FreeBSD/Linux Kernel Cross Reference
sys/netkey/key.c
1 /* $KAME: key.c,v 1.308 2003/09/07 20:35:59 itojun Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD: releng/5.2/sys/netkey/key.c 125095 2004-01-27 16:06:22Z ume $");
34
35 /*
36 * This code is referd to RFC 2367
37 */
38
39 #include "opt_inet.h"
40 #include "opt_inet6.h"
41 #include "opt_ipsec.h"
42
43 #include <sys/types.h>
44 #include <sys/param.h>
45 #include <sys/systm.h>
46 #include <sys/kernel.h>
47 #include <sys/mbuf.h>
48 #include <sys/domain.h>
49 #include <sys/protosw.h>
50 #include <sys/malloc.h>
51 #include <sys/socket.h>
52 #include <sys/socketvar.h>
53 #include <sys/sysctl.h>
54 #include <sys/errno.h>
55 #include <sys/proc.h>
56 #include <sys/queue.h>
57 #include <sys/syslog.h>
58
59 #include <net/if.h>
60 #include <net/route.h>
61 #include <net/raw_cb.h>
62
63 #include <netinet/in.h>
64 #include <netinet/in_systm.h>
65 #include <netinet/ip.h>
66 #include <netinet/in_var.h>
67
68 #ifdef INET6
69 #include <netinet/ip6.h>
70 #include <netinet6/in6_var.h>
71 #include <netinet6/ip6_var.h>
72 #endif /* INET6 */
73
74 #ifdef INET
75 #include <netinet/in_pcb.h>
76 #endif
77 #ifdef INET6
78 #include <netinet6/in6_pcb.h>
79 #endif /* INET6 */
80
81 #include <net/pfkeyv2.h>
82 #include <netkey/keydb.h>
83 #include <netkey/key.h>
84 #include <netkey/keysock.h>
85 #include <netkey/key_debug.h>
86
87 #include <netinet6/ipsec.h>
88 #ifdef INET6
89 #include <netinet6/ipsec6.h>
90 #endif
91 #include <netinet6/ah.h>
92 #ifdef INET6
93 #include <netinet6/ah6.h>
94 #endif
95 #ifdef IPSEC_ESP
96 #include <netinet6/esp.h>
97 #ifdef INET6
98 #include <netinet6/esp6.h>
99 #endif
100 #endif
101 #include <netinet6/ipcomp.h>
102 #ifdef INET6
103 #include <netinet6/ipcomp6.h>
104 #endif
105
106 #include <machine/stdarg.h>
107
108 /* randomness */
109 #include <sys/random.h>
110
111 #include <net/net_osdep.h>
112
113 #ifndef satosin
114 #define satosin(s) ((struct sockaddr_in *)s)
115 #endif
116
117 #define FULLMASK 0xff
118
119 /*
120 * Note on SA reference counting:
121 * - SAs that are not in DEAD state will have (total external reference + 1)
122 * following value in reference count field. they cannot be freed and are
123 * referenced from SA header.
124 * - SAs that are in DEAD state will have (total external reference)
125 * in reference count field. they are ready to be freed. reference from
126 * SA header will be removed in keydb_delsecasvar(), when the reference count
127 * field hits 0 (= no external reference other than from SA header.
128 */
129
130 u_int32_t key_debug_level = 0;
131 static u_int key_spi_trycnt = 1000;
132 static u_int32_t key_spi_minval = 0x100;
133 static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */
134 static u_int key_int_random = 60; /*interval to initialize randseed,1(m)*/
135 static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/
136 static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/
137 static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/
138 static int key_preferred_oldsa = 1; /* preferred old sa rather than new sa.*/
139
140 static u_int32_t acq_seq = 0;
141 static int key_tick_init_random = 0;
142
143 struct _satailq satailq; /* list of all SAD entry */
144 struct _sptailq sptailq; /* SPD table + pcb */
145 static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD table */
146 static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */
147 static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1];
148 /* registed list */
149
150 #define SPIHASHSIZE 128
151 #define SPIHASH(x) (((x) ^ ((x) >> 16)) % SPIHASHSIZE)
152 static LIST_HEAD(_spihash, secasvar) spihash[SPIHASHSIZE];
153
154 #ifndef IPSEC_NONBLOCK_ACQUIRE
155 static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */
156 #endif
157 static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */
158
159 struct key_cb key_cb;
160
161 /* search order for SAs */
162 static const u_int saorder_state_valid_prefer_old[] = {
163 SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
164 };
165 static const u_int saorder_state_valid_prefer_new[] = {
166 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
167 };
168 static const u_int saorder_state_alive[] = {
169 /* except DEAD */
170 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
171 };
172 static const u_int saorder_state_any[] = {
173 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
174 SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
175 };
176
177 static const int minsize[] = {
178 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
179 sizeof(struct sadb_sa), /* SADB_EXT_SA */
180 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
181 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
182 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
183 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */
184 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */
185 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */
186 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */
187 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */
188 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */
189 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */
190 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */
191 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */
192 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */
193 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */
194 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
195 0, /* SADB_X_EXT_KMPRIVATE */
196 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */
197 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
198 };
199 static const int maxsize[] = {
200 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
201 sizeof(struct sadb_sa), /* SADB_EXT_SA */
202 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
203 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
204 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
205 0, /* SADB_EXT_ADDRESS_SRC */
206 0, /* SADB_EXT_ADDRESS_DST */
207 0, /* SADB_EXT_ADDRESS_PROXY */
208 0, /* SADB_EXT_KEY_AUTH */
209 0, /* SADB_EXT_KEY_ENCRYPT */
210 0, /* SADB_EXT_IDENTITY_SRC */
211 0, /* SADB_EXT_IDENTITY_DST */
212 0, /* SADB_EXT_SENSITIVITY */
213 0, /* SADB_EXT_PROPOSAL */
214 0, /* SADB_EXT_SUPPORTED_AUTH */
215 0, /* SADB_EXT_SUPPORTED_ENCRYPT */
216 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
217 0, /* SADB_X_EXT_KMPRIVATE */
218 0, /* SADB_X_EXT_POLICY */
219 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
220 };
221
222 static int ipsec_esp_keymin = 256;
223 #ifdef IPSEC_ESP
224 static int ipsec_esp_auth = 0;
225 #endif
226 static int ipsec_ah_keymin = 128;
227
228 SYSCTL_DECL(_net_key);
229
230 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW, \
231 &key_debug_level, 0, "");
232
233 /* max count of trial for the decision of spi value */
234 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \
235 &key_spi_trycnt, 0, "");
236
237 /* minimum spi value to allocate automatically. */
238 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \
239 &key_spi_minval, 0, "");
240
241 /* maximun spi value to allocate automatically. */
242 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \
243 &key_spi_maxval, 0, "");
244
245 /* interval to initialize randseed */
246 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \
247 &key_int_random, 0, "");
248
249 /* lifetime for larval SA */
250 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \
251 &key_larval_lifetime, 0, "");
252
253 /* counter for blocking to send SADB_ACQUIRE to IKEd */
254 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \
255 &key_blockacq_count, 0, "");
256
257 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
258 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \
259 &key_blockacq_lifetime, 0, "");
260
261 #ifdef IPSEC_ESP
262 /* ESP auth */
263 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \
264 &ipsec_esp_auth, 0, "ESP auth");
265 #endif
266
267 /* minimum ESP key length */
268 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \
269 &ipsec_esp_keymin, 0, "");
270
271 /* minimum AH key length */
272 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \
273 &ipsec_ah_keymin, 0, "");
274
275 /* perfered old SA rather than new SA */
276 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, CTLFLAG_RW,\
277 &key_preferred_oldsa, 0, "");
278
279 #define __LIST_CHAINED(elm) \
280 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
281 #define LIST_INSERT_TAIL(head, elm, type, field) \
282 do {\
283 struct type *curelm = LIST_FIRST(head); \
284 if (curelm == NULL) {\
285 LIST_INSERT_HEAD(head, elm, field); \
286 } else { \
287 while (LIST_NEXT(curelm, field)) \
288 curelm = LIST_NEXT(curelm, field);\
289 LIST_INSERT_AFTER(curelm, elm, field);\
290 }\
291 } while (/*CONSTCOND*/ 0)
292
293 #define KEY_CHKSASTATE(head, sav, name) \
294 do { \
295 if ((head) != (sav)) { \
296 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%u SA=%u)\n", \
297 (name), (head), (sav))); \
298 continue; \
299 } \
300 } while (/*CONSTCOND*/ 0)
301
302 #define KEY_CHKSPDIR(head, sp, name) \
303 do { \
304 if ((head) != (sp)) { \
305 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%u SP=%u), " \
306 "anyway continue.\n", \
307 (name), (head), (sp))); \
308 } \
309 } while (/*CONSTCOND*/ 0)
310
311 #if 1
312 #define KMALLOC(p, t, n) \
313 ((p) = (t) malloc((unsigned long)(n), M_SECA, M_NOWAIT))
314 #define KFREE(p) \
315 free((caddr_t)(p), M_SECA)
316 #else
317 #define KMALLOC(p, t, n) \
318 do { \
319 ((p) = (t)malloc((unsigned long)(n), M_SECA, M_NOWAIT)); \
320 printf("%s %d: %p <- KMALLOC(%s, %d)\n", \
321 __FILE__, __LINE__, (p), #t, n); \
322 } while (/*CONSTCOND*/ 0)
323
324 #define KFREE(p) \
325 do { \
326 printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p)); \
327 free((caddr_t)(p), M_SECA); \
328 } while (/*CONSTCOND*/ 0)
329 #endif
330
331 /*
332 * set parameters into secpolicyindex buffer.
333 * Must allocate secpolicyindex buffer passed to this function.
334 */
335 #define KEY_SETSECSPIDX(s, d, ps, pd, ulp, idx) \
336 do { \
337 bzero((idx), sizeof(struct secpolicyindex)); \
338 (idx)->prefs = (ps); \
339 (idx)->prefd = (pd); \
340 (idx)->ul_proto = (ulp); \
341 bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len); \
342 bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len); \
343 } while (/*CONSTCOND*/ 0)
344
345 /*
346 * set parameters into secasindex buffer.
347 * Must allocate secasindex buffer before calling this function.
348 */
349 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \
350 do { \
351 bzero((idx), sizeof(struct secasindex)); \
352 (idx)->proto = (p); \
353 (idx)->mode = (m); \
354 (idx)->reqid = (r); \
355 bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len); \
356 bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len); \
357 } while (/*CONSTCOND*/ 0)
358
359 /* key statistics */
360 struct _keystat {
361 u_long getspi_count; /* the avarage of count to try to get new SPI */
362 } keystat;
363
364 struct sadb_msghdr {
365 struct sadb_msg *msg;
366 struct sadb_ext *ext[SADB_EXT_MAX + 1];
367 int extoff[SADB_EXT_MAX + 1];
368 int extlen[SADB_EXT_MAX + 1];
369 };
370
371 static struct secasvar *key_allocsa_policy(struct secasindex *);
372 static struct secasvar *key_do_allocsa_policy(struct secashead *, u_int);
373 static void key_delsav(struct secasvar *);
374 static void key_delsp(struct secpolicy *);
375 static struct secpolicy *key_getsp(struct secpolicyindex *, int);
376 static struct secpolicy *key_getspbyid(u_int32_t);
377 static u_int32_t key_newreqid(void);
378 static struct mbuf *key_gather_mbuf(struct mbuf *,
379 const struct sadb_msghdr *, int, int, ...);
380 static int key_spdadd(struct socket *, struct mbuf *,
381 const struct sadb_msghdr *);
382 static int key_spddelete(struct socket *, struct mbuf *,
383 const struct sadb_msghdr *);
384 static int key_spddelete2(struct socket *, struct mbuf *,
385 const struct sadb_msghdr *);
386 static int key_spdget(struct socket *, struct mbuf *,
387 const struct sadb_msghdr *);
388 static int key_spdflush(struct socket *, struct mbuf *,
389 const struct sadb_msghdr *);
390 static int key_spddump(struct socket *, struct mbuf *,
391 const struct sadb_msghdr *);
392 static struct mbuf *key_setdumpsp(struct secpolicy *,
393 u_int8_t, u_int32_t, u_int32_t);
394 static u_int key_getspreqmsglen(struct secpolicy *);
395 static int key_spdexpire(struct secpolicy *);
396 static struct secashead *key_newsah(struct secasindex *);
397 static void key_delsah(struct secashead *);
398 static struct secasvar *key_newsav(struct mbuf *,
399 const struct sadb_msghdr *, struct secashead *, int *);
400 static struct secashead *key_getsah(struct secasindex *);
401 static struct secasvar *key_checkspidup(struct secasindex *, u_int32_t);
402 static void key_setspi(struct secasvar *, u_int32_t);
403 static struct secasvar *key_getsavbyspi(struct secashead *, u_int32_t);
404 static int key_setsaval(struct secasvar *, struct mbuf *,
405 const struct sadb_msghdr *);
406 static int key_mature(struct secasvar *);
407 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t,
408 u_int8_t, u_int32_t, u_int32_t);
409 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t,
410 u_int32_t, pid_t, u_int16_t);
411 static struct mbuf *key_setsadbsa(struct secasvar *);
412 static struct mbuf *key_setsadbaddr(u_int16_t,
413 struct sockaddr *, u_int8_t, u_int16_t);
414 #if 0
415 static struct mbuf *key_setsadbident(u_int16_t, u_int16_t, caddr_t,
416 int, u_int64_t);
417 #endif
418 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t);
419 static struct mbuf *key_setsadblifetime(u_int16_t, u_int32_t,
420 u_int64_t, u_int64_t, u_int64_t);
421 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
422 u_int32_t);
423 static void *key_newbuf(const void *, u_int);
424 static int key_ismyaddr(struct sockaddr *);
425 #ifdef INET6
426 static int key_ismyaddr6(struct sockaddr_in6 *);
427 #endif
428
429 /* flags for key_cmpsaidx() */
430 #define CMP_HEAD 1 /* protocol, addresses. */
431 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */
432 #define CMP_REQID 3 /* additionally HEAD, reqid. not used */
433 #define CMP_EXACTLY 4 /* all elements. */
434 static int key_cmpsaidx(struct secasindex *, struct secasindex *, int);
435
436 static int key_sockaddrcmp(struct sockaddr *, struct sockaddr *, int);
437 static int key_bbcmp(caddr_t, caddr_t, u_int);
438 static void key_srandom(void);
439 static u_long key_random(void);
440 static u_int16_t key_satype2proto(u_int8_t);
441 static u_int8_t key_proto2satype(u_int16_t);
442
443 static int key_getspi(struct socket *, struct mbuf *,
444 const struct sadb_msghdr *);
445 static u_int32_t key_do_getnewspi(struct sadb_spirange *,
446 struct secasindex *);
447 static int key_update(struct socket *, struct mbuf *,
448 const struct sadb_msghdr *);
449 #ifdef IPSEC_DOSEQCHECK
450 static struct secasvar *key_getsavbyseq(struct secashead *, u_int32_t);
451 #endif
452 static int key_add(struct socket *, struct mbuf *,
453 const struct sadb_msghdr *);
454 static int key_setident(struct secashead *, struct mbuf *,
455 const struct sadb_msghdr *);
456 static struct mbuf *key_getmsgbuf_x1(struct mbuf *,
457 const struct sadb_msghdr *);
458 static int key_delete(struct socket *, struct mbuf *,
459 const struct sadb_msghdr *);
460 static int key_get(struct socket *, struct mbuf *,
461 const struct sadb_msghdr *);
462
463 static void key_getcomb_setlifetime(struct sadb_comb *);
464 #ifdef IPSEC_ESP
465 static struct mbuf *key_getcomb_esp(void);
466 #endif
467 static struct mbuf *key_getcomb_ah(void);
468 static struct mbuf *key_getcomb_ipcomp(void);
469 static struct mbuf *key_getprop(const struct secasindex *);
470
471 static int key_acquire(struct secasindex *, struct secpolicy *);
472 #ifndef IPSEC_NONBLOCK_ACQUIRE
473 static struct secacq *key_newacq(struct secasindex *);
474 static struct secacq *key_getacq(struct secasindex *);
475 static struct secacq *key_getacqbyseq(u_int32_t);
476 #endif
477 static struct secspacq *key_newspacq(struct secpolicyindex *);
478 static struct secspacq *key_getspacq(struct secpolicyindex *);
479 static int key_acquire2(struct socket *, struct mbuf *,
480 const struct sadb_msghdr *);
481 static int key_register(struct socket *, struct mbuf *,
482 const struct sadb_msghdr *);
483 static int key_expire(struct secasvar *);
484 static int key_flush(struct socket *, struct mbuf *,
485 const struct sadb_msghdr *);
486 static int key_dump(struct socket *, struct mbuf *,
487 const struct sadb_msghdr *);
488 static int key_promisc(struct socket *, struct mbuf *,
489 const struct sadb_msghdr *);
490 static int key_senderror(struct socket *, struct mbuf *, int);
491 static int key_validate_ext(struct sadb_ext *, int);
492 static int key_align(struct mbuf *, struct sadb_msghdr *);
493 #if 0
494 static const char *key_getfqdn(void);
495 static const char *key_getuserfqdn(void);
496 #endif
497 static void key_sa_chgstate(struct secasvar *, u_int8_t);
498 static void key_sp_dead(struct secpolicy *);
499 static void key_sp_unlink(struct secpolicy *);
500 static struct mbuf *key_alloc_mbuf(int);
501
502 /* %%% IPsec policy management */
503 /*
504 * allocating a SP for OUTBOUND or INBOUND packet.
505 * Must call key_freesp() later.
506 * OUT: NULL: not found
507 * others: found and return the pointer.
508 */
509 struct secpolicy *
510 key_allocsp(tag, spidx, dir)
511 u_int16_t tag;
512 struct secpolicyindex *spidx;
513 u_int dir;
514 {
515 struct secpolicy *sp;
516 int s;
517
518 /* check direction */
519 switch (dir) {
520 case IPSEC_DIR_INBOUND:
521 case IPSEC_DIR_OUTBOUND:
522 break;
523 default:
524 panic("key_allocsp: Invalid direction is passed.");
525 }
526
527 /* get a SP entry */
528 s = splnet(); /*called from softclock()*/
529 if (spidx) {
530 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
531 printf("*** objects\n");
532 kdebug_secpolicyindex(spidx));
533 }
534
535 LIST_FOREACH(sp, &sptree[dir], chain) {
536 if (sp->state == IPSEC_SPSTATE_DEAD)
537 continue;
538 if (sp->spidx) {
539 if (!spidx)
540 continue;
541
542 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
543 printf("*** in SPD\n");
544 kdebug_secpolicyindex(sp->spidx));
545
546 if (key_cmpspidx_withmask(sp->spidx, spidx))
547 goto found;
548 }
549 }
550
551 splx(s);
552 return NULL;
553
554 found:
555 /* sanity check */
556 KEY_CHKSPDIR(sp->dir, dir, "key_allocsp");
557
558 /* found a SPD entry */
559 sp->lastused = time_second;
560 sp->refcnt++;
561 splx(s);
562 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
563 printf("DP key_allocsp cause refcnt++:%d SP:%p\n",
564 sp->refcnt, sp));
565
566 return sp;
567 }
568
569 /*
570 * return a policy that matches this particular inbound packet.
571 * XXX slow
572 */
573 struct secpolicy *
574 key_gettunnel(osrc, odst, isrc, idst)
575 struct sockaddr *osrc, *odst, *isrc, *idst;
576 {
577 struct secpolicy *sp;
578 const int dir = IPSEC_DIR_INBOUND;
579 int s;
580 struct ipsecrequest *r1, *r2, *p;
581 struct sockaddr *os, *od, *is, *id;
582 struct secpolicyindex spidx;
583
584 if (isrc->sa_family != idst->sa_family) {
585 ipseclog((LOG_ERR, "protocol family mismatched %u != %u\n",
586 isrc->sa_family, idst->sa_family));
587 return NULL;
588 }
589
590 s = splnet(); /*called from softclock()*/
591 LIST_FOREACH(sp, &sptree[dir], chain) {
592 if (sp->state == IPSEC_SPSTATE_DEAD)
593 continue;
594
595 r1 = r2 = NULL;
596 for (p = sp->req; p; p = p->next) {
597 if (p->saidx.mode != IPSEC_MODE_TUNNEL)
598 continue;
599
600 r1 = r2;
601 r2 = p;
602
603 if (!r1) {
604 if (sp->spidx) {
605 /*
606 * here we look at address matches
607 * only
608 */
609 spidx = *sp->spidx;
610 if (isrc->sa_len > sizeof(spidx.src) ||
611 idst->sa_len > sizeof(spidx.dst))
612 continue;
613 bcopy(isrc, &spidx.src, isrc->sa_len);
614 bcopy(idst, &spidx.dst, idst->sa_len);
615 if (!key_cmpspidx_withmask(sp->spidx,
616 &spidx))
617 continue;
618 } else
619 ; /* can't check for tagged policy */
620 } else {
621 is = (struct sockaddr *)&r1->saidx.src;
622 id = (struct sockaddr *)&r1->saidx.dst;
623 if (key_sockaddrcmp(is, isrc, 0) ||
624 key_sockaddrcmp(id, idst, 0))
625 continue;
626 }
627
628 os = (struct sockaddr *)&r2->saidx.src;
629 od = (struct sockaddr *)&r2->saidx.dst;
630 if (key_sockaddrcmp(os, osrc, 0) ||
631 key_sockaddrcmp(od, odst, 0))
632 continue;
633
634 goto found;
635 }
636 }
637 splx(s);
638 return NULL;
639
640 found:
641 sp->lastused = time_second;
642 sp->refcnt++;
643 splx(s);
644 return sp;
645 }
646
647 /*
648 * allocating an SA entry for an *OUTBOUND* packet.
649 * checking each request entries in SP, and acquire an SA if need.
650 * OUT: 0: there are valid requests.
651 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
652 */
653 int
654 key_checkrequest(isr, saidx)
655 struct ipsecrequest *isr;
656 struct secasindex *saidx;
657 {
658 u_int level;
659 int error;
660
661 /* sanity check */
662 if (isr == NULL || saidx == NULL)
663 panic("key_checkrequest: NULL pointer is passed.");
664
665 /* check mode */
666 switch (saidx->mode) {
667 case IPSEC_MODE_TRANSPORT:
668 case IPSEC_MODE_TUNNEL:
669 break;
670 case IPSEC_MODE_ANY:
671 default:
672 panic("key_checkrequest: Invalid policy defined.");
673 }
674
675 /* get current level */
676 level = ipsec_get_reqlevel(isr, saidx->src.ss_family);
677
678 #if 0
679 /*
680 * We do allocate new SA only if the state of SA in the holder is
681 * SADB_SASTATE_DEAD. The SA for outbound must be the oldest.
682 */
683 if (isr->sav != NULL) {
684 if (isr->sav->sah == NULL)
685 panic("key_checkrequest: sah is null.");
686 if (isr->sav ==
687 LIST_FIRST(&isr->sav->sah->savtree[SADB_SASTATE_DEAD])) {
688 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
689 printf("DP checkrequest calls free SA:%p\n",
690 isr->sav));
691 key_freesav(isr->sav);
692 isr->sav = NULL;
693 }
694 }
695 #else
696 /*
697 * we free any SA stashed in the IPsec request because a different
698 * SA may be involved each time this request is checked, either
699 * because new SAs are being configured, or this request is
700 * associated with an unconnected datagram socket, or this request
701 * is associated with a system default policy.
702 *
703 * The operation may have negative impact to performance. We may
704 * want to check cached SA carefully, rather than picking new SA
705 * every time.
706 */
707 if (isr->sav != NULL) {
708 key_freesav(isr->sav);
709 isr->sav = NULL;
710 }
711 #endif
712
713 /*
714 * new SA allocation if no SA found.
715 * key_allocsa_policy should allocate the oldest SA available.
716 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
717 */
718 if (isr->sav == NULL)
719 isr->sav = key_allocsa_policy(saidx);
720
721 /* When there is SA. */
722 if (isr->sav != NULL)
723 return 0;
724
725 /* there is no SA */
726 if ((error = key_acquire(saidx, isr->sp)) != 0) {
727 /* XXX What should I do ? */
728 ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned "
729 "from key_acquire.\n", error));
730 return error;
731 }
732
733 return level == IPSEC_LEVEL_REQUIRE ? ENOENT : 0;
734 }
735
736 /*
737 * allocating a SA for policy entry from SAD.
738 * NOTE: searching SAD of aliving state.
739 * OUT: NULL: not found.
740 * others: found and return the pointer.
741 */
742 static struct secasvar *
743 key_allocsa_policy(saidx)
744 struct secasindex *saidx;
745 {
746 struct secashead *sah;
747 struct secasvar *sav;
748 u_int stateidx, state;
749 const u_int *saorder_state_valid;
750 int arraysize;
751
752 LIST_FOREACH(sah, &sahtree, chain) {
753 if (sah->state == SADB_SASTATE_DEAD)
754 continue;
755 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
756 goto found;
757 }
758
759 return NULL;
760
761 found:
762
763 /*
764 * search a valid state list for outbound packet.
765 * This search order is important.
766 */
767 if (key_preferred_oldsa) {
768 saorder_state_valid = saorder_state_valid_prefer_old;
769 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
770 } else {
771 saorder_state_valid = saorder_state_valid_prefer_new;
772 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
773 }
774
775 for (stateidx = 0; stateidx < arraysize; stateidx++) {
776
777 state = saorder_state_valid[stateidx];
778
779 sav = key_do_allocsa_policy(sah, state);
780 if (sav != NULL)
781 return sav;
782 }
783
784 return NULL;
785 }
786
787 /*
788 * searching SAD with direction, protocol, mode and state.
789 * called by key_allocsa_policy().
790 * OUT:
791 * NULL : not found
792 * others : found, pointer to a SA.
793 */
794 static struct secasvar *
795 key_do_allocsa_policy(sah, state)
796 struct secashead *sah;
797 u_int state;
798 {
799 struct secasvar *sav, *nextsav, *candidate, *d;
800
801 /* initilize */
802 candidate = NULL;
803
804 for (sav = LIST_FIRST(&sah->savtree[state]);
805 sav != NULL;
806 sav = nextsav) {
807
808 nextsav = LIST_NEXT(sav, chain);
809
810 /* sanity check */
811 KEY_CHKSASTATE(sav->state, state, "key_do_allocsa_policy");
812
813 /* initialize */
814 if (candidate == NULL) {
815 candidate = sav;
816 continue;
817 }
818
819 /* Which SA is the better ? */
820
821 /* sanity check 2 */
822 if (candidate->lft_c == NULL || sav->lft_c == NULL)
823 panic("key_do_allocsa_policy: "
824 "lifetime_current is NULL.");
825
826 /* What the best method is to compare ? */
827 if (key_preferred_oldsa) {
828 if (candidate->lft_c->sadb_lifetime_addtime >
829 sav->lft_c->sadb_lifetime_addtime) {
830 candidate = sav;
831 }
832 continue;
833 /*NOTREACHED*/
834 }
835
836 /* preferred new sa rather than old sa */
837 if (candidate->lft_c->sadb_lifetime_addtime <
838 sav->lft_c->sadb_lifetime_addtime) {
839 d = candidate;
840 candidate = sav;
841 } else
842 d = sav;
843
844 /*
845 * prepared to delete the SA when there is more
846 * suitable candidate and the lifetime of the SA is not
847 * permanent.
848 */
849 if (d->lft_c->sadb_lifetime_addtime != 0) {
850 struct mbuf *m, *result = NULL;
851
852 key_sa_chgstate(d, SADB_SASTATE_DEAD);
853
854 m = key_setsadbmsg(SADB_DELETE, 0,
855 key_proto2satype(d->sah->saidx.proto),
856 0, 0, d->refcnt - 1);
857 if (!m)
858 goto msgfail;
859 result = m;
860
861 /* set sadb_address for saidx's. */
862 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
863 (struct sockaddr *)&d->sah->saidx.src,
864 FULLMASK, IPSEC_ULPROTO_ANY);
865 if (!m)
866 goto msgfail;
867 m_cat(result, m);
868
869 /* set sadb_address for saidx's. */
870 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
871 (struct sockaddr *)&d->sah->saidx.dst,
872 FULLMASK, IPSEC_ULPROTO_ANY);
873 if (!m)
874 goto msgfail;
875 m_cat(result, m);
876
877 /* create SA extension */
878 m = key_setsadbsa(d);
879 if (!m)
880 goto msgfail;
881 m_cat(result, m);
882
883 if (result->m_len < sizeof(struct sadb_msg)) {
884 result = m_pullup(result,
885 sizeof(struct sadb_msg));
886 if (result == NULL)
887 goto msgfail;
888 }
889
890 result->m_pkthdr.len = 0;
891 for (m = result; m; m = m->m_next)
892 result->m_pkthdr.len += m->m_len;
893 mtod(result, struct sadb_msg *)->sadb_msg_len =
894 PFKEY_UNIT64(result->m_pkthdr.len);
895
896 if (key_sendup_mbuf(NULL, result,
897 KEY_SENDUP_REGISTERED))
898 goto msgfail;
899
900 result = NULL;
901
902 msgfail:
903 if (result != NULL)
904 m_freem(result);
905 key_freesav(d);
906 }
907 }
908
909 if (candidate) {
910 candidate->refcnt++;
911 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
912 printf("DP allocsa_policy cause "
913 "refcnt++:%d SA:%p\n",
914 candidate->refcnt, candidate));
915 }
916 return candidate;
917 }
918
919 /*
920 * allocating a SA entry for a *INBOUND* packet.
