FreeBSD/Linux Kernel Cross Reference
sys/netkey/key.c
1 /* $KAME: key.c,v 1.308 2003/09/07 20:35:59 itojun Exp $ */
2
3 /*-
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
34
35 /*
36 * This code is referd to RFC 2367
37 */
38
39 #include "opt_inet.h"
40 #include "opt_inet6.h"
41 #include "opt_ipsec.h"
42
43 #include <sys/types.h>
44 #include <sys/param.h>
45 #include <sys/systm.h>
46 #include <sys/kernel.h>
47 #include <sys/mbuf.h>
48 #include <sys/domain.h>
49 #include <sys/protosw.h>
50 #include <sys/malloc.h>
51 #include <sys/socket.h>
52 #include <sys/socketvar.h>
53 #include <sys/sysctl.h>
54 #include <sys/errno.h>
55 #include <sys/proc.h>
56 #include <sys/queue.h>
57 #include <sys/syslog.h>
58
59 #include <net/if.h>
60 #include <net/route.h>
61 #include <net/raw_cb.h>
62
63 #include <netinet/in.h>
64 #include <netinet/in_systm.h>
65 #include <netinet/ip.h>
66 #include <netinet/in_var.h>
67
68 #ifdef INET6
69 #include <netinet/ip6.h>
70 #include <netinet6/in6_var.h>
71 #include <netinet6/ip6_var.h>
72 #include <netinet6/scope6_var.h>
73 #endif /* INET6 */
74
75 #ifdef INET
76 #include <netinet/in_pcb.h>
77 #endif
78 #ifdef INET6
79 #include <netinet6/in6_pcb.h>
80 #endif /* INET6 */
81
82 #include <net/pfkeyv2.h>
83 #include <netkey/keydb.h>
84 #include <netkey/key.h>
85 #include <netkey/keysock.h>
86 #include <netkey/key_debug.h>
87
88 #include <netinet6/ipsec.h>
89 #ifdef INET6
90 #include <netinet6/ipsec6.h>
91 #endif
92 #include <netinet6/ah.h>
93 #ifdef INET6
94 #include <netinet6/ah6.h>
95 #endif
96 #ifdef IPSEC_ESP
97 #include <netinet6/esp.h>
98 #ifdef INET6
99 #include <netinet6/esp6.h>
100 #endif
101 #endif
102 #include <netinet6/ipcomp.h>
103 #ifdef INET6
104 #include <netinet6/ipcomp6.h>
105 #endif
106
107 #include <machine/stdarg.h>
108
109 /* randomness */
110 #include <sys/random.h>
111
112 #include <net/net_osdep.h>
113
114 #ifndef satosin
115 #define satosin(s) ((struct sockaddr_in *)s)
116 #endif
117
118 #define FULLMASK 0xff
119
120 /*
121 * Note on SA reference counting:
122 * - SAs that are not in DEAD state will have (total external reference + 1)
123 * following value in reference count field. they cannot be freed and are
124 * referenced from SA header.
125 * - SAs that are in DEAD state will have (total external reference)
126 * in reference count field. they are ready to be freed. reference from
127 * SA header will be removed in keydb_delsecasvar(), when the reference count
128 * field hits 0 (= no external reference other than from SA header.
129 */
130
131 u_int32_t key_debug_level = 0;
132 static u_int key_spi_trycnt = 1000;
133 static u_int32_t key_spi_minval = 0x100;
134 static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */
135 static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/
136 static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/
137 static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/
138 static int key_preferred_oldsa = 1; /* preferred old sa rather than new sa.*/
139
140 static u_int32_t acq_seq = 0;
141
142 struct _satailq satailq; /* list of all SAD entry */
143 struct _sptailq sptailq; /* SPD table + pcb */
144 static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD table */
145 static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */
146 static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1];
147 /* registed list */
148
149 #define SPIHASHSIZE 128
150 #define SPIHASH(x) (((x) ^ ((x) >> 16)) % SPIHASHSIZE)
151 static LIST_HEAD(_spihash, secasvar) spihash[SPIHASHSIZE];
152
153 #ifndef IPSEC_NONBLOCK_ACQUIRE
154 static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */
155 #endif
156 static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */
157
158 struct key_cb key_cb;
159
160 /* search order for SAs */
161 static const u_int saorder_state_valid_prefer_old[] = {
162 SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
163 };
164 static const u_int saorder_state_valid_prefer_new[] = {
165 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
166 };
167 static const u_int saorder_state_alive[] = {
168 /* except DEAD */
169 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
170 };
171 static const u_int saorder_state_any[] = {
172 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
173 SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
174 };
175
176 static const int minsize[] = {
177 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
178 sizeof(struct sadb_sa), /* SADB_EXT_SA */
179 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
180 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
181 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
182 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */
183 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */
184 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */
185 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */
186 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */
187 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */
188 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */
189 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */
190 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */
191 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */
192 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */
193 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
194 0, /* SADB_X_EXT_KMPRIVATE */
195 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */
196 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
197 };
198 static const int maxsize[] = {
199 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
200 sizeof(struct sadb_sa), /* SADB_EXT_SA */
201 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
202 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
203 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
204 0, /* SADB_EXT_ADDRESS_SRC */
205 0, /* SADB_EXT_ADDRESS_DST */
206 0, /* SADB_EXT_ADDRESS_PROXY */
207 0, /* SADB_EXT_KEY_AUTH */
208 0, /* SADB_EXT_KEY_ENCRYPT */
209 0, /* SADB_EXT_IDENTITY_SRC */
210 0, /* SADB_EXT_IDENTITY_DST */
211 0, /* SADB_EXT_SENSITIVITY */
212 0, /* SADB_EXT_PROPOSAL */
213 0, /* SADB_EXT_SUPPORTED_AUTH */
214 0, /* SADB_EXT_SUPPORTED_ENCRYPT */
215 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
216 0, /* SADB_X_EXT_KMPRIVATE */
217 0, /* SADB_X_EXT_POLICY */
218 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
219 };
220
221 static int ipsec_esp_keymin = 256;
222 #ifdef IPSEC_ESP
223 static int ipsec_esp_auth = 0;
224 #endif
225 static int ipsec_ah_keymin = 128;
226
227 SYSCTL_DECL(_net_key);
228
229 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW, \
230 &key_debug_level, 0, "");
231
232 /* max count of trial for the decision of spi value */
233 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \
234 &key_spi_trycnt, 0, "");
235
236 /* minimum spi value to allocate automatically. */
237 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \
238 &key_spi_minval, 0, "");
239
240 /* maximun spi value to allocate automatically. */
241 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \
242 &key_spi_maxval, 0, "");
243
244 /* lifetime for larval SA */
245 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \
246 &key_larval_lifetime, 0, "");
247
248 /* counter for blocking to send SADB_ACQUIRE to IKEd */
249 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \
250 &key_blockacq_count, 0, "");
251
252 /* lifetime for blocking to send SADB_ACQUIRE to IKEd */
253 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \
254 &key_blockacq_lifetime, 0, "");
255
256 #ifdef IPSEC_ESP
257 /* ESP auth */
258 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \
259 &ipsec_esp_auth, 0, "ESP auth");
260 #endif
261
262 /* minimum ESP key length */
263 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \
264 &ipsec_esp_keymin, 0, "");
265
266 /* minimum AH key length */
267 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \
268 &ipsec_ah_keymin, 0, "");
269
270 /* perfered old SA rather than new SA */
271 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, preferred_oldsa, CTLFLAG_RW,\
272 &key_preferred_oldsa, 0, "");
273
274 #define __LIST_CHAINED(elm) \
275 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
276 #define LIST_INSERT_TAIL(head, elm, type, field) \
277 do {\
278 struct type *curelm = LIST_FIRST(head); \
279 if (curelm == NULL) {\
280 LIST_INSERT_HEAD(head, elm, field); \
281 } else { \
282 while (LIST_NEXT(curelm, field)) \
283 curelm = LIST_NEXT(curelm, field);\
284 LIST_INSERT_AFTER(curelm, elm, field);\
285 }\
286 } while (/*CONSTCOND*/ 0)
287
288 #define KEY_CHKSASTATE(head, sav, name) \
289 do { \
290 if ((head) != (sav)) { \
291 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%u SA=%u)\n", \
292 (name), (head), (sav))); \
293 continue; \
294 } \
295 } while (/*CONSTCOND*/ 0)
296
297 #define KEY_CHKSPDIR(head, sp, name) \
298 do { \
299 if ((head) != (sp)) { \
300 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%u SP=%u), " \
301 "anyway continue.\n", \
302 (name), (head), (sp))); \
303 } \
304 } while (/*CONSTCOND*/ 0)
305
306 #if 1
307 #define KMALLOC(p, t, n) \
308 ((p) = (t) malloc((unsigned long)(n), M_SECA, M_NOWAIT))
309 #define KFREE(p) \
310 free((caddr_t)(p), M_SECA)
311 #else
312 #define KMALLOC(p, t, n) \
313 do { \
314 ((p) = (t)malloc((unsigned long)(n), M_SECA, M_NOWAIT)); \
315 printf("%s %d: %p <- KMALLOC(%s, %d)\n", \
316 __FILE__, __LINE__, (p), #t, n); \
317 } while (/*CONSTCOND*/ 0)
318
319 #define KFREE(p) \
320 do { \
321 printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p)); \
322 free((caddr_t)(p), M_SECA); \
323 } while (/*CONSTCOND*/ 0)
324 #endif
325
326 /*
327 * set parameters into secpolicyindex buffer.
328 * Must allocate secpolicyindex buffer passed to this function.
329 */
330 #define KEY_SETSECSPIDX(s, d, ps, pd, ulp, idx) \
331 do { \
332 bzero((idx), sizeof(struct secpolicyindex)); \
333 (idx)->prefs = (ps); \
334 (idx)->prefd = (pd); \
335 (idx)->ul_proto = (ulp); \
336 bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len); \
337 bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len); \
338 } while (/*CONSTCOND*/ 0)
339
340 /*
341 * set parameters into secasindex buffer.
342 * Must allocate secasindex buffer before calling this function.
343 */
344 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \
345 do { \
346 bzero((idx), sizeof(struct secasindex)); \
347 (idx)->proto = (p); \
348 (idx)->mode = (m); \
349 (idx)->reqid = (r); \
350 bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len); \
351 bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len); \
352 } while (/*CONSTCOND*/ 0)
353
354 /* key statistics */
355 struct _keystat {
356 u_long getspi_count; /* the avarage of count to try to get new SPI */
357 } keystat;
358
359 struct sadb_msghdr {
360 struct sadb_msg *msg;
361 struct sadb_ext *ext[SADB_EXT_MAX + 1];
362 int extoff[SADB_EXT_MAX + 1];
363 int extlen[SADB_EXT_MAX + 1];
364 };
365
366 static struct secasvar *key_allocsa_policy(struct secasindex *);
367 static struct secasvar *key_do_allocsa_policy(struct secashead *, u_int);
368 static void key_delsav(struct secasvar *);
369 static void key_delsp(struct secpolicy *);
370 static struct secpolicy *key_getsp(struct secpolicyindex *, int);
371 static struct secpolicy *key_getspbyid(u_int32_t);
372 static u_int32_t key_newreqid(void);
373 static struct mbuf *key_gather_mbuf(struct mbuf *,
374 const struct sadb_msghdr *, int, int, ...);
375 static int key_spdadd(struct socket *, struct mbuf *,
376 const struct sadb_msghdr *);
377 static int key_spddelete(struct socket *, struct mbuf *,
378 const struct sadb_msghdr *);
379 static int key_spddelete2(struct socket *, struct mbuf *,
380 const struct sadb_msghdr *);
381 static int key_spdget(struct socket *, struct mbuf *,
382 const struct sadb_msghdr *);
383 static int key_spdflush(struct socket *, struct mbuf *,
384 const struct sadb_msghdr *);
385 static int key_spddump(struct socket *, struct mbuf *,
386 const struct sadb_msghdr *);
387 static struct mbuf *key_setdumpsp(struct secpolicy *,
388 u_int8_t, u_int32_t, u_int32_t);
389 static u_int key_getspreqmsglen(struct secpolicy *);
390 static int key_spdexpire(struct secpolicy *);
391 static struct secashead *key_newsah(struct secasindex *);
392 static void key_delsah(struct secashead *);
393 static struct secasvar *key_newsav(struct mbuf *,
394 const struct sadb_msghdr *, struct secashead *, int *);
395 static struct secashead *key_getsah(struct secasindex *);
396 static struct secasvar *key_checkspidup(struct secasindex *, u_int32_t);
397 static void key_setspi(struct secasvar *, u_int32_t);
398 static struct secasvar *key_getsavbyspi(struct secashead *, u_int32_t);
399 static int key_setsaval(struct secasvar *, struct mbuf *,
400 const struct sadb_msghdr *);
401 static int key_mature(struct secasvar *);
402 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t,
403 u_int8_t, u_int32_t, u_int32_t);
404 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t,
405 u_int32_t, pid_t, u_int16_t);
406 static struct mbuf *key_setsadbsa(struct secasvar *);
407 static struct mbuf *key_setsadbaddr(u_int16_t,
408 struct sockaddr *, u_int8_t, u_int16_t);
409 #if 0
410 static struct mbuf *key_setsadbident(u_int16_t, u_int16_t, caddr_t,
411 int, u_int64_t);
412 #endif
413 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t);
414 static struct mbuf *key_setsadblifetime(u_int16_t, u_int32_t,
415 u_int64_t, u_int64_t, u_int64_t);
416 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
417 u_int32_t);
418 static void *key_newbuf(const void *, u_int);
419 static int key_ismyaddr(struct sockaddr *);
420 #ifdef INET6
421 static int key_ismyaddr6(struct sockaddr_in6 *);
422 #endif
423
424 /* flags for key_cmpsaidx() */
425 #define CMP_HEAD 1 /* protocol, addresses. */
426 #define CMP_MODE_REQID 2 /* additionally HEAD, reqid, mode. */
427 #define CMP_REQID 3 /* additionally HEAD, reqid. not used */
428 #define CMP_EXACTLY 4 /* all elements. */
429 static int key_cmpsaidx(struct secasindex *, struct secasindex *, int);
430
431 static int key_sockaddrcmp(struct sockaddr *, struct sockaddr *, int);
432 static int key_bbcmp(caddr_t, caddr_t, u_int);
433 static u_long key_random(void);
434 static u_int16_t key_satype2proto(u_int8_t);
435 static u_int8_t key_proto2satype(u_int16_t);
436
437 static int key_getspi(struct socket *, struct mbuf *,
438 const struct sadb_msghdr *);
439 static u_int32_t key_do_getnewspi(struct sadb_spirange *,
440 struct secasindex *);
441 static int key_update(struct socket *, struct mbuf *,
442 const struct sadb_msghdr *);
443 #ifdef IPSEC_DOSEQCHECK
444 static struct secasvar *key_getsavbyseq(struct secashead *, u_int32_t);
445 #endif
446 static int key_add(struct socket *, struct mbuf *,
447 const struct sadb_msghdr *);
448 static int key_setident(struct secashead *, struct mbuf *,
449 const struct sadb_msghdr *);
450 static struct mbuf *key_getmsgbuf_x1(struct mbuf *,
451 const struct sadb_msghdr *);
452 static int key_delete(struct socket *, struct mbuf *,
453 const struct sadb_msghdr *);
454 static int key_get(struct socket *, struct mbuf *,
455 const struct sadb_msghdr *);
456
457 static void key_getcomb_setlifetime(struct sadb_comb *);
458 #ifdef IPSEC_ESP
459 static struct mbuf *key_getcomb_esp(void);
460 #endif
461 static struct mbuf *key_getcomb_ah(void);
462 static struct mbuf *key_getcomb_ipcomp(void);
463 static struct mbuf *key_getprop(const struct secasindex *);
464
465 static int key_acquire(struct secasindex *, struct secpolicy *);
466 #ifndef IPSEC_NONBLOCK_ACQUIRE
467 static struct secacq *key_newacq(struct secasindex *);
468 static struct secacq *key_getacq(struct secasindex *);
469 static struct secacq *key_getacqbyseq(u_int32_t);
470 #endif
471 static struct secspacq *key_newspacq(struct secpolicyindex *);
472 static struct secspacq *key_getspacq(struct secpolicyindex *);
473 static int key_acquire2(struct socket *, struct mbuf *,
474 const struct sadb_msghdr *);
475 static int key_register(struct socket *, struct mbuf *,
476 const struct sadb_msghdr *);
477 static int key_expire(struct secasvar *);
478 static int key_flush(struct socket *, struct mbuf *,
479 const struct sadb_msghdr *);
480 static int key_dump(struct socket *, struct mbuf *,
481 const struct sadb_msghdr *);
482 static int key_promisc(struct socket *, struct mbuf *,
483 const struct sadb_msghdr *);
484 static int key_senderror(struct socket *, struct mbuf *, int);
485 static int key_validate_ext(struct sadb_ext *, int);
486 static int key_align(struct mbuf *, struct sadb_msghdr *);
487 #if 0
488 static const char *key_getfqdn(void);
489 static const char *key_getuserfqdn(void);
490 #endif
491 static void key_sa_chgstate(struct secasvar *, u_int8_t);
492 static void key_sp_dead(struct secpolicy *);
493 static void key_sp_unlink(struct secpolicy *);
494 static struct mbuf *key_alloc_mbuf(int);
495 static struct callout key_timehandler_ch;
496
497 /* %%% IPsec policy management */
498 /*
499 * allocating a SP for OUTBOUND or INBOUND packet.
500 * Must call key_freesp() later.
501 * OUT: NULL: not found
502 * others: found and return the pointer.
503 */
504 struct secpolicy *
505 key_allocsp(tag, spidx, dir)
506 u_int16_t tag;
507 struct secpolicyindex *spidx;
508 u_int dir;
509 {
510 struct secpolicy *sp;
511 int s;
512
513 /* check direction */
514 switch (dir) {
515 case IPSEC_DIR_INBOUND:
516 case IPSEC_DIR_OUTBOUND:
517 break;
518 default:
519 panic("key_allocsp: Invalid direction is passed.");
520 }
521
522 /* get a SP entry */
523 s = splnet(); /*called from softclock()*/
524 if (spidx) {
525 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
526 printf("*** objects\n");
527 kdebug_secpolicyindex(spidx));
528 }
529
530 LIST_FOREACH(sp, &sptree[dir], chain) {
531 if (sp->state == IPSEC_SPSTATE_DEAD)
532 continue;
533 if (sp->spidx) {
534 if (!spidx)
535 continue;
536
537 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
538 printf("*** in SPD\n");
539 kdebug_secpolicyindex(sp->spidx));
540
541 if (key_cmpspidx_withmask(sp->spidx, spidx))
542 goto found;
543 }
544 }
545
546 splx(s);
547 return NULL;
548
549 found:
550 /* sanity check */
551 KEY_CHKSPDIR(sp->dir, dir, "key_allocsp");
552
553 /* found a SPD entry */
554 sp->lastused = time_second;
555 sp->refcnt++;
556 splx(s);
557 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
558 printf("DP key_allocsp cause refcnt++:%d SP:%p\n",
559 sp->refcnt, sp));
560
561 return sp;
562 }
563
564 /*
565 * return a policy that matches this particular inbound packet.
566 * XXX slow
567 */
568 struct secpolicy *
569 key_gettunnel(osrc, odst, isrc, idst)
570 struct sockaddr *osrc, *odst, *isrc, *idst;
571 {
572 struct secpolicy *sp;
573 const int dir = IPSEC_DIR_INBOUND;
574 int s;
575 struct ipsecrequest *r1, *r2, *p;
576 struct sockaddr *os, *od, *is, *id;
577 struct secpolicyindex spidx;
578
579 if (isrc->sa_family != idst->sa_family) {
580 ipseclog((LOG_ERR, "protocol family mismatched %u != %u\n",
581 isrc->sa_family, idst->sa_family));
582 return NULL;
583 }
584
585 s = splnet(); /*called from softclock()*/
586 LIST_FOREACH(sp, &sptree[dir], chain) {
587 if (sp->state == IPSEC_SPSTATE_DEAD)
588 continue;
589
590 r1 = r2 = NULL;
591 for (p = sp->req; p; p = p->next) {
592 if (p->saidx.mode != IPSEC_MODE_TUNNEL)
593 continue;
594
595 r1 = r2;
596 r2 = p;
597
598 if (!r1) {
599 if (sp->spidx) {
600 /*
601 * here we look at address matches
602 * only
603 */
604 spidx = *sp->spidx;
605 if (isrc->sa_len > sizeof(spidx.src) ||
606 idst->sa_len > sizeof(spidx.dst))
607 continue;
608 bcopy(isrc, &spidx.src, isrc->sa_len);
609 bcopy(idst, &spidx.dst, idst->sa_len);
610 if (!key_cmpspidx_withmask(sp->spidx,
611 &spidx))
612 continue;
613 } else
614 ; /* can't check for tagged policy */
615 } else {
616 is = (struct sockaddr *)&r1->saidx.src;
617 id = (struct sockaddr *)&r1->saidx.dst;
618 if (key_sockaddrcmp(is, isrc, 0) ||
619 key_sockaddrcmp(id, idst, 0))
620 continue;
621 }
622
623 os = (struct sockaddr *)&r2->saidx.src;
624 od = (struct sockaddr *)&r2->saidx.dst;
625 if (key_sockaddrcmp(os, osrc, 0) ||
626 key_sockaddrcmp(od, odst, 0))
627 continue;
628
629 goto found;
630 }
631 }
632 splx(s);
633 return NULL;
634
635 found:
636 sp->lastused = time_second;
637 sp->refcnt++;
638 splx(s);
639 return sp;
640 }
641
642 /*
643 * allocating an SA entry for an *OUTBOUND* packet.
644 * checking each request entries in SP, and acquire an SA if need.
645 * OUT: 0: there are valid requests.
646 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
647 */
648 int
649 key_checkrequest(isr, saidx)
650 struct ipsecrequest *isr;
651 struct secasindex *saidx;
652 {
653 u_int level;
654 int error;
655
656 /* sanity check */
657 if (isr == NULL || saidx == NULL)
658 panic("key_checkrequest: NULL pointer is passed.");
659
660 /* check mode */
661 switch (saidx->mode) {
662 case IPSEC_MODE_TRANSPORT:
663 case IPSEC_MODE_TUNNEL:
664 break;
665 case IPSEC_MODE_ANY:
666 default:
667 panic("key_checkrequest: Invalid policy defined.");
668 }
669
670 /* get current level */
671 level = ipsec_get_reqlevel(isr, saidx->src.ss_family);
672
673 #if 0
674 /*
675 * We do allocate new SA only if the state of SA in the holder is
676 * SADB_SASTATE_DEAD. The SA for outbound must be the oldest.
677 */
678 if (isr->sav != NULL) {
679 if (isr->sav->sah == NULL)
680 panic("key_checkrequest: sah is null.");
681 if (isr->sav ==
682 LIST_FIRST(&isr->sav->sah->savtree[SADB_SASTATE_DEAD])) {
683 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
684 printf("DP checkrequest calls free SA:%p\n",
685 isr->sav));
686 key_freesav(isr->sav);
687 isr->sav = NULL;
688 }
689 }
690 #else
691 /*
692 * we free any SA stashed in the IPsec request because a different
693 * SA may be involved each time this request is checked, either
694 * because new SAs are being configured, or this request is
695 * associated with an unconnected datagram socket, or this request
696 * is associated with a system default policy.
697 *
698 * The operation may have negative impact to performance. We may
699 * want to check cached SA carefully, rather than picking new SA
700 * every time.
701 */
702 if (isr->sav != NULL) {
703 key_freesav(isr->sav);
704 isr->sav = NULL;
705 }
706 #endif
707
708 /*
709 * new SA allocation if no SA found.
710 * key_allocsa_policy should allocate the oldest SA available.
711 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
712 */
713 if (isr->sav == NULL)
714 isr->sav = key_allocsa_policy(saidx);
715
716 /* When there is SA. */
717 if (isr->sav != NULL)
718 return 0;
719
720 /* there is no SA */
721 if ((error = key_acquire(saidx, isr->sp)) != 0) {
722 /* XXX What should I do ? */
723 ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned "
724 "from key_acquire.\n", error));
725 return error;
726 }
727
728 return level == IPSEC_LEVEL_REQUIRE ? ENOENT : 0;
729 }
730
731 /*
732 * allocating a SA for policy entry from SAD.
733 * NOTE: searching SAD of aliving state.
734 * OUT: NULL: not found.
735 * others: found and return the pointer.
736 */
737 static struct secasvar *
738 key_allocsa_policy(saidx)
739 struct secasindex *saidx;
740 {
741 struct secashead *sah;
742 struct secasvar *sav;
743 u_int stateidx, state;
744 const u_int *saorder_state_valid;
745 int arraysize;
746
747 LIST_FOREACH(sah, &sahtree, chain) {
748 if (sah->state == SADB_SASTATE_DEAD)
749 continue;
750 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
751 goto found;
752 }
753
754 return NULL;
755
756 found:
757
758 /*
759 * search a valid state list for outbound packet.
760 * This search order is important.
761 */
762 if (key_preferred_oldsa) {
763 saorder_state_valid = saorder_state_valid_prefer_old;
764 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
765 } else {
766 saorder_state_valid = saorder_state_valid_prefer_new;
767 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
768 }
769
770 for (stateidx = 0; stateidx < arraysize; stateidx++) {
771
772 state = saorder_state_valid[stateidx];
773
774 sav = key_do_allocsa_policy(sah, state);
775 if (sav != NULL)
776 return sav;
777 }
778
779 return NULL;
780 }
781
782 /*
783 * searching SAD with direction, protocol, mode and state.
784 * called by key_allocsa_policy().
785 * OUT:
786 * NULL : not found
787 * others : found, pointer to a SA.
788 */
789 static struct secasvar *
790 key_do_allocsa_policy(sah, state)
791 struct secashead *sah;
792 u_int state;
793 {
794 struct secasvar *sav, *nextsav, *candidate, *d;
795
796 /* initilize */
797 candidate = NULL;
798
799 for (sav = LIST_FIRST(&sah->savtree[state]);
800 sav != NULL;
801 sav = nextsav) {
802
803 nextsav = LIST_NEXT(sav, chain);
804
805 /* sanity check */
806 KEY_CHKSASTATE(sav->state, state, "key_do_allocsa_policy");
807
808 /* initialize */
809 if (candidate == NULL) {
810 candidate = sav;
811 continue;
812 }
813
814 /* Which SA is the better ? */
815
816 /* sanity check 2 */
817 if (candidate->lft_c == NULL || sav->lft_c == NULL)
818 panic("key_do_allocsa_policy: "
819 "lifetime_current is NULL.");
820
821 /* What the best method is to compare ? */
822 if (key_preferred_oldsa) {
823 if (candidate->lft_c->sadb_lifetime_addtime >
824 sav->lft_c->sadb_lifetime_addtime) {
825 candidate = sav;
826 }
827 continue;
828 /*NOTREACHED*/
829 }
830
831 /* preferred new sa rather than old sa */
832 if (candidate->lft_c->sadb_lifetime_addtime <
833 sav->lft_c->sadb_lifetime_addtime) {
834 d = candidate;
835 candidate = sav;
836 } else
837 d = sav;
838
839 /*
840 * prepared to delete the SA when there is more
841 * suitable candidate and the lifetime of the SA is not
842 * permanent.
843 */
844 if (d->lft_h->sadb_lifetime_addtime != 0) {
845 struct mbuf *m, *result = NULL;
846
847 key_sa_chgstate(d, SADB_SASTATE_DEAD);
848
849 m = key_setsadbmsg(SADB_DELETE, 0,
850 key_proto2satype(d->sah->saidx.proto),
851 0, 0, d->refcnt - 1);
852 if (!m)
853 goto msgfail;
854 result = m;
855
856 /* set sadb_address for saidx's. */
857 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
858 (struct sockaddr *)&d->sah->saidx.src,
859 FULLMASK, IPSEC_ULPROTO_ANY);
860 if (!m)
861 goto msgfail;
862 m_cat(result, m);
863
864 /* set sadb_address for saidx's. */
865 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
866 (struct sockaddr *)&d->sah->saidx.dst,
867 FULLMASK, IPSEC_ULPROTO_ANY);
868 if (!m)
869 goto msgfail;
870 m_cat(result, m);
871
872 /* create SA extension */
873 m = key_setsadbsa(d);
874 if (!m)
875 goto msgfail;
876 m_cat(result, m);
877
878 if (result->m_len < sizeof(struct sadb_msg)) {
879 result = m_pullup(result,
880 sizeof(struct sadb_msg));
881 if (result == NULL)
882 goto msgfail;
883 }
884
885 result->m_pkthdr.len = 0;
886 for (m = result; m; m = m->m_next)
887 result->m_pkthdr.len += m->m_len;
888 mtod(result, struct sadb_msg *)->sadb_msg_len =
889 PFKEY_UNIT64(result->m_pkthdr.len);
890
891 if (key_sendup_mbuf(NULL, result,
892 KEY_SENDUP_REGISTERED))
893 goto msgfail;
894
895 result = NULL;
896
897 msgfail:
898 if (result != NULL)
899 m_freem(result);
900 key_freesav(d);
901 }
902 }
903
904 if (candidate) {
905 candidate->refcnt++;
906 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
907 printf("DP allocsa_policy cause "
908 "refcnt++:%d SA:%p\n",
909 candidate->refcnt, candidate));
910 }
911 return candidate;
912 }
913
914 /*
915 * allocating a SA entry for a *INBOUND* packet.
