1 /* $NetBSD: key.c,v 1.281 2023/07/21 00:44:38 knakahara Exp $ */
2 /* $FreeBSD: key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
3 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
4
5 /*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include <sys/cdefs.h>
35 __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.281 2023/07/21 00:44:38 knakahara Exp $");
36
37 /*
38 * This code is referred to RFC 2367
39 */
40
41 #if defined(_KERNEL_OPT)
42 #include "opt_inet.h"
43 #include "opt_ipsec.h"
44 #include "opt_gateway.h"
45 #include "opt_net_mpsafe.h"
46 #endif
47
48 #include <sys/types.h>
49 #include <sys/param.h>
50 #include <sys/systm.h>
51 #include <sys/callout.h>
52 #include <sys/kernel.h>
53 #include <sys/mbuf.h>
54 #include <sys/domain.h>
55 #include <sys/socket.h>
56 #include <sys/socketvar.h>
57 #include <sys/sysctl.h>
58 #include <sys/errno.h>
59 #include <sys/proc.h>
60 #include <sys/queue.h>
61 #include <sys/syslog.h>
62 #include <sys/once.h>
63 #include <sys/cprng.h>
64 #include <sys/psref.h>
65 #include <sys/lwp.h>
66 #include <sys/workqueue.h>
67 #include <sys/kmem.h>
68 #include <sys/cpu.h>
69 #include <sys/atomic.h>
70 #include <sys/pslist.h>
71 #include <sys/mutex.h>
72 #include <sys/condvar.h>
73 #include <sys/localcount.h>
74 #include <sys/pserialize.h>
75 #include <sys/hash.h>
76 #include <sys/xcall.h>
77
78 #include <net/if.h>
79 #include <net/route.h>
80
81 #include <netinet/in.h>
82 #include <netinet/in_systm.h>
83 #include <netinet/ip.h>
84 #include <netinet/in_var.h>
85 #ifdef INET
86 #include <netinet/ip_var.h>
87 #endif
88
89 #ifdef INET6
90 #include <netinet/ip6.h>
91 #include <netinet6/in6_var.h>
92 #include <netinet6/ip6_var.h>
93 #endif /* INET6 */
94
95 #ifdef INET
96 #include <netinet/in_pcb.h>
97 #endif
98 #ifdef INET6
99 #include <netinet6/in6_pcb.h>
100 #endif /* INET6 */
101
102 #include <net/pfkeyv2.h>
103 #include <netipsec/keydb.h>
104 #include <netipsec/key.h>
105 #include <netipsec/keysock.h>
106 #include <netipsec/key_debug.h>
107
108 #include <netipsec/ipsec.h>
109 #ifdef INET6
110 #include <netipsec/ipsec6.h>
111 #endif
112 #include <netipsec/ipsec_private.h>
113
114 #include <netipsec/xform.h>
115 #include <netipsec/ipcomp.h>
116
117 #define FULLMASK 0xffu
118 #define _BITS(bytes) ((bytes) << 3)
119
120 #define PORT_NONE 0
121 #define PORT_LOOSE 1
122 #define PORT_STRICT 2
123
124 #ifndef SAHHASH_NHASH
125 #define SAHHASH_NHASH 128
126 #endif
127
128 #ifndef SAVLUT_NHASH
129 #define SAVLUT_NHASH 128
130 #endif
131
132 percpu_t *pfkeystat_percpu;
133
134 /*
135 * Note on SA reference counting:
136 * - SAs that are not in DEAD state will have (total external reference + 1)
137 * following value in reference count field. they cannot be freed and are
138 * referenced from SA header.
139 * - SAs that are in DEAD state will have (total external reference)
140 * in reference count field. they are ready to be freed. reference from
141 * SA header will be removed in key_delsav(), when the reference count
142 * field hits 0 (= no external reference other than from SA header.
143 */
144
145 u_int32_t key_debug_level = 0;
146 static u_int key_spi_trycnt = 1000;
147 static u_int32_t key_spi_minval = 0x100;
148 static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */
149 static u_int32_t policy_id = 0;
150 static u_int key_int_random = 60; /*interval to initialize randseed,1(m)*/
151 static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/
152 static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/
153 static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/
154 static int key_prefered_oldsa = 0; /* prefered old sa rather than new sa.*/
155
156 static u_int32_t acq_seq = 0;
157
158 /*
159 * Locking order: there is no order for now; it means that any locks aren't
160 * overlapped.
161 */
162 /*
163 * Locking notes on SPD:
164 * - Modifications to the key_spd.splist must be done with holding key_spd.lock
165 * which is a adaptive mutex
166 * - Read accesses to the key_spd.splist must be in pserialize(9) read sections
167 * - SP's lifetime is managed by localcount(9)
168 * - An SP that has been inserted to the key_spd.splist is initially referenced
169 * by none, i.e., a reference from the key_spd.splist isn't counted
170 * - When an SP is being destroyed, we change its state as DEAD, wait for
171 * references to the SP to be released, and then deallocate the SP
172 * (see key_unlink_sp)
173 * - Getting an SP
174 * - Normally we get an SP from the key_spd.splist (see key_lookup_sp_byspidx)
175 * - Must iterate the list and increment the reference count of a found SP
176 * (by key_sp_ref) in a pserialize read section
177 * - We can gain another reference from a held SP only if we check its state
178 * and take its reference in a pserialize read section
179 * (see esp_output for example)
180 * - We may get an SP from an SP cache. See below
181 * - A gotten SP must be released after use by KEY_SP_UNREF (key_sp_unref)
182 * - Updating member variables of an SP
183 * - Most member variables of an SP are immutable
184 * - Only sp->state and sp->lastused can be changed
185 * - sp->state of an SP is updated only when destroying it under key_spd.lock
186 * - SP caches
187 * - SPs can be cached in PCBs
188 * - The lifetime of the caches is controlled by the global generation counter
189 * (ipsec_spdgen)
190 * - The global counter value is stored when an SP is cached
191 * - If the stored value is different from the global counter then the cache
192 * is considered invalidated
193 * - The counter is incremented when an SP is being destroyed
194 * - So checking the generation and taking a reference to an SP should be
195 * in a pserialize read section
196 * - Note that caching doesn't increment the reference counter of an SP
197 * - SPs in sockets
198 * - Userland programs can set a policy to a socket by
199 * setsockopt(IP_IPSEC_POLICY)
200 * - Such policies (SPs) are set to a socket (PCB) and also inserted to
201 * the key_spd.socksplist list (not the key_spd.splist)
202 * - Such a policy is destroyed when a corresponding socket is destroed,
203 * however, a socket can be destroyed in softint so we cannot destroy
204 * it directly instead we just mark it DEAD and delay the destruction
205 * until GC by the timer
206 * - SP origin
207 * - SPs can be created by both userland programs and kernel components.
208 * The SPs created in kernel must not be removed by userland programs,
209 * although the SPs can be read by userland programs.
210 */
211 /*
212 * Locking notes on SAD:
213 * - Data structures
214 * - SAs are managed by the list called key_sad.sahlists and sav lists of
215 * sah entries
216 * - An sav is supposed to be an SA from a viewpoint of users
217 * - A sah has sav lists for each SA state
218 * - Multiple saves with the same saidx can exist
219 * - Only one entry has MATURE state and others should be DEAD
220 * - DEAD entries are just ignored from searching
221 * - All sav whose state is MATURE or DYING are registered to the lookup
222 * table called key_sad.savlut in addition to the savlists.
223 * - The table is used to search an sav without use of saidx.
224 * - Modifications to the key_sad.sahlists, sah.savlist and key_sad.savlut
225 * must be done with holding key_sad.lock which is a adaptive mutex
226 * - Read accesses to the key_sad.sahlists, sah.savlist and key_sad.savlut
227 * must be in pserialize(9) read sections
228 * - sah's lifetime is managed by localcount(9)
229 * - Getting an sah entry
230 * - We get an sah from the key_sad.sahlists
231 * - Must iterate the list and increment the reference count of a found sah
232 * (by key_sah_ref) in a pserialize read section
233 * - A gotten sah must be released after use by key_sah_unref
234 * - An sah is destroyed when its state become DEAD and no sav is
235 * listed to the sah
236 * - The destruction is done only in the timer (see key_timehandler_sad)
237 * - sav's lifetime is managed by localcount(9)
238 * - Getting an sav entry
239 * - First get an sah by saidx and get an sav from either of sah's savlists
240 * - Must iterate the list and increment the reference count of a found sav
241 * (by key_sa_ref) in a pserialize read section
242 * - We can gain another reference from a held SA only if we check its state
243 * and take its reference in a pserialize read section
244 * (see esp_output for example)
245 * - A gotten sav must be released after use by key_sa_unref
246 * - An sav is destroyed when its state become DEAD
247 */
248 /*
249 * Locking notes on misc data:
250 * - All lists of key_misc are protected by key_misc.lock
251 * - key_misc.lock must be held even for read accesses
252 */
253
254 /* SPD */
255 static struct {
256 kmutex_t lock;
257 kcondvar_t cv_lc;
258 struct pslist_head splist[IPSEC_DIR_MAX];
259 /*
260 * The list has SPs that are set to a socket via
261 * setsockopt(IP_IPSEC_POLICY) from userland. See ipsec_set_policy.
262 */
263 struct pslist_head socksplist;
264
265 pserialize_t psz;
266 kcondvar_t cv_psz;
267 bool psz_performing;
268 } key_spd __cacheline_aligned;
269
270 /* SAD */
271 static struct {
272 kmutex_t lock;
273 kcondvar_t cv_lc;
274 struct pslist_head *sahlists;
275 u_long sahlistmask;
276 struct pslist_head *savlut;
277 u_long savlutmask;
278
279 pserialize_t psz;
280 kcondvar_t cv_psz;
281 bool psz_performing;
282 } key_sad __cacheline_aligned;
283
284 /* Misc data */
285 static struct {
286 kmutex_t lock;
287 /* registed list */
288 LIST_HEAD(_reglist, secreg) reglist[SADB_SATYPE_MAX + 1];
289 #ifndef IPSEC_NONBLOCK_ACQUIRE
290 /* acquiring list */
291 LIST_HEAD(_acqlist, secacq) acqlist;
292 #endif
293 #ifdef notyet
294 /* SP acquiring list */
295 LIST_HEAD(_spacqlist, secspacq) spacqlist;
296 #endif
297 } key_misc __cacheline_aligned;
298
299 /* Macros for key_spd.splist */
300 #define SPLIST_ENTRY_INIT(sp) \
301 PSLIST_ENTRY_INIT((sp), pslist_entry)
302 #define SPLIST_ENTRY_DESTROY(sp) \
303 PSLIST_ENTRY_DESTROY((sp), pslist_entry)
304 #define SPLIST_WRITER_REMOVE(sp) \
305 PSLIST_WRITER_REMOVE((sp), pslist_entry)
306 #define SPLIST_READER_EMPTY(dir) \
307 (PSLIST_READER_FIRST(&key_spd.splist[(dir)], struct secpolicy, \
308 pslist_entry) == NULL)
309 #define SPLIST_READER_FOREACH(sp, dir) \
310 PSLIST_READER_FOREACH((sp), &key_spd.splist[(dir)], \
311 struct secpolicy, pslist_entry)
312 #define SPLIST_WRITER_FOREACH(sp, dir) \
313 PSLIST_WRITER_FOREACH((sp), &key_spd.splist[(dir)], \
314 struct secpolicy, pslist_entry)
315 #define SPLIST_WRITER_INSERT_AFTER(sp, new) \
316 PSLIST_WRITER_INSERT_AFTER((sp), (new), pslist_entry)
317 #define SPLIST_WRITER_EMPTY(dir) \
318 (PSLIST_WRITER_FIRST(&key_spd.splist[(dir)], struct secpolicy, \
319 pslist_entry) == NULL)
320 #define SPLIST_WRITER_INSERT_HEAD(dir, sp) \
321 PSLIST_WRITER_INSERT_HEAD(&key_spd.splist[(dir)], (sp), \
322 pslist_entry)
323 #define SPLIST_WRITER_NEXT(sp) \
324 PSLIST_WRITER_NEXT((sp), struct secpolicy, pslist_entry)
325 #define SPLIST_WRITER_INSERT_TAIL(dir, new) \
326 do { \
327 if (SPLIST_WRITER_EMPTY((dir))) { \
328 SPLIST_WRITER_INSERT_HEAD((dir), (new)); \
329 } else { \
330 struct secpolicy *__sp; \
331 SPLIST_WRITER_FOREACH(__sp, (dir)) { \
332 if (SPLIST_WRITER_NEXT(__sp) == NULL) { \
333 SPLIST_WRITER_INSERT_AFTER(__sp,\
334 (new)); \
335 break; \
336 } \
337 } \
338 } \
339 } while (0)
340
341 /* Macros for key_spd.socksplist */
342 #define SOCKSPLIST_WRITER_FOREACH(sp) \
343 PSLIST_WRITER_FOREACH((sp), &key_spd.socksplist, \
344 struct secpolicy, pslist_entry)
345 #define SOCKSPLIST_READER_EMPTY() \
346 (PSLIST_READER_FIRST(&key_spd.socksplist, struct secpolicy, \
347 pslist_entry) == NULL)
348
349 /* Macros for key_sad.sahlist */
350 #define SAHLIST_ENTRY_INIT(sah) \
351 PSLIST_ENTRY_INIT((sah), pslist_entry)
352 #define SAHLIST_ENTRY_DESTROY(sah) \
353 PSLIST_ENTRY_DESTROY((sah), pslist_entry)
354 #define SAHLIST_WRITER_REMOVE(sah) \
355 PSLIST_WRITER_REMOVE((sah), pslist_entry)
356 #define SAHLIST_READER_FOREACH(sah) \
357 for(int _i_sah = 0; _i_sah <= key_sad.sahlistmask; _i_sah++) \
358 PSLIST_READER_FOREACH((sah), &key_sad.sahlists[_i_sah], \
359 struct secashead, pslist_entry)
360 #define SAHLIST_READER_FOREACH_SAIDX(sah, saidx) \
361 PSLIST_READER_FOREACH((sah), \
362 &key_sad.sahlists[key_saidxhash((saidx), \
363 key_sad.sahlistmask)], \
364 struct secashead, pslist_entry)
365 #define SAHLIST_WRITER_FOREACH(sah) \
366 for(int _i_sah = 0; _i_sah <= key_sad.sahlistmask; _i_sah++) \
367 PSLIST_WRITER_FOREACH((sah), &key_sad.sahlists[_i_sah], \
368 struct secashead, pslist_entry)
369 #define SAHLIST_WRITER_INSERT_HEAD(sah) \
370 PSLIST_WRITER_INSERT_HEAD( \
371 &key_sad.sahlists[key_saidxhash(&(sah)->saidx, \
372 key_sad.sahlistmask)], \
373 (sah), pslist_entry)
374
375 /* Macros for key_sad.sahlist#savlist */
376 #define SAVLIST_ENTRY_INIT(sav) \
377 PSLIST_ENTRY_INIT((sav), pslist_entry)
378 #define SAVLIST_ENTRY_DESTROY(sav) \
379 PSLIST_ENTRY_DESTROY((sav), pslist_entry)
380 #define SAVLIST_READER_FIRST(sah, state) \
381 PSLIST_READER_FIRST(&(sah)->savlist[(state)], struct secasvar, \
382 pslist_entry)
383 #define SAVLIST_WRITER_REMOVE(sav) \
384 PSLIST_WRITER_REMOVE((sav), pslist_entry)
385 #define SAVLIST_READER_FOREACH(sav, sah, state) \
386 PSLIST_READER_FOREACH((sav), &(sah)->savlist[(state)], \
387 struct secasvar, pslist_entry)
388 #define SAVLIST_WRITER_FOREACH(sav, sah, state) \
389 PSLIST_WRITER_FOREACH((sav), &(sah)->savlist[(state)], \
390 struct secasvar, pslist_entry)
391 #define SAVLIST_WRITER_INSERT_BEFORE(sav, new) \
392 PSLIST_WRITER_INSERT_BEFORE((sav), (new), pslist_entry)
393 #define SAVLIST_WRITER_INSERT_AFTER(sav, new) \
394 PSLIST_WRITER_INSERT_AFTER((sav), (new), pslist_entry)
395 #define SAVLIST_WRITER_EMPTY(sah, state) \
396 (PSLIST_WRITER_FIRST(&(sah)->savlist[(state)], struct secasvar, \
397 pslist_entry) == NULL)
398 #define SAVLIST_WRITER_INSERT_HEAD(sah, state, sav) \
399 PSLIST_WRITER_INSERT_HEAD(&(sah)->savlist[(state)], (sav), \
400 pslist_entry)
401 #define SAVLIST_WRITER_NEXT(sav) \
402 PSLIST_WRITER_NEXT((sav), struct secasvar, pslist_entry)
403 #define SAVLIST_WRITER_INSERT_TAIL(sah, state, new) \
404 do { \
405 if (SAVLIST_WRITER_EMPTY((sah), (state))) { \
406 SAVLIST_WRITER_INSERT_HEAD((sah), (state), (new));\
407 } else { \
408 struct secasvar *__sav; \
409 SAVLIST_WRITER_FOREACH(__sav, (sah), (state)) { \
410 if (SAVLIST_WRITER_NEXT(__sav) == NULL) {\
411 SAVLIST_WRITER_INSERT_AFTER(__sav,\
412 (new)); \
413 break; \
414 } \
415 } \
416 } \
417 } while (0)
418 #define SAVLIST_READER_NEXT(sav) \
419 PSLIST_READER_NEXT((sav), struct secasvar, pslist_entry)
420
421 /* Macros for key_sad.savlut */
422 #define SAVLUT_ENTRY_INIT(sav) \
423 PSLIST_ENTRY_INIT((sav), pslist_entry_savlut)
424 #define SAVLUT_READER_FOREACH(sav, dst, proto, hash_key) \
425 PSLIST_READER_FOREACH((sav), \
426 &key_sad.savlut[key_savluthash(dst, proto, hash_key, \
427 key_sad.savlutmask)], \
428 struct secasvar, pslist_entry_savlut)
429 #define SAVLUT_WRITER_INSERT_HEAD(sav) \
430 key_savlut_writer_insert_head((sav))
431 #define SAVLUT_WRITER_REMOVE(sav) \
432 do { \
433 if (!(sav)->savlut_added) \
434 break; \
435 PSLIST_WRITER_REMOVE((sav), pslist_entry_savlut); \
436 (sav)->savlut_added = false; \
437 } while(0)
438
439 /* search order for SAs */
440 /*
441 * This order is important because we must select the oldest SA
442 * for outbound processing. For inbound, This is not important.
443 */
444 static const u_int saorder_state_valid_prefer_old[] = {
445 SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
446 };
447 static const u_int saorder_state_valid_prefer_new[] = {
448 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
449 };
450
451 static const u_int saorder_state_alive[] = {
452 /* except DEAD */
453 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
454 };
455 static const u_int saorder_state_any[] = {
456 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
457 SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
458 };
459
460 #define SASTATE_ALIVE_FOREACH(s) \
461 for (int _i = 0; \
462 _i < __arraycount(saorder_state_alive) ? \
463 (s) = saorder_state_alive[_i], true : false; \
464 _i++)
465 #define SASTATE_ANY_FOREACH(s) \
466 for (int _i = 0; \
467 _i < __arraycount(saorder_state_any) ? \
468 (s) = saorder_state_any[_i], true : false; \
469 _i++)
470 #define SASTATE_USABLE_FOREACH(s) \
471 for (int _i = 0; \
472 _i < __arraycount(saorder_state_valid_prefer_new) ? \
473 (s) = saorder_state_valid_prefer_new[_i], \
474 true : false; \
475 _i++)
476
477 static const int minsize[] = {
478 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
479 sizeof(struct sadb_sa), /* SADB_EXT_SA */
480 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
481 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
482 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
483 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */
484 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */
485 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */
486 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */
487 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */
488 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */
489 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */
490 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */
491 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */
492 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */
493 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */
494 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
495 0, /* SADB_X_EXT_KMPRIVATE */
496 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */
497 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
498 sizeof(struct sadb_x_nat_t_type), /* SADB_X_EXT_NAT_T_TYPE */
499 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_SPORT */
500 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_DPORT */
501 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAI */
502 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAR */
503 sizeof(struct sadb_x_nat_t_frag), /* SADB_X_EXT_NAT_T_FRAG */
504 };
505 static const int maxsize[] = {
506 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
507 sizeof(struct sadb_sa), /* SADB_EXT_SA */
508 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
509 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
510 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
511 0, /* SADB_EXT_ADDRESS_SRC */
512 0, /* SADB_EXT_ADDRESS_DST */
513 0, /* SADB_EXT_ADDRESS_PROXY */
514 0, /* SADB_EXT_KEY_AUTH */
515 0, /* SADB_EXT_KEY_ENCRYPT */
516 0, /* SADB_EXT_IDENTITY_SRC */
517 0, /* SADB_EXT_IDENTITY_DST */
518 0, /* SADB_EXT_SENSITIVITY */
519 0, /* SADB_EXT_PROPOSAL */
520 0, /* SADB_EXT_SUPPORTED_AUTH */
521 0, /* SADB_EXT_SUPPORTED_ENCRYPT */
522 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
523 0, /* SADB_X_EXT_KMPRIVATE */
524 0, /* SADB_X_EXT_POLICY */
525 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
526 sizeof(struct sadb_x_nat_t_type), /* SADB_X_EXT_NAT_T_TYPE */
527 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_SPORT */
528 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_DPORT */
529 0, /* SADB_X_EXT_NAT_T_OAI */
530 0, /* SADB_X_EXT_NAT_T_OAR */
531 sizeof(struct sadb_x_nat_t_frag), /* SADB_X_EXT_NAT_T_FRAG */
532 };
533
534 static int ipsec_esp_keymin = 256;
535 static int ipsec_esp_auth = 0;
536 static int ipsec_ah_keymin = 128;
537 static bool ipsec_allow_different_idtype = false;
538
539 #ifdef SYSCTL_DECL
540 SYSCTL_DECL(_net_key);
541 #endif
542
543 #ifdef SYSCTL_INT
544 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW, \
545 &key_debug_level, 0, "");
546
547 /* max count of trial for the decision of spi value */
548 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \
549 &key_spi_trycnt, 0, "");
550
551 /* minimum spi value to allocate automatically. */
552 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \
553 &key_spi_minval, 0, "");
554
555 /* maximun spi value to allocate automatically. */
556 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \
557 &key_spi_maxval, 0, "");
558
559 /* interval to initialize randseed */
560 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \
561 &key_int_random, 0, "");
562
563 /* lifetime for larval SA */
564 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \
565 &key_larval_lifetime, 0, "");
566
567 /* counter for blocking to send SADB_ACQUIRE to IKEd */
568 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \
569 &key_blockacq_count, 0, "");
570
571 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
572 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \
573 &key_blockacq_lifetime, 0, "");
574
575 /* ESP auth */
576 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \
577 &ipsec_esp_auth, 0, "");
578
579 /* minimum ESP key length */
580 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \
581 &ipsec_esp_keymin, 0, "");
582
583 /* minimum AH key length */
584 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \
585 &ipsec_ah_keymin, 0, "");
586
587 /* perfered old SA rather than new SA */
588 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, prefered_oldsa, CTLFLAG_RW,\
589 &key_prefered_oldsa, 0, "");
590 #endif /* SYSCTL_INT */
591
592 #define __LIST_CHAINED(elm) \
593 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
594 #define LIST_INSERT_TAIL(head, elm, type, field) \
595 do {\
596 struct type *curelm = LIST_FIRST(head); \
597 if (curelm == NULL) {\
598 LIST_INSERT_HEAD(head, elm, field); \
599 } else { \
600 while (LIST_NEXT(curelm, field)) \
601 curelm = LIST_NEXT(curelm, field);\
602 LIST_INSERT_AFTER(curelm, elm, field);\
603 }\
604 } while (0)
605
606 #define KEY_CHKSASTATE(head, sav) \
607 /* do */ { \
608 if ((head) != (sav)) { \
609 IPSECLOG(LOG_DEBUG, \
610 "state mismatched (TREE=%d SA=%d)\n", \
611 (head), (sav)); \
612 continue; \
613 } \
614 } /* while (0) */
615
616 #define KEY_CHKSPDIR(head, sp) \
617 do { \
618 if ((head) != (sp)) { \
619 IPSECLOG(LOG_DEBUG, \
620 "direction mismatched (TREE=%d SP=%d), anyway continue.\n",\
621 (head), (sp)); \
622 } \
623 } while (0)
624
625 /*
626 * set parameters into secasindex buffer.
627 * Must allocate secasindex buffer before calling this function.
628 */
629 static int
630 key_setsecasidx(int, int, int, const struct sockaddr *,
631 const struct sockaddr *, struct secasindex *);
632
633 /* key statistics */
634 struct _keystat {
635 u_long getspi_count; /* the avarage of count to try to get new SPI */
636 } keystat;
637
638 static void
639 key_init_spidx_bymsghdr(struct secpolicyindex *, const struct sadb_msghdr *);
640
641 static const struct sockaddr *
key_msghdr_get_sockaddr(const struct sadb_msghdr * mhp,int idx)642 key_msghdr_get_sockaddr(const struct sadb_msghdr *mhp, int idx)
643 {
644
645 return PFKEY_ADDR_SADDR(mhp->ext[idx]);
646 }
647
648 static void
key_fill_replymsg(struct mbuf * m,int seq)649 key_fill_replymsg(struct mbuf *m, int seq)
650 {
651 struct sadb_msg *msg;
652
653 KASSERT(m->m_len >= sizeof(*msg));
654
655 msg = mtod(m, struct sadb_msg *);
656 msg->sadb_msg_errno = 0;
657 msg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
658 if (seq != 0)
659 msg->sadb_msg_seq = seq;
660 }
661
662 #if 0
663 static void key_freeso(struct socket *);
664 static void key_freesp_so(struct secpolicy **);
665 #endif
666 static struct secpolicy *key_getsp (const struct secpolicyindex *);
667 static struct secpolicy *key_getspbyid (u_int32_t);
668 static struct secpolicy *key_lookup_and_remove_sp(const struct secpolicyindex *, bool);
669 static struct secpolicy *key_lookupbyid_and_remove_sp(u_int32_t, bool);
670 static void key_destroy_sp(struct secpolicy *);
671 static struct mbuf *key_gather_mbuf (struct mbuf *,
672 const struct sadb_msghdr *, int, int, ...);
673 static int key_api_spdadd(struct socket *, struct mbuf *,
674 const struct sadb_msghdr *);
675 static u_int32_t key_getnewspid (void);
676 static int key_api_spddelete(struct socket *, struct mbuf *,
677 const struct sadb_msghdr *);
678 static int key_api_spddelete2(struct socket *, struct mbuf *,
679 const struct sadb_msghdr *);
680 static int key_api_spdget(struct socket *, struct mbuf *,
681 const struct sadb_msghdr *);
682 static int key_api_spdflush(struct socket *, struct mbuf *,
683 const struct sadb_msghdr *);
684 static int key_api_spddump(struct socket *, struct mbuf *,
685 const struct sadb_msghdr *);
686 static struct mbuf * key_setspddump (int *errorp, pid_t);
687 static struct mbuf * key_setspddump_chain (int *errorp, int *lenp, pid_t pid);
688 static int key_api_nat_map(struct socket *, struct mbuf *,
689 const struct sadb_msghdr *);
690 static struct mbuf *key_setdumpsp (struct secpolicy *,
691 u_int8_t, u_int32_t, pid_t);
692 static u_int key_getspreqmsglen (const struct secpolicy *);
693 static int key_spdexpire (struct secpolicy *);
694 static struct secashead *key_newsah (const struct secasindex *);
695 static void key_unlink_sah(struct secashead *);
696 static void key_destroy_sah(struct secashead *);
697 static bool key_sah_has_sav(struct secashead *);
698 static void key_sah_ref(struct secashead *);
699 static void key_sah_unref(struct secashead *);
700 static void key_init_sav(struct secasvar *);
701 static void key_wait_sav(struct secasvar *);
702 static void key_destroy_sav(struct secasvar *);
703 static struct secasvar *key_newsav(struct mbuf *,
704 const struct sadb_msghdr *, int *, int, const char*, int);
705 #define KEY_NEWSAV(m, sadb, e, proto) \
706 key_newsav(m, sadb, e, proto, __func__, __LINE__)
707 static void key_delsav (struct secasvar *);
708 static struct secashead *key_getsah(const struct secasindex *, int);
709 static struct secashead *key_getsah_ref(const struct secasindex *, int);
710 static bool key_checkspidup(const struct secasindex *, u_int32_t);
711 static struct secasvar *key_getsavbyspi (struct secashead *, u_int32_t);
712 static int key_setsaval (struct secasvar *, struct mbuf *,
713 const struct sadb_msghdr *);
714 static void key_freesaval(struct secasvar *);
715 static int key_init_xform(struct secasvar *);
716 static void key_clear_xform(struct secasvar *);
717 static struct mbuf *key_setdumpsa (struct secasvar *, u_int8_t,
718 u_int8_t, u_int32_t, u_int32_t);
719 static struct mbuf *key_setsadbxport (u_int16_t, u_int16_t);
720 static struct mbuf *key_setsadbxtype (u_int16_t);
721 static struct mbuf *key_setsadbxfrag (u_int16_t);
722 static void key_porttosaddr (union sockaddr_union *, u_int16_t);
723 static int key_checksalen (const union sockaddr_union *);
724 static struct mbuf *key_setsadbmsg (u_int8_t, u_int16_t, u_int8_t,
725 u_int32_t, pid_t, u_int16_t, int);
726 static struct mbuf *key_setsadbsa (struct secasvar *);
727 static struct mbuf *key_setsadbaddr(u_int16_t,
728 const struct sockaddr *, u_int8_t, u_int16_t, int);
729 #if 0
730 static struct mbuf *key_setsadbident (u_int16_t, u_int16_t, void *,
731 int, u_int64_t);
732 #endif
733 static struct mbuf *key_setsadbxsa2 (u_int8_t, u_int32_t, u_int16_t);
734 static struct mbuf *key_setsadbxpolicy (u_int16_t, u_int8_t,
735 u_int32_t, int);
736 static void *key_newbuf (const void *, u_int);
737 #ifdef INET6
738 static int key_ismyaddr6 (const struct sockaddr_in6 *);
739 #endif
740
741 static void sysctl_net_keyv2_setup(struct sysctllog **);
742 static void sysctl_net_key_compat_setup(struct sysctllog **);
743
744 /* flags for key_saidx_match() */
745 #define CMP_HEAD 1 /* protocol, addresses. */
746 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */
747 #define CMP_REQID 3 /* additionally HEAD, reaid. */
748 #define CMP_EXACTLY 4 /* all elements. */
749 static int key_saidx_match(const struct secasindex *,
750 const struct secasindex *, int);
751
752 static int key_sockaddr_match(const struct sockaddr *,
753 const struct sockaddr *, int);
754 static int key_bb_match_withmask(const void *, const void *, u_int);
755 static u_int16_t key_satype2proto (u_int8_t);
756 static u_int8_t key_proto2satype (u_int16_t);
757
758 static int key_spidx_match_exactly(const struct secpolicyindex *,
759 const struct secpolicyindex *);
760 static int key_spidx_match_withmask(const struct secpolicyindex *,
761 const struct secpolicyindex *);
762
763 static int key_api_getspi(struct socket *, struct mbuf *,
764 const struct sadb_msghdr *);
765 static u_int32_t key_do_getnewspi (const struct sadb_spirange *,
766 const struct secasindex *);
767 static int key_handle_natt_info (struct secasvar *,
768 const struct sadb_msghdr *);
769 static int key_set_natt_ports (union sockaddr_union *,
770 union sockaddr_union *,
771 const struct sadb_msghdr *);
772 static int key_api_update(struct socket *, struct mbuf *,
773 const struct sadb_msghdr *);
774 #ifdef IPSEC_DOSEQCHECK
775 static struct secasvar *key_getsavbyseq (struct secashead *, u_int32_t);
776 #endif
777 static int key_api_add(struct socket *, struct mbuf *,
778 const struct sadb_msghdr *);
779 static int key_setident (struct secashead *, struct mbuf *,
780 const struct sadb_msghdr *);
781 static struct mbuf *key_getmsgbuf_x1 (struct mbuf *,
782 const struct sadb_msghdr *);
783 static int key_api_delete(struct socket *, struct mbuf *,
784 const struct sadb_msghdr *);
785 static int key_api_get(struct socket *, struct mbuf *,
786 const struct sadb_msghdr *);
787
788 static void key_getcomb_setlifetime (struct sadb_comb *);
789 static struct mbuf *key_getcomb_esp(int);
790 static struct mbuf *key_getcomb_ah(int);
791 static struct mbuf *key_getcomb_ipcomp(int);
792 static struct mbuf *key_getprop(const struct secasindex *, int);
793
794 static int key_acquire(const struct secasindex *, const struct secpolicy *,
795 int);
796 static int key_acquire_sendup_mbuf_later(struct mbuf *);
797 static void key_acquire_sendup_pending_mbuf(void);
798 #ifndef IPSEC_NONBLOCK_ACQUIRE
799 static struct secacq *key_newacq (const struct secasindex *);
800 static struct secacq *key_getacq (const struct secasindex *);
801 static struct secacq *key_getacqbyseq (u_int32_t);
802 #endif
803 #ifdef notyet
804 static struct secspacq *key_newspacq (const struct secpolicyindex *);
805 static struct secspacq *key_getspacq (const struct secpolicyindex *);
806 #endif
807 static int key_api_acquire(struct socket *, struct mbuf *,
808 const struct sadb_msghdr *);
809 static int key_api_register(struct socket *, struct mbuf *,
810 const struct sadb_msghdr *);
811 static int key_expire (struct secasvar *);
812 static int key_api_flush(struct socket *, struct mbuf *,
813 const struct sadb_msghdr *);
814 static struct mbuf *key_setdump_chain (u_int8_t req_satype, int *errorp,
815 int *lenp, pid_t pid);
816 static int key_api_dump(struct socket *, struct mbuf *,
817 const struct sadb_msghdr *);
818 static int key_api_promisc(struct socket *, struct mbuf *,
819 const struct sadb_msghdr *);
820 static int key_senderror (struct socket *, struct mbuf *, int);
821 static int key_validate_ext (const struct sadb_ext *, int);
822 static int key_align (struct mbuf *, struct sadb_msghdr *);
823 #if 0
824 static const char *key_getfqdn (void);
825 static const char *key_getuserfqdn (void);
826 #endif
827 static void key_sa_chgstate (struct secasvar *, u_int8_t);
828
829 static struct mbuf *key_alloc_mbuf(int, int);
830 static struct mbuf *key_alloc_mbuf_simple(int, int);
831
832 static void key_timehandler(void *);
833 static void key_timehandler_work(struct work *, void *);
834 static struct callout key_timehandler_ch;
835 static struct workqueue *key_timehandler_wq;
836 static struct work key_timehandler_wk;
837
838 static inline void
839 key_savlut_writer_insert_head(struct secasvar *sav);
840 static inline uint32_t
841 key_saidxhash(const struct secasindex *, u_long);
842 static inline uint32_t
843 key_savluthash(const struct sockaddr *,
844 uint32_t, uint32_t, u_long);
845
846 /*
847 * Utilities for percpu counters for sadb_lifetime_allocations and
848 * sadb_lifetime_bytes.
849 */
850 #define LIFETIME_COUNTER_ALLOCATIONS 0
851 #define LIFETIME_COUNTER_BYTES 1
852 #define LIFETIME_COUNTER_SIZE 2
853
854 typedef uint64_t lifetime_counters_t[LIFETIME_COUNTER_SIZE];
855
856 static void
key_sum_lifetime_counters(void * p,void * arg,struct cpu_info * ci __unused)857 key_sum_lifetime_counters(void *p, void *arg, struct cpu_info *ci __unused)
858 {
859 lifetime_counters_t *one = p;
860 lifetime_counters_t *sum = arg;
861
862 (*sum)[LIFETIME_COUNTER_ALLOCATIONS] += (*one)[LIFETIME_COUNTER_ALLOCATIONS];
863 (*sum)[LIFETIME_COUNTER_BYTES] += (*one)[LIFETIME_COUNTER_BYTES];
864 }
865
866 u_int
key_sp_refcnt(const struct secpolicy * sp)867 key_sp_refcnt(const struct secpolicy *sp)
868 {
869
870 /* FIXME */
871 return 0;
872 }
873
874 void
key_sp_touch(struct secpolicy * sp)875 key_sp_touch(struct secpolicy *sp)
876 {
877
878 sp->lastused = time_uptime;
879 }
880
881 static void
key_spd_pserialize_perform(void)882 key_spd_pserialize_perform(void)
883 {
884
885 KASSERT(mutex_owned(&key_spd.lock));
886
887 while (key_spd.psz_performing)
888 cv_wait(&key_spd.cv_psz, &key_spd.lock);
889 key_spd.psz_performing = true;
890 mutex_exit(&key_spd.lock);
891
892 pserialize_perform(key_spd.psz);
893
894 mutex_enter(&key_spd.lock);
895 key_spd.psz_performing = false;
896 cv_broadcast(&key_spd.cv_psz);
897 }
898
899 /*
900 * Remove the sp from the key_spd.splist and wait for references to the sp
901 * to be released. key_spd.lock must be held.
902 */
903 static void
key_unlink_sp(struct secpolicy * sp)904 key_unlink_sp(struct secpolicy *sp)
905 {
906
907 KASSERT(mutex_owned(&key_spd.lock));
908
909 sp->state = IPSEC_SPSTATE_DEAD;
910 SPLIST_WRITER_REMOVE(sp);
911
912 /* Invalidate all cached SPD pointers in the PCBs. */
913 ipsec_invalpcbcacheall();
914
915 KDASSERT(mutex_ownable(softnet_lock));
916 key_spd_pserialize_perform();
917
918 localcount_drain(&sp->localcount, &key_spd.cv_lc, &key_spd.lock);
919 }
920
921 /*
922 * Return 0 when there are known to be no SP's for the specified
923 * direction. Otherwise return 1. This is used by IPsec code
924 * to optimize performance.
925 */
926 int
key_havesp(u_int dir)927 key_havesp(u_int dir)
928 {
929 return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ?
930 !SPLIST_READER_EMPTY(dir) : 1);
931 }
932
933 /* %%% IPsec policy management */
934 /*
935 * allocating a SP for OUTBOUND or INBOUND packet.
936 * Must call key_freesp() later.
937 * OUT: NULL: not found
938 * others: found and return the pointer.
939 */
940 struct secpolicy *
key_lookup_sp_byspidx(const struct secpolicyindex * spidx,u_int dir,const char * where,int tag)941 key_lookup_sp_byspidx(const struct secpolicyindex *spidx,
942 u_int dir, const char* where, int tag)
943 {
944 struct secpolicy *sp;
945 int s;
946
947 KASSERT(spidx != NULL);
948 KASSERTMSG(IPSEC_DIR_IS_INOROUT(dir), "invalid direction %u", dir);
949
950 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag);
951
952 /* get a SP entry */
953 if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
954 kdebug_secpolicyindex("objects", spidx);
955 }
956
957 s = pserialize_read_enter();
958 SPLIST_READER_FOREACH(sp, dir) {
959 if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DATA)) {
960 kdebug_secpolicyindex("in SPD", &sp->spidx);
961 }
962
963 if (sp->state == IPSEC_SPSTATE_DEAD)
964 continue;
965 if (key_spidx_match_withmask(&sp->spidx, spidx))
966 goto found;
967 }
968 sp = NULL;
969 found:
970 if (sp) {
971 /* sanity check */
972 KEY_CHKSPDIR(sp->spidx.dir, dir);
973
974 /* found a SPD entry */
975 key_sp_touch(sp);
976 key_sp_ref(sp, where, tag);
977 }
978 pserialize_read_exit(s);
979
980 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
981 "DP return SP:%p (ID=%u) refcnt %u\n",
982 sp, sp ? sp->id : 0, key_sp_refcnt(sp));
983 return sp;
984 }
985
986 /*
987 * return a policy that matches this particular inbound packet.
