]> git.saurik.com Git - apple/xnu.git/blame_incremental - bsd/netkey/key.c
projects / apple / xnu.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
xnu-1228.tar.gz
[apple/xnu.git] / bsd / netkey / key.c
... / ...
CommitLineData
1/* $FreeBSD: src/sys/netkey/key.c,v 1.16.2.13 2002/07/24 18:17:40 ume Exp $ */
2/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
3
4/*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33/*
34 * This code is referd to RFC 2367
35 */
36
37#include <machine/endian.h>
38#include <sys/types.h>
39#include <sys/param.h>
40#include <sys/systm.h>
41#include <sys/kernel.h>
42#include <sys/mbuf.h>
43#include <sys/domain.h>
44#include <sys/protosw.h>
45#include <sys/malloc.h>
46#include <sys/socket.h>
47#include <sys/socketvar.h>
48#include <sys/sysctl.h>
49#include <sys/errno.h>
50#include <sys/proc.h>
51#include <sys/queue.h>
52#include <sys/syslog.h>
53
54#include <kern/locks.h>
55
56#include <net/if.h>
57#include <net/route.h>
58#include <net/raw_cb.h>
59
60#include <netinet/in.h>
61#include <netinet/in_systm.h>
62#include <netinet/ip.h>
63#include <netinet/in_var.h>
64
65#if INET6
66#include <netinet/ip6.h>
67#include <netinet6/in6_var.h>
68#include <netinet6/ip6_var.h>
69#endif /* INET6 */
70
71#if INET
72#include <netinet/in_pcb.h>
73#endif
74#if INET6
75#include <netinet6/in6_pcb.h>
76#endif /* INET6 */
77
78#include <net/pfkeyv2.h>
79#include <netkey/keydb.h>
80#include <netkey/key.h>
81#include <netkey/keysock.h>
82#include <netkey/key_debug.h>
83#include <stdarg.h>
84
85
86#include <netinet6/ipsec.h>
87#if INET6
88#include <netinet6/ipsec6.h>
89#endif
90#include <netinet6/ah.h>
91#if INET6
92#include <netinet6/ah6.h>
93#endif
94#if IPSEC_ESP
95#include <netinet6/esp.h>
96#if INET6
97#include <netinet6/esp6.h>
98#endif
99#endif
100#include <netinet6/ipcomp.h>
101#if INET6
102#include <netinet6/ipcomp6.h>
103#endif
104
105
106/* randomness */
107#include <sys/random.h>
108
109#include <net/net_osdep.h>
110
111#ifndef satosin
112#define satosin(s) ((struct sockaddr_in *)s)
113#endif
114
115#define FULLMASK 0xff
116
117lck_grp_t *sadb_mutex_grp;
118lck_grp_attr_t *sadb_mutex_grp_attr;
119lck_attr_t *sadb_mutex_attr;
120lck_mtx_t *sadb_mutex;
121
122lck_grp_t *pfkey_stat_mutex_grp;
123lck_grp_attr_t *pfkey_stat_mutex_grp_attr;
124lck_attr_t *pfkey_stat_mutex_attr;
125lck_mtx_t *pfkey_stat_mutex;
126
127
128extern lck_mtx_t *nd6_mutex;
129
130/*
131 * Note on SA reference counting:
132 * - SAs that are not in DEAD state will have (total external reference + 1)
133 * following value in reference count field. they cannot be freed and are
134 * referenced from SA header.
135 * - SAs that are in DEAD state will have (total external reference)
136 * in reference count field. they are ready to be freed. reference from
137 * SA header will be removed in key_delsav(), when the reference count
138 * field hits 0 (= no external reference other than from SA header.
139 */
140
141u_int32_t key_debug_level = 0; //### our sysctl is not dynamic
142static u_int key_spi_trycnt = 1000;
143static u_int32_t key_spi_minval = 0x100;
144static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */
145static u_int32_t policy_id = 0;
146static u_int key_int_random = 60; /*interval to initialize randseed,1(m)*/
147static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/
148static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/
149static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/
150static int key_preferred_oldsa = 0; /* preferred old sa rather than new sa.*/
151static int natt_keepalive_interval = 20; /* interval between natt keepalives.*/
152static int ipsec_policy_count = 0;
153static int ipsec_sav_count = 0;
154
155static u_int32_t acq_seq = 0;
156static int key_tick_init_random = 0;
157__private_extern__ u_int32_t natt_now = 0;
158
159static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD */
160static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */
161static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1];
162 /* registed list */
163
164#define SPIHASHSIZE 128
165#define SPIHASH(x) (((x) ^ ((x) >> 16)) % SPIHASHSIZE)
166static LIST_HEAD(_spihash, secasvar) spihash[SPIHASHSIZE];
167
168#ifndef IPSEC_NONBLOCK_ACQUIRE
169static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */
170#endif
171static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */
172
173struct key_cb key_cb;
174
175/* search order for SAs */
176static const u_int saorder_state_valid_prefer_old[] = {
177 SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
178};
179static const u_int saorder_state_valid_prefer_new[] = {
180 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
181};
182static const u_int saorder_state_alive[] = {
183 /* except DEAD */
184 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
185};
186static const u_int saorder_state_any[] = {
187 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
188 SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
189};
190
191static const int minsize[] = {
192 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
193 sizeof(struct sadb_sa), /* SADB_EXT_SA */
194 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
195 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
196 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
197 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */
198 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */
199 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */
200 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */
201 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */
202 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */
203 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */
204 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */
205 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */
206 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */
207 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */
208 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
209 0, /* SADB_X_EXT_KMPRIVATE */
210 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */
211 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
212};
213static const int maxsize[] = {
214 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
215 sizeof(struct sadb_sa_2), /* SADB_EXT_SA */
216 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
217 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
218 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
219 0, /* SADB_EXT_ADDRESS_SRC */
220 0, /* SADB_EXT_ADDRESS_DST */
221 0, /* SADB_EXT_ADDRESS_PROXY */
222 0, /* SADB_EXT_KEY_AUTH */
223 0, /* SADB_EXT_KEY_ENCRYPT */
224 0, /* SADB_EXT_IDENTITY_SRC */
225 0, /* SADB_EXT_IDENTITY_DST */
226 0, /* SADB_EXT_SENSITIVITY */
227 0, /* SADB_EXT_PROPOSAL */
228 0, /* SADB_EXT_SUPPORTED_AUTH */
229 0, /* SADB_EXT_SUPPORTED_ENCRYPT */
230 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
231 0, /* SADB_X_EXT_KMPRIVATE */
232 0, /* SADB_X_EXT_POLICY */
233 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
234};
235
236static int ipsec_esp_keymin = 256;
237static int ipsec_esp_auth = 0;
238static int ipsec_ah_keymin = 128;
239
240SYSCTL_DECL(_net_key);
241
242SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW, \
243 &key_debug_level, 0, "");
244
245
246/* max count of trial for the decision of spi value */
247SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW, \
248 &key_spi_trycnt, 0, "");
249
250/* minimum spi value to allocate automatically. */
251SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW, \
252 &key_spi_minval, 0, "");
253
254/* maximun spi value to allocate automatically. */
255SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW, \
256 &key_spi_maxval, 0, "");
257
258/* interval to initialize randseed */
259SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW, \
260 &key_int_random, 0, "");
261
262/* lifetime for larval SA */
263SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW, \
264 &key_larval_lifetime, 0, "");
265
266/* counter for blocking to send SADB_ACQUIRE to IKEd */
267SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW, \
268 &key_blockacq_count, 0, "");
269
270/* lifetime for blocking to send SADB_ACQUIRE to IKEd */
271SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW, \
272 &key_blockacq_lifetime, 0, "");
273
274/* ESP auth */
275SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW, \
276 &ipsec_esp_auth, 0, "");
277
278/* minimum ESP key length */
279SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW, \
280 &ipsec_esp_keymin, 0, "");
281
282/* minimum AH key length */
283SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW, \
284 &ipsec_ah_keymin, 0, "");
285
286/* perfered old SA rather than new SA */
287SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, prefered_oldsa, CTLFLAG_RW,\
288 &key_preferred_oldsa, 0, "");
289
290/* time between NATT keepalives in seconds, 0 disabled */
291SYSCTL_INT(_net_key, KEYCTL_NATT_KEEPALIVE_INTERVAL, natt_keepalive_interval, CTLFLAG_RW,\
292 &natt_keepalive_interval, 0, "");
293
294/* PF_KEY statistics */
295SYSCTL_STRUCT(_net_key, KEYCTL_PFKEYSTAT, pfkeystat, CTLFLAG_RD,\
296 &pfkeystat, pfkeystat, "");
297
298#ifndef LIST_FOREACH
299#define LIST_FOREACH(elm, head, field) \
300 for (elm = LIST_FIRST(head); elm; elm = LIST_NEXT(elm, field))
301#endif
302#define __LIST_CHAINED(elm) \
303 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
304#define LIST_INSERT_TAIL(head, elm, type, field) \
305do {\
306 struct type *curelm = LIST_FIRST(head); \
307 if (curelm == NULL) {\
308 LIST_INSERT_HEAD(head, elm, field); \
309 } else { \
310 while (LIST_NEXT(curelm, field)) \
311 curelm = LIST_NEXT(curelm, field);\
312 LIST_INSERT_AFTER(curelm, elm, field);\
313 }\
314} while (0)
315
316#define KEY_CHKSASTATE(head, sav, name) \
317do { \
318 if ((head) != (sav)) { \
319 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%d SA=%d)\n", \
320 (name), (head), (sav))); \
321 continue; \
322 } \
323} while (0)
324
325#define KEY_CHKSPDIR(head, sp, name) \
326do { \
327 if ((head) != (sp)) { \
328 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%d SP=%d), " \
329 "anyway continue.\n", \
330 (name), (head), (sp))); \
331 } \
332} while (0)
333
334#if 1
335#define KMALLOC_WAIT(p, t, n) \
336 ((p) = (t) _MALLOC((unsigned long)(n), M_SECA, M_WAITOK))
337#define KMALLOC_NOWAIT(p, t, n) \
338 ((p) = (t) _MALLOC((unsigned long)(n), M_SECA, M_NOWAIT))
339#define KFREE(p) \
340 _FREE((caddr_t)(p), M_SECA);
341#else
342#define KMALLOC_WAIT(p, t, n) \
343do { \
344 ((p) = (t)_MALLOC((unsigned long)(n), M_SECA, M_WAITOK)); \
345 printf("%s %d: %p <- KMALLOC_WAIT(%s, %d)\n", \
346 __FILE__, __LINE__, (p), #t, n); \
347} while (0)
348#define KMALLOC_NOWAIT(p, t, n) \
349 do { \
350 ((p) = (t)_MALLOC((unsigned long)(n), M_SECA, M_NOWAIT)); \
351 printf("%s %d: %p <- KMALLOC_NOWAIT(%s, %d)\n", \
352 __FILE__, __LINE__, (p), #t, n); \
353 } while (0)
354
355#define KFREE(p) \
356 do { \
357 printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p)); \
358 _FREE((caddr_t)(p), M_SECA); \
359 } while (0)
360#endif
361
362/*
363 * set parameters into secpolicyindex buffer.
364 * Must allocate secpolicyindex buffer passed to this function.
365 */
366#define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \
367do { \
368 bzero((idx), sizeof(struct secpolicyindex)); \
369 (idx)->dir = (_dir); \
370 (idx)->prefs = (ps); \
371 (idx)->prefd = (pd); \
372 (idx)->ul_proto = (ulp); \
373 bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len); \
374 bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len); \
375} while (0)
376
377/*
378 * set parameters into secasindex buffer.
379 * Must allocate secasindex buffer before calling this function.
380 */
381#define KEY_SETSECASIDX(p, m, r, s, d, idx) \
382do { \
383 bzero((idx), sizeof(struct secasindex)); \
384 (idx)->proto = (p); \
385 (idx)->mode = (m); \
386 (idx)->reqid = (r); \
387 bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len); \
388 bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len); \
389} while (0)
390
391/* key statistics */
392struct _keystat {
393 u_long getspi_count; /* the avarage of count to try to get new SPI */
394} keystat;
395
396struct sadb_msghdr {
397 struct sadb_msg *msg;
398 struct sadb_ext *ext[SADB_EXT_MAX + 1];
399 int extoff[SADB_EXT_MAX + 1];
400 int extlen[SADB_EXT_MAX + 1];
401};
402
403static struct secasvar *key_do_allocsa_policy(struct secashead *, u_int, u_int16_t);
404static int key_do_get_translated_port(struct secashead *, struct secasvar *, u_int);
405static void key_delsp(struct secpolicy *);
406static struct secpolicy *key_getsp(struct secpolicyindex *);
407static struct secpolicy *key_getspbyid(u_int32_t);
408static u_int32_t key_newreqid(void);
409static struct mbuf *key_gather_mbuf(struct mbuf *,
410 const struct sadb_msghdr *, int, int, int *);
411static int key_spdadd(struct socket *, struct mbuf *,
412 const struct sadb_msghdr *);
413static u_int32_t key_getnewspid(void);
414static int key_spddelete(struct socket *, struct mbuf *,
415 const struct sadb_msghdr *);
416static int key_spddelete2(struct socket *, struct mbuf *,
417 const struct sadb_msghdr *);
418static int key_spdget(struct socket *, struct mbuf *,
419 const struct sadb_msghdr *);
420static int key_spdflush(struct socket *, struct mbuf *,
421 const struct sadb_msghdr *);
422static int key_spddump(struct socket *, struct mbuf *,
423 const struct sadb_msghdr *);
424static struct mbuf *key_setdumpsp(struct secpolicy *,
425 u_int8_t, u_int32_t, u_int32_t);
426static u_int key_getspreqmsglen(struct secpolicy *);
427static int key_spdexpire(struct secpolicy *);
428static struct secashead *key_newsah(struct secasindex *);
429static void key_delsah(struct secashead *);
430static struct secasvar *key_newsav(struct mbuf *,
431 const struct sadb_msghdr *, struct secashead *, int *);
432static void key_delsav(struct secasvar *);
433static struct secashead *key_getsah(struct secasindex *);
434static struct secasvar *key_checkspidup(struct secasindex *, u_int32_t);
435static void key_setspi __P((struct secasvar *, u_int32_t));
436static struct secasvar *key_getsavbyspi(struct secashead *, u_int32_t);
437static int key_setsaval(struct secasvar *, struct mbuf *,
438 const struct sadb_msghdr *);
439static int key_mature(struct secasvar *);
440static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t,
441 u_int8_t, u_int32_t, u_int32_t);
442static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t,
443 u_int32_t, pid_t, u_int16_t);
444static struct mbuf *key_setsadbsa(struct secasvar *);
445static struct mbuf *key_setsadbaddr(u_int16_t,
446 struct sockaddr *, u_int8_t, u_int16_t);
447#if 0
448static struct mbuf *key_setsadbident(u_int16_t, u_int16_t, caddr_t,
449 int, u_int64_t);
450#endif
451static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t);
452static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
453 u_int32_t);
454static void *key_newbuf(const void *, u_int);
455#if INET6
456static int key_ismyaddr6(struct sockaddr_in6 *);
457#endif
458
459/* flags for key_cmpsaidx() */
460#define CMP_HEAD 0x1 /* protocol, addresses. */
461#define CMP_PORT 0x2 /* additionally HEAD, reqid, mode. */
462#define CMP_REQID 0x4 /* additionally HEAD, reqid. */
463#define CMP_MODE 0x8 /* additionally mode. */
464#define CMP_EXACTLY 0xF /* all elements. */
465static int key_cmpsaidx(struct secasindex *, struct secasindex *, int);
466
467static int key_cmpspidx_exactly(struct secpolicyindex *,
468 struct secpolicyindex *);
469static int key_cmpspidx_withmask(struct secpolicyindex *,
470 struct secpolicyindex *);
471static int key_sockaddrcmp(struct sockaddr *, struct sockaddr *, int);
472static int key_bbcmp(caddr_t, caddr_t, u_int);
473static void key_srandom(void);
474static u_int16_t key_satype2proto(u_int8_t);
475static u_int8_t key_proto2satype(u_int16_t);
476
477static int key_getspi(struct socket *, struct mbuf *,
478 const struct sadb_msghdr *);
479static u_int32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *);
480static int key_update(struct socket *, struct mbuf *,
481 const struct sadb_msghdr *);
482#if IPSEC_DOSEQCHECK
483static struct secasvar *key_getsavbyseq(struct secashead *, u_int32_t);
484#endif
485static int key_add(struct socket *, struct mbuf *, const struct sadb_msghdr *);
486static int key_setident(struct secashead *, struct mbuf *,
487 const struct sadb_msghdr *);
488static struct mbuf *key_getmsgbuf_x1(struct mbuf *, const struct sadb_msghdr *);
489static int key_delete(struct socket *, struct mbuf *,
490 const struct sadb_msghdr *);
491static int key_get(struct socket *, struct mbuf *, const struct sadb_msghdr *);
492
493static void key_getcomb_setlifetime(struct sadb_comb *);
494#if IPSEC_ESP
495static struct mbuf *key_getcomb_esp(void);
496#endif
497static struct mbuf *key_getcomb_ah(void);
498static struct mbuf *key_getcomb_ipcomp(void);
499static struct mbuf *key_getprop(const struct secasindex *);
500
501static int key_acquire(struct secasindex *, struct secpolicy *);
502#ifndef IPSEC_NONBLOCK_ACQUIRE
503static struct secacq *key_newacq(struct secasindex *);
504static struct secacq *key_getacq(struct secasindex *);
505static struct secacq *key_getacqbyseq(u_int32_t);
506#endif
507static struct secspacq *key_newspacq(struct secpolicyindex *);
508static struct secspacq *key_getspacq(struct secpolicyindex *);
509static int key_acquire2(struct socket *, struct mbuf *,
510 const struct sadb_msghdr *);
511static int key_register(struct socket *, struct mbuf *,
512 const struct sadb_msghdr *);
513static int key_expire(struct secasvar *);
514static int key_flush(struct socket *, struct mbuf *,
515 const struct sadb_msghdr *);
516static int key_dump(struct socket *, struct mbuf *, const struct sadb_msghdr *);
517static int key_promisc(struct socket *, struct mbuf *,
518 const struct sadb_msghdr *);
519static int key_senderror(struct socket *, struct mbuf *, int);
520static int key_validate_ext(const struct sadb_ext *, int);
521static int key_align(struct mbuf *, struct sadb_msghdr *);
522static void key_sa_chgstate(struct secasvar *, u_int8_t);
523static struct mbuf *key_alloc_mbuf(int);
524
525extern int ipsec_bypass;
526void ipsec_send_natt_keepalive(struct secasvar *sav);
527
528void key_init(void);
529
530
531/*
532 * PF_KEY init
533 * setup locks and call raw_init()
534 *
535 */
536void
537key_init(void)
538{
539
540 int i;
541
542 sadb_mutex_grp_attr = lck_grp_attr_alloc_init();
543 sadb_mutex_grp = lck_grp_alloc_init("sadb", sadb_mutex_grp_attr);
544 sadb_mutex_attr = lck_attr_alloc_init();
545
546 if ((sadb_mutex = lck_mtx_alloc_init(sadb_mutex_grp, sadb_mutex_attr)) == NULL) {
547 printf("key_init: can't alloc sadb_mutex\n");
548 return;
549 }
550
551 pfkey_stat_mutex_grp_attr = lck_grp_attr_alloc_init();
552 pfkey_stat_mutex_grp = lck_grp_alloc_init("pfkey_stat", pfkey_stat_mutex_grp_attr);
553 pfkey_stat_mutex_attr = lck_attr_alloc_init();
554
555 if ((pfkey_stat_mutex = lck_mtx_alloc_init(pfkey_stat_mutex_grp, pfkey_stat_mutex_attr)) == NULL) {
556 printf("key_init: can't alloc pfkey_stat_mutex\n");
557 return;
558 }
559
560 for (i = 0; i < SPIHASHSIZE; i++)
561 LIST_INIT(&spihash[i]);
562
563 raw_init();
564}
565
566
567/* %%% IPsec policy management */
568/*
569 * allocating a SP for OUTBOUND or INBOUND packet.
570 * Must call key_freesp() later.
571 * OUT: NULL: not found
572 * others: found and return the pointer.
573 */
574struct secpolicy *
575key_allocsp(spidx, dir)
576 struct secpolicyindex *spidx;
577 u_int dir;
578{
579 struct secpolicy *sp;
580 struct timeval tv;
581
582 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
583 /* sanity check */
584 if (spidx == NULL)
585 panic("key_allocsp: NULL pointer is passed.\n");
586
587 /* check direction */
588 switch (dir) {
589 case IPSEC_DIR_INBOUND:
590 case IPSEC_DIR_OUTBOUND:
591 break;
592 default:
593 panic("key_allocsp: Invalid direction is passed.\n");
594 }
595
596 /* get a SP entry */
597 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
598 printf("*** objects\n");
599 kdebug_secpolicyindex(spidx));
600
601 lck_mtx_lock(sadb_mutex);
602 LIST_FOREACH(sp, &sptree[dir], chain) {
603 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
604 printf("*** in SPD\n");
605 kdebug_secpolicyindex(&sp->spidx));
606
607 if (sp->state == IPSEC_SPSTATE_DEAD)
608 continue;
609 if (key_cmpspidx_withmask(&sp->spidx, spidx))
610 goto found;
611 }
612 lck_mtx_unlock(sadb_mutex);
613 return NULL;
614
615found:
616
617 /* found a SPD entry */
618 microtime(&tv);
619 sp->lastused = tv.tv_sec;
620 sp->refcnt++;
621 lck_mtx_unlock(sadb_mutex);
622
623 /* sanity check */
624 KEY_CHKSPDIR(sp->spidx.dir, dir, "key_allocsp");
625 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
626 printf("DP key_allocsp cause refcnt++:%d SP:%p\n",
627 sp->refcnt, sp));
628 return sp;
629}
630
631/*
632 * return a policy that matches this particular inbound packet.
633 * XXX slow
634 */
635struct secpolicy *
636key_gettunnel(osrc, odst, isrc, idst)
637 struct sockaddr *osrc, *odst, *isrc, *idst;
638{
639 struct secpolicy *sp;
640 const int dir = IPSEC_DIR_INBOUND;
641 struct timeval tv;
642 struct ipsecrequest *r1, *r2, *p;
643 struct sockaddr *os, *od, *is, *id;
644 struct secpolicyindex spidx;
645
646 if (isrc->sa_family != idst->sa_family) {
647 ipseclog((LOG_ERR, "protocol family mismatched %d != %d\n.",
648 isrc->sa_family, idst->sa_family));
649 return NULL;
650 }
651
652 lck_mtx_lock(sadb_mutex);
653 LIST_FOREACH(sp, &sptree[dir], chain) {
654 if (sp->state == IPSEC_SPSTATE_DEAD)
655 continue;
656
657 r1 = r2 = NULL;
658 for (p = sp->req; p; p = p->next) {
659 if (p->saidx.mode != IPSEC_MODE_TUNNEL)
660 continue;
661
662 r1 = r2;
663 r2 = p;
664
665 if (!r1) {
666 /* here we look at address matches only */
667 spidx = sp->spidx;
668 if (isrc->sa_len > sizeof(spidx.src) ||
669 idst->sa_len > sizeof(spidx.dst))
670 continue;
671 bcopy(isrc, &spidx.src, isrc->sa_len);
672 bcopy(idst, &spidx.dst, idst->sa_len);
673 if (!key_cmpspidx_withmask(&sp->spidx, &spidx))
674 continue;
675 } else {
676 is = (struct sockaddr *)&r1->saidx.src;
677 id = (struct sockaddr *)&r1->saidx.dst;
678 if (key_sockaddrcmp(is, isrc, 0) ||
679 key_sockaddrcmp(id, idst, 0))
680 continue;
681 }
682
683 os = (struct sockaddr *)&r2->saidx.src;
684 od = (struct sockaddr *)&r2->saidx.dst;
685 if (key_sockaddrcmp(os, osrc, 0) ||
686 key_sockaddrcmp(od, odst, 0))
687 continue;
688
689 goto found;
690 }
691 }
692 lck_mtx_unlock(sadb_mutex);
693 return NULL;
694
695found:
696 microtime(&tv);
697 sp->lastused = tv.tv_sec;
698 sp->refcnt++;
699 lck_mtx_unlock(sadb_mutex);
700 return sp;
701}
702
703/*
704 * allocating an SA entry for an *OUTBOUND* packet.
705 * checking each request entries in SP, and acquire an SA if need.
706 * OUT: 0: there are valid requests.
707 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
708 */
709int
710key_checkrequest(isr, saidx, sav)
711 struct ipsecrequest *isr;
712 struct secasindex *saidx;
713 struct secasvar **sav;
714{
715 u_int level;
716 int error;
717 struct sockaddr_in *sin;
718
719 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
720
721 *sav = NULL;
722
723 /* sanity check */
724 if (isr == NULL || saidx == NULL)
725 panic("key_checkrequest: NULL pointer is passed.\n");
726
727 /* check mode */
728 switch (saidx->mode) {
729 case IPSEC_MODE_TRANSPORT:
730 case IPSEC_MODE_TUNNEL:
731 break;
732 case IPSEC_MODE_ANY:
733 default:
734 panic("key_checkrequest: Invalid policy defined.\n");
735 }
736
737 /* get current level */
738 level = ipsec_get_reqlevel(isr);
739
740
741 /*
742 * key_allocsa_policy should allocate the oldest SA available.
743 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
744 */
745 if (*sav == NULL)
746 *sav = key_allocsa_policy(saidx);
747
748 /* When there is SA. */
749 if (*sav != NULL)
750 return 0;
751
752 /* There is no SA.
753 *
754 * Remove dst port - used for special natt support - don't call
755 * key_acquire with it.
756 */
757 if (saidx->mode == IPSEC_MODE_TRANSPORT) {
758 sin = (struct sockaddr_in *)&saidx->dst;
759 sin->sin_port = IPSEC_PORT_ANY;
760 }
761 if ((error = key_acquire(saidx, isr->sp)) != 0) {
762 /* XXX What should I do ? */
763 ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned "
764 "from key_acquire.\n", error));
765 return error;
766 }
767
768 return level == IPSEC_LEVEL_REQUIRE ? ENOENT : 0;
769}
770
771/*
772 * allocating a SA for policy entry from SAD.
773 * NOTE: searching SAD of aliving state.
774 * OUT: NULL: not found.
775 * others: found and return the pointer.
776 */
777struct secasvar *
778key_allocsa_policy(saidx)
779 struct secasindex *saidx;
780{
781 struct secashead *sah;
782 struct secasvar *sav;
783 u_int stateidx, state;
784 const u_int *saorder_state_valid;
785 int arraysize;
786 struct sockaddr_in *sin;
787 u_int16_t dstport;
788
789 lck_mtx_lock(sadb_mutex);
790 LIST_FOREACH(sah, &sahtree, chain) {
791 if (sah->state == SADB_SASTATE_DEAD)
792 continue;
793 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE | CMP_REQID))
794 goto found;
795 }
796 lck_mtx_unlock(sadb_mutex);
797 return NULL;
798
799 found:
800
801 /*
802 * search a valid state list for outbound packet.
803 * This search order is important.
804 */
805 if (key_preferred_oldsa) {
806 saorder_state_valid = saorder_state_valid_prefer_old;
807 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
808 } else {
809 saorder_state_valid = saorder_state_valid_prefer_new;
810 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
811 }
812
813
814 sin = (struct sockaddr_in *)&saidx->dst;
815 dstport = sin->sin_port;
816 if (saidx->mode == IPSEC_MODE_TRANSPORT)
817 sin->sin_port = IPSEC_PORT_ANY;
818
819 for (stateidx = 0; stateidx < arraysize; stateidx++) {
820
821 state = saorder_state_valid[stateidx];
822
823 sav = key_do_allocsa_policy(sah, state, dstport);
824 if (sav != NULL) {
825 lck_mtx_unlock(sadb_mutex);
826 return sav;
827 }
828 }
829 lck_mtx_unlock(sadb_mutex);
830 return NULL;
831}
832
833/*
834 * searching SAD with direction, protocol, mode and state.
835 * called by key_allocsa_policy().
836 * OUT:
837 * NULL : not found
838 * others : found, pointer to a SA.
839 */
840static struct secasvar *
841key_do_allocsa_policy(sah, state, dstport)
842 struct secashead *sah;
843 u_int state;
844 u_int16_t dstport;
845{
846 struct secasvar *sav, *nextsav, *candidate, *natt_candidate, *no_natt_candidate, *d;
847
848 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
849
850 /* initialize */
851 candidate = NULL;
852 natt_candidate = NULL;
853 no_natt_candidate = NULL;
854
855 for (sav = LIST_FIRST(&sah->savtree[state]);
856 sav != NULL;
857 sav = nextsav) {
858
859 nextsav = LIST_NEXT(sav, chain);
860
861 /* sanity check */
862 KEY_CHKSASTATE(sav->state, state, "key_do_allocsa_policy");
863
864 if (sah->saidx.mode == IPSEC_MODE_TUNNEL && dstport &&
865 ((sav->flags & SADB_X_EXT_NATT) != 0) &&
866 ntohs(dstport) != sav->remote_ike_port)
867 continue;
868
869 if (sah->saidx.mode == IPSEC_MODE_TRANSPORT &&
870 ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0) &&
871 ntohs(dstport) != sav->remote_ike_port)
872 continue; /* skip this one - not a match - or not UDP */
873
874 if ((sah->saidx.mode == IPSEC_MODE_TUNNEL &&
875 ((sav->flags & SADB_X_EXT_NATT) != 0)) ||
876 (sah->saidx.mode == IPSEC_MODE_TRANSPORT &&
877 ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0))) {
878 if (natt_candidate == NULL) {
879 natt_candidate = sav;
880 continue;
881 } else
882 candidate = natt_candidate;
883 } else {
884 if (no_natt_candidate == NULL) {
885 no_natt_candidate = sav;
886 continue;
887 } else
888 candidate = no_natt_candidate;
889 }
890
891 /* Which SA is the better ? */
892
893 /* sanity check 2 */
894 if (candidate->lft_c == NULL || sav->lft_c == NULL)
895 panic("key_do_allocsa_policy: "
896 "lifetime_current is NULL.\n");
897
898 /* What the best method is to compare ? */
899 if (key_preferred_oldsa) {
900 if (candidate->lft_c->sadb_lifetime_addtime >
901 sav->lft_c->sadb_lifetime_addtime) {
902 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
903 natt_candidate = sav;
904 else
905 no_natt_candidate = sav;
906 }
907 continue;
908 /*NOTREACHED*/
909 }
910
911 /* prefered new sa rather than old sa */
912 if (candidate->lft_c->sadb_lifetime_addtime <
913 sav->lft_c->sadb_lifetime_addtime) {
914 d = candidate;
915 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
916 natt_candidate = sav;
917 else
918 no_natt_candidate = sav;
919 } else
920 d = sav;
921
922 /*
923 * prepared to delete the SA when there is more
924 * suitable candidate and the lifetime of the SA is not
925 * permanent.
