key.c revision 331722
1/* $FreeBSD: stable/11/sys/netipsec/key.c 331722 2018-03-29 02:50:57Z eadler $ */ 2/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 3 4/*- 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33/* 34 * This code is referd to RFC 2367 35 */ 36 37#include "opt_inet.h" 38#include "opt_inet6.h" 39#include "opt_ipsec.h" 40 41#include <sys/types.h> 42#include <sys/param.h> 43#include <sys/systm.h> 44#include <sys/kernel.h> 45#include <sys/fnv_hash.h> 46#include <sys/lock.h> 47#include <sys/mutex.h> 48#include <sys/mbuf.h> 49#include <sys/domain.h> 50#include <sys/protosw.h> 51#include <sys/malloc.h> 52#include <sys/rmlock.h> 53#include <sys/socket.h> 54#include <sys/socketvar.h> 55#include <sys/sysctl.h> 56#include <sys/errno.h> 57#include <sys/proc.h> 58#include <sys/queue.h> 59#include <sys/refcount.h> 60#include <sys/syslog.h> 61 62#include <vm/uma.h> 63 64#include <net/if.h> 65#include <net/if_var.h> 66#include <net/vnet.h> 67#include <net/raw_cb.h> 68 69#include <netinet/in.h> 70#include <netinet/in_systm.h> 71#include <netinet/ip.h> 72#include <netinet/in_var.h> 73#include <netinet/udp.h> 74 75#ifdef INET6 76#include <netinet/ip6.h> 77#include <netinet6/in6_var.h> 78#include <netinet6/ip6_var.h> 79#endif /* INET6 */ 80 81#include <net/pfkeyv2.h> 82#include <netipsec/keydb.h> 83#include <netipsec/key.h> 84#include <netipsec/keysock.h> 85#include <netipsec/key_debug.h> 86 87#include <netipsec/ipsec.h> 88#ifdef INET6 89#include <netipsec/ipsec6.h> 90#endif 91 92#include <netipsec/xform.h> 93#include <machine/in_cksum.h> 94#include <machine/stdarg.h> 95 96/* randomness */ 97#include <sys/random.h> 98 99#define FULLMASK 0xff 100#define _BITS(bytes) ((bytes) << 3) 101 102/* 103 * Note on SA reference counting: 104 * - SAs that are not in DEAD state will have (total external reference + 1) 105 * following value in reference count field. they cannot be freed and are 106 * referenced from SA header. 107 * - SAs that are in DEAD state will have (total external reference) 108 * in reference count field. they are ready to be freed. reference from 109 * SA header will be removed in key_delsav(), when the reference count 110 * field hits 0 (= no external reference other than from SA header. 111 */ 112 113VNET_DEFINE(u_int32_t, key_debug_level) = 0; 114static VNET_DEFINE(u_int, key_spi_trycnt) = 1000; 115static VNET_DEFINE(u_int32_t, key_spi_minval) = 0x100; 116static VNET_DEFINE(u_int32_t, key_spi_maxval) = 0x0fffffff; /* XXX */ 117static VNET_DEFINE(u_int32_t, policy_id) = 0; 118/*interval to initialize randseed,1(m)*/ 119static VNET_DEFINE(u_int, key_int_random) = 60; 120/* interval to expire acquiring, 30(s)*/ 121static VNET_DEFINE(u_int, key_larval_lifetime) = 30; 122/* counter for blocking SADB_ACQUIRE.*/ 123static VNET_DEFINE(int, key_blockacq_count) = 10; 124/* lifetime for blocking SADB_ACQUIRE.*/ 125static VNET_DEFINE(int, key_blockacq_lifetime) = 20; 126/* preferred old sa rather than new sa.*/ 127static VNET_DEFINE(int, key_preferred_oldsa) = 1; 128#define V_key_spi_trycnt VNET(key_spi_trycnt) 129#define V_key_spi_minval VNET(key_spi_minval) 130#define V_key_spi_maxval VNET(key_spi_maxval) 131#define V_policy_id VNET(policy_id) 132#define V_key_int_random VNET(key_int_random) 133#define V_key_larval_lifetime VNET(key_larval_lifetime) 134#define V_key_blockacq_count VNET(key_blockacq_count) 135#define V_key_blockacq_lifetime VNET(key_blockacq_lifetime) 136#define V_key_preferred_oldsa VNET(key_preferred_oldsa) 137 138static VNET_DEFINE(u_int32_t, acq_seq) = 0; 139#define V_acq_seq VNET(acq_seq) 140 141static VNET_DEFINE(uint32_t, sp_genid) = 0; 142#define V_sp_genid VNET(sp_genid) 143 144/* SPD */ 145TAILQ_HEAD(secpolicy_queue, secpolicy); 146LIST_HEAD(secpolicy_list, secpolicy); 147static VNET_DEFINE(struct secpolicy_queue, sptree[IPSEC_DIR_MAX]); 148static VNET_DEFINE(struct secpolicy_queue, sptree_ifnet[IPSEC_DIR_MAX]); 149static struct rmlock sptree_lock; 150#define V_sptree VNET(sptree) 151#define V_sptree_ifnet VNET(sptree_ifnet) 152#define SPTREE_LOCK_INIT() rm_init(&sptree_lock, "sptree") 153#define SPTREE_LOCK_DESTROY() rm_destroy(&sptree_lock) 154#define SPTREE_RLOCK_TRACKER struct rm_priotracker sptree_tracker 155#define SPTREE_RLOCK() rm_rlock(&sptree_lock, &sptree_tracker) 156#define SPTREE_RUNLOCK() rm_runlock(&sptree_lock, &sptree_tracker) 157#define SPTREE_RLOCK_ASSERT() rm_assert(&sptree_lock, RA_RLOCKED) 158#define SPTREE_WLOCK() rm_wlock(&sptree_lock) 159#define SPTREE_WUNLOCK() rm_wunlock(&sptree_lock) 160#define SPTREE_WLOCK_ASSERT() rm_assert(&sptree_lock, RA_WLOCKED) 161#define SPTREE_UNLOCK_ASSERT() rm_assert(&sptree_lock, RA_UNLOCKED) 162 163/* Hash table for lookup SP using unique id */ 164static VNET_DEFINE(struct secpolicy_list *, sphashtbl); 165static VNET_DEFINE(u_long, sphash_mask); 166#define V_sphashtbl VNET(sphashtbl) 167#define V_sphash_mask VNET(sphash_mask) 168 169#define SPHASH_NHASH_LOG2 7 170#define SPHASH_NHASH (1 << SPHASH_NHASH_LOG2) 171#define SPHASH_HASHVAL(id) (key_u32hash(id) & V_sphash_mask) 172#define SPHASH_HASH(id) &V_sphashtbl[SPHASH_HASHVAL(id)] 173 174/* SAD */ 175TAILQ_HEAD(secashead_queue, secashead); 176LIST_HEAD(secashead_list, secashead); 177static VNET_DEFINE(struct secashead_queue, sahtree); 178static struct rmlock sahtree_lock; 179#define V_sahtree VNET(sahtree) 180#define SAHTREE_LOCK_INIT() rm_init(&sahtree_lock, "sahtree") 181#define SAHTREE_LOCK_DESTROY() rm_destroy(&sahtree_lock) 182#define SAHTREE_RLOCK_TRACKER struct rm_priotracker sahtree_tracker 183#define SAHTREE_RLOCK() rm_rlock(&sahtree_lock, &sahtree_tracker) 184#define SAHTREE_RUNLOCK() rm_runlock(&sahtree_lock, &sahtree_tracker) 185#define SAHTREE_RLOCK_ASSERT() rm_assert(&sahtree_lock, RA_RLOCKED) 186#define SAHTREE_WLOCK() rm_wlock(&sahtree_lock) 187#define SAHTREE_WUNLOCK() rm_wunlock(&sahtree_lock) 188#define SAHTREE_WLOCK_ASSERT() rm_assert(&sahtree_lock, RA_WLOCKED) 189#define SAHTREE_UNLOCK_ASSERT() rm_assert(&sahtree_lock, RA_UNLOCKED) 190 191/* Hash table for lookup in SAD using SA addresses */ 192static VNET_DEFINE(struct secashead_list *, sahaddrhashtbl); 193static VNET_DEFINE(u_long, sahaddrhash_mask); 194#define V_sahaddrhashtbl VNET(sahaddrhashtbl) 195#define V_sahaddrhash_mask VNET(sahaddrhash_mask) 196 197#define SAHHASH_NHASH_LOG2 7 198#define SAHHASH_NHASH (1 << SAHHASH_NHASH_LOG2) 199#define SAHADDRHASH_HASHVAL(saidx) \ 200 (key_saidxhash(saidx) & V_sahaddrhash_mask) 201#define SAHADDRHASH_HASH(saidx) \ 202 &V_sahaddrhashtbl[SAHADDRHASH_HASHVAL(saidx)] 203 204/* Hash table for lookup in SAD using SPI */ 205LIST_HEAD(secasvar_list, secasvar); 206static VNET_DEFINE(struct secasvar_list *, savhashtbl); 207static VNET_DEFINE(u_long, savhash_mask); 208#define V_savhashtbl VNET(savhashtbl) 209#define V_savhash_mask VNET(savhash_mask) 210#define SAVHASH_NHASH_LOG2 7 211#define SAVHASH_NHASH (1 << SAVHASH_NHASH_LOG2) 212#define SAVHASH_HASHVAL(spi) (key_u32hash(spi) & V_savhash_mask) 213#define SAVHASH_HASH(spi) &V_savhashtbl[SAVHASH_HASHVAL(spi)] 214 215static uint32_t 216key_saidxhash(const struct secasindex *saidx) 217{ 218 uint32_t hval; 219 220 hval = fnv_32_buf(&saidx->proto, sizeof(saidx->proto), 221 FNV1_32_INIT); 222 switch (saidx->dst.sa.sa_family) { 223#ifdef INET 224 case AF_INET: 225 hval = fnv_32_buf(&saidx->src.sin.sin_addr, 226 sizeof(in_addr_t), hval); 227 hval = fnv_32_buf(&saidx->dst.sin.sin_addr, 228 sizeof(in_addr_t), hval); 229 break; 230#endif 231#ifdef INET6 232 case AF_INET6: 233 hval = fnv_32_buf(&saidx->src.sin6.sin6_addr, 234 sizeof(struct in6_addr), hval); 235 hval = fnv_32_buf(&saidx->dst.sin6.sin6_addr, 236 sizeof(struct in6_addr), hval); 237 break; 238#endif 239 default: 240 hval = 0; 241 ipseclog((LOG_DEBUG, "%s: unknown address family %d", 242 __func__, saidx->dst.sa.sa_family)); 243 } 244 return (hval); 245} 246 247static uint32_t 248key_u32hash(uint32_t val) 249{ 250 251 return (fnv_32_buf(&val, sizeof(val), FNV1_32_INIT)); 252} 253 254 /* registed list */ 255static VNET_DEFINE(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]); 256#define V_regtree VNET(regtree) 257static struct mtx regtree_lock; 258#define REGTREE_LOCK_INIT() \ 259 mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF) 260#define REGTREE_LOCK_DESTROY() mtx_destroy(®tree_lock) 261#define REGTREE_LOCK() mtx_lock(®tree_lock) 262#define REGTREE_UNLOCK() mtx_unlock(®tree_lock) 263#define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED) 264 265/* Acquiring list */ 266LIST_HEAD(secacq_list, secacq); 267static VNET_DEFINE(struct secacq_list, acqtree); 268#define V_acqtree VNET(acqtree) 269static struct mtx acq_lock; 270#define ACQ_LOCK_INIT() \ 271 mtx_init(&acq_lock, "acqtree", "ipsec SA acquiring list", MTX_DEF) 272#define ACQ_LOCK_DESTROY() mtx_destroy(&acq_lock) 273#define ACQ_LOCK() mtx_lock(&acq_lock) 274#define ACQ_UNLOCK() mtx_unlock(&acq_lock) 275#define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED) 276 277/* Hash table for lookup in ACQ list using SA addresses */ 278static VNET_DEFINE(struct secacq_list *, acqaddrhashtbl); 279static VNET_DEFINE(u_long, acqaddrhash_mask); 280#define V_acqaddrhashtbl VNET(acqaddrhashtbl) 281#define V_acqaddrhash_mask VNET(acqaddrhash_mask) 282 283/* Hash table for lookup in ACQ list using SEQ number */ 284static VNET_DEFINE(struct secacq_list *, acqseqhashtbl); 285static VNET_DEFINE(u_long, acqseqhash_mask); 286#define V_acqseqhashtbl VNET(acqseqhashtbl) 287#define V_acqseqhash_mask VNET(acqseqhash_mask) 288 289#define ACQHASH_NHASH_LOG2 7 290#define ACQHASH_NHASH (1 << ACQHASH_NHASH_LOG2) 291#define ACQADDRHASH_HASHVAL(saidx) \ 292 (key_saidxhash(saidx) & V_acqaddrhash_mask) 293#define ACQSEQHASH_HASHVAL(seq) \ 294 (key_u32hash(seq) & V_acqseqhash_mask) 295#define ACQADDRHASH_HASH(saidx) \ 296 &V_acqaddrhashtbl[ACQADDRHASH_HASHVAL(saidx)] 297#define ACQSEQHASH_HASH(seq) \ 298 &V_acqseqhashtbl[ACQSEQHASH_HASHVAL(seq)] 299 /* SP acquiring list */ 300static VNET_DEFINE(LIST_HEAD(_spacqtree, secspacq), spacqtree); 301#define V_spacqtree VNET(spacqtree) 302static struct mtx spacq_lock; 303#define SPACQ_LOCK_INIT() \ 304 mtx_init(&spacq_lock, "spacqtree", \ 305 "fast ipsec security policy acquire list", MTX_DEF) 306#define SPACQ_LOCK_DESTROY() mtx_destroy(&spacq_lock) 307#define SPACQ_LOCK() mtx_lock(&spacq_lock) 308#define SPACQ_UNLOCK() mtx_unlock(&spacq_lock) 309#define SPACQ_LOCK_ASSERT() mtx_assert(&spacq_lock, MA_OWNED) 310 311static const int minsize[] = { 312 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 313 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 314 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 315 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 316 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 317 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */ 318 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */ 319 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */ 320 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */ 321 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */ 322 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */ 323 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */ 324 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */ 325 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */ 326 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */ 327 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */ 328 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 329 0, /* SADB_X_EXT_KMPRIVATE */ 330 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */ 331 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 332 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 333 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 334 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 335 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAI */ 336 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAR */ 337 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 338 sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */ 339 sizeof(struct sadb_address), /* SADB_X_EXT_NEW_ADDRESS_SRC */ 340 sizeof(struct sadb_address), /* SADB_X_EXT_NEW_ADDRESS_DST */ 341}; 342_Static_assert(sizeof(minsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch"); 343 344static const int maxsize[] = { 345 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 346 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 347 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 348 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 349 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 350 0, /* SADB_EXT_ADDRESS_SRC */ 351 0, /* SADB_EXT_ADDRESS_DST */ 352 0, /* SADB_EXT_ADDRESS_PROXY */ 353 0, /* SADB_EXT_KEY_AUTH */ 354 0, /* SADB_EXT_KEY_ENCRYPT */ 355 0, /* SADB_EXT_IDENTITY_SRC */ 356 0, /* SADB_EXT_IDENTITY_DST */ 357 0, /* SADB_EXT_SENSITIVITY */ 358 0, /* SADB_EXT_PROPOSAL */ 359 0, /* SADB_EXT_SUPPORTED_AUTH */ 360 0, /* SADB_EXT_SUPPORTED_ENCRYPT */ 361 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 362 0, /* SADB_X_EXT_KMPRIVATE */ 363 0, /* SADB_X_EXT_POLICY */ 364 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 365 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 366 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 367 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 368 0, /* SADB_X_EXT_NAT_T_OAI */ 369 0, /* SADB_X_EXT_NAT_T_OAR */ 370 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 371 sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */ 372 0, /* SADB_X_EXT_NEW_ADDRESS_SRC */ 373 0, /* SADB_X_EXT_NEW_ADDRESS_DST */ 374}; 375_Static_assert(sizeof(maxsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch"); 376 377/* 378 * Internal values for SA flags: 379 * SADB_X_EXT_F_CLONED means that SA was cloned by key_updateaddresses, 380 * thus we will not free the most of SA content in key_delsav(). 381 */ 382#define SADB_X_EXT_F_CLONED 0x80000000 383 384#define SADB_CHECKLEN(_mhp, _ext) \ 385 ((_mhp)->extlen[(_ext)] < minsize[(_ext)] || (maxsize[(_ext)] != 0 && \ 386 ((_mhp)->extlen[(_ext)] > maxsize[(_ext)]))) 387#define SADB_CHECKHDR(_mhp, _ext) ((_mhp)->ext[(_ext)] == NULL) 388 389static VNET_DEFINE(int, ipsec_esp_keymin) = 256; 390static VNET_DEFINE(int, ipsec_esp_auth) = 0; 391static VNET_DEFINE(int, ipsec_ah_keymin) = 128; 392 393#define V_ipsec_esp_keymin VNET(ipsec_esp_keymin) 394#define V_ipsec_esp_auth VNET(ipsec_esp_auth) 395#define V_ipsec_ah_keymin VNET(ipsec_ah_keymin) 396 397#ifdef IPSEC_DEBUG 398VNET_DEFINE(int, ipsec_debug) = 1; 399#else 400VNET_DEFINE(int, ipsec_debug) = 0; 401#endif 402 403#ifdef INET 404SYSCTL_DECL(_net_inet_ipsec); 405SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, debug, 406 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 407 "Enable IPsec debugging output when set."); 408#endif 409#ifdef INET6 410SYSCTL_DECL(_net_inet6_ipsec6); 411SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, debug, 412 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 413 "Enable IPsec debugging output when set."); 414#endif 415 416SYSCTL_DECL(_net_key); 417SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, 418 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, ""); 419 420/* max count of trial for the decision of spi value */ 421SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, 422 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, ""); 423 424/* minimum spi value to allocate automatically. */ 425SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, 426 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, ""); 427 428/* maximun spi value to allocate automatically. */ 429SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, 430 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, ""); 431 432/* interval to initialize randseed */ 433SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, 434 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_int_random), 0, ""); 435 436/* lifetime for larval SA */ 437SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, 438 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, ""); 439 440/* counter for blocking to send SADB_ACQUIRE to IKEd */ 441SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, 442 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, ""); 443 444/* lifetime for blocking to send SADB_ACQUIRE to IKEd */ 445SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, 446 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, ""); 447 448/* ESP auth */ 449SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, 450 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, ""); 451 452/* minimum ESP key length */ 453SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, 454 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, ""); 455 456/* minimum AH key length */ 457SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, 458 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, ""); 459 460/* perfered old SA rather than new SA */ 461SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, 462 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, ""); 463 464#define __LIST_CHAINED(elm) \ 465 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) 466 467MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association"); 468MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head"); 469MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy"); 470MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request"); 471MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous"); 472MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire"); 473MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire"); 474 475static VNET_DEFINE(uma_zone_t, key_lft_zone); 476#define V_key_lft_zone VNET(key_lft_zone) 477 478static LIST_HEAD(xforms_list, xformsw) xforms = LIST_HEAD_INITIALIZER(); 479static struct mtx xforms_lock; 480#define XFORMS_LOCK_INIT() \ 481 mtx_init(&xforms_lock, "xforms_list", "IPsec transforms list", MTX_DEF) 482#define XFORMS_LOCK_DESTROY() mtx_destroy(&xforms_lock) 483#define XFORMS_LOCK() mtx_lock(&xforms_lock) 484#define XFORMS_UNLOCK() mtx_unlock(&xforms_lock) 485 486/* 487 * set parameters into secpolicyindex buffer. 488 * Must allocate secpolicyindex buffer passed to this function. 489 */ 490#define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \ 491do { \ 492 bzero((idx), sizeof(struct secpolicyindex)); \ 493 (idx)->dir = (_dir); \ 494 (idx)->prefs = (ps); \ 495 (idx)->prefd = (pd); \ 496 (idx)->ul_proto = (ulp); \ 497 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 498 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 499} while (0) 500 501/* 502 * set parameters into secasindex buffer. 503 * Must allocate secasindex buffer before calling this function. 504 */ 505#define KEY_SETSECASIDX(p, m, r, s, d, idx) \ 506do { \ 507 bzero((idx), sizeof(struct secasindex)); \ 508 (idx)->proto = (p); \ 509 (idx)->mode = (m); \ 510 (idx)->reqid = (r); \ 511 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 512 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 513 key_porttosaddr(&(idx)->src.sa, 0); \ 514 key_porttosaddr(&(idx)->dst.sa, 0); \ 515} while (0) 516 517/* key statistics */ 518struct _keystat { 519 u_long getspi_count; /* the avarage of count to try to get new SPI */ 520} keystat; 521 522struct sadb_msghdr { 523 struct sadb_msg *msg; 524 struct sadb_ext *ext[SADB_EXT_MAX + 1]; 525 int extoff[SADB_EXT_MAX + 1]; 526 int extlen[SADB_EXT_MAX + 1]; 527}; 528 529static struct supported_ealgs { 530 int sadb_alg; 531 const struct enc_xform *xform; 532} supported_ealgs[] = { 533 { SADB_EALG_DESCBC, &enc_xform_des }, 534 { SADB_EALG_3DESCBC, &enc_xform_3des }, 535 { SADB_X_EALG_AES, &enc_xform_rijndael128 }, 536 { SADB_X_EALG_BLOWFISHCBC, &enc_xform_blf }, 537 { SADB_X_EALG_CAST128CBC, &enc_xform_cast5 }, 538 { SADB_EALG_NULL, &enc_xform_null }, 539 { SADB_X_EALG_CAMELLIACBC, &enc_xform_camellia }, 540 { SADB_X_EALG_AESCTR, &enc_xform_aes_icm }, 541 { SADB_X_EALG_AESGCM16, &enc_xform_aes_nist_gcm }, 542 { SADB_X_EALG_AESGMAC, &enc_xform_aes_nist_gmac }, 543}; 544 545static struct supported_aalgs { 546 int sadb_alg; 547 const struct auth_hash *xform; 548} supported_aalgs[] = { 549 { SADB_X_AALG_NULL, &auth_hash_null }, 550 { SADB_AALG_MD5HMAC, &auth_hash_hmac_md5 }, 551 { SADB_AALG_SHA1HMAC, &auth_hash_hmac_sha1 }, 552 { SADB_X_AALG_RIPEMD160HMAC, &auth_hash_hmac_ripemd_160 }, 553 { SADB_X_AALG_MD5, &auth_hash_key_md5 }, 554 { SADB_X_AALG_SHA, &auth_hash_key_sha1 }, 555 { SADB_X_AALG_SHA2_256, &auth_hash_hmac_sha2_256 }, 556 { SADB_X_AALG_SHA2_384, &auth_hash_hmac_sha2_384 }, 557 { SADB_X_AALG_SHA2_512, &auth_hash_hmac_sha2_512 }, 558 { SADB_X_AALG_AES128GMAC, &auth_hash_nist_gmac_aes_128 }, 559 { SADB_X_AALG_AES192GMAC, &auth_hash_nist_gmac_aes_192 }, 560 { SADB_X_AALG_AES256GMAC, &auth_hash_nist_gmac_aes_256 }, 561}; 562 563static struct supported_calgs { 564 int sadb_alg; 565 const struct comp_algo *xform; 566} supported_calgs[] = { 567 { SADB_X_CALG_DEFLATE, &comp_algo_deflate }, 568}; 569 570#ifndef IPSEC_DEBUG2 571static struct callout key_timer; 572#endif 573 574static void key_unlink(struct secpolicy *); 575static struct secpolicy *key_getsp(struct secpolicyindex *); 576static struct secpolicy *key_getspbyid(u_int32_t); 577static struct mbuf *key_gather_mbuf(struct mbuf *, 578 const struct sadb_msghdr *, int, int, ...); 579static int key_spdadd(struct socket *, struct mbuf *, 580 const struct sadb_msghdr *); 581static uint32_t key_getnewspid(void); 582static int key_spddelete(struct socket *, struct mbuf *, 583 const struct sadb_msghdr *); 584static int key_spddelete2(struct socket *, struct mbuf *, 585 const struct sadb_msghdr *); 586static int key_spdget(struct socket *, struct mbuf *, 587 const struct sadb_msghdr *); 588static int key_spdflush(struct socket *, struct mbuf *, 589 const struct sadb_msghdr *); 590static int key_spddump(struct socket *, struct mbuf *, 591 const struct sadb_msghdr *); 592static struct mbuf *key_setdumpsp(struct secpolicy *, 593 u_int8_t, u_int32_t, u_int32_t); 594static struct mbuf *key_sp2mbuf(struct secpolicy *); 595static size_t key_getspreqmsglen(struct secpolicy *); 596static int key_spdexpire(struct secpolicy *); 597static struct secashead *key_newsah(struct secasindex *); 598static void key_freesah(struct secashead **); 599static void key_delsah(struct secashead *); 600static struct secasvar *key_newsav(const struct sadb_msghdr *, 601 struct secasindex *, uint32_t, int *); 602static void key_delsav(struct secasvar *); 603static void key_unlinksav(struct secasvar *); 604static struct secashead *key_getsah(struct secasindex *); 605static int key_checkspidup(uint32_t); 606static struct secasvar *key_getsavbyspi(uint32_t); 607static int key_setnatt(struct secasvar *, const struct sadb_msghdr *); 608static int key_setsaval(struct secasvar *, const struct sadb_msghdr *); 609static int key_updatelifetimes(struct secasvar *, const struct sadb_msghdr *); 610static int key_updateaddresses(struct socket *, struct mbuf *, 611 const struct sadb_msghdr *, struct secasvar *, struct secasindex *); 612 613static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t, 614 u_int8_t, u_int32_t, u_int32_t); 615static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t, 616 u_int32_t, pid_t, u_int16_t); 617static struct mbuf *key_setsadbsa(struct secasvar *); 618static struct mbuf *key_setsadbaddr(u_int16_t, 619 const struct sockaddr *, u_int8_t, u_int16_t); 620static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t); 621static struct mbuf *key_setsadbxtype(u_int16_t); 622static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t); 623static struct mbuf *key_setsadbxsareplay(u_int32_t); 624static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t, 625 u_int32_t, u_int32_t); 626static struct seckey *key_dup_keymsg(const struct sadb_key *, size_t, 627 struct malloc_type *); 628static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src, 629 struct malloc_type *); 630 631/* flags for key_cmpsaidx() */ 632#define CMP_HEAD 1 /* protocol, addresses. */ 633#define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */ 634#define CMP_REQID 3 /* additionally HEAD, reaid. */ 635#define CMP_EXACTLY 4 /* all elements. */ 636static int key_cmpsaidx(const struct secasindex *, 637 const struct secasindex *, int); 638static int key_cmpspidx_exactly(struct secpolicyindex *, 639 struct secpolicyindex *); 640static int key_cmpspidx_withmask(struct secpolicyindex *, 641 struct secpolicyindex *); 642static int key_bbcmp(const void *, const void *, u_int); 643static uint8_t key_satype2proto(uint8_t); 644static uint8_t key_proto2satype(uint8_t); 645 646static int key_getspi(struct socket *, struct mbuf *, 647 const struct sadb_msghdr *); 648static uint32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *); 649static int key_update(struct socket *, struct mbuf *, 650 const struct sadb_msghdr *); 651static int key_add(struct socket *, struct mbuf *, 652 const struct sadb_msghdr *); 653static int key_setident(struct secashead *, const struct sadb_msghdr *); 654static struct mbuf *key_getmsgbuf_x1(struct mbuf *, 655 const struct sadb_msghdr *); 656static int key_delete(struct socket *, struct mbuf *, 657 const struct sadb_msghdr *); 658static int key_delete_all(struct socket *, struct mbuf *, 659 const struct sadb_msghdr *, struct secasindex *); 660static void key_delete_xform(const struct xformsw *); 661static int key_get(struct socket *, struct mbuf *, 662 const struct sadb_msghdr *); 663 664static void key_getcomb_setlifetime(struct sadb_comb *); 665static struct mbuf *key_getcomb_ealg(void); 666static struct mbuf *key_getcomb_ah(void); 667static struct mbuf *key_getcomb_ipcomp(void); 668static struct mbuf *key_getprop(const struct secasindex *); 669 670static int key_acquire(const struct secasindex *, struct secpolicy *); 671static uint32_t key_newacq(const struct secasindex *, int *); 672static uint32_t key_getacq(const struct secasindex *, int *); 673static int key_acqdone(const struct secasindex *, uint32_t); 674static int key_acqreset(uint32_t); 675static struct secspacq *key_newspacq(struct secpolicyindex *); 676static struct secspacq *key_getspacq(struct secpolicyindex *); 677static int key_acquire2(struct socket *, struct mbuf *, 678 const struct sadb_msghdr *); 679static int key_register(struct socket *, struct mbuf *, 680 const struct sadb_msghdr *); 681static int key_expire(struct secasvar *, int); 682static int key_flush(struct socket *, struct mbuf *, 683 const struct sadb_msghdr *); 684static int key_dump(struct socket *, struct mbuf *, 685 const struct sadb_msghdr *); 686static int key_promisc(struct socket *, struct mbuf *, 687 const struct sadb_msghdr *); 688static int key_senderror(struct socket *, struct mbuf *, int); 689static int key_validate_ext(const struct sadb_ext *, int); 690static int key_align(struct mbuf *, struct sadb_msghdr *); 691static struct mbuf *key_setlifetime(struct seclifetime *, uint16_t); 692static struct mbuf *key_setkey(struct seckey *, uint16_t); 693static int xform_init(struct secasvar *, u_short); 694 695#define DBG_IPSEC_INITREF(t, p) do { \ 696 refcount_init(&(p)->refcnt, 1); \ 697 KEYDBG(KEY_STAMP, \ 698 printf("%s: Initialize refcnt %s(%p) = %u\n", \ 699 __func__, #t, (p), (p)->refcnt)); \ 700} while (0) 701#define DBG_IPSEC_ADDREF(t, p) do { \ 702 refcount_acquire(&(p)->refcnt); \ 703 KEYDBG(KEY_STAMP, \ 704 printf("%s: Acquire refcnt %s(%p) -> %u\n", \ 705 __func__, #t, (p), (p)->refcnt)); \ 706} while (0) 707#define DBG_IPSEC_DELREF(t, p) do { \ 708 KEYDBG(KEY_STAMP, \ 709 printf("%s: Release refcnt %s(%p) -> %u\n", \ 710 __func__, #t, (p), (p)->refcnt - 1)); \ 711 refcount_release(&(p)->refcnt); \ 712} while (0) 713 714#define IPSEC_INITREF(t, p) refcount_init(&(p)->refcnt, 1) 715#define IPSEC_ADDREF(t, p) refcount_acquire(&(p)->refcnt) 716#define IPSEC_DELREF(t, p) refcount_release(&(p)->refcnt) 717 718#define SP_INITREF(p) IPSEC_INITREF(SP, p) 719#define SP_ADDREF(p) IPSEC_ADDREF(SP, p) 720#define SP_DELREF(p) IPSEC_DELREF(SP, p) 721 722#define SAH_INITREF(p) IPSEC_INITREF(SAH, p) 723#define SAH_ADDREF(p) IPSEC_ADDREF(SAH, p) 724#define SAH_DELREF(p) IPSEC_DELREF(SAH, p) 725 726#define SAV_INITREF(p) IPSEC_INITREF(SAV, p) 727#define SAV_ADDREF(p) IPSEC_ADDREF(SAV, p) 728#define SAV_DELREF(p) IPSEC_DELREF(SAV, p) 729 730/* 731 * Update the refcnt while holding the SPTREE lock. 732 */ 733void 734key_addref(struct secpolicy *sp) 735{ 736 737 SP_ADDREF(sp); 738} 739 740/* 741 * Return 0 when there are known to be no SP's for the specified 742 * direction. Otherwise return 1. This is used by IPsec code 743 * to optimize performance. 744 */ 745int 746key_havesp(u_int dir) 747{ 748 749 return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ? 750 TAILQ_FIRST(&V_sptree[dir]) != NULL : 1); 751} 752 753/* %%% IPsec policy management */ 754/* 755 * Return current SPDB generation. 756 */ 757uint32_t 758key_getspgen(void) 759{ 760 761 return (V_sp_genid); 762} 763 764void 765key_bumpspgen(void) 766{ 767 768 V_sp_genid++; 769} 770 771static int 772key_checksockaddrs(struct sockaddr *src, struct sockaddr *dst) 773{ 774 775 /* family match */ 776 if (src->sa_family != dst->sa_family) 777 return (EINVAL); 778 /* sa_len match */ 779 if (src->sa_len != dst->sa_len) 780 return (EINVAL); 781 switch (src->sa_family) { 782#ifdef INET 783 case AF_INET: 784 if (src->sa_len != sizeof(struct sockaddr_in)) 785 return (EINVAL); 786 break; 787#endif 788#ifdef INET6 789 case AF_INET6: 790 if (src->sa_len != sizeof(struct sockaddr_in6)) 791 return (EINVAL); 792 break; 793#endif 794 default: 795 return (EAFNOSUPPORT); 796 } 797 return (0); 798} 799 800/* 801 * allocating a SP for OUTBOUND or INBOUND packet. 802 * Must call key_freesp() later. 803 * OUT: NULL: not found 804 * others: found and return the pointer. 805 */ 806struct secpolicy * 807key_allocsp(struct secpolicyindex *spidx, u_int dir) 808{ 809 SPTREE_RLOCK_TRACKER; 810 struct secpolicy *sp; 811 812 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 813 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 814 ("invalid direction %u", dir)); 815 816 SPTREE_RLOCK(); 817 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 818 if (key_cmpspidx_withmask(&sp->spidx, spidx)) { 819 SP_ADDREF(sp); 820 break; 821 } 822 } 823 SPTREE_RUNLOCK(); 824 825 if (sp != NULL) { /* found a SPD entry */ 826 sp->lastused = time_second; 827 KEYDBG(IPSEC_STAMP, 828 printf("%s: return SP(%p)\n", __func__, sp)); 829 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 830 } else { 831 KEYDBG(IPSEC_DATA, 832 printf("%s: lookup failed for ", __func__); 833 kdebug_secpolicyindex(spidx, NULL)); 834 } 835 return (sp); 836} 837 838/* 839 * Allocating an SA entry for an *INBOUND* or *OUTBOUND* TCP packet, signed 840 * or should be signed by MD5 signature. 841 * We don't use key_allocsa() for such lookups, because we don't know SPI. 842 * Unlike ESP and AH protocols, SPI isn't transmitted in the TCP header with 843 * signed packet. We use SADB only as storage for password. 844 * OUT: positive: corresponding SA for given saidx found. 