]> git.saurik.com Git - apple/network_cmds.git/blob - racoon.tproj/pfkey.c
projects / apple / network_cmds.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
network_cmds-201.tar.gz
[apple/network_cmds.git] / racoon.tproj / pfkey.c
1 /* $KAME: pfkey.c,v 1.134 2002/06/04 05:20:27 itojun Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #define _PFKEY_C_
33
34 #include <sys/types.h>
35 #include <sys/param.h>
36 #include <sys/socket.h>
37 #include <sys/queue.h>
38
39 #include <net/route.h>
40 #include <net/pfkeyv2.h>
41 #include <netkey/key_debug.h>
42
43 #include <netinet/in.h>
44 #ifdef IPV6_INRIA_VERSION
45 #include <netinet/ipsec.h>
46 #else
47 #include <netinet6/ipsec.h>
48 #endif
49
50 #include <stdlib.h>
51 #include <string.h>
52 #include <stdio.h>
53 #include <netdb.h>
54 #include <errno.h>
55 #ifdef HAVE_UNISTD_H
56 #include <unistd.h>
57 #endif
58 #include <netdb.h>
59
60 #include "libpfkey.h"
61
62 #include "var.h"
63 #include "misc.h"
64 #include "vmbuf.h"
65 #include "plog.h"
66 #include "sockmisc.h"
67 #include "debug.h"
68
69 #include "schedule.h"
70 #include "localconf.h"
71 #include "remoteconf.h"
72 #include "isakmp_var.h"
73 #include "isakmp.h"
74 #include "isakmp_inf.h"
75 #include "isakmp_natd.h"
76 #include "ipsec_doi.h"
77 #include "oakley.h"
78 #include "pfkey.h"
79 #include "handler.h"
80 #include "policy.h"
81 #include "algorithm.h"
82 #include "sainfo.h"
83 #include "proposal.h"
84 #include "admin.h"
85 #include "strnames.h"
86 #include "backupsa.h"
87 #include "gcmalloc.h"
88 #ifndef HAVE_ARC4RANDOM
89 #include "arc4random.h"
90 #endif
91
92 /* prototype */
93 static u_int ipsecdoi2pfkey_aalg __P((u_int));
94 static u_int ipsecdoi2pfkey_ealg __P((u_int));
95 static u_int ipsecdoi2pfkey_calg __P((u_int));
96 static u_int ipsecdoi2pfkey_alg __P((u_int, u_int));
97 static u_int keylen_aalg __P((u_int));
98 static u_int keylen_ealg __P((u_int, int));
99
100 static int pk_recvgetspi __P((caddr_t *));
101 static int pk_recvupdate __P((caddr_t *));
102 static int pk_recvadd __P((caddr_t *));
103 static int pk_recvdelete __P((caddr_t *));
104 static int pk_recvacquire __P((caddr_t *));
105 static int pk_recvexpire __P((caddr_t *));
106 static int pk_recvflush __P((caddr_t *));
107 static int getsadbpolicy __P((caddr_t *, int *, int, struct ph2handle *));
108 static int pk_recvspdupdate __P((caddr_t *));
109 static int pk_recvspdadd __P((caddr_t *));
110 static int pk_recvspddelete __P((caddr_t *));
111 static int pk_recvspdexpire __P((caddr_t *));
112 static int pk_recvspdget __P((caddr_t *));
113 static int pk_recvspddump __P((caddr_t *));
114 static int pk_recvspdflush __P((caddr_t *));
115 static struct sadb_msg *pk_recv __P((int, int *));
116
117 static int (*pkrecvf[]) __P((caddr_t *)) = {
118 NULL,
119 pk_recvgetspi,
120 pk_recvupdate,
121 pk_recvadd,
122 pk_recvdelete,
123 NULL, /* SADB_GET */
124 pk_recvacquire,
125 NULL, /* SABD_REGISTER */
126 pk_recvexpire,
127 pk_recvflush,
128 NULL, /* SADB_DUMP */
129 NULL, /* SADB_X_PROMISC */
130 NULL, /* SADB_X_PCHANGE */
131 pk_recvspdupdate,
132 pk_recvspdadd,
133 pk_recvspddelete,
134 pk_recvspdget,
135 NULL, /* SADB_X_SPDACQUIRE */
136 pk_recvspddump,
137 pk_recvspdflush,
138 NULL, /* SADB_X_SPDSETIDX */
139 pk_recvspdexpire,
140 NULL, /* SADB_X_SPDDELETE2 */
141 };
142
143 static int addnewsp __P((caddr_t *));
144
145 /* cope with old kame headers - ugly */
146 #ifndef SADB_X_AALG_MD5
147 #define SADB_X_AALG_MD5 SADB_AALG_MD5
148 #endif
149 #ifndef SADB_X_AALG_SHA
150 #define SADB_X_AALG_SHA SADB_AALG_SHA
151 #endif
152 #ifndef SADB_X_AALG_NULL
153 #define SADB_X_AALG_NULL SADB_AALG_NULL
154 #endif
155
156 #ifndef SADB_X_EALG_BLOWFISHCBC
157 #define SADB_X_EALG_BLOWFISHCBC SADB_EALG_BLOWFISHCBC
158 #endif
159 #ifndef SADB_X_EALG_CAST128CBC
160 #define SADB_X_EALG_CAST128CBC SADB_EALG_CAST128CBC
161 #endif
162 #ifndef SADB_X_EALG_RC5CBC
163 #ifdef SADB_EALG_RC5CBC
164 #define SADB_X_EALG_RC5CBC SADB_EALG_RC5CBC
165 #endif
166 #endif
167
168 /*
169 * PF_KEY packet handler
170 * 0: success
171 * -1: fail
172 */
173 int
174 pfkey_handler()
175 {
176 struct sadb_msg *msg;
177 int len;
178 caddr_t mhp[SADB_EXT_MAX + 1];
179 int error = -1;
180
181 /* receive pfkey message. */
182 len = 0;
183 msg = (struct sadb_msg *)pk_recv(lcconf->sock_pfkey, &len);
184 if (msg == NULL) {
185 if (len < 0) {
186 plog(LLV_ERROR, LOCATION, NULL,
187 "failed to recv from pfkey (%s)\n",
188 strerror(errno));
189 goto end;
190 } else {
191 /* short message - msg not ready */
192 return 0;
193 }
194 }
195
196 plog(LLV_DEBUG, LOCATION, NULL, "get pfkey %s message\n",
197 s_pfkey_type(msg->sadb_msg_type));
198 plogdump(LLV_DEBUG2, msg, msg->sadb_msg_len << 3);
199
200 /* validity check */
201 if (msg->sadb_msg_errno) {
202 int pri;
203
204 /* when SPD is empty, treat the state as no error. */
205 if (msg->sadb_msg_type == SADB_X_SPDDUMP &&
206 msg->sadb_msg_errno == ENOENT)
207 pri = LLV_DEBUG;
208 else
209 pri = LLV_ERROR;
210
211 plog(pri, LOCATION, NULL,
212 "pfkey %s failed: %s\n",
213 s_pfkey_type(msg->sadb_msg_type),
214 strerror(msg->sadb_msg_errno));
215
216 goto end;
217 }
218
219 /* check pfkey message. */
220 if (pfkey_align(msg, mhp)) {
221 plog(LLV_ERROR, LOCATION, NULL,
222 "libipsec failed pfkey align (%s)\n",
223 ipsec_strerror());
224 goto end;
225 }
226 if (pfkey_check(mhp)) {
227 plog(LLV_ERROR, LOCATION, NULL,
228 "libipsec failed pfkey check (%s)\n",
229 ipsec_strerror());
230 goto end;
231 }
232 msg = (struct sadb_msg *)mhp[0];
233
234 if (pkrecvf[msg->sadb_msg_type] == NULL) {
235 plog(LLV_DEBUG, LOCATION, NULL,
236 "not supported command %s\n",
237 s_pfkey_type(msg->sadb_msg_type));
238 goto end;
239 }
240
241 if ((pkrecvf[msg->sadb_msg_type])(mhp) < 0)
242 goto end;
243
244 error = 0;
245 end:
246 if (msg)
247 racoon_free(msg);
248 return(error);
249 }
250
251 /*
252 * dump SADB
253 */
254 vchar_t *
255 pfkey_dump_sadb(satype)
256 int satype;
257 {
258 int s = -1;
259 vchar_t *buf = NULL;
260 pid_t pid = getpid();
261 struct sadb_msg *msg = NULL;
262 size_t bl, ml;
263 int len;
264
265 if ((s = pfkey_open()) < 0) {
266 plog(LLV_ERROR, LOCATION, NULL,
267 "libipsec failed pfkey open: %s\n",
268 ipsec_strerror());
269 return NULL;
270 }
271
272 plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_dump\n");
273 if (pfkey_send_dump(s, satype) < 0) {
274 plog(LLV_ERROR, LOCATION, NULL,
275 "libipsec failed dump: %s\n", ipsec_strerror());
276 goto fail;
277 }
278
279 while (1) {
280 if (msg)
281 racoon_free(msg);
282 msg = pk_recv(s, &len);
283 if (msg == NULL) {
284 if (len < 0)
285 goto done;
286 else
287 continue;
288 }
289
290 if (msg->sadb_msg_type != SADB_DUMP || msg->sadb_msg_pid != pid)
291 continue;
292
293 ml = msg->sadb_msg_len << 3;
294 bl = buf ? buf->l : 0;
295 buf = vrealloc(buf, bl + ml);
296 if (buf == NULL) {
297 plog(LLV_ERROR, LOCATION, NULL,
298 "failed to reallocate buffer to dump.\n");
299 goto fail;
300 }
301 memcpy(buf->v + bl, msg, ml);
302
303 if (msg->sadb_msg_seq == 0)
304 break;
305 }
306 goto done;
307
308 fail:
309 if (buf)
310 vfree(buf);
311 buf = NULL;
312 done:
313 if (msg)
314 racoon_free(msg);
315 if (s >= 0)
316 close(s);
317 return buf;
318 }
319
320 /*
321 * flush SADB
322 */
323 void
324 pfkey_flush_sadb(proto)
325 u_int proto;
326 {
327 int satype;
328
329 /* convert to SADB_SATYPE */
330 if ((satype = admin2pfkey_proto(proto)) < 0)
331 return;
332
333 plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_flush\n");
334 if (pfkey_send_flush(lcconf->sock_pfkey, satype) < 0) {
335 plog(LLV_ERROR, LOCATION, NULL,
336 "libipsec failed send flush (%s)\n", ipsec_strerror());
337 return;
338 }
339
340 return;
341 }
342
343 /*
344 * These are the SATYPEs that we manage. We register to get
345 * PF_KEY messages related to these SATYPEs, and we also use
346 * this list to determine which SATYPEs to delete SAs for when
347 * we receive an INITIAL-CONTACT.