926 */
927 if (d->lft_c->sadb_lifetime_addtime != 0) {
928 struct mbuf *m, *result;
929
930 key_sa_chgstate(d, SADB_SASTATE_DEAD);
931
932 m = key_setsadbmsg(SADB_DELETE, 0,
933 d->sah->saidx.proto, 0, 0, d->refcnt - 1);
934 if (!m)
935 goto msgfail;
936 result = m;
937
938 /* set sadb_address for saidx's. */
939 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
940 (struct sockaddr *)&d->sah->saidx.src,
941 d->sah->saidx.src.ss_len << 3,
942 IPSEC_ULPROTO_ANY);
943 if (!m)
944 goto msgfail;
945 m_cat(result, m);
946
947 /* set sadb_address for saidx's. */
948 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
949 (struct sockaddr *)&d->sah->saidx.src,
950 d->sah->saidx.src.ss_len << 3,
951 IPSEC_ULPROTO_ANY);
952 if (!m)
953 goto msgfail;
954 m_cat(result, m);
955
956 /* create SA extension */
957 m = key_setsadbsa(d);
958 if (!m)
959 goto msgfail;
960 m_cat(result, m);
961
962 if (result->m_len < sizeof(struct sadb_msg)) {
963 result = m_pullup(result,
964 sizeof(struct sadb_msg));
965 if (result == NULL)
966 goto msgfail;
967 }
968
969 result->m_pkthdr.len = 0;
970 for (m = result; m; m = m->m_next)
971 result->m_pkthdr.len += m->m_len;
972 mtod(result, struct sadb_msg *)->sadb_msg_len =
973 PFKEY_UNIT64(result->m_pkthdr.len);
974
975 if (key_sendup_mbuf(NULL, result,
976 KEY_SENDUP_REGISTERED))
977 goto msgfail;
978 msgfail:
979 key_freesav(d, KEY_SADB_LOCKED);
980 }
981 }
982
983 /* choose latest if both types present */
984 if (natt_candidate == NULL)
985 candidate = no_natt_candidate;
986 else if (no_natt_candidate == NULL)
987 candidate = natt_candidate;
988 else if (sah->saidx.mode == IPSEC_MODE_TUNNEL && dstport)
989 candidate = natt_candidate;
990 else if (natt_candidate->lft_c->sadb_lifetime_addtime >
991 no_natt_candidate->lft_c->sadb_lifetime_addtime)
992 candidate = natt_candidate;
993 else
994 candidate = no_natt_candidate;
995
996 if (candidate) {
997 candidate->refcnt++;
998 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
999 printf("DP allocsa_policy cause "
1000 "refcnt++:%d SA:%p\n",
1001 candidate->refcnt, candidate));
1002 }
1003 return candidate;
1004}
1005
1006/*
1007 * allocating a SA entry for a *INBOUND* packet.
1008 * Must call key_freesav() later.
1009 * OUT: positive: pointer to a sav.
1010 * NULL: not found, or error occurred.
1011 *
1012 * In the comparison, source address will be ignored for RFC2401 conformance.
1013 * To quote, from section 4.1:
1014 * A security association is uniquely identified by a triple consisting
1015 * of a Security Parameter Index (SPI), an IP Destination Address, and a
1016 * security protocol (AH or ESP) identifier.
1017 * Note that, however, we do need to keep source address in IPsec SA.
1018 * IKE specification and PF_KEY specification do assume that we
1019 * keep source address in IPsec SA. We see a tricky situation here.
1020 */
1021struct secasvar *
1022key_allocsa(family, src, dst, proto, spi)
1023 u_int family, proto;
1024 caddr_t src, dst;
1025 u_int32_t spi;
1026{
1027 struct secasvar *sav, *match;
1028 u_int stateidx, state, tmpidx, matchidx;
1029 struct sockaddr_in sin;
1030 struct sockaddr_in6 sin6;
1031 const u_int *saorder_state_valid;
1032 int arraysize;
1033
1034 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
1035
1036 /* sanity check */
1037 if (src == NULL || dst == NULL)
1038 panic("key_allocsa: NULL pointer is passed.\n");
1039
1040 /*
1041 * when both systems employ similar strategy to use a SA.
1042 * the search order is important even in the inbound case.
1043 */
1044 if (key_preferred_oldsa) {
1045 saorder_state_valid = saorder_state_valid_prefer_old;
1046 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
1047 } else {
1048 saorder_state_valid = saorder_state_valid_prefer_new;
1049 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
1050 }
1051
1052 /*
1053 * searching SAD.
1054 * XXX: to be checked internal IP header somewhere. Also when
1055 * IPsec tunnel packet is received. But ESP tunnel mode is
1056 * encrypted so we can't check internal IP header.
1057 */
1058 /*
1059 * search a valid state list for inbound packet.
1060 * the search order is not important.
1061 */
1062 match = NULL;
1063 matchidx = arraysize;
1064 lck_mtx_lock(sadb_mutex);
1065 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
1066 if (sav->spi != spi)
1067 continue;
1068 if (proto != sav->sah->saidx.proto)
1069 continue;
1070 if (family != sav->sah->saidx.src.ss_family ||
1071 family != sav->sah->saidx.dst.ss_family)
1072 continue;
1073 tmpidx = arraysize;
1074 for (stateidx = 0; stateidx < matchidx; stateidx++) {
1075 state = saorder_state_valid[stateidx];
1076 if (sav->state == state) {
1077 tmpidx = stateidx;
1078 break;
1079 }
1080 }
1081 if (tmpidx >= matchidx)
1082 continue;
1083
1084#if 0 /* don't check src */
1085 /* check src address */
1086 switch (family) {
1087 case AF_INET:
1088 bzero(&sin, sizeof(sin));
1089 sin.sin_family = AF_INET;
1090 sin.sin_len = sizeof(sin);
1091 bcopy(src, &sin.sin_addr,
1092 sizeof(sin.sin_addr));
1093 if (key_sockaddrcmp((struct sockaddr*)&sin,
1094 (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
1095 continue;
1096 break;
1097 case AF_INET6:
1098 bzero(&sin6, sizeof(sin6));
1099 sin6.sin6_family = AF_INET6;
1100 sin6.sin6_len = sizeof(sin6);
1101 bcopy(src, &sin6.sin6_addr,
1102 sizeof(sin6.sin6_addr));
1103 if (IN6_IS_SCOPE_LINKLOCAL(&sin6.sin6_addr)) {
1104 /* kame fake scopeid */
1105 sin6.sin6_scope_id =
1106 ntohs(sin6.sin6_addr.s6_addr16[1]);
1107 sin6.sin6_addr.s6_addr16[1] = 0;
1108 }
1109 if (key_sockaddrcmp((struct sockaddr*)&sin6,
1110 (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
1111 continue;
1112 break;
1113 default:
1114 ipseclog((LOG_DEBUG, "key_allocsa: "
1115 "unknown address family=%d.\n",
1116 family));
1117 continue;
1118 }
1119
1120#endif
1121 /* check dst address */
1122 switch (family) {
1123 case AF_INET:
1124 bzero(&sin, sizeof(sin));
1125 sin.sin_family = AF_INET;
1126 sin.sin_len = sizeof(sin);
1127 bcopy(dst, &sin.sin_addr,
1128 sizeof(sin.sin_addr));
1129 if (key_sockaddrcmp((struct sockaddr*)&sin,
1130 (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
1131 continue;
1132
1133 break;
1134 case AF_INET6:
1135 bzero(&sin6, sizeof(sin6));
1136 sin6.sin6_family = AF_INET6;
1137 sin6.sin6_len = sizeof(sin6);
1138 bcopy(dst, &sin6.sin6_addr,
1139 sizeof(sin6.sin6_addr));
1140 if (IN6_IS_SCOPE_LINKLOCAL(&sin6.sin6_addr)) {
1141 /* kame fake scopeid */
1142 sin6.sin6_scope_id =
1143 ntohs(sin6.sin6_addr.s6_addr16[1]);
1144 sin6.sin6_addr.s6_addr16[1] = 0;
1145 }
1146 if (key_sockaddrcmp((struct sockaddr*)&sin6,
1147 (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
1148 continue;
1149 break;
1150 default:
1151 ipseclog((LOG_DEBUG, "key_allocsa: "
1152 "unknown address family=%d.\n", family));
1153 continue;
1154 }
1155
1156 match = sav;
1157 matchidx = tmpidx;
1158 }
1159 if (match)
1160 goto found;
1161
1162 /* not found */
1163 lck_mtx_unlock(sadb_mutex);
1164 return NULL;
1165
1166found:
1167 match->refcnt++;
1168 lck_mtx_unlock(sadb_mutex);
1169 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1170 printf("DP allocsa cause refcnt++:%d SA:%p\n",
1171 match->refcnt, match));
1172 return match;
1173}
1174
1175u_int16_t
1176key_natt_get_translated_port(outsav)
1177 struct secasvar *outsav;
1178{
1179
1180 struct secasindex saidx;
1181 struct secashead *sah;
1182 u_int stateidx, state;
1183 const u_int *saorder_state_valid;
1184 int arraysize;
1185
1186 /* get sa for incoming */
1187 saidx.mode = outsav->sah->saidx.mode;
1188 saidx.reqid = 0;
1189 saidx.proto = outsav->sah->saidx.proto;
1190 bcopy(&outsav->sah->saidx.src, &saidx.dst, sizeof(struct sockaddr_in));
1191 bcopy(&outsav->sah->saidx.dst, &saidx.src, sizeof(struct sockaddr_in));
1192
1193 lck_mtx_lock(sadb_mutex);
1194 LIST_FOREACH(sah, &sahtree, chain) {
1195 if (sah->state == SADB_SASTATE_DEAD)
1196 continue;
1197 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE))
1198 goto found;
1199 }
1200 lck_mtx_unlock(sadb_mutex);
1201 return 0;
1202
1203found:
1204 /*
1205 * Found sah - now go thru list of SAs and find
1206 * matching remote ike port. If found - set
1207 * sav->natt_encapsulated_src_port and return the port.
1208 */
1209 /*
1210 * search a valid state list for outbound packet.
1211 * This search order is important.
1212 */
1213 if (key_preferred_oldsa) {
1214 saorder_state_valid = saorder_state_valid_prefer_old;
1215 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
1216 } else {
1217 saorder_state_valid = saorder_state_valid_prefer_new;
1218 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
1219 }
1220
1221 for (stateidx = 0; stateidx < arraysize; stateidx++) {
1222 state = saorder_state_valid[stateidx];
1223 if (key_do_get_translated_port(sah, outsav, state)) {
1224 lck_mtx_unlock(sadb_mutex);
1225 return outsav->natt_encapsulated_src_port;
1226 }
1227 }
1228 lck_mtx_unlock(sadb_mutex);
1229 return 0;
1230}
1231
1232static int
1233key_do_get_translated_port(sah, outsav, state)
1234 struct secashead *sah;
1235 struct secasvar *outsav;
1236 u_int state;
1237{
1238 struct secasvar *currsav, *nextsav, *candidate;
1239
1240
1241 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1242
1243 /* initilize */
1244 candidate = NULL;
1245
1246 for (currsav = LIST_FIRST(&sah->savtree[state]);
1247 currsav != NULL;
1248 currsav = nextsav) {
1249
1250 nextsav = LIST_NEXT(currsav, chain);
1251
1252 /* sanity check */
1253 KEY_CHKSASTATE(currsav->state, state, "key_do_get_translated_port");
1254
1255 if ((currsav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) == 0 ||
1256 currsav->remote_ike_port != outsav->remote_ike_port)
1257 continue;
1258
1259 if (candidate == NULL) {
1260 candidate = currsav;
1261 continue;
1262 }
1263
1264 /* Which SA is the better ? */
1265
1266 /* sanity check 2 */
1267 if (candidate->lft_c == NULL || currsav->lft_c == NULL)
1268 panic("key_do_get_translated_port: "
1269 "lifetime_current is NULL.\n");
1270
1271 /* What the best method is to compare ? */
1272 if (key_preferred_oldsa) {
1273 if (candidate->lft_c->sadb_lifetime_addtime >
1274 currsav->lft_c->sadb_lifetime_addtime) {
1275 candidate = currsav;
1276 }
1277 continue;
1278 /*NOTREACHED*/
1279 }
1280
1281 /* prefered new sa rather than old sa */
1282 if (candidate->lft_c->sadb_lifetime_addtime <
1283 currsav->lft_c->sadb_lifetime_addtime)
1284 candidate = currsav;
1285 }
1286
1287 if (candidate) {
1288 outsav->natt_encapsulated_src_port = candidate->natt_encapsulated_src_port;
1289 return 1;
1290 }
1291
1292 return 0;
1293}
1294
1295/*
1296 * Must be called after calling key_allocsp().
1297 * For both the packet without socket and key_freeso().
1298 */
1299void
1300key_freesp(sp, locked)
1301 struct secpolicy *sp;
1302 int locked;
1303{
1304
1305 /* sanity check */
1306 if (sp == NULL)
1307 panic("key_freesp: NULL pointer is passed.\n");
1308
1309 if (!locked)
1310 lck_mtx_lock(sadb_mutex);
1311 else
1312 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1313 sp->refcnt--;
1314 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1315 printf("DP freesp cause refcnt--:%d SP:%p\n",
1316 sp->refcnt, sp));
1317
1318 if (sp->refcnt == 0)
1319 key_delsp(sp);
1320 if (!locked)
1321 lck_mtx_unlock(sadb_mutex);
1322 return;
1323}
1324
1325#if 0
1326static void key_freesp_so(struct secpolicy **);
1327
1328/*
1329 * Must be called after calling key_allocsp().
1330 * For the packet with socket.
1331 */
1332void
1333key_freeso(so)
1334 struct socket *so;
1335{
1336
1337 /* sanity check */
1338 if (so == NULL)
1339 panic("key_freeso: NULL pointer is passed.\n");
1340
1341 lck_mtx_lock(sadb_mutex);
1342 switch (so->so_proto->pr_domain->dom_family) {
1343#if INET
1344 case PF_INET:
1345 {
1346 struct inpcb *pcb = sotoinpcb(so);
1347
1348 /* Does it have a PCB ? */
1349 if (pcb == NULL || pcb->inp_sp == NULL)
1350 goto done;
1351 key_freesp_so(&pcb->inp_sp->sp_in);
1352 key_freesp_so(&pcb->inp_sp->sp_out);
1353 }
1354 break;
1355#endif
1356#if INET6
1357 case PF_INET6:
1358 {
1359#if HAVE_NRL_INPCB
1360 struct inpcb *pcb = sotoinpcb(so);
1361
1362 /* Does it have a PCB ? */
1363 if (pcb == NULL || pcb->inp_sp == NULL)
1364 goto done;
1365 key_freesp_so(&pcb->inp_sp->sp_in);
1366 key_freesp_so(&pcb->inp_sp->sp_out);
1367#else
1368 struct in6pcb *pcb = sotoin6pcb(so);
1369
1370 /* Does it have a PCB ? */
1371 if (pcb == NULL || pcb->in6p_sp == NULL)
1372 goto done;
1373 key_freesp_so(&pcb->in6p_sp->sp_in);
1374 key_freesp_so(&pcb->in6p_sp->sp_out);
1375#endif
1376 }
1377 break;
1378#endif /* INET6 */
1379 default:
1380 ipseclog((LOG_DEBUG, "key_freeso: unknown address family=%d.\n",
1381 so->so_proto->pr_domain->dom_family));
1382 break;
1383 }
1384done:
1385 lck_mtx_unlock(sadb_mutex);
1386
1387 return;
1388}
1389
1390static void
1391key_freesp_so(sp)
1392 struct secpolicy **sp;
1393{
1394
1395 /* sanity check */
1396 if (sp == NULL || *sp == NULL)
1397 panic("key_freesp_so: sp == NULL\n");
1398
1399 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1400
1401 switch ((*sp)->policy) {
1402 case IPSEC_POLICY_IPSEC:
1403 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1404 printf("DP freeso calls free SP:%p\n", *sp));
1405 key_freesp(*sp, KEY_SADB_LOCKED);
1406 *sp = NULL;
1407 break;
1408 case IPSEC_POLICY_ENTRUST:
1409 case IPSEC_POLICY_BYPASS:
1410 return;
1411 default:
1412 panic("key_freesp_so: Invalid policy found %d", (*sp)->policy);
1413 }
1414
1415 return;
1416}
1417
1418#endif
1419
1420/*
1421 * Must be called after calling key_allocsa().
1422 * This function is called by key_freesp() to free some SA allocated
1423 * for a policy.
1424 */
1425void
1426key_freesav(sav, locked)
1427 struct secasvar *sav;
1428 int locked;
1429{
1430
1431 /* sanity check */
1432 if (sav == NULL)
1433 panic("key_freesav: NULL pointer is passed.\n");
1434
1435 if (!locked)
1436 lck_mtx_lock(sadb_mutex);
1437 else
1438 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1439 sav->refcnt--;
1440 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1441 printf("DP freesav cause refcnt--:%d SA:%p SPI %u\n",
1442 sav->refcnt, sav, (u_int32_t)ntohl(sav->spi)));
1443
1444 if (sav->refcnt == 0)
1445 key_delsav(sav);
1446 if (!locked)
1447 lck_mtx_unlock(sadb_mutex);
1448 return;
1449}
1450
1451/* %%% SPD management */
1452/*
1453 * free security policy entry.
1454 */
1455static void
1456key_delsp(sp)
1457 struct secpolicy *sp;
1458{
1459
1460 /* sanity check */
1461 if (sp == NULL)
1462 panic("key_delsp: NULL pointer is passed.\n");
1463
1464 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1465 sp->state = IPSEC_SPSTATE_DEAD;
1466
1467 if (sp->refcnt > 0)
1468 return; /* can't free */
1469
1470 /* remove from SP index */
1471 if (__LIST_CHAINED(sp)) {
1472 LIST_REMOVE(sp, chain);
1473 ipsec_policy_count--;
1474 }
1475
1476 {
1477 struct ipsecrequest *isr = sp->req, *nextisr;
1478
1479 while (isr != NULL) {
1480 nextisr = isr->next;
1481 KFREE(isr);
1482 isr = nextisr;
1483 }
1484 }
1485 keydb_delsecpolicy(sp);
1486
1487 return;
1488}
1489
1490/*
1491 * search SPD
1492 * OUT: NULL : not found
1493 * others : found, pointer to a SP.
1494 */
1495static struct secpolicy *
1496key_getsp(spidx)
1497 struct secpolicyindex *spidx;
1498{
1499 struct secpolicy *sp;
1500
1501 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1502
1503 /* sanity check */
1504 if (spidx == NULL)
1505 panic("key_getsp: NULL pointer is passed.\n");
1506
1507 LIST_FOREACH(sp, &sptree[spidx->dir], chain) {
1508 if (sp->state == IPSEC_SPSTATE_DEAD)
1509 continue;
1510 if (key_cmpspidx_exactly(spidx, &sp->spidx)) {
1511 sp->refcnt++;
1512 return sp;
1513 }
1514 }
1515
1516 return NULL;
1517}
1518
1519/*
1520 * get SP by index.
1521 * OUT: NULL : not found
1522 * others : found, pointer to a SP.
1523 */
1524static struct secpolicy *
1525key_getspbyid(id)
1526 u_int32_t id;
1527{
1528 struct secpolicy *sp;
1529
1530 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1531
1532 LIST_FOREACH(sp, &sptree[IPSEC_DIR_INBOUND], chain) {
1533 if (sp->state == IPSEC_SPSTATE_DEAD)
1534 continue;
1535 if (sp->id == id) {
1536 sp->refcnt++;
1537 return sp;
1538 }
1539 }
1540
1541 LIST_FOREACH(sp, &sptree[IPSEC_DIR_OUTBOUND], chain) {
1542 if (sp->state == IPSEC_SPSTATE_DEAD)
1543 continue;
1544 if (sp->id == id) {
1545 sp->refcnt++;
1546 return sp;
1547 }
1548 }
1549
1550 return NULL;
1551}
1552
1553struct secpolicy *
1554key_newsp()
1555{
1556 struct secpolicy *newsp = NULL;
1557
1558 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
1559 newsp = keydb_newsecpolicy();
1560 if (!newsp)
1561 return newsp;
1562
1563 newsp->refcnt = 1;
1564 newsp->req = NULL;
1565
1566 return newsp;
1567}
1568
1569/*
1570 * create secpolicy structure from sadb_x_policy structure.
1571 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1572 * so must be set properly later.
1573 */
1574struct secpolicy *
1575key_msg2sp(xpl0, len, error)
1576 struct sadb_x_policy *xpl0;
1577 size_t len;
1578 int *error;
1579{
1580 struct secpolicy *newsp;
1581
1582 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
1583
1584 /* sanity check */
1585 if (xpl0 == NULL)
1586 panic("key_msg2sp: NULL pointer was passed.\n");
1587 if (len < sizeof(*xpl0))
1588 panic("key_msg2sp: invalid length.\n");
1589 if (len != PFKEY_EXTLEN(xpl0)) {
1590 ipseclog((LOG_DEBUG, "key_msg2sp: Invalid msg length.\n"));
1591 *error = EINVAL;
1592 return NULL;
1593 }
1594
1595 if ((newsp = key_newsp()) == NULL) {
1596 *error = ENOBUFS;
1597 return NULL;
1598 }
1599
1600 newsp->spidx.dir = xpl0->sadb_x_policy_dir;
1601 newsp->policy = xpl0->sadb_x_policy_type;
1602
1603 /* check policy */
1604 switch (xpl0->sadb_x_policy_type) {
1605 case IPSEC_POLICY_DISCARD:
1606 case IPSEC_POLICY_GENERATE:
1607 case IPSEC_POLICY_NONE:
1608 case IPSEC_POLICY_ENTRUST:
1609 case IPSEC_POLICY_BYPASS:
1610 newsp->req = NULL;
1611 break;
1612
1613 case IPSEC_POLICY_IPSEC:
1614 {
1615 int tlen;
1616 struct sadb_x_ipsecrequest *xisr;
1617 struct ipsecrequest **p_isr = &newsp->req;
1618
1619 /* validity check */
1620 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
1621 ipseclog((LOG_DEBUG,
1622 "key_msg2sp: Invalid msg length.\n"));
1623 key_freesp(newsp, KEY_SADB_UNLOCKED);
1624 *error = EINVAL;
1625 return NULL;
1626 }
1627
1628 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
1629 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
1630
1631 while (tlen > 0) {
1632
1633 /* length check */
1634 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
1635 ipseclog((LOG_DEBUG, "key_msg2sp: "
1636 "invalid ipsecrequest length.\n"));
1637 key_freesp(newsp, KEY_SADB_UNLOCKED);
1638 *error = EINVAL;
1639 return NULL;
1640 }
1641
1642 /* allocate request buffer */
1643 KMALLOC_WAIT(*p_isr, struct ipsecrequest *, sizeof(**p_isr));
1644 if ((*p_isr) == NULL) {
1645 ipseclog((LOG_DEBUG,
1646 "key_msg2sp: No more memory.\n"));
1647 key_freesp(newsp, KEY_SADB_UNLOCKED);
1648 *error = ENOBUFS;
1649 return NULL;
1650 }
1651 bzero(*p_isr, sizeof(**p_isr));
1652
1653 /* set values */
1654 (*p_isr)->next = NULL;
1655
1656 switch (xisr->sadb_x_ipsecrequest_proto) {
1657 case IPPROTO_ESP:
1658 case IPPROTO_AH:
1659 case IPPROTO_IPCOMP:
1660 break;
1661 default:
1662 ipseclog((LOG_DEBUG,
1663 "key_msg2sp: invalid proto type=%u\n",
1664 xisr->sadb_x_ipsecrequest_proto));
1665 key_freesp(newsp, KEY_SADB_UNLOCKED);
1666 *error = EPROTONOSUPPORT;
1667 return NULL;
1668 }
1669 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
1670
1671 switch (xisr->sadb_x_ipsecrequest_mode) {
1672 case IPSEC_MODE_TRANSPORT:
1673 case IPSEC_MODE_TUNNEL:
1674 break;
1675 case IPSEC_MODE_ANY:
1676 default:
1677 ipseclog((LOG_DEBUG,
1678 "key_msg2sp: invalid mode=%u\n",
1679 xisr->sadb_x_ipsecrequest_mode));
1680 key_freesp(newsp, KEY_SADB_UNLOCKED);
1681 *error = EINVAL;
1682 return NULL;
1683 }
1684 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
1685
1686 switch (xisr->sadb_x_ipsecrequest_level) {
1687 case IPSEC_LEVEL_DEFAULT:
1688 case IPSEC_LEVEL_USE:
1689 case IPSEC_LEVEL_REQUIRE:
1690 break;
1691 case IPSEC_LEVEL_UNIQUE:
1692 /* validity check */
1693 /*
1694 * If range violation of reqid, kernel will
1695 * update it, don't refuse it.
1696 */
1697 if (xisr->sadb_x_ipsecrequest_reqid
1698 > IPSEC_MANUAL_REQID_MAX) {
1699 ipseclog((LOG_DEBUG,
1700 "key_msg2sp: reqid=%d range "
1701 "violation, updated by kernel.\n",
1702 xisr->sadb_x_ipsecrequest_reqid));
1703 xisr->sadb_x_ipsecrequest_reqid = 0;
1704 }
1705
1706 /* allocate new reqid id if reqid is zero. */
1707 if (xisr->sadb_x_ipsecrequest_reqid == 0) {
1708 u_int32_t reqid;
1709 if ((reqid = key_newreqid()) == 0) {
1710 key_freesp(newsp, KEY_SADB_UNLOCKED);
1711 *error = ENOBUFS;
1712 return NULL;
1713 }
1714 (*p_isr)->saidx.reqid = reqid;
1715 xisr->sadb_x_ipsecrequest_reqid = reqid;
1716 } else {
1717 /* set it for manual keying. */
1718 (*p_isr)->saidx.reqid =
1719 xisr->sadb_x_ipsecrequest_reqid;
1720 }
1721 break;
1722
1723 default:
1724 ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n",
1725 xisr->sadb_x_ipsecrequest_level));
1726 key_freesp(newsp, KEY_SADB_UNLOCKED);
1727 *error = EINVAL;
1728 return NULL;
1729 }
1730 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
1731
1732 /* set IP addresses if there */
1733 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
1734 struct sockaddr *paddr;
1735
1736 paddr = (struct sockaddr *)(xisr + 1);
1737
1738 /* validity check */
1739 if (paddr->sa_len
1740 > sizeof((*p_isr)->saidx.src)) {
1741 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1742 "address length.\n"));
1743 key_freesp(newsp, KEY_SADB_UNLOCKED);
1744 *error = EINVAL;
1745 return NULL;
1746 }
1747 bcopy(paddr, &(*p_isr)->saidx.src,
1748 paddr->sa_len);
1749
1750 paddr = (struct sockaddr *)((caddr_t)paddr
1751 + paddr->sa_len);
1752
1753 /* validity check */
1754 if (paddr->sa_len
1755 > sizeof((*p_isr)->saidx.dst)) {
1756 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1757 "address length.\n"));
1758 key_freesp(newsp, KEY_SADB_UNLOCKED);
1759 *error = EINVAL;
1760 return NULL;
1761 }
1762 bcopy(paddr, &(*p_isr)->saidx.dst,
1763 paddr->sa_len);
1764 }
1765
1766 (*p_isr)->sp = newsp;
1767
1768 /* initialization for the next. */
1769 p_isr = &(*p_isr)->next;
1770 tlen -= xisr->sadb_x_ipsecrequest_len;
1771
1772 /* validity check */
1773 if (tlen < 0) {
1774 ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n"));
1775 key_freesp(newsp, KEY_SADB_UNLOCKED);
1776 *error = EINVAL;
1777 return NULL;
1778 }
1779
1780 xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
1781 + xisr->sadb_x_ipsecrequest_len);
1782 }
1783 }
1784 break;
1785 default:
1786 ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n"));
1787 key_freesp(newsp, KEY_SADB_UNLOCKED);
1788 *error = EINVAL;
1789 return NULL;
1790 }
1791
1792 *error = 0;
1793 return newsp;
1794}
1795
1796static u_int32_t
1797key_newreqid()
1798{
1799 lck_mtx_lock(sadb_mutex);
1800 static u_int32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
1801
1802 auto_reqid = (auto_reqid == ~0
1803 ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
1804 lck_mtx_unlock(sadb_mutex);
1805
1806 /* XXX should be unique check */
1807
1808 return auto_reqid;
1809}
1810
1811/*
1812 * copy secpolicy struct to sadb_x_policy structure indicated.
1813 */
1814struct mbuf *
1815key_sp2msg(sp)
1816 struct secpolicy *sp;
1817{
1818 struct sadb_x_policy *xpl;
1819 int tlen;
1820 caddr_t p;
1821 struct mbuf *m;
1822
1823 /* sanity check. */
1824 if (sp == NULL)
1825 panic("key_sp2msg: NULL pointer was passed.\n");
1826
1827 tlen = key_getspreqmsglen(sp);
1828
1829 m = key_alloc_mbuf(tlen);
1830 if (!m || m->m_next) { /*XXX*/
1831 if (m)
1832 m_freem(m);
1833 return NULL;
1834 }
1835
1836 m->m_len = tlen;
1837 m->m_next = NULL;
1838 xpl = mtod(m, struct sadb_x_policy *);
1839 bzero(xpl, tlen);
1840
1841 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
1842 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
1843 xpl->sadb_x_policy_type = sp->policy;
1844 xpl->sadb_x_policy_dir = sp->spidx.dir;
1845 xpl->sadb_x_policy_id = sp->id;
1846 p = (caddr_t)xpl + sizeof(*xpl);
1847
1848 /* if is the policy for ipsec ? */
1849 if (sp->policy == IPSEC_POLICY_IPSEC) {
1850 struct sadb_x_ipsecrequest *xisr;
1851 struct ipsecrequest *isr;
1852
1853 for (isr = sp->req; isr != NULL; isr = isr->next) {
1854
1855 xisr = (struct sadb_x_ipsecrequest *)p;
1856
1857 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
1858 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
1859 xisr->sadb_x_ipsecrequest_level = isr->level;
1860 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
1861
1862 p += sizeof(*xisr);
1863 bcopy(&isr->saidx.src, p, isr->saidx.src.ss_len);
1864 p += isr->saidx.src.ss_len;
1865 bcopy(&isr->saidx.dst, p, isr->saidx.dst.ss_len);
1866 p += isr->saidx.src.ss_len;
1867
1868 xisr->sadb_x_ipsecrequest_len =
1869 PFKEY_ALIGN8(sizeof(*xisr)
1870 + isr->saidx.src.ss_len
1871 + isr->saidx.dst.ss_len);
1872 }
1873 }
1874
1875 return m;
1876}
1877
1878/* m will not be freed nor modified */
1879static struct mbuf *
1880key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
1881 int ndeep, int nitem, int *items)
1882{
1883 int idx;
1884 int i;
1885 struct mbuf *result = NULL, *n;
1886 int len;
1887
1888 if (m == NULL || mhp == NULL)
1889 panic("null pointer passed to key_gather");
1890
1891 for (i = 0; i < nitem; i++) {
1892 idx = items[i];
1893 if (idx < 0 || idx > SADB_EXT_MAX)
1894 goto fail;
1895 /* don't attempt to pull empty extension */
1896 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
1897 continue;
1898 if (idx != SADB_EXT_RESERVED &&
1899 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
1900 continue;
1901
1902 if (idx == SADB_EXT_RESERVED) {
1903 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
1904#if DIAGNOSTIC
1905 if (len > MHLEN)
1906 panic("assumption failed");
1907#endif
1908 MGETHDR(n, M_DONTWAIT, MT_DATA);
1909 if (!n)
1910 goto fail;
1911 n->m_len = len;
1912 n->m_next = NULL;
1913 m_copydata(m, 0, sizeof(struct sadb_msg),
1914 mtod(n, caddr_t));
1915 } else if (i < ndeep) {
1916 len = mhp->extlen[idx];
1917 n = key_alloc_mbuf(len);
1918 if (!n || n->m_next) { /*XXX*/
1919 if (n)
1920 m_freem(n);
1921 goto fail;
1922 }
1923 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
1924 mtod(n, caddr_t));
1925 } else {
1926 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
1927 M_DONTWAIT);
1928 }
1929 if (n == NULL)
1930 goto fail;
1931
1932 if (result)
1933 m_cat(result, n);
1934 else
1935 result = n;
1936 }
1937
1938 if ((result->m_flags & M_PKTHDR) != 0) {
1939 result->m_pkthdr.len = 0;
1940 for (n = result; n; n = n->m_next)
1941 result->m_pkthdr.len += n->m_len;
1942 }
1943
1944 return result;
1945
1946fail:
1947 m_freem(result);
1948 return NULL;
1949}
1950
1951/*
1952 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
1953 * add a entry to SP database, when received
1954 * <base, address(SD), (lifetime(H),) policy>
1955 * from the user(?).
1956 * Adding to SP database,
1957 * and send
1958 * <base, address(SD), (lifetime(H),) policy>
1959 * to the socket which was send.
1960 *
1961 * SPDADD set a unique policy entry.
1962 * SPDSETIDX like SPDADD without a part of policy requests.
1963 * SPDUPDATE replace a unique policy entry.
1964 *
1965 * m will always be freed.
