Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/netipsec/key.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $FreeBSD$ */ 2 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 3 4 /*- 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * This code is referd to RFC 2367 35 */ 36 37 #include "opt_inet.h" 38 #include "opt_inet6.h" 39 #include "opt_ipsec.h" 40 41 #include <sys/types.h> 42 #include <sys/param.h> 43 #include <sys/systm.h> 44 #include <sys/kernel.h> 45 #include <sys/lock.h> 46 #include <sys/mutex.h> 47 #include <sys/mbuf.h> 48 #include <sys/domain.h> 49 #include <sys/protosw.h> 50 #include <sys/malloc.h> 51 #include <sys/socket.h> 52 #include <sys/socketvar.h> 53 #include <sys/sysctl.h> 54 #include <sys/errno.h> 55 #include <sys/proc.h> 56 #include <sys/queue.h> 57 #include <sys/refcount.h> 58 #include <sys/syslog.h> 59 60 #include <net/if.h> 61 #include <net/route.h> 62 #include <net/raw_cb.h> 63 64 #include <netinet/in.h> 65 #include <netinet/in_systm.h> 66 #include <netinet/ip.h> 67 #include <netinet/in_var.h> 68 69 #ifdef INET6 70 #include <netinet/ip6.h> 71 #include <netinet6/in6_var.h> 72 #include <netinet6/ip6_var.h> 73 #endif /* INET6 */ 74 75 #ifdef INET 76 #include <netinet/in_pcb.h> 77 #endif 78 #ifdef INET6 79 #include <netinet6/in6_pcb.h> 80 #endif /* INET6 */ 81 82 #include <net/pfkeyv2.h> 83 #include <netipsec/keydb.h> 84 #include <netipsec/key.h> 85 #include <netipsec/keysock.h> 86 #include <netipsec/key_debug.h> 87 88 #include <netipsec/ipsec.h> 89 #ifdef INET6 90 #include <netipsec/ipsec6.h> 91 #endif 92 93 #include <netipsec/xform.h> 94 95 #include <machine/stdarg.h> 96 97 /* randomness */ 98 #include <sys/random.h> 99 100 #define FULLMASK 0xff 101 #define _BITS(bytes) ((bytes) << 3) 102 103 /* 104 * Note on SA reference counting: 105 * - SAs that are not in DEAD state will have (total external reference + 1) 106 * following value in reference count field. they cannot be freed and are 107 * referenced from SA header. 108 * - SAs that are in DEAD state will have (total external reference) 109 * in reference count field. they are ready to be freed. reference from 110 * SA header will be removed in key_delsav(), when the reference count 111 * field hits 0 (= no external reference other than from SA header. 112 */ 113 114 u_int32_t key_debug_level = 0; 115 static u_int key_spi_trycnt = 1000; 116 static u_int32_t key_spi_minval = 0x100; 117 static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */ 118 static u_int32_t policy_id = 0; 119 static u_int key_int_random = 60; /*interval to initialize randseed,1(m)*/ 120 static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/ 121 static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/ 122 static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/ 123 static int key_preferred_oldsa = 1; /* preferred old sa rather than new sa.*/ 124 125 static u_int32_t acq_seq = 0; 126 127 static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD */ 128 static struct mtx sptree_lock; 129 #define SPTREE_LOCK_INIT() \ 130 mtx_init(&sptree_lock, "sptree", \ 131 "fast ipsec security policy database", MTX_DEF) 132 #define SPTREE_LOCK_DESTROY() mtx_destroy(&sptree_lock) 133 #define SPTREE_LOCK() mtx_lock(&sptree_lock) 134 #define SPTREE_UNLOCK() mtx_unlock(&sptree_lock) 135 #define SPTREE_LOCK_ASSERT() mtx_assert(&sptree_lock, MA_OWNED) 136 137 static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */ 138 static struct mtx sahtree_lock; 139 #define SAHTREE_LOCK_INIT() \ 140 mtx_init(&sahtree_lock, "sahtree", \ 141 "fast ipsec security association database", MTX_DEF) 142 #define SAHTREE_LOCK_DESTROY() mtx_destroy(&sahtree_lock) 143 #define SAHTREE_LOCK() mtx_lock(&sahtree_lock) 144 #define SAHTREE_UNLOCK() mtx_unlock(&sahtree_lock) 145 #define SAHTREE_LOCK_ASSERT() mtx_assert(&sahtree_lock, MA_OWNED) 146 147 /* registed list */ 148 static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1]; 149 static struct mtx regtree_lock; 150 #define REGTREE_LOCK_INIT() \ 151 mtx_init(®tree_lock, "regtree", "fast ipsec regtree", MTX_DEF) 152 #define REGTREE_LOCK_DESTROY() mtx_destroy(®tree_lock) 153 #define REGTREE_LOCK() mtx_lock(®tree_lock) 154 #define REGTREE_UNLOCK() mtx_unlock(®tree_lock) 155 #define REGTREE_LOCK_ASSERT() mtx_assert(®tree_lock, MA_OWNED) 156 157 static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */ 158 static struct mtx acq_lock; 159 #define ACQ_LOCK_INIT() \ 160 mtx_init(&acq_lock, "acqtree", "fast ipsec acquire list", MTX_DEF) 161 #define ACQ_LOCK_DESTROY() mtx_destroy(&acq_lock) 162 #define ACQ_LOCK() mtx_lock(&acq_lock) 163 #define ACQ_UNLOCK() mtx_unlock(&acq_lock) 164 #define ACQ_LOCK_ASSERT() mtx_assert(&acq_lock, MA_OWNED) 165 166 static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */ 167 static struct mtx spacq_lock; 168 #define SPACQ_LOCK_INIT() \ 169 mtx_init(&spacq_lock, "spacqtree", \ 170 "fast ipsec security policy acquire list", MTX_DEF) 171 #define SPACQ_LOCK_DESTROY() mtx_destroy(&spacq_lock) 172 #define SPACQ_LOCK() mtx_lock(&spacq_lock) 173 #define SPACQ_UNLOCK() mtx_unlock(&spacq_lock) 174 #define SPACQ_LOCK_ASSERT() mtx_assert(&spacq_lock, MA_OWNED) 175 176 /* search order for SAs */ 177 static const u_int saorder_state_valid_prefer_old[] = { 178 SADB_SASTATE_DYING, SADB_SASTATE_MATURE, 179 }; 180 static const u_int saorder_state_valid_prefer_new[] = { 181 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, 182 }; 183 static u_int saorder_state_alive[] = { 184 /* except DEAD */ 185 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL 186 }; 187 static u_int saorder_state_any[] = { 188 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, 189 SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD 190 }; 191 192 static const int minsize[] = { 193 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 194 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 195 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 196 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 197 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 198 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */ 199 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */ 200 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */ 201 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */ 202 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */ 203 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */ 204 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */ 205 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */ 206 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */ 207 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */ 208 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */ 209 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 210 0, /* SADB_X_EXT_KMPRIVATE */ 211 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */ 212 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 213 }; 214 static const int maxsize[] = { 215 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */ 216 sizeof(struct sadb_sa), /* SADB_EXT_SA */ 217 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */ 218 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */ 219 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */ 220 0, /* SADB_EXT_ADDRESS_SRC */ 221 0, /* SADB_EXT_ADDRESS_DST */ 222 0, /* SADB_EXT_ADDRESS_PROXY */ 223 0, /* SADB_EXT_KEY_AUTH */ 224 0, /* SADB_EXT_KEY_ENCRYPT */ 225 0, /* SADB_EXT_IDENTITY_SRC */ 226 0, /* SADB_EXT_IDENTITY_DST */ 227 0, /* SADB_EXT_SENSITIVITY */ 228 0, /* SADB_EXT_PROPOSAL */ 229 0, /* SADB_EXT_SUPPORTED_AUTH */ 230 0, /* SADB_EXT_SUPPORTED_ENCRYPT */ 231 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */ 232 0, /* SADB_X_EXT_KMPRIVATE */ 233 0, /* SADB_X_EXT_POLICY */ 234 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */ 235 }; 236 237 static int ipsec_esp_keymin = 256; 238 static int ipsec_esp_auth = 0; 239 static int ipsec_ah_keymin = 128; 240 241 #ifdef SYSCTL_DECL 242 SYSCTL_DECL(_net_key); 243 #endif 244 245 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW, \ 246 &key_debug_level, 0, ""); 247 248 /* max count of trial for the decision of spi value */ 249 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \ 250 &key_spi_trycnt, 0, ""); 251 252 /* minimum spi value to allocate automatically. */ 253 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \ 254 &key_spi_minval, 0, ""); 255 256 /* maximun spi value to allocate automatically. */ 257 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \ 258 &key_spi_maxval, 0, ""); 259 260 /* interval to initialize randseed */ 261 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \ 262 &key_int_random, 0, ""); 263 264 /* lifetime for larval SA */ 265 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \ 266 &key_larval_lifetime, 0, ""); 267 268 /* counter for blocking to send SADB_ACQUIRE to IKEd */ 269 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \ 270 &key_blockacq_count, 0, ""); 271 272 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */ 273 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \ 274 &key_blockacq_lifetime, 0, ""); 275 276 /* ESP auth */ 277 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \ 278 &ipsec_esp_auth, 0, ""); 279 280 /* minimum ESP key length */ 281 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \ 282 &ipsec_esp_keymin, 0, ""); 283 284 /* minimum AH key length */ 285 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \ 286 &ipsec_ah_keymin, 0, ""); 287 288 /* perfered old SA rather than new SA */ 289 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, CTLFLAG_RW,\ 290 &key_preferred_oldsa, 0, ""); 291 292 #define __LIST_CHAINED(elm) \ 293 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL)) 294 #define LIST_INSERT_TAIL(head, elm, type, field) \ 295 do {\ 296 struct type *curelm = LIST_FIRST(head); \ 297 if (curelm == NULL) {\ 298 LIST_INSERT_HEAD(head, elm, field); \ 299 } else { \ 300 while (LIST_NEXT(curelm, field)) \ 301 curelm = LIST_NEXT(curelm, field);\ 302 LIST_INSERT_AFTER(curelm, elm, field);\ 303 }\ 304 } while (0) 305 306 #define KEY_CHKSASTATE(head, sav, name) \ 307 do { \ 308 if ((head) != (sav)) { \ 309 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%d SA=%d)\n", \ 310 (name), (head), (sav))); \ 311 continue; \ 312 } \ 313 } while (0) 314 315 #define KEY_CHKSPDIR(head, sp, name) \ 316 do { \ 317 if ((head) != (sp)) { \ 318 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%d SP=%d), " \ 319 "anyway continue.\n", \ 320 (name), (head), (sp))); \ 321 } \ 322 } while (0) 323 324 MALLOC_DEFINE(M_IPSEC_SA, "secasvar", "ipsec security association"); 325 MALLOC_DEFINE(M_IPSEC_SAH, "sahead", "ipsec sa head"); 326 MALLOC_DEFINE(M_IPSEC_SP, "ipsecpolicy", "ipsec security policy"); 327 MALLOC_DEFINE(M_IPSEC_SR, "ipsecrequest", "ipsec security request"); 328 MALLOC_DEFINE(M_IPSEC_MISC, "ipsec-misc", "ipsec miscellaneous"); 329 MALLOC_DEFINE(M_IPSEC_SAQ, "ipsec-saq", "ipsec sa acquire"); 330 MALLOC_DEFINE(M_IPSEC_SAR, "ipsec-reg", "ipsec sa acquire"); 331 332 /* 333 * set parameters into secpolicyindex buffer. 334 * Must allocate secpolicyindex buffer passed to this function. 335 */ 336 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \ 337 do { \ 338 bzero((idx), sizeof(struct secpolicyindex)); \ 339 (idx)->dir = (_dir); \ 340 (idx)->prefs = (ps); \ 341 (idx)->prefd = (pd); \ 342 (idx)->ul_proto = (ulp); \ 343 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 344 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 345 } while (0) 346 347 /* 348 * set parameters into secasindex buffer. 349 * Must allocate secasindex buffer before calling this function. 350 */ 351 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \ 352 do { \ 353 bzero((idx), sizeof(struct secasindex)); \ 354 (idx)->proto = (p); \ 355 (idx)->mode = (m); \ 356 (idx)->reqid = (r); \ 357 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \ 358 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \ 359 } while (0) 360 361 /* key statistics */ 362 struct _keystat { 363 u_long getspi_count; /* the avarage of count to try to get new SPI */ 364 } keystat; 365 366 struct sadb_msghdr { 367 struct sadb_msg *msg; 368 struct sadb_ext *ext[SADB_EXT_MAX + 1]; 369 int extoff[SADB_EXT_MAX + 1]; 370 int extlen[SADB_EXT_MAX + 1]; 371 }; 372 373 static struct secasvar *key_allocsa_policy __P((const struct secasindex *)); 374 static void key_freesp_so __P((struct secpolicy **)); 375 static struct secasvar *key_do_allocsa_policy __P((struct secashead *, u_int)); 376 static void key_delsp __P((struct secpolicy *)); 377 static struct secpolicy *key_getsp __P((struct secpolicyindex *)); 378 static void _key_delsp(struct secpolicy *sp); 379 static struct secpolicy *key_getspbyid __P((u_int32_t)); 380 static u_int32_t key_newreqid __P((void)); 381 static struct mbuf *key_gather_mbuf __P((struct mbuf *, 382 const struct sadb_msghdr *, int, int, ...)); 383 static int key_spdadd __P((struct socket *, struct mbuf *, 384 const struct sadb_msghdr *)); 385 static u_int32_t key_getnewspid __P((void)); 386 static int key_spddelete __P((struct socket *, struct mbuf *, 387 const struct sadb_msghdr *)); 388 static int key_spddelete2 __P((struct socket *, struct mbuf *, 389 const struct sadb_msghdr *)); 390 static int key_spdget __P((struct socket *, struct mbuf *, 391 const struct sadb_msghdr *)); 392 static int key_spdflush __P((struct socket *, struct mbuf *, 393 const struct sadb_msghdr *)); 394 static int key_spddump __P((struct socket *, struct mbuf *, 395 const struct sadb_msghdr *)); 396 static struct mbuf *key_setdumpsp __P((struct secpolicy *, 397 u_int8_t, u_int32_t, u_int32_t)); 398 static u_int key_getspreqmsglen __P((struct secpolicy *)); 399 static int key_spdexpire __P((struct secpolicy *)); 400 static struct secashead *key_newsah __P((struct secasindex *)); 401 static void key_delsah __P((struct secashead *)); 402 static struct secasvar *key_newsav __P((struct mbuf *, 403 const struct sadb_msghdr *, struct secashead *, int *, 404 const char*, int)); 405 #define KEY_NEWSAV(m, sadb, sah, e) \ 406 key_newsav(m, sadb, sah, e, __FILE__, __LINE__) 407 static void key_delsav __P((struct secasvar *)); 408 static struct secashead *key_getsah __P((struct secasindex *)); 409 static struct secasvar *key_checkspidup __P((struct secasindex *, u_int32_t)); 410 static struct secasvar *key_getsavbyspi __P((struct secashead *, u_int32_t)); 411 static int key_setsaval __P((struct secasvar *, struct mbuf *, 412 const struct sadb_msghdr *)); 413 static int key_mature __P((struct secasvar *)); 414 static struct mbuf *key_setdumpsa __P((struct secasvar *, u_int8_t, 415 u_int8_t, u_int32_t, u_int32_t)); 416 static struct mbuf *key_setsadbmsg __P((u_int8_t, u_int16_t, u_int8_t, 417 u_int32_t, pid_t, u_int16_t)); 418 static struct mbuf *key_setsadbsa __P((struct secasvar *)); 419 static struct mbuf *key_setsadbaddr __P((u_int16_t, 420 const struct sockaddr *, u_int8_t, u_int16_t)); 421 static struct mbuf *key_setsadbxsa2 __P((u_int8_t, u_int32_t, u_int32_t)); 422 static struct mbuf *key_setsadbxpolicy __P((u_int16_t, u_int8_t, 423 u_int32_t)); 424 static void *key_dup(const void *, u_int, struct malloc_type *); 425 #ifdef INET6 426 static int key_ismyaddr6 __P((struct sockaddr_in6 *)); 427 #endif 428 429 /* flags for key_cmpsaidx() */ 430 #define CMP_HEAD 1 /* protocol, addresses. */ 431 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */ 432 #define CMP_REQID 3 /* additionally HEAD, reaid. */ 433 #define CMP_EXACTLY 4 /* all elements. */ 434 static int key_cmpsaidx 435 __P((const struct secasindex *, const struct secasindex *, int)); 436 437 static int key_cmpspidx_exactly 438 __P((struct secpolicyindex *, struct secpolicyindex *)); 439 static int key_cmpspidx_withmask 440 __P((struct secpolicyindex *, struct secpolicyindex *)); 441 static int key_sockaddrcmp __P((const struct sockaddr *, const struct sockaddr *, int)); 442 static int key_bbcmp __P((const void *, const void *, u_int)); 443 static u_int16_t key_satype2proto __P((u_int8_t)); 444 static u_int8_t key_proto2satype __P((u_int16_t)); 445 446 static int key_getspi __P((struct socket *, struct mbuf *, 447 const struct sadb_msghdr *)); 448 static u_int32_t key_do_getnewspi __P((struct sadb_spirange *, 449 struct secasindex *)); 450 static int key_update __P((struct socket *, struct mbuf *, 451 const struct sadb_msghdr *)); 452 #ifdef IPSEC_DOSEQCHECK 453 static struct secasvar *key_getsavbyseq __P((struct secashead *, u_int32_t)); 454 #endif 455 static int key_add __P((struct socket *, struct mbuf *, 456 const struct sadb_msghdr *)); 457 static int key_setident __P((struct secashead *, struct mbuf *, 458 const struct sadb_msghdr *)); 459 static struct mbuf *key_getmsgbuf_x1 __P((struct mbuf *, 460 const struct sadb_msghdr *)); 461 static int key_delete __P((struct socket *, struct mbuf *, 462 const struct sadb_msghdr *)); 463 static int key_get __P((struct socket *, struct mbuf *, 464 const struct sadb_msghdr *)); 465 466 static void key_getcomb_setlifetime __P((struct sadb_comb *)); 467 static struct mbuf *key_getcomb_esp __P((void)); 468 static struct mbuf *key_getcomb_ah __P((void)); 469 static struct mbuf *key_getcomb_ipcomp __P((void)); 470 static struct mbuf *key_getprop __P((const struct secasindex *)); 471 472 static int key_acquire __P((const struct secasindex *, struct secpolicy *)); 473 static struct secacq *key_newacq __P((const struct secasindex *)); 474 static struct secacq *key_getacq __P((const struct secasindex *)); 475 static struct secacq *key_getacqbyseq __P((u_int32_t)); 476 static struct secspacq *key_newspacq __P((struct secpolicyindex *)); 477 static struct secspacq *key_getspacq __P((struct secpolicyindex *)); 478 static int key_acquire2 __P((struct socket *, struct mbuf *, 479 const struct sadb_msghdr *)); 480 static int key_register __P((struct socket *, struct mbuf *, 481 const struct sadb_msghdr *)); 482 static int key_expire __P((struct secasvar *)); 483 static int key_flush __P((struct socket *, struct mbuf *, 484 const struct sadb_msghdr *)); 485 static int key_dump __P((struct socket *, struct mbuf *, 486 const struct sadb_msghdr *)); 487 static int key_promisc __P((struct socket *, struct mbuf *, 488 const struct sadb_msghdr *)); 489 static int key_senderror __P((struct socket *, struct mbuf *, int)); 490 static int key_validate_ext __P((const struct sadb_ext *, int)); 491 static int key_align __P((struct mbuf *, struct sadb_msghdr *)); 492 #if 0 493 static const char *key_getfqdn __P((void)); 494 static const char *key_getuserfqdn __P((void)); 495 #endif 496 static void key_sa_chgstate __P((struct secasvar *, u_int8_t)); 497 static struct mbuf *key_alloc_mbuf __P((int)); 498 499 static __inline void 500 sa_initref(struct secasvar *sav) 501 { 502 503 refcount_init(&sav->refcnt, 1); 504 } 505 static __inline void 506 sa_addref(struct secasvar *sav) 507 { 508 509 refcount_acquire(&sav->refcnt); 510 IPSEC_ASSERT(sav->refcnt != 0, ("SA refcnt overflow")); 511 } 512 static __inline int 513 sa_delref(struct secasvar *sav) 514 { 515 516 IPSEC_ASSERT(sav->refcnt > 0, ("SA refcnt underflow")); 517 return (refcount_release(&sav->refcnt)); 518 } 519 520 #define SP_ADDREF(p) do { \ 521 (p)->refcnt++; \ 522 IPSEC_ASSERT((p)->refcnt != 0, ("SP refcnt overflow")); \ 523 } while (0) 524 #define SP_DELREF(p) do { \ 525 IPSEC_ASSERT((p)->refcnt > 0, ("SP refcnt underflow")); \ 526 (p)->refcnt--; \ 527 } while (0) 528 529 530 /* 531 * Update the refcnt while holding the SPTREE lock. 532 */ 533 void 534 key_addref(struct secpolicy *sp) 535 { 536 SPTREE_LOCK(); 537 SP_ADDREF(sp); 538 SPTREE_UNLOCK(); 539 } 540 541 /* 542 * Return 0 when there are known to be no SP's for the specified 543 * direction. Otherwise return 1. This is used by IPsec code 544 * to optimize performance. 545 */ 546 int 547 key_havesp(u_int dir) 548 { 549 return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ? 550 LIST_FIRST(&sptree[dir]) != NULL : 1); 551 } 552 553 /* %%% IPsec policy management */ 554 /* 555 * allocating a SP for OUTBOUND or INBOUND packet. 556 * Must call key_freesp() later. 557 * OUT: NULL: not found 558 * others: found and return the pointer. 559 */ 560 struct secpolicy * 561 key_allocsp(struct secpolicyindex *spidx, u_int dir, const char* where, int tag) 562 { 563 struct secpolicy *sp; 564 565 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 566 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 567 ("invalid direction %u", dir)); 568 569 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 570 printf("DP %s from %s:%u\n", __func__, where, tag)); 571 572 /* get a SP entry */ 573 KEYDEBUG(KEYDEBUG_IPSEC_DATA, 574 printf("*** objects\n"); 575 kdebug_secpolicyindex(spidx)); 576 577 SPTREE_LOCK(); 578 LIST_FOREACH(sp, &sptree[dir], chain) { 579 KEYDEBUG(KEYDEBUG_IPSEC_DATA, 580 printf("*** in SPD\n"); 581 kdebug_secpolicyindex(&sp->spidx)); 582 583 if (sp->state == IPSEC_SPSTATE_DEAD) 584 continue; 585 if (key_cmpspidx_withmask(&sp->spidx, spidx)) 586 goto found; 587 } 588 sp = NULL; 589 found: 590 if (sp) { 591 /* sanity check */ 592 KEY_CHKSPDIR(sp->spidx.dir, dir, __func__); 593 594 /* found a SPD entry */ 595 sp->lastused = time_second; 596 SP_ADDREF(sp); 597 } 598 SPTREE_UNLOCK(); 599 600 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 601 printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__, 602 sp, sp ? sp->id : 0, sp ? sp->refcnt : 0)); 603 return sp; 604 } 605 606 /* 607 * allocating a SP for OUTBOUND or INBOUND packet. 608 * Must call key_freesp() later. 609 * OUT: NULL: not found 610 * others: found and return the pointer. 611 */ 612 struct secpolicy * 613 key_allocsp2(u_int32_t spi, 614 union sockaddr_union *dst, 615 u_int8_t proto, 616 u_int dir, 617 const char* where, int tag) 618 { 619 struct secpolicy *sp; 620 621 IPSEC_ASSERT(dst != NULL, ("null dst")); 622 IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, 623 ("invalid direction %u", dir)); 624 625 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 626 printf("DP %s from %s:%u\n", __func__, where, tag)); 627 628 /* get a SP entry */ 629 KEYDEBUG(KEYDEBUG_IPSEC_DATA, 630 printf("*** objects\n"); 631 printf("spi %u proto %u dir %u\n", spi, proto, dir); 632 kdebug_sockaddr(&dst->sa)); 633 634 SPTREE_LOCK(); 635 LIST_FOREACH(sp, &sptree[dir], chain) { 636 KEYDEBUG(KEYDEBUG_IPSEC_DATA, 637 printf("*** in SPD\n"); 638 kdebug_secpolicyindex(&sp->spidx)); 639 640 if (sp->state == IPSEC_SPSTATE_DEAD) 641 continue; 642 /* compare simple values, then dst address */ 643 if (sp->spidx.ul_proto != proto) 644 continue; 645 /* NB: spi's must exist and match */ 646 if (!sp->req || !sp->req->sav || sp->req->sav->spi != spi) 647 continue; 648 if (key_sockaddrcmp(&sp->spidx.dst.sa, &dst->sa, 1) == 0) 649 goto found; 650 } 651 sp = NULL; 652 found: 653 if (sp) { 654 /* sanity check */ 655 KEY_CHKSPDIR(sp->spidx.dir, dir, __func__); 656 657 /* found a SPD entry */ 658 sp->lastused = time_second; 659 SP_ADDREF(sp); 660 } 661 SPTREE_UNLOCK(); 662 663 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 664 printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__, 665 sp, sp ? sp->id : 0, sp ? sp->refcnt : 0)); 666 return sp; 667 } 668 669 /* 670 * return a policy that matches this particular inbound packet. 671 * XXX slow 672 */ 673 struct secpolicy * 674 key_gettunnel(const struct sockaddr *osrc, 675 const struct sockaddr *odst, 676 const struct sockaddr *isrc, 677 const struct sockaddr *idst, 678 const char* where, int tag) 679 { 680 struct secpolicy *sp; 681 const int dir = IPSEC_DIR_INBOUND; 682 struct ipsecrequest *r1, *r2, *p; 683 struct secpolicyindex spidx; 684 685 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 686 printf("DP %s from %s:%u\n", __func__, where, tag)); 687 688 if (isrc->sa_family != idst->sa_family) { 689 ipseclog((LOG_ERR, "%s: protocol family mismatched %d != %d\n.", 690 __func__, isrc->sa_family, idst->sa_family)); 691 sp = NULL; 692 goto done; 693 } 694 695 SPTREE_LOCK(); 696 LIST_FOREACH(sp, &sptree[dir], chain) { 697 if (sp->state == IPSEC_SPSTATE_DEAD) 698 continue; 699 700 r1 = r2 = NULL; 701 for (p = sp->req; p; p = p->next) { 702 if (p->saidx.mode != IPSEC_MODE_TUNNEL) 703 continue; 704 705 r1 = r2; 706 r2 = p; 707 708 if (!r1) { 709 /* here we look at address matches only */ 710 spidx = sp->spidx; 711 if (isrc->sa_len > sizeof(spidx.src) || 712 idst->sa_len > sizeof(spidx.dst)) 713 continue; 714 bcopy(isrc, &spidx.src, isrc->sa_len); 715 bcopy(idst, &spidx.dst, idst->sa_len); 716 if (!key_cmpspidx_withmask(&sp->spidx, &spidx)) 717 continue; 718 } else { 719 if (key_sockaddrcmp(&r1->saidx.src.sa, isrc, 0) || 720 key_sockaddrcmp(&r1->saidx.dst.sa, idst, 0)) 721 continue; 722 } 723 724 if (key_sockaddrcmp(&r2->saidx.src.sa, osrc, 0) || 725 key_sockaddrcmp(&r2->saidx.dst.sa, odst, 0)) 726 continue; 727 728 goto found; 729 } 730 } 731 sp = NULL; 732 found: 733 if (sp) { 734 sp->lastused = time_second; 735 SP_ADDREF(sp); 736 } 737 SPTREE_UNLOCK(); 738 done: 739 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 740 printf("DP %s return SP:%p (ID=%u) refcnt %u\n", __func__, 741 sp, sp ? sp->id : 0, sp ? sp->refcnt : 0)); 742 return sp; 743 } 744 745 /* 746 * allocating an SA entry for an *OUTBOUND* packet. 