FreeBSD/Linux Kernel Cross Reference
sys/netipsec/key.c
1 /* $FreeBSD$ */
2 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
3
4 /*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 /*
34 * This code is referd to RFC 2367
35 */
36
37 #include "opt_inet.h"
38 #include "opt_inet6.h"
39 #include "opt_ipsec.h"
40
41 #include <sys/types.h>
42 #include <sys/param.h>
43 #include <sys/systm.h>
44 #include <sys/kernel.h>
45 #include <sys/mbuf.h>
46 #include <sys/domain.h>
47 #include <sys/protosw.h>
48 #include <sys/malloc.h>
49 #include <sys/socket.h>
50 #include <sys/socketvar.h>
51 #include <sys/sysctl.h>
52 #include <sys/errno.h>
53 #include <sys/proc.h>
54 #include <sys/queue.h>
55 #include <sys/syslog.h>
56
57 #include <net/if.h>
58 #include <net/route.h>
59 #include <net/raw_cb.h>
60
61 #include <netinet/in.h>
62 #include <netinet/in_systm.h>
63 #include <netinet/ip.h>
64 #include <netinet/in_var.h>
65
66 #ifdef INET6
67 #include <netinet/ip6.h>
68 #include <netinet6/in6_var.h>
69 #include <netinet6/ip6_var.h>
70 #endif /* INET6 */
71
72 #ifdef INET
73 #include <netinet/in_pcb.h>
74 #endif
75 #ifdef INET6
76 #include <netinet6/in6_pcb.h>
77 #endif /* INET6 */
78
79 #include <net/pfkeyv2.h>
80 #include <netipsec/keydb.h>
81 #include <netipsec/key.h>
82 #include <netipsec/keysock.h>
83 #include <netipsec/key_debug.h>
84
85 #include <netipsec/ipsec.h>
86 #ifdef INET6
87 #include <netipsec/ipsec6.h>
88 #endif
89
90 #include <netipsec/xform.h>
91
92 #include <machine/stdarg.h>
93
94 /* randomness */
95 #include <sys/random.h>
96
97 #include <net/net_osdep.h>
98
99 #define FULLMASK 0xff
100 #define _BITS(bytes) ((bytes) << 3)
101
102 /*
103 * Note on SA reference counting:
104 * - SAs that are not in DEAD state will have (total external reference + 1)
105 * following value in reference count field. they cannot be freed and are
106 * referenced from SA header.
107 * - SAs that are in DEAD state will have (total external reference)
108 * in reference count field. they are ready to be freed. reference from
109 * SA header will be removed in key_delsav(), when the reference count
110 * field hits 0 (= no external reference other than from SA header.
111 */
112
113 u_int32_t key_debug_level = 0;
114 static u_int key_spi_trycnt = 1000;
115 static u_int32_t key_spi_minval = 0x100;
116 static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */
117 static u_int32_t policy_id = 0;
118 static u_int key_int_random = 60; /*interval to initialize randseed,1(m)*/
119 static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/
120 static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/
121 static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/
122 static int key_prefered_oldsa = 1; /* prefered old sa rather than new sa.*/
123
124 static u_int32_t acq_seq = 0;
125 static int key_tick_init_random = 0;
126
127 static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD */
128 static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */
129 static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1];
130 /* registed list */
131 #ifndef IPSEC_NONBLOCK_ACQUIRE
132 static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */
133 #endif
134 static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */
135
136 /* search order for SAs */
137 static u_int saorder_state_valid[] = {
138 SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
139 /*
140 * This order is important because we must select the oldest SA
141 * for outbound processing. For inbound, This is not important.
142 */
143 };
144 static u_int saorder_state_alive[] = {
145 /* except DEAD */
146 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
147 };
148 static u_int saorder_state_any[] = {
149 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
150 SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
151 };
152
153 static const int minsize[] = {
154 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
155 sizeof(struct sadb_sa), /* SADB_EXT_SA */
156 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
157 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
158 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
159 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */
160 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */
161 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */
162 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */
163 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */
164 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */
165 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */
166 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */
167 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */
168 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */
169 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */
170 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
171 0, /* SADB_X_EXT_KMPRIVATE */
172 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */
173 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
174 };
175 static const int maxsize[] = {
176 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
177 sizeof(struct sadb_sa), /* SADB_EXT_SA */
178 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
179 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
180 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
181 0, /* SADB_EXT_ADDRESS_SRC */
182 0, /* SADB_EXT_ADDRESS_DST */
183 0, /* SADB_EXT_ADDRESS_PROXY */
184 0, /* SADB_EXT_KEY_AUTH */
185 0, /* SADB_EXT_KEY_ENCRYPT */
186 0, /* SADB_EXT_IDENTITY_SRC */
187 0, /* SADB_EXT_IDENTITY_DST */
188 0, /* SADB_EXT_SENSITIVITY */
189 0, /* SADB_EXT_PROPOSAL */
190 0, /* SADB_EXT_SUPPORTED_AUTH */
191 0, /* SADB_EXT_SUPPORTED_ENCRYPT */
192 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
193 0, /* SADB_X_EXT_KMPRIVATE */
194 0, /* SADB_X_EXT_POLICY */
195 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
196 };
197
198 static int ipsec_esp_keymin = 256;
199 static int ipsec_esp_auth = 0;
200 static int ipsec_ah_keymin = 128;
201
202 #ifdef SYSCTL_DECL
203 SYSCTL_DECL(_net_key);
204 #endif
205
206 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW, \
207 &key_debug_level, 0, "");
208
209 /* max count of trial for the decision of spi value */
210 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \
211 &key_spi_trycnt, 0, "");
212
213 /* minimum spi value to allocate automatically. */
214 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \
215 &key_spi_minval, 0, "");
216
217 /* maximun spi value to allocate automatically. */
218 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \
219 &key_spi_maxval, 0, "");
220
221 /* interval to initialize randseed */
222 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \
223 &key_int_random, 0, "");
224
225 /* lifetime for larval SA */
226 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \
227 &key_larval_lifetime, 0, "");
228
229 /* counter for blocking to send SADB_ACQUIRE to IKEd */
230 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \
231 &key_blockacq_count, 0, "");
232
233 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
234 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \
235 &key_blockacq_lifetime, 0, "");
236
237 /* ESP auth */
238 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \
239 &ipsec_esp_auth, 0, "");
240
241 /* minimum ESP key length */
242 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \
243 &ipsec_esp_keymin, 0, "");
244
245 /* minimum AH key length */
246 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \
247 &ipsec_ah_keymin, 0, "");
248
249 /* perfered old SA rather than new SA */
250 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, prefered_oldsa, CTLFLAG_RW,\
251 &key_prefered_oldsa, 0, "");
252
253 #ifndef LIST_FOREACH
254 #define LIST_FOREACH(elm, head, field) \
255 for (elm = LIST_FIRST(head); elm; elm = LIST_NEXT(elm, field))
256 #endif
257 #define __LIST_CHAINED(elm) \
258 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
259 #define LIST_INSERT_TAIL(head, elm, type, field) \
260 do {\
261 struct type *curelm = LIST_FIRST(head); \
262 if (curelm == NULL) {\
263 LIST_INSERT_HEAD(head, elm, field); \
264 } else { \
265 while (LIST_NEXT(curelm, field)) \
266 curelm = LIST_NEXT(curelm, field);\
267 LIST_INSERT_AFTER(curelm, elm, field);\
268 }\
269 } while (0)
270
271 #define KEY_CHKSASTATE(head, sav, name) \
272 do { \
273 if ((head) != (sav)) { \
274 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%d SA=%d)\n", \
275 (name), (head), (sav))); \
276 continue; \
277 } \
278 } while (0)
279
280 #define KEY_CHKSPDIR(head, sp, name) \
281 do { \
282 if ((head) != (sp)) { \
283 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%d SP=%d), " \
284 "anyway continue.\n", \
285 (name), (head), (sp))); \
286 } \
287 } while (0)
288
289 MALLOC_DEFINE(M_SECA, "key mgmt", "security associations, key management");
290
291 #if 1
292 #define KMALLOC(p, t, n) \
293 ((p) = (t) malloc((unsigned long)(n), M_SECA, M_NOWAIT))
294 #define KFREE(p) \
295 free((caddr_t)(p), M_SECA)
296 #else
297 #define KMALLOC(p, t, n) \
298 do { \
299 ((p) = (t)malloc((unsigned long)(n), M_SECA, M_NOWAIT)); \
300 printf("%s %d: %p <- KMALLOC(%s, %d)\n", \
301 __FILE__, __LINE__, (p), #t, n); \
302 } while (0)
303
304 #define KFREE(p) \
305 do { \
306 printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p)); \
307 free((caddr_t)(p), M_SECA); \
308 } while (0)
309 #endif
310
311 /*
312 * set parameters into secpolicyindex buffer.
313 * Must allocate secpolicyindex buffer passed to this function.
314 */
315 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \
316 do { \
317 bzero((idx), sizeof(struct secpolicyindex)); \
318 (idx)->dir = (_dir); \
319 (idx)->prefs = (ps); \
320 (idx)->prefd = (pd); \
321 (idx)->ul_proto = (ulp); \
322 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \
323 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \
324 } while (0)
325
326 /*
327 * set parameters into secasindex buffer.
328 * Must allocate secasindex buffer before calling this function.
329 */
330 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \
331 do { \
332 bzero((idx), sizeof(struct secasindex)); \
333 (idx)->proto = (p); \
334 (idx)->mode = (m); \
335 (idx)->reqid = (r); \
336 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \
337 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \
338 } while (0)
339
340 /* key statistics */
341 struct _keystat {
342 u_long getspi_count; /* the avarage of count to try to get new SPI */
343 } keystat;
344
345 struct sadb_msghdr {
346 struct sadb_msg *msg;
347 struct sadb_ext *ext[SADB_EXT_MAX + 1];
348 int extoff[SADB_EXT_MAX + 1];
349 int extlen[SADB_EXT_MAX + 1];
350 };
351
352 static struct secasvar *key_allocsa_policy __P((const struct secasindex *));
353 static void key_freesp_so __P((struct secpolicy **));
354 static struct secasvar *key_do_allocsa_policy __P((struct secashead *, u_int));
355 static void key_delsp __P((struct secpolicy *));
356 static struct secpolicy *key_getsp __P((struct secpolicyindex *));
357 static struct secpolicy *key_getspbyid __P((u_int32_t));
358 static u_int32_t key_newreqid __P((void));
359 static struct mbuf *key_gather_mbuf __P((struct mbuf *,
360 const struct sadb_msghdr *, int, int, ...));
361 static int key_spdadd __P((struct socket *, struct mbuf *,
362 const struct sadb_msghdr *));
363 static u_int32_t key_getnewspid __P((void));
364 static int key_spddelete __P((struct socket *, struct mbuf *,
365 const struct sadb_msghdr *));
366 static int key_spddelete2 __P((struct socket *, struct mbuf *,
367 const struct sadb_msghdr *));
368 static int key_spdget __P((struct socket *, struct mbuf *,
369 const struct sadb_msghdr *));
370 static int key_spdflush __P((struct socket *, struct mbuf *,
371 const struct sadb_msghdr *));
372 static int key_spddump __P((struct socket *, struct mbuf *,
373 const struct sadb_msghdr *));
374 static struct mbuf *key_setdumpsp __P((struct secpolicy *,
375 u_int8_t, u_int32_t, u_int32_t));
376 static u_int key_getspreqmsglen __P((struct secpolicy *));
377 static int key_spdexpire __P((struct secpolicy *));
378 static struct secashead *key_newsah __P((struct secasindex *));
379 static void key_delsah __P((struct secashead *));
380 static struct secasvar *key_newsav __P((struct mbuf *,
381 const struct sadb_msghdr *, struct secashead *, int *,
382 const char*, int));
383 #define KEY_NEWSAV(m, sadb, sah, e) \
384 key_newsav(m, sadb, sah, e, __FILE__, __LINE__)
385 static void key_delsav __P((struct secasvar *));
386 static struct secashead *key_getsah __P((struct secasindex *));
387 static struct secasvar *key_checkspidup __P((struct secasindex *, u_int32_t));
388 static struct secasvar *key_getsavbyspi __P((struct secashead *, u_int32_t));
389 static int key_setsaval __P((struct secasvar *, struct mbuf *,
390 const struct sadb_msghdr *));
391 static int key_mature __P((struct secasvar *));
392 static struct mbuf *key_setdumpsa __P((struct secasvar *, u_int8_t,
393 u_int8_t, u_int32_t, u_int32_t));
394 static struct mbuf *key_setsadbmsg __P((u_int8_t, u_int16_t, u_int8_t,
395 u_int32_t, pid_t, u_int16_t));
396 static struct mbuf *key_setsadbsa __P((struct secasvar *));
397 static struct mbuf *key_setsadbaddr __P((u_int16_t,
398 const struct sockaddr *, u_int8_t, u_int16_t));
399 #if 0
400 static struct mbuf *key_setsadbident __P((u_int16_t, u_int16_t, caddr_t,
401 int, u_int64_t));
402 #endif
403 static struct mbuf *key_setsadbxsa2 __P((u_int8_t, u_int32_t, u_int32_t));
404 static struct mbuf *key_setsadbxpolicy __P((u_int16_t, u_int8_t,
405 u_int32_t));
406 static void *key_newbuf __P((const void *, u_int));
407 #ifdef INET6
408 static int key_ismyaddr6 __P((struct sockaddr_in6 *));
409 #endif
410
411 /* flags for key_cmpsaidx() */
412 #define CMP_HEAD 1 /* protocol, addresses. */
413 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */
414 #define CMP_REQID 3 /* additionally HEAD, reaid. */
415 #define CMP_EXACTLY 4 /* all elements. */
416 static int key_cmpsaidx
417 __P((const struct secasindex *, const struct secasindex *, int));
418
419 static int key_cmpspidx_exactly
420 __P((struct secpolicyindex *, struct secpolicyindex *));
421 static int key_cmpspidx_withmask
422 __P((struct secpolicyindex *, struct secpolicyindex *));
423 static int key_sockaddrcmp __P((const struct sockaddr *, const struct sockaddr *, int));
424 static int key_bbcmp __P((const void *, const void *, u_int));
425 static void key_srandom __P((void));
426 static u_int16_t key_satype2proto __P((u_int8_t));
427 static u_int8_t key_proto2satype __P((u_int16_t));
428
429 static int key_getspi __P((struct socket *, struct mbuf *,
430 const struct sadb_msghdr *));
431 static u_int32_t key_do_getnewspi __P((struct sadb_spirange *,
432 struct secasindex *));
433 static int key_update __P((struct socket *, struct mbuf *,
434 const struct sadb_msghdr *));
435 #ifdef IPSEC_DOSEQCHECK
436 static struct secasvar *key_getsavbyseq __P((struct secashead *, u_int32_t));
437 #endif
438 static int key_add __P((struct socket *, struct mbuf *,
439 const struct sadb_msghdr *));
440 static int key_setident __P((struct secashead *, struct mbuf *,
441 const struct sadb_msghdr *));
442 static struct mbuf *key_getmsgbuf_x1 __P((struct mbuf *,
443 const struct sadb_msghdr *));
444 static int key_delete __P((struct socket *, struct mbuf *,
445 const struct sadb_msghdr *));
446 static int key_get __P((struct socket *, struct mbuf *,
447 const struct sadb_msghdr *));
448
449 static void key_getcomb_setlifetime __P((struct sadb_comb *));
450 static struct mbuf *key_getcomb_esp __P((void));
451 static struct mbuf *key_getcomb_ah __P((void));
452 static struct mbuf *key_getcomb_ipcomp __P((void));
453 static struct mbuf *key_getprop __P((const struct secasindex *));
454
455 static int key_acquire __P((const struct secasindex *, struct secpolicy *));
456 #ifndef IPSEC_NONBLOCK_ACQUIRE
457 static struct secacq *key_newacq __P((const struct secasindex *));
458 static struct secacq *key_getacq __P((const struct secasindex *));
459 static struct secacq *key_getacqbyseq __P((u_int32_t));
460 #endif
461 static struct secspacq *key_newspacq __P((struct secpolicyindex *));
462 static struct secspacq *key_getspacq __P((struct secpolicyindex *));
463 static int key_acquire2 __P((struct socket *, struct mbuf *,
464 const struct sadb_msghdr *));
465 static int key_register __P((struct socket *, struct mbuf *,
466 const struct sadb_msghdr *));
467 static int key_expire __P((struct secasvar *));
468 static int key_flush __P((struct socket *, struct mbuf *,
469 const struct sadb_msghdr *));
470 static int key_dump __P((struct socket *, struct mbuf *,
471 const struct sadb_msghdr *));
472 static int key_promisc __P((struct socket *, struct mbuf *,
473 const struct sadb_msghdr *));
474 static int key_senderror __P((struct socket *, struct mbuf *, int));
475 static int key_validate_ext __P((const struct sadb_ext *, int));
476 static int key_align __P((struct mbuf *, struct sadb_msghdr *));
477 #if 0
478 static const char *key_getfqdn __P((void));
479 static const char *key_getuserfqdn __P((void));
480 #endif
481 static void key_sa_chgstate __P((struct secasvar *, u_int8_t));
482 static struct mbuf *key_alloc_mbuf __P((int));
483
484 #define SA_ADDREF(p) do { \
485 (p)->refcnt++; \
486 KASSERT((p)->refcnt != 0, \
487 ("SA refcnt overflow at %s:%u", __FILE__, __LINE__)); \
488 } while (0)
489 #define SA_DELREF(p) do { \
490 KASSERT((p)->refcnt > 0, \
491 ("SA refcnt underflow at %s:%u", __FILE__, __LINE__)); \
492 (p)->refcnt--; \
493 } while (0)
494
495 #define SP_ADDREF(p) do { \
496 (p)->refcnt++; \
497 KASSERT((p)->refcnt != 0, \
498 ("SP refcnt overflow at %s:%u", __FILE__, __LINE__)); \
499 } while (0)
500 #define SP_DELREF(p) do { \
501 KASSERT((p)->refcnt > 0, \
502 ("SP refcnt underflow at %s:%u", __FILE__, __LINE__)); \
503 (p)->refcnt--; \
504 } while (0)
505
506 /*
507 * Return 0 when there are known to be no SP's for the specified
508 * direction. Otherwise return 1. This is used by IPsec code
509 * to optimize performance.
510 */
511 int
512 key_havesp(u_int dir)
513 {
514 return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ?
515 LIST_FIRST(&sptree[dir]) != NULL : 1);
516 }
517
518 /* %%% IPsec policy management */
519 /*
520 * allocating a SP for OUTBOUND or INBOUND packet.
521 * Must call key_freesp() later.
522 * OUT: NULL: not found
523 * others: found and return the pointer.
524 */
525 struct secpolicy *
526 key_allocsp(struct secpolicyindex *spidx, u_int dir, const char* where, int tag)
527 {
528 struct secpolicy *sp;
529 int s;
530
531 KASSERT(spidx != NULL, ("key_allocsp: null spidx"));
532 KASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
533 ("key_allocsp: invalid direction %u", dir));
534
535 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
536 printf("DP key_allocsp from %s:%u\n", where, tag));
537
538 /* get a SP entry */
539 s = splnet(); /*called from softclock()*/
540 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
541 printf("*** objects\n");
542 kdebug_secpolicyindex(spidx));
543
544 LIST_FOREACH(sp, &sptree[dir], chain) {
545 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
546 printf("*** in SPD\n");
547 kdebug_secpolicyindex(&sp->spidx));
548
549 if (sp->state == IPSEC_SPSTATE_DEAD)
550 continue;
551 if (key_cmpspidx_withmask(&sp->spidx, spidx))
552 goto found;
553 }
554 sp = NULL;
555 found:
556 if (sp) {
557 /* sanity check */
558 KEY_CHKSPDIR(sp->spidx.dir, dir, "key_allocsp");
559
560 /* found a SPD entry */
561 sp->lastused = time_second;
562 SP_ADDREF(sp);
563 }
564 splx(s);
565
566 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
567 printf("DP key_allocsp return SP:%p (ID=%u) refcnt %u\n",
568 sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
569 return sp;
570 }
571
572 /*
573 * allocating a SP for OUTBOUND or INBOUND packet.
574 * Must call key_freesp() later.
575 * OUT: NULL: not found
576 * others: found and return the pointer.
577 */
578 struct secpolicy *
579 key_allocsp2(u_int32_t spi,
580 union sockaddr_union *dst,
581 u_int8_t proto,
582 u_int dir,
583 const char* where, int tag)
584 {
585 struct secpolicy *sp;
586 int s;
587
588 KASSERT(dst != NULL, ("key_allocsp2: null dst"));
589 KASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND,
590 ("key_allocsp2: invalid direction %u", dir));
591
592 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
593 printf("DP key_allocsp2 from %s:%u\n", where, tag));
594
595 /* get a SP entry */
596 s = splnet(); /*called from softclock()*/
597 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
598 printf("*** objects\n");
599 printf("spi %u proto %u dir %u\n", spi, proto, dir);
600 kdebug_sockaddr(&dst->sa));
601
602 LIST_FOREACH(sp, &sptree[dir], chain) {
603 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
604 printf("*** in SPD\n");
605 kdebug_secpolicyindex(&sp->spidx));
606
607 if (sp->state == IPSEC_SPSTATE_DEAD)
608 continue;
609 /* compare simple values, then dst address */
610 if (sp->spidx.ul_proto != proto)
611 continue;
612 /* NB: spi's must exist and match */
613 if (!sp->req || !sp->req->sav || sp->req->sav->spi != spi)
614 continue;
615 if (key_sockaddrcmp(&sp->spidx.dst.sa, &dst->sa, 1) == 0)
616 goto found;
617 }
618 sp = NULL;
619 found:
620 if (sp) {
621 /* sanity check */
622 KEY_CHKSPDIR(sp->spidx.dir, dir, "key_allocsp2");
623
624 /* found a SPD entry */
625 sp->lastused = time_second;
626 SP_ADDREF(sp);
627 }
628 splx(s);
629
630 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
631 printf("DP key_allocsp2 return SP:%p (ID=%u) refcnt %u\n",
632 sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
633 return sp;
634 }
635
636 /*
637 * return a policy that matches this particular inbound packet.
638 * XXX slow
639 */
640 struct secpolicy *
641 key_gettunnel(const struct sockaddr *osrc,
642 const struct sockaddr *odst,
643 const struct sockaddr *isrc,
644 const struct sockaddr *idst,
645 const char* where, int tag)
646 {
647 struct secpolicy *sp;
648 const int dir = IPSEC_DIR_INBOUND;
649 int s;
650 struct ipsecrequest *r1, *r2, *p;
651 struct secpolicyindex spidx;
652
653 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
654 printf("DP key_gettunnel from %s:%u\n", where, tag));
655
656 if (isrc->sa_family != idst->sa_family) {
657 ipseclog((LOG_ERR, "protocol family mismatched %d != %d\n.",
658 isrc->sa_family, idst->sa_family));
659 sp = NULL;
660 goto done;
661 }
662
663 s = splnet(); /*called from softclock()*/
664 LIST_FOREACH(sp, &sptree[dir], chain) {
665 if (sp->state == IPSEC_SPSTATE_DEAD)
666 continue;
667
668 r1 = r2 = NULL;
669 for (p = sp->req; p; p = p->next) {
670 if (p->saidx.mode != IPSEC_MODE_TUNNEL)
671 continue;
672
673 r1 = r2;
674 r2 = p;
675
676 if (!r1) {
677 /* here we look at address matches only */
678 spidx = sp->spidx;
679 if (isrc->sa_len > sizeof(spidx.src) ||
680 idst->sa_len > sizeof(spidx.dst))
681 continue;
682 bcopy(isrc, &spidx.src, isrc->sa_len);
683 bcopy(idst, &spidx.dst, idst->sa_len);
684 if (!key_cmpspidx_withmask(&sp->spidx, &spidx))
685 continue;
686 } else {
687 if (key_sockaddrcmp(&r1->saidx.src.sa, isrc, 0) ||
688 key_sockaddrcmp(&r1->saidx.dst.sa, idst, 0))
689 continue;
690 }
691
692 if (key_sockaddrcmp(&r2->saidx.src.sa, osrc, 0) ||
693 key_sockaddrcmp(&r2->saidx.dst.sa, odst, 0))
694 continue;
695
696 goto found;
697 }
698 }
699 sp = NULL;
700 found:
701 if (sp) {
702 sp->lastused = time_second;
703 SP_ADDREF(sp);
704 }
705 splx(s);
706 done:
707 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
708 printf("DP key_gettunnel return SP:%p (ID=%u) refcnt %u\n",
709 sp, sp ? sp->id : 0, sp ? sp->refcnt : 0));
710 return sp;
711 }
712
713 /*
714 * allocating an SA entry for an *OUTBOUND* packet.
715 * checking each request entries in SP, and acquire an SA if need.
716 * OUT: 0: there are valid requests.
717 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
718 */
719 int
720 key_checkrequest(struct ipsecrequest *isr, const struct secasindex *saidx)
721 {
722 u_int level;
723 int error;
724
725 KASSERT(isr != NULL, ("key_checkrequest: null isr"));
726 KASSERT(saidx != NULL, ("key_checkrequest: null saidx"));
727 KASSERT(saidx->mode == IPSEC_MODE_TRANSPORT ||
728 saidx->mode == IPSEC_MODE_TUNNEL,
729 ("key_checkrequest: unexpected policy %u", saidx->mode));
730
731 /* get current level */
732 level = ipsec_get_reqlevel(isr);
733
734 /*
735 * XXX guard against protocol callbacks from the crypto
736 * thread as they reference ipsecrequest.sav which we
737 * temporarily null out below. Need to rethink how we
738 * handle bundled SA's in the callback thread.
739 */
740 SPLASSERT(net, "key_checkrequest");
741 #if 0
742 /*
743 * We do allocate new SA only if the state of SA in the holder is
744 * SADB_SASTATE_DEAD. The SA for outbound must be the oldest.
745 */
746 if (isr->sav != NULL) {
747 if (isr->sav->sah == NULL)
748 panic("key_checkrequest: sah is null.\n");
749 if (isr->sav == (struct secasvar *)LIST_FIRST(
750 &isr->sav->sah->savtree[SADB_SASTATE_DEAD])) {
751 KEY_FREESAV(&isr->sav);
752 isr->sav = NULL;
753 }
754 }
755 #else
756 /*
757 * we free any SA stashed in the IPsec request because a different
758 * SA may be involved each time this request is checked, either
759 * because new SAs are being configured, or this request is
760 * associated with an unconnected datagram socket, or this request
761 * is associated with a system default policy.
762 *
763 * The operation may have negative impact to performance. We may
764 * want to check cached SA carefully, rather than picking new SA
765 * every time.
766 */
767 if (isr->sav != NULL) {
768 KEY_FREESAV(&isr->sav);
769 isr->sav = NULL;
770 }
771 #endif
772
773 /*
774 * new SA allocation if no SA found.
775 * key_allocsa_policy should allocate the oldest SA available.
776 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
777 */
778 if (isr->sav == NULL)
779 isr->sav = key_allocsa_policy(saidx);
780
781 /* When there is SA. */
782 if (isr->sav != NULL) {
783 if (isr->sav->state != SADB_SASTATE_MATURE &&
784 isr->sav->state != SADB_SASTATE_DYING)
785 return EINVAL;
786 return 0;
787 }
788
789 /* there is no SA */
790 error = key_acquire(saidx, isr->sp);
791 if (error != 0) {
792 /* XXX What should I do ? */
793 ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned "
794 "from key_acquire.\n", error));
795 return error;
796 }
797
798 if (level != IPSEC_LEVEL_REQUIRE) {
799 /* XXX sigh, the interface to this routine is botched */
800 KASSERT(isr->sav == NULL, ("key_checkrequest: unexpected SA"));
801 return 0;
802 } else {
803 return ENOENT;
804 }
805 }
806
807 /*
808 * allocating a SA for policy entry from SAD.
809 * NOTE: searching SAD of aliving state.
810 * OUT: NULL: not found.
811 * others: found and return the pointer.