845 * NULL: SA not found 846 */ 847struct secasvar * 848key_allocsa_tcpmd5(struct secasindex *saidx) 849{ 850 SAHTREE_RLOCK_TRACKER; 851 struct secashead *sah; 852 struct secasvar *sav; 853 854 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, 855 ("unexpected security protocol %u", saidx->proto)); 856 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TCPMD5, 857 ("unexpected mode %u", saidx->mode)); 858 859 SAHTREE_RLOCK(); 860 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 861 KEYDBG(IPSEC_DUMP, 862 printf("%s: checking SAH\n", __func__); 863 kdebug_secash(sah, " ")); 864 if (sah->saidx.proto != IPPROTO_TCP) 865 continue; 866 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 867 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 868 break; 869 } 870 if (sah != NULL) { 871 if (V_key_preferred_oldsa) 872 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 873 else 874 sav = TAILQ_FIRST(&sah->savtree_alive); 875 if (sav != NULL) 876 SAV_ADDREF(sav); 877 } else 878 sav = NULL; 879 SAHTREE_RUNLOCK(); 880 881 if (sav != NULL) { 882 KEYDBG(IPSEC_STAMP, 883 printf("%s: return SA(%p)\n", __func__, sav)); 884 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 885 } else { 886 KEYDBG(IPSEC_STAMP, 887 printf("%s: SA not found\n", __func__)); 888 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 889 } 890 return (sav); 891} 892 893/* 894 * Allocating an SA entry for an *OUTBOUND* packet. 895 * OUT: positive: corresponding SA for given saidx found. 896 * NULL: SA not found, but will be acquired, check *error 897 * for acquiring status. 898 */ 899struct secasvar * 900key_allocsa_policy(struct secpolicy *sp, const struct secasindex *saidx, 901 int *error) 902{ 903 SAHTREE_RLOCK_TRACKER; 904 struct secashead *sah; 905 struct secasvar *sav; 906 907 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 908 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || 909 saidx->mode == IPSEC_MODE_TUNNEL, 910 ("unexpected policy %u", saidx->mode)); 911 912 /* 913 * We check new SA in the IPsec request because a different 914 * SA may be involved each time this request is checked, either 915 * because new SAs are being configured, or this request is 916 * associated with an unconnected datagram socket, or this request 917 * is associated with a system default policy. 918 */ 919 SAHTREE_RLOCK(); 920 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 921 KEYDBG(IPSEC_DUMP, 922 printf("%s: checking SAH\n", __func__); 923 kdebug_secash(sah, " ")); 924 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) 925 break; 926 927 } 928 if (sah != NULL) { 929 /* 930 * Allocate the oldest SA available according to 931 * draft-jenkins-ipsec-rekeying-03. 932 */ 933 if (V_key_preferred_oldsa) 934 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 935 else 936 sav = TAILQ_FIRST(&sah->savtree_alive); 937 if (sav != NULL) 938 SAV_ADDREF(sav); 939 } else 940 sav = NULL; 941 SAHTREE_RUNLOCK(); 942 943 if (sav != NULL) { 944 *error = 0; 945 KEYDBG(IPSEC_STAMP, 946 printf("%s: chosen SA(%p) for SP(%p)\n", __func__, 947 sav, sp)); 948 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 949 return (sav); /* return referenced SA */ 950 } 951 952 /* there is no SA */ 953 *error = key_acquire(saidx, sp); 954 if ((*error) != 0) 955 ipseclog((LOG_DEBUG, 956 "%s: error %d returned from key_acquire()\n", 957 __func__, *error)); 958 KEYDBG(IPSEC_STAMP, 959 printf("%s: acquire SA for SP(%p), error %d\n", 960 __func__, sp, *error)); 961 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 962 return (NULL); 963} 964 965/* 966 * allocating a usable SA entry for a *INBOUND* packet. 967 * Must call key_freesav() later. 968 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state). 969 * NULL: not found, or error occurred. 970 * 971 * According to RFC 2401 SA is uniquely identified by a triple SPI, 972 * destination address, and security protocol. But according to RFC 4301, 973 * SPI by itself suffices to specify an SA. 974 * 975 * Note that, however, we do need to keep source address in IPsec SA. 976 * IKE specification and PF_KEY specification do assume that we 977 * keep source address in IPsec SA. We see a tricky situation here. 978 */ 979struct secasvar * 980key_allocsa(union sockaddr_union *dst, uint8_t proto, uint32_t spi) 981{ 982 SAHTREE_RLOCK_TRACKER; 983 struct secasvar *sav; 984 985 IPSEC_ASSERT(proto == IPPROTO_ESP || proto == IPPROTO_AH || 986 proto == IPPROTO_IPCOMP, ("unexpected security protocol %u", 987 proto)); 988 989 SAHTREE_RLOCK(); 990 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 991 if (sav->spi == spi) 992 break; 993 } 994 /* 995 * We use single SPI namespace for all protocols, so it is 996 * impossible to have SPI duplicates in the SAVHASH. 997 */ 998 if (sav != NULL) { 999 if (sav->state != SADB_SASTATE_LARVAL && 1000 sav->sah->saidx.proto == proto && 1001 key_sockaddrcmp(&dst->sa, 1002 &sav->sah->saidx.dst.sa, 0) == 0) 1003 SAV_ADDREF(sav); 1004 else 1005 sav = NULL; 1006 } 1007 SAHTREE_RUNLOCK(); 1008 1009 if (sav == NULL) { 1010 KEYDBG(IPSEC_STAMP, 1011 char buf[IPSEC_ADDRSTRLEN]; 1012 printf("%s: SA not found for spi %u proto %u dst %s\n", 1013 __func__, ntohl(spi), proto, ipsec_address(dst, buf, 1014 sizeof(buf)))); 1015 } else { 1016 KEYDBG(IPSEC_STAMP, 1017 printf("%s: return SA(%p)\n", __func__, sav)); 1018 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1019 } 1020 return (sav); 1021} 1022 1023struct secasvar * 1024key_allocsa_tunnel(union sockaddr_union *src, union sockaddr_union *dst, 1025 uint8_t proto) 1026{ 1027 SAHTREE_RLOCK_TRACKER; 1028 struct secasindex saidx; 1029 struct secashead *sah; 1030 struct secasvar *sav; 1031 1032 IPSEC_ASSERT(src != NULL, ("null src address")); 1033 IPSEC_ASSERT(dst != NULL, ("null dst address")); 1034 1035 KEY_SETSECASIDX(proto, IPSEC_MODE_TUNNEL, 0, &src->sa, 1036 &dst->sa, &saidx); 1037 1038 sav = NULL; 1039 SAHTREE_RLOCK(); 1040 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 1041 if (IPSEC_MODE_TUNNEL != sah->saidx.mode) 1042 continue; 1043 if (proto != sah->saidx.proto) 1044 continue; 1045 if (key_sockaddrcmp(&src->sa, &sah->saidx.src.sa, 0) != 0) 1046 continue; 1047 if (key_sockaddrcmp(&dst->sa, &sah->saidx.dst.sa, 0) != 0) 1048 continue; 1049 /* XXXAE: is key_preferred_oldsa reasonably?*/ 1050 if (V_key_preferred_oldsa) 1051 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1052 else 1053 sav = TAILQ_FIRST(&sah->savtree_alive); 1054 if (sav != NULL) { 1055 SAV_ADDREF(sav); 1056 break; 1057 } 1058 } 1059 SAHTREE_RUNLOCK(); 1060 KEYDBG(IPSEC_STAMP, 1061 printf("%s: return SA(%p)\n", __func__, sav)); 1062 if (sav != NULL) 1063 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1064 return (sav); 1065} 1066 1067/* 1068 * Must be called after calling key_allocsp(). 1069 */ 1070void 1071key_freesp(struct secpolicy **spp) 1072{ 1073 struct secpolicy *sp = *spp; 1074 1075 IPSEC_ASSERT(sp != NULL, ("null sp")); 1076 if (SP_DELREF(sp) == 0) 1077 return; 1078 1079 KEYDBG(IPSEC_STAMP, 1080 printf("%s: last reference to SP(%p)\n", __func__, sp)); 1081 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 1082 1083 *spp = NULL; 1084 while (sp->tcount > 0) 1085 ipsec_delisr(sp->req[--sp->tcount]); 1086 free(sp, M_IPSEC_SP); 1087} 1088 1089static void 1090key_unlink(struct secpolicy *sp) 1091{ 1092 1093 IPSEC_ASSERT(sp->spidx.dir == IPSEC_DIR_INBOUND || 1094 sp->spidx.dir == IPSEC_DIR_OUTBOUND, 1095 ("invalid direction %u", sp->spidx.dir)); 1096 SPTREE_UNLOCK_ASSERT(); 1097 1098 KEYDBG(KEY_STAMP, 1099 printf("%s: SP(%p)\n", __func__, sp)); 1100 SPTREE_WLOCK(); 1101 if (sp->state != IPSEC_SPSTATE_ALIVE) { 1102 /* SP is already unlinked */ 1103 SPTREE_WUNLOCK(); 1104 return; 1105 } 1106 sp->state = IPSEC_SPSTATE_DEAD; 1107 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 1108 LIST_REMOVE(sp, idhash); 1109 V_sp_genid++; 1110 SPTREE_WUNLOCK(); 1111 key_freesp(&sp); 1112} 1113 1114/* 1115 * insert a secpolicy into the SP database. Lower priorities first 1116 */ 1117static void 1118key_insertsp(struct secpolicy *newsp) 1119{ 1120 struct secpolicy *sp; 1121 1122 SPTREE_WLOCK_ASSERT(); 1123 TAILQ_FOREACH(sp, &V_sptree[newsp->spidx.dir], chain) { 1124 if (newsp->priority < sp->priority) { 1125 TAILQ_INSERT_BEFORE(sp, newsp, chain); 1126 goto done; 1127 } 1128 } 1129 TAILQ_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, chain); 1130done: 1131 LIST_INSERT_HEAD(SPHASH_HASH(newsp->id), newsp, idhash); 1132 newsp->state = IPSEC_SPSTATE_ALIVE; 1133 V_sp_genid++; 1134} 1135 1136/* 1137 * Insert a bunch of VTI secpolicies into the SPDB. 1138 * We keep VTI policies in the separate list due to following reasons: 1139 * 1) they should be immutable to user's or some deamon's attempts to 1140 * delete. The only way delete such policies - destroy or unconfigure 1141 * corresponding virtual inteface. 1142 * 2) such policies have traffic selector that matches all traffic per 1143 * address family. 1144 * Since all VTI policies have the same priority, we don't care about 1145 * policies order. 1146 */ 1147int 1148key_register_ifnet(struct secpolicy **spp, u_int count) 1149{ 1150 struct mbuf *m; 1151 u_int i; 1152 1153 SPTREE_WLOCK(); 1154 /* 1155 * First of try to acquire id for each SP. 1156 */ 1157 for (i = 0; i < count; i++) { 1158 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1159 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1160 ("invalid direction %u", spp[i]->spidx.dir)); 1161 1162 if ((spp[i]->id = key_getnewspid()) == 0) { 1163 SPTREE_WUNLOCK(); 1164 return (EAGAIN); 1165 } 1166 } 1167 for (i = 0; i < count; i++) { 1168 TAILQ_INSERT_TAIL(&V_sptree_ifnet[spp[i]->spidx.dir], 1169 spp[i], chain); 1170 /* 1171 * NOTE: despite the fact that we keep VTI SP in the 1172 * separate list, SPHASH contains policies from both 1173 * sources. Thus SADB_X_SPDGET will correctly return 1174 * SP by id, because it uses SPHASH for lookups. 1175 */ 1176 LIST_INSERT_HEAD(SPHASH_HASH(spp[i]->id), spp[i], idhash); 1177 spp[i]->state = IPSEC_SPSTATE_IFNET; 1178 } 1179 SPTREE_WUNLOCK(); 1180 /* 1181 * Notify user processes about new SP. 1182 */ 1183 for (i = 0; i < count; i++) { 1184 m = key_setdumpsp(spp[i], SADB_X_SPDADD, 0, 0); 1185 if (m != NULL) 1186 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1187 } 1188 return (0); 1189} 1190 1191void 1192key_unregister_ifnet(struct secpolicy **spp, u_int count) 1193{ 1194 struct mbuf *m; 1195 u_int i; 1196 1197 SPTREE_WLOCK(); 1198 for (i = 0; i < count; i++) { 1199 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1200 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1201 ("invalid direction %u", spp[i]->spidx.dir)); 1202 1203 if (spp[i]->state != IPSEC_SPSTATE_IFNET) 1204 continue; 1205 spp[i]->state = IPSEC_SPSTATE_DEAD; 1206 TAILQ_REMOVE(&V_sptree_ifnet[spp[i]->spidx.dir], 1207 spp[i], chain); 1208 LIST_REMOVE(spp[i], idhash); 1209 } 1210 SPTREE_WUNLOCK(); 1211 1212 for (i = 0; i < count; i++) { 1213 m = key_setdumpsp(spp[i], SADB_X_SPDDELETE, 0, 0); 1214 if (m != NULL) 1215 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1216 } 1217} 1218 1219/* 1220 * Must be called after calling key_allocsa(). 1221 * This function is called by key_freesp() to free some SA allocated 1222 * for a policy. 1223 */ 1224void 1225key_freesav(struct secasvar **psav) 1226{ 1227 struct secasvar *sav = *psav; 1228 1229 IPSEC_ASSERT(sav != NULL, ("null sav")); 1230 if (SAV_DELREF(sav) == 0) 1231 return; 1232 1233 KEYDBG(IPSEC_STAMP, 1234 printf("%s: last reference to SA(%p)\n", __func__, sav)); 1235 1236 *psav = NULL; 1237 key_delsav(sav); 1238} 1239 1240/* 1241 * Unlink SA from SAH and SPI hash under SAHTREE_WLOCK. 1242 * Expect that SA has extra reference due to lookup. 1243 * Release this references, also release SAH reference after unlink. 1244 */ 1245static void 1246key_unlinksav(struct secasvar *sav) 1247{ 1248 struct secashead *sah; 1249 1250 KEYDBG(KEY_STAMP, 1251 printf("%s: SA(%p)\n", __func__, sav)); 1252 1253 SAHTREE_UNLOCK_ASSERT(); 1254 SAHTREE_WLOCK(); 1255 if (sav->state == SADB_SASTATE_DEAD) { 1256 /* SA is already unlinked */ 1257 SAHTREE_WUNLOCK(); 1258 return; 1259 } 1260 /* Unlink from SAH */ 1261 if (sav->state == SADB_SASTATE_LARVAL) 1262 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 1263 else 1264 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 1265 /* Unlink from SPI hash */ 1266 LIST_REMOVE(sav, spihash); 1267 sav->state = SADB_SASTATE_DEAD; 1268 sah = sav->sah; 1269 SAHTREE_WUNLOCK(); 1270 key_freesav(&sav); 1271 /* Since we are unlinked, release reference to SAH */ 1272 key_freesah(&sah); 1273} 1274 1275/* %%% SPD management */ 1276/* 1277 * search SPD 1278 * OUT: NULL : not found 1279 * others : found, pointer to a SP. 1280 */ 1281static struct secpolicy * 1282key_getsp(struct secpolicyindex *spidx) 1283{ 1284 SPTREE_RLOCK_TRACKER; 1285 struct secpolicy *sp; 1286 1287 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 1288 1289 SPTREE_RLOCK(); 1290 TAILQ_FOREACH(sp, &V_sptree[spidx->dir], chain) { 1291 if (key_cmpspidx_exactly(spidx, &sp->spidx)) { 1292 SP_ADDREF(sp); 1293 break; 1294 } 1295 } 1296 SPTREE_RUNLOCK(); 1297 1298 return sp; 1299} 1300 1301/* 1302 * get SP by index. 1303 * OUT: NULL : not found 1304 * others : found, pointer to referenced SP. 1305 */ 1306static struct secpolicy * 1307key_getspbyid(uint32_t id) 1308{ 1309 SPTREE_RLOCK_TRACKER; 1310 struct secpolicy *sp; 1311 1312 SPTREE_RLOCK(); 1313 LIST_FOREACH(sp, SPHASH_HASH(id), idhash) { 1314 if (sp->id == id) { 1315 SP_ADDREF(sp); 1316 break; 1317 } 1318 } 1319 SPTREE_RUNLOCK(); 1320 return (sp); 1321} 1322 1323struct secpolicy * 1324key_newsp(void) 1325{ 1326 struct secpolicy *sp; 1327 1328 sp = malloc(sizeof(*sp), M_IPSEC_SP, M_NOWAIT | M_ZERO); 1329 if (sp != NULL) 1330 SP_INITREF(sp); 1331 return (sp); 1332} 1333 1334struct ipsecrequest * 1335ipsec_newisr(void) 1336{ 1337 1338 return (malloc(sizeof(struct ipsecrequest), M_IPSEC_SR, 1339 M_NOWAIT | M_ZERO)); 1340} 1341 1342void 1343ipsec_delisr(struct ipsecrequest *p) 1344{ 1345 1346 free(p, M_IPSEC_SR); 1347} 1348 1349/* 1350 * create secpolicy structure from sadb_x_policy structure. 1351 * NOTE: `state', `secpolicyindex' and 'id' in secpolicy structure 1352 * are not set, so must be set properly later. 1353 */ 1354struct secpolicy * 1355key_msg2sp(struct sadb_x_policy *xpl0, size_t len, int *error) 1356{ 1357 struct secpolicy *newsp; 1358 1359 IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); 1360 IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len)); 1361 1362 if (len != PFKEY_EXTLEN(xpl0)) { 1363 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__)); 1364 *error = EINVAL; 1365 return NULL; 1366 } 1367 1368 if ((newsp = key_newsp()) == NULL) { 1369 *error = ENOBUFS; 1370 return NULL; 1371 } 1372 1373 newsp->spidx.dir = xpl0->sadb_x_policy_dir; 1374 newsp->policy = xpl0->sadb_x_policy_type; 1375 newsp->priority = xpl0->sadb_x_policy_priority; 1376 newsp->tcount = 0; 1377 1378 /* check policy */ 1379 switch (xpl0->sadb_x_policy_type) { 1380 case IPSEC_POLICY_DISCARD: 1381 case IPSEC_POLICY_NONE: 1382 case IPSEC_POLICY_ENTRUST: 1383 case IPSEC_POLICY_BYPASS: 1384 break; 1385 1386 case IPSEC_POLICY_IPSEC: 1387 { 1388 struct sadb_x_ipsecrequest *xisr; 1389 struct ipsecrequest *isr; 1390 int tlen; 1391 1392 /* validity check */ 1393 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { 1394 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", 1395 __func__)); 1396 key_freesp(&newsp); 1397 *error = EINVAL; 1398 return NULL; 1399 } 1400 1401 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); 1402 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1); 1403 1404 while (tlen > 0) { 1405 /* length check */ 1406 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr) || 1407 xisr->sadb_x_ipsecrequest_len > tlen) { 1408 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest " 1409 "length.\n", __func__)); 1410 key_freesp(&newsp); 1411 *error = EINVAL; 1412 return NULL; 1413 } 1414 1415 if (newsp->tcount >= IPSEC_MAXREQ) { 1416 ipseclog((LOG_DEBUG, 1417 "%s: too many ipsecrequests.\n", 1418 __func__)); 1419 key_freesp(&newsp); 1420 *error = EINVAL; 1421 return (NULL); 1422 } 1423 1424 /* allocate request buffer */ 1425 /* NB: data structure is zero'd */ 1426 isr = ipsec_newisr(); 1427 if (isr == NULL) { 1428 ipseclog((LOG_DEBUG, 1429 "%s: No more memory.\n", __func__)); 1430 key_freesp(&newsp); 1431 *error = ENOBUFS; 1432 return NULL; 1433 } 1434 1435 newsp->req[newsp->tcount++] = isr; 1436 1437 /* set values */ 1438 switch (xisr->sadb_x_ipsecrequest_proto) { 1439 case IPPROTO_ESP: 1440 case IPPROTO_AH: 1441 case IPPROTO_IPCOMP: 1442 break; 1443 default: 1444 ipseclog((LOG_DEBUG, 1445 "%s: invalid proto type=%u\n", __func__, 1446 xisr->sadb_x_ipsecrequest_proto)); 1447 key_freesp(&newsp); 1448 *error = EPROTONOSUPPORT; 1449 return NULL; 1450 } 1451 isr->saidx.proto = 1452 (uint8_t)xisr->sadb_x_ipsecrequest_proto; 1453 1454 switch (xisr->sadb_x_ipsecrequest_mode) { 1455 case IPSEC_MODE_TRANSPORT: 1456 case IPSEC_MODE_TUNNEL: 1457 break; 1458 case IPSEC_MODE_ANY: 1459 default: 1460 ipseclog((LOG_DEBUG, 1461 "%s: invalid mode=%u\n", __func__, 1462 xisr->sadb_x_ipsecrequest_mode)); 1463 key_freesp(&newsp); 1464 *error = EINVAL; 1465 return NULL; 1466 } 1467 isr->saidx.mode = xisr->sadb_x_ipsecrequest_mode; 1468 1469 switch (xisr->sadb_x_ipsecrequest_level) { 1470 case IPSEC_LEVEL_DEFAULT: 1471 case IPSEC_LEVEL_USE: 1472 case IPSEC_LEVEL_REQUIRE: 1473 break; 1474 case IPSEC_LEVEL_UNIQUE: 1475 /* validity check */ 1476 /* 1477 * If range violation of reqid, kernel will 1478 * update it, don't refuse it. 1479 */ 1480 if (xisr->sadb_x_ipsecrequest_reqid 1481 > IPSEC_MANUAL_REQID_MAX) { 1482 ipseclog((LOG_DEBUG, 1483 "%s: reqid=%d range " 1484 "violation, updated by kernel.\n", 1485 __func__, 1486 xisr->sadb_x_ipsecrequest_reqid)); 1487 xisr->sadb_x_ipsecrequest_reqid = 0; 1488 } 1489 1490 /* allocate new reqid id if reqid is zero. */ 1491 if (xisr->sadb_x_ipsecrequest_reqid == 0) { 1492 u_int32_t reqid; 1493 if ((reqid = key_newreqid()) == 0) { 1494 key_freesp(&newsp); 1495 *error = ENOBUFS; 1496 return NULL; 1497 } 1498 isr->saidx.reqid = reqid; 1499 xisr->sadb_x_ipsecrequest_reqid = reqid; 1500 } else { 1501 /* set it for manual keying. */ 1502 isr->saidx.reqid = 1503 xisr->sadb_x_ipsecrequest_reqid; 1504 } 1505 break; 1506 1507 default: 1508 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n", 1509 __func__, 1510 xisr->sadb_x_ipsecrequest_level)); 1511 key_freesp(&newsp); 1512 *error = EINVAL; 1513 return NULL; 1514 } 1515 isr->level = xisr->sadb_x_ipsecrequest_level; 1516 1517 /* set IP addresses if there */ 1518 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 1519 struct sockaddr *paddr; 1520 1521 len = tlen - sizeof(*xisr); 1522 paddr = (struct sockaddr *)(xisr + 1); 1523 /* validity check */ 1524 if (len < sizeof(struct sockaddr) || 1525 len < 2 * paddr->sa_len || 1526 paddr->sa_len > sizeof(isr->saidx.src)) { 1527 ipseclog((LOG_DEBUG, "%s: invalid " 1528 "request address length.\n", 1529 __func__)); 1530 key_freesp(&newsp); 1531 *error = EINVAL; 1532 return NULL; 1533 } 1534 /* 1535 * Request length should be enough to keep 1536 * source and destination addresses. 1537 */ 1538 if (xisr->sadb_x_ipsecrequest_len < 1539 sizeof(*xisr) + 2 * paddr->sa_len) { 1540 ipseclog((LOG_DEBUG, "%s: invalid " 1541 "ipsecrequest length.\n", 1542 __func__)); 1543 key_freesp(&newsp); 1544 *error = EINVAL; 1545 return (NULL); 1546 } 1547 bcopy(paddr, &isr->saidx.src, paddr->sa_len); 1548 paddr = (struct sockaddr *)((caddr_t)paddr + 1549 paddr->sa_len); 1550 1551 /* validity check */ 1552 if (paddr->sa_len != 1553 isr->saidx.src.sa.sa_len) { 1554 ipseclog((LOG_DEBUG, "%s: invalid " 1555 "request address length.\n", 1556 __func__)); 1557 key_freesp(&newsp); 1558 *error = EINVAL; 1559 return NULL; 1560 } 1561 /* AF family should match */ 1562 if (paddr->sa_family != 1563 isr->saidx.src.sa.sa_family) { 1564 ipseclog((LOG_DEBUG, "%s: address " 1565 "family doesn't match.\n", 1566 __func__)); 1567 key_freesp(&newsp); 1568 *error = EINVAL; 1569 return (NULL); 1570 } 1571 bcopy(paddr, &isr->saidx.dst, paddr->sa_len); 1572 } else { 1573 /* 1574 * Addresses for TUNNEL mode requests are 1575 * mandatory. 1576 */ 1577 if (isr->saidx.mode == IPSEC_MODE_TUNNEL) { 1578 ipseclog((LOG_DEBUG, "%s: missing " 1579 "request addresses.\n", __func__)); 1580 key_freesp(&newsp); 1581 *error = EINVAL; 1582 return (NULL); 1583 } 1584 } 1585 tlen -= xisr->sadb_x_ipsecrequest_len; 1586 1587 /* validity check */ 1588 if (tlen < 0) { 1589 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n", 1590 __func__)); 1591 key_freesp(&newsp); 1592 *error = EINVAL; 1593 return NULL; 1594 } 1595 1596 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 1597 + xisr->sadb_x_ipsecrequest_len); 1598 } 1599 /* XXXAE: LARVAL SP */ 1600 if (newsp->tcount < 1) { 1601 ipseclog((LOG_DEBUG, "%s: valid IPSEC transforms " 1602 "not found.\n", __func__)); 1603 key_freesp(&newsp); 1604 *error = EINVAL; 1605 return (NULL); 1606 } 1607 } 1608 break; 1609 default: 1610 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 1611 key_freesp(&newsp); 1612 *error = EINVAL; 1613 return NULL; 1614 } 1615 1616 *error = 0; 1617 return (newsp); 1618} 1619 1620uint32_t 1621key_newreqid(void) 1622{ 1623 static uint32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1624 1625 if (auto_reqid == ~0) 1626 auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1627 else 1628 auto_reqid++; 1629 1630 /* XXX should be unique check */ 1631 return (auto_reqid); 1632} 1633 1634/* 1635 * copy secpolicy struct to sadb_x_policy structure indicated. 1636 */ 1637static struct mbuf * 1638key_sp2mbuf(struct secpolicy *sp) 1639{ 1640 struct mbuf *m; 1641 size_t tlen; 1642 1643 tlen = key_getspreqmsglen(sp); 1644 m = m_get2(tlen, M_NOWAIT, MT_DATA, 0); 1645 if (m == NULL) 1646 return (NULL); 1647 m_align(m, tlen); 1648 m->m_len = tlen; 1649 if (key_sp2msg(sp, m->m_data, &tlen) != 0) { 1650 m_freem(m); 1651 return (NULL); 1652 } 1653 return (m); 1654} 1655 1656int 1657key_sp2msg(struct secpolicy *sp, void *request, size_t *len) 1658{ 1659 struct sadb_x_ipsecrequest *xisr; 1660 struct sadb_x_policy *xpl; 1661 struct ipsecrequest *isr; 1662 size_t xlen, ilen; 1663 caddr_t p; 1664 int error, i; 1665 1666 IPSEC_ASSERT(sp != NULL, ("null policy")); 1667 1668 xlen = sizeof(*xpl); 1669 if (*len < xlen) 1670 return (EINVAL); 1671 1672 error = 0; 1673 bzero(request, *len); 1674 xpl = (struct sadb_x_policy *)request; 1675 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1676 xpl->sadb_x_policy_type = sp->policy; 1677 xpl->sadb_x_policy_dir = sp->spidx.dir; 1678 xpl->sadb_x_policy_id = sp->id; 1679 xpl->sadb_x_policy_priority = sp->priority; 1680 switch (sp->state) { 1681 case IPSEC_SPSTATE_IFNET: 1682 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_IFNET; 1683 break; 1684 case IPSEC_SPSTATE_PCB: 1685 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_PCB; 1686 break; 1687 default: 1688 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_GLOBAL; 1689 } 1690 1691 /* if is the policy for ipsec ? */ 1692 if (sp->policy == IPSEC_POLICY_IPSEC) { 1693 p = (caddr_t)xpl + sizeof(*xpl); 1694 for (i = 0; i < sp->tcount; i++) { 1695 isr = sp->req[i]; 1696 ilen = PFKEY_ALIGN8(sizeof(*xisr) + 1697 isr->saidx.src.sa.sa_len + 1698 isr->saidx.dst.sa.sa_len); 1699 xlen += ilen; 1700 if (xlen > *len) { 1701 error = ENOBUFS; 1702 /* Calculate needed size */ 1703 continue; 1704 } 1705 xisr = (struct sadb_x_ipsecrequest *)p; 1706 xisr->sadb_x_ipsecrequest_len = ilen; 1707 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 1708 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 1709 xisr->sadb_x_ipsecrequest_level = isr->level; 1710 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; 1711 1712 p += sizeof(*xisr); 1713 bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len); 1714 p += isr->saidx.src.sa.sa_len; 1715 bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len); 1716 p += isr->saidx.dst.sa.sa_len; 1717 } 1718 } 1719 xpl->sadb_x_policy_len = PFKEY_UNIT64(xlen); 1720 if (error == 0) 1721 *len = xlen; 1722 else 1723 *len = sizeof(*xpl); 1724 return (error); 1725} 1726 1727/* m will not be freed nor modified */ 1728static struct mbuf * 1729key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, 1730 int ndeep, int nitem, ...) 1731{ 1732 va_list ap; 1733 int idx; 1734 int i; 1735 struct mbuf *result = NULL, *n; 1736 int len; 1737 1738 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1739 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1740 1741 va_start(ap, nitem); 1742 for (i = 0; i < nitem; i++) { 1743 idx = va_arg(ap, int); 1744 if (idx < 0 || idx > SADB_EXT_MAX) 1745 goto fail; 1746 /* don't attempt to pull empty extension */ 1747 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) 1748 continue; 1749 if (idx != SADB_EXT_RESERVED && 1750 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) 1751 continue; 1752 1753 if (idx == SADB_EXT_RESERVED) { 1754 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 1755 1756 IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len)); 1757 1758 MGETHDR(n, M_NOWAIT, MT_DATA); 1759 if (!n) 1760 goto fail; 1761 n->m_len = len; 1762 n->m_next = NULL; 1763 m_copydata(m, 0, sizeof(struct sadb_msg), 1764 mtod(n, caddr_t)); 1765 } else if (i < ndeep) { 1766 len = mhp->extlen[idx]; 1767 n = m_get2(len, M_NOWAIT, MT_DATA, 0); 1768 if (n == NULL) 1769 goto fail; 1770 m_align(n, len); 1771 n->m_len = len; 1772 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], 1773 mtod(n, caddr_t)); 1774 } else { 1775 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], 1776 M_NOWAIT); 1777 } 1778 if (n == NULL) 1779 goto fail; 1780 1781 if (result) 1782 m_cat(result, n); 1783 else 1784 result = n; 1785 } 1786 va_end(ap); 1787 1788 if ((result->m_flags & M_PKTHDR) != 0) { 1789 result->m_pkthdr.len = 0; 1790 for (n = result; n; n = n->m_next) 1791 result->m_pkthdr.len += n->m_len; 1792 } 1793 1794 return result; 1795 1796fail: 1797 m_freem(result); 1798 va_end(ap); 1799 return NULL; 1800} 1801 1802/* 1803 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing 1804 * add an entry to SP database, when received 1805 * <base, address(SD), (lifetime(H),) policy> 1806 * from the user(?). 1807 * Adding to SP database, 1808 * and send 1809 * <base, address(SD), (lifetime(H),) policy> 1810 * to the socket which was send. 1811 * 1812 * SPDADD set a unique policy entry. 1813 * SPDSETIDX like SPDADD without a part of policy requests. 1814 * SPDUPDATE replace a unique policy entry. 1815 * 1816 * XXXAE: serialize this in PF_KEY to avoid races. 1817 * m will always be freed. 1818 */ 1819static int 1820key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 1821{ 1822 struct secpolicyindex spidx; 1823 struct sadb_address *src0, *dst0; 1824 struct sadb_x_policy *xpl0, *xpl; 1825 struct sadb_lifetime *lft = NULL; 1826 struct secpolicy *newsp; 1827 int error; 1828 1829 IPSEC_ASSERT(so != NULL, ("null socket")); 1830 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1831 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1832 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 1833 1834 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 1835 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 1836 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 1837 ipseclog((LOG_DEBUG, 1838 "%s: invalid message: missing required header.\n", 1839 __func__)); 1840 return key_senderror(so, m, EINVAL); 1841 } 1842 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 1843 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 1844 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 1845 ipseclog((LOG_DEBUG, 1846 "%s: invalid message: wrong header size.\n", __func__)); 1847 return key_senderror(so, m, EINVAL); 1848 } 1849 if (!SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD)) { 1850 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD)) { 1851 ipseclog((LOG_DEBUG, 1852 "%s: invalid message: wrong header size.\n", 1853 __func__)); 1854 return key_senderror(so, m, EINVAL); 1855 } 1856 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 1857 } 1858 1859 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 1860 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 1861 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 1862 1863 /* check the direciton */ 1864 switch (xpl0->sadb_x_policy_dir) { 1865 case IPSEC_DIR_INBOUND: 1866 case IPSEC_DIR_OUTBOUND: 1867 break; 1868 default: 1869 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 1870 return key_senderror(so, m, EINVAL); 1871 } 1872 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */ 1873 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 1874 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 1875 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 1876 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 1877 return key_senderror(so, m, EINVAL); 1878 } 1879 1880 /* policy requests are mandatory when action is ipsec. */ 1881 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 1882 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { 1883 ipseclog((LOG_DEBUG, 1884 "%s: policy requests required.\n", __func__)); 1885 return key_senderror(so, m, EINVAL); 1886 } 1887 1888 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 1889 (struct sockaddr *)(dst0 + 1)); 1890 if (error != 0 || 1891 src0->sadb_address_proto != dst0->sadb_address_proto) { 1892 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 1893 return key_senderror(so, m, error); 1894 } 1895 /* make secindex */ 1896 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 1897 src0 + 1, 1898 dst0 + 1, 1899 src0->sadb_address_prefixlen, 1900 dst0->sadb_address_prefixlen, 1901 src0->sadb_address_proto, 1902 &spidx); 1903 /* Checking there is SP already or not. */ 1904 newsp = key_getsp(&spidx); 1905 if (newsp != NULL) { 1906 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 1907 KEYDBG(KEY_STAMP, 1908 printf("%s: unlink SP(%p) for SPDUPDATE\n", 1909 __func__, newsp)); 1910 KEYDBG(KEY_DATA, kdebug_secpolicy(newsp)); 1911 key_unlink(newsp); 1912 key_freesp(&newsp); 1913 } else { 1914 key_freesp(&newsp); 1915 ipseclog((LOG_DEBUG, "%s: a SP entry exists already.", 1916 __func__)); 1917 return (key_senderror(so, m, EEXIST)); 1918 } 1919 } 1920 1921 /* allocate new SP entry */ 1922 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) { 1923 return key_senderror(so, m, error); 1924 } 1925 1926 newsp->lastused = newsp->created = time_second; 1927 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; 1928 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; 1929 bcopy(&spidx, &newsp->spidx, sizeof(spidx)); 1930 1931 /* XXXAE: there is race between key_getsp() and key_insertsp() */ 1932 SPTREE_WLOCK(); 1933 if ((newsp->id = key_getnewspid()) == 0) { 1934 SPTREE_WUNLOCK(); 1935 key_freesp(&newsp); 1936 return key_senderror(so, m, ENOBUFS); 1937 } 1938 key_insertsp(newsp); 1939 SPTREE_WUNLOCK(); 1940 1941 KEYDBG(KEY_STAMP, 1942 printf("%s: SP(%p)\n", __func__, newsp)); 1943 KEYDBG(KEY_DATA, kdebug_secpolicy(newsp)); 1944 1945 { 1946 struct mbuf *n, *mpolicy; 1947 struct sadb_msg *newmsg; 1948 int off; 1949 1950 /* create new sadb_msg to reply. */ 1951 if (lft) { 1952 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, 1953 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, 1954 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 1955 } else { 1956 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, 1957 SADB_X_EXT_POLICY, 1958 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 1959 } 1960 if (!n) 1961 return key_senderror(so, m, ENOBUFS); 1962 1963 if (n->m_len < sizeof(*newmsg)) { 1964 n = m_pullup(n, sizeof(*newmsg)); 1965 if (!n) 1966 return key_senderror(so, m, ENOBUFS); 1967 } 1968 newmsg = mtod(n, struct sadb_msg *); 1969 newmsg->sadb_msg_errno = 0; 1970 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 1971 1972 off = 0; 1973 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), 1974 sizeof(*xpl), &off); 1975 if (mpolicy == NULL) { 1976 /* n is already freed */ 1977 return key_senderror(so, m, ENOBUFS); 1978 } 1979 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off); 1980 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { 1981 m_freem(n); 1982 return key_senderror(so, m, EINVAL); 1983 } 1984 xpl->sadb_x_policy_id = newsp->id; 1985 1986 m_freem(m); 1987 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 1988 } 1989} 1990 1991/* 1992 * get new policy id. 1993 * OUT: 1994 * 0: failure. 