747 * checking each request entries in SP, and acquire an SA if need. 748 * OUT: 0: there are valid requests. 749 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring. 750 */ 751 int 752 key_checkrequest(struct ipsecrequest *isr, const struct secasindex *saidx) 753 { 754 u_int level; 755 int error; 756 757 IPSEC_ASSERT(isr != NULL, ("null isr")); 758 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 759 IPSEC_ASSERT(saidx->mode == IPSEC_MODE_TRANSPORT || 760 saidx->mode == IPSEC_MODE_TUNNEL, 761 ("unexpected policy %u", saidx->mode)); 762 763 /* 764 * XXX guard against protocol callbacks from the crypto 765 * thread as they reference ipsecrequest.sav which we 766 * temporarily null out below. Need to rethink how we 767 * handle bundled SA's in the callback thread. 768 */ 769 IPSECREQUEST_LOCK_ASSERT(isr); 770 771 /* get current level */ 772 level = ipsec_get_reqlevel(isr); 773 #if 0 774 /* 775 * We do allocate new SA only if the state of SA in the holder is 776 * SADB_SASTATE_DEAD. The SA for outbound must be the oldest. 777 */ 778 if (isr->sav != NULL) { 779 if (isr->sav->sah == NULL) 780 panic("%s: sah is null.\n", __func__); 781 if (isr->sav == (struct secasvar *)LIST_FIRST( 782 &isr->sav->sah->savtree[SADB_SASTATE_DEAD])) { 783 KEY_FREESAV(&isr->sav); 784 isr->sav = NULL; 785 } 786 } 787 #else 788 /* 789 * we free any SA stashed in the IPsec request because a different 790 * SA may be involved each time this request is checked, either 791 * because new SAs are being configured, or this request is 792 * associated with an unconnected datagram socket, or this request 793 * is associated with a system default policy. 794 * 795 * The operation may have negative impact to performance. We may 796 * want to check cached SA carefully, rather than picking new SA 797 * every time. 798 */ 799 if (isr->sav != NULL) { 800 KEY_FREESAV(&isr->sav); 801 isr->sav = NULL; 802 } 803 #endif 804 805 /* 806 * new SA allocation if no SA found. 807 * key_allocsa_policy should allocate the oldest SA available. 808 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt. 809 */ 810 if (isr->sav == NULL) 811 isr->sav = key_allocsa_policy(saidx); 812 813 /* When there is SA. */ 814 if (isr->sav != NULL) { 815 if (isr->sav->state != SADB_SASTATE_MATURE && 816 isr->sav->state != SADB_SASTATE_DYING) 817 return EINVAL; 818 return 0; 819 } 820 821 /* there is no SA */ 822 error = key_acquire(saidx, isr->sp); 823 if (error != 0) { 824 /* XXX What should I do ? */ 825 ipseclog((LOG_DEBUG, "%s: error %d returned from key_acquire\n", 826 __func__, error)); 827 return error; 828 } 829 830 if (level != IPSEC_LEVEL_REQUIRE) { 831 /* XXX sigh, the interface to this routine is botched */ 832 IPSEC_ASSERT(isr->sav == NULL, ("unexpected SA")); 833 return 0; 834 } else { 835 return ENOENT; 836 } 837 } 838 839 /* 840 * allocating a SA for policy entry from SAD. 841 * NOTE: searching SAD of aliving state. 842 * OUT: NULL: not found. 843 * others: found and return the pointer. 844 */ 845 static struct secasvar * 846 key_allocsa_policy(const struct secasindex *saidx) 847 { 848 #define N(a) _ARRAYLEN(a) 849 struct secashead *sah; 850 struct secasvar *sav; 851 u_int stateidx, arraysize; 852 const u_int *state_valid; 853 854 SAHTREE_LOCK(); 855 LIST_FOREACH(sah, &sahtree, chain) { 856 if (sah->state == SADB_SASTATE_DEAD) 857 continue; 858 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID)) { 859 if (key_preferred_oldsa) { 860 state_valid = saorder_state_valid_prefer_old; 861 arraysize = N(saorder_state_valid_prefer_old); 862 } else { 863 state_valid = saorder_state_valid_prefer_new; 864 arraysize = N(saorder_state_valid_prefer_new); 865 } 866 SAHTREE_UNLOCK(); 867 goto found; 868 } 869 } 870 SAHTREE_UNLOCK(); 871 872 return NULL; 873 874 found: 875 /* search valid state */ 876 for (stateidx = 0; stateidx < arraysize; stateidx++) { 877 sav = key_do_allocsa_policy(sah, state_valid[stateidx]); 878 if (sav != NULL) 879 return sav; 880 } 881 882 return NULL; 883 #undef N 884 } 885 886 /* 887 * searching SAD with direction, protocol, mode and state. 888 * called by key_allocsa_policy(). 889 * OUT: 890 * NULL : not found 891 * others : found, pointer to a SA. 892 */ 893 static struct secasvar * 894 key_do_allocsa_policy(struct secashead *sah, u_int state) 895 { 896 struct secasvar *sav, *nextsav, *candidate, *d; 897 898 /* initilize */ 899 candidate = NULL; 900 901 SAHTREE_LOCK(); 902 for (sav = LIST_FIRST(&sah->savtree[state]); 903 sav != NULL; 904 sav = nextsav) { 905 906 nextsav = LIST_NEXT(sav, chain); 907 908 /* sanity check */ 909 KEY_CHKSASTATE(sav->state, state, __func__); 910 911 /* initialize */ 912 if (candidate == NULL) { 913 candidate = sav; 914 continue; 915 } 916 917 /* Which SA is the better ? */ 918 919 IPSEC_ASSERT(candidate->lft_c != NULL, 920 ("null candidate lifetime")); 921 IPSEC_ASSERT(sav->lft_c != NULL, ("null sav lifetime")); 922 923 /* What the best method is to compare ? */ 924 if (key_preferred_oldsa) { 925 if (candidate->lft_c->sadb_lifetime_addtime > 926 sav->lft_c->sadb_lifetime_addtime) { 927 candidate = sav; 928 } 929 continue; 930 /*NOTREACHED*/ 931 } 932 933 /* preferred new sa rather than old sa */ 934 if (candidate->lft_c->sadb_lifetime_addtime < 935 sav->lft_c->sadb_lifetime_addtime) { 936 d = candidate; 937 candidate = sav; 938 } else 939 d = sav; 940 941 /* 942 * prepared to delete the SA when there is more 943 * suitable candidate and the lifetime of the SA is not 944 * permanent. 945 */ 946 if (d->lft_h->sadb_lifetime_addtime != 0) { 947 struct mbuf *m, *result; 948 u_int8_t satype; 949 950 key_sa_chgstate(d, SADB_SASTATE_DEAD); 951 952 IPSEC_ASSERT(d->refcnt > 0, ("bogus ref count")); 953 954 satype = key_proto2satype(d->sah->saidx.proto); 955 if (satype == 0) 956 goto msgfail; 957 958 m = key_setsadbmsg(SADB_DELETE, 0, 959 satype, 0, 0, d->refcnt - 1); 960 if (!m) 961 goto msgfail; 962 result = m; 963 964 /* set sadb_address for saidx's. */ 965 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 966 &d->sah->saidx.src.sa, 967 d->sah->saidx.src.sa.sa_len << 3, 968 IPSEC_ULPROTO_ANY); 969 if (!m) 970 goto msgfail; 971 m_cat(result, m); 972 973 /* set sadb_address for saidx's. */ 974 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 975 &d->sah->saidx.dst.sa, 976 d->sah->saidx.dst.sa.sa_len << 3, 977 IPSEC_ULPROTO_ANY); 978 if (!m) 979 goto msgfail; 980 m_cat(result, m); 981 982 /* create SA extension */ 983 m = key_setsadbsa(d); 984 if (!m) 985 goto msgfail; 986 m_cat(result, m); 987 988 if (result->m_len < sizeof(struct sadb_msg)) { 989 result = m_pullup(result, 990 sizeof(struct sadb_msg)); 991 if (result == NULL) 992 goto msgfail; 993 } 994 995 result->m_pkthdr.len = 0; 996 for (m = result; m; m = m->m_next) 997 result->m_pkthdr.len += m->m_len; 998 mtod(result, struct sadb_msg *)->sadb_msg_len = 999 PFKEY_UNIT64(result->m_pkthdr.len); 1000 1001 if (key_sendup_mbuf(NULL, result, 1002 KEY_SENDUP_REGISTERED)) 1003 goto msgfail; 1004 msgfail: 1005 KEY_FREESAV(&d); 1006 } 1007 } 1008 if (candidate) { 1009 sa_addref(candidate); 1010 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1011 printf("DP %s cause refcnt++:%d SA:%p\n", 1012 __func__, candidate->refcnt, candidate)); 1013 } 1014 SAHTREE_UNLOCK(); 1015 1016 return candidate; 1017 } 1018 1019 /* 1020 * allocating a usable SA entry for a *INBOUND* packet. 1021 * Must call key_freesav() later. 1022 * OUT: positive: pointer to a usable sav (i.e. MATURE or DYING state). 1023 * NULL: not found, or error occured. 1024 * 1025 * In the comparison, no source address is used--for RFC2401 conformance. 1026 * To quote, from section 4.1: 1027 * A security association is uniquely identified by a triple consisting 1028 * of a Security Parameter Index (SPI), an IP Destination Address, and a 1029 * security protocol (AH or ESP) identifier. 1030 * Note that, however, we do need to keep source address in IPsec SA. 1031 * IKE specification and PF_KEY specification do assume that we 1032 * keep source address in IPsec SA. We see a tricky situation here. 1033 */ 1034 struct secasvar * 1035 key_allocsa( 1036 union sockaddr_union *dst, 1037 u_int proto, 1038 u_int32_t spi, 1039 const char* where, int tag) 1040 { 1041 struct secashead *sah; 1042 struct secasvar *sav; 1043 u_int stateidx, arraysize, state; 1044 const u_int *saorder_state_valid; 1045 1046 IPSEC_ASSERT(dst != NULL, ("null dst address")); 1047 1048 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1049 printf("DP %s from %s:%u\n", __func__, where, tag)); 1050 1051 /* 1052 * searching SAD. 1053 * XXX: to be checked internal IP header somewhere. Also when 1054 * IPsec tunnel packet is received. But ESP tunnel mode is 1055 * encrypted so we can't check internal IP header. 1056 */ 1057 SAHTREE_LOCK(); 1058 if (key_preferred_oldsa) { 1059 saorder_state_valid = saorder_state_valid_prefer_old; 1060 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old); 1061 } else { 1062 saorder_state_valid = saorder_state_valid_prefer_new; 1063 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new); 1064 } 1065 LIST_FOREACH(sah, &sahtree, chain) { 1066 /* search valid state */ 1067 for (stateidx = 0; stateidx < arraysize; stateidx++) { 1068 state = saorder_state_valid[stateidx]; 1069 LIST_FOREACH(sav, &sah->savtree[state], chain) { 1070 /* sanity check */ 1071 KEY_CHKSASTATE(sav->state, state, __func__); 1072 /* do not return entries w/ unusable state */ 1073 if (sav->state != SADB_SASTATE_MATURE && 1074 sav->state != SADB_SASTATE_DYING) 1075 continue; 1076 if (proto != sav->sah->saidx.proto) 1077 continue; 1078 if (spi != sav->spi) 1079 continue; 1080 #if 0 /* don't check src */ 1081 /* check src address */ 1082 if (key_sockaddrcmp(&src->sa, &sav->sah->saidx.src.sa, 0) != 0) 1083 continue; 1084 #endif 1085 /* check dst address */ 1086 if (key_sockaddrcmp(&dst->sa, &sav->sah->saidx.dst.sa, 0) != 0) 1087 continue; 1088 sa_addref(sav); 1089 goto done; 1090 } 1091 } 1092 } 1093 sav = NULL; 1094 done: 1095 SAHTREE_UNLOCK(); 1096 1097 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1098 printf("DP %s return SA:%p; refcnt %u\n", __func__, 1099 sav, sav ? sav->refcnt : 0)); 1100 return sav; 1101 } 1102 1103 /* 1104 * Must be called after calling key_allocsp(). 1105 * For both the packet without socket and key_freeso(). 1106 */ 1107 void 1108 _key_freesp(struct secpolicy **spp, const char* where, int tag) 1109 { 1110 struct secpolicy *sp = *spp; 1111 1112 IPSEC_ASSERT(sp != NULL, ("null sp")); 1113 1114 SPTREE_LOCK(); 1115 SP_DELREF(sp); 1116 1117 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1118 printf("DP %s SP:%p (ID=%u) from %s:%u; refcnt now %u\n", 1119 __func__, sp, sp->id, where, tag, sp->refcnt)); 1120 1121 if (sp->refcnt == 0) { 1122 *spp = NULL; 1123 key_delsp(sp); 1124 } 1125 SPTREE_UNLOCK(); 1126 } 1127 1128 /* 1129 * Must be called after calling key_allocsp(). 1130 * For the packet with socket. 1131 */ 1132 void 1133 key_freeso(struct socket *so) 1134 { 1135 IPSEC_ASSERT(so != NULL, ("null so")); 1136 1137 switch (so->so_proto->pr_domain->dom_family) { 1138 #ifdef INET 1139 case PF_INET: 1140 { 1141 struct inpcb *pcb = sotoinpcb(so); 1142 1143 /* Does it have a PCB ? */ 1144 if (pcb == NULL) 1145 return; 1146 key_freesp_so(&pcb->inp_sp->sp_in); 1147 key_freesp_so(&pcb->inp_sp->sp_out); 1148 } 1149 break; 1150 #endif 1151 #ifdef INET6 1152 case PF_INET6: 1153 { 1154 #ifdef HAVE_NRL_INPCB 1155 struct inpcb *pcb = sotoinpcb(so); 1156 1157 /* Does it have a PCB ? */ 1158 if (pcb == NULL) 1159 return; 1160 key_freesp_so(&pcb->inp_sp->sp_in); 1161 key_freesp_so(&pcb->inp_sp->sp_out); 1162 #else 1163 struct in6pcb *pcb = sotoin6pcb(so); 1164 1165 /* Does it have a PCB ? */ 1166 if (pcb == NULL) 1167 return; 1168 key_freesp_so(&pcb->in6p_sp->sp_in); 1169 key_freesp_so(&pcb->in6p_sp->sp_out); 1170 #endif 1171 } 1172 break; 1173 #endif /* INET6 */ 1174 default: 1175 ipseclog((LOG_DEBUG, "%s: unknown address family=%d.\n", 1176 __func__, so->so_proto->pr_domain->dom_family)); 1177 return; 1178 } 1179 } 1180 1181 static void 1182 key_freesp_so(struct secpolicy **sp) 1183 { 1184 IPSEC_ASSERT(sp != NULL && *sp != NULL, ("null sp")); 1185 1186 if ((*sp)->policy == IPSEC_POLICY_ENTRUST || 1187 (*sp)->policy == IPSEC_POLICY_BYPASS) 1188 return; 1189 1190 IPSEC_ASSERT((*sp)->policy == IPSEC_POLICY_IPSEC, 1191 ("invalid policy %u", (*sp)->policy)); 1192 KEY_FREESP(sp); 1193 } 1194 1195 /* 1196 * Must be called after calling key_allocsa(). 1197 * This function is called by key_freesp() to free some SA allocated 1198 * for a policy. 1199 */ 1200 void 1201 key_freesav(struct secasvar **psav, const char* where, int tag) 1202 { 1203 struct secasvar *sav = *psav; 1204 1205 IPSEC_ASSERT(sav != NULL, ("null sav")); 1206 1207 if (sa_delref(sav)) { 1208 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1209 printf("DP %s SA:%p (SPI %u) from %s:%u; refcnt now %u\n", 1210 __func__, sav, ntohl(sav->spi), where, tag, sav->refcnt)); 1211 *psav = NULL; 1212 key_delsav(sav); 1213 } else { 1214 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1215 printf("DP %s SA:%p (SPI %u) from %s:%u; refcnt now %u\n", 1216 __func__, sav, ntohl(sav->spi), where, tag, sav->refcnt)); 1217 } 1218 } 1219 1220 /* %%% SPD management */ 1221 /* 1222 * free security policy entry. 1223 */ 1224 static void 1225 key_delsp(struct secpolicy *sp) 1226 { 1227 struct ipsecrequest *isr, *nextisr; 1228 1229 IPSEC_ASSERT(sp != NULL, ("null sp")); 1230 SPTREE_LOCK_ASSERT(); 1231 1232 sp->state = IPSEC_SPSTATE_DEAD; 1233 1234 IPSEC_ASSERT(sp->refcnt == 0, 1235 ("SP with references deleted (refcnt %u)", sp->refcnt)); 1236 1237 /* remove from SP index */ 1238 if (__LIST_CHAINED(sp)) 1239 LIST_REMOVE(sp, chain); 1240 1241 for (isr = sp->req; isr != NULL; isr = nextisr) { 1242 if (isr->sav != NULL) { 1243 KEY_FREESAV(&isr->sav); 1244 isr->sav = NULL; 1245 } 1246 1247 nextisr = isr->next; 1248 ipsec_delisr(isr); 1249 } 1250 _key_delsp(sp); 1251 } 1252 1253 /* 1254 * search SPD 1255 * OUT: NULL : not found 1256 * others : found, pointer to a SP. 1257 */ 1258 static struct secpolicy * 1259 key_getsp(struct secpolicyindex *spidx) 1260 { 1261 struct secpolicy *sp; 1262 1263 IPSEC_ASSERT(spidx != NULL, ("null spidx")); 1264 1265 SPTREE_LOCK(); 1266 LIST_FOREACH(sp, &sptree[spidx->dir], chain) { 1267 if (sp->state == IPSEC_SPSTATE_DEAD) 1268 continue; 1269 if (key_cmpspidx_exactly(spidx, &sp->spidx)) { 1270 SP_ADDREF(sp); 1271 break; 1272 } 1273 } 1274 SPTREE_UNLOCK(); 1275 1276 return sp; 1277 } 1278 1279 /* 1280 * get SP by index. 1281 * OUT: NULL : not found 1282 * others : found, pointer to a SP. 1283 */ 1284 static struct secpolicy * 1285 key_getspbyid(u_int32_t id) 1286 { 1287 struct secpolicy *sp; 1288 1289 SPTREE_LOCK(); 1290 LIST_FOREACH(sp, &sptree[IPSEC_DIR_INBOUND], chain) { 1291 if (sp->state == IPSEC_SPSTATE_DEAD) 1292 continue; 1293 if (sp->id == id) { 1294 SP_ADDREF(sp); 1295 goto done; 1296 } 1297 } 1298 1299 LIST_FOREACH(sp, &sptree[IPSEC_DIR_OUTBOUND], chain) { 1300 if (sp->state == IPSEC_SPSTATE_DEAD) 1301 continue; 1302 if (sp->id == id) { 1303 SP_ADDREF(sp); 1304 goto done; 1305 } 1306 } 1307 done: 1308 SPTREE_UNLOCK(); 1309 1310 return sp; 1311 } 1312 1313 struct secpolicy * 1314 key_newsp(const char* where, int tag) 1315 { 1316 struct secpolicy *newsp = NULL; 1317 1318 newsp = (struct secpolicy *) 1319 malloc(sizeof(struct secpolicy), M_IPSEC_SP, M_NOWAIT|M_ZERO); 1320 if (newsp) { 1321 SECPOLICY_LOCK_INIT(newsp); 1322 newsp->refcnt = 1; 1323 newsp->req = NULL; 1324 } 1325 1326 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1327 printf("DP %s from %s:%u return SP:%p\n", __func__, 1328 where, tag, newsp)); 1329 return newsp; 1330 } 1331 1332 static void 1333 _key_delsp(struct secpolicy *sp) 1334 { 1335 SECPOLICY_LOCK_DESTROY(sp); 1336 free(sp, M_IPSEC_SP); 1337 } 1338 1339 /* 1340 * create secpolicy structure from sadb_x_policy structure. 1341 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set, 1342 * so must be set properly later. 1343 */ 1344 struct secpolicy * 1345 key_msg2sp(xpl0, len, error) 1346 struct sadb_x_policy *xpl0; 1347 size_t len; 1348 int *error; 1349 { 1350 struct secpolicy *newsp; 1351 1352 IPSEC_ASSERT(xpl0 != NULL, ("null xpl0")); 1353 IPSEC_ASSERT(len >= sizeof(*xpl0), ("policy too short: %zu", len)); 1354 1355 if (len != PFKEY_EXTLEN(xpl0)) { 1356 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", __func__)); 1357 *error = EINVAL; 1358 return NULL; 1359 } 1360 1361 if ((newsp = KEY_NEWSP()) == NULL) { 1362 *error = ENOBUFS; 1363 return NULL; 1364 } 1365 1366 newsp->spidx.dir = xpl0->sadb_x_policy_dir; 1367 newsp->policy = xpl0->sadb_x_policy_type; 1368 1369 /* check policy */ 1370 switch (xpl0->sadb_x_policy_type) { 1371 case IPSEC_POLICY_DISCARD: 1372 case IPSEC_POLICY_NONE: 1373 case IPSEC_POLICY_ENTRUST: 1374 case IPSEC_POLICY_BYPASS: 1375 newsp->req = NULL; 1376 break; 1377 1378 case IPSEC_POLICY_IPSEC: 1379 { 1380 int tlen; 1381 struct sadb_x_ipsecrequest *xisr; 1382 struct ipsecrequest **p_isr = &newsp->req; 1383 1384 /* validity check */ 1385 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) { 1386 ipseclog((LOG_DEBUG, "%s: Invalid msg length.\n", 1387 __func__)); 1388 KEY_FREESP(&newsp); 1389 *error = EINVAL; 1390 return NULL; 1391 } 1392 1393 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0); 1394 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1); 1395 1396 while (tlen > 0) { 1397 /* length check */ 1398 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) { 1399 ipseclog((LOG_DEBUG, "%s: invalid ipsecrequest " 1400 "length.\n", __func__)); 1401 KEY_FREESP(&newsp); 1402 *error = EINVAL; 1403 return NULL; 1404 } 1405 1406 /* allocate request buffer */ 1407 /* NB: data structure is zero'd */ 1408 *p_isr = ipsec_newisr(); 1409 if ((*p_isr) == NULL) { 1410 ipseclog((LOG_DEBUG, 1411 "%s: No more memory.\n", __func__)); 1412 KEY_FREESP(&newsp); 1413 *error = ENOBUFS; 1414 return NULL; 1415 } 1416 1417 /* set values */ 1418 switch (xisr->sadb_x_ipsecrequest_proto) { 1419 case IPPROTO_ESP: 1420 case IPPROTO_AH: 1421 case IPPROTO_IPCOMP: 1422 break; 1423 default: 1424 ipseclog((LOG_DEBUG, 1425 "%s: invalid proto type=%u\n", __func__, 1426 xisr->sadb_x_ipsecrequest_proto)); 1427 KEY_FREESP(&newsp); 1428 *error = EPROTONOSUPPORT; 1429 return NULL; 1430 } 1431 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto; 1432 1433 switch (xisr->sadb_x_ipsecrequest_mode) { 1434 case IPSEC_MODE_TRANSPORT: 1435 case IPSEC_MODE_TUNNEL: 1436 break; 1437 case IPSEC_MODE_ANY: 1438 default: 1439 ipseclog((LOG_DEBUG, 1440 "%s: invalid mode=%u\n", __func__, 1441 xisr->sadb_x_ipsecrequest_mode)); 1442 KEY_FREESP(&newsp); 1443 *error = EINVAL; 1444 return NULL; 1445 } 1446 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode; 1447 1448 switch (xisr->sadb_x_ipsecrequest_level) { 1449 case IPSEC_LEVEL_DEFAULT: 1450 case IPSEC_LEVEL_USE: 1451 case IPSEC_LEVEL_REQUIRE: 1452 break; 1453 case IPSEC_LEVEL_UNIQUE: 1454 /* validity check */ 1455 /* 1456 * If range violation of reqid, kernel will 1457 * update it, don't refuse it. 1458 */ 1459 if (xisr->sadb_x_ipsecrequest_reqid 1460 > IPSEC_MANUAL_REQID_MAX) { 1461 ipseclog((LOG_DEBUG, 1462 "%s: reqid=%d range " 1463 "violation, updated by kernel.\n", 1464 __func__, 1465 xisr->sadb_x_ipsecrequest_reqid)); 1466 xisr->sadb_x_ipsecrequest_reqid = 0; 1467 } 1468 1469 /* allocate new reqid id if reqid is zero. */ 1470 if (xisr->sadb_x_ipsecrequest_reqid == 0) { 1471 u_int32_t reqid; 1472 if ((reqid = key_newreqid()) == 0) { 1473 KEY_FREESP(&newsp); 1474 *error = ENOBUFS; 1475 return NULL; 1476 } 1477 (*p_isr)->saidx.reqid = reqid; 1478 xisr->sadb_x_ipsecrequest_reqid = reqid; 1479 } else { 1480 /* set it for manual keying. */ 1481 (*p_isr)->saidx.reqid = 1482 xisr->sadb_x_ipsecrequest_reqid; 1483 } 1484 break; 1485 1486 default: 1487 ipseclog((LOG_DEBUG, "%s: invalid level=%u\n", 1488 __func__, 1489 xisr->sadb_x_ipsecrequest_level)); 1490 KEY_FREESP(&newsp); 1491 *error = EINVAL; 1492 return NULL; 1493 } 1494 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level; 1495 1496 /* set IP addresses if there */ 1497 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) { 1498 struct sockaddr *paddr; 1499 1500 paddr = (struct sockaddr *)(xisr + 1); 1501 1502 /* validity check */ 1503 if (paddr->sa_len 1504 > sizeof((*p_isr)->saidx.src)) { 1505 ipseclog((LOG_DEBUG, "%s: invalid " 1506 "request address length.\n", 1507 __func__)); 1508 KEY_FREESP(&newsp); 1509 *error = EINVAL; 1510 return NULL; 1511 } 1512 bcopy(paddr, &(*p_isr)->saidx.src, 1513 paddr->sa_len); 1514 1515 paddr = (struct sockaddr *)((caddr_t)paddr 1516 + paddr->sa_len); 1517 1518 /* validity check */ 1519 if (paddr->sa_len 1520 > sizeof((*p_isr)->saidx.dst)) { 1521 ipseclog((LOG_DEBUG, "%s: invalid " 1522 "request address length.\n", 1523 __func__)); 1524 KEY_FREESP(&newsp); 1525 *error = EINVAL; 1526 return NULL; 1527 } 1528 bcopy(paddr, &(*p_isr)->saidx.dst, 1529 paddr->sa_len); 1530 } 1531 1532 (*p_isr)->sp = newsp; 1533 1534 /* initialization for the next. */ 1535 p_isr = &(*p_isr)->next; 1536 tlen -= xisr->sadb_x_ipsecrequest_len; 1537 1538 /* validity check */ 1539 if (tlen < 0) { 1540 ipseclog((LOG_DEBUG, "%s: becoming tlen < 0.\n", 1541 __func__)); 1542 KEY_FREESP(&newsp); 1543 *error = EINVAL; 1544 return NULL; 1545 } 1546 1547 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr 1548 + xisr->sadb_x_ipsecrequest_len); 1549 } 1550 } 1551 break; 1552 default: 1553 ipseclog((LOG_DEBUG, "%s: invalid policy type.\n", __func__)); 1554 KEY_FREESP(&newsp); 1555 *error = EINVAL; 1556 return NULL; 1557 } 1558 1559 *error = 0; 1560 return newsp; 1561 } 1562 1563 static u_int32_t 1564 key_newreqid() 1565 { 1566 static u_int32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1; 1567 1568 auto_reqid = (auto_reqid == ~0 1569 ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1); 1570 1571 /* XXX should be unique check */ 1572 1573 return auto_reqid; 1574 } 1575 1576 /* 1577 * copy secpolicy struct to sadb_x_policy structure indicated. 1578 */ 1579 struct mbuf * 1580 key_sp2msg(sp) 1581 struct secpolicy *sp; 1582 { 1583 struct sadb_x_policy *xpl; 1584 int tlen; 1585 caddr_t p; 1586 struct mbuf *m; 1587 1588 IPSEC_ASSERT(sp != NULL, ("null policy")); 1589 1590 tlen = key_getspreqmsglen(sp); 1591 1592 m = key_alloc_mbuf(tlen); 1593 if (!m || m->m_next) { /*XXX*/ 1594 if (m) 1595 m_freem(m); 1596 return NULL; 1597 } 1598 1599 m->m_len = tlen; 1600 m->m_next = NULL; 1601 xpl = mtod(m, struct sadb_x_policy *); 1602 bzero(xpl, tlen); 1603 1604 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen); 1605 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 1606 xpl->sadb_x_policy_type = sp->policy; 1607 xpl->sadb_x_policy_dir = sp->spidx.dir; 1608 xpl->sadb_x_policy_id = sp->id; 1609 p = (caddr_t)xpl + sizeof(*xpl); 1610 1611 /* if is the policy for ipsec ? */ 1612 if (sp->policy == IPSEC_POLICY_IPSEC) { 1613 struct sadb_x_ipsecrequest *xisr; 1614 struct ipsecrequest *isr; 1615 1616 for (isr = sp->req; isr != NULL; isr = isr->next) { 1617 1618 xisr = (struct sadb_x_ipsecrequest *)p; 1619 1620 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto; 1621 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode; 1622 xisr->sadb_x_ipsecrequest_level = isr->level; 1623 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid; 1624 1625 p += sizeof(*xisr); 1626 bcopy(&isr->saidx.src, p, isr->saidx.src.sa.sa_len); 1627 p += isr->saidx.src.sa.sa_len; 1628 bcopy(&isr->saidx.dst, p, isr->saidx.dst.sa.sa_len); 1629 p += isr->saidx.src.sa.sa_len; 1630 1631 xisr->sadb_x_ipsecrequest_len = 1632 PFKEY_ALIGN8(sizeof(*xisr) 1633 + isr->saidx.src.sa.sa_len 1634 + isr->saidx.dst.sa.sa_len); 1635 } 1636 } 1637 1638 return m; 1639 } 1640 1641 /* m will not be freed nor modified */ 1642 static struct mbuf * 1643 #ifdef __STDC__ 1644 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp, 1645 int ndeep, int nitem, ...) 1646 #else 1647 key_gather_mbuf(m, mhp, ndeep, nitem, va_alist) 1648 struct mbuf *m; 1649 const struct sadb_msghdr *mhp; 1650 int ndeep; 1651 int nitem; 1652 va_dcl 1653 #endif 1654 { 1655 va_list ap; 1656 int idx; 1657 int i; 1658 struct mbuf *result = NULL, *n; 1659 int len; 1660 1661 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1662 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1663 1664 va_start(ap, nitem); 1665 for (i = 0; i < nitem; i++) { 1666 idx = va_arg(ap, int); 1667 if (idx < 0 || idx > SADB_EXT_MAX) 1668 goto fail; 1669 /* don't attempt to pull empty extension */ 1670 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL) 1671 continue; 1672 if (idx != SADB_EXT_RESERVED && 1673 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0)) 1674 continue; 1675 1676 if (idx == SADB_EXT_RESERVED) { 1677 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 1678 1679 IPSEC_ASSERT(len <= MHLEN, ("header too big %u", len)); 1680 1681 MGETHDR(n, M_DONTWAIT, MT_DATA); 1682 if (!n) 1683 goto fail; 1684 n->m_len = len; 1685 n->m_next = NULL; 1686 m_copydata(m, 0, sizeof(struct sadb_msg), 1687 mtod(n, caddr_t)); 1688 } else if (i < ndeep) { 1689 len = mhp->extlen[idx]; 1690 n = key_alloc_mbuf(len); 1691 if (!n || n->m_next) { /*XXX*/ 1692 if (n) 1693 m_freem(n); 1694 goto fail; 1695 } 1696 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx], 1697 mtod(n, caddr_t)); 1698 } else { 1699 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx], 1700 M_DONTWAIT); 1701 } 1702 if (n == NULL) 1703 goto fail; 1704 1705 if (result) 1706 m_cat(result, n); 1707 else 1708 result = n; 1709 } 1710 va_end(ap); 1711 1712 if ((result->m_flags & M_PKTHDR) != 0) { 1713 result->m_pkthdr.len = 0; 1714 for (n = result; n; n = n->m_next) 1715 result->m_pkthdr.len += n->m_len; 1716 } 1717 1718 return result; 1719 1720 fail: 1721 m_freem(result); 1722 return NULL; 1723 } 1724 1725 /* 1726 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing 1727 * add an entry to SP database, when received 1728 * <base, address(SD), (lifetime(H),) policy> 1729 * from the user(?). 