search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Expand PMF_FN_* macros.
[netbsd-mini2440.git] / sys / netkey / key.c
blob3289e2bd612bca78748b6c3d27cec9f244b028c9
1 /* $NetBSD: key.c,v 1.174 2009/04/18 14:58:06 tsutsui Exp $ */
2 /* $KAME: key.c,v 1.310 2003/09/08 02:23:44 itojun Exp $ */
3
4 /*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 /*
34 * This code is referred to RFC 2367
35 */
36
37 #include <sys/cdefs.h>
38 __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.174 2009/04/18 14:58:06 tsutsui Exp $");
39
40 #include "opt_inet.h"
41 #include "opt_ipsec.h"
42 #include "fs_kernfs.h"
43
44 #include <sys/param.h>
45 #include <sys/systm.h>
46 #include <sys/callout.h>
47 #include <sys/kernel.h>
48 #include <sys/mbuf.h>
49 #include <sys/domain.h>
50 #include <sys/protosw.h>
51 #include <sys/malloc.h>
52 #include <sys/socket.h>
53 #include <sys/socketvar.h>
54 #include <sys/errno.h>
55 #include <sys/proc.h>
56 #include <sys/queue.h>
57 #include <sys/sysctl.h>
58 #include <sys/syslog.h>
59 #include <sys/once.h>
60
61 #include <net/if.h>
62 #include <net/route.h>
63 #include <net/raw_cb.h>
64
65 #include <netinet/in.h>
66 #include <netinet/in_systm.h>
67 #include <netinet/ip.h>
68 #include <netinet/in_var.h>
69
70 #ifdef INET6
71 #include <netinet/ip6.h>
72 #include <netinet6/in6_var.h>
73 #include <netinet6/ip6_var.h>
74 #include <netinet6/scope6_var.h>
75 #endif /* INET6 */
76
77 #ifdef INET
78 #include <netinet/in_pcb.h>
79 #endif
80 #ifdef INET6
81 #include <netinet6/in6_pcb.h>
82 #endif /* INET6 */
83
84 #include <net/pfkeyv2.h>
85 #include <netkey/keydb.h>
86 #include <netkey/key.h>
87 #include <netkey/keysock.h>
88 #include <netkey/key_debug.h>
89 #include <netkey/key_private.h>
90
91 #include <netinet6/ipsec.h>
92 #include <netinet6/ah.h>
93 #ifdef IPSEC_ESP
94 #include <netinet6/esp.h>
95 #endif
96 #include <netinet6/ipcomp.h>
97
98 #ifdef KERNFS
99 #include <miscfs/kernfs/kernfs.h>
100 #endif
101
102 #include <machine/stdarg.h>
103
104 #include "rnd.h"
105 #if NRND > 0
106 #include <sys/rnd.h>
107 #endif
108
109 #include <net/net_osdep.h>
110
111 #ifndef offsetof
112 #define offsetof(type, member) ((size_t)(&((type *)0)->member))
113 #endif
114 #ifndef satosin
115 #define satosin(s) ((struct sockaddr_in *)s)
116 #endif
117
118 #define FULLMASK 0xff
119
120 percpu_t *pfkeystat_percpu;
121
122 /*
123 * Note on SA reference counting:
124 * - SAs that are not in DEAD state will have (total external reference + 1)
125 * following value in reference count field. they cannot be freed and are
126 * referenced from SA header.
127 * - SAs that are in DEAD state will have (total external reference)
128 * in reference count field. they are ready to be freed. reference from
129 * SA header will be removed in keydb_delsecasvar(), when the reference count
130 * field hits 0 (= no external reference other than from SA header.
131 */
132
133 u_int32_t key_debug_level = 0;
134 static u_int key_spi_trycnt = 1000;
135 static u_int32_t key_spi_minval = 0x100;
136 static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */
137 static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/
138 static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/
139 static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/
140
141 static u_int32_t acq_seq = 0;
142
143 struct _satailq satailq; /* list of all SAD entry */
144 struct _sptailq sptailq; /* SPD table + pcb */
145 static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD table */
146 static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */
147 static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1];
148 /* registed list */
149
150 #define SPIHASHSIZE 128
151 #define SPIHASH(x) (((x) ^ ((x) >> 16)) % SPIHASHSIZE)
152 static LIST_HEAD(_spihash, secasvar) spihash[SPIHASHSIZE];
153
154 #ifndef IPSEC_NONBLOCK_ACQUIRE
155 static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */
156 #endif
157 static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */
158
159 struct key_cb key_cb;
160
161 /* search order for SAs */
162 static const u_int saorder_state_valid[] = {
163 SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
164 /*
165 * This order is important because we must select a oldest SA
166 * for outbound processing. For inbound, This is not important.
167 */
168 };
169 static const u_int saorder_state_alive[] = {
170 /* except DEAD */
171 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
172 };
173 static const u_int saorder_state_any[] = {
174 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
175 SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
176 };
177
178 static const int minsize[] = {
179 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
180 sizeof(struct sadb_sa), /* SADB_EXT_SA */
181 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
182 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
183 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
184 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */
185 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */
186 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */
187 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */
188 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */
189 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */
190 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */
191 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */
192 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */
193 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */
194 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */
195 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
196 0, /* SADB_X_EXT_KMPRIVATE */
197 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */
198 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
199 sizeof(struct sadb_x_nat_t_type), /* SADB_X_EXT_NAT_T_TYPE */
200 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_SPORT */
201 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_DPORT */
202 sizeof(struct sadb_address), /* SADB_X_EXT_NAT_T_OA */
203 sizeof(struct sadb_x_nat_t_frag),/* SADB_X_EXT_NAT_T_FRAG */
204 #ifdef SADB_X_EXT_TAG
205 sizeof(struct sadb_x_tag), /* SADB_X_TAG */
206 #endif
207 };
208 static const int maxsize[] = {
209 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
210 sizeof(struct sadb_sa), /* SADB_EXT_SA */
211 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
212 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
213 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
214 0, /* SADB_EXT_ADDRESS_SRC */
215 0, /* SADB_EXT_ADDRESS_DST */
216 0, /* SADB_EXT_ADDRESS_PROXY */
217 0, /* SADB_EXT_KEY_AUTH */
218 0, /* SADB_EXT_KEY_ENCRYPT */
219 0, /* SADB_EXT_IDENTITY_SRC */
220 0, /* SADB_EXT_IDENTITY_DST */
221 0, /* SADB_EXT_SENSITIVITY */
222 0, /* SADB_EXT_PROPOSAL */
223 0, /* SADB_EXT_SUPPORTED_AUTH */
224 0, /* SADB_EXT_SUPPORTED_ENCRYPT */
225 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
226 0, /* SADB_X_EXT_KMPRIVATE */
227 0, /* SADB_X_EXT_POLICY */
228 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
229 sizeof(struct sadb_x_nat_t_type), /* SADB_X_EXT_NAT_T_TYPE */
230 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_SPORT */
231 sizeof(struct sadb_x_nat_t_port), /* SADB_X_EXT_NAT_T_DPORT */
232 0, /* SADB_X_EXT_NAT_T_OA */
233 sizeof(struct sadb_x_nat_t_frag), /* SADB_X_EXT_NAT_T_FRAG */
234 #ifdef SADB_X_EXT_TAG
235 sizeof(struct sadb_x_tag), /* SADB_X_TAG */
236 #endif
237 };
238
239 static int ipsec_esp_keymin = 256;
240 static int ipsec_esp_auth = 0;
241 static int ipsec_ah_keymin = 128;
242
243 #define __LIST_CHAINED(elm) \
244 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
245 #define LIST_INSERT_TAIL(head, elm, type, field) \
246 do {\
247 struct type *curelm = LIST_FIRST(head); \
248 if (curelm == NULL) {\
249 LIST_INSERT_HEAD(head, elm, field); \
250 } else { \
251 while (LIST_NEXT(curelm, field)) \
252 curelm = LIST_NEXT(curelm, field);\
253 LIST_INSERT_AFTER(curelm, elm, field);\
254 }\
255 } while (/*CONSTCOND*/ 0)
256
257 #define KEY_CHKSASTATE(head, sav, name) \
258 /* do */ { \
259 if ((head) != (sav)) { \
260 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%u SA=%u)\n", \
261 (name), (head), (sav))); \
262 continue; \
263 } \
264 } // while (/*CONSTCOND*/ 0)
265
266 #define KEY_CHKSPDIR(head, sp, name) \
267 do { \
268 if ((head) != (sp)) { \
269 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%u SP=%u), " \
270 "anyway continue.\n", \
271 (name), (head), (sp))); \
272 } \
273 } while (/*CONSTCOND*/ 0)
274
275 #if 1
276 #define KMALLOC(p, t, n) \
277 ((p) = (t) malloc((unsigned long)(n), M_SECA, M_NOWAIT))
278 #define KFREE(p) \
279 free((void *)(p), M_SECA)
280 #else
281 #define KMALLOC(p, t, n) \
282 do { \
283 ((p) = (t)malloc((unsigned long)(n), M_SECA, M_NOWAIT)); \
284 printf("%s %d: %p <- KMALLOC(%s, %d)\n", \
285 __FILE__, __LINE__, (p), #t, n); \
286 } while (/*CONSTCOND*/ 0)
287
288 #define KFREE(p) \
289 do { \
290 printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p)); \
291 free((void *)(p), M_SECA); \
292 } while (/*CONSTCOND*/ 0)
293 #endif
294
295 /*
296 * set parameters into secpolicyindex buffer.
297 * Must allocate secpolicyindex buffer passed to this function.
298 */
299 #define KEY_SETSECSPIDX(s, d, ps, pd, ulp, idx) \
300 do { \
301 (void)memset((idx), 0, sizeof(struct secpolicyindex)); \
302 (idx)->prefs = (ps); \
303 (idx)->prefd = (pd); \
304 (idx)->ul_proto = (ulp); \
305 (void)memcpy(&(idx)->src, (s), ((const struct sockaddr *)(s))->sa_len);\
306 (void)memcpy(&(idx)->dst, (d), ((const struct sockaddr *)(d))->sa_len);\
307 } while (/*CONSTCOND*/ 0)
308
309 /*
310 * set parameters into secasindex buffer.
311 * Must allocate secasindex buffer before calling this function.
312 */
313 #define KEY_SETSECASIDX(p, m, r, s, d, idx) \
314 do { \
315 (void)memset((idx), 0, sizeof(struct secasindex)); \
316 (idx)->proto = (p); \
317 (idx)->mode = (m); \
318 (idx)->reqid = (r); \
319 (void)memcpy(&(idx)->src, (s), ((const struct sockaddr *)(s))->sa_len);\
320 (void)memcpy(&(idx)->dst, (d), ((const struct sockaddr *)(d))->sa_len);\
321 } while (/*CONSTCOND*/ 0)
322
323 /* key statistics */
324 struct _keystat {
325 u_long getspi_count; /* the avarage of count to try to get new SPI */
326 } keystat;
327
328 struct sadb_msghdr {
329 struct sadb_msg *msg;
330 struct sadb_ext *ext[SADB_EXT_MAX + 1];
331 int extoff[SADB_EXT_MAX + 1];
332 int extlen[SADB_EXT_MAX + 1];
333 };
334
335 static struct secasvar *key_allocsa_policy(struct secasindex *);
336 static struct secasvar *key_do_allocsa_policy(struct secashead *, u_int);
337 static void key_delsav(struct secasvar *);
338 static void key_delsp(struct secpolicy *);
339 static struct secpolicy *key_getsp(struct secpolicyindex *, int);
340 #ifdef SADB_X_EXT_TAG
341 static struct secpolicy *key_getspbytag(u_int16_t, int);
342 #endif
343 static u_int16_t key_newreqid(void);
344 static struct mbuf *key_gather_mbuf(struct mbuf *,
345 const struct sadb_msghdr *, int, int, ...);
346 static int key_spdadd(struct socket *, struct mbuf *,
347 const struct sadb_msghdr *);
348 static int key_spddelete(struct socket *, struct mbuf *,
349 const struct sadb_msghdr *);
350 static int key_spddelete2(struct socket *, struct mbuf *,
351 const struct sadb_msghdr *);
352 static int key_spdget(struct socket *, struct mbuf *,
353 const struct sadb_msghdr *);
354 static int key_spdflush(struct socket *, struct mbuf *,
355 const struct sadb_msghdr *);
356 static int key_spddump(struct socket *, struct mbuf *,
357 const struct sadb_msghdr *);
358 #ifdef IPSEC_NAT_T
359 static int key_nat_map(struct socket *, struct mbuf *,
360 const struct sadb_msghdr *);
361 #endif
362 static struct mbuf *key_setspddump(int *);
363 static u_int key_getspreqmsglen(struct secpolicy *);
364 static int key_spdexpire(struct secpolicy *);
365 static struct secashead *key_newsah(struct secasindex *);
366 static void key_delsah(struct secashead *);
367 static struct secasvar *key_newsav(struct mbuf *,
368 const struct sadb_msghdr *, struct secashead *, int *);
369 static struct secashead *key_getsah(struct secasindex *);
370 static struct secasvar *key_checkspidup(struct secasindex *, u_int32_t);
371 static void key_setspi(struct secasvar *, u_int32_t);
372 static struct secasvar *key_getsavbyspi(struct secashead *, u_int32_t);
373 static int key_setsaval(struct secasvar *, struct mbuf *,
374 const struct sadb_msghdr *);
375 static int key_mature(struct secasvar *);
376 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t,
377 u_int8_t, u_int32_t, u_int32_t);
378 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t,
379 u_int32_t, pid_t, u_int16_t);
380 static struct mbuf *key_setsadbsa(struct secasvar *);
381 static struct mbuf *key_setsadbaddr(u_int16_t,
382 struct sockaddr *, u_int8_t, u_int16_t);
383 #if 0
384 static struct mbuf *key_setsadbident(u_int16_t, u_int16_t, void *,
385 int, u_int64_t);
386 #endif
387 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int16_t);
388 #ifdef SADB_X_EXT_TAG
389 static struct mbuf *key_setsadbxtag(u_int16_t);
390 #endif
391 #ifdef IPSEC_NAT_T
392 static struct mbuf *key_setsadbxport(u_int16_t, u_int16_t);
393 static struct mbuf *key_setsadbxtype(u_int16_t);
394 #endif
395 static void key_porttosaddr(struct sockaddr *, u_int16_t);
396 #define KEY_PORTTOSADDR(saddr, port) \
397 key_porttosaddr((struct sockaddr *)(saddr), (port))
398 static int key_checksalen(const struct sockaddr *);
399 #define KEY_CHECKSALEN(saddr) key_checksalen((const struct sockaddr *)(saddr))
400 static struct mbuf *key_setsadblifetime(u_int16_t, u_int32_t,
401 u_int64_t, u_int64_t, u_int64_t);
402 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
403 u_int32_t);
404 static void *key_newbuf(const void *, u_int);
405 static int key_ismyaddr(struct sockaddr *);
406 #ifdef INET6
407 static int key_ismyaddr6(struct sockaddr_in6 *);
408 #endif
409 static int key_cmpsaidx_exactly
410 (struct secasindex *, struct secasindex *);
411 static int key_cmpsaidx_withmode
412 (struct secasindex *, struct secasindex *);
413 static int key_cmpsaidx_withoutmode
414 (struct secasindex *, struct secasindex *);
415 static int key_sockaddrcmp(struct sockaddr *, struct sockaddr *, int);
416 static int key_bbcmp(void *, void *, u_int);
417 static u_long key_random(void);
418 static u_int16_t key_satype2proto(u_int8_t);
419 static u_int8_t key_proto2satype(u_int16_t);
420
421 static int key_getspi(struct socket *, struct mbuf *,
422 const struct sadb_msghdr *);
423 static u_int32_t key_do_getnewspi(struct sadb_spirange *,
424 struct secasindex *);
425 static int key_update(struct socket *, struct mbuf *,
426 const struct sadb_msghdr *);
427 #ifdef IPSEC_DOSEQCHECK
428 static struct secasvar *key_getsavbyseq(struct secashead *, u_int32_t);
429 #endif
430 static int key_add(struct socket *, struct mbuf *,
431 const struct sadb_msghdr *);
432 static int key_setident(struct secashead *, struct mbuf *,
433 const struct sadb_msghdr *);
434 static struct mbuf *key_getmsgbuf_x1(struct mbuf *,
435 const struct sadb_msghdr *);
436 static int key_delete(struct socket *, struct mbuf *,
437 const struct sadb_msghdr *);
438 static int key_get(struct socket *, struct mbuf *,
439 const struct sadb_msghdr *);
440
441 static void key_getcomb_setlifetime(struct sadb_comb *);
442 #ifdef IPSEC_ESP
443 static struct mbuf *key_getcomb_esp(void);
444 #endif
445 static struct mbuf *key_getcomb_ah(void);
446 static struct mbuf *key_getcomb_ipcomp(void);
447 static struct mbuf *key_getprop(const struct secasindex *);
448
449 static int key_acquire(struct secasindex *, struct secpolicy *);
450 #ifndef IPSEC_NONBLOCK_ACQUIRE
451 static struct secacq *key_newacq(struct secasindex *);
452 static struct secacq *key_getacq(struct secasindex *);
453 static struct secacq *key_getacqbyseq(u_int32_t);
454 #endif
455 static struct secspacq *key_newspacq(struct secpolicyindex *);
456 static struct secspacq *key_getspacq(struct secpolicyindex *);
457 static int key_acquire2(struct socket *, struct mbuf *,
458 const struct sadb_msghdr *);
459 static int key_register(struct socket *, struct mbuf *,
460 const struct sadb_msghdr *);
461 static int key_expire(struct secasvar *);
462 static int key_flush(struct socket *, struct mbuf *,
463 const struct sadb_msghdr *);
464 static int key_dump(struct socket *, struct mbuf *,
465 const struct sadb_msghdr *);
466 static struct mbuf *key_setdump(u_int8_t, int *);
467 static int key_promisc(struct socket *, struct mbuf *,
468 const struct sadb_msghdr *);
469 static int key_senderror(struct socket *, struct mbuf *, int);
470 static int key_validate_ext(const struct sadb_ext *, int);
471 static int key_align(struct mbuf *, struct sadb_msghdr *);
472 #if 0
473 static const char *key_getfqdn(void);
474 static const char *key_getuserfqdn(void);
475 #endif
476 static void key_sa_chgstate(struct secasvar *, u_int8_t);
477 static void key_sp_dead(struct secpolicy *);
478 static void key_sp_unlink(struct secpolicy *);
479 static struct mbuf *key_alloc_mbuf(int);
480 struct callout key_timehandler_ch;
481
482 /* %%% IPsec policy management */
483 /*
484 * allocating a SP for OUTBOUND or INBOUND packet.
485 * Must call key_freesp() later.
486 * OUT: NULL: not found
487 * others: found and return the pointer.
488 */
489 struct secpolicy *
490 key_allocsp(u_int16_t tag, struct secpolicyindex *spidx, u_int dir)
491 {
492 struct secpolicy *sp;
493 int s;
494
495 /* check direction */
496 switch (dir) {
497 case IPSEC_DIR_INBOUND:
498 case IPSEC_DIR_OUTBOUND:
499 break;
500 default:
501 panic("key_allocsp: Invalid direction is passed.");
502 }
503
504 /* get a SP entry */
505 s = splsoftnet(); /*called from softclock()*/
506 if (spidx) {
507 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
508 printf("*** objects\n");
509 kdebug_secpolicyindex(spidx));
510 }
511
512 LIST_FOREACH(sp, &sptree[dir], chain) {
513 if (sp->state == IPSEC_SPSTATE_DEAD)
514 continue;
515 if (!sp->spidx) {
516 if (!tag)
517 continue;
518 if (sp->tag == tag)
519 goto found;
520 } else {
521 if (!spidx)
522 continue;
523
524 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
525 printf("*** in SPD\n");
526 kdebug_secpolicyindex(sp->spidx));
527
528 if (key_cmpspidx_withmask(sp->spidx, spidx))
529 goto found;
530 }
531 }
532
533 splx(s);
534 return NULL;
535
536 found:
537 /* sanity check */
538 KEY_CHKSPDIR(sp->dir, dir, "key_allocsp");
539
540 /* found a SPD entry */
541 sp->lastused = time_second;
542 sp->refcnt++;
543 splx(s);
544 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
545 printf("DP key_allocsp cause refcnt++:%d SP:%p\n",
546 sp->refcnt, sp));
547
548 return sp;
549 }
550
551 /*
552 * allocating an SA entry for an *OUTBOUND* packet.
553 * checking each request entries in SP, and acquire an SA if need.
554 * OUT: 0: there are valid requests.
555 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
556 */
557 int
558 key_checkrequest(struct ipsecrequest *isr, struct secasindex *saidx)
559 {
560 u_int level;
561 int error;
562
563 /* sanity check */
564 if (isr == NULL || saidx == NULL)
565 panic("key_checkrequest: NULL pointer is passed.");
566
567 /* check mode */
568 switch (saidx->mode) {
569 case IPSEC_MODE_TRANSPORT:
570 case IPSEC_MODE_TUNNEL:
571 break;
572 case IPSEC_MODE_ANY:
573 default:
574 panic("key_checkrequest: Invalid policy defined.");
575 }
576
577 /* get current level */
578 level = ipsec_get_reqlevel(isr, saidx->src.ss_family);
579
580 #if 0
581 /*
582 * We do allocate new SA only if the state of SA in the holder is
583 * SADB_SASTATE_DEAD. The SA for outbound must be the oldest.
584 */
585 if (isr->sav != NULL) {
586 if (isr->sav->sah == NULL)
587 panic("key_checkrequest: sah is null.");
588 if (isr->sav ==
589 LIST_FIRST(&isr->sav->sah->savtree[SADB_SASTATE_DEAD])) {
590 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
591 printf("DP checkrequest calls free SA:%p\n",
592 isr->sav));
593 key_freesav(isr->sav);
594 isr->sav = NULL;
595 }
596 }
597 #else
598 /*
599 * we free any SA stashed in the IPsec request because a different
600 * SA may be involved each time this request is checked, either
601 * because new SAs are being configured, or this request is
602 * associated with an unconnected datagram socket, or this request
603 * is associated with a system default policy.
604 *
605 * The operation may have negative impact to performance. We may
606 * want to check cached SA carefully, rather than picking new SA
607 * every time.
608 */
609 if (isr->sav != NULL) {
610 key_freesav(isr->sav);
611 isr->sav = NULL;
612 }
613 #endif
614
615 /*
616 * new SA allocation if no SA found.
617 * key_allocsa_policy should allocate the oldest SA available.
618 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
619 */
620 if (isr->sav == NULL)
621 isr->sav = key_allocsa_policy(saidx);
622
623 /* When there is SA. */
624 if (isr->sav != NULL)
625 return 0;
626
627 /* there is no SA */
628 if ((error = key_acquire(saidx, isr->sp)) != 0) {
629 /* XXX What should I do ? */
630 ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned "
631 "from key_acquire.\n", error));
632 return error;
633 }
634
635 return level == IPSEC_LEVEL_REQUIRE ? ENOENT : 0;
636 }
637
638 /*
639 * allocating a SA for policy entry from SAD.
640 * NOTE: searching SAD of aliving state.
641 * OUT: NULL: not found.
642 * others: found and return the pointer.
643 */
644 static struct secasvar *
645 key_allocsa_policy(struct secasindex *saidx)
646 {
647 struct secashead *sah;
648 struct secasvar *sav;
649 u_int stateidx, state;
650
651 LIST_FOREACH(sah, &sahtree, chain) {
652 if (sah->state == SADB_SASTATE_DEAD)
653 continue;
654 if (key_cmpsaidx_withmode(&sah->saidx, saidx))
655 goto found;
656 }
657
658 return NULL;
659
660 found:
661
662 /* search valid state */
663 for (stateidx = 0;
664 stateidx < _ARRAYLEN(saorder_state_valid);
665 stateidx++) {
666
667 state = saorder_state_valid[stateidx];
668
669 sav = key_do_allocsa_policy(sah, state);
670 if (sav != NULL)
671 return sav;
672 }
673
674 return NULL;
675 }
676
677 /*
678 * searching SAD with direction, protocol, mode and state.
679 * called by key_allocsa_policy().
680 * OUT:
681 * NULL : not found
682 * others : found, pointer to a SA.
683 */
684 static struct secasvar *
685 key_do_allocsa_policy(struct secashead *sah, u_int state)
686 {
687 struct secasvar *sav, *candidate;
688
689 /* initilize */
690 candidate = NULL;
691
692 LIST_FOREACH(sav, &sah->savtree[state], chain) {
693
694 /* sanity check */
695 KEY_CHKSASTATE(sav->state, state, "key_do_allocsa_policy");
696
697 /* initialize */
698 if (candidate == NULL) {
699 candidate = sav;
700 continue;
701 }
702
703 /* Which SA is the better ? */
704
705 /* sanity check 2 */
706 if (candidate->lft_c == NULL || sav->lft_c == NULL)
707 panic("key_do_allocsa_policy: "
708 "lifetime_current is NULL.");
709
710 /* XXX What the best method is to compare ? */
711 if (candidate->lft_c->sadb_lifetime_addtime >
712 sav->lft_c->sadb_lifetime_addtime) {
713 candidate = sav;
714 continue;
715 }
716 }
717
718 if (candidate) {
719 candidate->refcnt++;
720 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
721 printf("DP allocsa_policy cause "
722 "refcnt++:%d SA:%p\n",
723 candidate->refcnt, candidate));
724 }
725 return candidate;
726 }
727
728 /*
729 * allocating a SA entry for a *INBOUND* packet.
730 * Must call key_freesav() later.
731 * OUT: positive: pointer to a sav.
732 * NULL: not found, or error occurred.
733 *
734 * In the comparison, source address will be ignored for RFC2401 conformance.
735 * To quote, from section 4.1:
736 * A security association is uniquely identified by a triple consisting
737 * of a Security Parameter Index (SPI), an IP Destination Address, and a
738 * security protocol (AH or ESP) identifier.
739 * Note that, however, we do need to keep source address in IPsec SA.
740 * IKE specification and PF_KEY specification do assume that we
741 * keep source address in IPsec SA. We see a tricky situation here.
742 *
743 * sport and dport are used for NAT-T. network order is always used.
744 */
745 struct secasvar *
746 key_allocsa(
747 u_int family,
748 const void *src,
749 const void *dst,
750 u_int proto,
751 u_int32_t spi,
752 u_int16_t sport,
753 u_int16_t dport
754 )
755 {
756 struct secasvar *sav, *match;
757 u_int stateidx, state, tmpidx, matchidx;
758 struct sockaddr_in sin;
759 #ifdef INET6
760 struct sockaddr_in6 sin6;
761 #endif
762 int s;
763 int chkport = 0;
764
765 #ifdef IPSEC_NAT_T
766 if ((sport != 0) && (dport != 0))
767 chkport = 1;
768 #endif
769 /* sanity check */
770 if (src == NULL || dst == NULL)
771 panic("key_allocsa: NULL pointer is passed.");
772
773 /*
774 * searching SAD.
775 * XXX: to be checked internal IP header somewhere. Also when
776 * IPsec tunnel packet is received. But ESP tunnel mode is
777 * encrypted so we can't check internal IP header.
778 */
779 s = splsoftnet(); /*called from softclock()*/
780 /* search valid state */
781 match = NULL;
782 matchidx = _ARRAYLEN(saorder_state_valid);
783 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
784 if (sav->spi != spi)
785 continue;
786 if (proto != sav->sah->saidx.proto)
787 continue;
788 if (family != sav->sah->saidx.src.ss_family ||
789 family != sav->sah->saidx.dst.ss_family)
790 continue;
791 tmpidx = _ARRAYLEN(saorder_state_valid);
792 for (stateidx = 0; stateidx < matchidx; stateidx++) {
793 state = saorder_state_valid[stateidx];
794 if (sav->state == state) {
795 tmpidx = stateidx;
796 break;
797 }
798 }
799 if (tmpidx >= matchidx)
800 continue;
801
802 #if 0 /* src address check ignored for RFC 2401 conformance */
803 /* check src address */
804 switch (family) {
805 case AF_INET:
806 memset(&sin, 0, sizeof(sin));
807 sin.sin_family = AF_INET;
808 sin.sin_len = sizeof(sin);
809 memcpy(&sin.sin_addr, src,
810 sizeof(sin.sin_addr));
811 #ifdef IPSEC_NAT_T
812 sin.sin_port = sport;
813 #endif
814 if (key_sockaddrcmp((struct sockaddr*)&sin,
815 (struct sockaddr *)&sav->sah->saidx.src,
816 chkport) != 0)
817 continue;
818
819 break;
820 #ifdef INET6
821 case AF_INET6:
822 memset(&sin6, 0, sizeof(sin6));
823 sin6.sin6_family = AF_INET6;
824 sin6.sin6_len = sizeof(sin6);
825 memcpy(&sin6.sin6_addr, src,
826 sizeof(sin6.sin6_addr));
827 #ifdef IPSEC_NAT_T
828 sin6.sin6_port = sport;
829 #endif
830 if (sa6_recoverscope(&sin6))
831 continue;
832 if (key_sockaddrcmp((struct sockaddr*)&sin6,
833 (struct sockaddr *)&sav->sah->saidx.src,
834 chkport) != 0)
835 continue;
836 break;
837 #endif
838 default:
839 ipseclog((LOG_DEBUG, "key_allocsa: "
840 "unknown address family=%d.\n",
841 family));
842 continue;
843 }
844
845 #endif
846 /* check dst address */
847 switch (family) {
848 case AF_INET:
849 memset(&sin, 0, sizeof(sin));
850 sin.sin_family = AF_INET;
851 sin.sin_len = sizeof(sin);
852 memcpy(&sin.sin_addr, dst,
853 sizeof(sin.sin_addr));
854 #ifdef IPSEC_NAT_T
855 sin.sin_port = dport;
856 #endif
857 if (key_sockaddrcmp((struct sockaddr*)&sin,
858 (struct sockaddr *)&sav->sah->saidx.dst,
859 chkport) != 0)
860 continue;
861
862 break;
863 #ifdef INET6
864 case AF_INET6:
865 memset(&sin6, 0, sizeof(sin6));
866 sin6.sin6_family = AF_INET6;
867 sin6.sin6_len = sizeof(sin6);
868 memcpy(&sin6.sin6_addr, dst,
869 sizeof(sin6.sin6_addr));
870 #ifdef IPSEC_NAT_T
871 sin6.sin6_port = dport;
872 #endif
873 if (sa6_recoverscope(&sin6))
874 continue;
875 if (key_sockaddrcmp((struct sockaddr*)&sin6,
876 (struct sockaddr *)&sav->sah->saidx.dst,
877 chkport) != 0)
878 continue;
879 break;
880 #endif
881 default:
882 ipseclog((LOG_DEBUG, "key_allocsa: "
883 "unknown address family=%d.\n", family));
884 continue;
885 }
886
887 match = sav;
888 matchidx = tmpidx;
889 }
890
891 if (match)
892 goto found;
893
894 /* not found */
895 splx(s);
896 return NULL;
897
898 found:
899 match->refcnt++;
900 splx(s);
901 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
902 printf("DP allocsa cause refcnt++:%d SA:%p\n",
903 match->refcnt, match));
904 return match;
905 }
906
907 /*
908 * Must be called after calling key_allocsp().
909 * For both the packet without socket and key_freeso().
910 */
911 void
912 key_freesp(struct secpolicy *sp)
913 {
914 /* sanity check */
915 if (sp == NULL)
916 panic("key_freesp: NULL pointer is passed.");
917
918 sp->refcnt--;
919 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
920 printf("DP freesp cause refcnt--:%d SP:%p\n",
921 sp->refcnt, sp));
922
923 if (sp->refcnt == 0)
924 key_delsp(sp);
925
926 return;
927 }
928
929 /*
930 * Must be called after calling key_allocsa().
931 * This function is called by key_freesp() to free some SA allocated
932 * for a policy.
933 */
934 void
935 key_freesav(struct secasvar *sav)
936 {
937 /* sanity check */
938 if (sav == NULL)
939 panic("key_freesav: NULL pointer is passed.");
940
941 sav->refcnt--;
942 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
943 printf("DP freesav cause refcnt--:%d SA:%p SPI %u\n",
944 sav->refcnt, sav, (u_int32_t)ntohl(sav->spi)));
945
946 if (sav->refcnt > 0)
947 return;
948
949 key_delsav(sav);
950 }
951
952 static void
953 key_delsav(struct secasvar *sav)
954 {
955 int s;
956
957 /* sanity check */
958 if (sav == NULL)
959 panic("key_delsav: NULL pointer is passed.");
960
961 if (sav->refcnt > 0)
962 panic("key_delsav: called with positive refcnt");
963
964 s = splsoftnet();
965
966 #ifdef KERNFS
967 kernfs_revoke_sa(sav);
968 #endif
969
970 if (__LIST_CHAINED(sav))
971 LIST_REMOVE(sav, chain);
972
973 if (sav->spihash.le_prev || sav->spihash.le_next)
974 LIST_REMOVE(sav, spihash);
975
976 if (sav->key_auth != NULL) {
977 memset(_KEYBUF(sav->key_auth), 0, _KEYLEN(sav->key_auth));
978 KFREE(sav->key_auth);
979 sav->key_auth = NULL;
980 }
981 if (sav->key_enc != NULL) {
982 memset(_KEYBUF(sav->key_enc), 0, _KEYLEN(sav->key_enc));
983 KFREE(sav->key_enc);
984 sav->key_enc = NULL;
985 }
986 if (sav->sched) {
987 memset(sav->sched, 0, sav->schedlen);
988 KFREE(sav->sched);
989 sav->sched = NULL;
990 }
991 if (sav->replay != NULL) {
992 keydb_delsecreplay(sav->replay);
993 sav->replay = NULL;
994 }
995 if (sav->lft_c != NULL) {
996 KFREE(sav->lft_c);
997 sav->lft_c = NULL;
998 }
999 if (sav->lft_h != NULL) {
1000 KFREE(sav->lft_h);
1001 sav->lft_h = NULL;
1002 }
1003 if (sav->lft_s != NULL) {
1004 KFREE(sav->lft_s);
1005 sav->lft_s = NULL;
1006 }
1007 if (sav->iv != NULL) {
1008 KFREE(sav->iv);
1009 sav->iv = NULL;
1010 }
1011
1012 keydb_delsecasvar(sav);
1013
1014 splx(s);
1015 }
1016
1017 /* %%% SPD management */
1018 /*
1019 * free security policy entry.
