1 /* $FreeBSD$ */ 2 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 3 4 /*- 5 * SPDX-License-Identifier: BSD-3-Clause 6 * 7 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the project nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 /* 36 * This code is referd to RFC 2367 37 */ 38 39 #include "opt_inet.h" 40 #include "opt_inet6.h" 41 #include "opt_ipsec.h" 42 43 #include <sys/types.h> 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/kernel.h> 47 #include <sys/fnv_hash.h> 48 #include <sys/lock.h> 49 #include <sys/mutex.h> 50 #include <sys/mbuf.h> 51 #include <sys/domain.h> 52 #include <sys/protosw.h> 53 #include <sys/malloc.h> 54 #include <sys/rmlock.h> 55 #include <sys/socket.h> 56 #include <sys/socketvar.h> 57 #include <sys/sysctl.h> 58 #include <sys/errno.h> 59 #include <sys/proc.h> 60 #include <sys/queue.h> 61 #include <sys/refcount.h> 62 #include <sys/syslog.h> 63 64 #include <vm/uma.h> 65 66 #include <net/if.h> 67 #include <net/if_var.h> 68 #include <net/vnet.h> 69 #include <net/raw_cb.h> 70 71 #include <netinet/in.h> 72 #include <netinet/in_systm.h> 73 #include <netinet/ip.h> 74 #include <netinet/in_var.h> 75 #include <netinet/udp.h> 76 77 #ifdef INET6 78 #include <netinet/ip6.h> 79 #include <netinet6/in6_var.h> 80 #include <netinet6/ip6_var.h> 81 #endif /* INET6 */ 82 83 #include <net/pfkeyv2.h> 84 #include <netipsec/keydb.h> 85 #include <netipsec/key.h> 86 #include <netipsec/keysock.h> 87 #include <netipsec/key_debug.h> 88 89 #include <netipsec/ipsec.h> 90 #ifdef INET6 91 #include <netipsec/ipsec6.h> 92 #endif 93 94 #include <netipsec/xform.h> 95 #include <machine/in_cksum.h> 96 #include <machine/stdarg.h> 97 98 /* randomness */ 99 #include <sys/random.h> 100 101 #define FULLMASK 0xff 102 #define _BITS(bytes) ((bytes) << 3) 103 104 /* 105 * Note on SA reference counting: 106 * - SAs that are not in DEAD state will have (total external reference + 1) 107 * following value in reference count field. they cannot be freed and are 108 * referenced from SA header. 109 * - SAs that are in DEAD state will have (total external reference) 110 * in reference count field. they are ready to be freed. reference from 111 * SA header will be removed in key_delsav(), when the reference count 112 * field hits 0 (= no external reference other than from SA header. 113 */ 114 115 VNET_DEFINE(u_int32_t, key_debug_level) = 0; 116 VNET_DEFINE_STATIC(u_int, key_spi_trycnt) = 1000; 117 VNET_DEFINE_STATIC(u_int32_t, key_spi_minval) = 0x100; 118 VNET_DEFINE_STATIC(u_int32_t, key_spi_maxval) = 0x0fffffff; /* XXX */ 119 VNET_DEFINE_STATIC(u_int32_t, policy_id) = 0; 120 /*interval to initialize randseed,1(m)*/ 121 VNET_DEFINE_STATIC(u_int, key_int_random) = 60; 122 /* interval to expire acquiring, 30(s)*/ 123 VNET_DEFINE_STATIC(u_int, key_larval_lifetime) = 30; 124 /* counter for blocking SADB_ACQUIRE.*/ 125 VNET_DEFINE_STATIC(int, key_blockacq_count) = 10; 126 /* lifetime for blocking SADB_ACQUIRE.*/ 127 VNET_DEFINE_STATIC(int, key_blockacq_lifetime) = 20; 128 /* preferred old sa rather than new sa.*/ 129 VNET_DEFINE_STATIC(int, key_preferred_oldsa) = 1; 130 #define V_key_spi_trycnt VNET(key_spi_trycnt) 131 #define V_key_spi_minval VNET(key_spi_minval) 132 #define V_key_spi_maxval VNET(key_spi_maxval) 133 #define V_policy_id VNET(policy_id) 134 #define V_key_int_random VNET(key_int_random) 135 #define V_key_larval_lifetime VNET(key_larval_lifetime) 136 #define V_key_blockacq_count VNET(key_blockacq_count) 137 #define V_key_blockacq_lifetime VNET(key_blockacq_lifetime) 138 #define V_key_preferred_oldsa VNET(key_preferred_oldsa) 139 140 VNET_DEFINE_STATIC(u_int32_t, acq_seq) = 0; 141 #define V_acq_seq VNET(acq_seq) 142 143 VNET_DEFINE_STATIC(uint32_t, sp_genid) = 0; 144 #define V_sp_genid VNET(sp_genid) 145 146 /* SPD */ 147 TAILQ_HEAD(secpolicy_queue, secpolicy); 148 LIST_HEAD(secpolicy_list, secpolicy); 149 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree[IPSEC_DIR_MAX]); 150 VNET_DEFINE_STATIC(struct secpolicy_queue, sptree_ifnet[IPSEC_DIR_MAX]); 151 static struct rmlock sptree_lock; 152 #define V_sptree VNET(sptree) 153 #define V_sptree_ifnet VNET(sptree_ifnet) 154 #define SPTREE_LOCK_INIT() rm_init(&sptree_lock, "sptree") 155 #define SPTREE_LOCK_DESTROY() rm_destroy(&sptree_lock) 156 #define SPTREE_RLOCK_TRACKER struct rm_priotracker sptree_tracker 157 #define SPTREE_RLOCK() rm_rlock(&sptree_lock, &sptree_tracker) 158 #define SPTREE_RUNLOCK() rm_runlock(&sptree_lock, &sptree_tracker) 159 #define SPTREE_RLOCK_ASSERT() rm_assert(&sptree_lock, RA_RLOCKED) 160 #define SPTREE_WLOCK() rm_wlock(&sptree_lock) 161 #define SPTREE_WUNLOCK() rm_wunlock(&sptree_lock) 162 #define SPTREE_WLOCK_ASSERT() rm_assert(&sptree_lock, RA_WLOCKED) 163 #define SPTREE_UNLOCK_ASSERT() rm_assert(&sptree_lock, RA_UNLOCKED) 164 165 /* Hash table for lookup SP using unique id */ 166 VNET_DEFINE_STATIC(struct secpolicy_list *, sphashtbl); 167 VNET_DEFINE_STATIC(u_long, sphash_mask); 168 #define V_sphashtbl VNET(sphashtbl) 169 #define V_sphash_mask VNET(sphash_mask) 170 171 #define SPHASH_NHASH_LOG2 7 172 #define SPHASH_NHASH (1 << SPHASH_NHASH_LOG2) 173 #define SPHASH_HASHVAL(id) (key_u32hash(id) & V_sphash_mask) 174 #define SPHASH_HASH(id) &V_sphashtbl[SPHASH_HASHVAL(id)] 175 176 /* SPD cache */ 177 struct spdcache_entry { 178 struct secpolicyindex spidx; /* secpolicyindex */ 179 struct secpolicy *sp; /* cached policy to be used */ 180 181 LIST_ENTRY(spdcache_entry) chain; 182 }; 183 LIST_HEAD(spdcache_entry_list, spdcache_entry); 184 185 #define SPDCACHE_MAX_ENTRIES_PER_HASH 8 186 187 VNET_DEFINE_STATIC(u_int, key_spdcache_maxentries) = 0; 188 #define V_key_spdcache_maxentries VNET(key_spdcache_maxentries) 189 VNET_DEFINE_STATIC(u_int, key_spdcache_threshold) = 32; 190 #define V_key_spdcache_threshold VNET(key_spdcache_threshold) 191 VNET_DEFINE_STATIC(unsigned long, spd_size) = 0; 192 #define V_spd_size VNET(spd_size) 193 194 #define SPDCACHE_ENABLED() (V_key_spdcache_maxentries != 0) 195 #define SPDCACHE_ACTIVE() \ 196 (SPDCACHE_ENABLED() && V_spd_size >= V_key_spdcache_threshold) 197 198 VNET_DEFINE_STATIC(struct spdcache_entry_list *, spdcachehashtbl); 199 VNET_DEFINE_STATIC(u_long, spdcachehash_mask); 200 #define V_spdcachehashtbl VNET(spdcachehashtbl) 201 #define V_spdcachehash_mask VNET(spdcachehash_mask) 202 203 #define SPDCACHE_HASHVAL(idx) \ 204 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->ul_proto) & \ 205 V_spdcachehash_mask) 206 207 /* Each cache line is protected by a mutex */ 208 VNET_DEFINE_STATIC(struct mtx *, spdcache_lock); 209 #define V_spdcache_lock VNET(spdcache_lock) 210 211 #define SPDCACHE_LOCK_INIT(a) \ 212 mtx_init(&V_spdcache_lock[a], "spdcache", \ 213 "fast ipsec SPD cache", MTX_DEF|MTX_DUPOK) 214 #define SPDCACHE_LOCK_DESTROY(a) mtx_destroy(&V_spdcache_lock[a]) 215 #define SPDCACHE_LOCK(a) mtx_lock(&V_spdcache_lock[a]); 216 #define SPDCACHE_UNLOCK(a) mtx_unlock(&V_spdcache_lock[a]); 217 218 /* SAD */ 219 TAILQ_HEAD(secashead_queue, secashead); 220 LIST_HEAD(secashead_list, secashead); 221 VNET_DEFINE_STATIC(struct secashead_queue, sahtree); 222 static struct rmlock sahtree_lock; 223 #define V_sahtree VNET(sahtree) 224 #define SAHTREE_LOCK_INIT() rm_init(&sahtree_lock, "sahtree") 225 #define SAHTREE_LOCK_DESTROY() rm_destroy(&sahtree_lock) 226 #define SAHTREE_RLOCK_TRACKER struct rm_priotracker sahtree_tracker 227 #define SAHTREE_RLOCK() rm_rlock(&sahtree_lock, &sahtree_tracker) 228 #define SAHTREE_RUNLOCK() rm_runlock(&sahtree_lock, &sahtree_tracker) 229 #define SAHTREE_RLOCK_ASSERT() rm_assert(&sahtree_lock, RA_RLOCKED) 230 #define SAHTREE_WLOCK() rm_wlock(&sahtree_lock) 231 #define SAHTREE_WUNLOCK() rm_wunlock(&sahtree_lock) 232 #define SAHTREE_WLOCK_ASSERT() rm_assert(&sahtree_lock, RA_WLOCKED) 233 #define SAHTREE_UNLOCK_ASSERT() rm_assert(&sahtree_lock, RA_UNLOCKED) 234 235 /* Hash table for lookup in SAD using SA addresses */ 236 VNET_DEFINE_STATIC(struct secashead_list *, sahaddrhashtbl); 237 VNET_DEFINE_STATIC(u_long, sahaddrhash_mask); 238 #define V_sahaddrhashtbl VNET(sahaddrhashtbl) 239 #define V_sahaddrhash_mask VNET(sahaddrhash_mask) 240 241 #define SAHHASH_NHASH_LOG2 7 242 #define SAHHASH_NHASH (1 << SAHHASH_NHASH_LOG2) 243 #define SAHADDRHASH_HASHVAL(idx) \ 244 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 245 V_sahaddrhash_mask) 246 #define SAHADDRHASH_HASH(saidx) \ 247 &V_sahaddrhashtbl[SAHADDRHASH_HASHVAL(saidx)] 248 249 /* Hash table for lookup in SAD using SPI */ 250 LIST_HEAD(secasvar_list, secasvar); 251 VNET_DEFINE_STATIC(struct secasvar_list *, savhashtbl); 252 VNET_DEFINE_STATIC(u_long, savhash_mask); 253 #define V_savhashtbl VNET(savhashtbl) 254 #define V_savhash_mask VNET(savhash_mask) 255 #define SAVHASH_NHASH_LOG2 7 256 #define SAVHASH_NHASH (1 << SAVHASH_NHASH_LOG2) 257 #define SAVHASH_HASHVAL(spi) (key_u32hash(spi) & V_savhash_mask) 258 #define SAVHASH_HASH(spi) &V_savhashtbl[SAVHASH_HASHVAL(spi)] 259 260 static uint32_t 261 key_addrprotohash(const union sockaddr_union *src, 262 const union sockaddr_union *dst, const uint8_t *proto) 263 { 264 uint32_t hval; 265 266 hval = fnv_32_buf(proto, sizeof(*proto), 267 FNV1_32_INIT); 268 switch (dst->sa.sa_family) { 269 #ifdef INET 270 case AF_INET: 271 hval = fnv_32_buf(&src->sin.sin_addr, 272 sizeof(in_addr_t), hval); 273 hval = fnv_32_buf(&dst->sin.sin_addr, 274 sizeof(in_addr_t), hval); 275 break; 276 #endif 277 #ifdef INET6 278 case AF_INET6: 279 hval = fnv_32_buf(&src->sin6.sin6_addr, 280 sizeof(struct in6_addr), hval); 281 hval = fnv_32_buf(&dst->sin6.sin6_addr, 282 sizeof(struct in6_addr), hval); 283 break; 284 #endif 285 default: 286 hval = 0; 287 ipseclog((LOG_DEBUG, "%s: unknown address family %d\n", 288 __func__, dst->sa.sa_family)); 289 } 290 return (hval); 291 } 292 293 static uint32_t 294 key_u32hash(uint32_t val) 295 { 296 297 return (fnv_32_buf(&val, sizeof(val), FNV1_32_INIT)); 298 } 299 300 /* registed list */ 301 VNET_DEFINE_STATIC(LIST_HEAD(_regtree, secreg), regtree[SADB_SATYPE_MAX + 1]); 302 #define V_regtree VNET(regtree) 303 static struct mtx regtree_lock; 304 #define REGTREE_LOCK_INIT() \ 305 mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF) 306 #define REGTREE_LOCK_DESTROY() mtx_destroy(®tree_lock) 307 #define REGTREE_LOCK() mtx_lock(®tree_lock) 308 #define REGTREE_UNLOCK() mtx_unlock(®tree_lock) 309 #define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED) 310 311 /* Acquiring list */ 312 LIST_HEAD(secacq_list, secacq); 313 VNET_DEFINE_STATIC(struct secacq_list, acqtree); 314 #define V_acqtree VNET(acqtree) 315 static struct mtx acq_lock; 316 #define ACQ_LOCK_INIT() \ 317 mtx_init(&acq_lock, "acqtree", "ipsec SA acquiring list", MTX_DEF) 318 #define ACQ_LOCK_DESTROY() mtx_destroy(&acq_lock) 319 #define ACQ_LOCK() mtx_lock(&acq_lock) 320 #define ACQ_UNLOCK() mtx_unlock(&acq_lock) 321 #define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED) 322 323 /* Hash table for lookup in ACQ list using SA addresses */ 324 VNET_DEFINE_STATIC(struct secacq_list *, acqaddrhashtbl); 325 VNET_DEFINE_STATIC(u_long, acqaddrhash_mask); 326 #define V_acqaddrhashtbl VNET(acqaddrhashtbl) 327 #define V_acqaddrhash_mask VNET(acqaddrhash_mask) 328 329 /* Hash table for lookup in ACQ list using SEQ number */ 330 VNET_DEFINE_STATIC(struct secacq_list *, acqseqhashtbl); 331 VNET_DEFINE_STATIC(u_long, acqseqhash_mask); 332 #define V_acqseqhashtbl VNET(acqseqhashtbl) 333 #define V_acqseqhash_mask VNET(acqseqhash_mask) 334 335 #define ACQHASH_NHASH_LOG2 7 336 #define ACQHASH_NHASH (1 << ACQHASH_NHASH_LOG2) 337 #define ACQADDRHASH_HASHVAL(idx) \ 338 (key_addrprotohash(&(idx)->src, &(idx)->dst, &(idx)->proto) & \ 339 V_acqaddrhash_mask) 340 #define ACQSEQHASH_HASHVAL(seq) \ 341 (key_u32hash(seq) & V_acqseqhash_mask) 342 #define ACQADDRHASH_HASH(saidx) \ 343 &V_acqaddrhashtbl[ACQADDRHASH_HASHVAL(saidx)] 344 #define ACQSEQHASH_HASH(seq) \ 345 &V_acqseqhashtbl[ACQSEQHASH_HASHVAL(seq)] 346 /* SP acquiring list */ 347 VNET_DEFINE_STATIC(LIST_HEAD(_spacqtree, secspacq), spacqtree); 348 #define V_spacqtree VNET(spacqtree) 349 static struct mtx spacq_lock; 350 #define SPACQ_LOCK_INIT() \ 351 mtx_init(&spacq_lock, "spacqtree", \ 352 "fast ipsec security policy acquire list", MTX_DEF) 353 #define SPACQ_LOCK_DESTROY() mtx_destroy(&spacq_lock) 354 #define SPACQ_LOCK() mtx_lock(&spacq_lock) 355 #define SPACQ_UNLOCK() mtx_unlock(&spacq_lock) 356 #define SPACQ_LOCK_ASSERT() mtx_assert(&spacq_lock, MA_OWNED) 357 358 static const int minsize[] = { 359 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 360 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 361 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 362 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 363 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 364 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */ 365 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */ 366 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */ 367 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */ 368 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */ 369 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */ 370 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */ 371 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */ 372 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */ 373 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */ 374 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */ 375 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 376 0, /* SADB_X_EXT_KMPRIVATE */ 377 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */ 378 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 379 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 380 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 381 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 382 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAI */ 383 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OAR */ 384 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 385 sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */ 386 sizeof(struct sadb_address), /* SADB_X_EXT_NEW_ADDRESS_SRC */ 387 sizeof(struct sadb_address), /* SADB_X_EXT_NEW_ADDRESS_DST */ 388 }; 389 _Static_assert(sizeof(minsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch"); 390 391 static const int maxsize[] = { 392 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 393 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 394 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 395 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 396 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 397 0, /* SADB_EXT_ADDRESS_SRC */ 398 0, /* SADB_EXT_ADDRESS_DST */ 399 0, /* SADB_EXT_ADDRESS_PROXY */ 400 0, /* SADB_EXT_KEY_AUTH */ 401 0, /* SADB_EXT_KEY_ENCRYPT */ 402 0, /* SADB_EXT_IDENTITY_SRC */ 403 0, /* SADB_EXT_IDENTITY_DST */ 404 0, /* SADB_EXT_SENSITIVITY */ 405 0, /* SADB_EXT_PROPOSAL */ 406 0, /* SADB_EXT_SUPPORTED_AUTH */ 407 0, /* SADB_EXT_SUPPORTED_ENCRYPT */ 408 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 409 0, /* SADB_X_EXT_KMPRIVATE */ 410 0, /* SADB_X_EXT_POLICY */ 411 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 412 sizeof(struct sadb_x_nat_t_type),/* SADB_X_EXT_NAT_T_TYPE */ 413 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_SPORT */ 414 sizeof(struct sadb_x_nat_t_port),/* SADB_X_EXT_NAT_T_DPORT */ 415 0, /* SADB_X_EXT_NAT_T_OAI */ 416 0, /* SADB_X_EXT_NAT_T_OAR */ 417 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */ 418 sizeof(struct sadb_x_sa_replay), /* SADB_X_EXT_SA_REPLAY */ 419 0, /* SADB_X_EXT_NEW_ADDRESS_SRC */ 420 0, /* SADB_X_EXT_NEW_ADDRESS_DST */ 421 }; 422 _Static_assert(sizeof(maxsize)/sizeof(int) == SADB_EXT_MAX + 1, "minsize size mismatch"); 423 424 /* 425 * Internal values for SA flags: 426 * SADB_X_EXT_F_CLONED means that SA was cloned by key_updateaddresses, 427 * thus we will not free the most of SA content in key_delsav(). 428 */ 429 #define SADB_X_EXT_F_CLONED 0x80000000 430 431 #define SADB_CHECKLEN(_mhp, _ext) \ 432 ((_mhp)->extlen[(_ext)] < minsize[(_ext)] || (maxsize[(_ext)] != 0 && \ 433 ((_mhp)->extlen[(_ext)] > maxsize[(_ext)]))) 434 #define SADB_CHECKHDR(_mhp, _ext) ((_mhp)->ext[(_ext)] == NULL) 435 436 VNET_DEFINE_STATIC(int, ipsec_esp_keymin) = 256; 437 VNET_DEFINE_STATIC(int, ipsec_esp_auth) = 0; 438 VNET_DEFINE_STATIC(int, ipsec_ah_keymin) = 128; 439 440 #define V_ipsec_esp_keymin VNET(ipsec_esp_keymin) 441 #define V_ipsec_esp_auth VNET(ipsec_esp_auth) 442 #define V_ipsec_ah_keymin VNET(ipsec_ah_keymin) 443 444 #ifdef IPSEC_DEBUG 445 VNET_DEFINE(int, ipsec_debug) = 1; 446 #else 447 VNET_DEFINE(int, ipsec_debug) = 0; 448 #endif 449 450 #ifdef INET 451 SYSCTL_DECL(_net_inet_ipsec); 452 SYSCTL_INT(_net_inet_ipsec, IPSECCTL_DEBUG, debug, 453 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 454 "Enable IPsec debugging output when set."); 455 #endif 456 #ifdef INET6 457 SYSCTL_DECL(_net_inet6_ipsec6); 458 SYSCTL_INT(_net_inet6_ipsec6, IPSECCTL_DEBUG, debug, 459 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_debug), 0, 460 "Enable IPsec debugging output when set."); 461 #endif 462 463 SYSCTL_DECL(_net_key); 464 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, 465 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_debug_level), 0, ""); 466 467 /* max count of trial for the decision of spi value */ 468 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, 469 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_trycnt), 0, ""); 470 471 /* minimum spi value to allocate automatically. */ 472 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, 473 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_minval), 0, ""); 474 475 /* maximun spi value to allocate automatically. */ 476 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, 477 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_spi_maxval), 0, ""); 478 479 /* interval to initialize randseed */ 480 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, 481 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_int_random), 0, ""); 482 483 /* lifetime for larval SA */ 484 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, 485 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_larval_lifetime), 0, ""); 486 487 /* counter for blocking to send SADB_ACQUIRE to IKEd */ 488 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, 489 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_count), 0, ""); 490 491 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ 492 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, 493 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_blockacq_lifetime), 0, ""); 494 495 /* ESP auth */ 496 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, 497 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_auth), 0, ""); 498 499 /* minimum ESP key length */ 500 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, 501 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_esp_keymin), 0, ""); 502 503 /* minimum AH key length */ 504 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, 505 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ipsec_ah_keymin), 0, ""); 506 507 /* perfered old SA rather than new SA */ 508 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, 509 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(key_preferred_oldsa), 0, ""); 510 511 static SYSCTL_NODE(_net_key, OID_AUTO, spdcache, 512 CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 513 "SPD cache"); 514 515 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, maxentries, 516 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_maxentries), 0, 517 "Maximum number of entries in the SPD cache" 518 " (power of 2, 0 to disable)"); 519 520 SYSCTL_UINT(_net_key_spdcache, OID_AUTO, threshold, 521 CTLFLAG_VNET | CTLFLAG_RDTUN, &VNET_NAME(key_spdcache_threshold), 0, 522 "Number of SPs that make the SPD cache active"); 523 524 #define __LIST_CHAINED(elm) \ 525 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) 526 527 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association"); 528 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head"); 529 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy"); 530 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request"); 531 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous"); 532 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire"); 533 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire"); 534 MALLOC_DEFINE(M_IPSEC_SPDCACHE, "ipsec-spdcache", "ipsec SPD cache"); 535 536 VNET_DEFINE_STATIC(uma_zone_t, key_lft_zone); 537 #define V_key_lft_zone VNET(key_lft_zone) 538 539 /* 540 * set parameters into secpolicyindex buffer. 541 * Must allocate secpolicyindex buffer passed to this function. 542 */ 543 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \ 544 do { \ 545 bzero((idx), sizeof(struct secpolicyindex)); \ 546 (idx)->dir = (_dir); \ 547 (idx)->prefs = (ps); \ 548 (idx)->prefd = (pd); \ 549 (idx)->ul_proto = (ulp); \ 550 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 551 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 552 } while (0) 553 554 /* 555 * set parameters into secasindex buffer. 556 * Must allocate secasindex buffer before calling this function. 557 */ 558 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \ 559 do { \ 560 bzero((idx), sizeof(struct secasindex)); \ 561 (idx)->proto = (p); \ 562 (idx)->mode = (m); \ 563 (idx)->reqid = (r); \ 564 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 565 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 566 key_porttosaddr(&(idx)->src.sa, 0); \ 567 key_porttosaddr(&(idx)->dst.sa, 0); \ 568 } while (0) 569 570 /* key statistics */ 571 struct _keystat { 572 u_long getspi_count; /* the avarage of count to try to get new SPI */ 573 } keystat; 574 575 struct sadb_msghdr { 576 struct sadb_msg *msg; 577 struct sadb_ext *ext[SADB_EXT_MAX + 1]; 578 int extoff[SADB_EXT_MAX + 1]; 579 int extlen[SADB_EXT_MAX + 1]; 580 }; 581 582 static struct supported_ealgs { 583 int sadb_alg; 584 const struct enc_xform *xform; 585 } supported_ealgs[] = { 586 { SADB_X_EALG_AES, &enc_xform_rijndael128 }, 587 { SADB_EALG_NULL, &enc_xform_null }, 588 { SADB_X_EALG_AESCTR, &enc_xform_aes_icm }, 589 { SADB_X_EALG_AESGCM16, &enc_xform_aes_nist_gcm }, 590 { SADB_X_EALG_AESGMAC, &enc_xform_aes_nist_gmac }, 591 }; 592 593 static struct supported_aalgs { 594 int sadb_alg; 595 const struct auth_hash *xform; 596 } supported_aalgs[] = { 597 { SADB_X_AALG_NULL, &auth_hash_null }, 598 { SADB_AALG_SHA1HMAC, &auth_hash_hmac_sha1 }, 599 { SADB_X_AALG_SHA2_256, &auth_hash_hmac_sha2_256 }, 600 { SADB_X_AALG_SHA2_384, &auth_hash_hmac_sha2_384 }, 601 { SADB_X_AALG_SHA2_512, &auth_hash_hmac_sha2_512 }, 602 { SADB_X_AALG_AES128GMAC, &auth_hash_nist_gmac_aes_128 }, 603 { SADB_X_AALG_AES192GMAC, &auth_hash_nist_gmac_aes_192 }, 604 { SADB_X_AALG_AES256GMAC, &auth_hash_nist_gmac_aes_256 }, 605 }; 606 607 static struct supported_calgs { 608 int sadb_alg; 609 const struct comp_algo *xform; 610 } supported_calgs[] = { 611 { SADB_X_CALG_DEFLATE, &comp_algo_deflate }, 612 }; 613 614 #ifndef IPSEC_DEBUG2 615 static struct callout key_timer; 616 #endif 617 618 static void key_unlink(struct secpolicy *); 619 static struct secpolicy *key_do_allocsp(struct secpolicyindex *spidx, u_int dir); 620 static struct secpolicy *key_getsp(struct secpolicyindex *); 621 static struct secpolicy *key_getspbyid(u_int32_t); 622 static struct mbuf *key_gather_mbuf(struct mbuf *, 623 const struct sadb_msghdr *, int, int, ...); 624 static int key_spdadd(struct socket *, struct mbuf *, 625 const struct sadb_msghdr *); 626 static uint32_t key_getnewspid(void); 627 static int key_spddelete(struct socket *, struct mbuf *, 628 const struct sadb_msghdr *); 629 static int key_spddelete2(struct socket *, struct mbuf *, 630 const struct sadb_msghdr *); 631 static int key_spdget(struct socket *, struct mbuf *, 632 const struct sadb_msghdr *); 633 static int key_spdflush(struct socket *, struct mbuf *, 634 const struct sadb_msghdr *); 635 static int key_spddump(struct socket *, struct mbuf *, 636 const struct sadb_msghdr *); 637 static struct mbuf *key_setdumpsp(struct secpolicy *, 638 u_int8_t, u_int32_t, u_int32_t); 639 static struct mbuf *key_sp2mbuf(struct secpolicy *); 640 static size_t key_getspreqmsglen(struct secpolicy *); 641 static int key_spdexpire(struct secpolicy *); 642 static struct secashead *key_newsah(struct secasindex *); 643 static void key_freesah(struct secashead **); 644 static void key_delsah(struct secashead *); 645 static struct secasvar *key_newsav(const struct sadb_msghdr *, 646 struct secasindex *, uint32_t, int *); 647 static void key_delsav(struct secasvar *); 648 static void key_unlinksav(struct secasvar *); 649 static struct secashead *key_getsah(struct secasindex *); 650 static int key_checkspidup(uint32_t); 651 static struct secasvar *key_getsavbyspi(uint32_t); 652 static int key_setnatt(struct secasvar *, const struct sadb_msghdr *); 653 static int key_setsaval(struct secasvar *, const struct sadb_msghdr *); 654 static int key_updatelifetimes(struct secasvar *, const struct sadb_msghdr *); 655 static int key_updateaddresses(struct socket *, struct mbuf *, 656 const struct sadb_msghdr *, struct secasvar *, struct secasindex *); 657 658 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t, 659 u_int8_t, u_int32_t, u_int32_t); 660 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t, 661 u_int32_t, pid_t, u_int16_t); 662 static struct mbuf *key_setsadbsa(struct secasvar *); 663 static struct mbuf *key_setsadbaddr(u_int16_t, 664 const struct sockaddr *, u_int8_t, u_int16_t); 665 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t); 666 static struct mbuf *key_setsadbxtype(u_int16_t); 667 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t); 668 static struct mbuf *key_setsadbxsareplay(u_int32_t); 669 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t, 670 u_int32_t, u_int32_t); 671 static struct seckey *key_dup_keymsg(const struct sadb_key *, size_t, 672 struct malloc_type *); 673 static struct seclifetime *key_dup_lifemsg(const struct sadb_lifetime *src, 674 struct malloc_type *); 675 676 /* flags for key_cmpsaidx() */ 677 #define CMP_HEAD 1 /* protocol, addresses. */ 678 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */ 679 #define CMP_REQID 3 /* additionally HEAD, reaid. */ 680 #define CMP_EXACTLY 4 /* all elements. */ 681 static int key_cmpsaidx(const struct secasindex *, 682 const struct secasindex *, int); 683 static int key_cmpspidx_exactly(struct secpolicyindex *, 684 struct secpolicyindex *); 685 static int key_cmpspidx_withmask(struct secpolicyindex *, 686 struct secpolicyindex *); 687 static int key_bbcmp(const void *, const void *, u_int); 688 static uint8_t key_satype2proto(uint8_t); 689 static uint8_t key_proto2satype(uint8_t); 690 691 static int key_getspi(struct socket *, struct mbuf *, 692 const struct sadb_msghdr *); 693 static uint32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *); 694 static int key_update(struct socket *, struct mbuf *, 695 const struct sadb_msghdr *); 696 static int key_add(struct socket *, struct mbuf *, 697 const struct sadb_msghdr *); 698 static int key_setident(struct secashead *, const struct sadb_msghdr *); 699 static struct mbuf *key_getmsgbuf_x1(struct mbuf *, 700 const struct sadb_msghdr *); 701 static int key_delete(struct socket *, struct mbuf *, 702 const struct sadb_msghdr *); 703 static int key_delete_all(struct socket *, struct mbuf *, 704 const struct sadb_msghdr *, struct secasindex *); 705 static int key_get(struct socket *, struct mbuf *, 706 const struct sadb_msghdr *); 707 708 static void key_getcomb_setlifetime(struct sadb_comb *); 709 static struct mbuf *key_getcomb_ealg(void); 710 static struct mbuf *key_getcomb_ah(void); 711 static struct mbuf *key_getcomb_ipcomp(void); 712 static struct mbuf *key_getprop(const struct secasindex *); 713 714 static int key_acquire(const struct secasindex *, struct secpolicy *); 715 static uint32_t key_newacq(const struct secasindex *, int *); 716 static uint32_t key_getacq(const struct secasindex *, int *); 717 static int key_acqdone(const struct secasindex *, uint32_t); 718 static int key_acqreset(uint32_t); 719 static struct secspacq *key_newspacq(struct secpolicyindex *); 720 static struct secspacq *key_getspacq(struct secpolicyindex *); 721 static int key_acquire2(struct socket *, struct mbuf *, 722 const struct sadb_msghdr *); 723 static int key_register(struct socket *, struct mbuf *, 724 const struct sadb_msghdr *); 725 static int key_expire(struct secasvar *, int); 726 static int key_flush(struct socket *, struct mbuf *, 727 const struct sadb_msghdr *); 728 static int key_dump(struct socket *, struct mbuf *, 729 const struct sadb_msghdr *); 730 static int key_promisc(struct socket *, struct mbuf *, 731 const struct sadb_msghdr *); 732 static int key_senderror(struct socket *, struct mbuf *, int); 733 static int key_validate_ext(const struct sadb_ext *, int); 734 static int key_align(struct mbuf *, struct sadb_msghdr *); 735 static struct mbuf *key_setlifetime(struct seclifetime *, uint16_t); 736 static struct mbuf *key_setkey(struct seckey *, uint16_t); 737 738 static void spdcache_init(void); 739 static void spdcache_clear(void); 740 static struct spdcache_entry *spdcache_entry_alloc( 741 const struct secpolicyindex *spidx, 742 struct secpolicy *policy); 743 static void spdcache_entry_free(struct spdcache_entry *entry); 744 #ifdef VIMAGE 745 static void spdcache_destroy(void); 746 #endif 747 748 #define DBG_IPSEC_INITREF(t, p) do { \ 749 refcount_init(&(p)->refcnt, 1); \ 750 KEYDBG(KEY_STAMP, \ 751 printf("%s: Initialize refcnt %s(%p) = %u\n", \ 752 __func__, #t, (p), (p)->refcnt)); \ 753 } while (0) 754 #define DBG_IPSEC_ADDREF(t, p) do { \ 755 refcount_acquire(&(p)->refcnt); \ 756 KEYDBG(KEY_STAMP, \ 757 printf("%s: Acquire refcnt %s(%p) -> %u\n", \ 758 __func__, #t, (p), (p)->refcnt)); \ 759 } while (0) 760 #define DBG_IPSEC_DELREF(t, p) do { \ 761 KEYDBG(KEY_STAMP, \ 762 printf("%s: Release refcnt %s(%p) -> %u\n", \ 763 __func__, #t, (p), (p)->refcnt - 1)); \ 764 refcount_release(&(p)->refcnt); \ 765 } while (0) 766 767 #define IPSEC_INITREF(t, p) refcount_init(&(p)->refcnt, 1) 768 #define IPSEC_ADDREF(t, p) refcount_acquire(&(p)->refcnt) 769 #define IPSEC_DELREF(t, p) refcount_release(&(p)->refcnt) 770 771 #define SP_INITREF(p) IPSEC_INITREF(SP, p) 772 #define SP_ADDREF(p) IPSEC_ADDREF(SP, p) 773 #define SP_DELREF(p) IPSEC_DELREF(SP, p) 774 775 #define SAH_INITREF(p) IPSEC_INITREF(SAH, p) 776 #define SAH_ADDREF(p) IPSEC_ADDREF(SAH, p) 777 #define SAH_DELREF(p) IPSEC_DELREF(SAH, p) 778 779 #define SAV_INITREF(p) IPSEC_INITREF(SAV, p) 780 #define SAV_ADDREF(p) IPSEC_ADDREF(SAV, p) 781 #define SAV_DELREF(p) IPSEC_DELREF(SAV, p) 782 783 /* 784 * Update the refcnt while holding the SPTREE lock. 785 */ 786 void 787 key_addref(struct secpolicy *sp) 788 { 789 790 SP_ADDREF(sp); 791 } 792 793 /* 794 * Return 0 when there are known to be no SP's for the specified 795 * direction. Otherwise return 1. This is used by IPsec code 796 * to optimize performance. 797 */ 798 int 799 key_havesp(u_int dir) 800 { 801 802 return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ? 803 TAILQ_FIRST(&V_sptree[dir]) != NULL : 1); 804 } 805 806 /* %%% IPsec policy management */ 807 /* 808 * Return current SPDB generation. 