bytes, B_FALSE); 816 817 /* 818 * REFRELE any peer SA. 819 * 820 * Because of the multi-line macro nature of IPSA_REFRELE, keep 821 * them in { }. 822 */ 823 if (inbound) { 824 IPSA_REFRELE(outassoc); 825 } else { 826 IPSA_REFRELE(inassoc); 827 } 828 829 return (inrc && outrc); 830 } 831 832 /* 833 * Do incoming NAT-T manipulations for packet. 834 */ 835 static ipsec_status_t 836 esp_fix_natt_checksums(mblk_t *data_mp, ipsa_t *assoc) 837 { 838 ipha_t *ipha = (ipha_t *)data_mp->b_rptr; 839 tcpha_t *tcph; 840 udpha_t *udpha; 841 /* Initialize to our inbound cksum adjustment... */ 842 uint32_t sum = assoc->ipsa_inbound_cksum; 843 844 switch (ipha->ipha_protocol) { 845 case IPPROTO_TCP: 846 tcph = (tcpha_t *)(data_mp->b_rptr + 847 IPH_HDR_LENGTH(ipha)); 848 849 #define DOWN_SUM(x) (x) = ((x) & 0xFFFF) + ((x) >> 16) 850 sum += ~ntohs(tcph->tha_sum) & 0xFFFF; 851 DOWN_SUM(sum); 852 DOWN_SUM(sum); 853 tcph->tha_sum = ~htons(sum); 854 break; 855 case IPPROTO_UDP: 856 udpha = (udpha_t *)(data_mp->b_rptr + IPH_HDR_LENGTH(ipha)); 857 858 if (udpha->uha_checksum != 0) { 859 /* Adujst if the inbound one was not zero. */ 860 sum += ~ntohs(udpha->uha_checksum) & 0xFFFF; 861 DOWN_SUM(sum); 862 DOWN_SUM(sum); 863 udpha->uha_checksum = ~htons(sum); 864 if (udpha->uha_checksum == 0) 865 udpha->uha_checksum = 0xFFFF; 866 } 867 #undef DOWN_SUM 868 break; 869 case IPPROTO_IP: 870 /* 871 * This case is only an issue for self-encapsulated 872 * packets. So for now, fall through. 873 */ 874 break; 875 } 876 return (IPSEC_STATUS_SUCCESS); 877 } 878 879 880 /* 881 * Strip ESP header, check padding, and fix IP header. 882 * Returns B_TRUE on success, B_FALSE if an error occured. 883 */ 884 static boolean_t 885 esp_strip_header(mblk_t *data_mp, boolean_t isv4, uint32_t ivlen, 886 kstat_named_t **counter, ipsecesp_stack_t *espstack) 887 { 888 ipha_t *ipha; 889 ip6_t *ip6h; 890 uint_t divpoint; 891 mblk_t *scratch; 892 uint8_t nexthdr, padlen; 893 uint8_t lastpad; 894 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 895 uint8_t *lastbyte; 896 897 /* 898 * Strip ESP data and fix IP header. 899 * 900 * XXX In case the beginning of esp_inbound() changes to not do a 901 * pullup, this part of the code can remain unchanged. 902 */ 903 if (isv4) { 904 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (ipha_t)); 905 ipha = (ipha_t *)data_mp->b_rptr; 906 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (esph_t) + 907 IPH_HDR_LENGTH(ipha)); 908 divpoint = IPH_HDR_LENGTH(ipha); 909 } else { 910 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (ip6_t)); 911 ip6h = (ip6_t *)data_mp->b_rptr; 912 divpoint = ip_hdr_length_v6(data_mp, ip6h); 913 } 914 915 scratch = data_mp; 916 while (scratch->b_cont != NULL) 917 scratch = scratch->b_cont; 918 919 ASSERT((scratch->b_wptr - scratch->b_rptr) >= 3); 920 921 /* 922 * "Next header" and padding length are the last two bytes in the 923 * ESP-protected datagram, thus the explicit - 1 and - 2. 924 * lastpad is the last byte of the padding, which can be used for 925 * a quick check to see if the padding is correct. 926 */ 927 lastbyte = scratch->b_wptr - 1; 928 nexthdr = *lastbyte--; 929 padlen = *lastbyte--; 930 931 if (isv4) { 932 /* Fix part of the IP header. */ 933 ipha->ipha_protocol = nexthdr; 934 /* 935 * Reality check the padlen. The explicit - 2 is for the 936 * padding length and the next-header bytes. 937 */ 938 if (padlen >= ntohs(ipha->ipha_length) - sizeof (ipha_t) - 2 - 939 sizeof (esph_t) - ivlen) { 940 ESP_BUMP_STAT(espstack, bad_decrypt); 941 ipsec_rl_strlog(espstack->ipsecesp_netstack, 942 info.mi_idnum, 0, 0, 943 SL_ERROR | SL_WARN, 944 "Corrupt ESP packet (padlen too big).\n"); 945 esp1dbg(espstack, ("padlen (%d) is greater than:\n", 946 padlen)); 947 esp1dbg(espstack, ("pkt len(%d) - ip hdr - esp " 948 "hdr - ivlen(%d) = %d.\n", 949 ntohs(ipha->ipha_length), ivlen, 950 (int)(ntohs(ipha->ipha_length) - sizeof (ipha_t) - 951 2 - sizeof (esph_t) - ivlen))); 952 *counter = DROPPER(ipss, ipds_esp_bad_padlen); 953 return (B_FALSE); 954 } 955 956 /* 957 * Fix the rest of the header. The explicit - 2 is for the 958 * padding length and the next-header bytes. 959 */ 960 ipha->ipha_length = htons(ntohs(ipha->ipha_length) - padlen - 961 2 - sizeof (esph_t) - ivlen); 962 ipha->ipha_hdr_checksum = 0; 963 ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha); 964 } else { 965 if (ip6h->ip6_nxt == IPPROTO_ESP) { 966 ip6h->ip6_nxt = nexthdr; 967 } else { 968 ip6_pkt_t ipp; 969 970 bzero(&ipp, sizeof (ipp)); 971 (void) ip_find_hdr_v6(data_mp, ip6h, &ipp, NULL); 972 if (ipp.ipp_dstopts != NULL) { 973 ipp.ipp_dstopts->ip6d_nxt = nexthdr; 974 } else if (ipp.ipp_rthdr != NULL) { 975 ipp.ipp_rthdr->ip6r_nxt = nexthdr; 976 } else if (ipp.ipp_hopopts != NULL) { 977 ipp.ipp_hopopts->ip6h_nxt = nexthdr; 978 } else { 979 /* Panic a DEBUG kernel. */ 980 ASSERT(ipp.ipp_hopopts != NULL); 981 /* Otherwise, pretend it's IP + ESP. */ 982 cmn_err(CE_WARN, "ESP IPv6 headers wrong.\n"); 983 ip6h->ip6_nxt = nexthdr; 984 } 985 } 986 987 if (padlen >= ntohs(ip6h->ip6_plen) - 2 - sizeof (esph_t) - 988 ivlen) { 989 ESP_BUMP_STAT(espstack, bad_decrypt); 990 ipsec_rl_strlog(espstack->ipsecesp_netstack, 991 info.mi_idnum, 0, 0, 992 SL_ERROR | SL_WARN, 993 "Corrupt ESP packet (v6 padlen too big).\n"); 994 esp1dbg(espstack, ("padlen (%d) is greater than:\n", 995 padlen)); 996 esp1dbg(espstack, 997 ("pkt len(%u) - ip hdr - esp hdr - ivlen(%d) = " 998 "%u.\n", (unsigned)(ntohs(ip6h->ip6_plen) 999 + sizeof (ip6_t)), ivlen, 1000 (unsigned)(ntohs(ip6h->ip6_plen) - 2 - 1001 sizeof (esph_t) - ivlen))); 1002 *counter = DROPPER(ipss, ipds_esp_bad_padlen); 1003 return (B_FALSE); 1004 } 1005 1006 1007 /* 1008 * Fix the rest of the header. The explicit - 2 is for the 1009 * padding length and the next-header bytes. IPv6 is nice, 1010 * because there's no hdr checksum! 1011 */ 1012 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - padlen - 1013 2 - sizeof (esph_t) - ivlen); 1014 } 1015 1016 if (espstack->ipsecesp_padding_check > 0 && padlen > 0) { 1017 /* 1018 * Weak padding check: compare last-byte to length, they 1019 * should be equal. 1020 */ 1021 lastpad = *lastbyte--; 1022 1023 if (padlen != lastpad) { 1024 ipsec_rl_strlog(espstack->ipsecesp_netstack, 1025 info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 1026 "Corrupt ESP packet (lastpad != padlen).\n"); 1027 esp1dbg(espstack, 1028 ("lastpad (%d) not equal to padlen (%d):\n", 1029 lastpad, padlen)); 1030 ESP_BUMP_STAT(espstack, bad_padding); 1031 *counter = DROPPER(ipss, ipds_esp_bad_padding); 1032 return (B_FALSE); 1033 } 1034 1035 /* 1036 * Strong padding check: Check all pad bytes to see that 1037 * they're ascending. Go backwards using a descending counter 1038 * to verify. padlen == 1 is checked by previous block, so 1039 * only bother if we've more than 1 byte of padding. 1040 * Consequently, start the check one byte before the location 1041 * of "lastpad". 1042 */ 1043 if (espstack->ipsecesp_padding_check > 1) { 1044 /* 1045 * This assert may have to become an if and a pullup 1046 * if we start accepting multi-dblk mblks. For now, 1047 * though, any packet here will have been pulled up in 1048 * esp_inbound. 1049 */ 1050 ASSERT(MBLKL(scratch) >= lastpad + 3); 1051 1052 /* 1053 * Use "--lastpad" because we already checked the very 1054 * last pad byte previously. 1055 */ 1056 while (--lastpad != 0) { 1057 if (lastpad != *lastbyte) { 1058 ipsec_rl_strlog( 1059 espstack->ipsecesp_netstack, 1060 info.mi_idnum, 0, 0, 1061 SL_ERROR | SL_WARN, "Corrupt ESP " 1062 "packet (bad padding).\n"); 1063 esp1dbg(espstack, 1064 ("padding not in correct" 1065 " format:\n")); 1066 ESP_BUMP_STAT(espstack, bad_padding); 1067 *counter = DROPPER(ipss, 1068 ipds_esp_bad_padding); 1069 return (B_FALSE); 1070 } 1071 lastbyte--; 1072 } 1073 } 1074 } 1075 1076 /* Trim off the padding. */ 1077 ASSERT(data_mp->b_cont == NULL); 1078 data_mp->b_wptr -= (padlen + 2); 1079 1080 /* 1081 * Remove the ESP header. 1082 * 1083 * The above assertions about data_mp's size will make this work. 1084 * 1085 * XXX Question: If I send up and get back a contiguous mblk, 1086 * would it be quicker to bcopy over, or keep doing the dupb stuff? 1087 * I go with copying for now. 1088 */ 1089 1090 if (IS_P2ALIGNED(data_mp->b_rptr, sizeof (uint32_t)) && 1091 IS_P2ALIGNED(ivlen, sizeof (uint32_t))) { 1092 uint8_t *start = data_mp->b_rptr; 1093 uint32_t *src, *dst; 1094 1095 src = (uint32_t *)(start + divpoint); 1096 dst = (uint32_t *)(start + divpoint + sizeof (esph_t) + ivlen); 1097 1098 ASSERT(IS_P2ALIGNED(dst, sizeof (uint32_t)) && 1099 IS_P2ALIGNED(src, sizeof (uint32_t))); 1100 1101 do { 1102 src--; 1103 dst--; 1104 *dst = *src; 1105 } while (src != (uint32_t *)start); 1106 1107 data_mp->b_rptr = (uchar_t *)dst; 1108 } else { 1109 uint8_t *start = data_mp->b_rptr; 1110 uint8_t *src, *dst; 1111 1112 src = start + divpoint; 1113 dst = src + sizeof (esph_t) + ivlen; 1114 1115 do { 1116 src--; 1117 dst--; 1118 *dst = *src; 1119 } while (src != start); 1120 1121 data_mp->b_rptr = dst; 1122 } 1123 1124 esp2dbg(espstack, ("data_mp after inbound ESP adjustment:\n")); 1125 esp2dbg(espstack, (dump_msg(data_mp))); 1126 1127 return (B_TRUE); 1128 } 1129 1130 /* 1131 * Updating use times can be tricky business if the ipsa_haspeer flag is 1132 * set. This function is called once in an SA's lifetime. 1133 * 1134 * Caller has to REFRELE "assoc" which is passed in. This function has 1135 * to REFRELE any peer SA that is obtained. 1136 */ 1137 static void 1138 esp_set_usetime(ipsa_t *assoc, boolean_t inbound) 1139 { 1140 ipsa_t *inassoc, *outassoc; 1141 isaf_t *bucket; 1142 sadb_t *sp; 1143 int outhash; 1144 boolean_t isv6; 1145 netstack_t *ns = assoc->ipsa_netstack; 1146 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1147 1148 /* No peer? No problem! */ 1149 if (!assoc->ipsa_haspeer) { 1150 sadb_set_usetime(assoc); 1151 return; 1152 } 1153 1154 /* 1155 * Otherwise, we want to grab both the original assoc and its peer. 1156 * There might be a race for this, but if it's a real race, the times 1157 * will be out-of-synch by at most a second, and since our time 1158 * granularity is a second, this won't be a problem. 1159 * 1160 * If we need tight synchronization on the peer SA, then we need to 1161 * reconsider. 1162 */ 1163 1164 /* Use address length to select IPv6/IPv4 */ 1165 isv6 = (assoc->ipsa_addrfam == AF_INET6); 1166 sp = isv6 ? &espstack->esp_sadb.s_v6 : &espstack->esp_sadb.s_v4; 1167 1168 if (inbound) { 1169 inassoc = assoc; 1170 if (isv6) { 1171 outhash = OUTBOUND_HASH_V6(sp, *((in6_addr_t *) 1172 &inassoc->ipsa_dstaddr)); 1173 } else { 1174 outhash = OUTBOUND_HASH_V4(sp, *((ipaddr_t *) 1175 &inassoc->ipsa_dstaddr)); 1176 } 1177 bucket = &sp->sdb_of[outhash]; 1178 mutex_enter(&bucket->isaf_lock); 1179 outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi, 1180 inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr, 1181 inassoc->ipsa_addrfam); 1182 mutex_exit(&bucket->isaf_lock); 1183 if (outassoc == NULL) { 1184 /* Q: Do we wish to set haspeer == B_FALSE? */ 1185 esp0dbg(("esp_set_usetime: " 1186 "can't find peer for inbound.\n")); 1187 sadb_set_usetime(inassoc); 1188 return; 1189 } 1190 } else { 1191 outassoc = assoc; 1192 bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi); 1193 mutex_enter(&bucket->isaf_lock); 1194 inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi, 1195 outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr, 1196 outassoc->ipsa_addrfam); 1197 mutex_exit(&bucket->isaf_lock); 1198 if (inassoc == NULL) { 1199 /* Q: Do we wish to set haspeer == B_FALSE? */ 1200 esp0dbg(("esp_set_usetime: " 1201 "can't find peer for outbound.\n")); 1202 sadb_set_usetime(outassoc); 1203 return; 1204 } 1205 } 1206 1207 /* Update usetime on both. */ 1208 sadb_set_usetime(inassoc); 1209 sadb_set_usetime(outassoc); 1210 1211 /* 1212 * REFRELE any peer SA. 1213 * 1214 * Because of the multi-line macro nature of IPSA_REFRELE, keep 1215 * them in { }. 1216 */ 1217 if (inbound) { 1218 IPSA_REFRELE(outassoc); 1219 } else { 1220 IPSA_REFRELE(inassoc); 1221 } 1222 } 1223 1224 /* 1225 * Handle ESP inbound data for IPv4 and IPv6. 1226 * On success returns B_TRUE, on failure returns B_FALSE and frees the 1227 * mblk chain ipsec_in_mp. 1228 */ 1229 ipsec_status_t 1230 esp_inbound(mblk_t *ipsec_in_mp, void *arg) 1231 { 1232 mblk_t *data_mp = ipsec_in_mp->b_cont; 1233 ipsec_in_t *ii = (ipsec_in_t *)ipsec_in_mp->b_rptr; 1234 esph_t *esph = (esph_t *)arg; 1235 ipsa_t *ipsa = ii->ipsec_in_esp_sa; 1236 netstack_t *ns = ii->ipsec_in_ns; 1237 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1238 ipsec_stack_t *ipss = ns->netstack_ipsec; 1239 1240 /* 1241 * We may wish to check replay in-range-only here as an optimization. 1242 * Include the reality check of ipsa->ipsa_replay > 1243 * ipsa->ipsa_replay_wsize for times when it's the first N packets, 1244 * where N == ipsa->ipsa_replay_wsize. 1245 * 1246 * Another check that may come here later is the "collision" check. 1247 * If legitimate packets flow quickly enough, this won't be a problem, 1248 * but collisions may cause authentication algorithm crunching to 1249 * take place when it doesn't need to. 1250 */ 1251 if (!sadb_replay_peek(ipsa, esph->esph_replay)) { 1252 ESP_BUMP_STAT(espstack, replay_early_failures); 1253 IP_ESP_BUMP_STAT(ipss, in_discards); 1254 /* 1255 * TODO: Extract inbound interface from the IPSEC_IN 1256 * message's ii->ipsec_in_rill_index. 