Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/netipsec/key.c
Version:
- FREEBSD - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-2 - FREEBSD-11-1 - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-4 - FREEBSD-10-3 - FREEBSD-10-2 - FREEBSD-10-1 - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-3 - FREEBSD-9-2 - FREEBSD-9-1 - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-4 - FREEBSD-8-3 - FREEBSD-8-2 - FREEBSD-8-1 - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-4 - FREEBSD-7-3 - FREEBSD-7-2 - FREEBSD-7-1 - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-4 - FREEBSD-6-3 - FREEBSD-6-2 - FREEBSD-6-1 - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-5 - FREEBSD-5-4 - FREEBSD-5-3 - FREEBSD-5-2 - FREEBSD-5-1 - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - linux-2.6 - linux-2.4.22 - MK83 - MK84 - PLAN9 - DFBSD - NETBSD - NETBSD5 - NETBSD4 - NETBSD3 - NETBSD20 - OPENBSD - xnu-517 - xnu-792 - xnu-792.6.70 - xnu-1228 - xnu-1456.1.26 - xnu-1699.24.8 - xnu-2050.18.24 - OPENSOLARIS - minix-3-1-1
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $FreeBSD$ */ 2 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 3 4 /*- 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * This code is referd to RFC 2367 35 */ 36 37 #include "opt_inet.h" 38 #include "opt_inet6.h" 39 #include "opt_ipsec.h" 40 41 #include <sys/types.h> 42 #include <sys/param.h> 43 #include <sys/systm.h> 44 #include <sys/kernel.h> 45 #include <sys/lock.h> 46 #include <sys/mutex.h> 47 #include <sys/mbuf.h> 48 #include <sys/domain.h> 49 #include <sys/protosw.h> 50 #include <sys/malloc.h> 51 #include <sys/socket.h> 52 #include <sys/socketvar.h> 53 #include <sys/sysctl.h> 54 #include <sys/errno.h> 55 #include <sys/proc.h> 56 #include <sys/queue.h> 57 #include <sys/refcount.h> 58 #include <sys/syslog.h> 59 60 #include <net/if.h> 61 #include <net/route.h> 62 #include <net/raw_cb.h> 63 64 #include <netinet/in.h> 65 #include <netinet/in_systm.h> 66 #include <netinet/ip.h> 67 #include <netinet/in_var.h> 68 69 #ifdef INET6 70 #include <netinet/ip6.h> 71 #include <netinet6/in6_var.h> 72 #include <netinet6/ip6_var.h> 73 #endif /* INET6 */ 74 75 #ifdef INET 76 #include <netinet/in_pcb.h> 77 #endif 78 #ifdef INET6 79 #include <netinet6/in6_pcb.h> 80 #endif /* INET6 */ 81 82 #include <net/pfkeyv2.h> 83 #include <netipsec/keydb.h> 84 #include <netipsec/key.h> 85 #include <netipsec/keysock.h> 86 #include <netipsec/key_debug.h> 87 88 #include <netipsec/ipsec.h> 89 #ifdef INET6 90 #include <netipsec/ipsec6.h> 91 #endif 92 93 #include <netipsec/xform.h> 94 95 #include <machine/stdarg.h> 96 97 /* randomness */ 98 #include <sys/random.h> 99 100 #define FULLMASK 0xff 101 #define _BITS(bytes) ((bytes) << 3) 102 103 /* 104 * Note on SA reference counting: 105 * - SAs that are not in DEAD state will have (total external reference + 1) 106 * following value in reference count field. they cannot be freed and are 107 * referenced from SA header. 108 * - SAs that are in DEAD state will have (total external reference) 109 * in reference count field. they are ready to be freed. reference from 110 * SA header will be removed in key_delsav(), when the reference count 111 * field hits 0 (= no external reference other than from SA header. 112 */ 113 114 u_int32_t key_debug_level = 0; 115 static u_int key_spi_trycnt = 1000; 116 static u_int32_t key_spi_minval = 0x100; 117 static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */ 118 static u_int32_t policy_id = 0; 119 static u_int key_int_random = 60; /*interval to initialize randseed,1(m)*/ 120 static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/ 121 static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/ 122 static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/ 123 static int key_preferred_oldsa = 1; /* preferred old sa rather than new sa.*/ 124 125 static u_int32_t acq_seq = 0; 126 127 static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD */ 128 static struct mtx sptree_lock; 129 #define SPTREE_LOCK_INIT() \ 130 mtx_init(&sptree_lock, "sptree", \ 131 "fast ipsec security policy database", MTX_DEF) 132 #define SPTREE_LOCK_DESTROY() mtx_destroy(&sptree_lock) 133 #define SPTREE_LOCK() mtx_lock(&sptree_lock) 134 #define SPTREE_UNLOCK() mtx_unlock(&sptree_lock) 135 #define SPTREE_LOCK_ASSERT() mtx_assert(&sptree_lock, MA_OWNED) 136 137 static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */ 138 static struct mtx sahtree_lock; 139 #define SAHTREE_LOCK_INIT() \ 140 mtx_init(&sahtree_lock, "sahtree", \ 141 "fast ipsec security association database", MTX_DEF) 142 #define SAHTREE_LOCK_DESTROY() mtx_destroy(&sahtree_lock) 143 #define SAHTREE_LOCK() mtx_lock(&sahtree_lock) 144 #define SAHTREE_UNLOCK() mtx_unlock(&sahtree_lock) 145 #define SAHTREE_LOCK_ASSERT() mtx_assert(&sahtree_lock, MA_OWNED) 146 147 /* registed list */ 148 static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1]; 149 static struct mtx regtree_lock; 150 #define REGTREE_LOCK_INIT() \ 151 mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF) 152 #define REGTREE_LOCK_DESTROY() mtx_destroy(®tree_lock) 153 #define REGTREE_LOCK() mtx_lock(®tree_lock) 154 #define REGTREE_UNLOCK() mtx_unlock(®tree_lock) 155 #define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED) 156 157 static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */ 158 static struct mtx acq_lock; 159 #define ACQ_LOCK_INIT() \ 160 mtx_init(&acq_lock, "acqtree", "fast ipsec acquire list", MTX_DEF) 161 #define ACQ_LOCK_DESTROY() mtx_destroy(&acq_lock) 162 #define ACQ_LOCK() mtx_lock(&acq_lock) 163 #define ACQ_UNLOCK() mtx_unlock(&acq_lock) 164 #define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED) 165 166 static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */ 167 static struct mtx spacq_lock; 168 #define SPACQ_LOCK_INIT() \ 169 mtx_init(&spacq_lock, "spacqtree", \ 170 "fast ipsec security policy acquire list", MTX_DEF) 171 #define SPACQ_LOCK_DESTROY() mtx_destroy(&spacq_lock) 172 #define SPACQ_LOCK() mtx_lock(&spacq_lock) 173 #define SPACQ_UNLOCK() mtx_unlock(&spacq_lock) 174 #define SPACQ_LOCK_ASSERT() mtx_assert(&spacq_lock, MA_OWNED) 175 176 /* search order for SAs */ 177 static const u_int saorder_state_valid_prefer_old[] = { 178 SADB_SASTATE_DYING, SADB_SASTATE_MATURE, 179 }; 180 static const u_int saorder_state_valid_prefer_new[] = { 181 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, 182 }; 183 static u_int saorder_state_alive[] = { 184 /* except DEAD */ 185 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL 186 }; 187 static u_int saorder_state_any[] = { 188 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, 189 SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD 190 }; 191 192 static const int minsize[] = { 193 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 194 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 195 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 196 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 197 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 198 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */ 199 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */ 200 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */ 201 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */ 202 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */ 203 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */ 204 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */ 205 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */ 206 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */ 207 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */ 208 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */ 209 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 210 0, /* SADB_X_EXT_KMPRIVATE */ 211 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */ 212 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 213 }; 214 static const int maxsize[] = { 215 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 216 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 217 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 218 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 219 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 220 0, /* SADB_EXT_ADDRESS_SRC */ 221 0, /* SADB_EXT_ADDRESS_DST */ 222 0, /* SADB_EXT_ADDRESS_PROXY */ 223 0, /* SADB_EXT_KEY_AUTH */ 224 0, /* SADB_EXT_KEY_ENCRYPT */ 225 0, /* SADB_EXT_IDENTITY_SRC */ 226 0, /* SADB_EXT_IDENTITY_DST */ 227 0, /* SADB_EXT_SENSITIVITY */ 228 0, /* SADB_EXT_PROPOSAL */ 229 0, /* SADB_EXT_SUPPORTED_AUTH */ 230 0, /* SADB_EXT_SUPPORTED_ENCRYPT */ 231 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 232 0, /* SADB_X_EXT_KMPRIVATE */ 233 0, /* SADB_X_EXT_POLICY */ 234 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 235 }; 236 237 static int ipsec_esp_keymin = 256; 238 static int ipsec_esp_auth = 0; 239 static int ipsec_ah_keymin = 128; 240 241 #ifdef SYSCTL_DECL 242 SYSCTL_DECL(_net_key); 243 #endif 244 245 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW, \ 246 &key_debug_level, 0, ""); 247 248 /* max count of trial for the decision of spi value */ 249 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \ 250 &key_spi_trycnt, 0, ""); 251 252 /* minimum spi value to allocate automatically. */ 253 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \ 254 &key_spi_minval, 0, ""); 255 256 /* maximun spi value to allocate automatically. */ 257 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \ 258 &key_spi_maxval, 0, ""); 259 260 /* interval to initialize randseed */ 261 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \ 262 &key_int_random, 0, ""); 263 264 /* lifetime for larval SA */ 265 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \ 266 &key_larval_lifetime, 0, ""); 267 268 /* counter for blocking to send SADB_ACQUIRE to IKEd */ 269 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \ 270 &key_blockacq_count, 0, ""); 271 272 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ 273 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \ 274 &key_blockacq_lifetime, 0, ""); 275 276 /* ESP auth */ 277 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \ 278 &ipsec_esp_auth, 0, ""); 279 280 /* minimum ESP key length */ 281 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \ 282 &ipsec_esp_keymin, 0, ""); 283 284 /* minimum AH key length */ 285 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \ 286 &ipsec_ah_keymin, 0, ""); 287 288 /* perfered old SA rather than new SA */ 289 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, CTLFLAG_RW,\ 290 &key_preferred_oldsa, 0, ""); 291 292 #define __LIST_CHAINED(elm) \ 293 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) 294 #define LIST_INSERT_TAIL(head, elm, type, field) \ 295 do {\ 296 struct type *curelm = LIST_FIRST(head); \ 297 if (curelm == NULL) {\ 298 LIST_INSERT_HEAD(head, elm, field); \ 299 } else { \ 300 while (LIST_NEXT(curelm, field)) \ 301 curelm = LIST_NEXT(curelm, field);\ 302 LIST_INSERT_AFTER(curelm, elm, field);\ 303 }\ 304 } while (0) 305 306 #define KEY_CHKSASTATE(head, sav, name) \ 307 do { \ 308 if ((head) != (sav)) { \ 309 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%d SA=%d)\n", \ 310 (name), (head), (sav))); \ 311 continue; \ 312 } \ 313 } while (0) 314 315 #define KEY_CHKSPDIR(head, sp, name) \ 316 do { \ 317 if ((head) != (sp)) { \ 318 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%d SP=%d), " \ 319 "anyway continue.\n", \ 320 (name), (head), (sp))); \ 321 } \ 322 } while (0) 323 324 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association"); 325 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head"); 326 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy"); 327 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request"); 328 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous"); 329 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire"); 330 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire"); 331 332 /* 333 * set parameters into secpolicyindex buffer. 334 * Must allocate secpolicyindex buffer passed to this function. 335 */ 336 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \ 337 do { \ 338 bzero((idx), sizeof(struct secpolicyindex)); \ 339 (idx)->dir = (_dir); \ 340 (idx)->prefs = (ps); \ 341 (idx)->prefd = (pd); \ 342 (idx)->ul_proto = (ulp); \ 343 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 344 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 345 } while (0) 346 347 /* 348 * set parameters into secasindex buffer. 349 * Must allocate secasindex buffer before calling this function. 350 */ 351 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \ 352 do { \ 353 bzero((idx), sizeof(struct secasindex)); \ 354 (idx)->proto = (p); \ 355 (idx)->mode = (m); \ 356 (idx)->reqid = (r); \ 357 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 358 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 359 } while (0) 360 361 /* key statistics */ 362 struct _keystat { 363 u_long getspi_count; /* the avarage of count to try to get new SPI */ 364 } keystat; 365 366 struct sadb_msghdr { 367 struct sadb_msg *msg; 368 struct sadb_ext *ext[SADB_EXT_MAX + 1]; 369 int extoff[SADB_EXT_MAX + 1]; 370 int extlen[SADB_EXT_MAX + 1]; 371 }; 372 373 static struct secasvar *key_allocsa_policy __P((const struct secasindex *)); 374 static void key_freesp_so __P((struct secpolicy **)); 375 static struct secasvar *key_do_allocsa_policy __P((struct secashead *, u_int)); 376 static void key_delsp __P((struct secpolicy *)); 377 static struct secpolicy *key_getsp __P((struct secpolicyindex *)); 378 static void _key_delsp(struct secpolicy *sp); 379 static struct secpolicy *key_getspbyid __P((u_int32_t)); 380 static u_int32_t key_newreqid __P((void)); 381 static struct mbuf *key_gather_mbuf __P((struct mbuf *, 382 const struct sadb_msghdr *, int, int, ...)); 383 static int key_spdadd __P((struct socket *, struct mbuf *, 384 const struct sadb_msghdr *)); 385 static u_int32_t key_getnewspid __P((void)); 386 static int key_spddelete __P((struct socket *, struct mbuf *, 387 const struct sadb_msghdr *)); 388 static int key_spddelete2 __P((struct socket *, struct mbuf *, 389 const struct sadb_msghdr *)); 390 static int key_spdget __P((struct socket *, struct mbuf *, 391 const struct sadb_msghdr *)); 392 static int key_spdflush __P((struct socket *, struct mbuf *, 393 const struct sadb_msghdr *)); 394 static int key_spddump __P((struct socket *, struct mbuf *, 395 const struct sadb_msghdr *)); 396 static struct mbuf *key_setdumpsp __P((struct secpolicy *, 397 u_int8_t, u_int32_t, u_int32_t)); 398 static u_int key_getspreqmsglen __P((struct secpolicy *)); 399 static int key_spdexpire __P((struct secpolicy *)); 400 static struct secashead *key_newsah __P((struct secasindex *)); 401 static void key_delsah __P((struct secashead *)); 402 static struct secasvar *key_newsav __P((struct mbuf *, 403 const struct sadb_msghdr *, struct secashead *, int *, 404 const char*, int)); 405 #define KEY_NEWSAV(m, sadb, sah, e) \ 406 key_newsav(m, sadb, sah, e, __FILE__, __LINE__) 407 static void key_delsav __P((struct secasvar *)); 408 static struct secashead *key_getsah __P((struct secasindex *)); 409 static struct secasvar *key_checkspidup __P((struct secasindex *, u_int32_t)); 410 static struct secasvar *key_getsavbyspi __P((struct secashead *, u_int32_t)); 411 static int key_setsaval __P((struct secasvar *, struct mbuf *, 412 const struct sadb_msghdr *)); 413 static int key_mature __P((struct secasvar *)); 414 static struct mbuf *key_setdumpsa __P((struct secasvar *, u_int8_t, 415 u_int8_t, u_int32_t, u_int32_t)); 416 static struct mbuf *key_setsadbmsg __P((u_int8_t, u_int16_t, u_int8_t, 417 u_int32_t, pid_t, u_int16_t)); 418 static struct mbuf *key_setsadbsa __P((struct secasvar *)); 419 static struct mbuf *key_setsadbaddr __P((u_int16_t, 420 const struct sockaddr *, u_int8_t, u_int16_t)); 421 static struct mbuf *key_setsadbxsa2 __P((u_int8_t, u_int32_t, u_int32_t)); 422 static struct mbuf *key_setsadbxpolicy __P((u_int16_t, u_int8_t, 423 u_int32_t)); 424 static void *key_dup(const void *, u_int, struct malloc_type *); 425 #ifdef INET6 426 static int key_ismyaddr6 __P((struct sockaddr_in6 *)); 427 #endif 428 429 /* flags for key_cmpsaidx() */ 430 #define CMP_HEAD 1 /* protocol, addresses. */ 431 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */ 432 #define CMP_REQID 3 /* additionally HEAD, reaid. */ 433 #define CMP_EXACTLY 4 /* all elements. */ 434 static int key_cmpsaidx 435 __P((const struct secasindex *, const struct secasindex *, int)); 436 437 static int key_cmpspidx_exactly 438 __P((struct secpolicyindex *, struct secpolicyindex *)); 439 static int key_cmpspidx_withmask 440 __P((struct secpolicyindex *, struct secpolicyindex *)); 441 static int key_sockaddrcmp __P((const struct sockaddr *, const struct sockaddr *, int)); 442 static int key_bbcmp __P((const void *, const void *, u_int)); 443 static u_int16_t key_satype2proto __P((u_int8_t)); 444 static u_int8_t key_proto2satype __P((u_int16_t)); 445 446 static int key_getspi __P((struct socket *, struct mbuf *, 447 const struct sadb_msghdr *)); 448 static u_int32_t key_do_getnewspi __P((struct sadb_spirange *, 449 struct secasindex *)); 450 static int key_update __P((struct socket *, struct mbuf *, 451 const struct sadb_msghdr *)); 452 #ifdef IPSEC_DOSEQCHECK 453 static struct secasvar *key_getsavbyseq __P((struct secashead *, u_int32_t)); 454 #endif 455 static int key_add __P((struct socket *, struct mbuf *, 456 const struct sadb_msghdr *)); 457 static int key_setident __P((struct secashead *, struct mbuf *, 458 const struct sadb_msghdr *)); 459 static struct mbuf *key_getmsgbuf_x1 __P((struct mbuf *, 460 const struct sadb_msghdr *)); 461 static int key_delete __P((struct socket *, struct mbuf *, 462 const struct sadb_msghdr *)); 463 static int key_get __P((struct socket *, struct mbuf *, 464 const struct sadb_msghdr *)); 465 466 static void key_getcomb_setlifetime __P((struct sadb_comb *)); 467 static struct mbuf *key_getcomb_esp __P((void)); 468 static struct mbuf *key_getcomb_ah __P((void)); 469 static struct mbuf *key_getcomb_ipcomp __P((void)); 470 static struct mbuf *key_getprop __P((const struct secasindex *)); 471 472 static int key_acquire __P((const struct secasindex *, struct secpolicy *)); 473 static struct secacq *key_newacq __P((const struct secasindex *)); 474 static struct secacq *key_getacq __P((const struct secasindex *)); 475 static struct secacq *key_getacqbyseq __P((u_int32_t)); 476 static struct secspacq *key_newspacq __P((struct secpolicyindex *)); 477 static struct secspacq *key_getspacq __P((struct secpolicyindex *)); 478 static int key_acquire2 __P((struct socket *, struct mbuf *, 479 const struct sadb_msghdr *)); 480 static int key_register __P((struct socket *, struct mbuf *, 481 const struct sadb_msghdr *)); 482 static int key_expire __P((struct secasvar *)); 483 static int key_flush __P((struct socket *, struct mbuf *, 484 const struct sadb_msghdr *)); 485 static int key_dump __P((struct socket *, struct mbuf *, 486 const struct sadb_msghdr *)); 487 static int key_promisc __P((struct socket *, struct mbuf *, 488 const struct sadb_msghdr *)); 489 static int key_senderror __P((struct socket *, struct mbuf *, int)); 490 static int key_validate_ext __P((const struct sadb_ext *, int)); 491 static int key_align __P((struct mbuf *, struct sadb_msghdr *)); 492 #if 0 493 static const char *key_getfqdn __P((void)); 494 static const char *key_getuserfqdn __P((void)); 495 #endif 496 static void key_sa_chgstate __P((struct secasvar *, u_int8_t)); 497 static struct mbuf *key_alloc_mbuf __P((int)); 498 499 static __inline void 500 sa_initref(struct secasvar *sav) 501 { 502 503 refcount_init(&sav->refcnt, 1); 504 } 505 static __inline void 506 sa_addref(struct secasvar *sav) 507 { 508 509 refcount_acquire(&sav->refcnt); 510 IPSEC_ASSERT(sav->refcnt != 0, ("SA refcnt overflow")); 511 } 512 static __inline int 513 sa_delref(struct secasvar *sav) 514 { 515 516 IPSEC_ASSERT(sav->refcnt > 0, ("SA refcnt underflow")); 517 return (refcount_release(&sav->refcnt)); 518 } 519 520 #define SP_ADDREF(p) do { \ 521 (p)->refcnt++; \ 522 IPSEC_ASSERT((p)->refcnt != 0, ("SP refcnt overflow")); \ 523 } while (0) 524 #define SP_DELREF(p) do { \ 525 IPSEC_ASSERT((p)->refcnt > 0, ("SP refcnt underflow")); \ 526 (p)->refcnt--; \ 527 } while (0) 528 529 530 /* 531 * Update the refcnt while holding the SPTREE lock. 532 */ 533 void 534 key_addref(struct secpolicy *sp) 535 { 536 SPTREE_LOCK(); 537 SP_ADDREF(sp); 538 SPTREE_UNLOCK(); 539 } 540 541 /* 542 * Return 0 when there are known to be no SP's for the specified 543 * direction. Otherwise return 1. This is used by IPsec code 544 * to optimize performance. 