809 */ 810 uint32_t 811 key_getspgen(void) 812 { 813 814 return (V_sp_genid); 815 } 816 817 void 818 key_bumpspgen(void) 819 { 820 821 V_sp_genid++; 822 } 823 824 static int 825 key_checksockaddrs(struct sockaddr *src, struct sockaddr *dst) 826 { 827 828 /* family match */ 829 if (src->sa_family != dst->sa_family) 830 return (EINVAL); 831 /* sa_len match */ 832 if (src->sa_len != dst->sa_len) 833 return (EINVAL); 834 switch (src->sa_family) { 835 #ifdef INET 836 case AF_INET: 837 if (src->sa_len != sizeof(struct sockaddr_in)) 838 return (EINVAL); 839 break; 840 #endif 841 #ifdef INET6 842 case AF_INET6: 843 if (src->sa_len != sizeof(struct sockaddr_in6)) 844 return (EINVAL); 845 break; 846 #endif 847 default: 848 return (EAFNOSUPPORT); 849 } 850 return (0); 851 } 852 853 struct secpolicy * 854 key_do_allocsp(struct secpolicyindex *spidx, u_int dir) 855 { 856 SPTREE_RLOCK_TRACKER; 857 struct secpolicy *sp; 858 859 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 860 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 861 ("invalid direction %u", dir)); 862 863 SPTREE_RLOCK(); 864 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 865 if (key_cmpspidx_withmask(&sp->spidx, spidx)) { 866 SP_ADDREF(sp); 867 break; 868 } 869 } 870 SPTREE_RUNLOCK(); 871 return (sp); 872 } 873 874 /* 875 * allocating a SP for OUTBOUND or INBOUND packet. 876 * Must call key_freesp() later. 877 * OUT: NULL: not found 878 * others: found and return the pointer. 879 */ 880 struct secpolicy * 881 key_allocsp(struct secpolicyindex *spidx, u_int dir) 882 { 883 struct spdcache_entry *entry, *lastentry, *tmpentry; 884 struct secpolicy *sp; 885 uint32_t hashv; 886 int nb_entries; 887 888 if (!SPDCACHE_ACTIVE()) { 889 sp = key_do_allocsp(spidx, dir); 890 goto out; 891 } 892 893 hashv = SPDCACHE_HASHVAL(spidx); 894 SPDCACHE_LOCK(hashv); 895 nb_entries = 0; 896 LIST_FOREACH_SAFE(entry, &V_spdcachehashtbl[hashv], chain, tmpentry) { 897 /* Removed outdated entries */ 898 if (entry->sp != NULL && 899 entry->sp->state == IPSEC_SPSTATE_DEAD) { 900 LIST_REMOVE(entry, chain); 901 spdcache_entry_free(entry); 902 continue; 903 } 904 905 nb_entries++; 906 if (!key_cmpspidx_exactly(&entry->spidx, spidx)) { 907 lastentry = entry; 908 continue; 909 } 910 911 sp = entry->sp; 912 if (entry->sp != NULL) 913 SP_ADDREF(sp); 914 915 /* IPSECSTAT_INC(ips_spdcache_hits); */ 916 917 SPDCACHE_UNLOCK(hashv); 918 goto out; 919 } 920 921 /* IPSECSTAT_INC(ips_spdcache_misses); */ 922 923 sp = key_do_allocsp(spidx, dir); 924 entry = spdcache_entry_alloc(spidx, sp); 925 if (entry != NULL) { 926 if (nb_entries >= SPDCACHE_MAX_ENTRIES_PER_HASH) { 927 LIST_REMOVE(lastentry, chain); 928 spdcache_entry_free(lastentry); 929 } 930 931 LIST_INSERT_HEAD(&V_spdcachehashtbl[hashv], entry, chain); 932 } 933 934 SPDCACHE_UNLOCK(hashv); 935 936 out: 937 if (sp != NULL) { /* found a SPD entry */ 938 sp->lastused = time_second; 939 KEYDBG(IPSEC_STAMP, 940 printf("%s: return SP(%p)\n", __func__, sp)); 941 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 942 } else { 943 KEYDBG(IPSEC_DATA, 944 printf("%s: lookup failed for ", __func__); 945 kdebug_secpolicyindex(spidx, NULL)); 946 } 947 return (sp); 948 } 949 950 /* 951 * Allocating an SA entry for an *INBOUND* or *OUTBOUND* TCP packet, signed 952 * or should be signed by MD5 signature. 953 * We don't use key_allocsa() for such lookups, because we don't know SPI. 954 * Unlike ESP and AH protocols, SPI isn't transmitted in the TCP header with 955 * signed packet. We use SADB only as storage for password. 956 * OUT: positive: corresponding SA for given saidx found. 957 * NULL: SA not found 958 */ 959 struct secasvar * 960 key_allocsa_tcpmd5(struct secasindex *saidx) 961 { 962 SAHTREE_RLOCK_TRACKER; 963 struct secashead *sah; 964 struct secasvar *sav; 965 966 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, 967 ("unexpected security protocol %u", saidx->proto)); 968 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TCPMD5, 969 ("unexpected mode %u", saidx->mode)); 970 971 SAHTREE_RLOCK(); 972 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 973 KEYDBG(IPSEC_DUMP, 974 printf("%s: checking SAH\n", __func__); 975 kdebug_secash(sah, " ")); 976 if (sah->saidx.proto != IPPROTO_TCP) 977 continue; 978 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 979 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 980 break; 981 } 982 if (sah != NULL) { 983 if (V_key_preferred_oldsa) 984 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 985 else 986 sav = TAILQ_FIRST(&sah->savtree_alive); 987 if (sav != NULL) 988 SAV_ADDREF(sav); 989 } else 990 sav = NULL; 991 SAHTREE_RUNLOCK(); 992 993 if (sav != NULL) { 994 KEYDBG(IPSEC_STAMP, 995 printf("%s: return SA(%p)\n", __func__, sav)); 996 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 997 } else { 998 KEYDBG(IPSEC_STAMP, 999 printf("%s: SA not found\n", __func__)); 1000 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1001 } 1002 return (sav); 1003 } 1004 1005 /* 1006 * Allocating an SA entry for an *OUTBOUND* packet. 1007 * OUT: positive: corresponding SA for given saidx found. 1008 * NULL: SA not found, but will be acquired, check *error 1009 * for acquiring status. 1010 */ 1011 struct secasvar * 1012 key_allocsa_policy(struct secpolicy *sp, const struct secasindex *saidx, 1013 int *error) 1014 { 1015 SAHTREE_RLOCK_TRACKER; 1016 struct secashead *sah; 1017 struct secasvar *sav; 1018 1019 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 1020 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || 1021 saidx->mode == IPSEC_MODE_TUNNEL, 1022 ("unexpected policy %u", saidx->mode)); 1023 1024 /* 1025 * We check new SA in the IPsec request because a different 1026 * SA may be involved each time this request is checked, either 1027 * because new SAs are being configured, or this request is 1028 * associated with an unconnected datagram socket, or this request 1029 * is associated with a system default policy. 1030 */ 1031 SAHTREE_RLOCK(); 1032 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 1033 KEYDBG(IPSEC_DUMP, 1034 printf("%s: checking SAH\n", __func__); 1035 kdebug_secash(sah, " ")); 1036 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) 1037 break; 1038 } 1039 if (sah != NULL) { 1040 /* 1041 * Allocate the oldest SA available according to 1042 * draft-jenkins-ipsec-rekeying-03. 1043 */ 1044 if (V_key_preferred_oldsa) 1045 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1046 else 1047 sav = TAILQ_FIRST(&sah->savtree_alive); 1048 if (sav != NULL) 1049 SAV_ADDREF(sav); 1050 } else 1051 sav = NULL; 1052 SAHTREE_RUNLOCK(); 1053 1054 if (sav != NULL) { 1055 *error = 0; 1056 KEYDBG(IPSEC_STAMP, 1057 printf("%s: chosen SA(%p) for SP(%p)\n", __func__, 1058 sav, sp)); 1059 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1060 return (sav); /* return referenced SA */ 1061 } 1062 1063 /* there is no SA */ 1064 *error = key_acquire(saidx, sp); 1065 if ((*error) != 0) 1066 ipseclog((LOG_DEBUG, 1067 "%s: error %d returned from key_acquire()\n", 1068 __func__, *error)); 1069 KEYDBG(IPSEC_STAMP, 1070 printf("%s: acquire SA for SP(%p), error %d\n", 1071 __func__, sp, *error)); 1072 KEYDBG(IPSEC_DATA, kdebug_secasindex(saidx, NULL)); 1073 return (NULL); 1074 } 1075 1076 /* 1077 * allocating a usable SA entry for a *INBOUND* packet. 1078 * Must call key_freesav() later. 1079 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state). 1080 * NULL: not found, or error occurred. 1081 * 1082 * According to RFC 2401 SA is uniquely identified by a triple SPI, 1083 * destination address, and security protocol. But according to RFC 4301, 1084 * SPI by itself suffices to specify an SA. 1085 * 1086 * Note that, however, we do need to keep source address in IPsec SA. 1087 * IKE specification and PF_KEY specification do assume that we 1088 * keep source address in IPsec SA. We see a tricky situation here. 1089 */ 1090 struct secasvar * 1091 key_allocsa(union sockaddr_union *dst, uint8_t proto, uint32_t spi) 1092 { 1093 SAHTREE_RLOCK_TRACKER; 1094 struct secasvar *sav; 1095 1096 IPSEC_ASSERT(proto == IPPROTO_ESP || proto == IPPROTO_AH || 1097 proto == IPPROTO_IPCOMP, ("unexpected security protocol %u", 1098 proto)); 1099 1100 SAHTREE_RLOCK(); 1101 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 1102 if (sav->spi == spi) 1103 break; 1104 } 1105 /* 1106 * We use single SPI namespace for all protocols, so it is 1107 * impossible to have SPI duplicates in the SAVHASH. 1108 */ 1109 if (sav != NULL) { 1110 if (sav->state != SADB_SASTATE_LARVAL && 1111 sav->sah->saidx.proto == proto && 1112 key_sockaddrcmp(&dst->sa, 1113 &sav->sah->saidx.dst.sa, 0) == 0) 1114 SAV_ADDREF(sav); 1115 else 1116 sav = NULL; 1117 } 1118 SAHTREE_RUNLOCK(); 1119 1120 if (sav == NULL) { 1121 KEYDBG(IPSEC_STAMP, 1122 char buf[IPSEC_ADDRSTRLEN]; 1123 printf("%s: SA not found for spi %u proto %u dst %s\n", 1124 __func__, ntohl(spi), proto, ipsec_address(dst, buf, 1125 sizeof(buf)))); 1126 } else { 1127 KEYDBG(IPSEC_STAMP, 1128 printf("%s: return SA(%p)\n", __func__, sav)); 1129 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1130 } 1131 return (sav); 1132 } 1133 1134 struct secasvar * 1135 key_allocsa_tunnel(union sockaddr_union *src, union sockaddr_union *dst, 1136 uint8_t proto) 1137 { 1138 SAHTREE_RLOCK_TRACKER; 1139 struct secasindex saidx; 1140 struct secashead *sah; 1141 struct secasvar *sav; 1142 1143 IPSEC_ASSERT(src != NULL, ("null src address")); 1144 IPSEC_ASSERT(dst != NULL, ("null dst address")); 1145 1146 KEY_SETSECASIDX(proto, IPSEC_MODE_TUNNEL, 0, &src->sa, 1147 &dst->sa, &saidx); 1148 1149 sav = NULL; 1150 SAHTREE_RLOCK(); 1151 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 1152 if (IPSEC_MODE_TUNNEL != sah->saidx.mode) 1153 continue; 1154 if (proto != sah->saidx.proto) 1155 continue; 1156 if (key_sockaddrcmp(&src->sa, &sah->saidx.src.sa, 0) != 0) 1157 continue; 1158 if (key_sockaddrcmp(&dst->sa, &sah->saidx.dst.sa, 0) != 0) 1159 continue; 1160 /* XXXAE: is key_preferred_oldsa reasonably?*/ 1161 if (V_key_preferred_oldsa) 1162 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 1163 else 1164 sav = TAILQ_FIRST(&sah->savtree_alive); 1165 if (sav != NULL) { 1166 SAV_ADDREF(sav); 1167 break; 1168 } 1169 } 1170 SAHTREE_RUNLOCK(); 1171 KEYDBG(IPSEC_STAMP, 1172 printf("%s: return SA(%p)\n", __func__, sav)); 1173 if (sav != NULL) 1174 KEYDBG(IPSEC_DATA, kdebug_secasv(sav)); 1175 return (sav); 1176 } 1177 1178 /* 1179 * Must be called after calling key_allocsp(). 1180 */ 1181 void 1182 key_freesp(struct secpolicy **spp) 1183 { 1184 struct secpolicy *sp = *spp; 1185 1186 IPSEC_ASSERT(sp != NULL, ("null sp")); 1187 if (SP_DELREF(sp) == 0) 1188 return; 1189 1190 KEYDBG(IPSEC_STAMP, 1191 printf("%s: last reference to SP(%p)\n", __func__, sp)); 1192 KEYDBG(IPSEC_DATA, kdebug_secpolicy(sp)); 1193 1194 *spp = NULL; 1195 while (sp->tcount > 0) 1196 ipsec_delisr(sp->req[--sp->tcount]); 1197 free(sp, M_IPSEC_SP); 1198 } 1199 1200 static void 1201 key_unlink(struct secpolicy *sp) 1202 { 1203 1204 IPSEC_ASSERT(sp->spidx.dir == IPSEC_DIR_INBOUND || 1205 sp->spidx.dir == IPSEC_DIR_OUTBOUND, 1206 ("invalid direction %u", sp->spidx.dir)); 1207 SPTREE_UNLOCK_ASSERT(); 1208 1209 KEYDBG(KEY_STAMP, 1210 printf("%s: SP(%p)\n", __func__, sp)); 1211 SPTREE_WLOCK(); 1212 if (sp->state != IPSEC_SPSTATE_ALIVE) { 1213 /* SP is already unlinked */ 1214 SPTREE_WUNLOCK(); 1215 return; 1216 } 1217 sp->state = IPSEC_SPSTATE_DEAD; 1218 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 1219 V_spd_size--; 1220 LIST_REMOVE(sp, idhash); 1221 V_sp_genid++; 1222 SPTREE_WUNLOCK(); 1223 if (SPDCACHE_ENABLED()) 1224 spdcache_clear(); 1225 key_freesp(&sp); 1226 } 1227 1228 /* 1229 * insert a secpolicy into the SP database. Lower priorities first 1230 */ 1231 static void 1232 key_insertsp(struct secpolicy *newsp) 1233 { 1234 struct secpolicy *sp; 1235 1236 SPTREE_WLOCK_ASSERT(); 1237 TAILQ_FOREACH(sp, &V_sptree[newsp->spidx.dir], chain) { 1238 if (newsp->priority < sp->priority) { 1239 TAILQ_INSERT_BEFORE(sp, newsp, chain); 1240 goto done; 1241 } 1242 } 1243 TAILQ_INSERT_TAIL(&V_sptree[newsp->spidx.dir], newsp, chain); 1244 done: 1245 LIST_INSERT_HEAD(SPHASH_HASH(newsp->id), newsp, idhash); 1246 newsp->state = IPSEC_SPSTATE_ALIVE; 1247 V_spd_size++; 1248 V_sp_genid++; 1249 } 1250 1251 /* 1252 * Insert a bunch of VTI secpolicies into the SPDB. 1253 * We keep VTI policies in the separate list due to following reasons: 1254 * 1) they should be immutable to user's or some deamon's attempts to 1255 * delete. The only way delete such policies - destroy or unconfigure 1256 * corresponding virtual inteface. 1257 * 2) such policies have traffic selector that matches all traffic per 1258 * address family. 1259 * Since all VTI policies have the same priority, we don't care about 1260 * policies order. 1261 */ 1262 int 1263 key_register_ifnet(struct secpolicy **spp, u_int count) 1264 { 1265 struct mbuf *m; 1266 u_int i; 1267 1268 SPTREE_WLOCK(); 1269 /* 1270 * First of try to acquire id for each SP. 1271 */ 1272 for (i = 0; i < count; i++) { 1273 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1274 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1275 ("invalid direction %u", spp[i]->spidx.dir)); 1276 1277 if ((spp[i]->id = key_getnewspid()) == 0) { 1278 SPTREE_WUNLOCK(); 1279 return (EAGAIN); 1280 } 1281 } 1282 for (i = 0; i < count; i++) { 1283 TAILQ_INSERT_TAIL(&V_sptree_ifnet[spp[i]->spidx.dir], 1284 spp[i], chain); 1285 /* 1286 * NOTE: despite the fact that we keep VTI SP in the 1287 * separate list, SPHASH contains policies from both 1288 * sources. Thus SADB_X_SPDGET will correctly return 1289 * SP by id, because it uses SPHASH for lookups. 1290 */ 1291 LIST_INSERT_HEAD(SPHASH_HASH(spp[i]->id), spp[i], idhash); 1292 spp[i]->state = IPSEC_SPSTATE_IFNET; 1293 } 1294 SPTREE_WUNLOCK(); 1295 /* 1296 * Notify user processes about new SP. 1297 */ 1298 for (i = 0; i < count; i++) { 1299 m = key_setdumpsp(spp[i], SADB_X_SPDADD, 0, 0); 1300 if (m != NULL) 1301 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1302 } 1303 return (0); 1304 } 1305 1306 void 1307 key_unregister_ifnet(struct secpolicy **spp, u_int count) 1308 { 1309 struct mbuf *m; 1310 u_int i; 1311 1312 SPTREE_WLOCK(); 1313 for (i = 0; i < count; i++) { 1314 IPSEC_ASSERT(spp[i]->spidx.dir == IPSEC_DIR_INBOUND || 1315 spp[i]->spidx.dir == IPSEC_DIR_OUTBOUND, 1316 ("invalid direction %u", spp[i]->spidx.dir)); 1317 1318 if (spp[i]->state != IPSEC_SPSTATE_IFNET) 1319 continue; 1320 spp[i]->state = IPSEC_SPSTATE_DEAD; 1321 TAILQ_REMOVE(&V_sptree_ifnet[spp[i]->spidx.dir], 1322 spp[i], chain); 1323 V_spd_size--; 1324 LIST_REMOVE(spp[i], idhash); 1325 } 1326 SPTREE_WUNLOCK(); 1327 if (SPDCACHE_ENABLED()) 1328 spdcache_clear(); 1329 1330 for (i = 0; i < count; i++) { 1331 m = key_setdumpsp(spp[i], SADB_X_SPDDELETE, 0, 0); 1332 if (m != NULL) 1333 key_sendup_mbuf(NULL, m, KEY_SENDUP_ALL); 1334 } 1335 } 1336 1337 /* 1338 * Must be called after calling key_allocsa(). 1339 * This function is called by key_freesp() to free some SA allocated 1340 * for a policy. 1341 */ 1342 void 1343 key_freesav(struct secasvar **psav) 1344 { 1345 struct secasvar *sav = *psav; 1346 1347 IPSEC_ASSERT(sav != NULL, ("null sav")); 1348 if (SAV_DELREF(sav) == 0) 1349 return; 1350 1351 KEYDBG(IPSEC_STAMP, 1352 printf("%s: last reference to SA(%p)\n", __func__, sav)); 1353 1354 *psav = NULL; 1355 key_delsav(sav); 1356 } 1357 1358 /* 1359 * Unlink SA from SAH and SPI hash under SAHTREE_WLOCK. 1360 * Expect that SA has extra reference due to lookup. 1361 * Release this references, also release SAH reference after unlink. 1362 */ 1363 static void 1364 key_unlinksav(struct secasvar *sav) 1365 { 1366 struct secashead *sah; 1367 1368 KEYDBG(KEY_STAMP, 1369 printf("%s: SA(%p)\n", __func__, sav)); 1370 1371 SAHTREE_UNLOCK_ASSERT(); 1372 SAHTREE_WLOCK(); 1373 if (sav->state == SADB_SASTATE_DEAD) { 1374 /* SA is already unlinked */ 1375 SAHTREE_WUNLOCK(); 1376 return; 1377 } 1378 /* Unlink from SAH */ 1379 if (sav->state == SADB_SASTATE_LARVAL) 1380 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 1381 else 1382 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 1383 /* Unlink from SPI hash */ 1384 LIST_REMOVE(sav, spihash); 1385 sav->state = SADB_SASTATE_DEAD; 1386 sah = sav->sah; 1387 SAHTREE_WUNLOCK(); 1388 key_freesav(&sav); 1389 /* Since we are unlinked, release reference to SAH */ 1390 key_freesah(&sah); 1391 } 1392 1393 /* %%% SPD management */ 1394 /* 1395 * search SPD 1396 * OUT: NULL : not found 1397 * others : found, pointer to a SP. 1398 */ 1399 static struct secpolicy * 1400 key_getsp(struct secpolicyindex *spidx) 1401 { 1402 SPTREE_RLOCK_TRACKER; 1403 struct secpolicy *sp; 1404 1405 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 1406 1407 SPTREE_RLOCK(); 1408 TAILQ_FOREACH(sp, &V_sptree[spidx->dir], chain) { 1409 if (key_cmpspidx_exactly(spidx, &sp->spidx)) { 1410 SP_ADDREF(sp); 1411 break; 1412 } 1413 } 1414 SPTREE_RUNLOCK(); 1415 1416 return sp; 1417 } 1418 1419 /* 1420 * get SP by index. 1421 * OUT: NULL : not found 1422 * others : found, pointer to referenced SP. 1423 */ 1424 static struct secpolicy * 1425 key_getspbyid(uint32_t id) 1426 { 1427 SPTREE_RLOCK_TRACKER; 1428 struct secpolicy *sp; 1429 1430 SPTREE_RLOCK(); 1431 LIST_FOREACH(sp, SPHASH_HASH(id), idhash) { 1432 if (sp->id == id) { 1433 SP_ADDREF(sp); 1434 break; 1435 } 1436 } 1437 SPTREE_RUNLOCK(); 1438 return (sp); 1439 } 1440 1441 struct secpolicy * 1442 key_newsp(void) 1443 { 1444 struct secpolicy *sp; 1445 1446 sp = malloc(sizeof(*sp), M_IPSEC_SP, M_NOWAIT | M_ZERO); 1447 if (sp != NULL) 1448 SP_INITREF(sp); 1449 return (sp); 1450 } 1451 1452 struct ipsecrequest * 1453 ipsec_newisr(void) 1454 { 1455 1456 return (malloc(sizeof(struct ipsecrequest), M_IPSEC_SR, 1457 M_NOWAIT | M_ZERO)); 1458 } 1459 1460 void 1461 ipsec_delisr(struct ipsecrequest *p) 1462 { 1463 1464 free(p, M_IPSEC_SR); 1465 } 1466 1467 /* 1468 * create secpolicy structure from sadb_x_policy structure. 1469 * NOTE: `state', `secpolicyindex' and 'id' in secpolicy structure 1470 * are not set, so must be set properly later. 1471 */ 1472 struct secpolicy * 1473 key_msg2sp(struct sadb_x_policy *xpl0, size_t len, int *error) 1474 { 1475 struct secpolicy *newsp; 1476 1477 IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); 1478 IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len)); 1479 1480 if (len != PFKEY_EXTLEN(xpl0)) { 1481 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__)); 1482 *error = EINVAL; 1483 return NULL; 1484 } 1485 1486 if ((newsp = key_newsp()) == NULL) { 1487 *error = ENOBUFS; 1488 return NULL; 1489 } 1490 1491 newsp->spidx.dir = xpl0->sadb_x_policy_dir; 1492 newsp->policy = xpl0->sadb_x_policy_type; 1493 newsp->priority = xpl0->sadb_x_policy_priority; 1494 newsp->tcount = 0; 1495 1496 /* check policy */ 1497 switch (xpl0->sadb_x_policy_type) { 1498 case IPSEC_POLICY_DISCARD: 1499 case IPSEC_POLICY_NONE: 1500 case IPSEC_POLICY_ENTRUST: 1501 case IPSEC_POLICY_BYPASS: 1502 break; 1503 1504 case IPSEC_POLICY_IPSEC: 1505 { 1506 struct sadb_x_ipsecrequest *xisr; 1507 struct ipsecrequest *isr; 1508 int tlen; 1509 1510 /* validity check */ 1511 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { 1512 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", 1513 __func__)); 1514 key_freesp(&newsp); 1515 *error = EINVAL; 1516 return NULL; 1517 } 1518 1519 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); 1520 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1); 1521 1522 while (tlen > 0) { 1523 /* length check */ 1524 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr) || 1525 xisr->sadb_x_ipsecrequest_len > tlen) { 1526 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest " 1527 "length.\n", __func__)); 1528 key_freesp(&newsp); 1529 *error = EINVAL; 1530 return NULL; 1531 } 1532 1533 if (newsp->tcount >= IPSEC_MAXREQ) { 1534 ipseclog((LOG_DEBUG, 1535 "%s: too many ipsecrequests.\n", 1536 __func__)); 1537 key_freesp(&newsp); 1538 *error = EINVAL; 1539 return (NULL); 1540 } 1541 1542 /* allocate request buffer */ 1543 /* NB: data structure is zero'd */ 1544 isr = ipsec_newisr(); 1545 if (isr == NULL) { 1546 ipseclog((LOG_DEBUG, 1547 "%s: No more memory.\n", __func__)); 1548 key_freesp(&newsp); 1549 *error = ENOBUFS; 1550 return NULL; 1551 } 1552 1553 newsp->req[newsp->tcount++] = isr; 1554 1555 /* set values */ 1556 switch (xisr->sadb_x_ipsecrequest_proto) { 1557 case IPPROTO_ESP: 1558 case IPPROTO_AH: 1559 case IPPROTO_IPCOMP: 1560 break; 1561 default: 1562 ipseclog((LOG_DEBUG, 1563 "%s: invalid proto type=%u\n", __func__, 1564 xisr->sadb_x_ipsecrequest_proto)); 1565 key_freesp(&newsp); 1566 *error = EPROTONOSUPPORT; 1567 return NULL; 1568 } 1569 isr->saidx.proto = 1570 (uint8_t)xisr->sadb_x_ipsecrequest_proto; 1571 1572 switch (xisr->sadb_x_ipsecrequest_mode) { 1573 case IPSEC_MODE_TRANSPORT: 1574 case IPSEC_MODE_TUNNEL: 1575 break; 1576 case IPSEC_MODE_ANY: 1577 default: 1578 ipseclog((LOG_DEBUG, 1579 "%s: invalid mode=%u\n", __func__, 1580 xisr->sadb_x_ipsecrequest_mode)); 1581 key_freesp(&newsp); 1582 *error = EINVAL; 1583 return NULL; 1584 } 1585 isr->saidx.mode = xisr->sadb_x_ipsecrequest_mode; 1586 1587 switch (xisr->sadb_x_ipsecrequest_level) { 1588 case IPSEC_LEVEL_DEFAULT: 1589 case IPSEC_LEVEL_USE: 1590 case IPSEC_LEVEL_REQUIRE: 1591 break; 1592 case IPSEC_LEVEL_UNIQUE: 1593 /* validity check */ 1594 /* 1595 * If range violation of reqid, kernel will 1596 * update it, don't refuse it. 1597 */ 1598 if (xisr->sadb_x_ipsecrequest_reqid 1599 > IPSEC_MANUAL_REQID_MAX) { 1600 ipseclog((LOG_DEBUG, 1601 "%s: reqid=%d range " 1602 "violation, updated by kernel.\n", 1603 __func__, 1604 xisr->sadb_x_ipsecrequest_reqid)); 1605 xisr->sadb_x_ipsecrequest_reqid = 0; 1606 } 1607 1608 /* allocate new reqid id if reqid is zero. */ 1609 if (xisr->sadb_x_ipsecrequest_reqid == 0) { 1610 u_int32_t reqid; 1611 if ((reqid = key_newreqid()) == 0) { 1612 key_freesp(&newsp); 1613 *error = ENOBUFS; 1614 return NULL; 1615 } 1616 isr->saidx.reqid = reqid; 1617 xisr->sadb_x_ipsecrequest_reqid = reqid; 1618 } else { 1619 /* set it for manual keying. */ 1620 isr->saidx.reqid = 1621 xisr->sadb_x_ipsecrequest_reqid; 1622 } 1623 break; 1624 1625 default: 1626 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n", 1627 __func__, 1628 xisr->sadb_x_ipsecrequest_level)); 1629 key_freesp(&newsp); 1630 *error = EINVAL; 1631 return NULL; 1632 } 1633 isr->level = xisr->sadb_x_ipsecrequest_level; 1634 1635 /* set IP addresses if there */ 1636 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 1637 struct sockaddr *paddr; 1638 1639 len = tlen - sizeof(*xisr); 1640 paddr = (struct sockaddr *)(xisr + 1); 1641 /* validity check */ 1642 if (len < sizeof(struct sockaddr) || 1643 len < 2 * paddr->sa_len || 1644 paddr->sa_len > sizeof(isr->saidx.src)) { 1645 ipseclog((LOG_DEBUG, "%s: invalid " 1646 "request address length.\n", 1647 __func__)); 1648 key_freesp(&newsp); 1649 *error = EINVAL; 1650 return NULL; 1651 } 1652 /* 1653 * Request length should be enough to keep 1654 * source and destination addresses. 1655 */ 1656 if (xisr->sadb_x_ipsecrequest_len < 1657 sizeof(*xisr) + 2 * paddr->sa_len) { 1658 ipseclog((LOG_DEBUG, "%s: invalid " 1659 "ipsecrequest length.\n", 1660 __func__)); 1661 key_freesp(&newsp); 1662 *error = EINVAL; 1663 return (NULL); 1664 } 1665 bcopy(paddr, &isr->saidx.src, paddr->sa_len); 1666 paddr = (struct sockaddr *)((caddr_t)paddr + 1667 paddr->sa_len); 1668 1669 /* validity check */ 1670 if (paddr->sa_len != 1671 isr->saidx.src.sa.sa_len) { 1672 ipseclog((LOG_DEBUG, "%s: invalid " 1673 "request address length.\n", 1674 __func__)); 1675 key_freesp(&newsp); 1676 *error = EINVAL; 1677 return NULL; 1678 } 1679 /* AF family should match */ 1680 if (paddr->sa_family != 1681 isr->saidx.src.sa.sa_family) { 1682 ipseclog((LOG_DEBUG, "%s: address " 1683 "family doesn't match.\n", 1684 __func__)); 1685 key_freesp(&newsp); 1686 *error = EINVAL; 1687 return (NULL); 1688 } 1689 bcopy(paddr, &isr->saidx.dst, paddr->sa_len); 1690 } else { 1691 /* 1692 * Addresses for TUNNEL mode requests are 1693 * mandatory. 1694 */ 1695 if (isr->saidx.mode == IPSEC_MODE_TUNNEL) { 1696 ipseclog((LOG_DEBUG, "%s: missing " 1697 "request addresses.\n", __func__)); 1698 key_freesp(&newsp); 1699 *error = EINVAL; 1700 return (NULL); 1701 } 1702 } 1703 tlen -= xisr->sadb_x_ipsecrequest_len; 1704 1705 /* validity check */ 1706 if (tlen < 0) { 1707 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n", 1708 __func__)); 1709 key_freesp(&newsp); 1710 *error = EINVAL; 1711 return NULL; 1712 } 1713 1714 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 1715 + xisr->sadb_x_ipsecrequest_len); 1716 } 1717 /* XXXAE: LARVAL SP */ 1718 if (newsp->tcount < 1) { 1719 ipseclog((LOG_DEBUG, "%s: valid IPSEC transforms " 1720 "not found.\n", __func__)); 1721 key_freesp(&newsp); 1722 *error = EINVAL; 1723 return (NULL); 1724 } 1725 } 1726 break; 1727 default: 1728 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 1729 key_freesp(&newsp); 1730 *error = EINVAL; 1731 return NULL; 1732 } 1733 1734 *error = 0; 1735 return (newsp); 1736 } 1737 1738 uint32_t 1739 key_newreqid(void) 1740 { 1741 static uint32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1742 1743 if (auto_reqid == ~0) 1744 auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1745 else 1746 auto_reqid++; 1747 1748 /* XXX should be unique check */ 1749 return (auto_reqid); 1750 } 1751 1752 /* 1753 * copy secpolicy struct to sadb_x_policy structure indicated. 1754 */ 1755 static struct mbuf * 1756 key_sp2mbuf(struct secpolicy *sp) 1757 { 1758 struct mbuf *m; 1759 size_t tlen; 1760 1761 tlen = key_getspreqmsglen(sp); 1762 m = m_get2(tlen, M_NOWAIT, MT_DATA, 0); 1763 if (m == NULL) 1764 return (NULL); 1765 m_align(m, tlen); 1766 m->m_len = tlen; 1767 if (key_sp2msg(sp, m->m_data, &tlen) != 0) { 1768 m_freem(m); 1769 return (NULL); 1770 } 1771 return (m); 1772 } 1773 1774 int 1775 key_sp2msg(struct secpolicy *sp, void *request, size_t *len) 1776 { 1777 struct sadb_x_ipsecrequest *xisr; 1778 struct sadb_x_policy *xpl; 1779 struct ipsecrequest *isr; 1780 size_t xlen, ilen; 1781 caddr_t p; 1782 int error, i; 1783 1784 IPSEC_ASSERT(sp != NULL, ("null policy")); 1785 1786 xlen = sizeof(*xpl); 1787 if (*len < xlen) 1788 return (EINVAL); 1789 1790 error = 0; 1791 bzero(request, *len); 1792 xpl = (struct sadb_x_policy *)request; 1793 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1794 xpl->sadb_x_policy_type = sp->policy; 1795 xpl->sadb_x_policy_dir = sp->spidx.dir; 1796 xpl->sadb_x_policy_id = sp->id; 1797 xpl->sadb_x_policy_priority = sp->priority; 1798 switch (sp->state) { 1799 case IPSEC_SPSTATE_IFNET: 1800 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_IFNET; 1801 break; 1802 case IPSEC_SPSTATE_PCB: 1803 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_PCB; 1804 break; 1805 default: 1806 xpl->sadb_x_policy_scope = IPSEC_POLICYSCOPE_GLOBAL; 1807 } 1808 1809 /* if is the policy for ipsec ? */ 1810 if (sp->policy == IPSEC_POLICY_IPSEC) { 1811 p = (caddr_t)xpl + sizeof(*xpl); 1812 for (i = 0; i < sp->tcount; i++) { 1813 isr = sp->req[i]; 1814 ilen = PFKEY_ALIGN8(sizeof(*xisr) + 1815 isr->saidx.src.sa.sa_len + 1816 isr->saidx.dst.sa.sa_len); 1817 xlen += ilen; 1818 if (xlen > *len) { 1819 error = ENOBUFS; 1820 /* Calculate needed size */ 1821 continue; 1822 } 1823 xisr = (struct sadb_x_ipsecrequest *)p; 1824 xisr->sadb_x_ipsecrequest_len = ilen; 1825 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 1826 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 1827 xisr->sadb_x_ipsecrequest_level = isr->level; 1828 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; 1829 1830 p += sizeof(*xisr); 1831 bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len); 1832 p += isr->saidx.src.sa.sa_len; 1833 bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len); 1834 p += isr->saidx.dst.sa.sa_len; 1835 } 1836 } 1837 xpl->sadb_x_policy_len = PFKEY_UNIT64(xlen); 1838 if (error == 0) 1839 *len = xlen; 1840 else 1841 *len = sizeof(*xpl); 1842 return (error); 1843 } 1844 1845 /* m will not be freed nor modified */ 1846 static struct mbuf * 1847 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, 1848 int ndeep, int nitem, ...) 1849 { 1850 va_list ap; 1851 int idx; 1852 int i; 1853 struct mbuf *result = NULL, *n; 1854 int len; 1855 1856 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1857 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1858 1859 va_start(ap, nitem); 1860 for (i = 0; i < nitem; i++) { 1861 idx = va_arg(ap, int); 1862 if (idx < 0 || idx > SADB_EXT_MAX) 1863 goto fail; 1864 /* don't attempt to pull empty extension */ 1865 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) 1866 continue; 1867 if (idx != SADB_EXT_RESERVED && 1868 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) 1869 continue; 1870 1871 if (idx == SADB_EXT_RESERVED) { 1872 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 1873 1874 IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len)); 1875 1876 MGETHDR(n, M_NOWAIT, MT_DATA); 1877 if (!n) 1878 goto fail; 1879 n->m_len = len; 1880 n->m_next = NULL; 1881 m_copydata(m, 0, sizeof(struct sadb_msg), 1882 mtod(n, caddr_t)); 1883 } else if (i < ndeep) { 1884 len = mhp->extlen[idx]; 1885 n = m_get2(len, M_NOWAIT, MT_DATA, 0); 1886 if (n == NULL) 1887 goto fail; 1888 m_align(n, len); 1889 n->m_len = len; 1890 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], 1891 mtod(n, caddr_t)); 1892 } else { 1893 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], 1894 M_NOWAIT); 1895 } 1896 if (n == NULL) 1897 goto fail; 1898 1899 if (result) 1900 m_cat(result, n); 1901 else 1902 result = n; 1903 } 1904 va_end(ap); 1905 1906 if ((result->m_flags & M_PKTHDR) != 0) { 1907 result->m_pkthdr.len = 0; 1908 for (n = result; n; n = n->m_next) 1909 result->m_pkthdr.len += n->m_len; 1910 } 1911 1912 return result; 1913 1914 fail: 1915 m_freem(result); 1916 va_end(ap); 1917 return NULL; 1918 } 1919 1920 /* 1921 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing 1922 * add an entry to SP database, when received 1923 * <base, address(SD), (lifetime(H),) policy> 1924 * from the user(?). 1925 * Adding to SP database, 1926 * and send 1927 * <base, address(SD), (lifetime(H),) policy> 1928 * to the socket which was send. 1929 * 1930 * SPDADD set a unique policy entry. 1931 * SPDSETIDX like SPDADD without a part of policy requests. 1932 * SPDUPDATE replace a unique policy entry. 1933 * 1934 * XXXAE: serialize this in PF_KEY to avoid races. 1935 * m will always be freed. 1936 */ 1937 static int 1938 key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 1939 { 1940 struct secpolicyindex spidx; 1941 struct sadb_address *src0, *dst0; 1942 struct sadb_x_policy *xpl0, *xpl; 1943 struct sadb_lifetime *lft = NULL; 1944 struct secpolicy *newsp; 1945 int error; 1946 1947 IPSEC_ASSERT(so != NULL, ("null socket")); 1948 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1949 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1950 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 1951 1952 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 1953 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 1954 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 1955 ipseclog((LOG_DEBUG, 1956 "%s: invalid message: missing required header.\n", 1957 __func__)); 1958 return key_senderror(so, m, EINVAL); 1959 } 1960 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 1961 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 1962 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 1963 ipseclog((LOG_DEBUG, 1964 "%s: invalid message: wrong header size.\n", __func__)); 1965 return key_senderror(so, m, EINVAL); 1966 } 1967 if (!SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD)) { 1968 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD)) { 1969 ipseclog((LOG_DEBUG, 1970 "%s: invalid message: wrong header size.