1730 * Adding to SP database, 1731 * and send 1732 * <base, address(SD), (lifetime(H),) policy> 1733 * to the socket which was send. 1734 * 1735 * SPDADD set a unique policy entry. 1736 * SPDSETIDX like SPDADD without a part of policy requests. 1737 * SPDUPDATE replace a unique policy entry. 1738 * 1739 * m will always be freed. 1740 */ 1741 static int 1742 key_spdadd(so, m, mhp) 1743 struct socket *so; 1744 struct mbuf *m; 1745 const struct sadb_msghdr *mhp; 1746 { 1747 struct sadb_address *src0, *dst0; 1748 struct sadb_x_policy *xpl0, *xpl; 1749 struct sadb_lifetime *lft = NULL; 1750 struct secpolicyindex spidx; 1751 struct secpolicy *newsp; 1752 int error; 1753 1754 IPSEC_ASSERT(so != NULL, ("null socket")); 1755 IPSEC_ASSERT(m != NULL, ("null mbuf")); 1756 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 1757 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 1758 1759 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 1760 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 1761 mhp->ext[SADB_X_EXT_POLICY] == NULL) { 1762 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n")); 1763 return key_senderror(so, m, EINVAL); 1764 } 1765 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 1766 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || 1767 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 1768 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 1769 __func__)); 1770 return key_senderror(so, m, EINVAL); 1771 } 1772 if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) { 1773 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] 1774 < sizeof(struct sadb_lifetime)) { 1775 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 1776 __func__)); 1777 return key_senderror(so, m, EINVAL); 1778 } 1779 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 1780 } 1781 1782 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 1783 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 1784 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 1785 1786 /* make secindex */ 1787 /* XXX boundary check against sa_len */ 1788 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 1789 src0 + 1, 1790 dst0 + 1, 1791 src0->sadb_address_prefixlen, 1792 dst0->sadb_address_prefixlen, 1793 src0->sadb_address_proto, 1794 &spidx); 1795 1796 /* checking the direciton. */ 1797 switch (xpl0->sadb_x_policy_dir) { 1798 case IPSEC_DIR_INBOUND: 1799 case IPSEC_DIR_OUTBOUND: 1800 break; 1801 default: 1802 ipseclog((LOG_DEBUG, "%s: Invalid SP direction.\n", __func__)); 1803 mhp->msg->sadb_msg_errno = EINVAL; 1804 return 0; 1805 } 1806 1807 /* check policy */ 1808 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */ 1809 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST 1810 || xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) { 1811 ipseclog((LOG_DEBUG, "%s: Invalid policy type.\n", __func__)); 1812 return key_senderror(so, m, EINVAL); 1813 } 1814 1815 /* policy requests are mandatory when action is ipsec. */ 1816 if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX 1817 && xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC 1818 && mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) { 1819 ipseclog((LOG_DEBUG, "%s: some policy requests part required\n", 1820 __func__)); 1821 return key_senderror(so, m, EINVAL); 1822 } 1823 1824 /* 1825 * checking there is SP already or not. 1826 * SPDUPDATE doesn't depend on whether there is a SP or not. 1827 * If the type is either SPDADD or SPDSETIDX AND a SP is found, 1828 * then error. 1829 */ 1830 newsp = key_getsp(&spidx); 1831 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 1832 if (newsp) { 1833 newsp->state = IPSEC_SPSTATE_DEAD; 1834 KEY_FREESP(&newsp); 1835 } 1836 } else { 1837 if (newsp != NULL) { 1838 KEY_FREESP(&newsp); 1839 ipseclog((LOG_DEBUG, "%s: a SP entry exists already.\n", 1840 __func__)); 1841 return key_senderror(so, m, EEXIST); 1842 } 1843 } 1844 1845 /* allocation new SP entry */ 1846 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) { 1847 return key_senderror(so, m, error); 1848 } 1849 1850 if ((newsp->id = key_getnewspid()) == 0) { 1851 _key_delsp(newsp); 1852 return key_senderror(so, m, ENOBUFS); 1853 } 1854 1855 /* XXX boundary check against sa_len */ 1856 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 1857 src0 + 1, 1858 dst0 + 1, 1859 src0->sadb_address_prefixlen, 1860 dst0->sadb_address_prefixlen, 1861 src0->sadb_address_proto, 1862 &newsp->spidx); 1863 1864 /* sanity check on addr pair */ 1865 if (((struct sockaddr *)(src0 + 1))->sa_family != 1866 ((struct sockaddr *)(dst0+ 1))->sa_family) { 1867 _key_delsp(newsp); 1868 return key_senderror(so, m, EINVAL); 1869 } 1870 if (((struct sockaddr *)(src0 + 1))->sa_len != 1871 ((struct sockaddr *)(dst0+ 1))->sa_len) { 1872 _key_delsp(newsp); 1873 return key_senderror(so, m, EINVAL); 1874 } 1875 #if 1 1876 if (newsp->req && newsp->req->saidx.src.sa.sa_family) { 1877 struct sockaddr *sa; 1878 sa = (struct sockaddr *)(src0 + 1); 1879 if (sa->sa_family != newsp->req->saidx.src.sa.sa_family) { 1880 _key_delsp(newsp); 1881 return key_senderror(so, m, EINVAL); 1882 } 1883 } 1884 if (newsp->req && newsp->req->saidx.dst.sa.sa_family) { 1885 struct sockaddr *sa; 1886 sa = (struct sockaddr *)(dst0 + 1); 1887 if (sa->sa_family != newsp->req->saidx.dst.sa.sa_family) { 1888 _key_delsp(newsp); 1889 return key_senderror(so, m, EINVAL); 1890 } 1891 } 1892 #endif 1893 1894 newsp->created = time_second; 1895 newsp->lastused = newsp->created; 1896 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; 1897 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; 1898 1899 newsp->refcnt = 1; /* do not reclaim until I say I do */ 1900 newsp->state = IPSEC_SPSTATE_ALIVE; 1901 LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain); 1902 1903 /* delete the entry in spacqtree */ 1904 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) { 1905 struct secspacq *spacq = key_getspacq(&spidx); 1906 if (spacq != NULL) { 1907 /* reset counter in order to deletion by timehandler. */ 1908 spacq->created = time_second; 1909 spacq->count = 0; 1910 SPACQ_UNLOCK(); 1911 } 1912 } 1913 1914 { 1915 struct mbuf *n, *mpolicy; 1916 struct sadb_msg *newmsg; 1917 int off; 1918 1919 /* create new sadb_msg to reply. */ 1920 if (lft) { 1921 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED, 1922 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD, 1923 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 1924 } else { 1925 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED, 1926 SADB_X_EXT_POLICY, 1927 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 1928 } 1929 if (!n) 1930 return key_senderror(so, m, ENOBUFS); 1931 1932 if (n->m_len < sizeof(*newmsg)) { 1933 n = m_pullup(n, sizeof(*newmsg)); 1934 if (!n) 1935 return key_senderror(so, m, ENOBUFS); 1936 } 1937 newmsg = mtod(n, struct sadb_msg *); 1938 newmsg->sadb_msg_errno = 0; 1939 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 1940 1941 off = 0; 1942 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)), 1943 sizeof(*xpl), &off); 1944 if (mpolicy == NULL) { 1945 /* n is already freed */ 1946 return key_senderror(so, m, ENOBUFS); 1947 } 1948 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off); 1949 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) { 1950 m_freem(n); 1951 return key_senderror(so, m, EINVAL); 1952 } 1953 xpl->sadb_x_policy_id = newsp->id; 1954 1955 m_freem(m); 1956 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 1957 } 1958 } 1959 1960 /* 1961 * get new policy id. 1962 * OUT: 1963 * 0: failure. 1964 * others: success. 1965 */ 1966 static u_int32_t 1967 key_getnewspid() 1968 { 1969 u_int32_t newid = 0; 1970 int count = key_spi_trycnt; /* XXX */ 1971 struct secpolicy *sp; 1972 1973 /* when requesting to allocate spi ranged */ 1974 while (count--) { 1975 newid = (policy_id = (policy_id == ~0 ? 1 : policy_id + 1)); 1976 1977 if ((sp = key_getspbyid(newid)) == NULL) 1978 break; 1979 1980 KEY_FREESP(&sp); 1981 } 1982 1983 if (count == 0 || newid == 0) { 1984 ipseclog((LOG_DEBUG, "%s: to allocate policy id is failed.\n", 1985 __func__)); 1986 return 0; 1987 } 1988 1989 return newid; 1990 } 1991 1992 /* 1993 * SADB_SPDDELETE processing 1994 * receive 1995 * <base, address(SD), policy(*)> 1996 * from the user(?), and set SADB_SASTATE_DEAD, 1997 * and send, 1998 * <base, address(SD), policy(*)> 1999 * to the ikmpd. 2000 * policy(*) including direction of policy. 2001 * 2002 * m will always be freed. 2003 */ 2004 static int 2005 key_spddelete(so, m, mhp) 2006 struct socket *so; 2007 struct mbuf *m; 2008 const struct sadb_msghdr *mhp; 2009 { 2010 struct sadb_address *src0, *dst0; 2011 struct sadb_x_policy *xpl0; 2012 struct secpolicyindex spidx; 2013 struct secpolicy *sp; 2014 2015 IPSEC_ASSERT(so != NULL, ("null so")); 2016 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2017 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2018 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2019 2020 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 2021 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 2022 mhp->ext[SADB_X_EXT_POLICY] == NULL) { 2023 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2024 __func__)); 2025 return key_senderror(so, m, EINVAL); 2026 } 2027 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 2028 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || 2029 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2030 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2031 __func__)); 2032 return key_senderror(so, m, EINVAL); 2033 } 2034 2035 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 2036 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 2037 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY]; 2038 2039 /* make secindex */ 2040 /* XXX boundary check against sa_len */ 2041 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir, 2042 src0 + 1, 2043 dst0 + 1, 2044 src0->sadb_address_prefixlen, 2045 dst0->sadb_address_prefixlen, 2046 src0->sadb_address_proto, 2047 &spidx); 2048 2049 /* checking the direciton. */ 2050 switch (xpl0->sadb_x_policy_dir) { 2051 case IPSEC_DIR_INBOUND: 2052 case IPSEC_DIR_OUTBOUND: 2053 break; 2054 default: 2055 ipseclog((LOG_DEBUG, "%s: Invalid SP direction.\n", __func__)); 2056 return key_senderror(so, m, EINVAL); 2057 } 2058 2059 /* Is there SP in SPD ? */ 2060 if ((sp = key_getsp(&spidx)) == NULL) { 2061 ipseclog((LOG_DEBUG, "%s: no SP found.\n", __func__)); 2062 return key_senderror(so, m, EINVAL); 2063 } 2064 2065 /* save policy id to buffer to be returned. */ 2066 xpl0->sadb_x_policy_id = sp->id; 2067 2068 sp->state = IPSEC_SPSTATE_DEAD; 2069 KEY_FREESP(&sp); 2070 2071 { 2072 struct mbuf *n; 2073 struct sadb_msg *newmsg; 2074 2075 /* create new sadb_msg to reply. */ 2076 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 2077 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 2078 if (!n) 2079 return key_senderror(so, m, ENOBUFS); 2080 2081 newmsg = mtod(n, struct sadb_msg *); 2082 newmsg->sadb_msg_errno = 0; 2083 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2084 2085 m_freem(m); 2086 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2087 } 2088 } 2089 2090 /* 2091 * SADB_SPDDELETE2 processing 2092 * receive 2093 * <base, policy(*)> 2094 * from the user(?), and set SADB_SASTATE_DEAD, 2095 * and send, 2096 * <base, policy(*)> 2097 * to the ikmpd. 2098 * policy(*) including direction of policy. 2099 * 2100 * m will always be freed. 2101 */ 2102 static int 2103 key_spddelete2(so, m, mhp) 2104 struct socket *so; 2105 struct mbuf *m; 2106 const struct sadb_msghdr *mhp; 2107 { 2108 u_int32_t id; 2109 struct secpolicy *sp; 2110 2111 IPSEC_ASSERT(so != NULL, ("null socket")); 2112 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2113 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2114 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2115 2116 if (mhp->ext[SADB_X_EXT_POLICY] == NULL || 2117 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2118 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", __func__)); 2119 return key_senderror(so, m, EINVAL); 2120 } 2121 2122 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2123 2124 /* Is there SP in SPD ? */ 2125 if ((sp = key_getspbyid(id)) == NULL) { 2126 ipseclog((LOG_DEBUG, "%s: no SP found id:%u.\n", __func__, id)); 2127 return key_senderror(so, m, EINVAL); 2128 } 2129 2130 sp->state = IPSEC_SPSTATE_DEAD; 2131 KEY_FREESP(&sp); 2132 2133 { 2134 struct mbuf *n, *nn; 2135 struct sadb_msg *newmsg; 2136 int off, len; 2137 2138 /* create new sadb_msg to reply. */ 2139 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2140 2141 if (len > MCLBYTES) 2142 return key_senderror(so, m, ENOBUFS); 2143 MGETHDR(n, M_DONTWAIT, MT_DATA); 2144 if (n && len > MHLEN) { 2145 MCLGET(n, M_DONTWAIT); 2146 if ((n->m_flags & M_EXT) == 0) { 2147 m_freem(n); 2148 n = NULL; 2149 } 2150 } 2151 if (!n) 2152 return key_senderror(so, m, ENOBUFS); 2153 2154 n->m_len = len; 2155 n->m_next = NULL; 2156 off = 0; 2157 2158 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 2159 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2160 2161 IPSEC_ASSERT(off == len, ("length inconsistency (off %u len %u)", 2162 off, len)); 2163 2164 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY], 2165 mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT); 2166 if (!n->m_next) { 2167 m_freem(n); 2168 return key_senderror(so, m, ENOBUFS); 2169 } 2170 2171 n->m_pkthdr.len = 0; 2172 for (nn = n; nn; nn = nn->m_next) 2173 n->m_pkthdr.len += nn->m_len; 2174 2175 newmsg = mtod(n, struct sadb_msg *); 2176 newmsg->sadb_msg_errno = 0; 2177 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 2178 2179 m_freem(m); 2180 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 2181 } 2182 } 2183 2184 /* 2185 * SADB_X_GET processing 2186 * receive 2187 * <base, policy(*)> 2188 * from the user(?), 2189 * and send, 2190 * <base, address(SD), policy> 2191 * to the ikmpd. 2192 * policy(*) including direction of policy. 2193 * 2194 * m will always be freed. 2195 */ 2196 static int 2197 key_spdget(so, m, mhp) 2198 struct socket *so; 2199 struct mbuf *m; 2200 const struct sadb_msghdr *mhp; 2201 { 2202 u_int32_t id; 2203 struct secpolicy *sp; 2204 struct mbuf *n; 2205 2206 IPSEC_ASSERT(so != NULL, ("null socket")); 2207 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2208 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2209 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2210 2211 if (mhp->ext[SADB_X_EXT_POLICY] == NULL || 2212 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) { 2213 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2214 __func__)); 2215 return key_senderror(so, m, EINVAL); 2216 } 2217 2218 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id; 2219 2220 /* Is there SP in SPD ? */ 2221 if ((sp = key_getspbyid(id)) == NULL) { 2222 ipseclog((LOG_DEBUG, "%s: no SP found id:%u.\n", __func__, id)); 2223 return key_senderror(so, m, ENOENT); 2224 } 2225 2226 n = key_setdumpsp(sp, SADB_X_SPDGET, 0, mhp->msg->sadb_msg_pid); 2227 if (n != NULL) { 2228 m_freem(m); 2229 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2230 } else 2231 return key_senderror(so, m, ENOBUFS); 2232 } 2233 2234 /* 2235 * SADB_X_SPDACQUIRE processing. 2236 * Acquire policy and SA(s) for a *OUTBOUND* packet. 2237 * send 2238 * <base, policy(*)> 2239 * to KMD, and expect to receive 2240 * <base> with SADB_X_SPDACQUIRE if error occured, 2241 * or 2242 * <base, policy> 2243 * with SADB_X_SPDUPDATE from KMD by PF_KEY. 2244 * policy(*) is without policy requests. 2245 * 2246 * 0 : succeed 2247 * others: error number 2248 */ 2249 int 2250 key_spdacquire(sp) 2251 struct secpolicy *sp; 2252 { 2253 struct mbuf *result = NULL, *m; 2254 struct secspacq *newspacq; 2255 2256 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2257 IPSEC_ASSERT(sp->req == NULL, ("policy exists")); 2258 IPSEC_ASSERT(sp->policy == IPSEC_POLICY_IPSEC, 2259 ("policy not IPSEC %u", sp->policy)); 2260 2261 /* Get an entry to check whether sent message or not. */ 2262 newspacq = key_getspacq(&sp->spidx); 2263 if (newspacq != NULL) { 2264 if (key_blockacq_count < newspacq->count) { 2265 /* reset counter and do send message. */ 2266 newspacq->count = 0; 2267 } else { 2268 /* increment counter and do nothing. */ 2269 newspacq->count++; 2270 return 0; 2271 } 2272 SPACQ_UNLOCK(); 2273 } else { 2274 /* make new entry for blocking to send SADB_ACQUIRE. */ 2275 newspacq = key_newspacq(&sp->spidx); 2276 if (newspacq == NULL) 2277 return ENOBUFS; 2278 } 2279 2280 /* create new sadb_msg to reply. */ 2281 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0); 2282 if (!m) 2283 return ENOBUFS; 2284 2285 result = m; 2286 2287 result->m_pkthdr.len = 0; 2288 for (m = result; m; m = m->m_next) 2289 result->m_pkthdr.len += m->m_len; 2290 2291 mtod(result, struct sadb_msg *)->sadb_msg_len = 2292 PFKEY_UNIT64(result->m_pkthdr.len); 2293 2294 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED); 2295 } 2296 2297 /* 2298 * SADB_SPDFLUSH processing 2299 * receive 2300 * <base> 2301 * from the user, and free all entries in secpctree. 2302 * and send, 2303 * <base> 2304 * to the user. 2305 * NOTE: what to do is only marking SADB_SASTATE_DEAD. 2306 * 2307 * m will always be freed. 2308 */ 2309 static int 2310 key_spdflush(so, m, mhp) 2311 struct socket *so; 2312 struct mbuf *m; 2313 const struct sadb_msghdr *mhp; 2314 { 2315 struct sadb_msg *newmsg; 2316 struct secpolicy *sp; 2317 u_int dir; 2318 2319 IPSEC_ASSERT(so != NULL, ("null socket")); 2320 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2321 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2322 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2323 2324 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg))) 2325 return key_senderror(so, m, EINVAL); 2326 2327 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2328 SPTREE_LOCK(); 2329 LIST_FOREACH(sp, &sptree[dir], chain) 2330 sp->state = IPSEC_SPSTATE_DEAD; 2331 SPTREE_UNLOCK(); 2332 } 2333 2334 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 2335 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 2336 return key_senderror(so, m, ENOBUFS); 2337 } 2338 2339 if (m->m_next) 2340 m_freem(m->m_next); 2341 m->m_next = NULL; 2342 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 2343 newmsg = mtod(m, struct sadb_msg *); 2344 newmsg->sadb_msg_errno = 0; 2345 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 2346 2347 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 2348 } 2349 2350 /* 2351 * SADB_SPDDUMP processing 2352 * receive 2353 * <base> 2354 * from the user, and dump all SP leaves 2355 * and send, 2356 * <base> ..... 2357 * to the ikmpd. 2358 * 2359 * m will always be freed. 2360 */ 2361 static int 2362 key_spddump(so, m, mhp) 2363 struct socket *so; 2364 struct mbuf *m; 2365 const struct sadb_msghdr *mhp; 2366 { 2367 struct secpolicy *sp; 2368 int cnt; 2369 u_int dir; 2370 struct mbuf *n; 2371 2372 IPSEC_ASSERT(so != NULL, ("null socket")); 2373 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2374 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2375 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2376 2377 /* search SPD entry and get buffer size. */ 2378 cnt = 0; 2379 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2380 LIST_FOREACH(sp, &sptree[dir], chain) { 2381 cnt++; 2382 } 2383 } 2384 2385 if (cnt == 0) 2386 return key_senderror(so, m, ENOENT); 2387 2388 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 2389 LIST_FOREACH(sp, &sptree[dir], chain) { 2390 --cnt; 2391 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 2392 mhp->msg->sadb_msg_pid); 2393 2394 if (n) 2395 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 2396 } 2397 } 2398 2399 m_freem(m); 2400 return 0; 2401 } 2402 2403 static struct mbuf * 2404 key_setdumpsp(sp, type, seq, pid) 2405 struct secpolicy *sp; 2406 u_int8_t type; 2407 u_int32_t seq, pid; 2408 { 2409 struct mbuf *result = NULL, *m; 2410 2411 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt); 2412 if (!m) 2413 goto fail; 2414 result = m; 2415 2416 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2417 &sp->spidx.src.sa, sp->spidx.prefs, 2418 sp->spidx.ul_proto); 2419 if (!m) 2420 goto fail; 2421 m_cat(result, m); 2422 2423 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2424 &sp->spidx.dst.sa, sp->spidx.prefd, 2425 sp->spidx.ul_proto); 2426 if (!m) 2427 goto fail; 2428 m_cat(result, m); 2429 2430 m = key_sp2msg(sp); 2431 if (!m) 2432 goto fail; 2433 m_cat(result, m); 2434 2435 if ((result->m_flags & M_PKTHDR) == 0) 2436 goto fail; 2437 2438 if (result->m_len < sizeof(struct sadb_msg)) { 2439 result = m_pullup(result, sizeof(struct sadb_msg)); 2440 if (result == NULL) 2441 goto fail; 2442 } 2443 2444 result->m_pkthdr.len = 0; 2445 for (m = result; m; m = m->m_next) 2446 result->m_pkthdr.len += m->m_len; 2447 2448 mtod(result, struct sadb_msg *)->sadb_msg_len = 2449 PFKEY_UNIT64(result->m_pkthdr.len); 2450 2451 return result; 2452 2453 fail: 2454 m_freem(result); 2455 return NULL; 2456 } 2457 2458 /* 2459 * get PFKEY message length for security policy and request. 2460 */ 2461 static u_int 2462 key_getspreqmsglen(sp) 2463 struct secpolicy *sp; 2464 { 2465 u_int tlen; 2466 2467 tlen = sizeof(struct sadb_x_policy); 2468 2469 /* if is the policy for ipsec ? */ 2470 if (sp->policy != IPSEC_POLICY_IPSEC) 2471 return tlen; 2472 2473 /* get length of ipsec requests */ 2474 { 2475 struct ipsecrequest *isr; 2476 int len; 2477 2478 for (isr = sp->req; isr != NULL; isr = isr->next) { 2479 len = sizeof(struct sadb_x_ipsecrequest) 2480 + isr->saidx.src.sa.sa_len 2481 + isr->saidx.dst.sa.sa_len; 2482 2483 tlen += PFKEY_ALIGN8(len); 2484 } 2485 } 2486 2487 return tlen; 2488 } 2489 2490 /* 2491 * SADB_SPDEXPIRE processing 2492 * send 2493 * <base, address(SD), lifetime(CH), policy> 2494 * to KMD by PF_KEY. 2495 * 2496 * OUT: 0 : succeed 2497 * others : error number 2498 */ 2499 static int 2500 key_spdexpire(sp) 2501 struct secpolicy *sp; 2502 { 2503 struct mbuf *result = NULL, *m; 2504 int len; 2505 int error = -1; 2506 struct sadb_lifetime *lt; 2507 2508 /* XXX: Why do we lock ? */ 2509 2510 IPSEC_ASSERT(sp != NULL, ("null secpolicy")); 2511 2512 /* set msg header */ 2513 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0); 2514 if (!m) { 2515 error = ENOBUFS; 2516 goto fail; 2517 } 2518 result = m; 2519 2520 /* create lifetime extension (current and hard) */ 2521 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 2522 m = key_alloc_mbuf(len); 2523 if (!m || m->m_next) { /*XXX*/ 2524 if (m) 2525 m_freem(m); 2526 error = ENOBUFS; 2527 goto fail; 2528 } 2529 bzero(mtod(m, caddr_t), len); 2530 lt = mtod(m, struct sadb_lifetime *); 2531 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2532 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 2533 lt->sadb_lifetime_allocations = 0; 2534 lt->sadb_lifetime_bytes = 0; 2535 lt->sadb_lifetime_addtime = sp->created; 2536 lt->sadb_lifetime_usetime = sp->lastused; 2537 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 2538 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 2539 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; 2540 lt->sadb_lifetime_allocations = 0; 2541 lt->sadb_lifetime_bytes = 0; 2542 lt->sadb_lifetime_addtime = sp->lifetime; 2543 lt->sadb_lifetime_usetime = sp->validtime; 2544 m_cat(result, m); 2545 2546 /* set sadb_address for source */ 2547 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 2548 &sp->spidx.src.sa, 2549 sp->spidx.prefs, sp->spidx.ul_proto); 2550 if (!m) { 2551 error = ENOBUFS; 2552 goto fail; 2553 } 2554 m_cat(result, m); 2555 2556 /* set sadb_address for destination */ 2557 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 2558 &sp->spidx.dst.sa, 2559 sp->spidx.prefd, sp->spidx.ul_proto); 2560 if (!m) { 2561 error = ENOBUFS; 2562 goto fail; 2563 } 2564 m_cat(result, m); 2565 2566 /* set secpolicy */ 2567 m = key_sp2msg(sp); 2568 if (!m) { 2569 error = ENOBUFS; 2570 goto fail; 2571 } 2572 m_cat(result, m); 2573 2574 if ((result->m_flags & M_PKTHDR) == 0) { 2575 error = EINVAL; 2576 goto fail; 2577 } 2578 2579 if (result->m_len < sizeof(struct sadb_msg)) { 2580 result = m_pullup(result, sizeof(struct sadb_msg)); 2581 if (result == NULL) { 2582 error = ENOBUFS; 2583 goto fail; 2584 } 2585 } 2586 2587 result->m_pkthdr.len = 0; 2588 for (m = result; m; m = m->m_next) 2589 result->m_pkthdr.len += m->m_len; 2590 2591 mtod(result, struct sadb_msg *)->sadb_msg_len = 2592 PFKEY_UNIT64(result->m_pkthdr.len); 2593 2594 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 2595 2596 fail: 2597 if (result) 2598 m_freem(result); 2599 return error; 2600 } 2601 2602 /* %%% SAD management */ 2603 /* 2604 * allocating a memory for new SA head, and copy from the values of mhp. 2605 * OUT: NULL : failure due to the lack of memory. 