988 * XXX slow
989 */
990 struct secpolicy *
key_gettunnel(const struct sockaddr * osrc,const struct sockaddr * odst,const struct sockaddr * isrc,const struct sockaddr * idst,const char * where,int tag)991 key_gettunnel(const struct sockaddr *osrc,
992 const struct sockaddr *odst,
993 const struct sockaddr *isrc,
994 const struct sockaddr *idst,
995 const char* where, int tag)
996 {
997 struct secpolicy *sp;
998 const int dir = IPSEC_DIR_INBOUND;
999 int s;
1000 struct ipsecrequest *r1, *r2, *p;
1001 struct secpolicyindex spidx;
1002
1003 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, "DP from %s:%u\n", where, tag);
1004
1005 if (isrc->sa_family != idst->sa_family) {
1006 IPSECLOG(LOG_ERR,
1007 "address family mismatched src %u, dst %u.\n",
1008 isrc->sa_family, idst->sa_family);
1009 sp = NULL;
1010 goto done;
1011 }
1012
1013 s = pserialize_read_enter();
1014 SPLIST_READER_FOREACH(sp, dir) {
1015 if (sp->state == IPSEC_SPSTATE_DEAD)
1016 continue;
1017
1018 r1 = r2 = NULL;
1019 for (p = sp->req; p; p = p->next) {
1020 if (p->saidx.mode != IPSEC_MODE_TUNNEL)
1021 continue;
1022
1023 r1 = r2;
1024 r2 = p;
1025
1026 if (!r1) {
1027 /* here we look at address matches only */
1028 spidx = sp->spidx;
1029 if (isrc->sa_len > sizeof(spidx.src) ||
1030 idst->sa_len > sizeof(spidx.dst))
1031 continue;
1032 memcpy(&spidx.src, isrc, isrc->sa_len);
1033 memcpy(&spidx.dst, idst, idst->sa_len);
1034 if (!key_spidx_match_withmask(&sp->spidx, &spidx))
1035 continue;
1036 } else {
1037 if (!key_sockaddr_match(&r1->saidx.src.sa, isrc, PORT_NONE) ||
1038 !key_sockaddr_match(&r1->saidx.dst.sa, idst, PORT_NONE))
1039 continue;
1040 }
1041
1042 if (!key_sockaddr_match(&r2->saidx.src.sa, osrc, PORT_NONE) ||
1043 !key_sockaddr_match(&r2->saidx.dst.sa, odst, PORT_NONE))
1044 continue;
1045
1046 goto found;
1047 }
1048 }
1049 sp = NULL;
1050 found:
1051 if (sp) {
1052 key_sp_touch(sp);
1053 key_sp_ref(sp, where, tag);
1054 }
1055 pserialize_read_exit(s);
1056 done:
1057 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
1058 "DP return SP:%p (ID=%u) refcnt %u\n",
1059 sp, sp ? sp->id : 0, key_sp_refcnt(sp));
1060 return sp;
1061 }
1062
1063 /*
1064 * allocating an SA entry for an *OUTBOUND* packet.
1065 * checking each request entries in SP, and acquire an SA if need.
1066 * OUT: 0: there are valid requests.
1067 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
1068 */
1069 int
key_checkrequest(const struct ipsecrequest * isr,const struct secasindex * saidx,struct secasvar ** ret)1070 key_checkrequest(const struct ipsecrequest *isr, const struct secasindex *saidx,
1071 struct secasvar **ret)
1072 {
1073 u_int level;
1074 int error;
1075 struct secasvar *sav;
1076
1077 KASSERT(isr != NULL);
1078 KASSERTMSG(saidx->mode == IPSEC_MODE_TRANSPORT ||
1079 saidx->mode == IPSEC_MODE_TUNNEL,
1080 "unexpected policy %u", saidx->mode);
1081
1082 /* get current level */
1083 level = ipsec_get_reqlevel(isr);
1084
1085 /*
1086 * XXX guard against protocol callbacks from the crypto
1087 * thread as they reference ipsecrequest.sav which we
1088 * temporarily null out below. Need to rethink how we
1089 * handle bundled SA's in the callback thread.
1090 */
1091
1092 sav = key_lookup_sa_bysaidx(saidx);
1093 if (sav != NULL) {
1094 *ret = sav;
1095 return 0;
1096 }
1097
1098 /* there is no SA */
1099 error = key_acquire(saidx, isr->sp, M_NOWAIT);
1100 if (error != 0) {
1101 /* XXX What should I do ? */
1102 IPSECLOG(LOG_DEBUG, "error %d returned from key_acquire.\n",
1103 error);
1104 return error;
1105 }
1106
1107 if (level != IPSEC_LEVEL_REQUIRE) {
1108 /* XXX sigh, the interface to this routine is botched */
1109 *ret = NULL;
1110 return 0;
1111 } else {
1112 return ENOENT;
1113 }
1114 }
1115
1116 /*
1117 * looking up a SA for policy entry from SAD.
1118 * NOTE: searching SAD of aliving state.
1119 * OUT: NULL: not found.
1120 * others: found and return the pointer.
1121 */
1122 struct secasvar *
key_lookup_sa_bysaidx(const struct secasindex * saidx)1123 key_lookup_sa_bysaidx(const struct secasindex *saidx)
1124 {
1125 struct secashead *sah;
1126 struct secasvar *sav = NULL;
1127 u_int stateidx, state;
1128 const u_int *saorder_state_valid;
1129 int arraysize;
1130 int s;
1131
1132 s = pserialize_read_enter();
1133 sah = key_getsah(saidx, CMP_MODE_REQID);
1134 if (sah == NULL)
1135 goto out;
1136
1137 /*
1138 * search a valid state list for outbound packet.
1139 * This search order is important.
1140 */
1141 if (key_prefered_oldsa) {
1142 saorder_state_valid = saorder_state_valid_prefer_old;
1143 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
1144 } else {
1145 saorder_state_valid = saorder_state_valid_prefer_new;
1146 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
1147 }
1148
1149 /* search valid state */
1150 for (stateidx = 0;
1151 stateidx < arraysize;
1152 stateidx++) {
1153
1154 state = saorder_state_valid[stateidx];
1155
1156 if (key_prefered_oldsa)
1157 sav = SAVLIST_READER_FIRST(sah, state);
1158 else {
1159 /* XXX need O(1) lookup */
1160 struct secasvar *last = NULL;
1161
1162 SAVLIST_READER_FOREACH(sav, sah, state)
1163 last = sav;
1164 sav = last;
1165 }
1166 if (sav != NULL) {
1167 KEY_SA_REF(sav);
1168 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
1169 "DP cause refcnt++:%d SA:%p\n",
1170 key_sa_refcnt(sav), sav);
1171 break;
1172 }
1173 }
1174 out:
1175 pserialize_read_exit(s);
1176
1177 return sav;
1178 }
1179
1180 #if 0
1181 static void
1182 key_sendup_message_delete(struct secasvar *sav)
1183 {
1184 struct mbuf *m, *result = 0;
1185 uint8_t satype;
1186
1187 satype = key_proto2satype(sav->sah->saidx.proto);
1188 if (satype == 0)
1189 goto msgfail;
1190
1191 m = key_setsadbmsg(SADB_DELETE, 0, satype, 0, 0, key_sa_refcnt(sav) - 1);
1192 if (m == NULL)
1193 goto msgfail;
1194 result = m;
1195
1196 /* set sadb_address for saidx's. */
1197 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &sav->sah->saidx.src.sa,
1198 _BITS(sav->sah->saidx.src.sa.sa_len), IPSEC_ULPROTO_ANY);
1199 if (m == NULL)
1200 goto msgfail;
1201 m_cat(result, m);
1202
1203 /* set sadb_address for saidx's. */
1204 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &sav->sah->saidx.src.sa,
1205 _BITS(sav->sah->saidx.src.sa.sa_len), IPSEC_ULPROTO_ANY);
1206 if (m == NULL)
1207 goto msgfail;
1208 m_cat(result, m);
1209
1210 /* create SA extension */
1211 m = key_setsadbsa(sav);
1212 if (m == NULL)
1213 goto msgfail;
1214 m_cat(result, m);
1215
1216 if (result->m_len < sizeof(struct sadb_msg)) {
1217 result = m_pullup(result, sizeof(struct sadb_msg));
1218 if (result == NULL)
1219 goto msgfail;
1220 }
1221
1222 result->m_pkthdr.len = 0;
1223 for (m = result; m; m = m->m_next)
1224 result->m_pkthdr.len += m->m_len;
1225 mtod(result, struct sadb_msg *)->sadb_msg_len =
1226 PFKEY_UNIT64(result->m_pkthdr.len);
1227
1228 key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
1229 result = NULL;
1230 msgfail:
1231 if (result)
1232 m_freem(result);
1233 }
1234 #endif
1235
1236 /*
1237 * allocating a usable SA entry for a *INBOUND* packet.
1238 * Must call key_freesav() later.
1239 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state).
1240 * NULL: not found, or error occurred.
1241 *
1242 * In the comparison, no source address is used--for RFC2401 conformance.
1243 * To quote, from section 4.1:
1244 * A security association is uniquely identified by a triple consisting
1245 * of a Security Parameter Index (SPI), an IP Destination Address, and a
1246 * security protocol (AH or ESP) identifier.
1247 * Note that, however, we do need to keep source address in IPsec SA.
1248 * IKE specification and PF_KEY specification do assume that we
1249 * keep source address in IPsec SA. We see a tricky situation here.
1250 *
1251 * sport and dport are used for NAT-T. network order is always used.
1252 */
1253 struct secasvar *
key_lookup_sa(const union sockaddr_union * dst,u_int proto,u_int32_t spi,u_int16_t sport,u_int16_t dport,const char * where,int tag)1254 key_lookup_sa(
1255 const union sockaddr_union *dst,
1256 u_int proto,
1257 u_int32_t spi,
1258 u_int16_t sport,
1259 u_int16_t dport,
1260 const char* where, int tag)
1261 {
1262 struct secasvar *sav;
1263 int chkport;
1264 int s;
1265
1266 int must_check_spi = 1;
1267 int must_check_alg = 0;
1268 u_int16_t cpi = 0;
1269 u_int8_t algo = 0;
1270 uint32_t hash_key = spi;
1271
1272 if ((sport != 0) && (dport != 0))
1273 chkport = PORT_STRICT;
1274 else
1275 chkport = PORT_NONE;
1276
1277 KASSERT(dst != NULL);
1278
1279 /*
1280 * XXX IPCOMP case
1281 * We use cpi to define spi here. In the case where cpi <=
1282 * IPCOMP_CPI_NEGOTIATE_MIN, cpi just define the algorithm used, not
1283 * the real spi. In this case, don't check the spi but check the
1284 * algorithm
1285 */
1286
1287 if (proto == IPPROTO_IPCOMP) {
1288 u_int32_t tmp;
1289 tmp = ntohl(spi);
1290 cpi = (u_int16_t) tmp;
1291 if (cpi < IPCOMP_CPI_NEGOTIATE_MIN) {
1292 algo = (u_int8_t) cpi;
1293 hash_key = algo;
1294 must_check_spi = 0;
1295 must_check_alg = 1;
1296 }
1297 }
1298 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
1299 "DP from %s:%u check_spi=%d(%#x), check_alg=%d(%d), proto=%d\n",
1300 where, tag,
1301 must_check_spi, ntohl(spi),
1302 must_check_alg, algo,
1303 proto);
1304
1305
1306 /*
1307 * searching SAD.
1308 * XXX: to be checked internal IP header somewhere. Also when
1309 * IPsec tunnel packet is received. But ESP tunnel mode is
1310 * encrypted so we can't check internal IP header.
1311 */
1312 s = pserialize_read_enter();
1313 SAVLUT_READER_FOREACH(sav, &dst->sa, proto, hash_key) {
1314 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
1315 "try match spi %#x, %#x\n",
1316 ntohl(spi), ntohl(sav->spi));
1317
1318 /* do not return entries w/ unusable state */
1319 if (!SADB_SASTATE_USABLE_P(sav)) {
1320 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
1321 "bad state %d\n", sav->state);
1322 continue;
1323 }
1324 if (proto != sav->sah->saidx.proto) {
1325 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
1326 "proto fail %d != %d\n",
1327 proto, sav->sah->saidx.proto);
1328 continue;
1329 }
1330 if (must_check_spi && spi != sav->spi) {
1331 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
1332 "spi fail %#x != %#x\n",
1333 ntohl(spi), ntohl(sav->spi));
1334 continue;
1335 }
1336 /* XXX only on the ipcomp case */
1337 if (must_check_alg && algo != sav->alg_comp) {
1338 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
1339 "algo fail %d != %d\n",
1340 algo, sav->alg_comp);
1341 continue;
1342 }
1343
1344 #if 0 /* don't check src */
1345 /* Fix port in src->sa */
1346
1347 /* check src address */
1348 if (!key_sockaddr_match(&src->sa, &sav->sah->saidx.src.sa, PORT_NONE))
1349 continue;
1350 #endif
1351 /* fix port of dst address XXX*/
1352 key_porttosaddr(__UNCONST(dst), dport);
1353 /* check dst address */
1354 if (!key_sockaddr_match(&dst->sa, &sav->sah->saidx.dst.sa, chkport))
1355 continue;
1356 key_sa_ref(sav, where, tag);
1357 goto done;
1358 }
1359 sav = NULL;
1360 done:
1361 pserialize_read_exit(s);
1362
1363 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
1364 "DP return SA:%p; refcnt %u\n", sav, key_sa_refcnt(sav));
1365 return sav;
1366 }
1367
1368 static void
key_validate_savlist(const struct secashead * sah,const u_int state)1369 key_validate_savlist(const struct secashead *sah, const u_int state)
1370 {
1371 #ifdef DEBUG
1372 struct secasvar *sav, *next;
1373 int s;
1374
1375 /*
1376 * The list should be sorted by lft_c->sadb_lifetime_addtime
1377 * in ascending order.
1378 */
1379 s = pserialize_read_enter();
1380 SAVLIST_READER_FOREACH(sav, sah, state) {
1381 next = SAVLIST_READER_NEXT(sav);
1382 if (next != NULL &&
1383 sav->lft_c != NULL && next->lft_c != NULL) {
1384 KDASSERTMSG(sav->lft_c->sadb_lifetime_addtime <=
1385 next->lft_c->sadb_lifetime_addtime,
1386 "savlist is not sorted: sah=%p, state=%d, "
1387 "sav=%" PRIu64 ", next=%" PRIu64, sah, state,
1388 sav->lft_c->sadb_lifetime_addtime,
1389 next->lft_c->sadb_lifetime_addtime);
1390 }
1391 }
1392 pserialize_read_exit(s);
1393 #endif
1394 }
1395
1396 void
key_init_sp(struct secpolicy * sp)1397 key_init_sp(struct secpolicy *sp)
1398 {
1399
1400 ASSERT_SLEEPABLE();
1401
1402 sp->state = IPSEC_SPSTATE_ALIVE;
1403 if (sp->policy == IPSEC_POLICY_IPSEC)
1404 KASSERT(sp->req != NULL);
1405 localcount_init(&sp->localcount);
1406 SPLIST_ENTRY_INIT(sp);
1407 }
1408
1409 /*
1410 * Must be called in a pserialize read section. A held SP
1411 * must be released by key_sp_unref after use.
1412 */
1413 void
key_sp_ref(struct secpolicy * sp,const char * where,int tag)1414 key_sp_ref(struct secpolicy *sp, const char* where, int tag)
1415 {
1416
1417 localcount_acquire(&sp->localcount);
1418
1419 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
1420 "DP SP:%p (ID=%u) from %s:%u; refcnt++ now %u\n",
1421 sp, sp->id, where, tag, key_sp_refcnt(sp));
1422 }
1423
1424 /*
1425 * Must be called without holding key_spd.lock because the lock
1426 * would be held in localcount_release.
1427 */
1428 void
key_sp_unref(struct secpolicy * sp,const char * where,int tag)1429 key_sp_unref(struct secpolicy *sp, const char* where, int tag)
1430 {
1431
1432 KDASSERT(mutex_ownable(&key_spd.lock));
1433
1434 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
1435 "DP SP:%p (ID=%u) from %s:%u; refcnt-- now %u\n",
1436 sp, sp->id, where, tag, key_sp_refcnt(sp));
1437
1438 localcount_release(&sp->localcount, &key_spd.cv_lc, &key_spd.lock);
1439 }
1440
1441 static void
key_init_sav(struct secasvar * sav)1442 key_init_sav(struct secasvar *sav)
1443 {
1444
1445 ASSERT_SLEEPABLE();
1446
1447 localcount_init(&sav->localcount);
1448 SAVLIST_ENTRY_INIT(sav);
1449 SAVLUT_ENTRY_INIT(sav);
1450 }
1451
1452 u_int
key_sa_refcnt(const struct secasvar * sav)1453 key_sa_refcnt(const struct secasvar *sav)
1454 {
1455
1456 /* FIXME */
1457 return 0;
1458 }
1459
1460 void
key_sa_ref(struct secasvar * sav,const char * where,int tag)1461 key_sa_ref(struct secasvar *sav, const char* where, int tag)
1462 {
1463
1464 localcount_acquire(&sav->localcount);
1465
1466 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
1467 "DP cause refcnt++: SA:%p from %s:%u\n",
1468 sav, where, tag);
1469 }
1470
1471 void
key_sa_unref(struct secasvar * sav,const char * where,int tag)1472 key_sa_unref(struct secasvar *sav, const char* where, int tag)
1473 {
1474
1475 KDASSERT(mutex_ownable(&key_sad.lock));
1476
1477 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
1478 "DP cause refcnt--: SA:%p from %s:%u\n",
1479 sav, where, tag);
1480
1481 localcount_release(&sav->localcount, &key_sad.cv_lc, &key_sad.lock);
1482 }
1483
1484 #if 0
1485 /*
1486 * Must be called after calling key_lookup_sp*().
1487 * For the packet with socket.
1488 */
1489 static void
1490 key_freeso(struct socket *so)
1491 {
1492 /* sanity check */
1493 KASSERT(so != NULL);
1494
1495 switch (so->so_proto->pr_domain->dom_family) {
1496 #ifdef INET
1497 case PF_INET:
1498 {
1499 struct inpcb *pcb = sotoinpcb(so);
1500
1501 /* Does it have a PCB ? */
1502 if (pcb == NULL)
1503 return;
1504
1505 struct inpcbpolicy *sp = pcb->inp_sp;
1506 key_freesp_so(&sp->sp_in);
1507 key_freesp_so(&sp->sp_out);
1508 }
1509 break;
1510 #endif
1511 #ifdef INET6
1512 case PF_INET6:
1513 {
1514 #ifdef HAVE_NRL_INPCB
1515 struct inpcb *pcb = sotoinpcb(so);
1516 struct inpcbpolicy *sp = pcb->inp_sp;
1517
1518 /* Does it have a PCB ? */
1519 if (pcb == NULL)
1520 return;
1521 key_freesp_so(&sp->sp_in);
1522 key_freesp_so(&sp->sp_out);
1523 #else
1524 struct in6pcb *pcb = sotoin6pcb(so);
1525
1526 /* Does it have a PCB ? */
1527 if (pcb == NULL)
1528 return;
1529 key_freesp_so(&pcb->in6p_sp->sp_in);
1530 key_freesp_so(&pcb->in6p_sp->sp_out);
1531 #endif
1532 }
1533 break;
1534 #endif /* INET6 */
1535 default:
1536 IPSECLOG(LOG_DEBUG, "unknown address family=%d.\n",
1537 so->so_proto->pr_domain->dom_family);
1538 return;
1539 }
1540 }
1541
1542 static void
1543 key_freesp_so(struct secpolicy **sp)
1544 {
1545
1546 KASSERT(sp != NULL);
1547 KASSERT(*sp != NULL);
1548
1549 if ((*sp)->policy == IPSEC_POLICY_ENTRUST ||
1550 (*sp)->policy == IPSEC_POLICY_BYPASS)
1551 return;
1552
1553 KASSERTMSG((*sp)->policy == IPSEC_POLICY_IPSEC,
1554 "invalid policy %u", (*sp)->policy);
1555 KEY_SP_UNREF(&sp);
1556 }
1557 #endif
1558
1559 static void
key_sad_pserialize_perform(void)1560 key_sad_pserialize_perform(void)
1561 {
1562
1563 KASSERT(mutex_owned(&key_sad.lock));
1564
1565 while (key_sad.psz_performing)
1566 cv_wait(&key_sad.cv_psz, &key_sad.lock);
1567 key_sad.psz_performing = true;
1568 mutex_exit(&key_sad.lock);
1569
1570 pserialize_perform(key_sad.psz);
1571
1572 mutex_enter(&key_sad.lock);
1573 key_sad.psz_performing = false;
1574 cv_broadcast(&key_sad.cv_psz);
1575 }
1576
1577 /*
1578 * Remove the sav from the savlist of its sah and wait for references to the sav
1579 * to be released. key_sad.lock must be held.
1580 */
1581 static void
key_unlink_sav(struct secasvar * sav)1582 key_unlink_sav(struct secasvar *sav)
1583 {
1584
1585 KASSERT(mutex_owned(&key_sad.lock));
1586
1587 SAVLIST_WRITER_REMOVE(sav);
1588 SAVLUT_WRITER_REMOVE(sav);
1589
1590 KDASSERT(mutex_ownable(softnet_lock));
1591 key_sad_pserialize_perform();
1592
1593 localcount_drain(&sav->localcount, &key_sad.cv_lc, &key_sad.lock);
1594 }
1595
1596 /*
1597 * Destroy an sav where the sav must be unlinked from an sah
1598 * by say key_unlink_sav.
1599 */
1600 static void
key_destroy_sav(struct secasvar * sav)1601 key_destroy_sav(struct secasvar *sav)
1602 {
1603
1604 ASSERT_SLEEPABLE();
1605
1606 localcount_fini(&sav->localcount);
1607 SAVLIST_ENTRY_DESTROY(sav);
1608
1609 key_delsav(sav);
1610 }
1611
1612 /*
1613 * Wait for references of a passed sav to go away.
1614 */
1615 static void
key_wait_sav(struct secasvar * sav)1616 key_wait_sav(struct secasvar *sav)
1617 {
1618
1619 ASSERT_SLEEPABLE();
1620
1621 mutex_enter(&key_sad.lock);
1622 KASSERT(sav->state == SADB_SASTATE_DEAD);
1623 KDASSERT(mutex_ownable(softnet_lock));
1624 key_sad_pserialize_perform();
1625 localcount_drain(&sav->localcount, &key_sad.cv_lc, &key_sad.lock);
1626 mutex_exit(&key_sad.lock);
1627 }
1628
1629 /* %%% SPD management */
1630 /*
1631 * free security policy entry.
1632 */
1633 static void
key_destroy_sp(struct secpolicy * sp)1634 key_destroy_sp(struct secpolicy *sp)
1635 {
1636
1637 SPLIST_ENTRY_DESTROY(sp);
1638 localcount_fini(&sp->localcount);
1639
1640 key_free_sp(sp);
1641
1642 key_update_used();
1643 }
1644
1645 void
key_free_sp(struct secpolicy * sp)1646 key_free_sp(struct secpolicy *sp)
1647 {
1648 struct ipsecrequest *isr = sp->req, *nextisr;
1649
1650 while (isr != NULL) {
1651 nextisr = isr->next;
1652 kmem_free(isr, sizeof(*isr));
1653 isr = nextisr;
1654 }
1655
1656 kmem_free(sp, sizeof(*sp));
1657 }
1658
1659 void
key_socksplist_add(struct secpolicy * sp)1660 key_socksplist_add(struct secpolicy *sp)
1661 {
1662
1663 mutex_enter(&key_spd.lock);
1664 PSLIST_WRITER_INSERT_HEAD(&key_spd.socksplist, sp, pslist_entry);
1665 mutex_exit(&key_spd.lock);
1666
1667 key_update_used();
1668 }
1669
1670 /*
1671 * search SPD
1672 * OUT: NULL : not found
1673 * others : found, pointer to a SP.
1674 */
1675 static struct secpolicy *
key_getsp(const struct secpolicyindex * spidx)1676 key_getsp(const struct secpolicyindex *spidx)
1677 {
1678 struct secpolicy *sp;
1679 int s;
1680
1681 KASSERT(spidx != NULL);
1682
1683 s = pserialize_read_enter();
1684 SPLIST_READER_FOREACH(sp, spidx->dir) {
1685 if (sp->state == IPSEC_SPSTATE_DEAD)
1686 continue;
1687 if (key_spidx_match_exactly(spidx, &sp->spidx)) {
1688 KEY_SP_REF(sp);
1689 pserialize_read_exit(s);
1690 return sp;
1691 }
1692 }
1693 pserialize_read_exit(s);
1694
1695 return NULL;
1696 }
1697
1698 /*
1699 * search SPD and remove found SP
1700 * OUT: NULL : not found
1701 * others : found, pointer to a SP.
1702 */
1703 static struct secpolicy *
key_lookup_and_remove_sp(const struct secpolicyindex * spidx,bool from_kernel)1704 key_lookup_and_remove_sp(const struct secpolicyindex *spidx, bool from_kernel)
1705 {
1706 struct secpolicy *sp = NULL;
1707
1708 mutex_enter(&key_spd.lock);
1709 SPLIST_WRITER_FOREACH(sp, spidx->dir) {
1710 KASSERTMSG(sp->state != IPSEC_SPSTATE_DEAD, "sp->state=%u",
1711 sp->state);
1712 /*
1713 * SPs created in kernel(e.g. ipsec(4) I/F) must not be
1714 * removed by userland programs.
1715 */
1716 if (!from_kernel && sp->origin == IPSEC_SPORIGIN_KERNEL)
1717 continue;
1718 if (key_spidx_match_exactly(spidx, &sp->spidx)) {
1719 key_unlink_sp(sp);
1720 goto out;
1721 }
1722 }
1723 sp = NULL;
1724 out:
1725 mutex_exit(&key_spd.lock);
1726
1727 return sp;
1728 }
1729
1730 /*
1731 * get SP by index.
1732 * OUT: NULL : not found
1733 * others : found, pointer to a SP.
1734 */
1735 static struct secpolicy *
key_getspbyid(u_int32_t id)1736 key_getspbyid(u_int32_t id)
1737 {
1738 struct secpolicy *sp;
1739 int s;
1740
1741 s = pserialize_read_enter();
1742 SPLIST_READER_FOREACH(sp, IPSEC_DIR_INBOUND) {
1743 if (sp->state == IPSEC_SPSTATE_DEAD)
1744 continue;
1745 if (sp->id == id) {
1746 KEY_SP_REF(sp);
1747 goto out;
1748 }
1749 }
1750
1751 SPLIST_READER_FOREACH(sp, IPSEC_DIR_OUTBOUND) {
1752 if (sp->state == IPSEC_SPSTATE_DEAD)
1753 continue;
1754 if (sp->id == id) {
1755 KEY_SP_REF(sp);
1756 goto out;
1757 }
1758 }
1759 out:
1760 pserialize_read_exit(s);
1761 return sp;
1762 }
1763
1764 /*
1765 * get SP by index, remove and return it.
1766 * OUT: NULL : not found
1767 * others : found, pointer to a SP.
1768 */
1769 static struct secpolicy *
key_lookupbyid_and_remove_sp(u_int32_t id,bool from_kernel)1770 key_lookupbyid_and_remove_sp(u_int32_t id, bool from_kernel)
1771 {
1772 struct secpolicy *sp;
1773
1774 mutex_enter(&key_spd.lock);
1775 SPLIST_READER_FOREACH(sp, IPSEC_DIR_INBOUND) {
1776 KASSERTMSG(sp->state != IPSEC_SPSTATE_DEAD, "sp->state=%u",
1777 sp->state);
1778 /*
1779 * SPs created in kernel(e.g. ipsec(4) I/F) must not be
1780 * removed by userland programs.
1781 */
1782 if (!from_kernel && sp->origin == IPSEC_SPORIGIN_KERNEL)
1783 continue;
1784 if (sp->id == id)
1785 goto out;
1786 }
1787
1788 SPLIST_READER_FOREACH(sp, IPSEC_DIR_OUTBOUND) {
1789 KASSERTMSG(sp->state != IPSEC_SPSTATE_DEAD, "sp->state=%u",
1790 sp->state);
1791 /*
1792 * SPs created in kernel(e.g. ipsec(4) I/F) must not be
1793 * removed by userland programs.
1794 */
1795 if (!from_kernel && sp->origin == IPSEC_SPORIGIN_KERNEL)
1796 continue;
1797 if (sp->id == id)
1798 goto out;
1799 }
1800 out:
1801 if (sp != NULL)
1802 key_unlink_sp(sp);
1803 mutex_exit(&key_spd.lock);
1804 return sp;
1805 }
1806
1807 struct secpolicy *
key_newsp(const char * where,int tag)1808 key_newsp(const char* where, int tag)
1809 {
1810 struct secpolicy *newsp = NULL;
1811
1812 newsp = kmem_zalloc(sizeof(struct secpolicy), KM_SLEEP);
1813
1814 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
1815 "DP from %s:%u return SP:%p\n", where, tag, newsp);
1816 return newsp;
1817 }
1818
1819 /*
1820 * create secpolicy structure from sadb_x_policy structure.
1821 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1822 * so must be set properly later.
1823 */
1824 static struct secpolicy *
_key_msg2sp(const struct sadb_x_policy * xpl0,size_t len,int * error,bool from_kernel)1825 _key_msg2sp(const struct sadb_x_policy *xpl0, size_t len, int *error,
1826 bool from_kernel)
1827 {
1828 struct secpolicy *newsp;
1829
1830 KASSERT(!cpu_softintr_p());
1831 KASSERT(xpl0 != NULL);
1832 KASSERT(len >= sizeof(*xpl0));
1833
1834 if (len != PFKEY_EXTLEN(xpl0)) {
1835 IPSECLOG(LOG_DEBUG, "Invalid msg length.\n");
1836 *error = EINVAL;
1837 return NULL;
1838 }
1839
1840 newsp = KEY_NEWSP();
1841 if (newsp == NULL) {
1842 *error = ENOBUFS;
1843 return NULL;
1844 }
1845
1846 newsp->spidx.dir = xpl0->sadb_x_policy_dir;
1847 newsp->policy = xpl0->sadb_x_policy_type;
1848
1849 /* check policy */
1850 switch (xpl0->sadb_x_policy_type) {
1851 case IPSEC_POLICY_DISCARD:
1852 case IPSEC_POLICY_NONE:
1853 case IPSEC_POLICY_ENTRUST:
1854 case IPSEC_POLICY_BYPASS:
1855 newsp->req = NULL;
1856 *error = 0;
1857 return newsp;
1858
1859 case IPSEC_POLICY_IPSEC:
1860 /* Continued */
1861 break;
1862 default:
1863 IPSECLOG(LOG_DEBUG, "invalid policy type.\n");
1864 key_free_sp(newsp);
1865 *error = EINVAL;
1866 return NULL;
1867 }
1868
1869 /* IPSEC_POLICY_IPSEC */
1870 {
1871 int tlen;
1872 const struct sadb_x_ipsecrequest *xisr;
1873 uint16_t xisr_reqid;
1874 struct ipsecrequest **p_isr = &newsp->req;
1875
1876 /* validity check */
1877 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
1878 IPSECLOG(LOG_DEBUG, "Invalid msg length.\n");
1879 *error = EINVAL;
1880 goto free_exit;
1881 }
1882
1883 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
1884 xisr = (const struct sadb_x_ipsecrequest *)(xpl0 + 1);
1885
1886 while (tlen > 0) {
1887 /* length check */
1888 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
1889 IPSECLOG(LOG_DEBUG, "invalid ipsecrequest length.\n");
1890 *error = EINVAL;
1891 goto free_exit;
1892 }
1893
1894 /* allocate request buffer */
1895 *p_isr = kmem_zalloc(sizeof(**p_isr), KM_SLEEP);
1896
1897 /* set values */
1898 (*p_isr)->next = NULL;
1899
1900 switch (xisr->sadb_x_ipsecrequest_proto) {
1901 case IPPROTO_ESP:
1902 case IPPROTO_AH:
1903 case IPPROTO_IPCOMP:
1904 break;
1905 default:
1906 IPSECLOG(LOG_DEBUG, "invalid proto type=%u\n",
1907 xisr->sadb_x_ipsecrequest_proto);
1908 *error = EPROTONOSUPPORT;
1909 goto free_exit;
1910 }
1911 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
1912
1913 switch (xisr->sadb_x_ipsecrequest_mode) {
1914 case IPSEC_MODE_TRANSPORT:
1915 case IPSEC_MODE_TUNNEL:
1916 break;
1917 case IPSEC_MODE_ANY:
1918 default:
1919 IPSECLOG(LOG_DEBUG, "invalid mode=%u\n",
1920 xisr->sadb_x_ipsecrequest_mode);
1921 *error = EINVAL;
1922 goto free_exit;
1923 }
1924 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
1925
1926 switch (xisr->sadb_x_ipsecrequest_level) {
1927 case IPSEC_LEVEL_DEFAULT:
1928 case IPSEC_LEVEL_USE:
1929 case IPSEC_LEVEL_REQUIRE:
1930 break;
1931 case IPSEC_LEVEL_UNIQUE:
1932 xisr_reqid = xisr->sadb_x_ipsecrequest_reqid;
1933 /* validity check */
1934 /*
1935 * case 1) from_kernel == false
1936 * That means the request comes from userland.
1937 * If range violation of reqid, kernel will
1938 * update it, don't refuse it.
1939 *
1940 * case 2) from_kernel == true
1941 * That means the request comes from kernel
1942 * (e.g. ipsec(4) I/F).
1943 * Use thre requested reqid to avoid inconsistency
1944 * between kernel's reqid and the reqid in pf_key
1945 * message sent to userland. The pf_key message is
1946 * built by diverting request mbuf.
1947 */
1948 if (!from_kernel &&
1949 xisr_reqid > IPSEC_MANUAL_REQID_MAX) {
1950 IPSECLOG(LOG_DEBUG,
1951 "reqid=%d range "
1952 "violation, updated by kernel.\n",
1953 xisr_reqid);
1954 xisr_reqid = 0;
1955 }
1956
1957 /* allocate new reqid id if reqid is zero. */
1958 if (xisr_reqid == 0) {
1959 u_int16_t reqid = key_newreqid();
1960 if (reqid == 0) {
1961 *error = ENOBUFS;
1962 goto free_exit;
1963 }
1964 (*p_isr)->saidx.reqid = reqid;
1965 } else {
1966 /* set it for manual keying. */
1967 (*p_isr)->saidx.reqid = xisr_reqid;
1968 }
1969 break;
1970
1971 default:
1972 IPSECLOG(LOG_DEBUG, "invalid level=%u\n",
1973 xisr->sadb_x_ipsecrequest_level);
1974 *error = EINVAL;
1975 goto free_exit;
1976 }
1977 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
1978
1979 /* set IP addresses if there */
1980 /*
1981 * NOTE:
1982 * MOBIKE Extensions for PF_KEY draft says:
1983 * If tunnel mode is specified, the sadb_x_ipsecrequest
1984 * structure is followed by two sockaddr structures that
1985 * define the tunnel endpoint addresses. In the case that
1986 * transport mode is used, no additional addresses are
1987 * specified.
1988 * see: https://tools.ietf.org/html/draft-schilcher-mobike-pfkey-extension-01
1989 *
1990 * And then, the IP addresses will be set by
1991 * ipsec_fill_saidx_bymbuf() from packet in transport mode.
1992 * This behavior is used by NAT-T enabled ipsecif(4).
1993 */
1994 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
1995 const struct sockaddr *paddr;
1996
1997 paddr = (const struct sockaddr *)(xisr + 1);
1998
1999 /* validity check */
2000 if (paddr->sa_len > sizeof((*p_isr)->saidx.src)) {
2001 IPSECLOG(LOG_DEBUG, "invalid request "
2002 "address length.\n");
2003 *error = EINVAL;
2004 goto free_exit;
2005 }
2006 memcpy(&(*p_isr)->saidx.src, paddr, paddr->sa_len);
2007
2008 paddr = (const struct sockaddr *)((const char *)paddr
2009 + paddr->sa_len);
2010
2011 /* validity check */
2012 if (paddr->sa_len > sizeof((*p_isr)->saidx.dst)) {
2013 IPSECLOG(LOG_DEBUG, "invalid request "
2014 "address length.\n");
2015 *error = EINVAL;
2016 goto free_exit;
2017 }
2018 memcpy(&(*p_isr)->saidx.dst, paddr, paddr->sa_len);
2019 }
2020
2021 (*p_isr)->sp = newsp;
2022
2023 /* initialization for the next. */
2024 p_isr = &(*p_isr)->next;
2025 tlen -= xisr->sadb_x_ipsecrequest_len;
2026
2027 /* validity check */
2028 if (tlen < 0) {
2029 IPSECLOG(LOG_DEBUG, "becoming tlen < 0.\n");
2030 *error = EINVAL;
2031 goto free_exit;
2032 }
2033
2034 xisr = (const struct sadb_x_ipsecrequest *)((const char *)xisr +
2035 xisr->sadb_x_ipsecrequest_len);
2036 }
2037 }
2038
2039 *error = 0;
2040 return newsp;
2041
2042 free_exit:
2043 key_free_sp(newsp);
2044 return NULL;
2045 }
2046
2047 struct secpolicy *
key_msg2sp(const struct sadb_x_policy * xpl0,size_t len,int * error)2048 key_msg2sp(const struct sadb_x_policy *xpl0, size_t len, int *error)
2049 {
2050
2051 return _key_msg2sp(xpl0, len, error, false);
2052 }
2053
2054 u_int16_t
key_newreqid(void)2055 key_newreqid(void)
2056 {
2057 static u_int16_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
2058
2059 auto_reqid = (auto_reqid == 0xffff ?
2060 IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
2061
2062 /* XXX should be unique check */
2063
2064 return auto_reqid;
2065 }
2066
2067 /*
2068 * copy secpolicy struct to sadb_x_policy structure indicated.
2069 */
2070 struct mbuf *
key_sp2msg(const struct secpolicy * sp,int mflag)2071 key_sp2msg(const struct secpolicy *sp, int mflag)
2072 {
2073 struct sadb_x_policy *xpl;
2074 int tlen;
2075 char *p;
2076 struct mbuf *m;
2077
2078 KASSERT(sp != NULL);
2079
2080 tlen = key_getspreqmsglen(sp);
2081
2082 m = key_alloc_mbuf(tlen, mflag);
2083 if (!m || m->m_next) { /*XXX*/
2084 if (m)
2085 m_freem(m);
2086 return NULL;
2087 }
2088
2089 m->m_len = tlen;
2090 m->m_next = NULL;
2091 xpl = mtod(m, struct sadb_x_policy *);
2092 memset(xpl, 0, tlen);
2093
2094 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
2095 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
2096 xpl->sadb_x_policy_type = sp->policy;
2097 xpl->sadb_x_policy_dir = sp->spidx.dir;
2098 xpl->sadb_x_policy_id = sp->id;
2099 if (sp->origin == IPSEC_SPORIGIN_KERNEL)
2100 xpl->sadb_x_policy_flags |= IPSEC_POLICY_FLAG_ORIGIN_KERNEL;
2101 p = (char *)xpl + sizeof(*xpl);
2102
2103 /* if is the policy for ipsec ? */
2104 if (sp->policy == IPSEC_POLICY_IPSEC) {
2105 struct sadb_x_ipsecrequest *xisr;
2106 struct ipsecrequest *isr;
2107
2108 for (isr = sp->req; isr != NULL; isr = isr->next) {
2109
2110 xisr = (struct sadb_x_ipsecrequest *)p;
2111
2112 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
2113 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
2114 xisr->sadb_x_ipsecrequest_level = isr->level;
2115 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
2116
2117 p += sizeof(*xisr);
2118 memcpy(p, &isr->saidx.src, isr->saidx.src.sa.sa_len);
2119 p += isr->saidx.src.sa.sa_len;
2120 memcpy(p, &isr->saidx.dst, isr->saidx.dst.sa.sa_len);
2121 p += isr->saidx.src.sa.sa_len;
2122
2123 xisr->sadb_x_ipsecrequest_len =
2124 PFKEY_ALIGN8(sizeof(*xisr)
2125 + isr->saidx.src.sa.sa_len
2126 + isr->saidx.dst.sa.sa_len);
2127 }
2128 }
2129
2130 return m;
2131 }
2132
2133 /*
2134 * m will not be freed nor modified. It never return NULL.
