]> git.saurik.com Git - apple/xnu.git/blob - bsd/netkey/key.c
xnu-3248.60.10.tar.gz
[apple/xnu.git] / bsd / netkey / key.c
1 /*
2 * Copyright (c) 2008-2016 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /* $FreeBSD: src/sys/netkey/key.c,v 1.16.2.13 2002/07/24 18:17:40 ume Exp $ */
30 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
31
32 /*
33 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
34 * All rights reserved.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 3. Neither the name of the project nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 */
60
61 /*
62 * This code is referd to RFC 2367
63 */
64
65 #include <machine/endian.h>
66 #include <sys/types.h>
67 #include <sys/param.h>
68 #include <sys/systm.h>
69 #include <sys/kernel.h>
70 #include <sys/mbuf.h>
71 #include <sys/domain.h>
72 #include <sys/protosw.h>
73 #include <sys/malloc.h>
74 #include <sys/socket.h>
75 #include <sys/socketvar.h>
76 #include <sys/sysctl.h>
77 #include <sys/errno.h>
78 #include <sys/proc.h>
79 #include <sys/queue.h>
80 #include <sys/syslog.h>
81 #include <sys/mcache.h>
82
83 #include <kern/locks.h>
84
85 #include <net/if.h>
86 #include <net/route.h>
87 #include <net/raw_cb.h>
88
89 #include <netinet/in.h>
90 #include <netinet/in_systm.h>
91 #include <netinet/ip.h>
92 #include <netinet/in_var.h>
93
94 #if INET6
95 #include <netinet/ip6.h>
96 #include <netinet6/in6_var.h>
97 #include <netinet6/ip6_var.h>
98 #endif /* INET6 */
99
100 #include <net/pfkeyv2.h>
101 #include <netkey/keydb.h>
102 #include <netkey/key.h>
103 #include <netkey/keysock.h>
104 #include <netkey/key_debug.h>
105 #include <stdarg.h>
106
107
108 #include <netinet6/ipsec.h>
109 #if INET6
110 #include <netinet6/ipsec6.h>
111 #endif
112 #include <netinet6/ah.h>
113 #if INET6
114 #include <netinet6/ah6.h>
115 #endif
116 #if IPSEC_ESP
117 #include <netinet6/esp.h>
118 #if INET6
119 #include <netinet6/esp6.h>
120 #endif
121 #endif
122 #include <netinet6/ipcomp.h>
123 #if INET6
124 #include <netinet6/ipcomp6.h>
125 #endif
126
127
128 /* randomness */
129 #include <sys/random.h>
130
131 #include <net/net_osdep.h>
132
133 #define FULLMASK 0xff
134
135 lck_grp_t *sadb_mutex_grp;
136 lck_grp_attr_t *sadb_mutex_grp_attr;
137 lck_attr_t *sadb_mutex_attr;
138 decl_lck_mtx_data(, sadb_mutex_data);
139 lck_mtx_t *sadb_mutex = &sadb_mutex_data;
140
141 lck_grp_t *pfkey_stat_mutex_grp;
142 lck_grp_attr_t *pfkey_stat_mutex_grp_attr;
143 lck_attr_t *pfkey_stat_mutex_attr;
144 decl_lck_mtx_data(, pfkey_stat_mutex_data);
145 lck_mtx_t *pfkey_stat_mutex = &pfkey_stat_mutex_data;
146
147 /*
148 * Note on SA reference counting:
149 * - SAs that are not in DEAD state will have (total external reference + 1)
150 * following value in reference count field. they cannot be freed and are
151 * referenced from SA header.
152 * - SAs that are in DEAD state will have (total external reference)
153 * in reference count field. they are ready to be freed. reference from
154 * SA header will be removed in key_delsav(), when the reference count
155 * field hits 0 (= no external reference other than from SA header.
156 */
157
158 u_int32_t key_debug_level = 0; //### our sysctl is not dynamic
159 static int key_timehandler_running = 0;
160 static u_int key_spi_trycnt = 1000;
161 static u_int32_t key_spi_minval = 0x100;
162 static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */
163 static u_int32_t policy_id = 0;
164 static u_int key_int_random = 60; /*interval to initialize randseed,1(m)*/
165 static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/
166 static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/
167 static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/
168 static int key_preferred_oldsa = 0; /* preferred old sa rather than new sa.*/
169 __private_extern__ int natt_keepalive_interval = 20; /* interval between natt keepalives.*/
170 __private_extern__ int ipsec_policy_count = 0;
171 static int ipsec_sav_count = 0;
172
173 static u_int32_t acq_seq = 0;
174 static int key_tick_init_random = 0;
175 __private_extern__ u_int32_t natt_now = 0;
176
177 static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD */
178 static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */
179 static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1];
180 /* registed list */
181
182 #define SPIHASHSIZE 128
183 #define SPIHASH(x) (((x) ^ ((x) >> 16)) % SPIHASHSIZE)
184 static LIST_HEAD(_spihash, secasvar) spihash[SPIHASHSIZE];
185
186 #ifndef IPSEC_NONBLOCK_ACQUIRE
187 static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */
188 #endif
189 static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */
190
191 struct key_cb key_cb;
192
193 /* search order for SAs */
194 static const u_int saorder_state_valid_prefer_old[] = {
195 SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
196 };
197 static const u_int saorder_state_valid_prefer_new[] = {
198 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
199 };
200 static const u_int saorder_state_alive[] = {
201 /* except DEAD */
202 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
203 };
204 static const u_int saorder_state_any[] = {
205 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
206 SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
207 };
208
209 static const int minsize[] = {
210 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
211 sizeof(struct sadb_sa), /* SADB_EXT_SA */
212 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
213 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
214 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
215 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */
216 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */
217 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */
218 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */
219 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */
220 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */
221 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */
222 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */
223 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */
224 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */
225 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */
226 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
227 0, /* SADB_X_EXT_KMPRIVATE */
228 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */
229 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
230 sizeof(struct sadb_session_id), /* SADB_EXT_SESSION_ID */
231 sizeof(struct sadb_sastat), /* SADB_EXT_SASTAT */
232 sizeof(struct sadb_x_ipsecif), /* SADB_X_EXT_IPSECIF */
233 sizeof(struct sadb_address), /* SADB_X_EXT_ADDR_RANGE_SRC_START */
234 sizeof(struct sadb_address), /* SADB_X_EXT_ADDR_RANGE_SRC_END */
235 sizeof(struct sadb_address), /* SADB_X_EXT_ADDR_RANGE_DST_START */
236 sizeof(struct sadb_address), /* SADB_X_EXT_ADDR_RANGE_DST_END */
237 sizeof(struct sadb_address), /* SADB_EXT_MIGRATE_ADDRESS_SRC */
238 sizeof(struct sadb_address), /* SADB_EXT_MIGRATE_ADDRESS_DST */
239 sizeof(struct sadb_x_ipsecif), /* SADB_X_EXT_MIGRATE_IPSECIF */
240 };
241 static const int maxsize[] = {
242 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
243 sizeof(struct sadb_sa_2), /* SADB_EXT_SA */
244 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
245 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
246 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
247 0, /* SADB_EXT_ADDRESS_SRC */
248 0, /* SADB_EXT_ADDRESS_DST */
249 0, /* SADB_EXT_ADDRESS_PROXY */
250 0, /* SADB_EXT_KEY_AUTH */
251 0, /* SADB_EXT_KEY_ENCRYPT */
252 0, /* SADB_EXT_IDENTITY_SRC */
253 0, /* SADB_EXT_IDENTITY_DST */
254 0, /* SADB_EXT_SENSITIVITY */
255 0, /* SADB_EXT_PROPOSAL */
256 0, /* SADB_EXT_SUPPORTED_AUTH */
257 0, /* SADB_EXT_SUPPORTED_ENCRYPT */
258 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
259 0, /* SADB_X_EXT_KMPRIVATE */
260 0, /* SADB_X_EXT_POLICY */
261 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
262 0, /* SADB_EXT_SESSION_ID */
263 0, /* SADB_EXT_SASTAT */
264 sizeof(struct sadb_x_ipsecif), /* SADB_X_EXT_IPSECIF */
265 0, /* SADB_X_EXT_ADDR_RANGE_SRC_START */
266 0, /* SADB_X_EXT_ADDR_RANGE_SRC_END */
267 0, /* SADB_X_EXT_ADDR_RANGE_DST_START */
268 0, /* SADB_X_EXT_ADDR_RANGE_DST_END */
269 0, /* SADB_EXT_MIGRATE_ADDRESS_SRC */
270 0, /* SADB_EXT_MIGRATE_ADDRESS_DST */
271 sizeof(struct sadb_x_ipsecif), /* SADB_X_EXT_MIGRATE_IPSECIF */
272 };
273
274 static int ipsec_esp_keymin = 256;
275 static int ipsec_esp_auth = 0;
276 static int ipsec_ah_keymin = 128;
277
278 SYSCTL_DECL(_net_key);
279 /* Thread safe: no accumulated state */
280 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW | CTLFLAG_LOCKED, \
281 &key_debug_level, 0, "");
282
283
284 /* max count of trial for the decision of spi value */
285 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW | CTLFLAG_LOCKED, \
286 &key_spi_trycnt, 0, "");
287
288 /* minimum spi value to allocate automatically. */
289 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW | CTLFLAG_LOCKED, \
290 &key_spi_minval, 0, "");
291
292 /* maximun spi value to allocate automatically. */
293 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW | CTLFLAG_LOCKED, \
294 &key_spi_maxval, 0, "");
295
296 /* interval to initialize randseed */
297 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW | CTLFLAG_LOCKED, \
298 &key_int_random, 0, "");
299
300 /* lifetime for larval SA; thread safe due to > compare */
301 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW | CTLFLAG_LOCKED, \
302 &key_larval_lifetime, 0, "");
303
304 /* counter for blocking to send SADB_ACQUIRE to IKEd */
305 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW | CTLFLAG_LOCKED, \
306 &key_blockacq_count, 0, "");
307
308 /* lifetime for blocking to send SADB_ACQUIRE to IKEd: Thread safe, > compare */
309 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW | CTLFLAG_LOCKED, \
310 &key_blockacq_lifetime, 0, "");
311
312 /* ESP auth */
313 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW | CTLFLAG_LOCKED, \
314 &ipsec_esp_auth, 0, "");
315
316 /* minimum ESP key length */
317 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW | CTLFLAG_LOCKED, \
318 &ipsec_esp_keymin, 0, "");
319
320 /* minimum AH key length */
321 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW | CTLFLAG_LOCKED, \
322 &ipsec_ah_keymin, 0, "");
323
324 /* perfered old SA rather than new SA */
325 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, prefered_oldsa, CTLFLAG_RW | CTLFLAG_LOCKED,\
326 &key_preferred_oldsa, 0, "");
327
328 /* time between NATT keepalives in seconds, 0 disabled */
329 SYSCTL_INT(_net_key, KEYCTL_NATT_KEEPALIVE_INTERVAL, natt_keepalive_interval, CTLFLAG_RW | CTLFLAG_LOCKED,\
330 &natt_keepalive_interval, 0, "");
331
332 /* PF_KEY statistics */
333 SYSCTL_STRUCT(_net_key, KEYCTL_PFKEYSTAT, pfkeystat, CTLFLAG_RD | CTLFLAG_LOCKED,\
334 &pfkeystat, pfkeystat, "");
335
336 #ifndef LIST_FOREACH
337 #define LIST_FOREACH(elm, head, field) \
338 for (elm = LIST_FIRST(head); elm; elm = LIST_NEXT(elm, field))
339 #endif
340 #define __LIST_CHAINED(elm) \
341 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
342 #define LIST_INSERT_TAIL(head, elm, type, field) \
343 do {\
344 struct type *curelm = LIST_FIRST(head); \
345 if (curelm == NULL) {\
346 LIST_INSERT_HEAD(head, elm, field); \
347 } else { \
348 while (LIST_NEXT(curelm, field)) \
349 curelm = LIST_NEXT(curelm, field);\
350 LIST_INSERT_AFTER(curelm, elm, field);\
351 }\
352 } while (0)
353
354 #define KEY_CHKSASTATE(head, sav, name) \
355 do { \
356 if ((head) != (sav)) { \
357 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%d SA=%d)\n", \
358 (name), (head), (sav))); \
359 continue; \
360 } \
361 } while (0)
362
363 #define KEY_CHKSPDIR(head, sp, name) \
364 do { \
365 if ((head) != (sp)) { \
366 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%d SP=%d), " \
367 "anyway continue.\n", \
368 (name), (head), (sp))); \
369 } \
370 } while (0)
371
372 #if 1
373 #define KMALLOC_WAIT(p, t, n) \
374 ((p) = (t) _MALLOC((u_int32_t)(n), M_SECA, M_WAITOK))
375 #define KMALLOC_NOWAIT(p, t, n) \
376 ((p) = (t) _MALLOC((u_int32_t)(n), M_SECA, M_NOWAIT))
377 #define KFREE(p) \
378 _FREE((caddr_t)(p), M_SECA);
379 #else
380 #define KMALLOC_WAIT(p, t, n) \
381 do { \
382 ((p) = (t)_MALLOC((u_int32_t)(n), M_SECA, M_WAITOK)); \
383 printf("%s %d: %p <- KMALLOC_WAIT(%s, %d)\n", \
384 __FILE__, __LINE__, (p), #t, n); \
385 } while (0)
386 #define KMALLOC_NOWAIT(p, t, n) \
387 do { \
388 ((p) = (t)_MALLOC((u_int32_t)(n), M_SECA, M_NOWAIT)); \
389 printf("%s %d: %p <- KMALLOC_NOWAIT(%s, %d)\n", \
390 __FILE__, __LINE__, (p), #t, n); \
391 } while (0)
392
393 #define KFREE(p) \
394 do { \
395 printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p)); \
396 _FREE((caddr_t)(p), M_SECA); \
397 } while (0)
398 #endif
399
400 /*
401 * set parameters into secpolicyindex buffer.
402 * Must allocate secpolicyindex buffer passed to this function.
403 */
404 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, ifp, s_s, s_e, d_s, d_e, idx) \
405 do { \
406 bzero((idx), sizeof(struct secpolicyindex)); \
407 (idx)->dir = (_dir); \
408 (idx)->prefs = (ps); \
409 (idx)->prefd = (pd); \
410 (idx)->ul_proto = (ulp); \
411 (idx)->internal_if = (ifp); \
412 if (s) bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len); \
413 if (d) bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len); \
414 if (s_s) bcopy((s_s), &(idx)->src_range.start, ((struct sockaddr *)(s_s))->sa_len); \
415 if (s_e) bcopy((s_e), &(idx)->src_range.end, ((struct sockaddr *)(s_e))->sa_len); \
416 if (d_s) bcopy((d_s), &(idx)->dst_range.start, ((struct sockaddr *)(d_s))->sa_len); \
417 if (d_e) bcopy((d_e), &(idx)->dst_range.end, ((struct sockaddr *)(d_e))->sa_len); \
418 } while (0)
419
420 /*
421 * set parameters into secasindex buffer.
422 * Must allocate secasindex buffer before calling this function.
423 */
424 #define KEY_SETSECASIDX(p, m, r, s, d, ifi, idx) \
425 do { \
426 bzero((idx), sizeof(struct secasindex)); \
427 (idx)->proto = (p); \
428 (idx)->mode = (m); \
429 (idx)->reqid = (r); \
430 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \
431 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \
432 (idx)->ipsec_ifindex = (ifi); \
433 } while (0)
434
435 /* key statistics */
436 struct _keystat {
437 u_int32_t getspi_count; /* the avarage of count to try to get new SPI */
438 } keystat;
439
440 struct sadb_msghdr {
441 struct sadb_msg *msg;
442 struct sadb_ext *ext[SADB_EXT_MAX + 1];
443 int extoff[SADB_EXT_MAX + 1];
444 int extlen[SADB_EXT_MAX + 1];
445 };
446
447 static struct secpolicy *__key_getspbyid(u_int32_t id);
448 static struct secasvar *key_do_allocsa_policy(struct secashead *, u_int, u_int16_t);
449 static int key_do_get_translated_port(struct secashead *, struct secasvar *, u_int);
450 static void key_delsp(struct secpolicy *);
451 static struct secpolicy *key_getsp(struct secpolicyindex *);
452 static u_int32_t key_newreqid(void);
453 static struct mbuf *key_gather_mbuf(struct mbuf *,
454 const struct sadb_msghdr *, int, int, int *);
455 static int key_spdadd(struct socket *, struct mbuf *,
456 const struct sadb_msghdr *);
457 static u_int32_t key_getnewspid(void);
458 static int key_spddelete(struct socket *, struct mbuf *,
459 const struct sadb_msghdr *);
460 static int key_spddelete2(struct socket *, struct mbuf *,
461 const struct sadb_msghdr *);
462 static int key_spdenable(struct socket *, struct mbuf *,
463 const struct sadb_msghdr *);
464 static int key_spddisable(struct socket *, struct mbuf *,
465 const struct sadb_msghdr *);
466 static int key_spdget(struct socket *, struct mbuf *,
467 const struct sadb_msghdr *);
468 static int key_spdflush(struct socket *, struct mbuf *,
469 const struct sadb_msghdr *);
470 static int key_spddump(struct socket *, struct mbuf *,
471 const struct sadb_msghdr *);
472 static struct mbuf *key_setdumpsp(struct secpolicy *,
473 u_int8_t, u_int32_t, u_int32_t);
474 static u_int key_getspreqmsglen(struct secpolicy *);
475 static int key_spdexpire(struct secpolicy *);
476 static struct secashead *key_newsah(struct secasindex *, ifnet_t, u_int, u_int8_t);
477 static struct secasvar *key_newsav(struct mbuf *,
478 const struct sadb_msghdr *, struct secashead *, int *,
479 struct socket *);
480 static struct secashead *key_getsah(struct secasindex *);
481 static struct secasvar *key_checkspidup(struct secasindex *, u_int32_t);
482 static void key_setspi __P((struct secasvar *, u_int32_t));
483 static struct secasvar *key_getsavbyspi(struct secashead *, u_int32_t);
484 static int key_setsaval(struct secasvar *, struct mbuf *,
485 const struct sadb_msghdr *);
486 static int key_mature(struct secasvar *);
487 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t,
488 u_int8_t, u_int32_t, u_int32_t);
489 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t,
490 u_int32_t, pid_t, u_int16_t);
491 static struct mbuf *key_setsadbsa(struct secasvar *);
492 static struct mbuf *key_setsadbaddr(u_int16_t,
493 struct sockaddr *, u_int8_t, u_int16_t);
494 static struct mbuf *key_setsadbipsecif(ifnet_t, ifnet_t, ifnet_t, int);
495 #if 0
496 static struct mbuf *key_setsadbident(u_int16_t, u_int16_t, caddr_t,
497 int, u_int64_t);
498 #endif
499 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t, u_int16_t);
500 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
501 u_int32_t);
502 static void *key_newbuf(const void *, u_int);
503 #if INET6
504 static int key_ismyaddr6(struct sockaddr_in6 *);
505 #endif
506 static void key_update_natt_keepalive_timestamp(struct secasvar *, struct secasvar *);
507
508 /* flags for key_cmpsaidx() */
509 #define CMP_HEAD 0x1 /* protocol, addresses. */
510 #define CMP_PORT 0x2 /* additionally HEAD, reqid, mode. */
511 #define CMP_REQID 0x4 /* additionally HEAD, reqid. */
512 #define CMP_MODE 0x8 /* additionally mode. */
513 #define CMP_EXACTLY 0xF /* all elements. */
514 static int key_cmpsaidx(struct secasindex *, struct secasindex *, int);
515
516 static int key_cmpspidx_exactly(struct secpolicyindex *,
517 struct secpolicyindex *);
518 static int key_cmpspidx_withmask(struct secpolicyindex *,
519 struct secpolicyindex *);
520 static int key_sockaddrcmp(struct sockaddr *, struct sockaddr *, int);
521 static int key_is_addr_in_range(struct sockaddr_storage *, struct secpolicyaddrrange *);
522 static int key_bbcmp(caddr_t, caddr_t, u_int);
523 static void key_srandom(void);
524 static u_int16_t key_satype2proto(u_int8_t);
525 static u_int8_t key_proto2satype(u_int16_t);
526
527 static int key_getspi(struct socket *, struct mbuf *,
528 const struct sadb_msghdr *);
529 static u_int32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *);
530 static int key_update(struct socket *, struct mbuf *,
531 const struct sadb_msghdr *);
532 #if IPSEC_DOSEQCHECK
533 static struct secasvar *key_getsavbyseq(struct secashead *, u_int32_t);
534 #endif
535 static int key_add(struct socket *, struct mbuf *, const struct sadb_msghdr *);
536 static int key_setident(struct secashead *, struct mbuf *,
537 const struct sadb_msghdr *);
538 static struct mbuf *key_getmsgbuf_x1(struct mbuf *, const struct sadb_msghdr *);
539 static int key_delete(struct socket *, struct mbuf *,
540 const struct sadb_msghdr *);
541 static int key_get(struct socket *, struct mbuf *, const struct sadb_msghdr *);
542
543 static void key_getcomb_setlifetime(struct sadb_comb *);
544 #if IPSEC_ESP
545 static struct mbuf *key_getcomb_esp(void);
546 #endif
547 static struct mbuf *key_getcomb_ah(void);
548 static struct mbuf *key_getcomb_ipcomp(void);
549 static struct mbuf *key_getprop(const struct secasindex *);
550
551 static int key_acquire(struct secasindex *, struct secpolicy *);
552 #ifndef IPSEC_NONBLOCK_ACQUIRE
553 static struct secacq *key_newacq(struct secasindex *);
554 static struct secacq *key_getacq(struct secasindex *);
555 static struct secacq *key_getacqbyseq(u_int32_t);
556 #endif
557 static struct secspacq *key_newspacq(struct secpolicyindex *);
558 static struct secspacq *key_getspacq(struct secpolicyindex *);
559 static int key_acquire2(struct socket *, struct mbuf *,
560 const struct sadb_msghdr *);
561 static int key_register(struct socket *, struct mbuf *,
562 const struct sadb_msghdr *);
563 static int key_expire(struct secasvar *);
564 static int key_flush(struct socket *, struct mbuf *,
565 const struct sadb_msghdr *);
566 static int key_dump(struct socket *, struct mbuf *, const struct sadb_msghdr *);
567 static int key_promisc(struct socket *, struct mbuf *,
568 const struct sadb_msghdr *);
569 static int key_senderror(struct socket *, struct mbuf *, int);
570 static int key_validate_ext(const struct sadb_ext *, int);
571 static int key_align(struct mbuf *, struct sadb_msghdr *);
572 static struct mbuf *key_alloc_mbuf(int);
573 static int key_getsastat (struct socket *, struct mbuf *, const struct sadb_msghdr *);
574 static int key_migrate (struct socket *, struct mbuf *, const struct sadb_msghdr *);
575 static int key_setsaval2(struct secasvar *sav,
576 u_int8_t satype,
577 u_int8_t alg_auth,
578 u_int8_t alg_enc,
579 u_int32_t flags,
580 u_int8_t replay,
581 struct sadb_key *key_auth,
582 u_int16_t key_auth_len,
583 struct sadb_key *key_enc,
584 u_int16_t key_enc_len,
585 u_int16_t natt_port,
586 u_int32_t seq,
587 u_int32_t spi,
588 u_int32_t pid,
589 struct sadb_lifetime *lifetime_hard,
590 struct sadb_lifetime *lifetime_soft);
591 static void bzero_keys(const struct sadb_msghdr *);
592
593 extern int ipsec_bypass;
594 extern int esp_udp_encap_port;
595 int ipsec_send_natt_keepalive(struct secasvar *sav);
596 bool ipsec_fill_offload_frame(ifnet_t ifp, struct secasvar *sav, struct ifnet_keepalive_offload_frame *frame, size_t frame_data_offset);
597 u_int32_t key_fill_offload_frames_for_savs (ifnet_t ifp, struct ifnet_keepalive_offload_frame *frames_array, u_int32_t frames_array_count, size_t frame_data_offset);
598
599 void key_init(struct protosw *, struct domain *);
600
601 /*
602 * PF_KEY init
603 * setup locks, call raw_init(), and then init timer and associated data
604 *
605 */
606 void
607 key_init(struct protosw *pp, struct domain *dp)
608 {
609 static int key_initialized = 0;
610 int i;
611
612 VERIFY((pp->pr_flags & (PR_INITIALIZED|PR_ATTACHED)) == PR_ATTACHED);
613
614 _CASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg)) <= _MHLEN);
615
616 if (key_initialized)
617 return;
618 key_initialized = 1;
619
620 sadb_mutex_grp_attr = lck_grp_attr_alloc_init();
621 sadb_mutex_grp = lck_grp_alloc_init("sadb", sadb_mutex_grp_attr);
622 sadb_mutex_attr = lck_attr_alloc_init();
623
624 lck_mtx_init(sadb_mutex, sadb_mutex_grp, sadb_mutex_attr);
625
626 pfkey_stat_mutex_grp_attr = lck_grp_attr_alloc_init();
627 pfkey_stat_mutex_grp = lck_grp_alloc_init("pfkey_stat", pfkey_stat_mutex_grp_attr);
628 pfkey_stat_mutex_attr = lck_attr_alloc_init();
629
630 lck_mtx_init(pfkey_stat_mutex, pfkey_stat_mutex_grp, pfkey_stat_mutex_attr);
631
632 for (i = 0; i < SPIHASHSIZE; i++)
633 LIST_INIT(&spihash[i]);
634
635 raw_init(pp, dp);
636
637 bzero((caddr_t)&key_cb, sizeof(key_cb));
638
639 for (i = 0; i < IPSEC_DIR_MAX; i++) {
640 LIST_INIT(&sptree[i]);
641 }
642 ipsec_policy_count = 0;
643
644 LIST_INIT(&sahtree);
645
646 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
647 LIST_INIT(&regtree[i]);
648 }
649 ipsec_sav_count = 0;
650
651 #ifndef IPSEC_NONBLOCK_ACQUIRE
652 LIST_INIT(&acqtree);
653 #endif
654 LIST_INIT(&spacqtree);
655
656 /* system default */
657 #if INET
658 ip4_def_policy.policy = IPSEC_POLICY_NONE;
659 ip4_def_policy.refcnt++; /*never reclaim this*/
660 #endif
661 #if INET6
662 ip6_def_policy.policy = IPSEC_POLICY_NONE;
663 ip6_def_policy.refcnt++; /*never reclaim this*/
664 #endif
665
666 key_timehandler_running = 0;
667
668 /* initialize key statistics */
669 keystat.getspi_count = 1;
670
671 #ifndef __APPLE__
672 printf("IPsec: Initialized Security Association Processing.\n");
673 #endif
674 }
675
676 static void
677 key_start_timehandler(void)
678 {
679 /* must be called while locked */
680 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
681 if (key_timehandler_running == 0) {
682 key_timehandler_running = 1;
683 (void)timeout((void *)key_timehandler, (void *)0, hz);
684 }
685
686 /* Turn off the ipsec bypass */
687 if (ipsec_bypass != 0)
688 ipsec_bypass = 0;
689 }
690
691 /* %%% IPsec policy management */
692 /*
693 * allocating a SP for OUTBOUND or INBOUND packet.