1995 * others: success. 1996 */ 1997static uint32_t 1998key_getnewspid(void) 1999{ 2000 struct secpolicy *sp; 2001 uint32_t newid = 0; 2002 int count = V_key_spi_trycnt; /* XXX */ 2003 2004 SPTREE_WLOCK_ASSERT(); 2005 while (count--) { 2006 if (V_policy_id == ~0) /* overflowed */ 2007 newid = V_policy_id = 1; 2008 else 2009 newid = ++V_policy_id; 2010 LIST_FOREACH(sp, SPHASH_HASH(newid), idhash) { 2011 if (sp->id == newid) 2012 break; 2013 } 2014 if (sp == NULL) 2015 break; 2016 } 2017 if (count == 0 || newid == 0) { 2018 ipseclog((LOG_DEBUG, "%s: failed to allocate policy id.\n", 2019 __func__)); 2020 return (0); 2021 } 2022 return (newid); 2023} 2024 2025/* 2026 * SADB_SPDDELETE processing 2027 * receive 2028 * <base, address(SD), policy(*)> 2029 * from the user(?), and set SADB_SASTATE_DEAD, 2030 * and send, 2031 * <base, address(SD), policy(*)> 2032 * to the ikmpd. 2033 * policy(*) including direction of policy. 2034 * 2035 * m will always be freed. 2036 */ 2037static int 2038key_spddelete(struct socket *so, struct mbuf *m, 2039 const struct sadb_msghdr *mhp) 2040{ 2041 struct secpolicyindex spidx; 2042 struct sadb_address *src0, *dst0; 2043 struct sadb_x_policy *xpl0; 2044 struct secpolicy *sp; 2045 2046 IPSEC_ASSERT(so != NULL, ("null so")); 2047 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2048 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2049 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2050 2051 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 2052 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 2053 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 2054 ipseclog((LOG_DEBUG, 2055 "%s: invalid message: missing required header.\n", 2056 __func__)); 2057 return key_senderror(so, m, EINVAL); 2058 } 2059 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 2060 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 2061 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2062 ipseclog((LOG_DEBUG, 2063 "%s: invalid message: wrong header size.\n", __func__)); 2064 return key_senderror(so, m, EINVAL); 2065 } 2066 2067 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 2068 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2069 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2070 2071 /* check the direciton */ 2072 switch (xpl0->sadb_x_policy_dir) { 2073 case IPSEC_DIR_INBOUND: 2074 case IPSEC_DIR_OUTBOUND: 2075 break; 2076 default: 2077 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2078 return key_senderror(so, m, EINVAL); 2079 } 2080 /* Only DISCARD, NONE and IPSEC are allowed */ 2081 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2082 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2083 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2084 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2085 return key_senderror(so, m, EINVAL); 2086 } 2087 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 2088 (struct sockaddr *)(dst0 + 1)) != 0 || 2089 src0->sadb_address_proto != dst0->sadb_address_proto) { 2090 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2091 return key_senderror(so, m, EINVAL); 2092 } 2093 /* make secindex */ 2094 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2095 src0 + 1, 2096 dst0 + 1, 2097 src0->sadb_address_prefixlen, 2098 dst0->sadb_address_prefixlen, 2099 src0->sadb_address_proto, 2100 &spidx); 2101 2102 /* Is there SP in SPD ? */ 2103 if ((sp = key_getsp(&spidx)) == NULL) { 2104 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__)); 2105 return key_senderror(so, m, EINVAL); 2106 } 2107 2108 /* save policy id to buffer to be returned. */ 2109 xpl0->sadb_x_policy_id = sp->id; 2110 2111 KEYDBG(KEY_STAMP, 2112 printf("%s: SP(%p)\n", __func__, sp)); 2113 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2114 key_unlink(sp); 2115 key_freesp(&sp); 2116 2117 { 2118 struct mbuf *n; 2119 struct sadb_msg *newmsg; 2120 2121 /* create new sadb_msg to reply. */ 2122 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 2123 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2124 if (!n) 2125 return key_senderror(so, m, ENOBUFS); 2126 2127 newmsg = mtod(n, struct sadb_msg *); 2128 newmsg->sadb_msg_errno = 0; 2129 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2130 2131 m_freem(m); 2132 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2133 } 2134} 2135 2136/* 2137 * SADB_SPDDELETE2 processing 2138 * receive 2139 * <base, policy(*)> 2140 * from the user(?), and set SADB_SASTATE_DEAD, 2141 * and send, 2142 * <base, policy(*)> 2143 * to the ikmpd. 2144 * policy(*) including direction of policy. 2145 * 2146 * m will always be freed. 2147 */ 2148static int 2149key_spddelete2(struct socket *so, struct mbuf *m, 2150 const struct sadb_msghdr *mhp) 2151{ 2152 struct secpolicy *sp; 2153 uint32_t id; 2154 2155 IPSEC_ASSERT(so != NULL, ("null socket")); 2156 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2157 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2158 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2159 2160 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2161 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2162 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2163 __func__)); 2164 return key_senderror(so, m, EINVAL); 2165 } 2166 2167 id = ((struct sadb_x_policy *) 2168 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2169 2170 /* Is there SP in SPD ? */ 2171 if ((sp = key_getspbyid(id)) == NULL) { 2172 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2173 __func__, id)); 2174 return key_senderror(so, m, EINVAL); 2175 } 2176 2177 KEYDBG(KEY_STAMP, 2178 printf("%s: SP(%p)\n", __func__, sp)); 2179 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2180 key_unlink(sp); 2181 if (sp->state != IPSEC_SPSTATE_DEAD) { 2182 ipseclog((LOG_DEBUG, "%s: failed to delete SP with id %u.\n", 2183 __func__, id)); 2184 key_freesp(&sp); 2185 return (key_senderror(so, m, EACCES)); 2186 } 2187 key_freesp(&sp); 2188 2189 { 2190 struct mbuf *n, *nn; 2191 struct sadb_msg *newmsg; 2192 int off, len; 2193 2194 /* create new sadb_msg to reply. */ 2195 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2196 2197 MGETHDR(n, M_NOWAIT, MT_DATA); 2198 if (n && len > MHLEN) { 2199 if (!(MCLGET(n, M_NOWAIT))) { 2200 m_freem(n); 2201 n = NULL; 2202 } 2203 } 2204 if (!n) 2205 return key_senderror(so, m, ENOBUFS); 2206 2207 n->m_len = len; 2208 n->m_next = NULL; 2209 off = 0; 2210 2211 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 2212 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2213 2214 IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)", 2215 off, len)); 2216 2217 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], 2218 mhp->extlen[SADB_X_EXT_POLICY], M_NOWAIT); 2219 if (!n->m_next) { 2220 m_freem(n); 2221 return key_senderror(so, m, ENOBUFS); 2222 } 2223 2224 n->m_pkthdr.len = 0; 2225 for (nn = n; nn; nn = nn->m_next) 2226 n->m_pkthdr.len += nn->m_len; 2227 2228 newmsg = mtod(n, struct sadb_msg *); 2229 newmsg->sadb_msg_errno = 0; 2230 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2231 2232 m_freem(m); 2233 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2234 } 2235} 2236 2237/* 2238 * SADB_X_SPDGET processing 2239 * receive 2240 * <base, policy(*)> 2241 * from the user(?), 2242 * and send, 2243 * <base, address(SD), policy> 2244 * to the ikmpd. 2245 * policy(*) including direction of policy. 2246 * 2247 * m will always be freed. 2248 */ 2249static int 2250key_spdget(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2251{ 2252 struct secpolicy *sp; 2253 struct mbuf *n; 2254 uint32_t id; 2255 2256 IPSEC_ASSERT(so != NULL, ("null socket")); 2257 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2258 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2259 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2260 2261 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2262 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2263 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2264 __func__)); 2265 return key_senderror(so, m, EINVAL); 2266 } 2267 2268 id = ((struct sadb_x_policy *) 2269 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2270 2271 /* Is there SP in SPD ? */ 2272 if ((sp = key_getspbyid(id)) == NULL) { 2273 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2274 __func__, id)); 2275 return key_senderror(so, m, ENOENT); 2276 } 2277 2278 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq, 2279 mhp->msg->sadb_msg_pid); 2280 key_freesp(&sp); 2281 if (n != NULL) { 2282 m_freem(m); 2283 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2284 } else 2285 return key_senderror(so, m, ENOBUFS); 2286} 2287 2288/* 2289 * SADB_X_SPDACQUIRE processing. 2290 * Acquire policy and SA(s) for a *OUTBOUND* packet. 2291 * send 2292 * <base, policy(*)> 2293 * to KMD, and expect to receive 2294 * <base> with SADB_X_SPDACQUIRE if error occurred, 2295 * or 2296 * <base, policy> 2297 * with SADB_X_SPDUPDATE from KMD by PF_KEY. 2298 * policy(*) is without policy requests. 2299 * 2300 * 0 : succeed 2301 * others: error number 2302 */ 2303int 2304key_spdacquire(struct secpolicy *sp) 2305{ 2306 struct mbuf *result = NULL, *m; 2307 struct secspacq *newspacq; 2308 2309 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2310 IPSEC_ASSERT(sp->req == NULL, ("policy exists")); 2311 IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, 2312 ("policy not IPSEC %u", sp->policy)); 2313 2314 /* Get an entry to check whether sent message or not. */ 2315 newspacq = key_getspacq(&sp->spidx); 2316 if (newspacq != NULL) { 2317 if (V_key_blockacq_count < newspacq->count) { 2318 /* reset counter and do send message. */ 2319 newspacq->count = 0; 2320 } else { 2321 /* increment counter and do nothing. */ 2322 newspacq->count++; 2323 SPACQ_UNLOCK(); 2324 return (0); 2325 } 2326 SPACQ_UNLOCK(); 2327 } else { 2328 /* make new entry for blocking to send SADB_ACQUIRE. */ 2329 newspacq = key_newspacq(&sp->spidx); 2330 if (newspacq == NULL) 2331 return ENOBUFS; 2332 } 2333 2334 /* create new sadb_msg to reply. */ 2335 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); 2336 if (!m) 2337 return ENOBUFS; 2338 2339 result = m; 2340 2341 result->m_pkthdr.len = 0; 2342 for (m = result; m; m = m->m_next) 2343 result->m_pkthdr.len += m->m_len; 2344 2345 mtod(result, struct sadb_msg *)->sadb_msg_len = 2346 PFKEY_UNIT64(result->m_pkthdr.len); 2347 2348 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED); 2349} 2350 2351/* 2352 * SADB_SPDFLUSH processing 2353 * receive 2354 * <base> 2355 * from the user, and free all entries in secpctree. 2356 * and send, 2357 * <base> 2358 * to the user. 2359 * NOTE: what to do is only marking SADB_SASTATE_DEAD. 2360 * 2361 * m will always be freed. 2362 */ 2363static int 2364key_spdflush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2365{ 2366 struct secpolicy_queue drainq; 2367 struct sadb_msg *newmsg; 2368 struct secpolicy *sp, *nextsp; 2369 u_int dir; 2370 2371 IPSEC_ASSERT(so != NULL, ("null socket")); 2372 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2373 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2374 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2375 2376 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) 2377 return key_senderror(so, m, EINVAL); 2378 2379 TAILQ_INIT(&drainq); 2380 SPTREE_WLOCK(); 2381 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2382 TAILQ_CONCAT(&drainq, &V_sptree[dir], chain); 2383 } 2384 /* 2385 * We need to set state to DEAD for each policy to be sure, 2386 * that another thread won't try to unlink it. 2387 * Also remove SP from sphash. 2388 */ 2389 TAILQ_FOREACH(sp, &drainq, chain) { 2390 sp->state = IPSEC_SPSTATE_DEAD; 2391 LIST_REMOVE(sp, idhash); 2392 } 2393 V_sp_genid++; 2394 SPTREE_WUNLOCK(); 2395 sp = TAILQ_FIRST(&drainq); 2396 while (sp != NULL) { 2397 nextsp = TAILQ_NEXT(sp, chain); 2398 key_freesp(&sp); 2399 sp = nextsp; 2400 } 2401 2402 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 2403 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 2404 return key_senderror(so, m, ENOBUFS); 2405 } 2406 2407 if (m->m_next) 2408 m_freem(m->m_next); 2409 m->m_next = NULL; 2410 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2411 newmsg = mtod(m, struct sadb_msg *); 2412 newmsg->sadb_msg_errno = 0; 2413 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 2414 2415 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 2416} 2417 2418static uint8_t 2419key_satype2scopemask(uint8_t satype) 2420{ 2421 2422 if (satype == IPSEC_POLICYSCOPE_ANY) 2423 return (0xff); 2424 return (satype); 2425} 2426/* 2427 * SADB_SPDDUMP processing 2428 * receive 2429 * <base> 2430 * from the user, and dump all SP leaves and send, 2431 * <base> ..... 2432 * to the ikmpd. 2433 * 2434 * NOTE: 2435 * sadb_msg_satype is considered as mask of policy scopes. 2436 * m will always be freed. 2437 */ 2438static int 2439key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2440{ 2441 SPTREE_RLOCK_TRACKER; 2442 struct secpolicy *sp; 2443 struct mbuf *n; 2444 int cnt; 2445 u_int dir, scope; 2446 2447 IPSEC_ASSERT(so != NULL, ("null socket")); 2448 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2449 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2450 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2451 2452 /* search SPD entry and get buffer size. */ 2453 cnt = 0; 2454 scope = key_satype2scopemask(mhp->msg->sadb_msg_satype); 2455 SPTREE_RLOCK(); 2456 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2457 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2458 TAILQ_FOREACH(sp, &V_sptree[dir], chain) 2459 cnt++; 2460 } 2461 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2462 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) 2463 cnt++; 2464 } 2465 } 2466 2467 if (cnt == 0) { 2468 SPTREE_RUNLOCK(); 2469 return key_senderror(so, m, ENOENT); 2470 } 2471 2472 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2473 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2474 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 2475 --cnt; 2476 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2477 mhp->msg->sadb_msg_pid); 2478 2479 if (n != NULL) 2480 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2481 } 2482 } 2483 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2484 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) { 2485 --cnt; 2486 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2487 mhp->msg->sadb_msg_pid); 2488 2489 if (n != NULL) 2490 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2491 } 2492 } 2493 } 2494 2495 SPTREE_RUNLOCK(); 2496 m_freem(m); 2497 return (0); 2498} 2499 2500static struct mbuf * 2501key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, 2502 u_int32_t pid) 2503{ 2504 struct mbuf *result = NULL, *m; 2505 struct seclifetime lt; 2506 2507 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt); 2508 if (!m) 2509 goto fail; 2510 result = m; 2511 2512 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2513 &sp->spidx.src.sa, sp->spidx.prefs, 2514 sp->spidx.ul_proto); 2515 if (!m) 2516 goto fail; 2517 m_cat(result, m); 2518 2519 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2520 &sp->spidx.dst.sa, sp->spidx.prefd, 2521 sp->spidx.ul_proto); 2522 if (!m) 2523 goto fail; 2524 m_cat(result, m); 2525 2526 m = key_sp2mbuf(sp); 2527 if (!m) 2528 goto fail; 2529 m_cat(result, m); 2530 2531 if(sp->lifetime){ 2532 lt.addtime=sp->created; 2533 lt.usetime= sp->lastused; 2534 m = key_setlifetime(<, SADB_EXT_LIFETIME_CURRENT); 2535 if (!m) 2536 goto fail; 2537 m_cat(result, m); 2538 2539 lt.addtime=sp->lifetime; 2540 lt.usetime= sp->validtime; 2541 m = key_setlifetime(<, SADB_EXT_LIFETIME_HARD); 2542 if (!m) 2543 goto fail; 2544 m_cat(result, m); 2545 } 2546 2547 if ((result->m_flags & M_PKTHDR) == 0) 2548 goto fail; 2549 2550 if (result->m_len < sizeof(struct sadb_msg)) { 2551 result = m_pullup(result, sizeof(struct sadb_msg)); 2552 if (result == NULL) 2553 goto fail; 2554 } 2555 2556 result->m_pkthdr.len = 0; 2557 for (m = result; m; m = m->m_next) 2558 result->m_pkthdr.len += m->m_len; 2559 2560 mtod(result, struct sadb_msg *)->sadb_msg_len = 2561 PFKEY_UNIT64(result->m_pkthdr.len); 2562 2563 return result; 2564 2565fail: 2566 m_freem(result); 2567 return NULL; 2568} 2569/* 2570 * get PFKEY message length for security policy and request. 2571 */ 2572static size_t 2573key_getspreqmsglen(struct secpolicy *sp) 2574{ 2575 size_t tlen, len; 2576 int i; 2577 2578 tlen = sizeof(struct sadb_x_policy); 2579 /* if is the policy for ipsec ? */ 2580 if (sp->policy != IPSEC_POLICY_IPSEC) 2581 return (tlen); 2582 2583 /* get length of ipsec requests */ 2584 for (i = 0; i < sp->tcount; i++) { 2585 len = sizeof(struct sadb_x_ipsecrequest) 2586 + sp->req[i]->saidx.src.sa.sa_len 2587 + sp->req[i]->saidx.dst.sa.sa_len; 2588 2589 tlen += PFKEY_ALIGN8(len); 2590 } 2591 return (tlen); 2592} 2593 2594/* 2595 * SADB_SPDEXPIRE processing 2596 * send 2597 * <base, address(SD), lifetime(CH), policy> 2598 * to KMD by PF_KEY. 2599 * 2600 * OUT: 0 : succeed 2601 * others : error number 2602 */ 2603static int 2604key_spdexpire(struct secpolicy *sp) 2605{ 2606 struct sadb_lifetime *lt; 2607 struct mbuf *result = NULL, *m; 2608 int len, error = -1; 2609 2610 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2611 2612 KEYDBG(KEY_STAMP, 2613 printf("%s: SP(%p)\n", __func__, sp)); 2614 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2615 2616 /* set msg header */ 2617 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); 2618 if (!m) { 2619 error = ENOBUFS; 2620 goto fail; 2621 } 2622 result = m; 2623 2624 /* create lifetime extension (current and hard) */ 2625 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 2626 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 2627 if (m == NULL) { 2628 error = ENOBUFS; 2629 goto fail; 2630 } 2631 m_align(m, len); 2632 m->m_len = len; 2633 bzero(mtod(m, caddr_t), len); 2634 lt = mtod(m, struct sadb_lifetime *); 2635 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2636 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2637 lt->sadb_lifetime_allocations = 0; 2638 lt->sadb_lifetime_bytes = 0; 2639 lt->sadb_lifetime_addtime = sp->created; 2640 lt->sadb_lifetime_usetime = sp->lastused; 2641 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 2642 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2643 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2644 lt->sadb_lifetime_allocations = 0; 2645 lt->sadb_lifetime_bytes = 0; 2646 lt->sadb_lifetime_addtime = sp->lifetime; 2647 lt->sadb_lifetime_usetime = sp->validtime; 2648 m_cat(result, m); 2649 2650 /* set sadb_address for source */ 2651 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2652 &sp->spidx.src.sa, 2653 sp->spidx.prefs, sp->spidx.ul_proto); 2654 if (!m) { 2655 error = ENOBUFS; 2656 goto fail; 2657 } 2658 m_cat(result, m); 2659 2660 /* set sadb_address for destination */ 2661 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2662 &sp->spidx.dst.sa, 2663 sp->spidx.prefd, sp->spidx.ul_proto); 2664 if (!m) { 2665 error = ENOBUFS; 2666 goto fail; 2667 } 2668 m_cat(result, m); 2669 2670 /* set secpolicy */ 2671 m = key_sp2mbuf(sp); 2672 if (!m) { 2673 error = ENOBUFS; 2674 goto fail; 2675 } 2676 m_cat(result, m); 2677 2678 if ((result->m_flags & M_PKTHDR) == 0) { 2679 error = EINVAL; 2680 goto fail; 2681 } 2682 2683 if (result->m_len < sizeof(struct sadb_msg)) { 2684 result = m_pullup(result, sizeof(struct sadb_msg)); 2685 if (result == NULL) { 2686 error = ENOBUFS; 2687 goto fail; 2688 } 2689 } 2690 2691 result->m_pkthdr.len = 0; 2692 for (m = result; m; m = m->m_next) 2693 result->m_pkthdr.len += m->m_len; 2694 2695 mtod(result, struct sadb_msg *)->sadb_msg_len = 2696 PFKEY_UNIT64(result->m_pkthdr.len); 2697 2698 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2699 2700 fail: 2701 if (result) 2702 m_freem(result); 2703 return error; 2704} 2705 2706/* %%% SAD management */ 2707/* 2708 * allocating and initialize new SA head. 2709 * OUT: NULL : failure due to the lack of memory. 2710 * others : pointer to new SA head. 2711 */ 2712static struct secashead * 2713key_newsah(struct secasindex *saidx) 2714{ 2715 struct secashead *sah; 2716 2717 sah = malloc(sizeof(struct secashead), M_IPSEC_SAH, 2718 M_NOWAIT | M_ZERO); 2719 if (sah == NULL) { 2720 PFKEYSTAT_INC(in_nomem); 2721 return (NULL); 2722 } 2723 TAILQ_INIT(&sah->savtree_larval); 2724 TAILQ_INIT(&sah->savtree_alive); 2725 sah->saidx = *saidx; 2726 sah->state = SADB_SASTATE_DEAD; 2727 SAH_INITREF(sah); 2728 2729 KEYDBG(KEY_STAMP, 2730 printf("%s: SAH(%p)\n", __func__, sah)); 2731 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2732 return (sah); 2733} 2734 2735static void 2736key_freesah(struct secashead **psah) 2737{ 2738 struct secashead *sah = *psah; 2739 2740 if (SAH_DELREF(sah) == 0) 2741 return; 2742 2743 KEYDBG(KEY_STAMP, 2744 printf("%s: last reference to SAH(%p)\n", __func__, sah)); 2745 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2746 2747 *psah = NULL; 2748 key_delsah(sah); 2749} 2750 2751static void 2752key_delsah(struct secashead *sah) 2753{ 2754 IPSEC_ASSERT(sah != NULL, ("NULL sah")); 2755 IPSEC_ASSERT(sah->state == SADB_SASTATE_DEAD, 2756 ("Attempt to free non DEAD SAH %p", sah)); 2757 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_larval), 2758 ("Attempt to free SAH %p with LARVAL SA", sah)); 2759 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_alive), 2760 ("Attempt to free SAH %p with ALIVE SA", sah)); 2761 2762 free(sah, M_IPSEC_SAH); 2763} 2764 2765/* 2766 * allocating a new SA for key_add() and key_getspi() call, 2767 * and copy the values of mhp into new buffer. 2768 * When SAD message type is SADB_GETSPI set SA state to LARVAL. 2769 * For SADB_ADD create and initialize SA with MATURE state. 2770 * OUT: NULL : fail 2771 * others : pointer to new secasvar. 2772 */ 2773static struct secasvar * 2774key_newsav(const struct sadb_msghdr *mhp, struct secasindex *saidx, 2775 uint32_t spi, int *errp) 2776{ 2777 struct secashead *sah; 2778 struct secasvar *sav; 2779 int isnew; 2780 2781 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2782 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2783 IPSEC_ASSERT(mhp->msg->sadb_msg_type == SADB_GETSPI || 2784 mhp->msg->sadb_msg_type == SADB_ADD, ("wrong message type")); 2785 2786 sav = NULL; 2787 sah = NULL; 2788 /* check SPI value */ 2789 switch (saidx->proto) { 2790 case IPPROTO_ESP: 2791 case IPPROTO_AH: 2792 /* 2793 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values 2794 * 1-255 reserved by IANA for future use, 2795 * 0 for implementation specific, local use. 2796 */ 2797 if (ntohl(spi) <= 255) { 2798 ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n", 2799 __func__, ntohl(spi))); 2800 *errp = EINVAL; 2801 goto done; 2802 } 2803 break; 2804 } 2805 2806 sav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT | M_ZERO); 2807 if (sav == NULL) { 2808 *errp = ENOBUFS; 2809 goto done; 2810 } 2811 sav->lock = malloc(sizeof(struct mtx), M_IPSEC_MISC, 2812 M_NOWAIT | M_ZERO); 2813 if (sav->lock == NULL) { 2814 *errp = ENOBUFS; 2815 goto done; 2816 } 2817 mtx_init(sav->lock, "ipsec association", NULL, MTX_DEF); 2818 sav->lft_c = uma_zalloc(V_key_lft_zone, M_NOWAIT); 2819 if (sav->lft_c == NULL) { 2820 *errp = ENOBUFS; 2821 goto done; 2822 } 2823 counter_u64_zero(sav->lft_c_allocations); 2824 counter_u64_zero(sav->lft_c_bytes); 2825 2826 sav->spi = spi; 2827 sav->seq = mhp->msg->sadb_msg_seq; 2828 sav->state = SADB_SASTATE_LARVAL; 2829 sav->pid = (pid_t)mhp->msg->sadb_msg_pid; 2830 SAV_INITREF(sav); 2831again: 2832 sah = key_getsah(saidx); 2833 if (sah == NULL) { 2834 /* create a new SA index */ 2835 sah = key_newsah(saidx); 2836 if (sah == NULL) { 2837 ipseclog((LOG_DEBUG, 2838 "%s: No more memory.\n", __func__)); 2839 *errp = ENOBUFS; 2840 goto done; 2841 } 2842 isnew = 1; 2843 } else 2844 isnew = 0; 2845 2846 sav->sah = sah; 2847 if (mhp->msg->sadb_msg_type == SADB_GETSPI) { 2848 sav->created = time_second; 2849 } else if (sav->state == SADB_SASTATE_LARVAL) { 2850 /* 2851 * Do not call key_setsaval() second time in case 2852 * of `goto again`. We will have MATURE state. 2853 */ 2854 *errp = key_setsaval(sav, mhp); 2855 if (*errp != 0) 2856 goto done; 2857 sav->state = SADB_SASTATE_MATURE; 2858 } 2859 2860 SAHTREE_WLOCK(); 2861 /* 2862 * Check that existing SAH wasn't unlinked. 2863 * Since we didn't hold the SAHTREE lock, it is possible, 2864 * that callout handler or key_flush() or key_delete() could 2865 * unlink this SAH. 2866 */ 2867 if (isnew == 0 && sah->state == SADB_SASTATE_DEAD) { 2868 SAHTREE_WUNLOCK(); 2869 key_freesah(&sah); /* reference from key_getsah() */ 2870 goto again; 2871 } 2872 if (isnew != 0) { 2873 /* 2874 * Add new SAH into SADB. 2875 * 2876 * XXXAE: we can serialize key_add and key_getspi calls, so 2877 * several threads will not fight in the race. 2878 * Otherwise we should check under SAHTREE lock, that this 2879 * SAH would not added twice. 2880 */ 2881 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 2882 /* Add new SAH into hash by addresses */ 2883 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 2884 /* Now we are linked in the chain */ 2885 sah->state = SADB_SASTATE_MATURE; 2886 /* 2887 * SAV references this new SAH. 2888 * In case of existing SAH we reuse reference 2889 * from key_getsah(). 2890 */ 2891 SAH_ADDREF(sah); 2892 } 2893 /* Link SAV with SAH */ 2894 if (sav->state == SADB_SASTATE_MATURE) 2895 TAILQ_INSERT_HEAD(&sah->savtree_alive, sav, chain); 2896 else 2897 TAILQ_INSERT_HEAD(&sah->savtree_larval, sav, chain); 2898 /* Add SAV into SPI hash */ 2899 LIST_INSERT_HEAD(SAVHASH_HASH(sav->spi), sav, spihash); 2900 SAHTREE_WUNLOCK(); 2901 *errp = 0; /* success */ 2902done: 2903 if (*errp != 0) { 2904 if (sav != NULL) { 2905 if (sav->lock != NULL) { 2906 mtx_destroy(sav->lock); 2907 free(sav->lock, M_IPSEC_MISC); 2908 } 2909 if (sav->lft_c != NULL) 2910 uma_zfree(V_key_lft_zone, sav->lft_c); 2911 free(sav, M_IPSEC_SA), sav = NULL; 2912 } 2913 if (sah != NULL) 2914 key_freesah(&sah); 2915 if (*errp == ENOBUFS) { 2916 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 2917 __func__)); 2918 PFKEYSTAT_INC(in_nomem); 2919 } 2920 } 2921 return (sav); 2922} 2923 2924/* 2925 * free() SA variable entry. 2926 */ 2927static void 2928key_cleansav(struct secasvar *sav) 2929{ 2930 2931 if (sav->natt != NULL) { 2932 free(sav->natt, M_IPSEC_MISC); 2933 sav->natt = NULL; 2934 } 2935 if (sav->flags & SADB_X_EXT_F_CLONED) 2936 return; 2937 /* 2938 * Cleanup xform state. Note that zeroize'ing causes the 2939 * keys to be cleared; otherwise we must do it ourself. 2940 */ 2941 if (sav->tdb_xform != NULL) { 2942 sav->tdb_xform->xf_zeroize(sav); 2943 sav->tdb_xform = NULL; 2944 } else { 2945 if (sav->key_auth != NULL) 2946 bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth)); 2947 if (sav->key_enc != NULL) 2948 bzero(sav->key_enc->key_data, _KEYLEN(sav->key_enc)); 2949 } 2950 if (sav->key_auth != NULL) { 2951 if (sav->key_auth->key_data != NULL) 2952 free(sav->key_auth->key_data, M_IPSEC_MISC); 2953 free(sav->key_auth, M_IPSEC_MISC); 2954 sav->key_auth = NULL; 2955 } 2956 if (sav->key_enc != NULL) { 2957 if (sav->key_enc->key_data != NULL) 2958 free(sav->key_enc->key_data, M_IPSEC_MISC); 2959 free(sav->key_enc, M_IPSEC_MISC); 2960 sav->key_enc = NULL; 2961 } 2962 if (sav->replay != NULL) { 2963 if (sav->replay->bitmap != NULL) 2964 free(sav->replay->bitmap, M_IPSEC_MISC); 2965 free(sav->replay, M_IPSEC_MISC); 2966 sav->replay = NULL; 2967 } 2968 if (sav->lft_h != NULL) { 2969 free(sav->lft_h, M_IPSEC_MISC); 2970 sav->lft_h = NULL; 2971 } 2972 if (sav->lft_s != NULL) { 2973 free(sav->lft_s, M_IPSEC_MISC); 2974 sav->lft_s = NULL; 2975 } 2976} 2977 2978/* 2979 * free() SA variable entry. 2980 */ 2981static void 2982key_delsav(struct secasvar *sav) 2983{ 2984 IPSEC_ASSERT(sav != NULL, ("null sav")); 2985 IPSEC_ASSERT(sav->state == SADB_SASTATE_DEAD, 2986 ("attempt to free non DEAD SA %p", sav)); 2987 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", 2988 sav->refcnt)); 2989 2990 /* 2991 * SA must be unlinked from the chain and hashtbl. 2992 * If SA was cloned, we leave all fields untouched, 2993 * except NAT-T config. 2994 */ 2995 key_cleansav(sav); 2996 if ((sav->flags & SADB_X_EXT_F_CLONED) == 0) { 2997 mtx_destroy(sav->lock); 2998 free(sav->lock, M_IPSEC_MISC); 2999 uma_zfree(V_key_lft_zone, sav->lft_c); 3000 } 3001 free(sav, M_IPSEC_SA); 3002} 3003 3004/* 3005 * search SAH. 3006 * OUT: 3007 * NULL : not found 3008 * others : found, referenced pointer to a SAH. 3009 */ 3010static struct secashead * 3011key_getsah(struct secasindex *saidx) 3012{ 3013 SAHTREE_RLOCK_TRACKER; 3014 struct secashead *sah; 3015 3016 SAHTREE_RLOCK(); 3017 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 3018 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID) != 0) { 3019 SAH_ADDREF(sah); 3020 break; 3021 } 3022 } 3023 SAHTREE_RUNLOCK(); 3024 return (sah); 3025} 3026 3027/* 3028 * Check not to be duplicated SPI. 3029 * OUT: 3030 * 0 : not found 3031 * 1 : found SA with given SPI. 3032 */ 3033static int 3034key_checkspidup(uint32_t spi) 3035{ 3036 SAHTREE_RLOCK_TRACKER; 3037 struct secasvar *sav; 3038 3039 /* Assume SPI is in network byte order */ 3040 SAHTREE_RLOCK(); 3041 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3042 if (sav->spi == spi) 3043 break; 3044 } 3045 SAHTREE_RUNLOCK(); 3046 return (sav != NULL); 3047} 3048 3049/* 3050 * Search SA by SPI. 3051 * OUT: 3052 * NULL : not found 3053 * others : found, referenced pointer to a SA. 3054 */ 3055static struct secasvar * 3056key_getsavbyspi(uint32_t spi) 3057{ 3058 SAHTREE_RLOCK_TRACKER; 3059 struct secasvar *sav; 3060 3061 /* Assume SPI is in network byte order */ 3062 SAHTREE_RLOCK(); 3063 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3064 if (sav->spi != spi) 3065 continue; 3066 SAV_ADDREF(sav); 3067 break; 3068 } 3069 SAHTREE_RUNLOCK(); 3070 return (sav); 3071} 3072 3073static int 3074key_updatelifetimes(struct secasvar *sav, const struct sadb_msghdr *mhp) 3075{ 3076 struct seclifetime *lft_h, *lft_s, *tmp; 3077 3078 /* Lifetime extension is optional, check that it is present. */ 3079 if (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3080 SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) { 3081 /* 3082 * In case of SADB_UPDATE we may need to change 3083 * existing lifetimes. 