916 * Must call key_freesav() later.
917 * OUT: positive: pointer to a sav.
918 * NULL: not found, or error occured.
919 *
920 * In the comparison, source address will be ignored for RFC2401 conformance.
921 * To quote, from section 4.1:
922 * A security association is uniquely identified by a triple consisting
923 * of a Security Parameter Index (SPI), an IP Destination Address, and a
924 * security protocol (AH or ESP) identifier.
925 * Note that, however, we do need to keep source address in IPsec SA.
926 * IKE specification and PF_KEY specification do assume that we
927 * keep source address in IPsec SA. We see a tricky situation here.
928 */
929 struct secasvar *
930 key_allocsa(family, src, dst, proto, spi)
931 u_int family, proto;
932 caddr_t src, dst;
933 u_int32_t spi;
934 {
935 struct secasvar *sav, *match;
936 u_int stateidx, state, tmpidx, matchidx;
937 struct sockaddr_in sin;
938 #ifdef INET6
939 struct sockaddr_in6 sin6;
940 #endif
941 int s;
942 const u_int *saorder_state_valid;
943 int arraysize;
944
945 /* sanity check */
946 if (src == NULL || dst == NULL)
947 panic("key_allocsa: NULL pointer is passed.");
948
949 /*
950 * when both systems employ similar strategy to use a SA.
951 * the search order is important even in the inbound case.
952 */
953 if (key_preferred_oldsa) {
954 saorder_state_valid = saorder_state_valid_prefer_old;
955 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
956 } else {
957 saorder_state_valid = saorder_state_valid_prefer_new;
958 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
959 }
960
961 bzero(&sin, sizeof(sin));
962 sin.sin_family = AF_INET;
963 sin.sin_len = sizeof(sin);
964 #ifdef INET6
965 bzero(&sin6, sizeof(sin6));
966 sin6.sin6_family = AF_INET6;
967 sin6.sin6_len = sizeof(sin6);
968 #endif
969
970 /*
971 * searching SAD.
972 * XXX: to be checked internal IP header somewhere. Also when
973 * IPsec tunnel packet is received. But ESP tunnel mode is
974 * encrypted so we can't check internal IP header.
975 */
976 s = splnet(); /*called from softclock()*/
977 /*
978 * search a valid state list for inbound packet.
979 * the search order is not important.
980 */
981 match = NULL;
982 matchidx = arraysize;
983 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
984 if (sav->spi != spi)
985 continue;
986 if (proto != sav->sah->saidx.proto)
987 continue;
988 if (family != sav->sah->saidx.src.ss_family ||
989 family != sav->sah->saidx.dst.ss_family)
990 continue;
991 tmpidx = arraysize;
992 for (stateidx = 0; stateidx < matchidx; stateidx++) {
993 state = saorder_state_valid[stateidx];
994 if (sav->state == state) {
995 tmpidx = stateidx;
996 break;
997 }
998 }
999 if (tmpidx >= matchidx)
1000 continue;
1001
1002 #if 0 /* don't check src */
1003 /* check src address */
1004 switch (family) {
1005 case AF_INET:
1006 bcopy(src, &sin.sin_addr, sizeof(sin.sin_addr));
1007 if (key_sockaddrcmp((struct sockaddr*)&sin,
1008 (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
1009 continue;
1010
1011 break;
1012 #ifdef INET6
1013 case AF_INET6:
1014 bcopy(src, &sin6.sin6_addr, sizeof(sin6.sin6_addr));
1015 sin6.sin6_scope_id = 0;
1016 if (sa6_recoverscope(&sin6))
1017 continue;
1018 if (key_sockaddrcmp((struct sockaddr *)&sin6,
1019 (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
1020 continue;
1021 break;
1022 #endif
1023 default:
1024 ipseclog((LOG_DEBUG, "key_allocsa: "
1025 "unknown address family=%d.\n",
1026 family));
1027 continue;
1028 }
1029
1030 #endif
1031 /* check dst address */
1032 switch (family) {
1033 case AF_INET:
1034 bcopy(dst, &sin.sin_addr, sizeof(sin.sin_addr));
1035 if (key_sockaddrcmp((struct sockaddr*)&sin,
1036 (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
1037 continue;
1038
1039 break;
1040 #ifdef INET6
1041 case AF_INET6:
1042 bcopy(dst, &sin6.sin6_addr, sizeof(sin6.sin6_addr));
1043 sin6.sin6_scope_id = 0;
1044 if (sa6_recoverscope(&sin6))
1045 continue;
1046 if (key_sockaddrcmp((struct sockaddr *)&sin6,
1047 (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
1048 continue;
1049 break;
1050 #endif
1051 default:
1052 ipseclog((LOG_DEBUG, "key_allocsa: "
1053 "unknown address family=%d.\n", family));
1054 continue;
1055 }
1056
1057 match = sav;
1058 matchidx = tmpidx;
1059 }
1060
1061 if (match)
1062 goto found;
1063
1064 /* not found */
1065 splx(s);
1066 return NULL;
1067
1068 found:
1069 match->refcnt++;
1070 splx(s);
1071 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1072 printf("DP allocsa cause refcnt++:%d SA:%p\n",
1073 match->refcnt, match));
1074 return match;
1075 }
1076
1077 /*
1078 * Must be called after calling key_allocsp().
1079 * For both the packet without socket and key_freeso().
1080 */
1081 void
1082 key_freesp(sp)
1083 struct secpolicy *sp;
1084 {
1085 /* sanity check */
1086 if (sp == NULL)
1087 panic("key_freesp: NULL pointer is passed.");
1088
1089 sp->refcnt--;
1090 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1091 printf("DP freesp cause refcnt--:%d SP:%p\n",
1092 sp->refcnt, sp));
1093
1094 if (sp->refcnt == 0)
1095 key_delsp(sp);
1096
1097 return;
1098 }
1099
1100 /*
1101 * Must be called after calling key_allocsa().
1102 * This function is called by key_freesp() to free some SA allocated
1103 * for a policy.
1104 */
1105 void
1106 key_freesav(sav)
1107 struct secasvar *sav;
1108 {
1109 /* sanity check */
1110 if (sav == NULL)
1111 panic("key_freesav: NULL pointer is passed.");
1112
1113 sav->refcnt--;
1114 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1115 printf("DP freesav cause refcnt--:%d SA:%p SPI %u\n",
1116 sav->refcnt, sav, (u_int32_t)ntohl(sav->spi)));
1117
1118 if (sav->refcnt > 0)
1119 return;
1120
1121 key_delsav(sav);
1122 }
1123
1124 static void
1125 key_delsav(sav)
1126 struct secasvar *sav;
1127 {
1128 int s;
1129
1130 /* sanity check */
1131 if (sav == NULL)
1132 panic("key_delsav: NULL pointer is passed.");
1133
1134 if (sav->refcnt > 0)
1135 panic("key_delsav: called with positive refcnt");
1136
1137 s = splnet();
1138
1139 if (__LIST_CHAINED(sav))
1140 LIST_REMOVE(sav, chain);
1141
1142 if (sav->spihash.le_prev || sav->spihash.le_next)
1143 LIST_REMOVE(sav, spihash);
1144
1145 if (sav->key_auth != NULL) {
1146 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
1147 KFREE(sav->key_auth);
1148 sav->key_auth = NULL;
1149 }
1150 if (sav->key_enc != NULL) {
1151 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
1152 KFREE(sav->key_enc);
1153 sav->key_enc = NULL;
1154 }
1155 if (sav->sched) {
1156 bzero(sav->sched, sav->schedlen);
1157 KFREE(sav->sched);
1158 sav->sched = NULL;
1159 }
1160 if (sav->replay != NULL) {
1161 keydb_delsecreplay(sav->replay);
1162 sav->replay = NULL;
1163 }
1164 if (sav->lft_c != NULL) {
1165 KFREE(sav->lft_c);
1166 sav->lft_c = NULL;
1167 }
1168 if (sav->lft_h != NULL) {
1169 KFREE(sav->lft_h);
1170 sav->lft_h = NULL;
1171 }
1172 if (sav->lft_s != NULL) {
1173 KFREE(sav->lft_s);
1174 sav->lft_s = NULL;
1175 }
1176 if (sav->iv != NULL) {
1177 KFREE(sav->iv);
1178 sav->iv = NULL;
1179 }
1180
1181 keydb_delsecasvar(sav);
1182
1183 splx(s);
1184 }
1185
1186 /* %%% SPD management */
1187 /*
1188 * free security policy entry.
1189 */
1190 static void
1191 key_delsp(sp)
1192 struct secpolicy *sp;
1193 {
1194 int s;
1195
1196 /* sanity check */
1197 if (sp == NULL)
1198 panic("key_delsp: NULL pointer is passed.");
1199
1200 if (sp->refcnt > 0)
1201 panic("key_delsp: called with positive refcnt");
1202
1203 s = splnet(); /*called from softclock()*/
1204
1205 {
1206 struct ipsecrequest *isr = sp->req, *nextisr;
1207
1208 while (isr != NULL) {
1209 if (isr->sav != NULL) {
1210 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1211 printf("DP delsp calls free SA:%p\n",
1212 isr->sav));
1213 key_freesav(isr->sav);
1214 isr->sav = NULL;
1215 }
1216
1217 nextisr = isr->next;
1218 KFREE(isr);
1219 isr = nextisr;
1220 }
1221 }
1222
1223 keydb_delsecpolicy(sp);
1224
1225 splx(s);
1226
1227 return;
1228 }
1229
1230 /*
1231 * search SPD
1232 * OUT: NULL : not found
1233 * others : found, pointer to a SP.
1234 */
1235 static struct secpolicy *
1236 key_getsp(spidx, dir)
1237 struct secpolicyindex *spidx;
1238 int dir;
1239 {
1240 struct secpolicy *sp;
1241
1242 /* sanity check */
1243 if (spidx == NULL)
1244 panic("key_getsp: NULL pointer is passed.");
1245
1246 LIST_FOREACH(sp, &sptree[dir], chain) {
1247 if (sp->state == IPSEC_SPSTATE_DEAD)
1248 continue;
1249 if (!sp->spidx)
1250 continue;
1251 if (key_cmpspidx_exactly(spidx, sp->spidx)) {
1252 sp->refcnt++;
1253 return sp;
1254 }
1255 }
1256
1257 return NULL;
1258 }
1259
1260 /*
1261 * get SP by index.
1262 * OUT: NULL : not found
1263 * others : found, pointer to a SP.
1264 */
1265 static struct secpolicy *
1266 key_getspbyid(id)
1267 u_int32_t id;
1268 {
1269 struct secpolicy *sp;
1270
1271 TAILQ_FOREACH(sp, &sptailq, tailq) {
1272 if (sp->id == id) {
1273 sp->refcnt++;
1274 return sp;
1275 }
1276 }
1277
1278 return NULL;
1279 }
1280
1281 struct secpolicy *
1282 key_newsp(id)
1283 u_int32_t id;
1284 {
1285 struct secpolicy *newsp = NULL, *sp;
1286 u_int32_t newid;
1287
1288 if (id > IPSEC_MANUAL_POLICYID_MAX) {
1289 ipseclog((LOG_DEBUG,
1290 "key_newsp: policy_id=%u range "
1291 "violation, updated by kernel.\n", id));
1292 id = 0;
1293 }
1294
1295 if (id == 0) {
1296 if ((newid = keydb_newspid()) == 0) {
1297 ipseclog((LOG_DEBUG,
1298 "key_newsp: new policy_id allocation failed."));
1299 return NULL;
1300 }
1301 } else {
1302 sp = key_getspbyid(id);
1303 if (sp != NULL) {
1304 ipseclog((LOG_DEBUG,
1305 "key_newsp: policy_id(%u) has been used.\n", id));
1306 key_freesp(sp);
1307 return NULL;
1308 }
1309 newid = id;
1310 }
1311
1312 newsp = keydb_newsecpolicy();
1313 if (!newsp)
1314 return newsp;
1315
1316 newsp->id = newid;
1317 newsp->refcnt = 1;
1318 newsp->req = NULL;
1319
1320 return newsp;
1321 }
1322
1323 /*
1324 * create secpolicy structure from sadb_x_policy structure.
1325 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1326 * so must be set properly later.
1327 */
1328 struct secpolicy *
1329 key_msg2sp(xpl0, len, error)
1330 struct sadb_x_policy *xpl0;
1331 size_t len;
1332 int *error;
1333 {
1334 struct secpolicy *newsp;
1335
1336 /* sanity check */
1337 if (xpl0 == NULL)
1338 panic("key_msg2sp: NULL pointer was passed.");
1339 if (len < sizeof(*xpl0))
1340 panic("key_msg2sp: invalid length.");
1341 if (len != PFKEY_EXTLEN(xpl0)) {
1342 ipseclog((LOG_DEBUG, "key_msg2sp: Invalid msg length.\n"));
1343 *error = EINVAL;
1344 return NULL;
1345 }
1346
1347 if ((newsp = key_newsp(xpl0->sadb_x_policy_id)) == NULL) {
1348 *error = ENOBUFS;
1349 return NULL;
1350 }
1351
1352 newsp->dir = xpl0->sadb_x_policy_dir;
1353 newsp->policy = xpl0->sadb_x_policy_type;
1354
1355 /* check policy */
1356 switch (xpl0->sadb_x_policy_type) {
1357 case IPSEC_POLICY_DISCARD:
1358 case IPSEC_POLICY_NONE:
1359 case IPSEC_POLICY_ENTRUST:
1360 case IPSEC_POLICY_BYPASS:
1361 newsp->req = NULL;
1362 break;
1363
1364 case IPSEC_POLICY_IPSEC:
1365 {
1366 int tlen;
1367 struct sadb_x_ipsecrequest *xisr;
1368 struct ipsecrequest **p_isr = &newsp->req;
1369
1370 /* validity check */
1371 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
1372 ipseclog((LOG_DEBUG,
1373 "key_msg2sp: Invalid msg length.\n"));
1374 key_freesp(newsp);
1375 *error = EINVAL;
1376 return NULL;
1377 }
1378
1379 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
1380 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
1381
1382 while (tlen > 0) {
1383
1384 /* length check */
1385 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
1386 ipseclog((LOG_DEBUG, "key_msg2sp: "
1387 "invalid ipsecrequest length.\n"));
1388 key_freesp(newsp);
1389 *error = EINVAL;
1390 return NULL;
1391 }
1392
1393 /* allocate request buffer */
1394 KMALLOC(*p_isr, struct ipsecrequest *, sizeof(**p_isr));
1395 if ((*p_isr) == NULL) {
1396 ipseclog((LOG_DEBUG,
1397 "key_msg2sp: No more memory.\n"));
1398 key_freesp(newsp);
1399 *error = ENOBUFS;
1400 return NULL;
1401 }
1402 bzero(*p_isr, sizeof(**p_isr));
1403
1404 /* set values */
1405 (*p_isr)->next = NULL;
1406
1407 switch (xisr->sadb_x_ipsecrequest_proto) {
1408 case IPPROTO_ESP:
1409 case IPPROTO_AH:
1410 case IPPROTO_IPCOMP:
1411 break;
1412 default:
1413 ipseclog((LOG_DEBUG,
1414 "key_msg2sp: invalid proto type=%u\n",
1415 xisr->sadb_x_ipsecrequest_proto));
1416 key_freesp(newsp);
1417 *error = EPROTONOSUPPORT;
1418 return NULL;
1419 }
1420 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
1421
1422 switch (xisr->sadb_x_ipsecrequest_mode) {
1423 case IPSEC_MODE_TRANSPORT:
1424 case IPSEC_MODE_TUNNEL:
1425 break;
1426 case IPSEC_MODE_ANY:
1427 default:
1428 ipseclog((LOG_DEBUG,
1429 "key_msg2sp: invalid mode=%u\n",
1430 xisr->sadb_x_ipsecrequest_mode));
1431 key_freesp(newsp);
1432 *error = EINVAL;
1433 return NULL;
1434 }
1435 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
1436
1437 switch (xisr->sadb_x_ipsecrequest_level) {
1438 case IPSEC_LEVEL_DEFAULT:
1439 case IPSEC_LEVEL_USE:
1440 case IPSEC_LEVEL_REQUIRE:
1441 break;
1442 case IPSEC_LEVEL_UNIQUE:
1443 /* validity check */
1444 /*
1445 * If range violation of reqid, kernel will
1446 * update it, don't refuse it.
1447 */
1448 if (xisr->sadb_x_ipsecrequest_reqid
1449 > IPSEC_MANUAL_REQID_MAX) {
1450 ipseclog((LOG_DEBUG,
1451 "key_msg2sp: reqid=%u range "
1452 "violation, updated by kernel.\n",
1453 xisr->sadb_x_ipsecrequest_reqid));
1454 xisr->sadb_x_ipsecrequest_reqid = 0;
1455 }
1456
1457 /* allocate new reqid id if reqid is zero. */
1458 if (xisr->sadb_x_ipsecrequest_reqid == 0) {
1459 u_int32_t reqid;
1460 if ((reqid = key_newreqid()) == 0) {
1461 key_freesp(newsp);
1462 *error = ENOBUFS;
1463 return NULL;
1464 }
1465 (*p_isr)->saidx.reqid = reqid;
1466 xisr->sadb_x_ipsecrequest_reqid = reqid;
1467 } else {
1468 /* set it for manual keying. */
1469 (*p_isr)->saidx.reqid =
1470 xisr->sadb_x_ipsecrequest_reqid;
1471 }
1472 break;
1473
1474 default:
1475 ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n",
1476 xisr->sadb_x_ipsecrequest_level));
1477 key_freesp(newsp);
1478 *error = EINVAL;
1479 return NULL;
1480 }
1481 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
1482
1483 /* set IP addresses if there */
1484 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
1485 struct sockaddr *paddr;
1486
1487 paddr = (struct sockaddr *)(xisr + 1);
1488
1489 /* validity check */
1490 if (paddr->sa_len
1491 > sizeof((*p_isr)->saidx.src)) {
1492 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1493 "address length.\n"));
1494 key_freesp(newsp);
1495 *error = EINVAL;
1496 return NULL;
1497 }
1498 bcopy(paddr, &(*p_isr)->saidx.src,
1499 paddr->sa_len);
1500
1501 paddr = (struct sockaddr *)((caddr_t)paddr
1502 + paddr->sa_len);
1503
1504 /* validity check */
1505 if (paddr->sa_len
1506 > sizeof((*p_isr)->saidx.dst)) {
1507 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1508 "address length.\n"));
1509 key_freesp(newsp);
1510 *error = EINVAL;
1511 return NULL;
1512 }
1513 bcopy(paddr, &(*p_isr)->saidx.dst,
1514 paddr->sa_len);
1515 }
1516
1517 (*p_isr)->sav = NULL;
1518 (*p_isr)->sp = newsp;
1519
1520 /* initialization for the next. */
1521 p_isr = &(*p_isr)->next;
1522 tlen -= xisr->sadb_x_ipsecrequest_len;
1523
1524 /* validity check */
1525 if (tlen < 0) {
1526 ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n"));
1527 key_freesp(newsp);
1528 *error = EINVAL;
1529 return NULL;
1530 }
1531
1532 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
1533 + xisr->sadb_x_ipsecrequest_len);
1534 }
1535 }
1536 break;
1537 default:
1538 ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n"));
1539 key_freesp(newsp);
1540 *error = EINVAL;
1541 return NULL;
1542 }
1543
1544 *error = 0;
1545 return newsp;
1546 }
1547
1548 static u_int32_t
1549 key_newreqid()
1550 {
1551 static u_int32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
1552
1553 auto_reqid = (auto_reqid == ~0
1554 ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
1555
1556 /* XXX should be unique check */
1557
1558 return auto_reqid;
1559 }
1560
1561 /*
1562 * copy secpolicy struct to sadb_x_policy structure indicated.
1563 */
1564 struct mbuf *
1565 key_sp2msg(sp)
1566 struct secpolicy *sp;
1567 {
1568 struct sadb_x_policy *xpl;
1569 int tlen;
1570 caddr_t p;
1571 struct mbuf *m;
1572
1573 /* sanity check. */
1574 if (sp == NULL)
1575 panic("key_sp2msg: NULL pointer was passed.");
1576
1577 tlen = key_getspreqmsglen(sp);
1578
1579 m = key_alloc_mbuf(tlen);
1580 if (!m || m->m_next) { /*XXX*/
1581 if (m)
1582 m_freem(m);
1583 return NULL;
1584 }
1585
1586 m->m_len = tlen;
1587 m->m_next = NULL;
1588 xpl = mtod(m, struct sadb_x_policy *);
1589 bzero(xpl, tlen);
1590
1591 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
1592 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
1593 xpl->sadb_x_policy_type = sp->policy;
1594 xpl->sadb_x_policy_dir = sp->dir;
1595 xpl->sadb_x_policy_id = sp->id;
1596 p = (caddr_t)xpl + sizeof(*xpl);
1597
1598 /* if is the policy for ipsec ? */
1599 if (sp->policy == IPSEC_POLICY_IPSEC) {
1600 struct sadb_x_ipsecrequest *xisr;
1601 struct ipsecrequest *isr;
1602
1603 for (isr = sp->req; isr != NULL; isr = isr->next) {
1604
1605 xisr = (struct sadb_x_ipsecrequest *)p;
1606
1607 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
1608 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
1609 xisr->sadb_x_ipsecrequest_level = isr->level;
1610 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
1611
1612 p += sizeof(*xisr);
1613 bcopy(&isr->saidx.src, p, isr->saidx.src.ss_len);
1614 p += isr->saidx.src.ss_len;
1615 bcopy(&isr->saidx.dst, p, isr->saidx.dst.ss_len);
1616 p += isr->saidx.src.ss_len;
1617
1618 xisr->sadb_x_ipsecrequest_len =
1619 PFKEY_ALIGN8(sizeof(*xisr) +
1620 isr->saidx.src.ss_len + isr->saidx.dst.ss_len);
1621 }
1622 }
1623
1624 return m;
1625 }
1626
1627 /* m will not be freed nor modified */
1628 static struct mbuf *
1629 #ifdef __STDC__
1630 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
1631 int ndeep, int nitem, ...)
1632 #else
1633 key_gather_mbuf(m, mhp, ndeep, nitem, va_alist)
1634 struct mbuf *m;
1635 const struct sadb_msghdr *mhp;
1636 int ndeep;
1637 int nitem;
1638 va_dcl
1639 #endif
1640 {
1641 va_list ap;
1642 int idx;
1643 int i;
1644 struct mbuf *result = NULL, *n;
1645 int len;
1646
1647 if (m == NULL || mhp == NULL)
1648 panic("null pointer passed to key_gather");
1649
1650 va_start(ap, nitem);
1651 for (i = 0; i < nitem; i++) {
1652 idx = va_arg(ap, int);
1653 if (idx < 0 || idx > SADB_EXT_MAX)
1654 goto fail;
1655 /* don't attempt to pull empty extension */
1656 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
1657 continue;
1658 if (idx != SADB_EXT_RESERVED &&
1659 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
1660 continue;
1661
1662 if (idx == SADB_EXT_RESERVED) {
1663 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
1664 #ifdef DIAGNOSTIC
1665 if (len > MHLEN)
1666 panic("assumption failed");
1667 #endif
1668 MGETHDR(n, M_DONTWAIT, MT_DATA);
1669 if (!n)
1670 goto fail;
1671 n->m_len = len;
1672 n->m_next = NULL;
1673 m_copydata(m, 0, sizeof(struct sadb_msg),
1674 mtod(n, caddr_t));
1675 } else if (i < ndeep) {
1676 len = mhp->extlen[idx];
1677 n = key_alloc_mbuf(len);
1678 if (!n || n->m_next) { /*XXX*/
1679 if (n)
1680 m_freem(n);
1681 goto fail;
1682 }
1683 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
1684 mtod(n, caddr_t));
1685 } else {
1686 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
1687 M_DONTWAIT);
1688 }
1689 if (n == NULL)
1690 goto fail;
1691
1692 if (result)
1693 m_cat(result, n);
1694 else
1695 result = n;
1696 }
1697 va_end(ap);
1698
1699 if ((result->m_flags & M_PKTHDR) != 0) {
1700 result->m_pkthdr.len = 0;
1701 for (n = result; n; n = n->m_next)
1702 result->m_pkthdr.len += n->m_len;
1703 }
1704
1705 return result;
1706
1707 fail:
1708 va_end(ap);
1709 m_freem(result);
1710 return NULL;
1711 }
1712
1713 /*
1714 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
1715 * add an entry to SP database, when received
1716 * <base, address(SD), (lifetime(H),) policy>
1717 * from the user(?).
1718 * Adding to SP database,
1719 * and send
1720 * <base, address(SD), (lifetime(H),) policy>
1721 * to the socket which was send.
1722 *
1723 * SPDADD set a unique policy entry.
1724 * SPDSETIDX like SPDADD without a part of policy requests.
1725 * SPDUPDATE replace a unique policy entry.
1726 *
1727 * m will always be freed.
1728 */
1729 static int
1730 key_spdadd(so, m, mhp)
1731 struct socket *so;
1732 struct mbuf *m;
1733 const struct sadb_msghdr *mhp;
1734 {
1735 struct sadb_address *src0 = NULL, *dst0 = NULL;
1736 struct sadb_x_policy *xpl0, *xpl;
1737 struct sadb_lifetime *lft = NULL;
1738 struct secpolicyindex spidx;
1739 struct secpolicy *newsp;
1740 struct ipsecrequest *isr;
1741 int error;
1742 int spidxmode;
1743
1744 /* sanity check */
1745 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
1746 panic("key_spdadd: NULL pointer is passed.");
1747
1748 if (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL &&
1749 mhp->ext[SADB_EXT_ADDRESS_DST] != NULL) {
1750 ;
1751 } else {
1752 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1753 return key_senderror(so, m, EINVAL);
1754 }
1755 if (mhp->ext[SADB_X_EXT_POLICY] == NULL) {
1756 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1757 return key_senderror(so, m, EINVAL);
1758 }
1759 if ((mhp->extlen[SADB_EXT_ADDRESS_SRC] &&
1760 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address)) ||
1761 (mhp->extlen[SADB_EXT_ADDRESS_DST] &&
1762 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) ||
1763 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
1764 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1765 return key_senderror(so, m, EINVAL);
1766 }
1767 if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
1768 if (mhp->extlen[SADB_EXT_LIFETIME_HARD]
1769 < sizeof(struct sadb_lifetime)) {
1770 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1771 return key_senderror(so, m, EINVAL);
1772 }
1773 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
1774 }
1775
1776 /* spidx mode, or tag mode */
1777 spidxmode = (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL);
1778
1779 if (spidxmode) {
1780 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
1781 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
1782 /* make secindex */
1783 /* XXX boundary check against sa_len */
1784 KEY_SETSECSPIDX(src0 + 1, dst0 + 1,
1785 src0->sadb_address_prefixlen, dst0->sadb_address_prefixlen,
1786 src0->sadb_address_proto, &spidx);
1787 }
1788 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
1789
1790 /* checking the direciton. */
1791 switch (xpl0->sadb_x_policy_dir) {
1792 case IPSEC_DIR_INBOUND:
1793 case IPSEC_DIR_OUTBOUND:
1794 break;
1795 default:
1796 ipseclog((LOG_DEBUG, "key_spdadd: Invalid SP direction.\n"));
1797 mhp->msg->sadb_msg_errno = EINVAL;
1798 return 0;
1799 }
1800
1801 /* check policy */
1802 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
1803 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST ||
1804 xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
1805 ipseclog((LOG_DEBUG, "key_spdadd: Invalid policy type.\n"));
1806 return key_senderror(so, m, EINVAL);
1807 }
1808
1809 /* policy requests are mandatory when action is ipsec. */
1810 if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX &&
1811 xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
1812 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
1813 ipseclog((LOG_DEBUG, "key_spdadd: some policy requests part required.\n"));
1814 return key_senderror(so, m, EINVAL);
1815 }
1816
1817 /*
1818 * checking there is SP already or not.
1819 * SPDUPDATE doesn't depend on whether there is a SP or not.
1820 * If the type is either SPDADD or SPDSETIDX AND a SP is found,
1821 * then error.