1020 */
1021 static void
1022 key_delsp(struct secpolicy *sp)
1023 {
1024 int s;
1025
1026 /* sanity check */
1027 if (sp == NULL)
1028 panic("key_delsp: NULL pointer is passed.");
1029
1030 if (sp->refcnt > 0)
1031 panic("key_delsp: called with positive refcnt");
1032
1033 s = splsoftnet(); /*called from softclock()*/
1034
1035 #ifdef KERNFS
1036 kernfs_revoke_sp(sp);
1037 #endif
1038
1039 {
1040 struct ipsecrequest *isr = sp->req, *nextisr;
1041
1042 while (isr != NULL) {
1043 if (isr->sav != NULL) {
1044 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1045 printf("DP delsp calls free SA:%p\n",
1046 isr->sav));
1047 key_freesav(isr->sav);
1048 isr->sav = NULL;
1049 }
1050
1051 nextisr = isr->next;
1052 KFREE(isr);
1053 isr = nextisr;
1054 }
1055 }
1056
1057 keydb_delsecpolicy(sp);
1058
1059 splx(s);
1060
1061 return;
1062 }
1063
1064 /*
1065 * search SPD
1066 * OUT: NULL : not found
1067 * others : found, pointer to a SP.
1068 */
1069 static struct secpolicy *
1070 key_getsp(struct secpolicyindex *spidx, int dir)
1071 {
1072 struct secpolicy *sp;
1073
1074 /* sanity check */
1075 if (spidx == NULL)
1076 panic("key_getsp: NULL pointer is passed.");
1077
1078 LIST_FOREACH(sp, &sptree[dir], chain) {
1079 if (sp->state == IPSEC_SPSTATE_DEAD)
1080 continue;
1081 if (!sp->spidx)
1082 continue;
1083 if (key_cmpspidx_exactly(spidx, sp->spidx)) {
1084 sp->refcnt++;
1085 return sp;
1086 }
1087 }
1088
1089 return NULL;
1090 }
1091
1092 #ifdef SADB_X_EXT_TAG
1093 static struct secpolicy *
1094 key_getspbytag(u_int16_t tag, int dir)
1095 {
1096 struct secpolicy *sp;
1097
1098 LIST_FOREACH(sp, &sptree[dir], chain) {
1099 if (sp->state == IPSEC_SPSTATE_DEAD)
1100 continue;
1101 if (sp->spidx)
1102 continue;
1103 if (sp->tag == tag) {
1104 sp->refcnt++;
1105 return sp;
1106 }
1107 }
1108
1109 return NULL;
1110 }
1111 #endif
1112
1113 /*
1114 * get SP by index.
1115 * OUT: NULL : not found
1116 * others : found, pointer to a SP.
1117 */
1118 struct secpolicy *
1119 key_getspbyid(u_int32_t id)
1120 {
1121 struct secpolicy *sp;
1122
1123 TAILQ_FOREACH(sp, &sptailq, tailq) {
1124 if (sp->id == id) {
1125 sp->refcnt++;
1126 return sp;
1127 }
1128 }
1129
1130 return NULL;
1131 }
1132
1133 struct secpolicy *
1134 key_newsp(u_int32_t id)
1135 {
1136 struct secpolicy *newsp = NULL, *sp;
1137 u_int32_t newid;
1138
1139 if (id > IPSEC_MANUAL_POLICYID_MAX) {
1140 ipseclog((LOG_DEBUG,
1141 "key_newsp: policy_id=%u range "
1142 "violation, updated by kernel.\n", id));
1143 id = 0;
1144 }
1145
1146 if (id == 0) {
1147 if ((newid = keydb_newspid()) == 0) {
1148 ipseclog((LOG_DEBUG,
1149 "key_newsp: new policy_id allocation failed."));
1150 return NULL;
1151 }
1152 } else {
1153 sp = key_getspbyid(id);
1154 if (sp != NULL) {
1155 ipseclog((LOG_DEBUG,
1156 "key_newsp: policy_id(%u) has been used.\n", id));
1157 key_freesp(sp);
1158 return NULL;
1159 }
1160 newid = id;
1161 }
1162
1163 newsp = keydb_newsecpolicy();
1164 if (!newsp)
1165 return newsp;
1166
1167 newsp->id = newid;
1168 newsp->refcnt = 1;
1169 newsp->req = NULL;
1170
1171 return newsp;
1172 }
1173
1174 /*
1175 * create secpolicy structure from sadb_x_policy structure.
1176 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1177 * so must be set properly later.
1178 */
1179 struct secpolicy *
1180 key_msg2sp(struct sadb_x_policy *xpl0, size_t len, int *error)
1181 {
1182 struct secpolicy *newsp;
1183
1184 /* sanity check */
1185 if (xpl0 == NULL)
1186 panic("key_msg2sp: NULL pointer was passed.");
1187 if (len < sizeof(*xpl0))
1188 panic("key_msg2sp: invalid length.");
1189 if (len != PFKEY_EXTLEN(xpl0)) {
1190 ipseclog((LOG_DEBUG, "key_msg2sp: Invalid msg length.\n"));
1191 *error = EINVAL;
1192 return NULL;
1193 }
1194
1195 if ((newsp = key_newsp(xpl0->sadb_x_policy_id)) == NULL) {
1196 *error = ENOBUFS;
1197 return NULL;
1198 }
1199
1200 newsp->dir = xpl0->sadb_x_policy_dir;
1201 newsp->policy = xpl0->sadb_x_policy_type;
1202
1203 /* check policy */
1204 switch (xpl0->sadb_x_policy_type) {
1205 case IPSEC_POLICY_DISCARD:
1206 case IPSEC_POLICY_NONE:
1207 case IPSEC_POLICY_ENTRUST:
1208 case IPSEC_POLICY_BYPASS:
1209 newsp->req = NULL;
1210 break;
1211
1212 case IPSEC_POLICY_IPSEC:
1213 {
1214 int tlen;
1215 struct sadb_x_ipsecrequest *xisr;
1216 struct ipsecrequest **p_isr = &newsp->req;
1217
1218 /* validity check */
1219 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
1220 ipseclog((LOG_DEBUG,
1221 "key_msg2sp: Invalid msg length.\n"));
1222 key_freesp(newsp);
1223 *error = EINVAL;
1224 return NULL;
1225 }
1226
1227 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
1228 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
1229
1230 while (tlen > 0) {
1231
1232 /* length check */
1233 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
1234 ipseclog((LOG_DEBUG, "key_msg2sp: "
1235 "invalid ipsecrequest length.\n"));
1236 key_freesp(newsp);
1237 *error = EINVAL;
1238 return NULL;
1239 }
1240
1241 /* allocate request buffer */
1242 KMALLOC(*p_isr, struct ipsecrequest *, sizeof(**p_isr));
1243 if ((*p_isr) == NULL) {
1244 ipseclog((LOG_DEBUG,
1245 "key_msg2sp: No more memory.\n"));
1246 key_freesp(newsp);
1247 *error = ENOBUFS;
1248 return NULL;
1249 }
1250 memset(*p_isr, 0, sizeof(**p_isr));
1251
1252 /* set values */
1253 (*p_isr)->next = NULL;
1254
1255 switch (xisr->sadb_x_ipsecrequest_proto) {
1256 case IPPROTO_ESP:
1257 case IPPROTO_AH:
1258 case IPPROTO_IPCOMP:
1259 case IPPROTO_IPV4:
1260 case IPPROTO_IPV6:
1261 break;
1262 default:
1263 ipseclog((LOG_DEBUG,
1264 "key_msg2sp: invalid proto type=%u\n",
1265 xisr->sadb_x_ipsecrequest_proto));
1266 key_freesp(newsp);
1267 *error = EPROTONOSUPPORT;
1268 return NULL;
1269 }
1270 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
1271
1272 switch (xisr->sadb_x_ipsecrequest_mode) {
1273 case IPSEC_MODE_TRANSPORT:
1274 case IPSEC_MODE_TUNNEL:
1275 break;
1276 case IPSEC_MODE_ANY:
1277 default:
1278 ipseclog((LOG_DEBUG,
1279 "key_msg2sp: invalid mode=%u\n",
1280 xisr->sadb_x_ipsecrequest_mode));
1281 key_freesp(newsp);
1282 *error = EINVAL;
1283 return NULL;
1284 }
1285 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
1286
1287 switch (xisr->sadb_x_ipsecrequest_level) {
1288 case IPSEC_LEVEL_DEFAULT:
1289 case IPSEC_LEVEL_USE:
1290 case IPSEC_LEVEL_REQUIRE:
1291 break;
1292 case IPSEC_LEVEL_UNIQUE:
1293 /* validity check */
1294 /*
1295 * If range violation of reqid, kernel will
1296 * update it, don't refuse it.
1297 */
1298 if (xisr->sadb_x_ipsecrequest_reqid
1299 > IPSEC_MANUAL_REQID_MAX) {
1300 ipseclog((LOG_DEBUG,
1301 "key_msg2sp: reqid=%u range "
1302 "violation, updated by kernel.\n",
1303 xisr->sadb_x_ipsecrequest_reqid));
1304 xisr->sadb_x_ipsecrequest_reqid = 0;
1305 }
1306
1307 /* allocate new reqid id if reqid is zero. */
1308 if (xisr->sadb_x_ipsecrequest_reqid == 0) {
1309 u_int16_t reqid;
1310 if ((reqid = key_newreqid()) == 0) {
1311 key_freesp(newsp);
1312 *error = ENOBUFS;
1313 return NULL;
1314 }
1315 (*p_isr)->saidx.reqid = reqid;
1316 xisr->sadb_x_ipsecrequest_reqid = reqid;
1317 } else {
1318 /* set it for manual keying. */
1319 (*p_isr)->saidx.reqid =
1320 xisr->sadb_x_ipsecrequest_reqid;
1321 }
1322 break;
1323
1324 default:
1325 ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n",
1326 xisr->sadb_x_ipsecrequest_level));
1327 key_freesp(newsp);
1328 *error = EINVAL;
1329 return NULL;
1330 }
1331 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
1332
1333 /* set IP addresses if there */
1334 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
1335 struct sockaddr *paddr;
1336
1337 paddr = (struct sockaddr *)(xisr + 1);
1338
1339 /* validity check */
1340 if (paddr->sa_len
1341 > sizeof((*p_isr)->saidx.src)) {
1342 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1343 "address length.\n"));
1344 key_freesp(newsp);
1345 *error = EINVAL;
1346 return NULL;
1347 }
1348 memcpy(&(*p_isr)->saidx.src, paddr,
1349 paddr->sa_len);
1350
1351 paddr = (struct sockaddr *)((char *)paddr
1352 + paddr->sa_len);
1353
1354 /* validity check */
1355 if (paddr->sa_len
1356 > sizeof((*p_isr)->saidx.dst)) {
1357 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1358 "address length.\n"));
1359 key_freesp(newsp);
1360 *error = EINVAL;
1361 return NULL;
1362 }
1363 memcpy(&(*p_isr)->saidx.dst, paddr,
1364 paddr->sa_len);
1365 }
1366
1367 (*p_isr)->sav = NULL;
1368 (*p_isr)->sp = newsp;
1369
1370 /* initialization for the next. */
1371 p_isr = &(*p_isr)->next;
1372 tlen -= xisr->sadb_x_ipsecrequest_len;
1373
1374 /* validity check */
1375 if (tlen < 0) {
1376 ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n"));
1377 key_freesp(newsp);
1378 *error = EINVAL;
1379 return NULL;
1380 }
1381
1382 xisr = (struct sadb_x_ipsecrequest *)((char *)xisr
1383 + xisr->sadb_x_ipsecrequest_len);
1384 }
1385 }
1386 break;
1387 default:
1388 ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n"));
1389 key_freesp(newsp);
1390 *error = EINVAL;
1391 return NULL;
1392 }
1393
1394 *error = 0;
1395 return newsp;
1396 }
1397
1398 static u_int16_t
1399 key_newreqid(void)
1400 {
1401 static u_int16_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
1402
1403 auto_reqid = (auto_reqid == 0xffff
1404 ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
1405
1406 /* XXX should be unique check */
1407
1408 return auto_reqid;
1409 }
1410
1411 /*
1412 * copy secpolicy struct to sadb_x_policy structure indicated.
1413 */
1414 struct mbuf *
1415 key_sp2msg(struct secpolicy *sp)
1416 {
1417 struct sadb_x_policy *xpl;
1418 int tlen;
1419 char *p;
1420 struct mbuf *m;
1421
1422 /* sanity check. */
1423 if (sp == NULL)
1424 panic("key_sp2msg: NULL pointer was passed.");
1425
1426 tlen = key_getspreqmsglen(sp);
1427
1428 m = key_alloc_mbuf(tlen);
1429 if (!m || m->m_next) { /*XXX*/
1430 if (m)
1431 m_freem(m);
1432 return NULL;
1433 }
1434
1435 m->m_len = tlen;
1436 m->m_next = NULL;
1437 xpl = mtod(m, struct sadb_x_policy *);
1438 memset(xpl, 0, tlen);
1439
1440 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
1441 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
1442 xpl->sadb_x_policy_type = sp->policy;
1443 xpl->sadb_x_policy_dir = sp->dir;
1444 xpl->sadb_x_policy_id = sp->id;
1445 p = (char *)xpl + sizeof(*xpl);
1446
1447 /* if is the policy for ipsec ? */
1448 if (sp->policy == IPSEC_POLICY_IPSEC) {
1449 struct sadb_x_ipsecrequest *xisr;
1450 struct ipsecrequest *isr;
1451
1452 for (isr = sp->req; isr != NULL; isr = isr->next) {
1453
1454 xisr = (struct sadb_x_ipsecrequest *)p;
1455
1456 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
1457 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
1458 xisr->sadb_x_ipsecrequest_level = isr->level;
1459 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
1460
1461 p += sizeof(*xisr);
1462 memcpy(p, &isr->saidx.src, isr->saidx.src.ss_len);
1463 p += isr->saidx.src.ss_len;
1464 memcpy(p, &isr->saidx.dst, isr->saidx.dst.ss_len);
1465 p += isr->saidx.src.ss_len;
1466
1467 xisr->sadb_x_ipsecrequest_len =
1468 PFKEY_ALIGN8(sizeof(*xisr)
1469 + isr->saidx.src.ss_len
1470 + isr->saidx.dst.ss_len);
1471 }
1472 }
1473
1474 return m;
1475 }
1476
1477 /* m will not be freed nor modified */
1478 static struct mbuf *
1479 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
1480 int ndeep, int nitem, ...)
1481 {
1482 va_list ap;
1483 int idx;
1484 int i;
1485 struct mbuf *result = NULL, *n;
1486 int len;
1487
1488 if (m == NULL || mhp == NULL)
1489 panic("null pointer passed to key_gather");
1490
1491 va_start(ap, nitem);
1492 for (i = 0; i < nitem; i++) {
1493 idx = va_arg(ap, int);
1494 if (idx < 0 || idx > SADB_EXT_MAX)
1495 goto fail;
1496 /* don't attempt to pull empty extension */
1497 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
1498 continue;
1499 if (idx != SADB_EXT_RESERVED &&
1500 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
1501 continue;
1502
1503 if (idx == SADB_EXT_RESERVED) {
1504 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
1505 #ifdef DIAGNOSTIC
1506 if (len > MHLEN)
1507 panic("assumption failed");
1508 #endif
1509 MGETHDR(n, M_DONTWAIT, MT_DATA);
1510 if (!n)
1511 goto fail;
1512 n->m_len = len;
1513 n->m_next = NULL;
1514 m_copydata(m, 0, sizeof(struct sadb_msg),
1515 mtod(n, void *));
1516 } else if (i < ndeep) {
1517 len = mhp->extlen[idx];
1518 n = key_alloc_mbuf(len);
1519 if (!n || n->m_next) { /*XXX*/
1520 if (n)
1521 m_freem(n);
1522 goto fail;
1523 }
1524 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
1525 mtod(n, void *));
1526 } else {
1527 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
1528 M_DONTWAIT);
1529 }
1530 if (n == NULL)
1531 goto fail;
1532
1533 if (result)
1534 m_cat(result, n);
1535 else
1536 result = n;
1537 }
1538 va_end(ap);
1539
1540 if ((result->m_flags & M_PKTHDR) != 0) {
1541 result->m_pkthdr.len = 0;
1542 for (n = result; n; n = n->m_next)
1543 result->m_pkthdr.len += n->m_len;
1544 }
1545
1546 return result;
1547
1548 fail:
1549 va_end(ap);
1550 m_freem(result);
1551 return NULL;
1552 }
1553
1554 /*
1555 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
1556 * add an entry to SP database, when received
1557 * <base, address(SD), (lifetime(H),) policy>
1558 * from the user(?).
1559 * Adding to SP database,
1560 * and send
1561 * <base, address(SD), (lifetime(H),) policy>
1562 * to the socket which was send.
1563 *
1564 * SPDADD set a unique policy entry.
1565 * SPDSETIDX like SPDADD without a part of policy requests.
1566 * SPDUPDATE replace a unique policy entry.
1567 *
1568 * m will always be freed.
1569 */
1570 static int
1571 key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
1572 {
1573 struct sadb_address *src0 = NULL, *dst0 = NULL;
1574 struct sadb_x_policy *xpl0, *xpl;
1575 struct sadb_lifetime *lft = NULL;
1576 #ifdef SADB_X_EXT_TAG
1577 struct sadb_x_tag *tag = NULL;
1578 #endif
1579 struct secpolicyindex spidx;
1580 struct secpolicy *newsp;
1581 struct ipsecrequest *isr;
1582 int error;
1583 #ifdef SADB_X_EXT_TAG
1584 u_int16_t tagvalue = 0;
1585 #endif
1586 int spidxmode;
1587
1588 /* sanity check */
1589 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
1590 panic("key_spdadd: NULL pointer is passed.");
1591
1592 #ifdef SADB_X_EXT_TAG
1593 if ((mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL &&
1594 mhp->ext[SADB_EXT_ADDRESS_DST] != NULL) ||
1595 mhp->ext[SADB_X_EXT_TAG] != NULL)
1596 #else
1597 if (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL &&
1598 mhp->ext[SADB_EXT_ADDRESS_DST] != NULL)
1599 #endif
1600 {
1601 ;
1602 } else {
1603 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1604 return key_senderror(so, m, EINVAL);
1605 }
1606 #ifdef SADB_X_EXT_TAG
1607 if (mhp->ext[SADB_X_EXT_TAG] != NULL) {
1608 ipseclog((LOG_DEBUG, "key_spdadd: tag not supported.\n"));
1609 return key_senderror(so, m, EOPNOTSUPP);
1610 }
1611 #endif
1612 if (mhp->ext[SADB_X_EXT_POLICY] == NULL) {
1613 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1614 return key_senderror(so, m, EINVAL);
1615 }
1616 if ((mhp->extlen[SADB_EXT_ADDRESS_SRC] &&
1617 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address)) ||
1618 (mhp->extlen[SADB_EXT_ADDRESS_DST] &&
1619 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) ||
1620 #ifdef SADB_X_EXT_TAG
1621 (mhp->extlen[SADB_X_EXT_TAG] &&
1622 mhp->extlen[SADB_X_EXT_TAG] < sizeof(struct sadb_x_tag)) ||
1623 #endif
1624 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
1625 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1626 return key_senderror(so, m, EINVAL);
1627 }
1628 if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
1629 if (mhp->extlen[SADB_EXT_LIFETIME_HARD]
1630 < sizeof(struct sadb_lifetime)) {
1631 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1632 return key_senderror(so, m, EINVAL);
1633 }
1634 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
1635 }
1636
1637 /* spidx mode, or tag mode */
1638 spidxmode = (mhp->ext[SADB_EXT_ADDRESS_SRC] != NULL);
1639 #ifndef SADB_X_EXT_TAG
1640 if (!spidxmode)
1641 return key_senderror(so, m, EINVAL);
1642 #endif
1643
1644 if (spidxmode) {
1645 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
1646 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
1647 /* make secindex */
1648 /* XXX boundary check against sa_len */
1649 KEY_SETSECSPIDX(src0 + 1, dst0 + 1,
1650 src0->sadb_address_prefixlen, dst0->sadb_address_prefixlen,
1651 src0->sadb_address_proto, &spidx);
1652 }
1653 #ifdef SADB_X_EXT_TAG
1654 else
1655 tag = (struct sadb_x_tag *)mhp->ext[SADB_X_EXT_TAG];
1656 #endif
1657 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
1658
1659 /* checking the direciton. */
1660 switch (xpl0->sadb_x_policy_dir) {
1661 case IPSEC_DIR_INBOUND:
1662 case IPSEC_DIR_OUTBOUND:
1663 break;
1664 default:
1665 ipseclog((LOG_DEBUG, "key_spdadd: Invalid SP direction.\n"));
1666 mhp->msg->sadb_msg_errno = EINVAL;
1667 return 0;
1668 }
1669
1670 /* check policy */
1671 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
1672 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST ||
1673 xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
1674 ipseclog((LOG_DEBUG, "key_spdadd: Invalid policy type.\n"));
1675 return key_senderror(so, m, EINVAL);
1676 }
1677
1678 /* policy requests are mandatory when action is ipsec. */
1679 if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX &&
1680 xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC &&
1681 mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
1682 ipseclog((LOG_DEBUG, "key_spdadd: some policy requests part required.\n"));
1683 return key_senderror(so, m, EINVAL);
1684 }
1685
1686 /*
1687 * checking there is SP already or not.
1688 * SPDUPDATE doesn't depend on whether there is a SP or not.
1689 * If the type is either SPDADD or SPDSETIDX AND a SP is found,
1690 * then error.
1691 */
1692 if (xpl0->sadb_x_policy_id != 0)
1693 newsp = key_getspbyid(xpl0->sadb_x_policy_id);
1694 else if (spidxmode)
1695 newsp = key_getsp(&spidx, xpl0->sadb_x_policy_dir);
1696 #ifdef SADB_X_EXT_TAG
1697 else {
1698 tagvalue = m_nametag_tagname2tag(tag->sadb_x_tag_name);
1699 /* tag refcnt++ */
1700 newsp = key_getspbytag(tagvalue, xpl0->sadb_x_policy_dir);
1701 }
1702 #else
1703 else
1704 newsp = NULL;
1705 #endif
1706
1707 if (newsp && (newsp->readonly || newsp->persist)) {
1708 ipseclog((LOG_DEBUG,
1709 "key_spdadd: tried to alter readonly/persistent SP.\n"));
1710 return key_senderror(so, m, EPERM);
1711 }
1712
1713 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
1714 if (newsp) {
1715 key_sp_dead(newsp);
1716 key_freesp(newsp); /* ref gained by key_getsp */
1717 key_sp_unlink(newsp);
1718 newsp = NULL;
1719 }
1720 } else {
1721 if (newsp != NULL) {
1722 key_freesp(newsp);
1723 ipseclog((LOG_DEBUG, "key_spdadd: a SP entry exists already.\n"));
1724 #ifdef SADB_X_EXT_TAG
1725 if (!mhp->ext[SADB_EXT_ADDRESS_SRC])
1726 m_nametag_unref(tagvalue);
1727 #endif
1728 return key_senderror(so, m, EEXIST);
1729 }
1730 }
1731
1732 /* allocation new SP entry */
1733 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
1734 #ifdef SADB_X_EXT_TAG
1735 if (!spidxmode)
1736 m_nametag_unref(tagvalue);
1737 #endif
1738 return key_senderror(so, m, error);
1739 }
1740
1741 if (spidxmode) {
1742 error = keydb_setsecpolicyindex(newsp, &spidx);
1743 if (error) {
1744 keydb_delsecpolicy(newsp);
1745 return key_senderror(so, m, error);
1746 }
1747
1748 /* sanity check on addr pair */
1749 if (((struct sockaddr *)(src0 + 1))->sa_family !=
1750 ((struct sockaddr *)(dst0 + 1))->sa_family) {
1751 keydb_delsecpolicy(newsp);
1752 return key_senderror(so, m, EINVAL);
1753 }
1754 if (((struct sockaddr *)(src0 + 1))->sa_len !=
1755 ((struct sockaddr *)(dst0 + 1))->sa_len) {
1756 keydb_delsecpolicy(newsp);
1757 return key_senderror(so, m, EINVAL);
1758 }
1759 }
1760 #ifdef SADB_X_EXT_TAG
1761 else {
1762 newsp->tag = tagvalue;
1763 }
1764 #endif
1765
1766 for (isr = newsp->req; isr; isr = isr->next) {
1767 #ifndef IPSEC_NAT_T
1768 struct sockaddr *sa;
1769
1770 /*
1771 * port spec is not permitted for tunnel mode
1772 */
1773 if (isr->saidx.mode == IPSEC_MODE_TUNNEL && src0 && dst0) {
1774 sa = (struct sockaddr *)(src0 + 1);
1775 switch (sa->sa_family) {
1776 case AF_INET:
1777 if (((struct sockaddr_in *)sa)->sin_port) {
1778 keydb_delsecpolicy(newsp);
1779 return key_senderror(so, m, EINVAL);
1780 }
1781 break;
1782 case AF_INET6:
1783 if (((struct sockaddr_in6 *)sa)->sin6_port) {
1784 keydb_delsecpolicy(newsp);
1785 return key_senderror(so, m, EINVAL);
1786 }
1787 break;
1788 default:
1789 break;
1790 }
1791 sa = (struct sockaddr *)(dst0 + 1);
1792 switch (sa->sa_family) {
1793 case AF_INET:
1794 if (((struct sockaddr_in *)sa)->sin_port) {
1795 keydb_delsecpolicy(newsp);
1796 return key_senderror(so, m, EINVAL);
1797 }
1798 break;
1799 case AF_INET6:
1800 if (((struct sockaddr_in6 *)sa)->sin6_port) {
1801 keydb_delsecpolicy(newsp);
1802 return key_senderror(so, m, EINVAL);
1803 }
1804 break;
1805 default:
1806 break;
1807 }
1808 }
1809 #endif /* !IPSEC_NAT_T */
1810 }
1811
1812 /*
1813 * bark if we have different address family on tunnel address
1814 * specification. applies only if we decapsulate in RFC2401
1815 * IPsec (implementation limitation).
1816 */
1817 for (isr = newsp->req; isr; isr = isr->next) {
1818 struct sockaddr *sa;
1819
1820 if (isr->saidx.src.ss_family && src0) {
1821 sa = (struct sockaddr *)(src0 + 1);
1822 if (sa->sa_family != isr->saidx.src.ss_family) {
1823 keydb_delsecpolicy(newsp);
1824 return key_senderror(so, m, EINVAL);
1825 }
1826 }
1827 if (isr->saidx.dst.ss_family && dst0) {
1828 sa = (struct sockaddr *)(dst0 + 1);
1829 if (sa->sa_family != isr->saidx.dst.ss_family) {
1830 keydb_delsecpolicy(newsp);
1831 return key_senderror(so, m, EINVAL);
1832 }
1833 }
1834 }
1835
1836 newsp->created = time_second;
1837 newsp->lastused = time_second;
1838 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
1839 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
1840
1841 newsp->refcnt = 1; /* do not reclaim until I say I do */
1842 newsp->state = IPSEC_SPSTATE_ALIVE;
1843 LIST_INSERT_TAIL(&sptree[newsp->dir], newsp, secpolicy, chain);
1844
1845 /* delete the entry in spacqtree */
1846 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE &&
1847 mhp->ext[SADB_EXT_ADDRESS_SRC]) {
1848 struct secspacq *spacq;
1849 if ((spacq = key_getspacq(&spidx)) != NULL) {
1850 /* reset counter in order to deletion by timehandler. */
1851 spacq->created = time_second;
1852 spacq->count = 0;
1853 }
1854 }
1855
1856 /* invalidate all cached SPD pointers on pcb */
1857 ipsec_invalpcbcacheall();
1858
1859 {
1860 struct mbuf *n, *mpolicy;
1861 struct sadb_msg *newmsg;
1862 int off;
1863
1864 /* create new sadb_msg to reply. */
1865 if (lft) {
1866 n = key_gather_mbuf(m, mhp, 2, 5, SADB_EXT_RESERVED,
1867 SADB_X_EXT_POLICY, SADB_EXT_LIFETIME_HARD,
1868 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
1869 } else {
1870 n = key_gather_mbuf(m, mhp, 2, 4, SADB_EXT_RESERVED,
1871 SADB_X_EXT_POLICY,
1872 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
1873 }
1874 if (!n)
1875 return key_senderror(so, m, ENOBUFS);
1876
1877 if (n->m_len < sizeof(*newmsg)) {
1878 n = m_pullup(n, sizeof(*newmsg));
1879 if (!n)
1880 return key_senderror(so, m, ENOBUFS);
1881 }
1882 newmsg = mtod(n, struct sadb_msg *);
1883 newmsg->sadb_msg_errno = 0;
1884 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
1885
1886 off = 0;
1887 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
1888 sizeof(*xpl), &off);
1889 if (mpolicy == NULL) {
1890 /* n is already freed */
1891 return key_senderror(so, m, ENOBUFS);
1892 }
1893 xpl = (struct sadb_x_policy *)(mtod(mpolicy, char *) + off);
1894 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
1895 m_freem(n);
1896 return key_senderror(so, m, EINVAL);
1897 }
1898 xpl->sadb_x_policy_id = newsp->id;
1899
1900 m_freem(m);
1901 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
1902 }
1903 }
1904
1905 /*
1906 * SADB_SPDDELETE processing
1907 * receive
1908 * <base, address(SD), policy(*)>
1909 * from the user(?), and set SADB_SASTATE_DEAD,
1910 * and send,
1911 * <base, address(SD), policy(*)>
1912 * to the ikmpd.
1913 * policy(*) including the direction of the policy.
1914 *
1915 * m will always be freed.
1916 */
1917 static int
1918 key_spddelete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
1919 {
1920 struct sadb_address *src0, *dst0;
1921 struct sadb_x_policy *xpl0;
1922 struct secpolicyindex spidx;
1923 struct secpolicy *sp;
1924
1925 /* sanity check */
1926 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
1927 panic("key_spddelete: NULL pointer is passed.");
1928
1929 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
1930 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
1931 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
1932 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
1933 return key_senderror(so, m, EINVAL);
1934 }
1935 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
1936 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
1937 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
1938 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
1939 return key_senderror(so, m, EINVAL);
1940 }
1941
1942 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
1943 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
1944 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
1945
1946 /* make secindex */
1947 /* XXX boundary check against sa_len */
1948 KEY_SETSECSPIDX(src0 + 1,
1949 dst0 + 1,
1950 src0->sadb_address_prefixlen,
1951 dst0->sadb_address_prefixlen,
1952 src0->sadb_address_proto,
1953 &spidx);
1954
1955 /* checking the direciton. */
1956 switch (xpl0->sadb_x_policy_dir) {
1957 case IPSEC_DIR_INBOUND:
1958 case IPSEC_DIR_OUTBOUND:
1959 break;
1960 default:
1961 ipseclog((LOG_DEBUG, "key_spddelete: Invalid SP direction.\n"));
1962 return key_senderror(so, m, EINVAL);
1963 }
1964
1965 /* Is there SP in SPD ? */
1966 if ((sp = key_getsp(&spidx, xpl0->sadb_x_policy_dir)) == NULL) {
1967 ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n"));
1968 return key_senderror(so, m, EINVAL);
1969 }
1970
1971 if (sp->persist) {
1972 ipseclog((LOG_DEBUG,
1973 "key_spddelete2: attempt to remove persistent SP:%u.\n",
1974 sp->id));
1975 key_freesp(sp); /* ref gained by key_getsp */
1976 return key_senderror(so, m, EPERM);
1977 }
1978
1979 /* save policy id to be returned. */
1980 xpl0->sadb_x_policy_id = sp->id;
1981
1982 key_sp_dead(sp);
1983 key_freesp(sp); /* ref gained by key_getsp */
1984 key_sp_unlink(sp);
1985 sp = NULL;
1986
1987 /* invalidate all cached SPD pointers on pcb */
1988 ipsec_invalpcbcacheall();
1989
1990 {
1991 struct mbuf *n;
1992 struct sadb_msg *newmsg;
1993
1994 /* create new sadb_msg to reply. */
1995 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
1996 SADB_X_EXT_POLICY, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
1997 if (!n)
1998 return key_senderror(so, m, ENOBUFS);
1999
2000 newmsg = mtod(n, struct sadb_msg *);
2001 newmsg->sadb_msg_errno = 0;
2002 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2003
2004 m_freem(m);
2005 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2006 }
2007 }
2008
2009 /*
2010 * SADB_SPDDELETE2 processing
2011 * receive
2012 * <base, policy(*)>
2013 * from the user(?), and set SADB_SASTATE_DEAD,
2014 * and send,
2015 * <base, policy(*)>
2016 * to the ikmpd.
2017 * policy(*) including the policy id.
2018 *
2019 * m will always be freed.