545 */ 546 int 547 key_havesp(u_int dir) 548 { 549 return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ? 550 LIST_FIRST(&sptree[dir]) != NULL : 1); 551 } 552 553 /* %%% IPsec policy management */ 554 /* 555 * allocating a SP for OUTBOUND or INBOUND packet. 556 * Must call key_freesp() later. 557 * OUT: NULL: not found 558 * others: found and return the pointer. 559 */ 560 struct secpolicy * 561 key_allocsp(struct secpolicyindex *spidx, u_int dir, const char* where, int tag) 562 { 563 struct secpolicy *sp; 564 565 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 566 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 567 ("invalid direction %u", dir)); 568 569 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 570 printf("DP %s from %s:%u\n", __func__, where, tag)); 571 572 /* get a SP entry */ 573 KEYDEBUG(KEYDEBUG_IPSEC_DATA, 574 printf("*** objects\n"); 575 kdebug_secpolicyindex(spidx)); 576 577 SPTREE_LOCK(); 578 LIST_FOREACH(sp, &sptree[dir], chain) { 579 KEYDEBUG(KEYDEBUG_IPSEC_DATA, 580 printf("*** in SPD\n"); 581 kdebug_secpolicyindex(&sp->spidx)); 582 583 if (sp->state == IPSEC_SPSTATE_DEAD) 584 continue; 585 if (key_cmpspidx_withmask(&sp->spidx, spidx)) 586 goto found; 587 } 588 sp = NULL; 589 found: 590 if (sp) { 591 /* sanity check */ 592 KEY_CHKSPDIR(sp->spidx.dir, dir, __func__); 593 594 /* found a SPD entry */ 595 sp->lastused = time_second; 596 SP_ADDREF(sp); 597 } 598 SPTREE_UNLOCK(); 599 600 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 601 printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__, 602 sp, sp ? sp->id : 0, sp ? sp->refcnt : 0)); 603 return sp; 604 } 605 606 /* 607 * allocating a SP for OUTBOUND or INBOUND packet. 608 * Must call key_freesp() later. 609 * OUT: NULL: not found 610 * others: found and return the pointer. 611 */ 612 struct secpolicy * 613 key_allocsp2(u_int32_t spi, 614 union sockaddr_union *dst, 615 u_int8_t proto, 616 u_int dir, 617 const char* where, int tag) 618 { 619 struct secpolicy *sp; 620 621 IPSEC_ASSERT(dst != NULL, ("null dst")); 622 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 623 ("invalid direction %u", dir)); 624 625 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 626 printf("DP %s from %s:%u\n", __func__, where, tag)); 627 628 /* get a SP entry */ 629 KEYDEBUG(KEYDEBUG_IPSEC_DATA, 630 printf("*** objects\n"); 631 printf("spi %u proto %u dir %u\n", spi, proto, dir); 632 kdebug_sockaddr(&dst->sa)); 633 634 SPTREE_LOCK(); 635 LIST_FOREACH(sp, &sptree[dir], chain) { 636 KEYDEBUG(KEYDEBUG_IPSEC_DATA, 637 printf("*** in SPD\n"); 638 kdebug_secpolicyindex(&sp->spidx)); 639 640 if (sp->state == IPSEC_SPSTATE_DEAD) 641 continue; 642 /* compare simple values, then dst address */ 643 if (sp->spidx.ul_proto != proto) 644 continue; 645 /* NB: spi's must exist and match */ 646 if (!sp->req || !sp->req->sav || sp->req->sav->spi != spi) 647 continue; 648 if (key_sockaddrcmp(&sp->spidx.dst.sa, &dst->sa, 1) == 0) 649 goto found; 650 } 651 sp = NULL; 652 found: 653 if (sp) { 654 /* sanity check */ 655 KEY_CHKSPDIR(sp->spidx.dir, dir, __func__); 656 657 /* found a SPD entry */ 658 sp->lastused = time_second; 659 SP_ADDREF(sp); 660 } 661 SPTREE_UNLOCK(); 662 663 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 664 printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__, 665 sp, sp ? sp->id : 0, sp ? sp->refcnt : 0)); 666 return sp; 667 } 668 669 /* 670 * return a policy that matches this particular inbound packet. 671 * XXX slow 672 */ 673 struct secpolicy * 674 key_gettunnel(const struct sockaddr *osrc, 675 const struct sockaddr *odst, 676 const struct sockaddr *isrc, 677 const struct sockaddr *idst, 678 const char* where, int tag) 679 { 680 struct secpolicy *sp; 681 const int dir = IPSEC_DIR_INBOUND; 682 struct ipsecrequest *r1, *r2, *p; 683 struct secpolicyindex spidx; 684 685 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 686 printf("DP %s from %s:%u\n", __func__, where, tag)); 687 688 if (isrc->sa_family != idst->sa_family) { 689 ipseclog((LOG_ERR, "%s: protocol family mismatched %d != %d\n.", 690 __func__, isrc->sa_family, idst->sa_family)); 691 sp = NULL; 692 goto done; 693 } 694 695 SPTREE_LOCK(); 696 LIST_FOREACH(sp, &sptree[dir], chain) { 697 if (sp->state == IPSEC_SPSTATE_DEAD) 698 continue; 699 700 r1 = r2 = NULL; 701 for (p = sp->req; p; p = p->next) { 702 if (p->saidx.mode != IPSEC_MODE_TUNNEL) 703 continue; 704 705 r1 = r2; 706 r2 = p; 707 708 if (!r1) { 709 /* here we look at address matches only */ 710 spidx = sp->spidx; 711 if (isrc->sa_len > sizeof(spidx.src) || 712 idst->sa_len > sizeof(spidx.dst)) 713 continue; 714 bcopy(isrc, &spidx.src, isrc->sa_len); 715 bcopy(idst, &spidx.dst, idst->sa_len); 716 if (!key_cmpspidx_withmask(&sp->spidx, &spidx)) 717 continue; 718 } else { 719 if (key_sockaddrcmp(&r1->saidx.src.sa, isrc, 0) || 720 key_sockaddrcmp(&r1->saidx.dst.sa, idst, 0)) 721 continue; 722 } 723 724 if (key_sockaddrcmp(&r2->saidx.src.sa, osrc, 0) || 725 key_sockaddrcmp(&r2->saidx.dst.sa, odst, 0)) 726 continue; 727 728 goto found; 729 } 730 } 731 sp = NULL; 732 found: 733 if (sp) { 734 sp->lastused = time_second; 735 SP_ADDREF(sp); 736 } 737 SPTREE_UNLOCK(); 738 done: 739 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 740 printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__, 741 sp, sp ? sp->id : 0, sp ? sp->refcnt : 0)); 742 return sp; 743 } 744 745 /* 746 * allocating an SA entry for an *OUTBOUND* packet. 747 * checking each request entries in SP, and acquire an SA if need. 748 * OUT: 0: there are valid requests. 749 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring. 750 */ 751 int 752 key_checkrequest(struct ipsecrequest *isr, const struct secasindex *saidx) 753 { 754 u_int level; 755 int error; 756 757 IPSEC_ASSERT(isr != NULL, ("null isr")); 758 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 759 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || 760 saidx->mode == IPSEC_MODE_TUNNEL, 761 ("unexpected policy %u", saidx->mode)); 762 763 /* 764 * XXX guard against protocol callbacks from the crypto 765 * thread as they reference ipsecrequest.sav which we 766 * temporarily null out below. Need to rethink how we 767 * handle bundled SA's in the callback thread. 768 */ 769 IPSECREQUEST_LOCK_ASSERT(isr); 770 771 /* get current level */ 772 level = ipsec_get_reqlevel(isr); 773 #if 0 774 /* 775 * We do allocate new SA only if the state of SA in the holder is 776 * SADB_SASTATE_DEAD. The SA for outbound must be the oldest. 777 */ 778 if (isr->sav != NULL) { 779 if (isr->sav->sah == NULL) 780 panic("%s: sah is null.\n", __func__); 781 if (isr->sav == (struct secasvar *)LIST_FIRST( 782 &isr->sav->sah->savtree[SADB_SASTATE_DEAD])) { 783 KEY_FREESAV(&isr->sav); 784 isr->sav = NULL; 785 } 786 } 787 #else 788 /* 789 * we free any SA stashed in the IPsec request because a different 790 * SA may be involved each time this request is checked, either 791 * because new SAs are being configured, or this request is 792 * associated with an unconnected datagram socket, or this request 793 * is associated with a system default policy. 794 * 795 * The operation may have negative impact to performance. We may 796 * want to check cached SA carefully, rather than picking new SA 797 * every time. 798 */ 799 if (isr->sav != NULL) { 800 KEY_FREESAV(&isr->sav); 801 isr->sav = NULL; 802 } 803 #endif 804 805 /* 806 * new SA allocation if no SA found. 807 * key_allocsa_policy should allocate the oldest SA available. 808 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt. 809 */ 810 if (isr->sav == NULL) 811 isr->sav = key_allocsa_policy(saidx); 812 813 /* When there is SA. */ 814 if (isr->sav != NULL) { 815 if (isr->sav->state != SADB_SASTATE_MATURE && 816 isr->sav->state != SADB_SASTATE_DYING) 817 return EINVAL; 818 return 0; 819 } 820 821 /* there is no SA */ 822 error = key_acquire(saidx, isr->sp); 823 if (error != 0) { 824 /* XXX What should I do ? */ 825 ipseclog((LOG_DEBUG, "%s: error %d returned from key_acquire\n", 826 __func__, error)); 827 return error; 828 } 829 830 if (level != IPSEC_LEVEL_REQUIRE) { 831 /* XXX sigh, the interface to this routine is botched */ 832 IPSEC_ASSERT(isr->sav == NULL, ("unexpected SA")); 833 return 0; 834 } else { 835 return ENOENT; 836 } 837 } 838 839 /* 840 * allocating a SA for policy entry from SAD. 841 * NOTE: searching SAD of aliving state. 842 * OUT: NULL: not found. 843 * others: found and return the pointer. 844 */ 845 static struct secasvar * 846 key_allocsa_policy(const struct secasindex *saidx) 847 { 848 #define N(a) _ARRAYLEN(a) 849 struct secashead *sah; 850 struct secasvar *sav; 851 u_int stateidx, arraysize; 852 const u_int *state_valid; 853 854 SAHTREE_LOCK(); 855 LIST_FOREACH(sah, &sahtree, chain) { 856 if (sah->state == SADB_SASTATE_DEAD) 857 continue; 858 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) { 859 if (key_preferred_oldsa) { 860 state_valid = saorder_state_valid_prefer_old; 861 arraysize = N(saorder_state_valid_prefer_old); 862 } else { 863 state_valid = saorder_state_valid_prefer_new; 864 arraysize = N(saorder_state_valid_prefer_new); 865 } 866 SAHTREE_UNLOCK(); 867 goto found; 868 } 869 } 870 SAHTREE_UNLOCK(); 871 872 return NULL; 873 874 found: 875 /* search valid state */ 876 for (stateidx = 0; stateidx < arraysize; stateidx++) { 877 sav = key_do_allocsa_policy(sah, state_valid[stateidx]); 878 if (sav != NULL) 879 return sav; 880 } 881 882 return NULL; 883 #undef N 884 } 885 886 /* 887 * searching SAD with direction, protocol, mode and state. 888 * called by key_allocsa_policy(). 889 * OUT: 890 * NULL : not found 891 * others : found, pointer to a SA. 892 */ 893 static struct secasvar * 894 key_do_allocsa_policy(struct secashead *sah, u_int state) 895 { 896 struct secasvar *sav, *nextsav, *candidate, *d; 897 898 /* initilize */ 899 candidate = NULL; 900 901 SAHTREE_LOCK(); 902 for (sav = LIST_FIRST(&sah->savtree[state]); 903 sav != NULL; 904 sav = nextsav) { 905 906 nextsav = LIST_NEXT(sav, chain); 907 908 /* sanity check */ 909 KEY_CHKSASTATE(sav->state, state, __func__); 910 911 /* initialize */ 912 if (candidate == NULL) { 913 candidate = sav; 914 continue; 915 } 916 917 /* Which SA is the better ? */ 918 919 IPSEC_ASSERT(candidate->lft_c != NULL, 920 ("null candidate lifetime")); 921 IPSEC_ASSERT(sav->lft_c != NULL, ("null sav lifetime")); 922 923 /* What the best method is to compare ? */ 924 if (key_preferred_oldsa) { 925 if (candidate->lft_c->sadb_lifetime_addtime > 926 sav->lft_c->sadb_lifetime_addtime) { 927 candidate = sav; 928 } 929 continue; 930 /*NOTREACHED*/ 931 } 932 933 /* preferred new sa rather than old sa */ 934 if (candidate->lft_c->sadb_lifetime_addtime < 935 sav->lft_c->sadb_lifetime_addtime) { 936 d = candidate; 937 candidate = sav; 938 } else 939 d = sav; 940 941 /* 942 * prepared to delete the SA when there is more 943 * suitable candidate and the lifetime of the SA is not 944 * permanent. 945 */ 946 if (d->lft_h->sadb_lifetime_addtime != 0) { 947 struct mbuf *m, *result; 948 u_int8_t satype; 949 950 key_sa_chgstate(d, SADB_SASTATE_DEAD); 951 952 IPSEC_ASSERT(d->refcnt > 0, ("bogus ref count")); 953 954 satype = key_proto2satype(d->sah->saidx.proto); 955 if (satype == 0) 956 goto msgfail; 957 958 m = key_setsadbmsg(SADB_DELETE, 0, 959 satype, 0, 0, d->refcnt - 1); 960 if (!m) 961 goto msgfail; 962 result = m; 963 964 /* set sadb_address for saidx's. */ 965 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 966 &d->sah->saidx.src.sa, 967 d->sah->saidx.src.sa.sa_len << 3, 968 IPSEC_ULPROTO_ANY); 969 if (!m) 970 goto msgfail; 971 m_cat(result, m); 972 973 /* set sadb_address for saidx's. */ 974 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 975 &d->sah->saidx.dst.sa, 976 d->sah->saidx.dst.sa.sa_len << 3, 977 IPSEC_ULPROTO_ANY); 978 if (!m) 979 goto msgfail; 980 m_cat(result, m); 981 982 /* create SA extension */ 983 m = key_setsadbsa(d); 984 if (!m) 985 goto msgfail; 986 m_cat(result, m); 987 988 if (result->m_len < sizeof(struct sadb_msg)) { 989 result = m_pullup(result, 990 sizeof(struct sadb_msg)); 991 if (result == NULL) 992 goto msgfail; 993 } 994 995 result->m_pkthdr.len = 0; 996 for (m = result; m; m = m->m_next) 997 result->m_pkthdr.len += m->m_len; 998 mtod(result, struct sadb_msg *)->sadb_msg_len = 999 PFKEY_UNIT64(result->m_pkthdr.len); 1000 1001 if (key_sendup_mbuf(NULL, result, 1002 KEY_SENDUP_REGISTERED)) 1003 goto msgfail; 1004 msgfail: 1005 KEY_FREESAV(&d); 1006 } 1007 } 1008 if (candidate) { 1009 sa_addref(candidate); 1010 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1011 printf("DP %s cause refcnt++:%d SA:%p\n", 1012 __func__, candidate->refcnt, candidate)); 1013 } 1014 SAHTREE_UNLOCK(); 1015 1016 return candidate; 1017 } 1018 1019 /* 1020 * allocating a usable SA entry for a *INBOUND* packet. 1021 * Must call key_freesav() later. 1022 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state). 1023 * NULL: not found, or error occured. 1024 * 1025 * In the comparison, no source address is used--for RFC2401 conformance. 1026 * To quote, from section 4.1: 1027 * A security association is uniquely identified by a triple consisting 1028 * of a Security Parameter Index (SPI), an IP Destination Address, and a 1029 * security protocol (AH or ESP) identifier. 1030 * Note that, however, we do need to keep source address in IPsec SA. 1031 * IKE specification and PF_KEY specification do assume that we 1032 * keep source address in IPsec SA. We see a tricky situation here. 1033 */ 1034 struct secasvar * 1035 key_allocsa( 1036 union sockaddr_union *dst, 1037 u_int proto, 1038 u_int32_t spi, 1039 const char* where, int tag) 1040 { 1041 struct secashead *sah; 1042 struct secasvar *sav; 1043 u_int stateidx, arraysize, state; 1044 const u_int *saorder_state_valid; 1045 1046 IPSEC_ASSERT(dst != NULL, ("null dst address")); 1047 1048 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1049 printf("DP %s from %s:%u\n", __func__, where, tag)); 1050 1051 /* 1052 * searching SAD. 1053 * XXX: to be checked internal IP header somewhere. Also when 1054 * IPsec tunnel packet is received. But ESP tunnel mode is 1055 * encrypted so we can't check internal IP header. 1056 */ 1057 SAHTREE_LOCK(); 1058 if (key_preferred_oldsa) { 1059 saorder_state_valid = saorder_state_valid_prefer_old; 1060 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old); 1061 } else { 1062 saorder_state_valid = saorder_state_valid_prefer_new; 1063 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new); 1064 } 1065 LIST_FOREACH(sah, &sahtree, chain) { 1066 /* search valid state */ 1067 for (stateidx = 0; stateidx < arraysize; stateidx++) { 1068 state = saorder_state_valid[stateidx]; 1069 LIST_FOREACH(sav, &sah->savtree[state], chain) { 1070 /* sanity check */ 1071 KEY_CHKSASTATE(sav->state, state, __func__); 1072 /* do not return entries w/ unusable state */ 1073 if (sav->state != SADB_SASTATE_MATURE && 1074 sav->state != SADB_SASTATE_DYING) 1075 continue; 1076 if (proto != sav->sah->saidx.proto) 1077 continue; 1078 if (spi != sav->spi) 1079 continue; 1080 #if 0 /* don't check src */ 1081 /* check src address */ 1082 if (key_sockaddrcmp(&src->sa, &sav->sah->saidx.src.sa, 0) != 0) 1083 continue; 1084 #endif 1085 /* check dst address */ 1086 if (key_sockaddrcmp(&dst->sa, &sav->sah->saidx.dst.sa, 0) != 0) 1087 continue; 1088 sa_addref(sav); 1089 goto done; 1090 } 1091 } 1092 } 1093 sav = NULL; 1094 done: 1095 SAHTREE_UNLOCK(); 1096 1097 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1098 printf("DP %s return SA:%p; refcnt %u\n", __func__, 1099 sav, sav ? sav->refcnt : 0)); 1100 return sav; 1101 } 1102 1103 /* 1104 * Must be called after calling key_allocsp(). 1105 * For both the packet without socket and key_freeso(). 1106 */ 1107 void 1108 _key_freesp(struct secpolicy **spp, const char* where, int tag) 1109 { 1110 struct secpolicy *sp = *spp; 1111 1112 IPSEC_ASSERT(sp != NULL, ("null sp")); 1113 1114 SPTREE_LOCK(); 1115 SP_DELREF(sp); 1116 1117 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1118 printf("DP %s SP:%p (ID=%u) from %s:%u; refcnt now %u\n", 1119 __func__, sp, sp->id, where, tag, sp->refcnt)); 1120 1121 if (sp->refcnt == 0) { 1122 *spp = NULL; 1123 key_delsp(sp); 1124 } 1125 SPTREE_UNLOCK(); 1126 } 1127 1128 /* 1129 * Must be called after calling key_allocsp(). 1130 * For the packet with socket. 1131 */ 1132 void 1133 key_freeso(struct socket *so) 1134 { 1135 IPSEC_ASSERT(so != NULL, ("null so")); 1136 1137 switch (so->so_proto->pr_domain->dom_family) { 1138 #ifdef INET 1139 case PF_INET: 1140 { 1141 struct inpcb *pcb = sotoinpcb(so); 1142 1143 /* Does it have a PCB ? */ 1144 if (pcb == NULL) 1145 return; 1146 key_freesp_so(&pcb->inp_sp->sp_in); 1147 key_freesp_so(&pcb->inp_sp->sp_out); 1148 } 1149 break; 1150 #endif 1151 #ifdef INET6 1152 case PF_INET6: 1153 { 1154 #ifdef HAVE_NRL_INPCB 1155 struct inpcb *pcb = sotoinpcb(so); 1156 1157 /* Does it have a PCB ? */ 1158 if (pcb == NULL) 1159 return; 1160 key_freesp_so(&pcb->inp_sp->sp_in); 1161 key_freesp_so(&pcb->inp_sp->sp_out); 1162 #else 1163 struct in6pcb *pcb = sotoin6pcb(so); 1164 1165 /* Does it have a PCB ? */ 1166 if (pcb == NULL) 1167 return; 1168 key_freesp_so(&pcb->in6p_sp->sp_in); 1169 key_freesp_so(&pcb->in6p_sp->sp_out); 1170 #endif 1171 } 1172 break; 1173 #endif /* INET6 */ 1174 default: 1175 ipseclog((LOG_DEBUG, "%s: unknown address family=%d.\n", 1176 __func__, so->so_proto->pr_domain->dom_family)); 1177 return; 1178 } 1179 } 1180 1181 static void 1182 key_freesp_so(struct secpolicy **sp) 1183 { 1184 IPSEC_ASSERT(sp != NULL && *sp != NULL, ("null sp")); 1185 1186 if ((*sp)->policy == IPSEC_POLICY_ENTRUST || 1187 (*sp)->policy == IPSEC_POLICY_BYPASS) 1188 return; 1189 1190 IPSEC_ASSERT((*sp)->policy == IPSEC_POLICY_IPSEC, 1191 ("invalid policy %u", (*sp)->policy)); 1192 KEY_FREESP(sp); 1193 } 1194 1195 /* 1196 * Must be called after calling key_allocsa(). 