3084 */ 3085 if (sav->state == SADB_SASTATE_MATURE) { 3086 lft_h = lft_s = NULL; 3087 goto reset; 3088 } 3089 return (0); 3090 } 3091 /* Both HARD and SOFT extensions must present */ 3092 if ((SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3093 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 3094 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 3095 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 3096 ipseclog((LOG_DEBUG, 3097 "%s: invalid message: missing required header.\n", 3098 __func__)); 3099 return (EINVAL); 3100 } 3101 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD) || 3102 SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_SOFT)) { 3103 ipseclog((LOG_DEBUG, 3104 "%s: invalid message: wrong header size.\n", __func__)); 3105 return (EINVAL); 3106 } 3107 lft_h = key_dup_lifemsg((const struct sadb_lifetime *) 3108 mhp->ext[SADB_EXT_LIFETIME_HARD], M_IPSEC_MISC); 3109 if (lft_h == NULL) { 3110 PFKEYSTAT_INC(in_nomem); 3111 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3112 return (ENOBUFS); 3113 } 3114 lft_s = key_dup_lifemsg((const struct sadb_lifetime *) 3115 mhp->ext[SADB_EXT_LIFETIME_SOFT], M_IPSEC_MISC); 3116 if (lft_s == NULL) { 3117 PFKEYSTAT_INC(in_nomem); 3118 free(lft_h, M_IPSEC_MISC); 3119 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3120 return (ENOBUFS); 3121 } 3122reset: 3123 if (sav->state != SADB_SASTATE_LARVAL) { 3124 /* 3125 * key_update() holds reference to this SA, 3126 * so it won't be deleted in meanwhile. 3127 */ 3128 SECASVAR_LOCK(sav); 3129 tmp = sav->lft_h; 3130 sav->lft_h = lft_h; 3131 lft_h = tmp; 3132 3133 tmp = sav->lft_s; 3134 sav->lft_s = lft_s; 3135 lft_s = tmp; 3136 SECASVAR_UNLOCK(sav); 3137 if (lft_h != NULL) 3138 free(lft_h, M_IPSEC_MISC); 3139 if (lft_s != NULL) 3140 free(lft_s, M_IPSEC_MISC); 3141 return (0); 3142 } 3143 /* We can update lifetime without holding a lock */ 3144 IPSEC_ASSERT(sav->lft_h == NULL, ("lft_h is already initialized\n")); 3145 IPSEC_ASSERT(sav->lft_s == NULL, ("lft_s is already initialized\n")); 3146 sav->lft_h = lft_h; 3147 sav->lft_s = lft_s; 3148 return (0); 3149} 3150 3151/* 3152 * copy SA values from PF_KEY message except *SPI, SEQ, PID and TYPE*. 3153 * You must update these if need. Expects only LARVAL SAs. 3154 * OUT: 0: success. 3155 * !0: failure. 3156 */ 3157static int 3158key_setsaval(struct secasvar *sav, const struct sadb_msghdr *mhp) 3159{ 3160 const struct sadb_sa *sa0; 3161 const struct sadb_key *key0; 3162 uint32_t replay; 3163 size_t len; 3164 int error; 3165 3166 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 3167 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 3168 IPSEC_ASSERT(sav->state == SADB_SASTATE_LARVAL, 3169 ("Attempt to update non LARVAL SA")); 3170 3171 /* XXX rewrite */ 3172 error = key_setident(sav->sah, mhp); 3173 if (error != 0) 3174 goto fail; 3175 3176 /* SA */ 3177 if (!SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 3178 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 3179 error = EINVAL; 3180 goto fail; 3181 } 3182 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 3183 sav->alg_auth = sa0->sadb_sa_auth; 3184 sav->alg_enc = sa0->sadb_sa_encrypt; 3185 sav->flags = sa0->sadb_sa_flags; 3186 if ((sav->flags & SADB_KEY_FLAGS_MAX) != sav->flags) { 3187 ipseclog((LOG_DEBUG, 3188 "%s: invalid sa_flags 0x%08x.\n", __func__, 3189 sav->flags)); 3190 error = EINVAL; 3191 goto fail; 3192 } 3193 3194 /* Optional replay window */ 3195 replay = 0; 3196 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) 3197 replay = sa0->sadb_sa_replay; 3198 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_SA_REPLAY)) { 3199 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA_REPLAY)) { 3200 error = EINVAL; 3201 goto fail; 3202 } 3203 replay = ((const struct sadb_x_sa_replay *) 3204 mhp->ext[SADB_X_EXT_SA_REPLAY])->sadb_x_sa_replay_replay; 3205 3206 if (replay > UINT32_MAX - 32) { 3207 ipseclog((LOG_DEBUG, 3208 "%s: replay window too big.\n", __func__)); 3209 error = EINVAL; 3210 goto fail; 3211 } 3212 3213 replay = (replay + 7) >> 3; 3214 } 3215 3216 sav->replay = malloc(sizeof(struct secreplay), M_IPSEC_MISC, 3217 M_NOWAIT | M_ZERO); 3218 if (sav->replay == NULL) { 3219 PFKEYSTAT_INC(in_nomem); 3220 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3221 __func__)); 3222 error = ENOBUFS; 3223 goto fail; 3224 } 3225 3226 if (replay != 0) { 3227 /* number of 32b blocks to be allocated */ 3228 uint32_t bitmap_size; 3229 3230 /* RFC 6479: 3231 * - the allocated replay window size must be 3232 * a power of two. 3233 * - use an extra 32b block as a redundant window. 3234 */ 3235 bitmap_size = 1; 3236 while (replay + 4 > bitmap_size) 3237 bitmap_size <<= 1; 3238 bitmap_size = bitmap_size / 4; 3239 3240 sav->replay->bitmap = malloc( 3241 bitmap_size * sizeof(uint32_t), M_IPSEC_MISC, 3242 M_NOWAIT | M_ZERO); 3243 if (sav->replay->bitmap == NULL) { 3244 PFKEYSTAT_INC(in_nomem); 3245 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3246 __func__)); 3247 error = ENOBUFS; 3248 goto fail; 3249 } 3250 sav->replay->bitmap_size = bitmap_size; 3251 sav->replay->wsize = replay; 3252 } 3253 } 3254 3255 /* Authentication keys */ 3256 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 3257 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH)) { 3258 error = EINVAL; 3259 goto fail; 3260 } 3261 error = 0; 3262 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH]; 3263 len = mhp->extlen[SADB_EXT_KEY_AUTH]; 3264 switch (mhp->msg->sadb_msg_satype) { 3265 case SADB_SATYPE_AH: 3266 case SADB_SATYPE_ESP: 3267 case SADB_X_SATYPE_TCPSIGNATURE: 3268 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3269 sav->alg_auth != SADB_X_AALG_NULL) 3270 error = EINVAL; 3271 break; 3272 case SADB_X_SATYPE_IPCOMP: 3273 default: 3274 error = EINVAL; 3275 break; 3276 } 3277 if (error) { 3278 ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n", 3279 __func__)); 3280 goto fail; 3281 } 3282 3283 sav->key_auth = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3284 if (sav->key_auth == NULL ) { 3285 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3286 __func__)); 3287 PFKEYSTAT_INC(in_nomem); 3288 error = ENOBUFS; 3289 goto fail; 3290 } 3291 } 3292 3293 /* Encryption key */ 3294 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) { 3295 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT)) { 3296 error = EINVAL; 3297 goto fail; 3298 } 3299 error = 0; 3300 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT]; 3301 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; 3302 switch (mhp->msg->sadb_msg_satype) { 3303 case SADB_SATYPE_ESP: 3304 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3305 sav->alg_enc != SADB_EALG_NULL) { 3306 error = EINVAL; 3307 break; 3308 } 3309 sav->key_enc = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3310 if (sav->key_enc == NULL) { 3311 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3312 __func__)); 3313 PFKEYSTAT_INC(in_nomem); 3314 error = ENOBUFS; 3315 goto fail; 3316 } 3317 break; 3318 case SADB_X_SATYPE_IPCOMP: 3319 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) 3320 error = EINVAL; 3321 sav->key_enc = NULL; /*just in case*/ 3322 break; 3323 case SADB_SATYPE_AH: 3324 case SADB_X_SATYPE_TCPSIGNATURE: 3325 default: 3326 error = EINVAL; 3327 break; 3328 } 3329 if (error) { 3330 ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n", 3331 __func__)); 3332 goto fail; 3333 } 3334 } 3335 3336 /* set iv */ 3337 sav->ivlen = 0; 3338 switch (mhp->msg->sadb_msg_satype) { 3339 case SADB_SATYPE_AH: 3340 if (sav->flags & SADB_X_EXT_DERIV) { 3341 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3342 "given to AH SA.\n", __func__)); 3343 error = EINVAL; 3344 goto fail; 3345 } 3346 if (sav->alg_enc != SADB_EALG_NONE) { 3347 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3348 "mismated.\n", __func__)); 3349 error = EINVAL; 3350 goto fail; 3351 } 3352 error = xform_init(sav, XF_AH); 3353 break; 3354 case SADB_SATYPE_ESP: 3355 if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) == 3356 (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) { 3357 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3358 "given to old-esp.\n", __func__)); 3359 error = EINVAL; 3360 goto fail; 3361 } 3362 error = xform_init(sav, XF_ESP); 3363 break; 3364 case SADB_X_SATYPE_IPCOMP: 3365 if (sav->alg_auth != SADB_AALG_NONE) { 3366 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3367 "mismated.\n", __func__)); 3368 error = EINVAL; 3369 goto fail; 3370 } 3371 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 && 3372 ntohl(sav->spi) >= 0x10000) { 3373 ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n", 3374 __func__)); 3375 error = EINVAL; 3376 goto fail; 3377 } 3378 error = xform_init(sav, XF_IPCOMP); 3379 break; 3380 case SADB_X_SATYPE_TCPSIGNATURE: 3381 if (sav->alg_enc != SADB_EALG_NONE) { 3382 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3383 "mismated.\n", __func__)); 3384 error = EINVAL; 3385 goto fail; 3386 } 3387 error = xform_init(sav, XF_TCPSIGNATURE); 3388 break; 3389 default: 3390 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__)); 3391 error = EPROTONOSUPPORT; 3392 goto fail; 3393 } 3394 if (error) { 3395 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n", 3396 __func__, mhp->msg->sadb_msg_satype)); 3397 goto fail; 3398 } 3399 3400 /* Handle NAT-T headers */ 3401 error = key_setnatt(sav, mhp); 3402 if (error != 0) 3403 goto fail; 3404 3405 /* Initialize lifetime for CURRENT */ 3406 sav->firstused = 0; 3407 sav->created = time_second; 3408 3409 /* lifetimes for HARD and SOFT */ 3410 error = key_updatelifetimes(sav, mhp); 3411 if (error == 0) 3412 return (0); 3413fail: 3414 key_cleansav(sav); 3415 return (error); 3416} 3417 3418/* 3419 * subroutine for SADB_GET and SADB_DUMP. 3420 */ 3421static struct mbuf * 3422key_setdumpsa(struct secasvar *sav, uint8_t type, uint8_t satype, 3423 uint32_t seq, uint32_t pid) 3424{ 3425 struct seclifetime lft_c; 3426 struct mbuf *result = NULL, *tres = NULL, *m; 3427 int i, dumporder[] = { 3428 SADB_EXT_SA, SADB_X_EXT_SA2, SADB_X_EXT_SA_REPLAY, 3429 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 3430 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, 3431 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, 3432 SADB_EXT_KEY_AUTH, SADB_EXT_KEY_ENCRYPT, 3433 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 3434 SADB_EXT_SENSITIVITY, 3435 SADB_X_EXT_NAT_T_TYPE, 3436 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, 3437 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, 3438 SADB_X_EXT_NAT_T_FRAG, 3439 }; 3440 uint32_t replay_count; 3441 3442 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); 3443 if (m == NULL) 3444 goto fail; 3445 result = m; 3446 3447 for (i = nitems(dumporder) - 1; i >= 0; i--) { 3448 m = NULL; 3449 switch (dumporder[i]) { 3450 case SADB_EXT_SA: 3451 m = key_setsadbsa(sav); 3452 if (!m) 3453 goto fail; 3454 break; 3455 3456 case SADB_X_EXT_SA2: 3457 SECASVAR_LOCK(sav); 3458 replay_count = sav->replay ? sav->replay->count : 0; 3459 SECASVAR_UNLOCK(sav); 3460 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 3461 sav->sah->saidx.reqid); 3462 if (!m) 3463 goto fail; 3464 break; 3465 3466 case SADB_X_EXT_SA_REPLAY: 3467 if (sav->replay == NULL || 3468 sav->replay->wsize <= UINT8_MAX) 3469 continue; 3470 3471 m = key_setsadbxsareplay(sav->replay->wsize); 3472 if (!m) 3473 goto fail; 3474 break; 3475 3476 case SADB_EXT_ADDRESS_SRC: 3477 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3478 &sav->sah->saidx.src.sa, 3479 FULLMASK, IPSEC_ULPROTO_ANY); 3480 if (!m) 3481 goto fail; 3482 break; 3483 3484 case SADB_EXT_ADDRESS_DST: 3485 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3486 &sav->sah->saidx.dst.sa, 3487 FULLMASK, IPSEC_ULPROTO_ANY); 3488 if (!m) 3489 goto fail; 3490 break; 3491 3492 case SADB_EXT_KEY_AUTH: 3493 if (!sav->key_auth) 3494 continue; 3495 m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH); 3496 if (!m) 3497 goto fail; 3498 break; 3499 3500 case SADB_EXT_KEY_ENCRYPT: 3501 if (!sav->key_enc) 3502 continue; 3503 m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT); 3504 if (!m) 3505 goto fail; 3506 break; 3507 3508 case SADB_EXT_LIFETIME_CURRENT: 3509 lft_c.addtime = sav->created; 3510 lft_c.allocations = (uint32_t)counter_u64_fetch( 3511 sav->lft_c_allocations); 3512 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes); 3513 lft_c.usetime = sav->firstused; 3514 m = key_setlifetime(&lft_c, SADB_EXT_LIFETIME_CURRENT); 3515 if (!m) 3516 goto fail; 3517 break; 3518 3519 case SADB_EXT_LIFETIME_HARD: 3520 if (!sav->lft_h) 3521 continue; 3522 m = key_setlifetime(sav->lft_h, 3523 SADB_EXT_LIFETIME_HARD); 3524 if (!m) 3525 goto fail; 3526 break; 3527 3528 case SADB_EXT_LIFETIME_SOFT: 3529 if (!sav->lft_s) 3530 continue; 3531 m = key_setlifetime(sav->lft_s, 3532 SADB_EXT_LIFETIME_SOFT); 3533 3534 if (!m) 3535 goto fail; 3536 break; 3537 3538 case SADB_X_EXT_NAT_T_TYPE: 3539 if (sav->natt == NULL) 3540 continue; 3541 m = key_setsadbxtype(UDP_ENCAP_ESPINUDP); 3542 if (!m) 3543 goto fail; 3544 break; 3545 3546 case SADB_X_EXT_NAT_T_DPORT: 3547 if (sav->natt == NULL) 3548 continue; 3549 m = key_setsadbxport(sav->natt->dport, 3550 SADB_X_EXT_NAT_T_DPORT); 3551 if (!m) 3552 goto fail; 3553 break; 3554 3555 case SADB_X_EXT_NAT_T_SPORT: 3556 if (sav->natt == NULL) 3557 continue; 3558 m = key_setsadbxport(sav->natt->sport, 3559 SADB_X_EXT_NAT_T_SPORT); 3560 if (!m) 3561 goto fail; 3562 break; 3563 3564 case SADB_X_EXT_NAT_T_OAI: 3565 if (sav->natt == NULL || 3566 (sav->natt->flags & IPSEC_NATT_F_OAI) == 0) 3567 continue; 3568 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAI, 3569 &sav->natt->oai.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3570 if (!m) 3571 goto fail; 3572 break; 3573 case SADB_X_EXT_NAT_T_OAR: 3574 if (sav->natt == NULL || 3575 (sav->natt->flags & IPSEC_NATT_F_OAR) == 0) 3576 continue; 3577 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAR, 3578 &sav->natt->oar.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3579 if (!m) 3580 goto fail; 3581 break; 3582 case SADB_X_EXT_NAT_T_FRAG: 3583 /* We do not (yet) support those. */ 3584 continue; 3585 3586 case SADB_EXT_ADDRESS_PROXY: 3587 case SADB_EXT_IDENTITY_SRC: 3588 case SADB_EXT_IDENTITY_DST: 3589 /* XXX: should we brought from SPD ? */ 3590 case SADB_EXT_SENSITIVITY: 3591 default: 3592 continue; 3593 } 3594 3595 if (!m) 3596 goto fail; 3597 if (tres) 3598 m_cat(m, tres); 3599 tres = m; 3600 } 3601 3602 m_cat(result, tres); 3603 tres = NULL; 3604 if (result->m_len < sizeof(struct sadb_msg)) { 3605 result = m_pullup(result, sizeof(struct sadb_msg)); 3606 if (result == NULL) 3607 goto fail; 3608 } 3609 3610 result->m_pkthdr.len = 0; 3611 for (m = result; m; m = m->m_next) 3612 result->m_pkthdr.len += m->m_len; 3613 3614 mtod(result, struct sadb_msg *)->sadb_msg_len = 3615 PFKEY_UNIT64(result->m_pkthdr.len); 3616 3617 return result; 3618 3619fail: 3620 m_freem(result); 3621 m_freem(tres); 3622 return NULL; 3623} 3624 3625/* 3626 * set data into sadb_msg. 3627 */ 3628static struct mbuf * 3629key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq, 3630 pid_t pid, u_int16_t reserved) 3631{ 3632 struct mbuf *m; 3633 struct sadb_msg *p; 3634 int len; 3635 3636 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 3637 if (len > MCLBYTES) 3638 return NULL; 3639 MGETHDR(m, M_NOWAIT, MT_DATA); 3640 if (m && len > MHLEN) { 3641 if (!(MCLGET(m, M_NOWAIT))) { 3642 m_freem(m); 3643 m = NULL; 3644 } 3645 } 3646 if (!m) 3647 return NULL; 3648 m->m_pkthdr.len = m->m_len = len; 3649 m->m_next = NULL; 3650 3651 p = mtod(m, struct sadb_msg *); 3652 3653 bzero(p, len); 3654 p->sadb_msg_version = PF_KEY_V2; 3655 p->sadb_msg_type = type; 3656 p->sadb_msg_errno = 0; 3657 p->sadb_msg_satype = satype; 3658 p->sadb_msg_len = PFKEY_UNIT64(tlen); 3659 p->sadb_msg_reserved = reserved; 3660 p->sadb_msg_seq = seq; 3661 p->sadb_msg_pid = (u_int32_t)pid; 3662 3663 return m; 3664} 3665 3666/* 3667 * copy secasvar data into sadb_address. 3668 */ 3669static struct mbuf * 3670key_setsadbsa(struct secasvar *sav) 3671{ 3672 struct mbuf *m; 3673 struct sadb_sa *p; 3674 int len; 3675 3676 len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); 3677 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3678 if (m == NULL) 3679 return (NULL); 3680 m_align(m, len); 3681 m->m_len = len; 3682 p = mtod(m, struct sadb_sa *); 3683 bzero(p, len); 3684 p->sadb_sa_len = PFKEY_UNIT64(len); 3685 p->sadb_sa_exttype = SADB_EXT_SA; 3686 p->sadb_sa_spi = sav->spi; 3687 p->sadb_sa_replay = sav->replay ? 3688 (sav->replay->wsize > UINT8_MAX ? UINT8_MAX : 3689 sav->replay->wsize): 0; 3690 p->sadb_sa_state = sav->state; 3691 p->sadb_sa_auth = sav->alg_auth; 3692 p->sadb_sa_encrypt = sav->alg_enc; 3693 p->sadb_sa_flags = sav->flags & SADB_KEY_FLAGS_MAX; 3694 return (m); 3695} 3696 3697/* 3698 * set data into sadb_address. 3699 */ 3700static struct mbuf * 3701key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr, 3702 u_int8_t prefixlen, u_int16_t ul_proto) 3703{ 3704 struct mbuf *m; 3705 struct sadb_address *p; 3706 size_t len; 3707 3708 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + 3709 PFKEY_ALIGN8(saddr->sa_len); 3710 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3711 if (m == NULL) 3712 return (NULL); 3713 m_align(m, len); 3714 m->m_len = len; 3715 p = mtod(m, struct sadb_address *); 3716 3717 bzero(p, len); 3718 p->sadb_address_len = PFKEY_UNIT64(len); 3719 p->sadb_address_exttype = exttype; 3720 p->sadb_address_proto = ul_proto; 3721 if (prefixlen == FULLMASK) { 3722 switch (saddr->sa_family) { 3723 case AF_INET: 3724 prefixlen = sizeof(struct in_addr) << 3; 3725 break; 3726 case AF_INET6: 3727 prefixlen = sizeof(struct in6_addr) << 3; 3728 break; 3729 default: 3730 ; /*XXX*/ 3731 } 3732 } 3733 p->sadb_address_prefixlen = prefixlen; 3734 p->sadb_address_reserved = 0; 3735 3736 bcopy(saddr, 3737 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)), 3738 saddr->sa_len); 3739 3740 return m; 3741} 3742 3743/* 3744 * set data into sadb_x_sa2. 3745 */ 3746static struct mbuf * 3747key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid) 3748{ 3749 struct mbuf *m; 3750 struct sadb_x_sa2 *p; 3751 size_t len; 3752 3753 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); 3754 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3755 if (m == NULL) 3756 return (NULL); 3757 m_align(m, len); 3758 m->m_len = len; 3759 p = mtod(m, struct sadb_x_sa2 *); 3760 3761 bzero(p, len); 3762 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 3763 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 3764 p->sadb_x_sa2_mode = mode; 3765 p->sadb_x_sa2_reserved1 = 0; 3766 p->sadb_x_sa2_reserved2 = 0; 3767 p->sadb_x_sa2_sequence = seq; 3768 p->sadb_x_sa2_reqid = reqid; 3769 3770 return m; 3771} 3772 3773/* 3774 * Set data into sadb_x_sa_replay. 3775 */ 3776static struct mbuf * 3777key_setsadbxsareplay(u_int32_t replay) 3778{ 3779 struct mbuf *m; 3780 struct sadb_x_sa_replay *p; 3781 size_t len; 3782 3783 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa_replay)); 3784 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3785 if (m == NULL) 3786 return (NULL); 3787 m_align(m, len); 3788 m->m_len = len; 3789 p = mtod(m, struct sadb_x_sa_replay *); 3790 3791 bzero(p, len); 3792 p->sadb_x_sa_replay_len = PFKEY_UNIT64(len); 3793 p->sadb_x_sa_replay_exttype = SADB_X_EXT_SA_REPLAY; 3794 p->sadb_x_sa_replay_replay = (replay << 3); 3795 3796 return m; 3797} 3798 3799/* 3800 * Set a type in sadb_x_nat_t_type. 3801 */ 3802static struct mbuf * 3803key_setsadbxtype(u_int16_t type) 3804{ 3805 struct mbuf *m; 3806 size_t len; 3807 struct sadb_x_nat_t_type *p; 3808 3809 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type)); 3810 3811 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3812 if (m == NULL) 3813 return (NULL); 3814 m_align(m, len); 3815 m->m_len = len; 3816 p = mtod(m, struct sadb_x_nat_t_type *); 3817 3818 bzero(p, len); 3819 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len); 3820 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 3821 p->sadb_x_nat_t_type_type = type; 3822 3823 return (m); 3824} 3825/* 3826 * Set a port in sadb_x_nat_t_port. 3827 * In contrast to default RFC 2367 behaviour, port is in network byte order. 3828 */ 3829static struct mbuf * 3830key_setsadbxport(u_int16_t port, u_int16_t type) 3831{ 3832 struct mbuf *m; 3833 size_t len; 3834 struct sadb_x_nat_t_port *p; 3835 3836 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port)); 3837 3838 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3839 if (m == NULL) 3840 return (NULL); 3841 m_align(m, len); 3842 m->m_len = len; 3843 p = mtod(m, struct sadb_x_nat_t_port *); 3844 3845 bzero(p, len); 3846 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len); 3847 p->sadb_x_nat_t_port_exttype = type; 3848 p->sadb_x_nat_t_port_port = port; 3849 3850 return (m); 3851} 3852 3853/* 3854 * Get port from sockaddr. Port is in network byte order. 3855 */ 3856uint16_t 3857key_portfromsaddr(struct sockaddr *sa) 3858{ 3859 3860 switch (sa->sa_family) { 3861#ifdef INET 3862 case AF_INET: 3863 return ((struct sockaddr_in *)sa)->sin_port; 3864#endif 3865#ifdef INET6 3866 case AF_INET6: 3867 return ((struct sockaddr_in6 *)sa)->sin6_port; 3868#endif 3869 } 3870 return (0); 3871} 3872 3873/* 3874 * Set port in struct sockaddr. Port is in network byte order. 3875 */ 3876void 3877key_porttosaddr(struct sockaddr *sa, uint16_t port) 3878{ 3879 3880 switch (sa->sa_family) { 3881#ifdef INET 3882 case AF_INET: 3883 ((struct sockaddr_in *)sa)->sin_port = port; 3884 break; 3885#endif 3886#ifdef INET6 3887 case AF_INET6: 3888 ((struct sockaddr_in6 *)sa)->sin6_port = port; 3889 break; 3890#endif 3891 default: 3892 ipseclog((LOG_DEBUG, "%s: unexpected address family %d.\n", 3893 __func__, sa->sa_family)); 3894 break; 3895 } 3896} 3897 3898/* 3899 * set data into sadb_x_policy 3900 */ 3901static struct mbuf * 3902key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id, u_int32_t priority) 3903{ 3904 struct mbuf *m; 3905 struct sadb_x_policy *p; 3906 size_t len; 3907 3908 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); 3909 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3910 if (m == NULL) 3911 return (NULL); 3912 m_align(m, len); 3913 m->m_len = len; 3914 p = mtod(m, struct sadb_x_policy *); 3915 3916 bzero(p, len); 3917 p->sadb_x_policy_len = PFKEY_UNIT64(len); 3918 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 3919 p->sadb_x_policy_type = type; 3920 p->sadb_x_policy_dir = dir; 3921 p->sadb_x_policy_id = id; 3922 p->sadb_x_policy_priority = priority; 3923 3924 return m; 3925} 3926 3927/* %%% utilities */ 3928/* Take a key message (sadb_key) from the socket and turn it into one 3929 * of the kernel's key structures (seckey). 3930 * 3931 * IN: pointer to the src 3932 * OUT: NULL no more memory 3933 */ 3934struct seckey * 3935key_dup_keymsg(const struct sadb_key *src, size_t len, 3936 struct malloc_type *type) 3937{ 3938 struct seckey *dst; 3939 3940 dst = malloc(sizeof(*dst), type, M_NOWAIT); 3941 if (dst != NULL) { 3942 dst->bits = src->sadb_key_bits; 3943 dst->key_data = malloc(len, type, M_NOWAIT); 3944 if (dst->key_data != NULL) { 3945 bcopy((const char *)(src + 1), dst->key_data, len); 3946 } else { 3947 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3948 __func__)); 3949 free(dst, type); 3950 dst = NULL; 3951 } 3952 } else { 3953 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3954 __func__)); 3955 3956 } 3957 return (dst); 3958} 3959 3960/* Take a lifetime message (sadb_lifetime) passed in on a socket and 3961 * turn it into one of the kernel's lifetime structures (seclifetime). 3962 * 3963 * IN: pointer to the destination, source and malloc type 3964 * OUT: NULL, no more memory 3965 */ 3966 3967static struct seclifetime * 3968key_dup_lifemsg(const struct sadb_lifetime *src, struct malloc_type *type) 3969{ 3970 struct seclifetime *dst; 3971 3972 dst = malloc(sizeof(*dst), type, M_NOWAIT); 3973 if (dst == NULL) { 3974 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3975 return (NULL); 3976 } 3977 dst->allocations = src->sadb_lifetime_allocations; 3978 dst->bytes = src->sadb_lifetime_bytes; 3979 dst->addtime = src->sadb_lifetime_addtime; 3980 dst->usetime = src->sadb_lifetime_usetime; 3981 return (dst); 3982} 3983 3984/* 3985 * compare two secasindex structure. 3986 * flag can specify to compare 2 saidxes. 3987 * compare two secasindex structure without both mode and reqid. 3988 * don't compare port. 3989 * IN: 3990 * saidx0: source, it can be in SAD. 3991 * saidx1: object. 3992 * OUT: 3993 * 1 : equal 3994 * 0 : not equal 3995 */ 3996static int 3997key_cmpsaidx(const struct secasindex *saidx0, const struct secasindex *saidx1, 3998 int flag) 3999{ 4000 4001 /* sanity */ 4002 if (saidx0 == NULL && saidx1 == NULL) 4003 return 1; 4004 4005 if (saidx0 == NULL || saidx1 == NULL) 4006 return 0; 4007 4008 if (saidx0->proto != saidx1->proto) 4009 return 0; 4010 4011 if (flag == CMP_EXACTLY) { 4012 if (saidx0->mode != saidx1->mode) 4013 return 0; 4014 if (saidx0->reqid != saidx1->reqid) 4015 return 0; 4016 if (bcmp(&saidx0->src, &saidx1->src, 4017 saidx0->src.sa.sa_len) != 0 || 4018 bcmp(&saidx0->dst, &saidx1->dst, 4019 saidx0->dst.sa.sa_len) != 0) 4020 return 0; 4021 } else { 4022 4023 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */ 4024 if (flag == CMP_MODE_REQID || flag == CMP_REQID) { 4025 /* 4026 * If reqid of SPD is non-zero, unique SA is required. 4027 * The result must be of same reqid in this case. 4028 */ 4029 if (saidx1->reqid != 0 && 4030 saidx0->reqid != saidx1->reqid) 4031 return 0; 4032 } 4033 4034 if (flag == CMP_MODE_REQID) { 4035 if (saidx0->mode != IPSEC_MODE_ANY 4036 && saidx0->mode != saidx1->mode) 4037 return 0; 4038 } 4039 4040 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, 0) != 0) 4041 return 0; 4042 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, 0) != 0) 4043 return 0; 4044 } 4045 4046 return 1; 4047} 4048 4049/* 4050 * compare two secindex structure exactly. 4051 * IN: 4052 * spidx0: source, it is often in SPD. 4053 * spidx1: object, it is often from PFKEY message. 4054 * OUT: 4055 * 1 : equal 4056 * 0 : not equal 4057 */ 4058static int 4059key_cmpspidx_exactly(struct secpolicyindex *spidx0, 4060 struct secpolicyindex *spidx1) 4061{ 4062 /* sanity */ 4063 if (spidx0 == NULL && spidx1 == NULL) 4064 return 1; 4065 4066 if (spidx0 == NULL || spidx1 == NULL) 4067 return 0; 4068 4069 if (spidx0->prefs != spidx1->prefs 4070 || spidx0->prefd != spidx1->prefd 4071 || spidx0->ul_proto != spidx1->ul_proto) 4072 return 0; 4073 4074 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 && 4075 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0; 4076} 4077 4078/* 4079 * compare two secindex structure with mask. 4080 * IN: 4081 * spidx0: source, it is often in SPD. 4082 * spidx1: object, it is often from IP header. 