2606 * others : pointer to new SA head. 2607 */ 2608 static struct secashead * 2609 key_newsah(saidx) 2610 struct secasindex *saidx; 2611 { 2612 struct secashead *newsah; 2613 2614 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 2615 2616 newsah = malloc(sizeof(struct secashead), M_IPSEC_SAH, M_NOWAIT|M_ZERO); 2617 if (newsah != NULL) { 2618 int i; 2619 for (i = 0; i < sizeof(newsah->savtree)/sizeof(newsah->savtree[0]); i++) 2620 LIST_INIT(&newsah->savtree[i]); 2621 newsah->saidx = *saidx; 2622 2623 /* add to saidxtree */ 2624 newsah->state = SADB_SASTATE_MATURE; 2625 2626 SAHTREE_LOCK(); 2627 LIST_INSERT_HEAD(&sahtree, newsah, chain); 2628 SAHTREE_UNLOCK(); 2629 } 2630 return(newsah); 2631 } 2632 2633 /* 2634 * delete SA index and all SA registerd. 2635 */ 2636 static void 2637 key_delsah(sah) 2638 struct secashead *sah; 2639 { 2640 struct secasvar *sav, *nextsav; 2641 u_int stateidx; 2642 int zombie = 0; 2643 2644 IPSEC_ASSERT(sah != NULL, ("NULL sah")); 2645 SAHTREE_LOCK_ASSERT(); 2646 2647 /* searching all SA registerd in the secindex. */ 2648 for (stateidx = 0; 2649 stateidx < _ARRAYLEN(saorder_state_any); 2650 stateidx++) { 2651 u_int state = saorder_state_any[stateidx]; 2652 LIST_FOREACH_SAFE(sav, &sah->savtree[state], chain, nextsav) { 2653 if (sav->refcnt == 0) { 2654 /* sanity check */ 2655 KEY_CHKSASTATE(state, sav->state, __func__); 2656 KEY_FREESAV(&sav); 2657 } else { 2658 /* give up to delete this sa */ 2659 zombie++; 2660 } 2661 } 2662 } 2663 if (!zombie) { /* delete only if there are savs */ 2664 /* remove from tree of SA index */ 2665 if (__LIST_CHAINED(sah)) 2666 LIST_REMOVE(sah, chain); 2667 if (sah->sa_route.ro_rt) { 2668 RTFREE(sah->sa_route.ro_rt); 2669 sah->sa_route.ro_rt = (struct rtentry *)NULL; 2670 } 2671 free(sah, M_IPSEC_SAH); 2672 } 2673 } 2674 2675 /* 2676 * allocating a new SA with LARVAL state. key_add() and key_getspi() call, 2677 * and copy the values of mhp into new buffer. 2678 * When SAD message type is GETSPI: 2679 * to set sequence number from acq_seq++, 2680 * to set zero to SPI. 2681 * not to call key_setsava(). 2682 * OUT: NULL : fail 2683 * others : pointer to new secasvar. 2684 * 2685 * does not modify mbuf. does not free mbuf on error. 2686 */ 2687 static struct secasvar * 2688 key_newsav(m, mhp, sah, errp, where, tag) 2689 struct mbuf *m; 2690 const struct sadb_msghdr *mhp; 2691 struct secashead *sah; 2692 int *errp; 2693 const char* where; 2694 int tag; 2695 { 2696 struct secasvar *newsav; 2697 const struct sadb_sa *xsa; 2698 2699 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2700 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2701 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2702 IPSEC_ASSERT(sah != NULL, ("null secashead")); 2703 2704 newsav = malloc(sizeof(struct secasvar), M_IPSEC_SA, M_NOWAIT|M_ZERO); 2705 if (newsav == NULL) { 2706 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 2707 *errp = ENOBUFS; 2708 goto done; 2709 } 2710 2711 switch (mhp->msg->sadb_msg_type) { 2712 case SADB_GETSPI: 2713 newsav->spi = 0; 2714 2715 #ifdef IPSEC_DOSEQCHECK 2716 /* sync sequence number */ 2717 if (mhp->msg->sadb_msg_seq == 0) 2718 newsav->seq = 2719 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq)); 2720 else 2721 #endif 2722 newsav->seq = mhp->msg->sadb_msg_seq; 2723 break; 2724 2725 case SADB_ADD: 2726 /* sanity check */ 2727 if (mhp->ext[SADB_EXT_SA] == NULL) { 2728 free(newsav, M_IPSEC_SA); 2729 newsav = NULL; 2730 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 2731 __func__)); 2732 *errp = EINVAL; 2733 goto done; 2734 } 2735 xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 2736 newsav->spi = xsa->sadb_sa_spi; 2737 newsav->seq = mhp->msg->sadb_msg_seq; 2738 break; 2739 default: 2740 free(newsav, M_IPSEC_SA); 2741 newsav = NULL; 2742 *errp = EINVAL; 2743 goto done; 2744 } 2745 2746 2747 /* copy sav values */ 2748 if (mhp->msg->sadb_msg_type != SADB_GETSPI) { 2749 *errp = key_setsaval(newsav, m, mhp); 2750 if (*errp) { 2751 free(newsav, M_IPSEC_SA); 2752 newsav = NULL; 2753 goto done; 2754 } 2755 } 2756 2757 SECASVAR_LOCK_INIT(newsav); 2758 2759 /* reset created */ 2760 newsav->created = time_second; 2761 newsav->pid = mhp->msg->sadb_msg_pid; 2762 2763 /* add to satree */ 2764 newsav->sah = sah; 2765 sa_initref(newsav); 2766 newsav->state = SADB_SASTATE_LARVAL; 2767 2768 /* XXX locking??? */ 2769 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav, 2770 secasvar, chain); 2771 done: 2772 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 2773 printf("DP %s from %s:%u return SP:%p\n", __func__, 2774 where, tag, newsav)); 2775 2776 return newsav; 2777 } 2778 2779 /* 2780 * free() SA variable entry. 2781 */ 2782 static void 2783 key_cleansav(struct secasvar *sav) 2784 { 2785 /* 2786 * Cleanup xform state. Note that zeroize'ing causes the 2787 * keys to be cleared; otherwise we must do it ourself. 2788 */ 2789 if (sav->tdb_xform != NULL) { 2790 sav->tdb_xform->xf_zeroize(sav); 2791 sav->tdb_xform = NULL; 2792 } else { 2793 KASSERT(sav->iv == NULL, ("iv but no xform")); 2794 if (sav->key_auth != NULL) 2795 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth)); 2796 if (sav->key_enc != NULL) 2797 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc)); 2798 } 2799 if (sav->key_auth != NULL) { 2800 free(sav->key_auth, M_IPSEC_MISC); 2801 sav->key_auth = NULL; 2802 } 2803 if (sav->key_enc != NULL) { 2804 free(sav->key_enc, M_IPSEC_MISC); 2805 sav->key_enc = NULL; 2806 } 2807 if (sav->sched) { 2808 bzero(sav->sched, sav->schedlen); 2809 free(sav->sched, M_IPSEC_MISC); 2810 sav->sched = NULL; 2811 } 2812 if (sav->replay != NULL) { 2813 free(sav->replay, M_IPSEC_MISC); 2814 sav->replay = NULL; 2815 } 2816 if (sav->lft_c != NULL) { 2817 free(sav->lft_c, M_IPSEC_MISC); 2818 sav->lft_c = NULL; 2819 } 2820 if (sav->lft_h != NULL) { 2821 free(sav->lft_h, M_IPSEC_MISC); 2822 sav->lft_h = NULL; 2823 } 2824 if (sav->lft_s != NULL) { 2825 free(sav->lft_s, M_IPSEC_MISC); 2826 sav->lft_s = NULL; 2827 } 2828 } 2829 2830 /* 2831 * free() SA variable entry. 2832 */ 2833 static void 2834 key_delsav(sav) 2835 struct secasvar *sav; 2836 { 2837 IPSEC_ASSERT(sav != NULL, ("null sav")); 2838 IPSEC_ASSERT(sav->refcnt == 0, ("reference count %u > 0", sav->refcnt)); 2839 2840 /* remove from SA header */ 2841 if (__LIST_CHAINED(sav)) 2842 LIST_REMOVE(sav, chain); 2843 key_cleansav(sav); 2844 SECASVAR_LOCK_DESTROY(sav); 2845 free(sav, M_IPSEC_SA); 2846 } 2847 2848 /* 2849 * search SAD. 2850 * OUT: 2851 * NULL : not found 2852 * others : found, pointer to a SA. 2853 */ 2854 static struct secashead * 2855 key_getsah(saidx) 2856 struct secasindex *saidx; 2857 { 2858 struct secashead *sah; 2859 2860 SAHTREE_LOCK(); 2861 LIST_FOREACH(sah, &sahtree, chain) { 2862 if (sah->state == SADB_SASTATE_DEAD) 2863 continue; 2864 if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID)) 2865 break; 2866 } 2867 SAHTREE_UNLOCK(); 2868 2869 return sah; 2870 } 2871 2872 /* 2873 * check not to be duplicated SPI. 2874 * NOTE: this function is too slow due to searching all SAD. 2875 * OUT: 2876 * NULL : not found 2877 * others : found, pointer to a SA. 2878 */ 2879 static struct secasvar * 2880 key_checkspidup(saidx, spi) 2881 struct secasindex *saidx; 2882 u_int32_t spi; 2883 { 2884 struct secashead *sah; 2885 struct secasvar *sav; 2886 2887 /* check address family */ 2888 if (saidx->src.sa.sa_family != saidx->dst.sa.sa_family) { 2889 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", 2890 __func__)); 2891 return NULL; 2892 } 2893 2894 sav = NULL; 2895 /* check all SAD */ 2896 SAHTREE_LOCK(); 2897 LIST_FOREACH(sah, &sahtree, chain) { 2898 if (!key_ismyaddr((struct sockaddr *)&sah->saidx.dst)) 2899 continue; 2900 sav = key_getsavbyspi(sah, spi); 2901 if (sav != NULL) 2902 break; 2903 } 2904 SAHTREE_UNLOCK(); 2905 2906 return sav; 2907 } 2908 2909 /* 2910 * search SAD litmited alive SA, protocol, SPI. 2911 * OUT: 2912 * NULL : not found 2913 * others : found, pointer to a SA. 2914 */ 2915 static struct secasvar * 2916 key_getsavbyspi(sah, spi) 2917 struct secashead *sah; 2918 u_int32_t spi; 2919 { 2920 struct secasvar *sav; 2921 u_int stateidx, state; 2922 2923 sav = NULL; 2924 SAHTREE_LOCK_ASSERT(); 2925 /* search all status */ 2926 for (stateidx = 0; 2927 stateidx < _ARRAYLEN(saorder_state_alive); 2928 stateidx++) { 2929 2930 state = saorder_state_alive[stateidx]; 2931 LIST_FOREACH(sav, &sah->savtree[state], chain) { 2932 2933 /* sanity check */ 2934 if (sav->state != state) { 2935 ipseclog((LOG_DEBUG, "%s: " 2936 "invalid sav->state (queue: %d SA: %d)\n", 2937 __func__, state, sav->state)); 2938 continue; 2939 } 2940 2941 if (sav->spi == spi) 2942 return sav; 2943 } 2944 } 2945 2946 return NULL; 2947 } 2948 2949 /* 2950 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*. 2951 * You must update these if need. 2952 * OUT: 0: success. 2953 * !0: failure. 2954 * 2955 * does not modify mbuf. does not free mbuf on error. 2956 */ 2957 static int 2958 key_setsaval(sav, m, mhp) 2959 struct secasvar *sav; 2960 struct mbuf *m; 2961 const struct sadb_msghdr *mhp; 2962 { 2963 int error = 0; 2964 2965 IPSEC_ASSERT(m != NULL, ("null mbuf")); 2966 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 2967 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 2968 2969 /* initialization */ 2970 sav->replay = NULL; 2971 sav->key_auth = NULL; 2972 sav->key_enc = NULL; 2973 sav->sched = NULL; 2974 sav->schedlen = 0; 2975 sav->iv = NULL; 2976 sav->lft_c = NULL; 2977 sav->lft_h = NULL; 2978 sav->lft_s = NULL; 2979 sav->tdb_xform = NULL; /* transform */ 2980 sav->tdb_encalgxform = NULL; /* encoding algorithm */ 2981 sav->tdb_authalgxform = NULL; /* authentication algorithm */ 2982 sav->tdb_compalgxform = NULL; /* compression algorithm */ 2983 2984 /* SA */ 2985 if (mhp->ext[SADB_EXT_SA] != NULL) { 2986 const struct sadb_sa *sa0; 2987 2988 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 2989 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) { 2990 error = EINVAL; 2991 goto fail; 2992 } 2993 2994 sav->alg_auth = sa0->sadb_sa_auth; 2995 sav->alg_enc = sa0->sadb_sa_encrypt; 2996 sav->flags = sa0->sadb_sa_flags; 2997 2998 /* replay window */ 2999 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) { 3000 sav->replay = (struct secreplay *) 3001 malloc(sizeof(struct secreplay)+sa0->sadb_sa_replay, M_IPSEC_MISC, M_NOWAIT|M_ZERO); 3002 if (sav->replay == NULL) { 3003 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3004 __func__)); 3005 error = ENOBUFS; 3006 goto fail; 3007 } 3008 if (sa0->sadb_sa_replay != 0) 3009 sav->replay->bitmap = (caddr_t)(sav->replay+1); 3010 sav->replay->wsize = sa0->sadb_sa_replay; 3011 } 3012 } 3013 3014 /* Authentication keys */ 3015 if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) { 3016 const struct sadb_key *key0; 3017 int len; 3018 3019 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH]; 3020 len = mhp->extlen[SADB_EXT_KEY_AUTH]; 3021 3022 error = 0; 3023 if (len < sizeof(*key0)) { 3024 error = EINVAL; 3025 goto fail; 3026 } 3027 switch (mhp->msg->sadb_msg_satype) { 3028 case SADB_SATYPE_AH: 3029 case SADB_SATYPE_ESP: 3030 case SADB_X_SATYPE_TCPSIGNATURE: 3031 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3032 sav->alg_auth != SADB_X_AALG_NULL) 3033 error = EINVAL; 3034 break; 3035 case SADB_X_SATYPE_IPCOMP: 3036 default: 3037 error = EINVAL; 3038 break; 3039 } 3040 if (error) { 3041 ipseclog((LOG_DEBUG, "%s: invalid key_auth values.\n", 3042 __func__)); 3043 goto fail; 3044 } 3045 3046 sav->key_auth = key_dup(key0, len, M_IPSEC_MISC); 3047 if (sav->key_auth == NULL) { 3048 ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); 3049 error = ENOBUFS; 3050 goto fail; 3051 } 3052 } 3053 3054 /* Encryption key */ 3055 if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) { 3056 const struct sadb_key *key0; 3057 int len; 3058 3059 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT]; 3060 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT]; 3061 3062 error = 0; 3063 if (len < sizeof(*key0)) { 3064 error = EINVAL; 3065 goto fail; 3066 } 3067 switch (mhp->msg->sadb_msg_satype) { 3068 case SADB_SATYPE_ESP: 3069 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) && 3070 sav->alg_enc != SADB_EALG_NULL) { 3071 error = EINVAL; 3072 break; 3073 } 3074 sav->key_enc = key_dup(key0, len, M_IPSEC_MISC); 3075 if (sav->key_enc == NULL) { 3076 ipseclog((LOG_DEBUG, "%s: No more memory.\n", 3077 __func__)); 3078 error = ENOBUFS; 3079 goto fail; 3080 } 3081 break; 3082 case SADB_X_SATYPE_IPCOMP: 3083 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key))) 3084 error = EINVAL; 3085 sav->key_enc = NULL; /*just in case*/ 3086 break; 3087 case SADB_SATYPE_AH: 3088 case SADB_X_SATYPE_TCPSIGNATURE: 3089 default: 3090 error = EINVAL; 3091 break; 3092 } 3093 if (error) { 3094 ipseclog((LOG_DEBUG, "%s: invalid key_enc value.\n", 3095 __func__)); 3096 goto fail; 3097 } 3098 } 3099 3100 /* set iv */ 3101 sav->ivlen = 0; 3102 3103 switch (mhp->msg->sadb_msg_satype) { 3104 case SADB_SATYPE_AH: 3105 error = xform_init(sav, XF_AH); 3106 break; 3107 case SADB_SATYPE_ESP: 3108 error = xform_init(sav, XF_ESP); 3109 break; 3110 case SADB_X_SATYPE_IPCOMP: 3111 error = xform_init(sav, XF_IPCOMP); 3112 break; 3113 case SADB_X_SATYPE_TCPSIGNATURE: 3114 error = xform_init(sav, XF_TCPSIGNATURE); 3115 break; 3116 } 3117 if (error) { 3118 ipseclog((LOG_DEBUG, "%s: unable to initialize SA type %u.\n", 3119 __func__, mhp->msg->sadb_msg_satype)); 3120 goto fail; 3121 } 3122 3123 /* reset created */ 3124 sav->created = time_second; 3125 3126 /* make lifetime for CURRENT */ 3127 sav->lft_c = malloc(sizeof(struct sadb_lifetime), M_IPSEC_MISC, M_NOWAIT); 3128 if (sav->lft_c == NULL) { 3129 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3130 error = ENOBUFS; 3131 goto fail; 3132 } 3133 3134 sav->lft_c->sadb_lifetime_len = 3135 PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 3136 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 3137 sav->lft_c->sadb_lifetime_allocations = 0; 3138 sav->lft_c->sadb_lifetime_bytes = 0; 3139 sav->lft_c->sadb_lifetime_addtime = time_second; 3140 sav->lft_c->sadb_lifetime_usetime = 0; 3141 3142 /* lifetimes for HARD and SOFT */ 3143 { 3144 const struct sadb_lifetime *lft0; 3145 3146 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD]; 3147 if (lft0 != NULL) { 3148 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) { 3149 error = EINVAL; 3150 goto fail; 3151 } 3152 sav->lft_h = key_dup(lft0, sizeof(*lft0), M_IPSEC_MISC); 3153 if (sav->lft_h == NULL) { 3154 ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); 3155 error = ENOBUFS; 3156 goto fail; 3157 } 3158 /* to be initialize ? */ 3159 } 3160 3161 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT]; 3162 if (lft0 != NULL) { 3163 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) { 3164 error = EINVAL; 3165 goto fail; 3166 } 3167 sav->lft_s = key_dup(lft0, sizeof(*lft0), M_IPSEC_MISC); 3168 if (sav->lft_s == NULL) { 3169 ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); 3170 error = ENOBUFS; 3171 goto fail; 3172 } 3173 /* to be initialize ? */ 3174 } 3175 } 3176 3177 return 0; 3178 3179 fail: 3180 /* initialization */ 3181 key_cleansav(sav); 3182 3183 return error; 3184 } 3185 3186 /* 3187 * validation with a secasvar entry, and set SADB_SATYPE_MATURE. 3188 * OUT: 0: valid 3189 * other: errno 3190 */ 3191 static int 3192 key_mature(struct secasvar *sav) 3193 { 3194 int error; 3195 3196 /* check SPI value */ 3197 switch (sav->sah->saidx.proto) { 3198 case IPPROTO_ESP: 3199 case IPPROTO_AH: 3200 /* 3201 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values 3202 * 1-255 reserved by IANA for future use, 3203 * 0 for implementation specific, local use. 3204 */ 3205 if (ntohl(sav->spi) <= 255) { 3206 ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n", 3207 __func__, (u_int32_t)ntohl(sav->spi))); 3208 return EINVAL; 3209 } 3210 break; 3211 } 3212 3213 /* check satype */ 3214 switch (sav->sah->saidx.proto) { 3215 case IPPROTO_ESP: 3216 /* check flags */ 3217 if ((sav->flags & (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) == 3218 (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) { 3219 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3220 "given to old-esp.\n", __func__)); 3221 return EINVAL; 3222 } 3223 error = xform_init(sav, XF_ESP); 3224 break; 3225 case IPPROTO_AH: 3226 /* check flags */ 3227 if (sav->flags & SADB_X_EXT_DERIV) { 3228 ipseclog((LOG_DEBUG, "%s: invalid flag (derived) " 3229 "given to AH SA.\n", __func__)); 3230 return EINVAL; 3231 } 3232 if (sav->alg_enc != SADB_EALG_NONE) { 3233 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3234 "mismated.\n", __func__)); 3235 return(EINVAL); 3236 } 3237 error = xform_init(sav, XF_AH); 3238 break; 3239 case IPPROTO_IPCOMP: 3240 if (sav->alg_auth != SADB_AALG_NONE) { 3241 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3242 "mismated.\n", __func__)); 3243 return(EINVAL); 3244 } 3245 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 3246 && ntohl(sav->spi) >= 0x10000) { 3247 ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n", 3248 __func__)); 3249 return(EINVAL); 3250 } 3251 error = xform_init(sav, XF_IPCOMP); 3252 break; 3253 case IPPROTO_TCP: 3254 if (sav->alg_enc != SADB_EALG_NONE) { 3255 ipseclog((LOG_DEBUG, "%s: protocol and algorithm " 3256 "mismated.\n", __func__)); 3257 return(EINVAL); 3258 } 3259 error = xform_init(sav, XF_TCPSIGNATURE); 3260 break; 3261 default: 3262 ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__)); 3263 error = EPROTONOSUPPORT; 3264 break; 3265 } 3266 if (error == 0) { 3267 SAHTREE_LOCK(); 3268 key_sa_chgstate(sav, SADB_SASTATE_MATURE); 3269 SAHTREE_UNLOCK(); 3270 } 3271 return (error); 3272 } 3273 3274 /* 3275 * subroutine for SADB_GET and SADB_DUMP. 3276 */ 3277 static struct mbuf * 3278 key_setdumpsa(sav, type, satype, seq, pid) 3279 struct secasvar *sav; 3280 u_int8_t type, satype; 3281 u_int32_t seq, pid; 3282 { 3283 struct mbuf *result = NULL, *tres = NULL, *m; 3284 int l = 0; 3285 int i; 3286 void *p; 3287 int dumporder[] = { 3288 SADB_EXT_SA, SADB_X_EXT_SA2, 3289 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 3290 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC, 3291 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH, 3292 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC, 3293 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY, 3294 }; 3295 3296 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt); 3297 if (m == NULL) 3298 goto fail; 3299 result = m; 3300 3301 for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) { 3302 m = NULL; 3303 p = NULL; 3304 switch (dumporder[i]) { 3305 case SADB_EXT_SA: 3306 m = key_setsadbsa(sav); 3307 if (!m) 3308 goto fail; 3309 break; 3310 3311 case SADB_X_EXT_SA2: 3312 m = key_setsadbxsa2(sav->sah->saidx.mode, 3313 sav->replay ? sav->replay->count : 0, 3314 sav->sah->saidx.reqid); 3315 if (!m) 3316 goto fail; 3317 break; 3318 3319 case SADB_EXT_ADDRESS_SRC: 3320 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 3321 &sav->sah->saidx.src.sa, 3322 FULLMASK, IPSEC_ULPROTO_ANY); 3323 if (!m) 3324 goto fail; 3325 break; 3326 3327 case SADB_EXT_ADDRESS_DST: 3328 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 3329 &sav->sah->saidx.dst.sa, 3330 FULLMASK, IPSEC_ULPROTO_ANY); 3331 if (!m) 3332 goto fail; 3333 break; 3334 3335 case SADB_EXT_KEY_AUTH: 3336 if (!sav->key_auth) 3337 continue; 3338 l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len); 3339 p = sav->key_auth; 3340 break; 3341 3342 case SADB_EXT_KEY_ENCRYPT: 3343 if (!sav->key_enc) 3344 continue; 3345 l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len); 3346 p = sav->key_enc; 3347 break; 3348 3349 case SADB_EXT_LIFETIME_CURRENT: 3350 if (!sav->lft_c) 3351 continue; 3352 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len); 3353 p = sav->lft_c; 3354 break; 3355 3356 case SADB_EXT_LIFETIME_HARD: 3357 if (!sav->lft_h) 3358 continue; 3359 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len); 3360 p = sav->lft_h; 3361 break; 3362 3363 case SADB_EXT_LIFETIME_SOFT: 3364 if (!sav->lft_s) 3365 continue; 3366 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len); 3367 p = sav->lft_s; 3368 break; 3369 3370 case SADB_EXT_ADDRESS_PROXY: 3371 case SADB_EXT_IDENTITY_SRC: 3372 case SADB_EXT_IDENTITY_DST: 3373 /* XXX: should we brought from SPD ? */ 3374 case SADB_EXT_SENSITIVITY: 3375 default: 3376 continue; 3377 } 3378 3379 if ((!m && !p) || (m && p)) 3380 goto fail; 3381 if (p && tres) { 3382 M_PREPEND(tres, l, M_DONTWAIT); 3383 if (!tres) 3384 goto fail; 3385 bcopy(p, mtod(tres, caddr_t), l); 3386 continue; 3387 } 3388 if (p) { 3389 m = key_alloc_mbuf(l); 3390 if (!m) 3391 goto fail; 3392 m_copyback(m, 0, l, p); 3393 } 3394 3395 if (tres) 3396 m_cat(m, tres); 3397 tres = m; 3398 } 3399 3400 m_cat(result, tres); 3401 3402 if (result->m_len < sizeof(struct sadb_msg)) { 3403 result = m_pullup(result, sizeof(struct sadb_msg)); 3404 if (result == NULL) 3405 goto fail; 3406 } 3407 3408 result->m_pkthdr.len = 0; 3409 for (m = result; m; m = m->m_next) 3410 result->m_pkthdr.len += m->m_len; 3411 3412 mtod(result, struct sadb_msg *)->sadb_msg_len = 3413 PFKEY_UNIT64(result->m_pkthdr.len); 3414 3415 return result; 3416 3417 fail: 3418 m_freem(result); 3419 m_freem(tres); 3420 return NULL; 3421 } 3422 3423 /* 3424 * set data into sadb_msg. 3425 */ 3426 static struct mbuf * 3427 key_setsadbmsg(type, tlen, satype, seq, pid, reserved) 3428 u_int8_t type, satype; 3429 u_int16_t tlen; 3430 u_int32_t seq; 3431 pid_t pid; 3432 u_int16_t reserved; 3433 { 3434 struct mbuf *m; 3435 struct sadb_msg *p; 3436 int len; 3437 3438 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)); 3439 if (len > MCLBYTES) 3440 return NULL; 3441 MGETHDR(m, M_DONTWAIT, MT_DATA); 3442 if (m && len > MHLEN) { 3443 MCLGET(m, M_DONTWAIT); 3444 if ((m->m_flags & M_EXT) == 0) { 3445 m_freem(m); 3446 m = NULL; 3447 } 3448 } 3449 if (!m) 3450 return NULL; 3451 m->m_pkthdr.len = m->m_len = len; 3452 m->m_next = NULL; 3453 3454 p = mtod(m, struct sadb_msg *); 3455 3456 bzero(p, len); 3457 p->sadb_msg_version = PF_KEY_V2; 3458 p->sadb_msg_type = type; 3459 p->sadb_msg_errno = 0; 3460 p->sadb_msg_satype = satype; 3461 p->sadb_msg_len = PFKEY_UNIT64(tlen); 3462 p->sadb_msg_reserved = reserved; 3463 p->sadb_msg_seq = seq; 3464 p->sadb_msg_pid = (u_int32_t)pid; 3465 3466 return m; 3467 } 3468 3469 /* 3470 * copy secasvar data into sadb_address. 3471 */ 3472 static struct mbuf * 3473 key_setsadbsa(sav) 3474 struct secasvar *sav; 3475 { 3476 struct mbuf *m; 3477 struct sadb_sa *p; 3478 int len; 3479 3480 len = PFKEY_ALIGN8(sizeof(struct sadb_sa)); 3481 m = key_alloc_mbuf(len); 3482 if (!m || m->m_next) { /*XXX*/ 3483 if (m) 3484 m_freem(m); 3485 return NULL; 3486 } 3487 3488 p = mtod(m, struct sadb_sa *); 3489 3490 bzero(p, len); 3491 p->sadb_sa_len = PFKEY_UNIT64(len); 3492 p->sadb_sa_exttype = SADB_EXT_SA; 3493 p->sadb_sa_spi = sav->spi; 3494 p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0); 3495 p->sadb_sa_state = sav->state; 3496 p->sadb_sa_auth = sav->alg_auth; 3497 p->sadb_sa_encrypt = sav->alg_enc; 3498 p->sadb_sa_flags = sav->flags; 3499 3500 return m; 3501 } 3502 3503 /* 3504 * set data into sadb_address. 3505 */ 3506 static struct mbuf * 3507 key_setsadbaddr(exttype, saddr, prefixlen, ul_proto) 3508 u_int16_t exttype; 3509 const struct sockaddr *saddr; 3510 u_int8_t prefixlen; 3511 u_int16_t ul_proto; 3512 { 3513 struct mbuf *m; 3514 struct sadb_address *p; 3515 size_t len; 3516 3517 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) + 3518 PFKEY_ALIGN8(saddr->sa_len); 3519 m = key_alloc_mbuf(len); 3520 if (!m || m->m_next) { /*XXX*/ 3521 if (m) 3522 m_freem(m); 3523 return NULL; 3524 } 3525 3526 p = mtod(m, struct sadb_address *); 3527 3528 bzero(p, len); 3529 p->sadb_address_len = PFKEY_UNIT64(len); 3530 p->sadb_address_exttype = exttype; 3531 p->sadb_address_proto = ul_proto; 3532 if (prefixlen == FULLMASK) { 3533 switch (saddr->sa_family) { 3534 case AF_INET: 3535 prefixlen = sizeof(struct in_addr) << 3; 3536 break; 3537 case AF_INET6: 3538 prefixlen = sizeof(struct in6_addr) << 3; 3539 break; 3540 default: 3541 ; /*XXX*/ 3542 } 3543 } 3544 p->sadb_address_prefixlen = prefixlen; 3545 p->sadb_address_reserved = 0; 3546 3547 bcopy(saddr, 3548 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)), 3549 saddr->sa_len); 3550 3551 return m; 3552 } 3553 3554 /* 3555 * set data into sadb_x_sa2. 