812 */
813 static struct secasvar *
814 key_allocsa_policy(const struct secasindex *saidx)
815 {
816 struct secashead *sah;
817 struct secasvar *sav;
818 u_int stateidx, state;
819
820 LIST_FOREACH(sah, &sahtree, chain) {
821 if (sah->state == SADB_SASTATE_DEAD)
822 continue;
823 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
824 goto found;
825 }
826
827 return NULL;
828
829 found:
830
831 /* search valid state */
832 for (stateidx = 0;
833 stateidx < _ARRAYLEN(saorder_state_valid);
834 stateidx++) {
835
836 state = saorder_state_valid[stateidx];
837
838 sav = key_do_allocsa_policy(sah, state);
839 if (sav != NULL)
840 return sav;
841 }
842
843 return NULL;
844 }
845
846 /*
847 * searching SAD with direction, protocol, mode and state.
848 * called by key_allocsa_policy().
849 * OUT:
850 * NULL : not found
851 * others : found, pointer to a SA.
852 */
853 static struct secasvar *
854 key_do_allocsa_policy(struct secashead *sah, u_int state)
855 {
856 struct secasvar *sav, *nextsav, *candidate, *d;
857
858 /* initilize */
859 candidate = NULL;
860
861 for (sav = LIST_FIRST(&sah->savtree[state]);
862 sav != NULL;
863 sav = nextsav) {
864
865 nextsav = LIST_NEXT(sav, chain);
866
867 /* sanity check */
868 KEY_CHKSASTATE(sav->state, state, "key_do_allocsa_policy");
869
870 /* initialize */
871 if (candidate == NULL) {
872 candidate = sav;
873 continue;
874 }
875
876 /* Which SA is the better ? */
877
878 /* sanity check 2 */
879 if (candidate->lft_c == NULL || sav->lft_c == NULL)
880 panic("key_do_allocsa_policy: "
881 "lifetime_current is NULL.\n");
882
883 /* What the best method is to compare ? */
884 if (key_prefered_oldsa) {
885 if (candidate->lft_c->sadb_lifetime_addtime >
886 sav->lft_c->sadb_lifetime_addtime) {
887 candidate = sav;
888 }
889 continue;
890 /*NOTREACHED*/
891 }
892
893 /* prefered new sa rather than old sa */
894 if (candidate->lft_c->sadb_lifetime_addtime <
895 sav->lft_c->sadb_lifetime_addtime) {
896 d = candidate;
897 candidate = sav;
898 } else
899 d = sav;
900
901 /*
902 * prepared to delete the SA when there is more
903 * suitable candidate and the lifetime of the SA is not
904 * permanent.
905 */
906 if (d->lft_c->sadb_lifetime_addtime != 0) {
907 struct mbuf *m, *result;
908
909 key_sa_chgstate(d, SADB_SASTATE_DEAD);
910
911 KASSERT(d->refcnt > 0,
912 ("key_do_allocsa_policy: bogus ref count"));
913 m = key_setsadbmsg(SADB_DELETE, 0,
914 d->sah->saidx.proto, 0, 0, d->refcnt - 1);
915 if (!m)
916 goto msgfail;
917 result = m;
918
919 /* set sadb_address for saidx's. */
920 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
921 &d->sah->saidx.src.sa,
922 d->sah->saidx.src.sa.sa_len << 3,
923 IPSEC_ULPROTO_ANY);
924 if (!m)
925 goto msgfail;
926 m_cat(result, m);
927
928 /* set sadb_address for saidx's. */
929 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
930 &d->sah->saidx.src.sa,
931 d->sah->saidx.src.sa.sa_len << 3,
932 IPSEC_ULPROTO_ANY);
933 if (!m)
934 goto msgfail;
935 m_cat(result, m);
936
937 /* create SA extension */
938 m = key_setsadbsa(d);
939 if (!m)
940 goto msgfail;
941 m_cat(result, m);
942
943 if (result->m_len < sizeof(struct sadb_msg)) {
944 result = m_pullup(result,
945 sizeof(struct sadb_msg));
946 if (result == NULL)
947 goto msgfail;
948 }
949
950 result->m_pkthdr.len = 0;
951 for (m = result; m; m = m->m_next)
952 result->m_pkthdr.len += m->m_len;
953 mtod(result, struct sadb_msg *)->sadb_msg_len =
954 PFKEY_UNIT64(result->m_pkthdr.len);
955
956 if (key_sendup_mbuf(NULL, result,
957 KEY_SENDUP_REGISTERED))
958 goto msgfail;
959 msgfail:
960 KEY_FREESAV(&d);
961 }
962 }
963
964 if (candidate) {
965 SA_ADDREF(candidate);
966 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
967 printf("DP allocsa_policy cause "
968 "refcnt++:%d SA:%p\n",
969 candidate->refcnt, candidate));
970 }
971 return candidate;
972 }
973
974 /*
975 * allocating a usable SA entry for a *INBOUND* packet.
976 * Must call key_freesav() later.
977 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state).
978 * NULL: not found, or error occured.
979 *
980 * In the comparison, no source address is used--for RFC2401 conformance.
981 * To quote, from section 4.1:
982 * A security association is uniquely identified by a triple consisting
983 * of a Security Parameter Index (SPI), an IP Destination Address, and a
984 * security protocol (AH or ESP) identifier.
985 * Note that, however, we do need to keep source address in IPsec SA.
986 * IKE specification and PF_KEY specification do assume that we
987 * keep source address in IPsec SA. We see a tricky situation here.
988 */
989 struct secasvar *
990 key_allocsa(
991 union sockaddr_union *dst,
992 u_int proto,
993 u_int32_t spi,
994 const char* where, int tag)
995 {
996 struct secashead *sah;
997 struct secasvar *sav;
998 u_int stateidx, state;
999 int s;
1000
1001 KASSERT(dst != NULL, ("key_allocsa: null dst address"));
1002
1003 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1004 printf("DP key_allocsa from %s:%u\n", where, tag));
1005
1006 /*
1007 * searching SAD.
1008 * XXX: to be checked internal IP header somewhere. Also when
1009 * IPsec tunnel packet is received. But ESP tunnel mode is
1010 * encrypted so we can't check internal IP header.
1011 */
1012 s = splnet(); /*called from softclock()*/
1013 LIST_FOREACH(sah, &sahtree, chain) {
1014 /* search valid state */
1015 for (stateidx = 0;
1016 stateidx < _ARRAYLEN(saorder_state_valid);
1017 stateidx++) {
1018 state = saorder_state_valid[stateidx];
1019 LIST_FOREACH(sav, &sah->savtree[state], chain) {
1020 /* sanity check */
1021 KEY_CHKSASTATE(sav->state, state, "key_allocsav");
1022 /* do not return entries w/ unusable state */
1023 if (sav->state != SADB_SASTATE_MATURE &&
1024 sav->state != SADB_SASTATE_DYING)
1025 continue;
1026 if (proto != sav->sah->saidx.proto)
1027 continue;
1028 if (spi != sav->spi)
1029 continue;
1030 #if 0 /* don't check src */
1031 /* check src address */
1032 if (key_sockaddrcmp(&src->sa, &sav->sah->saidx.src.sa, 0) != 0)
1033 continue;
1034 #endif
1035 /* check dst address */
1036 if (key_sockaddrcmp(&dst->sa, &sav->sah->saidx.dst.sa, 0) != 0)
1037 continue;
1038 SA_ADDREF(sav);
1039 goto done;
1040 }
1041 }
1042 }
1043 sav = NULL;
1044 done:
1045 splx(s);
1046
1047 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1048 printf("DP key_allocsa return SA:%p; refcnt %u\n",
1049 sav, sav ? sav->refcnt : 0));
1050 return sav;
1051 }
1052
1053 /*
1054 * Must be called after calling key_allocsp().
1055 * For both the packet without socket and key_freeso().
1056 */
1057 void
1058 _key_freesp(struct secpolicy **spp, const char* where, int tag)
1059 {
1060 struct secpolicy *sp = *spp;
1061
1062 KASSERT(sp != NULL, ("key_freesp: null sp"));
1063
1064 SP_DELREF(sp);
1065
1066 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1067 printf("DP key_freesp SP:%p (ID=%u) from %s:%u; refcnt now %u\n",
1068 sp, sp->id, where, tag, sp->refcnt));
1069
1070 if (sp->refcnt == 0) {
1071 *spp = NULL;
1072 key_delsp(sp);
1073 }
1074 }
1075
1076 /*
1077 * Must be called after calling key_allocsp().
1078 * For the packet with socket.
1079 */
1080 void
1081 key_freeso(struct socket *so)
1082 {
1083 /* sanity check */
1084 KASSERT(so != NULL, ("key_freeso: null so"));
1085
1086 switch (so->so_proto->pr_domain->dom_family) {
1087 #ifdef INET
1088 case PF_INET:
1089 {
1090 struct inpcb *pcb = sotoinpcb(so);
1091
1092 /* Does it have a PCB ? */
1093 if (pcb == NULL)
1094 return;
1095 key_freesp_so(&pcb->inp_sp->sp_in);
1096 key_freesp_so(&pcb->inp_sp->sp_out);
1097 }
1098 break;
1099 #endif
1100 #ifdef INET6
1101 case PF_INET6:
1102 {
1103 #ifdef HAVE_NRL_INPCB
1104 struct inpcb *pcb = sotoinpcb(so);
1105
1106 /* Does it have a PCB ? */
1107 if (pcb == NULL)
1108 return;
1109 key_freesp_so(&pcb->inp_sp->sp_in);
1110 key_freesp_so(&pcb->inp_sp->sp_out);
1111 #else
1112 struct in6pcb *pcb = sotoin6pcb(so);
1113
1114 /* Does it have a PCB ? */
1115 if (pcb == NULL)
1116 return;
1117 key_freesp_so(&pcb->in6p_sp->sp_in);
1118 key_freesp_so(&pcb->in6p_sp->sp_out);
1119 #endif
1120 }
1121 break;
1122 #endif /* INET6 */
1123 default:
1124 ipseclog((LOG_DEBUG, "key_freeso: unknown address family=%d.\n",
1125 so->so_proto->pr_domain->dom_family));
1126 return;
1127 }
1128 }
1129
1130 static void
1131 key_freesp_so(struct secpolicy **sp)
1132 {
1133 KASSERT(sp != NULL && *sp != NULL, ("key_freesp_so: null sp"));
1134
1135 if ((*sp)->policy == IPSEC_POLICY_ENTRUST ||
1136 (*sp)->policy == IPSEC_POLICY_BYPASS)
1137 return;
1138
1139 KASSERT((*sp)->policy == IPSEC_POLICY_IPSEC,
1140 ("key_freesp_so: invalid policy %u", (*sp)->policy));
1141 KEY_FREESP(sp);
1142 }
1143
1144 /*
1145 * Must be called after calling key_allocsa().
1146 * This function is called by key_freesp() to free some SA allocated
1147 * for a policy.
1148 */
1149 void
1150 key_freesav(struct secasvar **psav, const char* where, int tag)
1151 {
1152 struct secasvar *sav = *psav;
1153
1154 KASSERT(sav != NULL, ("key_freesav: null sav"));
1155
1156 SA_DELREF(sav);
1157
1158 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1159 printf("DP key_freesav SA:%p (SPI %lu) from %s:%u; refcnt now %u\n",
1160 sav, ntohl(sav->spi), where, tag, sav->refcnt));
1161
1162 if (sav->refcnt == 0) {
1163 *psav = NULL;
1164 key_delsav(sav);
1165 }
1166 }
1167
1168 /* %%% SPD management */
1169 /*
1170 * free security policy entry.
1171 */
1172 static void
1173 key_delsp(struct secpolicy *sp)
1174 {
1175 int s;
1176
1177 KASSERT(sp != NULL, ("key_delsp: null sp"));
1178
1179 sp->state = IPSEC_SPSTATE_DEAD;
1180
1181 KASSERT(sp->refcnt == 0,
1182 ("key_delsp: SP with references deleted (refcnt %u)",
1183 sp->refcnt));
1184
1185 s = splnet(); /*called from softclock()*/
1186 /* remove from SP index */
1187 if (__LIST_CHAINED(sp))
1188 LIST_REMOVE(sp, chain);
1189
1190 {
1191 struct ipsecrequest *isr = sp->req, *nextisr;
1192
1193 while (isr != NULL) {
1194 if (isr->sav != NULL) {
1195 KEY_FREESAV(&isr->sav);
1196 isr->sav = NULL;
1197 }
1198
1199 nextisr = isr->next;
1200 KFREE(isr);
1201 isr = nextisr;
1202 }
1203 }
1204
1205 KFREE(sp);
1206
1207 splx(s);
1208 }
1209
1210 /*
1211 * search SPD
1212 * OUT: NULL : not found
1213 * others : found, pointer to a SP.
1214 */
1215 static struct secpolicy *
1216 key_getsp(struct secpolicyindex *spidx)
1217 {
1218 struct secpolicy *sp;
1219
1220 KASSERT(spidx != NULL, ("key_getsp: null spidx"));
1221
1222 LIST_FOREACH(sp, &sptree[spidx->dir], chain) {
1223 if (sp->state == IPSEC_SPSTATE_DEAD)
1224 continue;
1225 if (key_cmpspidx_exactly(spidx, &sp->spidx)) {
1226 SP_ADDREF(sp);
1227 return sp;
1228 }
1229 }
1230
1231 return NULL;
1232 }
1233
1234 /*
1235 * get SP by index.
1236 * OUT: NULL : not found
1237 * others : found, pointer to a SP.
1238 */
1239 static struct secpolicy *
1240 key_getspbyid(u_int32_t id)
1241 {
1242 struct secpolicy *sp;
1243
1244 LIST_FOREACH(sp, &sptree[IPSEC_DIR_INBOUND], chain) {
1245 if (sp->state == IPSEC_SPSTATE_DEAD)
1246 continue;
1247 if (sp->id == id) {
1248 SP_ADDREF(sp);
1249 return sp;
1250 }
1251 }
1252
1253 LIST_FOREACH(sp, &sptree[IPSEC_DIR_OUTBOUND], chain) {
1254 if (sp->state == IPSEC_SPSTATE_DEAD)
1255 continue;
1256 if (sp->id == id) {
1257 SP_ADDREF(sp);
1258 return sp;
1259 }
1260 }
1261
1262 return NULL;
1263 }
1264
1265 struct secpolicy *
1266 key_newsp(const char* where, int tag)
1267 {
1268 struct secpolicy *newsp = NULL;
1269
1270 newsp = (struct secpolicy *)
1271 malloc(sizeof(struct secpolicy), M_SECA, M_NOWAIT|M_ZERO);
1272 if (newsp) {
1273 newsp->refcnt = 1;
1274 newsp->req = NULL;
1275 }
1276
1277 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1278 printf("DP key_newsp from %s:%u return SP:%p\n",
1279 where, tag, newsp));
1280 return newsp;
1281 }
1282
1283 /*
1284 * create secpolicy structure from sadb_x_policy structure.
1285 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1286 * so must be set properly later.
1287 */
1288 struct secpolicy *
1289 key_msg2sp(xpl0, len, error)
1290 struct sadb_x_policy *xpl0;
1291 size_t len;
1292 int *error;
1293 {
1294 struct secpolicy *newsp;
1295
1296 /* sanity check */
1297 if (xpl0 == NULL)
1298 panic("key_msg2sp: NULL pointer was passed.\n");
1299 if (len < sizeof(*xpl0))
1300 panic("key_msg2sp: invalid length.\n");
1301 if (len != PFKEY_EXTLEN(xpl0)) {
1302 ipseclog((LOG_DEBUG, "key_msg2sp: Invalid msg length.\n"));
1303 *error = EINVAL;
1304 return NULL;
1305 }
1306
1307 if ((newsp = KEY_NEWSP()) == NULL) {
1308 *error = ENOBUFS;
1309 return NULL;
1310 }
1311
1312 newsp->spidx.dir = xpl0->sadb_x_policy_dir;
1313 newsp->policy = xpl0->sadb_x_policy_type;
1314
1315 /* check policy */
1316 switch (xpl0->sadb_x_policy_type) {
1317 case IPSEC_POLICY_DISCARD:
1318 case IPSEC_POLICY_NONE:
1319 case IPSEC_POLICY_ENTRUST:
1320 case IPSEC_POLICY_BYPASS:
1321 newsp->req = NULL;
1322 break;
1323
1324 case IPSEC_POLICY_IPSEC:
1325 {
1326 int tlen;
1327 struct sadb_x_ipsecrequest *xisr;
1328 struct ipsecrequest **p_isr = &newsp->req;
1329
1330 /* validity check */
1331 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
1332 ipseclog((LOG_DEBUG,
1333 "key_msg2sp: Invalid msg length.\n"));
1334 KEY_FREESP(&newsp);
1335 *error = EINVAL;
1336 return NULL;
1337 }
1338
1339 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
1340 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
1341
1342 while (tlen > 0) {
1343 /* length check */
1344 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
1345 ipseclog((LOG_DEBUG, "key_msg2sp: "
1346 "invalid ipsecrequest length.\n"));
1347 KEY_FREESP(&newsp);
1348 *error = EINVAL;
1349 return NULL;
1350 }
1351
1352 /* allocate request buffer */
1353 KMALLOC(*p_isr, struct ipsecrequest *, sizeof(**p_isr));
1354 if ((*p_isr) == NULL) {
1355 ipseclog((LOG_DEBUG,
1356 "key_msg2sp: No more memory.\n"));
1357 KEY_FREESP(&newsp);
1358 *error = ENOBUFS;
1359 return NULL;
1360 }
1361 bzero(*p_isr, sizeof(**p_isr));
1362
1363 /* set values */
1364 (*p_isr)->next = NULL;
1365
1366 switch (xisr->sadb_x_ipsecrequest_proto) {
1367 case IPPROTO_ESP:
1368 case IPPROTO_AH:
1369 case IPPROTO_IPCOMP:
1370 break;
1371 default:
1372 ipseclog((LOG_DEBUG,
1373 "key_msg2sp: invalid proto type=%u\n",
1374 xisr->sadb_x_ipsecrequest_proto));
1375 KEY_FREESP(&newsp);
1376 *error = EPROTONOSUPPORT;
1377 return NULL;
1378 }
1379 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
1380
1381 switch (xisr->sadb_x_ipsecrequest_mode) {
1382 case IPSEC_MODE_TRANSPORT:
1383 case IPSEC_MODE_TUNNEL:
1384 break;
1385 case IPSEC_MODE_ANY:
1386 default:
1387 ipseclog((LOG_DEBUG,
1388 "key_msg2sp: invalid mode=%u\n",
1389 xisr->sadb_x_ipsecrequest_mode));
1390 KEY_FREESP(&newsp);
1391 *error = EINVAL;
1392 return NULL;
1393 }
1394 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
1395
1396 switch (xisr->sadb_x_ipsecrequest_level) {
1397 case IPSEC_LEVEL_DEFAULT:
1398 case IPSEC_LEVEL_USE:
1399 case IPSEC_LEVEL_REQUIRE:
1400 break;
1401 case IPSEC_LEVEL_UNIQUE:
1402 /* validity check */
1403 /*
1404 * If range violation of reqid, kernel will
1405 * update it, don't refuse it.
1406 */
1407 if (xisr->sadb_x_ipsecrequest_reqid
1408 > IPSEC_MANUAL_REQID_MAX) {
1409 ipseclog((LOG_DEBUG,
1410 "key_msg2sp: reqid=%d range "
1411 "violation, updated by kernel.\n",
1412 xisr->sadb_x_ipsecrequest_reqid));
1413 xisr->sadb_x_ipsecrequest_reqid = 0;
1414 }
1415
1416 /* allocate new reqid id if reqid is zero. */
1417 if (xisr->sadb_x_ipsecrequest_reqid == 0) {
1418 u_int32_t reqid;
1419 if ((reqid = key_newreqid()) == 0) {
1420 KEY_FREESP(&newsp);
1421 *error = ENOBUFS;
1422 return NULL;
1423 }
1424 (*p_isr)->saidx.reqid = reqid;
1425 xisr->sadb_x_ipsecrequest_reqid = reqid;
1426 } else {
1427 /* set it for manual keying. */
1428 (*p_isr)->saidx.reqid =
1429 xisr->sadb_x_ipsecrequest_reqid;
1430 }
1431 break;
1432
1433 default:
1434 ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n",
1435 xisr->sadb_x_ipsecrequest_level));
1436 KEY_FREESP(&newsp);
1437 *error = EINVAL;
1438 return NULL;
1439 }
1440 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
1441
1442 /* set IP addresses if there */
1443 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
1444 struct sockaddr *paddr;
1445
1446 paddr = (struct sockaddr *)(xisr + 1);
1447
1448 /* validity check */
1449 if (paddr->sa_len
1450 > sizeof((*p_isr)->saidx.src)) {
1451 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1452 "address length.\n"));
1453 KEY_FREESP(&newsp);
1454 *error = EINVAL;
1455 return NULL;
1456 }
1457 bcopy(paddr, &(*p_isr)->saidx.src,
1458 paddr->sa_len);
1459
1460 paddr = (struct sockaddr *)((caddr_t)paddr
1461 + paddr->sa_len);
1462
1463 /* validity check */
1464 if (paddr->sa_len
1465 > sizeof((*p_isr)->saidx.dst)) {
1466 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1467 "address length.\n"));
1468 KEY_FREESP(&newsp);
1469 *error = EINVAL;
1470 return NULL;
1471 }
1472 bcopy(paddr, &(*p_isr)->saidx.dst,
1473 paddr->sa_len);
1474 }
1475
1476 (*p_isr)->sav = NULL;
1477 (*p_isr)->sp = newsp;
1478
1479 /* initialization for the next. */
1480 p_isr = &(*p_isr)->next;
1481 tlen -= xisr->sadb_x_ipsecrequest_len;
1482
1483 /* validity check */
1484 if (tlen < 0) {
1485 ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n"));
1486 KEY_FREESP(&newsp);
1487 *error = EINVAL;
1488 return NULL;
1489 }
1490
1491 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
1492 + xisr->sadb_x_ipsecrequest_len);
1493 }
1494 }
1495 break;
1496 default:
1497 ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n"));
1498 KEY_FREESP(&newsp);
1499 *error = EINVAL;
1500 return NULL;
1501 }
1502
1503 *error = 0;
1504 return newsp;
1505 }
1506
1507 static u_int32_t
1508 key_newreqid()
1509 {
1510 static u_int32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
1511
1512 auto_reqid = (auto_reqid == ~0
1513 ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
1514
1515 /* XXX should be unique check */
1516
1517 return auto_reqid;
1518 }
1519
1520 /*
1521 * copy secpolicy struct to sadb_x_policy structure indicated.
1522 */
1523 struct mbuf *
1524 key_sp2msg(sp)
1525 struct secpolicy *sp;
1526 {
1527 struct sadb_x_policy *xpl;
1528 int tlen;
1529 caddr_t p;
1530 struct mbuf *m;
1531
1532 /* sanity check. */
1533 if (sp == NULL)
1534 panic("key_sp2msg: NULL pointer was passed.\n");
1535
1536 tlen = key_getspreqmsglen(sp);
1537
1538 m = key_alloc_mbuf(tlen);
1539 if (!m || m->m_next) { /*XXX*/
1540 if (m)
1541 m_freem(m);
1542 return NULL;
1543 }
1544
1545 m->m_len = tlen;
1546 m->m_next = NULL;
1547 xpl = mtod(m, struct sadb_x_policy *);
1548 bzero(xpl, tlen);
1549
1550 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
1551 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
1552 xpl->sadb_x_policy_type = sp->policy;
1553 xpl->sadb_x_policy_dir = sp->spidx.dir;
1554 xpl->sadb_x_policy_id = sp->id;
1555 p = (caddr_t)xpl + sizeof(*xpl);
1556
1557 /* if is the policy for ipsec ? */
1558 if (sp->policy == IPSEC_POLICY_IPSEC) {
1559 struct sadb_x_ipsecrequest *xisr;
1560 struct ipsecrequest *isr;
1561
1562 for (isr = sp->req; isr != NULL; isr = isr->next) {
1563
1564 xisr = (struct sadb_x_ipsecrequest *)p;
1565
1566 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
1567 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
1568 xisr->sadb_x_ipsecrequest_level = isr->level;
1569 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
1570
1571 p += sizeof(*xisr);
1572 bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len);
1573 p += isr->saidx.src.sa.sa_len;
1574 bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len);
1575 p += isr->saidx.src.sa.sa_len;
1576
1577 xisr->sadb_x_ipsecrequest_len =
1578 PFKEY_ALIGN8(sizeof(*xisr)
1579 + isr->saidx.src.sa.sa_len
1580 + isr->saidx.dst.sa.sa_len);
1581 }
1582 }
1583
1584 return m;
1585 }
1586
1587 /* m will not be freed nor modified */
1588 static struct mbuf *
1589 #ifdef __STDC__
1590 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
1591 int ndeep, int nitem, ...)
1592 #else
1593 key_gather_mbuf(m, mhp, ndeep, nitem, va_alist)
1594 struct mbuf *m;
1595 const struct sadb_msghdr *mhp;
1596 int ndeep;
1597 int nitem;
1598 va_dcl
1599 #endif
1600 {
1601 va_list ap;
1602 int idx;
1603 int i;
1604 struct mbuf *result = NULL, *n;
1605 int len;
1606
1607 if (m == NULL || mhp == NULL)
1608 panic("null pointer passed to key_gather");
1609
1610 va_start(ap, nitem);
1611 for (i = 0; i < nitem; i++) {
1612 idx = va_arg(ap, int);
1613 if (idx < 0 || idx > SADB_EXT_MAX)
1614 goto fail;
1615 /* don't attempt to pull empty extension */
1616 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
1617 continue;
1618 if (idx != SADB_EXT_RESERVED &&
1619 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
1620 continue;
1621
1622 if (idx == SADB_EXT_RESERVED) {
1623 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
1624 #ifdef DIAGNOSTIC
1625 if (len > MHLEN)
1626 panic("assumption failed");
1627 #endif
1628 MGETHDR(n, M_DONTWAIT, MT_DATA);
1629 if (!n)
1630 goto fail;
1631 n->m_len = len;
1632 n->m_next = NULL;
1633 m_copydata(m, 0, sizeof(struct sadb_msg),
1634 mtod(n, caddr_t));
1635 } else if (i < ndeep) {
1636 len = mhp->extlen[idx];
1637 n = key_alloc_mbuf(len);
1638 if (!n || n->m_next) { /*XXX*/
1639 if (n)
1640 m_freem(n);
1641 goto fail;
1642 }
1643 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
1644 mtod(n, caddr_t));
1645 } else {
1646 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
1647 M_DONTWAIT);
1648 }
1649 if (n == NULL)
1650 goto fail;
1651
1652 if (result)
1653 m_cat(result, n);
1654 else
1655 result = n;
1656 }
1657 va_end(ap);
1658
1659 if ((result->m_flags & M_PKTHDR) != 0) {
1660 result->m_pkthdr.len = 0;
1661 for (n = result; n; n = n->m_next)
1662 result->m_pkthdr.len += n->m_len;
1663 }
1664
1665 return result;
1666
1667 fail:
1668 m_freem(result);
1669 return NULL;
1670 }
1671
1672 /*
1673 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
1674 * add an entry to SP database, when received
1675 * <base, address(SD), (lifetime(H),) policy>
1676 * from the user(?).
1677 * Adding to SP database,
1678 * and send
1679 * <base, address(SD), (lifetime(H),) policy>
1680 * to the socket which was send.
1681 *
1682 * SPDADD set a unique policy entry.
1683 * SPDSETIDX like SPDADD without a part of policy requests.
1684 * SPDUPDATE replace a unique policy entry.
1685 *
1686 * m will always be freed.