921 * Must call key_freesav() later.
922 * OUT: positive: pointer to a sav.
923 * NULL: not found, or error occured.
924 *
925 * In the comparison, source address will be ignored for RFC2401 conformance.
926 * To quote, from section 4.1:
927 * A security association is uniquely identified by a triple consisting
928 * of a Security Parameter Index (SPI), an IP Destination Address, and a
929 * security protocol (AH or ESP) identifier.
930 * Note that, however, we do need to keep source address in IPsec SA.
931 * IKE specification and PF_KEY specification do assume that we
932 * keep source address in IPsec SA. We see a tricky situation here.
933 */
934 struct secasvar *
935 key_allocsa(family, src, dst, proto, spi)
936 u_int family, proto;
937 caddr_t src, dst;
938 u_int32_t spi;
939 {
940 struct secasvar *sav, *match;
941 u_int stateidx, state, tmpidx, matchidx;
942 struct sockaddr_in sin;
943 struct sockaddr_in6 sin6;
944 int s;
945 const u_int *saorder_state_valid;
946 int arraysize;
947
948 /* sanity check */
949 if (src == NULL || dst == NULL)
950 panic("key_allocsa: NULL pointer is passed.");
951
952 /*
953 * when both systems employ similar strategy to use a SA.
954 * the search order is important even in the inbound case.
955 */
956 if (key_preferred_oldsa) {
957 saorder_state_valid = saorder_state_valid_prefer_old;
958 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
959 } else {
960 saorder_state_valid = saorder_state_valid_prefer_new;
961 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
962 }
963
964 /*
965 * searching SAD.
966 * XXX: to be checked internal IP header somewhere. Also when
967 * IPsec tunnel packet is received. But ESP tunnel mode is
968 * encrypted so we can't check internal IP header.
969 */
970 s = splnet(); /*called from softclock()*/
971 /*
972 * search a valid state list for inbound packet.
973 * the search order is not important.
974 */
975 match = NULL;
976 matchidx = arraysize;
977 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
978 if (sav->spi != spi)
979 continue;
980 if (proto != sav->sah->saidx.proto)
981 continue;
982 if (family != sav->sah->saidx.src.ss_family ||
983 family != sav->sah->saidx.dst.ss_family)
984 continue;
985 tmpidx = arraysize;
986 for (stateidx = 0; stateidx < matchidx; stateidx++) {
987 state = saorder_state_valid[stateidx];
988 if (sav->state == state) {
989 tmpidx = stateidx;
990 break;
991 }
992 }
993 if (tmpidx >= matchidx)
994 continue;
995
996 #if 0 /* don't check src */
997 /* check src address */
998 switch (family) {
999 case AF_INET:
1000 bzero(&sin, sizeof(sin));
1001 sin.sin_family = AF_INET;
1002 sin.sin_len = sizeof(sin);
1003 bcopy(src, &sin.sin_addr,
1004 sizeof(sin.sin_addr));
1005 if (key_sockaddrcmp((struct sockaddr*)&sin,
1006 (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
1007 continue;
1008
1009 break;
1010 case AF_INET6:
1011 bzero(&sin6, sizeof(sin6));
1012 sin6.sin6_family = AF_INET6;
1013 sin6.sin6_len = sizeof(sin6);
1014 bcopy(src, &sin6.sin6_addr, sizeof(sin6.sin6_addr));
1015 if (IN6_IS_SCOPE_LINKLOCAL(&sin6.sin6_addr)) {
1016 /* kame fake scopeid */
1017 sin6.sin6_scope_id =
1018 ntohs(sin6.sin6_addr.s6_addr16[1]);
1019 sin6.sin6_addr.s6_addr16[1] = 0;
1020 }
1021 if (key_sockaddrcmp((struct sockaddr *)&sin6,
1022 (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
1023 continue;
1024 break;
1025 default:
1026 ipseclog((LOG_DEBUG, "key_allocsa: "
1027 "unknown address family=%d.\n",
1028 family));
1029 continue;
1030 }
1031
1032 #endif
1033 /* check dst address */
1034 switch (family) {
1035 case AF_INET:
1036 bzero(&sin, sizeof(sin));
1037 sin.sin_family = AF_INET;
1038 sin.sin_len = sizeof(sin);
1039 bcopy(dst, &sin.sin_addr,
1040 sizeof(sin.sin_addr));
1041 if (key_sockaddrcmp((struct sockaddr*)&sin,
1042 (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
1043 continue;
1044
1045 break;
1046 case AF_INET6:
1047 bzero(&sin6, sizeof(sin6));
1048 sin6.sin6_family = AF_INET6;
1049 sin6.sin6_len = sizeof(sin6);
1050 bcopy(dst, &sin6.sin6_addr, sizeof(sin6.sin6_addr));
1051 if (IN6_IS_SCOPE_LINKLOCAL(&sin6.sin6_addr)) {
1052 /* kame fake scopeid */
1053 sin6.sin6_scope_id =
1054 ntohs(sin6.sin6_addr.s6_addr16[1]);
1055 sin6.sin6_addr.s6_addr16[1] = 0;
1056 }
1057 if (key_sockaddrcmp((struct sockaddr *)&sin6,
1058 (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
1059 continue;
1060 break;
1061 default:
1062 ipseclog((LOG_DEBUG, "key_allocsa: "
1063 "unknown address family=%d.\n", family));
1064 continue;
1065 }
1066
1067 match = sav;
1068 matchidx = tmpidx;
1069 }
1070
1071 if (match)
1072 goto found;
1073
1074 /* not found */
1075 splx(s);
1076 return NULL;
1077
1078 found:
1079 match->refcnt++;
1080 splx(s);
1081 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1082 printf("DP allocsa cause refcnt++:%d SA:%p\n",
1083 match->refcnt, match));
1084 return match;
1085 }
1086
1087 /*
1088 * Must be called after calling key_allocsp().
1089 * For both the packet without socket and key_freeso().
1090 */
1091 void
1092 key_freesp(sp)
1093 struct secpolicy *sp;
1094 {
1095 /* sanity check */
1096 if (sp == NULL)
1097 panic("key_freesp: NULL pointer is passed.");
1098
1099 sp->refcnt--;
1100 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1101 printf("DP freesp cause refcnt--:%d SP:%p\n",
1102 sp->refcnt, sp));
1103
1104 if (sp->refcnt == 0)
1105 key_delsp(sp);
1106
1107 return;
1108 }
1109
1110 /*
1111 * Must be called after calling key_allocsa().
1112 * This function is called by key_freesp() to free some SA allocated
1113 * for a policy.
1114 */
1115 void
1116 key_freesav(sav)
1117 struct secasvar *sav;
1118 {
1119 /* sanity check */
1120 if (sav == NULL)
1121 panic("key_freesav: NULL pointer is passed.");
1122
1123 sav->refcnt--;
1124 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1125 printf("DP freesav cause refcnt--:%d SA:%p SPI %u\n",
1126 sav->refcnt, sav, (u_int32_t)ntohl(sav->spi)));
1127
1128 if (sav->refcnt > 0)
1129 return;
1130
1131 key_delsav(sav);
1132 }
1133
1134 static void
1135 key_delsav(sav)
1136 struct secasvar *sav;
1137 {
1138 int s;
1139
1140 /* sanity check */
1141 if (sav == NULL)
1142 panic("key_delsav: NULL pointer is passed.");
1143
1144 if (sav->refcnt > 0)
1145 panic("key_delsav: called with positive refcnt");
1146
1147 s = splnet();
1148
1149 if (__LIST_CHAINED(sav))
1150 LIST_REMOVE(sav, chain);
1151
1152 if (sav->spihash.le_prev || sav->spihash.le_next)
1153 LIST_REMOVE(sav, spihash);
1154
1155 if (sav->key_auth != NULL) {
1156 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
1157 KFREE(sav->key_auth);
1158 sav->key_auth = NULL;
1159 }
1160 if (sav->key_enc != NULL) {
1161 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
1162 KFREE(sav->key_enc);
1163 sav->key_enc = NULL;
1164 }
1165 if (sav->sched) {
1166 bzero(sav->sched, sav->schedlen);
1167 KFREE(sav->sched);
1168 sav->sched = NULL;
1169 }
1170 if (sav->replay != NULL) {
1171 keydb_delsecreplay(sav->replay);
1172 sav->replay = NULL;
1173 }
1174 if (sav->lft_c != NULL) {
1175 KFREE(sav->lft_c);
1176 sav->lft_c = NULL;
1177 }
1178 if (sav->lft_h != NULL) {
1179 KFREE(sav->lft_h);
1180 sav->lft_h = NULL;
1181 }
1182 if (sav->lft_s != NULL) {
1183 KFREE(sav->lft_s);
1184 sav->lft_s = NULL;
1185 }
1186 if (sav->iv != NULL) {
1187 KFREE(sav->iv);
1188 sav->iv = NULL;
1189 }
1190
1191 keydb_delsecasvar(sav);
1192
1193 splx(s);
1194 }
1195
1196 /* %%% SPD management */
1197 /*
1198 * free security policy entry.
1199 */
1200 static void
1201 key_delsp(sp)
1202 struct secpolicy *sp;
1203 {
1204 int s;
1205
1206 /* sanity check */
1207 if (sp == NULL)
1208 panic("key_delsp: NULL pointer is passed.");
1209
1210 if (sp->refcnt > 0)
1211 panic("key_delsp: called with positive refcnt");
1212
1213 s = splnet(); /*called from softclock()*/
1214
1215 {
1216 struct ipsecrequest *isr = sp->req, *nextisr;
1217
1218 while (isr != NULL) {
1219 if (isr->sav != NULL) {
1220 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1221 printf("DP delsp calls free SA:%p\n",
1222 isr->sav));
1223 key_freesav(isr->sav);
1224 isr->sav = NULL;
1225 }
1226
1227 nextisr = isr->next;
1228 KFREE(isr);
1229 isr = nextisr;
1230 }
1231 }
1232
1233 keydb_delsecpolicy(sp);
1234
1235 splx(s);
1236
1237 return;
1238 }
1239
1240 /*
1241 * search SPD
1242 * OUT: NULL : not found
1243 * others : found, pointer to a SP.
1244 */
1245 static struct secpolicy *
1246 key_getsp(spidx, dir)
1247 struct secpolicyindex *spidx;
1248 int dir;
1249 {
1250 struct secpolicy *sp;
1251
1252 /* sanity check */
1253 if (spidx == NULL)
1254 panic("key_getsp: NULL pointer is passed.");
1255
1256 LIST_FOREACH(sp, &sptree[dir], chain) {
1257 if (sp->state == IPSEC_SPSTATE_DEAD)
1258 continue;
1259 if (!sp->spidx)
1260 continue;
1261 if (key_cmpspidx_exactly(spidx, sp->spidx)) {
1262 sp->refcnt++;
1263 return sp;
1264 }
1265 }
1266
1267 return NULL;
1268 }
1269
1270 /*
1271 * get SP by index.
1272 * OUT: NULL : not found
1273 * others : found, pointer to a SP.
1274 */
1275 static struct secpolicy *
1276 key_getspbyid(id)
1277 u_int32_t id;
1278 {
1279 struct secpolicy *sp;
1280
1281 TAILQ_FOREACH(sp, &sptailq, tailq) {
1282 if (sp->id == id) {
1283 sp->refcnt++;
1284 return sp;
1285 }
1286 }
1287
1288 return NULL;
1289 }
1290
1291 struct secpolicy *
1292 key_newsp(id)
1293 u_int32_t id;
1294 {
1295 struct secpolicy *newsp = NULL, *sp;
1296 u_int32_t newid;
1297
1298 if (id > IPSEC_MANUAL_POLICYID_MAX) {
1299 ipseclog((LOG_DEBUG,
1300 "key_newsp: policy_id=%u range "
1301 "violation, updated by kernel.\n", id));
1302 id = 0;
1303 }
1304
1305 if (id == 0) {
1306 if ((newid = keydb_newspid()) == 0) {
1307 ipseclog((LOG_DEBUG,
1308 "key_newsp: new policy_id allocation failed."));
1309 return NULL;
1310 }
1311 } else {
1312 sp = key_getspbyid(id);
1313 if (sp != NULL) {
1314 ipseclog((LOG_DEBUG,
1315 "key_newsp: policy_id(%u) has been used.\n", id));
1316 key_freesp(sp);
1317 return NULL;
1318 }
1319 newid = id;
1320 }
1321
1322 newsp = keydb_newsecpolicy();
1323 if (!newsp)
1324 return newsp;
1325
1326 newsp->id = newid;
1327 newsp->refcnt = 1;
1328 newsp->req = NULL;
1329
1330 return newsp;
1331 }
1332
1333 /*
1334 * create secpolicy structure from sadb_x_policy structure.
1335 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1336 * so must be set properly later.
1337 */
1338 struct secpolicy *
1339 key_msg2sp(xpl0, len, error)
1340 struct sadb_x_policy *xpl0;
1341 size_t len;
1342 int *error;
1343 {
1344 struct secpolicy *newsp;
1345
1346 /* sanity check */
1347 if (xpl0 == NULL)
1348 panic("key_msg2sp: NULL pointer was passed.");
1349 if (len < sizeof(*xpl0))
1350 panic("key_msg2sp: invalid length.");
1351 if (len != PFKEY_EXTLEN(xpl0)) {
1352 ipseclog((LOG_DEBUG, "key_msg2sp: Invalid msg length.\n"));
1353 *error = EINVAL;
1354 return NULL;
1355 }
1356
1357 if ((newsp = key_newsp(xpl0->sadb_x_policy_id)) == NULL) {
1358 *error = ENOBUFS;
1359 return NULL;
1360 }
1361
1362 newsp->dir = xpl0->sadb_x_policy_dir;
1363 newsp->policy = xpl0->sadb_x_policy_type;
1364
1365 /* check policy */
1366 switch (xpl0->sadb_x_policy_type) {
1367 case IPSEC_POLICY_DISCARD:
1368 case IPSEC_POLICY_NONE:
1369 case IPSEC_POLICY_ENTRUST:
1370 case IPSEC_POLICY_BYPASS:
1371 newsp->req = NULL;
1372 break;
1373
1374 case IPSEC_POLICY_IPSEC:
1375 {
1376 int tlen;
1377 struct sadb_x_ipsecrequest *xisr;
1378 struct ipsecrequest **p_isr = &newsp->req;
1379
1380 /* validity check */
1381 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
1382 ipseclog((LOG_DEBUG,
1383 "key_msg2sp: Invalid msg length.\n"));
1384 key_freesp(newsp);
1385 *error = EINVAL;
1386 return NULL;
1387 }
1388
1389 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
1390 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
1391
1392 while (tlen > 0) {
1393
1394 /* length check */
1395 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
1396 ipseclog((LOG_DEBUG, "key_msg2sp: "
1397 "invalid ipsecrequest length.\n"));
1398 key_freesp(newsp);
1399 *error = EINVAL;
1400 return NULL;
1401 }
1402
1403 /* allocate request buffer */
1404 KMALLOC(*p_isr, struct ipsecrequest *, sizeof(**p_isr));
1405 if ((*p_isr) == NULL) {
1406 ipseclog((LOG_DEBUG,
1407 "key_msg2sp: No more memory.\n"));
1408 key_freesp(newsp);
1409 *error = ENOBUFS;
1410 return NULL;
1411 }
1412 bzero(*p_isr, sizeof(**p_isr));
1413
1414 /* set values */
1415 (*p_isr)->next = NULL;
1416
1417 switch (xisr->sadb_x_ipsecrequest_proto) {
1418 case IPPROTO_ESP:
1419 case IPPROTO_AH:
1420 case IPPROTO_IPCOMP:
1421 break;
1422 default:
1423 ipseclog((LOG_DEBUG,
1424 "key_msg2sp: invalid proto type=%u\n",
1425 xisr->sadb_x_ipsecrequest_proto));
1426 key_freesp(newsp);
1427 *error = EPROTONOSUPPORT;
1428 return NULL;
1429 }
1430 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
1431
1432 switch (xisr->sadb_x_ipsecrequest_mode) {
1433 case IPSEC_MODE_TRANSPORT:
1434 case IPSEC_MODE_TUNNEL:
1435 break;
1436 case IPSEC_MODE_ANY:
1437 default:
1438 ipseclog((LOG_DEBUG,
1439 "key_msg2sp: invalid mode=%u\n",
1440 xisr->sadb_x_ipsecrequest_mode));
1441 key_freesp(newsp);
1442 *error = EINVAL;
1443 return NULL;
1444 }
1445 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
1446
1447 switch (xisr->sadb_x_ipsecrequest_level) {
1448 case IPSEC_LEVEL_DEFAULT:
1449 case IPSEC_LEVEL_USE:
1450 case IPSEC_LEVEL_REQUIRE:
1451 break;
1452 case IPSEC_LEVEL_UNIQUE:
1453 /* validity check */
1454 /*
1455 * If range violation of reqid, kernel will
1456 * update it, don't refuse it.
1457 */
1458 if (xisr->sadb_x_ipsecrequest_reqid
1459 > IPSEC_MANUAL_REQID_MAX) {
1460 ipseclog((LOG_DEBUG,
1461 "key_msg2sp: reqid=%u range "
1462 "violation, updated by kernel.\n",
1463 xisr->sadb_x_ipsecrequest_reqid));
1464 xisr->sadb_x_ipsecrequest_reqid = 0;
1465 }
1466
1467 /* allocate new reqid id if reqid is zero. */
1468 if (xisr->sadb_x_ipsecrequest_reqid == 0) {
1469 u_int32_t reqid;
1470 if ((reqid = key_newreqid()) == 0) {
1471 key_freesp(newsp);
1472 *error = ENOBUFS;
1473 return NULL;
1474 }
1475 (*p_isr)->saidx.reqid = reqid;
1476 xisr->sadb_x_ipsecrequest_reqid = reqid;
1477 } else {
1478 /* set it for manual keying. */
1479 (*p_isr)->saidx.reqid =
1480 xisr->sadb_x_ipsecrequest_reqid;
1481 }
1482 break;
1483
1484 default:
1485 ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n",
1486 xisr->sadb_x_ipsecrequest_level));
1487 key_freesp(newsp);
1488 *error = EINVAL;
1489 return NULL;
1490 }
1491 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
1492
1493 /* set IP addresses if there */
1494 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
1495 struct sockaddr *paddr;
1496
1497 paddr = (struct sockaddr *)(xisr + 1);
1498
1499 /* validity check */
1500 if (paddr->sa_len
1501 > sizeof((*p_isr)->saidx.src)) {
1502 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1503 "address length.\n"));
1504 key_freesp(newsp);
1505 *error = EINVAL;
1506 return NULL;
1507 }
1508 bcopy(paddr, &(*p_isr)->saidx.src,
1509 paddr->sa_len);
1510
1511 paddr = (struct sockaddr *)((caddr_t)paddr
1512 + paddr->sa_len);
1513
1514 /* validity check */
1515 if (paddr->sa_len
1516 > sizeof((*p_isr)->saidx.dst)) {
1517 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1518 "address length.\n"));
1519 key_freesp(newsp);
1520 *error = EINVAL;
1521 return NULL;
1522 }
1523 bcopy(paddr, &(*p_isr)->saidx.dst,
1524 paddr->sa_len);
1525 }
1526
1527 (*p_isr)->sav = NULL;
1528 (*p_isr)->sp = newsp;
1529
1530 /* initialization for the next. */
1531 p_isr = &(*p_isr)->next;
1532 tlen -= xisr->sadb_x_ipsecrequest_len;
1533
1534 /* validity check */
1535 if (tlen < 0) {
1536 ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n"));
1537 key_freesp(newsp);
1538 *error = EINVAL;
1539 return NULL;
1540 }
1541
1542 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
1543 + xisr->sadb_x_ipsecrequest_len);
1544 }
1545 }
1546 break;
1547 default:
1548 ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n"));
1549 key_freesp(newsp);
1550 *error = EINVAL;
1551 return NULL;
1552 }
1553
1554 *error = 0;
1555 return newsp;
1556 }
1557
1558 static u_int32_t
1559 key_newreqid()
1560 {
1561 static u_int32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
1562
1563 auto_reqid = (auto_reqid == ~0
1564 ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
1565
1566 /* XXX should be unique check */
1567
1568 return auto_reqid;
1569 }
1570
1571 /*
1572 * copy secpolicy struct to sadb_x_policy structure indicated.
1573 */
1574 struct mbuf *
1575 key_sp2msg(sp)
1576 struct secpolicy *sp;
1577 {
1578 struct sadb_x_policy *xpl;
1579 int tlen;
1580 caddr_t p;
1581 struct mbuf *m;
1582
1583 /* sanity check. */
1584 if (sp == NULL)
1585 panic("key_sp2msg: NULL pointer was passed.");
1586
1587 tlen = key_getspreqmsglen(sp);
1588
1589 m = key_alloc_mbuf(tlen);
1590 if (!m || m->m_next) { /*XXX*/
1591 if (m)
1592 m_freem(m);
1593 return NULL;
1594 }
1595
1596 m->m_len = tlen;
1597 m->m_next = NULL;
1598 xpl = mtod(m, struct sadb_x_policy *);
1599 bzero(xpl, tlen);
1600
1601 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
1602 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
1603 xpl->sadb_x_policy_type = sp->policy;
1604 xpl->sadb_x_policy_dir = sp->dir;
1605 xpl->sadb_x_policy_id = sp->id;
1606 p = (caddr_t)xpl + sizeof(*xpl);
1607
1608 /* if is the policy for ipsec ? */
1609 if (sp->policy == IPSEC_POLICY_IPSEC) {
1610 struct sadb_x_ipsecrequest *xisr;
1611 struct ipsecrequest *isr;
1612
1613 for (isr = sp->req; isr != NULL; isr = isr->next) {
1614
1615 xisr = (struct sadb_x_ipsecrequest *)p;
1616
1617 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
1618 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
1619 xisr->sadb_x_ipsecrequest_level = isr->level;
1620 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
1621
1622 p += sizeof(*xisr);
1623 bcopy(&isr->saidx.src, p, isr->saidx.src.ss_len);
1624 p += isr->saidx.src.ss_len;
1625 bcopy(&isr->saidx.dst, p, isr->saidx.dst.ss_len);
1626 p += isr->saidx.src.ss_len;
1627
1628 xisr->sadb_x_ipsecrequest_len =
1629 PFKEY_ALIGN8(sizeof(*xisr)
1630 + isr->saidx.src.ss_len
1631 + isr->saidx.dst.ss_len);
1632 }
1633 }
1634
1635 return m;
1636 }
1637
1638 /* m will not be freed nor modified */
1639 static struct mbuf *
1640 #ifdef __STDC__
1641 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
1642 int ndeep, int nitem, ...)
1643 #else
1644 key_gather_mbuf(m, mhp, ndeep, nitem, va_alist)
1645 struct mbuf *m;
1646 const struct sadb_msghdr *mhp;
1647 int ndeep;
1648 int nitem;
1649 va_dcl
1650 #endif
1651 {
1652 va_list ap;
1653 int idx;
1654 int i;
1655 struct mbuf *result = NULL, *n;
1656 int len;
1657
1658 if (m == NULL || mhp == NULL)
1659 panic("null pointer passed to key_gather");
1660
1661 va_start(ap, nitem);
1662 for (i = 0; i < nitem; i++) {
1663 idx = va_arg(ap, int);
1664 if (idx < 0 || idx > SADB_EXT_MAX)
1665 goto fail;
1666 /* don't attempt to pull empty extension */
1667 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
1668 continue;
1669 if (idx != SADB_EXT_RESERVED &&
1670 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
1671 continue;
1672
1673 if (idx == SADB_EXT_RESERVED) {
1674 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
1675 #ifdef DIAGNOSTIC
1676 if (len > MHLEN)
1677 panic("assumption failed");
1678 #endif
1679 MGETHDR(n, M_DONTWAIT, MT_DATA);
1680 if (!n)
1681 goto fail;
1682 n->m_len = len;
1683 n->m_next = NULL;
1684 m_copydata(m, 0, sizeof(struct sadb_msg),
1685 mtod(n, caddr_t));
1686 } else if (i < ndeep) {
1687 len = mhp->extlen[idx];
1688 n = key_alloc_mbuf(len);
1689 if (!n || n->m_next) { /*XXX*/
1690 if (n)
1691 m_freem(n);
1692 goto fail;
1693 }
1694 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
1695 mtod(n, caddr_t));
1696 } else {
1697 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
1698 M_DONTWAIT);
1699 }
1700 if (n == NULL)
1701 goto fail;
1702
1703 if (result)
1704 m_cat(result, n);
1705 else
1706 result = n;
1707 }
1708 va_end(ap);
1709
1710 if ((result->m_flags & M_PKTHDR) != 0) {
1711 result->m_pkthdr.len = 0;
1712 for (n = result; n; n = n->m_next)
1713 result->m_pkthdr.len += n->m_len;
1714 }
1715
1716 return result;
1717
1718 fail:
1719 va_end(ap);
1720 m_freem(result);
1721 return NULL;
1722 }
1723
1724 /*
1725 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
1726 * add an entry to SP database, when received
1727 * <base, address(SD), (lifetime(H),) policy>
1728 * from the user(?).
1729 * Adding to SP database,
1730 * and send
1731 * <base, address(SD), (lifetime(H),) policy>
1732 * to the socket which was send.
1733 *
1734 * SPDADD set a unique policy entry.
1735 * SPDSETIDX like SPDADD without a part of policy requests.
1736 * SPDUPDATE replace a unique policy entry.
1737 *
1738 * m will always be freed.
1739 */
1740 static int
1741 key_spdadd(so, m, mhp)
1742 struct socket *so;
1743 struct mbuf *m;
1744 const struct sadb_msghdr *mhp;
1745 {
1746 struct sadb_address *src0 = NULL, *dst0 = NULL;
1747 struct sadb_x_policy *xpl0, *xpl;
1748 struct sadb_lifetime *lft = NULL;
1749 struct secpolicyindex spidx;
1750 struct secpolicy *newsp;
1751 struct ipsecrequest *isr;
1752 int error;
1753 int spidxmode;
1754
1755 /* sanity check */
1756 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
1757 panic("key_spdadd: NULL pointer is passed.");
1758
1759 if (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL &&
1760 mhp->ext[SADB_EXT_ADDRESS_DST] != NULL) {
1761 ;
1762 } else {
1763 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1764 return key_senderror(so, m, EINVAL);
1765 }
1766 if (mhp->ext[SADB_X_EXT_POLICY] == NULL) {
1767 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1768 return key_senderror(so, m, EINVAL);
1769 }
1770 if ((mhp->extlen[SADB_EXT_ADDRESS_SRC] &&
1771 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address)) ||
1772 (mhp->extlen[SADB_EXT_ADDRESS_DST] &&
1773 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) ||
1774 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
1775 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1776 return key_senderror(so, m, EINVAL);
1777 }
1778 if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
1779 if (mhp->extlen[SADB_EXT_LIFETIME_HARD]
1780 < sizeof(struct sadb_lifetime)) {
1781 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1782 return key_senderror(so, m, EINVAL);
1783 }
1784 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
1785 }
1786
1787 /* spidx mode, or tag mode */
1788 spidxmode = (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL);
1789
1790 if (spidxmode) {
1791 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
1792 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
1793 /* make secindex */
1794 /* XXX boundary check against sa_len */
1795 KEY_SETSECSPIDX(src0 + 1, dst0 + 1,
1796 src0->sadb_address_prefixlen, dst0->sadb_address_prefixlen,
1797 src0->sadb_address_proto, &spidx);
1798 }
1799 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
1800
1801 /* checking the direciton. */
1802 switch (xpl0->sadb_x_policy_dir) {
1803 case IPSEC_DIR_INBOUND:
1804 case IPSEC_DIR_OUTBOUND:
1805 break;
1806 default:
1807 ipseclog((LOG_DEBUG, "key_spdadd: Invalid SP direction.\n"));
1808 mhp->msg->sadb_msg_errno = EINVAL;
1809 return 0;
1810 }
1811
1812 /* check policy */
1813 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
1814 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST ||
1815 xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
1816 ipseclog((LOG_DEBUG, "key_spdadd: Invalid policy type.\n"));
1817 return key_senderror(so, m, EINVAL);
1818 }
1819
1820 /* policy requests are mandatory when action is ipsec. */
1821 if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX &&
1822 xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
1823 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
1824 ipseclog((LOG_DEBUG, "key_spdadd: some policy requests part required.\n"));
1825 return key_senderror(so, m, EINVAL);
1826 }
1827
1828 /*
1829 * checking there is SP already or not.
1830 * SPDUPDATE doesn't depend on whether there is a SP or not.
1831 * If the type is either SPDADD or SPDSETIDX AND a SP is found,
1832 * then error.
