xref: /titanic_50/usr/src/uts/common/inet/sadb.h (revision 2df1fe9ca32bb227b9158c67f5c00b54c20b10fd)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_INET_SADB_H
27 #define	_INET_SADB_H
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 #ifdef	__cplusplus
32 extern "C" {
33 #endif
34 
35 #include <inet/ipsec_info.h>
36 #include <sys/crypto/common.h>
37 #include <sys/crypto/api.h>
38 #include <sys/note.h>
39 
40 #define	IPSA_MAX_ADDRLEN 4	/* Max address len. (in 32-bits) for an SA. */
41 
42 /*
43  * Return codes of IPsec processing functions.
44  */
45 typedef enum {
46 	IPSEC_STATUS_SUCCESS = 1,
47 	IPSEC_STATUS_FAILED = 2,
48 	IPSEC_STATUS_PENDING = 3
49 } ipsec_status_t;
50 
51 /*
52  * IP security association.  Synchronization assumes 32-bit loads, so
53  * the 64-bit quantities can't even be be read w/o locking it down!
54  */
55 
56 /* keying info */
57 typedef struct ipsa_key_s {
58 	void *sak_key;		/* Algorithm key. */
59 	uint_t sak_keylen;	/* Algorithm key length (in bytes). */
60 	uint_t sak_keybits;	/* Algorithm key length (in bits) */
61 	uint_t sak_algid;	/* Algorithm ID number. */
62 } ipsa_key_t;
63 
64 /* the security association */
65 typedef struct ipsa_s {
66 	struct ipsa_s *ipsa_next;	/* Next in hash bucket */
67 	struct ipsa_s **ipsa_ptpn;	/* Pointer to previous next pointer. */
68 	kmutex_t *ipsa_linklock;	/* Pointer to hash-chain lock. */
69 	void (*ipsa_freefunc)(struct ipsa_s *); /* freeassoc function */
70 	/*
71 	 * NOTE: I may need more pointers, depending on future SA
72 	 * requirements.
73 	 */
74 	ipsa_key_t ipsa_authkeydata;
75 #define	ipsa_authkey ipsa_authkeydata.sak_key
76 #define	ipsa_authkeylen ipsa_authkeydata.sak_keylen
77 #define	ipsa_authkeybits ipsa_authkeydata.sak_keybits
78 #define	ipsa_auth_alg ipsa_authkeydata.sak_algid
79 	ipsa_key_t ipsa_encrkeydata;
80 #define	ipsa_encrkey ipsa_encrkeydata.sak_key
81 #define	ipsa_encrkeylen ipsa_encrkeydata.sak_keylen
82 #define	ipsa_encrkeybits ipsa_encrkeydata.sak_keybits
83 #define	ipsa_encr_alg ipsa_encrkeydata.sak_algid
84 
85 	struct ipsid_s *ipsa_src_cid;	/* Source certificate identity */
86 	struct ipsid_s *ipsa_dst_cid;	/* Destination certificate identity */
87 	uint64_t *ipsa_integ;	/* Integrity bitmap */
88 	uint64_t *ipsa_sens;	/* Sensitivity bitmap */
89 	mblk_t	*ipsa_lpkt;	/* Packet received while larval (CAS me) */
90 
91 	/*
92 	 * PF_KEYv2 supports a replay window size of 255.  Hence there is a
93 	 * need a bit vector to support a replay window of 255.  256 is a nice
94 	 * round number, so I support that.
95 	 *
96 	 * Use an array of uint64_t for best performance on 64-bit
97 	 * processors.  (And hope that 32-bit compilers can handle things
98 	 * okay.)  The " >> 6 " is to get the appropriate number of 64-bit
99 	 * ints.
100 	 */
101 #define	SADB_MAX_REPLAY 256	/* Must be 0 mod 64. */
102 	uint64_t ipsa_replay_arr[SADB_MAX_REPLAY >> 6];
103 
104 	uint64_t ipsa_unique_id;	/* Non-zero for unique SAs */
105 	uint64_t ipsa_unique_mask;	/* mask value for unique_id */
106 
107 	/*
108 	 * Reference count semantics:
109 	 *
110 	 *	An SA has a reference count of 1 if something's pointing
111 	 *	to it.  This includes being in a hash table.  So if an
112 	 *	SA is in a hash table, it has a reference count of at least 1.
113 	 *
114 	 *	When a ptr. to an IPSA is assigned, you MUST REFHOLD after
115 	 *	said assignment.  When a ptr. to an IPSA is released
116 	 *	you MUST REFRELE.  When the refcount hits 0, REFRELE
117 	 *	will free the IPSA.
118 	 */
119 	kmutex_t ipsa_lock;	/* Locks non-linkage/refcnt fields. */
120 	/* Q:  Since I may be doing refcnts differently, will I need cv? */
121 	uint_t ipsa_refcnt;	/* Reference count. */
122 
123 	/*
124 	 * The following four time fields are the ones monitored by ah_ager()
125 	 * and esp_ager() respectively.  They are all absolute wall-clock
126 	 * times.  The times of creation (i.e. add time) and first use are
127 	 * pretty straightforward.  The soft and hard expire times are
128 	 * derived from the times of first use and creation, plus the minimum
129 	 * expiration times in the fields that follow this.