1687 */
1688 static int
1689 key_spdadd(so, m, mhp)
1690 struct socket *so;
1691 struct mbuf *m;
1692 const struct sadb_msghdr *mhp;
1693 {
1694 struct sadb_address *src0, *dst0;
1695 struct sadb_x_policy *xpl0, *xpl;
1696 struct sadb_lifetime *lft = NULL;
1697 struct secpolicyindex spidx;
1698 struct secpolicy *newsp;
1699 int error;
1700
1701 /* sanity check */
1702 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
1703 panic("key_spdadd: NULL pointer is passed.\n");
1704
1705 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
1706 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
1707 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
1708 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1709 return key_senderror(so, m, EINVAL);
1710 }
1711 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
1712 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
1713 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
1714 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1715 return key_senderror(so, m, EINVAL);
1716 }
1717 if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
1718 if (mhp->extlen[SADB_EXT_LIFETIME_HARD]
1719 < sizeof(struct sadb_lifetime)) {
1720 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1721 return key_senderror(so, m, EINVAL);
1722 }
1723 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
1724 }
1725
1726 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
1727 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
1728 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
1729
1730 /* make secindex */
1731 /* XXX boundary check against sa_len */
1732 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
1733 src0 + 1,
1734 dst0 + 1,
1735 src0->sadb_address_prefixlen,
1736 dst0->sadb_address_prefixlen,
1737 src0->sadb_address_proto,
1738 &spidx);
1739
1740 /* checking the direciton. */
1741 switch (xpl0->sadb_x_policy_dir) {
1742 case IPSEC_DIR_INBOUND:
1743 case IPSEC_DIR_OUTBOUND:
1744 break;
1745 default:
1746 ipseclog((LOG_DEBUG, "key_spdadd: Invalid SP direction.\n"));
1747 mhp->msg->sadb_msg_errno = EINVAL;
1748 return 0;
1749 }
1750
1751 /* check policy */
1752 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
1753 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST
1754 || xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
1755 ipseclog((LOG_DEBUG, "key_spdadd: Invalid policy type.\n"));
1756 return key_senderror(so, m, EINVAL);
1757 }
1758
1759 /* policy requests are mandatory when action is ipsec. */
1760 if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX
1761 && xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC
1762 && mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
1763 ipseclog((LOG_DEBUG, "key_spdadd: some policy requests part required.\n"));
1764 return key_senderror(so, m, EINVAL);
1765 }
1766
1767 /*
1768 * checking there is SP already or not.
1769 * SPDUPDATE doesn't depend on whether there is a SP or not.
1770 * If the type is either SPDADD or SPDSETIDX AND a SP is found,
1771 * then error.
1772 */
1773 newsp = key_getsp(&spidx);
1774 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
1775 if (newsp) {
1776 newsp->state = IPSEC_SPSTATE_DEAD;
1777 KEY_FREESP(&newsp);
1778 }
1779 } else {
1780 if (newsp != NULL) {
1781 KEY_FREESP(&newsp);
1782 ipseclog((LOG_DEBUG, "key_spdadd: a SP entry exists already.\n"));
1783 return key_senderror(so, m, EEXIST);
1784 }
1785 }
1786
1787 /* allocation new SP entry */
1788 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
1789 return key_senderror(so, m, error);
1790 }
1791
1792 if ((newsp->id = key_getnewspid()) == 0) {
1793 KFREE(newsp);
1794 return key_senderror(so, m, ENOBUFS);
1795 }
1796
1797 /* XXX boundary check against sa_len */
1798 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
1799 src0 + 1,
1800 dst0 + 1,
1801 src0->sadb_address_prefixlen,
1802 dst0->sadb_address_prefixlen,
1803 src0->sadb_address_proto,
1804 &newsp->spidx);
1805
1806 /* sanity check on addr pair */
1807 if (((struct sockaddr *)(src0 + 1))->sa_family !=
1808 ((struct sockaddr *)(dst0+ 1))->sa_family) {
1809 KFREE(newsp);
1810 return key_senderror(so, m, EINVAL);
1811 }
1812 if (((struct sockaddr *)(src0 + 1))->sa_len !=
1813 ((struct sockaddr *)(dst0+ 1))->sa_len) {
1814 KFREE(newsp);
1815 return key_senderror(so, m, EINVAL);
1816 }
1817 #if 1
1818 if (newsp->req && newsp->req->saidx.src.sa.sa_family) {
1819 struct sockaddr *sa;
1820 sa = (struct sockaddr *)(src0 + 1);
1821 if (sa->sa_family != newsp->req->saidx.src.sa.sa_family) {
1822 KFREE(newsp);
1823 return key_senderror(so, m, EINVAL);
1824 }
1825 }
1826 if (newsp->req && newsp->req->saidx.dst.sa.sa_family) {
1827 struct sockaddr *sa;
1828 sa = (struct sockaddr *)(dst0 + 1);
1829 if (sa->sa_family != newsp->req->saidx.dst.sa.sa_family) {
1830 KFREE(newsp);
1831 return key_senderror(so, m, EINVAL);
1832 }
1833 }
1834 #endif
1835
1836 newsp->created = time_second;
1837 newsp->lastused = newsp->created;
1838 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
1839 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
1840
1841 newsp->refcnt = 1; /* do not reclaim until I say I do */
1842 newsp->state = IPSEC_SPSTATE_ALIVE;
1843 LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain);
1844
1845 /* delete the entry in spacqtree */
1846 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
1847 struct secspacq *spacq;
1848 if ((spacq = key_getspacq(&spidx)) != NULL) {
1849 /* reset counter in order to deletion by timehandler. */
1850 spacq->created = time_second;
1851 spacq->count = 0;
1852 }
1853 }
1854
1855 {
1856 struct mbuf *n, *mpolicy;
1857 struct sadb_msg *newmsg;
1858 int off;
1859
1860 /* create new sadb_msg to reply. */
1861 if (lft) {
1862 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED,
1863 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD,
1864 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
1865 } else {
1866 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED,
1867 SADB_X_EXT_POLICY,
1868 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
1869 }
1870 if (!n)
1871 return key_senderror(so, m, ENOBUFS);
1872
1873 if (n->m_len < sizeof(*newmsg)) {
1874 n = m_pullup(n, sizeof(*newmsg));
1875 if (!n)
1876 return key_senderror(so, m, ENOBUFS);
1877 }
1878 newmsg = mtod(n, struct sadb_msg *);
1879 newmsg->sadb_msg_errno = 0;
1880 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
1881
1882 off = 0;
1883 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
1884 sizeof(*xpl), &off);
1885 if (mpolicy == NULL) {
1886 /* n is already freed */
1887 return key_senderror(so, m, ENOBUFS);
1888 }
1889 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off);
1890 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
1891 m_freem(n);
1892 return key_senderror(so, m, EINVAL);
1893 }
1894 xpl->sadb_x_policy_id = newsp->id;
1895
1896 m_freem(m);
1897 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
1898 }
1899 }
1900
1901 /*
1902 * get new policy id.
1903 * OUT:
1904 * 0: failure.
1905 * others: success.
1906 */
1907 static u_int32_t
1908 key_getnewspid()
1909 {
1910 u_int32_t newid = 0;
1911 int count = key_spi_trycnt; /* XXX */
1912 struct secpolicy *sp;
1913
1914 /* when requesting to allocate spi ranged */
1915 while (count--) {
1916 newid = (policy_id = (policy_id == ~0 ? 1 : policy_id + 1));
1917
1918 if ((sp = key_getspbyid(newid)) == NULL)
1919 break;
1920
1921 KEY_FREESP(&sp);
1922 }
1923
1924 if (count == 0 || newid == 0) {
1925 ipseclog((LOG_DEBUG, "key_getnewspid: to allocate policy id is failed.\n"));
1926 return 0;
1927 }
1928
1929 return newid;
1930 }
1931
1932 /*
1933 * SADB_SPDDELETE processing
1934 * receive
1935 * <base, address(SD), policy(*)>
1936 * from the user(?), and set SADB_SASTATE_DEAD,
1937 * and send,
1938 * <base, address(SD), policy(*)>
1939 * to the ikmpd.
1940 * policy(*) including direction of policy.
1941 *
1942 * m will always be freed.
1943 */
1944 static int
1945 key_spddelete(so, m, mhp)
1946 struct socket *so;
1947 struct mbuf *m;
1948 const struct sadb_msghdr *mhp;
1949 {
1950 struct sadb_address *src0, *dst0;
1951 struct sadb_x_policy *xpl0;
1952 struct secpolicyindex spidx;
1953 struct secpolicy *sp;
1954
1955 /* sanity check */
1956 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
1957 panic("key_spddelete: NULL pointer is passed.\n");
1958
1959 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
1960 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
1961 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
1962 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
1963 return key_senderror(so, m, EINVAL);
1964 }
1965 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
1966 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
1967 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
1968 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
1969 return key_senderror(so, m, EINVAL);
1970 }
1971
1972 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
1973 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
1974 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
1975
1976 /* make secindex */
1977 /* XXX boundary check against sa_len */
1978 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
1979 src0 + 1,
1980 dst0 + 1,
1981 src0->sadb_address_prefixlen,
1982 dst0->sadb_address_prefixlen,
1983 src0->sadb_address_proto,
1984 &spidx);
1985
1986 /* checking the direciton. */
1987 switch (xpl0->sadb_x_policy_dir) {
1988 case IPSEC_DIR_INBOUND:
1989 case IPSEC_DIR_OUTBOUND:
1990 break;
1991 default:
1992 ipseclog((LOG_DEBUG, "key_spddelete: Invalid SP direction.\n"));
1993 return key_senderror(so, m, EINVAL);
1994 }
1995
1996 /* Is there SP in SPD ? */
1997 if ((sp = key_getsp(&spidx)) == NULL) {
1998 ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n"));
1999 return key_senderror(so, m, EINVAL);
2000 }
2001
2002 /* save policy id to buffer to be returned. */
2003 xpl0->sadb_x_policy_id = sp->id;
2004
2005 sp->state = IPSEC_SPSTATE_DEAD;
2006 KEY_FREESP(&sp);
2007
2008 {
2009 struct mbuf *n;
2010 struct sadb_msg *newmsg;
2011
2012 /* create new sadb_msg to reply. */
2013 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
2014 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2015 if (!n)
2016 return key_senderror(so, m, ENOBUFS);
2017
2018 newmsg = mtod(n, struct sadb_msg *);
2019 newmsg->sadb_msg_errno = 0;
2020 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2021
2022 m_freem(m);
2023 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2024 }
2025 }
2026
2027 /*
2028 * SADB_SPDDELETE2 processing
2029 * receive
2030 * <base, policy(*)>
2031 * from the user(?), and set SADB_SASTATE_DEAD,
2032 * and send,
2033 * <base, policy(*)>
2034 * to the ikmpd.
2035 * policy(*) including direction of policy.
2036 *
2037 * m will always be freed.
2038 */
2039 static int
2040 key_spddelete2(so, m, mhp)
2041 struct socket *so;
2042 struct mbuf *m;
2043 const struct sadb_msghdr *mhp;
2044 {
2045 u_int32_t id;
2046 struct secpolicy *sp;
2047
2048 /* sanity check */
2049 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2050 panic("key_spddelete2: NULL pointer is passed.\n");
2051
2052 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2053 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2054 ipseclog((LOG_DEBUG, "key_spddelete2: invalid message is passed.\n"));
2055 key_senderror(so, m, EINVAL);
2056 return 0;
2057 }
2058
2059 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2060
2061 /* Is there SP in SPD ? */
2062 if ((sp = key_getspbyid(id)) == NULL) {
2063 ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n", id));
2064 key_senderror(so, m, EINVAL);
2065 }
2066
2067 sp->state = IPSEC_SPSTATE_DEAD;
2068 KEY_FREESP(&sp);
2069
2070 {
2071 struct mbuf *n, *nn;
2072 struct sadb_msg *newmsg;
2073 int off, len;
2074
2075 /* create new sadb_msg to reply. */
2076 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2077
2078 if (len > MCLBYTES)
2079 return key_senderror(so, m, ENOBUFS);
2080 MGETHDR(n, M_DONTWAIT, MT_DATA);
2081 if (n && len > MHLEN) {
2082 MCLGET(n, M_DONTWAIT);
2083 if ((n->m_flags & M_EXT) == 0) {
2084 m_freem(n);
2085 n = NULL;
2086 }
2087 }
2088 if (!n)
2089 return key_senderror(so, m, ENOBUFS);
2090
2091 n->m_len = len;
2092 n->m_next = NULL;
2093 off = 0;
2094
2095 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
2096 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
2097
2098 #ifdef DIAGNOSTIC
2099 if (off != len)
2100 panic("length inconsistency in key_spddelete2");
2101 #endif
2102
2103 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
2104 mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT);
2105 if (!n->m_next) {
2106 m_freem(n);
2107 return key_senderror(so, m, ENOBUFS);
2108 }
2109
2110 n->m_pkthdr.len = 0;
2111 for (nn = n; nn; nn = nn->m_next)
2112 n->m_pkthdr.len += nn->m_len;
2113
2114 newmsg = mtod(n, struct sadb_msg *);
2115 newmsg->sadb_msg_errno = 0;
2116 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2117
2118 m_freem(m);
2119 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2120 }
2121 }
2122
2123 /*
2124 * SADB_X_GET processing
2125 * receive
2126 * <base, policy(*)>
2127 * from the user(?),
2128 * and send,
2129 * <base, address(SD), policy>
2130 * to the ikmpd.
2131 * policy(*) including direction of policy.
2132 *
2133 * m will always be freed.
2134 */
2135 static int
2136 key_spdget(so, m, mhp)
2137 struct socket *so;
2138 struct mbuf *m;
2139 const struct sadb_msghdr *mhp;
2140 {
2141 u_int32_t id;
2142 struct secpolicy *sp;
2143 struct mbuf *n;
2144
2145 /* sanity check */
2146 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2147 panic("key_spdget: NULL pointer is passed.\n");
2148
2149 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2150 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2151 ipseclog((LOG_DEBUG, "key_spdget: invalid message is passed.\n"));
2152 return key_senderror(so, m, EINVAL);
2153 }
2154
2155 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2156
2157 /* Is there SP in SPD ? */
2158 if ((sp = key_getspbyid(id)) == NULL) {
2159 ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n", id));
2160 return key_senderror(so, m, ENOENT);
2161 }
2162
2163 n = key_setdumpsp(sp, SADB_X_SPDGET, 0, mhp->msg->sadb_msg_pid);
2164 if (n != NULL) {
2165 m_freem(m);
2166 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2167 } else
2168 return key_senderror(so, m, ENOBUFS);
2169 }
2170
2171 /*
2172 * SADB_X_SPDACQUIRE processing.
2173 * Acquire policy and SA(s) for a *OUTBOUND* packet.
2174 * send
2175 * <base, policy(*)>
2176 * to KMD, and expect to receive
2177 * <base> with SADB_X_SPDACQUIRE if error occured,
2178 * or
2179 * <base, policy>
2180 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
2181 * policy(*) is without policy requests.
2182 *
2183 * 0 : succeed
2184 * others: error number
2185 */
2186 int
2187 key_spdacquire(sp)
2188 struct secpolicy *sp;
2189 {
2190 struct mbuf *result = NULL, *m;
2191 struct secspacq *newspacq;
2192 int error;
2193
2194 /* sanity check */
2195 if (sp == NULL)
2196 panic("key_spdacquire: NULL pointer is passed.\n");
2197 if (sp->req != NULL)
2198 panic("key_spdacquire: called but there is request.\n");
2199 if (sp->policy != IPSEC_POLICY_IPSEC)
2200 panic("key_spdacquire: policy mismathed. IPsec is expected.\n");
2201
2202 /* Get an entry to check whether sent message or not. */
2203 if ((newspacq = key_getspacq(&sp->spidx)) != NULL) {
2204 if (key_blockacq_count < newspacq->count) {
2205 /* reset counter and do send message. */
2206 newspacq->count = 0;
2207 } else {
2208 /* increment counter and do nothing. */
2209 newspacq->count++;
2210 return 0;
2211 }
2212 } else {
2213 /* make new entry for blocking to send SADB_ACQUIRE. */
2214 if ((newspacq = key_newspacq(&sp->spidx)) == NULL)
2215 return ENOBUFS;
2216
2217 /* add to acqtree */
2218 LIST_INSERT_HEAD(&spacqtree, newspacq, chain);
2219 }
2220
2221 /* create new sadb_msg to reply. */
2222 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
2223 if (!m) {
2224 error = ENOBUFS;
2225 goto fail;
2226 }
2227 result = m;
2228
2229 result->m_pkthdr.len = 0;
2230 for (m = result; m; m = m->m_next)
2231 result->m_pkthdr.len += m->m_len;
2232
2233 mtod(result, struct sadb_msg *)->sadb_msg_len =
2234 PFKEY_UNIT64(result->m_pkthdr.len);
2235
2236 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED);
2237
2238 fail:
2239 if (result)
2240 m_freem(result);
2241 return error;
2242 }
2243
2244 /*
2245 * SADB_SPDFLUSH processing
2246 * receive
2247 * <base>
2248 * from the user, and free all entries in secpctree.
2249 * and send,
2250 * <base>
2251 * to the user.
2252 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
2253 *
2254 * m will always be freed.
2255 */
2256 static int
2257 key_spdflush(so, m, mhp)
2258 struct socket *so;
2259 struct mbuf *m;
2260 const struct sadb_msghdr *mhp;
2261 {
2262 struct sadb_msg *newmsg;
2263 struct secpolicy *sp;
2264 u_int dir;
2265
2266 /* sanity check */
2267 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2268 panic("key_spdflush: NULL pointer is passed.\n");
2269
2270 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
2271 return key_senderror(so, m, EINVAL);
2272
2273 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2274 LIST_FOREACH(sp, &sptree[dir], chain) {
2275 sp->state = IPSEC_SPSTATE_DEAD;
2276 }
2277 }
2278
2279 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
2280 ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n"));
2281 return key_senderror(so, m, ENOBUFS);
2282 }
2283
2284 if (m->m_next)
2285 m_freem(m->m_next);
2286 m->m_next = NULL;
2287 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2288 newmsg = mtod(m, struct sadb_msg *);
2289 newmsg->sadb_msg_errno = 0;
2290 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
2291
2292 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
2293 }
2294
2295 /*
2296 * SADB_SPDDUMP processing
2297 * receive
2298 * <base>
2299 * from the user, and dump all SP leaves
2300 * and send,
2301 * <base> .....
2302 * to the ikmpd.
2303 *
2304 * m will always be freed.
2305 */
2306 static int
2307 key_spddump(so, m, mhp)
2308 struct socket *so;
2309 struct mbuf *m;
2310 const struct sadb_msghdr *mhp;
2311 {
2312 struct secpolicy *sp;
2313 int cnt;
2314 u_int dir;
2315 struct mbuf *n;
2316
2317 /* sanity check */
2318 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2319 panic("key_spddump: NULL pointer is passed.\n");
2320
2321 /* search SPD entry and get buffer size. */
2322 cnt = 0;
2323 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2324 LIST_FOREACH(sp, &sptree[dir], chain) {
2325 cnt++;
2326 }
2327 }
2328
2329 if (cnt == 0)
2330 return key_senderror(so, m, ENOENT);
2331
2332 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2333 LIST_FOREACH(sp, &sptree[dir], chain) {
2334 --cnt;
2335 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
2336 mhp->msg->sadb_msg_pid);
2337
2338 if (n)
2339 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2340 }
2341 }
2342
2343 m_freem(m);
2344 return 0;
2345 }
2346
2347 static struct mbuf *
2348 key_setdumpsp(sp, type, seq, pid)
2349 struct secpolicy *sp;
2350 u_int8_t type;
2351 u_int32_t seq, pid;
2352 {
2353 struct mbuf *result = NULL, *m;
2354
2355 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
2356 if (!m)
2357 goto fail;
2358 result = m;
2359
2360 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2361 &sp->spidx.src.sa, sp->spidx.prefs,
2362 sp->spidx.ul_proto);
2363 if (!m)
2364 goto fail;
2365 m_cat(result, m);
2366
2367 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2368 &sp->spidx.dst.sa, sp->spidx.prefd,
2369 sp->spidx.ul_proto);
2370 if (!m)
2371 goto fail;
2372 m_cat(result, m);
2373
2374 m = key_sp2msg(sp);
2375 if (!m)
2376 goto fail;
2377 m_cat(result, m);
2378
2379 if ((result->m_flags & M_PKTHDR) == 0)
2380 goto fail;
2381
2382 if (result->m_len < sizeof(struct sadb_msg)) {
2383 result = m_pullup(result, sizeof(struct sadb_msg));
2384 if (result == NULL)
2385 goto fail;
2386 }
2387
2388 result->m_pkthdr.len = 0;
2389 for (m = result; m; m = m->m_next)
2390 result->m_pkthdr.len += m->m_len;
2391
2392 mtod(result, struct sadb_msg *)->sadb_msg_len =
2393 PFKEY_UNIT64(result->m_pkthdr.len);
2394
2395 return result;
2396
2397 fail:
2398 m_freem(result);
2399 return NULL;
2400 }
2401
2402 /*
2403 * get PFKEY message length for security policy and request.
2404 */
2405 static u_int
2406 key_getspreqmsglen(sp)
2407 struct secpolicy *sp;
2408 {
2409 u_int tlen;
2410
2411 tlen = sizeof(struct sadb_x_policy);
2412
2413 /* if is the policy for ipsec ? */
2414 if (sp->policy != IPSEC_POLICY_IPSEC)
2415 return tlen;
2416
2417 /* get length of ipsec requests */
2418 {
2419 struct ipsecrequest *isr;
2420 int len;
2421
2422 for (isr = sp->req; isr != NULL; isr = isr->next) {
2423 len = sizeof(struct sadb_x_ipsecrequest)
2424 + isr->saidx.src.sa.sa_len
2425 + isr->saidx.dst.sa.sa_len;
2426
2427 tlen += PFKEY_ALIGN8(len);
2428 }
2429 }
2430
2431 return tlen;
2432 }
2433
2434 /*
2435 * SADB_SPDEXPIRE processing
2436 * send
2437 * <base, address(SD), lifetime(CH), policy>
2438 * to KMD by PF_KEY.
2439 *
2440 * OUT: 0 : succeed
2441 * others : error number
2442 */
2443 static int
2444 key_spdexpire(sp)
2445 struct secpolicy *sp;
2446 {
2447 int s;
2448 struct mbuf *result = NULL, *m;
2449 int len;
2450 int error = -1;
2451 struct sadb_lifetime *lt;
2452
2453 /* XXX: Why do we lock ? */
2454 s = splnet(); /*called from softclock()*/
2455
2456 /* sanity check */
2457 if (sp == NULL)
2458 panic("key_spdexpire: NULL pointer is passed.\n");
2459
2460 /* set msg header */
2461 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
2462 if (!m) {
2463 error = ENOBUFS;
2464 goto fail;
2465 }
2466 result = m;
2467
2468 /* create lifetime extension (current and hard) */
2469 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
2470 m = key_alloc_mbuf(len);
2471 if (!m || m->m_next) { /*XXX*/
2472 if (m)
2473 m_freem(m);
2474 error = ENOBUFS;
2475 goto fail;
2476 }
2477 bzero(mtod(m, caddr_t), len);
2478 lt = mtod(m, struct sadb_lifetime *);
2479 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2480 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
2481 lt->sadb_lifetime_allocations = 0;
2482 lt->sadb_lifetime_bytes = 0;
2483 lt->sadb_lifetime_addtime = sp->created;
2484 lt->sadb_lifetime_usetime = sp->lastused;
2485 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
2486 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2487 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
2488 lt->sadb_lifetime_allocations = 0;
2489 lt->sadb_lifetime_bytes = 0;
2490 lt->sadb_lifetime_addtime = sp->lifetime;
2491 lt->sadb_lifetime_usetime = sp->validtime;
2492 m_cat(result, m);
2493
2494 /* set sadb_address for source */
2495 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2496 &sp->spidx.src.sa,
2497 sp->spidx.prefs, sp->spidx.ul_proto);
2498 if (!m) {
2499 error = ENOBUFS;
2500 goto fail;
2501 }
2502 m_cat(result, m);
2503
2504 /* set sadb_address for destination */
2505 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2506 &sp->spidx.dst.sa,
2507 sp->spidx.prefd, sp->spidx.ul_proto);
2508 if (!m) {
2509 error = ENOBUFS;
2510 goto fail;
2511 }
2512 m_cat(result, m);
2513
2514 /* set secpolicy */
2515 m = key_sp2msg(sp);
2516 if (!m) {
2517 error = ENOBUFS;
2518 goto fail;
2519 }
2520 m_cat(result, m);
2521
2522 if ((result->m_flags & M_PKTHDR) == 0) {
2523 error = EINVAL;
2524 goto fail;
2525 }
2526
2527 if (result->m_len < sizeof(struct sadb_msg)) {
2528 result = m_pullup(result, sizeof(struct sadb_msg));
2529 if (result == NULL) {
2530 error = ENOBUFS;
2531 goto fail;
2532 }
2533 }
2534
2535 result->m_pkthdr.len = 0;
2536 for (m = result; m; m = m->m_next)
2537 result->m_pkthdr.len += m->m_len;
2538
2539 mtod(result, struct sadb_msg *)->sadb_msg_len =
2540 PFKEY_UNIT64(result->m_pkthdr.len);
2541
2542 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
2543
2544 fail:
2545 if (result)
2546 m_freem(result);
2547 splx(s);
2548 return error;
2549 }
2550
2551 /* %%% SAD management */
2552 /*
2553 * allocating a memory for new SA head, and copy from the values of mhp.
2554 * OUT: NULL : failure due to the lack of memory.
2555 * others : pointer to new SA head.
2556 */
2557 static struct secashead *
2558 key_newsah(saidx)
2559 struct secasindex *saidx;
2560 {
2561 struct secashead *newsah;
2562
2563 KASSERT(saidx != NULL, ("key_newsaidx: null saidx"));
2564
2565 newsah = (struct secashead *)
2566 malloc(sizeof(struct secashead), M_SECA, M_NOWAIT|M_ZERO);
2567 if (newsah != NULL) {
2568 int i;
2569 for (i = 0; i < sizeof(newsah->savtree)/sizeof(newsah->savtree[0]); i++)
2570 LIST_INIT(&newsah->savtree[i]);
2571 newsah->saidx = *saidx;
2572
2573 /* add to saidxtree */
2574 newsah->state = SADB_SASTATE_MATURE;
2575 LIST_INSERT_HEAD(&sahtree, newsah, chain);
2576 }
2577 return(newsah);
2578 }
2579
2580 /*
2581 * delete SA index and all SA registerd.
2582 */
2583 static void
2584 key_delsah(sah)
2585 struct secashead *sah;
2586 {
2587 struct secasvar *sav, *nextsav;
2588 u_int stateidx, state;
2589 int s;
2590 int zombie = 0;
2591
2592 /* sanity check */
2593 if (sah == NULL)
2594 panic("key_delsah: NULL pointer is passed.\n");
2595
2596 s = splnet(); /*called from softclock()*/
2597
2598 /* searching all SA registerd in the secindex. */
2599 for (stateidx = 0;
2600 stateidx < _ARRAYLEN(saorder_state_any);
2601 stateidx++) {
2602
2603 state = saorder_state_any[stateidx];
2604 for (sav = (struct secasvar *)LIST_FIRST(&sah->savtree[state]);
2605 sav != NULL;
2606 sav = nextsav) {
2607
2608 nextsav = LIST_NEXT(sav, chain);
2609
2610 if (sav->refcnt == 0) {
2611 /* sanity check */
2612 KEY_CHKSASTATE(state, sav->state, "key_delsah");
2613 KEY_FREESAV(&sav);
2614 } else {
2615 /* give up to delete this sa */
2616 zombie++;
2617 }
2618 }
2619 }
2620
2621 /* don't delete sah only if there are savs. */
2622 if (zombie) {
2623 splx(s);
2624 return;
2625 }
2626
2627 if (sah->sa_route.ro_rt) {
2628 RTFREE(sah->sa_route.ro_rt);
2629 sah->sa_route.ro_rt = (struct rtentry *)NULL;
2630 }
2631
2632 /* remove from tree of SA index */
2633 if (__LIST_CHAINED(sah))
2634 LIST_REMOVE(sah, chain);
2635
2636 KFREE(sah);
2637
2638 splx(s);
2639 return;
2640 }
2641
2642 /*
2643 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
2644 * and copy the values of mhp into new buffer.
2645 * When SAD message type is GETSPI:
2646 * to set sequence number from acq_seq++,
2647 * to set zero to SPI.
2648 * not to call key_setsava().
2649 * OUT: NULL : fail
2650 * others : pointer to new secasvar.
2651 *
2652 * does not modify mbuf. does not free mbuf on error.