1833 */
1834 if (xpl0->sadb_x_policy_id != 0)
1835 newsp = key_getspbyid(xpl0->sadb_x_policy_id);
1836 else if (spidxmode)
1837 newsp = key_getsp(&spidx, xpl0->sadb_x_policy_dir);
1838 else
1839 newsp = NULL;
1840
1841 if (newsp && (newsp->readonly || newsp->persist)) {
1842 ipseclog((LOG_DEBUG,
1843 "key_spdadd: tried to alter readonly/persistent SP.\n"));
1844 return key_senderror(so, m, EPERM);
1845 }
1846
1847 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
1848 if (newsp) {
1849 key_sp_dead(newsp);
1850 key_freesp(newsp); /* ref gained by key_getsp */
1851 key_sp_unlink(newsp);
1852 newsp = NULL;
1853 }
1854 } else {
1855 if (newsp != NULL) {
1856 key_freesp(newsp);
1857 ipseclog((LOG_DEBUG, "key_spdadd: a SP entry exists already.\n"));
1858 return key_senderror(so, m, EEXIST);
1859 }
1860 }
1861
1862 /* allocation new SP entry */
1863 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
1864 return key_senderror(so, m, error);
1865 }
1866
1867 if (spidxmode) {
1868 error = keydb_setsecpolicyindex(newsp, &spidx);
1869 if (error) {
1870 keydb_delsecpolicy(newsp);
1871 return key_senderror(so, m, error);
1872 }
1873
1874 /* sanity check on addr pair */
1875 if (((struct sockaddr *)(src0 + 1))->sa_family !=
1876 ((struct sockaddr *)(dst0 + 1))->sa_family) {
1877 keydb_delsecpolicy(newsp);
1878 return key_senderror(so, m, EINVAL);
1879 }
1880 if (((struct sockaddr *)(src0 + 1))->sa_len !=
1881 ((struct sockaddr *)(dst0 + 1))->sa_len) {
1882 keydb_delsecpolicy(newsp);
1883 return key_senderror(so, m, EINVAL);
1884 }
1885 }
1886
1887 for (isr = newsp->req; isr; isr = isr->next) {
1888 struct sockaddr *sa;
1889
1890 /*
1891 * port spec is not permitted for tunnel mode
1892 */
1893 if (isr->saidx.mode == IPSEC_MODE_TUNNEL && src0 && dst0) {
1894 sa = (struct sockaddr *)(src0 + 1);
1895 switch (sa->sa_family) {
1896 case AF_INET:
1897 if (((struct sockaddr_in *)sa)->sin_port) {
1898 keydb_delsecpolicy(newsp);
1899 return key_senderror(so, m, EINVAL);
1900 }
1901 break;
1902 case AF_INET6:
1903 if (((struct sockaddr_in6 *)sa)->sin6_port) {
1904 keydb_delsecpolicy(newsp);
1905 return key_senderror(so, m, EINVAL);
1906 }
1907 break;
1908 default:
1909 break;
1910 }
1911 sa = (struct sockaddr *)(dst0 + 1);
1912 switch (sa->sa_family) {
1913 case AF_INET:
1914 if (((struct sockaddr_in *)sa)->sin_port) {
1915 keydb_delsecpolicy(newsp);
1916 return key_senderror(so, m, EINVAL);
1917 }
1918 break;
1919 case AF_INET6:
1920 if (((struct sockaddr_in6 *)sa)->sin6_port) {
1921 keydb_delsecpolicy(newsp);
1922 return key_senderror(so, m, EINVAL);
1923 }
1924 break;
1925 default:
1926 break;
1927 }
1928 }
1929 }
1930
1931 /*
1932 * bark if we have different address family on tunnel address
1933 * specification. applies only if we decapsulate in RFC2401
1934 * IPsec (implementation limitation).
1935 */
1936 for (isr = newsp->req; isr; isr = isr->next) {
1937 struct sockaddr *sa;
1938
1939 if (isr->saidx.src.ss_family && src0) {
1940 sa = (struct sockaddr *)(src0 + 1);
1941 if (sa->sa_family != isr->saidx.src.ss_family) {
1942 keydb_delsecpolicy(newsp);
1943 return key_senderror(so, m, EINVAL);
1944 }
1945 }
1946 if (isr->saidx.dst.ss_family && dst0) {
1947 sa = (struct sockaddr *)(dst0 + 1);
1948 if (sa->sa_family != isr->saidx.dst.ss_family) {
1949 keydb_delsecpolicy(newsp);
1950 return key_senderror(so, m, EINVAL);
1951 }
1952 }
1953 }
1954
1955 newsp->created = time_second;
1956 newsp->lastused = time_second;
1957 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
1958 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
1959
1960 newsp->state = IPSEC_SPSTATE_ALIVE;
1961 LIST_INSERT_TAIL(&sptree[newsp->dir], newsp, secpolicy, chain);
1962
1963 /* delete the entry in spacqtree */
1964 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE &&
1965 mhp->ext[SADB_EXT_ADDRESS_SRC]) {
1966 struct secspacq *spacq;
1967 if ((spacq = key_getspacq(&spidx)) != NULL) {
1968 /* reset counter in order to deletion by timehandler. */
1969 spacq->created = time_second;
1970 spacq->count = 0;
1971 }
1972 }
1973
1974 /* invalidate all cached SPD pointers on pcb */
1975 ipsec_invalpcbcacheall();
1976
1977 {
1978 struct mbuf *n, *mpolicy;
1979 struct sadb_msg *newmsg;
1980 int off;
1981
1982 /* create new sadb_msg to reply. */
1983 if (lft) {
1984 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED,
1985 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD,
1986 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
1987 } else {
1988 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED,
1989 SADB_X_EXT_POLICY,
1990 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
1991 }
1992 if (!n)
1993 return key_senderror(so, m, ENOBUFS);
1994
1995 if (n->m_len < sizeof(*newmsg)) {
1996 n = m_pullup(n, sizeof(*newmsg));
1997 if (!n)
1998 return key_senderror(so, m, ENOBUFS);
1999 }
2000 newmsg = mtod(n, struct sadb_msg *);
2001 newmsg->sadb_msg_errno = 0;
2002 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2003
2004 off = 0;
2005 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
2006 sizeof(*xpl), &off);
2007 if (mpolicy == NULL) {
2008 /* n is already freed */
2009 return key_senderror(so, m, ENOBUFS);
2010 }
2011 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off);
2012 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
2013 m_freem(n);
2014 return key_senderror(so, m, EINVAL);
2015 }
2016 xpl->sadb_x_policy_id = newsp->id;
2017
2018 m_freem(m);
2019 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2020 }
2021 }
2022
2023 /*
2024 * SADB_SPDDELETE processing
2025 * receive
2026 * <base, address(SD), policy(*)>
2027 * from the user(?), and set SADB_SASTATE_DEAD,
2028 * and send,
2029 * <base, address(SD), policy(*)>
2030 * to the ikmpd.
2031 * policy(*) including the direction of the policy.
2032 *
2033 * m will always be freed.
2034 */
2035 static int
2036 key_spddelete(so, m, mhp)
2037 struct socket *so;
2038 struct mbuf *m;
2039 const struct sadb_msghdr *mhp;
2040 {
2041 struct sadb_address *src0, *dst0;
2042 struct sadb_x_policy *xpl0;
2043 struct secpolicyindex spidx;
2044 struct secpolicy *sp;
2045
2046 /* sanity check */
2047 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2048 panic("key_spddelete: NULL pointer is passed.");
2049
2050 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
2051 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
2052 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
2053 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
2054 return key_senderror(so, m, EINVAL);
2055 }
2056 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
2057 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
2058 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2059 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
2060 return key_senderror(so, m, EINVAL);
2061 }
2062
2063 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
2064 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
2065 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
2066
2067 /* make secindex */
2068 /* XXX boundary check against sa_len */
2069 KEY_SETSECSPIDX(src0 + 1,
2070 dst0 + 1,
2071 src0->sadb_address_prefixlen,
2072 dst0->sadb_address_prefixlen,
2073 src0->sadb_address_proto,
2074 &spidx);
2075
2076 /* checking the direciton. */
2077 switch (xpl0->sadb_x_policy_dir) {
2078 case IPSEC_DIR_INBOUND:
2079 case IPSEC_DIR_OUTBOUND:
2080 break;
2081 default:
2082 ipseclog((LOG_DEBUG, "key_spddelete: Invalid SP direction.\n"));
2083 return key_senderror(so, m, EINVAL);
2084 }
2085
2086 /* Is there SP in SPD ? */
2087 if ((sp = key_getsp(&spidx, xpl0->sadb_x_policy_dir)) == NULL) {
2088 ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n"));
2089 return key_senderror(so, m, EINVAL);
2090 }
2091
2092 if (sp->persist) {
2093 ipseclog((LOG_DEBUG,
2094 "key_spddelete2: attempt to remove persistent SP:%u.\n",
2095 sp->id));
2096 key_freesp(sp); /* ref gained by key_getsp */
2097 return key_senderror(so, m, EPERM);
2098 }
2099
2100 /* save policy id to be returned. */
2101 xpl0->sadb_x_policy_id = sp->id;
2102
2103 key_sp_dead(sp);
2104 key_freesp(sp); /* ref gained by key_getsp */
2105 key_sp_unlink(sp);
2106 sp = NULL;
2107
2108 /* invalidate all cached SPD pointers on pcb */
2109 ipsec_invalpcbcacheall();
2110
2111 {
2112 struct mbuf *n;
2113 struct sadb_msg *newmsg;
2114
2115 /* create new sadb_msg to reply. */
2116 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
2117 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2118 if (!n)
2119 return key_senderror(so, m, ENOBUFS);
2120
2121 newmsg = mtod(n, struct sadb_msg *);
2122 newmsg->sadb_msg_errno = 0;
2123 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2124
2125 m_freem(m);
2126 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2127 }
2128 }
2129
2130 /*
2131 * SADB_SPDDELETE2 processing
2132 * receive
2133 * <base, policy(*)>
2134 * from the user(?), and set SADB_SASTATE_DEAD,
2135 * and send,
2136 * <base, policy(*)>
2137 * to the ikmpd.
2138 * policy(*) including the policy id.
2139 *
2140 * m will always be freed.
2141 */
2142 static int
2143 key_spddelete2(so, m, mhp)
2144 struct socket *so;
2145 struct mbuf *m;
2146 const struct sadb_msghdr *mhp;
2147 {
2148 u_int32_t id;
2149 struct secpolicy *sp;
2150
2151 /* sanity check */
2152 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2153 panic("key_spddelete2: NULL pointer is passed.");
2154
2155 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2156 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2157 ipseclog((LOG_DEBUG, "key_spddelete2: invalid message is passed.\n"));
2158 return key_senderror(so, m, EINVAL);
2159 }
2160
2161 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2162
2163 /* Is there SP in SPD ? */
2164 if ((sp = key_getspbyid(id)) == NULL) {
2165 ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n",
2166 id));
2167 return key_senderror(so, m, EINVAL);
2168 }
2169
2170 if (sp->persist) {
2171 ipseclog((LOG_DEBUG,
2172 "key_spddelete2: attempt to remove persistent SP:%u.\n",
2173 id));
2174 key_freesp(sp); /* ref gained by key_getspbyid */
2175 return key_senderror(so, m, EPERM);
2176 }
2177
2178 key_sp_dead(sp);
2179 key_freesp(sp); /* ref gained by key_getspbyid */
2180 key_sp_unlink(sp);
2181 sp = NULL;
2182
2183 /* invalidate all cached SPD pointers on pcb */
2184 ipsec_invalpcbcacheall();
2185
2186 {
2187 struct mbuf *n, *nn;
2188 struct sadb_msg *newmsg;
2189 int off, len;
2190
2191 /* create new sadb_msg to reply. */
2192 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2193
2194 if (len > MCLBYTES)
2195 return key_senderror(so, m, ENOBUFS);
2196 MGETHDR(n, M_DONTWAIT, MT_DATA);
2197 if (n && len > MHLEN) {
2198 MCLGET(n, M_DONTWAIT);
2199 if ((n->m_flags & M_EXT) == 0) {
2200 m_freem(n);
2201 n = NULL;
2202 }
2203 }
2204 if (!n)
2205 return key_senderror(so, m, ENOBUFS);
2206
2207 n->m_len = len;
2208 n->m_next = NULL;
2209 off = 0;
2210
2211 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
2212 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
2213
2214 #ifdef DIAGNOSTIC
2215 if (off != len)
2216 panic("length inconsistency in key_spddelete2");
2217 #endif
2218
2219 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
2220 mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT);
2221 if (!n->m_next) {
2222 m_freem(n);
2223 return key_senderror(so, m, ENOBUFS);
2224 }
2225
2226 n->m_pkthdr.len = 0;
2227 for (nn = n; nn; nn = nn->m_next)
2228 n->m_pkthdr.len += nn->m_len;
2229
2230 newmsg = mtod(n, struct sadb_msg *);
2231 newmsg->sadb_msg_errno = 0;
2232 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2233
2234 m_freem(m);
2235 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2236 }
2237 }
2238
2239 /*
2240 * SADB_X_SPDGET processing
2241 * receive
2242 * <base, policy(*)>
2243 * from the user(?),
2244 * and send,
2245 * <base, address(SD), policy>
2246 * to the ikmpd.
2247 * policy(*) including direction of policy.
2248 *
2249 * m will always be freed.
2250 */
2251 static int
2252 key_spdget(so, m, mhp)
2253 struct socket *so;
2254 struct mbuf *m;
2255 const struct sadb_msghdr *mhp;
2256 {
2257 u_int32_t id;
2258 struct secpolicy *sp;
2259 struct mbuf *n;
2260
2261 /* sanity check */
2262 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2263 panic("key_spdget: NULL pointer is passed.");
2264
2265 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2266 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2267 ipseclog((LOG_DEBUG, "key_spdget: invalid message is passed.\n"));
2268 return key_senderror(so, m, EINVAL);
2269 }
2270
2271 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2272
2273 /* Is there SP in SPD ? */
2274 if ((sp = key_getspbyid(id)) == NULL) {
2275 ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n", id));
2276 return key_senderror(so, m, ENOENT);
2277 }
2278
2279 n = key_setdumpsp(sp, SADB_X_SPDGET, 0, mhp->msg->sadb_msg_pid);
2280 key_freesp(sp); /* ref gained by key_getspbyid */
2281 if (n != NULL) {
2282 m_freem(m);
2283 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2284 } else
2285 return key_senderror(so, m, ENOBUFS);
2286 }
2287
2288 /*
2289 * SADB_X_SPDACQUIRE processing.
2290 * Acquire policy and SA(s) for a *OUTBOUND* packet.
2291 * send
2292 * <base, policy(*)>
2293 * to KMD, and expect to receive
2294 * <base> with SADB_X_SPDACQUIRE if error occured,
2295 * or
2296 * <base, policy>
2297 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
2298 * policy(*) is without policy requests.
2299 *
2300 * 0 : succeed
2301 * others: error number
2302 */
2303 int
2304 key_spdacquire(sp)
2305 struct secpolicy *sp;
2306 {
2307 struct mbuf *result = NULL, *m;
2308 #ifndef IPSEC_NONBLOCK_ACQUIRE
2309 struct secspacq *newspacq;
2310 #endif
2311 int error = -1;
2312
2313 /* sanity check */
2314 if (sp == NULL)
2315 panic("key_spdacquire: NULL pointer is passed.");
2316 if (sp->req != NULL)
2317 panic("key_spdacquire: called but there is request.");
2318 if (sp->policy != IPSEC_POLICY_IPSEC)
2319 panic("key_spdacquire: policy mismathed. IPsec is expected.");
2320 if (!sp->spidx) {
2321 error = EOPNOTSUPP;
2322 goto fail;
2323 }
2324
2325 #ifndef IPSEC_NONBLOCK_ACQUIRE
2326 /* get an entry to check whether sent message or not. */
2327 if ((newspacq = key_getspacq(sp->spidx)) != NULL) {
2328 if (key_blockacq_count < newspacq->count) {
2329 /* reset counter and do send message. */
2330 newspacq->count = 0;
2331 } else {
2332 /* increment counter and do nothing. */
2333 newspacq->count++;
2334 return 0;
2335 }
2336 } else {
2337 /* make new entry for blocking to send SADB_ACQUIRE. */
2338 if ((newspacq = key_newspacq(sp->spidx)) == NULL)
2339 return ENOBUFS;
2340
2341 /* add to acqtree */
2342 LIST_INSERT_HEAD(&spacqtree, newspacq, chain);
2343 }
2344 #endif
2345
2346 /* create new sadb_msg to reply. */
2347 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
2348 if (!m) {
2349 error = ENOBUFS;
2350 goto fail;
2351 }
2352 result = m;
2353
2354 /* set sadb_x_policy */
2355 if (sp) {
2356 m = key_setsadbxpolicy(sp->policy, sp->dir, sp->id);
2357 if (!m) {
2358 error = ENOBUFS;
2359 goto fail;
2360 }
2361 m_cat(result, m);
2362 }
2363
2364 result->m_pkthdr.len = 0;
2365 for (m = result; m; m = m->m_next)
2366 result->m_pkthdr.len += m->m_len;
2367
2368 mtod(result, struct sadb_msg *)->sadb_msg_len =
2369 PFKEY_UNIT64(result->m_pkthdr.len);
2370
2371 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
2372
2373 fail:
2374 if (result)
2375 m_freem(result);
2376 return error;
2377 }
2378
2379 /*
2380 * SADB_SPDFLUSH processing
2381 * receive
2382 * <base>
2383 * from the user, and free all entries in secpctree.
2384 * and send,
2385 * <base>
2386 * to the user.
2387 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
2388 *
2389 * m will always be freed.
2390 */
2391 static int
2392 key_spdflush(so, m, mhp)
2393 struct socket *so;
2394 struct mbuf *m;
2395 const struct sadb_msghdr *mhp;
2396 {
2397 struct sadb_msg *newmsg;
2398 struct secpolicy *sp, *nextsp;
2399
2400 /* sanity check */
2401 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2402 panic("key_spdflush: NULL pointer is passed.");
2403
2404 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
2405 return key_senderror(so, m, EINVAL);
2406
2407 for (sp = TAILQ_FIRST(&sptailq); sp; sp = nextsp) {
2408 nextsp = TAILQ_NEXT(sp, tailq);
2409 if (sp->persist)
2410 continue;
2411 if (sp->state == IPSEC_SPSTATE_DEAD)
2412 continue;
2413 key_sp_dead(sp);
2414 key_sp_unlink(sp);
2415 sp = NULL;
2416 }
2417
2418 /* invalidate all cached SPD pointers on pcb */
2419 ipsec_invalpcbcacheall();
2420
2421 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
2422 ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n"));
2423 return key_senderror(so, m, ENOBUFS);
2424 }
2425
2426 if (m->m_next)
2427 m_freem(m->m_next);
2428 m->m_next = NULL;
2429 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2430 newmsg = mtod(m, struct sadb_msg *);
2431 newmsg->sadb_msg_errno = 0;
2432 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
2433
2434 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
2435 }
2436
2437 /*
2438 * SADB_SPDDUMP processing
2439 * receive
2440 * <base>
2441 * from the user, and dump all SP leaves
2442 * and send,
2443 * <base> .....
2444 * to the ikmpd.
2445 *
2446 * m will always be freed.
2447 */
2448 static int
2449 key_spddump(so, m, mhp)
2450 struct socket *so;
2451 struct mbuf *m;
2452 const struct sadb_msghdr *mhp;
2453 {
2454 struct secpolicy *sp;
2455 int cnt;
2456 u_int dir;
2457 struct mbuf *n;
2458
2459 /* sanity check */
2460 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2461 panic("key_spddump: NULL pointer is passed.");
2462
2463 /* search SPD entry and get buffer size. */
2464 cnt = 0;
2465 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2466 LIST_FOREACH(sp, &sptree[dir], chain) {
2467 cnt++;
2468 }
2469 }
2470
2471 if (cnt == 0)
2472 return key_senderror(so, m, ENOENT);
2473
2474 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2475 LIST_FOREACH(sp, &sptree[dir], chain) {
2476 --cnt;
2477 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
2478 mhp->msg->sadb_msg_pid);
2479
2480 if (n)
2481 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2482 }
2483 }
2484
2485 m_freem(m);
2486 return 0;
2487 }
2488
2489 static struct mbuf *
2490 key_setdumpsp(sp, type, seq, pid)
2491 struct secpolicy *sp;
2492 u_int8_t type;
2493 u_int32_t seq, pid;
2494 {
2495 struct mbuf *result = NULL, *m;
2496
2497 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
2498 if (!m)
2499 goto fail;
2500 result = m;
2501
2502 if (sp->spidx) {
2503 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2504 (struct sockaddr *)&sp->spidx->src, sp->spidx->prefs,
2505 sp->spidx->ul_proto);
2506 if (!m)
2507 goto fail;
2508 m_cat(result, m);
2509
2510 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2511 (struct sockaddr *)&sp->spidx->dst, sp->spidx->prefd,
2512 sp->spidx->ul_proto);
2513 if (!m)
2514 goto fail;
2515 m_cat(result, m);
2516 }
2517
2518 m = key_sp2msg(sp);
2519 if (!m)
2520 goto fail;
2521 m_cat(result, m);
2522
2523 m = key_setsadblifetime(SADB_EXT_LIFETIME_CURRENT,
2524 0, 0, (u_int64_t)sp->created, (u_int64_t)sp->lastused);
2525 if (!m)
2526 goto fail;
2527 m_cat(result, m);
2528
2529 m = key_setsadblifetime(SADB_EXT_LIFETIME_HARD,
2530 0, 0, (u_int64_t)sp->lifetime, (u_int64_t)sp->validtime);
2531 if (!m)
2532 goto fail;
2533 m_cat(result, m);
2534
2535 if ((result->m_flags & M_PKTHDR) == 0)
2536 goto fail;
2537
2538 if (result->m_len < sizeof(struct sadb_msg)) {
2539 result = m_pullup(result, sizeof(struct sadb_msg));
2540 if (result == NULL)
2541 goto fail;
2542 }
2543
2544 result->m_pkthdr.len = 0;
2545 for (m = result; m; m = m->m_next)
2546 result->m_pkthdr.len += m->m_len;
2547
2548 mtod(result, struct sadb_msg *)->sadb_msg_len =
2549 PFKEY_UNIT64(result->m_pkthdr.len);
2550
2551 return result;
2552
2553 fail:
2554 m_freem(result);
2555 return NULL;
2556 }
2557
2558 /*
2559 * get PFKEY message length for security policy and request.
2560 */
2561 static u_int
2562 key_getspreqmsglen(sp)
2563 struct secpolicy *sp;
2564 {
2565 u_int tlen;
2566
2567 tlen = sizeof(struct sadb_x_policy);
2568
2569 /* if is the policy for ipsec ? */
2570 if (sp->policy != IPSEC_POLICY_IPSEC)
2571 return tlen;
2572
2573 /* get length of ipsec requests */
2574 {
2575 struct ipsecrequest *isr;
2576 int len;
2577
2578 for (isr = sp->req; isr != NULL; isr = isr->next) {
2579 len = sizeof(struct sadb_x_ipsecrequest)
2580 + isr->saidx.src.ss_len
2581 + isr->saidx.dst.ss_len;
2582
2583 tlen += PFKEY_ALIGN8(len);
2584 }
2585 }
2586
2587 return tlen;
2588 }
2589
2590 /*
2591 * SADB_X_SPDEXPIRE processing
2592 * send
2593 * <base, address(SD), lifetime(CH), policy>
2594 * to KMD by PF_KEY.
2595 *
2596 * OUT: 0 : succeed
2597 * others : error number
2598 */
2599 static int
2600 key_spdexpire(sp)
2601 struct secpolicy *sp;
2602 {
2603 int s;
2604 struct mbuf *result = NULL, *m;
2605 int len;
2606 int error = -1;
2607 struct sadb_lifetime *lt;
2608
2609 /* XXX: Why do we lock ? */
2610 s = splnet(); /*called from softclock()*/
2611
2612 /* sanity check */
2613 if (sp == NULL)
2614 panic("key_spdexpire: NULL pointer is passed.");
2615
2616 /* set msg header */
2617 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
2618 if (!m) {
2619 error = ENOBUFS;
2620 goto fail;
2621 }
2622 result = m;
2623
2624 /* create lifetime extension (current and hard) */
2625 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
2626 m = key_alloc_mbuf(len);
2627 if (!m || m->m_next) { /*XXX*/
2628 if (m)
2629 m_freem(m);
2630 error = ENOBUFS;
2631 goto fail;
2632 }
2633 bzero(mtod(m, caddr_t), len);
2634 lt = mtod(m, struct sadb_lifetime *);
2635 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2636 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
2637 lt->sadb_lifetime_allocations = 0;
2638 lt->sadb_lifetime_bytes = 0;
2639 lt->sadb_lifetime_addtime = sp->created;
2640 lt->sadb_lifetime_usetime = sp->lastused;
2641 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
2642 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2643 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
2644 lt->sadb_lifetime_allocations = 0;
2645 lt->sadb_lifetime_bytes = 0;
2646 lt->sadb_lifetime_addtime = sp->lifetime;
2647 lt->sadb_lifetime_usetime = sp->validtime;
2648 m_cat(result, m);
2649
2650 /* set sadb_address for source */
2651 if (sp->spidx) {
2652 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2653 (struct sockaddr *)&sp->spidx->src,
2654 sp->spidx->prefs, sp->spidx->ul_proto);
2655 if (!m) {
2656 error = ENOBUFS;
2657 goto fail;
2658 }
2659 m_cat(result, m);
2660
2661 /* set sadb_address for destination */
2662 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2663 (struct sockaddr *)&sp->spidx->dst,
2664 sp->spidx->prefd, sp->spidx->ul_proto);
2665 if (!m) {
2666 error = ENOBUFS;
2667 goto fail;
2668 }
2669 m_cat(result, m);
2670 }
2671
2672 /* set secpolicy */
2673 m = key_sp2msg(sp);
2674 if (!m) {
2675 error = ENOBUFS;
2676 goto fail;
2677 }
2678 m_cat(result, m);
2679
2680 if ((result->m_flags & M_PKTHDR) == 0) {
2681 error = EINVAL;
2682 goto fail;
2683 }
2684
2685 if (result->m_len < sizeof(struct sadb_msg)) {
2686 result = m_pullup(result, sizeof(struct sadb_msg));
2687 if (result == NULL) {
2688 error = ENOBUFS;
2689 goto fail;
2690 }
2691 }
2692
2693 result->m_pkthdr.len = 0;
2694 for (m = result; m; m = m->m_next)
2695 result->m_pkthdr.len += m->m_len;
2696
2697 mtod(result, struct sadb_msg *)->sadb_msg_len =
2698 PFKEY_UNIT64(result->m_pkthdr.len);
2699
2700 splx(s);
2701 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
2702
2703 fail:
2704 if (result)
2705 m_freem(result);
2706 splx(s);
2707 return error;
2708 }
2709
2710 /* %%% SAD management */
2711 /*
2712 * allocating a memory for new SA head, and copy from the values of mhp.
2713 * OUT: NULL : failure due to the lack of memory.
2714 * others : pointer to new SA head.
2715 */
2716 static struct secashead *
2717 key_newsah(saidx)
2718 struct secasindex *saidx;
2719 {
2720 struct secashead *newsah;
2721
2722 /* sanity check */
2723 if (saidx == NULL)
2724 panic("key_newsaidx: NULL pointer is passed.");
2725
2726 newsah = keydb_newsecashead();
2727 if (newsah == NULL)
2728 return NULL;
2729
2730 bcopy(saidx, &newsah->saidx, sizeof(newsah->saidx));
2731
2732 /* add to saidxtree */
2733 newsah->state = SADB_SASTATE_MATURE;
2734 LIST_INSERT_HEAD(&sahtree, newsah, chain);
2735
2736 return (newsah);
2737 }
2738
2739 /*
2740 * delete SA index and all SA registerd.
2741 */
2742 static void
2743 key_delsah(sah)
2744 struct secashead *sah;
2745 {
2746 struct secasvar *sav, *nextsav;
2747 u_int stateidx, state;
2748 int s;
2749 int zombie = 0;
2750
2751 /* sanity check */
2752 if (sah == NULL)
2753 panic("key_delsah: NULL pointer is passed.");
2754
2755 s = splnet(); /*called from softclock()*/
2756
2757 /* searching all SA registerd in the secindex. */
2758 for (stateidx = 0;
2759 stateidx < _ARRAYLEN(saorder_state_any);
2760 stateidx++) {
2761
2762 state = saorder_state_any[stateidx];
2763 for (sav = LIST_FIRST(&sah->savtree[state]);
2764 sav != NULL;
2765 sav = nextsav) {
2766
2767 nextsav = LIST_NEXT(sav, chain);
2768
2769 if (sav->refcnt > 0) {
2770 /* give up to delete this sa */
2771 zombie++;
2772 continue;
2773 }
2774
2775 /* sanity check */
2776 KEY_CHKSASTATE(state, sav->state, "key_delsah");
2777
2778 /* remove back pointer */
2779 sav->sah = NULL;
2780
2781 key_freesav(sav);
2782
2783 sav = NULL;
2784 }
2785 }
2786
2787 /* delete sah only if there's no sav. */
2788 if (zombie) {
2789 splx(s);
2790 return;
2791 }
2792
2793 if (sah->sa_route.ro_rt) {
2794 RTFREE(sah->sa_route.ro_rt);
2795 sah->sa_route.ro_rt = (struct rtentry *)NULL;
2796 }
2797
2798 /* remove from tree of SA index */
2799 if (__LIST_CHAINED(sah))
2800 LIST_REMOVE(sah, chain);
2801
2802 KFREE(sah);
2803
2804 splx(s);
2805 return;
2806 }
2807
2808 /*
2809 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
2810 * and copy the values of mhp into new buffer.
