The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netkey/key.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $KAME: key.c,v 1.308 2003/09/07 20:35:59 itojun Exp $   */
    2 
    3 /*
    4  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    5  * All rights reserved.
    6  *
    7  * Redistribution and use in source and binary forms, with or without
    8  * modification, are permitted provided that the following conditions
    9  * are met:
   10  * 1. Redistributions of source code must retain the above copyright
   11  *    notice, this list of conditions and the following disclaimer.
   12  * 2. Redistributions in binary form must reproduce the above copyright
   13  *    notice, this list of conditions and the following disclaimer in the
   14  *    documentation and/or other materials provided with the distribution.
   15  * 3. Neither the name of the project nor the names of its contributors
   16  *    may be used to endorse or promote products derived from this software
   17  *    without specific prior written permission.
   18  *
   19  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   29  * SUCH DAMAGE.
   30  */
   31 
   32 #include <sys/cdefs.h>
   33 __FBSDID("$FreeBSD: releng/5.2/sys/netkey/key.c 125095 2004-01-27 16:06:22Z ume $");
   34 
   35 /*
   36  * This code is referd to RFC 2367
   37  */
   38 
   39 #include "opt_inet.h"
   40 #include "opt_inet6.h"
   41 #include "opt_ipsec.h"
   42 
   43 #include <sys/types.h>
   44 #include <sys/param.h>
   45 #include <sys/systm.h>
   46 #include <sys/kernel.h>
   47 #include <sys/mbuf.h>
   48 #include <sys/domain.h>
   49 #include <sys/protosw.h>
   50 #include <sys/malloc.h>
   51 #include <sys/socket.h>
   52 #include <sys/socketvar.h>
   53 #include <sys/sysctl.h>
   54 #include <sys/errno.h>
   55 #include <sys/proc.h>
   56 #include <sys/queue.h>
   57 #include <sys/syslog.h>
   58 
   59 #include <net/if.h>
   60 #include <net/route.h>
   61 #include <net/raw_cb.h>
   62 
   63 #include <netinet/in.h>
   64 #include <netinet/in_systm.h>
   65 #include <netinet/ip.h>
   66 #include <netinet/in_var.h>
   67 
   68 #ifdef INET6
   69 #include <netinet/ip6.h>
   70 #include <netinet6/in6_var.h>
   71 #include <netinet6/ip6_var.h>
   72 #endif /* INET6 */
   73 
   74 #ifdef INET
   75 #include <netinet/in_pcb.h>
   76 #endif
   77 #ifdef INET6
   78 #include <netinet6/in6_pcb.h>
   79 #endif /* INET6 */
   80 
   81 #include <net/pfkeyv2.h>
   82 #include <netkey/keydb.h>
   83 #include <netkey/key.h>
   84 #include <netkey/keysock.h>
   85 #include <netkey/key_debug.h>
   86 
   87 #include <netinet6/ipsec.h>
   88 #ifdef INET6
   89 #include <netinet6/ipsec6.h>
   90 #endif
   91 #include <netinet6/ah.h>
   92 #ifdef INET6
   93 #include <netinet6/ah6.h>
   94 #endif
   95 #ifdef IPSEC_ESP
   96 #include <netinet6/esp.h>
   97 #ifdef INET6
   98 #include <netinet6/esp6.h>
   99 #endif
  100 #endif
  101 #include <netinet6/ipcomp.h>
  102 #ifdef INET6
  103 #include <netinet6/ipcomp6.h>
  104 #endif
  105 
  106 #include <machine/stdarg.h>
  107 
  108 /* randomness */
  109 #include <sys/random.h>
  110 
  111 #include <net/net_osdep.h>
  112 
  113 #ifndef satosin
  114 #define satosin(s) ((struct sockaddr_in *)s)
  115 #endif
  116 
  117 #define FULLMASK        0xff
  118 
  119 /*
  120  * Note on SA reference counting:
  121  * - SAs that are not in DEAD state will have (total external reference + 1)
  122  *   following value in reference count field.  they cannot be freed and are
  123  *   referenced from SA header.
  124  * - SAs that are in DEAD state will have (total external reference)
  125  *   in reference count field.  they are ready to be freed.  reference from
  126  *   SA header will be removed in keydb_delsecasvar(), when the reference count
  127  *   field hits 0 (= no external reference other than from SA header.
  128  */
  129 
  130 u_int32_t key_debug_level = 0;
  131 static u_int key_spi_trycnt = 1000;
  132 static u_int32_t key_spi_minval = 0x100;
  133 static u_int32_t key_spi_maxval = 0x0fffffff;   /* XXX */
  134 static u_int key_int_random = 60;       /*interval to initialize randseed,1(m)*/
  135 static u_int key_larval_lifetime = 30;  /* interval to expire acquiring, 30(s)*/
  136 static int key_blockacq_count = 10;     /* counter for blocking SADB_ACQUIRE.*/
  137 static int key_blockacq_lifetime = 20;  /* lifetime for blocking SADB_ACQUIRE.*/
  138 static int key_preferred_oldsa = 1;     /* preferred old sa rather than new sa.*/
  139 
  140 static u_int32_t acq_seq = 0;
  141 static int key_tick_init_random = 0;
  142 
  143 struct _satailq satailq;                /* list of all SAD entry */
  144 struct _sptailq sptailq;                /* SPD table + pcb */
  145 static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX];     /* SPD table */
  146 static LIST_HEAD(_sahtree, secashead) sahtree;                  /* SAD */
  147 static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1];
  148                                                         /* registed list */
  149 
  150 #define SPIHASHSIZE     128
  151 #define SPIHASH(x)      (((x) ^ ((x) >> 16)) % SPIHASHSIZE)
  152 static LIST_HEAD(_spihash, secasvar) spihash[SPIHASHSIZE];
  153 
  154 #ifndef IPSEC_NONBLOCK_ACQUIRE
  155 static LIST_HEAD(_acqtree, secacq) acqtree;             /* acquiring list */
  156 #endif
  157 static LIST_HEAD(_spacqtree, secspacq) spacqtree;       /* SP acquiring list */
  158 
  159 struct key_cb key_cb;
  160 
  161 /* search order for SAs */
  162 static const u_int saorder_state_valid_prefer_old[] = {
  163         SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
  164 };
  165 static const u_int saorder_state_valid_prefer_new[] = {
  166         SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
  167 };
  168 static const u_int saorder_state_alive[] = {
  169         /* except DEAD */
  170         SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
  171 };
  172 static const u_int saorder_state_any[] = {
  173         SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
  174         SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
  175 };
  176 
  177 static const int minsize[] = {
  178         sizeof(struct sadb_msg),        /* SADB_EXT_RESERVED */
  179         sizeof(struct sadb_sa),         /* SADB_EXT_SA */
  180         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_CURRENT */
  181         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_HARD */
  182         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_SOFT */
  183         sizeof(struct sadb_address),    /* SADB_EXT_ADDRESS_SRC */
  184         sizeof(struct sadb_address),    /* SADB_EXT_ADDRESS_DST */
  185         sizeof(struct sadb_address),    /* SADB_EXT_ADDRESS_PROXY */
  186         sizeof(struct sadb_key),        /* SADB_EXT_KEY_AUTH */
  187         sizeof(struct sadb_key),        /* SADB_EXT_KEY_ENCRYPT */
  188         sizeof(struct sadb_ident),      /* SADB_EXT_IDENTITY_SRC */
  189         sizeof(struct sadb_ident),      /* SADB_EXT_IDENTITY_DST */
  190         sizeof(struct sadb_sens),       /* SADB_EXT_SENSITIVITY */
  191         sizeof(struct sadb_prop),       /* SADB_EXT_PROPOSAL */
  192         sizeof(struct sadb_supported),  /* SADB_EXT_SUPPORTED_AUTH */
  193         sizeof(struct sadb_supported),  /* SADB_EXT_SUPPORTED_ENCRYPT */
  194         sizeof(struct sadb_spirange),   /* SADB_EXT_SPIRANGE */
  195         0,                              /* SADB_X_EXT_KMPRIVATE */
  196         sizeof(struct sadb_x_policy),   /* SADB_X_EXT_POLICY */
  197         sizeof(struct sadb_x_sa2),      /* SADB_X_SA2 */
  198 };
  199 static const int maxsize[] = {
  200         sizeof(struct sadb_msg),        /* SADB_EXT_RESERVED */
  201         sizeof(struct sadb_sa),         /* SADB_EXT_SA */
  202         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_CURRENT */
  203         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_HARD */
  204         sizeof(struct sadb_lifetime),   /* SADB_EXT_LIFETIME_SOFT */
  205         0,                              /* SADB_EXT_ADDRESS_SRC */
  206         0,                              /* SADB_EXT_ADDRESS_DST */
  207         0,                              /* SADB_EXT_ADDRESS_PROXY */
  208         0,                              /* SADB_EXT_KEY_AUTH */
  209         0,                              /* SADB_EXT_KEY_ENCRYPT */
  210         0,                              /* SADB_EXT_IDENTITY_SRC */
  211         0,                              /* SADB_EXT_IDENTITY_DST */
  212         0,                              /* SADB_EXT_SENSITIVITY */
  213         0,                              /* SADB_EXT_PROPOSAL */
  214         0,                              /* SADB_EXT_SUPPORTED_AUTH */
  215         0,                              /* SADB_EXT_SUPPORTED_ENCRYPT */
  216         sizeof(struct sadb_spirange),   /* SADB_EXT_SPIRANGE */
  217         0,                              /* SADB_X_EXT_KMPRIVATE */
  218         0,                              /* SADB_X_EXT_POLICY */
  219         sizeof(struct sadb_x_sa2),      /* SADB_X_SA2 */
  220 };
  221 
  222 static int ipsec_esp_keymin = 256;
  223 #ifdef IPSEC_ESP
  224 static int ipsec_esp_auth = 0;
  225 #endif
  226 static int ipsec_ah_keymin = 128;
  227 
  228 SYSCTL_DECL(_net_key);
  229 
  230 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL,        debug,  CTLFLAG_RW, \
  231         &key_debug_level,       0,      "");
  232 
  233 /* max count of trial for the decision of spi value */
  234 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY,            spi_trycnt,     CTLFLAG_RW, \
  235         &key_spi_trycnt,        0,      "");
  236 
  237 /* minimum spi value to allocate automatically. */
  238 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE,      spi_minval,     CTLFLAG_RW, \
  239         &key_spi_minval,        0,      "");
  240 
  241 /* maximun spi value to allocate automatically. */
  242 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE,      spi_maxval,     CTLFLAG_RW, \
  243         &key_spi_maxval,        0,      "");
  244 
  245 /* interval to initialize randseed */
  246 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random,     CTLFLAG_RW, \
  247         &key_int_random,        0,      "");
  248 
  249 /* lifetime for larval SA */
  250 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME,    larval_lifetime, CTLFLAG_RW, \
  251         &key_larval_lifetime,   0,      "");
  252 
  253 /* counter for blocking to send SADB_ACQUIRE to IKEd */
  254 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT,     blockacq_count, CTLFLAG_RW, \
  255         &key_blockacq_count,    0,      "");
  256 
  257 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
  258 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME,  blockacq_lifetime, CTLFLAG_RW, \
  259         &key_blockacq_lifetime, 0,      "");
  260 
  261 #ifdef IPSEC_ESP
  262 /* ESP auth */
  263 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH,   esp_auth, CTLFLAG_RW, \
  264         &ipsec_esp_auth,        0,      "ESP auth");
  265 #endif
  266 
  267 /* minimum ESP key length */
  268 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \
  269         &ipsec_esp_keymin,      0,      "");
  270 
  271 /* minimum AH key length */
  272 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN,  ah_keymin, CTLFLAG_RW, \
  273         &ipsec_ah_keymin,       0,      "");
  274 
  275 /* perfered old SA rather than new SA */
  276 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA,     preferred_oldsa, CTLFLAG_RW,\
  277         &key_preferred_oldsa,   0,      "");
  278 
  279 #define __LIST_CHAINED(elm) \
  280         (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
  281 #define LIST_INSERT_TAIL(head, elm, type, field) \
  282 do {\
  283         struct type *curelm = LIST_FIRST(head); \
  284         if (curelm == NULL) {\
  285                 LIST_INSERT_HEAD(head, elm, field); \
  286         } else { \
  287                 while (LIST_NEXT(curelm, field)) \
  288                         curelm = LIST_NEXT(curelm, field);\
  289                 LIST_INSERT_AFTER(curelm, elm, field);\
  290         }\
  291 } while (/*CONSTCOND*/ 0)
  292 
  293 #define KEY_CHKSASTATE(head, sav, name) \
  294 do { \
  295         if ((head) != (sav)) {                                          \
  296                 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%u SA=%u)\n", \
  297                         (name), (head), (sav)));                        \
  298                 continue;                                               \
  299         }                                                               \
  300 } while (/*CONSTCOND*/ 0)
  301 
  302 #define KEY_CHKSPDIR(head, sp, name) \
  303 do { \
  304         if ((head) != (sp)) {                                           \
  305                 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%u SP=%u), " \
  306                         "anyway continue.\n",                           \
  307                         (name), (head), (sp)));                         \
  308         }                                                               \
  309 } while (/*CONSTCOND*/ 0)
  310 
  311 #if 1
  312 #define KMALLOC(p, t, n)                                                     \
  313         ((p) = (t) malloc((unsigned long)(n), M_SECA, M_NOWAIT))
  314 #define KFREE(p)                                                             \
  315         free((caddr_t)(p), M_SECA)
  316 #else
  317 #define KMALLOC(p, t, n) \
  318 do { \
  319         ((p) = (t)malloc((unsigned long)(n), M_SECA, M_NOWAIT));             \
  320         printf("%s %d: %p <- KMALLOC(%s, %d)\n",                             \
  321                 __FILE__, __LINE__, (p), #t, n);                             \
  322 } while (/*CONSTCOND*/ 0)
  323 
  324 #define KFREE(p)                                                             \
  325         do {                                                                 \
  326                 printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p));   \
  327                 free((caddr_t)(p), M_SECA);                                  \
  328         } while (/*CONSTCOND*/ 0)
  329 #endif
  330 
  331 /*
  332  * set parameters into secpolicyindex buffer.
  333  * Must allocate secpolicyindex buffer passed to this function.
  334  */
  335 #define KEY_SETSECSPIDX(s, d, ps, pd, ulp, idx) \
  336 do { \
  337         bzero((idx), sizeof(struct secpolicyindex));                             \
  338         (idx)->prefs = (ps);                                                 \
  339         (idx)->prefd = (pd);                                                 \
  340         (idx)->ul_proto = (ulp);                                             \
  341         bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len);           \
  342         bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len);           \
  343 } while (/*CONSTCOND*/ 0)
  344 
  345 /*
  346  * set parameters into secasindex buffer.
  347  * Must allocate secasindex buffer before calling this function.
  348  */
  349 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \
  350 do { \
  351         bzero((idx), sizeof(struct secasindex));                             \
  352         (idx)->proto = (p);                                                  \
  353         (idx)->mode = (m);                                                   \
  354         (idx)->reqid = (r);                                                  \
  355         bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len);           \
  356         bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len);           \
  357 } while (/*CONSTCOND*/ 0)
  358 
  359 /* key statistics */
  360 struct _keystat {
  361         u_long getspi_count; /* the avarage of count to try to get new SPI */
  362 } keystat;
  363 
  364 struct sadb_msghdr {
  365         struct sadb_msg *msg;
  366         struct sadb_ext *ext[SADB_EXT_MAX + 1];
  367         int extoff[SADB_EXT_MAX + 1];
  368         int extlen[SADB_EXT_MAX + 1];
  369 };
  370 
  371 static struct secasvar *key_allocsa_policy(struct secasindex *);
  372 static struct secasvar *key_do_allocsa_policy(struct secashead *, u_int);
  373 static void key_delsav(struct secasvar *);
  374 static void key_delsp(struct secpolicy *);
  375 static struct secpolicy *key_getsp(struct secpolicyindex *, int);
  376 static struct secpolicy *key_getspbyid(u_int32_t);
  377 static u_int32_t key_newreqid(void);
  378 static struct mbuf *key_gather_mbuf(struct mbuf *,
  379         const struct sadb_msghdr *, int, int, ...);
  380 static int key_spdadd(struct socket *, struct mbuf *,
  381         const struct sadb_msghdr *);
  382 static int key_spddelete(struct socket *, struct mbuf *,
  383         const struct sadb_msghdr *);
  384 static int key_spddelete2(struct socket *, struct mbuf *,
  385         const struct sadb_msghdr *);
  386 static int key_spdget(struct socket *, struct mbuf *,
  387         const struct sadb_msghdr *);
  388 static int key_spdflush(struct socket *, struct mbuf *,
  389         const struct sadb_msghdr *);
  390 static int key_spddump(struct socket *, struct mbuf *,
  391         const struct sadb_msghdr *);
  392 static struct mbuf *key_setdumpsp(struct secpolicy *,
  393         u_int8_t, u_int32_t, u_int32_t);
  394 static u_int key_getspreqmsglen(struct secpolicy *);
  395 static int key_spdexpire(struct secpolicy *);
  396 static struct secashead *key_newsah(struct secasindex *);
  397 static void key_delsah(struct secashead *);
  398 static struct secasvar *key_newsav(struct mbuf *,
  399         const struct sadb_msghdr *, struct secashead *, int *);
  400 static struct secashead *key_getsah(struct secasindex *);
  401 static struct secasvar *key_checkspidup(struct secasindex *, u_int32_t);
  402 static void key_setspi(struct secasvar *, u_int32_t);
  403 static struct secasvar *key_getsavbyspi(struct secashead *, u_int32_t);
  404 static int key_setsaval(struct secasvar *, struct mbuf *,
  405         const struct sadb_msghdr *);
  406 static int key_mature(struct secasvar *);
  407 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t,
  408         u_int8_t, u_int32_t, u_int32_t);
  409 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t,
  410         u_int32_t, pid_t, u_int16_t);
  411 static struct mbuf *key_setsadbsa(struct secasvar *);
  412 static struct mbuf *key_setsadbaddr(u_int16_t,
  413         struct sockaddr *, u_int8_t, u_int16_t);
  414 #if 0
  415 static struct mbuf *key_setsadbident(u_int16_t, u_int16_t, caddr_t,
  416         int, u_int64_t);
  417 #endif
  418 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t);
  419 static struct mbuf *key_setsadblifetime(u_int16_t, u_int32_t,
  420         u_int64_t, u_int64_t, u_int64_t);
  421 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
  422         u_int32_t);
  423 static void *key_newbuf(const void *, u_int);
  424 static int key_ismyaddr(struct sockaddr *);
  425 #ifdef INET6
  426 static int key_ismyaddr6(struct sockaddr_in6 *);
  427 #endif
  428 
  429 /* flags for key_cmpsaidx() */
  430 #define CMP_HEAD        1       /* protocol, addresses. */
  431 #define CMP_MODE_REQID  2       /* additionally HEAD, reqid, mode. */
  432 #define CMP_REQID       3       /* additionally HEAD, reqid. not used */
  433 #define CMP_EXACTLY     4       /* all elements. */
  434 static int key_cmpsaidx(struct secasindex *, struct secasindex *, int);
  435 
  436 static int key_sockaddrcmp(struct sockaddr *, struct sockaddr *, int);
  437 static int key_bbcmp(caddr_t, caddr_t, u_int);
  438 static void key_srandom(void);
  439 static u_long key_random(void);
  440 static u_int16_t key_satype2proto(u_int8_t);
  441 static u_int8_t key_proto2satype(u_int16_t);
  442 
  443 static int key_getspi(struct socket *, struct mbuf *,
  444         const struct sadb_msghdr *);
  445 static u_int32_t key_do_getnewspi(struct sadb_spirange *,
  446                                         struct secasindex *);
  447 static int key_update(struct socket *, struct mbuf *,
  448         const struct sadb_msghdr *);
  449 #ifdef IPSEC_DOSEQCHECK
  450 static struct secasvar *key_getsavbyseq(struct secashead *, u_int32_t);
  451 #endif
  452 static int key_add(struct socket *, struct mbuf *,
  453         const struct sadb_msghdr *);
  454 static int key_setident(struct secashead *, struct mbuf *,
  455         const struct sadb_msghdr *);
  456 static struct mbuf *key_getmsgbuf_x1(struct mbuf *,
  457         const struct sadb_msghdr *);
  458 static int key_delete(struct socket *, struct mbuf *,
  459         const struct sadb_msghdr *);
  460 static int key_get(struct socket *, struct mbuf *,
  461         const struct sadb_msghdr *);
  462 
  463 static void key_getcomb_setlifetime(struct sadb_comb *);
  464 #ifdef IPSEC_ESP
  465 static struct mbuf *key_getcomb_esp(void);
  466 #endif
  467 static struct mbuf *key_getcomb_ah(void);
  468 static struct mbuf *key_getcomb_ipcomp(void);
  469 static struct mbuf *key_getprop(const struct secasindex *);
  470 
  471 static int key_acquire(struct secasindex *, struct secpolicy *);
  472 #ifndef IPSEC_NONBLOCK_ACQUIRE
  473 static struct secacq *key_newacq(struct secasindex *);
  474 static struct secacq *key_getacq(struct secasindex *);
  475 static struct secacq *key_getacqbyseq(u_int32_t);
  476 #endif
  477 static struct secspacq *key_newspacq(struct secpolicyindex *);
  478 static struct secspacq *key_getspacq(struct secpolicyindex *);
  479 static int key_acquire2(struct socket *, struct mbuf *,
  480         const struct sadb_msghdr *);
  481 static int key_register(struct socket *, struct mbuf *,
  482         const struct sadb_msghdr *);
  483 static int key_expire(struct secasvar *);
  484 static int key_flush(struct socket *, struct mbuf *,
  485         const struct sadb_msghdr *);
  486 static int key_dump(struct socket *, struct mbuf *,
  487         const struct sadb_msghdr *);
  488 static int key_promisc(struct socket *, struct mbuf *,
  489         const struct sadb_msghdr *);
  490 static int key_senderror(struct socket *, struct mbuf *, int);
  491 static int key_validate_ext(struct sadb_ext *, int);
  492 static int key_align(struct mbuf *, struct sadb_msghdr *);
  493 #if 0
  494 static const char *key_getfqdn(void);
  495 static const char *key_getuserfqdn(void);
  496 #endif
  497 static void key_sa_chgstate(struct secasvar *, u_int8_t);
  498 static void key_sp_dead(struct secpolicy *);
  499 static void key_sp_unlink(struct secpolicy *);
  500 static struct mbuf *key_alloc_mbuf(int);
  501 
  502 /* %%% IPsec policy management */
  503 /*
  504  * allocating a SP for OUTBOUND or INBOUND packet.
  505  * Must call key_freesp() later.
  506  * OUT: NULL:   not found
  507  *      others: found and return the pointer.
  508  */
  509 struct secpolicy *
  510 key_allocsp(tag, spidx, dir)
  511         u_int16_t tag;
  512         struct secpolicyindex *spidx;
  513         u_int dir;
  514 {
  515         struct secpolicy *sp;
  516         int s;
  517 
  518         /* check direction */
  519         switch (dir) {
  520         case IPSEC_DIR_INBOUND:
  521         case IPSEC_DIR_OUTBOUND:
  522                 break;
  523         default:
  524                 panic("key_allocsp: Invalid direction is passed.");
  525         }
  526 
  527         /* get a SP entry */
  528         s = splnet();   /*called from softclock()*/
  529         if (spidx) {
  530                 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
  531                         printf("*** objects\n");
  532                         kdebug_secpolicyindex(spidx));
  533         }
  534 
  535         LIST_FOREACH(sp, &sptree[dir], chain) {
  536                 if (sp->state == IPSEC_SPSTATE_DEAD)
  537                         continue;
  538                 if (sp->spidx) {
  539                         if (!spidx)
  540                                 continue;
  541 
  542                         KEYDEBUG(KEYDEBUG_IPSEC_DATA,
  543                                 printf("*** in SPD\n");
  544                                 kdebug_secpolicyindex(sp->spidx));
  545 
  546                         if (key_cmpspidx_withmask(sp->spidx, spidx))
  547                                 goto found;
  548                 }
  549         }
  550 
  551         splx(s);
  552         return NULL;
  553 
  554 found:
  555         /* sanity check */
  556         KEY_CHKSPDIR(sp->dir, dir, "key_allocsp");
  557 
  558         /* found a SPD entry */
  559         sp->lastused = time_second;
  560         sp->refcnt++;
  561         splx(s);
  562         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  563                 printf("DP key_allocsp cause refcnt++:%d SP:%p\n",
  564                         sp->refcnt, sp));
  565 
  566         return sp;
  567 }
  568 
  569 /*
  570  * return a policy that matches this particular inbound packet.
  571  * XXX slow
  572  */
  573 struct secpolicy *
  574 key_gettunnel(osrc, odst, isrc, idst)
  575         struct sockaddr *osrc, *odst, *isrc, *idst;
  576 {
  577         struct secpolicy *sp;
  578         const int dir = IPSEC_DIR_INBOUND;
  579         int s;
  580         struct ipsecrequest *r1, *r2, *p;
  581         struct sockaddr *os, *od, *is, *id;
  582         struct secpolicyindex spidx;
  583 
  584         if (isrc->sa_family != idst->sa_family) {
  585                 ipseclog((LOG_ERR, "protocol family mismatched %u != %u\n",
  586                         isrc->sa_family, idst->sa_family));
  587                 return NULL;
  588         }
  589 
  590         s = splnet();   /*called from softclock()*/
  591         LIST_FOREACH(sp, &sptree[dir], chain) {
  592                 if (sp->state == IPSEC_SPSTATE_DEAD)
  593                         continue;
  594 
  595                 r1 = r2 = NULL;
  596                 for (p = sp->req; p; p = p->next) {
  597                         if (p->saidx.mode != IPSEC_MODE_TUNNEL)
  598                                 continue;
  599 
  600                         r1 = r2;
  601                         r2 = p;
  602 
  603                         if (!r1) {
  604                                 if (sp->spidx) {
  605                                         /*
  606                                          * here we look at address matches
  607                                          * only
  608                                          */
  609                                         spidx = *sp->spidx;
  610                                         if (isrc->sa_len > sizeof(spidx.src) ||
  611                                             idst->sa_len > sizeof(spidx.dst))
  612                                                 continue;
  613                                         bcopy(isrc, &spidx.src, isrc->sa_len);
  614                                         bcopy(idst, &spidx.dst, idst->sa_len);
  615                                         if (!key_cmpspidx_withmask(sp->spidx,
  616                                             &spidx))
  617                                                 continue;
  618                                 } else
  619                                         ; /* can't check for tagged policy */
  620                         } else {
  621                                 is = (struct sockaddr *)&r1->saidx.src;
  622                                 id = (struct sockaddr *)&r1->saidx.dst;
  623                                 if (key_sockaddrcmp(is, isrc, 0) ||
  624                                     key_sockaddrcmp(id, idst, 0))
  625                                         continue;
  626                         }
  627 
  628                         os = (struct sockaddr *)&r2->saidx.src;
  629                         od = (struct sockaddr *)&r2->saidx.dst;
  630                         if (key_sockaddrcmp(os, osrc, 0) ||
  631                             key_sockaddrcmp(od, odst, 0))
  632                                 continue;
  633 
  634                         goto found;
  635                 }
  636         }
  637         splx(s);
  638         return NULL;
  639 
  640 found:
  641         sp->lastused = time_second;
  642         sp->refcnt++;
  643         splx(s);
  644         return sp;
  645 }
  646 
  647 /*
  648  * allocating an SA entry for an *OUTBOUND* packet.
  649  * checking each request entries in SP, and acquire an SA if need.
  650  * OUT: 0: there are valid requests.
  651  *      ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
  652  */
  653 int
  654 key_checkrequest(isr, saidx)
  655         struct ipsecrequest *isr;
  656         struct secasindex *saidx;
  657 {
  658         u_int level;
  659         int error;
  660 
  661         /* sanity check */
  662         if (isr == NULL || saidx == NULL)
  663                 panic("key_checkrequest: NULL pointer is passed.");
  664 
  665         /* check mode */
  666         switch (saidx->mode) {
  667         case IPSEC_MODE_TRANSPORT:
  668         case IPSEC_MODE_TUNNEL:
  669                 break;
  670         case IPSEC_MODE_ANY:
  671         default:
  672                 panic("key_checkrequest: Invalid policy defined.");
  673         }
  674 
  675         /* get current level */
  676         level = ipsec_get_reqlevel(isr, saidx->src.ss_family);
  677 
  678 #if 0
  679         /*
  680          * We do allocate new SA only if the state of SA in the holder is
  681          * SADB_SASTATE_DEAD.  The SA for outbound must be the oldest.
  682          */
  683         if (isr->sav != NULL) {
  684                 if (isr->sav->sah == NULL)
  685                         panic("key_checkrequest: sah is null.");
  686                 if (isr->sav ==
  687                     LIST_FIRST(&isr->sav->sah->savtree[SADB_SASTATE_DEAD])) {
  688                         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  689                                 printf("DP checkrequest calls free SA:%p\n",
  690                                         isr->sav));
  691                         key_freesav(isr->sav);
  692                         isr->sav = NULL;
  693                 }
  694         }
  695 #else
  696         /*
  697          * we free any SA stashed in the IPsec request because a different
  698          * SA may be involved each time this request is checked, either
  699          * because new SAs are being configured, or this request is
  700          * associated with an unconnected datagram socket, or this request
  701          * is associated with a system default policy.
  702          *
  703          * The operation may have negative impact to performance.  We may
  704          * want to check cached SA carefully, rather than picking new SA
  705          * every time.
  706          */
  707         if (isr->sav != NULL) {
  708                 key_freesav(isr->sav);
  709                 isr->sav = NULL;
  710         }
  711 #endif
  712 
  713         /*
  714          * new SA allocation if no SA found.
  715          * key_allocsa_policy should allocate the oldest SA available.
  716          * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
  717          */
  718         if (isr->sav == NULL)
  719                 isr->sav = key_allocsa_policy(saidx);
  720 
  721         /* When there is SA. */
  722         if (isr->sav != NULL)
  723                 return 0;
  724 
  725         /* there is no SA */
  726         if ((error = key_acquire(saidx, isr->sp)) != 0) {
  727                 /* XXX What should I do ? */
  728                 ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned "
  729                         "from key_acquire.\n", error));
  730                 return error;
  731         }
  732 
  733         return level == IPSEC_LEVEL_REQUIRE ? ENOENT : 0;
  734 }
  735 
  736 /*
  737  * allocating a SA for policy entry from SAD.
  738  * NOTE: searching SAD of aliving state.
  739  * OUT: NULL:   not found.
  740  *      others: found and return the pointer.
  741  */
  742 static struct secasvar *
  743 key_allocsa_policy(saidx)
  744         struct secasindex *saidx;
  745 {
  746         struct secashead *sah;
  747         struct secasvar *sav;
  748         u_int stateidx, state;
  749         const u_int *saorder_state_valid;
  750         int arraysize;
  751 
  752         LIST_FOREACH(sah, &sahtree, chain) {
  753                 if (sah->state == SADB_SASTATE_DEAD)
  754                         continue;
  755                 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
  756                         goto found;
  757         }
  758 
  759         return NULL;
  760 
  761     found:
  762 
  763         /*
  764          * search a valid state list for outbound packet.
  765          * This search order is important.
  766          */
  767         if (key_preferred_oldsa) {
  768                 saorder_state_valid = saorder_state_valid_prefer_old;
  769                 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
  770         } else {
  771                 saorder_state_valid = saorder_state_valid_prefer_new;
  772                 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
  773         }
  774 
  775         for (stateidx = 0; stateidx < arraysize; stateidx++) {
  776 
  777                 state = saorder_state_valid[stateidx];
  778 
  779                 sav = key_do_allocsa_policy(sah, state);
  780                 if (sav != NULL)
  781                         return sav;
  782         }
  783 
  784         return NULL;
  785 }
  786 
  787 /*
  788  * searching SAD with direction, protocol, mode and state.
  789  * called by key_allocsa_policy().
  790  * OUT:
  791  *      NULL    : not found
  792  *      others  : found, pointer to a SA.
  793  */
  794 static struct secasvar *
  795 key_do_allocsa_policy(sah, state)
  796         struct secashead *sah;
  797         u_int state;
  798 {
  799         struct secasvar *sav, *nextsav, *candidate, *d;
  800 
  801         /* initilize */
  802         candidate = NULL;
  803 
  804         for (sav = LIST_FIRST(&sah->savtree[state]);
  805              sav != NULL;
  806              sav = nextsav) {
  807 
  808                 nextsav = LIST_NEXT(sav, chain);
  809 
  810                 /* sanity check */
  811                 KEY_CHKSASTATE(sav->state, state, "key_do_allocsa_policy");
  812 
  813                 /* initialize */
  814                 if (candidate == NULL) {
  815                         candidate = sav;
  816                         continue;
  817                 }
  818 
  819                 /* Which SA is the better ? */
  820 
  821                 /* sanity check 2 */
  822                 if (candidate->lft_c == NULL || sav->lft_c == NULL)
  823                         panic("key_do_allocsa_policy: "
  824                                 "lifetime_current is NULL.");
  825 
  826                 /* What the best method is to compare ? */
  827                 if (key_preferred_oldsa) {
  828                         if (candidate->lft_c->sadb_lifetime_addtime >
  829                                         sav->lft_c->sadb_lifetime_addtime) {
  830                                 candidate = sav;
  831                         }
  832                         continue;
  833                         /*NOTREACHED*/
  834                 }
  835 
  836                 /* preferred new sa rather than old sa */
  837                 if (candidate->lft_c->sadb_lifetime_addtime <
  838                                 sav->lft_c->sadb_lifetime_addtime) {
  839                         d = candidate;
  840                         candidate = sav;
  841                 } else
  842                         d = sav;
  843 
  844                 /*
  845                  * prepared to delete the SA when there is more
  846                  * suitable candidate and the lifetime of the SA is not
  847                  * permanent.