2653 */
2654 static struct secasvar *
2655 key_newsav(m, mhp, sah, errp, where, tag)
2656 struct mbuf *m;
2657 const struct sadb_msghdr *mhp;
2658 struct secashead *sah;
2659 int *errp;
2660 const char* where;
2661 int tag;
2662 {
2663 struct secasvar *newsav;
2664 const struct sadb_sa *xsa;
2665
2666 /* sanity check */
2667 if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL)
2668 panic("key_newsa: NULL pointer is passed.\n");
2669
2670 KMALLOC(newsav, struct secasvar *, sizeof(struct secasvar));
2671 if (newsav == NULL) {
2672 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
2673 *errp = ENOBUFS;
2674 goto done;
2675 }
2676 bzero((caddr_t)newsav, sizeof(struct secasvar));
2677
2678 switch (mhp->msg->sadb_msg_type) {
2679 case SADB_GETSPI:
2680 newsav->spi = 0;
2681
2682 #ifdef IPSEC_DOSEQCHECK
2683 /* sync sequence number */
2684 if (mhp->msg->sadb_msg_seq == 0)
2685 newsav->seq =
2686 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
2687 else
2688 #endif
2689 newsav->seq = mhp->msg->sadb_msg_seq;
2690 break;
2691
2692 case SADB_ADD:
2693 /* sanity check */
2694 if (mhp->ext[SADB_EXT_SA] == NULL) {
2695 KFREE(newsav), newsav = NULL;
2696 ipseclog((LOG_DEBUG, "key_newsa: invalid message is passed.\n"));
2697 *errp = EINVAL;
2698 goto done;
2699 }
2700 xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
2701 newsav->spi = xsa->sadb_sa_spi;
2702 newsav->seq = mhp->msg->sadb_msg_seq;
2703 break;
2704 default:
2705 KFREE(newsav), newsav = NULL;
2706 *errp = EINVAL;
2707 goto done;
2708 }
2709
2710 /* copy sav values */
2711 if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
2712 *errp = key_setsaval(newsav, m, mhp);
2713 if (*errp) {
2714 KFREE(newsav), newsav = NULL;
2715 goto done;
2716 }
2717 }
2718
2719 /* reset created */
2720 newsav->created = time_second;
2721 newsav->pid = mhp->msg->sadb_msg_pid;
2722
2723 /* add to satree */
2724 newsav->sah = sah;
2725 newsav->refcnt = 1;
2726 newsav->state = SADB_SASTATE_LARVAL;
2727 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
2728 secasvar, chain);
2729 done:
2730 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
2731 printf("DP key_newsav from %s:%u return SP:%p\n",
2732 where, tag, newsav));
2733
2734 return newsav;
2735 }
2736
2737 /*
2738 * free() SA variable entry.
2739 */
2740 static void
2741 key_delsav(sav)
2742 struct secasvar *sav;
2743 {
2744 KASSERT(sav != NULL, ("key_delsav: null sav"));
2745 KASSERT(sav->refcnt == 0,
2746 ("key_delsav: reference count %u > 0", sav->refcnt));
2747
2748 /* remove from SA header */
2749 if (__LIST_CHAINED(sav))
2750 LIST_REMOVE(sav, chain);
2751
2752 /*
2753 * Cleanup xform state. Note that zeroize'ing causes the
2754 * keys to be cleared; otherwise we must do it ourself.
2755 */
2756 if (sav->tdb_xform != NULL) {
2757 sav->tdb_xform->xf_zeroize(sav);
2758 sav->tdb_xform = NULL;
2759 } else {
2760 if (sav->key_auth != NULL)
2761 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
2762 if (sav->key_enc != NULL)
2763 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
2764 }
2765 if (sav->key_auth != NULL) {
2766 KFREE(sav->key_auth);
2767 sav->key_auth = NULL;
2768 }
2769 if (sav->key_enc != NULL) {
2770 KFREE(sav->key_enc);
2771 sav->key_enc = NULL;
2772 }
2773 if (sav->sched) {
2774 bzero(sav->sched, sav->schedlen);
2775 KFREE(sav->sched);
2776 sav->sched = NULL;
2777 }
2778 if (sav->replay != NULL) {
2779 KFREE(sav->replay);
2780 sav->replay = NULL;
2781 }
2782 if (sav->lft_c != NULL) {
2783 KFREE(sav->lft_c);
2784 sav->lft_c = NULL;
2785 }
2786 if (sav->lft_h != NULL) {
2787 KFREE(sav->lft_h);
2788 sav->lft_h = NULL;
2789 }
2790 if (sav->lft_s != NULL) {
2791 KFREE(sav->lft_s);
2792 sav->lft_s = NULL;
2793 }
2794 if (sav->iv != NULL) {
2795 KFREE(sav->iv);
2796 sav->iv = NULL;
2797 }
2798
2799 KFREE(sav);
2800
2801 return;
2802 }
2803
2804 /*
2805 * search SAD.
2806 * OUT:
2807 * NULL : not found
2808 * others : found, pointer to a SA.
2809 */
2810 static struct secashead *
2811 key_getsah(saidx)
2812 struct secasindex *saidx;
2813 {
2814 struct secashead *sah;
2815
2816 LIST_FOREACH(sah, &sahtree, chain) {
2817 if (sah->state == SADB_SASTATE_DEAD)
2818 continue;
2819 if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID))
2820 return sah;
2821 }
2822
2823 return NULL;
2824 }
2825
2826 /*
2827 * check not to be duplicated SPI.
2828 * NOTE: this function is too slow due to searching all SAD.
2829 * OUT:
2830 * NULL : not found
2831 * others : found, pointer to a SA.
2832 */
2833 static struct secasvar *
2834 key_checkspidup(saidx, spi)
2835 struct secasindex *saidx;
2836 u_int32_t spi;
2837 {
2838 struct secashead *sah;
2839 struct secasvar *sav;
2840
2841 /* check address family */
2842 if (saidx->src.sa.sa_family != saidx->dst.sa.sa_family) {
2843 ipseclog((LOG_DEBUG, "key_checkspidup: address family mismatched.\n"));
2844 return NULL;
2845 }
2846
2847 /* check all SAD */
2848 LIST_FOREACH(sah, &sahtree, chain) {
2849 if (!key_ismyaddr((struct sockaddr *)&sah->saidx.dst))
2850 continue;
2851 sav = key_getsavbyspi(sah, spi);
2852 if (sav != NULL)
2853 return sav;
2854 }
2855
2856 return NULL;
2857 }
2858
2859 /*
2860 * search SAD litmited alive SA, protocol, SPI.
2861 * OUT:
2862 * NULL : not found
2863 * others : found, pointer to a SA.
2864 */
2865 static struct secasvar *
2866 key_getsavbyspi(sah, spi)
2867 struct secashead *sah;
2868 u_int32_t spi;
2869 {
2870 struct secasvar *sav;
2871 u_int stateidx, state;
2872
2873 /* search all status */
2874 for (stateidx = 0;
2875 stateidx < _ARRAYLEN(saorder_state_alive);
2876 stateidx++) {
2877
2878 state = saorder_state_alive[stateidx];
2879 LIST_FOREACH(sav, &sah->savtree[state], chain) {
2880
2881 /* sanity check */
2882 if (sav->state != state) {
2883 ipseclog((LOG_DEBUG, "key_getsavbyspi: "
2884 "invalid sav->state (queue: %d SA: %d)\n",
2885 state, sav->state));
2886 continue;
2887 }
2888
2889 if (sav->spi == spi)
2890 return sav;
2891 }
2892 }
2893
2894 return NULL;
2895 }
2896
2897 /*
2898 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
2899 * You must update these if need.
2900 * OUT: 0: success.
2901 * !0: failure.
2902 *
2903 * does not modify mbuf. does not free mbuf on error.
2904 */
2905 static int
2906 key_setsaval(sav, m, mhp)
2907 struct secasvar *sav;
2908 struct mbuf *m;
2909 const struct sadb_msghdr *mhp;
2910 {
2911 int error = 0;
2912
2913 /* sanity check */
2914 if (m == NULL || mhp == NULL || mhp->msg == NULL)
2915 panic("key_setsaval: NULL pointer is passed.\n");
2916
2917 /* initialization */
2918 sav->replay = NULL;
2919 sav->key_auth = NULL;
2920 sav->key_enc = NULL;
2921 sav->sched = NULL;
2922 sav->schedlen = 0;
2923 sav->iv = NULL;
2924 sav->lft_c = NULL;
2925 sav->lft_h = NULL;
2926 sav->lft_s = NULL;
2927 sav->tdb_xform = NULL; /* transform */
2928 sav->tdb_encalgxform = NULL; /* encoding algorithm */
2929 sav->tdb_authalgxform = NULL; /* authentication algorithm */
2930 sav->tdb_compalgxform = NULL; /* compression algorithm */
2931
2932 /* SA */
2933 if (mhp->ext[SADB_EXT_SA] != NULL) {
2934 const struct sadb_sa *sa0;
2935
2936 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
2937 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
2938 error = EINVAL;
2939 goto fail;
2940 }
2941
2942 sav->alg_auth = sa0->sadb_sa_auth;
2943 sav->alg_enc = sa0->sadb_sa_encrypt;
2944 sav->flags = sa0->sadb_sa_flags;
2945
2946 /* replay window */
2947 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
2948 sav->replay = (struct secreplay *)
2949 malloc(sizeof(struct secreplay)+sa0->sadb_sa_replay, M_SECA, M_NOWAIT|M_ZERO);
2950 if (sav->replay == NULL) {
2951 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
2952 error = ENOBUFS;
2953 goto fail;
2954 }
2955 if (sa0->sadb_sa_replay != 0)
2956 sav->replay->bitmap = (caddr_t)(sav->replay+1);
2957 sav->replay->wsize = sa0->sadb_sa_replay;
2958 }
2959 }
2960
2961 /* Authentication keys */
2962 if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
2963 const struct sadb_key *key0;
2964 int len;
2965
2966 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
2967 len = mhp->extlen[SADB_EXT_KEY_AUTH];
2968
2969 error = 0;
2970 if (len < sizeof(*key0)) {
2971 error = EINVAL;
2972 goto fail;
2973 }
2974 switch (mhp->msg->sadb_msg_satype) {
2975 case SADB_SATYPE_AH:
2976 case SADB_SATYPE_ESP:
2977 case SADB_X_SATYPE_TCPSIGNATURE:
2978 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
2979 sav->alg_auth != SADB_X_AALG_NULL)
2980 error = EINVAL;
2981 break;
2982 case SADB_X_SATYPE_IPCOMP:
2983 default:
2984 error = EINVAL;
2985 break;
2986 }
2987 if (error) {
2988 ipseclog((LOG_DEBUG, "key_setsaval: invalid key_auth values.\n"));
2989 goto fail;
2990 }
2991
2992 sav->key_auth = (struct sadb_key *)key_newbuf(key0, len);
2993 if (sav->key_auth == NULL) {
2994 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
2995 error = ENOBUFS;
2996 goto fail;
2997 }
2998 }
2999
3000 /* Encryption key */
3001 if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
3002 const struct sadb_key *key0;
3003 int len;
3004
3005 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
3006 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
3007
3008 error = 0;
3009 if (len < sizeof(*key0)) {
3010 error = EINVAL;
3011 goto fail;
3012 }
3013 switch (mhp->msg->sadb_msg_satype) {
3014 case SADB_SATYPE_ESP:
3015 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3016 sav->alg_enc != SADB_EALG_NULL) {
3017 error = EINVAL;
3018 break;
3019 }
3020 sav->key_enc = (struct sadb_key *)key_newbuf(key0, len);
3021 if (sav->key_enc == NULL) {
3022 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3023 error = ENOBUFS;
3024 goto fail;
3025 }
3026 break;
3027 case SADB_X_SATYPE_IPCOMP:
3028 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
3029 error = EINVAL;
3030 sav->key_enc = NULL; /*just in case*/
3031 break;
3032 case SADB_SATYPE_AH:
3033 case SADB_X_SATYPE_TCPSIGNATURE:
3034 default:
3035 error = EINVAL;
3036 break;
3037 }
3038 if (error) {
3039 ipseclog((LOG_DEBUG, "key_setsatval: invalid key_enc value.\n"));
3040 goto fail;
3041 }
3042 }
3043
3044 /* set iv */
3045 sav->ivlen = 0;
3046
3047 switch (mhp->msg->sadb_msg_satype) {
3048 case SADB_SATYPE_AH:
3049 error = xform_init(sav, XF_AH);
3050 break;
3051 case SADB_SATYPE_ESP:
3052 error = xform_init(sav, XF_ESP);
3053 break;
3054 case SADB_X_SATYPE_IPCOMP:
3055 error = xform_init(sav, XF_IPCOMP);
3056 break;
3057 case SADB_X_SATYPE_TCPSIGNATURE:
3058 error = xform_init(sav, XF_TCPSIGNATURE);
3059 break;
3060 }
3061 if (error) {
3062 ipseclog((LOG_DEBUG,
3063 "key_setsaval: unable to initialize SA type %u.\n",
3064 mhp->msg->sadb_msg_satype));
3065 goto fail;
3066 }
3067
3068 /* reset created */
3069 sav->created = time_second;
3070
3071 /* make lifetime for CURRENT */
3072 KMALLOC(sav->lft_c, struct sadb_lifetime *,
3073 sizeof(struct sadb_lifetime));
3074 if (sav->lft_c == NULL) {
3075 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3076 error = ENOBUFS;
3077 goto fail;
3078 }
3079
3080 sav->lft_c->sadb_lifetime_len =
3081 PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3082 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
3083 sav->lft_c->sadb_lifetime_allocations = 0;
3084 sav->lft_c->sadb_lifetime_bytes = 0;
3085 sav->lft_c->sadb_lifetime_addtime = time_second;
3086 sav->lft_c->sadb_lifetime_usetime = 0;
3087
3088 /* lifetimes for HARD and SOFT */
3089 {
3090 const struct sadb_lifetime *lft0;
3091
3092 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
3093 if (lft0 != NULL) {
3094 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
3095 error = EINVAL;
3096 goto fail;
3097 }
3098 sav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0,
3099 sizeof(*lft0));
3100 if (sav->lft_h == NULL) {
3101 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3102 error = ENOBUFS;
3103 goto fail;
3104 }
3105 /* to be initialize ? */
3106 }
3107
3108 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
3109 if (lft0 != NULL) {
3110 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
3111 error = EINVAL;
3112 goto fail;
3113 }
3114 sav->lft_s = (struct sadb_lifetime *)key_newbuf(lft0,
3115 sizeof(*lft0));
3116 if (sav->lft_s == NULL) {
3117 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3118 error = ENOBUFS;
3119 goto fail;
3120 }
3121 /* to be initialize ? */
3122 }
3123 }
3124
3125 return 0;
3126
3127 fail:
3128 /* initialization */
3129 if (sav->replay != NULL) {
3130 KFREE(sav->replay);
3131 sav->replay = NULL;
3132 }
3133 if (sav->key_auth != NULL) {
3134 KFREE(sav->key_auth);
3135 sav->key_auth = NULL;
3136 }
3137 if (sav->key_enc != NULL) {
3138 KFREE(sav->key_enc);
3139 sav->key_enc = NULL;
3140 }
3141 if (sav->sched) {
3142 KFREE(sav->sched);
3143 sav->sched = NULL;
3144 }
3145 if (sav->iv != NULL) {
3146 KFREE(sav->iv);
3147 sav->iv = NULL;
3148 }
3149 if (sav->lft_c != NULL) {
3150 KFREE(sav->lft_c);
3151 sav->lft_c = NULL;
3152 }
3153 if (sav->lft_h != NULL) {
3154 KFREE(sav->lft_h);
3155 sav->lft_h = NULL;
3156 }
3157 if (sav->lft_s != NULL) {
3158 KFREE(sav->lft_s);
3159 sav->lft_s = NULL;
3160 }
3161
3162 return error;
3163 }
3164
3165 /*
3166 * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
3167 * OUT: 0: valid
3168 * other: errno
3169 */
3170 static int
3171 key_mature(sav)
3172 struct secasvar *sav;
3173 {
3174 int error;
3175
3176 /* check SPI value */
3177 switch (sav->sah->saidx.proto) {
3178 case IPPROTO_ESP:
3179 case IPPROTO_AH:
3180 if (ntohl(sav->spi) >= 0 && ntohl(sav->spi) <= 255) {
3181 ipseclog((LOG_DEBUG,
3182 "key_mature: illegal range of SPI %u.\n",
3183 (u_int32_t)ntohl(sav->spi)));
3184 return EINVAL;
3185 }
3186 break;
3187 }
3188
3189 /* check satype */
3190 switch (sav->sah->saidx.proto) {
3191 case IPPROTO_ESP:
3192 /* check flags */
3193 if ((sav->flags & (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) ==
3194 (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) {
3195 ipseclog((LOG_DEBUG, "key_mature: "
3196 "invalid flag (derived) given to old-esp.\n"));
3197 return EINVAL;
3198 }
3199 error = xform_init(sav, XF_ESP);
3200 break;
3201 case IPPROTO_AH:
3202 /* check flags */
3203 if (sav->flags & SADB_X_EXT_DERIV) {
3204 ipseclog((LOG_DEBUG, "key_mature: "
3205 "invalid flag (derived) given to AH SA.\n"));
3206 return EINVAL;
3207 }
3208 if (sav->alg_enc != SADB_EALG_NONE) {
3209 ipseclog((LOG_DEBUG, "key_mature: "
3210 "protocol and algorithm mismated.\n"));
3211 return(EINVAL);
3212 }
3213 error = xform_init(sav, XF_AH);
3214 break;
3215 case IPPROTO_IPCOMP:
3216 if (sav->alg_auth != SADB_AALG_NONE) {
3217 ipseclog((LOG_DEBUG, "key_mature: "
3218 "protocol and algorithm mismated.\n"));
3219 return(EINVAL);
3220 }
3221 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0
3222 && ntohl(sav->spi) >= 0x10000) {
3223 ipseclog((LOG_DEBUG, "key_mature: invalid cpi for IPComp.\n"));
3224 return(EINVAL);
3225 }
3226 error = xform_init(sav, XF_IPCOMP);
3227 break;
3228 case IPPROTO_TCP:
3229 if (sav->alg_enc != SADB_EALG_NONE) {
3230 ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
3231 "mismated.\n", __func__));
3232 return(EINVAL);
3233 }
3234 error = xform_init(sav, XF_TCPSIGNATURE);
3235 break;
3236 default:
3237 ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n"));
3238 error = EPROTONOSUPPORT;
3239 break;
3240 }
3241 if (error == 0)
3242 key_sa_chgstate(sav, SADB_SASTATE_MATURE);
3243 return (error);
3244 }
3245
3246 /*
3247 * subroutine for SADB_GET and SADB_DUMP.
3248 */
3249 static struct mbuf *
3250 key_setdumpsa(sav, type, satype, seq, pid)
3251 struct secasvar *sav;
3252 u_int8_t type, satype;
3253 u_int32_t seq, pid;
3254 {
3255 struct mbuf *result = NULL, *tres = NULL, *m;
3256 int l = 0;
3257 int i;
3258 void *p;
3259 int dumporder[] = {
3260 SADB_EXT_SA, SADB_X_EXT_SA2,
3261 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
3262 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
3263 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
3264 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
3265 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
3266 };
3267
3268 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
3269 if (m == NULL)
3270 goto fail;
3271 result = m;
3272
3273 for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) {
3274 m = NULL;
3275 p = NULL;
3276 switch (dumporder[i]) {
3277 case SADB_EXT_SA:
3278 m = key_setsadbsa(sav);
3279 if (!m)
3280 goto fail;
3281 break;
3282
3283 case SADB_X_EXT_SA2:
3284 m = key_setsadbxsa2(sav->sah->saidx.mode,
3285 sav->replay ? sav->replay->count : 0,
3286 sav->sah->saidx.reqid);
3287 if (!m)
3288 goto fail;
3289 break;
3290
3291 case SADB_EXT_ADDRESS_SRC:
3292 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3293 &sav->sah->saidx.src.sa,
3294 FULLMASK, IPSEC_ULPROTO_ANY);
3295 if (!m)
3296 goto fail;
3297 break;
3298
3299 case SADB_EXT_ADDRESS_DST:
3300 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3301 &sav->sah->saidx.dst.sa,
3302 FULLMASK, IPSEC_ULPROTO_ANY);
3303 if (!m)
3304 goto fail;
3305 break;
3306
3307 case SADB_EXT_KEY_AUTH:
3308 if (!sav->key_auth)
3309 continue;
3310 l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len);
3311 p = sav->key_auth;
3312 break;
3313
3314 case SADB_EXT_KEY_ENCRYPT:
3315 if (!sav->key_enc)
3316 continue;
3317 l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len);
3318 p = sav->key_enc;
3319 break;
3320
3321 case SADB_EXT_LIFETIME_CURRENT:
3322 if (!sav->lft_c)
3323 continue;
3324 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len);
3325 p = sav->lft_c;
3326 break;
3327
3328 case SADB_EXT_LIFETIME_HARD:
3329 if (!sav->lft_h)
3330 continue;
3331 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len);
3332 p = sav->lft_h;
3333 break;
3334
3335 case SADB_EXT_LIFETIME_SOFT:
3336 if (!sav->lft_s)
3337 continue;
3338 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len);
3339 p = sav->lft_s;
3340 break;
3341
3342 case SADB_EXT_ADDRESS_PROXY:
3343 case SADB_EXT_IDENTITY_SRC:
3344 case SADB_EXT_IDENTITY_DST:
3345 /* XXX: should we brought from SPD ? */
3346 case SADB_EXT_SENSITIVITY:
3347 default:
3348 continue;
3349 }
3350
3351 if ((!m && !p) || (m && p))
3352 goto fail;
3353 if (p && tres) {
3354 M_PREPEND(tres, l, M_DONTWAIT);
3355 if (!tres)
3356 goto fail;
3357 bcopy(p, mtod(tres, caddr_t), l);
3358 continue;
3359 }
3360 if (p) {
3361 m = key_alloc_mbuf(l);
3362 if (!m)
3363 goto fail;
3364 m_copyback(m, 0, l, p);
3365 }
3366
3367 if (tres)
3368 m_cat(m, tres);
3369 tres = m;
3370 }
3371
3372 m_cat(result, tres);
3373
3374 if (result->m_len < sizeof(struct sadb_msg)) {
3375 result = m_pullup(result, sizeof(struct sadb_msg));
3376 if (result == NULL)
3377 goto fail;
3378 }
3379
3380 result->m_pkthdr.len = 0;
3381 for (m = result; m; m = m->m_next)
3382 result->m_pkthdr.len += m->m_len;
3383
3384 mtod(result, struct sadb_msg *)->sadb_msg_len =
3385 PFKEY_UNIT64(result->m_pkthdr.len);
3386
3387 return result;
3388
3389 fail:
3390 m_freem(result);
3391 m_freem(tres);
3392 return NULL;
3393 }
3394
3395 /*
3396 * set data into sadb_msg.
3397 */
3398 static struct mbuf *
3399 key_setsadbmsg(type, tlen, satype, seq, pid, reserved)
3400 u_int8_t type, satype;
3401 u_int16_t tlen;
3402 u_int32_t seq;
3403 pid_t pid;
3404 u_int16_t reserved;
3405 {
3406 struct mbuf *m;
3407 struct sadb_msg *p;
3408 int len;
3409
3410 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
3411 if (len > MCLBYTES)
3412 return NULL;
3413 MGETHDR(m, M_DONTWAIT, MT_DATA);
3414 if (m && len > MHLEN) {
3415 MCLGET(m, M_DONTWAIT);
3416 if ((m->m_flags & M_EXT) == 0) {
3417 m_freem(m);
3418 m = NULL;
3419 }
3420 }
3421 if (!m)
3422 return NULL;
3423 m->m_pkthdr.len = m->m_len = len;
3424 m->m_next = NULL;
3425
3426 p = mtod(m, struct sadb_msg *);
3427
3428 bzero(p, len);
3429 p->sadb_msg_version = PF_KEY_V2;
3430 p->sadb_msg_type = type;
3431 p->sadb_msg_errno = 0;
3432 p->sadb_msg_satype = satype;
3433 p->sadb_msg_len = PFKEY_UNIT64(tlen);
3434 p->sadb_msg_reserved = reserved;
3435 p->sadb_msg_seq = seq;
3436 p->sadb_msg_pid = (u_int32_t)pid;
3437
3438 return m;
3439 }
3440
3441 /*
3442 * copy secasvar data into sadb_address.
3443 */
3444 static struct mbuf *
3445 key_setsadbsa(sav)
3446 struct secasvar *sav;
3447 {
3448 struct mbuf *m;
3449 struct sadb_sa *p;
3450 int len;
3451
3452 len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
3453 m = key_alloc_mbuf(len);
3454 if (!m || m->m_next) { /*XXX*/
3455 if (m)
3456 m_freem(m);
3457 return NULL;
3458 }
3459
3460 p = mtod(m, struct sadb_sa *);
3461
3462 bzero(p, len);
3463 p->sadb_sa_len = PFKEY_UNIT64(len);
3464 p->sadb_sa_exttype = SADB_EXT_SA;
3465 p->sadb_sa_spi = sav->spi;
3466 p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);
3467 p->sadb_sa_state = sav->state;
3468 p->sadb_sa_auth = sav->alg_auth;
3469 p->sadb_sa_encrypt = sav->alg_enc;
3470 p->sadb_sa_flags = sav->flags;
3471
3472 return m;
3473 }
3474
3475 /*
3476 * set data into sadb_address.
3477 */
3478 static struct mbuf *
3479 key_setsadbaddr(exttype, saddr, prefixlen, ul_proto)
3480 u_int16_t exttype;
3481 const struct sockaddr *saddr;
3482 u_int8_t prefixlen;
3483 u_int16_t ul_proto;
3484 {
3485 struct mbuf *m;
3486 struct sadb_address *p;
3487 size_t len;
3488
3489 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
3490 PFKEY_ALIGN8(saddr->sa_len);
3491 m = key_alloc_mbuf(len);
3492 if (!m || m->m_next) { /*XXX*/
3493 if (m)
3494 m_freem(m);
3495 return NULL;
3496 }
3497
3498 p = mtod(m, struct sadb_address *);
3499
3500 bzero(p, len);
3501 p->sadb_address_len = PFKEY_UNIT64(len);
3502 p->sadb_address_exttype = exttype;
3503 p->sadb_address_proto = ul_proto;
3504 if (prefixlen == FULLMASK) {
3505 switch (saddr->sa_family) {
3506 case AF_INET:
3507 prefixlen = sizeof(struct in_addr) << 3;
3508 break;
3509 case AF_INET6:
3510 prefixlen = sizeof(struct in6_addr) << 3;
3511 break;
3512 default:
3513 ; /*XXX*/
3514 }
3515 }
3516 p->sadb_address_prefixlen = prefixlen;
3517 p->sadb_address_reserved = 0;
3518
3519 bcopy(saddr,
3520 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
3521 saddr->sa_len);
3522
3523 return m;
3524 }
3525
3526 #if 0
3527 /*
3528 * set data into sadb_ident.
3529 */
3530 static struct mbuf *
3531 key_setsadbident(exttype, idtype, string, stringlen, id)
3532 u_int16_t exttype, idtype;
3533 caddr_t string;
3534 int stringlen;
3535 u_int64_t id;
3536 {
3537 struct mbuf *m;
3538 struct sadb_ident *p;
3539 size_t len;
3540
3541 len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen);
3542 m = key_alloc_mbuf(len);
3543 if (!m || m->m_next) { /*XXX*/
3544 if (m)
3545 m_freem(m);
3546 return NULL;
3547 }
3548
3549 p = mtod(m, struct sadb_ident *);
3550
3551 bzero(p, len);
3552 p->sadb_ident_len = PFKEY_UNIT64(len);
3553 p->sadb_ident_exttype = exttype;
3554 p->sadb_ident_type = idtype;
3555 p->sadb_ident_reserved = 0;
3556 p->sadb_ident_id = id;
3557
3558 bcopy(string,
3559 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_ident)),
3560 stringlen);
3561
3562 return m;
3563 }
3564 #endif
3565
3566 /*
3567 * set data into sadb_x_sa2.