3556 */ 3557 static struct mbuf * 3558 key_setsadbxsa2(mode, seq, reqid) 3559 u_int8_t mode; 3560 u_int32_t seq, reqid; 3561 { 3562 struct mbuf *m; 3563 struct sadb_x_sa2 *p; 3564 size_t len; 3565 3566 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2)); 3567 m = key_alloc_mbuf(len); 3568 if (!m || m->m_next) { /*XXX*/ 3569 if (m) 3570 m_freem(m); 3571 return NULL; 3572 } 3573 3574 p = mtod(m, struct sadb_x_sa2 *); 3575 3576 bzero(p, len); 3577 p->sadb_x_sa2_len = PFKEY_UNIT64(len); 3578 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2; 3579 p->sadb_x_sa2_mode = mode; 3580 p->sadb_x_sa2_reserved1 = 0; 3581 p->sadb_x_sa2_reserved2 = 0; 3582 p->sadb_x_sa2_sequence = seq; 3583 p->sadb_x_sa2_reqid = reqid; 3584 3585 return m; 3586 } 3587 3588 /* 3589 * set data into sadb_x_policy 3590 */ 3591 static struct mbuf * 3592 key_setsadbxpolicy(type, dir, id) 3593 u_int16_t type; 3594 u_int8_t dir; 3595 u_int32_t id; 3596 { 3597 struct mbuf *m; 3598 struct sadb_x_policy *p; 3599 size_t len; 3600 3601 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy)); 3602 m = key_alloc_mbuf(len); 3603 if (!m || m->m_next) { /*XXX*/ 3604 if (m) 3605 m_freem(m); 3606 return NULL; 3607 } 3608 3609 p = mtod(m, struct sadb_x_policy *); 3610 3611 bzero(p, len); 3612 p->sadb_x_policy_len = PFKEY_UNIT64(len); 3613 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY; 3614 p->sadb_x_policy_type = type; 3615 p->sadb_x_policy_dir = dir; 3616 p->sadb_x_policy_id = id; 3617 3618 return m; 3619 } 3620 3621 /* %%% utilities */ 3622 /* 3623 * copy a buffer into the new buffer allocated. 3624 */ 3625 static void * 3626 key_dup(const void *src, u_int len, struct malloc_type *type) 3627 { 3628 void *copy; 3629 3630 copy = malloc(len, type, M_NOWAIT); 3631 if (copy == NULL) { 3632 /* XXX counter */ 3633 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 3634 } else 3635 bcopy(src, copy, len); 3636 return copy; 3637 } 3638 3639 /* compare my own address 3640 * OUT: 1: true, i.e. my address. 3641 * 0: false 3642 */ 3643 int 3644 key_ismyaddr(sa) 3645 struct sockaddr *sa; 3646 { 3647 #ifdef INET 3648 struct sockaddr_in *sin; 3649 struct in_ifaddr *ia; 3650 #endif 3651 3652 IPSEC_ASSERT(sa != NULL, ("null sockaddr")); 3653 3654 switch (sa->sa_family) { 3655 #ifdef INET 3656 case AF_INET: 3657 sin = (struct sockaddr_in *)sa; 3658 for (ia = in_ifaddrhead.tqh_first; ia; 3659 ia = ia->ia_link.tqe_next) 3660 { 3661 if (sin->sin_family == ia->ia_addr.sin_family && 3662 sin->sin_len == ia->ia_addr.sin_len && 3663 sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr) 3664 { 3665 return 1; 3666 } 3667 } 3668 break; 3669 #endif 3670 #ifdef INET6 3671 case AF_INET6: 3672 return key_ismyaddr6((struct sockaddr_in6 *)sa); 3673 #endif 3674 } 3675 3676 return 0; 3677 } 3678 3679 #ifdef INET6 3680 /* 3681 * compare my own address for IPv6. 3682 * 1: ours 3683 * 0: other 3684 * NOTE: derived ip6_input() in KAME. This is necessary to modify more. 3685 */ 3686 #include <netinet6/in6_var.h> 3687 3688 static int 3689 key_ismyaddr6(sin6) 3690 struct sockaddr_in6 *sin6; 3691 { 3692 struct in6_ifaddr *ia; 3693 struct in6_multi *in6m; 3694 3695 for (ia = in6_ifaddr; ia; ia = ia->ia_next) { 3696 if (key_sockaddrcmp((struct sockaddr *)&sin6, 3697 (struct sockaddr *)&ia->ia_addr, 0) == 0) 3698 return 1; 3699 3700 /* 3701 * XXX Multicast 3702 * XXX why do we care about multlicast here while we don't care 3703 * about IPv4 multicast?? 3704 * XXX scope 3705 */ 3706 in6m = NULL; 3707 IN6_LOOKUP_MULTI(sin6->sin6_addr, ia->ia_ifp, in6m); 3708 if (in6m) 3709 return 1; 3710 } 3711 3712 /* loopback, just for safety */ 3713 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr)) 3714 return 1; 3715 3716 return 0; 3717 } 3718 #endif /*INET6*/ 3719 3720 /* 3721 * compare two secasindex structure. 3722 * flag can specify to compare 2 saidxes. 3723 * compare two secasindex structure without both mode and reqid. 3724 * don't compare port. 3725 * IN: 3726 * saidx0: source, it can be in SAD. 3727 * saidx1: object. 3728 * OUT: 3729 * 1 : equal 3730 * 0 : not equal 3731 */ 3732 static int 3733 key_cmpsaidx( 3734 const struct secasindex *saidx0, 3735 const struct secasindex *saidx1, 3736 int flag) 3737 { 3738 /* sanity */ 3739 if (saidx0 == NULL && saidx1 == NULL) 3740 return 1; 3741 3742 if (saidx0 == NULL || saidx1 == NULL) 3743 return 0; 3744 3745 if (saidx0->proto != saidx1->proto) 3746 return 0; 3747 3748 if (flag == CMP_EXACTLY) { 3749 if (saidx0->mode != saidx1->mode) 3750 return 0; 3751 if (saidx0->reqid != saidx1->reqid) 3752 return 0; 3753 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.sa.sa_len) != 0 || 3754 bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.sa.sa_len) != 0) 3755 return 0; 3756 } else { 3757 3758 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */ 3759 if (flag == CMP_MODE_REQID 3760 ||flag == CMP_REQID) { 3761 /* 3762 * If reqid of SPD is non-zero, unique SA is required. 3763 * The result must be of same reqid in this case. 3764 */ 3765 if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid) 3766 return 0; 3767 } 3768 3769 if (flag == CMP_MODE_REQID) { 3770 if (saidx0->mode != IPSEC_MODE_ANY 3771 && saidx0->mode != saidx1->mode) 3772 return 0; 3773 } 3774 3775 if (key_sockaddrcmp(&saidx0->src.sa, &saidx1->src.sa, 0) != 0) { 3776 return 0; 3777 } 3778 if (key_sockaddrcmp(&saidx0->dst.sa, &saidx1->dst.sa, 0) != 0) { 3779 return 0; 3780 } 3781 } 3782 3783 return 1; 3784 } 3785 3786 /* 3787 * compare two secindex structure exactly. 3788 * IN: 3789 * spidx0: source, it is often in SPD. 3790 * spidx1: object, it is often from PFKEY message. 3791 * OUT: 3792 * 1 : equal 3793 * 0 : not equal 3794 */ 3795 static int 3796 key_cmpspidx_exactly( 3797 struct secpolicyindex *spidx0, 3798 struct secpolicyindex *spidx1) 3799 { 3800 /* sanity */ 3801 if (spidx0 == NULL && spidx1 == NULL) 3802 return 1; 3803 3804 if (spidx0 == NULL || spidx1 == NULL) 3805 return 0; 3806 3807 if (spidx0->prefs != spidx1->prefs 3808 || spidx0->prefd != spidx1->prefd 3809 || spidx0->ul_proto != spidx1->ul_proto) 3810 return 0; 3811 3812 return key_sockaddrcmp(&spidx0->src.sa, &spidx1->src.sa, 1) == 0 && 3813 key_sockaddrcmp(&spidx0->dst.sa, &spidx1->dst.sa, 1) == 0; 3814 } 3815 3816 /* 3817 * compare two secindex structure with mask. 3818 * IN: 3819 * spidx0: source, it is often in SPD. 3820 * spidx1: object, it is often from IP header. 3821 * OUT: 3822 * 1 : equal 3823 * 0 : not equal 3824 */ 3825 static int 3826 key_cmpspidx_withmask( 3827 struct secpolicyindex *spidx0, 3828 struct secpolicyindex *spidx1) 3829 { 3830 /* sanity */ 3831 if (spidx0 == NULL && spidx1 == NULL) 3832 return 1; 3833 3834 if (spidx0 == NULL || spidx1 == NULL) 3835 return 0; 3836 3837 if (spidx0->src.sa.sa_family != spidx1->src.sa.sa_family || 3838 spidx0->dst.sa.sa_family != spidx1->dst.sa.sa_family || 3839 spidx0->src.sa.sa_len != spidx1->src.sa.sa_len || 3840 spidx0->dst.sa.sa_len != spidx1->dst.sa.sa_len) 3841 return 0; 3842 3843 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */ 3844 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY 3845 && spidx0->ul_proto != spidx1->ul_proto) 3846 return 0; 3847 3848 switch (spidx0->src.sa.sa_family) { 3849 case AF_INET: 3850 if (spidx0->src.sin.sin_port != IPSEC_PORT_ANY 3851 && spidx0->src.sin.sin_port != spidx1->src.sin.sin_port) 3852 return 0; 3853 if (!key_bbcmp(&spidx0->src.sin.sin_addr, 3854 &spidx1->src.sin.sin_addr, spidx0->prefs)) 3855 return 0; 3856 break; 3857 case AF_INET6: 3858 if (spidx0->src.sin6.sin6_port != IPSEC_PORT_ANY 3859 && spidx0->src.sin6.sin6_port != spidx1->src.sin6.sin6_port) 3860 return 0; 3861 /* 3862 * scope_id check. if sin6_scope_id is 0, we regard it 3863 * as a wildcard scope, which matches any scope zone ID. 3864 */ 3865 if (spidx0->src.sin6.sin6_scope_id && 3866 spidx1->src.sin6.sin6_scope_id && 3867 spidx0->src.sin6.sin6_scope_id != spidx1->src.sin6.sin6_scope_id) 3868 return 0; 3869 if (!key_bbcmp(&spidx0->src.sin6.sin6_addr, 3870 &spidx1->src.sin6.sin6_addr, spidx0->prefs)) 3871 return 0; 3872 break; 3873 default: 3874 /* XXX */ 3875 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.sa.sa_len) != 0) 3876 return 0; 3877 break; 3878 } 3879 3880 switch (spidx0->dst.sa.sa_family) { 3881 case AF_INET: 3882 if (spidx0->dst.sin.sin_port != IPSEC_PORT_ANY 3883 && spidx0->dst.sin.sin_port != spidx1->dst.sin.sin_port) 3884 return 0; 3885 if (!key_bbcmp(&spidx0->dst.sin.sin_addr, 3886 &spidx1->dst.sin.sin_addr, spidx0->prefd)) 3887 return 0; 3888 break; 3889 case AF_INET6: 3890 if (spidx0->dst.sin6.sin6_port != IPSEC_PORT_ANY 3891 && spidx0->dst.sin6.sin6_port != spidx1->dst.sin6.sin6_port) 3892 return 0; 3893 /* 3894 * scope_id check. if sin6_scope_id is 0, we regard it 3895 * as a wildcard scope, which matches any scope zone ID. 3896 */ 3897 if (spidx0->dst.sin6.sin6_scope_id && 3898 spidx1->dst.sin6.sin6_scope_id && 3899 spidx0->dst.sin6.sin6_scope_id != spidx1->dst.sin6.sin6_scope_id) 3900 return 0; 3901 if (!key_bbcmp(&spidx0->dst.sin6.sin6_addr, 3902 &spidx1->dst.sin6.sin6_addr, spidx0->prefd)) 3903 return 0; 3904 break; 3905 default: 3906 /* XXX */ 3907 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.sa.sa_len) != 0) 3908 return 0; 3909 break; 3910 } 3911 3912 /* XXX Do we check other field ? e.g. flowinfo */ 3913 3914 return 1; 3915 } 3916 3917 /* returns 0 on match */ 3918 static int 3919 key_sockaddrcmp( 3920 const struct sockaddr *sa1, 3921 const struct sockaddr *sa2, 3922 int port) 3923 { 3924 #ifdef satosin 3925 #undef satosin 3926 #endif 3927 #define satosin(s) ((const struct sockaddr_in *)s) 3928 #ifdef satosin6 3929 #undef satosin6 3930 #endif 3931 #define satosin6(s) ((const struct sockaddr_in6 *)s) 3932 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len) 3933 return 1; 3934 3935 switch (sa1->sa_family) { 3936 case AF_INET: 3937 if (sa1->sa_len != sizeof(struct sockaddr_in)) 3938 return 1; 3939 if (satosin(sa1)->sin_addr.s_addr != 3940 satosin(sa2)->sin_addr.s_addr) { 3941 return 1; 3942 } 3943 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port) 3944 return 1; 3945 break; 3946 case AF_INET6: 3947 if (sa1->sa_len != sizeof(struct sockaddr_in6)) 3948 return 1; /*EINVAL*/ 3949 if (satosin6(sa1)->sin6_scope_id != 3950 satosin6(sa2)->sin6_scope_id) { 3951 return 1; 3952 } 3953 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr, 3954 &satosin6(sa2)->sin6_addr)) { 3955 return 1; 3956 } 3957 if (port && 3958 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) { 3959 return 1; 3960 } 3961 break; 3962 default: 3963 if (bcmp(sa1, sa2, sa1->sa_len) != 0) 3964 return 1; 3965 break; 3966 } 3967 3968 return 0; 3969 #undef satosin 3970 #undef satosin6 3971 } 3972 3973 /* 3974 * compare two buffers with mask. 3975 * IN: 3976 * addr1: source 3977 * addr2: object 3978 * bits: Number of bits to compare 3979 * OUT: 3980 * 1 : equal 3981 * 0 : not equal 3982 */ 3983 static int 3984 key_bbcmp(const void *a1, const void *a2, u_int bits) 3985 { 3986 const unsigned char *p1 = a1; 3987 const unsigned char *p2 = a2; 3988 3989 /* XXX: This could be considerably faster if we compare a word 3990 * at a time, but it is complicated on LSB Endian machines */ 3991 3992 /* Handle null pointers */ 3993 if (p1 == NULL || p2 == NULL) 3994 return (p1 == p2); 3995 3996 while (bits >= 8) { 3997 if (*p1++ != *p2++) 3998 return 0; 3999 bits -= 8; 4000 } 4001 4002 if (bits > 0) { 4003 u_int8_t mask = ~((1<<(8-bits))-1); 4004 if ((*p1 & mask) != (*p2 & mask)) 4005 return 0; 4006 } 4007 return 1; /* Match! */ 4008 } 4009 4010 static void 4011 key_flush_spd(time_t now) 4012 { 4013 static u_int16_t sptree_scangen = 0; 4014 u_int16_t gen = sptree_scangen++; 4015 struct secpolicy *sp; 4016 u_int dir; 4017 4018 /* SPD */ 4019 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) { 4020 restart: 4021 SPTREE_LOCK(); 4022 LIST_FOREACH(sp, &sptree[dir], chain) { 4023 if (sp->scangen == gen) /* previously handled */ 4024 continue; 4025 sp->scangen = gen; 4026 if (sp->state == IPSEC_SPSTATE_DEAD) { 4027 /* NB: clean entries created by key_spdflush */ 4028 SPTREE_UNLOCK(); 4029 KEY_FREESP(&sp); 4030 goto restart; 4031 } 4032 if (sp->lifetime == 0 && sp->validtime == 0) 4033 continue; 4034 if ((sp->lifetime && now - sp->created > sp->lifetime) 4035 || (sp->validtime && now - sp->lastused > sp->validtime)) { 4036 sp->state = IPSEC_SPSTATE_DEAD; 4037 SPTREE_UNLOCK(); 4038 key_spdexpire(sp); 4039 KEY_FREESP(&sp); 4040 goto restart; 4041 } 4042 } 4043 SPTREE_UNLOCK(); 4044 } 4045 } 4046 4047 static void 4048 key_flush_sad(time_t now) 4049 { 4050 struct secashead *sah, *nextsah; 4051 struct secasvar *sav, *nextsav; 4052 4053 /* SAD */ 4054 SAHTREE_LOCK(); 4055 LIST_FOREACH_SAFE(sah, &sahtree, chain, nextsah) { 4056 /* if sah has been dead, then delete it and process next sah. */ 4057 if (sah->state == SADB_SASTATE_DEAD) { 4058 key_delsah(sah); 4059 continue; 4060 } 4061 4062 /* if LARVAL entry doesn't become MATURE, delete it. */ 4063 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_LARVAL], chain, nextsav) { 4064 if (now - sav->created > key_larval_lifetime) 4065 KEY_FREESAV(&sav); 4066 } 4067 4068 /* 4069 * check MATURE entry to start to send expire message 4070 * whether or not. 4071 */ 4072 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_MATURE], chain, nextsav) { 4073 /* we don't need to check. */ 4074 if (sav->lft_s == NULL) 4075 continue; 4076 4077 /* sanity check */ 4078 if (sav->lft_c == NULL) { 4079 ipseclog((LOG_DEBUG,"%s: there is no CURRENT " 4080 "time, why?\n", __func__)); 4081 continue; 4082 } 4083 4084 /* check SOFT lifetime */ 4085 if (sav->lft_s->sadb_lifetime_addtime != 0 && 4086 now - sav->created > sav->lft_s->sadb_lifetime_addtime) { 4087 /* 4088 * check SA to be used whether or not. 4089 * when SA hasn't been used, delete it. 4090 */ 4091 if (sav->lft_c->sadb_lifetime_usetime == 0) { 4092 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 4093 KEY_FREESAV(&sav); 4094 } else { 4095 key_sa_chgstate(sav, SADB_SASTATE_DYING); 4096 /* 4097 * XXX If we keep to send expire 4098 * message in the status of 4099 * DYING. Do remove below code. 4100 */ 4101 key_expire(sav); 4102 } 4103 } 4104 /* check SOFT lifetime by bytes */ 4105 /* 4106 * XXX I don't know the way to delete this SA 4107 * when new SA is installed. Caution when it's 4108 * installed too big lifetime by time. 4109 */ 4110 else if (sav->lft_s->sadb_lifetime_bytes != 0 && 4111 sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) { 4112 4113 key_sa_chgstate(sav, SADB_SASTATE_DYING); 4114 /* 4115 * XXX If we keep to send expire 4116 * message in the status of 4117 * DYING. Do remove below code. 4118 */ 4119 key_expire(sav); 4120 } 4121 } 4122 4123 /* check DYING entry to change status to DEAD. */ 4124 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_DYING], chain, nextsav) { 4125 /* we don't need to check. */ 4126 if (sav->lft_h == NULL) 4127 continue; 4128 4129 /* sanity check */ 4130 if (sav->lft_c == NULL) { 4131 ipseclog((LOG_DEBUG, "%s: there is no CURRENT " 4132 "time, why?\n", __func__)); 4133 continue; 4134 } 4135 4136 if (sav->lft_h->sadb_lifetime_addtime != 0 && 4137 now - sav->created > sav->lft_h->sadb_lifetime_addtime) { 4138 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 4139 KEY_FREESAV(&sav); 4140 } 4141 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */ 4142 else if (sav->lft_s != NULL 4143 && sav->lft_s->sadb_lifetime_addtime != 0 4144 && now - sav->created > sav->lft_s->sadb_lifetime_addtime) { 4145 /* 4146 * XXX: should be checked to be 4147 * installed the valid SA. 4148 */ 4149 4150 /* 4151 * If there is no SA then sending 4152 * expire message. 4153 */ 4154 key_expire(sav); 4155 } 4156 #endif 4157 /* check HARD lifetime by bytes */ 4158 else if (sav->lft_h->sadb_lifetime_bytes != 0 && 4159 sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) { 4160 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 4161 KEY_FREESAV(&sav); 4162 } 4163 } 4164 4165 /* delete entry in DEAD */ 4166 LIST_FOREACH_SAFE(sav, &sah->savtree[SADB_SASTATE_DEAD], chain, nextsav) { 4167 /* sanity check */ 4168 if (sav->state != SADB_SASTATE_DEAD) { 4169 ipseclog((LOG_DEBUG, "%s: invalid sav->state " 4170 "(queue: %d SA: %d): kill it anyway\n", 4171 __func__, 4172 SADB_SASTATE_DEAD, sav->state)); 4173 } 4174 /* 4175 * do not call key_freesav() here. 4176 * sav should already be freed, and sav->refcnt 4177 * shows other references to sav 4178 * (such as from SPD). 4179 */ 4180 } 4181 } 4182 SAHTREE_UNLOCK(); 4183 } 4184 4185 static void 4186 key_flush_acq(time_t now) 4187 { 4188 struct secacq *acq, *nextacq; 4189 4190 /* ACQ tree */ 4191 ACQ_LOCK(); 4192 for (acq = LIST_FIRST(&acqtree); acq != NULL; acq = nextacq) { 4193 nextacq = LIST_NEXT(acq, chain); 4194 if (now - acq->created > key_blockacq_lifetime 4195 && __LIST_CHAINED(acq)) { 4196 LIST_REMOVE(acq, chain); 4197 free(acq, M_IPSEC_SAQ); 4198 } 4199 } 4200 ACQ_UNLOCK(); 4201 } 4202 4203 static void 4204 key_flush_spacq(time_t now) 4205 { 4206 struct secspacq *acq, *nextacq; 4207 4208 /* SP ACQ tree */ 4209 SPACQ_LOCK(); 4210 for (acq = LIST_FIRST(&spacqtree); acq != NULL; acq = nextacq) { 4211 nextacq = LIST_NEXT(acq, chain); 4212 if (now - acq->created > key_blockacq_lifetime 4213 && __LIST_CHAINED(acq)) { 4214 LIST_REMOVE(acq, chain); 4215 free(acq, M_IPSEC_SAQ); 4216 } 4217 } 4218 SPACQ_UNLOCK(); 4219 } 4220 4221 /* 4222 * time handler. 4223 * scanning SPD and SAD to check status for each entries, 4224 * and do to remove or to expire. 4225 * XXX: year 2038 problem may remain. 4226 */ 4227 void 4228 key_timehandler(void) 4229 { 4230 time_t now = time_second; 4231 4232 key_flush_spd(now); 4233 key_flush_sad(now); 4234 key_flush_acq(now); 4235 key_flush_spacq(now); 4236 4237 #ifndef IPSEC_DEBUG2 4238 /* do exchange to tick time !! */ 4239 (void)timeout((void *)key_timehandler, (void *)0, hz); 4240 #endif /* IPSEC_DEBUG2 */ 4241 } 4242 4243 u_long 4244 key_random() 4245 { 4246 u_long value; 4247 4248 key_randomfill(&value, sizeof(value)); 4249 return value; 4250 } 4251 4252 void 4253 key_randomfill(p, l) 4254 void *p; 4255 size_t l; 4256 { 4257 size_t n; 4258 u_long v; 4259 static int warn = 1; 4260 4261 n = 0; 4262 n = (size_t)read_random(p, (u_int)l); 4263 /* last resort */ 4264 while (n < l) { 4265 v = random(); 4266 bcopy(&v, (u_int8_t *)p + n, 4267 l - n < sizeof(v) ? l - n : sizeof(v)); 4268 n += sizeof(v); 4269 4270 if (warn) { 4271 printf("WARNING: pseudo-random number generator " 4272 "used for IPsec processing\n"); 4273 warn = 0; 4274 } 4275 } 4276 } 4277 4278 /* 4279 * map SADB_SATYPE_* to IPPROTO_*. 4280 * if satype == SADB_SATYPE then satype is mapped to ~0. 4281 * OUT: 4282 * 0: invalid satype. 4283 */ 4284 static u_int16_t 4285 key_satype2proto(satype) 4286 u_int8_t satype; 4287 { 4288 switch (satype) { 4289 case SADB_SATYPE_UNSPEC: 4290 return IPSEC_PROTO_ANY; 4291 case SADB_SATYPE_AH: 4292 return IPPROTO_AH; 4293 case SADB_SATYPE_ESP: 4294 return IPPROTO_ESP; 4295 case SADB_X_SATYPE_IPCOMP: 4296 return IPPROTO_IPCOMP; 4297 case SADB_X_SATYPE_TCPSIGNATURE: 4298 return IPPROTO_TCP; 4299 default: 4300 return 0; 4301 } 4302 /* NOTREACHED */ 4303 } 4304 4305 /* 4306 * map IPPROTO_* to SADB_SATYPE_* 4307 * OUT: 4308 * 0: invalid protocol type. 4309 */ 4310 static u_int8_t 4311 key_proto2satype(proto) 4312 u_int16_t proto; 4313 { 4314 switch (proto) { 4315 case IPPROTO_AH: 4316 return SADB_SATYPE_AH; 4317 case IPPROTO_ESP: 4318 return SADB_SATYPE_ESP; 4319 case IPPROTO_IPCOMP: 4320 return SADB_X_SATYPE_IPCOMP; 4321 case IPPROTO_TCP: 4322 return SADB_X_SATYPE_TCPSIGNATURE; 4323 default: 4324 return 0; 4325 } 4326 /* NOTREACHED */ 4327 } 4328 4329 /* %%% PF_KEY */ 4330 /* 4331 * SADB_GETSPI processing is to receive 4332 * <base, (SA2), src address, dst address, (SPI range)> 4333 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND 4334 * tree with the status of LARVAL, and send 4335 * <base, SA(*), address(SD)> 4336 * to the IKMPd. 4337 * 4338 * IN: mhp: pointer to the pointer to each header. 4339 * OUT: NULL if fail. 4340 * other if success, return pointer to the message to send. 4341 */ 4342 static int 4343 key_getspi(so, m, mhp) 4344 struct socket *so; 4345 struct mbuf *m; 4346 const struct sadb_msghdr *mhp; 4347 { 4348 struct sadb_address *src0, *dst0; 4349 struct secasindex saidx; 4350 struct secashead *newsah; 4351 struct secasvar *newsav; 4352 u_int8_t proto; 4353 u_int32_t spi; 4354 u_int8_t mode; 4355 u_int32_t reqid; 4356 int error; 4357 4358 IPSEC_ASSERT(so != NULL, ("null socket")); 4359 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4360 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4361 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4362 4363 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 4364 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { 4365 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 4366 __func__)); 4367 return key_senderror(so, m, EINVAL); 4368 } 4369 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 4370 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 4371 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 4372 __func__)); 4373 return key_senderror(so, m, EINVAL); 4374 } 4375 if (mhp->ext[SADB_X_EXT_SA2] != NULL) { 4376 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 4377 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 4378 } else { 4379 mode = IPSEC_MODE_ANY; 4380 reqid = 0; 4381 } 4382 4383 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 4384 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 4385 4386 /* map satype to proto */ 4387 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 4388 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 4389 __func__)); 4390 return key_senderror(so, m, EINVAL); 4391 } 4392 4393 /* make sure if port number is zero. */ 4394 switch (((struct sockaddr *)(src0 + 1))->sa_family) { 4395 case AF_INET: 4396 if (((struct sockaddr *)(src0 + 1))->sa_len != 4397 sizeof(struct sockaddr_in)) 4398 return key_senderror(so, m, EINVAL); 4399 ((struct sockaddr_in *)(src0 + 1))->sin_port = 0; 4400 break; 4401 case AF_INET6: 4402 if (((struct sockaddr *)(src0 + 1))->sa_len != 4403 sizeof(struct sockaddr_in6)) 4404 return key_senderror(so, m, EINVAL); 4405 ((struct sockaddr_in6 *)(src0 + 1))->sin6_port = 0; 4406 break; 4407 default: 4408 ; /*???*/ 4409 } 4410 switch (((struct sockaddr *)(dst0 + 1))->sa_family) { 4411 case AF_INET: 4412 if (((struct sockaddr *)(dst0 + 1))->sa_len != 4413 sizeof(struct sockaddr_in)) 4414 return key_senderror(so, m, EINVAL); 4415 ((struct sockaddr_in *)(dst0 + 1))->sin_port = 0; 4416 break; 4417 case AF_INET6: 4418 if (((struct sockaddr *)(dst0 + 1))->sa_len != 4419 sizeof(struct sockaddr_in6)) 4420 return key_senderror(so, m, EINVAL); 4421 ((struct sockaddr_in6 *)(dst0 + 1))->sin6_port = 0; 4422 break; 4423 default: 4424 ; /*???*/ 4425 } 4426 4427 /* XXX boundary check against sa_len */ 4428 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 4429 4430 /* SPI allocation */ 4431 spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], 4432 &saidx); 4433 if (spi == 0) 4434 return key_senderror(so, m, EINVAL); 4435 4436 /* get a SA index */ 4437 if ((newsah = key_getsah(&saidx)) == NULL) { 4438 /* create a new SA index */ 4439 if ((newsah = key_newsah(&saidx)) == NULL) { 4440 ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); 4441 return key_senderror(so, m, ENOBUFS); 4442 } 4443 } 4444 4445 /* get a new SA */ 4446 /* XXX rewrite */ 4447 newsav = KEY_NEWSAV(m, mhp, newsah, &error); 4448 if (newsav == NULL) { 4449 /* XXX don't free new SA index allocated in above. */ 4450 return key_senderror(so, m, error); 4451 } 4452 4453 /* set spi */ 4454 newsav->spi = htonl(spi); 4455 4456 /* delete the entry in acqtree */ 4457 if (mhp->msg->sadb_msg_seq != 0) { 4458 struct secacq *acq; 4459 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) { 4460 /* reset counter in order to deletion by timehandler. */ 4461 acq->created = time_second; 4462 acq->count = 0; 4463 } 4464 } 4465 4466 { 4467 struct mbuf *n, *nn; 4468 struct sadb_sa *m_sa; 4469 struct sadb_msg *newmsg; 4470 int off, len; 4471 4472 /* create new sadb_msg to reply. */ 4473 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) + 4474 PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4475 if (len > MCLBYTES) 4476 return key_senderror(so, m, ENOBUFS); 4477 4478 MGETHDR(n, M_DONTWAIT, MT_DATA); 4479 if (len > MHLEN) { 4480 MCLGET(n, M_DONTWAIT); 4481 if ((n->m_flags & M_EXT) == 0) { 4482 m_freem(n); 4483 n = NULL; 4484 } 4485 } 4486 if (!n) 4487 return key_senderror(so, m, ENOBUFS); 4488 4489 n->m_len = len; 4490 n->m_next = NULL; 4491 off = 0; 4492 4493 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 4494 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 4495 4496 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off); 4497 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa)); 4498 m_sa->sadb_sa_exttype = SADB_EXT_SA; 4499 m_sa->sadb_sa_spi = htonl(spi); 4500 off += PFKEY_ALIGN8(sizeof(struct sadb_sa)); 4501 4502 IPSEC_ASSERT(off == len, 4503 ("length inconsistency (off %u len %u)", off, len)); 4504 4505 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC, 4506 SADB_EXT_ADDRESS_DST); 4507 if (!n->m_next) { 4508 m_freem(n); 4509 return key_senderror(so, m, ENOBUFS); 4510 } 4511 4512 if (n->m_len < sizeof(struct sadb_msg)) { 4513 n = m_pullup(n, sizeof(struct sadb_msg)); 4514 if (n == NULL) 4515 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 4516 } 4517 4518 n->m_pkthdr.len = 0; 4519 for (nn = n; nn; nn = nn->m_next) 4520 n->m_pkthdr.len += nn->m_len; 4521 4522 newmsg = mtod(n, struct sadb_msg *); 4523 newmsg->sadb_msg_seq = newsav->seq; 4524 newmsg->sadb_msg_errno = 0; 4525 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 4526 4527 m_freem(m); 4528 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 4529 } 4530 } 4531 4532 /* 4533 * allocating new SPI 4534 * called by key_getspi(). 