694 * Must call key_freesp() later.
695 * OUT: NULL: not found
696 * others: found and return the pointer.
697 */
698 struct secpolicy *
699 key_allocsp(
700 struct secpolicyindex *spidx,
701 u_int dir)
702 {
703 struct secpolicy *sp;
704 struct timeval tv;
705
706 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
707 /* sanity check */
708 if (spidx == NULL)
709 panic("key_allocsp: NULL pointer is passed.\n");
710
711 /* check direction */
712 switch (dir) {
713 case IPSEC_DIR_INBOUND:
714 case IPSEC_DIR_OUTBOUND:
715 break;
716 default:
717 panic("key_allocsp: Invalid direction is passed.\n");
718 }
719
720 /* get a SP entry */
721 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
722 printf("*** objects\n");
723 kdebug_secpolicyindex(spidx));
724
725 lck_mtx_lock(sadb_mutex);
726 LIST_FOREACH(sp, &sptree[dir], chain) {
727 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
728 printf("*** in SPD\n");
729 kdebug_secpolicyindex(&sp->spidx));
730
731 if (sp->state == IPSEC_SPSTATE_DEAD)
732 continue;
733
734 /* If the policy is disabled, skip */
735 if (sp->disabled > 0)
736 continue;
737
738 /* If the incoming spidx specifies bound if,
739 ignore unbound policies*/
740 if (spidx->internal_if != NULL
741 && (sp->spidx.internal_if == NULL || sp->ipsec_if == NULL))
742 continue;
743
744 if (key_cmpspidx_withmask(&sp->spidx, spidx))
745 goto found;
746 }
747 lck_mtx_unlock(sadb_mutex);
748 return NULL;
749
750 found:
751
752 /* found a SPD entry */
753 microtime(&tv);
754 sp->lastused = tv.tv_sec;
755 sp->refcnt++;
756 lck_mtx_unlock(sadb_mutex);
757
758 /* sanity check */
759 KEY_CHKSPDIR(sp->spidx.dir, dir, "key_allocsp");
760 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
761 printf("DP key_allocsp cause refcnt++:%d SP:0x%llx\n",
762 sp->refcnt, (uint64_t)VM_KERNEL_ADDRPERM(sp)));
763 return sp;
764 }
765
766 /*
767 * return a policy that matches this particular inbound packet.
768 * XXX slow
769 */
770 struct secpolicy *
771 key_gettunnel(
772 struct sockaddr *osrc,
773 struct sockaddr *odst,
774 struct sockaddr *isrc,
775 struct sockaddr *idst)
776 {
777 struct secpolicy *sp;
778 const int dir = IPSEC_DIR_INBOUND;
779 struct timeval tv;
780 struct ipsecrequest *r1, *r2, *p;
781 struct sockaddr *os, *od, *is, *id;
782 struct secpolicyindex spidx;
783
784 if (isrc->sa_family != idst->sa_family) {
785 ipseclog((LOG_ERR, "protocol family mismatched %d != %d\n.",
786 isrc->sa_family, idst->sa_family));
787 return NULL;
788 }
789
790 lck_mtx_lock(sadb_mutex);
791 LIST_FOREACH(sp, &sptree[dir], chain) {
792 if (sp->state == IPSEC_SPSTATE_DEAD)
793 continue;
794
795 r1 = r2 = NULL;
796 for (p = sp->req; p; p = p->next) {
797 if (p->saidx.mode != IPSEC_MODE_TUNNEL)
798 continue;
799
800 r1 = r2;
801 r2 = p;
802
803 if (!r1) {
804 /* here we look at address matches only */
805 spidx = sp->spidx;
806 if (isrc->sa_len > sizeof(spidx.src) ||
807 idst->sa_len > sizeof(spidx.dst))
808 continue;
809 bcopy(isrc, &spidx.src, isrc->sa_len);
810 bcopy(idst, &spidx.dst, idst->sa_len);
811 if (!key_cmpspidx_withmask(&sp->spidx, &spidx))
812 continue;
813 } else {
814 is = (struct sockaddr *)&r1->saidx.src;
815 id = (struct sockaddr *)&r1->saidx.dst;
816 if (key_sockaddrcmp(is, isrc, 0) ||
817 key_sockaddrcmp(id, idst, 0))
818 continue;
819 }
820
821 os = (struct sockaddr *)&r2->saidx.src;
822 od = (struct sockaddr *)&r2->saidx.dst;
823 if (key_sockaddrcmp(os, osrc, 0) ||
824 key_sockaddrcmp(od, odst, 0))
825 continue;
826
827 goto found;
828 }
829 }
830 lck_mtx_unlock(sadb_mutex);
831 return NULL;
832
833 found:
834 microtime(&tv);
835 sp->lastused = tv.tv_sec;
836 sp->refcnt++;
837 lck_mtx_unlock(sadb_mutex);
838 return sp;
839 }
840
841 struct secasvar *key_alloc_outbound_sav_for_interface(ifnet_t interface, int family)
842 {
843 struct secashead *sah;
844 struct secasvar *sav;
845 u_int stateidx;
846 u_int state;
847 const u_int *saorder_state_valid;
848 int arraysize;
849 struct sockaddr_in *sin;
850 u_int16_t dstport;
851
852 if (interface == NULL)
853 return NULL;
854
855 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
856
857 lck_mtx_lock(sadb_mutex);
858
859 LIST_FOREACH(sah, &sahtree, chain) {
860 if (sah->ipsec_if == interface &&
861 (family == AF_INET6 || family == AF_INET) &&
862 sah->dir == IPSEC_DIR_OUTBOUND) {
863 /* This SAH is linked to the IPSec interface, and the right family. We found it! */
864 if (key_preferred_oldsa) {
865 saorder_state_valid = saorder_state_valid_prefer_old;
866 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
867 } else {
868 saorder_state_valid = saorder_state_valid_prefer_new;
869 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
870 }
871
872 sin = (struct sockaddr_in *)&sah->saidx.dst;
873 dstport = sin->sin_port;
874 if (sah->saidx.mode == IPSEC_MODE_TRANSPORT)
875 sin->sin_port = IPSEC_PORT_ANY;
876
877 for (stateidx = 0; stateidx < arraysize; stateidx++) {
878 state = saorder_state_valid[stateidx];
879 sav = key_do_allocsa_policy(sah, state, dstport);
880 if (sav != NULL) {
881 lck_mtx_unlock(sadb_mutex);
882 return sav;
883 }
884 }
885
886 break;
887 }
888 }
889
890 lck_mtx_unlock(sadb_mutex);
891 return NULL;
892 }
893
894 /*
895 * allocating an SA entry for an *OUTBOUND* packet.
896 * checking each request entries in SP, and acquire an SA if need.
897 * OUT: 0: there are valid requests.
898 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
899 */
900 int
901 key_checkrequest(
902 struct ipsecrequest *isr,
903 struct secasindex *saidx,
904 struct secasvar **sav)
905 {
906 u_int level;
907 int error;
908 struct sockaddr_in *sin;
909
910 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
911
912 *sav = NULL;
913
914 /* sanity check */
915 if (isr == NULL || saidx == NULL)
916 panic("key_checkrequest: NULL pointer is passed.\n");
917
918 /* check mode */
919 switch (saidx->mode) {
920 case IPSEC_MODE_TRANSPORT:
921 case IPSEC_MODE_TUNNEL:
922 break;
923 case IPSEC_MODE_ANY:
924 default:
925 panic("key_checkrequest: Invalid policy defined.\n");
926 }
927
928 /* get current level */
929 level = ipsec_get_reqlevel(isr);
930
931
932 /*
933 * key_allocsa_policy should allocate the oldest SA available.
934 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
935 */
936 if (*sav == NULL)
937 *sav = key_allocsa_policy(saidx);
938
939 /* When there is SA. */
940 if (*sav != NULL)
941 return 0;
942
943 /* There is no SA.
944 *
945 * Remove dst port - used for special natt support - don't call
946 * key_acquire with it.
947 */
948 if (saidx->mode == IPSEC_MODE_TRANSPORT) {
949 sin = (struct sockaddr_in *)&saidx->dst;
950 sin->sin_port = IPSEC_PORT_ANY;
951 }
952 if ((error = key_acquire(saidx, isr->sp)) != 0) {
953 /* XXX What should I do ? */
954 ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned "
955 "from key_acquire.\n", error));
956 return error;
957 }
958
959 return level == IPSEC_LEVEL_REQUIRE ? ENOENT : 0;
960 }
961
962 /*
963 * allocating a SA for policy entry from SAD.
964 * NOTE: searching SAD of aliving state.
965 * OUT: NULL: not found.
966 * others: found and return the pointer.
967 */
968 u_int32_t sah_search_calls = 0;
969 u_int32_t sah_search_count = 0;
970 struct secasvar *
971 key_allocsa_policy(
972 struct secasindex *saidx)
973 {
974 struct secashead *sah;
975 struct secasvar *sav;
976 u_int stateidx, state;
977 const u_int *saorder_state_valid;
978 int arraysize;
979 struct sockaddr_in *sin;
980 u_int16_t dstport;
981
982 lck_mtx_lock(sadb_mutex);
983 sah_search_calls++;
984 LIST_FOREACH(sah, &sahtree, chain) {
985 sah_search_count++;
986 if (sah->state == SADB_SASTATE_DEAD)
987 continue;
988 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE | CMP_REQID))
989 goto found;
990 }
991 lck_mtx_unlock(sadb_mutex);
992 return NULL;
993
994 found:
995
996 /*
997 * search a valid state list for outbound packet.
998 * This search order is important.
999 */
1000 if (key_preferred_oldsa) {
1001 saorder_state_valid = saorder_state_valid_prefer_old;
1002 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
1003 } else {
1004 saorder_state_valid = saorder_state_valid_prefer_new;
1005 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
1006 }
1007
1008
1009 sin = (struct sockaddr_in *)&saidx->dst;
1010 dstport = sin->sin_port;
1011 if (saidx->mode == IPSEC_MODE_TRANSPORT)
1012 sin->sin_port = IPSEC_PORT_ANY;
1013
1014 for (stateidx = 0; stateidx < arraysize; stateidx++) {
1015
1016 state = saorder_state_valid[stateidx];
1017
1018 sav = key_do_allocsa_policy(sah, state, dstport);
1019 if (sav != NULL) {
1020 lck_mtx_unlock(sadb_mutex);
1021 return sav;
1022 }
1023 }
1024 lck_mtx_unlock(sadb_mutex);
1025 return NULL;
1026 }
1027
1028 static void
1029 key_send_delete (struct secasvar *sav)
1030 {
1031 struct mbuf *m, *result;
1032 u_int8_t satype;
1033
1034 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
1035
1036 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
1037 panic("key_do_allocsa_policy: invalid proto is passed.\n");
1038
1039 m = key_setsadbmsg(SADB_DELETE, 0,
1040 satype, 0, 0, sav->refcnt - 1);
1041 if (!m)
1042 goto msgfail;
1043 result = m;
1044
1045 /* set sadb_address for saidx's. */
1046 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
1047 (struct sockaddr *)&sav->sah->saidx.src,
1048 sav->sah->saidx.src.ss_len << 3,
1049 IPSEC_ULPROTO_ANY);
1050 if (!m)
1051 goto msgfail;
1052 m_cat(result, m);
1053
1054 /* set sadb_address for saidx's. */
1055 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
1056 (struct sockaddr *)&sav->sah->saidx.dst,
1057 sav->sah->saidx.src.ss_len << 3,
1058 IPSEC_ULPROTO_ANY);
1059 if (!m)
1060 goto msgfail;
1061 m_cat(result, m);
1062
1063 /* create SA extension */
1064 m = key_setsadbsa(sav);
1065 if (!m)
1066 goto msgfail;
1067 m_cat(result, m);
1068
1069 if (result->m_len < sizeof(struct sadb_msg)) {
1070 result = m_pullup(result,
1071 sizeof(struct sadb_msg));
1072 if (result == NULL)
1073 goto msgfail;
1074 }
1075
1076 result->m_pkthdr.len = 0;
1077 for (m = result; m; m = m->m_next)
1078 result->m_pkthdr.len += m->m_len;
1079 mtod(result, struct sadb_msg *)->sadb_msg_len =
1080 PFKEY_UNIT64(result->m_pkthdr.len);
1081
1082 if (key_sendup_mbuf(NULL, result,
1083 KEY_SENDUP_REGISTERED))
1084 goto msgfail;
1085 msgfail:
1086 key_freesav(sav, KEY_SADB_LOCKED);
1087 }
1088
1089 /*
1090 * searching SAD with direction, protocol, mode and state.
1091 * called by key_allocsa_policy().
1092 * OUT:
1093 * NULL : not found
1094 * others : found, pointer to a SA.
1095 */
1096 static struct secasvar *
1097 key_do_allocsa_policy(
1098 struct secashead *sah,
1099 u_int state,
1100 u_int16_t dstport)
1101 {
1102 struct secasvar *sav, *nextsav, *candidate, *natt_candidate, *no_natt_candidate, *d;
1103
1104 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1105
1106 /* initialize */
1107 candidate = NULL;
1108 natt_candidate = NULL;
1109 no_natt_candidate = NULL;
1110
1111 for (sav = LIST_FIRST(&sah->savtree[state]);
1112 sav != NULL;
1113 sav = nextsav) {
1114
1115 nextsav = LIST_NEXT(sav, chain);
1116
1117 /* sanity check */
1118 KEY_CHKSASTATE(sav->state, state, "key_do_allocsa_policy");
1119
1120 if (sah->saidx.mode == IPSEC_MODE_TUNNEL && dstport &&
1121 ((sav->flags & SADB_X_EXT_NATT) != 0) &&
1122 ntohs(dstport) != sav->remote_ike_port)
1123 continue;
1124
1125 if (sah->saidx.mode == IPSEC_MODE_TRANSPORT &&
1126 ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0) &&
1127 ntohs(dstport) != sav->remote_ike_port)
1128 continue; /* skip this one - not a match - or not UDP */
1129
1130 if ((sah->saidx.mode == IPSEC_MODE_TUNNEL &&
1131 ((sav->flags & SADB_X_EXT_NATT) != 0)) ||
1132 (sah->saidx.mode == IPSEC_MODE_TRANSPORT &&
1133 ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0))) {
1134 if (natt_candidate == NULL) {
1135 natt_candidate = sav;
1136 continue;
1137 } else
1138 candidate = natt_candidate;
1139 } else {
1140 if (no_natt_candidate == NULL) {
1141 no_natt_candidate = sav;
1142 continue;
1143 } else
1144 candidate = no_natt_candidate;
1145 }
1146
1147 /* Which SA is the better ? */
1148
1149 /* sanity check 2 */
1150 if (candidate->lft_c == NULL || sav->lft_c == NULL)
1151 panic("key_do_allocsa_policy: "
1152 "lifetime_current is NULL.\n");
1153
1154 /* What the best method is to compare ? */
1155 if (key_preferred_oldsa) {
1156 if (candidate->lft_c->sadb_lifetime_addtime >
1157 sav->lft_c->sadb_lifetime_addtime) {
1158 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
1159 natt_candidate = sav;
1160 else
1161 no_natt_candidate = sav;
1162 }
1163 continue;
1164 /*NOTREACHED*/
1165 }
1166
1167 /* prefered new sa rather than old sa */
1168 if (candidate->lft_c->sadb_lifetime_addtime <
1169 sav->lft_c->sadb_lifetime_addtime) {
1170 d = candidate;
1171 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
1172 natt_candidate = sav;
1173 else
1174 no_natt_candidate = sav;
1175 } else
1176 d = sav;
1177
1178 /*
1179 * prepared to delete the SA when there is more
1180 * suitable candidate and the lifetime of the SA is not
1181 * permanent.
1182 */
1183 if (d->lft_c->sadb_lifetime_addtime != 0) {
1184 key_send_delete(d);
1185 }
1186 }
1187
1188 /* choose latest if both types present */
1189 if (natt_candidate == NULL)
1190 candidate = no_natt_candidate;
1191 else if (no_natt_candidate == NULL)
1192 candidate = natt_candidate;
1193 else if (sah->saidx.mode == IPSEC_MODE_TUNNEL && dstport)
1194 candidate = natt_candidate;
1195 else if (natt_candidate->lft_c->sadb_lifetime_addtime >
1196 no_natt_candidate->lft_c->sadb_lifetime_addtime)
1197 candidate = natt_candidate;
1198 else
1199 candidate = no_natt_candidate;
1200
1201 if (candidate) {
1202 candidate->refcnt++;
1203 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1204 printf("DP allocsa_policy cause "
1205 "refcnt++:%d SA:0x%llx\n", candidate->refcnt,
1206 (uint64_t)VM_KERNEL_ADDRPERM(candidate)));
1207 }
1208 return candidate;
1209 }
1210
1211 /*
1212 * allocating a SA entry for a *INBOUND* packet.
1213 * Must call key_freesav() later.
1214 * OUT: positive: pointer to a sav.
1215 * NULL: not found, or error occurred.
1216 *
1217 * In the comparison, source address will be ignored for RFC2401 conformance.
1218 * To quote, from section 4.1:
1219 * A security association is uniquely identified by a triple consisting
1220 * of a Security Parameter Index (SPI), an IP Destination Address, and a
1221 * security protocol (AH or ESP) identifier.
1222 * Note that, however, we do need to keep source address in IPsec SA.
1223 * IKE specification and PF_KEY specification do assume that we
1224 * keep source address in IPsec SA. We see a tricky situation here.
1225 */
1226 struct secasvar *
1227 key_allocsa(
1228 u_int family,
1229 caddr_t src,
1230 caddr_t dst,
1231 u_int proto,
1232 u_int32_t spi)
1233 {
1234 struct secasvar *sav, *match;
1235 u_int stateidx, state, tmpidx, matchidx;
1236 struct sockaddr_in sin;
1237 struct sockaddr_in6 sin6;
1238 const u_int *saorder_state_valid;
1239 int arraysize;
1240
1241 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
1242
1243 /* sanity check */
1244 if (src == NULL || dst == NULL)
1245 panic("key_allocsa: NULL pointer is passed.\n");
1246
1247 /*
1248 * when both systems employ similar strategy to use a SA.
1249 * the search order is important even in the inbound case.
1250 */
1251 if (key_preferred_oldsa) {
1252 saorder_state_valid = saorder_state_valid_prefer_old;
1253 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
1254 } else {
1255 saorder_state_valid = saorder_state_valid_prefer_new;
1256 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
1257 }
1258
1259 /*
1260 * searching SAD.
1261 * XXX: to be checked internal IP header somewhere. Also when
1262 * IPsec tunnel packet is received. But ESP tunnel mode is
1263 * encrypted so we can't check internal IP header.
1264 */
1265 /*
1266 * search a valid state list for inbound packet.
1267 * the search order is not important.