4083 * OUT: 4084 * 1 : equal 4085 * 0 : not equal 4086 */ 4087static int 4088key_cmpspidx_withmask(struct secpolicyindex *spidx0, 4089 struct secpolicyindex *spidx1) 4090{ 4091 /* sanity */ 4092 if (spidx0 == NULL && spidx1 == NULL) 4093 return 1; 4094 4095 if (spidx0 == NULL || spidx1 == NULL) 4096 return 0; 4097 4098 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family || 4099 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family || 4100 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len || 4101 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) 4102 return 0; 4103 4104 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ 4105 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY 4106 && spidx0->ul_proto != spidx1->ul_proto) 4107 return 0; 4108 4109 switch (spidx0->src.sa.sa_family) { 4110 case AF_INET: 4111 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY 4112 && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) 4113 return 0; 4114 if (!key_bbcmp(&spidx0->src.sin.sin_addr, 4115 &spidx1->src.sin.sin_addr, spidx0->prefs)) 4116 return 0; 4117 break; 4118 case AF_INET6: 4119 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY 4120 && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) 4121 return 0; 4122 /* 4123 * scope_id check. if sin6_scope_id is 0, we regard it 4124 * as a wildcard scope, which matches any scope zone ID. 4125 */ 4126 if (spidx0->src.sin6.sin6_scope_id && 4127 spidx1->src.sin6.sin6_scope_id && 4128 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) 4129 return 0; 4130 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr, 4131 &spidx1->src.sin6.sin6_addr, spidx0->prefs)) 4132 return 0; 4133 break; 4134 default: 4135 /* XXX */ 4136 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) 4137 return 0; 4138 break; 4139 } 4140 4141 switch (spidx0->dst.sa.sa_family) { 4142 case AF_INET: 4143 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY 4144 && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) 4145 return 0; 4146 if (!key_bbcmp(&spidx0->dst.sin.sin_addr, 4147 &spidx1->dst.sin.sin_addr, spidx0->prefd)) 4148 return 0; 4149 break; 4150 case AF_INET6: 4151 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY 4152 && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) 4153 return 0; 4154 /* 4155 * scope_id check. if sin6_scope_id is 0, we regard it 4156 * as a wildcard scope, which matches any scope zone ID. 4157 */ 4158 if (spidx0->dst.sin6.sin6_scope_id && 4159 spidx1->dst.sin6.sin6_scope_id && 4160 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) 4161 return 0; 4162 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr, 4163 &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) 4164 return 0; 4165 break; 4166 default: 4167 /* XXX */ 4168 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) 4169 return 0; 4170 break; 4171 } 4172 4173 /* XXX Do we check other field ? e.g. flowinfo */ 4174 4175 return 1; 4176} 4177 4178#ifdef satosin 4179#undef satosin 4180#endif 4181#define satosin(s) ((const struct sockaddr_in *)s) 4182#ifdef satosin6 4183#undef satosin6 4184#endif 4185#define satosin6(s) ((const struct sockaddr_in6 *)s) 4186/* returns 0 on match */ 4187int 4188key_sockaddrcmp(const struct sockaddr *sa1, const struct sockaddr *sa2, 4189 int port) 4190{ 4191 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4192 return 1; 4193 4194 switch (sa1->sa_family) { 4195#ifdef INET 4196 case AF_INET: 4197 if (sa1->sa_len != sizeof(struct sockaddr_in)) 4198 return 1; 4199 if (satosin(sa1)->sin_addr.s_addr != 4200 satosin(sa2)->sin_addr.s_addr) { 4201 return 1; 4202 } 4203 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port) 4204 return 1; 4205 break; 4206#endif 4207#ifdef INET6 4208 case AF_INET6: 4209 if (sa1->sa_len != sizeof(struct sockaddr_in6)) 4210 return 1; /*EINVAL*/ 4211 if (satosin6(sa1)->sin6_scope_id != 4212 satosin6(sa2)->sin6_scope_id) { 4213 return 1; 4214 } 4215 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr, 4216 &satosin6(sa2)->sin6_addr)) { 4217 return 1; 4218 } 4219 if (port && 4220 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) { 4221 return 1; 4222 } 4223 break; 4224#endif 4225 default: 4226 if (bcmp(sa1, sa2, sa1->sa_len) != 0) 4227 return 1; 4228 break; 4229 } 4230 4231 return 0; 4232} 4233 4234/* returns 0 on match */ 4235int 4236key_sockaddrcmp_withmask(const struct sockaddr *sa1, 4237 const struct sockaddr *sa2, size_t mask) 4238{ 4239 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4240 return (1); 4241 4242 switch (sa1->sa_family) { 4243#ifdef INET 4244 case AF_INET: 4245 return (!key_bbcmp(&satosin(sa1)->sin_addr, 4246 &satosin(sa2)->sin_addr, mask)); 4247#endif 4248#ifdef INET6 4249 case AF_INET6: 4250 if (satosin6(sa1)->sin6_scope_id != 4251 satosin6(sa2)->sin6_scope_id) 4252 return (1); 4253 return (!key_bbcmp(&satosin6(sa1)->sin6_addr, 4254 &satosin6(sa2)->sin6_addr, mask)); 4255#endif 4256 } 4257 return (1); 4258} 4259#undef satosin 4260#undef satosin6 4261 4262/* 4263 * compare two buffers with mask. 4264 * IN: 4265 * addr1: source 4266 * addr2: object 4267 * bits: Number of bits to compare 4268 * OUT: 4269 * 1 : equal 4270 * 0 : not equal 4271 */ 4272static int 4273key_bbcmp(const void *a1, const void *a2, u_int bits) 4274{ 4275 const unsigned char *p1 = a1; 4276 const unsigned char *p2 = a2; 4277 4278 /* XXX: This could be considerably faster if we compare a word 4279 * at a time, but it is complicated on LSB Endian machines */ 4280 4281 /* Handle null pointers */ 4282 if (p1 == NULL || p2 == NULL) 4283 return (p1 == p2); 4284 4285 while (bits >= 8) { 4286 if (*p1++ != *p2++) 4287 return 0; 4288 bits -= 8; 4289 } 4290 4291 if (bits > 0) { 4292 u_int8_t mask = ~((1<<(8-bits))-1); 4293 if ((*p1 & mask) != (*p2 & mask)) 4294 return 0; 4295 } 4296 return 1; /* Match! */ 4297} 4298 4299static void 4300key_flush_spd(time_t now) 4301{ 4302 SPTREE_RLOCK_TRACKER; 4303 struct secpolicy_list drainq; 4304 struct secpolicy *sp, *nextsp; 4305 u_int dir; 4306 4307 LIST_INIT(&drainq); 4308 SPTREE_RLOCK(); 4309 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 4310 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 4311 if (sp->lifetime == 0 && sp->validtime == 0) 4312 continue; 4313 if ((sp->lifetime && 4314 now - sp->created > sp->lifetime) || 4315 (sp->validtime && 4316 now - sp->lastused > sp->validtime)) { 4317 /* Hold extra reference to send SPDEXPIRE */ 4318 SP_ADDREF(sp); 4319 LIST_INSERT_HEAD(&drainq, sp, drainq); 4320 } 4321 } 4322 } 4323 SPTREE_RUNLOCK(); 4324 if (LIST_EMPTY(&drainq)) 4325 return; 4326 4327 SPTREE_WLOCK(); 4328 sp = LIST_FIRST(&drainq); 4329 while (sp != NULL) { 4330 nextsp = LIST_NEXT(sp, drainq); 4331 /* Check that SP is still linked */ 4332 if (sp->state != IPSEC_SPSTATE_ALIVE) { 4333 LIST_REMOVE(sp, drainq); 4334 key_freesp(&sp); /* release extra reference */ 4335 sp = nextsp; 4336 continue; 4337 } 4338 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 4339 LIST_REMOVE(sp, idhash); 4340 sp->state = IPSEC_SPSTATE_DEAD; 4341 sp = nextsp; 4342 } 4343 V_sp_genid++; 4344 SPTREE_WUNLOCK(); 4345 4346 sp = LIST_FIRST(&drainq); 4347 while (sp != NULL) { 4348 nextsp = LIST_NEXT(sp, drainq); 4349 key_spdexpire(sp); 4350 key_freesp(&sp); /* release extra reference */ 4351 key_freesp(&sp); /* release last reference */ 4352 sp = nextsp; 4353 } 4354} 4355 4356static void 4357key_flush_sad(time_t now) 4358{ 4359 SAHTREE_RLOCK_TRACKER; 4360 struct secashead_list emptyq; 4361 struct secasvar_list drainq, hexpireq, sexpireq, freeq; 4362 struct secashead *sah, *nextsah; 4363 struct secasvar *sav, *nextsav; 4364 4365 LIST_INIT(&drainq); 4366 LIST_INIT(&hexpireq); 4367 LIST_INIT(&sexpireq); 4368 LIST_INIT(&emptyq); 4369 4370 SAHTREE_RLOCK(); 4371 TAILQ_FOREACH(sah, &V_sahtree, chain) { 4372 /* Check for empty SAH */ 4373 if (TAILQ_EMPTY(&sah->savtree_larval) && 4374 TAILQ_EMPTY(&sah->savtree_alive)) { 4375 SAH_ADDREF(sah); 4376 LIST_INSERT_HEAD(&emptyq, sah, drainq); 4377 continue; 4378 } 4379 /* Add all stale LARVAL SAs into drainq */ 4380 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 4381 if (now - sav->created < V_key_larval_lifetime) 4382 continue; 4383 SAV_ADDREF(sav); 4384 LIST_INSERT_HEAD(&drainq, sav, drainq); 4385 } 4386 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 4387 /* lifetimes aren't specified */ 4388 if (sav->lft_h == NULL) 4389 continue; 4390 SECASVAR_LOCK(sav); 4391 /* 4392 * Check again with lock held, because it may 4393 * be updated by SADB_UPDATE. 4394 */ 4395 if (sav->lft_h == NULL) { 4396 SECASVAR_UNLOCK(sav); 4397 continue; 4398 } 4399 /* 4400 * RFC 2367: 4401 * HARD lifetimes MUST take precedence over SOFT 4402 * lifetimes, meaning if the HARD and SOFT lifetimes 4403 * are the same, the HARD lifetime will appear on the 4404 * EXPIRE message. 4405 */ 4406 /* check HARD lifetime */ 4407 if ((sav->lft_h->addtime != 0 && 4408 now - sav->created > sav->lft_h->addtime) || 4409 (sav->lft_h->usetime != 0 && sav->firstused && 4410 now - sav->firstused > sav->lft_h->usetime) || 4411 (sav->lft_h->bytes != 0 && counter_u64_fetch( 4412 sav->lft_c_bytes) > sav->lft_h->bytes)) { 4413 SECASVAR_UNLOCK(sav); 4414 SAV_ADDREF(sav); 4415 LIST_INSERT_HEAD(&hexpireq, sav, drainq); 4416 continue; 4417 } 4418 /* check SOFT lifetime (only for MATURE SAs) */ 4419 if (sav->state == SADB_SASTATE_MATURE && ( 4420 (sav->lft_s->addtime != 0 && 4421 now - sav->created > sav->lft_s->addtime) || 4422 (sav->lft_s->usetime != 0 && sav->firstused && 4423 now - sav->firstused > sav->lft_s->usetime) || 4424 (sav->lft_s->bytes != 0 && counter_u64_fetch( 4425 sav->lft_c_bytes) > sav->lft_s->bytes))) { 4426 SECASVAR_UNLOCK(sav); 4427 SAV_ADDREF(sav); 4428 LIST_INSERT_HEAD(&sexpireq, sav, drainq); 4429 continue; 4430 } 4431 SECASVAR_UNLOCK(sav); 4432 } 4433 } 4434 SAHTREE_RUNLOCK(); 4435 4436 if (LIST_EMPTY(&emptyq) && LIST_EMPTY(&drainq) && 4437 LIST_EMPTY(&hexpireq) && LIST_EMPTY(&sexpireq)) 4438 return; 4439 4440 LIST_INIT(&freeq); 4441 SAHTREE_WLOCK(); 4442 /* Unlink stale LARVAL SAs */ 4443 sav = LIST_FIRST(&drainq); 4444 while (sav != NULL) { 4445 nextsav = LIST_NEXT(sav, drainq); 4446 /* Check that SA is still LARVAL */ 4447 if (sav->state != SADB_SASTATE_LARVAL) { 4448 LIST_REMOVE(sav, drainq); 4449 LIST_INSERT_HEAD(&freeq, sav, drainq); 4450 sav = nextsav; 4451 continue; 4452 } 4453 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 4454 LIST_REMOVE(sav, spihash); 4455 sav->state = SADB_SASTATE_DEAD; 4456 sav = nextsav; 4457 } 4458 /* Unlink all SAs with expired HARD lifetime */ 4459 sav = LIST_FIRST(&hexpireq); 4460 while (sav != NULL) { 4461 nextsav = LIST_NEXT(sav, drainq); 4462 /* Check that SA is not unlinked */ 4463 if (sav->state == SADB_SASTATE_DEAD) { 4464 LIST_REMOVE(sav, drainq); 4465 LIST_INSERT_HEAD(&freeq, sav, drainq); 4466 sav = nextsav; 4467 continue; 4468 } 4469 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 4470 LIST_REMOVE(sav, spihash); 4471 sav->state = SADB_SASTATE_DEAD; 4472 sav = nextsav; 4473 } 4474 /* Mark all SAs with expired SOFT lifetime as DYING */ 4475 sav = LIST_FIRST(&sexpireq); 4476 while (sav != NULL) { 4477 nextsav = LIST_NEXT(sav, drainq); 4478 /* Check that SA is not unlinked */ 4479 if (sav->state == SADB_SASTATE_DEAD) { 4480 LIST_REMOVE(sav, drainq); 4481 LIST_INSERT_HEAD(&freeq, sav, drainq); 4482 sav = nextsav; 4483 continue; 4484 } 4485 /* 4486 * NOTE: this doesn't change SA order in the chain. 4487 */ 4488 sav->state = SADB_SASTATE_DYING; 4489 sav = nextsav; 4490 } 4491 /* Unlink empty SAHs */ 4492 sah = LIST_FIRST(&emptyq); 4493 while (sah != NULL) { 4494 nextsah = LIST_NEXT(sah, drainq); 4495 /* Check that SAH is still empty and not unlinked */ 4496 if (sah->state == SADB_SASTATE_DEAD || 4497 !TAILQ_EMPTY(&sah->savtree_larval) || 4498 !TAILQ_EMPTY(&sah->savtree_alive)) { 4499 LIST_REMOVE(sah, drainq); 4500 key_freesah(&sah); /* release extra reference */ 4501 sah = nextsah; 4502 continue; 4503 } 4504 TAILQ_REMOVE(&V_sahtree, sah, chain); 4505 LIST_REMOVE(sah, addrhash); 4506 sah->state = SADB_SASTATE_DEAD; 4507 sah = nextsah; 4508 } 4509 SAHTREE_WUNLOCK(); 4510 4511 /* Send SPDEXPIRE messages */ 4512 sav = LIST_FIRST(&hexpireq); 4513 while (sav != NULL) { 4514 nextsav = LIST_NEXT(sav, drainq); 4515 key_expire(sav, 1); 4516 key_freesah(&sav->sah); /* release reference from SAV */ 4517 key_freesav(&sav); /* release extra reference */ 4518 key_freesav(&sav); /* release last reference */ 4519 sav = nextsav; 4520 } 4521 sav = LIST_FIRST(&sexpireq); 4522 while (sav != NULL) { 4523 nextsav = LIST_NEXT(sav, drainq); 4524 key_expire(sav, 0); 4525 key_freesav(&sav); /* release extra reference */ 4526 sav = nextsav; 4527 } 4528 /* Free stale LARVAL SAs */ 4529 sav = LIST_FIRST(&drainq); 4530 while (sav != NULL) { 4531 nextsav = LIST_NEXT(sav, drainq); 4532 key_freesah(&sav->sah); /* release reference from SAV */ 4533 key_freesav(&sav); /* release extra reference */ 4534 key_freesav(&sav); /* release last reference */ 4535 sav = nextsav; 4536 } 4537 /* Free SAs that were unlinked/changed by someone else */ 4538 sav = LIST_FIRST(&freeq); 4539 while (sav != NULL) { 4540 nextsav = LIST_NEXT(sav, drainq); 4541 key_freesav(&sav); /* release extra reference */ 4542 sav = nextsav; 4543 } 4544 /* Free empty SAH */ 4545 sah = LIST_FIRST(&emptyq); 4546 while (sah != NULL) { 4547 nextsah = LIST_NEXT(sah, drainq); 4548 key_freesah(&sah); /* release extra reference */ 4549 key_freesah(&sah); /* release last reference */ 4550 sah = nextsah; 4551 } 4552} 4553 4554static void 4555key_flush_acq(time_t now) 4556{ 4557 struct secacq *acq, *nextacq; 4558 4559 /* ACQ tree */ 4560 ACQ_LOCK(); 4561 acq = LIST_FIRST(&V_acqtree); 4562 while (acq != NULL) { 4563 nextacq = LIST_NEXT(acq, chain); 4564 if (now - acq->created > V_key_blockacq_lifetime) { 4565 LIST_REMOVE(acq, chain); 4566 LIST_REMOVE(acq, addrhash); 4567 LIST_REMOVE(acq, seqhash); 4568 free(acq, M_IPSEC_SAQ); 4569 } 4570 acq = nextacq; 4571 } 4572 ACQ_UNLOCK(); 4573} 4574 4575static void 4576key_flush_spacq(time_t now) 4577{ 4578 struct secspacq *acq, *nextacq; 4579 4580 /* SP ACQ tree */ 4581 SPACQ_LOCK(); 4582 for (acq = LIST_FIRST(&V_spacqtree); acq != NULL; acq = nextacq) { 4583 nextacq = LIST_NEXT(acq, chain); 4584 if (now - acq->created > V_key_blockacq_lifetime 4585 && __LIST_CHAINED(acq)) { 4586 LIST_REMOVE(acq, chain); 4587 free(acq, M_IPSEC_SAQ); 4588 } 4589 } 4590 SPACQ_UNLOCK(); 4591} 4592 4593/* 4594 * time handler. 4595 * scanning SPD and SAD to check status for each entries, 4596 * and do to remove or to expire. 4597 * XXX: year 2038 problem may remain. 4598 */ 4599static void 4600key_timehandler(void *arg) 4601{ 4602 VNET_ITERATOR_DECL(vnet_iter); 4603 time_t now = time_second; 4604 4605 VNET_LIST_RLOCK_NOSLEEP(); 4606 VNET_FOREACH(vnet_iter) { 4607 CURVNET_SET(vnet_iter); 4608 key_flush_spd(now); 4609 key_flush_sad(now); 4610 key_flush_acq(now); 4611 key_flush_spacq(now); 4612 CURVNET_RESTORE(); 4613 } 4614 VNET_LIST_RUNLOCK_NOSLEEP(); 4615 4616#ifndef IPSEC_DEBUG2 4617 /* do exchange to tick time !! */ 4618 callout_schedule(&key_timer, hz); 4619#endif /* IPSEC_DEBUG2 */ 4620} 4621 4622u_long 4623key_random() 4624{ 4625 u_long value; 4626 4627 key_randomfill(&value, sizeof(value)); 4628 return value; 4629} 4630 4631void 4632key_randomfill(void *p, size_t l) 4633{ 4634 size_t n; 4635 u_long v; 4636 static int warn = 1; 4637 4638 n = 0; 4639 n = (size_t)read_random(p, (u_int)l); 4640 /* last resort */ 4641 while (n < l) { 4642 v = random(); 4643 bcopy(&v, (u_int8_t *)p + n, 4644 l - n < sizeof(v) ? l - n : sizeof(v)); 4645 n += sizeof(v); 4646 4647 if (warn) { 4648 printf("WARNING: pseudo-random number generator " 4649 "used for IPsec processing\n"); 4650 warn = 0; 4651 } 4652 } 4653} 4654 4655/* 4656 * map SADB_SATYPE_* to IPPROTO_*. 4657 * if satype == SADB_SATYPE then satype is mapped to ~0. 4658 * OUT: 4659 * 0: invalid satype. 4660 */ 4661static uint8_t 4662key_satype2proto(uint8_t satype) 4663{ 4664 switch (satype) { 4665 case SADB_SATYPE_UNSPEC: 4666 return IPSEC_PROTO_ANY; 4667 case SADB_SATYPE_AH: 4668 return IPPROTO_AH; 4669 case SADB_SATYPE_ESP: 4670 return IPPROTO_ESP; 4671 case SADB_X_SATYPE_IPCOMP: 4672 return IPPROTO_IPCOMP; 4673 case SADB_X_SATYPE_TCPSIGNATURE: 4674 return IPPROTO_TCP; 4675 default: 4676 return 0; 4677 } 4678 /* NOTREACHED */ 4679} 4680 4681/* 4682 * map IPPROTO_* to SADB_SATYPE_* 4683 * OUT: 4684 * 0: invalid protocol type. 4685 */ 4686static uint8_t 4687key_proto2satype(uint8_t proto) 4688{ 4689 switch (proto) { 4690 case IPPROTO_AH: 4691 return SADB_SATYPE_AH; 4692 case IPPROTO_ESP: 4693 return SADB_SATYPE_ESP; 4694 case IPPROTO_IPCOMP: 4695 return SADB_X_SATYPE_IPCOMP; 4696 case IPPROTO_TCP: 4697 return SADB_X_SATYPE_TCPSIGNATURE; 4698 default: 4699 return 0; 4700 } 4701 /* NOTREACHED */ 4702} 4703 4704/* %%% PF_KEY */ 4705/* 4706 * SADB_GETSPI processing is to receive 4707 * <base, (SA2), src address, dst address, (SPI range)> 4708 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND 4709 * tree with the status of LARVAL, and send 4710 * <base, SA(*), address(SD)> 4711 * to the IKMPd. 4712 * 4713 * IN: mhp: pointer to the pointer to each header. 4714 * OUT: NULL if fail. 4715 * other if success, return pointer to the message to send. 4716 */ 4717static int 4718key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 4719{ 4720 struct secasindex saidx; 4721 struct sadb_address *src0, *dst0; 4722 struct secasvar *sav; 4723 uint32_t reqid, spi; 4724 int error; 4725 uint8_t mode, proto; 4726 4727 IPSEC_ASSERT(so != NULL, ("null socket")); 4728 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4729 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4730 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4731 4732 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 4733 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) 4734#ifdef PFKEY_STRICT_CHECKS 4735 || SADB_CHECKHDR(mhp, SADB_EXT_SPIRANGE) 4736#endif 4737 ) { 4738 ipseclog((LOG_DEBUG, 4739 "%s: invalid message: missing required header.\n", 4740 __func__)); 4741 error = EINVAL; 4742 goto fail; 4743 } 4744 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 4745 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) 4746#ifdef PFKEY_STRICT_CHECKS 4747 || SADB_CHECKLEN(mhp, SADB_EXT_SPIRANGE) 4748#endif 4749 ) { 4750 ipseclog((LOG_DEBUG, 4751 "%s: invalid message: wrong header size.\n", __func__)); 4752 error = EINVAL; 4753 goto fail; 4754 } 4755 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 4756 mode = IPSEC_MODE_ANY; 4757 reqid = 0; 4758 } else { 4759 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 4760 ipseclog((LOG_DEBUG, 4761 "%s: invalid message: wrong header size.\n", 4762 __func__)); 4763 error = EINVAL; 4764 goto fail; 4765 } 4766 mode = ((struct sadb_x_sa2 *) 4767 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 4768 reqid = ((struct sadb_x_sa2 *) 4769 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 4770 } 4771 4772 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 4773 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 4774 4775 /* map satype to proto */ 4776 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 4777 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 4778 __func__)); 4779 error = EINVAL; 4780 goto fail; 4781 } 4782 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 4783 (struct sockaddr *)(dst0 + 1)); 4784 if (error != 0) { 4785 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 4786 error = EINVAL; 4787 goto fail; 4788 } 4789 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 4790 4791 /* SPI allocation */ 4792 spi = key_do_getnewspi( 4793 (struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], &saidx); 4794 if (spi == 0) { 4795 /* 4796 * Requested SPI or SPI range is not available or 4797 * already used. 4798 */ 4799 error = EEXIST; 4800 goto fail; 4801 } 4802 sav = key_newsav(mhp, &saidx, spi, &error); 4803 if (sav == NULL) 4804 goto fail; 4805 4806 if (sav->seq != 0) { 4807 /* 4808 * RFC2367: 4809 * If the SADB_GETSPI message is in response to a 4810 * kernel-generated SADB_ACQUIRE, the sadb_msg_seq 4811 * MUST be the same as the SADB_ACQUIRE message. 4812 * 4813 * XXXAE: However it doesn't definethe behaviour how to 4814 * check this and what to do if it doesn't match. 4815 * Also what we should do if it matches? 4816 * 4817 * We can compare saidx used in SADB_ACQUIRE with saidx 4818 * used in SADB_GETSPI, but this probably can break 4819 * existing software. For now just warn if it doesn't match. 4820 * 4821 * XXXAE: anyway it looks useless. 4822 */ 4823 key_acqdone(&saidx, sav->seq); 4824 } 4825 KEYDBG(KEY_STAMP, 4826 printf("%s: SA(%p)\n", __func__, sav)); 4827 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 4828 4829 { 4830 struct mbuf *n, *nn; 4831 struct sadb_sa *m_sa; 4832 struct sadb_msg *newmsg; 4833 int off, len; 4834 4835 /* create new sadb_msg to reply. */ 4836 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 4837 PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4838 4839 MGETHDR(n, M_NOWAIT, MT_DATA); 4840 if (len > MHLEN) { 4841 if (!(MCLGET(n, M_NOWAIT))) { 4842 m_freem(n); 4843 n = NULL; 4844 } 4845 } 4846 if (!n) { 4847 error = ENOBUFS; 4848 goto fail; 4849 } 4850 4851 n->m_len = len; 4852 n->m_next = NULL; 4853 off = 0; 4854 4855 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 4856 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 4857 4858 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off); 4859 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); 4860 m_sa->sadb_sa_exttype = SADB_EXT_SA; 4861 m_sa->sadb_sa_spi = spi; /* SPI is already in network byte order */ 4862 off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4863 4864 IPSEC_ASSERT(off == len, 4865 ("length inconsistency (off %u len %u)", off, len)); 4866 4867 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, 4868 SADB_EXT_ADDRESS_DST); 4869 if (!n->m_next) { 4870 m_freem(n); 4871 error = ENOBUFS; 4872 goto fail; 4873 } 4874 4875 if (n->m_len < sizeof(struct sadb_msg)) { 4876 n = m_pullup(n, sizeof(struct sadb_msg)); 4877 if (n == NULL) 4878 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 4879 } 4880 4881 n->m_pkthdr.len = 0; 4882 for (nn = n; nn; nn = nn->m_next) 4883 n->m_pkthdr.len += nn->m_len; 4884 4885 newmsg = mtod(n, struct sadb_msg *); 4886 newmsg->sadb_msg_seq = sav->seq; 4887 newmsg->sadb_msg_errno = 0; 4888 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 4889 4890 m_freem(m); 4891 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 4892 } 4893 4894fail: 4895 return (key_senderror(so, m, error)); 4896} 4897 4898/* 4899 * allocating new SPI 4900 * called by key_getspi(). 4901 * OUT: 4902 * 0: failure. 4903 * others: success, SPI in network byte order. 4904 */ 4905static uint32_t 4906key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx) 4907{ 4908 uint32_t min, max, newspi, t; 4909 int count = V_key_spi_trycnt; 4910 4911 /* set spi range to allocate */ 4912 if (spirange != NULL) { 4913 min = spirange->sadb_spirange_min; 4914 max = spirange->sadb_spirange_max; 4915 } else { 4916 min = V_key_spi_minval; 4917 max = V_key_spi_maxval; 4918 } 4919 /* IPCOMP needs 2-byte SPI */ 4920 if (saidx->proto == IPPROTO_IPCOMP) { 4921 if (min >= 0x10000) 4922 min = 0xffff; 4923 if (max >= 0x10000) 4924 max = 0xffff; 4925 if (min > max) { 4926 t = min; min = max; max = t; 4927 } 4928 } 4929 4930 if (min == max) { 4931 if (!key_checkspidup(htonl(min))) { 4932 ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n", 4933 __func__, min)); 4934 return 0; 4935 } 4936 4937 count--; /* taking one cost. */ 4938 newspi = min; 4939 } else { 4940 4941 /* init SPI */ 4942 newspi = 0; 4943 4944 /* when requesting to allocate spi ranged */ 4945 while (count--) { 4946 /* generate pseudo-random SPI value ranged. */ 4947 newspi = min + (key_random() % (max - min + 1)); 4948 if (!key_checkspidup(htonl(newspi))) 4949 break; 4950 } 4951 4952 if (count == 0 || newspi == 0) { 4953 ipseclog((LOG_DEBUG, 4954 "%s: failed to allocate SPI.\n", __func__)); 4955 return 0; 4956 } 4957 } 4958 4959 /* statistics */ 4960 keystat.getspi_count = 4961 (keystat.getspi_count + V_key_spi_trycnt - count) / 2; 4962 4963 return (htonl(newspi)); 4964} 4965 4966/* 4967 * Find TCP-MD5 SA with corresponding secasindex. 4968 * If not found, return NULL and fill SPI with usable value if needed. 4969 */ 4970static struct secasvar * 4971key_getsav_tcpmd5(struct secasindex *saidx, uint32_t *spi) 4972{ 4973 SAHTREE_RLOCK_TRACKER; 4974 struct secashead *sah; 4975 struct secasvar *sav; 4976 4977 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, ("wrong proto")); 4978 SAHTREE_RLOCK(); 4979 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 4980 if (sah->saidx.proto != IPPROTO_TCP) 4981 continue; 4982 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 4983 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 4984 break; 4985 } 4986 if (sah != NULL) { 4987 if (V_key_preferred_oldsa) 4988 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 4989 else 4990 sav = TAILQ_FIRST(&sah->savtree_alive); 4991 if (sav != NULL) { 4992 SAV_ADDREF(sav); 4993 SAHTREE_RUNLOCK(); 4994 return (sav); 4995 } 4996 } 4997 if (spi == NULL) { 4998 /* No SPI required */ 4999 SAHTREE_RUNLOCK(); 5000 return (NULL); 5001 } 5002 /* Check that SPI is unique */ 5003 LIST_FOREACH(sav, SAVHASH_HASH(*spi), spihash) { 5004 if (sav->spi == *spi) 5005 break; 5006 } 5007 if (sav == NULL) { 5008 SAHTREE_RUNLOCK(); 5009 /* SPI is already unique */ 5010 return (NULL); 5011 } 5012 SAHTREE_RUNLOCK(); 5013 /* XXX: not optimal */ 5014 *spi = key_do_getnewspi(NULL, saidx); 5015 return (NULL); 5016} 5017 5018static int 5019key_updateaddresses(struct socket *so, struct mbuf *m, 5020 const struct sadb_msghdr *mhp, struct secasvar *sav, 5021 struct secasindex *saidx) 5022{ 5023 struct sockaddr *newaddr; 5024 struct secashead *sah; 5025 struct secasvar *newsav, *tmp; 5026 struct mbuf *n; 5027 int error, isnew; 5028 5029 /* Check that we need to change SAH */ 5030 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC)) { 5031 newaddr = (struct sockaddr *)( 5032 ((struct sadb_address *) 5033 mhp->ext[SADB_X_EXT_NEW_ADDRESS_SRC]) + 1); 5034 bcopy(newaddr, &saidx->src, newaddr->sa_len); 5035 key_porttosaddr(&saidx->src.sa, 0); 5036 } 5037 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5038 newaddr = (struct sockaddr *)( 5039 ((struct sadb_address *) 5040 mhp->ext[SADB_X_EXT_NEW_ADDRESS_DST]) + 1); 5041 bcopy(newaddr, &saidx->dst, newaddr->sa_len); 5042 key_porttosaddr(&saidx->dst.sa, 0); 5043 } 5044 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5045 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5046 error = key_checksockaddrs(&saidx->src.sa, &saidx->dst.sa); 5047 if (error != 0) { 5048 ipseclog((LOG_DEBUG, "%s: invalid new sockaddr.\n", 5049 __func__)); 5050 return (error); 5051 } 5052 5053 sah = key_getsah(saidx); 5054 if (sah == NULL) { 5055 /* create a new SA index */ 5056 sah = key_newsah(saidx); 5057 if (sah == NULL) { 5058 ipseclog((LOG_DEBUG, 5059 "%s: No more memory.\n", __func__)); 5060 return (ENOBUFS); 5061 } 5062 isnew = 2; /* SAH is new */ 5063 } else 5064 isnew = 1; /* existing SAH is referenced */ 5065 } else { 5066 /* 5067 * src and dst addresses are still the same. 5068 * Do we want to change NAT-T config? 5069 */ 5070 if (sav->sah->saidx.proto != IPPROTO_ESP || 5071 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5072 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) || 5073 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5074 ipseclog((LOG_DEBUG, 5075 "%s: invalid message: missing required header.\n", 5076 __func__)); 5077 return (EINVAL); 5078 } 5079 /* We hold reference to SA, thus SAH will be referenced too. */ 5080 sah = sav->sah; 5081 isnew = 0; 5082 } 5083 5084 newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, 5085 M_NOWAIT | M_ZERO); 5086 if (newsav == NULL) { 5087 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5088 error = ENOBUFS; 5089 goto fail; 5090 } 5091 5092 /* Clone SA's content into newsav */ 5093 SAV_INITREF(newsav); 5094 bcopy(sav, newsav, offsetof(struct secasvar, chain)); 5095 /* 5096 * We create new NAT-T config if it is needed. 5097 * Old NAT-T config will be freed by key_cleansav() when 5098 * last reference to SA will be released. 5099 */ 5100 newsav->natt = NULL; 5101 newsav->sah = sah; 5102 newsav->state = SADB_SASTATE_MATURE; 5103 error = key_setnatt(newsav, mhp); 5104 if (error != 0) 5105 goto fail; 5106 5107 SAHTREE_WLOCK(); 5108 /* Check that SA is still alive */ 5109 if (sav->state == SADB_SASTATE_DEAD) { 5110 /* SA was unlinked */ 5111 SAHTREE_WUNLOCK(); 5112 error = ESRCH; 5113 goto fail; 5114 } 5115 5116 /* Unlink SA from SAH and SPI hash */ 5117 IPSEC_ASSERT((sav->flags & SADB_X_EXT_F_CLONED) == 0, 5118 ("SA is already cloned")); 5119 IPSEC_ASSERT(sav->state == SADB_SASTATE_MATURE || 5120 sav->state == SADB_SASTATE_DYING, 5121 ("Wrong SA state %u\n", sav->state)); 5122 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 5123 LIST_REMOVE(sav, spihash); 5124 sav->state = SADB_SASTATE_DEAD; 5125 5126 /* 5127 * Link new SA with SAH. Keep SAs ordered by 5128 * create time (newer are first). 5129 */ 5130 TAILQ_FOREACH(tmp, &sah->savtree_alive, chain) { 5131 if (newsav->created > tmp->created) { 5132 TAILQ_INSERT_BEFORE(tmp, newsav, chain); 5133 break; 5134 } 5135 } 5136 if (tmp == NULL) 5137 TAILQ_INSERT_TAIL(&sah->savtree_alive, newsav, chain); 5138 5139 /* Add new SA into SPI hash. */ 5140 LIST_INSERT_HEAD(SAVHASH_HASH(newsav->spi), newsav, spihash); 5141 5142 /* Add new SAH into SADB. */ 5143 if (isnew == 2) { 5144 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 5145 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 5146 sah->state = SADB_SASTATE_MATURE; 5147 SAH_ADDREF(sah); /* newsav references new SAH */ 5148 } 5149 /* 5150 * isnew == 1 -> @sah was referenced by key_getsah(). 5151 * isnew == 0 -> we use the same @sah, that was used by @sav, 5152 * and we use its reference for @newsav. 5153 */ 5154 SECASVAR_LOCK(sav); 5155 /* XXX: replace cntr with pointer? */ 5156 newsav->cntr = sav->cntr; 5157 sav->flags |= SADB_X_EXT_F_CLONED; 5158 SECASVAR_UNLOCK(sav); 5159 5160 SAHTREE_WUNLOCK(); 5161 5162 KEYDBG(KEY_STAMP, 5163 printf("%s: SA(%p) cloned into SA(%p)\n", 5164 __func__, sav, newsav)); 5165 KEYDBG(KEY_DATA, kdebug_secasv(newsav)); 5166 5167 key_freesav(&sav); /* release last reference */ 5168 5169 /* set msg buf from mhp */ 5170 n = key_getmsgbuf_x1(m, mhp); 5171 if (n == NULL) { 5172 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5173 return (ENOBUFS); 5174 } 5175 m_freem(m); 5176 key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5177 return (0); 5178fail: 5179 if (isnew != 0) 5180 key_freesah(&sah); 5181 if (newsav != NULL) { 5182 if (newsav->natt != NULL) 5183 free(newsav->natt, M_IPSEC_MISC); 5184 free(newsav, M_IPSEC_SA); 5185 } 5186 return (error); 5187} 5188 5189/* 5190 * SADB_UPDATE processing 5191 * receive 5192 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5193 * key(AE), (identity(SD),) (sensitivity)> 5194 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. 5195 * and send 5196 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5197 * (identity(SD),) (sensitivity)> 5198 * to the ikmpd. 5199 * 5200 * m will always be freed. 5201 */ 5202static int 5203key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5204{ 5205 struct secasindex saidx; 5206 struct sadb_address *src0, *dst0; 5207 struct sadb_sa *sa0; 5208 struct secasvar *sav; 5209 uint32_t reqid; 5210 int error; 5211 uint8_t mode, proto; 5212 5213 IPSEC_ASSERT(so != NULL, ("null socket")); 5214 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5215 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5216 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5217 5218 /* map satype to proto */ 5219 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5220 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5221 __func__)); 5222 return key_senderror(so, m, EINVAL); 5223 } 5224 5225 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5226 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5227 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5228 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5229 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5230 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5231 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5232 ipseclog((LOG_DEBUG, 5233 "%s: invalid message: missing required header.\n", 5234 __func__)); 5235 return key_senderror(so, m, EINVAL); 5236 } 5237 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5238 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5239 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5240 ipseclog((LOG_DEBUG, 5241 "%s: invalid message: wrong header size.\n", __func__)); 5242 return key_senderror(so, m, EINVAL); 5243 } 5244 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5245 mode = IPSEC_MODE_ANY; 5246 reqid = 0; 5247 } else { 5248 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5249 ipseclog((LOG_DEBUG, 5250 "%s: invalid message: wrong header size.\n", 5251 __func__)); 5252 return key_senderror(so, m, EINVAL); 5253 } 5254 mode = ((struct sadb_x_sa2 *) 5255 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5256 reqid = ((struct sadb_x_sa2 *) 5257 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5258 } 5259 5260 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5261 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5262 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5263 5264 /* 5265 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5266 * SADB_UPDATE message. 5267 */ 5268 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5269 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5270#ifdef PFKEY_STRICT_CHECKS 5271 return key_senderror(so, m, EINVAL); 5272#endif 5273 } 5274 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5275 (struct sockaddr *)(dst0 + 1)); 5276 if (error != 0) { 5277 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5278 return key_senderror(so, m, error); 5279 } 5280 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5281 sav = key_getsavbyspi(sa0->sadb_sa_spi); 5282 if (sav == NULL) { 5283 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u\n", 5284 __func__, ntohl(sa0->sadb_sa_spi))); 5285 return key_senderror(so, m, EINVAL); 5286 } 5287 /* 5288 * Check that SADB_UPDATE issued by the same process that did 5289 * SADB_GETSPI or SADB_ADD. 5290 */ 5291 if (sav->pid != mhp->msg->sadb_msg_pid) { 5292 ipseclog((LOG_DEBUG, 5293 "%s: pid mismatched (SPI %u, pid %u vs. %u)\n", __func__, 5294 ntohl(sav->spi), sav->pid, mhp->msg->sadb_msg_pid)); 5295 key_freesav(&sav); 5296 return key_senderror(so, m, EINVAL); 5297 } 5298 /* saidx should match with SA. */ 5299 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_MODE_REQID) == 0) { 5300 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u", 5301 __func__, ntohl(sav->spi))); 5302 key_freesav(&sav); 5303 return key_senderror(so, m, ESRCH); 5304 } 5305 5306 if (sav->state == SADB_SASTATE_LARVAL) { 5307 if ((mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5308 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) || 5309 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5310 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH))) { 5311 ipseclog((LOG_DEBUG, 5312 "%s: invalid message: missing required header.