4535 * OUT: 4536 * 0: failure. 4537 * others: success. 4538 */ 4539 static u_int32_t 4540 key_do_getnewspi(spirange, saidx) 4541 struct sadb_spirange *spirange; 4542 struct secasindex *saidx; 4543 { 4544 u_int32_t newspi; 4545 u_int32_t min, max; 4546 int count = key_spi_trycnt; 4547 4548 /* set spi range to allocate */ 4549 if (spirange != NULL) { 4550 min = spirange->sadb_spirange_min; 4551 max = spirange->sadb_spirange_max; 4552 } else { 4553 min = key_spi_minval; 4554 max = key_spi_maxval; 4555 } 4556 /* IPCOMP needs 2-byte SPI */ 4557 if (saidx->proto == IPPROTO_IPCOMP) { 4558 u_int32_t t; 4559 if (min >= 0x10000) 4560 min = 0xffff; 4561 if (max >= 0x10000) 4562 max = 0xffff; 4563 if (min > max) { 4564 t = min; min = max; max = t; 4565 } 4566 } 4567 4568 if (min == max) { 4569 if (key_checkspidup(saidx, min) != NULL) { 4570 ipseclog((LOG_DEBUG, "%s: SPI %u exists already.\n", 4571 __func__, min)); 4572 return 0; 4573 } 4574 4575 count--; /* taking one cost. */ 4576 newspi = min; 4577 4578 } else { 4579 4580 /* init SPI */ 4581 newspi = 0; 4582 4583 /* when requesting to allocate spi ranged */ 4584 while (count--) { 4585 /* generate pseudo-random SPI value ranged. */ 4586 newspi = min + (key_random() % (max - min + 1)); 4587 4588 if (key_checkspidup(saidx, newspi) == NULL) 4589 break; 4590 } 4591 4592 if (count == 0 || newspi == 0) { 4593 ipseclog((LOG_DEBUG, "%s: to allocate spi is failed.\n", 4594 __func__)); 4595 return 0; 4596 } 4597 } 4598 4599 /* statistics */ 4600 keystat.getspi_count = 4601 (keystat.getspi_count + key_spi_trycnt - count) / 2; 4602 4603 return newspi; 4604 } 4605 4606 /* 4607 * SADB_UPDATE processing 4608 * receive 4609 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 4610 * key(AE), (identity(SD),) (sensitivity)> 4611 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL. 4612 * and send 4613 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 4614 * (identity(SD),) (sensitivity)> 4615 * to the ikmpd. 4616 * 4617 * m will always be freed. 4618 */ 4619 static int 4620 key_update(so, m, mhp) 4621 struct socket *so; 4622 struct mbuf *m; 4623 const struct sadb_msghdr *mhp; 4624 { 4625 struct sadb_sa *sa0; 4626 struct sadb_address *src0, *dst0; 4627 struct secasindex saidx; 4628 struct secashead *sah; 4629 struct secasvar *sav; 4630 u_int16_t proto; 4631 u_int8_t mode; 4632 u_int32_t reqid; 4633 int error; 4634 4635 IPSEC_ASSERT(so != NULL, ("null socket")); 4636 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4637 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4638 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4639 4640 /* map satype to proto */ 4641 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 4642 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 4643 __func__)); 4644 return key_senderror(so, m, EINVAL); 4645 } 4646 4647 if (mhp->ext[SADB_EXT_SA] == NULL || 4648 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 4649 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 4650 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 4651 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) || 4652 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 4653 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) || 4654 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL && 4655 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) || 4656 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL && 4657 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) { 4658 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 4659 __func__)); 4660 return key_senderror(so, m, EINVAL); 4661 } 4662 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || 4663 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 4664 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 4665 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 4666 __func__)); 4667 return key_senderror(so, m, EINVAL); 4668 } 4669 if (mhp->ext[SADB_X_EXT_SA2] != NULL) { 4670 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 4671 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 4672 } else { 4673 mode = IPSEC_MODE_ANY; 4674 reqid = 0; 4675 } 4676 /* XXX boundary checking for other extensions */ 4677 4678 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 4679 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 4680 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 4681 4682 /* XXX boundary check against sa_len */ 4683 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 4684 4685 /* get a SA header */ 4686 if ((sah = key_getsah(&saidx)) == NULL) { 4687 ipseclog((LOG_DEBUG, "%s: no SA index found.\n", __func__)); 4688 return key_senderror(so, m, ENOENT); 4689 } 4690 4691 /* set spidx if there */ 4692 /* XXX rewrite */ 4693 error = key_setident(sah, m, mhp); 4694 if (error) 4695 return key_senderror(so, m, error); 4696 4697 /* find a SA with sequence number. */ 4698 #ifdef IPSEC_DOSEQCHECK 4699 if (mhp->msg->sadb_msg_seq != 0 4700 && (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) { 4701 ipseclog((LOG_DEBUG, "%s: no larval SA with sequence %u " 4702 "exists.\n", __func__, mhp->msg->sadb_msg_seq)); 4703 return key_senderror(so, m, ENOENT); 4704 } 4705 #else 4706 SAHTREE_LOCK(); 4707 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); 4708 SAHTREE_UNLOCK(); 4709 if (sav == NULL) { 4710 ipseclog((LOG_DEBUG, "%s: no such a SA found (spi:%u)\n", 4711 __func__, (u_int32_t)ntohl(sa0->sadb_sa_spi))); 4712 return key_senderror(so, m, EINVAL); 4713 } 4714 #endif 4715 4716 /* validity check */ 4717 if (sav->sah->saidx.proto != proto) { 4718 ipseclog((LOG_DEBUG, "%s: protocol mismatched " 4719 "(DB=%u param=%u)\n", __func__, 4720 sav->sah->saidx.proto, proto)); 4721 return key_senderror(so, m, EINVAL); 4722 } 4723 #ifdef IPSEC_DOSEQCHECK 4724 if (sav->spi != sa0->sadb_sa_spi) { 4725 ipseclog((LOG_DEBUG, "%s: SPI mismatched (DB:%u param:%u)\n", 4726 __func__, 4727 (u_int32_t)ntohl(sav->spi), 4728 (u_int32_t)ntohl(sa0->sadb_sa_spi))); 4729 return key_senderror(so, m, EINVAL); 4730 } 4731 #endif 4732 if (sav->pid != mhp->msg->sadb_msg_pid) { 4733 ipseclog((LOG_DEBUG, "%s: pid mismatched (DB:%u param:%u)\n", 4734 __func__, sav->pid, mhp->msg->sadb_msg_pid)); 4735 return key_senderror(so, m, EINVAL); 4736 } 4737 4738 /* copy sav values */ 4739 error = key_setsaval(sav, m, mhp); 4740 if (error) { 4741 KEY_FREESAV(&sav); 4742 return key_senderror(so, m, error); 4743 } 4744 4745 /* check SA values to be mature. */ 4746 if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) { 4747 KEY_FREESAV(&sav); 4748 return key_senderror(so, m, 0); 4749 } 4750 4751 { 4752 struct mbuf *n; 4753 4754 /* set msg buf from mhp */ 4755 n = key_getmsgbuf_x1(m, mhp); 4756 if (n == NULL) { 4757 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 4758 return key_senderror(so, m, ENOBUFS); 4759 } 4760 4761 m_freem(m); 4762 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 4763 } 4764 } 4765 4766 /* 4767 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL. 4768 * only called by key_update(). 4769 * OUT: 4770 * NULL : not found 4771 * others : found, pointer to a SA. 4772 */ 4773 #ifdef IPSEC_DOSEQCHECK 4774 static struct secasvar * 4775 key_getsavbyseq(sah, seq) 4776 struct secashead *sah; 4777 u_int32_t seq; 4778 { 4779 struct secasvar *sav; 4780 u_int state; 4781 4782 state = SADB_SASTATE_LARVAL; 4783 4784 /* search SAD with sequence number ? */ 4785 LIST_FOREACH(sav, &sah->savtree[state], chain) { 4786 4787 KEY_CHKSASTATE(state, sav->state, __func__); 4788 4789 if (sav->seq == seq) { 4790 sa_addref(sav); 4791 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 4792 printf("DP %s cause refcnt++:%d SA:%p\n", 4793 __func__, sav->refcnt, sav)); 4794 return sav; 4795 } 4796 } 4797 4798 return NULL; 4799 } 4800 #endif 4801 4802 /* 4803 * SADB_ADD processing 4804 * add an entry to SA database, when received 4805 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 4806 * key(AE), (identity(SD),) (sensitivity)> 4807 * from the ikmpd, 4808 * and send 4809 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),) 4810 * (identity(SD),) (sensitivity)> 4811 * to the ikmpd. 4812 * 4813 * IGNORE identity and sensitivity messages. 4814 * 4815 * m will always be freed. 4816 */ 4817 static int 4818 key_add(so, m, mhp) 4819 struct socket *so; 4820 struct mbuf *m; 4821 const struct sadb_msghdr *mhp; 4822 { 4823 struct sadb_sa *sa0; 4824 struct sadb_address *src0, *dst0; 4825 struct secasindex saidx; 4826 struct secashead *newsah; 4827 struct secasvar *newsav; 4828 u_int16_t proto; 4829 u_int8_t mode; 4830 u_int32_t reqid; 4831 int error; 4832 4833 IPSEC_ASSERT(so != NULL, ("null socket")); 4834 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4835 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4836 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4837 4838 /* map satype to proto */ 4839 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 4840 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 4841 __func__)); 4842 return key_senderror(so, m, EINVAL); 4843 } 4844 4845 if (mhp->ext[SADB_EXT_SA] == NULL || 4846 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 4847 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 4848 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP && 4849 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) || 4850 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH && 4851 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) || 4852 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL && 4853 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) || 4854 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL && 4855 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) { 4856 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 4857 __func__)); 4858 return key_senderror(so, m, EINVAL); 4859 } 4860 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || 4861 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 4862 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 4863 /* XXX need more */ 4864 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 4865 __func__)); 4866 return key_senderror(so, m, EINVAL); 4867 } 4868 if (mhp->ext[SADB_X_EXT_SA2] != NULL) { 4869 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode; 4870 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid; 4871 } else { 4872 mode = IPSEC_MODE_ANY; 4873 reqid = 0; 4874 } 4875 4876 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 4877 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 4878 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 4879 4880 /* XXX boundary check against sa_len */ 4881 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); 4882 4883 /* get a SA header */ 4884 if ((newsah = key_getsah(&saidx)) == NULL) { 4885 /* create a new SA header */ 4886 if ((newsah = key_newsah(&saidx)) == NULL) { 4887 ipseclog((LOG_DEBUG, "%s: No more memory.\n",__func__)); 4888 return key_senderror(so, m, ENOBUFS); 4889 } 4890 } 4891 4892 /* set spidx if there */ 4893 /* XXX rewrite */ 4894 error = key_setident(newsah, m, mhp); 4895 if (error) { 4896 return key_senderror(so, m, error); 4897 } 4898 4899 /* create new SA entry. */ 4900 /* We can create new SA only if SPI is differenct. */ 4901 SAHTREE_LOCK(); 4902 newsav = key_getsavbyspi(newsah, sa0->sadb_sa_spi); 4903 SAHTREE_UNLOCK(); 4904 if (newsav != NULL) { 4905 ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__)); 4906 return key_senderror(so, m, EEXIST); 4907 } 4908 newsav = KEY_NEWSAV(m, mhp, newsah, &error); 4909 if (newsav == NULL) { 4910 return key_senderror(so, m, error); 4911 } 4912 4913 /* check SA values to be mature. */ 4914 if ((error = key_mature(newsav)) != 0) { 4915 KEY_FREESAV(&newsav); 4916 return key_senderror(so, m, error); 4917 } 4918 4919 /* 4920 * don't call key_freesav() here, as we would like to keep the SA 4921 * in the database on success. 4922 */ 4923 4924 { 4925 struct mbuf *n; 4926 4927 /* set msg buf from mhp */ 4928 n = key_getmsgbuf_x1(m, mhp); 4929 if (n == NULL) { 4930 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 4931 return key_senderror(so, m, ENOBUFS); 4932 } 4933 4934 m_freem(m); 4935 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 4936 } 4937 } 4938 4939 /* m is retained */ 4940 static int 4941 key_setident(sah, m, mhp) 4942 struct secashead *sah; 4943 struct mbuf *m; 4944 const struct sadb_msghdr *mhp; 4945 { 4946 const struct sadb_ident *idsrc, *iddst; 4947 int idsrclen, iddstlen; 4948 4949 IPSEC_ASSERT(sah != NULL, ("null secashead")); 4950 IPSEC_ASSERT(m != NULL, ("null mbuf")); 4951 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 4952 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 4953 4954 /* don't make buffer if not there */ 4955 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL && 4956 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { 4957 sah->idents = NULL; 4958 sah->identd = NULL; 4959 return 0; 4960 } 4961 4962 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL || 4963 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) { 4964 ipseclog((LOG_DEBUG, "%s: invalid identity.\n", __func__)); 4965 return EINVAL; 4966 } 4967 4968 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC]; 4969 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST]; 4970 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC]; 4971 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST]; 4972 4973 /* validity check */ 4974 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) { 4975 ipseclog((LOG_DEBUG, "%s: ident type mismatch.\n", __func__)); 4976 return EINVAL; 4977 } 4978 4979 switch (idsrc->sadb_ident_type) { 4980 case SADB_IDENTTYPE_PREFIX: 4981 case SADB_IDENTTYPE_FQDN: 4982 case SADB_IDENTTYPE_USERFQDN: 4983 default: 4984 /* XXX do nothing */ 4985 sah->idents = NULL; 4986 sah->identd = NULL; 4987 return 0; 4988 } 4989 4990 /* make structure */ 4991 sah->idents = malloc(idsrclen, M_IPSEC_MISC, M_NOWAIT); 4992 if (sah->idents == NULL) { 4993 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 4994 return ENOBUFS; 4995 } 4996 sah->identd = malloc(iddstlen, M_IPSEC_MISC, M_NOWAIT); 4997 if (sah->identd == NULL) { 4998 free(sah->idents, M_IPSEC_MISC); 4999 sah->idents = NULL; 5000 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5001 return ENOBUFS; 5002 } 5003 bcopy(idsrc, sah->idents, idsrclen); 5004 bcopy(iddst, sah->identd, iddstlen); 5005 5006 return 0; 5007 } 5008 5009 /* 5010 * m will not be freed on return. 5011 * it is caller's responsibility to free the result. 5012 */ 5013 static struct mbuf * 5014 key_getmsgbuf_x1(m, mhp) 5015 struct mbuf *m; 5016 const struct sadb_msghdr *mhp; 5017 { 5018 struct mbuf *n; 5019 5020 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5021 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5022 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5023 5024 /* create new sadb_msg to reply. */ 5025 n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED, 5026 SADB_EXT_SA, SADB_X_EXT_SA2, 5027 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, 5028 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT, 5029 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST); 5030 if (!n) 5031 return NULL; 5032 5033 if (n->m_len < sizeof(struct sadb_msg)) { 5034 n = m_pullup(n, sizeof(struct sadb_msg)); 5035 if (n == NULL) 5036 return NULL; 5037 } 5038 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0; 5039 mtod(n, struct sadb_msg *)->sadb_msg_len = 5040 PFKEY_UNIT64(n->m_pkthdr.len); 5041 5042 return n; 5043 } 5044 5045 static int key_delete_all __P((struct socket *, struct mbuf *, 5046 const struct sadb_msghdr *, u_int16_t)); 5047 5048 /* 5049 * SADB_DELETE processing 5050 * receive 5051 * <base, SA(*), address(SD)> 5052 * from the ikmpd, and set SADB_SASTATE_DEAD, 5053 * and send, 5054 * <base, SA(*), address(SD)> 5055 * to the ikmpd. 5056 * 5057 * m will always be freed. 5058 */ 5059 static int 5060 key_delete(so, m, mhp) 5061 struct socket *so; 5062 struct mbuf *m; 5063 const struct sadb_msghdr *mhp; 5064 { 5065 struct sadb_sa *sa0; 5066 struct sadb_address *src0, *dst0; 5067 struct secasindex saidx; 5068 struct secashead *sah; 5069 struct secasvar *sav = NULL; 5070 u_int16_t proto; 5071 5072 IPSEC_ASSERT(so != NULL, ("null socket")); 5073 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5074 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5075 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5076 5077 /* map satype to proto */ 5078 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5079 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5080 __func__)); 5081 return key_senderror(so, m, EINVAL); 5082 } 5083 5084 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 5085 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { 5086 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5087 __func__)); 5088 return key_senderror(so, m, EINVAL); 5089 } 5090 5091 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 5092 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 5093 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5094 __func__)); 5095 return key_senderror(so, m, EINVAL); 5096 } 5097 5098 if (mhp->ext[SADB_EXT_SA] == NULL) { 5099 /* 5100 * Caller wants us to delete all non-LARVAL SAs 5101 * that match the src/dst. This is used during 5102 * IKE INITIAL-CONTACT. 5103 */ 5104 ipseclog((LOG_DEBUG, "%s: doing delete all.\n", __func__)); 5105 return key_delete_all(so, m, mhp, proto); 5106 } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) { 5107 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5108 __func__)); 5109 return key_senderror(so, m, EINVAL); 5110 } 5111 5112 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5113 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5114 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5115 5116 /* XXX boundary check against sa_len */ 5117 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 5118 5119 /* get a SA header */ 5120 SAHTREE_LOCK(); 5121 LIST_FOREACH(sah, &sahtree, chain) { 5122 if (sah->state == SADB_SASTATE_DEAD) 5123 continue; 5124 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) 5125 continue; 5126 5127 /* get a SA with SPI. */ 5128 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); 5129 if (sav) 5130 break; 5131 } 5132 if (sah == NULL) { 5133 SAHTREE_UNLOCK(); 5134 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); 5135 return key_senderror(so, m, ENOENT); 5136 } 5137 5138 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 5139 SAHTREE_UNLOCK(); 5140 KEY_FREESAV(&sav); 5141 5142 { 5143 struct mbuf *n; 5144 struct sadb_msg *newmsg; 5145 5146 /* create new sadb_msg to reply. */ 5147 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED, 5148 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 5149 if (!n) 5150 return key_senderror(so, m, ENOBUFS); 5151 5152 if (n->m_len < sizeof(struct sadb_msg)) { 5153 n = m_pullup(n, sizeof(struct sadb_msg)); 5154 if (n == NULL) 5155 return key_senderror(so, m, ENOBUFS); 5156 } 5157 newmsg = mtod(n, struct sadb_msg *); 5158 newmsg->sadb_msg_errno = 0; 5159 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5160 5161 m_freem(m); 5162 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5163 } 5164 } 5165 5166 /* 5167 * delete all SAs for src/dst. Called from key_delete(). 5168 */ 5169 static int 5170 key_delete_all(so, m, mhp, proto) 5171 struct socket *so; 5172 struct mbuf *m; 5173 const struct sadb_msghdr *mhp; 5174 u_int16_t proto; 5175 { 5176 struct sadb_address *src0, *dst0; 5177 struct secasindex saidx; 5178 struct secashead *sah; 5179 struct secasvar *sav, *nextsav; 5180 u_int stateidx, state; 5181 5182 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]); 5183 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]); 5184 5185 /* XXX boundary check against sa_len */ 5186 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 5187 5188 SAHTREE_LOCK(); 5189 LIST_FOREACH(sah, &sahtree, chain) { 5190 if (sah->state == SADB_SASTATE_DEAD) 5191 continue; 5192 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) 5193 continue; 5194 5195 /* Delete all non-LARVAL SAs. */ 5196 for (stateidx = 0; 5197 stateidx < _ARRAYLEN(saorder_state_alive); 5198 stateidx++) { 5199 state = saorder_state_alive[stateidx]; 5200 if (state == SADB_SASTATE_LARVAL) 5201 continue; 5202 for (sav = LIST_FIRST(&sah->savtree[state]); 5203 sav != NULL; sav = nextsav) { 5204 nextsav = LIST_NEXT(sav, chain); 5205 /* sanity check */ 5206 if (sav->state != state) { 5207 ipseclog((LOG_DEBUG, "%s: invalid " 5208 "sav->state (queue %d SA %d)\n", 5209 __func__, state, sav->state)); 5210 continue; 5211 } 5212 5213 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 5214 KEY_FREESAV(&sav); 5215 } 5216 } 5217 } 5218 SAHTREE_UNLOCK(); 5219 { 5220 struct mbuf *n; 5221 struct sadb_msg *newmsg; 5222 5223 /* create new sadb_msg to reply. */ 5224 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED, 5225 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST); 5226 if (!n) 5227 return key_senderror(so, m, ENOBUFS); 5228 5229 if (n->m_len < sizeof(struct sadb_msg)) { 5230 n = m_pullup(n, sizeof(struct sadb_msg)); 5231 if (n == NULL) 5232 return key_senderror(so, m, ENOBUFS); 5233 } 5234 newmsg = mtod(n, struct sadb_msg *); 5235 newmsg->sadb_msg_errno = 0; 5236 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len); 5237 5238 m_freem(m); 5239 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL); 5240 } 5241 } 5242 5243 /* 5244 * SADB_GET processing 5245 * receive 5246 * <base, SA(*), address(SD)> 5247 * from the ikmpd, and get a SP and a SA to respond, 5248 * and send, 5249 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE), 5250 * (identity(SD),) (sensitivity)> 5251 * to the ikmpd. 5252 * 5253 * m will always be freed. 5254 */ 5255 static int 5256 key_get(so, m, mhp) 5257 struct socket *so; 5258 struct mbuf *m; 5259 const struct sadb_msghdr *mhp; 5260 { 5261 struct sadb_sa *sa0; 5262 struct sadb_address *src0, *dst0; 5263 struct secasindex saidx; 5264 struct secashead *sah; 5265 struct secasvar *sav = NULL; 5266 u_int16_t proto; 5267 5268 IPSEC_ASSERT(so != NULL, ("null socket")); 5269 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5270 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5271 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5272 5273 /* map satype to proto */ 5274 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5275 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5276 __func__)); 5277 return key_senderror(so, m, EINVAL); 5278 } 5279 5280 if (mhp->ext[SADB_EXT_SA] == NULL || 5281 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 5282 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) { 5283 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5284 __func__)); 5285 return key_senderror(so, m, EINVAL); 5286 } 5287 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) || 5288 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 5289 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) { 5290 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5291 __func__)); 5292 return key_senderror(so, m, EINVAL); 5293 } 5294 5295 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; 5296 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 5297 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 5298 5299 /* XXX boundary check against sa_len */ 5300 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 5301 5302 /* get a SA header */ 5303 SAHTREE_LOCK(); 5304 LIST_FOREACH(sah, &sahtree, chain) { 5305 if (sah->state == SADB_SASTATE_DEAD) 5306 continue; 5307 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0) 5308 continue; 5309 5310 /* get a SA with SPI. */ 5311 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi); 5312 if (sav) 5313 break; 5314 } 5315 SAHTREE_UNLOCK(); 5316 if (sah == NULL) { 5317 ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); 5318 return key_senderror(so, m, ENOENT); 5319 } 5320 5321 { 5322 struct mbuf *n; 5323 u_int8_t satype; 5324 5325 /* map proto to satype */ 5326 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 5327 ipseclog((LOG_DEBUG, "%s: there was invalid proto in SAD.