1197 * This function is called by key_freesp() to free some SA allocated 1198 * for a policy. 1199 */ 1200 void 1201 key_freesav(struct secasvar **psav, const char* where, int tag) 1202 { 1203 struct secasvar *sav = *psav; 1204 1205 IPSEC_ASSERT(sav != NULL, ("null sav")); 1206 1207 if (sa_delref(sav)) { 1208 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1209 printf("DP %s SA:%p (SPI %u) from %s:%u; refcnt now %u\n", 1210 __func__, sav, ntohl(sav->spi), where, tag, sav->refcnt)); 1211 *psav = NULL; 1212 key_delsav(sav); 1213 } else { 1214 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1215 printf("DP %s SA:%p (SPI %u) from %s:%u; refcnt now %u\n", 1216 __func__, sav, ntohl(sav->spi), where, tag, sav->refcnt)); 1217 } 1218 } 1219 1220 /* %%% SPD management */ 1221 /* 1222 * free security policy entry. 1223 */ 1224 static void 1225 key_delsp(struct secpolicy *sp) 1226 { 1227 struct ipsecrequest *isr, *nextisr; 1228 1229 IPSEC_ASSERT(sp != NULL, ("null sp")); 1230 SPTREE_LOCK_ASSERT(); 1231 1232 sp->state = IPSEC_SPSTATE_DEAD; 1233 1234 IPSEC_ASSERT(sp->refcnt == 0, 1235 ("SP with references deleted (refcnt %u)", sp->refcnt)); 1236 1237 /* remove from SP index */ 1238 if (__LIST_CHAINED(sp)) 1239 LIST_REMOVE(sp, chain); 1240 1241 for (isr = sp->req; isr != NULL; isr = nextisr) { 1242 if (isr->sav != NULL) { 1243 KEY_FREESAV(&isr->sav); 1244 isr->sav = NULL; 1245 } 1246 1247 nextisr = isr->next; 1248 ipsec_delisr(isr); 1249 } 1250 _key_delsp(sp); 1251 } 1252 1253 /* 1254 * search SPD 1255 * OUT: NULL : not found 1256 * others : found, pointer to a SP. 1257 */ 1258 static struct secpolicy * 1259 key_getsp(struct secpolicyindex *spidx) 1260 { 1261 struct secpolicy *sp; 1262 1263 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 1264 1265 SPTREE_LOCK(); 1266 LIST_FOREACH(sp, &sptree[spidx->dir], chain) { 1267 if (sp->state == IPSEC_SPSTATE_DEAD) 1268 continue; 1269 if (key_cmpspidx_exactly(spidx, &sp->spidx)) { 1270 SP_ADDREF(sp); 1271 break; 1272 } 1273 } 1274 SPTREE_UNLOCK(); 1275 1276 return sp; 1277 } 1278 1279 /* 1280 * get SP by index. 1281 * OUT: NULL : not found 1282 * others : found, pointer to a SP. 1283 */ 1284 static struct secpolicy * 1285 key_getspbyid(u_int32_t id) 1286 { 1287 struct secpolicy *sp; 1288 1289 SPTREE_LOCK(); 1290 LIST_FOREACH(sp, &sptree[IPSEC_DIR_INBOUND], chain) { 1291 if (sp->state == IPSEC_SPSTATE_DEAD) 1292 continue; 1293 if (sp->id == id) { 1294 SP_ADDREF(sp); 1295 goto done; 1296 } 1297 } 1298 1299 LIST_FOREACH(sp, &sptree[IPSEC_DIR_OUTBOUND], chain) { 1300 if (sp->state == IPSEC_SPSTATE_DEAD) 1301 continue; 1302 if (sp->id == id) { 1303 SP_ADDREF(sp); 1304 goto done; 1305 } 1306 } 1307 done: 1308 SPTREE_UNLOCK(); 1309 1310 return sp; 1311 } 1312 1313 struct secpolicy * 1314 key_newsp(const char* where, int tag) 1315 { 1316 struct secpolicy *newsp = NULL; 1317 1318 newsp = (struct secpolicy *) 1319 malloc(sizeof(struct secpolicy), M_IPSEC_SP, M_NOWAIT|M_ZERO); 1320 if (newsp) { 1321 SECPOLICY_LOCK_INIT(newsp); 1322 newsp->refcnt = 1; 1323 newsp->req = NULL; 1324 } 1325 1326 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1327 printf("DP %s from %s:%u return SP:%p\n", __func__, 1328 where, tag, newsp)); 1329 return newsp; 1330 } 1331 1332 static void 1333 _key_delsp(struct secpolicy *sp) 1334 { 1335 SECPOLICY_LOCK_DESTROY(sp); 1336 free(sp, M_IPSEC_SP); 1337 } 1338 1339 /* 1340 * create secpolicy structure from sadb_x_policy structure. 1341 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set, 1342 * so must be set properly later. 1343 */ 1344 struct secpolicy * 1345 key_msg2sp(xpl0, len, error) 1346 struct sadb_x_policy *xpl0; 1347 size_t len; 1348 int *error; 1349 { 1350 struct secpolicy *newsp; 1351 1352 IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); 1353 IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len)); 1354 1355 if (len != PFKEY_EXTLEN(xpl0)) { 1356 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__)); 1357 *error = EINVAL; 1358 return NULL; 1359 } 1360 1361 if ((newsp = KEY_NEWSP()) == NULL) { 1362 *error = ENOBUFS; 1363 return NULL; 1364 } 1365 1366 newsp->spidx.dir = xpl0->sadb_x_policy_dir; 1367 newsp->policy = xpl0->sadb_x_policy_type; 1368 1369 /* check policy */ 1370 switch (xpl0->sadb_x_policy_type) { 1371 case IPSEC_POLICY_DISCARD: 1372 case IPSEC_POLICY_NONE: 1373 case IPSEC_POLICY_ENTRUST: 1374 case IPSEC_POLICY_BYPASS: 1375 newsp->req = NULL; 1376 break; 1377 1378 case IPSEC_POLICY_IPSEC: 1379 { 1380 int tlen; 1381 struct sadb_x_ipsecrequest *xisr; 1382 struct ipsecrequest **p_isr = &newsp->req; 1383 1384 /* validity check */ 1385 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { 1386 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", 1387 __func__)); 1388 KEY_FREESP(&newsp); 1389 *error = EINVAL; 1390 return NULL; 1391 } 1392 1393 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); 1394 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1); 1395 1396 while (tlen > 0) { 1397 /* length check */ 1398 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) { 1399 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest " 1400 "length.\n", __func__)); 1401 KEY_FREESP(&newsp); 1402 *error = EINVAL; 1403 return NULL; 1404 } 1405 1406 /* allocate request buffer */ 1407 /* NB: data structure is zero'd */ 1408 *p_isr = ipsec_newisr(); 1409 if ((*p_isr) == NULL) { 1410 ipseclog((LOG_DEBUG, 1411 "%s: No more memory.\n", __func__)); 1412 KEY_FREESP(&newsp); 1413 *error = ENOBUFS; 1414 return NULL; 1415 } 1416 1417 /* set values */ 1418 switch (xisr->sadb_x_ipsecrequest_proto) { 1419 case IPPROTO_ESP: 1420 case IPPROTO_AH: 1421 case IPPROTO_IPCOMP: 1422 break; 1423 default: 1424 ipseclog((LOG_DEBUG, 1425 "%s: invalid proto type=%u\n", __func__, 1426 xisr->sadb_x_ipsecrequest_proto)); 1427 KEY_FREESP(&newsp); 1428 *error = EPROTONOSUPPORT; 1429 return NULL; 1430 } 1431 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto; 1432 1433 switch (xisr->sadb_x_ipsecrequest_mode) { 1434 case IPSEC_MODE_TRANSPORT: 1435 case IPSEC_MODE_TUNNEL: 1436 break; 1437 case IPSEC_MODE_ANY: 1438 default: 1439 ipseclog((LOG_DEBUG, 1440 "%s: invalid mode=%u\n", __func__, 1441 xisr->sadb_x_ipsecrequest_mode)); 1442 KEY_FREESP(&newsp); 1443 *error = EINVAL; 1444 return NULL; 1445 } 1446 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode; 1447 1448 switch (xisr->sadb_x_ipsecrequest_level) { 1449 case IPSEC_LEVEL_DEFAULT: 1450 case IPSEC_LEVEL_USE: 1451 case IPSEC_LEVEL_REQUIRE: 1452 break; 1453 case IPSEC_LEVEL_UNIQUE: 1454 /* validity check */ 1455 /* 1456 * If range violation of reqid, kernel will 1457 * update it, don't refuse it. 1458 */ 1459 if (xisr->sadb_x_ipsecrequest_reqid 1460 > IPSEC_MANUAL_REQID_MAX) { 1461 ipseclog((LOG_DEBUG, 1462 "%s: reqid=%d range " 1463 "violation, updated by kernel.\n", 1464 __func__, 1465 xisr->sadb_x_ipsecrequest_reqid)); 1466 xisr->sadb_x_ipsecrequest_reqid = 0; 1467 } 1468 1469 /* allocate new reqid id if reqid is zero. */ 1470 if (xisr->sadb_x_ipsecrequest_reqid == 0) { 1471 u_int32_t reqid; 1472 if ((reqid = key_newreqid()) == 0) { 1473 KEY_FREESP(&newsp); 1474 *error = ENOBUFS; 1475 return NULL; 1476 } 1477 (*p_isr)->saidx.reqid = reqid; 1478 xisr->sadb_x_ipsecrequest_reqid = reqid; 1479 } else { 1480 /* set it for manual keying. */ 1481 (*p_isr)->saidx.reqid = 1482 xisr->sadb_x_ipsecrequest_reqid; 1483 } 1484 break; 1485 1486 default: 1487 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n", 1488 __func__, 1489 xisr->sadb_x_ipsecrequest_level)); 1490 KEY_FREESP(&newsp); 1491 *error = EINVAL; 1492 return NULL; 1493 } 1494 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level; 1495 1496 /* set IP addresses if there */ 1497 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 1498 struct sockaddr *paddr; 1499 1500 paddr = (struct sockaddr *)(xisr + 1); 1501 1502 /* validity check */ 1503 if (paddr->sa_len 1504 > sizeof((*p_isr)->saidx.src)) { 1505 ipseclog((LOG_DEBUG, "%s: invalid " 1506 "request address length.\n", 1507 __func__)); 1508 KEY_FREESP(&newsp); 1509 *error = EINVAL; 1510 return NULL; 1511 } 1512 bcopy(paddr, &(*p_isr)->saidx.src, 1513 paddr->sa_len); 1514 1515 paddr = (struct sockaddr *)((caddr_t)paddr 1516 + paddr->sa_len); 1517 1518 /* validity check */ 1519 if (paddr->sa_len 1520 > sizeof((*p_isr)->saidx.dst)) { 1521 ipseclog((LOG_DEBUG, "%s: invalid " 1522 "request address length.\n", 1523 __func__)); 1524 KEY_FREESP(&newsp); 1525 *error = EINVAL; 1526 return NULL; 1527 } 1528 bcopy(paddr, &(*p_isr)->saidx.dst, 1529 paddr->sa_len); 1530 } 1531 1532 (*p_isr)->sp = newsp; 1533 1534 /* initialization for the next. */ 1535 p_isr = &(*p_isr)->next; 1536 tlen -= xisr->sadb_x_ipsecrequest_len; 1537 1538 /* validity check */ 1539 if (tlen < 0) { 1540 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n", 1541 __func__)); 1542 KEY_FREESP(&newsp); 1543 *error = EINVAL; 1544 return NULL; 1545 } 1546 1547 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 1548 + xisr->sadb_x_ipsecrequest_len); 1549 } 1550 } 1551 break; 1552 default: 1553 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 1554 KEY_FREESP(&newsp); 1555 *error = EINVAL; 1556 return NULL; 1557 } 1558 1559 *error = 0; 1560 return newsp; 1561 } 1562 1563 static u_int32_t 1564 key_newreqid() 1565 { 1566 static u_int32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1567 1568 auto_reqid = (auto_reqid == ~0 1569 ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1); 1570 1571 /* XXX should be unique check */ 1572 1573 return auto_reqid; 1574 } 1575 1576 /* 1577 * copy secpolicy struct to sadb_x_policy structure indicated. 1578 */ 1579 struct mbuf * 1580 key_sp2msg(sp) 1581 struct secpolicy *sp; 1582 { 1583 struct sadb_x_policy *xpl; 1584 int tlen; 1585 caddr_t p; 1586 struct mbuf *m; 1587 1588 IPSEC_ASSERT(sp != NULL, ("null policy")); 1589 1590 tlen = key_getspreqmsglen(sp); 1591 1592 m = key_alloc_mbuf(tlen); 1593 if (!m || m->m_next) { /*XXX*/ 1594 if (m) 1595 m_freem(m); 1596 return NULL; 1597 } 1598 1599 m->m_len = tlen; 1600 m->m_next = NULL; 1601 xpl = mtod(m, struct sadb_x_policy *); 1602 bzero(xpl, tlen); 1603 1604 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen); 1605 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1606 xpl->sadb_x_policy_type = sp->policy; 1607 xpl->sadb_x_policy_dir = sp->spidx.dir; 1608 xpl->sadb_x_policy_id = sp->id; 1609 p = (caddr_t)xpl + sizeof(*xpl); 1610 1611 /* if is the policy for ipsec ? */ 1612 if (sp->policy == IPSEC_POLICY_IPSEC) { 1613 struct sadb_x_ipsecrequest *xisr; 1614 struct ipsecrequest *isr; 1615 1616 for (isr = sp->req; isr != NULL; isr = isr->next) { 1617 1618 xisr = (struct sadb_x_ipsecrequest *)p; 1619 1620 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 1621 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 1622 xisr->sadb_x_ipsecrequest_level = isr->level; 1623 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; 1624 1625 p += sizeof(*xisr); 1626 bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len); 1627 p += isr->saidx.src.sa.sa_len; 1628 bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len); 1629 p += isr->saidx.src.sa.sa_len; 1630 1631 xisr->sadb_x_ipsecrequest_len = 1632 PFKEY_ALIGN8(sizeof(*xisr) 1633 + isr->saidx.src.sa.sa_len 1634 + isr->saidx.dst.sa.sa_len); 1635 } 1636 } 1637 1638 return m; 1639 } 1640 1641 /* m will not be freed nor modified */ 1642 static struct mbuf * 1643 #ifdef __STDC__ 1644 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, 1645 int ndeep, int nitem, ...) 1646 #else 1647 key_gather_mbuf(m, mhp, ndeep, nitem, va_alist) 1648 struct mbuf *m; 1649 const struct sadb_msghdr *mhp; 1650 int ndeep; 1651 int nitem; 1652 va_dcl 1653 #endif 1654 { 1655 va_list ap; 1656 int idx; 1657 int i; 1658 struct mbuf *result = NULL, *n; 1659 int len; 1660 1661 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1662 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1663 1664 va_start(ap, nitem); 1665 for (i = 0; i < nitem; i++) { 1666 idx = va_arg(ap, int); 1667 if (idx < 0 || idx > SADB_EXT_MAX) 1668 goto fail; 1669 /* don't attempt to pull empty extension */ 1670 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) 1671 continue; 1672 if (idx != SADB_EXT_RESERVED && 1673 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) 1674 continue; 1675 1676 if (idx == SADB_EXT_RESERVED) { 1677 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 1678 1679 IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len)); 1680 1681 MGETHDR(n, M_DONTWAIT, MT_DATA); 1682 if (!n) 1683 goto fail; 1684 n->m_len = len; 1685 n->m_next = NULL; 1686 m_copydata(m, 0, sizeof(struct sadb_msg), 1687 mtod(n, caddr_t)); 1688 } else if (i < ndeep) { 1689 len = mhp->extlen[idx]; 1690 n = key_alloc_mbuf(len); 1691 if (!n || n->m_next) { /*XXX*/ 1692 if (n) 1693 m_freem(n); 1694 goto fail; 1695 } 1696 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], 1697 mtod(n, caddr_t)); 1698 } else { 1699 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], 1700 M_DONTWAIT); 1701 } 1702 if (n == NULL) 1703 goto fail; 1704 1705 if (result) 1706 m_cat(result, n); 1707 else 1708 result = n; 1709 } 1710 va_end(ap); 1711 1712 if ((result->m_flags & M_PKTHDR) != 0) { 1713 result->m_pkthdr.len = 0; 1714 for (n = result; n; n = n->m_next) 1715 result->m_pkthdr.len += n->m_len; 1716 } 1717 1718 return result; 1719 1720 fail: 1721 m_freem(result); 1722 return NULL; 1723 } 1724 1725 /* 1726 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing 1727 * add an entry to SP database, when received 1728 * <base, address(SD), (lifetime(H),) policy> 1729 * from the user(?). 1730 * Adding to SP database, 1731 * and send 1732 * <base, address(SD), (lifetime(H),) policy> 1733 * to the socket which was send. 1734 * 1735 * SPDADD set a unique policy entry. 1736 * SPDSETIDX like SPDADD without a part of policy requests. 1737 * SPDUPDATE replace a unique policy entry. 1738 * 1739 * m will always be freed. 1740 */ 1741 static int 1742 key_spdadd(so, m, mhp) 1743 struct socket *so; 1744 struct mbuf *m; 1745 const struct sadb_msghdr *mhp; 1746 { 1747 struct sadb_address *src0, *dst0; 1748 struct sadb_x_policy *xpl0, *xpl; 1749 struct sadb_lifetime *lft = NULL; 1750 struct secpolicyindex spidx; 1751 struct secpolicy *newsp; 1752 int error; 1753 1754 IPSEC_ASSERT(so != NULL, ("null socket")); 1755 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1756 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1757 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 1758 1759 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 1760 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 1761 mhp->ext[SADB_X_EXT_POLICY] == NULL) { 1762 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n")); 1763 return key_senderror(so, m, EINVAL); 1764 } 1765 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 1766 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || 1767 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 1768 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 1769 __func__)); 1770 return key_senderror(so, m, EINVAL); 1771 } 1772 if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) { 1773 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] 1774 < sizeof(struct sadb_lifetime)) { 1775 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 1776 __func__)); 1777 return key_senderror(so, m, EINVAL); 1778 } 1779 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 1780 } 1781 1782 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 1783 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 1784 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 1785 1786 /* make secindex */ 1787 /* XXX boundary check against sa_len */ 1788 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 1789 src0 + 1, 1790 dst0 + 1, 1791 src0->sadb_address_prefixlen, 1792 dst0->sadb_address_prefixlen, 1793 src0->sadb_address_proto, 1794 &spidx); 1795 1796 /* checking the direciton. */ 1797 switch (xpl0->sadb_x_policy_dir) { 1798 case IPSEC_DIR_INBOUND: 1799 case IPSEC_DIR_OUTBOUND: 1800 break; 1801 default: 1802 ipseclog((LOG_DEBUG, "%s: Invalid SP direction.\n", __func__)); 1803 mhp->msg->sadb_msg_errno = EINVAL; 1804 return 0; 1805 } 1806 1807 /* check policy */ 1808 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */ 1809 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST 1810 || xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) { 1811 ipseclog((LOG_DEBUG, "%s: Invalid policy type.\n", __func__)); 1812 return key_senderror(so, m, EINVAL); 1813 } 1814 1815 /* policy requests are mandatory when action is ipsec. */ 1816 if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX 1817 && xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC 1818 && mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { 1819 ipseclog((LOG_DEBUG, "%s: some policy requests part required\n", 1820 __func__)); 1821 return key_senderror(so, m, EINVAL); 1822 } 1823 1824 /* 1825 * checking there is SP already or not. 1826 * SPDUPDATE doesn't depend on whether there is a SP or not. 1827 * If the type is either SPDADD or SPDSETIDX AND a SP is found, 1828 * then error. 1829 */ 1830 newsp = key_getsp(&spidx); 1831 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 1832 if (newsp) { 1833 newsp->state = IPSEC_SPSTATE_DEAD; 1834 KEY_FREESP(&newsp); 1835 } 1836 } else { 1837 if (newsp != NULL) { 1838 KEY_FREESP(&newsp); 1839 ipseclog((LOG_DEBUG, "%s: a SP entry exists already.