2135 * If it returns a mbuf of M_PKTHDR, the mbuf ensures to have
2136 * contiguous length at least sizeof(struct sadb_msg).
2137 */
2138 static struct mbuf *
key_gather_mbuf(struct mbuf * m,const struct sadb_msghdr * mhp,int ndeep,int nitem,...)2139 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
2140 int ndeep, int nitem, ...)
2141 {
2142 va_list ap;
2143 int idx;
2144 int i;
2145 struct mbuf *result = NULL, *n;
2146 int len;
2147
2148 KASSERT(m != NULL);
2149 KASSERT(mhp != NULL);
2150 KASSERT(!cpu_softintr_p());
2151
2152 va_start(ap, nitem);
2153 for (i = 0; i < nitem; i++) {
2154 idx = va_arg(ap, int);
2155 KASSERT(idx >= 0);
2156 KASSERT(idx <= SADB_EXT_MAX);
2157 /* don't attempt to pull empty extension */
2158 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
2159 continue;
2160 if (idx != SADB_EXT_RESERVED &&
2161 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
2162 continue;
2163
2164 if (idx == SADB_EXT_RESERVED) {
2165 CTASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg)) <= MHLEN);
2166 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2167 MGETHDR(n, M_WAITOK, MT_DATA);
2168 n->m_len = len;
2169 n->m_next = NULL;
2170 m_copydata(m, 0, sizeof(struct sadb_msg),
2171 mtod(n, void *));
2172 } else if (i < ndeep) {
2173 len = mhp->extlen[idx];
2174 n = key_alloc_mbuf(len, M_WAITOK);
2175 KASSERT(n->m_next == NULL);
2176 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
2177 mtod(n, void *));
2178 } else {
2179 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
2180 M_WAITOK);
2181 }
2182 KASSERT(n != NULL);
2183
2184 if (result)
2185 m_cat(result, n);
2186 else
2187 result = n;
2188 }
2189 va_end(ap);
2190
2191 KASSERT(result != NULL);
2192 if ((result->m_flags & M_PKTHDR) != 0) {
2193 result->m_pkthdr.len = 0;
2194 for (n = result; n; n = n->m_next)
2195 result->m_pkthdr.len += n->m_len;
2196 KASSERT(result->m_len >= sizeof(struct sadb_msg));
2197 }
2198
2199 return result;
2200 }
2201
2202 /*
2203 * The argument _sp must not overwrite until SP is created and registered
2204 * successfully.
2205 */
2206 static int
key_spdadd(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp,struct secpolicy ** _sp,bool from_kernel)2207 key_spdadd(struct socket *so, struct mbuf *m,
2208 const struct sadb_msghdr *mhp, struct secpolicy **_sp,
2209 bool from_kernel)
2210 {
2211 const struct sockaddr *src, *dst;
2212 const struct sadb_x_policy *xpl0;
2213 struct sadb_x_policy *xpl;
2214 const struct sadb_lifetime *lft = NULL;
2215 struct secpolicyindex spidx;
2216 struct secpolicy *newsp;
2217 int error;
2218 uint32_t sadb_x_policy_id;
2219
2220 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
2221 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
2222 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
2223 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
2224 return key_senderror(so, m, EINVAL);
2225 }
2226 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
2227 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
2228 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2229 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
2230 return key_senderror(so, m, EINVAL);
2231 }
2232 if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
2233 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] <
2234 sizeof(struct sadb_lifetime)) {
2235 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
2236 return key_senderror(so, m, EINVAL);
2237 }
2238 lft = mhp->ext[SADB_EXT_LIFETIME_HARD];
2239 }
2240
2241 xpl0 = mhp->ext[SADB_X_EXT_POLICY];
2242
2243 /* checking the direciton. */
2244 switch (xpl0->sadb_x_policy_dir) {
2245 case IPSEC_DIR_INBOUND:
2246 case IPSEC_DIR_OUTBOUND:
2247 break;
2248 default:
2249 IPSECLOG(LOG_DEBUG, "Invalid SP direction.\n");
2250 return key_senderror(so, m, EINVAL);
2251 }
2252
2253 /* check policy */
2254 /* key_api_spdadd() accepts DISCARD, NONE and IPSEC. */
2255 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST ||
2256 xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
2257 IPSECLOG(LOG_DEBUG, "Invalid policy type.\n");
2258 return key_senderror(so, m, EINVAL);
2259 }
2260
2261 /* policy requests are mandatory when action is ipsec. */
2262 if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX &&
2263 xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
2264 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
2265 IPSECLOG(LOG_DEBUG, "some policy requests part required.\n");
2266 return key_senderror(so, m, EINVAL);
2267 }
2268
2269 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
2270 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
2271
2272 /* sanity check on addr pair */
2273 if (src->sa_family != dst->sa_family)
2274 return key_senderror(so, m, EINVAL);
2275 if (src->sa_len != dst->sa_len)
2276 return key_senderror(so, m, EINVAL);
2277
2278 key_init_spidx_bymsghdr(&spidx, mhp);
2279
2280 /*
2281 * checking there is SP already or not.
2282 * SPDUPDATE doesn't depend on whether there is a SP or not.
2283 * If the type is either SPDADD or SPDSETIDX AND a SP is found,
2284 * then error.
2285 */
2286 {
2287 struct secpolicy *sp;
2288
2289 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
2290 sp = key_lookup_and_remove_sp(&spidx, from_kernel);
2291 if (sp != NULL)
2292 key_destroy_sp(sp);
2293 } else {
2294 sp = key_getsp(&spidx);
2295 if (sp != NULL) {
2296 KEY_SP_UNREF(&sp);
2297 IPSECLOG(LOG_DEBUG, "a SP entry exists already.\n");
2298 return key_senderror(so, m, EEXIST);
2299 }
2300 }
2301 }
2302
2303 /* allocation new SP entry */
2304 newsp = _key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error, from_kernel);
2305 if (newsp == NULL) {
2306 return key_senderror(so, m, error);
2307 }
2308
2309 newsp->id = key_getnewspid();
2310 if (newsp->id == 0) {
2311 kmem_free(newsp, sizeof(*newsp));
2312 return key_senderror(so, m, ENOBUFS);
2313 }
2314
2315 newsp->spidx = spidx;
2316 newsp->created = time_uptime;
2317 newsp->lastused = newsp->created;
2318 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
2319 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
2320 if (from_kernel)
2321 newsp->origin = IPSEC_SPORIGIN_KERNEL;
2322 else
2323 newsp->origin = IPSEC_SPORIGIN_USER;
2324
2325 key_init_sp(newsp);
2326 if (from_kernel)
2327 KEY_SP_REF(newsp);
2328
2329 sadb_x_policy_id = newsp->id;
2330
2331 if (_sp != NULL)
2332 *_sp = newsp;
2333
2334 mutex_enter(&key_spd.lock);
2335 SPLIST_WRITER_INSERT_TAIL(newsp->spidx.dir, newsp);
2336 mutex_exit(&key_spd.lock);
2337 /*
2338 * We don't have a reference to newsp, so we must not touch newsp from
2339 * now on. If you want to do, you must take a reference beforehand.
2340 */
2341 newsp = NULL;
2342
2343 #ifdef notyet
2344 /* delete the entry in key_misc.spacqlist */
2345 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
2346 struct secspacq *spacq = key_getspacq(&spidx);
2347 if (spacq != NULL) {
2348 /* reset counter in order to deletion by timehandler. */
2349 spacq->created = time_uptime;
2350 spacq->count = 0;
2351 }
2352 }
2353 #endif
2354
2355 /* Invalidate all cached SPD pointers in the PCBs. */
2356 ipsec_invalpcbcacheall();
2357
2358 #if defined(GATEWAY)
2359 /* Invalidate the ipflow cache, as well. */
2360 ipflow_invalidate_all(0);
2361 #ifdef INET6
2362 if (in6_present)
2363 ip6flow_invalidate_all(0);
2364 #endif /* INET6 */
2365 #endif /* GATEWAY */
2366
2367 key_update_used();
2368
2369 {
2370 struct mbuf *n, *mpolicy;
2371 int off;
2372
2373 /* create new sadb_msg to reply. */
2374 if (lft) {
2375 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED,
2376 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD,
2377 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2378 } else {
2379 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED,
2380 SADB_X_EXT_POLICY,
2381 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2382 }
2383
2384 key_fill_replymsg(n, 0);
2385 off = 0;
2386 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
2387 sizeof(*xpl), &off);
2388 if (mpolicy == NULL) {
2389 /* n is already freed */
2390 /*
2391 * valid sp has been created, so we does not overwrite _sp
2392 * NULL here. let caller decide to use the sp or not.
2393 */
2394 return key_senderror(so, m, ENOBUFS);
2395 }
2396 xpl = (struct sadb_x_policy *)(mtod(mpolicy, char *) + off);
2397 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
2398 m_freem(n);
2399 /* ditto */
2400 return key_senderror(so, m, EINVAL);
2401 }
2402
2403 xpl->sadb_x_policy_id = sadb_x_policy_id;
2404
2405 m_freem(m);
2406 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2407 }
2408 }
2409
2410 /*
2411 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
2412 * add an entry to SP database, when received
2413 * <base, address(SD), (lifetime(H),) policy>
2414 * from the user(?).
2415 * Adding to SP database,
2416 * and send
2417 * <base, address(SD), (lifetime(H),) policy>
2418 * to the socket which was send.
2419 *
2420 * SPDADD set a unique policy entry.
2421 * SPDSETIDX like SPDADD without a part of policy requests.
2422 * SPDUPDATE replace a unique policy entry.
2423 *
2424 * m will always be freed.
2425 */
2426 static int
key_api_spdadd(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)2427 key_api_spdadd(struct socket *so, struct mbuf *m,
2428 const struct sadb_msghdr *mhp)
2429 {
2430
2431 return key_spdadd(so, m, mhp, NULL, false);
2432 }
2433
2434 struct secpolicy *
key_kpi_spdadd(struct mbuf * m)2435 key_kpi_spdadd(struct mbuf *m)
2436 {
2437 struct sadb_msghdr mh;
2438 int error;
2439 struct secpolicy *sp = NULL;
2440
2441 error = key_align(m, &mh);
2442 if (error)
2443 return NULL;
2444
2445 error = key_spdadd(NULL, m, &mh, &sp, true);
2446 if (error) {
2447 /*
2448 * Currently, when key_spdadd() cannot send a PFKEY message
2449 * which means SP has been created, key_spdadd() returns error
2450 * although SP is created successfully.
2451 * Kernel components would not care PFKEY messages, so return
2452 * the "sp" regardless of error code. key_spdadd() overwrites
2453 * the argument only if SP is created successfully.
2454 */
2455 }
2456 return sp;
2457 }
2458
2459 /*
2460 * get new policy id.
2461 * OUT:
2462 * 0: failure.
2463 * others: success.
2464 */
2465 static u_int32_t
key_getnewspid(void)2466 key_getnewspid(void)
2467 {
2468 u_int32_t newid = 0;
2469 int count = key_spi_trycnt; /* XXX */
2470 struct secpolicy *sp;
2471
2472 /* when requesting to allocate spi ranged */
2473 while (count--) {
2474 newid = (policy_id = (policy_id == ~0 ? 1 : policy_id + 1));
2475
2476 sp = key_getspbyid(newid);
2477 if (sp == NULL)
2478 break;
2479
2480 KEY_SP_UNREF(&sp);
2481 }
2482
2483 if (count == 0 || newid == 0) {
2484 IPSECLOG(LOG_DEBUG, "to allocate policy id is failed.\n");
2485 return 0;
2486 }
2487
2488 return newid;
2489 }
2490
2491 /*
2492 * SADB_SPDDELETE processing
2493 * receive
2494 * <base, address(SD), policy(*)>
2495 * from the user(?), and set SADB_SASTATE_DEAD,
2496 * and send,
2497 * <base, address(SD), policy(*)>
2498 * to the ikmpd.
2499 * policy(*) including direction of policy.
2500 *
2501 * m will always be freed.
2502 */
2503 static int
key_api_spddelete(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)2504 key_api_spddelete(struct socket *so, struct mbuf *m,
2505 const struct sadb_msghdr *mhp)
2506 {
2507 struct sadb_x_policy *xpl0;
2508 struct secpolicyindex spidx;
2509 struct secpolicy *sp;
2510
2511 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
2512 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
2513 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
2514 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
2515 return key_senderror(so, m, EINVAL);
2516 }
2517 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
2518 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
2519 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2520 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
2521 return key_senderror(so, m, EINVAL);
2522 }
2523
2524 xpl0 = mhp->ext[SADB_X_EXT_POLICY];
2525
2526 /* checking the direction. */
2527 switch (xpl0->sadb_x_policy_dir) {
2528 case IPSEC_DIR_INBOUND:
2529 case IPSEC_DIR_OUTBOUND:
2530 break;
2531 default:
2532 IPSECLOG(LOG_DEBUG, "Invalid SP direction.\n");
2533 return key_senderror(so, m, EINVAL);
2534 }
2535
2536 /* make secindex */
2537 key_init_spidx_bymsghdr(&spidx, mhp);
2538
2539 /* Is there SP in SPD ? */
2540 sp = key_lookup_and_remove_sp(&spidx, false);
2541 if (sp == NULL) {
2542 IPSECLOG(LOG_DEBUG, "no SP found.\n");
2543 return key_senderror(so, m, EINVAL);
2544 }
2545
2546 /* save policy id to buffer to be returned. */
2547 xpl0->sadb_x_policy_id = sp->id;
2548
2549 key_destroy_sp(sp);
2550
2551 /* We're deleting policy; no need to invalidate the ipflow cache. */
2552
2553 {
2554 struct mbuf *n;
2555
2556 /* create new sadb_msg to reply. */
2557 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
2558 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2559 key_fill_replymsg(n, 0);
2560 m_freem(m);
2561 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2562 }
2563 }
2564
2565 static struct mbuf *
key_alloc_mbuf_simple(int len,int mflag)2566 key_alloc_mbuf_simple(int len, int mflag)
2567 {
2568 struct mbuf *n;
2569
2570 KASSERT(mflag == M_NOWAIT || (mflag == M_WAITOK && !cpu_softintr_p()));
2571
2572 MGETHDR(n, mflag, MT_DATA);
2573 if (n && len > MHLEN) {
2574 MCLGET(n, mflag);
2575 if ((n->m_flags & M_EXT) == 0) {
2576 m_freem(n);
2577 n = NULL;
2578 }
2579 }
2580 return n;
2581 }
2582
2583 /*
2584 * SADB_SPDDELETE2 processing
2585 * receive
2586 * <base, policy(*)>
2587 * from the user(?), and set SADB_SASTATE_DEAD,
2588 * and send,
2589 * <base, policy(*)>
2590 * to the ikmpd.
2591 * policy(*) including direction of policy.
2592 *
2593 * m will always be freed.
2594 */
2595 static int
key_spddelete2(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp,bool from_kernel)2596 key_spddelete2(struct socket *so, struct mbuf *m,
2597 const struct sadb_msghdr *mhp, bool from_kernel)
2598 {
2599 u_int32_t id;
2600 struct secpolicy *sp;
2601 const struct sadb_x_policy *xpl;
2602
2603 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2604 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2605 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
2606 return key_senderror(so, m, EINVAL);
2607 }
2608
2609 xpl = mhp->ext[SADB_X_EXT_POLICY];
2610 id = xpl->sadb_x_policy_id;
2611
2612 /* Is there SP in SPD ? */
2613 sp = key_lookupbyid_and_remove_sp(id, from_kernel);
2614 if (sp == NULL) {
2615 IPSECLOG(LOG_DEBUG, "no SP found id:%u.\n", id);
2616 return key_senderror(so, m, EINVAL);
2617 }
2618
2619 key_destroy_sp(sp);
2620
2621 /* We're deleting policy; no need to invalidate the ipflow cache. */
2622
2623 {
2624 struct mbuf *n, *nn;
2625 int off, len;
2626
2627 CTASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg)) <= MCLBYTES);
2628
2629 /* create new sadb_msg to reply. */
2630 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2631
2632 n = key_alloc_mbuf_simple(len, M_WAITOK);
2633 n->m_len = len;
2634 n->m_next = NULL;
2635 off = 0;
2636
2637 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off);
2638 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
2639
2640 KASSERTMSG(off == len, "length inconsistency");
2641
2642 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
2643 mhp->extlen[SADB_X_EXT_POLICY], M_WAITOK);
2644
2645 n->m_pkthdr.len = 0;
2646 for (nn = n; nn; nn = nn->m_next)
2647 n->m_pkthdr.len += nn->m_len;
2648
2649 key_fill_replymsg(n, 0);
2650 m_freem(m);
2651 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2652 }
2653 }
2654
2655 /*
2656 * SADB_SPDDELETE2 processing
2657 * receive
2658 * <base, policy(*)>
2659 * from the user(?), and set SADB_SASTATE_DEAD,
2660 * and send,
2661 * <base, policy(*)>
2662 * to the ikmpd.
2663 * policy(*) including direction of policy.
2664 *
2665 * m will always be freed.
2666 */
2667 static int
key_api_spddelete2(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)2668 key_api_spddelete2(struct socket *so, struct mbuf *m,
2669 const struct sadb_msghdr *mhp)
2670 {
2671
2672 return key_spddelete2(so, m, mhp, false);
2673 }
2674
2675 int
key_kpi_spddelete2(struct mbuf * m)2676 key_kpi_spddelete2(struct mbuf *m)
2677 {
2678 struct sadb_msghdr mh;
2679 int error;
2680
2681 error = key_align(m, &mh);
2682 if (error)
2683 return EINVAL;
2684
2685 return key_spddelete2(NULL, m, &mh, true);
2686 }
2687
2688 /*
2689 * SADB_X_GET processing
2690 * receive
2691 * <base, policy(*)>
2692 * from the user(?),
2693 * and send,
2694 * <base, address(SD), policy>
2695 * to the ikmpd.
2696 * policy(*) including direction of policy.
2697 *
2698 * m will always be freed.
2699 */
2700 static int
key_api_spdget(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)2701 key_api_spdget(struct socket *so, struct mbuf *m,
2702 const struct sadb_msghdr *mhp)
2703 {
2704 u_int32_t id;
2705 struct secpolicy *sp;
2706 struct mbuf *n;
2707 const struct sadb_x_policy *xpl;
2708
2709 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2710 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2711 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
2712 return key_senderror(so, m, EINVAL);
2713 }
2714
2715 xpl = mhp->ext[SADB_X_EXT_POLICY];
2716 id = xpl->sadb_x_policy_id;
2717
2718 /* Is there SP in SPD ? */
2719 sp = key_getspbyid(id);
2720 if (sp == NULL) {
2721 IPSECLOG(LOG_DEBUG, "no SP found id:%u.\n", id);
2722 return key_senderror(so, m, ENOENT);
2723 }
2724
2725 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq,
2726 mhp->msg->sadb_msg_pid);
2727 KEY_SP_UNREF(&sp); /* ref gained by key_getspbyid */
2728 m_freem(m);
2729 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2730 }
2731
2732 #ifdef notyet
2733 /*
2734 * SADB_X_SPDACQUIRE processing.
2735 * Acquire policy and SA(s) for a *OUTBOUND* packet.
2736 * send
2737 * <base, policy(*)>
2738 * to KMD, and expect to receive
2739 * <base> with SADB_X_SPDACQUIRE if error occurred,
2740 * or
2741 * <base, policy>
2742 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
2743 * policy(*) is without policy requests.
2744 *
2745 * 0 : succeed
2746 * others: error number
2747 */
2748 int
key_spdacquire(const struct secpolicy * sp)2749 key_spdacquire(const struct secpolicy *sp)
2750 {
2751 struct mbuf *result = NULL, *m;
2752 struct secspacq *newspacq;
2753 int error;
2754
2755 KASSERT(sp != NULL);
2756 KASSERTMSG(sp->req == NULL, "called but there is request");
2757 KASSERTMSG(sp->policy == IPSEC_POLICY_IPSEC,
2758 "policy mismathed. IPsec is expected");
2759
2760 /* Get an entry to check whether sent message or not. */
2761 newspacq = key_getspacq(&sp->spidx);
2762 if (newspacq != NULL) {
2763 if (key_blockacq_count < newspacq->count) {
2764 /* reset counter and do send message. */
2765 newspacq->count = 0;
2766 } else {
2767 /* increment counter and do nothing. */
2768 newspacq->count++;
2769 return 0;
2770 }
2771 } else {
2772 /* make new entry for blocking to send SADB_ACQUIRE. */
2773 newspacq = key_newspacq(&sp->spidx);
2774 if (newspacq == NULL)
2775 return ENOBUFS;
2776
2777 /* add to key_misc.acqlist */
2778 LIST_INSERT_HEAD(&key_misc.spacqlist, newspacq, chain);
2779 }
2780
2781 /* create new sadb_msg to reply. */
2782 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
2783 if (!m) {
2784 error = ENOBUFS;
2785 goto fail;
2786 }
2787 result = m;
2788
2789 result->m_pkthdr.len = 0;
2790 for (m = result; m; m = m->m_next)
2791 result->m_pkthdr.len += m->m_len;
2792
2793 mtod(result, struct sadb_msg *)->sadb_msg_len =
2794 PFKEY_UNIT64(result->m_pkthdr.len);
2795
2796 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED);
2797
2798 fail:
2799 if (result)
2800 m_freem(result);
2801 return error;
2802 }
2803 #endif /* notyet */
2804
2805 /*
2806 * SADB_SPDFLUSH processing
2807 * receive
2808 * <base>
2809 * from the user, and free all entries in secpctree.
2810 * and send,
2811 * <base>
2812 * to the user.
2813 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
2814 *
2815 * m will always be freed.
2816 */
2817 static int
key_api_spdflush(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)2818 key_api_spdflush(struct socket *so, struct mbuf *m,
2819 const struct sadb_msghdr *mhp)
2820 {
2821 struct sadb_msg *newmsg;
2822 struct secpolicy *sp;
2823 u_int dir;
2824
2825 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
2826 return key_senderror(so, m, EINVAL);
2827
2828 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2829 retry:
2830 mutex_enter(&key_spd.lock);
2831 SPLIST_WRITER_FOREACH(sp, dir) {
2832 KASSERTMSG(sp->state != IPSEC_SPSTATE_DEAD,
2833 "sp->state=%u", sp->state);
2834 /*
2835 * Userlang programs can remove SPs created by userland
2836 * probrams only, that is, they cannot remove SPs
2837 * created in kernel(e.g. ipsec(4) I/F).
2838 */
2839 if (sp->origin == IPSEC_SPORIGIN_USER) {
2840 key_unlink_sp(sp);
2841 mutex_exit(&key_spd.lock);
2842 key_destroy_sp(sp);
2843 goto retry;
2844 }
2845 }
2846 mutex_exit(&key_spd.lock);
2847 }
2848
2849 /* We're deleting policy; no need to invalidate the ipflow cache. */
2850
2851 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
2852 IPSECLOG(LOG_DEBUG, "No more memory.\n");
2853 return key_senderror(so, m, ENOBUFS);
2854 }
2855
2856 if (m->m_next)
2857 m_freem(m->m_next);
2858 m->m_next = NULL;
2859 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2860 newmsg = mtod(m, struct sadb_msg *);
2861 newmsg->sadb_msg_errno = 0;
2862 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
2863
2864 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
2865 }
2866
2867 static struct sockaddr key_src = {
2868 .sa_len = 2,
2869 .sa_family = PF_KEY,
2870 };
2871
2872 static struct mbuf *
key_setspddump_chain(int * errorp,int * lenp,pid_t pid)2873 key_setspddump_chain(int *errorp, int *lenp, pid_t pid)
2874 {
2875 struct secpolicy *sp;
2876 int cnt;
2877 u_int dir;
2878 struct mbuf *m, *n, *prev;
2879 int totlen;
2880
2881 KASSERT(mutex_owned(&key_spd.lock));
2882
2883 *lenp = 0;
2884
2885 /* search SPD entry and get buffer size. */
2886 cnt = 0;
2887 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2888 SPLIST_WRITER_FOREACH(sp, dir) {
2889 cnt++;
2890 }
2891 }
2892
2893 if (cnt == 0) {
2894 *errorp = ENOENT;
2895 return (NULL);
2896 }
2897
2898 m = NULL;
2899 prev = m;
2900 totlen = 0;
2901 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2902 SPLIST_WRITER_FOREACH(sp, dir) {
2903 --cnt;
2904 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, pid);
2905
2906 totlen += n->m_pkthdr.len;
2907 if (!m) {
2908 m = n;
2909 } else {
2910 prev->m_nextpkt = n;
2911 }
2912 prev = n;
2913 }
2914 }
2915
2916 *lenp = totlen;
2917 *errorp = 0;
2918 return (m);
2919 }
2920
2921 /*
2922 * SADB_SPDDUMP processing
2923 * receive
2924 * <base>
2925 * from the user, and dump all SP leaves
2926 * and send,
2927 * <base> .....
2928 * to the ikmpd.
2929 *
2930 * m will always be freed.
2931 */
2932 static int
key_api_spddump(struct socket * so,struct mbuf * m0,const struct sadb_msghdr * mhp)2933 key_api_spddump(struct socket *so, struct mbuf *m0,
2934 const struct sadb_msghdr *mhp)
2935 {
2936 struct mbuf *n;
2937 int error, len;
2938 int ok;
2939 pid_t pid;
2940
2941 pid = mhp->msg->sadb_msg_pid;
2942 /*
2943 * If the requestor has insufficient socket-buffer space
2944 * for the entire chain, nobody gets any response to the DUMP.
2945 * XXX For now, only the requestor ever gets anything.
2946 * Moreover, if the requestor has any space at all, they receive
2947 * the entire chain, otherwise the request is refused with ENOBUFS.
2948 */
2949 if (sbspace(&so->so_rcv) <= 0) {
2950 return key_senderror(so, m0, ENOBUFS);
2951 }
2952
2953 mutex_enter(&key_spd.lock);
2954 n = key_setspddump_chain(&error, &len, pid);
2955 mutex_exit(&key_spd.lock);
2956
2957 if (n == NULL) {
2958 return key_senderror(so, m0, ENOENT);
2959 }
2960 {
2961 uint64_t *ps = PFKEY_STAT_GETREF();
2962 ps[PFKEY_STAT_IN_TOTAL]++;
2963 ps[PFKEY_STAT_IN_BYTES] += len;
2964 PFKEY_STAT_PUTREF();
2965 }
2966
2967 /*
2968 * PF_KEY DUMP responses are no longer broadcast to all PF_KEY sockets.
2969 * The requestor receives either the entire chain, or an
2970 * error message with ENOBUFS.
2971 */
2972
2973 /*
2974 * sbappendchainwith record takes the chain of entries, one
2975 * packet-record per SPD entry, prepends the key_src sockaddr
2976 * to each packet-record, links the sockaddr mbufs into a new
2977 * list of records, then appends the entire resulting
2978 * list to the requesting socket.
2979 */
2980 ok = sbappendaddrchain(&so->so_rcv, (struct sockaddr *)&key_src, n,
2981 SB_PRIO_ONESHOT_OVERFLOW);
2982
2983 if (!ok) {
2984 PFKEY_STATINC(PFKEY_STAT_IN_NOMEM);
2985 m_freem(n);
2986 return key_senderror(so, m0, ENOBUFS);
2987 }
2988
2989 m_freem(m0);
2990 return error;
2991 }
2992
2993 /*
2994 * SADB_X_NAT_T_NEW_MAPPING. Unused by racoon as of 2005/04/23
2995 */
2996 static int
key_api_nat_map(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)2997 key_api_nat_map(struct socket *so, struct mbuf *m,
2998 const struct sadb_msghdr *mhp)
2999 {
3000 struct sadb_x_nat_t_type *type;
3001 struct sadb_x_nat_t_port *sport;
3002 struct sadb_x_nat_t_port *dport;
3003 struct sadb_address *iaddr, *raddr;
3004 struct sadb_x_nat_t_frag *frag;
3005
3006 if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] == NULL ||
3007 mhp->ext[SADB_X_EXT_NAT_T_SPORT] == NULL ||
3008 mhp->ext[SADB_X_EXT_NAT_T_DPORT] == NULL) {
3009 IPSECLOG(LOG_DEBUG, "invalid message.\n");
3010 return key_senderror(so, m, EINVAL);
3011 }
3012 if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) ||
3013 (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) ||
3014 (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) {
3015 IPSECLOG(LOG_DEBUG, "invalid message.\n");
3016 return key_senderror(so, m, EINVAL);
3017 }
3018
3019 if ((mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) &&
3020 (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr))) {
3021 IPSECLOG(LOG_DEBUG, "invalid message\n");
3022 return key_senderror(so, m, EINVAL);
3023 }
3024
3025 if ((mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) &&
3026 (mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr))) {
3027 IPSECLOG(LOG_DEBUG, "invalid message\n");
3028 return key_senderror(so, m, EINVAL);
3029 }
3030
3031 if ((mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) &&
3032 (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag))) {
3033 IPSECLOG(LOG_DEBUG, "invalid message\n");
3034 return key_senderror(so, m, EINVAL);
3035 }
3036
3037 type = mhp->ext[SADB_X_EXT_NAT_T_TYPE];
3038 sport = mhp->ext[SADB_X_EXT_NAT_T_SPORT];
3039 dport = mhp->ext[SADB_X_EXT_NAT_T_DPORT];
3040 iaddr = mhp->ext[SADB_X_EXT_NAT_T_OAI];
3041 raddr = mhp->ext[SADB_X_EXT_NAT_T_OAR];
3042 frag = mhp->ext[SADB_X_EXT_NAT_T_FRAG];
3043
3044 /*
3045 * XXX handle that, it should also contain a SA, or anything
3046 * that enable to update the SA information.
3047 */
3048
3049 return 0;
3050 }
3051
3052 /*
3053 * Never return NULL.
3054 */
3055 static struct mbuf *
key_setdumpsp(struct secpolicy * sp,u_int8_t type,u_int32_t seq,pid_t pid)3056 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, pid_t pid)
3057 {
3058 struct mbuf *result = NULL, *m;
3059
3060 KASSERT(!cpu_softintr_p());
3061
3062 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid,
3063 key_sp_refcnt(sp), M_WAITOK);
3064 result = m;
3065
3066 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3067 &sp->spidx.src.sa, sp->spidx.prefs, sp->spidx.ul_proto, M_WAITOK);
3068 m_cat(result, m);
3069
3070 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3071 &sp->spidx.dst.sa, sp->spidx.prefd, sp->spidx.ul_proto, M_WAITOK);
3072 m_cat(result, m);
3073
3074 m = key_sp2msg(sp, M_WAITOK);
3075 m_cat(result, m);
3076
3077 KASSERT(result->m_flags & M_PKTHDR);
3078 KASSERT(result->m_len >= sizeof(struct sadb_msg));
3079
3080 result->m_pkthdr.len = 0;
3081 for (m = result; m; m = m->m_next)
3082 result->m_pkthdr.len += m->m_len;
3083
3084 mtod(result, struct sadb_msg *)->sadb_msg_len =
3085 PFKEY_UNIT64(result->m_pkthdr.len);
3086
3087 return result;
3088 }
3089
3090 /*
3091 * get PFKEY message length for security policy and request.
3092 */
3093 static u_int
key_getspreqmsglen(const struct secpolicy * sp)3094 key_getspreqmsglen(const struct secpolicy *sp)
3095 {
3096 u_int tlen;
3097
3098 tlen = sizeof(struct sadb_x_policy);
3099
3100 /* if is the policy for ipsec ? */
3101 if (sp->policy != IPSEC_POLICY_IPSEC)
3102 return tlen;
3103
3104 /* get length of ipsec requests */
3105 {
3106 const struct ipsecrequest *isr;
3107 int len;
3108
3109 for (isr = sp->req; isr != NULL; isr = isr->next) {
3110 len = sizeof(struct sadb_x_ipsecrequest)
3111 + isr->saidx.src.sa.sa_len + isr->saidx.dst.sa.sa_len;
3112
3113 tlen += PFKEY_ALIGN8(len);
3114 }
3115 }
3116
3117 return tlen;
3118 }
3119
3120 /*
3121 * SADB_SPDEXPIRE processing
3122 * send
3123 * <base, address(SD), lifetime(CH), policy>
3124 * to KMD by PF_KEY.
3125 *
3126 * OUT: 0 : succeed
3127 * others : error number
3128 */
3129 static int
key_spdexpire(struct secpolicy * sp)3130 key_spdexpire(struct secpolicy *sp)
3131 {
3132 int s;
3133 struct mbuf *result = NULL, *m;
3134 int len;
3135 int error = -1;
3136 struct sadb_lifetime *lt;
3137
3138 /* XXX: Why do we lock ? */
3139 s = splsoftnet(); /*called from softclock()*/
3140
3141 KASSERT(sp != NULL);
3142
3143 /* set msg header */
3144 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0, M_WAITOK);
3145 result = m;
3146
3147 /* create lifetime extension (current and hard) */
3148 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
3149 m = key_alloc_mbuf(len, M_WAITOK);
3150 KASSERT(m->m_next == NULL);
3151
3152 memset(mtod(m, void *), 0, len);
3153 lt = mtod(m, struct sadb_lifetime *);
3154 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3155 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
3156 lt->sadb_lifetime_allocations = 0;
3157 lt->sadb_lifetime_bytes = 0;
3158 lt->sadb_lifetime_addtime = time_mono_to_wall(sp->created);
3159 lt->sadb_lifetime_usetime = time_mono_to_wall(sp->lastused);
3160 lt = (struct sadb_lifetime *)(mtod(m, char *) + len / 2);
3161 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3162 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
3163 lt->sadb_lifetime_allocations = 0;
3164 lt->sadb_lifetime_bytes = 0;
3165 lt->sadb_lifetime_addtime = sp->lifetime;
3166 lt->sadb_lifetime_usetime = sp->validtime;
3167 m_cat(result, m);
3168
3169 /* set sadb_address for source */
3170 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &sp->spidx.src.sa,
3171 sp->spidx.prefs, sp->spidx.ul_proto, M_WAITOK);
3172 m_cat(result, m);
3173
3174 /* set sadb_address for destination */
3175 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &sp->spidx.dst.sa,
3176 sp->spidx.prefd, sp->spidx.ul_proto, M_WAITOK);
3177 m_cat(result, m);
3178
3179 /* set secpolicy */
3180 m = key_sp2msg(sp, M_WAITOK);
3181 m_cat(result, m);
3182
3183 KASSERT(result->m_flags & M_PKTHDR);
3184 KASSERT(result->m_len >= sizeof(struct sadb_msg));
3185
3186 result->m_pkthdr.len = 0;
3187 for (m = result; m; m = m->m_next)
3188 result->m_pkthdr.len += m->m_len;
3189
3190 mtod(result, struct sadb_msg *)->sadb_msg_len =
3191 PFKEY_UNIT64(result->m_pkthdr.len);
3192
3193 error = key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
3194 splx(s);
3195 return error;
3196 }
3197
3198 /* %%% SAD management */
3199 /*
3200 * allocating a memory for new SA head, and copy from the values of mhp.
3201 * OUT: NULL : failure due to the lack of memory.
3202 * others : pointer to new SA head.
3203 */
3204 static struct secashead *
key_newsah(const struct secasindex * saidx)3205 key_newsah(const struct secasindex *saidx)
3206 {
3207 struct secashead *newsah;
3208 int i;
3209
3210 KASSERT(saidx != NULL);
3211
3212 newsah = kmem_zalloc(sizeof(struct secashead), KM_SLEEP);
3213 for (i = 0; i < __arraycount(newsah->savlist); i++)
3214 PSLIST_INIT(&newsah->savlist[i]);
3215 newsah->saidx = *saidx;
3216
3217 localcount_init(&newsah->localcount);
3218 /* Take a reference for the caller */
3219 localcount_acquire(&newsah->localcount);
3220
3221 /* Add to the sah list */
3222 SAHLIST_ENTRY_INIT(newsah);
3223 newsah->state = SADB_SASTATE_MATURE;
3224 mutex_enter(&key_sad.lock);
3225 SAHLIST_WRITER_INSERT_HEAD(newsah);
3226 mutex_exit(&key_sad.lock);
3227
3228 return newsah;
3229 }
3230
3231 static bool
key_sah_has_sav(struct secashead * sah)3232 key_sah_has_sav(struct secashead *sah)
3233 {
3234 u_int state;
3235
3236 KASSERT(mutex_owned(&key_sad.lock));
3237
3238 SASTATE_ANY_FOREACH(state) {
3239 if (!SAVLIST_WRITER_EMPTY(sah, state))
3240 return true;
3241 }
3242
3243 return false;
3244 }
3245
3246 static void
key_unlink_sah(struct secashead * sah)3247 key_unlink_sah(struct secashead *sah)
3248 {
3249
3250 KASSERT(!cpu_softintr_p());
3251 KASSERT(mutex_owned(&key_sad.lock));
3252 KASSERTMSG(sah->state == SADB_SASTATE_DEAD, "sah->state=%u", sah->state);
3253
3254 /* Remove from the sah list */
3255 SAHLIST_WRITER_REMOVE(sah);
3256
3257 KDASSERT(mutex_ownable(softnet_lock));
3258 key_sad_pserialize_perform();
3259
3260 localcount_drain(&sah->localcount, &key_sad.cv_lc, &key_sad.lock);
3261 }
3262
3263 static void
key_destroy_sah(struct secashead * sah)3264 key_destroy_sah(struct secashead *sah)
3265 {
3266
3267 rtcache_free(&sah->sa_route);
3268
3269 SAHLIST_ENTRY_DESTROY(sah);
3270 localcount_fini(&sah->localcount);
3271
3272 if (sah->idents != NULL)
3273 kmem_free(sah->idents, sah->idents_len);
3274 if (sah->identd != NULL)
3275 kmem_free(sah->identd, sah->identd_len);
3276
3277 kmem_free(sah, sizeof(*sah));
3278 }
3279
3280 /*
3281 * allocating a new SA with LARVAL state.
3282 * key_api_add() and key_api_getspi() call,
3283 * and copy the values of mhp into new buffer.
3284 * When SAD message type is GETSPI:
3285 * to set sequence number from acq_seq++,
3286 * to set zero to SPI.
3287 * not to call key_setsaval().
3288 * OUT: NULL : fail
3289 * others : pointer to new secasvar.
3290 *
3291 * does not modify mbuf. does not free mbuf on error.