1822 */
1823 if (xpl0->sadb_x_policy_id != 0)
1824 newsp = key_getspbyid(xpl0->sadb_x_policy_id);
1825 else if (spidxmode)
1826 newsp = key_getsp(&spidx, xpl0->sadb_x_policy_dir);
1827 else
1828 newsp = NULL;
1829
1830 if (newsp && (newsp->readonly || newsp->persist)) {
1831 ipseclog((LOG_DEBUG,
1832 "key_spdadd: tried to alter readonly/persistent SP.\n"));
1833 return key_senderror(so, m, EPERM);
1834 }
1835
1836 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
1837 if (newsp) {
1838 key_sp_dead(newsp);
1839 key_freesp(newsp); /* ref gained by key_getsp */
1840 key_sp_unlink(newsp);
1841 newsp = NULL;
1842 }
1843 } else {
1844 if (newsp != NULL) {
1845 key_freesp(newsp);
1846 ipseclog((LOG_DEBUG, "key_spdadd: a SP entry exists already.\n"));
1847 return key_senderror(so, m, EEXIST);
1848 }
1849 }
1850
1851 /* allocation new SP entry */
1852 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
1853 return key_senderror(so, m, error);
1854 }
1855
1856 if (spidxmode) {
1857 error = keydb_setsecpolicyindex(newsp, &spidx);
1858 if (error) {
1859 keydb_delsecpolicy(newsp);
1860 return key_senderror(so, m, error);
1861 }
1862
1863 /* sanity check on addr pair */
1864 if (((struct sockaddr *)(src0 + 1))->sa_family !=
1865 ((struct sockaddr *)(dst0 + 1))->sa_family) {
1866 keydb_delsecpolicy(newsp);
1867 return key_senderror(so, m, EINVAL);
1868 }
1869 if (((struct sockaddr *)(src0 + 1))->sa_len !=
1870 ((struct sockaddr *)(dst0 + 1))->sa_len) {
1871 keydb_delsecpolicy(newsp);
1872 return key_senderror(so, m, EINVAL);
1873 }
1874 }
1875
1876 for (isr = newsp->req; isr; isr = isr->next) {
1877 struct sockaddr *sa;
1878
1879 /*
1880 * port spec is not permitted for tunnel mode
1881 */
1882 if (isr->saidx.mode == IPSEC_MODE_TUNNEL && src0 && dst0) {
1883 sa = (struct sockaddr *)(src0 + 1);
1884 switch (sa->sa_family) {
1885 case AF_INET:
1886 if (((struct sockaddr_in *)sa)->sin_port) {
1887 keydb_delsecpolicy(newsp);
1888 return key_senderror(so, m, EINVAL);
1889 }
1890 break;
1891 case AF_INET6:
1892 if (((struct sockaddr_in6 *)sa)->sin6_port) {
1893 keydb_delsecpolicy(newsp);
1894 return key_senderror(so, m, EINVAL);
1895 }
1896 break;
1897 default:
1898 break;
1899 }
1900 sa = (struct sockaddr *)(dst0 + 1);
1901 switch (sa->sa_family) {
1902 case AF_INET:
1903 if (((struct sockaddr_in *)sa)->sin_port) {
1904 keydb_delsecpolicy(newsp);
1905 return key_senderror(so, m, EINVAL);
1906 }
1907 break;
1908 case AF_INET6:
1909 if (((struct sockaddr_in6 *)sa)->sin6_port) {
1910 keydb_delsecpolicy(newsp);
1911 return key_senderror(so, m, EINVAL);
1912 }
1913 break;
1914 default:
1915 break;
1916 }
1917 }
1918 }
1919
1920 /*
1921 * bark if we have different address family on tunnel address
1922 * specification. applies only if we decapsulate in RFC2401
1923 * IPsec (implementation limitation).
1924 */
1925 for (isr = newsp->req; isr; isr = isr->next) {
1926 struct sockaddr *sa;
1927
1928 if (isr->saidx.src.ss_family && src0) {
1929 sa = (struct sockaddr *)(src0 + 1);
1930 if (sa->sa_family != isr->saidx.src.ss_family) {
1931 keydb_delsecpolicy(newsp);
1932 return key_senderror(so, m, EINVAL);
1933 }
1934 }
1935 if (isr->saidx.dst.ss_family && dst0) {
1936 sa = (struct sockaddr *)(dst0 + 1);
1937 if (sa->sa_family != isr->saidx.dst.ss_family) {
1938 keydb_delsecpolicy(newsp);
1939 return key_senderror(so, m, EINVAL);
1940 }
1941 }
1942 }
1943
1944 newsp->created = time_second;
1945 newsp->lastused = time_second;
1946 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
1947 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
1948
1949 newsp->state = IPSEC_SPSTATE_ALIVE;
1950 LIST_INSERT_TAIL(&sptree[newsp->dir], newsp, secpolicy, chain);
1951
1952 /* delete the entry in spacqtree */
1953 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE &&
1954 mhp->ext[SADB_EXT_ADDRESS_SRC]) {
1955 struct secspacq *spacq;
1956 if ((spacq = key_getspacq(&spidx)) != NULL) {
1957 /* reset counter in order to deletion by timehandler. */
1958 spacq->created = time_second;
1959 spacq->count = 0;
1960 }
1961 }
1962
1963 /* invalidate all cached SPD pointers on pcb */
1964 ipsec_invalpcbcacheall();
1965
1966 {
1967 struct mbuf *n, *mpolicy;
1968 struct sadb_msg *newmsg;
1969 int off;
1970
1971 /* create new sadb_msg to reply. */
1972 if (lft) {
1973 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED,
1974 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD,
1975 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
1976 } else {
1977 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED,
1978 SADB_X_EXT_POLICY,
1979 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
1980 }
1981 if (!n)
1982 return key_senderror(so, m, ENOBUFS);
1983
1984 if (n->m_len < sizeof(*newmsg)) {
1985 n = m_pullup(n, sizeof(*newmsg));
1986 if (!n)
1987 return key_senderror(so, m, ENOBUFS);
1988 }
1989 newmsg = mtod(n, struct sadb_msg *);
1990 newmsg->sadb_msg_errno = 0;
1991 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
1992
1993 off = 0;
1994 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
1995 sizeof(*xpl), &off);
1996 if (mpolicy == NULL) {
1997 /* n is already freed */
1998 return key_senderror(so, m, ENOBUFS);
1999 }
2000 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off);
2001 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
2002 m_freem(n);
2003 return key_senderror(so, m, EINVAL);
2004 }
2005 xpl->sadb_x_policy_id = newsp->id;
2006
2007 m_freem(m);
2008 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2009 }
2010 }
2011
2012 /*
2013 * SADB_SPDDELETE processing
2014 * receive
2015 * <base, address(SD), policy(*)>
2016 * from the user(?), and set SADB_SASTATE_DEAD,
2017 * and send,
2018 * <base, address(SD), policy(*)>
2019 * to the ikmpd.
2020 * policy(*) including the direction of the policy.
2021 *
2022 * m will always be freed.
2023 */
2024 static int
2025 key_spddelete(so, m, mhp)
2026 struct socket *so;
2027 struct mbuf *m;
2028 const struct sadb_msghdr *mhp;
2029 {
2030 struct sadb_address *src0, *dst0;
2031 struct sadb_x_policy *xpl0;
2032 struct secpolicyindex spidx;
2033 struct secpolicy *sp;
2034
2035 /* sanity check */
2036 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2037 panic("key_spddelete: NULL pointer is passed.");
2038
2039 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
2040 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
2041 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
2042 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
2043 return key_senderror(so, m, EINVAL);
2044 }
2045 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
2046 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
2047 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2048 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
2049 return key_senderror(so, m, EINVAL);
2050 }
2051
2052 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
2053 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
2054 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
2055
2056 /* make secindex */
2057 /* XXX boundary check against sa_len */
2058 KEY_SETSECSPIDX(src0 + 1,
2059 dst0 + 1,
2060 src0->sadb_address_prefixlen,
2061 dst0->sadb_address_prefixlen,
2062 src0->sadb_address_proto,
2063 &spidx);
2064
2065 /* checking the direciton. */
2066 switch (xpl0->sadb_x_policy_dir) {
2067 case IPSEC_DIR_INBOUND:
2068 case IPSEC_DIR_OUTBOUND:
2069 break;
2070 default:
2071 ipseclog((LOG_DEBUG, "key_spddelete: Invalid SP direction.\n"));
2072 return key_senderror(so, m, EINVAL);
2073 }
2074
2075 /* Is there SP in SPD ? */
2076 if ((sp = key_getsp(&spidx, xpl0->sadb_x_policy_dir)) == NULL) {
2077 ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n"));
2078 return key_senderror(so, m, EINVAL);
2079 }
2080
2081 if (sp->persist) {
2082 ipseclog((LOG_DEBUG,
2083 "key_spddelete2: attempt to remove persistent SP:%u.\n",
2084 sp->id));
2085 key_freesp(sp); /* ref gained by key_getsp */
2086 return key_senderror(so, m, EPERM);
2087 }
2088
2089 /* save policy id to be returned. */
2090 xpl0->sadb_x_policy_id = sp->id;
2091
2092 key_sp_dead(sp);
2093 key_freesp(sp); /* ref gained by key_getsp */
2094 key_sp_unlink(sp);
2095 sp = NULL;
2096
2097 /* invalidate all cached SPD pointers on pcb */
2098 ipsec_invalpcbcacheall();
2099
2100 {
2101 struct mbuf *n;
2102 struct sadb_msg *newmsg;
2103
2104 /* create new sadb_msg to reply. */
2105 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
2106 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
2107 if (!n)
2108 return key_senderror(so, m, ENOBUFS);
2109
2110 newmsg = mtod(n, struct sadb_msg *);
2111 newmsg->sadb_msg_errno = 0;
2112 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2113
2114 m_freem(m);
2115 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2116 }
2117 }
2118
2119 /*
2120 * SADB_SPDDELETE2 processing
2121 * receive
2122 * <base, policy(*)>
2123 * from the user(?), and set SADB_SASTATE_DEAD,
2124 * and send,
2125 * <base, policy(*)>
2126 * to the ikmpd.
2127 * policy(*) including the policy id.
2128 *
2129 * m will always be freed.
2130 */
2131 static int
2132 key_spddelete2(so, m, mhp)
2133 struct socket *so;
2134 struct mbuf *m;
2135 const struct sadb_msghdr *mhp;
2136 {
2137 u_int32_t id;
2138 struct secpolicy *sp;
2139
2140 /* sanity check */
2141 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2142 panic("key_spddelete2: NULL pointer is passed.");
2143
2144 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2145 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2146 ipseclog((LOG_DEBUG, "key_spddelete2: invalid message is passed.\n"));
2147 return key_senderror(so, m, EINVAL);
2148 }
2149
2150 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2151
2152 /* Is there SP in SPD ? */
2153 if ((sp = key_getspbyid(id)) == NULL) {
2154 ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n",
2155 id));
2156 return key_senderror(so, m, EINVAL);
2157 }
2158
2159 if (sp->persist) {
2160 ipseclog((LOG_DEBUG,
2161 "key_spddelete2: attempt to remove persistent SP:%u.\n",
2162 id));
2163 key_freesp(sp); /* ref gained by key_getspbyid */
2164 return key_senderror(so, m, EPERM);
2165 }
2166
2167 key_sp_dead(sp);
2168 key_freesp(sp); /* ref gained by key_getspbyid */
2169 key_sp_unlink(sp);
2170 sp = NULL;
2171
2172 /* invalidate all cached SPD pointers on pcb */
2173 ipsec_invalpcbcacheall();
2174
2175 {
2176 struct mbuf *n, *nn;
2177 struct sadb_msg *newmsg;
2178 int off, len;
2179
2180 /* create new sadb_msg to reply. */
2181 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2182
2183 if (len > MCLBYTES)
2184 return key_senderror(so, m, ENOBUFS);
2185 MGETHDR(n, M_DONTWAIT, MT_DATA);
2186 if (n && len > MHLEN) {
2187 MCLGET(n, M_DONTWAIT);
2188 if ((n->m_flags & M_EXT) == 0) {
2189 m_freem(n);
2190 n = NULL;
2191 }
2192 }
2193 if (!n)
2194 return key_senderror(so, m, ENOBUFS);
2195
2196 n->m_len = len;
2197 n->m_next = NULL;
2198 off = 0;
2199
2200 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
2201 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
2202
2203 #ifdef DIAGNOSTIC
2204 if (off != len)
2205 panic("length inconsistency in key_spddelete2");
2206 #endif
2207
2208 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
2209 mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT);
2210 if (!n->m_next) {
2211 m_freem(n);
2212 return key_senderror(so, m, ENOBUFS);
2213 }
2214
2215 n->m_pkthdr.len = 0;
2216 for (nn = n; nn; nn = nn->m_next)
2217 n->m_pkthdr.len += nn->m_len;
2218
2219 newmsg = mtod(n, struct sadb_msg *);
2220 newmsg->sadb_msg_errno = 0;
2221 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2222
2223 m_freem(m);
2224 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2225 }
2226 }
2227
2228 /*
2229 * SADB_X_SPDGET processing
2230 * receive
2231 * <base, policy(*)>
2232 * from the user(?),
2233 * and send,
2234 * <base, address(SD), policy>
2235 * to the ikmpd.
2236 * policy(*) including direction of policy.
2237 *
2238 * m will always be freed.
2239 */
2240 static int
2241 key_spdget(so, m, mhp)
2242 struct socket *so;
2243 struct mbuf *m;
2244 const struct sadb_msghdr *mhp;
2245 {
2246 u_int32_t id;
2247 struct secpolicy *sp;
2248 struct mbuf *n;
2249
2250 /* sanity check */
2251 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2252 panic("key_spdget: NULL pointer is passed.");
2253
2254 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2255 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2256 ipseclog((LOG_DEBUG, "key_spdget: invalid message is passed.\n"));
2257 return key_senderror(so, m, EINVAL);
2258 }
2259
2260 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2261
2262 /* Is there SP in SPD ? */
2263 if ((sp = key_getspbyid(id)) == NULL) {
2264 ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n", id));
2265 return key_senderror(so, m, ENOENT);
2266 }
2267
2268 n = key_setdumpsp(sp, SADB_X_SPDGET, 0, mhp->msg->sadb_msg_pid);
2269 key_freesp(sp); /* ref gained by key_getspbyid */
2270 if (n != NULL) {
2271 m_freem(m);
2272 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2273 } else
2274 return key_senderror(so, m, ENOBUFS);
2275 }
2276
2277 /*
2278 * SADB_X_SPDACQUIRE processing.
2279 * Acquire policy and SA(s) for a *OUTBOUND* packet.
2280 * send
2281 * <base, policy(*)>
2282 * to KMD, and expect to receive
2283 * <base> with SADB_X_SPDACQUIRE if error occured,
2284 * or
2285 * <base, policy>
2286 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
2287 * policy(*) is without policy requests.
2288 *
2289 * 0 : succeed
2290 * others: error number
2291 */
2292 int
2293 key_spdacquire(sp)
2294 struct secpolicy *sp;
2295 {
2296 struct mbuf *result = NULL, *m;
2297 #ifndef IPSEC_NONBLOCK_ACQUIRE
2298 struct secspacq *newspacq;
2299 #endif
2300 int error = -1;
2301
2302 /* sanity check */
2303 if (sp == NULL)
2304 panic("key_spdacquire: NULL pointer is passed.");
2305 if (sp->req != NULL)
2306 panic("key_spdacquire: called but there is request.");
2307 if (sp->policy != IPSEC_POLICY_IPSEC)
2308 panic("key_spdacquire: policy mismathed. IPsec is expected.");
2309 if (!sp->spidx) {
2310 error = EOPNOTSUPP;
2311 goto fail;
2312 }
2313
2314 #ifndef IPSEC_NONBLOCK_ACQUIRE
2315 /* get an entry to check whether sent message or not. */
2316 if ((newspacq = key_getspacq(sp->spidx)) != NULL) {
2317 if (key_blockacq_count < newspacq->count) {
2318 /* reset counter and do send message. */
2319 newspacq->count = 0;
2320 } else {
2321 /* increment counter and do nothing. */
2322 newspacq->count++;
2323 return 0;
2324 }
2325 } else {
2326 /* make new entry for blocking to send SADB_ACQUIRE. */
2327 if ((newspacq = key_newspacq(sp->spidx)) == NULL)
2328 return ENOBUFS;
2329
2330 /* add to acqtree */
2331 LIST_INSERT_HEAD(&spacqtree, newspacq, chain);
2332 }
2333 #endif
2334
2335 /* create new sadb_msg to reply. */
2336 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
2337 if (!m) {
2338 error = ENOBUFS;
2339 goto fail;
2340 }
2341 result = m;
2342
2343 /* set sadb_x_policy */
2344 if (sp) {
2345 m = key_setsadbxpolicy(sp->policy, sp->dir, sp->id);
2346 if (!m) {
2347 error = ENOBUFS;
2348 goto fail;
2349 }
2350 m_cat(result, m);
2351 }
2352
2353 result->m_pkthdr.len = 0;
2354 for (m = result; m; m = m->m_next)
2355 result->m_pkthdr.len += m->m_len;
2356
2357 mtod(result, struct sadb_msg *)->sadb_msg_len =
2358 PFKEY_UNIT64(result->m_pkthdr.len);
2359
2360 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
2361
2362 fail:
2363 if (result)
2364 m_freem(result);
2365 return error;
2366 }
2367
2368 /*
2369 * SADB_SPDFLUSH processing
2370 * receive
2371 * <base>
2372 * from the user, and free all entries in secpctree.
2373 * and send,
2374 * <base>
2375 * to the user.
2376 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
2377 *
2378 * m will always be freed.
2379 */
2380 static int
2381 key_spdflush(so, m, mhp)
2382 struct socket *so;
2383 struct mbuf *m;
2384 const struct sadb_msghdr *mhp;
2385 {
2386 struct sadb_msg *newmsg;
2387 struct secpolicy *sp, *nextsp;
2388
2389 /* sanity check */
2390 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2391 panic("key_spdflush: NULL pointer is passed.");
2392
2393 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
2394 return key_senderror(so, m, EINVAL);
2395
2396 for (sp = TAILQ_FIRST(&sptailq); sp; sp = nextsp) {
2397 nextsp = TAILQ_NEXT(sp, tailq);
2398 if (sp->persist)
2399 continue;
2400 if (sp->state == IPSEC_SPSTATE_DEAD)
2401 continue;
2402 key_sp_dead(sp);
2403 key_sp_unlink(sp);
2404 sp = NULL;
2405 }
2406
2407 /* invalidate all cached SPD pointers on pcb */
2408 ipsec_invalpcbcacheall();
2409
2410 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
2411 ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n"));
2412 return key_senderror(so, m, ENOBUFS);
2413 }
2414
2415 if (m->m_next)
2416 m_freem(m->m_next);
2417 m->m_next = NULL;
2418 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2419 newmsg = mtod(m, struct sadb_msg *);
2420 newmsg->sadb_msg_errno = 0;
2421 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
2422
2423 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
2424 }
2425
2426 /*
2427 * SADB_SPDDUMP processing
2428 * receive
2429 * <base>
2430 * from the user, and dump all SP leaves
2431 * and send,
2432 * <base> .....
2433 * to the ikmpd.
2434 *
2435 * m will always be freed.
2436 */
2437 static int
2438 key_spddump(so, m, mhp)
2439 struct socket *so;
2440 struct mbuf *m;
2441 const struct sadb_msghdr *mhp;
2442 {
2443 struct secpolicy *sp;
2444 int cnt;
2445 u_int dir;
2446 struct mbuf *n;
2447
2448 /* sanity check */
2449 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2450 panic("key_spddump: NULL pointer is passed.");
2451
2452 /* search SPD entry and get buffer size. */
2453 cnt = 0;
2454 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2455 LIST_FOREACH(sp, &sptree[dir], chain) {
2456 cnt++;
2457 }
2458 }
2459
2460 if (cnt == 0)
2461 return key_senderror(so, m, ENOENT);
2462
2463 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2464 LIST_FOREACH(sp, &sptree[dir], chain) {
2465 --cnt;
2466 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
2467 mhp->msg->sadb_msg_pid);
2468
2469 if (n)
2470 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2471 }
2472 }
2473
2474 m_freem(m);
2475 return 0;
2476 }
2477
2478 static struct mbuf *
2479 key_setdumpsp(sp, type, seq, pid)
2480 struct secpolicy *sp;
2481 u_int8_t type;
2482 u_int32_t seq, pid;
2483 {
2484 struct mbuf *result = NULL, *m;
2485
2486 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
2487 if (!m)
2488 goto fail;
2489 result = m;
2490
2491 if (sp->spidx) {
2492 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2493 (struct sockaddr *)&sp->spidx->src, sp->spidx->prefs,
2494 sp->spidx->ul_proto);
2495 if (!m)
2496 goto fail;
2497 m_cat(result, m);
2498
2499 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2500 (struct sockaddr *)&sp->spidx->dst, sp->spidx->prefd,
2501 sp->spidx->ul_proto);
2502 if (!m)
2503 goto fail;
2504 m_cat(result, m);
2505 }
2506
2507 m = key_sp2msg(sp);
2508 if (!m)
2509 goto fail;
2510 m_cat(result, m);
2511
2512 m = key_setsadblifetime(SADB_EXT_LIFETIME_CURRENT,
2513 0, 0, (u_int64_t)sp->created, (u_int64_t)sp->lastused);
2514 if (!m)
2515 goto fail;
2516 m_cat(result, m);
2517
2518 m = key_setsadblifetime(SADB_EXT_LIFETIME_HARD,
2519 0, 0, (u_int64_t)sp->lifetime, (u_int64_t)sp->validtime);
2520 if (!m)
2521 goto fail;
2522 m_cat(result, m);
2523
2524 if ((result->m_flags & M_PKTHDR) == 0)
2525 goto fail;
2526
2527 if (result->m_len < sizeof(struct sadb_msg)) {
2528 result = m_pullup(result, sizeof(struct sadb_msg));
2529 if (result == NULL)
2530 goto fail;
2531 }
2532
2533 result->m_pkthdr.len = 0;
2534 for (m = result; m; m = m->m_next)
2535 result->m_pkthdr.len += m->m_len;
2536
2537 mtod(result, struct sadb_msg *)->sadb_msg_len =
2538 PFKEY_UNIT64(result->m_pkthdr.len);
2539
2540 return result;
2541
2542 fail:
2543 m_freem(result);
2544 return NULL;
2545 }
2546
2547 /*
2548 * get PFKEY message length for security policy and request.
2549 */
2550 static u_int
2551 key_getspreqmsglen(sp)
2552 struct secpolicy *sp;
2553 {
2554 u_int tlen;
2555
2556 tlen = sizeof(struct sadb_x_policy);
2557
2558 /* if is the policy for ipsec ? */
2559 if (sp->policy != IPSEC_POLICY_IPSEC)
2560 return tlen;
2561
2562 /* get length of ipsec requests */
2563 {
2564 struct ipsecrequest *isr;
2565 int len;
2566
2567 for (isr = sp->req; isr != NULL; isr = isr->next) {
2568 len = sizeof(struct sadb_x_ipsecrequest)
2569 + isr->saidx.src.ss_len
2570 + isr->saidx.dst.ss_len;
2571
2572 tlen += PFKEY_ALIGN8(len);
2573 }
2574 }
2575
2576 return tlen;
2577 }
2578
2579 /*
2580 * SADB_X_SPDEXPIRE processing
2581 * send
2582 * <base, address(SD), lifetime(CH), policy>
2583 * to KMD by PF_KEY.
2584 *
2585 * OUT: 0 : succeed
2586 * others : error number
2587 */
2588 static int
2589 key_spdexpire(sp)
2590 struct secpolicy *sp;
2591 {
2592 int s;
2593 struct mbuf *result = NULL, *m;
2594 int len;
2595 int error = -1;
2596 struct sadb_lifetime *lt;
2597
2598 /* XXX: Why do we lock ? */
2599 s = splnet(); /*called from softclock()*/
2600
2601 /* sanity check */
2602 if (sp == NULL)
2603 panic("key_spdexpire: NULL pointer is passed.");
2604
2605 /* set msg header */
2606 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
2607 if (!m) {
2608 error = ENOBUFS;
2609 goto fail;
2610 }
2611 result = m;
2612
2613 /* create lifetime extension (current and hard) */
2614 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
2615 m = key_alloc_mbuf(len);
2616 if (!m || m->m_next) { /*XXX*/
2617 if (m)
2618 m_freem(m);
2619 error = ENOBUFS;
2620 goto fail;
2621 }
2622 bzero(mtod(m, caddr_t), len);
2623 lt = mtod(m, struct sadb_lifetime *);
2624 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2625 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
2626 lt->sadb_lifetime_allocations = 0;
2627 lt->sadb_lifetime_bytes = 0;
2628 lt->sadb_lifetime_addtime = sp->created;
2629 lt->sadb_lifetime_usetime = sp->lastused;
2630 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
2631 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2632 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
2633 lt->sadb_lifetime_allocations = 0;
2634 lt->sadb_lifetime_bytes = 0;
2635 lt->sadb_lifetime_addtime = sp->lifetime;
2636 lt->sadb_lifetime_usetime = sp->validtime;
2637 m_cat(result, m);
2638
2639 /* set sadb_address for source */
2640 if (sp->spidx) {
2641 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2642 (struct sockaddr *)&sp->spidx->src,
2643 sp->spidx->prefs, sp->spidx->ul_proto);
2644 if (!m) {
2645 error = ENOBUFS;
2646 goto fail;
2647 }
2648 m_cat(result, m);
2649
2650 /* set sadb_address for destination */
2651 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2652 (struct sockaddr *)&sp->spidx->dst,
2653 sp->spidx->prefd, sp->spidx->ul_proto);
2654 if (!m) {
2655 error = ENOBUFS;
2656 goto fail;
2657 }
2658 m_cat(result, m);
2659 }
2660
2661 /* set secpolicy */
2662 m = key_sp2msg(sp);
2663 if (!m) {
2664 error = ENOBUFS;
2665 goto fail;
2666 }
2667 m_cat(result, m);
2668
2669 if ((result->m_flags & M_PKTHDR) == 0) {
2670 error = EINVAL;
2671 goto fail;
2672 }
2673
2674 if (result->m_len < sizeof(struct sadb_msg)) {
2675 result = m_pullup(result, sizeof(struct sadb_msg));
2676 if (result == NULL) {
2677 error = ENOBUFS;
2678 goto fail;
2679 }
2680 }
2681
2682 result->m_pkthdr.len = 0;
2683 for (m = result; m; m = m->m_next)
2684 result->m_pkthdr.len += m->m_len;
2685
2686 mtod(result, struct sadb_msg *)->sadb_msg_len =
2687 PFKEY_UNIT64(result->m_pkthdr.len);
2688
2689 splx(s);
2690 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
2691
2692 fail:
2693 if (result)
2694 m_freem(result);
2695 splx(s);
2696 return error;
2697 }
2698
2699 /* %%% SAD management */
2700 /*
2701 * allocating a memory for new SA head, and copy from the values of mhp.
2702 * OUT: NULL : failure due to the lack of memory.
2703 * others : pointer to new SA head.
2704 */
2705 static struct secashead *
2706 key_newsah(saidx)
2707 struct secasindex *saidx;
2708 {
2709 struct secashead *newsah;
2710
2711 /* sanity check */
2712 if (saidx == NULL)
2713 panic("key_newsaidx: NULL pointer is passed.");
2714
2715 newsah = keydb_newsecashead();
2716 if (newsah == NULL)
2717 return NULL;
2718
2719 bcopy(saidx, &newsah->saidx, sizeof(newsah->saidx));
2720
2721 /* add to saidxtree */
2722 newsah->state = SADB_SASTATE_MATURE;
2723 LIST_INSERT_HEAD(&sahtree, newsah, chain);
2724
2725 return (newsah);
2726 }
2727
2728 /*
2729 * delete SA index and all SA registerd.
2730 */
2731 static void
2732 key_delsah(sah)
2733 struct secashead *sah;
2734 {
2735 struct secasvar *sav, *nextsav;
2736 u_int stateidx, state;
2737 int s;
2738 int zombie = 0;
2739
2740 /* sanity check */
2741 if (sah == NULL)
2742 panic("key_delsah: NULL pointer is passed.");
2743
2744 s = splnet(); /*called from softclock()*/
2745
2746 /* searching all SA registerd in the secindex. */
2747 for (stateidx = 0;
2748 stateidx < _ARRAYLEN(saorder_state_any);
2749 stateidx++) {
2750
2751 state = saorder_state_any[stateidx];
2752 for (sav = LIST_FIRST(&sah->savtree[state]);
2753 sav != NULL;
2754 sav = nextsav) {
2755
2756 nextsav = LIST_NEXT(sav, chain);
2757
2758 if (sav->refcnt > 0) {
2759 /* give up to delete this sa */
2760 zombie++;
2761 continue;
2762 }
2763
2764 /* sanity check */
2765 KEY_CHKSASTATE(state, sav->state, "key_delsah");
2766
2767 /* remove back pointer */
2768 sav->sah = NULL;
2769
2770 key_freesav(sav);
2771
2772 sav = NULL;
2773 }
2774 }
2775
2776 /* delete sah only if there's no sav. */
2777 if (zombie) {
2778 splx(s);
2779 return;
2780 }
2781
2782 if (sah->sa_route.ro_rt) {
2783 RTFREE(sah->sa_route.ro_rt);
2784 sah->sa_route.ro_rt = (struct rtentry *)NULL;
2785 }
2786
2787 /* remove from tree of SA index */
2788 if (__LIST_CHAINED(sah))
2789 LIST_REMOVE(sah, chain);
2790
2791 KFREE(sah);
2792
2793 splx(s);
2794 return;
2795 }
2796
2797 /*
2798 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
2799 * and copy the values of mhp into new buffer.
2800 * When SAD message type is GETSPI:
2801 * to set sequence number from acq_seq++,
2802 * to set zero to SPI.
2803 * not to call key_setsava().
2804 * OUT: NULL : fail
2805 * others : pointer to new secasvar.
2806 *
2807 * does not modify mbuf. does not free mbuf on error.