1268 */
1269 match = NULL;
1270 matchidx = arraysize;
1271 lck_mtx_lock(sadb_mutex);
1272 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
1273 if (sav->spi != spi)
1274 continue;
1275 if (proto != sav->sah->saidx.proto)
1276 continue;
1277 if (family != sav->sah->saidx.src.ss_family ||
1278 family != sav->sah->saidx.dst.ss_family)
1279 continue;
1280 tmpidx = arraysize;
1281 for (stateidx = 0; stateidx < matchidx; stateidx++) {
1282 state = saorder_state_valid[stateidx];
1283 if (sav->state == state) {
1284 tmpidx = stateidx;
1285 break;
1286 }
1287 }
1288 if (tmpidx >= matchidx)
1289 continue;
1290
1291 #if 0 /* don't check src */
1292 /* check src address */
1293 switch (family) {
1294 case AF_INET:
1295 bzero(&sin, sizeof(sin));
1296 sin.sin_family = AF_INET;
1297 sin.sin_len = sizeof(sin);
1298 bcopy(src, &sin.sin_addr,
1299 sizeof(sin.sin_addr));
1300 if (key_sockaddrcmp((struct sockaddr*)&sin,
1301 (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
1302 continue;
1303 break;
1304 case AF_INET6:
1305 bzero(&sin6, sizeof(sin6));
1306 sin6.sin6_family = AF_INET6;
1307 sin6.sin6_len = sizeof(sin6);
1308 bcopy(src, &sin6.sin6_addr,
1309 sizeof(sin6.sin6_addr));
1310 if (IN6_IS_SCOPE_LINKLOCAL(&sin6.sin6_addr)) {
1311 /* kame fake scopeid */
1312 sin6.sin6_scope_id =
1313 ntohs(sin6.sin6_addr.s6_addr16[1]);
1314 sin6.sin6_addr.s6_addr16[1] = 0;
1315 }
1316 if (key_sockaddrcmp((struct sockaddr*)&sin6,
1317 (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
1318 continue;
1319 break;
1320 default:
1321 ipseclog((LOG_DEBUG, "key_allocsa: "
1322 "unknown address family=%d.\n",
1323 family));
1324 continue;
1325 }
1326
1327 #endif
1328 /* check dst address */
1329 switch (family) {
1330 case AF_INET:
1331 bzero(&sin, sizeof(sin));
1332 sin.sin_family = AF_INET;
1333 sin.sin_len = sizeof(sin);
1334 bcopy(dst, &sin.sin_addr,
1335 sizeof(sin.sin_addr));
1336 if (key_sockaddrcmp((struct sockaddr*)&sin,
1337 (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
1338 continue;
1339
1340 break;
1341 case AF_INET6:
1342 bzero(&sin6, sizeof(sin6));
1343 sin6.sin6_family = AF_INET6;
1344 sin6.sin6_len = sizeof(sin6);
1345 bcopy(dst, &sin6.sin6_addr,
1346 sizeof(sin6.sin6_addr));
1347 if (IN6_IS_SCOPE_LINKLOCAL(&sin6.sin6_addr)) {
1348 /* kame fake scopeid */
1349 sin6.sin6_scope_id =
1350 ntohs(sin6.sin6_addr.s6_addr16[1]);
1351 sin6.sin6_addr.s6_addr16[1] = 0;
1352 }
1353 if (key_sockaddrcmp((struct sockaddr*)&sin6,
1354 (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
1355 continue;
1356 break;
1357 default:
1358 ipseclog((LOG_DEBUG, "key_allocsa: "
1359 "unknown address family=%d.\n", family));
1360 continue;
1361 }
1362
1363 match = sav;
1364 matchidx = tmpidx;
1365 }
1366 if (match)
1367 goto found;
1368
1369 /* not found */
1370 lck_mtx_unlock(sadb_mutex);
1371 return NULL;
1372
1373 found:
1374 match->refcnt++;
1375 lck_mtx_unlock(sadb_mutex);
1376 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1377 printf("DP allocsa cause refcnt++:%d SA:0x%llx\n",
1378 match->refcnt, (uint64_t)VM_KERNEL_ADDRPERM(match)));
1379 return match;
1380 }
1381
1382 u_int16_t
1383 key_natt_get_translated_port(
1384 struct secasvar *outsav)
1385 {
1386
1387 struct secasindex saidx;
1388 struct secashead *sah;
1389 u_int stateidx, state;
1390 const u_int *saorder_state_valid;
1391 int arraysize;
1392
1393 /* get sa for incoming */
1394 saidx.mode = outsav->sah->saidx.mode;
1395 saidx.reqid = 0;
1396 saidx.proto = outsav->sah->saidx.proto;
1397 bcopy(&outsav->sah->saidx.src, &saidx.dst, sizeof(struct sockaddr_in));
1398 bcopy(&outsav->sah->saidx.dst, &saidx.src, sizeof(struct sockaddr_in));
1399
1400 lck_mtx_lock(sadb_mutex);
1401 LIST_FOREACH(sah, &sahtree, chain) {
1402 if (sah->state == SADB_SASTATE_DEAD)
1403 continue;
1404 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE))
1405 goto found;
1406 }
1407 lck_mtx_unlock(sadb_mutex);
1408 return 0;
1409
1410 found:
1411 /*
1412 * Found sah - now go thru list of SAs and find
1413 * matching remote ike port. If found - set
1414 * sav->natt_encapsulated_src_port and return the port.
1415 */
1416 /*
1417 * search a valid state list for outbound packet.
1418 * This search order is important.
1419 */
1420 if (key_preferred_oldsa) {
1421 saorder_state_valid = saorder_state_valid_prefer_old;
1422 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
1423 } else {
1424 saorder_state_valid = saorder_state_valid_prefer_new;
1425 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
1426 }
1427
1428 for (stateidx = 0; stateidx < arraysize; stateidx++) {
1429 state = saorder_state_valid[stateidx];
1430 if (key_do_get_translated_port(sah, outsav, state)) {
1431 lck_mtx_unlock(sadb_mutex);
1432 return outsav->natt_encapsulated_src_port;
1433 }
1434 }
1435 lck_mtx_unlock(sadb_mutex);
1436 return 0;
1437 }
1438
1439 static int
1440 key_do_get_translated_port(
1441 struct secashead *sah,
1442 struct secasvar *outsav,
1443 u_int state)
1444 {
1445 struct secasvar *currsav, *nextsav, *candidate;
1446
1447
1448 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1449
1450 /* initilize */
1451 candidate = NULL;
1452
1453 for (currsav = LIST_FIRST(&sah->savtree[state]);
1454 currsav != NULL;
1455 currsav = nextsav) {
1456
1457 nextsav = LIST_NEXT(currsav, chain);
1458
1459 /* sanity check */
1460 KEY_CHKSASTATE(currsav->state, state, "key_do_get_translated_port");
1461
1462 if ((currsav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) == 0 ||
1463 currsav->remote_ike_port != outsav->remote_ike_port)
1464 continue;
1465
1466 if (candidate == NULL) {
1467 candidate = currsav;
1468 continue;
1469 }
1470
1471 /* Which SA is the better ? */
1472
1473 /* sanity check 2 */
1474 if (candidate->lft_c == NULL || currsav->lft_c == NULL)
1475 panic("key_do_get_translated_port: "
1476 "lifetime_current is NULL.\n");
1477
1478 /* What the best method is to compare ? */
1479 if (key_preferred_oldsa) {
1480 if (candidate->lft_c->sadb_lifetime_addtime >
1481 currsav->lft_c->sadb_lifetime_addtime) {
1482 candidate = currsav;
1483 }
1484 continue;
1485 /*NOTREACHED*/
1486 }
1487
1488 /* prefered new sa rather than old sa */
1489 if (candidate->lft_c->sadb_lifetime_addtime <
1490 currsav->lft_c->sadb_lifetime_addtime)
1491 candidate = currsav;
1492 }
1493
1494 if (candidate) {
1495 outsav->natt_encapsulated_src_port = candidate->natt_encapsulated_src_port;
1496 return 1;
1497 }
1498
1499 return 0;
1500 }
1501
1502 /*
1503 * Must be called after calling key_allocsp().
1504 */
1505 void
1506 key_freesp(
1507 struct secpolicy *sp,
1508 int locked)
1509 {
1510
1511 /* sanity check */
1512 if (sp == NULL)
1513 panic("key_freesp: NULL pointer is passed.\n");
1514
1515 if (!locked)
1516 lck_mtx_lock(sadb_mutex);
1517 else
1518 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1519 sp->refcnt--;
1520 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1521 printf("DP freesp cause refcnt--:%d SP:0x%llx\n",
1522 sp->refcnt, (uint64_t)VM_KERNEL_ADDRPERM(sp)));
1523
1524 if (sp->refcnt == 0)
1525 key_delsp(sp);
1526 if (!locked)
1527 lck_mtx_unlock(sadb_mutex);
1528 return;
1529 }
1530
1531 /*
1532 * Must be called after calling key_allocsa().
1533 * This function is called by key_freesp() to free some SA allocated
1534 * for a policy.
1535 */
1536 void
1537 key_freesav(
1538 struct secasvar *sav,
1539 int locked)
1540 {
1541
1542 /* sanity check */
1543 if (sav == NULL)
1544 panic("key_freesav: NULL pointer is passed.\n");
1545
1546 if (!locked)
1547 lck_mtx_lock(sadb_mutex);
1548 else
1549 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1550 sav->refcnt--;
1551 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1552 printf("DP freesav cause refcnt--:%d SA:0x%llx SPI %u\n",
1553 sav->refcnt, (uint64_t)VM_KERNEL_ADDRPERM(sav),
1554 (u_int32_t)ntohl(sav->spi)));
1555
1556 if (sav->refcnt == 0)
1557 key_delsav(sav);
1558 if (!locked)
1559 lck_mtx_unlock(sadb_mutex);
1560 return;
1561 }
1562
1563 /* %%% SPD management */
1564 /*
1565 * free security policy entry.
1566 */
1567 static void
1568 key_delsp(
1569 struct secpolicy *sp)
1570 {
1571
1572 /* sanity check */
1573 if (sp == NULL)
1574 panic("key_delsp: NULL pointer is passed.\n");
1575
1576 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1577 sp->state = IPSEC_SPSTATE_DEAD;
1578
1579 if (sp->refcnt > 0)
1580 return; /* can't free */
1581
1582 /* remove from SP index */
1583 if (__LIST_CHAINED(sp)) {
1584 LIST_REMOVE(sp, chain);
1585 ipsec_policy_count--;
1586 }
1587
1588 if (sp->spidx.internal_if) {
1589 ifnet_release(sp->spidx.internal_if);
1590 sp->spidx.internal_if = NULL;
1591 }
1592
1593 if (sp->ipsec_if) {
1594 ifnet_release(sp->ipsec_if);
1595 sp->ipsec_if = NULL;
1596 }
1597
1598 if (sp->outgoing_if) {
1599 ifnet_release(sp->outgoing_if);
1600 sp->outgoing_if = NULL;
1601 }
1602
1603 {
1604 struct ipsecrequest *isr = sp->req, *nextisr;
1605
1606 while (isr != NULL) {
1607 nextisr = isr->next;
1608 KFREE(isr);
1609 isr = nextisr;
1610 }
1611 }
1612 keydb_delsecpolicy(sp);
1613
1614 return;
1615 }
1616
1617 /*
1618 * search SPD
1619 * OUT: NULL : not found
1620 * others : found, pointer to a SP.
1621 */
1622 static struct secpolicy *
1623 key_getsp(
1624 struct secpolicyindex *spidx)
1625 {
1626 struct secpolicy *sp;
1627
1628 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1629
1630 /* sanity check */
1631 if (spidx == NULL)
1632 panic("key_getsp: NULL pointer is passed.\n");
1633
1634 LIST_FOREACH(sp, &sptree[spidx->dir], chain) {
1635 if (sp->state == IPSEC_SPSTATE_DEAD)
1636 continue;
1637 if (key_cmpspidx_exactly(spidx, &sp->spidx)) {
1638 sp->refcnt++;
1639 return sp;
1640 }
1641 }
1642
1643 return NULL;
1644 }
1645
1646 /*
1647 * get SP by index.
1648 * OUT: NULL : not found
1649 * others : found, pointer to a SP.
1650 */
1651 struct secpolicy *
1652 key_getspbyid(
1653 u_int32_t id)
1654 {
1655 struct secpolicy *sp;
1656
1657 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
1658
1659 lck_mtx_lock(sadb_mutex);
1660 sp = __key_getspbyid(id);
1661 lck_mtx_unlock(sadb_mutex);
1662
1663 return sp;
1664 }
1665
1666 static struct secpolicy *
1667 __key_getspbyid(u_int32_t id)
1668 {
1669 struct secpolicy *sp;
1670
1671 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1672
1673 LIST_FOREACH(sp, &sptree[IPSEC_DIR_INBOUND], chain) {
1674 if (sp->state == IPSEC_SPSTATE_DEAD)
1675 continue;
1676 if (sp->id == id) {
1677 sp->refcnt++;
1678 return sp;
1679 }
1680 }
1681
1682 LIST_FOREACH(sp, &sptree[IPSEC_DIR_OUTBOUND], chain) {
1683 if (sp->state == IPSEC_SPSTATE_DEAD)
1684 continue;
1685 if (sp->id == id) {
1686 sp->refcnt++;
1687 return sp;
1688 }
1689 }
1690
1691 return NULL;
1692 }
1693
1694 struct secpolicy *
1695 key_newsp(void)
1696 {
1697 struct secpolicy *newsp = NULL;
1698
1699 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
1700 newsp = keydb_newsecpolicy();
1701 if (!newsp)
1702 return newsp;
1703
1704 newsp->refcnt = 1;
1705 newsp->req = NULL;
1706
1707 return newsp;
1708 }
1709
1710 /*
1711 * create secpolicy structure from sadb_x_policy structure.
1712 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1713 * so must be set properly later.
1714 */
1715 struct secpolicy *
1716 key_msg2sp(
1717 struct sadb_x_policy *xpl0,
1718 size_t len,
1719 int *error)
1720 {
1721 struct secpolicy *newsp;
1722
1723 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
1724
1725 /* sanity check */
1726 if (xpl0 == NULL)
1727 panic("key_msg2sp: NULL pointer was passed.\n");
1728 if (len < sizeof(*xpl0))
1729 panic("key_msg2sp: invalid length.\n");
1730 if (len != PFKEY_EXTLEN(xpl0)) {
1731 ipseclog((LOG_DEBUG, "key_msg2sp: Invalid msg length.\n"));
1732 *error = EINVAL;
1733 return NULL;
1734 }
1735
1736 if ((newsp = key_newsp()) == NULL) {
1737 *error = ENOBUFS;
1738 return NULL;
1739 }
1740
1741 newsp->spidx.dir = xpl0->sadb_x_policy_dir;
1742 newsp->policy = xpl0->sadb_x_policy_type;
1743
1744 /* check policy */
1745 switch (xpl0->sadb_x_policy_type) {
1746 case IPSEC_POLICY_DISCARD:
1747 case IPSEC_POLICY_GENERATE:
1748 case IPSEC_POLICY_NONE:
1749 case IPSEC_POLICY_ENTRUST:
1750 case IPSEC_POLICY_BYPASS:
1751 newsp->req = NULL;
1752 break;
1753
1754 case IPSEC_POLICY_IPSEC:
1755 {
1756 int tlen;
1757 struct sadb_x_ipsecrequest *xisr;
1758 struct ipsecrequest **p_isr = &newsp->req;
1759
1760 /* validity check */
1761 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
1762 ipseclog((LOG_DEBUG,
1763 "key_msg2sp: Invalid msg length.\n"));
1764 key_freesp(newsp, KEY_SADB_UNLOCKED);
1765 *error = EINVAL;
1766 return NULL;
1767 }
1768
1769 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
1770 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
1771
1772 while (tlen > 0) {
1773
1774 /* length check */
1775 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
1776 ipseclog((LOG_DEBUG, "key_msg2sp: "
1777 "invalid ipsecrequest length.\n"));
1778 key_freesp(newsp, KEY_SADB_UNLOCKED);
1779 *error = EINVAL;
1780 return NULL;
1781 }
1782
1783 /* allocate request buffer */
1784 KMALLOC_WAIT(*p_isr, struct ipsecrequest *, sizeof(**p_isr));
1785 if ((*p_isr) == NULL) {
1786 ipseclog((LOG_DEBUG,
1787 "key_msg2sp: No more memory.\n"));
1788 key_freesp(newsp, KEY_SADB_UNLOCKED);
1789 *error = ENOBUFS;
1790 return NULL;
1791 }
1792 bzero(*p_isr, sizeof(**p_isr));
1793
1794 /* set values */
1795 (*p_isr)->next = NULL;
1796
1797 switch (xisr->sadb_x_ipsecrequest_proto) {
1798 case IPPROTO_ESP:
1799 case IPPROTO_AH:
1800 case IPPROTO_IPCOMP:
1801 break;
1802 default:
1803 ipseclog((LOG_DEBUG,
1804 "key_msg2sp: invalid proto type=%u\n",
1805 xisr->sadb_x_ipsecrequest_proto));
1806 key_freesp(newsp, KEY_SADB_UNLOCKED);
1807 *error = EPROTONOSUPPORT;
1808 return NULL;
1809 }
1810 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
1811
1812 switch (xisr->sadb_x_ipsecrequest_mode) {
1813 case IPSEC_MODE_TRANSPORT:
1814 case IPSEC_MODE_TUNNEL:
1815 break;
1816 case IPSEC_MODE_ANY:
1817 default:
1818 ipseclog((LOG_DEBUG,
1819 "key_msg2sp: invalid mode=%u\n",
1820 xisr->sadb_x_ipsecrequest_mode));
1821 key_freesp(newsp, KEY_SADB_UNLOCKED);
1822 *error = EINVAL;
1823 return NULL;
1824 }
1825 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
1826
1827 switch (xisr->sadb_x_ipsecrequest_level) {
1828 case IPSEC_LEVEL_DEFAULT:
1829 case IPSEC_LEVEL_USE:
1830 case IPSEC_LEVEL_REQUIRE:
1831 break;
1832 case IPSEC_LEVEL_UNIQUE:
1833 /* validity check */
1834 /*
1835 * If range violation of reqid, kernel will
1836 * update it, don't refuse it.
1837 */
1838 if (xisr->sadb_x_ipsecrequest_reqid
1839 > IPSEC_MANUAL_REQID_MAX) {
1840 ipseclog((LOG_DEBUG,
1841 "key_msg2sp: reqid=%d range "
1842 "violation, updated by kernel.\n",
1843 xisr->sadb_x_ipsecrequest_reqid));
1844 xisr->sadb_x_ipsecrequest_reqid = 0;
1845 }
1846
1847 /* allocate new reqid id if reqid is zero. */
1848 if (xisr->sadb_x_ipsecrequest_reqid == 0) {
1849 u_int32_t reqid;
1850 if ((reqid = key_newreqid()) == 0) {
1851 key_freesp(newsp, KEY_SADB_UNLOCKED);
1852 *error = ENOBUFS;
1853 return NULL;
1854 }
1855 (*p_isr)->saidx.reqid = reqid;
1856 xisr->sadb_x_ipsecrequest_reqid = reqid;
1857 } else {
1858 /* set it for manual keying. */
1859 (*p_isr)->saidx.reqid =
1860 xisr->sadb_x_ipsecrequest_reqid;
1861 }
1862 break;
1863
1864 default:
1865 ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n",
1866 xisr->sadb_x_ipsecrequest_level));
1867 key_freesp(newsp, KEY_SADB_UNLOCKED);
1868 *error = EINVAL;
1869 return NULL;
1870 }
1871 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
1872
1873 /* set IP addresses if there */
1874 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
1875 struct sockaddr *paddr;
1876
1877 paddr = (struct sockaddr *)(xisr + 1);
1878
1879 /* validity check */
1880 if (paddr->sa_len
1881 > sizeof((*p_isr)->saidx.src)) {
1882 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1883 "address length.\n"));
1884 key_freesp(newsp, KEY_SADB_UNLOCKED);
1885 *error = EINVAL;
1886 return NULL;
1887 }
1888 bcopy(paddr, &(*p_isr)->saidx.src,
1889 paddr->sa_len);
1890
1891 paddr = (struct sockaddr *)((caddr_t)paddr
1892 + paddr->sa_len);
1893
1894 /* validity check */
1895 if (paddr->sa_len
1896 > sizeof((*p_isr)->saidx.dst)) {
1897 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1898 "address length.\n"));
1899 key_freesp(newsp, KEY_SADB_UNLOCKED);
1900 *error = EINVAL;
1901 return NULL;
1902 }
1903 bcopy(paddr, &(*p_isr)->saidx.dst,
1904 paddr->sa_len);
1905 }
1906
1907 (*p_isr)->sp = newsp;
1908
1909 /* initialization for the next. */
1910 p_isr = &(*p_isr)->next;
1911 tlen -= xisr->sadb_x_ipsecrequest_len;
1912
1913 /* validity check */
1914 if (tlen < 0) {
1915 ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n"));
1916 key_freesp(newsp, KEY_SADB_UNLOCKED);
1917 *error = EINVAL;
1918 return NULL;
1919 }
1920
1921 xisr = (struct sadb_x_ipsecrequest *)(void *)
1922 ((caddr_t)xisr + xisr->sadb_x_ipsecrequest_len);
1923 }
1924 }
1925 break;
1926 default:
1927 ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n"));
1928 key_freesp(newsp, KEY_SADB_UNLOCKED);
1929 *error = EINVAL;
1930 return NULL;
1931 }
1932
1933 *error = 0;
1934 return newsp;
1935 }
1936
1937 static u_int32_t
1938 key_newreqid(void)
1939 {
1940 lck_mtx_lock(sadb_mutex);
1941 static u_int32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
1942 int done = 0;
1943
1944 /* The reqid must be limited to 16 bits because the PF_KEY message format only uses
1945 16 bits for this field. Once it becomes larger than 16 bits - ipsec fails to
1946 work anymore. Changing the PF_KEY message format would introduce compatibility
1947 issues. This code now tests to see if the tentative reqid is in use */
1948
1949 while (!done) {
1950 struct secpolicy *sp;
1951 struct ipsecrequest *isr;
1952 int dir;
1953
1954 auto_reqid = (auto_reqid == 0xFFFF
1955 ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
1956
1957 /* check for uniqueness */
1958 done = 1;
1959 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
1960 LIST_FOREACH(sp, &sptree[dir], chain) {
1961 for (isr = sp->req; isr != NULL; isr = isr->next) {
1962 if (isr->saidx.reqid == auto_reqid) {
1963 done = 0;
1964 break;
1965 }
1966 }
1967 if (done == 0)
1968 break;
1969 }
1970 if (done == 0)
1971 break;
1972 }
1973 }
1974
1975 lck_mtx_unlock(sadb_mutex);
1976 return auto_reqid;
1977 }
1978
1979 /*
1980 * copy secpolicy struct to sadb_x_policy structure indicated.