\n", 1971 __func__)); 1972 return key_senderror(so, m, EINVAL); 1973 } 1974 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 1975 } 1976 1977 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 1978 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 1979 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 1980 1981 /* check the direciton */ 1982 switch (xpl0->sadb_x_policy_dir) { 1983 case IPSEC_DIR_INBOUND: 1984 case IPSEC_DIR_OUTBOUND: 1985 break; 1986 default: 1987 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 1988 return key_senderror(so, m, EINVAL); 1989 } 1990 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */ 1991 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 1992 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 1993 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 1994 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 1995 return key_senderror(so, m, EINVAL); 1996 } 1997 1998 /* policy requests are mandatory when action is ipsec. */ 1999 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC && 2000 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { 2001 ipseclog((LOG_DEBUG, 2002 "%s: policy requests required.\n", __func__)); 2003 return key_senderror(so, m, EINVAL); 2004 } 2005 2006 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 2007 (struct sockaddr *)(dst0 + 1)); 2008 if (error != 0 || 2009 src0->sadb_address_proto != dst0->sadb_address_proto) { 2010 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2011 return key_senderror(so, m, error); 2012 } 2013 /* make secindex */ 2014 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2015 src0 + 1, 2016 dst0 + 1, 2017 src0->sadb_address_prefixlen, 2018 dst0->sadb_address_prefixlen, 2019 src0->sadb_address_proto, 2020 &spidx); 2021 /* Checking there is SP already or not. */ 2022 newsp = key_getsp(&spidx); 2023 if (newsp != NULL) { 2024 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 2025 KEYDBG(KEY_STAMP, 2026 printf("%s: unlink SP(%p) for SPDUPDATE\n", 2027 __func__, newsp)); 2028 KEYDBG(KEY_DATA, kdebug_secpolicy(newsp)); 2029 key_unlink(newsp); 2030 key_freesp(&newsp); 2031 } else { 2032 key_freesp(&newsp); 2033 ipseclog((LOG_DEBUG, 2034 "%s: a SP entry exists already.\n", __func__)); 2035 return (key_senderror(so, m, EEXIST)); 2036 } 2037 } 2038 2039 /* allocate new SP entry */ 2040 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) { 2041 return key_senderror(so, m, error); 2042 } 2043 2044 newsp->lastused = newsp->created = time_second; 2045 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; 2046 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; 2047 bcopy(&spidx, &newsp->spidx, sizeof(spidx)); 2048 2049 /* XXXAE: there is race between key_getsp() and key_insertsp() */ 2050 SPTREE_WLOCK(); 2051 if ((newsp->id = key_getnewspid()) == 0) { 2052 SPTREE_WUNLOCK(); 2053 key_freesp(&newsp); 2054 return key_senderror(so, m, ENOBUFS); 2055 } 2056 key_insertsp(newsp); 2057 SPTREE_WUNLOCK(); 2058 if (SPDCACHE_ENABLED()) 2059 spdcache_clear(); 2060 2061 KEYDBG(KEY_STAMP, 2062 printf("%s: SP(%p)\n", __func__, newsp)); 2063 KEYDBG(KEY_DATA, kdebug_secpolicy(newsp)); 2064 2065 { 2066 struct mbuf *n, *mpolicy; 2067 struct sadb_msg *newmsg; 2068 int off; 2069 2070 /* create new sadb_msg to reply. */ 2071 if (lft) { 2072 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, 2073 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, 2074 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2075 } else { 2076 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, 2077 SADB_X_EXT_POLICY, 2078 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2079 } 2080 if (!n) 2081 return key_senderror(so, m, ENOBUFS); 2082 2083 if (n->m_len < sizeof(*newmsg)) { 2084 n = m_pullup(n, sizeof(*newmsg)); 2085 if (!n) 2086 return key_senderror(so, m, ENOBUFS); 2087 } 2088 newmsg = mtod(n, struct sadb_msg *); 2089 newmsg->sadb_msg_errno = 0; 2090 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2091 2092 off = 0; 2093 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), 2094 sizeof(*xpl), &off); 2095 if (mpolicy == NULL) { 2096 /* n is already freed */ 2097 return key_senderror(so, m, ENOBUFS); 2098 } 2099 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off); 2100 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { 2101 m_freem(n); 2102 return key_senderror(so, m, EINVAL); 2103 } 2104 xpl->sadb_x_policy_id = newsp->id; 2105 2106 m_freem(m); 2107 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2108 } 2109 } 2110 2111 /* 2112 * get new policy id. 2113 * OUT: 2114 * 0: failure. 2115 * others: success. 2116 */ 2117 static uint32_t 2118 key_getnewspid(void) 2119 { 2120 struct secpolicy *sp; 2121 uint32_t newid = 0; 2122 int count = V_key_spi_trycnt; /* XXX */ 2123 2124 SPTREE_WLOCK_ASSERT(); 2125 while (count--) { 2126 if (V_policy_id == ~0) /* overflowed */ 2127 newid = V_policy_id = 1; 2128 else 2129 newid = ++V_policy_id; 2130 LIST_FOREACH(sp, SPHASH_HASH(newid), idhash) { 2131 if (sp->id == newid) 2132 break; 2133 } 2134 if (sp == NULL) 2135 break; 2136 } 2137 if (count == 0 || newid == 0) { 2138 ipseclog((LOG_DEBUG, "%s: failed to allocate policy id.\n", 2139 __func__)); 2140 return (0); 2141 } 2142 return (newid); 2143 } 2144 2145 /* 2146 * SADB_SPDDELETE processing 2147 * receive 2148 * <base, address(SD), policy(*)> 2149 * from the user(?), and set SADB_SASTATE_DEAD, 2150 * and send, 2151 * <base, address(SD), policy(*)> 2152 * to the ikmpd. 2153 * policy(*) including direction of policy. 2154 * 2155 * m will always be freed. 2156 */ 2157 static int 2158 key_spddelete(struct socket *so, struct mbuf *m, 2159 const struct sadb_msghdr *mhp) 2160 { 2161 struct secpolicyindex spidx; 2162 struct sadb_address *src0, *dst0; 2163 struct sadb_x_policy *xpl0; 2164 struct secpolicy *sp; 2165 2166 IPSEC_ASSERT(so != NULL, ("null so")); 2167 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2168 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2169 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2170 2171 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 2172 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 2173 SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY)) { 2174 ipseclog((LOG_DEBUG, 2175 "%s: invalid message: missing required header.\n", 2176 __func__)); 2177 return key_senderror(so, m, EINVAL); 2178 } 2179 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 2180 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 2181 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2182 ipseclog((LOG_DEBUG, 2183 "%s: invalid message: wrong header size.\n", __func__)); 2184 return key_senderror(so, m, EINVAL); 2185 } 2186 2187 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 2188 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2189 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2190 2191 /* check the direciton */ 2192 switch (xpl0->sadb_x_policy_dir) { 2193 case IPSEC_DIR_INBOUND: 2194 case IPSEC_DIR_OUTBOUND: 2195 break; 2196 default: 2197 ipseclog((LOG_DEBUG, "%s: invalid SP direction.\n", __func__)); 2198 return key_senderror(so, m, EINVAL); 2199 } 2200 /* Only DISCARD, NONE and IPSEC are allowed */ 2201 if (xpl0->sadb_x_policy_type != IPSEC_POLICY_DISCARD && 2202 xpl0->sadb_x_policy_type != IPSEC_POLICY_NONE && 2203 xpl0->sadb_x_policy_type != IPSEC_POLICY_IPSEC) { 2204 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 2205 return key_senderror(so, m, EINVAL); 2206 } 2207 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 2208 (struct sockaddr *)(dst0 + 1)) != 0 || 2209 src0->sadb_address_proto != dst0->sadb_address_proto) { 2210 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 2211 return key_senderror(so, m, EINVAL); 2212 } 2213 /* make secindex */ 2214 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2215 src0 + 1, 2216 dst0 + 1, 2217 src0->sadb_address_prefixlen, 2218 dst0->sadb_address_prefixlen, 2219 src0->sadb_address_proto, 2220 &spidx); 2221 2222 /* Is there SP in SPD ? */ 2223 if ((sp = key_getsp(&spidx)) == NULL) { 2224 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__)); 2225 return key_senderror(so, m, EINVAL); 2226 } 2227 2228 /* save policy id to buffer to be returned. */ 2229 xpl0->sadb_x_policy_id = sp->id; 2230 2231 KEYDBG(KEY_STAMP, 2232 printf("%s: SP(%p)\n", __func__, sp)); 2233 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2234 key_unlink(sp); 2235 key_freesp(&sp); 2236 2237 { 2238 struct mbuf *n; 2239 struct sadb_msg *newmsg; 2240 2241 /* create new sadb_msg to reply. */ 2242 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 2243 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2244 if (!n) 2245 return key_senderror(so, m, ENOBUFS); 2246 2247 newmsg = mtod(n, struct sadb_msg *); 2248 newmsg->sadb_msg_errno = 0; 2249 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2250 2251 m_freem(m); 2252 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2253 } 2254 } 2255 2256 /* 2257 * SADB_SPDDELETE2 processing 2258 * receive 2259 * <base, policy(*)> 2260 * from the user(?), and set SADB_SASTATE_DEAD, 2261 * and send, 2262 * <base, policy(*)> 2263 * to the ikmpd. 2264 * policy(*) including direction of policy. 2265 * 2266 * m will always be freed. 2267 */ 2268 static int 2269 key_spddelete2(struct socket *so, struct mbuf *m, 2270 const struct sadb_msghdr *mhp) 2271 { 2272 struct secpolicy *sp; 2273 uint32_t id; 2274 2275 IPSEC_ASSERT(so != NULL, ("null socket")); 2276 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2277 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2278 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2279 2280 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2281 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2282 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2283 __func__)); 2284 return key_senderror(so, m, EINVAL); 2285 } 2286 2287 id = ((struct sadb_x_policy *) 2288 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2289 2290 /* Is there SP in SPD ? */ 2291 if ((sp = key_getspbyid(id)) == NULL) { 2292 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2293 __func__, id)); 2294 return key_senderror(so, m, EINVAL); 2295 } 2296 2297 KEYDBG(KEY_STAMP, 2298 printf("%s: SP(%p)\n", __func__, sp)); 2299 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2300 key_unlink(sp); 2301 if (sp->state != IPSEC_SPSTATE_DEAD) { 2302 ipseclog((LOG_DEBUG, "%s: failed to delete SP with id %u.\n", 2303 __func__, id)); 2304 key_freesp(&sp); 2305 return (key_senderror(so, m, EACCES)); 2306 } 2307 key_freesp(&sp); 2308 2309 { 2310 struct mbuf *n, *nn; 2311 struct sadb_msg *newmsg; 2312 int off, len; 2313 2314 /* create new sadb_msg to reply. */ 2315 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2316 2317 MGETHDR(n, M_NOWAIT, MT_DATA); 2318 if (n && len > MHLEN) { 2319 if (!(MCLGET(n, M_NOWAIT))) { 2320 m_freem(n); 2321 n = NULL; 2322 } 2323 } 2324 if (!n) 2325 return key_senderror(so, m, ENOBUFS); 2326 2327 n->m_len = len; 2328 n->m_next = NULL; 2329 off = 0; 2330 2331 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 2332 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2333 2334 IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)", 2335 off, len)); 2336 2337 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], 2338 mhp->extlen[SADB_X_EXT_POLICY], M_NOWAIT); 2339 if (!n->m_next) { 2340 m_freem(n); 2341 return key_senderror(so, m, ENOBUFS); 2342 } 2343 2344 n->m_pkthdr.len = 0; 2345 for (nn = n; nn; nn = nn->m_next) 2346 n->m_pkthdr.len += nn->m_len; 2347 2348 newmsg = mtod(n, struct sadb_msg *); 2349 newmsg->sadb_msg_errno = 0; 2350 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2351 2352 m_freem(m); 2353 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2354 } 2355 } 2356 2357 /* 2358 * SADB_X_SPDGET processing 2359 * receive 2360 * <base, policy(*)> 2361 * from the user(?), 2362 * and send, 2363 * <base, address(SD), policy> 2364 * to the ikmpd. 2365 * policy(*) including direction of policy. 2366 * 2367 * m will always be freed. 2368 */ 2369 static int 2370 key_spdget(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2371 { 2372 struct secpolicy *sp; 2373 struct mbuf *n; 2374 uint32_t id; 2375 2376 IPSEC_ASSERT(so != NULL, ("null socket")); 2377 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2378 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2379 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2380 2381 if (SADB_CHECKHDR(mhp, SADB_X_EXT_POLICY) || 2382 SADB_CHECKLEN(mhp, SADB_X_EXT_POLICY)) { 2383 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2384 __func__)); 2385 return key_senderror(so, m, EINVAL); 2386 } 2387 2388 id = ((struct sadb_x_policy *) 2389 mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2390 2391 /* Is there SP in SPD ? */ 2392 if ((sp = key_getspbyid(id)) == NULL) { 2393 ipseclog((LOG_DEBUG, "%s: no SP found for id %u.\n", 2394 __func__, id)); 2395 return key_senderror(so, m, ENOENT); 2396 } 2397 2398 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq, 2399 mhp->msg->sadb_msg_pid); 2400 key_freesp(&sp); 2401 if (n != NULL) { 2402 m_freem(m); 2403 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2404 } else 2405 return key_senderror(so, m, ENOBUFS); 2406 } 2407 2408 /* 2409 * SADB_X_SPDACQUIRE processing. 2410 * Acquire policy and SA(s) for a *OUTBOUND* packet. 2411 * send 2412 * <base, policy(*)> 2413 * to KMD, and expect to receive 2414 * <base> with SADB_X_SPDACQUIRE if error occurred, 2415 * or 2416 * <base, policy> 2417 * with SADB_X_SPDUPDATE from KMD by PF_KEY. 2418 * policy(*) is without policy requests. 2419 * 2420 * 0 : succeed 2421 * others: error number 2422 */ 2423 int 2424 key_spdacquire(struct secpolicy *sp) 2425 { 2426 struct mbuf *result = NULL, *m; 2427 struct secspacq *newspacq; 2428 2429 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2430 IPSEC_ASSERT(sp->req == NULL, ("policy exists")); 2431 IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, 2432 ("policy not IPSEC %u", sp->policy)); 2433 2434 /* Get an entry to check whether sent message or not. */ 2435 newspacq = key_getspacq(&sp->spidx); 2436 if (newspacq != NULL) { 2437 if (V_key_blockacq_count < newspacq->count) { 2438 /* reset counter and do send message. */ 2439 newspacq->count = 0; 2440 } else { 2441 /* increment counter and do nothing. */ 2442 newspacq->count++; 2443 SPACQ_UNLOCK(); 2444 return (0); 2445 } 2446 SPACQ_UNLOCK(); 2447 } else { 2448 /* make new entry for blocking to send SADB_ACQUIRE. */ 2449 newspacq = key_newspacq(&sp->spidx); 2450 if (newspacq == NULL) 2451 return ENOBUFS; 2452 } 2453 2454 /* create new sadb_msg to reply. */ 2455 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); 2456 if (!m) 2457 return ENOBUFS; 2458 2459 result = m; 2460 2461 result->m_pkthdr.len = 0; 2462 for (m = result; m; m = m->m_next) 2463 result->m_pkthdr.len += m->m_len; 2464 2465 mtod(result, struct sadb_msg *)->sadb_msg_len = 2466 PFKEY_UNIT64(result->m_pkthdr.len); 2467 2468 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED); 2469 } 2470 2471 /* 2472 * SADB_SPDFLUSH processing 2473 * receive 2474 * <base> 2475 * from the user, and free all entries in secpctree. 2476 * and send, 2477 * <base> 2478 * to the user. 2479 * NOTE: what to do is only marking SADB_SASTATE_DEAD. 2480 * 2481 * m will always be freed. 2482 */ 2483 static int 2484 key_spdflush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2485 { 2486 struct secpolicy_queue drainq; 2487 struct sadb_msg *newmsg; 2488 struct secpolicy *sp, *nextsp; 2489 u_int dir; 2490 2491 IPSEC_ASSERT(so != NULL, ("null socket")); 2492 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2493 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2494 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2495 2496 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) 2497 return key_senderror(so, m, EINVAL); 2498 2499 TAILQ_INIT(&drainq); 2500 SPTREE_WLOCK(); 2501 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2502 TAILQ_CONCAT(&drainq, &V_sptree[dir], chain); 2503 } 2504 /* 2505 * We need to set state to DEAD for each policy to be sure, 2506 * that another thread won't try to unlink it. 2507 * Also remove SP from sphash. 2508 */ 2509 TAILQ_FOREACH(sp, &drainq, chain) { 2510 sp->state = IPSEC_SPSTATE_DEAD; 2511 LIST_REMOVE(sp, idhash); 2512 } 2513 V_sp_genid++; 2514 V_spd_size = 0; 2515 SPTREE_WUNLOCK(); 2516 if (SPDCACHE_ENABLED()) 2517 spdcache_clear(); 2518 sp = TAILQ_FIRST(&drainq); 2519 while (sp != NULL) { 2520 nextsp = TAILQ_NEXT(sp, chain); 2521 key_freesp(&sp); 2522 sp = nextsp; 2523 } 2524 2525 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 2526 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 2527 return key_senderror(so, m, ENOBUFS); 2528 } 2529 2530 if (m->m_next) 2531 m_freem(m->m_next); 2532 m->m_next = NULL; 2533 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2534 newmsg = mtod(m, struct sadb_msg *); 2535 newmsg->sadb_msg_errno = 0; 2536 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 2537 2538 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 2539 } 2540 2541 static uint8_t 2542 key_satype2scopemask(uint8_t satype) 2543 { 2544 2545 if (satype == IPSEC_POLICYSCOPE_ANY) 2546 return (0xff); 2547 return (satype); 2548 } 2549 /* 2550 * SADB_SPDDUMP processing 2551 * receive 2552 * <base> 2553 * from the user, and dump all SP leaves and send, 2554 * <base> ..... 2555 * to the ikmpd. 2556 * 2557 * NOTE: 2558 * sadb_msg_satype is considered as mask of policy scopes. 2559 * m will always be freed. 2560 */ 2561 static int 2562 key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 2563 { 2564 SPTREE_RLOCK_TRACKER; 2565 struct secpolicy *sp; 2566 struct mbuf *n; 2567 int cnt; 2568 u_int dir, scope; 2569 2570 IPSEC_ASSERT(so != NULL, ("null socket")); 2571 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2572 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2573 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2574 2575 /* search SPD entry and get buffer size. */ 2576 cnt = 0; 2577 scope = key_satype2scopemask(mhp->msg->sadb_msg_satype); 2578 SPTREE_RLOCK(); 2579 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2580 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2581 TAILQ_FOREACH(sp, &V_sptree[dir], chain) 2582 cnt++; 2583 } 2584 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2585 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) 2586 cnt++; 2587 } 2588 } 2589 2590 if (cnt == 0) { 2591 SPTREE_RUNLOCK(); 2592 return key_senderror(so, m, ENOENT); 2593 } 2594 2595 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2596 if (scope & IPSEC_POLICYSCOPE_GLOBAL) { 2597 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 2598 --cnt; 2599 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2600 mhp->msg->sadb_msg_pid); 2601 2602 if (n != NULL) 2603 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2604 } 2605 } 2606 if (scope & IPSEC_POLICYSCOPE_IFNET) { 2607 TAILQ_FOREACH(sp, &V_sptree_ifnet[dir], chain) { 2608 --cnt; 2609 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2610 mhp->msg->sadb_msg_pid); 2611 2612 if (n != NULL) 2613 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2614 } 2615 } 2616 } 2617 2618 SPTREE_RUNLOCK(); 2619 m_freem(m); 2620 return (0); 2621 } 2622 2623 static struct mbuf * 2624 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, 2625 u_int32_t pid) 2626 { 2627 struct mbuf *result = NULL, *m; 2628 struct seclifetime lt; 2629 2630 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt); 2631 if (!m) 2632 goto fail; 2633 result = m; 2634 2635 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2636 &sp->spidx.src.sa, sp->spidx.prefs, 2637 sp->spidx.ul_proto); 2638 if (!m) 2639 goto fail; 2640 m_cat(result, m); 2641 2642 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2643 &sp->spidx.dst.sa, sp->spidx.prefd, 2644 sp->spidx.ul_proto); 2645 if (!m) 2646 goto fail; 2647 m_cat(result, m); 2648 2649 m = key_sp2mbuf(sp); 2650 if (!m) 2651 goto fail; 2652 m_cat(result, m); 2653 2654 if(sp->lifetime){ 2655 lt.addtime=sp->created; 2656 lt.usetime= sp->lastused; 2657 m = key_setlifetime(<, SADB_EXT_LIFETIME_CURRENT); 2658 if (!m) 2659 goto fail; 2660 m_cat(result, m); 2661 2662 lt.addtime=sp->lifetime; 2663 lt.usetime= sp->validtime; 2664 m = key_setlifetime(<, SADB_EXT_LIFETIME_HARD); 2665 if (!m) 2666 goto fail; 2667 m_cat(result, m); 2668 } 2669 2670 if ((result->m_flags & M_PKTHDR) == 0) 2671 goto fail; 2672 2673 if (result->m_len < sizeof(struct sadb_msg)) { 2674 result = m_pullup(result, sizeof(struct sadb_msg)); 2675 if (result == NULL) 2676 goto fail; 2677 } 2678 2679 result->m_pkthdr.len = 0; 2680 for (m = result; m; m = m->m_next) 2681 result->m_pkthdr.len += m->m_len; 2682 2683 mtod(result, struct sadb_msg *)->sadb_msg_len = 2684 PFKEY_UNIT64(result->m_pkthdr.len); 2685 2686 return result; 2687 2688 fail: 2689 m_freem(result); 2690 return NULL; 2691 } 2692 /* 2693 * get PFKEY message length for security policy and request. 2694 */ 2695 static size_t 2696 key_getspreqmsglen(struct secpolicy *sp) 2697 { 2698 size_t tlen, len; 2699 int i; 2700 2701 tlen = sizeof(struct sadb_x_policy); 2702 /* if is the policy for ipsec ? */ 2703 if (sp->policy != IPSEC_POLICY_IPSEC) 2704 return (tlen); 2705 2706 /* get length of ipsec requests */ 2707 for (i = 0; i < sp->tcount; i++) { 2708 len = sizeof(struct sadb_x_ipsecrequest) 2709 + sp->req[i]->saidx.src.sa.sa_len 2710 + sp->req[i]->saidx.dst.sa.sa_len; 2711 2712 tlen += PFKEY_ALIGN8(len); 2713 } 2714 return (tlen); 2715 } 2716 2717 /* 2718 * SADB_SPDEXPIRE processing 2719 * send 2720 * <base, address(SD), lifetime(CH), policy> 2721 * to KMD by PF_KEY. 2722 * 2723 * OUT: 0 : succeed 2724 * others : error number 2725 */ 2726 static int 2727 key_spdexpire(struct secpolicy *sp) 2728 { 2729 struct sadb_lifetime *lt; 2730 struct mbuf *result = NULL, *m; 2731 int len, error = -1; 2732 2733 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2734 2735 KEYDBG(KEY_STAMP, 2736 printf("%s: SP(%p)\n", __func__, sp)); 2737 KEYDBG(KEY_DATA, kdebug_secpolicy(sp)); 2738 2739 /* set msg header */ 2740 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); 2741 if (!m) { 2742 error = ENOBUFS; 2743 goto fail; 2744 } 2745 result = m; 2746 2747 /* create lifetime extension (current and hard) */ 2748 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 2749 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 2750 if (m == NULL) { 2751 error = ENOBUFS; 2752 goto fail; 2753 } 2754 m_align(m, len); 2755 m->m_len = len; 2756 bzero(mtod(m, caddr_t), len); 2757 lt = mtod(m, struct sadb_lifetime *); 2758 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2759 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2760 lt->sadb_lifetime_allocations = 0; 2761 lt->sadb_lifetime_bytes = 0; 2762 lt->sadb_lifetime_addtime = sp->created; 2763 lt->sadb_lifetime_usetime = sp->lastused; 2764 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 2765 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2766 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2767 lt->sadb_lifetime_allocations = 0; 2768 lt->sadb_lifetime_bytes = 0; 2769 lt->sadb_lifetime_addtime = sp->lifetime; 2770 lt->sadb_lifetime_usetime = sp->validtime; 2771 m_cat(result, m); 2772 2773 /* set sadb_address for source */ 2774 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2775 &sp->spidx.src.sa, 2776 sp->spidx.prefs, sp->spidx.ul_proto); 2777 if (!m) { 2778 error = ENOBUFS; 2779 goto fail; 2780 } 2781 m_cat(result, m); 2782 2783 /* set sadb_address for destination */ 2784 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2785 &sp->spidx.dst.sa, 2786 sp->spidx.prefd, sp->spidx.ul_proto); 2787 if (!m) { 2788 error = ENOBUFS; 2789 goto fail; 2790 } 2791 m_cat(result, m); 2792 2793 /* set secpolicy */ 2794 m = key_sp2mbuf(sp); 2795 if (!m) { 2796 error = ENOBUFS; 2797 goto fail; 2798 } 2799 m_cat(result, m); 2800 2801 if ((result->m_flags & M_PKTHDR) == 0) { 2802 error = EINVAL; 2803 goto fail; 2804 } 2805 2806 if (result->m_len < sizeof(struct sadb_msg)) { 2807 result = m_pullup(result, sizeof(struct sadb_msg)); 2808 if (result == NULL) { 2809 error = ENOBUFS; 2810 goto fail; 2811 } 2812 } 2813 2814 result->m_pkthdr.len = 0; 2815 for (m = result; m; m = m->m_next) 2816 result->m_pkthdr.len += m->m_len; 2817 2818 mtod(result, struct sadb_msg *)->sadb_msg_len = 2819 PFKEY_UNIT64(result->m_pkthdr.len); 2820 2821 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2822 2823 fail: 2824 if (result) 2825 m_freem(result); 2826 return error; 2827 } 2828 2829 /* %%% SAD management */ 2830 /* 2831 * allocating and initialize new SA head. 2832 * OUT: NULL : failure due to the lack of memory. 2833 * others : pointer to new SA head. 2834 */ 2835 static struct secashead * 2836 key_newsah(struct secasindex *saidx) 2837 { 2838 struct secashead *sah; 2839 2840 sah = malloc(sizeof(struct secashead), M_IPSEC_SAH, 2841 M_NOWAIT | M_ZERO); 2842 if (sah == NULL) { 2843 PFKEYSTAT_INC(in_nomem); 2844 return (NULL); 2845 } 2846 TAILQ_INIT(&sah->savtree_larval); 2847 TAILQ_INIT(&sah->savtree_alive); 2848 sah->saidx = *saidx; 2849 sah->state = SADB_SASTATE_DEAD; 2850 SAH_INITREF(sah); 2851 2852 KEYDBG(KEY_STAMP, 2853 printf("%s: SAH(%p)\n", __func__, sah)); 2854 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2855 return (sah); 2856 } 2857 2858 static void 2859 key_freesah(struct secashead **psah) 2860 { 2861 struct secashead *sah = *psah; 2862 2863 if (SAH_DELREF(sah) == 0) 2864 return; 2865 2866 KEYDBG(KEY_STAMP, 2867 printf("%s: last reference to SAH(%p)\n", __func__, sah)); 2868 KEYDBG(KEY_DATA, kdebug_secash(sah, NULL)); 2869 2870 *psah = NULL; 2871 key_delsah(sah); 2872 } 2873 2874 static void 2875 key_delsah(struct secashead *sah) 2876 { 2877 IPSEC_ASSERT(sah != NULL, ("NULL sah")); 2878 IPSEC_ASSERT(sah->state == SADB_SASTATE_DEAD, 2879 ("Attempt to free non DEAD SAH %p", sah)); 2880 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_larval), 2881 ("Attempt to free SAH %p with LARVAL SA", sah)); 2882 IPSEC_ASSERT(TAILQ_EMPTY(&sah->savtree_alive), 2883 ("Attempt to free SAH %p with ALIVE SA", sah)); 2884 2885 free(sah, M_IPSEC_SAH); 2886 } 2887 2888 /* 2889 * allocating a new SA for key_add() and key_getspi() call, 2890 * and copy the values of mhp into new buffer. 2891 * When SAD message type is SADB_GETSPI set SA state to LARVAL. 2892 * For SADB_ADD create and initialize SA with MATURE state. 2893 * OUT: NULL : fail 2894 * others : pointer to new secasvar. 2895 */ 2896 static struct secasvar * 2897 key_newsav(const struct sadb_msghdr *mhp, struct secasindex *saidx, 2898 uint32_t spi, int *errp) 2899 { 2900 struct secashead *sah; 2901 struct secasvar *sav; 2902 int isnew; 2903 2904 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2905 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2906 IPSEC_ASSERT(mhp->msg->sadb_msg_type == SADB_GETSPI || 2907 mhp->msg->sadb_msg_type == SADB_ADD, ("wrong message type")); 2908 2909 sav = NULL; 2910 sah = NULL; 2911 /* check SPI value */ 2912 switch (saidx->proto) { 2913 case IPPROTO_ESP: 2914 case IPPROTO_AH: 2915 /* 2916 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values 2917 * 1-255 reserved by IANA for future use, 2918 * 0 for implementation specific, local use. 2919 */ 2920 if (ntohl(spi) <= 255) { 2921 ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n", 2922 __func__, ntohl(spi))); 2923 *errp = EINVAL; 2924 goto done; 2925 } 2926 break; 2927 } 2928 2929 sav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT | M_ZERO); 2930 if (sav == NULL) { 2931 *errp = ENOBUFS; 2932 goto done; 2933 } 2934 sav->lock = malloc(sizeof(struct mtx), M_IPSEC_MISC, 2935 M_NOWAIT | M_ZERO); 2936 if (sav->lock == NULL) { 2937 *errp = ENOBUFS; 2938 goto done; 2939 } 2940 mtx_init(sav->lock, "ipsec association", NULL, MTX_DEF); 2941 sav->lft_c = uma_zalloc_pcpu(V_key_lft_zone, M_NOWAIT); 2942 if (sav->lft_c == NULL) { 2943 *errp = ENOBUFS; 2944 goto done; 2945 } 2946 counter_u64_zero(sav->lft_c_allocations); 2947 counter_u64_zero(sav->lft_c_bytes); 2948 2949 sav->spi = spi; 2950 sav->seq = mhp->msg->sadb_msg_seq; 2951 sav->state = SADB_SASTATE_LARVAL; 2952 sav->pid = (pid_t)mhp->msg->sadb_msg_pid; 2953 SAV_INITREF(sav); 2954 again: 2955 sah = key_getsah(saidx); 2956 if (sah == NULL) { 2957 /* create a new SA index */ 2958 sah = key_newsah(saidx); 2959 if (sah == NULL) { 2960 ipseclog((LOG_DEBUG, 2961 "%s: No more memory.\n", __func__)); 2962 *errp = ENOBUFS; 2963 goto done; 2964 } 2965 isnew = 1; 2966 } else 2967 isnew = 0; 2968 2969 sav->sah = sah; 2970 if (mhp->msg->sadb_msg_type == SADB_GETSPI) { 2971 sav->created = time_second; 2972 } else if (sav->state == SADB_SASTATE_LARVAL) { 2973 /* 2974 * Do not call key_setsaval() second time in case 2975 * of `goto again`. We will have MATURE state. 2976 */ 2977 *errp = key_setsaval(sav, mhp); 2978 if (*errp != 0) 2979 goto done; 2980 sav->state = SADB_SASTATE_MATURE; 2981 } 2982 2983 SAHTREE_WLOCK(); 2984 /* 2985 * Check that existing SAH wasn't unlinked. 2986 * Since we didn't hold the SAHTREE lock, it is possible, 2987 * that callout handler or key_flush() or key_delete() could 2988 * unlink this SAH. 2989 */ 2990 if (isnew == 0 && sah->state == SADB_SASTATE_DEAD) { 2991 SAHTREE_WUNLOCK(); 2992 key_freesah(&sah); /* reference from key_getsah() */ 2993 goto again; 2994 } 2995 if (isnew != 0) { 2996 /* 2997 * Add new SAH into SADB. 2998 * 2999 * XXXAE: we can serialize key_add and key_getspi calls, so 3000 * several threads will not fight in the race. 3001 * Otherwise we should check under SAHTREE lock, that this 3002 * SAH would not added twice. 3003 */ 3004 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 3005 /* Add new SAH into hash by addresses */ 3006 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 3007 /* Now we are linked in the chain */ 3008 sah->state = SADB_SASTATE_MATURE; 3009 /* 3010 * SAV references this new SAH. 3011 * In case of existing SAH we reuse reference 3012 * from key_getsah(). 3013 */ 3014 SAH_ADDREF(sah); 3015 } 3016 /* Link SAV with SAH */ 3017 if (sav->state == SADB_SASTATE_MATURE) 3018 TAILQ_INSERT_HEAD(&sah->savtree_alive, sav, chain); 3019 else 3020 TAILQ_INSERT_HEAD(&sah->savtree_larval, sav, chain); 3021 /* Add SAV into SPI hash */ 3022 LIST_INSERT_HEAD(SAVHASH_HASH(sav->spi), sav, spihash); 3023 SAHTREE_WUNLOCK(); 3024 *errp = 0; /* success */ 3025 done: 3026 if (*errp != 0) { 3027 if (sav != NULL) { 3028 if (sav->lock != NULL) { 3029 mtx_destroy(sav->lock); 3030 free(sav->lock, M_IPSEC_MISC); 3031 } 3032 if (sav->lft_c != NULL) 3033 uma_zfree_pcpu(V_key_lft_zone, sav->lft_c); 3034 free(sav, M_IPSEC_SA), sav = NULL; 3035 } 3036 if (sah != NULL) 3037 key_freesah(&sah); 3038 if (*errp == ENOBUFS) { 3039 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3040 __func__)); 3041 PFKEYSTAT_INC(in_nomem); 3042 } 3043 } 3044 return (sav); 3045 } 3046 3047 /* 3048 * free() SA variable entry. 3049 */ 3050 static void 3051 key_cleansav(struct secasvar *sav) 3052 { 3053 3054 if (sav->natt != NULL) { 3055 free(sav->natt, M_IPSEC_MISC); 3056 sav->natt = NULL; 3057 } 3058 if (sav->flags & SADB_X_EXT_F_CLONED) 3059 return; 3060 if (sav->tdb_xform != NULL) { 3061 sav->tdb_xform->xf_cleanup(sav); 3062 sav->tdb_xform = NULL; 3063 } 3064 if (sav->key_auth != NULL) { 3065 zfree(sav->key_auth->key_data, M_IPSEC_MISC); 3066 free(sav->key_auth, M_IPSEC_MISC); 3067 sav->key_auth = NULL; 3068 } 3069 if (sav->key_enc != NULL) { 3070 zfree(sav->key_enc->key_data, M_IPSEC_MISC); 3071 free(sav->key_enc, M_IPSEC_MISC); 3072 sav->key_enc = NULL; 3073 } 3074 if (sav->replay != NULL) { 3075 if (sav->replay->bitmap != NULL) 3076 free(sav->replay->bitmap, M_IPSEC_MISC); 3077 free(sav->replay, M_IPSEC_MISC); 3078 sav->replay = NULL; 3079 } 3080 if (sav->lft_h != NULL) { 3081 free(sav->lft_h, M_IPSEC_MISC); 3082 sav->lft_h = NULL; 3083 } 3084 if (sav->lft_s != NULL) { 3085 free(sav->lft_s, M_IPSEC_MISC); 3086 sav->lft_s = NULL; 3087 } 3088 } 3089 3090 /* 3091 * free() SA variable entry. 