3568 */
3569 static struct mbuf *
3570 key_setsadbxsa2(mode, seq, reqid)
3571 u_int8_t mode;
3572 u_int32_t seq, reqid;
3573 {
3574 struct mbuf *m;
3575 struct sadb_x_sa2 *p;
3576 size_t len;
3577
3578 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
3579 m = key_alloc_mbuf(len);
3580 if (!m || m->m_next) { /*XXX*/
3581 if (m)
3582 m_freem(m);
3583 return NULL;
3584 }
3585
3586 p = mtod(m, struct sadb_x_sa2 *);
3587
3588 bzero(p, len);
3589 p->sadb_x_sa2_len = PFKEY_UNIT64(len);
3590 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
3591 p->sadb_x_sa2_mode = mode;
3592 p->sadb_x_sa2_reserved1 = 0;
3593 p->sadb_x_sa2_reserved2 = 0;
3594 p->sadb_x_sa2_sequence = seq;
3595 p->sadb_x_sa2_reqid = reqid;
3596
3597 return m;
3598 }
3599
3600 /*
3601 * set data into sadb_x_policy
3602 */
3603 static struct mbuf *
3604 key_setsadbxpolicy(type, dir, id)
3605 u_int16_t type;
3606 u_int8_t dir;
3607 u_int32_t id;
3608 {
3609 struct mbuf *m;
3610 struct sadb_x_policy *p;
3611 size_t len;
3612
3613 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
3614 m = key_alloc_mbuf(len);
3615 if (!m || m->m_next) { /*XXX*/
3616 if (m)
3617 m_freem(m);
3618 return NULL;
3619 }
3620
3621 p = mtod(m, struct sadb_x_policy *);
3622
3623 bzero(p, len);
3624 p->sadb_x_policy_len = PFKEY_UNIT64(len);
3625 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3626 p->sadb_x_policy_type = type;
3627 p->sadb_x_policy_dir = dir;
3628 p->sadb_x_policy_id = id;
3629
3630 return m;
3631 }
3632
3633 /* %%% utilities */
3634 /*
3635 * copy a buffer into the new buffer allocated.
3636 */
3637 static void *
3638 key_newbuf(src, len)
3639 const void *src;
3640 u_int len;
3641 {
3642 caddr_t new;
3643
3644 KMALLOC(new, caddr_t, len);
3645 if (new == NULL) {
3646 ipseclog((LOG_DEBUG, "key_newbuf: No more memory.\n"));
3647 return NULL;
3648 }
3649 bcopy(src, new, len);
3650
3651 return new;
3652 }
3653
3654 /* compare my own address
3655 * OUT: 1: true, i.e. my address.
3656 * 0: false
3657 */
3658 int
3659 key_ismyaddr(sa)
3660 struct sockaddr *sa;
3661 {
3662 #ifdef INET
3663 struct sockaddr_in *sin;
3664 struct in_ifaddr *ia;
3665 #endif
3666
3667 /* sanity check */
3668 if (sa == NULL)
3669 panic("key_ismyaddr: NULL pointer is passed.\n");
3670
3671 switch (sa->sa_family) {
3672 #ifdef INET
3673 case AF_INET:
3674 sin = (struct sockaddr_in *)sa;
3675 for (ia = in_ifaddrhead.tqh_first; ia;
3676 ia = ia->ia_link.tqe_next)
3677 {
3678 if (sin->sin_family == ia->ia_addr.sin_family &&
3679 sin->sin_len == ia->ia_addr.sin_len &&
3680 sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr)
3681 {
3682 return 1;
3683 }
3684 }
3685 break;
3686 #endif
3687 #ifdef INET6
3688 case AF_INET6:
3689 return key_ismyaddr6((struct sockaddr_in6 *)sa);
3690 #endif
3691 }
3692
3693 return 0;
3694 }
3695
3696 #ifdef INET6
3697 /*
3698 * compare my own address for IPv6.
3699 * 1: ours
3700 * 0: other
3701 * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
3702 */
3703 #include <netinet6/in6_var.h>
3704
3705 static int
3706 key_ismyaddr6(sin6)
3707 struct sockaddr_in6 *sin6;
3708 {
3709 struct in6_ifaddr *ia;
3710 struct in6_multi *in6m;
3711
3712 for (ia = in6_ifaddr; ia; ia = ia->ia_next) {
3713 if (key_sockaddrcmp((struct sockaddr *)&sin6,
3714 (struct sockaddr *)&ia->ia_addr, 0) == 0)
3715 return 1;
3716
3717 /*
3718 * XXX Multicast
3719 * XXX why do we care about multlicast here while we don't care
3720 * about IPv4 multicast??
3721 * XXX scope
3722 */
3723 in6m = NULL;
3724 IN6_LOOKUP_MULTI(sin6->sin6_addr, ia->ia_ifp, in6m);
3725 if (in6m)
3726 return 1;
3727 }
3728
3729 /* loopback, just for safety */
3730 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
3731 return 1;
3732
3733 return 0;
3734 }
3735 #endif /*INET6*/
3736
3737 /*
3738 * compare two secasindex structure.
3739 * flag can specify to compare 2 saidxes.
3740 * compare two secasindex structure without both mode and reqid.
3741 * don't compare port.
3742 * IN:
3743 * saidx0: source, it can be in SAD.
3744 * saidx1: object.
3745 * OUT:
3746 * 1 : equal
3747 * 0 : not equal
3748 */
3749 static int
3750 key_cmpsaidx(
3751 const struct secasindex *saidx0,
3752 const struct secasindex *saidx1,
3753 int flag)
3754 {
3755 /* sanity */
3756 if (saidx0 == NULL && saidx1 == NULL)
3757 return 1;
3758
3759 if (saidx0 == NULL || saidx1 == NULL)
3760 return 0;
3761
3762 if (saidx0->proto != saidx1->proto)
3763 return 0;
3764
3765 if (flag == CMP_EXACTLY) {
3766 if (saidx0->mode != saidx1->mode)
3767 return 0;
3768 if (saidx0->reqid != saidx1->reqid)
3769 return 0;
3770 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.sa.sa_len) != 0 ||
3771 bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.sa.sa_len) != 0)
3772 return 0;
3773 } else {
3774
3775 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */
3776 if (flag == CMP_MODE_REQID
3777 ||flag == CMP_REQID) {
3778 /*
3779 * If reqid of SPD is non-zero, unique SA is required.
3780 * The result must be of same reqid in this case.
3781 */
3782 if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid)
3783 return 0;
3784 }
3785
3786 if (flag == CMP_MODE_REQID) {
3787 if (saidx0->mode != IPSEC_MODE_ANY
3788 && saidx0->mode != saidx1->mode)
3789 return 0;
3790 }
3791
3792 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, 0) != 0) {
3793 return 0;
3794 }
3795 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, 0) != 0) {
3796 return 0;
3797 }
3798 }
3799
3800 return 1;
3801 }
3802
3803 /*
3804 * compare two secindex structure exactly.
3805 * IN:
3806 * spidx0: source, it is often in SPD.
3807 * spidx1: object, it is often from PFKEY message.
3808 * OUT:
3809 * 1 : equal
3810 * 0 : not equal
3811 */
3812 static int
3813 key_cmpspidx_exactly(
3814 struct secpolicyindex *spidx0,
3815 struct secpolicyindex *spidx1)
3816 {
3817 /* sanity */
3818 if (spidx0 == NULL && spidx1 == NULL)
3819 return 1;
3820
3821 if (spidx0 == NULL || spidx1 == NULL)
3822 return 0;
3823
3824 if (spidx0->prefs != spidx1->prefs
3825 || spidx0->prefd != spidx1->prefd
3826 || spidx0->ul_proto != spidx1->ul_proto)
3827 return 0;
3828
3829 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 &&
3830 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0;
3831 }
3832
3833 /*
3834 * compare two secindex structure with mask.
3835 * IN:
3836 * spidx0: source, it is often in SPD.
3837 * spidx1: object, it is often from IP header.
3838 * OUT:
3839 * 1 : equal
3840 * 0 : not equal
3841 */
3842 static int
3843 key_cmpspidx_withmask(
3844 struct secpolicyindex *spidx0,
3845 struct secpolicyindex *spidx1)
3846 {
3847 /* sanity */
3848 if (spidx0 == NULL && spidx1 == NULL)
3849 return 1;
3850
3851 if (spidx0 == NULL || spidx1 == NULL)
3852 return 0;
3853
3854 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family ||
3855 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family ||
3856 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len ||
3857 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len)
3858 return 0;
3859
3860 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
3861 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY
3862 && spidx0->ul_proto != spidx1->ul_proto)
3863 return 0;
3864
3865 switch (spidx0->src.sa.sa_family) {
3866 case AF_INET:
3867 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY
3868 && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port)
3869 return 0;
3870 if (!key_bbcmp(&spidx0->src.sin.sin_addr,
3871 &spidx1->src.sin.sin_addr, spidx0->prefs))
3872 return 0;
3873 break;
3874 case AF_INET6:
3875 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY
3876 && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port)
3877 return 0;
3878 /*
3879 * scope_id check. if sin6_scope_id is 0, we regard it
3880 * as a wildcard scope, which matches any scope zone ID.
3881 */
3882 if (spidx0->src.sin6.sin6_scope_id &&
3883 spidx1->src.sin6.sin6_scope_id &&
3884 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id)
3885 return 0;
3886 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr,
3887 &spidx1->src.sin6.sin6_addr, spidx0->prefs))
3888 return 0;
3889 break;
3890 default:
3891 /* XXX */
3892 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0)
3893 return 0;
3894 break;
3895 }
3896
3897 switch (spidx0->dst.sa.sa_family) {
3898 case AF_INET:
3899 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY
3900 && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port)
3901 return 0;
3902 if (!key_bbcmp(&spidx0->dst.sin.sin_addr,
3903 &spidx1->dst.sin.sin_addr, spidx0->prefd))
3904 return 0;
3905 break;
3906 case AF_INET6:
3907 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY
3908 && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port)
3909 return 0;
3910 /*
3911 * scope_id check. if sin6_scope_id is 0, we regard it
3912 * as a wildcard scope, which matches any scope zone ID.
3913 */
3914 if (spidx0->src.sin6.sin6_scope_id &&
3915 spidx1->src.sin6.sin6_scope_id &&
3916 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id)
3917 return 0;
3918 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr,
3919 &spidx1->dst.sin6.sin6_addr, spidx0->prefd))
3920 return 0;
3921 break;
3922 default:
3923 /* XXX */
3924 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0)
3925 return 0;
3926 break;
3927 }
3928
3929 /* XXX Do we check other field ? e.g. flowinfo */
3930
3931 return 1;
3932 }
3933
3934 /* returns 0 on match */
3935 static int
3936 key_sockaddrcmp(
3937 const struct sockaddr *sa1,
3938 const struct sockaddr *sa2,
3939 int port)
3940 {
3941 #ifdef satosin
3942 #undef satosin
3943 #endif
3944 #define satosin(s) ((const struct sockaddr_in *)s)
3945 #ifdef satosin6
3946 #undef satosin6
3947 #endif
3948 #define satosin6(s) ((const struct sockaddr_in6 *)s)
3949 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
3950 return 1;
3951
3952 switch (sa1->sa_family) {
3953 case AF_INET:
3954 if (sa1->sa_len != sizeof(struct sockaddr_in))
3955 return 1;
3956 if (satosin(sa1)->sin_addr.s_addr !=
3957 satosin(sa2)->sin_addr.s_addr) {
3958 return 1;
3959 }
3960 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port)
3961 return 1;
3962 break;
3963 case AF_INET6:
3964 if (sa1->sa_len != sizeof(struct sockaddr_in6))
3965 return 1; /*EINVAL*/
3966 if (satosin6(sa1)->sin6_scope_id !=
3967 satosin6(sa2)->sin6_scope_id) {
3968 return 1;
3969 }
3970 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr,
3971 &satosin6(sa2)->sin6_addr)) {
3972 return 1;
3973 }
3974 if (port &&
3975 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) {
3976 return 1;
3977 }
3978 default:
3979 if (bcmp(sa1, sa2, sa1->sa_len) != 0)
3980 return 1;
3981 break;
3982 }
3983
3984 return 0;
3985 #undef satosin
3986 #undef satosin6
3987 }
3988
3989 /*
3990 * compare two buffers with mask.
3991 * IN:
3992 * addr1: source
3993 * addr2: object
3994 * bits: Number of bits to compare
3995 * OUT:
3996 * 1 : equal
3997 * 0 : not equal
3998 */
3999 static int
4000 key_bbcmp(const void *a1, const void *a2, u_int bits)
4001 {
4002 const unsigned char *p1 = a1;
4003 const unsigned char *p2 = a2;
4004
4005 /* XXX: This could be considerably faster if we compare a word
4006 * at a time, but it is complicated on LSB Endian machines */
4007
4008 /* Handle null pointers */
4009 if (p1 == NULL || p2 == NULL)
4010 return (p1 == p2);
4011
4012 while (bits >= 8) {
4013 if (*p1++ != *p2++)
4014 return 0;
4015 bits -= 8;
4016 }
4017
4018 if (bits > 0) {
4019 u_int8_t mask = ~((1<<(8-bits))-1);
4020 if ((*p1 & mask) != (*p2 & mask))
4021 return 0;
4022 }
4023 return 1; /* Match! */
4024 }
4025
4026 /*
4027 * time handler.
4028 * scanning SPD and SAD to check status for each entries,
4029 * and do to remove or to expire.
4030 * XXX: year 2038 problem may remain.
4031 */
4032 void
4033 key_timehandler(void)
4034 {
4035 u_int dir;
4036 int s;
4037 time_t now = time_second;
4038
4039 s = splnet(); /*called from softclock()*/
4040
4041 /* SPD */
4042 {
4043 struct secpolicy *sp, *nextsp;
4044
4045 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
4046 for (sp = LIST_FIRST(&sptree[dir]);
4047 sp != NULL;
4048 sp = nextsp) {
4049
4050 nextsp = LIST_NEXT(sp, chain);
4051
4052 if (sp->state == IPSEC_SPSTATE_DEAD) {
4053 KEY_FREESP(&sp);
4054 continue;
4055 }
4056
4057 if (sp->lifetime == 0 && sp->validtime == 0)
4058 continue;
4059
4060 /* the deletion will occur next time */
4061 if ((sp->lifetime && now - sp->created > sp->lifetime)
4062 || (sp->validtime && now - sp->lastused > sp->validtime)) {
4063 sp->state = IPSEC_SPSTATE_DEAD;
4064 key_spdexpire(sp);
4065 continue;
4066 }
4067 }
4068 }
4069 }
4070
4071 /* SAD */
4072 {
4073 struct secashead *sah, *nextsah;
4074 struct secasvar *sav, *nextsav;
4075
4076 for (sah = LIST_FIRST(&sahtree);
4077 sah != NULL;
4078 sah = nextsah) {
4079
4080 nextsah = LIST_NEXT(sah, chain);
4081
4082 /* if sah has been dead, then delete it and process next sah. */
4083 if (sah->state == SADB_SASTATE_DEAD) {
4084 key_delsah(sah);
4085 continue;
4086 }
4087
4088 /* if LARVAL entry doesn't become MATURE, delete it. */
4089 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]);
4090 sav != NULL;
4091 sav = nextsav) {
4092
4093 nextsav = LIST_NEXT(sav, chain);
4094
4095 if (now - sav->created > key_larval_lifetime) {
4096 KEY_FREESAV(&sav);
4097 }
4098 }
4099
4100 /*
4101 * check MATURE entry to start to send expire message
4102 * whether or not.
4103 */
4104 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);
4105 sav != NULL;
4106 sav = nextsav) {
4107
4108 nextsav = LIST_NEXT(sav, chain);
4109
4110 /* we don't need to check. */
4111 if (sav->lft_s == NULL)
4112 continue;
4113
4114 /* sanity check */
4115 if (sav->lft_c == NULL) {
4116 ipseclog((LOG_DEBUG,"key_timehandler: "
4117 "There is no CURRENT time, why?\n"));
4118 continue;
4119 }
4120
4121 /* check SOFT lifetime */
4122 if (sav->lft_s->sadb_lifetime_addtime != 0
4123 && now - sav->created > sav->lft_s->sadb_lifetime_addtime) {
4124 /*
4125 * check SA to be used whether or not.
4126 * when SA hasn't been used, delete it.
4127 */
4128 if (sav->lft_c->sadb_lifetime_usetime == 0) {
4129 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4130 KEY_FREESAV(&sav);
4131 } else {
4132 key_sa_chgstate(sav, SADB_SASTATE_DYING);
4133 /*
4134 * XXX If we keep to send expire
4135 * message in the status of
4136 * DYING. Do remove below code.
4137 */
4138 key_expire(sav);
4139 }
4140 }
4141 /* check SOFT lifetime by bytes */
4142 /*
4143 * XXX I don't know the way to delete this SA
4144 * when new SA is installed. Caution when it's
4145 * installed too big lifetime by time.
4146 */
4147 else if (sav->lft_s->sadb_lifetime_bytes != 0
4148 && sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
4149
4150 key_sa_chgstate(sav, SADB_SASTATE_DYING);
4151 /*
4152 * XXX If we keep to send expire
4153 * message in the status of
4154 * DYING. Do remove below code.
4155 */
4156 key_expire(sav);
4157 }
4158 }
4159
4160 /* check DYING entry to change status to DEAD. */
4161 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]);
4162 sav != NULL;
4163 sav = nextsav) {
4164
4165 nextsav = LIST_NEXT(sav, chain);
4166
4167 /* we don't need to check. */
4168 if (sav->lft_h == NULL)
4169 continue;
4170
4171 /* sanity check */
4172 if (sav->lft_c == NULL) {
4173 ipseclog((LOG_DEBUG, "key_timehandler: "
4174 "There is no CURRENT time, why?\n"));
4175 continue;
4176 }
4177
4178 if (sav->lft_h->sadb_lifetime_addtime != 0
4179 && now - sav->created > sav->lft_h->sadb_lifetime_addtime) {
4180 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4181 KEY_FREESAV(&sav);
4182 }
4183 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
4184 else if (sav->lft_s != NULL
4185 && sav->lft_s->sadb_lifetime_addtime != 0
4186 && now - sav->created > sav->lft_s->sadb_lifetime_addtime) {
4187 /*
4188 * XXX: should be checked to be
4189 * installed the valid SA.
4190 */
4191
4192 /*
4193 * If there is no SA then sending
4194 * expire message.
4195 */
4196 key_expire(sav);
4197 }
4198 #endif
4199 /* check HARD lifetime by bytes */
4200 else if (sav->lft_h->sadb_lifetime_bytes != 0
4201 && sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
4202 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4203 KEY_FREESAV(&sav);
4204 }
4205 }
4206
4207 /* delete entry in DEAD */
4208 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]);
4209 sav != NULL;
4210 sav = nextsav) {
4211
4212 nextsav = LIST_NEXT(sav, chain);
4213
4214 /* sanity check */
4215 if (sav->state != SADB_SASTATE_DEAD) {
4216 ipseclog((LOG_DEBUG, "key_timehandler: "
4217 "invalid sav->state "
4218 "(queue: %d SA: %d): "
4219 "kill it anyway\n",
4220 SADB_SASTATE_DEAD, sav->state));
4221 }
4222
4223 /*
4224 * do not call key_freesav() here.
4225 * sav should already be freed, and sav->refcnt
4226 * shows other references to sav
4227 * (such as from SPD).
4228 */
4229 }
4230 }
4231 }
4232
4233 #ifndef IPSEC_NONBLOCK_ACQUIRE
4234 /* ACQ tree */
4235 {
4236 struct secacq *acq, *nextacq;
4237
4238 for (acq = LIST_FIRST(&acqtree);
4239 acq != NULL;
4240 acq = nextacq) {
4241
4242 nextacq = LIST_NEXT(acq, chain);
4243
4244 if (now - acq->created > key_blockacq_lifetime
4245 && __LIST_CHAINED(acq)) {
4246 LIST_REMOVE(acq, chain);
4247 KFREE(acq);
4248 }
4249 }
4250 }
4251 #endif
4252
4253 /* SP ACQ tree */
4254 {
4255 struct secspacq *acq, *nextacq;
4256
4257 for (acq = LIST_FIRST(&spacqtree);
4258 acq != NULL;
4259 acq = nextacq) {
4260
4261 nextacq = LIST_NEXT(acq, chain);
4262
4263 if (now - acq->created > key_blockacq_lifetime
4264 && __LIST_CHAINED(acq)) {
4265 LIST_REMOVE(acq, chain);
4266 KFREE(acq);
4267 }
4268 }
4269 }
4270
4271 /* initialize random seed */
4272 if (key_tick_init_random++ > key_int_random) {
4273 key_tick_init_random = 0;
4274 key_srandom();
4275 }
4276
4277 #ifndef IPSEC_DEBUG2
4278 /* do exchange to tick time !! */
4279 (void)timeout((void *)key_timehandler, (void *)0, hz);
4280 #endif /* IPSEC_DEBUG2 */
4281
4282 splx(s);
4283 return;
4284 }
4285
4286 /*
4287 * to initialize a seed for random()
4288 */
4289 static void
4290 key_srandom()
4291 {
4292 srandom(time_second);
4293 }
4294
4295 u_long
4296 key_random()
4297 {
4298 u_long value;
4299
4300 key_randomfill(&value, sizeof(value));
4301 return value;
4302 }
4303
4304 void
4305 key_randomfill(p, l)
4306 void *p;
4307 size_t l;
4308 {
4309 size_t n;
4310 u_long v;
4311 static int warn = 1;
4312
4313 n = 0;
4314 n = (size_t)read_random(p, (u_int)l);
4315 /* last resort */
4316 while (n < l) {
4317 v = random();
4318 bcopy(&v, (u_int8_t *)p + n,
4319 l - n < sizeof(v) ? l - n : sizeof(v));
4320 n += sizeof(v);
4321
4322 if (warn) {
4323 printf("WARNING: pseudo-random number generator "
4324 "used for IPsec processing\n");
4325 warn = 0;
4326 }
4327 }
4328 }
4329
4330 /*
4331 * map SADB_SATYPE_* to IPPROTO_*.
4332 * if satype == SADB_SATYPE then satype is mapped to ~0.
4333 * OUT:
4334 * 0: invalid satype.
4335 */
4336 static u_int16_t
4337 key_satype2proto(satype)
4338 u_int8_t satype;
4339 {
4340 switch (satype) {
4341 case SADB_SATYPE_UNSPEC:
4342 return IPSEC_PROTO_ANY;
4343 case SADB_SATYPE_AH:
4344 return IPPROTO_AH;
4345 case SADB_SATYPE_ESP:
4346 return IPPROTO_ESP;
4347 case SADB_X_SATYPE_IPCOMP:
4348 return IPPROTO_IPCOMP;
4349 case SADB_X_SATYPE_TCPSIGNATURE:
4350 return IPPROTO_TCP;
4351 default:
4352 return 0;
4353 }
4354 /* NOTREACHED */
4355 }
4356
4357 /*
4358 * map IPPROTO_* to SADB_SATYPE_*
4359 * OUT:
4360 * 0: invalid protocol type.
4361 */
4362 static u_int8_t
4363 key_proto2satype(proto)
4364 u_int16_t proto;
4365 {
4366 switch (proto) {
4367 case IPPROTO_AH:
4368 return SADB_SATYPE_AH;
4369 case IPPROTO_ESP:
4370 return SADB_SATYPE_ESP;
4371 case IPPROTO_IPCOMP:
4372 return SADB_X_SATYPE_IPCOMP;
4373 case IPPROTO_TCP:
4374 return SADB_X_SATYPE_TCPSIGNATURE;
4375 default:
4376 return 0;
4377 }
4378 /* NOTREACHED */
4379 }
4380
4381 /* %%% PF_KEY */
4382 /*
4383 * SADB_GETSPI processing is to receive
4384 * <base, (SA2), src address, dst address, (SPI range)>
4385 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
4386 * tree with the status of LARVAL, and send
4387 * <base, SA(*), address(SD)>
4388 * to the IKMPd.
4389 *
4390 * IN: mhp: pointer to the pointer to each header.
4391 * OUT: NULL if fail.
4392 * other if success, return pointer to the message to send.
4393 */
4394 static int
4395 key_getspi(so, m, mhp)
4396 struct socket *so;
4397 struct mbuf *m;
4398 const struct sadb_msghdr *mhp;
4399 {
4400 struct sadb_address *src0, *dst0;
4401 struct secasindex saidx;
4402 struct secashead *newsah;
4403 struct secasvar *newsav;
4404 u_int8_t proto;
4405 u_int32_t spi;
4406 u_int8_t mode;
4407 u_int32_t reqid;
4408 int error;
4409
4410 /* sanity check */
4411 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
4412 panic("key_getspi: NULL pointer is passed.\n");
4413
4414 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
4415 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
4416 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
4417 return key_senderror(so, m, EINVAL);
4418 }
4419 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
4420 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
4421 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
4422 return key_senderror(so, m, EINVAL);
4423 }
4424 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
4425 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
4426 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
4427 } else {
4428 mode = IPSEC_MODE_ANY;
4429 reqid = 0;
4430 }
4431
4432 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
4433 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
4434
4435 /* map satype to proto */
4436 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
4437 ipseclog((LOG_DEBUG, "key_getspi: invalid satype is passed.\n"));
4438 return key_senderror(so, m, EINVAL);
4439 }
4440
4441 /* make sure if port number is zero. */
4442 switch (((struct sockaddr *)(src0 + 1))->sa_family) {
4443 case AF_INET:
4444 if (((struct sockaddr *)(src0 + 1))->sa_len !=
4445 sizeof(struct sockaddr_in))
4446 return key_senderror(so, m, EINVAL);
4447 ((struct sockaddr_in *)(src0 + 1))->sin_port = 0;
4448 break;
4449 case AF_INET6:
4450 if (((struct sockaddr *)(src0 + 1))->sa_len !=
4451 sizeof(struct sockaddr_in6))
4452 return key_senderror(so, m, EINVAL);
4453 ((struct sockaddr_in6 *)(src0 + 1))->sin6_port = 0;
4454 break;
4455 default:
4456 ; /*???*/
4457 }
4458 switch (((struct sockaddr *)(dst0 + 1))->sa_family) {
4459 case AF_INET:
4460 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
4461 sizeof(struct sockaddr_in))
4462 return key_senderror(so, m, EINVAL);
4463 ((struct sockaddr_in *)(dst0 + 1))->sin_port = 0;
4464 break;
4465 case AF_INET6:
4466 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
4467 sizeof(struct sockaddr_in6))
4468 return key_senderror(so, m, EINVAL);
4469 ((struct sockaddr_in6 *)(dst0 + 1))->sin6_port = 0;
4470 break;
4471 default:
4472 ; /*???*/
4473 }
4474
4475 /* XXX boundary check against sa_len */
4476 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
4477
4478 /* SPI allocation */
4479 spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE],
4480 &saidx);
4481 if (spi == 0)
4482 return key_senderror(so, m, EINVAL);
4483
4484 /* get a SA index */
4485 if ((newsah = key_getsah(&saidx)) == NULL) {
4486 /* create a new SA index */
4487 if ((newsah = key_newsah(&saidx)) == NULL) {
4488 ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n"));
4489 return key_senderror(so, m, ENOBUFS);
4490 }
4491 }
4492
4493 /* get a new SA */
4494 /* XXX rewrite */
4495 newsav = KEY_NEWSAV(m, mhp, newsah, &error);
4496 if (newsav == NULL) {
4497 /* XXX don't free new SA index allocated in above. */
4498 return key_senderror(so, m, error);
4499 }
4500
4501 /* set spi */
4502 newsav->spi = htonl(spi);
4503
4504 #ifndef IPSEC_NONBLOCK_ACQUIRE
4505 /* delete the entry in acqtree */
4506 if (mhp->msg->sadb_msg_seq != 0) {
4507 struct secacq *acq;
4508 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
4509 /* reset counter in order to deletion by timehandler. */
4510 acq->created = time_second;
4511 acq->count = 0;
4512 }
4513 }
4514 #endif
4515
4516 {
4517 struct mbuf *n, *nn;
4518 struct sadb_sa *m_sa;
4519 struct sadb_msg *newmsg;
4520 int off, len;
4521
4522 /* create new sadb_msg to reply. */
4523 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
4524 PFKEY_ALIGN8(sizeof(struct sadb_sa));
4525 if (len > MCLBYTES)
4526 return key_senderror(so, m, ENOBUFS);
4527
4528 MGETHDR(n, M_DONTWAIT, MT_DATA);
4529 if (len > MHLEN) {
4530 MCLGET(n, M_DONTWAIT);
4531 if ((n->m_flags & M_EXT) == 0) {
4532 m_freem(n);
4533 n = NULL;
4534 }
4535 }
4536 if (!n)
4537 return key_senderror(so, m, ENOBUFS);
4538
4539 n->m_len = len;
4540 n->m_next = NULL;
4541 off = 0;
4542
4543 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
4544 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
4545
4546 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off);
4547 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
4548 m_sa->sadb_sa_exttype = SADB_EXT_SA;
4549 m_sa->sadb_sa_spi = htonl(spi);
4550 off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
4551
4552 #ifdef DIAGNOSTIC
4553 if (off != len)
4554 panic("length inconsistency in key_getspi");
4555 #endif
4556
4557 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC,
4558 SADB_EXT_ADDRESS_DST);
4559 if (!n->m_next) {
4560 m_freem(n);
4561 return key_senderror(so, m, ENOBUFS);
4562 }
4563
4564 if (n->m_len < sizeof(struct sadb_msg)) {
4565 n = m_pullup(n, sizeof(struct sadb_msg));
4566 if (n == NULL)
4567 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
4568 }
4569
4570 n->m_pkthdr.len = 0;
4571 for (nn = n; nn; nn = nn->m_next)
4572 n->m_pkthdr.len += nn->m_len;
4573
4574 newmsg = mtod(n, struct sadb_msg *);
4575 newmsg->sadb_msg_seq = newsav->seq;
4576 newmsg->sadb_msg_errno = 0;
4577 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
4578
4579 m_freem(m);
4580 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
4581 }
4582 }
4583
4584 /*
4585 * allocating new SPI
4586 * called by key_getspi().