\n", 5328 __func__)); 5329 return key_senderror(so, m, EINVAL); 5330 } 5331 5332 /* create new sadb_msg to reply. */ 5333 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq, 5334 mhp->msg->sadb_msg_pid); 5335 if (!n) 5336 return key_senderror(so, m, ENOBUFS); 5337 5338 m_freem(m); 5339 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 5340 } 5341 } 5342 5343 /* XXX make it sysctl-configurable? */ 5344 static void 5345 key_getcomb_setlifetime(comb) 5346 struct sadb_comb *comb; 5347 { 5348 5349 comb->sadb_comb_soft_allocations = 1; 5350 comb->sadb_comb_hard_allocations = 1; 5351 comb->sadb_comb_soft_bytes = 0; 5352 comb->sadb_comb_hard_bytes = 0; 5353 comb->sadb_comb_hard_addtime = 86400; /* 1 day */ 5354 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; 5355 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */ 5356 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100; 5357 } 5358 5359 /* 5360 * XXX reorder combinations by preference 5361 * XXX no idea if the user wants ESP authentication or not 5362 */ 5363 static struct mbuf * 5364 key_getcomb_esp() 5365 { 5366 struct sadb_comb *comb; 5367 struct enc_xform *algo; 5368 struct mbuf *result = NULL, *m, *n; 5369 int encmin; 5370 int i, off, o; 5371 int totlen; 5372 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 5373 5374 m = NULL; 5375 for (i = 1; i <= SADB_EALG_MAX; i++) { 5376 algo = esp_algorithm_lookup(i); 5377 if (algo == NULL) 5378 continue; 5379 5380 /* discard algorithms with key size smaller than system min */ 5381 if (_BITS(algo->maxkey) < ipsec_esp_keymin) 5382 continue; 5383 if (_BITS(algo->minkey) < ipsec_esp_keymin) 5384 encmin = ipsec_esp_keymin; 5385 else 5386 encmin = _BITS(algo->minkey); 5387 5388 if (ipsec_esp_auth) 5389 m = key_getcomb_ah(); 5390 else { 5391 IPSEC_ASSERT(l <= MLEN, 5392 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 5393 MGET(m, M_DONTWAIT, MT_DATA); 5394 if (m) { 5395 M_ALIGN(m, l); 5396 m->m_len = l; 5397 m->m_next = NULL; 5398 bzero(mtod(m, caddr_t), m->m_len); 5399 } 5400 } 5401 if (!m) 5402 goto fail; 5403 5404 totlen = 0; 5405 for (n = m; n; n = n->m_next) 5406 totlen += n->m_len; 5407 IPSEC_ASSERT((totlen % l) == 0, ("totlen=%u, l=%u", totlen, l)); 5408 5409 for (off = 0; off < totlen; off += l) { 5410 n = m_pulldown(m, off, l, &o); 5411 if (!n) { 5412 /* m is already freed */ 5413 goto fail; 5414 } 5415 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o); 5416 bzero(comb, sizeof(*comb)); 5417 key_getcomb_setlifetime(comb); 5418 comb->sadb_comb_encrypt = i; 5419 comb->sadb_comb_encrypt_minbits = encmin; 5420 comb->sadb_comb_encrypt_maxbits = _BITS(algo->maxkey); 5421 } 5422 5423 if (!result) 5424 result = m; 5425 else 5426 m_cat(result, m); 5427 } 5428 5429 return result; 5430 5431 fail: 5432 if (result) 5433 m_freem(result); 5434 return NULL; 5435 } 5436 5437 static void 5438 key_getsizes_ah( 5439 const struct auth_hash *ah, 5440 int alg, 5441 u_int16_t* min, 5442 u_int16_t* max) 5443 { 5444 *min = *max = ah->keysize; 5445 if (ah->keysize == 0) { 5446 /* 5447 * Transform takes arbitrary key size but algorithm 5448 * key size is restricted. Enforce this here. 5449 */ 5450 switch (alg) { 5451 case SADB_X_AALG_MD5: *min = *max = 16; break; 5452 case SADB_X_AALG_SHA: *min = *max = 20; break; 5453 case SADB_X_AALG_NULL: *min = 1; *max = 256; break; 5454 default: 5455 DPRINTF(("%s: unknown AH algorithm %u\n", 5456 __func__, alg)); 5457 break; 5458 } 5459 } 5460 } 5461 5462 /* 5463 * XXX reorder combinations by preference 5464 */ 5465 static struct mbuf * 5466 key_getcomb_ah() 5467 { 5468 struct sadb_comb *comb; 5469 struct auth_hash *algo; 5470 struct mbuf *m; 5471 u_int16_t minkeysize, maxkeysize; 5472 int i; 5473 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 5474 5475 m = NULL; 5476 for (i = 1; i <= SADB_AALG_MAX; i++) { 5477 #if 1 5478 /* we prefer HMAC algorithms, not old algorithms */ 5479 if (i != SADB_AALG_SHA1HMAC && i != SADB_AALG_MD5HMAC) 5480 continue; 5481 #endif 5482 algo = ah_algorithm_lookup(i); 5483 if (!algo) 5484 continue; 5485 key_getsizes_ah(algo, i, &minkeysize, &maxkeysize); 5486 /* discard algorithms with key size smaller than system min */ 5487 if (_BITS(minkeysize) < ipsec_ah_keymin) 5488 continue; 5489 5490 if (!m) { 5491 IPSEC_ASSERT(l <= MLEN, 5492 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 5493 MGET(m, M_DONTWAIT, MT_DATA); 5494 if (m) { 5495 M_ALIGN(m, l); 5496 m->m_len = l; 5497 m->m_next = NULL; 5498 } 5499 } else 5500 M_PREPEND(m, l, M_DONTWAIT); 5501 if (!m) 5502 return NULL; 5503 5504 comb = mtod(m, struct sadb_comb *); 5505 bzero(comb, sizeof(*comb)); 5506 key_getcomb_setlifetime(comb); 5507 comb->sadb_comb_auth = i; 5508 comb->sadb_comb_auth_minbits = _BITS(minkeysize); 5509 comb->sadb_comb_auth_maxbits = _BITS(maxkeysize); 5510 } 5511 5512 return m; 5513 } 5514 5515 /* 5516 * not really an official behavior. discussed in pf_key@inner.net in Sep2000. 5517 * XXX reorder combinations by preference 5518 */ 5519 static struct mbuf * 5520 key_getcomb_ipcomp() 5521 { 5522 struct sadb_comb *comb; 5523 struct comp_algo *algo; 5524 struct mbuf *m; 5525 int i; 5526 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb)); 5527 5528 m = NULL; 5529 for (i = 1; i <= SADB_X_CALG_MAX; i++) { 5530 algo = ipcomp_algorithm_lookup(i); 5531 if (!algo) 5532 continue; 5533 5534 if (!m) { 5535 IPSEC_ASSERT(l <= MLEN, 5536 ("l=%u > MLEN=%lu", l, (u_long) MLEN)); 5537 MGET(m, M_DONTWAIT, MT_DATA); 5538 if (m) { 5539 M_ALIGN(m, l); 5540 m->m_len = l; 5541 m->m_next = NULL; 5542 } 5543 } else 5544 M_PREPEND(m, l, M_DONTWAIT); 5545 if (!m) 5546 return NULL; 5547 5548 comb = mtod(m, struct sadb_comb *); 5549 bzero(comb, sizeof(*comb)); 5550 key_getcomb_setlifetime(comb); 5551 comb->sadb_comb_encrypt = i; 5552 /* what should we set into sadb_comb_*_{min,max}bits? */ 5553 } 5554 5555 return m; 5556 } 5557 5558 /* 5559 * XXX no way to pass mode (transport/tunnel) to userland 5560 * XXX replay checking? 5561 * XXX sysctl interface to ipsec_{ah,esp}_keymin 5562 */ 5563 static struct mbuf * 5564 key_getprop(saidx) 5565 const struct secasindex *saidx; 5566 { 5567 struct sadb_prop *prop; 5568 struct mbuf *m, *n; 5569 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop)); 5570 int totlen; 5571 5572 switch (saidx->proto) { 5573 case IPPROTO_ESP: 5574 m = key_getcomb_esp(); 5575 break; 5576 case IPPROTO_AH: 5577 m = key_getcomb_ah(); 5578 break; 5579 case IPPROTO_IPCOMP: 5580 m = key_getcomb_ipcomp(); 5581 break; 5582 default: 5583 return NULL; 5584 } 5585 5586 if (!m) 5587 return NULL; 5588 M_PREPEND(m, l, M_DONTWAIT); 5589 if (!m) 5590 return NULL; 5591 5592 totlen = 0; 5593 for (n = m; n; n = n->m_next) 5594 totlen += n->m_len; 5595 5596 prop = mtod(m, struct sadb_prop *); 5597 bzero(prop, sizeof(*prop)); 5598 prop->sadb_prop_len = PFKEY_UNIT64(totlen); 5599 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL; 5600 prop->sadb_prop_replay = 32; /* XXX */ 5601 5602 return m; 5603 } 5604 5605 /* 5606 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2(). 5607 * send 5608 * <base, SA, address(SD), (address(P)), x_policy, 5609 * (identity(SD),) (sensitivity,) proposal> 5610 * to KMD, and expect to receive 5611 * <base> with SADB_ACQUIRE if error occured, 5612 * or 5613 * <base, src address, dst address, (SPI range)> with SADB_GETSPI 5614 * from KMD by PF_KEY. 5615 * 5616 * XXX x_policy is outside of RFC2367 (KAME extension). 5617 * XXX sensitivity is not supported. 5618 * XXX for ipcomp, RFC2367 does not define how to fill in proposal. 5619 * see comment for key_getcomb_ipcomp(). 5620 * 5621 * OUT: 5622 * 0 : succeed 5623 * others: error number 5624 */ 5625 static int 5626 key_acquire(const struct secasindex *saidx, struct secpolicy *sp) 5627 { 5628 struct mbuf *result = NULL, *m; 5629 struct secacq *newacq; 5630 u_int8_t satype; 5631 int error = -1; 5632 u_int32_t seq; 5633 5634 IPSEC_ASSERT(saidx != NULL, ("null saidx")); 5635 satype = key_proto2satype(saidx->proto); 5636 IPSEC_ASSERT(satype != 0, ("null satype, protocol %u", saidx->proto)); 5637 5638 /* 5639 * We never do anything about acquirng SA. There is anather 5640 * solution that kernel blocks to send SADB_ACQUIRE message until 5641 * getting something message from IKEd. In later case, to be 5642 * managed with ACQUIRING list. 5643 */ 5644 /* Get an entry to check whether sending message or not. */ 5645 if ((newacq = key_getacq(saidx)) != NULL) { 5646 if (key_blockacq_count < newacq->count) { 5647 /* reset counter and do send message. */ 5648 newacq->count = 0; 5649 } else { 5650 /* increment counter and do nothing. */ 5651 newacq->count++; 5652 return 0; 5653 } 5654 } else { 5655 /* make new entry for blocking to send SADB_ACQUIRE. */ 5656 if ((newacq = key_newacq(saidx)) == NULL) 5657 return ENOBUFS; 5658 } 5659 5660 5661 seq = newacq->seq; 5662 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0); 5663 if (!m) { 5664 error = ENOBUFS; 5665 goto fail; 5666 } 5667 result = m; 5668 5669 /* set sadb_address for saidx's. */ 5670 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 5671 &saidx->src.sa, FULLMASK, IPSEC_ULPROTO_ANY); 5672 if (!m) { 5673 error = ENOBUFS; 5674 goto fail; 5675 } 5676 m_cat(result, m); 5677 5678 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 5679 &saidx->dst.sa, FULLMASK, IPSEC_ULPROTO_ANY); 5680 if (!m) { 5681 error = ENOBUFS; 5682 goto fail; 5683 } 5684 m_cat(result, m); 5685 5686 /* XXX proxy address (optional) */ 5687 5688 /* set sadb_x_policy */ 5689 if (sp) { 5690 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id); 5691 if (!m) { 5692 error = ENOBUFS; 5693 goto fail; 5694 } 5695 m_cat(result, m); 5696 } 5697 5698 /* XXX identity (optional) */ 5699 #if 0 5700 if (idexttype && fqdn) { 5701 /* create identity extension (FQDN) */ 5702 struct sadb_ident *id; 5703 int fqdnlen; 5704 5705 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */ 5706 id = (struct sadb_ident *)p; 5707 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 5708 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen)); 5709 id->sadb_ident_exttype = idexttype; 5710 id->sadb_ident_type = SADB_IDENTTYPE_FQDN; 5711 bcopy(fqdn, id + 1, fqdnlen); 5712 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen); 5713 } 5714 5715 if (idexttype) { 5716 /* create identity extension (USERFQDN) */ 5717 struct sadb_ident *id; 5718 int userfqdnlen; 5719 5720 if (userfqdn) { 5721 /* +1 for terminating-NUL */ 5722 userfqdnlen = strlen(userfqdn) + 1; 5723 } else 5724 userfqdnlen = 0; 5725 id = (struct sadb_ident *)p; 5726 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 5727 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen)); 5728 id->sadb_ident_exttype = idexttype; 5729 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN; 5730 /* XXX is it correct? */ 5731 if (curproc && curproc->p_cred) 5732 id->sadb_ident_id = curproc->p_cred->p_ruid; 5733 if (userfqdn && userfqdnlen) 5734 bcopy(userfqdn, id + 1, userfqdnlen); 5735 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen); 5736 } 5737 #endif 5738 5739 /* XXX sensitivity (optional) */ 5740 5741 /* create proposal/combination extension */ 5742 m = key_getprop(saidx); 5743 #if 0 5744 /* 5745 * spec conformant: always attach proposal/combination extension, 5746 * the problem is that we have no way to attach it for ipcomp, 5747 * due to the way sadb_comb is declared in RFC2367. 5748 */ 5749 if (!m) { 5750 error = ENOBUFS; 5751 goto fail; 5752 } 5753 m_cat(result, m); 5754 #else 5755 /* 5756 * outside of spec; make proposal/combination extension optional. 5757 */ 5758 if (m) 5759 m_cat(result, m); 5760 #endif 5761 5762 if ((result->m_flags & M_PKTHDR) == 0) { 5763 error = EINVAL; 5764 goto fail; 5765 } 5766 5767 if (result->m_len < sizeof(struct sadb_msg)) { 5768 result = m_pullup(result, sizeof(struct sadb_msg)); 5769 if (result == NULL) { 5770 error = ENOBUFS; 5771 goto fail; 5772 } 5773 } 5774 5775 result->m_pkthdr.len = 0; 5776 for (m = result; m; m = m->m_next) 5777 result->m_pkthdr.len += m->m_len; 5778 5779 mtod(result, struct sadb_msg *)->sadb_msg_len = 5780 PFKEY_UNIT64(result->m_pkthdr.len); 5781 5782 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 5783 5784 fail: 5785 if (result) 5786 m_freem(result); 5787 return error; 5788 } 5789 5790 static struct secacq * 5791 key_newacq(const struct secasindex *saidx) 5792 { 5793 struct secacq *newacq; 5794 5795 /* get new entry */ 5796 newacq = malloc(sizeof(struct secacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO); 5797 if (newacq == NULL) { 5798 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5799 return NULL; 5800 } 5801 5802 /* copy secindex */ 5803 bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx)); 5804 newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq); 5805 newacq->created = time_second; 5806 newacq->count = 0; 5807 5808 /* add to acqtree */ 5809 ACQ_LOCK(); 5810 LIST_INSERT_HEAD(&acqtree, newacq, chain); 5811 ACQ_UNLOCK(); 5812 5813 return newacq; 5814 } 5815 5816 static struct secacq * 5817 key_getacq(const struct secasindex *saidx) 5818 { 5819 struct secacq *acq; 5820 5821 ACQ_LOCK(); 5822 LIST_FOREACH(acq, &acqtree, chain) { 5823 if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY)) 5824 break; 5825 } 5826 ACQ_UNLOCK(); 5827 5828 return acq; 5829 } 5830 5831 static struct secacq * 5832 key_getacqbyseq(seq) 5833 u_int32_t seq; 5834 { 5835 struct secacq *acq; 5836 5837 ACQ_LOCK(); 5838 LIST_FOREACH(acq, &acqtree, chain) { 5839 if (acq->seq == seq) 5840 break; 5841 } 5842 ACQ_UNLOCK(); 5843 5844 return acq; 5845 } 5846 5847 static struct secspacq * 5848 key_newspacq(spidx) 5849 struct secpolicyindex *spidx; 5850 { 5851 struct secspacq *acq; 5852 5853 /* get new entry */ 5854 acq = malloc(sizeof(struct secspacq), M_IPSEC_SAQ, M_NOWAIT|M_ZERO); 5855 if (acq == NULL) { 5856 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 5857 return NULL; 5858 } 5859 5860 /* copy secindex */ 5861 bcopy(spidx, &acq->spidx, sizeof(acq->spidx)); 5862 acq->created = time_second; 5863 acq->count = 0; 5864 5865 /* add to spacqtree */ 5866 SPACQ_LOCK(); 5867 LIST_INSERT_HEAD(&spacqtree, acq, chain); 5868 SPACQ_UNLOCK(); 5869 5870 return acq; 5871 } 5872 5873 static struct secspacq * 5874 key_getspacq(spidx) 5875 struct secpolicyindex *spidx; 5876 { 5877 struct secspacq *acq; 5878 5879 SPACQ_LOCK(); 5880 LIST_FOREACH(acq, &spacqtree, chain) { 5881 if (key_cmpspidx_exactly(spidx, &acq->spidx)) { 5882 /* NB: return holding spacq_lock */ 5883 return acq; 5884 } 5885 } 5886 SPACQ_UNLOCK(); 5887 5888 return NULL; 5889 } 5890 5891 /* 5892 * SADB_ACQUIRE processing, 5893 * in first situation, is receiving 5894 * <base> 5895 * from the ikmpd, and clear sequence of its secasvar entry. 5896 * 5897 * In second situation, is receiving 5898 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 5899 * from a user land process, and return 5900 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal> 5901 * to the socket. 5902 * 5903 * m will always be freed. 5904 */ 5905 static int 5906 key_acquire2(so, m, mhp) 5907 struct socket *so; 5908 struct mbuf *m; 5909 const struct sadb_msghdr *mhp; 5910 { 5911 const struct sadb_address *src0, *dst0; 5912 struct secasindex saidx; 5913 struct secashead *sah; 5914 u_int16_t proto; 5915 int error; 5916 5917 IPSEC_ASSERT(so != NULL, ("null socket")); 5918 IPSEC_ASSERT(m != NULL, ("null mbuf")); 5919 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 5920 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 5921 5922 /* 5923 * Error message from KMd. 5924 * We assume that if error was occured in IKEd, the length of PFKEY 5925 * message is equal to the size of sadb_msg structure. 5926 * We do not raise error even if error occured in this function. 5927 */ 5928 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) { 5929 struct secacq *acq; 5930 5931 /* check sequence number */ 5932 if (mhp->msg->sadb_msg_seq == 0) { 5933 ipseclog((LOG_DEBUG, "%s: must specify sequence " 5934 "number.\n", __func__)); 5935 m_freem(m); 5936 return 0; 5937 } 5938 5939 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) { 5940 /* 5941 * the specified larval SA is already gone, or we got 5942 * a bogus sequence number. we can silently ignore it. 5943 */ 5944 m_freem(m); 5945 return 0; 5946 } 5947 5948 /* reset acq counter in order to deletion by timehander. */ 5949 acq->created = time_second; 5950 acq->count = 0; 5951 m_freem(m); 5952 return 0; 5953 } 5954 5955 /* 5956 * This message is from user land. 5957 */ 5958 5959 /* map satype to proto */ 5960 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 5961 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 5962 __func__)); 5963 return key_senderror(so, m, EINVAL); 5964 } 5965 5966 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL || 5967 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL || 5968 mhp->ext[SADB_EXT_PROPOSAL] == NULL) { 5969 /* error */ 5970 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5971 __func__)); 5972 return key_senderror(so, m, EINVAL); 5973 } 5974 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) || 5975 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) || 5976 mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) { 5977 /* error */ 5978 ipseclog((LOG_DEBUG, "%s: invalid message is passed.\n", 5979 __func__)); 5980 return key_senderror(so, m, EINVAL); 5981 } 5982 5983 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC]; 5984 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST]; 5985 5986 /* XXX boundary check against sa_len */ 5987 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); 5988 5989 /* get a SA index */ 5990 SAHTREE_LOCK(); 5991 LIST_FOREACH(sah, &sahtree, chain) { 5992 if (sah->state == SADB_SASTATE_DEAD) 5993 continue; 5994 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID)) 5995 break; 5996 } 5997 SAHTREE_UNLOCK(); 5998 if (sah != NULL) { 5999 ipseclog((LOG_DEBUG, "%s: a SA exists already.\n", __func__)); 6000 return key_senderror(so, m, EEXIST); 6001 } 6002 6003 error = key_acquire(&saidx, NULL); 6004 if (error != 0) { 6005 ipseclog((LOG_DEBUG, "%s: error %d returned from key_acquire\n", 6006 __func__, mhp->msg->sadb_msg_errno)); 6007 return key_senderror(so, m, error); 6008 } 6009 6010 return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED); 6011 } 6012 6013 /* 6014 * SADB_REGISTER processing. 6015 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported. 6016 * receive 6017 * <base> 6018 * from the ikmpd, and register a socket to send PF_KEY messages, 6019 * and send 6020 * <base, supported> 6021 * to KMD by PF_KEY. 6022 * If socket is detached, must free from regnode. 6023 * 6024 * m will always be freed. 6025 */ 6026 static int 6027 key_register(so, m, mhp) 6028 struct socket *so; 6029 struct mbuf *m; 6030 const struct sadb_msghdr *mhp; 6031 { 6032 struct secreg *reg, *newreg = 0; 6033 6034 IPSEC_ASSERT(so != NULL, ("null socket")); 6035 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6036 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6037 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6038 6039 /* check for invalid register message */ 6040 if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0])) 6041 return key_senderror(so, m, EINVAL); 6042 6043 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */ 6044 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC) 6045 goto setmsg; 6046 6047 /* check whether existing or not */ 6048 REGTREE_LOCK(); 6049 LIST_FOREACH(reg, ®tree[mhp->msg->sadb_msg_satype], chain) { 6050 if (reg->so == so) { 6051 REGTREE_UNLOCK(); 6052 ipseclog((LOG_DEBUG, "%s: socket exists already.\n", 6053 __func__)); 6054 return key_senderror(so, m, EEXIST); 6055 } 6056 } 6057 6058 /* create regnode */ 6059 newreg = malloc(sizeof(struct secreg), M_IPSEC_SAR, M_NOWAIT|M_ZERO); 6060 if (newreg == NULL) { 6061 REGTREE_UNLOCK(); 6062 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6063 return key_senderror(so, m, ENOBUFS); 6064 } 6065 6066 newreg->so = so; 6067 ((struct keycb *)sotorawcb(so))->kp_registered++; 6068 6069 /* add regnode to regtree. */ 6070 LIST_INSERT_HEAD(®tree[mhp->msg->sadb_msg_satype], newreg, chain); 6071 REGTREE_UNLOCK(); 6072 6073 setmsg: 6074 { 6075 struct mbuf *n; 6076 struct sadb_msg *newmsg; 6077 struct sadb_supported *sup; 6078 u_int len, alen, elen; 6079 int off; 6080 int i; 6081 struct sadb_alg *alg; 6082 6083 /* create new sadb_msg to reply. */ 6084 alen = 0; 6085 for (i = 1; i <= SADB_AALG_MAX; i++) { 6086 if (ah_algorithm_lookup(i)) 6087 alen += sizeof(struct sadb_alg); 6088 } 6089 if (alen) 6090 alen += sizeof(struct sadb_supported); 6091 elen = 0; 6092 for (i = 1; i <= SADB_EALG_MAX; i++) { 6093 if (esp_algorithm_lookup(i)) 6094 elen += sizeof(struct sadb_alg); 6095 } 6096 if (elen) 6097 elen += sizeof(struct sadb_supported); 6098 6099 len = sizeof(struct sadb_msg) + alen + elen; 6100 6101 if (len > MCLBYTES) 6102 return key_senderror(so, m, ENOBUFS); 6103 6104 MGETHDR(n, M_DONTWAIT, MT_DATA); 6105 if (len > MHLEN) { 6106 MCLGET(n, M_DONTWAIT); 6107 if ((n->m_flags & M_EXT) == 0) { 6108 m_freem(n); 6109 n = NULL; 6110 } 6111 } 6112 if (!n) 6113 return key_senderror(so, m, ENOBUFS); 6114 6115 n->m_pkthdr.len = n->m_len = len; 6116 n->m_next = NULL; 6117 off = 0; 6118 6119 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off); 6120 newmsg = mtod(n, struct sadb_msg *); 6121 newmsg->sadb_msg_errno = 0; 6122 newmsg->sadb_msg_len = PFKEY_UNIT64(len); 6123 off += PFKEY_ALIGN8(sizeof(struct sadb_msg)); 6124 6125 /* for authentication algorithm */ 6126 if (alen) { 6127 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 6128 sup->sadb_supported_len = PFKEY_UNIT64(alen); 6129 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH; 6130 off += PFKEY_ALIGN8(sizeof(*sup)); 6131 6132 for (i = 1; i <= SADB_AALG_MAX; i++) { 6133 struct auth_hash *aalgo; 6134 u_int16_t minkeysize, maxkeysize; 6135 6136 aalgo = ah_algorithm_lookup(i); 6137 if (!aalgo) 6138 continue; 6139 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 6140 alg->sadb_alg_id = i; 6141 alg->sadb_alg_ivlen = 0; 6142 key_getsizes_ah(aalgo, i, &minkeysize, &maxkeysize); 6143 alg->sadb_alg_minbits = _BITS(minkeysize); 6144 alg->sadb_alg_maxbits = _BITS(maxkeysize); 6145 off += PFKEY_ALIGN8(sizeof(*alg)); 6146 } 6147 } 6148 6149 /* for encryption algorithm */ 6150 if (elen) { 6151 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off); 6152 sup->sadb_supported_len = PFKEY_UNIT64(elen); 6153 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT; 6154 off += PFKEY_ALIGN8(sizeof(*sup)); 6155 6156 for (i = 1; i <= SADB_EALG_MAX; i++) { 6157 struct enc_xform *ealgo; 6158 6159 ealgo = esp_algorithm_lookup(i); 6160 if (!ealgo) 6161 continue; 6162 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off); 6163 alg->sadb_alg_id = i; 6164 alg->sadb_alg_ivlen = ealgo->blocksize; 6165 alg->sadb_alg_minbits = _BITS(ealgo->minkey); 6166 alg->sadb_alg_maxbits = _BITS(ealgo->maxkey); 6167 off += PFKEY_ALIGN8(sizeof(struct sadb_alg)); 6168 } 6169 } 6170 6171 IPSEC_ASSERT(off == len, 6172 ("length assumption failed (off %u len %u)", off, len)); 6173 6174 m_freem(m); 6175 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED); 6176 } 6177 } 6178 6179 /* 6180 * free secreg entry registered. 6181 * XXX: I want to do free a socket marked done SADB_RESIGER to socket. 6182 */ 6183 void 6184 key_freereg(struct socket *so) 6185 { 6186 struct secreg *reg; 6187 int i; 6188 6189 IPSEC_ASSERT(so != NULL, ("NULL so")); 6190 6191 /* 6192 * check whether existing or not. 6193 * check all type of SA, because there is a potential that 6194 * one socket is registered to multiple type of SA. 6195 */ 6196 REGTREE_LOCK(); 6197 for (i = 0; i <= SADB_SATYPE_MAX; i++) { 6198 LIST_FOREACH(reg, ®tree[i], chain) { 6199 if (reg->so == so && __LIST_CHAINED(reg)) { 6200 LIST_REMOVE(reg, chain); 6201 free(reg, M_IPSEC_SAR); 6202 break; 6203 } 6204 } 6205 } 6206 REGTREE_UNLOCK(); 6207 } 6208 6209 /* 6210 * SADB_EXPIRE processing 6211 * send 6212 * <base, SA, SA2, lifetime(C and one of HS), address(SD)> 6213 * to KMD by PF_KEY. 6214 * NOTE: We send only soft lifetime extension. 6215 * 6216 * OUT: 0 : succeed 6217 * others : error number 6218 */ 6219 static int 6220 key_expire(struct secasvar *sav) 6221 { 6222 int s; 6223 int satype; 6224 struct mbuf *result = NULL, *m; 6225 int len; 6226 int error = -1; 6227 struct sadb_lifetime *lt; 6228 6229 /* XXX: Why do we lock ? */ 6230 s = splnet(); /*called from softclock()*/ 6231 6232 IPSEC_ASSERT (sav != NULL, ("null sav")); 6233 IPSEC_ASSERT (sav->sah != NULL, ("null sa header")); 6234 6235 /* set msg header */ 6236 satype = key_proto2satype(sav->sah->saidx.proto); 6237 IPSEC_ASSERT(satype != 0, ("invalid proto, satype %u", satype)); 6238 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt); 6239 if (!m) { 6240 error = ENOBUFS; 6241 goto fail; 6242 } 6243 result = m; 6244 6245 /* create SA extension */ 6246 m = key_setsadbsa(sav); 6247 if (!m) { 6248 error = ENOBUFS; 6249 goto fail; 6250 } 6251 m_cat(result, m); 6252 6253 /* create SA extension */ 6254 m = key_setsadbxsa2(sav->sah->saidx.mode, 6255 sav->replay ? sav->replay->count : 0, 6256 sav->sah->saidx.reqid); 6257 if (!m) { 6258 error = ENOBUFS; 6259 goto fail; 6260 } 6261 m_cat(result, m); 6262 6263 /* create lifetime extension (current and soft) */ 6264 len = PFKEY_ALIGN8(sizeof(*lt)) * 2; 6265 m = key_alloc_mbuf(len); 6266 if (!m || m->m_next) { /*XXX*/ 6267 if (m) 6268 m_freem(m); 6269 error = ENOBUFS; 6270 goto fail; 6271 } 6272 bzero(mtod(m, caddr_t), len); 6273 lt = mtod(m, struct sadb_lifetime *); 6274 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime)); 6275 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT; 6276 lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations; 6277 lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes; 6278 lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime; 6279 lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime; 6280 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2); 6281 bcopy(sav->lft_s, lt, sizeof(*lt)); 6282 m_cat(result, m); 6283 6284 /* set sadb_address for source */ 6285 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC, 6286 &sav->sah->saidx.src.sa, 6287 FULLMASK, IPSEC_ULPROTO_ANY); 6288 if (!m) { 6289 error = ENOBUFS; 6290 goto fail; 6291 } 6292 m_cat(result, m); 6293 6294 /* set sadb_address for destination */ 6295 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST, 6296 &sav->sah->saidx.dst.sa, 6297 FULLMASK, IPSEC_ULPROTO_ANY); 6298 if (!m) { 6299 error = ENOBUFS; 6300 goto fail; 6301 } 6302 m_cat(result, m); 6303 6304 if ((result->m_flags & M_PKTHDR) == 0) { 6305 error = EINVAL; 6306 goto fail; 6307 } 6308 6309 if (result->m_len < sizeof(struct sadb_msg)) { 6310 result = m_pullup(result, sizeof(struct sadb_msg)); 6311 if (result == NULL) { 6312 error = ENOBUFS; 6313 goto fail; 6314 } 6315 } 6316 6317 result->m_pkthdr.len = 0; 6318 for (m = result; m; m = m->m_next) 6319 result->m_pkthdr.len += m->m_len; 6320 6321 mtod(result, struct sadb_msg *)->sadb_msg_len = 6322 PFKEY_UNIT64(result->m_pkthdr.len); 6323 6324 splx(s); 6325 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED); 6326 6327 fail: 6328 if (result) 6329 m_freem(result); 6330 splx(s); 6331 return error; 6332 } 6333 6334 /* 6335 * SADB_FLUSH processing 6336 * receive 6337 * <base> 6338 * from the ikmpd, and free all entries in secastree. 