3092 */ 3093 static void 3094 key_delsav(struct secasvar *sav) 3095 { 3096 IPSEC_ASSERT(sav != NULL, ("null sav")); 3097 IPSEC_ASSERT(sav->state == SADB_SASTATE_DEAD, 3098 ("attempt to free non DEAD SA %p", sav)); 3099 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", 3100 sav->refcnt)); 3101 3102 /* 3103 * SA must be unlinked from the chain and hashtbl. 3104 * If SA was cloned, we leave all fields untouched, 3105 * except NAT-T config. 3106 */ 3107 key_cleansav(sav); 3108 if ((sav->flags & SADB_X_EXT_F_CLONED) == 0) { 3109 mtx_destroy(sav->lock); 3110 free(sav->lock, M_IPSEC_MISC); 3111 uma_zfree_pcpu(V_key_lft_zone, sav->lft_c); 3112 } 3113 free(sav, M_IPSEC_SA); 3114 } 3115 3116 /* 3117 * search SAH. 3118 * OUT: 3119 * NULL : not found 3120 * others : found, referenced pointer to a SAH. 3121 */ 3122 static struct secashead * 3123 key_getsah(struct secasindex *saidx) 3124 { 3125 SAHTREE_RLOCK_TRACKER; 3126 struct secashead *sah; 3127 3128 SAHTREE_RLOCK(); 3129 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 3130 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID) != 0) { 3131 SAH_ADDREF(sah); 3132 break; 3133 } 3134 } 3135 SAHTREE_RUNLOCK(); 3136 return (sah); 3137 } 3138 3139 /* 3140 * Check not to be duplicated SPI. 3141 * OUT: 3142 * 0 : not found 3143 * 1 : found SA with given SPI. 3144 */ 3145 static int 3146 key_checkspidup(uint32_t spi) 3147 { 3148 SAHTREE_RLOCK_TRACKER; 3149 struct secasvar *sav; 3150 3151 /* Assume SPI is in network byte order */ 3152 SAHTREE_RLOCK(); 3153 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3154 if (sav->spi == spi) 3155 break; 3156 } 3157 SAHTREE_RUNLOCK(); 3158 return (sav != NULL); 3159 } 3160 3161 /* 3162 * Search SA by SPI. 3163 * OUT: 3164 * NULL : not found 3165 * others : found, referenced pointer to a SA. 3166 */ 3167 static struct secasvar * 3168 key_getsavbyspi(uint32_t spi) 3169 { 3170 SAHTREE_RLOCK_TRACKER; 3171 struct secasvar *sav; 3172 3173 /* Assume SPI is in network byte order */ 3174 SAHTREE_RLOCK(); 3175 LIST_FOREACH(sav, SAVHASH_HASH(spi), spihash) { 3176 if (sav->spi != spi) 3177 continue; 3178 SAV_ADDREF(sav); 3179 break; 3180 } 3181 SAHTREE_RUNLOCK(); 3182 return (sav); 3183 } 3184 3185 static int 3186 key_updatelifetimes(struct secasvar *sav, const struct sadb_msghdr *mhp) 3187 { 3188 struct seclifetime *lft_h, *lft_s, *tmp; 3189 3190 /* Lifetime extension is optional, check that it is present. */ 3191 if (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3192 SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) { 3193 /* 3194 * In case of SADB_UPDATE we may need to change 3195 * existing lifetimes. 3196 */ 3197 if (sav->state == SADB_SASTATE_MATURE) { 3198 lft_h = lft_s = NULL; 3199 goto reset; 3200 } 3201 return (0); 3202 } 3203 /* Both HARD and SOFT extensions must present */ 3204 if ((SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 3205 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 3206 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 3207 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 3208 ipseclog((LOG_DEBUG, 3209 "%s: invalid message: missing required header.\n", 3210 __func__)); 3211 return (EINVAL); 3212 } 3213 if (SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_HARD) || 3214 SADB_CHECKLEN(mhp, SADB_EXT_LIFETIME_SOFT)) { 3215 ipseclog((LOG_DEBUG, 3216 "%s: invalid message: wrong header size.\n", __func__)); 3217 return (EINVAL); 3218 } 3219 lft_h = key_dup_lifemsg((const struct sadb_lifetime *) 3220 mhp->ext[SADB_EXT_LIFETIME_HARD], M_IPSEC_MISC); 3221 if (lft_h == NULL) { 3222 PFKEYSTAT_INC(in_nomem); 3223 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3224 return (ENOBUFS); 3225 } 3226 lft_s = key_dup_lifemsg((const struct sadb_lifetime *) 3227 mhp->ext[SADB_EXT_LIFETIME_SOFT], M_IPSEC_MISC); 3228 if (lft_s == NULL) { 3229 PFKEYSTAT_INC(in_nomem); 3230 free(lft_h, M_IPSEC_MISC); 3231 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3232 return (ENOBUFS); 3233 } 3234 reset: 3235 if (sav->state != SADB_SASTATE_LARVAL) { 3236 /* 3237 * key_update() holds reference to this SA, 3238 * so it won't be deleted in meanwhile. 3239 */ 3240 SECASVAR_LOCK(sav); 3241 tmp = sav->lft_h; 3242 sav->lft_h = lft_h; 3243 lft_h = tmp; 3244 3245 tmp = sav->lft_s; 3246 sav->lft_s = lft_s; 3247 lft_s = tmp; 3248 SECASVAR_UNLOCK(sav); 3249 if (lft_h != NULL) 3250 free(lft_h, M_IPSEC_MISC); 3251 if (lft_s != NULL) 3252 free(lft_s, M_IPSEC_MISC); 3253 return (0); 3254 } 3255 /* We can update lifetime without holding a lock */ 3256 IPSEC_ASSERT(sav->lft_h == NULL, ("lft_h is already initialized\n")); 3257 IPSEC_ASSERT(sav->lft_s == NULL, ("lft_s is already initialized\n")); 3258 sav->lft_h = lft_h; 3259 sav->lft_s = lft_s; 3260 return (0); 3261 } 3262 3263 /* 3264 * copy SA values from PF_KEY message except *SPI, SEQ, PID and TYPE*. 3265 * You must update these if need. Expects only LARVAL SAs. 3266 * OUT: 0: success. 3267 * !0: failure. 3268 */ 3269 static int 3270 key_setsaval(struct secasvar *sav, const struct sadb_msghdr *mhp) 3271 { 3272 const struct sadb_sa *sa0; 3273 const struct sadb_key *key0; 3274 uint32_t replay; 3275 size_t len; 3276 int error; 3277 3278 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 3279 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 3280 IPSEC_ASSERT(sav->state == SADB_SASTATE_LARVAL, 3281 ("Attempt to update non LARVAL SA")); 3282 3283 /* XXX rewrite */ 3284 error = key_setident(sav->sah, mhp); 3285 if (error != 0) 3286 goto fail; 3287 3288 /* SA */ 3289 if (!SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 3290 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 3291 error = EINVAL; 3292 goto fail; 3293 } 3294 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 3295 sav->alg_auth = sa0->sadb_sa_auth; 3296 sav->alg_enc = sa0->sadb_sa_encrypt; 3297 sav->flags = sa0->sadb_sa_flags; 3298 if ((sav->flags & SADB_KEY_FLAGS_MAX) != sav->flags) { 3299 ipseclog((LOG_DEBUG, 3300 "%s: invalid sa_flags 0x%08x.\n", __func__, 3301 sav->flags)); 3302 error = EINVAL; 3303 goto fail; 3304 } 3305 3306 /* Optional replay window */ 3307 replay = 0; 3308 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) 3309 replay = sa0->sadb_sa_replay; 3310 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_SA_REPLAY)) { 3311 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA_REPLAY)) { 3312 error = EINVAL; 3313 goto fail; 3314 } 3315 replay = ((const struct sadb_x_sa_replay *) 3316 mhp->ext[SADB_X_EXT_SA_REPLAY])->sadb_x_sa_replay_replay; 3317 3318 if (replay > UINT32_MAX - 32) { 3319 ipseclog((LOG_DEBUG, 3320 "%s: replay window too big.\n", __func__)); 3321 error = EINVAL; 3322 goto fail; 3323 } 3324 3325 replay = (replay + 7) >> 3; 3326 } 3327 3328 sav->replay = malloc(sizeof(struct secreplay), M_IPSEC_MISC, 3329 M_NOWAIT | M_ZERO); 3330 if (sav->replay == NULL) { 3331 PFKEYSTAT_INC(in_nomem); 3332 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3333 __func__)); 3334 error = ENOBUFS; 3335 goto fail; 3336 } 3337 3338 if (replay != 0) { 3339 /* number of 32b blocks to be allocated */ 3340 uint32_t bitmap_size; 3341 3342 /* RFC 6479: 3343 * - the allocated replay window size must be 3344 * a power of two. 3345 * - use an extra 32b block as a redundant window. 3346 */ 3347 bitmap_size = 1; 3348 while (replay + 4 > bitmap_size) 3349 bitmap_size <<= 1; 3350 bitmap_size = bitmap_size / 4; 3351 3352 sav->replay->bitmap = malloc( 3353 bitmap_size * sizeof(uint32_t), M_IPSEC_MISC, 3354 M_NOWAIT | M_ZERO); 3355 if (sav->replay->bitmap == NULL) { 3356 PFKEYSTAT_INC(in_nomem); 3357 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3358 __func__)); 3359 error = ENOBUFS; 3360 goto fail; 3361 } 3362 sav->replay->bitmap_size = bitmap_size; 3363 sav->replay->wsize = replay; 3364 } 3365 } 3366 3367 /* Authentication keys */ 3368 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 3369 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH)) { 3370 error = EINVAL; 3371 goto fail; 3372 } 3373 error = 0; 3374 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH]; 3375 len = mhp->extlen[SADB_EXT_KEY_AUTH]; 3376 switch (mhp->msg->sadb_msg_satype) { 3377 case SADB_SATYPE_AH: 3378 case SADB_SATYPE_ESP: 3379 case SADB_X_SATYPE_TCPSIGNATURE: 3380 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3381 sav->alg_auth != SADB_X_AALG_NULL) 3382 error = EINVAL; 3383 break; 3384 case SADB_X_SATYPE_IPCOMP: 3385 default: 3386 error = EINVAL; 3387 break; 3388 } 3389 if (error) { 3390 ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n", 3391 __func__)); 3392 goto fail; 3393 } 3394 3395 sav->key_auth = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3396 if (sav->key_auth == NULL ) { 3397 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3398 __func__)); 3399 PFKEYSTAT_INC(in_nomem); 3400 error = ENOBUFS; 3401 goto fail; 3402 } 3403 } 3404 3405 /* Encryption key */ 3406 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) { 3407 if (SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT)) { 3408 error = EINVAL; 3409 goto fail; 3410 } 3411 error = 0; 3412 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT]; 3413 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; 3414 switch (mhp->msg->sadb_msg_satype) { 3415 case SADB_SATYPE_ESP: 3416 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3417 sav->alg_enc != SADB_EALG_NULL) { 3418 error = EINVAL; 3419 break; 3420 } 3421 sav->key_enc = key_dup_keymsg(key0, len, M_IPSEC_MISC); 3422 if (sav->key_enc == NULL) { 3423 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3424 __func__)); 3425 PFKEYSTAT_INC(in_nomem); 3426 error = ENOBUFS; 3427 goto fail; 3428 } 3429 break; 3430 case SADB_X_SATYPE_IPCOMP: 3431 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) 3432 error = EINVAL; 3433 sav->key_enc = NULL; /*just in case*/ 3434 break; 3435 case SADB_SATYPE_AH: 3436 case SADB_X_SATYPE_TCPSIGNATURE: 3437 default: 3438 error = EINVAL; 3439 break; 3440 } 3441 if (error) { 3442 ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n", 3443 __func__)); 3444 goto fail; 3445 } 3446 } 3447 3448 /* set iv */ 3449 sav->ivlen = 0; 3450 switch (mhp->msg->sadb_msg_satype) { 3451 case SADB_SATYPE_AH: 3452 if (sav->flags & SADB_X_EXT_DERIV) { 3453 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3454 "given to AH SA.\n", __func__)); 3455 error = EINVAL; 3456 goto fail; 3457 } 3458 if (sav->alg_enc != SADB_EALG_NONE) { 3459 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3460 "mismated.\n", __func__)); 3461 error = EINVAL; 3462 goto fail; 3463 } 3464 error = xform_init(sav, XF_AH); 3465 break; 3466 case SADB_SATYPE_ESP: 3467 if ((sav->flags & (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) == 3468 (SADB_X_EXT_OLD | SADB_X_EXT_DERIV)) { 3469 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3470 "given to old-esp.\n", __func__)); 3471 error = EINVAL; 3472 goto fail; 3473 } 3474 error = xform_init(sav, XF_ESP); 3475 break; 3476 case SADB_X_SATYPE_IPCOMP: 3477 if (sav->alg_auth != SADB_AALG_NONE) { 3478 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3479 "mismated.\n", __func__)); 3480 error = EINVAL; 3481 goto fail; 3482 } 3483 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 && 3484 ntohl(sav->spi) >= 0x10000) { 3485 ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n", 3486 __func__)); 3487 error = EINVAL; 3488 goto fail; 3489 } 3490 error = xform_init(sav, XF_IPCOMP); 3491 break; 3492 case SADB_X_SATYPE_TCPSIGNATURE: 3493 if (sav->alg_enc != SADB_EALG_NONE) { 3494 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3495 "mismated.\n", __func__)); 3496 error = EINVAL; 3497 goto fail; 3498 } 3499 error = xform_init(sav, XF_TCPSIGNATURE); 3500 break; 3501 default: 3502 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__)); 3503 error = EPROTONOSUPPORT; 3504 goto fail; 3505 } 3506 if (error) { 3507 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n", 3508 __func__, mhp->msg->sadb_msg_satype)); 3509 goto fail; 3510 } 3511 3512 /* Handle NAT-T headers */ 3513 error = key_setnatt(sav, mhp); 3514 if (error != 0) 3515 goto fail; 3516 3517 /* Initialize lifetime for CURRENT */ 3518 sav->firstused = 0; 3519 sav->created = time_second; 3520 3521 /* lifetimes for HARD and SOFT */ 3522 error = key_updatelifetimes(sav, mhp); 3523 if (error == 0) 3524 return (0); 3525 fail: 3526 key_cleansav(sav); 3527 return (error); 3528 } 3529 3530 /* 3531 * subroutine for SADB_GET and SADB_DUMP. 3532 */ 3533 static struct mbuf * 3534 key_setdumpsa(struct secasvar *sav, uint8_t type, uint8_t satype, 3535 uint32_t seq, uint32_t pid) 3536 { 3537 struct seclifetime lft_c; 3538 struct mbuf *result = NULL, *tres = NULL, *m; 3539 int i, dumporder[] = { 3540 SADB_EXT_SA, SADB_X_EXT_SA2, SADB_X_EXT_SA_REPLAY, 3541 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 3542 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, 3543 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, 3544 SADB_EXT_KEY_AUTH, SADB_EXT_KEY_ENCRYPT, 3545 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 3546 SADB_EXT_SENSITIVITY, 3547 SADB_X_EXT_NAT_T_TYPE, 3548 SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, 3549 SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, 3550 SADB_X_EXT_NAT_T_FRAG, 3551 }; 3552 uint32_t replay_count; 3553 3554 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); 3555 if (m == NULL) 3556 goto fail; 3557 result = m; 3558 3559 for (i = nitems(dumporder) - 1; i >= 0; i--) { 3560 m = NULL; 3561 switch (dumporder[i]) { 3562 case SADB_EXT_SA: 3563 m = key_setsadbsa(sav); 3564 if (!m) 3565 goto fail; 3566 break; 3567 3568 case SADB_X_EXT_SA2: 3569 SECASVAR_LOCK(sav); 3570 replay_count = sav->replay ? sav->replay->count : 0; 3571 SECASVAR_UNLOCK(sav); 3572 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 3573 sav->sah->saidx.reqid); 3574 if (!m) 3575 goto fail; 3576 break; 3577 3578 case SADB_X_EXT_SA_REPLAY: 3579 if (sav->replay == NULL || 3580 sav->replay->wsize <= UINT8_MAX) 3581 continue; 3582 3583 m = key_setsadbxsareplay(sav->replay->wsize); 3584 if (!m) 3585 goto fail; 3586 break; 3587 3588 case SADB_EXT_ADDRESS_SRC: 3589 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3590 &sav->sah->saidx.src.sa, 3591 FULLMASK, IPSEC_ULPROTO_ANY); 3592 if (!m) 3593 goto fail; 3594 break; 3595 3596 case SADB_EXT_ADDRESS_DST: 3597 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3598 &sav->sah->saidx.dst.sa, 3599 FULLMASK, IPSEC_ULPROTO_ANY); 3600 if (!m) 3601 goto fail; 3602 break; 3603 3604 case SADB_EXT_KEY_AUTH: 3605 if (!sav->key_auth) 3606 continue; 3607 m = key_setkey(sav->key_auth, SADB_EXT_KEY_AUTH); 3608 if (!m) 3609 goto fail; 3610 break; 3611 3612 case SADB_EXT_KEY_ENCRYPT: 3613 if (!sav->key_enc) 3614 continue; 3615 m = key_setkey(sav->key_enc, SADB_EXT_KEY_ENCRYPT); 3616 if (!m) 3617 goto fail; 3618 break; 3619 3620 case SADB_EXT_LIFETIME_CURRENT: 3621 lft_c.addtime = sav->created; 3622 lft_c.allocations = (uint32_t)counter_u64_fetch( 3623 sav->lft_c_allocations); 3624 lft_c.bytes = counter_u64_fetch(sav->lft_c_bytes); 3625 lft_c.usetime = sav->firstused; 3626 m = key_setlifetime(&lft_c, SADB_EXT_LIFETIME_CURRENT); 3627 if (!m) 3628 goto fail; 3629 break; 3630 3631 case SADB_EXT_LIFETIME_HARD: 3632 if (!sav->lft_h) 3633 continue; 3634 m = key_setlifetime(sav->lft_h, 3635 SADB_EXT_LIFETIME_HARD); 3636 if (!m) 3637 goto fail; 3638 break; 3639 3640 case SADB_EXT_LIFETIME_SOFT: 3641 if (!sav->lft_s) 3642 continue; 3643 m = key_setlifetime(sav->lft_s, 3644 SADB_EXT_LIFETIME_SOFT); 3645 3646 if (!m) 3647 goto fail; 3648 break; 3649 3650 case SADB_X_EXT_NAT_T_TYPE: 3651 if (sav->natt == NULL) 3652 continue; 3653 m = key_setsadbxtype(UDP_ENCAP_ESPINUDP); 3654 if (!m) 3655 goto fail; 3656 break; 3657 3658 case SADB_X_EXT_NAT_T_DPORT: 3659 if (sav->natt == NULL) 3660 continue; 3661 m = key_setsadbxport(sav->natt->dport, 3662 SADB_X_EXT_NAT_T_DPORT); 3663 if (!m) 3664 goto fail; 3665 break; 3666 3667 case SADB_X_EXT_NAT_T_SPORT: 3668 if (sav->natt == NULL) 3669 continue; 3670 m = key_setsadbxport(sav->natt->sport, 3671 SADB_X_EXT_NAT_T_SPORT); 3672 if (!m) 3673 goto fail; 3674 break; 3675 3676 case SADB_X_EXT_NAT_T_OAI: 3677 if (sav->natt == NULL || 3678 (sav->natt->flags & IPSEC_NATT_F_OAI) == 0) 3679 continue; 3680 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAI, 3681 &sav->natt->oai.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3682 if (!m) 3683 goto fail; 3684 break; 3685 case SADB_X_EXT_NAT_T_OAR: 3686 if (sav->natt == NULL || 3687 (sav->natt->flags & IPSEC_NATT_F_OAR) == 0) 3688 continue; 3689 m = key_setsadbaddr(SADB_X_EXT_NAT_T_OAR, 3690 &sav->natt->oar.sa, FULLMASK, IPSEC_ULPROTO_ANY); 3691 if (!m) 3692 goto fail; 3693 break; 3694 case SADB_X_EXT_NAT_T_FRAG: 3695 /* We do not (yet) support those. */ 3696 continue; 3697 3698 case SADB_EXT_ADDRESS_PROXY: 3699 case SADB_EXT_IDENTITY_SRC: 3700 case SADB_EXT_IDENTITY_DST: 3701 /* XXX: should we brought from SPD ? */ 3702 case SADB_EXT_SENSITIVITY: 3703 default: 3704 continue; 3705 } 3706 3707 if (!m) 3708 goto fail; 3709 if (tres) 3710 m_cat(m, tres); 3711 tres = m; 3712 } 3713 3714 m_cat(result, tres); 3715 tres = NULL; 3716 if (result->m_len < sizeof(struct sadb_msg)) { 3717 result = m_pullup(result, sizeof(struct sadb_msg)); 3718 if (result == NULL) 3719 goto fail; 3720 } 3721 3722 result->m_pkthdr.len = 0; 3723 for (m = result; m; m = m->m_next) 3724 result->m_pkthdr.len += m->m_len; 3725 3726 mtod(result, struct sadb_msg *)->sadb_msg_len = 3727 PFKEY_UNIT64(result->m_pkthdr.len); 3728 3729 return result; 3730 3731 fail: 3732 m_freem(result); 3733 m_freem(tres); 3734 return NULL; 3735 } 3736 3737 /* 3738 * set data into sadb_msg. 3739 */ 3740 static struct mbuf * 3741 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq, 3742 pid_t pid, u_int16_t reserved) 3743 { 3744 struct mbuf *m; 3745 struct sadb_msg *p; 3746 int len; 3747 3748 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 3749 if (len > MCLBYTES) 3750 return NULL; 3751 MGETHDR(m, M_NOWAIT, MT_DATA); 3752 if (m && len > MHLEN) { 3753 if (!(MCLGET(m, M_NOWAIT))) { 3754 m_freem(m); 3755 m = NULL; 3756 } 3757 } 3758 if (!m) 3759 return NULL; 3760 m->m_pkthdr.len = m->m_len = len; 3761 m->m_next = NULL; 3762 3763 p = mtod(m, struct sadb_msg *); 3764 3765 bzero(p, len); 3766 p->sadb_msg_version = PF_KEY_V2; 3767 p->sadb_msg_type = type; 3768 p->sadb_msg_errno = 0; 3769 p->sadb_msg_satype = satype; 3770 p->sadb_msg_len = PFKEY_UNIT64(tlen); 3771 p->sadb_msg_reserved = reserved; 3772 p->sadb_msg_seq = seq; 3773 p->sadb_msg_pid = (u_int32_t)pid; 3774 3775 return m; 3776 } 3777 3778 /* 3779 * copy secasvar data into sadb_address. 3780 */ 3781 static struct mbuf * 3782 key_setsadbsa(struct secasvar *sav) 3783 { 3784 struct mbuf *m; 3785 struct sadb_sa *p; 3786 int len; 3787 3788 len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); 3789 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3790 if (m == NULL) 3791 return (NULL); 3792 m_align(m, len); 3793 m->m_len = len; 3794 p = mtod(m, struct sadb_sa *); 3795 bzero(p, len); 3796 p->sadb_sa_len = PFKEY_UNIT64(len); 3797 p->sadb_sa_exttype = SADB_EXT_SA; 3798 p->sadb_sa_spi = sav->spi; 3799 p->sadb_sa_replay = sav->replay ? 3800 (sav->replay->wsize > UINT8_MAX ? UINT8_MAX : 3801 sav->replay->wsize): 0; 3802 p->sadb_sa_state = sav->state; 3803 p->sadb_sa_auth = sav->alg_auth; 3804 p->sadb_sa_encrypt = sav->alg_enc; 3805 p->sadb_sa_flags = sav->flags & SADB_KEY_FLAGS_MAX; 3806 return (m); 3807 } 3808 3809 /* 3810 * set data into sadb_address. 3811 */ 3812 static struct mbuf * 3813 key_setsadbaddr(u_int16_t exttype, const struct sockaddr *saddr, 3814 u_int8_t prefixlen, u_int16_t ul_proto) 3815 { 3816 struct mbuf *m; 3817 struct sadb_address *p; 3818 size_t len; 3819 3820 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + 3821 PFKEY_ALIGN8(saddr->sa_len); 3822 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3823 if (m == NULL) 3824 return (NULL); 3825 m_align(m, len); 3826 m->m_len = len; 3827 p = mtod(m, struct sadb_address *); 3828 3829 bzero(p, len); 3830 p->sadb_address_len = PFKEY_UNIT64(len); 3831 p->sadb_address_exttype = exttype; 3832 p->sadb_address_proto = ul_proto; 3833 if (prefixlen == FULLMASK) { 3834 switch (saddr->sa_family) { 3835 case AF_INET: 3836 prefixlen = sizeof(struct in_addr) << 3; 3837 break; 3838 case AF_INET6: 3839 prefixlen = sizeof(struct in6_addr) << 3; 3840 break; 3841 default: 3842 ; /*XXX*/ 3843 } 3844 } 3845 p->sadb_address_prefixlen = prefixlen; 3846 p->sadb_address_reserved = 0; 3847 3848 bcopy(saddr, 3849 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)), 3850 saddr->sa_len); 3851 3852 return m; 3853 } 3854 3855 /* 3856 * set data into sadb_x_sa2. 3857 */ 3858 static struct mbuf * 3859 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int32_t reqid) 3860 { 3861 struct mbuf *m; 3862 struct sadb_x_sa2 *p; 3863 size_t len; 3864 3865 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); 3866 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3867 if (m == NULL) 3868 return (NULL); 3869 m_align(m, len); 3870 m->m_len = len; 3871 p = mtod(m, struct sadb_x_sa2 *); 3872 3873 bzero(p, len); 3874 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 3875 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 3876 p->sadb_x_sa2_mode = mode; 3877 p->sadb_x_sa2_reserved1 = 0; 3878 p->sadb_x_sa2_reserved2 = 0; 3879 p->sadb_x_sa2_sequence = seq; 3880 p->sadb_x_sa2_reqid = reqid; 3881 3882 return m; 3883 } 3884 3885 /* 3886 * Set data into sadb_x_sa_replay. 3887 */ 3888 static struct mbuf * 3889 key_setsadbxsareplay(u_int32_t replay) 3890 { 3891 struct mbuf *m; 3892 struct sadb_x_sa_replay *p; 3893 size_t len; 3894 3895 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa_replay)); 3896 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3897 if (m == NULL) 3898 return (NULL); 3899 m_align(m, len); 3900 m->m_len = len; 3901 p = mtod(m, struct sadb_x_sa_replay *); 3902 3903 bzero(p, len); 3904 p->sadb_x_sa_replay_len = PFKEY_UNIT64(len); 3905 p->sadb_x_sa_replay_exttype = SADB_X_EXT_SA_REPLAY; 3906 p->sadb_x_sa_replay_replay = (replay << 3); 3907 3908 return m; 3909 } 3910 3911 /* 3912 * Set a type in sadb_x_nat_t_type. 3913 */ 3914 static struct mbuf * 3915 key_setsadbxtype(u_int16_t type) 3916 { 3917 struct mbuf *m; 3918 size_t len; 3919 struct sadb_x_nat_t_type *p; 3920 3921 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type)); 3922 3923 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3924 if (m == NULL) 3925 return (NULL); 3926 m_align(m, len); 3927 m->m_len = len; 3928 p = mtod(m, struct sadb_x_nat_t_type *); 3929 3930 bzero(p, len); 3931 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len); 3932 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE; 3933 p->sadb_x_nat_t_type_type = type; 3934 3935 return (m); 3936 } 3937 /* 3938 * Set a port in sadb_x_nat_t_port. 3939 * In contrast to default RFC 2367 behaviour, port is in network byte order. 3940 */ 3941 static struct mbuf * 3942 key_setsadbxport(u_int16_t port, u_int16_t type) 3943 { 3944 struct mbuf *m; 3945 size_t len; 3946 struct sadb_x_nat_t_port *p; 3947 3948 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port)); 3949 3950 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 3951 if (m == NULL) 3952 return (NULL); 3953 m_align(m, len); 3954 m->m_len = len; 3955 p = mtod(m, struct sadb_x_nat_t_port *); 3956 3957 bzero(p, len); 3958 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len); 3959 p->sadb_x_nat_t_port_exttype = type; 3960 p->sadb_x_nat_t_port_port = port; 3961 3962 return (m); 3963 } 3964 3965 /* 3966 * Get port from sockaddr. Port is in network byte order. 3967 */ 3968 uint16_t 3969 key_portfromsaddr(struct sockaddr *sa) 3970 { 3971 3972 switch (sa->sa_family) { 3973 #ifdef INET 3974 case AF_INET: 3975 return ((struct sockaddr_in *)sa)->sin_port; 3976 #endif 3977 #ifdef INET6 3978 case AF_INET6: 3979 return ((struct sockaddr_in6 *)sa)->sin6_port; 3980 #endif 3981 } 3982 return (0); 3983 } 3984 3985 /* 3986 * Set port in struct sockaddr. Port is in network byte order. 3987 */ 3988 void 3989 key_porttosaddr(struct sockaddr *sa, uint16_t port) 3990 { 3991 3992 switch (sa->sa_family) { 3993 #ifdef INET 3994 case AF_INET: 3995 ((struct sockaddr_in *)sa)->sin_port = port; 3996 break; 3997 #endif 3998 #ifdef INET6 3999 case AF_INET6: 4000 ((struct sockaddr_in6 *)sa)->sin6_port = port; 4001 break; 4002 #endif 4003 default: 4004 ipseclog((LOG_DEBUG, "%s: unexpected address family %d.\n", 4005 __func__, sa->sa_family)); 4006 break; 4007 } 4008 } 4009 4010 /* 4011 * set data into sadb_x_policy 4012 */ 4013 static struct mbuf * 4014 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id, u_int32_t priority) 4015 { 4016 struct mbuf *m; 4017 struct sadb_x_policy *p; 4018 size_t len; 4019 4020 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); 4021 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 4022 if (m == NULL) 4023 return (NULL); 4024 m_align(m, len); 4025 m->m_len = len; 4026 p = mtod(m, struct sadb_x_policy *); 4027 4028 bzero(p, len); 4029 p->sadb_x_policy_len = PFKEY_UNIT64(len); 4030 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 4031 p->sadb_x_policy_type = type; 4032 p->sadb_x_policy_dir = dir; 4033 p->sadb_x_policy_id = id; 4034 p->sadb_x_policy_priority = priority; 4035 4036 return m; 4037 } 4038 4039 /* %%% utilities */ 4040 /* Take a key message (sadb_key) from the socket and turn it into one 4041 * of the kernel's key structures (seckey). 4042 * 4043 * IN: pointer to the src 4044 * OUT: NULL no more memory 4045 */ 4046 struct seckey * 4047 key_dup_keymsg(const struct sadb_key *src, size_t len, 4048 struct malloc_type *type) 4049 { 4050 struct seckey *dst; 4051 4052 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4053 if (dst != NULL) { 4054 dst->bits = src->sadb_key_bits; 4055 dst->key_data = malloc(len, type, M_NOWAIT); 4056 if (dst->key_data != NULL) { 4057 bcopy((const char *)(src + 1), dst->key_data, len); 4058 } else { 4059 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4060 __func__)); 4061 free(dst, type); 4062 dst = NULL; 4063 } 4064 } else { 4065 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 4066 __func__)); 4067 } 4068 return (dst); 4069 } 4070 4071 /* Take a lifetime message (sadb_lifetime) passed in on a socket and 4072 * turn it into one of the kernel's lifetime structures (seclifetime). 4073 * 4074 * IN: pointer to the destination, source and malloc type 4075 * OUT: NULL, no more memory 4076 */ 4077 4078 static struct seclifetime * 4079 key_dup_lifemsg(const struct sadb_lifetime *src, struct malloc_type *type) 4080 { 4081 struct seclifetime *dst; 4082 4083 dst = malloc(sizeof(*dst), type, M_NOWAIT); 4084 if (dst == NULL) { 4085 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 4086 return (NULL); 4087 } 4088 dst->allocations = src->sadb_lifetime_allocations; 4089 dst->bytes = src->sadb_lifetime_bytes; 4090 dst->addtime = src->sadb_lifetime_addtime; 4091 dst->usetime = src->sadb_lifetime_usetime; 4092 return (dst); 4093 } 4094 4095 /* 4096 * compare two secasindex structure. 4097 * flag can specify to compare 2 saidxes. 4098 * compare two secasindex structure without both mode and reqid. 4099 * don't compare port. 4100 * IN: 4101 * saidx0: source, it can be in SAD. 4102 * saidx1: object. 4103 * OUT: 4104 * 1 : equal 4105 * 0 : not equal 4106 */ 4107 static int 4108 key_cmpsaidx(const struct secasindex *saidx0, const struct secasindex *saidx1, 4109 int flag) 4110 { 4111 4112 /* sanity */ 4113 if (saidx0 == NULL && saidx1 == NULL) 4114 return 1; 4115 4116 if (saidx0 == NULL || saidx1 == NULL) 4117 return 0; 4118 4119 if (saidx0->proto != saidx1->proto) 4120 return 0; 4121 4122 if (flag == CMP_EXACTLY) { 4123 if (saidx0->mode != saidx1->mode) 4124 return 0; 4125 if (saidx0->reqid != saidx1->reqid) 4126 return 0; 4127 if (bcmp(&saidx0->src, &saidx1->src, 4128 saidx0->src.sa.sa_len) != 0 || 4129 bcmp(&saidx0->dst, &saidx1->dst, 4130 saidx0->dst.sa.sa_len) != 0) 4131 return 0; 4132 } else { 4133 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */ 4134 if (flag == CMP_MODE_REQID || flag == CMP_REQID) { 4135 /* 4136 * If reqid of SPD is non-zero, unique SA is required. 4137 * The result must be of same reqid in this case. 4138 */ 4139 if (saidx1->reqid != 0 && 4140 saidx0->reqid != saidx1->reqid) 4141 return 0; 4142 } 4143 4144 if (flag == CMP_MODE_REQID) { 4145 if (saidx0->mode != IPSEC_MODE_ANY 4146 && saidx0->mode != saidx1->mode) 4147 return 0; 4148 } 4149 4150 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, 0) != 0) 4151 return 0; 4152 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, 0) != 0) 4153 return 0; 4154 } 4155 4156 return 1; 4157 } 4158 4159 /* 4160 * compare two secindex structure exactly. 4161 * IN: 4162 * spidx0: source, it is often in SPD. 4163 * spidx1: object, it is often from PFKEY message. 4164 * OUT: 4165 * 1 : equal 4166 * 0 : not equal 4167 */ 4168 static int 4169 key_cmpspidx_exactly(struct secpolicyindex *spidx0, 4170 struct secpolicyindex *spidx1) 4171 { 4172 /* sanity */ 4173 if (spidx0 == NULL && spidx1 == NULL) 4174 return 1; 4175 4176 if (spidx0 == NULL || spidx1 == NULL) 4177 return 0; 4178 4179 if (spidx0->prefs != spidx1->prefs 4180 || spidx0->prefd != spidx1->prefd 4181 || spidx0->ul_proto != spidx1->ul_proto 4182 || spidx0->dir != spidx1->dir) 4183 return 0; 4184 4185 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 && 4186 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0; 4187 } 4188 4189 /* 4190 * compare two secindex structure with mask. 4191 * IN: 4192 * spidx0: source, it is often in SPD. 4193 * spidx1: object, it is often from IP header. 