348 */
349 const struct pfkey_satype pfkey_satypes[] = {
350 { SADB_SATYPE_AH, "AH" },
351 { SADB_SATYPE_ESP, "ESP" },
352 { SADB_X_SATYPE_IPCOMP, "IPCOMP" },
353 };
354 const int pfkey_nsatypes =
355 sizeof(pfkey_satypes) / sizeof(pfkey_satypes[0]);
356
357 /*
358 * PF_KEY initialization
359 */
360 int
361 pfkey_init()
362 {
363 int i, reg_fail;
364
365 if ((lcconf->sock_pfkey = pfkey_open()) < 0) {
366 plog(LLV_ERROR, LOCATION, NULL,
367 "libipsec failed pfkey open (%s)", ipsec_strerror());
368 return -1;
369 }
370
371 for (i = 0, reg_fail = 0; i < pfkey_nsatypes; i++) {
372 plog(LLV_DEBUG, LOCATION, NULL,
373 "call pfkey_send_register for %s\n",
374 pfkey_satypes[i].ps_name);
375 if (pfkey_send_register(lcconf->sock_pfkey,
376 pfkey_satypes[i].ps_satype) < 0 ||
377 pfkey_recv_register(lcconf->sock_pfkey) < 0) {
378 plog(LLV_WARNING, LOCATION, NULL,
379 "failed to register %s (%s)",
380 pfkey_satypes[i].ps_name,
381 ipsec_strerror());
382 reg_fail++;
383 }
384 }
385
386 if (reg_fail == pfkey_nsatypes) {
387 plog(LLV_ERROR, LOCATION, NULL,
388 "failed to regist any protocol.");
389 pfkey_close(lcconf->sock_pfkey);
390 return -1;
391 }
392
393 initsp();
394
395 if (pfkey_send_spddump(lcconf->sock_pfkey) < 0) {
396 plog(LLV_ERROR, LOCATION, NULL,
397 "libipsec sending spddump failed: %s",
398 ipsec_strerror());
399 pfkey_close(lcconf->sock_pfkey);
400 return -1;
401 }
402 #if 0
403 if (pfkey_promisc_toggle(1) < 0) {
404 pfkey_close(lcconf->sock_pfkey);
405 return -1;
406 }
407 #endif
408 return 0;
409 }
410
411 /* %%% for conversion */
412 /* IPSECDOI_ATTR_AUTH -> SADB_AALG */
413 static u_int
414 ipsecdoi2pfkey_aalg(hashtype)
415 u_int hashtype;
416 {
417 switch (hashtype) {
418 case IPSECDOI_ATTR_AUTH_HMAC_MD5:
419 return SADB_AALG_MD5HMAC;
420 case IPSECDOI_ATTR_AUTH_HMAC_SHA1:
421 return SADB_AALG_SHA1HMAC;
422 case IPSECDOI_ATTR_AUTH_KPDK: /* need special care */
423 return SADB_AALG_NONE;
424
425 /* not supported */
426 case IPSECDOI_ATTR_AUTH_DES_MAC:
427 plog(LLV_ERROR, LOCATION, NULL,
428 "Not supported hash type: %u\n", hashtype);
429 return ~0;
430
431 case 0: /* reserved */
432 default:
433 return SADB_AALG_NONE;
434
435 plog(LLV_ERROR, LOCATION, NULL,
436 "Invalid hash type: %u\n", hashtype);
437 return ~0;
438 }
439 /*NOTREACHED*/
440 }
441
442 /* IPSECDOI_ESP -> SADB_EALG */
443 static u_int
444 ipsecdoi2pfkey_ealg(t_id)
445 u_int t_id;
446 {
447 switch (t_id) {
448 case IPSECDOI_ESP_DES_IV64: /* sa_flags |= SADB_X_EXT_OLD */
449 return SADB_EALG_DESCBC;
450 case IPSECDOI_ESP_DES:
451 return SADB_EALG_DESCBC;
452 case IPSECDOI_ESP_3DES:
453 return SADB_EALG_3DESCBC;
454 #ifdef SADB_X_EALG_RC5CBC
455 case IPSECDOI_ESP_RC5:
456 return SADB_X_EALG_RC5CBC;
457 #endif
458 case IPSECDOI_ESP_CAST:
459 return SADB_X_EALG_CAST128CBC;
460 case IPSECDOI_ESP_BLOWFISH:
461 return SADB_X_EALG_BLOWFISHCBC;
462 case IPSECDOI_ESP_DES_IV32: /* flags |= (SADB_X_EXT_OLD|
463 SADB_X_EXT_IV4B)*/
464 return SADB_EALG_DESCBC;
465 case IPSECDOI_ESP_NULL:
466 return SADB_EALG_NULL;
467 #ifdef SADB_X_EALG_RIJNDAELCBC
468 case IPSECDOI_ESP_RIJNDAEL:
469 return SADB_X_EALG_RIJNDAELCBC;
470 #endif
471 #ifdef SADB_X_EALG_TWOFISHCBC
472 case IPSECDOI_ESP_TWOFISH:
473 return SADB_X_EALG_TWOFISHCBC;
474 #endif
475
476 /* not supported */
477 case IPSECDOI_ESP_3IDEA:
478 case IPSECDOI_ESP_IDEA:
479 case IPSECDOI_ESP_RC4:
480 plog(LLV_ERROR, LOCATION, NULL,
481 "Not supported transform: %u\n", t_id);
482 return ~0;
483
484 case 0: /* reserved */
485 default:
486 plog(LLV_ERROR, LOCATION, NULL,
487 "Invalid transform id: %u\n", t_id);
488 return ~0;
489 }
490 /*NOTREACHED*/
491 }
492
493 /* IPCOMP -> SADB_CALG */
494 static u_int
495 ipsecdoi2pfkey_calg(t_id)
496 u_int t_id;
497 {
498 switch (t_id) {
499 case IPSECDOI_IPCOMP_OUI:
500 return SADB_X_CALG_OUI;
501 case IPSECDOI_IPCOMP_DEFLATE:
502 return SADB_X_CALG_DEFLATE;
503 case IPSECDOI_IPCOMP_LZS:
504 return SADB_X_CALG_LZS;
505
506 case 0: /* reserved */
507 default:
508 plog(LLV_ERROR, LOCATION, NULL,
509 "Invalid transform id: %u\n", t_id);
510 return ~0;
511 }
512 /*NOTREACHED*/
513 }
514
515 /* IPSECDOI_PROTO -> SADB_SATYPE */
516 u_int
517 ipsecdoi2pfkey_proto(proto)
518 u_int proto;
519 {
520 switch (proto) {
521 case IPSECDOI_PROTO_IPSEC_AH:
522 return SADB_SATYPE_AH;
523 case IPSECDOI_PROTO_IPSEC_ESP:
524 return SADB_SATYPE_ESP;
525 case IPSECDOI_PROTO_IPCOMP:
526 return SADB_X_SATYPE_IPCOMP;
527
528 default:
529 plog(LLV_ERROR, LOCATION, NULL,
530 "Invalid ipsec_doi proto: %u\n", proto);
531 return ~0;
532 }
533 /*NOTREACHED*/
534 }
535
536 static u_int
537 ipsecdoi2pfkey_alg(algclass, type)
538 u_int algclass, type;
539 {
540 switch (algclass) {
541 case IPSECDOI_ATTR_AUTH:
542 return ipsecdoi2pfkey_aalg(type);
543 case IPSECDOI_PROTO_IPSEC_ESP:
544 return ipsecdoi2pfkey_ealg(type);
545 case IPSECDOI_PROTO_IPCOMP:
546 return ipsecdoi2pfkey_calg(type);
547 default:
548 plog(LLV_ERROR, LOCATION, NULL,
549 "Invalid ipsec_doi algclass: %u\n", algclass);
550 return ~0;
551 }
552 /*NOTREACHED*/
553 }
554
555 /* SADB_SATYPE -> IPSECDOI_PROTO */
556 u_int
557 pfkey2ipsecdoi_proto(satype)
558 u_int satype;
559 {
560 switch (satype) {
561 case SADB_SATYPE_AH:
562 return IPSECDOI_PROTO_IPSEC_AH;
563 case SADB_SATYPE_ESP:
564 return IPSECDOI_PROTO_IPSEC_ESP;
565 case SADB_X_SATYPE_IPCOMP:
566 return IPSECDOI_PROTO_IPCOMP;
567
568 default:
569 plog(LLV_ERROR, LOCATION, NULL,
570 "Invalid pfkey proto: %u\n", satype);
571 return ~0;
572 }
573 /*NOTREACHED*/
574 }
575
576 /* IPSECDOI_ATTR_ENC_MODE -> IPSEC_MODE */
577 u_int
578 ipsecdoi2pfkey_mode(mode)
579 u_int mode;
580 {
581 switch (mode) {
582 case IPSECDOI_ATTR_ENC_MODE_TUNNEL:
583 case IPSECDOI_ATTR_ENC_MODE_UDP_TUNNEL:
584 return IPSEC_MODE_TUNNEL;
585 case IPSECDOI_ATTR_ENC_MODE_TRNS:
586 case IPSECDOI_ATTR_ENC_MODE_UDP_TRNS:
587 return IPSEC_MODE_TRANSPORT;
588 default:
589 plog(LLV_ERROR, LOCATION, NULL, "Invalid mode type: %u\n", mode);
590 return ~0;
591 }
592 /*NOTREACHED*/
593 }
594
595 /* IPSECDOI_ATTR_ENC_MODE -> IPSEC_MODE */
596 u_int
597 pfkey2ipsecdoi_mode(mode, hasnat)
598 u_int mode;
599 int hasnat;
600 {
601 switch (mode) {
602 case IPSEC_MODE_TUNNEL:
603 return hasnat == 0 ? IPSECDOI_ATTR_ENC_MODE_TUNNEL : IPSECDOI_ATTR_ENC_MODE_UDP_TUNNEL;
604 case IPSEC_MODE_TRANSPORT:
605 return hasnat == 0 ? IPSECDOI_ATTR_ENC_MODE_TRNS : IPSECDOI_ATTR_ENC_MODE_UDP_TRNS;
606 case IPSEC_MODE_ANY:
607 return IPSECDOI_ATTR_ENC_MODE_ANY;
608 default:
609 plog(LLV_ERROR, LOCATION, NULL, "Invalid mode type: %u\n", mode);
610 return ~0;
611 }
612 /*NOTREACHED*/
613 }
614
615 /* default key length for encryption algorithm */
616 static u_int
617 keylen_aalg(hashtype)
618 u_int hashtype;
619 {
620 int res;
621
622 if (hashtype == 0)
623 return SADB_AALG_NONE;
624
625 res = alg_ipsec_hmacdef_hashlen(hashtype);
626 if (res == -1) {
627 plog(LLV_ERROR, LOCATION, NULL,
628 "invalid hmac algorithm %u.\n", hashtype);
629 return ~0;
630 }
631 return res;
632 }
633
634 /* default key length for encryption algorithm */
635 static u_int
636 keylen_ealg(enctype, encklen)
637 u_int enctype;
638 int encklen;
639 {
640 int res;
641
642 res = alg_ipsec_encdef_keylen(enctype, encklen);
643 if (res == -1) {
644 plog(LLV_ERROR, LOCATION, NULL,
645 "invalid encryption algorithm %u.\n", enctype);
646 return ~0;
647 }
648 return res;
649 }
650
651 int
652 pfkey_convertfromipsecdoi(proto_id, t_id, hashtype,
653 e_type, e_keylen, a_type, a_keylen, flags)
654 u_int proto_id;
655 u_int t_id;
656 u_int hashtype;
657 u_int *e_type;
658 u_int *e_keylen;
659 u_int *a_type;
660 u_int *a_keylen;
661 u_int *flags;
662 {
663 *flags = 0;
664 switch (proto_id) {
665 case IPSECDOI_PROTO_IPSEC_ESP:
666 if ((*e_type = ipsecdoi2pfkey_ealg(t_id)) == ~0)
667 goto bad;
668 if ((*e_keylen = keylen_ealg(t_id, *e_keylen)) == ~0)
669 goto bad;
670 *e_keylen >>= 3;
671
672 if ((*a_type = ipsecdoi2pfkey_aalg(hashtype)) == ~0)
673 goto bad;
674 if ((*a_keylen = keylen_aalg(hashtype)) == ~0)
675 goto bad;
676 *a_keylen >>= 3;
677
678 if (*e_type == SADB_EALG_NONE) {
679 plog(LLV_ERROR, LOCATION, NULL, "no ESP algorithm.\n");
680 goto bad;
681 }
682 break;
683
684 case IPSECDOI_PROTO_IPSEC_AH:
685 if ((*a_type = ipsecdoi2pfkey_aalg(hashtype)) == ~0)
686 goto bad;
687 if ((*a_keylen = keylen_aalg(hashtype)) == ~0)
688 goto bad;
689 *a_keylen >>= 3;
690
691 if (t_id == IPSECDOI_ATTR_AUTH_HMAC_MD5
692 && hashtype == IPSECDOI_ATTR_AUTH_KPDK) {
693 /* AH_MD5 + Auth(KPDK) = RFC1826 keyed-MD5 */
694 *a_type = SADB_X_AALG_MD5;
695 *flags |= SADB_X_EXT_OLD;
696 }
697 *e_type = SADB_EALG_NONE;
698 *e_keylen = 0;
699 if (*a_type == SADB_AALG_NONE) {
700 plog(LLV_ERROR, LOCATION, NULL, "no AH algorithm.\n");
701 goto bad;
702 }
703 break;
704
705 case IPSECDOI_PROTO_IPCOMP:
706 if ((*e_type = ipsecdoi2pfkey_calg(t_id)) == ~0)
707 goto bad;
708 *e_keylen = 0;
709
710 *flags = SADB_X_EXT_RAWCPI;
711
712 *a_type = SADB_AALG_NONE;
713 *a_keylen = 0;
714 if (*e_type == SADB_X_CALG_NONE) {
715 plog(LLV_ERROR, LOCATION, NULL, "no IPCOMP algorithm.\n");
716 goto bad;
717 }
718 break;
719
720 default:
721 plog(LLV_ERROR, LOCATION, NULL, "unknown IPsec protocol.\n");
722 goto bad;
723 }
724
725 return 0;
726
727 bad:
728 errno = EINVAL;
729 return -1;
730 }
731
732 /* called from scheduler */
733 void
734 pfkey_timeover_stub(p)
735 void *p;
736 {
737
738 pfkey_timeover((struct ph2handle *)p);
739 }
740
741 void
742 pfkey_timeover(iph2)
743 struct ph2handle *iph2;
744 {
745 plog(LLV_ERROR, LOCATION, NULL,
746 "%s give up to get IPsec-SA due to time up to wait.\n",
747 saddrwop2str(iph2->dst));
748 SCHED_KILL(iph2->sce);
749
750 /* If initiator side, send error to kernel by SADB_ACQUIRE. */
751 if (iph2->side == INITIATOR)
752 pk_sendeacquire(iph2);
753
754 unbindph12(iph2);
755 remph2(iph2);
756 delph2(iph2);
757
758 return;
759 }
760
761 /*%%%*/
762 /* send getspi message per ipsec protocol per remote address */
763 /*
764 * the local address and remote address in ph1handle are dealed
765 * with destination address and source address respectively.
766 * Because SPI is decided by responder.
767 */
768 int
769 pk_sendgetspi(iph2)
770 struct ph2handle *iph2;
771 {
772 u_int satype, mode;
773 struct saprop *pp;
774 struct saproto *pr;
775
776 pp = iph2->side == INITIATOR
777 ? iph2->proposal
778 : iph2->approval;
779
780 for (pr = pp->head; pr != NULL; pr = pr->next) {
781
782 /* validity check */
783 satype = ipsecdoi2pfkey_proto(pr->proto_id);
784 if (satype == ~0) {
785 plog(LLV_ERROR, LOCATION, NULL,
786 "invalid proto_id %d\n", pr->proto_id);
787 return -1;
788 }
789 mode = ipsecdoi2pfkey_mode(pr->encmode);
790 if (mode == ~0) {
791 plog(LLV_ERROR, LOCATION, NULL,
792 "invalid encmode %d\n", pr->encmode);
793 return -1;
794 }
795
796 plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_getspi\n");
797 if (pfkey_send_getspi(
798 lcconf->sock_pfkey,
799 satype,
800 mode,
801 iph2->dst, /* src of SA */
802 iph2->src, /* dst of SA */
803 0, 0, pr->reqid_in, iph2->seq) < 0) {
804 plog(LLV_ERROR, LOCATION, NULL,
805 "ipseclib failed send getspi (%s)\n",
806 ipsec_strerror());
807 return -1;
808 }
809 plog(LLV_DEBUG, LOCATION, NULL,
810 "pfkey GETSPI sent: %s\n",
811 sadbsecas2str(iph2->dst, iph2->src, satype, 0, mode));
812 }
813
814 return 0;
815 }
816
817 /*
818 * receive GETSPI from kernel.
819 */
820 static int
821 pk_recvgetspi(mhp)
822 caddr_t *mhp;
823 {
824 struct sadb_msg *msg;
825 struct sadb_sa *sa;
826 struct ph2handle *iph2;
827 struct sockaddr *dst;
828 int proto_id;
829 int allspiok, notfound;
830 struct saprop *pp;
831 struct saproto *pr;
832
833 /* validity check */
834 if (mhp[SADB_EXT_SA] == NULL
835 || mhp[SADB_EXT_ADDRESS_DST] == NULL) {
836 plog(LLV_ERROR, LOCATION, NULL,
837 "inappropriate sadb getspi message passed.\n");
838 return -1;
839 }
840 msg = (struct sadb_msg *)mhp[0];
841 sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
842 dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]); /* note SA dir */
843
844 /* the message has to be processed or not ? */
845 if (msg->sadb_msg_pid != getpid()) {
846 plog(LLV_DEBUG, LOCATION, NULL,
847 "%s message is not interesting "
848 "because pid %d is not mine.\n",
849 s_pfkey_type(msg->sadb_msg_type),
850 msg->sadb_msg_pid);
851 return -1;
852 }
853
854 iph2 = getph2byseq(msg->sadb_msg_seq);
855 if (iph2 == NULL) {
856 plog(LLV_DEBUG, LOCATION, NULL,
857 "seq %d of %s message not interesting.\n",
858 msg->sadb_msg_seq,
859 s_pfkey_type(msg->sadb_msg_type));
860 return -1;
861 }
862
863 if (iph2->status != PHASE2ST_GETSPISENT) {
864 plog(LLV_ERROR, LOCATION, NULL,
865 "status mismatch (db:%d msg:%d)\n",
866 iph2->status, PHASE2ST_GETSPISENT);
867 return -1;
868 }
869
870 /* set SPI, and check to get all spi whether or not */
871 allspiok = 1;
872 notfound = 1;
873 proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
874 pp = iph2->side == INITIATOR ? iph2->proposal : iph2->approval;
875
876 for (pr = pp->head; pr != NULL; pr = pr->next) {
877 if (pr->proto_id == proto_id && pr->spi == 0) {
878 pr->spi = sa->sadb_sa_spi;
879 notfound = 0;
880 plog(LLV_DEBUG, LOCATION, NULL,
881 "pfkey GETSPI succeeded: %s\n",
882 sadbsecas2str(iph2->dst, iph2->src,
883 msg->sadb_msg_satype,
884 sa->sadb_sa_spi,
885 ipsecdoi2pfkey_mode(pr->encmode)));
886 }
887 if (pr->spi == 0)
888 allspiok = 0; /* not get all spi */
889 }
890
891 if (notfound) {
892 plog(LLV_ERROR, LOCATION, NULL,
893 "get spi for unknown address %s\n",
894 saddrwop2str(iph2->dst));
895 return -1;
896 }
897
898 if (allspiok) {
899 /* update status */
900 iph2->status = PHASE2ST_GETSPIDONE;
901 if (isakmp_post_getspi(iph2) < 0) {
902 plog(LLV_ERROR, LOCATION, NULL,
903 "failed to start post getspi.\n");
904 unbindph12(iph2);
905 remph2(iph2);
906 delph2(iph2);
907 iph2 = NULL;
908 return -1;
909 }
910 }
911
912 return 0;
913 }
914
915 /*
916 * set inbound SA
917 */
918 int
919 pk_sendupdate(iph2)
920 struct ph2handle *iph2;
921 {
922 struct saproto *pr;
923 struct sockaddr *src = NULL, *dst = NULL;
924 int e_type, e_keylen, a_type, a_keylen, flags;
925 u_int satype, mode;
926 u_int64_t lifebyte = 0;
927 u_short port = 0;
928
929 /* sanity check */
930 if (iph2->approval == NULL) {
931 plog(LLV_ERROR, LOCATION, NULL,
932 "no approvaled SAs found.\n");
933 }
934
935 /* for mobile IPv6 */
936 if (iph2->ph1->rmconf->support_mip6 && iph2->src_id && iph2->dst_id) {
937 src = iph2->src_id;
938 dst = iph2->dst_id;
939 } else {
940 src = iph2->src;
941 dst = iph2->dst;
942 }
943
944 for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
945 /* validity check */
946 satype = ipsecdoi2pfkey_proto(pr->proto_id);
947 if (satype == ~0) {
948 plog(LLV_ERROR, LOCATION, NULL,
949 "invalid proto_id %d\n", pr->proto_id);
950 return -1;
951 }
952 #ifdef ENABLE_SAMODE_UNSPECIFIED
953 mode = IPSEC_MODE_ANY;
954 #else
955 mode = ipsecdoi2pfkey_mode(pr->encmode);
956 if (mode == ~0) {
957 plog(LLV_ERROR, LOCATION, NULL,
958 "invalid encmode %d\n", pr->encmode);
959 return -1;
960 }
961 #endif
962
963 /* set algorithm type and key length */
964 e_keylen = pr->head->encklen;
965 if (pfkey_convertfromipsecdoi(
966 pr->proto_id,
967 pr->head->trns_id,
968 pr->head->authtype,
969 &e_type, &e_keylen,
970 &a_type, &a_keylen, &flags) < 0)
971 return -1;
972
973 #ifdef IKE_NAT_T
974 if ((pr->encmode == IPSECDOI_ATTR_ENC_MODE_UDP_TUNNEL ||
975 pr->encmode == IPSECDOI_ATTR_ENC_MODE_UDP_TRNS) &&
976 iph2->ph1->remote->sa_family == AF_INET)
977 {
978 flags |= SADB_X_EXT_NATT;
979 port = ((struct sockaddr_in*)iph2->ph1->remote)->sin_port;
980 }
981 #endif
982
983 #if 0
984 lifebyte = iph2->approval->lifebyte * 1024,
985 #else
986 lifebyte = 0;
987 #endif
988
989 plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_update\n");
990
991 if (pfkey_send_update(
992 lcconf->sock_pfkey,
993 satype,
994 mode,
995 iph2->dst,
996 iph2->src,
997 pr->spi,
998 pr->reqid_in,
999 4, /* XXX static size of window */
1000 pr->keymat->v,
1001 e_type, e_keylen, a_type, a_keylen, flags,
1002 0, lifebyte, iph2->approval->lifetime, 0,
1003 iph2->seq, port) < 0) {
1004 plog(LLV_ERROR, LOCATION, NULL,
1005 "libipsec failed send update (%s)\n",
1006 ipsec_strerror());
1007 return -1;
1008 }
1009
1010 if (!lcconf->pathinfo[LC_PATHTYPE_BACKUPSA])
1011 continue;
1012
1013 /*
1014 * It maybe good idea to call backupsa_to_file() after
1015 * racoon will receive the sadb_update messages.