  848                  */
  849                 if (d->lft_c->sadb_lifetime_addtime != 0) {
  850                         struct mbuf *m, *result = NULL;
  851 
  852                         key_sa_chgstate(d, SADB_SASTATE_DEAD);
  853 
  854                         m = key_setsadbmsg(SADB_DELETE, 0,
  855                             key_proto2satype(d->sah->saidx.proto),
  856                             0, 0, d->refcnt - 1);
  857                         if (!m)
  858                                 goto msgfail;
  859                         result = m;
  860 
  861                         /* set sadb_address for saidx's. */
  862                         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
  863                                 (struct sockaddr *)&d->sah->saidx.src,
  864                                 FULLMASK, IPSEC_ULPROTO_ANY);
  865                         if (!m)
  866                                 goto msgfail;
  867                         m_cat(result, m);
  868 
  869                         /* set sadb_address for saidx's. */
  870                         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
  871                                 (struct sockaddr *)&d->sah->saidx.dst,
  872                                 FULLMASK, IPSEC_ULPROTO_ANY);
  873                         if (!m)
  874                                 goto msgfail;
  875                         m_cat(result, m);
  876 
  877                         /* create SA extension */
  878                         m = key_setsadbsa(d);
  879                         if (!m)
  880                                 goto msgfail;
  881                         m_cat(result, m);
  882 
  883                         if (result->m_len < sizeof(struct sadb_msg)) {
  884                                 result = m_pullup(result,
  885                                                 sizeof(struct sadb_msg));
  886                                 if (result == NULL)
  887                                         goto msgfail;
  888                         }
  889 
  890                         result->m_pkthdr.len = 0;
  891                         for (m = result; m; m = m->m_next)
  892                                 result->m_pkthdr.len += m->m_len;
  893                         mtod(result, struct sadb_msg *)->sadb_msg_len =
  894                                 PFKEY_UNIT64(result->m_pkthdr.len);
  895 
  896                         if (key_sendup_mbuf(NULL, result,
  897                                         KEY_SENDUP_REGISTERED))
  898                                 goto msgfail;
  899 
  900                         result = NULL;
  901 
  902                  msgfail:
  903                         if (result != NULL)
  904                                 m_freem(result);
  905                         key_freesav(d);
  906                 }
  907         }
  908 
  909         if (candidate) {
  910                 candidate->refcnt++;
  911                 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
  912                         printf("DP allocsa_policy cause "
  913                                 "refcnt++:%d SA:%p\n",
  914                                 candidate->refcnt, candidate));
  915         }
  916         return candidate;
  917 }
  918 
  919 /*
  920  * allocating a SA entry for a *INBOUND* packet.
  921  * Must call key_freesav() later.
  922  * OUT: positive:       pointer to a sav.
  923  *      NULL:           not found, or error occured.
  924  *
  925  * In the comparison, source address will be ignored for RFC2401 conformance.
  926  * To quote, from section 4.1:
  927  *      A security association is uniquely identified by a triple consisting
  928  *      of a Security Parameter Index (SPI), an IP Destination Address, and a
  929  *      security protocol (AH or ESP) identifier.
  930  * Note that, however, we do need to keep source address in IPsec SA.
  931  * IKE specification and PF_KEY specification do assume that we
  932  * keep source address in IPsec SA.  We see a tricky situation here.
  933  */
  934 struct secasvar *
  935 key_allocsa(family, src, dst, proto, spi)
  936         u_int family, proto;
  937         caddr_t src, dst;
  938         u_int32_t spi;
  939 {
  940         struct secasvar *sav, *match;
  941         u_int stateidx, state, tmpidx, matchidx;
  942         struct sockaddr_in sin;
  943         struct sockaddr_in6 sin6;
  944         int s;
  945         const u_int *saorder_state_valid;
  946         int arraysize;
  947 
  948         /* sanity check */
  949         if (src == NULL || dst == NULL)
  950                 panic("key_allocsa: NULL pointer is passed.");
  951 
  952         /*
  953          * when both systems employ similar strategy to use a SA.
  954          * the search order is important even in the inbound case.
  955          */
  956         if (key_preferred_oldsa) {
  957                 saorder_state_valid = saorder_state_valid_prefer_old;
  958                 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
  959         } else {
  960                 saorder_state_valid = saorder_state_valid_prefer_new;
  961                 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
  962         }
  963 
  964         /*
  965          * searching SAD.
  966          * XXX: to be checked internal IP header somewhere.  Also when
  967          * IPsec tunnel packet is received.  But ESP tunnel mode is
  968          * encrypted so we can't check internal IP header.
  969          */
  970         s = splnet();   /*called from softclock()*/
  971         /*
  972          * search a valid state list for inbound packet.
  973          * the search order is not important.
  974          */
  975         match = NULL;
  976         matchidx = arraysize;
  977         LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
  978                 if (sav->spi != spi)
  979                         continue;
  980                 if (proto != sav->sah->saidx.proto)
  981                         continue;
  982                 if (family != sav->sah->saidx.src.ss_family ||
  983                     family != sav->sah->saidx.dst.ss_family)
  984                         continue;
  985                 tmpidx = arraysize;
  986                 for (stateidx = 0; stateidx < matchidx; stateidx++) {
  987                         state = saorder_state_valid[stateidx];
  988                         if (sav->state == state) {
  989                                 tmpidx = stateidx;
  990                                 break;
  991                         }
  992                 }
  993                 if (tmpidx >= matchidx)
  994                         continue;
  995 
  996 #if 0   /* don't check src */
  997                 /* check src address */
  998                 switch (family) {
  999                 case AF_INET:
 1000                         bzero(&sin, sizeof(sin));
 1001                         sin.sin_family = AF_INET;
 1002                         sin.sin_len = sizeof(sin);
 1003                         bcopy(src, &sin.sin_addr,
 1004                             sizeof(sin.sin_addr));
 1005                         if (key_sockaddrcmp((struct sockaddr*)&sin,
 1006                             (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
 1007                                 continue;
 1008 
 1009                         break;
 1010                 case AF_INET6:
 1011                         bzero(&sin6, sizeof(sin6));
 1012                         sin6.sin6_family = AF_INET6;
 1013                         sin6.sin6_len = sizeof(sin6);
 1014                         bcopy(src, &sin6.sin6_addr, sizeof(sin6.sin6_addr));
 1015                         if (IN6_IS_SCOPE_LINKLOCAL(&sin6.sin6_addr)) {
 1016                                 /* kame fake scopeid */
 1017                                 sin6.sin6_scope_id =
 1018                                     ntohs(sin6.sin6_addr.s6_addr16[1]);
 1019                                 sin6.sin6_addr.s6_addr16[1] = 0;
 1020                         }
 1021                         if (key_sockaddrcmp((struct sockaddr *)&sin6,
 1022                             (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
 1023                                 continue;
 1024                         break;
 1025                 default:
 1026                         ipseclog((LOG_DEBUG, "key_allocsa: "
 1027                             "unknown address family=%d.\n",
 1028                             family));
 1029                         continue;
 1030                 }
 1031 
 1032 #endif
 1033                 /* check dst address */
 1034                 switch (family) {
 1035                 case AF_INET:
 1036                         bzero(&sin, sizeof(sin));
 1037                         sin.sin_family = AF_INET;
 1038                         sin.sin_len = sizeof(sin);
 1039                         bcopy(dst, &sin.sin_addr,
 1040                             sizeof(sin.sin_addr));
 1041                         if (key_sockaddrcmp((struct sockaddr*)&sin,
 1042                             (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
 1043                                 continue;
 1044 
 1045                         break;
 1046                 case AF_INET6:
 1047                         bzero(&sin6, sizeof(sin6));
 1048                         sin6.sin6_family = AF_INET6;
 1049                         sin6.sin6_len = sizeof(sin6);
 1050                         bcopy(dst, &sin6.sin6_addr, sizeof(sin6.sin6_addr));
 1051                         if (IN6_IS_SCOPE_LINKLOCAL(&sin6.sin6_addr)) {
 1052                                 /* kame fake scopeid */
 1053                                 sin6.sin6_scope_id =
 1054                                     ntohs(sin6.sin6_addr.s6_addr16[1]);
 1055                                 sin6.sin6_addr.s6_addr16[1] = 0;
 1056                         }
 1057                         if (key_sockaddrcmp((struct sockaddr *)&sin6,
 1058                             (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
 1059                                 continue;
 1060                         break;
 1061                 default:
 1062                         ipseclog((LOG_DEBUG, "key_allocsa: "
 1063                             "unknown address family=%d.\n", family));
 1064                         continue;
 1065                 }
 1066 
 1067                 match = sav;
 1068                 matchidx = tmpidx;
 1069         }
 1070 
 1071         if (match)
 1072                 goto found;
 1073 
 1074         /* not found */
 1075         splx(s);
 1076         return NULL;
 1077 
 1078 found:
 1079         match->refcnt++;
 1080         splx(s);
 1081         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1082                 printf("DP allocsa cause refcnt++:%d SA:%p\n",
 1083                         match->refcnt, match));
 1084         return match;
 1085 }
 1086 
 1087 /*
 1088  * Must be called after calling key_allocsp().
 1089  * For both the packet without socket and key_freeso().
 1090  */
 1091 void
 1092 key_freesp(sp)
 1093         struct secpolicy *sp;
 1094 {
 1095         /* sanity check */
 1096         if (sp == NULL)
 1097                 panic("key_freesp: NULL pointer is passed.");
 1098 
 1099         sp->refcnt--;
 1100         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1101                 printf("DP freesp cause refcnt--:%d SP:%p\n",
 1102                         sp->refcnt, sp));
 1103 
 1104         if (sp->refcnt == 0)
 1105                 key_delsp(sp);
 1106 
 1107         return;
 1108 }
 1109 
 1110 /*
 1111  * Must be called after calling key_allocsa().
 1112  * This function is called by key_freesp() to free some SA allocated
 1113  * for a policy.
 1114  */
 1115 void
 1116 key_freesav(sav)
 1117         struct secasvar *sav;
 1118 {
 1119         /* sanity check */
 1120         if (sav == NULL)
 1121                 panic("key_freesav: NULL pointer is passed.");
 1122 
 1123         sav->refcnt--;
 1124         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1125                 printf("DP freesav cause refcnt--:%d SA:%p SPI %u\n",
 1126                         sav->refcnt, sav, (u_int32_t)ntohl(sav->spi)));
 1127 
 1128         if (sav->refcnt > 0)
 1129                 return;
 1130 
 1131         key_delsav(sav);
 1132 }
 1133 
 1134 static void
 1135 key_delsav(sav)
 1136         struct secasvar *sav;
 1137 {
 1138         int s;
 1139 
 1140         /* sanity check */
 1141         if (sav == NULL)
 1142                 panic("key_delsav: NULL pointer is passed.");
 1143 
 1144         if (sav->refcnt > 0)
 1145                 panic("key_delsav: called with positive refcnt");
 1146 
 1147         s = splnet();
 1148 
 1149         if (__LIST_CHAINED(sav))
 1150                 LIST_REMOVE(sav, chain);
 1151 
 1152         if (sav->spihash.le_prev || sav->spihash.le_next)
 1153                 LIST_REMOVE(sav, spihash);
 1154 
 1155         if (sav->key_auth != NULL) {
 1156                 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
 1157                 KFREE(sav->key_auth);
 1158                 sav->key_auth = NULL;
 1159         }
 1160         if (sav->key_enc != NULL) {
 1161                 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
 1162                 KFREE(sav->key_enc);
 1163                 sav->key_enc = NULL;
 1164         }
 1165         if (sav->sched) {
 1166                 bzero(sav->sched, sav->schedlen);
 1167                 KFREE(sav->sched);
 1168                 sav->sched = NULL;
 1169         }
 1170         if (sav->replay != NULL) {
 1171                 keydb_delsecreplay(sav->replay);
 1172                 sav->replay = NULL;
 1173         }
 1174         if (sav->lft_c != NULL) {
 1175                 KFREE(sav->lft_c);
 1176                 sav->lft_c = NULL;
 1177         }
 1178         if (sav->lft_h != NULL) {
 1179                 KFREE(sav->lft_h);
 1180                 sav->lft_h = NULL;
 1181         }
 1182         if (sav->lft_s != NULL) {
 1183                 KFREE(sav->lft_s);
 1184                 sav->lft_s = NULL;
 1185         }
 1186         if (sav->iv != NULL) {
 1187                 KFREE(sav->iv);
 1188                 sav->iv = NULL;
 1189         }
 1190 
 1191         keydb_delsecasvar(sav);
 1192 
 1193         splx(s);
 1194 }
 1195 
 1196 /* %%% SPD management */
 1197 /*
 1198  * free security policy entry.
 1199  */
 1200 static void
 1201 key_delsp(sp)
 1202         struct secpolicy *sp;
 1203 {
 1204         int s;
 1205 
 1206         /* sanity check */
 1207         if (sp == NULL)
 1208                 panic("key_delsp: NULL pointer is passed.");
 1209 
 1210         if (sp->refcnt > 0)
 1211                 panic("key_delsp: called with positive refcnt");
 1212 
 1213         s = splnet();   /*called from softclock()*/
 1214 
 1215     {
 1216         struct ipsecrequest *isr = sp->req, *nextisr;
 1217 
 1218         while (isr != NULL) {
 1219                 if (isr->sav != NULL) {
 1220                         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 1221                                 printf("DP delsp calls free SA:%p\n",
 1222                                         isr->sav));
 1223                         key_freesav(isr->sav);
 1224                         isr->sav = NULL;
 1225                 }
 1226 
 1227                 nextisr = isr->next;
 1228                 KFREE(isr);
 1229                 isr = nextisr;
 1230         }
 1231     }
 1232 
 1233         keydb_delsecpolicy(sp);
 1234 
 1235         splx(s);
 1236 
 1237         return;
 1238 }
 1239 
 1240 /*
 1241  * search SPD
 1242  * OUT: NULL    : not found
 1243  *      others  : found, pointer to a SP.
 1244  */
 1245 static struct secpolicy *
 1246 key_getsp(spidx, dir)
 1247         struct secpolicyindex *spidx;
 1248         int dir;
 1249 {
 1250         struct secpolicy *sp;
 1251 
 1252         /* sanity check */
 1253         if (spidx == NULL)
 1254                 panic("key_getsp: NULL pointer is passed.");
 1255 
 1256         LIST_FOREACH(sp, &sptree[dir], chain) {
 1257                 if (sp->state == IPSEC_SPSTATE_DEAD)
 1258                         continue;
 1259                 if (!sp->spidx)
 1260                         continue;
 1261                 if (key_cmpspidx_exactly(spidx, sp->spidx)) {
 1262                         sp->refcnt++;
 1263                         return sp;
 1264                 }
 1265         }
 1266 
 1267         return NULL;
 1268 }
 1269 
 1270 /*
 1271  * get SP by index.
 1272  * OUT: NULL    : not found
 1273  *      others  : found, pointer to a SP.
 1274  */
 1275 static struct secpolicy *
 1276 key_getspbyid(id)
 1277         u_int32_t id;
 1278 {
 1279         struct secpolicy *sp;
 1280 
 1281         TAILQ_FOREACH(sp, &sptailq, tailq) {
 1282                 if (sp->id == id) {
 1283                         sp->refcnt++;
 1284                         return sp;
 1285                 }
 1286         }
 1287 
 1288         return NULL;
 1289 }
 1290 
 1291 struct secpolicy *
 1292 key_newsp(id)
 1293         u_int32_t id;
 1294 {
 1295         struct secpolicy *newsp = NULL, *sp;
 1296         u_int32_t newid;
 1297 
 1298         if (id > IPSEC_MANUAL_POLICYID_MAX) {
 1299                 ipseclog((LOG_DEBUG,
 1300                     "key_newsp: policy_id=%u range "
 1301                     "violation, updated by kernel.\n", id));
 1302                 id = 0;
 1303         }
 1304 
 1305         if (id == 0) {
 1306                 if ((newid = keydb_newspid()) == 0) {
 1307                         ipseclog((LOG_DEBUG, 
 1308                             "key_newsp: new policy_id allocation failed."));
 1309                         return NULL;
 1310                 }
 1311         } else {
 1312                 sp = key_getspbyid(id);
 1313                 if (sp != NULL) {
 1314                         ipseclog((LOG_DEBUG,
 1315                             "key_newsp: policy_id(%u) has been used.\n", id));
 1316                         key_freesp(sp);
 1317                         return NULL;
 1318                 }
 1319                 newid = id;
 1320         }
 1321 
 1322         newsp = keydb_newsecpolicy();
 1323         if (!newsp)
 1324                 return newsp;
 1325 
 1326         newsp->id = newid;
 1327         newsp->refcnt = 1;
 1328         newsp->req = NULL;
 1329 
 1330         return newsp;
 1331 }
 1332 
 1333 /*
 1334  * create secpolicy structure from sadb_x_policy structure.
 1335  * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
 1336  * so must be set properly later.
 1337  */
 1338 struct secpolicy *
 1339 key_msg2sp(xpl0, len, error)
 1340         struct sadb_x_policy *xpl0;
 1341         size_t len;
 1342         int *error;
 1343 {
 1344         struct secpolicy *newsp;
 1345 
 1346         /* sanity check */
 1347         if (xpl0 == NULL)
 1348                 panic("key_msg2sp: NULL pointer was passed.");
 1349         if (len < sizeof(*xpl0))
 1350                 panic("key_msg2sp: invalid length.");
 1351         if (len != PFKEY_EXTLEN(xpl0)) {
 1352                 ipseclog((LOG_DEBUG, "key_msg2sp: Invalid msg length.\n"));
 1353                 *error = EINVAL;
 1354                 return NULL;
 1355         }
 1356 
 1357         if ((newsp = key_newsp(xpl0->sadb_x_policy_id)) == NULL) {
 1358                 *error = ENOBUFS;
 1359                 return NULL;
 1360         }
 1361 
 1362         newsp->dir = xpl0->sadb_x_policy_dir;
 1363         newsp->policy = xpl0->sadb_x_policy_type;
 1364 
 1365         /* check policy */
 1366         switch (xpl0->sadb_x_policy_type) {
 1367         case IPSEC_POLICY_DISCARD:
 1368         case IPSEC_POLICY_NONE:
 1369         case IPSEC_POLICY_ENTRUST:
 1370         case IPSEC_POLICY_BYPASS:
 1371                 newsp->req = NULL;
 1372                 break;
 1373 
 1374         case IPSEC_POLICY_IPSEC:
 1375             {
 1376                 int tlen;
 1377                 struct sadb_x_ipsecrequest *xisr;
 1378                 struct ipsecrequest **p_isr = &newsp->req;
 1379 
 1380                 /* validity check */
 1381                 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
 1382                         ipseclog((LOG_DEBUG,
 1383                             "key_msg2sp: Invalid msg length.\n"));
 1384                         key_freesp(newsp);
 1385                         *error = EINVAL;
 1386                         return NULL;
 1387                 }
 1388 
 1389                 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
 1390                 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
 1391 
 1392                 while (tlen > 0) {
 1393 
 1394                         /* length check */
 1395                         if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
 1396                                 ipseclog((LOG_DEBUG, "key_msg2sp: "
 1397                                         "invalid ipsecrequest length.\n"));
 1398                                 key_freesp(newsp);
 1399                                 *error = EINVAL;
 1400                                 return NULL;
 1401                         }
 1402 
 1403                         /* allocate request buffer */
 1404                         KMALLOC(*p_isr, struct ipsecrequest *, sizeof(**p_isr));
 1405                         if ((*p_isr) == NULL) {
 1406                                 ipseclog((LOG_DEBUG,
 1407                                     "key_msg2sp: No more memory.\n"));
 1408                                 key_freesp(newsp);
 1409                                 *error = ENOBUFS;
 1410                                 return NULL;
 1411                         }
 1412                         bzero(*p_isr, sizeof(**p_isr));
 1413 
 1414                         /* set values */
 1415                         (*p_isr)->next = NULL;
 1416 
 1417                         switch (xisr->sadb_x_ipsecrequest_proto) {
 1418                         case IPPROTO_ESP:
 1419                         case IPPROTO_AH:
 1420                         case IPPROTO_IPCOMP:
 1421                                 break;
 1422                         default:
 1423                                 ipseclog((LOG_DEBUG,
 1424                                     "key_msg2sp: invalid proto type=%u\n",
 1425                                     xisr->sadb_x_ipsecrequest_proto));
 1426                                 key_freesp(newsp);
 1427                                 *error = EPROTONOSUPPORT;
 1428                                 return NULL;
 1429                         }
 1430                         (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
 1431 
 1432                         switch (xisr->sadb_x_ipsecrequest_mode) {
 1433                         case IPSEC_MODE_TRANSPORT:
 1434                         case IPSEC_MODE_TUNNEL:
 1435                                 break;
 1436                         case IPSEC_MODE_ANY:
 1437                         default:
 1438                                 ipseclog((LOG_DEBUG,
 1439                                     "key_msg2sp: invalid mode=%u\n",
 1440                                     xisr->sadb_x_ipsecrequest_mode));
 1441                                 key_freesp(newsp);
 1442                                 *error = EINVAL;
 1443                                 return NULL;
 1444                         }
 1445                         (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
 1446 
 1447                         switch (xisr->sadb_x_ipsecrequest_level) {
 1448                         case IPSEC_LEVEL_DEFAULT:
 1449                         case IPSEC_LEVEL_USE:
 1450                         case IPSEC_LEVEL_REQUIRE:
 1451                                 break;
 1452                         case IPSEC_LEVEL_UNIQUE:
 1453                                 /* validity check */
 1454                                 /*
 1455                                  * If range violation of reqid, kernel will
 1456                                  * update it, don't refuse it.
 1457                                  */
 1458                                 if (xisr->sadb_x_ipsecrequest_reqid
 1459                                                 > IPSEC_MANUAL_REQID_MAX) {
 1460                                         ipseclog((LOG_DEBUG,
 1461                                             "key_msg2sp: reqid=%u range "
 1462                                             "violation, updated by kernel.\n",
 1463                                             xisr->sadb_x_ipsecrequest_reqid));
 1464                                         xisr->sadb_x_ipsecrequest_reqid = 0;
 1465                                 }
 1466 
 1467                                 /* allocate new reqid id if reqid is zero. */
 1468                                 if (xisr->sadb_x_ipsecrequest_reqid == 0) {
 1469                                         u_int32_t reqid;
 1470                                         if ((reqid = key_newreqid()) == 0) {
 1471                                                 key_freesp(newsp);
 1472                                                 *error = ENOBUFS;
 1473                                                 return NULL;
 1474                                         }
 1475                                         (*p_isr)->saidx.reqid = reqid;
 1476                                         xisr->sadb_x_ipsecrequest_reqid = reqid;
 1477                                 } else {
 1478                                 /* set it for manual keying. */
 1479                                         (*p_isr)->saidx.reqid =
 1480                                                 xisr->sadb_x_ipsecrequest_reqid;
 1481                                 }
 1482                                 break;
 1483 
 1484                         default:
 1485                                 ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n",
 1486                                         xisr->sadb_x_ipsecrequest_level));
 1487                                 key_freesp(newsp);
 1488                                 *error = EINVAL;
 1489                                 return NULL;
 1490                         }
 1491                         (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
 1492 
 1493                         /* set IP addresses if there */
 1494                         if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
 1495                                 struct sockaddr *paddr;
 1496 
 1497                                 paddr = (struct sockaddr *)(xisr + 1);
 1498 
 1499                                 /* validity check */
 1500                                 if (paddr->sa_len
 1501                                     > sizeof((*p_isr)->saidx.src)) {
 1502                                         ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
 1503                                                 "address length.\n"));
 1504                                         key_freesp(newsp);
 1505                                         *error = EINVAL;
 1506                                         return NULL;
 1507                                 }
 1508                                 bcopy(paddr, &(*p_isr)->saidx.src,
 1509                                         paddr->sa_len);
 1510 
 1511                                 paddr = (struct sockaddr *)((caddr_t)paddr
 1512                                                         + paddr->sa_len);
 1513 
 1514                                 /* validity check */
 1515                                 if (paddr->sa_len
 1516                                     > sizeof((*p_isr)->saidx.dst)) {
 1517                                         ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
 1518                                                 "address length.\n"));
 1519                                         key_freesp(newsp);
 1520                                         *error = EINVAL;
 1521                                         return NULL;
 1522                                 }
 1523                                 bcopy(paddr, &(*p_isr)->saidx.dst,
 1524                                         paddr->sa_len);
 1525                         }
 1526 
 1527                         (*p_isr)->sav = NULL;
 1528                         (*p_isr)->sp = newsp;
 1529 
 1530                         /* initialization for the next. */
 1531                         p_isr = &(*p_isr)->next;
 1532                         tlen -= xisr->sadb_x_ipsecrequest_len;
 1533 
 1534                         /* validity check */
 1535                         if (tlen < 0) {
 1536                                 ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n"));
 1537                                 key_freesp(newsp);
 1538                                 *error = EINVAL;
 1539                                 return NULL;
 1540                         }
 1541 
 1542                         xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
 1543                                          + xisr->sadb_x_ipsecrequest_len);
 1544                 }
 1545             }
 1546                 break;
 1547         default:
 1548                 ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n"));
 1549                 key_freesp(newsp);
 1550                 *error = EINVAL;
 1551                 return NULL;
 1552         }
 1553 
 1554         *error = 0;
 1555         return newsp;
 1556 }
 1557 
 1558 static u_int32_t
 1559 key_newreqid()
 1560 {
 1561         static u_int32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
 1562 
 1563         auto_reqid = (auto_reqid == ~0
 1564                         ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
 1565 
 1566         /* XXX should be unique check */
 1567 
 1568         return auto_reqid;
 1569 }
 1570 
 1571 /*
 1572  * copy secpolicy struct to sadb_x_policy structure indicated.
 1573  */
 1574 struct mbuf *
 1575 key_sp2msg(sp)
 1576         struct secpolicy *sp;
 1577 {
 1578         struct sadb_x_policy *xpl;
 1579         int tlen;
 1580         caddr_t p;
 1581         struct mbuf *m;
 1582 
 1583         /* sanity check. */
 1584         if (sp == NULL)
 1585                 panic("key_sp2msg: NULL pointer was passed.");
 1586 
 1587         tlen = key_getspreqmsglen(sp);
 1588 
 1589         m = key_alloc_mbuf(tlen);
 1590         if (!m || m->m_next) {  /*XXX*/
 1591                 if (m)
 1592                         m_freem(m);
 1593                 return NULL;
 1594         }
 1595 
 1596         m->m_len = tlen;
 1597         m->m_next = NULL;
 1598         xpl = mtod(m, struct sadb_x_policy *);
 1599         bzero(xpl, tlen);
 1600 
 1601         xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
 1602         xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
 1603         xpl->sadb_x_policy_type = sp->policy;
 1604         xpl->sadb_x_policy_dir = sp->dir;
 1605         xpl->sadb_x_policy_id = sp->id;
 1606         p = (caddr_t)xpl + sizeof(*xpl);
 1607 
 1608         /* if is the policy for ipsec ? */
 1609         if (sp->policy == IPSEC_POLICY_IPSEC) {
 1610                 struct sadb_x_ipsecrequest *xisr;
 1611                 struct ipsecrequest *isr;
 1612 
 1613                 for (isr = sp->req; isr != NULL; isr = isr->next) {
 1614 
 1615                         xisr = (struct sadb_x_ipsecrequest *)p;
 1616 
 1617                         xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
 1618                         xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
 1619                         xisr->sadb_x_ipsecrequest_level = isr->level;
 1620                         xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
 1621 
 1622                         p += sizeof(*xisr);
 1623                         bcopy(&isr->saidx.src, p, isr->saidx.src.ss_len);
 1624                         p += isr->saidx.src.ss_len;
 1625                         bcopy(&isr->saidx.dst, p, isr->saidx.dst.ss_len);
 1626                         p += isr->saidx.src.ss_len;
 1627 
 1628                         xisr->sadb_x_ipsecrequest_len =
 1629                                 PFKEY_ALIGN8(sizeof(*xisr)
 1630                                         + isr->saidx.src.ss_len
 1631                                         + isr->saidx.dst.ss_len);
 1632                 }
 1633         }
 1634 
 1635         return m;
 1636 }
 1637 
 1638 /* m will not be freed nor modified */
 1639 static struct mbuf *
 1640 #ifdef __STDC__
 1641 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
 1642         int ndeep, int nitem, ...)
 1643 #else
 1644 key_gather_mbuf(m, mhp, ndeep, nitem, va_alist)
 1645         struct mbuf *m;
 1646         const struct sadb_msghdr *mhp;
 1647         int ndeep;
 1648         int nitem;
 1649         va_dcl
 1650 #endif
 1651 {
 1652         va_list ap;
 1653         int idx;
 1654         int i;
 1655         struct mbuf *result = NULL, *n;
 1656         int len;
 1657 
 1658         if (m == NULL || mhp == NULL)
 1659                 panic("null pointer passed to key_gather");
 1660 
 1661         va_start(ap, nitem);
 1662         for (i = 0; i < nitem; i++) {
 1663                 idx = va_arg(ap, int);
 1664                 if (idx < 0 || idx > SADB_EXT_MAX)
 1665                         goto fail;
 1666                 /* don't attempt to pull empty extension */
 1667                 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
 1668                         continue;
 1669                 if (idx != SADB_EXT_RESERVED  &&
 1670                     (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
 1671                         continue;
 1672 
 1673                 if (idx == SADB_EXT_RESERVED) {
 1674                         len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 1675 #ifdef DIAGNOSTIC
 1676                         if (len > MHLEN)
 1677                                 panic("assumption failed");
 1678 #endif
 1679                         MGETHDR(n, M_DONTWAIT, MT_DATA);
 1680                         if (!n)
 1681                                 goto fail;
 1682                         n->m_len = len;
 1683                         n->m_next = NULL;
 1684                         m_copydata(m, 0, sizeof(struct sadb_msg),
 1685                             mtod(n, caddr_t));
 1686                 } else if (i < ndeep) {
 1687                         len = mhp->extlen[idx];
 1688                         n = key_alloc_mbuf(len);
 1689                         if (!n || n->m_next) {  /*XXX*/
 1690                                 if (n)
 1691                                         m_freem(n);
 1692                                 goto fail;
 1693                         }
 1694                         m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
 1695                             mtod(n, caddr_t));
 1696                 } else {
 1697                         n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
 1698                             M_DONTWAIT);
 1699                 }
 1700                 if (n == NULL)
 1701                         goto fail;
 1702 
 1703                 if (result)
 1704                         m_cat(result, n);
 1705                 else
 1706                         result = n;
 1707         }
 1708         va_end(ap);
 1709 
 1710         if ((result->m_flags & M_PKTHDR) != 0) {
 1711                 result->m_pkthdr.len = 0;
 1712                 for (n = result; n; n = n->m_next)
 1713                         result->m_pkthdr.len += n->m_len;
 1714         }
 1715 
 1716         return result;
 1717 
 1718 fail:
 1719         va_end(ap);
 1720         m_freem(result);
 1721         return NULL;
 1722 }
 1723 
 1724 /*
 1725  * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
 1726  * add an entry to SP database, when received
 1727  *   <base, address(SD), (lifetime(H),) policy>
 1728  * from the user(?).
 1729  * Adding to SP database,
 1730  * and send
 1731  *   <base, address(SD), (lifetime(H),) policy>
 1732  * to the socket which was send.
 1733  *
 1734  * SPDADD set a unique policy entry.
 1735  * SPDSETIDX like SPDADD without a part of policy requests.
 1736  * SPDUPDATE replace a unique policy entry.
 1737  *
 1738  * m will always be freed.
 1739  */
 1740 static int
 1741 key_spdadd(so, m, mhp)
 1742         struct socket *so;
 1743         struct mbuf *m;
 1744         const struct sadb_msghdr *mhp;
 1745 {
 1746         struct sadb_address *src0 = NULL, *dst0 = NULL;
 1747         struct sadb_x_policy *xpl0, *xpl;
 1748         struct sadb_lifetime *lft = NULL;
 1749         struct secpolicyindex spidx;
 1750         struct secpolicy *newsp;
 1751         struct ipsecrequest *isr;
 1752         int error;
 1753         int spidxmode;
 1754 
 1755         /* sanity check */
 1756         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 1757                 panic("key_spdadd: NULL pointer is passed.");
 1758 
 1759         if (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL &&
 1760             mhp->ext[SADB_EXT_ADDRESS_DST] != NULL) {
 1761                 ;
 1762         } else {
 1763                 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
 1764                 return key_senderror(so, m, EINVAL);
 1765         }
 1766         if (mhp->ext[SADB_X_EXT_POLICY] == NULL) {
 1767                 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
 1768                 return key_senderror(so, m, EINVAL);
 1769         }
 1770         if ((mhp->extlen[SADB_EXT_ADDRESS_SRC] &&
 1771              mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address)) ||
 1772             (mhp->extlen[SADB_EXT_ADDRESS_DST] &&
 1773              mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) ||
 1774             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 1775                 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
 1776                 return key_senderror(so, m, EINVAL);
 1777         }
 1778         if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
 1779                 if (mhp->extlen[SADB_EXT_LIFETIME_HARD]
 1780                         < sizeof(struct sadb_lifetime)) {
 1781                         ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
 1782                         return key_senderror(so, m, EINVAL);
 1783                 }
 1784                 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
 1785         }
 1786 
 1787         /* spidx mode, or tag mode */
 1788         spidxmode = (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL);
 1789 
 1790         if (spidxmode) {
 1791                 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 1792                 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 1793                 /* make secindex */
 1794                 /* XXX boundary check against sa_len */
 1795                 KEY_SETSECSPIDX(src0 + 1, dst0 + 1,
 1796                     src0->sadb_address_prefixlen, dst0->sadb_address_prefixlen,
 1797                     src0->sadb_address_proto, &spidx);
 1798         }
 1799         xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
 1800 
 1801         /* checking the direciton. */
 1802         switch (xpl0->sadb_x_policy_dir) {
 1803         case IPSEC_DIR_INBOUND:
 1804         case IPSEC_DIR_OUTBOUND:
 1805                 break;
 1806         default:
 1807                 ipseclog((LOG_DEBUG, "key_spdadd: Invalid SP direction.\n"));
 1808                 mhp->msg->sadb_msg_errno = EINVAL;
 1809                 return 0;
 1810         }
 1811 
 1812         /* check policy */
 1813         /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
 1814         if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST ||
 1815             xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
 1816                 ipseclog((LOG_DEBUG, "key_spdadd: Invalid policy type.\n"));
 1817                 return key_senderror(so, m, EINVAL);
 1818         }
 1819 
 1820         /* policy requests are mandatory when action is ipsec. */
 1821         if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX &&
 1822             xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
 1823             mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
 1824                 ipseclog((LOG_DEBUG, "key_spdadd: some policy requests part required.\n"));
 1825                 return key_senderror(so, m, EINVAL);
 1826         }
 1827 
 1828         /*
 1829          * checking there is SP already or not.