4194 * OUT: 4195 * 1 : equal 4196 * 0 : not equal 4197 */ 4198 static int 4199 key_cmpspidx_withmask(struct secpolicyindex *spidx0, 4200 struct secpolicyindex *spidx1) 4201 { 4202 /* sanity */ 4203 if (spidx0 == NULL && spidx1 == NULL) 4204 return 1; 4205 4206 if (spidx0 == NULL || spidx1 == NULL) 4207 return 0; 4208 4209 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family || 4210 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family || 4211 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len || 4212 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) 4213 return 0; 4214 4215 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ 4216 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY 4217 && spidx0->ul_proto != spidx1->ul_proto) 4218 return 0; 4219 4220 switch (spidx0->src.sa.sa_family) { 4221 case AF_INET: 4222 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY 4223 && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) 4224 return 0; 4225 if (!key_bbcmp(&spidx0->src.sin.sin_addr, 4226 &spidx1->src.sin.sin_addr, spidx0->prefs)) 4227 return 0; 4228 break; 4229 case AF_INET6: 4230 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY 4231 && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) 4232 return 0; 4233 /* 4234 * scope_id check. if sin6_scope_id is 0, we regard it 4235 * as a wildcard scope, which matches any scope zone ID. 4236 */ 4237 if (spidx0->src.sin6.sin6_scope_id && 4238 spidx1->src.sin6.sin6_scope_id && 4239 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) 4240 return 0; 4241 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr, 4242 &spidx1->src.sin6.sin6_addr, spidx0->prefs)) 4243 return 0; 4244 break; 4245 default: 4246 /* XXX */ 4247 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) 4248 return 0; 4249 break; 4250 } 4251 4252 switch (spidx0->dst.sa.sa_family) { 4253 case AF_INET: 4254 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY 4255 && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) 4256 return 0; 4257 if (!key_bbcmp(&spidx0->dst.sin.sin_addr, 4258 &spidx1->dst.sin.sin_addr, spidx0->prefd)) 4259 return 0; 4260 break; 4261 case AF_INET6: 4262 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY 4263 && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) 4264 return 0; 4265 /* 4266 * scope_id check. if sin6_scope_id is 0, we regard it 4267 * as a wildcard scope, which matches any scope zone ID. 4268 */ 4269 if (spidx0->dst.sin6.sin6_scope_id && 4270 spidx1->dst.sin6.sin6_scope_id && 4271 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) 4272 return 0; 4273 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr, 4274 &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) 4275 return 0; 4276 break; 4277 default: 4278 /* XXX */ 4279 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) 4280 return 0; 4281 break; 4282 } 4283 4284 /* XXX Do we check other field ? e.g. flowinfo */ 4285 4286 return 1; 4287 } 4288 4289 #ifdef satosin 4290 #undef satosin 4291 #endif 4292 #define satosin(s) ((const struct sockaddr_in *)s) 4293 #ifdef satosin6 4294 #undef satosin6 4295 #endif 4296 #define satosin6(s) ((const struct sockaddr_in6 *)s) 4297 /* returns 0 on match */ 4298 int 4299 key_sockaddrcmp(const struct sockaddr *sa1, const struct sockaddr *sa2, 4300 int port) 4301 { 4302 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4303 return 1; 4304 4305 switch (sa1->sa_family) { 4306 #ifdef INET 4307 case AF_INET: 4308 if (sa1->sa_len != sizeof(struct sockaddr_in)) 4309 return 1; 4310 if (satosin(sa1)->sin_addr.s_addr != 4311 satosin(sa2)->sin_addr.s_addr) { 4312 return 1; 4313 } 4314 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port) 4315 return 1; 4316 break; 4317 #endif 4318 #ifdef INET6 4319 case AF_INET6: 4320 if (sa1->sa_len != sizeof(struct sockaddr_in6)) 4321 return 1; /*EINVAL*/ 4322 if (satosin6(sa1)->sin6_scope_id != 4323 satosin6(sa2)->sin6_scope_id) { 4324 return 1; 4325 } 4326 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr, 4327 &satosin6(sa2)->sin6_addr)) { 4328 return 1; 4329 } 4330 if (port && 4331 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) { 4332 return 1; 4333 } 4334 break; 4335 #endif 4336 default: 4337 if (bcmp(sa1, sa2, sa1->sa_len) != 0) 4338 return 1; 4339 break; 4340 } 4341 4342 return 0; 4343 } 4344 4345 /* returns 0 on match */ 4346 int 4347 key_sockaddrcmp_withmask(const struct sockaddr *sa1, 4348 const struct sockaddr *sa2, size_t mask) 4349 { 4350 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 4351 return (1); 4352 4353 switch (sa1->sa_family) { 4354 #ifdef INET 4355 case AF_INET: 4356 return (!key_bbcmp(&satosin(sa1)->sin_addr, 4357 &satosin(sa2)->sin_addr, mask)); 4358 #endif 4359 #ifdef INET6 4360 case AF_INET6: 4361 if (satosin6(sa1)->sin6_scope_id != 4362 satosin6(sa2)->sin6_scope_id) 4363 return (1); 4364 return (!key_bbcmp(&satosin6(sa1)->sin6_addr, 4365 &satosin6(sa2)->sin6_addr, mask)); 4366 #endif 4367 } 4368 return (1); 4369 } 4370 #undef satosin 4371 #undef satosin6 4372 4373 /* 4374 * compare two buffers with mask. 4375 * IN: 4376 * addr1: source 4377 * addr2: object 4378 * bits: Number of bits to compare 4379 * OUT: 4380 * 1 : equal 4381 * 0 : not equal 4382 */ 4383 static int 4384 key_bbcmp(const void *a1, const void *a2, u_int bits) 4385 { 4386 const unsigned char *p1 = a1; 4387 const unsigned char *p2 = a2; 4388 4389 /* XXX: This could be considerably faster if we compare a word 4390 * at a time, but it is complicated on LSB Endian machines */ 4391 4392 /* Handle null pointers */ 4393 if (p1 == NULL || p2 == NULL) 4394 return (p1 == p2); 4395 4396 while (bits >= 8) { 4397 if (*p1++ != *p2++) 4398 return 0; 4399 bits -= 8; 4400 } 4401 4402 if (bits > 0) { 4403 u_int8_t mask = ~((1<<(8-bits))-1); 4404 if ((*p1 & mask) != (*p2 & mask)) 4405 return 0; 4406 } 4407 return 1; /* Match! */ 4408 } 4409 4410 static void 4411 key_flush_spd(time_t now) 4412 { 4413 SPTREE_RLOCK_TRACKER; 4414 struct secpolicy_list drainq; 4415 struct secpolicy *sp, *nextsp; 4416 u_int dir; 4417 4418 LIST_INIT(&drainq); 4419 SPTREE_RLOCK(); 4420 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 4421 TAILQ_FOREACH(sp, &V_sptree[dir], chain) { 4422 if (sp->lifetime == 0 && sp->validtime == 0) 4423 continue; 4424 if ((sp->lifetime && 4425 now - sp->created > sp->lifetime) || 4426 (sp->validtime && 4427 now - sp->lastused > sp->validtime)) { 4428 /* Hold extra reference to send SPDEXPIRE */ 4429 SP_ADDREF(sp); 4430 LIST_INSERT_HEAD(&drainq, sp, drainq); 4431 } 4432 } 4433 } 4434 SPTREE_RUNLOCK(); 4435 if (LIST_EMPTY(&drainq)) 4436 return; 4437 4438 SPTREE_WLOCK(); 4439 sp = LIST_FIRST(&drainq); 4440 while (sp != NULL) { 4441 nextsp = LIST_NEXT(sp, drainq); 4442 /* Check that SP is still linked */ 4443 if (sp->state != IPSEC_SPSTATE_ALIVE) { 4444 LIST_REMOVE(sp, drainq); 4445 key_freesp(&sp); /* release extra reference */ 4446 sp = nextsp; 4447 continue; 4448 } 4449 TAILQ_REMOVE(&V_sptree[sp->spidx.dir], sp, chain); 4450 V_spd_size--; 4451 LIST_REMOVE(sp, idhash); 4452 sp->state = IPSEC_SPSTATE_DEAD; 4453 sp = nextsp; 4454 } 4455 V_sp_genid++; 4456 SPTREE_WUNLOCK(); 4457 if (SPDCACHE_ENABLED()) 4458 spdcache_clear(); 4459 4460 sp = LIST_FIRST(&drainq); 4461 while (sp != NULL) { 4462 nextsp = LIST_NEXT(sp, drainq); 4463 key_spdexpire(sp); 4464 key_freesp(&sp); /* release extra reference */ 4465 key_freesp(&sp); /* release last reference */ 4466 sp = nextsp; 4467 } 4468 } 4469 4470 static void 4471 key_flush_sad(time_t now) 4472 { 4473 SAHTREE_RLOCK_TRACKER; 4474 struct secashead_list emptyq; 4475 struct secasvar_list drainq, hexpireq, sexpireq, freeq; 4476 struct secashead *sah, *nextsah; 4477 struct secasvar *sav, *nextsav; 4478 4479 LIST_INIT(&drainq); 4480 LIST_INIT(&hexpireq); 4481 LIST_INIT(&sexpireq); 4482 LIST_INIT(&emptyq); 4483 4484 SAHTREE_RLOCK(); 4485 TAILQ_FOREACH(sah, &V_sahtree, chain) { 4486 /* Check for empty SAH */ 4487 if (TAILQ_EMPTY(&sah->savtree_larval) && 4488 TAILQ_EMPTY(&sah->savtree_alive)) { 4489 SAH_ADDREF(sah); 4490 LIST_INSERT_HEAD(&emptyq, sah, drainq); 4491 continue; 4492 } 4493 /* Add all stale LARVAL SAs into drainq */ 4494 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 4495 if (now - sav->created < V_key_larval_lifetime) 4496 continue; 4497 SAV_ADDREF(sav); 4498 LIST_INSERT_HEAD(&drainq, sav, drainq); 4499 } 4500 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 4501 /* lifetimes aren't specified */ 4502 if (sav->lft_h == NULL) 4503 continue; 4504 SECASVAR_LOCK(sav); 4505 /* 4506 * Check again with lock held, because it may 4507 * be updated by SADB_UPDATE. 4508 */ 4509 if (sav->lft_h == NULL) { 4510 SECASVAR_UNLOCK(sav); 4511 continue; 4512 } 4513 /* 4514 * RFC 2367: 4515 * HARD lifetimes MUST take precedence over SOFT 4516 * lifetimes, meaning if the HARD and SOFT lifetimes 4517 * are the same, the HARD lifetime will appear on the 4518 * EXPIRE message. 4519 */ 4520 /* check HARD lifetime */ 4521 if ((sav->lft_h->addtime != 0 && 4522 now - sav->created > sav->lft_h->addtime) || 4523 (sav->lft_h->usetime != 0 && sav->firstused && 4524 now - sav->firstused > sav->lft_h->usetime) || 4525 (sav->lft_h->bytes != 0 && counter_u64_fetch( 4526 sav->lft_c_bytes) > sav->lft_h->bytes)) { 4527 SECASVAR_UNLOCK(sav); 4528 SAV_ADDREF(sav); 4529 LIST_INSERT_HEAD(&hexpireq, sav, drainq); 4530 continue; 4531 } 4532 /* check SOFT lifetime (only for MATURE SAs) */ 4533 if (sav->state == SADB_SASTATE_MATURE && ( 4534 (sav->lft_s->addtime != 0 && 4535 now - sav->created > sav->lft_s->addtime) || 4536 (sav->lft_s->usetime != 0 && sav->firstused && 4537 now - sav->firstused > sav->lft_s->usetime) || 4538 (sav->lft_s->bytes != 0 && counter_u64_fetch( 4539 sav->lft_c_bytes) > sav->lft_s->bytes))) { 4540 SECASVAR_UNLOCK(sav); 4541 SAV_ADDREF(sav); 4542 LIST_INSERT_HEAD(&sexpireq, sav, drainq); 4543 continue; 4544 } 4545 SECASVAR_UNLOCK(sav); 4546 } 4547 } 4548 SAHTREE_RUNLOCK(); 4549 4550 if (LIST_EMPTY(&emptyq) && LIST_EMPTY(&drainq) && 4551 LIST_EMPTY(&hexpireq) && LIST_EMPTY(&sexpireq)) 4552 return; 4553 4554 LIST_INIT(&freeq); 4555 SAHTREE_WLOCK(); 4556 /* Unlink stale LARVAL SAs */ 4557 sav = LIST_FIRST(&drainq); 4558 while (sav != NULL) { 4559 nextsav = LIST_NEXT(sav, drainq); 4560 /* Check that SA is still LARVAL */ 4561 if (sav->state != SADB_SASTATE_LARVAL) { 4562 LIST_REMOVE(sav, drainq); 4563 LIST_INSERT_HEAD(&freeq, sav, drainq); 4564 sav = nextsav; 4565 continue; 4566 } 4567 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 4568 LIST_REMOVE(sav, spihash); 4569 sav->state = SADB_SASTATE_DEAD; 4570 sav = nextsav; 4571 } 4572 /* Unlink all SAs with expired HARD lifetime */ 4573 sav = LIST_FIRST(&hexpireq); 4574 while (sav != NULL) { 4575 nextsav = LIST_NEXT(sav, drainq); 4576 /* Check that SA is not unlinked */ 4577 if (sav->state == SADB_SASTATE_DEAD) { 4578 LIST_REMOVE(sav, drainq); 4579 LIST_INSERT_HEAD(&freeq, sav, drainq); 4580 sav = nextsav; 4581 continue; 4582 } 4583 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 4584 LIST_REMOVE(sav, spihash); 4585 sav->state = SADB_SASTATE_DEAD; 4586 sav = nextsav; 4587 } 4588 /* Mark all SAs with expired SOFT lifetime as DYING */ 4589 sav = LIST_FIRST(&sexpireq); 4590 while (sav != NULL) { 4591 nextsav = LIST_NEXT(sav, drainq); 4592 /* Check that SA is not unlinked */ 4593 if (sav->state == SADB_SASTATE_DEAD) { 4594 LIST_REMOVE(sav, drainq); 4595 LIST_INSERT_HEAD(&freeq, sav, drainq); 4596 sav = nextsav; 4597 continue; 4598 } 4599 /* 4600 * NOTE: this doesn't change SA order in the chain. 4601 */ 4602 sav->state = SADB_SASTATE_DYING; 4603 sav = nextsav; 4604 } 4605 /* Unlink empty SAHs */ 4606 sah = LIST_FIRST(&emptyq); 4607 while (sah != NULL) { 4608 nextsah = LIST_NEXT(sah, drainq); 4609 /* Check that SAH is still empty and not unlinked */ 4610 if (sah->state == SADB_SASTATE_DEAD || 4611 !TAILQ_EMPTY(&sah->savtree_larval) || 4612 !TAILQ_EMPTY(&sah->savtree_alive)) { 4613 LIST_REMOVE(sah, drainq); 4614 key_freesah(&sah); /* release extra reference */ 4615 sah = nextsah; 4616 continue; 4617 } 4618 TAILQ_REMOVE(&V_sahtree, sah, chain); 4619 LIST_REMOVE(sah, addrhash); 4620 sah->state = SADB_SASTATE_DEAD; 4621 sah = nextsah; 4622 } 4623 SAHTREE_WUNLOCK(); 4624 4625 /* Send SPDEXPIRE messages */ 4626 sav = LIST_FIRST(&hexpireq); 4627 while (sav != NULL) { 4628 nextsav = LIST_NEXT(sav, drainq); 4629 key_expire(sav, 1); 4630 key_freesah(&sav->sah); /* release reference from SAV */ 4631 key_freesav(&sav); /* release extra reference */ 4632 key_freesav(&sav); /* release last reference */ 4633 sav = nextsav; 4634 } 4635 sav = LIST_FIRST(&sexpireq); 4636 while (sav != NULL) { 4637 nextsav = LIST_NEXT(sav, drainq); 4638 key_expire(sav, 0); 4639 key_freesav(&sav); /* release extra reference */ 4640 sav = nextsav; 4641 } 4642 /* Free stale LARVAL SAs */ 4643 sav = LIST_FIRST(&drainq); 4644 while (sav != NULL) { 4645 nextsav = LIST_NEXT(sav, drainq); 4646 key_freesah(&sav->sah); /* release reference from SAV */ 4647 key_freesav(&sav); /* release extra reference */ 4648 key_freesav(&sav); /* release last reference */ 4649 sav = nextsav; 4650 } 4651 /* Free SAs that were unlinked/changed by someone else */ 4652 sav = LIST_FIRST(&freeq); 4653 while (sav != NULL) { 4654 nextsav = LIST_NEXT(sav, drainq); 4655 key_freesav(&sav); /* release extra reference */ 4656 sav = nextsav; 4657 } 4658 /* Free empty SAH */ 4659 sah = LIST_FIRST(&emptyq); 4660 while (sah != NULL) { 4661 nextsah = LIST_NEXT(sah, drainq); 4662 key_freesah(&sah); /* release extra reference */ 4663 key_freesah(&sah); /* release last reference */ 4664 sah = nextsah; 4665 } 4666 } 4667 4668 static void 4669 key_flush_acq(time_t now) 4670 { 4671 struct secacq *acq, *nextacq; 4672 4673 /* ACQ tree */ 4674 ACQ_LOCK(); 4675 acq = LIST_FIRST(&V_acqtree); 4676 while (acq != NULL) { 4677 nextacq = LIST_NEXT(acq, chain); 4678 if (now - acq->created > V_key_blockacq_lifetime) { 4679 LIST_REMOVE(acq, chain); 4680 LIST_REMOVE(acq, addrhash); 4681 LIST_REMOVE(acq, seqhash); 4682 free(acq, M_IPSEC_SAQ); 4683 } 4684 acq = nextacq; 4685 } 4686 ACQ_UNLOCK(); 4687 } 4688 4689 static void 4690 key_flush_spacq(time_t now) 4691 { 4692 struct secspacq *acq, *nextacq; 4693 4694 /* SP ACQ tree */ 4695 SPACQ_LOCK(); 4696 for (acq = LIST_FIRST(&V_spacqtree); acq != NULL; acq = nextacq) { 4697 nextacq = LIST_NEXT(acq, chain); 4698 if (now - acq->created > V_key_blockacq_lifetime 4699 && __LIST_CHAINED(acq)) { 4700 LIST_REMOVE(acq, chain); 4701 free(acq, M_IPSEC_SAQ); 4702 } 4703 } 4704 SPACQ_UNLOCK(); 4705 } 4706 4707 /* 4708 * time handler. 4709 * scanning SPD and SAD to check status for each entries, 4710 * and do to remove or to expire. 4711 * XXX: year 2038 problem may remain. 4712 */ 4713 static void 4714 key_timehandler(void *arg) 4715 { 4716 VNET_ITERATOR_DECL(vnet_iter); 4717 time_t now = time_second; 4718 4719 VNET_LIST_RLOCK_NOSLEEP(); 4720 VNET_FOREACH(vnet_iter) { 4721 CURVNET_SET(vnet_iter); 4722 key_flush_spd(now); 4723 key_flush_sad(now); 4724 key_flush_acq(now); 4725 key_flush_spacq(now); 4726 CURVNET_RESTORE(); 4727 } 4728 VNET_LIST_RUNLOCK_NOSLEEP(); 4729 4730 #ifndef IPSEC_DEBUG2 4731 /* do exchange to tick time !! */ 4732 callout_schedule(&key_timer, hz); 4733 #endif /* IPSEC_DEBUG2 */ 4734 } 4735 4736 u_long 4737 key_random() 4738 { 4739 u_long value; 4740 4741 arc4random_buf(&value, sizeof(value)); 4742 return value; 4743 } 4744 4745 /* 4746 * map SADB_SATYPE_* to IPPROTO_*. 4747 * if satype == SADB_SATYPE then satype is mapped to ~0. 4748 * OUT: 4749 * 0: invalid satype. 4750 */ 4751 static uint8_t 4752 key_satype2proto(uint8_t satype) 4753 { 4754 switch (satype) { 4755 case SADB_SATYPE_UNSPEC: 4756 return IPSEC_PROTO_ANY; 4757 case SADB_SATYPE_AH: 4758 return IPPROTO_AH; 4759 case SADB_SATYPE_ESP: 4760 return IPPROTO_ESP; 4761 case SADB_X_SATYPE_IPCOMP: 4762 return IPPROTO_IPCOMP; 4763 case SADB_X_SATYPE_TCPSIGNATURE: 4764 return IPPROTO_TCP; 4765 default: 4766 return 0; 4767 } 4768 /* NOTREACHED */ 4769 } 4770 4771 /* 4772 * map IPPROTO_* to SADB_SATYPE_* 4773 * OUT: 4774 * 0: invalid protocol type. 4775 */ 4776 static uint8_t 4777 key_proto2satype(uint8_t proto) 4778 { 4779 switch (proto) { 4780 case IPPROTO_AH: 4781 return SADB_SATYPE_AH; 4782 case IPPROTO_ESP: 4783 return SADB_SATYPE_ESP; 4784 case IPPROTO_IPCOMP: 4785 return SADB_X_SATYPE_IPCOMP; 4786 case IPPROTO_TCP: 4787 return SADB_X_SATYPE_TCPSIGNATURE; 4788 default: 4789 return 0; 4790 } 4791 /* NOTREACHED */ 4792 } 4793 4794 /* %%% PF_KEY */ 4795 /* 4796 * SADB_GETSPI processing is to receive 4797 * <base, (SA2), src address, dst address, (SPI range)> 4798 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND 4799 * tree with the status of LARVAL, and send 4800 * <base, SA(*), address(SD)> 4801 * to the IKMPd. 4802 * 4803 * IN: mhp: pointer to the pointer to each header. 4804 * OUT: NULL if fail. 4805 * other if success, return pointer to the message to send. 4806 */ 4807 static int 4808 key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 4809 { 4810 struct secasindex saidx; 4811 struct sadb_address *src0, *dst0; 4812 struct secasvar *sav; 4813 uint32_t reqid, spi; 4814 int error; 4815 uint8_t mode, proto; 4816 4817 IPSEC_ASSERT(so != NULL, ("null socket")); 4818 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4819 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4820 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4821 4822 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 4823 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) 4824 #ifdef PFKEY_STRICT_CHECKS 4825 || SADB_CHECKHDR(mhp, SADB_EXT_SPIRANGE) 4826 #endif 4827 ) { 4828 ipseclog((LOG_DEBUG, 4829 "%s: invalid message: missing required header.\n", 4830 __func__)); 4831 error = EINVAL; 4832 goto fail; 4833 } 4834 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 4835 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) 4836 #ifdef PFKEY_STRICT_CHECKS 4837 || SADB_CHECKLEN(mhp, SADB_EXT_SPIRANGE) 4838 #endif 4839 ) { 4840 ipseclog((LOG_DEBUG, 4841 "%s: invalid message: wrong header size.\n", __func__)); 4842 error = EINVAL; 4843 goto fail; 4844 } 4845 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 4846 mode = IPSEC_MODE_ANY; 4847 reqid = 0; 4848 } else { 4849 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 4850 ipseclog((LOG_DEBUG, 4851 "%s: invalid message: wrong header size.\n", 4852 __func__)); 4853 error = EINVAL; 4854 goto fail; 4855 } 4856 mode = ((struct sadb_x_sa2 *) 4857 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 4858 reqid = ((struct sadb_x_sa2 *) 4859 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 4860 } 4861 4862 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 4863 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 4864 4865 /* map satype to proto */ 4866 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 4867 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 4868 __func__)); 4869 error = EINVAL; 4870 goto fail; 4871 } 4872 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 4873 (struct sockaddr *)(dst0 + 1)); 4874 if (error != 0) { 4875 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 4876 error = EINVAL; 4877 goto fail; 4878 } 4879 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 4880 4881 /* SPI allocation */ 4882 spi = key_do_getnewspi( 4883 (struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], &saidx); 4884 if (spi == 0) { 4885 /* 4886 * Requested SPI or SPI range is not available or 4887 * already used. 4888 */ 4889 error = EEXIST; 4890 goto fail; 4891 } 4892 sav = key_newsav(mhp, &saidx, spi, &error); 4893 if (sav == NULL) 4894 goto fail; 4895 4896 if (sav->seq != 0) { 4897 /* 4898 * RFC2367: 4899 * If the SADB_GETSPI message is in response to a 4900 * kernel-generated SADB_ACQUIRE, the sadb_msg_seq 4901 * MUST be the same as the SADB_ACQUIRE message. 4902 * 4903 * XXXAE: However it doesn't definethe behaviour how to 4904 * check this and what to do if it doesn't match. 4905 * Also what we should do if it matches? 4906 * 4907 * We can compare saidx used in SADB_ACQUIRE with saidx 4908 * used in SADB_GETSPI, but this probably can break 4909 * existing software. For now just warn if it doesn't match. 4910 * 4911 * XXXAE: anyway it looks useless. 4912 */ 4913 key_acqdone(&saidx, sav->seq); 4914 } 4915 KEYDBG(KEY_STAMP, 4916 printf("%s: SA(%p)\n", __func__, sav)); 4917 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 4918 4919 { 4920 struct mbuf *n, *nn; 4921 struct sadb_sa *m_sa; 4922 struct sadb_msg *newmsg; 4923 int off, len; 4924 4925 /* create new sadb_msg to reply. */ 4926 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 4927 PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4928 4929 MGETHDR(n, M_NOWAIT, MT_DATA); 4930 if (len > MHLEN) { 4931 if (!(MCLGET(n, M_NOWAIT))) { 4932 m_freem(n); 4933 n = NULL; 4934 } 4935 } 4936 if (!n) { 4937 error = ENOBUFS; 4938 goto fail; 4939 } 4940 4941 n->m_len = len; 4942 n->m_next = NULL; 4943 off = 0; 4944 4945 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 4946 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 4947 4948 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off); 4949 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); 4950 m_sa->sadb_sa_exttype = SADB_EXT_SA; 4951 m_sa->sadb_sa_spi = spi; /* SPI is already in network byte order */ 4952 off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4953 4954 IPSEC_ASSERT(off == len, 4955 ("length inconsistency (off %u len %u)", off, len)); 4956 4957 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, 4958 SADB_EXT_ADDRESS_DST); 4959 if (!n->m_next) { 4960 m_freem(n); 4961 error = ENOBUFS; 4962 goto fail; 4963 } 4964 4965 if (n->m_len < sizeof(struct sadb_msg)) { 4966 n = m_pullup(n, sizeof(struct sadb_msg)); 4967 if (n == NULL) 4968 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 4969 } 4970 4971 n->m_pkthdr.len = 0; 4972 for (nn = n; nn; nn = nn->m_next) 4973 n->m_pkthdr.len += nn->m_len; 4974 4975 newmsg = mtod(n, struct sadb_msg *); 4976 newmsg->sadb_msg_seq = sav->seq; 4977 newmsg->sadb_msg_errno = 0; 4978 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 4979 4980 m_freem(m); 4981 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 4982 } 4983 4984 fail: 4985 return (key_senderror(so, m, error)); 4986 } 4987 4988 /* 4989 * allocating new SPI 4990 * called by key_getspi(). 4991 * OUT: 4992 * 0: failure. 4993 * others: success, SPI in network byte order. 4994 */ 4995 static uint32_t 4996 key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx) 4997 { 4998 uint32_t min, max, newspi, t; 4999 int count = V_key_spi_trycnt; 5000 5001 /* set spi range to allocate */ 5002 if (spirange != NULL) { 5003 min = spirange->sadb_spirange_min; 5004 max = spirange->sadb_spirange_max; 5005 } else { 5006 min = V_key_spi_minval; 5007 max = V_key_spi_maxval; 5008 } 5009 /* IPCOMP needs 2-byte SPI */ 5010 if (saidx->proto == IPPROTO_IPCOMP) { 5011 if (min >= 0x10000) 5012 min = 0xffff; 5013 if (max >= 0x10000) 5014 max = 0xffff; 5015 if (min > max) { 5016 t = min; min = max; max = t; 5017 } 5018 } 5019 5020 if (min == max) { 5021 if (!key_checkspidup(htonl(min))) { 5022 ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n", 5023 __func__, min)); 5024 return 0; 5025 } 5026 5027 count--; /* taking one cost. */ 5028 newspi = min; 5029 } else { 5030 /* init SPI */ 5031 newspi = 0; 5032 5033 /* when requesting to allocate spi ranged */ 5034 while (count--) { 5035 /* generate pseudo-random SPI value ranged. */ 5036 newspi = min + (key_random() % (max - min + 1)); 5037 if (!key_checkspidup(htonl(newspi))) 5038 break; 5039 } 5040 5041 if (count == 0 || newspi == 0) { 5042 ipseclog((LOG_DEBUG, 5043 "%s: failed to allocate SPI.\n", __func__)); 5044 return 0; 5045 } 5046 } 5047 5048 /* statistics */ 5049 keystat.getspi_count = 5050 (keystat.getspi_count + V_key_spi_trycnt - count) / 2; 5051 5052 return (htonl(newspi)); 5053 } 5054 5055 /* 5056 * Find TCP-MD5 SA with corresponding secasindex. 5057 * If not found, return NULL and fill SPI with usable value if needed. 5058 */ 5059 static struct secasvar * 5060 key_getsav_tcpmd5(struct secasindex *saidx, uint32_t *spi) 5061 { 5062 SAHTREE_RLOCK_TRACKER; 5063 struct secashead *sah; 5064 struct secasvar *sav; 5065 5066 IPSEC_ASSERT(saidx->proto == IPPROTO_TCP, ("wrong proto")); 5067 SAHTREE_RLOCK(); 5068 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 5069 if (sah->saidx.proto != IPPROTO_TCP) 5070 continue; 5071 if (!key_sockaddrcmp(&saidx->dst.sa, &sah->saidx.dst.sa, 0) && 5072 !key_sockaddrcmp(&saidx->src.sa, &sah->saidx.src.sa, 0)) 5073 break; 5074 } 5075 if (sah != NULL) { 5076 if (V_key_preferred_oldsa) 5077 sav = TAILQ_LAST(&sah->savtree_alive, secasvar_queue); 5078 else 5079 sav = TAILQ_FIRST(&sah->savtree_alive); 5080 if (sav != NULL) { 5081 SAV_ADDREF(sav); 5082 SAHTREE_RUNLOCK(); 5083 return (sav); 5084 } 5085 } 5086 if (spi == NULL) { 5087 /* No SPI required */ 5088 SAHTREE_RUNLOCK(); 5089 return (NULL); 5090 } 5091 /* Check that SPI is unique */ 5092 LIST_FOREACH(sav, SAVHASH_HASH(*spi), spihash) { 5093 if (sav->spi == *spi) 5094 break; 5095 } 5096 if (sav == NULL) { 5097 SAHTREE_RUNLOCK(); 5098 /* SPI is already unique */ 5099 return (NULL); 5100 } 5101 SAHTREE_RUNLOCK(); 5102 /* XXX: not optimal */ 5103 *spi = key_do_getnewspi(NULL, saidx); 5104 return (NULL); 5105 } 5106 5107 static int 5108 key_updateaddresses(struct socket *so, struct mbuf *m, 5109 const struct sadb_msghdr *mhp, struct secasvar *sav, 5110 struct secasindex *saidx) 5111 { 5112 struct sockaddr *newaddr; 5113 struct secashead *sah; 5114 struct secasvar *newsav, *tmp; 5115 struct mbuf *n; 5116 int error, isnew; 5117 5118 /* Check that we need to change SAH */ 5119 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC)) { 5120 newaddr = (struct sockaddr *)( 5121 ((struct sadb_address *) 5122 mhp->ext[SADB_X_EXT_NEW_ADDRESS_SRC]) + 1); 5123 bcopy(newaddr, &saidx->src, newaddr->sa_len); 5124 key_porttosaddr(&saidx->src.sa, 0); 5125 } 5126 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5127 newaddr = (struct sockaddr *)( 5128 ((struct sadb_address *) 5129 mhp->ext[SADB_X_EXT_NEW_ADDRESS_DST]) + 1); 5130 bcopy(newaddr, &saidx->dst, newaddr->sa_len); 5131 key_porttosaddr(&saidx->dst.sa, 0); 5132 } 5133 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5134 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST)) { 5135 error = key_checksockaddrs(&saidx->src.sa, &saidx->dst.sa); 5136 if (error != 0) { 5137 ipseclog((LOG_DEBUG, "%s: invalid new sockaddr.\n", 5138 __func__)); 5139 return (error); 5140 } 5141 5142 sah = key_getsah(saidx); 5143 if (sah == NULL) { 5144 /* create a new SA index */ 5145 sah = key_newsah(saidx); 5146 if (sah == NULL) { 5147 ipseclog((LOG_DEBUG, 5148 "%s: No more memory.\n", __func__)); 5149 return (ENOBUFS); 5150 } 5151 isnew = 2; /* SAH is new */ 5152 } else 5153 isnew = 1; /* existing SAH is referenced */ 5154 } else { 5155 /* 5156 * src and dst addresses are still the same. 5157 * Do we want to change NAT-T config? 5158 */ 5159 if (sav->sah->saidx.proto != IPPROTO_ESP || 5160 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5161 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) || 5162 SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5163 ipseclog((LOG_DEBUG, 5164 "%s: invalid message: missing required header.\n", 5165 __func__)); 5166 return (EINVAL); 5167 } 5168 /* We hold reference to SA, thus SAH will be referenced too. */ 5169 sah = sav->sah; 5170 isnew = 0; 5171 } 5172 5173 newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, 5174 M_NOWAIT | M_ZERO); 5175 if (newsav == NULL) { 5176 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5177 error = ENOBUFS; 5178 goto fail; 5179 } 5180 5181 /* Clone SA's content into newsav */ 5182 SAV_INITREF(newsav); 5183 bcopy(sav, newsav, offsetof(struct secasvar, chain)); 5184 /* 5185 * We create new NAT-T config if it is needed. 5186 * Old NAT-T config will be freed by key_cleansav() when 5187 * last reference to SA will be released. 5188 */ 5189 newsav->natt = NULL; 5190 newsav->sah = sah; 5191 newsav->state = SADB_SASTATE_MATURE; 5192 error = key_setnatt(newsav, mhp); 5193 if (error != 0) 5194 goto fail; 5195 5196 SAHTREE_WLOCK(); 5197 /* Check that SA is still alive */ 5198 if (sav->state == SADB_SASTATE_DEAD) { 5199 /* SA was unlinked */ 5200 SAHTREE_WUNLOCK(); 5201 error = ESRCH; 5202 goto fail; 5203 } 5204 5205 /* Unlink SA from SAH and SPI hash */ 5206 IPSEC_ASSERT((sav->flags & SADB_X_EXT_F_CLONED) == 0, 5207 ("SA is already cloned")); 5208 IPSEC_ASSERT(sav->state == SADB_SASTATE_MATURE || 5209 sav->state == SADB_SASTATE_DYING, 5210 ("Wrong SA state %u\n", sav->state)); 5211 TAILQ_REMOVE(&sav->sah->savtree_alive, sav, chain); 5212 LIST_REMOVE(sav, spihash); 5213 sav->state = SADB_SASTATE_DEAD; 5214 5215 /* 5216 * Link new SA with SAH. Keep SAs ordered by 5217 * create time (newer are first). 5218 */ 5219 TAILQ_FOREACH(tmp, &sah->savtree_alive, chain) { 5220 if (newsav->created > tmp->created) { 5221 TAILQ_INSERT_BEFORE(tmp, newsav, chain); 5222 break; 5223 } 5224 } 5225 if (tmp == NULL) 5226 TAILQ_INSERT_TAIL(&sah->savtree_alive, newsav, chain); 5227 5228 /* Add new SA into SPI hash. */ 5229 LIST_INSERT_HEAD(SAVHASH_HASH(newsav->spi), newsav, spihash); 5230 5231 /* Add new SAH into SADB. */ 5232 if (isnew == 2) { 5233 TAILQ_INSERT_HEAD(&V_sahtree, sah, chain); 5234 LIST_INSERT_HEAD(SAHADDRHASH_HASH(saidx), sah, addrhash); 5235 sah->state = SADB_SASTATE_MATURE; 5236 SAH_ADDREF(sah); /* newsav references new SAH */ 5237 } 5238 /* 5239 * isnew == 1 -> @sah was referenced by key_getsah(). 5240 * isnew == 0 -> we use the same @sah, that was used by @sav, 5241 * and we use its reference for @newsav. 5242 */ 5243 SECASVAR_LOCK(sav); 5244 /* XXX: replace cntr with pointer? */ 5245 newsav->cntr = sav->cntr; 5246 sav->flags |= SADB_X_EXT_F_CLONED; 5247 SECASVAR_UNLOCK(sav); 5248 5249 SAHTREE_WUNLOCK(); 5250 5251 KEYDBG(KEY_STAMP, 5252 printf("%s: SA(%p) cloned into SA(%p)\n", 5253 __func__, sav, newsav)); 5254 KEYDBG(KEY_DATA, kdebug_secasv(newsav)); 5255 5256 key_freesav(&sav); /* release last reference */ 5257 5258 /* set msg buf from mhp */ 5259 n = key_getmsgbuf_x1(m, mhp); 5260 if (n == NULL) { 5261 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5262 return (ENOBUFS); 5263 } 5264 m_freem(m); 5265 key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5266 return (0); 5267 fail: 5268 if (isnew != 0) 5269 key_freesah(&sah); 5270 if (newsav != NULL) { 5271 if (newsav->natt != NULL) 5272 free(newsav->natt, M_IPSEC_MISC); 5273 free(newsav, M_IPSEC_SA); 5274 } 5275 return (error); 5276 } 5277 5278 /* 5279 * SADB_UPDATE processing 5280 * receive 5281 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5282 * key(AE), (identity(SD),) (sensitivity)> 5283 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. 5284 * and send 5285 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5286 * (identity(SD),) (sensitivity)> 5287 * to the ikmpd. 5288 * 5289 * m will always be freed. 5290 */ 5291 static int 5292 key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5293 { 5294 struct secasindex saidx; 5295 struct sadb_address *src0, *dst0; 5296 struct sadb_sa *sa0; 5297 struct secasvar *sav; 5298 uint32_t reqid; 5299 int error; 5300 uint8_t mode, proto; 5301 5302 IPSEC_ASSERT(so != NULL, ("null socket")); 5303 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5304 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5305 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5306 5307 /* map satype to proto */ 5308 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5309 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5310 __func__)); 5311 return key_senderror(so, m, EINVAL); 5312 } 5313 5314 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5315 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5316 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5317 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5318 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5319 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5320 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5321 ipseclog((LOG_DEBUG, 5322 "%s: invalid message: missing required header.\n", 5323 __func__)); 5324 return key_senderror(so, m, EINVAL); 5325 } 5326 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5327 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5328 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5329 ipseclog((LOG_DEBUG, 5330 "%s: invalid message: wrong header size.\n", __func__)); 5331 return key_senderror(so, m, EINVAL); 5332 } 5333 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5334 mode = IPSEC_MODE_ANY; 5335 reqid = 0; 5336 } else { 5337 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5338 ipseclog((LOG_DEBUG, 5339 "%s: invalid message: wrong header size.\n", 5340 __func__)); 5341 return key_senderror(so, m, EINVAL); 5342 } 5343 mode = ((struct sadb_x_sa2 *) 5344 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5345 reqid = ((struct sadb_x_sa2 *) 5346 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5347 } 5348 5349 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5350 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5351 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5352 5353 /* 5354 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5355 * SADB_UPDATE message. 