\n", 1840 __func__)); 1841 return key_senderror(so, m, EEXIST); 1842 } 1843 } 1844 1845 /* allocation new SP entry */ 1846 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) { 1847 return key_senderror(so, m, error); 1848 } 1849 1850 if ((newsp->id = key_getnewspid()) == 0) { 1851 _key_delsp(newsp); 1852 return key_senderror(so, m, ENOBUFS); 1853 } 1854 1855 /* XXX boundary check against sa_len */ 1856 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 1857 src0 + 1, 1858 dst0 + 1, 1859 src0->sadb_address_prefixlen, 1860 dst0->sadb_address_prefixlen, 1861 src0->sadb_address_proto, 1862 &newsp->spidx); 1863 1864 /* sanity check on addr pair */ 1865 if (((struct sockaddr *)(src0 + 1))->sa_family != 1866 ((struct sockaddr *)(dst0+ 1))->sa_family) { 1867 _key_delsp(newsp); 1868 return key_senderror(so, m, EINVAL); 1869 } 1870 if (((struct sockaddr *)(src0 + 1))->sa_len != 1871 ((struct sockaddr *)(dst0+ 1))->sa_len) { 1872 _key_delsp(newsp); 1873 return key_senderror(so, m, EINVAL); 1874 } 1875 #if 1 1876 if (newsp->req && newsp->req->saidx.src.sa.sa_family) { 1877 struct sockaddr *sa; 1878 sa = (struct sockaddr *)(src0 + 1); 1879 if (sa->sa_family != newsp->req->saidx.src.sa.sa_family) { 1880 _key_delsp(newsp); 1881 return key_senderror(so, m, EINVAL); 1882 } 1883 } 1884 if (newsp->req && newsp->req->saidx.dst.sa.sa_family) { 1885 struct sockaddr *sa; 1886 sa = (struct sockaddr *)(dst0 + 1); 1887 if (sa->sa_family != newsp->req->saidx.dst.sa.sa_family) { 1888 _key_delsp(newsp); 1889 return key_senderror(so, m, EINVAL); 1890 } 1891 } 1892 #endif 1893 1894 newsp->created = time_second; 1895 newsp->lastused = newsp->created; 1896 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; 1897 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; 1898 1899 newsp->refcnt = 1; /* do not reclaim until I say I do */ 1900 newsp->state = IPSEC_SPSTATE_ALIVE; 1901 LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain); 1902 1903 /* delete the entry in spacqtree */ 1904 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 1905 struct secspacq *spacq = key_getspacq(&spidx); 1906 if (spacq != NULL) { 1907 /* reset counter in order to deletion by timehandler. */ 1908 spacq->created = time_second; 1909 spacq->count = 0; 1910 SPACQ_UNLOCK(); 1911 } 1912 } 1913 1914 { 1915 struct mbuf *n, *mpolicy; 1916 struct sadb_msg *newmsg; 1917 int off; 1918 1919 /* create new sadb_msg to reply. */ 1920 if (lft) { 1921 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, 1922 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, 1923 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 1924 } else { 1925 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, 1926 SADB_X_EXT_POLICY, 1927 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 1928 } 1929 if (!n) 1930 return key_senderror(so, m, ENOBUFS); 1931 1932 if (n->m_len < sizeof(*newmsg)) { 1933 n = m_pullup(n, sizeof(*newmsg)); 1934 if (!n) 1935 return key_senderror(so, m, ENOBUFS); 1936 } 1937 newmsg = mtod(n, struct sadb_msg *); 1938 newmsg->sadb_msg_errno = 0; 1939 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 1940 1941 off = 0; 1942 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), 1943 sizeof(*xpl), &off); 1944 if (mpolicy == NULL) { 1945 /* n is already freed */ 1946 return key_senderror(so, m, ENOBUFS); 1947 } 1948 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off); 1949 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { 1950 m_freem(n); 1951 return key_senderror(so, m, EINVAL); 1952 } 1953 xpl->sadb_x_policy_id = newsp->id; 1954 1955 m_freem(m); 1956 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 1957 } 1958 } 1959 1960 /* 1961 * get new policy id. 1962 * OUT: 1963 * 0: failure. 1964 * others: success. 1965 */ 1966 static u_int32_t 1967 key_getnewspid() 1968 { 1969 u_int32_t newid = 0; 1970 int count = key_spi_trycnt; /* XXX */ 1971 struct secpolicy *sp; 1972 1973 /* when requesting to allocate spi ranged */ 1974 while (count--) { 1975 newid = (policy_id = (policy_id == ~0 ? 1 : policy_id + 1)); 1976 1977 if ((sp = key_getspbyid(newid)) == NULL) 1978 break; 1979 1980 KEY_FREESP(&sp); 1981 } 1982 1983 if (count == 0 || newid == 0) { 1984 ipseclog((LOG_DEBUG, "%s: to allocate policy id is failed.\n", 1985 __func__)); 1986 return 0; 1987 } 1988 1989 return newid; 1990 } 1991 1992 /* 1993 * SADB_SPDDELETE processing 1994 * receive 1995 * <base, address(SD), policy(*)> 1996 * from the user(?), and set SADB_SASTATE_DEAD, 1997 * and send, 1998 * <base, address(SD), policy(*)> 1999 * to the ikmpd. 2000 * policy(*) including direction of policy. 2001 * 2002 * m will always be freed. 2003 */ 2004 static int 2005 key_spddelete(so, m, mhp) 2006 struct socket *so; 2007 struct mbuf *m; 2008 const struct sadb_msghdr *mhp; 2009 { 2010 struct sadb_address *src0, *dst0; 2011 struct sadb_x_policy *xpl0; 2012 struct secpolicyindex spidx; 2013 struct secpolicy *sp; 2014 2015 IPSEC_ASSERT(so != NULL, ("null so")); 2016 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2017 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2018 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2019 2020 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 2021 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 2022 mhp->ext[SADB_X_EXT_POLICY] == NULL) { 2023 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2024 __func__)); 2025 return key_senderror(so, m, EINVAL); 2026 } 2027 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 2028 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || 2029 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2030 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2031 __func__)); 2032 return key_senderror(so, m, EINVAL); 2033 } 2034 2035 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 2036 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2037 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2038 2039 /* make secindex */ 2040 /* XXX boundary check against sa_len */ 2041 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2042 src0 + 1, 2043 dst0 + 1, 2044 src0->sadb_address_prefixlen, 2045 dst0->sadb_address_prefixlen, 2046 src0->sadb_address_proto, 2047 &spidx); 2048 2049 /* checking the direciton. */ 2050 switch (xpl0->sadb_x_policy_dir) { 2051 case IPSEC_DIR_INBOUND: 2052 case IPSEC_DIR_OUTBOUND: 2053 break; 2054 default: 2055 ipseclog((LOG_DEBUG, "%s: Invalid SP direction.\n", __func__)); 2056 return key_senderror(so, m, EINVAL); 2057 } 2058 2059 /* Is there SP in SPD ? */ 2060 if ((sp = key_getsp(&spidx)) == NULL) { 2061 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__)); 2062 return key_senderror(so, m, EINVAL); 2063 } 2064 2065 /* save policy id to buffer to be returned. */ 2066 xpl0->sadb_x_policy_id = sp->id; 2067 2068 sp->state = IPSEC_SPSTATE_DEAD; 2069 KEY_FREESP(&sp); 2070 2071 { 2072 struct mbuf *n; 2073 struct sadb_msg *newmsg; 2074 2075 /* create new sadb_msg to reply. */ 2076 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 2077 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2078 if (!n) 2079 return key_senderror(so, m, ENOBUFS); 2080 2081 newmsg = mtod(n, struct sadb_msg *); 2082 newmsg->sadb_msg_errno = 0; 2083 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2084 2085 m_freem(m); 2086 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2087 } 2088 } 2089 2090 /* 2091 * SADB_SPDDELETE2 processing 2092 * receive 2093 * <base, policy(*)> 2094 * from the user(?), and set SADB_SASTATE_DEAD, 2095 * and send, 2096 * <base, policy(*)> 2097 * to the ikmpd. 2098 * policy(*) including direction of policy. 2099 * 2100 * m will always be freed. 2101 */ 2102 static int 2103 key_spddelete2(so, m, mhp) 2104 struct socket *so; 2105 struct mbuf *m; 2106 const struct sadb_msghdr *mhp; 2107 { 2108 u_int32_t id; 2109 struct secpolicy *sp; 2110 2111 IPSEC_ASSERT(so != NULL, ("null socket")); 2112 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2113 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2114 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2115 2116 if (mhp->ext[SADB_X_EXT_POLICY] == NULL || 2117 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2118 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", __func__)); 2119 return key_senderror(so, m, EINVAL); 2120 } 2121 2122 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2123 2124 /* Is there SP in SPD ? */ 2125 if ((sp = key_getspbyid(id)) == NULL) { 2126 ipseclog((LOG_DEBUG, "%s: no SP found id:%u.\n", __func__, id)); 2127 return key_senderror(so, m, EINVAL); 2128 } 2129 2130 sp->state = IPSEC_SPSTATE_DEAD; 2131 KEY_FREESP(&sp); 2132 2133 { 2134 struct mbuf *n, *nn; 2135 struct sadb_msg *newmsg; 2136 int off, len; 2137 2138 /* create new sadb_msg to reply. */ 2139 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2140 2141 if (len > MCLBYTES) 2142 return key_senderror(so, m, ENOBUFS); 2143 MGETHDR(n, M_DONTWAIT, MT_DATA); 2144 if (n && len > MHLEN) { 2145 MCLGET(n, M_DONTWAIT); 2146 if ((n->m_flags & M_EXT) == 0) { 2147 m_freem(n); 2148 n = NULL; 2149 } 2150 } 2151 if (!n) 2152 return key_senderror(so, m, ENOBUFS); 2153 2154 n->m_len = len; 2155 n->m_next = NULL; 2156 off = 0; 2157 2158 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 2159 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2160 2161 IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)", 2162 off, len)); 2163 2164 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], 2165 mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT); 2166 if (!n->m_next) { 2167 m_freem(n); 2168 return key_senderror(so, m, ENOBUFS); 2169 } 2170 2171 n->m_pkthdr.len = 0; 2172 for (nn = n; nn; nn = nn->m_next) 2173 n->m_pkthdr.len += nn->m_len; 2174 2175 newmsg = mtod(n, struct sadb_msg *); 2176 newmsg->sadb_msg_errno = 0; 2177 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2178 2179 m_freem(m); 2180 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2181 } 2182 } 2183 2184 /* 2185 * SADB_X_GET processing 2186 * receive 2187 * <base, policy(*)> 2188 * from the user(?), 2189 * and send, 2190 * <base, address(SD), policy> 2191 * to the ikmpd. 2192 * policy(*) including direction of policy. 2193 * 2194 * m will always be freed. 2195 */ 2196 static int 2197 key_spdget(so, m, mhp) 2198 struct socket *so; 2199 struct mbuf *m; 2200 const struct sadb_msghdr *mhp; 2201 { 2202 u_int32_t id; 2203 struct secpolicy *sp; 2204 struct mbuf *n; 2205 2206 IPSEC_ASSERT(so != NULL, ("null socket")); 2207 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2208 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2209 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2210 2211 if (mhp->ext[SADB_X_EXT_POLICY] == NULL || 2212 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2213 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2214 __func__)); 2215 return key_senderror(so, m, EINVAL); 2216 } 2217 2218 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2219 2220 /* Is there SP in SPD ? */ 2221 if ((sp = key_getspbyid(id)) == NULL) { 2222 ipseclog((LOG_DEBUG, "%s: no SP found id:%u.\n", __func__, id)); 2223 return key_senderror(so, m, ENOENT); 2224 } 2225 2226 n = key_setdumpsp(sp, SADB_X_SPDGET, 0, mhp->msg->sadb_msg_pid); 2227 if (n != NULL) { 2228 m_freem(m); 2229 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2230 } else 2231 return key_senderror(so, m, ENOBUFS); 2232 } 2233 2234 /* 2235 * SADB_X_SPDACQUIRE processing. 2236 * Acquire policy and SA(s) for a *OUTBOUND* packet. 2237 * send 2238 * <base, policy(*)> 2239 * to KMD, and expect to receive 2240 * <base> with SADB_X_SPDACQUIRE if error occured, 2241 * or 2242 * <base, policy> 2243 * with SADB_X_SPDUPDATE from KMD by PF_KEY. 2244 * policy(*) is without policy requests. 2245 * 2246 * 0 : succeed 2247 * others: error number 2248 */ 2249 int 2250 key_spdacquire(sp) 2251 struct secpolicy *sp; 2252 { 2253 struct mbuf *result = NULL, *m; 2254 struct secspacq *newspacq; 2255 2256 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2257 IPSEC_ASSERT(sp->req == NULL, ("policy exists")); 2258 IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, 2259 ("policy not IPSEC %u", sp->policy)); 2260 2261 /* Get an entry to check whether sent message or not. */ 2262 newspacq = key_getspacq(&sp->spidx); 2263 if (newspacq != NULL) { 2264 if (key_blockacq_count < newspacq->count) { 2265 /* reset counter and do send message. */ 2266 newspacq->count = 0; 2267 } else { 2268 /* increment counter and do nothing. */ 2269 newspacq->count++; 2270 return 0; 2271 } 2272 SPACQ_UNLOCK(); 2273 } else { 2274 /* make new entry for blocking to send SADB_ACQUIRE. */ 2275 newspacq = key_newspacq(&sp->spidx); 2276 if (newspacq == NULL) 2277 return ENOBUFS; 2278 } 2279 2280 /* create new sadb_msg to reply. */ 2281 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); 2282 if (!m) 2283 return ENOBUFS; 2284 2285 result = m; 2286 2287 result->m_pkthdr.len = 0; 2288 for (m = result; m; m = m->m_next) 2289 result->m_pkthdr.len += m->m_len; 2290 2291 mtod(result, struct sadb_msg *)->sadb_msg_len = 2292 PFKEY_UNIT64(result->m_pkthdr.len); 2293 2294 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED); 2295 } 2296 2297 /* 2298 * SADB_SPDFLUSH processing 2299 * receive 2300 * <base> 2301 * from the user, and free all entries in secpctree. 2302 * and send, 2303 * <base> 2304 * to the user. 2305 * NOTE: what to do is only marking SADB_SASTATE_DEAD. 2306 * 2307 * m will always be freed. 2308 */ 2309 static int 2310 key_spdflush(so, m, mhp) 2311 struct socket *so; 2312 struct mbuf *m; 2313 const struct sadb_msghdr *mhp; 2314 { 2315 struct sadb_msg *newmsg; 2316 struct secpolicy *sp; 2317 u_int dir; 2318 2319 IPSEC_ASSERT(so != NULL, ("null socket")); 2320 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2321 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2322 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2323 2324 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) 2325 return key_senderror(so, m, EINVAL); 2326 2327 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2328 SPTREE_LOCK(); 2329 LIST_FOREACH(sp, &sptree[dir], chain) 2330 sp->state = IPSEC_SPSTATE_DEAD; 2331 SPTREE_UNLOCK(); 2332 } 2333 2334 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 2335 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 2336 return key_senderror(so, m, ENOBUFS); 2337 } 2338 2339 if (m->m_next) 2340 m_freem(m->m_next); 2341 m->m_next = NULL; 2342 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2343 newmsg = mtod(m, struct sadb_msg *); 2344 newmsg->sadb_msg_errno = 0; 2345 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 2346 2347 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 2348 } 2349 2350 /* 2351 * SADB_SPDDUMP processing 2352 * receive 2353 * <base> 2354 * from the user, and dump all SP leaves 2355 * and send, 2356 * <base> ..... 2357 * to the ikmpd. 2358 * 2359 * m will always be freed. 2360 */ 2361 static int 2362 key_spddump(so, m, mhp) 2363 struct socket *so; 2364 struct mbuf *m; 2365 const struct sadb_msghdr *mhp; 2366 { 2367 struct secpolicy *sp; 2368 int cnt; 2369 u_int dir; 2370 struct mbuf *n; 2371 2372 IPSEC_ASSERT(so != NULL, ("null socket")); 2373 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2374 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2375 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2376 2377 /* search SPD entry and get buffer size. */ 2378 cnt = 0; 2379 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2380 LIST_FOREACH(sp, &sptree[dir], chain) { 2381 cnt++; 2382 } 2383 } 2384 2385 if (cnt == 0) 2386 return key_senderror(so, m, ENOENT); 2387 2388 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2389 LIST_FOREACH(sp, &sptree[dir], chain) { 2390 --cnt; 2391 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2392 mhp->msg->sadb_msg_pid); 2393 2394 if (n) 2395 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2396 } 2397 } 2398 2399 m_freem(m); 2400 return 0; 2401 } 2402 2403 static struct mbuf * 2404 key_setdumpsp(sp, type, seq, pid) 2405 struct secpolicy *sp; 2406 u_int8_t type; 2407 u_int32_t seq, pid; 2408 { 2409 struct mbuf *result = NULL, *m; 2410 2411 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt); 2412 if (!m) 2413 goto fail; 2414 result = m; 2415 2416 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2417 &sp->spidx.src.sa, sp->spidx.prefs, 2418 sp->spidx.ul_proto); 2419 if (!m) 2420 goto fail; 2421 m_cat(result, m); 2422 2423 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2424 &sp->spidx.dst.sa, sp->spidx.prefd, 2425 sp->spidx.ul_proto); 2426 if (!m) 2427 goto fail; 2428 m_cat(result, m); 2429 2430 m = key_sp2msg(sp); 2431 if (!m) 2432 goto fail; 2433 m_cat(result, m); 2434 2435 if ((result->m_flags & M_PKTHDR) == 0) 2436 goto fail; 2437 2438 if (result->m_len < sizeof(struct sadb_msg)) { 2439 result = m_pullup(result, sizeof(struct sadb_msg)); 2440 if (result == NULL) 2441 goto fail; 2442 } 2443 2444 result->m_pkthdr.len = 0; 2445 for (m = result; m; m = m->m_next) 2446 result->m_pkthdr.len += m->m_len; 2447 2448 mtod(result, struct sadb_msg *)->sadb_msg_len = 2449 PFKEY_UNIT64(result->m_pkthdr.len); 2450 2451 return result; 2452 2453 fail: 2454 m_freem(result); 2455 return NULL; 2456 } 2457 2458 /* 2459 * get PFKEY message length for security policy and request. 2460 */ 2461 static u_int 2462 key_getspreqmsglen(sp) 2463 struct secpolicy *sp; 2464 { 2465 u_int tlen; 2466 2467 tlen = sizeof(struct sadb_x_policy); 2468 2469 /* if is the policy for ipsec ? */ 2470 if (sp->policy != IPSEC_POLICY_IPSEC) 2471 return tlen; 2472 2473 /* get length of ipsec requests */ 2474 { 2475 struct ipsecrequest *isr; 2476 int len; 2477 2478 for (isr = sp->req; isr != NULL; isr = isr->next) { 2479 len = sizeof(struct sadb_x_ipsecrequest) 2480 + isr->saidx.src.sa.sa_len 2481 + isr->saidx.dst.sa.sa_len; 2482 2483 tlen += PFKEY_ALIGN8(len); 2484 } 2485 } 2486 2487 return tlen; 2488 } 2489 2490 /* 2491 * SADB_SPDEXPIRE processing 2492 * send 2493 * <base, address(SD), lifetime(CH), policy> 2494 * to KMD by PF_KEY. 2495 * 2496 * OUT: 0 : succeed 2497 * others : error number 2498 */ 2499 static int 2500 key_spdexpire(sp) 2501 struct secpolicy *sp; 2502 { 2503 struct mbuf *result = NULL, *m; 2504 int len; 2505 int error = -1; 2506 struct sadb_lifetime *lt; 2507 2508 /* XXX: Why do we lock ? */ 2509 2510 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2511 2512 /* set msg header */ 2513 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); 2514 if (!m) { 2515 error = ENOBUFS; 2516 goto fail; 2517 } 2518 result = m; 2519 2520 /* create lifetime extension (current and hard) */ 2521 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 2522 m = key_alloc_mbuf(len); 2523 if (!m || m->m_next) { /*XXX*/ 2524 if (m) 2525 m_freem(m); 2526 error = ENOBUFS; 2527 goto fail; 2528 } 2529 bzero(mtod(m, caddr_t), len); 2530 lt = mtod(m, struct sadb_lifetime *); 2531 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2532 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2533 lt->sadb_lifetime_allocations = 0; 2534 lt->sadb_lifetime_bytes = 0; 2535 lt->sadb_lifetime_addtime = sp->created; 2536 lt->sadb_lifetime_usetime = sp->lastused; 2537 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 2538 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2539 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2540 lt->sadb_lifetime_allocations = 0; 2541 lt->sadb_lifetime_bytes = 0; 2542 lt->sadb_lifetime_addtime = sp->lifetime; 2543 lt->sadb_lifetime_usetime = sp->validtime; 2544 m_cat(result, m); 2545 2546 /* set sadb_address for source */ 2547 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2548 &sp->spidx.src.sa, 2549 sp->spidx.prefs, sp->spidx.ul_proto); 2550 if (!m) { 2551 error = ENOBUFS; 2552 goto fail; 2553 } 2554 m_cat(result, m); 2555 2556 /* set sadb_address for destination */ 2557 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2558 &sp->spidx.dst.sa, 2559 sp->spidx.prefd, sp->spidx.ul_proto); 2560 if (!m) { 2561 error = ENOBUFS; 2562 goto fail; 2563 } 2564 m_cat(result, m); 2565 2566 /* set secpolicy */ 2567 m = key_sp2msg(sp); 2568 if (!m) { 2569 error = ENOBUFS; 2570 goto fail; 2571 } 2572 m_cat(result, m); 2573 2574 if ((result->m_flags & M_PKTHDR) == 0) { 2575 error = EINVAL; 2576 goto fail; 2577 } 2578 2579 if (result->m_len < sizeof(struct sadb_msg)) { 2580 result = m_pullup(result, sizeof(struct sadb_msg)); 2581 if (result == NULL) { 2582 error = ENOBUFS; 2583 goto fail; 2584 } 2585 } 2586 2587 result->m_pkthdr.len = 0; 2588 for (m = result; m; m = m->m_next) 2589 result->m_pkthdr.len += m->m_len; 2590 2591 mtod(result, struct sadb_msg *)->sadb_msg_len = 2592 PFKEY_UNIT64(result->m_pkthdr.len); 2593 2594 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2595 2596 fail: 2597 if (result) 2598 m_freem(result); 2599 return error; 2600 } 2601 2602 /* %%% SAD management */ 2603 /* 2604 * allocating a memory for new SA head, and copy from the values of mhp. 2605 * OUT: NULL : failure due to the lack of memory. 