3292 */
3293 static struct secasvar *
key_newsav(struct mbuf * m,const struct sadb_msghdr * mhp,int * errp,int proto,const char * where,int tag)3294 key_newsav(struct mbuf *m, const struct sadb_msghdr *mhp,
3295 int *errp, int proto, const char* where, int tag)
3296 {
3297 struct secasvar *newsav;
3298 const struct sadb_sa *xsa;
3299
3300 KASSERT(!cpu_softintr_p());
3301 KASSERT(m != NULL);
3302 KASSERT(mhp != NULL);
3303 KASSERT(mhp->msg != NULL);
3304
3305 newsav = kmem_zalloc(sizeof(struct secasvar), KM_SLEEP);
3306
3307 switch (mhp->msg->sadb_msg_type) {
3308 case SADB_GETSPI:
3309 newsav->spi = 0;
3310
3311 #ifdef IPSEC_DOSEQCHECK
3312 /* sync sequence number */
3313 if (mhp->msg->sadb_msg_seq == 0)
3314 newsav->seq =
3315 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
3316 else
3317 #endif
3318 newsav->seq = mhp->msg->sadb_msg_seq;
3319 break;
3320
3321 case SADB_ADD:
3322 /* sanity check */
3323 if (mhp->ext[SADB_EXT_SA] == NULL) {
3324 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
3325 *errp = EINVAL;
3326 goto error;
3327 }
3328 xsa = mhp->ext[SADB_EXT_SA];
3329 newsav->spi = xsa->sadb_sa_spi;
3330 newsav->seq = mhp->msg->sadb_msg_seq;
3331 break;
3332 default:
3333 *errp = EINVAL;
3334 goto error;
3335 }
3336
3337 /* copy sav values */
3338 if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
3339 *errp = key_setsaval(newsav, m, mhp);
3340 if (*errp)
3341 goto error;
3342 } else {
3343 /* We don't allow lft_c to be NULL */
3344 newsav->lft_c = kmem_zalloc(sizeof(struct sadb_lifetime),
3345 KM_SLEEP);
3346 newsav->lft_c_counters_percpu =
3347 percpu_alloc(sizeof(lifetime_counters_t));
3348 }
3349
3350 /* reset created */
3351 newsav->created = time_uptime;
3352 newsav->pid = mhp->msg->sadb_msg_pid;
3353
3354 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
3355 "DP from %s:%u return SA:%p spi=%#x proto=%d\n",
3356 where, tag, newsav, ntohl(newsav->spi), proto);
3357 return newsav;
3358
3359 error:
3360 KASSERT(*errp != 0);
3361 kmem_free(newsav, sizeof(*newsav));
3362 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
3363 "DP from %s:%u return SA:NULL\n", where, tag);
3364 return NULL;
3365 }
3366
3367
3368 static void
key_clear_xform(struct secasvar * sav)3369 key_clear_xform(struct secasvar *sav)
3370 {
3371
3372 /*
3373 * Cleanup xform state. Note that zeroize'ing causes the
3374 * keys to be cleared; otherwise we must do it ourself.
3375 */
3376 if (sav->tdb_xform != NULL) {
3377 sav->tdb_xform->xf_zeroize(sav);
3378 sav->tdb_xform = NULL;
3379 } else {
3380 if (sav->key_auth != NULL)
3381 explicit_memset(_KEYBUF(sav->key_auth), 0,
3382 _KEYLEN(sav->key_auth));
3383 if (sav->key_enc != NULL)
3384 explicit_memset(_KEYBUF(sav->key_enc), 0,
3385 _KEYLEN(sav->key_enc));
3386 }
3387 }
3388
3389 /*
3390 * free() SA variable entry.
3391 */
3392 static void
key_delsav(struct secasvar * sav)3393 key_delsav(struct secasvar *sav)
3394 {
3395
3396 key_clear_xform(sav);
3397 key_freesaval(sav);
3398 kmem_free(sav, sizeof(*sav));
3399 }
3400
3401 /*
3402 * Must be called in a pserialize read section. A held sah
3403 * must be released by key_sah_unref after use.
3404 */
3405 static void
key_sah_ref(struct secashead * sah)3406 key_sah_ref(struct secashead *sah)
3407 {
3408
3409 localcount_acquire(&sah->localcount);
3410 }
3411
3412 /*
3413 * Must be called without holding key_sad.lock because the lock
3414 * would be held in localcount_release.
3415 */
3416 static void
key_sah_unref(struct secashead * sah)3417 key_sah_unref(struct secashead *sah)
3418 {
3419
3420 KDASSERT(mutex_ownable(&key_sad.lock));
3421
3422 localcount_release(&sah->localcount, &key_sad.cv_lc, &key_sad.lock);
3423 }
3424
3425 /*
3426 * Search SAD and return sah. Must be called in a pserialize
3427 * read section.
3428 * OUT:
3429 * NULL : not found
3430 * others : found, pointer to a SA.
3431 */
3432 static struct secashead *
key_getsah(const struct secasindex * saidx,int flag)3433 key_getsah(const struct secasindex *saidx, int flag)
3434 {
3435 struct secashead *sah;
3436
3437 SAHLIST_READER_FOREACH_SAIDX(sah, saidx) {
3438 if (sah->state == SADB_SASTATE_DEAD)
3439 continue;
3440 if (key_saidx_match(&sah->saidx, saidx, flag))
3441 return sah;
3442 }
3443
3444 return NULL;
3445 }
3446
3447 /*
3448 * Search SAD and return sah. If sah is returned, the caller must call
3449 * key_sah_unref to releaset a reference.
3450 * OUT:
3451 * NULL : not found
3452 * others : found, pointer to a SA.
3453 */
3454 static struct secashead *
key_getsah_ref(const struct secasindex * saidx,int flag)3455 key_getsah_ref(const struct secasindex *saidx, int flag)
3456 {
3457 struct secashead *sah;
3458 int s;
3459
3460 s = pserialize_read_enter();
3461 sah = key_getsah(saidx, flag);
3462 if (sah != NULL)
3463 key_sah_ref(sah);
3464 pserialize_read_exit(s);
3465
3466 return sah;
3467 }
3468
3469 /*
3470 * check not to be duplicated SPI.
3471 * NOTE: this function is too slow due to searching all SAD.
3472 * OUT:
3473 * NULL : not found
3474 * others : found, pointer to a SA.
3475 */
3476 static bool
key_checkspidup(const struct secasindex * saidx,u_int32_t spi)3477 key_checkspidup(const struct secasindex *saidx, u_int32_t spi)
3478 {
3479 struct secashead *sah;
3480 struct secasvar *sav;
3481
3482 /* check address family */
3483 if (saidx->src.sa.sa_family != saidx->dst.sa.sa_family) {
3484 IPSECLOG(LOG_DEBUG,
3485 "address family mismatched src %u, dst %u.\n",
3486 saidx->src.sa.sa_family, saidx->dst.sa.sa_family);
3487 return false;
3488 }
3489
3490 /* check all SAD */
3491 /* key_ismyaddr may sleep, so use mutex, not pserialize, here. */
3492 mutex_enter(&key_sad.lock);
3493 SAHLIST_WRITER_FOREACH(sah) {
3494 if (!key_ismyaddr((struct sockaddr *)&sah->saidx.dst))
3495 continue;
3496 sav = key_getsavbyspi(sah, spi);
3497 if (sav != NULL) {
3498 KEY_SA_UNREF(&sav);
3499 mutex_exit(&key_sad.lock);
3500 return true;
3501 }
3502 }
3503 mutex_exit(&key_sad.lock);
3504
3505 return false;
3506 }
3507
3508 /*
3509 * search SAD litmited alive SA, protocol, SPI.
3510 * OUT:
3511 * NULL : not found
3512 * others : found, pointer to a SA.
3513 */
3514 static struct secasvar *
key_getsavbyspi(struct secashead * sah,u_int32_t spi)3515 key_getsavbyspi(struct secashead *sah, u_int32_t spi)
3516 {
3517 struct secasvar *sav = NULL;
3518 u_int state;
3519 int s;
3520
3521 /* search all status */
3522 s = pserialize_read_enter();
3523 SASTATE_ALIVE_FOREACH(state) {
3524 SAVLIST_READER_FOREACH(sav, sah, state) {
3525 /* sanity check */
3526 if (sav->state != state) {
3527 IPSECLOG(LOG_DEBUG,
3528 "invalid sav->state (queue: %d SA: %d)\n",
3529 state, sav->state);
3530 continue;
3531 }
3532
3533 if (sav->spi == spi) {
3534 KEY_SA_REF(sav);
3535 goto out;
3536 }
3537 }
3538 }
3539 out:
3540 pserialize_read_exit(s);
3541
3542 return sav;
3543 }
3544
3545 /*
3546 * Search SAD litmited alive SA by an SPI and remove it from a list.
3547 * OUT:
3548 * NULL : not found
3549 * others : found, pointer to a SA.
3550 */
3551 static struct secasvar *
key_lookup_and_remove_sav(struct secashead * sah,u_int32_t spi,const struct secasvar * hint)3552 key_lookup_and_remove_sav(struct secashead *sah, u_int32_t spi,
3553 const struct secasvar *hint)
3554 {
3555 struct secasvar *sav = NULL;
3556 u_int state;
3557
3558 /* search all status */
3559 mutex_enter(&key_sad.lock);
3560 SASTATE_ALIVE_FOREACH(state) {
3561 SAVLIST_WRITER_FOREACH(sav, sah, state) {
3562 KASSERT(sav->state == state);
3563
3564 if (sav->spi == spi) {
3565 if (hint != NULL && hint != sav)
3566 continue;
3567 sav->state = SADB_SASTATE_DEAD;
3568 SAVLIST_WRITER_REMOVE(sav);
3569 SAVLUT_WRITER_REMOVE(sav);
3570 goto out;
3571 }
3572 }
3573 }
3574 out:
3575 mutex_exit(&key_sad.lock);
3576
3577 return sav;
3578 }
3579
3580 /*
3581 * Free allocated data to member variables of sav:
3582 * sav->replay, sav->key_* and sav->lft_*.
3583 */
3584 static void
key_freesaval(struct secasvar * sav)3585 key_freesaval(struct secasvar *sav)
3586 {
3587
3588 KASSERTMSG(key_sa_refcnt(sav) == 0, "key_sa_refcnt(sav)=%u",
3589 key_sa_refcnt(sav));
3590
3591 if (sav->replay != NULL)
3592 kmem_free(sav->replay, sav->replay_len);
3593 if (sav->key_auth != NULL)
3594 kmem_free(sav->key_auth, sav->key_auth_len);
3595 if (sav->key_enc != NULL)
3596 kmem_free(sav->key_enc, sav->key_enc_len);
3597 if (sav->lft_c_counters_percpu != NULL) {
3598 percpu_free(sav->lft_c_counters_percpu,
3599 sizeof(lifetime_counters_t));
3600 }
3601 if (sav->lft_c != NULL)
3602 kmem_free(sav->lft_c, sizeof(*(sav->lft_c)));
3603 if (sav->lft_h != NULL)
3604 kmem_free(sav->lft_h, sizeof(*(sav->lft_h)));
3605 if (sav->lft_s != NULL)
3606 kmem_free(sav->lft_s, sizeof(*(sav->lft_s)));
3607 }
3608
3609 /*
3610 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
3611 * You must update these if need.
3612 * OUT: 0: success.
3613 * !0: failure.
3614 *
3615 * does not modify mbuf. does not free mbuf on error.
3616 */
3617 static int
key_setsaval(struct secasvar * sav,struct mbuf * m,const struct sadb_msghdr * mhp)3618 key_setsaval(struct secasvar *sav, struct mbuf *m,
3619 const struct sadb_msghdr *mhp)
3620 {
3621 int error = 0;
3622
3623 KASSERT(!cpu_softintr_p());
3624 KASSERT(m != NULL);
3625 KASSERT(mhp != NULL);
3626 KASSERT(mhp->msg != NULL);
3627
3628 /* We shouldn't initialize sav variables while someone uses it. */
3629 KASSERTMSG(key_sa_refcnt(sav) == 0, "key_sa_refcnt(sav)=%u",
3630 key_sa_refcnt(sav));
3631
3632 /* SA */
3633 if (mhp->ext[SADB_EXT_SA] != NULL) {
3634 const struct sadb_sa *sa0;
3635
3636 sa0 = mhp->ext[SADB_EXT_SA];
3637 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
3638 error = EINVAL;
3639 goto fail;
3640 }
3641
3642 sav->alg_auth = sa0->sadb_sa_auth;
3643 sav->alg_enc = sa0->sadb_sa_encrypt;
3644 sav->flags = sa0->sadb_sa_flags;
3645
3646 /* replay window */
3647 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
3648 size_t len = sizeof(struct secreplay) +
3649 sa0->sadb_sa_replay;
3650 sav->replay = kmem_zalloc(len, KM_SLEEP);
3651 sav->replay_len = len;
3652 if (sa0->sadb_sa_replay != 0)
3653 sav->replay->bitmap = (char*)(sav->replay+1);
3654 sav->replay->wsize = sa0->sadb_sa_replay;
3655 }
3656 }
3657
3658 /* Authentication keys */
3659 if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
3660 const struct sadb_key *key0;
3661 int len;
3662
3663 key0 = mhp->ext[SADB_EXT_KEY_AUTH];
3664 len = mhp->extlen[SADB_EXT_KEY_AUTH];
3665
3666 error = 0;
3667 if (len < sizeof(*key0)) {
3668 error = EINVAL;
3669 goto fail;
3670 }
3671 switch (mhp->msg->sadb_msg_satype) {
3672 case SADB_SATYPE_AH:
3673 case SADB_SATYPE_ESP:
3674 case SADB_X_SATYPE_TCPSIGNATURE:
3675 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3676 sav->alg_auth != SADB_X_AALG_NULL)
3677 error = EINVAL;
3678 break;
3679 case SADB_X_SATYPE_IPCOMP:
3680 default:
3681 error = EINVAL;
3682 break;
3683 }
3684 if (error) {
3685 IPSECLOG(LOG_DEBUG, "invalid key_auth values.\n");
3686 goto fail;
3687 }
3688
3689 sav->key_auth = key_newbuf(key0, len);
3690 sav->key_auth_len = len;
3691 }
3692
3693 /* Encryption key */
3694 if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
3695 const struct sadb_key *key0;
3696 int len;
3697
3698 key0 = mhp->ext[SADB_EXT_KEY_ENCRYPT];
3699 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
3700
3701 error = 0;
3702 if (len < sizeof(*key0)) {
3703 error = EINVAL;
3704 goto fail;
3705 }
3706 switch (mhp->msg->sadb_msg_satype) {
3707 case SADB_SATYPE_ESP:
3708 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3709 sav->alg_enc != SADB_EALG_NULL) {
3710 error = EINVAL;
3711 break;
3712 }
3713 sav->key_enc = key_newbuf(key0, len);
3714 sav->key_enc_len = len;
3715 break;
3716 case SADB_X_SATYPE_IPCOMP:
3717 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
3718 error = EINVAL;
3719 sav->key_enc = NULL; /*just in case*/
3720 break;
3721 case SADB_SATYPE_AH:
3722 case SADB_X_SATYPE_TCPSIGNATURE:
3723 default:
3724 error = EINVAL;
3725 break;
3726 }
3727 if (error) {
3728 IPSECLOG(LOG_DEBUG, "invalid key_enc value.\n");
3729 goto fail;
3730 }
3731 }
3732
3733 /* set iv */
3734 sav->ivlen = 0;
3735
3736 switch (mhp->msg->sadb_msg_satype) {
3737 case SADB_SATYPE_AH:
3738 error = xform_init(sav, XF_AH);
3739 break;
3740 case SADB_SATYPE_ESP:
3741 error = xform_init(sav, XF_ESP);
3742 break;
3743 case SADB_X_SATYPE_IPCOMP:
3744 error = xform_init(sav, XF_IPCOMP);
3745 break;
3746 case SADB_X_SATYPE_TCPSIGNATURE:
3747 error = xform_init(sav, XF_TCPSIGNATURE);
3748 break;
3749 default:
3750 error = EOPNOTSUPP;
3751 break;
3752 }
3753 if (error) {
3754 IPSECLOG(LOG_DEBUG, "unable to initialize SA type %u (%d)\n",
3755 mhp->msg->sadb_msg_satype, error);
3756 goto fail;
3757 }
3758
3759 /* reset created */
3760 sav->created = time_uptime;
3761
3762 /* make lifetime for CURRENT */
3763 sav->lft_c = kmem_alloc(sizeof(struct sadb_lifetime), KM_SLEEP);
3764
3765 sav->lft_c->sadb_lifetime_len =
3766 PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3767 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
3768 sav->lft_c->sadb_lifetime_allocations = 0;
3769 sav->lft_c->sadb_lifetime_bytes = 0;
3770 sav->lft_c->sadb_lifetime_addtime = time_uptime;
3771 sav->lft_c->sadb_lifetime_usetime = 0;
3772
3773 sav->lft_c_counters_percpu = percpu_alloc(sizeof(lifetime_counters_t));
3774
3775 /* lifetimes for HARD and SOFT */
3776 {
3777 const struct sadb_lifetime *lft0;
3778
3779 lft0 = mhp->ext[SADB_EXT_LIFETIME_HARD];
3780 if (lft0 != NULL) {
3781 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
3782 error = EINVAL;
3783 goto fail;
3784 }
3785 sav->lft_h = key_newbuf(lft0, sizeof(*lft0));
3786 }
3787
3788 lft0 = mhp->ext[SADB_EXT_LIFETIME_SOFT];
3789 if (lft0 != NULL) {
3790 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
3791 error = EINVAL;
3792 goto fail;
3793 }
3794 sav->lft_s = key_newbuf(lft0, sizeof(*lft0));
3795 /* to be initialize ? */
3796 }
3797 }
3798
3799 return 0;
3800
3801 fail:
3802 key_clear_xform(sav);
3803 key_freesaval(sav);
3804
3805 return error;
3806 }
3807
3808 /*
3809 * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
3810 * OUT: 0: valid
3811 * other: errno
3812 */
3813 static int
key_init_xform(struct secasvar * sav)3814 key_init_xform(struct secasvar *sav)
3815 {
3816 int error;
3817
3818 /* We shouldn't initialize sav variables while someone uses it. */
3819 KASSERTMSG(key_sa_refcnt(sav) == 0, "key_sa_refcnt(sav)=%u",
3820 key_sa_refcnt(sav));
3821
3822 /* check SPI value */
3823 switch (sav->sah->saidx.proto) {
3824 case IPPROTO_ESP:
3825 case IPPROTO_AH:
3826 if (ntohl(sav->spi) <= 255) {
3827 IPSECLOG(LOG_DEBUG, "illegal range of SPI %u.\n",
3828 (u_int32_t)ntohl(sav->spi));
3829 return EINVAL;
3830 }
3831 break;
3832 }
3833
3834 /* check algo */
3835 switch (sav->sah->saidx.proto) {
3836 case IPPROTO_AH:
3837 case IPPROTO_TCP:
3838 if (sav->alg_enc != SADB_EALG_NONE) {
3839 IPSECLOG(LOG_DEBUG,
3840 "protocol %u and algorithm mismatched %u != %u.\n",
3841 sav->sah->saidx.proto,
3842 sav->alg_enc, SADB_EALG_NONE);
3843 return EINVAL;
3844 }
3845 break;
3846 case IPPROTO_IPCOMP:
3847 if (sav->alg_auth != SADB_AALG_NONE) {
3848 IPSECLOG(LOG_DEBUG,
3849 "protocol %u and algorithm mismatched %d != %d.\n",
3850 sav->sah->saidx.proto,
3851 sav->alg_auth, SADB_AALG_NONE);
3852 return(EINVAL);
3853 }
3854 break;
3855 default:
3856 break;
3857 }
3858
3859 /* check satype */
3860 switch (sav->sah->saidx.proto) {
3861 case IPPROTO_ESP:
3862 /* check flags */
3863 if ((sav->flags & (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) ==
3864 (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) {
3865 IPSECLOG(LOG_DEBUG,
3866 "invalid flag (derived) given to old-esp.\n");
3867 return EINVAL;
3868 }
3869 error = xform_init(sav, XF_ESP);
3870 break;
3871 case IPPROTO_AH:
3872 /* check flags */
3873 if (sav->flags & SADB_X_EXT_DERIV) {
3874 IPSECLOG(LOG_DEBUG,
3875 "invalid flag (derived) given to AH SA.\n");
3876 return EINVAL;
3877 }
3878 error = xform_init(sav, XF_AH);
3879 break;
3880 case IPPROTO_IPCOMP:
3881 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0
3882 && ntohl(sav->spi) >= 0x10000) {
3883 IPSECLOG(LOG_DEBUG, "invalid cpi for IPComp.\n");
3884 return(EINVAL);
3885 }
3886 error = xform_init(sav, XF_IPCOMP);
3887 break;
3888 case IPPROTO_TCP:
3889 error = xform_init(sav, XF_TCPSIGNATURE);
3890 break;
3891 default:
3892 IPSECLOG(LOG_DEBUG, "Invalid satype.\n");
3893 error = EPROTONOSUPPORT;
3894 break;
3895 }
3896
3897 return error;
3898 }
3899
3900 /*
3901 * subroutine for SADB_GET and SADB_DUMP. It never return NULL.
3902 */
3903 static struct mbuf *
key_setdumpsa(struct secasvar * sav,u_int8_t type,u_int8_t satype,u_int32_t seq,u_int32_t pid)3904 key_setdumpsa(struct secasvar *sav, u_int8_t type, u_int8_t satype,
3905 u_int32_t seq, u_int32_t pid)
3906 {
3907 struct mbuf *result = NULL, *tres = NULL, *m;
3908 int l = 0;
3909 int i;
3910 void *p;
3911 struct sadb_lifetime lt;
3912 int dumporder[] = {
3913 SADB_EXT_SA, SADB_X_EXT_SA2,
3914 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
3915 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
3916 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
3917 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
3918 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
3919 SADB_X_EXT_NAT_T_TYPE,
3920 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT,
3921 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR,
3922 SADB_X_EXT_NAT_T_FRAG,
3923
3924 };
3925
3926 m = key_setsadbmsg(type, 0, satype, seq, pid, key_sa_refcnt(sav), M_WAITOK);
3927 result = m;
3928
3929 for (i = __arraycount(dumporder) - 1; i >= 0; i--) {
3930 m = NULL;
3931 p = NULL;
3932 switch (dumporder[i]) {
3933 case SADB_EXT_SA:
3934 m = key_setsadbsa(sav);
3935 break;
3936
3937 case SADB_X_EXT_SA2:
3938 m = key_setsadbxsa2(sav->sah->saidx.mode,
3939 sav->replay ? sav->replay->count : 0,
3940 sav->sah->saidx.reqid);
3941 break;
3942
3943 case SADB_EXT_ADDRESS_SRC:
3944 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3945 &sav->sah->saidx.src.sa,
3946 FULLMASK, IPSEC_ULPROTO_ANY, M_WAITOK);
3947 break;
3948
3949 case SADB_EXT_ADDRESS_DST:
3950 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3951 &sav->sah->saidx.dst.sa,
3952 FULLMASK, IPSEC_ULPROTO_ANY, M_WAITOK);
3953 break;
3954
3955 case SADB_EXT_KEY_AUTH:
3956 if (!sav->key_auth)
3957 continue;
3958 l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len);
3959 p = sav->key_auth;
3960 break;
3961
3962 case SADB_EXT_KEY_ENCRYPT:
3963 if (!sav->key_enc)
3964 continue;
3965 l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len);
3966 p = sav->key_enc;
3967 break;
3968
3969 case SADB_EXT_LIFETIME_CURRENT: {
3970 lifetime_counters_t sum = {0};
3971
3972 KASSERT(sav->lft_c != NULL);
3973 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len);
3974 memcpy(<, sav->lft_c, sizeof(struct sadb_lifetime));
3975 lt.sadb_lifetime_addtime =
3976 time_mono_to_wall(lt.sadb_lifetime_addtime);
3977 lt.sadb_lifetime_usetime =
3978 time_mono_to_wall(lt.sadb_lifetime_usetime);
3979 percpu_foreach_xcall(sav->lft_c_counters_percpu,
3980 XC_HIGHPRI_IPL(IPL_SOFTNET),
3981 key_sum_lifetime_counters, sum);
3982 lt.sadb_lifetime_allocations =
3983 sum[LIFETIME_COUNTER_ALLOCATIONS];
3984 lt.sadb_lifetime_bytes =
3985 sum[LIFETIME_COUNTER_BYTES];
3986 p = <
3987 break;
3988 }
3989
3990 case SADB_EXT_LIFETIME_HARD:
3991 if (!sav->lft_h)
3992 continue;
3993 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len);
3994 p = sav->lft_h;
3995 break;
3996
3997 case SADB_EXT_LIFETIME_SOFT:
3998 if (!sav->lft_s)
3999 continue;
4000 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len);
4001 p = sav->lft_s;
4002 break;
4003
4004 case SADB_X_EXT_NAT_T_TYPE:
4005 m = key_setsadbxtype(sav->natt_type);
4006 break;
4007
4008 case SADB_X_EXT_NAT_T_DPORT:
4009 if (sav->natt_type == 0)
4010 continue;
4011 m = key_setsadbxport(
4012 key_portfromsaddr(&sav->sah->saidx.dst),
4013 SADB_X_EXT_NAT_T_DPORT);
4014 break;
4015
4016 case SADB_X_EXT_NAT_T_SPORT:
4017 if (sav->natt_type == 0)
4018 continue;
4019 m = key_setsadbxport(
4020 key_portfromsaddr(&sav->sah->saidx.src),
4021 SADB_X_EXT_NAT_T_SPORT);
4022 break;
4023
4024 case SADB_X_EXT_NAT_T_FRAG:
4025 /* don't send frag info if not set */
4026 if (sav->natt_type == 0 || sav->esp_frag == IP_MAXPACKET)
4027 continue;
4028 m = key_setsadbxfrag(sav->esp_frag);
4029 break;
4030
4031 case SADB_X_EXT_NAT_T_OAI:
4032 case SADB_X_EXT_NAT_T_OAR:
4033 continue;
4034
4035 case SADB_EXT_ADDRESS_PROXY:
4036 case SADB_EXT_IDENTITY_SRC:
4037 case SADB_EXT_IDENTITY_DST:
4038 /* XXX: should we brought from SPD ? */
4039 case SADB_EXT_SENSITIVITY:
4040 default:
4041 continue;
4042 }
4043
4044 KASSERT(!(m && p));
4045 KASSERT(m != NULL || p != NULL);
4046 if (p && tres) {
4047 M_PREPEND(tres, l, M_WAITOK);
4048 memcpy(mtod(tres, void *), p, l);
4049 continue;
4050 }
4051 if (p) {
4052 m = key_alloc_mbuf(l, M_WAITOK);
4053 m_copyback(m, 0, l, p);
4054 }
4055
4056 if (tres)
4057 m_cat(m, tres);
4058 tres = m;
4059 }
4060
4061 m_cat(result, tres);
4062 tres = NULL; /* avoid free on error below */
4063
4064 KASSERT(result->m_len >= sizeof(struct sadb_msg));
4065
4066 result->m_pkthdr.len = 0;
4067 for (m = result; m; m = m->m_next)
4068 result->m_pkthdr.len += m->m_len;
4069
4070 mtod(result, struct sadb_msg *)->sadb_msg_len =
4071 PFKEY_UNIT64(result->m_pkthdr.len);
4072
4073 return result;
4074 }
4075
4076
4077 /*
4078 * set a type in sadb_x_nat_t_type
4079 */
4080 static struct mbuf *
key_setsadbxtype(u_int16_t type)4081 key_setsadbxtype(u_int16_t type)
4082 {
4083 struct mbuf *m;
4084 size_t len;
4085 struct sadb_x_nat_t_type *p;
4086
4087 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type));
4088
4089 m = key_alloc_mbuf(len, M_WAITOK);
4090 KASSERT(m->m_next == NULL);
4091
4092 p = mtod(m, struct sadb_x_nat_t_type *);
4093
4094 memset(p, 0, len);
4095 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len);
4096 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
4097 p->sadb_x_nat_t_type_type = type;
4098
4099 return m;
4100 }
4101 /*
4102 * set a port in sadb_x_nat_t_port. port is in network order
4103 */
4104 static struct mbuf *
key_setsadbxport(u_int16_t port,u_int16_t type)4105 key_setsadbxport(u_int16_t port, u_int16_t type)
4106 {
4107 struct mbuf *m;
4108 size_t len;
4109 struct sadb_x_nat_t_port *p;
4110
4111 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port));
4112
4113 m = key_alloc_mbuf(len, M_WAITOK);
4114 KASSERT(m->m_next == NULL);
4115
4116 p = mtod(m, struct sadb_x_nat_t_port *);
4117
4118 memset(p, 0, len);
4119 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len);
4120 p->sadb_x_nat_t_port_exttype = type;
4121 p->sadb_x_nat_t_port_port = port;
4122
4123 return m;
4124 }
4125
4126 /*
4127 * set fragmentation info in sadb_x_nat_t_frag
4128 */
4129 static struct mbuf *
key_setsadbxfrag(u_int16_t flen)4130 key_setsadbxfrag(u_int16_t flen)
4131 {
4132 struct mbuf *m;
4133 size_t len;
4134 struct sadb_x_nat_t_frag *p;
4135
4136 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_frag));
4137
4138 m = key_alloc_mbuf(len, M_WAITOK);
4139 KASSERT(m->m_next == NULL);
4140
4141 p = mtod(m, struct sadb_x_nat_t_frag *);
4142
4143 memset(p, 0, len);
4144 p->sadb_x_nat_t_frag_len = PFKEY_UNIT64(len);
4145 p->sadb_x_nat_t_frag_exttype = SADB_X_EXT_NAT_T_FRAG;
4146 p->sadb_x_nat_t_frag_fraglen = flen;
4147
4148 return m;
4149 }
4150
4151 /*
4152 * Get port from sockaddr, port is in network order
4153 */
4154 u_int16_t
key_portfromsaddr(const union sockaddr_union * saddr)4155 key_portfromsaddr(const union sockaddr_union *saddr)
4156 {
4157 u_int16_t port;
4158
4159 switch (saddr->sa.sa_family) {
4160 case AF_INET: {
4161 port = saddr->sin.sin_port;
4162 break;
4163 }
4164 #ifdef INET6
4165 case AF_INET6: {
4166 port = saddr->sin6.sin6_port;
4167 break;
4168 }
4169 #endif
4170 default:
4171 printf("%s: unexpected address family\n", __func__);
4172 port = 0;
4173 break;
4174 }
4175
4176 return port;
4177 }
4178
4179
4180 /*
4181 * Set port is struct sockaddr. port is in network order
4182 */
4183 static void
key_porttosaddr(union sockaddr_union * saddr,u_int16_t port)4184 key_porttosaddr(union sockaddr_union *saddr, u_int16_t port)
4185 {
4186 switch (saddr->sa.sa_family) {
4187 case AF_INET: {
4188 saddr->sin.sin_port = port;
4189 break;
4190 }
4191 #ifdef INET6
4192 case AF_INET6: {
4193 saddr->sin6.sin6_port = port;
4194 break;
4195 }
4196 #endif
4197 default:
4198 printf("%s: unexpected address family %d\n", __func__,
4199 saddr->sa.sa_family);
4200 break;
4201 }
4202
4203 return;
4204 }
4205
4206 /*
4207 * Safety check sa_len
4208 */
4209 static int
key_checksalen(const union sockaddr_union * saddr)4210 key_checksalen(const union sockaddr_union *saddr)
4211 {
4212 switch (saddr->sa.sa_family) {
4213 case AF_INET:
4214 if (saddr->sa.sa_len != sizeof(struct sockaddr_in))
4215 return -1;
4216 break;
4217 #ifdef INET6
4218 case AF_INET6:
4219 if (saddr->sa.sa_len != sizeof(struct sockaddr_in6))
4220 return -1;
4221 break;
4222 #endif
4223 default:
4224 printf("%s: unexpected sa_family %d\n", __func__,
4225 saddr->sa.sa_family);
4226 return -1;
4227 break;
4228 }
4229 return 0;
4230 }
4231
4232
4233 /*
4234 * set data into sadb_msg.
4235 */
4236 static struct mbuf *
key_setsadbmsg(u_int8_t type,u_int16_t tlen,u_int8_t satype,u_int32_t seq,pid_t pid,u_int16_t reserved,int mflag)4237 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype,
4238 u_int32_t seq, pid_t pid, u_int16_t reserved, int mflag)
4239 {
4240 struct mbuf *m;
4241 struct sadb_msg *p;
4242 int len;
4243
4244 CTASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg)) <= MCLBYTES);
4245
4246 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
4247
4248 m = key_alloc_mbuf_simple(len, mflag);
4249 if (!m)
4250 return NULL;
4251 m->m_pkthdr.len = m->m_len = len;
4252 m->m_next = NULL;
4253
4254 p = mtod(m, struct sadb_msg *);
4255
4256 memset(p, 0, len);
4257 p->sadb_msg_version = PF_KEY_V2;
4258 p->sadb_msg_type = type;
4259 p->sadb_msg_errno = 0;
4260 p->sadb_msg_satype = satype;
4261 p->sadb_msg_len = PFKEY_UNIT64(tlen);
4262 p->sadb_msg_reserved = reserved;
4263 p->sadb_msg_seq = seq;
4264 p->sadb_msg_pid = (u_int32_t)pid;
4265
4266 return m;
4267 }
4268
4269 /*
4270 * copy secasvar data into sadb_address.
4271 */
4272 static struct mbuf *
key_setsadbsa(struct secasvar * sav)4273 key_setsadbsa(struct secasvar *sav)
4274 {
4275 struct mbuf *m;
4276 struct sadb_sa *p;
4277 int len;
4278
4279 len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
4280 m = key_alloc_mbuf(len, M_WAITOK);
4281 KASSERT(m->m_next == NULL);
4282
4283 p = mtod(m, struct sadb_sa *);
4284
4285 memset(p, 0, len);
4286 p->sadb_sa_len = PFKEY_UNIT64(len);
4287 p->sadb_sa_exttype = SADB_EXT_SA;
4288 p->sadb_sa_spi = sav->spi;
4289 p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);
4290 p->sadb_sa_state = sav->state;
4291 p->sadb_sa_auth = sav->alg_auth;
4292 p->sadb_sa_encrypt = sav->alg_enc;
4293 p->sadb_sa_flags = sav->flags;
4294
4295 return m;
4296 }
4297
4298 static uint8_t
key_sabits(const struct sockaddr * saddr)4299 key_sabits(const struct sockaddr *saddr)
4300 {
4301 switch (saddr->sa_family) {
4302 case AF_INET:
4303 return _BITS(sizeof(struct in_addr));
4304 case AF_INET6:
4305 return _BITS(sizeof(struct in6_addr));
4306 default:
4307 return FULLMASK;
4308 }
4309 }
4310
4311 /*
4312 * set data into sadb_address.
4313 */
4314 static struct mbuf *
key_setsadbaddr(u_int16_t exttype,const struct sockaddr * saddr,u_int8_t prefixlen,u_int16_t ul_proto,int mflag)4315 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr,
4316 u_int8_t prefixlen, u_int16_t ul_proto, int mflag)
4317 {
4318 struct mbuf *m;
4319 struct sadb_address *p;
4320 size_t len;
4321
4322 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
4323 PFKEY_ALIGN8(saddr->sa_len);
4324 m = key_alloc_mbuf(len, mflag);
4325 if (!m || m->m_next) { /*XXX*/
4326 if (m)
4327 m_freem(m);
4328 return NULL;
4329 }
4330
4331 p = mtod(m, struct sadb_address *);
4332
4333 memset(p, 0, len);
4334 p->sadb_address_len = PFKEY_UNIT64(len);
4335 p->sadb_address_exttype = exttype;
4336 p->sadb_address_proto = ul_proto;
4337 if (prefixlen == FULLMASK) {
4338 prefixlen = key_sabits(saddr);
4339 }
4340 p->sadb_address_prefixlen = prefixlen;
4341 p->sadb_address_reserved = 0;
4342
4343 memcpy(mtod(m, char *) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
4344 saddr, saddr->sa_len);
4345
4346 return m;
4347 }
4348
4349 #if 0
4350 /*
4351 * set data into sadb_ident.
4352 */
4353 static struct mbuf *
4354 key_setsadbident(u_int16_t exttype, u_int16_t idtype,
4355 void *string, int stringlen, u_int64_t id)
4356 {
4357 struct mbuf *m;
4358 struct sadb_ident *p;
4359 size_t len;
4360
4361 len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen);
4362 m = key_alloc_mbuf(len);
4363 if (!m || m->m_next) { /*XXX*/
4364 if (m)
4365 m_freem(m);
4366 return NULL;
4367 }
4368
4369 p = mtod(m, struct sadb_ident *);
4370
4371 memset(p, 0, len);
4372 p->sadb_ident_len = PFKEY_UNIT64(len);
4373 p->sadb_ident_exttype = exttype;
4374 p->sadb_ident_type = idtype;
4375 p->sadb_ident_reserved = 0;
4376 p->sadb_ident_id = id;
4377
4378 memcpy(mtod(m, void *) + PFKEY_ALIGN8(sizeof(struct sadb_ident)),
4379 string, stringlen);
4380
4381 return m;
4382 }
4383 #endif
4384
4385 /*
4386 * set data into sadb_x_sa2.
4387 */
4388 static struct mbuf *
key_setsadbxsa2(u_int8_t mode,u_int32_t seq,u_int16_t reqid)4389 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int16_t reqid)
4390 {
4391 struct mbuf *m;
4392 struct sadb_x_sa2 *p;
4393 size_t len;
4394
4395 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
4396 m = key_alloc_mbuf(len, M_WAITOK);
4397 KASSERT(m->m_next == NULL);
4398
4399 p = mtod(m, struct sadb_x_sa2 *);
4400
4401 memset(p, 0, len);
4402 p->sadb_x_sa2_len = PFKEY_UNIT64(len);
4403 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
4404 p->sadb_x_sa2_mode = mode;
4405 p->sadb_x_sa2_reserved1 = 0;
4406 p->sadb_x_sa2_reserved2 = 0;
4407 p->sadb_x_sa2_sequence = seq;
4408 p->sadb_x_sa2_reqid = reqid;
4409
4410 return m;
4411 }
4412
4413 /*
4414 * set data into sadb_x_policy
4415 */
4416 static struct mbuf *
key_setsadbxpolicy(const u_int16_t type,const u_int8_t dir,const u_int32_t id,int mflag)4417 key_setsadbxpolicy(const u_int16_t type, const u_int8_t dir, const u_int32_t id,
4418 int mflag)
4419 {
4420 struct mbuf *m;
4421 struct sadb_x_policy *p;
4422 size_t len;
4423
4424 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
4425 m = key_alloc_mbuf(len, mflag);
4426 if (!m || m->m_next) { /*XXX*/
4427 if (m)
4428 m_freem(m);
4429 return NULL;
4430 }
4431
4432 p = mtod(m, struct sadb_x_policy *);
4433
4434 memset(p, 0, len);
4435 p->sadb_x_policy_len = PFKEY_UNIT64(len);
4436 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
4437 p->sadb_x_policy_type = type;
4438 p->sadb_x_policy_dir = dir;
4439 p->sadb_x_policy_id = id;
4440
4441 return m;
4442 }
4443
4444 /* %%% utilities */
4445 /*
4446 * copy a buffer into the new buffer allocated.
4447 */
4448 static void *
key_newbuf(const void * src,u_int len)4449 key_newbuf(const void *src, u_int len)
4450 {
4451 void *new;
4452
4453 new = kmem_alloc(len, KM_SLEEP);
4454 memcpy(new, src, len);
4455
4456 return new;
4457 }
4458
4459 /* compare my own address
4460 * OUT: 1: true, i.e. my address.
4461 * 0: false
4462 */
4463 int
key_ismyaddr(const struct sockaddr * sa)4464 key_ismyaddr(const struct sockaddr *sa)
4465 {
4466 #ifdef INET
4467 const struct sockaddr_in *sin;
4468 const struct in_ifaddr *ia;
4469 int s;
4470 #endif
4471
4472 KASSERT(sa != NULL);
4473
4474 switch (sa->sa_family) {
4475 #ifdef INET
4476 case AF_INET:
4477 sin = (const struct sockaddr_in *)sa;
4478 s = pserialize_read_enter();
4479 IN_ADDRLIST_READER_FOREACH(ia) {
4480 if (sin->sin_family == ia->ia_addr.sin_family &&
4481 sin->sin_len == ia->ia_addr.sin_len &&
4482 sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr)
4483 {
4484 pserialize_read_exit(s);
4485 return 1;
4486 }
4487 }
4488 pserialize_read_exit(s);
4489 break;
4490 #endif
4491 #ifdef INET6
4492 case AF_INET6:
4493 return key_ismyaddr6((const struct sockaddr_in6 *)sa);
4494 #endif
4495 }
4496
4497 return 0;
4498 }
4499
4500 #ifdef INET6
4501 /*
4502 * compare my own address for IPv6.