130 	 *
131 	 * For example, if I had a hard add time of 30 seconds, and a hard
132 	 * use time of 15, the ipsa_hardexpiretime would be time of add, plus
133 	 * 30 seconds.  If I USE the SA such that time of first use plus 15
134 	 * seconds would be earlier than the add time plus 30 seconds, then
135 	 * ipsa_hardexpiretime would become this earlier time.
136 	 */
137 	time_t ipsa_addtime;	/* Time I was added. */
138 	time_t ipsa_usetime;	/* Time of my first use. */
139 	time_t ipsa_lastuse;	/* Time of my last use. */
140 	time_t ipsa_last_nat_t_ka;	/* Time of my last NAT-T keepalive. */
141 	time_t ipsa_softexpiretime;	/* Time of my first soft expire. */
142 	time_t ipsa_hardexpiretime;	/* Time of my first hard expire. */
143 
144 	/*
145 	 * The following fields are directly reflected in PF_KEYv2 LIFETIME
146 	 * extensions.  The time_ts are in number-of-seconds, and the bytes
147 	 * are in... bytes.
148 	 */
149 	time_t ipsa_softaddlt;	/* Seconds of soft lifetime after add. */
150 	time_t ipsa_softuselt;	/* Seconds of soft lifetime after first use. */
151 	time_t ipsa_hardaddlt;	/* Seconds of hard lifetime after add. */
152 	time_t ipsa_harduselt;	/* Seconds of hard lifetime after first use. */
153 	uint64_t ipsa_softbyteslt;	/* Bytes of soft lifetime. */
154 	uint64_t ipsa_hardbyteslt;	/* Bytes of hard lifetime. */
155 	uint64_t ipsa_bytes;	/* Bytes encrypted/authed by this SA. */
156 
157 	/*
158 	 * "Allocations" are a concept mentioned in PF_KEYv2.  We do not
159 	 * support them, except to record them per the PF_KEYv2 spec.
160 	 */
161 	uint_t ipsa_softalloc;	/* Allocations allowed (soft). */
162 	uint_t ipsa_hardalloc;	/* Allocations allowed (hard). */
163 
164 	uint_t ipsa_integlen;	/* Length of the integrity bitmap (bytes). */
165 	uint_t ipsa_senslen;	/* Length of the sensitivity bitmap (bytes). */
166 
167 	uint_t ipsa_type;	/* Type of security association. (AH/etc.) */
168 	uint_t ipsa_dpd;	/* Domain for sensitivity bit vectors. */
169 	uint_t ipsa_senslevel;	/* Sensitivity level. */
170 	uint_t ipsa_integlevel;	/* Integrity level. */
171 	uint_t ipsa_state;	/* State of my association. */
172 	uint_t ipsa_replay_wsize; /* Size of replay window */
173 	uint32_t ipsa_flags;	/* Flags for security association. */
174 	uint32_t ipsa_spi;	/* Security parameters index. */
175 	uint32_t ipsa_replay;	/* Highest seen replay value for this SA. */
176 	uint32_t ipsa_kmp;	/* key management proto */
177 	uint32_t ipsa_kmc;	/* key management cookie */
178 
179 	boolean_t ipsa_haspeer;		/* Has peer in another table. */
180 
181 	/*
182 	 * Address storage.
183 	 * The source address can be INADDR_ANY, IN6ADDR_ANY, etc.
184 	 *
185 	 * Address families (per sys/socket.h) guide us.  We could have just
186 	 * used sockaddr_storage
187 	 */
188 	sa_family_t ipsa_addrfam;
189 	sa_family_t ipsa_innerfam;	/* Inner AF can be != src/dst AF. */
190 
191 	uint32_t ipsa_srcaddr[IPSA_MAX_ADDRLEN];
192 	uint32_t ipsa_dstaddr[IPSA_MAX_ADDRLEN];
193 	uint32_t ipsa_innersrc[IPSA_MAX_ADDRLEN];
194 	uint32_t ipsa_innerdst[IPSA_MAX_ADDRLEN];
195 
196 	uint8_t ipsa_innersrcpfx;
197 	uint8_t ipsa_innerdstpfx;
198 
199 	uint16_t ipsa_inbound_cksum; /* cksum correction for inbound packets */
200 	uint16_t ipsa_local_nat_port;	/* Local NAT-T port.  (0 --> 4500) */
201 	uint16_t ipsa_remote_nat_port; /* The other port that isn't 4500 */
202 
203 	/* these can only be v4 */
204 	uint32_t ipsa_natt_addr_loc;
205 	uint32_t ipsa_natt_addr_rem;
206 
207 	/*
208 	 * icmp type and code. *_end are to specify ranges. if only
209 	 * a single value, * and *_end are the same value.