2811 * When SAD message type is GETSPI:
2812 * to set sequence number from acq_seq++,
2813 * to set zero to SPI.
2814 * not to call key_setsava().
2815 * OUT: NULL : fail
2816 * others : pointer to new secasvar.
2817 *
2818 * does not modify mbuf. does not free mbuf on error.
2819 */
2820 static struct secasvar *
2821 key_newsav(m, mhp, sah, errp)
2822 struct mbuf *m;
2823 const struct sadb_msghdr *mhp;
2824 struct secashead *sah;
2825 int *errp;
2826 {
2827 struct secasvar *newsav;
2828 const struct sadb_sa *xsa;
2829
2830 /* sanity check */
2831 if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL)
2832 panic("key_newsa: NULL pointer is passed.");
2833
2834 newsav = keydb_newsecasvar();
2835 if (newsav == NULL) {
2836 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
2837 *errp = ENOBUFS;
2838 return NULL;
2839 }
2840
2841 switch (mhp->msg->sadb_msg_type) {
2842 case SADB_GETSPI:
2843 key_setspi(newsav, 0);
2844
2845 #ifdef IPSEC_DOSEQCHECK
2846 /* sync sequence number */
2847 if (mhp->msg->sadb_msg_seq == 0)
2848 newsav->seq =
2849 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
2850 else
2851 #endif
2852 newsav->seq = mhp->msg->sadb_msg_seq;
2853 break;
2854
2855 case SADB_ADD:
2856 /* sanity check */
2857 if (mhp->ext[SADB_EXT_SA] == NULL) {
2858 KFREE(newsav);
2859 ipseclog((LOG_DEBUG, "key_newsa: invalid message is passed.\n"));
2860 *errp = EINVAL;
2861 return NULL;
2862 }
2863 xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
2864 key_setspi(newsav, xsa->sadb_sa_spi);
2865 newsav->seq = mhp->msg->sadb_msg_seq;
2866 break;
2867 default:
2868 KFREE(newsav);
2869 *errp = EINVAL;
2870 return NULL;
2871 }
2872
2873 /* copy sav values */
2874 if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
2875 *errp = key_setsaval(newsav, m, mhp);
2876 if (*errp) {
2877 KFREE(newsav);
2878 return NULL;
2879 }
2880 }
2881
2882 /* reset created */
2883 newsav->created = time_second;
2884
2885 newsav->pid = mhp->msg->sadb_msg_pid;
2886
2887 /* add to satree */
2888 newsav->sah = sah;
2889 newsav->refcnt = 1;
2890 newsav->state = SADB_SASTATE_LARVAL;
2891 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
2892 secasvar, chain);
2893
2894 return newsav;
2895 }
2896
2897 /*
2898 * search SAD.
2899 * OUT:
2900 * NULL : not found
2901 * others : found, pointer to a SA.
2902 */
2903 static struct secashead *
2904 key_getsah(saidx)
2905 struct secasindex *saidx;
2906 {
2907 struct secashead *sah;
2908
2909 LIST_FOREACH(sah, &sahtree, chain) {
2910 if (sah->state == SADB_SASTATE_DEAD)
2911 continue;
2912 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
2913 return sah;
2914 }
2915
2916 return NULL;
2917 }
2918
2919 /*
2920 * check not to be duplicated SPI.
2921 * NOTE: this function is too slow due to searching all SAD.
2922 * OUT:
2923 * NULL : not found
2924 * others : found, pointer to a SA.
2925 */
2926 static struct secasvar *
2927 key_checkspidup(saidx, spi)
2928 struct secasindex *saidx;
2929 u_int32_t spi;
2930 {
2931 struct secasvar *sav;
2932 u_int stateidx, state;
2933
2934 /* check address family */
2935 if (saidx->src.ss_family != saidx->dst.ss_family) {
2936 ipseclog((LOG_DEBUG, "key_checkspidup: address family mismatched.\n"));
2937 return NULL;
2938 }
2939
2940 /* check all SAD */
2941 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
2942 if (sav->spi != spi)
2943 continue;
2944 for (stateidx = 0;
2945 stateidx < _ARRAYLEN(saorder_state_alive);
2946 stateidx++) {
2947 state = saorder_state_alive[stateidx];
2948 if (sav->state == state &&
2949 key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst))
2950 return sav;
2951 }
2952 }
2953
2954 return NULL;
2955 }
2956
2957 static void
2958 key_setspi(sav, spi)
2959 struct secasvar *sav;
2960 u_int32_t spi;
2961 {
2962 int s;
2963
2964 s = splnet();
2965 sav->spi = spi;
2966 if (sav->spihash.le_prev || sav->spihash.le_next)
2967 LIST_REMOVE(sav, spihash);
2968 LIST_INSERT_HEAD(&spihash[SPIHASH(spi)], sav, spihash);
2969 splx(s);
2970 }
2971
2972 /*
2973 * search SAD litmited alive SA, protocol, SPI.
2974 * OUT:
2975 * NULL : not found
2976 * others : found, pointer to a SA.
2977 */
2978 static struct secasvar *
2979 key_getsavbyspi(sah, spi)
2980 struct secashead *sah;
2981 u_int32_t spi;
2982 {
2983 struct secasvar *sav, *match;
2984 u_int stateidx, state, matchidx;
2985
2986 match = NULL;
2987 matchidx = _ARRAYLEN(saorder_state_alive);
2988 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
2989 if (sav->spi != spi)
2990 continue;
2991 if (sav->sah != sah)
2992 continue;
2993 for (stateidx = 0; stateidx < matchidx; stateidx++) {
2994 state = saorder_state_alive[stateidx];
2995 if (sav->state == state) {
2996 match = sav;
2997 matchidx = stateidx;
2998 break;
2999 }
3000 }
3001 }
3002
3003 return match;
3004 }
3005
3006 /*
3007 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
3008 * You must update these if need.
3009 * OUT: 0: success.
3010 * !0: failure.
3011 *
3012 * does not modify mbuf. does not free mbuf on error.
3013 */
3014 static int
3015 key_setsaval(sav, m, mhp)
3016 struct secasvar *sav;
3017 struct mbuf *m;
3018 const struct sadb_msghdr *mhp;
3019 {
3020 #ifdef IPSEC_ESP
3021 const struct esp_algorithm *algo;
3022 #endif
3023 int error = 0;
3024
3025 /* sanity check */
3026 if (m == NULL || mhp == NULL || mhp->msg == NULL)
3027 panic("key_setsaval: NULL pointer is passed.");
3028
3029 /* initialization */
3030 sav->replay = NULL;
3031 sav->key_auth = NULL;
3032 sav->key_enc = NULL;
3033 sav->sched = NULL;
3034 sav->schedlen = 0;
3035 sav->iv = NULL;
3036 sav->lft_c = NULL;
3037 sav->lft_h = NULL;
3038 sav->lft_s = NULL;
3039
3040 /* SA */
3041 if (mhp->ext[SADB_EXT_SA] != NULL) {
3042 const struct sadb_sa *sa0;
3043
3044 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
3045 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
3046 error = EINVAL;
3047 goto fail;
3048 }
3049
3050 sav->alg_auth = sa0->sadb_sa_auth;
3051 sav->alg_enc = sa0->sadb_sa_encrypt;
3052 sav->flags = sa0->sadb_sa_flags;
3053
3054 /* replay window */
3055 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
3056 sav->replay = keydb_newsecreplay(sa0->sadb_sa_replay);
3057 if (sav->replay == NULL) {
3058 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3059 error = ENOBUFS;
3060 goto fail;
3061 }
3062 }
3063 }
3064
3065 /* Authentication keys */
3066 if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
3067 const struct sadb_key *key0;
3068 int len;
3069
3070 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
3071 len = mhp->extlen[SADB_EXT_KEY_AUTH];
3072
3073 error = 0;
3074 if (len < sizeof(*key0)) {
3075 error = EINVAL;
3076 goto fail;
3077 }
3078 switch (mhp->msg->sadb_msg_satype) {
3079 case SADB_SATYPE_AH:
3080 case SADB_SATYPE_ESP:
3081 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3082 sav->alg_auth != SADB_X_AALG_NULL)
3083 error = EINVAL;
3084 break;
3085 case SADB_X_SATYPE_IPCOMP:
3086 default:
3087 error = EINVAL;
3088 break;
3089 }
3090 if (error) {
3091 ipseclog((LOG_DEBUG, "key_setsaval: invalid key_auth values.\n"));
3092 goto fail;
3093 }
3094
3095 sav->key_auth = (struct sadb_key *)key_newbuf(key0, len);
3096 if (sav->key_auth == NULL) {
3097 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3098 error = ENOBUFS;
3099 goto fail;
3100 }
3101 }
3102
3103 /* Encryption key */
3104 if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
3105 const struct sadb_key *key0;
3106 int len;
3107
3108 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
3109 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
3110
3111 error = 0;
3112 if (len < sizeof(*key0)) {
3113 error = EINVAL;
3114 goto fail;
3115 }
3116 switch (mhp->msg->sadb_msg_satype) {
3117 case SADB_SATYPE_ESP:
3118 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3119 sav->alg_enc != SADB_EALG_NULL) {
3120 error = EINVAL;
3121 break;
3122 }
3123 sav->key_enc = (struct sadb_key *)key_newbuf(key0, len);
3124 if (sav->key_enc == NULL) {
3125 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3126 error = ENOBUFS;
3127 goto fail;
3128 }
3129 break;
3130 case SADB_X_SATYPE_IPCOMP:
3131 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
3132 error = EINVAL;
3133 sav->key_enc = NULL; /*just in case*/
3134 break;
3135 case SADB_SATYPE_AH:
3136 default:
3137 error = EINVAL;
3138 break;
3139 }
3140 if (error) {
3141 ipseclog((LOG_DEBUG, "key_setsatval: invalid key_enc value.\n"));
3142 goto fail;
3143 }
3144 }
3145
3146 /* set iv */
3147 sav->ivlen = 0;
3148
3149 switch (mhp->msg->sadb_msg_satype) {
3150 case SADB_SATYPE_ESP:
3151 #ifdef IPSEC_ESP
3152 algo = esp_algorithm_lookup(sav->alg_enc);
3153 if (algo && algo->ivlen)
3154 sav->ivlen = (*algo->ivlen)(algo, sav);
3155 if (sav->ivlen == 0)
3156 break;
3157 KMALLOC(sav->iv, caddr_t, sav->ivlen);
3158 if (sav->iv == 0) {
3159 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3160 error = ENOBUFS;
3161 goto fail;
3162 }
3163
3164 /* initialize */
3165 key_randomfill(sav->iv, sav->ivlen);
3166 #endif
3167 break;
3168 case SADB_SATYPE_AH:
3169 case SADB_X_SATYPE_IPCOMP:
3170 break;
3171 default:
3172 ipseclog((LOG_DEBUG, "key_setsaval: invalid SA type.\n"));
3173 error = EINVAL;
3174 goto fail;
3175 }
3176
3177 /* reset created */
3178 sav->created = time_second;
3179
3180 /* make lifetime for CURRENT */
3181 KMALLOC(sav->lft_c, struct sadb_lifetime *,
3182 sizeof(struct sadb_lifetime));
3183 if (sav->lft_c == NULL) {
3184 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3185 error = ENOBUFS;
3186 goto fail;
3187 }
3188
3189 sav->lft_c->sadb_lifetime_len =
3190 PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3191 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
3192 sav->lft_c->sadb_lifetime_allocations = 0;
3193 sav->lft_c->sadb_lifetime_bytes = 0;
3194 sav->lft_c->sadb_lifetime_addtime = time_second;
3195 sav->lft_c->sadb_lifetime_usetime = 0;
3196
3197 /* lifetimes for HARD and SOFT */
3198 {
3199 const struct sadb_lifetime *lft0;
3200
3201 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
3202 if (lft0 != NULL) {
3203 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
3204 error = EINVAL;
3205 goto fail;
3206 }
3207 sav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0,
3208 sizeof(*lft0));
3209 if (sav->lft_h == NULL) {
3210 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3211 error = ENOBUFS;
3212 goto fail;
3213 }
3214 /* we no longer support byte lifetime */
3215 if (sav->lft_h->sadb_lifetime_bytes) {
3216 error = EINVAL;
3217 goto fail;
3218 }
3219 /* initialize? */
3220 }
3221
3222 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
3223 if (lft0 != NULL) {
3224 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
3225 error = EINVAL;
3226 goto fail;
3227 }
3228 sav->lft_s = (struct sadb_lifetime *)key_newbuf(lft0,
3229 sizeof(*lft0));
3230 if (sav->lft_s == NULL) {
3231 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3232 error = ENOBUFS;
3233 goto fail;
3234 }
3235 /* we no longer support byte lifetime */
3236 if (sav->lft_s->sadb_lifetime_bytes) {
3237 error = EINVAL;
3238 goto fail;
3239 }
3240 /* initialize? */
3241 }
3242 }
3243
3244 return 0;
3245
3246 fail:
3247 /* initialization */
3248 if (sav->replay != NULL) {
3249 keydb_delsecreplay(sav->replay);
3250 sav->replay = NULL;
3251 }
3252 if (sav->key_auth != NULL) {
3253 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
3254 KFREE(sav->key_auth);
3255 sav->key_auth = NULL;
3256 }
3257 if (sav->key_enc != NULL) {
3258 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
3259 KFREE(sav->key_enc);
3260 sav->key_enc = NULL;
3261 }
3262 if (sav->sched) {
3263 bzero(sav->sched, sav->schedlen);
3264 KFREE(sav->sched);
3265 sav->sched = NULL;
3266 }
3267 if (sav->iv != NULL) {
3268 KFREE(sav->iv);
3269 sav->iv = NULL;
3270 }
3271 if (sav->lft_c != NULL) {
3272 KFREE(sav->lft_c);
3273 sav->lft_c = NULL;
3274 }
3275 if (sav->lft_h != NULL) {
3276 KFREE(sav->lft_h);
3277 sav->lft_h = NULL;
3278 }
3279 if (sav->lft_s != NULL) {
3280 KFREE(sav->lft_s);
3281 sav->lft_s = NULL;
3282 }
3283
3284 return error;
3285 }
3286
3287 /*
3288 * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
3289 * OUT: 0: valid
3290 * other: errno
3291 */
3292 static int
3293 key_mature(sav)
3294 struct secasvar *sav;
3295 {
3296 int mature;
3297 int checkmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
3298 int mustmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
3299
3300 mature = 0;
3301
3302 /* check SPI value */
3303 switch (sav->sah->saidx.proto) {
3304 case IPPROTO_ESP:
3305 case IPPROTO_AH:
3306 if (ntohl(sav->spi) >= 0 && ntohl(sav->spi) <= 255) {
3307 ipseclog((LOG_DEBUG,
3308 "key_mature: illegal range of SPI %u.\n",
3309 (u_int32_t)ntohl(sav->spi)));
3310 return EINVAL;
3311 }
3312 break;
3313 }
3314
3315 /* check satype */
3316 switch (sav->sah->saidx.proto) {
3317 case IPPROTO_ESP:
3318 /* check flags */
3319 if ((sav->flags & SADB_X_EXT_OLD) &&
3320 (sav->flags & SADB_X_EXT_DERIV)) {
3321 ipseclog((LOG_DEBUG, "key_mature: "
3322 "invalid flag (derived) given to old-esp.\n"));
3323 return EINVAL;
3324 }
3325 if (sav->alg_auth == SADB_AALG_NONE)
3326 checkmask = 1;
3327 else
3328 checkmask = 3;
3329 mustmask = 1;
3330 break;
3331 case IPPROTO_AH:
3332 /* check flags */
3333 if (sav->flags & SADB_X_EXT_DERIV) {
3334 ipseclog((LOG_DEBUG, "key_mature: "
3335 "invalid flag (derived) given to AH SA.\n"));
3336 return EINVAL;
3337 }
3338 if (sav->alg_enc != SADB_EALG_NONE) {
3339 ipseclog((LOG_DEBUG, "key_mature: "
3340 "protocol and algorithm mismated.\n"));
3341 return (EINVAL);
3342 }
3343 checkmask = 2;
3344 mustmask = 2;
3345 break;
3346 case IPPROTO_IPCOMP:
3347 if (sav->alg_auth != SADB_AALG_NONE) {
3348 ipseclog((LOG_DEBUG, "key_mature: "
3349 "protocol and algorithm mismated.\n"));
3350 return (EINVAL);
3351 }
3352 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 &&
3353 ntohl(sav->spi) >= 0x10000) {
3354 ipseclog((LOG_DEBUG, "key_mature: invalid cpi for IPComp.\n"));
3355 return (EINVAL);
3356 }
3357 checkmask = 4;
3358 mustmask = 4;
3359 break;
3360 default:
3361 ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n"));
3362 return EPROTONOSUPPORT;
3363 }
3364
3365 /* check authentication algorithm */
3366 if ((checkmask & 2) != 0) {
3367 const struct ah_algorithm *algo;
3368 int keylen;
3369
3370 algo = ah_algorithm_lookup(sav->alg_auth);
3371 if (!algo) {
3372 ipseclog((LOG_DEBUG, "key_mature: "
3373 "unknown authentication algorithm.\n"));
3374 return EINVAL;
3375 }
3376
3377 /* algorithm-dependent check */
3378 if (sav->key_auth)
3379 keylen = sav->key_auth->sadb_key_bits;
3380 else
3381 keylen = 0;
3382 if (keylen < algo->keymin || algo->keymax < keylen) {
3383 ipseclog((LOG_DEBUG,
3384 "key_mature: invalid AH key length %d "
3385 "(%d-%d allowed)\n",
3386 keylen, algo->keymin, algo->keymax));
3387 return EINVAL;
3388 }
3389
3390 if (algo->mature) {
3391 if ((*algo->mature)(sav)) {
3392 /* message generated in per-algorithm function*/
3393 return EINVAL;
3394 } else
3395 mature = SADB_SATYPE_AH;
3396 }
3397
3398 if ((mustmask & 2) != 0 && mature != SADB_SATYPE_AH) {
3399 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for AH\n"));
3400 return EINVAL;
3401 }
3402 }
3403
3404 /* check encryption algorithm */
3405 if ((checkmask & 1) != 0) {
3406 #ifdef IPSEC_ESP
3407 const struct esp_algorithm *algo;
3408 int keylen;
3409
3410 algo = esp_algorithm_lookup(sav->alg_enc);
3411 if (!algo) {
3412 ipseclog((LOG_DEBUG, "key_mature: unknown encryption algorithm.\n"));
3413 return EINVAL;
3414 }
3415
3416 /* algorithm-dependent check */
3417 if (sav->key_enc)
3418 keylen = sav->key_enc->sadb_key_bits;
3419 else
3420 keylen = 0;
3421 if (keylen < algo->keymin || algo->keymax < keylen) {
3422 ipseclog((LOG_DEBUG,
3423 "key_mature: invalid ESP key length %d "
3424 "(%d-%d allowed)\n",
3425 keylen, algo->keymin, algo->keymax));
3426 return EINVAL;
3427 }
3428
3429 if (algo->mature) {
3430 if ((*algo->mature)(sav)) {
3431 /* message generated in per-algorithm function*/
3432 return EINVAL;
3433 } else
3434 mature = SADB_SATYPE_ESP;
3435 }
3436
3437 if ((mustmask & 1) != 0 && mature != SADB_SATYPE_ESP) {
3438 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for ESP\n"));
3439 return EINVAL;
3440 }
3441 #else /*IPSEC_ESP*/
3442 ipseclog((LOG_DEBUG, "key_mature: ESP not supported in this configuration\n"));
3443 return EINVAL;
3444 #endif
3445 }
3446
3447 /* check compression algorithm */
3448 if ((checkmask & 4) != 0) {
3449 const struct ipcomp_algorithm *algo;
3450
3451 /* algorithm-dependent check */
3452 algo = ipcomp_algorithm_lookup(sav->alg_enc);
3453 if (!algo) {
3454 ipseclog((LOG_DEBUG, "key_mature: unknown compression algorithm.\n"));
3455 return EINVAL;
3456 }
3457 }
3458
3459 key_sa_chgstate(sav, SADB_SASTATE_MATURE);
3460
3461 return 0;
3462 }
3463
3464 /*
3465 * subroutine for SADB_GET and SADB_DUMP.
3466 */
3467 static struct mbuf *
3468 key_setdumpsa(sav, type, satype, seq, pid)
3469 struct secasvar *sav;
3470 u_int8_t type, satype;
3471 u_int32_t seq, pid;
3472 {
3473 struct mbuf *result = NULL, *tres = NULL, *m;
3474 int l = 0;
3475 int i;
3476 void *p;
3477 int dumporder[] = {
3478 SADB_EXT_SA, SADB_X_EXT_SA2,
3479 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
3480 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
3481 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
3482 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
3483 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
3484 };
3485
3486 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
3487 if (m == NULL)
3488 goto fail;
3489 result = m;
3490
3491 for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) {
3492 m = NULL;
3493 p = NULL;
3494 switch (dumporder[i]) {
3495 case SADB_EXT_SA:
3496 m = key_setsadbsa(sav);
3497 if (!m)
3498 goto fail;
3499 break;
3500
3501 case SADB_X_EXT_SA2:
3502 m = key_setsadbxsa2(sav->sah->saidx.mode,
3503 sav->replay ? (sav->replay->count & 0xffffffff) : 0,
3504 sav->sah->saidx.reqid);
3505 if (!m)
3506 goto fail;
3507 break;
3508
3509 case SADB_EXT_ADDRESS_SRC:
3510 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3511 (struct sockaddr *)&sav->sah->saidx.src,
3512 FULLMASK, IPSEC_ULPROTO_ANY);
3513 if (!m)
3514 goto fail;
3515 break;
3516
3517 case SADB_EXT_ADDRESS_DST:
3518 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3519 (struct sockaddr *)&sav->sah->saidx.dst,
3520 FULLMASK, IPSEC_ULPROTO_ANY);
3521 if (!m)
3522 goto fail;
3523 break;
3524
3525 case SADB_EXT_KEY_AUTH:
3526 if (!sav->key_auth)
3527 continue;
3528 l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len);
3529 p = sav->key_auth;
3530 break;
3531
3532 case SADB_EXT_KEY_ENCRYPT:
3533 if (!sav->key_enc)
3534 continue;
3535 l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len);
3536 p = sav->key_enc;
3537 break;
3538
3539 case SADB_EXT_LIFETIME_CURRENT:
3540 if (!sav->lft_c)
3541 continue;
3542 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len);
3543 p = sav->lft_c;
3544 break;
3545
3546 case SADB_EXT_LIFETIME_HARD:
3547 if (!sav->lft_h)
3548 continue;
3549 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len);
3550 p = sav->lft_h;
3551 break;
3552
3553 case SADB_EXT_LIFETIME_SOFT:
3554 if (!sav->lft_s)
3555 continue;
3556 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len);
3557 p = sav->lft_s;
3558 break;
3559
3560 case SADB_EXT_ADDRESS_PROXY:
3561 case SADB_EXT_IDENTITY_SRC:
3562 case SADB_EXT_IDENTITY_DST:
3563 /* XXX: should we brought from SPD ? */
3564 case SADB_EXT_SENSITIVITY:
3565 default:
3566 continue;
3567 }
3568
3569 if ((!m && !p) || (m && p))
3570 goto fail;
3571 if (p && tres) {
3572 M_PREPEND(tres, l, M_DONTWAIT);
3573 if (!tres)
3574 goto fail;
3575 bcopy(p, mtod(tres, caddr_t), l);
3576 continue;
3577 }
3578 if (p) {
3579 m = key_alloc_mbuf(l);
3580 if (!m)
3581 goto fail;
3582 m_copyback(m, 0, l, p);
3583 }
3584
3585 if (tres)
3586 m_cat(m, tres);
3587 tres = m;
3588 }
3589
3590 m_cat(result, tres);
3591
3592 if (result->m_len < sizeof(struct sadb_msg)) {
3593 result = m_pullup(result, sizeof(struct sadb_msg));
3594 if (result == NULL)
3595 goto fail;
3596 }
3597
3598 result->m_pkthdr.len = 0;
3599 for (m = result; m; m = m->m_next)
3600 result->m_pkthdr.len += m->m_len;
3601
3602 mtod(result, struct sadb_msg *)->sadb_msg_len =
3603 PFKEY_UNIT64(result->m_pkthdr.len);
3604
3605 return result;
3606
3607 fail:
3608 m_freem(result);
3609 m_freem(tres);
3610 return NULL;
3611 }
3612
3613 /*
3614 * set data into sadb_msg.
3615 */
3616 static struct mbuf *
3617 key_setsadbmsg(type, tlen, satype, seq, pid, reserved)
3618 u_int8_t type, satype;
3619 u_int16_t tlen;
3620 u_int32_t seq;
3621 pid_t pid;
3622 u_int16_t reserved;
3623 {
3624 struct mbuf *m;
3625 struct sadb_msg *p;
3626 int len;
3627
3628 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
3629 if (len > MCLBYTES)
3630 return NULL;
3631 MGETHDR(m, M_DONTWAIT, MT_DATA);
3632 if (m && len > MHLEN) {
3633 MCLGET(m, M_DONTWAIT);
3634 if ((m->m_flags & M_EXT) == 0) {
3635 m_freem(m);
3636 m = NULL;
3637 }
3638 }
3639 if (!m)
3640 return NULL;
3641 m->m_pkthdr.len = m->m_len = len;
3642 m->m_next = NULL;
3643
3644 p = mtod(m, struct sadb_msg *);
3645
3646 bzero(p, len);
3647 p->sadb_msg_version = PF_KEY_V2;
3648 p->sadb_msg_type = type;
3649 p->sadb_msg_errno = 0;
3650 p->sadb_msg_satype = satype;
3651 p->sadb_msg_len = PFKEY_UNIT64(tlen);
3652 p->sadb_msg_reserved = reserved;
3653 p->sadb_msg_seq = seq;
3654 p->sadb_msg_pid = (u_int32_t)pid;
3655
3656 return m;
3657 }
3658
3659 /*
3660 * copy secasvar data into sadb_address.
3661 */
3662 static struct mbuf *
3663 key_setsadbsa(sav)
3664 struct secasvar *sav;
3665 {
3666 struct mbuf *m;
3667 struct sadb_sa *p;
3668 int len;
3669
3670 len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
3671 m = key_alloc_mbuf(len);
3672 if (!m || m->m_next) { /*XXX*/
3673 if (m)
3674 m_freem(m);
3675 return NULL;
3676 }
3677
3678 p = mtod(m, struct sadb_sa *);
3679
3680 bzero(p, len);
3681 p->sadb_sa_len = PFKEY_UNIT64(len);
3682 p->sadb_sa_exttype = SADB_EXT_SA;
3683 p->sadb_sa_spi = sav->spi;
3684 p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);
3685 p->sadb_sa_state = sav->state;
3686 p->sadb_sa_auth = sav->alg_auth;
3687 p->sadb_sa_encrypt = sav->alg_enc;
3688 p->sadb_sa_flags = sav->flags;
3689
3690 return m;
3691 }
3692
3693 /*
3694 * set data into sadb_address.
3695 */
3696 static struct mbuf *
3697 key_setsadbaddr(exttype, saddr, prefixlen, ul_proto)
3698 u_int16_t exttype;
3699 struct sockaddr *saddr;
3700 u_int8_t prefixlen;
3701 u_int16_t ul_proto;
3702 {
3703 struct mbuf *m;
3704 struct sadb_address *p;
3705 size_t len;
3706
3707 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
3708 PFKEY_ALIGN8(saddr->sa_len);
3709 m = key_alloc_mbuf(len);
3710 if (!m || m->m_next) { /*XXX*/
3711 if (m)
3712 m_freem(m);
3713 return NULL;
3714 }
3715
3716 p = mtod(m, struct sadb_address *);
3717
3718 bzero(p, len);
3719 p->sadb_address_len = PFKEY_UNIT64(len);
3720 p->sadb_address_exttype = exttype;
3721 p->sadb_address_proto = ul_proto;
3722 if (prefixlen == FULLMASK) {
3723 switch (saddr->sa_family) {
3724 case AF_INET:
3725 prefixlen = sizeof(struct in_addr) << 3;
3726 break;
3727 case AF_INET6:
3728 prefixlen = sizeof(struct in6_addr) << 3;
3729 break;
3730 default:
3731 ; /*XXX*/
3732 }
3733 }
3734 p->sadb_address_prefixlen = prefixlen;
3735 p->sadb_address_reserved = 0;
3736
3737 bcopy(saddr,
3738 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
3739 saddr->sa_len);
3740
3741 return m;
3742 }
3743
3744 #if 0
3745 /*
3746 * set data into sadb_ident.
3747 */
3748 static struct mbuf *
3749 key_setsadbident(exttype, idtype, string, stringlen, id)
3750 u_int16_t exttype, idtype;
3751 caddr_t string;
3752 int stringlen;
3753 u_int64_t id;
3754 {
3755 struct mbuf *m;
3756 struct sadb_ident *p;
3757 size_t len;
3758
3759 len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen);
3760 m = key_alloc_mbuf(len);
3761 if (!m || m->m_next) { /*XXX*/
3762 if (m)
3763 m_freem(m);
3764 return NULL;
3765 }
3766
3767 p = mtod(m, struct sadb_ident *);
3768
3769 bzero(p, len);
3770 p->sadb_ident_len = PFKEY_UNIT64(len);
3771 p->sadb_ident_exttype = exttype;
3772 p->sadb_ident_type = idtype;
3773 p->sadb_ident_reserved = 0;
3774 p->sadb_ident_id = id;
3775
3776 bcopy(string,
3777 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_ident)),
3778 stringlen);
3779
3780 return m;
3781 }
3782 #endif
3783
3784 /*
3785 * set data into sadb_x_sa2.