1966 */
1967static int
1968key_spdadd(so, m, mhp)
1969 struct socket *so;
1970 struct mbuf *m;
1971 const struct sadb_msghdr *mhp;
1972{
1973 struct sadb_address *src0, *dst0;
1974 struct sadb_x_policy *xpl0, *xpl;
1975 struct sadb_lifetime *lft = NULL;
1976 struct secpolicyindex spidx;
1977 struct secpolicy *newsp;
1978 struct timeval tv;
1979 int error;
1980
1981 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
1982
1983 /* sanity check */
1984 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
1985 panic("key_spdadd: NULL pointer is passed.\n");
1986
1987 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
1988 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
1989 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
1990 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1991 return key_senderror(so, m, EINVAL);
1992 }
1993 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
1994 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
1995 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
1996 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
1997 return key_senderror(so, m, EINVAL);
1998 }
1999 if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
2000 if (mhp->extlen[SADB_EXT_LIFETIME_HARD]
2001 < sizeof(struct sadb_lifetime)) {
2002 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
2003 return key_senderror(so, m, EINVAL);
2004 }
2005 lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
2006 }
2007
2008 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
2009 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
2010 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
2011
2012 /* make secindex */
2013 /* XXX boundary check against sa_len */
2014 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
2015 src0 + 1,
2016 dst0 + 1,
2017 src0->sadb_address_prefixlen,
2018 dst0->sadb_address_prefixlen,
2019 src0->sadb_address_proto,
2020 &spidx);
2021
2022 /* checking the direciton. */
2023 switch (xpl0->sadb_x_policy_dir) {
2024 case IPSEC_DIR_INBOUND:
2025 case IPSEC_DIR_OUTBOUND:
2026 break;
2027 default:
2028 ipseclog((LOG_DEBUG, "key_spdadd: Invalid SP direction.\n"));
2029 mhp->msg->sadb_msg_errno = EINVAL;
2030 return 0;
2031 }
2032
2033 /* check policy */
2034 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
2035 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST
2036 || xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
2037 ipseclog((LOG_DEBUG, "key_spdadd: Invalid policy type.\n"));
2038 return key_senderror(so, m, EINVAL);
2039 }
2040
2041 /* policy requests are mandatory when action is ipsec. */
2042 if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX
2043 && xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC
2044 && mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
2045 ipseclog((LOG_DEBUG, "key_spdadd: some policy requests part required.\n"));
2046 return key_senderror(so, m, EINVAL);
2047 }
2048
2049 /*
2050 * checking there is SP already or not.
2051 * SPDUPDATE doesn't depend on whether there is a SP or not.
2052 * If the type is either SPDADD or SPDSETIDX AND a SP is found,
2053 * then error.
2054 */
2055 lck_mtx_lock(sadb_mutex);
2056 newsp = key_getsp(&spidx);
2057 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
2058 if (newsp) {
2059 newsp->state = IPSEC_SPSTATE_DEAD;
2060 key_freesp(newsp, KEY_SADB_LOCKED);
2061 }
2062 } else {
2063 if (newsp != NULL) {
2064 key_freesp(newsp, KEY_SADB_LOCKED);
2065 ipseclog((LOG_DEBUG, "key_spdadd: a SP entry exists already.\n"));
2066 lck_mtx_unlock(sadb_mutex);
2067 return key_senderror(so, m, EEXIST);
2068 }
2069 }
2070 lck_mtx_unlock(sadb_mutex);
2071 /* allocation new SP entry */
2072 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
2073 return key_senderror(so, m, error);
2074 }
2075
2076 if ((newsp->id = key_getnewspid()) == 0) {
2077 keydb_delsecpolicy(newsp);
2078 return key_senderror(so, m, ENOBUFS);
2079 }
2080
2081 /* XXX boundary check against sa_len */
2082 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
2083 src0 + 1,
2084 dst0 + 1,
2085 src0->sadb_address_prefixlen,
2086 dst0->sadb_address_prefixlen,
2087 src0->sadb_address_proto,
2088 &newsp->spidx);
2089
2090 /* sanity check on addr pair */
2091 if (((struct sockaddr *)(src0 + 1))->sa_family !=
2092 ((struct sockaddr *)(dst0+ 1))->sa_family) {
2093 keydb_delsecpolicy(newsp);
2094 return key_senderror(so, m, EINVAL);
2095 }
2096 if (((struct sockaddr *)(src0 + 1))->sa_len !=
2097 ((struct sockaddr *)(dst0+ 1))->sa_len) {
2098 keydb_delsecpolicy(newsp);
2099 return key_senderror(so, m, EINVAL);
2100 }
2101#if 1
2102 /*
2103 * allow IPv6 over IPv4 tunnels using ESP -
2104 * otherwise reject if inner and outer address families not equal
2105 */
2106 if (newsp->req && newsp->req->saidx.src.ss_family) {
2107 struct sockaddr *sa;
2108 sa = (struct sockaddr *)(src0 + 1);
2109 if (sa->sa_family != newsp->req->saidx.src.ss_family) {
2110 if (newsp->req->saidx.mode != IPSEC_MODE_TUNNEL || newsp->req->saidx.proto != IPPROTO_ESP
2111 || sa->sa_family != AF_INET6 || newsp->req->saidx.src.ss_family != AF_INET) {
2112 keydb_delsecpolicy(newsp);
2113 return key_senderror(so, m, EINVAL);
2114 }
2115 }
2116 }
2117 if (newsp->req && newsp->req->saidx.dst.ss_family) {
2118 struct sockaddr *sa;
2119 sa = (struct sockaddr *)(dst0 + 1);
2120 if (sa->sa_family != newsp->req->saidx.dst.ss_family) {
2121 if (newsp->req->saidx.mode != IPSEC_MODE_TUNNEL || newsp->req->saidx.proto != IPPROTO_ESP
2122 || sa->sa_family != AF_INET6 || newsp->req->saidx.dst.ss_family != AF_INET) {
2123 keydb_delsecpolicy(newsp);
2124 return key_senderror(so, m, EINVAL);
2125 }
2126 }
2127 }
2128#endif
2129
2130 microtime(&tv);
2131 newsp->created = tv.tv_sec;
2132 newsp->lastused = tv.tv_sec;
2133 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
2134 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
2135
2136 newsp->refcnt = 1; /* do not reclaim until I say I do */
2137 newsp->state = IPSEC_SPSTATE_ALIVE;
2138 lck_mtx_lock(sadb_mutex);
2139 /*
2140 * policies of type generate should be at the end of the SPD
2141 * because they function as default discard policies
2142 */
2143 if (newsp->policy == IPSEC_POLICY_GENERATE)
2144 LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain);
2145 else { /* XXX until we have policy ordering in the kernel */
2146 struct secpolicy *tmpsp;
2147
2148 LIST_FOREACH(tmpsp, &sptree[newsp->spidx.dir], chain)
2149 if (tmpsp->policy == IPSEC_POLICY_GENERATE)
2150 break;
2151 if (tmpsp)
2152 LIST_INSERT_BEFORE(tmpsp, newsp, chain);
2153 else
2154 LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain);
2155 }
2156
2157 ipsec_policy_count++;
2158 /* Turn off the ipsec bypass */
2159 if (ipsec_bypass != 0)
2160 ipsec_bypass = 0;
2161
2162 /* delete the entry in spacqtree */
2163 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
2164 struct secspacq *spacq;
2165 if ((spacq = key_getspacq(&spidx)) != NULL) {
2166 /* reset counter in order to deletion by timehandler. */
2167 microtime(&tv);
2168 spacq->created = tv.tv_sec;
2169 spacq->count = 0;
2170 }
2171 }
2172 lck_mtx_unlock(sadb_mutex);
2173
2174 {
2175 struct mbuf *n, *mpolicy;
2176 struct sadb_msg *newmsg;
2177 int off;
2178
2179 /* create new sadb_msg to reply. */
2180 if (lft) {
2181 int mbufItems[] = {SADB_EXT_RESERVED, SADB_X_EXT_POLICY,
2182 SADB_EXT_LIFETIME_HARD, SADB_EXT_ADDRESS_SRC,
2183 SADB_EXT_ADDRESS_DST};
2184 n = key_gather_mbuf(m, mhp, 2, sizeof(mbufItems)/sizeof(int), mbufItems);
2185 } else {
2186 int mbufItems[] = {SADB_EXT_RESERVED, SADB_X_EXT_POLICY,
2187 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST};
2188 n = key_gather_mbuf(m, mhp, 2, sizeof(mbufItems)/sizeof(int), mbufItems);
2189 }
2190 if (!n)
2191 return key_senderror(so, m, ENOBUFS);
2192
2193 if (n->m_len < sizeof(*newmsg)) {
2194 n = m_pullup(n, sizeof(*newmsg));
2195 if (!n)
2196 return key_senderror(so, m, ENOBUFS);
2197 }
2198 newmsg = mtod(n, struct sadb_msg *);
2199 newmsg->sadb_msg_errno = 0;
2200 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2201
2202 off = 0;
2203 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
2204 sizeof(*xpl), &off);
2205 if (mpolicy == NULL) {
2206 /* n is already freed */
2207 return key_senderror(so, m, ENOBUFS);
2208 }
2209 xpl = (struct sadb_x_policy *)(mtod(mpolicy, caddr_t) + off);
2210 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
2211 m_freem(n);
2212 return key_senderror(so, m, EINVAL);
2213 }
2214 xpl->sadb_x_policy_id = newsp->id;
2215
2216 m_freem(m);
2217 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2218 }
2219}
2220
2221/*
2222 * get new policy id.
2223 * OUT:
2224 * 0: failure.
2225 * others: success.
2226 */
2227static u_int32_t
2228key_getnewspid()
2229{
2230 u_int32_t newid = 0;
2231 int count = key_spi_trycnt; /* XXX */
2232 struct secpolicy *sp;
2233
2234 /* when requesting to allocate spi ranged */
2235 lck_mtx_lock(sadb_mutex);
2236 while (count--) {
2237 newid = (policy_id = (policy_id == ~0 ? 1 : policy_id + 1));
2238
2239 if ((sp = key_getspbyid(newid)) == NULL)
2240 break;
2241
2242 key_freesp(sp, KEY_SADB_LOCKED);
2243 }
2244 lck_mtx_unlock(sadb_mutex);
2245 if (count == 0 || newid == 0) {
2246 ipseclog((LOG_DEBUG, "key_getnewspid: to allocate policy id is failed.\n"));
2247 return 0;
2248 }
2249
2250 return newid;
2251}
2252
2253/*
2254 * SADB_SPDDELETE processing
2255 * receive
2256 * <base, address(SD), policy(*)>
2257 * from the user(?), and set SADB_SASTATE_DEAD,
2258 * and send,
2259 * <base, address(SD), policy(*)>
2260 * to the ikmpd.
2261 * policy(*) including direction of policy.
2262 *
2263 * m will always be freed.
2264 */
2265static int
2266key_spddelete(so, m, mhp)
2267 struct socket *so;
2268 struct mbuf *m;
2269 const struct sadb_msghdr *mhp;
2270{
2271 struct sadb_address *src0, *dst0;
2272 struct sadb_x_policy *xpl0;
2273 struct secpolicyindex spidx;
2274 struct secpolicy *sp;
2275
2276 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2277
2278 /* sanity check */
2279 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2280 panic("key_spddelete: NULL pointer is passed.\n");
2281
2282 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
2283 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
2284 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
2285 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
2286 return key_senderror(so, m, EINVAL);
2287 }
2288 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
2289 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
2290 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2291 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
2292 return key_senderror(so, m, EINVAL);
2293 }
2294
2295 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
2296 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
2297 xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
2298
2299 /* make secindex */
2300 /* XXX boundary check against sa_len */
2301 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
2302 src0 + 1,
2303 dst0 + 1,
2304 src0->sadb_address_prefixlen,
2305 dst0->sadb_address_prefixlen,
2306 src0->sadb_address_proto,
2307 &spidx);
2308
2309 /* checking the direciton. */
2310 switch (xpl0->sadb_x_policy_dir) {
2311 case IPSEC_DIR_INBOUND:
2312 case IPSEC_DIR_OUTBOUND:
2313 break;
2314 default:
2315 ipseclog((LOG_DEBUG, "key_spddelete: Invalid SP direction.\n"));
2316 return key_senderror(so, m, EINVAL);
2317 }
2318
2319 /* Is there SP in SPD ? */
2320 lck_mtx_lock(sadb_mutex);
2321 if ((sp = key_getsp(&spidx)) == NULL) {
2322 ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n"));
2323 lck_mtx_unlock(sadb_mutex);
2324 return key_senderror(so, m, EINVAL);
2325 }
2326
2327 /* save policy id to buffer to be returned. */
2328 xpl0->sadb_x_policy_id = sp->id;
2329
2330 sp->state = IPSEC_SPSTATE_DEAD;
2331 key_freesp(sp, KEY_SADB_LOCKED);
2332 lck_mtx_unlock(sadb_mutex);
2333
2334
2335 {
2336 struct mbuf *n;
2337 struct sadb_msg *newmsg;
2338 int mbufItems[] = {SADB_EXT_RESERVED, SADB_X_EXT_POLICY,
2339 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST};
2340
2341 /* create new sadb_msg to reply. */
2342 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
2343 if (!n)
2344 return key_senderror(so, m, ENOBUFS);
2345
2346 newmsg = mtod(n, struct sadb_msg *);
2347 newmsg->sadb_msg_errno = 0;
2348 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2349
2350 m_freem(m);
2351 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2352 }
2353}
2354
2355/*
2356 * SADB_SPDDELETE2 processing
2357 * receive
2358 * <base, policy(*)>
2359 * from the user(?), and set SADB_SASTATE_DEAD,
2360 * and send,
2361 * <base, policy(*)>
2362 * to the ikmpd.
2363 * policy(*) including direction of policy.
2364 *
2365 * m will always be freed.
2366 */
2367static int
2368key_spddelete2(so, m, mhp)
2369 struct socket *so;
2370 struct mbuf *m;
2371 const struct sadb_msghdr *mhp;
2372{
2373 u_int32_t id;
2374 struct secpolicy *sp;
2375
2376 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2377
2378 /* sanity check */
2379 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2380 panic("key_spddelete2: NULL pointer is passed.\n");
2381
2382 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2383 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2384 ipseclog((LOG_DEBUG, "key_spddelete2: invalid message is passed.\n"));
2385 key_senderror(so, m, EINVAL);
2386 return 0;
2387 }
2388
2389 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2390
2391 /* Is there SP in SPD ? */
2392 lck_mtx_lock(sadb_mutex);
2393 if ((sp = key_getspbyid(id)) == NULL) {
2394 lck_mtx_unlock(sadb_mutex);
2395 ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n", id));
2396 return key_senderror(so, m, EINVAL);
2397 }
2398
2399 sp->state = IPSEC_SPSTATE_DEAD;
2400 key_freesp(sp, KEY_SADB_LOCKED);
2401 lck_mtx_unlock(sadb_mutex);
2402
2403 {
2404 struct mbuf *n, *nn;
2405 struct sadb_msg *newmsg;
2406 int off, len;
2407
2408 /* create new sadb_msg to reply. */
2409 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2410
2411 if (len > MCLBYTES)
2412 return key_senderror(so, m, ENOBUFS);
2413 MGETHDR(n, M_DONTWAIT, MT_DATA);
2414 if (n && len > MHLEN) {
2415 MCLGET(n, M_DONTWAIT);
2416 if ((n->m_flags & M_EXT) == 0) {
2417 m_freem(n);
2418 n = NULL;
2419 }
2420 }
2421 if (!n)
2422 return key_senderror(so, m, ENOBUFS);
2423
2424 n->m_len = len;
2425 n->m_next = NULL;
2426 off = 0;
2427
2428 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
2429 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
2430
2431#if DIAGNOSTIC
2432 if (off != len)
2433 panic("length inconsistency in key_spddelete2");
2434#endif
2435
2436 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
2437 mhp->extlen[SADB_X_EXT_POLICY], M_DONTWAIT);
2438 if (!n->m_next) {
2439 m_freem(n);
2440 return key_senderror(so, m, ENOBUFS);
2441 }
2442
2443 n->m_pkthdr.len = 0;
2444 for (nn = n; nn; nn = nn->m_next)
2445 n->m_pkthdr.len += nn->m_len;
2446
2447 newmsg = mtod(n, struct sadb_msg *);
2448 newmsg->sadb_msg_errno = 0;
2449 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2450
2451 m_freem(m);
2452 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2453 }
2454}
2455
2456/*
2457 * SADB_X_GET processing
2458 * receive
2459 * <base, policy(*)>
2460 * from the user(?),
2461 * and send,
2462 * <base, address(SD), policy>
2463 * to the ikmpd.
2464 * policy(*) including direction of policy.
2465 *
2466 * m will always be freed.
2467 */
2468static int
2469key_spdget(so, m, mhp)
2470 struct socket *so;
2471 struct mbuf *m;
2472 const struct sadb_msghdr *mhp;
2473{
2474 u_int32_t id;
2475 struct secpolicy *sp;
2476 struct mbuf *n;
2477
2478 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2479
2480 /* sanity check */
2481 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2482 panic("key_spdget: NULL pointer is passed.\n");
2483
2484 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2485 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2486 ipseclog((LOG_DEBUG, "key_spdget: invalid message is passed.\n"));
2487 return key_senderror(so, m, EINVAL);
2488 }
2489
2490 id = ((struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2491
2492 /* Is there SP in SPD ? */
2493 lck_mtx_lock(sadb_mutex);
2494 if ((sp = key_getspbyid(id)) == NULL) {
2495 ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n", id));
2496 lck_mtx_unlock(sadb_mutex);
2497 return key_senderror(so, m, ENOENT);
2498 }
2499 lck_mtx_unlock(sadb_mutex);
2500 n = key_setdumpsp(sp, SADB_X_SPDGET, 0, mhp->msg->sadb_msg_pid);
2501 if (n != NULL) {
2502 m_freem(m);
2503 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2504 } else
2505 return key_senderror(so, m, ENOBUFS);
2506}
2507
2508/*
2509 * SADB_X_SPDACQUIRE processing.
2510 * Acquire policy and SA(s) for a *OUTBOUND* packet.
2511 * send
2512 * <base, policy(*)>
2513 * to KMD, and expect to receive
2514 * <base> with SADB_X_SPDACQUIRE if error occurred,
2515 * or
2516 * <base, policy>
2517 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
2518 * policy(*) is without policy requests.
2519 *
2520 * 0 : succeed
2521 * others: error number
2522 */
2523int
2524key_spdacquire(sp)
2525 struct secpolicy *sp;
2526{
2527 struct mbuf *result = NULL, *m;
2528 struct secspacq *newspacq;
2529 int error;
2530
2531 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2532
2533 /* sanity check */
2534 if (sp == NULL)
2535 panic("key_spdacquire: NULL pointer is passed.\n");
2536 if (sp->req != NULL)
2537 panic("key_spdacquire: called but there is request.\n");
2538 if (sp->policy != IPSEC_POLICY_IPSEC)
2539 panic("key_spdacquire: policy mismathed. IPsec is expected.\n");
2540
2541 /* get a entry to check whether sent message or not. */
2542 lck_mtx_lock(sadb_mutex);
2543 if ((newspacq = key_getspacq(&sp->spidx)) != NULL) {
2544 if (key_blockacq_count < newspacq->count) {
2545 /* reset counter and do send message. */
2546 newspacq->count = 0;
2547 } else {
2548 /* increment counter and do nothing. */
2549 newspacq->count++;
2550 lck_mtx_unlock(sadb_mutex);
2551 return 0;
2552 }
2553 } else {
2554 /* make new entry for blocking to send SADB_ACQUIRE. */
2555 if ((newspacq = key_newspacq(&sp->spidx)) == NULL) {
2556 lck_mtx_unlock(sadb_mutex);
2557 return ENOBUFS;
2558 }
2559 /* add to acqtree */
2560 LIST_INSERT_HEAD(&spacqtree, newspacq, chain);
2561 }
2562 lck_mtx_unlock(sadb_mutex);
2563 /* create new sadb_msg to reply. */
2564 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
2565 if (!m) {
2566 error = ENOBUFS;
2567 goto fail;
2568 }
2569 result = m;
2570
2571 result->m_pkthdr.len = 0;
2572 for (m = result; m; m = m->m_next)
2573 result->m_pkthdr.len += m->m_len;
2574
2575 mtod(result, struct sadb_msg *)->sadb_msg_len =
2576 PFKEY_UNIT64(result->m_pkthdr.len);
2577
2578 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED);
2579
2580fail:
2581 if (result)
2582 m_freem(result);
2583 return error;
2584}
2585
2586/*
2587 * SADB_SPDFLUSH processing
2588 * receive
2589 * <base>
2590 * from the user, and free all entries in secpctree.
2591 * and send,
2592 * <base>
2593 * to the user.
2594 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
2595 *
2596 * m will always be freed.
2597 */
2598static int
2599key_spdflush(so, m, mhp)
2600 struct socket *so;
2601 struct mbuf *m;
2602 const struct sadb_msghdr *mhp;
2603{
2604 struct sadb_msg *newmsg;
2605 struct secpolicy *sp;
2606 u_int dir;
2607
2608 /* sanity check */
2609 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2610 panic("key_spdflush: NULL pointer is passed.\n");
2611
2612 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
2613 return key_senderror(so, m, EINVAL);
2614
2615 lck_mtx_lock(sadb_mutex);
2616 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2617 LIST_FOREACH(sp, &sptree[dir], chain) {
2618 sp->state = IPSEC_SPSTATE_DEAD;
2619 }
2620 }
2621 lck_mtx_unlock(sadb_mutex);
2622
2623 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
2624 ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n"));
2625 return key_senderror(so, m, ENOBUFS);
2626 }
2627
2628 if (m->m_next)
2629 m_freem(m->m_next);
2630 m->m_next = NULL;
2631 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2632 newmsg = mtod(m, struct sadb_msg *);
2633 newmsg->sadb_msg_errno = 0;
2634 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
2635
2636 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
2637}
2638
2639/*
2640 * SADB_SPDDUMP processing
2641 * receive
2642 * <base>
2643 * from the user, and dump all SP leaves
2644 * and send,
2645 * <base> .....
2646 * to the ikmpd.
2647 *
2648 * m will always be freed.
2649 */
2650
2651static int
2652key_spddump(so, m, mhp)
2653 struct socket *so;
2654 struct mbuf *m;
2655 const struct sadb_msghdr *mhp;
2656{
2657 struct secpolicy *sp, **spbuf = NULL, **sp_ptr;
2658 int cnt = 0, bufcount;
2659 u_int dir;
2660 struct mbuf *n;
2661 int error = 0;
2662
2663 /* sanity check */
2664 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2665 panic("key_spddump: NULL pointer is passed.\n");
2666
2667 if ((bufcount = ipsec_policy_count) == 0) {
2668 error = ENOENT;
2669 goto end;
2670 }
2671 bufcount += 256; /* extra */
2672 KMALLOC_WAIT(spbuf, struct secpolicy**, bufcount * sizeof(struct secpolicy*));
2673 if (spbuf == NULL) {
2674 ipseclog((LOG_DEBUG, "key_spddump: No more memory.\n"));
2675 error = ENOMEM;
2676 goto end;
2677 }
2678 lck_mtx_lock(sadb_mutex);
2679 /* search SPD entry, make list. */
2680 sp_ptr = spbuf;
2681 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2682 LIST_FOREACH(sp, &sptree[dir], chain) {
2683 if (cnt == bufcount)
2684 break; /* buffer full */
2685 *sp_ptr++ = sp;
2686 sp->refcnt++;
2687 cnt++;
2688 }
2689 }
2690 lck_mtx_unlock(sadb_mutex);
2691
2692 if (cnt == 0) {
2693 error = ENOENT;
2694 goto end;
2695 }
2696
2697 sp_ptr = spbuf;
2698 while (cnt) {
2699 --cnt;
2700 n = key_setdumpsp(*sp_ptr++, SADB_X_SPDDUMP, cnt,
2701 mhp->msg->sadb_msg_pid);
2702
2703 if (n)
2704 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2705 }
2706
2707 lck_mtx_lock(sadb_mutex);
2708 while (sp_ptr > spbuf)
2709 key_freesp(*(--sp_ptr), KEY_SADB_LOCKED);
2710 lck_mtx_unlock(sadb_mutex);
2711
2712end:
2713 if (spbuf)
2714 KFREE(spbuf);
2715 if (error)
2716 return key_senderror(so, m, error);
2717
2718 m_freem(m);
2719 return 0;
2720
2721}
2722
2723static struct mbuf *
2724key_setdumpsp(sp, type, seq, pid)
2725 struct secpolicy *sp;
2726 u_int8_t type;
2727 u_int32_t seq, pid;
2728{
2729 struct mbuf *result = NULL, *m;
2730
2731 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
2732 if (!m)
2733 goto fail;
2734 result = m;
2735
2736 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2737 (struct sockaddr *)&sp->spidx.src, sp->spidx.prefs,
2738 sp->spidx.ul_proto);
2739 if (!m)
2740 goto fail;
2741 m_cat(result, m);
2742
2743 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2744 (struct sockaddr *)&sp->spidx.dst, sp->spidx.prefd,
2745 sp->spidx.ul_proto);
2746 if (!m)
2747 goto fail;
2748 m_cat(result, m);
2749
2750 m = key_sp2msg(sp);
2751 if (!m)
2752 goto fail;
2753 m_cat(result, m);
2754
2755 if ((result->m_flags & M_PKTHDR) == 0)
2756 goto fail;
2757
2758 if (result->m_len < sizeof(struct sadb_msg)) {
2759 result = m_pullup(result, sizeof(struct sadb_msg));
2760 if (result == NULL)
2761 goto fail;
2762 }
2763
2764 result->m_pkthdr.len = 0;
2765 for (m = result; m; m = m->m_next)
2766 result->m_pkthdr.len += m->m_len;
2767
2768 mtod(result, struct sadb_msg *)->sadb_msg_len =
2769 PFKEY_UNIT64(result->m_pkthdr.len);
2770
2771 return result;
2772
2773fail:
2774 m_freem(result);
2775 return NULL;
2776}
2777
2778/*
2779 * get PFKEY message length for security policy and request.
2780 */
2781static u_int
2782key_getspreqmsglen(sp)
2783 struct secpolicy *sp;
2784{
2785 u_int tlen;
2786
2787 tlen = sizeof(struct sadb_x_policy);
2788
2789 /* if is the policy for ipsec ? */
2790 if (sp->policy != IPSEC_POLICY_IPSEC)
2791 return tlen;
2792
2793 /* get length of ipsec requests */
2794 {
2795 struct ipsecrequest *isr;
2796 int len;
2797
2798 for (isr = sp->req; isr != NULL; isr = isr->next) {
2799 len = sizeof(struct sadb_x_ipsecrequest)
2800 + isr->saidx.src.ss_len
2801 + isr->saidx.dst.ss_len;
2802
2803 tlen += PFKEY_ALIGN8(len);
2804 }
2805 }
2806
2807 return tlen;
2808}
2809
2810/*
2811 * SADB_SPDEXPIRE processing
2812 * send
2813 * <base, address(SD), lifetime(CH), policy>
2814 * to KMD by PF_KEY.
2815 *
2816 * OUT: 0 : succeed
2817 * others : error number
2818 */
2819static int
2820key_spdexpire(sp)
2821 struct secpolicy *sp;
2822{
2823 struct mbuf *result = NULL, *m;
2824 int len;
2825 int error = -1;
2826 struct sadb_lifetime *lt;
2827
2828 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2829
2830 /* sanity check */
2831 if (sp == NULL)
2832 panic("key_spdexpire: NULL pointer is passed.\n");
2833
2834 /* set msg header */
2835 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
2836 if (!m) {
2837 error = ENOBUFS;
2838 goto fail;
2839 }
2840 result = m;
2841
2842 /* create lifetime extension (current and hard) */
2843 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
2844 m = key_alloc_mbuf(len);
2845 if (!m || m->m_next) { /*XXX*/
2846 if (m)
2847 m_freem(m);
2848 error = ENOBUFS;
2849 goto fail;
2850 }
2851 bzero(mtod(m, caddr_t), len);
2852 lt = mtod(m, struct sadb_lifetime *);
2853 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2854 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
2855 lt->sadb_lifetime_allocations = 0;
2856 lt->sadb_lifetime_bytes = 0;
2857 lt->sadb_lifetime_addtime = sp->created;
2858 lt->sadb_lifetime_usetime = sp->lastused;
2859 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
2860 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
2861 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
2862 lt->sadb_lifetime_allocations = 0;
2863 lt->sadb_lifetime_bytes = 0;
2864 lt->sadb_lifetime_addtime = sp->lifetime;
2865 lt->sadb_lifetime_usetime = sp->validtime;
2866 m_cat(result, m);
2867
2868 /* set sadb_address for source */
2869 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
2870 (struct sockaddr *)&sp->spidx.src,
2871 sp->spidx.prefs, sp->spidx.ul_proto);
2872 if (!m) {
2873 error = ENOBUFS;
2874 goto fail;
2875 }
2876 m_cat(result, m);
2877
2878 /* set sadb_address for destination */
2879 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
2880 (struct sockaddr *)&sp->spidx.dst,
2881 sp->spidx.prefd, sp->spidx.ul_proto);
2882 if (!m) {
2883 error = ENOBUFS;
2884 goto fail;
2885 }
2886 m_cat(result, m);
2887
2888 /* set secpolicy */
2889 m = key_sp2msg(sp);
2890 if (!m) {
2891 error = ENOBUFS;
2892 goto fail;
2893 }
2894 m_cat(result, m);
2895
2896 if ((result->m_flags & M_PKTHDR) == 0) {
2897 error = EINVAL;
2898 goto fail;
2899 }
2900
2901 if (result->m_len < sizeof(struct sadb_msg)) {
2902 result = m_pullup(result, sizeof(struct sadb_msg));
2903 if (result == NULL) {
2904 error = ENOBUFS;
2905 goto fail;
2906 }
2907 }
2908
2909 result->m_pkthdr.len = 0;
2910 for (m = result; m; m = m->m_next)
2911 result->m_pkthdr.len += m->m_len;
2912
2913 mtod(result, struct sadb_msg *)->sadb_msg_len =
2914 PFKEY_UNIT64(result->m_pkthdr.len);
2915
2916 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
2917
2918 fail:
2919 if (result)
2920 m_freem(result);
2921 return error;
2922}
2923
2924/* %%% SAD management */
2925/*
2926 * allocating a memory for new SA head, and copy from the values of mhp.
2927 * OUT: NULL : failure due to the lack of memory.
2928 * others : pointer to new SA head.
2929 */
2930static struct secashead *
2931key_newsah(saidx)
2932 struct secasindex *saidx;
2933{
2934 struct secashead *newsah;
2935
2936 /* sanity check */
2937 if (saidx == NULL)
2938 panic("key_newsaidx: NULL pointer is passed.\n");
2939
2940 newsah = keydb_newsecashead();
2941 if (newsah == NULL)
2942 return NULL;
2943
2944 bcopy(saidx, &newsah->saidx, sizeof(newsah->saidx));
2945
2946 /* remove the ports */
2947 switch (saidx->src.ss_family) {
2948 case AF_INET:
2949 ((struct sockaddr_in *)(&newsah->saidx.src))->sin_port = IPSEC_PORT_ANY;
2950 break;
2951 case AF_INET6:
2952 ((struct sockaddr_in6 *)(&newsah->saidx.src))->sin6_port = IPSEC_PORT_ANY;
2953 break;
2954 default:
2955 break;
2956 }
2957 switch (saidx->dst.ss_family) {
2958 case AF_INET:
2959 ((struct sockaddr_in *)(&newsah->saidx.dst))->sin_port = IPSEC_PORT_ANY;
2960 break;
2961 case AF_INET6:
2962 ((struct sockaddr_in6 *)(&newsah->saidx.dst))->sin6_port = IPSEC_PORT_ANY;
2963 break;
2964 default:
2965 break;
2966 }
2967
2968 /* add to saidxtree */
2969 newsah->state = SADB_SASTATE_MATURE;
2970 LIST_INSERT_HEAD(&sahtree, newsah, chain);
2971
2972 return(newsah);
2973}
2974
2975/*
2976 * delete SA index and all SA registerd.