 1830          * SPDUPDATE doesn't depend on whether there is a SP or not.
 1831          * If the type is either SPDADD or SPDSETIDX AND a SP is found,
 1832          * then error.
 1833          */
 1834         if (xpl0->sadb_x_policy_id != 0)
 1835                 newsp = key_getspbyid(xpl0->sadb_x_policy_id);
 1836         else if (spidxmode)
 1837                 newsp = key_getsp(&spidx, xpl0->sadb_x_policy_dir);
 1838         else
 1839                 newsp = NULL;
 1840 
 1841         if (newsp && (newsp->readonly || newsp->persist)) {
 1842                 ipseclog((LOG_DEBUG,
 1843                     "key_spdadd: tried to alter readonly/persistent SP.\n"));
 1844                 return key_senderror(so, m, EPERM);
 1845         }
 1846 
 1847         if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
 1848                 if (newsp) {
 1849                         key_sp_dead(newsp);
 1850                         key_freesp(newsp);      /* ref gained by key_getsp */
 1851                         key_sp_unlink(newsp);
 1852                         newsp = NULL;
 1853                 }
 1854         } else {
 1855                 if (newsp != NULL) {
 1856                         key_freesp(newsp);
 1857                         ipseclog((LOG_DEBUG, "key_spdadd: a SP entry exists already.\n"));
 1858                         return key_senderror(so, m, EEXIST);
 1859                 }
 1860         }
 1861 
 1862         /* allocation new SP entry */
 1863         if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
 1864                 return key_senderror(so, m, error);
 1865         }
 1866 
 1867         if (spidxmode) {
 1868                 error = keydb_setsecpolicyindex(newsp, &spidx);
 1869                 if (error) {
 1870                         keydb_delsecpolicy(newsp);
 1871                         return key_senderror(so, m, error);
 1872                 }
 1873 
 1874                 /* sanity check on addr pair */
 1875                 if (((struct sockaddr *)(src0 + 1))->sa_family !=
 1876                                 ((struct sockaddr *)(dst0 + 1))->sa_family) {
 1877                         keydb_delsecpolicy(newsp);
 1878                         return key_senderror(so, m, EINVAL);
 1879                 }
 1880                 if (((struct sockaddr *)(src0 + 1))->sa_len !=
 1881                                 ((struct sockaddr *)(dst0 + 1))->sa_len) {
 1882                         keydb_delsecpolicy(newsp);
 1883                         return key_senderror(so, m, EINVAL);
 1884                 }
 1885         }
 1886 
 1887         for (isr = newsp->req; isr; isr = isr->next) {
 1888                 struct sockaddr *sa;
 1889 
 1890                 /*
 1891                  * port spec is not permitted for tunnel mode
 1892                  */
 1893                 if (isr->saidx.mode == IPSEC_MODE_TUNNEL && src0 && dst0) {
 1894                         sa = (struct sockaddr *)(src0 + 1);
 1895                         switch (sa->sa_family) {
 1896                         case AF_INET:
 1897                                 if (((struct sockaddr_in *)sa)->sin_port) {
 1898                                         keydb_delsecpolicy(newsp);
 1899                                         return key_senderror(so, m, EINVAL);
 1900                                 }
 1901                                 break;
 1902                         case AF_INET6:
 1903                                 if (((struct sockaddr_in6 *)sa)->sin6_port) {
 1904                                         keydb_delsecpolicy(newsp);
 1905                                         return key_senderror(so, m, EINVAL);
 1906                                 }
 1907                                 break;
 1908                         default:
 1909                                 break;
 1910                         }
 1911                         sa = (struct sockaddr *)(dst0 + 1);
 1912                         switch (sa->sa_family) {
 1913                         case AF_INET:
 1914                                 if (((struct sockaddr_in *)sa)->sin_port) {
 1915                                         keydb_delsecpolicy(newsp);
 1916                                         return key_senderror(so, m, EINVAL);
 1917                                 }
 1918                                 break;
 1919                         case AF_INET6:
 1920                                 if (((struct sockaddr_in6 *)sa)->sin6_port) {
 1921                                         keydb_delsecpolicy(newsp);
 1922                                         return key_senderror(so, m, EINVAL);
 1923                                 }
 1924                                 break;
 1925                         default:
 1926                                 break;
 1927                         }
 1928                 }
 1929         }
 1930 
 1931         /*
 1932          * bark if we have different address family on tunnel address
 1933          * specification.  applies only if we decapsulate in RFC2401
 1934          * IPsec (implementation limitation).
 1935          */
 1936         for (isr = newsp->req; isr; isr = isr->next) {
 1937                 struct sockaddr *sa;
 1938 
 1939                 if (isr->saidx.src.ss_family && src0) {
 1940                         sa = (struct sockaddr *)(src0 + 1);
 1941                         if (sa->sa_family != isr->saidx.src.ss_family) {
 1942                                 keydb_delsecpolicy(newsp);
 1943                                 return key_senderror(so, m, EINVAL);
 1944                         }
 1945                 }
 1946                 if (isr->saidx.dst.ss_family && dst0) {
 1947                         sa = (struct sockaddr *)(dst0 + 1);
 1948                         if (sa->sa_family != isr->saidx.dst.ss_family) {
 1949                                 keydb_delsecpolicy(newsp);
 1950                                 return key_senderror(so, m, EINVAL);
 1951                         }
 1952                 }
 1953         }
 1954 
 1955         newsp->created = time_second;
 1956         newsp->lastused = time_second;
 1957         newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
 1958         newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
 1959 
 1960         newsp->state = IPSEC_SPSTATE_ALIVE;
 1961         LIST_INSERT_TAIL(&sptree[newsp->dir], newsp, secpolicy, chain);
 1962 
 1963         /* delete the entry in spacqtree */
 1964         if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE &&
 1965             mhp->ext[SADB_EXT_ADDRESS_SRC]) {
 1966                 struct secspacq *spacq;
 1967                 if ((spacq = key_getspacq(&spidx)) != NULL) {
 1968                         /* reset counter in order to deletion by timehandler. */
 1969                         spacq->created = time_second;
 1970                         spacq->count = 0;
 1971                 }
 1972         }
 1973 
 1974         /* invalidate all cached SPD pointers on pcb */
 1975         ipsec_invalpcbcacheall();
 1976 
 1977     {
 1978         struct mbuf *n, *mpolicy;
 1979         struct sadb_msg *newmsg;
 1980         int off;
 1981 
 1982         /* create new sadb_msg to reply. */
 1983         if (lft) {
 1984                 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED,
 1985                     SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD,
 1986                     SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 1987         } else {
 1988                 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED,
 1989                     SADB_X_EXT_POLICY,
 1990                     SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 1991         }
 1992         if (!n)
 1993                 return key_senderror(so, m, ENOBUFS);
 1994 
 1995         if (n->m_len < sizeof(*newmsg)) {
 1996                 n = m_pullup(n, sizeof(*newmsg));
 1997                 if (!n)
 1998                         return key_senderror(so, m, ENOBUFS);
 1999         }
 2000         newmsg = mtod(n, struct sadb_msg *);
 2001         newmsg->sadb_msg_errno = 0;
 2002         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 2003 
 2004         off = 0;
 2005         mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
 2006             sizeof(*xpl), &off);
 2007         if (mpolicy == NULL) {
 2008                 /* n is already freed */
 2009                 return key_senderror(so, m, ENOBUFS);
 2010         }
 2011         xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off);
 2012         if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
 2013                 m_freem(n);
 2014                 return key_senderror(so, m, EINVAL);
 2015         }
 2016         xpl->sadb_x_policy_id = newsp->id;
 2017 
 2018         m_freem(m);
 2019         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 2020     }
 2021 }
 2022 
 2023 /*
 2024  * SADB_SPDDELETE processing
 2025  * receive
 2026  *   <base, address(SD), policy(*)>
 2027  * from the user(?), and set SADB_SASTATE_DEAD,
 2028  * and send,
 2029  *   <base, address(SD), policy(*)>
 2030  * to the ikmpd.
 2031  * policy(*) including the direction of the policy.
 2032  *
 2033  * m will always be freed.
 2034  */
 2035 static int
 2036 key_spddelete(so, m, mhp)
 2037         struct socket *so;
 2038         struct mbuf *m;
 2039         const struct sadb_msghdr *mhp;
 2040 {
 2041         struct sadb_address *src0, *dst0;
 2042         struct sadb_x_policy *xpl0;
 2043         struct secpolicyindex spidx;
 2044         struct secpolicy *sp;
 2045 
 2046         /* sanity check */
 2047         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 2048                 panic("key_spddelete: NULL pointer is passed.");
 2049 
 2050         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 2051             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 2052             mhp->ext[SADB_X_EXT_POLICY] == NULL) {
 2053                 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
 2054                 return key_senderror(so, m, EINVAL);
 2055         }
 2056         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 2057             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
 2058             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 2059                 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
 2060                 return key_senderror(so, m, EINVAL);
 2061         }
 2062 
 2063         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 2064         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 2065         xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
 2066 
 2067         /* make secindex */
 2068         /* XXX boundary check against sa_len */
 2069         KEY_SETSECSPIDX(src0 + 1,
 2070                         dst0 + 1,
 2071                         src0->sadb_address_prefixlen,
 2072                         dst0->sadb_address_prefixlen,
 2073                         src0->sadb_address_proto,
 2074                         &spidx);
 2075 
 2076         /* checking the direciton. */
 2077         switch (xpl0->sadb_x_policy_dir) {
 2078         case IPSEC_DIR_INBOUND:
 2079         case IPSEC_DIR_OUTBOUND:
 2080                 break;
 2081         default:
 2082                 ipseclog((LOG_DEBUG, "key_spddelete: Invalid SP direction.\n"));
 2083                 return key_senderror(so, m, EINVAL);
 2084         }
 2085 
 2086         /* Is there SP in SPD ? */
 2087         if ((sp = key_getsp(&spidx, xpl0->sadb_x_policy_dir)) == NULL) {
 2088                 ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n"));
 2089                 return key_senderror(so, m, EINVAL);
 2090         }
 2091 
 2092         if (sp->persist) {
 2093                 ipseclog((LOG_DEBUG,
 2094                     "key_spddelete2: attempt to remove persistent SP:%u.\n",
 2095                     sp->id));
 2096                 key_freesp(sp); /* ref gained by key_getsp */
 2097                 return key_senderror(so, m, EPERM);
 2098         }
 2099 
 2100         /* save policy id to be returned. */
 2101         xpl0->sadb_x_policy_id = sp->id;
 2102 
 2103         key_sp_dead(sp);
 2104         key_freesp(sp); /* ref gained by key_getsp */
 2105         key_sp_unlink(sp);
 2106         sp = NULL;
 2107 
 2108         /* invalidate all cached SPD pointers on pcb */
 2109         ipsec_invalpcbcacheall();
 2110 
 2111     {
 2112         struct mbuf *n;
 2113         struct sadb_msg *newmsg;
 2114 
 2115         /* create new sadb_msg to reply. */
 2116         n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
 2117             SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 2118         if (!n)
 2119                 return key_senderror(so, m, ENOBUFS);
 2120 
 2121         newmsg = mtod(n, struct sadb_msg *);
 2122         newmsg->sadb_msg_errno = 0;
 2123         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 2124 
 2125         m_freem(m);
 2126         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 2127     }
 2128 }
 2129 
 2130 /*
 2131  * SADB_SPDDELETE2 processing
 2132  * receive
 2133  *   <base, policy(*)>
 2134  * from the user(?), and set SADB_SASTATE_DEAD,
 2135  * and send,
 2136  *   <base, policy(*)>
 2137  * to the ikmpd.
 2138  * policy(*) including the policy id.
 2139  *
 2140  * m will always be freed.
 2141  */
 2142 static int
 2143 key_spddelete2(so, m, mhp)
 2144         struct socket *so;
 2145         struct mbuf *m;
 2146         const struct sadb_msghdr *mhp;
 2147 {
 2148         u_int32_t id;
 2149         struct secpolicy *sp;
 2150 
 2151         /* sanity check */
 2152         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 2153                 panic("key_spddelete2: NULL pointer is passed.");
 2154 
 2155         if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
 2156             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 2157                 ipseclog((LOG_DEBUG, "key_spddelete2: invalid message is passed.\n"));
 2158                 return key_senderror(so, m, EINVAL);
 2159         }
 2160 
 2161         id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
 2162 
 2163         /* Is there SP in SPD ? */
 2164         if ((sp = key_getspbyid(id)) == NULL) {
 2165                 ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n",
 2166                     id));
 2167                 return key_senderror(so, m, EINVAL);
 2168         }
 2169 
 2170         if (sp->persist) {
 2171                 ipseclog((LOG_DEBUG,
 2172                     "key_spddelete2: attempt to remove persistent SP:%u.\n",
 2173                     id));
 2174                 key_freesp(sp); /* ref gained by key_getspbyid */
 2175                 return key_senderror(so, m, EPERM);
 2176         }
 2177 
 2178         key_sp_dead(sp);
 2179         key_freesp(sp); /* ref gained by key_getspbyid */
 2180         key_sp_unlink(sp);
 2181         sp = NULL;
 2182 
 2183         /* invalidate all cached SPD pointers on pcb */
 2184         ipsec_invalpcbcacheall();
 2185 
 2186     {
 2187         struct mbuf *n, *nn;
 2188         struct sadb_msg *newmsg;
 2189         int off, len;
 2190 
 2191         /* create new sadb_msg to reply. */
 2192         len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 2193 
 2194         if (len > MCLBYTES)
 2195                 return key_senderror(so, m, ENOBUFS);
 2196         MGETHDR(n, M_DONTWAIT, MT_DATA);
 2197         if (n && len > MHLEN) {
 2198                 MCLGET(n, M_DONTWAIT);
 2199                 if ((n->m_flags & M_EXT) == 0) {
 2200                         m_freem(n);
 2201                         n = NULL;
 2202                 }
 2203         }
 2204         if (!n)
 2205                 return key_senderror(so, m, ENOBUFS);
 2206 
 2207         n->m_len = len;
 2208         n->m_next = NULL;
 2209         off = 0;
 2210 
 2211         m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
 2212         off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
 2213 
 2214 #ifdef DIAGNOSTIC
 2215         if (off != len)
 2216                 panic("length inconsistency in key_spddelete2");
 2217 #endif
 2218 
 2219         n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
 2220             mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT);
 2221         if (!n->m_next) {
 2222                 m_freem(n);
 2223                 return key_senderror(so, m, ENOBUFS);
 2224         }
 2225 
 2226         n->m_pkthdr.len = 0;
 2227         for (nn = n; nn; nn = nn->m_next)
 2228                 n->m_pkthdr.len += nn->m_len;
 2229 
 2230         newmsg = mtod(n, struct sadb_msg *);
 2231         newmsg->sadb_msg_errno = 0;
 2232         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 2233 
 2234         m_freem(m);
 2235         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 2236     }
 2237 }
 2238 
 2239 /*
 2240  * SADB_X_SPDGET processing
 2241  * receive
 2242  *   <base, policy(*)>
 2243  * from the user(?),
 2244  * and send,
 2245  *   <base, address(SD), policy>
 2246  * to the ikmpd.
 2247  * policy(*) including direction of policy.
 2248  *
 2249  * m will always be freed.
 2250  */
 2251 static int
 2252 key_spdget(so, m, mhp)
 2253         struct socket *so;
 2254         struct mbuf *m;
 2255         const struct sadb_msghdr *mhp;
 2256 {
 2257         u_int32_t id;
 2258         struct secpolicy *sp;
 2259         struct mbuf *n;
 2260 
 2261         /* sanity check */
 2262         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 2263                 panic("key_spdget: NULL pointer is passed.");
 2264 
 2265         if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
 2266             mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
 2267                 ipseclog((LOG_DEBUG, "key_spdget: invalid message is passed.\n"));
 2268                 return key_senderror(so, m, EINVAL);
 2269         }
 2270 
 2271         id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
 2272 
 2273         /* Is there SP in SPD ? */
 2274         if ((sp = key_getspbyid(id)) == NULL) {
 2275                 ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n", id));
 2276                 return key_senderror(so, m, ENOENT);
 2277         }
 2278 
 2279         n = key_setdumpsp(sp, SADB_X_SPDGET, 0, mhp->msg->sadb_msg_pid);
 2280         key_freesp(sp); /* ref gained by key_getspbyid */
 2281         if (n != NULL) {
 2282                 m_freem(m);
 2283                 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 2284         } else
 2285                 return key_senderror(so, m, ENOBUFS);
 2286 }
 2287 
 2288 /*
 2289  * SADB_X_SPDACQUIRE processing.
 2290  * Acquire policy and SA(s) for a *OUTBOUND* packet.
 2291  * send
 2292  *   <base, policy(*)>
 2293  * to KMD, and expect to receive
 2294  *   <base> with SADB_X_SPDACQUIRE if error occured,
 2295  * or
 2296  *   <base, policy>
 2297  * with SADB_X_SPDUPDATE from KMD by PF_KEY.
 2298  * policy(*) is without policy requests.
 2299  *
 2300  *    0     : succeed
 2301  *    others: error number
 2302  */
 2303 int
 2304 key_spdacquire(sp)
 2305         struct secpolicy *sp;
 2306 {
 2307         struct mbuf *result = NULL, *m;
 2308 #ifndef IPSEC_NONBLOCK_ACQUIRE
 2309         struct secspacq *newspacq;
 2310 #endif
 2311         int error = -1;
 2312 
 2313         /* sanity check */
 2314         if (sp == NULL)
 2315                 panic("key_spdacquire: NULL pointer is passed.");
 2316         if (sp->req != NULL)
 2317                 panic("key_spdacquire: called but there is request.");
 2318         if (sp->policy != IPSEC_POLICY_IPSEC)
 2319                 panic("key_spdacquire: policy mismathed. IPsec is expected.");
 2320         if (!sp->spidx) {
 2321                 error = EOPNOTSUPP;
 2322                 goto fail;
 2323         }
 2324 
 2325 #ifndef IPSEC_NONBLOCK_ACQUIRE
 2326         /* get an entry to check whether sent message or not. */
 2327         if ((newspacq = key_getspacq(sp->spidx)) != NULL) {
 2328                 if (key_blockacq_count < newspacq->count) {
 2329                         /* reset counter and do send message. */
 2330                         newspacq->count = 0;
 2331                 } else {
 2332                         /* increment counter and do nothing. */
 2333                         newspacq->count++;
 2334                         return 0;
 2335                 }
 2336         } else {
 2337                 /* make new entry for blocking to send SADB_ACQUIRE. */
 2338                 if ((newspacq = key_newspacq(sp->spidx)) == NULL)
 2339                         return ENOBUFS;
 2340 
 2341                 /* add to acqtree */
 2342                 LIST_INSERT_HEAD(&spacqtree, newspacq, chain);
 2343         }
 2344 #endif
 2345 
 2346         /* create new sadb_msg to reply. */
 2347         m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
 2348         if (!m) {
 2349                 error = ENOBUFS;
 2350                 goto fail;
 2351         }
 2352         result = m;
 2353 
 2354         /* set sadb_x_policy */
 2355         if (sp) {
 2356                 m = key_setsadbxpolicy(sp->policy, sp->dir, sp->id);
 2357                 if (!m) {
 2358                         error = ENOBUFS;
 2359                         goto fail;
 2360                 }
 2361                 m_cat(result, m);
 2362         }
 2363 
 2364         result->m_pkthdr.len = 0;
 2365         for (m = result; m; m = m->m_next)
 2366                 result->m_pkthdr.len += m->m_len;
 2367 
 2368         mtod(result, struct sadb_msg *)->sadb_msg_len =
 2369             PFKEY_UNIT64(result->m_pkthdr.len);
 2370 
 2371         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 2372 
 2373 fail:
 2374         if (result)
 2375                 m_freem(result);
 2376         return error;
 2377 }
 2378 
 2379 /*
 2380  * SADB_SPDFLUSH processing
 2381  * receive
 2382  *   <base>
 2383  * from the user, and free all entries in secpctree.
 2384  * and send,
 2385  *   <base>
 2386  * to the user.
 2387  * NOTE: what to do is only marking SADB_SASTATE_DEAD.
 2388  *
 2389  * m will always be freed.
 2390  */
 2391 static int
 2392 key_spdflush(so, m, mhp)
 2393         struct socket *so;
 2394         struct mbuf *m;
 2395         const struct sadb_msghdr *mhp;
 2396 {
 2397         struct sadb_msg *newmsg;
 2398         struct secpolicy *sp, *nextsp;
 2399 
 2400         /* sanity check */
 2401         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 2402                 panic("key_spdflush: NULL pointer is passed.");
 2403 
 2404         if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
 2405                 return key_senderror(so, m, EINVAL);
 2406 
 2407         for (sp = TAILQ_FIRST(&sptailq); sp; sp = nextsp) {
 2408                 nextsp = TAILQ_NEXT(sp, tailq);
 2409                 if (sp->persist)
 2410                         continue;
 2411                 if (sp->state == IPSEC_SPSTATE_DEAD)
 2412                         continue;
 2413                 key_sp_dead(sp);
 2414                 key_sp_unlink(sp);
 2415                 sp = NULL;
 2416         }
 2417 
 2418         /* invalidate all cached SPD pointers on pcb */
 2419         ipsec_invalpcbcacheall();
 2420 
 2421         if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
 2422                 ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n"));
 2423                 return key_senderror(so, m, ENOBUFS);
 2424         }
 2425 
 2426         if (m->m_next)
 2427                 m_freem(m->m_next);
 2428         m->m_next = NULL;
 2429         m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 2430         newmsg = mtod(m, struct sadb_msg *);
 2431         newmsg->sadb_msg_errno = 0;
 2432         newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
 2433 
 2434         return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 2435 }
 2436 
 2437 /*
 2438  * SADB_SPDDUMP processing
 2439  * receive
 2440  *   <base>
 2441  * from the user, and dump all SP leaves
 2442  * and send,
 2443  *   <base> .....
 2444  * to the ikmpd.
 2445  *
 2446  * m will always be freed.
 2447  */
 2448 static int
 2449 key_spddump(so, m, mhp)
 2450         struct socket *so;
 2451         struct mbuf *m;
 2452         const struct sadb_msghdr *mhp;
 2453 {
 2454         struct secpolicy *sp;
 2455         int cnt;
 2456         u_int dir;
 2457         struct mbuf *n;
 2458 
 2459         /* sanity check */
 2460         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 2461                 panic("key_spddump: NULL pointer is passed.");
 2462 
 2463         /* search SPD entry and get buffer size. */
 2464         cnt = 0;
 2465         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 2466                 LIST_FOREACH(sp, &sptree[dir], chain) {
 2467                         cnt++;
 2468                 }
 2469         }
 2470 
 2471         if (cnt == 0)
 2472                 return key_senderror(so, m, ENOENT);
 2473 
 2474         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 2475                 LIST_FOREACH(sp, &sptree[dir], chain) {
 2476                         --cnt;
 2477                         n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
 2478                             mhp->msg->sadb_msg_pid);
 2479 
 2480                         if (n)
 2481                                 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 2482                 }
 2483         }
 2484 
 2485         m_freem(m);
 2486         return 0;
 2487 }
 2488 
 2489 static struct mbuf *
 2490 key_setdumpsp(sp, type, seq, pid)
 2491         struct secpolicy *sp;
 2492         u_int8_t type;
 2493         u_int32_t seq, pid;
 2494 {
 2495         struct mbuf *result = NULL, *m;
 2496 
 2497         m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
 2498         if (!m)
 2499                 goto fail;
 2500         result = m;
 2501 
 2502         if (sp->spidx) {
 2503                 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 2504                     (struct sockaddr *)&sp->spidx->src, sp->spidx->prefs,
 2505                     sp->spidx->ul_proto);
 2506                 if (!m)
 2507                         goto fail;
 2508                 m_cat(result, m);
 2509 
 2510                 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 2511                     (struct sockaddr *)&sp->spidx->dst, sp->spidx->prefd,
 2512                     sp->spidx->ul_proto);
 2513                 if (!m)
 2514                         goto fail;
 2515                 m_cat(result, m);
 2516         }
 2517 
 2518         m = key_sp2msg(sp);
 2519         if (!m)
 2520                 goto fail;
 2521         m_cat(result, m);
 2522 
 2523         m = key_setsadblifetime(SADB_EXT_LIFETIME_CURRENT,
 2524                 0, 0, (u_int64_t)sp->created, (u_int64_t)sp->lastused);
 2525         if (!m)
 2526                 goto fail;
 2527         m_cat(result, m);
 2528 
 2529         m = key_setsadblifetime(SADB_EXT_LIFETIME_HARD,
 2530                 0, 0, (u_int64_t)sp->lifetime, (u_int64_t)sp->validtime);
 2531         if (!m)
 2532                 goto fail;
 2533         m_cat(result, m);
 2534 
 2535         if ((result->m_flags & M_PKTHDR) == 0)
 2536                 goto fail;
 2537 
 2538         if (result->m_len < sizeof(struct sadb_msg)) {
 2539                 result = m_pullup(result, sizeof(struct sadb_msg));
 2540                 if (result == NULL)
 2541                         goto fail;
 2542         }
 2543 
 2544         result->m_pkthdr.len = 0;
 2545         for (m = result; m; m = m->m_next)
 2546                 result->m_pkthdr.len += m->m_len;
 2547 
 2548         mtod(result, struct sadb_msg *)->sadb_msg_len =
 2549             PFKEY_UNIT64(result->m_pkthdr.len);
 2550 
 2551         return result;
 2552 
 2553 fail:
 2554         m_freem(result);
 2555         return NULL;
 2556 }
 2557 
 2558 /*
 2559  * get PFKEY message length for security policy and request.
 2560  */
 2561 static u_int
 2562 key_getspreqmsglen(sp)
 2563         struct secpolicy *sp;
 2564 {
 2565         u_int tlen;
 2566 
 2567         tlen = sizeof(struct sadb_x_policy);
 2568 
 2569         /* if is the policy for ipsec ? */
 2570         if (sp->policy != IPSEC_POLICY_IPSEC)
 2571                 return tlen;
 2572 
 2573         /* get length of ipsec requests */
 2574     {
 2575         struct ipsecrequest *isr;
 2576         int len;
 2577 
 2578         for (isr = sp->req; isr != NULL; isr = isr->next) {
 2579                 len = sizeof(struct sadb_x_ipsecrequest)
 2580                         + isr->saidx.src.ss_len
 2581                         + isr->saidx.dst.ss_len;
 2582 
 2583                 tlen += PFKEY_ALIGN8(len);
 2584         }
 2585     }
 2586 
 2587         return tlen;
 2588 }
 2589 
 2590 /*
 2591  * SADB_X_SPDEXPIRE processing
 2592  * send
 2593  *   <base, address(SD), lifetime(CH), policy>
 2594  * to KMD by PF_KEY.
 2595  *
 2596  * OUT: 0       : succeed
 2597  *      others  : error number
 2598  */
 2599 static int
 2600 key_spdexpire(sp)
 2601         struct secpolicy *sp;
 2602 {
 2603         int s;
 2604         struct mbuf *result = NULL, *m;
 2605         int len;
 2606         int error = -1;
 2607         struct sadb_lifetime *lt;
 2608 
 2609         /* XXX: Why do we lock ? */
 2610         s = splnet();   /*called from softclock()*/
 2611 
 2612         /* sanity check */
 2613         if (sp == NULL)
 2614                 panic("key_spdexpire: NULL pointer is passed.");
 2615 
 2616         /* set msg header */
 2617         m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
 2618         if (!m) {
 2619                 error = ENOBUFS;
 2620                 goto fail;
 2621         }
 2622         result = m;
 2623 
 2624         /* create lifetime extension (current and hard) */
 2625         len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
 2626         m = key_alloc_mbuf(len);
 2627         if (!m || m->m_next) {  /*XXX*/
 2628                 if (m)
 2629                         m_freem(m);
 2630                 error = ENOBUFS;
 2631                 goto fail;
 2632         }
 2633         bzero(mtod(m, caddr_t), len);
 2634         lt = mtod(m, struct sadb_lifetime *);
 2635         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 2636         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
 2637         lt->sadb_lifetime_allocations = 0;
 2638         lt->sadb_lifetime_bytes = 0;
 2639         lt->sadb_lifetime_addtime = sp->created;
 2640         lt->sadb_lifetime_usetime = sp->lastused;
 2641         lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
 2642         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 2643         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
 2644         lt->sadb_lifetime_allocations = 0;
 2645         lt->sadb_lifetime_bytes = 0;
 2646         lt->sadb_lifetime_addtime = sp->lifetime;
 2647         lt->sadb_lifetime_usetime = sp->validtime;
 2648         m_cat(result, m);
 2649 
 2650         /* set sadb_address for source */
 2651         if (sp->spidx) {
 2652                 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 2653                     (struct sockaddr *)&sp->spidx->src,
 2654                     sp->spidx->prefs, sp->spidx->ul_proto);
 2655                 if (!m) {
 2656                         error = ENOBUFS;
 2657                         goto fail;
 2658                 }
 2659                 m_cat(result, m);
 2660 
 2661                 /* set sadb_address for destination */
 2662                 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 2663                     (struct sockaddr *)&sp->spidx->dst,
 2664                     sp->spidx->prefd, sp->spidx->ul_proto);
 2665                 if (!m) {
 2666                         error = ENOBUFS;
 2667                         goto fail;
 2668                 }
 2669                 m_cat(result, m);
 2670         }
 2671 
 2672         /* set secpolicy */
 2673         m = key_sp2msg(sp);
 2674         if (!m) {
 2675                 error = ENOBUFS;
 2676                 goto fail;
 2677         }
 2678         m_cat(result, m);
 2679 
 2680         if ((result->m_flags & M_PKTHDR) == 0) {
 2681                 error = EINVAL;
 2682                 goto fail;
 2683         }
 2684 
 2685         if (result->m_len < sizeof(struct sadb_msg)) {
 2686                 result = m_pullup(result, sizeof(struct sadb_msg));
 2687                 if (result == NULL) {
 2688                         error = ENOBUFS;
 2689                         goto fail;
 2690                 }
 2691         }
 2692 
 2693         result->m_pkthdr.len = 0;
 2694         for (m = result; m; m = m->m_next)
 2695                 result->m_pkthdr.len += m->m_len;
 2696 
 2697         mtod(result, struct sadb_msg *)->sadb_msg_len =
 2698             PFKEY_UNIT64(result->m_pkthdr.len);
 2699 
 2700         splx(s);
 2701         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 2702 
 2703  fail:
 2704         if (result)
 2705                 m_freem(result);
 2706         splx(s);
 2707         return error;
 2708 }
 2709 
 2710 /* %%% SAD management */
 2711 /*
 2712  * allocating a memory for new SA head, and copy from the values of mhp.
 2713  * OUT: NULL    : failure due to the lack of memory.
 2714  *      others  : pointer to new SA head.
 2715  */
 2716 static struct secashead *
 2717 key_newsah(saidx)
 2718         struct secasindex *saidx;
 2719 {
 2720         struct secashead *newsah;
 2721 
 2722         /* sanity check */
 2723         if (saidx == NULL)
 2724                 panic("key_newsaidx: NULL pointer is passed.");
 2725 
 2726         newsah = keydb_newsecashead();
 2727         if (newsah == NULL)
 2728                 return NULL;
 2729 
 2730         bcopy(saidx, &newsah->saidx, sizeof(newsah->saidx));
 2731 
 2732         /* add to saidxtree */
 2733         newsah->state = SADB_SASTATE_MATURE;
 2734         LIST_INSERT_HEAD(&sahtree, newsah, chain);
 2735 
 2736         return (newsah);
 2737 }
 2738 
 2739 /*
 2740  * delete SA index and all SA registerd.
