sys/netkey/keydb.c

   1 /*      $NetBSD: keydb.c,v 1.18 2009/03/14 15:36:24 dsl Exp $   */
   2 /*      $KAME: keydb.c,v 1.81 2003/09/07 05:25:20 itojun Exp $  */
   3
   4 /*
   5  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  * 1. Redistributions of source code must retain the above copyright
  12  *    notice, this list of conditions and the following disclaimer.
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  * 3. Neither the name of the project nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
  21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31  */
  32
  33 #include <sys/cdefs.h>
  34 __KERNEL_RCSID(0, "$NetBSD: keydb.c,v 1.18 2009/03/14 15:36:24 dsl Exp $");
  35
  36 #include "opt_inet.h"
  37 #include "opt_ipsec.h"
  38
  39 #include <sys/param.h>
  40 #include <sys/socket.h>
  41 #include <sys/systm.h>
  42 #include <sys/kernel.h>
  43 #include <sys/malloc.h>
  44 #include <sys/errno.h>
  45 #include <sys/queue.h>
  46 #include <sys/mbuf.h>
  47
  48 #include <net/if.h>
  49 #include <net/route.h>
  50
  51 #include <netinet/in.h>
  52
  53 #include <net/pfkeyv2.h>
  54 #include <netkey/keydb.h>
  55 #include <netkey/key.h>
  56 #include <netinet6/ipsec.h>
  57
  58 #include <net/net_osdep.h>
  59
  60 MALLOC_DEFINE(M_SECA, "key mgmt", "security associations, key management");
  61
  62 /*
  63  * secpolicy management
  64  */
  65 struct secpolicy *
  66 keydb_newsecpolicy(void)
  67 {
  68         struct secpolicy *p;
  69
  70         p = (struct secpolicy *)malloc(sizeof(*p), M_SECA, M_NOWAIT|M_ZERO);
  71         if (!p)
  72                 return p;
  73         TAILQ_INSERT_TAIL(&sptailq, p, tailq);
  74
  75         return p;
  76 }
  77
  78 u_int32_t
  79 keydb_newspid(void)
  80 {
  81         u_int32_t newid = 0;
  82         static u_int32_t lastalloc = IPSEC_MANUAL_POLICYID_MAX;
  83         struct secpolicy *sp;
  84
  85         newid = lastalloc + 1;
  86         /* XXX possible infinite loop */
  87 again:
  88         TAILQ_FOREACH(sp, &sptailq, tailq) {
  89                 if (sp->id == newid)
  90                         break;
  91         }
  92         if (sp != NULL) {
  93                 if (newid + 1 < newid)  /* wraparound */
  94                         newid = IPSEC_MANUAL_POLICYID_MAX + 1;
  95                 else
  96                         newid++;
  97                 goto again;
  98         }
  99         lastalloc = newid;
 100
 101         return newid;
 102 }
 103
 104 void
 105 keydb_delsecpolicy(struct secpolicy *p)
 106 {
 107
 108         TAILQ_REMOVE(&sptailq, p, tailq);
 109         if (p->spidx)
 110                 free(p->spidx, M_SECA);
 111 #ifdef SADB_X_EXT_TAG
 112         if (p->tag)
 113                 m_nametag_unref(p->tag);
 114 #endif
 115         free(p, M_SECA);
 116 }
 117
 118 int
 119 keydb_setsecpolicyindex(struct secpolicy *p, struct secpolicyindex *idx)
 120 {
 121
 122         if (!p->spidx)
 123                 p->spidx = (struct secpolicyindex *)malloc(sizeof(*p->spidx),
 124                     M_SECA, M_NOWAIT);
 125         if (!p->spidx)
 126                 return ENOMEM;
 127         *p->spidx = *idx;
 128         return 0;
 129 }
 130
 131 /*
 132  * secashead management
 133  */
 134 struct secashead *
 135 keydb_newsecashead(void)
 136 {
 137         struct secashead *p;
 138         int i;
 139
 140         p = (struct secashead *)malloc(sizeof(*p), M_SECA, M_NOWAIT|M_ZERO);
 141         if (!p)
 142                 return p;
 143         for (i = 0; i < sizeof(p->savtree)/sizeof(p->savtree[0]); i++)
 144                 LIST_INIT(&p->savtree[i]);
 145         return p;
 146 }
 147
 148 void
 149 keydb_delsecashead(struct secashead *p)
 150 {
 151
 152         free(p, M_SECA);
 153 }
 154
 155 /*
 156  * secasvar management (reference counted)
 157  */
 158 struct secasvar *
 159 keydb_newsecasvar(void)
 160 {
 161         struct secasvar *p, *q;
 162         static u_int32_t said = 0;
 163
 164         p = (struct secasvar *)malloc(sizeof(*p), M_SECA, M_NOWAIT|M_ZERO);
 165         if (!p)
 166                 return p;
 167
 168 again:
 169         said++;
 170         if (said == 0)
 171                 said++;
 172         TAILQ_FOREACH(q, &satailq, tailq) {
 173                 if (q->id == said)
 174                         goto again;
 175                 if (TAILQ_NEXT(q, tailq)) {
 176                         if (q->id < said && said < TAILQ_NEXT(q, tailq)->id)
 177                                 break;
 178                         if (q->id + 1 < TAILQ_NEXT(q, tailq)->id) {
 179                                 said = q->id + 1;
 180                                 break;
 181                         }
 182                 }
 183         }
 184
 185         p->id = said;
 186         if (q)
 187                 TAILQ_INSERT_AFTER(&satailq, q, p, tailq);
 188         else
 189                 TAILQ_INSERT_TAIL(&satailq, p, tailq);
 190         return p;
 191 }
 192
 193 void
 194 keydb_delsecasvar(struct secasvar *p)
 195 {
 196
 197         TAILQ_REMOVE(&satailq, p, tailq);
 198
 199         free(p, M_SECA);
 200 }
 201
 202 /*
 203  * secreplay management
 204  */
 205 struct secreplay *
 206 keydb_newsecreplay(size_t wsize)
 207 {
 208         struct secreplay *p;
 209
 210         p = (struct secreplay *)malloc(sizeof(*p), M_SECA, M_NOWAIT|M_ZERO);
 211         if (!p)
 212                 return p;
 213
 214         if (wsize != 0) {
 215                 p->bitmap = malloc(wsize, M_SECA, M_NOWAIT|M_ZERO);
 216                 if (!p->bitmap) {
 217                         free(p, M_SECA);
 218                         return NULL;
 219                 }
 220         }
 221         p->wsize = wsize;
 222         return p;
 223 }
 224
 225 void
 226 keydb_delsecreplay(struct secreplay *p)
 227 {
 228
 229         if (p->bitmap)
 230                 free(p->bitmap, M_SECA);
 231         free(p, M_SECA);
 232 }
 233
 234 /*
 235  * secreg management
 236  */
 237 struct secreg *
 238 keydb_newsecreg(void)
 239 {
 240         struct secreg *p;
 241
 242         p = (struct secreg *)malloc(sizeof(*p), M_SECA, M_NOWAIT|M_ZERO);
 243         return p;
 244 }
 245
 246 void
 247 keydb_delsecreg(struct secreg *p)
 248 {
 249
 250         free(p, M_SECA);
 251 }