\n", 5313 __func__)); 5314 key_freesav(&sav); 5315 return key_senderror(so, m, EINVAL); 5316 } 5317 /* 5318 * We can set any values except src, dst and SPI. 5319 */ 5320 error = key_setsaval(sav, mhp); 5321 if (error != 0) { 5322 key_freesav(&sav); 5323 return (key_senderror(so, m, error)); 5324 } 5325 /* Change SA state to MATURE */ 5326 SAHTREE_WLOCK(); 5327 if (sav->state != SADB_SASTATE_LARVAL) { 5328 /* SA was deleted or another thread made it MATURE. */ 5329 SAHTREE_WUNLOCK(); 5330 key_freesav(&sav); 5331 return (key_senderror(so, m, ESRCH)); 5332 } 5333 /* 5334 * NOTE: we keep SAs in savtree_alive ordered by created 5335 * time. When SA's state changed from LARVAL to MATURE, 5336 * we update its created time in key_setsaval() and move 5337 * it into head of savtree_alive. 5338 */ 5339 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 5340 TAILQ_INSERT_HEAD(&sav->sah->savtree_alive, sav, chain); 5341 sav->state = SADB_SASTATE_MATURE; 5342 SAHTREE_WUNLOCK(); 5343 } else { 5344 /* 5345 * For DYING and MATURE SA we can change only state 5346 * and lifetimes. Report EINVAL if something else attempted 5347 * to change. 5348 */ 5349 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5350 !SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 5351 key_freesav(&sav); 5352 return (key_senderror(so, m, EINVAL)); 5353 } 5354 error = key_updatelifetimes(sav, mhp); 5355 if (error != 0) { 5356 key_freesav(&sav); 5357 return (key_senderror(so, m, error)); 5358 } 5359 /* 5360 * This is FreeBSD extension to RFC2367. 5361 * IKEd can specify SADB_X_EXT_NEW_ADDRESS_SRC and/or 5362 * SADB_X_EXT_NEW_ADDRESS_DST when it wants to change 5363 * SA addresses (for example to implement MOBIKE protocol 5364 * as described in RFC4555). Also we allow to change 5365 * NAT-T config. 5366 */ 5367 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5368 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST) || 5369 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5370 sav->natt != NULL) { 5371 error = key_updateaddresses(so, m, mhp, sav, &saidx); 5372 key_freesav(&sav); 5373 if (error != 0) 5374 return (key_senderror(so, m, error)); 5375 return (0); 5376 } 5377 /* Check that SA is still alive */ 5378 SAHTREE_WLOCK(); 5379 if (sav->state == SADB_SASTATE_DEAD) { 5380 /* SA was unlinked */ 5381 SAHTREE_WUNLOCK(); 5382 key_freesav(&sav); 5383 return (key_senderror(so, m, ESRCH)); 5384 } 5385 /* 5386 * NOTE: there is possible state moving from DYING to MATURE, 5387 * but this doesn't change created time, so we won't reorder 5388 * this SA. 5389 */ 5390 sav->state = SADB_SASTATE_MATURE; 5391 SAHTREE_WUNLOCK(); 5392 } 5393 KEYDBG(KEY_STAMP, 5394 printf("%s: SA(%p)\n", __func__, sav)); 5395 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5396 key_freesav(&sav); 5397 5398 { 5399 struct mbuf *n; 5400 5401 /* set msg buf from mhp */ 5402 n = key_getmsgbuf_x1(m, mhp); 5403 if (n == NULL) { 5404 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5405 return key_senderror(so, m, ENOBUFS); 5406 } 5407 5408 m_freem(m); 5409 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5410 } 5411} 5412 5413/* 5414 * SADB_ADD processing 5415 * add an entry to SA database, when received 5416 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5417 * key(AE), (identity(SD),) (sensitivity)> 5418 * from the ikmpd, 5419 * and send 5420 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5421 * (identity(SD),) (sensitivity)> 5422 * to the ikmpd. 5423 * 5424 * IGNORE identity and sensitivity messages. 5425 * 5426 * m will always be freed. 5427 */ 5428static int 5429key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5430{ 5431 struct secasindex saidx; 5432 struct sadb_address *src0, *dst0; 5433 struct sadb_sa *sa0; 5434 struct secasvar *sav; 5435 uint32_t reqid, spi; 5436 uint8_t mode, proto; 5437 int error; 5438 5439 IPSEC_ASSERT(so != NULL, ("null socket")); 5440 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5441 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5442 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5443 5444 /* map satype to proto */ 5445 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5446 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5447 __func__)); 5448 return key_senderror(so, m, EINVAL); 5449 } 5450 5451 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5452 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5453 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5454 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && ( 5455 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5456 SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT))) || 5457 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && ( 5458 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH) || 5459 SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH))) || 5460 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5461 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5462 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5463 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5464 ipseclog((LOG_DEBUG, 5465 "%s: invalid message: missing required header.\n", 5466 __func__)); 5467 return key_senderror(so, m, EINVAL); 5468 } 5469 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5470 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5471 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5472 ipseclog((LOG_DEBUG, 5473 "%s: invalid message: wrong header size.\n", __func__)); 5474 return key_senderror(so, m, EINVAL); 5475 } 5476 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5477 mode = IPSEC_MODE_ANY; 5478 reqid = 0; 5479 } else { 5480 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5481 ipseclog((LOG_DEBUG, 5482 "%s: invalid message: wrong header size.\n", 5483 __func__)); 5484 return key_senderror(so, m, EINVAL); 5485 } 5486 mode = ((struct sadb_x_sa2 *) 5487 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5488 reqid = ((struct sadb_x_sa2 *) 5489 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5490 } 5491 5492 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5493 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 5494 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 5495 5496 /* 5497 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5498 * SADB_ADD message. 5499 */ 5500 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5501 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5502#ifdef PFKEY_STRICT_CHECKS 5503 return key_senderror(so, m, EINVAL); 5504#endif 5505 } 5506 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5507 (struct sockaddr *)(dst0 + 1)); 5508 if (error != 0) { 5509 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5510 return key_senderror(so, m, error); 5511 } 5512 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5513 spi = sa0->sadb_sa_spi; 5514 /* 5515 * For TCP-MD5 SAs we don't use SPI. Check the uniqueness using 5516 * secasindex. 5517 * XXXAE: IPComp seems also doesn't use SPI. 5518 */ 5519 if (proto == IPPROTO_TCP) { 5520 sav = key_getsav_tcpmd5(&saidx, &spi); 5521 if (sav == NULL && spi == 0) { 5522 /* Failed to allocate SPI */ 5523 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", 5524 __func__)); 5525 return key_senderror(so, m, EEXIST); 5526 } 5527 /* XXX: SPI that we report back can have another value */ 5528 } else { 5529 /* We can create new SA only if SPI is different. */ 5530 sav = key_getsavbyspi(spi); 5531 } 5532 if (sav != NULL) { 5533 key_freesav(&sav); 5534 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__)); 5535 return key_senderror(so, m, EEXIST); 5536 } 5537 5538 sav = key_newsav(mhp, &saidx, spi, &error); 5539 if (sav == NULL) 5540 return key_senderror(so, m, error); 5541 KEYDBG(KEY_STAMP, 5542 printf("%s: return SA(%p)\n", __func__, sav)); 5543 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5544 /* 5545 * If SADB_ADD was in response to SADB_ACQUIRE, we need to schedule 5546 * ACQ for deletion. 5547 */ 5548 if (sav->seq != 0) 5549 key_acqdone(&saidx, sav->seq); 5550 5551 { 5552 /* 5553 * Don't call key_freesav() on error here, as we would like to 5554 * keep the SA in the database. 5555 */ 5556 struct mbuf *n; 5557 5558 /* set msg buf from mhp */ 5559 n = key_getmsgbuf_x1(m, mhp); 5560 if (n == NULL) { 5561 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5562 return key_senderror(so, m, ENOBUFS); 5563 } 5564 5565 m_freem(m); 5566 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5567 } 5568} 5569 5570/* 5571 * NAT-T support. 5572 * IKEd may request the use ESP in UDP encapsulation when it detects the 5573 * presence of NAT. It uses NAT-T extension headers for such SAs to specify 5574 * parameters needed for encapsulation and decapsulation. These PF_KEY 5575 * extension headers are not standardized, so this comment addresses our 5576 * implementation. 5577 * SADB_X_EXT_NAT_T_TYPE specifies type of encapsulation, we support only 5578 * UDP_ENCAP_ESPINUDP as described in RFC3948. 5579 * SADB_X_EXT_NAT_T_SPORT/DPORT specifies source and destination ports for 5580 * UDP header. We use these ports in UDP encapsulation procedure, also we 5581 * can check them in UDP decapsulation procedure. 5582 * SADB_X_EXT_NAT_T_OA[IR] specifies original address of initiator or 5583 * responder. These addresses can be used for transport mode to adjust 5584 * checksum after decapsulation and decryption. Since original IP addresses 5585 * used by peer usually different (we detected presence of NAT), TCP/UDP 5586 * pseudo header checksum and IP header checksum was calculated using original 5587 * addresses. After decapsulation and decryption we need to adjust checksum 5588 * to have correct datagram. 5589 * 5590 * We expect presence of NAT-T extension headers only in SADB_ADD and 5591 * SADB_UPDATE messages. We report NAT-T extension headers in replies 5592 * to SADB_ADD, SADB_UPDATE, SADB_GET, and SADB_DUMP messages. 5593 */ 5594static int 5595key_setnatt(struct secasvar *sav, const struct sadb_msghdr *mhp) 5596{ 5597 struct sadb_x_nat_t_port *port; 5598 struct sadb_x_nat_t_type *type; 5599 struct sadb_address *oai, *oar; 5600 struct sockaddr *sa; 5601 uint32_t addr; 5602 uint16_t cksum; 5603 5604 IPSEC_ASSERT(sav->natt == NULL, ("natt is already initialized")); 5605 /* 5606 * Ignore NAT-T headers if sproto isn't ESP. 5607 */ 5608 if (sav->sah->saidx.proto != IPPROTO_ESP) 5609 return (0); 5610 5611 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) && 5612 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) && 5613 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5614 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_TYPE) || 5615 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_SPORT) || 5616 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5617 ipseclog((LOG_DEBUG, 5618 "%s: invalid message: wrong header size.\n", 5619 __func__)); 5620 return (EINVAL); 5621 } 5622 } else 5623 return (0); 5624 5625 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5626 if (type->sadb_x_nat_t_type_type != UDP_ENCAP_ESPINUDP) { 5627 ipseclog((LOG_DEBUG, "%s: unsupported NAT-T type %u.\n", 5628 __func__, type->sadb_x_nat_t_type_type)); 5629 return (EINVAL); 5630 } 5631 /* 5632 * Allocate storage for NAT-T config. 5633 * On error it will be released by key_cleansav(). 5634 */ 5635 sav->natt = malloc(sizeof(struct secnatt), M_IPSEC_MISC, 5636 M_NOWAIT | M_ZERO); 5637 if (sav->natt == NULL) { 5638 PFKEYSTAT_INC(in_nomem); 5639 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5640 return (ENOBUFS); 5641 } 5642 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5643 if (port->sadb_x_nat_t_port_port == 0) { 5644 ipseclog((LOG_DEBUG, "%s: invalid NAT-T sport specified.\n", 5645 __func__)); 5646 return (EINVAL); 5647 } 5648 sav->natt->sport = port->sadb_x_nat_t_port_port; 5649 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5650 if (port->sadb_x_nat_t_port_port == 0) { 5651 ipseclog((LOG_DEBUG, "%s: invalid NAT-T dport specified.\n", 5652 __func__)); 5653 return (EINVAL); 5654 } 5655 sav->natt->dport = port->sadb_x_nat_t_port_port; 5656 5657 /* 5658 * SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR are optional 5659 * and needed only for transport mode IPsec. 5660 * Usually NAT translates only one address, but it is possible, 5661 * that both addresses could be translated. 5662 * NOTE: Value of SADB_X_EXT_NAT_T_OAI is equal to SADB_X_EXT_NAT_T_OA. 5663 */ 5664 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAI)) { 5665 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAI)) { 5666 ipseclog((LOG_DEBUG, 5667 "%s: invalid message: wrong header size.\n", 5668 __func__)); 5669 return (EINVAL); 5670 } 5671 oai = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI]; 5672 } else 5673 oai = NULL; 5674 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAR)) { 5675 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAR)) { 5676 ipseclog((LOG_DEBUG, 5677 "%s: invalid message: wrong header size.\n", 5678 __func__)); 5679 return (EINVAL); 5680 } 5681 oar = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR]; 5682 } else 5683 oar = NULL; 5684 5685 /* Initialize addresses only for transport mode */ 5686 if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) { 5687 cksum = 0; 5688 if (oai != NULL) { 5689 /* Currently we support only AF_INET */ 5690 sa = (struct sockaddr *)(oai + 1); 5691 if (sa->sa_family != AF_INET || 5692 sa->sa_len != sizeof(struct sockaddr_in)) { 5693 ipseclog((LOG_DEBUG, 5694 "%s: wrong NAT-OAi header.\n", 5695 __func__)); 5696 return (EINVAL); 5697 } 5698 /* Ignore address if it the same */ 5699 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5700 sav->sah->saidx.src.sin.sin_addr.s_addr) { 5701 bcopy(sa, &sav->natt->oai.sa, sa->sa_len); 5702 sav->natt->flags |= IPSEC_NATT_F_OAI; 5703 /* Calculate checksum delta */ 5704 addr = sav->sah->saidx.src.sin.sin_addr.s_addr; 5705 cksum = in_addword(cksum, ~addr >> 16); 5706 cksum = in_addword(cksum, ~addr & 0xffff); 5707 addr = sav->natt->oai.sin.sin_addr.s_addr; 5708 cksum = in_addword(cksum, addr >> 16); 5709 cksum = in_addword(cksum, addr & 0xffff); 5710 } 5711 } 5712 if (oar != NULL) { 5713 /* Currently we support only AF_INET */ 5714 sa = (struct sockaddr *)(oar + 1); 5715 if (sa->sa_family != AF_INET || 5716 sa->sa_len != sizeof(struct sockaddr_in)) { 5717 ipseclog((LOG_DEBUG, 5718 "%s: wrong NAT-OAr header.\n", 5719 __func__)); 5720 return (EINVAL); 5721 } 5722 /* Ignore address if it the same */ 5723 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5724 sav->sah->saidx.dst.sin.sin_addr.s_addr) { 5725 bcopy(sa, &sav->natt->oar.sa, sa->sa_len); 5726 sav->natt->flags |= IPSEC_NATT_F_OAR; 5727 /* Calculate checksum delta */ 5728 addr = sav->sah->saidx.dst.sin.sin_addr.s_addr; 5729 cksum = in_addword(cksum, ~addr >> 16); 5730 cksum = in_addword(cksum, ~addr & 0xffff); 5731 addr = sav->natt->oar.sin.sin_addr.s_addr; 5732 cksum = in_addword(cksum, addr >> 16); 5733 cksum = in_addword(cksum, addr & 0xffff); 5734 } 5735 } 5736 sav->natt->cksum = cksum; 5737 } 5738 return (0); 5739} 5740 5741static int 5742key_setident(struct secashead *sah, const struct sadb_msghdr *mhp) 5743{ 5744 const struct sadb_ident *idsrc, *iddst; 5745 int idsrclen, iddstlen; 5746 5747 IPSEC_ASSERT(sah != NULL, ("null secashead")); 5748 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5749 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5750 5751 /* don't make buffer if not there */ 5752 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) && 5753 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5754 sah->idents = NULL; 5755 sah->identd = NULL; 5756 return (0); 5757 } 5758 5759 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) || 5760 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5761 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__)); 5762 return (EINVAL); 5763 } 5764 5765 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC]; 5766 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST]; 5767 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC]; 5768 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST]; 5769 5770 /* validity check */ 5771 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { 5772 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__)); 5773 return EINVAL; 5774 } 5775 5776 switch (idsrc->sadb_ident_type) { 5777 case SADB_IDENTTYPE_PREFIX: 5778 case SADB_IDENTTYPE_FQDN: 5779 case SADB_IDENTTYPE_USERFQDN: 5780 default: 5781 /* XXX do nothing */ 5782 sah->idents = NULL; 5783 sah->identd = NULL; 5784 return 0; 5785 } 5786 5787 /* make structure */ 5788 sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5789 if (sah->idents == NULL) { 5790 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5791 return ENOBUFS; 5792 } 5793 sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5794 if (sah->identd == NULL) { 5795 free(sah->idents, M_IPSEC_MISC); 5796 sah->idents = NULL; 5797 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5798 return ENOBUFS; 5799 } 5800 sah->idents->type = idsrc->sadb_ident_type; 5801 sah->idents->id = idsrc->sadb_ident_id; 5802 5803 sah->identd->type = iddst->sadb_ident_type; 5804 sah->identd->id = iddst->sadb_ident_id; 5805 5806 return 0; 5807} 5808 5809/* 5810 * m will not be freed on return. 5811 * it is caller's responsibility to free the result. 5812 * 5813 * Called from SADB_ADD and SADB_UPDATE. Reply will contain headers 5814 * from the request in defined order. 5815 */ 5816static struct mbuf * 5817key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp) 5818{ 5819 struct mbuf *n; 5820 5821 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5822 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5823 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5824 5825 /* create new sadb_msg to reply. */ 5826 n = key_gather_mbuf(m, mhp, 1, 16, SADB_EXT_RESERVED, 5827 SADB_EXT_SA, SADB_X_EXT_SA2, 5828 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, 5829 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 5830 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 5831 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT, 5832 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, 5833 SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NEW_ADDRESS_SRC, 5834 SADB_X_EXT_NEW_ADDRESS_DST); 5835 if (!n) 5836 return NULL; 5837 5838 if (n->m_len < sizeof(struct sadb_msg)) { 5839 n = m_pullup(n, sizeof(struct sadb_msg)); 5840 if (n == NULL) 5841 return NULL; 5842 } 5843 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; 5844 mtod(n, struct sadb_msg *)->sadb_msg_len = 5845 PFKEY_UNIT64(n->m_pkthdr.len); 5846 5847 return n; 5848} 5849 5850/* 5851 * SADB_DELETE processing 5852 * receive 5853 * <base, SA(*), address(SD)> 5854 * from the ikmpd, and set SADB_SASTATE_DEAD, 5855 * and send, 5856 * <base, SA(*), address(SD)> 5857 * to the ikmpd. 5858 * 5859 * m will always be freed. 5860 */ 5861static int 5862key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5863{ 5864 struct secasindex saidx; 5865 struct sadb_address *src0, *dst0; 5866 struct secasvar *sav; 5867 struct sadb_sa *sa0; 5868 uint8_t proto; 5869 5870 IPSEC_ASSERT(so != NULL, ("null socket")); 5871 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5872 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5873 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5874 5875 /* map satype to proto */ 5876 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5877 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5878 __func__)); 5879 return key_senderror(so, m, EINVAL); 5880 } 5881 5882 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5883 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5884 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5885 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5886 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5887 __func__)); 5888 return key_senderror(so, m, EINVAL); 5889 } 5890 5891 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5892 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5893 5894 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 5895 (struct sockaddr *)(dst0 + 1)) != 0) { 5896 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5897 return (key_senderror(so, m, EINVAL)); 5898 } 5899 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 5900 if (SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 5901 /* 5902 * Caller wants us to delete all non-LARVAL SAs 5903 * that match the src/dst. This is used during 5904 * IKE INITIAL-CONTACT. 5905 * XXXAE: this looks like some extension to RFC2367. 5906 */ 5907 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__)); 5908 return (key_delete_all(so, m, mhp, &saidx)); 5909 } 5910 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 5911 ipseclog((LOG_DEBUG, 5912 "%s: invalid message: wrong header size.\n", __func__)); 5913 return (key_senderror(so, m, EINVAL)); 5914 } 5915 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5916 if (proto == IPPROTO_TCP) 5917 sav = key_getsav_tcpmd5(&saidx, NULL); 5918 else 5919 sav = key_getsavbyspi(sa0->sadb_sa_spi); 5920 if (sav == NULL) { 5921 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u.\n", 5922 __func__, ntohl(sa0->sadb_sa_spi))); 5923 return (key_senderror(so, m, ESRCH)); 5924 } 5925 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 5926 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 5927 __func__, ntohl(sav->spi))); 5928 key_freesav(&sav); 5929 return (key_senderror(so, m, ESRCH)); 5930 } 5931 KEYDBG(KEY_STAMP, 5932 printf("%s: SA(%p)\n", __func__, sav)); 5933 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5934 key_unlinksav(sav); 5935 key_freesav(&sav); 5936 5937 { 5938 struct mbuf *n; 5939 struct sadb_msg *newmsg; 5940 5941 /* create new sadb_msg to reply. */ 5942 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 5943 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 5944 if (!n) 5945 return key_senderror(so, m, ENOBUFS); 5946 5947 if (n->m_len < sizeof(struct sadb_msg)) { 5948 n = m_pullup(n, sizeof(struct sadb_msg)); 5949 if (n == NULL) 5950 return key_senderror(so, m, ENOBUFS); 5951 } 5952 newmsg = mtod(n, struct sadb_msg *); 5953 newmsg->sadb_msg_errno = 0; 5954 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5955 5956 m_freem(m); 5957 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5958 } 5959} 5960 5961/* 5962 * delete all SAs for src/dst. Called from key_delete(). 5963 */ 5964static int 5965key_delete_all(struct socket *so, struct mbuf *m, 5966 const struct sadb_msghdr *mhp, struct secasindex *saidx) 5967{ 5968 struct secasvar_queue drainq; 5969 struct secashead *sah; 5970 struct secasvar *sav, *nextsav; 5971 5972 TAILQ_INIT(&drainq); 5973 SAHTREE_WLOCK(); 5974 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 5975 if (key_cmpsaidx(&sah->saidx, saidx, CMP_HEAD) == 0) 5976 continue; 5977 /* Move all ALIVE SAs into drainq */ 5978 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 5979 } 5980 /* Unlink all queued SAs from SPI hash */ 5981 TAILQ_FOREACH(sav, &drainq, chain) { 5982 sav->state = SADB_SASTATE_DEAD; 5983 LIST_REMOVE(sav, spihash); 5984 } 5985 SAHTREE_WUNLOCK(); 5986 /* Now we can release reference for all SAs in drainq */ 5987 sav = TAILQ_FIRST(&drainq); 5988 while (sav != NULL) { 5989 KEYDBG(KEY_STAMP, 5990 printf("%s: SA(%p)\n", __func__, sav)); 5991 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5992 nextsav = TAILQ_NEXT(sav, chain); 5993 key_freesah(&sav->sah); /* release reference from SAV */ 5994 key_freesav(&sav); /* release last reference */ 5995 sav = nextsav; 5996 } 5997 5998 { 5999 struct mbuf *n; 6000 struct sadb_msg *newmsg; 6001 6002 /* create new sadb_msg to reply. */ 6003 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, 6004 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6005 if (!n) 6006 return key_senderror(so, m, ENOBUFS); 6007 6008 if (n->m_len < sizeof(struct sadb_msg)) { 6009 n = m_pullup(n, sizeof(struct sadb_msg)); 6010 if (n == NULL) 6011 return key_senderror(so, m, ENOBUFS); 6012 } 6013 newmsg = mtod(n, struct sadb_msg *); 6014 newmsg->sadb_msg_errno = 0; 6015 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6016 6017 m_freem(m); 6018 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6019 } 6020} 6021 6022/* 6023 * Delete all alive SAs for corresponding xform. 6024 * Larval SAs have not initialized tdb_xform, so it is safe to leave them 6025 * here when xform disappears. 6026 */ 6027static void 6028key_delete_xform(const struct xformsw *xsp) 6029{ 6030 struct secasvar_queue drainq; 6031 struct secashead *sah; 6032 struct secasvar *sav, *nextsav; 6033 6034 TAILQ_INIT(&drainq); 6035 SAHTREE_WLOCK(); 6036 TAILQ_FOREACH(sah, &V_sahtree, chain) { 6037 sav = TAILQ_FIRST(&sah->savtree_alive); 6038 if (sav == NULL) 6039 continue; 6040 if (sav->tdb_xform != xsp) 6041 continue; 6042 /* 6043 * It is supposed that all SAs in the chain are related to 6044 * one xform. 6045 */ 6046 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6047 } 6048 /* Unlink all queued SAs from SPI hash */ 6049 TAILQ_FOREACH(sav, &drainq, chain) { 6050 sav->state = SADB_SASTATE_DEAD; 6051 LIST_REMOVE(sav, spihash); 6052 } 6053 SAHTREE_WUNLOCK(); 6054 6055 /* Now we can release reference for all SAs in drainq */ 6056 sav = TAILQ_FIRST(&drainq); 6057 while (sav != NULL) { 6058 KEYDBG(KEY_STAMP, 6059 printf("%s: SA(%p)\n", __func__, sav)); 6060 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6061 nextsav = TAILQ_NEXT(sav, chain); 6062 key_freesah(&sav->sah); /* release reference from SAV */ 6063 key_freesav(&sav); /* release last reference */ 6064 sav = nextsav; 6065 } 6066} 6067 6068/* 6069 * SADB_GET processing 6070 * receive 6071 * <base, SA(*), address(SD)> 6072 * from the ikmpd, and get a SP and a SA to respond, 6073 * and send, 6074 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), 6075 * (identity(SD),) (sensitivity)> 6076 * to the ikmpd. 6077 * 6078 * m will always be freed. 6079 */ 6080static int 6081key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6082{ 6083 struct secasindex saidx; 6084 struct sadb_address *src0, *dst0; 6085 struct sadb_sa *sa0; 6086 struct secasvar *sav; 6087 uint8_t proto; 6088 6089 IPSEC_ASSERT(so != NULL, ("null socket")); 6090 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6091 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6092 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6093 6094 /* map satype to proto */ 6095 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6096 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6097 __func__)); 6098 return key_senderror(so, m, EINVAL); 6099 } 6100 6101 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 6102 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6103 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST)) { 6104 ipseclog((LOG_DEBUG, 6105 "%s: invalid message: missing required header.\n", 6106 __func__)); 6107 return key_senderror(so, m, EINVAL); 6108 } 6109 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 6110 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6111 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6112 ipseclog((LOG_DEBUG, 6113 "%s: invalid message: wrong header size.\n", __func__)); 6114 return key_senderror(so, m, EINVAL); 6115 } 6116 6117 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6118 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 6119 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 6120 6121 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6122 (struct sockaddr *)(dst0 + 1)) != 0) { 6123 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6124 return key_senderror(so, m, EINVAL); 6125 } 6126 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6127 6128 if (proto == IPPROTO_TCP) 6129 sav = key_getsav_tcpmd5(&saidx, NULL); 6130 else 6131 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6132 if (sav == NULL) { 6133 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); 6134 return key_senderror(so, m, ESRCH); 6135 } 6136 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6137 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6138 __func__, ntohl(sa0->sadb_sa_spi))); 6139 key_freesav(&sav); 6140 return (key_senderror(so, m, ESRCH)); 6141 } 6142 6143 { 6144 struct mbuf *n; 6145 uint8_t satype; 6146 6147 /* map proto to satype */ 6148 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { 6149 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n", 6150 __func__)); 6151 key_freesav(&sav); 6152 return key_senderror(so, m, EINVAL); 6153 } 6154 6155 /* create new sadb_msg to reply. */ 6156 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, 6157 mhp->msg->sadb_msg_pid); 6158 6159 key_freesav(&sav); 6160 if (!n) 6161 return key_senderror(so, m, ENOBUFS); 6162 6163 m_freem(m); 6164 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 6165 } 6166} 6167 6168/* XXX make it sysctl-configurable? */ 6169static void 6170key_getcomb_setlifetime(struct sadb_comb *comb) 6171{ 6172 6173 comb->sadb_comb_soft_allocations = 1; 6174 comb->sadb_comb_hard_allocations = 1; 6175 comb->sadb_comb_soft_bytes = 0; 6176 comb->sadb_comb_hard_bytes = 0; 6177 comb->sadb_comb_hard_addtime = 86400; /* 1 day */ 6178 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; 6179 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */ 6180 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100; 6181} 6182 6183/* 6184 * XXX reorder combinations by preference 6185 * XXX no idea if the user wants ESP authentication or not 6186 */ 6187static struct mbuf * 6188key_getcomb_ealg(void) 6189{ 6190 struct sadb_comb *comb; 6191 const struct enc_xform *algo; 6192 struct mbuf *result = NULL, *m, *n; 6193 int encmin; 6194 int i, off, o; 6195 int totlen; 6196 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6197 6198 m = NULL; 6199 for (i = 1; i <= SADB_EALG_MAX; i++) { 6200 algo = enc_algorithm_lookup(i); 6201 if (algo == NULL) 6202 continue; 6203 6204 /* discard algorithms with key size smaller than system min */ 6205 if (_BITS(algo->maxkey) < V_ipsec_esp_keymin) 6206 continue; 6207 if (_BITS(algo->minkey) < V_ipsec_esp_keymin) 6208 encmin = V_ipsec_esp_keymin; 6209 else 6210 encmin = _BITS(algo->minkey); 6211 6212 if (V_ipsec_esp_auth) 6213 m = key_getcomb_ah(); 6214 else { 6215 IPSEC_ASSERT(l <= MLEN, 6216 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6217 MGET(m, M_NOWAIT, MT_DATA); 6218 if (m) { 6219 M_ALIGN(m, l); 6220 m->m_len = l; 6221 m->m_next = NULL; 6222 bzero(mtod(m, caddr_t), m->m_len); 6223 } 6224 } 6225 if (!m) 6226 goto fail; 6227 6228 totlen = 0; 6229 for (n = m; n; n = n->m_next) 6230 totlen += n->m_len; 6231 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l)); 6232 6233 for (off = 0; off < totlen; off += l) { 6234 n = m_pulldown(m, off, l, &o); 6235 if (!n) { 6236 /* m is already freed */ 6237 goto fail; 6238 } 6239 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o); 6240 bzero(comb, sizeof(*comb)); 6241 key_getcomb_setlifetime(comb); 6242 comb->sadb_comb_encrypt = i; 6243 comb->sadb_comb_encrypt_minbits = encmin; 6244 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey); 6245 } 6246 6247 if (!result) 6248 result = m; 6249 else 6250 m_cat(result, m); 6251 } 6252 6253 return result; 6254 6255 fail: 6256 if (result) 6257 m_freem(result); 6258 return NULL; 6259} 6260 6261static void 6262key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min, 6263 u_int16_t* max) 6264{ 6265 6266 *min = *max = ah->keysize; 6267 if (ah->keysize == 0) { 6268 /* 6269 * Transform takes arbitrary key size but algorithm 6270 * key size is restricted. Enforce this here. 6271 */ 6272 switch (alg) { 6273 case SADB_X_AALG_MD5: *min = *max = 16; break; 6274 case SADB_X_AALG_SHA: *min = *max = 20; break; 6275 case SADB_X_AALG_NULL: *min = 1; *max = 256; break; 6276 case SADB_X_AALG_SHA2_256: *min = *max = 32; break; 6277 case SADB_X_AALG_SHA2_384: *min = *max = 48; break; 6278 case SADB_X_AALG_SHA2_512: *min = *max = 64; break; 6279 default: 6280 DPRINTF(("%s: unknown AH algorithm %u\n", 6281 __func__, alg)); 6282 break; 6283 } 6284 } 6285} 6286 6287/* 6288 * XXX reorder combinations by preference 6289 */ 6290static struct mbuf * 6291key_getcomb_ah() 6292{ 6293 const struct auth_hash *algo; 6294 struct sadb_comb *comb; 6295 struct mbuf *m; 6296 u_int16_t minkeysize, maxkeysize; 6297 int i; 6298 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6299 6300 m = NULL; 6301 for (i = 1; i <= SADB_AALG_MAX; i++) { 6302#if 1 6303 /* we prefer HMAC algorithms, not old algorithms */ 6304 if (i != SADB_AALG_SHA1HMAC && 6305 i != SADB_AALG_MD5HMAC && 6306 i != SADB_X_AALG_SHA2_256 && 6307 i != SADB_X_AALG_SHA2_384 && 6308 i != SADB_X_AALG_SHA2_512) 6309 continue; 6310#endif 6311 algo = auth_algorithm_lookup(i); 6312 if (!algo) 6313 continue; 6314 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize); 6315 /* discard algorithms with key size smaller than system min */ 6316 if (_BITS(minkeysize) < V_ipsec_ah_keymin) 6317 continue; 6318 6319 if (!m) { 6320 IPSEC_ASSERT(l <= MLEN, 6321 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6322 MGET(m, M_NOWAIT, MT_DATA); 6323 if (m) { 6324 M_ALIGN(m, l); 6325 m->m_len = l; 6326 m->m_next = NULL; 6327 } 6328 } else 6329 M_PREPEND(m, l, M_NOWAIT); 6330 if (!m) 6331 return NULL; 6332 6333 comb = mtod(m, struct sadb_comb *); 6334 bzero(comb, sizeof(*comb)); 6335 key_getcomb_setlifetime(comb); 6336 comb->sadb_comb_auth = i; 6337 comb->sadb_comb_auth_minbits = _BITS(minkeysize); 6338 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize); 6339 } 6340 6341 return m; 6342} 6343 6344/* 6345 * not really an official behavior. discussed in pf_key@inner.net in Sep2000. 