 2741  */
 2742 static void
 2743 key_delsah(sah)
 2744         struct secashead *sah;
 2745 {
 2746         struct secasvar *sav, *nextsav;
 2747         u_int stateidx, state;
 2748         int s;
 2749         int zombie = 0;
 2750 
 2751         /* sanity check */
 2752         if (sah == NULL)
 2753                 panic("key_delsah: NULL pointer is passed.");
 2754 
 2755         s = splnet();   /*called from softclock()*/
 2756 
 2757         /* searching all SA registerd in the secindex. */
 2758         for (stateidx = 0;
 2759              stateidx < _ARRAYLEN(saorder_state_any);
 2760              stateidx++) {
 2761 
 2762                 state = saorder_state_any[stateidx];
 2763                 for (sav = LIST_FIRST(&sah->savtree[state]);
 2764                      sav != NULL;
 2765                      sav = nextsav) {
 2766 
 2767                         nextsav = LIST_NEXT(sav, chain);
 2768 
 2769                         if (sav->refcnt > 0) {
 2770                                 /* give up to delete this sa */
 2771                                 zombie++;
 2772                                 continue;
 2773                         }
 2774 
 2775                         /* sanity check */
 2776                         KEY_CHKSASTATE(state, sav->state, "key_delsah");
 2777 
 2778                         /* remove back pointer */
 2779                         sav->sah = NULL;
 2780 
 2781                         key_freesav(sav);
 2782 
 2783                         sav = NULL;
 2784                 }
 2785         }
 2786 
 2787         /* delete sah only if there's no sav. */
 2788         if (zombie) {
 2789                 splx(s);
 2790                 return;
 2791         }
 2792 
 2793         if (sah->sa_route.ro_rt) {
 2794                 RTFREE(sah->sa_route.ro_rt);
 2795                 sah->sa_route.ro_rt = (struct rtentry *)NULL;
 2796         }
 2797 
 2798         /* remove from tree of SA index */
 2799         if (__LIST_CHAINED(sah))
 2800                 LIST_REMOVE(sah, chain);
 2801 
 2802         KFREE(sah);
 2803 
 2804         splx(s);
 2805         return;
 2806 }
 2807 
 2808 /*
 2809  * allocating a new SA with LARVAL state.  key_add() and key_getspi() call,
 2810  * and copy the values of mhp into new buffer.
 2811  * When SAD message type is GETSPI:
 2812  *      to set sequence number from acq_seq++,
 2813  *      to set zero to SPI.
 2814  *      not to call key_setsava().
 2815  * OUT: NULL    : fail
 2816  *      others  : pointer to new secasvar.
 2817  *
 2818  * does not modify mbuf.  does not free mbuf on error.
 2819  */
 2820 static struct secasvar *
 2821 key_newsav(m, mhp, sah, errp)
 2822         struct mbuf *m;
 2823         const struct sadb_msghdr *mhp;
 2824         struct secashead *sah;
 2825         int *errp;
 2826 {
 2827         struct secasvar *newsav;
 2828         const struct sadb_sa *xsa;
 2829 
 2830         /* sanity check */
 2831         if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL)
 2832                 panic("key_newsa: NULL pointer is passed.");
 2833 
 2834         newsav = keydb_newsecasvar();
 2835         if (newsav == NULL) {
 2836                 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
 2837                 *errp = ENOBUFS;
 2838                 return NULL;
 2839         }
 2840 
 2841         switch (mhp->msg->sadb_msg_type) {
 2842         case SADB_GETSPI:
 2843                 key_setspi(newsav, 0);
 2844 
 2845 #ifdef IPSEC_DOSEQCHECK
 2846                 /* sync sequence number */
 2847                 if (mhp->msg->sadb_msg_seq == 0)
 2848                         newsav->seq =
 2849                                 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
 2850                 else
 2851 #endif
 2852                         newsav->seq = mhp->msg->sadb_msg_seq;
 2853                 break;
 2854 
 2855         case SADB_ADD:
 2856                 /* sanity check */
 2857                 if (mhp->ext[SADB_EXT_SA] == NULL) {
 2858                         KFREE(newsav);
 2859                         ipseclog((LOG_DEBUG, "key_newsa: invalid message is passed.\n"));
 2860                         *errp = EINVAL;
 2861                         return NULL;
 2862                 }
 2863                 xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 2864                 key_setspi(newsav, xsa->sadb_sa_spi);
 2865                 newsav->seq = mhp->msg->sadb_msg_seq;
 2866                 break;
 2867         default:
 2868                 KFREE(newsav);
 2869                 *errp = EINVAL;
 2870                 return NULL;
 2871         }
 2872 
 2873         /* copy sav values */
 2874         if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
 2875                 *errp = key_setsaval(newsav, m, mhp);
 2876                 if (*errp) {
 2877                         KFREE(newsav);
 2878                         return NULL;
 2879                 }
 2880         }
 2881 
 2882         /* reset created */
 2883         newsav->created = time_second;
 2884 
 2885         newsav->pid = mhp->msg->sadb_msg_pid;
 2886 
 2887         /* add to satree */
 2888         newsav->sah = sah;
 2889         newsav->refcnt = 1;
 2890         newsav->state = SADB_SASTATE_LARVAL;
 2891         LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
 2892                         secasvar, chain);
 2893 
 2894         return newsav;
 2895 }
 2896 
 2897 /*
 2898  * search SAD.
 2899  * OUT:
 2900  *      NULL    : not found
 2901  *      others  : found, pointer to a SA.
 2902  */
 2903 static struct secashead *
 2904 key_getsah(saidx)
 2905         struct secasindex *saidx;
 2906 {
 2907         struct secashead *sah;
 2908 
 2909         LIST_FOREACH(sah, &sahtree, chain) {
 2910                 if (sah->state == SADB_SASTATE_DEAD)
 2911                         continue;
 2912                 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
 2913                         return sah;
 2914         }
 2915 
 2916         return NULL;
 2917 }
 2918 
 2919 /*
 2920  * check not to be duplicated SPI.
 2921  * NOTE: this function is too slow due to searching all SAD.
 2922  * OUT:
 2923  *      NULL    : not found
 2924  *      others  : found, pointer to a SA.
 2925  */
 2926 static struct secasvar *
 2927 key_checkspidup(saidx, spi)
 2928         struct secasindex *saidx;
 2929         u_int32_t spi;
 2930 {
 2931         struct secasvar *sav;
 2932         u_int stateidx, state;
 2933 
 2934         /* check address family */
 2935         if (saidx->src.ss_family != saidx->dst.ss_family) {
 2936                 ipseclog((LOG_DEBUG, "key_checkspidup: address family mismatched.\n"));
 2937                 return NULL;
 2938         }
 2939 
 2940         /* check all SAD */
 2941         LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
 2942                 if (sav->spi != spi)
 2943                         continue;
 2944                 for (stateidx = 0;
 2945                      stateidx < _ARRAYLEN(saorder_state_alive);
 2946                      stateidx++) {
 2947                         state = saorder_state_alive[stateidx];
 2948                         if (sav->state == state &&
 2949                             key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst))
 2950                                 return sav;
 2951                 }
 2952         }
 2953 
 2954         return NULL;
 2955 }
 2956 
 2957 static void
 2958 key_setspi(sav, spi)
 2959         struct secasvar *sav;
 2960         u_int32_t spi;
 2961 {
 2962         int s;
 2963 
 2964         s = splnet();
 2965         sav->spi = spi;
 2966         if (sav->spihash.le_prev || sav->spihash.le_next)
 2967                 LIST_REMOVE(sav, spihash);
 2968         LIST_INSERT_HEAD(&spihash[SPIHASH(spi)], sav, spihash);
 2969         splx(s);
 2970 }
 2971 
 2972 /*
 2973  * search SAD litmited alive SA, protocol, SPI.
 2974  * OUT:
 2975  *      NULL    : not found
 2976  *      others  : found, pointer to a SA.
 2977  */
 2978 static struct secasvar *
 2979 key_getsavbyspi(sah, spi)
 2980         struct secashead *sah;
 2981         u_int32_t spi;
 2982 {
 2983         struct secasvar *sav, *match;
 2984         u_int stateidx, state, matchidx;
 2985 
 2986         match = NULL;
 2987         matchidx = _ARRAYLEN(saorder_state_alive);
 2988         LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
 2989                 if (sav->spi != spi)
 2990                         continue;
 2991                 if (sav->sah != sah)
 2992                         continue;
 2993                 for (stateidx = 0; stateidx < matchidx; stateidx++) {
 2994                         state = saorder_state_alive[stateidx];
 2995                         if (sav->state == state) {
 2996                                 match = sav;
 2997                                 matchidx = stateidx;
 2998                                 break;
 2999                         }
 3000                 }
 3001         }
 3002 
 3003         return match;
 3004 }
 3005 
 3006 /*
 3007  * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
 3008  * You must update these if need.
 3009  * OUT: 0:      success.
 3010  *      !0:     failure.
 3011  *
 3012  * does not modify mbuf.  does not free mbuf on error.
 3013  */
 3014 static int
 3015 key_setsaval(sav, m, mhp)
 3016         struct secasvar *sav;
 3017         struct mbuf *m;
 3018         const struct sadb_msghdr *mhp;
 3019 {
 3020 #ifdef IPSEC_ESP
 3021         const struct esp_algorithm *algo;
 3022 #endif
 3023         int error = 0;
 3024 
 3025         /* sanity check */
 3026         if (m == NULL || mhp == NULL || mhp->msg == NULL)
 3027                 panic("key_setsaval: NULL pointer is passed.");
 3028 
 3029         /* initialization */
 3030         sav->replay = NULL;
 3031         sav->key_auth = NULL;
 3032         sav->key_enc = NULL;
 3033         sav->sched = NULL;
 3034         sav->schedlen = 0;
 3035         sav->iv = NULL;
 3036         sav->lft_c = NULL;
 3037         sav->lft_h = NULL;
 3038         sav->lft_s = NULL;
 3039 
 3040         /* SA */
 3041         if (mhp->ext[SADB_EXT_SA] != NULL) {
 3042                 const struct sadb_sa *sa0;
 3043 
 3044                 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 3045                 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
 3046                         error = EINVAL;
 3047                         goto fail;
 3048                 }
 3049 
 3050                 sav->alg_auth = sa0->sadb_sa_auth;
 3051                 sav->alg_enc = sa0->sadb_sa_encrypt;
 3052                 sav->flags = sa0->sadb_sa_flags;
 3053 
 3054                 /* replay window */
 3055                 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
 3056                         sav->replay = keydb_newsecreplay(sa0->sadb_sa_replay);
 3057                         if (sav->replay == NULL) {
 3058                                 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3059                                 error = ENOBUFS;
 3060                                 goto fail;
 3061                         }
 3062                 }
 3063         }
 3064 
 3065         /* Authentication keys */
 3066         if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
 3067                 const struct sadb_key *key0;
 3068                 int len;
 3069 
 3070                 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
 3071                 len = mhp->extlen[SADB_EXT_KEY_AUTH];
 3072 
 3073                 error = 0;
 3074                 if (len < sizeof(*key0)) {
 3075                         error = EINVAL;
 3076                         goto fail;
 3077                 }
 3078                 switch (mhp->msg->sadb_msg_satype) {
 3079                 case SADB_SATYPE_AH:
 3080                 case SADB_SATYPE_ESP:
 3081                         if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
 3082                             sav->alg_auth != SADB_X_AALG_NULL)
 3083                                 error = EINVAL;
 3084                         break;
 3085                 case SADB_X_SATYPE_IPCOMP:
 3086                 default:
 3087                         error = EINVAL;
 3088                         break;
 3089                 }
 3090                 if (error) {
 3091                         ipseclog((LOG_DEBUG, "key_setsaval: invalid key_auth values.\n"));
 3092                         goto fail;
 3093                 }
 3094 
 3095                 sav->key_auth = (struct sadb_key *)key_newbuf(key0, len);
 3096                 if (sav->key_auth == NULL) {
 3097                         ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3098                         error = ENOBUFS;
 3099                         goto fail;
 3100                 }
 3101         }
 3102 
 3103         /* Encryption key */
 3104         if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
 3105                 const struct sadb_key *key0;
 3106                 int len;
 3107 
 3108                 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
 3109                 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
 3110 
 3111                 error = 0;
 3112                 if (len < sizeof(*key0)) {
 3113                         error = EINVAL;
 3114                         goto fail;
 3115                 }
 3116                 switch (mhp->msg->sadb_msg_satype) {
 3117                 case SADB_SATYPE_ESP:
 3118                         if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
 3119                             sav->alg_enc != SADB_EALG_NULL) {
 3120                                 error = EINVAL;
 3121                                 break;
 3122                         }
 3123                         sav->key_enc = (struct sadb_key *)key_newbuf(key0, len);
 3124                         if (sav->key_enc == NULL) {
 3125                                 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3126                                 error = ENOBUFS;
 3127                                 goto fail;
 3128                         }
 3129                         break;
 3130                 case SADB_X_SATYPE_IPCOMP:
 3131                         if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
 3132                                 error = EINVAL;
 3133                         sav->key_enc = NULL;    /*just in case*/
 3134                         break;
 3135                 case SADB_SATYPE_AH:
 3136                 default:
 3137                         error = EINVAL;
 3138                         break;
 3139                 }
 3140                 if (error) {
 3141                         ipseclog((LOG_DEBUG, "key_setsatval: invalid key_enc value.\n"));
 3142                         goto fail;
 3143                 }
 3144         }
 3145 
 3146         /* set iv */
 3147         sav->ivlen = 0;
 3148 
 3149         switch (mhp->msg->sadb_msg_satype) {
 3150         case SADB_SATYPE_ESP:
 3151 #ifdef IPSEC_ESP
 3152                 algo = esp_algorithm_lookup(sav->alg_enc);
 3153                 if (algo && algo->ivlen)
 3154                         sav->ivlen = (*algo->ivlen)(algo, sav);
 3155                 if (sav->ivlen == 0)
 3156                         break;
 3157                 KMALLOC(sav->iv, caddr_t, sav->ivlen);
 3158                 if (sav->iv == 0) {
 3159                         ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3160                         error = ENOBUFS;
 3161                         goto fail;
 3162                 }
 3163 
 3164                 /* initialize */
 3165                 key_randomfill(sav->iv, sav->ivlen);
 3166 #endif
 3167                 break;
 3168         case SADB_SATYPE_AH:
 3169         case SADB_X_SATYPE_IPCOMP:
 3170                 break;
 3171         default:
 3172                 ipseclog((LOG_DEBUG, "key_setsaval: invalid SA type.\n"));
 3173                 error = EINVAL;
 3174                 goto fail;
 3175         }
 3176 
 3177         /* reset created */
 3178         sav->created = time_second;
 3179 
 3180         /* make lifetime for CURRENT */
 3181         KMALLOC(sav->lft_c, struct sadb_lifetime *,
 3182             sizeof(struct sadb_lifetime));
 3183         if (sav->lft_c == NULL) {
 3184                 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3185                 error = ENOBUFS;
 3186                 goto fail;
 3187         }
 3188 
 3189         sav->lft_c->sadb_lifetime_len =
 3190             PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 3191         sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
 3192         sav->lft_c->sadb_lifetime_allocations = 0;
 3193         sav->lft_c->sadb_lifetime_bytes = 0;
 3194         sav->lft_c->sadb_lifetime_addtime = time_second;
 3195         sav->lft_c->sadb_lifetime_usetime = 0;
 3196 
 3197         /* lifetimes for HARD and SOFT */
 3198     {
 3199         const struct sadb_lifetime *lft0;
 3200 
 3201         lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
 3202         if (lft0 != NULL) {
 3203                 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
 3204                         error = EINVAL;
 3205                         goto fail;
 3206                 }
 3207                 sav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0,
 3208                     sizeof(*lft0));
 3209                 if (sav->lft_h == NULL) {
 3210                         ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3211                         error = ENOBUFS;
 3212                         goto fail;
 3213                 }
 3214                 /* we no longer support byte lifetime */
 3215                 if (sav->lft_h->sadb_lifetime_bytes) {
 3216                         error = EINVAL;
 3217                         goto fail;
 3218                 }
 3219                 /* initialize? */
 3220         }
 3221 
 3222         lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
 3223         if (lft0 != NULL) {
 3224                 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
 3225                         error = EINVAL;
 3226                         goto fail;
 3227                 }
 3228                 sav->lft_s = (struct sadb_lifetime *)key_newbuf(lft0,
 3229                     sizeof(*lft0));
 3230                 if (sav->lft_s == NULL) {
 3231                         ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
 3232                         error = ENOBUFS;
 3233                         goto fail;
 3234                 }
 3235                 /* we no longer support byte lifetime */
 3236                 if (sav->lft_s->sadb_lifetime_bytes) {
 3237                         error = EINVAL;
 3238                         goto fail;
 3239                 }
 3240                 /* initialize? */
 3241         }
 3242     }
 3243 
 3244         return 0;
 3245 
 3246  fail:
 3247         /* initialization */
 3248         if (sav->replay != NULL) {
 3249                 keydb_delsecreplay(sav->replay);
 3250                 sav->replay = NULL;
 3251         }
 3252         if (sav->key_auth != NULL) {
 3253                 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
 3254                 KFREE(sav->key_auth);
 3255                 sav->key_auth = NULL;
 3256         }
 3257         if (sav->key_enc != NULL) {
 3258                 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
 3259                 KFREE(sav->key_enc);
 3260                 sav->key_enc = NULL;
 3261         }
 3262         if (sav->sched) {
 3263                 bzero(sav->sched, sav->schedlen);
 3264                 KFREE(sav->sched);
 3265                 sav->sched = NULL;
 3266         }
 3267         if (sav->iv != NULL) {
 3268                 KFREE(sav->iv);
 3269                 sav->iv = NULL;
 3270         }
 3271         if (sav->lft_c != NULL) {
 3272                 KFREE(sav->lft_c);
 3273                 sav->lft_c = NULL;
 3274         }
 3275         if (sav->lft_h != NULL) {
 3276                 KFREE(sav->lft_h);
 3277                 sav->lft_h = NULL;
 3278         }
 3279         if (sav->lft_s != NULL) {
 3280                 KFREE(sav->lft_s);
 3281                 sav->lft_s = NULL;
 3282         }
 3283 
 3284         return error;
 3285 }
 3286 
 3287 /*
 3288  * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
 3289  * OUT: 0:      valid
 3290  *      other:  errno
 3291  */
 3292 static int
 3293 key_mature(sav)
 3294         struct secasvar *sav;
 3295 {
 3296         int mature;
 3297         int checkmask = 0;      /* 2^0: ealg  2^1: aalg  2^2: calg */
 3298         int mustmask = 0;       /* 2^0: ealg  2^1: aalg  2^2: calg */
 3299 
 3300         mature = 0;
 3301 
 3302         /* check SPI value */
 3303         switch (sav->sah->saidx.proto) {
 3304         case IPPROTO_ESP:
 3305         case IPPROTO_AH:
 3306                 if (ntohl(sav->spi) >= 0 && ntohl(sav->spi) <= 255) {
 3307                         ipseclog((LOG_DEBUG,
 3308                             "key_mature: illegal range of SPI %u.\n",
 3309                             (u_int32_t)ntohl(sav->spi)));
 3310                         return EINVAL;
 3311                 }
 3312                 break;
 3313         }
 3314 
 3315         /* check satype */
 3316         switch (sav->sah->saidx.proto) {
 3317         case IPPROTO_ESP:
 3318                 /* check flags */
 3319                 if ((sav->flags & SADB_X_EXT_OLD) &&
 3320                     (sav->flags & SADB_X_EXT_DERIV)) {
 3321                         ipseclog((LOG_DEBUG, "key_mature: "
 3322                             "invalid flag (derived) given to old-esp.\n"));
 3323                         return EINVAL;
 3324                 }
 3325                 if (sav->alg_auth == SADB_AALG_NONE)
 3326                         checkmask = 1;
 3327                 else
 3328                         checkmask = 3;
 3329                 mustmask = 1;
 3330                 break;
 3331         case IPPROTO_AH:
 3332                 /* check flags */
 3333                 if (sav->flags & SADB_X_EXT_DERIV) {
 3334                         ipseclog((LOG_DEBUG, "key_mature: "
 3335                             "invalid flag (derived) given to AH SA.\n"));
 3336                         return EINVAL;
 3337                 }
 3338                 if (sav->alg_enc != SADB_EALG_NONE) {
 3339                         ipseclog((LOG_DEBUG, "key_mature: "
 3340                             "protocol and algorithm mismated.\n"));
 3341                         return (EINVAL);
 3342                 }
 3343                 checkmask = 2;
 3344                 mustmask = 2;
 3345                 break;
 3346         case IPPROTO_IPCOMP:
 3347                 if (sav->alg_auth != SADB_AALG_NONE) {
 3348                         ipseclog((LOG_DEBUG, "key_mature: "
 3349                                 "protocol and algorithm mismated.\n"));
 3350                         return (EINVAL);
 3351                 }
 3352                 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 &&
 3353                     ntohl(sav->spi) >= 0x10000) {
 3354                         ipseclog((LOG_DEBUG, "key_mature: invalid cpi for IPComp.\n"));
 3355                         return (EINVAL);
 3356                 }
 3357                 checkmask = 4;
 3358                 mustmask = 4;
 3359                 break;
 3360         default:
 3361                 ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n"));
 3362                 return EPROTONOSUPPORT;
 3363         }
 3364 
 3365         /* check authentication algorithm */
 3366         if ((checkmask & 2) != 0) {
 3367                 const struct ah_algorithm *algo;
 3368                 int keylen;
 3369 
 3370                 algo = ah_algorithm_lookup(sav->alg_auth);
 3371                 if (!algo) {
 3372                         ipseclog((LOG_DEBUG, "key_mature: "
 3373                             "unknown authentication algorithm.\n"));
 3374                         return EINVAL;
 3375                 }
 3376 
 3377                 /* algorithm-dependent check */
 3378                 if (sav->key_auth)
 3379                         keylen = sav->key_auth->sadb_key_bits;
 3380                 else
 3381                         keylen = 0;
 3382                 if (keylen < algo->keymin || algo->keymax < keylen) {
 3383                         ipseclog((LOG_DEBUG,
 3384                             "key_mature: invalid AH key length %d "
 3385                             "(%d-%d allowed)\n",
 3386                             keylen, algo->keymin, algo->keymax));
 3387                         return EINVAL;
 3388                 }
 3389 
 3390                 if (algo->mature) {
 3391                         if ((*algo->mature)(sav)) {
 3392                                 /* message generated in per-algorithm function*/
 3393                                 return EINVAL;
 3394                         } else
 3395                                 mature = SADB_SATYPE_AH;
 3396                 }
 3397 
 3398                 if ((mustmask & 2) != 0 &&  mature != SADB_SATYPE_AH) {
 3399                         ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for AH\n"));
 3400                         return EINVAL;
 3401                 }
 3402         }
 3403 
 3404         /* check encryption algorithm */
 3405         if ((checkmask & 1) != 0) {
 3406 #ifdef IPSEC_ESP
 3407                 const struct esp_algorithm *algo;
 3408                 int keylen;
 3409 
 3410                 algo = esp_algorithm_lookup(sav->alg_enc);
 3411                 if (!algo) {
 3412                         ipseclog((LOG_DEBUG, "key_mature: unknown encryption algorithm.\n"));
 3413                         return EINVAL;
 3414                 }
 3415 
 3416                 /* algorithm-dependent check */
 3417                 if (sav->key_enc)
 3418                         keylen = sav->key_enc->sadb_key_bits;
 3419                 else
 3420                         keylen = 0;
 3421                 if (keylen < algo->keymin || algo->keymax < keylen) {
 3422                         ipseclog((LOG_DEBUG,
 3423                             "key_mature: invalid ESP key length %d "
 3424                             "(%d-%d allowed)\n",
 3425                             keylen, algo->keymin, algo->keymax));
 3426                         return EINVAL;
 3427                 }
 3428 
 3429                 if (algo->mature) {
 3430                         if ((*algo->mature)(sav)) {
 3431                                 /* message generated in per-algorithm function*/
 3432                                 return EINVAL;
 3433                         } else
 3434                                 mature = SADB_SATYPE_ESP;
 3435                 }
 3436 
 3437                 if ((mustmask & 1) != 0 &&  mature != SADB_SATYPE_ESP) {
 3438                         ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for ESP\n"));
 3439                         return EINVAL;
 3440                 }
 3441 #else /*IPSEC_ESP*/
 3442                 ipseclog((LOG_DEBUG, "key_mature: ESP not supported in this configuration\n"));
 3443                 return EINVAL;
 3444 #endif
 3445         }
 3446 
 3447         /* check compression algorithm */
 3448         if ((checkmask & 4) != 0) {
 3449                 const struct ipcomp_algorithm *algo;
 3450 
 3451                 /* algorithm-dependent check */
 3452                 algo = ipcomp_algorithm_lookup(sav->alg_enc);
 3453                 if (!algo) {
 3454                         ipseclog((LOG_DEBUG, "key_mature: unknown compression algorithm.\n"));
 3455                         return EINVAL;
 3456                 }
 3457         }
 3458 
 3459         key_sa_chgstate(sav, SADB_SASTATE_MATURE);
 3460 
 3461         return 0;
 3462 }
 3463 
 3464 /*
 3465  * subroutine for SADB_GET and SADB_DUMP.
 3466  */
 3467 static struct mbuf *
 3468 key_setdumpsa(sav, type, satype, seq, pid)
 3469         struct secasvar *sav;
 3470         u_int8_t type, satype;
 3471         u_int32_t seq, pid;
 3472 {
 3473         struct mbuf *result = NULL, *tres = NULL, *m;
 3474         int l = 0;
 3475         int i;
 3476         void *p;
 3477         int dumporder[] = {
 3478                 SADB_EXT_SA, SADB_X_EXT_SA2,
 3479                 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
 3480                 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
 3481                 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
 3482                 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
 3483                 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
 3484         };
 3485 
 3486         m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
 3487         if (m == NULL)
 3488                 goto fail;
 3489         result = m;
 3490 
 3491         for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) {
 3492                 m = NULL;
 3493                 p = NULL;
 3494                 switch (dumporder[i]) {
 3495                 case SADB_EXT_SA:
 3496                         m = key_setsadbsa(sav);
 3497                         if (!m)
 3498                                 goto fail;
 3499                         break;
 3500 
 3501                 case SADB_X_EXT_SA2:
 3502                         m = key_setsadbxsa2(sav->sah->saidx.mode,
 3503                             sav->replay ? (sav->replay->count & 0xffffffff) : 0,
 3504                             sav->sah->saidx.reqid);
 3505                         if (!m)
 3506                                 goto fail;
 3507                         break;
 3508 
 3509                 case SADB_EXT_ADDRESS_SRC:
 3510                         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 3511                             (struct sockaddr *)&sav->sah->saidx.src,
 3512                             FULLMASK, IPSEC_ULPROTO_ANY);
 3513                         if (!m)
 3514                                 goto fail;
 3515                         break;
 3516 
 3517                 case SADB_EXT_ADDRESS_DST:
 3518                         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 3519                             (struct sockaddr *)&sav->sah->saidx.dst,
 3520                             FULLMASK, IPSEC_ULPROTO_ANY);
 3521                         if (!m)
 3522                                 goto fail;
 3523                         break;
 3524 
 3525                 case SADB_EXT_KEY_AUTH:
 3526                         if (!sav->key_auth)
 3527                                 continue;
 3528                         l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len);
 3529                         p = sav->key_auth;
 3530                         break;
 3531 
 3532                 case SADB_EXT_KEY_ENCRYPT:
 3533                         if (!sav->key_enc)
 3534                                 continue;
 3535                         l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len);
 3536                         p = sav->key_enc;
 3537                         break;
 3538 
 3539                 case SADB_EXT_LIFETIME_CURRENT:
 3540                         if (!sav->lft_c)
 3541                                 continue;
 3542                         l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len);
 3543                         p = sav->lft_c;
 3544                         break;
 3545 
 3546                 case SADB_EXT_LIFETIME_HARD:
 3547                         if (!sav->lft_h)
 3548                                 continue;
 3549                         l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len);
 3550                         p = sav->lft_h;
 3551                         break;
 3552 
 3553                 case SADB_EXT_LIFETIME_SOFT:
 3554                         if (!sav->lft_s)
 3555                                 continue;
 3556                         l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len);
 3557                         p = sav->lft_s;
 3558                         break;
 3559 
 3560                 case SADB_EXT_ADDRESS_PROXY:
 3561                 case SADB_EXT_IDENTITY_SRC:
 3562                 case SADB_EXT_IDENTITY_DST:
 3563                         /* XXX: should we brought from SPD ? */
 3564                 case SADB_EXT_SENSITIVITY:
 3565                 default:
 3566                         continue;
 3567                 }
 3568 
 3569                 if ((!m && !p) || (m && p))
 3570                         goto fail;
 3571                 if (p && tres) {
 3572                         M_PREPEND(tres, l, M_DONTWAIT);
 3573                         if (!tres)
 3574                                 goto fail;
 3575                         bcopy(p, mtod(tres, caddr_t), l);
 3576                         continue;
 3577                 }
 3578                 if (p) {
 3579                         m = key_alloc_mbuf(l);
 3580                         if (!m)
 3581                                 goto fail;
 3582                         m_copyback(m, 0, l, p);
 3583                 }
 3584 
 3585                 if (tres)
 3586                         m_cat(m, tres);
 3587                 tres = m;
 3588         }
 3589 
 3590         m_cat(result, tres);
 3591 
 3592         if (result->m_len < sizeof(struct sadb_msg)) {
 3593                 result = m_pullup(result, sizeof(struct sadb_msg));
 3594                 if (result == NULL)
 3595                         goto fail;
 3596         }
 3597 
 3598         result->m_pkthdr.len = 0;
 3599         for (m = result; m; m = m->m_next)
 3600                 result->m_pkthdr.len += m->m_len;
 3601 
 3602         mtod(result, struct sadb_msg *)->sadb_msg_len =
 3603             PFKEY_UNIT64(result->m_pkthdr.len);
 3604 
 3605         return result;
 3606 
 3607 fail:
 3608         m_freem(result);
 3609         m_freem(tres);
 3610         return NULL;
 3611 }
 3612 
 3613 /*
 3614  * set data into sadb_msg.
 3615  */
 3616 static struct mbuf *
 3617 key_setsadbmsg(type, tlen, satype, seq, pid, reserved)
 3618         u_int8_t type, satype;
 3619         u_int16_t tlen;
 3620         u_int32_t seq;
 3621         pid_t pid;
 3622         u_int16_t reserved;
 3623 {
 3624         struct mbuf *m;
 3625         struct sadb_msg *p;
 3626         int len;
 3627 
 3628         len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
 3629         if (len > MCLBYTES)
 3630                 return NULL;
 3631         MGETHDR(m, M_DONTWAIT, MT_DATA);
 3632         if (m && len > MHLEN) {
 3633                 MCLGET(m, M_DONTWAIT);
 3634                 if ((m->m_flags & M_EXT) == 0) {
 3635                         m_freem(m);
 3636                         m = NULL;
 3637                 }
 3638         }
 3639         if (!m)
 3640                 return NULL;
 3641         m->m_pkthdr.len = m->m_len = len;
 3642         m->m_next = NULL;
 3643 
 3644         p = mtod(m, struct sadb_msg *);
 3645 
 3646         bzero(p, len);
 3647         p->sadb_msg_version = PF_KEY_V2;
 3648         p->sadb_msg_type = type;
 3649         p->sadb_msg_errno = 0;
 3650         p->sadb_msg_satype = satype;
 3651         p->sadb_msg_len = PFKEY_UNIT64(tlen);
 3652         p->sadb_msg_reserved = reserved;
 3653         p->sadb_msg_seq = seq;
 3654         p->sadb_msg_pid = (u_int32_t)pid;
 3655 
 3656         return m;
 3657 }
 3658 
 3659 /*
 3660  * copy secasvar data into sadb_address.
 3661  */
 3662 static struct mbuf *
 3663 key_setsadbsa(sav)
 3664         struct secasvar *sav;
 3665 {
 3666         struct mbuf *m;
 3667         struct sadb_sa *p;
 3668         int len;
 3669 
 3670         len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
 3671         m = key_alloc_mbuf(len);
 3672         if (!m || m->m_next) {  /*XXX*/
 3673                 if (m)
 3674                         m_freem(m);
 3675                 return NULL;
 3676         }
 3677 
 3678         p = mtod(m, struct sadb_sa *);
 3679 
 3680         bzero(p, len);
 3681         p->sadb_sa_len = PFKEY_UNIT64(len);
 3682         p->sadb_sa_exttype = SADB_EXT_SA;
 3683         p->sadb_sa_spi = sav->spi;
 3684         p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);
 3685         p->sadb_sa_state = sav->state;
 3686         p->sadb_sa_auth = sav->alg_auth;
 3687         p->sadb_sa_encrypt = sav->alg_enc;
 3688         p->sadb_sa_flags = sav->flags;
 3689 
 3690         return m;
 3691 }
 3692 
 3693 /*
 3694  * set data into sadb_address.
 3695  */
 3696 static struct mbuf *
 3697 key_setsadbaddr(exttype, saddr, prefixlen, ul_proto)
 3698         u_int16_t exttype;
 3699         struct sockaddr *saddr;
 3700         u_int8_t prefixlen;
 3701         u_int16_t ul_proto;
 3702 {
 3703         struct mbuf *m;
 3704         struct sadb_address *p;
 3705         size_t len;
 3706 
 3707         len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
 3708             PFKEY_ALIGN8(saddr->sa_len);
 3709         m = key_alloc_mbuf(len);
 3710         if (!m || m->m_next) {  /*XXX*/
 3711                 if (m)
 3712                         m_freem(m);
 3713                 return NULL;
 3714         }
 3715 
 3716         p = mtod(m, struct sadb_address *);
 3717 
 3718         bzero(p, len);
 3719         p->sadb_address_len = PFKEY_UNIT64(len);
 3720         p->sadb_address_exttype = exttype;
 3721         p->sadb_address_proto = ul_proto;
 3722         if (prefixlen == FULLMASK) {
 3723                 switch (saddr->sa_family) {
 3724                 case AF_INET:
 3725                         prefixlen = sizeof(struct in_addr) << 3;
 3726                         break;
 3727                 case AF_INET6:
 3728                         prefixlen = sizeof(struct in6_addr) << 3;
 3729                         break;
 3730                 default:
 3731                         ; /*XXX*/
 3732                 }
 3733         }
 3734         p->sadb_address_prefixlen = prefixlen;
 3735         p->sadb_address_reserved = 0;
 3736 
 3737         bcopy(saddr,
 3738             mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
 3739             saddr->sa_len);
 3740 
 3741         return m;
 3742 }
 3743 
 3744 #if 0
 3745 /*
 3746  * set data into sadb_ident.