2020 */
2021 static int
2022 key_spddelete2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
2023 {
2024 u_int32_t id;
2025 struct secpolicy *sp;
2026
2027 /* sanity check */
2028 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2029 panic("key_spddelete2: NULL pointer is passed.");
2030
2031 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2032 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2033 ipseclog((LOG_DEBUG, "key_spddelete2: invalid message is passed.\n"));
2034 return key_senderror(so, m, EINVAL);
2035 }
2036
2037 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2038
2039 /* Is there SP in SPD ? */
2040 if ((sp = key_getspbyid(id)) == NULL) {
2041 ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n",
2042 id));
2043 return key_senderror(so, m, EINVAL);
2044 }
2045
2046 if (sp->persist) {
2047 ipseclog((LOG_DEBUG,
2048 "key_spddelete2: attempt to remove persistent SP:%u.\n",
2049 id));
2050 key_freesp(sp); /* ref gained by key_getspbyid */
2051 return key_senderror(so, m, EPERM);
2052 }
2053
2054 key_sp_dead(sp);
2055 key_freesp(sp); /* ref gained by key_getspbyid */
2056 key_sp_unlink(sp);
2057 sp = NULL;
2058
2059 /* invalidate all cached SPD pointers on pcb */
2060 ipsec_invalpcbcacheall();
2061
2062 {
2063 struct mbuf *n, *nn;
2064 struct sadb_msg *newmsg;
2065 int off, len;
2066
2067 /* create new sadb_msg to reply. */
2068 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2069
2070 if (len > MCLBYTES)
2071 return key_senderror(so, m, ENOBUFS);
2072 MGETHDR(n, M_DONTWAIT, MT_DATA);
2073 if (n && len > MHLEN) {
2074 MCLGET(n, M_DONTWAIT);
2075 if ((n->m_flags & M_EXT) == 0) {
2076 m_freem(n);
2077 n = NULL;
2078 }
2079 }
2080 if (!n)
2081 return key_senderror(so, m, ENOBUFS);
2082
2083 n->m_len = len;
2084 n->m_next = NULL;
2085 off = 0;
2086
2087 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off);
2088 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
2089
2090 #ifdef DIAGNOSTIC
2091 if (off != len)
2092 panic("length inconsistency in key_spddelete2");
2093 #endif
2094
2095 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
2096 mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT);
2097 if (!n->m_next) {
2098 m_freem(n);
2099 return key_senderror(so, m, ENOBUFS);
2100 }
2101
2102 n->m_pkthdr.len = 0;
2103 for (nn = n; nn; nn = nn->m_next)
2104 n->m_pkthdr.len += nn->m_len;
2105
2106 newmsg = mtod(n, struct sadb_msg *);
2107 newmsg->sadb_msg_errno = 0;
2108 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2109
2110 m_freem(m);
2111 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2112 }
2113 }
2114
2115 /*
2116 * SADB_X_SPDGET processing
2117 * receive
2118 * <base, policy(*)>
2119 * from the user(?),
2120 * and send,
2121 * <base, address(SD), policy>
2122 * to the ikmpd.
2123 * policy(*) including direction of policy.
2124 *
2125 * m will always be freed.
2126 */
2127 static int
2128 key_spdget(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
2129 {
2130 u_int32_t id;
2131 struct secpolicy *sp;
2132 struct mbuf *n;
2133
2134 /* sanity check */
2135 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2136 panic("key_spdget: NULL pointer is passed.");
2137
2138 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2139 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2140 ipseclog((LOG_DEBUG, "key_spdget: invalid message is passed.\n"));
2141 return key_senderror(so, m, EINVAL);
2142 }
2143
2144 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2145
2146 /* Is there SP in SPD ? */
2147 if ((sp = key_getspbyid(id)) == NULL) {
2148 ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n", id));
2149 return key_senderror(so, m, ENOENT);
2150 }
2151
2152 n = key_setdumpsp(sp, SADB_X_SPDGET, mhp->msg->sadb_msg_seq,
2153 mhp->msg->sadb_msg_pid);
2154 key_freesp(sp); /* ref gained by key_getspbyid */
2155 if (n != NULL) {
2156 m_freem(m);
2157 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2158 } else
2159 return key_senderror(so, m, ENOBUFS);
2160 }
2161
2162 /*
2163 * SADB_X_SPDACQUIRE processing.
2164 * Acquire policy and SA(s) for a *OUTBOUND* packet.
2165 * send
2166 * <base, policy(*)>
2167 * to KMD, and expect to receive
2168 * <base> with SADB_X_SPDACQUIRE if error occurred,
2169 * or
2170 * <base, policy>
2171 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
2172 * policy(*) is without policy requests.
2173 *
2174 * 0 : succeed
2175 * others: error number
2176 */
2177 int
2178 key_spdacquire(struct secpolicy *sp)
2179 {
2180 struct mbuf *result = NULL, *m;
2181 #ifndef IPSEC_NONBLOCK_ACQUIRE
2182 struct secspacq *newspacq;
2183 #endif
2184 int error = -1;
2185
2186 /* sanity check */
2187 if (sp == NULL)
2188 panic("key_spdacquire: NULL pointer is passed.");
2189 if (sp->req != NULL)
2190 panic("key_spdacquire: called but there is request.");
2191 if (sp->policy != IPSEC_POLICY_IPSEC)
2192 panic("key_spdacquire: policy mismathed. IPsec is expected.");
2193 if (!sp->spidx) {
2194 error = EOPNOTSUPP;
2195 goto fail;
2196 }
2197
2198 #ifndef IPSEC_NONBLOCK_ACQUIRE
2199 /* get an entry to check whether sent message or not. */
2200 if ((newspacq = key_getspacq(sp->spidx)) != NULL) {
2201 if (key_blockacq_count < newspacq->count) {
2202 /* reset counter and do send message. */
2203 newspacq->count = 0;
2204 } else {
2205 /* increment counter and do nothing. */
2206 newspacq->count++;
2207 return 0;
2208 }
2209 } else {
2210 /* make new entry for blocking to send SADB_ACQUIRE. */
2211 if ((newspacq = key_newspacq(sp->spidx)) == NULL)
2212 return ENOBUFS;
2213
2214 /* add to acqtree */
2215 LIST_INSERT_HEAD(&spacqtree, newspacq, chain);
2216 }
2217 #endif
2218
2219 /* create new sadb_msg to reply. */
2220 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
2221 if (!m) {
2222 error = ENOBUFS;
2223 goto fail;
2224 }
2225 result = m;
2226
2227 /* set sadb_x_policy */
2228 if (sp) {
2229 m = key_setsadbxpolicy(sp->policy, sp->dir, sp->id);
2230 if (!m) {
2231 error = ENOBUFS;
2232 goto fail;
2233 }
2234 m_cat(result, m);
2235 }
2236
2237 result->m_pkthdr.len = 0;
2238 for (m = result; m; m = m->m_next)
2239 result->m_pkthdr.len += m->m_len;
2240
2241 mtod(result, struct sadb_msg *)->sadb_msg_len =
2242 PFKEY_UNIT64(result->m_pkthdr.len);
2243
2244 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
2245
2246 fail:
2247 if (result)
2248 m_freem(result);
2249 return error;
2250 }
2251
2252 /*
2253 * SADB_SPDFLUSH processing
2254 * receive
2255 * <base>
2256 * from the user, and free all entries in secpctree.
2257 * and send,
2258 * <base>
2259 * to the user.
2260 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
2261 *
2262 * m will always be freed.
2263 */
2264 static int
2265 key_spdflush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
2266 {
2267 struct sadb_msg *newmsg;
2268 struct secpolicy *sp, *nextsp;
2269
2270 /* sanity check */
2271 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2272 panic("key_spdflush: NULL pointer is passed.");
2273
2274 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
2275 return key_senderror(so, m, EINVAL);
2276
2277 for (sp = TAILQ_FIRST(&sptailq); sp; sp = nextsp) {
2278 nextsp = TAILQ_NEXT(sp, tailq);
2279 if (sp->persist)
2280 continue;
2281 if (sp->state == IPSEC_SPSTATE_DEAD)
2282 continue;
2283 key_sp_dead(sp);
2284 key_sp_unlink(sp);
2285 sp = NULL;
2286 }
2287
2288 /* invalidate all cached SPD pointers on pcb */
2289 ipsec_invalpcbcacheall();
2290
2291 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
2292 ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n"));
2293 return key_senderror(so, m, ENOBUFS);
2294 }
2295
2296 if (m->m_next)
2297 m_freem(m->m_next);
2298 m->m_next = NULL;
2299 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2300 newmsg = mtod(m, struct sadb_msg *);
2301 newmsg->sadb_msg_errno = 0;
2302 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
2303
2304 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
2305 }
2306
2307 /*
2308 * SADB_SPDDUMP processing
2309 * receive
2310 * <base>
2311 * from the user, and dump all SP leaves
2312 * and send,
2313 * <base> .....
2314 * to the ikmpd.
2315 *
2316 * m will always be freed.
2317 */
2318 static int
2319 key_spddump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
2320 {
2321 struct secpolicy *sp;
2322 int cnt;
2323 u_int dir;
2324 struct mbuf *n;
2325 struct keycb *kp;
2326 int error = 0, needwait = 0;
2327
2328 /* sanity check */
2329 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2330 panic("key_spddump: NULL pointer is passed.");
2331
2332 /* search SPD entry and get buffer size. */
2333 cnt = 0;
2334 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2335 LIST_FOREACH(sp, &sptree[dir], chain) {
2336 cnt++;
2337 }
2338 }
2339
2340 if (cnt == 0)
2341 return key_senderror(so, m, ENOENT);
2342
2343 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2344 LIST_FOREACH(sp, &sptree[dir], chain) {
2345 --cnt;
2346 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt,
2347 mhp->msg->sadb_msg_pid);
2348
2349 if (n) {
2350 error = key_sendup_mbuf(so, n,
2351 KEY_SENDUP_ONE | KEY_SENDUP_CANWAIT);
2352 if (error == EAGAIN)
2353 needwait = 1;
2354 }
2355 }
2356 }
2357
2358 kp = (struct keycb *)sotorawcb(so);
2359 while (needwait && kp->kp_queue)
2360 sbwait(&so->so_rcv);
2361
2362 m_freem(m);
2363 return 0;
2364 }
2365
2366 #ifdef IPSEC_NAT_T
2367 /*
2368 * SADB_X_NAT_T_NEW_MAPPING. Unused by racoon as of 2005/04/23
2369 */
2370 static int
2371 key_nat_map(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
2372 {
2373 struct sadb_x_nat_t_type *type;
2374 struct sadb_x_nat_t_port *sport;
2375 struct sadb_x_nat_t_port *dport;
2376 struct sadb_address *addr;
2377 struct sadb_x_nat_t_frag *frag;
2378
2379 /* sanity check */
2380 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2381 panic("key_nat_map: NULL pointer is passed.");
2382
2383 if (mhp->ext[SADB_X_EXT_NAT_T_TYPE] == NULL ||
2384 mhp->ext[SADB_X_EXT_NAT_T_SPORT] == NULL ||
2385 mhp->ext[SADB_X_EXT_NAT_T_DPORT] == NULL) {
2386 ipseclog((LOG_DEBUG, "key_nat_map: invalid message.\n"));
2387 return key_senderror(so, m, EINVAL);
2388 }
2389 if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) ||
2390 (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) ||
2391 (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) {
2392 ipseclog((LOG_DEBUG, "key_nat_map: invalid message.\n"));
2393 return key_senderror(so, m, EINVAL);
2394 }
2395
2396 if ((mhp->ext[SADB_X_EXT_NAT_T_OA] != NULL) &&
2397 (mhp->extlen[SADB_X_EXT_NAT_T_OA] < sizeof(*addr))) {
2398 ipseclog((LOG_DEBUG, "key_nat_map: invalid message\n"));
2399 return key_senderror(so, m, EINVAL);
2400 }
2401
2402 if ((mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) &&
2403 (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag))) {
2404 ipseclog((LOG_DEBUG, "key_nat_map: invalid message\n"));
2405 return key_senderror(so, m, EINVAL);
2406 }
2407
2408 type = (struct sadb_x_nat_t_type *)mhp->ext[SADB_X_EXT_NAT_T_TYPE];
2409 sport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_SPORT];
2410 dport = (struct sadb_x_nat_t_port *)mhp->ext[SADB_X_EXT_NAT_T_DPORT];
2411 addr = (struct sadb_address *)mhp->ext[SADB_X_EXT_NAT_T_OA];
2412 frag = (struct sadb_x_nat_t_frag *) mhp->ext[SADB_X_EXT_NAT_T_FRAG];
2413
2414 printf("sadb_nat_map called\n");
2415
2416 /*
2417 * XXX handle that, it should also contain a SA, or anything
2418 * that enable to update the SA information.
2419 */
2420
2421 return 0;
2422 }
2423 #endif /* IPSEC_NAT_T */
2424
2425 static struct mbuf *
2426 key_setspddump(int *errorp)
2427 {
2428 struct secpolicy *sp;
2429 int cnt;
2430 u_int dir;
2431 struct mbuf *m, *n;
2432
2433 /* search SPD entry and get buffer size. */
2434 cnt = 0;
2435 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2436 LIST_FOREACH(sp, &sptree[dir], chain) {
2437 cnt++;
2438 }
2439 }
2440
2441 if (cnt == 0) {
2442 *errorp = ENOENT;
2443 return (NULL);
2444 }
2445
2446 m = NULL;
2447 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2448 LIST_FOREACH(sp, &sptree[dir], chain) {
2449 --cnt;
2450 n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 0);
2451
2452 if (!n) {
2453 *errorp = ENOBUFS;
2454 m_freem(m);
2455 return (NULL);
2456 }
2457 if (!m)
2458 m = n;
2459 else {
2460 m->m_pkthdr.len += n->m_pkthdr.len;
2461 m_cat(m, n);
2462 }
2463 }
2464 }
2465
2466 *errorp = 0;
2467 return (m);
2468 }
2469
2470 struct mbuf *
2471 key_setdumpsp(struct secpolicy *sp, u_int8_t type, u_int32_t seq, u_int32_t pid)
2472 {
2473 struct mbuf *result = NULL, *m;
2474
2475 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
2476 if (!m)
2477 goto fail;
2478 result = m;
2479
2480 if (sp->spidx) {
2481 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2482 (struct sockaddr *)&sp->spidx->src, sp->spidx->prefs,
2483 sp->spidx->ul_proto);
2484 if (!m)
2485 goto fail;
2486 m_cat(result, m);
2487
2488 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2489 (struct sockaddr *)&sp->spidx->dst, sp->spidx->prefd,
2490 sp->spidx->ul_proto);
2491 if (!m)
2492 goto fail;
2493 m_cat(result, m);
2494 }
2495 #ifdef SADB_X_EXT_TAG
2496 else if (sp->tag) {
2497 m = key_setsadbxtag(sp->tag);
2498 if (!m)
2499 goto fail;
2500 m_cat(result, m);
2501 }
2502 #endif
2503
2504 m = key_sp2msg(sp);
2505 if (!m)
2506 goto fail;
2507 m_cat(result, m);
2508
2509 m = key_setsadblifetime(SADB_EXT_LIFETIME_CURRENT,
2510 0, 0, (u_int64_t)sp->created, (u_int64_t)sp->lastused);
2511 if (!m)
2512 goto fail;
2513 m_cat(result, m);
2514
2515 m = key_setsadblifetime(SADB_EXT_LIFETIME_HARD,
2516 0, 0, (u_int64_t)sp->lifetime, (u_int64_t)sp->validtime);
2517 if (!m)
2518 goto fail;
2519 m_cat(result, m);
2520
2521 if ((result->m_flags & M_PKTHDR) == 0)
2522 goto fail;
2523
2524 if (result->m_len < sizeof(struct sadb_msg)) {
2525 result = m_pullup(result, sizeof(struct sadb_msg));
2526 if (result == NULL)
2527 goto fail;
2528 }
2529
2530 result->m_pkthdr.len = 0;
2531 for (m = result; m; m = m->m_next)
2532 result->m_pkthdr.len += m->m_len;
2533
2534 mtod(result, struct sadb_msg *)->sadb_msg_len =
2535 PFKEY_UNIT64(result->m_pkthdr.len);
2536
2537 return result;
2538
2539 fail:
2540 m_freem(result);
2541 return NULL;
2542 }
2543
2544 /*
2545 * get PFKEY message length for security policy and request.
2546 */
2547 static u_int
2548 key_getspreqmsglen(struct secpolicy *sp)
2549 {
2550 u_int tlen;
2551
2552 tlen = sizeof(struct sadb_x_policy);
2553
2554 /* if is the policy for ipsec ? */
2555 if (sp->policy != IPSEC_POLICY_IPSEC)
2556 return tlen;
2557
2558 /* get length of ipsec requests */
2559 {
2560 struct ipsecrequest *isr;
2561 int len;
2562
2563 for (isr = sp->req; isr != NULL; isr = isr->next) {
2564 len = sizeof(struct sadb_x_ipsecrequest)
2565 + isr->saidx.src.ss_len
2566 + isr->saidx.dst.ss_len;
2567
2568 tlen += PFKEY_ALIGN8(len);
2569 }
2570 }
2571
2572 return tlen;
2573 }
2574
2575 /*
2576 * SADB_X_SPDEXPIRE processing
2577 * send
2578 * <base, address(SD), lifetime(CH), policy>
2579 * to KMD by PF_KEY.
2580 *
2581 * OUT: 0 : succeed
2582 * others : error number
2583 */
2584 static int
2585 key_spdexpire(struct secpolicy *sp)
2586 {
2587 int s;
2588 struct mbuf *result = NULL, *m;
2589 int len;
2590 int error = -1;
2591 struct sadb_lifetime *lt;
2592
2593 /* XXX: Why do we lock ? */
2594 s = splsoftnet(); /*called from softclock()*/
2595
2596 /* sanity check */
2597 if (sp == NULL)
2598 panic("key_spdexpire: NULL pointer is passed.");
2599
2600 /* set msg header */
2601 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
2602 if (!m) {
2603 error = ENOBUFS;
2604 goto fail;
2605 }
2606 result = m;
2607
2608 /* create lifetime extension (current and hard) */
2609 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
2610 m = key_alloc_mbuf(len);
2611 if (!m || m->m_next) { /*XXX*/
2612 if (m)
2613 m_freem(m);
2614 error = ENOBUFS;
2615 goto fail;
2616 }
2617 memset(mtod(m, void *), 0, len);
2618 lt = mtod(m, struct sadb_lifetime *);
2619 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2620 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
2621 lt->sadb_lifetime_allocations = 0;
2622 lt->sadb_lifetime_bytes = 0;
2623 lt->sadb_lifetime_addtime = sp->created;
2624 lt->sadb_lifetime_usetime = sp->lastused;
2625 lt = (struct sadb_lifetime *)(mtod(m, char *) + len / 2);
2626 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2627 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
2628 lt->sadb_lifetime_allocations = 0;
2629 lt->sadb_lifetime_bytes = 0;
2630 lt->sadb_lifetime_addtime = sp->lifetime;
2631 lt->sadb_lifetime_usetime = sp->validtime;
2632 m_cat(result, m);
2633
2634 /* set sadb_address for source */
2635 if (sp->spidx) {
2636 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2637 (struct sockaddr *)&sp->spidx->src,
2638 sp->spidx->prefs, sp->spidx->ul_proto);
2639 if (!m) {
2640 error = ENOBUFS;
2641 goto fail;
2642 }
2643 m_cat(result, m);
2644
2645 /* set sadb_address for destination */
2646 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2647 (struct sockaddr *)&sp->spidx->dst,
2648 sp->spidx->prefd, sp->spidx->ul_proto);
2649 if (!m) {
2650 error = ENOBUFS;
2651 goto fail;
2652 }
2653 m_cat(result, m);
2654 }
2655 #ifdef SADB_X_EXT_TAG
2656 else if (sp->tag) {
2657 m = key_setsadbxtag(sp->tag);
2658 if (!m) {
2659 error = ENOBUFS;
2660 goto fail;
2661 }
2662 m_cat(result, m);
2663 }
2664 #endif
2665
2666 /* set secpolicy */
2667 m = key_sp2msg(sp);
2668 if (!m) {
2669 error = ENOBUFS;
2670 goto fail;
2671 }
2672 m_cat(result, m);
2673
2674 if ((result->m_flags & M_PKTHDR) == 0) {
2675 error = EINVAL;
2676 goto fail;
2677 }
2678
2679 if (result->m_len < sizeof(struct sadb_msg)) {
2680 result = m_pullup(result, sizeof(struct sadb_msg));
2681 if (result == NULL) {
2682 error = ENOBUFS;
2683 goto fail;
2684 }
2685 }
2686
2687 result->m_pkthdr.len = 0;
2688 for (m = result; m; m = m->m_next)
2689 result->m_pkthdr.len += m->m_len;
2690
2691 mtod(result, struct sadb_msg *)->sadb_msg_len =
2692 PFKEY_UNIT64(result->m_pkthdr.len);
2693
2694 splx(s);
2695 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
2696
2697 fail:
2698 if (result)
2699 m_freem(result);
2700 splx(s);
2701 return error;
2702 }
2703
2704 /* %%% SAD management */
2705 /*
2706 * allocating a memory for new SA head, and copy from the values of mhp.
2707 * OUT: NULL : failure due to the lack of memory.
2708 * others : pointer to new SA head.
2709 */
2710 static struct secashead *
2711 key_newsah(struct secasindex *saidx)
2712 {
2713 struct secashead *newsah;
2714
2715 /* sanity check */
2716 if (saidx == NULL)
2717 panic("key_newsaidx: NULL pointer is passed.");
2718
2719 newsah = keydb_newsecashead();
2720 if (newsah == NULL)
2721 return NULL;
2722
2723 memcpy(&newsah->saidx, saidx, sizeof(newsah->saidx));
2724
2725 /* add to saidxtree */
2726 newsah->state = SADB_SASTATE_MATURE;
2727 LIST_INSERT_HEAD(&sahtree, newsah, chain);
2728
2729 return (newsah);
2730 }
2731
2732 /*
2733 * delete SA index and all SA registerd.
2734 */
2735 static void
2736 key_delsah(struct secashead *sah)
2737 {
2738 struct secasvar *sav, *nextsav;
2739 u_int stateidx, state;
2740 int s;
2741 int zombie = 0;
2742
2743 /* sanity check */
2744 if (sah == NULL)
2745 panic("key_delsah: NULL pointer is passed.");
2746
2747 s = splsoftnet(); /*called from softclock()*/
2748
2749 /* searching all SA registerd in the secindex. */
2750 for (stateidx = 0;
2751 stateidx < _ARRAYLEN(saorder_state_any);
2752 stateidx++) {
2753
2754 state = saorder_state_any[stateidx];
2755 for (sav = LIST_FIRST(&sah->savtree[state]);
2756 sav != NULL;
2757 sav = nextsav) {
2758
2759 nextsav = LIST_NEXT(sav, chain);
2760
2761 if (sav->refcnt > 0) {
2762 /* give up to delete this sa */
2763 zombie++;
2764 continue;
2765 }
2766
2767 /* sanity check */
2768 KEY_CHKSASTATE(state, sav->state, "key_delsah");
2769
2770 /* remove back pointer */
2771 sav->sah = NULL;
2772
2773 key_freesav(sav);
2774
2775 sav = NULL;
2776 }
2777 }
2778
2779 /* delete sah only if there's no sav. */
2780 if (zombie) {
2781 splx(s);
2782 return;
2783 }
2784
2785 rtcache_free(&sah->sa_route);
2786
2787 /* remove from tree of SA index */
2788 if (__LIST_CHAINED(sah))
2789 LIST_REMOVE(sah, chain);
2790
2791 KFREE(sah);
2792
2793 splx(s);
2794 return;
2795 }
2796
2797 /*
2798 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
2799 * and copy the values of mhp into new buffer.
2800 * When SAD message type is GETSPI:
2801 * to set sequence number from acq_seq++,
2802 * to set zero to SPI.
2803 * not to call key_setsava().
2804 * OUT: NULL : fail
2805 * others : pointer to new secasvar.
2806 *
2807 * does not modify mbuf. does not free mbuf on error.
2808 */
2809 static struct secasvar *
2810 key_newsav(struct mbuf *m, const struct sadb_msghdr *mhp, struct secashead *sah, int *errp)
2811 {
2812 struct secasvar *newsav;
2813 const struct sadb_sa *xsa;
2814
2815 /* sanity check */
2816 if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL)
2817 panic("key_newsa: NULL pointer is passed.");
2818
2819 newsav = keydb_newsecasvar();
2820 if (newsav == NULL) {
2821 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
2822 *errp = ENOBUFS;
2823 return NULL;
2824 }
2825
2826 switch (mhp->msg->sadb_msg_type) {
2827 case SADB_GETSPI:
2828 key_setspi(newsav, 0);
2829
2830 #ifdef IPSEC_DOSEQCHECK
2831 /* sync sequence number */
2832 if (mhp->msg->sadb_msg_seq == 0)
2833 newsav->seq =
2834 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
2835 else
2836 #endif
2837 newsav->seq = mhp->msg->sadb_msg_seq;
2838 break;
2839
2840 case SADB_ADD:
2841 /* sanity check */
2842 if (mhp->ext[SADB_EXT_SA] == NULL) {
2843 KFREE(newsav);
2844 ipseclog((LOG_DEBUG, "key_newsa: invalid message is passed.\n"));
2845 *errp = EINVAL;
2846 return NULL;
2847 }
2848 xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
2849 key_setspi(newsav, xsa->sadb_sa_spi);
2850 newsav->seq = mhp->msg->sadb_msg_seq;
2851 break;
2852 default:
2853 KFREE(newsav);
2854 *errp = EINVAL;
2855 return NULL;
2856 }
2857
2858 /* copy sav values */
2859 if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
2860 *errp = key_setsaval(newsav, m, mhp);
2861 if (*errp) {
2862 KFREE(newsav);
2863 return NULL;
2864 }
2865 }
2866
2867 /* reset created */
2868 newsav->created = time_second;
2869
2870 newsav->pid = mhp->msg->sadb_msg_pid;
2871
2872 /* add to satree */
2873 newsav->sah = sah;
2874 newsav->refcnt = 1;
2875 newsav->state = SADB_SASTATE_LARVAL;
2876 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
2877 secasvar, chain);
2878
2879 return newsav;
2880 }
2881
2882 /*
2883 * search SAD.
2884 * OUT:
2885 * NULL : not found
2886 * others : found, pointer to a SA.
2887 */
2888 static struct secashead *
2889 key_getsah(struct secasindex *saidx)
2890 {
2891 struct secashead *sah;
2892
2893 LIST_FOREACH(sah, &sahtree, chain) {
2894 if (sah->state == SADB_SASTATE_DEAD)
2895 continue;
2896 if (key_cmpsaidx_exactly(&sah->saidx, saidx))
2897 return (sah);
2898 }
2899
2900 return NULL;
2901 }
2902
2903 /*
2904 * check not to be duplicated SPI.
2905 * NOTE: this function is too slow due to searching all SAD.
2906 * OUT:
2907 * NULL : not found
2908 * others : found, pointer to a SA.
2909 */
2910 static struct secasvar *
2911 key_checkspidup(struct secasindex *saidx, u_int32_t spi)
2912 {
2913 struct secasvar *sav;
2914 u_int stateidx, state;
2915
2916 /* check address family */
2917 if (saidx->src.ss_family != saidx->dst.ss_family) {
2918 ipseclog((LOG_DEBUG, "key_checkspidup: address family mismatched.\n"));
2919 return NULL;
2920 }
2921
2922 /* check all SAD */
2923 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
2924 if (sav->spi != spi)
2925 continue;
2926 for (stateidx = 0;
2927 stateidx < _ARRAYLEN(saorder_state_alive);
2928 stateidx++) {
2929 state = saorder_state_alive[stateidx];
2930 if (sav->state == state &&
2931 key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst))
2932 return sav;
2933 }
2934 }
2935
2936 return NULL;
2937 }
2938
2939 static void
2940 key_setspi(struct secasvar *sav, u_int32_t spi)
2941 {
2942 int s;
2943
2944 s = splsoftnet();
2945 sav->spi = spi;
2946 if (sav->spihash.le_prev || sav->spihash.le_next)
2947 LIST_REMOVE(sav, spihash);
2948 LIST_INSERT_HEAD(&spihash[SPIHASH(spi)], sav, spihash);
2949 splx(s);
2950 }
2951
2952 /*
2953 * search SAD litmited alive SA, protocol, SPI.
2954 * OUT:
2955 * NULL : not found
2956 * others : found, pointer to a SA.
2957 */
2958 static struct secasvar *
2959 key_getsavbyspi(struct secashead *sah, u_int32_t spi)
2960 {
2961 struct secasvar *sav, *match;
2962 u_int stateidx, state, matchidx;
2963
2964 match = NULL;
2965 matchidx = _ARRAYLEN(saorder_state_alive);
2966 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
2967 if (sav->spi != spi)
2968 continue;
2969 if (sav->sah != sah)
2970 continue;
2971 for (stateidx = 0; stateidx < matchidx; stateidx++) {
2972 state = saorder_state_alive[stateidx];
2973 if (sav->state == state) {
2974 match = sav;
2975 matchidx = stateidx;
2976 break;
2977 }
2978 }
2979 }
2980
2981 return match;
2982 }
2983
2984 /*
2985 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
2986 * You must update these if need.
2987 * OUT: 0: success.
2988 * !0: failure.
2989 *
2990 * does not modify mbuf. does not free mbuf on error.