4503 * 1: ours
4504 * 0: other
4505 * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
4506 */
4507 #include <netinet6/in6_var.h>
4508
4509 static int
key_ismyaddr6(const struct sockaddr_in6 * sin6)4510 key_ismyaddr6(const struct sockaddr_in6 *sin6)
4511 {
4512 struct in6_ifaddr *ia;
4513 int s;
4514 struct psref psref;
4515 int bound;
4516 int ours = 1;
4517
4518 bound = curlwp_bind();
4519 s = pserialize_read_enter();
4520 IN6_ADDRLIST_READER_FOREACH(ia) {
4521 if (key_sockaddr_match((const struct sockaddr *)&sin6,
4522 (const struct sockaddr *)&ia->ia_addr, 0)) {
4523 pserialize_read_exit(s);
4524 goto ours;
4525 }
4526
4527 if (IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) {
4528 bool ingroup;
4529
4530 ia6_acquire(ia, &psref);
4531 pserialize_read_exit(s);
4532
4533 /*
4534 * XXX Multicast
4535 * XXX why do we care about multlicast here while we don't care
4536 * about IPv4 multicast??
4537 * XXX scope
4538 */
4539 ingroup = in6_multi_group(&sin6->sin6_addr, ia->ia_ifp);
4540 if (ingroup) {
4541 ia6_release(ia, &psref);
4542 goto ours;
4543 }
4544
4545 s = pserialize_read_enter();
4546 ia6_release(ia, &psref);
4547 }
4548
4549 }
4550 pserialize_read_exit(s);
4551
4552 /* loopback, just for safety */
4553 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
4554 goto ours;
4555
4556 ours = 0;
4557 ours:
4558 curlwp_bindx(bound);
4559
4560 return ours;
4561 }
4562 #endif /*INET6*/
4563
4564 /*
4565 * compare two secasindex structure.
4566 * flag can specify to compare 2 saidxes.
4567 * compare two secasindex structure without both mode and reqid.
4568 * don't compare port.
4569 * IN:
4570 * saidx0: source, it can be in SAD.
4571 * saidx1: object.
4572 * OUT:
4573 * 1 : equal
4574 * 0 : not equal
4575 */
4576 static int
key_saidx_match(const struct secasindex * saidx0,const struct secasindex * saidx1,int flag)4577 key_saidx_match(
4578 const struct secasindex *saidx0,
4579 const struct secasindex *saidx1,
4580 int flag)
4581 {
4582 int chkport;
4583 const struct sockaddr *sa0src, *sa0dst, *sa1src, *sa1dst;
4584
4585 KASSERT(saidx0 != NULL);
4586 KASSERT(saidx1 != NULL);
4587
4588 /* sanity */
4589 if (saidx0->proto != saidx1->proto)
4590 return 0;
4591
4592 if (flag == CMP_EXACTLY) {
4593 if (saidx0->mode != saidx1->mode)
4594 return 0;
4595 if (saidx0->reqid != saidx1->reqid)
4596 return 0;
4597 if (memcmp(&saidx0->src, &saidx1->src, saidx0->src.sa.sa_len) != 0 ||
4598 memcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.sa.sa_len) != 0)
4599 return 0;
4600 } else {
4601
4602 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */
4603 if (flag == CMP_MODE_REQID ||flag == CMP_REQID) {
4604 /*
4605 * If reqid of SPD is non-zero, unique SA is required.
4606 * The result must be of same reqid in this case.
4607 */
4608 if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid)
4609 return 0;
4610 }
4611
4612 if (flag == CMP_MODE_REQID) {
4613 if (saidx0->mode != IPSEC_MODE_ANY &&
4614 saidx0->mode != saidx1->mode)
4615 return 0;
4616 }
4617
4618
4619 sa0src = &saidx0->src.sa;
4620 sa0dst = &saidx0->dst.sa;
4621 sa1src = &saidx1->src.sa;
4622 sa1dst = &saidx1->dst.sa;
4623 /*
4624 * If NAT-T is enabled, check ports for tunnel mode.
4625 * For ipsecif(4), check ports for transport mode, too.
4626 * Don't check ports if they are set to zero
4627 * in the SPD: This means we have a non-generated
4628 * SPD which can't know UDP ports.
4629 */
4630 if (saidx1->mode == IPSEC_MODE_TUNNEL ||
4631 saidx1->mode == IPSEC_MODE_TRANSPORT)
4632 chkport = PORT_LOOSE;
4633 else
4634 chkport = PORT_NONE;
4635
4636 if (!key_sockaddr_match(sa0src, sa1src, chkport)) {
4637 return 0;
4638 }
4639 if (!key_sockaddr_match(sa0dst, sa1dst, chkport)) {
4640 return 0;
4641 }
4642 }
4643
4644 return 1;
4645 }
4646
4647 /*
4648 * compare two secindex structure exactly.
4649 * IN:
4650 * spidx0: source, it is often in SPD.
4651 * spidx1: object, it is often from PFKEY message.
4652 * OUT:
4653 * 1 : equal
4654 * 0 : not equal
4655 */
4656 static int
key_spidx_match_exactly(const struct secpolicyindex * spidx0,const struct secpolicyindex * spidx1)4657 key_spidx_match_exactly(
4658 const struct secpolicyindex *spidx0,
4659 const struct secpolicyindex *spidx1)
4660 {
4661
4662 KASSERT(spidx0 != NULL);
4663 KASSERT(spidx1 != NULL);
4664
4665 /* sanity */
4666 if (spidx0->prefs != spidx1->prefs ||
4667 spidx0->prefd != spidx1->prefd ||
4668 spidx0->ul_proto != spidx1->ul_proto)
4669 return 0;
4670
4671 return key_sockaddr_match(&spidx0->src.sa, &spidx1->src.sa, PORT_STRICT) &&
4672 key_sockaddr_match(&spidx0->dst.sa, &spidx1->dst.sa, PORT_STRICT);
4673 }
4674
4675 /*
4676 * compare two secindex structure with mask.
4677 * IN:
4678 * spidx0: source, it is often in SPD.
4679 * spidx1: object, it is often from IP header.
4680 * OUT:
4681 * 1 : equal
4682 * 0 : not equal
4683 */
4684 static int
key_spidx_match_withmask(const struct secpolicyindex * spidx0,const struct secpolicyindex * spidx1)4685 key_spidx_match_withmask(
4686 const struct secpolicyindex *spidx0,
4687 const struct secpolicyindex *spidx1)
4688 {
4689
4690 KASSERT(spidx0 != NULL);
4691 KASSERT(spidx1 != NULL);
4692
4693 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family ||
4694 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family ||
4695 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len ||
4696 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) {
4697 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, ".sa wrong\n");
4698 return 0;
4699 }
4700
4701 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
4702 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY &&
4703 spidx0->ul_proto != spidx1->ul_proto) {
4704 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, "proto wrong\n");
4705 return 0;
4706 }
4707
4708 switch (spidx0->src.sa.sa_family) {
4709 case AF_INET:
4710 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY &&
4711 spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) {
4712 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, "v4 src port wrong\n");
4713 return 0;
4714 }
4715 if (!key_bb_match_withmask(&spidx0->src.sin.sin_addr,
4716 &spidx1->src.sin.sin_addr, spidx0->prefs)) {
4717 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, "v4 src addr wrong\n");
4718 return 0;
4719 }
4720 break;
4721 case AF_INET6:
4722 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY &&
4723 spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) {
4724 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, "v6 src port wrong\n");
4725 return 0;
4726 }
4727 /*
4728 * scope_id check. if sin6_scope_id is 0, we regard it
4729 * as a wildcard scope, which matches any scope zone ID.
4730 */
4731 if (spidx0->src.sin6.sin6_scope_id &&
4732 spidx1->src.sin6.sin6_scope_id &&
4733 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) {
4734 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, "v6 src scope wrong\n");
4735 return 0;
4736 }
4737 if (!key_bb_match_withmask(&spidx0->src.sin6.sin6_addr,
4738 &spidx1->src.sin6.sin6_addr, spidx0->prefs)) {
4739 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, "v6 src addr wrong\n");
4740 return 0;
4741 }
4742 break;
4743 default:
4744 /* XXX */
4745 if (memcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) {
4746 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, "src memcmp wrong\n");
4747 return 0;
4748 }
4749 break;
4750 }
4751
4752 switch (spidx0->dst.sa.sa_family) {
4753 case AF_INET:
4754 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY &&
4755 spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) {
4756 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, "v4 dst port wrong\n");
4757 return 0;
4758 }
4759 if (!key_bb_match_withmask(&spidx0->dst.sin.sin_addr,
4760 &spidx1->dst.sin.sin_addr, spidx0->prefd)) {
4761 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, "v4 dst addr wrong\n");
4762 return 0;
4763 }
4764 break;
4765 case AF_INET6:
4766 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY &&
4767 spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) {
4768 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, "v6 dst port wrong\n");
4769 return 0;
4770 }
4771 /*
4772 * scope_id check. if sin6_scope_id is 0, we regard it
4773 * as a wildcard scope, which matches any scope zone ID.
4774 */
4775 if (spidx0->src.sin6.sin6_scope_id &&
4776 spidx1->src.sin6.sin6_scope_id &&
4777 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) {
4778 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, "DP v6 dst scope wrong\n");
4779 return 0;
4780 }
4781 if (!key_bb_match_withmask(&spidx0->dst.sin6.sin6_addr,
4782 &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) {
4783 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, "v6 dst addr wrong\n");
4784 return 0;
4785 }
4786 break;
4787 default:
4788 /* XXX */
4789 if (memcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) {
4790 KEYDEBUG_PRINTF(KEYDEBUG_MATCH, "dst memcmp wrong\n");
4791 return 0;
4792 }
4793 break;
4794 }
4795
4796 /* XXX Do we check other field ? e.g. flowinfo */
4797
4798 return 1;
4799 }
4800
4801 /* returns 0 on match */
4802 static int
key_portcomp(in_port_t port1,in_port_t port2,int howport)4803 key_portcomp(in_port_t port1, in_port_t port2, int howport)
4804 {
4805 switch (howport) {
4806 case PORT_NONE:
4807 return 0;
4808 case PORT_LOOSE:
4809 if (port1 == 0 || port2 == 0)
4810 return 0;
4811 /*FALLTHROUGH*/
4812 case PORT_STRICT:
4813 if (port1 != port2) {
4814 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
4815 "port fail %d != %d\n", ntohs(port1), ntohs(port2));
4816 return 1;
4817 }
4818 return 0;
4819 default:
4820 KASSERT(0);
4821 return 1;
4822 }
4823 }
4824
4825 /* returns 1 on match */
4826 static int
key_sockaddr_match(const struct sockaddr * sa1,const struct sockaddr * sa2,int howport)4827 key_sockaddr_match(
4828 const struct sockaddr *sa1,
4829 const struct sockaddr *sa2,
4830 int howport)
4831 {
4832 const struct sockaddr_in *sin1, *sin2;
4833 const struct sockaddr_in6 *sin61, *sin62;
4834 char s1[IPSEC_ADDRSTRLEN], s2[IPSEC_ADDRSTRLEN];
4835
4836 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) {
4837 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
4838 "fam/len fail %d != %d || %d != %d\n",
4839 sa1->sa_family, sa2->sa_family, sa1->sa_len,
4840 sa2->sa_len);
4841 return 0;
4842 }
4843
4844 switch (sa1->sa_family) {
4845 case AF_INET:
4846 if (sa1->sa_len != sizeof(struct sockaddr_in)) {
4847 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
4848 "len fail %d != %zu\n",
4849 sa1->sa_len, sizeof(struct sockaddr_in));
4850 return 0;
4851 }
4852 sin1 = (const struct sockaddr_in *)sa1;
4853 sin2 = (const struct sockaddr_in *)sa2;
4854 if (sin1->sin_addr.s_addr != sin2->sin_addr.s_addr) {
4855 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
4856 "addr fail %s != %s\n",
4857 (in_print(s1, sizeof(s1), &sin1->sin_addr), s1),
4858 (in_print(s2, sizeof(s2), &sin2->sin_addr), s2));
4859 return 0;
4860 }
4861 if (key_portcomp(sin1->sin_port, sin2->sin_port, howport)) {
4862 return 0;
4863 }
4864 KEYDEBUG_PRINTF(KEYDEBUG_MATCH,
4865 "addr success %s[%d] == %s[%d]\n",
4866 (in_print(s1, sizeof(s1), &sin1->sin_addr), s1),
4867 ntohs(sin1->sin_port),
4868 (in_print(s2, sizeof(s2), &sin2->sin_addr), s2),
4869 ntohs(sin2->sin_port));
4870 break;
4871 case AF_INET6:
4872 sin61 = (const struct sockaddr_in6 *)sa1;
4873 sin62 = (const struct sockaddr_in6 *)sa2;
4874 if (sa1->sa_len != sizeof(struct sockaddr_in6))
4875 return 0; /*EINVAL*/
4876
4877 if (sin61->sin6_scope_id != sin62->sin6_scope_id) {
4878 return 0;
4879 }
4880 if (!IN6_ARE_ADDR_EQUAL(&sin61->sin6_addr, &sin62->sin6_addr)) {
4881 return 0;
4882 }
4883 if (key_portcomp(sin61->sin6_port, sin62->sin6_port, howport)) {
4884 return 0;
4885 }
4886 break;
4887 default:
4888 if (memcmp(sa1, sa2, sa1->sa_len) != 0)
4889 return 0;
4890 break;
4891 }
4892
4893 return 1;
4894 }
4895
4896 /*
4897 * compare two buffers with mask.
4898 * IN:
4899 * addr1: source
4900 * addr2: object
4901 * bits: Number of bits to compare
4902 * OUT:
4903 * 1 : equal
4904 * 0 : not equal
4905 */
4906 static int
key_bb_match_withmask(const void * a1,const void * a2,u_int bits)4907 key_bb_match_withmask(const void *a1, const void *a2, u_int bits)
4908 {
4909 const unsigned char *p1 = a1;
4910 const unsigned char *p2 = a2;
4911
4912 /* XXX: This could be considerably faster if we compare a word
4913 * at a time, but it is complicated on LSB Endian machines */
4914
4915 /* Handle null pointers */
4916 if (p1 == NULL || p2 == NULL)
4917 return (p1 == p2);
4918
4919 while (bits >= 8) {
4920 if (*p1++ != *p2++)
4921 return 0;
4922 bits -= 8;
4923 }
4924
4925 if (bits > 0) {
4926 u_int8_t mask = ~((1<<(8-bits))-1);
4927 if ((*p1 & mask) != (*p2 & mask))
4928 return 0;
4929 }
4930 return 1; /* Match! */
4931 }
4932
4933 static void
key_timehandler_spd(void)4934 key_timehandler_spd(void)
4935 {
4936 u_int dir;
4937 struct secpolicy *sp;
4938 volatile time_t now;
4939
4940 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
4941 retry:
4942 mutex_enter(&key_spd.lock);
4943 /*
4944 * To avoid for sp->created to overtake "now" because of
4945 * waiting mutex, set time_uptime here.
4946 */
4947 now = time_uptime;
4948 SPLIST_WRITER_FOREACH(sp, dir) {
4949 KASSERTMSG(sp->state != IPSEC_SPSTATE_DEAD,
4950 "sp->state=%u", sp->state);
4951
4952 if (sp->lifetime == 0 && sp->validtime == 0)
4953 continue;
4954
4955 if ((sp->lifetime && now - sp->created > sp->lifetime) ||
4956 (sp->validtime && now - sp->lastused > sp->validtime)) {
4957 key_unlink_sp(sp);
4958 mutex_exit(&key_spd.lock);
4959 key_spdexpire(sp);
4960 key_destroy_sp(sp);
4961 goto retry;
4962 }
4963 }
4964 mutex_exit(&key_spd.lock);
4965 }
4966
4967 retry_socksplist:
4968 mutex_enter(&key_spd.lock);
4969 SOCKSPLIST_WRITER_FOREACH(sp) {
4970 if (sp->state != IPSEC_SPSTATE_DEAD)
4971 continue;
4972
4973 key_unlink_sp(sp);
4974 mutex_exit(&key_spd.lock);
4975 key_destroy_sp(sp);
4976 goto retry_socksplist;
4977 }
4978 mutex_exit(&key_spd.lock);
4979 }
4980
4981 static void
key_timehandler_sad(void)4982 key_timehandler_sad(void)
4983 {
4984 struct secashead *sah;
4985 int s;
4986 volatile time_t now;
4987
4988 restart:
4989 mutex_enter(&key_sad.lock);
4990 SAHLIST_WRITER_FOREACH(sah) {
4991 /* If sah has been dead and has no sav, then delete it */
4992 if (sah->state == SADB_SASTATE_DEAD &&
4993 !key_sah_has_sav(sah)) {
4994 key_unlink_sah(sah);
4995 mutex_exit(&key_sad.lock);
4996 key_destroy_sah(sah);
4997 goto restart;
4998 }
4999 }
5000 mutex_exit(&key_sad.lock);
5001
5002 s = pserialize_read_enter();
5003 SAHLIST_READER_FOREACH(sah) {
5004 struct secasvar *sav;
5005
5006 key_sah_ref(sah);
5007 pserialize_read_exit(s);
5008
5009 /* if LARVAL entry doesn't become MATURE, delete it. */
5010 mutex_enter(&key_sad.lock);
5011 restart_sav_LARVAL:
5012 /*
5013 * Same as key_timehandler_spd(), set time_uptime here.
5014 */
5015 now = time_uptime;
5016 SAVLIST_WRITER_FOREACH(sav, sah, SADB_SASTATE_LARVAL) {
5017 if (now - sav->created > key_larval_lifetime) {
5018 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5019 goto restart_sav_LARVAL;
5020 }
5021 }
5022 mutex_exit(&key_sad.lock);
5023
5024 /*
5025 * check MATURE entry to start to send expire message
5026 * whether or not.
5027 */
5028 restart_sav_MATURE:
5029 mutex_enter(&key_sad.lock);
5030 /*
5031 * ditto
5032 */
5033 now = time_uptime;
5034 SAVLIST_WRITER_FOREACH(sav, sah, SADB_SASTATE_MATURE) {
5035 /* we don't need to check. */
5036 if (sav->lft_s == NULL)
5037 continue;
5038
5039 /* sanity check */
5040 KASSERT(sav->lft_c != NULL);
5041
5042 /* check SOFT lifetime */
5043 if (sav->lft_s->sadb_lifetime_addtime != 0 &&
5044 now - sav->created > sav->lft_s->sadb_lifetime_addtime) {
5045 /*
5046 * check SA to be used whether or not.
5047 * when SA hasn't been used, delete it.
5048 */
5049 if (sav->lft_c->sadb_lifetime_usetime == 0) {
5050 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5051 mutex_exit(&key_sad.lock);
5052 } else {
5053 key_sa_chgstate(sav, SADB_SASTATE_DYING);
5054 mutex_exit(&key_sad.lock);
5055 /*
5056 * XXX If we keep to send expire
5057 * message in the status of
5058 * DYING. Do remove below code.
5059 */
5060 key_expire(sav);
5061 }
5062 goto restart_sav_MATURE;
5063 }
5064 /* check SOFT lifetime by bytes */
5065 /*
5066 * XXX I don't know the way to delete this SA
5067 * when new SA is installed. Caution when it's
5068 * installed too big lifetime by time.
5069 */
5070 else {
5071 uint64_t lft_c_bytes = 0;
5072 lifetime_counters_t sum = {0};
5073
5074 percpu_foreach_xcall(sav->lft_c_counters_percpu,
5075 XC_HIGHPRI_IPL(IPL_SOFTNET),
5076 key_sum_lifetime_counters, sum);
5077 lft_c_bytes = sum[LIFETIME_COUNTER_BYTES];
5078
5079 if (sav->lft_s->sadb_lifetime_bytes == 0 ||
5080 sav->lft_s->sadb_lifetime_bytes >= lft_c_bytes)
5081 continue;
5082
5083 key_sa_chgstate(sav, SADB_SASTATE_DYING);
5084 mutex_exit(&key_sad.lock);
5085 /*
5086 * XXX If we keep to send expire
5087 * message in the status of
5088 * DYING. Do remove below code.
5089 */
5090 key_expire(sav);
5091 goto restart_sav_MATURE;
5092 }
5093 }
5094 mutex_exit(&key_sad.lock);
5095
5096 /* check DYING entry to change status to DEAD. */
5097 mutex_enter(&key_sad.lock);
5098 restart_sav_DYING:
5099 /*
5100 * ditto
5101 */
5102 now = time_uptime;
5103 SAVLIST_WRITER_FOREACH(sav, sah, SADB_SASTATE_DYING) {
5104 /* we don't need to check. */
5105 if (sav->lft_h == NULL)
5106 continue;
5107
5108 /* sanity check */
5109 KASSERT(sav->lft_c != NULL);
5110
5111 if (sav->lft_h->sadb_lifetime_addtime != 0 &&
5112 now - sav->created > sav->lft_h->sadb_lifetime_addtime) {
5113 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5114 goto restart_sav_DYING;
5115 }
5116 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
5117 else if (sav->lft_s != NULL
5118 && sav->lft_s->sadb_lifetime_addtime != 0
5119 && now - sav->created > sav->lft_s->sadb_lifetime_addtime) {
5120 /*
5121 * XXX: should be checked to be
5122 * installed the valid SA.
5123 */
5124
5125 /*
5126 * If there is no SA then sending
5127 * expire message.
5128 */
5129 key_expire(sav);
5130 }
5131 #endif
5132 /* check HARD lifetime by bytes */
5133 else {
5134 uint64_t lft_c_bytes = 0;
5135 lifetime_counters_t sum = {0};
5136
5137 percpu_foreach_xcall(sav->lft_c_counters_percpu,
5138 XC_HIGHPRI_IPL(IPL_SOFTNET),
5139 key_sum_lifetime_counters, sum);
5140 lft_c_bytes = sum[LIFETIME_COUNTER_BYTES];
5141
5142 if (sav->lft_h->sadb_lifetime_bytes == 0 ||
5143 sav->lft_h->sadb_lifetime_bytes >= lft_c_bytes)
5144 continue;
5145
5146 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5147 goto restart_sav_DYING;
5148 }
5149 }
5150 mutex_exit(&key_sad.lock);
5151
5152 /* delete entry in DEAD */
5153 restart_sav_DEAD:
5154 mutex_enter(&key_sad.lock);
5155 SAVLIST_WRITER_FOREACH(sav, sah, SADB_SASTATE_DEAD) {
5156 key_unlink_sav(sav);
5157 mutex_exit(&key_sad.lock);
5158 key_destroy_sav(sav);
5159 goto restart_sav_DEAD;
5160 }
5161 mutex_exit(&key_sad.lock);
5162
5163 s = pserialize_read_enter();
5164 key_sah_unref(sah);
5165 }
5166 pserialize_read_exit(s);
5167 }
5168
5169 static void
key_timehandler_acq(void)5170 key_timehandler_acq(void)
5171 {
5172 #ifndef IPSEC_NONBLOCK_ACQUIRE
5173 struct secacq *acq, *nextacq;
5174 volatile time_t now;
5175
5176 restart:
5177 mutex_enter(&key_misc.lock);
5178 /*
5179 * Same as key_timehandler_spd(), set time_uptime here.
5180 */
5181 now = time_uptime;
5182 LIST_FOREACH_SAFE(acq, &key_misc.acqlist, chain, nextacq) {
5183 if (now - acq->created > key_blockacq_lifetime) {
5184 LIST_REMOVE(acq, chain);
5185 mutex_exit(&key_misc.lock);
5186 kmem_free(acq, sizeof(*acq));
5187 goto restart;
5188 }
5189 }
5190 mutex_exit(&key_misc.lock);
5191 #endif
5192 }
5193
5194 static void
key_timehandler_spacq(void)5195 key_timehandler_spacq(void)
5196 {
5197 #ifdef notyet
5198 struct secspacq *acq, *nextacq;
5199 time_t now = time_uptime;
5200
5201 LIST_FOREACH_SAFE(acq, &key_misc.spacqlist, chain, nextacq) {
5202 if (now - acq->created > key_blockacq_lifetime) {
5203 KASSERT(__LIST_CHAINED(acq));
5204 LIST_REMOVE(acq, chain);
5205 kmem_free(acq, sizeof(*acq));
5206 }
5207 }
5208 #endif
5209 }
5210
5211 static unsigned int key_timehandler_work_enqueued = 0;
5212
5213 /*
5214 * time handler.
5215 * scanning SPD and SAD to check status for each entries,
5216 * and do to remove or to expire.
5217 */
5218 static void
key_timehandler_work(struct work * wk,void * arg)5219 key_timehandler_work(struct work *wk, void *arg)
5220 {
5221
5222 /* We can allow enqueuing another work at this point */
5223 atomic_swap_uint(&key_timehandler_work_enqueued, 0);
5224
5225 key_timehandler_spd();
5226 key_timehandler_sad();
5227 key_timehandler_acq();
5228 key_timehandler_spacq();
5229
5230 key_acquire_sendup_pending_mbuf();
5231
5232 /* do exchange to tick time !! */
5233 callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL);
5234
5235 return;
5236 }
5237
5238 static void
key_timehandler(void * arg)5239 key_timehandler(void *arg)
5240 {
5241
5242 /* Avoid enqueuing another work when one is already enqueued */
5243 if (atomic_swap_uint(&key_timehandler_work_enqueued, 1) == 1)
5244 return;
5245
5246 workqueue_enqueue(key_timehandler_wq, &key_timehandler_wk, NULL);
5247 }
5248
5249 u_long
key_random(void)5250 key_random(void)
5251 {
5252 u_long value;
5253
5254 key_randomfill(&value, sizeof(value));
5255 return value;
5256 }
5257
5258 void
key_randomfill(void * p,size_t l)5259 key_randomfill(void *p, size_t l)
5260 {
5261
5262 cprng_fast(p, l);
5263 }
5264
5265 /*
5266 * map SADB_SATYPE_* to IPPROTO_*.
5267 * if satype == SADB_SATYPE then satype is mapped to ~0.
5268 * OUT:
5269 * 0: invalid satype.
5270 */
5271 static u_int16_t
key_satype2proto(u_int8_t satype)5272 key_satype2proto(u_int8_t satype)
5273 {
5274 switch (satype) {
5275 case SADB_SATYPE_UNSPEC:
5276 return IPSEC_PROTO_ANY;
5277 case SADB_SATYPE_AH:
5278 return IPPROTO_AH;
5279 case SADB_SATYPE_ESP:
5280 return IPPROTO_ESP;
5281 case SADB_X_SATYPE_IPCOMP:
5282 return IPPROTO_IPCOMP;
5283 case SADB_X_SATYPE_TCPSIGNATURE:
5284 return IPPROTO_TCP;
5285 default:
5286 return 0;
5287 }
5288 /* NOTREACHED */
5289 }
5290
5291 /*
5292 * map IPPROTO_* to SADB_SATYPE_*
5293 * OUT:
5294 * 0: invalid protocol type.
5295 */
5296 static u_int8_t
key_proto2satype(u_int16_t proto)5297 key_proto2satype(u_int16_t proto)
5298 {
5299 switch (proto) {
5300 case IPPROTO_AH:
5301 return SADB_SATYPE_AH;
5302 case IPPROTO_ESP:
5303 return SADB_SATYPE_ESP;
5304 case IPPROTO_IPCOMP:
5305 return SADB_X_SATYPE_IPCOMP;
5306 case IPPROTO_TCP:
5307 return SADB_X_SATYPE_TCPSIGNATURE;
5308 default:
5309 return 0;
5310 }
5311 /* NOTREACHED */
5312 }
5313
5314 static int
key_setsecasidx(int proto,int mode,int reqid,const struct sockaddr * src,const struct sockaddr * dst,struct secasindex * saidx)5315 key_setsecasidx(int proto, int mode, int reqid,
5316 const struct sockaddr *src, const struct sockaddr *dst,
5317 struct secasindex * saidx)
5318 {
5319 const union sockaddr_union *src_u = (const union sockaddr_union *)src;
5320 const union sockaddr_union *dst_u = (const union sockaddr_union *)dst;
5321
5322 /* sa len safety check */
5323 if (key_checksalen(src_u) != 0)
5324 return -1;
5325 if (key_checksalen(dst_u) != 0)
5326 return -1;
5327
5328 memset(saidx, 0, sizeof(*saidx));
5329 saidx->proto = proto;
5330 saidx->mode = mode;
5331 saidx->reqid = reqid;
5332 memcpy(&saidx->src, src_u, src_u->sa.sa_len);
5333 memcpy(&saidx->dst, dst_u, dst_u->sa.sa_len);
5334
5335 key_porttosaddr(&((saidx)->src), 0);
5336 key_porttosaddr(&((saidx)->dst), 0);
5337 return 0;
5338 }
5339
5340 static void
key_init_spidx_bymsghdr(struct secpolicyindex * spidx,const struct sadb_msghdr * mhp)5341 key_init_spidx_bymsghdr(struct secpolicyindex *spidx,
5342 const struct sadb_msghdr *mhp)
5343 {
5344 const struct sadb_address *src0, *dst0;
5345 const struct sockaddr *src, *dst;
5346 const struct sadb_x_policy *xpl0;
5347
5348 src0 = mhp->ext[SADB_EXT_ADDRESS_SRC];
5349 dst0 = mhp->ext[SADB_EXT_ADDRESS_DST];
5350 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
5351 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
5352 xpl0 = mhp->ext[SADB_X_EXT_POLICY];
5353
5354 memset(spidx, 0, sizeof(*spidx));
5355 spidx->dir = xpl0->sadb_x_policy_dir;
5356 spidx->prefs = src0->sadb_address_prefixlen;
5357 spidx->prefd = dst0->sadb_address_prefixlen;
5358 spidx->ul_proto = src0->sadb_address_proto;
5359 /* XXX boundary check against sa_len */
5360 memcpy(&spidx->src, src, src->sa_len);
5361 memcpy(&spidx->dst, dst, dst->sa_len);
5362 }
5363
5364 /* %%% PF_KEY */
5365 /*
5366 * SADB_GETSPI processing is to receive
5367 * <base, (SA2), src address, dst address, (SPI range)>
5368 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
5369 * tree with the status of LARVAL, and send
5370 * <base, SA(*), address(SD)>
5371 * to the IKMPd.
5372 *
5373 * IN: mhp: pointer to the pointer to each header.
5374 * OUT: NULL if fail.
5375 * other if success, return pointer to the message to send.
5376 */
5377 static int
key_api_getspi(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)5378 key_api_getspi(struct socket *so, struct mbuf *m,
5379 const struct sadb_msghdr *mhp)
5380 {
5381 const struct sockaddr *src, *dst;
5382 struct secasindex saidx;
5383 struct secashead *sah;
5384 struct secasvar *newsav;
5385 u_int8_t proto;
5386 u_int32_t spi;
5387 u_int8_t mode;
5388 u_int16_t reqid;
5389 int error;
5390
5391 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5392 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5393 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
5394 return key_senderror(so, m, EINVAL);
5395 }
5396 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5397 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5398 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
5399 return key_senderror(so, m, EINVAL);
5400 }
5401 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
5402 const struct sadb_x_sa2 *sa2 = mhp->ext[SADB_X_EXT_SA2];
5403 mode = sa2->sadb_x_sa2_mode;
5404 reqid = sa2->sadb_x_sa2_reqid;
5405 } else {
5406 mode = IPSEC_MODE_ANY;
5407 reqid = 0;
5408 }
5409
5410 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
5411 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
5412
5413 /* map satype to proto */
5414 proto = key_satype2proto(mhp->msg->sadb_msg_satype);
5415 if (proto == 0) {
5416 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n");
5417 return key_senderror(so, m, EINVAL);
5418 }
5419
5420
5421 error = key_setsecasidx(proto, mode, reqid, src, dst, &saidx);
5422 if (error != 0)
5423 return key_senderror(so, m, EINVAL);
5424
5425 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp);
5426 if (error != 0)
5427 return key_senderror(so, m, EINVAL);
5428
5429 /* SPI allocation */
5430 spi = key_do_getnewspi(mhp->ext[SADB_EXT_SPIRANGE], &saidx);
5431 if (spi == 0)
5432 return key_senderror(so, m, EINVAL);
5433
5434 /* get a SA index */
5435 sah = key_getsah_ref(&saidx, CMP_REQID);
5436 if (sah == NULL) {
5437 /* create a new SA index */
5438 sah = key_newsah(&saidx);
5439 if (sah == NULL) {
5440 IPSECLOG(LOG_DEBUG, "No more memory.\n");
5441 return key_senderror(so, m, ENOBUFS);
5442 }
5443 }
5444
5445 /* get a new SA */
5446 /* XXX rewrite */
5447 newsav = KEY_NEWSAV(m, mhp, &error, proto);
5448 if (newsav == NULL) {
5449 key_sah_unref(sah);
5450 /* XXX don't free new SA index allocated in above. */
5451 return key_senderror(so, m, error);
5452 }
5453
5454 /* set spi */
5455 newsav->spi = htonl(spi);
5456
5457 /* Add to sah#savlist */
5458 key_init_sav(newsav);
5459 newsav->sah = sah;
5460 newsav->state = SADB_SASTATE_LARVAL;
5461 mutex_enter(&key_sad.lock);
5462 SAVLIST_WRITER_INSERT_TAIL(sah, SADB_SASTATE_LARVAL, newsav);
5463 mutex_exit(&key_sad.lock);
5464 key_validate_savlist(sah, SADB_SASTATE_LARVAL);
5465
5466 key_sah_unref(sah);
5467
5468 #ifndef IPSEC_NONBLOCK_ACQUIRE
5469 /* delete the entry in key_misc.acqlist */
5470 if (mhp->msg->sadb_msg_seq != 0) {
5471 struct secacq *acq;
5472 mutex_enter(&key_misc.lock);
5473 acq = key_getacqbyseq(mhp->msg->sadb_msg_seq);
5474 if (acq != NULL) {
5475 /* reset counter in order to deletion by timehandler. */
5476 acq->created = time_uptime;
5477 acq->count = 0;
5478 }
5479 mutex_exit(&key_misc.lock);
5480 }
5481 #endif
5482
5483 {
5484 struct mbuf *n, *nn;
5485 struct sadb_sa *m_sa;
5486 int off, len;
5487
5488 CTASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
5489 PFKEY_ALIGN8(sizeof(struct sadb_sa)) <= MCLBYTES);
5490
5491 /* create new sadb_msg to reply. */
5492 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
5493 PFKEY_ALIGN8(sizeof(struct sadb_sa));
5494
5495 n = key_alloc_mbuf_simple(len, M_WAITOK);
5496 n->m_len = len;
5497 n->m_next = NULL;
5498 off = 0;
5499
5500 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off);
5501 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
5502
5503 m_sa = (struct sadb_sa *)(mtod(n, char *) + off);
5504 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
5505 m_sa->sadb_sa_exttype = SADB_EXT_SA;
5506 m_sa->sadb_sa_spi = htonl(spi);
5507 off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
5508
5509 KASSERTMSG(off == len, "length inconsistency");
5510
5511 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC,
5512 SADB_EXT_ADDRESS_DST);
5513
5514 KASSERT(n->m_len >= sizeof(struct sadb_msg));
5515
5516 n->m_pkthdr.len = 0;
5517 for (nn = n; nn; nn = nn->m_next)
5518 n->m_pkthdr.len += nn->m_len;
5519
5520 key_fill_replymsg(n, newsav->seq);
5521 m_freem(m);
5522 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
5523 }
5524 }
5525
5526 /*
5527 * allocating new SPI
5528 * called by key_api_getspi().
5529 * OUT:
5530 * 0: failure.
5531 * others: success.
5532 */
5533 static u_int32_t
key_do_getnewspi(const struct sadb_spirange * spirange,const struct secasindex * saidx)5534 key_do_getnewspi(const struct sadb_spirange *spirange,
5535 const struct secasindex *saidx)
5536 {
5537 u_int32_t newspi;
5538 u_int32_t spmin, spmax;
5539 int count = key_spi_trycnt;
5540
5541 /* set spi range to allocate */
5542 if (spirange != NULL) {
5543 spmin = spirange->sadb_spirange_min;
5544 spmax = spirange->sadb_spirange_max;
5545 } else {
5546 spmin = key_spi_minval;
5547 spmax = key_spi_maxval;
5548 }
5549 /* IPCOMP needs 2-byte SPI */
5550 if (saidx->proto == IPPROTO_IPCOMP) {
5551 u_int32_t t;
5552 if (spmin >= 0x10000)
5553 spmin = 0xffff;
5554 if (spmax >= 0x10000)
5555 spmax = 0xffff;
5556 if (spmin > spmax) {
5557 t = spmin; spmin = spmax; spmax = t;
5558 }
5559 }
5560
5561 if (spmin == spmax) {
5562 if (key_checkspidup(saidx, htonl(spmin))) {
5563 IPSECLOG(LOG_DEBUG, "SPI %u exists already.\n", spmin);
5564 return 0;
5565 }
5566
5567 count--; /* taking one cost. */
5568 newspi = spmin;
5569
5570 } else {
5571
5572 /* init SPI */
5573 newspi = 0;
5574
5575 /* when requesting to allocate spi ranged */
5576 while (count--) {
5577 /* generate pseudo-random SPI value ranged. */
5578 newspi = spmin + (key_random() % (spmax - spmin + 1));
5579
5580 if (!key_checkspidup(saidx, htonl(newspi)))
5581 break;
5582 }
5583
5584 if (count == 0 || newspi == 0) {
5585 IPSECLOG(LOG_DEBUG, "to allocate spi is failed.\n");
5586 return 0;
5587 }
5588 }
5589
5590 /* statistics */
5591 keystat.getspi_count =
5592 (keystat.getspi_count + key_spi_trycnt - count) / 2;
5593
5594 return newspi;
5595 }
5596
5597 static int
key_handle_natt_info(struct secasvar * sav,const struct sadb_msghdr * mhp)5598 key_handle_natt_info(struct secasvar *sav,
5599 const struct sadb_msghdr *mhp)
5600 {
5601 const char *msg = "?" ;
5602 struct sadb_x_nat_t_type *type;
5603 struct sadb_x_nat_t_port *sport, *dport;
5604 struct sadb_address *iaddr, *raddr;
5605 struct sadb_x_nat_t_frag *frag;
5606
5607 if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] == NULL ||
5608 mhp->ext[SADB_X_EXT_NAT_T_SPORT] == NULL ||
5609 mhp->ext[SADB_X_EXT_NAT_T_DPORT] == NULL)
5610 return 0;
5611
5612 if (mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) {
5613 msg = "TYPE";
5614 goto bad;
5615 }
5616
5617 if (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) {
5618 msg = "SPORT";
5619 goto bad;
5620 }
5621
5622 if (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport)) {
5623 msg = "DPORT";
5624 goto bad;
5625 }
5626
5627 if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL) {
5628 IPSECLOG(LOG_DEBUG, "NAT-T OAi present\n");
5629 if (mhp->extlen[SADB_X_EXT_NAT_T_OAI] < sizeof(*iaddr)) {
5630 msg = "OAI";
5631 goto bad;
5632 }
5633 }
5634
5635 if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL) {
5636 IPSECLOG(LOG_DEBUG, "NAT-T OAr present\n");
5637 if (mhp->extlen[SADB_X_EXT_NAT_T_OAR] < sizeof(*raddr)) {
5638 msg = "OAR";
5639 goto bad;
5640 }
5641 }
5642
5643 if (mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) {
5644 if (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag)) {
5645 msg = "FRAG";
5646 goto bad;
5647 }
5648 }
5649
5650 type = mhp->ext[SADB_X_EXT_NAT_T_TYPE];
5651 sport = mhp->ext[SADB_X_EXT_NAT_T_SPORT];
5652 dport = mhp->ext[SADB_X_EXT_NAT_T_DPORT];
5653 iaddr = mhp->ext[SADB_X_EXT_NAT_T_OAI];
5654 raddr = mhp->ext[SADB_X_EXT_NAT_T_OAR];
5655 frag = mhp->ext[SADB_X_EXT_NAT_T_FRAG];
5656
5657 IPSECLOG(LOG_DEBUG, "type %d, sport = %d, dport = %d\n",
5658 type->sadb_x_nat_t_type_type,
5659 ntohs(sport->sadb_x_nat_t_port_port),
5660 ntohs(dport->sadb_x_nat_t_port_port));
5661
5662 sav->natt_type = type->sadb_x_nat_t_type_type;
5663 key_porttosaddr(&sav->sah->saidx.src, sport->sadb_x_nat_t_port_port);
5664 key_porttosaddr(&sav->sah->saidx.dst, dport->sadb_x_nat_t_port_port);
5665 if (frag)
5666 sav->esp_frag = frag->sadb_x_nat_t_frag_fraglen;
5667 else
5668 sav->esp_frag = IP_MAXPACKET;
5669
5670 return 0;
5671 bad:
5672 IPSECLOG(LOG_DEBUG, "invalid message %s\n", msg);
5673 __USE(msg);
5674 return -1;
5675 }
5676
5677 /* Just update the IPSEC_NAT_T ports if present */
5678 static int
key_set_natt_ports(union sockaddr_union * src,union sockaddr_union * dst,const struct sadb_msghdr * mhp)5679 key_set_natt_ports(union sockaddr_union *src, union sockaddr_union *dst,
5680 const struct sadb_msghdr *mhp)
5681 {
5682 if (mhp->ext[SADB_X_EXT_NAT_T_OAI] != NULL)
5683 IPSECLOG(LOG_DEBUG, "NAT-T OAi present\n");
5684 if (mhp->ext[SADB_X_EXT_NAT_T_OAR] != NULL)
5685 IPSECLOG(LOG_DEBUG, "NAT-T OAr present\n");
5686
5687 if ((mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL) &&
5688 (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL) &&
5689 (mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL)) {
5690 struct sadb_x_nat_t_type *type;
5691 struct sadb_x_nat_t_port *sport;
5692 struct sadb_x_nat_t_port *dport;
5693
5694 if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) ||
5695 (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) ||
5696 (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) {
5697 IPSECLOG(LOG_DEBUG, "invalid message\n");
5698 return -1;
5699 }
5700
5701 type = mhp->ext[SADB_X_EXT_NAT_T_TYPE];
5702 sport = mhp->ext[SADB_X_EXT_NAT_T_SPORT];
5703 dport = mhp->ext[SADB_X_EXT_NAT_T_DPORT];
5704
5705 key_porttosaddr(src, sport->sadb_x_nat_t_port_port);
5706 key_porttosaddr(dst, dport->sadb_x_nat_t_port_port);
5707
5708 IPSECLOG(LOG_DEBUG, "type %d, sport = %d, dport = %d\n",
5709 type->sadb_x_nat_t_type_type,
5710 ntohs(sport->sadb_x_nat_t_port_port),
5711 ntohs(dport->sadb_x_nat_t_port_port));
5712 }
5713
5714 return 0;
5715 }
5716
5717
5718 /*
5719 * SADB_UPDATE processing
5720 * receive
5721 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5722 * key(AE), (identity(SD),) (sensitivity)>
5723 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
5724 * and send
5725 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5726 * (identity(SD),) (sensitivity)>
5727 * to the ikmpd.