 3747  */
 3748 static struct mbuf *
 3749 key_setsadbident(exttype, idtype, string, stringlen, id)
 3750         u_int16_t exttype, idtype;
 3751         caddr_t string;
 3752         int stringlen;
 3753         u_int64_t id;
 3754 {
 3755         struct mbuf *m;
 3756         struct sadb_ident *p;
 3757         size_t len;
 3758 
 3759         len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen);
 3760         m = key_alloc_mbuf(len);
 3761         if (!m || m->m_next) {  /*XXX*/
 3762                 if (m)
 3763                         m_freem(m);
 3764                 return NULL;
 3765         }
 3766 
 3767         p = mtod(m, struct sadb_ident *);
 3768 
 3769         bzero(p, len);
 3770         p->sadb_ident_len = PFKEY_UNIT64(len);
 3771         p->sadb_ident_exttype = exttype;
 3772         p->sadb_ident_type = idtype;
 3773         p->sadb_ident_reserved = 0;
 3774         p->sadb_ident_id = id;
 3775 
 3776         bcopy(string,
 3777             mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_ident)),
 3778             stringlen);
 3779 
 3780         return m;
 3781 }
 3782 #endif
 3783 
 3784 /*
 3785  * set data into sadb_x_sa2.
 3786  */
 3787 static struct mbuf *
 3788 key_setsadbxsa2(mode, seq, reqid)
 3789         u_int8_t mode;
 3790         u_int32_t seq, reqid;
 3791 {
 3792         struct mbuf *m;
 3793         struct sadb_x_sa2 *p;
 3794         size_t len;
 3795 
 3796         len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
 3797         m = key_alloc_mbuf(len);
 3798         if (!m || m->m_next) {  /*XXX*/
 3799                 if (m)
 3800                         m_freem(m);
 3801                 return NULL;
 3802         }
 3803 
 3804         p = mtod(m, struct sadb_x_sa2 *);
 3805 
 3806         bzero(p, len);
 3807         p->sadb_x_sa2_len = PFKEY_UNIT64(len);
 3808         p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
 3809         p->sadb_x_sa2_mode = mode;
 3810         p->sadb_x_sa2_reserved1 = 0;
 3811         p->sadb_x_sa2_reserved2 = 0;
 3812         p->sadb_x_sa2_sequence = seq;
 3813         p->sadb_x_sa2_reqid = reqid;
 3814 
 3815         return m;
 3816 }
 3817 
 3818 /*
 3819  * set data into sadb_lifetime
 3820  */
 3821 static struct mbuf *
 3822 key_setsadblifetime(type, alloc, bytes, addtime, usetime)
 3823         u_int16_t type;
 3824         u_int32_t alloc;
 3825         u_int64_t bytes, addtime, usetime;
 3826 {
 3827         struct mbuf *m;
 3828         struct sadb_lifetime *p;
 3829         size_t len;
 3830 
 3831         len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime));
 3832         m = key_alloc_mbuf(len);
 3833         if (!m || m->m_next) {  /*XXX*/
 3834                 if (m)
 3835                         m_freem(m);
 3836                 return NULL;
 3837         }
 3838 
 3839         p = mtod(m, struct sadb_lifetime *);
 3840 
 3841         bzero(p, len);
 3842         p->sadb_lifetime_len = PFKEY_UNIT64(len);
 3843         p->sadb_lifetime_exttype = type;
 3844         p->sadb_lifetime_allocations = alloc;
 3845         p->sadb_lifetime_bytes = bytes;
 3846         p->sadb_lifetime_addtime = addtime;
 3847         p->sadb_lifetime_usetime = usetime;
 3848 
 3849         return m;
 3850 }
 3851 
 3852 /*
 3853  * set data into sadb_x_policy
 3854  */
 3855 static struct mbuf *
 3856 key_setsadbxpolicy(type, dir, id)
 3857         u_int16_t type;
 3858         u_int8_t dir;
 3859         u_int32_t id;
 3860 {
 3861         struct mbuf *m;
 3862         struct sadb_x_policy *p;
 3863         size_t len;
 3864 
 3865         len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
 3866         m = key_alloc_mbuf(len);
 3867         if (!m || m->m_next) {  /*XXX*/
 3868                 if (m)
 3869                         m_freem(m);
 3870                 return NULL;
 3871         }
 3872 
 3873         p = mtod(m, struct sadb_x_policy *);
 3874 
 3875         bzero(p, len);
 3876         p->sadb_x_policy_len = PFKEY_UNIT64(len);
 3877         p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
 3878         p->sadb_x_policy_type = type;
 3879         p->sadb_x_policy_dir = dir;
 3880         p->sadb_x_policy_id = id;
 3881 
 3882         return m;
 3883 }
 3884 
 3885 /* %%% utilities */
 3886 /*
 3887  * copy a buffer into the new buffer allocated.
 3888  */
 3889 static void *
 3890 key_newbuf(src, len)
 3891         const void *src;
 3892         u_int len;
 3893 {
 3894         caddr_t new;
 3895 
 3896         KMALLOC(new, caddr_t, len);
 3897         if (new == NULL) {
 3898                 ipseclog((LOG_DEBUG, "key_newbuf: No more memory.\n"));
 3899                 return NULL;
 3900         }
 3901         bcopy(src, new, len);
 3902 
 3903         return new;
 3904 }
 3905 
 3906 /* compare my own address
 3907  * OUT: 1: true, i.e. my address.
 3908  *      0: false
 3909  */
 3910 static int
 3911 key_ismyaddr(sa)
 3912         struct sockaddr *sa;
 3913 {
 3914 #ifdef INET
 3915         struct sockaddr_in *sin;
 3916         struct in_ifaddr *ia;
 3917 #endif
 3918 
 3919         /* sanity check */
 3920         if (sa == NULL)
 3921                 panic("key_ismyaddr: NULL pointer is passed.");
 3922 
 3923         switch (sa->sa_family) {
 3924 #ifdef INET
 3925         case AF_INET:
 3926                 sin = (struct sockaddr_in *)sa;
 3927                 for (ia = in_ifaddrhead.tqh_first; ia;
 3928                      ia = ia->ia_link.tqe_next) {
 3929                         if (sin->sin_family == ia->ia_addr.sin_family &&
 3930                             sin->sin_len == ia->ia_addr.sin_len &&
 3931                             sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr)
 3932                         {
 3933                                 return 1;
 3934                         }
 3935                 }
 3936                 break;
 3937 #endif
 3938 #ifdef INET6
 3939         case AF_INET6:
 3940                 return key_ismyaddr6((struct sockaddr_in6 *)sa);
 3941 #endif
 3942         }
 3943 
 3944         return 0;
 3945 }
 3946 
 3947 #ifdef INET6
 3948 /*
 3949  * compare my own address for IPv6.
 3950  * 1: ours
 3951  * 0: other
 3952  * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
 3953  */
 3954 #include <netinet6/in6_var.h>
 3955 
 3956 static int
 3957 key_ismyaddr6(sin6)
 3958         struct sockaddr_in6 *sin6;
 3959 {
 3960         struct in6_ifaddr *ia;
 3961         struct in6_multi *in6m;
 3962 
 3963         for (ia = in6_ifaddr; ia; ia = ia->ia_next) {
 3964                 if (key_sockaddrcmp((struct sockaddr *)&sin6,
 3965                     (struct sockaddr *)&ia->ia_addr, 0) == 0)
 3966                         return 1;
 3967 
 3968                 /*
 3969                  * XXX Multicast
 3970                  * XXX why do we care about multlicast here while we don't care
 3971                  * about IPv4 multicast??
 3972                  */
 3973                 in6m = NULL;
 3974                 IN6_LOOKUP_MULTI(sin6->sin6_addr, ia->ia_ifp, in6m);
 3975                 if (in6m)
 3976                         return 1;
 3977         }
 3978 
 3979         /* loopback, just for safety */
 3980         if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
 3981                 return 1;
 3982 
 3983         return 0;
 3984 }
 3985 #endif /*INET6*/
 3986 
 3987 /*
 3988  * compare two secasindex structure.
 3989  * flag can specify to compare 2 saidxes.
 3990  * compare two secasindex structure without both mode and reqid.
 3991  * don't compare port.
 3992  * IN:  
 3993  *      saidx0: source, it can be in SAD.
 3994  *      saidx1: object.
 3995  * OUT: 
 3996  *      1 : equal
 3997  *      0 : not equal
 3998  */
 3999 static int
 4000 key_cmpsaidx(saidx0, saidx1, flag)
 4001         struct secasindex *saidx0, *saidx1;
 4002         int flag;
 4003 {
 4004         /* sanity */
 4005         if (saidx0 == NULL && saidx1 == NULL)
 4006                 return 1;
 4007 
 4008         if (saidx0 == NULL || saidx1 == NULL)
 4009                 return 0;
 4010 
 4011         if (saidx0->proto != saidx1->proto)
 4012                 return 0;
 4013 
 4014         if (flag == CMP_EXACTLY) {
 4015                 if (saidx0->mode != saidx1->mode)
 4016                         return 0;
 4017                 if (saidx0->reqid != saidx1->reqid)
 4018                         return 0;
 4019                 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.ss_len) != 0 ||
 4020                     bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.ss_len) != 0)
 4021                         return 0;
 4022         } else {
 4023 
 4024                 /* CMP_MODE_REQID, CMP_HEAD */
 4025                 if (flag == CMP_MODE_REQID) {
 4026                         /*
 4027                          * If reqid of SPD is non-zero, unique SA is required.
 4028                          * The result must be of same reqid in this case.
 4029                          */
 4030                         if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid)
 4031                                 return 0;
 4032                 }
 4033 
 4034                 if (flag == CMP_MODE_REQID) {
 4035                         if (saidx0->mode != IPSEC_MODE_ANY &&
 4036                             saidx0->mode != saidx1->mode)
 4037                                 return 0;
 4038                 }
 4039 
 4040                 if (key_sockaddrcmp((struct sockaddr *)&saidx0->src,
 4041                                 (struct sockaddr *)&saidx1->src, 0) != 0) {
 4042                         return 0;
 4043                 }
 4044                 if (key_sockaddrcmp((struct sockaddr *)&saidx0->dst,
 4045                                 (struct sockaddr *)&saidx1->dst, 0) != 0) {
 4046                         return 0;
 4047                 }
 4048         }
 4049 
 4050         return 1;
 4051 }
 4052 
 4053 /*
 4054  * compare two secindex structure exactly.
 4055  * IN:
 4056  *      spidx0: source, it is often in SPD.
 4057  *      spidx1: object, it is often from PFKEY message.
 4058  * OUT:
 4059  *      1 : equal
 4060  *      0 : not equal
 4061  */
 4062 int
 4063 key_cmpspidx_exactly(spidx0, spidx1)
 4064         struct secpolicyindex *spidx0, *spidx1;
 4065 {
 4066         /* sanity */
 4067         if (spidx0 == NULL && spidx1 == NULL)
 4068                 return 1;
 4069 
 4070         if (spidx0 == NULL || spidx1 == NULL)
 4071                 return 0;
 4072 
 4073         if (spidx0->prefs != spidx1->prefs || spidx0->prefd != spidx1->prefd ||
 4074             spidx0->ul_proto != spidx1->ul_proto)
 4075                 return 0;
 4076 
 4077         if (key_sockaddrcmp((struct sockaddr *)&spidx0->src,
 4078             (struct sockaddr *)&spidx1->src, 1) != 0) {
 4079                 return 0;
 4080         }
 4081         if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst,
 4082             (struct sockaddr *)&spidx1->dst, 1) != 0) {
 4083                 return 0;
 4084         }
 4085 
 4086         return 1;
 4087 }
 4088 
 4089 /*
 4090  * compare two secindex structure with mask.
 4091  * IN:
 4092  *      spidx0: source, it is often in SPD.
 4093  *      spidx1: object, it is often from IP header.
 4094  * OUT:
 4095  *      1 : equal
 4096  *      0 : not equal
 4097  */
 4098 int
 4099 key_cmpspidx_withmask(spidx0, spidx1)
 4100         struct secpolicyindex *spidx0, *spidx1;
 4101 {
 4102         /* sanity */
 4103         if (spidx0 == NULL && spidx1 == NULL)
 4104                 return 1;
 4105 
 4106         if (spidx0 == NULL || spidx1 == NULL)
 4107                 return 0;
 4108 
 4109         if (spidx0->src.ss_family != spidx1->src.ss_family ||
 4110             spidx0->dst.ss_family != spidx1->dst.ss_family ||
 4111             spidx0->src.ss_len != spidx1->src.ss_len ||
 4112             spidx0->dst.ss_len != spidx1->dst.ss_len)
 4113                 return 0;
 4114 
 4115         /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
 4116         if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY &&
 4117             spidx0->ul_proto != spidx1->ul_proto)
 4118                 return 0;
 4119 
 4120         switch (spidx0->src.ss_family) {
 4121         case AF_INET:
 4122                 if (satosin(&spidx0->src)->sin_port != IPSEC_PORT_ANY &&
 4123                     satosin(&spidx0->src)->sin_port !=
 4124                     satosin(&spidx1->src)->sin_port)
 4125                         return 0;
 4126                 if (!key_bbcmp((caddr_t)&satosin(&spidx0->src)->sin_addr,
 4127                     (caddr_t)&satosin(&spidx1->src)->sin_addr, spidx0->prefs))
 4128                         return 0;
 4129                 break;
 4130         case AF_INET6:
 4131                 if (satosin6(&spidx0->src)->sin6_port != IPSEC_PORT_ANY &&
 4132                     satosin6(&spidx0->src)->sin6_port !=
 4133                     satosin6(&spidx1->src)->sin6_port)
 4134                         return 0;
 4135                 /*
 4136                  * scope_id check. if sin6_scope_id is 0, we regard it
 4137                  * as a wildcard scope, which matches any scope zone ID. 
 4138                  */
 4139                 if (satosin6(&spidx0->src)->sin6_scope_id &&
 4140                     satosin6(&spidx1->src)->sin6_scope_id &&
 4141                     satosin6(&spidx0->src)->sin6_scope_id !=
 4142                     satosin6(&spidx1->src)->sin6_scope_id)
 4143                         return 0;
 4144                 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->src)->sin6_addr,
 4145                     (caddr_t)&satosin6(&spidx1->src)->sin6_addr, spidx0->prefs))
 4146                         return 0;
 4147                 break;
 4148         default:
 4149                 /* XXX */
 4150                 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.ss_len) != 0)
 4151                         return 0;
 4152                 break;
 4153         }
 4154 
 4155         switch (spidx0->dst.ss_family) {
 4156         case AF_INET:
 4157                 if (satosin(&spidx0->dst)->sin_port != IPSEC_PORT_ANY &&
 4158                     satosin(&spidx0->dst)->sin_port !=
 4159                     satosin(&spidx1->dst)->sin_port)
 4160                         return 0;
 4161                 if (!key_bbcmp((caddr_t)&satosin(&spidx0->dst)->sin_addr,
 4162                     (caddr_t)&satosin(&spidx1->dst)->sin_addr, spidx0->prefd))
 4163                         return 0;
 4164                 break;
 4165         case AF_INET6:
 4166                 if (satosin6(&spidx0->dst)->sin6_port != IPSEC_PORT_ANY &&
 4167                     satosin6(&spidx0->dst)->sin6_port !=
 4168                     satosin6(&spidx1->dst)->sin6_port)
 4169                         return 0;
 4170                 /*
 4171                  * scope_id check. if sin6_scope_id is 0, we regard it
 4172                  * as a wildcard scope, which matches any scope zone ID. 
 4173                  */
 4174                 if (satosin6(&spidx0->src)->sin6_scope_id &&
 4175                     satosin6(&spidx1->src)->sin6_scope_id &&
 4176                     satosin6(&spidx0->dst)->sin6_scope_id !=
 4177                     satosin6(&spidx1->dst)->sin6_scope_id)
 4178                         return 0;
 4179                 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->dst)->sin6_addr,
 4180                     (caddr_t)&satosin6(&spidx1->dst)->sin6_addr, spidx0->prefd))
 4181                         return 0;
 4182                 break;
 4183         default:
 4184                 /* XXX */
 4185                 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.ss_len) != 0)
 4186                         return 0;
 4187                 break;
 4188         }
 4189 
 4190         /* XXX Do we check other field ?  e.g. flowinfo */
 4191 
 4192         return 1;
 4193 }
 4194 
 4195 /* returns 0 on match */
 4196 static int
 4197 key_sockaddrcmp(sa1, sa2, port)
 4198         struct sockaddr *sa1;
 4199         struct sockaddr *sa2;
 4200         int port;
 4201 {
 4202         if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
 4203                 return 1;
 4204 
 4205         switch (sa1->sa_family) {
 4206         case AF_INET:
 4207                 if (sa1->sa_len != sizeof(struct sockaddr_in))
 4208                         return 1;
 4209                 if (satosin(sa1)->sin_addr.s_addr !=
 4210                     satosin(sa2)->sin_addr.s_addr) {
 4211                         return 1;
 4212                 }
 4213                 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port)
 4214                         return 1;
 4215                 break;
 4216         case AF_INET6:
 4217                 if (sa1->sa_len != sizeof(struct sockaddr_in6))
 4218                         return 1;       /*EINVAL*/
 4219                 if (satosin6(sa1)->sin6_scope_id !=
 4220                     satosin6(sa2)->sin6_scope_id) {
 4221                         return 1;
 4222                 }
 4223                 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr,
 4224                     &satosin6(sa2)->sin6_addr)) {
 4225                         return 1;
 4226                 }
 4227                 if (port &&
 4228                     satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) {
 4229                         return 1;
 4230                 }
 4231         default:
 4232                 if (bcmp(sa1, sa2, sa1->sa_len) != 0)
 4233                         return 1;
 4234                 break;
 4235         }
 4236 
 4237         return 0;
 4238 }
 4239 
 4240 /*
 4241  * compare two buffers with mask.
 4242  * IN:
 4243  *      addr1: source
 4244  *      addr2: object
 4245  *      bits:  Number of bits to compare
 4246  * OUT:
 4247  *      1 : equal
 4248  *      0 : not equal
 4249  */
 4250 static int
 4251 key_bbcmp(p1, p2, bits)
 4252         caddr_t p1, p2;
 4253         u_int bits;
 4254 {
 4255         u_int8_t mask;
 4256 
 4257         /* XXX: This could be considerably faster if we compare a word
 4258          * at a time, but it is complicated on LSB Endian machines */
 4259 
 4260         /* Handle null pointers */
 4261         if (p1 == NULL || p2 == NULL)
 4262                 return (p1 == p2);
 4263 
 4264         while (bits >= 8) {
 4265                 if (*p1++ != *p2++)
 4266                         return 0;
 4267                 bits -= 8;
 4268         }
 4269 
 4270         if (bits > 0) {
 4271                 mask = ~((1<<(8-bits))-1);
 4272                 if ((*p1 & mask) != (*p2 & mask))
 4273                         return 0;
 4274         }
 4275         return 1;       /* Match! */
 4276 }
 4277 
 4278 /*
 4279  * time handler.
 4280  * scanning SPD and SAD to check status for each entries,
 4281  * and do to remove or to expire.
 4282  * XXX: year 2038 problem may remain.
 4283  */
 4284 void
 4285 key_timehandler(arg)
 4286         void *arg;
 4287 {
 4288         u_int dir;
 4289         int s;
 4290         struct timeval tv;
 4291 
 4292         microtime(&tv);
 4293 
 4294         s = splnet();   /*called from softclock()*/
 4295 
 4296         /* SPD */
 4297     {
 4298         struct secpolicy *sp, *nextsp;
 4299 
 4300         for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 4301                 for (sp = LIST_FIRST(&sptree[dir]);
 4302                      sp != NULL;
 4303                      sp = nextsp) {
 4304                         nextsp = LIST_NEXT(sp, chain);
 4305 
 4306                         if (sp->state == IPSEC_SPSTATE_DEAD) {
 4307                                 key_sp_unlink(sp);      /*XXX*/
 4308                                 sp = NULL;
 4309                                 continue;
 4310                         }
 4311 
 4312                         if (sp->lifetime == 0 && sp->validtime == 0)
 4313                                 continue;
 4314 
 4315                         /* the deletion will occur next time */
 4316                         if ((sp->lifetime &&
 4317                              tv.tv_sec - sp->created > sp->lifetime) ||
 4318                             (sp->validtime &&
 4319                              tv.tv_sec - sp->lastused > sp->validtime)) {
 4320                                 key_sp_dead(sp);
 4321                                 key_spdexpire(sp);
 4322                                 continue;
 4323                         }
 4324                 }
 4325         }
 4326 
 4327         /* invalidate all cached SPD pointers on pcb */
 4328         ipsec_invalpcbcacheall();
 4329     }
 4330 
 4331         /* SAD */
 4332     {
 4333         struct secashead *sah, *nextsah;
 4334         struct secasvar *sav, *nextsav;
 4335 
 4336         for (sah = LIST_FIRST(&sahtree);
 4337              sah != NULL;
 4338              sah = nextsah) {
 4339 
 4340                 nextsah = LIST_NEXT(sah, chain);
 4341 
 4342                 /* if sah has been dead, then delete it and process next sah. */
 4343                 if (sah->state == SADB_SASTATE_DEAD) {
 4344                         key_delsah(sah);
 4345                         continue;
 4346                 }
 4347 
 4348                 /* if LARVAL entry doesn't become MATURE, delete it. */
 4349                 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]);
 4350                      sav != NULL;
 4351                      sav = nextsav) {
 4352 
 4353                         nextsav = LIST_NEXT(sav, chain);
 4354 
 4355                         if (tv.tv_sec - sav->created > key_larval_lifetime) {
 4356                                 key_freesav(sav);
 4357                         }
 4358                 }
 4359 
 4360                 /*
 4361                  * check MATURE entry to start to send expire message
 4362                  * whether or not.
 4363                  */
 4364                 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);
 4365                      sav != NULL;
 4366                      sav = nextsav) {
 4367 
 4368                         nextsav = LIST_NEXT(sav, chain);
 4369 
 4370                         /* we don't need to check. */
 4371                         if (sav->lft_s == NULL)
 4372                                 continue;
 4373 
 4374                         /* sanity check */
 4375                         if (sav->lft_c == NULL) {
 4376                                 ipseclog((LOG_DEBUG, "key_timehandler: "
 4377                                         "There is no CURRENT time, why?\n"));
 4378                                 continue;
 4379                         }
 4380 
 4381                         /* check SOFT lifetime */
 4382                         if (sav->lft_s->sadb_lifetime_addtime != 0 &&
 4383                             tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
 4384                                 /*
 4385                                  * check the SA if it has been used.
 4386                                  * when it hasn't been used, delete it.
 4387                                  * i don't think such SA will be used.
 4388                                  */
 4389                                 if (sav->lft_c->sadb_lifetime_usetime == 0) {
 4390                                         key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 4391                                         key_freesav(sav);
 4392                                         sav = NULL;
 4393                                 } else {
 4394                                         key_sa_chgstate(sav, SADB_SASTATE_DYING);
 4395                                         /*
 4396                                          * XXX If we keep to send expire
 4397                                          * message in the status of
 4398                                          * DYING. Do remove below code.
 4399                                          */
 4400                                         key_expire(sav);
 4401                                 }
 4402                         }
 4403 
 4404                         /* check SOFT lifetime by bytes */
 4405                         /*
 4406                          * XXX I don't know the way to delete this SA
 4407                          * when new SA is installed.  Caution when it's
 4408                          * installed too big lifetime by time.
 4409                          */
 4410                         else if (sav->lft_s->sadb_lifetime_bytes != 0
 4411                               && sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
 4412 
 4413                                 key_sa_chgstate(sav, SADB_SASTATE_DYING);
 4414                                 /*
 4415                                  * XXX If we keep to send expire
 4416                                  * message in the status of
 4417                                  * DYING. Do remove below code.
 4418                                  */
 4419                                 key_expire(sav);
 4420                         }
 4421                 }
 4422 
 4423                 /* check DYING entry to change status to DEAD. */
 4424                 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]);
 4425                      sav != NULL;
 4426                      sav = nextsav) {
 4427 
 4428                         nextsav = LIST_NEXT(sav, chain);
 4429 
 4430                         /* we don't need to check. */
 4431                         if (sav->lft_h == NULL)
 4432                                 continue;
 4433 
 4434                         /* sanity check */
 4435                         if (sav->lft_c == NULL) {
 4436                                 ipseclog((LOG_DEBUG, "key_timehandler: "
 4437                                         "There is no CURRENT time, why?\n"));
 4438                                 continue;
 4439                         }
 4440 
 4441                         if (sav->lft_h->sadb_lifetime_addtime != 0 &&
 4442                             tv.tv_sec - sav->created > sav->lft_h->sadb_lifetime_addtime) {
 4443                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 4444                                 key_freesav(sav);
 4445                                 sav = NULL;
 4446                         }
 4447 #if 0   /* XXX Should we keep to send expire message until HARD lifetime ? */
 4448                         else if (sav->lft_s != NULL
 4449                               && sav->lft_s->sadb_lifetime_addtime != 0
 4450                               && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
 4451                                 /*
 4452                                  * XXX: should be checked to be
 4453                                  * installed the valid SA.
 4454                                  */
 4455 
 4456                                 /*
 4457                                  * If there is no SA then sending
 4458                                  * expire message.
 4459                                  */
 4460                                 key_expire(sav);
 4461                         }
 4462 #endif
 4463                         /* check HARD lifetime by bytes */
 4464                         else if (sav->lft_h->sadb_lifetime_bytes != 0
 4465                               && sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
 4466                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 4467                                 key_freesav(sav);
 4468                                 sav = NULL;
 4469                         }
 4470                 }
 4471 
 4472                 /* delete entry in DEAD */
 4473                 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]);
 4474                      sav != NULL;
 4475                      sav = nextsav) {
 4476 
 4477                         nextsav = LIST_NEXT(sav, chain);
 4478 
 4479                         /* sanity check */
 4480                         if (sav->state != SADB_SASTATE_DEAD) {
 4481                                 ipseclog((LOG_DEBUG, "key_timehandler: "
 4482                                         "invalid sav->state "
 4483                                         "(queue: %u SA: %u): "
 4484                                         "kill it anyway\n",
 4485                                         SADB_SASTATE_DEAD, sav->state));
 4486                         }
 4487 
 4488                         /*
 4489                          * do not call key_freesav() here.
 4490                          * sav should already be freed, and sav->refcnt
 4491                          * shows other references to sav
 4492                          * (such as from SPD).
 4493                          */
 4494                 }
 4495         }
 4496     }
 4497 
 4498 #ifndef IPSEC_NONBLOCK_ACQUIRE
 4499         /* ACQ tree */
 4500     {
 4501         struct secacq *acq, *nextacq;
 4502 
 4503         for (acq = LIST_FIRST(&acqtree);
 4504              acq != NULL;
 4505              acq = nextacq) {
 4506 
 4507                 nextacq = LIST_NEXT(acq, chain);
 4508 
 4509                 if (tv.tv_sec - acq->created > key_blockacq_lifetime &&
 4510                     __LIST_CHAINED(acq)) {
 4511                         LIST_REMOVE(acq, chain);
 4512                         KFREE(acq);
 4513                 }
 4514         }
 4515     }
 4516 #endif
 4517 
 4518         /* SP ACQ tree */
 4519     {
 4520         struct secspacq *acq, *nextacq;
 4521 
 4522         for (acq = LIST_FIRST(&spacqtree);
 4523              acq != NULL;
 4524              acq = nextacq) {
 4525 
 4526                 nextacq = LIST_NEXT(acq, chain);
 4527 
 4528                 if (tv.tv_sec - acq->created > key_blockacq_lifetime &&
 4529                     __LIST_CHAINED(acq)) {
 4530                         LIST_REMOVE(acq, chain);
 4531                         KFREE(acq);
 4532                 }
 4533         }
 4534     }
 4535 
 4536         /* initialize random seed */
 4537         if (key_tick_init_random++ > key_int_random) {
 4538                 key_tick_init_random = 0;
 4539                 key_srandom();
 4540         }
 4541 
 4542         /*
 4543          * should set timeout based on the most closest timer expiration.
 4544          * we don't bother to do that yet.
 4545          */
 4546         (void)timeout(key_timehandler, (void *)0, hz);
 4547 
 4548         splx(s);
 4549         return;
 4550 }
 4551 
 4552 /*
 4553  * to initialize a seed for random()
 4554  */
 4555 static void
 4556 key_srandom()
 4557 {
 4558         return;
 4559 }
 4560 
 4561 static u_long
 4562 key_random()
 4563 {
 4564         u_long value;
 4565 
 4566         key_randomfill(&value, sizeof(value));
 4567         return value;
 4568 }
 4569 
 4570 void
 4571 key_randomfill(p, l)
 4572         void *p;
 4573         size_t l;
 4574 {
 4575         size_t n;
 4576         u_long v;
 4577         static int warn = 1;
 4578 
 4579         n = 0;
 4580         n = (size_t)read_random(p, (u_int)l);
 4581         /* last resort */
 4582         while (n < l) {
 4583                 v = random();
 4584                 bcopy(&v, (u_int8_t *)p + n,
 4585                     l - n < sizeof(v) ? l - n : sizeof(v));
 4586                 n += sizeof(v);
 4587 
 4588                 if (warn) {
 4589                         printf("WARNING: pseudo-random number generator "
 4590                             "used for IPsec processing\n");
 4591                         warn = 0;
 4592                 }
 4593         }
 4594 }
 4595 
 4596 /*
 4597  * map SADB_SATYPE_* to IPPROTO_*.
 4598  * if satype == SADB_SATYPE then satype is mapped to ~0.
 4599  * OUT:
 4600  *      0: invalid satype.
 4601  */
 4602 static u_int16_t
 4603 key_satype2proto(satype)
 4604         u_int8_t satype;
 4605 {
 4606         switch (satype) {
 4607         case SADB_SATYPE_UNSPEC:
 4608                 return IPSEC_PROTO_ANY;
 4609         case SADB_SATYPE_AH:
 4610                 return IPPROTO_AH;
 4611         case SADB_SATYPE_ESP:
 4612                 return IPPROTO_ESP;
 4613         case SADB_X_SATYPE_IPCOMP:
 4614                 return IPPROTO_IPCOMP;
 4615                 break;
 4616         default:
 4617                 return 0;
 4618         }
 4619         /* NOTREACHED */
 4620 }
 4621 
 4622 /*
 4623  * map IPPROTO_* to SADB_SATYPE_*
 4624  * OUT:
 4625  *      0: invalid protocol type.
 4626  */
 4627 static u_int8_t
 4628 key_proto2satype(proto)
 4629         u_int16_t proto;
 4630 {
 4631         switch (proto) {
 4632         case IPPROTO_AH:
 4633                 return SADB_SATYPE_AH;
 4634         case IPPROTO_ESP:
 4635                 return SADB_SATYPE_ESP;
 4636         case IPPROTO_IPCOMP:
 4637                 return SADB_X_SATYPE_IPCOMP;
 4638                 break;
 4639         default:
 4640                 return 0;
 4641         }
 4642         /* NOTREACHED */
 4643 }
 4644 
 4645 /* %%% PF_KEY */
 4646 /*
 4647  * SADB_GETSPI processing is to receive
 4648  *      <base, (SA2), src address, dst address, (SPI range)>
 4649  * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
 4650  * tree with the status of LARVAL, and send
 4651  *      <base, SA(*), address(SD)>
 4652  * to the IKMPd.
 4653  *
 4654  * IN:  mhp: pointer to the pointer to each header.
 4655  * OUT: NULL if fail.
 4656  *      other if success, return pointer to the message to send.