1257 */ 1258 ip_drop_packet(ipsec_in_mp, B_TRUE, NULL, NULL, 1259 DROPPER(ipss, ipds_esp_early_replay), 1260 &espstack->esp_dropper); 1261 return (IPSEC_STATUS_FAILED); 1262 } 1263 1264 /* 1265 * Has this packet already been processed by a hardware 1266 * IPsec accelerator? 1267 */ 1268 if (ii->ipsec_in_accelerated) { 1269 ipsec_status_t rv; 1270 esp3dbg(espstack, 1271 ("esp_inbound: pkt processed by ill=%d isv6=%d\n", 1272 ii->ipsec_in_ill_index, !ii->ipsec_in_v4)); 1273 rv = esp_inbound_accelerated(ipsec_in_mp, 1274 data_mp, ii->ipsec_in_v4, ipsa); 1275 return (rv); 1276 } 1277 ESP_BUMP_STAT(espstack, noaccel); 1278 1279 /* 1280 * Adjust the IP header's payload length to reflect the removal 1281 * of the ICV. 1282 */ 1283 if (!ii->ipsec_in_v4) { 1284 ip6_t *ip6h = (ip6_t *)data_mp->b_rptr; 1285 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - 1286 ipsa->ipsa_mac_len); 1287 } else { 1288 ipha_t *ipha = (ipha_t *)data_mp->b_rptr; 1289 ipha->ipha_length = htons(ntohs(ipha->ipha_length) - 1290 ipsa->ipsa_mac_len); 1291 } 1292 1293 /* submit the request to the crypto framework */ 1294 return (esp_submit_req_inbound(ipsec_in_mp, ipsa, 1295 (uint8_t *)esph - data_mp->b_rptr)); 1296 } 1297 1298 /* 1299 * Perform the really difficult work of inserting the proposed situation. 1300 * Called while holding the algorithm lock. 1301 */ 1302 static void 1303 esp_insert_prop(sadb_prop_t *prop, ipsacq_t *acqrec, uint_t combs) 1304 { 1305 sadb_comb_t *comb = (sadb_comb_t *)(prop + 1); 1306 ipsec_out_t *io; 1307 ipsec_action_t *ap; 1308 ipsec_prot_t *prot; 1309 netstack_t *ns; 1310 ipsecesp_stack_t *espstack; 1311 ipsec_stack_t *ipss; 1312 1313 io = (ipsec_out_t *)acqrec->ipsacq_mp->b_rptr; 1314 ASSERT(io->ipsec_out_type == IPSEC_OUT); 1315 ns = io->ipsec_out_ns; 1316 espstack = ns->netstack_ipsecesp; 1317 ipss = ns->netstack_ipsec; 1318 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock)); 1319 1320 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 1321 prop->sadb_prop_len = SADB_8TO64(sizeof (sadb_prop_t)); 1322 *(uint32_t *)(&prop->sadb_prop_replay) = 0; /* Quick zero-out! */ 1323 1324 prop->sadb_prop_replay = espstack->ipsecesp_replay_size; 1325 1326 /* 1327 * Based upon algorithm properties, and what-not, prioritize 1328 * a proposal. If the IPSEC_OUT message has an algorithm specified, 1329 * use it first and foremost. 1330 * 1331 * For each action in policy list 1332 * Add combination. If I've hit limit, return. 1333 */ 1334 1335 for (ap = acqrec->ipsacq_act; ap != NULL; 1336 ap = ap->ipa_next) { 1337 ipsec_alginfo_t *ealg = NULL; 1338 ipsec_alginfo_t *aalg = NULL; 1339 1340 if (ap->ipa_act.ipa_type != IPSEC_POLICY_APPLY) 1341 continue; 1342 1343 prot = &ap->ipa_act.ipa_apply; 1344 1345 if (!(prot->ipp_use_esp)) 1346 continue; 1347 1348 if (prot->ipp_esp_auth_alg != 0) { 1349 aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH] 1350 [prot->ipp_esp_auth_alg]; 1351 if (aalg == NULL || !ALG_VALID(aalg)) 1352 continue; 1353 } 1354 1355 ASSERT(prot->ipp_encr_alg > 0); 1356 ealg = ipss->ipsec_alglists[IPSEC_ALG_ENCR] 1357 [prot->ipp_encr_alg]; 1358 if (ealg == NULL || !ALG_VALID(ealg)) 1359 continue; 1360 1361 comb->sadb_comb_flags = 0; 1362 comb->sadb_comb_reserved = 0; 1363 comb->sadb_comb_encrypt = ealg->alg_id; 1364 comb->sadb_comb_encrypt_minbits = 1365 MAX(prot->ipp_espe_minbits, ealg->alg_ef_minbits); 1366 comb->sadb_comb_encrypt_maxbits = 1367 MIN(prot->ipp_espe_maxbits, ealg->alg_ef_maxbits); 1368 if (aalg == NULL) { 1369 comb->sadb_comb_auth = 0; 1370 comb->sadb_comb_auth_minbits = 0; 1371 comb->sadb_comb_auth_maxbits = 0; 1372 } else { 1373 comb->sadb_comb_auth = aalg->alg_id; 1374 comb->sadb_comb_auth_minbits = 1375 MAX(prot->ipp_espa_minbits, aalg->alg_ef_minbits); 1376 comb->sadb_comb_auth_maxbits = 1377 MIN(prot->ipp_espa_maxbits, aalg->alg_ef_maxbits); 1378 } 1379 1380 /* 1381 * The following may be based on algorithm 1382 * properties, but in the meantime, we just pick 1383 * some good, sensible numbers. Key mgmt. can 1384 * (and perhaps should) be the place to finalize 1385 * such decisions. 1386 */ 1387 1388 /* 1389 * No limits on allocations, since we really don't 1390 * support that concept currently. 1391 */ 1392 comb->sadb_comb_soft_allocations = 0; 1393 comb->sadb_comb_hard_allocations = 0; 1394 1395 /* 1396 * These may want to come from policy rule.. 1397 */ 1398 comb->sadb_comb_soft_bytes = 1399 espstack->ipsecesp_default_soft_bytes; 1400 comb->sadb_comb_hard_bytes = 1401 espstack->ipsecesp_default_hard_bytes; 1402 comb->sadb_comb_soft_addtime = 1403 espstack->ipsecesp_default_soft_addtime; 1404 comb->sadb_comb_hard_addtime = 1405 espstack->ipsecesp_default_hard_addtime; 1406 comb->sadb_comb_soft_usetime = 1407 espstack->ipsecesp_default_soft_usetime; 1408 comb->sadb_comb_hard_usetime = 1409 espstack->ipsecesp_default_hard_usetime; 1410 1411 prop->sadb_prop_len += SADB_8TO64(sizeof (*comb)); 1412 if (--combs == 0) 1413 break; /* out of space.. */ 1414 comb++; 1415 } 1416 } 1417 1418 /* 1419 * Prepare and actually send the SADB_ACQUIRE message to PF_KEY. 1420 */ 1421 static void 1422 esp_send_acquire(ipsacq_t *acqrec, mblk_t *extended, netstack_t *ns) 1423 { 1424 uint_t combs; 1425 sadb_msg_t *samsg; 1426 sadb_prop_t *prop; 1427 mblk_t *pfkeymp, *msgmp; 1428 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1429 ipsec_stack_t *ipss = ns->netstack_ipsec; 1430 1431 ESP_BUMP_STAT(espstack, acquire_requests); 1432 1433 if (espstack->esp_pfkey_q == NULL) { 1434 mutex_exit(&acqrec->ipsacq_lock); 1435 return; 1436 } 1437 1438 /* Set up ACQUIRE. */ 1439 pfkeymp = sadb_setup_acquire(acqrec, SADB_SATYPE_ESP, 1440 ns->netstack_ipsec); 1441 if (pfkeymp == NULL) { 1442 esp0dbg(("sadb_setup_acquire failed.\n")); 1443 mutex_exit(&acqrec->ipsacq_lock); 1444 return; 1445 } 1446 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock)); 1447 combs = ipss->ipsec_nalgs[IPSEC_ALG_AUTH] * 1448 ipss->ipsec_nalgs[IPSEC_ALG_ENCR]; 1449 msgmp = pfkeymp->b_cont; 1450 samsg = (sadb_msg_t *)(msgmp->b_rptr); 1451 1452 /* Insert proposal here. */ 1453 1454 prop = (sadb_prop_t *)(((uint64_t *)samsg) + samsg->sadb_msg_len); 1455 esp_insert_prop(prop, acqrec, combs); 1456 samsg->sadb_msg_len += prop->sadb_prop_len; 1457 msgmp->b_wptr += SADB_64TO8(samsg->sadb_msg_len); 1458 1459 mutex_exit(&ipss->ipsec_alg_lock); 1460 1461 /* 1462 * Must mutex_exit() before sending PF_KEY message up, in 1463 * order to avoid recursive mutex_enter() if there are no registered 1464 * listeners. 1465 * 1466 * Once I've sent the message, I'm cool anyway. 1467 */ 1468 mutex_exit(&acqrec->ipsacq_lock); 1469 if (extended != NULL) { 1470 putnext(espstack->esp_pfkey_q, extended); 1471 } 1472 putnext(espstack->esp_pfkey_q, pfkeymp); 1473 } 1474 1475 /* 1476 * Handle the SADB_GETSPI message. Create a larval SA. 1477 */ 1478 static void 1479 esp_getspi(mblk_t *mp, keysock_in_t *ksi, ipsecesp_stack_t *espstack) 1480 { 1481 ipsa_t *newbie, *target; 1482 isaf_t *outbound, *inbound; 1483 int rc, diagnostic; 1484 sadb_sa_t *assoc; 1485 keysock_out_t *kso; 1486 uint32_t newspi; 1487 1488 /* 1489 * Randomly generate a proposed SPI value 1490 */ 1491 (void) random_get_pseudo_bytes((uint8_t *)&newspi, sizeof (uint32_t)); 1492 newbie = sadb_getspi(ksi, newspi, &diagnostic, 1493 espstack->ipsecesp_netstack); 1494 1495 if (newbie == NULL) { 1496 sadb_pfkey_error(espstack->esp_pfkey_q, mp, ENOMEM, diagnostic, 1497 ksi->ks_in_serial); 1498 return; 1499 } else if (newbie == (ipsa_t *)-1) { 1500 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, diagnostic, 1501 ksi->ks_in_serial); 1502 return; 1503 } 1504 1505 /* 1506 * XXX - We may randomly collide. We really should recover from this. 1507 * Unfortunately, that could require spending way-too-much-time 1508 * in here. For now, let the user retry. 1509 */ 1510 1511 if (newbie->ipsa_addrfam == AF_INET6) { 1512 outbound = OUTBOUND_BUCKET_V6(&espstack->esp_sadb.s_v6, 1513 *(uint32_t *)(newbie->ipsa_dstaddr)); 1514 inbound = INBOUND_BUCKET(&espstack->esp_sadb.s_v6, 1515 newbie->ipsa_spi); 1516 } else { 1517 ASSERT(newbie->ipsa_addrfam == AF_INET); 1518 outbound = OUTBOUND_BUCKET_V4(&espstack->esp_sadb.s_v4, 1519 *(uint32_t *)(newbie->ipsa_dstaddr)); 1520 inbound = INBOUND_BUCKET(&espstack->esp_sadb.s_v4, 1521 newbie->ipsa_spi); 1522 } 1523 1524 mutex_enter(&outbound->isaf_lock); 1525 mutex_enter(&inbound->isaf_lock); 1526 1527 /* 1528 * Check for collisions (i.e. did sadb_getspi() return with something 1529 * that already exists?). 1530 * 1531 * Try outbound first. Even though SADB_GETSPI is traditionally 1532 * for inbound SAs, you never know what a user might do. 1533 */ 1534 target = ipsec_getassocbyspi(outbound, newbie->ipsa_spi, 1535 newbie->ipsa_srcaddr, newbie->ipsa_dstaddr, newbie->ipsa_addrfam); 1536 if (target == NULL) { 1537 target = ipsec_getassocbyspi(inbound, newbie->ipsa_spi, 1538 newbie->ipsa_srcaddr, newbie->ipsa_dstaddr, 1539 newbie->ipsa_addrfam); 1540 } 1541 1542 /* 1543 * I don't have collisions elsewhere! 1544 * (Nor will I because I'm still holding inbound/outbound locks.) 1545 */ 1546 1547 if (target != NULL) { 1548 rc = EEXIST; 1549 IPSA_REFRELE(target); 1550 } else { 1551 /* 1552 * sadb_insertassoc() also checks for collisions, so 1553 * if there's a colliding entry, rc will be set 1554 * to EEXIST. 1555 */ 1556 rc = sadb_insertassoc(newbie, inbound); 1557 newbie->ipsa_hardexpiretime = gethrestime_sec(); 1558 newbie->ipsa_hardexpiretime += 1559 espstack->ipsecesp_larval_timeout; 1560 } 1561 1562 /* 1563 * Can exit outbound mutex. Hold inbound until we're done 1564 * with newbie. 1565 */ 1566 mutex_exit(&outbound->isaf_lock); 1567 1568 if (rc != 0) { 1569 mutex_exit(&inbound->isaf_lock); 1570 IPSA_REFRELE(newbie); 1571 sadb_pfkey_error(espstack->esp_pfkey_q, mp, rc, 1572 SADB_X_DIAGNOSTIC_NONE, ksi->ks_in_serial); 1573 return; 1574 } 1575 1576 1577 /* Can write here because I'm still holding the bucket lock. */ 1578 newbie->ipsa_type = SADB_SATYPE_ESP; 1579 1580 /* 1581 * Construct successful return message. We have one thing going 1582 * for us in PF_KEY v2. That's the fact that 1583 * sizeof (sadb_spirange_t) == sizeof (sadb_sa_t) 1584 */ 1585 assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SPIRANGE]; 1586 assoc->sadb_sa_exttype = SADB_EXT_SA; 1587 assoc->sadb_sa_spi = newbie->ipsa_spi; 1588 *((uint64_t *)(&assoc->sadb_sa_replay)) = 0; 1589 mutex_exit(&inbound->isaf_lock); 1590 1591 /* Convert KEYSOCK_IN to KEYSOCK_OUT. */ 1592 kso = (keysock_out_t *)ksi; 1593 kso->ks_out_len = sizeof (*kso); 1594 kso->ks_out_serial = ksi->ks_in_serial; 1595 kso->ks_out_type = KEYSOCK_OUT; 1596 1597 /* 1598 * Can safely putnext() to esp_pfkey_q, because this is a turnaround 1599 * from the esp_pfkey_q. 1600 */ 1601 putnext(espstack->esp_pfkey_q, mp); 1602 } 1603 1604 /* 1605 * Insert the ESP header into a packet. Duplicate an mblk, and insert a newly 1606 * allocated mblk with the ESP header in between the two. 1607 */ 1608 static boolean_t 1609 esp_insert_esp(mblk_t *mp, mblk_t *esp_mp, uint_t divpoint, 1610 ipsecesp_stack_t *espstack) 1611 { 1612 mblk_t *split_mp = mp; 1613 uint_t wheretodiv = divpoint; 1614 1615 while ((split_mp->b_wptr - split_mp->b_rptr) < wheretodiv) { 1616 wheretodiv -= (split_mp->b_wptr - split_mp->b_rptr); 1617 split_mp = split_mp->b_cont; 1618 ASSERT(split_mp != NULL); 1619 } 1620 1621 if (split_mp->b_wptr - split_mp->b_rptr != wheretodiv) { 1622 mblk_t *scratch; 1623 1624 /* "scratch" is the 2nd half, split_mp is the first. */ 1625 scratch = dupb(split_mp); 1626 if (scratch == NULL) { 1627 esp1dbg(espstack, 1628 ("esp_insert_esp: can't allocate scratch.\n")); 1629 return (B_FALSE); 1630 } 1631 /* NOTE: dupb() doesn't set b_cont appropriately. */ 1632 scratch->b_cont = split_mp->b_cont; 1633 scratch->b_rptr += wheretodiv; 1634 split_mp->b_wptr = split_mp->b_rptr + wheretodiv; 1635 split_mp->b_cont = scratch; 1636 } 1637 /* 1638 * At this point, split_mp is exactly "wheretodiv" bytes long, and 1639 * holds the end of the pre-ESP part of the datagram. 1640 */ 1641 esp_mp->b_cont = split_mp->b_cont; 1642 split_mp->b_cont = esp_mp; 1643 1644 return (B_TRUE); 1645 } 1646 1647 /* 1648 * Section 7 of RFC 3947 says: 1649 * 1650 * 7. Recovering from the Expiring NAT Mappings 1651 * 1652 * There are cases where NAT box decides to remove mappings that are still 1653 * alive (for example, when the keepalive interval is too long, or when the 1654 * NAT box is rebooted). To recover from this, ends that are NOT behind 1655 * NAT SHOULD use the last valid UDP encapsulated IKE or IPsec packet from 1656 * the other end to determine which IP and port addresses should be used. 1657 * The host behind dynamic NAT MUST NOT do this, as otherwise it opens a 1658 * DoS attack possibility because the IP address or port of the other host 1659 * will not change (it is not behind NAT). 1660 * 1661 * Keepalives cannot be used for these purposes, as they are not 1662 * authenticated, but any IKE authenticated IKE packet or ESP packet can be 1663 * used to detect whether the IP address or the port has changed. 1664 * 1665 * The following function will check an SA and its explicitly-set pair to see 1666 * if the NAT-T remote port matches the received packet (which must have 1667 * passed ESP authentication, see esp_in_done() for the caller context). If 1668 * there is a mismatch, the SAs are updated. It is not important if we race 1669 * with a transmitting thread, as if there is a transmitting thread, it will 1670 * merely emit a packet that will most-likely be dropped. 