2991 */
2992 static int
2993 key_setsaval(struct secasvar *sav, struct mbuf *m, const struct sadb_msghdr *mhp)
2994 {
2995 #ifdef IPSEC_ESP
2996 const struct esp_algorithm *algo;
2997 #endif
2998 int error = 0;
2999
3000 /* sanity check */
3001 if (m == NULL || mhp == NULL || mhp->msg == NULL)
3002 panic("key_setsaval: NULL pointer is passed.");
3003
3004 /* initialization */
3005 sav->replay = NULL;
3006 sav->key_auth = NULL;
3007 sav->key_enc = NULL;
3008 sav->sched = NULL;
3009 sav->schedlen = 0;
3010 sav->iv = NULL;
3011 sav->lft_c = NULL;
3012 sav->lft_h = NULL;
3013 sav->lft_s = NULL;
3014 #ifdef IPSEC_NAT_T
3015 sav->natt_type = 0;
3016 sav->esp_frag = 0;
3017 #endif
3018
3019 /* SA */
3020 if (mhp->ext[SADB_EXT_SA] != NULL) {
3021 const struct sadb_sa *sa0;
3022
3023 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
3024 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
3025 error = EINVAL;
3026 goto fail;
3027 }
3028
3029 sav->alg_auth = sa0->sadb_sa_auth;
3030 sav->alg_enc = sa0->sadb_sa_encrypt;
3031 sav->flags = sa0->sadb_sa_flags;
3032
3033 /* replay window */
3034 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
3035 sav->replay = keydb_newsecreplay(sa0->sadb_sa_replay);
3036 if (sav->replay == NULL) {
3037 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3038 error = ENOBUFS;
3039 goto fail;
3040 }
3041 }
3042 }
3043
3044 /* Authentication keys */
3045 if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
3046 const struct sadb_key *key0;
3047 int len;
3048
3049 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
3050 len = mhp->extlen[SADB_EXT_KEY_AUTH];
3051
3052 error = 0;
3053 if (len < sizeof(*key0)) {
3054 error = EINVAL;
3055 goto fail;
3056 }
3057 switch (mhp->msg->sadb_msg_satype) {
3058 case SADB_SATYPE_AH:
3059 case SADB_SATYPE_ESP:
3060 case SADB_X_SATYPE_TCPSIGNATURE:
3061 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3062 sav->alg_auth != SADB_X_AALG_NULL)
3063 error = EINVAL;
3064 break;
3065 case SADB_X_SATYPE_IPCOMP:
3066 default:
3067 error = EINVAL;
3068 break;
3069 }
3070 if (error) {
3071 ipseclog((LOG_DEBUG, "key_setsaval: invalid key_auth values.\n"));
3072 goto fail;
3073 }
3074
3075 sav->key_auth = (struct sadb_key *)key_newbuf(key0, len);
3076 if (sav->key_auth == NULL) {
3077 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3078 error = ENOBUFS;
3079 goto fail;
3080 }
3081 }
3082
3083 /* Encryption key */
3084 if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
3085 const struct sadb_key *key0;
3086 int len;
3087
3088 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
3089 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
3090
3091 error = 0;
3092 if (len < sizeof(*key0)) {
3093 error = EINVAL;
3094 goto fail;
3095 }
3096 switch (mhp->msg->sadb_msg_satype) {
3097 case SADB_SATYPE_ESP:
3098 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3099 sav->alg_enc != SADB_EALG_NULL) {
3100 error = EINVAL;
3101 break;
3102 }
3103 sav->key_enc = (struct sadb_key *)key_newbuf(key0, len);
3104 if (sav->key_enc == NULL) {
3105 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3106 error = ENOBUFS;
3107 goto fail;
3108 }
3109 break;
3110 case SADB_X_SATYPE_IPCOMP:
3111 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
3112 error = EINVAL;
3113 sav->key_enc = NULL; /*just in case*/
3114 break;
3115 case SADB_SATYPE_AH:
3116 case SADB_X_SATYPE_TCPSIGNATURE:
3117 default:
3118 error = EINVAL;
3119 break;
3120 }
3121 if (error) {
3122 ipseclog((LOG_DEBUG, "key_setsatval: invalid key_enc value.\n"));
3123 goto fail;
3124 }
3125 }
3126
3127 /* set iv */
3128 sav->ivlen = 0;
3129
3130 switch (mhp->msg->sadb_msg_satype) {
3131 case SADB_SATYPE_ESP:
3132 #ifdef IPSEC_ESP
3133 algo = esp_algorithm_lookup(sav->alg_enc);
3134 if (algo && algo->ivlen)
3135 sav->ivlen = (*algo->ivlen)(algo, sav);
3136 if (sav->ivlen == 0)
3137 break;
3138 KMALLOC(sav->iv, void *, sav->ivlen);
3139 if (sav->iv == 0) {
3140 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3141 error = ENOBUFS;
3142 goto fail;
3143 }
3144
3145 /* initialize */
3146 key_randomfill(sav->iv, sav->ivlen);
3147 #endif
3148 break;
3149 case SADB_SATYPE_AH:
3150 break;
3151 case SADB_X_SATYPE_IPCOMP:
3152 break;
3153 case SADB_X_SATYPE_TCPSIGNATURE:
3154 if (sav->alg_enc != SADB_EALG_NONE) {
3155 ipseclog((LOG_DEBUG, "key_setsaval: protocol and "
3156 "algorithm mismatched.\n"));
3157 error = EINVAL;
3158 goto fail;
3159 }
3160 break;
3161 default:
3162 ipseclog((LOG_DEBUG, "key_setsaval: invalid SA type.\n"));
3163 error = EINVAL;
3164 goto fail;
3165 }
3166
3167 /* reset created */
3168 sav->created = time_second;
3169
3170 /* make lifetime for CURRENT */
3171 KMALLOC(sav->lft_c, struct sadb_lifetime *,
3172 sizeof(struct sadb_lifetime));
3173 if (sav->lft_c == NULL) {
3174 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3175 error = ENOBUFS;
3176 goto fail;
3177 }
3178
3179 sav->lft_c->sadb_lifetime_len =
3180 PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3181 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
3182 sav->lft_c->sadb_lifetime_allocations = 0;
3183 sav->lft_c->sadb_lifetime_bytes = 0;
3184 sav->lft_c->sadb_lifetime_addtime = time_second;
3185 sav->lft_c->sadb_lifetime_usetime = 0;
3186
3187 /* lifetimes for HARD and SOFT */
3188 {
3189 const struct sadb_lifetime *lft0;
3190
3191 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
3192 if (lft0 != NULL) {
3193 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
3194 error = EINVAL;
3195 goto fail;
3196 }
3197 sav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0,
3198 sizeof(*lft0));
3199 if (sav->lft_h == NULL) {
3200 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3201 error = ENOBUFS;
3202 goto fail;
3203 }
3204 /* we no longer support byte lifetime */
3205 if (sav->lft_h->sadb_lifetime_bytes) {
3206 error = EINVAL;
3207 goto fail;
3208 }
3209 /* initialize? */
3210 }
3211
3212 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
3213 if (lft0 != NULL) {
3214 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
3215 error = EINVAL;
3216 goto fail;
3217 }
3218 sav->lft_s = (struct sadb_lifetime *)key_newbuf(lft0,
3219 sizeof(*lft0));
3220 if (sav->lft_s == NULL) {
3221 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3222 error = ENOBUFS;
3223 goto fail;
3224 }
3225 /* we no longer support byte lifetime */
3226 if (sav->lft_s->sadb_lifetime_bytes) {
3227 error = EINVAL;
3228 goto fail;
3229 }
3230 /* initialize? */
3231 }
3232 }
3233
3234 return 0;
3235
3236 fail:
3237 /* initialization */
3238 if (sav->replay != NULL) {
3239 keydb_delsecreplay(sav->replay);
3240 sav->replay = NULL;
3241 }
3242 if (sav->key_auth != NULL) {
3243 memset(_KEYBUF(sav->key_auth), 0, _KEYLEN(sav->key_auth));
3244 KFREE(sav->key_auth);
3245 sav->key_auth = NULL;
3246 }
3247 if (sav->key_enc != NULL) {
3248 memset(_KEYBUF(sav->key_enc), 0, _KEYLEN(sav->key_enc));
3249 KFREE(sav->key_enc);
3250 sav->key_enc = NULL;
3251 }
3252 if (sav->sched) {
3253 memset(sav->sched, 0, sav->schedlen);
3254 KFREE(sav->sched);
3255 sav->sched = NULL;
3256 }
3257 if (sav->iv != NULL) {
3258 KFREE(sav->iv);
3259 sav->iv = NULL;
3260 }
3261 if (sav->lft_c != NULL) {
3262 KFREE(sav->lft_c);
3263 sav->lft_c = NULL;
3264 }
3265 if (sav->lft_h != NULL) {
3266 KFREE(sav->lft_h);
3267 sav->lft_h = NULL;
3268 }
3269 if (sav->lft_s != NULL) {
3270 KFREE(sav->lft_s);
3271 sav->lft_s = NULL;
3272 }
3273
3274 return error;
3275 }
3276
3277 /*
3278 * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
3279 * OUT: 0: valid
3280 * other: errno
3281 */
3282 static int
3283 key_mature(struct secasvar *sav)
3284 {
3285 int mature;
3286 int checkmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
3287 int mustmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
3288
3289 mature = 0;
3290
3291 /* check SPI value */
3292 switch (sav->sah->saidx.proto) {
3293 case IPPROTO_ESP:
3294 case IPPROTO_AH:
3295 if (ntohl(sav->spi) <= 255) {
3296 ipseclog((LOG_DEBUG,
3297 "key_mature: illegal range of SPI %u.\n",
3298 (u_int32_t)ntohl(sav->spi)));
3299 return EINVAL;
3300 }
3301 break;
3302 case IPPROTO_TCP:
3303 if (ntohl(sav->spi) != 0x1000) { /*TCP_SIG_SPI*/
3304 ipseclog((LOG_DEBUG,
3305 "key_mature: SPI must be 0x1000 for TCPMD5.\n"));
3306 return (EINVAL);
3307 }
3308 break;
3309 case IPPROTO_IPV4:
3310 case IPPROTO_IPV6:
3311 break;
3312 }
3313
3314 /* check satype */
3315 switch (sav->sah->saidx.proto) {
3316 #ifdef IPSEC_ESP
3317 case IPPROTO_ESP:
3318 /* check flags */
3319 if ((sav->flags & SADB_X_EXT_OLD) &&
3320 (sav->flags & SADB_X_EXT_DERIV)) {
3321 ipseclog((LOG_DEBUG, "key_mature: "
3322 "invalid flag (derived) given to old-esp.\n"));
3323 return EINVAL;
3324 }
3325 if (sav->alg_auth == SADB_AALG_NONE)
3326 checkmask = 1;
3327 else
3328 checkmask = 3;
3329 mustmask = 1;
3330 break;
3331 #endif
3332 case IPPROTO_AH:
3333 /* check flags */
3334 if (sav->flags & SADB_X_EXT_DERIV) {
3335 ipseclog((LOG_DEBUG, "key_mature: "
3336 "invalid flag (derived) given to AH SA.\n"));
3337 return EINVAL;
3338 }
3339 if (sav->alg_enc != SADB_EALG_NONE) {
3340 ipseclog((LOG_DEBUG, "key_mature: "
3341 "protocol and algorithm mismated.\n"));
3342 return (EINVAL);
3343 }
3344 checkmask = 2;
3345 mustmask = 2;
3346 break;
3347 case IPPROTO_IPCOMP:
3348 if (sav->alg_auth != SADB_AALG_NONE) {
3349 ipseclog((LOG_DEBUG, "key_mature: "
3350 "protocol and algorithm mismated.\n"));
3351 return (EINVAL);
3352 }
3353 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0 &&
3354 ntohl(sav->spi) >= 0x10000) {
3355 ipseclog((LOG_DEBUG,
3356 "key_mature: invalid cpi for IPComp.\n"));
3357 return (EINVAL);
3358 }
3359 checkmask = 4;
3360 mustmask = 4;
3361 break;
3362 case IPPROTO_TCP:
3363 if (sav->alg_enc != SADB_EALG_NONE) {
3364 ipseclog((LOG_DEBUG, "key_mature: "
3365 "encryption algorithm must be null for TCPMD5.\n"));
3366 return (EINVAL);
3367 }
3368 if (sav->alg_auth != SADB_X_AALG_TCP_MD5) {
3369 ipseclog((LOG_DEBUG, "key_mature: "
3370 "auth algorithm must be tcp-md5 for TCPMD5.\n"));
3371 return (EINVAL);
3372 }
3373 checkmask = 0;
3374 break;
3375 case IPPROTO_IPV4:
3376 case IPPROTO_IPV6:
3377 break;
3378 default:
3379 ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n"));
3380 return EPROTONOSUPPORT;
3381 }
3382
3383 /* check authentication algorithm */
3384 if ((checkmask & 2) != 0) {
3385 const struct ah_algorithm *algo;
3386 int keylen;
3387
3388 algo = ah_algorithm_lookup(sav->alg_auth);
3389 if (!algo) {
3390 ipseclog((LOG_DEBUG,"key_mature: "
3391 "unknown authentication algorithm.\n"));
3392 return EINVAL;
3393 }
3394
3395 /* algorithm-dependent check */
3396 if (sav->key_auth)
3397 keylen = sav->key_auth->sadb_key_bits;
3398 else
3399 keylen = 0;
3400 if (keylen < algo->keymin || algo->keymax < keylen) {
3401 ipseclog((LOG_DEBUG,
3402 "key_mature: invalid AH key length %d "
3403 "(%d-%d allowed)\n",
3404 keylen, algo->keymin, algo->keymax));
3405 return EINVAL;
3406 }
3407
3408 if (algo->mature) {
3409 if ((*algo->mature)(sav)) {
3410 /* message generated in per-algorithm function*/
3411 return EINVAL;
3412 } else
3413 mature = SADB_SATYPE_AH;
3414 }
3415
3416 if ((mustmask & 2) != 0 && mature != SADB_SATYPE_AH) {
3417 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for AH\n"));
3418 return EINVAL;
3419 }
3420 }
3421
3422 /* check encryption algorithm */
3423 if ((checkmask & 1) != 0) {
3424 #ifdef IPSEC_ESP
3425 const struct esp_algorithm *algo;
3426 int keylen;
3427
3428 algo = esp_algorithm_lookup(sav->alg_enc);
3429 if (!algo) {
3430 ipseclog((LOG_DEBUG, "key_mature: unknown encryption algorithm.\n"));
3431 return EINVAL;
3432 }
3433
3434 /* algorithm-dependent check */
3435 if (sav->key_enc)
3436 keylen = sav->key_enc->sadb_key_bits;
3437 else
3438 keylen = 0;
3439 if (keylen < algo->keymin || algo->keymax < keylen) {
3440 ipseclog((LOG_DEBUG,
3441 "key_mature: invalid ESP key length %d "
3442 "(%d-%d allowed)\n",
3443 keylen, algo->keymin, algo->keymax));
3444 return EINVAL;
3445 }
3446
3447 if (algo->mature) {
3448 if ((*algo->mature)(sav)) {
3449 /* message generated in per-algorithm function*/
3450 return EINVAL;
3451 } else
3452 mature = SADB_SATYPE_ESP;
3453 }
3454
3455 if ((mustmask & 1) != 0 && mature != SADB_SATYPE_ESP) {
3456 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for ESP\n"));
3457 return EINVAL;
3458 }
3459 #else /*IPSEC_ESP*/
3460 ipseclog((LOG_DEBUG, "key_mature: ESP not supported in this configuration\n"));
3461 return EINVAL;
3462 #endif
3463 }
3464
3465 /* check compression algorithm */
3466 if ((checkmask & 4) != 0) {
3467 const struct ipcomp_algorithm *algo;
3468
3469 /* algorithm-dependent check */
3470 algo = ipcomp_algorithm_lookup(sav->alg_enc);
3471 if (!algo) {
3472 ipseclog((LOG_DEBUG, "key_mature: unknown compression algorithm.\n"));
3473 return EINVAL;
3474 }
3475 }
3476
3477 key_sa_chgstate(sav, SADB_SASTATE_MATURE);
3478 return (0);
3479 }
3480
3481 /*
3482 * subroutine for SADB_GET and SADB_DUMP.
3483 */
3484 static struct mbuf *
3485 key_setdumpsa(struct secasvar *sav, u_int8_t type, u_int8_t satype, u_int32_t seq, u_int32_t pid)
3486 {
3487 struct mbuf *result = NULL, *tres = NULL, *m;
3488 int l = 0;
3489 int i;
3490 void *p;
3491 int dumporder[] = {
3492 SADB_EXT_SA, SADB_X_EXT_SA2,
3493 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
3494 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
3495 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
3496 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
3497 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
3498 #ifdef IPSEC_NAT_T
3499 SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT,
3500 SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OA,
3501 SADB_X_EXT_NAT_T_FRAG,
3502 #endif
3503 };
3504
3505 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
3506 if (m == NULL)
3507 goto fail;
3508 result = m;
3509
3510 for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) {
3511 m = NULL;
3512 p = NULL;
3513 switch (dumporder[i]) {
3514 case SADB_EXT_SA:
3515 m = key_setsadbsa(sav);
3516 if (!m)
3517 goto fail;
3518 break;
3519
3520 case SADB_X_EXT_SA2:
3521 m = key_setsadbxsa2(sav->sah->saidx.mode,
3522 sav->replay ? (sav->replay->count & 0xffffffff) : 0,
3523 sav->sah->saidx.reqid);
3524 if (!m)
3525 goto fail;
3526 break;
3527
3528 case SADB_EXT_ADDRESS_SRC:
3529 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3530 (struct sockaddr *)&sav->sah->saidx.src,
3531 FULLMASK, IPSEC_ULPROTO_ANY);
3532 if (!m)
3533 goto fail;
3534 break;
3535
3536 case SADB_EXT_ADDRESS_DST:
3537 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3538 (struct sockaddr *)&sav->sah->saidx.dst,
3539 FULLMASK, IPSEC_ULPROTO_ANY);
3540 if (!m)
3541 goto fail;
3542 break;
3543
3544 case SADB_EXT_KEY_AUTH:
3545 if (!sav->key_auth)
3546 continue;
3547 l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len);
3548 p = sav->key_auth;
3549 break;
3550
3551 case SADB_EXT_KEY_ENCRYPT:
3552 if (!sav->key_enc)
3553 continue;
3554 l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len);
3555 p = sav->key_enc;
3556 break;
3557
3558 case SADB_EXT_LIFETIME_CURRENT:
3559 if (!sav->lft_c)
3560 continue;
3561 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len);
3562 p = sav->lft_c;
3563 break;
3564
3565 case SADB_EXT_LIFETIME_HARD:
3566 if (!sav->lft_h)
3567 continue;
3568 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len);
3569 p = sav->lft_h;
3570 break;
3571
3572 case SADB_EXT_LIFETIME_SOFT:
3573 if (!sav->lft_s)
3574 continue;
3575 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len);
3576 p = sav->lft_s;
3577 break;
3578
3579 #ifdef IPSEC_NAT_T
3580 case SADB_X_EXT_NAT_T_TYPE:
3581 if ((m = key_setsadbxtype(sav->natt_type)) == NULL)
3582 goto fail;
3583 break;
3584
3585 case SADB_X_EXT_NAT_T_DPORT:
3586 if ((m = key_setsadbxport(KEY_PORTFROMSADDR
3587 (&sav->sah->saidx.dst),
3588 SADB_X_EXT_NAT_T_DPORT)) == NULL)
3589 goto fail;
3590 break;
3591
3592 case SADB_X_EXT_NAT_T_SPORT:
3593 if ((m = key_setsadbxport(KEY_PORTFROMSADDR
3594 (&sav->sah->saidx.src),
3595 SADB_X_EXT_NAT_T_SPORT)) == NULL)
3596 goto fail;
3597 break;
3598
3599 case SADB_X_EXT_NAT_T_OA:
3600 case SADB_X_EXT_NAT_T_FRAG:
3601 continue;
3602 #endif
3603 case SADB_EXT_ADDRESS_PROXY:
3604 case SADB_EXT_IDENTITY_SRC:
3605 case SADB_EXT_IDENTITY_DST:
3606 /* XXX: should we brought from SPD ? */
3607 case SADB_EXT_SENSITIVITY:
3608 default:
3609 continue;
3610 }
3611
3612 if ((!m && !p) || (m && p))
3613 goto fail;
3614 if (p && tres) {
3615 M_PREPEND(tres, l, M_DONTWAIT);
3616 if (!tres)
3617 goto fail;
3618 memcpy(mtod(tres, void *), p, l);
3619 continue;
3620 }
3621 if (p) {
3622 m = key_alloc_mbuf(l);
3623 if (!m)
3624 goto fail;
3625 m_copyback(m, 0, l, p);
3626 }
3627
3628 if (tres)
3629 m_cat(m, tres);
3630 tres = m;
3631 }
3632
3633 m_cat(result, tres);
3634
3635 if (result->m_len < sizeof(struct sadb_msg)) {
3636 result = m_pullup(result, sizeof(struct sadb_msg));
3637 if (result == NULL)
3638 goto fail;
3639 }
3640
3641 result->m_pkthdr.len = 0;
3642 for (m = result; m; m = m->m_next)
3643 result->m_pkthdr.len += m->m_len;
3644
3645 mtod(result, struct sadb_msg *)->sadb_msg_len =
3646 PFKEY_UNIT64(result->m_pkthdr.len);
3647
3648 return result;
3649
3650 fail:
3651 m_freem(result);
3652 m_freem(tres);
3653 return NULL;
3654 }
3655
3656 /*
3657 * set data into sadb_msg.
3658 */
3659 static struct mbuf *
3660 key_setsadbmsg(u_int8_t type, u_int16_t tlen, u_int8_t satype, u_int32_t seq, pid_t pid, u_int16_t reserved)
3661 {
3662 struct mbuf *m;
3663 struct sadb_msg *p;
3664 int len;
3665
3666 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
3667 if (len > MCLBYTES)
3668 return NULL;
3669 MGETHDR(m, M_DONTWAIT, MT_DATA);
3670 if (m && len > MHLEN) {
3671 MCLGET(m, M_DONTWAIT);
3672 if ((m->m_flags & M_EXT) == 0) {
3673 m_freem(m);
3674 m = NULL;
3675 }
3676 }
3677 if (!m)
3678 return NULL;
3679 m->m_pkthdr.len = m->m_len = len;
3680 m->m_next = NULL;
3681
3682 p = mtod(m, struct sadb_msg *);
3683
3684 memset(p, 0, len);
3685 p->sadb_msg_version = PF_KEY_V2;
3686 p->sadb_msg_type = type;
3687 p->sadb_msg_errno = 0;
3688 p->sadb_msg_satype = satype;
3689 p->sadb_msg_len = PFKEY_UNIT64(tlen);
3690 p->sadb_msg_reserved = reserved;
3691 p->sadb_msg_seq = seq;
3692 p->sadb_msg_pid = (u_int32_t)pid;
3693
3694 return m;
3695 }
3696
3697 /*
3698 * copy secasvar data into sadb_address.
3699 */
3700 static struct mbuf *
3701 key_setsadbsa(struct secasvar *sav)
3702 {
3703 struct mbuf *m;
3704 struct sadb_sa *p;
3705 int len;
3706
3707 len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
3708 m = key_alloc_mbuf(len);
3709 if (!m || m->m_next) { /*XXX*/
3710 if (m)
3711 m_freem(m);
3712 return NULL;
3713 }
3714
3715 p = mtod(m, struct sadb_sa *);
3716
3717 memset(p, 0, len);
3718 p->sadb_sa_len = PFKEY_UNIT64(len);
3719 p->sadb_sa_exttype = SADB_EXT_SA;
3720 p->sadb_sa_spi = sav->spi;
3721 p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);
3722 p->sadb_sa_state = sav->state;
3723 p->sadb_sa_auth = sav->alg_auth;
3724 p->sadb_sa_encrypt = sav->alg_enc;
3725 p->sadb_sa_flags = sav->flags;
3726
3727 return m;
3728 }
3729
3730 /*
3731 * set data into sadb_address.
3732 */
3733 static struct mbuf *
3734 key_setsadbaddr(u_int16_t exttype, struct sockaddr *saddr, u_int8_t prefixlen, u_int16_t ul_proto)
3735 {
3736 struct mbuf *m;
3737 struct sadb_address *p;
3738 size_t len;
3739
3740 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
3741 PFKEY_ALIGN8(saddr->sa_len);
3742 m = key_alloc_mbuf(len);
3743 if (!m || m->m_next) { /*XXX*/
3744 if (m)
3745 m_freem(m);
3746 return NULL;
3747 }
3748
3749 p = mtod(m, struct sadb_address *);
3750
3751 memset(p, 0, len);
3752 p->sadb_address_len = PFKEY_UNIT64(len);
3753 p->sadb_address_exttype = exttype;
3754 p->sadb_address_proto = ul_proto;
3755 if (prefixlen == FULLMASK) {
3756 switch (saddr->sa_family) {
3757 case AF_INET:
3758 prefixlen = sizeof(struct in_addr) << 3;
3759 break;
3760 case AF_INET6:
3761 prefixlen = sizeof(struct in6_addr) << 3;
3762 break;
3763 default:
3764 ; /*XXX*/
3765 }
3766 }
3767 p->sadb_address_prefixlen = prefixlen;
3768 p->sadb_address_reserved = 0;
3769
3770 memcpy(mtod(m, char *) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
3771 saddr, saddr->sa_len);
3772
3773 return m;
3774 }
3775
3776 #if 0
3777 /*
3778 * set data into sadb_ident.
3779 */
3780 static struct mbuf *
3781 key_setsadbident(u_int16_t exttype, u_int16_t idtype, void *string, int stringlen, u_int64_t id)
3782 {
3783 struct mbuf *m;
3784 struct sadb_ident *p;
3785 size_t len;
3786
3787 len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen);
3788 m = key_alloc_mbuf(len);
3789 if (!m || m->m_next) { /*XXX*/
3790 if (m)
3791 m_freem(m);
3792 return NULL;
3793 }
3794
3795 p = mtod(m, struct sadb_ident *);
3796
3797 memset(p, 0, len);
3798 p->sadb_ident_len = PFKEY_UNIT64(len);
3799 p->sadb_ident_exttype = exttype;
3800 p->sadb_ident_type = idtype;
3801 p->sadb_ident_reserved = 0;
3802 p->sadb_ident_id = id;
3803
3804 bcopy(string,
3805 mtod(m, void *) + PFKEY_ALIGN8(sizeof(struct sadb_ident)),
3806 stringlen);
3807
3808 return m;
3809 }
3810 #endif
3811
3812 /*
3813 * set data into sadb_x_sa2.
3814 */
3815 static struct mbuf *
3816 key_setsadbxsa2(u_int8_t mode, u_int32_t seq, u_int16_t reqid)
3817 {
3818 struct mbuf *m;
3819 struct sadb_x_sa2 *p;
3820 size_t len;
3821
3822 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
3823 m = key_alloc_mbuf(len);
3824 if (!m || m->m_next) { /*XXX*/
3825 if (m)
3826 m_freem(m);
3827 return NULL;
3828 }
3829
3830 p = mtod(m, struct sadb_x_sa2 *);
3831
3832 memset(p, 0, len);
3833 p->sadb_x_sa2_len = PFKEY_UNIT64(len);
3834 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
3835 p->sadb_x_sa2_mode = mode;
3836 p->sadb_x_sa2_reserved1 = 0;
3837 p->sadb_x_sa2_reserved2 = 0;
3838 p->sadb_x_sa2_sequence = seq;
3839 p->sadb_x_sa2_reqid = reqid;
3840
3841 return m;
3842 }
3843
3844 #ifdef SADB_X_EXT_TAG
3845 /*
3846 * set data into sadb_x_tag.
3847 */
3848 static struct mbuf *
3849 key_setsadbxtag(u_int16_t tag)
3850 {
3851 struct mbuf *m;
3852 struct sadb_x_tag *p;
3853 size_t len;
3854
3855 len = PFKEY_ALIGN8(sizeof(struct sadb_x_tag));
3856 m = key_alloc_mbuf(len);
3857 if (!m || m->m_next) { /*XXX*/
3858 if (m)
3859 m_freem(m);
3860 return NULL;
3861 }
3862
3863 p = mtod(m, struct sadb_x_tag *);
3864
3865 memset(p, 0, len);
3866 p->sadb_x_tag_len = PFKEY_UNIT64(len);
3867 p->sadb_x_tag_exttype = SADB_X_EXT_TAG;
3868 m_nametag_tag2tagname(tag, p->sadb_x_tag_name);
3869
3870 return m;
3871 }
3872 #endif
3873
3874 #ifdef IPSEC_NAT_T
3875 /*
3876 * set a type in sadb_x_nat_t_type
3877 */
3878 static struct mbuf *
3879 key_setsadbxtype(u_int16_t type)
3880 {
3881 struct mbuf *m;
3882 size_t len;
3883 struct sadb_x_nat_t_type *p;
3884
3885 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_type));
3886
3887 m = key_alloc_mbuf(len);
3888 if (!m || m->m_next) { /*XXX*/
3889 if (m)
3890 m_freem(m);
3891 return NULL;
3892 }
3893
3894 p = mtod(m, struct sadb_x_nat_t_type *);
3895
3896 memset(p, 0, len);
3897 p->sadb_x_nat_t_type_len = PFKEY_UNIT64(len);
3898 p->sadb_x_nat_t_type_exttype = SADB_X_EXT_NAT_T_TYPE;
3899 p->sadb_x_nat_t_type_type = type;
3900
3901 return m;
3902 }
3903 /*
3904 * set a port in sadb_x_nat_t_port. port is in network order
3905 */
3906 static struct mbuf *
3907 key_setsadbxport(u_int16_t port, u_int16_t type)
3908 {
3909 struct mbuf *m;
3910 size_t len;
3911 struct sadb_x_nat_t_port *p;
3912
3913 len = PFKEY_ALIGN8(sizeof(struct sadb_x_nat_t_port));
3914
3915 m = key_alloc_mbuf(len);
3916 if (!m || m->m_next) { /*XXX*/
3917 if (m)
3918 m_freem(m);
3919 return NULL;
3920 }
3921
3922 p = mtod(m, struct sadb_x_nat_t_port *);
3923
3924 memset(p, 0, len);
3925 p->sadb_x_nat_t_port_len = PFKEY_UNIT64(len);
3926 p->sadb_x_nat_t_port_exttype = type;
3927 p->sadb_x_nat_t_port_port = port;
3928
3929 return m;
3930 }
3931
3932 /*
3933 * Get port from sockaddr, port is in network order
3934 */
3935 u_int16_t
3936 key_portfromsaddr(struct sockaddr *saddr)
3937 {
3938 u_int16_t port;
3939
3940 switch (saddr->sa_family) {
3941 case AF_INET: {
3942 struct sockaddr_in *sin = (struct sockaddr_in *)saddr;
3943
3944 port = sin->sin_port;
3945 break;
3946 }
3947 #ifdef INET6
3948 case AF_INET6: {
3949 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr;
3950
3951 port = sin6->sin6_port;
3952 break;
3953 }
3954 #endif
3955 default:
3956 printf("key_portfromsaddr: unexpected address family\n");
3957 port = 0;
3958 break;
3959 }
3960
3961 return port;
3962 }
3963 #endif /* IPSEC_NAT_T */
3964
3965 /*
3966 * Set port is struct sockaddr. port is in network order
3967 */
3968 static void
3969 key_porttosaddr(struct sockaddr *saddr, u_int16_t port)
3970 {
3971 switch (saddr->sa_family) {
3972 case AF_INET: {
3973 struct sockaddr_in *sin = (struct sockaddr_in *)saddr;
3974
3975 sin->sin_port = port;
3976 break;
3977 }
3978 #ifdef INET6
3979 case AF_INET6: {
3980 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)saddr;
3981
3982 sin6->sin6_port = port;
3983 break;
3984 }
3985 #endif
3986 default:
3987 printf("key_porttosaddr: unexpected address family %d\n",
3988 saddr->sa_family);
3989 break;
3990 }
3991
3992 return;
3993 }
3994
3995 /*
3996 * Safety check sa_len
3997 */
3998 static int
3999 key_checksalen(const struct sockaddr *saddr)
4000 {
4001 switch (saddr->sa_family) {
4002 case AF_INET:
4003 if (saddr->sa_len != sizeof(struct sockaddr_in))
4004 return -1;
4005 break;
4006 #ifdef INET6
4007 case AF_INET6:
4008 if (saddr->sa_len != sizeof(struct sockaddr_in6))
4009 return -1;
4010 break;
4011 #endif
4012 default:
4013 printf("key_checksalen: unexpected sa_family %d\n",
4014 saddr->sa_family);
4015 return -1;
4016 break;
4017 }
4018
4019 return 0;
4020 }
4021
4022 /*
4023 * set data into sadb_lifetime
4024 */
4025 static struct mbuf *
4026 key_setsadblifetime(u_int16_t type, u_int32_t alloc, u_int64_t bytes, u_int64_t addtime, u_int64_t usetime)
4027 {
4028 struct mbuf *m;
4029 struct sadb_lifetime *p;
4030 size_t len;
4031
4032 len = PFKEY_ALIGN8(sizeof(struct sadb_lifetime));
4033 m = key_alloc_mbuf(len);
4034 if (!m || m->m_next) { /*XXX*/
4035 if (m)
4036 m_freem(m);
4037 return NULL;
4038 }
4039
4040 p = mtod(m, struct sadb_lifetime *);
4041
4042 memset(p, 0, len);
4043 p->sadb_lifetime_len = PFKEY_UNIT64(len);
4044 p->sadb_lifetime_exttype = type;
4045 p->sadb_lifetime_allocations = alloc;
4046 p->sadb_lifetime_bytes = bytes;
4047 p->sadb_lifetime_addtime = addtime;
4048 p->sadb_lifetime_usetime = usetime;
4049
4050 return m;
4051 }
4052
4053 /*
4054 * set data into sadb_x_policy
4055 */
4056 static struct mbuf *
4057 key_setsadbxpolicy(u_int16_t type, u_int8_t dir, u_int32_t id)
4058 {
4059 struct mbuf *m;
4060 struct sadb_x_policy *p;
4061 size_t len;
4062
4063 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
4064 m = key_alloc_mbuf(len);
4065 if (!m || m->m_next) { /*XXX*/
4066 if (m)
4067 m_freem(m);
4068 return NULL;
4069 }
4070
4071 p = mtod(m, struct sadb_x_policy *);
4072
4073 memset(p, 0, len);
4074 p->sadb_x_policy_len = PFKEY_UNIT64(len);
4075 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
4076 p->sadb_x_policy_type = type;
4077 p->sadb_x_policy_dir = dir;
4078 p->sadb_x_policy_id = id;
4079
4080 return m;
4081 }
4082
4083 /* %%% utilities */
4084 /*
4085 * copy a buffer into the new buffer allocated.
4086 */
4087 static void *
4088 key_newbuf(const void *src, u_int len)
4089 {
4090 void *new;
4091
4092 KMALLOC(new, void *, len);
4093 if (new == NULL) {
4094 ipseclog((LOG_DEBUG, "key_newbuf: No more memory.\n"));
4095 return NULL;
4096 }
4097 memcpy(new, src, len);
4098
4099 return new;
4100 }
4101
4102 /* compare my own address
4103 * OUT: 1: true, i.e. my address.
4104 * 0: false
4105 */
4106 static int
4107 key_ismyaddr(struct sockaddr *sa)
4108 {
4109 #ifdef INET
4110 struct sockaddr_in *sin;
4111 struct in_ifaddr *ia;
4112 #endif
4113
4114 /* sanity check */
4115 if (sa == NULL)
4116 panic("key_ismyaddr: NULL pointer is passed.");
4117
4118 switch (sa->sa_family) {
4119 #ifdef INET
4120 case AF_INET:
4121 sin = (struct sockaddr_in *)sa;
4122 TAILQ_FOREACH(ia, &in_ifaddrhead, ia_list) {
4123 if (sin->sin_family == ia->ia_addr.sin_family &&
4124 sin->sin_len == ia->ia_addr.sin_len &&
4125 sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr)
4126 {
4127 return 1;
4128 }
4129 }
4130 break;
4131 #endif
4132 #ifdef INET6
4133 case AF_INET6:
4134 return key_ismyaddr6((struct sockaddr_in6 *)sa);
4135 #endif
4136 }
4137
4138 return 0;
4139 }
4140
4141 #ifdef INET6
4142 /*
4143 * compare my own address for IPv6.
4144 * 1: ours
4145 * 0: other
4146 * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
4147 */
4148
4149 static int
4150 key_ismyaddr6(struct sockaddr_in6 *sin6)
4151 {
4152 struct in6_ifaddr *ia;
4153 struct in6_multi *in6m;
4154
4155 if (sa6_embedscope(sin6, 0) != 0)
4156 return 0;
4157
4158 for (ia = in6_ifaddr; ia; ia = ia->ia_next) {
4159 if (key_sockaddrcmp((struct sockaddr *)&sin6,
4160 (struct sockaddr *)&ia->ia_addr, 0) == 0)
4161 return 1;
4162
4163 /*
4164 * XXX Multicast
4165 * XXX why do we care about multlicast here while we don't care
4166 * about IPv4 multicast??
4167 * XXX scope
4168 */
4169 in6m = NULL;
4170 for ((in6m) = ia->ia6_multiaddrs.lh_first;
4171 (in6m) != NULL &&
4172 !IN6_ARE_ADDR_EQUAL(&(in6m)->in6m_addr, &sin6->sin6_addr);
4173 (in6m) = in6m->in6m_entry.le_next)
4174 continue;
4175 if (in6m)
4176 return 1;
4177 }
4178
4179 /* loopback, just for safety */
4180 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
4181 return 1;
4182
4183 return 0;
4184 }
4185 #endif /*INET6*/
4186
4187 /*
4188 * compare two secasindex structure exactly.
4189 * IN:
4190 * saidx0: source, it can be in SAD.
4191 * saidx1: object.