1016 * But it is impossible because there is not key in the
1017 * information from the kernel.
1018 */
1019 if (backupsa_to_file(satype, mode, iph2->dst, iph2->src,
1020 pr->spi, pr->reqid_in, 4,
1021 pr->keymat->v,
1022 e_type, e_keylen, a_type, a_keylen, flags,
1023 0, iph2->approval->lifebyte * 1024,
1024 iph2->approval->lifetime, 0,
1025 iph2->seq) < 0) {
1026 plog(LLV_ERROR, LOCATION, NULL,
1027 "backuped SA failed: %s\n",
1028 sadbsecas2str(iph2->dst, iph2->src,
1029 satype, pr->spi, mode));
1030 }
1031 plog(LLV_DEBUG, LOCATION, NULL,
1032 "backuped SA: %s\n",
1033 sadbsecas2str(iph2->dst, iph2->src,
1034 satype, pr->spi, mode));
1035 }
1036
1037 return 0;
1038 }
1039
1040 static int
1041 pk_recvupdate(mhp)
1042 caddr_t *mhp;
1043 {
1044 struct sadb_msg *msg;
1045 struct sadb_sa *sa;
1046 struct sockaddr *src, *dst;
1047 struct ph2handle *iph2;
1048 u_int proto_id, encmode, sa_mode;
1049 int incomplete = 0;
1050 struct saproto *pr;
1051
1052 /* ignore this message because of local test mode. */
1053 if (f_local)
1054 return 0;
1055
1056 /* sanity check */
1057 if (mhp[0] == NULL
1058 || mhp[SADB_EXT_SA] == NULL
1059 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1060 || mhp[SADB_EXT_ADDRESS_DST] == NULL) {
1061 plog(LLV_ERROR, LOCATION, NULL,
1062 "inappropriate sadb update message passed.\n");
1063 return -1;
1064 }
1065 msg = (struct sadb_msg *)mhp[0];
1066 src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1067 dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1068 sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
1069
1070 sa_mode = mhp[SADB_X_EXT_SA2] == NULL
1071 ? IPSEC_MODE_ANY
1072 : ((struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
1073
1074 /* the message has to be processed or not ? */
1075 if (msg->sadb_msg_pid != getpid()) {
1076 plog(LLV_DEBUG, LOCATION, NULL,
1077 "%s message is not interesting "
1078 "because pid %d is not mine.\n",
1079 s_pfkey_type(msg->sadb_msg_type),
1080 msg->sadb_msg_pid);
1081 return -1;
1082 }
1083
1084 iph2 = getph2byseq(msg->sadb_msg_seq);
1085 if (iph2 == NULL) {
1086 plog(LLV_DEBUG, LOCATION, NULL,
1087 "seq %d of %s message not interesting.\n",
1088 msg->sadb_msg_seq,
1089 s_pfkey_type(msg->sadb_msg_type));
1090 return -1;
1091 }
1092
1093 if (iph2->status != PHASE2ST_ADDSA) {
1094 plog(LLV_ERROR, LOCATION, NULL,
1095 "status mismatch (db:%d msg:%d)\n",
1096 iph2->status, PHASE2ST_ADDSA);
1097 return -1;
1098 }
1099
1100 /* check to complete all keys ? */
1101 for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
1102 proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
1103 if (proto_id == ~0) {
1104 plog(LLV_ERROR, LOCATION, NULL,
1105 "invalid proto_id %d\n", msg->sadb_msg_satype);
1106 return -1;
1107 }
1108 encmode = pfkey2ipsecdoi_mode(sa_mode, iph2->ph1 && natd_hasnat(iph2->ph1));
1109 if (encmode == ~0) {
1110 plog(LLV_ERROR, LOCATION, NULL,
1111 "invalid encmode %d\n", sa_mode);
1112 return -1;
1113 }
1114
1115 if (pr->proto_id == proto_id
1116 && pr->spi == sa->sadb_sa_spi) {
1117 pr->ok = 1;
1118 plog(LLV_DEBUG, LOCATION, NULL,
1119 "pfkey UPDATE succeeded: %s\n",
1120 sadbsecas2str(iph2->dst, iph2->src,
1121 msg->sadb_msg_satype,
1122 sa->sadb_sa_spi,
1123 sa_mode));
1124
1125 plog(LLV_INFO, LOCATION, NULL,
1126 "IPsec-SA established: %s\n",
1127 sadbsecas2str(iph2->dst, iph2->src,
1128 msg->sadb_msg_satype, sa->sadb_sa_spi,
1129 sa_mode));
1130 }
1131
1132 if (pr->ok == 0)
1133 incomplete = 1;
1134 }
1135
1136 if (incomplete)
1137 return 0;
1138
1139 /* turn off the timer for calling pfkey_timeover() */
1140 SCHED_KILL(iph2->sce);
1141
1142 /* update status */
1143 iph2->status = PHASE2ST_ESTABLISHED;
1144
1145 #ifdef ENABLE_STATS
1146 gettimeofday(&iph2->end, NULL);
1147 syslog(LOG_NOTICE, "%s(%s): %8.6f",
1148 "phase2", "quick", timedelta(&iph2->start, &iph2->end));
1149 #endif
1150
1151 /* count up */
1152 iph2->ph1->ph2cnt++;
1153
1154 /*
1155 * since we are going to reuse the phase2 handler, we need to
1156 * remain it and refresh all the references between ph1 and ph2 to use.
1157 */
1158 unbindph12(iph2);
1159
1160 iph2->sce = sched_new(iph2->approval->lifetime,
1161 isakmp_ph2expire_stub, iph2);
1162
1163 plog(LLV_DEBUG, LOCATION, NULL, "===\n");
1164 return 0;
1165 }
1166
1167 /*
1168 * set outbound SA
1169 */
1170 int
1171 pk_sendadd(iph2)
1172 struct ph2handle *iph2;
1173 {
1174 struct saproto *pr;
1175 struct sockaddr *src = NULL, *dst = NULL;
1176 int e_type, e_keylen, a_type, a_keylen, flags;
1177 u_int satype, mode;
1178 u_int64_t lifebyte = 0;
1179 u_short port = 0;
1180
1181 /* sanity check */
1182 if (iph2->approval == NULL) {
1183 plog(LLV_ERROR, LOCATION, NULL,
1184 "no approvaled SAs found.\n");
1185 }
1186
1187 /* for mobile IPv6 */
1188 if (iph2->ph1->rmconf->support_mip6 && iph2->src_id && iph2->dst_id) {
1189 src = iph2->src_id;
1190 dst = iph2->dst_id;
1191 } else {
1192 src = iph2->src;
1193 dst = iph2->dst;
1194 }
1195
1196 for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
1197 /* validity check */
1198 satype = ipsecdoi2pfkey_proto(pr->proto_id);
1199 if (satype == ~0) {
1200 plog(LLV_ERROR, LOCATION, NULL,
1201 "invalid proto_id %d\n", pr->proto_id);
1202 return -1;
1203 }
1204 #ifdef ENABLE_SAMODE_UNSPECIFIED
1205 mode = IPSEC_MODE_ANY;
1206 #else
1207 mode = ipsecdoi2pfkey_mode(pr->encmode);
1208 if (mode == ~0) {
1209 plog(LLV_ERROR, LOCATION, NULL,
1210 "invalid encmode %d\n", pr->encmode);
1211 return -1;
1212 }
1213 #endif
1214
1215 /* set algorithm type and key length */
1216 e_keylen = pr->head->encklen;
1217 if (pfkey_convertfromipsecdoi(
1218 pr->proto_id,
1219 pr->head->trns_id,
1220 pr->head->authtype,
1221 &e_type, &e_keylen,
1222 &a_type, &a_keylen, &flags) < 0)
1223 return -1;
1224
1225 #ifdef IKE_NAT_T
1226 if ((pr->encmode == IPSECDOI_ATTR_ENC_MODE_UDP_TUNNEL ||
1227 pr->encmode == IPSECDOI_ATTR_ENC_MODE_UDP_TRNS) &&
1228 iph2->ph1->remote->sa_family == AF_INET)
1229 {
1230 flags |= SADB_X_EXT_NATT;
1231 port = ((struct sockaddr_in*)iph2->ph1->remote)->sin_port;
1232
1233 /* If we're the side behind the NAT, send keepalives */
1234 if ((iph2->ph1->natt_flags & natt_no_local_nat) == 0)
1235 flags |= SADB_X_EXT_NATT_KEEPALIVE;
1236 }
1237 #endif
1238
1239 #if 0
1240 lifebyte = iph2->approval->lifebyte * 1024,
1241 #else
1242 lifebyte = 0;
1243 #endif
1244
1245 plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_add\n");
1246
1247 if (pfkey_send_add(
1248 lcconf->sock_pfkey,
1249 satype,
1250 mode,
1251 iph2->src,
1252 iph2->dst,
1253 pr->spi_p,
1254 pr->reqid_out,
1255 4, /* XXX static size of window */
1256 pr->keymat_p->v,
1257 e_type, e_keylen, a_type, a_keylen, flags,
1258 0, lifebyte, iph2->approval->lifetime, 0,
1259 iph2->seq, port) < 0) {
1260 plog(LLV_ERROR, LOCATION, NULL,
1261 "libipsec failed send add (%s)\n",
1262 ipsec_strerror());
1263 return -1;
1264 }
1265
1266 if (!lcconf->pathinfo[LC_PATHTYPE_BACKUPSA])
1267 continue;
1268
1269 /*
1270 * It maybe good idea to call backupsa_to_file() after
1271 * racoon will receive the sadb_update messages.
1272 * But it is impossible because there is not key in the
1273 * information from the kernel.