210 	 */
211 	uint8_t ipsa_icmp_type;
212 	uint8_t ipsa_icmp_type_end;
213 	uint8_t ipsa_icmp_code;
214 	uint8_t ipsa_icmp_code_end;
215 
216 	/*
217 	 * For the kernel crypto framework.
218 	 */
219 	crypto_key_t ipsa_kcfauthkey;		/* authentication key */
220 	crypto_key_t ipsa_kcfencrkey;		/* encryption key */
221 	crypto_ctx_template_t ipsa_authtmpl;	/* auth context template */
222 	crypto_ctx_template_t ipsa_encrtmpl;	/* encr context template */
223 	crypto_mechanism_t ipsa_amech;		/* auth mech type and ICV len */
224 	crypto_mechanism_t ipsa_emech;		/* encr mech type */
225 	size_t ipsa_mac_len;			/* auth MAC length */
226 	size_t ipsa_iv_len;			/* encr IV length */
227 
228 	/*
229 	 * Input and output processing functions called from IP.
230 	 */
231 	ipsec_status_t (*ipsa_output_func)(mblk_t *);
232 	ipsec_status_t (*ipsa_input_func)(mblk_t *, void *);
233 
234 	/* MLS boxen will probably need more fields in here. */
235 
236 	netstack_t	*ipsa_netstack;	/* Does not have a netstack_hold */
237 } ipsa_t;
238 
239 /*
240  * ipsa_t address handling macros.  We want these to be inlined, and deal
241  * with 32-bit words to avoid bcmp/bcopy calls.
242  *
243  * Assume we only have AF_INET and AF_INET6 addresses for now.  Also assume
244  * that we have 32-bit alignment on everything.
245  */
246 #define	IPSA_IS_ADDR_UNSPEC(addr, fam) ((((uint32_t *)(addr))[0] == 0) && \
247 	(((fam) == AF_INET) || (((uint32_t *)(addr))[3] == 0 && \
248 	((uint32_t *)(addr))[2] == 0 && ((uint32_t *)(addr))[1] == 0)))
249 #define	IPSA_ARE_ADDR_EQUAL(addr1, addr2, fam) \
250 	((((uint32_t *)(addr1))[0] == ((uint32_t *)(addr2))[0]) && \
251 	(((fam) == AF_INET) || \
252 	(((uint32_t *)(addr1))[3] == ((uint32_t *)(addr2))[3] && \
253 	((uint32_t *)(addr1))[2] == ((uint32_t *)(addr2))[2] && \
254 	((uint32_t *)(addr1))[1] == ((uint32_t *)(addr2))[1])))
255 #define	IPSA_COPY_ADDR(dstaddr, srcaddr, fam) { \
256 	((uint32_t *)(dstaddr))[0] = ((uint32_t *)(srcaddr))[0]; \
257 	if ((fam) == AF_INET6) {\
258 		((uint32_t *)(dstaddr))[1] = ((uint32_t *)(srcaddr))[1]; \
259 		((uint32_t *)(dstaddr))[2] = ((uint32_t *)(srcaddr))[2]; \
260 		((uint32_t *)(dstaddr))[3] = ((uint32_t *)(srcaddr))[3]; } }
261 
262 /*
263  * ipsa_t reference hold/release macros.
264  *
265  * If you have a pointer, you REFHOLD.  If you are releasing a pointer, you
266  * REFRELE.  An ipsa_t that is newly inserted into the table should have
267  * a reference count of 1 (for the table's pointer), plus 1 more for every
268  * pointer that is referencing the ipsa_t.
269  */
270 
271 #define	IPSA_REFHOLD(ipsa) {			\
272 	atomic_add_32(&(ipsa)->ipsa_refcnt, 1);	\
273 	ASSERT((ipsa)->ipsa_refcnt != 0);	\
274 }
275 
276 /*
277  * Decrement the reference count on the SA.
278  * In architectures e.g sun4u, where atomic_add_32_nv is just
279  * a cas, we need to maintain the right memory barrier semantics
280  * as that of mutex_exit i.e all the loads and stores should complete
281  * before the cas is executed. membar_exit() does that here.
282  */
283 
284 #define	IPSA_REFRELE(ipsa) {					\
285 	ASSERT((ipsa)->ipsa_refcnt != 0);			\
286 	membar_exit();						\
287 	if (atomic_add_32_nv(&(ipsa)->ipsa_refcnt, -1) == 0)	\
288 		((ipsa)->ipsa_freefunc)(ipsa);			\
289 }
290 
291 /*
292  * Security association hash macros and definitions.  For now, assume the
293  * IPsec model, and hash outbounds on destination address, and inbounds on
294  * SPI.