1981 */
1982 struct mbuf *
1983 key_sp2msg(
1984 struct secpolicy *sp)
1985 {
1986 struct sadb_x_policy *xpl;
1987 int tlen;
1988 caddr_t p;
1989 struct mbuf *m;
1990
1991 /* sanity check. */
1992 if (sp == NULL)
1993 panic("key_sp2msg: NULL pointer was passed.\n");
1994
1995 tlen = key_getspreqmsglen(sp);
1996
1997 m = key_alloc_mbuf(tlen);
1998 if (!m || m->m_next) { /*XXX*/
1999 if (m)
2000 m_freem(m);
2001 return NULL;
2002 }
2003
2004 m->m_len = tlen;
2005 m->m_next = NULL;
2006 xpl = mtod(m, struct sadb_x_policy *);
2007 bzero(xpl, tlen);
2008
2009 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
2010 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
2011 xpl->sadb_x_policy_type = sp->policy;
2012 xpl->sadb_x_policy_dir = sp->spidx.dir;
2013 xpl->sadb_x_policy_id = sp->id;
2014 p = (caddr_t)xpl + sizeof(*xpl);
2015
2016 /* if is the policy for ipsec ? */
2017 if (sp->policy == IPSEC_POLICY_IPSEC) {
2018 struct sadb_x_ipsecrequest *xisr;
2019 struct ipsecrequest *isr;
2020
2021 for (isr = sp->req; isr != NULL; isr = isr->next) {
2022
2023 xisr = (struct sadb_x_ipsecrequest *)(void *)p;
2024
2025 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
2026 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
2027 xisr->sadb_x_ipsecrequest_level = isr->level;
2028 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
2029
2030 p += sizeof(*xisr);
2031 bcopy(&isr->saidx.src, p, isr->saidx.src.ss_len);
2032 p += isr->saidx.src.ss_len;
2033 bcopy(&isr->saidx.dst, p, isr->saidx.dst.ss_len);
2034 p += isr->saidx.src.ss_len;
2035
2036 xisr->sadb_x_ipsecrequest_len =
2037 PFKEY_ALIGN8(sizeof(*xisr)
2038 + isr->saidx.src.ss_len
2039 + isr->saidx.dst.ss_len);
2040 }
2041 }
2042
2043 return m;
2044 }
2045
2046 /* m will not be freed nor modified */
2047 static struct mbuf *
2048 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
2049 int ndeep, int nitem, int *items)
2050 {
2051 int idx;
2052 int i;
2053 struct mbuf *result = NULL, *n;
2054 int len;
2055
2056 if (m == NULL || mhp == NULL)
2057 panic("null pointer passed to key_gather");
2058
2059 for (i = 0; i < nitem; i++) {
2060 idx = items[i];
2061 if (idx < 0 || idx > SADB_EXT_MAX)
2062 goto fail;
2063 /* don't attempt to pull empty extension */
2064 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
2065 continue;
2066 if (idx != SADB_EXT_RESERVED &&
2067 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
2068 continue;
2069
2070 if (idx == SADB_EXT_RESERVED) {
2071 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2072 MGETHDR(n, M_WAITOK, MT_DATA); // sadb_msg len < MHLEN - enforced by _CASSERT
2073 if (!n)
2074 goto fail;
2075 n->m_len = len;
2076 n->m_next = NULL;
2077 m_copydata(m, 0, sizeof(struct sadb_msg),
2078 mtod(n, caddr_t));
2079 } else if (i < ndeep) {
2080 len = mhp->extlen[idx];
2081 n = key_alloc_mbuf(len);
2082 if (!n || n->m_next) { /*XXX*/
2083 if (n)
2084 m_freem(n);
2085 goto fail;
2086 }
2087 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
2088 mtod(n, caddr_t));
2089 } else {
2090 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
2091 M_WAITOK);
2092 }
2093 if (n == NULL)
2094 goto fail;
2095
2096 if (result)
2097 m_cat(result, n);
2098 else
2099 result = n;
2100 }
2101
2102 if ((result->m_flags & M_PKTHDR) != 0) {
2103 result->m_pkthdr.len = 0;
2104 for (n = result; n; n = n->m_next)
2105 result->m_pkthdr.len += n->m_len;
2106 }
2107
2108 return result;
2109
2110 fail:
2111 m_freem(result);
2112 return NULL;
2113 }
2114
2115 /*
2116 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
2117 * add a entry to SP database, when received
2118 * <base, address(SD), (lifetime(H),) policy>
2119 * from the user(?).
2120 * Adding to SP database,
2121 * and send
2122 * <base, address(SD), (lifetime(H),) policy>
2123 * to the socket which was send.
2124 *
2125 * SPDADD set a unique policy entry.
2126 * SPDSETIDX like SPDADD without a part of policy requests.
2127 * SPDUPDATE replace a unique policy entry.
2128 *
2129 * m will always be freed.
2130 */
2131 static int
2132 key_spdadd(
2133 struct socket *so,
2134 struct mbuf *m,
2135 const struct sadb_msghdr *mhp)
2136 {
2137 struct sadb_address *src0, *dst0, *src1, *dst1;
2138 struct sadb_x_policy *xpl0, *xpl;
2139 struct sadb_lifetime *lft = NULL;
2140 struct secpolicyindex spidx;
2141 struct secpolicy *newsp;
2142 struct timeval tv;
2143 ifnet_t internal_if = NULL;
2144 char *outgoing_if = NULL;
2145 char *ipsec_if = NULL;
2146 struct sadb_x_ipsecif *ipsecifopts = NULL;
2147 int error;
2148 int use_src_range = 0;
2149 int use_dst_range = 0;
2150 int init_disabled = 0;
2151 int address_family, address_len;
2152
2153 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2154
2155 /* sanity check */
2156 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2157 panic("key_spdadd: NULL pointer is passed.\n");
2158
2159 if (mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_START] != NULL && mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_END] != NULL) {
2160 use_src_range = 1;
2161 }
2162 if (mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_START] != NULL && mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_END] != NULL) {
2163 use_dst_range = 1;
2164 }
2165
2166 if ((!use_src_range && mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL) ||
2167 (!use_dst_range && mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) ||
2168 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
2169 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
2170 return key_senderror(so, m, EINVAL);
2171 }
2172 if ((use_src_range && (mhp->extlen[SADB_X_EXT_ADDR_RANGE_SRC_START] < sizeof(struct sadb_address)
2173 || mhp->extlen[SADB_X_EXT_ADDR_RANGE_SRC_END] < sizeof(struct sadb_address))) ||
2174 (!use_src_range && mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address)) ||
2175 (use_dst_range && (mhp->extlen[SADB_X_EXT_ADDR_RANGE_DST_START] < sizeof(struct sadb_address)
2176 || mhp->extlen[SADB_X_EXT_ADDR_RANGE_DST_END] < sizeof(struct sadb_address))) ||
2177 (!use_dst_range && mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) ||
2178 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2179 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
2180 return key_senderror(so, m, EINVAL);
2181 }
2182 if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
2183 if (mhp->extlen[SADB_EXT_LIFETIME_HARD]
2184 < sizeof(struct sadb_lifetime)) {
2185 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
2186 return key_senderror(so, m, EINVAL);
2187 }
2188 lft = (struct sadb_lifetime *)
2189 (void *)mhp->ext[SADB_EXT_LIFETIME_HARD];
2190 }
2191 if (mhp->ext[SADB_X_EXT_IPSECIF] != NULL) {
2192 if (mhp->extlen[SADB_X_EXT_IPSECIF] < sizeof(struct sadb_x_ipsecif)) {
2193 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
2194 return key_senderror(so, m, EINVAL);
2195 }
2196 }
2197
2198 if (use_src_range) {
2199 src0 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_START];
2200 src1 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_END];
2201 } else {
2202 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
2203 }
2204 if (use_dst_range) {
2205 dst0 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_START];
2206 dst1 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_END];
2207 } else {
2208 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
2209 }
2210 xpl0 = (struct sadb_x_policy *)(void *)mhp->ext[SADB_X_EXT_POLICY];
2211 ipsecifopts = (struct sadb_x_ipsecif *)(void *)mhp->ext[SADB_X_EXT_IPSECIF];
2212
2213 /* check addresses */
2214 address_family = ((struct sockaddr *)(src0 + 1))->sa_family;
2215 address_len = ((struct sockaddr *)(src0 + 1))->sa_len;
2216 if (use_src_range) {
2217 if (((struct sockaddr *)(src1+ 1))->sa_family != address_family ||
2218 ((struct sockaddr *)(src1+ 1))->sa_len != address_len) {
2219 return key_senderror(so, m, EINVAL);
2220 }
2221 }
2222 if (((struct sockaddr *)(dst0+ 1))->sa_family != address_family ||
2223 ((struct sockaddr *)(dst0+ 1))->sa_len != address_len) {
2224 return key_senderror(so, m, EINVAL);
2225 }
2226 if (use_dst_range) {
2227 if (((struct sockaddr *)(dst1+ 1))->sa_family != address_family ||
2228 ((struct sockaddr *)(dst1+ 1))->sa_len != address_len) {
2229 return key_senderror(so, m, EINVAL);
2230 }
2231 }
2232
2233 /* checking the direction. */
2234 switch (xpl0->sadb_x_policy_dir) {
2235 case IPSEC_DIR_INBOUND:
2236 case IPSEC_DIR_OUTBOUND:
2237 break;
2238 default:
2239 ipseclog((LOG_DEBUG, "key_spdadd: Invalid SP direction.\n"));
2240 mhp->msg->sadb_msg_errno = EINVAL;
2241 return 0;
2242 }
2243
2244 /* check policy */
2245 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
2246 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST
2247 || xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
2248 ipseclog((LOG_DEBUG, "key_spdadd: Invalid policy type.\n"));
2249 return key_senderror(so, m, EINVAL);
2250 }
2251
2252 /* policy requests are mandatory when action is ipsec. */
2253 if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX
2254 && xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC
2255 && mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
2256 ipseclog((LOG_DEBUG, "key_spdadd: some policy requests part required.\n"));
2257 return key_senderror(so, m, EINVAL);
2258 }
2259
2260 /* Process interfaces */
2261 if (ipsecifopts != NULL) {
2262 if (ipsecifopts->sadb_x_ipsecif_internal_if[0]) {
2263 ifnet_find_by_name(ipsecifopts->sadb_x_ipsecif_internal_if, &internal_if);
2264 }
2265 if (ipsecifopts->sadb_x_ipsecif_outgoing_if[0]) {
2266 outgoing_if = ipsecifopts->sadb_x_ipsecif_outgoing_if;
2267 }
2268 if (ipsecifopts->sadb_x_ipsecif_ipsec_if[0]) {
2269 ipsec_if = ipsecifopts->sadb_x_ipsecif_ipsec_if;
2270 }
2271 init_disabled = ipsecifopts->sadb_x_ipsecif_init_disabled;
2272 }
2273
2274 /* make secindex */
2275 /* XXX boundary check against sa_len */
2276 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
2277 src0 + 1,
2278 dst0 + 1,
2279 src0->sadb_address_prefixlen,
2280 dst0->sadb_address_prefixlen,
2281 src0->sadb_address_proto,
2282 internal_if,
2283 use_src_range ? src0 + 1 : NULL,
2284 use_src_range ? src1 + 1 : NULL,
2285 use_dst_range ? dst0 + 1 : NULL,
2286 use_dst_range ? dst1 + 1 : NULL,
2287 &spidx);
2288
2289 /*
2290 * checking there is SP already or not.
2291 * SPDUPDATE doesn't depend on whether there is a SP or not.
2292 * If the type is either SPDADD or SPDSETIDX AND a SP is found,
2293 * then error.
2294 */
2295 lck_mtx_lock(sadb_mutex);
2296 newsp = key_getsp(&spidx);
2297 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
2298 if (newsp) {
2299 newsp->state = IPSEC_SPSTATE_DEAD;
2300 key_freesp(newsp, KEY_SADB_LOCKED);
2301 }
2302 } else {
2303 if (newsp != NULL) {
2304 key_freesp(newsp, KEY_SADB_LOCKED);
2305 ipseclog((LOG_DEBUG, "key_spdadd: a SP entry exists already.\n"));
2306 lck_mtx_unlock(sadb_mutex);
2307 if (internal_if) {
2308 ifnet_release(internal_if);
2309 internal_if = NULL;
2310 }
2311 return key_senderror(so, m, EEXIST);
2312 }
2313 }
2314 lck_mtx_unlock(sadb_mutex);
2315
2316 /* allocation new SP entry */
2317 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
2318 if (internal_if) {
2319 ifnet_release(internal_if);
2320 internal_if = NULL;
2321 }
2322 return key_senderror(so, m, error);
2323 }
2324
2325 if ((newsp->id = key_getnewspid()) == 0) {
2326 keydb_delsecpolicy(newsp);
2327 if (internal_if) {
2328 ifnet_release(internal_if);
2329 internal_if = NULL;
2330 }
2331 return key_senderror(so, m, ENOBUFS);
2332 }
2333
2334 /* XXX boundary check against sa_len */
2335 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
2336 src0 + 1,
2337 dst0 + 1,
2338 src0->sadb_address_prefixlen,
2339 dst0->sadb_address_prefixlen,
2340 src0->sadb_address_proto,
2341 internal_if,
2342 use_src_range ? src0 + 1 : NULL,
2343 use_src_range ? src1 + 1 : NULL,
2344 use_dst_range ? dst0 + 1 : NULL,
2345 use_dst_range ? dst1 + 1 : NULL,
2346 &newsp->spidx);
2347
2348 #if 1
2349 /*
2350 * allow IPv6 over IPv4 or IPv4 over IPv6 tunnels using ESP -
2351 * otherwise reject if inner and outer address families not equal
2352 */
2353 if (newsp->req && newsp->req->saidx.src.ss_family) {
2354 struct sockaddr *sa;
2355 sa = (struct sockaddr *)(src0 + 1);
2356 if (sa->sa_family != newsp->req->saidx.src.ss_family) {
2357 if (newsp->req->saidx.mode != IPSEC_MODE_TUNNEL || newsp->req->saidx.proto != IPPROTO_ESP) {
2358 keydb_delsecpolicy(newsp);
2359 if (internal_if) {
2360 ifnet_release(internal_if);
2361 internal_if = NULL;
2362 }
2363 return key_senderror(so, m, EINVAL);
2364 }
2365 }
2366 }
2367 if (newsp->req && newsp->req->saidx.dst.ss_family) {
2368 struct sockaddr *sa;
2369 sa = (struct sockaddr *)(dst0 + 1);
2370 if (sa->sa_family != newsp->req->saidx.dst.ss_family) {
2371 if (newsp->req->saidx.mode != IPSEC_MODE_TUNNEL || newsp->req->saidx.proto != IPPROTO_ESP) {
2372 keydb_delsecpolicy(newsp);
2373 if (internal_if) {
2374 ifnet_release(internal_if);
2375 internal_if = NULL;
2376 }
2377 return key_senderror(so, m, EINVAL);
2378 }
2379 }
2380 }
2381 #endif
2382
2383 microtime(&tv);
2384 newsp->created = tv.tv_sec;
2385 newsp->lastused = tv.tv_sec;
2386 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
2387 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
2388
2389 if (outgoing_if != NULL) {
2390 ifnet_find_by_name(outgoing_if, &newsp->outgoing_if);
2391 }
2392 if (ipsec_if != NULL) {
2393 ifnet_find_by_name(ipsec_if, &newsp->ipsec_if);
2394 }
2395 if (init_disabled > 0) {
2396 newsp->disabled = 1;
2397 }
2398
2399 newsp->refcnt = 1; /* do not reclaim until I say I do */
2400 newsp->state = IPSEC_SPSTATE_ALIVE;
2401 lck_mtx_lock(sadb_mutex);
2402 /*
2403 * policies of type generate should be at the end of the SPD
2404 * because they function as default discard policies
2405 * Don't start timehandler for generate policies
2406 */
2407 if (newsp->policy == IPSEC_POLICY_GENERATE)
2408 LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain);
2409 else { /* XXX until we have policy ordering in the kernel */
2410 struct secpolicy *tmpsp;
2411
2412 LIST_FOREACH(tmpsp, &sptree[newsp->spidx.dir], chain)
2413 if (tmpsp->policy == IPSEC_POLICY_GENERATE)
2414 break;
2415 if (tmpsp)
2416 LIST_INSERT_BEFORE(tmpsp, newsp, chain);
2417 else
2418 LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain);
2419 key_start_timehandler();
2420 }
2421
2422 ipsec_policy_count++;
2423 /* Turn off the ipsec bypass */
2424 if (ipsec_bypass != 0)
2425 ipsec_bypass = 0;
2426
2427 /* delete the entry in spacqtree */
2428 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
2429 struct secspacq *spacq;
2430 if ((spacq = key_getspacq(&spidx)) != NULL) {
2431 /* reset counter in order to deletion by timehandler. */
2432 microtime(&tv);
2433 spacq->created = tv.tv_sec;
2434 spacq->count = 0;
2435 }
2436 }
2437 lck_mtx_unlock(sadb_mutex);
2438
2439 {
2440 struct mbuf *n, *mpolicy;
2441 struct sadb_msg *newmsg;
2442 int off;
2443
2444 /* create new sadb_msg to reply. */
2445 if (lft) {
2446 int mbufItems[] = {SADB_EXT_RESERVED, SADB_X_EXT_POLICY,
2447 SADB_EXT_LIFETIME_HARD, SADB_EXT_ADDRESS_SRC,
2448 SADB_EXT_ADDRESS_DST, SADB_X_EXT_ADDR_RANGE_SRC_START, SADB_X_EXT_ADDR_RANGE_SRC_END,
2449 SADB_X_EXT_ADDR_RANGE_DST_START, SADB_X_EXT_ADDR_RANGE_DST_END};
2450 n = key_gather_mbuf(m, mhp, 2, sizeof(mbufItems)/sizeof(int), mbufItems);
2451 } else {
2452 int mbufItems[] = {SADB_EXT_RESERVED, SADB_X_EXT_POLICY,
2453 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
2454 SADB_X_EXT_ADDR_RANGE_SRC_START, SADB_X_EXT_ADDR_RANGE_SRC_END,
2455 SADB_X_EXT_ADDR_RANGE_DST_START, SADB_X_EXT_ADDR_RANGE_DST_END};
2456 n = key_gather_mbuf(m, mhp, 2, sizeof(mbufItems)/sizeof(int), mbufItems);
2457 }
2458 if (!n)
2459 return key_senderror(so, m, ENOBUFS);
2460
2461 if (n->m_len < sizeof(*newmsg)) {
2462 n = m_pullup(n, sizeof(*newmsg));
2463 if (!n)
2464 return key_senderror(so, m, ENOBUFS);
2465 }
2466 newmsg = mtod(n, struct sadb_msg *);
2467 newmsg->sadb_msg_errno = 0;
2468 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2469
2470 off = 0;
2471 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
2472 sizeof(*xpl), &off);
2473 if (mpolicy == NULL) {
2474 /* n is already freed */
2475 return key_senderror(so, m, ENOBUFS);
2476 }
2477 xpl = (struct sadb_x_policy *)(void *)(mtod(mpolicy, caddr_t) + off);
2478 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
2479 m_freem(n);
2480 return key_senderror(so, m, EINVAL);
2481 }
2482 xpl->sadb_x_policy_id = newsp->id;
2483
2484 m_freem(m);
2485 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2486 }
2487 }
2488
2489 /*
2490 * get new policy id.
2491 * OUT:
2492 * 0: failure.
2493 * others: success.
2494 */
2495 static u_int32_t
2496 key_getnewspid(void)
2497 {
2498 u_int32_t newid = 0;
2499 int count = key_spi_trycnt; /* XXX */
2500 struct secpolicy *sp;
2501
2502 /* when requesting to allocate spi ranged */
2503 lck_mtx_lock(sadb_mutex);
2504 while (count--) {
2505 newid = (policy_id = (policy_id == ~0 ? 1 : policy_id + 1));
2506
2507 if ((sp = __key_getspbyid(newid)) == NULL)
2508 break;
2509
2510 key_freesp(sp, KEY_SADB_LOCKED);
2511 }
2512 lck_mtx_unlock(sadb_mutex);
2513 if (count == 0 || newid == 0) {
2514 ipseclog((LOG_DEBUG, "key_getnewspid: to allocate policy id is failed.\n"));
2515 return 0;
2516 }
2517
2518 return newid;
2519 }
2520
2521 /*
2522 * SADB_SPDDELETE processing
2523 * receive
2524 * <base, address(SD), policy(*)>
2525 * from the user(?), and set SADB_SASTATE_DEAD,
2526 * and send,
2527 * <base, address(SD), policy(*)>
2528 * to the ikmpd.
2529 * policy(*) including direction of policy.
2530 *
2531 * m will always be freed.
2532 */
2533 static int
2534 key_spddelete(
2535 struct socket *so,
2536 struct mbuf *m,
2537 const struct sadb_msghdr *mhp)
2538 {
2539 struct sadb_address *src0, *dst0, *src1, *dst1;
2540 struct sadb_x_policy *xpl0;
2541 struct secpolicyindex spidx;
2542 struct secpolicy *sp;
2543 ifnet_t internal_if = NULL;
2544 struct sadb_x_ipsecif *ipsecifopts = NULL;
2545 int use_src_range = 0;
2546 int use_dst_range = 0;
2547
2548 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2549
2550 /* sanity check */
2551 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2552 panic("key_spddelete: NULL pointer is passed.\n");
2553
2554 if (mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_START] != NULL && mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_END] != NULL) {
2555 use_src_range = 1;
2556 }
2557 if (mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_START] != NULL && mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_END] != NULL) {
2558 use_dst_range = 1;
2559 }
2560
2561 if ((!use_src_range && mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL) ||
2562 (!use_dst_range && mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) ||
2563 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
2564 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
2565 return key_senderror(so, m, EINVAL);
2566 }
2567 if ((use_src_range && (mhp->extlen[SADB_X_EXT_ADDR_RANGE_SRC_START] < sizeof(struct sadb_address)
2568 || mhp->extlen[SADB_X_EXT_ADDR_RANGE_SRC_END] < sizeof(struct sadb_address))) ||
2569 (!use_src_range && mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address)) ||
2570 (use_dst_range && (mhp->extlen[SADB_X_EXT_ADDR_RANGE_DST_START] < sizeof(struct sadb_address)
2571 || mhp->extlen[SADB_X_EXT_ADDR_RANGE_DST_END] < sizeof(struct sadb_address))) ||
2572 (!use_dst_range && mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) ||
2573 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2574 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
2575 return key_senderror(so, m, EINVAL);
2576 }
2577
2578 if (use_src_range) {
2579 src0 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_START];
2580 src1 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_END];
2581 } else {
2582 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
2583 }
2584 if (use_dst_range) {
2585 dst0 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_START];
2586 dst1 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_END];
2587 } else {
2588 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
2589 }
2590 xpl0 = (struct sadb_x_policy *)(void *)mhp->ext[SADB_X_EXT_POLICY];
2591 ipsecifopts = (struct sadb_x_ipsecif *)(void *)mhp->ext[SADB_X_EXT_IPSECIF];
2592
2593 /* checking the direction. */
2594 switch (xpl0->sadb_x_policy_dir) {
2595 case IPSEC_DIR_INBOUND:
2596 case IPSEC_DIR_OUTBOUND:
2597 break;
2598 default:
2599 ipseclog((LOG_DEBUG, "key_spddelete: Invalid SP direction.\n"));
2600 return key_senderror(so, m, EINVAL);
2601 }
2602
2603 /* Process interfaces */
2604 if (ipsecifopts != NULL) {
2605 if (ipsecifopts->sadb_x_ipsecif_internal_if[0]) {
2606 ifnet_find_by_name(ipsecifopts->sadb_x_ipsecif_internal_if, &internal_if);
2607 }
2608 }
2609
2610 /* make secindex */
2611 /* XXX boundary check against sa_len */
2612 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
2613 src0 + 1,
2614 dst0 + 1,
2615 src0->sadb_address_prefixlen,
2616 dst0->sadb_address_prefixlen,
2617 src0->sadb_address_proto,
2618 internal_if,
2619 use_src_range ? src0 + 1 : NULL,
2620 use_src_range ? src1 + 1 : NULL,
2621 use_dst_range ? dst0 + 1 : NULL,
2622 use_dst_range ? dst1 + 1 : NULL,
2623 &spidx);
2624
2625 /* Is there SP in SPD ? */
2626 lck_mtx_lock(sadb_mutex);
2627 if ((sp = key_getsp(&spidx)) == NULL) {
2628 ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n"));
2629 lck_mtx_unlock(sadb_mutex);
2630 if (internal_if) {
2631 ifnet_release(internal_if);
2632 internal_if = NULL;
2633 }
2634 return key_senderror(so, m, EINVAL);
2635 }
2636
2637 if (internal_if) {
2638 ifnet_release(internal_if);
2639 internal_if = NULL;
2640 }
2641
2642 /* save policy id to buffer to be returned. */
2643 xpl0->sadb_x_policy_id = sp->id;
2644
2645 sp->state = IPSEC_SPSTATE_DEAD;
2646 key_freesp(sp, KEY_SADB_LOCKED);
2647 lck_mtx_unlock(sadb_mutex);
2648
2649
2650 {
2651 struct mbuf *n;
2652 struct sadb_msg *newmsg;
2653 int mbufItems[] = {SADB_EXT_RESERVED, SADB_X_EXT_POLICY,
2654 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
2655 SADB_X_EXT_ADDR_RANGE_SRC_START, SADB_X_EXT_ADDR_RANGE_SRC_END,
2656 SADB_X_EXT_ADDR_RANGE_DST_START, SADB_X_EXT_ADDR_RANGE_DST_END};
2657
2658 /* create new sadb_msg to reply. */
2659 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
2660 if (!n)
2661 return key_senderror(so, m, ENOBUFS);
2662
2663 newmsg = mtod(n, struct sadb_msg *);
2664 newmsg->sadb_msg_errno = 0;
2665 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2666
2667 m_freem(m);
2668 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2669 }
2670 }
2671
2672 /*
2673 * SADB_SPDDELETE2 processing
2674 * receive
2675 * <base, policy(*)>
2676 * from the user(?), and set SADB_SASTATE_DEAD,
2677 * and send,
2678 * <base, policy(*)>
2679 * to the ikmpd.