 4657  */
 4658 static int
 4659 key_getspi(so, m, mhp)
 4660         struct socket *so;
 4661         struct mbuf *m;
 4662         const struct sadb_msghdr *mhp;
 4663 {
 4664         struct sadb_address *src0, *dst0;
 4665         struct secasindex saidx;
 4666         struct secashead *newsah;
 4667         struct secasvar *newsav;
 4668         u_int8_t proto;
 4669         u_int32_t spi;
 4670         u_int8_t mode;
 4671         u_int32_t reqid;
 4672         int error;
 4673 
 4674         /* sanity check */
 4675         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 4676                 panic("key_getspi: NULL pointer is passed.");
 4677 
 4678         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 4679             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
 4680                 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
 4681                 return key_senderror(so, m, EINVAL);
 4682         }
 4683         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 4684             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 4685                 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
 4686                 return key_senderror(so, m, EINVAL);
 4687         }
 4688         if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
 4689                 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
 4690                 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
 4691         } else {
 4692                 mode = IPSEC_MODE_ANY;
 4693                 reqid = 0;
 4694         }
 4695 
 4696         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 4697         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 4698 
 4699         /* map satype to proto */
 4700         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 4701                 ipseclog((LOG_DEBUG, "key_getspi: invalid satype is passed.\n"));
 4702                 return key_senderror(so, m, EINVAL);
 4703         }
 4704 
 4705         /* make sure if port number is zero. */
 4706         switch (((struct sockaddr *)(src0 + 1))->sa_family) {
 4707         case AF_INET:
 4708                 if (((struct sockaddr *)(src0 + 1))->sa_len !=
 4709                     sizeof(struct sockaddr_in))
 4710                         return key_senderror(so, m, EINVAL);
 4711                 ((struct sockaddr_in *)(src0 + 1))->sin_port = 0;
 4712                 break;
 4713         case AF_INET6:
 4714                 if (((struct sockaddr *)(src0 + 1))->sa_len !=
 4715                     sizeof(struct sockaddr_in6))
 4716                         return key_senderror(so, m, EINVAL);
 4717                 ((struct sockaddr_in6 *)(src0 + 1))->sin6_port = 0;
 4718                 break;
 4719         default:
 4720                 ; /*???*/
 4721         }
 4722         switch (((struct sockaddr *)(dst0 + 1))->sa_family) {
 4723         case AF_INET:
 4724                 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
 4725                     sizeof(struct sockaddr_in))
 4726                         return key_senderror(so, m, EINVAL);
 4727                 ((struct sockaddr_in *)(dst0 + 1))->sin_port = 0;
 4728                 break;
 4729         case AF_INET6:
 4730                 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
 4731                     sizeof(struct sockaddr_in6))
 4732                         return key_senderror(so, m, EINVAL);
 4733                 ((struct sockaddr_in6 *)(dst0 + 1))->sin6_port = 0;
 4734                 break;
 4735         default:
 4736                 ; /*???*/
 4737         }
 4738 
 4739         /* XXX boundary check against sa_len */
 4740         KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
 4741 
 4742         /* SPI allocation */
 4743         spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE],
 4744                                &saidx);
 4745         if (spi == 0)
 4746                 return key_senderror(so, m, EINVAL);
 4747 
 4748         /* get a SA index */
 4749         if ((newsah = key_getsah(&saidx)) == NULL) {
 4750                 /* create a new SA index */
 4751                 if ((newsah = key_newsah(&saidx)) == NULL) {
 4752                         ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n"));
 4753                         return key_senderror(so, m, ENOBUFS);
 4754                 }
 4755         }
 4756 
 4757         /* get a new SA */
 4758         /* XXX rewrite */
 4759         newsav = key_newsav(m, mhp, newsah, &error);
 4760         if (newsav == NULL) {
 4761                 /* XXX don't free new SA index allocated in above. */
 4762                 return key_senderror(so, m, error);
 4763         }
 4764 
 4765         /* set spi */
 4766         key_setspi(newsav, htonl(spi));
 4767 
 4768 #ifndef IPSEC_NONBLOCK_ACQUIRE
 4769         /* delete the entry in acqtree */
 4770         if (mhp->msg->sadb_msg_seq != 0) {
 4771                 struct secacq *acq;
 4772                 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
 4773                         /* reset counter in order to deletion by timehandler. */
 4774                         acq->created = time_second;
 4775                         acq->count = 0;
 4776                 }
 4777         }
 4778 #endif
 4779 
 4780     {
 4781         struct mbuf *n, *nn;
 4782         struct sadb_sa *m_sa;
 4783         struct sadb_msg *newmsg;
 4784         int off, len;
 4785 
 4786         /* create new sadb_msg to reply. */
 4787         len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
 4788             PFKEY_ALIGN8(sizeof(struct sadb_sa));
 4789         if (len > MCLBYTES)
 4790                 return key_senderror(so, m, ENOBUFS);
 4791 
 4792         MGETHDR(n, M_DONTWAIT, MT_DATA);
 4793         if (len > MHLEN) {
 4794                 MCLGET(n, M_DONTWAIT);
 4795                 if ((n->m_flags & M_EXT) == 0) {
 4796                         m_freem(n);
 4797                         n = NULL;
 4798                 }
 4799         }
 4800         if (!n)
 4801                 return key_senderror(so, m, ENOBUFS);
 4802 
 4803         n->m_len = len;
 4804         n->m_next = NULL;
 4805         off = 0;
 4806 
 4807         m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
 4808         off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
 4809 
 4810         m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off);
 4811         m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
 4812         m_sa->sadb_sa_exttype = SADB_EXT_SA;
 4813         m_sa->sadb_sa_spi = htonl(spi);
 4814         off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
 4815 
 4816 #ifdef DIAGNOSTIC
 4817         if (off != len)
 4818                 panic("length inconsistency in key_getspi");
 4819 #endif
 4820 
 4821         n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC,
 4822             SADB_EXT_ADDRESS_DST);
 4823         if (!n->m_next) {
 4824                 m_freem(n);
 4825                 return key_senderror(so, m, ENOBUFS);
 4826         }
 4827 
 4828         if (n->m_len < sizeof(struct sadb_msg)) {
 4829                 n = m_pullup(n, sizeof(struct sadb_msg));
 4830                 if (n == NULL)
 4831                         return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
 4832         }
 4833 
 4834         n->m_pkthdr.len = 0;
 4835         for (nn = n; nn; nn = nn->m_next)
 4836                 n->m_pkthdr.len += nn->m_len;
 4837 
 4838         newmsg = mtod(n, struct sadb_msg *);
 4839         newmsg->sadb_msg_seq = newsav->seq;
 4840         newmsg->sadb_msg_errno = 0;
 4841         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 4842 
 4843         m_freem(m);
 4844         return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 4845     }
 4846 }
 4847 
 4848 /*
 4849  * allocating new SPI
 4850  * called by key_getspi().
 4851  * OUT:
 4852  *      0:      failure.
 4853  *      others: success.
 4854  */
 4855 static u_int32_t
 4856 key_do_getnewspi(spirange, saidx)
 4857         struct sadb_spirange *spirange;
 4858         struct secasindex *saidx;
 4859 {
 4860         u_int32_t newspi;
 4861         u_int32_t min, max;
 4862         int count = key_spi_trycnt;
 4863 
 4864         /* set spi range to allocate */
 4865         if (spirange != NULL) {
 4866                 min = spirange->sadb_spirange_min;
 4867                 max = spirange->sadb_spirange_max;
 4868         } else {
 4869                 min = key_spi_minval;
 4870                 max = key_spi_maxval;
 4871         }
 4872         /* IPCOMP needs 2-byte SPI */
 4873         if (saidx->proto == IPPROTO_IPCOMP) {
 4874                 u_int32_t t;
 4875                 if (min >= 0x10000)
 4876                         min = 0xffff;
 4877                 if (max >= 0x10000)
 4878                         max = 0xffff;
 4879                 if (min > max) {
 4880                         t = min; min = max; max = t;
 4881                 }
 4882         }
 4883 
 4884         if (min == max) {
 4885                 if (key_checkspidup(saidx, min) != NULL) {
 4886                         ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", min));
 4887                         return 0;
 4888                 }
 4889 
 4890                 count--; /* taking one cost. */
 4891                 newspi = min;
 4892 
 4893         } else {
 4894 
 4895                 /* init SPI */
 4896                 newspi = 0;
 4897 
 4898                 /* when requesting to allocate spi ranged */
 4899                 while (count--) {
 4900                         /* generate pseudo-random SPI value ranged. */
 4901                         newspi = min + (key_random() % (max - min + 1));
 4902 
 4903                         if (key_checkspidup(saidx, newspi) == NULL)
 4904                                 break;
 4905                 }
 4906 
 4907                 if (count == 0 || newspi == 0) {
 4908                         ipseclog((LOG_DEBUG, "key_do_getnewspi: to allocate spi is failed.\n"));
 4909                         return 0;
 4910                 }
 4911         }
 4912 
 4913         /* statistics */
 4914         keystat.getspi_count =
 4915                 (keystat.getspi_count + key_spi_trycnt - count) / 2;
 4916 
 4917         return newspi;
 4918 }
 4919 
 4920 /*
 4921  * SADB_UPDATE processing
 4922  * receive
 4923  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 4924  *       key(AE), (identity(SD),) (sensitivity)>
 4925  * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
 4926  * and send
 4927  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 4928  *       (identity(SD),) (sensitivity)>
 4929  * to the ikmpd.
 4930  *
 4931  * m will always be freed.
 4932  */
 4933 static int
 4934 key_update(so, m, mhp)
 4935         struct socket *so;
 4936         struct mbuf *m;
 4937         const struct sadb_msghdr *mhp;
 4938 {
 4939         struct sadb_sa *sa0;
 4940         struct sadb_address *src0, *dst0;
 4941         struct secasindex saidx;
 4942         struct secashead *sah;
 4943         struct secasvar *sav;
 4944         u_int16_t proto;
 4945         u_int8_t mode;
 4946         u_int32_t reqid;
 4947         int error;
 4948 
 4949         /* sanity check */
 4950         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 4951                 panic("key_update: NULL pointer is passed.");
 4952 
 4953         /* map satype to proto */
 4954         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 4955                 ipseclog((LOG_DEBUG, "key_update: invalid satype is passed.\n"));
 4956                 return key_senderror(so, m, EINVAL);
 4957         }
 4958 
 4959         if (mhp->ext[SADB_EXT_SA] == NULL ||
 4960             mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 4961             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 4962             (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
 4963              mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
 4964             (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
 4965              mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
 4966             (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
 4967              mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
 4968             (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
 4969              mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
 4970                 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
 4971                 return key_senderror(so, m, EINVAL);
 4972         }
 4973         if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
 4974             mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 4975             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 4976                 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
 4977                 return key_senderror(so, m, EINVAL);
 4978         }
 4979         if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
 4980                 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
 4981                 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
 4982         } else {
 4983                 mode = IPSEC_MODE_ANY;
 4984                 reqid = 0;
 4985         }
 4986         /* XXX boundary checking for other extensions */
 4987 
 4988         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 4989         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 4990         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 4991 
 4992         /* XXX boundary check against sa_len */
 4993         KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
 4994 
 4995         /* get a SA header */
 4996         if ((sah = key_getsah(&saidx)) == NULL) {
 4997                 ipseclog((LOG_DEBUG, "key_update: no SA index found.\n"));
 4998                 return key_senderror(so, m, ENOENT);
 4999         }
 5000 
 5001         /* set spidx if there */
 5002         /* XXX rewrite */
 5003         error = key_setident(sah, m, mhp);
 5004         if (error)
 5005                 return key_senderror(so, m, error);
 5006 
 5007         /* find a SA with sequence number. */
 5008 #ifdef IPSEC_DOSEQCHECK
 5009         if (mhp->msg->sadb_msg_seq != 0 &&
 5010             (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
 5011                 ipseclog((LOG_DEBUG,
 5012                     "key_update: no larval SA with sequence %u exists.\n",
 5013                     mhp->msg->sadb_msg_seq));
 5014                 return key_senderror(so, m, ENOENT);
 5015         }
 5016 #else
 5017         if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) {
 5018                 ipseclog((LOG_DEBUG,
 5019                     "key_update: no such a SA found (spi:%u)\n",
 5020                     (u_int32_t)ntohl(sa0->sadb_sa_spi)));
 5021                 return key_senderror(so, m, EINVAL);
 5022         }
 5023 #endif
 5024 
 5025         /* validity check */
 5026         if (sav->sah->saidx.proto != proto) {
 5027                 ipseclog((LOG_DEBUG,
 5028                     "key_update: protocol mismatched (DB=%u param=%u)\n",
 5029                     sav->sah->saidx.proto, proto));
 5030                 return key_senderror(so, m, EINVAL);
 5031         }
 5032 #ifdef IPSEC_DOSEQCHECK
 5033         if (sav->spi != sa0->sadb_sa_spi) {
 5034                 ipseclog((LOG_DEBUG,
 5035                     "key_update: SPI mismatched (DB:%u param:%u)\n",
 5036                     (u_int32_t)ntohl(sav->spi),
 5037                     (u_int32_t)ntohl(sa0->sadb_sa_spi)));
 5038                 return key_senderror(so, m, EINVAL);
 5039         }
 5040 #endif
 5041         if (sav->pid != mhp->msg->sadb_msg_pid) {
 5042                 ipseclog((LOG_DEBUG,
 5043                     "key_update: pid mismatched (DB:%u param:%u)\n",
 5044                     sav->pid, mhp->msg->sadb_msg_pid));
 5045                 return key_senderror(so, m, EINVAL);
 5046         }
 5047 
 5048         /* copy sav values */
 5049         error = key_setsaval(sav, m, mhp);
 5050         if (error) {
 5051                 key_freesav(sav);
 5052                 return key_senderror(so, m, error);
 5053         }
 5054 
 5055         /* check SA values to be mature. */
 5056         if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) {
 5057                 key_freesav(sav);
 5058                 return key_senderror(so, m, 0);
 5059         }
 5060 
 5061     {
 5062         struct mbuf *n;
 5063 
 5064         /* set msg buf from mhp */
 5065         n = key_getmsgbuf_x1(m, mhp);
 5066         if (n == NULL) {
 5067                 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
 5068                 return key_senderror(so, m, ENOBUFS);
 5069         }
 5070 
 5071         m_freem(m);
 5072         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5073     }
 5074 }
 5075 
 5076 /*
 5077  * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
 5078  * only called by key_update().
 5079  * OUT:
 5080  *      NULL    : not found
 5081  *      others  : found, pointer to a SA.
 5082  */
 5083 #ifdef IPSEC_DOSEQCHECK
 5084 static struct secasvar *
 5085 key_getsavbyseq(sah, seq)
 5086         struct secashead *sah;
 5087         u_int32_t seq;
 5088 {
 5089         struct secasvar *sav;
 5090         u_int state;
 5091 
 5092         state = SADB_SASTATE_LARVAL;
 5093 
 5094         /* search SAD with sequence number ? */
 5095         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 5096 
 5097                 KEY_CHKSASTATE(state, sav->state, "key_getsabyseq");
 5098 
 5099                 if (sav->seq == seq) {
 5100                         sav->refcnt++;
 5101                         KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 5102                                 printf("DP key_getsavbyseq cause "
 5103                                         "refcnt++:%d SA:%p\n",
 5104                                         sav->refcnt, sav));
 5105                         return sav;
 5106                 }
 5107         }
 5108 
 5109         return NULL;
 5110 }
 5111 #endif
 5112 
 5113 /*
 5114  * SADB_ADD processing
 5115  * add an entry to SA database, when received
 5116  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 5117  *       key(AE), (identity(SD),) (sensitivity)>
 5118  * from the ikmpd,
 5119  * and send
 5120  *   <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
 5121  *       (identity(SD),) (sensitivity)>
 5122  * to the ikmpd.
 5123  *
 5124  * IGNORE identity and sensitivity messages.
 5125  *
 5126  * m will always be freed.
 5127  */
 5128 static int
 5129 key_add(so, m, mhp)
 5130         struct socket *so;
 5131         struct mbuf *m;
 5132         const struct sadb_msghdr *mhp;
 5133 {
 5134         struct sadb_sa *sa0;
 5135         struct sadb_address *src0, *dst0;
 5136         struct secasindex saidx;
 5137         struct secashead *newsah;
 5138         struct secasvar *newsav;
 5139         u_int16_t proto;
 5140         u_int8_t mode;
 5141         u_int32_t reqid;
 5142         int error;
 5143 
 5144         /* sanity check */
 5145         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 5146                 panic("key_add: NULL pointer is passed.");
 5147 
 5148         /* map satype to proto */
 5149         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 5150                 ipseclog((LOG_DEBUG, "key_add: invalid satype is passed.\n"));
 5151                 return key_senderror(so, m, EINVAL);
 5152         }
 5153 
 5154         if (mhp->ext[SADB_EXT_SA] == NULL ||
 5155             mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5156             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 5157             (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
 5158              mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
 5159             (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
 5160              mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
 5161             (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
 5162              mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
 5163             (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
 5164              mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
 5165                 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
 5166                 return key_senderror(so, m, EINVAL);
 5167         }
 5168         if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
 5169             mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5170             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5171                 /* XXX need more */
 5172                 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
 5173                 return key_senderror(so, m, EINVAL);
 5174         }
 5175         if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
 5176                 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
 5177                 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
 5178         } else {
 5179                 mode = IPSEC_MODE_ANY;
 5180                 reqid = 0;
 5181         }
 5182 
 5183         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5184         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 5185         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 5186 
 5187         /* XXX boundary check against sa_len */
 5188         KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
 5189 
 5190         /* get a SA header */
 5191         if ((newsah = key_getsah(&saidx)) == NULL) {
 5192                 /* create a new SA header */
 5193                 if ((newsah = key_newsah(&saidx)) == NULL) {
 5194                         ipseclog((LOG_DEBUG, "key_add: No more memory.\n"));
 5195                         return key_senderror(so, m, ENOBUFS);
 5196                 }
 5197         }
 5198 
 5199         /* set spidx if there */
 5200         /* XXX rewrite */
 5201         error = key_setident(newsah, m, mhp);
 5202         if (error) {
 5203                 return key_senderror(so, m, error);
 5204         }
 5205 
 5206         /* create new SA entry. */
 5207         /* We can create new SA only if SPI is differenct. */
 5208         if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) {
 5209                 ipseclog((LOG_DEBUG, "key_add: SA already exists.\n"));
 5210                 return key_senderror(so, m, EEXIST);
 5211         }
 5212         newsav = key_newsav(m, mhp, newsah, &error);
 5213         if (newsav == NULL) {
 5214                 return key_senderror(so, m, error);
 5215         }
 5216 
 5217         /* check SA values to be mature. */
 5218         if ((error = key_mature(newsav)) != 0) {
 5219                 key_freesav(newsav);
 5220                 return key_senderror(so, m, error);
 5221         }
 5222 
 5223         /*
 5224          * don't call key_freesav() here, as we would like to keep the SA
 5225          * in the database on success.
 5226          */
 5227 
 5228     {
 5229         struct mbuf *n;
 5230 
 5231         /* set msg buf from mhp */
 5232         n = key_getmsgbuf_x1(m, mhp);
 5233         if (n == NULL) {
 5234                 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
 5235                 return key_senderror(so, m, ENOBUFS);
 5236         }
 5237 
 5238         m_freem(m);
 5239         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5240     }
 5241 }
 5242 
 5243 /* m is retained */
 5244 static int
 5245 key_setident(sah, m, mhp)
 5246         struct secashead *sah;
 5247         struct mbuf *m;
 5248         const struct sadb_msghdr *mhp;
 5249 {
 5250         const struct sadb_ident *idsrc, *iddst;
 5251         int idsrclen, iddstlen;
 5252 
 5253         /* sanity check */
 5254         if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 5255                 panic("key_setident: NULL pointer is passed.");
 5256 
 5257         /* don't make buffer if not there */
 5258         if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
 5259             mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
 5260                 sah->idents = NULL;
 5261                 sah->identd = NULL;
 5262                 return 0;
 5263         }
 5264         
 5265         if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
 5266             mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
 5267                 ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n"));
 5268                 return EINVAL;
 5269         }
 5270 
 5271         idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC];
 5272         iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST];
 5273         idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
 5274         iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
 5275 
 5276         /* validity check */
 5277         if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
 5278                 ipseclog((LOG_DEBUG, "key_setident: ident type mismatch.\n"));
 5279                 return EINVAL;
 5280         }
 5281 
 5282         switch (idsrc->sadb_ident_type) {
 5283         case SADB_IDENTTYPE_PREFIX:
 5284         case SADB_IDENTTYPE_FQDN:
 5285         case SADB_IDENTTYPE_USERFQDN:
 5286         default:
 5287                 /* XXX do nothing */
 5288                 sah->idents = NULL;
 5289                 sah->identd = NULL;
 5290                 return 0;
 5291         }
 5292 
 5293         /* make structure */
 5294         KMALLOC(sah->idents, struct sadb_ident *, idsrclen);
 5295         if (sah->idents == NULL) {
 5296                 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
 5297                 return ENOBUFS;
 5298         }
 5299         KMALLOC(sah->identd, struct sadb_ident *, iddstlen);
 5300         if (sah->identd == NULL) {
 5301                 KFREE(sah->idents);
 5302                 sah->idents = NULL;
 5303                 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
 5304                 return ENOBUFS;
 5305         }
 5306         bcopy(idsrc, sah->idents, idsrclen);
 5307         bcopy(iddst, sah->identd, iddstlen);
 5308 
 5309         return 0;
 5310 }
 5311 
 5312 /*
 5313  * m will not be freed on return.
 5314  * it is caller's responsibility to free the result. 
 5315  */
 5316 static struct mbuf *
 5317 key_getmsgbuf_x1(m, mhp)
 5318         struct mbuf *m;
 5319         const struct sadb_msghdr *mhp;
 5320 {
 5321         struct mbuf *n;
 5322 
 5323         /* sanity check */
 5324         if (m == NULL || mhp == NULL || mhp->msg == NULL)
 5325                 panic("key_getmsgbuf_x1: NULL pointer is passed.");
 5326 
 5327         /* create new sadb_msg to reply. */
 5328         n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED,
 5329             SADB_EXT_SA, SADB_X_EXT_SA2,
 5330             SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
 5331             SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
 5332             SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST);
 5333         if (!n)
 5334                 return NULL;
 5335 
 5336         if (n->m_len < sizeof(struct sadb_msg)) {
 5337                 n = m_pullup(n, sizeof(struct sadb_msg));
 5338                 if (n == NULL)
 5339                         return NULL;
 5340         }
 5341         mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
 5342         mtod(n, struct sadb_msg *)->sadb_msg_len =
 5343             PFKEY_UNIT64(n->m_pkthdr.len);
 5344 
 5345         return n;
 5346 }
 5347 
 5348 static int key_delete_all(struct socket *, struct mbuf *,
 5349         const struct sadb_msghdr *, u_int16_t);
 5350 
 5351 /*
 5352  * SADB_DELETE processing
 5353  * receive
 5354  *   <base, SA(*), address(SD)>
 5355  * from the ikmpd, and set SADB_SASTATE_DEAD,
 5356  * and send,
 5357  *   <base, SA(*), address(SD)>
 5358  * to the ikmpd.
 5359  *
 5360  * m will always be freed.
 5361  */
 5362 static int
 5363 key_delete(so, m, mhp)
 5364         struct socket *so;
 5365         struct mbuf *m;
 5366         const struct sadb_msghdr *mhp;
 5367 {
 5368         struct sadb_sa *sa0;
 5369         struct sadb_address *src0, *dst0;
 5370         struct secasindex saidx;
 5371         struct secashead *sah;
 5372         struct secasvar *sav = NULL;
 5373         u_int16_t proto;
 5374 
 5375         /* sanity check */
 5376         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 5377                 panic("key_delete: NULL pointer is passed.");
 5378 
 5379         /* map satype to proto */
 5380         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 5381                 ipseclog((LOG_DEBUG, "key_delete: invalid satype is passed.\n"));
 5382                 return key_senderror(so, m, EINVAL);
 5383         }
 5384 
 5385         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5386             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
 5387                 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
 5388                 return key_senderror(so, m, EINVAL);
 5389         }
 5390 
 5391         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5392             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5393                 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
 5394                 return key_senderror(so, m, EINVAL);
 5395         }
 5396 
 5397         if (mhp->ext[SADB_EXT_SA] == NULL) {
 5398                 /*
 5399                  * Caller wants us to delete all non-LARVAL SAs
 5400                  * that match the src/dst.  This is used during
 5401                  * IKE INITIAL-CONTACT.
 5402                  */
 5403                 ipseclog((LOG_DEBUG, "key_delete: doing delete all.\n"));
 5404                 return key_delete_all(so, m, mhp, proto);
 5405         } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
 5406                 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
 5407                 return key_senderror(so, m, EINVAL);
 5408         }
 5409 
 5410         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5411         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 5412         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 5413 
 5414         /* XXX boundary check against sa_len */
 5415         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 5416 
 5417         /* get a SA header */
 5418         LIST_FOREACH(sah, &sahtree, chain) {
 5419                 if (sah->state == SADB_SASTATE_DEAD)
 5420                         continue;
 5421                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
 5422                         continue;
 5423 
 5424                 /* get a SA with SPI. */
 5425                 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
 5426                 if (sav)
 5427                         break;
 5428         }
 5429         if (sah == NULL) {
 5430                 ipseclog((LOG_DEBUG, "key_delete: no SA found.\n"));
 5431                 return key_senderror(so, m, ENOENT);
 5432         }
 5433 
 5434         key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 5435         key_freesav(sav);
 5436         sav = NULL;
 5437 
 5438     {
 5439         struct mbuf *n;
 5440         struct sadb_msg *newmsg;
 5441 
 5442         /* create new sadb_msg to reply. */
 5443         n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
 5444             SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 5445         if (!n)
 5446                 return key_senderror(so, m, ENOBUFS);
 5447 
 5448         if (n->m_len < sizeof(struct sadb_msg)) {
 5449                 n = m_pullup(n, sizeof(struct sadb_msg));
 5450                 if (n == NULL)
 5451                         return key_senderror(so, m, ENOBUFS);
 5452         }
 5453         newmsg = mtod(n, struct sadb_msg *);
 5454         newmsg->sadb_msg_errno = 0;
 5455         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 5456 
 5457         m_freem(m);
 5458         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5459     }
 5460 }
 5461 
 5462 /*
 5463  * delete all SAs for src/dst.  Called from key_delete().
 5464  */
 5465 static int
 5466 key_delete_all(so, m, mhp, proto)
 5467         struct socket *so;
 5468         struct mbuf *m;
 5469         const struct sadb_msghdr *mhp;
 5470         u_int16_t proto;
 5471 {
 5472         struct sadb_address *src0, *dst0;
 5473         struct secasindex saidx;
 5474         struct secashead *sah;
 5475         struct secasvar *sav, *nextsav;
 5476         u_int stateidx, state;
 5477 
 5478         src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
 5479         dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
 5480 
 5481         /* XXX boundary check against sa_len */
 5482         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 5483 
 5484         LIST_FOREACH(sah, &sahtree, chain) {
 5485                 if (sah->state == SADB_SASTATE_DEAD)
 5486                         continue;
 5487                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
 5488                         continue;
 5489 
 5490                 /* Delete all non-LARVAL SAs. */
 5491                 for (stateidx = 0;
 5492                      stateidx < _ARRAYLEN(saorder_state_alive);
 5493                      stateidx++) {
 5494                         state = saorder_state_alive[stateidx];
 5495                         if (state == SADB_SASTATE_LARVAL)
 5496                                 continue;
 5497                         for (sav = LIST_FIRST(&sah->savtree[state]);
 5498                              sav != NULL; sav = nextsav) {
 5499                                 nextsav = LIST_NEXT(sav, chain);
 5500                                 /* sanity check */
 5501                                 if (sav->state != state) {
 5502                                         ipseclog((LOG_DEBUG, "key_delete_all: "
 5503                                                "invalid sav->state "
 5504                                                "(queue: %u SA: %u)\n",
 5505                                                state, sav->state));
 5506                                         continue;
 5507                                 }
 5508                                 
 5509                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 5510                                 key_freesav(sav);
 5511                         }
 5512                 }
 5513         }
 5514     {
 5515         struct mbuf *n;
 5516         struct sadb_msg *newmsg;
 5517 
 5518         /* create new sadb_msg to reply. */
 5519         n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED,
 5520             SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
 5521         if (!n)
 5522                 return key_senderror(so, m, ENOBUFS);
 5523 
 5524         if (n->m_len < sizeof(struct sadb_msg)) {
 5525                 n = m_pullup(n, sizeof(struct sadb_msg));
 5526                 if (n == NULL)
 5527                         return key_senderror(so, m, ENOBUFS);
 5528         }
 5529         newmsg = mtod(n, struct sadb_msg *);
 5530         newmsg->sadb_msg_errno = 0;
 5531         newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
 5532 
 5533         m_freem(m);
 5534         return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
 5535     }
 5536 }
 5537 
 5538 /*
 5539  * SADB_GET processing
 5540  * receive
 5541  *   <base, SA(*), address(SD)>
 5542  * from the ikmpd, and get a SP and a SA to respond,
 5543  * and send,
 5544  *   <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
 5545  *       (identity(SD),) (sensitivity)>
 5546  * to the ikmpd.
 5547  *
 5548  * m will always be freed.
 5549  */
 5550 static int
 5551 key_get(so, m, mhp)
 5552         struct socket *so;
 5553         struct mbuf *m;
 5554         const struct sadb_msghdr *mhp;
 5555 {
 5556         struct sadb_sa *sa0;
 5557         struct sadb_address *src0, *dst0;
 5558         struct secasindex saidx;
 5559         struct secashead *sah;
 5560         struct secasvar *sav = NULL;
 5561         u_int16_t proto;
 5562 
 5563         /* sanity check */
 5564         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 5565                 panic("key_get: NULL pointer is passed.");
 5566 
 5567         /* map satype to proto */
 5568         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 5569                 ipseclog((LOG_DEBUG, "key_get: invalid satype is passed.\n"));
 5570                 return key_senderror(so, m, EINVAL);
 5571         }
 5572 
 5573         if (mhp->ext[SADB_EXT_SA] == NULL ||
 5574             mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 5575             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
 5576                 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
 5577                 return key_senderror(so, m, EINVAL);
 5578         }
 5579         if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
 5580             mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 5581             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
 5582                 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
 5583                 return key_senderror(so, m, EINVAL);
 5584         }
 5585 
 5586         sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
 5587         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 5588         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 5589 
 5590         /* XXX boundary check against sa_len */
 5591         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 5592 
 5593         /* get a SA header */
 5594         LIST_FOREACH(sah, &sahtree, chain) {
 5595                 if (sah->state == SADB_SASTATE_DEAD)
 5596                         continue;
 5597                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
 5598                         continue;
 5599 
 5600                 /* get a SA with SPI. */
 5601                 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
 5602                 if (sav)
 5603                         break;
 5604         }
 5605         if (sah == NULL) {
 5606                 ipseclog((LOG_DEBUG, "key_get: no SA found.\n"));
 5607                 return key_senderror(so, m, ENOENT);
 5608         }
 5609 
 5610     {
 5611         struct mbuf *n;
 5612         u_int8_t satype;
 5613 
 5614         /* map proto to satype */
 5615         if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
 5616                 ipseclog((LOG_DEBUG, "key_get: there was invalid proto in SAD.\n"));
 5617                 return key_senderror(so, m, EINVAL);
 5618         }
 5619 
 5620         /* create new sadb_msg to reply. */
 5621         n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
 5622             mhp->msg->sadb_msg_pid);
 5623         if (!n)
 5624                 return key_senderror(so, m, ENOBUFS);
 5625 
 5626         m_freem(m);
 5627         return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 5628     }
 5629 }
 5630 
 5631 /* XXX make it sysctl-configurable? */
 5632 static void
 5633 key_getcomb_setlifetime(comb)
 5634         struct sadb_comb *comb;
 5635 {
 5636 
 5637         comb->sadb_comb_soft_allocations = 1;
 5638         comb->sadb_comb_hard_allocations = 1;
 5639         comb->sadb_comb_soft_bytes = 0;
 5640         comb->sadb_comb_hard_bytes = 0;
 5641         comb->sadb_comb_hard_addtime = 86400;   /* 1 day */
 5642         comb->sadb_comb_soft_addtime = comb->sadb_comb_hard_addtime * 80 / 100;
 5643         comb->sadb_comb_hard_usetime = 28800;   /* 8 hours */
 5644         comb->sadb_comb_soft_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
 5645 }
 5646 
 5647 #ifdef IPSEC_ESP
 5648 /*
 5649  * XXX reorder combinations by preference
 5650  * XXX no idea if the user wants ESP authentication or not
 5651  */
 5652 static struct mbuf *
 5653 key_getcomb_esp()
 5654 {
 5655         struct sadb_comb *comb;
 5656         const struct esp_algorithm *algo;
 5657         struct mbuf *result = NULL, *m, *n;
 5658         int encmin;
 5659         int i, off, o;
 5660         int totlen;
 5661         const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
 5662 
 5663         m = NULL;
 5664         for (i = 1; i <= SADB_EALG_MAX; i++) {
 5665                 algo = esp_algorithm_lookup(i);
 5666                 if (!algo)
 5667                         continue;
 5668 
 5669                 if (algo->keymax < ipsec_esp_keymin)
 5670                         continue;
 5671                 if (algo->keymin < ipsec_esp_keymin)
 5672                         encmin = ipsec_esp_keymin;
 5673                 else
 5674                         encmin = algo->keymin;
 5675 
 5676                 if (ipsec_esp_auth)
 5677                         m = key_getcomb_ah();
 5678                 else {
 5679 #ifdef DIAGNOSTIC
 5680                         if (l > MLEN)
 5681                                 panic("assumption failed in key_getcomb_esp");
 5682 #endif
 5683                         MGET(m, M_DONTWAIT, MT_DATA);
 5684                         if (m) {
 5685                                 M_ALIGN(m, l);
 5686                                 m->m_len = l;
 5687                                 m->m_next = NULL;
 5688                                 bzero(mtod(m, caddr_t), m->m_len);
 5689                         }
 5690                 }
 5691                 if (!m)
 5692                         goto fail;
 5693 
 5694                 totlen = 0;
 5695                 for (n = m; n; n = n->m_next)
 5696                         totlen += n->m_len;
 5697 #ifdef DIAGNOSTIC
 5698                 if (totlen % l)
 5699                         panic("assumption failed in key_getcomb_esp");
 5700 #endif
 5701 
 5702                 for (off = 0; off < totlen; off += l) {
 5703                         n = m_pulldown(m, off, l, &o);
 5704                         if (!n) {
 5705                                 /* m is already freed */
 5706                                 goto fail;
 5707                         }
 5708                         comb = (struct sadb_comb *)(mtod(n, caddr_t) + o);
 5709                         bzero(comb, sizeof(*comb));
 5710                         key_getcomb_setlifetime(comb);
 5711                         comb->sadb_comb_encrypt = i;
 5712                         comb->sadb_comb_encrypt_minbits = encmin;
 5713                         comb->sadb_comb_encrypt_maxbits = algo->keymax;
 5714                 }
 5715 
 5716                 if (!result)
 5717                         result = m;
 5718                 else
 5719                         m_cat(result, m);
 5720         }
 5721 
 5722         return result;
 5723 
 5724  fail:
 5725         if (result)
 5726                 m_freem(result);
 5727         return NULL;
 5728 }
 5729 #endif
 5730 
 5731 /*
 5732  * XXX reorder combinations by preference
 5733  */
 5734 static struct mbuf *
 5735 key_getcomb_ah()
 5736 {
 5737         struct sadb_comb *comb;
 5738         const struct ah_algorithm *algo;
 5739         struct mbuf *m;
 5740         int min;
 5741         int i;
 5742         const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
 5743 
 5744         m = NULL;
 5745         for (i = 1; i <= SADB_AALG_MAX; i++) {
 5746 #if 1
 5747                 /* we prefer HMAC algorithms, not old algorithms */
 5748                 if (i != SADB_AALG_SHA1HMAC && i != SADB_AALG_MD5HMAC)
 5749                         continue;
 5750 #endif
 5751                 algo = ah_algorithm_lookup(i);
 5752                 if (!algo)
 5753                         continue;
 5754 
 5755                 if (algo->keymax < ipsec_ah_keymin)
 5756                         continue;
 5757                 if (algo->keymin < ipsec_ah_keymin)
 5758                         min = ipsec_ah_keymin;
 5759                 else
 5760                         min = algo->keymin;
 5761 
 5762                 if (!m) {
 5763 #ifdef DIAGNOSTIC
 5764                         if (l > MLEN)
 5765                                 panic("assumption failed in key_getcomb_ah");
 5766 #endif
 5767                         MGET(m, M_DONTWAIT, MT_DATA);
 5768                         if (m) {
 5769                                 M_ALIGN(m, l);
 5770                                 m->m_len = l;
 5771                                 m->m_next = NULL;
 5772                         }
 5773                 } else
 5774                         M_PREPEND(m, l, M_DONTWAIT);
 5775                 if (!m)
 5776                         return NULL;
 5777 
 5778                 comb = mtod(m, struct sadb_comb *);
 5779                 bzero(comb, sizeof(*comb));
 5780                 key_getcomb_setlifetime(comb);
 5781                 comb->sadb_comb_auth = i;
 5782                 comb->sadb_comb_auth_minbits = min;
 5783                 comb->sadb_comb_auth_maxbits = algo->keymax;
 5784         }
 5785 
 5786         return m;
 5787 }
 5788 
 5789 /*
 5790  * not really an official behavior.  discussed in pf_key@inner.net in Sep2000.