1671 * 1672 * "ports" are ordered src,dst, and assoc is an inbound SA, where src should 1673 * match ipsa_remote_nat_port and dst should match ipsa_local_nat_port. 1674 */ 1675 #ifdef _LITTLE_ENDIAN 1676 #define FIRST_16(x) ((x) & 0xFFFF) 1677 #define NEXT_16(x) (((x) >> 16) & 0xFFFF) 1678 #else 1679 #define FIRST_16(x) (((x) >> 16) & 0xFFFF) 1680 #define NEXT_16(x) ((x) & 0xFFFF) 1681 #endif 1682 static void 1683 esp_port_freshness(uint32_t ports, ipsa_t *assoc) 1684 { 1685 uint16_t remote = FIRST_16(ports); 1686 uint16_t local = NEXT_16(ports); 1687 ipsa_t *outbound_peer; 1688 isaf_t *bucket; 1689 ipsecesp_stack_t *espstack = assoc->ipsa_netstack->netstack_ipsecesp; 1690 1691 /* We found a conn_t, therefore local != 0. */ 1692 ASSERT(local != 0); 1693 /* Assume an IPv4 SA. */ 1694 ASSERT(assoc->ipsa_addrfam == AF_INET); 1695 1696 /* 1697 * On-the-wire rport == 0 means something's very wrong. 1698 * An unpaired SA is also useless to us. 1699 * If we are behind the NAT, don't bother. 1700 * A zero local NAT port defaults to 4500, so check that too. 1701 * And, of course, if the ports already match, we don't need to 1702 * bother. 1703 */ 1704 if (remote == 0 || assoc->ipsa_otherspi == 0 || 1705 (assoc->ipsa_flags & IPSA_F_BEHIND_NAT) || 1706 (assoc->ipsa_remote_nat_port == 0 && 1707 remote == htons(IPPORT_IKE_NATT)) || 1708 remote == assoc->ipsa_remote_nat_port) 1709 return; 1710 1711 /* Try and snag the peer. NOTE: Assume IPv4 for now. */ 1712 bucket = OUTBOUND_BUCKET_V4(&(espstack->esp_sadb.s_v4), 1713 assoc->ipsa_srcaddr[0]); 1714 mutex_enter(&bucket->isaf_lock); 1715 outbound_peer = ipsec_getassocbyspi(bucket, assoc->ipsa_otherspi, 1716 assoc->ipsa_dstaddr, assoc->ipsa_srcaddr, AF_INET); 1717 mutex_exit(&bucket->isaf_lock); 1718 1719 /* We probably lost a race to a deleting or expiring thread. */ 1720 if (outbound_peer == NULL) 1721 return; 1722 1723 /* 1724 * Hold the mutexes for both SAs so we don't race another inbound 1725 * thread. A lock-entry order shouldn't matter, since all other 1726 * per-ipsa locks are individually held-then-released. 1727 * 1728 * Luckily, this has nothing to do with the remote-NAT address, 1729 * so we don't have to re-scribble the cached-checksum differential. 1730 */ 1731 mutex_enter(&outbound_peer->ipsa_lock); 1732 mutex_enter(&assoc->ipsa_lock); 1733 outbound_peer->ipsa_remote_nat_port = assoc->ipsa_remote_nat_port = 1734 remote; 1735 mutex_exit(&assoc->ipsa_lock); 1736 mutex_exit(&outbound_peer->ipsa_lock); 1737 IPSA_REFRELE(outbound_peer); 1738 ESP_BUMP_STAT(espstack, sa_port_renumbers); 1739 } 1740 1741 /* 1742 * Finish processing of an inbound ESP packet after processing by the 1743 * crypto framework. 1744 * - Remove the ESP header. 1745 * - Send packet back to IP. 1746 * If authentication was performed on the packet, this function is called 1747 * only if the authentication succeeded. 1748 * On success returns B_TRUE, on failure returns B_FALSE and frees the 1749 * mblk chain ipsec_in_mp. 1750 */ 1751 static ipsec_status_t 1752 esp_in_done(mblk_t *ipsec_in_mp) 1753 { 1754 ipsec_in_t *ii = (ipsec_in_t *)ipsec_in_mp->b_rptr; 1755 mblk_t *data_mp; 1756 ipsa_t *assoc; 1757 uint_t espstart; 1758 uint32_t ivlen = 0; 1759 uint_t processed_len; 1760 esph_t *esph; 1761 kstat_named_t *counter; 1762 boolean_t is_natt; 1763 netstack_t *ns = ii->ipsec_in_ns; 1764 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1765 ipsec_stack_t *ipss = ns->netstack_ipsec; 1766 1767 assoc = ii->ipsec_in_esp_sa; 1768 ASSERT(assoc != NULL); 1769 1770 is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0); 1771 1772 /* get the pointer to the ESP header */ 1773 if (assoc->ipsa_encr_alg == SADB_EALG_NULL) { 1774 /* authentication-only ESP */ 1775 espstart = ii->ipsec_in_crypto_data.cd_offset; 1776 processed_len = ii->ipsec_in_crypto_data.cd_length; 1777 } else { 1778 /* encryption present */ 1779 ivlen = assoc->ipsa_iv_len; 1780 if (assoc->ipsa_auth_alg == SADB_AALG_NONE) { 1781 /* encryption-only ESP */ 1782 espstart = ii->ipsec_in_crypto_data.cd_offset - 1783 sizeof (esph_t) - assoc->ipsa_iv_len; 1784 processed_len = ii->ipsec_in_crypto_data.cd_length + 1785 ivlen; 1786 } else { 1787 /* encryption with authentication */ 1788 espstart = ii->ipsec_in_crypto_dual_data.dd_offset1; 1789 processed_len = ii->ipsec_in_crypto_dual_data.dd_len2 + 1790 ivlen; 1791 } 1792 } 1793 1794 data_mp = ipsec_in_mp->b_cont; 1795 esph = (esph_t *)(data_mp->b_rptr + espstart); 1796 1797 if (assoc->ipsa_auth_alg != IPSA_AALG_NONE) { 1798 /* authentication passed if we reach this point */ 1799 ESP_BUMP_STAT(espstack, good_auth); 1800 data_mp->b_wptr -= assoc->ipsa_mac_len; 1801 1802 /* 1803 * Check replay window here! 1804 * For right now, assume keysock will set the replay window 1805 * size to zero for SAs that have an unspecified sender. 1806 * This may change... 1807 */ 1808 1809 if (!sadb_replay_check(assoc, esph->esph_replay)) { 1810 /* 1811 * Log the event. As of now we print out an event. 1812 * Do not print the replay failure number, or else 1813 * syslog cannot collate the error messages. Printing 1814 * the replay number that failed opens a denial-of- 1815 * service attack. 1816 */ 1817 ipsec_assocfailure(info.mi_idnum, 0, 0, 1818 SL_ERROR | SL_WARN, 1819 "Replay failed for ESP spi 0x%x, dst %s.\n", 1820 assoc->ipsa_spi, assoc->ipsa_dstaddr, 1821 assoc->ipsa_addrfam, espstack->ipsecesp_netstack); 1822 ESP_BUMP_STAT(espstack, replay_failures); 1823 counter = DROPPER(ipss, ipds_esp_replay); 1824 goto drop_and_bail; 1825 } 1826 1827 if (is_natt) 1828 esp_port_freshness(ii->ipsec_in_esp_udp_ports, assoc); 1829 } 1830 1831 esp_set_usetime(assoc, B_TRUE); 1832 1833 if (!esp_age_bytes(assoc, processed_len, B_TRUE)) { 1834 /* The ipsa has hit hard expiration, LOG and AUDIT. */ 1835 ipsec_assocfailure(info.mi_idnum, 0, 0, 1836 SL_ERROR | SL_WARN, 1837 "ESP association 0x%x, dst %s had bytes expire.\n", 1838 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam, 1839 espstack->ipsecesp_netstack); 1840 ESP_BUMP_STAT(espstack, bytes_expired); 1841 counter = DROPPER(ipss, ipds_esp_bytes_expire); 1842 goto drop_and_bail; 1843 } 1844 1845 /* 1846 * Remove ESP header and padding from packet. I hope the compiler 1847 * spews "branch, predict taken" code for this. 1848 */ 1849 1850 if (esp_strip_header(data_mp, ii->ipsec_in_v4, ivlen, &counter, 1851 espstack)) { 1852 if (is_natt) 1853 return (esp_fix_natt_checksums(data_mp, assoc)); 1854 return (IPSEC_STATUS_SUCCESS); 1855 } 1856 1857 esp1dbg(espstack, ("esp_in_done: esp_strip_header() failed\n")); 1858 drop_and_bail: 1859 IP_ESP_BUMP_STAT(ipss, in_discards); 1860 /* 1861 * TODO: Extract inbound interface from the IPSEC_IN message's 1862 * ii->ipsec_in_rill_index. 1863 */ 1864 ip_drop_packet(ipsec_in_mp, B_TRUE, NULL, NULL, counter, 1865 &espstack->esp_dropper); 1866 return (IPSEC_STATUS_FAILED); 1867 } 1868 1869 /* 1870 * Called upon failing the inbound ICV check. The message passed as 1871 * argument is freed. 1872 */ 1873 static void 1874 esp_log_bad_auth(mblk_t *ipsec_in) 1875 { 1876 ipsec_in_t *ii = (ipsec_in_t *)ipsec_in->b_rptr; 1877 ipsa_t *assoc = ii->ipsec_in_esp_sa; 1878 netstack_t *ns = ii->ipsec_in_ns; 1879 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 1880 ipsec_stack_t *ipss = ns->netstack_ipsec; 1881 1882 /* 1883 * Log the event. Don't print to the console, block 1884 * potential denial-of-service attack. 1885 */ 1886 ESP_BUMP_STAT(espstack, bad_auth); 1887 1888 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 1889 "ESP Authentication failed for spi 0x%x, dst %s.\n", 1890 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam, 1891 espstack->ipsecesp_netstack); 1892 1893 IP_ESP_BUMP_STAT(ipss, in_discards); 1894 /* 1895 * TODO: Extract inbound interface from the IPSEC_IN 1896 * message's ii->ipsec_in_rill_index. 1897 */ 1898 ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL, 1899 DROPPER(ipss, ipds_esp_bad_auth), 1900 &espstack->esp_dropper); 1901 } 1902 1903 1904 /* 1905 * Invoked for outbound packets after ESP processing. If the packet 1906 * also requires AH, performs the AH SA selection and AH processing. 1907 * Returns B_TRUE if the AH processing was not needed or if it was 1908 * performed successfully. Returns B_FALSE and consumes the passed mblk 1909 * if AH processing was required but could not be performed. 1910 */ 1911 static boolean_t 1912 esp_do_outbound_ah(mblk_t *ipsec_mp) 1913 { 1914 ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr; 1915 ipsec_status_t ipsec_rc; 1916 ipsec_action_t *ap; 1917 1918 ap = io->ipsec_out_act; 1919 if (ap == NULL) { 1920 ipsec_policy_t *pp = io->ipsec_out_policy; 1921 ap = pp->ipsp_act; 1922 } 1923 1924 if (!ap->ipa_want_ah) 1925 return (B_TRUE); 1926 1927 ASSERT(io->ipsec_out_ah_done == B_FALSE); 1928 1929 if (io->ipsec_out_ah_sa == NULL) { 1930 if (!ipsec_outbound_sa(ipsec_mp, IPPROTO_AH)) { 1931 sadb_acquire(ipsec_mp, io, B_TRUE, B_FALSE); 1932 return (B_FALSE); 1933 } 1934 } 1935 ASSERT(io->ipsec_out_ah_sa != NULL); 1936 1937 io->ipsec_out_ah_done = B_TRUE; 1938 ipsec_rc = io->ipsec_out_ah_sa->ipsa_output_func(ipsec_mp); 1939 return (ipsec_rc == IPSEC_STATUS_SUCCESS); 1940 } 1941 1942 1943 /* 1944 * Kernel crypto framework callback invoked after completion of async 1945 * crypto requests. 1946 */ 1947 static void 1948 esp_kcf_callback(void *arg, int status) 1949 { 1950 mblk_t *ipsec_mp = (mblk_t *)arg; 1951 ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr; 1952 ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr; 1953 boolean_t is_inbound = (ii->ipsec_in_type == IPSEC_IN); 1954 netstackid_t stackid; 1955 netstack_t *ns, *ns_arg; 1956 ipsecesp_stack_t *espstack; 1957 ipsec_stack_t *ipss; 1958 1959 ASSERT(ipsec_mp->b_cont != NULL); 1960 1961 if (is_inbound) { 1962 stackid = ii->ipsec_in_stackid; 1963 ns_arg = ii->ipsec_in_ns; 1964 } else { 1965 stackid = io->ipsec_out_stackid; 1966 ns_arg = io->ipsec_out_ns; 1967 } 1968 1969 /* 1970 * Verify that the netstack is still around; could have vanished 1971 * while kEf was doing its work. 1972 */ 1973 ns = netstack_find_by_stackid(stackid); 1974 if (ns == NULL || ns != ns_arg) { 1975 /* Disappeared on us */ 1976 if (ns != NULL) 1977 netstack_rele(ns); 1978 freemsg(ipsec_mp); 1979 return; 1980 } 1981 1982 espstack = ns->netstack_ipsecesp; 1983 ipss = ns->netstack_ipsec; 1984 1985 if (status == CRYPTO_SUCCESS) { 1986 if (is_inbound) { 1987 if (esp_in_done(ipsec_mp) != IPSEC_STATUS_SUCCESS) { 1988 netstack_rele(ns); 1989 return; 1990 } 1991 /* finish IPsec processing */ 1992 ip_fanout_proto_again(ipsec_mp, NULL, NULL, NULL); 1993 } else { 1994 /* 1995 * If a ICV was computed, it was stored by the 1996 * crypto framework at the end of the packet. 1997 */ 1998 ipha_t *ipha = (ipha_t *)ipsec_mp->b_cont->b_rptr; 1999 2000 esp_set_usetime(io->ipsec_out_esp_sa, B_FALSE); 2001 /* NAT-T packet. */ 2002 if (ipha->ipha_protocol == IPPROTO_UDP) 2003 esp_prepare_udp(ns, ipsec_mp->b_cont, ipha); 2004 2005 /* do AH processing if needed */ 2006 if (!esp_do_outbound_ah(ipsec_mp)) { 2007 netstack_rele(ns); 2008 return; 2009 } 2010 /* finish IPsec processing */ 2011 if (IPH_HDR_VERSION(ipha) == IP_VERSION) { 2012 ip_wput_ipsec_out(NULL, ipsec_mp, ipha, NULL, 2013 NULL); 2014 } else { 2015 ip6_t *ip6h = (ip6_t *)ipha; 2016 ip_wput_ipsec_out_v6(NULL, ipsec_mp, ip6h, 2017 NULL, NULL); 2018 } 2019 } 2020 2021 } else if (status == CRYPTO_INVALID_MAC) { 2022 esp_log_bad_auth(ipsec_mp); 2023 2024 } else { 2025 esp1dbg(espstack, 2026 ("esp_kcf_callback: crypto failed with 0x%x\n", 2027 status)); 2028 ESP_BUMP_STAT(espstack, crypto_failures); 2029 if (is_inbound) 2030 IP_ESP_BUMP_STAT(ipss, in_discards); 2031 else 2032 ESP_BUMP_STAT(espstack, out_discards); 2033 ip_drop_packet(ipsec_mp, is_inbound, NULL, NULL, 2034 DROPPER(ipss, ipds_esp_crypto_failed), 2035 &espstack->esp_dropper); 2036 } 2037 netstack_rele(ns); 2038 } 2039 2040 /* 2041 * Invoked on crypto framework failure during inbound and outbound processing. 2042 */ 2043 static void 2044 esp_crypto_failed(mblk_t *mp, boolean_t is_inbound, int kef_rc, 2045 ipsecesp_stack_t *espstack) 2046 { 2047 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 2048 2049 esp1dbg(espstack, ("crypto failed for %s ESP with 0x%x\n", 2050 is_inbound ? "inbound" : "outbound", kef_rc)); 2051 ip_drop_packet(mp, is_inbound, NULL, NULL, 2052 DROPPER(ipss, ipds_esp_crypto_failed), 2053 &espstack->esp_dropper); 2054 ESP_BUMP_STAT(espstack, crypto_failures); 2055 if (is_inbound) 2056 IP_ESP_BUMP_STAT(ipss, in_discards); 2057 else 2058 ESP_BUMP_STAT(espstack, out_discards); 2059 } 2060 2061 #define ESP_INIT_CALLREQ(_cr) { \ 2062 (_cr)->cr_flag = CRYPTO_SKIP_REQID|CRYPTO_RESTRICTED; \ 2063 (_cr)->cr_callback_arg = ipsec_mp; \ 2064 (_cr)->cr_callback_func = esp_kcf_callback; \ 2065 } 2066 2067 #define ESP_INIT_CRYPTO_MAC(mac, icvlen, icvbuf) { \ 2068 (mac)->cd_format = CRYPTO_DATA_RAW; \ 2069 (mac)->cd_offset = 0; \ 2070 (mac)->cd_length = icvlen; \ 2071 (mac)->cd_raw.iov_base = (char *)icvbuf; \ 2072 (mac)->cd_raw.iov_len = icvlen; \ 2073 } 2074 2075 #define ESP_INIT_CRYPTO_DATA(data, mp, off, len) { \ 2076 if (MBLKL(mp) >= (len) + (off)) { \ 2077 (data)->cd_format = CRYPTO_DATA_RAW; \ 2078 (data)->cd_raw.iov_base = (char *)(mp)->b_rptr; \ 2079 (data)->cd_raw.iov_len = MBLKL(mp); \ 2080 (data)->cd_offset = off; \ 2081 } else { \ 2082 (data)->cd_format = CRYPTO_DATA_MBLK; \ 2083 (data)->cd_mp = mp; \ 2084 (data)->cd_offset = off; \ 2085 } \ 2086 (data)->cd_length = len; \ 2087 } 2088 2089 #define ESP_INIT_CRYPTO_DUAL_DATA(data, mp, off1, len1, off2, len2) { \ 2090 (data)->dd_format = CRYPTO_DATA_MBLK; \ 2091 (data)->dd_mp = mp; \ 2092 (data)->dd_len1 = len1; \ 2093 (data)->dd_offset1 = off1; \ 2094 (data)->dd_len2 = len2; \ 2095 (data)->dd_offset2 = off2; \ 2096 } 2097 2098 static ipsec_status_t 2099 esp_submit_req_inbound(mblk_t *ipsec_mp, ipsa_t *assoc, uint_t esph_offset) 2100 { 2101 ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr; 2102 boolean_t do_auth; 2103 uint_t auth_offset, msg_len, auth_len; 2104 crypto_call_req_t call_req; 2105 mblk_t *esp_mp; 2106 int kef_rc = CRYPTO_FAILED; 2107 uint_t icv_len = assoc->ipsa_mac_len; 2108 crypto_ctx_template_t auth_ctx_tmpl; 2109 boolean_t do_encr; 2110 uint_t encr_offset, encr_len; 2111 uint_t iv_len = assoc->ipsa_iv_len; 2112 crypto_ctx_template_t encr_ctx_tmpl; 2113 netstack_t *ns = ii->ipsec_in_ns; 2114 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 2115 ipsec_stack_t *ipss = ns->netstack_ipsec; 2116 2117 ASSERT(ii->ipsec_in_type == IPSEC_IN); 2118 2119 /* 2120 * In case kEF queues and calls back, keep netstackid_t for 2121 * verification that the IP instance is still around in 2122 * esp_kcf_callback(). 