1274 */
1275 if (backupsa_to_file(satype, mode, iph2->src, iph2->dst,
1276 pr->spi_p, pr->reqid_out, 4,
1277 pr->keymat_p->v,
1278 e_type, e_keylen, a_type, a_keylen, flags,
1279 0, iph2->approval->lifebyte * 1024,
1280 iph2->approval->lifetime, 0,
1281 iph2->seq) < 0) {
1282 plog(LLV_ERROR, LOCATION, NULL,
1283 "backuped SA failed: %s\n",
1284 sadbsecas2str(iph2->src, iph2->dst,
1285 satype, pr->spi_p, mode));
1286 }
1287 plog(LLV_DEBUG, LOCATION, NULL,
1288 "backuped SA: %s\n",
1289 sadbsecas2str(iph2->src, iph2->dst,
1290 satype, pr->spi_p, mode));
1291 }
1292
1293 return 0;
1294 }
1295
1296 static int
1297 pk_recvadd(mhp)
1298 caddr_t *mhp;
1299 {
1300 struct sadb_msg *msg;
1301 struct sadb_sa *sa;
1302 struct sockaddr *src, *dst;
1303 struct ph2handle *iph2;
1304 u_int sa_mode;
1305
1306 /* ignore this message because of local test mode. */
1307 if (f_local)
1308 return 0;
1309
1310 /* sanity check */
1311 if (mhp[0] == NULL
1312 || mhp[SADB_EXT_SA] == NULL
1313 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1314 || mhp[SADB_EXT_ADDRESS_DST] == NULL) {
1315 plog(LLV_ERROR, LOCATION, NULL,
1316 "inappropriate sadb add message passed.\n");
1317 return -1;
1318 }
1319 msg = (struct sadb_msg *)mhp[0];
1320 src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1321 dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1322 sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
1323
1324 sa_mode = mhp[SADB_X_EXT_SA2] == NULL
1325 ? IPSEC_MODE_ANY
1326 : ((struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
1327
1328 /* the message has to be processed or not ? */
1329 if (msg->sadb_msg_pid != getpid()) {
1330 plog(LLV_DEBUG, LOCATION, NULL,
1331 "%s message is not interesting "
1332 "because pid %d is not mine.\n",
1333 s_pfkey_type(msg->sadb_msg_type),
1334 msg->sadb_msg_pid);
1335 return -1;
1336 }
1337
1338 iph2 = getph2byseq(msg->sadb_msg_seq);
1339 if (iph2 == NULL) {
1340 plog(LLV_DEBUG, LOCATION, NULL,
1341 "seq %d of %s message not interesting.\n",
1342 msg->sadb_msg_seq,
1343 s_pfkey_type(msg->sadb_msg_type));
1344 return -1;
1345 }
1346
1347 /*
1348 * NOTE don't update any status of phase2 handle
1349 * because they must be updated by SADB_UPDATE message
1350 */
1351
1352 plog(LLV_INFO, LOCATION, NULL,
1353 "IPsec-SA established: %s\n",
1354 sadbsecas2str(iph2->src, iph2->dst,
1355 msg->sadb_msg_satype, sa->sadb_sa_spi, sa_mode));
1356
1357 plog(LLV_DEBUG, LOCATION, NULL, "===\n");
1358 return 0;
1359 }
1360
1361 static int
1362 pk_recvexpire(mhp)
1363 caddr_t *mhp;
1364 {
1365 struct sadb_msg *msg;
1366 struct sadb_sa *sa;
1367 struct sockaddr *src, *dst;
1368 struct ph2handle *iph2;
1369 u_int proto_id, sa_mode;
1370
1371 /* sanity check */
1372 if (mhp[0] == NULL
1373 || mhp[SADB_EXT_SA] == NULL
1374 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1375 || mhp[SADB_EXT_ADDRESS_DST] == NULL
1376 || (mhp[SADB_EXT_LIFETIME_HARD] != NULL
1377 && mhp[SADB_EXT_LIFETIME_SOFT] != NULL)) {
1378 plog(LLV_ERROR, LOCATION, NULL,
1379 "inappropriate sadb expire message passed.\n");
1380 return -1;
1381 }
1382 msg = (struct sadb_msg *)mhp[0];
1383 sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
1384 src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1385 dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1386
1387 sa_mode = mhp[SADB_X_EXT_SA2] == NULL
1388 ? IPSEC_MODE_ANY
1389 : ((struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
1390
1391 proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
1392 if (proto_id == ~0) {
1393 plog(LLV_ERROR, LOCATION, NULL,
1394 "invalid proto_id %d\n", msg->sadb_msg_satype);
1395 return -1;
1396 }
1397
1398 plog(LLV_INFO, LOCATION, NULL,
1399 "IPsec-SA expired: %s\n",
1400 sadbsecas2str(src, dst,
1401 msg->sadb_msg_satype, sa->sadb_sa_spi, sa_mode));
1402
1403 iph2 = getph2bysaidx(src, dst, proto_id, sa->sadb_sa_spi);
1404 if (iph2 == NULL) {
1405 /*
1406 * Ignore it because two expire messages are come up.
1407 * phase2 handler has been deleted already when 2nd message
1408 * is received.
1409 */
1410 plog(LLV_DEBUG, LOCATION, NULL,
1411 "no such a SA found: %s\n",
1412 sadbsecas2str(src, dst,
1413 msg->sadb_msg_satype, sa->sadb_sa_spi,
1414 sa_mode));
1415 return 0;
1416 }
1417 if (iph2->status != PHASE2ST_ESTABLISHED) {
1418 /*
1419 * If the status is not equal to PHASE2ST_ESTABLISHED,
1420 * racoon ignores this expire message. There are two reason.
1421 * One is that the phase 2 probably starts because there is
1422 * a potential that racoon receives the acquire message
1423 * without receiving a expire message. Another is that racoon
1424 * may receive the multiple expire messages from the kernel.
1425 */
1426 plog(LLV_WARNING, LOCATION, NULL,
1427 "the expire message is received "
1428 "but the handler has not been established.\n");
1429 return 0;
1430 }
1431
1432 /* turn off the timer for calling isakmp_ph2expire() */
1433 SCHED_KILL(iph2->sce);
1434
1435 iph2->status = PHASE2ST_EXPIRED;
1436
1437 /* INITIATOR, begin phase 2 exchange. */
1438 /* allocate buffer for status management of pfkey message */
1439 if (iph2->side == INITIATOR) {
1440
1441 initph2(iph2);
1442
1443 /* update status for re-use */
1444 iph2->status = PHASE2ST_STATUS2;
1445
1446 /* start isakmp initiation by using ident exchange */
1447 if (isakmp_post_acquire(iph2) < 0) {
1448 plog(LLV_ERROR, LOCATION, iph2->dst,
1449 "failed to begin ipsec sa "
1450 "re-negotication.\n");
1451 unbindph12(iph2);
1452 remph2(iph2);
1453 delph2(iph2);
1454 return -1;
1455 }
1456
1457 return 0;
1458 /*NOTREACHED*/
1459 }
1460
1461 /* If not received SADB_EXPIRE, INITIATOR delete ph2handle. */
1462 /* RESPONDER always delete ph2handle, keep silent. RESPONDER doesn't
1463 * manage IPsec SA, so delete the list */
1464 unbindph12(iph2);
1465 remph2(iph2);
1466 delph2(iph2);
1467
1468 return 0;
1469 }
1470
1471 static int
1472 pk_recvacquire(mhp)
1473 caddr_t *mhp;
1474 {
1475 struct sadb_msg *msg;
1476 struct sadb_x_policy *xpl;
1477 struct secpolicy *sp_out = NULL, *sp_in = NULL;
1478 #define MAXNESTEDSA 5 /* XXX */
1479 struct ph2handle *iph2[MAXNESTEDSA];
1480 int n; /* # of phase 2 handler */
1481
1482 /* ignore this message because of local test mode. */
1483 if (f_local)
1484 return 0;
1485
1486 /* sanity check */
1487 if (mhp[0] == NULL
1488 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1489 || mhp[SADB_EXT_ADDRESS_DST] == NULL
1490 || mhp[SADB_X_EXT_POLICY] == NULL) {
1491 plog(LLV_ERROR, LOCATION, NULL,
1492 "inappropriate sadb acquire message passed.\n");
1493 return -1;
1494 }
1495 msg = (struct sadb_msg *)mhp[0];
1496 xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
1497
1498 /* ignore if type is not IPSEC_POLICY_IPSEC */
1499 if (xpl->sadb_x_policy_type != IPSEC_POLICY_IPSEC) {
1500 plog(LLV_DEBUG, LOCATION, NULL,
1501 "ignore SPDGET message. type is not IPsec.\n");
1502 return 0;
1503 }
1504
1505 /* ignore it if src is multicast address */
1506 {
1507 struct sockaddr *sa = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1508
1509 if ((sa->sa_family == AF_INET
1510 && IN_MULTICAST(ntohl(((struct sockaddr_in *)sa)->sin_addr.s_addr)))
1511 #ifdef INET6
1512 || (sa->sa_family == AF_INET6
1513 && IN6_IS_ADDR_MULTICAST(&((struct sockaddr_in6 *)sa)->sin6_addr))
1514 #endif
1515 ) {
1516 plog(LLV_DEBUG, LOCATION, NULL,
1517 "ignore due to multicast address: %s.\n",
1518 saddrwop2str(sa));
1519 return 0;
1520 }
1521 }
1522
1523 /*
1524 * If there is a phase 2 handler against the policy identifier in
1525 * the acquire message, and if
1526 * 1. its state is less than PHASE2ST_ESTABLISHED, then racoon
1527 * should ignore such a acquire message because the phase 2
1528 * is just negotiating.
1529 * 2. its state is equal to PHASE2ST_ESTABLISHED, then racoon
1530 * has to prcesss such a acquire message because racoon may
1531 * lost the expire message.