2606 * others : pointer to new SA head. 2607 */ 2608 static struct secashead * 2609 key_newsah(saidx) 2610 struct secasindex *saidx; 2611 { 2612 struct secashead *newsah; 2613 2614 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 2615 2616 newsah = malloc(sizeof(struct secashead), M_IPSEC_SAH, M_NOWAIT|M_ZERO); 2617 if (newsah != NULL) { 2618 int i; 2619 for (i = 0; i < sizeof(newsah->savtree)/sizeof(newsah->savtree[0]); i++) 2620 LIST_INIT(&newsah->savtree[i]); 2621 newsah->saidx = *saidx; 2622 2623 /* add to saidxtree */ 2624 newsah->state = SADB_SASTATE_MATURE; 2625 2626 SAHTREE_LOCK(); 2627 LIST_INSERT_HEAD(&sahtree, newsah, chain); 2628 SAHTREE_UNLOCK(); 2629 } 2630 return(newsah); 2631 } 2632 2633 /* 2634 * delete SA index and all SA registerd. 2635 */ 2636 static void 2637 key_delsah(sah) 2638 struct secashead *sah; 2639 { 2640 struct secasvar *sav, *nextsav; 2641 u_int stateidx; 2642 int zombie = 0; 2643 2644 IPSEC_ASSERT(sah != NULL, ("NULL sah")); 2645 SAHTREE_LOCK_ASSERT(); 2646 2647 /* searching all SA registerd in the secindex. */ 2648 for (stateidx = 0; 2649 stateidx < _ARRAYLEN(saorder_state_any); 2650 stateidx++) { 2651 u_int state = saorder_state_any[stateidx]; 2652 LIST_FOREACH_SAFE(sav, &sah->savtree[state], chain, nextsav) { 2653 if (sav->refcnt == 0) { 2654 /* sanity check */ 2655 KEY_CHKSASTATE(state, sav->state, __func__); 2656 KEY_FREESAV(&sav); 2657 } else { 2658 /* give up to delete this sa */ 2659 zombie++; 2660 } 2661 } 2662 } 2663 if (!zombie) { /* delete only if there are savs */ 2664 /* remove from tree of SA index */ 2665 if (__LIST_CHAINED(sah)) 2666 LIST_REMOVE(sah, chain); 2667 if (sah->sa_route.ro_rt) { 2668 RTFREE(sah->sa_route.ro_rt); 2669 sah->sa_route.ro_rt = (struct rtentry *)NULL; 2670 } 2671 free(sah, M_IPSEC_SAH); 2672 } 2673 } 2674 2675 /* 2676 * allocating a new SA with LARVAL state. key_add() and key_getspi() call, 2677 * and copy the values of mhp into new buffer. 2678 * When SAD message type is GETSPI: 2679 * to set sequence number from acq_seq++, 2680 * to set zero to SPI. 2681 * not to call key_setsava(). 2682 * OUT: NULL : fail 2683 * others : pointer to new secasvar. 2684 * 2685 * does not modify mbuf. does not free mbuf on error. 2686 */ 2687 static struct secasvar * 2688 key_newsav(m, mhp, sah, errp, where, tag) 2689 struct mbuf *m; 2690 const struct sadb_msghdr *mhp; 2691 struct secashead *sah; 2692 int *errp; 2693 const char* where; 2694 int tag; 2695 { 2696 struct secasvar *newsav; 2697 const struct sadb_sa *xsa; 2698 2699 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2700 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2701 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2702 IPSEC_ASSERT(sah != NULL, ("null secashead")); 2703 2704 newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT|M_ZERO); 2705 if (newsav == NULL) { 2706 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 2707 *errp = ENOBUFS; 2708 goto done; 2709 } 2710 2711 switch (mhp->msg->sadb_msg_type) { 2712 case SADB_GETSPI: 2713 newsav->spi = 0; 2714 2715 #ifdef IPSEC_DOSEQCHECK 2716 /* sync sequence number */ 2717 if (mhp->msg->sadb_msg_seq == 0) 2718 newsav->seq = 2719 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq)); 2720 else 2721 #endif 2722 newsav->seq = mhp->msg->sadb_msg_seq; 2723 break; 2724 2725 case SADB_ADD: 2726 /* sanity check */ 2727 if (mhp->ext[SADB_EXT_SA] == NULL) { 2728 free(newsav, M_IPSEC_SA); 2729 newsav = NULL; 2730 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2731 __func__)); 2732 *errp = EINVAL; 2733 goto done; 2734 } 2735 xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 2736 newsav->spi = xsa->sadb_sa_spi; 2737 newsav->seq = mhp->msg->sadb_msg_seq; 2738 break; 2739 default: 2740 free(newsav, M_IPSEC_SA); 2741 newsav = NULL; 2742 *errp = EINVAL; 2743 goto done; 2744 } 2745 2746 2747 /* copy sav values */ 2748 if (mhp->msg->sadb_msg_type != SADB_GETSPI) { 2749 *errp = key_setsaval(newsav, m, mhp); 2750 if (*errp) { 2751 free(newsav, M_IPSEC_SA); 2752 newsav = NULL; 2753 goto done; 2754 } 2755 } 2756 2757 SECASVAR_LOCK_INIT(newsav); 2758 2759 /* reset created */ 2760 newsav->created = time_second; 2761 newsav->pid = mhp->msg->sadb_msg_pid; 2762 2763 /* add to satree */ 2764 newsav->sah = sah; 2765 sa_initref(newsav); 2766 newsav->state = SADB_SASTATE_LARVAL; 2767 2768 /* XXX locking??? */ 2769 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav, 2770 secasvar, chain); 2771 done: 2772 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 2773 printf("DP %s from %s:%u return SP:%p\n", __func__, 2774 where, tag, newsav)); 2775 2776 return newsav; 2777 } 2778 2779 /* 2780 * free() SA variable entry. 2781 */ 2782 static void 2783 key_cleansav(struct secasvar *sav) 2784 { 2785 /* 2786 * Cleanup xform state. Note that zeroize'ing causes the 2787 * keys to be cleared; otherwise we must do it ourself. 2788 */ 2789 if (sav->tdb_xform != NULL) { 2790 sav->tdb_xform->xf_zeroize(sav); 2791 sav->tdb_xform = NULL; 2792 } else { 2793 KASSERT(sav->iv == NULL, ("iv but no xform")); 2794 if (sav->key_auth != NULL) 2795 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth)); 2796 if (sav->key_enc != NULL) 2797 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc)); 2798 } 2799 if (sav->key_auth != NULL) { 2800 free(sav->key_auth, M_IPSEC_MISC); 2801 sav->key_auth = NULL; 2802 } 2803 if (sav->key_enc != NULL) { 2804 free(sav->key_enc, M_IPSEC_MISC); 2805 sav->key_enc = NULL; 2806 } 2807 if (sav->sched) { 2808 bzero(sav->sched, sav->schedlen); 2809 free(sav->sched, M_IPSEC_MISC); 2810 sav->sched = NULL; 2811 } 2812 if (sav->replay != NULL) { 2813 free(sav->replay, M_IPSEC_MISC); 2814 sav->replay = NULL; 2815 } 2816 if (sav->lft_c != NULL) { 2817 free(sav->lft_c, M_IPSEC_MISC); 2818 sav->lft_c = NULL; 2819 } 2820 if (sav->lft_h != NULL) { 2821 free(sav->lft_h, M_IPSEC_MISC); 2822 sav->lft_h = NULL; 2823 } 2824 if (sav->lft_s != NULL) { 2825 free(sav->lft_s, M_IPSEC_MISC); 2826 sav->lft_s = NULL; 2827 } 2828 } 2829 2830 /* 2831 * free() SA variable entry. 2832 */ 2833 static void 2834 key_delsav(sav) 2835 struct secasvar *sav; 2836 { 2837 IPSEC_ASSERT(sav != NULL, ("null sav")); 2838 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", sav->refcnt)); 2839 2840 /* remove from SA header */ 2841 if (__LIST_CHAINED(sav)) 2842 LIST_REMOVE(sav, chain); 2843 key_cleansav(sav); 2844 SECASVAR_LOCK_DESTROY(sav); 2845 free(sav, M_IPSEC_SA); 2846 } 2847 2848 /* 2849 * search SAD. 2850 * OUT: 2851 * NULL : not found 2852 * others : found, pointer to a SA. 2853 */ 2854 static struct secashead * 2855 key_getsah(saidx) 2856 struct secasindex *saidx; 2857 { 2858 struct secashead *sah; 2859 2860 SAHTREE_LOCK(); 2861 LIST_FOREACH(sah, &sahtree, chain) { 2862 if (sah->state == SADB_SASTATE_DEAD) 2863 continue; 2864 if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID)) 2865 break; 2866 } 2867 SAHTREE_UNLOCK(); 2868 2869 return sah; 2870 } 2871 2872 /* 2873 * check not to be duplicated SPI. 2874 * NOTE: this function is too slow due to searching all SAD. 2875 * OUT: 2876 * NULL : not found 2877 * others : found, pointer to a SA. 2878 */ 2879 static struct secasvar * 2880 key_checkspidup(saidx, spi) 2881 struct secasindex *saidx; 2882 u_int32_t spi; 2883 { 2884 struct secashead *sah; 2885 struct secasvar *sav; 2886 2887 /* check address family */ 2888 if (saidx->src.sa.sa_family != saidx->dst.sa.sa_family) { 2889 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", 2890 __func__)); 2891 return NULL; 2892 } 2893 2894 sav = NULL; 2895 /* check all SAD */ 2896 SAHTREE_LOCK(); 2897 LIST_FOREACH(sah, &sahtree, chain) { 2898 if (!key_ismyaddr((struct sockaddr *)&sah->saidx.dst)) 2899 continue; 2900 sav = key_getsavbyspi(sah, spi); 2901 if (sav != NULL) 2902 break; 2903 } 2904 SAHTREE_UNLOCK(); 2905 2906 return sav; 2907 } 2908 2909 /* 2910 * search SAD litmited alive SA, protocol, SPI. 2911 * OUT: 2912 * NULL : not found 2913 * others : found, pointer to a SA. 2914 */ 2915 static struct secasvar * 2916 key_getsavbyspi(sah, spi) 2917 struct secashead *sah; 2918 u_int32_t spi; 2919 { 2920 struct secasvar *sav; 2921 u_int stateidx, state; 2922 2923 sav = NULL; 2924 SAHTREE_LOCK_ASSERT(); 2925 /* search all status */ 2926 for (stateidx = 0; 2927 stateidx < _ARRAYLEN(saorder_state_alive); 2928 stateidx++) { 2929 2930 state = saorder_state_alive[stateidx]; 2931 LIST_FOREACH(sav, &sah->savtree[state], chain) { 2932 2933 /* sanity check */ 2934 if (sav->state != state) { 2935 ipseclog((LOG_DEBUG, "%s: " 2936 "invalid sav->state (queue: %d SA: %d)\n", 2937 __func__, state, sav->state)); 2938 continue; 2939 } 2940 2941 if (sav->spi == spi) 2942 return sav; 2943 } 2944 } 2945 2946 return NULL; 2947 } 2948 2949 /* 2950 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*. 2951 * You must update these if need. 2952 * OUT: 0: success. 2953 * !0: failure. 2954 * 2955 * does not modify mbuf. does not free mbuf on error. 2956 */ 2957 static int 2958 key_setsaval(sav, m, mhp) 2959 struct secasvar *sav; 2960 struct mbuf *m; 2961 const struct sadb_msghdr *mhp; 2962 { 2963 int error = 0; 2964 2965 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2966 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2967 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2968 2969 /* initialization */ 2970 sav->replay = NULL; 2971 sav->key_auth = NULL; 2972 sav->key_enc = NULL; 2973 sav->sched = NULL; 2974 sav->schedlen = 0; 2975 sav->iv = NULL; 2976 sav->lft_c = NULL; 2977 sav->lft_h = NULL; 2978 sav->lft_s = NULL; 2979 sav->tdb_xform = NULL; /* transform */ 2980 sav->tdb_encalgxform = NULL; /* encoding algorithm */ 2981 sav->tdb_authalgxform = NULL; /* authentication algorithm */ 2982 sav->tdb_compalgxform = NULL; /* compression algorithm */ 2983 2984 /* SA */ 2985 if (mhp->ext[SADB_EXT_SA] != NULL) { 2986 const struct sadb_sa *sa0; 2987 2988 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 2989 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) { 2990 error = EINVAL; 2991 goto fail; 2992 } 2993 2994 sav->alg_auth = sa0->sadb_sa_auth; 2995 sav->alg_enc = sa0->sadb_sa_encrypt; 2996 sav->flags = sa0->sadb_sa_flags; 2997 2998 /* replay window */ 2999 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) { 3000 sav->replay = (struct secreplay *) 3001 malloc(sizeof(struct secreplay)+sa0->sadb_sa_replay, M_IPSEC_MISC, M_NOWAIT|M_ZERO); 3002 if (sav->replay == NULL) { 3003 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3004 __func__)); 3005 error = ENOBUFS; 3006 goto fail; 3007 } 3008 if (sa0->sadb_sa_replay != 0) 3009 sav->replay->bitmap = (caddr_t)(sav->replay+1); 3010 sav->replay->wsize = sa0->sadb_sa_replay; 3011 } 3012 } 3013 3014 /* Authentication keys */ 3015 if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) { 3016 const struct sadb_key *key0; 3017 int len; 3018 3019 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH]; 3020 len = mhp->extlen[SADB_EXT_KEY_AUTH]; 3021 3022 error = 0; 3023 if (len < sizeof(*key0)) { 3024 error = EINVAL; 3025 goto fail; 3026 } 3027 switch (mhp->msg->sadb_msg_satype) { 3028 case SADB_SATYPE_AH: 3029 case SADB_SATYPE_ESP: 3030 case SADB_X_SATYPE_TCPSIGNATURE: 3031 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3032 sav->alg_auth != SADB_X_AALG_NULL) 3033 error = EINVAL; 3034 break; 3035 case SADB_X_SATYPE_IPCOMP: 3036 default: 3037 error = EINVAL; 3038 break; 3039 } 3040 if (error) { 3041 ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n", 3042 __func__)); 3043 goto fail; 3044 } 3045 3046 sav->key_auth = key_dup(key0, len, M_IPSEC_MISC); 3047 if (sav->key_auth == NULL) { 3048 ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); 3049 error = ENOBUFS; 3050 goto fail; 3051 } 3052 } 3053 3054 /* Encryption key */ 3055 if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) { 3056 const struct sadb_key *key0; 3057 int len; 3058 3059 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT]; 3060 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; 3061 3062 error = 0; 3063 if (len < sizeof(*key0)) { 3064 error = EINVAL; 3065 goto fail; 3066 } 3067 switch (mhp->msg->sadb_msg_satype) { 3068 case SADB_SATYPE_ESP: 3069 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3070 sav->alg_enc != SADB_EALG_NULL) { 3071 error = EINVAL; 3072 break; 3073 } 3074 sav->key_enc = key_dup(key0, len, M_IPSEC_MISC); 3075 if (sav->key_enc == NULL) { 3076 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3077 __func__)); 3078 error = ENOBUFS; 3079 goto fail; 3080 } 3081 break; 3082 case SADB_X_SATYPE_IPCOMP: 3083 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) 3084 error = EINVAL; 3085 sav->key_enc = NULL; /*just in case*/ 3086 break; 3087 case SADB_SATYPE_AH: 3088 case SADB_X_SATYPE_TCPSIGNATURE: 3089 default: 3090 error = EINVAL; 3091 break; 3092 } 3093 if (error) { 3094 ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n", 3095 __func__)); 3096 goto fail; 3097 } 3098 } 3099 3100 /* set iv */ 3101 sav->ivlen = 0; 3102 3103 switch (mhp->msg->sadb_msg_satype) { 3104 case SADB_SATYPE_AH: 3105 error = xform_init(sav, XF_AH); 3106 break; 3107 case SADB_SATYPE_ESP: 3108 error = xform_init(sav, XF_ESP); 3109 break; 3110 case SADB_X_SATYPE_IPCOMP: 3111 error = xform_init(sav, XF_IPCOMP); 3112 break; 3113 case SADB_X_SATYPE_TCPSIGNATURE: 3114 error = xform_init(sav, XF_TCPSIGNATURE); 3115 break; 3116 } 3117 if (error) { 3118 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n", 3119 __func__, mhp->msg->sadb_msg_satype)); 3120 goto fail; 3121 } 3122 3123 /* reset created */ 3124 sav->created = time_second; 3125 3126 /* make lifetime for CURRENT */ 3127 sav->lft_c = malloc(sizeof(struct sadb_lifetime), M_IPSEC_MISC, M_NOWAIT); 3128 if (sav->lft_c == NULL) { 3129 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3130 error = ENOBUFS; 3131 goto fail; 3132 } 3133 3134 sav->lft_c->sadb_lifetime_len = 3135 PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 3136 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 3137 sav->lft_c->sadb_lifetime_allocations = 0; 3138 sav->lft_c->sadb_lifetime_bytes = 0; 3139 sav->lft_c->sadb_lifetime_addtime = time_second; 3140 sav->lft_c->sadb_lifetime_usetime = 0; 3141 3142 /* lifetimes for HARD and SOFT */ 3143 { 3144 const struct sadb_lifetime *lft0; 3145 3146 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 3147 if (lft0 != NULL) { 3148 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) { 3149 error = EINVAL; 3150 goto fail; 3151 } 3152 sav->lft_h = key_dup(lft0, sizeof(*lft0), M_IPSEC_MISC); 3153 if (sav->lft_h == NULL) { 3154 ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); 3155 error = ENOBUFS; 3156 goto fail; 3157 } 3158 /* to be initialize ? */ 3159 } 3160 3161 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT]; 3162 if (lft0 != NULL) { 3163 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) { 3164 error = EINVAL; 3165 goto fail; 3166 } 3167 sav->lft_s = key_dup(lft0, sizeof(*lft0), M_IPSEC_MISC); 3168 if (sav->lft_s == NULL) { 3169 ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); 3170 error = ENOBUFS; 3171 goto fail; 3172 } 3173 /* to be initialize ? */ 3174 } 3175 } 3176 3177 return 0; 3178 3179 fail: 3180 /* initialization */ 3181 key_cleansav(sav); 3182 3183 return error; 3184 } 3185 3186 /* 3187 * validation with a secasvar entry, and set SADB_SATYPE_MATURE. 3188 * OUT: 0: valid 3189 * other: errno 3190 */ 3191 static int 3192 key_mature(struct secasvar *sav) 3193 { 3194 int error; 3195 3196 /* check SPI value */ 3197 switch (sav->sah->saidx.proto) { 3198 case IPPROTO_ESP: 3199 case IPPROTO_AH: 3200 /* 3201 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values 3202 * 1-255 reserved by IANA for future use, 3203 * 0 for implementation specific, local use. 3204 */ 3205 if (ntohl(sav->spi) <= 255) { 3206 ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n", 3207 __func__, (u_int32_t)ntohl(sav->spi))); 3208 return EINVAL; 3209 } 3210 break; 3211 } 3212 3213 /* check satype */ 3214 switch (sav->sah->saidx.proto) { 3215 case IPPROTO_ESP: 3216 /* check flags */ 3217 if ((sav->flags & (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) == 3218 (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) { 3219 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3220 "given to old-esp.\n", __func__)); 3221 return EINVAL; 3222 } 3223 error = xform_init(sav, XF_ESP); 3224 break; 3225 case IPPROTO_AH: 3226 /* check flags */ 3227 if (sav->flags & SADB_X_EXT_DERIV) { 3228 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3229 "given to AH SA.\n", __func__)); 3230 return EINVAL; 3231 } 3232 if (sav->alg_enc != SADB_EALG_NONE) { 3233 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3234 "mismated.\n", __func__)); 3235 return(EINVAL); 3236 } 3237 error = xform_init(sav, XF_AH); 3238 break; 3239 case IPPROTO_IPCOMP: 3240 if (sav->alg_auth != SADB_AALG_NONE) { 3241 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3242 "mismated.\n", __func__)); 3243 return(EINVAL); 3244 } 3245 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 3246 && ntohl(sav->spi) >= 0x10000) { 3247 ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n", 3248 __func__)); 3249 return(EINVAL); 3250 } 3251 error = xform_init(sav, XF_IPCOMP); 3252 break; 3253 case IPPROTO_TCP: 3254 if (sav->alg_enc != SADB_EALG_NONE) { 3255 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3256 "mismated.