2680 * policy(*) including direction of policy.
2681 *
2682 * m will always be freed.
2683 */
2684 static int
2685 key_spddelete2(
2686 struct socket *so,
2687 struct mbuf *m,
2688 const struct sadb_msghdr *mhp)
2689 {
2690 u_int32_t id;
2691 struct secpolicy *sp;
2692
2693 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2694
2695 /* sanity check */
2696 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2697 panic("key_spddelete2: NULL pointer is passed.\n");
2698
2699 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2700 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2701 ipseclog((LOG_DEBUG, "key_spddelete2: invalid message is passed.\n"));
2702 key_senderror(so, m, EINVAL);
2703 return 0;
2704 }
2705
2706 id = ((struct sadb_x_policy *)
2707 (void *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2708
2709 /* Is there SP in SPD ? */
2710 lck_mtx_lock(sadb_mutex);
2711 if ((sp = __key_getspbyid(id)) == NULL) {
2712 lck_mtx_unlock(sadb_mutex);
2713 ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n", id));
2714 return key_senderror(so, m, EINVAL);
2715 }
2716
2717 sp->state = IPSEC_SPSTATE_DEAD;
2718 key_freesp(sp, KEY_SADB_LOCKED);
2719 lck_mtx_unlock(sadb_mutex);
2720
2721 {
2722 struct mbuf *n, *nn;
2723 struct sadb_msg *newmsg;
2724 int off, len;
2725
2726 /* create new sadb_msg to reply. */
2727 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2728
2729 if (len > MCLBYTES)
2730 return key_senderror(so, m, ENOBUFS);
2731 MGETHDR(n, M_WAITOK, MT_DATA);
2732 if (n && len > MHLEN) {
2733 MCLGET(n, M_WAITOK);
2734 if ((n->m_flags & M_EXT) == 0) {
2735 m_freem(n);
2736 n = NULL;
2737 }
2738 }
2739 if (!n)
2740 return key_senderror(so, m, ENOBUFS);
2741
2742 n->m_len = len;
2743 n->m_next = NULL;
2744 off = 0;
2745
2746 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
2747 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
2748
2749 #if DIAGNOSTIC
2750 if (off != len)
2751 panic("length inconsistency in key_spddelete2");
2752 #endif
2753
2754 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
2755 mhp->extlen[SADB_X_EXT_POLICY], M_WAITOK);
2756 if (!n->m_next) {
2757 m_freem(n);
2758 return key_senderror(so, m, ENOBUFS);
2759 }
2760
2761 n->m_pkthdr.len = 0;
2762 for (nn = n; nn; nn = nn->m_next)
2763 n->m_pkthdr.len += nn->m_len;
2764
2765 newmsg = mtod(n, struct sadb_msg *);
2766 newmsg->sadb_msg_errno = 0;
2767 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2768
2769 m_freem(m);
2770 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2771 }
2772 }
2773
2774 static int
2775 key_spdenable(
2776 struct socket *so,
2777 struct mbuf *m,
2778 const struct sadb_msghdr *mhp)
2779 {
2780 u_int32_t id;
2781 struct secpolicy *sp;
2782
2783 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2784
2785 /* sanity check */
2786 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2787 panic("key_spdenable: NULL pointer is passed.\n");
2788
2789 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2790 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2791 ipseclog((LOG_DEBUG, "key_spdenable: invalid message is passed.\n"));
2792 key_senderror(so, m, EINVAL);
2793 return 0;
2794 }
2795
2796 id = ((struct sadb_x_policy *)
2797 (void *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2798
2799 /* Is there SP in SPD ? */
2800 lck_mtx_lock(sadb_mutex);
2801 if ((sp = __key_getspbyid(id)) == NULL) {
2802 lck_mtx_unlock(sadb_mutex);
2803 ipseclog((LOG_DEBUG, "key_spdenable: no SP found id:%u.\n", id));
2804 return key_senderror(so, m, EINVAL);
2805 }
2806
2807 sp->disabled = 0;
2808 lck_mtx_unlock(sadb_mutex);
2809
2810 {
2811 struct mbuf *n;
2812 struct sadb_msg *newmsg;
2813 int mbufItems[] = {SADB_EXT_RESERVED, SADB_X_EXT_POLICY};
2814
2815 /* create new sadb_msg to reply. */
2816 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
2817 if (!n)
2818 return key_senderror(so, m, ENOBUFS);
2819
2820 if (n->m_len < sizeof(struct sadb_msg)) {
2821 n = m_pullup(n, sizeof(struct sadb_msg));
2822 if (n == NULL)
2823 return key_senderror(so, m, ENOBUFS);
2824 }
2825 newmsg = mtod(n, struct sadb_msg *);
2826 newmsg->sadb_msg_errno = 0;
2827 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2828
2829 m_freem(m);
2830 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2831 }
2832 }
2833
2834 static int
2835 key_spddisable(
2836 struct socket *so,
2837 struct mbuf *m,
2838 const struct sadb_msghdr *mhp)
2839 {
2840 u_int32_t id;
2841 struct secpolicy *sp;
2842
2843 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2844
2845 /* sanity check */
2846 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2847 panic("key_spddisable: NULL pointer is passed.\n");
2848
2849 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2850 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2851 ipseclog((LOG_DEBUG, "key_spddisable: invalid message is passed.\n"));
2852 key_senderror(so, m, EINVAL);
2853 return 0;
2854 }
2855
2856 id = ((struct sadb_x_policy *)
2857 (void *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2858
2859 /* Is there SP in SPD ? */
2860 lck_mtx_lock(sadb_mutex);
2861 if ((sp = __key_getspbyid(id)) == NULL) {
2862 lck_mtx_unlock(sadb_mutex);
2863 ipseclog((LOG_DEBUG, "key_spddisable: no SP found id:%u.\n", id));
2864 return key_senderror(so, m, EINVAL);
2865 }
2866
2867 sp->disabled = 1;
2868 lck_mtx_unlock(sadb_mutex);
2869
2870 {
2871 struct mbuf *n;
2872 struct sadb_msg *newmsg;
2873 int mbufItems[] = {SADB_EXT_RESERVED, SADB_X_EXT_POLICY};
2874
2875 /* create new sadb_msg to reply. */
2876 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
2877 if (!n)
2878 return key_senderror(so, m, ENOBUFS);
2879
2880 if (n->m_len < sizeof(struct sadb_msg)) {
2881 n = m_pullup(n, sizeof(struct sadb_msg));
2882 if (n == NULL)
2883 return key_senderror(so, m, ENOBUFS);
2884 }
2885 newmsg = mtod(n, struct sadb_msg *);
2886 newmsg->sadb_msg_errno = 0;
2887 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2888
2889 m_freem(m);
2890 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2891 }
2892 }
2893
2894 /*
2895 * SADB_X_GET processing
2896 * receive
2897 * <base, policy(*)>
2898 * from the user(?),
2899 * and send,
2900 * <base, address(SD), policy>
2901 * to the ikmpd.
2902 * policy(*) including direction of policy.
2903 *
2904 * m will always be freed.
2905 */
2906 static int
2907 key_spdget(
2908 struct socket *so,
2909 struct mbuf *m,
2910 const struct sadb_msghdr *mhp)
2911 {
2912 u_int32_t id;
2913 struct secpolicy *sp;
2914 struct mbuf *n;
2915
2916 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2917
2918 /* sanity check */
2919 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2920 panic("key_spdget: NULL pointer is passed.\n");
2921
2922 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2923 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2924 ipseclog((LOG_DEBUG, "key_spdget: invalid message is passed.\n"));
2925 return key_senderror(so, m, EINVAL);
2926 }
2927
2928 id = ((struct sadb_x_policy *)
2929 (void *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2930
2931 /* Is there SP in SPD ? */
2932 lck_mtx_lock(sadb_mutex);
2933 if ((sp = __key_getspbyid(id)) == NULL) {
2934 ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n", id));
2935 lck_mtx_unlock(sadb_mutex);
2936 return key_senderror(so, m, ENOENT);
2937 }
2938 lck_mtx_unlock(sadb_mutex);
2939 n = key_setdumpsp(sp, SADB_X_SPDGET, 0, mhp->msg->sadb_msg_pid);
2940 if (n != NULL) {
2941 m_freem(m);
2942 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
2943 } else
2944 return key_senderror(so, m, ENOBUFS);
2945 }
2946
2947 /*
2948 * SADB_X_SPDACQUIRE processing.
2949 * Acquire policy and SA(s) for a *OUTBOUND* packet.
2950 * send
2951 * <base, policy(*)>
2952 * to KMD, and expect to receive
2953 * <base> with SADB_X_SPDACQUIRE if error occurred,
2954 * or
2955 * <base, policy>
2956 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
2957 * policy(*) is without policy requests.
2958 *
2959 * 0 : succeed
2960 * others: error number
2961 */
2962 int
2963 key_spdacquire(
2964 struct secpolicy *sp)
2965 {
2966 struct mbuf *result = NULL, *m;
2967 struct secspacq *newspacq;
2968 int error;
2969
2970 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2971
2972 /* sanity check */
2973 if (sp == NULL)
2974 panic("key_spdacquire: NULL pointer is passed.\n");
2975 if (sp->req != NULL)
2976 panic("key_spdacquire: called but there is request.\n");
2977 if (sp->policy != IPSEC_POLICY_IPSEC)
2978 panic("key_spdacquire: policy mismathed. IPsec is expected.\n");
2979
2980 /* get a entry to check whether sent message or not. */
2981 lck_mtx_lock(sadb_mutex);
2982 if ((newspacq = key_getspacq(&sp->spidx)) != NULL) {
2983 if (key_blockacq_count < newspacq->count) {
2984 /* reset counter and do send message. */
2985 newspacq->count = 0;
2986 } else {
2987 /* increment counter and do nothing. */
2988 newspacq->count++;
2989 lck_mtx_unlock(sadb_mutex);
2990 return 0;
2991 }
2992 } else {
2993 /* make new entry for blocking to send SADB_ACQUIRE. */
2994 if ((newspacq = key_newspacq(&sp->spidx)) == NULL) {
2995 lck_mtx_unlock(sadb_mutex);
2996 return ENOBUFS;
2997 }
2998 /* add to acqtree */
2999 LIST_INSERT_HEAD(&spacqtree, newspacq, chain);
3000 key_start_timehandler();
3001 }
3002 lck_mtx_unlock(sadb_mutex);
3003 /* create new sadb_msg to reply. */
3004 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
3005 if (!m) {
3006 error = ENOBUFS;
3007 goto fail;
3008 }
3009 result = m;
3010
3011 result->m_pkthdr.len = 0;
3012 for (m = result; m; m = m->m_next)
3013 result->m_pkthdr.len += m->m_len;
3014
3015 mtod(result, struct sadb_msg *)->sadb_msg_len =
3016 PFKEY_UNIT64(result->m_pkthdr.len);
3017
3018 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED);
3019
3020 fail:
3021 if (result)
3022 m_freem(result);
3023 return error;
3024 }
3025
3026 /*
3027 * SADB_SPDFLUSH processing
3028 * receive
3029 * <base>
3030 * from the user, and free all entries in secpctree.
3031 * and send,
3032 * <base>
3033 * to the user.
3034 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
3035 *
3036 * m will always be freed.
3037 */
3038 static int
3039 key_spdflush(
3040 struct socket *so,
3041 struct mbuf *m,
3042 const struct sadb_msghdr *mhp)
3043 {
3044 struct sadb_msg *newmsg;
3045 struct secpolicy *sp;
3046 u_int dir;
3047
3048 /* sanity check */
3049 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
3050 panic("key_spdflush: NULL pointer is passed.\n");
3051
3052 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
3053 return key_senderror(so, m, EINVAL);
3054
3055 lck_mtx_lock(sadb_mutex);
3056 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
3057 LIST_FOREACH(sp, &sptree[dir], chain) {
3058 sp->state = IPSEC_SPSTATE_DEAD;
3059 }
3060 }
3061 lck_mtx_unlock(sadb_mutex);
3062
3063 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
3064 ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n"));
3065 return key_senderror(so, m, ENOBUFS);
3066 }
3067
3068 if (m->m_next)
3069 m_freem(m->m_next);
3070 m->m_next = NULL;
3071 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
3072 newmsg = mtod(m, struct sadb_msg *);
3073 newmsg->sadb_msg_errno = 0;
3074 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
3075
3076 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
3077 }
3078
3079 /*
3080 * SADB_SPDDUMP processing
3081 * receive
3082 * <base>
3083 * from the user, and dump all SP leaves
3084 * and send,
3085 * <base> .....
3086 * to the ikmpd.
3087 *
3088 * m will always be freed.
3089 */
3090
3091 static int
3092 key_spddump(
3093 struct socket *so,
3094 struct mbuf *m,
3095 const struct sadb_msghdr *mhp)
3096 {
3097 struct secpolicy *sp, **spbuf = NULL, **sp_ptr;
3098 int cnt = 0, bufcount;
3099 u_int dir;
3100 struct mbuf *n;
3101 int error = 0;
3102
3103 /* sanity check */
3104 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
3105 panic("key_spddump: NULL pointer is passed.\n");
3106
3107 if ((bufcount = ipsec_policy_count) == 0) {
3108 error = ENOENT;
3109 goto end;
3110 }
3111 bufcount += 256; /* extra */
3112 KMALLOC_WAIT(spbuf, struct secpolicy**, bufcount * sizeof(struct secpolicy*));
3113 if (spbuf == NULL) {
3114 ipseclog((LOG_DEBUG, "key_spddump: No more memory.\n"));
3115 error = ENOMEM;
3116 goto end;
3117 }
3118 lck_mtx_lock(sadb_mutex);
3119 /* search SPD entry, make list. */
3120 sp_ptr = spbuf;
3121 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
3122 LIST_FOREACH(sp, &sptree[dir], chain) {
3123 if (cnt == bufcount)
3124 break; /* buffer full */
3125 *sp_ptr++ = sp;
3126 sp->refcnt++;
3127 cnt++;
3128 }
3129 }
3130 lck_mtx_unlock(sadb_mutex);
3131
3132 if (cnt == 0) {
3133 error = ENOENT;
3134 goto end;
3135 }
3136
3137 sp_ptr = spbuf;
3138 while (cnt) {
3139 --cnt;
3140 n = key_setdumpsp(*sp_ptr++, SADB_X_SPDDUMP, cnt,
3141 mhp->msg->sadb_msg_pid);
3142
3143 if (n)
3144 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
3145 }
3146
3147 lck_mtx_lock(sadb_mutex);
3148 while (sp_ptr > spbuf)
3149 key_freesp(*(--sp_ptr), KEY_SADB_LOCKED);
3150 lck_mtx_unlock(sadb_mutex);
3151
3152 end:
3153 if (spbuf)
3154 KFREE(spbuf);
3155 if (error)
3156 return key_senderror(so, m, error);
3157
3158 m_freem(m);
3159 return 0;
3160
3161 }
3162
3163 static struct mbuf *
3164 key_setdumpsp(
3165 struct secpolicy *sp,
3166 u_int8_t type,
3167 u_int32_t seq,
3168 u_int32_t pid)
3169 {
3170 struct mbuf *result = NULL, *m;
3171
3172 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
3173 if (!m)
3174 goto fail;
3175 result = m;
3176
3177 if (sp->spidx.src_range.start.ss_len > 0) {
3178 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_START,
3179 (struct sockaddr *)&sp->spidx.src_range.start, sp->spidx.prefs,
3180 sp->spidx.ul_proto);
3181 if (!m)
3182 goto fail;
3183 m_cat(result, m);
3184
3185 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_END,
3186 (struct sockaddr *)&sp->spidx.src_range.end, sp->spidx.prefs,
3187 sp->spidx.ul_proto);
3188 if (!m)
3189 goto fail;
3190 m_cat(result, m);
3191 } else {
3192 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3193 (struct sockaddr *)&sp->spidx.src, sp->spidx.prefs,
3194 sp->spidx.ul_proto);
3195 if (!m)
3196 goto fail;
3197 m_cat(result, m);
3198 }
3199
3200 if (sp->spidx.dst_range.start.ss_len > 0) {
3201 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_START,
3202 (struct sockaddr *)&sp->spidx.dst_range.start, sp->spidx.prefd,
3203 sp->spidx.ul_proto);
3204 if (!m)
3205 goto fail;
3206 m_cat(result, m);
3207
3208 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_END,
3209 (struct sockaddr *)&sp->spidx.dst_range.end, sp->spidx.prefd,
3210 sp->spidx.ul_proto);
3211 if (!m)
3212 goto fail;
3213 m_cat(result, m);
3214 } else {
3215 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3216 (struct sockaddr *)&sp->spidx.dst, sp->spidx.prefd,
3217 sp->spidx.ul_proto);
3218 if (!m)
3219 goto fail;
3220 m_cat(result, m);
3221 }
3222
3223 if (sp->spidx.internal_if || sp->outgoing_if || sp->ipsec_if || sp->disabled) {
3224 m = key_setsadbipsecif(sp->spidx.internal_if, sp->outgoing_if, sp->ipsec_if, sp->disabled);
3225 if (!m)
3226 goto fail;
3227 m_cat(result, m);
3228 }
3229
3230 m = key_sp2msg(sp);
3231 if (!m)
3232 goto fail;
3233 m_cat(result, m);
3234
3235 if ((result->m_flags & M_PKTHDR) == 0)
3236 goto fail;
3237
3238 if (result->m_len < sizeof(struct sadb_msg)) {
3239 result = m_pullup(result, sizeof(struct sadb_msg));
3240 if (result == NULL)
3241 goto fail;
3242 }
3243
3244 result->m_pkthdr.len = 0;
3245 for (m = result; m; m = m->m_next)
3246 result->m_pkthdr.len += m->m_len;
3247
3248 mtod(result, struct sadb_msg *)->sadb_msg_len =
3249 PFKEY_UNIT64(result->m_pkthdr.len);
3250
3251 return result;
3252
3253 fail:
3254 m_freem(result);
3255 return NULL;
3256 }
3257
3258 /*
3259 * get PFKEY message length for security policy and request.
3260 */
3261 static u_int
3262 key_getspreqmsglen(
3263 struct secpolicy *sp)
3264 {
3265 u_int tlen;
3266
3267 tlen = sizeof(struct sadb_x_policy);
3268
3269 /* if is the policy for ipsec ? */
3270 if (sp->policy != IPSEC_POLICY_IPSEC)
3271 return tlen;
3272
3273 /* get length of ipsec requests */
3274 {
3275 struct ipsecrequest *isr;
3276 int len;
3277
3278 for (isr = sp->req; isr != NULL; isr = isr->next) {
3279 len = sizeof(struct sadb_x_ipsecrequest)
3280 + isr->saidx.src.ss_len
3281 + isr->saidx.dst.ss_len;
3282
3283 tlen += PFKEY_ALIGN8(len);
3284 }
3285 }
3286
3287 return tlen;
3288 }
3289
3290 /*
3291 * SADB_SPDEXPIRE processing
3292 * send
3293 * <base, address(SD), lifetime(CH), policy>
3294 * to KMD by PF_KEY.
3295 *
3296 * OUT: 0 : succeed
3297 * others : error number
3298 */
3299 static int
3300 key_spdexpire(
3301 struct secpolicy *sp)
3302 {
3303 struct mbuf *result = NULL, *m;
3304 int len;
3305 int error = EINVAL;
3306 struct sadb_lifetime *lt;
3307
3308 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
3309
3310 /* sanity check */
3311 if (sp == NULL)
3312 panic("key_spdexpire: NULL pointer is passed.\n");
3313
3314 /* set msg header */
3315 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
3316 if (!m) {
3317 error = ENOBUFS;
3318 goto fail;
3319 }
3320 result = m;
3321
3322 /* create lifetime extension (current and hard) */
3323 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
3324 m = key_alloc_mbuf(len);
3325 if (!m || m->m_next) { /*XXX*/
3326 if (m)
3327 m_freem(m);
3328 error = ENOBUFS;
3329 goto fail;
3330 }
3331 bzero(mtod(m, caddr_t), len);
3332 lt = mtod(m, struct sadb_lifetime *);
3333 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3334 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
3335 lt->sadb_lifetime_allocations = 0;
3336 lt->sadb_lifetime_bytes = 0;
3337 lt->sadb_lifetime_addtime = sp->created;
3338 lt->sadb_lifetime_usetime = sp->lastused;
3339 lt = (struct sadb_lifetime *)(void *)(mtod(m, caddr_t) + len / 2);
3340 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3341 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
3342 lt->sadb_lifetime_allocations = 0;
3343 lt->sadb_lifetime_bytes = 0;
3344 lt->sadb_lifetime_addtime = sp->lifetime;
3345 lt->sadb_lifetime_usetime = sp->validtime;
3346 m_cat(result, m);
3347
3348 /* set sadb_address(es) for source */
3349 if (sp->spidx.src_range.start.ss_len > 0) {
3350 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_START,
3351 (struct sockaddr *)&sp->spidx.src_range.start, sp->spidx.prefs,
3352 sp->spidx.ul_proto);
3353 if (!m) {
3354 error = ENOBUFS;
3355 goto fail;
3356 }
3357 m_cat(result, m);
3358
3359 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_END,
3360 (struct sockaddr *)&sp->spidx.src_range.end, sp->spidx.prefs,
3361 sp->spidx.ul_proto);
3362 if (!m) {
3363 error = ENOBUFS;
3364 goto fail;
3365 }
3366 m_cat(result, m);
3367 } else {
3368 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3369 (struct sockaddr *)&sp->spidx.src, sp->spidx.prefs,
3370 sp->spidx.ul_proto);
3371 if (!m) {
3372 error = ENOBUFS;
3373 goto fail;
3374 }
3375 m_cat(result, m);
3376 }
3377
3378 /* set sadb_address(es) for dest */
3379 if (sp->spidx.dst_range.start.ss_len > 0) {
3380 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_START,
3381 (struct sockaddr *)&sp->spidx.dst_range.start, sp->spidx.prefd,
3382 sp->spidx.ul_proto);
3383 if (!m) {
3384 error = ENOBUFS;
3385 goto fail;
3386 }
3387 m_cat(result, m);
3388
3389 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_END,
3390 (struct sockaddr *)&sp->spidx.dst_range.end, sp->spidx.prefd,
3391 sp->spidx.ul_proto);
3392 if (!m) {
3393 error = ENOBUFS;
3394 goto fail;
3395 }
3396 m_cat(result, m);
3397 } else {
3398 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3399 (struct sockaddr *)&sp->spidx.dst, sp->spidx.prefd,
3400 sp->spidx.ul_proto);
3401 if (!m) {
3402 error = ENOBUFS;
3403 goto fail;
3404 }
3405 m_cat(result, m);
3406 }
3407
3408 /* set secpolicy */
3409 m = key_sp2msg(sp);
3410 if (!m) {
3411 error = ENOBUFS;
3412 goto fail;
3413 }
3414 m_cat(result, m);
3415
3416 if ((result->m_flags & M_PKTHDR) == 0) {
3417 error = EINVAL;
3418 goto fail;
3419 }
3420
3421 if (result->m_len < sizeof(struct sadb_msg)) {
3422 result = m_pullup(result, sizeof(struct sadb_msg));
3423 if (result == NULL) {
3424 error = ENOBUFS;
3425 goto fail;
3426 }
3427 }
3428
3429 result->m_pkthdr.len = 0;
3430 for (m = result; m; m = m->m_next)
3431 result->m_pkthdr.len += m->m_len;
3432
3433 mtod(result, struct sadb_msg *)->sadb_msg_len =
3434 PFKEY_UNIT64(result->m_pkthdr.len);
3435
3436 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
3437
3438 fail:
3439 if (result)
3440 m_freem(result);
3441 return error;
3442 }
3443
3444 /* %%% SAD management */
3445 /*
3446 * allocating a memory for new SA head, and copy from the values of mhp.