3786 */
3787 static struct mbuf *
3788 key_setsadbxsa2(mode, seq, reqid)
3789 u_int8_t mode;
3790 u_int32_t seq, reqid;
3791 {
3792 struct mbuf *m;
3793 struct sadb_x_sa2 *p;
3794 size_t len;
3795
3796 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
3797 m = key_alloc_mbuf(len);
3798 if (!m || m->m_next) { /*XXX*/
3799 if (m)
3800 m_freem(m);
3801 return NULL;
3802 }
3803
3804 p = mtod(m, struct sadb_x_sa2 *);
3805
3806 bzero(p, len);
3807 p->sadb_x_sa2_len = PFKEY_UNIT64(len);
3808 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
3809 p->sadb_x_sa2_mode = mode;
3810 p->sadb_x_sa2_reserved1 = 0;
3811 p->sadb_x_sa2_reserved2 = 0;
3812 p->sadb_x_sa2_sequence = seq;
3813 p->sadb_x_sa2_reqid = reqid;
3814
3815 return m;
3816 }
3817
3818 /*
3819 * set data into sadb_lifetime
3820 */
3821 static struct mbuf *
3822 key_setsadblifetime(type, alloc, bytes, addtime, usetime)
3823 u_int16_t type;
3824 u_int32_t alloc;
3825 u_int64_t bytes, addtime, usetime;
3826 {
3827 struct mbuf *m;
3828 struct sadb_lifetime *p;
3829 size_t len;
3830
3831 len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime));
3832 m = key_alloc_mbuf(len);
3833 if (!m || m->m_next) { /*XXX*/
3834 if (m)
3835 m_freem(m);
3836 return NULL;
3837 }
3838
3839 p = mtod(m, struct sadb_lifetime *);
3840
3841 bzero(p, len);
3842 p->sadb_lifetime_len = PFKEY_UNIT64(len);
3843 p->sadb_lifetime_exttype = type;
3844 p->sadb_lifetime_allocations = alloc;
3845 p->sadb_lifetime_bytes = bytes;
3846 p->sadb_lifetime_addtime = addtime;
3847 p->sadb_lifetime_usetime = usetime;
3848
3849 return m;
3850 }
3851
3852 /*
3853 * set data into sadb_x_policy
3854 */
3855 static struct mbuf *
3856 key_setsadbxpolicy(type, dir, id)
3857 u_int16_t type;
3858 u_int8_t dir;
3859 u_int32_t id;
3860 {
3861 struct mbuf *m;
3862 struct sadb_x_policy *p;
3863 size_t len;
3864
3865 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
3866 m = key_alloc_mbuf(len);
3867 if (!m || m->m_next) { /*XXX*/
3868 if (m)
3869 m_freem(m);
3870 return NULL;
3871 }
3872
3873 p = mtod(m, struct sadb_x_policy *);
3874
3875 bzero(p, len);
3876 p->sadb_x_policy_len = PFKEY_UNIT64(len);
3877 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3878 p->sadb_x_policy_type = type;
3879 p->sadb_x_policy_dir = dir;
3880 p->sadb_x_policy_id = id;
3881
3882 return m;
3883 }
3884
3885 /* %%% utilities */
3886 /*
3887 * copy a buffer into the new buffer allocated.
3888 */
3889 static void *
3890 key_newbuf(src, len)
3891 const void *src;
3892 u_int len;
3893 {
3894 caddr_t new;
3895
3896 KMALLOC(new, caddr_t, len);
3897 if (new == NULL) {
3898 ipseclog((LOG_DEBUG, "key_newbuf: No more memory.\n"));
3899 return NULL;
3900 }
3901 bcopy(src, new, len);
3902
3903 return new;
3904 }
3905
3906 /* compare my own address
3907 * OUT: 1: true, i.e. my address.
3908 * 0: false
3909 */
3910 static int
3911 key_ismyaddr(sa)
3912 struct sockaddr *sa;
3913 {
3914 #ifdef INET
3915 struct sockaddr_in *sin;
3916 struct in_ifaddr *ia;
3917 #endif
3918
3919 /* sanity check */
3920 if (sa == NULL)
3921 panic("key_ismyaddr: NULL pointer is passed.");
3922
3923 switch (sa->sa_family) {
3924 #ifdef INET
3925 case AF_INET:
3926 sin = (struct sockaddr_in *)sa;
3927 for (ia = in_ifaddrhead.tqh_first; ia;
3928 ia = ia->ia_link.tqe_next) {
3929 if (sin->sin_family == ia->ia_addr.sin_family &&
3930 sin->sin_len == ia->ia_addr.sin_len &&
3931 sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr)
3932 {
3933 return 1;
3934 }
3935 }
3936 break;
3937 #endif
3938 #ifdef INET6
3939 case AF_INET6:
3940 return key_ismyaddr6((struct sockaddr_in6 *)sa);
3941 #endif
3942 }
3943
3944 return 0;
3945 }
3946
3947 #ifdef INET6
3948 /*
3949 * compare my own address for IPv6.
3950 * 1: ours
3951 * 0: other
3952 * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
3953 */
3954 #include <netinet6/in6_var.h>
3955
3956 static int
3957 key_ismyaddr6(sin6)
3958 struct sockaddr_in6 *sin6;
3959 {
3960 struct in6_ifaddr *ia;
3961 struct in6_multi *in6m;
3962
3963 for (ia = in6_ifaddr; ia; ia = ia->ia_next) {
3964 if (key_sockaddrcmp((struct sockaddr *)&sin6,
3965 (struct sockaddr *)&ia->ia_addr, 0) == 0)
3966 return 1;
3967
3968 /*
3969 * XXX Multicast
3970 * XXX why do we care about multlicast here while we don't care
3971 * about IPv4 multicast??
3972 */
3973 in6m = NULL;
3974 IN6_LOOKUP_MULTI(sin6->sin6_addr, ia->ia_ifp, in6m);
3975 if (in6m)
3976 return 1;
3977 }
3978
3979 /* loopback, just for safety */
3980 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
3981 return 1;
3982
3983 return 0;
3984 }
3985 #endif /*INET6*/
3986
3987 /*
3988 * compare two secasindex structure.
3989 * flag can specify to compare 2 saidxes.
3990 * compare two secasindex structure without both mode and reqid.
3991 * don't compare port.
3992 * IN:
3993 * saidx0: source, it can be in SAD.
3994 * saidx1: object.
3995 * OUT:
3996 * 1 : equal
3997 * 0 : not equal
3998 */
3999 static int
4000 key_cmpsaidx(saidx0, saidx1, flag)
4001 struct secasindex *saidx0, *saidx1;
4002 int flag;
4003 {
4004 /* sanity */
4005 if (saidx0 == NULL && saidx1 == NULL)
4006 return 1;
4007
4008 if (saidx0 == NULL || saidx1 == NULL)
4009 return 0;
4010
4011 if (saidx0->proto != saidx1->proto)
4012 return 0;
4013
4014 if (flag == CMP_EXACTLY) {
4015 if (saidx0->mode != saidx1->mode)
4016 return 0;
4017 if (saidx0->reqid != saidx1->reqid)
4018 return 0;
4019 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.ss_len) != 0 ||
4020 bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.ss_len) != 0)
4021 return 0;
4022 } else {
4023
4024 /* CMP_MODE_REQID, CMP_HEAD */
4025 if (flag == CMP_MODE_REQID) {
4026 /*
4027 * If reqid of SPD is non-zero, unique SA is required.
4028 * The result must be of same reqid in this case.
4029 */
4030 if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid)
4031 return 0;
4032 }
4033
4034 if (flag == CMP_MODE_REQID) {
4035 if (saidx0->mode != IPSEC_MODE_ANY &&
4036 saidx0->mode != saidx1->mode)
4037 return 0;
4038 }
4039
4040 if (key_sockaddrcmp((struct sockaddr *)&saidx0->src,
4041 (struct sockaddr *)&saidx1->src, 0) != 0) {
4042 return 0;
4043 }
4044 if (key_sockaddrcmp((struct sockaddr *)&saidx0->dst,
4045 (struct sockaddr *)&saidx1->dst, 0) != 0) {
4046 return 0;
4047 }
4048 }
4049
4050 return 1;
4051 }
4052
4053 /*
4054 * compare two secindex structure exactly.
4055 * IN:
4056 * spidx0: source, it is often in SPD.
4057 * spidx1: object, it is often from PFKEY message.
4058 * OUT:
4059 * 1 : equal
4060 * 0 : not equal
4061 */
4062 int
4063 key_cmpspidx_exactly(spidx0, spidx1)
4064 struct secpolicyindex *spidx0, *spidx1;
4065 {
4066 /* sanity */
4067 if (spidx0 == NULL && spidx1 == NULL)
4068 return 1;
4069
4070 if (spidx0 == NULL || spidx1 == NULL)
4071 return 0;
4072
4073 if (spidx0->prefs != spidx1->prefs || spidx0->prefd != spidx1->prefd ||
4074 spidx0->ul_proto != spidx1->ul_proto)
4075 return 0;
4076
4077 if (key_sockaddrcmp((struct sockaddr *)&spidx0->src,
4078 (struct sockaddr *)&spidx1->src, 1) != 0) {
4079 return 0;
4080 }
4081 if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst,
4082 (struct sockaddr *)&spidx1->dst, 1) != 0) {
4083 return 0;
4084 }
4085
4086 return 1;
4087 }
4088
4089 /*
4090 * compare two secindex structure with mask.
4091 * IN:
4092 * spidx0: source, it is often in SPD.
4093 * spidx1: object, it is often from IP header.
4094 * OUT:
4095 * 1 : equal
4096 * 0 : not equal
4097 */
4098 int
4099 key_cmpspidx_withmask(spidx0, spidx1)
4100 struct secpolicyindex *spidx0, *spidx1;
4101 {
4102 /* sanity */
4103 if (spidx0 == NULL && spidx1 == NULL)
4104 return 1;
4105
4106 if (spidx0 == NULL || spidx1 == NULL)
4107 return 0;
4108
4109 if (spidx0->src.ss_family != spidx1->src.ss_family ||
4110 spidx0->dst.ss_family != spidx1->dst.ss_family ||
4111 spidx0->src.ss_len != spidx1->src.ss_len ||
4112 spidx0->dst.ss_len != spidx1->dst.ss_len)
4113 return 0;
4114
4115 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
4116 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY &&
4117 spidx0->ul_proto != spidx1->ul_proto)
4118 return 0;
4119
4120 switch (spidx0->src.ss_family) {
4121 case AF_INET:
4122 if (satosin(&spidx0->src)->sin_port != IPSEC_PORT_ANY &&
4123 satosin(&spidx0->src)->sin_port !=
4124 satosin(&spidx1->src)->sin_port)
4125 return 0;
4126 if (!key_bbcmp((caddr_t)&satosin(&spidx0->src)->sin_addr,
4127 (caddr_t)&satosin(&spidx1->src)->sin_addr, spidx0->prefs))
4128 return 0;
4129 break;
4130 case AF_INET6:
4131 if (satosin6(&spidx0->src)->sin6_port != IPSEC_PORT_ANY &&
4132 satosin6(&spidx0->src)->sin6_port !=
4133 satosin6(&spidx1->src)->sin6_port)
4134 return 0;
4135 /*
4136 * scope_id check. if sin6_scope_id is 0, we regard it
4137 * as a wildcard scope, which matches any scope zone ID.
4138 */
4139 if (satosin6(&spidx0->src)->sin6_scope_id &&
4140 satosin6(&spidx1->src)->sin6_scope_id &&
4141 satosin6(&spidx0->src)->sin6_scope_id !=
4142 satosin6(&spidx1->src)->sin6_scope_id)
4143 return 0;
4144 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->src)->sin6_addr,
4145 (caddr_t)&satosin6(&spidx1->src)->sin6_addr, spidx0->prefs))
4146 return 0;
4147 break;
4148 default:
4149 /* XXX */
4150 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.ss_len) != 0)
4151 return 0;
4152 break;
4153 }
4154
4155 switch (spidx0->dst.ss_family) {
4156 case AF_INET:
4157 if (satosin(&spidx0->dst)->sin_port != IPSEC_PORT_ANY &&
4158 satosin(&spidx0->dst)->sin_port !=
4159 satosin(&spidx1->dst)->sin_port)
4160 return 0;
4161 if (!key_bbcmp((caddr_t)&satosin(&spidx0->dst)->sin_addr,
4162 (caddr_t)&satosin(&spidx1->dst)->sin_addr, spidx0->prefd))
4163 return 0;
4164 break;
4165 case AF_INET6:
4166 if (satosin6(&spidx0->dst)->sin6_port != IPSEC_PORT_ANY &&
4167 satosin6(&spidx0->dst)->sin6_port !=
4168 satosin6(&spidx1->dst)->sin6_port)
4169 return 0;
4170 /*
4171 * scope_id check. if sin6_scope_id is 0, we regard it
4172 * as a wildcard scope, which matches any scope zone ID.
4173 */
4174 if (satosin6(&spidx0->src)->sin6_scope_id &&
4175 satosin6(&spidx1->src)->sin6_scope_id &&
4176 satosin6(&spidx0->dst)->sin6_scope_id !=
4177 satosin6(&spidx1->dst)->sin6_scope_id)
4178 return 0;
4179 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->dst)->sin6_addr,
4180 (caddr_t)&satosin6(&spidx1->dst)->sin6_addr, spidx0->prefd))
4181 return 0;
4182 break;
4183 default:
4184 /* XXX */
4185 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.ss_len) != 0)
4186 return 0;
4187 break;
4188 }
4189
4190 /* XXX Do we check other field ? e.g. flowinfo */
4191
4192 return 1;
4193 }
4194
4195 /* returns 0 on match */
4196 static int
4197 key_sockaddrcmp(sa1, sa2, port)
4198 struct sockaddr *sa1;
4199 struct sockaddr *sa2;
4200 int port;
4201 {
4202 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
4203 return 1;
4204
4205 switch (sa1->sa_family) {
4206 case AF_INET:
4207 if (sa1->sa_len != sizeof(struct sockaddr_in))
4208 return 1;
4209 if (satosin(sa1)->sin_addr.s_addr !=
4210 satosin(sa2)->sin_addr.s_addr) {
4211 return 1;
4212 }
4213 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port)
4214 return 1;
4215 break;
4216 case AF_INET6:
4217 if (sa1->sa_len != sizeof(struct sockaddr_in6))
4218 return 1; /*EINVAL*/
4219 if (satosin6(sa1)->sin6_scope_id !=
4220 satosin6(sa2)->sin6_scope_id) {
4221 return 1;
4222 }
4223 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr,
4224 &satosin6(sa2)->sin6_addr)) {
4225 return 1;
4226 }
4227 if (port &&
4228 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) {
4229 return 1;
4230 }
4231 default:
4232 if (bcmp(sa1, sa2, sa1->sa_len) != 0)
4233 return 1;
4234 break;
4235 }
4236
4237 return 0;
4238 }
4239
4240 /*
4241 * compare two buffers with mask.
4242 * IN:
4243 * addr1: source
4244 * addr2: object
4245 * bits: Number of bits to compare
4246 * OUT:
4247 * 1 : equal
4248 * 0 : not equal
4249 */
4250 static int
4251 key_bbcmp(p1, p2, bits)
4252 caddr_t p1, p2;
4253 u_int bits;
4254 {
4255 u_int8_t mask;
4256
4257 /* XXX: This could be considerably faster if we compare a word
4258 * at a time, but it is complicated on LSB Endian machines */
4259
4260 /* Handle null pointers */
4261 if (p1 == NULL || p2 == NULL)
4262 return (p1 == p2);
4263
4264 while (bits >= 8) {
4265 if (*p1++ != *p2++)
4266 return 0;
4267 bits -= 8;
4268 }
4269
4270 if (bits > 0) {
4271 mask = ~((1<<(8-bits))-1);
4272 if ((*p1 & mask) != (*p2 & mask))
4273 return 0;
4274 }
4275 return 1; /* Match! */
4276 }
4277
4278 /*
4279 * time handler.
4280 * scanning SPD and SAD to check status for each entries,
4281 * and do to remove or to expire.
4282 * XXX: year 2038 problem may remain.
4283 */
4284 void
4285 key_timehandler(arg)
4286 void *arg;
4287 {
4288 u_int dir;
4289 int s;
4290 struct timeval tv;
4291
4292 microtime(&tv);
4293
4294 s = splnet(); /*called from softclock()*/
4295
4296 /* SPD */
4297 {
4298 struct secpolicy *sp, *nextsp;
4299
4300 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
4301 for (sp = LIST_FIRST(&sptree[dir]);
4302 sp != NULL;
4303 sp = nextsp) {
4304 nextsp = LIST_NEXT(sp, chain);
4305
4306 if (sp->state == IPSEC_SPSTATE_DEAD) {
4307 key_sp_unlink(sp); /*XXX*/
4308 sp = NULL;
4309 continue;
4310 }
4311
4312 if (sp->lifetime == 0 && sp->validtime == 0)
4313 continue;
4314
4315 /* the deletion will occur next time */
4316 if ((sp->lifetime &&
4317 tv.tv_sec - sp->created > sp->lifetime) ||
4318 (sp->validtime &&
4319 tv.tv_sec - sp->lastused > sp->validtime)) {
4320 key_sp_dead(sp);
4321 key_spdexpire(sp);
4322 continue;
4323 }
4324 }
4325 }
4326
4327 /* invalidate all cached SPD pointers on pcb */
4328 ipsec_invalpcbcacheall();
4329 }
4330
4331 /* SAD */
4332 {
4333 struct secashead *sah, *nextsah;
4334 struct secasvar *sav, *nextsav;
4335
4336 for (sah = LIST_FIRST(&sahtree);
4337 sah != NULL;
4338 sah = nextsah) {
4339
4340 nextsah = LIST_NEXT(sah, chain);
4341
4342 /* if sah has been dead, then delete it and process next sah. */
4343 if (sah->state == SADB_SASTATE_DEAD) {
4344 key_delsah(sah);
4345 continue;
4346 }
4347
4348 /* if LARVAL entry doesn't become MATURE, delete it. */
4349 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]);
4350 sav != NULL;
4351 sav = nextsav) {
4352
4353 nextsav = LIST_NEXT(sav, chain);
4354
4355 if (tv.tv_sec - sav->created > key_larval_lifetime) {
4356 key_freesav(sav);
4357 }
4358 }
4359
4360 /*
4361 * check MATURE entry to start to send expire message
4362 * whether or not.
4363 */
4364 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);
4365 sav != NULL;
4366 sav = nextsav) {
4367
4368 nextsav = LIST_NEXT(sav, chain);
4369
4370 /* we don't need to check. */
4371 if (sav->lft_s == NULL)
4372 continue;
4373
4374 /* sanity check */
4375 if (sav->lft_c == NULL) {
4376 ipseclog((LOG_DEBUG, "key_timehandler: "
4377 "There is no CURRENT time, why?\n"));
4378 continue;
4379 }
4380
4381 /* check SOFT lifetime */
4382 if (sav->lft_s->sadb_lifetime_addtime != 0 &&
4383 tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
4384 /*
4385 * check the SA if it has been used.
4386 * when it hasn't been used, delete it.
4387 * i don't think such SA will be used.
4388 */
4389 if (sav->lft_c->sadb_lifetime_usetime == 0) {
4390 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4391 key_freesav(sav);
4392 sav = NULL;
4393 } else {
4394 key_sa_chgstate(sav, SADB_SASTATE_DYING);
4395 /*
4396 * XXX If we keep to send expire
4397 * message in the status of
4398 * DYING. Do remove below code.
4399 */
4400 key_expire(sav);
4401 }
4402 }
4403
4404 /* check SOFT lifetime by bytes */
4405 /*
4406 * XXX I don't know the way to delete this SA
4407 * when new SA is installed. Caution when it's
4408 * installed too big lifetime by time.
4409 */
4410 else if (sav->lft_s->sadb_lifetime_bytes != 0
4411 && sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
4412
4413 key_sa_chgstate(sav, SADB_SASTATE_DYING);
4414 /*
4415 * XXX If we keep to send expire
4416 * message in the status of
4417 * DYING. Do remove below code.
4418 */
4419 key_expire(sav);
4420 }
4421 }
4422
4423 /* check DYING entry to change status to DEAD. */
4424 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]);
4425 sav != NULL;
4426 sav = nextsav) {
4427
4428 nextsav = LIST_NEXT(sav, chain);
4429
4430 /* we don't need to check. */
4431 if (sav->lft_h == NULL)
4432 continue;
4433
4434 /* sanity check */
4435 if (sav->lft_c == NULL) {
4436 ipseclog((LOG_DEBUG, "key_timehandler: "
4437 "There is no CURRENT time, why?\n"));
4438 continue;
4439 }
4440
4441 if (sav->lft_h->sadb_lifetime_addtime != 0 &&
4442 tv.tv_sec - sav->created > sav->lft_h->sadb_lifetime_addtime) {
4443 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4444 key_freesav(sav);
4445 sav = NULL;
4446 }
4447 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
4448 else if (sav->lft_s != NULL
4449 && sav->lft_s->sadb_lifetime_addtime != 0
4450 && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
4451 /*
4452 * XXX: should be checked to be
4453 * installed the valid SA.
4454 */
4455
4456 /*
4457 * If there is no SA then sending
4458 * expire message.
4459 */
4460 key_expire(sav);
4461 }
4462 #endif
4463 /* check HARD lifetime by bytes */
4464 else if (sav->lft_h->sadb_lifetime_bytes != 0
4465 && sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
4466 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4467 key_freesav(sav);
4468 sav = NULL;
4469 }
4470 }
4471
4472 /* delete entry in DEAD */
4473 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]);
4474 sav != NULL;
4475 sav = nextsav) {
4476
4477 nextsav = LIST_NEXT(sav, chain);
4478
4479 /* sanity check */
4480 if (sav->state != SADB_SASTATE_DEAD) {
4481 ipseclog((LOG_DEBUG, "key_timehandler: "
4482 "invalid sav->state "
4483 "(queue: %u SA: %u): "
4484 "kill it anyway\n",
4485 SADB_SASTATE_DEAD, sav->state));
4486 }
4487
4488 /*
4489 * do not call key_freesav() here.
4490 * sav should already be freed, and sav->refcnt
4491 * shows other references to sav
4492 * (such as from SPD).
4493 */
4494 }
4495 }
4496 }
4497
4498 #ifndef IPSEC_NONBLOCK_ACQUIRE
4499 /* ACQ tree */
4500 {
4501 struct secacq *acq, *nextacq;
4502
4503 for (acq = LIST_FIRST(&acqtree);
4504 acq != NULL;
4505 acq = nextacq) {
4506
4507 nextacq = LIST_NEXT(acq, chain);
4508
4509 if (tv.tv_sec - acq->created > key_blockacq_lifetime &&
4510 __LIST_CHAINED(acq)) {
4511 LIST_REMOVE(acq, chain);
4512 KFREE(acq);
4513 }
4514 }
4515 }
4516 #endif
4517
4518 /* SP ACQ tree */
4519 {
4520 struct secspacq *acq, *nextacq;
4521
4522 for (acq = LIST_FIRST(&spacqtree);
4523 acq != NULL;
4524 acq = nextacq) {
4525
4526 nextacq = LIST_NEXT(acq, chain);
4527
4528 if (tv.tv_sec - acq->created > key_blockacq_lifetime &&
4529 __LIST_CHAINED(acq)) {
4530 LIST_REMOVE(acq, chain);
4531 KFREE(acq);
4532 }
4533 }
4534 }
4535
4536 /* initialize random seed */
4537 if (key_tick_init_random++ > key_int_random) {
4538 key_tick_init_random = 0;
4539 key_srandom();
4540 }
4541
4542 /*
4543 * should set timeout based on the most closest timer expiration.
4544 * we don't bother to do that yet.
4545 */
4546 (void)timeout(key_timehandler, (void *)0, hz);
4547
4548 splx(s);
4549 return;
4550 }
4551
4552 /*
4553 * to initialize a seed for random()
4554 */
4555 static void
4556 key_srandom()
4557 {
4558 return;
4559 }
4560
4561 static u_long
4562 key_random()
4563 {
4564 u_long value;
4565
4566 key_randomfill(&value, sizeof(value));
4567 return value;
4568 }
4569
4570 void
4571 key_randomfill(p, l)
4572 void *p;
4573 size_t l;
4574 {
4575 size_t n;
4576 u_long v;
4577 static int warn = 1;
4578
4579 n = 0;
4580 n = (size_t)read_random(p, (u_int)l);
4581 /* last resort */
4582 while (n < l) {
4583 v = random();
4584 bcopy(&v, (u_int8_t *)p + n,
4585 l - n < sizeof(v) ? l - n : sizeof(v));
4586 n += sizeof(v);
4587
4588 if (warn) {
4589 printf("WARNING: pseudo-random number generator "
4590 "used for IPsec processing\n");
4591 warn = 0;
4592 }
4593 }
4594 }
4595
4596 /*
4597 * map SADB_SATYPE_* to IPPROTO_*.
4598 * if satype == SADB_SATYPE then satype is mapped to ~0.
4599 * OUT:
4600 * 0: invalid satype.
4601 */
4602 static u_int16_t
4603 key_satype2proto(satype)
4604 u_int8_t satype;
4605 {
4606 switch (satype) {
4607 case SADB_SATYPE_UNSPEC:
4608 return IPSEC_PROTO_ANY;
4609 case SADB_SATYPE_AH:
4610 return IPPROTO_AH;
4611 case SADB_SATYPE_ESP:
4612 return IPPROTO_ESP;
4613 case SADB_X_SATYPE_IPCOMP:
4614 return IPPROTO_IPCOMP;
4615 break;
4616 default:
4617 return 0;
4618 }
4619 /* NOTREACHED */
4620 }
4621
4622 /*
4623 * map IPPROTO_* to SADB_SATYPE_*
4624 * OUT:
4625 * 0: invalid protocol type.
4626 */
4627 static u_int8_t
4628 key_proto2satype(proto)
4629 u_int16_t proto;
4630 {
4631 switch (proto) {
4632 case IPPROTO_AH:
4633 return SADB_SATYPE_AH;
4634 case IPPROTO_ESP:
4635 return SADB_SATYPE_ESP;
4636 case IPPROTO_IPCOMP:
4637 return SADB_X_SATYPE_IPCOMP;
4638 break;
4639 default:
4640 return 0;
4641 }
4642 /* NOTREACHED */
4643 }
4644
4645 /* %%% PF_KEY */
4646 /*
4647 * SADB_GETSPI processing is to receive
4648 * <base, (SA2), src address, dst address, (SPI range)>
4649 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
4650 * tree with the status of LARVAL, and send
4651 * <base, SA(*), address(SD)>
4652 * to the IKMPd.
4653 *
4654 * IN: mhp: pointer to the pointer to each header.
4655 * OUT: NULL if fail.
4656 * other if success, return pointer to the message to send.