2808 */
2809 static struct secasvar *
2810 key_newsav(m, mhp, sah, errp)
2811 struct mbuf *m;
2812 const struct sadb_msghdr *mhp;
2813 struct secashead *sah;
2814 int *errp;
2815 {
2816 struct secasvar *newsav;
2817 const struct sadb_sa *xsa;
2818
2819 /* sanity check */
2820 if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL)
2821 panic("key_newsa: NULL pointer is passed.");
2822
2823 newsav = keydb_newsecasvar();
2824 if (newsav == NULL) {
2825 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
2826 *errp = ENOBUFS;
2827 return NULL;
2828 }
2829
2830 switch (mhp->msg->sadb_msg_type) {
2831 case SADB_GETSPI:
2832 key_setspi(newsav, 0);
2833
2834 #ifdef IPSEC_DOSEQCHECK
2835 /* sync sequence number */
2836 if (mhp->msg->sadb_msg_seq == 0)
2837 newsav->seq =
2838 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
2839 else
2840 #endif
2841 newsav->seq = mhp->msg->sadb_msg_seq;
2842 break;
2843
2844 case SADB_ADD:
2845 /* sanity check */
2846 if (mhp->ext[SADB_EXT_SA] == NULL) {
2847 KFREE(newsav);
2848 ipseclog((LOG_DEBUG, "key_newsa: invalid message is passed.\n"));
2849 *errp = EINVAL;
2850 return NULL;
2851 }
2852 xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
2853 key_setspi(newsav, xsa->sadb_sa_spi);
2854 newsav->seq = mhp->msg->sadb_msg_seq;
2855 break;
2856 default:
2857 KFREE(newsav);
2858 *errp = EINVAL;
2859 return NULL;
2860 }
2861
2862 /* copy sav values */
2863 if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
2864 *errp = key_setsaval(newsav, m, mhp);
2865 if (*errp) {
2866 KFREE(newsav);
2867 return NULL;
2868 }
2869 }
2870
2871 /* reset created */
2872 newsav->created = time_second;
2873
2874 newsav->pid = mhp->msg->sadb_msg_pid;
2875
2876 /* add to satree */
2877 newsav->sah = sah;
2878 newsav->refcnt = 1;
2879 newsav->state = SADB_SASTATE_LARVAL;
2880 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
2881 secasvar, chain);
2882
2883 return newsav;
2884 }
2885
2886 /*
2887 * search SAD.
2888 * OUT:
2889 * NULL : not found
2890 * others : found, pointer to a SA.
2891 */
2892 static struct secashead *
2893 key_getsah(saidx)
2894 struct secasindex *saidx;
2895 {
2896 struct secashead *sah;
2897
2898 LIST_FOREACH(sah, &sahtree, chain) {
2899 if (sah->state == SADB_SASTATE_DEAD)
2900 continue;
2901 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE_REQID))
2902 return sah;
2903 }
2904
2905 return NULL;
2906 }
2907
2908 /*
2909 * check not to be duplicated SPI.
2910 * NOTE: this function is too slow due to searching all SAD.
2911 * OUT:
2912 * NULL : not found
2913 * others : found, pointer to a SA.
2914 */
2915 static struct secasvar *
2916 key_checkspidup(saidx, spi)
2917 struct secasindex *saidx;
2918 u_int32_t spi;
2919 {
2920 struct secasvar *sav;
2921 u_int stateidx, state;
2922
2923 /* check address family */
2924 if (saidx->src.ss_family != saidx->dst.ss_family) {
2925 ipseclog((LOG_DEBUG, "key_checkspidup: address family mismatched.\n"));
2926 return NULL;
2927 }
2928
2929 /* check all SAD */
2930 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
2931 if (sav->spi != spi)
2932 continue;
2933 for (stateidx = 0;
2934 stateidx < _ARRAYLEN(saorder_state_alive);
2935 stateidx++) {
2936 state = saorder_state_alive[stateidx];
2937 if (sav->state == state &&
2938 key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst))
2939 return sav;
2940 }
2941 }
2942
2943 return NULL;
2944 }
2945
2946 static void
2947 key_setspi(sav, spi)
2948 struct secasvar *sav;
2949 u_int32_t spi;
2950 {
2951 int s;
2952
2953 s = splnet();
2954 sav->spi = spi;
2955 if (sav->spihash.le_prev || sav->spihash.le_next)
2956 LIST_REMOVE(sav, spihash);
2957 LIST_INSERT_HEAD(&spihash[SPIHASH(spi)], sav, spihash);
2958 splx(s);
2959 }
2960
2961 /*
2962 * search SAD litmited alive SA, protocol, SPI.
2963 * OUT:
2964 * NULL : not found
2965 * others : found, pointer to a SA.
2966 */
2967 static struct secasvar *
2968 key_getsavbyspi(sah, spi)
2969 struct secashead *sah;
2970 u_int32_t spi;
2971 {
2972 struct secasvar *sav, *match;
2973 u_int stateidx, state, matchidx;
2974
2975 match = NULL;
2976 matchidx = _ARRAYLEN(saorder_state_alive);
2977 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
2978 if (sav->spi != spi)
2979 continue;
2980 if (sav->sah != sah)
2981 continue;
2982 for (stateidx = 0; stateidx < matchidx; stateidx++) {
2983 state = saorder_state_alive[stateidx];
2984 if (sav->state == state) {
2985 match = sav;
2986 matchidx = stateidx;
2987 break;
2988 }
2989 }
2990 }
2991
2992 return match;
2993 }
2994
2995 /*
2996 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
2997 * You must update these if need.
2998 * OUT: 0: success.
2999 * !0: failure.
3000 *
3001 * does not modify mbuf. does not free mbuf on error.
3002 */
3003 static int
3004 key_setsaval(sav, m, mhp)
3005 struct secasvar *sav;
3006 struct mbuf *m;
3007 const struct sadb_msghdr *mhp;
3008 {
3009 #ifdef IPSEC_ESP
3010 const struct esp_algorithm *algo;
3011 #endif
3012 int error = 0;
3013
3014 /* sanity check */
3015 if (m == NULL || mhp == NULL || mhp->msg == NULL)
3016 panic("key_setsaval: NULL pointer is passed.");
3017
3018 /* initialization */
3019 sav->replay = NULL;
3020 sav->key_auth = NULL;
3021 sav->key_enc = NULL;
3022 sav->sched = NULL;
3023 sav->schedlen = 0;
3024 sav->iv = NULL;
3025 sav->lft_c = NULL;
3026 sav->lft_h = NULL;
3027 sav->lft_s = NULL;
3028
3029 /* SA */
3030 if (mhp->ext[SADB_EXT_SA] != NULL) {
3031 const struct sadb_sa *sa0;
3032
3033 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
3034 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
3035 error = EINVAL;
3036 goto fail;
3037 }
3038
3039 sav->alg_auth = sa0->sadb_sa_auth;
3040 sav->alg_enc = sa0->sadb_sa_encrypt;
3041 sav->flags = sa0->sadb_sa_flags;
3042
3043 /* replay window */
3044 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
3045 sav->replay = keydb_newsecreplay(sa0->sadb_sa_replay);
3046 if (sav->replay == NULL) {
3047 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3048 error = ENOBUFS;
3049 goto fail;
3050 }
3051 }
3052 }
3053
3054 /* Authentication keys */
3055 if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
3056 const struct sadb_key *key0;
3057 int len;
3058
3059 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
3060 len = mhp->extlen[SADB_EXT_KEY_AUTH];
3061
3062 error = 0;
3063 if (len < sizeof(*key0)) {
3064 error = EINVAL;
3065 goto fail;
3066 }
3067 switch (mhp->msg->sadb_msg_satype) {
3068 case SADB_SATYPE_AH:
3069 case SADB_SATYPE_ESP:
3070 case SADB_X_SATYPE_TCPSIGNATURE:
3071 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3072 sav->alg_auth != SADB_X_AALG_NULL)
3073 error = EINVAL;
3074 break;
3075 case SADB_X_SATYPE_IPCOMP:
3076 default:
3077 error = EINVAL;
3078 break;
3079 }
3080 if (error) {
3081 ipseclog((LOG_DEBUG, "key_setsaval: invalid key_auth values.\n"));
3082 goto fail;
3083 }
3084
3085 sav->key_auth = (struct sadb_key *)key_newbuf(key0, len);
3086 if (sav->key_auth == NULL) {
3087 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3088 error = ENOBUFS;
3089 goto fail;
3090 }
3091 }
3092
3093 /* Encryption key */
3094 if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
3095 const struct sadb_key *key0;
3096 int len;
3097
3098 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
3099 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
3100
3101 error = 0;
3102 if (len < sizeof(*key0)) {
3103 error = EINVAL;
3104 goto fail;
3105 }
3106 switch (mhp->msg->sadb_msg_satype) {
3107 case SADB_SATYPE_ESP:
3108 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3109 sav->alg_enc != SADB_EALG_NULL) {
3110 error = EINVAL;
3111 break;
3112 }
3113 sav->key_enc = (struct sadb_key *)key_newbuf(key0, len);
3114 if (sav->key_enc == NULL) {
3115 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3116 error = ENOBUFS;
3117 goto fail;
3118 }
3119 break;
3120 case SADB_X_SATYPE_IPCOMP:
3121 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
3122 error = EINVAL;
3123 sav->key_enc = NULL; /*just in case*/
3124 break;
3125 case SADB_SATYPE_AH:
3126 case SADB_X_SATYPE_TCPSIGNATURE:
3127 default:
3128 error = EINVAL;
3129 break;
3130 }
3131 if (error) {
3132 ipseclog((LOG_DEBUG, "key_setsatval: invalid key_enc value.\n"));
3133 goto fail;
3134 }
3135 }
3136
3137 /* set iv */
3138 sav->ivlen = 0;
3139
3140 switch (mhp->msg->sadb_msg_satype) {
3141 case SADB_SATYPE_ESP:
3142 #ifdef IPSEC_ESP
3143 algo = esp_algorithm_lookup(sav->alg_enc);
3144 if (algo && algo->ivlen)
3145 sav->ivlen = (*algo->ivlen)(algo, sav);
3146 if (sav->ivlen == 0)
3147 break;
3148 KMALLOC(sav->iv, caddr_t, sav->ivlen);
3149 if (sav->iv == 0) {
3150 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3151 error = ENOBUFS;
3152 goto fail;
3153 }
3154
3155 /* initialize */
3156 key_randomfill(sav->iv, sav->ivlen);
3157 #endif
3158 break;
3159 case SADB_SATYPE_AH:
3160 case SADB_X_SATYPE_IPCOMP:
3161 case SADB_X_SATYPE_TCPSIGNATURE:
3162 break;
3163 default:
3164 ipseclog((LOG_DEBUG, "key_setsaval: invalid SA type.\n"));
3165 error = EINVAL;
3166 goto fail;
3167 }
3168
3169 /* reset created */
3170 sav->created = time_second;
3171
3172 /* make lifetime for CURRENT */
3173 KMALLOC(sav->lft_c, struct sadb_lifetime *,
3174 sizeof(struct sadb_lifetime));
3175 if (sav->lft_c == NULL) {
3176 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3177 error = ENOBUFS;
3178 goto fail;
3179 }
3180
3181 sav->lft_c->sadb_lifetime_len =
3182 PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3183 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
3184 sav->lft_c->sadb_lifetime_allocations = 0;
3185 sav->lft_c->sadb_lifetime_bytes = 0;
3186 sav->lft_c->sadb_lifetime_addtime = time_second;
3187 sav->lft_c->sadb_lifetime_usetime = 0;
3188
3189 /* lifetimes for HARD and SOFT */
3190 {
3191 const struct sadb_lifetime *lft0;
3192
3193 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
3194 if (lft0 != NULL) {
3195 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
3196 error = EINVAL;
3197 goto fail;
3198 }
3199 sav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0,
3200 sizeof(*lft0));
3201 if (sav->lft_h == NULL) {
3202 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3203 error = ENOBUFS;
3204 goto fail;
3205 }
3206 /* we no longer support byte lifetime */
3207 if (sav->lft_h->sadb_lifetime_bytes) {
3208 error = EINVAL;
3209 goto fail;
3210 }
3211 /* initialize? */
3212 }
3213
3214 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
3215 if (lft0 != NULL) {
3216 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
3217 error = EINVAL;
3218 goto fail;
3219 }
3220 sav->lft_s = (struct sadb_lifetime *)key_newbuf(lft0,
3221 sizeof(*lft0));
3222 if (sav->lft_s == NULL) {
3223 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3224 error = ENOBUFS;
3225 goto fail;
3226 }
3227 /* we no longer support byte lifetime */
3228 if (sav->lft_s->sadb_lifetime_bytes) {
3229 error = EINVAL;
3230 goto fail;
3231 }
3232 /* initialize? */
3233 }
3234 }
3235
3236 return 0;
3237
3238 fail:
3239 /* initialization */
3240 if (sav->replay != NULL) {
3241 keydb_delsecreplay(sav->replay);
3242 sav->replay = NULL;
3243 }
3244 if (sav->key_auth != NULL) {
3245 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
3246 KFREE(sav->key_auth);
3247 sav->key_auth = NULL;
3248 }
3249 if (sav->key_enc != NULL) {
3250 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
3251 KFREE(sav->key_enc);
3252 sav->key_enc = NULL;
3253 }
3254 if (sav->sched) {
3255 bzero(sav->sched, sav->schedlen);
3256 KFREE(sav->sched);
3257 sav->sched = NULL;
3258 }
3259 if (sav->iv != NULL) {
3260 KFREE(sav->iv);
3261 sav->iv = NULL;
3262 }
3263 if (sav->lft_c != NULL) {
3264 KFREE(sav->lft_c);
3265 sav->lft_c = NULL;
3266 }
3267 if (sav->lft_h != NULL) {
3268 KFREE(sav->lft_h);
3269 sav->lft_h = NULL;
3270 }
3271 if (sav->lft_s != NULL) {
3272 KFREE(sav->lft_s);
3273 sav->lft_s = NULL;
3274 }
3275
3276 return error;
3277 }
3278
3279 /*
3280 * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
3281 * OUT: 0: valid
3282 * other: errno
3283 */
3284 static int
3285 key_mature(sav)
3286 struct secasvar *sav;
3287 {
3288 int mature;
3289 int checkmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
3290 int mustmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
3291
3292 mature = 0;
3293
3294 /* check SPI value */
3295 switch (sav->sah->saidx.proto) {
3296 case IPPROTO_ESP:
3297 case IPPROTO_AH:
3298 if (ntohl(sav->spi) >= 0 && ntohl(sav->spi) <= 255) {
3299 ipseclog((LOG_DEBUG,
3300 "key_mature: illegal range of SPI %u.\n",
3301 (u_int32_t)ntohl(sav->spi)));
3302 return EINVAL;
3303 }
3304 break;
3305 }
3306
3307 /* check satype */
3308 switch (sav->sah->saidx.proto) {
3309 case IPPROTO_ESP:
3310 /* check flags */
3311 if ((sav->flags & SADB_X_EXT_OLD) &&
3312 (sav->flags & SADB_X_EXT_DERIV)) {
3313 ipseclog((LOG_DEBUG, "key_mature: "
3314 "invalid flag (derived) given to old-esp.\n"));
3315 return EINVAL;
3316 }
3317 if (sav->alg_auth == SADB_AALG_NONE)
3318 checkmask = 1;
3319 else
3320 checkmask = 3;
3321 mustmask = 1;
3322 break;
3323 case IPPROTO_AH:
3324 /* check flags */
3325 if (sav->flags & SADB_X_EXT_DERIV) {
3326 ipseclog((LOG_DEBUG, "key_mature: "
3327 "invalid flag (derived) given to AH SA.\n"));
3328 return EINVAL;
3329 }
3330 if (sav->alg_enc != SADB_EALG_NONE) {
3331 ipseclog((LOG_DEBUG, "key_mature: "
3332 "protocol and algorithm mismated.\n"));
3333 return (EINVAL);
3334 }
3335 checkmask = 2;
3336 mustmask = 2;
3337 break;
3338 case IPPROTO_IPCOMP:
3339 if (sav->alg_auth != SADB_AALG_NONE) {
3340 ipseclog((LOG_DEBUG, "key_mature: "
3341 "protocol and algorithm mismated.\n"));
3342 return (EINVAL);
3343 }
3344 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 &&
3345 ntohl(sav->spi) >= 0x10000) {
3346 ipseclog((LOG_DEBUG, "key_mature: invalid cpi for IPComp.\n"));
3347 return (EINVAL);
3348 }
3349 checkmask = 4;
3350 mustmask = 4;
3351 break;
3352 case IPPROTO_TCP:
3353 if (sav->alg_auth != SADB_X_AALG_TCP_MD5) {
3354 ipseclog((LOG_DEBUG, "key_mature: unsupported authentication algorithm %u\n",
3355 sav->alg_auth));
3356 return (EINVAL);
3357 }
3358 if (sav->alg_enc != SADB_EALG_NONE) {
3359 ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
3360 "mismated.\n", __func__));
3361 return(EINVAL);
3362 }
3363 if (sav->spi != htonl(0x1000)) {
3364 ipseclog((LOG_DEBUG, "key_mature: SPI must be TCP_SIG_SPI (0x1000)\n"));
3365 return (EINVAL);
3366 }
3367 checkmask = 2;
3368 mustmask = 2;
3369 break;
3370 default:
3371 ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n"));
3372 return EPROTONOSUPPORT;
3373 }
3374
3375 /* check authentication algorithm */
3376 if ((checkmask & 2) != 0) {
3377 const struct ah_algorithm *algo;
3378 int keylen;
3379
3380 algo = ah_algorithm_lookup(sav->alg_auth);
3381 if (!algo) {
3382 ipseclog((LOG_DEBUG, "key_mature: "
3383 "unknown authentication algorithm.\n"));
3384 return EINVAL;
3385 }
3386
3387 /* algorithm-dependent check */
3388 if (sav->key_auth)
3389 keylen = sav->key_auth->sadb_key_bits;
3390 else
3391 keylen = 0;
3392 if (keylen < algo->keymin || algo->keymax < keylen) {
3393 ipseclog((LOG_DEBUG,
3394 "key_mature: invalid AH key length %d "
3395 "(%d-%d allowed)\n",
3396 keylen, algo->keymin, algo->keymax));
3397 return EINVAL;
3398 }
3399
3400 if (algo->mature) {
3401 if ((*algo->mature)(sav)) {
3402 /* message generated in per-algorithm function*/
3403 return EINVAL;
3404 } else
3405 mature = SADB_SATYPE_AH;
3406 }
3407
3408 if ((mustmask & 2) != 0 && mature != SADB_SATYPE_AH) {
3409 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for AH\n"));
3410 return EINVAL;
3411 }
3412 }
3413
3414 /* check encryption algorithm */
3415 if ((checkmask & 1) != 0) {
3416 #ifdef IPSEC_ESP
3417 const struct esp_algorithm *algo;
3418 int keylen;
3419
3420 algo = esp_algorithm_lookup(sav->alg_enc);
3421 if (!algo) {
3422 ipseclog((LOG_DEBUG, "key_mature: unknown encryption algorithm.\n"));
3423 return EINVAL;
3424 }
3425
3426 /* algorithm-dependent check */
3427 if (sav->key_enc)
3428 keylen = sav->key_enc->sadb_key_bits;
3429 else
3430 keylen = 0;
3431 if (keylen < algo->keymin || algo->keymax < keylen) {
3432 ipseclog((LOG_DEBUG,
3433 "key_mature: invalid ESP key length %d "
3434 "(%d-%d allowed)\n",
3435 keylen, algo->keymin, algo->keymax));
3436 return EINVAL;
3437 }
3438
3439 if (algo->mature) {
3440 if ((*algo->mature)(sav)) {
3441 /* message generated in per-algorithm function*/
3442 return EINVAL;
3443 } else
3444 mature = SADB_SATYPE_ESP;
3445 }
3446
3447 if ((mustmask & 1) != 0 && mature != SADB_SATYPE_ESP) {
3448 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for ESP\n"));
3449 return EINVAL;
3450 }
3451 #else /*IPSEC_ESP*/
3452 ipseclog((LOG_DEBUG, "key_mature: ESP not supported in this configuration\n"));
3453 return EINVAL;
3454 #endif
3455 }
3456
3457 /* check compression algorithm */
3458 if ((checkmask & 4) != 0) {
3459 const struct ipcomp_algorithm *algo;
3460
3461 /* algorithm-dependent check */
3462 algo = ipcomp_algorithm_lookup(sav->alg_enc);
3463 if (!algo) {
3464 ipseclog((LOG_DEBUG, "key_mature: unknown compression algorithm.\n"));
3465 return EINVAL;
3466 }
3467 }
3468
3469 key_sa_chgstate(sav, SADB_SASTATE_MATURE);
3470
3471 return 0;
3472 }
3473
3474 /*
3475 * subroutine for SADB_GET and SADB_DUMP.
3476 */
3477 static struct mbuf *
3478 key_setdumpsa(sav, type, satype, seq, pid)
3479 struct secasvar *sav;
3480 u_int8_t type, satype;
3481 u_int32_t seq, pid;
3482 {
3483 struct mbuf *result = NULL, *tres = NULL, *m;
3484 int l = 0;
3485 int i;
3486 void *p;
3487 int dumporder[] = {
3488 SADB_EXT_SA, SADB_X_EXT_SA2,
3489 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
3490 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
3491 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
3492 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
3493 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
3494 };
3495
3496 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
3497 if (m == NULL)
3498 goto fail;
3499 result = m;
3500
3501 for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) {
3502 m = NULL;
3503 p = NULL;
3504 switch (dumporder[i]) {
3505 case SADB_EXT_SA:
3506 m = key_setsadbsa(sav);
3507 if (!m)
3508 goto fail;
3509 break;
3510
3511 case SADB_X_EXT_SA2:
3512 m = key_setsadbxsa2(sav->sah->saidx.mode,
3513 sav->replay ? (sav->replay->count & 0xffffffff) : 0,
3514 sav->sah->saidx.reqid);
3515 if (!m)
3516 goto fail;
3517 break;
3518
3519 case SADB_EXT_ADDRESS_SRC:
3520 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3521 (struct sockaddr *)&sav->sah->saidx.src,
3522 FULLMASK, IPSEC_ULPROTO_ANY);
3523 if (!m)
3524 goto fail;
3525 break;
3526
3527 case SADB_EXT_ADDRESS_DST:
3528 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3529 (struct sockaddr *)&sav->sah->saidx.dst,
3530 FULLMASK, IPSEC_ULPROTO_ANY);
3531 if (!m)
3532 goto fail;
3533 break;
3534
3535 case SADB_EXT_KEY_AUTH:
3536 if (!sav->key_auth)
3537 continue;
3538 l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len);
3539 p = sav->key_auth;
3540 break;
3541
3542 case SADB_EXT_KEY_ENCRYPT:
3543 if (!sav->key_enc)
3544 continue;
3545 l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len);
3546 p = sav->key_enc;
3547 break;
3548
3549 case SADB_EXT_LIFETIME_CURRENT:
3550 if (!sav->lft_c)
3551 continue;
3552 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len);
3553 p = sav->lft_c;
3554 break;
3555
3556 case SADB_EXT_LIFETIME_HARD:
3557 if (!sav->lft_h)
3558 continue;
3559 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len);
3560 p = sav->lft_h;
3561 break;
3562
3563 case SADB_EXT_LIFETIME_SOFT:
3564 if (!sav->lft_s)
3565 continue;
3566 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len);
3567 p = sav->lft_s;
3568 break;
3569
3570 case SADB_EXT_ADDRESS_PROXY:
3571 case SADB_EXT_IDENTITY_SRC:
3572 case SADB_EXT_IDENTITY_DST:
3573 /* XXX: should we brought from SPD ? */
3574 case SADB_EXT_SENSITIVITY:
3575 default:
3576 continue;
3577 }
3578
3579 if ((!m && !p) || (m && p))
3580 goto fail;
3581 if (p && tres) {
3582 M_PREPEND(tres, l, M_DONTWAIT);
3583 if (!tres)
3584 goto fail;
3585 bcopy(p, mtod(tres, caddr_t), l);
3586 continue;
3587 }
3588 if (p) {
3589 m = key_alloc_mbuf(l);
3590 if (!m)
3591 goto fail;
3592 m_copyback(m, 0, l, p);
3593 }
3594
3595 if (tres)
3596 m_cat(m, tres);
3597 tres = m;
3598 }
3599
3600 m_cat(result, tres);
3601
3602 if (result->m_len < sizeof(struct sadb_msg)) {
3603 result = m_pullup(result, sizeof(struct sadb_msg));
3604 if (result == NULL)
3605 goto fail;
3606 }
3607
3608 result->m_pkthdr.len = 0;
3609 for (m = result; m; m = m->m_next)
3610 result->m_pkthdr.len += m->m_len;
3611
3612 mtod(result, struct sadb_msg *)->sadb_msg_len =
3613 PFKEY_UNIT64(result->m_pkthdr.len);
3614
3615 return result;
3616
3617 fail:
3618 m_freem(result);
3619 m_freem(tres);
3620 return NULL;
3621 }
3622
3623 /*
3624 * set data into sadb_msg.
3625 */
3626 static struct mbuf *
3627 key_setsadbmsg(type, tlen, satype, seq, pid, reserved)
3628 u_int8_t type, satype;
3629 u_int16_t tlen;
3630 u_int32_t seq;
3631 pid_t pid;
3632 u_int16_t reserved;
3633 {
3634 struct mbuf *m;
3635 struct sadb_msg *p;
3636 int len;
3637
3638 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
3639 if (len > MCLBYTES)
3640 return NULL;
3641 MGETHDR(m, M_DONTWAIT, MT_DATA);
3642 if (m && len > MHLEN) {
3643 MCLGET(m, M_DONTWAIT);
3644 if ((m->m_flags & M_EXT) == 0) {
3645 m_freem(m);
3646 m = NULL;
3647 }
3648 }
3649 if (!m)
3650 return NULL;
3651 m->m_pkthdr.len = m->m_len = len;
3652 m->m_next = NULL;
3653
3654 p = mtod(m, struct sadb_msg *);
3655
3656 bzero(p, len);
3657 p->sadb_msg_version = PF_KEY_V2;
3658 p->sadb_msg_type = type;
3659 p->sadb_msg_errno = 0;
3660 p->sadb_msg_satype = satype;
3661 p->sadb_msg_len = PFKEY_UNIT64(tlen);
3662 p->sadb_msg_reserved = reserved;
3663 p->sadb_msg_seq = seq;
3664 p->sadb_msg_pid = (u_int32_t)pid;
3665
3666 return m;
3667 }
3668
3669 /*
3670 * copy secasvar data into sadb_address.
3671 */
3672 static struct mbuf *
3673 key_setsadbsa(sav)
3674 struct secasvar *sav;
3675 {
3676 struct mbuf *m;
3677 struct sadb_sa *p;
3678 int len;
3679
3680 len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
3681 m = key_alloc_mbuf(len);
3682 if (!m || m->m_next) { /*XXX*/
3683 if (m)
3684 m_freem(m);
3685 return NULL;
3686 }
3687
3688 p = mtod(m, struct sadb_sa *);
3689
3690 bzero(p, len);
3691 p->sadb_sa_len = PFKEY_UNIT64(len);
3692 p->sadb_sa_exttype = SADB_EXT_SA;
3693 p->sadb_sa_spi = sav->spi;
3694 p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);
3695 p->sadb_sa_state = sav->state;
3696 p->sadb_sa_auth = sav->alg_auth;
3697 p->sadb_sa_encrypt = sav->alg_enc;
3698 p->sadb_sa_flags = sav->flags;
3699
3700 return m;
3701 }
3702
3703 /*
3704 * set data into sadb_address.
3705 */
3706 static struct mbuf *
3707 key_setsadbaddr(exttype, saddr, prefixlen, ul_proto)
3708 u_int16_t exttype;
3709 struct sockaddr *saddr;
3710 u_int8_t prefixlen;
3711 u_int16_t ul_proto;
3712 {
3713 struct mbuf *m;
3714 struct sadb_address *p;
3715 size_t len;
3716
3717 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
3718 PFKEY_ALIGN8(saddr->sa_len);
3719 m = key_alloc_mbuf(len);
3720 if (!m || m->m_next) { /*XXX*/
3721 if (m)
3722 m_freem(m);
3723 return NULL;
3724 }
3725
3726 p = mtod(m, struct sadb_address *);
3727
3728 bzero(p, len);
3729 p->sadb_address_len = PFKEY_UNIT64(len);
3730 p->sadb_address_exttype = exttype;
3731 p->sadb_address_proto = ul_proto;
3732 if (prefixlen == FULLMASK) {
3733 switch (saddr->sa_family) {
3734 case AF_INET:
3735 prefixlen = sizeof(struct in_addr) << 3;
3736 break;
3737 case AF_INET6:
3738 prefixlen = sizeof(struct in6_addr) << 3;
3739 break;
3740 default:
3741 ; /*XXX*/
3742 }
3743 }
3744 p->sadb_address_prefixlen = prefixlen;
3745 p->sadb_address_reserved = 0;
3746
3747 bcopy(saddr,
3748 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
3749 saddr->sa_len);
3750
3751 return m;
3752 }
3753
3754 #if 0
3755 /*
3756 * set data into sadb_ident.
3757 */
3758 static struct mbuf *
3759 key_setsadbident(exttype, idtype, string, stringlen, id)
3760 u_int16_t exttype, idtype;
3761 caddr_t string;
3762 int stringlen;
3763 u_int64_t id;
3764 {
3765 struct mbuf *m;
3766 struct sadb_ident *p;
3767 size_t len;
3768
3769 len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen);
3770 m = key_alloc_mbuf(len);
3771 if (!m || m->m_next) { /*XXX*/
3772 if (m)
3773 m_freem(m);
3774 return NULL;
3775 }
3776
3777 p = mtod(m, struct sadb_ident *);
3778
3779 bzero(p, len);
3780 p->sadb_ident_len = PFKEY_UNIT64(len);
3781 p->sadb_ident_exttype = exttype;
3782 p->sadb_ident_type = idtype;
3783 p->sadb_ident_reserved = 0;
3784 p->sadb_ident_id = id;
3785
3786 bcopy(string,
3787 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_ident)),
3788 stringlen);
3789
3790 return m;
3791 }
3792 #endif
3793
3794 /*
3795 * set data into sadb_x_sa2.