295  */
296 
297 #define	IPSEC_DEFAULT_HASH_SIZE 256
298 
299 #define	INBOUND_HASH(sadb, spi) ((spi) % ((sadb)->sdb_hashsize))
300 #define	OUTBOUND_HASH_V4(sadb, v4addr) ((v4addr) % ((sadb)->sdb_hashsize))
301 #define	OUTBOUND_HASH_V6(sadb, v6addr) OUTBOUND_HASH_V4((sadb), \
302 	(*(uint32_t *)&(v6addr)) ^ (*(((uint32_t *)&(v6addr)) + 1)) ^ \
303 	(*(((uint32_t *)&(v6addr)) + 2)) ^ (*(((uint32_t *)&(v6addr)) + 3)))
304 
305 /*
306  * Syntactic sugar to find the appropriate hash bucket directly.
307  */
308 
309 #define	INBOUND_BUCKET(sadb, spi) &(((sadb)->sdb_if)[INBOUND_HASH(sadb, spi)])
310 #define	OUTBOUND_BUCKET_V4(sadb, v4addr) \
311 	&(((sadb)->sdb_of)[OUTBOUND_HASH_V4(sadb, v4addr)])
312 #define	OUTBOUND_BUCKET_V6(sadb, v6addr) \
313 	&(((sadb)->sdb_of)[OUTBOUND_HASH_V6(sadb, v6addr)])
314 
315 #define	IPSA_F_PFS	SADB_SAFLAGS_PFS	/* PFS in use for this SA? */
316 #define	IPSA_F_NOREPFLD	SADB_SAFLAGS_NOREPLAY	/* No replay field, for */
317 						/* backward compat. */
318 #define	IPSA_F_USED	SADB_X_SAFLAGS_USED	/* SA has been used. */
319 #define	IPSA_F_UNIQUE	SADB_X_SAFLAGS_UNIQUE	/* SA is unique */
320 #define	IPSA_F_AALG1	SADB_X_SAFLAGS_AALG1	/* Auth alg flag 1 */
321 #define	IPSA_F_AALG2	SADB_X_SAFLAGS_AALG2	/* Auth alg flag 2 */
322 #define	IPSA_F_EALG1	SADB_X_SAFLAGS_EALG1	/* Encrypt alg flag 1 */
323 #define	IPSA_F_EALG2	SADB_X_SAFLAGS_EALG2	/* Encrypt alg flag 2 */
324 
325 #define	IPSA_F_HW	0x200000		/* hwaccel capable SA */
326 #define	IPSA_F_NATT_LOC	SADB_X_SAFLAGS_NATT_LOC
327 #define	IPSA_F_NATT_REM	SADB_X_SAFLAGS_NATT_REM
328 #define	IPSA_F_NATT	(SADB_X_SAFLAGS_NATT_LOC | SADB_X_SAFLAGS_NATT_REM)
329 #define	IPSA_F_CINVALID	0x40000		/* SA shouldn't be cached */
330 #define	IPSA_F_TUNNEL	SADB_X_SAFLAGS_TUNNEL
331 
332 /* SA states are important for handling UPDATE PF_KEY messages. */
333 #define	IPSA_STATE_LARVAL	SADB_SASTATE_LARVAL
334 #define	IPSA_STATE_MATURE	SADB_SASTATE_MATURE
335 #define	IPSA_STATE_DYING	SADB_SASTATE_DYING
336 #define	IPSA_STATE_DEAD		SADB_SASTATE_DEAD
337 
338 /*
339  * NOTE:  If the document authors do things right in defining algorithms, we'll
340  *	  probably have flags for what all is here w.r.t. replay, ESP w/HMAC,
341  *	  etc.
342  */
343 
344 #define	IPSA_T_ACQUIRE	SEC_TYPE_NONE	/* If this typed returned, sa needed */
345 #define	IPSA_T_AH	SEC_TYPE_AH	/* IPsec AH association */
346 #define	IPSA_T_ESP	SEC_TYPE_ESP	/* IPsec ESP association */
347 
348 #define	IPSA_AALG_NONE	SADB_AALG_NONE		/* No auth. algorithm */
349 #define	IPSA_AALG_MD5H	SADB_AALG_MD5HMAC	/* MD5-HMAC algorithm */
350 #define	IPSA_AALG_SHA1H	SADB_AALG_SHA1HMAC	/* SHA1-HMAC algorithm */
351 
352 #define	IPSA_EALG_NONE		SADB_EALG_NONE	/* No encryption algorithm */
353 #define	IPSA_EALG_DES_CBC	SADB_EALG_DESCBC
354 #define	IPSA_EALG_3DES		SADB_EALG_3DESCBC
355 
356 /*
357  * Protect each ipsa_t bucket (and linkage) with a lock.
358  */
359 
360 typedef struct isaf_s {
361 	ipsa_t *isaf_ipsa;
362 	kmutex_t isaf_lock;
363 	uint64_t isaf_gen;
364 } isaf_t;
365 
366 /*
367  * ACQUIRE record.  If AH/ESP/whatever cannot find an association for outbound
368  * traffic, it sends up an SADB_ACQUIRE message and create an ACQUIRE record.