4657 */
4658 static int
4659 key_getspi(so, m, mhp)
4660 struct socket *so;
4661 struct mbuf *m;
4662 const struct sadb_msghdr *mhp;
4663 {
4664 struct sadb_address *src0, *dst0;
4665 struct secasindex saidx;
4666 struct secashead *newsah;
4667 struct secasvar *newsav;
4668 u_int8_t proto;
4669 u_int32_t spi;
4670 u_int8_t mode;
4671 u_int32_t reqid;
4672 int error;
4673
4674 /* sanity check */
4675 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
4676 panic("key_getspi: NULL pointer is passed.");
4677
4678 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
4679 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
4680 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
4681 return key_senderror(so, m, EINVAL);
4682 }
4683 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
4684 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
4685 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
4686 return key_senderror(so, m, EINVAL);
4687 }
4688 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
4689 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
4690 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
4691 } else {
4692 mode = IPSEC_MODE_ANY;
4693 reqid = 0;
4694 }
4695
4696 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
4697 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
4698
4699 /* map satype to proto */
4700 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
4701 ipseclog((LOG_DEBUG, "key_getspi: invalid satype is passed.\n"));
4702 return key_senderror(so, m, EINVAL);
4703 }
4704
4705 /* make sure if port number is zero. */
4706 switch (((struct sockaddr *)(src0 + 1))->sa_family) {
4707 case AF_INET:
4708 if (((struct sockaddr *)(src0 + 1))->sa_len !=
4709 sizeof(struct sockaddr_in))
4710 return key_senderror(so, m, EINVAL);
4711 ((struct sockaddr_in *)(src0 + 1))->sin_port = 0;
4712 break;
4713 case AF_INET6:
4714 if (((struct sockaddr *)(src0 + 1))->sa_len !=
4715 sizeof(struct sockaddr_in6))
4716 return key_senderror(so, m, EINVAL);
4717 ((struct sockaddr_in6 *)(src0 + 1))->sin6_port = 0;
4718 break;
4719 default:
4720 ; /*???*/
4721 }
4722 switch (((struct sockaddr *)(dst0 + 1))->sa_family) {
4723 case AF_INET:
4724 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
4725 sizeof(struct sockaddr_in))
4726 return key_senderror(so, m, EINVAL);
4727 ((struct sockaddr_in *)(dst0 + 1))->sin_port = 0;
4728 break;
4729 case AF_INET6:
4730 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
4731 sizeof(struct sockaddr_in6))
4732 return key_senderror(so, m, EINVAL);
4733 ((struct sockaddr_in6 *)(dst0 + 1))->sin6_port = 0;
4734 break;
4735 default:
4736 ; /*???*/
4737 }
4738
4739 /* XXX boundary check against sa_len */
4740 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
4741
4742 /* SPI allocation */
4743 spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE],
4744 &saidx);
4745 if (spi == 0)
4746 return key_senderror(so, m, EINVAL);
4747
4748 /* get a SA index */
4749 if ((newsah = key_getsah(&saidx)) == NULL) {
4750 /* create a new SA index */
4751 if ((newsah = key_newsah(&saidx)) == NULL) {
4752 ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n"));
4753 return key_senderror(so, m, ENOBUFS);
4754 }
4755 }
4756
4757 /* get a new SA */
4758 /* XXX rewrite */
4759 newsav = key_newsav(m, mhp, newsah, &error);
4760 if (newsav == NULL) {
4761 /* XXX don't free new SA index allocated in above. */
4762 return key_senderror(so, m, error);
4763 }
4764
4765 /* set spi */
4766 key_setspi(newsav, htonl(spi));
4767
4768 #ifndef IPSEC_NONBLOCK_ACQUIRE
4769 /* delete the entry in acqtree */
4770 if (mhp->msg->sadb_msg_seq != 0) {
4771 struct secacq *acq;
4772 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
4773 /* reset counter in order to deletion by timehandler. */
4774 acq->created = time_second;
4775 acq->count = 0;
4776 }
4777 }
4778 #endif
4779
4780 {
4781 struct mbuf *n, *nn;
4782 struct sadb_sa *m_sa;
4783 struct sadb_msg *newmsg;
4784 int off, len;
4785
4786 /* create new sadb_msg to reply. */
4787 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
4788 PFKEY_ALIGN8(sizeof(struct sadb_sa));
4789 if (len > MCLBYTES)
4790 return key_senderror(so, m, ENOBUFS);
4791
4792 MGETHDR(n, M_DONTWAIT, MT_DATA);
4793 if (len > MHLEN) {
4794 MCLGET(n, M_DONTWAIT);
4795 if ((n->m_flags & M_EXT) == 0) {
4796 m_freem(n);
4797 n = NULL;
4798 }
4799 }
4800 if (!n)
4801 return key_senderror(so, m, ENOBUFS);
4802
4803 n->m_len = len;
4804 n->m_next = NULL;
4805 off = 0;
4806
4807 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
4808 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
4809
4810 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off);
4811 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
4812 m_sa->sadb_sa_exttype = SADB_EXT_SA;
4813 m_sa->sadb_sa_spi = htonl(spi);
4814 off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
4815
4816 #ifdef DIAGNOSTIC
4817 if (off != len)
4818 panic("length inconsistency in key_getspi");
4819 #endif
4820
4821 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC,
4822 SADB_EXT_ADDRESS_DST);
4823 if (!n->m_next) {
4824 m_freem(n);
4825 return key_senderror(so, m, ENOBUFS);
4826 }
4827
4828 if (n->m_len < sizeof(struct sadb_msg)) {
4829 n = m_pullup(n, sizeof(struct sadb_msg));
4830 if (n == NULL)
4831 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
4832 }
4833
4834 n->m_pkthdr.len = 0;
4835 for (nn = n; nn; nn = nn->m_next)
4836 n->m_pkthdr.len += nn->m_len;
4837
4838 newmsg = mtod(n, struct sadb_msg *);
4839 newmsg->sadb_msg_seq = newsav->seq;
4840 newmsg->sadb_msg_errno = 0;
4841 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
4842
4843 m_freem(m);
4844 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
4845 }
4846 }
4847
4848 /*
4849 * allocating new SPI
4850 * called by key_getspi().
4851 * OUT:
4852 * 0: failure.
4853 * others: success.
4854 */
4855 static u_int32_t
4856 key_do_getnewspi(spirange, saidx)
4857 struct sadb_spirange *spirange;
4858 struct secasindex *saidx;
4859 {
4860 u_int32_t newspi;
4861 u_int32_t min, max;
4862 int count = key_spi_trycnt;
4863
4864 /* set spi range to allocate */
4865 if (spirange != NULL) {
4866 min = spirange->sadb_spirange_min;
4867 max = spirange->sadb_spirange_max;
4868 } else {
4869 min = key_spi_minval;
4870 max = key_spi_maxval;
4871 }
4872 /* IPCOMP needs 2-byte SPI */
4873 if (saidx->proto == IPPROTO_IPCOMP) {
4874 u_int32_t t;
4875 if (min >= 0x10000)
4876 min = 0xffff;
4877 if (max >= 0x10000)
4878 max = 0xffff;
4879 if (min > max) {
4880 t = min; min = max; max = t;
4881 }
4882 }
4883
4884 if (min == max) {
4885 if (key_checkspidup(saidx, min) != NULL) {
4886 ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", min));
4887 return 0;
4888 }
4889
4890 count--; /* taking one cost. */
4891 newspi = min;
4892
4893 } else {
4894
4895 /* init SPI */
4896 newspi = 0;
4897
4898 /* when requesting to allocate spi ranged */
4899 while (count--) {
4900 /* generate pseudo-random SPI value ranged. */
4901 newspi = min + (key_random() % (max - min + 1));
4902
4903 if (key_checkspidup(saidx, newspi) == NULL)
4904 break;
4905 }
4906
4907 if (count == 0 || newspi == 0) {
4908 ipseclog((LOG_DEBUG, "key_do_getnewspi: to allocate spi is failed.\n"));
4909 return 0;
4910 }
4911 }
4912
4913 /* statistics */
4914 keystat.getspi_count =
4915 (keystat.getspi_count + key_spi_trycnt - count) / 2;
4916
4917 return newspi;
4918 }
4919
4920 /*
4921 * SADB_UPDATE processing
4922 * receive
4923 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
4924 * key(AE), (identity(SD),) (sensitivity)>
4925 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
4926 * and send
4927 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
4928 * (identity(SD),) (sensitivity)>
4929 * to the ikmpd.
4930 *
4931 * m will always be freed.
4932 */
4933 static int
4934 key_update(so, m, mhp)
4935 struct socket *so;
4936 struct mbuf *m;
4937 const struct sadb_msghdr *mhp;
4938 {
4939 struct sadb_sa *sa0;
4940 struct sadb_address *src0, *dst0;
4941 struct secasindex saidx;
4942 struct secashead *sah;
4943 struct secasvar *sav;
4944 u_int16_t proto;
4945 u_int8_t mode;
4946 u_int32_t reqid;
4947 int error;
4948
4949 /* sanity check */
4950 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
4951 panic("key_update: NULL pointer is passed.");
4952
4953 /* map satype to proto */
4954 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
4955 ipseclog((LOG_DEBUG, "key_update: invalid satype is passed.\n"));
4956 return key_senderror(so, m, EINVAL);
4957 }
4958
4959 if (mhp->ext[SADB_EXT_SA] == NULL ||
4960 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
4961 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
4962 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
4963 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
4964 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
4965 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
4966 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
4967 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
4968 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
4969 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
4970 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
4971 return key_senderror(so, m, EINVAL);
4972 }
4973 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
4974 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
4975 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
4976 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
4977 return key_senderror(so, m, EINVAL);
4978 }
4979 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
4980 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
4981 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
4982 } else {
4983 mode = IPSEC_MODE_ANY;
4984 reqid = 0;
4985 }
4986 /* XXX boundary checking for other extensions */
4987
4988 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
4989 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
4990 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
4991
4992 /* XXX boundary check against sa_len */
4993 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
4994
4995 /* get a SA header */
4996 if ((sah = key_getsah(&saidx)) == NULL) {
4997 ipseclog((LOG_DEBUG, "key_update: no SA index found.\n"));
4998 return key_senderror(so, m, ENOENT);
4999 }
5000
5001 /* set spidx if there */
5002 /* XXX rewrite */
5003 error = key_setident(sah, m, mhp);
5004 if (error)
5005 return key_senderror(so, m, error);
5006
5007 /* find a SA with sequence number. */
5008 #ifdef IPSEC_DOSEQCHECK
5009 if (mhp->msg->sadb_msg_seq != 0 &&
5010 (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
5011 ipseclog((LOG_DEBUG,
5012 "key_update: no larval SA with sequence %u exists.\n",
5013 mhp->msg->sadb_msg_seq));
5014 return key_senderror(so, m, ENOENT);
5015 }
5016 #else
5017 if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) {
5018 ipseclog((LOG_DEBUG,
5019 "key_update: no such a SA found (spi:%u)\n",
5020 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
5021 return key_senderror(so, m, EINVAL);
5022 }
5023 #endif
5024
5025 /* validity check */
5026 if (sav->sah->saidx.proto != proto) {
5027 ipseclog((LOG_DEBUG,
5028 "key_update: protocol mismatched (DB=%u param=%u)\n",
5029 sav->sah->saidx.proto, proto));
5030 return key_senderror(so, m, EINVAL);
5031 }
5032 #ifdef IPSEC_DOSEQCHECK
5033 if (sav->spi != sa0->sadb_sa_spi) {
5034 ipseclog((LOG_DEBUG,
5035 "key_update: SPI mismatched (DB:%u param:%u)\n",
5036 (u_int32_t)ntohl(sav->spi),
5037 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
5038 return key_senderror(so, m, EINVAL);
5039 }
5040 #endif
5041 if (sav->pid != mhp->msg->sadb_msg_pid) {
5042 ipseclog((LOG_DEBUG,
5043 "key_update: pid mismatched (DB:%u param:%u)\n",
5044 sav->pid, mhp->msg->sadb_msg_pid));
5045 return key_senderror(so, m, EINVAL);
5046 }
5047
5048 /* copy sav values */
5049 error = key_setsaval(sav, m, mhp);
5050 if (error) {
5051 key_freesav(sav);
5052 return key_senderror(so, m, error);
5053 }
5054
5055 /* check SA values to be mature. */
5056 if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) {
5057 key_freesav(sav);
5058 return key_senderror(so, m, 0);
5059 }
5060
5061 {
5062 struct mbuf *n;
5063
5064 /* set msg buf from mhp */
5065 n = key_getmsgbuf_x1(m, mhp);
5066 if (n == NULL) {
5067 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
5068 return key_senderror(so, m, ENOBUFS);
5069 }
5070
5071 m_freem(m);
5072 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5073 }
5074 }
5075
5076 /*
5077 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
5078 * only called by key_update().
5079 * OUT:
5080 * NULL : not found
5081 * others : found, pointer to a SA.
5082 */
5083 #ifdef IPSEC_DOSEQCHECK
5084 static struct secasvar *
5085 key_getsavbyseq(sah, seq)
5086 struct secashead *sah;
5087 u_int32_t seq;
5088 {
5089 struct secasvar *sav;
5090 u_int state;
5091
5092 state = SADB_SASTATE_LARVAL;
5093
5094 /* search SAD with sequence number ? */
5095 LIST_FOREACH(sav, &sah->savtree[state], chain) {
5096
5097 KEY_CHKSASTATE(state, sav->state, "key_getsabyseq");
5098
5099 if (sav->seq == seq) {
5100 sav->refcnt++;
5101 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
5102 printf("DP key_getsavbyseq cause "
5103 "refcnt++:%d SA:%p\n",
5104 sav->refcnt, sav));
5105 return sav;
5106 }
5107 }
5108
5109 return NULL;
5110 }
5111 #endif
5112
5113 /*
5114 * SADB_ADD processing
5115 * add an entry to SA database, when received
5116 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5117 * key(AE), (identity(SD),) (sensitivity)>
5118 * from the ikmpd,
5119 * and send
5120 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5121 * (identity(SD),) (sensitivity)>
5122 * to the ikmpd.
5123 *
5124 * IGNORE identity and sensitivity messages.
5125 *
5126 * m will always be freed.
5127 */
5128 static int
5129 key_add(so, m, mhp)
5130 struct socket *so;
5131 struct mbuf *m;
5132 const struct sadb_msghdr *mhp;
5133 {
5134 struct sadb_sa *sa0;
5135 struct sadb_address *src0, *dst0;
5136 struct secasindex saidx;
5137 struct secashead *newsah;
5138 struct secasvar *newsav;
5139 u_int16_t proto;
5140 u_int8_t mode;
5141 u_int32_t reqid;
5142 int error;
5143
5144 /* sanity check */
5145 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5146 panic("key_add: NULL pointer is passed.");
5147
5148 /* map satype to proto */
5149 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5150 ipseclog((LOG_DEBUG, "key_add: invalid satype is passed.\n"));
5151 return key_senderror(so, m, EINVAL);
5152 }
5153
5154 if (mhp->ext[SADB_EXT_SA] == NULL ||
5155 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5156 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
5157 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
5158 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
5159 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
5160 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
5161 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
5162 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
5163 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
5164 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
5165 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
5166 return key_senderror(so, m, EINVAL);
5167 }
5168 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
5169 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5170 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5171 /* XXX need more */
5172 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
5173 return key_senderror(so, m, EINVAL);
5174 }
5175 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
5176 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5177 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5178 } else {
5179 mode = IPSEC_MODE_ANY;
5180 reqid = 0;
5181 }
5182
5183 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5184 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
5185 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
5186
5187 /* XXX boundary check against sa_len */
5188 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5189
5190 /* get a SA header */
5191 if ((newsah = key_getsah(&saidx)) == NULL) {
5192 /* create a new SA header */
5193 if ((newsah = key_newsah(&saidx)) == NULL) {
5194 ipseclog((LOG_DEBUG, "key_add: No more memory.\n"));
5195 return key_senderror(so, m, ENOBUFS);
5196 }
5197 }
5198
5199 /* set spidx if there */
5200 /* XXX rewrite */
5201 error = key_setident(newsah, m, mhp);
5202 if (error) {
5203 return key_senderror(so, m, error);
5204 }
5205
5206 /* create new SA entry. */
5207 /* We can create new SA only if SPI is differenct. */
5208 if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) {
5209 ipseclog((LOG_DEBUG, "key_add: SA already exists.\n"));
5210 return key_senderror(so, m, EEXIST);
5211 }
5212 newsav = key_newsav(m, mhp, newsah, &error);
5213 if (newsav == NULL) {
5214 return key_senderror(so, m, error);
5215 }
5216
5217 /* check SA values to be mature. */
5218 if ((error = key_mature(newsav)) != 0) {
5219 key_freesav(newsav);
5220 return key_senderror(so, m, error);
5221 }
5222
5223 /*
5224 * don't call key_freesav() here, as we would like to keep the SA
5225 * in the database on success.
5226 */
5227
5228 {
5229 struct mbuf *n;
5230
5231 /* set msg buf from mhp */
5232 n = key_getmsgbuf_x1(m, mhp);
5233 if (n == NULL) {
5234 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
5235 return key_senderror(so, m, ENOBUFS);
5236 }
5237
5238 m_freem(m);
5239 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5240 }
5241 }
5242
5243 /* m is retained */
5244 static int
5245 key_setident(sah, m, mhp)
5246 struct secashead *sah;
5247 struct mbuf *m;
5248 const struct sadb_msghdr *mhp;
5249 {
5250 const struct sadb_ident *idsrc, *iddst;
5251 int idsrclen, iddstlen;
5252
5253 /* sanity check */
5254 if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5255 panic("key_setident: NULL pointer is passed.");
5256
5257 /* don't make buffer if not there */
5258 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
5259 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5260 sah->idents = NULL;
5261 sah->identd = NULL;
5262 return 0;
5263 }
5264
5265 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
5266 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5267 ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n"));
5268 return EINVAL;
5269 }
5270
5271 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC];
5272 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST];
5273 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
5274 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
5275
5276 /* validity check */
5277 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
5278 ipseclog((LOG_DEBUG, "key_setident: ident type mismatch.\n"));
5279 return EINVAL;
5280 }
5281
5282 switch (idsrc->sadb_ident_type) {
5283 case SADB_IDENTTYPE_PREFIX:
5284 case SADB_IDENTTYPE_FQDN:
5285 case SADB_IDENTTYPE_USERFQDN:
5286 default:
5287 /* XXX do nothing */
5288 sah->idents = NULL;
5289 sah->identd = NULL;
5290 return 0;
5291 }
5292
5293 /* make structure */
5294 KMALLOC(sah->idents, struct sadb_ident *, idsrclen);
5295 if (sah->idents == NULL) {
5296 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
5297 return ENOBUFS;
5298 }
5299 KMALLOC(sah->identd, struct sadb_ident *, iddstlen);
5300 if (sah->identd == NULL) {
5301 KFREE(sah->idents);
5302 sah->idents = NULL;
5303 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
5304 return ENOBUFS;
5305 }
5306 bcopy(idsrc, sah->idents, idsrclen);
5307 bcopy(iddst, sah->identd, iddstlen);
5308
5309 return 0;
5310 }
5311
5312 /*
5313 * m will not be freed on return.
5314 * it is caller's responsibility to free the result.
5315 */
5316 static struct mbuf *
5317 key_getmsgbuf_x1(m, mhp)
5318 struct mbuf *m;
5319 const struct sadb_msghdr *mhp;
5320 {
5321 struct mbuf *n;
5322
5323 /* sanity check */
5324 if (m == NULL || mhp == NULL || mhp->msg == NULL)
5325 panic("key_getmsgbuf_x1: NULL pointer is passed.");
5326
5327 /* create new sadb_msg to reply. */
5328 n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED,
5329 SADB_EXT_SA, SADB_X_EXT_SA2,
5330 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
5331 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
5332 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST);
5333 if (!n)
5334 return NULL;
5335
5336 if (n->m_len < sizeof(struct sadb_msg)) {
5337 n = m_pullup(n, sizeof(struct sadb_msg));
5338 if (n == NULL)
5339 return NULL;
5340 }
5341 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
5342 mtod(n, struct sadb_msg *)->sadb_msg_len =
5343 PFKEY_UNIT64(n->m_pkthdr.len);
5344
5345 return n;
5346 }
5347
5348 static int key_delete_all(struct socket *, struct mbuf *,
5349 const struct sadb_msghdr *, u_int16_t);
5350
5351 /*
5352 * SADB_DELETE processing
5353 * receive
5354 * <base, SA(*), address(SD)>
5355 * from the ikmpd, and set SADB_SASTATE_DEAD,
5356 * and send,
5357 * <base, SA(*), address(SD)>
5358 * to the ikmpd.
5359 *
5360 * m will always be freed.
5361 */
5362 static int
5363 key_delete(so, m, mhp)
5364 struct socket *so;
5365 struct mbuf *m;
5366 const struct sadb_msghdr *mhp;
5367 {
5368 struct sadb_sa *sa0;
5369 struct sadb_address *src0, *dst0;
5370 struct secasindex saidx;
5371 struct secashead *sah;
5372 struct secasvar *sav = NULL;
5373 u_int16_t proto;
5374
5375 /* sanity check */
5376 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5377 panic("key_delete: NULL pointer is passed.");
5378
5379 /* map satype to proto */
5380 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5381 ipseclog((LOG_DEBUG, "key_delete: invalid satype is passed.\n"));
5382 return key_senderror(so, m, EINVAL);
5383 }
5384
5385 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5386 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5387 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5388 return key_senderror(so, m, EINVAL);
5389 }
5390
5391 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5392 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5393 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5394 return key_senderror(so, m, EINVAL);
5395 }
5396
5397 if (mhp->ext[SADB_EXT_SA] == NULL) {
5398 /*
5399 * Caller wants us to delete all non-LARVAL SAs
5400 * that match the src/dst. This is used during
5401 * IKE INITIAL-CONTACT.
5402 */
5403 ipseclog((LOG_DEBUG, "key_delete: doing delete all.\n"));
5404 return key_delete_all(so, m, mhp, proto);
5405 } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
5406 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5407 return key_senderror(so, m, EINVAL);
5408 }
5409
5410 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5411 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5412 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5413
5414 /* XXX boundary check against sa_len */
5415 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
5416
5417 /* get a SA header */
5418 LIST_FOREACH(sah, &sahtree, chain) {
5419 if (sah->state == SADB_SASTATE_DEAD)
5420 continue;
5421 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
5422 continue;
5423
5424 /* get a SA with SPI. */
5425 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
5426 if (sav)
5427 break;
5428 }
5429 if (sah == NULL) {
5430 ipseclog((LOG_DEBUG, "key_delete: no SA found.\n"));
5431 return key_senderror(so, m, ENOENT);
5432 }
5433
5434 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5435 key_freesav(sav);
5436 sav = NULL;
5437
5438 {
5439 struct mbuf *n;
5440 struct sadb_msg *newmsg;
5441
5442 /* create new sadb_msg to reply. */
5443 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
5444 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
5445 if (!n)
5446 return key_senderror(so, m, ENOBUFS);
5447
5448 if (n->m_len < sizeof(struct sadb_msg)) {
5449 n = m_pullup(n, sizeof(struct sadb_msg));
5450 if (n == NULL)
5451 return key_senderror(so, m, ENOBUFS);
5452 }
5453 newmsg = mtod(n, struct sadb_msg *);
5454 newmsg->sadb_msg_errno = 0;
5455 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5456
5457 m_freem(m);
5458 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5459 }
5460 }
5461
5462 /*
5463 * delete all SAs for src/dst. Called from key_delete().
5464 */
5465 static int
5466 key_delete_all(so, m, mhp, proto)
5467 struct socket *so;
5468 struct mbuf *m;
5469 const struct sadb_msghdr *mhp;
5470 u_int16_t proto;
5471 {
5472 struct sadb_address *src0, *dst0;
5473 struct secasindex saidx;
5474 struct secashead *sah;
5475 struct secasvar *sav, *nextsav;
5476 u_int stateidx, state;
5477
5478 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5479 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5480
5481 /* XXX boundary check against sa_len */
5482 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
5483
5484 LIST_FOREACH(sah, &sahtree, chain) {
5485 if (sah->state == SADB_SASTATE_DEAD)
5486 continue;
5487 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
5488 continue;
5489
5490 /* Delete all non-LARVAL SAs. */
5491 for (stateidx = 0;
5492 stateidx < _ARRAYLEN(saorder_state_alive);
5493 stateidx++) {
5494 state = saorder_state_alive[stateidx];
5495 if (state == SADB_SASTATE_LARVAL)
5496 continue;
5497 for (sav = LIST_FIRST(&sah->savtree[state]);
5498 sav != NULL; sav = nextsav) {
5499 nextsav = LIST_NEXT(sav, chain);
5500 /* sanity check */
5501 if (sav->state != state) {
5502 ipseclog((LOG_DEBUG, "key_delete_all: "
5503 "invalid sav->state "
5504 "(queue: %u SA: %u)\n",
5505 state, sav->state));
5506 continue;
5507 }
5508
5509 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5510 key_freesav(sav);
5511 }
5512 }
5513 }
5514 {
5515 struct mbuf *n;
5516 struct sadb_msg *newmsg;
5517
5518 /* create new sadb_msg to reply. */
5519 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED,
5520 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
5521 if (!n)
5522 return key_senderror(so, m, ENOBUFS);
5523
5524 if (n->m_len < sizeof(struct sadb_msg)) {
5525 n = m_pullup(n, sizeof(struct sadb_msg));
5526 if (n == NULL)
5527 return key_senderror(so, m, ENOBUFS);
5528 }
5529 newmsg = mtod(n, struct sadb_msg *);
5530 newmsg->sadb_msg_errno = 0;
5531 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5532
5533 m_freem(m);
5534 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5535 }
5536 }
5537
5538 /*
5539 * SADB_GET processing
5540 * receive
5541 * <base, SA(*), address(SD)>
5542 * from the ikmpd, and get a SP and a SA to respond,
5543 * and send,
5544 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
5545 * (identity(SD),) (sensitivity)>
5546 * to the ikmpd.
5547 *
5548 * m will always be freed.
5549 */
5550 static int
5551 key_get(so, m, mhp)
5552 struct socket *so;
5553 struct mbuf *m;
5554 const struct sadb_msghdr *mhp;
5555 {
5556 struct sadb_sa *sa0;
5557 struct sadb_address *src0, *dst0;
5558 struct secasindex saidx;
5559 struct secashead *sah;
5560 struct secasvar *sav = NULL;
5561 u_int16_t proto;
5562
5563 /* sanity check */
5564 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5565 panic("key_get: NULL pointer is passed.");
5566
5567 /* map satype to proto */
5568 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5569 ipseclog((LOG_DEBUG, "key_get: invalid satype is passed.\n"));
5570 return key_senderror(so, m, EINVAL);
5571 }
5572
5573 if (mhp->ext[SADB_EXT_SA] == NULL ||
5574 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5575 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5576 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
5577 return key_senderror(so, m, EINVAL);
5578 }
5579 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
5580 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5581 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5582 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
5583 return key_senderror(so, m, EINVAL);
5584 }
5585
5586 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5587 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
5588 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
5589
5590 /* XXX boundary check against sa_len */
5591 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
5592
5593 /* get a SA header */
5594 LIST_FOREACH(sah, &sahtree, chain) {
5595 if (sah->state == SADB_SASTATE_DEAD)
5596 continue;
5597 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
5598 continue;
5599
5600 /* get a SA with SPI. */
5601 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
5602 if (sav)
5603 break;
5604 }
5605 if (sah == NULL) {
5606 ipseclog((LOG_DEBUG, "key_get: no SA found.\n"));
5607 return key_senderror(so, m, ENOENT);
5608 }
5609
5610 {
5611 struct mbuf *n;
5612 u_int8_t satype;
5613
5614 /* map proto to satype */
5615 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
5616 ipseclog((LOG_DEBUG, "key_get: there was invalid proto in SAD.\n"));
5617 return key_senderror(so, m, EINVAL);
5618 }
5619
5620 /* create new sadb_msg to reply. */
5621 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
5622 mhp->msg->sadb_msg_pid);
5623 if (!n)
5624 return key_senderror(so, m, ENOBUFS);
5625
5626 m_freem(m);
5627 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
5628 }
5629 }
5630
5631 /* XXX make it sysctl-configurable? */
5632 static void
5633 key_getcomb_setlifetime(comb)
5634 struct sadb_comb *comb;
5635 {
5636
5637 comb->sadb_comb_soft_allocations = 1;
5638 comb->sadb_comb_hard_allocations = 1;
5639 comb->sadb_comb_soft_bytes = 0;
5640 comb->sadb_comb_hard_bytes = 0;
5641 comb->sadb_comb_hard_addtime = 86400; /* 1 day */
5642 comb->sadb_comb_soft_addtime = comb->sadb_comb_hard_addtime * 80 / 100;
5643 comb->sadb_comb_hard_usetime = 28800; /* 8 hours */
5644 comb->sadb_comb_soft_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
5645 }
5646
5647 #ifdef IPSEC_ESP
5648 /*
5649 * XXX reorder combinations by preference
5650 * XXX no idea if the user wants ESP authentication or not
5651 */
5652 static struct mbuf *
5653 key_getcomb_esp()
5654 {
5655 struct sadb_comb *comb;
5656 const struct esp_algorithm *algo;
5657 struct mbuf *result = NULL, *m, *n;
5658 int encmin;
5659 int i, off, o;
5660 int totlen;
5661 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
5662
5663 m = NULL;
5664 for (i = 1; i <= SADB_EALG_MAX; i++) {
5665 algo = esp_algorithm_lookup(i);
5666 if (!algo)
5667 continue;
5668
5669 if (algo->keymax < ipsec_esp_keymin)
5670 continue;
5671 if (algo->keymin < ipsec_esp_keymin)
5672 encmin = ipsec_esp_keymin;
5673 else
5674 encmin = algo->keymin;
5675
5676 if (ipsec_esp_auth)
5677 m = key_getcomb_ah();
5678 else {
5679 #ifdef DIAGNOSTIC
5680 if (l > MLEN)
5681 panic("assumption failed in key_getcomb_esp");
5682 #endif
5683 MGET(m, M_DONTWAIT, MT_DATA);
5684 if (m) {
5685 M_ALIGN(m, l);
5686 m->m_len = l;
5687 m->m_next = NULL;
5688 bzero(mtod(m, caddr_t), m->m_len);
5689 }
5690 }
5691 if (!m)
5692 goto fail;
5693
5694 totlen = 0;
5695 for (n = m; n; n = n->m_next)
5696 totlen += n->m_len;
5697 #ifdef DIAGNOSTIC
5698 if (totlen % l)
5699 panic("assumption failed in key_getcomb_esp");
5700 #endif
5701
5702 for (off = 0; off < totlen; off += l) {
5703 n = m_pulldown(m, off, l, &o);
5704 if (!n) {
5705 /* m is already freed */
5706 goto fail;
5707 }
5708 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o);
5709 bzero(comb, sizeof(*comb));
5710 key_getcomb_setlifetime(comb);
5711 comb->sadb_comb_encrypt = i;
5712 comb->sadb_comb_encrypt_minbits = encmin;
5713 comb->sadb_comb_encrypt_maxbits = algo->keymax;
5714 }
5715
5716 if (!result)
5717 result = m;
5718 else
5719 m_cat(result, m);
5720 }
5721
5722 return result;
5723
5724 fail:
5725 if (result)
5726 m_freem(result);
5727 return NULL;
5728 }
5729 #endif
5730
5731 /*
5732 * XXX reorder combinations by preference
5733 */
5734 static struct mbuf *
5735 key_getcomb_ah()
5736 {
5737 struct sadb_comb *comb;
5738 const struct ah_algorithm *algo;
5739 struct mbuf *m;
5740 int min;
5741 int i;
5742 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
5743
5744 m = NULL;
5745 for (i = 1; i <= SADB_AALG_MAX; i++) {
5746 #if 1
5747 /* we prefer HMAC algorithms, not old algorithms */
5748 if (i != SADB_AALG_SHA1HMAC && i != SADB_AALG_MD5HMAC)
5749 continue;
5750 #endif
5751 algo = ah_algorithm_lookup(i);
5752 if (!algo)
5753 continue;
5754
5755 if (algo->keymax < ipsec_ah_keymin)
5756 continue;
5757 if (algo->keymin < ipsec_ah_keymin)
5758 min = ipsec_ah_keymin;
5759 else
5760 min = algo->keymin;
5761
5762 if (!m) {
5763 #ifdef DIAGNOSTIC
5764 if (l > MLEN)
5765 panic("assumption failed in key_getcomb_ah");
5766 #endif
5767 MGET(m, M_DONTWAIT, MT_DATA);
5768 if (m) {
5769 M_ALIGN(m, l);
5770 m->m_len = l;
5771 m->m_next = NULL;
5772 }
5773 } else
5774 M_PREPEND(m, l, M_DONTWAIT);
5775 if (!m)
5776 return NULL;
5777
5778 comb = mtod(m, struct sadb_comb *);
5779 bzero(comb, sizeof(*comb));
5780 key_getcomb_setlifetime(comb);
5781 comb->sadb_comb_auth = i;
5782 comb->sadb_comb_auth_minbits = min;
5783 comb->sadb_comb_auth_maxbits = algo->keymax;
5784 }
5785
5786 return m;
5787 }
5788
5789 /*
5790 * not really an official behavior. discussed in pf_key@inner.net in Sep2000.