\n", __func__)); 3257 return(EINVAL); 3258 } 3259 error = xform_init(sav, XF_TCPSIGNATURE); 3260 break; 3261 default: 3262 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__)); 3263 error = EPROTONOSUPPORT; 3264 break; 3265 } 3266 if (error == 0) { 3267 SAHTREE_LOCK(); 3268 key_sa_chgstate(sav, SADB_SASTATE_MATURE); 3269 SAHTREE_UNLOCK(); 3270 } 3271 return (error); 3272 } 3273 3274 /* 3275 * subroutine for SADB_GET and SADB_DUMP. 3276 */ 3277 static struct mbuf * 3278 key_setdumpsa(sav, type, satype, seq, pid) 3279 struct secasvar *sav; 3280 u_int8_t type, satype; 3281 u_int32_t seq, pid; 3282 { 3283 struct mbuf *result = NULL, *tres = NULL, *m; 3284 int l = 0; 3285 int i; 3286 void *p; 3287 int dumporder[] = { 3288 SADB_EXT_SA, SADB_X_EXT_SA2, 3289 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 3290 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, 3291 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH, 3292 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC, 3293 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY, 3294 }; 3295 3296 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); 3297 if (m == NULL) 3298 goto fail; 3299 result = m; 3300 3301 for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) { 3302 m = NULL; 3303 p = NULL; 3304 switch (dumporder[i]) { 3305 case SADB_EXT_SA: 3306 m = key_setsadbsa(sav); 3307 if (!m) 3308 goto fail; 3309 break; 3310 3311 case SADB_X_EXT_SA2: 3312 m = key_setsadbxsa2(sav->sah->saidx.mode, 3313 sav->replay ? sav->replay->count : 0, 3314 sav->sah->saidx.reqid); 3315 if (!m) 3316 goto fail; 3317 break; 3318 3319 case SADB_EXT_ADDRESS_SRC: 3320 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3321 &sav->sah->saidx.src.sa, 3322 FULLMASK, IPSEC_ULPROTO_ANY); 3323 if (!m) 3324 goto fail; 3325 break; 3326 3327 case SADB_EXT_ADDRESS_DST: 3328 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3329 &sav->sah->saidx.dst.sa, 3330 FULLMASK, IPSEC_ULPROTO_ANY); 3331 if (!m) 3332 goto fail; 3333 break; 3334 3335 case SADB_EXT_KEY_AUTH: 3336 if (!sav->key_auth) 3337 continue; 3338 l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len); 3339 p = sav->key_auth; 3340 break; 3341 3342 case SADB_EXT_KEY_ENCRYPT: 3343 if (!sav->key_enc) 3344 continue; 3345 l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len); 3346 p = sav->key_enc; 3347 break; 3348 3349 case SADB_EXT_LIFETIME_CURRENT: 3350 if (!sav->lft_c) 3351 continue; 3352 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len); 3353 p = sav->lft_c; 3354 break; 3355 3356 case SADB_EXT_LIFETIME_HARD: 3357 if (!sav->lft_h) 3358 continue; 3359 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len); 3360 p = sav->lft_h; 3361 break; 3362 3363 case SADB_EXT_LIFETIME_SOFT: 3364 if (!sav->lft_s) 3365 continue; 3366 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len); 3367 p = sav->lft_s; 3368 break; 3369 3370 case SADB_EXT_ADDRESS_PROXY: 3371 case SADB_EXT_IDENTITY_SRC: 3372 case SADB_EXT_IDENTITY_DST: 3373 /* XXX: should we brought from SPD ? */ 3374 case SADB_EXT_SENSITIVITY: 3375 default: 3376 continue; 3377 } 3378 3379 if ((!m && !p) || (m && p)) 3380 goto fail; 3381 if (p && tres) { 3382 M_PREPEND(tres, l, M_DONTWAIT); 3383 if (!tres) 3384 goto fail; 3385 bcopy(p, mtod(tres, caddr_t), l); 3386 continue; 3387 } 3388 if (p) { 3389 m = key_alloc_mbuf(l); 3390 if (!m) 3391 goto fail; 3392 m_copyback(m, 0, l, p); 3393 } 3394 3395 if (tres) 3396 m_cat(m, tres); 3397 tres = m; 3398 } 3399 3400 m_cat(result, tres); 3401 3402 if (result->m_len < sizeof(struct sadb_msg)) { 3403 result = m_pullup(result, sizeof(struct sadb_msg)); 3404 if (result == NULL) 3405 goto fail; 3406 } 3407 3408 result->m_pkthdr.len = 0; 3409 for (m = result; m; m = m->m_next) 3410 result->m_pkthdr.len += m->m_len; 3411 3412 mtod(result, struct sadb_msg *)->sadb_msg_len = 3413 PFKEY_UNIT64(result->m_pkthdr.len); 3414 3415 return result; 3416 3417 fail: 3418 m_freem(result); 3419 m_freem(tres); 3420 return NULL; 3421 } 3422 3423 /* 3424 * set data into sadb_msg. 3425 */ 3426 static struct mbuf * 3427 key_setsadbmsg(type, tlen, satype, seq, pid, reserved) 3428 u_int8_t type, satype; 3429 u_int16_t tlen; 3430 u_int32_t seq; 3431 pid_t pid; 3432 u_int16_t reserved; 3433 { 3434 struct mbuf *m; 3435 struct sadb_msg *p; 3436 int len; 3437 3438 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 3439 if (len > MCLBYTES) 3440 return NULL; 3441 MGETHDR(m, M_DONTWAIT, MT_DATA); 3442 if (m && len > MHLEN) { 3443 MCLGET(m, M_DONTWAIT); 3444 if ((m->m_flags & M_EXT) == 0) { 3445 m_freem(m); 3446 m = NULL; 3447 } 3448 } 3449 if (!m) 3450 return NULL; 3451 m->m_pkthdr.len = m->m_len = len; 3452 m->m_next = NULL; 3453 3454 p = mtod(m, struct sadb_msg *); 3455 3456 bzero(p, len); 3457 p->sadb_msg_version = PF_KEY_V2; 3458 p->sadb_msg_type = type; 3459 p->sadb_msg_errno = 0; 3460 p->sadb_msg_satype = satype; 3461 p->sadb_msg_len = PFKEY_UNIT64(tlen); 3462 p->sadb_msg_reserved = reserved; 3463 p->sadb_msg_seq = seq; 3464 p->sadb_msg_pid = (u_int32_t)pid; 3465 3466 return m; 3467 } 3468 3469 /* 3470 * copy secasvar data into sadb_address. 3471 */ 3472 static struct mbuf * 3473 key_setsadbsa(sav) 3474 struct secasvar *sav; 3475 { 3476 struct mbuf *m; 3477 struct sadb_sa *p; 3478 int len; 3479 3480 len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); 3481 m = key_alloc_mbuf(len); 3482 if (!m || m->m_next) { /*XXX*/ 3483 if (m) 3484 m_freem(m); 3485 return NULL; 3486 } 3487 3488 p = mtod(m, struct sadb_sa *); 3489 3490 bzero(p, len); 3491 p->sadb_sa_len = PFKEY_UNIT64(len); 3492 p->sadb_sa_exttype = SADB_EXT_SA; 3493 p->sadb_sa_spi = sav->spi; 3494 p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0); 3495 p->sadb_sa_state = sav->state; 3496 p->sadb_sa_auth = sav->alg_auth; 3497 p->sadb_sa_encrypt = sav->alg_enc; 3498 p->sadb_sa_flags = sav->flags; 3499 3500 return m; 3501 } 3502 3503 /* 3504 * set data into sadb_address. 3505 */ 3506 static struct mbuf * 3507 key_setsadbaddr(exttype, saddr, prefixlen, ul_proto) 3508 u_int16_t exttype; 3509 const struct sockaddr *saddr; 3510 u_int8_t prefixlen; 3511 u_int16_t ul_proto; 3512 { 3513 struct mbuf *m; 3514 struct sadb_address *p; 3515 size_t len; 3516 3517 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + 3518 PFKEY_ALIGN8(saddr->sa_len); 3519 m = key_alloc_mbuf(len); 3520 if (!m || m->m_next) { /*XXX*/ 3521 if (m) 3522 m_freem(m); 3523 return NULL; 3524 } 3525 3526 p = mtod(m, struct sadb_address *); 3527 3528 bzero(p, len); 3529 p->sadb_address_len = PFKEY_UNIT64(len); 3530 p->sadb_address_exttype = exttype; 3531 p->sadb_address_proto = ul_proto; 3532 if (prefixlen == FULLMASK) { 3533 switch (saddr->sa_family) { 3534 case AF_INET: 3535 prefixlen = sizeof(struct in_addr) << 3; 3536 break; 3537 case AF_INET6: 3538 prefixlen = sizeof(struct in6_addr) << 3; 3539 break; 3540 default: 3541 ; /*XXX*/ 3542 } 3543 } 3544 p->sadb_address_prefixlen = prefixlen; 3545 p->sadb_address_reserved = 0; 3546 3547 bcopy(saddr, 3548 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)), 3549 saddr->sa_len); 3550 3551 return m; 3552 } 3553 3554 /* 3555 * set data into sadb_x_sa2. 3556 */ 3557 static struct mbuf * 3558 key_setsadbxsa2(mode, seq, reqid) 3559 u_int8_t mode; 3560 u_int32_t seq, reqid; 3561 { 3562 struct mbuf *m; 3563 struct sadb_x_sa2 *p; 3564 size_t len; 3565 3566 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); 3567 m = key_alloc_mbuf(len); 3568 if (!m || m->m_next) { /*XXX*/ 3569 if (m) 3570 m_freem(m); 3571 return NULL; 3572 } 3573 3574 p = mtod(m, struct sadb_x_sa2 *); 3575 3576 bzero(p, len); 3577 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 3578 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 3579 p->sadb_x_sa2_mode = mode; 3580 p->sadb_x_sa2_reserved1 = 0; 3581 p->sadb_x_sa2_reserved2 = 0; 3582 p->sadb_x_sa2_sequence = seq; 3583 p->sadb_x_sa2_reqid = reqid; 3584 3585 return m; 3586 } 3587 3588 /* 3589 * set data into sadb_x_policy 3590 */ 3591 static struct mbuf * 3592 key_setsadbxpolicy(type, dir, id) 3593 u_int16_t type; 3594 u_int8_t dir; 3595 u_int32_t id; 3596 { 3597 struct mbuf *m; 3598 struct sadb_x_policy *p; 3599 size_t len; 3600 3601 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); 3602 m = key_alloc_mbuf(len); 3603 if (!m || m->m_next) { /*XXX*/ 3604 if (m) 3605 m_freem(m); 3606 return NULL; 3607 } 3608 3609 p = mtod(m, struct sadb_x_policy *); 3610 3611 bzero(p, len); 3612 p->sadb_x_policy_len = PFKEY_UNIT64(len); 3613 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 3614 p->sadb_x_policy_type = type; 3615 p->sadb_x_policy_dir = dir; 3616 p->sadb_x_policy_id = id; 3617 3618 return m; 3619 } 3620 3621 /* %%% utilities */ 3622 /* 3623 * copy a buffer into the new buffer allocated. 3624 */ 3625 static void * 3626 key_dup(const void *src, u_int len, struct malloc_type *type) 3627 { 3628 void *copy; 3629 3630 copy = malloc(len, type, M_NOWAIT); 3631 if (copy == NULL) { 3632 /* XXX counter */ 3633 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3634 } else 3635 bcopy(src, copy, len); 3636 return copy; 3637 } 3638 3639 /* compare my own address 3640 * OUT: 1: true, i.e. my address. 3641 * 0: false 3642 */ 3643 int 3644 key_ismyaddr(sa) 3645 struct sockaddr *sa; 3646 { 3647 #ifdef INET 3648 struct sockaddr_in *sin; 3649 struct in_ifaddr *ia; 3650 #endif 3651 3652 IPSEC_ASSERT(sa != NULL, ("null sockaddr")); 3653 3654 switch (sa->sa_family) { 3655 #ifdef INET 3656 case AF_INET: 3657 sin = (struct sockaddr_in *)sa; 3658 for (ia = in_ifaddrhead.tqh_first; ia; 3659 ia = ia->ia_link.tqe_next) 3660 { 3661 if (sin->sin_family == ia->ia_addr.sin_family && 3662 sin->sin_len == ia->ia_addr.sin_len && 3663 sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr) 3664 { 3665 return 1; 3666 } 3667 } 3668 break; 3669 #endif 3670 #ifdef INET6 3671 case AF_INET6: 3672 return key_ismyaddr6((struct sockaddr_in6 *)sa); 3673 #endif 3674 } 3675 3676 return 0; 3677 } 3678 3679 #ifdef INET6 3680 /* 3681 * compare my own address for IPv6. 3682 * 1: ours 3683 * 0: other 3684 * NOTE: derived ip6_input() in KAME. This is necessary to modify more. 3685 */ 3686 #include <netinet6/in6_var.h> 3687 3688 static int 3689 key_ismyaddr6(sin6) 3690 struct sockaddr_in6 *sin6; 3691 { 3692 struct in6_ifaddr *ia; 3693 struct in6_multi *in6m; 3694 3695 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 3696 if (key_sockaddrcmp((struct sockaddr *)&sin6, 3697 (struct sockaddr *)&ia->ia_addr, 0) == 0) 3698 return 1; 3699 3700 /* 3701 * XXX Multicast 3702 * XXX why do we care about multlicast here while we don't care 3703 * about IPv4 multicast?? 3704 * XXX scope 3705 */ 3706 in6m = NULL; 3707 IN6_LOOKUP_MULTI(sin6->sin6_addr, ia->ia_ifp, in6m); 3708 if (in6m) 3709 return 1; 3710 } 3711 3712 /* loopback, just for safety */ 3713 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr)) 3714 return 1; 3715 3716 return 0; 3717 } 3718 #endif /*INET6*/ 3719 3720 /* 3721 * compare two secasindex structure. 3722 * flag can specify to compare 2 saidxes. 3723 * compare two secasindex structure without both mode and reqid. 3724 * don't compare port. 3725 * IN: 3726 * saidx0: source, it can be in SAD. 3727 * saidx1: object. 3728 * OUT: 3729 * 1 : equal 3730 * 0 : not equal 3731 */ 3732 static int 3733 key_cmpsaidx( 3734 const struct secasindex *saidx0, 3735 const struct secasindex *saidx1, 3736 int flag) 3737 { 3738 /* sanity */ 3739 if (saidx0 == NULL && saidx1 == NULL) 3740 return 1; 3741 3742 if (saidx0 == NULL || saidx1 == NULL) 3743 return 0; 3744 3745 if (saidx0->proto != saidx1->proto) 3746 return 0; 3747 3748 if (flag == CMP_EXACTLY) { 3749 if (saidx0->mode != saidx1->mode) 3750 return 0; 3751 if (saidx0->reqid != saidx1->reqid) 3752 return 0; 3753 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.sa.sa_len) != 0 || 3754 bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.sa.sa_len) != 0) 3755 return 0; 3756 } else { 3757 3758 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */ 3759 if (flag == CMP_MODE_REQID 3760 ||flag == CMP_REQID) { 3761 /* 3762 * If reqid of SPD is non-zero, unique SA is required. 3763 * The result must be of same reqid in this case. 3764 */ 3765 if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid) 3766 return 0; 3767 } 3768 3769 if (flag == CMP_MODE_REQID) { 3770 if (saidx0->mode != IPSEC_MODE_ANY 3771 && saidx0->mode != saidx1->mode) 3772 return 0; 3773 } 3774 3775 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, 0) != 0) { 3776 return 0; 3777 } 3778 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, 0) != 0) { 3779 return 0; 3780 } 3781 } 3782 3783 return 1; 3784 } 3785 3786 /* 3787 * compare two secindex structure exactly. 3788 * IN: 3789 * spidx0: source, it is often in SPD. 3790 * spidx1: object, it is often from PFKEY message. 3791 * OUT: 3792 * 1 : equal 3793 * 0 : not equal 3794 */ 3795 static int 3796 key_cmpspidx_exactly( 3797 struct secpolicyindex *spidx0, 3798 struct secpolicyindex *spidx1) 3799 { 3800 /* sanity */ 3801 if (spidx0 == NULL && spidx1 == NULL) 3802 return 1; 3803 3804 if (spidx0 == NULL || spidx1 == NULL) 3805 return 0; 3806 3807 if (spidx0->prefs != spidx1->prefs 3808 || spidx0->prefd != spidx1->prefd 3809 || spidx0->ul_proto != spidx1->ul_proto) 3810 return 0; 3811 3812 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 && 3813 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0; 3814 } 3815 3816 /* 3817 * compare two secindex structure with mask. 3818 * IN: 3819 * spidx0: source, it is often in SPD. 3820 * spidx1: object, it is often from IP header. 3821 * OUT: 3822 * 1 : equal 3823 * 0 : not equal 3824 */ 3825 static int 3826 key_cmpspidx_withmask( 3827 struct secpolicyindex *spidx0, 3828 struct secpolicyindex *spidx1) 3829 { 3830 /* sanity */ 3831 if (spidx0 == NULL && spidx1 == NULL) 3832 return 1; 3833 3834 if (spidx0 == NULL || spidx1 == NULL) 3835 return 0; 3836 3837 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family || 3838 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family || 3839 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len || 3840 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) 3841 return 0; 3842 3843 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ 3844 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY 3845 && spidx0->ul_proto != spidx1->ul_proto) 3846 return 0; 3847 3848 switch (spidx0->src.sa.sa_family) { 3849 case AF_INET: 3850 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY 3851 && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) 3852 return 0; 3853 if (!key_bbcmp(&spidx0->src.sin.sin_addr, 3854 &spidx1->src.sin.sin_addr, spidx0->prefs)) 3855 return 0; 3856 break; 3857 case AF_INET6: 3858 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY 3859 && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) 3860 return 0; 3861 /* 3862 * scope_id check. if sin6_scope_id is 0, we regard it 3863 * as a wildcard scope, which matches any scope zone ID. 3864 */ 3865 if (spidx0->src.sin6.sin6_scope_id && 3866 spidx1->src.sin6.sin6_scope_id && 3867 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) 3868 return 0; 3869 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr, 3870 &spidx1->src.sin6.sin6_addr, spidx0->prefs)) 3871 return 0; 3872 break; 3873 default: 3874 /* XXX */ 3875 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) 3876 return 0; 3877 break; 3878 } 3879 3880 switch (spidx0->dst.sa.sa_family) { 3881 case AF_INET: 3882 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY 3883 && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) 3884 return 0; 3885 if (!key_bbcmp(&spidx0->dst.sin.sin_addr, 3886 &spidx1->dst.sin.sin_addr, spidx0->prefd)) 3887 return 0; 3888 break; 3889 case AF_INET6: 3890 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY 3891 && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) 3892 return 0; 3893 /* 3894 * scope_id check. if sin6_scope_id is 0, we regard it 3895 * as a wildcard scope, which matches any scope zone ID. 3896 */ 3897 if (spidx0->dst.sin6.sin6_scope_id && 3898 spidx1->dst.sin6.sin6_scope_id && 3899 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) 3900 return 0; 3901 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr, 3902 &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) 3903 return 0; 3904 break; 3905 default: 3906 /* XXX */ 3907 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) 3908 return 0; 3909 break; 3910 } 3911 3912 /* XXX Do we check other field ? e.g. flowinfo */ 3913 3914 return 1; 3915 } 3916 3917 /* returns 0 on match */ 3918 static int 3919 key_sockaddrcmp( 3920 const struct sockaddr *sa1, 3921 const struct sockaddr *sa2, 3922 int port) 3923 { 3924 #ifdef satosin 3925 #undef satosin 3926 #endif 3927 #define satosin(s) ((const struct sockaddr_in *)s) 3928 #ifdef satosin6 3929 #undef satosin6 3930 #endif 3931 #define satosin6(s) ((const struct sockaddr_in6 *)s) 3932 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 3933 return 1; 3934 3935 switch (sa1->sa_family) { 3936 case AF_INET: 3937 if (sa1->sa_len != sizeof(struct sockaddr_in)) 3938 return 1; 3939 if (satosin(sa1)->sin_addr.s_addr != 3940 satosin(sa2)->sin_addr.s_addr) { 3941 return 1; 3942 } 3943 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port) 3944 return 1; 3945 break; 3946 case AF_INET6: 3947 if (sa1->sa_len != sizeof(struct sockaddr_in6)) 3948 return 1; /*EINVAL*/ 3949 if (satosin6(sa1)->sin6_scope_id != 3950 satosin6(sa2)->sin6_scope_id) { 3951 return 1; 3952 } 3953 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr, 3954 &satosin6(sa2)->sin6_addr)) { 3955 return 1; 3956 } 3957 if (port && 3958 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) { 3959 return 1; 3960 } 3961 break; 3962 default: 3963 if (bcmp(sa1, sa2, sa1->sa_len) != 0) 3964 return 1; 3965 break; 3966 } 3967 3968 return 0; 3969 #undef satosin 3970 #undef satosin6 3971 } 3972 3973 /* 3974 * compare two buffers with mask. 3975 * IN: 3976 * addr1: source 3977 * addr2: object 3978 * bits: Number of bits to compare 3979 * OUT: 3980 * 1 : equal 3981 * 0 : not equal 3982 */ 3983 static int 3984 key_bbcmp(const void *a1, const void *a2, u_int bits) 3985 { 3986 const unsigned char *p1 = a1; 3987 const unsigned char *p2 = a2; 3988 3989 /* XXX: This could be considerably faster if we compare a word 3990 * at a time, but it is complicated on LSB Endian machines */ 3991 3992 /* Handle null pointers */ 3993 if (p1 == NULL || p2 == NULL) 3994 return (p1 == p2); 3995 3996 while (bits >= 8) { 3997 if (*p1++ != *p2++) 3998 return 0; 3999 bits -= 8; 4000 } 4001 4002 if (bits > 0) { 4003 u_int8_t mask = ~((1<<(8-bits))-1); 4004 if ((*p1 & mask) != (*p2 & mask)) 4005 return 0; 4006 } 4007 return 1; /* Match! */ 4008 } 4009 4010 static void 4011 key_flush_spd(time_t now) 4012 { 4013 static u_int16_t sptree_scangen = 0; 4014 u_int16_t gen = sptree_scangen++; 4015 struct secpolicy *sp; 4016 u_int dir; 4017 4018 /* SPD */ 4019 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 4020 restart: 4021 SPTREE_LOCK(); 4022 LIST_FOREACH(sp, &sptree[dir], chain) { 4023 if (sp->scangen == gen) /* previously handled */ 4024 continue; 4025 sp->scangen = gen; 4026 if (sp->state == IPSEC_SPSTATE_DEAD) { 4027 /* NB: clean entries created by key_spdflush */ 4028 SPTREE_UNLOCK(); 4029 KEY_FREESP(&sp); 4030 goto restart; 4031 } 4032 if (sp->lifetime == 0 && sp->validtime == 0) 4033 continue; 4034 if ((sp->lifetime && now - sp->created > sp->lifetime) 4035 || (sp->validtime && now - sp->lastused > sp->validtime)) { 4036 sp->state = IPSEC_SPSTATE_DEAD; 4037 SPTREE_UNLOCK(); 4038 key_spdexpire(sp); 4039 KEY_FREESP(&sp); 4040 goto restart; 4041 } 4042 } 4043 SPTREE_UNLOCK(); 4044 } 4045 } 4046 4047 static void 4048 key_flush_sad(time_t now) 4049 { 4050 struct secashead *sah, *nextsah; 4051 struct secasvar *sav, *nextsav; 4052 4053 /* SAD */ 4054 SAHTREE_LOCK(); 4055 LIST_FOREACH_SAFE(sah, &sahtree, chain, nextsah) { 4056 /* if sah has been dead, then delete it and process next sah. */ 4057 if (sah->state == SADB_SASTATE_DEAD) { 4058 key_delsah(sah); 4059 continue; 4060 } 4061 4062 /* if LARVAL entry doesn't become MATURE, delete it. */ 4063 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_LARVAL], chain, nextsav) { 4064 if (now - sav->created > key_larval_lifetime) 4065 KEY_FREESAV(&sav); 4066 } 4067 4068 /* 4069 * check MATURE entry to start to send expire message 4070 * whether or not. 4071 */ 4072 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_MATURE], chain, nextsav) { 4073 /* we don't need to check. */ 4074 if (sav->lft_s == NULL) 4075 continue; 4076 4077 /* sanity check */ 4078 if (sav->lft_c == NULL) { 4079 ipseclog((LOG_DEBUG,"%s: there is no CURRENT " 4080 "time, why?