2123 */ 2124 ii->ipsec_in_stackid = ns->netstack_stackid; 2125 2126 do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE; 2127 do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL; 2128 2129 /* 2130 * An inbound packet is of the form: 2131 * IPSEC_IN -> [IP,options,ESP,IV,data,ICV,pad] 2132 */ 2133 esp_mp = ipsec_mp->b_cont; 2134 msg_len = MBLKL(esp_mp); 2135 2136 ESP_INIT_CALLREQ(&call_req); 2137 2138 if (do_auth) { 2139 /* force asynchronous processing? */ 2140 if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_AUTH] == 2141 IPSEC_ALGS_EXEC_ASYNC) 2142 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 2143 2144 /* authentication context template */ 2145 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH, 2146 auth_ctx_tmpl); 2147 2148 /* ICV to be verified */ 2149 ESP_INIT_CRYPTO_MAC(&ii->ipsec_in_crypto_mac, 2150 icv_len, esp_mp->b_wptr - icv_len); 2151 2152 /* authentication starts at the ESP header */ 2153 auth_offset = esph_offset; 2154 auth_len = msg_len - auth_offset - icv_len; 2155 if (!do_encr) { 2156 /* authentication only */ 2157 /* initialize input data argument */ 2158 ESP_INIT_CRYPTO_DATA(&ii->ipsec_in_crypto_data, 2159 esp_mp, auth_offset, auth_len); 2160 2161 /* call the crypto framework */ 2162 kef_rc = crypto_mac_verify(&assoc->ipsa_amech, 2163 &ii->ipsec_in_crypto_data, 2164 &assoc->ipsa_kcfauthkey, auth_ctx_tmpl, 2165 &ii->ipsec_in_crypto_mac, &call_req); 2166 } 2167 } 2168 2169 if (do_encr) { 2170 /* force asynchronous processing? */ 2171 if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_ENCR] == 2172 IPSEC_ALGS_EXEC_ASYNC) 2173 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 2174 2175 /* encryption template */ 2176 IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR, 2177 encr_ctx_tmpl); 2178 2179 /* skip IV, since it is passed separately */ 2180 encr_offset = esph_offset + sizeof (esph_t) + iv_len; 2181 encr_len = msg_len - encr_offset; 2182 2183 if (!do_auth) { 2184 /* decryption only */ 2185 /* initialize input data argument */ 2186 ESP_INIT_CRYPTO_DATA(&ii->ipsec_in_crypto_data, 2187 esp_mp, encr_offset, encr_len); 2188 2189 /* specify IV */ 2190 ii->ipsec_in_crypto_data.cd_miscdata = 2191 (char *)esp_mp->b_rptr + sizeof (esph_t) + 2192 esph_offset; 2193 2194 /* call the crypto framework */ 2195 kef_rc = crypto_decrypt(&assoc->ipsa_emech, 2196 &ii->ipsec_in_crypto_data, 2197 &assoc->ipsa_kcfencrkey, encr_ctx_tmpl, 2198 NULL, &call_req); 2199 } 2200 } 2201 2202 if (do_auth && do_encr) { 2203 /* dual operation */ 2204 /* initialize input data argument */ 2205 ESP_INIT_CRYPTO_DUAL_DATA(&ii->ipsec_in_crypto_dual_data, 2206 esp_mp, auth_offset, auth_len, 2207 encr_offset, encr_len - icv_len); 2208 2209 /* specify IV */ 2210 ii->ipsec_in_crypto_dual_data.dd_miscdata = 2211 (char *)esp_mp->b_rptr + sizeof (esph_t) + esph_offset; 2212 2213 /* call the framework */ 2214 kef_rc = crypto_mac_verify_decrypt(&assoc->ipsa_amech, 2215 &assoc->ipsa_emech, &ii->ipsec_in_crypto_dual_data, 2216 &assoc->ipsa_kcfauthkey, &assoc->ipsa_kcfencrkey, 2217 auth_ctx_tmpl, encr_ctx_tmpl, &ii->ipsec_in_crypto_mac, 2218 NULL, &call_req); 2219 } 2220 2221 switch (kef_rc) { 2222 case CRYPTO_SUCCESS: 2223 ESP_BUMP_STAT(espstack, crypto_sync); 2224 return (esp_in_done(ipsec_mp)); 2225 case CRYPTO_QUEUED: 2226 /* esp_kcf_callback() will be invoked on completion */ 2227 ESP_BUMP_STAT(espstack, crypto_async); 2228 return (IPSEC_STATUS_PENDING); 2229 case CRYPTO_INVALID_MAC: 2230 ESP_BUMP_STAT(espstack, crypto_sync); 2231 esp_log_bad_auth(ipsec_mp); 2232 return (IPSEC_STATUS_FAILED); 2233 } 2234 2235 esp_crypto_failed(ipsec_mp, B_TRUE, kef_rc, espstack); 2236 return (IPSEC_STATUS_FAILED); 2237 } 2238 2239 /* 2240 * Compute the IP and UDP checksums -- common code for both keepalives and 2241 * actual ESP-in-UDP packets. Be flexible with multiple mblks because ESP 2242 * uses mblk-insertion to insert the UDP header. 2243 * TODO - If there is an easy way to prep a packet for HW checksums, make 2244 * it happen here. 2245 */ 2246 static void 2247 esp_prepare_udp(netstack_t *ns, mblk_t *mp, ipha_t *ipha) 2248 { 2249 int offset; 2250 uint32_t cksum; 2251 uint16_t *arr; 2252 mblk_t *udpmp = mp; 2253 uint_t hlen = IPH_HDR_LENGTH(ipha); 2254 2255 ASSERT(MBLKL(mp) >= sizeof (ipha_t)); 2256 2257 ipha->ipha_hdr_checksum = 0; 2258 ipha->ipha_hdr_checksum = ip_csum_hdr(ipha); 2259 2260 if (ns->netstack_udp->us_do_checksum) { 2261 ASSERT(MBLKL(udpmp) >= sizeof (udpha_t)); 2262 /* arr points to the IP header. */ 2263 arr = (uint16_t *)ipha; 2264 IP_STAT(ns->netstack_ip, ip_out_sw_cksum); 2265 IP_STAT_UPDATE(ns->netstack_ip, ip_udp_out_sw_cksum_bytes, 2266 ntohs(htons(ipha->ipha_length) - hlen)); 2267 /* arr[6-9] are the IP addresses. */ 2268 cksum = IP_UDP_CSUM_COMP + arr[6] + arr[7] + arr[8] + arr[9] + 2269 ntohs(htons(ipha->ipha_length) - hlen); 2270 cksum = IP_CSUM(mp, hlen, cksum); 2271 offset = hlen + UDP_CHECKSUM_OFFSET; 2272 while (offset >= MBLKL(udpmp)) { 2273 offset -= MBLKL(udpmp); 2274 udpmp = udpmp->b_cont; 2275 } 2276 /* arr points to the UDP header's checksum field. */ 2277 arr = (uint16_t *)(udpmp->b_rptr + offset); 2278 *arr = cksum; 2279 } 2280 } 2281 2282 /* 2283 * Send a one-byte UDP NAT-T keepalive. Construct an IPSEC_OUT too that'll 2284 * get fed into esp_send_udp/ip_wput_ipsec_out. 2285 */ 2286 void 2287 ipsecesp_send_keepalive(ipsa_t *assoc) 2288 { 2289 mblk_t *mp = NULL, *ipsec_mp = NULL; 2290 ipha_t *ipha; 2291 udpha_t *udpha; 2292 ipsec_out_t *io; 2293 2294 ASSERT(!MUTEX_HELD(&assoc->ipsa_lock)); 2295 2296 mp = allocb(sizeof (ipha_t) + sizeof (udpha_t) + 1, BPRI_HI); 2297 if (mp == NULL) 2298 return; 2299 ipha = (ipha_t *)mp->b_rptr; 2300 ipha->ipha_version_and_hdr_length = IP_SIMPLE_HDR_VERSION; 2301 ipha->ipha_type_of_service = 0; 2302 ipha->ipha_length = htons(sizeof (ipha_t) + sizeof (udpha_t) + 1); 2303 /* Use the low-16 of the SPI so we have some clue where it came from. */ 2304 ipha->ipha_ident = *(((uint16_t *)(&assoc->ipsa_spi)) + 1); 2305 ipha->ipha_fragment_offset_and_flags = 0; /* Too small to fragment! */ 2306 ipha->ipha_ttl = 0xFF; 2307 ipha->ipha_protocol = IPPROTO_UDP; 2308 ipha->ipha_hdr_checksum = 0; 2309 ipha->ipha_src = assoc->ipsa_srcaddr[0]; 2310 ipha->ipha_dst = assoc->ipsa_dstaddr[0]; 2311 udpha = (udpha_t *)(ipha + 1); 2312 udpha->uha_src_port = (assoc->ipsa_local_nat_port != 0) ? 2313 assoc->ipsa_local_nat_port : htons(IPPORT_IKE_NATT); 2314 udpha->uha_dst_port = (assoc->ipsa_remote_nat_port != 0) ? 2315 assoc->ipsa_remote_nat_port : htons(IPPORT_IKE_NATT); 2316 udpha->uha_length = htons(sizeof (udpha_t) + 1); 2317 udpha->uha_checksum = 0; 2318 mp->b_wptr = (uint8_t *)(udpha + 1); 2319 *(mp->b_wptr++) = 0xFF; 2320 2321 ipsec_mp = ipsec_alloc_ipsec_out(assoc->ipsa_netstack); 2322 if (ipsec_mp == NULL) { 2323 freeb(mp); 2324 return; 2325 } 2326 ipsec_mp->b_cont = mp; 2327 io = (ipsec_out_t *)ipsec_mp->b_rptr; 2328 io->ipsec_out_zoneid = 2329 netstackid_to_zoneid(assoc->ipsa_netstack->netstack_stackid); 2330 2331 esp_prepare_udp(assoc->ipsa_netstack, mp, ipha); 2332 ip_wput_ipsec_out(NULL, ipsec_mp, ipha, NULL, NULL); 2333 } 2334 2335 static ipsec_status_t 2336 esp_submit_req_outbound(mblk_t *ipsec_mp, ipsa_t *assoc, uchar_t *icv_buf, 2337 uint_t payload_len) 2338 { 2339 ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr; 2340 uint_t auth_len; 2341 crypto_call_req_t call_req; 2342 mblk_t *esp_mp; 2343 int kef_rc = CRYPTO_FAILED; 2344 uint_t icv_len = assoc->ipsa_mac_len; 2345 crypto_ctx_template_t auth_ctx_tmpl; 2346 boolean_t do_auth; 2347 boolean_t do_encr; 2348 uint_t iv_len = assoc->ipsa_iv_len; 2349 crypto_ctx_template_t encr_ctx_tmpl; 2350 boolean_t is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0); 2351 size_t esph_offset = (is_natt ? UDPH_SIZE : 0); 2352 netstack_t *ns = io->ipsec_out_ns; 2353 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 2354 ipsec_stack_t *ipss = ns->netstack_ipsec; 2355 2356 esp3dbg(espstack, ("esp_submit_req_outbound:%s", 2357 is_natt ? "natt" : "not natt")); 2358 2359 ASSERT(io->ipsec_out_type == IPSEC_OUT); 2360 2361 /* 2362 * In case kEF queues and calls back, keep netstackid_t for 2363 * verification that the IP instance is still around in 2364 * esp_kcf_callback(). 2365 */ 2366 io->ipsec_out_stackid = ns->netstack_stackid; 2367 2368 do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL; 2369 do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE; 2370 2371 /* 2372 * Outbound IPsec packets are of the form: 2373 * IPSEC_OUT -> [IP,options] -> [ESP,IV] -> [data] -> [pad,ICV] 2374 * unless it's NATT, then it's 2375 * IPSEC_OUT -> [IP,options] -> [udp][ESP,IV] -> [data] -> [pad,ICV] 2376 * Get a pointer to the mblk containing the ESP header. 2377 */ 2378 ASSERT(ipsec_mp->b_cont != NULL && ipsec_mp->b_cont->b_cont != NULL); 2379 esp_mp = ipsec_mp->b_cont->b_cont; 2380 2381 ESP_INIT_CALLREQ(&call_req); 2382 2383 if (do_auth) { 2384 /* force asynchronous processing? */ 2385 if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_AUTH] == 2386 IPSEC_ALGS_EXEC_ASYNC) 2387 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 2388 2389 /* authentication context template */ 2390 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH, 2391 auth_ctx_tmpl); 2392 2393 /* where to store the computed mac */ 2394 ESP_INIT_CRYPTO_MAC(&io->ipsec_out_crypto_mac, 2395 icv_len, icv_buf); 2396 2397 /* authentication starts at the ESP header */ 2398 auth_len = payload_len + iv_len + sizeof (esph_t); 2399 if (!do_encr) { 2400 /* authentication only */ 2401 /* initialize input data argument */ 2402 ESP_INIT_CRYPTO_DATA(&io->ipsec_out_crypto_data, 2403 esp_mp, esph_offset, auth_len); 2404 2405 /* call the crypto framework */ 2406 kef_rc = crypto_mac(&assoc->ipsa_amech, 2407 &io->ipsec_out_crypto_data, 2408 &assoc->ipsa_kcfauthkey, auth_ctx_tmpl, 2409 &io->ipsec_out_crypto_mac, &call_req); 2410 } 2411 } 2412 2413 if (do_encr) { 2414 /* force asynchronous processing? */ 2415 if (ipss->ipsec_algs_exec_mode[IPSEC_ALG_ENCR] == 2416 IPSEC_ALGS_EXEC_ASYNC) 2417 call_req.cr_flag |= CRYPTO_ALWAYS_QUEUE; 2418 2419 /* encryption context template */ 2420 IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR, 2421 encr_ctx_tmpl); 2422 2423 if (!do_auth) { 2424 /* encryption only, skip mblk that contains ESP hdr */ 2425 /* initialize input data argument */ 2426 ESP_INIT_CRYPTO_DATA(&io->ipsec_out_crypto_data, 2427 esp_mp->b_cont, 0, payload_len); 2428 2429 /* specify IV */ 2430 io->ipsec_out_crypto_data.cd_miscdata = 2431 (char *)esp_mp->b_rptr + sizeof (esph_t) + 2432 esph_offset; 2433 2434 /* call the crypto framework */ 2435 kef_rc = crypto_encrypt(&assoc->ipsa_emech, 2436 &io->ipsec_out_crypto_data, 2437 &assoc->ipsa_kcfencrkey, encr_ctx_tmpl, 2438 NULL, &call_req); 2439 } 2440 } 2441 2442 if (do_auth && do_encr) { 2443 /* 2444 * Encryption and authentication: 2445 * Pass the pointer to the mblk chain starting at the ESP 2446 * header to the framework. Skip the ESP header mblk 2447 * for encryption, which is reflected by an encryption 2448 * offset equal to the length of that mblk. Start 2449 * the authentication at the ESP header, i.e. use an 2450 * authentication offset of zero. 2451 */ 2452 ESP_INIT_CRYPTO_DUAL_DATA(&io->ipsec_out_crypto_dual_data, 2453 esp_mp, MBLKL(esp_mp), payload_len, esph_offset, auth_len); 2454 2455 /* specify IV */ 2456 io->ipsec_out_crypto_dual_data.dd_miscdata = 2457 (char *)esp_mp->b_rptr + sizeof (esph_t) + esph_offset; 2458 2459 /* call the framework */ 2460 kef_rc = crypto_encrypt_mac(&assoc->ipsa_emech, 2461 &assoc->ipsa_amech, NULL, 2462 &assoc->ipsa_kcfencrkey, &assoc->ipsa_kcfauthkey, 2463 encr_ctx_tmpl, auth_ctx_tmpl, 2464 &io->ipsec_out_crypto_dual_data, 2465 &io->ipsec_out_crypto_mac, &call_req); 2466 } 2467 2468 switch (kef_rc) { 2469 case CRYPTO_SUCCESS: 2470 ESP_BUMP_STAT(espstack, crypto_sync); 2471 esp_set_usetime(assoc, B_FALSE); 2472 if (is_natt) 2473 esp_prepare_udp(ns, ipsec_mp->b_cont, 2474 (ipha_t *)ipsec_mp->b_cont->b_rptr); 2475 return (IPSEC_STATUS_SUCCESS); 2476 case CRYPTO_QUEUED: 2477 /* esp_kcf_callback() will be invoked on completion */ 2478 ESP_BUMP_STAT(espstack, crypto_async); 2479 return (IPSEC_STATUS_PENDING); 2480 } 2481 2482 esp_crypto_failed(ipsec_mp, B_TRUE, kef_rc, espstack); 2483 return (IPSEC_STATUS_FAILED); 2484 } 2485 2486 /* 2487 * Handle outbound IPsec processing for IPv4 and IPv6 2488 * On success returns B_TRUE, on failure returns B_FALSE and frees the 2489 * mblk chain ipsec_in_mp. 2490 */ 2491 static ipsec_status_t 2492 esp_outbound(mblk_t *mp) 2493 { 2494 mblk_t *ipsec_out_mp, *data_mp, *espmp, *tailmp; 2495 ipsec_out_t *io; 2496 ipha_t *ipha; 2497 ip6_t *ip6h; 2498 esph_t *esph; 2499 uint_t af; 2500 uint8_t *nhp; 2501 uintptr_t divpoint, datalen, adj, padlen, i, alloclen; 2502 uintptr_t esplen = sizeof (esph_t); 2503 uint8_t protocol; 2504 ipsa_t *assoc; 2505 uint_t iv_len, mac_len = 0; 2506 uchar_t *icv_buf; 2507 udpha_t *udpha; 2508 boolean_t is_natt = B_FALSE; 2509 netstack_t *ns; 2510 ipsecesp_stack_t *espstack; 2511 ipsec_stack_t *ipss; 2512 2513 ipsec_out_mp = mp; 2514 data_mp = ipsec_out_mp->b_cont; 2515 2516 io = (ipsec_out_t *)ipsec_out_mp->b_rptr; 2517 ns = io->ipsec_out_ns; 2518 espstack = ns->netstack_ipsecesp; 2519 ipss = ns->netstack_ipsec; 2520 2521 ESP_BUMP_STAT(espstack, out_requests); 2522 2523 /* 2524 * <sigh> We have to copy the message here, because TCP (for example) 2525 * keeps a dupb() of the message lying around for retransmission. 