 5791  * XXX reorder combinations by preference
 5792  */
 5793 static struct mbuf *
 5794 key_getcomb_ipcomp()
 5795 {
 5796         struct sadb_comb *comb;
 5797         const struct ipcomp_algorithm *algo;
 5798         struct mbuf *m;
 5799         int i;
 5800         const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
 5801 
 5802         m = NULL;
 5803         for (i = 1; i <= SADB_X_CALG_MAX; i++) {
 5804                 algo = ipcomp_algorithm_lookup(i);
 5805                 if (!algo)
 5806                         continue;
 5807 
 5808                 if (!m) {
 5809 #ifdef DIAGNOSTIC
 5810                         if (l > MLEN)
 5811                                 panic("assumption failed in key_getcomb_ipcomp");
 5812 #endif
 5813                         MGET(m, M_DONTWAIT, MT_DATA);
 5814                         if (m) {
 5815                                 M_ALIGN(m, l);
 5816                                 m->m_len = l;
 5817                                 m->m_next = NULL;
 5818                         }
 5819                 } else
 5820                         M_PREPEND(m, l, M_DONTWAIT);
 5821                 if (!m)
 5822                         return NULL;
 5823 
 5824                 comb = mtod(m, struct sadb_comb *);
 5825                 bzero(comb, sizeof(*comb));
 5826                 key_getcomb_setlifetime(comb);
 5827                 comb->sadb_comb_encrypt = i;
 5828                 /* what should we set into sadb_comb_*_{min,max}bits? */
 5829         }
 5830 
 5831         return m;
 5832 }
 5833 
 5834 /*
 5835  * XXX no way to pass mode (transport/tunnel) to userland
 5836  * XXX replay checking?
 5837  * XXX sysctl interface to ipsec_{ah,esp}_keymin
 5838  */
 5839 static struct mbuf *
 5840 key_getprop(saidx)
 5841         const struct secasindex *saidx;
 5842 {
 5843         struct sadb_prop *prop;
 5844         struct mbuf *m, *n;
 5845         const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
 5846         int totlen;
 5847 
 5848         switch (saidx->proto)  {
 5849 #ifdef IPSEC_ESP
 5850         case IPPROTO_ESP:
 5851                 m = key_getcomb_esp();
 5852                 break;
 5853 #endif
 5854         case IPPROTO_AH:
 5855                 m = key_getcomb_ah();
 5856                 break;
 5857         case IPPROTO_IPCOMP:
 5858                 m = key_getcomb_ipcomp();
 5859                 break;
 5860         default:
 5861                 return NULL;
 5862         }
 5863 
 5864         if (!m)
 5865                 return NULL;
 5866         M_PREPEND(m, l, M_DONTWAIT);
 5867         if (!m)
 5868                 return NULL;
 5869 
 5870         totlen = 0;
 5871         for (n = m; n; n = n->m_next)
 5872                 totlen += n->m_len;
 5873 
 5874         prop = mtod(m, struct sadb_prop *);
 5875         bzero(prop, sizeof(*prop));
 5876         prop->sadb_prop_len = PFKEY_UNIT64(totlen);
 5877         prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
 5878         prop->sadb_prop_replay = 32;    /* XXX */
 5879 
 5880         return m;
 5881 }
 5882 
 5883 /*
 5884  * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
 5885  * send
 5886  *   <base, SA, address(SD), (address(P)), x_policy,
 5887  *       (identity(SD),) (sensitivity,) proposal>
 5888  * to KMD, and expect to receive
 5889  *   <base> with SADB_ACQUIRE if error occured,
 5890  * or
 5891  *   <base, src address, dst address, (SPI range)> with SADB_GETSPI
 5892  * from KMD by PF_KEY.
 5893  *
 5894  * XXX x_policy is outside of RFC2367 (KAME extension).
 5895  * XXX sensitivity is not supported.
 5896  * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
 5897  * see comment for key_getcomb_ipcomp().
 5898  *
 5899  * OUT:
 5900  *    0     : succeed
 5901  *    others: error number
 5902  */
 5903 static int
 5904 key_acquire(saidx, sp)
 5905         struct secasindex *saidx;
 5906         struct secpolicy *sp;
 5907 {
 5908         struct mbuf *result = NULL, *m;
 5909 #ifndef IPSEC_NONBLOCK_ACQUIRE
 5910         struct secacq *newacq;
 5911 #endif
 5912         u_int8_t satype;
 5913         int error = -1;
 5914         u_int32_t seq;
 5915 
 5916         /* sanity check */
 5917         if (saidx == NULL)
 5918                 panic("key_acquire: NULL pointer is passed.");
 5919         if ((satype = key_proto2satype(saidx->proto)) == 0)
 5920                 panic("key_acquire: invalid proto is passed.");
 5921 
 5922 #ifndef IPSEC_NONBLOCK_ACQUIRE
 5923         /*
 5924          * We never do anything about acquirng SA.  There is anather
 5925          * solution that kernel blocks to send SADB_ACQUIRE message until
 5926          * getting something message from IKEd.  In later case, to be
 5927          * managed with ACQUIRING list.
 5928          */
 5929         /* get an entry to check whether sending message or not. */
 5930         if ((newacq = key_getacq(saidx)) != NULL) {
 5931                 if (key_blockacq_count < newacq->count) {
 5932                         /* reset counter and do send message. */
 5933                         newacq->count = 0;
 5934                 } else {
 5935                         /* increment counter and do nothing. */
 5936                         newacq->count++;
 5937                         return 0;
 5938                 }
 5939         } else {
 5940                 /* make new entry for blocking to send SADB_ACQUIRE. */
 5941                 if ((newacq = key_newacq(saidx)) == NULL)
 5942                         return ENOBUFS;
 5943 
 5944                 /* add to acqtree */
 5945                 LIST_INSERT_HEAD(&acqtree, newacq, chain);
 5946         }
 5947 #endif
 5948 
 5949 
 5950 #ifndef IPSEC_NONBLOCK_ACQUIRE
 5951         seq = newacq->seq;
 5952 #else
 5953         seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
 5954 #endif
 5955         m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
 5956         if (!m) {
 5957                 error = ENOBUFS;
 5958                 goto fail;
 5959         }
 5960         result = m;
 5961 
 5962         /* set sadb_address for saidx's. */
 5963         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 5964             (struct sockaddr *)&saidx->src, FULLMASK, IPSEC_ULPROTO_ANY);
 5965         if (!m) {
 5966                 error = ENOBUFS;
 5967                 goto fail;
 5968         }
 5969         m_cat(result, m);
 5970 
 5971         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 5972             (struct sockaddr *)&saidx->dst, FULLMASK, IPSEC_ULPROTO_ANY);
 5973         if (!m) {
 5974                 error = ENOBUFS;
 5975                 goto fail;
 5976         }
 5977         m_cat(result, m);
 5978 
 5979         /* XXX proxy address (optional) */
 5980 
 5981         /* set sadb_x_policy */
 5982         if (sp) {
 5983                 m = key_setsadbxpolicy(sp->policy, sp->dir, sp->id);
 5984                 if (!m) {
 5985                         error = ENOBUFS;
 5986                         goto fail;
 5987                 }
 5988                 m_cat(result, m);
 5989         }
 5990 
 5991         /* XXX identity (optional) */
 5992 #if 0
 5993         if (idexttype && fqdn) {
 5994                 /* create identity extension (FQDN) */
 5995                 struct sadb_ident *id;
 5996                 int fqdnlen;
 5997 
 5998                 fqdnlen = strlen(fqdn) + 1;     /* +1 for terminating-NUL */
 5999                 id = (struct sadb_ident *)p;
 6000                 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
 6001                 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
 6002                 id->sadb_ident_exttype = idexttype;
 6003                 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
 6004                 bcopy(fqdn, id + 1, fqdnlen);
 6005                 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
 6006         }
 6007 
 6008         if (idexttype) {
 6009                 /* create identity extension (USERFQDN) */
 6010                 struct sadb_ident *id;
 6011                 int userfqdnlen;
 6012 
 6013                 if (userfqdn) {
 6014                         /* +1 for terminating-NUL */
 6015                         userfqdnlen = strlen(userfqdn) + 1;
 6016                 } else
 6017                         userfqdnlen = 0;
 6018                 id = (struct sadb_ident *)p;
 6019                 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
 6020                 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
 6021                 id->sadb_ident_exttype = idexttype;
 6022                 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
 6023                 /* XXX is it correct? */
 6024                 if (curproc && curproc->p_cred)
 6025                         id->sadb_ident_id = curproc->p_cred->p_ruid;
 6026                 if (userfqdn && userfqdnlen)
 6027                         bcopy(userfqdn, id + 1, userfqdnlen);
 6028                 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
 6029         }
 6030 #endif
 6031 
 6032         /* XXX sensitivity (optional) */
 6033 
 6034         /* create proposal/combination extension */
 6035         m = key_getprop(saidx);
 6036 #if 0
 6037         /*
 6038          * spec conformant: always attach proposal/combination extension,
 6039          * the problem is that we have no way to attach it for ipcomp,
 6040          * due to the way sadb_comb is declared in RFC2367.
 6041          */
 6042         if (!m) {
 6043                 error = ENOBUFS;
 6044                 goto fail;
 6045         }
 6046         m_cat(result, m);
 6047 #else
 6048         /*
 6049          * outside of spec; make proposal/combination extension optional.
 6050          */
 6051         if (m)
 6052                 m_cat(result, m);
 6053 #endif
 6054 
 6055         if ((result->m_flags & M_PKTHDR) == 0) {
 6056                 error = EINVAL;
 6057                 goto fail;
 6058         }
 6059 
 6060         if (result->m_len < sizeof(struct sadb_msg)) {
 6061                 result = m_pullup(result, sizeof(struct sadb_msg));
 6062                 if (result == NULL) {
 6063                         error = ENOBUFS;
 6064                         goto fail;
 6065                 }
 6066         }
 6067 
 6068         result->m_pkthdr.len = 0;
 6069         for (m = result; m; m = m->m_next)
 6070                 result->m_pkthdr.len += m->m_len;
 6071 
 6072         mtod(result, struct sadb_msg *)->sadb_msg_len =
 6073             PFKEY_UNIT64(result->m_pkthdr.len);
 6074 
 6075         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 6076 
 6077  fail:
 6078         if (result)
 6079                 m_freem(result);
 6080         return error;
 6081 }
 6082 
 6083 #ifndef IPSEC_NONBLOCK_ACQUIRE
 6084 static struct secacq *
 6085 key_newacq(saidx)
 6086         struct secasindex *saidx;
 6087 {
 6088         struct secacq *newacq;
 6089 
 6090         /* get new entry */
 6091         KMALLOC(newacq, struct secacq *, sizeof(struct secacq));
 6092         if (newacq == NULL) {
 6093                 ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n"));
 6094                 return NULL;
 6095         }
 6096         bzero(newacq, sizeof(*newacq));
 6097 
 6098         /* copy secindex */
 6099         bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx));
 6100         newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq);
 6101         newacq->created = time_second;
 6102         newacq->count = 0;
 6103 
 6104         return newacq;
 6105 }
 6106 
 6107 static struct secacq *
 6108 key_getacq(saidx)
 6109         struct secasindex *saidx;
 6110 {
 6111         struct secacq *acq;
 6112 
 6113         LIST_FOREACH(acq, &acqtree, chain) {
 6114                 if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY))
 6115                         return acq;
 6116         }
 6117 
 6118         return NULL;
 6119 }
 6120 
 6121 static struct secacq *
 6122 key_getacqbyseq(seq)
 6123         u_int32_t seq;
 6124 {
 6125         struct secacq *acq;
 6126 
 6127         LIST_FOREACH(acq, &acqtree, chain) {
 6128                 if (acq->seq == seq)
 6129                         return acq;
 6130         }
 6131 
 6132         return NULL;
 6133 }
 6134 #endif
 6135 
 6136 static struct secspacq *
 6137 key_newspacq(spidx)
 6138         struct secpolicyindex *spidx;
 6139 {
 6140         struct secspacq *acq;
 6141 
 6142         if (!spidx)
 6143                 return NULL;
 6144 
 6145         /* get new entry */
 6146         KMALLOC(acq, struct secspacq *, sizeof(struct secspacq));
 6147         if (acq == NULL) {
 6148                 ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n"));
 6149                 return NULL;
 6150         }
 6151         bzero(acq, sizeof(*acq));
 6152 
 6153         /* copy secindex */
 6154         bcopy(spidx, &acq->spidx, sizeof(acq->spidx));
 6155         acq->created = time_second;
 6156         acq->count = 1;
 6157 
 6158         return acq;
 6159 }
 6160 
 6161 static struct secspacq *
 6162 key_getspacq(spidx)
 6163         struct secpolicyindex *spidx;
 6164 {
 6165         struct secspacq *acq;
 6166 
 6167         if (!spidx)
 6168                 return NULL;
 6169 
 6170         LIST_FOREACH(acq, &spacqtree, chain) {
 6171                 if (key_cmpspidx_exactly(spidx, &acq->spidx))
 6172                         return acq;
 6173         }
 6174 
 6175         return NULL;
 6176 }
 6177 
 6178 /*
 6179  * SADB_ACQUIRE processing,
 6180  * in first situation, is receiving
 6181  *   <base>
 6182  * from the ikmpd, and clear sequence of its secasvar entry.
 6183  *
 6184  * In second situation, is receiving
 6185  *   <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
 6186  * from a user land process, and return
 6187  *   <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
 6188  * to the socket.
 6189  *
 6190  * m will always be freed.
 6191  */
 6192 static int
 6193 key_acquire2(so, m, mhp)
 6194         struct socket *so;
 6195         struct mbuf *m;
 6196         const struct sadb_msghdr *mhp;
 6197 {
 6198         struct sadb_address *src0, *dst0;
 6199         struct secasindex saidx;
 6200         struct secashead *sah;
 6201         u_int16_t proto;
 6202         int error;
 6203 
 6204         /* sanity check */
 6205         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 6206                 panic("key_acquire2: NULL pointer is passed.");
 6207 
 6208         /*
 6209          * Error message from KMd.
 6210          * We assume that if error was occured in IKEd, the length of PFKEY
 6211          * message is equal to the size of sadb_msg structure.
 6212          * We do not raise error even if error occured in this function.
 6213          */
 6214         if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
 6215 #ifndef IPSEC_NONBLOCK_ACQUIRE
 6216                 struct secacq *acq;
 6217 
 6218                 /* check sequence number */
 6219                 if (mhp->msg->sadb_msg_seq == 0) {
 6220                         ipseclog((LOG_DEBUG, "key_acquire2: must specify sequence number.\n"));
 6221                         m_freem(m);
 6222                         return 0;
 6223                 }
 6224 
 6225                 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) {
 6226                         /*
 6227                          * the specified larval SA is already gone, or we got
 6228                          * a bogus sequence number.  we can silently ignore it.
 6229                          */
 6230                         m_freem(m);
 6231                         return 0;
 6232                 }
 6233 
 6234                 /* reset acq counter in order to deletion by timehander. */
 6235                 acq->created = time_second;
 6236                 acq->count = 0;
 6237 #endif
 6238                 m_freem(m);
 6239                 return 0;
 6240         }
 6241 
 6242         /*
 6243          * This message is from user land.
 6244          */
 6245 
 6246         /* map satype to proto */
 6247         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 6248                 ipseclog((LOG_DEBUG, "key_acquire2: invalid satype is passed.\n"));
 6249                 return key_senderror(so, m, EINVAL);
 6250         }
 6251 
 6252         if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
 6253             mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
 6254             mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
 6255                 /* error */
 6256                 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
 6257                 return key_senderror(so, m, EINVAL);
 6258         }
 6259         if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
 6260             mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
 6261             mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
 6262                 /* error */
 6263                 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
 6264                 return key_senderror(so, m, EINVAL);
 6265         }
 6266 
 6267         src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
 6268         dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
 6269 
 6270         /* XXX boundary check against sa_len */
 6271         KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
 6272 
 6273         /* get a SA index */
 6274         LIST_FOREACH(sah, &sahtree, chain) {
 6275                 if (sah->state == SADB_SASTATE_DEAD)
 6276                         continue;
 6277                 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID))
 6278                         break;
 6279         }
 6280         if (sah != NULL) {
 6281                 ipseclog((LOG_DEBUG, "key_acquire2: a SA exists already.\n"));
 6282                 return key_senderror(so, m, EEXIST);
 6283         }
 6284 
 6285         error = key_acquire(&saidx, NULL);
 6286         if (error != 0) {
 6287                 ipseclog((LOG_DEBUG, "key_acquire2: error %d returned "
 6288                         "from key_acquire.\n", mhp->msg->sadb_msg_errno));
 6289                 return key_senderror(so, m, error);
 6290         }
 6291 
 6292         return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
 6293 }
 6294 
 6295 /*
 6296  * SADB_REGISTER processing.
 6297  * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
 6298  * receive
 6299  *   <base>
 6300  * from the ikmpd, and register a socket to send PF_KEY messages,
 6301  * and send
 6302  *   <base, supported>
 6303  * to KMD by PF_KEY.
 6304  * If socket is detached, must free from regnode.
 6305  *
 6306  * m will always be freed.
 6307  */
 6308 static int
 6309 key_register(so, m, mhp)
 6310         struct socket *so;
 6311         struct mbuf *m;
 6312         const struct sadb_msghdr *mhp;
 6313 {
 6314         struct secreg *reg, *newreg = 0;
 6315 
 6316         /* sanity check */
 6317         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 6318                 panic("key_register: NULL pointer is passed.");
 6319 
 6320         /* check for invalid register message */
 6321         if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0]))
 6322                 return key_senderror(so, m, EINVAL);
 6323 
 6324         /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
 6325         if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
 6326                 goto setmsg;
 6327 
 6328         /* check whether existing or not */
 6329         LIST_FOREACH(reg, &regtree[mhp->msg->sadb_msg_satype], chain) {
 6330                 if (reg->so == so) {
 6331                         ipseclog((LOG_DEBUG, "key_register: socket exists already.\n"));
 6332                         return key_senderror(so, m, EEXIST);
 6333                 }
 6334         }
 6335 
 6336         /* create regnode */
 6337         KMALLOC(newreg, struct secreg *, sizeof(*newreg));
 6338         if (newreg == NULL) {
 6339                 ipseclog((LOG_DEBUG, "key_register: No more memory.\n"));
 6340                 return key_senderror(so, m, ENOBUFS);
 6341         }
 6342         bzero((caddr_t)newreg, sizeof(*newreg));
 6343 
 6344         newreg->so = so;
 6345         ((struct keycb *)sotorawcb(so))->kp_registered++;
 6346 
 6347         /* add regnode to regtree. */
 6348         LIST_INSERT_HEAD(&regtree[mhp->msg->sadb_msg_satype], newreg, chain);
 6349 
 6350   setmsg:
 6351     {
 6352         struct mbuf *n;
 6353         struct sadb_msg *newmsg;
 6354         struct sadb_supported *sup;
 6355         u_int len, alen, elen;
 6356         int off;
 6357         int i;
 6358         struct sadb_alg *alg;
 6359 
 6360         /* create new sadb_msg to reply. */
 6361         alen = 0;
 6362         for (i = 1; i <= SADB_AALG_MAX; i++) {
 6363                 if (ah_algorithm_lookup(i))
 6364                         alen += sizeof(struct sadb_alg);
 6365         }
 6366         if (alen)
 6367                 alen += sizeof(struct sadb_supported);
 6368         elen = 0;
 6369 #ifdef IPSEC_ESP
 6370         for (i = 1; i <= SADB_EALG_MAX; i++) {
 6371                 if (esp_algorithm_lookup(i))
 6372                         elen += sizeof(struct sadb_alg);
 6373         }
 6374         if (elen)
 6375                 elen += sizeof(struct sadb_supported);
 6376 #endif
 6377 
 6378         len = sizeof(struct sadb_msg) + alen + elen;
 6379 
 6380         if (len > MCLBYTES)
 6381                 return key_senderror(so, m, ENOBUFS);
 6382 
 6383         MGETHDR(n, M_DONTWAIT, MT_DATA);
 6384         if (len > MHLEN) {
 6385                 MCLGET(n, M_DONTWAIT);
 6386                 if ((n->m_flags & M_EXT) == 0) {
 6387                         m_freem(n);
 6388                         n = NULL;
 6389                 }
 6390         }
 6391         if (!n)
 6392                 return key_senderror(so, m, ENOBUFS);
 6393 
 6394         n->m_pkthdr.len = n->m_len = len;
 6395         n->m_next = NULL;
 6396         off = 0;
 6397 
 6398         m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
 6399         newmsg = mtod(n, struct sadb_msg *);
 6400         newmsg->sadb_msg_errno = 0;
 6401         newmsg->sadb_msg_len = PFKEY_UNIT64(len);
 6402         off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
 6403 
 6404         /* for authentication algorithm */
 6405         if (alen) {
 6406                 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
 6407                 sup->sadb_supported_len = PFKEY_UNIT64(alen);
 6408                 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
 6409                 off += PFKEY_ALIGN8(sizeof(*sup));
 6410 
 6411                 for (i = 1; i <= SADB_AALG_MAX; i++) {
 6412                         const struct ah_algorithm *aalgo;
 6413 
 6414                         aalgo = ah_algorithm_lookup(i);
 6415                         if (!aalgo)
 6416                                 continue;
 6417                         alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
 6418                         alg->sadb_alg_id = i;
 6419                         alg->sadb_alg_ivlen = 0;
 6420                         alg->sadb_alg_minbits = aalgo->keymin;
 6421                         alg->sadb_alg_maxbits = aalgo->keymax;
 6422                         off += PFKEY_ALIGN8(sizeof(*alg));
 6423                 }
 6424         }
 6425 
 6426 #ifdef IPSEC_ESP
 6427         /* for encryption algorithm */
 6428         if (elen) {
 6429                 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
 6430                 sup->sadb_supported_len = PFKEY_UNIT64(elen);
 6431                 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
 6432                 off += PFKEY_ALIGN8(sizeof(*sup));
 6433 
 6434                 for (i = 1; i <= SADB_EALG_MAX; i++) {
 6435                         const struct esp_algorithm *ealgo;
 6436 
 6437                         ealgo = esp_algorithm_lookup(i);
 6438                         if (!ealgo)
 6439                                 continue;
 6440                         alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
 6441                         alg->sadb_alg_id = i;
 6442                         if (ealgo && ealgo->ivlen) {
 6443                                 /*
 6444                                  * give NULL to get the value preferred by
 6445                                  * algorithm XXX SADB_X_EXT_DERIV ?
 6446                                  */
 6447                                 alg->sadb_alg_ivlen =
 6448                                     (*ealgo->ivlen)(ealgo, NULL);
 6449                         } else
 6450                                 alg->sadb_alg_ivlen = 0;
 6451                         alg->sadb_alg_minbits = ealgo->keymin;
 6452                         alg->sadb_alg_maxbits = ealgo->keymax;
 6453                         off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
 6454                 }
 6455         }
 6456 #endif
 6457 
 6458 #ifdef DIGAGNOSTIC
 6459         if (off != len)
 6460                 panic("length assumption failed in key_register");
 6461 #endif
 6462 
 6463         m_freem(m);
 6464         return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
 6465     }
 6466 }
 6467 
 6468 /*
 6469  * free secreg entry registered.
 6470  * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
 6471  */
 6472 void
 6473 key_freereg(so)
 6474         struct socket *so;
 6475 {
 6476         struct secreg *reg;
 6477         int i;
 6478 
 6479         /* sanity check */
 6480         if (so == NULL)
 6481                 panic("key_freereg: NULL pointer is passed.");
 6482 
 6483         /*
 6484          * check whether existing or not.
 6485          * check all type of SA, because there is a potential that
 6486          * one socket is registered to multiple type of SA.
 6487          */
 6488         for (i = 0; i <= SADB_SATYPE_MAX; i++) {
 6489                 LIST_FOREACH(reg, &regtree[i], chain) {
 6490                         if (reg->so == so && __LIST_CHAINED(reg)) {
 6491                                 LIST_REMOVE(reg, chain);
 6492                                 KFREE(reg);
 6493                                 break;
 6494                         }
 6495                 }
 6496         }
 6497         
 6498         return;
 6499 }
 6500 
 6501 /*
 6502  * SADB_EXPIRE processing
 6503  * send
 6504  *   <base, SA, SA2, lifetime(C and one of HS), address(SD)>
 6505  * to KMD by PF_KEY.
 6506  * NOTE: We send only soft lifetime extension.
 6507  *
 6508  * OUT: 0       : succeed
 6509  *      others  : error number
 6510  */
 6511 static int
 6512 key_expire(sav)
 6513         struct secasvar *sav;
 6514 {
 6515         int s;
 6516         int satype;
 6517         struct mbuf *result = NULL, *m;
 6518         int len;
 6519         int error = -1;
 6520         struct sadb_lifetime *lt;
 6521 
 6522         /* XXX: Why do we lock ? */
 6523         s = splnet();   /*called from softclock()*/
 6524 
 6525         /* sanity check */
 6526         if (sav == NULL)
 6527                 panic("key_expire: NULL pointer is passed.");
 6528         if (sav->sah == NULL)
 6529                 panic("key_expire: Why was SA index in SA NULL.");
 6530         if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
 6531                 panic("key_expire: invalid proto is passed.");
 6532 
 6533         /* set msg header */
 6534         m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
 6535         if (!m) {
 6536                 error = ENOBUFS;
 6537                 goto fail;
 6538         }
 6539         result = m;
 6540 
 6541         /* create SA extension */
 6542         m = key_setsadbsa(sav);
 6543         if (!m) {
 6544                 error = ENOBUFS;
 6545                 goto fail;
 6546         }
 6547         m_cat(result, m);
 6548 
 6549         /* create SA extension */
 6550         m = key_setsadbxsa2(sav->sah->saidx.mode,
 6551             sav->replay ? (sav->replay->count & 0xffffffff) : 0,
 6552             sav->sah->saidx.reqid);
 6553         if (!m) {
 6554                 error = ENOBUFS;
 6555                 goto fail;
 6556         }
 6557         m_cat(result, m);
 6558 
 6559         /* create lifetime extension (current and soft) */
 6560         len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
 6561         m = key_alloc_mbuf(len);
 6562         if (!m || m->m_next) {  /*XXX*/
 6563                 if (m)
 6564                         m_freem(m);
 6565                 error = ENOBUFS;
 6566                 goto fail;
 6567         }
 6568         bzero(mtod(m, caddr_t), len);
 6569         lt = mtod(m, struct sadb_lifetime *);
 6570         lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
 6571         lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
 6572         lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations;
 6573         lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes;
 6574         lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime;
 6575         lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime;
 6576         lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
 6577         bcopy(sav->lft_s, lt, sizeof(*lt));
 6578         m_cat(result, m);
 6579 
 6580         /* set sadb_address for source */
 6581         m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
 6582             (struct sockaddr *)&sav->sah->saidx.src,
 6583             FULLMASK, IPSEC_ULPROTO_ANY);
 6584         if (!m) {
 6585                 error = ENOBUFS;
 6586                 goto fail;
 6587         }
 6588         m_cat(result, m);
 6589 
 6590         /* set sadb_address for destination */
 6591         m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
 6592             (struct sockaddr *)&sav->sah->saidx.dst,
 6593             FULLMASK, IPSEC_ULPROTO_ANY);
 6594         if (!m) {
 6595                 error = ENOBUFS;
 6596                 goto fail;
 6597         }
 6598         m_cat(result, m);
 6599 
 6600         if ((result->m_flags & M_PKTHDR) == 0) {
 6601                 error = EINVAL;
 6602                 goto fail;
 6603         }
 6604 
 6605         if (result->m_len < sizeof(struct sadb_msg)) {
 6606                 result = m_pullup(result, sizeof(struct sadb_msg));
 6607                 if (result == NULL) {
 6608                         error = ENOBUFS;
 6609                         goto fail;
 6610                 }
 6611         }
 6612 
 6613         result->m_pkthdr.len = 0;
 6614         for (m = result; m; m = m->m_next)
 6615                 result->m_pkthdr.len += m->m_len;
 6616 
 6617         mtod(result, struct sadb_msg *)->sadb_msg_len =
 6618             PFKEY_UNIT64(result->m_pkthdr.len);
 6619 
 6620         splx(s);
 6621         return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
 6622 
 6623  fail:
 6624         if (result)
 6625                 m_freem(result);
 6626         splx(s);
 6627         return error;
 6628 }
 6629 
 6630 /*
 6631  * SADB_FLUSH processing
 6632  * receive
 6633  *   <base>
 6634  * from the ikmpd, and free all entries in secastree.
 6635  * and send,
 6636  *   <base>
 6637  * to the ikmpd.
 6638  * NOTE: to do is only marking SADB_SASTATE_DEAD.
 6639  *
 6640  * m will always be freed.
 6641  */
 6642 static int
 6643 key_flush(so, m, mhp)
 6644         struct socket *so;
 6645         struct mbuf *m;
 6646         const struct sadb_msghdr *mhp;
 6647 {
 6648         struct sadb_msg *newmsg;
 6649         struct secashead *sah, *nextsah;
 6650         struct secasvar *sav, *nextsav;
 6651         u_int16_t proto;
 6652         u_int8_t state;
 6653         u_int stateidx;
 6654 
 6655         /* sanity check */
 6656         if (so == NULL || mhp == NULL || mhp->msg == NULL)
 6657                 panic("key_flush: NULL pointer is passed.");
 6658 
 6659         /* map satype to proto */
 6660         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 6661                 ipseclog((LOG_DEBUG, "key_flush: invalid satype is passed.\n"));
 6662                 return key_senderror(so, m, EINVAL);
 6663         }
 6664 
 6665         /* no SATYPE specified, i.e. flushing all SA. */
 6666         for (sah = LIST_FIRST(&sahtree); sah != NULL; sah = nextsah) {
 6667                 nextsah = LIST_NEXT(sah, chain);
 6668 
 6669                 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
 6670                     proto != sah->saidx.proto)
 6671                         continue;
 6672 
 6673                 for (stateidx = 0;
 6674                      stateidx < _ARRAYLEN(saorder_state_alive);
 6675                      stateidx++) {
 6676                         state = saorder_state_any[stateidx];
 6677                         for (sav = LIST_FIRST(&sah->savtree[state]);
 6678                              sav != NULL;
 6679                              sav = nextsav) {
 6680 
 6681                                 nextsav = LIST_NEXT(sav, chain);
 6682 
 6683                                 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 6684                                 key_freesav(sav);
 6685                         }
 6686                 }
 6687 
 6688                 sah->state = SADB_SASTATE_DEAD;
 6689         }
 6690 
 6691         if (m->m_len < sizeof(struct sadb_msg) ||
 6692             sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
 6693                 ipseclog((LOG_DEBUG, "key_flush: No more memory.\n"));
 6694                 return key_senderror(so, m, ENOBUFS);
 6695         }
 6696 
 6697         if (m->m_next)
 6698                 m_freem(m->m_next);
 6699         m->m_next = NULL;
 6700         m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
 6701         newmsg = mtod(m, struct sadb_msg *);
 6702         newmsg->sadb_msg_errno = 0;
 6703         newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
 6704 
 6705         return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 6706 }
 6707 
 6708 /*
 6709  * SADB_DUMP processing
 6710  * dump all entries including status of DEAD in SAD.