3447 * OUT: NULL : failure due to the lack of memory.
3448 * others : pointer to new SA head.
3449 */
3450 static struct secashead *
3451 key_newsah(struct secasindex *saidx,
3452 ifnet_t ipsec_if,
3453 u_int outgoing_if,
3454 u_int8_t dir)
3455 {
3456 struct secashead *newsah;
3457
3458 /* sanity check */
3459 if (saidx == NULL)
3460 panic("key_newsaidx: NULL pointer is passed.\n");
3461
3462 newsah = keydb_newsecashead();
3463 if (newsah == NULL)
3464 return NULL;
3465
3466 bcopy(saidx, &newsah->saidx, sizeof(newsah->saidx));
3467
3468 /* remove the ports */
3469 switch (saidx->src.ss_family) {
3470 case AF_INET:
3471 ((struct sockaddr_in *)(&newsah->saidx.src))->sin_port = IPSEC_PORT_ANY;
3472 break;
3473 case AF_INET6:
3474 ((struct sockaddr_in6 *)(&newsah->saidx.src))->sin6_port = IPSEC_PORT_ANY;
3475 break;
3476 default:
3477 break;
3478 }
3479 switch (saidx->dst.ss_family) {
3480 case AF_INET:
3481 ((struct sockaddr_in *)(&newsah->saidx.dst))->sin_port = IPSEC_PORT_ANY;
3482 break;
3483 case AF_INET6:
3484 ((struct sockaddr_in6 *)(&newsah->saidx.dst))->sin6_port = IPSEC_PORT_ANY;
3485 break;
3486 default:
3487 break;
3488 }
3489
3490 newsah->outgoing_if = outgoing_if;
3491 if (ipsec_if) {
3492 ifnet_reference(ipsec_if);
3493 newsah->ipsec_if = ipsec_if;
3494 }
3495 newsah->dir = dir;
3496 /* add to saidxtree */
3497 newsah->state = SADB_SASTATE_MATURE;
3498 LIST_INSERT_HEAD(&sahtree, newsah, chain);
3499 key_start_timehandler();
3500
3501 return(newsah);
3502 }
3503
3504 /*
3505 * delete SA index and all SA registerd.
3506 */
3507 void
3508 key_delsah(
3509 struct secashead *sah)
3510 {
3511 struct secasvar *sav, *nextsav;
3512 u_int stateidx, state;
3513 int zombie = 0;
3514
3515 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3516
3517 /* sanity check */
3518 if (sah == NULL)
3519 panic("key_delsah: NULL pointer is passed.\n");
3520
3521 /* searching all SA registerd in the secindex. */
3522 for (stateidx = 0;
3523 stateidx < _ARRAYLEN(saorder_state_any);
3524 stateidx++) {
3525
3526 state = saorder_state_any[stateidx];
3527 for (sav = (struct secasvar *)LIST_FIRST(&sah->savtree[state]);
3528 sav != NULL;
3529 sav = nextsav) {
3530
3531 nextsav = LIST_NEXT(sav, chain);
3532
3533 if (sav->refcnt > 0) {
3534 /* give up to delete this sa */
3535 zombie++;
3536 continue;
3537 }
3538
3539 /* sanity check */
3540 KEY_CHKSASTATE(state, sav->state, "key_delsah");
3541
3542 key_freesav(sav, KEY_SADB_LOCKED);
3543
3544 /* remove back pointer */
3545 sav->sah = NULL;
3546 sav = NULL;
3547 }
3548 }
3549
3550 /* don't delete sah only if there are savs. */
3551 if (zombie)
3552 return;
3553
3554 ROUTE_RELEASE(&sah->sa_route);
3555
3556 if (sah->ipsec_if) {
3557 ifnet_release(sah->ipsec_if);
3558 sah->ipsec_if = NULL;
3559 }
3560
3561 if (sah->idents) {
3562 KFREE(sah->idents);
3563 }
3564
3565 if (sah->identd) {
3566 KFREE(sah->identd);
3567 }
3568
3569 /* remove from tree of SA index */
3570 if (__LIST_CHAINED(sah))
3571 LIST_REMOVE(sah, chain);
3572
3573 KFREE(sah);
3574
3575 return;
3576 }
3577
3578 /*
3579 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
3580 * and copy the values of mhp into new buffer.
3581 * When SAD message type is GETSPI:
3582 * to set sequence number from acq_seq++,
3583 * to set zero to SPI.
3584 * not to call key_setsava().
3585 * OUT: NULL : fail
3586 * others : pointer to new secasvar.
3587 *
3588 * does not modify mbuf. does not free mbuf on error.
3589 */
3590 static struct secasvar *
3591 key_newsav(
3592 struct mbuf *m,
3593 const struct sadb_msghdr *mhp,
3594 struct secashead *sah,
3595 int *errp,
3596 struct socket *so)
3597 {
3598 struct secasvar *newsav;
3599 const struct sadb_sa *xsa;
3600
3601 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3602
3603 /* sanity check */
3604 if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL)
3605 panic("key_newsa: NULL pointer is passed.\n");
3606
3607 KMALLOC_NOWAIT(newsav, struct secasvar *, sizeof(struct secasvar));
3608 if (newsav == NULL) {
3609 lck_mtx_unlock(sadb_mutex);
3610 KMALLOC_WAIT(newsav, struct secasvar *, sizeof(struct secasvar));
3611 lck_mtx_lock(sadb_mutex);
3612 if (newsav == NULL) {
3613 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
3614 *errp = ENOBUFS;
3615 return NULL;
3616 }
3617 }
3618 bzero((caddr_t)newsav, sizeof(struct secasvar));
3619
3620 switch (mhp->msg->sadb_msg_type) {
3621 case SADB_GETSPI:
3622 key_setspi(newsav, 0);
3623
3624 #if IPSEC_DOSEQCHECK
3625 /* sync sequence number */
3626 if (mhp->msg->sadb_msg_seq == 0)
3627 newsav->seq =
3628 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
3629 else
3630 #endif
3631 newsav->seq = mhp->msg->sadb_msg_seq;
3632 break;
3633
3634 case SADB_ADD:
3635 /* sanity check */
3636 if (mhp->ext[SADB_EXT_SA] == NULL) {
3637 key_delsav(newsav);
3638 ipseclog((LOG_DEBUG, "key_newsa: invalid message is passed.\n"));
3639 *errp = EINVAL;
3640 return NULL;
3641 }
3642 xsa = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
3643 key_setspi(newsav, xsa->sadb_sa_spi);
3644 newsav->seq = mhp->msg->sadb_msg_seq;
3645 break;
3646 default:
3647 key_delsav(newsav);
3648 *errp = EINVAL;
3649 return NULL;
3650 }
3651
3652 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
3653 if (((struct sadb_x_sa2 *)(void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_alwaysexpire)
3654 newsav->always_expire = 1;
3655 newsav->flags2 = ((struct sadb_x_sa2 *)(void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_flags;
3656 if (newsav->flags2 & SADB_X_EXT_SA2_DELETE_ON_DETACH) {
3657 newsav->so = so;
3658 }
3659 }
3660
3661 /* copy sav values */
3662 if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
3663 *errp = key_setsaval(newsav, m, mhp);
3664 if (*errp) {
3665 key_delsav(newsav);
3666 return NULL;
3667 }
3668 } else {
3669 /* For get SPI, if has a hard lifetime, apply */
3670 const struct sadb_lifetime *lft0;
3671 struct timeval tv;
3672
3673 lft0 = (struct sadb_lifetime *)(void *)mhp->ext[SADB_EXT_LIFETIME_HARD];
3674 if (lft0 != NULL) {
3675 /* make lifetime for CURRENT */
3676 KMALLOC_NOWAIT(newsav->lft_c, struct sadb_lifetime *,
3677 sizeof(struct sadb_lifetime));
3678 if (newsav->lft_c == NULL) {
3679 lck_mtx_unlock(sadb_mutex);
3680 KMALLOC_WAIT(newsav->lft_c, struct sadb_lifetime *,
3681 sizeof(struct sadb_lifetime));
3682 lck_mtx_lock(sadb_mutex);
3683 if (newsav->lft_c == NULL) {
3684 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
3685 key_delsav(newsav);
3686 *errp = ENOBUFS;
3687 return NULL;
3688 }
3689 }
3690
3691 microtime(&tv);
3692
3693 newsav->lft_c->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3694 newsav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
3695 newsav->lft_c->sadb_lifetime_allocations = 0;
3696 newsav->lft_c->sadb_lifetime_bytes = 0;
3697 newsav->lft_c->sadb_lifetime_addtime = tv.tv_sec;
3698 newsav->lft_c->sadb_lifetime_usetime = 0;
3699
3700 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
3701 ipseclog((LOG_DEBUG, "key_newsa: invalid hard lifetime ext len.\n"));
3702 key_delsav(newsav);
3703 *errp = EINVAL;
3704 return NULL;
3705 }
3706 newsav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0, sizeof(*lft0));
3707 if (newsav->lft_h == NULL) {
3708 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
3709 key_delsav(newsav);
3710 *errp = ENOBUFS;
3711 return NULL;
3712 }
3713 }
3714 }
3715
3716 /* reset created */
3717 {
3718 struct timeval tv;
3719 microtime(&tv);
3720 newsav->created = tv.tv_sec;
3721 }
3722
3723 newsav->pid = mhp->msg->sadb_msg_pid;
3724
3725 /* add to satree */
3726 newsav->sah = sah;
3727 newsav->refcnt = 1;
3728 newsav->state = SADB_SASTATE_LARVAL;
3729 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
3730 secasvar, chain);
3731 ipsec_sav_count++;
3732
3733 return newsav;
3734 }
3735
3736 /*
3737 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
3738 * and copy the values passed into new buffer.
3739 * When SAD message type is GETSPI:
3740 * to set sequence number from acq_seq++,
3741 * to set zero to SPI.
3742 * not to call key_setsava().
3743 * OUT: NULL : fail
3744 * others : pointer to new secasvar.
3745 */
3746 struct secasvar *
3747 key_newsav2(struct secashead *sah,
3748 u_int8_t satype,
3749 u_int8_t alg_auth,
3750 u_int8_t alg_enc,
3751 u_int32_t flags,
3752 u_int8_t replay,
3753 struct sadb_key *key_auth,
3754 u_int16_t key_auth_len,
3755 struct sadb_key *key_enc,
3756 u_int16_t key_enc_len,
3757 u_int16_t natt_port,
3758 u_int32_t seq,
3759 u_int32_t spi,
3760 u_int32_t pid,
3761 struct sadb_lifetime *lifetime_hard,
3762 struct sadb_lifetime *lifetime_soft)
3763 {
3764 struct secasvar *newsav;
3765
3766 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3767
3768 /* sanity check */
3769 if (sah == NULL)
3770 panic("key_newsa: NULL pointer is passed.\n");
3771
3772 KMALLOC_NOWAIT(newsav, struct secasvar *, sizeof(struct secasvar));
3773 if (newsav == NULL) {
3774 lck_mtx_unlock(sadb_mutex);
3775 KMALLOC_WAIT(newsav, struct secasvar *, sizeof(struct secasvar));
3776 lck_mtx_lock(sadb_mutex);
3777 if (newsav == NULL) {
3778 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
3779 return NULL;
3780 }
3781 }
3782 bzero((caddr_t)newsav, sizeof(struct secasvar));
3783
3784 #if IPSEC_DOSEQCHECK
3785 /* sync sequence number */
3786 if (seq == 0)
3787 newsav->seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
3788 else
3789 #endif
3790 newsav->seq = seq;
3791 key_setspi(newsav, spi);
3792
3793 if (key_setsaval2(newsav,
3794 satype,
3795 alg_auth,
3796 alg_enc,
3797 flags,
3798 replay,
3799 key_auth,
3800 key_auth_len,
3801 key_enc,
3802 key_enc_len,
3803 natt_port,
3804 seq,
3805 spi,
3806 pid,
3807 lifetime_hard,
3808 lifetime_soft)) {
3809 key_delsav(newsav);
3810 return NULL;
3811 }
3812
3813 /* reset created */
3814 {
3815 struct timeval tv;
3816 microtime(&tv);
3817 newsav->created = tv.tv_sec;
3818 }
3819
3820 newsav->pid = pid;
3821
3822 /* add to satree */
3823 newsav->sah = sah;
3824 newsav->refcnt = 1;
3825 if (spi && key_auth && key_auth_len && key_enc && key_enc_len) {
3826 newsav->state = SADB_SASTATE_MATURE;
3827 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_MATURE], newsav,
3828 secasvar, chain);
3829 } else {
3830 newsav->state = SADB_SASTATE_LARVAL;
3831 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
3832 secasvar, chain);
3833 }
3834 ipsec_sav_count++;
3835
3836 return newsav;
3837 }
3838
3839 static int
3840 key_migratesav(struct secasvar *sav,
3841 struct secashead *newsah)
3842 {
3843 if (sav == NULL || newsah == NULL || sav->state != SADB_SASTATE_MATURE) {
3844 return EINVAL;
3845 }
3846
3847 /* remove from SA header */
3848 if (__LIST_CHAINED(sav))
3849 LIST_REMOVE(sav, chain);
3850
3851 sav->sah = newsah;
3852 LIST_INSERT_TAIL(&newsah->savtree[SADB_SASTATE_MATURE], sav, secasvar, chain);
3853 return 0;
3854 }
3855
3856 /*
3857 * free() SA variable entry.
3858 */
3859 void
3860 key_delsav(
3861 struct secasvar *sav)
3862 {
3863
3864 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3865
3866 /* sanity check */
3867 if (sav == NULL)
3868 panic("key_delsav: NULL pointer is passed.\n");
3869
3870 if (sav->refcnt > 0)
3871 return; /* can't free */
3872
3873 /* remove from SA header */
3874 if (__LIST_CHAINED(sav))
3875 LIST_REMOVE(sav, chain);
3876 ipsec_sav_count--;
3877
3878 if (sav->spihash.le_prev || sav->spihash.le_next)
3879 LIST_REMOVE(sav, spihash);
3880
3881 if (sav->key_auth != NULL) {
3882 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
3883 KFREE(sav->key_auth);
3884 sav->key_auth = NULL;
3885 }
3886 if (sav->key_enc != NULL) {
3887 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
3888 KFREE(sav->key_enc);
3889 sav->key_enc = NULL;
3890 }
3891 if (sav->sched) {
3892 bzero(sav->sched, sav->schedlen);
3893 KFREE(sav->sched);
3894 sav->sched = NULL;
3895 }
3896 if (sav->replay != NULL) {
3897 keydb_delsecreplay(sav->replay);
3898 sav->replay = NULL;
3899 }
3900 if (sav->lft_c != NULL) {
3901 KFREE(sav->lft_c);
3902 sav->lft_c = NULL;
3903 }
3904 if (sav->lft_h != NULL) {
3905 KFREE(sav->lft_h);
3906 sav->lft_h = NULL;
3907 }
3908 if (sav->lft_s != NULL) {
3909 KFREE(sav->lft_s);
3910 sav->lft_s = NULL;
3911 }
3912 if (sav->iv != NULL) {
3913 KFREE(sav->iv);
3914 sav->iv = NULL;
3915 }
3916
3917 KFREE(sav);
3918
3919 return;
3920 }
3921
3922 /*
3923 * search SAD.
3924 * OUT:
3925 * NULL : not found
3926 * others : found, pointer to a SA.
3927 */
3928 static struct secashead *
3929 key_getsah(struct secasindex *saidx)
3930 {
3931 struct secashead *sah;
3932
3933 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3934
3935 LIST_FOREACH(sah, &sahtree, chain) {
3936 if (sah->state == SADB_SASTATE_DEAD)
3937 continue;
3938 if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID))
3939 return sah;
3940 }
3941
3942 return NULL;
3943 }
3944
3945 struct secashead *
3946 key_newsah2 (struct secasindex *saidx,
3947 u_int8_t dir)
3948 {
3949 struct secashead *sah;
3950
3951 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3952
3953 sah = key_getsah(saidx);
3954 if (!sah) {
3955 return(key_newsah(saidx, NULL, 0, dir));
3956 }
3957 return sah;
3958 }
3959
3960 /*
3961 * check not to be duplicated SPI.
3962 * NOTE: this function is too slow due to searching all SAD.
3963 * OUT:
3964 * NULL : not found
3965 * others : found, pointer to a SA.
3966 */
3967 static struct secasvar *
3968 key_checkspidup(
3969 struct secasindex *saidx,
3970 u_int32_t spi)
3971 {
3972 struct secasvar *sav;
3973 u_int stateidx, state;
3974
3975 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3976
3977 /* check address family */
3978 if (saidx->src.ss_family != saidx->dst.ss_family) {
3979 ipseclog((LOG_DEBUG, "key_checkspidup: address family mismatched.\n"));
3980 return NULL;
3981 }
3982
3983 /* check all SAD */
3984 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
3985 if (sav->spi != spi)
3986 continue;
3987 for (stateidx = 0;
3988 stateidx < _ARRAYLEN(saorder_state_alive);
3989 stateidx++) {
3990 state = saorder_state_alive[stateidx];
3991 if (sav->state == state &&
3992 key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst))
3993 return sav;
3994 }
3995 }
3996
3997 return NULL;
3998 }
3999
4000 static void
4001 key_setspi(
4002 struct secasvar *sav,
4003 u_int32_t spi)
4004 {
4005 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
4006 sav->spi = spi;
4007 if (sav->spihash.le_prev || sav->spihash.le_next)
4008 LIST_REMOVE(sav, spihash);
4009 LIST_INSERT_HEAD(&spihash[SPIHASH(spi)], sav, spihash);
4010 }
4011
4012
4013 /*
4014 * search SAD litmited alive SA, protocol, SPI.
4015 * OUT:
4016 * NULL : not found
4017 * others : found, pointer to a SA.
4018 */
4019 static struct secasvar *
4020 key_getsavbyspi(
4021 struct secashead *sah,
4022 u_int32_t spi)
4023 {
4024 struct secasvar *sav, *match;
4025 u_int stateidx, state, matchidx;
4026
4027 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
4028 match = NULL;
4029 matchidx = _ARRAYLEN(saorder_state_alive);
4030 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
4031 if (sav->spi != spi)
4032 continue;
4033 if (sav->sah != sah)
4034 continue;
4035 for (stateidx = 0; stateidx < matchidx; stateidx++) {
4036 state = saorder_state_alive[stateidx];
4037 if (sav->state == state) {
4038 match = sav;
4039 matchidx = stateidx;
4040 break;
4041 }
4042 }
4043 }
4044
4045 return match;
4046 }
4047
4048 /*
4049 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
4050 * You must update these if need.
4051 * OUT: 0: success.
4052 * !0: failure.
4053 *
4054 * does not modify mbuf. does not free mbuf on error.
4055 */
4056 static int
4057 key_setsaval(
4058 struct secasvar *sav,
4059 struct mbuf *m,
4060 const struct sadb_msghdr *mhp)
4061 {
4062 #if IPSEC_ESP
4063 const struct esp_algorithm *algo;
4064 #endif
4065 int error = 0;
4066 struct timeval tv;
4067
4068 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
4069
4070 /* sanity check */
4071 if (m == NULL || mhp == NULL || mhp->msg == NULL)
4072 panic("key_setsaval: NULL pointer is passed.\n");
4073
4074 /* initialization */
4075 sav->replay = NULL;
4076 sav->key_auth = NULL;
4077 sav->key_enc = NULL;
4078 sav->sched = NULL;
4079 sav->schedlen = 0;
4080 sav->iv = NULL;
4081 sav->lft_c = NULL;
4082 sav->lft_h = NULL;
4083 sav->lft_s = NULL;
4084 sav->remote_ike_port = 0;
4085 sav->natt_last_activity = natt_now;
4086 sav->natt_encapsulated_src_port = 0;
4087
4088 /* SA */
4089 if (mhp->ext[SADB_EXT_SA] != NULL) {
4090 const struct sadb_sa *sa0;
4091
4092 sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
4093 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
4094 ipseclog((LOG_DEBUG, "key_setsaval: invalid message size.\n"));
4095 error = EINVAL;
4096 goto fail;
4097 }
4098
4099 sav->alg_auth = sa0->sadb_sa_auth;
4100 sav->alg_enc = sa0->sadb_sa_encrypt;
4101 sav->flags = sa0->sadb_sa_flags;
4102
4103 /*
4104 * Verify that a nat-traversal port was specified if
4105 * the nat-traversal flag is set.
4106 */
4107 if ((sav->flags & SADB_X_EXT_NATT) != 0) {
4108 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa_2) ||
4109 ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_port == 0) {
4110 ipseclog((LOG_DEBUG, "key_setsaval: natt port not set.\n"));
4111 error = EINVAL;
4112 goto fail;
4113 }
4114 sav->remote_ike_port = ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_port;
4115 sav->natt_interval = ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_interval;
4116 sav->natt_offload_interval = ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_offload_interval;
4117 }
4118
4119 /*
4120 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
4121 * SADB_X_EXT_NATT is set and SADB_X_EXT_NATT_KEEPALIVE is not
4122 * set (we're not behind nat) - otherwise clear it.