2526 * Since ESP changes the whole of the datagram, we have to create our 2527 * own copy lest we clobber TCP's data. Since we have to copy anyway, 2528 * we might as well make use of msgpullup() and get the mblk into one 2529 * contiguous piece! 2530 */ 2531 ipsec_out_mp->b_cont = msgpullup(data_mp, -1); 2532 if (ipsec_out_mp->b_cont == NULL) { 2533 esp0dbg(("esp_outbound: msgpullup() failed, " 2534 "dropping packet.\n")); 2535 ipsec_out_mp->b_cont = data_mp; 2536 /* 2537 * TODO: Find the outbound IRE for this packet and 2538 * pass it to ip_drop_packet(). 2539 */ 2540 ip_drop_packet(ipsec_out_mp, B_FALSE, NULL, NULL, 2541 DROPPER(ipss, ipds_esp_nomem), 2542 &espstack->esp_dropper); 2543 return (IPSEC_STATUS_FAILED); 2544 } else { 2545 freemsg(data_mp); 2546 data_mp = ipsec_out_mp->b_cont; 2547 } 2548 2549 /* 2550 * Reality check.... 2551 */ 2552 2553 ipha = (ipha_t *)data_mp->b_rptr; /* So we can call esp_acquire(). */ 2554 2555 if (io->ipsec_out_v4) { 2556 af = AF_INET; 2557 divpoint = IPH_HDR_LENGTH(ipha); 2558 datalen = ntohs(ipha->ipha_length) - divpoint; 2559 nhp = (uint8_t *)&ipha->ipha_protocol; 2560 } else { 2561 ip6_pkt_t ipp; 2562 2563 af = AF_INET6; 2564 ip6h = (ip6_t *)ipha; 2565 bzero(&ipp, sizeof (ipp)); 2566 divpoint = ip_find_hdr_v6(data_mp, ip6h, &ipp, NULL); 2567 if (ipp.ipp_dstopts != NULL && 2568 ipp.ipp_dstopts->ip6d_nxt != IPPROTO_ROUTING) { 2569 /* 2570 * Destination options are tricky. If we get in here, 2571 * then we have a terminal header following the 2572 * destination options. We need to adjust backwards 2573 * so we insert ESP BEFORE the destination options 2574 * bag. (So that the dstopts get encrypted!) 2575 * 2576 * Since this is for outbound packets only, we know 2577 * that non-terminal destination options only precede 2578 * routing headers. 2579 */ 2580 divpoint -= ipp.ipp_dstoptslen; 2581 } 2582 datalen = ntohs(ip6h->ip6_plen) + sizeof (ip6_t) - divpoint; 2583 2584 if (ipp.ipp_rthdr != NULL) { 2585 nhp = &ipp.ipp_rthdr->ip6r_nxt; 2586 } else if (ipp.ipp_hopopts != NULL) { 2587 nhp = &ipp.ipp_hopopts->ip6h_nxt; 2588 } else { 2589 ASSERT(divpoint == sizeof (ip6_t)); 2590 /* It's probably IP + ESP. */ 2591 nhp = &ip6h->ip6_nxt; 2592 } 2593 } 2594 assoc = io->ipsec_out_esp_sa; 2595 ASSERT(assoc != NULL); 2596 2597 if (assoc->ipsa_auth_alg != SADB_AALG_NONE) 2598 mac_len = assoc->ipsa_mac_len; 2599 2600 if (assoc->ipsa_flags & IPSA_F_NATT) { 2601 /* wedge in fake UDP */ 2602 is_natt = B_TRUE; 2603 esplen += UDPH_SIZE; 2604 } 2605 2606 /* 2607 * Set up ESP header and encryption padding for ENCR PI request. 2608 */ 2609 2610 /* Determine the padding length. Pad to 4-bytes for no-encryption. */ 2611 if (assoc->ipsa_encr_alg != SADB_EALG_NULL) { 2612 iv_len = assoc->ipsa_iv_len; 2613 2614 /* 2615 * Include the two additional bytes (hence the - 2) for the 2616 * padding length and the next header. Take this into account 2617 * when calculating the actual length of the padding. 2618 */ 2619 ASSERT(ISP2(iv_len)); 2620 padlen = ((unsigned)(iv_len - datalen - 2)) & (iv_len - 1); 2621 } else { 2622 iv_len = 0; 2623 padlen = ((unsigned)(sizeof (uint32_t) - datalen - 2)) & 2624 (sizeof (uint32_t) - 1); 2625 } 2626 2627 /* Allocate ESP header and IV. */ 2628 esplen += iv_len; 2629 2630 /* 2631 * Update association byte-count lifetimes. Don't forget to take 2632 * into account the padding length and next-header (hence the + 2). 2633 * 2634 * Use the amount of data fed into the "encryption algorithm". This 2635 * is the IV, the data length, the padding length, and the final two 2636 * bytes (padlen, and next-header). 2637 * 2638 */ 2639 2640 if (!esp_age_bytes(assoc, datalen + padlen + iv_len + 2, B_FALSE)) { 2641 /* 2642 * TODO: Find the outbound IRE for this packet and 2643 * pass it to ip_drop_packet(). 2644 */ 2645 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2646 DROPPER(ipss, ipds_esp_bytes_expire), 2647 &espstack->esp_dropper); 2648 return (IPSEC_STATUS_FAILED); 2649 } 2650 2651 espmp = allocb(esplen, BPRI_HI); 2652 if (espmp == NULL) { 2653 ESP_BUMP_STAT(espstack, out_discards); 2654 esp1dbg(espstack, ("esp_outbound: can't allocate espmp.\n")); 2655 /* 2656 * TODO: Find the outbound IRE for this packet and 2657 * pass it to ip_drop_packet(). 2658 */ 2659 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2660 DROPPER(ipss, ipds_esp_nomem), 2661 &espstack->esp_dropper); 2662 return (IPSEC_STATUS_FAILED); 2663 } 2664 espmp->b_wptr += esplen; 2665 esph = (esph_t *)espmp->b_rptr; 2666 2667 if (is_natt) { 2668 esp3dbg(espstack, ("esp_outbound: NATT")); 2669 2670 udpha = (udpha_t *)espmp->b_rptr; 2671 udpha->uha_src_port = (assoc->ipsa_local_nat_port != 0) ? 2672 assoc->ipsa_local_nat_port : htons(IPPORT_IKE_NATT); 2673 udpha->uha_dst_port = (assoc->ipsa_remote_nat_port != 0) ? 2674 assoc->ipsa_remote_nat_port : htons(IPPORT_IKE_NATT); 2675 /* 2676 * Set the checksum to 0, so that the esp_prepare_udp() call 2677 * can do the right thing. 2678 */ 2679 udpha->uha_checksum = 0; 2680 esph = (esph_t *)(udpha + 1); 2681 } 2682 2683 esph->esph_spi = assoc->ipsa_spi; 2684 2685 esph->esph_replay = htonl(atomic_add_32_nv(&assoc->ipsa_replay, 1)); 2686 if (esph->esph_replay == 0 && assoc->ipsa_replay_wsize != 0) { 2687 /* 2688 * XXX We have replay counter wrapping. 2689 * We probably want to nuke this SA (and its peer). 2690 */ 2691 ipsec_assocfailure(info.mi_idnum, 0, 0, 2692 SL_ERROR | SL_CONSOLE | SL_WARN, 2693 "Outbound ESP SA (0x%x, %s) has wrapped sequence.\n", 2694 esph->esph_spi, assoc->ipsa_dstaddr, af, 2695 espstack->ipsecesp_netstack); 2696 2697 ESP_BUMP_STAT(espstack, out_discards); 2698 sadb_replay_delete(assoc); 2699 /* 2700 * TODO: Find the outbound IRE for this packet and 2701 * pass it to ip_drop_packet(). 2702 */ 2703 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2704 DROPPER(ipss, ipds_esp_replay), 2705 &espstack->esp_dropper); 2706 return (IPSEC_STATUS_FAILED); 2707 } 2708 2709 /* 2710 * Set the IV to a random quantity. We do not require the 2711 * highest quality random bits, but for best security with CBC 2712 * mode ciphers, the value must be unlikely to repeat and also 2713 * must not be known in advance to an adversary capable of 2714 * influencing the plaintext. 2715 */ 2716 (void) random_get_pseudo_bytes((uint8_t *)(esph + 1), iv_len); 2717 2718 /* Fix the IP header. */ 2719 alloclen = padlen + 2 + mac_len; 2720 adj = alloclen + (espmp->b_wptr - espmp->b_rptr); 2721 2722 protocol = *nhp; 2723 2724 if (io->ipsec_out_v4) { 2725 ipha->ipha_length = htons(ntohs(ipha->ipha_length) + adj); 2726 if (is_natt) { 2727 *nhp = IPPROTO_UDP; 2728 udpha->uha_length = htons(ntohs(ipha->ipha_length) - 2729 IPH_HDR_LENGTH(ipha)); 2730 } else { 2731 *nhp = IPPROTO_ESP; 2732 } 2733 ipha->ipha_hdr_checksum = 0; 2734 ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha); 2735 } else { 2736 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) + adj); 2737 *nhp = IPPROTO_ESP; 2738 } 2739 2740 /* I've got the two ESP mblks, now insert them. */ 2741 2742 esp2dbg(espstack, ("data_mp before outbound ESP adjustment:\n")); 2743 esp2dbg(espstack, (dump_msg(data_mp))); 2744 2745 if (!esp_insert_esp(data_mp, espmp, divpoint, espstack)) { 2746 ESP_BUMP_STAT(espstack, out_discards); 2747 /* NOTE: esp_insert_esp() only fails if there's no memory. */ 2748 /* 2749 * TODO: Find the outbound IRE for this packet and 2750 * pass it to ip_drop_packet(). 2751 */ 2752 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2753 DROPPER(ipss, ipds_esp_nomem), 2754 &espstack->esp_dropper); 2755 freeb(espmp); 2756 return (IPSEC_STATUS_FAILED); 2757 } 2758 2759 /* Append padding (and leave room for ICV). */ 2760 for (tailmp = data_mp; tailmp->b_cont != NULL; tailmp = tailmp->b_cont) 2761 ; 2762 if (tailmp->b_wptr + alloclen > tailmp->b_datap->db_lim) { 2763 tailmp->b_cont = allocb(alloclen, BPRI_HI); 2764 if (tailmp->b_cont == NULL) { 2765 ESP_BUMP_STAT(espstack, out_discards); 2766 esp0dbg(("esp_outbound: Can't allocate tailmp.\n")); 2767 /* 2768 * TODO: Find the outbound IRE for this packet and 2769 * pass it to ip_drop_packet(). 2770 */ 2771 ip_drop_packet(mp, B_FALSE, NULL, NULL, 2772 DROPPER(ipss, ipds_esp_nomem), 2773 &espstack->esp_dropper); 2774 return (IPSEC_STATUS_FAILED); 2775 } 2776 tailmp = tailmp->b_cont; 2777 } 2778 2779 /* 2780 * If there's padding, N bytes of padding must be of the form 0x1, 2781 * 0x2, 0x3... 0xN. 2782 */ 2783 for (i = 0; i < padlen; ) { 2784 i++; 2785 *tailmp->b_wptr++ = i; 2786 } 2787 *tailmp->b_wptr++ = i; 2788 *tailmp->b_wptr++ = protocol; 2789 2790 esp2dbg(espstack, ("data_Mp before encryption:\n")); 2791 esp2dbg(espstack, (dump_msg(data_mp))); 2792 2793 /* 2794 * The packet is eligible for hardware acceleration if the 2795 * following conditions are satisfied: 2796 * 2797 * 1. the packet will not be fragmented 2798 * 2. the provider supports the algorithms specified by SA 2799 * 3. there is no pending control message being exchanged 2800 * 4. snoop is not attached 2801 * 5. the destination address is not a multicast address 2802 * 2803 * All five of these conditions are checked by IP prior to 2804 * sending the packet to ESP. 2805 * 2806 * But We, and We Alone, can, nay MUST check if the packet 2807 * is over NATT, and then disqualify it from hardware 2808 * acceleration. 2809 */ 2810 2811 if (io->ipsec_out_is_capab_ill && !(assoc->ipsa_flags & IPSA_F_NATT)) { 2812 return (esp_outbound_accelerated(ipsec_out_mp, mac_len)); 2813 } 2814 ESP_BUMP_STAT(espstack, noaccel); 2815 2816 /* 2817 * Okay. I've set up the pre-encryption ESP. Let's do it! 2818 */ 2819 2820 if (mac_len > 0) { 2821 ASSERT(tailmp->b_wptr + mac_len <= tailmp->b_datap->db_lim); 2822 icv_buf = tailmp->b_wptr; 2823 tailmp->b_wptr += mac_len; 2824 } else { 2825 icv_buf = NULL; 2826 } 2827 2828 return (esp_submit_req_outbound(ipsec_out_mp, assoc, icv_buf, 2829 datalen + padlen + 2)); 2830 } 2831 2832 /* 2833 * IP calls this to validate the ICMP errors that 2834 * we got from the network. 2835 */ 2836 ipsec_status_t 2837 ipsecesp_icmp_error(mblk_t *ipsec_mp) 2838 { 2839 ipsec_in_t *ii = (ipsec_in_t *)ipsec_mp->b_rptr; 2840 boolean_t is_inbound = (ii->ipsec_in_type == IPSEC_IN); 2841 netstack_t *ns; 2842 ipsecesp_stack_t *espstack; 2843 ipsec_stack_t *ipss; 2844 2845 if (is_inbound) { 2846 ns = ii->ipsec_in_ns; 2847 } else { 2848 ipsec_out_t *io = (ipsec_out_t *)ipsec_mp->b_rptr; 2849 2850 ns = io->ipsec_out_ns; 2851 } 2852 espstack = ns->netstack_ipsecesp; 2853 ipss = ns->netstack_ipsec; 2854 2855 /* 2856 * Unless we get an entire packet back, this function is useless. 2857 * Why? 2858 * 2859 * 1.) Partial packets are useless, because the "next header" 2860 * is at the end of the decrypted ESP packet. Without the 2861 * whole packet, this is useless. 2862 * 2863 * 2.) If we every use a stateful cipher, such as a stream or a 2864 * one-time pad, we can't do anything. 2865 * 2866 * Since the chances of us getting an entire packet back are very 2867 * very small, we discard here. 2868 */ 2869 IP_ESP_BUMP_STAT(ipss, in_discards); 2870 ip_drop_packet(ipsec_mp, B_TRUE, NULL, NULL, 2871 DROPPER(ipss, ipds_esp_icmp), 2872 &espstack->esp_dropper); 2873 return (IPSEC_STATUS_FAILED); 2874 } 2875 2876 /* 2877 * ESP module read put routine. 2878 */ 2879 /* ARGSUSED */ 2880 static void 2881 ipsecesp_rput(queue_t *q, mblk_t *mp) 2882 { 2883 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 2884 2885 ASSERT(mp->b_datap->db_type != M_CTL); /* No more IRE_DB_REQ. */ 2886 2887 switch (mp->b_datap->db_type) { 2888 case M_PROTO: 2889 case M_PCPROTO: 2890 /* TPI message of some sort. */ 2891 switch (*((t_scalar_t *)mp->b_rptr)) { 2892 case T_BIND_ACK: 2893 esp3dbg(espstack, 2894 ("Thank you IP from ESP for T_BIND_ACK\n")); 2895 break; 2896 case T_ERROR_ACK: 2897 cmn_err(CE_WARN, 2898 "ipsecesp: ESP received T_ERROR_ACK from IP."); 2899 /* 2900 * Make esp_sadb.s_ip_q NULL, and in the 2901 * future, perhaps try again. 2902 */ 2903 espstack->esp_sadb.s_ip_q = NULL; 2904 break; 2905 case T_OK_ACK: 2906 /* Probably from a (rarely sent) T_UNBIND_REQ. */ 2907 break; 2908 default: 2909 esp0dbg(("Unknown M_{,PC}PROTO message.\n")); 2910 } 2911 freemsg(mp); 2912 break; 2913 default: 2914 /* For now, passthru message. */ 2915 esp2dbg(espstack, ("ESP got unknown mblk type %d.\n", 2916 mp->b_datap->db_type)); 2917 putnext(q, mp); 2918 } 2919 } 2920 2921 /* 2922 * Construct an SADB_REGISTER message with the current algorithms. 