2977 */
2978static void
2979key_delsah(sah)
2980 struct secashead *sah;
2981{
2982 struct secasvar *sav, *nextsav;
2983 u_int stateidx, state;
2984 int zombie = 0;
2985
2986 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
2987
2988 /* sanity check */
2989 if (sah == NULL)
2990 panic("key_delsah: NULL pointer is passed.\n");
2991
2992 /* searching all SA registerd in the secindex. */
2993 for (stateidx = 0;
2994 stateidx < _ARRAYLEN(saorder_state_any);
2995 stateidx++) {
2996
2997 state = saorder_state_any[stateidx];
2998 for (sav = (struct secasvar *)LIST_FIRST(&sah->savtree[state]);
2999 sav != NULL;
3000 sav = nextsav) {
3001
3002 nextsav = LIST_NEXT(sav, chain);
3003
3004 if (sav->refcnt > 0) {
3005 /* give up to delete this sa */
3006 zombie++;
3007 continue;
3008 }
3009
3010 /* sanity check */
3011 KEY_CHKSASTATE(state, sav->state, "key_delsah");
3012
3013 key_freesav(sav, KEY_SADB_LOCKED);
3014
3015 /* remove back pointer */
3016 sav->sah = NULL;
3017 sav = NULL;
3018 }
3019 }
3020
3021 /* don't delete sah only if there are savs. */
3022 if (zombie)
3023 return;
3024
3025 if (sah->sa_route.ro_rt) {
3026 rtfree(sah->sa_route.ro_rt);
3027 sah->sa_route.ro_rt = (struct rtentry *)NULL;
3028 }
3029
3030 /* remove from tree of SA index */
3031 if (__LIST_CHAINED(sah))
3032 LIST_REMOVE(sah, chain);
3033
3034 KFREE(sah);
3035
3036 return;
3037}
3038
3039/*
3040 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
3041 * and copy the values of mhp into new buffer.
3042 * When SAD message type is GETSPI:
3043 * to set sequence number from acq_seq++,
3044 * to set zero to SPI.
3045 * not to call key_setsava().
3046 * OUT: NULL : fail
3047 * others : pointer to new secasvar.
3048 *
3049 * does not modify mbuf. does not free mbuf on error.
3050 */
3051static struct secasvar *
3052key_newsav(m, mhp, sah, errp)
3053 struct mbuf *m;
3054 const struct sadb_msghdr *mhp;
3055 struct secashead *sah;
3056 int *errp;
3057{
3058 struct secasvar *newsav;
3059 const struct sadb_sa *xsa;
3060
3061 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3062
3063 /* sanity check */
3064 if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL)
3065 panic("key_newsa: NULL pointer is passed.\n");
3066
3067 KMALLOC_NOWAIT(newsav, struct secasvar *, sizeof(struct secasvar));
3068 if (newsav == NULL) {
3069 lck_mtx_unlock(sadb_mutex);
3070 KMALLOC_WAIT(newsav, struct secasvar *, sizeof(struct secasvar));
3071 lck_mtx_lock(sadb_mutex);
3072 if (newsav == NULL) {
3073 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
3074 *errp = ENOBUFS;
3075 return NULL;
3076 }
3077 }
3078 bzero((caddr_t)newsav, sizeof(struct secasvar));
3079
3080 switch (mhp->msg->sadb_msg_type) {
3081 case SADB_GETSPI:
3082 key_setspi(newsav, 0);
3083
3084#if IPSEC_DOSEQCHECK
3085 /* sync sequence number */
3086 if (mhp->msg->sadb_msg_seq == 0)
3087 newsav->seq =
3088 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
3089 else
3090#endif
3091 newsav->seq = mhp->msg->sadb_msg_seq;
3092 break;
3093
3094 case SADB_ADD:
3095 /* sanity check */
3096 if (mhp->ext[SADB_EXT_SA] == NULL) {
3097 KFREE(newsav);
3098 ipseclog((LOG_DEBUG, "key_newsa: invalid message is passed.\n"));
3099 *errp = EINVAL;
3100 return NULL;
3101 }
3102 xsa = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
3103 key_setspi(newsav, xsa->sadb_sa_spi);
3104 newsav->seq = mhp->msg->sadb_msg_seq;
3105 break;
3106 default:
3107 KFREE(newsav);
3108 *errp = EINVAL;
3109 return NULL;
3110 }
3111
3112 /* copy sav values */
3113 if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
3114 *errp = key_setsaval(newsav, m, mhp);
3115 if (*errp) {
3116 if (newsav->spihash.le_prev || newsav->spihash.le_next)
3117 LIST_REMOVE(newsav, spihash);
3118 KFREE(newsav);
3119 return NULL;
3120 }
3121 }
3122
3123 /* reset created */
3124 {
3125 struct timeval tv;
3126 microtime(&tv);
3127 newsav->created = tv.tv_sec;
3128 }
3129
3130 newsav->pid = mhp->msg->sadb_msg_pid;
3131
3132 /* add to satree */
3133 newsav->sah = sah;
3134 newsav->refcnt = 1;
3135 newsav->state = SADB_SASTATE_LARVAL;
3136 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
3137 secasvar, chain);
3138 ipsec_sav_count++;
3139
3140 return newsav;
3141}
3142
3143/*
3144 * free() SA variable entry.
3145 */
3146static void
3147key_delsav(sav)
3148 struct secasvar *sav;
3149{
3150
3151 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3152
3153 /* sanity check */
3154 if (sav == NULL)
3155 panic("key_delsav: NULL pointer is passed.\n");
3156
3157 if (sav->refcnt > 0)
3158 return; /* can't free */
3159
3160 /* remove from SA header */
3161 if (__LIST_CHAINED(sav))
3162 LIST_REMOVE(sav, chain);
3163 ipsec_sav_count--;
3164
3165 if (sav->spihash.le_prev || sav->spihash.le_next)
3166 LIST_REMOVE(sav, spihash);
3167
3168 if (sav->key_auth != NULL) {
3169 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
3170 KFREE(sav->key_auth);
3171 sav->key_auth = NULL;
3172 }
3173 if (sav->key_enc != NULL) {
3174 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
3175 KFREE(sav->key_enc);
3176 sav->key_enc = NULL;
3177 }
3178 if (sav->sched) {
3179 bzero(sav->sched, sav->schedlen);
3180 KFREE(sav->sched);
3181 sav->sched = NULL;
3182 }
3183 if (sav->replay != NULL) {
3184 keydb_delsecreplay(sav->replay);
3185 sav->replay = NULL;
3186 }
3187 if (sav->lft_c != NULL) {
3188 KFREE(sav->lft_c);
3189 sav->lft_c = NULL;
3190 }
3191 if (sav->lft_h != NULL) {
3192 KFREE(sav->lft_h);
3193 sav->lft_h = NULL;
3194 }
3195 if (sav->lft_s != NULL) {
3196 KFREE(sav->lft_s);
3197 sav->lft_s = NULL;
3198 }
3199 if (sav->iv != NULL) {
3200 KFREE(sav->iv);
3201 sav->iv = NULL;
3202 }
3203
3204 KFREE(sav);
3205
3206 return;
3207}
3208
3209/*
3210 * search SAD.
3211 * OUT:
3212 * NULL : not found
3213 * others : found, pointer to a SA.
3214 */
3215static struct secashead *
3216key_getsah(saidx)
3217 struct secasindex *saidx;
3218{
3219 struct secashead *sah;
3220
3221 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3222
3223 LIST_FOREACH(sah, &sahtree, chain) {
3224 if (sah->state == SADB_SASTATE_DEAD)
3225 continue;
3226 if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID))
3227 return sah;
3228 }
3229
3230 return NULL;
3231}
3232
3233/*
3234 * check not to be duplicated SPI.
3235 * NOTE: this function is too slow due to searching all SAD.
3236 * OUT:
3237 * NULL : not found
3238 * others : found, pointer to a SA.
3239 */
3240static struct secasvar *
3241key_checkspidup(saidx, spi)
3242 struct secasindex *saidx;
3243 u_int32_t spi;
3244{
3245 struct secasvar *sav;
3246 u_int stateidx, state;
3247
3248 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3249
3250 /* check address family */
3251 if (saidx->src.ss_family != saidx->dst.ss_family) {
3252 ipseclog((LOG_DEBUG, "key_checkspidup: address family mismatched.\n"));
3253 return NULL;
3254 }
3255
3256 /* check all SAD */
3257 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
3258 if (sav->spi != spi)
3259 continue;
3260 for (stateidx = 0;
3261 stateidx < _ARRAYLEN(saorder_state_alive);
3262 stateidx++) {
3263 state = saorder_state_alive[stateidx];
3264 if (sav->state == state &&
3265 key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst))
3266 return sav;
3267 }
3268 }
3269
3270 return NULL;
3271}
3272
3273static void
3274key_setspi(sav, spi)
3275 struct secasvar *sav;
3276 u_int32_t spi;
3277{
3278 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3279 sav->spi = spi;
3280 if (sav->spihash.le_prev || sav->spihash.le_next)
3281 LIST_REMOVE(sav, spihash);
3282 LIST_INSERT_HEAD(&spihash[SPIHASH(spi)], sav, spihash);
3283}
3284
3285
3286/*
3287 * search SAD litmited alive SA, protocol, SPI.
3288 * OUT:
3289 * NULL : not found
3290 * others : found, pointer to a SA.
3291 */
3292static struct secasvar *
3293key_getsavbyspi(sah, spi)
3294 struct secashead *sah;
3295 u_int32_t spi;
3296{
3297 struct secasvar *sav, *match;
3298 u_int stateidx, state, matchidx;
3299
3300 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3301 match = NULL;
3302 matchidx = _ARRAYLEN(saorder_state_alive);
3303 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
3304 if (sav->spi != spi)
3305 continue;
3306 if (sav->sah != sah)
3307 continue;
3308 for (stateidx = 0; stateidx < matchidx; stateidx++) {
3309 state = saorder_state_alive[stateidx];
3310 if (sav->state == state) {
3311 match = sav;
3312 matchidx = stateidx;
3313 break;
3314 }
3315 }
3316 }
3317
3318 return match;
3319}
3320
3321/*
3322 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
3323 * You must update these if need.
3324 * OUT: 0: success.
3325 * !0: failure.
3326 *
3327 * does not modify mbuf. does not free mbuf on error.
3328 */
3329static int
3330key_setsaval(sav, m, mhp)
3331 struct secasvar *sav;
3332 struct mbuf *m;
3333 const struct sadb_msghdr *mhp;
3334{
3335#if IPSEC_ESP
3336 const struct esp_algorithm *algo;
3337#endif
3338 int error = 0;
3339 struct timeval tv;
3340
3341 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3342
3343 /* sanity check */
3344 if (m == NULL || mhp == NULL || mhp->msg == NULL)
3345 panic("key_setsaval: NULL pointer is passed.\n");
3346
3347 /* initialization */
3348 sav->replay = NULL;
3349 sav->key_auth = NULL;
3350 sav->key_enc = NULL;
3351 sav->sched = NULL;
3352 sav->schedlen = 0;
3353 sav->iv = NULL;
3354 sav->lft_c = NULL;
3355 sav->lft_h = NULL;
3356 sav->lft_s = NULL;
3357 sav->remote_ike_port = 0;
3358 sav->natt_last_activity = natt_now;
3359 sav->natt_encapsulated_src_port = 0;
3360
3361 /* SA */
3362 if (mhp->ext[SADB_EXT_SA] != NULL) {
3363 const struct sadb_sa *sa0;
3364
3365 sa0 = (const struct sadb_sa *)mhp->ext[SADB_EXT_SA];
3366 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
3367 ipseclog((LOG_DEBUG, "key_setsaval: invalid message size.\n"));
3368 error = EINVAL;
3369 goto fail;
3370 }
3371
3372 sav->alg_auth = sa0->sadb_sa_auth;
3373 sav->alg_enc = sa0->sadb_sa_encrypt;
3374 sav->flags = sa0->sadb_sa_flags;
3375
3376 /*
3377 * Verify that a nat-traversal port was specified if
3378 * the nat-traversal flag is set.
3379 */
3380 if ((sav->flags & SADB_X_EXT_NATT) != 0) {
3381 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa_2) ||
3382 ((struct sadb_sa_2*)(sa0))->sadb_sa_natt_port == 0) {
3383 ipseclog((LOG_DEBUG, "key_setsaval: natt port not set.\n"));
3384 error = EINVAL;
3385 goto fail;
3386 }
3387 sav->remote_ike_port = ((struct sadb_sa_2*)(sa0))->sadb_sa_natt_port;
3388 }
3389
3390 /*
3391 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
3392 * SADB_X_EXT_NATT is set and SADB_X_EXT_NATT_KEEPALIVE is not
3393 * set (we're not behind nat) - otherwise clear it.
3394 */
3395 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
3396 if ((sav->flags & SADB_X_EXT_NATT) == 0 ||
3397 (sav->flags & SADB_X_EXT_NATT_KEEPALIVE) != 0)
3398 sav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
3399
3400 /* replay window */
3401 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
3402 sav->replay = keydb_newsecreplay(sa0->sadb_sa_replay);
3403 if (sav->replay == NULL) {
3404 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3405 error = ENOBUFS;
3406 goto fail;
3407 }
3408 }
3409 }
3410
3411 /* Authentication keys */
3412 if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
3413 const struct sadb_key *key0;
3414 int len;
3415
3416 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
3417 len = mhp->extlen[SADB_EXT_KEY_AUTH];
3418
3419 error = 0;
3420 if (len < sizeof(*key0)) {
3421 ipseclog((LOG_DEBUG, "key_setsaval: invalid auth key ext len. len = %d\n", len));
3422 error = EINVAL;
3423 goto fail;
3424 }
3425 switch (mhp->msg->sadb_msg_satype) {
3426 case SADB_SATYPE_AH:
3427 case SADB_SATYPE_ESP:
3428 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3429 sav->alg_auth != SADB_X_AALG_NULL)
3430 error = EINVAL;
3431 break;
3432 case SADB_X_SATYPE_IPCOMP:
3433 default:
3434 error = EINVAL;
3435 break;
3436 }
3437 if (error) {
3438 ipseclog((LOG_DEBUG, "key_setsaval: invalid key_auth values.\n"));
3439 goto fail;
3440 }
3441
3442 sav->key_auth = (struct sadb_key *)key_newbuf(key0, len);
3443 if (sav->key_auth == NULL) {
3444 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3445 error = ENOBUFS;
3446 goto fail;
3447 }
3448 }
3449
3450 /* Encryption key */
3451 if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
3452 const struct sadb_key *key0;
3453 int len;
3454
3455 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
3456 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
3457
3458 error = 0;
3459 if (len < sizeof(*key0)) {
3460 ipseclog((LOG_DEBUG, "key_setsaval: invalid encryption key ext len. len = %d\n", len));
3461 error = EINVAL;
3462 goto fail;
3463 }
3464 switch (mhp->msg->sadb_msg_satype) {
3465 case SADB_SATYPE_ESP:
3466 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
3467 sav->alg_enc != SADB_EALG_NULL) {
3468 ipseclog((LOG_DEBUG, "key_setsaval: invalid ESP algorithm.\n"));
3469 error = EINVAL;
3470 break;
3471 }
3472 sav->key_enc = (struct sadb_key *)key_newbuf(key0, len);
3473 if (sav->key_enc == NULL) {
3474 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3475 error = ENOBUFS;
3476 goto fail;
3477 }
3478 break;
3479 case SADB_X_SATYPE_IPCOMP:
3480 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
3481 error = EINVAL;
3482 sav->key_enc = NULL; /*just in case*/
3483 break;
3484 case SADB_SATYPE_AH:
3485 default:
3486 error = EINVAL;
3487 break;
3488 }
3489 if (error) {
3490 ipseclog((LOG_DEBUG, "key_setsaval: invalid key_enc value.\n"));
3491 goto fail;
3492 }
3493 }
3494
3495 /* set iv */
3496 sav->ivlen = 0;
3497
3498 switch (mhp->msg->sadb_msg_satype) {
3499 case SADB_SATYPE_ESP:
3500#if IPSEC_ESP
3501 algo = esp_algorithm_lookup(sav->alg_enc);
3502 if (algo && algo->ivlen)
3503 sav->ivlen = (*algo->ivlen)(algo, sav);
3504 if (sav->ivlen == 0)
3505 break;
3506 KMALLOC_NOWAIT(sav->iv, caddr_t, sav->ivlen);
3507 if (sav->iv == 0) {
3508 lck_mtx_unlock(sadb_mutex);
3509 KMALLOC_WAIT(sav->iv, caddr_t, sav->ivlen);
3510 lck_mtx_lock(sadb_mutex);
3511 if (sav->iv == 0) {
3512 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3513 error = ENOBUFS;
3514 goto fail;
3515 }
3516 }
3517
3518 /* initialize */
3519 key_randomfill(sav->iv, sav->ivlen);
3520#endif
3521 break;
3522 case SADB_SATYPE_AH:
3523 case SADB_X_SATYPE_IPCOMP:
3524 break;
3525 default:
3526 ipseclog((LOG_DEBUG, "key_setsaval: invalid SA type.\n"));
3527 error = EINVAL;
3528 goto fail;
3529 }
3530
3531 /* reset created */
3532 microtime(&tv);
3533 sav->created = tv.tv_sec;
3534
3535 /* make lifetime for CURRENT */
3536 KMALLOC_NOWAIT(sav->lft_c, struct sadb_lifetime *,
3537 sizeof(struct sadb_lifetime));
3538 if (sav->lft_c == NULL) {
3539 lck_mtx_unlock(sadb_mutex);
3540 KMALLOC_WAIT(sav->lft_c, struct sadb_lifetime *,
3541 sizeof(struct sadb_lifetime));
3542 lck_mtx_lock(sadb_mutex);
3543 if (sav->lft_c == NULL) {
3544 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3545 error = ENOBUFS;
3546 goto fail;
3547 }
3548 }
3549
3550 microtime(&tv);
3551
3552 sav->lft_c->sadb_lifetime_len =
3553 PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3554 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
3555 sav->lft_c->sadb_lifetime_allocations = 0;
3556 sav->lft_c->sadb_lifetime_bytes = 0;
3557 sav->lft_c->sadb_lifetime_addtime = tv.tv_sec;
3558 sav->lft_c->sadb_lifetime_usetime = 0;
3559
3560 /* lifetimes for HARD and SOFT */
3561 {
3562 const struct sadb_lifetime *lft0;
3563
3564 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
3565 if (lft0 != NULL) {
3566 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
3567 ipseclog((LOG_DEBUG, "key_setsaval: invalid hard lifetime ext len.\n"));
3568 error = EINVAL;
3569 goto fail;
3570 }
3571 sav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0,
3572 sizeof(*lft0));
3573 if (sav->lft_h == NULL) {
3574 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3575 error = ENOBUFS;
3576 goto fail;
3577 }
3578 /* to be initialize ? */
3579 }
3580
3581 lft0 = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
3582 if (lft0 != NULL) {
3583 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
3584 ipseclog((LOG_DEBUG, "key_setsaval: invalid soft lifetime ext len.\n"));
3585 error = EINVAL;
3586 goto fail;
3587 }
3588 sav->lft_s = (struct sadb_lifetime *)key_newbuf(lft0,
3589 sizeof(*lft0));
3590 if (sav->lft_s == NULL) {
3591 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
3592 error = ENOBUFS;
3593 goto fail;
3594 }
3595 /* to be initialize ? */
3596 }
3597 }
3598
3599 return 0;
3600
3601 fail:
3602 /* initialization */
3603 if (sav->replay != NULL) {
3604 keydb_delsecreplay(sav->replay);
3605 sav->replay = NULL;
3606 }
3607 if (sav->key_auth != NULL) {
3608 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
3609 KFREE(sav->key_auth);
3610 sav->key_auth = NULL;
3611 }
3612 if (sav->key_enc != NULL) {
3613 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
3614 KFREE(sav->key_enc);
3615 sav->key_enc = NULL;
3616 }
3617 if (sav->sched) {
3618 bzero(sav->sched, sav->schedlen);
3619 KFREE(sav->sched);
3620 sav->sched = NULL;
3621 }
3622 if (sav->iv != NULL) {
3623 KFREE(sav->iv);
3624 sav->iv = NULL;
3625 }
3626 if (sav->lft_c != NULL) {
3627 KFREE(sav->lft_c);
3628 sav->lft_c = NULL;
3629 }
3630 if (sav->lft_h != NULL) {
3631 KFREE(sav->lft_h);
3632 sav->lft_h = NULL;
3633 }
3634 if (sav->lft_s != NULL) {
3635 KFREE(sav->lft_s);
3636 sav->lft_s = NULL;
3637 }
3638
3639 return error;
3640}
3641
3642/*
3643 * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
3644 * OUT: 0: valid
3645 * other: errno
3646 */
3647static int
3648key_mature(sav)
3649 struct secasvar *sav;
3650{
3651 int mature;
3652 int checkmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
3653 int mustmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
3654
3655 mature = 0;
3656
3657 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3658
3659 /* check SPI value */
3660 switch (sav->sah->saidx.proto) {
3661 case IPPROTO_ESP:
3662 case IPPROTO_AH:
3663 if (ntohl(sav->spi) >= 0 && ntohl(sav->spi) <= 255) {
3664 ipseclog((LOG_DEBUG,
3665 "key_mature: illegal range of SPI %u.\n",
3666 (u_int32_t)ntohl(sav->spi)));
3667 return EINVAL;
3668 }
3669 break;
3670 }
3671
3672 /* check satype */
3673 switch (sav->sah->saidx.proto) {
3674 case IPPROTO_ESP:
3675 /* check flags */
3676 if ((sav->flags & SADB_X_EXT_OLD)
3677 && (sav->flags & SADB_X_EXT_DERIV)) {
3678 ipseclog((LOG_DEBUG, "key_mature: "
3679 "invalid flag (derived) given to old-esp.\n"));
3680 return EINVAL;
3681 }
3682 if (sav->alg_auth == SADB_AALG_NONE)
3683 checkmask = 1;
3684 else
3685 checkmask = 3;
3686 mustmask = 1;
3687 break;
3688 case IPPROTO_AH:
3689 /* check flags */
3690 if (sav->flags & SADB_X_EXT_DERIV) {
3691 ipseclog((LOG_DEBUG, "key_mature: "
3692 "invalid flag (derived) given to AH SA.\n"));
3693 return EINVAL;
3694 }
3695 if (sav->alg_enc != SADB_EALG_NONE) {
3696 ipseclog((LOG_DEBUG, "key_mature: "
3697 "protocol and algorithm mismated.\n"));
3698 return(EINVAL);
3699 }
3700 checkmask = 2;
3701 mustmask = 2;
3702 break;
3703 case IPPROTO_IPCOMP:
3704 if (sav->alg_auth != SADB_AALG_NONE) {
3705 ipseclog((LOG_DEBUG, "key_mature: "
3706 "protocol and algorithm mismated.\n"));
3707 return(EINVAL);
3708 }
3709 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0
3710 && ntohl(sav->spi) >= 0x10000) {
3711 ipseclog((LOG_DEBUG, "key_mature: invalid cpi for IPComp.\n"));
3712 return(EINVAL);
3713 }
3714 checkmask = 4;
3715 mustmask = 4;
3716 break;
3717 default:
3718 ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n"));
3719 return EPROTONOSUPPORT;
3720 }
3721
3722 /* check authentication algorithm */
3723 if ((checkmask & 2) != 0) {
3724 const struct ah_algorithm *algo;
3725 int keylen;
3726
3727 algo = ah_algorithm_lookup(sav->alg_auth);
3728 if (!algo) {
3729 ipseclog((LOG_DEBUG,"key_mature: "
3730 "unknown authentication algorithm.\n"));
3731 return EINVAL;
3732 }
3733
3734 /* algorithm-dependent check */
3735 if (sav->key_auth)
3736 keylen = sav->key_auth->sadb_key_bits;
3737 else
3738 keylen = 0;
3739 if (keylen < algo->keymin || algo->keymax < keylen) {
3740 ipseclog((LOG_DEBUG,
3741 "key_mature: invalid AH key length %d "
3742 "(%d-%d allowed)\n",
3743 keylen, algo->keymin, algo->keymax));
3744 return EINVAL;
3745 }
3746
3747 if (algo->mature) {
3748 if ((*algo->mature)(sav)) {
3749 /* message generated in per-algorithm function*/
3750 return EINVAL;
3751 } else
3752 mature = SADB_SATYPE_AH;
3753 }
3754
3755 if ((mustmask & 2) != 0 && mature != SADB_SATYPE_AH) {
3756 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for AH\n"));
3757 return EINVAL;
3758 }
3759 }
3760
3761 /* check encryption algorithm */
3762 if ((checkmask & 1) != 0) {
3763#if IPSEC_ESP
3764 const struct esp_algorithm *algo;
3765 int keylen;
3766
3767 algo = esp_algorithm_lookup(sav->alg_enc);
3768 if (!algo) {
3769 ipseclog((LOG_DEBUG, "key_mature: unknown encryption algorithm.\n"));
3770 return EINVAL;
3771 }
3772
3773 /* algorithm-dependent check */
3774 if (sav->key_enc)
3775 keylen = sav->key_enc->sadb_key_bits;
3776 else
3777 keylen = 0;
3778 if (keylen < algo->keymin || algo->keymax < keylen) {
3779 ipseclog((LOG_DEBUG,
3780 "key_mature: invalid ESP key length %d "
3781 "(%d-%d allowed)\n",
3782 keylen, algo->keymin, algo->keymax));
3783 return EINVAL;
3784 }
3785
3786 if (algo->mature) {
3787 if ((*algo->mature)(sav)) {
3788 /* message generated in per-algorithm function*/
3789 return EINVAL;
3790 } else
3791 mature = SADB_SATYPE_ESP;
3792 }
3793
3794 if ((mustmask & 1) != 0 && mature != SADB_SATYPE_ESP) {
3795 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for ESP\n"));
3796 return EINVAL;
3797 }
3798#else /*IPSEC_ESP*/
3799 ipseclog((LOG_DEBUG, "key_mature: ESP not supported in this configuration\n"));
3800 return EINVAL;
3801#endif
3802 }
3803
3804 /* check compression algorithm */
3805 if ((checkmask & 4) != 0) {
3806 const struct ipcomp_algorithm *algo;
3807
3808 /* algorithm-dependent check */
3809 algo = ipcomp_algorithm_lookup(sav->alg_enc);
3810 if (!algo) {
3811 ipseclog((LOG_DEBUG, "key_mature: unknown compression algorithm.\n"));
3812 return EINVAL;
3813 }
3814 }
3815
3816 key_sa_chgstate(sav, SADB_SASTATE_MATURE);
3817
3818 return 0;
3819}
3820
3821/*
3822 * subroutine for SADB_GET and SADB_DUMP.
3823 */
3824static struct mbuf *
3825key_setdumpsa(sav, type, satype, seq, pid)
3826 struct secasvar *sav;
3827 u_int8_t type, satype;
3828 u_int32_t seq, pid;
3829{
3830 struct mbuf *result = NULL, *tres = NULL, *m;
3831 int l = 0;
3832 int i;
3833 void *p;
3834 int dumporder[] = {
3835 SADB_EXT_SA, SADB_X_EXT_SA2,
3836 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
3837 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
3838 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
3839 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
3840 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
3841 };
3842
3843 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
3844 if (m == NULL)
3845 goto fail;
3846 result = m;
3847
3848 for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) {
3849 m = NULL;
3850 p = NULL;
3851 switch (dumporder[i]) {
3852 case SADB_EXT_SA:
3853 m = key_setsadbsa(sav);
3854 if (!m)
3855 goto fail;
3856 break;
3857
3858 case SADB_X_EXT_SA2:
3859 m = key_setsadbxsa2(sav->sah->saidx.mode,
3860 sav->replay ? sav->replay->count : 0,
3861 sav->sah->saidx.reqid);
3862 if (!m)
3863 goto fail;
3864 break;
3865
3866 case SADB_EXT_ADDRESS_SRC:
3867 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3868 (struct sockaddr *)&sav->sah->saidx.src,
3869 FULLMASK, IPSEC_ULPROTO_ANY);
3870 if (!m)
3871 goto fail;
3872 break;
3873
3874 case SADB_EXT_ADDRESS_DST:
3875 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3876 (struct sockaddr *)&sav->sah->saidx.dst,
3877 FULLMASK, IPSEC_ULPROTO_ANY);
3878 if (!m)
3879 goto fail;
3880 break;
3881
3882 case SADB_EXT_KEY_AUTH:
3883 if (!sav->key_auth)
3884 continue;
3885 l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len);
3886 p = sav->key_auth;
3887 break;
3888
3889 case SADB_EXT_KEY_ENCRYPT:
3890 if (!sav->key_enc)
3891 continue;
3892 l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len);
3893 p = sav->key_enc;
3894 break;
3895
3896 case SADB_EXT_LIFETIME_CURRENT:
3897 if (!sav->lft_c)
3898 continue;
3899 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len);
3900 p = sav->lft_c;
3901 break;
3902
3903 case SADB_EXT_LIFETIME_HARD:
3904 if (!sav->lft_h)
3905 continue;
3906 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len);
3907 p = sav->lft_h;
3908 break;
3909
3910 case SADB_EXT_LIFETIME_SOFT:
3911 if (!sav->lft_s)
3912 continue;
3913 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len);
3914 p = sav->lft_s;
3915 break;
3916
3917 case SADB_EXT_ADDRESS_PROXY:
3918 case SADB_EXT_IDENTITY_SRC:
3919 case SADB_EXT_IDENTITY_DST:
3920 /* XXX: should we brought from SPD ? */
3921 case SADB_EXT_SENSITIVITY:
3922 default:
3923 continue;
3924 }
3925
3926 if ((!m && !p) || (m && p))
3927 goto fail;
3928 if (p && tres) {
3929 M_PREPEND(tres, l, M_DONTWAIT);
3930 if (!tres)
3931 goto fail;
3932 bcopy(p, mtod(tres, caddr_t), l);
3933 continue;
3934 }
3935 if (p) {
3936 m = key_alloc_mbuf(l);
3937 if (!m)
3938 goto fail;
3939 m_copyback(m, 0, l, p);
3940 }
3941
3942 if (tres)
3943 m_cat(m, tres);
3944 tres = m;
3945 }
3946
3947 m_cat(result, tres);
3948
3949 if (result->m_len < sizeof(struct sadb_msg)) {
3950 result = m_pullup(result, sizeof(struct sadb_msg));
3951 if (result == NULL)
3952 goto fail;
3953 }
3954
3955 result->m_pkthdr.len = 0;
3956 for (m = result; m; m = m->m_next)
3957 result->m_pkthdr.len += m->m_len;
3958
3959 mtod(result, struct sadb_msg *)->sadb_msg_len =
3960 PFKEY_UNIT64(result->m_pkthdr.len);
3961
3962 return result;
3963
3964fail:
3965 m_freem(result);
3966 m_freem(tres);
3967 return NULL;
3968}
3969
3970/*
3971 * set data into sadb_msg.
3972 */
3973static struct mbuf *
3974key_setsadbmsg(type, tlen, satype, seq, pid, reserved)
3975 u_int8_t type, satype;
3976 u_int16_t tlen;
3977 u_int32_t seq;
3978 pid_t pid;
3979 u_int16_t reserved;
3980{
3981 struct mbuf *m;
3982 struct sadb_msg *p;
3983 int len;
3984
3985 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
3986 if (len > MCLBYTES)
3987 return NULL;
3988 MGETHDR(m, M_DONTWAIT, MT_DATA);
3989 if (m && len > MHLEN) {
3990 MCLGET(m, M_DONTWAIT);
3991 if ((m->m_flags & M_EXT) == 0) {
3992 m_freem(m);
3993 m = NULL;
3994 }
3995 }
3996 if (!m)
3997 return NULL;
3998 m->m_pkthdr.len = m->m_len = len;
3999 m->m_next = NULL;
4000
4001 p = mtod(m, struct sadb_msg *);
4002
4003 bzero(p, len);
4004 p->sadb_msg_version = PF_KEY_V2;
4005 p->sadb_msg_type = type;
4006 p->sadb_msg_errno = 0;
4007 p->sadb_msg_satype = satype;
4008 p->sadb_msg_len = PFKEY_UNIT64(tlen);
4009 p->sadb_msg_reserved = reserved;
4010 p->sadb_msg_seq = seq;
4011 p->sadb_msg_pid = (u_int32_t)pid;
4012
4013 return m;
4014}
4015
4016/*
4017 * copy secasvar data into sadb_address.