6346 * XXX reorder combinations by preference 6347 */ 6348static struct mbuf * 6349key_getcomb_ipcomp() 6350{ 6351 const struct comp_algo *algo; 6352 struct sadb_comb *comb; 6353 struct mbuf *m; 6354 int i; 6355 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6356 6357 m = NULL; 6358 for (i = 1; i <= SADB_X_CALG_MAX; i++) { 6359 algo = comp_algorithm_lookup(i); 6360 if (!algo) 6361 continue; 6362 6363 if (!m) { 6364 IPSEC_ASSERT(l <= MLEN, 6365 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6366 MGET(m, M_NOWAIT, MT_DATA); 6367 if (m) { 6368 M_ALIGN(m, l); 6369 m->m_len = l; 6370 m->m_next = NULL; 6371 } 6372 } else 6373 M_PREPEND(m, l, M_NOWAIT); 6374 if (!m) 6375 return NULL; 6376 6377 comb = mtod(m, struct sadb_comb *); 6378 bzero(comb, sizeof(*comb)); 6379 key_getcomb_setlifetime(comb); 6380 comb->sadb_comb_encrypt = i; 6381 /* what should we set into sadb_comb_*_{min,max}bits? */ 6382 } 6383 6384 return m; 6385} 6386 6387/* 6388 * XXX no way to pass mode (transport/tunnel) to userland 6389 * XXX replay checking? 6390 * XXX sysctl interface to ipsec_{ah,esp}_keymin 6391 */ 6392static struct mbuf * 6393key_getprop(const struct secasindex *saidx) 6394{ 6395 struct sadb_prop *prop; 6396 struct mbuf *m, *n; 6397 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop)); 6398 int totlen; 6399 6400 switch (saidx->proto) { 6401 case IPPROTO_ESP: 6402 m = key_getcomb_ealg(); 6403 break; 6404 case IPPROTO_AH: 6405 m = key_getcomb_ah(); 6406 break; 6407 case IPPROTO_IPCOMP: 6408 m = key_getcomb_ipcomp(); 6409 break; 6410 default: 6411 return NULL; 6412 } 6413 6414 if (!m) 6415 return NULL; 6416 M_PREPEND(m, l, M_NOWAIT); 6417 if (!m) 6418 return NULL; 6419 6420 totlen = 0; 6421 for (n = m; n; n = n->m_next) 6422 totlen += n->m_len; 6423 6424 prop = mtod(m, struct sadb_prop *); 6425 bzero(prop, sizeof(*prop)); 6426 prop->sadb_prop_len = PFKEY_UNIT64(totlen); 6427 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 6428 prop->sadb_prop_replay = 32; /* XXX */ 6429 6430 return m; 6431} 6432 6433/* 6434 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2(). 6435 * send 6436 * <base, SA, address(SD), (address(P)), x_policy, 6437 * (identity(SD),) (sensitivity,) proposal> 6438 * to KMD, and expect to receive 6439 * <base> with SADB_ACQUIRE if error occurred, 6440 * or 6441 * <base, src address, dst address, (SPI range)> with SADB_GETSPI 6442 * from KMD by PF_KEY. 6443 * 6444 * XXX x_policy is outside of RFC2367 (KAME extension). 6445 * XXX sensitivity is not supported. 6446 * XXX for ipcomp, RFC2367 does not define how to fill in proposal. 6447 * see comment for key_getcomb_ipcomp(). 6448 * 6449 * OUT: 6450 * 0 : succeed 6451 * others: error number 6452 */ 6453static int 6454key_acquire(const struct secasindex *saidx, struct secpolicy *sp) 6455{ 6456 union sockaddr_union addr; 6457 struct mbuf *result, *m; 6458 uint32_t seq; 6459 int error; 6460 uint16_t ul_proto; 6461 uint8_t mask, satype; 6462 6463 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 6464 satype = key_proto2satype(saidx->proto); 6465 IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto)); 6466 6467 error = -1; 6468 result = NULL; 6469 ul_proto = IPSEC_ULPROTO_ANY; 6470 6471 /* Get seq number to check whether sending message or not. */ 6472 seq = key_getacq(saidx, &error); 6473 if (seq == 0) 6474 return (error); 6475 6476 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0); 6477 if (!m) { 6478 error = ENOBUFS; 6479 goto fail; 6480 } 6481 result = m; 6482 6483 /* 6484 * set sadb_address for saidx's. 6485 * 6486 * Note that if sp is supplied, then we're being called from 6487 * key_allocsa_policy() and should supply port and protocol 6488 * information. 6489 * XXXAE: why only TCP and UDP? ICMP and SCTP looks applicable too. 6490 * XXXAE: probably we can handle this in the ipsec[46]_allocsa(). 6491 * XXXAE: it looks like we should save this info in the ACQ entry. 6492 */ 6493 if (sp != NULL && (sp->spidx.ul_proto == IPPROTO_TCP || 6494 sp->spidx.ul_proto == IPPROTO_UDP)) 6495 ul_proto = sp->spidx.ul_proto; 6496 6497 addr = saidx->src; 6498 mask = FULLMASK; 6499 if (ul_proto != IPSEC_ULPROTO_ANY) { 6500 switch (sp->spidx.src.sa.sa_family) { 6501 case AF_INET: 6502 if (sp->spidx.src.sin.sin_port != IPSEC_PORT_ANY) { 6503 addr.sin.sin_port = sp->spidx.src.sin.sin_port; 6504 mask = sp->spidx.prefs; 6505 } 6506 break; 6507 case AF_INET6: 6508 if (sp->spidx.src.sin6.sin6_port != IPSEC_PORT_ANY) { 6509 addr.sin6.sin6_port = 6510 sp->spidx.src.sin6.sin6_port; 6511 mask = sp->spidx.prefs; 6512 } 6513 break; 6514 default: 6515 break; 6516 } 6517 } 6518 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &addr.sa, mask, ul_proto); 6519 if (!m) { 6520 error = ENOBUFS; 6521 goto fail; 6522 } 6523 m_cat(result, m); 6524 6525 addr = saidx->dst; 6526 mask = FULLMASK; 6527 if (ul_proto != IPSEC_ULPROTO_ANY) { 6528 switch (sp->spidx.dst.sa.sa_family) { 6529 case AF_INET: 6530 if (sp->spidx.dst.sin.sin_port != IPSEC_PORT_ANY) { 6531 addr.sin.sin_port = sp->spidx.dst.sin.sin_port; 6532 mask = sp->spidx.prefd; 6533 } 6534 break; 6535 case AF_INET6: 6536 if (sp->spidx.dst.sin6.sin6_port != IPSEC_PORT_ANY) { 6537 addr.sin6.sin6_port = 6538 sp->spidx.dst.sin6.sin6_port; 6539 mask = sp->spidx.prefd; 6540 } 6541 break; 6542 default: 6543 break; 6544 } 6545 } 6546 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &addr.sa, mask, ul_proto); 6547 if (!m) { 6548 error = ENOBUFS; 6549 goto fail; 6550 } 6551 m_cat(result, m); 6552 6553 /* XXX proxy address (optional) */ 6554 6555 /* set sadb_x_policy */ 6556 if (sp != NULL) { 6557 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, 6558 sp->priority); 6559 if (!m) { 6560 error = ENOBUFS; 6561 goto fail; 6562 } 6563 m_cat(result, m); 6564 } 6565 6566 /* XXX identity (optional) */ 6567#if 0 6568 if (idexttype && fqdn) { 6569 /* create identity extension (FQDN) */ 6570 struct sadb_ident *id; 6571 int fqdnlen; 6572 6573 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */ 6574 id = (struct sadb_ident *)p; 6575 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6576 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6577 id->sadb_ident_exttype = idexttype; 6578 id->sadb_ident_type = SADB_IDENTTYPE_FQDN; 6579 bcopy(fqdn, id + 1, fqdnlen); 6580 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen); 6581 } 6582 6583 if (idexttype) { 6584 /* create identity extension (USERFQDN) */ 6585 struct sadb_ident *id; 6586 int userfqdnlen; 6587 6588 if (userfqdn) { 6589 /* +1 for terminating-NUL */ 6590 userfqdnlen = strlen(userfqdn) + 1; 6591 } else 6592 userfqdnlen = 0; 6593 id = (struct sadb_ident *)p; 6594 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6595 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6596 id->sadb_ident_exttype = idexttype; 6597 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; 6598 /* XXX is it correct? */ 6599 if (curproc && curproc->p_cred) 6600 id->sadb_ident_id = curproc->p_cred->p_ruid; 6601 if (userfqdn && userfqdnlen) 6602 bcopy(userfqdn, id + 1, userfqdnlen); 6603 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen); 6604 } 6605#endif 6606 6607 /* XXX sensitivity (optional) */ 6608 6609 /* create proposal/combination extension */ 6610 m = key_getprop(saidx); 6611#if 0 6612 /* 6613 * spec conformant: always attach proposal/combination extension, 6614 * the problem is that we have no way to attach it for ipcomp, 6615 * due to the way sadb_comb is declared in RFC2367. 6616 */ 6617 if (!m) { 6618 error = ENOBUFS; 6619 goto fail; 6620 } 6621 m_cat(result, m); 6622#else 6623 /* 6624 * outside of spec; make proposal/combination extension optional. 6625 */ 6626 if (m) 6627 m_cat(result, m); 6628#endif 6629 6630 if ((result->m_flags & M_PKTHDR) == 0) { 6631 error = EINVAL; 6632 goto fail; 6633 } 6634 6635 if (result->m_len < sizeof(struct sadb_msg)) { 6636 result = m_pullup(result, sizeof(struct sadb_msg)); 6637 if (result == NULL) { 6638 error = ENOBUFS; 6639 goto fail; 6640 } 6641 } 6642 6643 result->m_pkthdr.len = 0; 6644 for (m = result; m; m = m->m_next) 6645 result->m_pkthdr.len += m->m_len; 6646 6647 mtod(result, struct sadb_msg *)->sadb_msg_len = 6648 PFKEY_UNIT64(result->m_pkthdr.len); 6649 6650 KEYDBG(KEY_STAMP, 6651 printf("%s: SP(%p)\n", __func__, sp)); 6652 KEYDBG(KEY_DATA, kdebug_secasindex(saidx, NULL)); 6653 6654 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 6655 6656 fail: 6657 if (result) 6658 m_freem(result); 6659 return error; 6660} 6661 6662static uint32_t 6663key_newacq(const struct secasindex *saidx, int *perror) 6664{ 6665 struct secacq *acq; 6666 uint32_t seq; 6667 6668 acq = malloc(sizeof(*acq), M_IPSEC_SAQ, M_NOWAIT | M_ZERO); 6669 if (acq == NULL) { 6670 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6671 *perror = ENOBUFS; 6672 return (0); 6673 } 6674 6675 /* copy secindex */ 6676 bcopy(saidx, &acq->saidx, sizeof(acq->saidx)); 6677 acq->created = time_second; 6678 acq->count = 0; 6679 6680 /* add to acqtree */ 6681 ACQ_LOCK(); 6682 seq = acq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq); 6683 LIST_INSERT_HEAD(&V_acqtree, acq, chain); 6684 LIST_INSERT_HEAD(ACQADDRHASH_HASH(saidx), acq, addrhash); 6685 LIST_INSERT_HEAD(ACQSEQHASH_HASH(seq), acq, seqhash); 6686 ACQ_UNLOCK(); 6687 *perror = 0; 6688 return (seq); 6689} 6690 6691static uint32_t 6692key_getacq(const struct secasindex *saidx, int *perror) 6693{ 6694 struct secacq *acq; 6695 uint32_t seq; 6696 6697 ACQ_LOCK(); 6698 LIST_FOREACH(acq, ACQADDRHASH_HASH(saidx), addrhash) { 6699 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY)) { 6700 if (acq->count > V_key_blockacq_count) { 6701 /* 6702 * Reset counter and send message. 6703 * Also reset created time to keep ACQ for 6704 * this saidx. 6705 */ 6706 acq->created = time_second; 6707 acq->count = 0; 6708 seq = acq->seq; 6709 } else { 6710 /* 6711 * Increment counter and do nothing. 6712 * We send SADB_ACQUIRE message only 6713 * for each V_key_blockacq_count packet. 6714 */ 6715 acq->count++; 6716 seq = 0; 6717 } 6718 break; 6719 } 6720 } 6721 ACQ_UNLOCK(); 6722 if (acq != NULL) { 6723 *perror = 0; 6724 return (seq); 6725 } 6726 /* allocate new entry */ 6727 return (key_newacq(saidx, perror)); 6728} 6729 6730static int 6731key_acqreset(uint32_t seq) 6732{ 6733 struct secacq *acq; 6734 6735 ACQ_LOCK(); 6736 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6737 if (acq->seq == seq) { 6738 acq->count = 0; 6739 acq->created = time_second; 6740 break; 6741 } 6742 } 6743 ACQ_UNLOCK(); 6744 if (acq == NULL) 6745 return (ESRCH); 6746 return (0); 6747} 6748/* 6749 * Mark ACQ entry as stale to remove it in key_flush_acq(). 6750 * Called after successful SADB_GETSPI message. 6751 */ 6752static int 6753key_acqdone(const struct secasindex *saidx, uint32_t seq) 6754{ 6755 struct secacq *acq; 6756 6757 ACQ_LOCK(); 6758 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6759 if (acq->seq == seq) 6760 break; 6761 } 6762 if (acq != NULL) { 6763 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY) == 0) { 6764 ipseclog((LOG_DEBUG, 6765 "%s: Mismatched saidx for ACQ %u", __func__, seq)); 6766 acq = NULL; 6767 } else { 6768 acq->created = 0; 6769 } 6770 } else { 6771 ipseclog((LOG_DEBUG, 6772 "%s: ACQ %u is not found.", __func__, seq)); 6773 } 6774 ACQ_UNLOCK(); 6775 if (acq == NULL) 6776 return (ESRCH); 6777 return (0); 6778} 6779 6780static struct secspacq * 6781key_newspacq(struct secpolicyindex *spidx) 6782{ 6783 struct secspacq *acq; 6784 6785 /* get new entry */ 6786 acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO); 6787 if (acq == NULL) { 6788 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6789 return NULL; 6790 } 6791 6792 /* copy secindex */ 6793 bcopy(spidx, &acq->spidx, sizeof(acq->spidx)); 6794 acq->created = time_second; 6795 acq->count = 0; 6796 6797 /* add to spacqtree */ 6798 SPACQ_LOCK(); 6799 LIST_INSERT_HEAD(&V_spacqtree, acq, chain); 6800 SPACQ_UNLOCK(); 6801 6802 return acq; 6803} 6804 6805static struct secspacq * 6806key_getspacq(struct secpolicyindex *spidx) 6807{ 6808 struct secspacq *acq; 6809 6810 SPACQ_LOCK(); 6811 LIST_FOREACH(acq, &V_spacqtree, chain) { 6812 if (key_cmpspidx_exactly(spidx, &acq->spidx)) { 6813 /* NB: return holding spacq_lock */ 6814 return acq; 6815 } 6816 } 6817 SPACQ_UNLOCK(); 6818 6819 return NULL; 6820} 6821 6822/* 6823 * SADB_ACQUIRE processing, 6824 * in first situation, is receiving 6825 * <base> 6826 * from the ikmpd, and clear sequence of its secasvar entry. 6827 * 6828 * In second situation, is receiving 6829 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6830 * from a user land process, and return 6831 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6832 * to the socket. 6833 * 6834 * m will always be freed. 6835 */ 6836static int 6837key_acquire2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6838{ 6839 SAHTREE_RLOCK_TRACKER; 6840 struct sadb_address *src0, *dst0; 6841 struct secasindex saidx; 6842 struct secashead *sah; 6843 uint32_t reqid; 6844 int error; 6845 uint8_t mode, proto; 6846 6847 IPSEC_ASSERT(so != NULL, ("null socket")); 6848 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6849 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6850 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6851 6852 /* 6853 * Error message from KMd. 6854 * We assume that if error was occurred in IKEd, the length of PFKEY 6855 * message is equal to the size of sadb_msg structure. 6856 * We do not raise error even if error occurred in this function. 6857 */ 6858 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) { 6859 /* check sequence number */ 6860 if (mhp->msg->sadb_msg_seq == 0 || 6861 mhp->msg->sadb_msg_errno == 0) { 6862 ipseclog((LOG_DEBUG, "%s: must specify sequence " 6863 "number and errno.\n", __func__)); 6864 } else { 6865 /* 6866 * IKEd reported that error occurred. 6867 * XXXAE: what it expects from the kernel? 6868 * Probably we should send SADB_ACQUIRE again? 6869 * If so, reset ACQ's state. 6870 * XXXAE: it looks useless. 6871 */ 6872 key_acqreset(mhp->msg->sadb_msg_seq); 6873 } 6874 m_freem(m); 6875 return (0); 6876 } 6877 6878 /* 6879 * This message is from user land. 6880 */ 6881 6882 /* map satype to proto */ 6883 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6884 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6885 __func__)); 6886 return key_senderror(so, m, EINVAL); 6887 } 6888 6889 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6890 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 6891 SADB_CHECKHDR(mhp, SADB_EXT_PROPOSAL)) { 6892 ipseclog((LOG_DEBUG, 6893 "%s: invalid message: missing required header.\n", 6894 __func__)); 6895 return key_senderror(so, m, EINVAL); 6896 } 6897 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6898 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 6899 SADB_CHECKLEN(mhp, SADB_EXT_PROPOSAL)) { 6900 ipseclog((LOG_DEBUG, 6901 "%s: invalid message: wrong header size.\n", __func__)); 6902 return key_senderror(so, m, EINVAL); 6903 } 6904 6905 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 6906 mode = IPSEC_MODE_ANY; 6907 reqid = 0; 6908 } else { 6909 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 6910 ipseclog((LOG_DEBUG, 6911 "%s: invalid message: wrong header size.\n", 6912 __func__)); 6913 return key_senderror(so, m, EINVAL); 6914 } 6915 mode = ((struct sadb_x_sa2 *) 6916 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 6917 reqid = ((struct sadb_x_sa2 *) 6918 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 6919 } 6920 6921 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 6922 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 6923 6924 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 6925 (struct sockaddr *)(dst0 + 1)); 6926 if (error != 0) { 6927 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6928 return key_senderror(so, m, EINVAL); 6929 } 6930 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 6931 6932 /* get a SA index */ 6933 SAHTREE_RLOCK(); 6934 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 6935 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID)) 6936 break; 6937 } 6938 SAHTREE_RUNLOCK(); 6939 if (sah != NULL) { 6940 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__)); 6941 return key_senderror(so, m, EEXIST); 6942 } 6943 6944 error = key_acquire(&saidx, NULL); 6945 if (error != 0) { 6946 ipseclog((LOG_DEBUG, 6947 "%s: error %d returned from key_acquire()\n", 6948 __func__, error)); 6949 return key_senderror(so, m, error); 6950 } 6951 m_freem(m); 6952 return (0); 6953} 6954 6955/* 6956 * SADB_REGISTER processing. 6957 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported. 6958 * receive 6959 * <base> 6960 * from the ikmpd, and register a socket to send PF_KEY messages, 6961 * and send 6962 * <base, supported> 6963 * to KMD by PF_KEY. 6964 * If socket is detached, must free from regnode. 6965 * 6966 * m will always be freed. 6967 */ 6968static int 6969key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6970{ 6971 struct secreg *reg, *newreg = NULL; 6972 6973 IPSEC_ASSERT(so != NULL, ("null socket")); 6974 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6975 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6976 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6977 6978 /* check for invalid register message */ 6979 if (mhp->msg->sadb_msg_satype >= sizeof(V_regtree)/sizeof(V_regtree[0])) 6980 return key_senderror(so, m, EINVAL); 6981 6982 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */ 6983 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 6984 goto setmsg; 6985 6986 /* check whether existing or not */ 6987 REGTREE_LOCK(); 6988 LIST_FOREACH(reg, &V_regtree[mhp->msg->sadb_msg_satype], chain) { 6989 if (reg->so == so) { 6990 REGTREE_UNLOCK(); 6991 ipseclog((LOG_DEBUG, "%s: socket exists already.\n", 6992 __func__)); 6993 return key_senderror(so, m, EEXIST); 6994 } 6995 } 6996 6997 /* create regnode */ 6998 newreg = malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO); 6999 if (newreg == NULL) { 7000 REGTREE_UNLOCK(); 7001 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7002 return key_senderror(so, m, ENOBUFS); 7003 } 7004 7005 newreg->so = so; 7006 ((struct keycb *)sotorawcb(so))->kp_registered++; 7007 7008 /* add regnode to regtree. */ 7009 LIST_INSERT_HEAD(&V_regtree[mhp->msg->sadb_msg_satype], newreg, chain); 7010 REGTREE_UNLOCK(); 7011 7012 setmsg: 7013 { 7014 struct mbuf *n; 7015 struct sadb_msg *newmsg; 7016 struct sadb_supported *sup; 7017 u_int len, alen, elen; 7018 int off; 7019 int i; 7020 struct sadb_alg *alg; 7021 7022 /* create new sadb_msg to reply. */ 7023 alen = 0; 7024 for (i = 1; i <= SADB_AALG_MAX; i++) { 7025 if (auth_algorithm_lookup(i)) 7026 alen += sizeof(struct sadb_alg); 7027 } 7028 if (alen) 7029 alen += sizeof(struct sadb_supported); 7030 elen = 0; 7031 for (i = 1; i <= SADB_EALG_MAX; i++) { 7032 if (enc_algorithm_lookup(i)) 7033 elen += sizeof(struct sadb_alg); 7034 } 7035 if (elen) 7036 elen += sizeof(struct sadb_supported); 7037 7038 len = sizeof(struct sadb_msg) + alen + elen; 7039 7040 if (len > MCLBYTES) 7041 return key_senderror(so, m, ENOBUFS); 7042 7043 MGETHDR(n, M_NOWAIT, MT_DATA); 7044 if (len > MHLEN) { 7045 if (!(MCLGET(n, M_NOWAIT))) { 7046 m_freem(n); 7047 n = NULL; 7048 } 7049 } 7050 if (!n) 7051 return key_senderror(so, m, ENOBUFS); 7052 7053 n->m_pkthdr.len = n->m_len = len; 7054 n->m_next = NULL; 7055 off = 0; 7056 7057 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 7058 newmsg = mtod(n, struct sadb_msg *); 7059 newmsg->sadb_msg_errno = 0; 7060 newmsg->sadb_msg_len = PFKEY_UNIT64(len); 7061 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 7062 7063 /* for authentication algorithm */ 7064 if (alen) { 7065 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7066 sup->sadb_supported_len = PFKEY_UNIT64(alen); 7067 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 7068 off += PFKEY_ALIGN8(sizeof(*sup)); 7069 7070 for (i = 1; i <= SADB_AALG_MAX; i++) { 7071 const struct auth_hash *aalgo; 7072 u_int16_t minkeysize, maxkeysize; 7073 7074 aalgo = auth_algorithm_lookup(i); 7075 if (!aalgo) 7076 continue; 7077 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7078 alg->sadb_alg_id = i; 7079 alg->sadb_alg_ivlen = 0; 7080 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize); 7081 alg->sadb_alg_minbits = _BITS(minkeysize); 7082 alg->sadb_alg_maxbits = _BITS(maxkeysize); 7083 off += PFKEY_ALIGN8(sizeof(*alg)); 7084 } 7085 } 7086 7087 /* for encryption algorithm */ 7088 if (elen) { 7089 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7090 sup->sadb_supported_len = PFKEY_UNIT64(elen); 7091 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 7092 off += PFKEY_ALIGN8(sizeof(*sup)); 7093 7094 for (i = 1; i <= SADB_EALG_MAX; i++) { 7095 const struct enc_xform *ealgo; 7096 7097 ealgo = enc_algorithm_lookup(i); 7098 if (!ealgo) 7099 continue; 7100 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7101 alg->sadb_alg_id = i; 7102 alg->sadb_alg_ivlen = ealgo->ivsize; 7103 alg->sadb_alg_minbits = _BITS(ealgo->minkey); 7104 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey); 7105 off += PFKEY_ALIGN8(sizeof(struct sadb_alg)); 7106 } 7107 } 7108 7109 IPSEC_ASSERT(off == len, 7110 ("length assumption failed (off %u len %u)", off, len)); 7111 7112 m_freem(m); 7113 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); 7114 } 7115} 7116 7117/* 7118 * free secreg entry registered. 7119 * XXX: I want to do free a socket marked done SADB_RESIGER to socket. 7120 */ 7121void 7122key_freereg(struct socket *so) 7123{ 7124 struct secreg *reg; 7125 int i; 7126 7127 IPSEC_ASSERT(so != NULL, ("NULL so")); 7128 7129 /* 7130 * check whether existing or not. 7131 * check all type of SA, because there is a potential that 7132 * one socket is registered to multiple type of SA. 7133 */ 7134 REGTREE_LOCK(); 7135 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 7136 LIST_FOREACH(reg, &V_regtree[i], chain) { 7137 if (reg->so == so && __LIST_CHAINED(reg)) { 7138 LIST_REMOVE(reg, chain); 7139 free(reg, M_IPSEC_SAR); 7140 break; 7141 } 7142 } 7143 } 7144 REGTREE_UNLOCK(); 7145} 7146 7147/* 7148 * SADB_EXPIRE processing 7149 * send 7150 * <base, SA, SA2, lifetime(C and one of HS), address(SD)> 7151 * to KMD by PF_KEY. 7152 * NOTE: We send only soft lifetime extension. 7153 * 7154 * OUT: 0 : succeed 7155 * others : error number 7156 */ 7157static int 7158key_expire(struct secasvar *sav, int hard) 7159{ 7160 struct mbuf *result = NULL, *m; 7161 struct sadb_lifetime *lt; 7162 uint32_t replay_count; 7163 int error, len; 7164 uint8_t satype; 7165 7166 IPSEC_ASSERT (sav != NULL, ("null sav")); 7167 IPSEC_ASSERT (sav->sah != NULL, ("null sa header")); 7168 7169 KEYDBG(KEY_STAMP, 7170 printf("%s: SA(%p) expired %s lifetime\n", __func__, 7171 sav, hard ? "hard": "soft")); 7172 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 7173 /* set msg header */ 7174 satype = key_proto2satype(sav->sah->saidx.proto); 7175 IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype)); 7176 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); 7177 if (!m) { 7178 error = ENOBUFS; 7179 goto fail; 7180 } 7181 result = m; 7182 7183 /* create SA extension */ 7184 m = key_setsadbsa(sav); 7185 if (!m) { 7186 error = ENOBUFS; 7187 goto fail; 7188 } 7189 m_cat(result, m); 7190 7191 /* create SA extension */ 7192 SECASVAR_LOCK(sav); 7193 replay_count = sav->replay ? sav->replay->count : 0; 7194 SECASVAR_UNLOCK(sav); 7195 7196 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 7197 sav->sah->saidx.reqid); 7198 if (!m) { 7199 error = ENOBUFS; 7200 goto fail; 7201 } 7202 m_cat(result, m); 7203 7204 if (sav->replay && sav->replay->wsize > UINT8_MAX) { 7205 m = key_setsadbxsareplay(sav->replay->wsize); 7206 if (!m) { 7207 error = ENOBUFS; 7208 goto fail; 7209 } 7210 m_cat(result, m); 7211 } 7212 7213 /* create lifetime extension (current and soft) */ 7214 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 7215 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 7216 if (m == NULL) { 7217 error = ENOBUFS; 7218 goto fail; 7219 } 7220 m_align(m, len); 7221 m->m_len = len; 7222 bzero(mtod(m, caddr_t), len); 7223 lt = mtod(m, struct sadb_lifetime *); 7224 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7225 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 7226 lt->sadb_lifetime_allocations = 7227 (uint32_t)counter_u64_fetch(sav->lft_c_allocations); 7228 lt->sadb_lifetime_bytes = 7229 counter_u64_fetch(sav->lft_c_bytes); 7230 lt->sadb_lifetime_addtime = sav->created; 7231 lt->sadb_lifetime_usetime = sav->firstused; 7232 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 7233 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7234 if (hard) { 7235 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 7236 lt->sadb_lifetime_allocations = sav->lft_h->allocations; 7237 lt->sadb_lifetime_bytes = sav->lft_h->bytes; 7238 lt->sadb_lifetime_addtime = sav->lft_h->addtime; 7239 lt->sadb_lifetime_usetime = sav->lft_h->usetime; 7240 } else { 7241 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 7242 lt->sadb_lifetime_allocations = sav->lft_s->allocations; 7243 lt->sadb_lifetime_bytes = sav->lft_s->bytes; 7244 lt->sadb_lifetime_addtime = sav->lft_s->addtime; 7245 lt->sadb_lifetime_usetime = sav->lft_s->usetime; 7246 } 7247 m_cat(result, m); 7248 7249 /* set sadb_address for source */ 7250 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 7251 &sav->sah->saidx.src.sa, 7252 FULLMASK, IPSEC_ULPROTO_ANY); 7253 if (!m) { 7254 error = ENOBUFS; 7255 goto fail; 7256 } 7257 m_cat(result, m); 7258 7259 /* set sadb_address for destination */ 7260 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 7261 &sav->sah->saidx.dst.sa, 7262 FULLMASK, IPSEC_ULPROTO_ANY); 7263 if (!m) { 7264 error = ENOBUFS; 7265 goto fail; 7266 } 7267 m_cat(result, m); 7268 7269 /* 7270 * XXX-BZ Handle NAT-T extensions here. 7271 * XXXAE: it doesn't seem quite useful. IKEs should not depend on 7272 * this information, we report only significant SA fields. 7273 */ 7274 7275 if ((result->m_flags & M_PKTHDR) == 0) { 7276 error = EINVAL; 7277 goto fail; 7278 } 7279 7280 if (result->m_len < sizeof(struct sadb_msg)) { 7281 result = m_pullup(result, sizeof(struct sadb_msg)); 7282 if (result == NULL) { 7283 error = ENOBUFS; 7284 goto fail; 7285 } 7286 } 7287 7288 result->m_pkthdr.len = 0; 7289 for (m = result; m; m = m->m_next) 7290 result->m_pkthdr.len += m->m_len; 7291 7292 mtod(result, struct sadb_msg *)->sadb_msg_len = 7293 PFKEY_UNIT64(result->m_pkthdr.len); 7294 7295 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 7296 7297 fail: 7298 if (result) 7299 m_freem(result); 7300 return error; 7301} 7302 7303static void 7304key_freesah_flushed(struct secashead_queue *flushq) 7305{ 7306 struct secashead *sah, *nextsah; 7307 struct secasvar *sav, *nextsav; 7308 7309 sah = TAILQ_FIRST(flushq); 7310 while (sah != NULL) { 7311 sav = TAILQ_FIRST(&sah->savtree_larval); 7312 while (sav != NULL) { 7313 nextsav = TAILQ_NEXT(sav, chain); 7314 TAILQ_REMOVE(&sah->savtree_larval, sav, chain); 7315 key_freesav(&sav); /* release last reference */ 7316 key_freesah(&sah); /* release reference from SAV */ 7317 sav = nextsav; 7318 } 7319 sav = TAILQ_FIRST(&sah->savtree_alive); 7320 while (sav != NULL) { 7321 nextsav = TAILQ_NEXT(sav, chain); 7322 TAILQ_REMOVE(&sah->savtree_alive, sav, chain); 7323 key_freesav(&sav); /* release last reference */ 7324 key_freesah(&sah); /* release reference from SAV */ 7325 sav = nextsav; 7326 } 7327 nextsah = TAILQ_NEXT(sah, chain); 7328 key_freesah(&sah); /* release last reference */ 7329 sah = nextsah; 7330 } 7331} 7332 7333/* 7334 * SADB_FLUSH processing 7335 * receive 7336 * <base> 7337 * from the ikmpd, and free all entries in secastree. 7338 * and send, 7339 * <base> 7340 * to the ikmpd. 7341 * NOTE: to do is only marking SADB_SASTATE_DEAD. 7342 * 7343 * m will always be freed. 