2923 */ 2924 static boolean_t 2925 esp_register_out(uint32_t sequence, uint32_t pid, uint_t serial, 2926 ipsecesp_stack_t *espstack) 2927 { 2928 mblk_t *pfkey_msg_mp, *keysock_out_mp; 2929 sadb_msg_t *samsg; 2930 sadb_supported_t *sasupp_auth = NULL; 2931 sadb_supported_t *sasupp_encr = NULL; 2932 sadb_alg_t *saalg; 2933 uint_t allocsize = sizeof (*samsg); 2934 uint_t i, numalgs_snap; 2935 int current_aalgs; 2936 ipsec_alginfo_t **authalgs; 2937 uint_t num_aalgs; 2938 int current_ealgs; 2939 ipsec_alginfo_t **encralgs; 2940 uint_t num_ealgs; 2941 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 2942 2943 /* Allocate the KEYSOCK_OUT. */ 2944 keysock_out_mp = sadb_keysock_out(serial); 2945 if (keysock_out_mp == NULL) { 2946 esp0dbg(("esp_register_out: couldn't allocate mblk.\n")); 2947 return (B_FALSE); 2948 } 2949 2950 /* 2951 * Allocate the PF_KEY message that follows KEYSOCK_OUT. 2952 */ 2953 2954 mutex_enter(&ipss->ipsec_alg_lock); 2955 2956 /* 2957 * Fill SADB_REGISTER message's algorithm descriptors. Hold 2958 * down the lock while filling it. 2959 * 2960 * Return only valid algorithms, so the number of algorithms 2961 * to send up may be less than the number of algorithm entries 2962 * in the table. 2963 */ 2964 authalgs = ipss->ipsec_alglists[IPSEC_ALG_AUTH]; 2965 for (num_aalgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++) 2966 if (authalgs[i] != NULL && ALG_VALID(authalgs[i])) 2967 num_aalgs++; 2968 2969 if (num_aalgs != 0) { 2970 allocsize += (num_aalgs * sizeof (*saalg)); 2971 allocsize += sizeof (*sasupp_auth); 2972 } 2973 encralgs = ipss->ipsec_alglists[IPSEC_ALG_ENCR]; 2974 for (num_ealgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++) 2975 if (encralgs[i] != NULL && ALG_VALID(encralgs[i])) 2976 num_ealgs++; 2977 2978 if (num_ealgs != 0) { 2979 allocsize += (num_ealgs * sizeof (*saalg)); 2980 allocsize += sizeof (*sasupp_encr); 2981 } 2982 keysock_out_mp->b_cont = allocb(allocsize, BPRI_HI); 2983 if (keysock_out_mp->b_cont == NULL) { 2984 mutex_exit(&ipss->ipsec_alg_lock); 2985 freemsg(keysock_out_mp); 2986 return (B_FALSE); 2987 } 2988 2989 pfkey_msg_mp = keysock_out_mp->b_cont; 2990 pfkey_msg_mp->b_wptr += allocsize; 2991 if (num_aalgs != 0) { 2992 sasupp_auth = (sadb_supported_t *) 2993 (pfkey_msg_mp->b_rptr + sizeof (*samsg)); 2994 saalg = (sadb_alg_t *)(sasupp_auth + 1); 2995 2996 ASSERT(((ulong_t)saalg & 0x7) == 0); 2997 2998 numalgs_snap = 0; 2999 for (i = 0; 3000 ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_aalgs)); 3001 i++) { 3002 if (authalgs[i] == NULL || !ALG_VALID(authalgs[i])) 3003 continue; 3004 3005 saalg->sadb_alg_id = authalgs[i]->alg_id; 3006 saalg->sadb_alg_ivlen = 0; 3007 saalg->sadb_alg_minbits = authalgs[i]->alg_ef_minbits; 3008 saalg->sadb_alg_maxbits = authalgs[i]->alg_ef_maxbits; 3009 saalg->sadb_x_alg_defincr = authalgs[i]->alg_ef_default; 3010 saalg->sadb_x_alg_increment = 3011 authalgs[i]->alg_increment; 3012 numalgs_snap++; 3013 saalg++; 3014 } 3015 ASSERT(numalgs_snap == num_aalgs); 3016 #ifdef DEBUG 3017 /* 3018 * Reality check to make sure I snagged all of the 3019 * algorithms. 3020 */ 3021 for (; i < IPSEC_MAX_ALGS; i++) { 3022 if (authalgs[i] != NULL && ALG_VALID(authalgs[i])) { 3023 cmn_err(CE_PANIC, "esp_register_out()! " 3024 "Missed aalg #%d.\n", i); 3025 } 3026 } 3027 #endif /* DEBUG */ 3028 } else { 3029 saalg = (sadb_alg_t *)(pfkey_msg_mp->b_rptr + sizeof (*samsg)); 3030 } 3031 3032 if (num_ealgs != 0) { 3033 sasupp_encr = (sadb_supported_t *)saalg; 3034 saalg = (sadb_alg_t *)(sasupp_encr + 1); 3035 3036 numalgs_snap = 0; 3037 for (i = 0; 3038 ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_ealgs)); i++) { 3039 if (encralgs[i] == NULL || !ALG_VALID(encralgs[i])) 3040 continue; 3041 saalg->sadb_alg_id = encralgs[i]->alg_id; 3042 saalg->sadb_alg_ivlen = encralgs[i]->alg_datalen; 3043 saalg->sadb_alg_minbits = encralgs[i]->alg_ef_minbits; 3044 saalg->sadb_alg_maxbits = encralgs[i]->alg_ef_maxbits; 3045 saalg->sadb_x_alg_defincr = encralgs[i]->alg_ef_default; 3046 saalg->sadb_x_alg_increment = 3047 encralgs[i]->alg_increment; 3048 numalgs_snap++; 3049 saalg++; 3050 } 3051 ASSERT(numalgs_snap == num_ealgs); 3052 #ifdef DEBUG 3053 /* 3054 * Reality check to make sure I snagged all of the 3055 * algorithms. 3056 */ 3057 for (; i < IPSEC_MAX_ALGS; i++) { 3058 if (encralgs[i] != NULL && ALG_VALID(encralgs[i])) { 3059 cmn_err(CE_PANIC, "esp_register_out()! " 3060 "Missed ealg #%d.\n", i); 3061 } 3062 } 3063 #endif /* DEBUG */ 3064 } 3065 3066 current_aalgs = num_aalgs; 3067 current_ealgs = num_ealgs; 3068 3069 mutex_exit(&ipss->ipsec_alg_lock); 3070 3071 /* Now fill the rest of the SADB_REGISTER message. */ 3072 3073 samsg = (sadb_msg_t *)pfkey_msg_mp->b_rptr; 3074 samsg->sadb_msg_version = PF_KEY_V2; 3075 samsg->sadb_msg_type = SADB_REGISTER; 3076 samsg->sadb_msg_errno = 0; 3077 samsg->sadb_msg_satype = SADB_SATYPE_ESP; 3078 samsg->sadb_msg_len = SADB_8TO64(allocsize); 3079 samsg->sadb_msg_reserved = 0; 3080 /* 3081 * Assume caller has sufficient sequence/pid number info. If it's one 3082 * from me over a new alg., I could give two hoots about sequence. 3083 */ 3084 samsg->sadb_msg_seq = sequence; 3085 samsg->sadb_msg_pid = pid; 3086 3087 if (sasupp_auth != NULL) { 3088 sasupp_auth->sadb_supported_len = SADB_8TO64( 3089 sizeof (*sasupp_auth) + sizeof (*saalg) * current_aalgs); 3090 sasupp_auth->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 3091 sasupp_auth->sadb_supported_reserved = 0; 3092 } 3093 3094 if (sasupp_encr != NULL) { 3095 sasupp_encr->sadb_supported_len = SADB_8TO64( 3096 sizeof (*sasupp_encr) + sizeof (*saalg) * current_ealgs); 3097 sasupp_encr->sadb_supported_exttype = 3098 SADB_EXT_SUPPORTED_ENCRYPT; 3099 sasupp_encr->sadb_supported_reserved = 0; 3100 } 3101 3102 if (espstack->esp_pfkey_q != NULL) 3103 putnext(espstack->esp_pfkey_q, keysock_out_mp); 3104 else { 3105 freemsg(keysock_out_mp); 3106 return (B_FALSE); 3107 } 3108 3109 return (B_TRUE); 3110 } 3111 3112 /* 3113 * Invoked when the algorithm table changes. Causes SADB_REGISTER 3114 * messages continaining the current list of algorithms to be 3115 * sent up to the ESP listeners. 3116 */ 3117 void 3118 ipsecesp_algs_changed(netstack_t *ns) 3119 { 3120 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 3121 3122 /* 3123 * Time to send a PF_KEY SADB_REGISTER message to ESP listeners 3124 * everywhere. (The function itself checks for NULL esp_pfkey_q.) 3125 */ 3126 (void) esp_register_out(0, 0, 0, espstack); 3127 } 3128 3129 /* 3130 * taskq_dispatch handler. 3131 */ 3132 static void 3133 inbound_task(void *arg) 3134 { 3135 esph_t *esph; 3136 mblk_t *mp = (mblk_t *)arg; 3137 ipsec_in_t *ii = (ipsec_in_t *)mp->b_rptr; 3138 netstack_t *ns = ii->ipsec_in_ns; 3139 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 3140 int ipsec_rc; 3141 3142 esp2dbg(espstack, ("in ESP inbound_task")); 3143 ASSERT(espstack != NULL); 3144 3145 esph = ipsec_inbound_esp_sa(mp, ns); 3146 if (esph == NULL) 3147 return; 3148 ASSERT(ii->ipsec_in_esp_sa != NULL); 3149 ipsec_rc = ii->ipsec_in_esp_sa->ipsa_input_func(mp, esph); 3150 if (ipsec_rc != IPSEC_STATUS_SUCCESS) 3151 return; 3152 ip_fanout_proto_again(mp, NULL, NULL, NULL); 3153 } 3154 3155 /* 3156 * Now that weak-key passed, actually ADD the security association, and 3157 * send back a reply ADD message. 3158 */ 3159 static int 3160 esp_add_sa_finish(mblk_t *mp, sadb_msg_t *samsg, keysock_in_t *ksi, 3161 int *diagnostic, ipsecesp_stack_t *espstack) 3162 { 3163 isaf_t *primary = NULL, *secondary, *inbound, *outbound; 3164 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 3165 sadb_address_t *dstext = 3166 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3167 struct sockaddr_in *dst; 3168 struct sockaddr_in6 *dst6; 3169 boolean_t is_ipv4, clone = B_FALSE, is_inbound = B_FALSE; 3170 uint32_t *dstaddr; 3171 ipsa_t *larval = NULL; 3172 ipsacq_t *acqrec; 3173 iacqf_t *acq_bucket; 3174 mblk_t *acq_msgs = NULL; 3175 int rc; 3176 sadb_t *sp; 3177 int outhash; 3178 mblk_t *lpkt; 3179 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 3180 3181 /* 3182 * Locate the appropriate table(s). 3183 */ 3184 3185 dst = (struct sockaddr_in *)(dstext + 1); 3186 dst6 = (struct sockaddr_in6 *)dst; 3187 is_ipv4 = (dst->sin_family == AF_INET); 3188 if (is_ipv4) { 3189 sp = &espstack->esp_sadb.s_v4; 3190 dstaddr = (uint32_t *)(&dst->sin_addr); 3191 outhash = OUTBOUND_HASH_V4(sp, *(ipaddr_t *)dstaddr); 3192 } else { 3193 sp = &espstack->esp_sadb.s_v6; 3194 dstaddr = (uint32_t *)(&dst6->sin6_addr); 3195 outhash = OUTBOUND_HASH_V6(sp, *(in6_addr_t *)dstaddr); 3196 } 3197 3198 inbound = INBOUND_BUCKET(sp, assoc->sadb_sa_spi); 3199 outbound = &sp->sdb_of[outhash]; 3200 3201 /* 3202 * Use the direction flags provided by the KMD to determine 3203 * if the inbound or outbound table should be the primary 3204 * for this SA. If these flags were absent then make this 3205 * decision based on the addresses. 3206 */ 3207 if (assoc->sadb_sa_flags & IPSA_F_INBOUND) { 3208 primary = inbound; 3209 secondary = outbound; 3210 is_inbound = B_TRUE; 3211 if (assoc->sadb_sa_flags & IPSA_F_OUTBOUND) 3212 clone = B_TRUE; 3213 } else { 3214 if (assoc->sadb_sa_flags & IPSA_F_OUTBOUND) { 3215 primary = outbound; 3216 secondary = inbound; 3217 } 3218 } 3219 3220 if (primary == NULL) { 3221 /* 3222 * The KMD did not set a direction flag, determine which 3223 * table to insert the SA into based on addresses. 3224 */ 3225 switch (ksi->ks_in_dsttype) { 3226 case KS_IN_ADDR_MBCAST: 3227 clone = B_TRUE; /* All mcast SAs can be bidirectional */ 3228 assoc->sadb_sa_flags |= IPSA_F_OUTBOUND; 3229 /* FALLTHRU */ 3230 /* 3231 * If the source address is either one of mine, or unspecified 3232 * (which is best summed up by saying "not 'not mine'"), 3233 * then the association is potentially bi-directional, 3234 * in that it can be used for inbound traffic and outbound 3235 * traffic. The best example of such an SA is a multicast 3236 * SA (which allows me to receive the outbound traffic). 3237 */ 3238 case KS_IN_ADDR_ME: 3239 assoc->sadb_sa_flags |= IPSA_F_INBOUND; 3240 primary = inbound; 3241 secondary = outbound; 3242 if (ksi->ks_in_srctype != KS_IN_ADDR_NOTME) 3243 clone = B_TRUE; 3244 is_inbound = B_TRUE; 3245 break; 3246 /* 3247 * If the source address literally not mine (either 3248 * unspecified or not mine), then this SA may have an 3249 * address that WILL be mine after some configuration. 3250 * We pay the price for this by making it a bi-directional 3251 * SA. 3252 */ 3253 case KS_IN_ADDR_NOTME: 3254 assoc->sadb_sa_flags |= IPSA_F_OUTBOUND; 3255 primary = outbound; 3256 secondary = inbound; 3257 if (ksi->ks_in_srctype != KS_IN_ADDR_ME) { 3258 assoc->sadb_sa_flags |= IPSA_F_INBOUND; 3259 clone = B_TRUE; 3260 } 3261 break; 3262 default: 3263 *diagnostic = SADB_X_DIAGNOSTIC_BAD_DST; 3264 return (EINVAL); 3265 } 3266 } 3267 3268 /* 3269 * Find a ACQUIRE list entry if possible. If we've added an SA that 3270 * suits the needs of an ACQUIRE list entry, we can eliminate the 3271 * ACQUIRE list entry and transmit the enqueued packets. Use the 3272 * high-bit of the sequence number to queue it. Key off destination 3273 * addr, and change acqrec's state. 3274 */ 3275 3276 if (samsg->sadb_msg_seq & IACQF_LOWEST_SEQ) { 3277 acq_bucket = &sp->sdb_acq[outhash]; 3278 mutex_enter(&acq_bucket->iacqf_lock); 3279 for (acqrec = acq_bucket->iacqf_ipsacq; acqrec != NULL; 3280 acqrec = acqrec->ipsacq_next) { 3281 mutex_enter(&acqrec->ipsacq_lock); 3282 /* 3283 * Q: I only check sequence. Should I check dst? 3284 * A: Yes, check dest because those are the packets 3285 * that are queued up. 3286 */ 3287 if (acqrec->ipsacq_seq == samsg->sadb_msg_seq && 3288 IPSA_ARE_ADDR_EQUAL(dstaddr, 3289 acqrec->ipsacq_dstaddr, acqrec->ipsacq_addrfam)) 3290 break; 3291 mutex_exit(&acqrec->ipsacq_lock); 3292 } 3293 if (acqrec != NULL) { 3294 /* 3295 * AHA! I found an ACQUIRE record for this SA. 3296 * Grab the msg list, and free the acquire record. 3297 * I already am holding the lock for this record, 3298 * so all I have to do is free it. 3299 */ 3300 acq_msgs = acqrec->ipsacq_mp; 3301 acqrec->ipsacq_mp = NULL; 3302 mutex_exit(&acqrec->ipsacq_lock); 3303 sadb_destroy_acquire(acqrec, 3304 espstack->ipsecesp_netstack); 3305 } 3306 mutex_exit(&acq_bucket->iacqf_lock); 3307 } 3308 3309 /* 3310 * Find PF_KEY message, and see if I'm an update. If so, find entry 3311 * in larval list (if there). 3312 */ 3313 3314 if (samsg->sadb_msg_type == SADB_UPDATE) { 3315 mutex_enter(&inbound->isaf_lock); 3316 larval = ipsec_getassocbyspi(inbound, assoc->sadb_sa_spi, 3317 ALL_ZEROES_PTR, dstaddr, dst->sin_family); 3318 mutex_exit(&inbound->isaf_lock); 3319 3320 if (larval == NULL) { 3321 *diagnostic = SADB_X_DIAGNOSTIC_SA_NOTFOUND; 3322 esp0dbg(("Larval update, but larval disappeared.\n")); 3323 return (ESRCH); 3324 } /* Else sadb_common_add unlinks it for me! */ 3325 } 3326 3327 lpkt = NULL; 3328 if (larval != NULL) 3329 lpkt = sadb_clear_lpkt(larval); 3330 3331 rc = sadb_common_add(espstack->esp_sadb.s_ip_q, espstack->esp_pfkey_q, 3332 mp, samsg, ksi, primary, secondary, larval, clone, is_inbound, 3333 diagnostic, espstack->ipsecesp_netstack, &espstack->esp_sadb); 3334 3335 if (rc == 0 && lpkt != NULL) { 3336 rc = !taskq_dispatch(esp_taskq, inbound_task, 3337 (void *) lpkt, TQ_NOSLEEP); 3338 } 3339 3340 if (rc != 0) { 3341 ip_drop_packet(lpkt, B_TRUE, NULL, NULL, 3342 DROPPER(ipss, ipds_sadb_inlarval_timeout), 3343 &espstack->esp_dropper); 3344 } 3345 3346 /* 3347 * How much more stack will I create with all of these 3348 * esp_outbound() calls? 