5728 *
5729 * m will always be freed.
5730 */
5731 static int
key_api_update(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)5732 key_api_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
5733 {
5734 struct sadb_sa *sa0;
5735 const struct sockaddr *src, *dst;
5736 struct secasindex saidx;
5737 struct secashead *sah;
5738 struct secasvar *sav, *newsav, *oldsav;
5739 u_int16_t proto;
5740 u_int8_t mode;
5741 u_int16_t reqid;
5742 int error;
5743
5744 /* map satype to proto */
5745 proto = key_satype2proto(mhp->msg->sadb_msg_satype);
5746 if (proto == 0) {
5747 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n");
5748 return key_senderror(so, m, EINVAL);
5749 }
5750
5751 if (mhp->ext[SADB_EXT_SA] == NULL ||
5752 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5753 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
5754 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
5755 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
5756 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
5757 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
5758 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
5759 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
5760 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
5761 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
5762 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
5763 return key_senderror(so, m, EINVAL);
5764 }
5765 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
5766 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5767 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5768 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
5769 return key_senderror(so, m, EINVAL);
5770 }
5771 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
5772 const struct sadb_x_sa2 *sa2 = mhp->ext[SADB_X_EXT_SA2];
5773 mode = sa2->sadb_x_sa2_mode;
5774 reqid = sa2->sadb_x_sa2_reqid;
5775 } else {
5776 mode = IPSEC_MODE_ANY;
5777 reqid = 0;
5778 }
5779 /* XXX boundary checking for other extensions */
5780
5781 sa0 = mhp->ext[SADB_EXT_SA];
5782 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
5783 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
5784
5785 error = key_setsecasidx(proto, mode, reqid, src, dst, &saidx);
5786 if (error != 0)
5787 return key_senderror(so, m, EINVAL);
5788
5789 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp);
5790 if (error != 0)
5791 return key_senderror(so, m, EINVAL);
5792
5793 /* get a SA header */
5794 sah = key_getsah_ref(&saidx, CMP_REQID);
5795 if (sah == NULL) {
5796 IPSECLOG(LOG_DEBUG, "no SA index found.\n");
5797 return key_senderror(so, m, ENOENT);
5798 }
5799
5800 /* set spidx if there */
5801 /* XXX rewrite */
5802 error = key_setident(sah, m, mhp);
5803 if (error)
5804 goto error_sah;
5805
5806 /* find a SA with sequence number. */
5807 #ifdef IPSEC_DOSEQCHECK
5808 if (mhp->msg->sadb_msg_seq != 0) {
5809 sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq);
5810 if (sav == NULL) {
5811 IPSECLOG(LOG_DEBUG,
5812 "no larval SA with sequence %u exists.\n",
5813 mhp->msg->sadb_msg_seq);
5814 error = ENOENT;
5815 goto error_sah;
5816 }
5817 }
5818 #else
5819 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
5820 if (sav == NULL) {
5821 IPSECLOG(LOG_DEBUG, "no such a SA found (spi:%u)\n",
5822 (u_int32_t)ntohl(sa0->sadb_sa_spi));
5823 error = EINVAL;
5824 goto error_sah;
5825 }
5826 #endif
5827
5828 /* validity check */
5829 if (sav->sah->saidx.proto != proto) {
5830 IPSECLOG(LOG_DEBUG, "protocol mismatched (DB=%u param=%u)\n",
5831 sav->sah->saidx.proto, proto);
5832 error = EINVAL;
5833 goto error;
5834 }
5835 #ifdef IPSEC_DOSEQCHECK
5836 if (sav->spi != sa0->sadb_sa_spi) {
5837 IPSECLOG(LOG_DEBUG, "SPI mismatched (DB:%u param:%u)\n",
5838 (u_int32_t)ntohl(sav->spi),
5839 (u_int32_t)ntohl(sa0->sadb_sa_spi));
5840 error = EINVAL;
5841 goto error;
5842 }
5843 #endif
5844 if (sav->pid != mhp->msg->sadb_msg_pid) {
5845 IPSECLOG(LOG_DEBUG, "pid mismatched (DB:%u param:%u)\n",
5846 sav->pid, mhp->msg->sadb_msg_pid);
5847 error = EINVAL;
5848 goto error;
5849 }
5850
5851 /*
5852 * Allocate a new SA instead of modifying the existing SA directly
5853 * to avoid race conditions.
5854 */
5855 newsav = kmem_zalloc(sizeof(struct secasvar), KM_SLEEP);
5856
5857 /* copy sav values */
5858 newsav->spi = sav->spi;
5859 newsav->seq = sav->seq;
5860 newsav->created = sav->created;
5861 newsav->pid = sav->pid;
5862 newsav->sah = sav->sah;
5863 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
5864 "DP from %s:%u update SA:%p to SA:%p spi=%#x proto=%d\n",
5865 __func__, __LINE__, sav, newsav,
5866 ntohl(newsav->spi), proto);
5867
5868 error = key_setsaval(newsav, m, mhp);
5869 if (error) {
5870 kmem_free(newsav, sizeof(*newsav));
5871 goto error;
5872 }
5873
5874 error = key_handle_natt_info(newsav, mhp);
5875 if (error != 0) {
5876 key_delsav(newsav);
5877 goto error;
5878 }
5879
5880 error = key_init_xform(newsav);
5881 if (error != 0) {
5882 key_delsav(newsav);
5883 goto error;
5884 }
5885
5886 /* Add to sah#savlist */
5887 key_init_sav(newsav);
5888 newsav->state = SADB_SASTATE_MATURE;
5889 mutex_enter(&key_sad.lock);
5890 SAVLIST_WRITER_INSERT_TAIL(sah, SADB_SASTATE_MATURE, newsav);
5891 SAVLUT_WRITER_INSERT_HEAD(newsav);
5892 mutex_exit(&key_sad.lock);
5893 key_validate_savlist(sah, SADB_SASTATE_MATURE);
5894
5895 /*
5896 * We need to lookup and remove the sav atomically, so get it again
5897 * here by a special API while we have a reference to it.
5898 */
5899 oldsav = key_lookup_and_remove_sav(sah, sa0->sadb_sa_spi, sav);
5900 KASSERT(oldsav == NULL || oldsav == sav);
5901 /* We can release the reference because of oldsav */
5902 KEY_SA_UNREF(&sav);
5903 if (oldsav == NULL) {
5904 /* Someone has already removed the sav. Nothing to do. */
5905 } else {
5906 key_wait_sav(oldsav);
5907 key_destroy_sav(oldsav);
5908 oldsav = NULL;
5909 }
5910 sav = NULL;
5911
5912 key_sah_unref(sah);
5913 sah = NULL;
5914
5915 {
5916 struct mbuf *n;
5917
5918 /* set msg buf from mhp */
5919 n = key_getmsgbuf_x1(m, mhp);
5920 if (n == NULL) {
5921 IPSECLOG(LOG_DEBUG, "No more memory.\n");
5922 return key_senderror(so, m, ENOBUFS);
5923 }
5924
5925 m_freem(m);
5926 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5927 }
5928 error:
5929 KEY_SA_UNREF(&sav);
5930 error_sah:
5931 key_sah_unref(sah);
5932 return key_senderror(so, m, error);
5933 }
5934
5935 /*
5936 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
5937 * only called by key_api_update().
5938 * OUT:
5939 * NULL : not found
5940 * others : found, pointer to a SA.
5941 */
5942 #ifdef IPSEC_DOSEQCHECK
5943 static struct secasvar *
key_getsavbyseq(struct secashead * sah,u_int32_t seq)5944 key_getsavbyseq(struct secashead *sah, u_int32_t seq)
5945 {
5946 struct secasvar *sav;
5947 u_int state;
5948 int s;
5949
5950 state = SADB_SASTATE_LARVAL;
5951
5952 /* search SAD with sequence number ? */
5953 s = pserialize_read_enter();
5954 SAVLIST_READER_FOREACH(sav, sah, state) {
5955 KEY_CHKSASTATE(state, sav->state);
5956
5957 if (sav->seq == seq) {
5958 SA_ADDREF(sav);
5959 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
5960 "DP cause refcnt++:%d SA:%p\n",
5961 key_sa_refcnt(sav), sav);
5962 break;
5963 }
5964 }
5965 pserialize_read_exit(s);
5966
5967 return sav;
5968 }
5969 #endif
5970
5971 /*
5972 * SADB_ADD processing
5973 * add an entry to SA database, when received
5974 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5975 * key(AE), (identity(SD),) (sensitivity)>
5976 * from the ikmpd,
5977 * and send
5978 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5979 * (identity(SD),) (sensitivity)>
5980 * to the ikmpd.
5981 *
5982 * IGNORE identity and sensitivity messages.
5983 *
5984 * m will always be freed.
5985 */
5986 static int
key_api_add(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)5987 key_api_add(struct socket *so, struct mbuf *m,
5988 const struct sadb_msghdr *mhp)
5989 {
5990 struct sadb_sa *sa0;
5991 const struct sockaddr *src, *dst;
5992 struct secasindex saidx;
5993 struct secashead *sah;
5994 struct secasvar *newsav;
5995 u_int16_t proto;
5996 u_int8_t mode;
5997 u_int16_t reqid;
5998 int error;
5999
6000 /* map satype to proto */
6001 proto = key_satype2proto(mhp->msg->sadb_msg_satype);
6002 if (proto == 0) {
6003 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n");
6004 return key_senderror(so, m, EINVAL);
6005 }
6006
6007 if (mhp->ext[SADB_EXT_SA] == NULL ||
6008 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
6009 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
6010 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
6011 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
6012 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
6013 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
6014 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
6015 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
6016 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
6017 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
6018 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
6019 return key_senderror(so, m, EINVAL);
6020 }
6021 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
6022 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
6023 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
6024 /* XXX need more */
6025 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
6026 return key_senderror(so, m, EINVAL);
6027 }
6028 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
6029 const struct sadb_x_sa2 *sa2 = mhp->ext[SADB_X_EXT_SA2];
6030 mode = sa2->sadb_x_sa2_mode;
6031 reqid = sa2->sadb_x_sa2_reqid;
6032 } else {
6033 mode = IPSEC_MODE_ANY;
6034 reqid = 0;
6035 }
6036
6037 sa0 = mhp->ext[SADB_EXT_SA];
6038 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
6039 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
6040
6041 error = key_setsecasidx(proto, mode, reqid, src, dst, &saidx);
6042 if (error != 0)
6043 return key_senderror(so, m, EINVAL);
6044
6045 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp);
6046 if (error != 0)
6047 return key_senderror(so, m, EINVAL);
6048
6049 /* get a SA header */
6050 sah = key_getsah_ref(&saidx, CMP_REQID);
6051 if (sah == NULL) {
6052 /* create a new SA header */
6053 sah = key_newsah(&saidx);
6054 if (sah == NULL) {
6055 IPSECLOG(LOG_DEBUG, "No more memory.\n");
6056 return key_senderror(so, m, ENOBUFS);
6057 }
6058 }
6059
6060 /* set spidx if there */
6061 /* XXX rewrite */
6062 error = key_setident(sah, m, mhp);
6063 if (error)
6064 goto error;
6065
6066 {
6067 struct secasvar *sav;
6068
6069 /* We can create new SA only if SPI is differenct. */
6070 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
6071 if (sav != NULL) {
6072 KEY_SA_UNREF(&sav);
6073 IPSECLOG(LOG_DEBUG, "SA already exists.\n");
6074 error = EEXIST;
6075 goto error;
6076 }
6077 }
6078
6079 /* create new SA entry. */
6080 newsav = KEY_NEWSAV(m, mhp, &error, proto);
6081 if (newsav == NULL)
6082 goto error;
6083 newsav->sah = sah;
6084
6085 error = key_handle_natt_info(newsav, mhp);
6086 if (error != 0) {
6087 key_delsav(newsav);
6088 error = EINVAL;
6089 goto error;
6090 }
6091
6092 error = key_init_xform(newsav);
6093 if (error != 0) {
6094 key_delsav(newsav);
6095 goto error;
6096 }
6097
6098 /* Add to sah#savlist */
6099 key_init_sav(newsav);
6100 newsav->state = SADB_SASTATE_MATURE;
6101 mutex_enter(&key_sad.lock);
6102 SAVLIST_WRITER_INSERT_TAIL(sah, SADB_SASTATE_MATURE, newsav);
6103 SAVLUT_WRITER_INSERT_HEAD(newsav);
6104 mutex_exit(&key_sad.lock);
6105 key_validate_savlist(sah, SADB_SASTATE_MATURE);
6106
6107 key_sah_unref(sah);
6108 sah = NULL;
6109
6110 /*
6111 * don't call key_freesav() here, as we would like to keep the SA
6112 * in the database on success.
6113 */
6114
6115 {
6116 struct mbuf *n;
6117
6118 /* set msg buf from mhp */
6119 n = key_getmsgbuf_x1(m, mhp);
6120 if (n == NULL) {
6121 IPSECLOG(LOG_DEBUG, "No more memory.\n");
6122 return key_senderror(so, m, ENOBUFS);
6123 }
6124
6125 m_freem(m);
6126 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
6127 }
6128 error:
6129 key_sah_unref(sah);
6130 return key_senderror(so, m, error);
6131 }
6132
6133 /* m is retained */
6134 static int
key_setident(struct secashead * sah,struct mbuf * m,const struct sadb_msghdr * mhp)6135 key_setident(struct secashead *sah, struct mbuf *m,
6136 const struct sadb_msghdr *mhp)
6137 {
6138 const struct sadb_ident *idsrc, *iddst;
6139 int idsrclen, iddstlen;
6140
6141 KASSERT(!cpu_softintr_p());
6142 KASSERT(sah != NULL);
6143 KASSERT(m != NULL);
6144 KASSERT(mhp != NULL);
6145 KASSERT(mhp->msg != NULL);
6146
6147 /*
6148 * Can be called with an existing sah from key_api_update().
6149 */
6150 if (sah->idents != NULL) {
6151 kmem_free(sah->idents, sah->idents_len);
6152 sah->idents = NULL;
6153 sah->idents_len = 0;
6154 }
6155 if (sah->identd != NULL) {
6156 kmem_free(sah->identd, sah->identd_len);
6157 sah->identd = NULL;
6158 sah->identd_len = 0;
6159 }
6160
6161 /* don't make buffer if not there */
6162 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
6163 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
6164 sah->idents = NULL;
6165 sah->identd = NULL;
6166 return 0;
6167 }
6168
6169 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
6170 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
6171 IPSECLOG(LOG_DEBUG, "invalid identity.\n");
6172 return EINVAL;
6173 }
6174
6175 idsrc = mhp->ext[SADB_EXT_IDENTITY_SRC];
6176 iddst = mhp->ext[SADB_EXT_IDENTITY_DST];
6177 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
6178 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
6179
6180 /* validity check */
6181 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
6182 IPSECLOG(LOG_DEBUG, "ident type mismatched src %u, dst %u.\n",
6183 idsrc->sadb_ident_type, iddst->sadb_ident_type);
6184 /*
6185 * Some VPN appliances(e.g. NetScreen) can send different
6186 * identifier types on IDii and IDir, so be able to allow
6187 * such message.
6188 */
6189 if (!ipsec_allow_different_idtype) {
6190 return EINVAL;
6191 }
6192 }
6193
6194 switch (idsrc->sadb_ident_type) {
6195 case SADB_IDENTTYPE_PREFIX:
6196 case SADB_IDENTTYPE_FQDN:
6197 case SADB_IDENTTYPE_USERFQDN:
6198 default:
6199 /* XXX do nothing */
6200 sah->idents = NULL;
6201 sah->identd = NULL;
6202 return 0;
6203 }
6204
6205 /* make structure */
6206 sah->idents = kmem_alloc(idsrclen, KM_SLEEP);
6207 sah->idents_len = idsrclen;
6208 sah->identd = kmem_alloc(iddstlen, KM_SLEEP);
6209 sah->identd_len = iddstlen;
6210 memcpy(sah->idents, idsrc, idsrclen);
6211 memcpy(sah->identd, iddst, iddstlen);
6212
6213 return 0;
6214 }
6215
6216 /*
6217 * m will not be freed on return. It never return NULL.
6218 * it is caller's responsibility to free the result.
6219 */
6220 static struct mbuf *
key_getmsgbuf_x1(struct mbuf * m,const struct sadb_msghdr * mhp)6221 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp)
6222 {
6223 struct mbuf *n;
6224
6225 KASSERT(m != NULL);
6226 KASSERT(mhp != NULL);
6227 KASSERT(mhp->msg != NULL);
6228
6229 /* create new sadb_msg to reply. */
6230 n = key_gather_mbuf(m, mhp, 1, 15, SADB_EXT_RESERVED,
6231 SADB_EXT_SA, SADB_X_EXT_SA2,
6232 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
6233 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
6234 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST,
6235 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT,
6236 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI,
6237 SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NAT_T_FRAG);
6238
6239 KASSERT(n->m_len >= sizeof(struct sadb_msg));
6240
6241 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
6242 mtod(n, struct sadb_msg *)->sadb_msg_len =
6243 PFKEY_UNIT64(n->m_pkthdr.len);
6244
6245 return n;
6246 }
6247
6248 static int key_delete_all (struct socket *, struct mbuf *,
6249 const struct sadb_msghdr *, u_int16_t);
6250
6251 /*
6252 * SADB_DELETE processing
6253 * receive
6254 * <base, SA(*), address(SD)>
6255 * from the ikmpd, and set SADB_SASTATE_DEAD,
6256 * and send,
6257 * <base, SA(*), address(SD)>
6258 * to the ikmpd.
6259 *
6260 * m will always be freed.
6261 */
6262 static int
key_api_delete(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)6263 key_api_delete(struct socket *so, struct mbuf *m,
6264 const struct sadb_msghdr *mhp)
6265 {
6266 struct sadb_sa *sa0;
6267 const struct sockaddr *src, *dst;
6268 struct secasindex saidx;
6269 struct secashead *sah;
6270 struct secasvar *sav = NULL;
6271 u_int16_t proto;
6272 int error;
6273
6274 /* map satype to proto */
6275 proto = key_satype2proto(mhp->msg->sadb_msg_satype);
6276 if (proto == 0) {
6277 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n");
6278 return key_senderror(so, m, EINVAL);
6279 }
6280
6281 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
6282 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
6283 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
6284 return key_senderror(so, m, EINVAL);
6285 }
6286
6287 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
6288 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
6289 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
6290 return key_senderror(so, m, EINVAL);
6291 }
6292
6293 if (mhp->ext[SADB_EXT_SA] == NULL) {
6294 /*
6295 * Caller wants us to delete all non-LARVAL SAs
6296 * that match the src/dst. This is used during
6297 * IKE INITIAL-CONTACT.
6298 */
6299 IPSECLOG(LOG_DEBUG, "doing delete all.\n");
6300 return key_delete_all(so, m, mhp, proto);
6301 } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
6302 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
6303 return key_senderror(so, m, EINVAL);
6304 }
6305
6306 sa0 = mhp->ext[SADB_EXT_SA];
6307 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
6308 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
6309
6310 error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src, dst, &saidx);
6311 if (error != 0)
6312 return key_senderror(so, m, EINVAL);
6313
6314 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp);
6315 if (error != 0)
6316 return key_senderror(so, m, EINVAL);
6317
6318 /* get a SA header */
6319 sah = key_getsah_ref(&saidx, CMP_HEAD);
6320 if (sah != NULL) {
6321 /* get a SA with SPI. */
6322 sav = key_lookup_and_remove_sav(sah, sa0->sadb_sa_spi, NULL);
6323 key_sah_unref(sah);
6324 }
6325
6326 if (sav == NULL) {
6327 IPSECLOG(LOG_DEBUG, "no SA found.\n");
6328 return key_senderror(so, m, ENOENT);
6329 }
6330
6331 key_wait_sav(sav);
6332 key_destroy_sav(sav);
6333 sav = NULL;
6334
6335 {
6336 struct mbuf *n;
6337
6338 /* create new sadb_msg to reply. */
6339 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
6340 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
6341
6342 key_fill_replymsg(n, 0);
6343 m_freem(m);
6344 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
6345 }
6346 }
6347
6348 /*
6349 * delete all SAs for src/dst. Called from key_api_delete().
6350 */
6351 static int
key_delete_all(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp,u_int16_t proto)6352 key_delete_all(struct socket *so, struct mbuf *m,
6353 const struct sadb_msghdr *mhp, u_int16_t proto)
6354 {
6355 const struct sockaddr *src, *dst;
6356 struct secasindex saidx;
6357 struct secashead *sah;
6358 struct secasvar *sav;
6359 u_int state;
6360 int error;
6361
6362 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
6363 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
6364
6365 error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src, dst, &saidx);
6366 if (error != 0)
6367 return key_senderror(so, m, EINVAL);
6368
6369 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp);
6370 if (error != 0)
6371 return key_senderror(so, m, EINVAL);
6372
6373 sah = key_getsah_ref(&saidx, CMP_HEAD);
6374 if (sah != NULL) {
6375 /* Delete all non-LARVAL SAs. */
6376 SASTATE_ALIVE_FOREACH(state) {
6377 if (state == SADB_SASTATE_LARVAL)
6378 continue;
6379 restart:
6380 mutex_enter(&key_sad.lock);
6381 SAVLIST_WRITER_FOREACH(sav, sah, state) {
6382 sav->state = SADB_SASTATE_DEAD;
6383 key_unlink_sav(sav);
6384 mutex_exit(&key_sad.lock);
6385 key_destroy_sav(sav);
6386 goto restart;
6387 }
6388 mutex_exit(&key_sad.lock);
6389 }
6390 key_sah_unref(sah);
6391 }
6392 {
6393 struct mbuf *n;
6394
6395 /* create new sadb_msg to reply. */
6396 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED,
6397 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
6398
6399 key_fill_replymsg(n, 0);
6400 m_freem(m);
6401 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
6402 }
6403 }
6404
6405 /*
6406 * SADB_GET processing
6407 * receive
6408 * <base, SA(*), address(SD)>
6409 * from the ikmpd, and get a SP and a SA to respond,
6410 * and send,
6411 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
6412 * (identity(SD),) (sensitivity)>
6413 * to the ikmpd.
6414 *
6415 * m will always be freed.
6416 */
6417 static int
key_api_get(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)6418 key_api_get(struct socket *so, struct mbuf *m,
6419 const struct sadb_msghdr *mhp)
6420 {
6421 struct sadb_sa *sa0;
6422 const struct sockaddr *src, *dst;
6423 struct secasindex saidx;
6424 struct secasvar *sav = NULL;
6425 u_int16_t proto;
6426 int error;
6427
6428 /* map satype to proto */
6429 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6430 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n");
6431 return key_senderror(so, m, EINVAL);
6432 }
6433
6434 if (mhp->ext[SADB_EXT_SA] == NULL ||
6435 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
6436 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
6437 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
6438 return key_senderror(so, m, EINVAL);
6439 }
6440 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
6441 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
6442 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
6443 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
6444 return key_senderror(so, m, EINVAL);
6445 }
6446
6447 sa0 = mhp->ext[SADB_EXT_SA];
6448 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
6449 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
6450
6451 error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src, dst, &saidx);
6452 if (error != 0)
6453 return key_senderror(so, m, EINVAL);
6454
6455 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp);
6456 if (error != 0)
6457 return key_senderror(so, m, EINVAL);
6458
6459 /* get a SA header */
6460 {
6461 struct secashead *sah;
6462 int s = pserialize_read_enter();
6463
6464 sah = key_getsah(&saidx, CMP_HEAD);
6465 if (sah != NULL) {
6466 /* get a SA with SPI. */
6467 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
6468 }
6469 pserialize_read_exit(s);
6470 }
6471 if (sav == NULL) {
6472 IPSECLOG(LOG_DEBUG, "no SA found.\n");
6473 return key_senderror(so, m, ENOENT);
6474 }
6475
6476 {
6477 struct mbuf *n;
6478 u_int8_t satype;
6479
6480 /* map proto to satype */
6481 satype = key_proto2satype(sav->sah->saidx.proto);
6482 if (satype == 0) {
6483 KEY_SA_UNREF(&sav);
6484 IPSECLOG(LOG_DEBUG, "there was invalid proto in SAD.\n");
6485 return key_senderror(so, m, EINVAL);
6486 }
6487
6488 /* create new sadb_msg to reply. */
6489 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
6490 mhp->msg->sadb_msg_pid);
6491 KEY_SA_UNREF(&sav);
6492 m_freem(m);
6493 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
6494 }
6495 }
6496
6497 /* XXX make it sysctl-configurable? */
6498 static void
key_getcomb_setlifetime(struct sadb_comb * comb)6499 key_getcomb_setlifetime(struct sadb_comb *comb)
6500 {
6501
6502 comb->sadb_comb_soft_allocations = 1;
6503 comb->sadb_comb_hard_allocations = 1;
6504 comb->sadb_comb_soft_bytes = 0;
6505 comb->sadb_comb_hard_bytes = 0;
6506 comb->sadb_comb_hard_addtime = 86400; /* 1 day */
6507 comb->sadb_comb_soft_addtime = comb->sadb_comb_hard_addtime * 80 / 100;
6508 comb->sadb_comb_hard_usetime = 28800; /* 8 hours */
6509 comb->sadb_comb_soft_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
6510 }
6511
6512 /*
6513 * XXX reorder combinations by preference
6514 * XXX no idea if the user wants ESP authentication or not
6515 */
6516 static struct mbuf *
key_getcomb_esp(int mflag)6517 key_getcomb_esp(int mflag)
6518 {
6519 struct sadb_comb *comb;
6520 const struct enc_xform *algo;
6521 struct mbuf *result = NULL, *m, *n;
6522 int encmin;
6523 int i, off, o;
6524 int totlen;
6525 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6526
6527 m = NULL;
6528 for (i = 1; i <= SADB_EALG_MAX; i++) {
6529 algo = esp_algorithm_lookup(i);
6530 if (algo == NULL)
6531 continue;
6532
6533 /* discard algorithms with key size smaller than system min */
6534 if (_BITS(algo->maxkey) < ipsec_esp_keymin)
6535 continue;
6536 if (_BITS(algo->minkey) < ipsec_esp_keymin)
6537 encmin = ipsec_esp_keymin;
6538 else
6539 encmin = _BITS(algo->minkey);
6540
6541 if (ipsec_esp_auth)
6542 m = key_getcomb_ah(mflag);
6543 else {
6544 KASSERTMSG(l <= MLEN,
6545 "l=%u > MLEN=%lu", l, (u_long) MLEN);
6546 MGET(m, mflag, MT_DATA);
6547 if (m) {
6548 m_align(m, l);
6549 m->m_len = l;
6550 m->m_next = NULL;
6551 memset(mtod(m, void *), 0, m->m_len);
6552 }
6553 }
6554 if (!m)
6555 goto fail;
6556
6557 totlen = 0;
6558 for (n = m; n; n = n->m_next)
6559 totlen += n->m_len;
6560 KASSERTMSG((totlen % l) == 0, "totlen=%u, l=%u", totlen, l);
6561
6562 for (off = 0; off < totlen; off += l) {
6563 n = m_pulldown(m, off, l, &o);
6564 if (!n) {
6565 /* m is already freed */
6566 goto fail;
6567 }
6568 comb = (struct sadb_comb *)(mtod(n, char *) + o);
6569 memset(comb, 0, sizeof(*comb));
6570 key_getcomb_setlifetime(comb);
6571 comb->sadb_comb_encrypt = i;
6572 comb->sadb_comb_encrypt_minbits = encmin;
6573 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey);
6574 }
6575
6576 if (!result)
6577 result = m;
6578 else
6579 m_cat(result, m);
6580 }
6581
6582 return result;
6583
6584 fail:
6585 if (result)
6586 m_freem(result);
6587 return NULL;
6588 }
6589
6590 static void
key_getsizes_ah(const struct auth_hash * ah,int alg,u_int16_t * ksmin,u_int16_t * ksmax)6591 key_getsizes_ah(const struct auth_hash *ah, int alg,
6592 u_int16_t* ksmin, u_int16_t* ksmax)
6593 {
6594 *ksmin = *ksmax = ah->keysize;
6595 if (ah->keysize == 0) {
6596 /*
6597 * Transform takes arbitrary key size but algorithm
6598 * key size is restricted. Enforce this here.
6599 */
6600 switch (alg) {
6601 case SADB_X_AALG_MD5: *ksmin = *ksmax = 16; break;
6602 case SADB_X_AALG_SHA: *ksmin = *ksmax = 20; break;
6603 case SADB_X_AALG_NULL: *ksmin = 0; *ksmax = 256; break;
6604 default:
6605 IPSECLOG(LOG_DEBUG, "unknown AH algorithm %u\n", alg);
6606 break;
6607 }
6608 }
6609 }
6610
6611 /*
6612 * XXX reorder combinations by preference
6613 */
6614 static struct mbuf *
key_getcomb_ah(int mflag)6615 key_getcomb_ah(int mflag)
6616 {
6617 struct sadb_comb *comb;
6618 const struct auth_hash *algo;
6619 struct mbuf *m;
6620 u_int16_t minkeysize, maxkeysize;
6621 int i;
6622 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6623
6624 m = NULL;
6625 for (i = 1; i <= SADB_AALG_MAX; i++) {
6626 #if 1
6627 /* we prefer HMAC algorithms, not old algorithms */
6628 if (i != SADB_AALG_SHA1HMAC &&
6629 i != SADB_AALG_MD5HMAC &&
6630 i != SADB_X_AALG_SHA2_256 &&
6631 i != SADB_X_AALG_SHA2_384 &&
6632 i != SADB_X_AALG_SHA2_512)
6633 continue;
6634 #endif
6635 algo = ah_algorithm_lookup(i);
6636 if (!algo)
6637 continue;
6638 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize);
6639 /* discard algorithms with key size smaller than system min */
6640 if (_BITS(minkeysize) < ipsec_ah_keymin)
6641 continue;
6642
6643 if (!m) {
6644 KASSERTMSG(l <= MLEN,
6645 "l=%u > MLEN=%lu", l, (u_long) MLEN);
6646 MGET(m, mflag, MT_DATA);
6647 if (m) {
6648 m_align(m, l);
6649 m->m_len = l;
6650 m->m_next = NULL;
6651 }
6652 } else
6653 M_PREPEND(m, l, mflag);
6654 if (!m)
6655 return NULL;
6656
6657 if (m->m_len < sizeof(struct sadb_comb)) {
6658 m = m_pullup(m, sizeof(struct sadb_comb));
6659 if (m == NULL)
6660 return NULL;
6661 }
6662
6663 comb = mtod(m, struct sadb_comb *);
6664 memset(comb, 0, sizeof(*comb));
6665 key_getcomb_setlifetime(comb);
6666 comb->sadb_comb_auth = i;
6667 comb->sadb_comb_auth_minbits = _BITS(minkeysize);
6668 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize);
6669 }
6670
6671 return m;
6672 }
6673
6674 /*
6675 * not really an official behavior. discussed in pf_key@inner.net in Sep2000.
6676 * XXX reorder combinations by preference
6677 */
6678 static struct mbuf *
key_getcomb_ipcomp(int mflag)6679 key_getcomb_ipcomp(int mflag)
6680 {
6681 struct sadb_comb *comb;
6682 const struct comp_algo *algo;
6683 struct mbuf *m;
6684 int i;
6685 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6686
6687 m = NULL;
6688 for (i = 1; i <= SADB_X_CALG_MAX; i++) {
6689 algo = ipcomp_algorithm_lookup(i);
6690 if (!algo)
6691 continue;
6692
6693 if (!m) {
6694 KASSERTMSG(l <= MLEN,
6695 "l=%u > MLEN=%lu", l, (u_long) MLEN);
6696 MGET(m, mflag, MT_DATA);
6697 if (m) {
6698 m_align(m, l);
6699 m->m_len = l;
6700 m->m_next = NULL;
6701 }
6702 } else
6703 M_PREPEND(m, l, mflag);
6704 if (!m)
6705 return NULL;
6706
6707 if (m->m_len < sizeof(struct sadb_comb)) {
6708 m = m_pullup(m, sizeof(struct sadb_comb));
6709 if (m == NULL)
6710 return NULL;
6711 }
6712
6713 comb = mtod(m, struct sadb_comb *);
6714 memset(comb, 0, sizeof(*comb));
6715 key_getcomb_setlifetime(comb);
6716 comb->sadb_comb_encrypt = i;
6717 /* what should we set into sadb_comb_*_{min,max}bits? */
6718 }
6719
6720 return m;
6721 }
6722
6723 /*
6724 * XXX no way to pass mode (transport/tunnel) to userland
6725 * XXX replay checking?
6726 * XXX sysctl interface to ipsec_{ah,esp}_keymin
6727 */
6728 static struct mbuf *
key_getprop(const struct secasindex * saidx,int mflag)6729 key_getprop(const struct secasindex *saidx, int mflag)
6730 {
6731 struct sadb_prop *prop;
6732 struct mbuf *m, *n;
6733 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
6734 int totlen;
6735
6736 switch (saidx->proto) {
6737 case IPPROTO_ESP:
6738 m = key_getcomb_esp(mflag);
6739 break;
6740 case IPPROTO_AH:
6741 m = key_getcomb_ah(mflag);
6742 break;
6743 case IPPROTO_IPCOMP:
6744 m = key_getcomb_ipcomp(mflag);
6745 break;
6746 default:
6747 return NULL;
6748 }
6749
6750 if (!m)
6751 return NULL;
6752 M_PREPEND(m, l, mflag);
6753 if (!m)
6754 return NULL;
6755
6756 totlen = 0;
6757 for (n = m; n; n = n->m_next)
6758 totlen += n->m_len;
6759
6760 prop = mtod(m, struct sadb_prop *);
6761 memset(prop, 0, sizeof(*prop));
6762 prop->sadb_prop_len = PFKEY_UNIT64(totlen);
6763 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
6764 prop->sadb_prop_replay = 32; /* XXX */
6765
6766 return m;
6767 }
6768
6769 /*
6770 * SADB_ACQUIRE processing called by key_checkrequest() and key_api_acquire().
6771 * send
6772 * <base, SA, address(SD), (address(P)), x_policy,
6773 * (identity(SD),) (sensitivity,) proposal>
6774 * to KMD, and expect to receive
6775 * <base> with SADB_ACQUIRE if error occurred,
6776 * or
6777 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
6778 * from KMD by PF_KEY.
6779 *
6780 * XXX x_policy is outside of RFC2367 (KAME extension).
6781 * XXX sensitivity is not supported.
6782 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
6783 * see comment for key_getcomb_ipcomp().
6784 *
6785 * OUT:
6786 * 0 : succeed
6787 * others: error number
6788 */
6789 static int
key_acquire(const struct secasindex * saidx,const struct secpolicy * sp,int mflag)6790 key_acquire(const struct secasindex *saidx, const struct secpolicy *sp, int mflag)
6791 {
6792 struct mbuf *result = NULL, *m;
6793 #ifndef IPSEC_NONBLOCK_ACQUIRE
6794 struct secacq *newacq;
6795 #endif
6796 u_int8_t satype;
6797 int error = -1;
6798 u_int32_t seq;
6799
6800 /* sanity check */
6801 KASSERT(saidx != NULL);
6802 satype = key_proto2satype(saidx->proto);
6803 KASSERTMSG(satype != 0, "null satype, protocol %u", saidx->proto);
6804
6805 #ifndef IPSEC_NONBLOCK_ACQUIRE
6806 /*
6807 * We never do anything about acquiring SA. There is another
6808 * solution that kernel blocks to send SADB_ACQUIRE message until
6809 * getting something message from IKEd. In later case, to be
6810 * managed with ACQUIRING list.