4123 */
4124 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
4125 if ((sav->flags & SADB_X_EXT_NATT) == 0 ||
4126 (sav->flags & SADB_X_EXT_NATT_KEEPALIVE) != 0)
4127 sav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
4128
4129 /* replay window */
4130 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
4131 sav->replay = keydb_newsecreplay(sa0->sadb_sa_replay);
4132 if (sav->replay == NULL) {
4133 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4134 error = ENOBUFS;
4135 goto fail;
4136 }
4137 }
4138 }
4139
4140 /* Authentication keys */
4141 if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
4142 const struct sadb_key *key0;
4143 int len;
4144
4145 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
4146 len = mhp->extlen[SADB_EXT_KEY_AUTH];
4147
4148 error = 0;
4149 if (len < sizeof(*key0)) {
4150 ipseclog((LOG_DEBUG, "key_setsaval: invalid auth key ext len. len = %d\n", len));
4151 error = EINVAL;
4152 goto fail;
4153 }
4154 switch (mhp->msg->sadb_msg_satype) {
4155 case SADB_SATYPE_AH:
4156 case SADB_SATYPE_ESP:
4157 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
4158 sav->alg_auth != SADB_X_AALG_NULL)
4159 error = EINVAL;
4160 break;
4161 case SADB_X_SATYPE_IPCOMP:
4162 default:
4163 error = EINVAL;
4164 break;
4165 }
4166 if (error) {
4167 ipseclog((LOG_DEBUG, "key_setsaval: invalid key_auth values.\n"));
4168 goto fail;
4169 }
4170
4171 sav->key_auth = (struct sadb_key *)key_newbuf(key0, len);
4172 if (sav->key_auth == NULL) {
4173 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4174 error = ENOBUFS;
4175 goto fail;
4176 }
4177 }
4178
4179 /* Encryption key */
4180 if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
4181 const struct sadb_key *key0;
4182 int len;
4183
4184 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
4185 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
4186
4187 error = 0;
4188 if (len < sizeof(*key0)) {
4189 ipseclog((LOG_DEBUG, "key_setsaval: invalid encryption key ext len. len = %d\n", len));
4190 error = EINVAL;
4191 goto fail;
4192 }
4193 switch (mhp->msg->sadb_msg_satype) {
4194 case SADB_SATYPE_ESP:
4195 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
4196 sav->alg_enc != SADB_EALG_NULL) {
4197 ipseclog((LOG_DEBUG, "key_setsaval: invalid ESP algorithm.\n"));
4198 error = EINVAL;
4199 break;
4200 }
4201 sav->key_enc = (struct sadb_key *)key_newbuf(key0, len);
4202 if (sav->key_enc == NULL) {
4203 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4204 error = ENOBUFS;
4205 goto fail;
4206 }
4207 break;
4208 case SADB_X_SATYPE_IPCOMP:
4209 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
4210 error = EINVAL;
4211 sav->key_enc = NULL; /*just in case*/
4212 break;
4213 case SADB_SATYPE_AH:
4214 default:
4215 error = EINVAL;
4216 break;
4217 }
4218 if (error) {
4219 ipseclog((LOG_DEBUG, "key_setsaval: invalid key_enc value.\n"));
4220 goto fail;
4221 }
4222 }
4223
4224 /* set iv */
4225 sav->ivlen = 0;
4226
4227 switch (mhp->msg->sadb_msg_satype) {
4228 case SADB_SATYPE_ESP:
4229 #if IPSEC_ESP
4230 algo = esp_algorithm_lookup(sav->alg_enc);
4231 if (algo && algo->ivlen)
4232 sav->ivlen = (*algo->ivlen)(algo, sav);
4233 if (sav->ivlen == 0)
4234 break;
4235 KMALLOC_NOWAIT(sav->iv, caddr_t, sav->ivlen);
4236 if (sav->iv == 0) {
4237 lck_mtx_unlock(sadb_mutex);
4238 KMALLOC_WAIT(sav->iv, caddr_t, sav->ivlen);
4239 lck_mtx_lock(sadb_mutex);
4240 if (sav->iv == 0) {
4241 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4242 error = ENOBUFS;
4243 goto fail;
4244 }
4245 }
4246
4247 /* initialize */
4248 key_randomfill(sav->iv, sav->ivlen);
4249 #endif
4250 break;
4251 case SADB_SATYPE_AH:
4252 case SADB_X_SATYPE_IPCOMP:
4253 break;
4254 default:
4255 ipseclog((LOG_DEBUG, "key_setsaval: invalid SA type.\n"));
4256 error = EINVAL;
4257 goto fail;
4258 }
4259
4260 /* reset created */
4261 microtime(&tv);
4262 sav->created = tv.tv_sec;
4263
4264 /* make lifetime for CURRENT */
4265 KMALLOC_NOWAIT(sav->lft_c, struct sadb_lifetime *,
4266 sizeof(struct sadb_lifetime));
4267 if (sav->lft_c == NULL) {
4268 lck_mtx_unlock(sadb_mutex);
4269 KMALLOC_WAIT(sav->lft_c, struct sadb_lifetime *,
4270 sizeof(struct sadb_lifetime));
4271 lck_mtx_lock(sadb_mutex);
4272 if (sav->lft_c == NULL) {
4273 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4274 error = ENOBUFS;
4275 goto fail;
4276 }
4277 }
4278
4279 microtime(&tv);
4280
4281 sav->lft_c->sadb_lifetime_len =
4282 PFKEY_UNIT64(sizeof(struct sadb_lifetime));
4283 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
4284 sav->lft_c->sadb_lifetime_allocations = 0;
4285 sav->lft_c->sadb_lifetime_bytes = 0;
4286 sav->lft_c->sadb_lifetime_addtime = tv.tv_sec;
4287 sav->lft_c->sadb_lifetime_usetime = 0;
4288
4289 /* lifetimes for HARD and SOFT */
4290 {
4291 const struct sadb_lifetime *lft0;
4292
4293 lft0 = (struct sadb_lifetime *)
4294 (void *)mhp->ext[SADB_EXT_LIFETIME_HARD];
4295 if (lft0 != NULL) {
4296 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
4297 ipseclog((LOG_DEBUG, "key_setsaval: invalid hard lifetime ext len.\n"));
4298 error = EINVAL;
4299 goto fail;
4300 }
4301 sav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0,
4302 sizeof(*lft0));
4303 if (sav->lft_h == NULL) {
4304 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4305 error = ENOBUFS;
4306 goto fail;
4307 }
4308 /* to be initialize ? */
4309 }
4310
4311 lft0 = (struct sadb_lifetime *)
4312 (void *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
4313 if (lft0 != NULL) {
4314 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
4315 ipseclog((LOG_DEBUG, "key_setsaval: invalid soft lifetime ext len.\n"));
4316 error = EINVAL;
4317 goto fail;
4318 }
4319 sav->lft_s = (struct sadb_lifetime *)key_newbuf(lft0,
4320 sizeof(*lft0));
4321 if (sav->lft_s == NULL) {
4322 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4323 error = ENOBUFS;
4324 goto fail;
4325 }
4326 /* to be initialize ? */
4327 }
4328 }
4329
4330 return 0;
4331
4332 fail:
4333 /* initialization */
4334 if (sav->replay != NULL) {
4335 keydb_delsecreplay(sav->replay);
4336 sav->replay = NULL;
4337 }
4338 if (sav->key_auth != NULL) {
4339 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
4340 KFREE(sav->key_auth);
4341 sav->key_auth = NULL;
4342 }
4343 if (sav->key_enc != NULL) {
4344 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
4345 KFREE(sav->key_enc);
4346 sav->key_enc = NULL;
4347 }
4348 if (sav->sched) {
4349 bzero(sav->sched, sav->schedlen);
4350 KFREE(sav->sched);
4351 sav->sched = NULL;
4352 }
4353 if (sav->iv != NULL) {
4354 KFREE(sav->iv);
4355 sav->iv = NULL;
4356 }
4357 if (sav->lft_c != NULL) {
4358 KFREE(sav->lft_c);
4359 sav->lft_c = NULL;
4360 }
4361 if (sav->lft_h != NULL) {
4362 KFREE(sav->lft_h);
4363 sav->lft_h = NULL;
4364 }
4365 if (sav->lft_s != NULL) {
4366 KFREE(sav->lft_s);
4367 sav->lft_s = NULL;
4368 }
4369
4370 return error;
4371 }
4372
4373 /*
4374 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
4375 * You must update these if need.
4376 * OUT: 0: success.
4377 * !0: failure.
4378 *
4379 * does not modify mbuf. does not free mbuf on error.
4380 */
4381 int
4382 key_setsaval2(struct secasvar *sav,
4383 u_int8_t satype,
4384 u_int8_t alg_auth,
4385 u_int8_t alg_enc,
4386 u_int32_t flags,
4387 u_int8_t replay,
4388 struct sadb_key *key_auth,
4389 u_int16_t key_auth_len,
4390 struct sadb_key *key_enc,
4391 u_int16_t key_enc_len,
4392 u_int16_t natt_port,
4393 u_int32_t seq,
4394 u_int32_t spi,
4395 u_int32_t pid,
4396 struct sadb_lifetime *lifetime_hard,
4397 struct sadb_lifetime *lifetime_soft)
4398 {
4399 #if IPSEC_ESP
4400 const struct esp_algorithm *algo;
4401 #endif
4402 int error = 0;
4403 struct timeval tv;
4404
4405 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
4406
4407 /* initialization */
4408 sav->replay = NULL;
4409 sav->key_auth = NULL;
4410 sav->key_enc = NULL;
4411 sav->sched = NULL;
4412 sav->schedlen = 0;
4413 sav->iv = NULL;
4414 sav->lft_c = NULL;
4415 sav->lft_h = NULL;
4416 sav->lft_s = NULL;
4417 sav->remote_ike_port = 0;
4418 sav->natt_last_activity = natt_now;
4419 sav->natt_encapsulated_src_port = 0;
4420
4421 sav->alg_auth = alg_auth;
4422 sav->alg_enc = alg_enc;
4423 sav->flags = flags;
4424 sav->pid = pid;
4425 sav->seq = seq;
4426 key_setspi(sav, htonl(spi));
4427
4428 /*
4429 * Verify that a nat-traversal port was specified if
4430 * the nat-traversal flag is set.
4431 */
4432 if ((sav->flags & SADB_X_EXT_NATT) != 0) {
4433 if (natt_port == 0) {
4434 ipseclog((LOG_DEBUG, "key_setsaval2: natt port not set.\n"));
4435 error = EINVAL;
4436 goto fail;
4437 }
4438 sav->remote_ike_port = natt_port;
4439 }
4440
4441 /*
4442 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
4443 * SADB_X_EXT_NATT is set and SADB_X_EXT_NATT_KEEPALIVE is not
4444 * set (we're not behind nat) - otherwise clear it.
4445 */
4446 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
4447 if ((sav->flags & SADB_X_EXT_NATT) == 0 ||
4448 (sav->flags & SADB_X_EXT_NATT_KEEPALIVE) != 0)
4449 sav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
4450
4451 /* replay window */
4452 if ((flags & SADB_X_EXT_OLD) == 0) {
4453 sav->replay = keydb_newsecreplay(replay);
4454 if (sav->replay == NULL) {
4455 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4456 error = ENOBUFS;
4457 goto fail;
4458 }
4459 }
4460
4461 /* Authentication keys */
4462 sav->key_auth = (__typeof__(sav->key_auth))key_newbuf(key_auth, key_auth_len);
4463 if (sav->key_auth == NULL) {
4464 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4465 error = ENOBUFS;
4466 goto fail;
4467 }
4468
4469 /* Encryption key */
4470 sav->key_enc = (__typeof__(sav->key_enc))key_newbuf(key_enc, key_enc_len);
4471 if (sav->key_enc == NULL) {
4472 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4473 error = ENOBUFS;
4474 goto fail;
4475 }
4476
4477 /* set iv */
4478 sav->ivlen = 0;
4479
4480 if (satype == SADB_SATYPE_ESP) {
4481 #if IPSEC_ESP
4482 algo = esp_algorithm_lookup(sav->alg_enc);
4483 if (algo && algo->ivlen)
4484 sav->ivlen = (*algo->ivlen)(algo, sav);
4485 if (sav->ivlen != 0) {
4486 KMALLOC_NOWAIT(sav->iv, caddr_t, sav->ivlen);
4487 if (sav->iv == 0) {
4488 lck_mtx_unlock(sadb_mutex);
4489 KMALLOC_WAIT(sav->iv, caddr_t, sav->ivlen);
4490 lck_mtx_lock(sadb_mutex);
4491 if (sav->iv == 0) {
4492 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4493 error = ENOBUFS;
4494 goto fail;
4495 }
4496 }
4497 /* initialize */
4498 key_randomfill(sav->iv, sav->ivlen);
4499 }
4500 #endif
4501 }
4502
4503 /* reset created */
4504 microtime(&tv);
4505 sav->created = tv.tv_sec;
4506
4507 /* make lifetime for CURRENT */
4508 KMALLOC_NOWAIT(sav->lft_c, struct sadb_lifetime *,
4509 sizeof(struct sadb_lifetime));
4510 if (sav->lft_c == NULL) {
4511 lck_mtx_unlock(sadb_mutex);
4512 KMALLOC_WAIT(sav->lft_c, struct sadb_lifetime *,
4513 sizeof(struct sadb_lifetime));
4514 lck_mtx_lock(sadb_mutex);
4515 if (sav->lft_c == NULL) {
4516 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4517 error = ENOBUFS;
4518 goto fail;
4519 }
4520 }
4521
4522 microtime(&tv);
4523
4524 sav->lft_c->sadb_lifetime_len =
4525 PFKEY_UNIT64(sizeof(struct sadb_lifetime));
4526 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
4527 sav->lft_c->sadb_lifetime_allocations = 0;
4528 sav->lft_c->sadb_lifetime_bytes = 0;
4529 sav->lft_c->sadb_lifetime_addtime = tv.tv_sec;
4530 sav->lft_c->sadb_lifetime_usetime = 0;
4531
4532 /* lifetimes for HARD and SOFT */
4533 sav->lft_h = (__typeof__(sav->lft_h))key_newbuf(lifetime_hard,
4534 sizeof(*lifetime_hard));
4535 if (sav->lft_h == NULL) {
4536 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4537 error = ENOBUFS;
4538 goto fail;
4539 }
4540 sav->lft_s = (__typeof__(sav->lft_s))key_newbuf(lifetime_soft,
4541 sizeof(*lifetime_soft));
4542 if (sav->lft_s == NULL) {
4543 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4544 error = ENOBUFS;
4545 goto fail;
4546 }
4547
4548 return 0;
4549
4550 fail:
4551 /* initialization */
4552 if (sav->replay != NULL) {
4553 keydb_delsecreplay(sav->replay);
4554 sav->replay = NULL;
4555 }
4556 if (sav->key_auth != NULL) {
4557 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
4558 KFREE(sav->key_auth);
4559 sav->key_auth = NULL;
4560 }
4561 if (sav->key_enc != NULL) {
4562 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
4563 KFREE(sav->key_enc);
4564 sav->key_enc = NULL;
4565 }
4566 if (sav->sched) {
4567 bzero(sav->sched, sav->schedlen);
4568 KFREE(sav->sched);
4569 sav->sched = NULL;
4570 }
4571 if (sav->iv != NULL) {
4572 KFREE(sav->iv);
4573 sav->iv = NULL;
4574 }
4575 if (sav->lft_c != NULL) {
4576 KFREE(sav->lft_c);
4577 sav->lft_c = NULL;
4578 }
4579 if (sav->lft_h != NULL) {
4580 KFREE(sav->lft_h);
4581 sav->lft_h = NULL;
4582 }
4583 if (sav->lft_s != NULL) {
4584 KFREE(sav->lft_s);
4585 sav->lft_s = NULL;
4586 }
4587
4588 return error;
4589 }
4590
4591 /*
4592 * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
4593 * OUT: 0: valid
4594 * other: errno
4595 */
4596 static int
4597 key_mature(
4598 struct secasvar *sav)
4599 {
4600 int mature;
4601 int checkmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
4602 int mustmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
4603
4604 mature = 0;
4605
4606 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
4607
4608 /* check SPI value */
4609 switch (sav->sah->saidx.proto) {
4610 case IPPROTO_ESP:
4611 case IPPROTO_AH:
4612
4613 /* No reason to test if this is >= 0, because ntohl(sav->spi) is unsigned. */
4614 if (ntohl(sav->spi) <= 255) {
4615 ipseclog((LOG_DEBUG,
4616 "key_mature: illegal range of SPI %u.\n",
4617 (u_int32_t)ntohl(sav->spi)));
4618 return EINVAL;
4619 }
4620 break;
4621 }
4622
4623 /* check satype */
4624 switch (sav->sah->saidx.proto) {
4625 case IPPROTO_ESP:
4626 /* check flags */
4627 if ((sav->flags & SADB_X_EXT_OLD)
4628 && (sav->flags & SADB_X_EXT_DERIV)) {
4629 ipseclog((LOG_DEBUG, "key_mature: "
4630 "invalid flag (derived) given to old-esp.\n"));
4631 return EINVAL;
4632 }
4633 if (sav->alg_auth == SADB_AALG_NONE)
4634 checkmask = 1;
4635 else
4636 checkmask = 3;
4637 mustmask = 1;
4638 break;
4639 case IPPROTO_AH:
4640 /* check flags */
4641 if (sav->flags & SADB_X_EXT_DERIV) {
4642 ipseclog((LOG_DEBUG, "key_mature: "
4643 "invalid flag (derived) given to AH SA.\n"));
4644 return EINVAL;
4645 }
4646 if (sav->alg_enc != SADB_EALG_NONE) {
4647 ipseclog((LOG_DEBUG, "key_mature: "
4648 "protocol and algorithm mismated.\n"));
4649 return(EINVAL);
4650 }
4651 checkmask = 2;
4652 mustmask = 2;
4653 break;
4654 case IPPROTO_IPCOMP:
4655 if (sav->alg_auth != SADB_AALG_NONE) {
4656 ipseclog((LOG_DEBUG, "key_mature: "
4657 "protocol and algorithm mismated.\n"));
4658 return(EINVAL);
4659 }
4660 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0
4661 && ntohl(sav->spi) >= 0x10000) {
4662 ipseclog((LOG_DEBUG, "key_mature: invalid cpi for IPComp.\n"));
4663 return(EINVAL);
4664 }
4665 checkmask = 4;
4666 mustmask = 4;
4667 break;
4668 default:
4669 ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n"));
4670 return EPROTONOSUPPORT;
4671 }
4672
4673 /* check authentication algorithm */
4674 if ((checkmask & 2) != 0) {
4675 const struct ah_algorithm *algo;
4676 int keylen;
4677
4678 algo = ah_algorithm_lookup(sav->alg_auth);
4679 if (!algo) {
4680 ipseclog((LOG_DEBUG,"key_mature: "
4681 "unknown authentication algorithm.\n"));
4682 return EINVAL;
4683 }
4684
4685 /* algorithm-dependent check */
4686 if (sav->key_auth)
4687 keylen = sav->key_auth->sadb_key_bits;
4688 else
4689 keylen = 0;
4690 if (keylen < algo->keymin || algo->keymax < keylen) {
4691 ipseclog((LOG_DEBUG,
4692 "key_mature: invalid AH key length %d "
4693 "(%d-%d allowed)\n",
4694 keylen, algo->keymin, algo->keymax));
4695 return EINVAL;
4696 }
4697
4698 if (algo->mature) {
4699 if ((*algo->mature)(sav)) {
4700 /* message generated in per-algorithm function*/
4701 return EINVAL;
4702 } else
4703 mature = SADB_SATYPE_AH;
4704 }
4705
4706 if ((mustmask & 2) != 0 && mature != SADB_SATYPE_AH) {
4707 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for AH\n"));
4708 return EINVAL;
4709 }
4710 }
4711
4712 /* check encryption algorithm */
4713 if ((checkmask & 1) != 0) {
4714 #if IPSEC_ESP
4715 const struct esp_algorithm *algo;
4716 int keylen;
4717
4718 algo = esp_algorithm_lookup(sav->alg_enc);
4719 if (!algo) {
4720 ipseclog((LOG_DEBUG, "key_mature: unknown encryption algorithm.\n"));
4721 return EINVAL;
4722 }
4723
4724 /* algorithm-dependent check */
4725 if (sav->key_enc)
4726 keylen = sav->key_enc->sadb_key_bits;
4727 else
4728 keylen = 0;
4729 if (keylen < algo->keymin || algo->keymax < keylen) {
4730 ipseclog((LOG_DEBUG,
4731 "key_mature: invalid ESP key length %d "
4732 "(%d-%d allowed)\n",
4733 keylen, algo->keymin, algo->keymax));
4734 return EINVAL;
4735 }
4736
4737 if (algo->mature) {
4738 if ((*algo->mature)(sav)) {
4739 /* message generated in per-algorithm function*/
4740 return EINVAL;
4741 } else
4742 mature = SADB_SATYPE_ESP;
4743 }
4744
4745 if ((mustmask & 1) != 0 && mature != SADB_SATYPE_ESP) {
4746 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for ESP\n"));
4747 return EINVAL;
4748 }
4749 #else /*IPSEC_ESP*/
4750 ipseclog((LOG_DEBUG, "key_mature: ESP not supported in this configuration\n"));
4751 return EINVAL;
4752 #endif
4753 }
4754
4755 /* check compression algorithm */
4756 if ((checkmask & 4) != 0) {
4757 const struct ipcomp_algorithm *algo;
4758
4759 /* algorithm-dependent check */
4760 algo = ipcomp_algorithm_lookup(sav->alg_enc);
4761 if (!algo) {
4762 ipseclog((LOG_DEBUG, "key_mature: unknown compression algorithm.\n"));
4763 return EINVAL;
4764 }
4765 }
4766
4767 key_sa_chgstate(sav, SADB_SASTATE_MATURE);
4768
4769 return 0;
4770 }
4771
4772 /*
4773 * subroutine for SADB_GET and SADB_DUMP.
4774 */
4775 static struct mbuf *
4776 key_setdumpsa(
4777 struct secasvar *sav,
4778 u_int8_t type,
4779 u_int8_t satype,
4780 u_int32_t seq,
4781 u_int32_t pid)
4782 {
4783 struct mbuf *result = NULL, *tres = NULL, *m;
4784 int l = 0;
4785 int i;
4786 void *p;
4787 int dumporder[] = {
4788 SADB_EXT_SA, SADB_X_EXT_SA2,
4789 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
4790 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
4791 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
4792 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
4793 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
4794 };
4795
4796 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
4797 if (m == NULL)
4798 goto fail;
4799 result = m;
4800
4801 for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) {
4802 m = NULL;
4803 p = NULL;
4804 switch (dumporder[i]) {
4805 case SADB_EXT_SA:
4806 m = key_setsadbsa(sav);
4807 if (!m)
4808 goto fail;
4809 break;
4810
4811 case SADB_X_EXT_SA2:
4812 m = key_setsadbxsa2(sav->sah->saidx.mode,
4813 sav->replay ? sav->replay->count : 0,
4814 sav->sah->saidx.reqid,
4815 sav->flags2);
4816 if (!m)
4817 goto fail;
4818 break;
4819
4820 case SADB_EXT_ADDRESS_SRC:
4821 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
4822 (struct sockaddr *)&sav->sah->saidx.src,
4823 FULLMASK, IPSEC_ULPROTO_ANY);
4824 if (!m)
4825 goto fail;
4826 break;
4827
4828 case SADB_EXT_ADDRESS_DST:
4829 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
4830 (struct sockaddr *)&sav->sah->saidx.dst,
4831 FULLMASK, IPSEC_ULPROTO_ANY);
4832 if (!m)
4833 goto fail;
4834 break;
4835
4836 case SADB_EXT_KEY_AUTH:
4837 if (!sav->key_auth)
4838 continue;
4839 l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len);
4840 p = sav->key_auth;
4841 break;
4842
4843 case SADB_EXT_KEY_ENCRYPT:
4844 if (!sav->key_enc)
4845 continue;
4846 l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len);
4847 p = sav->key_enc;
4848 break;
4849
4850 case SADB_EXT_LIFETIME_CURRENT:
4851 if (!sav->lft_c)
4852 continue;
4853 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len);
4854 p = sav->lft_c;
4855 break;
4856
4857 case SADB_EXT_LIFETIME_HARD:
4858 if (!sav->lft_h)
4859 continue;
4860 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len);
4861 p = sav->lft_h;
4862 break;
4863
4864 case SADB_EXT_LIFETIME_SOFT:
4865 if (!sav->lft_s)
4866 continue;
4867 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len);
4868 p = sav->lft_s;
4869 break;
4870
4871 case SADB_EXT_ADDRESS_PROXY:
4872 case SADB_EXT_IDENTITY_SRC:
4873 case SADB_EXT_IDENTITY_DST:
4874 /* XXX: should we brought from SPD ? */
4875 case SADB_EXT_SENSITIVITY:
4876 default:
4877 continue;
4878 }
4879
4880 if ((!m && !p) || (m && p))
4881 goto fail;
4882 if (p && tres) {
4883 M_PREPEND(tres, l, M_WAITOK, 1);
4884 if (!tres)
4885 goto fail;
4886 bcopy(p, mtod(tres, caddr_t), l);
4887 continue;
4888 }
4889 if (p) {
4890 m = key_alloc_mbuf(l);
4891 if (!m)
4892 goto fail;
4893 m_copyback(m, 0, l, p);
4894 }
4895
4896 if (tres)
4897 m_cat(m, tres);
4898 tres = m;
4899 }
4900
4901 m_cat(result, tres);
4902
4903 if (sav->sah && (sav->sah->outgoing_if || sav->sah->ipsec_if)) {
4904 m = key_setsadbipsecif(NULL, ifindex2ifnet[sav->sah->outgoing_if], sav->sah->ipsec_if, 0);
4905 if (!m)
4906 goto fail;
4907 m_cat(result, m);
4908 }
4909
4910 if (result->m_len < sizeof(struct sadb_msg)) {
4911 result = m_pullup(result, sizeof(struct sadb_msg));
4912 if (result == NULL)
4913 goto fail;
4914 }
4915
4916 result->m_pkthdr.len = 0;
4917 for (m = result; m; m = m->m_next)
4918 result->m_pkthdr.len += m->m_len;
4919
4920 mtod(result, struct sadb_msg *)->sadb_msg_len =
4921 PFKEY_UNIT64(result->m_pkthdr.len);
4922
4923 return result;
4924
4925 fail:
4926 m_freem(result);
4927 m_freem(tres);
4928 return NULL;
4929 }
4930
4931 /*
4932 * set data into sadb_msg.