4192 * OUT:
4193 * 1 : equal
4194 * 0 : not equal
4195 */
4196 static int
4197 key_cmpsaidx_exactly(struct secasindex *saidx0, struct secasindex *saidx1)
4198 {
4199 /* sanity */
4200 if (saidx0 == NULL && saidx1 == NULL)
4201 return 1;
4202
4203 if (saidx0 == NULL || saidx1 == NULL)
4204 return 0;
4205
4206 if (saidx0->proto != saidx1->proto || saidx0->mode != saidx1->mode ||
4207 saidx0->reqid != saidx1->reqid)
4208 return 0;
4209
4210 if (memcmp(&saidx0->src, &saidx1->src, saidx0->src.ss_len) != 0 ||
4211 memcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.ss_len) != 0)
4212 return 0;
4213
4214 return 1;
4215 }
4216
4217 /*
4218 * compare two secasindex structure with consideration mode.
4219 * don't compare port.
4220 * IN:
4221 * saidx0: source, it is often in SAD.
4222 * saidx1: object, it is often from SPD.
4223 * OUT:
4224 * 1 : equal
4225 * 0 : not equal
4226 */
4227 static int
4228 key_cmpsaidx_withmode(struct secasindex *saidx0, struct secasindex *saidx1)
4229 {
4230 int chkport = 0;
4231
4232 /* sanity */
4233 if (saidx0 == NULL && saidx1 == NULL)
4234 return 1;
4235
4236 if (saidx0 == NULL || saidx1 == NULL)
4237 return 0;
4238
4239 if (saidx0->proto != saidx1->proto)
4240 return 0;
4241
4242 /*
4243 * If NAT-T is enabled, check ports for tunnel mode.
4244 * Don't do it for transport mode, as there is no
4245 * port information available in the SP.
4246 */
4247 #ifdef IPSEC_NAT_T
4248 if (saidx1->mode == IPSEC_MODE_TUNNEL)
4249 chkport = 1;
4250 #endif
4251 /*
4252 * If reqid of SPD is non-zero, unique SA is required.
4253 * The result must be of same reqid in this case.
4254 */
4255 if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid)
4256 return 0;
4257
4258 if (saidx0->mode != IPSEC_MODE_ANY && saidx0->mode != saidx1->mode)
4259 return 0;
4260
4261 if (key_sockaddrcmp((struct sockaddr *)&saidx0->src,
4262 (struct sockaddr *)&saidx1->src, chkport) != 0) {
4263 return 0;
4264 }
4265 if (key_sockaddrcmp((struct sockaddr *)&saidx0->dst,
4266 (struct sockaddr *)&saidx1->dst, chkport) != 0) {
4267 return 0;
4268 }
4269
4270 return 1;
4271 }
4272
4273 /*
4274 * compare two secasindex structure without mode.
4275 * don't compare port.
4276 * IN:
4277 * saidx0: source, it is often in SAD.
4278 * saidx1: object, it is often from user.
4279 * OUT:
4280 * 1 : equal
4281 * 0 : not equal
4282 */
4283 static int
4284 key_cmpsaidx_withoutmode(struct secasindex *saidx0, struct secasindex *saidx1)
4285 {
4286 #ifdef IPSEC_NAT_T
4287 int chkport = 1;
4288 #else
4289 int chkport = 0;
4290 #endif
4291
4292 /* sanity */
4293 if (saidx0 == NULL && saidx1 == NULL)
4294 return 1;
4295
4296 if (saidx0 == NULL || saidx1 == NULL)
4297 return 0;
4298
4299 if (saidx0->proto != saidx1->proto)
4300 return 0;
4301
4302 if (key_sockaddrcmp((struct sockaddr *)&saidx0->src,
4303 (struct sockaddr *)&saidx1->src, chkport) != 0) {
4304 return 0;
4305 }
4306 if (key_sockaddrcmp((struct sockaddr *)&saidx0->dst,
4307 (struct sockaddr *)&saidx1->dst, chkport) != 0) {
4308 return 0;
4309 }
4310
4311 return 1;
4312 }
4313
4314 /*
4315 * compare two secindex structure exactly.
4316 * IN:
4317 * spidx0: source, it is often in SPD.
4318 * spidx1: object, it is often from PFKEY message.
4319 * OUT:
4320 * 1 : equal
4321 * 0 : not equal
4322 */
4323 int
4324 key_cmpspidx_exactly(struct secpolicyindex *spidx0, struct secpolicyindex *spidx1)
4325 {
4326 /* sanity */
4327 if (spidx0 == NULL && spidx1 == NULL)
4328 return 1;
4329
4330 if (spidx0 == NULL || spidx1 == NULL)
4331 return 0;
4332
4333 if (spidx0->prefs != spidx1->prefs || spidx0->prefd != spidx1->prefd ||
4334 spidx0->ul_proto != spidx1->ul_proto)
4335 return 0;
4336
4337 if (key_sockaddrcmp((struct sockaddr *)&spidx0->src,
4338 (struct sockaddr *)&spidx1->src, 1) != 0) {
4339 return 0;
4340 }
4341 if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst,
4342 (struct sockaddr *)&spidx1->dst, 1) != 0) {
4343 return 0;
4344 }
4345
4346 return 1;
4347 }
4348
4349 /*
4350 * compare two secindex structure with mask.
4351 * IN:
4352 * spidx0: source, it is often in SPD.
4353 * spidx1: object, it is often from IP header.
4354 * OUT:
4355 * 1 : equal
4356 * 0 : not equal
4357 */
4358 int
4359 key_cmpspidx_withmask(struct secpolicyindex *spidx0, struct secpolicyindex *spidx1)
4360 {
4361 /* sanity */
4362 if (spidx0 == NULL && spidx1 == NULL)
4363 return 1;
4364
4365 if (spidx0 == NULL || spidx1 == NULL)
4366 return 0;
4367
4368 if (spidx0->src.ss_family != spidx1->src.ss_family ||
4369 spidx0->dst.ss_family != spidx1->dst.ss_family ||
4370 spidx0->src.ss_len != spidx1->src.ss_len ||
4371 spidx0->dst.ss_len != spidx1->dst.ss_len)
4372 return 0;
4373
4374 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
4375 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY &&
4376 spidx0->ul_proto != spidx1->ul_proto)
4377 return 0;
4378
4379 switch (spidx0->src.ss_family) {
4380 case AF_INET:
4381 if (satosin(&spidx0->src)->sin_port != IPSEC_PORT_ANY &&
4382 satosin(&spidx0->src)->sin_port !=
4383 satosin(&spidx1->src)->sin_port)
4384 return 0;
4385 if (!key_bbcmp((void *)&satosin(&spidx0->src)->sin_addr,
4386 (void *)&satosin(&spidx1->src)->sin_addr, spidx0->prefs))
4387 return 0;
4388 break;
4389 case AF_INET6:
4390 if (satosin6(&spidx0->src)->sin6_port != IPSEC_PORT_ANY &&
4391 satosin6(&spidx0->src)->sin6_port !=
4392 satosin6(&spidx1->src)->sin6_port)
4393 return 0;
4394 /*
4395 * scope_id check. if sin6_scope_id is 0, we regard it
4396 * as a wildcard scope, which matches any scope zone ID.
4397 */
4398 if (satosin6(&spidx0->src)->sin6_scope_id &&
4399 satosin6(&spidx1->src)->sin6_scope_id &&
4400 satosin6(&spidx0->src)->sin6_scope_id !=
4401 satosin6(&spidx1->src)->sin6_scope_id)
4402 return 0;
4403 if (!key_bbcmp((void *)&satosin6(&spidx0->src)->sin6_addr,
4404 (void *)&satosin6(&spidx1->src)->sin6_addr, spidx0->prefs))
4405 return 0;
4406 break;
4407 default:
4408 /* XXX */
4409 if (memcmp(&spidx0->src, &spidx1->src, spidx0->src.ss_len) != 0)
4410 return 0;
4411 break;
4412 }
4413
4414 switch (spidx0->dst.ss_family) {
4415 case AF_INET:
4416 if (satosin(&spidx0->dst)->sin_port != IPSEC_PORT_ANY &&
4417 satosin(&spidx0->dst)->sin_port !=
4418 satosin(&spidx1->dst)->sin_port)
4419 return 0;
4420 if (!key_bbcmp((void *)&satosin(&spidx0->dst)->sin_addr,
4421 (void *)&satosin(&spidx1->dst)->sin_addr, spidx0->prefd))
4422 return 0;
4423 break;
4424 case AF_INET6:
4425 if (satosin6(&spidx0->dst)->sin6_port != IPSEC_PORT_ANY &&
4426 satosin6(&spidx0->dst)->sin6_port !=
4427 satosin6(&spidx1->dst)->sin6_port)
4428 return 0;
4429 /*
4430 * scope_id check. if sin6_scope_id is 0, we regard it
4431 * as a wildcard scope, which matches any scope zone ID.
4432 */
4433 if (satosin6(&spidx0->src)->sin6_scope_id &&
4434 satosin6(&spidx1->src)->sin6_scope_id &&
4435 satosin6(&spidx0->dst)->sin6_scope_id !=
4436 satosin6(&spidx1->dst)->sin6_scope_id)
4437 return 0;
4438 if (!key_bbcmp((void *)&satosin6(&spidx0->dst)->sin6_addr,
4439 (void *)&satosin6(&spidx1->dst)->sin6_addr, spidx0->prefd))
4440 return 0;
4441 break;
4442 default:
4443 /* XXX */
4444 if (memcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.ss_len) != 0)
4445 return 0;
4446 break;
4447 }
4448
4449 /* XXX Do we check other field ? e.g. flowinfo */
4450
4451 return 1;
4452 }
4453
4454 /* returns 0 on match */
4455 static int
4456 key_sockaddrcmp(struct sockaddr *sa1, struct sockaddr *sa2, int port)
4457 {
4458 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
4459 return 1;
4460
4461 switch (sa1->sa_family) {
4462 case AF_INET:
4463 if (sa1->sa_len != sizeof(struct sockaddr_in))
4464 return 1;
4465 if (satosin(sa1)->sin_addr.s_addr !=
4466 satosin(sa2)->sin_addr.s_addr) {
4467 return 1;
4468 }
4469 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port)
4470 return 1;
4471 break;
4472 case AF_INET6:
4473 if (sa1->sa_len != sizeof(struct sockaddr_in6))
4474 return 1; /*EINVAL*/
4475 if (satosin6(sa1)->sin6_scope_id !=
4476 satosin6(sa2)->sin6_scope_id) {
4477 return 1;
4478 }
4479 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr,
4480 &satosin6(sa2)->sin6_addr)) {
4481 return 1;
4482 }
4483 if (port &&
4484 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) {
4485 return 1;
4486 }
4487 break;
4488 default:
4489 if (memcmp(sa1, sa2, sa1->sa_len) != 0)
4490 return 1;
4491 break;
4492 }
4493
4494 return 0;
4495 }
4496
4497 /*
4498 * compare two buffers with mask.
4499 * IN:
4500 * addr1: source
4501 * addr2: object
4502 * bits: Number of bits to compare
4503 * OUT:
4504 * 1 : equal
4505 * 0 : not equal
4506 */
4507 static int
4508 key_bbcmp(void *p1v, void *p2v, u_int bits)
4509 {
4510 char *p1 = p1v;
4511 char *p2 = p2v;
4512 u_int8_t mask;
4513
4514 /* XXX: This could be considerably faster if we compare a word
4515 * at a time, but it is complicated on LSB Endian machines */
4516
4517 /* Handle null pointers */
4518 if (p1 == NULL || p2 == NULL)
4519 return (p1 == p2);
4520
4521 while (bits >= 8) {
4522 if (*p1++ != *p2++)
4523 return 0;
4524 bits -= 8;
4525 }
4526
4527 if (bits > 0) {
4528 mask = ~((1<<(8-bits))-1);
4529 if ((*p1 & mask) != (*p2 & mask))
4530 return 0;
4531 }
4532 return 1; /* Match! */
4533 }
4534
4535 /*
4536 * time handler.
4537 * scanning SPD and SAD to check status for each entries,
4538 * and do to remove or to expire.
4539 */
4540 void
4541 key_timehandler(void *arg)
4542 {
4543 u_int dir;
4544 int s;
4545 struct timeval tv;
4546
4547 getmicrotime(&tv);
4548
4549 s = splsoftnet(); /*called from softclock()*/
4550 mutex_enter(softnet_lock);
4551
4552 /* SPD */
4553 {
4554 struct secpolicy *sp, *nextsp;
4555
4556 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
4557 for (sp = LIST_FIRST(&sptree[dir]);
4558 sp != NULL;
4559 sp = nextsp) {
4560 nextsp = LIST_NEXT(sp, chain);
4561
4562 if (sp->state == IPSEC_SPSTATE_DEAD) {
4563 key_sp_unlink(sp); /*XXX*/
4564 sp = NULL;
4565 continue;
4566 }
4567
4568 if (sp->lifetime == 0 && sp->validtime == 0)
4569 continue;
4570
4571 /* the deletion will occur next time */
4572 if ((sp->lifetime &&
4573 tv.tv_sec - sp->created > sp->lifetime) ||
4574 (sp->validtime &&
4575 tv.tv_sec - sp->lastused > sp->validtime)) {
4576 key_sp_dead(sp);
4577 key_spdexpire(sp);
4578 continue;
4579 }
4580 }
4581 }
4582
4583 /* invalidate all cached SPD pointers on pcb */
4584 ipsec_invalpcbcacheall();
4585 }
4586
4587 /* SAD */
4588 {
4589 struct secashead *sah, *nextsah;
4590 struct secasvar *sav, *nextsav;
4591 int havesav;
4592 u_int stateidx, state;
4593
4594 for (sah = LIST_FIRST(&sahtree);
4595 sah != NULL;
4596 sah = nextsah) {
4597
4598 nextsah = LIST_NEXT(sah, chain);
4599
4600 /* if sah has been dead, then delete it and process next sah. */
4601 if (sah->state == SADB_SASTATE_DEAD) {
4602 key_delsah(sah);
4603 continue;
4604 }
4605
4606 /* if LARVAL entry doesn't become MATURE, delete it. */
4607 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]);
4608 sav != NULL;
4609 sav = nextsav) {
4610
4611 nextsav = LIST_NEXT(sav, chain);
4612
4613 if (tv.tv_sec - sav->created > key_larval_lifetime) {
4614 key_freesav(sav);
4615 }
4616 }
4617
4618 /*
4619 * check MATURE entry to start to send expire message
4620 * whether or not.
4621 */
4622 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);
4623 sav != NULL;
4624 sav = nextsav) {
4625
4626 nextsav = LIST_NEXT(sav, chain);
4627
4628 /* we don't need to check. */
4629 if (sav->lft_s == NULL)
4630 continue;
4631
4632 /* sanity check */
4633 if (sav->lft_c == NULL) {
4634 ipseclog((LOG_DEBUG, "key_timehandler: "
4635 "There is no CURRENT time, why?\n"));
4636 continue;
4637 }
4638
4639 /* check SOFT lifetime */
4640 if (sav->lft_s->sadb_lifetime_addtime != 0 &&
4641 tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
4642 /*
4643 * check the SA if it has been used.
4644 * when it hasn't been used, delete it.
4645 * i don't think such SA will be used.
4646 */
4647 if (sav->lft_c->sadb_lifetime_usetime == 0) {
4648 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4649 key_freesav(sav);
4650 sav = NULL;
4651 } else {
4652 key_sa_chgstate(sav, SADB_SASTATE_DYING);
4653 /*
4654 * XXX If we keep to send expire
4655 * message in the status of
4656 * DYING. Do remove below code.
4657 */
4658 key_expire(sav);
4659 }
4660 }
4661
4662 /* check SOFT lifetime by bytes */
4663 /*
4664 * XXX I don't know the way to delete this SA
4665 * when new SA is installed. Caution when it's
4666 * installed too big lifetime by time.
4667 */
4668 else if (sav->lft_s->sadb_lifetime_bytes != 0
4669 && sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
4670
4671 key_sa_chgstate(sav, SADB_SASTATE_DYING);
4672 /*
4673 * XXX If we keep to send expire
4674 * message in the status of
4675 * DYING. Do remove below code.
4676 */
4677 key_expire(sav);
4678 }
4679 }
4680
4681 /* check DYING entry to change status to DEAD. */
4682 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]);
4683 sav != NULL;
4684 sav = nextsav) {
4685
4686 nextsav = LIST_NEXT(sav, chain);
4687
4688 /* we don't need to check. */
4689 if (sav->lft_h == NULL)
4690 continue;
4691
4692 /* sanity check */
4693 if (sav->lft_c == NULL) {
4694 ipseclog((LOG_DEBUG,"key_timehandler: "
4695 "There is no CURRENT time, why?\n"));
4696 continue;
4697 }
4698
4699 if (sav->lft_h->sadb_lifetime_addtime != 0 &&
4700 tv.tv_sec - sav->created > sav->lft_h->sadb_lifetime_addtime) {
4701 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4702 key_freesav(sav);
4703 sav = NULL;
4704 }
4705 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
4706 else if (sav->lft_s != NULL
4707 && sav->lft_s->sadb_lifetime_addtime != 0
4708 && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
4709 /*
4710 * XXX: should be checked to be
4711 * installed the valid SA.
4712 */
4713
4714 /*
4715 * If there is no SA then sending
4716 * expire message.
4717 */
4718 key_expire(sav);
4719 }
4720 #endif
4721 /* check HARD lifetime by bytes */
4722 else if (sav->lft_h->sadb_lifetime_bytes != 0
4723 && sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
4724 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4725 key_freesav(sav);
4726 sav = NULL;
4727 }
4728 }
4729
4730 /* delete entry in DEAD */
4731 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]);
4732 sav != NULL;
4733 sav = nextsav) {
4734
4735 nextsav = LIST_NEXT(sav, chain);
4736
4737 /* sanity check */
4738 if (sav->state != SADB_SASTATE_DEAD) {
4739 ipseclog((LOG_DEBUG, "key_timehandler: "
4740 "invalid sav->state "
4741 "(queue: %u SA: %u): "
4742 "kill it anyway\n",
4743 SADB_SASTATE_DEAD, sav->state));
4744 }
4745
4746 /*
4747 * do not call key_freesav() here.
4748 * sav should already be freed, and sav->refcnt
4749 * shows other references to sav
4750 * (such as from SPD).
4751 */
4752 }
4753
4754 /* move SA header to DEAD if there's no SA */
4755 havesav = 0;
4756 for (stateidx = 0;
4757 stateidx < _ARRAYLEN(saorder_state_alive);
4758 stateidx++) {
4759 state = saorder_state_alive[stateidx];
4760 if (LIST_FIRST(&sah->savtree[state])) {
4761 havesav++;
4762 break;
4763 }
4764 }
4765 if (havesav == 0) {
4766 ipseclog((LOG_DEBUG, "key_timehandler: "
4767 "move sah %p to DEAD (no more SAs)\n", sah));
4768 sah->state = SADB_SASTATE_DEAD;
4769 }
4770 }
4771 }
4772
4773 #ifndef IPSEC_NONBLOCK_ACQUIRE
4774 /* ACQ tree */
4775 {
4776 struct secacq *acq, *nextacq;
4777
4778 for (acq = LIST_FIRST(&acqtree);
4779 acq != NULL;
4780 acq = nextacq) {
4781
4782 nextacq = LIST_NEXT(acq, chain);
4783
4784 if (tv.tv_sec - acq->created > key_blockacq_lifetime &&
4785 __LIST_CHAINED(acq)) {
4786 LIST_REMOVE(acq, chain);
4787 KFREE(acq);
4788 }
4789 }
4790 }
4791 #endif
4792
4793 /* SP ACQ tree */
4794 {
4795 struct secspacq *acq, *nextacq;
4796
4797 for (acq = LIST_FIRST(&spacqtree);
4798 acq != NULL;
4799 acq = nextacq) {
4800
4801 nextacq = LIST_NEXT(acq, chain);
4802
4803 if (tv.tv_sec - acq->created > key_blockacq_lifetime &&
4804 __LIST_CHAINED(acq)) {
4805 LIST_REMOVE(acq, chain);
4806 KFREE(acq);
4807 }
4808 }
4809 }
4810
4811 callout_reset(&key_timehandler_ch, hz, key_timehandler, (void *)0);
4812
4813 mutex_exit(softnet_lock);
4814 splx(s);
4815 return;
4816 }
4817
4818 /*
4819 * to initialize a seed for random()
4820 */
4821 static u_long
4822 key_random(void)
4823 {
4824 u_long value;
4825
4826 key_randomfill(&value, sizeof(value));
4827 return value;
4828 }
4829
4830 void
4831 key_randomfill(void *p, size_t l)
4832 {
4833 #if NRND == 0
4834 static int warn = 1;
4835 #endif
4836
4837 arc4randbytes(p, l);
4838
4839 #if NRND == 0
4840 /* the arc4 generator is keyed with junk. */
4841 if (warn) {
4842 printf("WARNING: pseudo-random number generator "
4843 "used for IPsec processing\n");
4844 warn = 0;
4845 }
4846 #endif
4847 }
4848
4849 /*
4850 * map SADB_SATYPE_* to IPPROTO_*.
4851 * if satype == SADB_SATYPE then satype is mapped to ~0.
4852 * OUT:
4853 * 0: invalid satype.
4854 */
4855 static u_int16_t
4856 key_satype2proto(u_int8_t satype)
4857 {
4858 switch (satype) {
4859 case SADB_SATYPE_UNSPEC:
4860 return IPSEC_PROTO_ANY;
4861 case SADB_SATYPE_AH:
4862 return IPPROTO_AH;
4863 case SADB_SATYPE_ESP:
4864 return IPPROTO_ESP;
4865 case SADB_X_SATYPE_IPCOMP:
4866 return IPPROTO_IPCOMP;
4867 case SADB_X_SATYPE_TCPSIGNATURE:
4868 return IPPROTO_TCP;
4869 default:
4870 return 0;
4871 }
4872 /* NOTREACHED */
4873 }
4874
4875 /*
4876 * map IPPROTO_* to SADB_SATYPE_*
4877 * OUT:
4878 * 0: invalid protocol type.
4879 */
4880 static u_int8_t
4881 key_proto2satype(u_int16_t proto)
4882 {
4883 switch (proto) {
4884 case IPPROTO_AH:
4885 return SADB_SATYPE_AH;
4886 case IPPROTO_ESP:
4887 return SADB_SATYPE_ESP;
4888 case IPPROTO_IPCOMP:
4889 return SADB_X_SATYPE_IPCOMP;
4890 case IPPROTO_TCP:
4891 return SADB_X_SATYPE_TCPSIGNATURE;
4892 default:
4893 return 0;
4894 }
4895 /* NOTREACHED */
4896 }
4897
4898 /* %%% PF_KEY */
4899 /*
4900 * SADB_GETSPI processing is to receive
4901 * <base, (SA2), src address, dst address, (SPI range)>
4902 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
4903 * tree with the status of LARVAL, and send
4904 * <base, SA(*), address(SD)>
4905 * to the IKMPd.
4906 *
4907 * IN: mhp: pointer to the pointer to each header.
4908 * OUT: NULL if fail.
4909 * other if success, return pointer to the message to send.
4910 */
4911 static int
4912 key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
4913 {
4914 struct sadb_address *src0, *dst0;
4915 struct secasindex saidx;
4916 struct secashead *newsah;
4917 struct secasvar *newsav;
4918 u_int8_t proto;
4919 u_int32_t spi;
4920 u_int8_t mode;
4921 u_int16_t reqid;
4922 int error;
4923
4924 /* sanity check */
4925 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
4926 panic("key_getspi: NULL pointer is passed.");
4927
4928 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
4929 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
4930 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
4931 return key_senderror(so, m, EINVAL);
4932 }
4933 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
4934 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
4935 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
4936 return key_senderror(so, m, EINVAL);
4937 }
4938 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
4939 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
4940 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
4941 } else {
4942 mode = IPSEC_MODE_ANY;
4943 reqid = 0;
4944 }
4945
4946 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
4947 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
4948
4949 /* map satype to proto */
4950 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
4951 ipseclog((LOG_DEBUG, "key_getspi: invalid satype is passed.\n"));
4952 return key_senderror(so, m, EINVAL);
4953 }
4954
4955 /* sa_len safety check */
4956 if (KEY_CHECKSALEN(src0 + 1) != 0)
4957 return key_senderror(so, m, EINVAL);
4958 if (KEY_CHECKSALEN(dst0 + 1) != 0)
4959 return key_senderror(so, m, EINVAL);
4960
4961 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
4962
4963 /* If not using NAT-T, make sure port numbers are set to zero. */
4964 #ifndef IPSEC_NAT_T
4965 KEY_PORTTOSADDR(&saidx.src, 0);
4966 KEY_PORTTOSADDR(&saidx.dst, 0);
4967 #endif
4968
4969 /* SPI allocation */
4970 spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE],
4971 &saidx);
4972 if (spi == 0)
4973 return key_senderror(so, m, EINVAL);
4974
4975 /* get a SA index */
4976 if ((newsah = key_getsah(&saidx)) == NULL) {
4977 /* create a new SA index */
4978 if ((newsah = key_newsah(&saidx)) == NULL) {
4979 ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n"));
4980 return key_senderror(so, m, ENOBUFS);
4981 }
4982 }
4983
4984 /* get a new SA */
4985 /* XXX rewrite */
4986 newsav = key_newsav(m, mhp, newsah, &error);
4987 if (newsav == NULL) {
4988 /* XXX don't free new SA index allocated in above. */
4989 return key_senderror(so, m, error);
4990 }
4991
4992 /* set spi */
4993 key_setspi(newsav, htonl(spi));
4994
4995 #ifndef IPSEC_NONBLOCK_ACQUIRE
4996 /* delete the entry in acqtree */
4997 if (mhp->msg->sadb_msg_seq != 0) {
4998 struct secacq *acq;
4999 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
5000 /* reset counter in order to deletion by timehandler. */
5001 acq->created = time_second;
5002 acq->count = 0;
5003 }
5004 }
5005 #endif
5006
5007 {
5008 struct mbuf *n, *nn;
5009 struct sadb_sa *m_sa;
5010 struct sadb_msg *newmsg;
5011 int off, len;
5012
5013 /* create new sadb_msg to reply. */
5014 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
5015 PFKEY_ALIGN8(sizeof(struct sadb_sa));
5016 if (len > MCLBYTES)
5017 return key_senderror(so, m, ENOBUFS);
5018
5019 MGETHDR(n, M_DONTWAIT, MT_DATA);
5020 if (len > MHLEN) {
5021 MCLGET(n, M_DONTWAIT);
5022 if ((n->m_flags & M_EXT) == 0) {
5023 m_freem(n);
5024 n = NULL;
5025 }
5026 }
5027 if (!n)
5028 return key_senderror(so, m, ENOBUFS);
5029
5030 n->m_len = len;
5031 n->m_next = NULL;
5032 off = 0;
5033
5034 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off);
5035 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
5036
5037 m_sa = (struct sadb_sa *)(mtod(n, char *) + off);
5038 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
5039 m_sa->sadb_sa_exttype = SADB_EXT_SA;
5040 m_sa->sadb_sa_spi = htonl(spi);
5041 off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
5042
5043 #ifdef DIAGNOSTIC
5044 if (off != len)
5045 panic("length inconsistency in key_getspi");
5046 #endif
5047
5048 n->m_next = key_gather_mbuf(m, mhp, 0, 2, SADB_EXT_ADDRESS_SRC,
5049 SADB_EXT_ADDRESS_DST);
5050 if (!n->m_next) {
5051 m_freem(n);
5052 return key_senderror(so, m, ENOBUFS);
5053 }
5054
5055 if (n->m_len < sizeof(struct sadb_msg)) {
5056 n = m_pullup(n, sizeof(struct sadb_msg));
5057 if (n == NULL)
5058 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
5059 }
5060
5061 n->m_pkthdr.len = 0;
5062 for (nn = n; nn; nn = nn->m_next)
5063 n->m_pkthdr.len += nn->m_len;
5064
5065 newmsg = mtod(n, struct sadb_msg *);
5066 newmsg->sadb_msg_seq = newsav->seq;
5067 newmsg->sadb_msg_errno = 0;
5068 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5069
5070 m_freem(m);
5071 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
5072 }
5073 }
5074
5075 /*
5076 * allocating new SPI
5077 * called by key_getspi().
5078 * OUT:
5079 * 0: failure.
5080 * others: success.
5081 */
5082 static u_int32_t
5083 key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx)
5084 {
5085 u_int32_t newspi;
5086 u_int32_t xmin, xmax;
5087 int count = key_spi_trycnt;
5088
5089 /* set spi range to allocate */
5090 if (spirange != NULL) {
5091 xmin = spirange->sadb_spirange_min;
5092 xmax = spirange->sadb_spirange_max;
5093 } else {
5094 xmin = key_spi_minval;
5095 xmax = key_spi_maxval;
5096 }
5097 /* IPCOMP needs 2-byte SPI */
5098 if (saidx->proto == IPPROTO_IPCOMP) {
5099 u_int32_t t;
5100 if (xmin >= 0x10000)
5101 xmin = 0xffff;
5102 if (xmax >= 0x10000)
5103 xmax = 0xffff;
5104 if (xmin > xmax) {
5105 t = xmin; xmin = xmax; xmax = t;
5106 }
5107 }
5108
5109 if (xmin == xmax) {
5110 if (key_checkspidup(saidx, htonl(xmin)) != NULL) {
5111 ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", xmin));
5112 return 0;
5113 }
5114
5115 count--; /* taking one cost. */
5116 newspi = xmin;
5117
5118 } else {
5119
5120 /* init SPI */
5121 newspi = 0;
5122
5123 /* when requesting to allocate spi ranged */
5124 while (count--) {
5125 /* generate pseudo-random SPI value ranged. */
5126 newspi = xmin + (key_random() % (xmax - xmin + 1));
5127
5128 if (key_checkspidup(saidx, htonl(newspi)) == NULL)
5129 break;
5130 }
5131
5132 if (count == 0 || newspi == 0) {
5133 ipseclog((LOG_DEBUG, "key_do_getnewspi: to allocate spi is failed.\n"));
5134 return 0;
5135 }
5136 }
5137
5138 /* statistics */
5139 keystat.getspi_count =
5140 (keystat.getspi_count + key_spi_trycnt - count) / 2;
5141
5142 return newspi;
5143 }
5144
5145 /*
5146 * SADB_UPDATE processing
5147 * receive
5148 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5149 * key(AE), (identity(SD),) (sensitivity)>
5150 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
5151 * and send
5152 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5153 * (identity(SD),) (sensitivity)>
5154 * to the ikmpd.
5155 *
5156 * m will always be freed.