6811 */
6812 /* Get an entry to check whether sending message or not. */
6813 mutex_enter(&key_misc.lock);
6814 newacq = key_getacq(saidx);
6815 if (newacq != NULL) {
6816 if (key_blockacq_count < newacq->count) {
6817 /* reset counter and do send message. */
6818 newacq->count = 0;
6819 } else {
6820 /* increment counter and do nothing. */
6821 newacq->count++;
6822 mutex_exit(&key_misc.lock);
6823 return 0;
6824 }
6825 } else {
6826 /* make new entry for blocking to send SADB_ACQUIRE. */
6827 newacq = key_newacq(saidx);
6828 if (newacq == NULL) {
6829 mutex_exit(&key_misc.lock);
6830 return ENOBUFS;
6831 }
6832
6833 /* add to key_misc.acqlist */
6834 LIST_INSERT_HEAD(&key_misc.acqlist, newacq, chain);
6835 }
6836
6837 seq = newacq->seq;
6838 mutex_exit(&key_misc.lock);
6839 #else
6840 seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
6841 #endif
6842 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0, mflag);
6843 if (!m) {
6844 error = ENOBUFS;
6845 goto fail;
6846 }
6847 result = m;
6848
6849 /* set sadb_address for saidx's. */
6850 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &saidx->src.sa, FULLMASK,
6851 IPSEC_ULPROTO_ANY, mflag);
6852 if (!m) {
6853 error = ENOBUFS;
6854 goto fail;
6855 }
6856 m_cat(result, m);
6857
6858 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &saidx->dst.sa, FULLMASK,
6859 IPSEC_ULPROTO_ANY, mflag);
6860 if (!m) {
6861 error = ENOBUFS;
6862 goto fail;
6863 }
6864 m_cat(result, m);
6865
6866 /* XXX proxy address (optional) */
6867
6868 /* set sadb_x_policy */
6869 if (sp) {
6870 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id,
6871 mflag);
6872 if (!m) {
6873 error = ENOBUFS;
6874 goto fail;
6875 }
6876 m_cat(result, m);
6877 }
6878
6879 /* XXX identity (optional) */
6880 #if 0
6881 if (idexttype && fqdn) {
6882 /* create identity extension (FQDN) */
6883 struct sadb_ident *id;
6884 int fqdnlen;
6885
6886 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */
6887 id = (struct sadb_ident *)p;
6888 memset(id, 0, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
6889 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
6890 id->sadb_ident_exttype = idexttype;
6891 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
6892 memcpy(id + 1, fqdn, fqdnlen);
6893 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
6894 }
6895
6896 if (idexttype) {
6897 /* create identity extension (USERFQDN) */
6898 struct sadb_ident *id;
6899 int userfqdnlen;
6900
6901 if (userfqdn) {
6902 /* +1 for terminating-NUL */
6903 userfqdnlen = strlen(userfqdn) + 1;
6904 } else
6905 userfqdnlen = 0;
6906 id = (struct sadb_ident *)p;
6907 memset(id, 0, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
6908 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
6909 id->sadb_ident_exttype = idexttype;
6910 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
6911 /* XXX is it correct? */
6912 if (curlwp)
6913 id->sadb_ident_id = kauth_cred_getuid(curlwp->l_cred);
6914 if (userfqdn && userfqdnlen)
6915 memcpy(id + 1, userfqdn, userfqdnlen);
6916 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
6917 }
6918 #endif
6919
6920 /* XXX sensitivity (optional) */
6921
6922 /* create proposal/combination extension */
6923 m = key_getprop(saidx, mflag);
6924 #if 0
6925 /*
6926 * spec conformant: always attach proposal/combination extension,
6927 * the problem is that we have no way to attach it for ipcomp,
6928 * due to the way sadb_comb is declared in RFC2367.
6929 */
6930 if (!m) {
6931 error = ENOBUFS;
6932 goto fail;
6933 }
6934 m_cat(result, m);
6935 #else
6936 /*
6937 * outside of spec; make proposal/combination extension optional.
6938 */
6939 if (m)
6940 m_cat(result, m);
6941 #endif
6942
6943 KASSERT(result->m_flags & M_PKTHDR);
6944 KASSERT(result->m_len >= sizeof(struct sadb_msg));
6945
6946 result->m_pkthdr.len = 0;
6947 for (m = result; m; m = m->m_next)
6948 result->m_pkthdr.len += m->m_len;
6949
6950 mtod(result, struct sadb_msg *)->sadb_msg_len =
6951 PFKEY_UNIT64(result->m_pkthdr.len);
6952
6953 /*
6954 * Called from key_api_acquire that must come from userland, so
6955 * we can call key_sendup_mbuf immediately.
6956 */
6957 if (mflag == M_WAITOK)
6958 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
6959 /*
6960 * XXX we cannot call key_sendup_mbuf directly here because
6961 * it can cause a deadlock:
6962 * - We have a reference to an SP (and an SA) here
6963 * - key_sendup_mbuf will try to take key_so_mtx
6964 * - Some other thread may try to localcount_drain to the SP with
6965 * holding key_so_mtx in say key_api_spdflush
6966 * - In this case localcount_drain never return because key_sendup_mbuf
6967 * that has stuck on key_so_mtx never release a reference to the SP
6968 *
6969 * So defer key_sendup_mbuf to the timer.
6970 */
6971 return key_acquire_sendup_mbuf_later(result);
6972
6973 fail:
6974 if (result)
6975 m_freem(result);
6976 return error;
6977 }
6978
6979 static struct mbuf *key_acquire_mbuf_head = NULL;
6980 static unsigned key_acquire_mbuf_count = 0;
6981 #define KEY_ACQUIRE_MBUF_MAX 10
6982
6983 static void
key_acquire_sendup_pending_mbuf(void)6984 key_acquire_sendup_pending_mbuf(void)
6985 {
6986 struct mbuf *m, *prev;
6987 int error;
6988
6989 again:
6990 prev = NULL;
6991 mutex_enter(&key_misc.lock);
6992 m = key_acquire_mbuf_head;
6993 /* Get an earliest mbuf (one at the tail of the list) */
6994 while (m != NULL) {
6995 if (m->m_nextpkt == NULL) {
6996 if (prev != NULL)
6997 prev->m_nextpkt = NULL;
6998 if (m == key_acquire_mbuf_head)
6999 key_acquire_mbuf_head = NULL;
7000 key_acquire_mbuf_count--;
7001 break;
7002 }
7003 prev = m;
7004 m = m->m_nextpkt;
7005 }
7006 mutex_exit(&key_misc.lock);
7007
7008 if (m == NULL)
7009 return;
7010
7011 m->m_nextpkt = NULL;
7012 error = key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED);
7013 if (error != 0)
7014 IPSECLOG(LOG_WARNING, "key_sendup_mbuf failed (error=%d)\n",
7015 error);
7016
7017 if (prev != NULL)
7018 goto again;
7019 }
7020
7021 static int
key_acquire_sendup_mbuf_later(struct mbuf * m)7022 key_acquire_sendup_mbuf_later(struct mbuf *m)
7023 {
7024
7025 mutex_enter(&key_misc.lock);
7026 /* Avoid queuing too much mbufs */
7027 if (key_acquire_mbuf_count >= KEY_ACQUIRE_MBUF_MAX) {
7028 mutex_exit(&key_misc.lock);
7029 m_freem(m);
7030 return ENOBUFS; /* XXX */
7031 }
7032 /* Enqueue mbuf at the head of the list */
7033 m->m_nextpkt = key_acquire_mbuf_head;
7034 key_acquire_mbuf_head = m;
7035 key_acquire_mbuf_count++;
7036 mutex_exit(&key_misc.lock);
7037
7038 /* Kick the timer */
7039 key_timehandler(NULL);
7040
7041 return 0;
7042 }
7043
7044 #ifndef IPSEC_NONBLOCK_ACQUIRE
7045 static struct secacq *
key_newacq(const struct secasindex * saidx)7046 key_newacq(const struct secasindex *saidx)
7047 {
7048 struct secacq *newacq;
7049
7050 /* get new entry */
7051 newacq = kmem_intr_zalloc(sizeof(struct secacq), KM_NOSLEEP);
7052 if (newacq == NULL) {
7053 IPSECLOG(LOG_DEBUG, "No more memory.\n");
7054 return NULL;
7055 }
7056
7057 /* copy secindex */
7058 memcpy(&newacq->saidx, saidx, sizeof(newacq->saidx));
7059 newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq);
7060 newacq->created = time_uptime;
7061 newacq->count = 0;
7062
7063 return newacq;
7064 }
7065
7066 static struct secacq *
key_getacq(const struct secasindex * saidx)7067 key_getacq(const struct secasindex *saidx)
7068 {
7069 struct secacq *acq;
7070
7071 KASSERT(mutex_owned(&key_misc.lock));
7072
7073 LIST_FOREACH(acq, &key_misc.acqlist, chain) {
7074 if (key_saidx_match(saidx, &acq->saidx, CMP_EXACTLY))
7075 return acq;
7076 }
7077
7078 return NULL;
7079 }
7080
7081 static struct secacq *
key_getacqbyseq(u_int32_t seq)7082 key_getacqbyseq(u_int32_t seq)
7083 {
7084 struct secacq *acq;
7085
7086 KASSERT(mutex_owned(&key_misc.lock));
7087
7088 LIST_FOREACH(acq, &key_misc.acqlist, chain) {
7089 if (acq->seq == seq)
7090 return acq;
7091 }
7092
7093 return NULL;
7094 }
7095 #endif
7096
7097 #ifdef notyet
7098 static struct secspacq *
key_newspacq(const struct secpolicyindex * spidx)7099 key_newspacq(const struct secpolicyindex *spidx)
7100 {
7101 struct secspacq *acq;
7102
7103 /* get new entry */
7104 acq = kmem_intr_zalloc(sizeof(struct secspacq), KM_NOSLEEP);
7105 if (acq == NULL) {
7106 IPSECLOG(LOG_DEBUG, "No more memory.\n");
7107 return NULL;
7108 }
7109
7110 /* copy secindex */
7111 memcpy(&acq->spidx, spidx, sizeof(acq->spidx));
7112 acq->created = time_uptime;
7113 acq->count = 0;
7114
7115 return acq;
7116 }
7117
7118 static struct secspacq *
key_getspacq(const struct secpolicyindex * spidx)7119 key_getspacq(const struct secpolicyindex *spidx)
7120 {
7121 struct secspacq *acq;
7122
7123 LIST_FOREACH(acq, &key_misc.spacqlist, chain) {
7124 if (key_spidx_match_exactly(spidx, &acq->spidx))
7125 return acq;
7126 }
7127
7128 return NULL;
7129 }
7130 #endif /* notyet */
7131
7132 /*
7133 * SADB_ACQUIRE processing,
7134 * in first situation, is receiving
7135 * <base>
7136 * from the ikmpd, and clear sequence of its secasvar entry.
7137 *
7138 * In second situation, is receiving
7139 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
7140 * from a user land process, and return
7141 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
7142 * to the socket.
7143 *
7144 * m will always be freed.
7145 */
7146 static int
key_api_acquire(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)7147 key_api_acquire(struct socket *so, struct mbuf *m,
7148 const struct sadb_msghdr *mhp)
7149 {
7150 const struct sockaddr *src, *dst;
7151 struct secasindex saidx;
7152 u_int16_t proto;
7153 int error;
7154
7155 /*
7156 * Error message from KMd.
7157 * We assume that if error was occurred in IKEd, the length of PFKEY
7158 * message is equal to the size of sadb_msg structure.
7159 * We do not raise error even if error occurred in this function.
7160 */
7161 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
7162 #ifndef IPSEC_NONBLOCK_ACQUIRE
7163 struct secacq *acq;
7164
7165 /* check sequence number */
7166 if (mhp->msg->sadb_msg_seq == 0) {
7167 IPSECLOG(LOG_DEBUG, "must specify sequence number.\n");
7168 m_freem(m);
7169 return 0;
7170 }
7171
7172 mutex_enter(&key_misc.lock);
7173 acq = key_getacqbyseq(mhp->msg->sadb_msg_seq);
7174 if (acq == NULL) {
7175 mutex_exit(&key_misc.lock);
7176 /*
7177 * the specified larval SA is already gone, or we got
7178 * a bogus sequence number. we can silently ignore it.
7179 */
7180 m_freem(m);
7181 return 0;
7182 }
7183
7184 /* reset acq counter in order to deletion by timehander. */
7185 acq->created = time_uptime;
7186 acq->count = 0;
7187 mutex_exit(&key_misc.lock);
7188 #endif
7189 m_freem(m);
7190 return 0;
7191 }
7192
7193 /*
7194 * This message is from user land.
7195 */
7196
7197 /* map satype to proto */
7198 proto = key_satype2proto(mhp->msg->sadb_msg_satype);
7199 if (proto == 0) {
7200 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n");
7201 return key_senderror(so, m, EINVAL);
7202 }
7203
7204 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
7205 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
7206 mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
7207 /* error */
7208 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
7209 return key_senderror(so, m, EINVAL);
7210 }
7211 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
7212 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
7213 mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
7214 /* error */
7215 IPSECLOG(LOG_DEBUG, "invalid message is passed.\n");
7216 return key_senderror(so, m, EINVAL);
7217 }
7218
7219 src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
7220 dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
7221
7222 error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src, dst, &saidx);
7223 if (error != 0)
7224 return key_senderror(so, m, EINVAL);
7225
7226 error = key_set_natt_ports(&saidx.src, &saidx.dst, mhp);
7227 if (error != 0)
7228 return key_senderror(so, m, EINVAL);
7229
7230 /* get a SA index */
7231 {
7232 struct secashead *sah;
7233 int s = pserialize_read_enter();
7234
7235 sah = key_getsah(&saidx, CMP_MODE_REQID);
7236 if (sah != NULL) {
7237 pserialize_read_exit(s);
7238 IPSECLOG(LOG_DEBUG, "a SA exists already.\n");
7239 return key_senderror(so, m, EEXIST);
7240 }
7241 pserialize_read_exit(s);
7242 }
7243
7244 error = key_acquire(&saidx, NULL, M_WAITOK);
7245 if (error != 0) {
7246 IPSECLOG(LOG_DEBUG, "error %d returned from key_acquire.\n",
7247 error);
7248 return key_senderror(so, m, error);
7249 }
7250
7251 return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
7252 }
7253
7254 /*
7255 * SADB_REGISTER processing.
7256 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
7257 * receive
7258 * <base>
7259 * from the ikmpd, and register a socket to send PF_KEY messages,
7260 * and send
7261 * <base, supported>
7262 * to KMD by PF_KEY.
7263 * If socket is detached, must free from regnode.
7264 *
7265 * m will always be freed.
7266 */
7267 static int
key_api_register(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)7268 key_api_register(struct socket *so, struct mbuf *m,
7269 const struct sadb_msghdr *mhp)
7270 {
7271 struct secreg *reg, *newreg = 0;
7272
7273 /* check for invalid register message */
7274 if (mhp->msg->sadb_msg_satype >= __arraycount(key_misc.reglist))
7275 return key_senderror(so, m, EINVAL);
7276
7277 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
7278 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
7279 goto setmsg;
7280
7281 /* Allocate regnode in advance, out of mutex */
7282 newreg = kmem_zalloc(sizeof(*newreg), KM_SLEEP);
7283
7284 /* check whether existing or not */
7285 mutex_enter(&key_misc.lock);
7286 LIST_FOREACH(reg, &key_misc.reglist[mhp->msg->sadb_msg_satype], chain) {
7287 if (reg->so == so) {
7288 IPSECLOG(LOG_DEBUG, "socket exists already.\n");
7289 mutex_exit(&key_misc.lock);
7290 kmem_free(newreg, sizeof(*newreg));
7291 return key_senderror(so, m, EEXIST);
7292 }
7293 }
7294
7295 newreg->so = so;
7296 ((struct keycb *)sotorawcb(so))->kp_registered++;
7297
7298 /* add regnode to key_misc.reglist. */
7299 LIST_INSERT_HEAD(&key_misc.reglist[mhp->msg->sadb_msg_satype], newreg, chain);
7300 mutex_exit(&key_misc.lock);
7301
7302 setmsg:
7303 {
7304 struct mbuf *n;
7305 struct sadb_supported *sup;
7306 u_int len, alen, elen;
7307 int off;
7308 int i;
7309 struct sadb_alg *alg;
7310
7311 /* create new sadb_msg to reply. */
7312 alen = 0;
7313 for (i = 1; i <= SADB_AALG_MAX; i++) {
7314 if (ah_algorithm_lookup(i))
7315 alen += sizeof(struct sadb_alg);
7316 }
7317 if (alen)
7318 alen += sizeof(struct sadb_supported);
7319 elen = 0;
7320 for (i = 1; i <= SADB_EALG_MAX; i++) {
7321 if (esp_algorithm_lookup(i))
7322 elen += sizeof(struct sadb_alg);
7323 }
7324 if (elen)
7325 elen += sizeof(struct sadb_supported);
7326
7327 len = sizeof(struct sadb_msg) + alen + elen;
7328
7329 if (len > MCLBYTES)
7330 return key_senderror(so, m, ENOBUFS);
7331
7332 n = key_alloc_mbuf_simple(len, M_WAITOK);
7333 n->m_pkthdr.len = n->m_len = len;
7334 n->m_next = NULL;
7335 off = 0;
7336
7337 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off);
7338 key_fill_replymsg(n, 0);
7339
7340 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
7341
7342 /* for authentication algorithm */
7343 if (alen) {
7344 sup = (struct sadb_supported *)(mtod(n, char *) + off);
7345 sup->sadb_supported_len = PFKEY_UNIT64(alen);
7346 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
7347 sup->sadb_supported_reserved = 0;
7348 off += PFKEY_ALIGN8(sizeof(*sup));
7349
7350 for (i = 1; i <= SADB_AALG_MAX; i++) {
7351 const struct auth_hash *aalgo;
7352 u_int16_t minkeysize, maxkeysize;
7353
7354 aalgo = ah_algorithm_lookup(i);
7355 if (!aalgo)
7356 continue;
7357 alg = (struct sadb_alg *)(mtod(n, char *) + off);
7358 alg->sadb_alg_id = i;
7359 alg->sadb_alg_ivlen = 0;
7360 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize);
7361 alg->sadb_alg_minbits = _BITS(minkeysize);
7362 alg->sadb_alg_maxbits = _BITS(maxkeysize);
7363 alg->sadb_alg_reserved = 0;
7364 off += PFKEY_ALIGN8(sizeof(*alg));
7365 }
7366 }
7367
7368 /* for encryption algorithm */
7369 if (elen) {
7370 sup = (struct sadb_supported *)(mtod(n, char *) + off);
7371 sup->sadb_supported_len = PFKEY_UNIT64(elen);
7372 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
7373 sup->sadb_supported_reserved = 0;
7374 off += PFKEY_ALIGN8(sizeof(*sup));
7375
7376 for (i = 1; i <= SADB_EALG_MAX; i++) {
7377 const struct enc_xform *ealgo;
7378
7379 ealgo = esp_algorithm_lookup(i);
7380 if (!ealgo)
7381 continue;
7382 alg = (struct sadb_alg *)(mtod(n, char *) + off);
7383 alg->sadb_alg_id = i;
7384 alg->sadb_alg_ivlen = ealgo->blocksize;
7385 alg->sadb_alg_minbits = _BITS(ealgo->minkey);
7386 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey);
7387 alg->sadb_alg_reserved = 0;
7388 off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
7389 }
7390 }
7391
7392 KASSERTMSG(off == len, "length inconsistency");
7393
7394 m_freem(m);
7395 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
7396 }
7397 }
7398
7399 /*
7400 * free secreg entry registered.
7401 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
7402 */
7403 void
key_freereg(struct socket * so)7404 key_freereg(struct socket *so)
7405 {
7406 struct secreg *reg;
7407 int i;
7408
7409 KASSERT(!cpu_softintr_p());
7410 KASSERT(so != NULL);
7411
7412 /*
7413 * check whether existing or not.
7414 * check all type of SA, because there is a potential that
7415 * one socket is registered to multiple type of SA.
7416 */
7417 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
7418 mutex_enter(&key_misc.lock);
7419 LIST_FOREACH(reg, &key_misc.reglist[i], chain) {
7420 if (reg->so == so) {
7421 LIST_REMOVE(reg, chain);
7422 break;
7423 }
7424 }
7425 mutex_exit(&key_misc.lock);
7426 if (reg != NULL)
7427 kmem_free(reg, sizeof(*reg));
7428 }
7429
7430 return;
7431 }
7432
7433 /*
7434 * SADB_EXPIRE processing
7435 * send
7436 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
7437 * to KMD by PF_KEY.
7438 * NOTE: We send only soft lifetime extension.
7439 *
7440 * OUT: 0 : succeed
7441 * others : error number
7442 */
7443 static int
key_expire(struct secasvar * sav)7444 key_expire(struct secasvar *sav)
7445 {
7446 int s;
7447 int satype;
7448 struct mbuf *result = NULL, *m;
7449 int len;
7450 int error = -1;
7451 struct sadb_lifetime *lt;
7452 lifetime_counters_t sum = {0};
7453
7454 /* XXX: Why do we lock ? */
7455 s = splsoftnet(); /*called from softclock()*/
7456
7457 KASSERT(sav != NULL);
7458
7459 satype = key_proto2satype(sav->sah->saidx.proto);
7460 KASSERTMSG(satype != 0, "invalid proto is passed");
7461
7462 /* set msg header */
7463 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, key_sa_refcnt(sav),
7464 M_WAITOK);
7465 result = m;
7466
7467 /* create SA extension */
7468 m = key_setsadbsa(sav);
7469 m_cat(result, m);
7470
7471 /* create SA extension */
7472 m = key_setsadbxsa2(sav->sah->saidx.mode,
7473 sav->replay ? sav->replay->count : 0, sav->sah->saidx.reqid);
7474 m_cat(result, m);
7475
7476 /* create lifetime extension (current and soft) */
7477 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
7478 m = key_alloc_mbuf(len, M_WAITOK);
7479 KASSERT(m->m_next == NULL);
7480
7481 memset(mtod(m, void *), 0, len);
7482 lt = mtod(m, struct sadb_lifetime *);
7483 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
7484 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
7485 percpu_foreach_xcall(sav->lft_c_counters_percpu,
7486 XC_HIGHPRI_IPL(IPL_SOFTNET), key_sum_lifetime_counters, sum);
7487 lt->sadb_lifetime_allocations = sum[LIFETIME_COUNTER_ALLOCATIONS];
7488 lt->sadb_lifetime_bytes = sum[LIFETIME_COUNTER_BYTES];
7489 lt->sadb_lifetime_addtime =
7490 time_mono_to_wall(sav->lft_c->sadb_lifetime_addtime);
7491 lt->sadb_lifetime_usetime =
7492 time_mono_to_wall(sav->lft_c->sadb_lifetime_usetime);
7493 lt = (struct sadb_lifetime *)(mtod(m, char *) + len / 2);
7494 memcpy(lt, sav->lft_s, sizeof(*lt));
7495 m_cat(result, m);
7496
7497 /* set sadb_address for source */
7498 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &sav->sah->saidx.src.sa,
7499 FULLMASK, IPSEC_ULPROTO_ANY, M_WAITOK);
7500 m_cat(result, m);
7501
7502 /* set sadb_address for destination */
7503 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &sav->sah->saidx.dst.sa,
7504 FULLMASK, IPSEC_ULPROTO_ANY, M_WAITOK);
7505 m_cat(result, m);
7506
7507 if ((result->m_flags & M_PKTHDR) == 0) {
7508 error = EINVAL;
7509 goto fail;
7510 }
7511
7512 if (result->m_len < sizeof(struct sadb_msg)) {
7513 result = m_pullup(result, sizeof(struct sadb_msg));
7514 if (result == NULL) {
7515 error = ENOBUFS;
7516 goto fail;
7517 }
7518 }
7519
7520 result->m_pkthdr.len = 0;
7521 for (m = result; m; m = m->m_next)
7522 result->m_pkthdr.len += m->m_len;
7523
7524 mtod(result, struct sadb_msg *)->sadb_msg_len =
7525 PFKEY_UNIT64(result->m_pkthdr.len);
7526
7527 splx(s);
7528 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
7529
7530 fail:
7531 if (result)
7532 m_freem(result);
7533 splx(s);
7534 return error;
7535 }
7536
7537 /*
7538 * SADB_FLUSH processing
7539 * receive
7540 * <base>
7541 * from the ikmpd, and free all entries in secastree.
7542 * and send,
7543 * <base>
7544 * to the ikmpd.
7545 * NOTE: to do is only marking SADB_SASTATE_DEAD.
7546 *
7547 * m will always be freed.
7548 */
7549 static int
key_api_flush(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)7550 key_api_flush(struct socket *so, struct mbuf *m,
7551 const struct sadb_msghdr *mhp)
7552 {
7553 struct sadb_msg *newmsg;
7554 struct secashead *sah;
7555 struct secasvar *sav;
7556 u_int16_t proto;
7557 u_int8_t state;
7558 int s;
7559
7560 /* map satype to proto */
7561 proto = key_satype2proto(mhp->msg->sadb_msg_satype);
7562 if (proto == 0) {
7563 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n");
7564 return key_senderror(so, m, EINVAL);
7565 }
7566
7567 /* no SATYPE specified, i.e. flushing all SA. */
7568 s = pserialize_read_enter();
7569 SAHLIST_READER_FOREACH(sah) {
7570 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
7571 proto != sah->saidx.proto)
7572 continue;
7573
7574 key_sah_ref(sah);
7575 pserialize_read_exit(s);
7576
7577 SASTATE_ALIVE_FOREACH(state) {
7578 restart:
7579 mutex_enter(&key_sad.lock);
7580 SAVLIST_WRITER_FOREACH(sav, sah, state) {
7581 sav->state = SADB_SASTATE_DEAD;
7582 key_unlink_sav(sav);
7583 mutex_exit(&key_sad.lock);
7584 key_destroy_sav(sav);
7585 goto restart;
7586 }
7587 mutex_exit(&key_sad.lock);
7588 }
7589
7590 s = pserialize_read_enter();
7591 sah->state = SADB_SASTATE_DEAD;
7592 key_sah_unref(sah);
7593 }
7594 pserialize_read_exit(s);
7595
7596 if (m->m_len < sizeof(struct sadb_msg) ||
7597 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
7598 IPSECLOG(LOG_DEBUG, "No more memory.\n");
7599 return key_senderror(so, m, ENOBUFS);
7600 }
7601
7602 if (m->m_next)
7603 m_freem(m->m_next);
7604 m->m_next = NULL;
7605 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
7606 newmsg = mtod(m, struct sadb_msg *);
7607 newmsg->sadb_msg_errno = 0;
7608 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
7609
7610 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7611 }
7612
7613
7614 static struct mbuf *
key_setdump_chain(u_int8_t req_satype,int * errorp,int * lenp,pid_t pid)7615 key_setdump_chain(u_int8_t req_satype, int *errorp, int *lenp, pid_t pid)
7616 {
7617 struct secashead *sah;
7618 struct secasvar *sav;
7619 u_int16_t proto;
7620 u_int8_t satype;
7621 u_int8_t state;
7622 int cnt;
7623 struct mbuf *m, *n, *prev;
7624
7625 KASSERT(mutex_owned(&key_sad.lock));
7626
7627 *lenp = 0;
7628
7629 /* map satype to proto */
7630 proto = key_satype2proto(req_satype);
7631 if (proto == 0) {
7632 *errorp = EINVAL;
7633 return (NULL);
7634 }
7635
7636 /* count sav entries to be sent to userland. */
7637 cnt = 0;
7638 SAHLIST_WRITER_FOREACH(sah) {
7639 if (req_satype != SADB_SATYPE_UNSPEC &&
7640 proto != sah->saidx.proto)
7641 continue;
7642
7643 SASTATE_ANY_FOREACH(state) {
7644 SAVLIST_WRITER_FOREACH(sav, sah, state) {
7645 cnt++;
7646 }
7647 }
7648 }
7649
7650 if (cnt == 0) {
7651 *errorp = ENOENT;
7652 return (NULL);
7653 }
7654
7655 /* send this to the userland, one at a time. */
7656 m = NULL;
7657 prev = m;
7658 SAHLIST_WRITER_FOREACH(sah) {
7659 if (req_satype != SADB_SATYPE_UNSPEC &&
7660 proto != sah->saidx.proto)
7661 continue;
7662
7663 /* map proto to satype */
7664 satype = key_proto2satype(sah->saidx.proto);
7665 if (satype == 0) {
7666 m_freem(m);
7667 *errorp = EINVAL;
7668 return (NULL);
7669 }
7670
7671 SASTATE_ANY_FOREACH(state) {
7672 SAVLIST_WRITER_FOREACH(sav, sah, state) {
7673 n = key_setdumpsa(sav, SADB_DUMP, satype,
7674 --cnt, pid);
7675 if (!m)
7676 m = n;
7677 else
7678 prev->m_nextpkt = n;
7679 prev = n;
7680 }
7681 }
7682 }
7683
7684 if (!m) {
7685 *errorp = EINVAL;
7686 return (NULL);
7687 }
7688
7689 if ((m->m_flags & M_PKTHDR) != 0) {
7690 m->m_pkthdr.len = 0;
7691 for (n = m; n; n = n->m_next)
7692 m->m_pkthdr.len += n->m_len;
7693 }
7694
7695 *errorp = 0;
7696 return (m);
7697 }
7698
7699 /*
7700 * SADB_DUMP processing
7701 * dump all entries including status of DEAD in SAD.
7702 * receive
7703 * <base>
7704 * from the ikmpd, and dump all secasvar leaves
7705 * and send,
7706 * <base> .....
7707 * to the ikmpd.
7708 *
7709 * m will always be freed.
7710 */
7711 static int
key_api_dump(struct socket * so,struct mbuf * m0,const struct sadb_msghdr * mhp)7712 key_api_dump(struct socket *so, struct mbuf *m0,
7713 const struct sadb_msghdr *mhp)
7714 {
7715 u_int16_t proto;
7716 u_int8_t satype;
7717 struct mbuf *n;
7718 int error, len, ok;
7719
7720 /* map satype to proto */
7721 satype = mhp->msg->sadb_msg_satype;
7722 proto = key_satype2proto(satype);
7723 if (proto == 0) {
7724 IPSECLOG(LOG_DEBUG, "invalid satype is passed.\n");
7725 return key_senderror(so, m0, EINVAL);
7726 }
7727
7728 /*
7729 * If the requestor has insufficient socket-buffer space
7730 * for the entire chain, nobody gets any response to the DUMP.
7731 * XXX For now, only the requestor ever gets anything.
7732 * Moreover, if the requestor has any space at all, they receive
7733 * the entire chain, otherwise the request is refused with ENOBUFS.
7734 */
7735 if (sbspace(&so->so_rcv) <= 0) {
7736 return key_senderror(so, m0, ENOBUFS);
7737 }
7738
7739 mutex_enter(&key_sad.lock);
7740 n = key_setdump_chain(satype, &error, &len, mhp->msg->sadb_msg_pid);
7741 mutex_exit(&key_sad.lock);
7742
7743 if (n == NULL) {
7744 return key_senderror(so, m0, ENOENT);
7745 }
7746 {
7747 uint64_t *ps = PFKEY_STAT_GETREF();
7748 ps[PFKEY_STAT_IN_TOTAL]++;
7749 ps[PFKEY_STAT_IN_BYTES] += len;
7750 PFKEY_STAT_PUTREF();
7751 }
7752
7753 /*
7754 * PF_KEY DUMP responses are no longer broadcast to all PF_KEY sockets.
7755 * The requestor receives either the entire chain, or an
7756 * error message with ENOBUFS.
7757 *
7758 * sbappendaddrchain() takes the chain of entries, one
7759 * packet-record per SPD entry, prepends the key_src sockaddr
7760 * to each packet-record, links the sockaddr mbufs into a new
7761 * list of records, then appends the entire resulting
7762 * list to the requesting socket.
7763 */
7764 ok = sbappendaddrchain(&so->so_rcv, (struct sockaddr *)&key_src, n,
7765 SB_PRIO_ONESHOT_OVERFLOW);
7766
7767 if (!ok) {
7768 PFKEY_STATINC(PFKEY_STAT_IN_NOMEM);
7769 m_freem(n);
7770 return key_senderror(so, m0, ENOBUFS);
7771 }
7772
7773 m_freem(m0);
7774 return 0;
7775 }
7776
7777 /*
7778 * SADB_X_PROMISC processing
7779 *
7780 * m will always be freed.
7781 */
7782 static int
key_api_promisc(struct socket * so,struct mbuf * m,const struct sadb_msghdr * mhp)7783 key_api_promisc(struct socket *so, struct mbuf *m,
7784 const struct sadb_msghdr *mhp)
7785 {
7786 int olen;
7787
7788 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
7789
7790 if (olen < sizeof(struct sadb_msg)) {
7791 #if 1
7792 return key_senderror(so, m, EINVAL);
7793 #else
7794 m_freem(m);
7795 return 0;
7796 #endif
7797 } else if (olen == sizeof(struct sadb_msg)) {
7798 /* enable/disable promisc mode */
7799 struct keycb *kp = (struct keycb *)sotorawcb(so);
7800 if (kp == NULL)
7801 return key_senderror(so, m, EINVAL);
7802 mhp->msg->sadb_msg_errno = 0;
7803 switch (mhp->msg->sadb_msg_satype) {
7804 case 0:
7805 case 1:
7806 kp->kp_promisc = mhp->msg->sadb_msg_satype;
7807 break;
7808 default:
7809 return key_senderror(so, m, EINVAL);
7810 }
7811
7812 /* send the original message back to everyone */
7813 mhp->msg->sadb_msg_errno = 0;
7814 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7815 } else {
7816 /* send packet as is */
7817
7818 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
7819
7820 /* TODO: if sadb_msg_seq is specified, send to specific pid */
7821 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7822 }
7823 }
7824
7825 static int (*key_api_typesw[]) (struct socket *, struct mbuf *,
7826 const struct sadb_msghdr *) = {
7827 NULL, /* SADB_RESERVED */
7828 key_api_getspi, /* SADB_GETSPI */
7829 key_api_update, /* SADB_UPDATE */
7830 key_api_add, /* SADB_ADD */
7831 key_api_delete, /* SADB_DELETE */
7832 key_api_get, /* SADB_GET */
7833 key_api_acquire, /* SADB_ACQUIRE */
7834 key_api_register, /* SADB_REGISTER */
7835 NULL, /* SADB_EXPIRE */
7836 key_api_flush, /* SADB_FLUSH */
7837 key_api_dump, /* SADB_DUMP */
7838 key_api_promisc, /* SADB_X_PROMISC */
7839 NULL, /* SADB_X_PCHANGE */
7840 key_api_spdadd, /* SADB_X_SPDUPDATE */
7841 key_api_spdadd, /* SADB_X_SPDADD */
7842 key_api_spddelete, /* SADB_X_SPDDELETE */
7843 key_api_spdget, /* SADB_X_SPDGET */
7844 NULL, /* SADB_X_SPDACQUIRE */
7845 key_api_spddump, /* SADB_X_SPDDUMP */
7846 key_api_spdflush, /* SADB_X_SPDFLUSH */
7847 key_api_spdadd, /* SADB_X_SPDSETIDX */
7848 NULL, /* SADB_X_SPDEXPIRE */
7849 key_api_spddelete2, /* SADB_X_SPDDELETE2 */
7850 key_api_nat_map, /* SADB_X_NAT_T_NEW_MAPPING */
7851 };
7852
7853 /*
7854 * parse sadb_msg buffer to process PFKEYv2,
7855 * and create a data to response if needed.
7856 * I think to be dealed with mbuf directly.
7857 * IN:
7858 * msgp : pointer to pointer to a received buffer pulluped.
7859 * This is rewrited to response.
7860 * so : pointer to socket.
7861 * OUT:
7862 * length for buffer to send to user process.
7863 */
7864 int
key_parse(struct mbuf * m,struct socket * so)7865 key_parse(struct mbuf *m, struct socket *so)
7866 {
7867 struct sadb_msg *msg;
7868 struct sadb_msghdr mh;
7869 u_int orglen;
7870 int error;
7871
7872 KASSERT(m != NULL);
7873 KASSERT(so != NULL);
7874
7875 #if 0 /*kdebug_sadb assumes msg in linear buffer*/
7876 if (KEYDEBUG_ON(KEYDEBUG_KEY_DUMP)) {
7877 kdebug_sadb("passed sadb_msg", msg);
7878 }
7879 #endif
7880
7881 if (m->m_len < sizeof(struct sadb_msg)) {
7882 m = m_pullup(m, sizeof(struct sadb_msg));
7883 if (!m)
7884 return ENOBUFS;
7885 }
7886 msg = mtod(m, struct sadb_msg *);
7887 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
7888
7889 if ((m->m_flags & M_PKTHDR) == 0 ||
7890 m->m_pkthdr.len != orglen) {
7891 IPSECLOG(LOG_DEBUG, "invalid message length.\n");
7892 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN);
7893 error = EINVAL;
7894 goto senderror;
7895 }
7896
7897 if (msg->sadb_msg_version != PF_KEY_V2) {
7898 IPSECLOG(LOG_DEBUG, "PF_KEY version %u is mismatched.\n",
7899 msg->sadb_msg_version);
7900 PFKEY_STATINC(PFKEY_STAT_OUT_INVVER);
7901 error = EINVAL;
7902 goto senderror;
7903 }
7904
7905 if (msg->sadb_msg_type > SADB_MAX) {
7906 IPSECLOG(LOG_DEBUG, "invalid type %u is passed.\n",
7907 msg->sadb_msg_type);
7908 PFKEY_STATINC(PFKEY_STAT_OUT_INVMSGTYPE);
7909 error = EINVAL;
7910 goto senderror;
7911 }
7912
7913 /* for old-fashioned code - should be nuked */
7914 if (m->m_pkthdr.len > MCLBYTES) {
7915 m_freem(m);
7916 return ENOBUFS;
7917 }
7918 if (m->m_next) {
7919 struct mbuf *n;
7920
7921 n = key_alloc_mbuf_simple(m->m_pkthdr.len, M_WAITOK);
7922
7923 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, void *));
7924 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
7925 n->m_next = NULL;
7926 m_freem(m);
7927 m = n;
7928 }
7929
7930 /* align the mbuf chain so that extensions are in contiguous region. */
7931 error = key_align(m, &mh);
7932 if (error)
7933 return error;
7934
7935 if (m->m_next) { /*XXX*/
7936 m_freem(m);
7937 return ENOBUFS;
7938 }
7939
7940 msg = mh.msg;
7941
7942 /* check SA type */
7943 switch (msg->sadb_msg_satype) {
7944 case SADB_SATYPE_UNSPEC:
7945 switch (msg->sadb_msg_type) {
7946 case SADB_GETSPI:
7947 case SADB_UPDATE:
7948 case SADB_ADD:
7949 case SADB_DELETE:
7950 case SADB_GET:
7951 case SADB_ACQUIRE:
7952 case SADB_EXPIRE:
7953 IPSECLOG(LOG_DEBUG,
7954 "must specify satype when msg type=%u.\n",
7955 msg->sadb_msg_type);
7956 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7957 error = EINVAL;
7958 goto senderror;
7959 }
7960 break;
7961 case SADB_SATYPE_AH:
7962 case SADB_SATYPE_ESP:
7963 case SADB_X_SATYPE_IPCOMP:
7964 case SADB_X_SATYPE_TCPSIGNATURE:
7965 switch (msg->sadb_msg_type) {
7966 case SADB_X_SPDADD:
7967 case SADB_X_SPDDELETE:
7968 case SADB_X_SPDGET:
7969 case SADB_X_SPDDUMP:
7970 case SADB_X_SPDFLUSH:
7971 case SADB_X_SPDSETIDX:
7972 case SADB_X_SPDUPDATE:
7973 case SADB_X_SPDDELETE2:
7974 IPSECLOG(LOG_DEBUG, "illegal satype=%u\n",
7975 msg->sadb_msg_type);
7976 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7977 error = EINVAL;
7978 goto senderror;
7979 }
7980 break;
7981 case SADB_SATYPE_RSVP:
7982 case SADB_SATYPE_OSPFV2:
7983 case SADB_SATYPE_RIPV2:
7984 case SADB_SATYPE_MIP:
7985 IPSECLOG(LOG_DEBUG, "type %u isn't supported.\n",
7986 msg->sadb_msg_satype);
7987 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7988 error = EOPNOTSUPP;
7989 goto senderror;
7990 case 1: /* XXX: What does it do? */
7991 if (msg->sadb_msg_type == SADB_X_PROMISC)
7992 break;
7993 /*FALLTHROUGH*/
7994 default:
7995 IPSECLOG(LOG_DEBUG, "invalid type %u is passed.\n",
7996 msg->sadb_msg_satype);
7997 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7998 error = EINVAL;
7999 goto senderror;
8000 }
8001
8002 /* check field of upper layer protocol and address family */
8003 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL &&
8004 mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
8005 const struct sadb_address *src0, *dst0;
8006 const struct sockaddr *sa0, *da0;
8007 u_int plen;
8008
8009 src0 = mh.ext[SADB_EXT_ADDRESS_SRC];
8010 dst0 = mh.ext[SADB_EXT_ADDRESS_DST];
8011 sa0 = key_msghdr_get_sockaddr(&mh, SADB_EXT_ADDRESS_SRC);
8012 da0 = key_msghdr_get_sockaddr(&mh, SADB_EXT_ADDRESS_DST);
8013
8014 /* check upper layer protocol */
8015 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
8016 IPSECLOG(LOG_DEBUG,
8017 "upper layer protocol mismatched src %u, dst %u.\n",
8018 src0->sadb_address_proto, dst0->sadb_address_proto);
8019
8020 goto invaddr;
8021 }
8022
8023 /* check family */
8024 if (sa0->sa_family != da0->sa_family) {
8025 IPSECLOG(LOG_DEBUG,
8026 "address family mismatched src %u, dst %u.\n",
8027 sa0->sa_family, da0->sa_family);
8028 goto invaddr;
8029 }
8030 if (sa0->sa_len != da0->sa_len) {
8031 IPSECLOG(LOG_DEBUG,
8032 "address size mismatched src %u, dst %u.\n",
8033 sa0->sa_len, da0->sa_len);
8034 goto invaddr;
8035 }
8036
8037 switch (sa0->sa_family) {
8038 case AF_INET:
8039 if (sa0->sa_len != sizeof(struct sockaddr_in)) {
8040 IPSECLOG(LOG_DEBUG,
8041 "address size mismatched %u != %zu.\n",
8042 sa0->sa_len, sizeof(struct sockaddr_in));
8043 goto invaddr;
8044 }
8045 break;
8046 case AF_INET6:
8047 if (sa0->sa_len != sizeof(struct sockaddr_in6)) {
8048 IPSECLOG(LOG_DEBUG,
8049 "address size mismatched %u != %zu.\n",
8050 sa0->sa_len, sizeof(struct sockaddr_in6));
8051 goto invaddr;
8052 }
8053 break;
8054 default:
8055 IPSECLOG(LOG_DEBUG, "unsupported address family %u.\n",
8056 sa0->sa_family);
8057 error = EAFNOSUPPORT;
8058 goto senderror;
8059 }
8060 plen = key_sabits(sa0);
8061
8062 /* check max prefix length */
8063 if (src0->sadb_address_prefixlen > plen ||
8064 dst0->sadb_address_prefixlen > plen) {
8065 IPSECLOG(LOG_DEBUG, "illegal prefixlen.\n");
8066 goto invaddr;
8067 }
8068
8069 /*
8070 * prefixlen == 0 is valid because there can be a case when
8071 * all addresses are matched.