369  */
370 
371 #define	IPSACQ_MAXPACKETS 4	/* Number of packets that can be queued up */
372 				/* waiting for an ACQUIRE to finish. */
373 
374 typedef struct ipsacq_s {
375 	struct ipsacq_s *ipsacq_next;
376 	struct ipsacq_s **ipsacq_ptpn;
377 	kmutex_t *ipsacq_linklock;
378 	struct ipsec_policy_s  *ipsacq_policy;
379 	struct ipsec_action_s  *ipsacq_act;
380 
381 	sa_family_t ipsacq_addrfam;	/* Address family. */
382 	sa_family_t ipsacq_inneraddrfam; /* Inner-packet address family. */
383 	int ipsacq_numpackets;		/* How many packets queued up so far. */
384 	uint32_t ipsacq_seq;		/* PF_KEY sequence number. */
385 	uint64_t ipsacq_unique_id;	/* Unique ID for SAs that need it. */
386 
387 	kmutex_t ipsacq_lock;	/* Protects non-linkage fields. */
388 	time_t ipsacq_expire;	/* Wall-clock time when this record expires. */
389 	mblk_t *ipsacq_mp;	/* List of datagrams waiting for an SA. */
390 
391 	/* These two point inside the last mblk inserted. */
392 	uint32_t *ipsacq_srcaddr;
393 	uint32_t *ipsacq_dstaddr;
394 
395 	/* Cache these instead of point so we can mask off accordingly */
396 	uint32_t ipsacq_innersrc[IPSA_MAX_ADDRLEN];
397 	uint32_t ipsacq_innerdst[IPSA_MAX_ADDRLEN];
398 
399 	/* These may change per-acquire. */
400 	uint16_t ipsacq_srcport;
401 	uint16_t ipsacq_dstport;
402 	uint8_t ipsacq_proto;
403 	uint8_t ipsacq_inner_proto;
404 	uint8_t ipsacq_innersrcpfx;
405 	uint8_t ipsacq_innerdstpfx;
406 
407 	/* icmp type and code of triggering packet (if applicable) */
408 	uint8_t	ipsacq_icmp_type;
409 	uint8_t ipsacq_icmp_code;
410 } ipsacq_t;
411 
412 /*
413  * Kernel-generated sequence numbers will be no less than 0x80000000 to
414  * forestall any cretinous problems with manual keying accidentally updating
415  * an ACQUIRE entry.
416  */
417 #define	IACQF_LOWEST_SEQ 0x80000000
418 
419 #define	SADB_AGE_INTERVAL_DEFAULT 1000
420 
421 /*
422  * ACQUIRE fanout.  Protect each linkage with a lock.
423  */
424 
425 typedef struct iacqf_s {
426 	ipsacq_t *iacqf_ipsacq;
427 	kmutex_t iacqf_lock;
428 } iacqf_t;
429 
430 /*
431  * A (network protocol, ipsec protocol) specific SADB.
432  * (i.e., one each for {ah, esp} and {v4, v6}.
433  *
434  * Keep outbound assocs about the same as ire_cache entries for now.
435  * One danger point, multiple SAs for a single dest will clog a bucket.
436  * For the future, consider two-level hashing (2nd hash on IPC?), then probe.
437  */
438 
439 typedef struct sadb_s
440 {
441 	isaf_t	*sdb_of;
442 	isaf_t	*sdb_if;
443 	iacqf_t	*sdb_acq;
444 	int	sdb_hashsize;
445 } sadb_t;
446 
447 /*
448  * A pair of SADB's (one for v4, one for v6), and related state (including
449  * acquire callbacks).
450  */
451 
452 typedef struct sadbp_s
453 {
454 	uint32_t	s_satype;
455 	queue_t		*s_ip_q;
456 	uint32_t	*s_acquire_timeout;
457 	void 		(*s_acqfn)(ipsacq_t *, mblk_t *, netstack_t *);
458 	sadb_t		s_v4;
459 	sadb_t		s_v6;
460 } sadbp_t;
461 
462 /* Pointer to an all-zeroes IPv6 address. */
463 #define	ALL_ZEROES_PTR	((uint32_t *)&ipv6_all_zeros)
464 
465 /*
466  * Form unique id from ipsec_out_t
467  */
468 
469 #define	SA_FORM_UNIQUE_ID(io)				\
470 	SA_UNIQUE_ID((io)->ipsec_out_src_port, (io)->ipsec_out_dst_port, \
471 		((io)->ipsec_out_tunnel ? ((io)->ipsec_out_inaf == AF_INET6 ? \
472 		    IPPROTO_IPV6 : IPPROTO_ENCAP) : (io)->ipsec_out_proto), \
473 		((io)->ipsec_out_tunnel ? (io)->ipsec_out_proto : 0))
474 
475 /*
476  * This macro is used to generate unique ids (along with the addresses, both
477  * inner and outer) for outbound datagrams that require unique SAs.