6339 * and send, 6340 * <base> 6341 * to the ikmpd. 6342 * NOTE: to do is only marking SADB_SASTATE_DEAD. 6343 * 6344 * m will always be freed. 6345 */ 6346 static int 6347 key_flush(so, m, mhp) 6348 struct socket *so; 6349 struct mbuf *m; 6350 const struct sadb_msghdr *mhp; 6351 { 6352 struct sadb_msg *newmsg; 6353 struct secashead *sah, *nextsah; 6354 struct secasvar *sav, *nextsav; 6355 u_int16_t proto; 6356 u_int8_t state; 6357 u_int stateidx; 6358 6359 IPSEC_ASSERT(so != NULL, ("null socket")); 6360 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6361 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6362 6363 /* map satype to proto */ 6364 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6365 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6366 __func__)); 6367 return key_senderror(so, m, EINVAL); 6368 } 6369 6370 /* no SATYPE specified, i.e. flushing all SA. */ 6371 SAHTREE_LOCK(); 6372 for (sah = LIST_FIRST(&sahtree); 6373 sah != NULL; 6374 sah = nextsah) { 6375 nextsah = LIST_NEXT(sah, chain); 6376 6377 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC 6378 && proto != sah->saidx.proto) 6379 continue; 6380 6381 for (stateidx = 0; 6382 stateidx < _ARRAYLEN(saorder_state_alive); 6383 stateidx++) { 6384 state = saorder_state_any[stateidx]; 6385 for (sav = LIST_FIRST(&sah->savtree[state]); 6386 sav != NULL; 6387 sav = nextsav) { 6388 6389 nextsav = LIST_NEXT(sav, chain); 6390 6391 key_sa_chgstate(sav, SADB_SASTATE_DEAD); 6392 KEY_FREESAV(&sav); 6393 } 6394 } 6395 6396 sah->state = SADB_SASTATE_DEAD; 6397 } 6398 SAHTREE_UNLOCK(); 6399 6400 if (m->m_len < sizeof(struct sadb_msg) || 6401 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) { 6402 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__)); 6403 return key_senderror(so, m, ENOBUFS); 6404 } 6405 6406 if (m->m_next) 6407 m_freem(m->m_next); 6408 m->m_next = NULL; 6409 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg); 6410 newmsg = mtod(m, struct sadb_msg *); 6411 newmsg->sadb_msg_errno = 0; 6412 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len); 6413 6414 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 6415 } 6416 6417 /* 6418 * SADB_DUMP processing 6419 * dump all entries including status of DEAD in SAD. 6420 * receive 6421 * <base> 6422 * from the ikmpd, and dump all secasvar leaves 6423 * and send, 6424 * <base> ..... 6425 * to the ikmpd. 6426 * 6427 * m will always be freed. 6428 */ 6429 static int 6430 key_dump(so, m, mhp) 6431 struct socket *so; 6432 struct mbuf *m; 6433 const struct sadb_msghdr *mhp; 6434 { 6435 struct secashead *sah; 6436 struct secasvar *sav; 6437 u_int16_t proto; 6438 u_int stateidx; 6439 u_int8_t satype; 6440 u_int8_t state; 6441 int cnt; 6442 struct sadb_msg *newmsg; 6443 struct mbuf *n; 6444 6445 IPSEC_ASSERT(so != NULL, ("null socket")); 6446 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6447 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6448 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6449 6450 /* map satype to proto */ 6451 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) { 6452 ipseclog((LOG_DEBUG, "%s: invalid satype is passed.\n", 6453 __func__)); 6454 return key_senderror(so, m, EINVAL); 6455 } 6456 6457 /* count sav entries to be sent to the userland. */ 6458 cnt = 0; 6459 SAHTREE_LOCK(); 6460 LIST_FOREACH(sah, &sahtree, chain) { 6461 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC 6462 && proto != sah->saidx.proto) 6463 continue; 6464 6465 for (stateidx = 0; 6466 stateidx < _ARRAYLEN(saorder_state_any); 6467 stateidx++) { 6468 state = saorder_state_any[stateidx]; 6469 LIST_FOREACH(sav, &sah->savtree[state], chain) { 6470 cnt++; 6471 } 6472 } 6473 } 6474 6475 if (cnt == 0) { 6476 SAHTREE_UNLOCK(); 6477 return key_senderror(so, m, ENOENT); 6478 } 6479 6480 /* send this to the userland, one at a time. */ 6481 newmsg = NULL; 6482 LIST_FOREACH(sah, &sahtree, chain) { 6483 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC 6484 && proto != sah->saidx.proto) 6485 continue; 6486 6487 /* map proto to satype */ 6488 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) { 6489 SAHTREE_UNLOCK(); 6490 ipseclog((LOG_DEBUG, "%s: there was invalid proto in " 6491 "SAD.\n", __func__)); 6492 return key_senderror(so, m, EINVAL); 6493 } 6494 6495 for (stateidx = 0; 6496 stateidx < _ARRAYLEN(saorder_state_any); 6497 stateidx++) { 6498 state = saorder_state_any[stateidx]; 6499 LIST_FOREACH(sav, &sah->savtree[state], chain) { 6500 n = key_setdumpsa(sav, SADB_DUMP, satype, 6501 --cnt, mhp->msg->sadb_msg_pid); 6502 if (!n) { 6503 SAHTREE_UNLOCK(); 6504 return key_senderror(so, m, ENOBUFS); 6505 } 6506 key_sendup_mbuf(so, n, KEY_SENDUP_ONE); 6507 } 6508 } 6509 } 6510 SAHTREE_UNLOCK(); 6511 6512 m_freem(m); 6513 return 0; 6514 } 6515 6516 /* 6517 * SADB_X_PROMISC processing 6518 * 6519 * m will always be freed. 6520 */ 6521 static int 6522 key_promisc(so, m, mhp) 6523 struct socket *so; 6524 struct mbuf *m; 6525 const struct sadb_msghdr *mhp; 6526 { 6527 int olen; 6528 6529 IPSEC_ASSERT(so != NULL, ("null socket")); 6530 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6531 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6532 IPSEC_ASSERT(mhp->msg != NULL, ("null msg")); 6533 6534 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 6535 6536 if (olen < sizeof(struct sadb_msg)) { 6537 #if 1 6538 return key_senderror(so, m, EINVAL); 6539 #else 6540 m_freem(m); 6541 return 0; 6542 #endif 6543 } else if (olen == sizeof(struct sadb_msg)) { 6544 /* enable/disable promisc mode */ 6545 struct keycb *kp; 6546 6547 if ((kp = (struct keycb *)sotorawcb(so)) == NULL) 6548 return key_senderror(so, m, EINVAL); 6549 mhp->msg->sadb_msg_errno = 0; 6550 switch (mhp->msg->sadb_msg_satype) { 6551 case 0: 6552 case 1: 6553 kp->kp_promisc = mhp->msg->sadb_msg_satype; 6554 break; 6555 default: 6556 return key_senderror(so, m, EINVAL); 6557 } 6558 6559 /* send the original message back to everyone */ 6560 mhp->msg->sadb_msg_errno = 0; 6561 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 6562 } else { 6563 /* send packet as is */ 6564 6565 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg))); 6566 6567 /* TODO: if sadb_msg_seq is specified, send to specific pid */ 6568 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL); 6569 } 6570 } 6571 6572 static int (*key_typesw[]) __P((struct socket *, struct mbuf *, 6573 const struct sadb_msghdr *)) = { 6574 NULL, /* SADB_RESERVED */ 6575 key_getspi, /* SADB_GETSPI */ 6576 key_update, /* SADB_UPDATE */ 6577 key_add, /* SADB_ADD */ 6578 key_delete, /* SADB_DELETE */ 6579 key_get, /* SADB_GET */ 6580 key_acquire2, /* SADB_ACQUIRE */ 6581 key_register, /* SADB_REGISTER */ 6582 NULL, /* SADB_EXPIRE */ 6583 key_flush, /* SADB_FLUSH */ 6584 key_dump, /* SADB_DUMP */ 6585 key_promisc, /* SADB_X_PROMISC */ 6586 NULL, /* SADB_X_PCHANGE */ 6587 key_spdadd, /* SADB_X_SPDUPDATE */ 6588 key_spdadd, /* SADB_X_SPDADD */ 6589 key_spddelete, /* SADB_X_SPDDELETE */ 6590 key_spdget, /* SADB_X_SPDGET */ 6591 NULL, /* SADB_X_SPDACQUIRE */ 6592 key_spddump, /* SADB_X_SPDDUMP */ 6593 key_spdflush, /* SADB_X_SPDFLUSH */ 6594 key_spdadd, /* SADB_X_SPDSETIDX */ 6595 NULL, /* SADB_X_SPDEXPIRE */ 6596 key_spddelete2, /* SADB_X_SPDDELETE2 */ 6597 }; 6598 6599 /* 6600 * parse sadb_msg buffer to process PFKEYv2, 6601 * and create a data to response if needed. 6602 * I think to be dealed with mbuf directly. 6603 * IN: 6604 * msgp : pointer to pointer to a received buffer pulluped. 6605 * This is rewrited to response. 6606 * so : pointer to socket. 6607 * OUT: 6608 * length for buffer to send to user process. 6609 */ 6610 int 6611 key_parse(m, so) 6612 struct mbuf *m; 6613 struct socket *so; 6614 { 6615 struct sadb_msg *msg; 6616 struct sadb_msghdr mh; 6617 u_int orglen; 6618 int error; 6619 int target; 6620 6621 IPSEC_ASSERT(so != NULL, ("null socket")); 6622 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6623 6624 #if 0 /*kdebug_sadb assumes msg in linear buffer*/ 6625 KEYDEBUG(KEYDEBUG_KEY_DUMP, 6626 ipseclog((LOG_DEBUG, "%s: passed sadb_msg\n", __func__)); 6627 kdebug_sadb(msg)); 6628 #endif 6629 6630 if (m->m_len < sizeof(struct sadb_msg)) { 6631 m = m_pullup(m, sizeof(struct sadb_msg)); 6632 if (!m) 6633 return ENOBUFS; 6634 } 6635 msg = mtod(m, struct sadb_msg *); 6636 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len); 6637 target = KEY_SENDUP_ONE; 6638 6639 if ((m->m_flags & M_PKTHDR) == 0 || 6640 m->m_pkthdr.len != m->m_pkthdr.len) { 6641 ipseclog((LOG_DEBUG, "%s: invalid message length.\n",__func__)); 6642 pfkeystat.out_invlen++; 6643 error = EINVAL; 6644 goto senderror; 6645 } 6646 6647 if (msg->sadb_msg_version != PF_KEY_V2) { 6648 ipseclog((LOG_DEBUG, "%s: PF_KEY version %u is mismatched.\n", 6649 __func__, msg->sadb_msg_version)); 6650 pfkeystat.out_invver++; 6651 error = EINVAL; 6652 goto senderror; 6653 } 6654 6655 if (msg->sadb_msg_type > SADB_MAX) { 6656 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 6657 __func__, msg->sadb_msg_type)); 6658 pfkeystat.out_invmsgtype++; 6659 error = EINVAL; 6660 goto senderror; 6661 } 6662 6663 /* for old-fashioned code - should be nuked */ 6664 if (m->m_pkthdr.len > MCLBYTES) { 6665 m_freem(m); 6666 return ENOBUFS; 6667 } 6668 if (m->m_next) { 6669 struct mbuf *n; 6670 6671 MGETHDR(n, M_DONTWAIT, MT_DATA); 6672 if (n && m->m_pkthdr.len > MHLEN) { 6673 MCLGET(n, M_DONTWAIT); 6674 if ((n->m_flags & M_EXT) == 0) { 6675 m_free(n); 6676 n = NULL; 6677 } 6678 } 6679 if (!n) { 6680 m_freem(m); 6681 return ENOBUFS; 6682 } 6683 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t)); 6684 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len; 6685 n->m_next = NULL; 6686 m_freem(m); 6687 m = n; 6688 } 6689 6690 /* align the mbuf chain so that extensions are in contiguous region. */ 6691 error = key_align(m, &mh); 6692 if (error) 6693 return error; 6694 6695 msg = mh.msg; 6696 6697 /* check SA type */ 6698 switch (msg->sadb_msg_satype) { 6699 case SADB_SATYPE_UNSPEC: 6700 switch (msg->sadb_msg_type) { 6701 case SADB_GETSPI: 6702 case SADB_UPDATE: 6703 case SADB_ADD: 6704 case SADB_DELETE: 6705 case SADB_GET: 6706 case SADB_ACQUIRE: 6707 case SADB_EXPIRE: 6708 ipseclog((LOG_DEBUG, "%s: must specify satype " 6709 "when msg type=%u.\n", __func__, 6710 msg->sadb_msg_type)); 6711 pfkeystat.out_invsatype++; 6712 error = EINVAL; 6713 goto senderror; 6714 } 6715 break; 6716 case SADB_SATYPE_AH: 6717 case SADB_SATYPE_ESP: 6718 case SADB_X_SATYPE_IPCOMP: 6719 case SADB_X_SATYPE_TCPSIGNATURE: 6720 switch (msg->sadb_msg_type) { 6721 case SADB_X_SPDADD: 6722 case SADB_X_SPDDELETE: 6723 case SADB_X_SPDGET: 6724 case SADB_X_SPDDUMP: 6725 case SADB_X_SPDFLUSH: 6726 case SADB_X_SPDSETIDX: 6727 case SADB_X_SPDUPDATE: 6728 case SADB_X_SPDDELETE2: 6729 ipseclog((LOG_DEBUG, "%s: illegal satype=%u\n", 6730 __func__, msg->sadb_msg_type)); 6731 pfkeystat.out_invsatype++; 6732 error = EINVAL; 6733 goto senderror; 6734 } 6735 break; 6736 case SADB_SATYPE_RSVP: 6737 case SADB_SATYPE_OSPFV2: 6738 case SADB_SATYPE_RIPV2: 6739 case SADB_SATYPE_MIP: 6740 ipseclog((LOG_DEBUG, "%s: type %u isn't supported.\n", 6741 __func__, msg->sadb_msg_satype)); 6742 pfkeystat.out_invsatype++; 6743 error = EOPNOTSUPP; 6744 goto senderror; 6745 case 1: /* XXX: What does it do? */ 6746 if (msg->sadb_msg_type == SADB_X_PROMISC) 6747 break; 6748 /*FALLTHROUGH*/ 6749 default: 6750 ipseclog((LOG_DEBUG, "%s: invalid type %u is passed.\n", 6751 __func__, msg->sadb_msg_satype)); 6752 pfkeystat.out_invsatype++; 6753 error = EINVAL; 6754 goto senderror; 6755 } 6756 6757 /* check field of upper layer protocol and address family */ 6758 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL 6759 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) { 6760 struct sadb_address *src0, *dst0; 6761 u_int plen; 6762 6763 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]); 6764 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]); 6765 6766 /* check upper layer protocol */ 6767 if (src0->sadb_address_proto != dst0->sadb_address_proto) { 6768 ipseclog((LOG_DEBUG, "%s: upper layer protocol " 6769 "mismatched.\n", __func__)); 6770 pfkeystat.out_invaddr++; 6771 error = EINVAL; 6772 goto senderror; 6773 } 6774 6775 /* check family */ 6776 if (PFKEY_ADDR_SADDR(src0)->sa_family != 6777 PFKEY_ADDR_SADDR(dst0)->sa_family) { 6778 ipseclog((LOG_DEBUG, "%s: address family mismatched.\n", 6779 __func__)); 6780 pfkeystat.out_invaddr++; 6781 error = EINVAL; 6782 goto senderror; 6783 } 6784 if (PFKEY_ADDR_SADDR(src0)->sa_len != 6785 PFKEY_ADDR_SADDR(dst0)->sa_len) { 6786 ipseclog((LOG_DEBUG, "%s: address struct size " 6787 "mismatched.\n", __func__)); 6788 pfkeystat.out_invaddr++; 6789 error = EINVAL; 6790 goto senderror; 6791 } 6792 6793 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 6794 case AF_INET: 6795 if (PFKEY_ADDR_SADDR(src0)->sa_len != 6796 sizeof(struct sockaddr_in)) { 6797 pfkeystat.out_invaddr++; 6798 error = EINVAL; 6799 goto senderror; 6800 } 6801 break; 6802 case AF_INET6: 6803 if (PFKEY_ADDR_SADDR(src0)->sa_len != 6804 sizeof(struct sockaddr_in6)) { 6805 pfkeystat.out_invaddr++; 6806 error = EINVAL; 6807 goto senderror; 6808 } 6809 break; 6810 default: 6811 ipseclog((LOG_DEBUG, "%s: unsupported address family\n", 6812 __func__)); 6813 pfkeystat.out_invaddr++; 6814 error = EAFNOSUPPORT; 6815 goto senderror; 6816 } 6817 6818 switch (PFKEY_ADDR_SADDR(src0)->sa_family) { 6819 case AF_INET: 6820 plen = sizeof(struct in_addr) << 3; 6821 break; 6822 case AF_INET6: 6823 plen = sizeof(struct in6_addr) << 3; 6824 break; 6825 default: 6826 plen = 0; /*fool gcc*/ 6827 break; 6828 } 6829 6830 /* check max prefix length */ 6831 if (src0->sadb_address_prefixlen > plen || 6832 dst0->sadb_address_prefixlen > plen) { 6833 ipseclog((LOG_DEBUG, "%s: illegal prefixlen.\n", 6834 __func__)); 6835 pfkeystat.out_invaddr++; 6836 error = EINVAL; 6837 goto senderror; 6838 } 6839 6840 /* 6841 * prefixlen == 0 is valid because there can be a case when 6842 * all addresses are matched. 6843 */ 6844 } 6845 6846 if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) || 6847 key_typesw[msg->sadb_msg_type] == NULL) { 6848 pfkeystat.out_invmsgtype++; 6849 error = EINVAL; 6850 goto senderror; 6851 } 6852 6853 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh); 6854 6855 senderror: 6856 msg->sadb_msg_errno = error; 6857 return key_sendup_mbuf(so, m, target); 6858 } 6859 6860 static int 6861 key_senderror(so, m, code) 6862 struct socket *so; 6863 struct mbuf *m; 6864 int code; 6865 { 6866 struct sadb_msg *msg; 6867 6868 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 6869 ("mbuf too small, len %u", m->m_len)); 6870 6871 msg = mtod(m, struct sadb_msg *); 6872 msg->sadb_msg_errno = code; 6873 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE); 6874 } 6875 6876 /* 6877 * set the pointer to each header into message buffer. 6878 * m will be freed on error. 6879 * XXX larger-than-MCLBYTES extension? 6880 */ 6881 static int 6882 key_align(m, mhp) 6883 struct mbuf *m; 6884 struct sadb_msghdr *mhp; 6885 { 6886 struct mbuf *n; 6887 struct sadb_ext *ext; 6888 size_t off, end; 6889 int extlen; 6890 int toff; 6891 6892 IPSEC_ASSERT(m != NULL, ("null mbuf")); 6893 IPSEC_ASSERT(mhp != NULL, ("null msghdr")); 6894 IPSEC_ASSERT(m->m_len >= sizeof(struct sadb_msg), 6895 ("mbuf too small, len %u", m->m_len)); 6896 6897 /* initialize */ 6898 bzero(mhp, sizeof(*mhp)); 6899 6900 mhp->msg = mtod(m, struct sadb_msg *); 6901 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */ 6902 6903 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len); 6904 extlen = end; /*just in case extlen is not updated*/ 6905 for (off = sizeof(struct sadb_msg); off < end; off += extlen) { 6906 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff); 6907 if (!n) { 6908 /* m is already freed */ 6909 return ENOBUFS; 6910 } 6911 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 6912 6913 /* set pointer */ 6914 switch (ext->sadb_ext_type) { 6915 case SADB_EXT_SA: 6916 case SADB_EXT_ADDRESS_SRC: 6917 case SADB_EXT_ADDRESS_DST: 6918 case SADB_EXT_ADDRESS_PROXY: 6919 case SADB_EXT_LIFETIME_CURRENT: 6920 case SADB_EXT_LIFETIME_HARD: 6921 case SADB_EXT_LIFETIME_SOFT: 6922 case SADB_EXT_KEY_AUTH: 6923 case SADB_EXT_KEY_ENCRYPT: 6924 case SADB_EXT_IDENTITY_SRC: 6925 case SADB_EXT_IDENTITY_DST: 6926 case SADB_EXT_SENSITIVITY: 6927 case SADB_EXT_PROPOSAL: 6928 case SADB_EXT_SUPPORTED_AUTH: 6929 case SADB_EXT_SUPPORTED_ENCRYPT: 6930 case SADB_EXT_SPIRANGE: 6931 case SADB_X_EXT_POLICY: 6932 case SADB_X_EXT_SA2: 6933 /* duplicate check */ 6934 /* 6935 * XXX Are there duplication payloads of either 6936 * KEY_AUTH or KEY_ENCRYPT ? 6937 */ 6938 if (mhp->ext[ext->sadb_ext_type] != NULL) { 6939 ipseclog((LOG_DEBUG, "%s: duplicate ext_type " 6940 "%u\n", __func__, ext->sadb_ext_type)); 6941 m_freem(m); 6942 pfkeystat.out_dupext++; 6943 return EINVAL; 6944 } 6945 break; 6946 default: 6947 ipseclog((LOG_DEBUG, "%s: invalid ext_type %u\n", 6948 __func__, ext->sadb_ext_type)); 6949 m_freem(m); 6950 pfkeystat.out_invexttype++; 6951 return EINVAL; 6952 } 6953 6954 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len); 6955 6956 if (key_validate_ext(ext, extlen)) { 6957 m_freem(m); 6958 pfkeystat.out_invlen++; 6959 return EINVAL; 6960 } 6961 6962 n = m_pulldown(m, off, extlen, &toff); 6963 if (!n) { 6964 /* m is already freed */ 6965 return ENOBUFS; 6966 } 6967 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff); 6968 6969 mhp->ext[ext->sadb_ext_type] = ext; 6970 mhp->extoff[ext->sadb_ext_type] = off; 6971 mhp->extlen[ext->sadb_ext_type] = extlen; 6972 } 6973 6974 if (off != end) { 6975 m_freem(m); 6976 pfkeystat.out_invlen++; 6977 return EINVAL; 6978 } 6979 6980 return 0; 6981 } 6982 6983 static int 6984 key_validate_ext(ext, len) 6985 const struct sadb_ext *ext; 6986 int len; 6987 { 6988 const struct sockaddr *sa; 6989 enum { NONE, ADDR } checktype = NONE; 6990 int baselen = 0; 6991 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len); 6992 6993 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len)) 6994 return EINVAL; 6995 6996 /* if it does not match minimum/maximum length, bail */ 6997 if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) || 6998 ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0])) 6999 return EINVAL; 7000 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type]) 7001 return EINVAL; 7002 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type]) 7003 return EINVAL; 7004 7005 /* more checks based on sadb_ext_type XXX need more */ 7006 switch (ext->sadb_ext_type) { 7007 case SADB_EXT_ADDRESS_SRC: 7008 case SADB_EXT_ADDRESS_DST: 7009 case SADB_EXT_ADDRESS_PROXY: 7010 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address)); 7011 checktype = ADDR; 7012 break; 7013 case SADB_EXT_IDENTITY_SRC: 7014 case SADB_EXT_IDENTITY_DST: 7015 if (((const struct sadb_ident *)ext)->sadb_ident_type == 7016 SADB_X_IDENTTYPE_ADDR) { 7017 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident)); 7018 checktype = ADDR; 7019 } else 7020 checktype = NONE; 7021 break; 7022 default: 7023 checktype = NONE; 7024 break; 7025 } 7026 7027 switch (checktype) { 7028 case NONE: 7029 break; 7030 case ADDR: 7031 sa = (const struct sockaddr *)(((const u_int8_t*)ext)+baselen); 7032 if (len < baselen + sal) 7033 return EINVAL; 7034 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len) 7035 return EINVAL; 7036 break; 7037 } 7038 7039 return 0; 7040 } 7041 7042 void 7043 key_init() 7044 { 7045 int i; 7046 7047 SPTREE_LOCK_INIT(); 7048 REGTREE_LOCK_INIT(); 7049 SAHTREE_LOCK_INIT(); 7050 ACQ_LOCK_INIT(); 7051 SPACQ_LOCK_INIT(); 7052 7053 for (i = 0; i < IPSEC_DIR_MAX; i++) 7054 LIST_INIT(&sptree[i]); 7055 7056 LIST_INIT(&sahtree); 7057 7058 for (i = 0; i <= SADB_SATYPE_MAX; i++) 7059 LIST_INIT(®tree[i]); 7060 7061 LIST_INIT(&acqtree); 7062 LIST_INIT(&spacqtree); 7063 7064 /* system default */ 7065 ip4_def_policy.policy = IPSEC_POLICY_NONE; 7066 ip4_def_policy.refcnt++; /*never reclaim this*/ 7067 7068 #ifndef IPSEC_DEBUG2 7069 timeout((void *)key_timehandler, (void *)0, hz); 7070 #endif /*IPSEC_DEBUG2*/ 7071 7072 /* initialize key statistics */ 7073 keystat.getspi_count = 1; 7074 7075 printf("Fast IPsec: Initialized Security Association Processing.\n"); 7076 7077 return; 7078 } 7079 7080 /* 7081 * XXX: maybe This function is called after INBOUND IPsec processing. 7082 * 7083 * Special check for tunnel-mode packets. 7084 * We must make some checks for consistency between inner and outer IP header. 7085 * 7086 * xxx more checks to be provided 7087 */ 7088 int 7089 key_checktunnelsanity(sav, family, src, dst) 7090 struct secasvar *sav; 7091 u_int family; 7092 caddr_t src; 7093 caddr_t dst; 7094 { 7095 IPSEC_ASSERT(sav->sah != NULL, ("null SA header")); 7096 7097 /* XXX: check inner IP header */ 7098 7099 return 1; 7100 } 7101 7102 /* record data transfer on SA, and update timestamps */ 7103 void 7104 key_sa_recordxfer(sav, m) 7105 struct secasvar *sav; 7106 struct mbuf *m; 7107 { 7108 IPSEC_ASSERT(sav != NULL, ("Null secasvar")); 7109 IPSEC_ASSERT(m != NULL, ("Null mbuf")); 7110 if (!sav->lft_c) 7111 return; 7112 7113 /* 7114 * XXX Currently, there is a difference of bytes size 7115 * between inbound and outbound processing. 7116 */ 7117 sav->lft_c->sadb_lifetime_bytes += m->m_pkthdr.len; 7118 /* to check bytes lifetime is done in key_timehandler(). */ 7119 7120 /* 7121 * We use the number of packets as the unit of 7122 * sadb_lifetime_allocations. We increment the variable 7123 * whenever {esp,ah}_{in,out}put is called. 7124 */ 7125 sav->lft_c->sadb_lifetime_allocations++; 7126 /* XXX check for expires? */ 7127 7128 /* 7129 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock, 7130 * in seconds. HARD and SOFT lifetime are measured by the time 7131 * difference (again in seconds) from sadb_lifetime_usetime. 7132 * 7133 * usetime 7134 * v expire expire 7135 * -----+-----+--------+---> t 7136 * <--------------> HARD 7137 * <-----> SOFT 7138 */ 7139 sav->lft_c->sadb_lifetime_usetime = time_second; 7140 /* XXX check for expires? */ 7141 7142 return; 7143 } 7144 7145 /* dumb version */ 7146 void 7147 key_sa_routechange(dst) 7148 struct sockaddr *dst; 7149 { 7150 struct secashead *sah; 7151 struct route *ro; 7152 7153 SAHTREE_LOCK(); 7154 LIST_FOREACH(sah, &sahtree, chain) { 7155 ro = &sah->sa_route; 7156 if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len 7157 && bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) { 7158 RTFREE(ro->ro_rt); 7159 ro->ro_rt = (struct rtentry *)NULL; 7160 } 7161 } 7162 SAHTREE_UNLOCK(); 7163 } 7164 7165 static void 7166 key_sa_chgstate(sav, state) 7167 struct secasvar *sav; 7168 u_int8_t state; 7169 { 7170 IPSEC_ASSERT(sav != NULL, ("NULL sav")); 7171 SAHTREE_LOCK_ASSERT(); 7172 7173 if (sav->state != state) { 7174 if (__LIST_CHAINED(sav)) 7175 LIST_REMOVE(sav, chain); 7176 sav->state = state; 7177 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain); 7178 } 7179 } 7180 7181 void 7182 key_sa_stir_iv(sav) 7183 struct secasvar *sav; 7184 { 7185 7186 IPSEC_ASSERT(sav->iv != NULL, ("null IV")); 7187 key_randomfill(sav->iv, sav->ivlen); 7188 } 7189 7190 /* XXX too much? */ 7191 static struct mbuf * 7192 key_alloc_mbuf(l) 7193 int l; 7194 { 7195 struct mbuf *m = NULL, *n; 7196 int len, t; 7197 7198 len = l; 7199 while (len > 0) { 7200 MGET(n, M_DONTWAIT, MT_DATA); 7201 if (n && len > MLEN) 7202 MCLGET(n, M_DONTWAIT); 7203 if (!n) { 7204 m_freem(m); 7205 return NULL; 7206 } 7207 7208 n->m_next = NULL; 7209 n->m_len = 0; 7210 n->m_len = M_TRAILINGSPACE(n); 7211 /* use the bottom of mbuf, hoping we can prepend afterwards */ 7212 if (n->m_len > len) { 7213 t = (n->m_len - len) & ~(sizeof(long) - 1); 7214 n->m_data += t; 7215 n->m_len = len; 7216 } 7217 7218 len -= n->m_len; 7219 7220 if (m) 7221 m_cat(m, n); 7222 else 7223 m = n; 7224 } 7225 7226 return m; 7227 }
Cache object: fb78dacb0bfad2e32695e2389dd253e4
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]