\n", __func__)); 4081 continue; 4082 } 4083 4084 /* check SOFT lifetime */ 4085 if (sav->lft_s->sadb_lifetime_addtime != 0 && 4086 now - sav->created > sav->lft_s->sadb_lifetime_addtime) { 4087 /* 4088 * check SA to be used whether or not. 4089 * when SA hasn't been used, delete it. 4090 */ 4091 if (sav->lft_c->sadb_lifetime_usetime == 0) { 4092 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 4093 KEY_FREESAV(&sav); 4094 } else { 4095 key_sa_chgstate(sav, SADB_SASTATE_DYING); 4096 /* 4097 * XXX If we keep to send expire 4098 * message in the status of 4099 * DYING. Do remove below code. 4100 */ 4101 key_expire(sav); 4102 } 4103 } 4104 /* check SOFT lifetime by bytes */ 4105 /* 4106 * XXX I don't know the way to delete this SA 4107 * when new SA is installed. Caution when it's 4108 * installed too big lifetime by time. 4109 */ 4110 else if (sav->lft_s->sadb_lifetime_bytes != 0 && 4111 sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) { 4112 4113 key_sa_chgstate(sav, SADB_SASTATE_DYING); 4114 /* 4115 * XXX If we keep to send expire 4116 * message in the status of 4117 * DYING. Do remove below code. 4118 */ 4119 key_expire(sav); 4120 } 4121 } 4122 4123 /* check DYING entry to change status to DEAD. */ 4124 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_DYING], chain, nextsav) { 4125 /* we don't need to check. */ 4126 if (sav->lft_h == NULL) 4127 continue; 4128 4129 /* sanity check */ 4130 if (sav->lft_c == NULL) { 4131 ipseclog((LOG_DEBUG, "%s: there is no CURRENT " 4132 "time, why?\n", __func__)); 4133 continue; 4134 } 4135 4136 if (sav->lft_h->sadb_lifetime_addtime != 0 && 4137 now - sav->created > sav->lft_h->sadb_lifetime_addtime) { 4138 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 4139 KEY_FREESAV(&sav); 4140 } 4141 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */ 4142 else if (sav->lft_s != NULL 4143 && sav->lft_s->sadb_lifetime_addtime != 0 4144 && now - sav->created > sav->lft_s->sadb_lifetime_addtime) { 4145 /* 4146 * XXX: should be checked to be 4147 * installed the valid SA. 4148 */ 4149 4150 /* 4151 * If there is no SA then sending 4152 * expire message. 4153 */ 4154 key_expire(sav); 4155 } 4156 #endif 4157 /* check HARD lifetime by bytes */ 4158 else if (sav->lft_h->sadb_lifetime_bytes != 0 && 4159 sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) { 4160 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 4161 KEY_FREESAV(&sav); 4162 } 4163 } 4164 4165 /* delete entry in DEAD */ 4166 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_DEAD], chain, nextsav) { 4167 /* sanity check */ 4168 if (sav->state != SADB_SASTATE_DEAD) { 4169 ipseclog((LOG_DEBUG, "%s: invalid sav->state " 4170 "(queue: %d SA: %d): kill it anyway\n", 4171 __func__, 4172 SADB_SASTATE_DEAD, sav->state)); 4173 } 4174 /* 4175 * do not call key_freesav() here. 4176 * sav should already be freed, and sav->refcnt 4177 * shows other references to sav 4178 * (such as from SPD). 4179 */ 4180 } 4181 } 4182 SAHTREE_UNLOCK(); 4183 } 4184 4185 static void 4186 key_flush_acq(time_t now) 4187 { 4188 struct secacq *acq, *nextacq; 4189 4190 /* ACQ tree */ 4191 ACQ_LOCK(); 4192 for (acq = LIST_FIRST(&acqtree); acq != NULL; acq = nextacq) { 4193 nextacq = LIST_NEXT(acq, chain); 4194 if (now - acq->created > key_blockacq_lifetime 4195 && __LIST_CHAINED(acq)) { 4196 LIST_REMOVE(acq, chain); 4197 free(acq, M_IPSEC_SAQ); 4198 } 4199 } 4200 ACQ_UNLOCK(); 4201 } 4202 4203 static void 4204 key_flush_spacq(time_t now) 4205 { 4206 struct secspacq *acq, *nextacq; 4207 4208 /* SP ACQ tree */ 4209 SPACQ_LOCK(); 4210 for (acq = LIST_FIRST(&spacqtree); acq != NULL; acq = nextacq) { 4211 nextacq = LIST_NEXT(acq, chain); 4212 if (now - acq->created > key_blockacq_lifetime 4213 && __LIST_CHAINED(acq)) { 4214 LIST_REMOVE(acq, chain); 4215 free(acq, M_IPSEC_SAQ); 4216 } 4217 } 4218 SPACQ_UNLOCK(); 4219 } 4220 4221 /* 4222 * time handler. 4223 * scanning SPD and SAD to check status for each entries, 4224 * and do to remove or to expire. 4225 * XXX: year 2038 problem may remain. 4226 */ 4227 void 4228 key_timehandler(void) 4229 { 4230 time_t now = time_second; 4231 4232 key_flush_spd(now); 4233 key_flush_sad(now); 4234 key_flush_acq(now); 4235 key_flush_spacq(now); 4236 4237 #ifndef IPSEC_DEBUG2 4238 /* do exchange to tick time !! */ 4239 (void)timeout((void *)key_timehandler, (void *)0, hz); 4240 #endif /* IPSEC_DEBUG2 */ 4241 } 4242 4243 u_long 4244 key_random() 4245 { 4246 u_long value; 4247 4248 key_randomfill(&value, sizeof(value)); 4249 return value; 4250 } 4251 4252 void 4253 key_randomfill(p, l) 4254 void *p; 4255 size_t l; 4256 { 4257 size_t n; 4258 u_long v; 4259 static int warn = 1; 4260 4261 n = 0; 4262 n = (size_t)read_random(p, (u_int)l); 4263 /* last resort */ 4264 while (n < l) { 4265 v = random(); 4266 bcopy(&v, (u_int8_t *)p + n, 4267 l - n < sizeof(v) ? l - n : sizeof(v)); 4268 n += sizeof(v); 4269 4270 if (warn) { 4271 printf("WARNING: pseudo-random number generator " 4272 "used for IPsec processing\n"); 4273 warn = 0; 4274 } 4275 } 4276 } 4277 4278 /* 4279 * map SADB_SATYPE_* to IPPROTO_*. 4280 * if satype == SADB_SATYPE then satype is mapped to ~0. 4281 * OUT: 4282 * 0: invalid satype. 4283 */ 4284 static u_int16_t 4285 key_satype2proto(satype) 4286 u_int8_t satype; 4287 { 4288 switch (satype) { 4289 case SADB_SATYPE_UNSPEC: 4290 return IPSEC_PROTO_ANY; 4291 case SADB_SATYPE_AH: 4292 return IPPROTO_AH; 4293 case SADB_SATYPE_ESP: 4294 return IPPROTO_ESP; 4295 case SADB_X_SATYPE_IPCOMP: 4296 return IPPROTO_IPCOMP; 4297 case SADB_X_SATYPE_TCPSIGNATURE: 4298 return IPPROTO_TCP; 4299 default: 4300 return 0; 4301 } 4302 /* NOTREACHED */ 4303 } 4304 4305 /* 4306 * map IPPROTO_* to SADB_SATYPE_* 4307 * OUT: 4308 * 0: invalid protocol type. 4309 */ 4310 static u_int8_t 4311 key_proto2satype(proto) 4312 u_int16_t proto; 4313 { 4314 switch (proto) { 4315 case IPPROTO_AH: 4316 return SADB_SATYPE_AH; 4317 case IPPROTO_ESP: 4318 return SADB_SATYPE_ESP; 4319 case IPPROTO_IPCOMP: 4320 return SADB_X_SATYPE_IPCOMP; 4321 case IPPROTO_TCP: 4322 return SADB_X_SATYPE_TCPSIGNATURE; 4323 default: 4324 return 0; 4325 } 4326 /* NOTREACHED */ 4327 } 4328 4329 /* %%% PF_KEY */ 4330 /* 4331 * SADB_GETSPI processing is to receive 4332 * <base, (SA2), src address, dst address, (SPI range)> 4333 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND 4334 * tree with the status of LARVAL, and send 4335 * <base, SA(*), address(SD)> 4336 * to the IKMPd. 4337 * 4338 * IN: mhp: pointer to the pointer to each header. 4339 * OUT: NULL if fail. 4340 * other if success, return pointer to the message to send. 4341 */ 4342 static int 4343 key_getspi(so, m, mhp) 4344 struct socket *so; 4345 struct mbuf *m; 4346 const struct sadb_msghdr *mhp; 4347 { 4348 struct sadb_address *src0, *dst0; 4349 struct secasindex saidx; 4350 struct secashead *newsah; 4351 struct secasvar *newsav; 4352 u_int8_t proto; 4353 u_int32_t spi; 4354 u_int8_t mode; 4355 u_int32_t reqid; 4356 int error; 4357 4358 IPSEC_ASSERT(so != NULL, ("null socket")); 4359 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4360 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4361 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4362 4363 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 4364 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { 4365 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 4366 __func__)); 4367 return key_senderror(so, m, EINVAL); 4368 } 4369 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 4370 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 4371 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 4372 __func__)); 4373 return key_senderror(so, m, EINVAL); 4374 } 4375 if (mhp->ext[SADB_X_EXT_SA2] != NULL) { 4376 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 4377 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 4378 } else { 4379 mode = IPSEC_MODE_ANY; 4380 reqid = 0; 4381 } 4382 4383 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 4384 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 4385 4386 /* map satype to proto */ 4387 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 4388 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 4389 __func__)); 4390 return key_senderror(so, m, EINVAL); 4391 } 4392 4393 /* make sure if port number is zero. */ 4394 switch (((struct sockaddr *)(src0 + 1))->sa_family) { 4395 case AF_INET: 4396 if (((struct sockaddr *)(src0 + 1))->sa_len != 4397 sizeof(struct sockaddr_in)) 4398 return key_senderror(so, m, EINVAL); 4399 ((struct sockaddr_in *)(src0 + 1))->sin_port = 0; 4400 break; 4401 case AF_INET6: 4402 if (((struct sockaddr *)(src0 + 1))->sa_len != 4403 sizeof(struct sockaddr_in6)) 4404 return key_senderror(so, m, EINVAL); 4405 ((struct sockaddr_in6 *)(src0 + 1))->sin6_port = 0; 4406 break; 4407 default: 4408 ; /*???*/ 4409 } 4410 switch (((struct sockaddr *)(dst0 + 1))->sa_family) { 4411 case AF_INET: 4412 if (((struct sockaddr *)(dst0 + 1))->sa_len != 4413 sizeof(struct sockaddr_in)) 4414 return key_senderror(so, m, EINVAL); 4415 ((struct sockaddr_in *)(dst0 + 1))->sin_port = 0; 4416 break; 4417 case AF_INET6: 4418 if (((struct sockaddr *)(dst0 + 1))->sa_len != 4419 sizeof(struct sockaddr_in6)) 4420 return key_senderror(so, m, EINVAL); 4421 ((struct sockaddr_in6 *)(dst0 + 1))->sin6_port = 0; 4422 break; 4423 default: 4424 ; /*???*/ 4425 } 4426 4427 /* XXX boundary check against sa_len */ 4428 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 4429 4430 /* SPI allocation */ 4431 spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], 4432 &saidx); 4433 if (spi == 0) 4434 return key_senderror(so, m, EINVAL); 4435 4436 /* get a SA index */ 4437 if ((newsah = key_getsah(&saidx)) == NULL) { 4438 /* create a new SA index */ 4439 if ((newsah = key_newsah(&saidx)) == NULL) { 4440 ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); 4441 return key_senderror(so, m, ENOBUFS); 4442 } 4443 } 4444 4445 /* get a new SA */ 4446 /* XXX rewrite */ 4447 newsav = KEY_NEWSAV(m, mhp, newsah, &error); 4448 if (newsav == NULL) { 4449 /* XXX don't free new SA index allocated in above. */ 4450 return key_senderror(so, m, error); 4451 } 4452 4453 /* set spi */ 4454 newsav->spi = htonl(spi); 4455 4456 /* delete the entry in acqtree */ 4457 if (mhp->msg->sadb_msg_seq != 0) { 4458 struct secacq *acq; 4459 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) { 4460 /* reset counter in order to deletion by timehandler. */ 4461 acq->created = time_second; 4462 acq->count = 0; 4463 } 4464 } 4465 4466 { 4467 struct mbuf *n, *nn; 4468 struct sadb_sa *m_sa; 4469 struct sadb_msg *newmsg; 4470 int off, len; 4471 4472 /* create new sadb_msg to reply. */ 4473 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 4474 PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4475 if (len > MCLBYTES) 4476 return key_senderror(so, m, ENOBUFS); 4477 4478 MGETHDR(n, M_DONTWAIT, MT_DATA); 4479 if (len > MHLEN) { 4480 MCLGET(n, M_DONTWAIT); 4481 if ((n->m_flags & M_EXT) == 0) { 4482 m_freem(n); 4483 n = NULL; 4484 } 4485 } 4486 if (!n) 4487 return key_senderror(so, m, ENOBUFS); 4488 4489 n->m_len = len; 4490 n->m_next = NULL; 4491 off = 0; 4492 4493 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 4494 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 4495 4496 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off); 4497 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); 4498 m_sa->sadb_sa_exttype = SADB_EXT_SA; 4499 m_sa->sadb_sa_spi = htonl(spi); 4500 off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4501 4502 IPSEC_ASSERT(off == len, 4503 ("length inconsistency (off %u len %u)", off, len)); 4504 4505 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, 4506 SADB_EXT_ADDRESS_DST); 4507 if (!n->m_next) { 4508 m_freem(n); 4509 return key_senderror(so, m, ENOBUFS); 4510 } 4511 4512 if (n->m_len < sizeof(struct sadb_msg)) { 4513 n = m_pullup(n, sizeof(struct sadb_msg)); 4514 if (n == NULL) 4515 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 4516 } 4517 4518 n->m_pkthdr.len = 0; 4519 for (nn = n; nn; nn = nn->m_next) 4520 n->m_pkthdr.len += nn->m_len; 4521 4522 newmsg = mtod(n, struct sadb_msg *); 4523 newmsg->sadb_msg_seq = newsav->seq; 4524 newmsg->sadb_msg_errno = 0; 4525 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 4526 4527 m_freem(m); 4528 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 4529 } 4530 } 4531 4532 /* 4533 * allocating new SPI 4534 * called by key_getspi(). 4535 * OUT: 4536 * 0: failure. 4537 * others: success. 4538 */ 4539 static u_int32_t 4540 key_do_getnewspi(spirange, saidx) 4541 struct sadb_spirange *spirange; 4542 struct secasindex *saidx; 4543 { 4544 u_int32_t newspi; 4545 u_int32_t min, max; 4546 int count = key_spi_trycnt; 4547 4548 /* set spi range to allocate */ 4549 if (spirange != NULL) { 4550 min = spirange->sadb_spirange_min; 4551 max = spirange->sadb_spirange_max; 4552 } else { 4553 min = key_spi_minval; 4554 max = key_spi_maxval; 4555 } 4556 /* IPCOMP needs 2-byte SPI */ 4557 if (saidx->proto == IPPROTO_IPCOMP) { 4558 u_int32_t t; 4559 if (min >= 0x10000) 4560 min = 0xffff; 4561 if (max >= 0x10000) 4562 max = 0xffff; 4563 if (min > max) { 4564 t = min; min = max; max = t; 4565 } 4566 } 4567 4568 if (min == max) { 4569 if (key_checkspidup(saidx, min) != NULL) { 4570 ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n", 4571 __func__, min)); 4572 return 0; 4573 } 4574 4575 count--; /* taking one cost. */ 4576 newspi = min; 4577 4578 } else { 4579 4580 /* init SPI */ 4581 newspi = 0; 4582 4583 /* when requesting to allocate spi ranged */ 4584 while (count--) { 4585 /* generate pseudo-random SPI value ranged. */ 4586 newspi = min + (key_random() % (max - min + 1)); 4587 4588 if (key_checkspidup(saidx, newspi) == NULL) 4589 break; 4590 } 4591 4592 if (count == 0 || newspi == 0) { 4593 ipseclog((LOG_DEBUG, "%s: to allocate spi is failed.\n", 4594 __func__)); 4595 return 0; 4596 } 4597 } 4598 4599 /* statistics */ 4600 keystat.getspi_count = 4601 (keystat.getspi_count + key_spi_trycnt - count) / 2; 4602 4603 return newspi; 4604 } 4605 4606 /* 4607 * SADB_UPDATE processing 4608 * receive 4609 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 4610 * key(AE), (identity(SD),) (sensitivity)> 4611 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. 4612 * and send 4613 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 4614 * (identity(SD),) (sensitivity)> 4615 * to the ikmpd. 4616 * 4617 * m will always be freed. 4618 */ 4619 static int 4620 key_update(so, m, mhp) 4621 struct socket *so; 4622 struct mbuf *m; 4623 const struct sadb_msghdr *mhp; 4624 { 4625 struct sadb_sa *sa0; 4626 struct sadb_address *src0, *dst0; 4627 struct secasindex saidx; 4628 struct secashead *sah; 4629 struct secasvar *sav; 4630 u_int16_t proto; 4631 u_int8_t mode; 4632 u_int32_t reqid; 4633 int error; 4634 4635 IPSEC_ASSERT(so != NULL, ("null socket")); 4636 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4637 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4638 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4639 4640 /* map satype to proto */ 4641 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 4642 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 4643 __func__)); 4644 return key_senderror(so, m, EINVAL); 4645 } 4646 4647 if (mhp->ext[SADB_EXT_SA] == NULL || 4648 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 4649 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 4650 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 4651 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) || 4652 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 4653 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) || 4654 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL && 4655 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) || 4656 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL && 4657 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) { 4658 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 4659 __func__)); 4660 return key_senderror(so, m, EINVAL); 4661 } 4662 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || 4663 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 4664 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 4665 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 4666 __func__)); 4667 return key_senderror(so, m, EINVAL); 4668 } 4669 if (mhp->ext[SADB_X_EXT_SA2] != NULL) { 4670 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 4671 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 4672 } else { 4673 mode = IPSEC_MODE_ANY; 4674 reqid = 0; 4675 } 4676 /* XXX boundary checking for other extensions */ 4677 4678 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 4679 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 4680 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 4681 4682 /* XXX boundary check against sa_len */ 4683 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 4684 4685 /* get a SA header */ 4686 if ((sah = key_getsah(&saidx)) == NULL) { 4687 ipseclog((LOG_DEBUG, "%s: no SA index found.\n", __func__)); 4688 return key_senderror(so, m, ENOENT); 4689 } 4690 4691 /* set spidx if there */ 4692 /* XXX rewrite */ 4693 error = key_setident(sah, m, mhp); 4694 if (error) 4695 return key_senderror(so, m, error); 4696 4697 /* find a SA with sequence number. */ 4698 #ifdef IPSEC_DOSEQCHECK 4699 if (mhp->msg->sadb_msg_seq != 0 4700 && (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) { 4701 ipseclog((LOG_DEBUG, "%s: no larval SA with sequence %u " 4702 "exists.\n", __func__, mhp->msg->sadb_msg_seq)); 4703 return key_senderror(so, m, ENOENT); 4704 } 4705 #else 4706 SAHTREE_LOCK(); 4707 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); 4708 SAHTREE_UNLOCK(); 4709 if (sav == NULL) { 4710 ipseclog((LOG_DEBUG, "%s: no such a SA found (spi:%u)\n", 4711 __func__, (u_int32_t)ntohl(sa0->sadb_sa_spi))); 4712 return key_senderror(so, m, EINVAL); 4713 } 4714 #endif 4715 4716 /* validity check */ 4717 if (sav->sah->saidx.proto != proto) { 4718 ipseclog((LOG_DEBUG, "%s: protocol mismatched " 4719 "(DB=%u param=%u)\n", __func__, 4720 sav->sah->saidx.proto, proto)); 4721 return key_senderror(so, m, EINVAL); 4722 } 4723 #ifdef IPSEC_DOSEQCHECK 4724 if (sav->spi != sa0->sadb_sa_spi) { 4725 ipseclog((LOG_DEBUG, "%s: SPI mismatched (DB:%u param:%u)\n", 4726 __func__, 4727 (u_int32_t)ntohl(sav->spi), 4728 (u_int32_t)ntohl(sa0->sadb_sa_spi))); 4729 return key_senderror(so, m, EINVAL); 4730 } 4731 #endif 4732 if (sav->pid != mhp->msg->sadb_msg_pid) { 4733 ipseclog((LOG_DEBUG, "%s: pid mismatched (DB:%u param:%u)\n", 4734 __func__, sav->pid, mhp->msg->sadb_msg_pid)); 4735 return key_senderror(so, m, EINVAL); 4736 } 4737 4738 /* copy sav values */ 4739 error = key_setsaval(sav, m, mhp); 4740 if (error) { 4741 KEY_FREESAV(&sav); 4742 return key_senderror(so, m, error); 4743 } 4744 4745 /* check SA values to be mature. */ 4746 if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) { 4747 KEY_FREESAV(&sav); 4748 return key_senderror(so, m, 0); 4749 } 4750 4751 { 4752 struct mbuf *n; 4753 4754 /* set msg buf from mhp */ 4755 n = key_getmsgbuf_x1(m, mhp); 4756 if (n == NULL) { 4757 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 4758 return key_senderror(so, m, ENOBUFS); 4759 } 4760 4761 m_freem(m); 4762 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 4763 } 4764 } 4765 4766 /* 4767 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL. 4768 * only called by key_update(). 