478  *
479  * N.B. casts and unsigned shift amounts discourage unwarranted
480  * sign extension of dstport, proto, and iproto.
481  *
482  * Unique ID is 64-bits allocated as follows (pardon my big-endian bias):
483  *
484  *   6               4      43      33              11
485  *   3               7      09      21              65              0
486  *   +---------------*-------+-------+--------------+---------------+
487  *   |  MUST-BE-ZERO |<iprot>|<proto>| <src port>   |  <dest port>  |
488  *   +---------------*-------+-------+--------------+---------------+
489  *
490  * If there are inner addresses (tunnel mode) the ports come from the
491  * inner addresses.  If there are no inner addresses, the ports come from
492  * the outer addresses (transport mode).  Tunnel mode MUST have <proto>
493  * set to either IPPROTO_ENCAP or IPPPROTO_IPV6.
494  */
495 #define	SA_UNIQUE_ID(srcport, dstport, proto, iproto) 	\
496 	((srcport) | ((uint64_t)(dstport) << 16U) | \
497 	((uint64_t)(proto) << 32U) | ((uint64_t)(iproto) << 40U))
498 
499 /*
500  * SA_UNIQUE_MASK generates a mask value to use when comparing the unique value
501  * from a packet to an SA.
502  */
503 
504 #define	SA_UNIQUE_MASK(srcport, dstport, proto, iproto) 	\
505 	SA_UNIQUE_ID((srcport != 0) ? 0xffff : 0,		\
506 		    (dstport != 0) ? 0xffff : 0,		\
507 		    (proto != 0) ? 0xff : 0,			\
508 		    (iproto != 0) ? 0xff : 0)
509 
510 /*
511  * Decompose unique id back into its original fields.
512  */
513 #define	SA_IPROTO(ipsa) ((ipsa)->ipsa_unique_id>>40)&0xff
514 #define	SA_PROTO(ipsa) ((ipsa)->ipsa_unique_id>>32)&0xff
515 #define	SA_SRCPORT(ipsa) ((ipsa)->ipsa_unique_id & 0xffff)
516 #define	SA_DSTPORT(ipsa) (((ipsa)->ipsa_unique_id >> 16) & 0xffff)
517 
518 /*
519  * All functions that return an ipsa_t will return it with IPSA_REFHOLD()
520  * already called.
521  */
522 
523 /* SA retrieval (inbound and outbound) */
524 ipsa_t *ipsec_getassocbyspi(isaf_t *, uint32_t, uint32_t *, uint32_t *,
525     sa_family_t);
526 ipsa_t *ipsec_getassocbyconn(isaf_t *, ipsec_out_t *, uint32_t *, uint32_t *,
527     sa_family_t, uint8_t);
528 
529 /* SA insertion. */
530 int sadb_insertassoc(ipsa_t *, isaf_t *);
531 
532 /* SA table construction and destruction. */
533 void sadbp_init(const char *name, sadbp_t *, int, int, netstack_t *);
534 void sadbp_flush(sadbp_t *, netstack_t *);
535 void sadbp_destroy(sadbp_t *, netstack_t *);
536 
537 /* SA insertion and deletion. */
538 int sadb_insertassoc(ipsa_t *, isaf_t *);
539 void sadb_unlinkassoc(ipsa_t *);
540 
541 /* Support routines to interface a keysock consumer to PF_KEY. */
542 mblk_t *sadb_keysock_out(minor_t);
543 int sadb_hardsoftchk(sadb_lifetime_t *, sadb_lifetime_t *);
544 void sadb_pfkey_echo(queue_t *, mblk_t *, sadb_msg_t *, struct keysock_in_s *,
545     ipsa_t *);
546 void sadb_pfkey_error(queue_t *, mblk_t *, int, int, uint_t);
547 void sadb_keysock_hello(queue_t **, queue_t *, mblk_t *, void (*)(void *),
548     void *, timeout_id_t *, int);
549 int sadb_addrcheck(queue_t *, mblk_t *, sadb_ext_t *, uint_t, netstack_t *);
550 boolean_t sadb_addrfix(keysock_in_t *, queue_t *, mblk_t *, netstack_t *);
551 int sadb_addrset(ire_t *);
552 int sadb_delget_sa(mblk_t *, keysock_in_t *, sadbp_t *, int *, queue_t *,
553     boolean_t);
554 #define	sadb_get_sa(m, k, s, i, q)	sadb_delget_sa(m, k, s, i, q, B_FALSE)
555 #define	sadb_del_sa(m, k, s, i, q)	sadb_delget_sa(m, k, s, i, q, B_TRUE)
556 
557 int sadb_purge_sa(mblk_t *, keysock_in_t *, sadb_t *, queue_t *, queue_t *);
558 int sadb_common_add(queue_t *, queue_t *, mblk_t *, sadb_msg_t *,
559     keysock_in_t *, isaf_t *, isaf_t *, ipsa_t *, boolean_t, boolean_t, int *,