3349 */ 3350 3351 while (acq_msgs != NULL) { 3352 mblk_t *mp = acq_msgs; 3353 3354 acq_msgs = acq_msgs->b_next; 3355 mp->b_next = NULL; 3356 if (rc == 0) { 3357 if (ipsec_outbound_sa(mp, IPPROTO_ESP)) { 3358 ((ipsec_out_t *)(mp->b_rptr))-> 3359 ipsec_out_esp_done = B_TRUE; 3360 if (esp_outbound(mp) == IPSEC_STATUS_SUCCESS) { 3361 ipha_t *ipha; 3362 3363 /* do AH processing if needed */ 3364 if (!esp_do_outbound_ah(mp)) 3365 continue; 3366 3367 ipha = (ipha_t *)mp->b_cont->b_rptr; 3368 3369 /* finish IPsec processing */ 3370 if (is_ipv4) { 3371 ip_wput_ipsec_out(NULL, mp, 3372 ipha, NULL, NULL); 3373 } else { 3374 ip6_t *ip6h = (ip6_t *)ipha; 3375 ip_wput_ipsec_out_v6(NULL, 3376 mp, ip6h, NULL, NULL); 3377 } 3378 } 3379 continue; 3380 } 3381 } 3382 ESP_BUMP_STAT(espstack, out_discards); 3383 ip_drop_packet(mp, B_FALSE, NULL, NULL, 3384 DROPPER(ipss, ipds_sadb_acquire_timeout), 3385 &espstack->esp_dropper); 3386 } 3387 3388 return (rc); 3389 } 3390 3391 /* 3392 * Add new ESP security association. This may become a generic AH/ESP 3393 * routine eventually. 3394 */ 3395 static int 3396 esp_add_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic, netstack_t *ns) 3397 { 3398 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 3399 sadb_address_t *srcext = 3400 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC]; 3401 sadb_address_t *dstext = 3402 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3403 sadb_address_t *isrcext = 3404 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_INNER_SRC]; 3405 sadb_address_t *idstext = 3406 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_INNER_DST]; 3407 sadb_address_t *nttext_loc = 3408 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_NATT_LOC]; 3409 sadb_address_t *nttext_rem = 3410 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_NATT_REM]; 3411 sadb_key_t *akey = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_AUTH]; 3412 sadb_key_t *ekey = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_ENCRYPT]; 3413 struct sockaddr_in *src, *dst; 3414 struct sockaddr_in *natt_loc, *natt_rem; 3415 struct sockaddr_in6 *natt_loc6, *natt_rem6; 3416 sadb_lifetime_t *soft = 3417 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_SOFT]; 3418 sadb_lifetime_t *hard = 3419 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_HARD]; 3420 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 3421 ipsec_stack_t *ipss = ns->netstack_ipsec; 3422 3423 /* I need certain extensions present for an ADD message. */ 3424 if (srcext == NULL) { 3425 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SRC; 3426 return (EINVAL); 3427 } 3428 if (dstext == NULL) { 3429 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST; 3430 return (EINVAL); 3431 } 3432 if (isrcext == NULL && idstext != NULL) { 3433 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_INNER_SRC; 3434 return (EINVAL); 3435 } 3436 if (isrcext != NULL && idstext == NULL) { 3437 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_INNER_DST; 3438 return (EINVAL); 3439 } 3440 if (assoc == NULL) { 3441 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA; 3442 return (EINVAL); 3443 } 3444 if (ekey == NULL && assoc->sadb_sa_encrypt != SADB_EALG_NULL) { 3445 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_EKEY; 3446 return (EINVAL); 3447 } 3448 3449 src = (struct sockaddr_in *)(srcext + 1); 3450 dst = (struct sockaddr_in *)(dstext + 1); 3451 natt_loc = (struct sockaddr_in *)(nttext_loc + 1); 3452 natt_loc6 = (struct sockaddr_in6 *)(nttext_loc + 1); 3453 natt_rem = (struct sockaddr_in *)(nttext_rem + 1); 3454 natt_rem6 = (struct sockaddr_in6 *)(nttext_rem + 1); 3455 3456 /* Sundry ADD-specific reality checks. */ 3457 /* XXX STATS : Logging/stats here? */ 3458 if (assoc->sadb_sa_state != SADB_SASTATE_MATURE) { 3459 *diagnostic = SADB_X_DIAGNOSTIC_BAD_SASTATE; 3460 return (EINVAL); 3461 } 3462 if (assoc->sadb_sa_encrypt == SADB_EALG_NONE) { 3463 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG; 3464 return (EINVAL); 3465 } 3466 3467 if (assoc->sadb_sa_encrypt == SADB_EALG_NULL && 3468 assoc->sadb_sa_auth == SADB_AALG_NONE) { 3469 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG; 3470 return (EINVAL); 3471 } 3472 3473 if (assoc->sadb_sa_flags & ~(SADB_SAFLAGS_NOREPLAY | 3474 SADB_X_SAFLAGS_NATT_LOC | SADB_X_SAFLAGS_NATT_REM | 3475 SADB_X_SAFLAGS_TUNNEL | SADB_X_SAFLAGS_OUTBOUND | 3476 SADB_X_SAFLAGS_INBOUND | SADB_X_SAFLAGS_PAIRED)) { 3477 *diagnostic = SADB_X_DIAGNOSTIC_BAD_SAFLAGS; 3478 return (EINVAL); 3479 } 3480 3481 if ((*diagnostic = sadb_hardsoftchk(hard, soft)) != 0) { 3482 return (EINVAL); 3483 } 3484 ASSERT(src->sin_family == dst->sin_family); 3485 3486 if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_LOC) { 3487 if (nttext_loc == NULL) { 3488 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_NATT_LOC; 3489 return (EINVAL); 3490 } 3491 3492 if (natt_loc->sin_family == AF_INET6 && 3493 !IN6_IS_ADDR_V4MAPPED(&natt_loc6->sin6_addr)) { 3494 *diagnostic = SADB_X_DIAGNOSTIC_MALFORMED_NATT_LOC; 3495 return (EINVAL); 3496 } 3497 } 3498 3499 if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_REM) { 3500 if (nttext_rem == NULL) { 3501 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_NATT_REM; 3502 return (EINVAL); 3503 } 3504 if (natt_rem->sin_family == AF_INET6 && 3505 !IN6_IS_ADDR_V4MAPPED(&natt_rem6->sin6_addr)) { 3506 *diagnostic = SADB_X_DIAGNOSTIC_MALFORMED_NATT_REM; 3507 return (EINVAL); 3508 } 3509 } 3510 3511 3512 /* Stuff I don't support, for now. XXX Diagnostic? */ 3513 if (ksi->ks_in_extv[SADB_EXT_LIFETIME_CURRENT] != NULL || 3514 ksi->ks_in_extv[SADB_EXT_SENSITIVITY] != NULL) 3515 return (EOPNOTSUPP); 3516 3517 /* 3518 * XXX Policy : I'm not checking identities or sensitivity 3519 * labels at this time, but if I did, I'd do them here, before I sent 3520 * the weak key check up to the algorithm. 3521 */ 3522 3523 mutex_enter(&ipss->ipsec_alg_lock); 3524 3525 /* 3526 * First locate the authentication algorithm. 3527 */ 3528 if (akey != NULL) { 3529 ipsec_alginfo_t *aalg; 3530 3531 aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH] 3532 [assoc->sadb_sa_auth]; 3533 if (aalg == NULL || !ALG_VALID(aalg)) { 3534 mutex_exit(&ipss->ipsec_alg_lock); 3535 esp1dbg(espstack, ("Couldn't find auth alg #%d.\n", 3536 assoc->sadb_sa_auth)); 3537 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG; 3538 return (EINVAL); 3539 } 3540 3541 /* 3542 * Sanity check key sizes. 3543 * Note: It's not possible to use SADB_AALG_NONE because 3544 * this auth_alg is not defined with ALG_FLAG_VALID. If this 3545 * ever changes, the same check for SADB_AALG_NONE and 3546 * a auth_key != NULL should be made here ( see below). 3547 */ 3548 if (!ipsec_valid_key_size(akey->sadb_key_bits, aalg)) { 3549 mutex_exit(&ipss->ipsec_alg_lock); 3550 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AKEYBITS; 3551 return (EINVAL); 3552 } 3553 ASSERT(aalg->alg_mech_type != CRYPTO_MECHANISM_INVALID); 3554 3555 /* check key and fix parity if needed */ 3556 if (ipsec_check_key(aalg->alg_mech_type, akey, B_TRUE, 3557 diagnostic) != 0) { 3558 mutex_exit(&ipss->ipsec_alg_lock); 3559 return (EINVAL); 3560 } 3561 } 3562 3563 /* 3564 * Then locate the encryption algorithm. 3565 */ 3566 if (ekey != NULL) { 3567 ipsec_alginfo_t *ealg; 3568 3569 ealg = ipss->ipsec_alglists[IPSEC_ALG_ENCR] 3570 [assoc->sadb_sa_encrypt]; 3571 if (ealg == NULL || !ALG_VALID(ealg)) { 3572 mutex_exit(&ipss->ipsec_alg_lock); 3573 esp1dbg(espstack, ("Couldn't find encr alg #%d.\n", 3574 assoc->sadb_sa_encrypt)); 3575 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG; 3576 return (EINVAL); 3577 } 3578 3579 /* 3580 * Sanity check key sizes. If the encryption algorithm is 3581 * SADB_EALG_NULL but the encryption key is NOT 3582 * NULL then complain. 3583 */ 3584 if ((assoc->sadb_sa_encrypt == SADB_EALG_NULL) || 3585 (!ipsec_valid_key_size(ekey->sadb_key_bits, ealg))) { 3586 mutex_exit(&ipss->ipsec_alg_lock); 3587 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EKEYBITS; 3588 return (EINVAL); 3589 } 3590 ASSERT(ealg->alg_mech_type != CRYPTO_MECHANISM_INVALID); 3591 3592 /* check key */ 3593 if (ipsec_check_key(ealg->alg_mech_type, ekey, B_FALSE, 3594 diagnostic) != 0) { 3595 mutex_exit(&ipss->ipsec_alg_lock); 3596 return (EINVAL); 3597 } 3598 } 3599 mutex_exit(&ipss->ipsec_alg_lock); 3600 3601 return (esp_add_sa_finish(mp, (sadb_msg_t *)mp->b_cont->b_rptr, ksi, 3602 diagnostic, espstack)); 3603 } 3604 3605 /* 3606 * Update a security association. Updates come in two varieties. The first 3607 * is an update of lifetimes on a non-larval SA. The second is an update of 3608 * a larval SA, which ends up looking a lot more like an add. 3609 */ 3610 static int 3611 esp_update_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic, 3612 ipsecesp_stack_t *espstack, uint8_t sadb_msg_type) 3613 { 3614 sadb_address_t *dstext = 3615 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3616 3617 if (dstext == NULL) { 3618 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST; 3619 return (EINVAL); 3620 } 3621 3622 return (sadb_update_sa(mp, ksi, &espstack->esp_sadb, 3623 diagnostic, espstack->esp_pfkey_q, 3624 esp_add_sa, espstack->ipsecesp_netstack, sadb_msg_type)); 3625 } 3626 3627 /* 3628 * Delete a security association. This is REALLY likely to be code common to 3629 * both AH and ESP. Find the association, then unlink it. 3630 */ 3631 static int 3632 esp_del_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic, 3633 ipsecesp_stack_t *espstack, uint8_t sadb_msg_type) 3634 { 3635 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA]; 3636 sadb_address_t *dstext = 3637 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST]; 3638 sadb_address_t *srcext = 3639 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC]; 3640 struct sockaddr_in *sin; 3641 3642 if (assoc == NULL) { 3643 if (dstext != NULL) { 3644 sin = (struct sockaddr_in *)(dstext + 1); 3645 } else if (srcext != NULL) { 3646 sin = (struct sockaddr_in *)(srcext + 1); 3647 } else { 3648 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA; 3649 return (EINVAL); 3650 } 3651 return (sadb_purge_sa(mp, ksi, 3652 (sin->sin_family == AF_INET6) ? &espstack->esp_sadb.s_v6 : 3653 &espstack->esp_sadb.s_v4, espstack->esp_pfkey_q, 3654 espstack->esp_sadb.s_ip_q)); 3655 } 3656 3657 return (sadb_delget_sa(mp, ksi, &espstack->esp_sadb, diagnostic, 3658 espstack->esp_pfkey_q, sadb_msg_type)); 3659 } 3660 3661 /* 3662 * Convert the entire contents of all of ESP's SA tables into PF_KEY SADB_DUMP 3663 * messages. 3664 */ 3665 static void 3666 esp_dump(mblk_t *mp, keysock_in_t *ksi, ipsecesp_stack_t *espstack) 3667 { 3668 int error; 3669 sadb_msg_t *samsg; 3670 3671 /* 3672 * Dump each fanout, bailing if error is non-zero. 3673 */ 3674 3675 error = sadb_dump(espstack->esp_pfkey_q, mp, ksi->ks_in_serial, 3676 &espstack->esp_sadb.s_v4); 3677 if (error != 0) 3678 goto bail; 3679 3680 error = sadb_dump(espstack->esp_pfkey_q, mp, ksi->ks_in_serial, 3681 &espstack->esp_sadb.s_v6); 3682 bail: 3683 ASSERT(mp->b_cont != NULL); 3684 samsg = (sadb_msg_t *)mp->b_cont->b_rptr; 3685 samsg->sadb_msg_errno = (uint8_t)error; 3686 sadb_pfkey_echo(espstack->esp_pfkey_q, mp, 3687 (sadb_msg_t *)mp->b_cont->b_rptr, ksi, NULL); 3688 } 3689 3690 /* 3691 * First-cut reality check for an inbound PF_KEY message. 3692 */ 3693 static boolean_t 3694 esp_pfkey_reality_failures(mblk_t *mp, keysock_in_t *ksi, 3695 ipsecesp_stack_t *espstack) 3696 { 3697 int diagnostic; 3698 3699 if (ksi->ks_in_extv[SADB_EXT_PROPOSAL] != NULL) { 3700 diagnostic = SADB_X_DIAGNOSTIC_PROP_PRESENT; 3701 goto badmsg; 3702 } 3703 if (ksi->ks_in_extv[SADB_EXT_SUPPORTED_AUTH] != NULL || 3704 ksi->ks_in_extv[SADB_EXT_SUPPORTED_ENCRYPT] != NULL) { 3705 diagnostic = SADB_X_DIAGNOSTIC_SUPP_PRESENT; 3706 goto badmsg; 3707 } 3708 return (B_FALSE); /* False ==> no failures */ 3709 3710 badmsg: 3711 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, diagnostic, 3712 ksi->ks_in_serial); 3713 return (B_TRUE); /* True ==> failures */ 3714 } 3715 3716 /* 3717 * ESP parsing of PF_KEY messages. Keysock did most of the really silly 3718 * error cases. What I receive is a fully-formed, syntactically legal 3719 * PF_KEY message. I then need to check semantics... 3720 * 3721 * This code may become common to AH and ESP. Stay tuned. 3722 * 3723 * I also make the assumption that db_ref's are cool. If this assumption 3724 * is wrong, this means that someone other than keysock or me has been 3725 * mucking with PF_KEY messages. 3726 */ 3727 static void 3728 esp_parse_pfkey(mblk_t *mp, ipsecesp_stack_t *espstack) 3729 { 3730 mblk_t *msg = mp->b_cont; 3731 sadb_msg_t *samsg; 3732 keysock_in_t *ksi; 3733 int error; 3734 int diagnostic = SADB_X_DIAGNOSTIC_NONE; 3735 3736 ASSERT(msg != NULL); 3737 3738 samsg = (sadb_msg_t *)msg->b_rptr; 3739 ksi = (keysock_in_t *)mp->b_rptr; 3740 3741 /* 3742 * If applicable, convert unspecified AF_INET6 to unspecified 3743 * AF_INET. And do other address reality checks. 