4769 * OUT: 4770 * NULL : not found 4771 * others : found, pointer to a SA. 4772 */ 4773 #ifdef IPSEC_DOSEQCHECK 4774 static struct secasvar * 4775 key_getsavbyseq(sah, seq) 4776 struct secashead *sah; 4777 u_int32_t seq; 4778 { 4779 struct secasvar *sav; 4780 u_int state; 4781 4782 state = SADB_SASTATE_LARVAL; 4783 4784 /* search SAD with sequence number ? */ 4785 LIST_FOREACH(sav, &sah->savtree[state], chain) { 4786 4787 KEY_CHKSASTATE(state, sav->state, __func__); 4788 4789 if (sav->seq == seq) { 4790 sa_addref(sav); 4791 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 4792 printf("DP %s cause refcnt++:%d SA:%p\n", 4793 __func__, sav->refcnt, sav)); 4794 return sav; 4795 } 4796 } 4797 4798 return NULL; 4799 } 4800 #endif 4801 4802 /* 4803 * SADB_ADD processing 4804 * add an entry to SA database, when received 4805 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 4806 * key(AE), (identity(SD),) (sensitivity)> 4807 * from the ikmpd, 4808 * and send 4809 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 4810 * (identity(SD),) (sensitivity)> 4811 * to the ikmpd. 4812 * 4813 * IGNORE identity and sensitivity messages. 4814 * 4815 * m will always be freed. 4816 */ 4817 static int 4818 key_add(so, m, mhp) 4819 struct socket *so; 4820 struct mbuf *m; 4821 const struct sadb_msghdr *mhp; 4822 { 4823 struct sadb_sa *sa0; 4824 struct sadb_address *src0, *dst0; 4825 struct secasindex saidx; 4826 struct secashead *newsah; 4827 struct secasvar *newsav; 4828 u_int16_t proto; 4829 u_int8_t mode; 4830 u_int32_t reqid; 4831 int error; 4832 4833 IPSEC_ASSERT(so != NULL, ("null socket")); 4834 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4835 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4836 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4837 4838 /* map satype to proto */ 4839 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 4840 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 4841 __func__)); 4842 return key_senderror(so, m, EINVAL); 4843 } 4844 4845 if (mhp->ext[SADB_EXT_SA] == NULL || 4846 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 4847 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 4848 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 4849 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) || 4850 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 4851 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) || 4852 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL && 4853 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) || 4854 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL && 4855 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) { 4856 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 4857 __func__)); 4858 return key_senderror(so, m, EINVAL); 4859 } 4860 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || 4861 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 4862 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 4863 /* XXX need more */ 4864 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 4865 __func__)); 4866 return key_senderror(so, m, EINVAL); 4867 } 4868 if (mhp->ext[SADB_X_EXT_SA2] != NULL) { 4869 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 4870 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 4871 } else { 4872 mode = IPSEC_MODE_ANY; 4873 reqid = 0; 4874 } 4875 4876 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 4877 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 4878 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 4879 4880 /* XXX boundary check against sa_len */ 4881 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 4882 4883 /* get a SA header */ 4884 if ((newsah = key_getsah(&saidx)) == NULL) { 4885 /* create a new SA header */ 4886 if ((newsah = key_newsah(&saidx)) == NULL) { 4887 ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); 4888 return key_senderror(so, m, ENOBUFS); 4889 } 4890 } 4891 4892 /* set spidx if there */ 4893 /* XXX rewrite */ 4894 error = key_setident(newsah, m, mhp); 4895 if (error) { 4896 return key_senderror(so, m, error); 4897 } 4898 4899 /* create new SA entry. */ 4900 /* We can create new SA only if SPI is differenct. */ 4901 SAHTREE_LOCK(); 4902 newsav = key_getsavbyspi(newsah, sa0->sadb_sa_spi); 4903 SAHTREE_UNLOCK(); 4904 if (newsav != NULL) { 4905 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__)); 4906 return key_senderror(so, m, EEXIST); 4907 } 4908 newsav = KEY_NEWSAV(m, mhp, newsah, &error); 4909 if (newsav == NULL) { 4910 return key_senderror(so, m, error); 4911 } 4912 4913 /* check SA values to be mature. */ 4914 if ((error = key_mature(newsav)) != 0) { 4915 KEY_FREESAV(&newsav); 4916 return key_senderror(so, m, error); 4917 } 4918 4919 /* 4920 * don't call key_freesav() here, as we would like to keep the SA 4921 * in the database on success. 4922 */ 4923 4924 { 4925 struct mbuf *n; 4926 4927 /* set msg buf from mhp */ 4928 n = key_getmsgbuf_x1(m, mhp); 4929 if (n == NULL) { 4930 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 4931 return key_senderror(so, m, ENOBUFS); 4932 } 4933 4934 m_freem(m); 4935 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 4936 } 4937 } 4938 4939 /* m is retained */ 4940 static int 4941 key_setident(sah, m, mhp) 4942 struct secashead *sah; 4943 struct mbuf *m; 4944 const struct sadb_msghdr *mhp; 4945 { 4946 const struct sadb_ident *idsrc, *iddst; 4947 int idsrclen, iddstlen; 4948 4949 IPSEC_ASSERT(sah != NULL, ("null secashead")); 4950 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4951 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4952 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4953 4954 /* don't make buffer if not there */ 4955 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL && 4956 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { 4957 sah->idents = NULL; 4958 sah->identd = NULL; 4959 return 0; 4960 } 4961 4962 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL || 4963 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { 4964 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__)); 4965 return EINVAL; 4966 } 4967 4968 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC]; 4969 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST]; 4970 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC]; 4971 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST]; 4972 4973 /* validity check */ 4974 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { 4975 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__)); 4976 return EINVAL; 4977 } 4978 4979 switch (idsrc->sadb_ident_type) { 4980 case SADB_IDENTTYPE_PREFIX: 4981 case SADB_IDENTTYPE_FQDN: 4982 case SADB_IDENTTYPE_USERFQDN: 4983 default: 4984 /* XXX do nothing */ 4985 sah->idents = NULL; 4986 sah->identd = NULL; 4987 return 0; 4988 } 4989 4990 /* make structure */ 4991 sah->idents = malloc(idsrclen, M_IPSEC_MISC, M_NOWAIT); 4992 if (sah->idents == NULL) { 4993 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 4994 return ENOBUFS; 4995 } 4996 sah->identd = malloc(iddstlen, M_IPSEC_MISC, M_NOWAIT); 4997 if (sah->identd == NULL) { 4998 free(sah->idents, M_IPSEC_MISC); 4999 sah->idents = NULL; 5000 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5001 return ENOBUFS; 5002 } 5003 bcopy(idsrc, sah->idents, idsrclen); 5004 bcopy(iddst, sah->identd, iddstlen); 5005 5006 return 0; 5007 } 5008 5009 /* 5010 * m will not be freed on return. 5011 * it is caller's responsibility to free the result. 5012 */ 5013 static struct mbuf * 5014 key_getmsgbuf_x1(m, mhp) 5015 struct mbuf *m; 5016 const struct sadb_msghdr *mhp; 5017 { 5018 struct mbuf *n; 5019 5020 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5021 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5022 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5023 5024 /* create new sadb_msg to reply. */ 5025 n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED, 5026 SADB_EXT_SA, SADB_X_EXT_SA2, 5027 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, 5028 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 5029 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST); 5030 if (!n) 5031 return NULL; 5032 5033 if (n->m_len < sizeof(struct sadb_msg)) { 5034 n = m_pullup(n, sizeof(struct sadb_msg)); 5035 if (n == NULL) 5036 return NULL; 5037 } 5038 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; 5039 mtod(n, struct sadb_msg *)->sadb_msg_len = 5040 PFKEY_UNIT64(n->m_pkthdr.len); 5041 5042 return n; 5043 } 5044 5045 static int key_delete_all __P((struct socket *, struct mbuf *, 5046 const struct sadb_msghdr *, u_int16_t)); 5047 5048 /* 5049 * SADB_DELETE processing 5050 * receive 5051 * <base, SA(*), address(SD)> 5052 * from the ikmpd, and set SADB_SASTATE_DEAD, 5053 * and send, 5054 * <base, SA(*), address(SD)> 5055 * to the ikmpd. 5056 * 5057 * m will always be freed. 5058 */ 5059 static int 5060 key_delete(so, m, mhp) 5061 struct socket *so; 5062 struct mbuf *m; 5063 const struct sadb_msghdr *mhp; 5064 { 5065 struct sadb_sa *sa0; 5066 struct sadb_address *src0, *dst0; 5067 struct secasindex saidx; 5068 struct secashead *sah; 5069 struct secasvar *sav = NULL; 5070 u_int16_t proto; 5071 5072 IPSEC_ASSERT(so != NULL, ("null socket")); 5073 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5074 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5075 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5076 5077 /* map satype to proto */ 5078 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5079 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5080 __func__)); 5081 return key_senderror(so, m, EINVAL); 5082 } 5083 5084 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 5085 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { 5086 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5087 __func__)); 5088 return key_senderror(so, m, EINVAL); 5089 } 5090 5091 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 5092 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 5093 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5094 __func__)); 5095 return key_senderror(so, m, EINVAL); 5096 } 5097 5098 if (mhp->ext[SADB_EXT_SA] == NULL) { 5099 /* 5100 * Caller wants us to delete all non-LARVAL SAs 5101 * that match the src/dst. This is used during 5102 * IKE INITIAL-CONTACT. 5103 */ 5104 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__)); 5105 return key_delete_all(so, m, mhp, proto); 5106 } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) { 5107 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5108 __func__)); 5109 return key_senderror(so, m, EINVAL); 5110 } 5111 5112 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5113 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5114 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5115 5116 /* XXX boundary check against sa_len */ 5117 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 5118 5119 /* get a SA header */ 5120 SAHTREE_LOCK(); 5121 LIST_FOREACH(sah, &sahtree, chain) { 5122 if (sah->state == SADB_SASTATE_DEAD) 5123 continue; 5124 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) 5125 continue; 5126 5127 /* get a SA with SPI. */ 5128 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); 5129 if (sav) 5130 break; 5131 } 5132 if (sah == NULL) { 5133 SAHTREE_UNLOCK(); 5134 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); 5135 return key_senderror(so, m, ENOENT); 5136 } 5137 5138 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 5139 SAHTREE_UNLOCK(); 5140 KEY_FREESAV(&sav); 5141 5142 { 5143 struct mbuf *n; 5144 struct sadb_msg *newmsg; 5145 5146 /* create new sadb_msg to reply. */ 5147 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 5148 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 5149 if (!n) 5150 return key_senderror(so, m, ENOBUFS); 5151 5152 if (n->m_len < sizeof(struct sadb_msg)) { 5153 n = m_pullup(n, sizeof(struct sadb_msg)); 5154 if (n == NULL) 5155 return key_senderror(so, m, ENOBUFS); 5156 } 5157 newmsg = mtod(n, struct sadb_msg *); 5158 newmsg->sadb_msg_errno = 0; 5159 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5160 5161 m_freem(m); 5162 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5163 } 5164 } 5165 5166 /* 5167 * delete all SAs for src/dst. Called from key_delete(). 5168 */ 5169 static int 5170 key_delete_all(so, m, mhp, proto) 5171 struct socket *so; 5172 struct mbuf *m; 5173 const struct sadb_msghdr *mhp; 5174 u_int16_t proto; 5175 { 5176 struct sadb_address *src0, *dst0; 5177 struct secasindex saidx; 5178 struct secashead *sah; 5179 struct secasvar *sav, *nextsav; 5180 u_int stateidx, state; 5181 5182 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5183 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5184 5185 /* XXX boundary check against sa_len */ 5186 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 5187 5188 SAHTREE_LOCK(); 5189 LIST_FOREACH(sah, &sahtree, chain) { 5190 if (sah->state == SADB_SASTATE_DEAD) 5191 continue; 5192 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) 5193 continue; 5194 5195 /* Delete all non-LARVAL SAs. */ 5196 for (stateidx = 0; 5197 stateidx < _ARRAYLEN(saorder_state_alive); 5198 stateidx++) { 5199 state = saorder_state_alive[stateidx]; 5200 if (state == SADB_SASTATE_LARVAL) 5201 continue; 5202 for (sav = LIST_FIRST(&sah->savtree[state]); 5203 sav != NULL; sav = nextsav) { 5204 nextsav = LIST_NEXT(sav, chain); 5205 /* sanity check */ 5206 if (sav->state != state) { 5207 ipseclog((LOG_DEBUG, "%s: invalid " 5208 "sav->state (queue %d SA %d)\n", 5209 __func__, state, sav->state)); 5210 continue; 5211 } 5212 5213 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 5214 KEY_FREESAV(&sav); 5215 } 5216 } 5217 } 5218 SAHTREE_UNLOCK(); 5219 { 5220 struct mbuf *n; 5221 struct sadb_msg *newmsg; 5222 5223 /* create new sadb_msg to reply. */ 5224 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, 5225 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 5226 if (!n) 5227 return key_senderror(so, m, ENOBUFS); 5228 5229 if (n->m_len < sizeof(struct sadb_msg)) { 5230 n = m_pullup(n, sizeof(struct sadb_msg)); 5231 if (n == NULL) 5232 return key_senderror(so, m, ENOBUFS); 5233 } 5234 newmsg = mtod(n, struct sadb_msg *); 5235 newmsg->sadb_msg_errno = 0; 5236 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5237 5238 m_freem(m); 5239 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5240 } 5241 } 5242 5243 /* 5244 * SADB_GET processing 5245 * receive 5246 * <base, SA(*), address(SD)> 5247 * from the ikmpd, and get a SP and a SA to respond, 5248 * and send, 5249 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), 5250 * (identity(SD),) (sensitivity)> 5251 * to the ikmpd. 5252 * 5253 * m will always be freed. 5254 */ 5255 static int 5256 key_get(so, m, mhp) 5257 struct socket *so; 5258 struct mbuf *m; 5259 const struct sadb_msghdr *mhp; 5260 { 5261 struct sadb_sa *sa0; 5262 struct sadb_address *src0, *dst0; 5263 struct secasindex saidx; 5264 struct secashead *sah; 5265 struct secasvar *sav = NULL; 5266 u_int16_t proto; 5267 5268 IPSEC_ASSERT(so != NULL, ("null socket")); 5269 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5270 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5271 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5272 5273 /* map satype to proto */ 5274 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5275 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5276 __func__)); 5277 return key_senderror(so, m, EINVAL); 5278 } 5279 5280 if (mhp->ext[SADB_EXT_SA] == NULL || 5281 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 5282 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { 5283 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5284 __func__)); 5285 return key_senderror(so, m, EINVAL); 5286 } 5287 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || 5288 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 5289 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 5290 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5291 __func__)); 5292 return key_senderror(so, m, EINVAL); 5293 } 5294 5295 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5296 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 5297 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 5298 5299 /* XXX boundary check against sa_len */ 5300 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 5301 5302 /* get a SA header */ 5303 SAHTREE_LOCK(); 5304 LIST_FOREACH(sah, &sahtree, chain) { 5305 if (sah->state == SADB_SASTATE_DEAD) 5306 continue; 5307 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) 5308 continue; 5309 5310 /* get a SA with SPI. */ 5311 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); 5312 if (sav) 5313 break; 5314 } 5315 SAHTREE_UNLOCK(); 5316 if (sah == NULL) { 5317 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); 5318 return key_senderror(so, m, ENOENT); 5319 } 5320 5321 { 5322 struct mbuf *n; 5323 u_int8_t satype; 5324 5325 /* map proto to satype */ 5326 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 5327 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n", 5328 __func__)); 5329 return key_senderror(so, m, EINVAL); 5330 } 5331 5332 /* create new sadb_msg to reply. */ 5333 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, 5334 mhp->msg->sadb_msg_pid); 5335 if (!n) 5336 return key_senderror(so, m, ENOBUFS); 5337 5338 m_freem(m); 5339 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 5340 } 5341 } 5342 5343 /* XXX make it sysctl-configurable? */ 5344 static void 5345 key_getcomb_setlifetime(comb) 5346 struct sadb_comb *comb; 5347 { 5348 5349 comb->sadb_comb_soft_allocations = 1; 5350 comb->sadb_comb_hard_allocations = 1; 5351 comb->sadb_comb_soft_bytes = 0; 5352 comb->sadb_comb_hard_bytes = 0; 5353 comb->sadb_comb_hard_addtime = 86400; /* 1 day */ 5354 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; 5355 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */ 5356 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100; 5357 } 5358 5359 /* 5360 * XXX reorder combinations by preference 5361 * XXX no idea if the user wants ESP authentication or not 5362 */ 5363 static struct mbuf * 5364 key_getcomb_esp() 5365 { 5366 struct sadb_comb *comb; 5367 struct enc_xform *algo; 5368 struct mbuf *result = NULL, *m, *n; 5369 int encmin; 5370 int i, off, o; 5371 int totlen; 5372 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 5373 5374 m = NULL; 5375 for (i = 1; i <= SADB_EALG_MAX; i++) { 5376 algo = esp_algorithm_lookup(i); 5377 if (algo == NULL) 5378 continue; 5379 5380 /* discard algorithms with key size smaller than system min */ 5381 if (_BITS(algo->maxkey) < ipsec_esp_keymin) 5382 continue; 5383 if (_BITS(algo->minkey) < ipsec_esp_keymin) 5384 encmin = ipsec_esp_keymin; 5385 else 5386 encmin = _BITS(algo->minkey); 5387 5388 if (ipsec_esp_auth) 5389 m = key_getcomb_ah(); 5390 else { 5391 IPSEC_ASSERT(l <= MLEN, 5392 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 5393 MGET(m, M_DONTWAIT, MT_DATA); 5394 if (m) { 5395 M_ALIGN(m, l); 5396 m->m_len = l; 5397 m->m_next = NULL; 5398 bzero(mtod(m, caddr_t), m->m_len); 5399 } 5400 } 5401 if (!m) 5402 goto fail; 5403 5404 totlen = 0; 5405 for (n = m; n; n = n->m_next) 5406 totlen += n->m_len; 5407 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l)); 5408 5409 for (off = 0; off < totlen; off += l) { 5410 n = m_pulldown(m, off, l, &o); 5411 if (!n) { 5412 /* m is already freed */ 5413 goto fail; 5414 } 5415 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o); 5416 bzero(comb, sizeof(*comb)); 5417 key_getcomb_setlifetime(comb); 5418 comb->sadb_comb_encrypt = i; 5419 comb->sadb_comb_encrypt_minbits = encmin; 5420 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey); 5421 } 5422 5423 if (!result) 5424<