560     netstack_t *);
561 void sadb_set_usetime(ipsa_t *);
562 boolean_t sadb_age_bytes(queue_t *, ipsa_t *, uint64_t, boolean_t);
563 int sadb_update_sa(mblk_t *, keysock_in_t *, sadb_t *,
564     int *, queue_t *, int (*)(mblk_t *, keysock_in_t *, int *, netstack_t *),
565     netstack_t *);
566 void sadb_acquire(mblk_t *, ipsec_out_t *, boolean_t, boolean_t);
567 
568 void sadb_destroy_acquire(ipsacq_t *, netstack_t *);
569 struct ipsec_stack;
570 mblk_t *sadb_setup_acquire(ipsacq_t *, uint8_t, struct ipsec_stack *);
571 ipsa_t *sadb_getspi(keysock_in_t *, uint32_t, int *, netstack_t *);
572 void sadb_in_acquire(sadb_msg_t *, sadbp_t *, queue_t *, netstack_t *);
573 boolean_t sadb_replay_check(ipsa_t *, uint32_t);
574 boolean_t sadb_replay_peek(ipsa_t *, uint32_t);
575 int sadb_dump(queue_t *, mblk_t *, minor_t, sadb_t *);
576 void sadb_replay_delete(ipsa_t *);
577 void sadb_ager(sadb_t *, queue_t *, queue_t *, int, netstack_t *);
578 
579 timeout_id_t sadb_retimeout(hrtime_t, queue_t *, void (*)(void *), void *,
580     uint_t *, uint_t, short);
581 void sadb_sa_refrele(void *target);
582 void sadb_set_lpkt(ipsa_t *, mblk_t *, netstack_t *);
583 mblk_t *sadb_clear_lpkt(ipsa_t *);
584 
585 /*
586  * Hw accel-related calls (downloading sadb to driver)
587  */
588 void sadb_ill_download(ill_t *, uint_t);
589 mblk_t *sadb_fmt_sa_req(uint_t, uint_t, ipsa_t *, boolean_t);
590 /*
591  * Sub-set of the IPsec hardware acceleration capabilities functions
592  * implemented by ip_if.c
593  */
594 extern	boolean_t ipsec_capab_match(ill_t *, uint_t, boolean_t, ipsa_t *,
595     netstack_t *);
596 extern	void	ill_ipsec_capab_send_all(uint_t, mblk_t *, ipsa_t *,
597     netstack_t *);
598 
599 
600 /*
601  * One IPsec -> IP linking routine, and two IPsec rate-limiting routines.
602  */
603 extern boolean_t sadb_t_bind_req(queue_t *, int);
604 /*PRINTFLIKE6*/
605 extern void ipsec_rl_strlog(netstack_t *, short, short, char,
606     ushort_t, char *, ...)
607     __KPRINTFLIKE(6);
608 extern void ipsec_assocfailure(short, short, char, ushort_t, char *, uint32_t,
609     void *, int, netstack_t *);
610 
611 /*
612  * Algorithm types.
613  */
614 
615 #define	IPSEC_NALGTYPES 	2
616 
617 typedef enum ipsec_algtype {
618 	IPSEC_ALG_AUTH = 0,
619 	IPSEC_ALG_ENCR = 1
620 } ipsec_algtype_t;
621 
622 /*
623  * Definitions as per IPsec/ISAKMP DOI.
624  */
625 
626 #define	IPSEC_MAX_ALGS		256
627 #define	PROTO_IPSEC_AH		2
628 #define	PROTO_IPSEC_ESP		3
629 
630 /*
631  * Common algorithm info.
632  */
633 typedef struct ipsec_alginfo
634 {
635 	uint8_t		alg_id;
636 	uint8_t		alg_flags;
637 	uint16_t	*alg_key_sizes;
638 	uint16_t	*alg_block_sizes;
639 	uint16_t	alg_nkey_sizes;
640 	uint16_t	alg_nblock_sizes;
641 	uint16_t	alg_minbits;
642 	uint16_t	alg_maxbits;
643 	uint16_t	alg_datalen;
644 	/*
645 	 * increment: number of bits from keysize to keysize
646 	 * default: # of increments from min to default key len
647 	 */
648 	uint16_t	alg_increment;
649 	uint16_t	alg_default;
650 	uint16_t	alg_default_bits;
651 	/*
652 	 * Min, max, and default key sizes effectively supported
653 	 * by the encryption framework.
654 	 */
655 	uint16_t	alg_ef_minbits;
656 	uint16_t	alg_ef_maxbits;
657 	uint16_t	alg_ef_default;
658 	uint16_t	alg_ef_default_bits;
659 
660 	crypto_mech_type_t alg_mech_type;	/* KCF mechanism type */
661 	crypto_mech_name_t alg_mech_name;	/* KCF mechanism name */
662 } ipsec_alginfo_t;
663 
664 #define	alg_datalen alg_block_sizes[0]
665 
666 #define	ALG_FLAG_VALID	0x01
667 #define	ALG_VALID(_alg)	((_alg)->alg_flags & ALG_FLAG_VALID)
668 
669 /*
670  * Software crypto execution mode.