5356 */ 5357 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5358 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5359 #ifdef PFKEY_STRICT_CHECKS 5360 return key_senderror(so, m, EINVAL); 5361 #endif 5362 } 5363 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5364 (struct sockaddr *)(dst0 + 1)); 5365 if (error != 0) { 5366 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5367 return key_senderror(so, m, error); 5368 } 5369 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5370 sav = key_getsavbyspi(sa0->sadb_sa_spi); 5371 if (sav == NULL) { 5372 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u\n", 5373 __func__, ntohl(sa0->sadb_sa_spi))); 5374 return key_senderror(so, m, EINVAL); 5375 } 5376 /* 5377 * Check that SADB_UPDATE issued by the same process that did 5378 * SADB_GETSPI or SADB_ADD. 5379 */ 5380 if (sav->pid != mhp->msg->sadb_msg_pid) { 5381 ipseclog((LOG_DEBUG, 5382 "%s: pid mismatched (SPI %u, pid %u vs. %u)\n", __func__, 5383 ntohl(sav->spi), sav->pid, mhp->msg->sadb_msg_pid)); 5384 key_freesav(&sav); 5385 return key_senderror(so, m, EINVAL); 5386 } 5387 /* saidx should match with SA. */ 5388 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_MODE_REQID) == 0) { 5389 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u\n", 5390 __func__, ntohl(sav->spi))); 5391 key_freesav(&sav); 5392 return key_senderror(so, m, ESRCH); 5393 } 5394 5395 if (sav->state == SADB_SASTATE_LARVAL) { 5396 if ((mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 5397 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT)) || 5398 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 5399 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH))) { 5400 ipseclog((LOG_DEBUG, 5401 "%s: invalid message: missing required header.\n", 5402 __func__)); 5403 key_freesav(&sav); 5404 return key_senderror(so, m, EINVAL); 5405 } 5406 /* 5407 * We can set any values except src, dst and SPI. 5408 */ 5409 error = key_setsaval(sav, mhp); 5410 if (error != 0) { 5411 key_freesav(&sav); 5412 return (key_senderror(so, m, error)); 5413 } 5414 /* Change SA state to MATURE */ 5415 SAHTREE_WLOCK(); 5416 if (sav->state != SADB_SASTATE_LARVAL) { 5417 /* SA was deleted or another thread made it MATURE. */ 5418 SAHTREE_WUNLOCK(); 5419 key_freesav(&sav); 5420 return (key_senderror(so, m, ESRCH)); 5421 } 5422 /* 5423 * NOTE: we keep SAs in savtree_alive ordered by created 5424 * time. When SA's state changed from LARVAL to MATURE, 5425 * we update its created time in key_setsaval() and move 5426 * it into head of savtree_alive. 5427 */ 5428 TAILQ_REMOVE(&sav->sah->savtree_larval, sav, chain); 5429 TAILQ_INSERT_HEAD(&sav->sah->savtree_alive, sav, chain); 5430 sav->state = SADB_SASTATE_MATURE; 5431 SAHTREE_WUNLOCK(); 5432 } else { 5433 /* 5434 * For DYING and MATURE SA we can change only state 5435 * and lifetimes. Report EINVAL if something else attempted 5436 * to change. 5437 */ 5438 if (!SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5439 !SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH)) { 5440 key_freesav(&sav); 5441 return (key_senderror(so, m, EINVAL)); 5442 } 5443 error = key_updatelifetimes(sav, mhp); 5444 if (error != 0) { 5445 key_freesav(&sav); 5446 return (key_senderror(so, m, error)); 5447 } 5448 /* 5449 * This is FreeBSD extension to RFC2367. 5450 * IKEd can specify SADB_X_EXT_NEW_ADDRESS_SRC and/or 5451 * SADB_X_EXT_NEW_ADDRESS_DST when it wants to change 5452 * SA addresses (for example to implement MOBIKE protocol 5453 * as described in RFC4555). Also we allow to change 5454 * NAT-T config. 5455 */ 5456 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_SRC) || 5457 !SADB_CHECKHDR(mhp, SADB_X_EXT_NEW_ADDRESS_DST) || 5458 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) || 5459 sav->natt != NULL) { 5460 error = key_updateaddresses(so, m, mhp, sav, &saidx); 5461 key_freesav(&sav); 5462 if (error != 0) 5463 return (key_senderror(so, m, error)); 5464 return (0); 5465 } 5466 /* Check that SA is still alive */ 5467 SAHTREE_WLOCK(); 5468 if (sav->state == SADB_SASTATE_DEAD) { 5469 /* SA was unlinked */ 5470 SAHTREE_WUNLOCK(); 5471 key_freesav(&sav); 5472 return (key_senderror(so, m, ESRCH)); 5473 } 5474 /* 5475 * NOTE: there is possible state moving from DYING to MATURE, 5476 * but this doesn't change created time, so we won't reorder 5477 * this SA. 5478 */ 5479 sav->state = SADB_SASTATE_MATURE; 5480 SAHTREE_WUNLOCK(); 5481 } 5482 KEYDBG(KEY_STAMP, 5483 printf("%s: SA(%p)\n", __func__, sav)); 5484 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5485 key_freesav(&sav); 5486 5487 { 5488 struct mbuf *n; 5489 5490 /* set msg buf from mhp */ 5491 n = key_getmsgbuf_x1(m, mhp); 5492 if (n == NULL) { 5493 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5494 return key_senderror(so, m, ENOBUFS); 5495 } 5496 5497 m_freem(m); 5498 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5499 } 5500 } 5501 5502 /* 5503 * SADB_ADD processing 5504 * add an entry to SA database, when received 5505 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5506 * key(AE), (identity(SD),) (sensitivity)> 5507 * from the ikmpd, 5508 * and send 5509 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 5510 * (identity(SD),) (sensitivity)> 5511 * to the ikmpd. 5512 * 5513 * IGNORE identity and sensitivity messages. 5514 * 5515 * m will always be freed. 5516 */ 5517 static int 5518 key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5519 { 5520 struct secasindex saidx; 5521 struct sadb_address *src0, *dst0; 5522 struct sadb_sa *sa0; 5523 struct secasvar *sav; 5524 uint32_t reqid, spi; 5525 uint8_t mode, proto; 5526 int error; 5527 5528 IPSEC_ASSERT(so != NULL, ("null socket")); 5529 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5530 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5531 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5532 5533 /* map satype to proto */ 5534 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5535 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5536 __func__)); 5537 return key_senderror(so, m, EINVAL); 5538 } 5539 5540 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 5541 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5542 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5543 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && ( 5544 SADB_CHECKHDR(mhp, SADB_EXT_KEY_ENCRYPT) || 5545 SADB_CHECKLEN(mhp, SADB_EXT_KEY_ENCRYPT))) || 5546 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && ( 5547 SADB_CHECKHDR(mhp, SADB_EXT_KEY_AUTH) || 5548 SADB_CHECKLEN(mhp, SADB_EXT_KEY_AUTH))) || 5549 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD) && 5550 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT)) || 5551 (SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_SOFT) && 5552 !SADB_CHECKHDR(mhp, SADB_EXT_LIFETIME_HARD))) { 5553 ipseclog((LOG_DEBUG, 5554 "%s: invalid message: missing required header.\n", 5555 __func__)); 5556 return key_senderror(so, m, EINVAL); 5557 } 5558 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 5559 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5560 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5561 ipseclog((LOG_DEBUG, 5562 "%s: invalid message: wrong header size.\n", __func__)); 5563 return key_senderror(so, m, EINVAL); 5564 } 5565 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 5566 mode = IPSEC_MODE_ANY; 5567 reqid = 0; 5568 } else { 5569 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 5570 ipseclog((LOG_DEBUG, 5571 "%s: invalid message: wrong header size.\n", 5572 __func__)); 5573 return key_senderror(so, m, EINVAL); 5574 } 5575 mode = ((struct sadb_x_sa2 *) 5576 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 5577 reqid = ((struct sadb_x_sa2 *) 5578 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 5579 } 5580 5581 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5582 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 5583 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 5584 5585 /* 5586 * Only SADB_SASTATE_MATURE SAs may be submitted in an 5587 * SADB_ADD message. 5588 */ 5589 if (sa0->sadb_sa_state != SADB_SASTATE_MATURE) { 5590 ipseclog((LOG_DEBUG, "%s: invalid state.\n", __func__)); 5591 #ifdef PFKEY_STRICT_CHECKS 5592 return key_senderror(so, m, EINVAL); 5593 #endif 5594 } 5595 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 5596 (struct sockaddr *)(dst0 + 1)); 5597 if (error != 0) { 5598 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5599 return key_senderror(so, m, error); 5600 } 5601 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 5602 spi = sa0->sadb_sa_spi; 5603 /* 5604 * For TCP-MD5 SAs we don't use SPI. Check the uniqueness using 5605 * secasindex. 5606 * XXXAE: IPComp seems also doesn't use SPI. 5607 */ 5608 if (proto == IPPROTO_TCP) { 5609 sav = key_getsav_tcpmd5(&saidx, &spi); 5610 if (sav == NULL && spi == 0) { 5611 /* Failed to allocate SPI */ 5612 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", 5613 __func__)); 5614 return key_senderror(so, m, EEXIST); 5615 } 5616 /* XXX: SPI that we report back can have another value */ 5617 } else { 5618 /* We can create new SA only if SPI is different. */ 5619 sav = key_getsavbyspi(spi); 5620 } 5621 if (sav != NULL) { 5622 key_freesav(&sav); 5623 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__)); 5624 return key_senderror(so, m, EEXIST); 5625 } 5626 5627 sav = key_newsav(mhp, &saidx, spi, &error); 5628 if (sav == NULL) 5629 return key_senderror(so, m, error); 5630 KEYDBG(KEY_STAMP, 5631 printf("%s: return SA(%p)\n", __func__, sav)); 5632 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 5633 /* 5634 * If SADB_ADD was in response to SADB_ACQUIRE, we need to schedule 5635 * ACQ for deletion. 5636 */ 5637 if (sav->seq != 0) 5638 key_acqdone(&saidx, sav->seq); 5639 5640 { 5641 /* 5642 * Don't call key_freesav() on error here, as we would like to 5643 * keep the SA in the database. 5644 */ 5645 struct mbuf *n; 5646 5647 /* set msg buf from mhp */ 5648 n = key_getmsgbuf_x1(m, mhp); 5649 if (n == NULL) { 5650 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5651 return key_senderror(so, m, ENOBUFS); 5652 } 5653 5654 m_freem(m); 5655 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5656 } 5657 } 5658 5659 /* 5660 * NAT-T support. 5661 * IKEd may request the use ESP in UDP encapsulation when it detects the 5662 * presence of NAT. It uses NAT-T extension headers for such SAs to specify 5663 * parameters needed for encapsulation and decapsulation. These PF_KEY 5664 * extension headers are not standardized, so this comment addresses our 5665 * implementation. 5666 * SADB_X_EXT_NAT_T_TYPE specifies type of encapsulation, we support only 5667 * UDP_ENCAP_ESPINUDP as described in RFC3948. 5668 * SADB_X_EXT_NAT_T_SPORT/DPORT specifies source and destination ports for 5669 * UDP header. We use these ports in UDP encapsulation procedure, also we 5670 * can check them in UDP decapsulation procedure. 5671 * SADB_X_EXT_NAT_T_OA[IR] specifies original address of initiator or 5672 * responder. These addresses can be used for transport mode to adjust 5673 * checksum after decapsulation and decryption. Since original IP addresses 5674 * used by peer usually different (we detected presence of NAT), TCP/UDP 5675 * pseudo header checksum and IP header checksum was calculated using original 5676 * addresses. After decapsulation and decryption we need to adjust checksum 5677 * to have correct datagram. 5678 * 5679 * We expect presence of NAT-T extension headers only in SADB_ADD and 5680 * SADB_UPDATE messages. We report NAT-T extension headers in replies 5681 * to SADB_ADD, SADB_UPDATE, SADB_GET, and SADB_DUMP messages. 5682 */ 5683 static int 5684 key_setnatt(struct secasvar *sav, const struct sadb_msghdr *mhp) 5685 { 5686 struct sadb_x_nat_t_port *port; 5687 struct sadb_x_nat_t_type *type; 5688 struct sadb_address *oai, *oar; 5689 struct sockaddr *sa; 5690 uint32_t addr; 5691 uint16_t cksum; 5692 5693 IPSEC_ASSERT(sav->natt == NULL, ("natt is already initialized")); 5694 /* 5695 * Ignore NAT-T headers if sproto isn't ESP. 5696 */ 5697 if (sav->sah->saidx.proto != IPPROTO_ESP) 5698 return (0); 5699 5700 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_TYPE) && 5701 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_SPORT) && 5702 !SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5703 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_TYPE) || 5704 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_SPORT) || 5705 SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_DPORT)) { 5706 ipseclog((LOG_DEBUG, 5707 "%s: invalid message: wrong header size.\n", 5708 __func__)); 5709 return (EINVAL); 5710 } 5711 } else 5712 return (0); 5713 5714 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE]; 5715 if (type->sadb_x_nat_t_type_type != UDP_ENCAP_ESPINUDP) { 5716 ipseclog((LOG_DEBUG, "%s: unsupported NAT-T type %u.\n", 5717 __func__, type->sadb_x_nat_t_type_type)); 5718 return (EINVAL); 5719 } 5720 /* 5721 * Allocate storage for NAT-T config. 5722 * On error it will be released by key_cleansav(). 5723 */ 5724 sav->natt = malloc(sizeof(struct secnatt), M_IPSEC_MISC, 5725 M_NOWAIT | M_ZERO); 5726 if (sav->natt == NULL) { 5727 PFKEYSTAT_INC(in_nomem); 5728 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5729 return (ENOBUFS); 5730 } 5731 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT]; 5732 if (port->sadb_x_nat_t_port_port == 0) { 5733 ipseclog((LOG_DEBUG, "%s: invalid NAT-T sport specified.\n", 5734 __func__)); 5735 return (EINVAL); 5736 } 5737 sav->natt->sport = port->sadb_x_nat_t_port_port; 5738 port = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT]; 5739 if (port->sadb_x_nat_t_port_port == 0) { 5740 ipseclog((LOG_DEBUG, "%s: invalid NAT-T dport specified.\n", 5741 __func__)); 5742 return (EINVAL); 5743 } 5744 sav->natt->dport = port->sadb_x_nat_t_port_port; 5745 5746 /* 5747 * SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR are optional 5748 * and needed only for transport mode IPsec. 5749 * Usually NAT translates only one address, but it is possible, 5750 * that both addresses could be translated. 5751 * NOTE: Value of SADB_X_EXT_NAT_T_OAI is equal to SADB_X_EXT_NAT_T_OA. 5752 */ 5753 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAI)) { 5754 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAI)) { 5755 ipseclog((LOG_DEBUG, 5756 "%s: invalid message: wrong header size.\n", 5757 __func__)); 5758 return (EINVAL); 5759 } 5760 oai = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAI]; 5761 } else 5762 oai = NULL; 5763 if (!SADB_CHECKHDR(mhp, SADB_X_EXT_NAT_T_OAR)) { 5764 if (SADB_CHECKLEN(mhp, SADB_X_EXT_NAT_T_OAR)) { 5765 ipseclog((LOG_DEBUG, 5766 "%s: invalid message: wrong header size.\n", 5767 __func__)); 5768 return (EINVAL); 5769 } 5770 oar = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OAR]; 5771 } else 5772 oar = NULL; 5773 5774 /* Initialize addresses only for transport mode */ 5775 if (sav->sah->saidx.mode != IPSEC_MODE_TUNNEL) { 5776 cksum = 0; 5777 if (oai != NULL) { 5778 /* Currently we support only AF_INET */ 5779 sa = (struct sockaddr *)(oai + 1); 5780 if (sa->sa_family != AF_INET || 5781 sa->sa_len != sizeof(struct sockaddr_in)) { 5782 ipseclog((LOG_DEBUG, 5783 "%s: wrong NAT-OAi header.\n", 5784 __func__)); 5785 return (EINVAL); 5786 } 5787 /* Ignore address if it the same */ 5788 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5789 sav->sah->saidx.src.sin.sin_addr.s_addr) { 5790 bcopy(sa, &sav->natt->oai.sa, sa->sa_len); 5791 sav->natt->flags |= IPSEC_NATT_F_OAI; 5792 /* Calculate checksum delta */ 5793 addr = sav->sah->saidx.src.sin.sin_addr.s_addr; 5794 cksum = in_addword(cksum, ~addr >> 16); 5795 cksum = in_addword(cksum, ~addr & 0xffff); 5796 addr = sav->natt->oai.sin.sin_addr.s_addr; 5797 cksum = in_addword(cksum, addr >> 16); 5798 cksum = in_addword(cksum, addr & 0xffff); 5799 } 5800 } 5801 if (oar != NULL) { 5802 /* Currently we support only AF_INET */ 5803 sa = (struct sockaddr *)(oar + 1); 5804 if (sa->sa_family != AF_INET || 5805 sa->sa_len != sizeof(struct sockaddr_in)) { 5806 ipseclog((LOG_DEBUG, 5807 "%s: wrong NAT-OAr header.\n", 5808 __func__)); 5809 return (EINVAL); 5810 } 5811 /* Ignore address if it the same */ 5812 if (((struct sockaddr_in *)sa)->sin_addr.s_addr != 5813 sav->sah->saidx.dst.sin.sin_addr.s_addr) { 5814 bcopy(sa, &sav->natt->oar.sa, sa->sa_len); 5815 sav->natt->flags |= IPSEC_NATT_F_OAR; 5816 /* Calculate checksum delta */ 5817 addr = sav->sah->saidx.dst.sin.sin_addr.s_addr; 5818 cksum = in_addword(cksum, ~addr >> 16); 5819 cksum = in_addword(cksum, ~addr & 0xffff); 5820 addr = sav->natt->oar.sin.sin_addr.s_addr; 5821 cksum = in_addword(cksum, addr >> 16); 5822 cksum = in_addword(cksum, addr & 0xffff); 5823 } 5824 } 5825 sav->natt->cksum = cksum; 5826 } 5827 return (0); 5828 } 5829 5830 static int 5831 key_setident(struct secashead *sah, const struct sadb_msghdr *mhp) 5832 { 5833 const struct sadb_ident *idsrc, *iddst; 5834 5835 IPSEC_ASSERT(sah != NULL, ("null secashead")); 5836 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5837 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5838 5839 /* don't make buffer if not there */ 5840 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) && 5841 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5842 sah->idents = NULL; 5843 sah->identd = NULL; 5844 return (0); 5845 } 5846 5847 if (SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_SRC) || 5848 SADB_CHECKHDR(mhp, SADB_EXT_IDENTITY_DST)) { 5849 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__)); 5850 return (EINVAL); 5851 } 5852 5853 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC]; 5854 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST]; 5855 5856 /* validity check */ 5857 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { 5858 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__)); 5859 return EINVAL; 5860 } 5861 5862 switch (idsrc->sadb_ident_type) { 5863 case SADB_IDENTTYPE_PREFIX: 5864 case SADB_IDENTTYPE_FQDN: 5865 case SADB_IDENTTYPE_USERFQDN: 5866 default: 5867 /* XXX do nothing */ 5868 sah->idents = NULL; 5869 sah->identd = NULL; 5870 return 0; 5871 } 5872 5873 /* make structure */ 5874 sah->idents = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5875 if (sah->idents == NULL) { 5876 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5877 return ENOBUFS; 5878 } 5879 sah->identd = malloc(sizeof(struct secident), M_IPSEC_MISC, M_NOWAIT); 5880 if (sah->identd == NULL) { 5881 free(sah->idents, M_IPSEC_MISC); 5882 sah->idents = NULL; 5883 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5884 return ENOBUFS; 5885 } 5886 sah->idents->type = idsrc->sadb_ident_type; 5887 sah->idents->id = idsrc->sadb_ident_id; 5888 5889 sah->identd->type = iddst->sadb_ident_type; 5890 sah->identd->id = iddst->sadb_ident_id; 5891 5892 return 0; 5893 } 5894 5895 /* 5896 * m will not be freed on return. 5897 * it is caller's responsibility to free the result. 5898 * 5899 * Called from SADB_ADD and SADB_UPDATE. Reply will contain headers 5900 * from the request in defined order. 5901 */ 5902 static struct mbuf * 5903 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp) 5904 { 5905 struct mbuf *n; 5906 5907 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5908 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5909 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5910 5911 /* create new sadb_msg to reply. */ 5912 n = key_gather_mbuf(m, mhp, 1, 16, SADB_EXT_RESERVED, 5913 SADB_EXT_SA, SADB_X_EXT_SA2, 5914 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, 5915 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 5916 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST, 5917 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT, 5918 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, 5919 SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_NEW_ADDRESS_SRC, 5920 SADB_X_EXT_NEW_ADDRESS_DST); 5921 if (!n) 5922 return NULL; 5923 5924 if (n->m_len < sizeof(struct sadb_msg)) { 5925 n = m_pullup(n, sizeof(struct sadb_msg)); 5926 if (n == NULL) 5927 return NULL; 5928 } 5929 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; 5930 mtod(n, struct sadb_msg *)->sadb_msg_len = 5931 PFKEY_UNIT64(n->m_pkthdr.len); 5932 5933 return n; 5934 } 5935 5936 /* 5937 * SADB_DELETE processing 5938 * receive 5939 * <base, SA(*), address(SD)> 5940 * from the ikmpd, and set SADB_SASTATE_DEAD, 5941 * and send, 5942 * <base, SA(*), address(SD)> 5943 * to the ikmpd. 5944 * 5945 * m will always be freed. 5946 */ 5947 static int 5948 key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 5949 { 5950 struct secasindex saidx; 5951 struct sadb_address *src0, *dst0; 5952 struct secasvar *sav; 5953 struct sadb_sa *sa0; 5954 uint8_t proto; 5955 5956 IPSEC_ASSERT(so != NULL, ("null socket")); 5957 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5958 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5959 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5960 5961 /* map satype to proto */ 5962 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5963 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5964 __func__)); 5965 return key_senderror(so, m, EINVAL); 5966 } 5967 5968 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 5969 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 5970 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 5971 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 5972 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5973 __func__)); 5974 return key_senderror(so, m, EINVAL); 5975 } 5976 5977 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5978 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5979 5980 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 5981 (struct sockaddr *)(dst0 + 1)) != 0) { 5982 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 5983 return (key_senderror(so, m, EINVAL)); 5984 } 5985 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 5986 if (SADB_CHECKHDR(mhp, SADB_EXT_SA)) { 5987 /* 5988 * Caller wants us to delete all non-LARVAL SAs 5989 * that match the src/dst. This is used during 5990 * IKE INITIAL-CONTACT. 5991 * XXXAE: this looks like some extension to RFC2367. 5992 */ 5993 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__)); 5994 return (key_delete_all(so, m, mhp, &saidx)); 5995 } 5996 if (SADB_CHECKLEN(mhp, SADB_EXT_SA)) { 5997 ipseclog((LOG_DEBUG, 5998 "%s: invalid message: wrong header size.\n", __func__)); 5999 return (key_senderror(so, m, EINVAL)); 6000 } 6001 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6002 if (proto == IPPROTO_TCP) 6003 sav = key_getsav_tcpmd5(&saidx, NULL); 6004 else 6005 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6006 if (sav == NULL) { 6007 ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u.\n", 6008 __func__, ntohl(sa0->sadb_sa_spi))); 6009 return (key_senderror(so, m, ESRCH)); 6010 } 6011 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6012 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6013 __func__, ntohl(sav->spi))); 6014 key_freesav(&sav); 6015 return (key_senderror(so, m, ESRCH)); 6016 } 6017 KEYDBG(KEY_STAMP, 6018 printf("%s: SA(%p)\n", __func__, sav)); 6019 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6020 key_unlinksav(sav); 6021 key_freesav(&sav); 6022 6023 { 6024 struct mbuf *n; 6025 struct sadb_msg *newmsg; 6026 6027 /* create new sadb_msg to reply. */ 6028 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 6029 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6030 if (!n) 6031 return key_senderror(so, m, ENOBUFS); 6032 6033 if (n->m_len < sizeof(struct sadb_msg)) { 6034 n = m_pullup(n, sizeof(struct sadb_msg)); 6035 if (n == NULL) 6036 return key_senderror(so, m, ENOBUFS); 6037 } 6038 newmsg = mtod(n, struct sadb_msg *); 6039 newmsg->sadb_msg_errno = 0; 6040 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6041 6042 m_freem(m); 6043 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6044 } 6045 } 6046 6047 /* 6048 * delete all SAs for src/dst. Called from key_delete(). 6049 */ 6050 static int 6051 key_delete_all(struct socket *so, struct mbuf *m, 6052 const struct sadb_msghdr *mhp, struct secasindex *saidx) 6053 { 6054 struct secasvar_queue drainq; 6055 struct secashead *sah; 6056 struct secasvar *sav, *nextsav; 6057 6058 TAILQ_INIT(&drainq); 6059 SAHTREE_WLOCK(); 6060 LIST_FOREACH(sah, SAHADDRHASH_HASH(saidx), addrhash) { 6061 if (key_cmpsaidx(&sah->saidx, saidx, CMP_HEAD) == 0) 6062 continue; 6063 /* Move all ALIVE SAs into drainq */ 6064 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6065 } 6066 /* Unlink all queued SAs from SPI hash */ 6067 TAILQ_FOREACH(sav, &drainq, chain) { 6068 sav->state = SADB_SASTATE_DEAD; 6069 LIST_REMOVE(sav, spihash); 6070 } 6071 SAHTREE_WUNLOCK(); 6072 /* Now we can release reference for all SAs in drainq */ 6073 sav = TAILQ_FIRST(&drainq); 6074 while (sav != NULL) { 6075 KEYDBG(KEY_STAMP, 6076 printf("%s: SA(%p)\n", __func__, sav)); 6077 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6078 nextsav = TAILQ_NEXT(sav, chain); 6079 key_freesah(&sav->sah); /* release reference from SAV */ 6080 key_freesav(&sav); /* release last reference */ 6081 sav = nextsav; 6082 } 6083 6084 { 6085 struct mbuf *n; 6086 struct sadb_msg *newmsg; 6087 6088 /* create new sadb_msg to reply. */ 6089 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, 6090 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 6091 if (!n) 6092 return key_senderror(so, m, ENOBUFS); 6093 6094 if (n->m_len < sizeof(struct sadb_msg)) { 6095 n = m_pullup(n, sizeof(struct sadb_msg)); 6096 if (n == NULL) 6097 return key_senderror(so, m, ENOBUFS); 6098 } 6099 newmsg = mtod(n, struct sadb_msg *); 6100 newmsg->sadb_msg_errno = 0; 6101 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 6102 6103 m_freem(m); 6104 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 6105 } 6106 } 6107 6108 /* 6109 * Delete all alive SAs for corresponding xform. 6110 * Larval SAs have not initialized tdb_xform, so it is safe to leave them 6111 * here when xform disappears. 6112 */ 6113 void 6114 key_delete_xform(const struct xformsw *xsp) 6115 { 6116 struct secasvar_queue drainq; 6117 struct secashead *sah; 6118 struct secasvar *sav, *nextsav; 6119 6120 TAILQ_INIT(&drainq); 6121 SAHTREE_WLOCK(); 6122 TAILQ_FOREACH(sah, &V_sahtree, chain) { 6123 sav = TAILQ_FIRST(&sah->savtree_alive); 6124 if (sav == NULL) 6125 continue; 6126 if (sav->tdb_xform != xsp) 6127 continue; 6128 /* 6129 * It is supposed that all SAs in the chain are related to 6130 * one xform. 6131 */ 6132 TAILQ_CONCAT(&drainq, &sah->savtree_alive, chain); 6133 } 6134 /* Unlink all queued SAs from SPI hash */ 6135 TAILQ_FOREACH(sav, &drainq, chain) { 6136 sav->state = SADB_SASTATE_DEAD; 6137 LIST_REMOVE(sav, spihash); 6138 } 6139 SAHTREE_WUNLOCK(); 6140 6141 /* Now we can release reference for all SAs in drainq */ 6142 sav = TAILQ_FIRST(&drainq); 6143 while (sav != NULL) { 6144 KEYDBG(KEY_STAMP, 6145 printf("%s: SA(%p)\n", __func__, sav)); 6146 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 6147 nextsav = TAILQ_NEXT(sav, chain); 6148 key_freesah(&sav->sah); /* release reference from SAV */ 6149 key_freesav(&sav); /* release last reference */ 6150 sav = nextsav; 6151 } 6152 } 6153 6154 /* 6155 * SADB_GET processing 6156 * receive 6157 * <base, SA(*), address(SD)> 6158 * from the ikmpd, and get a SP and a SA to respond, 6159 * and send, 6160 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), 6161 * (identity(SD),) (sensitivity)> 6162 * to the ikmpd. 6163 * 6164 * m will always be freed. 6165 */ 6166 static int 6167 key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6168 { 6169 struct secasindex saidx; 6170 struct sadb_address *src0, *dst0; 6171 struct sadb_sa *sa0; 6172 struct secasvar *sav; 6173 uint8_t proto; 6174 6175 IPSEC_ASSERT(so != NULL, ("null socket")); 6176 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6177 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6178 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6179 6180 /* map satype to proto */ 6181 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6182 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6183 __func__)); 6184 return key_senderror(so, m, EINVAL); 6185 } 6186 6187 if (SADB_CHECKHDR(mhp, SADB_EXT_SA) || 6188 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6189 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST)) { 6190 ipseclog((LOG_DEBUG, 6191 "%s: invalid message: missing required header.\n", 6192 __func__)); 6193 return key_senderror(so, m, EINVAL); 6194 } 6195 if (SADB_CHECKLEN(mhp, SADB_EXT_SA) || 6196 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6197 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST)) { 6198 ipseclog((LOG_DEBUG, 6199 "%s: invalid message: wrong header size.\n", __func__)); 6200 return key_senderror(so, m, EINVAL); 6201 } 6202 6203 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 6204 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 6205 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 6206 6207 if (key_checksockaddrs((struct sockaddr *)(src0 + 1), 6208 (struct sockaddr *)(dst0 + 1)) != 0) { 6209 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 6210 return key_senderror(so, m, EINVAL); 6211 } 6212 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 6213 6214 if (proto == IPPROTO_TCP) 6215 sav = key_getsav_tcpmd5(&saidx, NULL); 6216 else 6217 sav = key_getsavbyspi(sa0->sadb_sa_spi); 6218 if (sav == NULL) { 6219 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); 6220 return key_senderror(so, m, ESRCH); 6221 } 6222 if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_HEAD) == 0) { 6223 ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u.