3796 */
3797 static struct mbuf *
3798 key_setsadbxsa2(mode, seq, reqid)
3799 u_int8_t mode;
3800 u_int32_t seq, reqid;
3801 {
3802 struct mbuf *m;
3803 struct sadb_x_sa2 *p;
3804 size_t len;
3805
3806 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
3807 m = key_alloc_mbuf(len);
3808 if (!m || m->m_next) { /*XXX*/
3809 if (m)
3810 m_freem(m);
3811 return NULL;
3812 }
3813
3814 p = mtod(m, struct sadb_x_sa2 *);
3815
3816 bzero(p, len);
3817 p->sadb_x_sa2_len = PFKEY_UNIT64(len);
3818 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
3819 p->sadb_x_sa2_mode = mode;
3820 p->sadb_x_sa2_reserved1 = 0;
3821 p->sadb_x_sa2_reserved2 = 0;
3822 p->sadb_x_sa2_sequence = seq;
3823 p->sadb_x_sa2_reqid = reqid;
3824
3825 return m;
3826 }
3827
3828 /*
3829 * set data into sadb_lifetime
3830 */
3831 static struct mbuf *
3832 key_setsadblifetime(type, alloc, bytes, addtime, usetime)
3833 u_int16_t type;
3834 u_int32_t alloc;
3835 u_int64_t bytes, addtime, usetime;
3836 {
3837 struct mbuf *m;
3838 struct sadb_lifetime *p;
3839 size_t len;
3840
3841 len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime));
3842 m = key_alloc_mbuf(len);
3843 if (!m || m->m_next) { /*XXX*/
3844 if (m)
3845 m_freem(m);
3846 return NULL;
3847 }
3848
3849 p = mtod(m, struct sadb_lifetime *);
3850
3851 bzero(p, len);
3852 p->sadb_lifetime_len = PFKEY_UNIT64(len);
3853 p->sadb_lifetime_exttype = type;
3854 p->sadb_lifetime_allocations = alloc;
3855 p->sadb_lifetime_bytes = bytes;
3856 p->sadb_lifetime_addtime = addtime;
3857 p->sadb_lifetime_usetime = usetime;
3858
3859 return m;
3860 }
3861
3862 /*
3863 * set data into sadb_x_policy
3864 */
3865 static struct mbuf *
3866 key_setsadbxpolicy(type, dir, id)
3867 u_int16_t type;
3868 u_int8_t dir;
3869 u_int32_t id;
3870 {
3871 struct mbuf *m;
3872 struct sadb_x_policy *p;
3873 size_t len;
3874
3875 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
3876 m = key_alloc_mbuf(len);
3877 if (!m || m->m_next) { /*XXX*/
3878 if (m)
3879 m_freem(m);
3880 return NULL;
3881 }
3882
3883 p = mtod(m, struct sadb_x_policy *);
3884
3885 bzero(p, len);
3886 p->sadb_x_policy_len = PFKEY_UNIT64(len);
3887 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
3888 p->sadb_x_policy_type = type;
3889 p->sadb_x_policy_dir = dir;
3890 p->sadb_x_policy_id = id;
3891
3892 return m;
3893 }
3894
3895 /* %%% utilities */
3896 /*
3897 * copy a buffer into the new buffer allocated.
3898 */
3899 static void *
3900 key_newbuf(src, len)
3901 const void *src;
3902 u_int len;
3903 {
3904 caddr_t new;
3905
3906 KMALLOC(new, caddr_t, len);
3907 if (new == NULL) {
3908 ipseclog((LOG_DEBUG, "key_newbuf: No more memory.\n"));
3909 return NULL;
3910 }
3911 bcopy(src, new, len);
3912
3913 return new;
3914 }
3915
3916 /* compare my own address
3917 * OUT: 1: true, i.e. my address.
3918 * 0: false
3919 */
3920 static int
3921 key_ismyaddr(sa)
3922 struct sockaddr *sa;
3923 {
3924 #ifdef INET
3925 struct sockaddr_in *sin;
3926 struct in_ifaddr *ia;
3927 #endif
3928
3929 /* sanity check */
3930 if (sa == NULL)
3931 panic("key_ismyaddr: NULL pointer is passed.");
3932
3933 switch (sa->sa_family) {
3934 #ifdef INET
3935 case AF_INET:
3936 sin = (struct sockaddr_in *)sa;
3937 for (ia = in_ifaddrhead.tqh_first; ia;
3938 ia = ia->ia_link.tqe_next)
3939 {
3940 if (sin->sin_family == ia->ia_addr.sin_family &&
3941 sin->sin_len == ia->ia_addr.sin_len &&
3942 sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr)
3943 {
3944 return 1;
3945 }
3946 }
3947 break;
3948 #endif
3949 #ifdef INET6
3950 case AF_INET6:
3951 return key_ismyaddr6((struct sockaddr_in6 *)sa);
3952 #endif
3953 }
3954
3955 return 0;
3956 }
3957
3958 #ifdef INET6
3959 /*
3960 * compare my own address for IPv6.
3961 * 1: ours
3962 * 0: other
3963 * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
3964 */
3965 #include <netinet6/in6_var.h>
3966
3967 static int
3968 key_ismyaddr6(sin6)
3969 struct sockaddr_in6 *sin6;
3970 {
3971 struct in6_ifaddr *ia;
3972 struct in6_multi *in6m;
3973
3974 if (sa6_embedscope(sin6, 0) != 0)
3975 return 0;
3976
3977 for (ia = in6_ifaddr; ia; ia = ia->ia_next) {
3978 if (key_sockaddrcmp((struct sockaddr *)&sin6,
3979 (struct sockaddr *)&ia->ia_addr, 0) == 0)
3980 return 1;
3981
3982 /*
3983 * XXX Multicast
3984 * XXX why do we care about multlicast here while we don't care
3985 * about IPv4 multicast??
3986 */
3987 in6m = NULL;
3988 IN6_LOOKUP_MULTI(sin6->sin6_addr, ia->ia_ifp, in6m);
3989 if (in6m)
3990 return 1;
3991 }
3992
3993 /* loopback, just for safety */
3994 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
3995 return 1;
3996
3997 return 0;
3998 }
3999 #endif /*INET6*/
4000
4001 /*
4002 * compare two secasindex structure.
4003 * flag can specify to compare 2 saidxes.
4004 * compare two secasindex structure without both mode and reqid.
4005 * don't compare port.
4006 * IN:
4007 * saidx0: source, it can be in SAD.
4008 * saidx1: object.
4009 * OUT:
4010 * 1 : equal
4011 * 0 : not equal
4012 */
4013 static int
4014 key_cmpsaidx(saidx0, saidx1, flag)
4015 struct secasindex *saidx0, *saidx1;
4016 int flag;
4017 {
4018 /* sanity */
4019 if (saidx0 == NULL && saidx1 == NULL)
4020 return 1;
4021
4022 if (saidx0 == NULL || saidx1 == NULL)
4023 return 0;
4024
4025 if (saidx0->proto != saidx1->proto)
4026 return 0;
4027
4028 if (flag == CMP_EXACTLY) {
4029 if (saidx0->mode != saidx1->mode)
4030 return 0;
4031 if (saidx0->reqid != saidx1->reqid)
4032 return 0;
4033 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.ss_len) != 0 ||
4034 bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.ss_len) != 0)
4035 return 0;
4036 } else {
4037
4038 /* CMP_MODE_REQID, CMP_HEAD */
4039 if (flag == CMP_MODE_REQID) {
4040 /*
4041 * If reqid of SPD is non-zero, unique SA is required.
4042 * The result must be of same reqid in this case.
4043 */
4044 if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid)
4045 return 0;
4046 }
4047
4048 if (flag == CMP_MODE_REQID) {
4049 if (saidx0->mode != IPSEC_MODE_ANY &&
4050 saidx0->mode != saidx1->mode)
4051 return 0;
4052 }
4053
4054 if (key_sockaddrcmp((struct sockaddr *)&saidx0->src,
4055 (struct sockaddr *)&saidx1->src, 0) != 0) {
4056 return 0;
4057 }
4058 if (key_sockaddrcmp((struct sockaddr *)&saidx0->dst,
4059 (struct sockaddr *)&saidx1->dst, 0) != 0) {
4060 return 0;
4061 }
4062 }
4063
4064 return 1;
4065 }
4066
4067 /*
4068 * compare two secindex structure exactly.
4069 * IN:
4070 * spidx0: source, it is often in SPD.
4071 * spidx1: object, it is often from PFKEY message.
4072 * OUT:
4073 * 1 : equal
4074 * 0 : not equal
4075 */
4076 int
4077 key_cmpspidx_exactly(spidx0, spidx1)
4078 struct secpolicyindex *spidx0, *spidx1;
4079 {
4080 /* sanity */
4081 if (spidx0 == NULL && spidx1 == NULL)
4082 return 1;
4083
4084 if (spidx0 == NULL || spidx1 == NULL)
4085 return 0;
4086
4087 if (spidx0->prefs != spidx1->prefs || spidx0->prefd != spidx1->prefd ||
4088 spidx0->ul_proto != spidx1->ul_proto)
4089 return 0;
4090
4091 if (key_sockaddrcmp((struct sockaddr *)&spidx0->src,
4092 (struct sockaddr *)&spidx1->src, 1) != 0) {
4093 return 0;
4094 }
4095 if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst,
4096 (struct sockaddr *)&spidx1->dst, 1) != 0) {
4097 return 0;
4098 }
4099
4100 return 1;
4101 }
4102
4103 /*
4104 * compare two secindex structure with mask.
4105 * IN:
4106 * spidx0: source, it is often in SPD.
4107 * spidx1: object, it is often from IP header.
4108 * OUT:
4109 * 1 : equal
4110 * 0 : not equal
4111 */
4112 int
4113 key_cmpspidx_withmask(spidx0, spidx1)
4114 struct secpolicyindex *spidx0, *spidx1;
4115 {
4116 /* sanity */
4117 if (spidx0 == NULL && spidx1 == NULL)
4118 return 1;
4119
4120 if (spidx0 == NULL || spidx1 == NULL)
4121 return 0;
4122
4123 if (spidx0->src.ss_family != spidx1->src.ss_family ||
4124 spidx0->dst.ss_family != spidx1->dst.ss_family ||
4125 spidx0->src.ss_len != spidx1->src.ss_len ||
4126 spidx0->dst.ss_len != spidx1->dst.ss_len)
4127 return 0;
4128
4129 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
4130 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY &&
4131 spidx0->ul_proto != spidx1->ul_proto)
4132 return 0;
4133
4134 switch (spidx0->src.ss_family) {
4135 case AF_INET:
4136 if (satosin(&spidx0->src)->sin_port != IPSEC_PORT_ANY &&
4137 satosin(&spidx0->src)->sin_port !=
4138 satosin(&spidx1->src)->sin_port)
4139 return 0;
4140 if (!key_bbcmp((caddr_t)&satosin(&spidx0->src)->sin_addr,
4141 (caddr_t)&satosin(&spidx1->src)->sin_addr, spidx0->prefs))
4142 return 0;
4143 break;
4144 case AF_INET6:
4145 if (satosin6(&spidx0->src)->sin6_port != IPSEC_PORT_ANY &&
4146 satosin6(&spidx0->src)->sin6_port !=
4147 satosin6(&spidx1->src)->sin6_port)
4148 return 0;
4149 /*
4150 * scope_id check. if sin6_scope_id is 0, we regard it
4151 * as a wildcard scope, which matches any scope zone ID.
4152 */
4153 if (satosin6(&spidx0->src)->sin6_scope_id &&
4154 satosin6(&spidx1->src)->sin6_scope_id &&
4155 satosin6(&spidx0->src)->sin6_scope_id !=
4156 satosin6(&spidx1->src)->sin6_scope_id)
4157 return 0;
4158 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->src)->sin6_addr,
4159 (caddr_t)&satosin6(&spidx1->src)->sin6_addr, spidx0->prefs))
4160 return 0;
4161 break;
4162 default:
4163 /* XXX */
4164 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.ss_len) != 0)
4165 return 0;
4166 break;
4167 }
4168
4169 switch (spidx0->dst.ss_family) {
4170 case AF_INET:
4171 if (satosin(&spidx0->dst)->sin_port != IPSEC_PORT_ANY &&
4172 satosin(&spidx0->dst)->sin_port !=
4173 satosin(&spidx1->dst)->sin_port)
4174 return 0;
4175 if (!key_bbcmp((caddr_t)&satosin(&spidx0->dst)->sin_addr,
4176 (caddr_t)&satosin(&spidx1->dst)->sin_addr, spidx0->prefd))
4177 return 0;
4178 break;
4179 case AF_INET6:
4180 if (satosin6(&spidx0->dst)->sin6_port != IPSEC_PORT_ANY &&
4181 satosin6(&spidx0->dst)->sin6_port !=
4182 satosin6(&spidx1->dst)->sin6_port)
4183 return 0;
4184 /*
4185 * scope_id check. if sin6_scope_id is 0, we regard it
4186 * as a wildcard scope, which matches any scope zone ID.
4187 */
4188 if (satosin6(&spidx0->src)->sin6_scope_id &&
4189 satosin6(&spidx1->src)->sin6_scope_id &&
4190 satosin6(&spidx0->dst)->sin6_scope_id !=
4191 satosin6(&spidx1->dst)->sin6_scope_id)
4192 return 0;
4193 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->dst)->sin6_addr,
4194 (caddr_t)&satosin6(&spidx1->dst)->sin6_addr, spidx0->prefd))
4195 return 0;
4196 break;
4197 default:
4198 /* XXX */
4199 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.ss_len) != 0)
4200 return 0;
4201 break;
4202 }
4203
4204 /* XXX Do we check other field ? e.g. flowinfo */
4205
4206 return 1;
4207 }
4208
4209 /* returns 0 on match */
4210 static int
4211 key_sockaddrcmp(sa1, sa2, port)
4212 struct sockaddr *sa1;
4213 struct sockaddr *sa2;
4214 int port;
4215 {
4216 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
4217 return 1;
4218
4219 switch (sa1->sa_family) {
4220 case AF_INET:
4221 if (sa1->sa_len != sizeof(struct sockaddr_in))
4222 return 1;
4223 if (satosin(sa1)->sin_addr.s_addr !=
4224 satosin(sa2)->sin_addr.s_addr) {
4225 return 1;
4226 }
4227 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port)
4228 return 1;
4229 break;
4230 case AF_INET6:
4231 if (sa1->sa_len != sizeof(struct sockaddr_in6))
4232 return 1; /*EINVAL*/
4233 if (satosin6(sa1)->sin6_scope_id !=
4234 satosin6(sa2)->sin6_scope_id) {
4235 return 1;
4236 }
4237 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr,
4238 &satosin6(sa2)->sin6_addr)) {
4239 return 1;
4240 }
4241 if (port &&
4242 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) {
4243 return 1;
4244 }
4245 break;
4246 default:
4247 if (bcmp(sa1, sa2, sa1->sa_len) != 0)
4248 return 1;
4249 break;
4250 }
4251
4252 return 0;
4253 }
4254
4255 /*
4256 * compare two buffers with mask.
4257 * IN:
4258 * addr1: source
4259 * addr2: object
4260 * bits: Number of bits to compare
4261 * OUT:
4262 * 1 : equal
4263 * 0 : not equal
4264 */
4265 static int
4266 key_bbcmp(p1, p2, bits)
4267 caddr_t p1, p2;
4268 u_int bits;
4269 {
4270 u_int8_t mask;
4271
4272 /* XXX: This could be considerably faster if we compare a word
4273 * at a time, but it is complicated on LSB Endian machines */
4274
4275 /* Handle null pointers */
4276 if (p1 == NULL || p2 == NULL)
4277 return (p1 == p2);
4278
4279 while (bits >= 8) {
4280 if (*p1++ != *p2++)
4281 return 0;
4282 bits -= 8;
4283 }
4284
4285 if (bits > 0) {
4286 mask = ~((1<<(8-bits))-1);
4287 if ((*p1 & mask) != (*p2 & mask))
4288 return 0;
4289 }
4290 return 1; /* Match! */
4291 }
4292
4293 /*
4294 * time handler.
4295 * scanning SPD and SAD to check status for each entries,
4296 * and do to remove or to expire.
4297 * XXX: year 2038 problem may remain.
4298 */
4299 void
4300 key_timehandler(arg)
4301 void *arg;
4302 {
4303 u_int dir;
4304 int s;
4305 struct timeval tv;
4306
4307 microtime(&tv);
4308
4309 s = splnet(); /*called from softclock()*/
4310
4311 /* SPD */
4312 {
4313 struct secpolicy *sp, *nextsp;
4314
4315 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
4316 for (sp = LIST_FIRST(&sptree[dir]);
4317 sp != NULL;
4318 sp = nextsp) {
4319 nextsp = LIST_NEXT(sp, chain);
4320
4321 if (sp->state == IPSEC_SPSTATE_DEAD) {
4322 key_sp_unlink(sp); /*XXX*/
4323 sp = NULL;
4324 continue;
4325 }
4326
4327 if (sp->lifetime == 0 && sp->validtime == 0)
4328 continue;
4329
4330 /* the deletion will occur next time */
4331 if ((sp->lifetime &&
4332 tv.tv_sec - sp->created > sp->lifetime) ||
4333 (sp->validtime &&
4334 tv.tv_sec - sp->lastused > sp->validtime)) {
4335 key_sp_dead(sp);
4336 key_spdexpire(sp);
4337 continue;
4338 }
4339 }
4340 }
4341
4342 /* invalidate all cached SPD pointers on pcb */
4343 ipsec_invalpcbcacheall();
4344 }
4345
4346 /* SAD */
4347 {
4348 struct secashead *sah, *nextsah;
4349 struct secasvar *sav, *nextsav;
4350
4351 for (sah = LIST_FIRST(&sahtree);
4352 sah != NULL;
4353 sah = nextsah) {
4354
4355 nextsah = LIST_NEXT(sah, chain);
4356
4357 /* if sah has been dead, then delete it and process next sah. */
4358 if (sah->state == SADB_SASTATE_DEAD) {
4359 key_delsah(sah);
4360 continue;
4361 }
4362
4363 /* if LARVAL entry doesn't become MATURE, delete it. */
4364 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]);
4365 sav != NULL;
4366 sav = nextsav) {
4367
4368 nextsav = LIST_NEXT(sav, chain);
4369
4370 if (tv.tv_sec - sav->created > key_larval_lifetime) {
4371 key_freesav(sav);
4372 }
4373 }
4374
4375 /*
4376 * check MATURE entry to start to send expire message
4377 * whether or not.
4378 */
4379 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);
4380 sav != NULL;
4381 sav = nextsav) {
4382
4383 nextsav = LIST_NEXT(sav, chain);
4384
4385 /* we don't need to check. */
4386 if (sav->lft_s == NULL)
4387 continue;
4388
4389 /* sanity check */
4390 if (sav->lft_c == NULL) {
4391 ipseclog((LOG_DEBUG, "key_timehandler: "
4392 "There is no CURRENT time, why?\n"));
4393 continue;
4394 }
4395
4396 /* check SOFT lifetime */
4397 if (sav->lft_s->sadb_lifetime_addtime != 0 &&
4398 tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
4399 /*
4400 * check the SA if it has been used.
4401 * when it hasn't been used, delete it.
4402 * i don't think such SA will be used.
4403 */
4404 if (sav->lft_c->sadb_lifetime_usetime == 0) {
4405 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4406 key_freesav(sav);
4407 sav = NULL;
4408 } else {
4409 key_sa_chgstate(sav, SADB_SASTATE_DYING);
4410 /*
4411 * XXX If we keep to send expire
4412 * message in the status of
4413 * DYING. Do remove below code.
4414 */
4415 key_expire(sav);
4416 }
4417 }
4418
4419 /* check SOFT lifetime by bytes */
4420 /*
4421 * XXX I don't know the way to delete this SA
4422 * when new SA is installed. Caution when it's
4423 * installed too big lifetime by time.
4424 */
4425 else if (sav->lft_s->sadb_lifetime_bytes != 0
4426 && sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
4427
4428 key_sa_chgstate(sav, SADB_SASTATE_DYING);
4429 /*
4430 * XXX If we keep to send expire
4431 * message in the status of
4432 * DYING. Do remove below code.
4433 */
4434 key_expire(sav);
4435 }
4436 }
4437
4438 /* check DYING entry to change status to DEAD. */
4439 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]);
4440 sav != NULL;
4441 sav = nextsav) {
4442
4443 nextsav = LIST_NEXT(sav, chain);
4444
4445 /* we don't need to check. */
4446 if (sav->lft_h == NULL)
4447 continue;
4448
4449 /* sanity check */
4450 if (sav->lft_c == NULL) {
4451 ipseclog((LOG_DEBUG, "key_timehandler: "
4452 "There is no CURRENT time, why?\n"));
4453 continue;
4454 }
4455
4456 if (sav->lft_h->sadb_lifetime_addtime != 0 &&
4457 tv.tv_sec - sav->created > sav->lft_h->sadb_lifetime_addtime) {
4458 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4459 key_freesav(sav);
4460 sav = NULL;
4461 }
4462 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
4463 else if (sav->lft_s != NULL
4464 && sav->lft_s->sadb_lifetime_addtime != 0
4465 && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
4466 /*
4467 * XXX: should be checked to be
4468 * installed the valid SA.
4469 */
4470
4471 /*
4472 * If there is no SA then sending
4473 * expire message.
4474 */
4475 key_expire(sav);
4476 }
4477 #endif
4478 /* check HARD lifetime by bytes */
4479 else if (sav->lft_h->sadb_lifetime_bytes != 0
4480 && sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
4481 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4482 key_freesav(sav);
4483 sav = NULL;
4484 }
4485 }
4486
4487 /* delete entry in DEAD */
4488 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]);
4489 sav != NULL;
4490 sav = nextsav) {
4491
4492 nextsav = LIST_NEXT(sav, chain);
4493
4494 /* sanity check */
4495 if (sav->state != SADB_SASTATE_DEAD) {
4496 ipseclog((LOG_DEBUG, "key_timehandler: "
4497 "invalid sav->state "
4498 "(queue: %u SA: %u): "
4499 "kill it anyway\n",
4500 SADB_SASTATE_DEAD, sav->state));
4501 }
4502
4503 /*
4504 * do not call key_freesav() here.
4505 * sav should already be freed, and sav->refcnt
4506 * shows other references to sav
4507 * (such as from SPD).
4508 */
4509 }
4510 }
4511 }
4512
4513 #ifndef IPSEC_NONBLOCK_ACQUIRE
4514 /* ACQ tree */
4515 {
4516 struct secacq *acq, *nextacq;
4517
4518 for (acq = LIST_FIRST(&acqtree);
4519 acq != NULL;
4520 acq = nextacq) {
4521
4522 nextacq = LIST_NEXT(acq, chain);
4523
4524 if (tv.tv_sec - acq->created > key_blockacq_lifetime &&
4525 __LIST_CHAINED(acq)) {
4526 LIST_REMOVE(acq, chain);
4527 KFREE(acq);
4528 }
4529 }
4530 }
4531 #endif
4532
4533 /* SP ACQ tree */
4534 {
4535 struct secspacq *acq, *nextacq;
4536
4537 for (acq = LIST_FIRST(&spacqtree);
4538 acq != NULL;
4539 acq = nextacq) {
4540
4541 nextacq = LIST_NEXT(acq, chain);
4542
4543 if (tv.tv_sec - acq->created > key_blockacq_lifetime &&
4544 __LIST_CHAINED(acq)) {
4545 LIST_REMOVE(acq, chain);
4546 KFREE(acq);
4547 }
4548 }
4549 }
4550
4551 /*
4552 * should set timeout based on the most closest timer expiration.
4553 * we don't bother to do that yet.
4554 */
4555 callout_reset(&key_timehandler_ch, hz, key_timehandler, (void *)0);
4556
4557 splx(s);
4558 return;
4559 }
4560
4561 static u_long
4562 key_random()
4563 {
4564 u_long value;
4565
4566 key_randomfill(&value, sizeof(value));
4567 return value;
4568 }
4569
4570 void
4571 key_randomfill(p, l)
4572 void *p;
4573 size_t l;
4574 {
4575 size_t n;
4576 u_long v;
4577 static int warn = 1;
4578
4579 n = 0;
4580 n = (size_t)read_random(p, (u_int)l);
4581 /* last resort */
4582 while (n < l) {
4583 v = random();
4584 bcopy(&v, (u_int8_t *)p + n,
4585 l - n < sizeof(v) ? l - n : sizeof(v));
4586 n += sizeof(v);
4587
4588 if (warn) {
4589 printf("WARNING: pseudo-random number generator "
4590 "used for IPsec processing\n");
4591 warn = 0;
4592 }
4593 }
4594 }
4595
4596 /*
4597 * map SADB_SATYPE_* to IPPROTO_*.
4598 * if satype == SADB_SATYPE then satype is mapped to ~0.
4599 * OUT:
4600 * 0: invalid satype.
4601 */
4602 static u_int16_t
4603 key_satype2proto(satype)
4604 u_int8_t satype;
4605 {
4606 switch (satype) {
4607 case SADB_SATYPE_UNSPEC:
4608 return IPSEC_PROTO_ANY;
4609 case SADB_SATYPE_AH:
4610 return IPPROTO_AH;
4611 case SADB_SATYPE_ESP:
4612 return IPPROTO_ESP;
4613 case SADB_X_SATYPE_IPCOMP:
4614 return IPPROTO_IPCOMP;
4615 case SADB_X_SATYPE_TCPSIGNATURE:
4616 return IPPROTO_TCP;
4617 default:
4618 return 0;
4619 }
4620 /* NOTREACHED */
4621 }
4622
4623 /*
4624 * map IPPROTO_* to SADB_SATYPE_*
4625 * OUT:
4626 * 0: invalid protocol type.
4627 */
4628 static u_int8_t
4629 key_proto2satype(proto)
4630 u_int16_t proto;
4631 {
4632 switch (proto) {
4633 case IPPROTO_AH:
4634 return SADB_SATYPE_AH;
4635 case IPPROTO_ESP:
4636 return SADB_SATYPE_ESP;
4637 case IPPROTO_IPCOMP:
4638 return SADB_X_SATYPE_IPCOMP;
4639 case IPPROTO_TCP:
4640 return SADB_X_SATYPE_TCPSIGNATURE;
4641 default:
4642 return 0;
4643 }
4644 /* NOTREACHED */
4645 }
4646
4647 /* %%% PF_KEY */
4648 /*
4649 * SADB_GETSPI processing is to receive
4650 * <base, (SA2), src address, dst address, (SPI range)>
4651 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
4652 * tree with the status of LARVAL, and send
4653 * <base, SA(*), address(SD)>
4654 * to the IKMPd.
4655 *
4656 * IN: mhp: pointer to the pointer to each header.
4657 * OUT: NULL if fail.
4658 * other if success, return pointer to the message to send.