671  */
672 typedef enum {
673 	IPSEC_ALGS_EXEC_SYNC = 0,
674 	IPSEC_ALGS_EXEC_ASYNC = 1
675 } ipsec_algs_exec_mode_t;
676 
677 extern void ipsec_alg_reg(ipsec_algtype_t, ipsec_alginfo_t *, netstack_t *);
678 extern void ipsec_alg_unreg(ipsec_algtype_t, uint8_t, netstack_t *);
679 extern void ipsec_alg_fix_min_max(ipsec_alginfo_t *, ipsec_algtype_t,
680     netstack_t *ns);
681 extern void ipsec_alg_free(ipsec_alginfo_t *);
682 extern void ipsec_register_prov_update(void);
683 extern void sadb_alg_update(ipsec_algtype_t, uint8_t, boolean_t,
684     netstack_t *);
685 
686 /*
687  * Context templates management.
688  */
689 
690 #define	IPSEC_CTX_TMPL_ALLOC ((crypto_ctx_template_t)-1)
691 #define	IPSEC_CTX_TMPL(_sa, _which, _type, _tmpl) {			\
692 	if ((_tmpl = (_sa)->_which) == IPSEC_CTX_TMPL_ALLOC) {		\
693 		mutex_enter(&assoc->ipsa_lock);				\
694 		if ((_sa)->_which == IPSEC_CTX_TMPL_ALLOC) {		\
695 			ipsec_stack_t *ipss;				\
696 									\
697 			ipss = assoc->ipsa_netstack->netstack_ipsec;	\
698 			mutex_enter(&ipss->ipsec_alg_lock);		\
699 			(void) ipsec_create_ctx_tmpl(_sa, _type);	\
700 			mutex_exit(&ipss->ipsec_alg_lock);		\
701 		}							\
702 		mutex_exit(&assoc->ipsa_lock);				\
703 		if ((_tmpl = (_sa)->_which) == IPSEC_CTX_TMPL_ALLOC)	\
704 			_tmpl = NULL;					\
705 	}								\
706 }
707 
708 extern int ipsec_create_ctx_tmpl(ipsa_t *, ipsec_algtype_t);
709 extern void ipsec_destroy_ctx_tmpl(ipsa_t *, ipsec_algtype_t);
710 
711 /* key checking */
712 extern int ipsec_check_key(crypto_mech_type_t, sadb_key_t *, boolean_t, int *);
713 
714 typedef struct ipsec_kstats_s {
715 	kstat_named_t esp_stat_in_requests;
716 	kstat_named_t esp_stat_in_discards;
717 	kstat_named_t esp_stat_lookup_failure;
718 	kstat_named_t ah_stat_in_requests;
719 	kstat_named_t ah_stat_in_discards;
720 	kstat_named_t ah_stat_lookup_failure;
721 	kstat_named_t sadb_acquire_maxpackets;
722 	kstat_named_t sadb_acquire_qhiwater;
723 } ipsec_kstats_t;
724 
725 /*
726  * (ipss)->ipsec_kstats is equal to (ipss)->ipsec_ksp->ks_data if
727  * kstat_create_netstack for (ipss)->ipsec_ksp succeeds, but when it
728  * fails, it will be NULL. Note this is done for all stack instances,
729  * so it *could* fail. hence a non-NULL checking is done for
730  * IP_ESP_BUMP_STAT, IP_AH_BUMP_STAT and IP_ACQUIRE_STAT
731  */
732 #define	IP_ESP_BUMP_STAT(ipss, x)					\
733 do {									\
734 	if ((ipss)->ipsec_kstats != NULL)				\
735 		((ipss)->ipsec_kstats->esp_stat_ ## x).value.ui64++;	\
736 _NOTE(CONSTCOND)							\
737 } while (0)
738 
739 #define	IP_AH_BUMP_STAT(ipss, x)					\
740 do {									\
741 	if ((ipss)->ipsec_kstats != NULL)				\
742 		((ipss)->ipsec_kstats->ah_stat_ ## x).value.ui64++;	\
743 _NOTE(CONSTCOND)							\
744 } while (0)
745 
746 #define	IP_ACQUIRE_STAT(ipss, val, new)					\
747 do {									\
748 	if ((ipss)->ipsec_kstats != NULL &&				\
749 	    ((uint64_t)(new)) >						\
750 	    ((ipss)->ipsec_kstats->sadb_acquire_ ## val).value.ui64)	\
751 		((ipss)->ipsec_kstats->sadb_acquire_ ## val).value.ui64 = \
752 			((uint64_t)(new));				\
753 _NOTE(CONSTCOND)							\
754 } while (0)
755 
756 #ifdef	__cplusplus
757 }
758 #endif
759 
760 #endif /* _INET_SADB_H */
761