1532 */
1533 iph2[0] = getph2byspid(xpl->sadb_x_policy_id);
1534 if (iph2[0] != NULL) {
1535 if (iph2[0]->status < PHASE2ST_ESTABLISHED) {
1536 plog(LLV_DEBUG, LOCATION, NULL,
1537 "ignore the acquire because ph2 found\n");
1538 return -1;
1539 }
1540 if (iph2[0]->status == PHASE2ST_EXPIRED)
1541 iph2[0] = NULL;
1542 /*FALLTHROUGH*/
1543 }
1544
1545 /* search for proper policyindex */
1546 sp_out = getspbyspid(xpl->sadb_x_policy_id);
1547 if (sp_out == NULL) {
1548 plog(LLV_ERROR, LOCATION, NULL, "no policy found: id:%d.\n",
1549 xpl->sadb_x_policy_id);
1550 return -1;
1551 }
1552 plog(LLV_DEBUG, LOCATION, NULL,
1553 "suitable outbound SP found: %s.\n", spidx2str(&sp_out->spidx));
1554
1555 /* get inbound policy */
1556 {
1557 struct policyindex spidx;
1558
1559 spidx.dir = IPSEC_DIR_INBOUND;
1560 memcpy(&spidx.src, &sp_out->spidx.dst, sizeof(spidx.src));
1561 memcpy(&spidx.dst, &sp_out->spidx.src, sizeof(spidx.dst));
1562 spidx.prefs = sp_out->spidx.prefd;
1563 spidx.prefd = sp_out->spidx.prefs;
1564 spidx.ul_proto = sp_out->spidx.ul_proto;
1565
1566 sp_in = getsp(&spidx);
1567 if (sp_in) {
1568 plog(LLV_DEBUG, LOCATION, NULL,
1569 "suitable inbound SP found: %s.\n",
1570 spidx2str(&sp_in->spidx));
1571 } else {
1572 plog(LLV_NOTIFY, LOCATION, NULL,
1573 "no in-bound policy found: %s\n",
1574 spidx2str(&spidx));
1575 }
1576 }
1577
1578 memset(iph2, 0, MAXNESTEDSA);
1579
1580 n = 0;
1581
1582 /* allocate a phase 2 */
1583 iph2[n] = newph2();
1584 if (iph2[n] == NULL) {
1585 plog(LLV_ERROR, LOCATION, NULL,
1586 "failed to allocate phase2 entry.\n");
1587 return -1;
1588 }
1589 iph2[n]->side = INITIATOR;
1590 iph2[n]->spid = xpl->sadb_x_policy_id;
1591 iph2[n]->satype = msg->sadb_msg_satype;
1592 iph2[n]->seq = msg->sadb_msg_seq;
1593 iph2[n]->status = PHASE2ST_STATUS2;
1594
1595 /* set end addresses of SA */
1596 iph2[n]->dst = dupsaddr(PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]));
1597 if (iph2[n]->dst == NULL) {
1598 delph2(iph2[n]);
1599 return -1;
1600 }
1601 iph2[n]->src = dupsaddr(PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]));
1602 if (iph2[n]->src == NULL) {
1603 delph2(iph2[n]);
1604 return -1;
1605 }
1606
1607 plog(LLV_DEBUG, LOCATION, NULL,
1608 "new acquire %s\n", spidx2str(&sp_out->spidx));
1609
1610 /* get sainfo */
1611 {
1612 vchar_t *idsrc, *iddst;
1613
1614 idsrc = ipsecdoi_sockaddr2id((struct sockaddr *)&sp_out->spidx.src,
1615 sp_out->spidx.prefs, sp_out->spidx.ul_proto);
1616 if (idsrc == NULL) {
1617 plog(LLV_ERROR, LOCATION, NULL,
1618 "failed to get ID for %s\n",
1619 spidx2str(&sp_out->spidx));
1620 delph2(iph2[n]);
1621 return -1;
1622 }
1623 iddst = ipsecdoi_sockaddr2id((struct sockaddr *)&sp_out->spidx.dst,
1624 sp_out->spidx.prefd, sp_out->spidx.ul_proto);
1625 if (iddst == NULL) {
1626 plog(LLV_ERROR, LOCATION, NULL,
1627 "failed to get ID for %s\n",
1628 spidx2str(&sp_out->spidx));
1629 vfree(idsrc);
1630 delph2(iph2[n]);
1631 return -1;
1632 }
1633 iph2[n]->sainfo = getsainfo(idsrc, iddst);
1634 vfree(idsrc);
1635 vfree(iddst);
1636 if (iph2[n]->sainfo == NULL) {
1637 plog(LLV_ERROR, LOCATION, NULL,
1638 "failed to get sainfo.\n");
1639 delph2(iph2[n]);
1640 return -1;
1641 /* XXX should use the algorithm list from register message */
1642 }
1643 }
1644
1645 if (set_proposal_from_policy(iph2[n], sp_out, sp_in) < 0) {
1646 plog(LLV_ERROR, LOCATION, NULL,
1647 "failed to create saprop.\n");
1648 delph2(iph2[n]);
1649 return -1;
1650 }
1651 insph2(iph2[n]);
1652
1653 /* start isakmp initiation by using ident exchange */
1654 /* XXX should be looped if there are multiple phase 2 handler. */
1655 if (isakmp_post_acquire(iph2[n]) < 0) {
1656 plog(LLV_ERROR, LOCATION, NULL,
1657 "failed to begin ipsec sa negotication.\n");
1658 goto err;
1659 }
1660
1661 return 0;
1662
1663 err:
1664 while (n >= 0) {
1665 unbindph12(iph2[n]);
1666 remph2(iph2[n]);
1667 delph2(iph2[n]);
1668 iph2[n] = NULL;
1669 n--;
1670 }
1671 return -1;
1672 }
1673
1674 static int
1675 pk_recvdelete(mhp)
1676 caddr_t *mhp;
1677 {
1678 struct sadb_msg *msg;
1679 struct sadb_sa *sa;
1680 struct sockaddr *src, *dst;
1681 struct ph2handle *iph2 = NULL;
1682 u_int proto_id;
1683
1684 /* ignore this message because of local test mode. */
1685 if (f_local)
1686 return 0;
1687
1688 /* sanity check */
1689 if (mhp[0] == NULL
1690 || mhp[SADB_EXT_SA] == NULL
1691 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1692 || mhp[SADB_EXT_ADDRESS_DST] == NULL) {
1693 plog(LLV_ERROR, LOCATION, NULL,
1694 "inappropriate sadb acquire message passed.\n");
1695 return -1;
1696 }
1697 msg = (struct sadb_msg *)mhp[0];
1698 sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
1699 src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
1700 dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
1701
1702 /* the message has to be processed or not ? */
1703 if (msg->sadb_msg_pid == getpid()) {
1704 plog(LLV_DEBUG, LOCATION, NULL,
1705 "%s message is not interesting "
1706 "because the message was originated by me.\n",
1707 s_pfkey_type(msg->sadb_msg_type),
1708 msg->sadb_msg_pid);
1709 return -1;
1710 }
1711
1712 proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
1713 if (proto_id == ~0) {
1714 plog(LLV_ERROR, LOCATION, NULL,
1715 "invalid proto_id %d\n", msg->sadb_msg_satype);
1716 return -1;
1717 }
1718
1719 iph2 = getph2bysaidx(src, dst, proto_id, sa->sadb_sa_spi);
1720 if (iph2 == NULL) {
1721 /* ignore */
1722 plog(LLV_ERROR, LOCATION, NULL,
1723 "no iph2 found: %s\n",
1724 sadbsecas2str(src, dst, msg->sadb_msg_satype,
1725 sa->sadb_sa_spi, IPSEC_MODE_ANY));
1726 return 0;
1727 }
1728
1729 plog(LLV_ERROR, LOCATION, NULL,
1730 "pfkey DELETE received: %s\n",
1731 sadbsecas2str(iph2->src, iph2->dst,
1732 msg->sadb_msg_satype, sa->sadb_sa_spi, IPSEC_MODE_ANY));
1733
1734 /* send delete information */
1735 if (iph2->status == PHASE2ST_ESTABLISHED)
1736 isakmp_info_send_d2(iph2);
1737
1738 unbindph12(iph2);
1739 remph2(iph2);
1740 delph2(iph2);
1741
1742 return 0;
1743 }
1744
1745 static int
1746 pk_recvflush(mhp)
1747 caddr_t *mhp;
1748 {
1749 /* ignore this message because of local test mode. */
1750 if (f_local)
1751 return 0;
1752
1753 /* sanity check */
1754 if (mhp[0] == NULL) {
1755 plog(LLV_ERROR, LOCATION, NULL,
1756 "inappropriate sadb acquire message passed.\n");
1757 return -1;
1758 }
1759
1760 flushph2();
1761
1762 return 0;
1763 }
1764
1765 static int
1766 getsadbpolicy(policy0, policylen0, type, iph2)
1767 caddr_t *policy0;
1768 int *policylen0, type;
1769 struct ph2handle *iph2;
1770 {
1771 struct policyindex *spidx = (struct policyindex *)iph2->spidx_gen;
1772 struct sadb_x_policy *xpl;
1773 struct sadb_x_ipsecrequest *xisr;
1774 struct saproto *pr;
1775 caddr_t policy, p;
1776 int policylen;
1777 int xisrlen;
1778 u_int satype, mode;
1779
1780 /* get policy buffer size */
1781 policylen = sizeof(struct sadb_x_policy);
1782 if (type != SADB_X_SPDDELETE) {
1783 for (pr = iph2->approval->head; pr; pr = pr->next) {
1784 xisrlen = sizeof(*xisr);
1785 if (pr->encmode == IPSECDOI_ATTR_ENC_MODE_TUNNEL ||
1786 pr->encmode == IPSECDOI_ATTR_ENC_MODE_UDP_TUNNEL) {
1787 xisrlen += (iph2->src->sa_len
1788 + iph2->dst->sa_len);
1789 }
1790
1791 policylen += PFKEY_ALIGN8(xisrlen);
1792 }
1793 }
1794
1795 /* make policy structure */
1796 policy = racoon_malloc(policylen);
1797 if (!policy) {
1798 plog(LLV_ERROR, LOCATION, NULL,
1799 "buffer allocation failed.\n");
1800 return -1;
1801 }
1802
1803 xpl = (struct sadb_x_policy *)policy;
1804 xpl->sadb_x_policy_len = PFKEY_UNIT64(policylen);
1805 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
1806 xpl->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
1807 xpl->sadb_x_policy_dir = spidx->dir;
1808 xpl->sadb_x_policy_id = 0;
1809
1810 /* no need to append policy information any more if type is SPDDELETE */
1811 if (type == SADB_X_SPDDELETE)
1812 goto end;
1813
1814 xisr = (struct sadb_x_ipsecrequest *)(xpl + 1);
1815
1816 for (pr = iph2->approval->head; pr; pr = pr->next) {
1817
1818 satype = doi2ipproto(pr->proto_id);
1819 if (satype == ~0) {
1820 plog(LLV_ERROR, LOCATION, NULL,
1821 "invalid proto_id %d\n", pr->proto_id);
1822 goto err;
1823 }
1824 mode = ipsecdoi2pfkey_mode(pr->encmode);
1825 if (mode == ~0) {
1826 plog(LLV_ERROR, LOCATION, NULL,
1827 "invalid encmode %d\n", pr->encmode);
1828 goto err;
1829 }
1830
1831 /*
1832 * the policy level cannot be unique because the policy
1833 * is defined later than SA, so req_id cannot be bound to SA.
1834 */
1835 xisr->sadb_x_ipsecrequest_proto = satype;
1836 xisr->sadb_x_ipsecrequest_mode = mode;
1837 xisr->sadb_x_ipsecrequest_level = IPSEC_LEVEL_REQUIRE;
1838 xisr->sadb_x_ipsecrequest_reqid = 0;
1839 p = (caddr_t)(xisr + 1);
1840
1841 xisrlen = sizeof(*xisr);
1842
1843 if (pr->encmode == IPSECDOI_ATTR_ENC_MODE_TUNNEL ||
1844 pr->encmode == IPSECDOI_ATTR_ENC_MODE_UDP_TUNNEL) {
1845 xisrlen += (iph2->src->sa_len + iph2->dst->sa_len);
1846
1847 memcpy(p, iph2->src, iph2->src->sa_len);
1848 p += iph2->src->sa_len;
1849
1850 memcpy(p, iph2->dst, iph2->dst->sa_len);
1851 p += iph2->dst->sa_len;
1852 }
1853
1854 xisr->sadb_x_ipsecrequest_len = PFKEY_ALIGN8(xisrlen);
1855 }
1856
1857 end:
1858 *policy0 = policy;
1859 *policylen0 = policylen;
1860
1861 return 0;
1862
1863 err:
1864 if (policy)
1865 racoon_free(policy);
1866
1867 return -1;
1868 }
1869
1870 int
1871 pk_sendspdupdate2(iph2)
1872 struct ph2handle *iph2;
1873 {
1874 struct policyindex *spidx = (struct policyindex *)iph2->spidx_gen;
1875 caddr_t policy = NULL;
1876 int policylen = 0;
1877 u_int64_t ltime, vtime;
1878
1879 ltime = iph2->approval->lifetime;
1880 vtime = 0;
1881
1882 if (getsadbpolicy(&policy, &policylen, SADB_X_SPDUPDATE, iph2)) {
1883 plog(LLV_ERROR, LOCATION, NULL,
1884 "getting sadb policy failed.\n");
1885 return -1;
1886 }
1887
1888 if (pfkey_send_spdupdate2(
1889 lcconf->sock_pfkey,
1890 (struct sockaddr *)&spidx->src,
1891 spidx->prefs,
1892 (struct sockaddr *)&spidx->dst,
1893 spidx->prefd,
1894 spidx->ul_proto,
1895 ltime, vtime,
1896 policy, policylen, 0) < 0) {
1897 plog(LLV_ERROR, LOCATION, NULL,
1898 "libipsec failed send spdupdate2 (%s)\n",
1899 ipsec_strerror());
1900 goto end;
1901 }
1902 plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_spdupdate2\n");
1903
1904 end:
1905 if (policy)
1906 racoon_free(policy);
1907
1908 return 0;
1909 }
1910
1911 static int
1912 pk_recvspdupdate(mhp)
1913 caddr_t *mhp;
1914 {
1915 /* sanity check */
1916 if (mhp[0] == NULL) {
1917 plog(LLV_ERROR, LOCATION, NULL,
1918 "inappropriate sadb spdupdate message passed.\n");
1919 return -1;
1920 }
1921
1922 return 0;
1923 }
1924
1925 /*
1926 * this function has to be used by responder side.