7344 */ 7345static int 7346key_flush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7347{ 7348 struct secashead_queue flushq; 7349 struct sadb_msg *newmsg; 7350 struct secashead *sah, *nextsah; 7351 struct secasvar *sav; 7352 uint8_t proto; 7353 int i; 7354 7355 IPSEC_ASSERT(so != NULL, ("null socket")); 7356 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7357 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7358 7359 /* map satype to proto */ 7360 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7361 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7362 __func__)); 7363 return key_senderror(so, m, EINVAL); 7364 } 7365 KEYDBG(KEY_STAMP, 7366 printf("%s: proto %u\n", __func__, proto)); 7367 7368 TAILQ_INIT(&flushq); 7369 if (proto == IPSEC_PROTO_ANY) { 7370 /* no SATYPE specified, i.e. flushing all SA. */ 7371 SAHTREE_WLOCK(); 7372 /* Move all SAHs into flushq */ 7373 TAILQ_CONCAT(&flushq, &V_sahtree, chain); 7374 /* Flush all buckets in SPI hash */ 7375 for (i = 0; i < V_savhash_mask + 1; i++) 7376 LIST_INIT(&V_savhashtbl[i]); 7377 /* Flush all buckets in SAHADDRHASH */ 7378 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 7379 LIST_INIT(&V_sahaddrhashtbl[i]); 7380 /* Mark all SAHs as unlinked */ 7381 TAILQ_FOREACH(sah, &flushq, chain) { 7382 sah->state = SADB_SASTATE_DEAD; 7383 /* 7384 * Callout handler makes its job using 7385 * RLOCK and drain queues. In case, when this 7386 * function will be called just before it 7387 * acquires WLOCK, we need to mark SAs as 7388 * unlinked to prevent second unlink. 7389 */ 7390 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7391 sav->state = SADB_SASTATE_DEAD; 7392 } 7393 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7394 sav->state = SADB_SASTATE_DEAD; 7395 } 7396 } 7397 SAHTREE_WUNLOCK(); 7398 } else { 7399 SAHTREE_WLOCK(); 7400 sah = TAILQ_FIRST(&V_sahtree); 7401 while (sah != NULL) { 7402 IPSEC_ASSERT(sah->state != SADB_SASTATE_DEAD, 7403 ("DEAD SAH %p in SADB_FLUSH", sah)); 7404 nextsah = TAILQ_NEXT(sah, chain); 7405 if (sah->saidx.proto != proto) { 7406 sah = nextsah; 7407 continue; 7408 } 7409 sah->state = SADB_SASTATE_DEAD; 7410 TAILQ_REMOVE(&V_sahtree, sah, chain); 7411 LIST_REMOVE(sah, addrhash); 7412 /* Unlink all SAs from SPI hash */ 7413 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7414 LIST_REMOVE(sav, spihash); 7415 sav->state = SADB_SASTATE_DEAD; 7416 } 7417 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7418 LIST_REMOVE(sav, spihash); 7419 sav->state = SADB_SASTATE_DEAD; 7420 } 7421 /* Add SAH into flushq */ 7422 TAILQ_INSERT_HEAD(&flushq, sah, chain); 7423 sah = nextsah; 7424 } 7425 SAHTREE_WUNLOCK(); 7426 } 7427 7428 key_freesah_flushed(&flushq); 7429 /* Free all queued SAs and SAHs */ 7430 if (m->m_len < sizeof(struct sadb_msg) || 7431 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 7432 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7433 return key_senderror(so, m, ENOBUFS); 7434 } 7435 7436 if (m->m_next) 7437 m_freem(m->m_next); 7438 m->m_next = NULL; 7439 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg); 7440 newmsg = mtod(m, struct sadb_msg *); 7441 newmsg->sadb_msg_errno = 0; 7442 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 7443 7444 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7445} 7446 7447/* 7448 * SADB_DUMP processing 7449 * dump all entries including status of DEAD in SAD. 7450 * receive 7451 * <base> 7452 * from the ikmpd, and dump all secasvar leaves 7453 * and send, 7454 * <base> ..... 7455 * to the ikmpd. 7456 * 7457 * m will always be freed. 7458 */ 7459static int 7460key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7461{ 7462 SAHTREE_RLOCK_TRACKER; 7463 struct secashead *sah; 7464 struct secasvar *sav; 7465 struct sadb_msg *newmsg; 7466 struct mbuf *n; 7467 uint32_t cnt; 7468 uint8_t proto, satype; 7469 7470 IPSEC_ASSERT(so != NULL, ("null socket")); 7471 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7472 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7473 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7474 7475 /* map satype to proto */ 7476 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7477 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7478 __func__)); 7479 return key_senderror(so, m, EINVAL); 7480 } 7481 7482 /* count sav entries to be sent to the userland. */ 7483 cnt = 0; 7484 SAHTREE_RLOCK(); 7485 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7486 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7487 proto != sah->saidx.proto) 7488 continue; 7489 7490 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) 7491 cnt++; 7492 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) 7493 cnt++; 7494 } 7495 7496 if (cnt == 0) { 7497 SAHTREE_RUNLOCK(); 7498 return key_senderror(so, m, ENOENT); 7499 } 7500 7501 /* send this to the userland, one at a time. */ 7502 newmsg = NULL; 7503 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7504 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7505 proto != sah->saidx.proto) 7506 continue; 7507 7508 /* map proto to satype */ 7509 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 7510 SAHTREE_RUNLOCK(); 7511 ipseclog((LOG_DEBUG, "%s: there was invalid proto in " 7512 "SAD.\n", __func__)); 7513 return key_senderror(so, m, EINVAL); 7514 } 7515 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7516 n = key_setdumpsa(sav, SADB_DUMP, satype, 7517 --cnt, mhp->msg->sadb_msg_pid); 7518 if (n == NULL) { 7519 SAHTREE_RUNLOCK(); 7520 return key_senderror(so, m, ENOBUFS); 7521 } 7522 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7523 } 7524 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7525 n = key_setdumpsa(sav, SADB_DUMP, satype, 7526 --cnt, mhp->msg->sadb_msg_pid); 7527 if (n == NULL) { 7528 SAHTREE_RUNLOCK(); 7529 return key_senderror(so, m, ENOBUFS); 7530 } 7531 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7532 } 7533 } 7534 SAHTREE_RUNLOCK(); 7535 m_freem(m); 7536 return (0); 7537} 7538/* 7539 * SADB_X_PROMISC processing 7540 * 7541 * m will always be freed. 7542 */ 7543static int 7544key_promisc(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7545{ 7546 int olen; 7547 7548 IPSEC_ASSERT(so != NULL, ("null socket")); 7549 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7550 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7551 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7552 7553 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7554 7555 if (olen < sizeof(struct sadb_msg)) { 7556#if 1 7557 return key_senderror(so, m, EINVAL); 7558#else 7559 m_freem(m); 7560 return 0; 7561#endif 7562 } else if (olen == sizeof(struct sadb_msg)) { 7563 /* enable/disable promisc mode */ 7564 struct keycb *kp; 7565 7566 if ((kp = (struct keycb *)sotorawcb(so)) == NULL) 7567 return key_senderror(so, m, EINVAL); 7568 mhp->msg->sadb_msg_errno = 0; 7569 switch (mhp->msg->sadb_msg_satype) { 7570 case 0: 7571 case 1: 7572 kp->kp_promisc = mhp->msg->sadb_msg_satype; 7573 break; 7574 default: 7575 return key_senderror(so, m, EINVAL); 7576 } 7577 7578 /* send the original message back to everyone */ 7579 mhp->msg->sadb_msg_errno = 0; 7580 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7581 } else { 7582 /* send packet as is */ 7583 7584 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg))); 7585 7586 /* TODO: if sadb_msg_seq is specified, send to specific pid */ 7587 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7588 } 7589} 7590 7591static int (*key_typesw[])(struct socket *, struct mbuf *, 7592 const struct sadb_msghdr *) = { 7593 NULL, /* SADB_RESERVED */ 7594 key_getspi, /* SADB_GETSPI */ 7595 key_update, /* SADB_UPDATE */ 7596 key_add, /* SADB_ADD */ 7597 key_delete, /* SADB_DELETE */ 7598 key_get, /* SADB_GET */ 7599 key_acquire2, /* SADB_ACQUIRE */ 7600 key_register, /* SADB_REGISTER */ 7601 NULL, /* SADB_EXPIRE */ 7602 key_flush, /* SADB_FLUSH */ 7603 key_dump, /* SADB_DUMP */ 7604 key_promisc, /* SADB_X_PROMISC */ 7605 NULL, /* SADB_X_PCHANGE */ 7606 key_spdadd, /* SADB_X_SPDUPDATE */ 7607 key_spdadd, /* SADB_X_SPDADD */ 7608 key_spddelete, /* SADB_X_SPDDELETE */ 7609 key_spdget, /* SADB_X_SPDGET */ 7610 NULL, /* SADB_X_SPDACQUIRE */ 7611 key_spddump, /* SADB_X_SPDDUMP */ 7612 key_spdflush, /* SADB_X_SPDFLUSH */ 7613 key_spdadd, /* SADB_X_SPDSETIDX */ 7614 NULL, /* SADB_X_SPDEXPIRE */ 7615 key_spddelete2, /* SADB_X_SPDDELETE2 */ 7616}; 7617 7618/* 7619 * parse sadb_msg buffer to process PFKEYv2, 7620 * and create a data to response if needed. 7621 * I think to be dealed with mbuf directly. 7622 * IN: 7623 * msgp : pointer to pointer to a received buffer pulluped. 7624 * This is rewrited to response. 7625 * so : pointer to socket. 7626 * OUT: 7627 * length for buffer to send to user process. 7628 */ 7629int 7630key_parse(struct mbuf *m, struct socket *so) 7631{ 7632 struct sadb_msg *msg; 7633 struct sadb_msghdr mh; 7634 u_int orglen; 7635 int error; 7636 int target; 7637 7638 IPSEC_ASSERT(so != NULL, ("null socket")); 7639 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7640 7641 if (m->m_len < sizeof(struct sadb_msg)) { 7642 m = m_pullup(m, sizeof(struct sadb_msg)); 7643 if (!m) 7644 return ENOBUFS; 7645 } 7646 msg = mtod(m, struct sadb_msg *); 7647 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); 7648 target = KEY_SENDUP_ONE; 7649 7650 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != orglen) { 7651 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); 7652 PFKEYSTAT_INC(out_invlen); 7653 error = EINVAL; 7654 goto senderror; 7655 } 7656 7657 if (msg->sadb_msg_version != PF_KEY_V2) { 7658 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n", 7659 __func__, msg->sadb_msg_version)); 7660 PFKEYSTAT_INC(out_invver); 7661 error = EINVAL; 7662 goto senderror; 7663 } 7664 7665 if (msg->sadb_msg_type > SADB_MAX) { 7666 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7667 __func__, msg->sadb_msg_type)); 7668 PFKEYSTAT_INC(out_invmsgtype); 7669 error = EINVAL; 7670 goto senderror; 7671 } 7672 7673 /* for old-fashioned code - should be nuked */ 7674 if (m->m_pkthdr.len > MCLBYTES) { 7675 m_freem(m); 7676 return ENOBUFS; 7677 } 7678 if (m->m_next) { 7679 struct mbuf *n; 7680 7681 MGETHDR(n, M_NOWAIT, MT_DATA); 7682 if (n && m->m_pkthdr.len > MHLEN) { 7683 if (!(MCLGET(n, M_NOWAIT))) { 7684 m_free(n); 7685 n = NULL; 7686 } 7687 } 7688 if (!n) { 7689 m_freem(m); 7690 return ENOBUFS; 7691 } 7692 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t)); 7693 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len; 7694 n->m_next = NULL; 7695 m_freem(m); 7696 m = n; 7697 } 7698 7699 /* align the mbuf chain so that extensions are in contiguous region. */ 7700 error = key_align(m, &mh); 7701 if (error) 7702 return error; 7703 7704 msg = mh.msg; 7705 7706 /* We use satype as scope mask for spddump */ 7707 if (msg->sadb_msg_type == SADB_X_SPDDUMP) { 7708 switch (msg->sadb_msg_satype) { 7709 case IPSEC_POLICYSCOPE_ANY: 7710 case IPSEC_POLICYSCOPE_GLOBAL: 7711 case IPSEC_POLICYSCOPE_IFNET: 7712 case IPSEC_POLICYSCOPE_PCB: 7713 break; 7714 default: 7715 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7716 __func__, msg->sadb_msg_type)); 7717 PFKEYSTAT_INC(out_invsatype); 7718 error = EINVAL; 7719 goto senderror; 7720 } 7721 } else { 7722 switch (msg->sadb_msg_satype) { /* check SA type */ 7723 case SADB_SATYPE_UNSPEC: 7724 switch (msg->sadb_msg_type) { 7725 case SADB_GETSPI: 7726 case SADB_UPDATE: 7727 case SADB_ADD: 7728 case SADB_DELETE: 7729 case SADB_GET: 7730 case SADB_ACQUIRE: 7731 case SADB_EXPIRE: 7732 ipseclog((LOG_DEBUG, "%s: must specify satype " 7733 "when msg type=%u.\n", __func__, 7734 msg->sadb_msg_type)); 7735 PFKEYSTAT_INC(out_invsatype); 7736 error = EINVAL; 7737 goto senderror; 7738 } 7739 break; 7740 case SADB_SATYPE_AH: 7741 case SADB_SATYPE_ESP: 7742 case SADB_X_SATYPE_IPCOMP: 7743 case SADB_X_SATYPE_TCPSIGNATURE: 7744 switch (msg->sadb_msg_type) { 7745 case SADB_X_SPDADD: 7746 case SADB_X_SPDDELETE: 7747 case SADB_X_SPDGET: 7748 case SADB_X_SPDFLUSH: 7749 case SADB_X_SPDSETIDX: 7750 case SADB_X_SPDUPDATE: 7751 case SADB_X_SPDDELETE2: 7752 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7753 __func__, msg->sadb_msg_type)); 7754 PFKEYSTAT_INC(out_invsatype); 7755 error = EINVAL; 7756 goto senderror; 7757 } 7758 break; 7759 case SADB_SATYPE_RSVP: 7760 case SADB_SATYPE_OSPFV2: 7761 case SADB_SATYPE_RIPV2: 7762 case SADB_SATYPE_MIP: 7763 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n", 7764 __func__, msg->sadb_msg_satype)); 7765 PFKEYSTAT_INC(out_invsatype); 7766 error = EOPNOTSUPP; 7767 goto senderror; 7768 case 1: /* XXX: What does it do? */ 7769 if (msg->sadb_msg_type == SADB_X_PROMISC) 7770 break; 7771 /*FALLTHROUGH*/ 7772 default: 7773 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7774 __func__, msg->sadb_msg_satype)); 7775 PFKEYSTAT_INC(out_invsatype); 7776 error = EINVAL; 7777 goto senderror; 7778 } 7779 } 7780 7781 /* check field of upper layer protocol and address family */ 7782 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL 7783 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) { 7784 struct sadb_address *src0, *dst0; 7785 u_int plen; 7786 7787 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]); 7788 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]); 7789 7790 /* check upper layer protocol */ 7791 if (src0->sadb_address_proto != dst0->sadb_address_proto) { 7792 ipseclog((LOG_DEBUG, "%s: upper layer protocol " 7793 "mismatched.\n", __func__)); 7794 PFKEYSTAT_INC(out_invaddr); 7795 error = EINVAL; 7796 goto senderror; 7797 } 7798 7799 /* check family */ 7800 if (PFKEY_ADDR_SADDR(src0)->sa_family != 7801 PFKEY_ADDR_SADDR(dst0)->sa_family) { 7802 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", 7803 __func__)); 7804 PFKEYSTAT_INC(out_invaddr); 7805 error = EINVAL; 7806 goto senderror; 7807 } 7808 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7809 PFKEY_ADDR_SADDR(dst0)->sa_len) { 7810 ipseclog((LOG_DEBUG, "%s: address struct size " 7811 "mismatched.\n", __func__)); 7812 PFKEYSTAT_INC(out_invaddr); 7813 error = EINVAL; 7814 goto senderror; 7815 } 7816 7817 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7818 case AF_INET: 7819 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7820 sizeof(struct sockaddr_in)) { 7821 PFKEYSTAT_INC(out_invaddr); 7822 error = EINVAL; 7823 goto senderror; 7824 } 7825 break; 7826 case AF_INET6: 7827 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7828 sizeof(struct sockaddr_in6)) { 7829 PFKEYSTAT_INC(out_invaddr); 7830 error = EINVAL; 7831 goto senderror; 7832 } 7833 break; 7834 default: 7835 ipseclog((LOG_DEBUG, "%s: unsupported address family\n", 7836 __func__)); 7837 PFKEYSTAT_INC(out_invaddr); 7838 error = EAFNOSUPPORT; 7839 goto senderror; 7840 } 7841 7842 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7843 case AF_INET: 7844 plen = sizeof(struct in_addr) << 3; 7845 break; 7846 case AF_INET6: 7847 plen = sizeof(struct in6_addr) << 3; 7848 break; 7849 default: 7850 plen = 0; /*fool gcc*/ 7851 break; 7852 } 7853 7854 /* check max prefix length */ 7855 if (src0->sadb_address_prefixlen > plen || 7856 dst0->sadb_address_prefixlen > plen) { 7857 ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n", 7858 __func__)); 7859 PFKEYSTAT_INC(out_invaddr); 7860 error = EINVAL; 7861 goto senderror; 7862 } 7863 7864 /* 7865 * prefixlen == 0 is valid because there can be a case when 7866 * all addresses are matched. 7867 */ 7868 } 7869 7870 if (msg->sadb_msg_type >= nitems(key_typesw) || 7871 key_typesw[msg->sadb_msg_type] == NULL) { 7872 PFKEYSTAT_INC(out_invmsgtype); 7873 error = EINVAL; 7874 goto senderror; 7875 } 7876 7877 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh); 7878 7879senderror: 7880 msg->sadb_msg_errno = error; 7881 return key_sendup_mbuf(so, m, target); 7882} 7883 7884static int 7885key_senderror(struct socket *so, struct mbuf *m, int code) 7886{ 7887 struct sadb_msg *msg; 7888 7889 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 7890 ("mbuf too small, len %u", m->m_len)); 7891 7892 msg = mtod(m, struct sadb_msg *); 7893 msg->sadb_msg_errno = code; 7894 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 7895} 7896 7897/* 7898 * set the pointer to each header into message buffer. 7899 * m will be freed on error. 7900 * XXX larger-than-MCLBYTES extension? 7901 */ 7902static int 7903key_align(struct mbuf *m, struct sadb_msghdr *mhp) 7904{ 7905 struct mbuf *n; 7906 struct sadb_ext *ext; 7907 size_t off, end; 7908 int extlen; 7909 int toff; 7910 7911 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7912 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7913 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 7914 ("mbuf too small, len %u", m->m_len)); 7915 7916 /* initialize */ 7917 bzero(mhp, sizeof(*mhp)); 7918 7919 mhp->msg = mtod(m, struct sadb_msg *); 7920 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */ 7921 7922 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7923 extlen = end; /*just in case extlen is not updated*/ 7924 for (off = sizeof(struct sadb_msg); off < end; off += extlen) { 7925 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff); 7926 if (!n) { 7927 /* m is already freed */ 7928 return ENOBUFS; 7929 } 7930 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 7931 7932 /* set pointer */ 7933 switch (ext->sadb_ext_type) { 7934 case SADB_EXT_SA: 7935 case SADB_EXT_ADDRESS_SRC: 7936 case SADB_EXT_ADDRESS_DST: 7937 case SADB_EXT_ADDRESS_PROXY: 7938 case SADB_EXT_LIFETIME_CURRENT: 7939 case SADB_EXT_LIFETIME_HARD: 7940 case SADB_EXT_LIFETIME_SOFT: 7941 case SADB_EXT_KEY_AUTH: 7942 case SADB_EXT_KEY_ENCRYPT: 7943 case SADB_EXT_IDENTITY_SRC: 7944 case SADB_EXT_IDENTITY_DST: 7945 case SADB_EXT_SENSITIVITY: 7946 case SADB_EXT_PROPOSAL: 7947 case SADB_EXT_SUPPORTED_AUTH: 7948 case SADB_EXT_SUPPORTED_ENCRYPT: 7949 case SADB_EXT_SPIRANGE: 7950 case SADB_X_EXT_POLICY: 7951 case SADB_X_EXT_SA2: 7952 case SADB_X_EXT_NAT_T_TYPE: 7953 case SADB_X_EXT_NAT_T_SPORT: 7954 case SADB_X_EXT_NAT_T_DPORT: 7955 case SADB_X_EXT_NAT_T_OAI: 7956 case SADB_X_EXT_NAT_T_OAR: 7957 case SADB_X_EXT_NAT_T_FRAG: 7958 case SADB_X_EXT_SA_REPLAY: 7959 case SADB_X_EXT_NEW_ADDRESS_SRC: 7960 case SADB_X_EXT_NEW_ADDRESS_DST: 7961 /* duplicate check */ 7962 /* 7963 * XXX Are there duplication payloads of either 7964 * KEY_AUTH or KEY_ENCRYPT ? 7965 */ 7966 if (mhp->ext[ext->sadb_ext_type] != NULL) { 7967 ipseclog((LOG_DEBUG, "%s: duplicate ext_type " 7968 "%u\n", __func__, ext->sadb_ext_type)); 7969 m_freem(m); 7970 PFKEYSTAT_INC(out_dupext); 7971 return EINVAL; 7972 } 7973 break; 7974 default: 7975 ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n", 7976 __func__, ext->sadb_ext_type)); 7977 m_freem(m); 7978 PFKEYSTAT_INC(out_invexttype); 7979 return EINVAL; 7980 } 7981 7982 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 7983 7984 if (key_validate_ext(ext, extlen)) { 7985 m_freem(m); 7986 PFKEYSTAT_INC(out_invlen); 7987 return EINVAL; 7988 } 7989 7990 n = m_pulldown(m, off, extlen, &toff); 7991 if (!n) { 7992 /* m is already freed */ 7993 return ENOBUFS; 7994 } 7995 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 7996 7997 mhp->ext[ext->sadb_ext_type] = ext; 7998 mhp->extoff[ext->sadb_ext_type] = off; 7999 mhp->extlen[ext->sadb_ext_type] = extlen; 8000 } 8001 8002 if (off != end) { 8003 m_freem(m); 8004 PFKEYSTAT_INC(out_invlen); 8005 return EINVAL; 8006 } 8007 8008 return 0; 8009} 8010 8011static int 8012key_validate_ext(const struct sadb_ext *ext, int len) 8013{ 8014 const struct sockaddr *sa; 8015 enum { NONE, ADDR } checktype = NONE; 8016 int baselen = 0; 8017 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len); 8018 8019 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len)) 8020 return EINVAL; 8021 8022 /* if it does not match minimum/maximum length, bail */ 8023 if (ext->sadb_ext_type >= nitems(minsize) || 8024 ext->sadb_ext_type >= nitems(maxsize)) 8025 return EINVAL; 8026 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type]) 8027 return EINVAL; 8028 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type]) 8029 return EINVAL; 8030 8031 /* more checks based on sadb_ext_type XXX need more */ 8032 switch (ext->sadb_ext_type) { 8033 case SADB_EXT_ADDRESS_SRC: 8034 case SADB_EXT_ADDRESS_DST: 8035 case SADB_EXT_ADDRESS_PROXY: 8036 case SADB_X_EXT_NAT_T_OAI: 8037 case SADB_X_EXT_NAT_T_OAR: 8038 case SADB_X_EXT_NEW_ADDRESS_SRC: 8039 case SADB_X_EXT_NEW_ADDRESS_DST: 8040 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address)); 8041 checktype = ADDR; 8042 break; 8043 case SADB_EXT_IDENTITY_SRC: 8044 case SADB_EXT_IDENTITY_DST: 8045 if (((const struct sadb_ident *)ext)->sadb_ident_type == 8046 SADB_X_IDENTTYPE_ADDR) { 8047 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident)); 8048 checktype = ADDR; 8049 } else 8050 checktype = NONE; 8051 break; 8052 default: 8053 checktype = NONE; 8054 break; 8055 } 8056 8057 switch (checktype) { 8058 case NONE: 8059 break; 8060 case ADDR: 8061 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen); 8062 if (len < baselen + sal) 8063 return EINVAL; 8064 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len) 8065 return EINVAL; 8066 break; 8067 } 8068 8069 return 0; 8070} 8071 8072void 8073key_init(void) 8074{ 8075 int i; 8076 8077 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8078 TAILQ_INIT(&V_sptree[i]); 8079 TAILQ_INIT(&V_sptree_ifnet[i]); 8080 } 8081 8082 V_key_lft_zone = uma_zcreate("IPsec SA lft_c", 8083 sizeof(uint64_t) * 2, NULL, NULL, NULL, NULL, 8084 UMA_ALIGN_PTR, UMA_ZONE_PCPU); 8085 8086 TAILQ_INIT(&V_sahtree); 8087 V_sphashtbl = hashinit(SPHASH_NHASH, M_IPSEC_SP, &V_sphash_mask); 8088 V_savhashtbl = hashinit(SAVHASH_NHASH, M_IPSEC_SA, &V_savhash_mask); 8089 V_sahaddrhashtbl = hashinit(SAHHASH_NHASH, M_IPSEC_SAH, 8090 &V_sahaddrhash_mask); 8091 V_acqaddrhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8092 &V_acqaddrhash_mask); 8093 V_acqseqhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8094 &V_acqseqhash_mask); 8095 8096 for (i = 0; i <= SADB_SATYPE_MAX; i++) 8097 LIST_INIT(&V_regtree[i]); 8098 8099 LIST_INIT(&V_acqtree); 8100 LIST_INIT(&V_spacqtree); 8101 8102 if (!IS_DEFAULT_VNET(curvnet)) 8103 return; 8104 8105 XFORMS_LOCK_INIT(); 8106 SPTREE_LOCK_INIT(); 8107 REGTREE_LOCK_INIT(); 8108 SAHTREE_LOCK_INIT(); 8109 ACQ_LOCK_INIT(); 8110 SPACQ_LOCK_INIT(); 8111 8112#ifndef IPSEC_DEBUG2 8113 callout_init(&key_timer, 1); 8114 callout_reset(&key_timer, hz, key_timehandler, NULL); 8115#endif /*IPSEC_DEBUG2*/ 8116 8117 /* initialize key statistics */ 8118 keystat.getspi_count = 1; 8119 8120 if (bootverbose) 8121 printf("IPsec: Initialized Security Association Processing.\n"); 8122} 8123 8124#ifdef VIMAGE 8125void 8126key_destroy(void) 8127{ 8128 struct secashead_queue sahdrainq; 8129 struct secpolicy_queue drainq; 8130 struct secpolicy *sp, *nextsp; 8131 struct secacq *acq, *nextacq; 8132 struct secspacq *spacq, *nextspacq; 8133 struct secashead *sah; 8134 struct secasvar *sav; 8135 struct secreg *reg; 8136 int i; 8137 8138 /* 8139 * XXX: can we just call free() for each object without 8140 * walking through safe way with releasing references? 8141 */ 8142 TAILQ_INIT(&drainq); 8143 SPTREE_WLOCK(); 8144 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8145 TAILQ_CONCAT(&drainq, &V_sptree[i], chain); 8146 TAILQ_CONCAT(&drainq, &V_sptree_ifnet[i], chain); 8147 } 8148 for (i = 0; i < V_sphash_mask + 1; i++) 8149 LIST_INIT(&V_sphashtbl[i]); 8150 SPTREE_WUNLOCK(); 8151 8152 sp = TAILQ_FIRST(&drainq); 8153 while (sp != NULL) { 8154 nextsp = TAILQ_NEXT(sp, chain); 8155 key_freesp(&sp); 8156 sp = nextsp; 8157 } 8158 8159 TAILQ_INIT(&sahdrainq); 8160 SAHTREE_WLOCK(); 8161 TAILQ_CONCAT(&sahdrainq, &V_sahtree, chain); 8162 for (i = 0; i < V_savhash_mask + 1; i++) 8163 LIST_INIT(&V_savhashtbl[i]); 8164 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 8165 LIST_INIT(&V_sahaddrhashtbl[i]); 8166 TAILQ_FOREACH(sah, &sahdrainq, chain) { 8167 sah->state = SADB_SASTATE_DEAD; 8168 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 8169 sav->state = SADB_SASTATE_DEAD; 8170 } 8171 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 8172 sav->state = SADB_SASTATE_DEAD; 8173 } 8174 } 8175 SAHTREE_WUNLOCK(); 8176 8177 key_freesah_flushed(&sahdrainq); 8178 hashdestroy(V_sphashtbl, M_IPSEC_SP, V_sphash_mask); 8179 hashdestroy(V_savhashtbl, M_IPSEC_SA, V_savhash_mask); 8180 hashdestroy(V_sahaddrhashtbl, M_IPSEC_SAH, V_sahaddrhash_mask); 8181 8182 REGTREE_LOCK(); 8183 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 8184 LIST_FOREACH(reg, &V_regtree[i], chain) { 8185 if (__LIST_CHAINED(reg)) { 8186 LIST_REMOVE(reg, chain); 8187 free(reg, M_IPSEC_SAR); 8188 break; 8189 } 8190 } 8191 } 8192 REGTREE_UNLOCK(); 8193 8194 ACQ_LOCK(); 8195 acq = LIST_FIRST(&V_acqtree); 8196 while (acq != NULL) { 8197 nextacq = LIST_NEXT(acq, chain); 8198 LIST_REMOVE(acq, chain); 8199 free(acq, M_IPSEC_SAQ); 8200 acq = nextacq; 8201 } 8202 for (i = 0; i < V_acqaddrhash_mask + 1; i++) 8203 LIST_INIT(&V_acqaddrhashtbl[i]); 8204 for (i = 0; i < V_acqseqhash_mask + 1; i++) 8205 LIST_INIT(&V_acqseqhashtbl[i]); 8206 ACQ_UNLOCK(); 8207 8208 SPACQ_LOCK(); 8209 for (spacq = LIST_FIRST(&V_spacqtree); spacq != NULL; 8210 spacq = nextspacq) { 8211 nextspacq = LIST_NEXT(spacq, chain); 8212 if (__LIST_CHAINED(spacq)) { 8213 LIST_REMOVE(spacq, chain); 8214 free(spacq, M_IPSEC_SAQ); 8215 } 8216 } 8217 SPACQ_UNLOCK(); 8218 hashdestroy(V_acqaddrhashtbl, M_IPSEC_SAQ, V_acqaddrhash_mask); 8219 hashdestroy(V_acqseqhashtbl, M_IPSEC_SAQ, V_acqseqhash_mask); 8220 uma_zdestroy(V_key_lft_zone); 8221 8222 if (!IS_DEFAULT_VNET(curvnet)) 8223 return; 8224#ifndef IPSEC_DEBUG2 8225 callout_drain(&key_timer); 8226#endif 8227 XFORMS_LOCK_DESTROY(); 8228 SPTREE_LOCK_DESTROY(); 8229 REGTREE_LOCK_DESTROY(); 8230 SAHTREE_LOCK_DESTROY(); 8231 ACQ_LOCK_DESTROY(); 8232 SPACQ_LOCK_DESTROY(); 8233} 8234#endif 8235 8236/* record data transfer on SA, and update timestamps */ 8237void 8238key_sa_recordxfer(struct secasvar *sav, struct mbuf *m) 8239{ 8240 IPSEC_ASSERT(sav != NULL, ("Null secasvar")); 8241 IPSEC_ASSERT(m != NULL, ("Null mbuf")); 8242 8243 /* 8244 * XXX Currently, there is a difference of bytes size 8245 * between inbound and outbound processing. 8246 */ 8247 counter_u64_add(sav->lft_c_bytes, m->m_pkthdr.len); 8248 8249 /* 8250 * We use the number of packets as the unit of 8251 * allocations. We increment the variable 8252 * whenever {esp,ah}_{in,out}put is called. 8253 */ 8254 counter_u64_add(sav->lft_c_allocations, 1); 8255 8256 /* 8257 * NOTE: We record CURRENT usetime by using wall clock, 8258 * in seconds. HARD and SOFT lifetime are measured by the time 8259 * difference (again in seconds) from usetime. 8260 * 8261 * usetime 8262 * v expire expire 8263 * -----+-----+--------+---> t 8264 * <--------------> HARD 8265 * <-----> SOFT 8266 */ 8267 if (sav->firstused == 0) 8268 sav->firstused = time_second; 8269} 8270 8271/* 8272 * Take one of the kernel's security keys and convert it into a PF_KEY 8273 * structure within an mbuf, suitable for sending up to a waiting 8274 * application in user land. 8275 * 8276 * IN: 8277 * src: A pointer to a kernel security key. 8278 * exttype: Which type of key this is. Refer to the PF_KEY data structures. 8279 * OUT: 8280 * a valid mbuf or NULL indicating an error 8281 * 8282 */ 8283 8284static struct mbuf * 8285key_setkey(struct seckey *src, uint16_t exttype) 8286{ 8287 struct mbuf *m; 8288 struct sadb_key *p; 8289 int len; 8290 8291 if (src == NULL) 8292 return NULL; 8293 8294 len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src)); 8295 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8296 if (m == NULL) 8297 return NULL; 8298 m_align(m, len); 8299 m->m_len = len; 8300 p = mtod(m, struct sadb_key *); 8301 bzero(p, len); 8302 p->sadb_key_len = PFKEY_UNIT64(len); 8303 p->sadb_key_exttype = exttype; 8304 p->sadb_key_bits = src->bits; 8305 bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src)); 8306 8307 return m; 8308} 8309 8310/* 8311 * Take one of the kernel's lifetime data structures and convert it 8312 * into a PF_KEY structure within an mbuf, suitable for sending up to 8313 * a waiting application in user land. 8314 * 8315 * IN: 8316 * src: A pointer to a kernel lifetime structure. 8317 * exttype: Which type of lifetime this is. Refer to the PF_KEY 8318 * data structures for more information. 8319 * OUT: 8320 * a valid mbuf or NULL indicating an error 8321 * 8322 */ 8323 8324static struct mbuf * 8325key_setlifetime(struct seclifetime *src, uint16_t exttype) 8326{ 8327 struct mbuf *m = NULL; 8328 struct sadb_lifetime *p; 8329 int len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime)); 8330 8331 if (src == NULL) 8332 return NULL; 8333 8334 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8335 if (m == NULL) 8336 return m; 8337 m_align(m, len); 8338 m->m_len = len; 8339 p = mtod(m, struct sadb_lifetime *); 8340 8341 bzero(p, len); 8342 p->sadb_lifetime_len = PFKEY_UNIT64(len); 8343 p->sadb_lifetime_exttype = exttype; 8344 p->sadb_lifetime_allocations = src->allocations; 8345 p->sadb_lifetime_bytes = src->bytes; 8346 p->sadb_lifetime_addtime = src->addtime; 8347 p->sadb_lifetime_usetime = src->usetime; 8348 8349 return m; 8350 8351} 8352 8353const struct enc_xform * 8354enc_algorithm_lookup(int alg) 8355{ 8356 int i; 8357 8358 for (i = 0; i < nitems(supported_ealgs); i++) 8359 if (alg == supported_ealgs[i].sadb_alg) 8360 return (supported_ealgs[i].xform); 8361 return (NULL); 8362} 8363 8364const struct auth_hash * 8365auth_algorithm_lookup(int alg) 8366{ 8367 int i; 8368 8369 for (i = 0; i < nitems(supported_aalgs); i++) 8370 if (alg == supported_aalgs[i].sadb_alg) 8371 return (supported_aalgs[i].xform); 8372 return (NULL); 8373} 8374 8375const struct comp_algo * 8376comp_algorithm_lookup(int alg) 8377{ 8378 int i; 8379 8380 for (i = 0; i < nitems(supported_calgs); i++) 8381 if (alg == supported_calgs[i].sadb_alg) 8382 return (supported_calgs[i].xform); 8383 return (NULL); 8384} 8385 8386/* 8387 * Register a transform. 8388 */ 8389static int 8390xform_register(struct xformsw* xsp) 8391{ 8392 struct xformsw *entry; 8393 8394 XFORMS_LOCK(); 8395 LIST_FOREACH(entry, &xforms, chain) { 8396 if (entry->xf_type == xsp->xf_type) { 8397 XFORMS_UNLOCK(); 8398 return (EEXIST); 8399 } 8400 } 8401 LIST_INSERT_HEAD(&xforms, xsp, chain); 8402 XFORMS_UNLOCK(); 8403 return (0); 8404} 8405 8406void 8407xform_attach(void *data) 8408{ 8409 struct xformsw *xsp = (struct xformsw *)data; 8410 8411 if (xform_register(xsp) != 0) 8412 printf("%s: failed to register %s xform\n", __func__, 8413 xsp->xf_name); 8414} 8415 8416void 8417xform_detach(void *data) 8418{ 8419 struct xformsw *xsp = (struct xformsw *)data; 8420 8421 XFORMS_LOCK(); 8422 LIST_REMOVE(xsp, chain); 8423 XFORMS_UNLOCK(); 8424 8425 /* Delete all SAs related to this xform. */ 8426 key_delete_xform(xsp); 8427} 8428 8429/* 8430 * Initialize transform support in an sav. 8431 */ 8432static int 8433xform_init(struct secasvar *sav, u_short xftype) 8434{ 8435 struct xformsw *entry; 8436 int ret; 8437 8438 IPSEC_ASSERT(sav->tdb_xform == NULL, 8439 ("tdb_xform is already initialized")); 8440 8441 ret = EINVAL; 8442 XFORMS_LOCK(); 8443 LIST_FOREACH(entry, &xforms, chain) { 8444 if (entry->xf_type == xftype) { 8445 ret = (*entry->xf_init)(sav, entry); 8446 break; 8447 } 8448 } 8449 XFORMS_UNLOCK(); 8450 return (ret); 8451} 8452 8453