5791 * XXX reorder combinations by preference
5792 */
5793 static struct mbuf *
5794 key_getcomb_ipcomp()
5795 {
5796 struct sadb_comb *comb;
5797 const struct ipcomp_algorithm *algo;
5798 struct mbuf *m;
5799 int i;
5800 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
5801
5802 m = NULL;
5803 for (i = 1; i <= SADB_X_CALG_MAX; i++) {
5804 algo = ipcomp_algorithm_lookup(i);
5805 if (!algo)
5806 continue;
5807
5808 if (!m) {
5809 #ifdef DIAGNOSTIC
5810 if (l > MLEN)
5811 panic("assumption failed in key_getcomb_ipcomp");
5812 #endif
5813 MGET(m, M_DONTWAIT, MT_DATA);
5814 if (m) {
5815 M_ALIGN(m, l);
5816 m->m_len = l;
5817 m->m_next = NULL;
5818 }
5819 } else
5820 M_PREPEND(m, l, M_DONTWAIT);
5821 if (!m)
5822 return NULL;
5823
5824 comb = mtod(m, struct sadb_comb *);
5825 bzero(comb, sizeof(*comb));
5826 key_getcomb_setlifetime(comb);
5827 comb->sadb_comb_encrypt = i;
5828 /* what should we set into sadb_comb_*_{min,max}bits? */
5829 }
5830
5831 return m;
5832 }
5833
5834 /*
5835 * XXX no way to pass mode (transport/tunnel) to userland
5836 * XXX replay checking?
5837 * XXX sysctl interface to ipsec_{ah,esp}_keymin
5838 */
5839 static struct mbuf *
5840 key_getprop(saidx)
5841 const struct secasindex *saidx;
5842 {
5843 struct sadb_prop *prop;
5844 struct mbuf *m, *n;
5845 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
5846 int totlen;
5847
5848 switch (saidx->proto) {
5849 #ifdef IPSEC_ESP
5850 case IPPROTO_ESP:
5851 m = key_getcomb_esp();
5852 break;
5853 #endif
5854 case IPPROTO_AH:
5855 m = key_getcomb_ah();
5856 break;
5857 case IPPROTO_IPCOMP:
5858 m = key_getcomb_ipcomp();
5859 break;
5860 default:
5861 return NULL;
5862 }
5863
5864 if (!m)
5865 return NULL;
5866 M_PREPEND(m, l, M_DONTWAIT);
5867 if (!m)
5868 return NULL;
5869
5870 totlen = 0;
5871 for (n = m; n; n = n->m_next)
5872 totlen += n->m_len;
5873
5874 prop = mtod(m, struct sadb_prop *);
5875 bzero(prop, sizeof(*prop));
5876 prop->sadb_prop_len = PFKEY_UNIT64(totlen);
5877 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
5878 prop->sadb_prop_replay = 32; /* XXX */
5879
5880 return m;
5881 }
5882
5883 /*
5884 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
5885 * send
5886 * <base, SA, address(SD), (address(P)), x_policy,
5887 * (identity(SD),) (sensitivity,) proposal>
5888 * to KMD, and expect to receive
5889 * <base> with SADB_ACQUIRE if error occured,
5890 * or
5891 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
5892 * from KMD by PF_KEY.
5893 *
5894 * XXX x_policy is outside of RFC2367 (KAME extension).
5895 * XXX sensitivity is not supported.
5896 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
5897 * see comment for key_getcomb_ipcomp().
5898 *
5899 * OUT:
5900 * 0 : succeed
5901 * others: error number
5902 */
5903 static int
5904 key_acquire(saidx, sp)
5905 struct secasindex *saidx;
5906 struct secpolicy *sp;
5907 {
5908 struct mbuf *result = NULL, *m;
5909 #ifndef IPSEC_NONBLOCK_ACQUIRE
5910 struct secacq *newacq;
5911 #endif
5912 u_int8_t satype;
5913 int error = -1;
5914 u_int32_t seq;
5915
5916 /* sanity check */
5917 if (saidx == NULL)
5918 panic("key_acquire: NULL pointer is passed.");
5919 if ((satype = key_proto2satype(saidx->proto)) == 0)
5920 panic("key_acquire: invalid proto is passed.");
5921
5922 #ifndef IPSEC_NONBLOCK_ACQUIRE
5923 /*
5924 * We never do anything about acquirng SA. There is anather
5925 * solution that kernel blocks to send SADB_ACQUIRE message until
5926 * getting something message from IKEd. In later case, to be
5927 * managed with ACQUIRING list.
5928 */
5929 /* get an entry to check whether sending message or not. */
5930 if ((newacq = key_getacq(saidx)) != NULL) {
5931 if (key_blockacq_count < newacq->count) {
5932 /* reset counter and do send message. */
5933 newacq->count = 0;
5934 } else {
5935 /* increment counter and do nothing. */
5936 newacq->count++;
5937 return 0;
5938 }
5939 } else {
5940 /* make new entry for blocking to send SADB_ACQUIRE. */
5941 if ((newacq = key_newacq(saidx)) == NULL)
5942 return ENOBUFS;
5943
5944 /* add to acqtree */
5945 LIST_INSERT_HEAD(&acqtree, newacq, chain);
5946 }
5947 #endif
5948
5949
5950 #ifndef IPSEC_NONBLOCK_ACQUIRE
5951 seq = newacq->seq;
5952 #else
5953 seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
5954 #endif
5955 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
5956 if (!m) {
5957 error = ENOBUFS;
5958 goto fail;
5959 }
5960 result = m;
5961
5962 /* set sadb_address for saidx's. */
5963 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
5964 (struct sockaddr *)&saidx->src, FULLMASK, IPSEC_ULPROTO_ANY);
5965 if (!m) {
5966 error = ENOBUFS;
5967 goto fail;
5968 }
5969 m_cat(result, m);
5970
5971 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
5972 (struct sockaddr *)&saidx->dst, FULLMASK, IPSEC_ULPROTO_ANY);
5973 if (!m) {
5974 error = ENOBUFS;
5975 goto fail;
5976 }
5977 m_cat(result, m);
5978
5979 /* XXX proxy address (optional) */
5980
5981 /* set sadb_x_policy */
5982 if (sp) {
5983 m = key_setsadbxpolicy(sp->policy, sp->dir, sp->id);
5984 if (!m) {
5985 error = ENOBUFS;
5986 goto fail;
5987 }
5988 m_cat(result, m);
5989 }
5990
5991 /* XXX identity (optional) */
5992 #if 0
5993 if (idexttype && fqdn) {
5994 /* create identity extension (FQDN) */
5995 struct sadb_ident *id;
5996 int fqdnlen;
5997
5998 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */
5999 id = (struct sadb_ident *)p;
6000 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
6001 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
6002 id->sadb_ident_exttype = idexttype;
6003 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
6004 bcopy(fqdn, id + 1, fqdnlen);
6005 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
6006 }
6007
6008 if (idexttype) {
6009 /* create identity extension (USERFQDN) */
6010 struct sadb_ident *id;
6011 int userfqdnlen;
6012
6013 if (userfqdn) {
6014 /* +1 for terminating-NUL */
6015 userfqdnlen = strlen(userfqdn) + 1;
6016 } else
6017 userfqdnlen = 0;
6018 id = (struct sadb_ident *)p;
6019 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
6020 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
6021 id->sadb_ident_exttype = idexttype;
6022 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
6023 /* XXX is it correct? */
6024 if (curproc && curproc->p_cred)
6025 id->sadb_ident_id = curproc->p_cred->p_ruid;
6026 if (userfqdn && userfqdnlen)
6027 bcopy(userfqdn, id + 1, userfqdnlen);
6028 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
6029 }
6030 #endif
6031
6032 /* XXX sensitivity (optional) */
6033
6034 /* create proposal/combination extension */
6035 m = key_getprop(saidx);
6036 #if 0
6037 /*
6038 * spec conformant: always attach proposal/combination extension,
6039 * the problem is that we have no way to attach it for ipcomp,
6040 * due to the way sadb_comb is declared in RFC2367.
6041 */
6042 if (!m) {
6043 error = ENOBUFS;
6044 goto fail;
6045 }
6046 m_cat(result, m);
6047 #else
6048 /*
6049 * outside of spec; make proposal/combination extension optional.
6050 */
6051 if (m)
6052 m_cat(result, m);
6053 #endif
6054
6055 if ((result->m_flags & M_PKTHDR) == 0) {
6056 error = EINVAL;
6057 goto fail;
6058 }
6059
6060 if (result->m_len < sizeof(struct sadb_msg)) {
6061 result = m_pullup(result, sizeof(struct sadb_msg));
6062 if (result == NULL) {
6063 error = ENOBUFS;
6064 goto fail;
6065 }
6066 }
6067
6068 result->m_pkthdr.len = 0;
6069 for (m = result; m; m = m->m_next)
6070 result->m_pkthdr.len += m->m_len;
6071
6072 mtod(result, struct sadb_msg *)->sadb_msg_len =
6073 PFKEY_UNIT64(result->m_pkthdr.len);
6074
6075 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
6076
6077 fail:
6078 if (result)
6079 m_freem(result);
6080 return error;
6081 }
6082
6083 #ifndef IPSEC_NONBLOCK_ACQUIRE
6084 static struct secacq *
6085 key_newacq(saidx)
6086 struct secasindex *saidx;
6087 {
6088 struct secacq *newacq;
6089
6090 /* get new entry */
6091 KMALLOC(newacq, struct secacq *, sizeof(struct secacq));
6092 if (newacq == NULL) {
6093 ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n"));
6094 return NULL;
6095 }
6096 bzero(newacq, sizeof(*newacq));
6097
6098 /* copy secindex */
6099 bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx));
6100 newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq);
6101 newacq->created = time_second;
6102 newacq->count = 0;
6103
6104 return newacq;
6105 }
6106
6107 static struct secacq *
6108 key_getacq(saidx)
6109 struct secasindex *saidx;
6110 {
6111 struct secacq *acq;
6112
6113 LIST_FOREACH(acq, &acqtree, chain) {
6114 if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY))
6115 return acq;
6116 }
6117
6118 return NULL;
6119 }
6120
6121 static struct secacq *
6122 key_getacqbyseq(seq)
6123 u_int32_t seq;
6124 {
6125 struct secacq *acq;
6126
6127 LIST_FOREACH(acq, &acqtree, chain) {
6128 if (acq->seq == seq)
6129 return acq;
6130 }
6131
6132 return NULL;
6133 }
6134 #endif
6135
6136 static struct secspacq *
6137 key_newspacq(spidx)
6138 struct secpolicyindex *spidx;
6139 {
6140 struct secspacq *acq;
6141
6142 if (!spidx)
6143 return NULL;
6144
6145 /* get new entry */
6146 KMALLOC(acq, struct secspacq *, sizeof(struct secspacq));
6147 if (acq == NULL) {
6148 ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n"));
6149 return NULL;
6150 }
6151 bzero(acq, sizeof(*acq));
6152
6153 /* copy secindex */
6154 bcopy(spidx, &acq->spidx, sizeof(acq->spidx));
6155 acq->created = time_second;
6156 acq->count = 1;
6157
6158 return acq;
6159 }
6160
6161 static struct secspacq *
6162 key_getspacq(spidx)
6163 struct secpolicyindex *spidx;
6164 {
6165 struct secspacq *acq;
6166
6167 if (!spidx)
6168 return NULL;
6169
6170 LIST_FOREACH(acq, &spacqtree, chain) {
6171 if (key_cmpspidx_exactly(spidx, &acq->spidx))
6172 return acq;
6173 }
6174
6175 return NULL;
6176 }
6177
6178 /*
6179 * SADB_ACQUIRE processing,
6180 * in first situation, is receiving
6181 * <base>
6182 * from the ikmpd, and clear sequence of its secasvar entry.
6183 *
6184 * In second situation, is receiving
6185 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
6186 * from a user land process, and return
6187 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
6188 * to the socket.
6189 *
6190 * m will always be freed.
6191 */
6192 static int
6193 key_acquire2(so, m, mhp)
6194 struct socket *so;
6195 struct mbuf *m;
6196 const struct sadb_msghdr *mhp;
6197 {
6198 struct sadb_address *src0, *dst0;
6199 struct secasindex saidx;
6200 struct secashead *sah;
6201 u_int16_t proto;
6202 int error;
6203
6204 /* sanity check */
6205 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6206 panic("key_acquire2: NULL pointer is passed.");
6207
6208 /*
6209 * Error message from KMd.
6210 * We assume that if error was occured in IKEd, the length of PFKEY
6211 * message is equal to the size of sadb_msg structure.
6212 * We do not raise error even if error occured in this function.
6213 */
6214 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
6215 #ifndef IPSEC_NONBLOCK_ACQUIRE
6216 struct secacq *acq;
6217
6218 /* check sequence number */
6219 if (mhp->msg->sadb_msg_seq == 0) {
6220 ipseclog((LOG_DEBUG, "key_acquire2: must specify sequence number.\n"));
6221 m_freem(m);
6222 return 0;
6223 }
6224
6225 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) {
6226 /*
6227 * the specified larval SA is already gone, or we got
6228 * a bogus sequence number. we can silently ignore it.
6229 */
6230 m_freem(m);
6231 return 0;
6232 }
6233
6234 /* reset acq counter in order to deletion by timehander. */
6235 acq->created = time_second;
6236 acq->count = 0;
6237 #endif
6238 m_freem(m);
6239 return 0;
6240 }
6241
6242 /*
6243 * This message is from user land.
6244 */
6245
6246 /* map satype to proto */
6247 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6248 ipseclog((LOG_DEBUG, "key_acquire2: invalid satype is passed.\n"));
6249 return key_senderror(so, m, EINVAL);
6250 }
6251
6252 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
6253 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
6254 mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
6255 /* error */
6256 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
6257 return key_senderror(so, m, EINVAL);
6258 }
6259 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
6260 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
6261 mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
6262 /* error */
6263 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
6264 return key_senderror(so, m, EINVAL);
6265 }
6266
6267 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
6268 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
6269
6270 /* XXX boundary check against sa_len */
6271 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
6272
6273 /* get a SA index */
6274 LIST_FOREACH(sah, &sahtree, chain) {
6275 if (sah->state == SADB_SASTATE_DEAD)
6276 continue;
6277 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID))
6278 break;
6279 }
6280 if (sah != NULL) {
6281 ipseclog((LOG_DEBUG, "key_acquire2: a SA exists already.\n"));
6282 return key_senderror(so, m, EEXIST);
6283 }
6284
6285 error = key_acquire(&saidx, NULL);
6286 if (error != 0) {
6287 ipseclog((LOG_DEBUG, "key_acquire2: error %d returned "
6288 "from key_acquire.\n", mhp->msg->sadb_msg_errno));
6289 return key_senderror(so, m, error);
6290 }
6291
6292 return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
6293 }
6294
6295 /*
6296 * SADB_REGISTER processing.
6297 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
6298 * receive
6299 * <base>
6300 * from the ikmpd, and register a socket to send PF_KEY messages,
6301 * and send
6302 * <base, supported>
6303 * to KMD by PF_KEY.
6304 * If socket is detached, must free from regnode.
6305 *
6306 * m will always be freed.
6307 */
6308 static int
6309 key_register(so, m, mhp)
6310 struct socket *so;
6311 struct mbuf *m;
6312 const struct sadb_msghdr *mhp;
6313 {
6314 struct secreg *reg, *newreg = 0;
6315
6316 /* sanity check */
6317 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6318 panic("key_register: NULL pointer is passed.");
6319
6320 /* check for invalid register message */
6321 if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0]))
6322 return key_senderror(so, m, EINVAL);
6323
6324 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
6325 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
6326 goto setmsg;
6327
6328 /* check whether existing or not */
6329 LIST_FOREACH(reg, ®tree[mhp->msg->sadb_msg_satype], chain) {
6330 if (reg->so == so) {
6331 ipseclog((LOG_DEBUG, "key_register: socket exists already.\n"));
6332 return key_senderror(so, m, EEXIST);
6333 }
6334 }
6335
6336 /* create regnode */
6337 KMALLOC(newreg, struct secreg *, sizeof(*newreg));
6338 if (newreg == NULL) {
6339 ipseclog((LOG_DEBUG, "key_register: No more memory.\n"));
6340 return key_senderror(so, m, ENOBUFS);
6341 }
6342 bzero((caddr_t)newreg, sizeof(*newreg));
6343
6344 newreg->so = so;
6345 ((struct keycb *)sotorawcb(so))->kp_registered++;
6346
6347 /* add regnode to regtree. */
6348 LIST_INSERT_HEAD(®tree[mhp->msg->sadb_msg_satype], newreg, chain);
6349
6350 setmsg:
6351 {
6352 struct mbuf *n;
6353 struct sadb_msg *newmsg;
6354 struct sadb_supported *sup;
6355 u_int len, alen, elen;
6356 int off;
6357 int i;
6358 struct sadb_alg *alg;
6359
6360 /* create new sadb_msg to reply. */
6361 alen = 0;
6362 for (i = 1; i <= SADB_AALG_MAX; i++) {
6363 if (ah_algorithm_lookup(i))
6364 alen += sizeof(struct sadb_alg);
6365 }
6366 if (alen)
6367 alen += sizeof(struct sadb_supported);
6368 elen = 0;
6369 #ifdef IPSEC_ESP
6370 for (i = 1; i <= SADB_EALG_MAX; i++) {
6371 if (esp_algorithm_lookup(i))
6372 elen += sizeof(struct sadb_alg);
6373 }
6374 if (elen)
6375 elen += sizeof(struct sadb_supported);
6376 #endif
6377
6378 len = sizeof(struct sadb_msg) + alen + elen;
6379
6380 if (len > MCLBYTES)
6381 return key_senderror(so, m, ENOBUFS);
6382
6383 MGETHDR(n, M_DONTWAIT, MT_DATA);
6384 if (len > MHLEN) {
6385 MCLGET(n, M_DONTWAIT);
6386 if ((n->m_flags & M_EXT) == 0) {
6387 m_freem(n);
6388 n = NULL;
6389 }
6390 }
6391 if (!n)
6392 return key_senderror(so, m, ENOBUFS);
6393
6394 n->m_pkthdr.len = n->m_len = len;
6395 n->m_next = NULL;
6396 off = 0;
6397
6398 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
6399 newmsg = mtod(n, struct sadb_msg *);
6400 newmsg->sadb_msg_errno = 0;
6401 newmsg->sadb_msg_len = PFKEY_UNIT64(len);
6402 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
6403
6404 /* for authentication algorithm */
6405 if (alen) {
6406 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
6407 sup->sadb_supported_len = PFKEY_UNIT64(alen);
6408 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
6409 off += PFKEY_ALIGN8(sizeof(*sup));
6410
6411 for (i = 1; i <= SADB_AALG_MAX; i++) {
6412 const struct ah_algorithm *aalgo;
6413
6414 aalgo = ah_algorithm_lookup(i);
6415 if (!aalgo)
6416 continue;
6417 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
6418 alg->sadb_alg_id = i;
6419 alg->sadb_alg_ivlen = 0;
6420 alg->sadb_alg_minbits = aalgo->keymin;
6421 alg->sadb_alg_maxbits = aalgo->keymax;
6422 off += PFKEY_ALIGN8(sizeof(*alg));
6423 }
6424 }
6425
6426 #ifdef IPSEC_ESP
6427 /* for encryption algorithm */
6428 if (elen) {
6429 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
6430 sup->sadb_supported_len = PFKEY_UNIT64(elen);
6431 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
6432 off += PFKEY_ALIGN8(sizeof(*sup));
6433
6434 for (i = 1; i <= SADB_EALG_MAX; i++) {
6435 const struct esp_algorithm *ealgo;
6436
6437 ealgo = esp_algorithm_lookup(i);
6438 if (!ealgo)
6439 continue;
6440 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
6441 alg->sadb_alg_id = i;
6442 if (ealgo && ealgo->ivlen) {
6443 /*
6444 * give NULL to get the value preferred by
6445 * algorithm XXX SADB_X_EXT_DERIV ?
6446 */
6447 alg->sadb_alg_ivlen =
6448 (*ealgo->ivlen)(ealgo, NULL);
6449 } else
6450 alg->sadb_alg_ivlen = 0;
6451 alg->sadb_alg_minbits = ealgo->keymin;
6452 alg->sadb_alg_maxbits = ealgo->keymax;
6453 off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
6454 }
6455 }
6456 #endif
6457
6458 #ifdef DIGAGNOSTIC
6459 if (off != len)
6460 panic("length assumption failed in key_register");
6461 #endif
6462
6463 m_freem(m);
6464 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
6465 }
6466 }
6467
6468 /*
6469 * free secreg entry registered.
6470 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
6471 */
6472 void
6473 key_freereg(so)
6474 struct socket *so;
6475 {
6476 struct secreg *reg;
6477 int i;
6478
6479 /* sanity check */
6480 if (so == NULL)
6481 panic("key_freereg: NULL pointer is passed.");
6482
6483 /*
6484 * check whether existing or not.
6485 * check all type of SA, because there is a potential that
6486 * one socket is registered to multiple type of SA.
6487 */
6488 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
6489 LIST_FOREACH(reg, ®tree[i], chain) {
6490 if (reg->so == so && __LIST_CHAINED(reg)) {
6491 LIST_REMOVE(reg, chain);
6492 KFREE(reg);
6493 break;
6494 }
6495 }
6496 }
6497
6498 return;
6499 }
6500
6501 /*
6502 * SADB_EXPIRE processing
6503 * send
6504 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
6505 * to KMD by PF_KEY.
6506 * NOTE: We send only soft lifetime extension.
6507 *
6508 * OUT: 0 : succeed
6509 * others : error number
6510 */
6511 static int
6512 key_expire(sav)
6513 struct secasvar *sav;
6514 {
6515 int s;
6516 int satype;
6517 struct mbuf *result = NULL, *m;
6518 int len;
6519 int error = -1;
6520 struct sadb_lifetime *lt;
6521
6522 /* XXX: Why do we lock ? */
6523 s = splnet(); /*called from softclock()*/
6524
6525 /* sanity check */
6526 if (sav == NULL)
6527 panic("key_expire: NULL pointer is passed.");
6528 if (sav->sah == NULL)
6529 panic("key_expire: Why was SA index in SA NULL.");
6530 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
6531 panic("key_expire: invalid proto is passed.");
6532
6533 /* set msg header */
6534 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
6535 if (!m) {
6536 error = ENOBUFS;
6537 goto fail;
6538 }
6539 result = m;
6540
6541 /* create SA extension */
6542 m = key_setsadbsa(sav);
6543 if (!m) {
6544 error = ENOBUFS;
6545 goto fail;
6546 }
6547 m_cat(result, m);
6548
6549 /* create SA extension */
6550 m = key_setsadbxsa2(sav->sah->saidx.mode,
6551 sav->replay ? (sav->replay->count & 0xffffffff) : 0,
6552 sav->sah->saidx.reqid);
6553 if (!m) {
6554 error = ENOBUFS;
6555 goto fail;
6556 }
6557 m_cat(result, m);
6558
6559 /* create lifetime extension (current and soft) */
6560 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
6561 m = key_alloc_mbuf(len);
6562 if (!m || m->m_next) { /*XXX*/
6563 if (m)
6564 m_freem(m);
6565 error = ENOBUFS;
6566 goto fail;
6567 }
6568 bzero(mtod(m, caddr_t), len);
6569 lt = mtod(m, struct sadb_lifetime *);
6570 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
6571 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
6572 lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations;
6573 lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes;
6574 lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime;
6575 lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime;
6576 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
6577 bcopy(sav->lft_s, lt, sizeof(*lt));
6578 m_cat(result, m);
6579
6580 /* set sadb_address for source */
6581 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
6582 (struct sockaddr *)&sav->sah->saidx.src,
6583 FULLMASK, IPSEC_ULPROTO_ANY);
6584 if (!m) {
6585 error = ENOBUFS;
6586 goto fail;
6587 }
6588 m_cat(result, m);
6589
6590 /* set sadb_address for destination */
6591 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
6592 (struct sockaddr *)&sav->sah->saidx.dst,
6593 FULLMASK, IPSEC_ULPROTO_ANY);
6594 if (!m) {
6595 error = ENOBUFS;
6596 goto fail;
6597 }
6598 m_cat(result, m);
6599
6600 if ((result->m_flags & M_PKTHDR) == 0) {
6601 error = EINVAL;
6602 goto fail;
6603 }
6604
6605 if (result->m_len < sizeof(struct sadb_msg)) {
6606 result = m_pullup(result, sizeof(struct sadb_msg));
6607 if (result == NULL) {
6608 error = ENOBUFS;
6609 goto fail;
6610 }
6611 }
6612
6613 result->m_pkthdr.len = 0;
6614 for (m = result; m; m = m->m_next)
6615 result->m_pkthdr.len += m->m_len;
6616
6617 mtod(result, struct sadb_msg *)->sadb_msg_len =
6618 PFKEY_UNIT64(result->m_pkthdr.len);
6619
6620 splx(s);
6621 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
6622
6623 fail:
6624 if (result)
6625 m_freem(result);
6626 splx(s);
6627 return error;
6628 }
6629
6630 /*
6631 * SADB_FLUSH processing
6632 * receive
6633 * <base>
6634 * from the ikmpd, and free all entries in secastree.
6635 * and send,
6636 * <base>
6637 * to the ikmpd.
6638 * NOTE: to do is only marking SADB_SASTATE_DEAD.
6639 *
6640 * m will always be freed.
6641 */
6642 static int
6643 key_flush(so, m, mhp)
6644 struct socket *so;
6645 struct mbuf *m;
6646 const struct sadb_msghdr *mhp;
6647 {
6648 struct sadb_msg *newmsg;
6649 struct secashead *sah, *nextsah;
6650 struct secasvar *sav, *nextsav;
6651 u_int16_t proto;
6652 u_int8_t state;
6653 u_int stateidx;
6654
6655 /* sanity check */
6656 if (so == NULL || mhp == NULL || mhp->msg == NULL)
6657 panic("key_flush: NULL pointer is passed.");
6658
6659 /* map satype to proto */
6660 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6661 ipseclog((LOG_DEBUG, "key_flush: invalid satype is passed.\n"));
6662 return key_senderror(so, m, EINVAL);
6663 }
6664
6665 /* no SATYPE specified, i.e. flushing all SA. */
6666 for (sah = LIST_FIRST(&sahtree); sah != NULL; sah = nextsah) {
6667 nextsah = LIST_NEXT(sah, chain);
6668
6669 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
6670 proto != sah->saidx.proto)
6671 continue;
6672
6673 for (stateidx = 0;
6674 stateidx < _ARRAYLEN(saorder_state_alive);
6675 stateidx++) {
6676 state = saorder_state_any[stateidx];
6677 for (sav = LIST_FIRST(&sah->savtree[state]);
6678 sav != NULL;
6679 sav = nextsav) {
6680
6681 nextsav = LIST_NEXT(sav, chain);
6682
6683 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
6684 key_freesav(sav);
6685 }
6686 }
6687
6688 sah->state = SADB_SASTATE_DEAD;
6689 }
6690
6691 if (m->m_len < sizeof(struct sadb_msg) ||
6692 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
6693 ipseclog((LOG_DEBUG, "key_flush: No more memory.\n"));
6694 return key_senderror(so, m, ENOBUFS);
6695 }
6696
6697 if (m->m_next)
6698 m_freem(m->m_next);
6699 m->m_next = NULL;
6700 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
6701 newmsg = mtod(m, struct sadb_msg *);
6702 newmsg->sadb_msg_errno = 0;
6703 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
6704
6705 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
6706 }
6707
6708 /*
6709 * SADB_DUMP processing
6710 * dump all entries including status of DEAD in SAD.