4587 * OUT:
4588 * 0: failure.
4589 * others: success.
4590 */
4591 static u_int32_t
4592 key_do_getnewspi(spirange, saidx)
4593 struct sadb_spirange *spirange;
4594 struct secasindex *saidx;
4595 {
4596 u_int32_t newspi;
4597 u_int32_t min, max;
4598 int count = key_spi_trycnt;
4599
4600 /* set spi range to allocate */
4601 if (spirange != NULL) {
4602 min = spirange->sadb_spirange_min;
4603 max = spirange->sadb_spirange_max;
4604 } else {
4605 min = key_spi_minval;
4606 max = key_spi_maxval;
4607 }
4608 /* IPCOMP needs 2-byte SPI */
4609 if (saidx->proto == IPPROTO_IPCOMP) {
4610 u_int32_t t;
4611 if (min >= 0x10000)
4612 min = 0xffff;
4613 if (max >= 0x10000)
4614 max = 0xffff;
4615 if (min > max) {
4616 t = min; min = max; max = t;
4617 }
4618 }
4619
4620 if (min == max) {
4621 if (key_checkspidup(saidx, min) != NULL) {
4622 ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", min));
4623 return 0;
4624 }
4625
4626 count--; /* taking one cost. */
4627 newspi = min;
4628
4629 } else {
4630
4631 /* init SPI */
4632 newspi = 0;
4633
4634 /* when requesting to allocate spi ranged */
4635 while (count--) {
4636 /* generate pseudo-random SPI value ranged. */
4637 newspi = min + (key_random() % (max - min + 1));
4638
4639 if (key_checkspidup(saidx, newspi) == NULL)
4640 break;
4641 }
4642
4643 if (count == 0 || newspi == 0) {
4644 ipseclog((LOG_DEBUG, "key_do_getnewspi: to allocate spi is failed.\n"));
4645 return 0;
4646 }
4647 }
4648
4649 /* statistics */
4650 keystat.getspi_count =
4651 (keystat.getspi_count + key_spi_trycnt - count) / 2;
4652
4653 return newspi;
4654 }
4655
4656 /*
4657 * SADB_UPDATE processing
4658 * receive
4659 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
4660 * key(AE), (identity(SD),) (sensitivity)>
4661 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
4662 * and send
4663 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
4664 * (identity(SD),) (sensitivity)>
4665 * to the ikmpd.
4666 *
4667 * m will always be freed.
4668 */
4669 static int
4670 key_update(so, m, mhp)
4671 struct socket *so;
4672 struct mbuf *m;
4673 const struct sadb_msghdr *mhp;
4674 {
4675 struct sadb_sa *sa0;
4676 struct sadb_address *src0, *dst0;
4677 struct secasindex saidx;
4678 struct secashead *sah;
4679 struct secasvar *sav;
4680 u_int16_t proto;
4681 u_int8_t mode;
4682 u_int32_t reqid;
4683 int error;
4684
4685 /* sanity check */
4686 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
4687 panic("key_update: NULL pointer is passed.\n");
4688
4689 /* map satype to proto */
4690 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
4691 ipseclog((LOG_DEBUG, "key_update: invalid satype is passed.\n"));
4692 return key_senderror(so, m, EINVAL);
4693 }
4694
4695 if (mhp->ext[SADB_EXT_SA] == NULL ||
4696 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
4697 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
4698 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
4699 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
4700 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
4701 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
4702 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
4703 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
4704 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
4705 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
4706 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
4707 return key_senderror(so, m, EINVAL);
4708 }
4709 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
4710 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
4711 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
4712 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
4713 return key_senderror(so, m, EINVAL);
4714 }
4715 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
4716 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
4717 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
4718 } else {
4719 mode = IPSEC_MODE_ANY;
4720 reqid = 0;
4721 }
4722 /* XXX boundary checking for other extensions */
4723
4724 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
4725 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
4726 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
4727
4728 /* XXX boundary check against sa_len */
4729 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
4730
4731 /* get a SA header */
4732 if ((sah = key_getsah(&saidx)) == NULL) {
4733 ipseclog((LOG_DEBUG, "key_update: no SA index found.\n"));
4734 return key_senderror(so, m, ENOENT);
4735 }
4736
4737 /* set spidx if there */
4738 /* XXX rewrite */
4739 error = key_setident(sah, m, mhp);
4740 if (error)
4741 return key_senderror(so, m, error);
4742
4743 /* find a SA with sequence number. */
4744 #ifdef IPSEC_DOSEQCHECK
4745 if (mhp->msg->sadb_msg_seq != 0
4746 && (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
4747 ipseclog((LOG_DEBUG,
4748 "key_update: no larval SA with sequence %u exists.\n",
4749 mhp->msg->sadb_msg_seq));
4750 return key_senderror(so, m, ENOENT);
4751 }
4752 #else
4753 if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) {
4754 ipseclog((LOG_DEBUG,
4755 "key_update: no such a SA found (spi:%u)\n",
4756 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
4757 return key_senderror(so, m, EINVAL);
4758 }
4759 #endif
4760
4761 /* validity check */
4762 if (sav->sah->saidx.proto != proto) {
4763 ipseclog((LOG_DEBUG,
4764 "key_update: protocol mismatched (DB=%u param=%u)\n",
4765 sav->sah->saidx.proto, proto));
4766 return key_senderror(so, m, EINVAL);
4767 }
4768 #ifdef IPSEC_DOSEQCHECK
4769 if (sav->spi != sa0->sadb_sa_spi) {
4770 ipseclog((LOG_DEBUG,
4771 "key_update: SPI mismatched (DB:%u param:%u)\n",
4772 (u_int32_t)ntohl(sav->spi),
4773 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
4774 return key_senderror(so, m, EINVAL);
4775 }
4776 #endif
4777 if (sav->pid != mhp->msg->sadb_msg_pid) {
4778 ipseclog((LOG_DEBUG,
4779 "key_update: pid mismatched (DB:%u param:%u)\n",
4780 sav->pid, mhp->msg->sadb_msg_pid));
4781 return key_senderror(so, m, EINVAL);
4782 }
4783
4784 /* copy sav values */
4785 error = key_setsaval(sav, m, mhp);
4786 if (error) {
4787 KEY_FREESAV(&sav);
4788 return key_senderror(so, m, error);
4789 }
4790
4791 /* check SA values to be mature. */
4792 if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) {
4793 KEY_FREESAV(&sav);
4794 return key_senderror(so, m, 0);
4795 }
4796
4797 {
4798 struct mbuf *n;
4799
4800 /* set msg buf from mhp */
4801 n = key_getmsgbuf_x1(m, mhp);
4802 if (n == NULL) {
4803 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
4804 return key_senderror(so, m, ENOBUFS);
4805 }
4806
4807 m_freem(m);
4808 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
4809 }
4810 }
4811
4812 /*
4813 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
4814 * only called by key_update().
4815 * OUT:
4816 * NULL : not found
4817 * others : found, pointer to a SA.
4818 */
4819 #ifdef IPSEC_DOSEQCHECK
4820 static struct secasvar *
4821 key_getsavbyseq(sah, seq)
4822 struct secashead *sah;
4823 u_int32_t seq;
4824 {
4825 struct secasvar *sav;
4826 u_int state;
4827
4828 state = SADB_SASTATE_LARVAL;
4829
4830 /* search SAD with sequence number ? */
4831 LIST_FOREACH(sav, &sah->savtree[state], chain) {
4832
4833 KEY_CHKSASTATE(state, sav->state, "key_getsabyseq");
4834
4835 if (sav->seq == seq) {
4836 SA_ADDREF(sav);
4837 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
4838 printf("DP key_getsavbyseq cause "
4839 "refcnt++:%d SA:%p\n",
4840 sav->refcnt, sav));
4841 return sav;
4842 }
4843 }
4844
4845 return NULL;
4846 }
4847 #endif
4848
4849 /*
4850 * SADB_ADD processing
4851 * add an entry to SA database, when received
4852 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
4853 * key(AE), (identity(SD),) (sensitivity)>
4854 * from the ikmpd,
4855 * and send
4856 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
4857 * (identity(SD),) (sensitivity)>
4858 * to the ikmpd.
4859 *
4860 * IGNORE identity and sensitivity messages.
4861 *
4862 * m will always be freed.
4863 */
4864 static int
4865 key_add(so, m, mhp)
4866 struct socket *so;
4867 struct mbuf *m;
4868 const struct sadb_msghdr *mhp;
4869 {
4870 struct sadb_sa *sa0;
4871 struct sadb_address *src0, *dst0;
4872 struct secasindex saidx;
4873 struct secashead *newsah;
4874 struct secasvar *newsav;
4875 u_int16_t proto;
4876 u_int8_t mode;
4877 u_int32_t reqid;
4878 int error;
4879
4880 /* sanity check */
4881 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
4882 panic("key_add: NULL pointer is passed.\n");
4883
4884 /* map satype to proto */
4885 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
4886 ipseclog((LOG_DEBUG, "key_add: invalid satype is passed.\n"));
4887 return key_senderror(so, m, EINVAL);
4888 }
4889
4890 if (mhp->ext[SADB_EXT_SA] == NULL ||
4891 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
4892 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
4893 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
4894 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
4895 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
4896 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
4897 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
4898 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
4899 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
4900 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
4901 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
4902 return key_senderror(so, m, EINVAL);
4903 }
4904 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
4905 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
4906 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
4907 /* XXX need more */
4908 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
4909 return key_senderror(so, m, EINVAL);
4910 }
4911 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
4912 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
4913 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
4914 } else {
4915 mode = IPSEC_MODE_ANY;
4916 reqid = 0;
4917 }
4918
4919 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
4920 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
4921 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
4922
4923 /* XXX boundary check against sa_len */
4924 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
4925
4926 /* get a SA header */
4927 if ((newsah = key_getsah(&saidx)) == NULL) {
4928 /* create a new SA header */
4929 if ((newsah = key_newsah(&saidx)) == NULL) {
4930 ipseclog((LOG_DEBUG, "key_add: No more memory.\n"));
4931 return key_senderror(so, m, ENOBUFS);
4932 }
4933 }
4934
4935 /* set spidx if there */
4936 /* XXX rewrite */
4937 error = key_setident(newsah, m, mhp);
4938 if (error) {
4939 return key_senderror(so, m, error);
4940 }
4941
4942 /* create new SA entry. */
4943 /* We can create new SA only if SPI is differenct. */
4944 if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) {
4945 ipseclog((LOG_DEBUG, "key_add: SA already exists.\n"));
4946 return key_senderror(so, m, EEXIST);
4947 }
4948 newsav = KEY_NEWSAV(m, mhp, newsah, &error);
4949 if (newsav == NULL) {
4950 return key_senderror(so, m, error);
4951 }
4952
4953 /* check SA values to be mature. */
4954 if ((error = key_mature(newsav)) != 0) {
4955 KEY_FREESAV(&newsav);
4956 return key_senderror(so, m, error);
4957 }
4958
4959 /*
4960 * don't call key_freesav() here, as we would like to keep the SA
4961 * in the database on success.
4962 */
4963
4964 {
4965 struct mbuf *n;
4966
4967 /* set msg buf from mhp */
4968 n = key_getmsgbuf_x1(m, mhp);
4969 if (n == NULL) {
4970 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
4971 return key_senderror(so, m, ENOBUFS);
4972 }
4973
4974 m_freem(m);
4975 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
4976 }
4977 }
4978
4979 /* m is retained */
4980 static int
4981 key_setident(sah, m, mhp)
4982 struct secashead *sah;
4983 struct mbuf *m;
4984 const struct sadb_msghdr *mhp;
4985 {
4986 const struct sadb_ident *idsrc, *iddst;
4987 int idsrclen, iddstlen;
4988
4989 /* sanity check */
4990 if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
4991 panic("key_setident: NULL pointer is passed.\n");
4992
4993 /* don't make buffer if not there */
4994 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
4995 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
4996 sah->idents = NULL;
4997 sah->identd = NULL;
4998 return 0;
4999 }
5000
5001 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
5002 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5003 ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n"));
5004 return EINVAL;
5005 }
5006
5007 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC];
5008 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST];
5009 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
5010 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
5011
5012 /* validity check */
5013 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
5014 ipseclog((LOG_DEBUG, "key_setident: ident type mismatch.\n"));
5015 return EINVAL;
5016 }
5017
5018 switch (idsrc->sadb_ident_type) {
5019 case SADB_IDENTTYPE_PREFIX:
5020 case SADB_IDENTTYPE_FQDN:
5021 case SADB_IDENTTYPE_USERFQDN:
5022 default:
5023 /* XXX do nothing */
5024 sah->idents = NULL;
5025 sah->identd = NULL;
5026 return 0;
5027 }
5028
5029 /* make structure */
5030 KMALLOC(sah->idents, struct sadb_ident *, idsrclen);
5031 if (sah->idents == NULL) {
5032 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
5033 return ENOBUFS;
5034 }
5035 KMALLOC(sah->identd, struct sadb_ident *, iddstlen);
5036 if (sah->identd == NULL) {
5037 KFREE(sah->idents);
5038 sah->idents = NULL;
5039 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
5040 return ENOBUFS;
5041 }
5042 bcopy(idsrc, sah->idents, idsrclen);
5043 bcopy(iddst, sah->identd, iddstlen);
5044
5045 return 0;
5046 }
5047
5048 /*
5049 * m will not be freed on return.
5050 * it is caller's responsibility to free the result.
5051 */
5052 static struct mbuf *
5053 key_getmsgbuf_x1(m, mhp)
5054 struct mbuf *m;
5055 const struct sadb_msghdr *mhp;
5056 {
5057 struct mbuf *n;
5058
5059 /* sanity check */
5060 if (m == NULL || mhp == NULL || mhp->msg == NULL)
5061 panic("key_getmsgbuf_x1: NULL pointer is passed.\n");
5062
5063 /* create new sadb_msg to reply. */
5064 n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED,
5065 SADB_EXT_SA, SADB_X_EXT_SA2,
5066 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
5067 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
5068 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST);
5069 if (!n)
5070 return NULL;
5071
5072 if (n->m_len < sizeof(struct sadb_msg)) {
5073 n = m_pullup(n, sizeof(struct sadb_msg));
5074 if (n == NULL)
5075 return NULL;
5076 }
5077 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
5078 mtod(n, struct sadb_msg *)->sadb_msg_len =
5079 PFKEY_UNIT64(n->m_pkthdr.len);
5080
5081 return n;
5082 }
5083
5084 static int key_delete_all __P((struct socket *, struct mbuf *,
5085 const struct sadb_msghdr *, u_int16_t));
5086
5087 /*
5088 * SADB_DELETE processing
5089 * receive
5090 * <base, SA(*), address(SD)>
5091 * from the ikmpd, and set SADB_SASTATE_DEAD,
5092 * and send,
5093 * <base, SA(*), address(SD)>
5094 * to the ikmpd.
5095 *
5096 * m will always be freed.
5097 */
5098 static int
5099 key_delete(so, m, mhp)
5100 struct socket *so;
5101 struct mbuf *m;
5102 const struct sadb_msghdr *mhp;
5103 {
5104 struct sadb_sa *sa0;
5105 struct sadb_address *src0, *dst0;
5106 struct secasindex saidx;
5107 struct secashead *sah;
5108 struct secasvar *sav = NULL;
5109 u_int16_t proto;
5110
5111 /* sanity check */
5112 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5113 panic("key_delete: NULL pointer is passed.\n");
5114
5115 /* map satype to proto */
5116 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5117 ipseclog((LOG_DEBUG, "key_delete: invalid satype is passed.\n"));
5118 return key_senderror(so, m, EINVAL);
5119 }
5120
5121 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5122 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5123 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5124 return key_senderror(so, m, EINVAL);
5125 }
5126
5127 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5128 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5129 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5130 return key_senderror(so, m, EINVAL);
5131 }
5132
5133 if (mhp->ext[SADB_EXT_SA] == NULL) {
5134 /*
5135 * Caller wants us to delete all non-LARVAL SAs
5136 * that match the src/dst. This is used during
5137 * IKE INITIAL-CONTACT.
5138 */
5139 ipseclog((LOG_DEBUG, "key_delete: doing delete all.\n"));
5140 return key_delete_all(so, m, mhp, proto);
5141 } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
5142 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5143 return key_senderror(so, m, EINVAL);
5144 }
5145
5146 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5147 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5148 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5149
5150 /* XXX boundary check against sa_len */
5151 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
5152
5153 /* get a SA header */
5154 LIST_FOREACH(sah, &sahtree, chain) {
5155 if (sah->state == SADB_SASTATE_DEAD)
5156 continue;
5157 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
5158 continue;
5159
5160 /* get a SA with SPI. */
5161 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
5162 if (sav)
5163 break;
5164 }
5165 if (sah == NULL) {
5166 ipseclog((LOG_DEBUG, "key_delete: no SA found.\n"));
5167 return key_senderror(so, m, ENOENT);
5168 }
5169
5170 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5171 KEY_FREESAV(&sav);
5172
5173 {
5174 struct mbuf *n;
5175 struct sadb_msg *newmsg;
5176
5177 /* create new sadb_msg to reply. */
5178 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
5179 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
5180 if (!n)
5181 return key_senderror(so, m, ENOBUFS);
5182
5183 if (n->m_len < sizeof(struct sadb_msg)) {
5184 n = m_pullup(n, sizeof(struct sadb_msg));
5185 if (n == NULL)
5186 return key_senderror(so, m, ENOBUFS);
5187 }
5188 newmsg = mtod(n, struct sadb_msg *);
5189 newmsg->sadb_msg_errno = 0;
5190 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5191
5192 m_freem(m);
5193 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5194 }
5195 }
5196
5197 /*
5198 * delete all SAs for src/dst. Called from key_delete().
5199 */
5200 static int
5201 key_delete_all(so, m, mhp, proto)
5202 struct socket *so;
5203 struct mbuf *m;
5204 const struct sadb_msghdr *mhp;
5205 u_int16_t proto;
5206 {
5207 struct sadb_address *src0, *dst0;
5208 struct secasindex saidx;
5209 struct secashead *sah;
5210 struct secasvar *sav, *nextsav;
5211 u_int stateidx, state;
5212
5213 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5214 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5215
5216 /* XXX boundary check against sa_len */
5217 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
5218
5219 LIST_FOREACH(sah, &sahtree, chain) {
5220 if (sah->state == SADB_SASTATE_DEAD)
5221 continue;
5222 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
5223 continue;
5224
5225 /* Delete all non-LARVAL SAs. */
5226 for (stateidx = 0;
5227 stateidx < _ARRAYLEN(saorder_state_alive);
5228 stateidx++) {
5229 state = saorder_state_alive[stateidx];
5230 if (state == SADB_SASTATE_LARVAL)
5231 continue;
5232 for (sav = LIST_FIRST(&sah->savtree[state]);
5233 sav != NULL; sav = nextsav) {
5234 nextsav = LIST_NEXT(sav, chain);
5235 /* sanity check */
5236 if (sav->state != state) {
5237 ipseclog((LOG_DEBUG, "key_delete_all: "
5238 "invalid sav->state "
5239 "(queue: %d SA: %d)\n",
5240 state, sav->state));
5241 continue;
5242 }
5243
5244 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5245 KEY_FREESAV(&sav);
5246 }
5247 }
5248 }
5249 {
5250 struct mbuf *n;
5251 struct sadb_msg *newmsg;
5252
5253 /* create new sadb_msg to reply. */
5254 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED,
5255 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
5256 if (!n)
5257 return key_senderror(so, m, ENOBUFS);
5258
5259 if (n->m_len < sizeof(struct sadb_msg)) {
5260 n = m_pullup(n, sizeof(struct sadb_msg));
5261 if (n == NULL)
5262 return key_senderror(so, m, ENOBUFS);
5263 }
5264 newmsg = mtod(n, struct sadb_msg *);
5265 newmsg->sadb_msg_errno = 0;
5266 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5267
5268 m_freem(m);
5269 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5270 }
5271 }
5272
5273 /*
5274 * SADB_GET processing
5275 * receive
5276 * <base, SA(*), address(SD)>
5277 * from the ikmpd, and get a SP and a SA to respond,
5278 * and send,
5279 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
5280 * (identity(SD),) (sensitivity)>
5281 * to the ikmpd.
5282 *
5283 * m will always be freed.
5284 */
5285 static int
5286 key_get(so, m, mhp)
5287 struct socket *so;
5288 struct mbuf *m;
5289 const struct sadb_msghdr *mhp;
5290 {
5291 struct sadb_sa *sa0;
5292 struct sadb_address *src0, *dst0;
5293 struct secasindex saidx;
5294 struct secashead *sah;
5295 struct secasvar *sav = NULL;
5296 u_int16_t proto;
5297
5298 /* sanity check */
5299 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5300 panic("key_get: NULL pointer is passed.\n");
5301
5302 /* map satype to proto */
5303 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5304 ipseclog((LOG_DEBUG, "key_get: invalid satype is passed.\n"));
5305 return key_senderror(so, m, EINVAL);
5306 }
5307
5308 if (mhp->ext[SADB_EXT_SA] == NULL ||
5309 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5310 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5311 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
5312 return key_senderror(so, m, EINVAL);
5313 }
5314 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
5315 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5316 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5317 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
5318 return key_senderror(so, m, EINVAL);
5319 }
5320
5321 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5322 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
5323 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
5324
5325 /* XXX boundary check against sa_len */
5326 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
5327
5328 /* get a SA header */
5329 LIST_FOREACH(sah, &sahtree, chain) {
5330 if (sah->state == SADB_SASTATE_DEAD)
5331 continue;
5332 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
5333 continue;
5334
5335 /* get a SA with SPI. */
5336 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
5337 if (sav)
5338 break;
5339 }
5340 if (sah == NULL) {
5341 ipseclog((LOG_DEBUG, "key_get: no SA found.\n"));
5342 return key_senderror(so, m, ENOENT);
5343 }
5344
5345 {
5346 struct mbuf *n;
5347 u_int8_t satype;
5348
5349 /* map proto to satype */
5350 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
5351 ipseclog((LOG_DEBUG, "key_get: there was invalid proto in SAD.\n"));
5352 return key_senderror(so, m, EINVAL);
5353 }
5354
5355 /* create new sadb_msg to reply. */
5356 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
5357 mhp->msg->sadb_msg_pid);
5358 if (!n)
5359 return key_senderror(so, m, ENOBUFS);
5360
5361 m_freem(m);
5362 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
5363 }
5364 }
5365
5366 /* XXX make it sysctl-configurable? */
5367 static void
5368 key_getcomb_setlifetime(comb)
5369 struct sadb_comb *comb;
5370 {
5371
5372 comb->sadb_comb_soft_allocations = 1;
5373 comb->sadb_comb_hard_allocations = 1;
5374 comb->sadb_comb_soft_bytes = 0;
5375 comb->sadb_comb_hard_bytes = 0;
5376 comb->sadb_comb_hard_addtime = 86400; /* 1 day */
5377 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100;
5378 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */
5379 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
5380 }
5381
5382 /*
5383 * XXX reorder combinations by preference
5384 * XXX no idea if the user wants ESP authentication or not
5385 */
5386 static struct mbuf *
5387 key_getcomb_esp()
5388 {
5389 struct sadb_comb *comb;
5390 struct enc_xform *algo;
5391 struct mbuf *result = NULL, *m, *n;
5392 int encmin;
5393 int i, off, o;
5394 int totlen;
5395 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
5396
5397 m = NULL;
5398 for (i = 1; i <= SADB_EALG_MAX; i++) {
5399 algo = esp_algorithm_lookup(i);
5400 if (algo == NULL)
5401 continue;
5402
5403 /* discard algorithms with key size smaller than system min */
5404 if (_BITS(algo->maxkey) < ipsec_esp_keymin)
5405 continue;
5406 if (_BITS(algo->minkey) < ipsec_esp_keymin)
5407 encmin = ipsec_esp_keymin;
5408 else
5409 encmin = _BITS(algo->minkey);
5410
5411 if (ipsec_esp_auth)
5412 m = key_getcomb_ah();
5413 else {
5414 KASSERT(l <= MLEN,
5415 ("key_getcomb_esp: l=%u > MLEN=%lu",
5416 l, (u_long) MLEN));
5417 MGET(m, M_DONTWAIT, MT_DATA);
5418 if (m) {
5419 M_ALIGN(m, l);
5420 m->m_len = l;
5421 m->m_next = NULL;
5422 bzero(mtod(m, caddr_t), m->m_len);
5423 }
5424 }
5425 if (!m)
5426 goto fail;
5427
5428 totlen = 0;
5429 for (n = m; n; n = n->m_next)
5430 totlen += n->m_len;
5431 KASSERT((totlen % l) == 0,
5432 ("key_getcomb_esp: totlen=%u, l=%u", totlen, l));
5433
5434 for (off = 0; off < totlen; off += l) {
5435 n = m_pulldown(m, off, l, &o);
5436 if (!n) {
5437 /* m is already freed */
5438 goto fail;
5439 }
5440 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o);
5441 bzero(comb, sizeof(*comb));
5442 key_getcomb_setlifetime(comb);
5443 comb->sadb_comb_encrypt = i;
5444 comb->sadb_comb_encrypt_minbits = encmin;
5445 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey);
5446 }
5447
5448 if (!result)
5449 result = m;
5450 else
5451 m_cat(result, m);
5452 }
5453
5454 return result;
5455
5456 fail:
5457 if (result)
5458 m_freem(result);
5459 return NULL;
5460 }
5461
5462 static void
5463 key_getsizes_ah(
5464 const struct auth_hash *ah,
5465 int alg,
5466 u_int16_t* min,
5467 u_int16_t* max)
5468 {
5469 *min = *max = ah->keysize;
5470 if (ah->keysize == 0) {
5471 /*
5472 * Transform takes arbitrary key size but algorithm
5473 * key size is restricted. Enforce this here.