\n", 6224 __func__, ntohl(sa0->sadb_sa_spi))); 6225 key_freesav(&sav); 6226 return (key_senderror(so, m, ESRCH)); 6227 } 6228 6229 { 6230 struct mbuf *n; 6231 uint8_t satype; 6232 6233 /* map proto to satype */ 6234 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0) { 6235 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n", 6236 __func__)); 6237 key_freesav(&sav); 6238 return key_senderror(so, m, EINVAL); 6239 } 6240 6241 /* create new sadb_msg to reply. */ 6242 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, 6243 mhp->msg->sadb_msg_pid); 6244 6245 key_freesav(&sav); 6246 if (!n) 6247 return key_senderror(so, m, ENOBUFS); 6248 6249 m_freem(m); 6250 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 6251 } 6252 } 6253 6254 /* XXX make it sysctl-configurable? */ 6255 static void 6256 key_getcomb_setlifetime(struct sadb_comb *comb) 6257 { 6258 6259 comb->sadb_comb_soft_allocations = 1; 6260 comb->sadb_comb_hard_allocations = 1; 6261 comb->sadb_comb_soft_bytes = 0; 6262 comb->sadb_comb_hard_bytes = 0; 6263 comb->sadb_comb_hard_addtime = 86400; /* 1 day */ 6264 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; 6265 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */ 6266 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100; 6267 } 6268 6269 /* 6270 * XXX reorder combinations by preference 6271 * XXX no idea if the user wants ESP authentication or not 6272 */ 6273 static struct mbuf * 6274 key_getcomb_ealg(void) 6275 { 6276 struct sadb_comb *comb; 6277 const struct enc_xform *algo; 6278 struct mbuf *result = NULL, *m, *n; 6279 int encmin; 6280 int i, off, o; 6281 int totlen; 6282 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6283 6284 m = NULL; 6285 for (i = 1; i <= SADB_EALG_MAX; i++) { 6286 algo = enc_algorithm_lookup(i); 6287 if (algo == NULL) 6288 continue; 6289 6290 /* discard algorithms with key size smaller than system min */ 6291 if (_BITS(algo->maxkey) < V_ipsec_esp_keymin) 6292 continue; 6293 if (_BITS(algo->minkey) < V_ipsec_esp_keymin) 6294 encmin = V_ipsec_esp_keymin; 6295 else 6296 encmin = _BITS(algo->minkey); 6297 6298 if (V_ipsec_esp_auth) 6299 m = key_getcomb_ah(); 6300 else { 6301 IPSEC_ASSERT(l <= MLEN, 6302 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6303 MGET(m, M_NOWAIT, MT_DATA); 6304 if (m) { 6305 M_ALIGN(m, l); 6306 m->m_len = l; 6307 m->m_next = NULL; 6308 bzero(mtod(m, caddr_t), m->m_len); 6309 } 6310 } 6311 if (!m) 6312 goto fail; 6313 6314 totlen = 0; 6315 for (n = m; n; n = n->m_next) 6316 totlen += n->m_len; 6317 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l)); 6318 6319 for (off = 0; off < totlen; off += l) { 6320 n = m_pulldown(m, off, l, &o); 6321 if (!n) { 6322 /* m is already freed */ 6323 goto fail; 6324 } 6325 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o); 6326 bzero(comb, sizeof(*comb)); 6327 key_getcomb_setlifetime(comb); 6328 comb->sadb_comb_encrypt = i; 6329 comb->sadb_comb_encrypt_minbits = encmin; 6330 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey); 6331 } 6332 6333 if (!result) 6334 result = m; 6335 else 6336 m_cat(result, m); 6337 } 6338 6339 return result; 6340 6341 fail: 6342 if (result) 6343 m_freem(result); 6344 return NULL; 6345 } 6346 6347 static void 6348 key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min, 6349 u_int16_t* max) 6350 { 6351 6352 *min = *max = ah->hashsize; 6353 if (ah->keysize == 0) { 6354 /* 6355 * Transform takes arbitrary key size but algorithm 6356 * key size is restricted. Enforce this here. 6357 */ 6358 switch (alg) { 6359 case SADB_X_AALG_NULL: *min = 1; *max = 256; break; 6360 case SADB_X_AALG_SHA2_256: *min = *max = 32; break; 6361 case SADB_X_AALG_SHA2_384: *min = *max = 48; break; 6362 case SADB_X_AALG_SHA2_512: *min = *max = 64; break; 6363 default: 6364 DPRINTF(("%s: unknown AH algorithm %u\n", 6365 __func__, alg)); 6366 break; 6367 } 6368 } 6369 } 6370 6371 /* 6372 * XXX reorder combinations by preference 6373 */ 6374 static struct mbuf * 6375 key_getcomb_ah() 6376 { 6377 const struct auth_hash *algo; 6378 struct sadb_comb *comb; 6379 struct mbuf *m; 6380 u_int16_t minkeysize, maxkeysize; 6381 int i; 6382 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6383 6384 m = NULL; 6385 for (i = 1; i <= SADB_AALG_MAX; i++) { 6386 #if 1 6387 /* we prefer HMAC algorithms, not old algorithms */ 6388 if (i != SADB_AALG_SHA1HMAC && 6389 i != SADB_X_AALG_SHA2_256 && 6390 i != SADB_X_AALG_SHA2_384 && 6391 i != SADB_X_AALG_SHA2_512) 6392 continue; 6393 #endif 6394 algo = auth_algorithm_lookup(i); 6395 if (!algo) 6396 continue; 6397 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize); 6398 /* discard algorithms with key size smaller than system min */ 6399 if (_BITS(minkeysize) < V_ipsec_ah_keymin) 6400 continue; 6401 6402 if (!m) { 6403 IPSEC_ASSERT(l <= MLEN, 6404 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6405 MGET(m, M_NOWAIT, MT_DATA); 6406 if (m) { 6407 M_ALIGN(m, l); 6408 m->m_len = l; 6409 m->m_next = NULL; 6410 } 6411 } else 6412 M_PREPEND(m, l, M_NOWAIT); 6413 if (!m) 6414 return NULL; 6415 6416 comb = mtod(m, struct sadb_comb *); 6417 bzero(comb, sizeof(*comb)); 6418 key_getcomb_setlifetime(comb); 6419 comb->sadb_comb_auth = i; 6420 comb->sadb_comb_auth_minbits = _BITS(minkeysize); 6421 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize); 6422 } 6423 6424 return m; 6425 } 6426 6427 /* 6428 * not really an official behavior. discussed in pf_key@inner.net in Sep2000. 6429 * XXX reorder combinations by preference 6430 */ 6431 static struct mbuf * 6432 key_getcomb_ipcomp() 6433 { 6434 const struct comp_algo *algo; 6435 struct sadb_comb *comb; 6436 struct mbuf *m; 6437 int i; 6438 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 6439 6440 m = NULL; 6441 for (i = 1; i <= SADB_X_CALG_MAX; i++) { 6442 algo = comp_algorithm_lookup(i); 6443 if (!algo) 6444 continue; 6445 6446 if (!m) { 6447 IPSEC_ASSERT(l <= MLEN, 6448 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 6449 MGET(m, M_NOWAIT, MT_DATA); 6450 if (m) { 6451 M_ALIGN(m, l); 6452 m->m_len = l; 6453 m->m_next = NULL; 6454 } 6455 } else 6456 M_PREPEND(m, l, M_NOWAIT); 6457 if (!m) 6458 return NULL; 6459 6460 comb = mtod(m, struct sadb_comb *); 6461 bzero(comb, sizeof(*comb)); 6462 key_getcomb_setlifetime(comb); 6463 comb->sadb_comb_encrypt = i; 6464 /* what should we set into sadb_comb_*_{min,max}bits? */ 6465 } 6466 6467 return m; 6468 } 6469 6470 /* 6471 * XXX no way to pass mode (transport/tunnel) to userland 6472 * XXX replay checking? 6473 * XXX sysctl interface to ipsec_{ah,esp}_keymin 6474 */ 6475 static struct mbuf * 6476 key_getprop(const struct secasindex *saidx) 6477 { 6478 struct sadb_prop *prop; 6479 struct mbuf *m, *n; 6480 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop)); 6481 int totlen; 6482 6483 switch (saidx->proto) { 6484 case IPPROTO_ESP: 6485 m = key_getcomb_ealg(); 6486 break; 6487 case IPPROTO_AH: 6488 m = key_getcomb_ah(); 6489 break; 6490 case IPPROTO_IPCOMP: 6491 m = key_getcomb_ipcomp(); 6492 break; 6493 default: 6494 return NULL; 6495 } 6496 6497 if (!m) 6498 return NULL; 6499 M_PREPEND(m, l, M_NOWAIT); 6500 if (!m) 6501 return NULL; 6502 6503 totlen = 0; 6504 for (n = m; n; n = n->m_next) 6505 totlen += n->m_len; 6506 6507 prop = mtod(m, struct sadb_prop *); 6508 bzero(prop, sizeof(*prop)); 6509 prop->sadb_prop_len = PFKEY_UNIT64(totlen); 6510 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 6511 prop->sadb_prop_replay = 32; /* XXX */ 6512 6513 return m; 6514 } 6515 6516 /* 6517 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2(). 6518 * send 6519 * <base, SA, address(SD), (address(P)), x_policy, 6520 * (identity(SD),) (sensitivity,) proposal> 6521 * to KMD, and expect to receive 6522 * <base> with SADB_ACQUIRE if error occurred, 6523 * or 6524 * <base, src address, dst address, (SPI range)> with SADB_GETSPI 6525 * from KMD by PF_KEY. 6526 * 6527 * XXX x_policy is outside of RFC2367 (KAME extension). 6528 * XXX sensitivity is not supported. 6529 * XXX for ipcomp, RFC2367 does not define how to fill in proposal. 6530 * see comment for key_getcomb_ipcomp(). 6531 * 6532 * OUT: 6533 * 0 : succeed 6534 * others: error number 6535 */ 6536 static int 6537 key_acquire(const struct secasindex *saidx, struct secpolicy *sp) 6538 { 6539 union sockaddr_union addr; 6540 struct mbuf *result, *m; 6541 uint32_t seq; 6542 int error; 6543 uint16_t ul_proto; 6544 uint8_t mask, satype; 6545 6546 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 6547 satype = key_proto2satype(saidx->proto); 6548 IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto)); 6549 6550 error = -1; 6551 result = NULL; 6552 ul_proto = IPSEC_ULPROTO_ANY; 6553 6554 /* Get seq number to check whether sending message or not. */ 6555 seq = key_getacq(saidx, &error); 6556 if (seq == 0) 6557 return (error); 6558 6559 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0); 6560 if (!m) { 6561 error = ENOBUFS; 6562 goto fail; 6563 } 6564 result = m; 6565 6566 /* 6567 * set sadb_address for saidx's. 6568 * 6569 * Note that if sp is supplied, then we're being called from 6570 * key_allocsa_policy() and should supply port and protocol 6571 * information. 6572 * XXXAE: why only TCP and UDP? ICMP and SCTP looks applicable too. 6573 * XXXAE: probably we can handle this in the ipsec[46]_allocsa(). 6574 * XXXAE: it looks like we should save this info in the ACQ entry. 6575 */ 6576 if (sp != NULL && (sp->spidx.ul_proto == IPPROTO_TCP || 6577 sp->spidx.ul_proto == IPPROTO_UDP)) 6578 ul_proto = sp->spidx.ul_proto; 6579 6580 addr = saidx->src; 6581 mask = FULLMASK; 6582 if (ul_proto != IPSEC_ULPROTO_ANY) { 6583 switch (sp->spidx.src.sa.sa_family) { 6584 case AF_INET: 6585 if (sp->spidx.src.sin.sin_port != IPSEC_PORT_ANY) { 6586 addr.sin.sin_port = sp->spidx.src.sin.sin_port; 6587 mask = sp->spidx.prefs; 6588 } 6589 break; 6590 case AF_INET6: 6591 if (sp->spidx.src.sin6.sin6_port != IPSEC_PORT_ANY) { 6592 addr.sin6.sin6_port = 6593 sp->spidx.src.sin6.sin6_port; 6594 mask = sp->spidx.prefs; 6595 } 6596 break; 6597 default: 6598 break; 6599 } 6600 } 6601 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, &addr.sa, mask, ul_proto); 6602 if (!m) { 6603 error = ENOBUFS; 6604 goto fail; 6605 } 6606 m_cat(result, m); 6607 6608 addr = saidx->dst; 6609 mask = FULLMASK; 6610 if (ul_proto != IPSEC_ULPROTO_ANY) { 6611 switch (sp->spidx.dst.sa.sa_family) { 6612 case AF_INET: 6613 if (sp->spidx.dst.sin.sin_port != IPSEC_PORT_ANY) { 6614 addr.sin.sin_port = sp->spidx.dst.sin.sin_port; 6615 mask = sp->spidx.prefd; 6616 } 6617 break; 6618 case AF_INET6: 6619 if (sp->spidx.dst.sin6.sin6_port != IPSEC_PORT_ANY) { 6620 addr.sin6.sin6_port = 6621 sp->spidx.dst.sin6.sin6_port; 6622 mask = sp->spidx.prefd; 6623 } 6624 break; 6625 default: 6626 break; 6627 } 6628 } 6629 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, &addr.sa, mask, ul_proto); 6630 if (!m) { 6631 error = ENOBUFS; 6632 goto fail; 6633 } 6634 m_cat(result, m); 6635 6636 /* XXX proxy address (optional) */ 6637 6638 /* 6639 * Set sadb_x_policy. This is KAME extension to RFC2367. 6640 */ 6641 if (sp != NULL) { 6642 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id, 6643 sp->priority); 6644 if (!m) { 6645 error = ENOBUFS; 6646 goto fail; 6647 } 6648 m_cat(result, m); 6649 } 6650 6651 /* 6652 * Set sadb_x_sa2 extension if saidx->reqid is not zero. 6653 * This is FreeBSD extension to RFC2367. 6654 */ 6655 if (saidx->reqid != 0) { 6656 m = key_setsadbxsa2(saidx->mode, 0, saidx->reqid); 6657 if (m == NULL) { 6658 error = ENOBUFS; 6659 goto fail; 6660 } 6661 m_cat(result, m); 6662 } 6663 /* XXX identity (optional) */ 6664 #if 0 6665 if (idexttype && fqdn) { 6666 /* create identity extension (FQDN) */ 6667 struct sadb_ident *id; 6668 int fqdnlen; 6669 6670 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */ 6671 id = (struct sadb_ident *)p; 6672 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6673 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 6674 id->sadb_ident_exttype = idexttype; 6675 id->sadb_ident_type = SADB_IDENTTYPE_FQDN; 6676 bcopy(fqdn, id + 1, fqdnlen); 6677 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen); 6678 } 6679 6680 if (idexttype) { 6681 /* create identity extension (USERFQDN) */ 6682 struct sadb_ident *id; 6683 int userfqdnlen; 6684 6685 if (userfqdn) { 6686 /* +1 for terminating-NUL */ 6687 userfqdnlen = strlen(userfqdn) + 1; 6688 } else 6689 userfqdnlen = 0; 6690 id = (struct sadb_ident *)p; 6691 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6692 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 6693 id->sadb_ident_exttype = idexttype; 6694 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; 6695 /* XXX is it correct? */ 6696 if (curproc && curproc->p_cred) 6697 id->sadb_ident_id = curproc->p_cred->p_ruid; 6698 if (userfqdn && userfqdnlen) 6699 bcopy(userfqdn, id + 1, userfqdnlen); 6700 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen); 6701 } 6702 #endif 6703 6704 /* XXX sensitivity (optional) */ 6705 6706 /* create proposal/combination extension */ 6707 m = key_getprop(saidx); 6708 #if 0 6709 /* 6710 * spec conformant: always attach proposal/combination extension, 6711 * the problem is that we have no way to attach it for ipcomp, 6712 * due to the way sadb_comb is declared in RFC2367. 6713 */ 6714 if (!m) { 6715 error = ENOBUFS; 6716 goto fail; 6717 } 6718 m_cat(result, m); 6719 #else 6720 /* 6721 * outside of spec; make proposal/combination extension optional. 6722 */ 6723 if (m) 6724 m_cat(result, m); 6725 #endif 6726 6727 if ((result->m_flags & M_PKTHDR) == 0) { 6728 error = EINVAL; 6729 goto fail; 6730 } 6731 6732 if (result->m_len < sizeof(struct sadb_msg)) { 6733 result = m_pullup(result, sizeof(struct sadb_msg)); 6734 if (result == NULL) { 6735 error = ENOBUFS; 6736 goto fail; 6737 } 6738 } 6739 6740 result->m_pkthdr.len = 0; 6741 for (m = result; m; m = m->m_next) 6742 result->m_pkthdr.len += m->m_len; 6743 6744 mtod(result, struct sadb_msg *)->sadb_msg_len = 6745 PFKEY_UNIT64(result->m_pkthdr.len); 6746 6747 KEYDBG(KEY_STAMP, 6748 printf("%s: SP(%p)\n", __func__, sp)); 6749 KEYDBG(KEY_DATA, kdebug_secasindex(saidx, NULL)); 6750 6751 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 6752 6753 fail: 6754 if (result) 6755 m_freem(result); 6756 return error; 6757 } 6758 6759 static uint32_t 6760 key_newacq(const struct secasindex *saidx, int *perror) 6761 { 6762 struct secacq *acq; 6763 uint32_t seq; 6764 6765 acq = malloc(sizeof(*acq), M_IPSEC_SAQ, M_NOWAIT | M_ZERO); 6766 if (acq == NULL) { 6767 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6768 *perror = ENOBUFS; 6769 return (0); 6770 } 6771 6772 /* copy secindex */ 6773 bcopy(saidx, &acq->saidx, sizeof(acq->saidx)); 6774 acq->created = time_second; 6775 acq->count = 0; 6776 6777 /* add to acqtree */ 6778 ACQ_LOCK(); 6779 seq = acq->seq = (V_acq_seq == ~0 ? 1 : ++V_acq_seq); 6780 LIST_INSERT_HEAD(&V_acqtree, acq, chain); 6781 LIST_INSERT_HEAD(ACQADDRHASH_HASH(saidx), acq, addrhash); 6782 LIST_INSERT_HEAD(ACQSEQHASH_HASH(seq), acq, seqhash); 6783 ACQ_UNLOCK(); 6784 *perror = 0; 6785 return (seq); 6786 } 6787 6788 static uint32_t 6789 key_getacq(const struct secasindex *saidx, int *perror) 6790 { 6791 struct secacq *acq; 6792 uint32_t seq; 6793 6794 ACQ_LOCK(); 6795 LIST_FOREACH(acq, ACQADDRHASH_HASH(saidx), addrhash) { 6796 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY)) { 6797 if (acq->count > V_key_blockacq_count) { 6798 /* 6799 * Reset counter and send message. 6800 * Also reset created time to keep ACQ for 6801 * this saidx. 6802 */ 6803 acq->created = time_second; 6804 acq->count = 0; 6805 seq = acq->seq; 6806 } else { 6807 /* 6808 * Increment counter and do nothing. 6809 * We send SADB_ACQUIRE message only 6810 * for each V_key_blockacq_count packet. 6811 */ 6812 acq->count++; 6813 seq = 0; 6814 } 6815 break; 6816 } 6817 } 6818 ACQ_UNLOCK(); 6819 if (acq != NULL) { 6820 *perror = 0; 6821 return (seq); 6822 } 6823 /* allocate new entry */ 6824 return (key_newacq(saidx, perror)); 6825 } 6826 6827 static int 6828 key_acqreset(uint32_t seq) 6829 { 6830 struct secacq *acq; 6831 6832 ACQ_LOCK(); 6833 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6834 if (acq->seq == seq) { 6835 acq->count = 0; 6836 acq->created = time_second; 6837 break; 6838 } 6839 } 6840 ACQ_UNLOCK(); 6841 if (acq == NULL) 6842 return (ESRCH); 6843 return (0); 6844 } 6845 /* 6846 * Mark ACQ entry as stale to remove it in key_flush_acq(). 6847 * Called after successful SADB_GETSPI message. 6848 */ 6849 static int 6850 key_acqdone(const struct secasindex *saidx, uint32_t seq) 6851 { 6852 struct secacq *acq; 6853 6854 ACQ_LOCK(); 6855 LIST_FOREACH(acq, ACQSEQHASH_HASH(seq), seqhash) { 6856 if (acq->seq == seq) 6857 break; 6858 } 6859 if (acq != NULL) { 6860 if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY) == 0) { 6861 ipseclog((LOG_DEBUG, 6862 "%s: Mismatched saidx for ACQ %u\n", __func__, seq)); 6863 acq = NULL; 6864 } else { 6865 acq->created = 0; 6866 } 6867 } else { 6868 ipseclog((LOG_DEBUG, 6869 "%s: ACQ %u is not found.\n", __func__, seq)); 6870 } 6871 ACQ_UNLOCK(); 6872 if (acq == NULL) 6873 return (ESRCH); 6874 return (0); 6875 } 6876 6877 static struct secspacq * 6878 key_newspacq(struct secpolicyindex *spidx) 6879 { 6880 struct secspacq *acq; 6881 6882 /* get new entry */ 6883 acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO); 6884 if (acq == NULL) { 6885 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6886 return NULL; 6887 } 6888 6889 /* copy secindex */ 6890 bcopy(spidx, &acq->spidx, sizeof(acq->spidx)); 6891 acq->created = time_second; 6892 acq->count = 0; 6893 6894 /* add to spacqtree */ 6895 SPACQ_LOCK(); 6896 LIST_INSERT_HEAD(&V_spacqtree, acq, chain); 6897 SPACQ_UNLOCK(); 6898 6899 return acq; 6900 } 6901 6902 static struct secspacq * 6903 key_getspacq(struct secpolicyindex *spidx) 6904 { 6905 struct secspacq *acq; 6906 6907 SPACQ_LOCK(); 6908 LIST_FOREACH(acq, &V_spacqtree, chain) { 6909 if (key_cmpspidx_exactly(spidx, &acq->spidx)) { 6910 /* NB: return holding spacq_lock */ 6911 return acq; 6912 } 6913 } 6914 SPACQ_UNLOCK(); 6915 6916 return NULL; 6917 } 6918 6919 /* 6920 * SADB_ACQUIRE processing, 6921 * in first situation, is receiving 6922 * <base> 6923 * from the ikmpd, and clear sequence of its secasvar entry. 6924 * 6925 * In second situation, is receiving 6926 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6927 * from a user land process, and return 6928 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 6929 * to the socket. 6930 * 6931 * m will always be freed. 6932 */ 6933 static int 6934 key_acquire2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 6935 { 6936 SAHTREE_RLOCK_TRACKER; 6937 struct sadb_address *src0, *dst0; 6938 struct secasindex saidx; 6939 struct secashead *sah; 6940 uint32_t reqid; 6941 int error; 6942 uint8_t mode, proto; 6943 6944 IPSEC_ASSERT(so != NULL, ("null socket")); 6945 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6946 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6947 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6948 6949 /* 6950 * Error message from KMd. 6951 * We assume that if error was occurred in IKEd, the length of PFKEY 6952 * message is equal to the size of sadb_msg structure. 6953 * We do not raise error even if error occurred in this function. 6954 */ 6955 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) { 6956 /* check sequence number */ 6957 if (mhp->msg->sadb_msg_seq == 0 || 6958 mhp->msg->sadb_msg_errno == 0) { 6959 ipseclog((LOG_DEBUG, "%s: must specify sequence " 6960 "number and errno.\n", __func__)); 6961 } else { 6962 /* 6963 * IKEd reported that error occurred. 6964 * XXXAE: what it expects from the kernel? 6965 * Probably we should send SADB_ACQUIRE again? 6966 * If so, reset ACQ's state. 6967 * XXXAE: it looks useless. 6968 */ 6969 key_acqreset(mhp->msg->sadb_msg_seq); 6970 } 6971 m_freem(m); 6972 return (0); 6973 } 6974 6975 /* 6976 * This message is from user land. 6977 */ 6978 6979 /* map satype to proto */ 6980 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6981 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6982 __func__)); 6983 return key_senderror(so, m, EINVAL); 6984 } 6985 6986 if (SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_SRC) || 6987 SADB_CHECKHDR(mhp, SADB_EXT_ADDRESS_DST) || 6988 SADB_CHECKHDR(mhp, SADB_EXT_PROPOSAL)) { 6989 ipseclog((LOG_DEBUG, 6990 "%s: invalid message: missing required header.\n", 6991 __func__)); 6992 return key_senderror(so, m, EINVAL); 6993 } 6994 if (SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_SRC) || 6995 SADB_CHECKLEN(mhp, SADB_EXT_ADDRESS_DST) || 6996 SADB_CHECKLEN(mhp, SADB_EXT_PROPOSAL)) { 6997 ipseclog((LOG_DEBUG, 6998 "%s: invalid message: wrong header size.\n", __func__)); 6999 return key_senderror(so, m, EINVAL); 7000 } 7001 7002 if (SADB_CHECKHDR(mhp, SADB_X_EXT_SA2)) { 7003 mode = IPSEC_MODE_ANY; 7004 reqid = 0; 7005 } else { 7006 if (SADB_CHECKLEN(mhp, SADB_X_EXT_SA2)) { 7007 ipseclog((LOG_DEBUG, 7008 "%s: invalid message: wrong header size.\n", 7009 __func__)); 7010 return key_senderror(so, m, EINVAL); 7011 } 7012 mode = ((struct sadb_x_sa2 *) 7013 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 7014 reqid = ((struct sadb_x_sa2 *) 7015 mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 7016 } 7017 7018 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 7019 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 7020 7021 error = key_checksockaddrs((struct sockaddr *)(src0 + 1), 7022 (struct sockaddr *)(dst0 + 1)); 7023 if (error != 0) { 7024 ipseclog((LOG_DEBUG, "%s: invalid sockaddr.\n", __func__)); 7025 return key_senderror(so, m, EINVAL); 7026 } 7027 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 7028 7029 /* get a SA index */ 7030 SAHTREE_RLOCK(); 7031 LIST_FOREACH(sah, SAHADDRHASH_HASH(&saidx), addrhash) { 7032 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID)) 7033 break; 7034 } 7035 SAHTREE_RUNLOCK(); 7036 if (sah != NULL) { 7037 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__)); 7038 return key_senderror(so, m, EEXIST); 7039 } 7040 7041 error = key_acquire(&saidx, NULL); 7042 if (error != 0) { 7043 ipseclog((LOG_DEBUG, 7044 "%s: error %d returned from key_acquire()\n", 7045 __func__, error)); 7046 return key_senderror(so, m, error); 7047 } 7048 m_freem(m); 7049 return (0); 7050 } 7051 7052 /* 7053 * SADB_REGISTER processing. 7054 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported. 7055 * receive 7056 * <base> 7057 * from the ikmpd, and register a socket to send PF_KEY messages, 7058 * and send 7059 * <base, supported> 7060 * to KMD by PF_KEY. 7061 * If socket is detached, must free from regnode. 7062 * 7063 * m will always be freed. 7064 */ 7065 static int 7066 key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7067 { 7068 struct secreg *reg, *newreg = NULL; 7069 7070 IPSEC_ASSERT(so != NULL, ("null socket")); 7071 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7072 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7073 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7074 7075 /* check for invalid register message */ 7076 if (mhp->msg->sadb_msg_satype >= sizeof(V_regtree)/sizeof(V_regtree[0])) 7077 return key_senderror(so, m, EINVAL); 7078 7079 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */ 7080 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 7081 goto setmsg; 7082 7083 /* check whether existing or not */ 7084 REGTREE_LOCK(); 7085 LIST_FOREACH(reg, &V_regtree[mhp->msg->sadb_msg_satype], chain) { 7086 if (reg->so == so) { 7087 REGTREE_UNLOCK(); 7088 ipseclog((LOG_DEBUG, "%s: socket exists already.\n", 7089 __func__)); 7090 return key_senderror(so, m, EEXIST); 7091 } 7092 } 7093 7094 /* create regnode */ 7095 newreg = malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO); 7096 if (newreg == NULL) { 7097 REGTREE_UNLOCK(); 7098 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7099 return key_senderror(so, m, ENOBUFS); 7100 } 7101 7102 newreg->so = so; 7103 ((struct keycb *)sotorawcb(so))->kp_registered++; 7104 7105 /* add regnode to regtree. */ 7106 LIST_INSERT_HEAD(&V_regtree[mhp->msg->sadb_msg_satype], newreg, chain); 7107 REGTREE_UNLOCK(); 7108 7109 setmsg: 7110 { 7111 struct mbuf *n; 7112 struct sadb_msg *newmsg; 7113 struct sadb_supported *sup; 7114 u_int len, alen, elen; 7115 int off; 7116 int i; 7117 struct sadb_alg *alg; 7118 7119 /* create new sadb_msg to reply. */ 7120 alen = 0; 7121 for (i = 1; i <= SADB_AALG_MAX; i++) { 7122 if (auth_algorithm_lookup(i)) 7123 alen += sizeof(struct sadb_alg); 7124 } 7125 if (alen) 7126 alen += sizeof(struct sadb_supported); 7127 elen = 0; 7128 for (i = 1; i <= SADB_EALG_MAX; i++) { 7129 if (enc_algorithm_lookup(i)) 7130 elen += sizeof(struct sadb_alg); 7131 } 7132 if (elen) 7133 elen += sizeof(struct sadb_supported); 7134 7135 len = sizeof(struct sadb_msg) + alen + elen; 7136 7137 if (len > MCLBYTES) 7138 return key_senderror(so, m, ENOBUFS); 7139 7140 MGETHDR(n, M_NOWAIT, MT_DATA); 7141 if (n != NULL && len > MHLEN) { 7142 if (!(MCLGET(n, M_NOWAIT))) { 7143 m_freem(n); 7144 n = NULL; 7145 } 7146 } 7147 if (!n) 7148 return key_senderror(so, m, ENOBUFS); 7149 7150 n->m_pkthdr.len = n->m_len = len; 7151 n->m_next = NULL; 7152 off = 0; 7153 7154 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 7155 newmsg = mtod(n, struct sadb_msg *); 7156 newmsg->sadb_msg_errno = 0; 7157 newmsg->sadb_msg_len = PFKEY_UNIT64(len); 7158 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 7159 7160 /* for authentication algorithm */ 7161 if (alen) { 7162 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7163 sup->sadb_supported_len = PFKEY_UNIT64(alen); 7164 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 7165 off += PFKEY_ALIGN8(sizeof(*sup)); 7166 7167 for (i = 1; i <= SADB_AALG_MAX; i++) { 7168 const struct auth_hash *aalgo; 7169 u_int16_t minkeysize, maxkeysize; 7170 7171 aalgo = auth_algorithm_lookup(i); 7172 if (!aalgo) 7173 continue; 7174 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7175 alg->sadb_alg_id = i; 7176 alg->sadb_alg_ivlen = 0; 7177 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize); 7178 alg->sadb_alg_minbits = _BITS(minkeysize); 7179 alg->sadb_alg_maxbits = _BITS(maxkeysize); 7180 off += PFKEY_ALIGN8(sizeof(*alg)); 7181 } 7182 } 7183 7184 /* for encryption algorithm */ 7185 if (elen) { 7186 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 7187 sup->sadb_supported_len = PFKEY_UNIT64(elen); 7188 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 7189 off += PFKEY_ALIGN8(sizeof(*sup)); 7190 7191 for (i = 1; i <= SADB_EALG_MAX; i++) { 7192 const struct enc_xform *ealgo; 7193 7194 ealgo = enc_algorithm_lookup(i); 7195 if (!ealgo) 7196 continue; 7197 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 7198 alg->sadb_alg_id = i; 7199 alg->sadb_alg_ivlen = ealgo->ivsize; 7200 alg->sadb_alg_minbits = _BITS(ealgo->minkey); 7201 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey); 7202 off += PFKEY_ALIGN8(sizeof(struct sadb_alg)); 7203 } 7204 } 7205 7206 IPSEC_ASSERT(off == len, 7207 ("length assumption failed (off %u len %u)", off, len)); 7208 7209 m_freem(m); 7210 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); 7211 } 7212 } 7213 7214 /* 7215 * free secreg entry registered. 7216 * XXX: I want to do free a socket marked done SADB_RESIGER to socket. 7217 */ 7218 void 7219 key_freereg(struct socket *so) 7220 { 7221 struct secreg *reg; 7222 int i; 7223 7224 IPSEC_ASSERT(so != NULL, ("NULL so")); 7225 7226 /* 7227 * check whether existing or not. 7228 * check all type of SA, because there is a potential that 7229 * one socket is registered to multiple type of SA. 7230 */ 7231 REGTREE_LOCK(); 7232 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 7233 LIST_FOREACH(reg, &V_regtree[i], chain) { 7234 if (reg->so == so && __LIST_CHAINED(reg)) { 7235 LIST_REMOVE(reg, chain); 7236 free(reg, M_IPSEC_SAR); 7237 break; 7238 } 7239 } 7240 } 7241 REGTREE_UNLOCK(); 7242 } 7243 7244 /* 7245 * SADB_EXPIRE processing 7246 * send 7247 * <base, SA, SA2, lifetime(C and one of HS), address(SD)> 7248 * to KMD by PF_KEY. 7249 * NOTE: We send only soft lifetime extension. 7250 * 7251 * OUT: 0 : succeed 7252 * others : error number 7253 */ 7254 static int 7255 key_expire(struct secasvar *sav, int hard) 7256 { 7257 struct mbuf *result = NULL, *m; 7258 struct sadb_lifetime *lt; 7259 uint32_t replay_count; 7260 int error, len; 7261 uint8_t satype; 7262 7263 IPSEC_ASSERT (sav != NULL, ("null sav")); 7264 IPSEC_ASSERT (sav->sah != NULL, ("null sa header")); 7265 7266 KEYDBG(KEY_STAMP, 7267 printf("%s: SA(%p) expired %s lifetime\n", __func__, 7268 sav, hard ? "hard": "soft")); 7269 KEYDBG(KEY_DATA, kdebug_secasv(sav)); 7270 /* set msg header */ 7271 satype = key_proto2satype(sav->sah->saidx.proto); 7272 IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype)); 7273 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); 7274 if (!m) { 7275 error = ENOBUFS; 7276 goto fail; 7277 } 7278 result = m; 7279 7280 /* create SA extension */ 7281 m = key_setsadbsa(sav); 7282 if (!m) { 7283 error = ENOBUFS; 7284 goto fail; 7285 } 7286 m_cat(result, m); 7287 7288 /* create SA extension */ 7289 SECASVAR_LOCK(sav); 7290 replay_count = sav->replay ? sav->replay->count : 0; 7291 SECASVAR_UNLOCK(sav); 7292 7293 m = key_setsadbxsa2(sav->sah->saidx.mode, replay_count, 7294 sav->sah->saidx.reqid); 7295 if (!m) { 7296 error = ENOBUFS; 7297 goto fail; 7298 } 7299 m_cat(result, m); 7300 7301 if (sav->replay && sav->replay->wsize > UINT8_MAX) { 7302 m = key_setsadbxsareplay(sav->replay->wsize); 7303 if (!m) { 7304 error = ENOBUFS; 7305 goto fail; 7306 } 7307 m_cat(result, m); 7308 } 7309 7310 /* create lifetime extension (current and soft) */ 7311 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 7312 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 7313 if (m == NULL) { 7314 error = ENOBUFS; 7315 goto fail; 7316 } 7317 m_align(m, len); 7318 m->m_len = len; 7319 bzero(mtod(m, caddr_t), len); 7320 lt = mtod(m, struct sadb_lifetime *); 7321 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7322 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 7323 lt->sadb_lifetime_allocations = 7324 (uint32_t)counter_u64_fetch(sav->lft_c_allocations); 7325 lt->sadb_lifetime_bytes = 7326 counter_u64_fetch(sav->lft_c_bytes); 7327 lt->sadb_lifetime_addtime = sav->created; 7328 lt->sadb_lifetime_usetime = sav->firstused; 7329 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 7330 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 7331 if (hard) { 7332 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 7333 lt->sadb_lifetime_allocations = sav->lft_h->allocations; 7334 lt->sadb_lifetime_bytes = sav->lft_h->bytes; 7335 lt->sadb_lifetime_addtime = sav->lft_h->addtime; 7336 lt->sadb_lifetime_usetime = sav->lft_h->usetime; 7337 } else { 7338 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; 7339 lt->sadb_lifetime_allocations = sav->lft_s->allocations; 7340 lt->sadb_lifetime_bytes = sav->lft_s->bytes; 7341 lt->sadb_lifetime_addtime = sav->lft_s->addtime; 7342 lt->sadb_lifetime_usetime = sav->lft_s->usetime; 7343 } 7344 m_cat(result, m); 7345 7346 /* set sadb_address for source */ 7347 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 7348 &sav->sah->saidx.src.sa, 7349 FULLMASK, IPSEC_ULPROTO_ANY); 7350 if (!m) { 7351 error = ENOBUFS; 7352 goto fail; 7353 } 7354 m_cat(result, m); 7355 7356 /* set sadb_address for destination */ 7357 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 7358 &sav->sah->saidx.dst.sa, 7359 FULLMASK, IPSEC_ULPROTO_ANY); 7360 if (!m) { 7361 error = ENOBUFS; 7362 goto fail; 7363 } 7364 m_cat(result, m); 7365 7366 /* 7367 * XXX-BZ Handle NAT-T extensions here. 7368 * XXXAE: it doesn't seem quite useful. IKEs should not depend on 7369 * this information, we report only significant SA fields. 7370 */ 7371 7372 if ((result->m_flags & M_PKTHDR) == 0) { 7373 error = EINVAL; 7374 goto fail; 7375 } 7376 7377 if (result->m_len < sizeof(struct sadb_msg)) { 7378 result = m_pullup(result, sizeof(struct sadb_msg)); 7379 if (result == NULL) { 7380 error = ENOBUFS; 7381 goto fail; 7382 } 7383 } 7384 7385 result->m_pkthdr.len = 0; 7386 for (m = result; m; m = m->m_next) 7387 result->m_pkthdr.len += m->m_len; 7388 7389 mtod(result, struct sadb_msg *)->sadb_msg_len = 7390 PFKEY_UNIT64(result->m_pkthdr.len); 7391 7392 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 7393 7394 fail: 7395 if (result) 7396 m_freem(result); 7397 return error; 7398 } 7399 7400 static void 7401 key_freesah_flushed(struct secashead_queue *flushq) 7402 { 7403 struct secashead *sah, *nextsah; 7404 struct secasvar *sav, *nextsav; 7405 7406 sah = TAILQ_FIRST(flushq); 7407 while (sah != NULL) { 7408 sav = TAILQ_FIRST(&sah->savtree_larval); 7409 while (sav != NULL) { 7410 nextsav = TAILQ_NEXT(sav, chain); 7411 TAILQ_REMOVE(&sah->savtree_larval, sav, chain); 7412 key_freesav(&sav); /* release last reference */ 7413 key_freesah(&sah); /* release reference from SAV */ 7414 sav = nextsav; 7415 } 7416 sav = TAILQ_FIRST(&sah->savtree_alive); 7417 while (sav != NULL) { 7418 nextsav = TAILQ_NEXT(sav, chain); 7419 TAILQ_REMOVE(&sah->savtree_alive, sav, chain); 7420 key_freesav(&sav); /* release last reference */ 7421 key_freesah(&sah); /* release reference from SAV */ 7422 sav = nextsav; 7423 } 7424 nextsah = TAILQ_NEXT(sah, chain); 7425 key_freesah(&sah); /* release last reference */ 7426 sah = nextsah; 7427 } 7428 } 7429 7430 /* 7431 * SADB_FLUSH processing 7432 * receive 7433 * <base> 7434 * from the ikmpd, and free all entries in secastree. 7435 * and send, 7436 * <base> 7437 * to the ikmpd. 7438 * NOTE: to do is only marking SADB_SASTATE_DEAD. 7439 * 7440 * m will always be freed. 