6711 * receive
6712 * <base>
6713 * from the ikmpd, and dump all secasvar leaves
6714 * and send,
6715 * <base> .....
6716 * to the ikmpd.
6717 *
6718 * m will always be freed.
6719 */
6720 static int
6721 key_dump(so, m, mhp)
6722 struct socket *so;
6723 struct mbuf *m;
6724 const struct sadb_msghdr *mhp;
6725 {
6726 struct secashead *sah;
6727 struct secasvar *sav;
6728 u_int16_t proto;
6729 u_int stateidx;
6730 u_int8_t satype;
6731 u_int8_t state;
6732 int cnt;
6733 struct mbuf *n;
6734
6735 /* sanity check */
6736 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6737 panic("key_dump: NULL pointer is passed.");
6738
6739 /* map satype to proto */
6740 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6741 ipseclog((LOG_DEBUG, "key_dump: invalid satype is passed.\n"));
6742 return key_senderror(so, m, EINVAL);
6743 }
6744
6745 /* count sav entries to be sent to the userland. */
6746 cnt = 0;
6747 LIST_FOREACH(sah, &sahtree, chain) {
6748 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
6749 proto != sah->saidx.proto)
6750 continue;
6751
6752 for (stateidx = 0;
6753 stateidx < _ARRAYLEN(saorder_state_any);
6754 stateidx++) {
6755 state = saorder_state_any[stateidx];
6756 LIST_FOREACH(sav, &sah->savtree[state], chain) {
6757 cnt++;
6758 }
6759 }
6760 }
6761
6762 if (cnt == 0)
6763 return key_senderror(so, m, ENOENT);
6764
6765 /* send this to the userland, one at a time. */
6766 LIST_FOREACH(sah, &sahtree, chain) {
6767 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
6768 proto != sah->saidx.proto)
6769 continue;
6770
6771 /* map proto to satype */
6772 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
6773 ipseclog((LOG_DEBUG, "key_dump: there was invalid proto in SAD.\n"));
6774 return key_senderror(so, m, EINVAL);
6775 }
6776
6777 for (stateidx = 0;
6778 stateidx < _ARRAYLEN(saorder_state_any);
6779 stateidx++) {
6780 state = saorder_state_any[stateidx];
6781 LIST_FOREACH(sav, &sah->savtree[state], chain) {
6782 n = key_setdumpsa(sav, SADB_DUMP, satype,
6783 --cnt, mhp->msg->sadb_msg_pid);
6784 if (!n)
6785 return key_senderror(so, m, ENOBUFS);
6786
6787 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
6788 }
6789 }
6790 }
6791
6792 m_freem(m);
6793 return 0;
6794 }
6795
6796 /*
6797 * SADB_X_PROMISC processing
6798 *
6799 * m will always be freed.
6800 */
6801 static int
6802 key_promisc(so, m, mhp)
6803 struct socket *so;
6804 struct mbuf *m;
6805 const struct sadb_msghdr *mhp;
6806 {
6807 int olen;
6808
6809 /* sanity check */
6810 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6811 panic("key_promisc: NULL pointer is passed.");
6812
6813 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
6814
6815 if (olen < sizeof(struct sadb_msg)) {
6816 #if 1
6817 return key_senderror(so, m, EINVAL);
6818 #else
6819 m_freem(m);
6820 return 0;
6821 #endif
6822 } else if (olen == sizeof(struct sadb_msg)) {
6823 /* enable/disable promisc mode */
6824 struct keycb *kp;
6825
6826 if ((kp = (struct keycb *)sotorawcb(so)) == NULL)
6827 return key_senderror(so, m, EINVAL);
6828 mhp->msg->sadb_msg_errno = 0;
6829 switch (mhp->msg->sadb_msg_satype) {
6830 case 0:
6831 case 1:
6832 kp->kp_promisc = mhp->msg->sadb_msg_satype;
6833 break;
6834 default:
6835 return key_senderror(so, m, EINVAL);
6836 }
6837
6838 /* send the original message back to everyone */
6839 mhp->msg->sadb_msg_errno = 0;
6840 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
6841 } else {
6842 /* send packet as is */
6843
6844 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
6845
6846 /* TODO: if sadb_msg_seq is specified, send to specific pid */
6847 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
6848 }
6849 }
6850
6851 static int (*key_typesw[])(struct socket *, struct mbuf *,
6852 const struct sadb_msghdr *) = {
6853 NULL, /* SADB_RESERVED */
6854 key_getspi, /* SADB_GETSPI */
6855 key_update, /* SADB_UPDATE */
6856 key_add, /* SADB_ADD */
6857 key_delete, /* SADB_DELETE */
6858 key_get, /* SADB_GET */
6859 key_acquire2, /* SADB_ACQUIRE */
6860 key_register, /* SADB_REGISTER */
6861 NULL, /* SADB_EXPIRE */
6862 key_flush, /* SADB_FLUSH */
6863 key_dump, /* SADB_DUMP */
6864 key_promisc, /* SADB_X_PROMISC */
6865 NULL, /* SADB_X_PCHANGE */
6866 key_spdadd, /* SADB_X_SPDUPDATE */
6867 key_spdadd, /* SADB_X_SPDADD */
6868 key_spddelete, /* SADB_X_SPDDELETE */
6869 key_spdget, /* SADB_X_SPDGET */
6870 NULL, /* SADB_X_SPDACQUIRE */
6871 key_spddump, /* SADB_X_SPDDUMP */
6872 key_spdflush, /* SADB_X_SPDFLUSH */
6873 key_spdadd, /* SADB_X_SPDSETIDX */
6874 NULL, /* SADB_X_SPDEXPIRE */
6875 key_spddelete2, /* SADB_X_SPDDELETE2 */
6876 };
6877
6878 /*
6879 * parse sadb_msg buffer to process PFKEYv2,
6880 * and create a data to response if needed.
6881 * I think to be dealed with mbuf directly.
6882 * IN:
6883 * msgp : pointer to pointer to a received buffer pulluped.
6884 * This is rewrited to response.
6885 * so : pointer to socket.
6886 * OUT:
6887 * length for buffer to send to user process.
6888 */
6889 int
6890 key_parse(m, so)
6891 struct mbuf *m;
6892 struct socket *so;
6893 {
6894 struct sadb_msg *msg;
6895 struct sadb_msghdr mh;
6896 u_int orglen;
6897 int error;
6898 int target;
6899
6900 /* sanity check */
6901 if (m == NULL || so == NULL)
6902 panic("key_parse: NULL pointer is passed.");
6903
6904 #if 0 /*kdebug_sadb assumes msg in linear buffer*/
6905 KEYDEBUG(KEYDEBUG_KEY_DUMP,
6906 ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n"));
6907 kdebug_sadb(msg));
6908 #endif
6909
6910 if (m->m_len < sizeof(struct sadb_msg)) {
6911 m = m_pullup(m, sizeof(struct sadb_msg));
6912 if (!m)
6913 return ENOBUFS;
6914 }
6915 msg = mtod(m, struct sadb_msg *);
6916 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
6917 target = KEY_SENDUP_ONE;
6918
6919 if ((m->m_flags & M_PKTHDR) == 0 ||
6920 m->m_pkthdr.len != m->m_pkthdr.len) {
6921 ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n"));
6922 pfkeystat.out_invlen++;
6923 error = EINVAL;
6924 goto senderror;
6925 }
6926
6927 if (msg->sadb_msg_version != PF_KEY_V2) {
6928 ipseclog((LOG_DEBUG,
6929 "key_parse: PF_KEY version %u is mismatched.\n",
6930 msg->sadb_msg_version));
6931 pfkeystat.out_invver++;
6932 error = EINVAL;
6933 goto senderror;
6934 }
6935
6936 if (msg->sadb_msg_type > SADB_MAX) {
6937 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
6938 msg->sadb_msg_type));
6939 pfkeystat.out_invmsgtype++;
6940 error = EINVAL;
6941 goto senderror;
6942 }
6943
6944 /* for old-fashioned code - should be nuked */
6945 if (m->m_pkthdr.len > MCLBYTES) {
6946 m_freem(m);
6947 return ENOBUFS;
6948 }
6949 if (m->m_next) {
6950 struct mbuf *n;
6951
6952 MGETHDR(n, M_DONTWAIT, MT_DATA);
6953 if (n && m->m_pkthdr.len > MHLEN) {
6954 MCLGET(n, M_DONTWAIT);
6955 if ((n->m_flags & M_EXT) == 0) {
6956 m_free(n);
6957 n = NULL;
6958 }
6959 }
6960 if (!n) {
6961 m_freem(m);
6962 return ENOBUFS;
6963 }
6964 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t));
6965 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
6966 n->m_next = NULL;
6967 m_freem(m);
6968 m = n;
6969 }
6970
6971 /* align the mbuf chain so that extensions are in contiguous region. */
6972 error = key_align(m, &mh);
6973 if (error)
6974 return error;
6975
6976 if (m->m_next) { /*XXX*/
6977 m_freem(m);
6978 return ENOBUFS;
6979 }
6980
6981 msg = mh.msg;
6982
6983 /* check SA type */
6984 switch (msg->sadb_msg_satype) {
6985 case SADB_SATYPE_UNSPEC:
6986 switch (msg->sadb_msg_type) {
6987 case SADB_GETSPI:
6988 case SADB_UPDATE:
6989 case SADB_ADD:
6990 case SADB_DELETE:
6991 case SADB_GET:
6992 case SADB_ACQUIRE:
6993 case SADB_EXPIRE:
6994 ipseclog((LOG_DEBUG, "key_parse: must specify satype "
6995 "when msg type=%u.\n", msg->sadb_msg_type));
6996 pfkeystat.out_invsatype++;
6997 error = EINVAL;
6998 goto senderror;
6999 }
7000 break;
7001 case SADB_SATYPE_AH:
7002 case SADB_SATYPE_ESP:
7003 case SADB_X_SATYPE_IPCOMP:
7004 switch (msg->sadb_msg_type) {
7005 case SADB_X_SPDADD:
7006 case SADB_X_SPDDELETE:
7007 case SADB_X_SPDGET:
7008 case SADB_X_SPDDUMP:
7009 case SADB_X_SPDFLUSH:
7010 case SADB_X_SPDSETIDX:
7011 case SADB_X_SPDUPDATE:
7012 case SADB_X_SPDDELETE2:
7013 ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n",
7014 msg->sadb_msg_type));
7015 pfkeystat.out_invsatype++;
7016 error = EINVAL;
7017 goto senderror;
7018 }
7019 break;
7020 case SADB_SATYPE_RSVP:
7021 case SADB_SATYPE_OSPFV2:
7022 case SADB_SATYPE_RIPV2:
7023 case SADB_SATYPE_MIP:
7024 ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n",
7025 msg->sadb_msg_satype));
7026 pfkeystat.out_invsatype++;
7027 error = EOPNOTSUPP;
7028 goto senderror;
7029 case 1: /* XXX: What does it do? */
7030 if (msg->sadb_msg_type == SADB_X_PROMISC)
7031 break;
7032 /*FALLTHROUGH*/
7033 default:
7034 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
7035 msg->sadb_msg_satype));
7036 pfkeystat.out_invsatype++;
7037 error = EINVAL;
7038 goto senderror;
7039 }
7040
7041 /* check field of upper layer protocol and address family */
7042 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL &&
7043 mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
7044 struct sadb_address *src0, *dst0;
7045 u_int plen;
7046
7047 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
7048 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
7049
7050 /* check upper layer protocol */
7051 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
7052 ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n"));
7053 pfkeystat.out_invaddr++;
7054 error = EINVAL;
7055 goto senderror;
7056 }
7057
7058 /* check family */
7059 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
7060 PFKEY_ADDR_SADDR(dst0)->sa_family) {
7061 ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n"));
7062 pfkeystat.out_invaddr++;
7063 error = EINVAL;
7064 goto senderror;
7065 }
7066 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7067 PFKEY_ADDR_SADDR(dst0)->sa_len) {
7068 ipseclog((LOG_DEBUG,
7069 "key_parse: address struct size mismatched.\n"));
7070 pfkeystat.out_invaddr++;
7071 error = EINVAL;
7072 goto senderror;
7073 }
7074
7075 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
7076 case AF_INET:
7077 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7078 sizeof(struct sockaddr_in)) {
7079 pfkeystat.out_invaddr++;
7080 error = EINVAL;
7081 goto senderror;
7082 }
7083 break;
7084 case AF_INET6:
7085 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7086 sizeof(struct sockaddr_in6)) {
7087 pfkeystat.out_invaddr++;
7088 error = EINVAL;
7089 goto senderror;
7090 }
7091 break;
7092 default:
7093 ipseclog((LOG_DEBUG,
7094 "key_parse: unsupported address family.\n"));
7095 pfkeystat.out_invaddr++;
7096 error = EAFNOSUPPORT;
7097 goto senderror;
7098 }
7099
7100 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
7101 case AF_INET:
7102 plen = sizeof(struct in_addr) << 3;
7103 break;
7104 case AF_INET6:
7105 plen = sizeof(struct in6_addr) << 3;
7106 break;
7107 default:
7108 plen = 0; /*fool gcc*/
7109 break;
7110 }
7111
7112 /* check max prefix length */
7113 if (src0->sadb_address_prefixlen > plen ||
7114 dst0->sadb_address_prefixlen > plen) {
7115 ipseclog((LOG_DEBUG,
7116 "key_parse: illegal prefixlen.\n"));
7117 pfkeystat.out_invaddr++;
7118 error = EINVAL;
7119 goto senderror;
7120 }
7121
7122 /*
7123 * prefixlen == 0 is valid because there can be a case when
7124 * all addresses are matched.
7125 */
7126 }
7127
7128 if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
7129 key_typesw[msg->sadb_msg_type] == NULL) {
7130 pfkeystat.out_invmsgtype++;
7131 error = EINVAL;
7132 goto senderror;
7133 }
7134
7135 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
7136
7137 senderror:
7138 msg->sadb_msg_errno = error;
7139 return key_sendup_mbuf(so, m, target);
7140 }
7141
7142 static int
7143 key_senderror(so, m, code)
7144 struct socket *so;
7145 struct mbuf *m;
7146 int code;
7147 {
7148 struct sadb_msg *msg;
7149
7150 if (m->m_len < sizeof(struct sadb_msg))
7151 panic("invalid mbuf passed to key_senderror");
7152
7153 msg = mtod(m, struct sadb_msg *);
7154 msg->sadb_msg_errno = code;
7155 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
7156 }
7157
7158 /*
7159 * set the pointer to each header into message buffer.
7160 * m will be freed on error.
7161 * XXX larger-than-MCLBYTES extension?
7162 */
7163 static int
7164 key_align(m, mhp)
7165 struct mbuf *m;
7166 struct sadb_msghdr *mhp;
7167 {
7168 struct mbuf *n;
7169 struct sadb_ext *ext;
7170 size_t off, end;
7171 int extlen;
7172 int toff;
7173
7174 /* sanity check */
7175 if (m == NULL || mhp == NULL)
7176 panic("key_align: NULL pointer is passed.");
7177 if (m->m_len < sizeof(struct sadb_msg))
7178 panic("invalid mbuf passed to key_align");
7179
7180 /* initialize */
7181 bzero(mhp, sizeof(*mhp));
7182
7183 mhp->msg = mtod(m, struct sadb_msg *);
7184 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */
7185
7186 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
7187 extlen = end; /*just in case extlen is not updated*/
7188 for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
7189 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
7190 if (!n) {
7191 /* m is already freed */
7192 return ENOBUFS;
7193 }
7194 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
7195
7196 /* set pointer */
7197 switch (ext->sadb_ext_type) {
7198 case SADB_EXT_SA:
7199 case SADB_EXT_ADDRESS_SRC:
7200 case SADB_EXT_ADDRESS_DST:
7201 case SADB_EXT_ADDRESS_PROXY:
7202 case SADB_EXT_LIFETIME_CURRENT:
7203 case SADB_EXT_LIFETIME_HARD:
7204 case SADB_EXT_LIFETIME_SOFT:
7205 case SADB_EXT_KEY_AUTH:
7206 case SADB_EXT_KEY_ENCRYPT:
7207 case SADB_EXT_IDENTITY_SRC:
7208 case SADB_EXT_IDENTITY_DST:
7209 case SADB_EXT_SENSITIVITY:
7210 case SADB_EXT_PROPOSAL:
7211 case SADB_EXT_SUPPORTED_AUTH:
7212 case SADB_EXT_SUPPORTED_ENCRYPT:
7213 case SADB_EXT_SPIRANGE:
7214 case SADB_X_EXT_POLICY:
7215 case SADB_X_EXT_SA2:
7216 /* duplicate check */
7217 /*
7218 * XXX Are there duplication payloads of either
7219 * KEY_AUTH or KEY_ENCRYPT ?
7220 */
7221 if (mhp->ext[ext->sadb_ext_type] != NULL) {
7222 ipseclog((LOG_DEBUG,
7223 "key_align: duplicate ext_type %u "
7224 "is passed.\n", ext->sadb_ext_type));
7225 m_freem(m);
7226 pfkeystat.out_dupext++;
7227 return EINVAL;
7228 }
7229 break;
7230 default:
7231 ipseclog((LOG_DEBUG,
7232 "key_align: invalid ext_type %u is passed.\n",
7233 ext->sadb_ext_type));
7234 m_freem(m);
7235 pfkeystat.out_invexttype++;
7236 return EINVAL;
7237 }
7238
7239 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
7240
7241 if (key_validate_ext(ext, extlen)) {
7242 m_freem(m);
7243 pfkeystat.out_invlen++;
7244 return EINVAL;
7245 }
7246
7247 n = m_pulldown(m, off, extlen, &toff);
7248 if (!n) {
7249 /* m is already freed */
7250 return ENOBUFS;
7251 }
7252 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
7253
7254 mhp->ext[ext->sadb_ext_type] = ext;
7255 mhp->extoff[ext->sadb_ext_type] = off;
7256 mhp->extlen[ext->sadb_ext_type] = extlen;
7257 }
7258
7259 if (off != end) {
7260 m_freem(m);
7261 pfkeystat.out_invlen++;
7262 return EINVAL;
7263 }
7264
7265 return 0;
7266 }
7267
7268 static int
7269 key_validate_ext(ext, len)
7270 struct sadb_ext *ext;
7271 int len;
7272 {
7273 struct sockaddr *sa;
7274 enum { NONE, ADDR } checktype = NONE;
7275 int baselen = 0;
7276 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
7277
7278 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
7279 return EINVAL;
7280
7281 /* if it does not match minimum/maximum length, bail */
7282 if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) ||
7283 ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0]))
7284 return EINVAL;
7285 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
7286 return EINVAL;
7287 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
7288 return EINVAL;
7289
7290 /* more checks based on sadb_ext_type XXX need more */
7291 switch (ext->sadb_ext_type) {
7292 case SADB_EXT_ADDRESS_SRC:
7293 case SADB_EXT_ADDRESS_DST:
7294 case SADB_EXT_ADDRESS_PROXY:
7295 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
7296 checktype = ADDR;
7297 break;
7298 case SADB_EXT_IDENTITY_SRC:
7299 case SADB_EXT_IDENTITY_DST:
7300 if (((struct sadb_ident *)ext)->sadb_ident_type ==
7301 SADB_X_IDENTTYPE_ADDR) {
7302 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
7303 checktype = ADDR;
7304 } else
7305 checktype = NONE;
7306 break;
7307 default:
7308 checktype = NONE;
7309 break;
7310 }
7311
7312 switch (checktype) {
7313 case NONE:
7314 break;
7315 case ADDR:
7316 sa = (struct sockaddr *)((caddr_t)ext + baselen);
7317 if (len < baselen + sal)
7318 return EINVAL;
7319 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
7320 return EINVAL;
7321 break;
7322 }
7323
7324 return 0;
7325 }
7326
7327 void
7328 key_init()
7329 {
7330 int i;
7331
7332 bzero((caddr_t)&key_cb, sizeof(key_cb));
7333
7334 for (i = 0; i < IPSEC_DIR_MAX; i++)
7335 LIST_INIT(&sptree[i]);
7336
7337 LIST_INIT(&sahtree);
7338
7339 for (i = 0; i <= SADB_SATYPE_MAX; i++)
7340 LIST_INIT(®tree[i]);
7341
7342 for (i = 0; i < SPIHASHSIZE; i++)
7343 LIST_INIT(&spihash[i]);
7344
7345 #ifndef IPSEC_NONBLOCK_ACQUIRE
7346 LIST_INIT(&acqtree);
7347 #endif
7348 LIST_INIT(&spacqtree);
7349
7350 TAILQ_INIT(&satailq);
7351 TAILQ_INIT(&sptailq);
7352
7353 /* system default */
7354 #ifdef INET
7355 ip4_def_policy = key_newsp(0);
7356 if (!ip4_def_policy)
7357 panic("could not initialize IPv4 default security policy");
7358 ip4_def_policy->state = IPSEC_SPSTATE_ALIVE;
7359 ip4_def_policy->policy = IPSEC_POLICY_NONE;
7360 ip4_def_policy->dir = IPSEC_DIR_ANY;
7361 ip4_def_policy->readonly = 1;
7362 ip4_def_policy->persist = 1;
7363 #endif
7364 #ifdef INET6
7365 ip6_def_policy = key_newsp(0);
7366 if (!ip6_def_policy)
7367 panic("could not initialize IPv6 default security policy");
7368 ip6_def_policy->state = IPSEC_SPSTATE_ALIVE;
7369 ip6_def_policy->policy = IPSEC_POLICY_NONE;
7370 ip6_def_policy->dir = IPSEC_DIR_ANY;
7371 ip6_def_policy->readonly = 1;
7372 ip6_def_policy->persist = 1;
7373 #endif
7374
7375 timeout(key_timehandler, (void *)0, hz);
7376
7377 /* initialize key statistics */
7378 keystat.getspi_count = 1;
7379
7380 printf("IPsec: Initialized Security Association Processing.\n");
7381
7382 return;
7383 }
7384
7385 /*
7386 * XXX: maybe This function is called after INBOUND IPsec processing.
7387 *
7388 * Special check for tunnel-mode packets.
7389 * We must make some checks for consistency between inner and outer IP header.
7390 *
7391 * xxx more checks to be provided
7392 */
7393 int
7394 key_checktunnelsanity(sav, family, src, dst)
7395 struct secasvar *sav;
7396 u_int family;
7397 caddr_t src;
7398 caddr_t dst;
7399 {
7400 /* sanity check */
7401 if (sav->sah == NULL)
7402 panic("sav->sah == NULL at key_checktunnelsanity");
7403
7404 /* XXX: check inner IP header */
7405
7406 return 1;
7407 }
7408
7409 #if 0
7410 /*
7411 * Get FQDN for the host.
7412 * If the administrator configured hostname (by hostname(1)) without
7413 * domain name, returns nothing.
7414 */
7415 static const char *
7416 key_getfqdn()
7417 {
7418 int i;
7419 int hasdot;
7420 static char fqdn[MAXHOSTNAMELEN + 1];
7421 int hostnamelen = strlen(hostname);
7422
7423 if (!hostnamelen)
7424 return NULL;
7425
7426 /* check if it comes with domain name. */
7427 hasdot = 0;
7428 for (i = 0; i < hostnamelen; i++) {
7429 if (hostname[i] == '.')
7430 hasdot++;
7431 }
7432 if (!hasdot)
7433 return NULL;
7434
7435 /* NOTE: hostname may not be NUL-terminated. */
7436 bzero(fqdn, sizeof(fqdn));
7437 bcopy(hostname, fqdn, hostnamelen);
7438 fqdn[hostnamelen] = '\0';
7439 return fqdn;
7440 }
7441
7442 /*
7443 * get username@FQDN for the host/user.
7444 */
7445 static const char *
7446 key_getuserfqdn()
7447 {
7448 const char *host;
7449 static char userfqdn[MAXHOSTNAMELEN + MAXLOGNAME + 2];
7450 struct proc *p = curproc;
7451 char *q;
7452
7453 PROC_LOCK(p);
7454 if (!p || !p->p_pgrp || !p->p_pgrp->pg_session) {
7455 PROC_UNLOCK(p);
7456 return NULL;
7457 }
7458 if (!(host = key_getfqdn())) {
7459 PROC_UNLOCK(p);
7460 return NULL;
7461 }
7462
7463 /* NOTE: s_login may not be-NUL terminated. */
7464 bzero(userfqdn, sizeof(userfqdn));
7465 SESS_LOCK(p->p_session);
7466 bcopy(p->p_pgrp->pg_session->s_login, userfqdn, MAXLOGNAME);
7467 SESS_UNLOCK(p->p_session);
7468 PROC_UNLOCK(p);
7469 userfqdn[MAXLOGNAME] = '\0'; /* safeguard */
7470 q = userfqdn + strlen(userfqdn);
7471 *q++ = '@';
7472 bcopy(host, q, strlen(host));
7473 q += strlen(host);
7474 *q++ = '\0';
7475
7476 return userfqdn;
7477 }
7478 #endif
7479
7480 /* record data transfer on SA, and update timestamps */
7481 void
7482 key_sa_recordxfer(sav, m)
7483 struct secasvar *sav;
7484 struct mbuf *m;
7485 {
7486 if (!sav)
7487 panic("key_sa_recordxfer called with sav == NULL");
7488 if (!m)
7489 panic("key_sa_recordxfer called with m == NULL");
7490 if (!sav->lft_c)
7491 return;
7492
7493 /*
7494 * XXX Currently, there is a difference of bytes size
7495 * between inbound and outbound processing.
7496 */
7497 sav->lft_c->sadb_lifetime_bytes += m->m_pkthdr.len;
7498 /* to check bytes lifetime is done in key_timehandler(). */
7499
7500 /*
7501 * We use the number of packets as the unit of
7502 * sadb_lifetime_allocations. We increment the variable
7503 * whenever {esp,ah}_{in,out}put is called.
7504 */
7505 sav->lft_c->sadb_lifetime_allocations++;
7506 /* XXX check for expires? */
7507
7508 /*
7509 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
7510 * in seconds. HARD and SOFT lifetime are measured by the time
7511 * difference (again in seconds) from sadb_lifetime_usetime.
7512 *
7513 * usetime
7514 * v expire expire
7515 * -----+-----+--------+---> t
7516 * <--------------> HARD
7517 * <-----> SOFT
7518 */
7519 {
7520 sav->lft_c->sadb_lifetime_usetime = time_second;
7521 /* XXX check for expires? */
7522 }
7523
7524 return;
7525 }
7526
7527 /* dumb version */
7528 void
7529 key_sa_routechange(dst)
7530 struct sockaddr *dst;
7531 {
7532 struct secashead *sah;
7533 struct route *ro;
7534
7535 LIST_FOREACH(sah, &sahtree, chain) {
7536 ro = &sah->sa_route;
7537 if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len &&
7538 bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) {
7539 RTFREE(ro->ro_rt);
7540 ro->ro_rt = (struct rtentry *)NULL;
7541 }
7542 }
7543
7544 return;
7545 }
7546
7547 static void
7548 key_sa_chgstate(sav, state)
7549 struct secasvar *sav;
7550 u_int8_t state;
7551 {
7552 if (sav == NULL)
7553 panic("key_sa_chgstate called with sav == NULL");
7554
7555 if (sav->state == state)
7556 return;
7557
7558 if (__LIST_CHAINED(sav))
7559 LIST_REMOVE(sav, chain);
7560
7561 sav->state = state;
7562 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
7563 }
7564
7565 void
7566 key_sa_stir_iv(sav)
7567 struct secasvar *sav;
7568 {
7569
7570 if (!sav->iv)
7571 panic("key_sa_stir_iv called with sav == NULL");
7572 key_randomfill(sav->iv, sav->ivlen);
7573 }
7574
7575 static void
7576 key_sp_dead(sp)
7577 struct secpolicy *sp;
7578 {
7579
7580 /* mark the SP dead */
7581 sp->state = IPSEC_SPSTATE_DEAD;
7582 }
7583
7584 static void
7585 key_sp_unlink(sp)
7586 struct secpolicy *sp;
7587 {
7588
7589 /* remove from SP index */
7590 if (__LIST_CHAINED(sp)) {
7591 LIST_REMOVE(sp, chain);
7592 key_freesp(sp);
7593 }
7594 }
7595
7596 /* XXX too much? */
7597 static struct mbuf *
7598 key_alloc_mbuf(l)
7599 int l;
7600 {
7601 struct mbuf *m = NULL, *n;
7602 int len, t;
7603
7604 len = l;
7605 while (len > 0) {
7606 MGET(n, M_DONTWAIT, MT_DATA);
7607 if (n && len > MLEN)
7608 MCLGET(n, M_DONTWAIT);
7609 if (!n) {
7610 m_freem(m);
7611 return NULL;
7612 }
7613
7614 n->m_next = NULL;
7615 n->m_len = 0;
7616 n->m_len = M_TRAILINGSPACE(n);
7617 /* use the bottom of mbuf, hoping we can prepend afterwards */
7618 if (n->m_len > len) {
7619 t = (n->m_len - len) & ~(sizeof(long) - 1);
7620 n->m_data += t;
7621 n->m_len = len;
7622 }
7623
7624 len -= n->m_len;
7625
7626 if (m)
7627 m_cat(m, n);
7628 else
7629 m = n;
7630 }
7631
7632 return m;
7633 }
Cache object: c1bb65cf8f45d72e66c037ff8df1457c
|