4659 */
4660 static int
4661 key_getspi(so, m, mhp)
4662 struct socket *so;
4663 struct mbuf *m;
4664 const struct sadb_msghdr *mhp;
4665 {
4666 struct sadb_address *src0, *dst0;
4667 struct secasindex saidx;
4668 struct secashead *newsah;
4669 struct secasvar *newsav;
4670 u_int8_t proto;
4671 u_int32_t spi;
4672 u_int8_t mode;
4673 u_int32_t reqid;
4674 int error;
4675
4676 /* sanity check */
4677 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
4678 panic("key_getspi: NULL pointer is passed.");
4679
4680 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
4681 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
4682 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
4683 return key_senderror(so, m, EINVAL);
4684 }
4685 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
4686 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
4687 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
4688 return key_senderror(so, m, EINVAL);
4689 }
4690 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
4691 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
4692 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
4693 } else {
4694 mode = IPSEC_MODE_ANY;
4695 reqid = 0;
4696 }
4697
4698 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
4699 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
4700
4701 /* map satype to proto */
4702 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
4703 ipseclog((LOG_DEBUG, "key_getspi: invalid satype is passed.\n"));
4704 return key_senderror(so, m, EINVAL);
4705 }
4706
4707 /* make sure if port number is zero. */
4708 switch (((struct sockaddr *)(src0 + 1))->sa_family) {
4709 case AF_INET:
4710 if (((struct sockaddr *)(src0 + 1))->sa_len !=
4711 sizeof(struct sockaddr_in))
4712 return key_senderror(so, m, EINVAL);
4713 ((struct sockaddr_in *)(src0 + 1))->sin_port = 0;
4714 break;
4715 case AF_INET6:
4716 if (((struct sockaddr *)(src0 + 1))->sa_len !=
4717 sizeof(struct sockaddr_in6))
4718 return key_senderror(so, m, EINVAL);
4719 ((struct sockaddr_in6 *)(src0 + 1))->sin6_port = 0;
4720 break;
4721 default:
4722 ; /*???*/
4723 }
4724 switch (((struct sockaddr *)(dst0 + 1))->sa_family) {
4725 case AF_INET:
4726 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
4727 sizeof(struct sockaddr_in))
4728 return key_senderror(so, m, EINVAL);
4729 ((struct sockaddr_in *)(dst0 + 1))->sin_port = 0;
4730 break;
4731 case AF_INET6:
4732 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
4733 sizeof(struct sockaddr_in6))
4734 return key_senderror(so, m, EINVAL);
4735 ((struct sockaddr_in6 *)(dst0 + 1))->sin6_port = 0;
4736 break;
4737 default:
4738 ; /*???*/
4739 }
4740
4741 /* XXX boundary check against sa_len */
4742 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
4743
4744 /* SPI allocation */
4745 spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE],
4746 &saidx);
4747 if (spi == 0)
4748 return key_senderror(so, m, EINVAL);
4749
4750 /* get a SA index */
4751 if ((newsah = key_getsah(&saidx)) == NULL) {
4752 /* create a new SA index */
4753 if ((newsah = key_newsah(&saidx)) == NULL) {
4754 ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n"));
4755 return key_senderror(so, m, ENOBUFS);
4756 }
4757 }
4758
4759 /* get a new SA */
4760 /* XXX rewrite */
4761 newsav = key_newsav(m, mhp, newsah, &error);
4762 if (newsav == NULL) {
4763 /* XXX don't free new SA index allocated in above. */
4764 return key_senderror(so, m, error);
4765 }
4766
4767 /* set spi */
4768 key_setspi(newsav, htonl(spi));
4769
4770 #ifndef IPSEC_NONBLOCK_ACQUIRE
4771 /* delete the entry in acqtree */
4772 if (mhp->msg->sadb_msg_seq != 0) {
4773 struct secacq *acq;
4774 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
4775 /* reset counter in order to deletion by timehandler. */
4776 acq->created = time_second;
4777 acq->count = 0;
4778 }
4779 }
4780 #endif
4781
4782 {
4783 struct mbuf *n, *nn;
4784 struct sadb_sa *m_sa;
4785 struct sadb_msg *newmsg;
4786 int off, len;
4787
4788 /* create new sadb_msg to reply. */
4789 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
4790 PFKEY_ALIGN8(sizeof(struct sadb_sa));
4791 if (len > MCLBYTES)
4792 return key_senderror(so, m, ENOBUFS);
4793
4794 MGETHDR(n, M_DONTWAIT, MT_DATA);
4795 if (len > MHLEN) {
4796 MCLGET(n, M_DONTWAIT);
4797 if ((n->m_flags & M_EXT) == 0) {
4798 m_freem(n);
4799 n = NULL;
4800 }
4801 }
4802 if (!n)
4803 return key_senderror(so, m, ENOBUFS);
4804
4805 n->m_len = len;
4806 n->m_next = NULL;
4807 off = 0;
4808
4809 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
4810 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
4811
4812 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off);
4813 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
4814 m_sa->sadb_sa_exttype = SADB_EXT_SA;
4815 m_sa->sadb_sa_spi = htonl(spi);
4816 off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
4817
4818 #ifdef DIAGNOSTIC
4819 if (off != len)
4820 panic("length inconsistency in key_getspi");
4821 #endif
4822
4823 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC,
4824 SADB_EXT_ADDRESS_DST);
4825 if (!n->m_next) {
4826 m_freem(n);
4827 return key_senderror(so, m, ENOBUFS);
4828 }
4829
4830 if (n->m_len < sizeof(struct sadb_msg)) {
4831 n = m_pullup(n, sizeof(struct sadb_msg));
4832 if (n == NULL)
4833 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
4834 }
4835
4836 n->m_pkthdr.len = 0;
4837 for (nn = n; nn; nn = nn->m_next)
4838 n->m_pkthdr.len += nn->m_len;
4839
4840 newmsg = mtod(n, struct sadb_msg *);
4841 newmsg->sadb_msg_seq = newsav->seq;
4842 newmsg->sadb_msg_errno = 0;
4843 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
4844
4845 m_freem(m);
4846 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
4847 }
4848 }
4849
4850 /*
4851 * allocating new SPI
4852 * called by key_getspi().
4853 * OUT:
4854 * 0: failure.
4855 * others: success.
4856 */
4857 static u_int32_t
4858 key_do_getnewspi(spirange, saidx)
4859 struct sadb_spirange *spirange;
4860 struct secasindex *saidx;
4861 {
4862 u_int32_t newspi;
4863 u_int32_t min, max;
4864 int count = key_spi_trycnt;
4865
4866 /* set spi range to allocate */
4867 if (spirange != NULL) {
4868 min = spirange->sadb_spirange_min;
4869 max = spirange->sadb_spirange_max;
4870 } else {
4871 min = key_spi_minval;
4872 max = key_spi_maxval;
4873 }
4874 /* IPCOMP needs 2-byte SPI */
4875 if (saidx->proto == IPPROTO_IPCOMP) {
4876 u_int32_t t;
4877 if (min >= 0x10000)
4878 min = 0xffff;
4879 if (max >= 0x10000)
4880 max = 0xffff;
4881 if (min > max) {
4882 t = min; min = max; max = t;
4883 }
4884 }
4885
4886 if (min == max) {
4887 if (key_checkspidup(saidx, min) != NULL) {
4888 ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", min));
4889 return 0;
4890 }
4891
4892 count--; /* taking one cost. */
4893 newspi = min;
4894
4895 } else {
4896
4897 /* init SPI */
4898 newspi = 0;
4899
4900 /* when requesting to allocate spi ranged */
4901 while (count--) {
4902 /* generate pseudo-random SPI value ranged. */
4903 newspi = min + (key_random() % (max - min + 1));
4904
4905 if (key_checkspidup(saidx, newspi) == NULL)
4906 break;
4907 }
4908
4909 if (count == 0 || newspi == 0) {
4910 ipseclog((LOG_DEBUG, "key_do_getnewspi: to allocate spi is failed.\n"));
4911 return 0;
4912 }
4913 }
4914
4915 /* statistics */
4916 keystat.getspi_count =
4917 (keystat.getspi_count + key_spi_trycnt - count) / 2;
4918
4919 return newspi;
4920 }
4921
4922 /*
4923 * SADB_UPDATE processing
4924 * receive
4925 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
4926 * key(AE), (identity(SD),) (sensitivity)>
4927 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
4928 * and send
4929 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
4930 * (identity(SD),) (sensitivity)>
4931 * to the ikmpd.
4932 *
4933 * m will always be freed.
4934 */
4935 static int
4936 key_update(so, m, mhp)
4937 struct socket *so;
4938 struct mbuf *m;
4939 const struct sadb_msghdr *mhp;
4940 {
4941 struct sadb_sa *sa0;
4942 struct sadb_address *src0, *dst0;
4943 struct secasindex saidx;
4944 struct secashead *sah;
4945 struct secasvar *sav;
4946 u_int16_t proto;
4947 u_int8_t mode;
4948 u_int32_t reqid;
4949 int error;
4950
4951 /* sanity check */
4952 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
4953 panic("key_update: NULL pointer is passed.");
4954
4955 /* map satype to proto */
4956 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
4957 ipseclog((LOG_DEBUG, "key_update: invalid satype is passed.\n"));
4958 return key_senderror(so, m, EINVAL);
4959 }
4960
4961 if (mhp->ext[SADB_EXT_SA] == NULL ||
4962 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
4963 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
4964 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
4965 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
4966 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
4967 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
4968 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
4969 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
4970 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
4971 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
4972 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
4973 return key_senderror(so, m, EINVAL);
4974 }
4975 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
4976 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
4977 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
4978 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
4979 return key_senderror(so, m, EINVAL);
4980 }
4981 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
4982 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
4983 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
4984 } else {
4985 mode = IPSEC_MODE_ANY;
4986 reqid = 0;
4987 }
4988 /* XXX boundary checking for other extensions */
4989
4990 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
4991 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
4992 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
4993
4994 /* XXX boundary check against sa_len */
4995 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
4996
4997 /* get a SA header */
4998 if ((sah = key_getsah(&saidx)) == NULL) {
4999 ipseclog((LOG_DEBUG, "key_update: no SA index found.\n"));
5000 return key_senderror(so, m, ENOENT);
5001 }
5002
5003 /* set spidx if there */
5004 /* XXX rewrite */
5005 error = key_setident(sah, m, mhp);
5006 if (error)
5007 return key_senderror(so, m, error);
5008
5009 /* find a SA with sequence number. */
5010 #ifdef IPSEC_DOSEQCHECK
5011 if (mhp->msg->sadb_msg_seq != 0 &&
5012 (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
5013 ipseclog((LOG_DEBUG,
5014 "key_update: no larval SA with sequence %u exists.\n",
5015 mhp->msg->sadb_msg_seq));
5016 return key_senderror(so, m, ENOENT);
5017 }
5018 #else
5019 if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) {
5020 ipseclog((LOG_DEBUG,
5021 "key_update: no such a SA found (spi:%u)\n",
5022 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
5023 return key_senderror(so, m, EINVAL);
5024 }
5025 #endif
5026
5027 /* validity check */
5028 if (sav->sah->saidx.proto != proto) {
5029 ipseclog((LOG_DEBUG,
5030 "key_update: protocol mismatched (DB=%u param=%u)\n",
5031 sav->sah->saidx.proto, proto));
5032 return key_senderror(so, m, EINVAL);
5033 }
5034 #ifdef IPSEC_DOSEQCHECK
5035 if (sav->spi != sa0->sadb_sa_spi) {
5036 ipseclog((LOG_DEBUG,
5037 "key_update: SPI mismatched (DB:%u param:%u)\n",
5038 (u_int32_t)ntohl(sav->spi),
5039 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
5040 return key_senderror(so, m, EINVAL);
5041 }
5042 #endif
5043 if (sav->pid != mhp->msg->sadb_msg_pid) {
5044 ipseclog((LOG_DEBUG,
5045 "key_update: pid mismatched (DB:%u param:%u)\n",
5046 sav->pid, mhp->msg->sadb_msg_pid));
5047 return key_senderror(so, m, EINVAL);
5048 }
5049
5050 /* copy sav values */
5051 error = key_setsaval(sav, m, mhp);
5052 if (error) {
5053 key_freesav(sav);
5054 return key_senderror(so, m, error);
5055 }
5056
5057 /* check SA values to be mature. */
5058 if ((error = key_mature(sav)) != 0) {
5059 key_freesav(sav);
5060 return key_senderror(so, m, error);
5061 }
5062
5063 {
5064 struct mbuf *n;
5065
5066 /* set msg buf from mhp */
5067 n = key_getmsgbuf_x1(m, mhp);
5068 if (n == NULL) {
5069 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
5070 return key_senderror(so, m, ENOBUFS);
5071 }
5072
5073 m_freem(m);
5074 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5075 }
5076 }
5077
5078 /*
5079 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
5080 * only called by key_update().
5081 * OUT:
5082 * NULL : not found
5083 * others : found, pointer to a SA.
5084 */
5085 #ifdef IPSEC_DOSEQCHECK
5086 static struct secasvar *
5087 key_getsavbyseq(sah, seq)
5088 struct secashead *sah;
5089 u_int32_t seq;
5090 {
5091 struct secasvar *sav;
5092 u_int state;
5093
5094 state = SADB_SASTATE_LARVAL;
5095
5096 /* search SAD with sequence number ? */
5097 LIST_FOREACH(sav, &sah->savtree[state], chain) {
5098
5099 KEY_CHKSASTATE(state, sav->state, "key_getsabyseq");
5100
5101 if (sav->seq == seq) {
5102 sav->refcnt++;
5103 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
5104 printf("DP key_getsavbyseq cause "
5105 "refcnt++:%d SA:%p\n",
5106 sav->refcnt, sav));
5107 return sav;
5108 }
5109 }
5110
5111 return NULL;
5112 }
5113 #endif
5114
5115 /*
5116 * SADB_ADD processing
5117 * add an entry to SA database, when received
5118 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5119 * key(AE), (identity(SD),) (sensitivity)>
5120 * from the ikmpd,
5121 * and send
5122 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5123 * (identity(SD),) (sensitivity)>
5124 * to the ikmpd.
5125 *
5126 * IGNORE identity and sensitivity messages.
5127 *
5128 * m will always be freed.
5129 */
5130 static int
5131 key_add(so, m, mhp)
5132 struct socket *so;
5133 struct mbuf *m;
5134 const struct sadb_msghdr *mhp;
5135 {
5136 struct sadb_sa *sa0;
5137 struct sadb_address *src0, *dst0;
5138 struct secasindex saidx;
5139 struct secashead *newsah;
5140 struct secasvar *newsav;
5141 u_int16_t proto;
5142 u_int8_t mode;
5143 u_int32_t reqid;
5144 int error;
5145
5146 /* sanity check */
5147 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5148 panic("key_add: NULL pointer is passed.");
5149
5150 /* map satype to proto */
5151 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5152 ipseclog((LOG_DEBUG, "key_add: invalid satype is passed.\n"));
5153 return key_senderror(so, m, EINVAL);
5154 }
5155
5156 if (mhp->ext[SADB_EXT_SA] == NULL ||
5157 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5158 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
5159 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
5160 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
5161 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
5162 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
5163 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
5164 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
5165 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
5166 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
5167 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
5168 return key_senderror(so, m, EINVAL);
5169 }
5170 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
5171 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5172 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5173 /* XXX need more */
5174 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
5175 return key_senderror(so, m, EINVAL);
5176 }
5177 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
5178 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5179 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5180 } else {
5181 mode = IPSEC_MODE_ANY;
5182 reqid = 0;
5183 }
5184
5185 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5186 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
5187 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
5188
5189 /* XXX boundary check against sa_len */
5190 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5191
5192 /* get a SA header */
5193 if ((newsah = key_getsah(&saidx)) == NULL) {
5194 /* create a new SA header */
5195 if ((newsah = key_newsah(&saidx)) == NULL) {
5196 ipseclog((LOG_DEBUG, "key_add: No more memory.\n"));
5197 return key_senderror(so, m, ENOBUFS);
5198 }
5199 }
5200
5201 /* set spidx if there */
5202 /* XXX rewrite */
5203 error = key_setident(newsah, m, mhp);
5204 if (error) {
5205 return key_senderror(so, m, error);
5206 }
5207
5208 /* create new SA entry. */
5209 /* We can create new SA only if SPI is differenct. */
5210 if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) {
5211 ipseclog((LOG_DEBUG, "key_add: SA already exists.\n"));
5212 return key_senderror(so, m, EEXIST);
5213 }
5214 newsav = key_newsav(m, mhp, newsah, &error);
5215 if (newsav == NULL) {
5216 return key_senderror(so, m, error);
5217 }
5218
5219 /* check SA values to be mature. */
5220 if ((error = key_mature(newsav)) != 0) {
5221 key_freesav(newsav);
5222 return key_senderror(so, m, error);
5223 }
5224
5225 /*
5226 * don't call key_freesav() here, as we would like to keep the SA
5227 * in the database on success.
5228 */
5229
5230 {
5231 struct mbuf *n;
5232
5233 /* set msg buf from mhp */
5234 n = key_getmsgbuf_x1(m, mhp);
5235 if (n == NULL) {
5236 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
5237 return key_senderror(so, m, ENOBUFS);
5238 }
5239
5240 m_freem(m);
5241 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5242 }
5243 }
5244
5245 /* m is retained */
5246 static int
5247 key_setident(sah, m, mhp)
5248 struct secashead *sah;
5249 struct mbuf *m;
5250 const struct sadb_msghdr *mhp;
5251 {
5252 const struct sadb_ident *idsrc, *iddst;
5253 int idsrclen, iddstlen;
5254
5255 /* sanity check */
5256 if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5257 panic("key_setident: NULL pointer is passed.");
5258
5259 /* don't make buffer if not there */
5260 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
5261 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5262 sah->idents = NULL;
5263 sah->identd = NULL;
5264 return 0;
5265 }
5266
5267 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
5268 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5269 ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n"));
5270 return EINVAL;
5271 }
5272
5273 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC];
5274 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST];
5275 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
5276 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
5277
5278 /* validity check */
5279 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
5280 ipseclog((LOG_DEBUG, "key_setident: ident type mismatch.\n"));
5281 return EINVAL;
5282 }
5283
5284 switch (idsrc->sadb_ident_type) {
5285 case SADB_IDENTTYPE_PREFIX:
5286 case SADB_IDENTTYPE_FQDN:
5287 case SADB_IDENTTYPE_USERFQDN:
5288 default:
5289 /* XXX do nothing */
5290 sah->idents = NULL;
5291 sah->identd = NULL;
5292 return 0;
5293 }
5294
5295 /* make structure */
5296 KMALLOC(sah->idents, struct sadb_ident *, idsrclen);
5297 if (sah->idents == NULL) {
5298 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
5299 return ENOBUFS;
5300 }
5301 KMALLOC(sah->identd, struct sadb_ident *, iddstlen);
5302 if (sah->identd == NULL) {
5303 KFREE(sah->idents);
5304 sah->idents = NULL;
5305 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
5306 return ENOBUFS;
5307 }
5308 bcopy(idsrc, sah->idents, idsrclen);
5309 bcopy(iddst, sah->identd, iddstlen);
5310
5311 return 0;
5312 }
5313
5314 /*
5315 * m will not be freed on return.
5316 * it is caller's responsibility to free the result.
5317 */
5318 static struct mbuf *
5319 key_getmsgbuf_x1(m, mhp)
5320 struct mbuf *m;
5321 const struct sadb_msghdr *mhp;
5322 {
5323 struct mbuf *n;
5324
5325 /* sanity check */
5326 if (m == NULL || mhp == NULL || mhp->msg == NULL)
5327 panic("key_getmsgbuf_x1: NULL pointer is passed.");
5328
5329 /* create new sadb_msg to reply. */
5330 n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED,
5331 SADB_EXT_SA, SADB_X_EXT_SA2,
5332 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
5333 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
5334 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST);
5335 if (!n)
5336 return NULL;
5337
5338 if (n->m_len < sizeof(struct sadb_msg)) {
5339 n = m_pullup(n, sizeof(struct sadb_msg));
5340 if (n == NULL)
5341 return NULL;
5342 }
5343 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
5344 mtod(n, struct sadb_msg *)->sadb_msg_len =
5345 PFKEY_UNIT64(n->m_pkthdr.len);
5346
5347 return n;
5348 }
5349
5350 static int key_delete_all(struct socket *, struct mbuf *,
5351 const struct sadb_msghdr *, u_int16_t);
5352
5353 /*
5354 * SADB_DELETE processing
5355 * receive
5356 * <base, SA(*), address(SD)>
5357 * from the ikmpd, and set SADB_SASTATE_DEAD,
5358 * and send,
5359 * <base, SA(*), address(SD)>
5360 * to the ikmpd.
5361 *
5362 * m will always be freed.
5363 */
5364 static int
5365 key_delete(so, m, mhp)
5366 struct socket *so;
5367 struct mbuf *m;
5368 const struct sadb_msghdr *mhp;
5369 {
5370 struct sadb_sa *sa0;
5371 struct sadb_address *src0, *dst0;
5372 struct secasindex saidx;
5373 struct secashead *sah;
5374 struct secasvar *sav = NULL;
5375 u_int16_t proto;
5376
5377 /* sanity check */
5378 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5379 panic("key_delete: NULL pointer is passed.");
5380
5381 /* map satype to proto */
5382 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5383 ipseclog((LOG_DEBUG, "key_delete: invalid satype is passed.\n"));
5384 return key_senderror(so, m, EINVAL);
5385 }
5386
5387 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5388 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5389 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5390 return key_senderror(so, m, EINVAL);
5391 }
5392
5393 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5394 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5395 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5396 return key_senderror(so, m, EINVAL);
5397 }
5398
5399 if (mhp->ext[SADB_EXT_SA] == NULL) {
5400 /*
5401 * Caller wants us to delete all non-LARVAL SAs
5402 * that match the src/dst. This is used during
5403 * IKE INITIAL-CONTACT.
5404 */
5405 ipseclog((LOG_DEBUG, "key_delete: doing delete all.\n"));
5406 return key_delete_all(so, m, mhp, proto);
5407 } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
5408 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5409 return key_senderror(so, m, EINVAL);
5410 }
5411
5412 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5413 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5414 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5415
5416 /* XXX boundary check against sa_len */
5417 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
5418
5419 /* get a SA header */
5420 LIST_FOREACH(sah, &sahtree, chain) {
5421 if (sah->state == SADB_SASTATE_DEAD)
5422 continue;
5423 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
5424 continue;
5425
5426 /* get a SA with SPI. */
5427 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
5428 if (sav)
5429 break;
5430 }
5431 if (sah == NULL) {
5432 ipseclog((LOG_DEBUG, "key_delete: no SA found.\n"));
5433 return key_senderror(so, m, ENOENT);
5434 }
5435
5436 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5437 key_freesav(sav);
5438 sav = NULL;
5439
5440 {
5441 struct mbuf *n;
5442 struct sadb_msg *newmsg;
5443
5444 /* create new sadb_msg to reply. */
5445 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
5446 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
5447 if (!n)
5448 return key_senderror(so, m, ENOBUFS);
5449
5450 if (n->m_len < sizeof(struct sadb_msg)) {
5451 n = m_pullup(n, sizeof(struct sadb_msg));
5452 if (n == NULL)
5453 return key_senderror(so, m, ENOBUFS);
5454 }
5455 newmsg = mtod(n, struct sadb_msg *);
5456 newmsg->sadb_msg_errno = 0;
5457 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5458
5459 m_freem(m);
5460 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5461 }
5462 }
5463
5464 /*
5465 * delete all SAs for src/dst. Called from key_delete().
5466 */
5467 static int
5468 key_delete_all(so, m, mhp, proto)
5469 struct socket *so;
5470 struct mbuf *m;
5471 const struct sadb_msghdr *mhp;
5472 u_int16_t proto;
5473 {
5474 struct sadb_address *src0, *dst0;
5475 struct secasindex saidx;
5476 struct secashead *sah;
5477 struct secasvar *sav, *nextsav;
5478 u_int stateidx, state;
5479
5480 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5481 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5482
5483 /* XXX boundary check against sa_len */
5484 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
5485
5486 LIST_FOREACH(sah, &sahtree, chain) {
5487 if (sah->state == SADB_SASTATE_DEAD)
5488 continue;
5489 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
5490 continue;
5491
5492 /* Delete all non-LARVAL SAs. */
5493 for (stateidx = 0;
5494 stateidx < _ARRAYLEN(saorder_state_alive);
5495 stateidx++) {
5496 state = saorder_state_alive[stateidx];
5497 if (state == SADB_SASTATE_LARVAL)
5498 continue;
5499 for (sav = LIST_FIRST(&sah->savtree[state]);
5500 sav != NULL; sav = nextsav) {
5501 nextsav = LIST_NEXT(sav, chain);
5502 /* sanity check */
5503 if (sav->state != state) {
5504 ipseclog((LOG_DEBUG, "key_delete_all: "
5505 "invalid sav->state "
5506 "(queue: %u SA: %u)\n",
5507 state, sav->state));
5508 continue;
5509 }
5510
5511 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5512 key_freesav(sav);
5513 }
5514 }
5515 }
5516 {
5517 struct mbuf *n;
5518 struct sadb_msg *newmsg;
5519
5520 /* create new sadb_msg to reply. */
5521 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED,
5522 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
5523 if (!n)
5524 return key_senderror(so, m, ENOBUFS);
5525
5526 if (n->m_len < sizeof(struct sadb_msg)) {
5527 n = m_pullup(n, sizeof(struct sadb_msg));
5528 if (n == NULL)
5529 return key_senderror(so, m, ENOBUFS);
5530 }
5531 newmsg = mtod(n, struct sadb_msg *);
5532 newmsg->sadb_msg_errno = 0;
5533 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5534
5535 m_freem(m);
5536 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5537 }
5538 }
5539
5540 /*
5541 * SADB_GET processing
5542 * receive
5543 * <base, SA(*), address(SD)>
5544 * from the ikmpd, and get a SP and a SA to respond,
5545 * and send,
5546 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
5547 * (identity(SD),) (sensitivity)>
5548 * to the ikmpd.
5549 *
5550 * m will always be freed.
5551 */
5552 static int
5553 key_get(so, m, mhp)
5554 struct socket *so;
5555 struct mbuf *m;
5556 const struct sadb_msghdr *mhp;
5557 {
5558 struct sadb_sa *sa0;
5559 struct sadb_address *src0, *dst0;
5560 struct secasindex saidx;
5561 struct secashead *sah;
5562 struct secasvar *sav = NULL;
5563 u_int16_t proto;
5564
5565 /* sanity check */
5566 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5567 panic("key_get: NULL pointer is passed.");
5568
5569 /* map satype to proto */
5570 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5571 ipseclog((LOG_DEBUG, "key_get: invalid satype is passed.\n"));
5572 return key_senderror(so, m, EINVAL);
5573 }
5574
5575 if (mhp->ext[SADB_EXT_SA] == NULL ||
5576 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5577 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5578 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
5579 return key_senderror(so, m, EINVAL);
5580 }
5581 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
5582 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5583 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5584 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
5585 return key_senderror(so, m, EINVAL);
5586 }
5587
5588 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5589 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
5590 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
5591
5592 /* XXX boundary check against sa_len */
5593 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
5594
5595 /* get a SA header */
5596 LIST_FOREACH(sah, &sahtree, chain) {
5597 if (sah->state == SADB_SASTATE_DEAD)
5598 continue;
5599 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
5600 continue;
5601
5602 /* get a SA with SPI. */
5603 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
5604 if (sav)
5605 break;
5606 }
5607 if (sah == NULL) {
5608 ipseclog((LOG_DEBUG, "key_get: no SA found.\n"));
5609 return key_senderror(so, m, ENOENT);
5610 }
5611
5612 {
5613 struct mbuf *n;
5614 u_int8_t satype;
5615
5616 /* map proto to satype */
5617 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
5618 ipseclog((LOG_DEBUG, "key_get: there was invalid proto in SAD.\n"));
5619 return key_senderror(so, m, EINVAL);
5620 }
5621
5622 /* create new sadb_msg to reply. */
5623 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
5624 mhp->msg->sadb_msg_pid);
5625 if (!n)
5626 return key_senderror(so, m, ENOBUFS);
5627
5628 m_freem(m);
5629 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
5630 }
5631 }
5632
5633 /* XXX make it sysctl-configurable? */
5634 static void
5635 key_getcomb_setlifetime(comb)
5636 struct sadb_comb *comb;
5637 {
5638
5639 comb->sadb_comb_soft_allocations = 1;
5640 comb->sadb_comb_hard_allocations = 1;
5641 comb->sadb_comb_soft_bytes = 0;
5642 comb->sadb_comb_hard_bytes = 0;
5643 comb->sadb_comb_hard_addtime = 86400; /* 1 day */
5644 comb->sadb_comb_soft_addtime = comb->sadb_comb_hard_addtime * 80 / 100;
5645 comb->sadb_comb_hard_usetime = 28800; /* 8 hours */
5646 comb->sadb_comb_soft_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
5647 }
5648
5649 #ifdef IPSEC_ESP
5650 /*
5651 * XXX reorder combinations by preference
5652 * XXX no idea if the user wants ESP authentication or not
5653 */
5654 static struct mbuf *
5655 key_getcomb_esp()
5656 {
5657 struct sadb_comb *comb;
5658 const struct esp_algorithm *algo;
5659 struct mbuf *result = NULL, *m, *n;
5660 int encmin;
5661 int i, off, o;
5662 int totlen;
5663 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
5664
5665 m = NULL;
5666 for (i = 1; i <= SADB_EALG_MAX; i++) {
5667 algo = esp_algorithm_lookup(i);
5668 if (!algo)
5669 continue;
5670
5671 if (algo->keymax < ipsec_esp_keymin)
5672 continue;
5673 if (algo->keymin < ipsec_esp_keymin)
5674 encmin = ipsec_esp_keymin;
5675 else
5676 encmin = algo->keymin;
5677
5678 if (ipsec_esp_auth)
5679 m = key_getcomb_ah();
5680 else {
5681 #ifdef DIAGNOSTIC
5682 if (l > MLEN)
5683 panic("assumption failed in key_getcomb_esp");
5684 #endif
5685 MGET(m, M_DONTWAIT, MT_DATA);
5686 if (m) {
5687 M_ALIGN(m, l);
5688 m->m_len = l;
5689 m->m_next = NULL;
5690 bzero(mtod(m, caddr_t), m->m_len);
5691 }
5692 }
5693 if (!m)
5694 goto fail;
5695
5696 totlen = 0;
5697 for (n = m; n; n = n->m_next)
5698 totlen += n->m_len;
5699 #ifdef DIAGNOSTIC
5700 if (totlen % l)
5701 panic("assumption failed in key_getcomb_esp");
5702 #endif
5703
5704 for (off = 0; off < totlen; off += l) {
5705 n = m_pulldown(m, off, l, &o);
5706 if (!n) {
5707 /* m is already freed */
5708 goto fail;
5709 }
5710 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o);
5711 bzero(comb, sizeof(*comb));
5712 key_getcomb_setlifetime(comb);
5713 comb->sadb_comb_encrypt = i;
5714 comb->sadb_comb_encrypt_minbits = encmin;
5715 comb->sadb_comb_encrypt_maxbits = algo->keymax;
5716 }
5717
5718 if (!result)
5719 result = m;
5720 else
5721 m_cat(result, m);
5722 }
5723
5724 return result;
5725
5726 fail:
5727 if (result)
5728 m_freem(result);
5729 return NULL;
5730 }
5731 #endif
5732
5733 /*
5734 * XXX reorder combinations by preference
5735 */
5736 static struct mbuf *
5737 key_getcomb_ah()
5738 {
5739 struct sadb_comb *comb;
5740 const struct ah_algorithm *algo;
5741 struct mbuf *m;
5742 int min;
5743 int i;
5744 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
5745
5746 m = NULL;
5747 for (i = 1; i <= SADB_AALG_MAX; i++) {
5748 #if 1
5749 /* we prefer HMAC algorithms, not old algorithms */
5750 if (i != SADB_AALG_SHA1HMAC && i != SADB_AALG_MD5HMAC)
5751 continue;
5752 #endif
5753 algo = ah_algorithm_lookup(i);
5754 if (!algo)
5755 continue;
5756
5757 if (algo->keymax < ipsec_ah_keymin)
5758 continue;
5759 if (algo->keymin < ipsec_ah_keymin)
5760 min = ipsec_ah_keymin;
5761 else
5762 min = algo->keymin;
5763
5764 if (!m) {
5765 #ifdef DIAGNOSTIC
5766 if (l > MLEN)
5767 panic("assumption failed in key_getcomb_ah");
5768 #endif
5769 MGET(m, M_DONTWAIT, MT_DATA);
5770 if (m) {
5771 M_ALIGN(m, l);
5772 m->m_len = l;
5773 m->m_next = NULL;
5774 }
5775 } else
5776 M_PREPEND(m, l, M_DONTWAIT);
5777 if (!m)
5778 return NULL;
5779
5780 comb = mtod(m, struct sadb_comb *);
5781 bzero(comb, sizeof(*comb));
5782 key_getcomb_setlifetime(comb);
5783 comb->sadb_comb_auth = i;
5784 comb->sadb_comb_auth_minbits = min;
5785 comb->sadb_comb_auth_maxbits = algo->keymax;
5786 }
5787
5788 return m;
5789 }
5790
5791 /*
5792 * not really an official behavior. discussed in pf_key@inner.net in Sep2000.