4018 */
4019static struct mbuf *
4020key_setsadbsa(sav)
4021 struct secasvar *sav;
4022{
4023 struct mbuf *m;
4024 struct sadb_sa *p;
4025 int len;
4026
4027 len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
4028 m = key_alloc_mbuf(len);
4029 if (!m || m->m_next) { /*XXX*/
4030 if (m)
4031 m_freem(m);
4032 return NULL;
4033 }
4034
4035 p = mtod(m, struct sadb_sa *);
4036
4037 bzero(p, len);
4038 p->sadb_sa_len = PFKEY_UNIT64(len);
4039 p->sadb_sa_exttype = SADB_EXT_SA;
4040 p->sadb_sa_spi = sav->spi;
4041 p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);
4042 p->sadb_sa_state = sav->state;
4043 p->sadb_sa_auth = sav->alg_auth;
4044 p->sadb_sa_encrypt = sav->alg_enc;
4045 p->sadb_sa_flags = sav->flags;
4046
4047 return m;
4048}
4049
4050/*
4051 * set data into sadb_address.
4052 */
4053static struct mbuf *
4054key_setsadbaddr(exttype, saddr, prefixlen, ul_proto)
4055 u_int16_t exttype;
4056 struct sockaddr *saddr;
4057 u_int8_t prefixlen;
4058 u_int16_t ul_proto;
4059{
4060 struct mbuf *m;
4061 struct sadb_address *p;
4062 size_t len;
4063
4064 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
4065 PFKEY_ALIGN8(saddr->sa_len);
4066 m = key_alloc_mbuf(len);
4067 if (!m || m->m_next) { /*XXX*/
4068 if (m)
4069 m_freem(m);
4070 return NULL;
4071 }
4072
4073 p = mtod(m, struct sadb_address *);
4074
4075 bzero(p, len);
4076 p->sadb_address_len = PFKEY_UNIT64(len);
4077 p->sadb_address_exttype = exttype;
4078 p->sadb_address_proto = ul_proto;
4079 if (prefixlen == FULLMASK) {
4080 switch (saddr->sa_family) {
4081 case AF_INET:
4082 prefixlen = sizeof(struct in_addr) << 3;
4083 break;
4084 case AF_INET6:
4085 prefixlen = sizeof(struct in6_addr) << 3;
4086 break;
4087 default:
4088 ; /*XXX*/
4089 }
4090 }
4091 p->sadb_address_prefixlen = prefixlen;
4092 p->sadb_address_reserved = 0;
4093
4094 bcopy(saddr,
4095 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
4096 saddr->sa_len);
4097
4098 return m;
4099}
4100
4101#if 0
4102/*
4103 * set data into sadb_ident.
4104 */
4105static struct mbuf *
4106key_setsadbident(exttype, idtype, string, stringlen, id)
4107 u_int16_t exttype, idtype;
4108 caddr_t string;
4109 int stringlen;
4110 u_int64_t id;
4111{
4112 struct mbuf *m;
4113 struct sadb_ident *p;
4114 size_t len;
4115
4116 len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen);
4117 m = key_alloc_mbuf(len);
4118 if (!m || m->m_next) { /*XXX*/
4119 if (m)
4120 m_freem(m);
4121 return NULL;
4122 }
4123
4124 p = mtod(m, struct sadb_ident *);
4125
4126 bzero(p, len);
4127 p->sadb_ident_len = PFKEY_UNIT64(len);
4128 p->sadb_ident_exttype = exttype;
4129 p->sadb_ident_type = idtype;
4130 p->sadb_ident_reserved = 0;
4131 p->sadb_ident_id = id;
4132
4133 bcopy(string,
4134 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_ident)),
4135 stringlen);
4136
4137 return m;
4138}
4139#endif
4140
4141/*
4142 * set data into sadb_x_sa2.
4143 */
4144static struct mbuf *
4145key_setsadbxsa2(mode, seq, reqid)
4146 u_int8_t mode;
4147 u_int32_t seq, reqid;
4148{
4149 struct mbuf *m;
4150 struct sadb_x_sa2 *p;
4151 size_t len;
4152
4153 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
4154 m = key_alloc_mbuf(len);
4155 if (!m || m->m_next) { /*XXX*/
4156 if (m)
4157 m_freem(m);
4158 return NULL;
4159 }
4160
4161 p = mtod(m, struct sadb_x_sa2 *);
4162
4163 bzero(p, len);
4164 p->sadb_x_sa2_len = PFKEY_UNIT64(len);
4165 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
4166 p->sadb_x_sa2_mode = mode;
4167 p->sadb_x_sa2_reserved1 = 0;
4168 p->sadb_x_sa2_reserved2 = 0;
4169 p->sadb_x_sa2_sequence = seq;
4170 p->sadb_x_sa2_reqid = reqid;
4171
4172 return m;
4173}
4174
4175/*
4176 * set data into sadb_x_policy
4177 */
4178static struct mbuf *
4179key_setsadbxpolicy(type, dir, id)
4180 u_int16_t type;
4181 u_int8_t dir;
4182 u_int32_t id;
4183{
4184 struct mbuf *m;
4185 struct sadb_x_policy *p;
4186 size_t len;
4187
4188 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
4189 m = key_alloc_mbuf(len);
4190 if (!m || m->m_next) { /*XXX*/
4191 if (m)
4192 m_freem(m);
4193 return NULL;
4194 }
4195
4196 p = mtod(m, struct sadb_x_policy *);
4197
4198 bzero(p, len);
4199 p->sadb_x_policy_len = PFKEY_UNIT64(len);
4200 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
4201 p->sadb_x_policy_type = type;
4202 p->sadb_x_policy_dir = dir;
4203 p->sadb_x_policy_id = id;
4204
4205 return m;
4206}
4207
4208/* %%% utilities */
4209/*
4210 * copy a buffer into the new buffer allocated.
4211 */
4212static void *
4213key_newbuf(src, len)
4214 const void *src;
4215 u_int len;
4216{
4217 caddr_t new;
4218
4219 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
4220 KMALLOC_NOWAIT(new, caddr_t, len);
4221 if (new == NULL) {
4222 lck_mtx_unlock(sadb_mutex);
4223 KMALLOC_WAIT(new, caddr_t, len);
4224 lck_mtx_lock(sadb_mutex);
4225 if (new == NULL) {
4226 ipseclog((LOG_DEBUG, "key_newbuf: No more memory.\n"));
4227 return NULL;
4228 }
4229 }
4230 bcopy(src, new, len);
4231
4232 return new;
4233}
4234
4235/* compare my own address
4236 * OUT: 1: true, i.e. my address.
4237 * 0: false
4238 */
4239int
4240key_ismyaddr(sa)
4241 struct sockaddr *sa;
4242{
4243#if INET
4244 struct sockaddr_in *sin;
4245 struct in_ifaddr *ia;
4246#endif
4247
4248 /* sanity check */
4249 if (sa == NULL)
4250 panic("key_ismyaddr: NULL pointer is passed.\n");
4251
4252 switch (sa->sa_family) {
4253#if INET
4254 case AF_INET:
4255 lck_mtx_lock(rt_mtx);
4256 sin = (struct sockaddr_in *)sa;
4257 for (ia = in_ifaddrhead.tqh_first; ia;
4258 ia = ia->ia_link.tqe_next)
4259 {
4260 if (sin->sin_family == ia->ia_addr.sin_family &&
4261 sin->sin_len == ia->ia_addr.sin_len &&
4262 sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr)
4263 {
4264 lck_mtx_unlock(rt_mtx);
4265 return 1;
4266 }
4267 }
4268 lck_mtx_unlock(rt_mtx);
4269 break;
4270#endif
4271#if INET6
4272 case AF_INET6:
4273 return key_ismyaddr6((struct sockaddr_in6 *)sa);
4274#endif
4275 }
4276
4277 return 0;
4278}
4279
4280#if INET6
4281/*
4282 * compare my own address for IPv6.
4283 * 1: ours
4284 * 0: other
4285 * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
4286 */
4287#include <netinet6/in6_var.h>
4288
4289static int
4290key_ismyaddr6(sin6)
4291 struct sockaddr_in6 *sin6;
4292{
4293 struct in6_ifaddr *ia;
4294 struct in6_multi *in6m;
4295
4296 lck_mtx_lock(nd6_mutex);
4297 for (ia = in6_ifaddrs; ia; ia = ia->ia_next) {
4298 if (key_sockaddrcmp((struct sockaddr *)&sin6,
4299 (struct sockaddr *)&ia->ia_addr, 0) == 0) {
4300 lck_mtx_unlock(nd6_mutex);
4301 return 1;
4302 }
4303
4304 /*
4305 * XXX Multicast
4306 * XXX why do we care about multlicast here while we don't care
4307 * about IPv4 multicast??
4308 * XXX scope
4309 */
4310 in6m = NULL;
4311 IN6_LOOKUP_MULTI(sin6->sin6_addr, ia->ia_ifp, in6m);
4312 if (in6m) {
4313 lck_mtx_unlock(nd6_mutex);
4314 return 1;
4315 }
4316 }
4317 lck_mtx_unlock(nd6_mutex);
4318
4319 /* loopback, just for safety */
4320 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
4321 return 1;
4322
4323 return 0;
4324}
4325#endif /*INET6*/
4326
4327/*
4328 * compare two secasindex structure.
4329 * flag can specify to compare 2 saidxes.
4330 * compare two secasindex structure without both mode and reqid.
4331 * don't compare port.
4332 * IN:
4333 * saidx0: source, it can be in SAD.
4334 * saidx1: object.
4335 * OUT:
4336 * 1 : equal
4337 * 0 : not equal
4338 */
4339static int
4340key_cmpsaidx(saidx0, saidx1, flag)
4341 struct secasindex *saidx0, *saidx1;
4342 int flag;
4343{
4344 /* sanity */
4345 if (saidx0 == NULL && saidx1 == NULL)
4346 return 1;
4347
4348 if (saidx0 == NULL || saidx1 == NULL)
4349 return 0;
4350
4351 if (saidx0->proto != saidx1->proto)
4352 return 0;
4353
4354 if (flag == CMP_EXACTLY) {
4355 if (saidx0->mode != saidx1->mode)
4356 return 0;
4357 if (saidx0->reqid != saidx1->reqid)
4358 return 0;
4359 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.ss_len) != 0 ||
4360 bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.ss_len) != 0)
4361 return 0;
4362 } else {
4363
4364 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */
4365 if (flag & CMP_REQID) {
4366 /*
4367 * If reqid of SPD is non-zero, unique SA is required.
4368 * The result must be of same reqid in this case.
4369 */
4370 if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid)
4371 return 0;
4372 }
4373
4374 if (flag & CMP_MODE) {
4375 if (saidx0->mode != IPSEC_MODE_ANY
4376 && saidx0->mode != saidx1->mode)
4377 return 0;
4378 }
4379
4380 if (key_sockaddrcmp((struct sockaddr *)&saidx0->src,
4381 (struct sockaddr *)&saidx1->src, flag & CMP_PORT ? 1 : 0) != 0) {
4382 return 0;
4383 }
4384 if (key_sockaddrcmp((struct sockaddr *)&saidx0->dst,
4385 (struct sockaddr *)&saidx1->dst, flag & CMP_PORT ? 1 : 0) != 0) {
4386 return 0;
4387 }
4388 }
4389
4390 return 1;
4391}
4392
4393/*
4394 * compare two secindex structure exactly.
4395 * IN:
4396 * spidx0: source, it is often in SPD.
4397 * spidx1: object, it is often from PFKEY message.
4398 * OUT:
4399 * 1 : equal
4400 * 0 : not equal
4401 */
4402static int
4403key_cmpspidx_exactly(spidx0, spidx1)
4404 struct secpolicyindex *spidx0, *spidx1;
4405{
4406 /* sanity */
4407 if (spidx0 == NULL && spidx1 == NULL)
4408 return 1;
4409
4410 if (spidx0 == NULL || spidx1 == NULL)
4411 return 0;
4412
4413 if (spidx0->prefs != spidx1->prefs
4414 || spidx0->prefd != spidx1->prefd
4415 || spidx0->ul_proto != spidx1->ul_proto)
4416 return 0;
4417
4418 if (key_sockaddrcmp((struct sockaddr *)&spidx0->src,
4419 (struct sockaddr *)&spidx1->src, 1) != 0) {
4420 return 0;
4421 }
4422 if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst,
4423 (struct sockaddr *)&spidx1->dst, 1) != 0) {
4424 return 0;
4425 }
4426
4427 return 1;
4428}
4429
4430/*
4431 * compare two secindex structure with mask.
4432 * IN:
4433 * spidx0: source, it is often in SPD.
4434 * spidx1: object, it is often from IP header.
4435 * OUT:
4436 * 1 : equal
4437 * 0 : not equal
4438 */
4439static int
4440key_cmpspidx_withmask(spidx0, spidx1)
4441 struct secpolicyindex *spidx0, *spidx1;
4442{
4443 /* sanity */
4444 if (spidx0 == NULL && spidx1 == NULL)
4445 return 1;
4446
4447 if (spidx0 == NULL || spidx1 == NULL)
4448 return 0;
4449
4450 if (spidx0->src.ss_family != spidx1->src.ss_family ||
4451 spidx0->dst.ss_family != spidx1->dst.ss_family ||
4452 spidx0->src.ss_len != spidx1->src.ss_len ||
4453 spidx0->dst.ss_len != spidx1->dst.ss_len)
4454 return 0;
4455
4456 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
4457 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY
4458 && spidx0->ul_proto != spidx1->ul_proto)
4459 return 0;
4460
4461 switch (spidx0->src.ss_family) {
4462 case AF_INET:
4463 if (satosin(&spidx0->src)->sin_port != IPSEC_PORT_ANY
4464 && satosin(&spidx0->src)->sin_port !=
4465 satosin(&spidx1->src)->sin_port)
4466 return 0;
4467 if (!key_bbcmp((caddr_t)&satosin(&spidx0->src)->sin_addr,
4468 (caddr_t)&satosin(&spidx1->src)->sin_addr, spidx0->prefs))
4469 return 0;
4470 break;
4471 case AF_INET6:
4472 if (satosin6(&spidx0->src)->sin6_port != IPSEC_PORT_ANY
4473 && satosin6(&spidx0->src)->sin6_port !=
4474 satosin6(&spidx1->src)->sin6_port)
4475 return 0;
4476 /*
4477 * scope_id check. if sin6_scope_id is 0, we regard it
4478 * as a wildcard scope, which matches any scope zone ID.
4479 */
4480 if (satosin6(&spidx0->src)->sin6_scope_id &&
4481 satosin6(&spidx1->src)->sin6_scope_id &&
4482 satosin6(&spidx0->src)->sin6_scope_id !=
4483 satosin6(&spidx1->src)->sin6_scope_id)
4484 return 0;
4485 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->src)->sin6_addr,
4486 (caddr_t)&satosin6(&spidx1->src)->sin6_addr, spidx0->prefs))
4487 return 0;
4488 break;
4489 default:
4490 /* XXX */
4491 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.ss_len) != 0)
4492 return 0;
4493 break;
4494 }
4495
4496 switch (spidx0->dst.ss_family) {
4497 case AF_INET:
4498 if (satosin(&spidx0->dst)->sin_port != IPSEC_PORT_ANY
4499 && satosin(&spidx0->dst)->sin_port !=
4500 satosin(&spidx1->dst)->sin_port)
4501 return 0;
4502 if (!key_bbcmp((caddr_t)&satosin(&spidx0->dst)->sin_addr,
4503 (caddr_t)&satosin(&spidx1->dst)->sin_addr, spidx0->prefd))
4504 return 0;
4505 break;
4506 case AF_INET6:
4507 if (satosin6(&spidx0->dst)->sin6_port != IPSEC_PORT_ANY
4508 && satosin6(&spidx0->dst)->sin6_port !=
4509 satosin6(&spidx1->dst)->sin6_port)
4510 return 0;
4511 /*
4512 * scope_id check. if sin6_scope_id is 0, we regard it
4513 * as a wildcard scope, which matches any scope zone ID.
4514 */
4515 if (satosin6(&spidx0->src)->sin6_scope_id &&
4516 satosin6(&spidx1->src)->sin6_scope_id &&
4517 satosin6(&spidx0->dst)->sin6_scope_id !=
4518 satosin6(&spidx1->dst)->sin6_scope_id)
4519 return 0;
4520 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->dst)->sin6_addr,
4521 (caddr_t)&satosin6(&spidx1->dst)->sin6_addr, spidx0->prefd))
4522 return 0;
4523 break;
4524 default:
4525 /* XXX */
4526 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.ss_len) != 0)
4527 return 0;
4528 break;
4529 }
4530
4531 /* XXX Do we check other field ? e.g. flowinfo */
4532
4533 return 1;
4534}
4535
4536/* returns 0 on match */
4537static int
4538key_sockaddrcmp(sa1, sa2, port)
4539 struct sockaddr *sa1;
4540 struct sockaddr *sa2;
4541 int port;
4542{
4543 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
4544 return 1;
4545
4546 switch (sa1->sa_family) {
4547 case AF_INET:
4548 if (sa1->sa_len != sizeof(struct sockaddr_in))
4549 return 1;
4550 if (satosin(sa1)->sin_addr.s_addr !=
4551 satosin(sa2)->sin_addr.s_addr) {
4552 return 1;
4553 }
4554 if (port && satosin(sa1)->sin_port != satosin(sa2)->sin_port)
4555 return 1;
4556 break;
4557 case AF_INET6:
4558 if (sa1->sa_len != sizeof(struct sockaddr_in6))
4559 return 1; /*EINVAL*/
4560 if (satosin6(sa1)->sin6_scope_id !=
4561 satosin6(sa2)->sin6_scope_id) {
4562 return 1;
4563 }
4564 if (!IN6_ARE_ADDR_EQUAL(&satosin6(sa1)->sin6_addr,
4565 &satosin6(sa2)->sin6_addr)) {
4566 return 1;
4567 }
4568 if (port &&
4569 satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) {
4570 return 1;
4571 }
4572 break;
4573 default:
4574 if (bcmp(sa1, sa2, sa1->sa_len) != 0)
4575 return 1;
4576 break;
4577 }
4578
4579 return 0;
4580}
4581
4582/*
4583 * compare two buffers with mask.
4584 * IN:
4585 * addr1: source
4586 * addr2: object
4587 * bits: Number of bits to compare
4588 * OUT:
4589 * 1 : equal
4590 * 0 : not equal
4591 */
4592static int
4593key_bbcmp(p1, p2, bits)
4594 caddr_t p1, p2;
4595 u_int bits;
4596{
4597 u_int8_t mask;
4598
4599 /* XXX: This could be considerably faster if we compare a word
4600 * at a time, but it is complicated on LSB Endian machines */
4601
4602 /* Handle null pointers */
4603 if (p1 == NULL || p2 == NULL)
4604 return (p1 == p2);
4605
4606 while (bits >= 8) {
4607 if (*p1++ != *p2++)
4608 return 0;
4609 bits -= 8;
4610 }
4611
4612 if (bits > 0) {
4613 mask = ~((1<<(8-bits))-1);
4614 if ((*p1 & mask) != (*p2 & mask))
4615 return 0;
4616 }
4617 return 1; /* Match! */
4618}
4619
4620/*
4621 * time handler.
4622 * scanning SPD and SAD to check status for each entries,
4623 * and do to remove or to expire.
4624 * XXX: year 2038 problem may remain.
4625 */
4626
4627void
4628key_timehandler(void)
4629{
4630 u_int dir;
4631 struct timeval tv;
4632 struct secpolicy **spbuf = NULL, **spptr = NULL;
4633 struct secasvar **savexbuf = NULL, **savexptr = NULL;
4634 struct secasvar **savkabuf = NULL, **savkaptr = NULL;
4635 int spbufcount = 0, savbufcount = 0, spcount = 0, savexcount = 0, savkacount = 0, cnt;
4636
4637 microtime(&tv);
4638
4639 /* pre-allocate buffers before taking the lock */
4640 /* if allocation failures occur - portions of the processing will be skipped */
4641 if ((spbufcount = ipsec_policy_count) != 0) {
4642 spbufcount += 256;
4643 KMALLOC_WAIT(spbuf, struct secpolicy **, spbufcount * sizeof(struct secpolicy *));
4644 if (spbuf)
4645 spptr = spbuf;
4646 }
4647 if ((savbufcount = ipsec_sav_count) != 0) {
4648 savbufcount += 512;
4649 KMALLOC_WAIT(savexbuf, struct secasvar **, savbufcount * sizeof(struct secasvar *));
4650 if (savexbuf)
4651 savexptr = savexbuf;
4652 KMALLOC_WAIT(savkabuf, struct secasvar **, savbufcount * sizeof(struct secasvar *));
4653 if (savkabuf)
4654 savkaptr = savkabuf;
4655 }
4656 lck_mtx_lock(sadb_mutex);
4657 /* SPD */
4658 if (spbuf) {
4659
4660 struct secpolicy *sp, *nextsp;
4661
4662 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
4663 for (sp = LIST_FIRST(&sptree[dir]);
4664 sp != NULL;
4665 sp = nextsp) {
4666
4667 nextsp = LIST_NEXT(sp, chain);
4668
4669 if (sp->state == IPSEC_SPSTATE_DEAD) {
4670 key_freesp(sp, KEY_SADB_LOCKED);
4671 continue;
4672 }
4673
4674 if (sp->lifetime == 0 && sp->validtime == 0)
4675 continue;
4676 if (spbuf && spcount < spbufcount) {
4677 /* the deletion will occur next time */
4678 if ((sp->lifetime
4679 && tv.tv_sec - sp->created > sp->lifetime)
4680 || (sp->validtime
4681 && tv.tv_sec - sp->lastused > sp->validtime)) {
4682 //key_spdexpire(sp);
4683 sp->state = IPSEC_SPSTATE_DEAD;
4684 sp->refcnt++;
4685 *spptr++ = sp;
4686 spcount++;
4687 }
4688 }
4689 }
4690 }
4691 }
4692
4693 /* SAD */
4694 if (savbufcount != 0) {
4695 struct secashead *sah, *nextsah;
4696 struct secasvar *sav, *nextsav;
4697
4698 for (sah = LIST_FIRST(&sahtree);
4699 sah != NULL;
4700 sah = nextsah) {
4701
4702 nextsah = LIST_NEXT(sah, chain);
4703
4704 /* if sah has been dead, then delete it and process next sah. */
4705 if (sah->state == SADB_SASTATE_DEAD) {
4706 key_delsah(sah);
4707 continue;
4708 }
4709
4710 /* if LARVAL entry doesn't become MATURE, delete it. */
4711 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]);
4712 sav != NULL;
4713 sav = nextsav) {
4714
4715 nextsav = LIST_NEXT(sav, chain);
4716
4717 if (tv.tv_sec - sav->created > key_larval_lifetime) {
4718 key_freesav(sav, KEY_SADB_LOCKED);
4719 }
4720 }
4721
4722 /*
4723 * If this is a NAT traversal SA with no activity,
4724 * we need to send a keep alive.
4725 *
4726 * Performed outside of the loop before so we will
4727 * only ever send one keepalive. The first SA on
4728 * the list is the one that will be used for sending
4729 * traffic, so this is the one we use for determining
4730 * when to send the keepalive.
4731 */
4732 if (savkabuf && savkacount < savbufcount) {
4733 sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]); //%%% should we check dying list if this is empty???
4734 if (natt_keepalive_interval && sav && (sav->flags & SADB_X_EXT_NATT_KEEPALIVE) != 0 &&
4735 (natt_now - sav->natt_last_activity) >= natt_keepalive_interval) {
4736 //ipsec_send_natt_keepalive(sav);
4737 sav->refcnt++;
4738 *savkaptr++ = sav;
4739 savkacount++;
4740 }
4741 }
4742
4743 /*
4744 * check MATURE entry to start to send expire message
4745 * whether or not.
4746 */
4747 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);
4748 sav != NULL;
4749 sav = nextsav) {
4750
4751 nextsav = LIST_NEXT(sav, chain);
4752
4753 /* we don't need to check. */
4754 if (sav->lft_s == NULL)
4755 continue;
4756
4757 /* sanity check */
4758 if (sav->lft_c == NULL) {
4759 ipseclog((LOG_DEBUG,"key_timehandler: "
4760 "There is no CURRENT time, why?\n"));
4761 continue;
4762 }
4763
4764 /* check SOFT lifetime */
4765 if (sav->lft_s->sadb_lifetime_addtime != 0
4766 && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
4767 /*
4768 * check the SA if it has been used.
4769 * when it hasn't been used, delete it.
4770 * i don't think such SA will be used.
4771 */
4772 if (sav->lft_c->sadb_lifetime_usetime == 0) {
4773 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4774 key_freesav(sav, KEY_SADB_LOCKED);
4775 sav = NULL;
4776 } else if (savexbuf && savexcount < savbufcount) {
4777 key_sa_chgstate(sav, SADB_SASTATE_DYING);
4778 sav->refcnt++;
4779 *savexptr++ = sav;
4780 savexcount++;
4781 }
4782 }
4783
4784 /* check SOFT lifetime by bytes */
4785 /*
4786 * XXX I don't know the way to delete this SA
4787 * when new SA is installed. Caution when it's
4788 * installed too big lifetime by time.
4789 */
4790 else if (savexbuf && savexcount < savbufcount
4791 && sav->lft_s->sadb_lifetime_bytes != 0
4792 && sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
4793
4794 /*
4795 * XXX If we keep to send expire
4796 * message in the status of
4797 * DYING. Do remove below code.
4798 */
4799 //key_expire(sav);
4800 key_sa_chgstate(sav, SADB_SASTATE_DYING);
4801 sav->refcnt++;
4802 *savexptr++ = sav;
4803 savexcount++;
4804 }
4805 }
4806
4807 /* check DYING entry to change status to DEAD. */
4808 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]);
4809 sav != NULL;
4810 sav = nextsav) {
4811
4812 nextsav = LIST_NEXT(sav, chain);
4813
4814 /* we don't need to check. */
4815 if (sav->lft_h == NULL)
4816 continue;
4817
4818 /* sanity check */
4819 if (sav->lft_c == NULL) {
4820 ipseclog((LOG_DEBUG, "key_timehandler: "
4821 "There is no CURRENT time, why?\n"));
4822 continue;
4823 }
4824
4825 if (sav->lft_h->sadb_lifetime_addtime != 0
4826 && tv.tv_sec - sav->created > sav->lft_h->sadb_lifetime_addtime) {
4827 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4828 key_freesav(sav, KEY_SADB_LOCKED);
4829 sav = NULL;
4830 }
4831#if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
4832 else if (savbuf && savexcount < savbufcount
4833 && sav->lft_s != NULL
4834 && sav->lft_s->sadb_lifetime_addtime != 0
4835 && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
4836 /*
4837 * XXX: should be checked to be
4838 * installed the valid SA.
4839 */
4840
4841 /*
4842 * If there is no SA then sending
4843 * expire message.
4844 */
4845 //key_expire(sav);
4846 sav->refcnt++;
4847 *savexptr++ = sav;
4848 savexcount++;
4849 }
4850#endif
4851 /* check HARD lifetime by bytes */
4852 else if (sav->lft_h->sadb_lifetime_bytes != 0
4853 && sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
4854 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
4855 key_freesav(sav, KEY_SADB_LOCKED);
4856 sav = NULL;
4857 }
4858 }
4859
4860 /* delete entry in DEAD */
4861 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]);
4862 sav != NULL;
4863 sav = nextsav) {
4864
4865 nextsav = LIST_NEXT(sav, chain);
4866
4867 /* sanity check */
4868 if (sav->state != SADB_SASTATE_DEAD) {
4869 ipseclog((LOG_DEBUG, "key_timehandler: "
4870 "invalid sav->state "
4871 "(queue: %d SA: %d): "
4872 "kill it anyway\n",
4873 SADB_SASTATE_DEAD, sav->state));
4874 }
4875
4876 /*
4877 * do not call key_freesav() here.
4878 * sav should already be freed, and sav->refcnt
4879 * shows other references to sav
4880 * (such as from SPD).
4881 */
4882 }
4883 }
4884 }
4885
4886#ifndef IPSEC_NONBLOCK_ACQUIRE
4887 /* ACQ tree */
4888 {
4889 struct secacq *acq, *nextacq;
4890
4891 for (acq = LIST_FIRST(&acqtree);
4892 acq != NULL;
4893 acq = nextacq) {
4894
4895 nextacq = LIST_NEXT(acq, chain);
4896
4897 if (tv.tv_sec - acq->created > key_blockacq_lifetime
4898 && __LIST_CHAINED(acq)) {
4899 LIST_REMOVE(acq, chain);
4900 KFREE(acq);
4901 }
4902 }
4903 }
4904#endif
4905
4906 /* SP ACQ tree */
4907 {
4908 struct secspacq *acq, *nextacq;
4909
4910 for (acq = LIST_FIRST(&spacqtree);
4911 acq != NULL;
4912 acq = nextacq) {
4913
4914 nextacq = LIST_NEXT(acq, chain);
4915
4916 if (tv.tv_sec - acq->created > key_blockacq_lifetime
4917 && __LIST_CHAINED(acq)) {
4918 LIST_REMOVE(acq, chain);
4919 KFREE(acq);
4920 }
4921 }
4922 }
4923
4924 /* initialize random seed */
4925 if (key_tick_init_random++ > key_int_random) {
4926 key_tick_init_random = 0;
4927 key_srandom();
4928 }
4929
4930 natt_now++;
4931
4932 lck_mtx_unlock(sadb_mutex);
4933
4934 /* send messages outside of sadb_mutex */
4935 if (spbuf && spcount > 0) {
4936 cnt = spcount;
4937 while (cnt--)
4938 key_spdexpire(*(--spptr));
4939 }
4940 if (savkabuf && savkacount > 0) {
4941 cnt = savkacount;
4942 while (cnt--)
4943 ipsec_send_natt_keepalive(*(--savkaptr));
4944 }
4945 if (savexbuf && savexcount > 0) {
4946 cnt = savexcount;
4947 while (cnt--)
4948 key_expire(*(--savexptr));
4949 }
4950
4951 /* decrement ref counts and free buffers */
4952 lck_mtx_lock(sadb_mutex);
4953 if (spbuf) {
4954 while (spcount--)
4955 key_freesp(*spptr++, KEY_SADB_LOCKED);
4956 KFREE(spbuf);
4957 }
4958 if (savkabuf) {
4959 while (savkacount--)
4960 key_freesav(*savkaptr++, KEY_SADB_LOCKED);
4961 KFREE(savkabuf);
4962 }
4963 if (savexbuf) {
4964 while (savexcount--)
4965 key_freesav(*savexptr++, KEY_SADB_LOCKED);
4966 KFREE(savexbuf);
4967 }
4968 lck_mtx_unlock(sadb_mutex);
4969
4970
4971#ifndef IPSEC_DEBUG2
4972 /* do exchange to tick time !! */
4973 (void)timeout((void *)key_timehandler, (void *)0, hz);
4974#endif /* IPSEC_DEBUG2 */
4975
4976 return;
4977}
4978
4979/*
4980 * to initialize a seed for random()
4981 */
4982static void
4983key_srandom()
4984{
4985#ifdef __APPLE__
4986 /* Our PRNG is based on Yarrow and doesn't need to be seeded */
4987 random();
4988#else
4989 struct timeval tv;
4990
4991 microtime(&tv);
4992
4993 srandom(tv.tv_usec);
4994#endif
4995
4996 return;
4997}
4998
4999u_long
5000key_random()
5001{
5002 u_long value;
5003
5004 key_randomfill(&value, sizeof(value));
5005 return value;
5006}
5007
5008void
5009key_randomfill(p, l)
5010 void *p;
5011 size_t l;
5012{
5013#ifdef __APPLE__
5014
5015 read_random(p, (u_int)l);
5016#else
5017 size_t n;
5018 u_long v;
5019 static int warn = 1;
5020
5021 n = 0;
5022 n = (size_t)read_random(p, (u_int)l);
5023 /* last resort */
5024 while (n < l) {
5025 v = random();
5026 bcopy(&v, (u_int8_t *)p + n,
5027 l - n < sizeof(v) ? l - n : sizeof(v));
5028 n += sizeof(v);
5029
5030 if (warn) {
5031 printf("WARNING: pseudo-random number generator "
5032 "used for IPsec processing\n");
5033 warn = 0;
5034 }
5035 }
5036#endif
5037}
5038
5039/*
5040 * map SADB_SATYPE_* to IPPROTO_*.