1927 */
1928 int
1929 pk_sendspdadd2(iph2)
1930 struct ph2handle *iph2;
1931 {
1932 struct policyindex *spidx = (struct policyindex *)iph2->spidx_gen;
1933 caddr_t policy = NULL;
1934 int policylen = 0;
1935 u_int64_t ltime, vtime;
1936
1937 ltime = iph2->approval->lifetime;
1938 vtime = 0;
1939
1940 if (getsadbpolicy(&policy, &policylen, SADB_X_SPDADD, iph2)) {
1941 plog(LLV_ERROR, LOCATION, NULL,
1942 "getting sadb policy failed.\n");
1943 return -1;
1944 }
1945
1946 if (pfkey_send_spdadd2(
1947 lcconf->sock_pfkey,
1948 (struct sockaddr *)&spidx->src,
1949 spidx->prefs,
1950 (struct sockaddr *)&spidx->dst,
1951 spidx->prefd,
1952 spidx->ul_proto,
1953 ltime, vtime,
1954 policy, policylen, 0) < 0) {
1955 plog(LLV_ERROR, LOCATION, NULL,
1956 "libipsec failed send spdadd2 (%s)\n",
1957 ipsec_strerror());
1958 goto end;
1959 }
1960 plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_spdadd2\n");
1961
1962 end:
1963 if (policy)
1964 racoon_free(policy);
1965
1966 return 0;
1967 }
1968
1969 static int
1970 pk_recvspdadd(mhp)
1971 caddr_t *mhp;
1972 {
1973 struct sadb_address *saddr, *daddr;
1974 struct sadb_x_policy *xpl;
1975 struct policyindex spidx;
1976 struct secpolicy *sp;
1977
1978 /* sanity check */
1979 if (mhp[0] == NULL
1980 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
1981 || mhp[SADB_EXT_ADDRESS_DST] == NULL
1982 || mhp[SADB_X_EXT_POLICY] == NULL) {
1983 plog(LLV_ERROR, LOCATION, NULL,
1984 "inappropriate sadb spdadd message passed.\n");
1985 return -1;
1986 }
1987 saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
1988 daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
1989 xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
1990
1991 KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
1992 saddr + 1,
1993 daddr + 1,
1994 saddr->sadb_address_prefixlen,
1995 daddr->sadb_address_prefixlen,
1996 saddr->sadb_address_proto,
1997 &spidx);
1998
1999 sp = getsp(&spidx);
2000 if (sp != NULL) {
2001 plog(LLV_ERROR, LOCATION, NULL,
2002 "such policy already exists. "
2003 "anyway replace it: %s\n",
2004 spidx2str(&spidx));
2005 remsp(sp);
2006 delsp(sp);
2007 }
2008
2009 if (addnewsp(mhp) < 0)
2010 return -1;
2011
2012 return 0;
2013 }
2014
2015 /*
2016 * this function has to be used by responder side.
2017 */
2018 int
2019 pk_sendspddelete(iph2)
2020 struct ph2handle *iph2;
2021 {
2022 struct policyindex *spidx = (struct policyindex *)iph2->spidx_gen;
2023 caddr_t policy = NULL;
2024 int policylen;
2025
2026 if (getsadbpolicy(&policy, &policylen, SADB_X_SPDDELETE, iph2)) {
2027 plog(LLV_ERROR, LOCATION, NULL,
2028 "getting sadb policy failed.\n");
2029 return -1;
2030 }
2031
2032 if (pfkey_send_spddelete(
2033 lcconf->sock_pfkey,
2034 (struct sockaddr *)&spidx->src,
2035 spidx->prefs,
2036 (struct sockaddr *)&spidx->dst,
2037 spidx->prefd,
2038 spidx->ul_proto,
2039 policy, policylen, 0) < 0) {
2040 plog(LLV_ERROR, LOCATION, NULL,
2041 "libipsec failed send spddelete (%s)\n",
2042 ipsec_strerror());
2043 goto end;
2044 }
2045 plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_spddelete\n");
2046
2047 end:
2048 if (policy)
2049 racoon_free(policy);
2050
2051 return 0;
2052 }
2053
2054 static int
2055 pk_recvspddelete(mhp)
2056 caddr_t *mhp;
2057 {
2058 struct sadb_address *saddr, *daddr;
2059 struct sadb_x_policy *xpl;
2060 struct policyindex spidx;
2061 struct secpolicy *sp;
2062
2063 /* sanity check */
2064 if (mhp[0] == NULL
2065 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
2066 || mhp[SADB_EXT_ADDRESS_DST] == NULL
2067 || mhp[SADB_X_EXT_POLICY] == NULL) {
2068 plog(LLV_ERROR, LOCATION, NULL,
2069 "inappropriate sadb spddelete message passed.\n");
2070 return -1;
2071 }
2072 saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2073 daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2074 xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2075
2076 KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2077 saddr + 1,
2078 daddr + 1,
2079 saddr->sadb_address_prefixlen,
2080 daddr->sadb_address_prefixlen,
2081 saddr->sadb_address_proto,
2082 &spidx);
2083
2084 sp = getsp(&spidx);
2085 if (sp == NULL) {
2086 plog(LLV_ERROR, LOCATION, NULL,
2087 "no policy found: %s\n",
2088 spidx2str(&spidx));
2089 return -1;
2090 }
2091
2092 remsp(sp);
2093 delsp(sp);
2094
2095 return 0;
2096 }
2097
2098 static int
2099 pk_recvspdexpire(mhp)
2100 caddr_t *mhp;
2101 {
2102 struct sadb_address *saddr, *daddr;
2103 struct sadb_x_policy *xpl;
2104 struct policyindex spidx;
2105 struct secpolicy *sp;
2106
2107 /* sanity check */
2108 if (mhp[0] == NULL
2109 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
2110 || mhp[SADB_EXT_ADDRESS_DST] == NULL
2111 || mhp[SADB_X_EXT_POLICY] == NULL) {
2112 plog(LLV_ERROR, LOCATION, NULL,
2113 "inappropriate sadb spdexpire message passed.\n");
2114 return -1;
2115 }
2116 saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2117 daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2118 xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2119
2120 KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2121 saddr + 1,
2122 daddr + 1,
2123 saddr->sadb_address_prefixlen,
2124 daddr->sadb_address_prefixlen,
2125 saddr->sadb_address_proto,
2126 &spidx);
2127
2128 sp = getsp(&spidx);
2129 if (sp == NULL) {
2130 plog(LLV_ERROR, LOCATION, NULL,
2131 "no policy found: %s\n",
2132 spidx2str(&spidx));
2133 return -1;
2134 }
2135
2136 remsp(sp);
2137 delsp(sp);
2138
2139 return 0;
2140 }
2141
2142 static int
2143 pk_recvspdget(mhp)
2144 caddr_t *mhp;
2145 {
2146 /* sanity check */
2147 if (mhp[0] == NULL) {
2148 plog(LLV_ERROR, LOCATION, NULL,
2149 "inappropriate sadb spdget message passed.\n");
2150 return -1;
2151 }
2152
2153 return 0;
2154 }
2155
2156 static int
2157 pk_recvspddump(mhp)
2158 caddr_t *mhp;
2159 {
2160 struct sadb_msg *msg;
2161 struct sadb_address *saddr, *daddr;
2162 struct sadb_x_policy *xpl;
2163 struct policyindex spidx;
2164 struct secpolicy *sp;
2165
2166 /* sanity check */
2167 if (mhp[0] == NULL) {
2168 plog(LLV_ERROR, LOCATION, NULL,
2169 "inappropriate sadb spddump message passed.\n");
2170 return -1;
2171 }
2172 msg = (struct sadb_msg *)mhp[0];
2173
2174 saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2175 daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2176 xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2177
2178 KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2179 saddr + 1,
2180 daddr + 1,
2181 saddr->sadb_address_prefixlen,
2182 daddr->sadb_address_prefixlen,
2183 saddr->sadb_address_proto,
2184 &spidx);
2185
2186 sp = getsp(&spidx);
2187 if (sp != NULL) {
2188 plog(LLV_ERROR, LOCATION, NULL,
2189 "such policy already exists. "
2190 "anyway replace it: %s\n",
2191 spidx2str(&spidx));
2192 remsp(sp);
2193 delsp(sp);
2194 }
2195
2196 if (addnewsp(mhp) < 0)
2197 return -1;
2198
2199 return 0;
2200 }
2201
2202 static int
2203 pk_recvspdflush(mhp)
2204 caddr_t *mhp;
2205 {
2206 /* sanity check */
2207 if (mhp[0] == NULL) {
2208 plog(LLV_ERROR, LOCATION, NULL,
2209 "inappropriate sadb spdflush message passed.\n");
2210 return -1;
2211 }
2212
2213 flushsp();
2214
2215 return 0;
2216 }
2217
2218 /*
2219 * send error against acquire message to kenrel.
2220 */
2221 int
2222 pk_sendeacquire(iph2)
2223 struct ph2handle *iph2;
2224 {
2225 struct sadb_msg *newmsg;
2226 int len;
2227
2228 len = sizeof(struct sadb_msg);
2229 newmsg = racoon_calloc(1, len);
2230 if (newmsg == NULL) {
2231 plog(LLV_ERROR, LOCATION, NULL,
2232 "failed to get buffer to send acquire.\n");
2233 return -1;
2234 }
2235
2236 memset(newmsg, 0, len);
2237 newmsg->sadb_msg_version = PF_KEY_V2;
2238 newmsg->sadb_msg_type = SADB_ACQUIRE;
2239 newmsg->sadb_msg_errno = ENOENT; /* XXX */
2240 newmsg->sadb_msg_satype = iph2->satype;
2241 newmsg->sadb_msg_len = PFKEY_UNIT64(len);
2242 newmsg->sadb_msg_reserved = 0;
2243 newmsg->sadb_msg_seq = iph2->seq;
2244 newmsg->sadb_msg_pid = (u_int32_t)getpid();
2245
2246 /* send message */
2247 len = pfkey_send(lcconf->sock_pfkey, newmsg, len);
2248
2249 racoon_free(newmsg);
2250
2251 return 0;
2252 }
2253
2254 /*
2255 * check if the algorithm is supported or not.