5793 * XXX reorder combinations by preference
5794 */
5795 static struct mbuf *
5796 key_getcomb_ipcomp()
5797 {
5798 struct sadb_comb *comb;
5799 const struct ipcomp_algorithm *algo;
5800 struct mbuf *m;
5801 int i;
5802 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
5803
5804 m = NULL;
5805 for (i = 1; i <= SADB_X_CALG_MAX; i++) {
5806 algo = ipcomp_algorithm_lookup(i);
5807 if (!algo)
5808 continue;
5809
5810 if (!m) {
5811 #ifdef DIAGNOSTIC
5812 if (l > MLEN)
5813 panic("assumption failed in key_getcomb_ipcomp");
5814 #endif
5815 MGET(m, M_DONTWAIT, MT_DATA);
5816 if (m) {
5817 M_ALIGN(m, l);
5818 m->m_len = l;
5819 m->m_next = NULL;
5820 }
5821 } else
5822 M_PREPEND(m, l, M_DONTWAIT);
5823 if (!m)
5824 return NULL;
5825
5826 comb = mtod(m, struct sadb_comb *);
5827 bzero(comb, sizeof(*comb));
5828 key_getcomb_setlifetime(comb);
5829 comb->sadb_comb_encrypt = i;
5830 /* what should we set into sadb_comb_*_{min,max}bits? */
5831 }
5832
5833 return m;
5834 }
5835
5836 /*
5837 * XXX no way to pass mode (transport/tunnel) to userland
5838 * XXX replay checking?
5839 * XXX sysctl interface to ipsec_{ah,esp}_keymin
5840 */
5841 static struct mbuf *
5842 key_getprop(saidx)
5843 const struct secasindex *saidx;
5844 {
5845 struct sadb_prop *prop;
5846 struct mbuf *m, *n;
5847 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
5848 int totlen;
5849
5850 switch (saidx->proto) {
5851 #ifdef IPSEC_ESP
5852 case IPPROTO_ESP:
5853 m = key_getcomb_esp();
5854 break;
5855 #endif
5856 case IPPROTO_AH:
5857 m = key_getcomb_ah();
5858 break;
5859 case IPPROTO_IPCOMP:
5860 m = key_getcomb_ipcomp();
5861 break;
5862 default:
5863 return NULL;
5864 }
5865
5866 if (!m)
5867 return NULL;
5868 M_PREPEND(m, l, M_DONTWAIT);
5869 if (!m)
5870 return NULL;
5871
5872 totlen = 0;
5873 for (n = m; n; n = n->m_next)
5874 totlen += n->m_len;
5875
5876 prop = mtod(m, struct sadb_prop *);
5877 bzero(prop, sizeof(*prop));
5878 prop->sadb_prop_len = PFKEY_UNIT64(totlen);
5879 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
5880 prop->sadb_prop_replay = 32; /* XXX */
5881
5882 return m;
5883 }
5884
5885 /*
5886 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
5887 * send
5888 * <base, SA, address(SD), (address(P)), x_policy,
5889 * (identity(SD),) (sensitivity,) proposal>
5890 * to KMD, and expect to receive
5891 * <base> with SADB_ACQUIRE if error occured,
5892 * or
5893 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
5894 * from KMD by PF_KEY.
5895 *
5896 * XXX x_policy is outside of RFC2367 (KAME extension).
5897 * XXX sensitivity is not supported.
5898 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
5899 * see comment for key_getcomb_ipcomp().
5900 *
5901 * OUT:
5902 * 0 : succeed
5903 * others: error number
5904 */
5905 static int
5906 key_acquire(saidx, sp)
5907 struct secasindex *saidx;
5908 struct secpolicy *sp;
5909 {
5910 struct mbuf *result = NULL, *m;
5911 #ifndef IPSEC_NONBLOCK_ACQUIRE
5912 struct secacq *newacq;
5913 #endif
5914 u_int8_t satype;
5915 int error = -1;
5916 u_int32_t seq;
5917
5918 /* sanity check */
5919 if (saidx == NULL)
5920 panic("key_acquire: NULL pointer is passed.");
5921 if ((satype = key_proto2satype(saidx->proto)) == 0)
5922 panic("key_acquire: invalid proto is passed.");
5923
5924 #ifndef IPSEC_NONBLOCK_ACQUIRE
5925 /*
5926 * We never do anything about acquirng SA. There is anather
5927 * solution that kernel blocks to send SADB_ACQUIRE message until
5928 * getting something message from IKEd. In later case, to be
5929 * managed with ACQUIRING list.
5930 */
5931 /* get an entry to check whether sending message or not. */
5932 if ((newacq = key_getacq(saidx)) != NULL) {
5933 if (key_blockacq_count < newacq->count) {
5934 /* reset counter and do send message. */
5935 newacq->count = 0;
5936 } else {
5937 /* increment counter and do nothing. */
5938 newacq->count++;
5939 return 0;
5940 }
5941 } else {
5942 /* make new entry for blocking to send SADB_ACQUIRE. */
5943 if ((newacq = key_newacq(saidx)) == NULL)
5944 return ENOBUFS;
5945
5946 /* add to acqtree */
5947 LIST_INSERT_HEAD(&acqtree, newacq, chain);
5948 }
5949 #endif
5950
5951
5952 #ifndef IPSEC_NONBLOCK_ACQUIRE
5953 seq = newacq->seq;
5954 #else
5955 seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
5956 #endif
5957 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
5958 if (!m) {
5959 error = ENOBUFS;
5960 goto fail;
5961 }
5962 result = m;
5963
5964 /* set sadb_address for saidx's. */
5965 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
5966 (struct sockaddr *)&saidx->src, FULLMASK, IPSEC_ULPROTO_ANY);
5967 if (!m) {
5968 error = ENOBUFS;
5969 goto fail;
5970 }
5971 m_cat(result, m);
5972
5973 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
5974 (struct sockaddr *)&saidx->dst, FULLMASK, IPSEC_ULPROTO_ANY);
5975 if (!m) {
5976 error = ENOBUFS;
5977 goto fail;
5978 }
5979 m_cat(result, m);
5980
5981 /* XXX proxy address (optional) */
5982
5983 /* set sadb_x_policy */
5984 if (sp) {
5985 m = key_setsadbxpolicy(sp->policy, sp->dir, sp->id);
5986 if (!m) {
5987 error = ENOBUFS;
5988 goto fail;
5989 }
5990 m_cat(result, m);
5991 }
5992
5993 /* XXX identity (optional) */
5994 #if 0
5995 if (idexttype && fqdn) {
5996 /* create identity extension (FQDN) */
5997 struct sadb_ident *id;
5998 int fqdnlen;
5999
6000 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */
6001 id = (struct sadb_ident *)p;
6002 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
6003 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
6004 id->sadb_ident_exttype = idexttype;
6005 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
6006 bcopy(fqdn, id + 1, fqdnlen);
6007 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
6008 }
6009
6010 if (idexttype) {
6011 /* create identity extension (USERFQDN) */
6012 struct sadb_ident *id;
6013 int userfqdnlen;
6014
6015 if (userfqdn) {
6016 /* +1 for terminating-NUL */
6017 userfqdnlen = strlen(userfqdn) + 1;
6018 } else
6019 userfqdnlen = 0;
6020 id = (struct sadb_ident *)p;
6021 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
6022 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
6023 id->sadb_ident_exttype = idexttype;
6024 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
6025 /* XXX is it correct? */
6026 if (curproc && curproc->p_cred)
6027 id->sadb_ident_id = curproc->p_cred->p_ruid;
6028 if (userfqdn && userfqdnlen)
6029 bcopy(userfqdn, id + 1, userfqdnlen);
6030 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
6031 }
6032 #endif
6033
6034 /* XXX sensitivity (optional) */
6035
6036 /* create proposal/combination extension */
6037 m = key_getprop(saidx);
6038 #if 0
6039 /*
6040 * spec conformant: always attach proposal/combination extension,
6041 * the problem is that we have no way to attach it for ipcomp,
6042 * due to the way sadb_comb is declared in RFC2367.
6043 */
6044 if (!m) {
6045 error = ENOBUFS;
6046 goto fail;
6047 }
6048 m_cat(result, m);
6049 #else
6050 /*
6051 * outside of spec; make proposal/combination extension optional.
6052 */
6053 if (m)
6054 m_cat(result, m);
6055 #endif
6056
6057 if ((result->m_flags & M_PKTHDR) == 0) {
6058 error = EINVAL;
6059 goto fail;
6060 }
6061
6062 if (result->m_len < sizeof(struct sadb_msg)) {
6063 result = m_pullup(result, sizeof(struct sadb_msg));
6064 if (result == NULL) {
6065 error = ENOBUFS;
6066 goto fail;
6067 }
6068 }
6069
6070 result->m_pkthdr.len = 0;
6071 for (m = result; m; m = m->m_next)
6072 result->m_pkthdr.len += m->m_len;
6073
6074 mtod(result, struct sadb_msg *)->sadb_msg_len =
6075 PFKEY_UNIT64(result->m_pkthdr.len);
6076
6077 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
6078
6079 fail:
6080 if (result)
6081 m_freem(result);
6082 return error;
6083 }
6084
6085 #ifndef IPSEC_NONBLOCK_ACQUIRE
6086 static struct secacq *
6087 key_newacq(saidx)
6088 struct secasindex *saidx;
6089 {
6090 struct secacq *newacq;
6091
6092 /* get new entry */
6093 KMALLOC(newacq, struct secacq *, sizeof(struct secacq));
6094 if (newacq == NULL) {
6095 ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n"));
6096 return NULL;
6097 }
6098 bzero(newacq, sizeof(*newacq));
6099
6100 /* copy secindex */
6101 bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx));
6102 newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq);
6103 newacq->created = time_second;
6104 newacq->count = 0;
6105
6106 return newacq;
6107 }
6108
6109 static struct secacq *
6110 key_getacq(saidx)
6111 struct secasindex *saidx;
6112 {
6113 struct secacq *acq;
6114
6115 LIST_FOREACH(acq, &acqtree, chain) {
6116 if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY))
6117 return acq;
6118 }
6119
6120 return NULL;
6121 }
6122
6123 static struct secacq *
6124 key_getacqbyseq(seq)
6125 u_int32_t seq;
6126 {
6127 struct secacq *acq;
6128
6129 LIST_FOREACH(acq, &acqtree, chain) {
6130 if (acq->seq == seq)
6131 return acq;
6132 }
6133
6134 return NULL;
6135 }
6136 #endif
6137
6138 static struct secspacq *
6139 key_newspacq(spidx)
6140 struct secpolicyindex *spidx;
6141 {
6142 struct secspacq *acq;
6143
6144 if (!spidx)
6145 return NULL;
6146
6147 /* get new entry */
6148 KMALLOC(acq, struct secspacq *, sizeof(struct secspacq));
6149 if (acq == NULL) {
6150 ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n"));
6151 return NULL;
6152 }
6153 bzero(acq, sizeof(*acq));
6154
6155 /* copy secindex */
6156 bcopy(spidx, &acq->spidx, sizeof(acq->spidx));
6157 acq->created = time_second;
6158 acq->count = 1;
6159
6160 return acq;
6161 }
6162
6163 static struct secspacq *
6164 key_getspacq(spidx)
6165 struct secpolicyindex *spidx;
6166 {
6167 struct secspacq *acq;
6168
6169 if (!spidx)
6170 return NULL;
6171
6172 LIST_FOREACH(acq, &spacqtree, chain) {
6173 if (key_cmpspidx_exactly(spidx, &acq->spidx))
6174 return acq;
6175 }
6176
6177 return NULL;
6178 }
6179
6180 /*
6181 * SADB_ACQUIRE processing,
6182 * in first situation, is receiving
6183 * <base>
6184 * from the ikmpd, and clear sequence of its secasvar entry.
6185 *
6186 * In second situation, is receiving
6187 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
6188 * from a user land process, and return
6189 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
6190 * to the socket.
6191 *
6192 * m will always be freed.
6193 */
6194 static int
6195 key_acquire2(so, m, mhp)
6196 struct socket *so;
6197 struct mbuf *m;
6198 const struct sadb_msghdr *mhp;
6199 {
6200 struct sadb_address *src0, *dst0;
6201 struct secasindex saidx;
6202 struct secashead *sah;
6203 u_int16_t proto;
6204 int error;
6205
6206 /* sanity check */
6207 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6208 panic("key_acquire2: NULL pointer is passed.");
6209
6210 /*
6211 * Error message from KMd.
6212 * We assume that if error was occured in IKEd, the length of PFKEY
6213 * message is equal to the size of sadb_msg structure.
6214 * We do not raise error even if error occured in this function.
6215 */
6216 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
6217 #ifndef IPSEC_NONBLOCK_ACQUIRE
6218 struct secacq *acq;
6219
6220 /* check sequence number */
6221 if (mhp->msg->sadb_msg_seq == 0) {
6222 ipseclog((LOG_DEBUG, "key_acquire2: must specify sequence number.\n"));
6223 m_freem(m);
6224 return 0;
6225 }
6226
6227 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) {
6228 /*
6229 * the specified larval SA is already gone, or we got
6230 * a bogus sequence number. we can silently ignore it.
6231 */
6232 m_freem(m);
6233 return 0;
6234 }
6235
6236 /* reset acq counter in order to deletion by timehander. */
6237 acq->created = time_second;
6238 acq->count = 0;
6239 #endif
6240 m_freem(m);
6241 return 0;
6242 }
6243
6244 /*
6245 * This message is from user land.
6246 */
6247
6248 /* map satype to proto */
6249 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6250 ipseclog((LOG_DEBUG, "key_acquire2: invalid satype is passed.\n"));
6251 return key_senderror(so, m, EINVAL);
6252 }
6253
6254 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
6255 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
6256 mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
6257 /* error */
6258 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
6259 return key_senderror(so, m, EINVAL);
6260 }
6261 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
6262 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
6263 mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
6264 /* error */
6265 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
6266 return key_senderror(so, m, EINVAL);
6267 }
6268
6269 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
6270 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
6271
6272 /* XXX boundary check against sa_len */
6273 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
6274
6275 /* get a SA index */
6276 LIST_FOREACH(sah, &sahtree, chain) {
6277 if (sah->state == SADB_SASTATE_DEAD)
6278 continue;
6279 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE_REQID))
6280 break;
6281 }
6282 if (sah != NULL) {
6283 ipseclog((LOG_DEBUG, "key_acquire2: a SA exists already.\n"));
6284 return key_senderror(so, m, EEXIST);
6285 }
6286
6287 error = key_acquire(&saidx, NULL);
6288 if (error != 0) {
6289 ipseclog((LOG_DEBUG, "key_acquire2: error %d returned "
6290 "from key_acquire.\n", mhp->msg->sadb_msg_errno));
6291 return key_senderror(so, m, error);
6292 }
6293
6294 return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
6295 }
6296
6297 /*
6298 * SADB_REGISTER processing.
6299 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
6300 * receive
6301 * <base>
6302 * from the ikmpd, and register a socket to send PF_KEY messages,
6303 * and send
6304 * <base, supported>
6305 * to KMD by PF_KEY.
6306 * If socket is detached, must free from regnode.
6307 *
6308 * m will always be freed.
6309 */
6310 static int
6311 key_register(so, m, mhp)
6312 struct socket *so;
6313 struct mbuf *m;
6314 const struct sadb_msghdr *mhp;
6315 {
6316 struct secreg *reg, *newreg = 0;
6317
6318 /* sanity check */
6319 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6320 panic("key_register: NULL pointer is passed.");
6321
6322 /* check for invalid register message */
6323 if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0]))
6324 return key_senderror(so, m, EINVAL);
6325
6326 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
6327 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
6328 goto setmsg;
6329
6330 /* check whether existing or not */
6331 LIST_FOREACH(reg, ®tree[mhp->msg->sadb_msg_satype], chain) {
6332 if (reg->so == so) {
6333 ipseclog((LOG_DEBUG, "key_register: socket exists already.\n"));
6334 return key_senderror(so, m, EEXIST);
6335 }
6336 }
6337
6338 /* create regnode */
6339 KMALLOC(newreg, struct secreg *, sizeof(*newreg));
6340 if (newreg == NULL) {
6341 ipseclog((LOG_DEBUG, "key_register: No more memory.\n"));
6342 return key_senderror(so, m, ENOBUFS);
6343 }
6344 bzero((caddr_t)newreg, sizeof(*newreg));
6345
6346 newreg->so = so;
6347 ((struct keycb *)sotorawcb(so))->kp_registered++;
6348
6349 /* add regnode to regtree. */
6350 LIST_INSERT_HEAD(®tree[mhp->msg->sadb_msg_satype], newreg, chain);
6351
6352 setmsg:
6353 {
6354 struct mbuf *n;
6355 struct sadb_msg *newmsg;
6356 struct sadb_supported *sup;
6357 u_int len, alen, elen;
6358 int off;
6359 int i;
6360 struct sadb_alg *alg;
6361
6362 /* create new sadb_msg to reply. */
6363 alen = 0;
6364 for (i = 1; i <= SADB_AALG_MAX; i++) {
6365 if (ah_algorithm_lookup(i))
6366 alen += sizeof(struct sadb_alg);
6367 }
6368 if (alen)
6369 alen += sizeof(struct sadb_supported);
6370 elen = 0;
6371 #ifdef IPSEC_ESP
6372 for (i = 1; i <= SADB_EALG_MAX; i++) {
6373 if (esp_algorithm_lookup(i))
6374 elen += sizeof(struct sadb_alg);
6375 }
6376 if (elen)
6377 elen += sizeof(struct sadb_supported);
6378 #endif
6379
6380 len = sizeof(struct sadb_msg) + alen + elen;
6381
6382 if (len > MCLBYTES)
6383 return key_senderror(so, m, ENOBUFS);
6384
6385 MGETHDR(n, M_DONTWAIT, MT_DATA);
6386 if (len > MHLEN) {
6387 MCLGET(n, M_DONTWAIT);
6388 if ((n->m_flags & M_EXT) == 0) {
6389 m_freem(n);
6390 n = NULL;
6391 }
6392 }
6393 if (!n)
6394 return key_senderror(so, m, ENOBUFS);
6395
6396 n->m_pkthdr.len = n->m_len = len;
6397 n->m_next = NULL;
6398 off = 0;
6399
6400 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
6401 newmsg = mtod(n, struct sadb_msg *);
6402 newmsg->sadb_msg_errno = 0;
6403 newmsg->sadb_msg_len = PFKEY_UNIT64(len);
6404 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
6405
6406 /* for authentication algorithm */
6407 if (alen) {
6408 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
6409 sup->sadb_supported_len = PFKEY_UNIT64(alen);
6410 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
6411 off += PFKEY_ALIGN8(sizeof(*sup));
6412
6413 for (i = 1; i <= SADB_AALG_MAX; i++) {
6414 const struct ah_algorithm *aalgo;
6415
6416 aalgo = ah_algorithm_lookup(i);
6417 if (!aalgo)
6418 continue;
6419 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
6420 alg->sadb_alg_id = i;
6421 alg->sadb_alg_ivlen = 0;
6422 alg->sadb_alg_minbits = aalgo->keymin;
6423 alg->sadb_alg_maxbits = aalgo->keymax;
6424 off += PFKEY_ALIGN8(sizeof(*alg));
6425 }
6426 }
6427
6428 #ifdef IPSEC_ESP
6429 /* for encryption algorithm */
6430 if (elen) {
6431 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
6432 sup->sadb_supported_len = PFKEY_UNIT64(elen);
6433 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
6434 off += PFKEY_ALIGN8(sizeof(*sup));
6435
6436 for (i = 1; i <= SADB_EALG_MAX; i++) {
6437 const struct esp_algorithm *ealgo;
6438
6439 ealgo = esp_algorithm_lookup(i);
6440 if (!ealgo)
6441 continue;
6442 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
6443 alg->sadb_alg_id = i;
6444 if (ealgo && ealgo->ivlen) {
6445 /*
6446 * give NULL to get the value preferred by
6447 * algorithm XXX SADB_X_EXT_DERIV ?
6448 */
6449 alg->sadb_alg_ivlen =
6450 (*ealgo->ivlen)(ealgo, NULL);
6451 } else
6452 alg->sadb_alg_ivlen = 0;
6453 alg->sadb_alg_minbits = ealgo->keymin;
6454 alg->sadb_alg_maxbits = ealgo->keymax;
6455 off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
6456 }
6457 }
6458 #endif
6459
6460 #ifdef DIGAGNOSTIC
6461 if (off != len)
6462 panic("length assumption failed in key_register");
6463 #endif
6464
6465 m_freem(m);
6466 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
6467 }
6468 }
6469
6470 /*
6471 * free secreg entry registered.
6472 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
6473 */
6474 void
6475 key_freereg(so)
6476 struct socket *so;
6477 {
6478 struct secreg *reg;
6479 int i;
6480
6481 /* sanity check */
6482 if (so == NULL)
6483 panic("key_freereg: NULL pointer is passed.");
6484
6485 /*
6486 * check whether existing or not.
6487 * check all type of SA, because there is a potential that
6488 * one socket is registered to multiple type of SA.
6489 */
6490 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
6491 LIST_FOREACH(reg, ®tree[i], chain) {
6492 if (reg->so == so && __LIST_CHAINED(reg)) {
6493 LIST_REMOVE(reg, chain);
6494 KFREE(reg);
6495 break;
6496 }
6497 }
6498 }
6499
6500 return;
6501 }
6502
6503 /*
6504 * SADB_EXPIRE processing
6505 * send
6506 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
6507 * to KMD by PF_KEY.
6508 * NOTE: We send only soft lifetime extension.
6509 *
6510 * OUT: 0 : succeed
6511 * others : error number
6512 */
6513 static int
6514 key_expire(sav)
6515 struct secasvar *sav;
6516 {
6517 int s;
6518 int satype;
6519 struct mbuf *result = NULL, *m;
6520 int len;
6521 int error = -1;
6522 struct sadb_lifetime *lt;
6523
6524 /* XXX: Why do we lock ? */
6525 s = splnet(); /*called from softclock()*/
6526
6527 /* sanity check */
6528 if (sav == NULL)
6529 panic("key_expire: NULL pointer is passed.");
6530 if (sav->sah == NULL)
6531 panic("key_expire: Why was SA index in SA NULL.");
6532 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
6533 panic("key_expire: invalid proto is passed.");
6534
6535 /* set msg header */
6536 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
6537 if (!m) {
6538 error = ENOBUFS;
6539 goto fail;
6540 }
6541 result = m;
6542
6543 /* create SA extension */
6544 m = key_setsadbsa(sav);
6545 if (!m) {
6546 error = ENOBUFS;
6547 goto fail;
6548 }
6549 m_cat(result, m);
6550
6551 /* create SA extension */
6552 m = key_setsadbxsa2(sav->sah->saidx.mode,
6553 sav->replay ? (sav->replay->count & 0xffffffff) : 0,
6554 sav->sah->saidx.reqid);
6555 if (!m) {
6556 error = ENOBUFS;
6557 goto fail;
6558 }
6559 m_cat(result, m);
6560
6561 /* create lifetime extension (current and soft) */
6562 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
6563 m = key_alloc_mbuf(len);
6564 if (!m || m->m_next) { /*XXX*/
6565 if (m)
6566 m_freem(m);
6567 error = ENOBUFS;
6568 goto fail;
6569 }
6570 bzero(mtod(m, caddr_t), len);
6571 lt = mtod(m, struct sadb_lifetime *);
6572 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
6573 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
6574 lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations;
6575 lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes;
6576 lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime;
6577 lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime;
6578 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
6579 bcopy(sav->lft_s, lt, sizeof(*lt));
6580 m_cat(result, m);
6581
6582 /* set sadb_address for source */
6583 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
6584 (struct sockaddr *)&sav->sah->saidx.src,
6585 FULLMASK, IPSEC_ULPROTO_ANY);
6586 if (!m) {
6587 error = ENOBUFS;
6588 goto fail;
6589 }
6590 m_cat(result, m);
6591
6592 /* set sadb_address for destination */
6593 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
6594 (struct sockaddr *)&sav->sah->saidx.dst,
6595 FULLMASK, IPSEC_ULPROTO_ANY);
6596 if (!m) {
6597 error = ENOBUFS;
6598 goto fail;
6599 }
6600 m_cat(result, m);
6601
6602 if ((result->m_flags & M_PKTHDR) == 0) {
6603 error = EINVAL;
6604 goto fail;
6605 }
6606
6607 if (result->m_len < sizeof(struct sadb_msg)) {
6608 result = m_pullup(result, sizeof(struct sadb_msg));
6609 if (result == NULL) {
6610 error = ENOBUFS;
6611 goto fail;
6612 }
6613 }
6614
6615 result->m_pkthdr.len = 0;
6616 for (m = result; m; m = m->m_next)
6617 result->m_pkthdr.len += m->m_len;
6618
6619 mtod(result, struct sadb_msg *)->sadb_msg_len =
6620 PFKEY_UNIT64(result->m_pkthdr.len);
6621
6622 splx(s);
6623 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
6624
6625 fail:
6626 if (result)
6627 m_freem(result);
6628 splx(s);
6629 return error;
6630 }
6631
6632 /*
6633 * SADB_FLUSH processing
6634 * receive
6635 * <base>
6636 * from the ikmpd, and free all entries in secastree.
6637 * and send,
6638 * <base>
6639 * to the ikmpd.
6640 * NOTE: to do is only marking SADB_SASTATE_DEAD.
6641 *
6642 * m will always be freed.
6643 */
6644 static int
6645 key_flush(so, m, mhp)
6646 struct socket *so;
6647 struct mbuf *m;
6648 const struct sadb_msghdr *mhp;
6649 {
6650 struct sadb_msg *newmsg;
6651 struct secashead *sah, *nextsah;
6652 struct secasvar *sav, *nextsav;
6653 u_int16_t proto;
6654 u_int8_t state;
6655 u_int stateidx;
6656
6657 /* sanity check */
6658 if (so == NULL || mhp == NULL || mhp->msg == NULL)
6659 panic("key_flush: NULL pointer is passed.");
6660
6661 /* map satype to proto */
6662 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6663 ipseclog((LOG_DEBUG, "key_flush: invalid satype is passed.\n"));
6664 return key_senderror(so, m, EINVAL);
6665 }
6666
6667 /* no SATYPE specified, i.e. flushing all SA. */
6668 for (sah = LIST_FIRST(&sahtree); sah != NULL; sah = nextsah) {
6669 nextsah = LIST_NEXT(sah, chain);
6670
6671 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
6672 proto != sah->saidx.proto)
6673 continue;
6674
6675 for (stateidx = 0;
6676 stateidx < _ARRAYLEN(saorder_state_alive);
6677 stateidx++) {
6678 state = saorder_state_any[stateidx];
6679 for (sav = LIST_FIRST(&sah->savtree[state]);
6680 sav != NULL;
6681 sav = nextsav) {
6682
6683 nextsav = LIST_NEXT(sav, chain);
6684
6685 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
6686 key_freesav(sav);
6687 }
6688 }
6689
6690 sah->state = SADB_SASTATE_DEAD;
6691 }
6692
6693 if (m->m_len < sizeof(struct sadb_msg) ||
6694 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
6695 ipseclog((LOG_DEBUG, "key_flush: No more memory.\n"));
6696 return key_senderror(so, m, ENOBUFS);
6697 }
6698
6699 if (m->m_next)
6700 m_freem(m->m_next);
6701 m->m_next = NULL;
6702 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
6703 newmsg = mtod(m, struct sadb_msg *);
6704 newmsg->sadb_msg_errno = 0;
6705 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
6706
6707 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
6708 }
6709
6710 /*
6711 * SADB_DUMP processing
6712 * dump all entries including status of DEAD in SAD.
6713 * receive
6714 * <base>
6715 * from the ikmpd, and dump all secasvar leaves
6716 * and send,
6717 * <base> .....
6718 * to the ikmpd.
6719 *
6720 * m will always be freed.