5474 */
5475 switch (alg) {
5476 case SADB_X_AALG_MD5: *min = *max = 16; break;
5477 case SADB_X_AALG_SHA: *min = *max = 20; break;
5478 case SADB_X_AALG_NULL: *min = 1; *max = 256; break;
5479 default:
5480 DPRINTF(("key_getsizes_ah: unknown AH algorithm %u\n",
5481 alg));
5482 break;
5483 }
5484 }
5485 }
5486
5487 /*
5488 * XXX reorder combinations by preference
5489 */
5490 static struct mbuf *
5491 key_getcomb_ah()
5492 {
5493 struct sadb_comb *comb;
5494 struct auth_hash *algo;
5495 struct mbuf *m;
5496 u_int16_t minkeysize, maxkeysize;
5497 int i;
5498 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
5499
5500 m = NULL;
5501 for (i = 1; i <= SADB_AALG_MAX; i++) {
5502 #if 1
5503 /* we prefer HMAC algorithms, not old algorithms */
5504 if (i != SADB_AALG_SHA1HMAC && i != SADB_AALG_MD5HMAC)
5505 continue;
5506 #endif
5507 algo = ah_algorithm_lookup(i);
5508 if (!algo)
5509 continue;
5510 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize);
5511 /* discard algorithms with key size smaller than system min */
5512 if (_BITS(minkeysize) < ipsec_ah_keymin)
5513 continue;
5514
5515 if (!m) {
5516 KASSERT(l <= MLEN,
5517 ("key_getcomb_ah: l=%u > MLEN=%lu",
5518 l, (u_long) MLEN));
5519 MGET(m, M_DONTWAIT, MT_DATA);
5520 if (m) {
5521 M_ALIGN(m, l);
5522 m->m_len = l;
5523 m->m_next = NULL;
5524 }
5525 } else
5526 M_PREPEND(m, l, M_DONTWAIT);
5527 if (!m)
5528 return NULL;
5529
5530 comb = mtod(m, struct sadb_comb *);
5531 bzero(comb, sizeof(*comb));
5532 key_getcomb_setlifetime(comb);
5533 comb->sadb_comb_auth = i;
5534 comb->sadb_comb_auth_minbits = _BITS(minkeysize);
5535 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize);
5536 }
5537
5538 return m;
5539 }
5540
5541 /*
5542 * not really an official behavior. discussed in pf_key@inner.net in Sep2000.
5543 * XXX reorder combinations by preference
5544 */
5545 static struct mbuf *
5546 key_getcomb_ipcomp()
5547 {
5548 struct sadb_comb *comb;
5549 struct comp_algo *algo;
5550 struct mbuf *m;
5551 int i;
5552 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
5553
5554 m = NULL;
5555 for (i = 1; i <= SADB_X_CALG_MAX; i++) {
5556 algo = ipcomp_algorithm_lookup(i);
5557 if (!algo)
5558 continue;
5559
5560 if (!m) {
5561 KASSERT(l <= MLEN,
5562 ("key_getcomb_ipcomp: l=%u > MLEN=%lu",
5563 l, (u_long) MLEN));
5564 MGET(m, M_DONTWAIT, MT_DATA);
5565 if (m) {
5566 M_ALIGN(m, l);
5567 m->m_len = l;
5568 m->m_next = NULL;
5569 }
5570 } else
5571 M_PREPEND(m, l, M_DONTWAIT);
5572 if (!m)
5573 return NULL;
5574
5575 comb = mtod(m, struct sadb_comb *);
5576 bzero(comb, sizeof(*comb));
5577 key_getcomb_setlifetime(comb);
5578 comb->sadb_comb_encrypt = i;
5579 /* what should we set into sadb_comb_*_{min,max}bits? */
5580 }
5581
5582 return m;
5583 }
5584
5585 /*
5586 * XXX no way to pass mode (transport/tunnel) to userland
5587 * XXX replay checking?
5588 * XXX sysctl interface to ipsec_{ah,esp}_keymin
5589 */
5590 static struct mbuf *
5591 key_getprop(saidx)
5592 const struct secasindex *saidx;
5593 {
5594 struct sadb_prop *prop;
5595 struct mbuf *m, *n;
5596 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
5597 int totlen;
5598
5599 switch (saidx->proto) {
5600 case IPPROTO_ESP:
5601 m = key_getcomb_esp();
5602 break;
5603 case IPPROTO_AH:
5604 m = key_getcomb_ah();
5605 break;
5606 case IPPROTO_IPCOMP:
5607 m = key_getcomb_ipcomp();
5608 break;
5609 default:
5610 return NULL;
5611 }
5612
5613 if (!m)
5614 return NULL;
5615 M_PREPEND(m, l, M_DONTWAIT);
5616 if (!m)
5617 return NULL;
5618
5619 totlen = 0;
5620 for (n = m; n; n = n->m_next)
5621 totlen += n->m_len;
5622
5623 prop = mtod(m, struct sadb_prop *);
5624 bzero(prop, sizeof(*prop));
5625 prop->sadb_prop_len = PFKEY_UNIT64(totlen);
5626 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
5627 prop->sadb_prop_replay = 32; /* XXX */
5628
5629 return m;
5630 }
5631
5632 /*
5633 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
5634 * send
5635 * <base, SA, address(SD), (address(P)), x_policy,
5636 * (identity(SD),) (sensitivity,) proposal>
5637 * to KMD, and expect to receive
5638 * <base> with SADB_ACQUIRE if error occured,
5639 * or
5640 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
5641 * from KMD by PF_KEY.
5642 *
5643 * XXX x_policy is outside of RFC2367 (KAME extension).
5644 * XXX sensitivity is not supported.
5645 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
5646 * see comment for key_getcomb_ipcomp().
5647 *
5648 * OUT:
5649 * 0 : succeed
5650 * others: error number
5651 */
5652 static int
5653 key_acquire(const struct secasindex *saidx, struct secpolicy *sp)
5654 {
5655 struct mbuf *result = NULL, *m;
5656 #ifndef IPSEC_NONBLOCK_ACQUIRE
5657 struct secacq *newacq;
5658 #endif
5659 u_int8_t satype;
5660 int error = -1;
5661 u_int32_t seq;
5662
5663 /* sanity check */
5664 KASSERT(saidx != NULL, ("key_acquire: null saidx"));
5665 satype = key_proto2satype(saidx->proto);
5666 KASSERT(satype != 0,
5667 ("key_acquire: null satype, protocol %u", saidx->proto));
5668
5669 #ifndef IPSEC_NONBLOCK_ACQUIRE
5670 /*
5671 * We never do anything about acquirng SA. There is anather
5672 * solution that kernel blocks to send SADB_ACQUIRE message until
5673 * getting something message from IKEd. In later case, to be
5674 * managed with ACQUIRING list.
5675 */
5676 /* Get an entry to check whether sending message or not. */
5677 if ((newacq = key_getacq(saidx)) != NULL) {
5678 if (key_blockacq_count < newacq->count) {
5679 /* reset counter and do send message. */
5680 newacq->count = 0;
5681 } else {
5682 /* increment counter and do nothing. */
5683 newacq->count++;
5684 return 0;
5685 }
5686 } else {
5687 /* make new entry for blocking to send SADB_ACQUIRE. */
5688 if ((newacq = key_newacq(saidx)) == NULL)
5689 return ENOBUFS;
5690
5691 /* add to acqtree */
5692 LIST_INSERT_HEAD(&acqtree, newacq, chain);
5693 }
5694 #endif
5695
5696
5697 #ifndef IPSEC_NONBLOCK_ACQUIRE
5698 seq = newacq->seq;
5699 #else
5700 seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
5701 #endif
5702 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
5703 if (!m) {
5704 error = ENOBUFS;
5705 goto fail;
5706 }
5707 result = m;
5708
5709 /* set sadb_address for saidx's. */
5710 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
5711 &saidx->src.sa, FULLMASK, IPSEC_ULPROTO_ANY);
5712 if (!m) {
5713 error = ENOBUFS;
5714 goto fail;
5715 }
5716 m_cat(result, m);
5717
5718 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
5719 &saidx->dst.sa, FULLMASK, IPSEC_ULPROTO_ANY);
5720 if (!m) {
5721 error = ENOBUFS;
5722 goto fail;
5723 }
5724 m_cat(result, m);
5725
5726 /* XXX proxy address (optional) */
5727
5728 /* set sadb_x_policy */
5729 if (sp) {
5730 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id);
5731 if (!m) {
5732 error = ENOBUFS;
5733 goto fail;
5734 }
5735 m_cat(result, m);
5736 }
5737
5738 /* XXX identity (optional) */
5739 #if 0
5740 if (idexttype && fqdn) {
5741 /* create identity extension (FQDN) */
5742 struct sadb_ident *id;
5743 int fqdnlen;
5744
5745 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */
5746 id = (struct sadb_ident *)p;
5747 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
5748 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
5749 id->sadb_ident_exttype = idexttype;
5750 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
5751 bcopy(fqdn, id + 1, fqdnlen);
5752 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
5753 }
5754
5755 if (idexttype) {
5756 /* create identity extension (USERFQDN) */
5757 struct sadb_ident *id;
5758 int userfqdnlen;
5759
5760 if (userfqdn) {
5761 /* +1 for terminating-NUL */
5762 userfqdnlen = strlen(userfqdn) + 1;
5763 } else
5764 userfqdnlen = 0;
5765 id = (struct sadb_ident *)p;
5766 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
5767 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
5768 id->sadb_ident_exttype = idexttype;
5769 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
5770 /* XXX is it correct? */
5771 if (curproc && curproc->p_cred)
5772 id->sadb_ident_id = curproc->p_cred->p_ruid;
5773 if (userfqdn && userfqdnlen)
5774 bcopy(userfqdn, id + 1, userfqdnlen);
5775 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
5776 }
5777 #endif
5778
5779 /* XXX sensitivity (optional) */
5780
5781 /* create proposal/combination extension */
5782 m = key_getprop(saidx);
5783 #if 0
5784 /*
5785 * spec conformant: always attach proposal/combination extension,
5786 * the problem is that we have no way to attach it for ipcomp,
5787 * due to the way sadb_comb is declared in RFC2367.
5788 */
5789 if (!m) {
5790 error = ENOBUFS;
5791 goto fail;
5792 }
5793 m_cat(result, m);
5794 #else
5795 /*
5796 * outside of spec; make proposal/combination extension optional.
5797 */
5798 if (m)
5799 m_cat(result, m);
5800 #endif
5801
5802 if ((result->m_flags & M_PKTHDR) == 0) {
5803 error = EINVAL;
5804 goto fail;
5805 }
5806
5807 if (result->m_len < sizeof(struct sadb_msg)) {
5808 result = m_pullup(result, sizeof(struct sadb_msg));
5809 if (result == NULL) {
5810 error = ENOBUFS;
5811 goto fail;
5812 }
5813 }
5814
5815 result->m_pkthdr.len = 0;
5816 for (m = result; m; m = m->m_next)
5817 result->m_pkthdr.len += m->m_len;
5818
5819 mtod(result, struct sadb_msg *)->sadb_msg_len =
5820 PFKEY_UNIT64(result->m_pkthdr.len);
5821
5822 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
5823
5824 fail:
5825 if (result)
5826 m_freem(result);
5827 return error;
5828 }
5829
5830 #ifndef IPSEC_NONBLOCK_ACQUIRE
5831 static struct secacq *
5832 key_newacq(const struct secasindex *saidx)
5833 {
5834 struct secacq *newacq;
5835
5836 /* get new entry */
5837 KMALLOC(newacq, struct secacq *, sizeof(struct secacq));
5838 if (newacq == NULL) {
5839 ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n"));
5840 return NULL;
5841 }
5842 bzero(newacq, sizeof(*newacq));
5843
5844 /* copy secindex */
5845 bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx));
5846 newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq);
5847 newacq->created = time_second;
5848 newacq->count = 0;
5849
5850 return newacq;
5851 }
5852
5853 static struct secacq *
5854 key_getacq(const struct secasindex *saidx)
5855 {
5856 struct secacq *acq;
5857
5858 LIST_FOREACH(acq, &acqtree, chain) {
5859 if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY))
5860 return acq;
5861 }
5862
5863 return NULL;
5864 }
5865
5866 static struct secacq *
5867 key_getacqbyseq(seq)
5868 u_int32_t seq;
5869 {
5870 struct secacq *acq;
5871
5872 LIST_FOREACH(acq, &acqtree, chain) {
5873 if (acq->seq == seq)
5874 return acq;
5875 }
5876
5877 return NULL;
5878 }
5879 #endif
5880
5881 static struct secspacq *
5882 key_newspacq(spidx)
5883 struct secpolicyindex *spidx;
5884 {
5885 struct secspacq *acq;
5886
5887 /* get new entry */
5888 KMALLOC(acq, struct secspacq *, sizeof(struct secspacq));
5889 if (acq == NULL) {
5890 ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n"));
5891 return NULL;
5892 }
5893 bzero(acq, sizeof(*acq));
5894
5895 /* copy secindex */
5896 bcopy(spidx, &acq->spidx, sizeof(acq->spidx));
5897 acq->created = time_second;
5898 acq->count = 0;
5899
5900 return acq;
5901 }
5902
5903 static struct secspacq *
5904 key_getspacq(spidx)
5905 struct secpolicyindex *spidx;
5906 {
5907 struct secspacq *acq;
5908
5909 LIST_FOREACH(acq, &spacqtree, chain) {
5910 if (key_cmpspidx_exactly(spidx, &acq->spidx))
5911 return acq;
5912 }
5913
5914 return NULL;
5915 }
5916
5917 /*
5918 * SADB_ACQUIRE processing,
5919 * in first situation, is receiving
5920 * <base>
5921 * from the ikmpd, and clear sequence of its secasvar entry.
5922 *
5923 * In second situation, is receiving
5924 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
5925 * from a user land process, and return
5926 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
5927 * to the socket.
5928 *
5929 * m will always be freed.
5930 */
5931 static int
5932 key_acquire2(so, m, mhp)
5933 struct socket *so;
5934 struct mbuf *m;
5935 const struct sadb_msghdr *mhp;
5936 {
5937 const struct sadb_address *src0, *dst0;
5938 struct secasindex saidx;
5939 struct secashead *sah;
5940 u_int16_t proto;
5941 int error;
5942
5943 /* sanity check */
5944 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5945 panic("key_acquire2: NULL pointer is passed.\n");
5946
5947 /*
5948 * Error message from KMd.
5949 * We assume that if error was occured in IKEd, the length of PFKEY
5950 * message is equal to the size of sadb_msg structure.
5951 * We do not raise error even if error occured in this function.
5952 */
5953 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
5954 #ifndef IPSEC_NONBLOCK_ACQUIRE
5955 struct secacq *acq;
5956
5957 /* check sequence number */
5958 if (mhp->msg->sadb_msg_seq == 0) {
5959 ipseclog((LOG_DEBUG, "key_acquire2: must specify sequence number.\n"));
5960 m_freem(m);
5961 return 0;
5962 }
5963
5964 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) {
5965 /*
5966 * the specified larval SA is already gone, or we got
5967 * a bogus sequence number. we can silently ignore it.
5968 */
5969 m_freem(m);
5970 return 0;
5971 }
5972
5973 /* reset acq counter in order to deletion by timehander. */
5974 acq->created = time_second;
5975 acq->count = 0;
5976 #endif
5977 m_freem(m);
5978 return 0;
5979 }
5980
5981 /*
5982 * This message is from user land.
5983 */
5984
5985 /* map satype to proto */
5986 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5987 ipseclog((LOG_DEBUG, "key_acquire2: invalid satype is passed.\n"));
5988 return key_senderror(so, m, EINVAL);
5989 }
5990
5991 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5992 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
5993 mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
5994 /* error */
5995 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
5996 return key_senderror(so, m, EINVAL);
5997 }
5998 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5999 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
6000 mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
6001 /* error */
6002 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
6003 return key_senderror(so, m, EINVAL);
6004 }
6005
6006 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
6007 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
6008
6009 /* XXX boundary check against sa_len */
6010 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
6011
6012 /* get a SA index */
6013 LIST_FOREACH(sah, &sahtree, chain) {
6014 if (sah->state == SADB_SASTATE_DEAD)
6015 continue;
6016 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID))
6017 break;
6018 }
6019 if (sah != NULL) {
6020 ipseclog((LOG_DEBUG, "key_acquire2: a SA exists already.\n"));
6021 return key_senderror(so, m, EEXIST);
6022 }
6023
6024 error = key_acquire(&saidx, NULL);
6025 if (error != 0) {
6026 ipseclog((LOG_DEBUG, "key_acquire2: error %d returned "
6027 "from key_acquire.\n", mhp->msg->sadb_msg_errno));
6028 return key_senderror(so, m, error);
6029 }
6030
6031 return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
6032 }
6033
6034 /*
6035 * SADB_REGISTER processing.
6036 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
6037 * receive
6038 * <base>
6039 * from the ikmpd, and register a socket to send PF_KEY messages,
6040 * and send
6041 * <base, supported>
6042 * to KMD by PF_KEY.
6043 * If socket is detached, must free from regnode.
6044 *
6045 * m will always be freed.
6046 */
6047 static int
6048 key_register(so, m, mhp)
6049 struct socket *so;
6050 struct mbuf *m;
6051 const struct sadb_msghdr *mhp;
6052 {
6053 struct secreg *reg, *newreg = 0;
6054
6055 /* sanity check */
6056 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6057 panic("key_register: NULL pointer is passed.\n");
6058
6059 /* check for invalid register message */
6060 if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0]))
6061 return key_senderror(so, m, EINVAL);
6062
6063 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
6064 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
6065 goto setmsg;
6066
6067 /* check whether existing or not */
6068 LIST_FOREACH(reg, ®tree[mhp->msg->sadb_msg_satype], chain) {
6069 if (reg->so == so) {
6070 ipseclog((LOG_DEBUG, "key_register: socket exists already.\n"));
6071 return key_senderror(so, m, EEXIST);
6072 }
6073 }
6074
6075 /* create regnode */
6076 KMALLOC(newreg, struct secreg *, sizeof(*newreg));
6077 if (newreg == NULL) {
6078 ipseclog((LOG_DEBUG, "key_register: No more memory.\n"));
6079 return key_senderror(so, m, ENOBUFS);
6080 }
6081 bzero((caddr_t)newreg, sizeof(*newreg));
6082
6083 newreg->so = so;
6084 ((struct keycb *)sotorawcb(so))->kp_registered++;
6085
6086 /* add regnode to regtree. */
6087 LIST_INSERT_HEAD(®tree[mhp->msg->sadb_msg_satype], newreg, chain);
6088
6089 setmsg:
6090 {
6091 struct mbuf *n;
6092 struct sadb_msg *newmsg;
6093 struct sadb_supported *sup;
6094 u_int len, alen, elen;
6095 int off;
6096 int i;
6097 struct sadb_alg *alg;
6098
6099 /* create new sadb_msg to reply. */
6100 alen = 0;
6101 for (i = 1; i <= SADB_AALG_MAX; i++) {
6102 if (ah_algorithm_lookup(i))
6103 alen += sizeof(struct sadb_alg);
6104 }
6105 if (alen)
6106 alen += sizeof(struct sadb_supported);
6107 elen = 0;
6108 for (i = 1; i <= SADB_EALG_MAX; i++) {
6109 if (esp_algorithm_lookup(i))
6110 elen += sizeof(struct sadb_alg);
6111 }
6112 if (elen)
6113 elen += sizeof(struct sadb_supported);
6114
6115 len = sizeof(struct sadb_msg) + alen + elen;
6116
6117 if (len > MCLBYTES)
6118 return key_senderror(so, m, ENOBUFS);
6119
6120 MGETHDR(n, M_DONTWAIT, MT_DATA);
6121 if (len > MHLEN) {
6122 MCLGET(n, M_DONTWAIT);
6123 if ((n->m_flags & M_EXT) == 0) {
6124 m_freem(n);
6125 n = NULL;
6126 }
6127 }
6128 if (!n)
6129 return key_senderror(so, m, ENOBUFS);
6130
6131 n->m_pkthdr.len = n->m_len = len;
6132 n->m_next = NULL;
6133 off = 0;
6134
6135 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
6136 newmsg = mtod(n, struct sadb_msg *);
6137 newmsg->sadb_msg_errno = 0;
6138 newmsg->sadb_msg_len = PFKEY_UNIT64(len);
6139 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
6140
6141 /* for authentication algorithm */
6142 if (alen) {
6143 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
6144 sup->sadb_supported_len = PFKEY_UNIT64(alen);
6145 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
6146 off += PFKEY_ALIGN8(sizeof(*sup));
6147
6148 for (i = 1; i <= SADB_AALG_MAX; i++) {
6149 struct auth_hash *aalgo;
6150 u_int16_t minkeysize, maxkeysize;
6151
6152 aalgo = ah_algorithm_lookup(i);
6153 if (!aalgo)
6154 continue;
6155 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
6156 alg->sadb_alg_id = i;
6157 alg->sadb_alg_ivlen = 0;
6158 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize);
6159 alg->sadb_alg_minbits = _BITS(minkeysize);
6160 alg->sadb_alg_maxbits = _BITS(maxkeysize);
6161 off += PFKEY_ALIGN8(sizeof(*alg));
6162 }
6163 }
6164
6165 /* for encryption algorithm */
6166 if (elen) {
6167 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
6168 sup->sadb_supported_len = PFKEY_UNIT64(elen);
6169 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
6170 off += PFKEY_ALIGN8(sizeof(*sup));
6171
6172 for (i = 1; i <= SADB_EALG_MAX; i++) {
6173 struct enc_xform *ealgo;
6174
6175 ealgo = esp_algorithm_lookup(i);
6176 if (!ealgo)
6177 continue;
6178 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
6179 alg->sadb_alg_id = i;
6180 alg->sadb_alg_ivlen = ealgo->blocksize;
6181 alg->sadb_alg_minbits = _BITS(ealgo->minkey);
6182 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey);
6183 off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
6184 }
6185 }
6186
6187 #ifdef DIGAGNOSTIC
6188 if (off != len)
6189 panic("length assumption failed in key_register");
6190 #endif
6191
6192 m_freem(m);
6193 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
6194 }
6195 }
6196
6197 /*
6198 * free secreg entry registered.
6199 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
6200 */
6201 void
6202 key_freereg(so)
6203 struct socket *so;
6204 {
6205 struct secreg *reg;
6206 int i;
6207
6208 /* sanity check */
6209 if (so == NULL)
6210 panic("key_freereg: NULL pointer is passed.\n");
6211
6212 /*
6213 * check whether existing or not.
6214 * check all type of SA, because there is a potential that
6215 * one socket is registered to multiple type of SA.
6216 */
6217 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
6218 LIST_FOREACH(reg, ®tree[i], chain) {
6219 if (reg->so == so
6220 && __LIST_CHAINED(reg)) {
6221 LIST_REMOVE(reg, chain);
6222 KFREE(reg);
6223 break;
6224 }
6225 }
6226 }
6227
6228 return;
6229 }
6230
6231 /*
6232 * SADB_EXPIRE processing
6233 * send
6234 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
6235 * to KMD by PF_KEY.
6236 * NOTE: We send only soft lifetime extension.
6237 *
6238 * OUT: 0 : succeed
6239 * others : error number
6240 */
6241 static int
6242 key_expire(sav)
6243 struct secasvar *sav;
6244 {
6245 int s;
6246 int satype;
6247 struct mbuf *result = NULL, *m;
6248 int len;
6249 int error = -1;
6250 struct sadb_lifetime *lt;
6251
6252 /* XXX: Why do we lock ? */
6253 s = splnet(); /*called from softclock()*/
6254
6255 /* sanity check */
6256 if (sav == NULL)
6257 panic("key_expire: NULL pointer is passed.\n");
6258 if (sav->sah == NULL)
6259 panic("key_expire: Why was SA index in SA NULL.\n");
6260 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
6261 panic("key_expire: invalid proto is passed.\n");
6262
6263 /* set msg header */
6264 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
6265 if (!m) {
6266 error = ENOBUFS;
6267 goto fail;
6268 }
6269 result = m;
6270
6271 /* create SA extension */
6272 m = key_setsadbsa(sav);
6273 if (!m) {
6274 error = ENOBUFS;
6275 goto fail;
6276 }
6277 m_cat(result, m);
6278
6279 /* create SA extension */
6280 m = key_setsadbxsa2(sav->sah->saidx.mode,
6281 sav->replay ? sav->replay->count : 0,
6282 sav->sah->saidx.reqid);
6283 if (!m) {
6284 error = ENOBUFS;
6285 goto fail;
6286 }
6287 m_cat(result, m);
6288
6289 /* create lifetime extension (current and soft) */
6290 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
6291 m = key_alloc_mbuf(len);
6292 if (!m || m->m_next) { /*XXX*/
6293 if (m)
6294 m_freem(m);
6295 error = ENOBUFS;
6296 goto fail;
6297 }
6298 bzero(mtod(m, caddr_t), len);
6299 lt = mtod(m, struct sadb_lifetime *);
6300 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
6301 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
6302 lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations;
6303 lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes;
6304 lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime;
6305 lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime;
6306 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
6307 bcopy(sav->lft_s, lt, sizeof(*lt));
6308 m_cat(result, m);
6309
6310 /* set sadb_address for source */
6311 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
6312 &sav->sah->saidx.src.sa,
6313 FULLMASK, IPSEC_ULPROTO_ANY);
6314 if (!m) {
6315 error = ENOBUFS;
6316 goto fail;
6317 }
6318 m_cat(result, m);
6319
6320 /* set sadb_address for destination */
6321 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
6322 &sav->sah->saidx.dst.sa,
6323 FULLMASK, IPSEC_ULPROTO_ANY);
6324 if (!m) {
6325 error = ENOBUFS;
6326 goto fail;
6327 }
6328 m_cat(result, m);
6329
6330 if ((result->m_flags & M_PKTHDR) == 0) {
6331 error = EINVAL;
6332 goto fail;
6333 }
6334
6335 if (result->m_len < sizeof(struct sadb_msg)) {
6336 result = m_pullup(result, sizeof(struct sadb_msg));
6337 if (result == NULL) {
6338 error = ENOBUFS;
6339 goto fail;
6340 }
6341 }
6342
6343 result->m_pkthdr.len = 0;
6344 for (m = result; m; m = m->m_next)
6345 result->m_pkthdr.len += m->m_len;
6346
6347 mtod(result, struct sadb_msg *)->sadb_msg_len =
6348 PFKEY_UNIT64(result->m_pkthdr.len);
6349
6350 splx(s);
6351 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
6352
6353 fail:
6354 if (result)
6355 m_freem(result);
6356 splx(s);
6357 return error;
6358 }
6359
6360 /*
6361 * SADB_FLUSH processing
6362 * receive
6363 * <base>
6364 * from the ikmpd, and free all entries in secastree.
6365 * and send,
6366 * <base>
6367 * to the ikmpd.
6368 * NOTE: to do is only marking SADB_SASTATE_DEAD.
6369 *
6370 * m will always be freed.
6371 */
6372 static int
6373 key_flush(so, m, mhp)
6374 struct socket *so;
6375 struct mbuf *m;
6376 const struct sadb_msghdr *mhp;
6377 {
6378 struct sadb_msg *newmsg;
6379 struct secashead *sah, *nextsah;
6380 struct secasvar *sav, *nextsav;
6381 u_int16_t proto;
6382 u_int8_t state;
6383 u_int stateidx;
6384
6385 /* sanity check */
6386 if (so == NULL || mhp == NULL || mhp->msg == NULL)
6387 panic("key_flush: NULL pointer is passed.\n");
6388
6389 /* map satype to proto */
6390 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6391 ipseclog((LOG_DEBUG, "key_flush: invalid satype is passed.\n"));
6392 return key_senderror(so, m, EINVAL);
6393 }
6394
6395 /* no SATYPE specified, i.e. flushing all SA. */
6396 for (sah = LIST_FIRST(&sahtree);
6397 sah != NULL;
6398 sah = nextsah) {
6399 nextsah = LIST_NEXT(sah, chain);
6400
6401 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
6402 && proto != sah->saidx.proto)
6403 continue;
6404
6405 for (stateidx = 0;
6406 stateidx < _ARRAYLEN(saorder_state_alive);
6407 stateidx++) {
6408 state = saorder_state_any[stateidx];
6409 for (sav = LIST_FIRST(&sah->savtree[state]);
6410 sav != NULL;
6411 sav = nextsav) {
6412
6413 nextsav = LIST_NEXT(sav, chain);
6414
6415 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
6416 KEY_FREESAV(&sav);
6417 }
6418 }
6419
6420 sah->state = SADB_SASTATE_DEAD;
6421 }
6422
6423 if (m->m_len < sizeof(struct sadb_msg) ||
6424 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
6425 ipseclog((LOG_DEBUG, "key_flush: No more memory.\n"));
6426 return key_senderror(so, m, ENOBUFS);
6427 }
6428
6429 if (m->m_next)
6430 m_freem(m->m_next);
6431 m->m_next = NULL;
6432 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
6433 newmsg = mtod(m, struct sadb_msg *);
6434 newmsg->sadb_msg_errno = 0;
6435 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
6436
6437 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
6438 }
6439
6440 /*
6441 * SADB_DUMP processing
6442 * dump all entries including status of DEAD in SAD.
