1/* $KAME: keydb.c,v 1.61 2000/03/25 07:24:13 sumikawa Exp $ */ 2 3/* 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32#include <sys/types.h> 33#include <sys/socket.h> 34#include <sys/param.h> 35#include <sys/systm.h> 36#include <sys/kernel.h> 37#include <sys/malloc.h> 38#include <sys/errno.h> 39#include <sys/queue.h> 40 41#include <net/if.h> 42#include <net/route.h> 43 44#include <netinet/in.h> 45 46#include <net/pfkeyv2.h> 47#include <netkey/keydb.h> 48#include <netinet6/ipsec.h> 49 50#include <net/net_osdep.h> 51 52extern lck_mtx_t *sadb_mutex; 53 54MALLOC_DEFINE(M_SECA, "key mgmt", "security associations, key management"); 55 56// static void keydb_delsecasvar(struct secasvar *); // not used 57 58/* 59 * secpolicy management 60 */ 61struct secpolicy * 62keydb_newsecpolicy() 63{ 64 struct secpolicy *p; 65 66 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED); 67 68 p = (struct secpolicy *)_MALLOC(sizeof(*p), M_SECA, M_WAITOK); 69 if (!p) 70 return p; 71 bzero(p, sizeof(*p)); 72 return p; 73} 74 75void 76keydb_delsecpolicy(p) 77 struct secpolicy *p; 78{ 79 80 _FREE(p, M_SECA); 81} 82 83/* 84 * secashead management 85 */ 86struct secashead * 87keydb_newsecashead() 88{ 89 struct secashead *p; 90 int i; 91 92 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED); 93 94 p = (struct secashead *)_MALLOC(sizeof(*p), M_SECA, M_NOWAIT); 95 if (!p) { 96 lck_mtx_unlock(sadb_mutex); 97 p = (struct secashead *)_MALLOC(sizeof(*p), M_SECA, M_WAITOK); 98 lck_mtx_lock(sadb_mutex); 99 } 100 if (!p) 101 return p; 102 bzero(p, sizeof(*p)); 103 for (i = 0; i < sizeof(p->savtree)/sizeof(p->savtree[0]); i++) 104 LIST_INIT(&p->savtree[i]); 105 return p; 106} 107 108#if 0 109void 110keydb_delsecashead(p) 111 struct secashead *p; 112{ 113 114 _FREE(p, M_SECA); 115} 116 117 118 119/* 120 * secasvar management (reference counted) 121 */ 122struct secasvar * 123keydb_newsecasvar() 124{ 125 struct secasvar *p; 126 127 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED); 128 129 p = (struct secasvar *)_MALLOC(sizeof(*p), M_SECA, M_WAITOK); 130 if (!p) 131 return p; 132 bzero(p, sizeof(*p)); 133 p->refcnt = 1; 134 return p; 135} 136 137void 138keydb_refsecasvar(p) 139 struct secasvar *p; 140{ 141 142 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED); 143 144 p->refcnt++; 145} 146 147void 148keydb_freesecasvar(p) 149 struct secasvar *p; 150{ 151 152 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED); 153 154 p->refcnt--; 155 /* negative refcnt will cause panic intentionally */ 156 if (p->refcnt <= 0) 157 keydb_delsecasvar(p); 158} 159 160static void 161keydb_delsecasvar(p) 162 struct secasvar *p; 163{ 164 165 if (p->refcnt) 166 panic("keydb_delsecasvar called with refcnt != 0"); 167 168 _FREE(p, M_SECA); 169} 170#endif 171 172/* 173 * secreplay management 174 */ 175struct secreplay * 176keydb_newsecreplay(wsize) 177 size_t wsize; 178{ 179 struct secreplay *p; 180 181 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED); 182 183 p = (struct secreplay *)_MALLOC(sizeof(*p), M_SECA, M_NOWAIT); 184 if (!p) { 185 lck_mtx_unlock(sadb_mutex); 186 p = (struct secreplay *)_MALLOC(sizeof(*p), M_SECA, M_WAITOK); 187 lck_mtx_lock(sadb_mutex); 188 } 189 if (!p) 190 return p; 191 192 bzero(p, sizeof(*p)); 193 if (wsize != 0) { 194 p->bitmap = (caddr_t)_MALLOC(wsize, M_SECA, M_NOWAIT); 195 if (!p->bitmap) { 196 lck_mtx_unlock(sadb_mutex); 197 p->bitmap = (caddr_t)_MALLOC(wsize, M_SECA, M_WAITOK); 198 lck_mtx_lock(sadb_mutex); 199 if (!p->bitmap) { 200 _FREE(p, M_SECA); 201 return NULL; 202 } 203 } 204 bzero(p->bitmap, wsize); 205 } 206 p->wsize = wsize; 207 return p; 208} 209 210void 211keydb_delsecreplay(p) 212 struct secreplay *p; 213{ 214 215 if (p->bitmap) 216 _FREE(p->bitmap, M_SECA); 217 _FREE(p, M_SECA); 218} 219 220#if 0 221/* NOT USED 222 * secreg management 223 */ 224struct secreg * 225keydb_newsecreg() 226{ 227 struct secreg *p; 228 229 p = (struct secreg *)_MALLOC(sizeof(*p), M_SECA, M_WAITOK); 230 if (p) 231 bzero(p, sizeof(*p)); 232 return p; 233} 234 235void 236keydb_delsecreg(p) 237 struct secreg *p; 238{ 239 240 _FREE(p, M_SECA); 241} 242#endif 243