5157 */
5158 static int
5159 key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
5160 {
5161 struct sadb_sa *sa0;
5162 struct sadb_address *src0, *dst0;
5163 struct secasindex saidx;
5164 struct secashead *sah;
5165 struct secasvar *sav;
5166 u_int16_t proto;
5167 u_int8_t mode;
5168 u_int16_t reqid;
5169 int error;
5170
5171 /* sanity check */
5172 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5173 panic("key_update: NULL pointer is passed.");
5174
5175 /* map satype to proto */
5176 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5177 ipseclog((LOG_DEBUG, "key_update: invalid satype is passed.\n"));
5178 return key_senderror(so, m, EINVAL);
5179 }
5180
5181 if (mhp->ext[SADB_EXT_SA] == NULL ||
5182 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5183 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
5184 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
5185 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
5186 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
5187 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
5188 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
5189 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
5190 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
5191 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
5192 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
5193 return key_senderror(so, m, EINVAL);
5194 }
5195 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
5196 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5197 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5198 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
5199 return key_senderror(so, m, EINVAL);
5200 }
5201 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
5202 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5203 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5204 } else {
5205 mode = IPSEC_MODE_ANY;
5206 reqid = 0;
5207 }
5208 /* XXX boundary checking for other extensions */
5209
5210 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5211 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5212 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5213
5214 /* sa_len safety check */
5215 if (KEY_CHECKSALEN(src0 + 1) != 0)
5216 return key_senderror(so, m, EINVAL);
5217 if (KEY_CHECKSALEN(dst0 + 1) != 0)
5218 return key_senderror(so, m, EINVAL);
5219
5220 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5221
5222 /* If not using NAT-T, make sure if port number is zero. */
5223 #ifndef IPSEC_NAT_T
5224 KEY_PORTTOSADDR(&saidx.src, 0);
5225 KEY_PORTTOSADDR(&saidx.dst, 0);
5226 #endif
5227
5228 /* get a SA header */
5229 if ((sah = key_getsah(&saidx)) == NULL) {
5230 ipseclog((LOG_DEBUG, "key_update: no SA index found.\n"));
5231 return key_senderror(so, m, ENOENT);
5232 }
5233
5234 /* set spidx if there */
5235 /* XXX rewrite */
5236 error = key_setident(sah, m, mhp);
5237 if (error)
5238 return key_senderror(so, m, error);
5239
5240 /* find a SA with sequence number. */
5241 #ifdef IPSEC_DOSEQCHECK
5242 if (mhp->msg->sadb_msg_seq != 0 &&
5243 (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
5244 ipseclog((LOG_DEBUG,
5245 "key_update: no larval SA with sequence %u exists.\n",
5246 mhp->msg->sadb_msg_seq));
5247 return key_senderror(so, m, ENOENT);
5248 }
5249 #else
5250 if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) {
5251 ipseclog((LOG_DEBUG,
5252 "key_update: no such a SA found (spi:%u)\n",
5253 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
5254 return key_senderror(so, m, EINVAL);
5255 }
5256 #endif
5257
5258 /* validity check */
5259 if (sav->sah->saidx.proto != proto) {
5260 ipseclog((LOG_DEBUG,
5261 "key_update: protocol mismatched (DB=%u param=%u)\n",
5262 sav->sah->saidx.proto, proto));
5263 return key_senderror(so, m, EINVAL);
5264 }
5265 #ifdef IPSEC_DOSEQCHECK
5266 if (sav->spi != sa0->sadb_sa_spi) {
5267 ipseclog((LOG_DEBUG,
5268 "key_update: SPI mismatched (DB:%u param:%u)\n",
5269 (u_int32_t)ntohl(sav->spi),
5270 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
5271 return key_senderror(so, m, EINVAL);
5272 }
5273 #endif
5274 if (sav->pid != mhp->msg->sadb_msg_pid) {
5275 ipseclog((LOG_DEBUG,
5276 "key_update: pid mismatched (DB:%u param:%u)\n",
5277 sav->pid, mhp->msg->sadb_msg_pid));
5278 return key_senderror(so, m, EINVAL);
5279 }
5280
5281 /* copy sav values */
5282 error = key_setsaval(sav, m, mhp);
5283 if (error) {
5284 key_freesav(sav);
5285 return key_senderror(so, m, error);
5286 }
5287
5288 /* check SA values to be mature. */
5289 if ((error = key_mature(sav)) != 0) {
5290 key_freesav(sav);
5291 return key_senderror(so, m, error);
5292 }
5293
5294 #ifdef IPSEC_NAT_T
5295 /*
5296 * Handle NAT-T info if present
5297 */
5298 if (mhp->ext[SADB_X_EXT_NAT_T_OA] != NULL)
5299 printf("update: NAT-T OA present\n");
5300
5301 if ((mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL) &&
5302 (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL) &&
5303 (mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL)) {
5304 struct sadb_x_nat_t_type *type;
5305 struct sadb_x_nat_t_port *sport;
5306 struct sadb_x_nat_t_port *dport;
5307 struct sadb_address *addr;
5308 struct sadb_x_nat_t_frag *frag;
5309
5310 if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) ||
5311 (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) ||
5312 (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) {
5313 ipseclog((LOG_DEBUG, "key_update: "
5314 "invalid message.\n"));
5315 return key_senderror(so, m, EINVAL);
5316 }
5317
5318 if ((mhp->ext[SADB_X_EXT_NAT_T_OA] != NULL) &&
5319 (mhp->extlen[SADB_X_EXT_NAT_T_OA] < sizeof(*addr))) {
5320 ipseclog((LOG_DEBUG, "key_update: invalid message\n"));
5321 return key_senderror(so, m, EINVAL);
5322 }
5323
5324 if ((mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) &&
5325 (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag))) {
5326 ipseclog((LOG_DEBUG, "key_update: invalid message\n"));
5327 return key_senderror(so, m, EINVAL);
5328 }
5329
5330 type = (struct sadb_x_nat_t_type *)
5331 mhp->ext[SADB_X_EXT_NAT_T_TYPE];
5332 sport = (struct sadb_x_nat_t_port *)
5333 mhp->ext[SADB_X_EXT_NAT_T_SPORT];
5334 dport = (struct sadb_x_nat_t_port *)
5335 mhp->ext[SADB_X_EXT_NAT_T_DPORT];
5336 addr = (struct sadb_address *)
5337 mhp->ext[SADB_X_EXT_NAT_T_OA];
5338 frag = (struct sadb_x_nat_t_frag *)
5339 mhp->ext[SADB_X_EXT_NAT_T_FRAG];
5340
5341 if (type)
5342 sav->natt_type = type->sadb_x_nat_t_type_type;
5343 if (sport)
5344 KEY_PORTTOSADDR(&sav->sah->saidx.src,
5345 sport->sadb_x_nat_t_port_port);
5346 if (dport)
5347 KEY_PORTTOSADDR(&sav->sah->saidx.dst,
5348 dport->sadb_x_nat_t_port_port);
5349 if (frag)
5350 sav->esp_frag = frag->sadb_x_nat_t_frag_fraglen;
5351 else
5352 sav->esp_frag = IP_MAXPACKET;
5353 }
5354 #endif /* IPSEC_NAT_T */
5355
5356 {
5357 struct mbuf *n;
5358
5359 /* set msg buf from mhp */
5360 n = key_getmsgbuf_x1(m, mhp);
5361 if (n == NULL) {
5362 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
5363 return key_senderror(so, m, ENOBUFS);
5364 }
5365
5366 m_freem(m);
5367 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5368 }
5369 }
5370
5371 /*
5372 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
5373 * only called by key_update().
5374 * OUT:
5375 * NULL : not found
5376 * others : found, pointer to a SA.
5377 */
5378 #ifdef IPSEC_DOSEQCHECK
5379 static struct secasvar *
5380 key_getsavbyseq(struct secashead *sah, u_int32_t seq)
5381 {
5382 struct secasvar *sav;
5383 u_int state;
5384
5385 state = SADB_SASTATE_LARVAL;
5386
5387 /* search SAD with sequence number ? */
5388 LIST_FOREACH(sav, &sah->savtree[state], chain) {
5389
5390 KEY_CHKSASTATE(state, sav->state, "key_getsabyseq");
5391
5392 if (sav->seq == seq)
5393 }
5394
5395 return NULL;
5396 }
5397 #endif
5398
5399 /*
5400 * SADB_ADD processing
5401 * add an entry to SA database, when received
5402 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5403 * key(AE), (identity(SD),) (sensitivity)>
5404 * from the ikmpd,
5405 * and send
5406 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5407 * (identity(SD),) (sensitivity)>
5408 * to the ikmpd.
5409 *
5410 * IGNORE identity and sensitivity messages.
5411 *
5412 * m will always be freed.
5413 */
5414 static int
5415 key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
5416 {
5417 struct sadb_sa *sa0;
5418 struct sadb_address *src0, *dst0;
5419 struct secasindex saidx;
5420 struct secashead *newsah;
5421 struct secasvar *newsav;
5422 u_int16_t proto;
5423 u_int8_t mode;
5424 u_int16_t reqid;
5425 int error;
5426
5427 /* sanity check */
5428 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5429 panic("key_add: NULL pointer is passed.");
5430
5431 /* map satype to proto */
5432 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5433 ipseclog((LOG_DEBUG, "key_add: invalid satype is passed.\n"));
5434 return key_senderror(so, m, EINVAL);
5435 }
5436
5437 if (mhp->ext[SADB_EXT_SA] == NULL ||
5438 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5439 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
5440 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
5441 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
5442 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
5443 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
5444 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
5445 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
5446 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
5447 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
5448 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
5449 return key_senderror(so, m, EINVAL);
5450 }
5451 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
5452 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5453 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5454 /* XXX need more */
5455 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
5456 return key_senderror(so, m, EINVAL);
5457 }
5458 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
5459 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5460 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5461 } else {
5462 mode = IPSEC_MODE_ANY;
5463 reqid = 0;
5464 }
5465
5466 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5467 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
5468 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
5469
5470 /* sa_len safety check */
5471 if (KEY_CHECKSALEN(src0 + 1) != 0)
5472 return key_senderror(so, m, EINVAL);
5473 if (KEY_CHECKSALEN(dst0 + 1) != 0)
5474 return key_senderror(so, m, EINVAL);
5475
5476 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5477
5478 /* If not using NAT-T, make sure if port number is zero. */
5479 #ifndef IPSEC_NAT_T
5480 KEY_PORTTOSADDR(&saidx.src, 0);
5481 KEY_PORTTOSADDR(&saidx.dst, 0);
5482 #endif
5483
5484 /* get a SA header */
5485 if ((newsah = key_getsah(&saidx)) == NULL) {
5486 /* create a new SA header */
5487 if ((newsah = key_newsah(&saidx)) == NULL) {
5488 ipseclog((LOG_DEBUG, "key_add: No more memory.\n"));
5489 return key_senderror(so, m, ENOBUFS);
5490 }
5491 }
5492
5493 /* set spidx if there */
5494 /* XXX rewrite */
5495 error = key_setident(newsah, m, mhp);
5496 if (error) {
5497 return key_senderror(so, m, error);
5498 }
5499
5500 /* create new SA entry. */
5501 /* We can create new SA only if SPI is differenct. */
5502 if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) {
5503 ipseclog((LOG_DEBUG, "key_add: SA already exists.\n"));
5504 return key_senderror(so, m, EEXIST);
5505 }
5506 newsav = key_newsav(m, mhp, newsah, &error);
5507 if (newsav == NULL) {
5508 return key_senderror(so, m, error);
5509 }
5510
5511 /* check SA values to be mature. */
5512 if ((error = key_mature(newsav)) != 0) {
5513 key_freesav(newsav);
5514 return key_senderror(so, m, error);
5515 }
5516
5517 #ifdef IPSEC_NAT_T
5518 /*
5519 * Handle NAT-T info if present
5520 */
5521 if (mhp->ext[SADB_X_EXT_NAT_T_OA] != NULL)
5522 printf("add: NAT-T OA present\n");
5523
5524 if ((mhp->ext[SADB_X_EXT_NAT_T_TYPE] != NULL) &&
5525 (mhp->ext[SADB_X_EXT_NAT_T_SPORT] != NULL) &&
5526 (mhp->ext[SADB_X_EXT_NAT_T_DPORT] != NULL)) {
5527 struct sadb_x_nat_t_type *type;
5528 struct sadb_x_nat_t_port *sport;
5529 struct sadb_x_nat_t_port *dport;
5530 struct sadb_address *addr;
5531 struct sadb_x_nat_t_frag *frag;
5532
5533 if ((mhp->extlen[SADB_X_EXT_NAT_T_TYPE] < sizeof(*type)) ||
5534 (mhp->extlen[SADB_X_EXT_NAT_T_SPORT] < sizeof(*sport)) ||
5535 (mhp->extlen[SADB_X_EXT_NAT_T_DPORT] < sizeof(*dport))) {
5536 ipseclog((LOG_DEBUG, "key_add: "
5537 "invalid message.\n"));
5538 return key_senderror(so, m, EINVAL);
5539 }
5540
5541 if ((mhp->ext[SADB_X_EXT_NAT_T_OA] != NULL) &&
5542 (mhp->extlen[SADB_X_EXT_NAT_T_OA] < sizeof(*addr))) {
5543 ipseclog((LOG_DEBUG, "key_add: invalid message\n"));
5544 return key_senderror(so, m, EINVAL);
5545 }
5546
5547 if ((mhp->ext[SADB_X_EXT_NAT_T_FRAG] != NULL) &&
5548 (mhp->extlen[SADB_X_EXT_NAT_T_FRAG] < sizeof(*frag))) {
5549 ipseclog((LOG_DEBUG, "key_update: invalid message\n"));
5550 return key_senderror(so, m, EINVAL);
5551 }
5552
5553 type = (struct sadb_x_nat_t_type *)
5554 mhp->ext[SADB_X_EXT_NAT_T_TYPE];
5555 sport = (struct sadb_x_nat_t_port *)
5556 mhp->ext[SADB_X_EXT_NAT_T_SPORT];
5557 dport = (struct sadb_x_nat_t_port *)
5558 mhp->ext[SADB_X_EXT_NAT_T_DPORT];
5559 addr = (struct sadb_address *)
5560 mhp->ext[SADB_X_EXT_NAT_T_OA];
5561 frag = (struct sadb_x_nat_t_frag *)
5562 mhp->ext[SADB_X_EXT_NAT_T_FRAG];
5563
5564 if (type)
5565 newsav->natt_type = type->sadb_x_nat_t_type_type;
5566 if (sport)
5567 KEY_PORTTOSADDR(&newsav->sah->saidx.src,
5568 sport->sadb_x_nat_t_port_port);
5569 if (dport)
5570 KEY_PORTTOSADDR(&newsav->sah->saidx.dst,
5571 dport->sadb_x_nat_t_port_port);
5572 if (frag)
5573 newsav->esp_frag = frag->sadb_x_nat_t_frag_fraglen;
5574 else
5575 newsav->esp_frag = IP_MAXPACKET;
5576 }
5577 #endif /* IPSEC_NAT_T */
5578
5579 /*
5580 * don't call key_freesav() here, as we would like to keep the SA
5581 * in the database on success.
5582 */
5583
5584 {
5585 struct mbuf *n;
5586
5587 /* set msg buf from mhp */
5588 n = key_getmsgbuf_x1(m, mhp);
5589 if (n == NULL) {
5590 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
5591 return key_senderror(so, m, ENOBUFS);
5592 }
5593
5594 m_freem(m);
5595 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5596 }
5597 }
5598
5599 /* m is retained */
5600 static int
5601 key_setident(struct secashead *sah, struct mbuf *m, const struct sadb_msghdr *mhp)
5602 {
5603 const struct sadb_ident *idsrc, *iddst;
5604 int idsrclen, iddstlen;
5605
5606 /* sanity check */
5607 if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5608 panic("key_setident: NULL pointer is passed.");
5609
5610 /* don't make buffer if not there */
5611 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
5612 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5613 sah->idents = NULL;
5614 sah->identd = NULL;
5615 return 0;
5616 }
5617
5618 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
5619 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5620 ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n"));
5621 return EINVAL;
5622 }
5623
5624 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC];
5625 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST];
5626 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
5627 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
5628
5629 /* validity check */
5630 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
5631 ipseclog((LOG_DEBUG, "key_setident: ident type mismatch.\n"));
5632 return EINVAL;
5633 }
5634
5635 switch (idsrc->sadb_ident_type) {
5636 case SADB_IDENTTYPE_PREFIX:
5637 case SADB_IDENTTYPE_FQDN:
5638 case SADB_IDENTTYPE_USERFQDN:
5639 default:
5640 /* XXX do nothing */
5641 sah->idents = NULL;
5642 sah->identd = NULL;
5643 return 0;
5644 }
5645
5646 /* make structure */
5647 KMALLOC(sah->idents, struct sadb_ident *, idsrclen);
5648 if (sah->idents == NULL) {
5649 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
5650 return ENOBUFS;
5651 }
5652 KMALLOC(sah->identd, struct sadb_ident *, iddstlen);
5653 if (sah->identd == NULL) {
5654 KFREE(sah->idents);
5655 sah->idents = NULL;
5656 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
5657 return ENOBUFS;
5658 }
5659 memcpy(sah->idents, idsrc, idsrclen);
5660 memcpy(sah->identd, iddst, iddstlen);
5661
5662 return 0;
5663 }
5664
5665 /*
5666 * m will not be freed on return.
5667 * it is caller's responsibility to free the result.
5668 */
5669 static struct mbuf *
5670 key_getmsgbuf_x1(struct mbuf *m, const struct sadb_msghdr *mhp)
5671 {
5672 struct mbuf *n;
5673
5674 /* sanity check */
5675 if (m == NULL || mhp == NULL || mhp->msg == NULL)
5676 panic("key_getmsgbuf_x1: NULL pointer is passed.");
5677
5678 /* create new sadb_msg to reply. */
5679 n = key_gather_mbuf(m, mhp, 1, 9, SADB_EXT_RESERVED,
5680 SADB_EXT_SA, SADB_X_EXT_SA2,
5681 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
5682 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
5683 SADB_EXT_IDENTITY_SRC, SADB_EXT_IDENTITY_DST);
5684 if (!n)
5685 return NULL;
5686
5687 if (n->m_len < sizeof(struct sadb_msg)) {
5688 n = m_pullup(n, sizeof(struct sadb_msg));
5689 if (n == NULL)
5690 return NULL;
5691 }
5692 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
5693 mtod(n, struct sadb_msg *)->sadb_msg_len =
5694 PFKEY_UNIT64(n->m_pkthdr.len);
5695
5696 return n;
5697 }
5698
5699 static int key_delete_all(struct socket *, struct mbuf *,
5700 const struct sadb_msghdr *, u_int16_t);
5701
5702 /*
5703 * SADB_DELETE processing
5704 * receive
5705 * <base, SA(*), address(SD)>
5706 * from the ikmpd, and set SADB_SASTATE_DEAD,
5707 * and send,
5708 * <base, SA(*), address(SD)>
5709 * to the ikmpd.
5710 *
5711 * m will always be freed.
5712 */
5713 static int
5714 key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
5715 {
5716 struct sadb_sa *sa0;
5717 struct sadb_address *src0, *dst0;
5718 struct secasindex saidx;
5719 struct secashead *sah;
5720 struct secasvar *sav = NULL;
5721 u_int16_t proto;
5722
5723 /* sanity check */
5724 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5725 panic("key_delete: NULL pointer is passed.");
5726
5727 /* map satype to proto */
5728 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5729 ipseclog((LOG_DEBUG, "key_delete: invalid satype is passed.\n"));
5730 return key_senderror(so, m, EINVAL);
5731 }
5732
5733 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5734 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5735 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5736 return key_senderror(so, m, EINVAL);
5737 }
5738
5739 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5740 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5741 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5742 return key_senderror(so, m, EINVAL);
5743 }
5744
5745 if (mhp->ext[SADB_EXT_SA] == NULL) {
5746 /*
5747 * Caller wants us to delete all non-LARVAL SAs
5748 * that match the src/dst. This is used during
5749 * IKE INITIAL-CONTACT.
5750 */
5751 ipseclog((LOG_DEBUG, "key_delete: doing delete all.\n"));
5752 return key_delete_all(so, m, mhp, proto);
5753 } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
5754 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5755 return key_senderror(so, m, EINVAL);
5756 }
5757
5758 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5759 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5760 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5761
5762 /* sa_len safety check */
5763 if (KEY_CHECKSALEN(src0 + 1) != 0)
5764 return key_senderror(so, m, EINVAL);
5765 if (KEY_CHECKSALEN(dst0 + 1) != 0)
5766 return key_senderror(so, m, EINVAL);
5767
5768 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
5769
5770 /* If not using NAT-T, make sure if port number is zero. */
5771 #ifndef IPSEC_NAT_T
5772 KEY_PORTTOSADDR(&saidx.src, 0);
5773 KEY_PORTTOSADDR(&saidx.dst, 0);
5774 #endif
5775
5776 /* get a SA header */
5777 LIST_FOREACH(sah, &sahtree, chain) {
5778 if (sah->state == SADB_SASTATE_DEAD)
5779 continue;
5780 if (key_cmpsaidx_withoutmode(&sah->saidx, &saidx) == 0)
5781 continue;
5782
5783 /* get a SA with SPI. */
5784 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
5785 if (sav)
5786 break;
5787 }
5788 if (sah == NULL) {
5789 ipseclog((LOG_DEBUG, "key_delete: no SA found.\n"));
5790 return key_senderror(so, m, ENOENT);
5791 }
5792
5793 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5794 key_freesav(sav);
5795 sav = NULL;
5796
5797 {
5798 struct mbuf *n;
5799 struct sadb_msg *newmsg;
5800
5801 /* create new sadb_msg to reply. */
5802 n = key_gather_mbuf(m, mhp, 1, 4, SADB_EXT_RESERVED,
5803 SADB_EXT_SA, SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
5804 if (!n)
5805 return key_senderror(so, m, ENOBUFS);
5806
5807 if (n->m_len < sizeof(struct sadb_msg)) {
5808 n = m_pullup(n, sizeof(struct sadb_msg));
5809 if (n == NULL)
5810 return key_senderror(so, m, ENOBUFS);
5811 }
5812 newmsg = mtod(n, struct sadb_msg *);
5813 newmsg->sadb_msg_errno = 0;
5814 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5815
5816 m_freem(m);
5817 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5818 }
5819 }
5820
5821 /*
5822 * delete all SAs for src/dst. Called from key_delete().
5823 */
5824 static int
5825 key_delete_all(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp, u_int16_t proto)
5826 {
5827 struct sadb_address *src0, *dst0;
5828 struct secasindex saidx;
5829 struct secashead *sah;
5830 struct secasvar *sav, *nextsav;
5831 u_int stateidx, state;
5832
5833 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5834 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5835
5836 /* sa_len safety check */
5837 if (KEY_CHECKSALEN(src0 + 1) != 0)
5838 return key_senderror(so, m, EINVAL);
5839 if (KEY_CHECKSALEN(dst0 + 1) != 0)
5840 return key_senderror(so, m, EINVAL);
5841
5842 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
5843
5844 /* If not using NAT-T, make sure if port number is zero. */
5845 #ifndef IPSEC_NAT_T
5846 KEY_PORTTOSADDR(&saidx.src, 0);
5847 KEY_PORTTOSADDR(&saidx.dst, 0);
5848 #endif
5849
5850 LIST_FOREACH(sah, &sahtree, chain) {
5851 if (sah->state == SADB_SASTATE_DEAD)
5852 continue;
5853 if (key_cmpsaidx_withoutmode(&sah->saidx, &saidx) == 0)
5854 continue;
5855
5856 /* Delete all non-LARVAL SAs. */
5857 for (stateidx = 0;
5858 stateidx < _ARRAYLEN(saorder_state_alive);
5859 stateidx++) {
5860 state = saorder_state_alive[stateidx];
5861 if (state == SADB_SASTATE_LARVAL)
5862 continue;
5863 for (sav = LIST_FIRST(&sah->savtree[state]);
5864 sav != NULL; sav = nextsav) {
5865 nextsav = LIST_NEXT(sav, chain);
5866 /* sanity check */
5867 if (sav->state != state) {
5868 ipseclog((LOG_DEBUG, "key_delete_all: "
5869 "invalid sav->state "
5870 "(queue: %u SA: %u)\n",
5871 state, sav->state));
5872 continue;
5873 }
5874
5875 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5876 key_freesav(sav);
5877 }
5878 }
5879 }
5880 {
5881 struct mbuf *n;
5882 struct sadb_msg *newmsg;
5883
5884 /* create new sadb_msg to reply. */
5885 n = key_gather_mbuf(m, mhp, 1, 3, SADB_EXT_RESERVED,
5886 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST);
5887 if (!n)
5888 return key_senderror(so, m, ENOBUFS);
5889
5890 if (n->m_len < sizeof(struct sadb_msg)) {
5891 n = m_pullup(n, sizeof(struct sadb_msg));
5892 if (n == NULL)
5893 return key_senderror(so, m, ENOBUFS);
5894 }
5895 newmsg = mtod(n, struct sadb_msg *);
5896 newmsg->sadb_msg_errno = 0;
5897 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5898
5899 m_freem(m);
5900 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5901 }
5902 }
5903
5904 /*
5905 * SADB_GET processing
5906 * receive
5907 * <base, SA(*), address(SD)>
5908 * from the ikmpd, and get a SP and a SA to respond,
5909 * and send,
5910 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
5911 * (identity(SD),) (sensitivity)>
5912 * to the ikmpd.
5913 *
5914 * m will always be freed.
5915 */
5916 static int
5917 key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
5918 {
5919 struct sadb_sa *sa0;
5920 struct sadb_address *src0, *dst0;
5921 struct secasindex saidx;
5922 struct secashead *sah;
5923 struct secasvar *sav = NULL;
5924 u_int16_t proto;
5925
5926 /* sanity check */
5927 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5928 panic("key_get: NULL pointer is passed.");
5929
5930 /* map satype to proto */
5931 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5932 ipseclog((LOG_DEBUG, "key_get: invalid satype is passed.\n"));
5933 return key_senderror(so, m, EINVAL);
5934 }
5935
5936 if (mhp->ext[SADB_EXT_SA] == NULL ||
5937 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5938 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5939 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
5940 return key_senderror(so, m, EINVAL);
5941 }
5942 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
5943 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5944 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5945 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
5946 return key_senderror(so, m, EINVAL);
5947 }
5948
5949 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5950 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
5951 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
5952
5953 /* sa_len safety check */
5954 if (KEY_CHECKSALEN(src0 + 1) != 0)
5955 return key_senderror(so, m, EINVAL);
5956 if (KEY_CHECKSALEN(dst0 + 1) != 0)
5957 return key_senderror(so, m, EINVAL);
5958
5959 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
5960
5961 /* If not using NAT-T, make sure if port number is zero. */
5962 #ifndef IPSEC_NAT_T
5963 KEY_PORTTOSADDR(&saidx.src, 0);
5964 KEY_PORTTOSADDR(&saidx.dst, 0);
5965 #endif
5966
5967 /* get a SA header */
5968 LIST_FOREACH(sah, &sahtree, chain) {
5969 if (sah->state == SADB_SASTATE_DEAD)
5970 continue;
5971 if (key_cmpsaidx_withoutmode(&sah->saidx, &saidx) == 0)
5972 continue;
5973
5974 /* get a SA with SPI. */
5975 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
5976 if (sav)
5977 break;
5978 }
5979 if (sah == NULL) {
5980 ipseclog((LOG_DEBUG, "key_get: no SA found.\n"));
5981 return key_senderror(so, m, ENOENT);
5982 }
5983
5984 {
5985 struct mbuf *n;
5986 u_int8_t satype;
5987
5988 /* map proto to satype */
5989 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
5990 ipseclog((LOG_DEBUG, "key_get: there was invalid proto in SAD.\n"));
5991 return key_senderror(so, m, EINVAL);
5992 }
5993
5994 /* create new sadb_msg to reply. */
5995 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
5996 mhp->msg->sadb_msg_pid);
5997 if (!n)
5998 return key_senderror(so, m, ENOBUFS);
5999
6000 m_freem(m);
6001 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
6002 }
6003 }
6004
6005 /* XXX make it sysctl-configurable? */
6006 static void
6007 key_getcomb_setlifetime(struct sadb_comb *comb)
6008 {
6009
6010 comb->sadb_comb_soft_allocations = 1;
6011 comb->sadb_comb_hard_allocations = 1;
6012 comb->sadb_comb_soft_bytes = 0;
6013 comb->sadb_comb_hard_bytes = 0;
6014 comb->sadb_comb_hard_addtime = 86400; /* 1 day */
6015 comb->sadb_comb_soft_addtime = comb->sadb_comb_hard_addtime * 80 / 100;
6016 comb->sadb_comb_hard_usetime = 28800; /* 8 hours */
6017 comb->sadb_comb_soft_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
6018 }
6019
6020 #ifdef IPSEC_ESP
6021 /*
6022 * XXX reorder combinations by preference
6023 * XXX no idea if the user wants ESP authentication or not
6024 */
6025 static struct mbuf *
6026 key_getcomb_esp(void)
6027 {
6028 struct sadb_comb *comb;
6029 const struct esp_algorithm *algo;
6030 struct mbuf *result = NULL, *m, *n;
6031 int encmin;
6032 int i, off, o;
6033 int totlen;
6034 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6035
6036 m = NULL;
6037 for (i = 1; i <= SADB_EALG_MAX; i++) {
6038 algo = esp_algorithm_lookup(i);
6039 if (!algo)
6040 continue;
6041
6042 if (algo->keymax < ipsec_esp_keymin)
6043 continue;
6044 if (algo->keymin < ipsec_esp_keymin)
6045 encmin = ipsec_esp_keymin;
6046 else
6047 encmin = algo->keymin;
6048
6049 if (ipsec_esp_auth)
6050 m = key_getcomb_ah();
6051 else {
6052 #ifdef DIAGNOSTIC
6053 if (l > MLEN)
6054 panic("assumption failed in key_getcomb_esp");
6055 #endif
6056 MGET(m, M_DONTWAIT, MT_DATA);
6057 if (m) {
6058 M_ALIGN(m, l);
6059 m->m_len = l;
6060 m->m_next = NULL;
6061 memset(mtod(m, void *), 0, m->m_len);
6062 }
6063 }
6064 if (!m)
6065 goto fail;
6066
6067 totlen = 0;
6068 for (n = m; n; n = n->m_next)
6069 totlen += n->m_len;
6070 #ifdef DIAGNOSTIC
6071 if (totlen % l)
6072 panic("assumption failed in key_getcomb_esp");
6073 #endif
6074
6075 for (off = 0; off < totlen; off += l) {
6076 n = m_pulldown(m, off, l, &o);
6077 if (!n) {
6078 /* m is already freed */
6079 goto fail;
6080 }
6081 comb = (struct sadb_comb *)(mtod(n, char *) + o);
6082 memset(comb, 0, sizeof(*comb));
6083 key_getcomb_setlifetime(comb);
6084 comb->sadb_comb_encrypt = i;
6085 comb->sadb_comb_encrypt_minbits = encmin;
6086 comb->sadb_comb_encrypt_maxbits = algo->keymax;
6087 }
6088
6089 if (!result)
6090 result = m;
6091 else
6092 m_cat(result, m);
6093 }
6094
6095 return result;
6096
6097 fail:
6098 if (result)
6099 m_freem(result);
6100 return NULL;
6101 }
6102 #endif
6103
6104 /*
6105 * XXX reorder combinations by preference
6106 */
6107 static struct mbuf *
6108 key_getcomb_ah(void)
6109 {
6110 struct sadb_comb *comb;
6111 const struct ah_algorithm *algo;
6112 struct mbuf *m;
6113 int xmin;
6114 int i;
6115 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6116
6117 m = NULL;
6118 for (i = 1; i <= SADB_AALG_MAX; i++) {
6119 #if 1
6120 /* we prefer HMAC algorithms, not old algorithms */
6121 if (i != SADB_AALG_SHA1HMAC && i != SADB_AALG_MD5HMAC)
6122 continue;
6123 #endif
6124 algo = ah_algorithm_lookup(i);
6125 if (!algo)
6126 continue;
6127
6128 if (algo->keymax < ipsec_ah_keymin)
6129 continue;
6130 if (algo->keymin < ipsec_ah_keymin)
6131 xmin = ipsec_ah_keymin;
6132 else
6133 xmin = algo->keymin;
6134
6135 if (!m) {
6136 #ifdef DIAGNOSTIC
6137 if (l > MLEN)
6138 panic("assumption failed in key_getcomb_ah");
6139 #endif
6140 MGET(m, M_DONTWAIT, MT_DATA);
6141 if (m) {
6142 M_ALIGN(m, l);
6143 m->m_len = l;
6144 m->m_next = NULL;
6145 }
6146 } else
6147 M_PREPEND(m, l, M_DONTWAIT);
6148 if (!m)
6149 return NULL;
6150
6151 comb = mtod(m, struct sadb_comb *);
6152 memset(comb, 0, sizeof(*comb));
6153 key_getcomb_setlifetime(comb);
6154 comb->sadb_comb_auth = i;
6155 comb->sadb_comb_auth_minbits = xmin;
6156 comb->sadb_comb_auth_maxbits = algo->keymax;
6157 }
6158
6159 return m;
6160 }
6161
6162 /*
6163 * not really an official behavior. discussed in pf_key@inner.net in Sep2000.
6164 * XXX reorder combinations by preference
6165 */
6166 static struct mbuf *
6167 key_getcomb_ipcomp(void)
6168 {
6169 struct sadb_comb *comb;
6170 const struct ipcomp_algorithm *algo;
6171 struct mbuf *m;
6172 int i;
6173 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6174
6175 m = NULL;
6176 for (i = 1; i <= SADB_X_CALG_MAX; i++) {
6177 algo = ipcomp_algorithm_lookup(i);
6178 if (!algo)
6179 continue;
6180
6181 if (!m) {
6182 #ifdef DIAGNOSTIC
6183 if (l > MLEN)
6184 panic("assumption failed in key_getcomb_ipcomp");
6185 #endif
6186 MGET(m, M_DONTWAIT, MT_DATA);
6187 if (m) {
6188 M_ALIGN(m, l);
6189 m->m_len = l;
6190 m->m_next = NULL;
6191 }
6192 } else
6193 M_PREPEND(m, l, M_DONTWAIT);
6194 if (!m)
6195 return NULL;
6196
6197 comb = mtod(m, struct sadb_comb *);
6198 memset(comb, 0, sizeof(*comb));
6199 key_getcomb_setlifetime(comb);
6200 comb->sadb_comb_encrypt = i;
6201 /* what should we set into sadb_comb_*_{min,max}bits? */
6202 }
6203
6204 return m;
6205 }
6206
6207 /*
6208 * XXX no way to pass mode (transport/tunnel) to userland
6209 * XXX replay checking?
6210 * XXX sysctl interface to ipsec_{ah,esp}_keymin
6211 */
6212 static struct mbuf *
6213 key_getprop(const struct secasindex *saidx)
6214 {
6215 struct sadb_prop *prop;
6216 struct mbuf *m, *n;
6217 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
6218 int totlen;
6219
6220 switch (saidx->proto) {
6221 #ifdef IPSEC_ESP
6222 case IPPROTO_ESP:
6223 m = key_getcomb_esp();
6224 break;
6225 #endif
6226 case IPPROTO_AH:
6227 m = key_getcomb_ah();
6228 break;
6229 case IPPROTO_IPCOMP:
6230 m = key_getcomb_ipcomp();
6231 break;
6232 default:
6233 return NULL;
6234 }
6235
6236 if (!m)
6237 return NULL;
6238 M_PREPEND(m, l, M_DONTWAIT);
6239 if (!m)
6240 return NULL;
6241
6242 totlen = 0;
6243 for (n = m; n; n = n->m_next)
6244 totlen += n->m_len;
6245
6246 prop = mtod(m, struct sadb_prop *);
6247 memset(prop, 0, sizeof(*prop));
6248 prop->sadb_prop_len = PFKEY_UNIT64(totlen);
6249 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
6250 prop->sadb_prop_replay = 32; /* XXX */
6251
6252 return m;
6253 }
6254
6255 /*
6256 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
6257 * send
6258 * <base, SA, address(SD), (address(P)), x_policy,
6259 * (identity(SD),) (sensitivity,) proposal>
6260 * to KMD, and expect to receive
6261 * <base> with SADB_ACQUIRE if error occurred,
6262 * or
6263 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
6264 * from KMD by PF_KEY.
6265 *
6266 * XXX x_policy is outside of RFC2367 (KAME extension).
6267 * XXX sensitivity is not supported.
6268 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
6269 * see comment for key_getcomb_ipcomp().