8072 */
8073 }
8074
8075 if (msg->sadb_msg_type >= __arraycount(key_api_typesw) ||
8076 key_api_typesw[msg->sadb_msg_type] == NULL) {
8077 PFKEY_STATINC(PFKEY_STAT_OUT_INVMSGTYPE);
8078 error = EINVAL;
8079 goto senderror;
8080 }
8081
8082 return (*key_api_typesw[msg->sadb_msg_type])(so, m, &mh);
8083
8084 invaddr:
8085 error = EINVAL;
8086 senderror:
8087 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
8088 return key_senderror(so, m, error);
8089 }
8090
8091 static int
key_senderror(struct socket * so,struct mbuf * m,int code)8092 key_senderror(struct socket *so, struct mbuf *m, int code)
8093 {
8094 struct sadb_msg *msg;
8095
8096 KASSERT(m->m_len >= sizeof(struct sadb_msg));
8097
8098 if (so == NULL) {
8099 /*
8100 * This means the request comes from kernel.
8101 * As the request comes from kernel, it is unnecessary to
8102 * send message to userland. Just return errcode directly.
8103 */
8104 m_freem(m);
8105 return code;
8106 }
8107
8108 msg = mtod(m, struct sadb_msg *);
8109 msg->sadb_msg_errno = code;
8110 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
8111 }
8112
8113 /*
8114 * set the pointer to each header into message buffer.
8115 * m will be freed on error.
8116 * XXX larger-than-MCLBYTES extension?
8117 */
8118 static int
key_align(struct mbuf * m,struct sadb_msghdr * mhp)8119 key_align(struct mbuf *m, struct sadb_msghdr *mhp)
8120 {
8121 struct mbuf *n;
8122 struct sadb_ext *ext;
8123 size_t off, end;
8124 int extlen;
8125 int toff;
8126
8127 KASSERT(m != NULL);
8128 KASSERT(mhp != NULL);
8129 KASSERT(m->m_len >= sizeof(struct sadb_msg));
8130
8131 /* initialize */
8132 memset(mhp, 0, sizeof(*mhp));
8133
8134 mhp->msg = mtod(m, struct sadb_msg *);
8135 mhp->ext[0] = mhp->msg; /*XXX backward compat */
8136
8137 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
8138 extlen = end; /*just in case extlen is not updated*/
8139 for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
8140 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
8141 if (!n) {
8142 /* m is already freed */
8143 return ENOBUFS;
8144 }
8145 ext = (struct sadb_ext *)(mtod(n, char *) + toff);
8146
8147 /* set pointer */
8148 switch (ext->sadb_ext_type) {
8149 case SADB_EXT_SA:
8150 case SADB_EXT_ADDRESS_SRC:
8151 case SADB_EXT_ADDRESS_DST:
8152 case SADB_EXT_ADDRESS_PROXY:
8153 case SADB_EXT_LIFETIME_CURRENT:
8154 case SADB_EXT_LIFETIME_HARD:
8155 case SADB_EXT_LIFETIME_SOFT:
8156 case SADB_EXT_KEY_AUTH:
8157 case SADB_EXT_KEY_ENCRYPT:
8158 case SADB_EXT_IDENTITY_SRC:
8159 case SADB_EXT_IDENTITY_DST:
8160 case SADB_EXT_SENSITIVITY:
8161 case SADB_EXT_PROPOSAL:
8162 case SADB_EXT_SUPPORTED_AUTH:
8163 case SADB_EXT_SUPPORTED_ENCRYPT:
8164 case SADB_EXT_SPIRANGE:
8165 case SADB_X_EXT_POLICY:
8166 case SADB_X_EXT_SA2:
8167 case SADB_X_EXT_NAT_T_TYPE:
8168 case SADB_X_EXT_NAT_T_SPORT:
8169 case SADB_X_EXT_NAT_T_DPORT:
8170 case SADB_X_EXT_NAT_T_OAI:
8171 case SADB_X_EXT_NAT_T_OAR:
8172 case SADB_X_EXT_NAT_T_FRAG:
8173 /* duplicate check */
8174 /*
8175 * XXX Are there duplication payloads of either
8176 * KEY_AUTH or KEY_ENCRYPT ?
8177 */
8178 if (mhp->ext[ext->sadb_ext_type] != NULL) {
8179 IPSECLOG(LOG_DEBUG,
8180 "duplicate ext_type %u is passed.\n",
8181 ext->sadb_ext_type);
8182 m_freem(m);
8183 PFKEY_STATINC(PFKEY_STAT_OUT_DUPEXT);
8184 return EINVAL;
8185 }
8186 break;
8187 default:
8188 IPSECLOG(LOG_DEBUG, "invalid ext_type %u is passed.\n",
8189 ext->sadb_ext_type);
8190 m_freem(m);
8191 PFKEY_STATINC(PFKEY_STAT_OUT_INVEXTTYPE);
8192 return EINVAL;
8193 }
8194
8195 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
8196
8197 if (key_validate_ext(ext, extlen)) {
8198 m_freem(m);
8199 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN);
8200 return EINVAL;
8201 }
8202
8203 n = m_pulldown(m, off, extlen, &toff);
8204 if (!n) {
8205 /* m is already freed */
8206 return ENOBUFS;
8207 }
8208 ext = (struct sadb_ext *)(mtod(n, char *) + toff);
8209
8210 mhp->ext[ext->sadb_ext_type] = ext;
8211 mhp->extoff[ext->sadb_ext_type] = off;
8212 mhp->extlen[ext->sadb_ext_type] = extlen;
8213 }
8214
8215 if (off != end) {
8216 m_freem(m);
8217 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN);
8218 return EINVAL;
8219 }
8220
8221 return 0;
8222 }
8223
8224 static int
key_validate_ext(const struct sadb_ext * ext,int len)8225 key_validate_ext(const struct sadb_ext *ext, int len)
8226 {
8227 const struct sockaddr *sa;
8228 enum { NONE, ADDR } checktype = NONE;
8229 int baselen = 0;
8230 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
8231
8232 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
8233 return EINVAL;
8234
8235 /* if it does not match minimum/maximum length, bail */
8236 if (ext->sadb_ext_type >= __arraycount(minsize) ||
8237 ext->sadb_ext_type >= __arraycount(maxsize))
8238 return EINVAL;
8239 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
8240 return EINVAL;
8241 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
8242 return EINVAL;
8243
8244 /* more checks based on sadb_ext_type XXX need more */
8245 switch (ext->sadb_ext_type) {
8246 case SADB_EXT_ADDRESS_SRC:
8247 case SADB_EXT_ADDRESS_DST:
8248 case SADB_EXT_ADDRESS_PROXY:
8249 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
8250 checktype = ADDR;
8251 break;
8252 case SADB_EXT_IDENTITY_SRC:
8253 case SADB_EXT_IDENTITY_DST:
8254 if (((const struct sadb_ident *)ext)->sadb_ident_type ==
8255 SADB_X_IDENTTYPE_ADDR) {
8256 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
8257 checktype = ADDR;
8258 } else
8259 checktype = NONE;
8260 break;
8261 default:
8262 checktype = NONE;
8263 break;
8264 }
8265
8266 switch (checktype) {
8267 case NONE:
8268 break;
8269 case ADDR:
8270 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen);
8271 if (len < baselen + sal)
8272 return EINVAL;
8273 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
8274 return EINVAL;
8275 break;
8276 }
8277
8278 return 0;
8279 }
8280
8281 static int
key_do_init(void)8282 key_do_init(void)
8283 {
8284 int i, error;
8285
8286 mutex_init(&key_misc.lock, MUTEX_DEFAULT, IPL_NONE);
8287
8288 mutex_init(&key_spd.lock, MUTEX_DEFAULT, IPL_NONE);
8289 cv_init(&key_spd.cv_lc, "key_sp_lc");
8290 key_spd.psz = pserialize_create();
8291 cv_init(&key_spd.cv_psz, "key_sp_psz");
8292 key_spd.psz_performing = false;
8293
8294 mutex_init(&key_sad.lock, MUTEX_DEFAULT, IPL_NONE);
8295 cv_init(&key_sad.cv_lc, "key_sa_lc");
8296 key_sad.psz = pserialize_create();
8297 cv_init(&key_sad.cv_psz, "key_sa_psz");
8298 key_sad.psz_performing = false;
8299
8300 pfkeystat_percpu = percpu_alloc(sizeof(uint64_t) * PFKEY_NSTATS);
8301
8302 callout_init(&key_timehandler_ch, CALLOUT_MPSAFE);
8303 error = workqueue_create(&key_timehandler_wq, "key_timehandler",
8304 key_timehandler_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE);
8305 if (error != 0)
8306 panic("%s: workqueue_create failed (%d)\n", __func__, error);
8307
8308 for (i = 0; i < IPSEC_DIR_MAX; i++) {
8309 PSLIST_INIT(&key_spd.splist[i]);
8310 }
8311
8312 PSLIST_INIT(&key_spd.socksplist);
8313
8314 key_sad.sahlists = hashinit(SAHHASH_NHASH, HASH_PSLIST, true,
8315 &key_sad.sahlistmask);
8316 key_sad.savlut = hashinit(SAVLUT_NHASH, HASH_PSLIST, true,
8317 &key_sad.savlutmask);
8318
8319 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
8320 LIST_INIT(&key_misc.reglist[i]);
8321 }
8322
8323 #ifndef IPSEC_NONBLOCK_ACQUIRE
8324 LIST_INIT(&key_misc.acqlist);
8325 #endif
8326 #ifdef notyet
8327 LIST_INIT(&key_misc.spacqlist);
8328 #endif
8329
8330 /* system default */
8331 ip4_def_policy.policy = IPSEC_POLICY_NONE;
8332 ip4_def_policy.state = IPSEC_SPSTATE_ALIVE;
8333 localcount_init(&ip4_def_policy.localcount);
8334
8335 #ifdef INET6
8336 ip6_def_policy.policy = IPSEC_POLICY_NONE;
8337 ip6_def_policy.state = IPSEC_SPSTATE_ALIVE;
8338 localcount_init(&ip6_def_policy.localcount);
8339 #endif
8340
8341 callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL);
8342
8343 /* initialize key statistics */
8344 keystat.getspi_count = 1;
8345
8346 aprint_verbose("IPsec: Initialized Security Association Processing.\n");
8347
8348 return (0);
8349 }
8350
8351 void
key_init(void)8352 key_init(void)
8353 {
8354 static ONCE_DECL(key_init_once);
8355
8356 sysctl_net_keyv2_setup(NULL);
8357 sysctl_net_key_compat_setup(NULL);
8358
8359 RUN_ONCE(&key_init_once, key_do_init);
8360
8361 key_init_so();
8362 }
8363
8364 /*
8365 * XXX: maybe This function is called after INBOUND IPsec processing.
8366 *
8367 * Special check for tunnel-mode packets.
8368 * We must make some checks for consistency between inner and outer IP header.
8369 *
8370 * xxx more checks to be provided
8371 */
8372 int
key_checktunnelsanity(struct secasvar * sav,u_int family,void * src,void * dst)8373 key_checktunnelsanity(
8374 struct secasvar *sav,
8375 u_int family,
8376 void *src,
8377 void *dst
8378 )
8379 {
8380
8381 /* XXX: check inner IP header */
8382
8383 return 1;
8384 }
8385
8386 #if 0
8387 #define hostnamelen strlen(hostname)
8388
8389 /*
8390 * Get FQDN for the host.
8391 * If the administrator configured hostname (by hostname(1)) without
8392 * domain name, returns nothing.
8393 */
8394 static const char *
8395 key_getfqdn(void)
8396 {
8397 int i;
8398 int hasdot;
8399 static char fqdn[MAXHOSTNAMELEN + 1];
8400
8401 if (!hostnamelen)
8402 return NULL;
8403
8404 /* check if it comes with domain name. */
8405 hasdot = 0;
8406 for (i = 0; i < hostnamelen; i++) {
8407 if (hostname[i] == '.')
8408 hasdot++;
8409 }
8410 if (!hasdot)
8411 return NULL;
8412
8413 /* NOTE: hostname may not be NUL-terminated. */
8414 memset(fqdn, 0, sizeof(fqdn));
8415 memcpy(fqdn, hostname, hostnamelen);
8416 fqdn[hostnamelen] = '\0';
8417 return fqdn;
8418 }
8419
8420 /*
8421 * get username@FQDN for the host/user.
8422 */
8423 static const char *
8424 key_getuserfqdn(void)
8425 {
8426 const char *host;
8427 static char userfqdn[MAXHOSTNAMELEN + MAXLOGNAME + 2];
8428 struct proc *p = curproc;
8429 char *q;
8430
8431 if (!p || !p->p_pgrp || !p->p_pgrp->pg_session)
8432 return NULL;
8433 if (!(host = key_getfqdn()))
8434 return NULL;
8435
8436 /* NOTE: s_login may not be-NUL terminated. */
8437 memset(userfqdn, 0, sizeof(userfqdn));
8438 memcpy(userfqdn, Mp->p_pgrp->pg_session->s_login, AXLOGNAME);
8439 userfqdn[MAXLOGNAME] = '\0'; /* safeguard */
8440 q = userfqdn + strlen(userfqdn);
8441 *q++ = '@';
8442 memcpy(q, host, strlen(host));
8443 q += strlen(host);
8444 *q++ = '\0';
8445
8446 return userfqdn;
8447 }
8448 #endif
8449
8450 /* record data transfer on SA, and update timestamps */
8451 void
key_sa_recordxfer(struct secasvar * sav,struct mbuf * m)8452 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m)
8453 {
8454 lifetime_counters_t *counters;
8455
8456 KASSERT(sav != NULL);
8457 KASSERT(sav->lft_c != NULL);
8458 KASSERT(m != NULL);
8459
8460 counters = percpu_getref(sav->lft_c_counters_percpu);
8461
8462 /*
8463 * XXX Currently, there is a difference of bytes size
8464 * between inbound and outbound processing.
8465 */
8466 (*counters)[LIFETIME_COUNTER_BYTES] += m->m_pkthdr.len;
8467 /* to check bytes lifetime is done in key_timehandler(). */
8468
8469 /*
8470 * We use the number of packets as the unit of
8471 * sadb_lifetime_allocations. We increment the variable
8472 * whenever {esp,ah}_{in,out}put is called.
8473 */
8474 (*counters)[LIFETIME_COUNTER_ALLOCATIONS]++;
8475 /* XXX check for expires? */
8476
8477 percpu_putref(sav->lft_c_counters_percpu);
8478
8479 /*
8480 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
8481 * in seconds. HARD and SOFT lifetime are measured by the time
8482 * difference (again in seconds) from sadb_lifetime_usetime.
8483 *
8484 * usetime
8485 * v expire expire
8486 * -----+-----+--------+---> t
8487 * <--------------> HARD
8488 * <-----> SOFT
8489 */
8490 sav->lft_c->sadb_lifetime_usetime = time_uptime;
8491 /* XXX check for expires? */
8492
8493 return;
8494 }
8495
8496 /* dumb version */
8497 void
key_sa_routechange(struct sockaddr * dst)8498 key_sa_routechange(struct sockaddr *dst)
8499 {
8500 struct secashead *sah;
8501 int s;
8502
8503 s = pserialize_read_enter();
8504 SAHLIST_READER_FOREACH(sah) {
8505 struct route *ro;
8506 const struct sockaddr *sa;
8507
8508 key_sah_ref(sah);
8509 pserialize_read_exit(s);
8510
8511 ro = &sah->sa_route;
8512 sa = rtcache_getdst(ro);
8513 if (sa != NULL && dst->sa_len == sa->sa_len &&
8514 memcmp(dst, sa, dst->sa_len) == 0)
8515 rtcache_free(ro);
8516
8517 s = pserialize_read_enter();
8518 key_sah_unref(sah);
8519 }
8520 pserialize_read_exit(s);
8521
8522 return;
8523 }
8524
8525 static void
key_sa_chgstate(struct secasvar * sav,u_int8_t state)8526 key_sa_chgstate(struct secasvar *sav, u_int8_t state)
8527 {
8528 struct secasvar *_sav;
8529
8530 ASSERT_SLEEPABLE();
8531 KASSERT(mutex_owned(&key_sad.lock));
8532
8533 if (sav->state == state)
8534 return;
8535
8536 key_unlink_sav(sav);
8537 localcount_fini(&sav->localcount);
8538 SAVLIST_ENTRY_DESTROY(sav);
8539 key_init_sav(sav);
8540
8541 sav->state = state;
8542 if (!SADB_SASTATE_USABLE_P(sav)) {
8543 /* We don't need to care about the order */
8544 SAVLIST_WRITER_INSERT_HEAD(sav->sah, state, sav);
8545 return;
8546 }
8547 /*
8548 * Sort the list by lft_c->sadb_lifetime_addtime
8549 * in ascending order.
8550 */
8551 SAVLIST_WRITER_FOREACH(_sav, sav->sah, state) {
8552 if (_sav->lft_c->sadb_lifetime_addtime >
8553 sav->lft_c->sadb_lifetime_addtime) {
8554 SAVLIST_WRITER_INSERT_BEFORE(_sav, sav);
8555 break;
8556 }
8557 }
8558 if (_sav == NULL) {
8559 SAVLIST_WRITER_INSERT_TAIL(sav->sah, state, sav);
8560 }
8561
8562 SAVLUT_WRITER_INSERT_HEAD(sav);
8563
8564 key_validate_savlist(sav->sah, state);
8565 }
8566
8567 /* XXX too much? */
8568 static struct mbuf *
key_alloc_mbuf(int l,int mflag)8569 key_alloc_mbuf(int l, int mflag)
8570 {
8571 struct mbuf *m = NULL, *n;
8572 int len, t;
8573
8574 KASSERT(mflag == M_NOWAIT || (mflag == M_WAITOK && !cpu_softintr_p()));
8575
8576 len = l;
8577 while (len > 0) {
8578 MGET(n, mflag, MT_DATA);
8579 if (n && len > MLEN) {
8580 MCLGET(n, mflag);
8581 if ((n->m_flags & M_EXT) == 0) {
8582 m_freem(n);
8583 n = NULL;
8584 }
8585 }
8586 if (!n) {
8587 m_freem(m);
8588 return NULL;
8589 }
8590
8591 n->m_next = NULL;
8592 n->m_len = 0;
8593 n->m_len = M_TRAILINGSPACE(n);
8594 /* use the bottom of mbuf, hoping we can prepend afterwards */
8595 if (n->m_len > len) {
8596 t = (n->m_len - len) & ~(sizeof(long) - 1);
8597 n->m_data += t;
8598 n->m_len = len;
8599 }
8600
8601 len -= n->m_len;
8602
8603 if (m)
8604 m_cat(m, n);
8605 else
8606 m = n;
8607 }
8608
8609 return m;
8610 }
8611
8612 static struct mbuf *
key_setdump(u_int8_t req_satype,int * errorp,uint32_t pid)8613 key_setdump(u_int8_t req_satype, int *errorp, uint32_t pid)
8614 {
8615 struct secashead *sah;
8616 struct secasvar *sav;
8617 u_int16_t proto;
8618 u_int8_t satype;
8619 u_int8_t state;
8620 int cnt;
8621 struct mbuf *m, *n;
8622
8623 KASSERT(mutex_owned(&key_sad.lock));
8624
8625 /* map satype to proto */
8626 proto = key_satype2proto(req_satype);
8627 if (proto == 0) {
8628 *errorp = EINVAL;
8629 return (NULL);
8630 }
8631
8632 /* count sav entries to be sent to the userland. */
8633 cnt = 0;
8634 SAHLIST_WRITER_FOREACH(sah) {
8635 if (req_satype != SADB_SATYPE_UNSPEC &&
8636 proto != sah->saidx.proto)
8637 continue;
8638
8639 SASTATE_ANY_FOREACH(state) {
8640 SAVLIST_WRITER_FOREACH(sav, sah, state) {
8641 cnt++;
8642 }
8643 }
8644 }
8645
8646 if (cnt == 0) {
8647 *errorp = ENOENT;
8648 return (NULL);
8649 }
8650
8651 /* send this to the userland, one at a time. */
8652 m = NULL;
8653 SAHLIST_WRITER_FOREACH(sah) {
8654 if (req_satype != SADB_SATYPE_UNSPEC &&
8655 proto != sah->saidx.proto)
8656 continue;
8657
8658 /* map proto to satype */
8659 satype = key_proto2satype(sah->saidx.proto);
8660 if (satype == 0) {
8661 m_freem(m);
8662 *errorp = EINVAL;
8663 return (NULL);
8664 }
8665
8666 SASTATE_ANY_FOREACH(state) {
8667 SAVLIST_WRITER_FOREACH(sav, sah, state) {
8668 n = key_setdumpsa(sav, SADB_DUMP, satype,
8669 --cnt, pid);
8670 if (!m)
8671 m = n;
8672 else
8673 m_cat(m, n);
8674 }
8675 }
8676 }
8677
8678 if (!m) {
8679 *errorp = EINVAL;
8680 return (NULL);
8681 }
8682
8683 if ((m->m_flags & M_PKTHDR) != 0) {
8684 m->m_pkthdr.len = 0;
8685 for (n = m; n; n = n->m_next)
8686 m->m_pkthdr.len += n->m_len;
8687 }
8688
8689 *errorp = 0;
8690 return (m);
8691 }
8692
8693 static struct mbuf *
key_setspddump(int * errorp,pid_t pid)8694 key_setspddump(int *errorp, pid_t pid)
8695 {
8696 struct secpolicy *sp;
8697 int cnt;
8698 u_int dir;
8699 struct mbuf *m, *n;
8700
8701 KASSERT(mutex_owned(&key_spd.lock));
8702
8703 /* search SPD entry and get buffer size. */
8704 cnt = 0;
8705 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
8706 SPLIST_WRITER_FOREACH(sp, dir) {
8707 cnt++;
8708 }
8709 }
8710
8711 if (cnt == 0) {
8712 *errorp = ENOENT;
8713 return (NULL);
8714 }
8715
8716 m = NULL;
8717 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
8718 SPLIST_WRITER_FOREACH(sp, dir) {
8719 --cnt;
8720 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, pid);
8721
8722 if (!m)
8723 m = n;
8724 else {
8725 m->m_pkthdr.len += n->m_pkthdr.len;
8726 m_cat(m, n);
8727 }
8728 }
8729 }
8730
8731 *errorp = 0;
8732 return (m);
8733 }
8734
8735 int
key_get_used(void)8736 key_get_used(void) {
8737 return !SPLIST_READER_EMPTY(IPSEC_DIR_INBOUND) ||
8738 !SPLIST_READER_EMPTY(IPSEC_DIR_OUTBOUND) ||
8739 !SOCKSPLIST_READER_EMPTY();
8740 }
8741
8742 void
key_update_used(void)8743 key_update_used(void)
8744 {
8745 switch (ipsec_enabled) {
8746 default:
8747 case 0:
8748 #ifdef notyet
8749 /* XXX: racy */
8750 ipsec_used = 0;
8751 #endif
8752 break;
8753 case 1:
8754 #ifndef notyet
8755 /* XXX: racy */
8756 if (!ipsec_used)
8757 #endif
8758 ipsec_used = key_get_used();
8759 break;
8760 case 2:
8761 ipsec_used = 1;
8762 break;
8763 }
8764 }
8765
8766 static inline void
key_savlut_writer_insert_head(struct secasvar * sav)8767 key_savlut_writer_insert_head(struct secasvar *sav)
8768 {
8769 uint32_t hash_key;
8770 uint32_t hash;
8771
8772 KASSERT(mutex_owned(&key_sad.lock));
8773 KASSERT(!sav->savlut_added);
8774
8775 hash_key = sav->spi;
8776
8777 hash = key_savluthash(&sav->sah->saidx.dst.sa,
8778 sav->sah->saidx.proto, hash_key, key_sad.savlutmask);
8779
8780 PSLIST_WRITER_INSERT_HEAD(&key_sad.savlut[hash], sav,
8781 pslist_entry_savlut);
8782 sav->savlut_added = true;
8783 }
8784
8785 /*
8786 * Calculate hash using protocol, source address,
8787 * and destination address included in saidx.
8788 */
8789 static inline uint32_t
key_saidxhash(const struct secasindex * saidx,u_long mask)8790 key_saidxhash(const struct secasindex *saidx, u_long mask)
8791 {
8792 uint32_t hash32;
8793 const struct sockaddr_in *sin;
8794 const struct sockaddr_in6 *sin6;
8795
8796 hash32 = saidx->proto;
8797
8798 switch (saidx->src.sa.sa_family) {
8799 case AF_INET:
8800 sin = &saidx->src.sin;
8801 hash32 = hash32_buf(&sin->sin_addr,
8802 sizeof(sin->sin_addr), hash32);
8803 sin = &saidx->dst.sin;
8804 hash32 = hash32_buf(&sin->sin_addr,
8805 sizeof(sin->sin_addr), hash32 << 1);
8806 break;
8807 case AF_INET6:
8808 sin6 = &saidx->src.sin6;
8809 hash32 = hash32_buf(&sin6->sin6_addr,
8810 sizeof(sin6->sin6_addr), hash32);
8811 sin6 = &saidx->dst.sin6;
8812 hash32 = hash32_buf(&sin6->sin6_addr,
8813 sizeof(sin6->sin6_addr), hash32 << 1);
8814 break;
8815 default:
8816 hash32 = 0;
8817 break;
8818 }
8819
8820 return hash32 & mask;
8821 }
8822
8823 /*
8824 * Calculate hash using destination address, protocol,
8825 * and spi. Those parameter depend on the search of
8826 * key_lookup_sa().
8827 */
8828 static uint32_t
key_savluthash(const struct sockaddr * dst,uint32_t proto,uint32_t spi,u_long mask)8829 key_savluthash(const struct sockaddr *dst, uint32_t proto,
8830 uint32_t spi, u_long mask)
8831 {
8832 uint32_t hash32;
8833 const struct sockaddr_in *sin;
8834 const struct sockaddr_in6 *sin6;
8835
8836 hash32 = hash32_buf(&proto, sizeof(proto), spi);
8837
8838 switch(dst->sa_family) {
8839 case AF_INET:
8840 sin = satocsin(dst);
8841 hash32 = hash32_buf(&sin->sin_addr,
8842 sizeof(sin->sin_addr), hash32);
8843 break;
8844 case AF_INET6:
8845 sin6 = satocsin6(dst);
8846 hash32 = hash32_buf(&sin6->sin6_addr,
8847 sizeof(sin6->sin6_addr), hash32);
8848 break;
8849 default:
8850 hash32 = 0;
8851 }
8852
8853 return hash32 & mask;
8854 }
8855
8856 static int
sysctl_net_key_dumpsa(SYSCTLFN_ARGS)8857 sysctl_net_key_dumpsa(SYSCTLFN_ARGS)
8858 {
8859 struct mbuf *m, *n;
8860 int err2 = 0;
8861 char *p, *ep;
8862 size_t len;
8863 int error;
8864
8865 if (newp)
8866 return (EPERM);
8867 if (namelen != 1)
8868 return (EINVAL);
8869
8870 mutex_enter(&key_sad.lock);
8871 m = key_setdump(name[0], &error, l->l_proc->p_pid);
8872 mutex_exit(&key_sad.lock);
8873 if (!m)
8874 return (error);
8875 if (!oldp)
8876 *oldlenp = m->m_pkthdr.len;
8877 else {
8878 p = oldp;
8879 if (*oldlenp < m->m_pkthdr.len) {
8880 err2 = ENOMEM;
8881 ep = p + *oldlenp;
8882 } else {
8883 *oldlenp = m->m_pkthdr.len;
8884 ep = p + m->m_pkthdr.len;
8885 }
8886 for (n = m; n; n = n->m_next) {
8887 len = (ep - p < n->m_len) ?
8888 ep - p : n->m_len;
8889 error = copyout(mtod(n, const void *), p, len);
8890 p += len;
8891 if (error)
8892 break;
8893 }
8894 if (error == 0)
8895 error = err2;
8896 }
8897 m_freem(m);
8898
8899 return (error);
8900 }
8901
8902 static int
sysctl_net_key_dumpsp(SYSCTLFN_ARGS)8903 sysctl_net_key_dumpsp(SYSCTLFN_ARGS)
8904 {
8905 struct mbuf *m, *n;
8906 int err2 = 0;
8907 char *p, *ep;
8908 size_t len;
8909 int error;
8910
8911 if (newp)
8912 return (EPERM);
8913 if (namelen != 0)
8914 return (EINVAL);
8915
8916 mutex_enter(&key_spd.lock);
8917 m = key_setspddump(&error, l->l_proc->p_pid);
8918 mutex_exit(&key_spd.lock);
8919 if (!m)
8920 return (error);
8921 if (!oldp)
8922 *oldlenp = m->m_pkthdr.len;
8923 else {
8924 p = oldp;
8925 if (*oldlenp < m->m_pkthdr.len) {
8926 err2 = ENOMEM;
8927 ep = p + *oldlenp;
8928 } else {
8929 *oldlenp = m->m_pkthdr.len;
8930 ep = p + m->m_pkthdr.len;
8931 }
8932 for (n = m; n; n = n->m_next) {
8933 len = (ep - p < n->m_len) ? ep - p : n->m_len;
8934 error = copyout(mtod(n, const void *), p, len);
8935 p += len;
8936 if (error)
8937 break;
8938 }
8939 if (error == 0)
8940 error = err2;
8941 }
8942 m_freem(m);
8943
8944 return (error);
8945 }
8946
8947 /*
8948 * Create sysctl tree for native IPSEC key knobs, originally
8949 * under name "net.keyv2" * with MIB number { CTL_NET, PF_KEY_V2. }.
8950 * However, sysctl(8) never checked for nodes under { CTL_NET, PF_KEY_V2 };
8951 * and in any case the part of our sysctl namespace used for dumping the
8952 * SPD and SA database *HAS* to be compatible with the KAME sysctl
8953 * namespace, for API reasons.
8954 *
8955 * Pending a consensus on the right way to fix this, add a level of
8956 * indirection in how we number the `native' IPSEC key nodes;
8957 * and (as requested by Andrew Brown) move registration of the
8958 * KAME-compatible names to a separate function.
8959 */
8960 #if 0
8961 # define IPSEC_PFKEY PF_KEY_V2
8962 # define IPSEC_PFKEY_NAME "keyv2"
8963 #else
8964 # define IPSEC_PFKEY PF_KEY
8965 # define IPSEC_PFKEY_NAME "key"
8966 #endif
8967
8968 static int
sysctl_net_key_stats(SYSCTLFN_ARGS)8969 sysctl_net_key_stats(SYSCTLFN_ARGS)
8970 {
8971
8972 return (NETSTAT_SYSCTL(pfkeystat_percpu, PFKEY_NSTATS));
8973 }
8974
8975 static void
sysctl_net_keyv2_setup(struct sysctllog ** clog)8976 sysctl_net_keyv2_setup(struct sysctllog **clog)
8977 {
8978
8979 sysctl_createv(clog, 0, NULL, NULL,
8980 CTLFLAG_PERMANENT,
8981 CTLTYPE_NODE, IPSEC_PFKEY_NAME, NULL,
8982 NULL, 0, NULL, 0,
8983 CTL_NET, IPSEC_PFKEY, CTL_EOL);
8984
8985 sysctl_createv(clog, 0, NULL, NULL,
8986 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8987 CTLTYPE_INT, "debug", NULL,
8988 NULL, 0, &key_debug_level, 0,
8989 CTL_NET, IPSEC_PFKEY, KEYCTL_DEBUG_LEVEL, CTL_EOL);
8990 sysctl_createv(clog, 0, NULL, NULL,
8991 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8992 CTLTYPE_INT, "spi_try", NULL,
8993 NULL, 0, &key_spi_trycnt, 0,
8994 CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_TRY, CTL_EOL);
8995 sysctl_createv(clog, 0, NULL, NULL,
8996 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8997 CTLTYPE_INT, "spi_min_value", NULL,
8998 NULL, 0, &key_spi_minval, 0,
8999 CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_MIN_VALUE, CTL_EOL);
9000 sysctl_createv(clog, 0, NULL, NULL,
9001 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
9002 CTLTYPE_INT, "spi_max_value", NULL,
9003 NULL, 0, &key_spi_maxval, 0,
9004 CTL_NET, IPSEC_PFKEY, KEYCTL_SPI_MAX_VALUE, CTL_EOL);
9005 sysctl_createv(clog, 0, NULL, NULL,
9006 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
9007 CTLTYPE_INT, "random_int", NULL,
9008 NULL, 0, &key_int_random, 0,
9009 CTL_NET, IPSEC_PFKEY, KEYCTL_RANDOM_INT, CTL_EOL);
9010 sysctl_createv(clog, 0, NULL, NULL,
9011 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
9012 CTLTYPE_INT, "larval_lifetime", NULL,
9013 NULL, 0, &key_larval_lifetime, 0,
9014 CTL_NET, IPSEC_PFKEY, KEYCTL_LARVAL_LIFETIME, CTL_EOL);
9015 sysctl_createv(clog, 0, NULL, NULL,
9016 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
9017 CTLTYPE_INT, "blockacq_count", NULL,
9018 NULL, 0, &key_blockacq_count, 0,
9019 CTL_NET, IPSEC_PFKEY, KEYCTL_BLOCKACQ_COUNT, CTL_EOL);
9020 sysctl_createv(clog, 0, NULL, NULL,
9021 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
9022 CTLTYPE_INT, "blockacq_lifetime", NULL,
9023 NULL, 0, &key_blockacq_lifetime, 0,
9024 CTL_NET, IPSEC_PFKEY, KEYCTL_BLOCKACQ_LIFETIME, CTL_EOL);
9025 sysctl_createv(clog, 0, NULL, NULL,
9026 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
9027 CTLTYPE_INT, "esp_keymin", NULL,
9028 NULL, 0, &ipsec_esp_keymin, 0,
9029 CTL_NET, IPSEC_PFKEY, KEYCTL_ESP_KEYMIN, CTL_EOL);
9030 sysctl_createv(clog, 0, NULL, NULL,
9031 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
9032 CTLTYPE_INT, "prefered_oldsa", NULL,
9033 NULL, 0, &key_prefered_oldsa, 0,
9034 CTL_NET, PF_KEY, KEYCTL_PREFERED_OLDSA, CTL_EOL);
9035 sysctl_createv(clog, 0, NULL, NULL,
9036 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
9037 CTLTYPE_INT, "esp_auth", NULL,
9038 NULL, 0, &ipsec_esp_auth, 0,
9039 CTL_NET, IPSEC_PFKEY, KEYCTL_ESP_AUTH, CTL_EOL);
9040 sysctl_createv(clog, 0, NULL, NULL,
9041 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
9042 CTLTYPE_INT, "ah_keymin", NULL,
9043 NULL, 0, &ipsec_ah_keymin, 0,
9044 CTL_NET, IPSEC_PFKEY, KEYCTL_AH_KEYMIN, CTL_EOL);
9045 sysctl_createv(clog, 0, NULL, NULL,
9046 CTLFLAG_PERMANENT,
9047 CTLTYPE_STRUCT, "stats",
9048 SYSCTL_DESCR("PF_KEY statistics"),
9049 sysctl_net_key_stats, 0, NULL, 0,
9050 CTL_NET, IPSEC_PFKEY, CTL_CREATE, CTL_EOL);
9051 sysctl_createv(clog, 0, NULL, NULL,
9052 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
9053 CTLTYPE_BOOL, "allow_different_idtype", NULL,
9054 NULL, 0, &ipsec_allow_different_idtype, 0,
9055 CTL_NET, IPSEC_PFKEY, KEYCTL_ALLOW_DIFFERENT_IDTYPE, CTL_EOL);
9056 }
9057
9058 /*
9059 * Register sysctl names used by setkey(8). For historical reasons,
9060 * and to share a single API, these names appear under { CTL_NET, PF_KEY }
9061 * for both IPSEC and KAME IPSEC.
9062 */
9063 static void
sysctl_net_key_compat_setup(struct sysctllog ** clog)9064 sysctl_net_key_compat_setup(struct sysctllog **clog)
9065 {
9066
9067 sysctl_createv(clog, 0, NULL, NULL,
9068 CTLFLAG_PERMANENT,
9069 CTLTYPE_NODE, "key", NULL,
9070 NULL, 0, NULL, 0,
9071 CTL_NET, PF_KEY, CTL_EOL);
9072
9073 /* Register the net.key.dump{sa,sp} nodes used by setkey(8). */
9074 sysctl_createv(clog, 0, NULL, NULL,
9075 CTLFLAG_PERMANENT,
9076 CTLTYPE_STRUCT, "dumpsa", NULL,
9077 sysctl_net_key_dumpsa, 0, NULL, 0,
9078 CTL_NET, PF_KEY, KEYCTL_DUMPSA, CTL_EOL);
9079 sysctl_createv(clog, 0, NULL, NULL,
9080 CTLFLAG_PERMANENT,
9081 CTLTYPE_STRUCT, "dumpsp", NULL,
9082 sysctl_net_key_dumpsp, 0, NULL, 0,
9083 CTL_NET, PF_KEY, KEYCTL_DUMPSP, CTL_EOL);
9084 }
9085