2256 * OUT 0: ok
2257 * -1: ng
2258 */
2259 int
2260 pk_checkalg(class, calg, keylen)
2261 int class, calg, keylen;
2262 {
2263 int sup, error;
2264 u_int alg;
2265 struct sadb_alg alg0;
2266
2267 switch (algclass2doi(class)) {
2268 case IPSECDOI_PROTO_IPSEC_ESP:
2269 sup = SADB_EXT_SUPPORTED_ENCRYPT;
2270 break;
2271 case IPSECDOI_ATTR_AUTH:
2272 sup = SADB_EXT_SUPPORTED_AUTH;
2273 break;
2274 case IPSECDOI_PROTO_IPCOMP:
2275 plog(LLV_DEBUG, LOCATION, NULL,
2276 "compression algorithm can not be checked "
2277 "because sadb message doesn't support it.\n");
2278 return 0;
2279 default:
2280 plog(LLV_ERROR, LOCATION, NULL,
2281 "invalid algorithm class.\n");
2282 return -1;
2283 }
2284 alg = ipsecdoi2pfkey_alg(algclass2doi(class), algtype2doi(class, calg));
2285 if (alg == ~0)
2286 return -1;
2287
2288 if (keylen == 0) {
2289 if (ipsec_get_keylen(sup, alg, &alg0)) {
2290 plog(LLV_ERROR, LOCATION, NULL,
2291 "%s.\n", ipsec_strerror());
2292 return -1;
2293 }
2294 keylen = alg0.sadb_alg_minbits;
2295 }
2296
2297 error = ipsec_check_keylen(sup, alg, keylen);
2298 if (error)
2299 plog(LLV_ERROR, LOCATION, NULL,
2300 "%s.\n", ipsec_strerror());
2301
2302 return error;
2303 }
2304
2305 /*
2306 * differences with pfkey_recv() in libipsec/pfkey.c:
2307 * - never performs busy wait loop.
2308 * - returns NULL and set *lenp to negative on fatal failures
2309 * - returns NULL and set *lenp to non-negative on non-fatal failures
2310 * - returns non-NULL on success
2311 */
2312 static struct sadb_msg *
2313 pk_recv(so, lenp)
2314 int so;
2315 int *lenp;
2316 {
2317 struct sadb_msg buf, *newmsg;
2318 int reallen;
2319
2320 *lenp = recv(so, (caddr_t)&buf, sizeof(buf), MSG_PEEK);
2321 if (*lenp < 0)
2322 return NULL; /*fatal*/
2323 else if (*lenp < sizeof(buf))
2324 return NULL;
2325
2326 reallen = PFKEY_UNUNIT64(buf.sadb_msg_len);
2327 if ((newmsg = racoon_calloc(1, reallen)) == NULL)
2328 return NULL;
2329
2330 *lenp = recv(so, (caddr_t)newmsg, reallen, MSG_PEEK);
2331 if (*lenp < 0) {
2332 racoon_free(newmsg);
2333 return NULL; /*fatal*/
2334 } else if (*lenp != reallen) {
2335 racoon_free(newmsg);
2336 return NULL;
2337 }
2338
2339 *lenp = recv(so, (caddr_t)newmsg, reallen, 0);
2340 if (*lenp < 0) {
2341 racoon_free(newmsg);
2342 return NULL; /*fatal*/
2343 } else if (*lenp != reallen) {
2344 racoon_free(newmsg);
2345 return NULL;
2346 }
2347
2348 return newmsg;
2349 }
2350
2351 /* see handler.h */
2352 u_int32_t
2353 pk_getseq()
2354 {
2355 return arc4random();
2356 }
2357
2358 static int
2359 addnewsp(mhp)
2360 caddr_t *mhp;
2361 {
2362 struct secpolicy *new;
2363 struct sadb_address *saddr, *daddr;
2364 struct sadb_x_policy *xpl;
2365
2366 /* sanity check */
2367 if (mhp[SADB_EXT_ADDRESS_SRC] == NULL
2368 || mhp[SADB_EXT_ADDRESS_DST] == NULL
2369 || mhp[SADB_X_EXT_POLICY] == NULL) {
2370 plog(LLV_ERROR, LOCATION, NULL,
2371 "inappropriate sadb spd management message passed.\n");
2372 return -1;
2373 }
2374
2375 saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
2376 daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
2377 xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
2378
2379 new = newsp();
2380 if (new == NULL) {
2381 plog(LLV_ERROR, LOCATION, NULL,
2382 "failed to allocate buffer\n");
2383 return -1;
2384 }
2385
2386 new->spidx.dir = xpl->sadb_x_policy_dir;
2387 new->id = xpl->sadb_x_policy_id;
2388 new->policy = xpl->sadb_x_policy_type;
2389 new->req = NULL;
2390
2391 /* check policy */
2392 switch (xpl->sadb_x_policy_type) {
2393 case IPSEC_POLICY_DISCARD:
2394 case IPSEC_POLICY_NONE:
2395 case IPSEC_POLICY_ENTRUST:
2396 case IPSEC_POLICY_BYPASS:
2397 break;
2398
2399 case IPSEC_POLICY_IPSEC:
2400 {
2401 int tlen;
2402 struct sadb_x_ipsecrequest *xisr;
2403 struct ipsecrequest **p_isr = &new->req;
2404
2405 /* validity check */
2406 if (PFKEY_EXTLEN(xpl) < sizeof(*xpl)) {
2407 plog(LLV_ERROR, LOCATION, NULL,
2408 "invalid msg length.\n");
2409 return -1;
2410 }
2411
2412 tlen = PFKEY_EXTLEN(xpl) - sizeof(*xpl);
2413 xisr = (struct sadb_x_ipsecrequest *)(xpl + 1);
2414
2415 while (tlen > 0) {
2416
2417 /* length check */
2418 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
2419 plog(LLV_ERROR, LOCATION, NULL,
2420 "invalid msg length.\n");
2421 return -1;
2422 }
2423
2424 /* allocate request buffer */
2425 *p_isr = newipsecreq();
2426 if (*p_isr == NULL) {
2427 plog(LLV_ERROR, LOCATION, NULL,
2428 "failed to get new ipsecreq.\n");
2429 return -1;
2430 }
2431
2432 /* set values */
2433 (*p_isr)->next = NULL;
2434
2435 switch (xisr->sadb_x_ipsecrequest_proto) {
2436 case IPPROTO_ESP:
2437 case IPPROTO_AH:
2438 case IPPROTO_IPCOMP:
2439 break;
2440 default:
2441 plog(LLV_ERROR, LOCATION, NULL,
2442 "invalid proto type: %u\n",
2443 xisr->sadb_x_ipsecrequest_proto);
2444 return -1;
2445 }
2446 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
2447
2448 switch (xisr->sadb_x_ipsecrequest_mode) {
2449 case IPSEC_MODE_TRANSPORT:
2450 case IPSEC_MODE_TUNNEL:
2451 break;
2452 case IPSEC_MODE_ANY:
2453 default:
2454 plog(LLV_ERROR, LOCATION, NULL,
2455 "invalid mode: %u\n",
2456 xisr->sadb_x_ipsecrequest_mode);
2457 return -1;
2458 }
2459 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
2460
2461 switch (xisr->sadb_x_ipsecrequest_level) {
2462 case IPSEC_LEVEL_DEFAULT:
2463 case IPSEC_LEVEL_USE:
2464 case IPSEC_LEVEL_REQUIRE:
2465 break;
2466 case IPSEC_LEVEL_UNIQUE:
2467 (*p_isr)->saidx.reqid =
2468 xisr->sadb_x_ipsecrequest_reqid;
2469 break;
2470
2471 default:
2472 plog(LLV_ERROR, LOCATION, NULL,
2473 "invalid level: %u\n",
2474 xisr->sadb_x_ipsecrequest_level);
2475 return -1;
2476 }
2477 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
2478
2479 /* set IP addresses if there */
2480 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
2481 struct sockaddr *paddr;
2482
2483 paddr = (struct sockaddr *)(xisr + 1);
2484 bcopy(paddr, &(*p_isr)->saidx.src,
2485 paddr->sa_len);
2486
2487 paddr = (struct sockaddr *)((caddr_t)paddr
2488 + paddr->sa_len);
2489 bcopy(paddr, &(*p_isr)->saidx.dst,
2490 paddr->sa_len);
2491 }
2492
2493 (*p_isr)->sp = new;
2494
2495 /* initialization for the next. */
2496 p_isr = &(*p_isr)->next;
2497 tlen -= xisr->sadb_x_ipsecrequest_len;
2498
2499 /* validity check */
2500 if (tlen < 0) {
2501 plog(LLV_ERROR, LOCATION, NULL,
2502 "becoming tlen < 0\n");
2503 }
2504
2505 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
2506 + xisr->sadb_x_ipsecrequest_len);
2507 }
2508 }
2509 break;
2510 default:
2511 plog(LLV_ERROR, LOCATION, NULL,
2512 "invalid policy type.\n");
2513 return -1;
2514 }
2515
2516 KEY_SETSECSPIDX(xpl->sadb_x_policy_dir,
2517 saddr + 1,
2518 daddr + 1,
2519 saddr->sadb_address_prefixlen,
2520 daddr->sadb_address_prefixlen,
2521 saddr->sadb_address_proto,
2522 &new->spidx);
2523
2524 inssp(new);
2525
2526 return 0;
2527 }
2528
2529 /* proto/mode/src->dst spi */
2530 const char *
2531 sadbsecas2str(src, dst, proto, spi, mode)
2532 struct sockaddr *src, *dst;
2533 int proto;
2534 u_int32_t spi;
2535 int mode;
2536 {
2537 static char buf[256];
2538 u_int doi_proto, doi_mode = 0;
2539 char *p;
2540 int blen, i;
2541
2542 doi_proto = pfkey2ipsecdoi_proto(proto);
2543 if (doi_proto == ~0)
2544 return NULL;
2545 if (mode) {
2546 doi_mode = pfkey2ipsecdoi_mode(mode, 0);
2547 if (doi_mode == ~0)
2548 return NULL;
2549 }
2550
2551 blen = sizeof(buf) - 1;
2552 p = buf;
2553
2554 i = snprintf(p, blen, "%s%s%s ",
2555 s_ipsecdoi_proto(doi_proto),
2556 mode ? "/" : "",
2557 mode ? s_ipsecdoi_encmode(doi_mode) : "");
2558 if (i < 0 || i >= blen)
2559 return NULL;
2560 p += i;
2561 blen -= i;
2562
2563 i = snprintf(p, blen, "%s->", saddrwop2str(src));
2564 if (i < 0 || i >= blen)
2565 return NULL;
2566 p += i;
2567 blen -= i;
2568
2569 i = snprintf(p, blen, "%s ", saddrwop2str(dst));
2570 if (i < 0 || i >= blen)
2571 return NULL;
2572 p += i;
2573 blen -= i;
2574
2575 if (spi) {
2576 snprintf(p, blen, "spi=%lu(0x%lx)", (unsigned long)ntohl(spi),
2577 (unsigned long)ntohl(spi));
2578 }
2579
2580 return buf;
2581 }
mirror of network_cmds