6270 *
6271 * OUT:
6272 * 0 : succeed
6273 * others: error number
6274 */
6275 static int
6276 key_acquire(struct secasindex *saidx, struct secpolicy *sp)
6277 {
6278 struct mbuf *result = NULL, *m;
6279 #ifndef IPSEC_NONBLOCK_ACQUIRE
6280 struct secacq *newacq;
6281 #endif
6282 u_int8_t satype;
6283 int error = -1;
6284 u_int32_t seq;
6285
6286 /* sanity check */
6287 if (saidx == NULL)
6288 panic("key_acquire: NULL pointer is passed.");
6289 if ((satype = key_proto2satype(saidx->proto)) == 0)
6290 panic("key_acquire: invalid proto is passed.");
6291
6292 #ifndef IPSEC_NONBLOCK_ACQUIRE
6293 /*
6294 * We never do anything about acquirng SA. There is anather
6295 * solution that kernel blocks to send SADB_ACQUIRE message until
6296 * getting something message from IKEd. In later case, to be
6297 * managed with ACQUIRING list.
6298 */
6299 /* get an entry to check whether sending message or not. */
6300 if ((newacq = key_getacq(saidx)) != NULL) {
6301 if (key_blockacq_count < newacq->count) {
6302 /* reset counter and do send message. */
6303 newacq->count = 0;
6304 } else {
6305 /* increment counter and do nothing. */
6306 newacq->count++;
6307 return 0;
6308 }
6309 } else {
6310 /* make new entry for blocking to send SADB_ACQUIRE. */
6311 if ((newacq = key_newacq(saidx)) == NULL)
6312 return ENOBUFS;
6313
6314 /* add to acqtree */
6315 LIST_INSERT_HEAD(&acqtree, newacq, chain);
6316 }
6317 #endif
6318
6319 #ifndef IPSEC_NONBLOCK_ACQUIRE
6320 seq = newacq->seq;
6321 #else
6322 seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
6323 #endif
6324 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
6325 if (!m) {
6326 error = ENOBUFS;
6327 goto fail;
6328 }
6329 result = m;
6330
6331 /* set sadb_address for saidx's. */
6332 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
6333 (struct sockaddr *)&saidx->src, FULLMASK, IPSEC_ULPROTO_ANY);
6334 if (!m) {
6335 error = ENOBUFS;
6336 goto fail;
6337 }
6338 m_cat(result, m);
6339
6340 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
6341 (struct sockaddr *)&saidx->dst, FULLMASK, IPSEC_ULPROTO_ANY);
6342 if (!m) {
6343 error = ENOBUFS;
6344 goto fail;
6345 }
6346 m_cat(result, m);
6347
6348 /* XXX proxy address (optional) */
6349
6350 /* set sadb_x_policy */
6351 if (sp) {
6352 m = key_setsadbxpolicy(sp->policy, sp->dir, sp->id);
6353 if (!m) {
6354 error = ENOBUFS;
6355 goto fail;
6356 }
6357 m_cat(result, m);
6358 }
6359
6360 #ifdef SADB_X_EXT_TAG
6361 /* set sadb_x_tag */
6362 if (sp && sp->tag) {
6363 m = key_setsadbxtag(sp->tag);
6364 if (!m) {
6365 error = ENOBUFS;
6366 goto fail;
6367 }
6368 m_cat(result, m);
6369 }
6370 #endif
6371
6372 /* XXX identity (optional) */
6373 #if 0
6374 if (idexttype && fqdn) {
6375 /* create identity extension (FQDN) */
6376 struct sadb_ident *id;
6377 int fqdnlen;
6378
6379 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */
6380 id = (struct sadb_ident *)p;
6381 memset(id, 0, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
6382 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
6383 id->sadb_ident_exttype = idexttype;
6384 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
6385 memcpy(id + 1, fqdn, fqdnlen);
6386 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
6387 }
6388
6389 if (idexttype) {
6390 /* create identity extension (USERFQDN) */
6391 struct sadb_ident *id;
6392 int userfqdnlen;
6393
6394 if (userfqdn) {
6395 /* +1 for terminating-NUL */
6396 userfqdnlen = strlen(userfqdn) + 1;
6397 } else
6398 userfqdnlen = 0;
6399 id = (struct sadb_ident *)p;
6400 memset(id, 0, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
6401 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
6402 id->sadb_ident_exttype = idexttype;
6403 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
6404 /* XXX is it correct? */
6405 if (curlwp)
6406 id->sadb_ident_id = kauth_cred_getuid(curlwp->l_cred);
6407 if (userfqdn && userfqdnlen)
6408 memcpy(id + 1, userfqdn, userfqdnlen);
6409 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
6410 }
6411 #endif
6412
6413 /* XXX sensitivity (optional) */
6414
6415 /* create proposal/combination extension */
6416 m = key_getprop(saidx);
6417 #if 0
6418 /*
6419 * spec conformant: always attach proposal/combination extension,
6420 * the problem is that we have no way to attach it for ipcomp,
6421 * due to the way sadb_comb is declared in RFC2367.
6422 */
6423 if (!m) {
6424 error = ENOBUFS;
6425 goto fail;
6426 }
6427 m_cat(result, m);
6428 #else
6429 /*
6430 * outside of spec; make proposal/combination extension optional.
6431 */
6432 if (m)
6433 m_cat(result, m);
6434 #endif
6435
6436 if ((result->m_flags & M_PKTHDR) == 0) {
6437 error = EINVAL;
6438 goto fail;
6439 }
6440
6441 if (result->m_len < sizeof(struct sadb_msg)) {
6442 result = m_pullup(result, sizeof(struct sadb_msg));
6443 if (result == NULL) {
6444 error = ENOBUFS;
6445 goto fail;
6446 }
6447 }
6448
6449 result->m_pkthdr.len = 0;
6450 for (m = result; m; m = m->m_next)
6451 result->m_pkthdr.len += m->m_len;
6452
6453 mtod(result, struct sadb_msg *)->sadb_msg_len =
6454 PFKEY_UNIT64(result->m_pkthdr.len);
6455
6456 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
6457
6458 fail:
6459 if (result)
6460 m_freem(result);
6461 return error;
6462 }
6463
6464 #ifndef IPSEC_NONBLOCK_ACQUIRE
6465 static struct secacq *
6466 key_newacq(struct secasindex *saidx)
6467 {
6468 struct secacq *newacq;
6469
6470 /* get new entry */
6471 KMALLOC(newacq, struct secacq *, sizeof(struct secacq));
6472 if (newacq == NULL) {
6473 ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n"));
6474 return NULL;
6475 }
6476 memset(newacq, 0, sizeof(*newacq));
6477
6478 /* copy secindex */
6479 memcpy(&newacq->saidx, saidx, sizeof(newacq->saidx));
6480 newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq);
6481 newacq->created = time_second;
6482 newacq->count = 1;
6483
6484 return newacq;
6485 }
6486
6487 static struct secacq *
6488 key_getacq(struct secasindex *saidx)
6489 {
6490 struct secacq *acq;
6491
6492 LIST_FOREACH(acq, &acqtree, chain) {
6493 if (key_cmpsaidx_exactly(saidx, &acq->saidx))
6494 return acq;
6495 }
6496
6497 return NULL;
6498 }
6499
6500 static struct secacq *
6501 key_getacqbyseq(u_int32_t seq)
6502 {
6503 struct secacq *acq;
6504
6505 LIST_FOREACH(acq, &acqtree, chain) {
6506 if (acq->seq == seq)
6507 return acq;
6508 }
6509
6510 return NULL;
6511 }
6512 #endif
6513
6514 static struct secspacq *
6515 key_newspacq(struct secpolicyindex *spidx)
6516 {
6517 struct secspacq *acq;
6518
6519 if (!spidx)
6520 return NULL;
6521
6522 /* get new entry */
6523 KMALLOC(acq, struct secspacq *, sizeof(struct secspacq));
6524 if (acq == NULL) {
6525 ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n"));
6526 return NULL;
6527 }
6528 memset(acq, 0, sizeof(*acq));
6529
6530 /* copy secindex */
6531 memcpy(&acq->spidx, spidx, sizeof(acq->spidx));
6532 acq->created = time_second;
6533 acq->count = 0;
6534
6535 return acq;
6536 }
6537
6538 static struct secspacq *
6539 key_getspacq(struct secpolicyindex *spidx)
6540 {
6541 struct secspacq *acq;
6542
6543 if (!spidx)
6544 return NULL;
6545
6546 LIST_FOREACH(acq, &spacqtree, chain) {
6547 if (key_cmpspidx_exactly(spidx, &acq->spidx))
6548 return acq;
6549 }
6550
6551 return NULL;
6552 }
6553
6554 /*
6555 * SADB_ACQUIRE processing,
6556 * in first situation, is receiving
6557 * <base>
6558 * from the ikmpd, and clear sequence of its secasvar entry.
6559 *
6560 * In second situation, is receiving
6561 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
6562 * from a user land process, and return
6563 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
6564 * to the socket.
6565 *
6566 * m will always be freed.
6567 */
6568 static int
6569 key_acquire2(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
6570 {
6571 const struct sadb_address *src0, *dst0;
6572 struct secasindex saidx;
6573 struct secashead *sah;
6574 u_int16_t proto;
6575 int error;
6576
6577 /* sanity check */
6578 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6579 panic("key_acquire2: NULL pointer is passed.");
6580
6581 /*
6582 * Error message from KMd.
6583 * We assume that if error was occurred in IKEd, the length of PFKEY
6584 * message is equal to the size of sadb_msg structure.
6585 * We do not raise error even if error occurred in this function.
6586 */
6587 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
6588 #ifndef IPSEC_NONBLOCK_ACQUIRE
6589 struct secacq *acq;
6590
6591 /* check sequence number */
6592 if (mhp->msg->sadb_msg_seq == 0) {
6593 ipseclog((LOG_DEBUG, "key_acquire2: must specify sequence number.\n"));
6594 m_freem(m);
6595 return 0;
6596 }
6597
6598 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) {
6599 /*
6600 * the specified larval SA is already gone, or we got
6601 * a bogus sequence number. we can silently ignore it.
6602 */
6603 m_freem(m);
6604 return 0;
6605 }
6606
6607 /* reset acq counter in order to deletion by timehander. */
6608 acq->created = time_second;
6609 acq->count = 0;
6610 #endif
6611 m_freem(m);
6612 return 0;
6613 }
6614
6615 /*
6616 * This message is from user land.
6617 */
6618
6619 /* map satype to proto */
6620 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6621 ipseclog((LOG_DEBUG, "key_acquire2: invalid satype is passed.\n"));
6622 return key_senderror(so, m, EINVAL);
6623 }
6624
6625 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
6626 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
6627 mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
6628 /* error */
6629 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
6630 return key_senderror(so, m, EINVAL);
6631 }
6632 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
6633 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
6634 mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
6635 /* error */
6636 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
6637 return key_senderror(so, m, EINVAL);
6638 }
6639
6640 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
6641 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
6642
6643 /* sa_len safety check */
6644 if (KEY_CHECKSALEN(src0 + 1) != 0)
6645 return key_senderror(so, m, EINVAL);
6646 if (KEY_CHECKSALEN(dst0 + 1) != 0)
6647 return key_senderror(so, m, EINVAL);
6648
6649 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
6650
6651 /* If not using NAT-T, make sure if port number is zero. */
6652 #ifndef IPSEC_NAT_T
6653 KEY_PORTTOSADDR(&saidx.src, 0);
6654 KEY_PORTTOSADDR(&saidx.dst, 0);
6655 #endif
6656
6657 /* get a SA index */
6658 LIST_FOREACH(sah, &sahtree, chain) {
6659 if (sah->state == SADB_SASTATE_DEAD)
6660 continue;
6661 if (key_cmpsaidx_withmode(&sah->saidx, &saidx))
6662 break;
6663 }
6664 if (sah != NULL) {
6665 ipseclog((LOG_DEBUG, "key_acquire2: a SA exists already.\n"));
6666 return key_senderror(so, m, EEXIST);
6667 }
6668
6669 error = key_acquire(&saidx, NULL);
6670 if (error != 0) {
6671 ipseclog((LOG_DEBUG, "key_acquire2: error %d returned "
6672 "from key_acquire.\n", mhp->msg->sadb_msg_errno));
6673 return key_senderror(so, m, error);
6674 }
6675
6676 return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
6677 }
6678
6679 /*
6680 * SADB_REGISTER processing.
6681 * If SATYPE_UNSPEC has been passed as satype, only return sabd_supported.
6682 * receive
6683 * <base>
6684 * from the ikmpd, and register a socket to send PF_KEY messages,
6685 * and send
6686 * <base, supported>
6687 * to KMD by PF_KEY.
6688 * If socket is detached, must free from regnode.
6689 *
6690 * m will always be freed.
6691 */
6692 static int
6693 key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
6694 {
6695 struct secreg *reg, *newreg = 0;
6696
6697 /* sanity check */
6698 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6699 panic("key_register: NULL pointer is passed.");
6700
6701 /* check for invalid register message */
6702 if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0]))
6703 return key_senderror(so, m, EINVAL);
6704
6705 /* When SATYPE_UNSPEC is specified, only return sabd_supported. */
6706 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
6707 goto setmsg;
6708
6709 /* check whether existing or not */
6710 LIST_FOREACH(reg, &regtree[mhp->msg->sadb_msg_satype], chain) {
6711 if (reg->so == so) {
6712 ipseclog((LOG_DEBUG, "key_register: socket exists already.\n"));
6713 return key_senderror(so, m, EEXIST);
6714 }
6715 }
6716
6717 /* create regnode */
6718 KMALLOC(newreg, struct secreg *, sizeof(*newreg));
6719 if (newreg == NULL) {
6720 ipseclog((LOG_DEBUG, "key_register: No more memory.\n"));
6721 return key_senderror(so, m, ENOBUFS);
6722 }
6723 memset((void *)newreg, 0, sizeof(*newreg));
6724
6725 newreg->so = so;
6726 ((struct keycb *)sotorawcb(so))->kp_registered++;
6727
6728 /* add regnode to regtree. */
6729 LIST_INSERT_HEAD(&regtree[mhp->msg->sadb_msg_satype], newreg, chain);
6730
6731 setmsg:
6732 {
6733 struct mbuf *n;
6734 struct sadb_msg *newmsg;
6735 struct sadb_supported *sup;
6736 u_int len, alen, elen;
6737 int off;
6738 int i;
6739 struct sadb_alg *alg;
6740
6741 /* create new sadb_msg to reply. */
6742 alen = 0;
6743 for (i = 1; i <= SADB_AALG_MAX; i++) {
6744 if (ah_algorithm_lookup(i))
6745 alen += sizeof(struct sadb_alg);
6746 }
6747 if (alen)
6748 alen += sizeof(struct sadb_supported);
6749 elen = 0;
6750 #ifdef IPSEC_ESP
6751 for (i = 1; i <= SADB_EALG_MAX; i++) {
6752 if (esp_algorithm_lookup(i))
6753 elen += sizeof(struct sadb_alg);
6754 }
6755 if (elen)
6756 elen += sizeof(struct sadb_supported);
6757 #endif
6758
6759 len = sizeof(struct sadb_msg) + alen + elen;
6760
6761 if (len > MCLBYTES)
6762 return key_senderror(so, m, ENOBUFS);
6763
6764 MGETHDR(n, M_DONTWAIT, MT_DATA);
6765 if (len > MHLEN) {
6766 MCLGET(n, M_DONTWAIT);
6767 if ((n->m_flags & M_EXT) == 0) {
6768 m_freem(n);
6769 n = NULL;
6770 }
6771 }
6772 if (!n)
6773 return key_senderror(so, m, ENOBUFS);
6774
6775 n->m_pkthdr.len = n->m_len = len;
6776 n->m_next = NULL;
6777 off = 0;
6778
6779 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, char *) + off);
6780 newmsg = mtod(n, struct sadb_msg *);
6781 newmsg->sadb_msg_errno = 0;
6782 newmsg->sadb_msg_len = PFKEY_UNIT64(len);
6783 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
6784
6785 /* for authentication algorithm */
6786 if (alen) {
6787 sup = (struct sadb_supported *)(mtod(n, char *) + off);
6788 sup->sadb_supported_len = PFKEY_UNIT64(alen);
6789 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
6790 off += PFKEY_ALIGN8(sizeof(*sup));
6791
6792 for (i = 1; i <= SADB_AALG_MAX; i++) {
6793 const struct ah_algorithm *aalgo;
6794
6795 aalgo = ah_algorithm_lookup(i);
6796 if (!aalgo)
6797 continue;
6798 alg = (struct sadb_alg *)(mtod(n, char *) + off);
6799 alg->sadb_alg_id = i;
6800 alg->sadb_alg_ivlen = 0;
6801 alg->sadb_alg_minbits = aalgo->keymin;
6802 alg->sadb_alg_maxbits = aalgo->keymax;
6803 off += PFKEY_ALIGN8(sizeof(*alg));
6804 }
6805 }
6806
6807 #ifdef IPSEC_ESP
6808 /* for encryption algorithm */
6809 if (elen) {
6810 sup = (struct sadb_supported *)(mtod(n, char *) + off);
6811 sup->sadb_supported_len = PFKEY_UNIT64(elen);
6812 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
6813 off += PFKEY_ALIGN8(sizeof(*sup));
6814
6815 for (i = 1; i <= SADB_EALG_MAX; i++) {
6816 const struct esp_algorithm *ealgo;
6817
6818 ealgo = esp_algorithm_lookup(i);
6819 if (!ealgo)
6820 continue;
6821 alg = (struct sadb_alg *)(mtod(n, char *) + off);
6822 alg->sadb_alg_id = i;
6823 if (ealgo && ealgo->ivlen) {
6824 /*
6825 * give NULL to get the value preferred by
6826 * algorithm XXX SADB_X_EXT_DERIV ?
6827 */
6828 alg->sadb_alg_ivlen =
6829 (*ealgo->ivlen)(ealgo, NULL);
6830 } else
6831 alg->sadb_alg_ivlen = 0;
6832 alg->sadb_alg_minbits = ealgo->keymin;
6833 alg->sadb_alg_maxbits = ealgo->keymax;
6834 off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
6835 }
6836 }
6837 #endif
6838
6839 #ifdef DIAGNOSTIC
6840 if (off != len)
6841 panic("length assumption failed in key_register");
6842 #endif
6843
6844 m_freem(m);
6845 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
6846 }
6847 }
6848
6849 /*
6850 * free secreg entry registered.
6851 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
6852 */
6853 void
6854 key_freereg(struct socket *so)
6855 {
6856 struct secreg *reg;
6857 int i;
6858
6859 /* sanity check */
6860 if (so == NULL)
6861 panic("key_freereg: NULL pointer is passed.");
6862
6863 /*
6864 * check whether existing or not.
6865 * check all type of SA, because there is a potential that
6866 * one socket is registered to multiple type of SA.
6867 */
6868 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
6869 LIST_FOREACH(reg, &regtree[i], chain) {
6870 if (reg->so == so && __LIST_CHAINED(reg)) {
6871 LIST_REMOVE(reg, chain);
6872 KFREE(reg);
6873 break;
6874 }
6875 }
6876 }
6877
6878 return;
6879 }
6880
6881 /*
6882 * SADB_EXPIRE processing
6883 * send
6884 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
6885 * to KMD by PF_KEY.
6886 * NOTE: We send only soft lifetime extension.
6887 *
6888 * OUT: 0 : succeed
6889 * others : error number
6890 */
6891 static int
6892 key_expire(struct secasvar *sav)
6893 {
6894 int s;
6895 int satype;
6896 struct mbuf *result = NULL, *m;
6897 int len;
6898 int error = -1;
6899 struct sadb_lifetime *lt;
6900
6901 /* XXX: Why do we lock ? */
6902 s = splsoftnet(); /*called from softclock()*/
6903
6904 /* sanity check */
6905 if (sav == NULL)
6906 panic("key_expire: NULL pointer is passed.");
6907 if (sav->sah == NULL)
6908 panic("key_expire: Why was SA index in SA NULL.");
6909 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
6910 panic("key_expire: invalid proto is passed.");
6911
6912 /* set msg header */
6913 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
6914 if (!m) {
6915 error = ENOBUFS;
6916 goto fail;
6917 }
6918 result = m;
6919
6920 /* create SA extension */
6921 m = key_setsadbsa(sav);
6922 if (!m) {
6923 error = ENOBUFS;
6924 goto fail;
6925 }
6926 m_cat(result, m);
6927
6928 /* create SA extension */
6929 m = key_setsadbxsa2(sav->sah->saidx.mode,
6930 sav->replay ? (sav->replay->count & 0xffffffff) : 0,
6931 sav->sah->saidx.reqid);
6932 if (!m) {
6933 error = ENOBUFS;
6934 goto fail;
6935 }
6936 m_cat(result, m);
6937
6938 /* create lifetime extension (current and soft) */
6939 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
6940 m = key_alloc_mbuf(len);
6941 if (!m || m->m_next) { /*XXX*/
6942 if (m)
6943 m_freem(m);
6944 error = ENOBUFS;
6945 goto fail;
6946 }
6947 memset(mtod(m, void *), 0, len);
6948 lt = mtod(m, struct sadb_lifetime *);
6949 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
6950 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
6951 lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations;
6952 lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes;
6953 lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime;
6954 lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime;
6955 lt = (struct sadb_lifetime *)(mtod(m, char *) + len / 2);
6956 memcpy(lt, sav->lft_s, sizeof(*lt));
6957 m_cat(result, m);
6958
6959 /* set sadb_address for source */
6960 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
6961 (struct sockaddr *)&sav->sah->saidx.src,
6962 FULLMASK, IPSEC_ULPROTO_ANY);
6963 if (!m) {
6964 error = ENOBUFS;
6965 goto fail;
6966 }
6967 m_cat(result, m);
6968
6969 /* set sadb_address for destination */
6970 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
6971 (struct sockaddr *)&sav->sah->saidx.dst,
6972 FULLMASK, IPSEC_ULPROTO_ANY);
6973 if (!m) {
6974 error = ENOBUFS;
6975 goto fail;
6976 }
6977 m_cat(result, m);
6978
6979 if ((result->m_flags & M_PKTHDR) == 0) {
6980 error = EINVAL;
6981 goto fail;
6982 }
6983
6984 if (result->m_len < sizeof(struct sadb_msg)) {
6985 result = m_pullup(result, sizeof(struct sadb_msg));
6986 if (result == NULL) {
6987 error = ENOBUFS;
6988 goto fail;
6989 }
6990 }
6991
6992 result->m_pkthdr.len = 0;
6993 for (m = result; m; m = m->m_next)
6994 result->m_pkthdr.len += m->m_len;
6995
6996 mtod(result, struct sadb_msg *)->sadb_msg_len =
6997 PFKEY_UNIT64(result->m_pkthdr.len);
6998
6999 splx(s);
7000 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
7001
7002 fail:
7003 if (result)
7004 m_freem(result);
7005 splx(s);
7006 return error;
7007 }
7008
7009 /*
7010 * SADB_FLUSH processing
7011 * receive
7012 * <base>
7013 * from the ikmpd, and free all entries in secastree.
7014 * and send,
7015 * <base>
7016 * to the ikmpd.
7017 * NOTE: to do is only marking SADB_SASTATE_DEAD.
7018 *
7019 * m will always be freed.
7020 */
7021 static int
7022 key_flush(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
7023 {
7024 struct sadb_msg *newmsg;
7025 struct secashead *sah, *nextsah;
7026 struct secasvar *sav, *nextsav;
7027 u_int16_t proto;
7028 u_int8_t state;
7029 u_int stateidx;
7030
7031 /* sanity check */
7032 if (so == NULL || mhp == NULL || mhp->msg == NULL)
7033 panic("key_flush: NULL pointer is passed.");
7034
7035 /* map satype to proto */
7036 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7037 ipseclog((LOG_DEBUG, "key_flush: invalid satype is passed.\n"));
7038 return key_senderror(so, m, EINVAL);
7039 }
7040
7041 /* no SATYPE specified, i.e. flushing all SA. */
7042 for (sah = LIST_FIRST(&sahtree); sah != NULL; sah = nextsah) {
7043 nextsah = LIST_NEXT(sah, chain);
7044
7045 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
7046 proto != sah->saidx.proto)
7047 continue;
7048
7049 for (stateidx = 0;
7050 stateidx < _ARRAYLEN(saorder_state_alive);
7051 stateidx++) {
7052 state = saorder_state_any[stateidx];
7053 for (sav = LIST_FIRST(&sah->savtree[state]);
7054 sav != NULL;
7055 sav = nextsav) {
7056
7057 nextsav = LIST_NEXT(sav, chain);
7058
7059 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
7060 key_freesav(sav);
7061 }
7062 }
7063
7064 sah->state = SADB_SASTATE_DEAD;
7065 }
7066
7067 if (m->m_len < sizeof(struct sadb_msg) ||
7068 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
7069 ipseclog((LOG_DEBUG, "key_flush: No more memory.\n"));
7070 return key_senderror(so, m, ENOBUFS);
7071 }
7072
7073 if (m->m_next)
7074 m_freem(m->m_next);
7075 m->m_next = NULL;
7076 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
7077 newmsg = mtod(m, struct sadb_msg *);
7078 newmsg->sadb_msg_errno = 0;
7079 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
7080
7081 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7082 }
7083
7084 /*
7085 * SADB_DUMP processing
7086 * dump all entries including status of DEAD in SAD.
7087 * receive
7088 * <base>
7089 * from the ikmpd, and dump all secasvar leaves
7090 * and send,
7091 * <base> .....
7092 * to the ikmpd.
7093 *
7094 * m will always be freed.
7095 */
7096 static int
7097 key_dump(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
7098 {
7099 struct secashead *sah;
7100 struct secasvar *sav;
7101 u_int16_t proto;
7102 u_int stateidx;
7103 u_int8_t satype;
7104 u_int8_t state;
7105 int cnt, error = 0, needwait = 0;
7106 struct keycb *kp;
7107 struct mbuf *n;
7108
7109 /* sanity check */
7110 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7111 panic("key_dump: NULL pointer is passed.");
7112
7113 /* map satype to proto */
7114 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7115 ipseclog((LOG_DEBUG, "key_dump: invalid satype is passed.\n"));
7116 return key_senderror(so, m, EINVAL);
7117 }
7118
7119 /* count sav entries to be sent to the userland. */
7120 cnt = 0;
7121 LIST_FOREACH(sah, &sahtree, chain) {
7122 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
7123 proto != sah->saidx.proto)
7124 continue;
7125
7126 for (stateidx = 0;
7127 stateidx < _ARRAYLEN(saorder_state_any);
7128 stateidx++) {
7129 state = saorder_state_any[stateidx];
7130 LIST_FOREACH(sav, &sah->savtree[state], chain) {
7131 cnt++;
7132 }
7133 }
7134 }
7135
7136 if (cnt == 0)
7137 return key_senderror(so, m, ENOENT);
7138
7139 /* send this to the userland, one at a time. */
7140 LIST_FOREACH(sah, &sahtree, chain) {
7141 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC &&
7142 proto != sah->saidx.proto)
7143 continue;
7144
7145 /* map proto to satype */
7146 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
7147 ipseclog((LOG_DEBUG, "key_dump: there was invalid proto in SAD.\n"));
7148 return key_senderror(so, m, EINVAL);
7149 }
7150
7151 for (stateidx = 0;
7152 stateidx < _ARRAYLEN(saorder_state_any);
7153 stateidx++) {
7154 state = saorder_state_any[stateidx];
7155 LIST_FOREACH(sav, &sah->savtree[state], chain) {
7156 n = key_setdumpsa(sav, SADB_DUMP, satype,
7157 --cnt, mhp->msg->sadb_msg_pid);
7158 if (!n)
7159 return key_senderror(so, m, ENOBUFS);
7160
7161 error = key_sendup_mbuf(so, n,
7162 KEY_SENDUP_ONE | KEY_SENDUP_CANWAIT);
7163 if (error == EAGAIN)
7164 needwait = 1;
7165 }
7166 }
7167 }
7168
7169 kp = (struct keycb *)sotorawcb(so);
7170 while (needwait && kp->kp_queue)
7171 sbwait(&so->so_rcv);
7172
7173 m_freem(m);
7174 return 0;
7175 }
7176
7177 static struct mbuf *
7178 key_setdump(u_int8_t req_satype, int *errorp)
7179 {
7180 struct secashead *sah;
7181 struct secasvar *sav;
7182 u_int16_t proto;
7183 u_int stateidx;
7184 u_int8_t satype;
7185 u_int8_t state;
7186 int cnt;
7187 struct mbuf *m, *n;
7188
7189 /* map satype to proto */
7190 if ((proto = key_satype2proto(req_satype)) == 0) {
7191 *errorp = EINVAL;
7192 return (NULL);
7193 }
7194
7195 /* count sav entries to be sent to the userland. */
7196 cnt = 0;
7197 LIST_FOREACH(sah, &sahtree, chain) {
7198 if (req_satype != SADB_SATYPE_UNSPEC &&
7199 proto != sah->saidx.proto)
7200 continue;
7201
7202 for (stateidx = 0;
7203 stateidx < _ARRAYLEN(saorder_state_any);
7204 stateidx++) {
7205 state = saorder_state_any[stateidx];
7206 LIST_FOREACH(sav, &sah->savtree[state], chain) {
7207 cnt++;
7208 }
7209 }
7210 }
7211
7212 if (cnt == 0) {
7213 *errorp = ENOENT;
7214 return (NULL);
7215 }
7216
7217 /* send this to the userland, one at a time. */
7218 m = NULL;
7219 LIST_FOREACH(sah, &sahtree, chain) {
7220 if (req_satype != SADB_SATYPE_UNSPEC &&
7221 proto != sah->saidx.proto)
7222 continue;
7223
7224 /* map proto to satype */
7225 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
7226 m_freem(m);
7227 *errorp = EINVAL;
7228 return (NULL);
7229 }
7230
7231 for (stateidx = 0;
7232 stateidx < _ARRAYLEN(saorder_state_any);
7233 stateidx++) {
7234 state = saorder_state_any[stateidx];
7235 LIST_FOREACH(sav, &sah->savtree[state], chain) {
7236 n = key_setdumpsa(sav, SADB_DUMP, satype,
7237 --cnt, 0);
7238 if (!n) {
7239 m_freem(m);
7240 *errorp = ENOBUFS;
7241 return (NULL);
7242 }
7243
7244 if (!m)
7245 m = n;
7246 else
7247 m_cat(m, n);
7248 }
7249 }
7250 }
7251
7252 if (!m) {
7253 *errorp = EINVAL;
7254 return (NULL);
7255 }
7256
7257 if ((m->m_flags & M_PKTHDR) != 0) {
7258 m->m_pkthdr.len = 0;
7259 for (n = m; n; n = n->m_next)
7260 m->m_pkthdr.len += n->m_len;
7261 }
7262
7263 *errorp = 0;
7264 return (m);
7265 }
7266
7267 struct mbuf *
7268 key_setdumpsa_spi(u_int32_t spi)
7269 {
7270 struct mbuf *m, *n;
7271 struct secasvar *sav;
7272 u_int8_t satype;
7273 int cnt;
7274
7275 cnt = 0;
7276 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
7277 if (sav->spi != spi)
7278 continue;
7279 cnt++;
7280 }
7281
7282 if (cnt == 0)
7283 return (NULL);
7284
7285 m = NULL;
7286 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
7287 if (sav->spi != spi)
7288 continue;
7289 satype = key_proto2satype(sav->sah->saidx.proto);
7290 n = key_setdumpsa(sav, SADB_DUMP, satype, --cnt, 0);
7291 if (!m)
7292 m = n;
7293 else if (n)
7294 m_cat(m, n);
7295 }
7296
7297 if (!m)
7298 return (NULL);
7299
7300 if ((m->m_flags & M_PKTHDR) != 0) {
7301 m->m_pkthdr.len = 0;
7302 for (n = m; n; n = n->m_next)
7303 m->m_pkthdr.len += n->m_len;
7304 }
7305
7306 return (m);
7307 }
7308
7309 /*
7310 * SADB_X_PROMISC processing
7311 *
7312 * m will always be freed.
7313 */
7314 static int
7315 key_promisc(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
7316 {
7317 int olen;
7318
7319 /* sanity check */
7320 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7321 panic("key_promisc: NULL pointer is passed.");
7322
7323 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
7324
7325 if (olen < sizeof(struct sadb_msg)) {
7326 #if 1
7327 return key_senderror(so, m, EINVAL);
7328 #else
7329 m_freem(m);
7330 return 0;
7331 #endif
7332 } else if (olen == sizeof(struct sadb_msg)) {
7333 /* enable/disable promisc mode */
7334 struct keycb *kp;
7335
7336 if ((kp = (struct keycb *)sotorawcb(so)) == NULL)
7337 return key_senderror(so, m, EINVAL);
7338 mhp->msg->sadb_msg_errno = 0;
7339 switch (mhp->msg->sadb_msg_satype) {
7340 case 0:
7341 case 1:
7342 kp->kp_promisc = mhp->msg->sadb_msg_satype;
7343 break;
7344 default:
7345 return key_senderror(so, m, EINVAL);
7346 }
7347
7348 /* send the original message back to everyone */
7349 mhp->msg->sadb_msg_errno = 0;
7350 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7351 } else {
7352 /* send packet as is */
7353
7354 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
7355
7356 /* TODO: if sadb_msg_seq is specified, send to specific pid */
7357 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7358 }
7359 }
7360
7361 static int (*key_typesw[])(struct socket *, struct mbuf *,
7362 const struct sadb_msghdr *) = {
7363 NULL, /* SADB_RESERVED */
7364 key_getspi, /* SADB_GETSPI */
7365 key_update, /* SADB_UPDATE */
7366 key_add, /* SADB_ADD */
7367 key_delete, /* SADB_DELETE */
7368 key_get, /* SADB_GET */
7369 key_acquire2, /* SADB_ACQUIRE */
7370 key_register, /* SADB_REGISTER */
7371 NULL, /* SADB_EXPIRE */
7372 key_flush, /* SADB_FLUSH */
7373 key_dump, /* SADB_DUMP */
7374 key_promisc, /* SADB_X_PROMISC */
7375 NULL, /* SADB_X_PCHANGE */
7376 key_spdadd, /* SADB_X_SPDUPDATE */
7377 key_spdadd, /* SADB_X_SPDADD */
7378 key_spddelete, /* SADB_X_SPDDELETE */
7379 key_spdget, /* SADB_X_SPDGET */
7380 NULL, /* SADB_X_SPDACQUIRE */
7381 key_spddump, /* SADB_X_SPDDUMP */
7382 key_spdflush, /* SADB_X_SPDFLUSH */
7383 key_spdadd, /* SADB_X_SPDSETIDX */
7384 NULL, /* SADB_X_SPDEXPIRE */
7385 key_spddelete2, /* SADB_X_SPDDELETE2 */
7386 #ifdef IPSEC_NAT_T
7387 key_nat_map, /* SADB_X_NAT_T_NEW_MAPPING */
7388 #else
7389 NULL,
7390 #endif
7391 };
7392
7393 /*
7394 * parse sadb_msg buffer to process PFKEYv2,
7395 * and create a data to response if needed.