 6711  * receive
 6712  *   <base>
 6713  * from the ikmpd, and dump all secasvar leaves
 6714  * and send,
 6715  *   <base> .....
 6716  * to the ikmpd.
 6717  *
 6718  * m will always be freed.
 6719  */
 6720 static int
 6721 key_dump(so, m, mhp)
 6722         struct socket *so;
 6723         struct mbuf *m;
 6724         const struct sadb_msghdr *mhp;
 6725 {
 6726         struct secashead *sah;
 6727         struct secasvar *sav;
 6728         u_int16_t proto;
 6729         u_int stateidx;
 6730         u_int8_t satype;
 6731         u_int8_t state;
 6732         int cnt;
 6733         struct mbuf *n;
 6734 
 6735         /* sanity check */
 6736         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 6737                 panic("key_dump: NULL pointer is passed.");
 6738 
 6739         /* map satype to proto */
 6740         if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
 6741                 ipseclog((LOG_DEBUG, "key_dump: invalid satype is passed.\n"));
 6742                 return key_senderror(so, m, EINVAL);
 6743         }
 6744 
 6745         /* count sav entries to be sent to the userland. */
 6746         cnt = 0;
 6747         LIST_FOREACH(sah, &sahtree, chain) {
 6748                 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
 6749                     proto != sah->saidx.proto)
 6750                         continue;
 6751 
 6752                 for (stateidx = 0;
 6753                      stateidx < _ARRAYLEN(saorder_state_any);
 6754                      stateidx++) {
 6755                         state = saorder_state_any[stateidx];
 6756                         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 6757                                 cnt++;
 6758                         }
 6759                 }
 6760         }
 6761 
 6762         if (cnt == 0)
 6763                 return key_senderror(so, m, ENOENT);
 6764 
 6765         /* send this to the userland, one at a time. */
 6766         LIST_FOREACH(sah, &sahtree, chain) {
 6767                 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
 6768                     proto != sah->saidx.proto)
 6769                         continue;
 6770 
 6771                 /* map proto to satype */
 6772                 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
 6773                         ipseclog((LOG_DEBUG, "key_dump: there was invalid proto in SAD.\n"));
 6774                         return key_senderror(so, m, EINVAL);
 6775                 }
 6776 
 6777                 for (stateidx = 0;
 6778                      stateidx < _ARRAYLEN(saorder_state_any);
 6779                      stateidx++) {
 6780                         state = saorder_state_any[stateidx];
 6781                         LIST_FOREACH(sav, &sah->savtree[state], chain) {
 6782                                 n = key_setdumpsa(sav, SADB_DUMP, satype,
 6783                                     --cnt, mhp->msg->sadb_msg_pid);
 6784                                 if (!n)
 6785                                         return key_senderror(so, m, ENOBUFS);
 6786 
 6787                                 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
 6788                         }
 6789                 }
 6790         }
 6791 
 6792         m_freem(m);
 6793         return 0;
 6794 }
 6795 
 6796 /*
 6797  * SADB_X_PROMISC processing
 6798  *
 6799  * m will always be freed.
 6800  */
 6801 static int
 6802 key_promisc(so, m, mhp)
 6803         struct socket *so;
 6804         struct mbuf *m;
 6805         const struct sadb_msghdr *mhp;
 6806 {
 6807         int olen;
 6808 
 6809         /* sanity check */
 6810         if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
 6811                 panic("key_promisc: NULL pointer is passed.");
 6812 
 6813         olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
 6814 
 6815         if (olen < sizeof(struct sadb_msg)) {
 6816 #if 1
 6817                 return key_senderror(so, m, EINVAL);
 6818 #else
 6819                 m_freem(m);
 6820                 return 0;
 6821 #endif
 6822         } else if (olen == sizeof(struct sadb_msg)) {
 6823                 /* enable/disable promisc mode */
 6824                 struct keycb *kp;
 6825 
 6826                 if ((kp = (struct keycb *)sotorawcb(so)) == NULL)
 6827                         return key_senderror(so, m, EINVAL);
 6828                 mhp->msg->sadb_msg_errno = 0;
 6829                 switch (mhp->msg->sadb_msg_satype) {
 6830                 case 0:
 6831                 case 1:
 6832                         kp->kp_promisc = mhp->msg->sadb_msg_satype;
 6833                         break;
 6834                 default:
 6835                         return key_senderror(so, m, EINVAL);
 6836                 }
 6837 
 6838                 /* send the original message back to everyone */
 6839                 mhp->msg->sadb_msg_errno = 0;
 6840                 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 6841         } else {
 6842                 /* send packet as is */
 6843 
 6844                 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
 6845 
 6846                 /* TODO: if sadb_msg_seq is specified, send to specific pid */
 6847                 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
 6848         }
 6849 }
 6850 
 6851 static int (*key_typesw[])(struct socket *, struct mbuf *,
 6852                 const struct sadb_msghdr *) = {
 6853         NULL,           /* SADB_RESERVED */
 6854         key_getspi,     /* SADB_GETSPI */
 6855         key_update,     /* SADB_UPDATE */
 6856         key_add,        /* SADB_ADD */
 6857         key_delete,     /* SADB_DELETE */
 6858         key_get,        /* SADB_GET */
 6859         key_acquire2,   /* SADB_ACQUIRE */
 6860         key_register,   /* SADB_REGISTER */
 6861         NULL,           /* SADB_EXPIRE */
 6862         key_flush,      /* SADB_FLUSH */
 6863         key_dump,       /* SADB_DUMP */
 6864         key_promisc,    /* SADB_X_PROMISC */
 6865         NULL,           /* SADB_X_PCHANGE */
 6866         key_spdadd,     /* SADB_X_SPDUPDATE */
 6867         key_spdadd,     /* SADB_X_SPDADD */
 6868         key_spddelete,  /* SADB_X_SPDDELETE */
 6869         key_spdget,     /* SADB_X_SPDGET */
 6870         NULL,           /* SADB_X_SPDACQUIRE */
 6871         key_spddump,    /* SADB_X_SPDDUMP */
 6872         key_spdflush,   /* SADB_X_SPDFLUSH */
 6873         key_spdadd,     /* SADB_X_SPDSETIDX */
 6874         NULL,           /* SADB_X_SPDEXPIRE */
 6875         key_spddelete2, /* SADB_X_SPDDELETE2 */
 6876 };
 6877 
 6878 /*
 6879  * parse sadb_msg buffer to process PFKEYv2,
 6880  * and create a data to response if needed.
 6881  * I think to be dealed with mbuf directly.
 6882  * IN:
 6883  *     msgp  : pointer to pointer to a received buffer pulluped.
 6884  *             This is rewrited to response.
 6885  *     so    : pointer to socket.
 6886  * OUT:
 6887  *    length for buffer to send to user process.
 6888  */
 6889 int
 6890 key_parse(m, so)
 6891         struct mbuf *m;
 6892         struct socket *so;
 6893 {
 6894         struct sadb_msg *msg;
 6895         struct sadb_msghdr mh;
 6896         u_int orglen;
 6897         int error;
 6898         int target;
 6899 
 6900         /* sanity check */
 6901         if (m == NULL || so == NULL)
 6902                 panic("key_parse: NULL pointer is passed.");
 6903 
 6904 #if 0   /*kdebug_sadb assumes msg in linear buffer*/
 6905         KEYDEBUG(KEYDEBUG_KEY_DUMP,
 6906                 ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n"));
 6907                 kdebug_sadb(msg));
 6908 #endif
 6909 
 6910         if (m->m_len < sizeof(struct sadb_msg)) {
 6911                 m = m_pullup(m, sizeof(struct sadb_msg));
 6912                 if (!m)
 6913                         return ENOBUFS;
 6914         }
 6915         msg = mtod(m, struct sadb_msg *);
 6916         orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
 6917         target = KEY_SENDUP_ONE;
 6918 
 6919         if ((m->m_flags & M_PKTHDR) == 0 ||
 6920             m->m_pkthdr.len != m->m_pkthdr.len) {
 6921                 ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n"));
 6922                 pfkeystat.out_invlen++;
 6923                 error = EINVAL;
 6924                 goto senderror;
 6925         }
 6926 
 6927         if (msg->sadb_msg_version != PF_KEY_V2) {
 6928                 ipseclog((LOG_DEBUG,
 6929                     "key_parse: PF_KEY version %u is mismatched.\n",
 6930                     msg->sadb_msg_version));
 6931                 pfkeystat.out_invver++;
 6932                 error = EINVAL;
 6933                 goto senderror;
 6934         }
 6935 
 6936         if (msg->sadb_msg_type > SADB_MAX) {
 6937                 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
 6938                     msg->sadb_msg_type));
 6939                 pfkeystat.out_invmsgtype++;
 6940                 error = EINVAL;
 6941                 goto senderror;
 6942         }
 6943 
 6944         /* for old-fashioned code - should be nuked */
 6945         if (m->m_pkthdr.len > MCLBYTES) {
 6946                 m_freem(m);
 6947                 return ENOBUFS;
 6948         }
 6949         if (m->m_next) {
 6950                 struct mbuf *n;
 6951 
 6952                 MGETHDR(n, M_DONTWAIT, MT_DATA);
 6953                 if (n && m->m_pkthdr.len > MHLEN) {
 6954                         MCLGET(n, M_DONTWAIT);
 6955                         if ((n->m_flags & M_EXT) == 0) {
 6956                                 m_free(n);
 6957                                 n = NULL;
 6958                         }
 6959                 }
 6960                 if (!n) {
 6961                         m_freem(m);
 6962                         return ENOBUFS;
 6963                 }
 6964                 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t));
 6965                 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
 6966                 n->m_next = NULL;
 6967                 m_freem(m);
 6968                 m = n;
 6969         }
 6970 
 6971         /* align the mbuf chain so that extensions are in contiguous region. */
 6972         error = key_align(m, &mh);
 6973         if (error)
 6974                 return error;
 6975 
 6976         if (m->m_next) {        /*XXX*/
 6977                 m_freem(m);
 6978                 return ENOBUFS;
 6979         }
 6980 
 6981         msg = mh.msg;
 6982 
 6983         /* check SA type */
 6984         switch (msg->sadb_msg_satype) {
 6985         case SADB_SATYPE_UNSPEC:
 6986                 switch (msg->sadb_msg_type) {
 6987                 case SADB_GETSPI:
 6988                 case SADB_UPDATE:
 6989                 case SADB_ADD:
 6990                 case SADB_DELETE:
 6991                 case SADB_GET:
 6992                 case SADB_ACQUIRE:
 6993                 case SADB_EXPIRE:
 6994                         ipseclog((LOG_DEBUG, "key_parse: must specify satype "
 6995                             "when msg type=%u.\n", msg->sadb_msg_type));
 6996                         pfkeystat.out_invsatype++;
 6997                         error = EINVAL;
 6998                         goto senderror;
 6999                 }
 7000                 break;
 7001         case SADB_SATYPE_AH:
 7002         case SADB_SATYPE_ESP:
 7003         case SADB_X_SATYPE_IPCOMP:
 7004                 switch (msg->sadb_msg_type) {
 7005                 case SADB_X_SPDADD:
 7006                 case SADB_X_SPDDELETE:
 7007                 case SADB_X_SPDGET:
 7008                 case SADB_X_SPDDUMP:
 7009                 case SADB_X_SPDFLUSH:
 7010                 case SADB_X_SPDSETIDX:
 7011                 case SADB_X_SPDUPDATE:
 7012                 case SADB_X_SPDDELETE2:
 7013                         ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n",
 7014                             msg->sadb_msg_type));
 7015                         pfkeystat.out_invsatype++;
 7016                         error = EINVAL;
 7017                         goto senderror;
 7018                 }
 7019                 break;
 7020         case SADB_SATYPE_RSVP:
 7021         case SADB_SATYPE_OSPFV2:
 7022         case SADB_SATYPE_RIPV2:
 7023         case SADB_SATYPE_MIP:
 7024                 ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n",
 7025                     msg->sadb_msg_satype));
 7026                 pfkeystat.out_invsatype++;
 7027                 error = EOPNOTSUPP;
 7028                 goto senderror;
 7029         case 1: /* XXX: What does it do? */
 7030                 if (msg->sadb_msg_type == SADB_X_PROMISC)
 7031                         break;
 7032                 /*FALLTHROUGH*/
 7033         default:
 7034                 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
 7035                     msg->sadb_msg_satype));
 7036                 pfkeystat.out_invsatype++;
 7037                 error = EINVAL;
 7038                 goto senderror;
 7039         }
 7040 
 7041         /* check field of upper layer protocol and address family */
 7042         if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL &&
 7043             mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
 7044                 struct sadb_address *src0, *dst0;
 7045                 u_int plen;
 7046 
 7047                 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
 7048                 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
 7049 
 7050                 /* check upper layer protocol */
 7051                 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
 7052                         ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n"));
 7053                         pfkeystat.out_invaddr++;
 7054                         error = EINVAL;
 7055                         goto senderror;
 7056                 }
 7057 
 7058                 /* check family */
 7059                 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
 7060                     PFKEY_ADDR_SADDR(dst0)->sa_family) {
 7061                         ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n"));
 7062                         pfkeystat.out_invaddr++;
 7063                         error = EINVAL;
 7064                         goto senderror;
 7065                 }
 7066                 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
 7067                     PFKEY_ADDR_SADDR(dst0)->sa_len) {
 7068                         ipseclog((LOG_DEBUG,
 7069                             "key_parse: address struct size mismatched.\n"));
 7070                         pfkeystat.out_invaddr++;
 7071                         error = EINVAL;
 7072                         goto senderror;
 7073                 }
 7074 
 7075                 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
 7076                 case AF_INET:
 7077                         if (PFKEY_ADDR_SADDR(src0)->sa_len !=
 7078                             sizeof(struct sockaddr_in)) {
 7079                                 pfkeystat.out_invaddr++;
 7080                                 error = EINVAL;
 7081                                 goto senderror;
 7082                         }
 7083                         break;
 7084                 case AF_INET6:
 7085                         if (PFKEY_ADDR_SADDR(src0)->sa_len !=
 7086                             sizeof(struct sockaddr_in6)) {
 7087                                 pfkeystat.out_invaddr++;
 7088                                 error = EINVAL;
 7089                                 goto senderror;
 7090                         }
 7091                         break;
 7092                 default:
 7093                         ipseclog((LOG_DEBUG,
 7094                             "key_parse: unsupported address family.\n"));
 7095                         pfkeystat.out_invaddr++;
 7096                         error = EAFNOSUPPORT;
 7097                         goto senderror;
 7098                 }
 7099 
 7100                 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
 7101                 case AF_INET:
 7102                         plen = sizeof(struct in_addr) << 3;
 7103                         break;
 7104                 case AF_INET6:
 7105                         plen = sizeof(struct in6_addr) << 3;
 7106                         break;
 7107                 default:
 7108                         plen = 0;       /*fool gcc*/
 7109                         break;
 7110                 }
 7111 
 7112                 /* check max prefix length */
 7113                 if (src0->sadb_address_prefixlen > plen ||
 7114                     dst0->sadb_address_prefixlen > plen) {
 7115                         ipseclog((LOG_DEBUG,
 7116                             "key_parse: illegal prefixlen.\n"));
 7117                         pfkeystat.out_invaddr++;
 7118                         error = EINVAL;
 7119                         goto senderror;
 7120                 }
 7121 
 7122                 /*
 7123                  * prefixlen == 0 is valid because there can be a case when
 7124                  * all addresses are matched.
 7125                  */
 7126         }
 7127 
 7128         if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
 7129             key_typesw[msg->sadb_msg_type] == NULL) {
 7130                 pfkeystat.out_invmsgtype++;
 7131                 error = EINVAL;
 7132                 goto senderror;
 7133         }
 7134 
 7135         return (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
 7136 
 7137 senderror:
 7138         msg->sadb_msg_errno = error;
 7139         return key_sendup_mbuf(so, m, target);
 7140 }
 7141 
 7142 static int
 7143 key_senderror(so, m, code)
 7144         struct socket *so;
 7145         struct mbuf *m;
 7146         int code;
 7147 {
 7148         struct sadb_msg *msg;
 7149 
 7150         if (m->m_len < sizeof(struct sadb_msg))
 7151                 panic("invalid mbuf passed to key_senderror");
 7152 
 7153         msg = mtod(m, struct sadb_msg *);
 7154         msg->sadb_msg_errno = code;
 7155         return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
 7156 }
 7157 
 7158 /*
 7159  * set the pointer to each header into message buffer.
 7160  * m will be freed on error.
 7161  * XXX larger-than-MCLBYTES extension?
 7162  */
 7163 static int
 7164 key_align(m, mhp)
 7165         struct mbuf *m;
 7166         struct sadb_msghdr *mhp;
 7167 {
 7168         struct mbuf *n;
 7169         struct sadb_ext *ext;
 7170         size_t off, end;
 7171         int extlen;
 7172         int toff;
 7173 
 7174         /* sanity check */
 7175         if (m == NULL || mhp == NULL)
 7176                 panic("key_align: NULL pointer is passed.");
 7177         if (m->m_len < sizeof(struct sadb_msg))
 7178                 panic("invalid mbuf passed to key_align");
 7179 
 7180         /* initialize */
 7181         bzero(mhp, sizeof(*mhp));
 7182 
 7183         mhp->msg = mtod(m, struct sadb_msg *);
 7184         mhp->ext[0] = (struct sadb_ext *)mhp->msg;      /*XXX backward compat */
 7185 
 7186         end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
 7187         extlen = end;   /*just in case extlen is not updated*/
 7188         for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
 7189                 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
 7190                 if (!n) {
 7191                         /* m is already freed */
 7192                         return ENOBUFS;
 7193                 }
 7194                 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
 7195 
 7196                 /* set pointer */
 7197                 switch (ext->sadb_ext_type) {
 7198                 case SADB_EXT_SA:
 7199                 case SADB_EXT_ADDRESS_SRC:
 7200                 case SADB_EXT_ADDRESS_DST:
 7201                 case SADB_EXT_ADDRESS_PROXY:
 7202                 case SADB_EXT_LIFETIME_CURRENT:
 7203                 case SADB_EXT_LIFETIME_HARD:
 7204                 case SADB_EXT_LIFETIME_SOFT:
 7205                 case SADB_EXT_KEY_AUTH:
 7206                 case SADB_EXT_KEY_ENCRYPT:
 7207                 case SADB_EXT_IDENTITY_SRC:
 7208                 case SADB_EXT_IDENTITY_DST:
 7209                 case SADB_EXT_SENSITIVITY:
 7210                 case SADB_EXT_PROPOSAL:
 7211                 case SADB_EXT_SUPPORTED_AUTH:
 7212                 case SADB_EXT_SUPPORTED_ENCRYPT:
 7213                 case SADB_EXT_SPIRANGE:
 7214                 case SADB_X_EXT_POLICY:
 7215                 case SADB_X_EXT_SA2:
 7216                         /* duplicate check */
 7217                         /*
 7218                          * XXX Are there duplication payloads of either
 7219                          * KEY_AUTH or KEY_ENCRYPT ?
 7220                          */
 7221                         if (mhp->ext[ext->sadb_ext_type] != NULL) {
 7222                                 ipseclog((LOG_DEBUG,
 7223                                     "key_align: duplicate ext_type %u "
 7224                                     "is passed.\n", ext->sadb_ext_type));
 7225                                 m_freem(m);
 7226                                 pfkeystat.out_dupext++;
 7227                                 return EINVAL;
 7228                         }
 7229                         break;
 7230                 default:
 7231                         ipseclog((LOG_DEBUG,
 7232                             "key_align: invalid ext_type %u is passed.\n",
 7233                             ext->sadb_ext_type));
 7234                         m_freem(m);
 7235                         pfkeystat.out_invexttype++;
 7236                         return EINVAL;
 7237                 }
 7238 
 7239                 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
 7240 
 7241                 if (key_validate_ext(ext, extlen)) {
 7242                         m_freem(m);
 7243                         pfkeystat.out_invlen++;
 7244                         return EINVAL;
 7245                 }
 7246 
 7247                 n = m_pulldown(m, off, extlen, &toff);
 7248                 if (!n) {
 7249                         /* m is already freed */
 7250                         return ENOBUFS;
 7251                 }
 7252                 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
 7253 
 7254                 mhp->ext[ext->sadb_ext_type] = ext;
 7255                 mhp->extoff[ext->sadb_ext_type] = off;
 7256                 mhp->extlen[ext->sadb_ext_type] = extlen;
 7257         }
 7258 
 7259         if (off != end) {
 7260                 m_freem(m);
 7261                 pfkeystat.out_invlen++;
 7262                 return EINVAL;
 7263         }
 7264 
 7265         return 0;
 7266 }
 7267 
 7268 static int
 7269 key_validate_ext(ext, len)
 7270         struct sadb_ext *ext;
 7271         int len;
 7272 {
 7273         struct sockaddr *sa;
 7274         enum { NONE, ADDR } checktype = NONE;
 7275         int baselen = 0;
 7276         const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
 7277 
 7278         if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
 7279                 return EINVAL;
 7280 
 7281         /* if it does not match minimum/maximum length, bail */
 7282         if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) ||
 7283             ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0]))
 7284                 return EINVAL;
 7285         if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
 7286                 return EINVAL;
 7287         if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
 7288                 return EINVAL;
 7289 
 7290         /* more checks based on sadb_ext_type XXX need more */
 7291         switch (ext->sadb_ext_type) {
 7292         case SADB_EXT_ADDRESS_SRC:
 7293         case SADB_EXT_ADDRESS_DST:
 7294         case SADB_EXT_ADDRESS_PROXY:
 7295                 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
 7296                 checktype = ADDR;
 7297                 break;
 7298         case SADB_EXT_IDENTITY_SRC:
 7299         case SADB_EXT_IDENTITY_DST:
 7300                 if (((struct sadb_ident *)ext)->sadb_ident_type ==
 7301                     SADB_X_IDENTTYPE_ADDR) {
 7302                         baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
 7303                         checktype = ADDR;
 7304                 } else
 7305                         checktype = NONE;
 7306                 break;
 7307         default:
 7308                 checktype = NONE;
 7309                 break;
 7310         }
 7311 
 7312         switch (checktype) {
 7313         case NONE:
 7314                 break;
 7315         case ADDR:
 7316                 sa = (struct sockaddr *)((caddr_t)ext + baselen);
 7317                 if (len < baselen + sal)
 7318                         return EINVAL;
 7319                 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
 7320                         return EINVAL;
 7321                 break;
 7322         }
 7323 
 7324         return 0;
 7325 }
 7326 
 7327 void
 7328 key_init()
 7329 {
 7330         int i;
 7331 
 7332         bzero((caddr_t)&key_cb, sizeof(key_cb));
 7333 
 7334         for (i = 0; i < IPSEC_DIR_MAX; i++)
 7335                 LIST_INIT(&sptree[i]);
 7336 
 7337         LIST_INIT(&sahtree);
 7338 
 7339         for (i = 0; i <= SADB_SATYPE_MAX; i++)
 7340                 LIST_INIT(&regtree[i]);
 7341 
 7342         for (i = 0; i < SPIHASHSIZE; i++)
 7343                 LIST_INIT(&spihash[i]);
 7344 
 7345 #ifndef IPSEC_NONBLOCK_ACQUIRE
 7346         LIST_INIT(&acqtree);
 7347 #endif
 7348         LIST_INIT(&spacqtree);
 7349 
 7350         TAILQ_INIT(&satailq);
 7351         TAILQ_INIT(&sptailq);
 7352 
 7353         /* system default */
 7354 #ifdef INET
 7355         ip4_def_policy = key_newsp(0);
 7356         if (!ip4_def_policy)
 7357                 panic("could not initialize IPv4 default security policy");
 7358         ip4_def_policy->state = IPSEC_SPSTATE_ALIVE;
 7359         ip4_def_policy->policy = IPSEC_POLICY_NONE;
 7360         ip4_def_policy->dir = IPSEC_DIR_ANY;
 7361         ip4_def_policy->readonly = 1;
 7362         ip4_def_policy->persist = 1;
 7363 #endif
 7364 #ifdef INET6
 7365         ip6_def_policy = key_newsp(0);
 7366         if (!ip6_def_policy)
 7367                 panic("could not initialize IPv6 default security policy");
 7368         ip6_def_policy->state = IPSEC_SPSTATE_ALIVE;
 7369         ip6_def_policy->policy = IPSEC_POLICY_NONE;
 7370         ip6_def_policy->dir = IPSEC_DIR_ANY;
 7371         ip6_def_policy->readonly = 1;
 7372         ip6_def_policy->persist = 1;
 7373 #endif
 7374 
 7375         timeout(key_timehandler, (void *)0, hz);
 7376 
 7377         /* initialize key statistics */
 7378         keystat.getspi_count = 1;
 7379 
 7380         printf("IPsec: Initialized Security Association Processing.\n");
 7381 
 7382         return;
 7383 }
 7384 
 7385 /*
 7386  * XXX: maybe This function is called after INBOUND IPsec processing.
 7387  *
 7388  * Special check for tunnel-mode packets.
 7389  * We must make some checks for consistency between inner and outer IP header.
 7390  *
 7391  * xxx more checks to be provided
 7392  */
 7393 int
 7394 key_checktunnelsanity(sav, family, src, dst)
 7395         struct secasvar *sav;
 7396         u_int family;
 7397         caddr_t src;
 7398         caddr_t dst;
 7399 {
 7400         /* sanity check */
 7401         if (sav->sah == NULL)
 7402                 panic("sav->sah == NULL at key_checktunnelsanity");
 7403 
 7404         /* XXX: check inner IP header */
 7405 
 7406         return 1;
 7407 }
 7408 
 7409 #if 0
 7410 /*
 7411  * Get FQDN for the host.
 7412  * If the administrator configured hostname (by hostname(1)) without
 7413  * domain name, returns nothing.
 7414  */
 7415 static const char *
 7416 key_getfqdn()
 7417 {
 7418         int i;
 7419         int hasdot;
 7420         static char fqdn[MAXHOSTNAMELEN + 1];
 7421         int hostnamelen = strlen(hostname);
 7422 
 7423         if (!hostnamelen)
 7424                 return NULL;
 7425 
 7426         /* check if it comes with domain name. */
 7427         hasdot = 0;
 7428         for (i = 0; i < hostnamelen; i++) {
 7429                 if (hostname[i] == '.')
 7430                         hasdot++;
 7431         }
 7432         if (!hasdot)
 7433                 return NULL;
 7434 
 7435         /* NOTE: hostname may not be NUL-terminated. */
 7436         bzero(fqdn, sizeof(fqdn));
 7437         bcopy(hostname, fqdn, hostnamelen);
 7438         fqdn[hostnamelen] = '\0';
 7439         return fqdn;
 7440 }
 7441 
 7442 /*
 7443  * get username@FQDN for the host/user.
 7444  */
 7445 static const char *
 7446 key_getuserfqdn()
 7447 {
 7448         const char *host;
 7449         static char userfqdn[MAXHOSTNAMELEN + MAXLOGNAME + 2];
 7450         struct proc *p = curproc;
 7451         char *q;
 7452 
 7453         PROC_LOCK(p);
 7454         if (!p || !p->p_pgrp || !p->p_pgrp->pg_session) {
 7455                 PROC_UNLOCK(p);
 7456                 return NULL;
 7457         }
 7458         if (!(host = key_getfqdn())) {
 7459                 PROC_UNLOCK(p);
 7460                 return NULL;
 7461         }
 7462 
 7463         /* NOTE: s_login may not be-NUL terminated. */
 7464         bzero(userfqdn, sizeof(userfqdn));
 7465         SESS_LOCK(p->p_session);
 7466         bcopy(p->p_pgrp->pg_session->s_login, userfqdn, MAXLOGNAME);
 7467         SESS_UNLOCK(p->p_session);
 7468         PROC_UNLOCK(p);
 7469         userfqdn[MAXLOGNAME] = '\0';    /* safeguard */
 7470         q = userfqdn + strlen(userfqdn);
 7471         *q++ = '@';
 7472         bcopy(host, q, strlen(host));
 7473         q += strlen(host);
 7474         *q++ = '\0';
 7475 
 7476         return userfqdn;
 7477 }
 7478 #endif
 7479 
 7480 /* record data transfer on SA, and update timestamps */
 7481 void
 7482 key_sa_recordxfer(sav, m)
 7483         struct secasvar *sav;
 7484         struct mbuf *m;
 7485 {
 7486         if (!sav)
 7487                 panic("key_sa_recordxfer called with sav == NULL");
 7488         if (!m)
 7489                 panic("key_sa_recordxfer called with m == NULL");
 7490         if (!sav->lft_c)
 7491                 return;
 7492 
 7493         /*
 7494          * XXX Currently, there is a difference of bytes size
 7495          * between inbound and outbound processing.
 7496          */
 7497         sav->lft_c->sadb_lifetime_bytes += m->m_pkthdr.len;
 7498         /* to check bytes lifetime is done in key_timehandler(). */
 7499 
 7500         /*
 7501          * We use the number of packets as the unit of
 7502          * sadb_lifetime_allocations.  We increment the variable
 7503          * whenever {esp,ah}_{in,out}put is called.
 7504          */
 7505         sav->lft_c->sadb_lifetime_allocations++;
 7506         /* XXX check for expires? */
 7507 
 7508         /*
 7509          * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
 7510          * in seconds.  HARD and SOFT lifetime are measured by the time
 7511          * difference (again in seconds) from sadb_lifetime_usetime.
 7512          *
 7513          *      usetime
 7514          *      v     expire   expire
 7515          * -----+-----+--------+---> t
 7516          *      <--------------> HARD
 7517          *      <-----> SOFT
 7518          */
 7519     {
 7520         sav->lft_c->sadb_lifetime_usetime = time_second;
 7521         /* XXX check for expires? */
 7522     }
 7523 
 7524         return;
 7525 }
 7526 
 7527 /* dumb version */
 7528 void
 7529 key_sa_routechange(dst)
 7530         struct sockaddr *dst;
 7531 {
 7532         struct secashead *sah;
 7533         struct route *ro;
 7534 
 7535         LIST_FOREACH(sah, &sahtree, chain) {
 7536                 ro = &sah->sa_route;
 7537                 if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len &&
 7538                     bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) {
 7539                         RTFREE(ro->ro_rt);
 7540                         ro->ro_rt = (struct rtentry *)NULL;
 7541                 }
 7542         }
 7543 
 7544         return;
 7545 }
 7546 
 7547 static void
 7548 key_sa_chgstate(sav, state)
 7549         struct secasvar *sav;
 7550         u_int8_t state;
 7551 {
 7552         if (sav == NULL)
 7553                 panic("key_sa_chgstate called with sav == NULL");
 7554 
 7555         if (sav->state == state)
 7556                 return;
 7557 
 7558         if (__LIST_CHAINED(sav))
 7559                 LIST_REMOVE(sav, chain);
 7560 
 7561         sav->state = state;
 7562         LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
 7563 }
 7564 
 7565 void
 7566 key_sa_stir_iv(sav)
 7567         struct secasvar *sav;
 7568 {
 7569 
 7570         if (!sav->iv)
 7571                 panic("key_sa_stir_iv called with sav == NULL");
 7572         key_randomfill(sav->iv, sav->ivlen);
 7573 }
 7574 
 7575 static void
 7576 key_sp_dead(sp)
 7577         struct secpolicy *sp;
 7578 {
 7579 
 7580         /* mark the SP dead */
 7581         sp->state = IPSEC_SPSTATE_DEAD;
 7582 }
 7583 
 7584 static void
 7585 key_sp_unlink(sp)
 7586         struct secpolicy *sp;
 7587 {
 7588 
 7589         /* remove from SP index */
 7590         if (__LIST_CHAINED(sp)) {
 7591                 LIST_REMOVE(sp, chain);
 7592                 key_freesp(sp);
 7593         }
 7594 }
 7595 
 7596 /* XXX too much? */
 7597 static struct mbuf *
 7598 key_alloc_mbuf(l)
 7599         int l;
 7600 {
 7601         struct mbuf *m = NULL, *n;
 7602         int len, t;
 7603 
 7604         len = l;
 7605         while (len > 0) {
 7606                 MGET(n, M_DONTWAIT, MT_DATA);
 7607                 if (n && len > MLEN)
 7608                         MCLGET(n, M_DONTWAIT);
 7609                 if (!n) {
 7610                         m_freem(m);
 7611                         return NULL;
 7612                 }
 7613 
 7614                 n->m_next = NULL;
 7615                 n->m_len = 0;
 7616                 n->m_len = M_TRAILINGSPACE(n);
 7617                 /* use the bottom of mbuf, hoping we can prepend afterwards */
 7618                 if (n->m_len > len) {
 7619                         t = (n->m_len - len) & ~(sizeof(long) - 1);
 7620                         n->m_data += t;
 7621                         n->m_len = len;
 7622                 }
 7623 
 7624                 len -= n->m_len;
 7625 
 7626                 if (m)
 7627                         m_cat(m, n);
 7628                 else
 7629                         m = n;
 7630         }
 7631 
 7632         return m;
 7633 }

Cache object: c1bb65cf8f45d72e66c037ff8df1457c


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.