5041 * if satype == SADB_SATYPE then satype is mapped to ~0.
5042 * OUT:
5043 * 0: invalid satype.
5044 */
5045static u_int16_t
5046key_satype2proto(satype)
5047 u_int8_t satype;
5048{
5049 switch (satype) {
5050 case SADB_SATYPE_UNSPEC:
5051 return IPSEC_PROTO_ANY;
5052 case SADB_SATYPE_AH:
5053 return IPPROTO_AH;
5054 case SADB_SATYPE_ESP:
5055 return IPPROTO_ESP;
5056 case SADB_X_SATYPE_IPCOMP:
5057 return IPPROTO_IPCOMP;
5058 break;
5059 default:
5060 return 0;
5061 }
5062 /* NOTREACHED */
5063}
5064
5065/*
5066 * map IPPROTO_* to SADB_SATYPE_*
5067 * OUT:
5068 * 0: invalid protocol type.
5069 */
5070static u_int8_t
5071key_proto2satype(proto)
5072 u_int16_t proto;
5073{
5074 switch (proto) {
5075 case IPPROTO_AH:
5076 return SADB_SATYPE_AH;
5077 case IPPROTO_ESP:
5078 return SADB_SATYPE_ESP;
5079 case IPPROTO_IPCOMP:
5080 return SADB_X_SATYPE_IPCOMP;
5081 break;
5082 default:
5083 return 0;
5084 }
5085 /* NOTREACHED */
5086}
5087
5088/* %%% PF_KEY */
5089/*
5090 * SADB_GETSPI processing is to receive
5091 * <base, (SA2), src address, dst address, (SPI range)>
5092 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
5093 * tree with the status of LARVAL, and send
5094 * <base, SA(*), address(SD)>
5095 * to the IKMPd.
5096 *
5097 * IN: mhp: pointer to the pointer to each header.
5098 * OUT: NULL if fail.
5099 * other if success, return pointer to the message to send.
5100 */
5101static int
5102key_getspi(so, m, mhp)
5103 struct socket *so;
5104 struct mbuf *m;
5105 const struct sadb_msghdr *mhp;
5106{
5107 struct sadb_address *src0, *dst0;
5108 struct secasindex saidx;
5109 struct secashead *newsah;
5110 struct secasvar *newsav;
5111 u_int8_t proto;
5112 u_int32_t spi;
5113 u_int8_t mode;
5114 u_int32_t reqid;
5115 int error;
5116
5117 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
5118
5119 /* sanity check */
5120 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5121 panic("key_getspi: NULL pointer is passed.\n");
5122
5123 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5124 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5125 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
5126 return key_senderror(so, m, EINVAL);
5127 }
5128 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5129 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5130 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
5131 return key_senderror(so, m, EINVAL);
5132 }
5133 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
5134 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5135 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5136 } else {
5137 mode = IPSEC_MODE_ANY;
5138 reqid = 0;
5139 }
5140
5141 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5142 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5143
5144 /* map satype to proto */
5145 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5146 ipseclog((LOG_DEBUG, "key_getspi: invalid satype is passed.\n"));
5147 return key_senderror(so, m, EINVAL);
5148 }
5149
5150 /* make sure if port number is zero. */
5151 switch (((struct sockaddr *)(src0 + 1))->sa_family) {
5152 case AF_INET:
5153 if (((struct sockaddr *)(src0 + 1))->sa_len !=
5154 sizeof(struct sockaddr_in))
5155 return key_senderror(so, m, EINVAL);
5156 ((struct sockaddr_in *)(src0 + 1))->sin_port = 0;
5157 break;
5158 case AF_INET6:
5159 if (((struct sockaddr *)(src0 + 1))->sa_len !=
5160 sizeof(struct sockaddr_in6))
5161 return key_senderror(so, m, EINVAL);
5162 ((struct sockaddr_in6 *)(src0 + 1))->sin6_port = 0;
5163 break;
5164 default:
5165 ; /*???*/
5166 }
5167 switch (((struct sockaddr *)(dst0 + 1))->sa_family) {
5168 case AF_INET:
5169 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
5170 sizeof(struct sockaddr_in))
5171 return key_senderror(so, m, EINVAL);
5172 ((struct sockaddr_in *)(dst0 + 1))->sin_port = 0;
5173 break;
5174 case AF_INET6:
5175 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
5176 sizeof(struct sockaddr_in6))
5177 return key_senderror(so, m, EINVAL);
5178 ((struct sockaddr_in6 *)(dst0 + 1))->sin6_port = 0;
5179 break;
5180 default:
5181 ; /*???*/
5182 }
5183
5184 /* XXX boundary check against sa_len */
5185 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5186
5187 lck_mtx_lock(sadb_mutex);
5188
5189 /* SPI allocation */
5190 spi = key_do_getnewspi((struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE],
5191 &saidx);
5192 if (spi == 0) {
5193 lck_mtx_unlock(sadb_mutex);
5194 return key_senderror(so, m, EINVAL);
5195 }
5196
5197 /* get a SA index */
5198 if ((newsah = key_getsah(&saidx)) == NULL) {
5199 /* create a new SA index */
5200 if ((newsah = key_newsah(&saidx)) == NULL) {
5201 lck_mtx_unlock(sadb_mutex);
5202 ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n"));
5203 return key_senderror(so, m, ENOBUFS);
5204 }
5205 }
5206
5207 /* get a new SA */
5208 /* XXX rewrite */
5209 newsav = key_newsav(m, mhp, newsah, &error);
5210 if (newsav == NULL) {
5211 /* XXX don't free new SA index allocated in above. */
5212 lck_mtx_unlock(sadb_mutex);
5213 return key_senderror(so, m, error);
5214 }
5215
5216 /* set spi */
5217 key_setspi(newsav, htonl(spi));
5218
5219#ifndef IPSEC_NONBLOCK_ACQUIRE
5220 /* delete the entry in acqtree */
5221 if (mhp->msg->sadb_msg_seq != 0) {
5222 struct secacq *acq;
5223 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
5224 /* reset counter in order to deletion by timehandler. */
5225 struct timeval tv;
5226 microtime(&tv);
5227 acq->created = tv.tv_sec;
5228 acq->count = 0;
5229 }
5230 }
5231#endif
5232
5233 lck_mtx_unlock(sadb_mutex);
5234
5235 {
5236 struct mbuf *n, *nn;
5237 struct sadb_sa *m_sa;
5238 struct sadb_msg *newmsg;
5239 int off, len;
5240
5241 /* create new sadb_msg to reply. */
5242 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
5243 PFKEY_ALIGN8(sizeof(struct sadb_sa));
5244 if (len > MCLBYTES)
5245 return key_senderror(so, m, ENOBUFS);
5246
5247 MGETHDR(n, M_DONTWAIT, MT_DATA);
5248 if (len > MHLEN) {
5249 MCLGET(n, M_DONTWAIT);
5250 if ((n->m_flags & M_EXT) == 0) {
5251 m_freem(n);
5252 n = NULL;
5253 }
5254 }
5255 if (!n)
5256 return key_senderror(so, m, ENOBUFS);
5257
5258 n->m_len = len;
5259 n->m_next = NULL;
5260 off = 0;
5261
5262 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
5263 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
5264
5265 m_sa = (struct sadb_sa *)(mtod(n, caddr_t) + off);
5266 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
5267 m_sa->sadb_sa_exttype = SADB_EXT_SA;
5268 m_sa->sadb_sa_spi = htonl(spi);
5269 off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
5270
5271#if DIAGNOSTIC
5272 if (off != len)
5273 panic("length inconsistency in key_getspi");
5274#endif
5275 {
5276 int mbufItems[] = {SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST};
5277 n->m_next = key_gather_mbuf(m, mhp, 0, sizeof(mbufItems)/sizeof(int), mbufItems);
5278 if (!n->m_next) {
5279 m_freem(n);
5280 return key_senderror(so, m, ENOBUFS);
5281 }
5282 }
5283
5284 if (n->m_len < sizeof(struct sadb_msg)) {
5285 n = m_pullup(n, sizeof(struct sadb_msg));
5286 if (n == NULL)
5287 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
5288 }
5289
5290 n->m_pkthdr.len = 0;
5291 for (nn = n; nn; nn = nn->m_next)
5292 n->m_pkthdr.len += nn->m_len;
5293
5294 newmsg = mtod(n, struct sadb_msg *);
5295 newmsg->sadb_msg_seq = newsav->seq;
5296 newmsg->sadb_msg_errno = 0;
5297 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5298
5299 m_freem(m);
5300 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
5301 }
5302}
5303
5304/*
5305 * allocating new SPI
5306 * called by key_getspi().
5307 * OUT:
5308 * 0: failure.
5309 * others: success.
5310 */
5311static u_int32_t
5312key_do_getnewspi(spirange, saidx)
5313 struct sadb_spirange *spirange;
5314 struct secasindex *saidx;
5315{
5316 u_int32_t newspi;
5317 u_int32_t keymin, keymax;
5318 int count = key_spi_trycnt;
5319
5320 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
5321
5322 /* set spi range to allocate */
5323 if (spirange != NULL) {
5324 keymin = spirange->sadb_spirange_min;
5325 keymax = spirange->sadb_spirange_max;
5326 } else {
5327 keymin = key_spi_minval;
5328 keymax = key_spi_maxval;
5329 }
5330 /* IPCOMP needs 2-byte SPI */
5331 if (saidx->proto == IPPROTO_IPCOMP) {
5332 u_int32_t t;
5333 if (keymin >= 0x10000)
5334 keymin = 0xffff;
5335 if (keymax >= 0x10000)
5336 keymax = 0xffff;
5337 if (keymin > keymax) {
5338 t = keymin; keymin = keymax; keymax = t;
5339 }
5340 }
5341
5342 if (keymin == keymax) {
5343 if (key_checkspidup(saidx, keymin) != NULL) {
5344 ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", keymin));
5345 return 0;
5346 }
5347
5348 count--; /* taking one cost. */
5349 newspi = keymin;
5350
5351 } else {
5352
5353 u_long range = keymax - keymin + 1; /* overflow value of zero means full range */
5354
5355 /* init SPI */
5356 newspi = 0;
5357
5358 /* when requesting to allocate spi ranged */
5359 while (count--) {
5360 u_long rand_val = key_random();
5361
5362 /* generate pseudo-random SPI value ranged. */
5363 newspi = (range == 0 ? rand_val : keymin + (rand_val % range));
5364
5365 if (key_checkspidup(saidx, newspi) == NULL)
5366 break;
5367 }
5368
5369 if (count == 0 || newspi == 0) {
5370 ipseclog((LOG_DEBUG, "key_do_getnewspi: to allocate spi is failed.\n"));
5371 return 0;
5372 }
5373 }
5374
5375 /* statistics */
5376 keystat.getspi_count =
5377 (keystat.getspi_count + key_spi_trycnt - count) / 2;
5378
5379 return newspi;
5380}
5381
5382/*
5383 * SADB_UPDATE processing
5384 * receive
5385 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5386 * key(AE), (identity(SD),) (sensitivity)>
5387 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
5388 * and send
5389 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5390 * (identity(SD),) (sensitivity)>
5391 * to the ikmpd.
5392 *
5393 * m will always be freed.
5394 */
5395static int
5396key_update(so, m, mhp)
5397 struct socket *so;
5398 struct mbuf *m;
5399 const struct sadb_msghdr *mhp;
5400{
5401 struct sadb_sa *sa0;
5402 struct sadb_address *src0, *dst0;
5403 struct secasindex saidx;
5404 struct secashead *sah;
5405 struct secasvar *sav;
5406 u_int16_t proto;
5407 u_int8_t mode;
5408 u_int32_t reqid;
5409 int error;
5410
5411 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
5412
5413 /* sanity check */
5414 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5415 panic("key_update: NULL pointer is passed.\n");
5416
5417 /* map satype to proto */
5418 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5419 ipseclog((LOG_DEBUG, "key_update: invalid satype is passed.\n"));
5420 return key_senderror(so, m, EINVAL);
5421 }
5422
5423 if (mhp->ext[SADB_EXT_SA] == NULL ||
5424 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5425 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
5426 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
5427 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
5428 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
5429 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
5430 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
5431 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
5432 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
5433 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
5434 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
5435 return key_senderror(so, m, EINVAL);
5436 }
5437 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
5438 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5439 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5440 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
5441 return key_senderror(so, m, EINVAL);
5442 }
5443 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
5444 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5445 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5446 } else {
5447 mode = IPSEC_MODE_ANY;
5448 reqid = 0;
5449 }
5450 /* XXX boundary checking for other extensions */
5451
5452 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5453 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5454 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5455
5456 /* XXX boundary check against sa_len */
5457 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5458
5459 lck_mtx_lock(sadb_mutex);
5460
5461 /* get a SA header */
5462 if ((sah = key_getsah(&saidx)) == NULL) {
5463 lck_mtx_unlock(sadb_mutex);
5464 ipseclog((LOG_DEBUG, "key_update: no SA index found.\n"));
5465 return key_senderror(so, m, ENOENT);
5466 }
5467
5468 /* set spidx if there */
5469 /* XXX rewrite */
5470 error = key_setident(sah, m, mhp);
5471 if (error) {
5472 lck_mtx_unlock(sadb_mutex);
5473 return key_senderror(so, m, error);
5474 }
5475
5476 /* find a SA with sequence number. */
5477#if IPSEC_DOSEQCHECK
5478 if (mhp->msg->sadb_msg_seq != 0
5479 && (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
5480 lck_mtx_unlock(sadb_mutex);
5481 ipseclog((LOG_DEBUG,
5482 "key_update: no larval SA with sequence %u exists.\n",
5483 mhp->msg->sadb_msg_seq));
5484 return key_senderror(so, m, ENOENT);
5485 }
5486#else
5487 if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) {
5488 lck_mtx_unlock(sadb_mutex);
5489 ipseclog((LOG_DEBUG,
5490 "key_update: no such a SA found (spi:%u)\n",
5491 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
5492 return key_senderror(so, m, EINVAL);
5493 }
5494#endif
5495
5496 /* validity check */
5497 if (sav->sah->saidx.proto != proto) {
5498 lck_mtx_unlock(sadb_mutex);
5499 ipseclog((LOG_DEBUG,
5500 "key_update: protocol mismatched (DB=%u param=%u)\n",
5501 sav->sah->saidx.proto, proto));
5502 return key_senderror(so, m, EINVAL);
5503 }
5504#if IPSEC_DOSEQCHECK
5505 if (sav->spi != sa0->sadb_sa_spi) {
5506 lck_mtx_unlock(sadb_mutex);
5507 ipseclog((LOG_DEBUG,
5508 "key_update: SPI mismatched (DB:%u param:%u)\n",
5509 (u_int32_t)ntohl(sav->spi),
5510 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
5511 return key_senderror(so, m, EINVAL);
5512 }
5513#endif
5514 if (sav->pid != mhp->msg->sadb_msg_pid) {
5515 lck_mtx_unlock(sadb_mutex);
5516 ipseclog((LOG_DEBUG,
5517 "key_update: pid mismatched (DB:%u param:%u)\n",
5518 sav->pid, mhp->msg->sadb_msg_pid));
5519 return key_senderror(so, m, EINVAL);
5520 }
5521
5522 /* copy sav values */
5523 error = key_setsaval(sav, m, mhp);
5524 if (error) {
5525 key_freesav(sav, KEY_SADB_LOCKED);
5526 lck_mtx_unlock(sadb_mutex);
5527 return key_senderror(so, m, error);
5528 }
5529
5530 /*
5531 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
5532 * this SA is for transport mode - otherwise clear it.
5533 */
5534 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0 &&
5535 (sav->sah->saidx.mode != IPSEC_MODE_TRANSPORT ||
5536 sav->sah->saidx.src.ss_family != AF_INET))
5537 sav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
5538
5539 /* check SA values to be mature. */
5540 if ((error = key_mature(sav)) != 0) {
5541 key_freesav(sav, KEY_SADB_LOCKED);
5542 lck_mtx_unlock(sadb_mutex);
5543 return key_senderror(so, m, error);
5544 }
5545
5546 lck_mtx_unlock(sadb_mutex);
5547
5548 {
5549 struct mbuf *n;
5550
5551 /* set msg buf from mhp */
5552 n = key_getmsgbuf_x1(m, mhp);
5553 if (n == NULL) {
5554 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
5555 return key_senderror(so, m, ENOBUFS);
5556 }
5557
5558 m_freem(m);
5559 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5560 }
5561}
5562
5563/*
5564 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
5565 * only called by key_update().
5566 * OUT:
5567 * NULL : not found
5568 * others : found, pointer to a SA.
5569 */
5570#if IPSEC_DOSEQCHECK
5571static struct secasvar *
5572key_getsavbyseq(sah, seq)
5573 struct secashead *sah;
5574 u_int32_t seq;
5575{
5576 struct secasvar *sav;
5577 u_int state;
5578
5579 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
5580
5581 state = SADB_SASTATE_LARVAL;
5582
5583 /* search SAD with sequence number ? */
5584 LIST_FOREACH(sav, &sah->savtree[state], chain) {
5585
5586 KEY_CHKSASTATE(state, sav->state, "key_getsabyseq");
5587
5588 if (sav->seq == seq) {
5589 sav->refcnt++;
5590 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
5591 printf("DP key_getsavbyseq cause "
5592 "refcnt++:%d SA:%p\n",
5593 sav->refcnt, sav));
5594 return sav;
5595 }
5596 }
5597
5598 return NULL;
5599}
5600#endif
5601
5602/*
5603 * SADB_ADD processing
5604 * add a entry to SA database, when received
5605 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5606 * key(AE), (identity(SD),) (sensitivity)>
5607 * from the ikmpd,
5608 * and send
5609 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
5610 * (identity(SD),) (sensitivity)>
5611 * to the ikmpd.
5612 *
5613 * IGNORE identity and sensitivity messages.
5614 *
5615 * m will always be freed.
5616 */
5617static int
5618key_add(so, m, mhp)
5619 struct socket *so;
5620 struct mbuf *m;
5621 const struct sadb_msghdr *mhp;
5622{
5623 struct sadb_sa *sa0;
5624 struct sadb_address *src0, *dst0;
5625 struct secasindex saidx;
5626 struct secashead *newsah;
5627 struct secasvar *newsav;
5628 u_int16_t proto;
5629 u_int8_t mode;
5630 u_int32_t reqid;
5631 int error;
5632
5633 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
5634
5635 /* sanity check */
5636 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5637 panic("key_add: NULL pointer is passed.\n");
5638
5639 /* map satype to proto */
5640 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5641 ipseclog((LOG_DEBUG, "key_add: invalid satype is passed.\n"));
5642 return key_senderror(so, m, EINVAL);
5643 }
5644
5645 if (mhp->ext[SADB_EXT_SA] == NULL ||
5646 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5647 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
5648 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
5649 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
5650 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
5651 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
5652 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
5653 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
5654 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
5655 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
5656 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
5657 return key_senderror(so, m, EINVAL);
5658 }
5659 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
5660 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5661 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5662 /* XXX need more */
5663 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
5664 return key_senderror(so, m, EINVAL);
5665 }
5666 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
5667 mode = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
5668 reqid = ((struct sadb_x_sa2 *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
5669 } else {
5670 mode = IPSEC_MODE_ANY;
5671 reqid = 0;
5672 }
5673
5674 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5675 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
5676 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
5677
5678 /* XXX boundary check against sa_len */
5679 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
5680
5681 lck_mtx_lock(sadb_mutex);
5682
5683 /* get a SA header */
5684 if ((newsah = key_getsah(&saidx)) == NULL) {
5685 /* create a new SA header */
5686 if ((newsah = key_newsah(&saidx)) == NULL) {
5687 lck_mtx_unlock(sadb_mutex);
5688 ipseclog((LOG_DEBUG, "key_add: No more memory.\n"));
5689 return key_senderror(so, m, ENOBUFS);
5690 }
5691 }
5692
5693 /* set spidx if there */
5694 /* XXX rewrite */
5695 error = key_setident(newsah, m, mhp);
5696 if (error) {
5697 lck_mtx_unlock(sadb_mutex);
5698 return key_senderror(so, m, error);
5699 }
5700
5701 /* create new SA entry. */
5702 /* We can create new SA only if SPI is different. */
5703 if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) {
5704 lck_mtx_unlock(sadb_mutex);
5705 ipseclog((LOG_DEBUG, "key_add: SA already exists.\n"));
5706 return key_senderror(so, m, EEXIST);
5707 }
5708 newsav = key_newsav(m, mhp, newsah, &error);
5709 if (newsav == NULL) {
5710 lck_mtx_unlock(sadb_mutex);
5711 return key_senderror(so, m, error);
5712 }
5713
5714 /*
5715 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
5716 * this SA is for transport mode - otherwise clear it.
5717 */
5718 if ((newsav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0 &&
5719 (newsah->saidx.mode != IPSEC_MODE_TRANSPORT ||
5720 newsah->saidx.dst.ss_family != AF_INET))
5721 newsav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
5722
5723 /* check SA values to be mature. */
5724 if ((error = key_mature(newsav)) != 0) {
5725 key_freesav(newsav, KEY_SADB_LOCKED);
5726 lck_mtx_unlock(sadb_mutex);
5727 return key_senderror(so, m, error);
5728 }
5729
5730 lck_mtx_unlock(sadb_mutex);
5731
5732 /*
5733 * don't call key_freesav() here, as we would like to keep the SA
5734 * in the database on success.
5735 */
5736
5737 {
5738 struct mbuf *n;
5739
5740 /* set msg buf from mhp */
5741 n = key_getmsgbuf_x1(m, mhp);
5742 if (n == NULL) {
5743 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
5744 return key_senderror(so, m, ENOBUFS);
5745 }
5746
5747 m_freem(m);
5748 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5749 }
5750}
5751
5752/* m is retained */
5753static int
5754key_setident(sah, m, mhp)
5755 struct secashead *sah;
5756 struct mbuf *m;
5757 const struct sadb_msghdr *mhp;
5758{
5759 const struct sadb_ident *idsrc, *iddst;
5760 int idsrclen, iddstlen;
5761
5762 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
5763
5764 /* sanity check */
5765 if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5766 panic("key_setident: NULL pointer is passed.\n");
5767
5768 /* don't make buffer if not there */
5769 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
5770 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5771 sah->idents = NULL;
5772 sah->identd = NULL;
5773 return 0;
5774 }
5775
5776 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
5777 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
5778 ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n"));
5779 return EINVAL;
5780 }
5781
5782 idsrc = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_SRC];
5783 iddst = (const struct sadb_ident *)mhp->ext[SADB_EXT_IDENTITY_DST];
5784 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
5785 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
5786
5787 /* validity check */
5788 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
5789 ipseclog((LOG_DEBUG, "key_setident: ident type mismatch.\n"));
5790 return EINVAL;
5791 }
5792
5793 switch (idsrc->sadb_ident_type) {
5794 case SADB_IDENTTYPE_PREFIX:
5795 case SADB_IDENTTYPE_FQDN:
5796 case SADB_IDENTTYPE_USERFQDN:
5797 default:
5798 /* XXX do nothing */
5799 sah->idents = NULL;
5800 sah->identd = NULL;
5801 return 0;
5802 }
5803
5804 /* make structure */
5805 KMALLOC_NOWAIT(sah->idents, struct sadb_ident *, idsrclen);
5806 if (sah->idents == NULL) {
5807 lck_mtx_unlock(sadb_mutex);
5808 KMALLOC_WAIT(sah->idents, struct sadb_ident *, idsrclen);
5809 lck_mtx_lock(sadb_mutex);
5810 if (sah->idents == NULL) {
5811 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
5812 return ENOBUFS;
5813 }
5814 }
5815 KMALLOC_NOWAIT(sah->identd, struct sadb_ident *, iddstlen);
5816 if (sah->identd == NULL) {
5817 lck_mtx_unlock(sadb_mutex);
5818 KMALLOC_WAIT(sah->identd, struct sadb_ident *, iddstlen);
5819 lck_mtx_lock(sadb_mutex);
5820 if (sah->identd == NULL) {
5821 KFREE(sah->idents);
5822 sah->idents = NULL;
5823 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
5824 return ENOBUFS;
5825 }
5826 }
5827 bcopy(idsrc, sah->idents, idsrclen);
5828 bcopy(iddst, sah->identd, iddstlen);
5829
5830 return 0;
5831}
5832
5833/*
5834 * m will not be freed on return.
5835 * it is caller's responsibility to free the result.
5836 */
5837static struct mbuf *
5838key_getmsgbuf_x1(m, mhp)
5839 struct mbuf *m;
5840 const struct sadb_msghdr *mhp;
5841{
5842 struct mbuf *n;
5843 int mbufItems[] = {SADB_EXT_RESERVED, SADB_EXT_SA,
5844 SADB_X_EXT_SA2, SADB_EXT_ADDRESS_SRC,
5845 SADB_EXT_ADDRESS_DST, SADB_EXT_LIFETIME_HARD,
5846 SADB_EXT_LIFETIME_SOFT, SADB_EXT_IDENTITY_SRC,
5847 SADB_EXT_IDENTITY_DST};
5848
5849 /* sanity check */
5850 if (m == NULL || mhp == NULL || mhp->msg == NULL)
5851 panic("key_getmsgbuf_x1: NULL pointer is passed.\n");
5852
5853 /* create new sadb_msg to reply. */
5854 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
5855 if (!n)
5856 return NULL;
5857
5858 if (n->m_len < sizeof(struct sadb_msg)) {
5859 n = m_pullup(n, sizeof(struct sadb_msg));
5860 if (n == NULL)
5861 return NULL;
5862 }
5863 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
5864 mtod(n, struct sadb_msg *)->sadb_msg_len =
5865 PFKEY_UNIT64(n->m_pkthdr.len);
5866
5867 return n;
5868}
5869
5870static int key_delete_all(struct socket *, struct mbuf *,
5871 const struct sadb_msghdr *, u_int16_t);
5872
5873/*
5874 * SADB_DELETE processing
5875 * receive
5876 * <base, SA(*), address(SD)>
5877 * from the ikmpd, and set SADB_SASTATE_DEAD,
5878 * and send,
5879 * <base, SA(*), address(SD)>
5880 * to the ikmpd.
5881 *
5882 * m will always be freed.
5883 */
5884static int
5885key_delete(so, m, mhp)
5886 struct socket *so;
5887 struct mbuf *m;
5888 const struct sadb_msghdr *mhp;
5889{
5890 struct sadb_sa *sa0;
5891 struct sadb_address *src0, *dst0;
5892 struct secasindex saidx;
5893 struct secashead *sah;
5894 struct secasvar *sav = NULL;
5895 u_int16_t proto;
5896
5897 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
5898
5899 /* sanity check */
5900 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
5901 panic("key_delete: NULL pointer is passed.\n");
5902
5903 /* map satype to proto */
5904 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
5905 ipseclog((LOG_DEBUG, "key_delete: invalid satype is passed.\n"));
5906 return key_senderror(so, m, EINVAL);
5907 }
5908
5909 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
5910 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
5911 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5912 return key_senderror(so, m, EINVAL);
5913 }
5914
5915 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
5916 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
5917 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5918 return key_senderror(so, m, EINVAL);
5919 }
5920
5921 lck_mtx_lock(sadb_mutex);
5922
5923 if (mhp->ext[SADB_EXT_SA] == NULL) {
5924 /*
5925 * Caller wants us to delete all non-LARVAL SAs
5926 * that match the src/dst. This is used during
5927 * IKE INITIAL-CONTACT.
5928 */
5929 ipseclog((LOG_DEBUG, "key_delete: doing delete all.\n"));
5930 /* key_delete_all will unlock sadb_mutex */
5931 return key_delete_all(so, m, mhp, proto);
5932 } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
5933 lck_mtx_unlock(sadb_mutex);
5934 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
5935 return key_senderror(so, m, EINVAL);
5936 }
5937
5938 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
5939 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
5940 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
5941
5942 /* XXX boundary check against sa_len */
5943 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
5944
5945 /* get a SA header */
5946 LIST_FOREACH(sah, &sahtree, chain) {
5947 if (sah->state == SADB_SASTATE_DEAD)
5948 continue;
5949 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
5950 continue;
5951
5952 /* get a SA with SPI. */
5953 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
5954 if (sav)
5955 break;
5956 }
5957 if (sah == NULL) {
5958 lck_mtx_unlock(sadb_mutex);
5959 ipseclog((LOG_DEBUG, "key_delete: no SA found.\n"));
5960 return key_senderror(so, m, ENOENT);
5961 }
5962
5963 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5964 key_freesav(sav, KEY_SADB_LOCKED);
5965
5966 lck_mtx_unlock(sadb_mutex);
5967 sav = NULL;
5968
5969 {
5970 struct mbuf *n;
5971 struct sadb_msg *newmsg;
5972 int mbufItems[] = {SADB_EXT_RESERVED, SADB_EXT_SA,
5973 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST};
5974
5975 /* create new sadb_msg to reply. */
5976 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
5977 if (!n)
5978 return key_senderror(so, m, ENOBUFS);
5979
5980 if (n->m_len < sizeof(struct sadb_msg)) {
5981 n = m_pullup(n, sizeof(struct sadb_msg));
5982 if (n == NULL)
5983 return key_senderror(so, m, ENOBUFS);
5984 }
5985 newmsg = mtod(n, struct sadb_msg *);
5986 newmsg->sadb_msg_errno = 0;
5987 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
5988
5989 m_freem(m);
5990 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
5991 }
5992}
5993
5994/*
5995 * delete all SAs for src/dst. Called from key_delete().
5996 */
5997static int
5998key_delete_all(so, m, mhp, proto)
5999 struct socket *so;
6000 struct mbuf *m;
6001 const struct sadb_msghdr *mhp;
6002 u_int16_t proto;
6003{
6004 struct sadb_address *src0, *dst0;
6005 struct secasindex saidx;
6006 struct secashead *sah;
6007 struct secasvar *sav, *nextsav;
6008 u_int stateidx, state;
6009
6010 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
6011
6012 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
6013 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
6014
6015 /* XXX boundary check against sa_len */
6016 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
6017
6018 LIST_FOREACH(sah, &sahtree, chain) {
6019 if (sah->state == SADB_SASTATE_DEAD)
6020 continue;
6021 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
6022 continue;
6023
6024 /* Delete all non-LARVAL SAs. */
6025 for (stateidx = 0;
6026 stateidx < _ARRAYLEN(saorder_state_alive);
6027 stateidx++) {
6028 state = saorder_state_alive[stateidx];
6029 if (state == SADB_SASTATE_LARVAL)
6030 continue;
6031 for (sav = LIST_FIRST(&sah->savtree[state]);
6032 sav != NULL; sav = nextsav) {
6033 nextsav = LIST_NEXT(sav, chain);
6034 /* sanity check */
6035 if (sav->state != state) {
6036 ipseclog((LOG_DEBUG, "key_delete_all: "
6037 "invalid sav->state "
6038 "(queue: %d SA: %d)\n",
6039 state, sav->state));
6040 continue;
6041 }
6042
6043 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
6044 key_freesav(sav, KEY_SADB_LOCKED);
6045 }
6046 }
6047 }
6048 lck_mtx_unlock(sadb_mutex);
6049
6050 {
6051 struct mbuf *n;
6052 struct sadb_msg *newmsg;
6053 int mbufItems[] = {SADB_EXT_RESERVED, SADB_EXT_ADDRESS_SRC,
6054 SADB_EXT_ADDRESS_DST};
6055
6056 /* create new sadb_msg to reply. */
6057 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
6058 if (!n)
6059 return key_senderror(so, m, ENOBUFS);
6060
6061 if (n->m_len < sizeof(struct sadb_msg)) {
6062 n = m_pullup(n, sizeof(struct sadb_msg));
6063 if (n == NULL)
6064 return key_senderror(so, m, ENOBUFS);
6065 }
6066 newmsg = mtod(n, struct sadb_msg *);
6067 newmsg->sadb_msg_errno = 0;
6068 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
6069
6070 m_freem(m);
6071 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
6072 }
6073}
6074
6075/*
6076 * SADB_GET processing
6077 * receive
6078 * <base, SA(*), address(SD)>
6079 * from the ikmpd, and get a SP and a SA to respond,
6080 * and send,
6081 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
6082 * (identity(SD),) (sensitivity)>
6083 * to the ikmpd.