7396 * I think to be dealed with mbuf directly.
7397 * IN:
7398 * msgp : pointer to pointer to a received buffer pulluped.
7399 * This is rewrited to response.
7400 * so : pointer to socket.
7401 * OUT:
7402 * length for buffer to send to user process.
7403 */
7404 int
7405 key_parse(struct mbuf *m, struct socket *so)
7406 {
7407 struct sadb_msg *msg;
7408 struct sadb_msghdr mh;
7409 u_int orglen;
7410 int error;
7411 int target;
7412 #ifdef INET6
7413 struct sockaddr_in6 *sin6;
7414 #endif
7415
7416 /* sanity check */
7417 if (m == NULL || so == NULL)
7418 panic("key_parse: NULL pointer is passed.");
7419
7420 #if 0 /*kdebug_sadb assumes msg in linear buffer*/
7421 KEYDEBUG(KEYDEBUG_KEY_DUMP,
7422 ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n"));
7423 kdebug_sadb(msg));
7424 #endif
7425
7426 if (m->m_len < sizeof(struct sadb_msg)) {
7427 m = m_pullup(m, sizeof(struct sadb_msg));
7428 if (!m)
7429 return ENOBUFS;
7430 }
7431 msg = mtod(m, struct sadb_msg *);
7432 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
7433 target = KEY_SENDUP_ONE;
7434
7435 if ((m->m_flags & M_PKTHDR) == 0 ||
7436 m->m_pkthdr.len != m->m_pkthdr.len) {
7437 ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n"));
7438 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN);
7439 error = EINVAL;
7440 goto senderror;
7441 }
7442
7443 if (msg->sadb_msg_version != PF_KEY_V2) {
7444 ipseclog((LOG_DEBUG,
7445 "key_parse: PF_KEY version %u is mismatched.\n",
7446 msg->sadb_msg_version));
7447 PFKEY_STATINC(PFKEY_STAT_OUT_INVVER);
7448 error = EINVAL;
7449 goto senderror;
7450 }
7451
7452 if (msg->sadb_msg_type > SADB_MAX) {
7453 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
7454 msg->sadb_msg_type));
7455 PFKEY_STATINC(PFKEY_STAT_OUT_INVMSGTYPE);
7456 error = EINVAL;
7457 goto senderror;
7458 }
7459
7460 /* for old-fashioned code - should be nuked */
7461 if (m->m_pkthdr.len > MCLBYTES) {
7462 m_freem(m);
7463 return ENOBUFS;
7464 }
7465 if (m->m_next) {
7466 struct mbuf *n;
7467
7468 MGETHDR(n, M_DONTWAIT, MT_DATA);
7469 if (n && m->m_pkthdr.len > MHLEN) {
7470 MCLGET(n, M_DONTWAIT);
7471 if ((n->m_flags & M_EXT) == 0) {
7472 m_free(n);
7473 n = NULL;
7474 }
7475 }
7476 if (!n) {
7477 m_freem(m);
7478 return ENOBUFS;
7479 }
7480 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, void *));
7481 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
7482 n->m_next = NULL;
7483 m_freem(m);
7484 m = n;
7485 }
7486
7487 /* align the mbuf chain so that extensions are in contiguous region. */
7488 error = key_align(m, &mh);
7489 if (error)
7490 return error;
7491
7492 msg = mh.msg;
7493
7494 /* check SA type */
7495 switch (msg->sadb_msg_satype) {
7496 case SADB_SATYPE_UNSPEC:
7497 switch (msg->sadb_msg_type) {
7498 case SADB_GETSPI:
7499 case SADB_UPDATE:
7500 case SADB_ADD:
7501 case SADB_DELETE:
7502 case SADB_GET:
7503 case SADB_ACQUIRE:
7504 case SADB_EXPIRE:
7505 ipseclog((LOG_DEBUG, "key_parse: must specify satype "
7506 "when msg type=%u.\n", msg->sadb_msg_type));
7507 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7508 error = EINVAL;
7509 goto senderror;
7510 }
7511 break;
7512 case SADB_SATYPE_AH:
7513 case SADB_SATYPE_ESP:
7514 case SADB_X_SATYPE_IPCOMP:
7515 case SADB_X_SATYPE_TCPSIGNATURE:
7516 switch (msg->sadb_msg_type) {
7517 case SADB_X_SPDADD:
7518 case SADB_X_SPDDELETE:
7519 case SADB_X_SPDGET:
7520 case SADB_X_SPDDUMP:
7521 case SADB_X_SPDFLUSH:
7522 case SADB_X_SPDSETIDX:
7523 case SADB_X_SPDUPDATE:
7524 case SADB_X_SPDDELETE2:
7525 ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n",
7526 msg->sadb_msg_type));
7527 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7528 error = EINVAL;
7529 goto senderror;
7530 }
7531 break;
7532 case SADB_SATYPE_RSVP:
7533 case SADB_SATYPE_OSPFV2:
7534 case SADB_SATYPE_RIPV2:
7535 case SADB_SATYPE_MIP:
7536 ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n",
7537 msg->sadb_msg_satype));
7538 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7539 error = EOPNOTSUPP;
7540 goto senderror;
7541 case 1: /* XXX: What does it do? */
7542 if (msg->sadb_msg_type == SADB_X_PROMISC)
7543 break;
7544 /*FALLTHROUGH*/
7545 default:
7546 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
7547 msg->sadb_msg_satype));
7548 PFKEY_STATINC(PFKEY_STAT_OUT_INVSATYPE);
7549 error = EINVAL;
7550 goto senderror;
7551 }
7552
7553 /* check field of upper layer protocol and address family */
7554 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL &&
7555 mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
7556 struct sadb_address *src0, *dst0;
7557 u_int plen;
7558
7559 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
7560 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
7561
7562 /* check upper layer protocol */
7563 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
7564 ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n"));
7565 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7566 error = EINVAL;
7567 goto senderror;
7568 }
7569
7570 /* check family */
7571 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
7572 PFKEY_ADDR_SADDR(dst0)->sa_family) {
7573 ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n"));
7574 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7575 error = EINVAL;
7576 goto senderror;
7577 }
7578 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7579 PFKEY_ADDR_SADDR(dst0)->sa_len) {
7580 ipseclog((LOG_DEBUG,
7581 "key_parse: address struct size mismatched.\n"));
7582 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7583 error = EINVAL;
7584 goto senderror;
7585 }
7586
7587 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
7588 case AF_INET:
7589 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7590 sizeof(struct sockaddr_in)) {
7591 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7592 error = EINVAL;
7593 goto senderror;
7594 }
7595 break;
7596 case AF_INET6:
7597 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7598 sizeof(struct sockaddr_in6)) {
7599 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7600 error = EINVAL;
7601 goto senderror;
7602 }
7603 #ifdef INET6
7604 /*
7605 * Check validity of the scope zone ID of the
7606 * addresses, and embed the zone ID into the address
7607 * if necessary.
7608 */
7609 sin6 = (struct sockaddr_in6 *)PFKEY_ADDR_SADDR(src0);
7610 if ((error = sa6_embedscope(sin6, 0)) != 0)
7611 goto senderror;
7612 sin6 = (struct sockaddr_in6 *)PFKEY_ADDR_SADDR(dst0);
7613 if ((error = sa6_embedscope(sin6, 0)) != 0)
7614 goto senderror;
7615 #endif
7616 break;
7617 default:
7618 ipseclog((LOG_DEBUG,
7619 "key_parse: unsupported address family.\n"));
7620 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7621 error = EAFNOSUPPORT;
7622 goto senderror;
7623 }
7624
7625 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
7626 case AF_INET:
7627 plen = sizeof(struct in_addr) << 3;
7628 break;
7629 case AF_INET6:
7630 plen = sizeof(struct in6_addr) << 3;
7631 break;
7632 default:
7633 plen = 0; /*fool gcc*/
7634 break;
7635 }
7636
7637 /* check max prefix length */
7638 if (src0->sadb_address_prefixlen > plen ||
7639 dst0->sadb_address_prefixlen > plen) {
7640 ipseclog((LOG_DEBUG,
7641 "key_parse: illegal prefixlen.\n"));
7642 PFKEY_STATINC(PFKEY_STAT_OUT_INVADDR);
7643 error = EINVAL;
7644 goto senderror;
7645 }
7646
7647 /*
7648 * prefixlen == 0 is valid because there can be a case when
7649 * all addresses are matched.
7650 */
7651 }
7652
7653 if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
7654 key_typesw[msg->sadb_msg_type] == NULL) {
7655 PFKEY_STATINC(PFKEY_STAT_OUT_INVMSGTYPE);
7656 error = EINVAL;
7657 goto senderror;
7658 }
7659
7660 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
7661
7662 senderror:
7663 msg->sadb_msg_errno = error;
7664 return key_sendup_mbuf(so, m, target);
7665 }
7666
7667 static int
7668 key_senderror(struct socket *so, struct mbuf *m, int code)
7669 {
7670 struct sadb_msg *msg;
7671
7672 if (m->m_len < sizeof(struct sadb_msg))
7673 panic("invalid mbuf passed to key_senderror");
7674
7675 msg = mtod(m, struct sadb_msg *);
7676 msg->sadb_msg_errno = code;
7677 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
7678 }
7679
7680 /*
7681 * set the pointer to each header into message buffer.
7682 * m will be freed on error.
7683 * XXX larger-than-MCLBYTES extension?
7684 */
7685 static int
7686 key_align(struct mbuf *m, struct sadb_msghdr *mhp)
7687 {
7688 struct mbuf *n;
7689 struct sadb_ext *ext;
7690 size_t off, end;
7691 int extlen;
7692 int toff;
7693
7694 /* sanity check */
7695 if (m == NULL || mhp == NULL)
7696 panic("key_align: NULL pointer is passed.");
7697 if (m->m_len < sizeof(struct sadb_msg))
7698 panic("invalid mbuf passed to key_align");
7699
7700 /* initialize */
7701 memset(mhp, 0, sizeof(*mhp));
7702
7703 mhp->msg = mtod(m, struct sadb_msg *);
7704 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */
7705
7706 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
7707 extlen = end; /*just in case extlen is not updated*/
7708 for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
7709 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
7710 if (!n) {
7711 /* m is already freed */
7712 return ENOBUFS;
7713 }
7714 ext = (struct sadb_ext *)(mtod(n, char *) + toff);
7715
7716 /* set pointer */
7717 switch (ext->sadb_ext_type) {
7718 case SADB_EXT_SA:
7719 case SADB_EXT_ADDRESS_SRC:
7720 case SADB_EXT_ADDRESS_DST:
7721 case SADB_EXT_ADDRESS_PROXY:
7722 case SADB_EXT_LIFETIME_CURRENT:
7723 case SADB_EXT_LIFETIME_HARD:
7724 case SADB_EXT_LIFETIME_SOFT:
7725 case SADB_EXT_KEY_AUTH:
7726 case SADB_EXT_KEY_ENCRYPT:
7727 case SADB_EXT_IDENTITY_SRC:
7728 case SADB_EXT_IDENTITY_DST:
7729 case SADB_EXT_SENSITIVITY:
7730 case SADB_EXT_PROPOSAL:
7731 case SADB_EXT_SUPPORTED_AUTH:
7732 case SADB_EXT_SUPPORTED_ENCRYPT:
7733 case SADB_EXT_SPIRANGE:
7734 case SADB_X_EXT_POLICY:
7735 case SADB_X_EXT_SA2:
7736 #ifdef IPSEC_NAT_T
7737 case SADB_X_EXT_NAT_T_TYPE:
7738 case SADB_X_EXT_NAT_T_SPORT:
7739 case SADB_X_EXT_NAT_T_DPORT:
7740 case SADB_X_EXT_NAT_T_OA:
7741 case SADB_X_EXT_NAT_T_FRAG:
7742 #endif
7743 #ifdef SADB_X_EXT_TAG
7744 case SADB_X_EXT_TAG:
7745 #endif
7746 /* duplicate check */
7747 /*
7748 * XXX Are there duplication payloads of either
7749 * KEY_AUTH or KEY_ENCRYPT ?
7750 */
7751 if (mhp->ext[ext->sadb_ext_type] != NULL) {
7752 ipseclog((LOG_DEBUG,
7753 "key_align: duplicate ext_type %u "
7754 "is passed.\n", ext->sadb_ext_type));
7755 m_freem(m);
7756 PFKEY_STATINC(PFKEY_STAT_OUT_DUPEXT);
7757 return EINVAL;
7758 }
7759 break;
7760 default:
7761 ipseclog((LOG_DEBUG,
7762 "key_align: invalid ext_type %u is passed.\n",
7763 ext->sadb_ext_type));
7764 m_freem(m);
7765 PFKEY_STATINC(PFKEY_STAT_OUT_INVEXTTYPE);
7766 return EINVAL;
7767 }
7768
7769 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
7770
7771 if (key_validate_ext(ext, extlen)) {
7772 m_freem(m);
7773 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN);
7774 return EINVAL;
7775 }
7776
7777 n = m_pulldown(m, off, extlen, &toff);
7778 if (!n) {
7779 /* m is already freed */
7780 return ENOBUFS;
7781 }
7782 ext = (struct sadb_ext *)(mtod(n, char *) + toff);
7783
7784 mhp->ext[ext->sadb_ext_type] = ext;
7785 mhp->extoff[ext->sadb_ext_type] = off;
7786 mhp->extlen[ext->sadb_ext_type] = extlen;
7787 }
7788
7789 if (off != end) {
7790 m_freem(m);
7791 PFKEY_STATINC(PFKEY_STAT_OUT_INVLEN);
7792 return EINVAL;
7793 }
7794
7795 return 0;
7796 }
7797
7798 static int
7799 key_validate_ext(const struct sadb_ext *ext, int len)
7800 {
7801 const struct sockaddr *sa;
7802 enum { NONE, ADDR } checktype = NONE;
7803 int baselen = 0;
7804 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
7805
7806 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
7807 return EINVAL;
7808
7809 /* if it does not match minimum/maximum length, bail */
7810 if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) ||
7811 ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0]))
7812 return EINVAL;
7813 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
7814 return EINVAL;
7815 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
7816 return EINVAL;
7817
7818 /* more checks based on sadb_ext_type XXX need more */
7819 switch (ext->sadb_ext_type) {
7820 case SADB_EXT_ADDRESS_SRC:
7821 case SADB_EXT_ADDRESS_DST:
7822 case SADB_EXT_ADDRESS_PROXY:
7823 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
7824 checktype = ADDR;
7825 break;
7826 case SADB_EXT_IDENTITY_SRC:
7827 case SADB_EXT_IDENTITY_DST:
7828 if (((const struct sadb_ident *)ext)->sadb_ident_type ==
7829 SADB_X_IDENTTYPE_ADDR) {
7830 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
7831 checktype = ADDR;
7832 } else
7833 checktype = NONE;
7834 break;
7835 default:
7836 checktype = NONE;
7837 break;
7838 }
7839
7840 switch (checktype) {
7841 case NONE:
7842 break;
7843 case ADDR:
7844 sa = (const struct sockaddr *)((const char *)ext + baselen);
7845 if (len < baselen + sal)
7846 return EINVAL;
7847 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
7848 return EINVAL;
7849 break;
7850 }
7851
7852 return 0;
7853 }
7854
7855 static int
7856 key_do_init(void)
7857 {
7858 int i;
7859
7860 pfkeystat_percpu = percpu_alloc(sizeof(uint64_t) * PFKEY_NSTATS);
7861
7862 memset((void *)&key_cb, 0, sizeof(key_cb));
7863
7864 callout_init(&key_timehandler_ch, 0);
7865
7866 for (i = 0; i < IPSEC_DIR_MAX; i++)
7867 LIST_INIT(&sptree[i]);
7868
7869 LIST_INIT(&sahtree);
7870
7871 for (i = 0; i <= SADB_SATYPE_MAX; i++)
7872 LIST_INIT(&regtree[i]);
7873
7874 for (i = 0; i < SPIHASHSIZE; i++)
7875 LIST_INIT(&spihash[i]);
7876
7877 #ifndef IPSEC_NONBLOCK_ACQUIRE
7878 LIST_INIT(&acqtree);
7879 #endif
7880 LIST_INIT(&spacqtree);
7881
7882 TAILQ_INIT(&satailq);
7883 TAILQ_INIT(&sptailq);
7884
7885 /* system default */
7886 #ifdef INET
7887 ip4_def_policy = key_newsp(0);
7888 if (!ip4_def_policy)
7889 panic("could not initialize IPv4 default security policy");
7890 ip4_def_policy->state = IPSEC_SPSTATE_ALIVE;
7891 ip4_def_policy->policy = IPSEC_POLICY_NONE;
7892 ip4_def_policy->dir = IPSEC_DIR_ANY;
7893 ip4_def_policy->readonly = 1;
7894 ip4_def_policy->persist = 1;
7895 #endif
7896 #ifdef INET6
7897 ip6_def_policy = key_newsp(0);
7898 if (!ip6_def_policy)
7899 panic("could not initialize IPv6 default security policy");
7900 ip6_def_policy->state = IPSEC_SPSTATE_ALIVE;
7901 ip6_def_policy->policy = IPSEC_POLICY_NONE;
7902 ip6_def_policy->dir = IPSEC_DIR_ANY;
7903 ip6_def_policy->readonly = 1;
7904 ip6_def_policy->persist = 1;
7905 #endif
7906
7907 callout_reset(&key_timehandler_ch, hz, key_timehandler, (void *)0);
7908
7909 /* initialize key statistics */
7910 keystat.getspi_count = 1;
7911
7912 printf("IPsec: Initialized Security Association Processing.\n");
7913
7914 return (0);
7915 }
7916
7917 void
7918 key_init(void)
7919 {
7920 static ONCE_DECL(key_init_once);
7921
7922 RUN_ONCE(&key_init_once, key_do_init);
7923 }
7924
7925 /*
7926 * XXX: maybe This function is called after INBOUND IPsec processing.
7927 *
7928 * Special check for tunnel-mode packets.
7929 * We must make some checks for consistency between inner and outer IP header.
7930 *
7931 * xxx more checks to be provided
7932 */
7933 int
7934 key_checktunnelsanity(struct secasvar *sav, u_int family,
7935 void *src, void *dst)
7936 {
7937 /* sanity check */
7938 if (sav->sah == NULL)
7939 panic("sav->sah == NULL at key_checktunnelsanity");
7940
7941 /* XXX: check inner IP header */
7942
7943 return 1;
7944 }
7945
7946 #if 0
7947 /*
7948 * Get FQDN for the host.
7949 * If the administrator configured hostname (by hostname(1)) without
7950 * domain name, returns nothing.
7951 */
7952 static const char *
7953 key_getfqdn(void)
7954 {
7955 int i;
7956 int hasdot;
7957 static char fqdn[MAXHOSTNAMELEN + 1];
7958
7959 if (!hostnamelen)
7960 return NULL;
7961
7962 /* check if it comes with domain name. */
7963 hasdot = 0;
7964 for (i = 0; i < hostnamelen; i++) {
7965 if (hostname[i] == '.')
7966 hasdot++;
7967 }
7968 if (!hasdot)
7969 return NULL;
7970
7971 /* NOTE: hostname may not be NUL-terminated. */
7972 memset(fqdn, 0, sizeof(fqdn));
7973 memcpy(fqdn, hostname, hostnamelen);
7974 fqdn[hostnamelen] = '\0';
7975 return fqdn;
7976 }
7977
7978 /*
7979 * get username@FQDN for the host/user.
7980 */
7981 static const char *
7982 key_getuserfqdn(void)
7983 {
7984 const char *host;
7985 static char userfqdn[MAXHOSTNAMELEN + MAXLOGNAME + 2];
7986 struct proc *p = curproc;
7987 char *q;
7988
7989 if (!p || !p->p_pgrp || !p->p_pgrp->pg_session)
7990 return NULL;
7991 if (!(host = key_getfqdn()))
7992 return NULL;
7993
7994 /* NOTE: s_login may not be-NUL terminated. */
7995 memset(userfqdn, 0, sizeof(userfqdn));
7996 memcpy(userfqdn, p->p_pgrp->pg_session->s_login, MAXLOGNAME);
7997 userfqdn[MAXLOGNAME] = '\0'; /* safeguard */
7998 q = userfqdn + strlen(userfqdn);
7999 *q++ = '@';
8000 memcpy(q, host, strlen(host));
8001 q += strlen(host);
8002 *q++ = '\0';
8003
8004 return userfqdn;
8005 }
8006 #endif
8007
8008 /* record data transfer on SA, and update timestamps */
8009 void
8010 key_sa_recordxfer(struct secasvar *sav, struct mbuf *m)
8011 {
8012 if (!sav)
8013 panic("key_sa_recordxfer called with sav == NULL");
8014 if (!m)
8015 panic("key_sa_recordxfer called with m == NULL");
8016 if (!sav->lft_c)
8017 return;
8018
8019 /*
8020 * XXX Currently, there is a difference of bytes size
8021 * between inbound and outbound processing.
8022 */
8023 sav->lft_c->sadb_lifetime_bytes += m->m_pkthdr.len;
8024 /* to check bytes lifetime is done in key_timehandler(). */
8025
8026 /*
8027 * We use the number of packets as the unit of
8028 * sadb_lifetime_allocations. We increment the variable
8029 * whenever {esp,ah}_{in,out}put is called.
8030 */
8031 sav->lft_c->sadb_lifetime_allocations++;
8032 /* XXX check for expires? */
8033
8034 /*
8035 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
8036 * in seconds. HARD and SOFT lifetime are measured by the time
8037 * difference (again in seconds) from sadb_lifetime_usetime.
8038 *
8039 * usetime
8040 * v expire expire
8041 * -----+-----+--------+---> t
8042 * <--------------> HARD
8043 * <-----> SOFT
8044 */
8045 {
8046 sav->lft_c->sadb_lifetime_usetime = time_second;
8047 /* XXX check for expires? */
8048 }
8049
8050 return;
8051 }
8052
8053 /* dumb version */
8054 void
8055 key_sa_routechange(struct sockaddr *dst)
8056 {
8057 struct secashead *sah;
8058 struct route *ro;
8059 const struct sockaddr *sa;
8060
8061 LIST_FOREACH(sah, &sahtree, chain) {
8062 ro = &sah->sa_route;
8063 sa = rtcache_getdst(ro);
8064 if (sa != NULL && dst->sa_len == sa->sa_len &&
8065 memcmp(dst, sa, dst->sa_len) == 0)
8066 rtcache_free(ro);
8067 }
8068
8069 return;
8070 }
8071
8072 static void
8073 key_sa_chgstate(struct secasvar *sav, u_int8_t state)
8074 {
8075 if (sav == NULL)
8076 panic("key_sa_chgstate called with sav == NULL");
8077
8078 if (sav->state == state)
8079 return;
8080
8081 if (__LIST_CHAINED(sav))
8082 LIST_REMOVE(sav, chain);
8083
8084 sav->state = state;
8085 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
8086 }
8087
8088 void
8089 key_sa_stir_iv(struct secasvar *sav)
8090 {
8091
8092 if (!sav->iv)
8093 panic("key_sa_stir_iv called with sav == NULL");
8094 key_randomfill(sav->iv, sav->ivlen);
8095 }
8096
8097 static void
8098 key_sp_dead(struct secpolicy *sp)
8099 {
8100
8101 /* mark the SP dead */
8102 sp->state = IPSEC_SPSTATE_DEAD;
8103 }
8104
8105 static void
8106 key_sp_unlink(struct secpolicy *sp)
8107 {
8108
8109 /* remove from SP index */
8110 if (__LIST_CHAINED(sp)) {
8111 LIST_REMOVE(sp, chain);
8112 key_freesp(sp);
8113 }
8114 }
8115
8116 /* XXX too much? */
8117 static struct mbuf *
8118 key_alloc_mbuf(int l)
8119 {
8120 struct mbuf *m = NULL, *n;
8121 int len, t;
8122
8123 len = l;
8124 while (len > 0) {
8125 MGET(n, M_DONTWAIT, MT_DATA);
8126 if (n && len > MLEN)
8127 MCLGET(n, M_DONTWAIT);
8128 if (!n) {
8129 m_freem(m);
8130 return NULL;
8131 }
8132
8133 n->m_next = NULL;
8134 n->m_len = 0;
8135 n->m_len = M_TRAILINGSPACE(n);
8136 /* use the bottom of mbuf, hoping we can prepend afterwards */
8137 if (n->m_len > len) {
8138 t = (n->m_len - len) & ~(sizeof(long) - 1);
8139 n->m_data += t;
8140 n->m_len = len;
8141 }
8142
8143 len -= n->m_len;
8144
8145 if (m)
8146 m_cat(m, n);
8147 else
8148 m = n;
8149 }
8150
8151 return m;
8152 }
8153
8154 static int
8155 sysctl_net_key_dumpsa(SYSCTLFN_ARGS)
8156 {
8157 struct mbuf *m, *n;
8158 int err2 = 0;
8159 char *p, *ep;
8160 size_t len;
8161 int s, error;
8162
8163 if (newp)
8164 return (EPERM);
8165 if (namelen != 1)
8166 return (EINVAL);
8167
8168 s = splsoftnet();
8169 m = key_setdump(name[0], &error);
8170 splx(s);
8171 if (!m)
8172 return (error);
8173 if (!oldp)
8174 *oldlenp = m->m_pkthdr.len;
8175 else {
8176 p = oldp;
8177 if (*oldlenp < m->m_pkthdr.len) {
8178 err2 = ENOMEM;
8179 ep = p + *oldlenp;
8180 } else {
8181 *oldlenp = m->m_pkthdr.len;
8182 ep = p + m->m_pkthdr.len;
8183 }
8184 for (n = m; n; n = n->m_next) {
8185 len = (ep - p < n->m_len) ?
8186 ep - p : n->m_len;
8187 error = copyout(mtod(n, const void *), p, len);
8188 p += len;
8189 if (error)
8190 break;
8191 }
8192 if (error == 0)
8193 error = err2;
8194 }
8195 m_freem(m);
8196
8197 return (error);
8198 }
8199
8200 static int
8201 sysctl_net_key_dumpsp(SYSCTLFN_ARGS)
8202 {
8203 struct mbuf *m, *n;
8204 int err2 = 0;
8205 char *p, *ep;
8206 size_t len;
8207 int s, error;
8208
8209 if (newp)
8210 return (EPERM);
8211 if (namelen != 0)
8212 return (EINVAL);
8213
8214 s = splsoftnet();
8215 m = key_setspddump(&error);
8216 splx(s);
8217 if (!m)
8218 return (error);
8219 if (!oldp)
8220 *oldlenp = m->m_pkthdr.len;
8221 else {
8222 p = oldp;
8223 if (*oldlenp < m->m_pkthdr.len) {
8224 err2 = ENOMEM;
8225 ep = p + *oldlenp;
8226 } else {
8227 *oldlenp = m->m_pkthdr.len;
8228 ep = p + m->m_pkthdr.len;
8229 }
8230 for (n = m; n; n = n->m_next) {
8231 len = (ep - p < n->m_len) ?
8232 ep - p : n->m_len;
8233 error = copyout(mtod(n, const void *), p, len);
8234 p += len;
8235 if (error)
8236 break;
8237 }
8238 if (error == 0)
8239 error = err2;
8240 }
8241 m_freem(m);
8242
8243 return (error);
8244 }
8245
8246 static int
8247 sysctl_net_key_stats(SYSCTLFN_ARGS)
8248 {
8249
8250 return (NETSTAT_SYSCTL(pfkeystat_percpu, PFKEY_NSTATS));
8251 }
8252
8253 SYSCTL_SETUP(sysctl_net_key_setup, "sysctl net.key subtree setup")
8254 {
8255
8256 sysctl_createv(clog, 0, NULL, NULL,
8257 CTLFLAG_PERMANENT,
8258 CTLTYPE_NODE, "net", NULL,
8259 NULL, 0, NULL, 0,
8260 CTL_NET, CTL_EOL);
8261 sysctl_createv(clog, 0, NULL, NULL,
8262 CTLFLAG_PERMANENT,
8263 CTLTYPE_NODE, "key", NULL,
8264 NULL, 0, NULL, 0,
8265 CTL_NET, PF_KEY, CTL_EOL);
8266
8267 sysctl_createv(clog, 0, NULL, NULL,
8268 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8269 CTLTYPE_INT, "debug", NULL,
8270 NULL, 0, &key_debug_level, 0,
8271 CTL_NET, PF_KEY, KEYCTL_DEBUG_LEVEL, CTL_EOL);
8272 sysctl_createv(clog, 0, NULL, NULL,
8273 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8274 CTLTYPE_INT, "spi_try", NULL,
8275 NULL, 0, &key_spi_trycnt, 0,
8276 CTL_NET, PF_KEY, KEYCTL_SPI_TRY, CTL_EOL);
8277 sysctl_createv(clog, 0, NULL, NULL,
8278 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8279 CTLTYPE_INT, "spi_min_value", NULL,
8280 NULL, 0, &key_spi_minval, 0,
8281 CTL_NET, PF_KEY, KEYCTL_SPI_MIN_VALUE, CTL_EOL);
8282 sysctl_createv(clog, 0, NULL, NULL,
8283 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8284 CTLTYPE_INT, "spi_max_value", NULL,
8285 NULL, 0, &key_spi_maxval, 0,
8286 CTL_NET, PF_KEY, KEYCTL_SPI_MAX_VALUE, CTL_EOL);
8287 sysctl_createv(clog, 0, NULL, NULL,
8288 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8289 CTLTYPE_INT, "larval_lifetime", NULL,
8290 NULL, 0, &key_larval_lifetime, 0,
8291 CTL_NET, PF_KEY, KEYCTL_LARVAL_LIFETIME, CTL_EOL);
8292 sysctl_createv(clog, 0, NULL, NULL,
8293 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8294 CTLTYPE_INT, "blockacq_count", NULL,
8295 NULL, 0, &key_blockacq_count, 0,
8296 CTL_NET, PF_KEY, KEYCTL_BLOCKACQ_COUNT, CTL_EOL);
8297 sysctl_createv(clog, 0, NULL, NULL,
8298 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8299 CTLTYPE_INT, "blockacq_lifetime", NULL,
8300 NULL, 0, &key_blockacq_lifetime, 0,
8301 CTL_NET, PF_KEY, KEYCTL_BLOCKACQ_LIFETIME, CTL_EOL);
8302 sysctl_createv(clog, 0, NULL, NULL,
8303 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8304 CTLTYPE_INT, "esp_keymin", NULL,
8305 NULL, 0, &ipsec_esp_keymin, 0,
8306 CTL_NET, PF_KEY, KEYCTL_ESP_KEYMIN, CTL_EOL);
8307 sysctl_createv(clog, 0, NULL, NULL,
8308 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8309 CTLTYPE_INT, "esp_auth", NULL,
8310 NULL, 0, &ipsec_esp_auth, 0,
8311 CTL_NET, PF_KEY, KEYCTL_ESP_AUTH, CTL_EOL);
8312 sysctl_createv(clog, 0, NULL, NULL,
8313 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
8314 CTLTYPE_INT, "ah_keymin", NULL,
8315 NULL, 0, &ipsec_ah_keymin, 0,
8316 CTL_NET, PF_KEY, KEYCTL_AH_KEYMIN, CTL_EOL);
8317 sysctl_createv(clog, 0, NULL, NULL,
8318 CTLFLAG_PERMANENT,
8319 CTLTYPE_STRUCT, "dumpsa", NULL,
8320 sysctl_net_key_dumpsa, 0, NULL, 0,
8321 CTL_NET, PF_KEY, KEYCTL_DUMPSA, CTL_EOL);
8322 sysctl_createv(clog, 0, NULL, NULL,
8323 CTLFLAG_PERMANENT,
8324 CTLTYPE_STRUCT, "dumpsp", NULL,
8325 sysctl_net_key_dumpsp, 0, NULL, 0,
8326 CTL_NET, PF_KEY, KEYCTL_DUMPSP, CTL_EOL);
8327 sysctl_createv(clog, 0, NULL, NULL,
8328 CTLFLAG_PERMANENT,
8329 CTLTYPE_STRUCT, "stats",
8330 SYSCTL_DESCR("PF_KEY statistics"),
8331 sysctl_net_key_stats, 0, NULL, 0,
8332 CTL_NET, PF_KEY, CTL_CREATE, CTL_EOL);
8333 }
NetBSD on the FriendlyARM MINI2440