1/*	$KAME: keydb.c,v 1.61 2000/03/25 07:24:13 sumikawa Exp $	*/
2
3/*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 *    notice, this list of conditions and the following disclaimer in the
14 *    documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 *    may be used to endorse or promote products derived from this software
17 *    without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32#include <sys/types.h>
33#include <sys/socket.h>
34#include <sys/param.h>
35#include <sys/systm.h>
36#include <sys/kernel.h>
37#include <sys/malloc.h>
38#include <sys/errno.h>
39#include <sys/queue.h>
40
41#include <net/if.h>
42#include <net/route.h>
43
44#include <netinet/in.h>
45
46#include <net/pfkeyv2.h>
47#include <netkey/keydb.h>
48#include <netinet6/ipsec.h>
49
50#include <net/net_osdep.h>
51
52extern lck_mtx_t  *sadb_mutex;
53
54MALLOC_DEFINE(M_SECA, "key mgmt", "security associations, key management");
55
56// static void keydb_delsecasvar(struct secasvar *); // not used
57
58/*
59 * secpolicy management
60 */
61struct secpolicy *
62keydb_newsecpolicy()
63{
64	struct secpolicy *p;
65
66	lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
67
68	p = (struct secpolicy *)_MALLOC(sizeof(*p), M_SECA, M_WAITOK);
69	if (!p)
70		return p;
71	bzero(p, sizeof(*p));
72	return p;
73}
74
75void
76keydb_delsecpolicy(p)
77	struct secpolicy *p;
78{
79
80	_FREE(p, M_SECA);
81}
82
83/*
84 * secashead management
85 */
86struct secashead *
87keydb_newsecashead()
88{
89	struct secashead *p;
90	int i;
91
92	lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
93
94	p = (struct secashead *)_MALLOC(sizeof(*p), M_SECA, M_NOWAIT);
95	if (!p) {
96		lck_mtx_unlock(sadb_mutex);
97		p = (struct secashead *)_MALLOC(sizeof(*p), M_SECA, M_WAITOK);
98		lck_mtx_lock(sadb_mutex);
99	}
100	if (!p)
101		return p;
102	bzero(p, sizeof(*p));
103	for (i = 0; i < sizeof(p->savtree)/sizeof(p->savtree[0]); i++)
104		LIST_INIT(&p->savtree[i]);
105	return p;
106}
107
108#if 0
109void
110keydb_delsecashead(p)
111	struct secashead *p;
112{
113
114	_FREE(p, M_SECA);
115}
116
117
118
119/*
120 * secasvar management (reference counted)
121 */
122struct secasvar *
123keydb_newsecasvar()
124{
125	struct secasvar *p;
126
127	lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
128
129	p = (struct secasvar *)_MALLOC(sizeof(*p), M_SECA, M_WAITOK);
130	if (!p)
131		return p;
132	bzero(p, sizeof(*p));
133	p->refcnt = 1;
134	return p;
135}
136
137void
138keydb_refsecasvar(p)
139	struct secasvar *p;
140{
141
142	lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
143
144	p->refcnt++;
145}
146
147void
148keydb_freesecasvar(p)
149	struct secasvar *p;
150{
151
152	lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
153
154	p->refcnt--;
155	/* negative refcnt will cause panic intentionally */
156	if (p->refcnt <= 0)
157		keydb_delsecasvar(p);
158}
159
160static void
161keydb_delsecasvar(p)
162	struct secasvar *p;
163{
164
165	if (p->refcnt)
166		panic("keydb_delsecasvar called with refcnt != 0");
167
168	_FREE(p, M_SECA);
169}
170#endif
171
172/*
173 * secreplay management
174 */
175struct secreplay *
176keydb_newsecreplay(wsize)
177	size_t wsize;
178{
179	struct secreplay *p;
180
181	lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
182
183	p = (struct secreplay *)_MALLOC(sizeof(*p), M_SECA, M_NOWAIT);
184	if (!p) {
185		lck_mtx_unlock(sadb_mutex);
186		p = (struct secreplay *)_MALLOC(sizeof(*p), M_SECA, M_WAITOK);
187		lck_mtx_lock(sadb_mutex);
188	}
189	if (!p)
190		return p;
191
192	bzero(p, sizeof(*p));
193	if (wsize != 0) {
194		p->bitmap = (caddr_t)_MALLOC(wsize, M_SECA, M_NOWAIT);
195		if (!p->bitmap) {
196			lck_mtx_unlock(sadb_mutex);
197			p->bitmap = (caddr_t)_MALLOC(wsize, M_SECA, M_WAITOK);
198			lck_mtx_lock(sadb_mutex);
199			if (!p->bitmap) {
200				_FREE(p, M_SECA);
201				return NULL;
202			}
203		}
204		bzero(p->bitmap, wsize);
205	}
206	p->wsize = wsize;
207	return p;
208}
209
210void
211keydb_delsecreplay(p)
212	struct secreplay *p;
213{
214
215	if (p->bitmap)
216		_FREE(p->bitmap, M_SECA);
217	_FREE(p, M_SECA);
218}
219
220#if 0
221/*	NOT USED
222 * secreg management
223 */
224struct secreg *
225keydb_newsecreg()
226{
227	struct secreg *p;
228
229	p = (struct secreg *)_MALLOC(sizeof(*p), M_SECA, M_WAITOK);
230	if (p)
231		bzero(p, sizeof(*p));
232	return p;
233}
234
235void
236keydb_delsecreg(p)
237	struct secreg *p;
238{
239
240	_FREE(p, M_SECA);
241}
242#endif
243