6084 *
6085 * m will always be freed.
6086 */
6087static int
6088key_get(so, m, mhp)
6089 struct socket *so;
6090 struct mbuf *m;
6091 const struct sadb_msghdr *mhp;
6092{
6093 struct sadb_sa *sa0;
6094 struct sadb_address *src0, *dst0;
6095 struct secasindex saidx;
6096 struct secashead *sah;
6097 struct secasvar *sav = NULL;
6098 u_int16_t proto;
6099
6100 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
6101
6102 /* sanity check */
6103 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6104 panic("key_get: NULL pointer is passed.\n");
6105
6106 /* map satype to proto */
6107 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6108 ipseclog((LOG_DEBUG, "key_get: invalid satype is passed.\n"));
6109 return key_senderror(so, m, EINVAL);
6110 }
6111
6112 if (mhp->ext[SADB_EXT_SA] == NULL ||
6113 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
6114 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
6115 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
6116 return key_senderror(so, m, EINVAL);
6117 }
6118 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
6119 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
6120 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
6121 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
6122 return key_senderror(so, m, EINVAL);
6123 }
6124
6125 sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
6126 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
6127 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
6128
6129 /* XXX boundary check against sa_len */
6130 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
6131
6132 lck_mtx_lock(sadb_mutex);
6133
6134 /* get a SA header */
6135 LIST_FOREACH(sah, &sahtree, chain) {
6136 if (sah->state == SADB_SASTATE_DEAD)
6137 continue;
6138 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
6139 continue;
6140
6141 /* get a SA with SPI. */
6142 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
6143 if (sav)
6144 break;
6145 }
6146 if (sah == NULL) {
6147 lck_mtx_unlock(sadb_mutex);
6148 ipseclog((LOG_DEBUG, "key_get: no SA found.\n"));
6149 return key_senderror(so, m, ENOENT);
6150 }
6151
6152 {
6153 struct mbuf *n;
6154 u_int8_t satype;
6155
6156 /* map proto to satype */
6157 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
6158 lck_mtx_unlock(sadb_mutex);
6159 ipseclog((LOG_DEBUG, "key_get: there was invalid proto in SAD.\n"));
6160 return key_senderror(so, m, EINVAL);
6161 }
6162 lck_mtx_unlock(sadb_mutex);
6163
6164 /* create new sadb_msg to reply. */
6165 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
6166 mhp->msg->sadb_msg_pid);
6167
6168
6169
6170 if (!n)
6171 return key_senderror(so, m, ENOBUFS);
6172
6173 m_freem(m);
6174 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
6175 }
6176}
6177
6178/* XXX make it sysctl-configurable? */
6179static void
6180key_getcomb_setlifetime(comb)
6181 struct sadb_comb *comb;
6182{
6183
6184 comb->sadb_comb_soft_allocations = 1;
6185 comb->sadb_comb_hard_allocations = 1;
6186 comb->sadb_comb_soft_bytes = 0;
6187 comb->sadb_comb_hard_bytes = 0;
6188 comb->sadb_comb_hard_addtime = 86400; /* 1 day */
6189 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100;
6190 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */
6191 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
6192}
6193
6194#if IPSEC_ESP
6195/*
6196 * XXX reorder combinations by preference
6197 * XXX no idea if the user wants ESP authentication or not
6198 */
6199static struct mbuf *
6200key_getcomb_esp()
6201{
6202 struct sadb_comb *comb;
6203 const struct esp_algorithm *algo;
6204 struct mbuf *result = NULL, *m, *n;
6205 int encmin;
6206 int i, off, o;
6207 int totlen;
6208 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6209
6210 m = NULL;
6211 for (i = 1; i <= SADB_EALG_MAX; i++) {
6212 algo = esp_algorithm_lookup(i);
6213 if (!algo)
6214 continue;
6215
6216 if (algo->keymax < ipsec_esp_keymin)
6217 continue;
6218 if (algo->keymin < ipsec_esp_keymin)
6219 encmin = ipsec_esp_keymin;
6220 else
6221 encmin = algo->keymin;
6222
6223 if (ipsec_esp_auth)
6224 m = key_getcomb_ah();
6225 else {
6226#if DIAGNOSTIC
6227 if (l > MLEN)
6228 panic("assumption failed in key_getcomb_esp");
6229#endif
6230 MGET(m, M_DONTWAIT, MT_DATA);
6231 if (m) {
6232 M_ALIGN(m, l);
6233 m->m_len = l;
6234 m->m_next = NULL;
6235 bzero(mtod(m, caddr_t), m->m_len);
6236 }
6237 }
6238 if (!m)
6239 goto fail;
6240
6241 totlen = 0;
6242 for (n = m; n; n = n->m_next)
6243 totlen += n->m_len;
6244#if DIAGNOSTIC
6245 if (totlen % l)
6246 panic("assumption failed in key_getcomb_esp");
6247#endif
6248
6249 for (off = 0; off < totlen; off += l) {
6250 n = m_pulldown(m, off, l, &o);
6251 if (!n) {
6252 /* m is already freed */
6253 goto fail;
6254 }
6255 comb = (struct sadb_comb *)(mtod(n, caddr_t) + o);
6256 bzero(comb, sizeof(*comb));
6257 key_getcomb_setlifetime(comb);
6258 comb->sadb_comb_encrypt = i;
6259 comb->sadb_comb_encrypt_minbits = encmin;
6260 comb->sadb_comb_encrypt_maxbits = algo->keymax;
6261 }
6262
6263 if (!result)
6264 result = m;
6265 else
6266 m_cat(result, m);
6267 }
6268
6269 return result;
6270
6271 fail:
6272 if (result)
6273 m_freem(result);
6274 return NULL;
6275}
6276#endif
6277
6278/*
6279 * XXX reorder combinations by preference
6280 */
6281static struct mbuf *
6282key_getcomb_ah()
6283{
6284 struct sadb_comb *comb;
6285 const struct ah_algorithm *algo;
6286 struct mbuf *m;
6287 int keymin;
6288 int i;
6289 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6290
6291 m = NULL;
6292 for (i = 1; i <= SADB_AALG_MAX; i++) {
6293#if 1
6294 /* we prefer HMAC algorithms, not old algorithms */
6295 if (i != SADB_AALG_SHA1HMAC && i != SADB_AALG_MD5HMAC)
6296 continue;
6297#endif
6298 algo = ah_algorithm_lookup(i);
6299 if (!algo)
6300 continue;
6301
6302 if (algo->keymax < ipsec_ah_keymin)
6303 continue;
6304 if (algo->keymin < ipsec_ah_keymin)
6305 keymin = ipsec_ah_keymin;
6306 else
6307 keymin = algo->keymin;
6308
6309 if (!m) {
6310#if DIAGNOSTIC
6311 if (l > MLEN)
6312 panic("assumption failed in key_getcomb_ah");
6313#endif
6314 MGET(m, M_DONTWAIT, MT_DATA);
6315 if (m) {
6316 M_ALIGN(m, l);
6317 m->m_len = l;
6318 m->m_next = NULL;
6319 }
6320 } else
6321 M_PREPEND(m, l, M_DONTWAIT);
6322 if (!m)
6323 return NULL;
6324
6325 comb = mtod(m, struct sadb_comb *);
6326 bzero(comb, sizeof(*comb));
6327 key_getcomb_setlifetime(comb);
6328 comb->sadb_comb_auth = i;
6329 comb->sadb_comb_auth_minbits = keymin;
6330 comb->sadb_comb_auth_maxbits = algo->keymax;
6331 }
6332
6333 return m;
6334}
6335
6336/*
6337 * not really an official behavior. discussed in pf_key@inner.net in Sep2000.
6338 * XXX reorder combinations by preference
6339 */
6340static struct mbuf *
6341key_getcomb_ipcomp()
6342{
6343 struct sadb_comb *comb;
6344 const struct ipcomp_algorithm *algo;
6345 struct mbuf *m;
6346 int i;
6347 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
6348
6349 m = NULL;
6350 for (i = 1; i <= SADB_X_CALG_MAX; i++) {
6351 algo = ipcomp_algorithm_lookup(i);
6352 if (!algo)
6353 continue;
6354
6355 if (!m) {
6356#if DIAGNOSTIC
6357 if (l > MLEN)
6358 panic("assumption failed in key_getcomb_ipcomp");
6359#endif
6360 MGET(m, M_DONTWAIT, MT_DATA);
6361 if (m) {
6362 M_ALIGN(m, l);
6363 m->m_len = l;
6364 m->m_next = NULL;
6365 }
6366 } else
6367 M_PREPEND(m, l, M_DONTWAIT);
6368 if (!m)
6369 return NULL;
6370
6371 comb = mtod(m, struct sadb_comb *);
6372 bzero(comb, sizeof(*comb));
6373 key_getcomb_setlifetime(comb);
6374 comb->sadb_comb_encrypt = i;
6375 /* what should we set into sadb_comb_*_{min,max}bits? */
6376 }
6377
6378 return m;
6379}
6380
6381/*
6382 * XXX no way to pass mode (transport/tunnel) to userland
6383 * XXX replay checking?
6384 * XXX sysctl interface to ipsec_{ah,esp}_keymin
6385 */
6386static struct mbuf *
6387key_getprop(saidx)
6388 const struct secasindex *saidx;
6389{
6390 struct sadb_prop *prop;
6391 struct mbuf *m, *n;
6392 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
6393 int totlen;
6394
6395 switch (saidx->proto) {
6396#if IPSEC_ESP
6397 case IPPROTO_ESP:
6398 m = key_getcomb_esp();
6399 break;
6400#endif
6401 case IPPROTO_AH:
6402 m = key_getcomb_ah();
6403 break;
6404 case IPPROTO_IPCOMP:
6405 m = key_getcomb_ipcomp();
6406 break;
6407 default:
6408 return NULL;
6409 }
6410
6411 if (!m)
6412 return NULL;
6413 M_PREPEND(m, l, M_DONTWAIT);
6414 if (!m)
6415 return NULL;
6416
6417 totlen = 0;
6418 for (n = m; n; n = n->m_next)
6419 totlen += n->m_len;
6420
6421 prop = mtod(m, struct sadb_prop *);
6422 bzero(prop, sizeof(*prop));
6423 prop->sadb_prop_len = PFKEY_UNIT64(totlen);
6424 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
6425 prop->sadb_prop_replay = 32; /* XXX */
6426
6427 return m;
6428}
6429
6430/*
6431 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
6432 * send
6433 * <base, SA, address(SD), (address(P)), x_policy,
6434 * (identity(SD),) (sensitivity,) proposal>
6435 * to KMD, and expect to receive
6436 * <base> with SADB_ACQUIRE if error occurred,
6437 * or
6438 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
6439 * from KMD by PF_KEY.
6440 *
6441 * XXX x_policy is outside of RFC2367 (KAME extension).
6442 * XXX sensitivity is not supported.
6443 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
6444 * see comment for key_getcomb_ipcomp().
6445 *
6446 * OUT:
6447 * 0 : succeed
6448 * others: error number
6449 */
6450static int
6451key_acquire(saidx, sp)
6452 struct secasindex *saidx;
6453 struct secpolicy *sp;
6454{
6455 struct mbuf *result = NULL, *m;
6456#ifndef IPSEC_NONBLOCK_ACQUIRE
6457 struct secacq *newacq;
6458#endif
6459 u_int8_t satype;
6460 int error = -1;
6461 u_int32_t seq;
6462
6463 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
6464
6465 /* sanity check */
6466 if (saidx == NULL)
6467 panic("key_acquire: NULL pointer is passed.\n");
6468 if ((satype = key_proto2satype(saidx->proto)) == 0)
6469 panic("key_acquire: invalid proto is passed.\n");
6470
6471#ifndef IPSEC_NONBLOCK_ACQUIRE
6472 /*
6473 * We never do anything about acquirng SA. There is anather
6474 * solution that kernel blocks to send SADB_ACQUIRE message until
6475 * getting something message from IKEd. In later case, to be
6476 * managed with ACQUIRING list.
6477 */
6478 /* get a entry to check whether sending message or not. */
6479 lck_mtx_lock(sadb_mutex);
6480 if ((newacq = key_getacq(saidx)) != NULL) {
6481 if (key_blockacq_count < newacq->count) {
6482 /* reset counter and do send message. */
6483 newacq->count = 0;
6484 } else {
6485 /* increment counter and do nothing. */
6486 newacq->count++;
6487 lck_mtx_unlock(sadb_mutex);
6488 return 0;
6489 }
6490 } else {
6491 /* make new entry for blocking to send SADB_ACQUIRE. */
6492 if ((newacq = key_newacq(saidx)) == NULL) {
6493 lck_mtx_unlock(sadb_mutex);
6494 return ENOBUFS;
6495 }
6496
6497 /* add to acqtree */
6498 LIST_INSERT_HEAD(&acqtree, newacq, chain);
6499 }
6500 seq = newacq->seq;
6501 lck_mtx_unlock(sadb_mutex);
6502
6503#else
6504 seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
6505#endif
6506 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
6507 if (!m) {
6508 error = ENOBUFS;
6509 goto fail;
6510 }
6511 result = m;
6512
6513 /* set sadb_address for saidx's. */
6514 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
6515 (struct sockaddr *)&saidx->src, FULLMASK, IPSEC_ULPROTO_ANY);
6516 if (!m) {
6517 error = ENOBUFS;
6518 goto fail;
6519 }
6520 m_cat(result, m);
6521
6522 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
6523 (struct sockaddr *)&saidx->dst, FULLMASK, IPSEC_ULPROTO_ANY);
6524 if (!m) {
6525 error = ENOBUFS;
6526 goto fail;
6527 }
6528 m_cat(result, m);
6529
6530 /* XXX proxy address (optional) */
6531
6532 /* set sadb_x_policy */
6533 if (sp) {
6534 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id);
6535 if (!m) {
6536 error = ENOBUFS;
6537 goto fail;
6538 }
6539 m_cat(result, m);
6540 }
6541
6542 /* XXX identity (optional) */
6543#if 0
6544 if (idexttype && fqdn) {
6545 /* create identity extension (FQDN) */
6546 struct sadb_ident *id;
6547 int fqdnlen;
6548
6549 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */
6550 id = (struct sadb_ident *)p;
6551 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
6552 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
6553 id->sadb_ident_exttype = idexttype;
6554 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
6555 bcopy(fqdn, id + 1, fqdnlen);
6556 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
6557 }
6558
6559 if (idexttype) {
6560 /* create identity extension (USERFQDN) */
6561 struct sadb_ident *id;
6562 int userfqdnlen;
6563
6564 if (userfqdn) {
6565 /* +1 for terminating-NUL */
6566 userfqdnlen = strlen(userfqdn) + 1;
6567 } else
6568 userfqdnlen = 0;
6569 id = (struct sadb_ident *)p;
6570 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
6571 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
6572 id->sadb_ident_exttype = idexttype;
6573 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
6574 /* XXX is it correct? */
6575 if (curproc && curproc->p_cred)
6576 id->sadb_ident_id = curproc->p_cred->p_ruid;
6577 if (userfqdn && userfqdnlen)
6578 bcopy(userfqdn, id + 1, userfqdnlen);
6579 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
6580 }
6581#endif
6582
6583 /* XXX sensitivity (optional) */
6584
6585 /* create proposal/combination extension */
6586 m = key_getprop(saidx);
6587#if 0
6588 /*
6589 * spec conformant: always attach proposal/combination extension,
6590 * the problem is that we have no way to attach it for ipcomp,
6591 * due to the way sadb_comb is declared in RFC2367.
6592 */
6593 if (!m) {
6594 error = ENOBUFS;
6595 goto fail;
6596 }
6597 m_cat(result, m);
6598#else
6599 /*
6600 * outside of spec; make proposal/combination extension optional.
6601 */
6602 if (m)
6603 m_cat(result, m);
6604#endif
6605
6606 if ((result->m_flags & M_PKTHDR) == 0) {
6607 error = EINVAL;
6608 goto fail;
6609 }
6610
6611 if (result->m_len < sizeof(struct sadb_msg)) {
6612 result = m_pullup(result, sizeof(struct sadb_msg));
6613 if (result == NULL) {
6614 error = ENOBUFS;
6615 goto fail;
6616 }
6617 }
6618
6619 result->m_pkthdr.len = 0;
6620 for (m = result; m; m = m->m_next)
6621 result->m_pkthdr.len += m->m_len;
6622
6623 mtod(result, struct sadb_msg *)->sadb_msg_len =
6624 PFKEY_UNIT64(result->m_pkthdr.len);
6625
6626 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
6627
6628 fail:
6629 if (result)
6630 m_freem(result);
6631 return error;
6632}
6633
6634#ifndef IPSEC_NONBLOCK_ACQUIRE
6635static struct secacq *
6636key_newacq(saidx)
6637 struct secasindex *saidx;
6638{
6639 struct secacq *newacq;
6640 struct timeval tv;
6641
6642 /* get new entry */
6643 KMALLOC_NOWAIT(newacq, struct secacq *, sizeof(struct secacq));
6644 if (newacq == NULL) {
6645 lck_mtx_unlock(sadb_mutex);
6646 KMALLOC_WAIT(newacq, struct secacq *, sizeof(struct secacq));
6647 lck_mtx_lock(sadb_mutex);
6648 if (newacq == NULL) {
6649 ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n"));
6650 return NULL;
6651 }
6652 }
6653 bzero(newacq, sizeof(*newacq));
6654
6655 /* copy secindex */
6656 bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx));
6657 newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq);
6658 microtime(&tv);
6659 newacq->created = tv.tv_sec;
6660 newacq->count = 0;
6661
6662 return newacq;
6663}
6664
6665static struct secacq *
6666key_getacq(saidx)
6667 struct secasindex *saidx;
6668{
6669 struct secacq *acq;
6670
6671 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
6672
6673 LIST_FOREACH(acq, &acqtree, chain) {
6674 if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY))
6675 return acq;
6676 }
6677
6678 return NULL;
6679}
6680
6681static struct secacq *
6682key_getacqbyseq(seq)
6683 u_int32_t seq;
6684{
6685 struct secacq *acq;
6686
6687 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
6688
6689 LIST_FOREACH(acq, &acqtree, chain) {
6690 if (acq->seq == seq)
6691 return acq;
6692 }
6693
6694 return NULL;
6695}
6696#endif
6697
6698static struct secspacq *
6699key_newspacq(spidx)
6700 struct secpolicyindex *spidx;
6701{
6702 struct secspacq *acq;
6703 struct timeval tv;
6704
6705 /* get new entry */
6706 KMALLOC_NOWAIT(acq, struct secspacq *, sizeof(struct secspacq));
6707 if (acq == NULL) {
6708 lck_mtx_unlock(sadb_mutex);
6709 KMALLOC_WAIT(acq, struct secspacq *, sizeof(struct secspacq));
6710 lck_mtx_lock(sadb_mutex);
6711 if (acq == NULL) {
6712 ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n"));
6713 return NULL;
6714 }
6715 }
6716 bzero(acq, sizeof(*acq));
6717
6718 /* copy secindex */
6719 bcopy(spidx, &acq->spidx, sizeof(acq->spidx));
6720 microtime(&tv);
6721 acq->created = tv.tv_sec;
6722 acq->count = 0;
6723
6724 return acq;
6725}
6726
6727static struct secspacq *
6728key_getspacq(spidx)
6729 struct secpolicyindex *spidx;
6730{
6731 struct secspacq *acq;
6732
6733 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
6734
6735 LIST_FOREACH(acq, &spacqtree, chain) {
6736 if (key_cmpspidx_exactly(spidx, &acq->spidx))
6737 return acq;
6738 }
6739
6740 return NULL;
6741}
6742
6743/*
6744 * SADB_ACQUIRE processing,
6745 * in first situation, is receiving
6746 * <base>
6747 * from the ikmpd, and clear sequence of its secasvar entry.
6748 *
6749 * In second situation, is receiving
6750 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
6751 * from a user land process, and return
6752 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
6753 * to the socket.
6754 *
6755 * m will always be freed.
6756 */
6757static int
6758key_acquire2(so, m, mhp)
6759 struct socket *so;
6760 struct mbuf *m;
6761 const struct sadb_msghdr *mhp;
6762{
6763 const struct sadb_address *src0, *dst0;
6764 struct secasindex saidx;
6765 struct secashead *sah;
6766 u_int16_t proto;
6767 int error;
6768
6769
6770 /* sanity check */
6771 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6772 panic("key_acquire2: NULL pointer is passed.\n");
6773
6774 /*
6775 * Error message from KMd.
6776 * We assume that if error was occurred in IKEd, the length of PFKEY
6777 * message is equal to the size of sadb_msg structure.
6778 * We do not raise error even if error occurred in this function.
6779 */
6780 lck_mtx_lock(sadb_mutex);
6781
6782 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
6783#ifndef IPSEC_NONBLOCK_ACQUIRE
6784 struct secacq *acq;
6785 struct timeval tv;
6786
6787 /* check sequence number */
6788 if (mhp->msg->sadb_msg_seq == 0) {
6789 lck_mtx_unlock(sadb_mutex);
6790 ipseclog((LOG_DEBUG, "key_acquire2: must specify sequence number.\n"));
6791 m_freem(m);
6792 return 0;
6793 }
6794
6795 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) {
6796 /*
6797 * the specified larval SA is already gone, or we got
6798 * a bogus sequence number. we can silently ignore it.
6799 */
6800 lck_mtx_unlock(sadb_mutex);
6801 m_freem(m);
6802 return 0;
6803 }
6804
6805 /* reset acq counter in order to deletion by timehander. */
6806 microtime(&tv);
6807 acq->created = tv.tv_sec;
6808 acq->count = 0;
6809#endif
6810 lck_mtx_unlock(sadb_mutex);
6811 m_freem(m);
6812 return 0;
6813 }
6814
6815 /*
6816 * This message is from user land.
6817 */
6818
6819 /* map satype to proto */
6820 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6821 lck_mtx_unlock(sadb_mutex);
6822 ipseclog((LOG_DEBUG, "key_acquire2: invalid satype is passed.\n"));
6823 return key_senderror(so, m, EINVAL);
6824 }
6825
6826 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
6827 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
6828 mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
6829 /* error */
6830 lck_mtx_unlock(sadb_mutex);
6831 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
6832 return key_senderror(so, m, EINVAL);
6833 }
6834 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
6835 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
6836 mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
6837 /* error */
6838 lck_mtx_unlock(sadb_mutex);
6839 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
6840 return key_senderror(so, m, EINVAL);
6841 }
6842
6843 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
6844 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
6845
6846 /* XXX boundary check against sa_len */
6847 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx);
6848
6849 /* get a SA index */
6850 LIST_FOREACH(sah, &sahtree, chain) {
6851 if (sah->state == SADB_SASTATE_DEAD)
6852 continue;
6853 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE | CMP_REQID))
6854 break;
6855 }
6856 if (sah != NULL) {
6857 lck_mtx_unlock(sadb_mutex);
6858 ipseclog((LOG_DEBUG, "key_acquire2: a SA exists already.\n"));
6859 return key_senderror(so, m, EEXIST);
6860 }
6861 lck_mtx_unlock(sadb_mutex);
6862 error = key_acquire(&saidx, NULL);
6863 if (error != 0) {
6864 ipseclog((LOG_DEBUG, "key_acquire2: error %d returned "
6865 "from key_acquire.\n", mhp->msg->sadb_msg_errno));
6866 return key_senderror(so, m, error);
6867 }
6868
6869 return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
6870}
6871
6872/*
6873 * SADB_REGISTER processing.
6874 * If SATYPE_UNSPEC has been passed as satype, only return sadb_supported.
6875 * receive
6876 * <base>
6877 * from the ikmpd, and register a socket to send PF_KEY messages,
6878 * and send
6879 * <base, supported>
6880 * to KMD by PF_KEY.
6881 * If socket is detached, must free from regnode.
6882 *
6883 * m will always be freed.
6884 */
6885static int
6886key_register(so, m, mhp)
6887 struct socket *so;
6888 struct mbuf *m;
6889 const struct sadb_msghdr *mhp;
6890{
6891 struct secreg *reg, *newreg = 0;
6892
6893 /* sanity check */
6894 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6895 panic("key_register: NULL pointer is passed.\n");
6896
6897 /* check for invalid register message */
6898 if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0]))
6899 return key_senderror(so, m, EINVAL);
6900
6901 /* When SATYPE_UNSPEC is specified, only return sadb_supported. */
6902 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
6903 goto setmsg;
6904
6905 /* create regnode */
6906 KMALLOC_WAIT(newreg, struct secreg *, sizeof(*newreg));
6907 if (newreg == NULL) {
6908 ipseclog((LOG_DEBUG, "key_register: No more memory.\n"));
6909 return key_senderror(so, m, ENOBUFS);
6910 }
6911 bzero((caddr_t)newreg, sizeof(*newreg));
6912
6913 lck_mtx_lock(sadb_mutex);
6914 /* check whether existing or not */
6915 LIST_FOREACH(reg, &regtree[mhp->msg->sadb_msg_satype], chain) {
6916 if (reg->so == so) {
6917 lck_mtx_unlock(sadb_mutex);
6918 ipseclog((LOG_DEBUG, "key_register: socket exists already.\n"));
6919 KFREE(newreg);
6920 return key_senderror(so, m, EEXIST);
6921 }
6922 }
6923
6924 socket_lock(so, 1);
6925 newreg->so = so;
6926 ((struct keycb *)sotorawcb(so))->kp_registered++;
6927 socket_unlock(so, 1);
6928
6929 /* add regnode to regtree. */
6930 LIST_INSERT_HEAD(&regtree[mhp->msg->sadb_msg_satype], newreg, chain);
6931 lck_mtx_unlock(sadb_mutex);
6932 setmsg:
6933 {
6934 struct mbuf *n;
6935 struct sadb_msg *newmsg;
6936 struct sadb_supported *sup;
6937 u_int len, alen, elen;
6938 int off;
6939 int i;
6940 struct sadb_alg *alg;
6941
6942 /* create new sadb_msg to reply. */
6943 alen = 0;
6944 for (i = 1; i <= SADB_AALG_MAX; i++) {
6945 if (ah_algorithm_lookup(i))
6946 alen += sizeof(struct sadb_alg);
6947 }
6948 if (alen)
6949 alen += sizeof(struct sadb_supported);
6950 elen = 0;
6951#if IPSEC_ESP
6952 for (i = 1; i <= SADB_EALG_MAX; i++) {
6953 if (esp_algorithm_lookup(i))
6954 elen += sizeof(struct sadb_alg);
6955 }
6956 if (elen)
6957 elen += sizeof(struct sadb_supported);
6958#endif
6959
6960 len = sizeof(struct sadb_msg) + alen + elen;
6961
6962 if (len > MCLBYTES)
6963 return key_senderror(so, m, ENOBUFS);
6964
6965 MGETHDR(n, M_DONTWAIT, MT_DATA);
6966 if (len > MHLEN) {
6967 MCLGET(n, M_DONTWAIT);
6968 if ((n->m_flags & M_EXT) == 0) {
6969 m_freem(n);
6970 n = NULL;
6971 }
6972 }
6973 if (!n)
6974 return key_senderror(so, m, ENOBUFS);
6975
6976 n->m_pkthdr.len = n->m_len = len;
6977 n->m_next = NULL;
6978 off = 0;
6979
6980 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
6981 newmsg = mtod(n, struct sadb_msg *);
6982 newmsg->sadb_msg_errno = 0;
6983 newmsg->sadb_msg_len = PFKEY_UNIT64(len);
6984 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
6985
6986 /* for authentication algorithm */
6987 if (alen) {
6988 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
6989 sup->sadb_supported_len = PFKEY_UNIT64(alen);
6990 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
6991 off += PFKEY_ALIGN8(sizeof(*sup));
6992
6993 for (i = 1; i <= SADB_AALG_MAX; i++) {
6994 const struct ah_algorithm *aalgo;
6995
6996 aalgo = ah_algorithm_lookup(i);
6997 if (!aalgo)
6998 continue;
6999 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
7000 alg->sadb_alg_id = i;
7001 alg->sadb_alg_ivlen = 0;
7002 alg->sadb_alg_minbits = aalgo->keymin;
7003 alg->sadb_alg_maxbits = aalgo->keymax;
7004 off += PFKEY_ALIGN8(sizeof(*alg));
7005 }
7006 }
7007
7008#if IPSEC_ESP
7009 /* for encryption algorithm */
7010 if (elen) {
7011 sup = (struct sadb_supported *)(mtod(n, caddr_t) + off);
7012 sup->sadb_supported_len = PFKEY_UNIT64(elen);
7013 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
7014 off += PFKEY_ALIGN8(sizeof(*sup));
7015
7016 for (i = 1; i <= SADB_EALG_MAX; i++) {
7017 const struct esp_algorithm *ealgo;
7018
7019 ealgo = esp_algorithm_lookup(i);
7020 if (!ealgo)
7021 continue;
7022 alg = (struct sadb_alg *)(mtod(n, caddr_t) + off);
7023 alg->sadb_alg_id = i;
7024 if (ealgo && ealgo->ivlen) {
7025 /*
7026 * give NULL to get the value preferred by
7027 * algorithm XXX SADB_X_EXT_DERIV ?
7028 */
7029 alg->sadb_alg_ivlen =
7030 (*ealgo->ivlen)(ealgo, NULL);
7031 } else
7032 alg->sadb_alg_ivlen = 0;
7033 alg->sadb_alg_minbits = ealgo->keymin;
7034 alg->sadb_alg_maxbits = ealgo->keymax;
7035 off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
7036 }
7037 }
7038#endif
7039
7040#if DIGAGNOSTIC
7041 if (off != len)
7042 panic("length assumption failed in key_register");
7043#endif
7044
7045 m_freem(m);
7046 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
7047 }
7048}
7049
7050/*
7051 * free secreg entry registered.
7052 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
7053 */
7054void
7055key_freereg(so)
7056 struct socket *so;
7057{
7058 struct secreg *reg;
7059 int i;
7060
7061 /* sanity check */
7062 if (so == NULL)
7063 panic("key_freereg: NULL pointer is passed.\n");
7064
7065 /*
7066 * check whether existing or not.
7067 * check all type of SA, because there is a potential that
7068 * one socket is registered to multiple type of SA.
7069 */
7070 lck_mtx_lock(sadb_mutex);
7071 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
7072 LIST_FOREACH(reg, &regtree[i], chain) {
7073 if (reg->so == so
7074 && __LIST_CHAINED(reg)) {
7075 LIST_REMOVE(reg, chain);
7076 KFREE(reg);
7077 break;
7078 }
7079 }
7080 }
7081 lck_mtx_unlock(sadb_mutex);
7082 return;
7083}
7084
7085/*
7086 * SADB_EXPIRE processing
7087 * send
7088 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
7089 * to KMD by PF_KEY.
7090 * NOTE: We send only soft lifetime extension.