6443 * receive
6444 * <base>
6445 * from the ikmpd, and dump all secasvar leaves
6446 * and send,
6447 * <base> .....
6448 * to the ikmpd.
6449 *
6450 * m will always be freed.
6451 */
6452 static int
6453 key_dump(so, m, mhp)
6454 struct socket *so;
6455 struct mbuf *m;
6456 const struct sadb_msghdr *mhp;
6457 {
6458 struct secashead *sah;
6459 struct secasvar *sav;
6460 u_int16_t proto;
6461 u_int stateidx;
6462 u_int8_t satype;
6463 u_int8_t state;
6464 int cnt;
6465 struct sadb_msg *newmsg;
6466 struct mbuf *n;
6467
6468 /* sanity check */
6469 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6470 panic("key_dump: NULL pointer is passed.\n");
6471
6472 /* map satype to proto */
6473 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6474 ipseclog((LOG_DEBUG, "key_dump: invalid satype is passed.\n"));
6475 return key_senderror(so, m, EINVAL);
6476 }
6477
6478 /* count sav entries to be sent to the userland. */
6479 cnt = 0;
6480 LIST_FOREACH(sah, &sahtree, chain) {
6481 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
6482 && proto != sah->saidx.proto)
6483 continue;
6484
6485 for (stateidx = 0;
6486 stateidx < _ARRAYLEN(saorder_state_any);
6487 stateidx++) {
6488 state = saorder_state_any[stateidx];
6489 LIST_FOREACH(sav, &sah->savtree[state], chain) {
6490 cnt++;
6491 }
6492 }
6493 }
6494
6495 if (cnt == 0)
6496 return key_senderror(so, m, ENOENT);
6497
6498 /* send this to the userland, one at a time. */
6499 newmsg = NULL;
6500 LIST_FOREACH(sah, &sahtree, chain) {
6501 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
6502 && proto != sah->saidx.proto)
6503 continue;
6504
6505 /* map proto to satype */
6506 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
6507 ipseclog((LOG_DEBUG, "key_dump: there was invalid proto in SAD.\n"));
6508 return key_senderror(so, m, EINVAL);
6509 }
6510
6511 for (stateidx = 0;
6512 stateidx < _ARRAYLEN(saorder_state_any);
6513 stateidx++) {
6514 state = saorder_state_any[stateidx];
6515 LIST_FOREACH(sav, &sah->savtree[state], chain) {
6516 n = key_setdumpsa(sav, SADB_DUMP, satype,
6517 --cnt, mhp->msg->sadb_msg_pid);
6518 if (!n)
6519 return key_senderror(so, m, ENOBUFS);
6520
6521 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
6522 }
6523 }
6524 }
6525
6526 m_freem(m);
6527 return 0;
6528 }
6529
6530 /*
6531 * SADB_X_PROMISC processing
6532 *
6533 * m will always be freed.
6534 */
6535 static int
6536 key_promisc(so, m, mhp)
6537 struct socket *so;
6538 struct mbuf *m;
6539 const struct sadb_msghdr *mhp;
6540 {
6541 int olen;
6542
6543 /* sanity check */
6544 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6545 panic("key_promisc: NULL pointer is passed.\n");
6546
6547 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
6548
6549 if (olen < sizeof(struct sadb_msg)) {
6550 #if 1
6551 return key_senderror(so, m, EINVAL);
6552 #else
6553 m_freem(m);
6554 return 0;
6555 #endif
6556 } else if (olen == sizeof(struct sadb_msg)) {
6557 /* enable/disable promisc mode */
6558 struct keycb *kp;
6559
6560 if ((kp = (struct keycb *)sotorawcb(so)) == NULL)
6561 return key_senderror(so, m, EINVAL);
6562 mhp->msg->sadb_msg_errno = 0;
6563 switch (mhp->msg->sadb_msg_satype) {
6564 case 0:
6565 case 1:
6566 kp->kp_promisc = mhp->msg->sadb_msg_satype;
6567 break;
6568 default:
6569 return key_senderror(so, m, EINVAL);
6570 }
6571
6572 /* send the original message back to everyone */
6573 mhp->msg->sadb_msg_errno = 0;
6574 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
6575 } else {
6576 /* send packet as is */
6577
6578 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
6579
6580 /* TODO: if sadb_msg_seq is specified, send to specific pid */
6581 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
6582 }
6583 }
6584
6585 static int (*key_typesw[]) __P((struct socket *, struct mbuf *,
6586 const struct sadb_msghdr *)) = {
6587 NULL, /* SADB_RESERVED */
6588 key_getspi, /* SADB_GETSPI */
6589 key_update, /* SADB_UPDATE */
6590 key_add, /* SADB_ADD */
6591 key_delete, /* SADB_DELETE */
6592 key_get, /* SADB_GET */
6593 key_acquire2, /* SADB_ACQUIRE */
6594 key_register, /* SADB_REGISTER */
6595 NULL, /* SADB_EXPIRE */
6596 key_flush, /* SADB_FLUSH */
6597 key_dump, /* SADB_DUMP */
6598 key_promisc, /* SADB_X_PROMISC */
6599 NULL, /* SADB_X_PCHANGE */
6600 key_spdadd, /* SADB_X_SPDUPDATE */
6601 key_spdadd, /* SADB_X_SPDADD */
6602 key_spddelete, /* SADB_X_SPDDELETE */
6603 key_spdget, /* SADB_X_SPDGET */
6604 NULL, /* SADB_X_SPDACQUIRE */
6605 key_spddump, /* SADB_X_SPDDUMP */
6606 key_spdflush, /* SADB_X_SPDFLUSH */
6607 key_spdadd, /* SADB_X_SPDSETIDX */
6608 NULL, /* SADB_X_SPDEXPIRE */
6609 key_spddelete2, /* SADB_X_SPDDELETE2 */
6610 };
6611
6612 /*
6613 * parse sadb_msg buffer to process PFKEYv2,
6614 * and create a data to response if needed.
6615 * I think to be dealed with mbuf directly.
6616 * IN:
6617 * msgp : pointer to pointer to a received buffer pulluped.
6618 * This is rewrited to response.
6619 * so : pointer to socket.
6620 * OUT:
6621 * length for buffer to send to user process.
6622 */
6623 int
6624 key_parse(m, so)
6625 struct mbuf *m;
6626 struct socket *so;
6627 {
6628 struct sadb_msg *msg;
6629 struct sadb_msghdr mh;
6630 u_int orglen;
6631 int error;
6632 int target;
6633
6634 /* sanity check */
6635 if (m == NULL || so == NULL)
6636 panic("key_parse: NULL pointer is passed.\n");
6637
6638 #if 0 /*kdebug_sadb assumes msg in linear buffer*/
6639 KEYDEBUG(KEYDEBUG_KEY_DUMP,
6640 ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n"));
6641 kdebug_sadb(msg));
6642 #endif
6643
6644 if (m->m_len < sizeof(struct sadb_msg)) {
6645 m = m_pullup(m, sizeof(struct sadb_msg));
6646 if (!m)
6647 return ENOBUFS;
6648 }
6649 msg = mtod(m, struct sadb_msg *);
6650 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
6651 target = KEY_SENDUP_ONE;
6652
6653 if ((m->m_flags & M_PKTHDR) == 0 ||
6654 m->m_pkthdr.len != m->m_pkthdr.len) {
6655 ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n"));
6656 pfkeystat.out_invlen++;
6657 error = EINVAL;
6658 goto senderror;
6659 }
6660
6661 if (msg->sadb_msg_version != PF_KEY_V2) {
6662 ipseclog((LOG_DEBUG,
6663 "key_parse: PF_KEY version %u is mismatched.\n",
6664 msg->sadb_msg_version));
6665 pfkeystat.out_invver++;
6666 error = EINVAL;
6667 goto senderror;
6668 }
6669
6670 if (msg->sadb_msg_type > SADB_MAX) {
6671 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
6672 msg->sadb_msg_type));
6673 pfkeystat.out_invmsgtype++;
6674 error = EINVAL;
6675 goto senderror;
6676 }
6677
6678 /* for old-fashioned code - should be nuked */
6679 if (m->m_pkthdr.len > MCLBYTES) {
6680 m_freem(m);
6681 return ENOBUFS;
6682 }
6683 if (m->m_next) {
6684 struct mbuf *n;
6685
6686 MGETHDR(n, M_DONTWAIT, MT_DATA);
6687 if (n && m->m_pkthdr.len > MHLEN) {
6688 MCLGET(n, M_DONTWAIT);
6689 if ((n->m_flags & M_EXT) == 0) {
6690 m_free(n);
6691 n = NULL;
6692 }
6693 }
6694 if (!n) {
6695 m_freem(m);
6696 return ENOBUFS;
6697 }
6698 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t));
6699 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
6700 n->m_next = NULL;
6701 m_freem(m);
6702 m = n;
6703 }
6704
6705 /* align the mbuf chain so that extensions are in contiguous region. */
6706 error = key_align(m, &mh);
6707 if (error)
6708 return error;
6709
6710 if (m->m_next) { /*XXX*/
6711 m_freem(m);
6712 return ENOBUFS;
6713 }
6714
6715 msg = mh.msg;
6716
6717 /* check SA type */
6718 switch (msg->sadb_msg_satype) {
6719 case SADB_SATYPE_UNSPEC:
6720 switch (msg->sadb_msg_type) {
6721 case SADB_GETSPI:
6722 case SADB_UPDATE:
6723 case SADB_ADD:
6724 case SADB_DELETE:
6725 case SADB_GET:
6726 case SADB_ACQUIRE:
6727 case SADB_EXPIRE:
6728 ipseclog((LOG_DEBUG, "key_parse: must specify satype "
6729 "when msg type=%u.\n", msg->sadb_msg_type));
6730 pfkeystat.out_invsatype++;
6731 error = EINVAL;
6732 goto senderror;
6733 }
6734 break;
6735 case SADB_SATYPE_AH:
6736 case SADB_SATYPE_ESP:
6737 case SADB_X_SATYPE_IPCOMP:
6738 case SADB_X_SATYPE_TCPSIGNATURE:
6739 switch (msg->sadb_msg_type) {
6740 case SADB_X_SPDADD:
6741 case SADB_X_SPDDELETE:
6742 case SADB_X_SPDGET:
6743 case SADB_X_SPDDUMP:
6744 case SADB_X_SPDFLUSH:
6745 case SADB_X_SPDSETIDX:
6746 case SADB_X_SPDUPDATE:
6747 case SADB_X_SPDDELETE2:
6748 ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n",
6749 msg->sadb_msg_type));
6750 pfkeystat.out_invsatype++;
6751 error = EINVAL;
6752 goto senderror;
6753 }
6754 break;
6755 case SADB_SATYPE_RSVP:
6756 case SADB_SATYPE_OSPFV2:
6757 case SADB_SATYPE_RIPV2:
6758 case SADB_SATYPE_MIP:
6759 ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n",
6760 msg->sadb_msg_satype));
6761 pfkeystat.out_invsatype++;
6762 error = EOPNOTSUPP;
6763 goto senderror;
6764 case 1: /* XXX: What does it do? */
6765 if (msg->sadb_msg_type == SADB_X_PROMISC)
6766 break;
6767 /*FALLTHROUGH*/
6768 default:
6769 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
6770 msg->sadb_msg_satype));
6771 pfkeystat.out_invsatype++;
6772 error = EINVAL;
6773 goto senderror;
6774 }
6775
6776 /* check field of upper layer protocol and address family */
6777 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL
6778 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
6779 struct sadb_address *src0, *dst0;
6780 u_int plen;
6781
6782 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
6783 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
6784
6785 /* check upper layer protocol */
6786 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
6787 ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n"));
6788 pfkeystat.out_invaddr++;
6789 error = EINVAL;
6790 goto senderror;
6791 }
6792
6793 /* check family */
6794 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
6795 PFKEY_ADDR_SADDR(dst0)->sa_family) {
6796 ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n"));
6797 pfkeystat.out_invaddr++;
6798 error = EINVAL;
6799 goto senderror;
6800 }
6801 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
6802 PFKEY_ADDR_SADDR(dst0)->sa_len) {
6803 ipseclog((LOG_DEBUG,
6804 "key_parse: address struct size mismatched.\n"));
6805 pfkeystat.out_invaddr++;
6806 error = EINVAL;
6807 goto senderror;
6808 }
6809
6810 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
6811 case AF_INET:
6812 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
6813 sizeof(struct sockaddr_in)) {
6814 pfkeystat.out_invaddr++;
6815 error = EINVAL;
6816 goto senderror;
6817 }
6818 break;
6819 case AF_INET6:
6820 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
6821 sizeof(struct sockaddr_in6)) {
6822 pfkeystat.out_invaddr++;
6823 error = EINVAL;
6824 goto senderror;
6825 }
6826 break;
6827 default:
6828 ipseclog((LOG_DEBUG,
6829 "key_parse: unsupported address family.\n"));
6830 pfkeystat.out_invaddr++;
6831 error = EAFNOSUPPORT;
6832 goto senderror;
6833 }
6834
6835 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
6836 case AF_INET:
6837 plen = sizeof(struct in_addr) << 3;
6838 break;
6839 case AF_INET6:
6840 plen = sizeof(struct in6_addr) << 3;
6841 break;
6842 default:
6843 plen = 0; /*fool gcc*/
6844 break;
6845 }
6846
6847 /* check max prefix length */
6848 if (src0->sadb_address_prefixlen > plen ||
6849 dst0->sadb_address_prefixlen > plen) {
6850 ipseclog((LOG_DEBUG,
6851 "key_parse: illegal prefixlen.\n"));
6852 pfkeystat.out_invaddr++;
6853 error = EINVAL;
6854 goto senderror;
6855 }
6856
6857 /*
6858 * prefixlen == 0 is valid because there can be a case when
6859 * all addresses are matched.
6860 */
6861 }
6862
6863 if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
6864 key_typesw[msg->sadb_msg_type] == NULL) {
6865 pfkeystat.out_invmsgtype++;
6866 error = EINVAL;
6867 goto senderror;
6868 }
6869
6870 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
6871
6872 senderror:
6873 msg->sadb_msg_errno = error;
6874 return key_sendup_mbuf(so, m, target);
6875 }
6876
6877 static int
6878 key_senderror(so, m, code)
6879 struct socket *so;
6880 struct mbuf *m;
6881 int code;
6882 {
6883 struct sadb_msg *msg;
6884
6885 if (m->m_len < sizeof(struct sadb_msg))
6886 panic("invalid mbuf passed to key_senderror");
6887
6888 msg = mtod(m, struct sadb_msg *);
6889 msg->sadb_msg_errno = code;
6890 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
6891 }
6892
6893 /*
6894 * set the pointer to each header into message buffer.
6895 * m will be freed on error.
6896 * XXX larger-than-MCLBYTES extension?
6897 */
6898 static int
6899 key_align(m, mhp)
6900 struct mbuf *m;
6901 struct sadb_msghdr *mhp;
6902 {
6903 struct mbuf *n;
6904 struct sadb_ext *ext;
6905 size_t off, end;
6906 int extlen;
6907 int toff;
6908
6909 /* sanity check */
6910 if (m == NULL || mhp == NULL)
6911 panic("key_align: NULL pointer is passed.\n");
6912 if (m->m_len < sizeof(struct sadb_msg))
6913 panic("invalid mbuf passed to key_align");
6914
6915 /* initialize */
6916 bzero(mhp, sizeof(*mhp));
6917
6918 mhp->msg = mtod(m, struct sadb_msg *);
6919 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */
6920
6921 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
6922 extlen = end; /*just in case extlen is not updated*/
6923 for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
6924 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
6925 if (!n) {
6926 /* m is already freed */
6927 return ENOBUFS;
6928 }
6929 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
6930
6931 /* set pointer */
6932 switch (ext->sadb_ext_type) {
6933 case SADB_EXT_SA:
6934 case SADB_EXT_ADDRESS_SRC:
6935 case SADB_EXT_ADDRESS_DST:
6936 case SADB_EXT_ADDRESS_PROXY:
6937 case SADB_EXT_LIFETIME_CURRENT:
6938 case SADB_EXT_LIFETIME_HARD:
6939 case SADB_EXT_LIFETIME_SOFT:
6940 case SADB_EXT_KEY_AUTH:
6941 case SADB_EXT_KEY_ENCRYPT:
6942 case SADB_EXT_IDENTITY_SRC:
6943 case SADB_EXT_IDENTITY_DST:
6944 case SADB_EXT_SENSITIVITY:
6945 case SADB_EXT_PROPOSAL:
6946 case SADB_EXT_SUPPORTED_AUTH:
6947 case SADB_EXT_SUPPORTED_ENCRYPT:
6948 case SADB_EXT_SPIRANGE:
6949 case SADB_X_EXT_POLICY:
6950 case SADB_X_EXT_SA2:
6951 /* duplicate check */
6952 /*
6953 * XXX Are there duplication payloads of either
6954 * KEY_AUTH or KEY_ENCRYPT ?
6955 */
6956 if (mhp->ext[ext->sadb_ext_type] != NULL) {
6957 ipseclog((LOG_DEBUG,
6958 "key_align: duplicate ext_type %u "
6959 "is passed.\n", ext->sadb_ext_type));
6960 m_freem(m);
6961 pfkeystat.out_dupext++;
6962 return EINVAL;
6963 }
6964 break;
6965 default:
6966 ipseclog((LOG_DEBUG,
6967 "key_align: invalid ext_type %u is passed.\n",
6968 ext->sadb_ext_type));
6969 m_freem(m);
6970 pfkeystat.out_invexttype++;
6971 return EINVAL;
6972 }
6973
6974 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
6975
6976 if (key_validate_ext(ext, extlen)) {
6977 m_freem(m);
6978 pfkeystat.out_invlen++;
6979 return EINVAL;
6980 }
6981
6982 n = m_pulldown(m, off, extlen, &toff);
6983 if (!n) {
6984 /* m is already freed */
6985 return ENOBUFS;
6986 }
6987 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
6988
6989 mhp->ext[ext->sadb_ext_type] = ext;
6990 mhp->extoff[ext->sadb_ext_type] = off;
6991 mhp->extlen[ext->sadb_ext_type] = extlen;
6992 }
6993
6994 if (off != end) {
6995 m_freem(m);
6996 pfkeystat.out_invlen++;
6997 return EINVAL;
6998 }
6999
7000 return 0;
7001 }
7002
7003 static int
7004 key_validate_ext(ext, len)
7005 const struct sadb_ext *ext;
7006 int len;
7007 {
7008 const struct sockaddr *sa;
7009 enum { NONE, ADDR } checktype = NONE;
7010 int baselen = 0;
7011 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
7012
7013 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
7014 return EINVAL;
7015
7016 /* if it does not match minimum/maximum length, bail */
7017 if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) ||
7018 ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0]))
7019 return EINVAL;
7020 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
7021 return EINVAL;
7022 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
7023 return EINVAL;
7024
7025 /* more checks based on sadb_ext_type XXX need more */
7026 switch (ext->sadb_ext_type) {
7027 case SADB_EXT_ADDRESS_SRC:
7028 case SADB_EXT_ADDRESS_DST:
7029 case SADB_EXT_ADDRESS_PROXY:
7030 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
7031 checktype = ADDR;
7032 break;
7033 case SADB_EXT_IDENTITY_SRC:
7034 case SADB_EXT_IDENTITY_DST:
7035 if (((const struct sadb_ident *)ext)->sadb_ident_type ==
7036 SADB_X_IDENTTYPE_ADDR) {
7037 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
7038 checktype = ADDR;
7039 } else
7040 checktype = NONE;
7041 break;
7042 default:
7043 checktype = NONE;
7044 break;
7045 }
7046
7047 switch (checktype) {
7048 case NONE:
7049 break;
7050 case ADDR:
7051 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen);
7052 if (len < baselen + sal)
7053 return EINVAL;
7054 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
7055 return EINVAL;
7056 break;
7057 }
7058
7059 return 0;
7060 }
7061
7062 void
7063 key_init()
7064 {
7065 int i;
7066
7067 for (i = 0; i < IPSEC_DIR_MAX; i++) {
7068 LIST_INIT(&sptree[i]);
7069 }
7070
7071 LIST_INIT(&sahtree);
7072
7073 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
7074 LIST_INIT(®tree[i]);
7075 }
7076
7077 #ifndef IPSEC_NONBLOCK_ACQUIRE
7078 LIST_INIT(&acqtree);
7079 #endif
7080 LIST_INIT(&spacqtree);
7081
7082 /* system default */
7083 ip4_def_policy.policy = IPSEC_POLICY_NONE;
7084 ip4_def_policy.refcnt++; /*never reclaim this*/
7085
7086 #ifndef IPSEC_DEBUG2
7087 timeout((void *)key_timehandler, (void *)0, hz);
7088 #endif /*IPSEC_DEBUG2*/
7089
7090 /* initialize key statistics */
7091 keystat.getspi_count = 1;
7092
7093 printf("IPsec: Initialized Security Association Processing.\n");
7094
7095 return;
7096 }
7097
7098 /*
7099 * XXX: maybe This function is called after INBOUND IPsec processing.
7100 *
7101 * Special check for tunnel-mode packets.
7102 * We must make some checks for consistency between inner and outer IP header.
7103 *
7104 * xxx more checks to be provided
7105 */
7106 int
7107 key_checktunnelsanity(sav, family, src, dst)
7108 struct secasvar *sav;
7109 u_int family;
7110 caddr_t src;
7111 caddr_t dst;
7112 {
7113 /* sanity check */
7114 if (sav->sah == NULL)
7115 panic("sav->sah == NULL at key_checktunnelsanity");
7116
7117 /* XXX: check inner IP header */
7118
7119 return 1;
7120 }
7121
7122 #if 0
7123 #define hostnamelen strlen(hostname)
7124
7125 /*
7126 * Get FQDN for the host.
7127 * If the administrator configured hostname (by hostname(1)) without
7128 * domain name, returns nothing.
7129 */
7130 static const char *
7131 key_getfqdn()
7132 {
7133 int i;
7134 int hasdot;
7135 static char fqdn[MAXHOSTNAMELEN + 1];
7136
7137 if (!hostnamelen)
7138 return NULL;
7139
7140 /* check if it comes with domain name. */
7141 hasdot = 0;
7142 for (i = 0; i < hostnamelen; i++) {
7143 if (hostname[i] == '.')
7144 hasdot++;
7145 }
7146 if (!hasdot)
7147 return NULL;
7148
7149 /* NOTE: hostname may not be NUL-terminated. */
7150 bzero(fqdn, sizeof(fqdn));
7151 bcopy(hostname, fqdn, hostnamelen);
7152 fqdn[hostnamelen] = '\0';
7153 return fqdn;
7154 }
7155
7156 /*
7157 * get username@FQDN for the host/user.
7158 */
7159 static const char *
7160 key_getuserfqdn()
7161 {
7162 const char *host;
7163 static char userfqdn[MAXHOSTNAMELEN + MAXLOGNAME + 2];
7164 struct proc *p = curproc;
7165 char *q;
7166
7167 if (!p || !p->p_pgrp || !p->p_pgrp->pg_session)
7168 return NULL;
7169 if (!(host = key_getfqdn()))
7170 return NULL;
7171
7172 /* NOTE: s_login may not be-NUL terminated. */
7173 bzero(userfqdn, sizeof(userfqdn));
7174 bcopy(p->p_pgrp->pg_session->s_login, userfqdn, MAXLOGNAME);
7175 userfqdn[MAXLOGNAME] = '\0'; /* safeguard */
7176 q = userfqdn + strlen(userfqdn);
7177 *q++ = '@';
7178 bcopy(host, q, strlen(host));
7179 q += strlen(host);
7180 *q++ = '\0';
7181
7182 return userfqdn;
7183 }
7184 #endif
7185
7186 /* record data transfer on SA, and update timestamps */
7187 void
7188 key_sa_recordxfer(sav, m)
7189 struct secasvar *sav;
7190 struct mbuf *m;
7191 {
7192 KASSERT(sav != NULL, ("key_sa_recordxfer: Null secasvar"));
7193 KASSERT(m != NULL, ("key_sa_recordxfer: Null mbuf"));
7194 if (!sav->lft_c)
7195 return;
7196
7197 /*
7198 * XXX Currently, there is a difference of bytes size
7199 * between inbound and outbound processing.
7200 */
7201 sav->lft_c->sadb_lifetime_bytes += m->m_pkthdr.len;
7202 /* to check bytes lifetime is done in key_timehandler(). */
7203
7204 /*
7205 * We use the number of packets as the unit of
7206 * sadb_lifetime_allocations. We increment the variable
7207 * whenever {esp,ah}_{in,out}put is called.
7208 */
7209 sav->lft_c->sadb_lifetime_allocations++;
7210 /* XXX check for expires? */
7211
7212 /*
7213 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
7214 * in seconds. HARD and SOFT lifetime are measured by the time
7215 * difference (again in seconds) from sadb_lifetime_usetime.
7216 *
7217 * usetime
7218 * v expire expire
7219 * -----+-----+--------+---> t
7220 * <--------------> HARD
7221 * <-----> SOFT
7222 */
7223 sav->lft_c->sadb_lifetime_usetime = time_second;
7224 /* XXX check for expires? */
7225
7226 return;
7227 }
7228
7229 /* dumb version */
7230 void
7231 key_sa_routechange(dst)
7232 struct sockaddr *dst;
7233 {
7234 struct secashead *sah;
7235 struct route *ro;
7236
7237 LIST_FOREACH(sah, &sahtree, chain) {
7238 ro = &sah->sa_route;
7239 if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len
7240 && bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) {
7241 RTFREE(ro->ro_rt);
7242 ro->ro_rt = (struct rtentry *)NULL;
7243 }
7244 }
7245
7246 return;
7247 }
7248
7249 static void
7250 key_sa_chgstate(sav, state)
7251 struct secasvar *sav;
7252 u_int8_t state;
7253 {
7254 if (sav == NULL)
7255 panic("key_sa_chgstate called with sav == NULL");
7256
7257 if (sav->state == state)
7258 return;
7259
7260 if (__LIST_CHAINED(sav))
7261 LIST_REMOVE(sav, chain);
7262
7263 sav->state = state;
7264 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
7265 }
7266
7267 void
7268 key_sa_stir_iv(sav)
7269 struct secasvar *sav;
7270 {
7271
7272 if (!sav->iv)
7273 panic("key_sa_stir_iv called with sav == NULL");
7274 key_randomfill(sav->iv, sav->ivlen);
7275 }
7276
7277 /* XXX too much? */
7278 static struct mbuf *
7279 key_alloc_mbuf(l)
7280 int l;
7281 {
7282 struct mbuf *m = NULL, *n;
7283 int len, t;
7284
7285 len = l;
7286 while (len > 0) {
7287 MGET(n, M_DONTWAIT, MT_DATA);
7288 if (n && len > MLEN)
7289 MCLGET(n, M_DONTWAIT);
7290 if (!n) {
7291 m_freem(m);
7292 return NULL;
7293 }
7294
7295 n->m_next = NULL;
7296 n->m_len = 0;
7297 n->m_len = M_TRAILINGSPACE(n);
7298 /* use the bottom of mbuf, hoping we can prepend afterwards */
7299 if (n->m_len > len) {
7300 t = (n->m_len - len) & ~(sizeof(long) - 1);
7301 n->m_data += t;
7302 n->m_len = len;
7303 }
7304
7305 len -= n->m_len;
7306
7307 if (m)
7308 m_cat(m, n);
7309 else
7310 m = n;
7311 }
7312
7313 return m;
7314 }
Cache object: 6559e86ab21fe33ad5ab5acb0bff63c0
|