7441 */ 7442 static int 7443 key_flush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7444 { 7445 struct secashead_queue flushq; 7446 struct sadb_msg *newmsg; 7447 struct secashead *sah, *nextsah; 7448 struct secasvar *sav; 7449 uint8_t proto; 7450 int i; 7451 7452 IPSEC_ASSERT(so != NULL, ("null socket")); 7453 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7454 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7455 7456 /* map satype to proto */ 7457 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7458 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7459 __func__)); 7460 return key_senderror(so, m, EINVAL); 7461 } 7462 KEYDBG(KEY_STAMP, 7463 printf("%s: proto %u\n", __func__, proto)); 7464 7465 TAILQ_INIT(&flushq); 7466 if (proto == IPSEC_PROTO_ANY) { 7467 /* no SATYPE specified, i.e. flushing all SA. */ 7468 SAHTREE_WLOCK(); 7469 /* Move all SAHs into flushq */ 7470 TAILQ_CONCAT(&flushq, &V_sahtree, chain); 7471 /* Flush all buckets in SPI hash */ 7472 for (i = 0; i < V_savhash_mask + 1; i++) 7473 LIST_INIT(&V_savhashtbl[i]); 7474 /* Flush all buckets in SAHADDRHASH */ 7475 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 7476 LIST_INIT(&V_sahaddrhashtbl[i]); 7477 /* Mark all SAHs as unlinked */ 7478 TAILQ_FOREACH(sah, &flushq, chain) { 7479 sah->state = SADB_SASTATE_DEAD; 7480 /* 7481 * Callout handler makes its job using 7482 * RLOCK and drain queues. In case, when this 7483 * function will be called just before it 7484 * acquires WLOCK, we need to mark SAs as 7485 * unlinked to prevent second unlink. 7486 */ 7487 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7488 sav->state = SADB_SASTATE_DEAD; 7489 } 7490 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7491 sav->state = SADB_SASTATE_DEAD; 7492 } 7493 } 7494 SAHTREE_WUNLOCK(); 7495 } else { 7496 SAHTREE_WLOCK(); 7497 sah = TAILQ_FIRST(&V_sahtree); 7498 while (sah != NULL) { 7499 IPSEC_ASSERT(sah->state != SADB_SASTATE_DEAD, 7500 ("DEAD SAH %p in SADB_FLUSH", sah)); 7501 nextsah = TAILQ_NEXT(sah, chain); 7502 if (sah->saidx.proto != proto) { 7503 sah = nextsah; 7504 continue; 7505 } 7506 sah->state = SADB_SASTATE_DEAD; 7507 TAILQ_REMOVE(&V_sahtree, sah, chain); 7508 LIST_REMOVE(sah, addrhash); 7509 /* Unlink all SAs from SPI hash */ 7510 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7511 LIST_REMOVE(sav, spihash); 7512 sav->state = SADB_SASTATE_DEAD; 7513 } 7514 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7515 LIST_REMOVE(sav, spihash); 7516 sav->state = SADB_SASTATE_DEAD; 7517 } 7518 /* Add SAH into flushq */ 7519 TAILQ_INSERT_HEAD(&flushq, sah, chain); 7520 sah = nextsah; 7521 } 7522 SAHTREE_WUNLOCK(); 7523 } 7524 7525 key_freesah_flushed(&flushq); 7526 /* Free all queued SAs and SAHs */ 7527 if (m->m_len < sizeof(struct sadb_msg) || 7528 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 7529 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 7530 return key_senderror(so, m, ENOBUFS); 7531 } 7532 7533 if (m->m_next) 7534 m_freem(m->m_next); 7535 m->m_next = NULL; 7536 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg); 7537 newmsg = mtod(m, struct sadb_msg *); 7538 newmsg->sadb_msg_errno = 0; 7539 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 7540 7541 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7542 } 7543 7544 /* 7545 * SADB_DUMP processing 7546 * dump all entries including status of DEAD in SAD. 7547 * receive 7548 * <base> 7549 * from the ikmpd, and dump all secasvar leaves 7550 * and send, 7551 * <base> ..... 7552 * to the ikmpd. 7553 * 7554 * m will always be freed. 7555 */ 7556 static int 7557 key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7558 { 7559 SAHTREE_RLOCK_TRACKER; 7560 struct secashead *sah; 7561 struct secasvar *sav; 7562 struct mbuf *n; 7563 uint32_t cnt; 7564 uint8_t proto, satype; 7565 7566 IPSEC_ASSERT(so != NULL, ("null socket")); 7567 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7568 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7569 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7570 7571 /* map satype to proto */ 7572 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 7573 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 7574 __func__)); 7575 return key_senderror(so, m, EINVAL); 7576 } 7577 7578 /* count sav entries to be sent to the userland. */ 7579 cnt = 0; 7580 SAHTREE_RLOCK(); 7581 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7582 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7583 proto != sah->saidx.proto) 7584 continue; 7585 7586 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) 7587 cnt++; 7588 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) 7589 cnt++; 7590 } 7591 7592 if (cnt == 0) { 7593 SAHTREE_RUNLOCK(); 7594 return key_senderror(so, m, ENOENT); 7595 } 7596 7597 /* send this to the userland, one at a time. */ 7598 TAILQ_FOREACH(sah, &V_sahtree, chain) { 7599 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC && 7600 proto != sah->saidx.proto) 7601 continue; 7602 7603 /* map proto to satype */ 7604 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 7605 SAHTREE_RUNLOCK(); 7606 ipseclog((LOG_DEBUG, "%s: there was invalid proto in " 7607 "SAD.\n", __func__)); 7608 return key_senderror(so, m, EINVAL); 7609 } 7610 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 7611 n = key_setdumpsa(sav, SADB_DUMP, satype, 7612 --cnt, mhp->msg->sadb_msg_pid); 7613 if (n == NULL) { 7614 SAHTREE_RUNLOCK(); 7615 return key_senderror(so, m, ENOBUFS); 7616 } 7617 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7618 } 7619 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 7620 n = key_setdumpsa(sav, SADB_DUMP, satype, 7621 --cnt, mhp->msg->sadb_msg_pid); 7622 if (n == NULL) { 7623 SAHTREE_RUNLOCK(); 7624 return key_senderror(so, m, ENOBUFS); 7625 } 7626 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 7627 } 7628 } 7629 SAHTREE_RUNLOCK(); 7630 m_freem(m); 7631 return (0); 7632 } 7633 /* 7634 * SADB_X_PROMISC processing 7635 * 7636 * m will always be freed. 7637 */ 7638 static int 7639 key_promisc(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) 7640 { 7641 int olen; 7642 7643 IPSEC_ASSERT(so != NULL, ("null socket")); 7644 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7645 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 7646 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 7647 7648 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 7649 7650 if (olen < sizeof(struct sadb_msg)) { 7651 #if 1 7652 return key_senderror(so, m, EINVAL); 7653 #else 7654 m_freem(m); 7655 return 0; 7656 #endif 7657 } else if (olen == sizeof(struct sadb_msg)) { 7658 /* enable/disable promisc mode */ 7659 struct keycb *kp; 7660 7661 if ((kp = (struct keycb *)sotorawcb(so)) == NULL) 7662 return key_senderror(so, m, EINVAL); 7663 mhp->msg->sadb_msg_errno = 0; 7664 switch (mhp->msg->sadb_msg_satype) { 7665 case 0: 7666 case 1: 7667 kp->kp_promisc = mhp->msg->sadb_msg_satype; 7668 break; 7669 default: 7670 return key_senderror(so, m, EINVAL); 7671 } 7672 7673 /* send the original message back to everyone */ 7674 mhp->msg->sadb_msg_errno = 0; 7675 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7676 } else { 7677 /* send packet as is */ 7678 7679 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg))); 7680 7681 /* TODO: if sadb_msg_seq is specified, send to specific pid */ 7682 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 7683 } 7684 } 7685 7686 static int (*key_typesw[])(struct socket *, struct mbuf *, 7687 const struct sadb_msghdr *) = { 7688 NULL, /* SADB_RESERVED */ 7689 key_getspi, /* SADB_GETSPI */ 7690 key_update, /* SADB_UPDATE */ 7691 key_add, /* SADB_ADD */ 7692 key_delete, /* SADB_DELETE */ 7693 key_get, /* SADB_GET */ 7694 key_acquire2, /* SADB_ACQUIRE */ 7695 key_register, /* SADB_REGISTER */ 7696 NULL, /* SADB_EXPIRE */ 7697 key_flush, /* SADB_FLUSH */ 7698 key_dump, /* SADB_DUMP */ 7699 key_promisc, /* SADB_X_PROMISC */ 7700 NULL, /* SADB_X_PCHANGE */ 7701 key_spdadd, /* SADB_X_SPDUPDATE */ 7702 key_spdadd, /* SADB_X_SPDADD */ 7703 key_spddelete, /* SADB_X_SPDDELETE */ 7704 key_spdget, /* SADB_X_SPDGET */ 7705 NULL, /* SADB_X_SPDACQUIRE */ 7706 key_spddump, /* SADB_X_SPDDUMP */ 7707 key_spdflush, /* SADB_X_SPDFLUSH */ 7708 key_spdadd, /* SADB_X_SPDSETIDX */ 7709 NULL, /* SADB_X_SPDEXPIRE */ 7710 key_spddelete2, /* SADB_X_SPDDELETE2 */ 7711 }; 7712 7713 /* 7714 * parse sadb_msg buffer to process PFKEYv2, 7715 * and create a data to response if needed. 7716 * I think to be dealed with mbuf directly. 7717 * IN: 7718 * msgp : pointer to pointer to a received buffer pulluped. 7719 * This is rewrited to response. 7720 * so : pointer to socket. 7721 * OUT: 7722 * length for buffer to send to user process. 7723 */ 7724 int 7725 key_parse(struct mbuf *m, struct socket *so) 7726 { 7727 struct sadb_msg *msg; 7728 struct sadb_msghdr mh; 7729 u_int orglen; 7730 int error; 7731 int target; 7732 7733 IPSEC_ASSERT(so != NULL, ("null socket")); 7734 IPSEC_ASSERT(m != NULL, ("null mbuf")); 7735 7736 if (m->m_len < sizeof(struct sadb_msg)) { 7737 m = m_pullup(m, sizeof(struct sadb_msg)); 7738 if (!m) 7739 return ENOBUFS; 7740 } 7741 msg = mtod(m, struct sadb_msg *); 7742 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); 7743 target = KEY_SENDUP_ONE; 7744 7745 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len != orglen) { 7746 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); 7747 PFKEYSTAT_INC(out_invlen); 7748 error = EINVAL; 7749 goto senderror; 7750 } 7751 7752 if (msg->sadb_msg_version != PF_KEY_V2) { 7753 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n", 7754 __func__, msg->sadb_msg_version)); 7755 PFKEYSTAT_INC(out_invver); 7756 error = EINVAL; 7757 goto senderror; 7758 } 7759 7760 if (msg->sadb_msg_type > SADB_MAX) { 7761 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7762 __func__, msg->sadb_msg_type)); 7763 PFKEYSTAT_INC(out_invmsgtype); 7764 error = EINVAL; 7765 goto senderror; 7766 } 7767 7768 /* for old-fashioned code - should be nuked */ 7769 if (m->m_pkthdr.len > MCLBYTES) { 7770 m_freem(m); 7771 return ENOBUFS; 7772 } 7773 if (m->m_next) { 7774 struct mbuf *n; 7775 7776 MGETHDR(n, M_NOWAIT, MT_DATA); 7777 if (n && m->m_pkthdr.len > MHLEN) { 7778 if (!(MCLGET(n, M_NOWAIT))) { 7779 m_free(n); 7780 n = NULL; 7781 } 7782 } 7783 if (!n) { 7784 m_freem(m); 7785 return ENOBUFS; 7786 } 7787 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t)); 7788 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len; 7789 n->m_next = NULL; 7790 m_freem(m); 7791 m = n; 7792 } 7793 7794 /* align the mbuf chain so that extensions are in contiguous region. */ 7795 error = key_align(m, &mh); 7796 if (error) 7797 return error; 7798 7799 msg = mh.msg; 7800 7801 /* We use satype as scope mask for spddump */ 7802 if (msg->sadb_msg_type == SADB_X_SPDDUMP) { 7803 switch (msg->sadb_msg_satype) { 7804 case IPSEC_POLICYSCOPE_ANY: 7805 case IPSEC_POLICYSCOPE_GLOBAL: 7806 case IPSEC_POLICYSCOPE_IFNET: 7807 case IPSEC_POLICYSCOPE_PCB: 7808 break; 7809 default: 7810 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7811 __func__, msg->sadb_msg_type)); 7812 PFKEYSTAT_INC(out_invsatype); 7813 error = EINVAL; 7814 goto senderror; 7815 } 7816 } else { 7817 switch (msg->sadb_msg_satype) { /* check SA type */ 7818 case SADB_SATYPE_UNSPEC: 7819 switch (msg->sadb_msg_type) { 7820 case SADB_GETSPI: 7821 case SADB_UPDATE: 7822 case SADB_ADD: 7823 case SADB_DELETE: 7824 case SADB_GET: 7825 case SADB_ACQUIRE: 7826 case SADB_EXPIRE: 7827 ipseclog((LOG_DEBUG, "%s: must specify satype " 7828 "when msg type=%u.\n", __func__, 7829 msg->sadb_msg_type)); 7830 PFKEYSTAT_INC(out_invsatype); 7831 error = EINVAL; 7832 goto senderror; 7833 } 7834 break; 7835 case SADB_SATYPE_AH: 7836 case SADB_SATYPE_ESP: 7837 case SADB_X_SATYPE_IPCOMP: 7838 case SADB_X_SATYPE_TCPSIGNATURE: 7839 switch (msg->sadb_msg_type) { 7840 case SADB_X_SPDADD: 7841 case SADB_X_SPDDELETE: 7842 case SADB_X_SPDGET: 7843 case SADB_X_SPDFLUSH: 7844 case SADB_X_SPDSETIDX: 7845 case SADB_X_SPDUPDATE: 7846 case SADB_X_SPDDELETE2: 7847 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 7848 __func__, msg->sadb_msg_type)); 7849 PFKEYSTAT_INC(out_invsatype); 7850 error = EINVAL; 7851 goto senderror; 7852 } 7853 break; 7854 case SADB_SATYPE_RSVP: 7855 case SADB_SATYPE_OSPFV2: 7856 case SADB_SATYPE_RIPV2: 7857 case SADB_SATYPE_MIP: 7858 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n", 7859 __func__, msg->sadb_msg_satype)); 7860 PFKEYSTAT_INC(out_invsatype); 7861 error = EOPNOTSUPP; 7862 goto senderror; 7863 case 1: /* XXX: What does it do? */ 7864 if (msg->sadb_msg_type == SADB_X_PROMISC) 7865 break; 7866 /*FALLTHROUGH*/ 7867 default: 7868 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 7869 __func__, msg->sadb_msg_satype)); 7870 PFKEYSTAT_INC(out_invsatype); 7871 error = EINVAL; 7872 goto senderror; 7873 } 7874 } 7875 7876 /* check field of upper layer protocol and address family */ 7877 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL 7878 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) { 7879 struct sadb_address *src0, *dst0; 7880 u_int plen; 7881 7882 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]); 7883 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]); 7884 7885 /* check upper layer protocol */ 7886 if (src0->sadb_address_proto != dst0->sadb_address_proto) { 7887 ipseclog((LOG_DEBUG, "%s: upper layer protocol " 7888 "mismatched.\n", __func__)); 7889 PFKEYSTAT_INC(out_invaddr); 7890 error = EINVAL; 7891 goto senderror; 7892 } 7893 7894 /* check family */ 7895 if (PFKEY_ADDR_SADDR(src0)->sa_family != 7896 PFKEY_ADDR_SADDR(dst0)->sa_family) { 7897 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", 7898 __func__)); 7899 PFKEYSTAT_INC(out_invaddr); 7900 error = EINVAL; 7901 goto senderror; 7902 } 7903 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7904 PFKEY_ADDR_SADDR(dst0)->sa_len) { 7905 ipseclog((LOG_DEBUG, "%s: address struct size " 7906 "mismatched.\n", __func__)); 7907 PFKEYSTAT_INC(out_invaddr); 7908 error = EINVAL; 7909 goto senderror; 7910 } 7911 7912 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7913 case AF_INET: 7914 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7915 sizeof(struct sockaddr_in)) { 7916 PFKEYSTAT_INC(out_invaddr); 7917 error = EINVAL; 7918 goto senderror; 7919 } 7920 break; 7921 case AF_INET6: 7922 if (PFKEY_ADDR_SADDR(src0)->sa_len != 7923 sizeof(struct sockaddr_in6)) { 7924 PFKEYSTAT_INC(out_invaddr); 7925 error = EINVAL; 7926 goto senderror; 7927 } 7928 break; 7929 default: 7930 ipseclog((LOG_DEBUG, "%s: unsupported address family\n", 7931 __func__)); 7932 PFKEYSTAT_INC(out_invaddr); 7933 error = EAFNOSUPPORT; 7934 goto senderror; 7935 } 7936 7937 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 7938 case AF_INET: 7939 plen = sizeof(struct in_addr) << 3; 7940 break; 7941 case AF_INET6: 7942 plen = sizeof(struct in6_addr) << 3; 7943 break; 7944 default: 7945 plen = 0; /*fool gcc*/ 7946 break; 7947 } 7948 7949 /* check max prefix length */ 7950 if (src0->sadb_address_prefixlen > plen || 7951 dst0->sadb_address_prefixlen > plen) { 7952 ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n", 7953 __func__)); 7954 PFKEYSTAT_INC(out_invaddr); 7955 error = EINVAL; 7956 goto senderror; 7957 } 7958 7959 /* 7960 * prefixlen == 0 is valid because there can be a case when 7961 * all addresses are matched. 7962 */ 7963 } 7964 7965 if (msg->sadb_msg_type >= nitems(key_typesw) || 7966 key_typesw[msg->sadb_msg_type] == NULL) { 7967 PFKEYSTAT_INC(out_invmsgtype); 7968 error = EINVAL; 7969 goto senderror; 7970 } 7971 7972 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh); 7973 7974 senderror: 7975 msg->sadb_msg_errno = error; 7976 return key_sendup_mbuf(so, m, target); 7977 } 7978 7979 static int 7980 key_senderror(struct socket *so, struct mbuf *m, int code) 7981 { 7982 struct sadb_msg *msg; 7983 7984 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 7985 ("mbuf too small, len %u", m->m_len)); 7986 7987 msg = mtod(m, struct sadb_msg *); 7988 msg->sadb_msg_errno = code; 7989 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 7990 } 7991 7992 /* 7993 * set the pointer to each header into message buffer. 7994 * m will be freed on error. 7995 * XXX larger-than-MCLBYTES extension? 7996 */ 7997 static int 7998 key_align(struct mbuf *m, struct sadb_msghdr *mhp) 7999 { 8000 struct mbuf *n; 8001 struct sadb_ext *ext; 8002 size_t off, end; 8003 int extlen; 8004 int toff; 8005 8006 IPSEC_ASSERT(m != NULL, ("null mbuf")); 8007 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 8008 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 8009 ("mbuf too small, len %u", m->m_len)); 8010 8011 /* initialize */ 8012 bzero(mhp, sizeof(*mhp)); 8013 8014 mhp->msg = mtod(m, struct sadb_msg *); 8015 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */ 8016 8017 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 8018 extlen = end; /*just in case extlen is not updated*/ 8019 for (off = sizeof(struct sadb_msg); off < end; off += extlen) { 8020 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff); 8021 if (!n) { 8022 /* m is already freed */ 8023 return ENOBUFS; 8024 } 8025 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8026 8027 /* set pointer */ 8028 switch (ext->sadb_ext_type) { 8029 case SADB_EXT_SA: 8030 case SADB_EXT_ADDRESS_SRC: 8031 case SADB_EXT_ADDRESS_DST: 8032 case SADB_EXT_ADDRESS_PROXY: 8033 case SADB_EXT_LIFETIME_CURRENT: 8034 case SADB_EXT_LIFETIME_HARD: 8035 case SADB_EXT_LIFETIME_SOFT: 8036 case SADB_EXT_KEY_AUTH: 8037 case SADB_EXT_KEY_ENCRYPT: 8038 case SADB_EXT_IDENTITY_SRC: 8039 case SADB_EXT_IDENTITY_DST: 8040 case SADB_EXT_SENSITIVITY: 8041 case SADB_EXT_PROPOSAL: 8042 case SADB_EXT_SUPPORTED_AUTH: 8043 case SADB_EXT_SUPPORTED_ENCRYPT: 8044 case SADB_EXT_SPIRANGE: 8045 case SADB_X_EXT_POLICY: 8046 case SADB_X_EXT_SA2: 8047 case SADB_X_EXT_NAT_T_TYPE: 8048 case SADB_X_EXT_NAT_T_SPORT: 8049 case SADB_X_EXT_NAT_T_DPORT: 8050 case SADB_X_EXT_NAT_T_OAI: 8051 case SADB_X_EXT_NAT_T_OAR: 8052 case SADB_X_EXT_NAT_T_FRAG: 8053 case SADB_X_EXT_SA_REPLAY: 8054 case SADB_X_EXT_NEW_ADDRESS_SRC: 8055 case SADB_X_EXT_NEW_ADDRESS_DST: 8056 /* duplicate check */ 8057 /* 8058 * XXX Are there duplication payloads of either 8059 * KEY_AUTH or KEY_ENCRYPT ? 8060 */ 8061 if (mhp->ext[ext->sadb_ext_type] != NULL) { 8062 ipseclog((LOG_DEBUG, "%s: duplicate ext_type " 8063 "%u\n", __func__, ext->sadb_ext_type)); 8064 m_freem(m); 8065 PFKEYSTAT_INC(out_dupext); 8066 return EINVAL; 8067 } 8068 break; 8069 default: 8070 ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n", 8071 __func__, ext->sadb_ext_type)); 8072 m_freem(m); 8073 PFKEYSTAT_INC(out_invexttype); 8074 return EINVAL; 8075 } 8076 8077 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 8078 8079 if (key_validate_ext(ext, extlen)) { 8080 m_freem(m); 8081 PFKEYSTAT_INC(out_invlen); 8082 return EINVAL; 8083 } 8084 8085 n = m_pulldown(m, off, extlen, &toff); 8086 if (!n) { 8087 /* m is already freed */ 8088 return ENOBUFS; 8089 } 8090 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 8091 8092 mhp->ext[ext->sadb_ext_type] = ext; 8093 mhp->extoff[ext->sadb_ext_type] = off; 8094 mhp->extlen[ext->sadb_ext_type] = extlen; 8095 } 8096 8097 if (off != end) { 8098 m_freem(m); 8099 PFKEYSTAT_INC(out_invlen); 8100 return EINVAL; 8101 } 8102 8103 return 0; 8104 } 8105 8106 static int 8107 key_validate_ext(const struct sadb_ext *ext, int len) 8108 { 8109 const struct sockaddr *sa; 8110 enum { NONE, ADDR } checktype = NONE; 8111 int baselen = 0; 8112 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len); 8113 8114 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len)) 8115 return EINVAL; 8116 8117 /* if it does not match minimum/maximum length, bail */ 8118 if (ext->sadb_ext_type >= nitems(minsize) || 8119 ext->sadb_ext_type >= nitems(maxsize)) 8120 return EINVAL; 8121 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type]) 8122 return EINVAL; 8123 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type]) 8124 return EINVAL; 8125 8126 /* more checks based on sadb_ext_type XXX need more */ 8127 switch (ext->sadb_ext_type) { 8128 case SADB_EXT_ADDRESS_SRC: 8129 case SADB_EXT_ADDRESS_DST: 8130 case SADB_EXT_ADDRESS_PROXY: 8131 case SADB_X_EXT_NAT_T_OAI: 8132 case SADB_X_EXT_NAT_T_OAR: 8133 case SADB_X_EXT_NEW_ADDRESS_SRC: 8134 case SADB_X_EXT_NEW_ADDRESS_DST: 8135 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address)); 8136 checktype = ADDR; 8137 break; 8138 case SADB_EXT_IDENTITY_SRC: 8139 case SADB_EXT_IDENTITY_DST: 8140 if (((const struct sadb_ident *)ext)->sadb_ident_type == 8141 SADB_X_IDENTTYPE_ADDR) { 8142 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident)); 8143 checktype = ADDR; 8144 } else 8145 checktype = NONE; 8146 break; 8147 default: 8148 checktype = NONE; 8149 break; 8150 } 8151 8152 switch (checktype) { 8153 case NONE: 8154 break; 8155 case ADDR: 8156 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen); 8157 if (len < baselen + sal) 8158 return EINVAL; 8159 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len) 8160 return EINVAL; 8161 break; 8162 } 8163 8164 return 0; 8165 } 8166 8167 void 8168 spdcache_init(void) 8169 { 8170 int i; 8171 8172 TUNABLE_INT_FETCH("net.key.spdcache.maxentries", 8173 &V_key_spdcache_maxentries); 8174 TUNABLE_INT_FETCH("net.key.spdcache.threshold", 8175 &V_key_spdcache_threshold); 8176 8177 if (V_key_spdcache_maxentries) { 8178 V_key_spdcache_maxentries = MAX(V_key_spdcache_maxentries, 8179 SPDCACHE_MAX_ENTRIES_PER_HASH); 8180 V_spdcachehashtbl = hashinit(V_key_spdcache_maxentries / 8181 SPDCACHE_MAX_ENTRIES_PER_HASH, 8182 M_IPSEC_SPDCACHE, &V_spdcachehash_mask); 8183 V_key_spdcache_maxentries = (V_spdcachehash_mask + 1) 8184 * SPDCACHE_MAX_ENTRIES_PER_HASH; 8185 8186 V_spdcache_lock = malloc(sizeof(struct mtx) * 8187 (V_spdcachehash_mask + 1), 8188 M_IPSEC_SPDCACHE, M_WAITOK|M_ZERO); 8189 8190 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8191 SPDCACHE_LOCK_INIT(i); 8192 } 8193 } 8194 8195 struct spdcache_entry * 8196 spdcache_entry_alloc(const struct secpolicyindex *spidx, struct secpolicy *sp) 8197 { 8198 struct spdcache_entry *entry; 8199 8200 entry = malloc(sizeof(struct spdcache_entry), 8201 M_IPSEC_SPDCACHE, M_NOWAIT|M_ZERO); 8202 if (entry == NULL) 8203 return NULL; 8204 8205 if (sp != NULL) 8206 SP_ADDREF(sp); 8207 8208 entry->spidx = *spidx; 8209 entry->sp = sp; 8210 8211 return (entry); 8212 } 8213 8214 void 8215 spdcache_entry_free(struct spdcache_entry *entry) 8216 { 8217 8218 if (entry->sp != NULL) 8219 key_freesp(&entry->sp); 8220 free(entry, M_IPSEC_SPDCACHE); 8221 } 8222 8223 void 8224 spdcache_clear(void) 8225 { 8226 struct spdcache_entry *entry; 8227 int i; 8228 8229 for (i = 0; i < V_spdcachehash_mask + 1; ++i) { 8230 SPDCACHE_LOCK(i); 8231 while (!LIST_EMPTY(&V_spdcachehashtbl[i])) { 8232 entry = LIST_FIRST(&V_spdcachehashtbl[i]); 8233 LIST_REMOVE(entry, chain); 8234 spdcache_entry_free(entry); 8235 } 8236 SPDCACHE_UNLOCK(i); 8237 } 8238 } 8239 8240 #ifdef VIMAGE 8241 void 8242 spdcache_destroy(void) 8243 { 8244 int i; 8245 8246 if (SPDCACHE_ENABLED()) { 8247 spdcache_clear(); 8248 hashdestroy(V_spdcachehashtbl, M_IPSEC_SPDCACHE, V_spdcachehash_mask); 8249 8250 for (i = 0; i < V_spdcachehash_mask + 1; ++i) 8251 SPDCACHE_LOCK_DESTROY(i); 8252 8253 free(V_spdcache_lock, M_IPSEC_SPDCACHE); 8254 } 8255 } 8256 #endif 8257 void 8258 key_init(void) 8259 { 8260 int i; 8261 8262 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8263 TAILQ_INIT(&V_sptree[i]); 8264 TAILQ_INIT(&V_sptree_ifnet[i]); 8265 } 8266 8267 V_key_lft_zone = uma_zcreate("IPsec SA lft_c", 8268 sizeof(uint64_t) * 2, NULL, NULL, NULL, NULL, 8269 UMA_ALIGN_PTR, UMA_ZONE_PCPU); 8270 8271 TAILQ_INIT(&V_sahtree); 8272 V_sphashtbl = hashinit(SPHASH_NHASH, M_IPSEC_SP, &V_sphash_mask); 8273 V_savhashtbl = hashinit(SAVHASH_NHASH, M_IPSEC_SA, &V_savhash_mask); 8274 V_sahaddrhashtbl = hashinit(SAHHASH_NHASH, M_IPSEC_SAH, 8275 &V_sahaddrhash_mask); 8276 V_acqaddrhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8277 &V_acqaddrhash_mask); 8278 V_acqseqhashtbl = hashinit(ACQHASH_NHASH, M_IPSEC_SAQ, 8279 &V_acqseqhash_mask); 8280 8281 spdcache_init(); 8282 8283 for (i = 0; i <= SADB_SATYPE_MAX; i++) 8284 LIST_INIT(&V_regtree[i]); 8285 8286 LIST_INIT(&V_acqtree); 8287 LIST_INIT(&V_spacqtree); 8288 8289 if (!IS_DEFAULT_VNET(curvnet)) 8290 return; 8291 8292 SPTREE_LOCK_INIT(); 8293 REGTREE_LOCK_INIT(); 8294 SAHTREE_LOCK_INIT(); 8295 ACQ_LOCK_INIT(); 8296 SPACQ_LOCK_INIT(); 8297 8298 #ifndef IPSEC_DEBUG2 8299 callout_init(&key_timer, 1); 8300 callout_reset(&key_timer, hz, key_timehandler, NULL); 8301 #endif /*IPSEC_DEBUG2*/ 8302 8303 /* initialize key statistics */ 8304 keystat.getspi_count = 1; 8305 8306 if (bootverbose) 8307 printf("IPsec: Initialized Security Association Processing.\n"); 8308 } 8309 8310 #ifdef VIMAGE 8311 void 8312 key_destroy(void) 8313 { 8314 struct secashead_queue sahdrainq; 8315 struct secpolicy_queue drainq; 8316 struct secpolicy *sp, *nextsp; 8317 struct secacq *acq, *nextacq; 8318 struct secspacq *spacq, *nextspacq; 8319 struct secashead *sah; 8320 struct secasvar *sav; 8321 struct secreg *reg; 8322 int i; 8323 8324 /* 8325 * XXX: can we just call free() for each object without 8326 * walking through safe way with releasing references? 8327 */ 8328 TAILQ_INIT(&drainq); 8329 SPTREE_WLOCK(); 8330 for (i = 0; i < IPSEC_DIR_MAX; i++) { 8331 TAILQ_CONCAT(&drainq, &V_sptree[i], chain); 8332 TAILQ_CONCAT(&drainq, &V_sptree_ifnet[i], chain); 8333 } 8334 for (i = 0; i < V_sphash_mask + 1; i++) 8335 LIST_INIT(&V_sphashtbl[i]); 8336 SPTREE_WUNLOCK(); 8337 spdcache_destroy(); 8338 8339 sp = TAILQ_FIRST(&drainq); 8340 while (sp != NULL) { 8341 nextsp = TAILQ_NEXT(sp, chain); 8342 key_freesp(&sp); 8343 sp = nextsp; 8344 } 8345 8346 TAILQ_INIT(&sahdrainq); 8347 SAHTREE_WLOCK(); 8348 TAILQ_CONCAT(&sahdrainq, &V_sahtree, chain); 8349 for (i = 0; i < V_savhash_mask + 1; i++) 8350 LIST_INIT(&V_savhashtbl[i]); 8351 for (i = 0; i < V_sahaddrhash_mask + 1; i++) 8352 LIST_INIT(&V_sahaddrhashtbl[i]); 8353 TAILQ_FOREACH(sah, &sahdrainq, chain) { 8354 sah->state = SADB_SASTATE_DEAD; 8355 TAILQ_FOREACH(sav, &sah->savtree_larval, chain) { 8356 sav->state = SADB_SASTATE_DEAD; 8357 } 8358 TAILQ_FOREACH(sav, &sah->savtree_alive, chain) { 8359 sav->state = SADB_SASTATE_DEAD; 8360 } 8361 } 8362 SAHTREE_WUNLOCK(); 8363 8364 key_freesah_flushed(&sahdrainq); 8365 hashdestroy(V_sphashtbl, M_IPSEC_SP, V_sphash_mask); 8366 hashdestroy(V_savhashtbl, M_IPSEC_SA, V_savhash_mask); 8367 hashdestroy(V_sahaddrhashtbl, M_IPSEC_SAH, V_sahaddrhash_mask); 8368 8369 REGTREE_LOCK(); 8370 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 8371 LIST_FOREACH(reg, &V_regtree[i], chain) { 8372 if (__LIST_CHAINED(reg)) { 8373 LIST_REMOVE(reg, chain); 8374 free(reg, M_IPSEC_SAR); 8375 break; 8376 } 8377 } 8378 } 8379 REGTREE_UNLOCK(); 8380 8381 ACQ_LOCK(); 8382 acq = LIST_FIRST(&V_acqtree); 8383 while (acq != NULL) { 8384 nextacq = LIST_NEXT(acq, chain); 8385 LIST_REMOVE(acq, chain); 8386 free(acq, M_IPSEC_SAQ); 8387 acq = nextacq; 8388 } 8389 for (i = 0; i < V_acqaddrhash_mask + 1; i++) 8390 LIST_INIT(&V_acqaddrhashtbl[i]); 8391 for (i = 0; i < V_acqseqhash_mask + 1; i++) 8392 LIST_INIT(&V_acqseqhashtbl[i]); 8393 ACQ_UNLOCK(); 8394 8395 SPACQ_LOCK(); 8396 for (spacq = LIST_FIRST(&V_spacqtree); spacq != NULL; 8397 spacq = nextspacq) { 8398 nextspacq = LIST_NEXT(spacq, chain); 8399 if (__LIST_CHAINED(spacq)) { 8400 LIST_REMOVE(spacq, chain); 8401 free(spacq, M_IPSEC_SAQ); 8402 } 8403 } 8404 SPACQ_UNLOCK(); 8405 hashdestroy(V_acqaddrhashtbl, M_IPSEC_SAQ, V_acqaddrhash_mask); 8406 hashdestroy(V_acqseqhashtbl, M_IPSEC_SAQ, V_acqseqhash_mask); 8407 uma_zdestroy(V_key_lft_zone); 8408 8409 if (!IS_DEFAULT_VNET(curvnet)) 8410 return; 8411 #ifndef IPSEC_DEBUG2 8412 callout_drain(&key_timer); 8413 #endif 8414 SPTREE_LOCK_DESTROY(); 8415 REGTREE_LOCK_DESTROY(); 8416 SAHTREE_LOCK_DESTROY(); 8417 ACQ_LOCK_DESTROY(); 8418 SPACQ_LOCK_DESTROY(); 8419 } 8420 #endif 8421 8422 /* record data transfer on SA, and update timestamps */ 8423 void 8424 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m) 8425 { 8426 IPSEC_ASSERT(sav != NULL, ("Null secasvar")); 8427 IPSEC_ASSERT(m != NULL, ("Null mbuf")); 8428 8429 /* 8430 * XXX Currently, there is a difference of bytes size 8431 * between inbound and outbound processing. 8432 */ 8433 counter_u64_add(sav->lft_c_bytes, m->m_pkthdr.len); 8434 8435 /* 8436 * We use the number of packets as the unit of 8437 * allocations. We increment the variable 8438 * whenever {esp,ah}_{in,out}put is called. 8439 */ 8440 counter_u64_add(sav->lft_c_allocations, 1); 8441 8442 /* 8443 * NOTE: We record CURRENT usetime by using wall clock, 8444 * in seconds. HARD and SOFT lifetime are measured by the time 8445 * difference (again in seconds) from usetime. 8446 * 8447 * usetime 8448 * v expire expire 8449 * -----+-----+--------+---> t 8450 * <--------------> HARD 8451 * <-----> SOFT 8452 */ 8453 if (sav->firstused == 0) 8454 sav->firstused = time_second; 8455 } 8456 8457 /* 8458 * Take one of the kernel's security keys and convert it into a PF_KEY 8459 * structure within an mbuf, suitable for sending up to a waiting 8460 * application in user land. 8461 * 8462 * IN: 8463 * src: A pointer to a kernel security key. 8464 * exttype: Which type of key this is. Refer to the PF_KEY data structures. 8465 * OUT: 8466 * a valid mbuf or NULL indicating an error 8467 * 8468 */ 8469 8470 static struct mbuf * 8471 key_setkey(struct seckey *src, uint16_t exttype) 8472 { 8473 struct mbuf *m; 8474 struct sadb_key *p; 8475 int len; 8476 8477 if (src == NULL) 8478 return NULL; 8479 8480 len = PFKEY_ALIGN8(sizeof(struct sadb_key) + _KEYLEN(src)); 8481 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8482 if (m == NULL) 8483 return NULL; 8484 m_align(m, len); 8485 m->m_len = len; 8486 p = mtod(m, struct sadb_key *); 8487 bzero(p, len); 8488 p->sadb_key_len = PFKEY_UNIT64(len); 8489 p->sadb_key_exttype = exttype; 8490 p->sadb_key_bits = src->bits; 8491 bcopy(src->key_data, _KEYBUF(p), _KEYLEN(src)); 8492 8493 return m; 8494 } 8495 8496 /* 8497 * Take one of the kernel's lifetime data structures and convert it 8498 * into a PF_KEY structure within an mbuf, suitable for sending up to 8499 * a waiting application in user land. 8500 * 8501 * IN: 8502 * src: A pointer to a kernel lifetime structure. 8503 * exttype: Which type of lifetime this is. Refer to the PF_KEY 8504 * data structures for more information. 8505 * OUT: 8506 * a valid mbuf or NULL indicating an error 8507 * 8508 */ 8509 8510 static struct mbuf * 8511 key_setlifetime(struct seclifetime *src, uint16_t exttype) 8512 { 8513 struct mbuf *m = NULL; 8514 struct sadb_lifetime *p; 8515 int len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime)); 8516 8517 if (src == NULL) 8518 return NULL; 8519 8520 m = m_get2(len, M_NOWAIT, MT_DATA, 0); 8521 if (m == NULL) 8522 return m; 8523 m_align(m, len); 8524 m->m_len = len; 8525 p = mtod(m, struct sadb_lifetime *); 8526 8527 bzero(p, len); 8528 p->sadb_lifetime_len = PFKEY_UNIT64(len); 8529 p->sadb_lifetime_exttype = exttype; 8530 p->sadb_lifetime_allocations = src->allocations; 8531 p->sadb_lifetime_bytes = src->bytes; 8532 p->sadb_lifetime_addtime = src->addtime; 8533 p->sadb_lifetime_usetime = src->usetime; 8534 8535 return m; 8536 8537 } 8538 8539 const struct enc_xform * 8540 enc_algorithm_lookup(int alg) 8541 { 8542 int i; 8543 8544 for (i = 0; i < nitems(supported_ealgs); i++) 8545 if (alg == supported_ealgs[i].sadb_alg) 8546 return (supported_ealgs[i].xform); 8547 return (NULL); 8548 } 8549 8550 const struct auth_hash * 8551 auth_algorithm_lookup(int alg) 8552 { 8553 int i; 8554 8555 for (i = 0; i < nitems(supported_aalgs); i++) 8556 if (alg == supported_aalgs[i].sadb_alg) 8557 return (supported_aalgs[i].xform); 8558 return (NULL); 8559 } 8560 8561 const struct comp_algo * 8562 comp_algorithm_lookup(int alg) 8563 { 8564 int i; 8565 8566 for (i = 0; i < nitems(supported_calgs); i++) 8567 if (alg == supported_calgs[i].sadb_alg) 8568 return (supported_calgs[i].xform); 8569 return (NULL); 8570 } 8571