7091 *
7092 * OUT: 0 : succeed
7093 * others : error number
7094 */
7095static int
7096key_expire(sav)
7097 struct secasvar *sav;
7098{
7099 int satype;
7100 struct mbuf *result = NULL, *m;
7101 int len;
7102 int error = -1;
7103 struct sadb_lifetime *lt;
7104
7105 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
7106
7107 /* sanity check */
7108 if (sav == NULL)
7109 panic("key_expire: NULL pointer is passed.\n");
7110 if (sav->sah == NULL)
7111 panic("key_expire: Why was SA index in SA NULL.\n");
7112 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
7113 panic("key_expire: invalid proto is passed.\n");
7114
7115 /* set msg header */
7116 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
7117 if (!m) {
7118 error = ENOBUFS;
7119 goto fail;
7120 }
7121 result = m;
7122
7123 /* create SA extension */
7124 m = key_setsadbsa(sav);
7125 if (!m) {
7126 error = ENOBUFS;
7127 goto fail;
7128 }
7129 m_cat(result, m);
7130
7131 /* create SA extension */
7132 m = key_setsadbxsa2(sav->sah->saidx.mode,
7133 sav->replay ? sav->replay->count : 0,
7134 sav->sah->saidx.reqid);
7135 if (!m) {
7136 error = ENOBUFS;
7137 goto fail;
7138 }
7139 m_cat(result, m);
7140
7141 /* create lifetime extension (current and soft) */
7142 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
7143 m = key_alloc_mbuf(len);
7144 if (!m || m->m_next) { /*XXX*/
7145 if (m)
7146 m_freem(m);
7147 error = ENOBUFS;
7148 goto fail;
7149 }
7150 bzero(mtod(m, caddr_t), len);
7151 lt = mtod(m, struct sadb_lifetime *);
7152 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
7153 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
7154 lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations;
7155 lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes;
7156 lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime;
7157 lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime;
7158 lt = (struct sadb_lifetime *)(mtod(m, caddr_t) + len / 2);
7159 bcopy(sav->lft_s, lt, sizeof(*lt));
7160 m_cat(result, m);
7161
7162 /* set sadb_address for source */
7163 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
7164 (struct sockaddr *)&sav->sah->saidx.src,
7165 FULLMASK, IPSEC_ULPROTO_ANY);
7166 if (!m) {
7167 error = ENOBUFS;
7168 goto fail;
7169 }
7170 m_cat(result, m);
7171
7172 /* set sadb_address for destination */
7173 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
7174 (struct sockaddr *)&sav->sah->saidx.dst,
7175 FULLMASK, IPSEC_ULPROTO_ANY);
7176 if (!m) {
7177 error = ENOBUFS;
7178 goto fail;
7179 }
7180 m_cat(result, m);
7181
7182 if ((result->m_flags & M_PKTHDR) == 0) {
7183 error = EINVAL;
7184 goto fail;
7185 }
7186
7187 if (result->m_len < sizeof(struct sadb_msg)) {
7188 result = m_pullup(result, sizeof(struct sadb_msg));
7189 if (result == NULL) {
7190 error = ENOBUFS;
7191 goto fail;
7192 }
7193 }
7194
7195 result->m_pkthdr.len = 0;
7196 for (m = result; m; m = m->m_next)
7197 result->m_pkthdr.len += m->m_len;
7198
7199 mtod(result, struct sadb_msg *)->sadb_msg_len =
7200 PFKEY_UNIT64(result->m_pkthdr.len);
7201
7202 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
7203
7204 fail:
7205 if (result)
7206 m_freem(result);
7207 return error;
7208}
7209
7210/*
7211 * SADB_FLUSH processing
7212 * receive
7213 * <base>
7214 * from the ikmpd, and free all entries in secastree.
7215 * and send,
7216 * <base>
7217 * to the ikmpd.
7218 * NOTE: to do is only marking SADB_SASTATE_DEAD.
7219 *
7220 * m will always be freed.
7221 */
7222static int
7223key_flush(so, m, mhp)
7224 struct socket *so;
7225 struct mbuf *m;
7226 const struct sadb_msghdr *mhp;
7227{
7228 struct sadb_msg *newmsg;
7229 struct secashead *sah, *nextsah;
7230 struct secasvar *sav, *nextsav;
7231 u_int16_t proto;
7232 u_int8_t state;
7233 u_int stateidx;
7234
7235 /* sanity check */
7236 if (so == NULL || mhp == NULL || mhp->msg == NULL)
7237 panic("key_flush: NULL pointer is passed.\n");
7238
7239 /* map satype to proto */
7240 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7241 ipseclog((LOG_DEBUG, "key_flush: invalid satype is passed.\n"));
7242 return key_senderror(so, m, EINVAL);
7243 }
7244
7245 lck_mtx_lock(sadb_mutex);
7246
7247 /* no SATYPE specified, i.e. flushing all SA. */
7248 for (sah = LIST_FIRST(&sahtree);
7249 sah != NULL;
7250 sah = nextsah) {
7251 nextsah = LIST_NEXT(sah, chain);
7252
7253 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
7254 && proto != sah->saidx.proto)
7255 continue;
7256
7257 for (stateidx = 0;
7258 stateidx < _ARRAYLEN(saorder_state_alive);
7259 stateidx++) {
7260 state = saorder_state_any[stateidx];
7261 for (sav = LIST_FIRST(&sah->savtree[state]);
7262 sav != NULL;
7263 sav = nextsav) {
7264
7265 nextsav = LIST_NEXT(sav, chain);
7266
7267 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
7268 key_freesav(sav, KEY_SADB_LOCKED);
7269 }
7270 }
7271
7272 sah->state = SADB_SASTATE_DEAD;
7273 }
7274 lck_mtx_unlock(sadb_mutex);
7275
7276 if (m->m_len < sizeof(struct sadb_msg) ||
7277 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
7278 ipseclog((LOG_DEBUG, "key_flush: No more memory.\n"));
7279 return key_senderror(so, m, ENOBUFS);
7280 }
7281
7282 if (m->m_next)
7283 m_freem(m->m_next);
7284 m->m_next = NULL;
7285 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
7286 newmsg = mtod(m, struct sadb_msg *);
7287 newmsg->sadb_msg_errno = 0;
7288 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
7289
7290 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7291}
7292
7293/*
7294 * SADB_DUMP processing
7295 * dump all entries including status of DEAD in SAD.
7296 * receive
7297 * <base>
7298 * from the ikmpd, and dump all secasvar leaves
7299 * and send,
7300 * <base> .....
7301 * to the ikmpd.
7302 *
7303 * m will always be freed.
7304 */
7305
7306struct sav_dump_elem {
7307 struct secasvar *sav;
7308 u_int8_t satype;
7309};
7310
7311static int
7312key_dump(so, m, mhp)
7313 struct socket *so;
7314 struct mbuf *m;
7315 const struct sadb_msghdr *mhp;
7316{
7317 struct secashead *sah;
7318 struct secasvar *sav;
7319 struct sav_dump_elem *savbuf = NULL, *elem_ptr;
7320 u_int16_t proto;
7321 u_int stateidx;
7322 u_int8_t satype;
7323 u_int8_t state;
7324 int cnt = 0, cnt2, bufcount;
7325 struct mbuf *n;
7326 int error = 0;
7327
7328 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
7329
7330 /* sanity check */
7331 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7332 panic("key_dump: NULL pointer is passed.\n");
7333
7334 /* map satype to proto */
7335 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7336 ipseclog((LOG_DEBUG, "key_dump: invalid satype is passed.\n"));
7337 return key_senderror(so, m, EINVAL);
7338 }
7339
7340 if ((bufcount = ipsec_sav_count) <= 0) {
7341 error = ENOENT;
7342 goto end;
7343 }
7344 bufcount += 512; /* extra */
7345 KMALLOC_WAIT(savbuf, struct sav_dump_elem*, bufcount * sizeof(struct sav_dump_elem));
7346 if (savbuf == NULL) {
7347 ipseclog((LOG_DEBUG, "key_dump: No more memory.\n"));
7348 error = ENOMEM;
7349 goto end;
7350 }
7351
7352 /* count sav entries to be sent to the userland. */
7353 lck_mtx_lock(sadb_mutex);
7354 elem_ptr = savbuf;
7355 LIST_FOREACH(sah, &sahtree, chain) {
7356 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
7357 && proto != sah->saidx.proto)
7358 continue;
7359
7360 /* map proto to satype */
7361 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
7362 lck_mtx_unlock(sadb_mutex);
7363 ipseclog((LOG_DEBUG, "key_dump: there was invalid proto in SAD.\n"));
7364 error = EINVAL;
7365 goto end;
7366 }
7367
7368 for (stateidx = 0;
7369 stateidx < _ARRAYLEN(saorder_state_any);
7370 stateidx++) {
7371 state = saorder_state_any[stateidx];
7372 LIST_FOREACH(sav, &sah->savtree[state], chain) {
7373 if (cnt == bufcount)
7374 break; /* out of buffer space */
7375 elem_ptr->sav = sav;
7376 elem_ptr->satype = satype;
7377 sav->refcnt++;
7378 elem_ptr++;
7379 cnt++;
7380 }
7381 }
7382 }
7383 lck_mtx_unlock(sadb_mutex);
7384
7385 if (cnt == 0) {
7386 error = ENOENT;
7387 goto end;
7388 }
7389
7390 /* send this to the userland, one at a time. */
7391 elem_ptr = savbuf;
7392 cnt2 = cnt;
7393 while (cnt2) {
7394 n = key_setdumpsa(elem_ptr->sav, SADB_DUMP, elem_ptr->satype,
7395 --cnt2, mhp->msg->sadb_msg_pid);
7396
7397 if (!n) {
7398 error = ENOBUFS;
7399 goto end;
7400 }
7401
7402 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
7403 elem_ptr++;
7404 }
7405
7406end:
7407 if (savbuf) {
7408 if (cnt) {
7409 elem_ptr = savbuf;
7410 lck_mtx_lock(sadb_mutex);
7411 while (cnt--)
7412 key_freesav((elem_ptr++)->sav, KEY_SADB_LOCKED);
7413 lck_mtx_unlock(sadb_mutex);
7414 }
7415 KFREE(savbuf);
7416 }
7417
7418 if (error)
7419 return key_senderror(so, m, error);
7420
7421 m_freem(m);
7422 return 0;
7423}
7424
7425/*
7426 * SADB_X_PROMISC processing
7427 *
7428 * m will always be freed.
7429 */
7430static int
7431key_promisc(so, m, mhp)
7432 struct socket *so;
7433 struct mbuf *m;
7434 const struct sadb_msghdr *mhp;
7435{
7436 int olen;
7437
7438 /* sanity check */
7439 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7440 panic("key_promisc: NULL pointer is passed.\n");
7441
7442 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
7443
7444 if (olen < sizeof(struct sadb_msg)) {
7445#if 1
7446 return key_senderror(so, m, EINVAL);
7447#else
7448 m_freem(m);
7449 return 0;
7450#endif
7451 } else if (olen == sizeof(struct sadb_msg)) {
7452 /* enable/disable promisc mode */
7453 struct keycb *kp;
7454
7455 socket_lock(so, 1);
7456 if ((kp = (struct keycb *)sotorawcb(so)) == NULL)
7457 return key_senderror(so, m, EINVAL);
7458 mhp->msg->sadb_msg_errno = 0;
7459 switch (mhp->msg->sadb_msg_satype) {
7460 case 0:
7461 case 1:
7462 kp->kp_promisc = mhp->msg->sadb_msg_satype;
7463 break;
7464 default:
7465 socket_unlock(so, 1);
7466 return key_senderror(so, m, EINVAL);
7467 }
7468 socket_unlock(so, 1);
7469
7470 /* send the original message back to everyone */
7471 mhp->msg->sadb_msg_errno = 0;
7472 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7473 } else {
7474 /* send packet as is */
7475
7476 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
7477
7478 /* TODO: if sadb_msg_seq is specified, send to specific pid */
7479 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
7480 }
7481}
7482
7483static int (*key_typesw[])(struct socket *, struct mbuf *,
7484 const struct sadb_msghdr *) = {
7485 NULL, /* SADB_RESERVED */
7486 key_getspi, /* SADB_GETSPI */
7487 key_update, /* SADB_UPDATE */
7488 key_add, /* SADB_ADD */
7489 key_delete, /* SADB_DELETE */
7490 key_get, /* SADB_GET */
7491 key_acquire2, /* SADB_ACQUIRE */
7492 key_register, /* SADB_REGISTER */
7493 NULL, /* SADB_EXPIRE */
7494 key_flush, /* SADB_FLUSH */
7495 key_dump, /* SADB_DUMP */
7496 key_promisc, /* SADB_X_PROMISC */
7497 NULL, /* SADB_X_PCHANGE */
7498 key_spdadd, /* SADB_X_SPDUPDATE */
7499 key_spdadd, /* SADB_X_SPDADD */
7500 key_spddelete, /* SADB_X_SPDDELETE */
7501 key_spdget, /* SADB_X_SPDGET */
7502 NULL, /* SADB_X_SPDACQUIRE */
7503 key_spddump, /* SADB_X_SPDDUMP */
7504 key_spdflush, /* SADB_X_SPDFLUSH */
7505 key_spdadd, /* SADB_X_SPDSETIDX */
7506 NULL, /* SADB_X_SPDEXPIRE */
7507 key_spddelete2, /* SADB_X_SPDDELETE2 */
7508};
7509
7510/*
7511 * parse sadb_msg buffer to process PFKEYv2,
7512 * and create a data to response if needed.
7513 * I think to be dealed with mbuf directly.
7514 * IN:
7515 * msgp : pointer to pointer to a received buffer pulluped.
7516 * This is rewrited to response.
7517 * so : pointer to socket.
7518 * OUT:
7519 * length for buffer to send to user process.
7520 */
7521int
7522key_parse(m, so)
7523 struct mbuf *m;
7524 struct socket *so;
7525{
7526 struct sadb_msg *msg;
7527 struct sadb_msghdr mh;
7528 u_int orglen;
7529 int error;
7530 int target;
7531
7532 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
7533
7534 /* sanity check */
7535 if (m == NULL || so == NULL)
7536 panic("key_parse: NULL pointer is passed.\n");
7537
7538#if 0 /*kdebug_sadb assumes msg in linear buffer*/
7539 KEYDEBUG(KEYDEBUG_KEY_DUMP,
7540 ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n"));
7541 kdebug_sadb(msg));
7542#endif
7543
7544 if (m->m_len < sizeof(struct sadb_msg)) {
7545 m = m_pullup(m, sizeof(struct sadb_msg));
7546 if (!m)
7547 return ENOBUFS;
7548 }
7549 msg = mtod(m, struct sadb_msg *);
7550 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
7551 target = KEY_SENDUP_ONE;
7552
7553 if ((m->m_flags & M_PKTHDR) == 0 ||
7554 m->m_pkthdr.len != m->m_pkthdr.len) {
7555 ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n"));
7556 PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
7557 error = EINVAL;
7558 goto senderror;
7559 }
7560
7561 if (msg->sadb_msg_version != PF_KEY_V2) {
7562 ipseclog((LOG_DEBUG,
7563 "key_parse: PF_KEY version %u is mismatched.\n",
7564 msg->sadb_msg_version));
7565 PFKEY_STAT_INCREMENT(pfkeystat.out_invver);
7566 error = EINVAL;
7567 goto senderror;
7568 }
7569
7570 if (msg->sadb_msg_type > SADB_MAX) {
7571 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
7572 msg->sadb_msg_type));
7573 PFKEY_STAT_INCREMENT(pfkeystat.out_invmsgtype);
7574 error = EINVAL;
7575 goto senderror;
7576 }
7577
7578 /* for old-fashioned code - should be nuked */
7579 if (m->m_pkthdr.len > MCLBYTES) {
7580 m_freem(m);
7581 return ENOBUFS;
7582 }
7583 if (m->m_next) {
7584 struct mbuf *n;
7585
7586 MGETHDR(n, M_DONTWAIT, MT_DATA);
7587 if (n && m->m_pkthdr.len > MHLEN) {
7588 MCLGET(n, M_DONTWAIT);
7589 if ((n->m_flags & M_EXT) == 0) {
7590 m_free(n);
7591 n = NULL;
7592 }
7593 }
7594 if (!n) {
7595 m_freem(m);
7596 return ENOBUFS;
7597 }
7598 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t));
7599 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
7600 n->m_next = NULL;
7601 m_freem(m);
7602 m = n;
7603 }
7604
7605 /* align the mbuf chain so that extensions are in contiguous region. */
7606 error = key_align(m, &mh);
7607 if (error)
7608 return error;
7609
7610 if (m->m_next) { /*XXX*/
7611 m_freem(m);
7612 return ENOBUFS;
7613 }
7614
7615 msg = mh.msg;
7616
7617 /* check SA type */
7618 switch (msg->sadb_msg_satype) {
7619 case SADB_SATYPE_UNSPEC:
7620 switch (msg->sadb_msg_type) {
7621 case SADB_GETSPI:
7622 case SADB_UPDATE:
7623 case SADB_ADD:
7624 case SADB_DELETE:
7625 case SADB_GET:
7626 case SADB_ACQUIRE:
7627 case SADB_EXPIRE:
7628 ipseclog((LOG_DEBUG, "key_parse: must specify satype "
7629 "when msg type=%u.\n", msg->sadb_msg_type));
7630 PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
7631 error = EINVAL;
7632 goto senderror;
7633 }
7634 break;
7635 case SADB_SATYPE_AH:
7636 case SADB_SATYPE_ESP:
7637 case SADB_X_SATYPE_IPCOMP:
7638 switch (msg->sadb_msg_type) {
7639 case SADB_X_SPDADD:
7640 case SADB_X_SPDDELETE:
7641 case SADB_X_SPDGET:
7642 case SADB_X_SPDDUMP:
7643 case SADB_X_SPDFLUSH:
7644 case SADB_X_SPDSETIDX:
7645 case SADB_X_SPDUPDATE:
7646 case SADB_X_SPDDELETE2:
7647 ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n",
7648 msg->sadb_msg_type));
7649 PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
7650 error = EINVAL;
7651 goto senderror;
7652 }
7653 break;
7654 case SADB_SATYPE_RSVP:
7655 case SADB_SATYPE_OSPFV2:
7656 case SADB_SATYPE_RIPV2:
7657 case SADB_SATYPE_MIP:
7658 ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n",
7659 msg->sadb_msg_satype));
7660 PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
7661 error = EOPNOTSUPP;
7662 goto senderror;
7663 case 1: /* XXX: What does it do? */
7664 if (msg->sadb_msg_type == SADB_X_PROMISC)
7665 break;
7666 /*FALLTHROUGH*/
7667 default:
7668 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
7669 msg->sadb_msg_satype));
7670 PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
7671 error = EINVAL;
7672 goto senderror;
7673 }
7674
7675 /* check field of upper layer protocol and address family */
7676 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL
7677 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
7678 struct sadb_address *src0, *dst0;
7679 u_int plen;
7680
7681 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
7682 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
7683
7684 /* check upper layer protocol */
7685 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
7686 ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n"));
7687 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
7688 error = EINVAL;
7689 goto senderror;
7690 }
7691
7692 /* check family */
7693 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
7694 PFKEY_ADDR_SADDR(dst0)->sa_family) {
7695 ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n"));
7696 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
7697 error = EINVAL;
7698 goto senderror;
7699 }
7700 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7701 PFKEY_ADDR_SADDR(dst0)->sa_len) {
7702 ipseclog((LOG_DEBUG,
7703 "key_parse: address struct size mismatched.\n"));
7704 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
7705 error = EINVAL;
7706 goto senderror;
7707 }
7708
7709 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
7710 case AF_INET:
7711 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7712 sizeof(struct sockaddr_in)) {
7713 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
7714 error = EINVAL;
7715 goto senderror;
7716 }
7717 break;
7718 case AF_INET6:
7719 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
7720 sizeof(struct sockaddr_in6)) {
7721 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
7722 error = EINVAL;
7723 goto senderror;
7724 }
7725 break;
7726 default:
7727 ipseclog((LOG_DEBUG,
7728 "key_parse: unsupported address family.\n"));
7729 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
7730 error = EAFNOSUPPORT;
7731 goto senderror;
7732 }
7733
7734 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
7735 case AF_INET:
7736 plen = sizeof(struct in_addr) << 3;
7737 break;
7738 case AF_INET6:
7739 plen = sizeof(struct in6_addr) << 3;
7740 break;
7741 default:
7742 plen = 0; /*fool gcc*/
7743 break;
7744 }
7745
7746 /* check max prefix length */
7747 if (src0->sadb_address_prefixlen > plen ||
7748 dst0->sadb_address_prefixlen > plen) {
7749 ipseclog((LOG_DEBUG,
7750 "key_parse: illegal prefixlen.\n"));
7751 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
7752 error = EINVAL;
7753 goto senderror;
7754 }
7755
7756 /*
7757 * prefixlen == 0 is valid because there can be a case when
7758 * all addresses are matched.
7759 */
7760 }
7761
7762 if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
7763 key_typesw[msg->sadb_msg_type] == NULL) {
7764 PFKEY_STAT_INCREMENT(pfkeystat.out_invmsgtype);
7765 error = EINVAL;
7766 goto senderror;
7767 }
7768
7769 return (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
7770
7771senderror:
7772 msg->sadb_msg_errno = error;
7773 return key_sendup_mbuf(so, m, target);
7774}
7775
7776static int
7777key_senderror(so, m, code)
7778 struct socket *so;
7779 struct mbuf *m;
7780 int code;
7781{
7782 struct sadb_msg *msg;
7783
7784 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
7785
7786 if (m->m_len < sizeof(struct sadb_msg))
7787 panic("invalid mbuf passed to key_senderror");
7788
7789 msg = mtod(m, struct sadb_msg *);
7790 msg->sadb_msg_errno = code;
7791 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
7792}
7793
7794/*
7795 * set the pointer to each header into message buffer.
7796 * m will be freed on error.
7797 * XXX larger-than-MCLBYTES extension?
7798 */
7799static int
7800key_align(m, mhp)
7801 struct mbuf *m;
7802 struct sadb_msghdr *mhp;
7803{
7804 struct mbuf *n;
7805 struct sadb_ext *ext;
7806 size_t off, end;
7807 int extlen;
7808 int toff;
7809
7810 /* sanity check */
7811 if (m == NULL || mhp == NULL)
7812 panic("key_align: NULL pointer is passed.\n");
7813 if (m->m_len < sizeof(struct sadb_msg))
7814 panic("invalid mbuf passed to key_align");
7815
7816 /* initialize */
7817 bzero(mhp, sizeof(*mhp));
7818
7819 mhp->msg = mtod(m, struct sadb_msg *);
7820 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */
7821
7822 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
7823 extlen = end; /*just in case extlen is not updated*/
7824 for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
7825 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
7826 if (!n) {
7827 /* m is already freed */
7828 return ENOBUFS;
7829 }
7830 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
7831
7832 /* set pointer */
7833 switch (ext->sadb_ext_type) {
7834 case SADB_EXT_SA:
7835 case SADB_EXT_ADDRESS_SRC:
7836 case SADB_EXT_ADDRESS_DST:
7837 case SADB_EXT_ADDRESS_PROXY:
7838 case SADB_EXT_LIFETIME_CURRENT:
7839 case SADB_EXT_LIFETIME_HARD:
7840 case SADB_EXT_LIFETIME_SOFT:
7841 case SADB_EXT_KEY_AUTH:
7842 case SADB_EXT_KEY_ENCRYPT:
7843 case SADB_EXT_IDENTITY_SRC:
7844 case SADB_EXT_IDENTITY_DST:
7845 case SADB_EXT_SENSITIVITY:
7846 case SADB_EXT_PROPOSAL:
7847 case SADB_EXT_SUPPORTED_AUTH:
7848 case SADB_EXT_SUPPORTED_ENCRYPT:
7849 case SADB_EXT_SPIRANGE:
7850 case SADB_X_EXT_POLICY:
7851 case SADB_X_EXT_SA2:
7852 /* duplicate check */
7853 /*
7854 * XXX Are there duplication payloads of either
7855 * KEY_AUTH or KEY_ENCRYPT ?
7856 */
7857 if (mhp->ext[ext->sadb_ext_type] != NULL) {
7858 ipseclog((LOG_DEBUG,
7859 "key_align: duplicate ext_type %u "
7860 "is passed.\n", ext->sadb_ext_type));
7861 m_freem(m);
7862 PFKEY_STAT_INCREMENT(pfkeystat.out_dupext);
7863 return EINVAL;
7864 }
7865 break;
7866 default:
7867 ipseclog((LOG_DEBUG,
7868 "key_align: invalid ext_type %u is passed.\n",
7869 ext->sadb_ext_type));
7870 m_freem(m);
7871 PFKEY_STAT_INCREMENT(pfkeystat.out_invexttype);
7872 return EINVAL;
7873 }
7874
7875 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
7876
7877 if (key_validate_ext(ext, extlen)) {
7878 m_freem(m);
7879 PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
7880 return EINVAL;
7881 }
7882
7883 n = m_pulldown(m, off, extlen, &toff);
7884 if (!n) {
7885 /* m is already freed */
7886 return ENOBUFS;
7887 }
7888 ext = (struct sadb_ext *)(mtod(n, caddr_t) + toff);
7889
7890 mhp->ext[ext->sadb_ext_type] = ext;
7891 mhp->extoff[ext->sadb_ext_type] = off;
7892 mhp->extlen[ext->sadb_ext_type] = extlen;
7893 }
7894
7895 if (off != end) {
7896 m_freem(m);
7897 PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
7898 return EINVAL;
7899 }
7900
7901 return 0;
7902}
7903
7904static int
7905key_validate_ext(ext, len)
7906 const struct sadb_ext *ext;
7907 int len;
7908{
7909 struct sockaddr *sa;
7910 enum { NONE, ADDR } checktype = NONE;
7911 int baselen;
7912 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
7913
7914 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
7915 return EINVAL;
7916
7917 /* if it does not match minimum/maximum length, bail */
7918 if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) ||
7919 ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0]))
7920 return EINVAL;
7921 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
7922 return EINVAL;
7923 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
7924 return EINVAL;
7925
7926 /* more checks based on sadb_ext_type XXX need more */
7927 switch (ext->sadb_ext_type) {
7928 case SADB_EXT_ADDRESS_SRC:
7929 case SADB_EXT_ADDRESS_DST:
7930 case SADB_EXT_ADDRESS_PROXY:
7931 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
7932 checktype = ADDR;
7933 break;
7934 case SADB_EXT_IDENTITY_SRC:
7935 case SADB_EXT_IDENTITY_DST:
7936 if (((struct sadb_ident *)ext)->sadb_ident_type ==
7937 SADB_X_IDENTTYPE_ADDR) {
7938 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
7939 checktype = ADDR;
7940 } else
7941 checktype = NONE;
7942 break;
7943 default:
7944 checktype = NONE;
7945 break;
7946 }
7947
7948 switch (checktype) {
7949 case NONE:
7950 break;
7951 case ADDR:
7952 sa = (struct sockaddr *)((caddr_t)ext + baselen);
7953 if (len < baselen + sal)
7954 return EINVAL;
7955 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
7956 return EINVAL;
7957 break;
7958 }
7959
7960 return 0;
7961}
7962
7963void
7964key_domain_init()
7965{
7966 int i;
7967
7968 bzero((caddr_t)&key_cb, sizeof(key_cb));
7969
7970 for (i = 0; i < IPSEC_DIR_MAX; i++) {
7971 LIST_INIT(&sptree[i]);
7972 }
7973 ipsec_policy_count = 0;
7974
7975 LIST_INIT(&sahtree);
7976
7977 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
7978 LIST_INIT(&regtree[i]);
7979 }
7980 ipsec_sav_count = 0;
7981
7982#ifndef IPSEC_NONBLOCK_ACQUIRE
7983 LIST_INIT(&acqtree);
7984#endif
7985 LIST_INIT(&spacqtree);
7986
7987 /* system default */
7988#if INET
7989 ip4_def_policy.policy = IPSEC_POLICY_NONE;
7990 ip4_def_policy.refcnt++; /*never reclaim this*/
7991#endif
7992#if INET6
7993 ip6_def_policy.policy = IPSEC_POLICY_NONE;
7994 ip6_def_policy.refcnt++; /*never reclaim this*/
7995#endif
7996
7997#ifndef IPSEC_DEBUG2
7998 timeout((void *)key_timehandler, (void *)0, hz);
7999#endif /*IPSEC_DEBUG2*/
8000
8001 /* initialize key statistics */
8002 keystat.getspi_count = 1;
8003
8004#ifndef __APPLE__
8005 printf("IPsec: Initialized Security Association Processing.\n");
8006#endif
8007
8008 return;
8009}
8010
8011/*
8012 * XXX: maybe This function is called after INBOUND IPsec processing.
8013 *
8014 * Special check for tunnel-mode packets.
8015 * We must make some checks for consistency between inner and outer IP header.
8016 *
8017 * xxx more checks to be provided
8018 */
8019int
8020key_checktunnelsanity(
8021 struct secasvar *sav,
8022 __unused u_int family,
8023 __unused caddr_t src,
8024 __unused caddr_t dst)
8025{
8026
8027 /* sanity check */
8028 if (sav->sah == NULL)
8029 panic("sav->sah == NULL at key_checktunnelsanity");
8030
8031 /* XXX: check inner IP header */
8032
8033 return 1;
8034}
8035
8036/* record data transfer on SA, and update timestamps */
8037void
8038key_sa_recordxfer(sav, m)
8039 struct secasvar *sav;
8040 struct mbuf *m;
8041{
8042
8043
8044 if (!sav)
8045 panic("key_sa_recordxfer called with sav == NULL");
8046 if (!m)
8047 panic("key_sa_recordxfer called with m == NULL");
8048 if (!sav->lft_c)
8049 return;
8050
8051 lck_mtx_lock(sadb_mutex);
8052 /*
8053 * XXX Currently, there is a difference of bytes size
8054 * between inbound and outbound processing.
8055 */
8056 sav->lft_c->sadb_lifetime_bytes += m->m_pkthdr.len;
8057 /* to check bytes lifetime is done in key_timehandler(). */
8058
8059 /*
8060 * We use the number of packets as the unit of
8061 * sadb_lifetime_allocations. We increment the variable
8062 * whenever {esp,ah}_{in,out}put is called.
8063 */
8064 sav->lft_c->sadb_lifetime_allocations++;
8065 /* XXX check for expires? */
8066
8067 /*
8068 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
8069 * in seconds. HARD and SOFT lifetime are measured by the time
8070 * difference (again in seconds) from sadb_lifetime_usetime.
8071 *
8072 * usetime
8073 * v expire expire
8074 * -----+-----+--------+---> t
8075 * <--------------> HARD
8076 * <-----> SOFT
8077 */
8078 {
8079 struct timeval tv;
8080 microtime(&tv);
8081 sav->lft_c->sadb_lifetime_usetime = tv.tv_sec;
8082 /* XXX check for expires? */
8083 }
8084 lck_mtx_unlock(sadb_mutex);
8085
8086 return;
8087}
8088
8089/* dumb version */
8090void
8091key_sa_routechange(dst)
8092 struct sockaddr *dst;
8093{
8094 struct secashead *sah;
8095 struct route *ro;
8096
8097 lck_mtx_lock(sadb_mutex);
8098 LIST_FOREACH(sah, &sahtree, chain) {
8099 ro = &sah->sa_route;
8100 if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len
8101 && bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) {
8102 rtfree(ro->ro_rt);
8103 ro->ro_rt = (struct rtentry *)NULL;
8104 }
8105 }
8106 lck_mtx_unlock(sadb_mutex);
8107
8108 return;
8109}
8110
8111static void
8112key_sa_chgstate(sav, state)
8113 struct secasvar *sav;
8114 u_int8_t state;
8115{
8116
8117 if (sav == NULL)
8118 panic("key_sa_chgstate called with sav == NULL");
8119
8120 if (sav->state == state)
8121 return;
8122
8123 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
8124
8125 if (__LIST_CHAINED(sav))
8126 LIST_REMOVE(sav, chain);
8127
8128 sav->state = state;
8129 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
8130
8131}
8132
8133void
8134key_sa_stir_iv(sav)
8135 struct secasvar *sav;
8136{
8137 lck_mtx_lock(sadb_mutex);
8138 if (!sav->iv)
8139 panic("key_sa_stir_iv called with sav == NULL");
8140 key_randomfill(sav->iv, sav->ivlen);
8141 lck_mtx_unlock(sadb_mutex);
8142}
8143
8144/* XXX too much? */
8145static struct mbuf *
8146key_alloc_mbuf(l)
8147 int l;
8148{
8149 struct mbuf *m = NULL, *n;
8150 int len, t;
8151
8152 len = l;
8153 while (len > 0) {
8154 MGET(n, M_DONTWAIT, MT_DATA);
8155 if (n && len > MLEN)
8156 MCLGET(n, M_DONTWAIT);
8157 if (!n) {
8158 m_freem(m);
8159 return NULL;
8160 }
8161
8162 n->m_next = NULL;
8163 n->m_len = 0;
8164 n->m_len = M_TRAILINGSPACE(n);
8165 /* use the bottom of mbuf, hoping we can prepend afterwards */
8166 if (n->m_len > len) {
8167 t = (n->m_len - len) & ~(sizeof(long) - 1);
8168 n->m_data += t;
8169 n->m_len = len;
8170 }
8171
8172 len -= n->m_len;
8173
8174 if (m)
8175 m_cat(m, n);
8176 else
8177 m = n;
8178 }
8179
8180 return m;
8181}
mirror of XNU