3744 */ 3745 if (!sadb_addrfix(ksi, espstack->esp_pfkey_q, mp, 3746 espstack->ipsecesp_netstack) || 3747 esp_pfkey_reality_failures(mp, ksi, espstack)) { 3748 return; 3749 } 3750 3751 switch (samsg->sadb_msg_type) { 3752 case SADB_ADD: 3753 error = esp_add_sa(mp, ksi, &diagnostic, 3754 espstack->ipsecesp_netstack); 3755 if (error != 0) { 3756 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error, 3757 diagnostic, ksi->ks_in_serial); 3758 } 3759 /* else esp_add_sa() took care of things. */ 3760 break; 3761 case SADB_DELETE: 3762 case SADB_X_DELPAIR: 3763 error = esp_del_sa(mp, ksi, &diagnostic, espstack, 3764 samsg->sadb_msg_type); 3765 if (error != 0) { 3766 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error, 3767 diagnostic, ksi->ks_in_serial); 3768 } 3769 /* Else esp_del_sa() took care of things. */ 3770 break; 3771 case SADB_GET: 3772 error = sadb_delget_sa(mp, ksi, &espstack->esp_sadb, 3773 &diagnostic, espstack->esp_pfkey_q, samsg->sadb_msg_type); 3774 if (error != 0) { 3775 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error, 3776 diagnostic, ksi->ks_in_serial); 3777 } 3778 /* Else sadb_get_sa() took care of things. */ 3779 break; 3780 case SADB_FLUSH: 3781 sadbp_flush(&espstack->esp_sadb, espstack->ipsecesp_netstack); 3782 sadb_pfkey_echo(espstack->esp_pfkey_q, mp, samsg, ksi, NULL); 3783 break; 3784 case SADB_REGISTER: 3785 /* 3786 * Hmmm, let's do it! Check for extensions (there should 3787 * be none), extract the fields, call esp_register_out(), 3788 * then either free or report an error. 3789 * 3790 * Keysock takes care of the PF_KEY bookkeeping for this. 3791 */ 3792 if (esp_register_out(samsg->sadb_msg_seq, samsg->sadb_msg_pid, 3793 ksi->ks_in_serial, espstack)) { 3794 freemsg(mp); 3795 } else { 3796 /* 3797 * Only way this path hits is if there is a memory 3798 * failure. It will not return B_FALSE because of 3799 * lack of esp_pfkey_q if I am in wput(). 3800 */ 3801 sadb_pfkey_error(espstack->esp_pfkey_q, mp, ENOMEM, 3802 diagnostic, ksi->ks_in_serial); 3803 } 3804 break; 3805 case SADB_UPDATE: 3806 case SADB_X_UPDATEPAIR: 3807 /* 3808 * Find a larval, if not there, find a full one and get 3809 * strict. 3810 */ 3811 error = esp_update_sa(mp, ksi, &diagnostic, espstack, 3812 samsg->sadb_msg_type); 3813 if (error != 0) { 3814 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error, 3815 diagnostic, ksi->ks_in_serial); 3816 } 3817 /* else esp_update_sa() took care of things. */ 3818 break; 3819 case SADB_GETSPI: 3820 /* 3821 * Reserve a new larval entry. 3822 */ 3823 esp_getspi(mp, ksi, espstack); 3824 break; 3825 case SADB_ACQUIRE: 3826 /* 3827 * Find larval and/or ACQUIRE record and kill it (them), I'm 3828 * most likely an error. Inbound ACQUIRE messages should only 3829 * have the base header. 3830 */ 3831 sadb_in_acquire(samsg, &espstack->esp_sadb, 3832 espstack->esp_pfkey_q, espstack->ipsecesp_netstack); 3833 freemsg(mp); 3834 break; 3835 case SADB_DUMP: 3836 /* 3837 * Dump all entries. 3838 */ 3839 esp_dump(mp, ksi, espstack); 3840 /* esp_dump will take care of the return message, etc. */ 3841 break; 3842 case SADB_EXPIRE: 3843 /* Should never reach me. */ 3844 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EOPNOTSUPP, 3845 diagnostic, ksi->ks_in_serial); 3846 break; 3847 default: 3848 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, 3849 SADB_X_DIAGNOSTIC_UNKNOWN_MSG, ksi->ks_in_serial); 3850 break; 3851 } 3852 } 3853 3854 /* 3855 * Handle case where PF_KEY says it can't find a keysock for one of my 3856 * ACQUIRE messages. 3857 */ 3858 static void 3859 esp_keysock_no_socket(mblk_t *mp, ipsecesp_stack_t *espstack) 3860 { 3861 sadb_msg_t *samsg; 3862 keysock_out_err_t *kse = (keysock_out_err_t *)mp->b_rptr; 3863 3864 if (mp->b_cont == NULL) { 3865 freemsg(mp); 3866 return; 3867 } 3868 samsg = (sadb_msg_t *)mp->b_cont->b_rptr; 3869 3870 /* 3871 * If keysock can't find any registered, delete the acquire record 3872 * immediately, and handle errors. 3873 */ 3874 if (samsg->sadb_msg_type == SADB_ACQUIRE) { 3875 samsg->sadb_msg_errno = kse->ks_err_errno; 3876 samsg->sadb_msg_len = SADB_8TO64(sizeof (*samsg)); 3877 /* 3878 * Use the write-side of the esp_pfkey_q, in case there is 3879 * no esp_sadb.s_ip_q. 3880 */ 3881 sadb_in_acquire(samsg, &espstack->esp_sadb, 3882 WR(espstack->esp_pfkey_q), espstack->ipsecesp_netstack); 3883 } 3884 3885 freemsg(mp); 3886 } 3887 3888 /* 3889 * ESP module write put routine. 3890 */ 3891 static void 3892 ipsecesp_wput(queue_t *q, mblk_t *mp) 3893 { 3894 ipsec_info_t *ii; 3895 struct iocblk *iocp; 3896 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr; 3897 3898 esp3dbg(espstack, ("In esp_wput().\n")); 3899 3900 /* NOTE: Each case must take care of freeing or passing mp. */ 3901 switch (mp->b_datap->db_type) { 3902 case M_CTL: 3903 if ((mp->b_wptr - mp->b_rptr) < sizeof (ipsec_info_t)) { 3904 /* Not big enough message. */ 3905 freemsg(mp); 3906 break; 3907 } 3908 ii = (ipsec_info_t *)mp->b_rptr; 3909 3910 switch (ii->ipsec_info_type) { 3911 case KEYSOCK_OUT_ERR: 3912 esp1dbg(espstack, ("Got KEYSOCK_OUT_ERR message.\n")); 3913 esp_keysock_no_socket(mp, espstack); 3914 break; 3915 case KEYSOCK_IN: 3916 ESP_BUMP_STAT(espstack, keysock_in); 3917 esp3dbg(espstack, ("Got KEYSOCK_IN message.\n")); 3918 3919 /* Parse the message. */ 3920 esp_parse_pfkey(mp, espstack); 3921 break; 3922 case KEYSOCK_HELLO: 3923 sadb_keysock_hello(&espstack->esp_pfkey_q, q, mp, 3924 esp_ager, (void *)espstack, &espstack->esp_event, 3925 SADB_SATYPE_ESP); 3926 break; 3927 default: 3928 esp2dbg(espstack, ("Got M_CTL from above of 0x%x.\n", 3929 ii->ipsec_info_type)); 3930 freemsg(mp); 3931 break; 3932 } 3933 break; 3934 case M_IOCTL: 3935 iocp = (struct iocblk *)mp->b_rptr; 3936 switch (iocp->ioc_cmd) { 3937 case ND_SET: 3938 case ND_GET: 3939 if (nd_getset(q, espstack->ipsecesp_g_nd, mp)) { 3940 qreply(q, mp); 3941 return; 3942 } else { 3943 iocp->ioc_error = ENOENT; 3944 } 3945 /* FALLTHRU */ 3946 default: 3947 /* We really don't support any other ioctls, do we? */ 3948 3949 /* Return EINVAL */ 3950 if (iocp->ioc_error != ENOENT) 3951 iocp->ioc_error = EINVAL; 3952 iocp->ioc_count = 0; 3953 mp->b_datap->db_type = M_IOCACK; 3954 qreply(q, mp); 3955 return; 3956 } 3957 default: 3958 esp3dbg(espstack, 3959 ("Got default message, type %d, passing to IP.\n", 3960 mp->b_datap->db_type)); 3961 putnext(q, mp); 3962 } 3963 } 3964 3965 /* 3966 * Process an outbound ESP packet that can be accelerated by a IPsec 3967 * hardware acceleration capable Provider. 3968 * The caller already inserted and initialized the ESP header. 3969 * This function allocates a tagging M_CTL, and adds room at the end 3970 * of the packet to hold the ICV if authentication is needed. 3971 * 3972 * On success returns B_TRUE, on failure returns B_FALSE and frees the 3973 * mblk chain ipsec_out. 3974 */ 3975 static ipsec_status_t 3976 esp_outbound_accelerated(mblk_t *ipsec_out, uint_t icv_len) 3977 { 3978 ipsec_out_t *io; 3979 mblk_t *lastmp; 3980 netstack_t *ns; 3981 ipsecesp_stack_t *espstack; 3982 ipsec_stack_t *ipss; 3983 3984 io = (ipsec_out_t *)ipsec_out->b_rptr; 3985 ns = io->ipsec_out_ns; 3986 espstack = ns->netstack_ipsecesp; 3987 ipss = ns->netstack_ipsec; 3988 3989 ESP_BUMP_STAT(espstack, out_accelerated); 3990 3991 /* mark packet as being accelerated in IPSEC_OUT */ 3992 ASSERT(io->ipsec_out_accelerated == B_FALSE); 3993 io->ipsec_out_accelerated = B_TRUE; 3994 3995 /* 3996 * add room at the end of the packet for the ICV if needed 3997 */ 3998 if (icv_len > 0) { 3999 /* go to last mblk */ 4000 lastmp = ipsec_out; /* For following while loop. */ 4001 do { 4002 lastmp = lastmp->b_cont; 4003 } while (lastmp->b_cont != NULL); 4004 4005 /* if not enough available room, allocate new mblk */ 4006 if ((lastmp->b_wptr + icv_len) > lastmp->b_datap->db_lim) { 4007 lastmp->b_cont = allocb(icv_len, BPRI_HI); 4008 if (lastmp->b_cont == NULL) { 4009 ESP_BUMP_STAT(espstack, out_discards); 4010 ip_drop_packet(ipsec_out, B_FALSE, NULL, NULL, 4011 DROPPER(ipss, ipds_esp_nomem), 4012 &espstack->esp_dropper); 4013 return (IPSEC_STATUS_FAILED); 4014 } 4015 lastmp = lastmp->b_cont; 4016 } 4017 lastmp->b_wptr += icv_len; 4018 } 4019 4020 return (IPSEC_STATUS_SUCCESS); 4021 } 4022 4023 /* 4024 * Process an inbound accelerated ESP packet. 4025 * On success returns B_TRUE, on failure returns B_FALSE and frees the 4026 * mblk chain ipsec_in. 4027 */ 4028 static ipsec_status_t 4029 esp_inbound_accelerated(mblk_t *ipsec_in, mblk_t *data_mp, boolean_t isv4, 4030 ipsa_t *assoc) 4031 { 4032 ipsec_in_t *ii = (ipsec_in_t *)ipsec_in->b_rptr; 4033 mblk_t *hada_mp; 4034 uint32_t icv_len = 0; 4035 da_ipsec_t *hada; 4036 ipha_t *ipha; 4037 ip6_t *ip6h; 4038 kstat_named_t *counter; 4039 netstack_t *ns = ii->ipsec_in_ns; 4040 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp; 4041 ipsec_stack_t *ipss = ns->netstack_ipsec; 4042 4043 ESP_BUMP_STAT(espstack, in_accelerated); 4044 4045 hada_mp = ii->ipsec_in_da; 4046 ASSERT(hada_mp != NULL); 4047 hada = (da_ipsec_t *)hada_mp->b_rptr; 4048 4049 /* 4050 * We only support one level of decapsulation in hardware, so 4051 * nuke the pointer. 4052 */ 4053 ii->ipsec_in_da = NULL; 4054 ii->ipsec_in_accelerated = B_FALSE; 4055 4056 if (assoc->ipsa_auth_alg != IPSA_AALG_NONE) { 4057 /* 4058 * ESP with authentication. We expect the Provider to have 4059 * computed the ICV and placed it in the hardware acceleration 4060 * data attributes. 4061 * 4062 * Extract ICV length from attributes M_CTL and sanity check 4063 * its value. We allow the mblk to be smaller than da_ipsec_t 4064 * for a small ICV, as long as the entire ICV fits within the 4065 * mblk. 4066 * 4067 * Also ensures that the ICV length computed by Provider 4068 * corresponds to the ICV length of the agorithm specified by 4069 * the SA. 4070 */ 4071 icv_len = hada->da_icv_len; 4072 if ((icv_len != assoc->ipsa_mac_len) || 4073 (icv_len > DA_ICV_MAX_LEN) || (MBLKL(hada_mp) < 4074 (sizeof (da_ipsec_t) - DA_ICV_MAX_LEN + icv_len))) { 4075 esp0dbg(("esp_inbound_accelerated: " 4076 "ICV len (%u) incorrect or mblk too small (%u)\n", 4077 icv_len, (uint32_t)(MBLKL(hada_mp)))); 4078 counter = DROPPER(ipss, ipds_esp_bad_auth); 4079 goto esp_in_discard; 4080 } 4081 } 4082 4083 /* get pointers to IP header */ 4084 if (isv4) { 4085 ipha = (ipha_t *)data_mp->b_rptr; 4086 } else { 4087 ip6h = (ip6_t *)data_mp->b_rptr; 4088 } 4089 4090 /* 4091 * Compare ICV in ESP packet vs ICV computed by adapter. 4092 * We also remove the ICV from the end of the packet since 4093 * it will no longer be needed. 4094 * 4095 * Assume that esp_inbound() already ensured that the pkt 4096 * was in one mblk. 4097 */ 4098 ASSERT(data_mp->b_cont == NULL); 4099 data_mp->b_wptr -= icv_len; 4100 /* adjust IP header */ 4101 if (isv4) 4102 ipha->ipha_length = htons(ntohs(ipha->ipha_length) - icv_len); 4103 else 4104 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - icv_len); 4105 if (icv_len && bcmp(hada->da_icv, data_mp->b_wptr, icv_len)) { 4106 int af; 4107 void *addr; 4108 4109 if (isv4) { 4110 addr = &ipha->ipha_dst; 4111 af = AF_INET; 4112 } else { 4113 addr = &ip6h->ip6_dst; 4114 af = AF_INET6; 4115 } 4116 4117 /* 4118 * Log the event. Don't print to the console, block 4119 * potential denial-of-service attack. 4120 */ 4121 ESP_BUMP_STAT(espstack, bad_auth); 4122 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 4123 "ESP Authentication failed spi %x, dst_addr %s", 4124 assoc->ipsa_spi, addr, af, espstack->ipsecesp_netstack); 4125 counter = DROPPER(ipss, ipds_esp_bad_auth); 4126 goto esp_in_discard; 4127 } 4128 4129 esp3dbg(espstack, ("esp_inbound_accelerated: ESP authentication " 4130 "succeeded, checking replay\n")); 4131 4132 ipsec_in->b_cont = data_mp; 4133 4134 /* 4135 * Remove ESP header and padding from packet. 4136 */ 4137 if (!esp_strip_header(data_mp, ii->ipsec_in_v4, assoc->ipsa_iv_len, 4138 &counter, espstack)) { 4139 esp1dbg(espstack, ("esp_inbound_accelerated: " 4140 "esp_strip_header() failed\n")); 4141 goto esp_in_discard; 4142 } 4143 4144 freeb(hada_mp); 4145 4146 /* 4147 * Account for usage.. 4148 */ 4149 if (!esp_age_bytes(assoc, msgdsize(data_mp), B_TRUE)) { 4150 /* The ipsa has hit hard expiration, LOG and AUDIT. */ 4151 ESP_BUMP_STAT(espstack, bytes_expired); 4152 IP_ESP_BUMP_STAT(ipss, in_discards); 4153 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN, 4154 "ESP association 0x%x, dst %s had bytes expire.\n", 4155 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam, 4156 espstack->ipsecesp_netstack); 4157 ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL, 4158 DROPPER(ipss, ipds_esp_bytes_expire), 4159 &espstack->esp_dropper); 4160 return (IPSEC_STATUS_FAILED); 4161 } 4162 4163 /* done processing the packet */ 4164 return (IPSEC_STATUS_SUCCESS); 4165 4166 esp_in_discard: 4167 IP_ESP_BUMP_STAT(ipss, in_discards); 4168 freeb(hada_mp); 4169 4170 ipsec_in->b_cont = data_mp; /* For ip_drop_packet()'s sake... */ 4171 ip_drop_packet(ipsec_in, B_TRUE, NULL, NULL, counter, 4172 &espstack->esp_dropper); 4173 4174 return (IPSEC_STATUS_FAILED); 4175 } 4176 4177 /* 4178 * Wrapper to allow IP to trigger an ESP association failure message 4179 * during inbound SA selection. 4180 */ 4181 void 4182 ipsecesp_in_assocfailure(mblk_t *mp, char level, ushort_t sl, char *fmt, 4183 uint32_t spi, void *addr, int af, ipsecesp_stack_t *espstack) 4184 { 4185 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec; 4186 4187 if (espstack->ipsecesp_log_unknown_spi) { 4188 ipsec_assocfailure(info.mi_idnum, 0, level, sl, fmt, spi, 4189 addr, af, espstack->ipsecesp_netstack); 4190 } 4191 4192 ip_drop_packet(mp, B_TRUE, NULL, NULL, 4193 DROPPER(ipss, ipds_esp_no_sa), 4194 &espstack->esp_dropper); 4195 } 4196 4197 /* 4198 * Initialize the ESP input and output processing functions. 4199 */ 4200 void 4201 ipsecesp_init_funcs(ipsa_t *sa) 4202 { 4203 if (sa->ipsa_output_func == NULL) 4204 sa->ipsa_output_func = esp_outbound; 4205 if (sa->ipsa_input_func == NULL) 4206 sa->ipsa_input_func = esp_inbound; 4207 } 4208