6721 */
6722 static int
6723 key_dump(so, m, mhp)
6724 struct socket *so;
6725 struct mbuf *m;
6726 const struct sadb_msghdr *mhp;
6727 {
6728 struct secashead *sah;
6729 struct secasvar *sav;
6730 u_int16_t proto;
6731 u_int stateidx;
6732 u_int8_t satype;
6733 u_int8_t state;
6734 int cnt;
6735 struct mbuf *n;
6736
6737 /* sanity check */
6738 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6739 panic("key_dump: NULL pointer is passed.");
6740
6741 /* map satype to proto */
6742 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6743 ipseclog((LOG_DEBUG, "key_dump: invalid satype is passed.\n"));
6744 return key_senderror(so, m, EINVAL);
6745 }
6746
6747 /* count sav entries to be sent to the userland. */
6748 cnt = 0;
6749 LIST_FOREACH(sah, &sahtree, chain) {
6750 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
6751 proto != sah->saidx.proto)
6752 continue;
6753
6754 for (stateidx = 0;
6755 stateidx < _ARRAYLEN(saorder_state_any);
6756 stateidx++) {
6757 state = saorder_state_any[stateidx];
6758 LIST_FOREACH(sav, &sah->savtree[state], chain) {
6759 cnt++;
6760 }
6761 }
6762 }
6763
6764 if (cnt == 0)
6765 return key_senderror(so, m, ENOENT);
6766
6767 /* send this to the userland, one at a time. */
6768 LIST_FOREACH(sah, &sahtree, chain) {
6769 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
6770 proto != sah->saidx.proto)
6771 continue;
6772
6773 /* map proto to satype */
6774 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
6775 ipseclog((LOG_DEBUG, "key_dump: there was invalid proto in SAD.\n"));
6776 return key_senderror(so, m, EINVAL);
6777 }
6778
6779 for (stateidx = 0;
6780 stateidx < _ARRAYLEN(saorder_state_any);
6781 stateidx++) {
6782 state = saorder_state_any[stateidx];
6783 LIST_FOREACH(sav, &sah->savtree[state], chain) {
6784 n = key_setdumpsa(sav, SADB_DUMP, satype,
6785 --cnt, mhp->msg->sadb_msg_pid);
6786 if (!n)
6787 return key_senderror(so, m, ENOBUFS);
6788
6789 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
6790 }
6791 }
6792 }
6793
6794 m_freem(m);
6795 return 0;
6796 }
6797
6798 /*
6799 * SADB_X_PROMISC processing
6800 *
6801 * m will always be freed.
6802 */
6803 static int
6804 key_promisc(so, m, mhp)
6805 struct socket *so;
6806 struct mbuf *m;
6807 const struct sadb_msghdr *mhp;
6808 {
6809 int olen;
6810
6811 /* sanity check */
6812 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6813 panic("key_promisc: NULL pointer is passed.");
6814
6815 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
6816
6817 if (olen < sizeof(struct sadb_msg)) {
6818 #if 1
6819 return key_senderror(so, m, EINVAL);
6820 #else
6821 m_freem(m);
6822 return 0;
6823 #endif
6824 } else if (olen == sizeof(struct sadb_msg)) {
6825 /* enable/disable promisc mode */
6826 struct keycb *kp;
6827
6828 if ((kp = (struct keycb *)sotorawcb(so)) == NULL)
6829 return key_senderror(so, m, EINVAL);
6830 mhp->msg->sadb_msg_errno = 0;
6831 switch (mhp->msg->sadb_msg_satype) {
6832 case 0:
6833 case 1:
6834 kp->kp_promisc = mhp->msg->sadb_msg_satype;
6835 break;
6836 default:
6837 return key_senderror(so, m, EINVAL);
6838 }
6839
6840 /* send the original message back to everyone */
6841 mhp->msg->sadb_msg_errno = 0;
6842 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
6843 } else {
6844 /* send packet as is */
6845
6846 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
6847
6848 /* TODO: if sadb_msg_seq is specified, send to specific pid */
6849 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
6850 }
6851 }
6852
6853 static int (*key_typesw[])(struct socket *, struct mbuf *,
6854 const struct sadb_msghdr *) = {
6855 NULL, /* SADB_RESERVED */
6856 key_getspi, /* SADB_GETSPI */
6857 key_update, /* SADB_UPDATE */
6858 key_add, /* SADB_ADD */
6859 key_delete, /* SADB_DELETE */
6860 key_get, /* SADB_GET */
6861 key_acquire2, /* SADB_ACQUIRE */
6862 key_register, /* SADB_REGISTER */
6863 NULL, /* SADB_EXPIRE */
6864 key_flush, /* SADB_FLUSH */
6865 key_dump, /* SADB_DUMP */
6866 key_promisc, /* SADB_X_PROMISC */
6867 NULL, /* SADB_X_PCHANGE */
6868 key_spdadd, /* SADB_X_SPDUPDATE */
6869 key_spdadd, /* SADB_X_SPDADD */
6870 key_spddelete, /* SADB_X_SPDDELETE */
6871 key_spdget, /* SADB_X_SPDGET */
6872 NULL, /* SADB_X_SPDACQUIRE */
6873 key_spddump, /* SADB_X_SPDDUMP */
6874 key_spdflush, /* SADB_X_SPDFLUSH */
6875 key_spdadd, /* SADB_X_SPDSETIDX */
6876 NULL, /* SADB_X_SPDEXPIRE */
6877 key_spddelete2, /* SADB_X_SPDDELETE2 */
6878 };
6879
6880 /*
6881 * parse sadb_msg buffer to process PFKEYv2,
6882 * and create a data to response if needed.
6883 * I think to be dealed with mbuf directly.
6884 * IN:
6885 * msgp : pointer to pointer to a received buffer pulluped.
6886 * This is rewrited to response.
6887 * so : pointer to socket.
6888 * OUT:
6889 * length for buffer to send to user process.
6890 */
6891 int
6892 key_parse(m, so)
6893 struct mbuf *m;
6894 struct socket *so;
6895 {
6896 struct sadb_msg *msg;
6897 struct sadb_msghdr mh;
6898 u_int orglen;
6899 int error;
6900 int target;
6901 #ifdef INET6
6902 struct sockaddr_in6 *sin6;
6903 #endif
6904
6905 /* sanity check */
6906 if (m == NULL || so == NULL)
6907 panic("key_parse: NULL pointer is passed.");
6908
6909 #if 0 /*kdebug_sadb assumes msg in linear buffer*/
6910 KEYDEBUG(KEYDEBUG_KEY_DUMP,
6911 ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n"));
6912 kdebug_sadb(msg));
6913 #endif
6914
6915 if (m->m_len < sizeof(struct sadb_msg)) {
6916 m = m_pullup(m, sizeof(struct sadb_msg));
6917 if (!m)
6918 return ENOBUFS;
6919 }
6920 msg = mtod(m, struct sadb_msg *);
6921 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
6922 target = KEY_SENDUP_ONE;
6923
6924 if ((m->m_flags & M_PKTHDR) == 0 ||
6925 m->m_pkthdr.len != m->m_pkthdr.len) {
6926 ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n"));
6927 pfkeystat.out_invlen++;
6928 error = EINVAL;
6929 goto senderror;
6930 }
6931
6932 if (msg->sadb_msg_version != PF_KEY_V2) {
6933 ipseclog((LOG_DEBUG,
6934 "key_parse: PF_KEY version %u is mismatched.\n",
6935 msg->sadb_msg_version));
6936 pfkeystat.out_invver++;
6937 error = EINVAL;
6938 goto senderror;
6939 }
6940
6941 if (msg->sadb_msg_type > SADB_MAX) {
6942 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
6943 msg->sadb_msg_type));
6944 pfkeystat.out_invmsgtype++;
6945 error = EINVAL;
6946 goto senderror;
6947 }
6948
6949 /* for old-fashioned code - should be nuked */
6950 if (m->m_pkthdr.len > MCLBYTES) {
6951 m_freem(m);
6952 return ENOBUFS;
6953 }
6954 if (m->m_next) {
6955 struct mbuf *n;
6956
6957 MGETHDR(n, M_DONTWAIT, MT_DATA);
6958 if (n && m->m_pkthdr.len > MHLEN) {
6959 MCLGET(n, M_DONTWAIT);
6960 if ((n->m_flags & M_EXT) == 0) {
6961 m_free(n);
6962 n = NULL;
6963 }
6964 }
6965 if (!n) {
6966 m_freem(m);
6967 return ENOBUFS;
6968 }
6969 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t));
6970 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
6971 n->m_next = NULL;
6972 m_freem(m);
6973 m = n;
6974 }
6975
6976 /* align the mbuf chain so that extensions are in contiguous region. */
6977 error = key_align(m, &mh);
6978 if (error)
6979 return error;
6980
6981 msg = mh.msg;
6982
6983 /* check SA type */
6984 switch (msg->sadb_msg_satype) {
6985 case SADB_SATYPE_UNSPEC:
6986 switch (msg->sadb_msg_type) {
6987 case SADB_GETSPI:
6988 case SADB_UPDATE:
6989 case SADB_ADD:
6990 case SADB_DELETE:
6991 case SADB_GET:
6992 case SADB_ACQUIRE:
6993 case SADB_EXPIRE:
6994 ipseclog((LOG_DEBUG, "key_parse: must specify satype "
6995 "when msg type=%u.\n", msg->sadb_msg_type));
6996 pfkeystat.out_invsatype++;
6997 error = EINVAL;
6998 goto senderror;
6999 }
7000 break;
7001 case SADB_SATYPE_AH:
7002 case SADB_SATYPE_ESP:
7003 case SADB_X_SATYPE_IPCOMP:
7004 case SADB_X_SATYPE_TCPSIGNATURE:
7005 switch (msg->sadb_msg_type) {
7006 case SADB_X_SPDADD:
7007 case SADB_X_SPDDELETE:
7008 case SADB_X_SPDGET:
7009 case SADB_X_SPDDUMP:
7010 case SADB_X_SPDFLUSH:
7011 case SADB_X_SPDSETIDX:
7012 case SADB_X_SPDUPDATE:
7013 case SADB_X_SPDDELETE2:
7014 ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n",
7015 msg->sadb_msg_type));
7016 pfkeystat.out_invsatype++;
7017 error = EINVAL;
7018 goto senderror;
7019 }
7020 break;
7021 case SADB_SATYPE_RSVP:
7022 case SADB_SATYPE_OSPFV2:
7023 case SADB_SATYPE_RIPV2:
7024 case SADB_SATYPE_MIP:
7025 ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n",
7026 msg->sadb_msg_satype));
7027 pfkeystat.out_invsatype++;
7028 error = EOPNOTSUPP;
7029 goto senderror;
7030 case 1: /* XXX: What does it do? */
7031 if (msg->sadb_msg_type == SADB_X_PROMISC)
7032 break;
7033 /*FALLTHROUGH*/
7034 default:
7035 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
7036 msg->sadb_msg_satype));
7037 pfkeystat.out_invsatype++;
7038 error = EINVAL;
7039 goto senderror;
7040 }
7041
7042 /* check field of upper layer protocol and address family */
7043 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL &&
7044 mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
7045 struct sadb_address *src0, *dst0;
7046 u_int plen;
7047
7048 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
7049 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
7050
7051 /* check upper layer protocol */
7052 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
7053 ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n"));
7054 pfkeystat.out_invaddr++;
7055 error = EINVAL;
7056 goto senderror;
7057 }
7058
7059 /* check family */
7060 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
7061 PFKEY_ADDR_SADDR(dst0)->sa_family) {
7062 ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n"));
7063 pfkeystat.out_invaddr++;
7064 error = EINVAL;
7065 goto senderror;
7066 }
7067 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7068 PFKEY_ADDR_SADDR(dst0)->sa_len) {
7069 ipseclog((LOG_DEBUG,
7070 "key_parse: address struct size mismatched.\n"));
7071 pfkeystat.out_invaddr++;
7072 error = EINVAL;
7073 goto senderror;
7074 }
7075
7076 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
7077 case AF_INET:
7078 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7079 sizeof(struct sockaddr_in)) {
7080 pfkeystat.out_invaddr++;
7081 error = EINVAL;
7082 goto senderror;
7083 }
7084 break;
7085 case AF_INET6:
7086 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7087 sizeof(struct sockaddr_in6)) {
7088 pfkeystat.out_invaddr++;
7089 error = EINVAL;
7090 goto senderror;
7091 }
7092 #ifdef INET6
7093 /*
7094 * Check validity of the scope zone ID of the
7095 * addresses, and embed the zone ID into the address
7096 * if necessary.
7097 */
7098 sin6 = (struct sockaddr_in6 *)PFKEY_ADDR_SADDR(src0);
7099 if ((error = sa6_embedscope(sin6, 0)) != 0)
7100 goto senderror;
7101 sin6 = (struct sockaddr_in6 *)PFKEY_ADDR_SADDR(dst0);
7102 if ((error = sa6_embedscope(sin6, 0)) != 0)
7103 goto senderror;
7104 #endif
7105 break;
7106 default:
7107 ipseclog((LOG_DEBUG,
7108 "key_parse: unsupported address family.\n"));
7109 pfkeystat.out_invaddr++;
7110 error = EAFNOSUPPORT;
7111 goto senderror;
7112 }
7113
7114 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
7115 case AF_INET:
7116 plen = sizeof(struct in_addr) << 3;
7117 break;
7118 case AF_INET6:
7119 plen = sizeof(struct in6_addr) << 3;
7120 break;
7121 default:
7122 plen = 0; /*fool gcc*/
7123 break;
7124 }
7125
7126 /* check max prefix length */
7127 if (src0->sadb_address_prefixlen > plen ||
7128 dst0->sadb_address_prefixlen > plen) {
7129 ipseclog((LOG_DEBUG,
7130 "key_parse: illegal prefixlen.\n"));
7131 pfkeystat.out_invaddr++;
7132 error = EINVAL;
7133 goto senderror;
7134 }
7135
7136 /*
7137 * prefixlen == 0 is valid because there can be a case when
7138 * all addresses are matched.
7139 */
7140 }
7141
7142 if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
7143 key_typesw[msg->sadb_msg_type] == NULL) {
7144 pfkeystat.out_invmsgtype++;
7145 error = EINVAL;
7146 goto senderror;
7147 }
7148
7149 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
7150
7151 senderror:
7152 msg->sadb_msg_errno = error;
7153 return key_sendup_mbuf(so, m, target);
7154 }
7155
7156 static int
7157 key_senderror(so, m, code)
7158 struct socket *so;
7159 struct mbuf *m;
7160 int code;
7161 {
7162 struct sadb_msg *msg;
7163
7164 if (m->m_len < sizeof(struct sadb_msg))
7165 panic("invalid mbuf passed to key_senderror");
7166
7167 msg = mtod(m, struct sadb_msg *);
7168 msg->sadb_msg_errno = code;
7169 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
7170 }
7171
7172 /*
7173 * set the pointer to each header into message buffer.
7174 * m will be freed on error.
7175 * XXX larger-than-MCLBYTES extension?
7176 */
7177 static int
7178 key_align(m, mhp)
7179 struct mbuf *m;
7180 struct sadb_msghdr *mhp;
7181 {
7182 struct mbuf *n;
7183 struct sadb_ext *ext;
7184 size_t off, end;
7185 int extlen;
7186 int toff;
7187
7188 /* sanity check */
7189 if (m == NULL || mhp == NULL)
7190 panic("key_align: NULL pointer is passed.");
7191 if (m->m_len < sizeof(struct sadb_msg))
7192 panic("invalid mbuf passed to key_align");
7193
7194 /* initialize */
7195 bzero(mhp, sizeof(*mhp));
7196
7197 mhp->msg = mtod(m, struct sadb_msg *);
7198 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */
7199
7200 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
7201 extlen = end; /*just in case extlen is not updated*/
7202 for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
7203 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
7204 if (!n) {
7205 /* m is already freed */
7206 return ENOBUFS;
7207 }
7208 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
7209
7210 /* set pointer */
7211 switch (ext->sadb_ext_type) {
7212 case SADB_EXT_SA:
7213 case SADB_EXT_ADDRESS_SRC:
7214 case SADB_EXT_ADDRESS_DST:
7215 case SADB_EXT_ADDRESS_PROXY:
7216 case SADB_EXT_LIFETIME_CURRENT:
7217 case SADB_EXT_LIFETIME_HARD:
7218 case SADB_EXT_LIFETIME_SOFT:
7219 case SADB_EXT_KEY_AUTH:
7220 case SADB_EXT_KEY_ENCRYPT:
7221 case SADB_EXT_IDENTITY_SRC:
7222 case SADB_EXT_IDENTITY_DST:
7223 case SADB_EXT_SENSITIVITY:
7224 case SADB_EXT_PROPOSAL:
7225 case SADB_EXT_SUPPORTED_AUTH:
7226 case SADB_EXT_SUPPORTED_ENCRYPT:
7227 case SADB_EXT_SPIRANGE:
7228 case SADB_X_EXT_POLICY:
7229 case SADB_X_EXT_SA2:
7230 /* duplicate check */
7231 /*
7232 * XXX Are there duplication payloads of either
7233 * KEY_AUTH or KEY_ENCRYPT ?
7234 */
7235 if (mhp->ext[ext->sadb_ext_type] != NULL) {
7236 ipseclog((LOG_DEBUG,
7237 "key_align: duplicate ext_type %u "
7238 "is passed.\n", ext->sadb_ext_type));
7239 m_freem(m);
7240 pfkeystat.out_dupext++;
7241 return EINVAL;
7242 }
7243 break;
7244 default:
7245 ipseclog((LOG_DEBUG,
7246 "key_align: invalid ext_type %u is passed.\n",
7247 ext->sadb_ext_type));
7248 m_freem(m);
7249 pfkeystat.out_invexttype++;
7250 return EINVAL;
7251 }
7252
7253 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
7254
7255 if (key_validate_ext(ext, extlen)) {
7256 m_freem(m);
7257 pfkeystat.out_invlen++;
7258 return EINVAL;
7259 }
7260
7261 n = m_pulldown(m, off, extlen, &toff);
7262 if (!n) {
7263 /* m is already freed */
7264 return ENOBUFS;
7265 }
7266 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
7267
7268 mhp->ext[ext->sadb_ext_type] = ext;
7269 mhp->extoff[ext->sadb_ext_type] = off;
7270 mhp->extlen[ext->sadb_ext_type] = extlen;
7271 }
7272
7273 if (off != end) {
7274 m_freem(m);
7275 pfkeystat.out_invlen++;
7276 return EINVAL;
7277 }
7278
7279 return 0;
7280 }
7281
7282 static int
7283 key_validate_ext(ext, len)
7284 struct sadb_ext *ext;
7285 int len;
7286 {
7287 struct sockaddr *sa;
7288 enum { NONE, ADDR } checktype = NONE;
7289 int baselen = 0;
7290 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
7291
7292 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
7293 return EINVAL;
7294
7295 /* if it does not match minimum/maximum length, bail */
7296 if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) ||
7297 ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0]))
7298 return EINVAL;
7299 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
7300 return EINVAL;
7301 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
7302 return EINVAL;
7303
7304 /* more checks based on sadb_ext_type XXX need more */
7305 switch (ext->sadb_ext_type) {
7306 case SADB_EXT_ADDRESS_SRC:
7307 case SADB_EXT_ADDRESS_DST:
7308 case SADB_EXT_ADDRESS_PROXY:
7309 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
7310 checktype = ADDR;
7311 break;
7312 case SADB_EXT_IDENTITY_SRC:
7313 case SADB_EXT_IDENTITY_DST:
7314 if (((struct sadb_ident *)ext)->sadb_ident_type ==
7315 SADB_X_IDENTTYPE_ADDR) {
7316 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
7317 checktype = ADDR;
7318 } else
7319 checktype = NONE;
7320 break;
7321 default:
7322 checktype = NONE;
7323 break;
7324 }
7325
7326 switch (checktype) {
7327 case NONE:
7328 break;
7329 case ADDR:
7330 sa = (struct sockaddr *)((caddr_t)ext + baselen);
7331 if (len < baselen + sal)
7332 return EINVAL;
7333 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
7334 return EINVAL;
7335 break;
7336 }
7337
7338 return 0;
7339 }
7340
7341 void
7342 key_init()
7343 {
7344 int i;
7345
7346 bzero((caddr_t)&key_cb, sizeof(key_cb));
7347
7348 callout_init(&key_timehandler_ch, 0);
7349
7350 for (i = 0; i < IPSEC_DIR_MAX; i++)
7351 LIST_INIT(&sptree[i]);
7352
7353 LIST_INIT(&sahtree);
7354
7355 for (i = 0; i <= SADB_SATYPE_MAX; i++)
7356 LIST_INIT(®tree[i]);
7357
7358 for (i = 0; i < SPIHASHSIZE; i++)
7359 LIST_INIT(&spihash[i]);
7360
7361 #ifndef IPSEC_NONBLOCK_ACQUIRE
7362 LIST_INIT(&acqtree);
7363 #endif
7364 LIST_INIT(&spacqtree);
7365
7366 TAILQ_INIT(&satailq);
7367 TAILQ_INIT(&sptailq);
7368
7369 /* system default */
7370 #ifdef INET
7371 ip4_def_policy = key_newsp(0);
7372 if (!ip4_def_policy)
7373 panic("could not initialize IPv4 default security policy");
7374 ip4_def_policy->state = IPSEC_SPSTATE_ALIVE;
7375 ip4_def_policy->policy = IPSEC_POLICY_NONE;
7376 ip4_def_policy->dir = IPSEC_DIR_ANY;
7377 ip4_def_policy->readonly = 1;
7378 ip4_def_policy->persist = 1;
7379 #endif
7380 #ifdef INET6
7381 ip6_def_policy = key_newsp(0);
7382 if (!ip6_def_policy)
7383 panic("could not initialize IPv6 default security policy");
7384 ip6_def_policy->state = IPSEC_SPSTATE_ALIVE;
7385 ip6_def_policy->policy = IPSEC_POLICY_NONE;
7386 ip6_def_policy->dir = IPSEC_DIR_ANY;
7387 ip6_def_policy->readonly = 1;
7388 ip6_def_policy->persist = 1;
7389 #endif
7390
7391 callout_reset(&key_timehandler_ch, hz, key_timehandler, (void *)0);
7392
7393 /* initialize key statistics */
7394 keystat.getspi_count = 1;
7395
7396 printf("IPsec: Initialized Security Association Processing.\n");
7397
7398 return;
7399 }
7400
7401 /*
7402 * XXX: maybe This function is called after INBOUND IPsec processing.
7403 *
7404 * Special check for tunnel-mode packets.
7405 * We must make some checks for consistency between inner and outer IP header.
7406 *
7407 * xxx more checks to be provided
7408 */
7409 int
7410 key_checktunnelsanity(sav, family, src, dst)
7411 struct secasvar *sav;
7412 u_int family;
7413 caddr_t src;
7414 caddr_t dst;
7415 {
7416 /* sanity check */
7417 if (sav->sah == NULL)
7418 panic("sav->sah == NULL at key_checktunnelsanity");
7419
7420 /* XXX: check inner IP header */
7421
7422 return 1;
7423 }
7424
7425 #if 0
7426 /*
7427 * Get FQDN for the host.
7428 * If the administrator configured hostname (by hostname(1)) without
7429 * domain name, returns nothing.
7430 */
7431 static const char *
7432 key_getfqdn()
7433 {
7434 int i;
7435 int hasdot;
7436 static char fqdn[MAXHOSTNAMELEN + 1];
7437 int hostnamelen = strlen(hostname);
7438
7439 if (!hostnamelen)
7440 return NULL;
7441
7442 /* check if it comes with domain name. */
7443 hasdot = 0;
7444 for (i = 0; i < hostnamelen; i++) {
7445 if (hostname[i] == '.')
7446 hasdot++;
7447 }
7448 if (!hasdot)
7449 return NULL;
7450
7451 /* NOTE: hostname may not be NUL-terminated. */
7452 bzero(fqdn, sizeof(fqdn));
7453 bcopy(hostname, fqdn, hostnamelen);
7454 fqdn[hostnamelen] = '\0';
7455 return fqdn;
7456 }
7457
7458 /*
7459 * get username@FQDN for the host/user.
7460 */
7461 static const char *
7462 key_getuserfqdn()
7463 {
7464 const char *host;
7465 static char userfqdn[MAXHOSTNAMELEN + MAXLOGNAME + 2];
7466 struct proc *p = curproc;
7467 char *q;
7468
7469 PROC_LOCK(p);
7470 if (!p || !p->p_pgrp || !p->p_pgrp->pg_session) {
7471 PROC_UNLOCK(p);
7472 return NULL;
7473 }
7474 if (!(host = key_getfqdn())) {
7475 PROC_UNLOCK(p);
7476 return NULL;
7477 }
7478
7479 /* NOTE: s_login may not be-NUL terminated. */
7480 bzero(userfqdn, sizeof(userfqdn));
7481 SESS_LOCK(p->p_session);
7482 bcopy(p->p_pgrp->pg_session->s_login, userfqdn, MAXLOGNAME);
7483 SESS_UNLOCK(p->p_session);
7484 PROC_UNLOCK(p);
7485 userfqdn[MAXLOGNAME] = '\0'; /* safeguard */
7486 q = userfqdn + strlen(userfqdn);
7487 *q++ = '@';
7488 bcopy(host, q, strlen(host));
7489 q += strlen(host);
7490 *q++ = '\0';
7491
7492 return userfqdn;
7493 }
7494 #endif
7495
7496 /* record data transfer on SA, and update timestamps */
7497 void
7498 key_sa_recordxfer(sav, m)
7499 struct secasvar *sav;
7500 struct mbuf *m;
7501 {
7502 if (!sav)
7503 panic("key_sa_recordxfer called with sav == NULL");
7504 if (!m)
7505 panic("key_sa_recordxfer called with m == NULL");
7506 if (!sav->lft_c)
7507 return;
7508
7509 /*
7510 * XXX Currently, there is a difference of bytes size
7511 * between inbound and outbound processing.
7512 */
7513 sav->lft_c->sadb_lifetime_bytes += m->m_pkthdr.len;
7514 /* to check bytes lifetime is done in key_timehandler(). */
7515
7516 /*
7517 * We use the number of packets as the unit of
7518 * sadb_lifetime_allocations. We increment the variable
7519 * whenever {esp,ah}_{in,out}put is called.
7520 */
7521 sav->lft_c->sadb_lifetime_allocations++;
7522 /* XXX check for expires? */
7523
7524 /*
7525 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
7526 * in seconds. HARD and SOFT lifetime are measured by the time
7527 * difference (again in seconds) from sadb_lifetime_usetime.
7528 *
7529 * usetime
7530 * v expire expire
7531 * -----+-----+--------+---> t
7532 * <--------------> HARD
7533 * <-----> SOFT
7534 */
7535 {
7536 sav->lft_c->sadb_lifetime_usetime = time_second;
7537 /* XXX check for expires? */
7538 }
7539
7540 return;
7541 }
7542
7543 /* dumb version */
7544 void
7545 key_sa_routechange(dst)
7546 struct sockaddr *dst;
7547 {
7548 struct secashead *sah;
7549 struct route *ro;
7550
7551 LIST_FOREACH(sah, &sahtree, chain) {
7552 ro = &sah->sa_route;
7553 if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len &&
7554 bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) {
7555 RTFREE(ro->ro_rt);
7556 ro->ro_rt = (struct rtentry *)NULL;
7557 }
7558 }
7559
7560 return;
7561 }
7562
7563 static void
7564 key_sa_chgstate(sav, state)
7565 struct secasvar *sav;
7566 u_int8_t state;
7567 {
7568 if (sav == NULL)
7569 panic("key_sa_chgstate called with sav == NULL");
7570
7571 if (sav->state == state)
7572 return;
7573
7574 if (__LIST_CHAINED(sav))
7575 LIST_REMOVE(sav, chain);
7576
7577 sav->state = state;
7578 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
7579 }
7580
7581 void
7582 key_sa_stir_iv(sav)
7583 struct secasvar *sav;
7584 {
7585
7586 if (!sav->iv)
7587 panic("key_sa_stir_iv called with sav == NULL");
7588 key_randomfill(sav->iv, sav->ivlen);
7589 }
7590
7591 static void
7592 key_sp_dead(sp)
7593 struct secpolicy *sp;
7594 {
7595
7596 /* mark the SP dead */
7597 sp->state = IPSEC_SPSTATE_DEAD;
7598 }
7599
7600 static void
7601 key_sp_unlink(sp)
7602 struct secpolicy *sp;
7603 {
7604
7605 /* remove from SP index */
7606 if (__LIST_CHAINED(sp)) {
7607 LIST_REMOVE(sp, chain);
7608 key_freesp(sp);
7609 }
7610 }
7611
7612 /* XXX too much? */
7613 static struct mbuf *
7614 key_alloc_mbuf(l)
7615 int l;
7616 {
7617 struct mbuf *m = NULL, *n;
7618 int len, t;
7619
7620 len = l;
7621 while (len > 0) {
7622 MGET(n, M_DONTWAIT, MT_DATA);
7623 if (n && len > MLEN)
7624 MCLGET(n, M_DONTWAIT);
7625 if (!n) {
7626 m_freem(m);
7627 return NULL;
7628 }
7629
7630 n->m_next = NULL;
7631 n->m_len = 0;
7632 n->m_len = M_TRAILINGSPACE(n);
7633 /* use the bottom of mbuf, hoping we can prepend afterwards */
7634 if (n->m_len > len) {
7635 t = (n->m_len - len) & ~(sizeof(long) - 1);
7636 n->m_data += t;
7637 n->m_len = len;
7638 }
7639
7640 len -= n->m_len;
7641
7642 if (m)
7643 m_cat(m, n);
7644 else
7645 m = n;
7646 }
7647
7648 return m;
7649 }
Cache object: 5bbd5a02078d04a02e01a349382dc682
|