4933 */
4934 static struct mbuf *
4935 key_setsadbmsg(
4936 u_int8_t type,
4937 u_int16_t tlen,
4938 u_int8_t satype,
4939 u_int32_t seq,
4940 pid_t pid,
4941 u_int16_t reserved)
4942 {
4943 struct mbuf *m;
4944 struct sadb_msg *p;
4945 int len;
4946
4947 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
4948 if (len > MCLBYTES)
4949 return NULL;
4950 MGETHDR(m, M_DONTWAIT, MT_DATA);
4951 if (m && len > MHLEN) {
4952 MCLGET(m, M_DONTWAIT);
4953 if ((m->m_flags & M_EXT) == 0) {
4954 m_freem(m);
4955 m = NULL;
4956 }
4957 }
4958 if (!m)
4959 return NULL;
4960 m->m_pkthdr.len = m->m_len = len;
4961 m->m_next = NULL;
4962
4963 p = mtod(m, struct sadb_msg *);
4964
4965 bzero(p, len);
4966 p->sadb_msg_version = PF_KEY_V2;
4967 p->sadb_msg_type = type;
4968 p->sadb_msg_errno = 0;
4969 p->sadb_msg_satype = satype;
4970 p->sadb_msg_len = PFKEY_UNIT64(tlen);
4971 p->sadb_msg_reserved = reserved;
4972 p->sadb_msg_seq = seq;
4973 p->sadb_msg_pid = (u_int32_t)pid;
4974
4975 return m;
4976 }
4977
4978 /*
4979 * copy secasvar data into sadb_address.
4980 */
4981 static struct mbuf *
4982 key_setsadbsa(
4983 struct secasvar *sav)
4984 {
4985 struct mbuf *m;
4986 struct sadb_sa *p;
4987 int len;
4988
4989 len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
4990 m = key_alloc_mbuf(len);
4991 if (!m || m->m_next) { /*XXX*/
4992 if (m)
4993 m_freem(m);
4994 return NULL;
4995 }
4996
4997 p = mtod(m, struct sadb_sa *);
4998
4999 bzero(p, len);
5000 p->sadb_sa_len = PFKEY_UNIT64(len);
5001 p->sadb_sa_exttype = SADB_EXT_SA;
5002 p->sadb_sa_spi = sav->spi;
5003 p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);
5004 p->sadb_sa_state = sav->state;
5005 p->sadb_sa_auth = sav->alg_auth;
5006 p->sadb_sa_encrypt = sav->alg_enc;
5007 p->sadb_sa_flags = sav->flags;
5008
5009 return m;
5010 }
5011
5012 /*
5013 * set data into sadb_address.
5014 */
5015 static struct mbuf *
5016 key_setsadbaddr(
5017 u_int16_t exttype,
5018 struct sockaddr *saddr,
5019 u_int8_t prefixlen,
5020 u_int16_t ul_proto)
5021 {
5022 struct mbuf *m;
5023 struct sadb_address *p;
5024 size_t len;
5025
5026 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
5027 PFKEY_ALIGN8(saddr->sa_len);
5028 m = key_alloc_mbuf(len);
5029 if (!m || m->m_next) { /*XXX*/
5030 if (m)
5031 m_freem(m);
5032 return NULL;
5033 }
5034
5035 p = mtod(m, struct sadb_address *);
5036
5037 bzero(p, len);
5038 p->sadb_address_len = PFKEY_UNIT64(len);
5039 p->sadb_address_exttype = exttype;
5040 p->sadb_address_proto = ul_proto;
5041 if (prefixlen == FULLMASK) {
5042 switch (saddr->sa_family) {
5043 case AF_INET:
5044 prefixlen = sizeof(struct in_addr) << 3;
5045 break;
5046 case AF_INET6:
5047 prefixlen = sizeof(struct in6_addr) << 3;
5048 break;
5049 default:
5050 ; /*XXX*/
5051 }
5052 }
5053 p->sadb_address_prefixlen = prefixlen;
5054 p->sadb_address_reserved = 0;
5055
5056 bcopy(saddr,
5057 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
5058 saddr->sa_len);
5059
5060 return m;
5061 }
5062
5063 static struct mbuf *
5064 key_setsadbipsecif(ifnet_t internal_if,
5065 ifnet_t outgoing_if,
5066 ifnet_t ipsec_if,
5067 int init_disabled)
5068 {
5069 struct mbuf *m;
5070 struct sadb_x_ipsecif *p;
5071 size_t len;
5072
5073 len = PFKEY_ALIGN8(sizeof(struct sadb_x_ipsecif));
5074 m = key_alloc_mbuf(len);
5075 if (!m || m->m_next) { /*XXX*/
5076 if (m)
5077 m_freem(m);
5078 return NULL;
5079 }
5080
5081 p = mtod(m, struct sadb_x_ipsecif *);
5082
5083 bzero(p, len);
5084 p->sadb_x_ipsecif_len = PFKEY_UNIT64(len);
5085 p->sadb_x_ipsecif_exttype = SADB_X_EXT_IPSECIF;
5086
5087 if (internal_if && internal_if->if_xname)
5088 strlcpy(p->sadb_x_ipsecif_internal_if, internal_if->if_xname, IFXNAMSIZ);
5089 if (outgoing_if && outgoing_if->if_xname)
5090 strlcpy(p->sadb_x_ipsecif_outgoing_if, outgoing_if->if_xname, IFXNAMSIZ);
5091 if (ipsec_if && ipsec_if->if_xname)
5092 strlcpy(p->sadb_x_ipsecif_ipsec_if, ipsec_if->if_xname, IFXNAMSIZ);
5093
5094 p->sadb_x_ipsecif_init_disabled = init_disabled;
5095
5096 return m;
5097 }
5098
5099 /*
5100 * set data into sadb_session_id
5101 */
5102 static struct mbuf *
5103 key_setsadbsession_id (u_int64_t session_ids[])
5104 {
5105 struct mbuf *m;
5106 struct sadb_session_id *p;
5107 size_t len;
5108
5109 len = PFKEY_ALIGN8(sizeof(*p));
5110 m = key_alloc_mbuf(len);
5111 if (!m || m->m_next) { /*XXX*/
5112 if (m)
5113 m_freem(m);
5114 return NULL;
5115 }
5116
5117 p = mtod(m, __typeof__(p));
5118
5119 bzero(p, len);
5120 p->sadb_session_id_len = PFKEY_UNIT64(len);
5121 p->sadb_session_id_exttype = SADB_EXT_SESSION_ID;
5122 p->sadb_session_id_v[0] = session_ids[0];
5123 p->sadb_session_id_v[1] = session_ids[1];
5124
5125 return m;
5126 }
5127
5128 /*
5129 * copy stats data into sadb_sastat type.
5130 */
5131 static struct mbuf *
5132 key_setsadbsastat (u_int32_t dir,
5133 struct sastat *stats,
5134 u_int32_t max_stats)
5135 {
5136 struct mbuf *m;
5137 struct sadb_sastat *p;
5138 int list_len, len;
5139
5140 if (!stats) {
5141 return NULL;
5142 }
5143
5144 list_len = sizeof(*stats) * max_stats;
5145 len = PFKEY_ALIGN8(sizeof(*p)) + PFKEY_ALIGN8(list_len);
5146 m = key_alloc_mbuf(len);
5147 if (!m || m->m_next) { /*XXX*/
5148 if (m)
5149 m_freem(m);
5150 return NULL;
5151 }
5152
5153 p = mtod(m, __typeof__(p));
5154
5155 bzero(p, len);
5156 p->sadb_sastat_len = PFKEY_UNIT64(len);
5157 p->sadb_sastat_exttype = SADB_EXT_SASTAT;
5158 p->sadb_sastat_dir = dir;
5159 p->sadb_sastat_list_len = max_stats;
5160 if (list_len) {
5161 bcopy(stats,
5162 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(*p)),
5163 list_len);
5164 }
5165
5166 return m;
5167 }
5168
5169 #if 0
5170 /*
5171 * set data into sadb_ident.
5172 */
5173 static struct mbuf *
5174 key_setsadbident(
5175 u_int16_t exttype,
5176 u_int16_t idtype,
5177 caddr_t string,
5178 int stringlen,
5179 u_int64_t id)
5180 {
5181 struct mbuf *m;
5182 struct sadb_ident *p;
5183 size_t len;
5184
5185 len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen);
5186 m = key_alloc_mbuf(len);
5187 if (!m || m->m_next) { /*XXX*/
5188 if (m)
5189 m_freem(m);
5190 return NULL;
5191 }
5192
5193 p = mtod(m, struct sadb_ident *);
5194
5195 bzero(p, len);
5196 p->sadb_ident_len = PFKEY_UNIT64(len);
5197 p->sadb_ident_exttype = exttype;
5198 p->sadb_ident_type = idtype;
5199 p->sadb_ident_reserved = 0;
5200 p->sadb_ident_id = id;
5201
5202 bcopy(string,
5203 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_ident)),
5204 stringlen);
5205
5206 return m;
5207 }
5208 #endif
5209
5210 /*
5211 * set data into sadb_x_sa2.
5212 */
5213 static struct mbuf *
5214 key_setsadbxsa2(
5215 u_int8_t mode,
5216 u_int32_t seq,
5217 u_int32_t reqid,
5218 u_int16_t flags)
5219 {
5220 struct mbuf *m;
5221 struct sadb_x_sa2 *p;
5222 size_t len;
5223
5224 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
5225 m = key_alloc_mbuf(len);
5226 if (!m || m->m_next) { /*XXX*/
5227 if (m)
5228 m_freem(m);
5229 return NULL;
5230 }
5231
5232 p = mtod(m, struct sadb_x_sa2 *);
5233
5234 bzero(p, len);
5235 p->sadb_x_sa2_len = PFKEY_UNIT64(len);
5236 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
5237 p->sadb_x_sa2_mode = mode;
5238 p->sadb_x_sa2_reserved1 = 0;
5239 p->sadb_x_sa2_reserved2 = 0;
5240 p->sadb_x_sa2_sequence = seq;
5241 p->sadb_x_sa2_reqid = reqid;
5242 p->sadb_x_sa2_flags = flags;
5243
5244 return m;
5245 }
5246
5247 /*
5248 * set data into sadb_x_policy
5249 */
5250 static struct mbuf *
5251 key_setsadbxpolicy(
5252 u_int16_t type,
5253 u_int8_t dir,
5254 u_int32_t id)
5255 {
5256 struct mbuf *m;
5257 struct sadb_x_policy *p;
5258 size_t len;
5259
5260 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
5261 m = key_alloc_mbuf(len);
5262 if (!m || m->m_next) { /*XXX*/
5263 if (m)
5264 m_freem(m);
5265 return NULL;
5266 }
5267
5268 p = mtod(m, struct sadb_x_policy *);
5269
5270 bzero(p, len);
5271 p->sadb_x_policy_len = PFKEY_UNIT64(len);
5272 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
5273 p->sadb_x_policy_type = type;
5274 p->sadb_x_policy_dir = dir;
5275 p->sadb_x_policy_id = id;
5276
5277 return m;
5278 }
5279
5280 /* %%% utilities */
5281 /*
5282 * copy a buffer into the new buffer allocated.
5283 */
5284 static void *
5285 key_newbuf(
5286 const void *src,
5287 u_int len)
5288 {
5289 caddr_t new;
5290
5291 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
5292 KMALLOC_NOWAIT(new, caddr_t, len);
5293 if (new == NULL) {
5294 lck_mtx_unlock(sadb_mutex);
5295 KMALLOC_WAIT(new, caddr_t, len);
5296 lck_mtx_lock(sadb_mutex);
5297 if (new == NULL) {
5298 ipseclog((LOG_DEBUG, "key_newbuf: No more memory.\n"));
5299 return NULL;
5300 }
5301 }
5302 bcopy(src, new, len);
5303
5304 return new;
5305 }
5306
5307 /* compare my own address
5308 * OUT: 1: true, i.e. my address.
5309 * 0: false
5310 */
5311 int
5312 key_ismyaddr(
5313 struct sockaddr *sa)
5314 {
5315 #if INET
5316 struct sockaddr_in *sin;
5317 struct in_ifaddr *ia;
5318 #endif
5319
5320 /* sanity check */
5321 if (sa == NULL)
5322 panic("key_ismyaddr: NULL pointer is passed.\n");
5323
5324 switch (sa->sa_family) {
5325 #if INET
5326 case AF_INET:
5327 lck_rw_lock_shared(in_ifaddr_rwlock);
5328 sin = (struct sockaddr_in *)(void *)sa;
5329 for (ia = in_ifaddrhead.tqh_first; ia;
5330 ia = ia->ia_link.tqe_next) {
5331 IFA_LOCK_SPIN(&ia->ia_ifa);
5332 if (sin->sin_family == ia->ia_addr.sin_family &&
5333 sin->sin_len == ia->ia_addr.sin_len &&
5334 sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr)
5335 {
5336 IFA_UNLOCK(&ia->ia_ifa);
5337 lck_rw_done(in_ifaddr_rwlock);
5338 return 1;
5339 }
5340 IFA_UNLOCK(&ia->ia_ifa);
5341 }
5342 lck_rw_done(in_ifaddr_rwlock);
5343 break;
5344 #endif
5345 #if INET6
5346 case AF_INET6:
5347 return key_ismyaddr6((struct sockaddr_in6 *)(void *)sa);
5348 #endif
5349 }
5350
5351 return 0;
5352 }
5353
5354 #if INET6
5355 /*
5356 * compare my own address for IPv6.
5357 * 1: ours
5358 * 0: other
5359 * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
5360 */
5361 #include <netinet6/in6_var.h>
5362
5363 static int
5364 key_ismyaddr6(
5365 struct sockaddr_in6 *sin6)
5366 {
5367 struct in6_ifaddr *ia;
5368 struct in6_multi *in6m;
5369
5370 lck_rw_lock_shared(&in6_ifaddr_rwlock);
5371 for (ia = in6_ifaddrs; ia; ia = ia->ia_next) {
5372 IFA_LOCK(&ia->ia_ifa);
5373 if (key_sockaddrcmp((struct sockaddr *)&sin6,
5374 (struct sockaddr *)&ia->ia_addr, 0) == 0) {
5375 IFA_UNLOCK(&ia->ia_ifa);
5376 lck_rw_done(&in6_ifaddr_rwlock);
5377 return 1;
5378 }
5379 IFA_UNLOCK(&ia->ia_ifa);
5380
5381 /*
5382 * XXX Multicast
5383 * XXX why do we care about multlicast here while we don't care
5384 * about IPv4 multicast??
5385 * XXX scope
5386 */
5387 in6m = NULL;
5388 in6_multihead_lock_shared();
5389 IN6_LOOKUP_MULTI(&sin6->sin6_addr, ia->ia_ifp, in6m);
5390 in6_multihead_lock_done();
5391 if (in6m != NULL) {
5392 lck_rw_done(&in6_ifaddr_rwlock);
5393 IN6M_REMREF(in6m);
5394 return 1;
5395 }
5396 }
5397 lck_rw_done(&in6_ifaddr_rwlock);
5398
5399 /* loopback, just for safety */
5400 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
5401 return 1;
5402
5403 return 0;
5404 }
5405 #endif /*INET6*/
5406
5407 /*
5408 * compare two secasindex structure.
5409 * flag can specify to compare 2 saidxes.
5410 * compare two secasindex structure without both mode and reqid.
5411 * don't compare port.
5412 * IN:
5413 * saidx0: source, it can be in SAD.
5414 * saidx1: object.
5415 * OUT:
5416 * 1 : equal
5417 * 0 : not equal
5418 */
5419 static int
5420 key_cmpsaidx(
5421 struct secasindex *saidx0,
5422 struct secasindex *saidx1,
5423 int flag)
5424 {
5425 /* sanity */
5426 if (saidx0 == NULL && saidx1 == NULL)
5427 return 1;
5428
5429 if (saidx0 == NULL || saidx1 == NULL)
5430 return 0;
5431
5432 if (saidx0->ipsec_ifindex != 0 && saidx0->ipsec_ifindex != saidx1->ipsec_ifindex)
5433 return 0;
5434
5435 if (saidx0->proto != saidx1->proto)
5436 return 0;
5437
5438 if (flag == CMP_EXACTLY) {
5439 if (saidx0->mode != saidx1->mode)
5440 return 0;
5441 if (saidx0->reqid != saidx1->reqid)
5442 return 0;
5443 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.ss_len) != 0 ||
5444 bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.ss_len) != 0)
5445 return 0;
5446 } else {
5447
5448 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */
5449 if (flag & CMP_REQID) {
5450 /*
5451 * If reqid of SPD is non-zero, unique SA is required.
5452 * The result must be of same reqid in this case.
5453 */
5454 if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid)
5455 return 0;
5456 }
5457
5458 if (flag & CMP_MODE) {
5459 if (saidx0->mode != IPSEC_MODE_ANY
5460 && saidx0->mode != saidx1->mode)
5461 return 0;
5462 }
5463
5464 if (key_sockaddrcmp((struct sockaddr *)&saidx0->src,
5465 (struct sockaddr *)&saidx1->src, flag & CMP_PORT ? 1 : 0) != 0) {
5466 return 0;
5467 }
5468 if (key_sockaddrcmp((struct sockaddr *)&saidx0->dst,
5469 (struct sockaddr *)&saidx1->dst, flag & CMP_PORT ? 1 : 0) != 0) {
5470 return 0;
5471 }
5472 }
5473
5474 return 1;
5475 }
5476
5477 /*
5478 * compare two secindex structure exactly.
5479 * IN:
5480 * spidx0: source, it is often in SPD.
5481 * spidx1: object, it is often from PFKEY message.
5482 * OUT:
5483 * 1 : equal
5484 * 0 : not equal
5485 */
5486 static int
5487 key_cmpspidx_exactly(
5488 struct secpolicyindex *spidx0,
5489 struct secpolicyindex *spidx1)
5490 {
5491 /* sanity */
5492 if (spidx0 == NULL && spidx1 == NULL)
5493 return 1;
5494
5495 if (spidx0 == NULL || spidx1 == NULL)
5496 return 0;
5497
5498 if (spidx0->prefs != spidx1->prefs
5499 || spidx0->prefd != spidx1->prefd
5500 || spidx0->ul_proto != spidx1->ul_proto
5501 || spidx0->internal_if != spidx1->internal_if)
5502 return 0;
5503
5504 if (key_sockaddrcmp((struct sockaddr *)&spidx0->src,
5505 (struct sockaddr *)&spidx1->src, 1) != 0) {
5506 return 0;
5507 }
5508 if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst,
5509 (struct sockaddr *)&spidx1->dst, 1) != 0) {
5510 return 0;
5511 }
5512
5513 if (key_sockaddrcmp((struct sockaddr *)&spidx0->src_range.start,
5514 (struct sockaddr *)&spidx1->src_range.start, 1) != 0) {
5515 return 0;
5516 }
5517 if (key_sockaddrcmp((struct sockaddr *)&spidx0->src_range.end,
5518 (struct sockaddr *)&spidx1->src_range.end, 1) != 0) {
5519 return 0;
5520 }
5521 if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst_range.start,
5522 (struct sockaddr *)&spidx1->dst_range.start, 1) != 0) {
5523 return 0;
5524 }
5525 if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst_range.end,
5526 (struct sockaddr *)&spidx1->dst_range.end, 1) != 0) {
5527 return 0;
5528 }
5529
5530 return 1;
5531 }
5532
5533 /*
5534 * compare two secindex structure with mask.
5535 * IN:
5536 * spidx0: source, it is often in SPD.
5537 * spidx1: object, it is often from IP header.
5538 * OUT:
5539 * 1 : equal
5540 * 0 : not equal
5541 */
5542 static int
5543 key_cmpspidx_withmask(
5544 struct secpolicyindex *spidx0,
5545 struct secpolicyindex *spidx1)
5546 {
5547 int spidx0_src_is_range = 0;
5548 int spidx0_dst_is_range = 0;
5549
5550 /* sanity */
5551 if (spidx0 == NULL && spidx1 == NULL)
5552 return 1;
5553
5554 if (spidx0 == NULL || spidx1 == NULL)
5555 return 0;
5556
5557 if (spidx0->src_range.start.ss_len > 0)
5558 spidx0_src_is_range = 1;
5559
5560 if (spidx0->dst_range.start.ss_len > 0)
5561 spidx0_dst_is_range = 1;
5562
5563 if ((spidx0_src_is_range ? spidx0->src_range.start.ss_family : spidx0->src.ss_family) != spidx1->src.ss_family ||
5564 (spidx0_dst_is_range ? spidx0->dst_range.start.ss_family : spidx0->dst.ss_family) != spidx1->dst.ss_family ||
5565 (spidx0_src_is_range ? spidx0->src_range.start.ss_len : spidx0->src.ss_len) != spidx1->src.ss_len ||
5566 (spidx0_dst_is_range ? spidx0->dst_range.start.ss_len : spidx0->dst.ss_len) != spidx1->dst.ss_len)
5567 return 0;
5568
5569 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
5570 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY
5571 && spidx0->ul_proto != spidx1->ul_proto)
5572 return 0;
5573
5574 /* If spidx1 specifies interface, ignore src addr */
5575 if (spidx1->internal_if != NULL) {
5576 if (spidx0->internal_if == NULL
5577 || spidx0->internal_if != spidx1->internal_if)
5578 return 0;
5579
5580 /* Still check ports */
5581 switch (spidx0->src.ss_family) {
5582 case AF_INET:
5583 if (spidx0_src_is_range &&
5584 (satosin(&spidx1->src)->sin_port < satosin(&spidx0->src_range.start)->sin_port
5585 || satosin(&spidx1->src)->sin_port > satosin(&spidx0->src_range.end)->sin_port))
5586 return 0;
5587 else if (satosin(&spidx0->src)->sin_port != IPSEC_PORT_ANY
5588 && satosin(&spidx0->src)->sin_port !=
5589 satosin(&spidx1->src)->sin_port)
5590 return 0;
5591 break;
5592 case AF_INET6:
5593 if (spidx0_src_is_range &&
5594 (satosin6(&spidx1->src)->sin6_port < satosin6(&spidx0->src_range.start)->sin6_port
5595 || satosin6(&spidx1->src)->sin6_port > satosin6(&spidx0->src_range.end)->sin6_port))
5596 return 0;
5597 else if (satosin6(&spidx0->src)->sin6_port != IPSEC_PORT_ANY
5598 && satosin6(&spidx0->src)->sin6_port !=
5599 satosin6(&spidx1->src)->sin6_port)
5600 return 0;
5601 break;
5602 default:
5603 break;
5604 }
5605 } else if (spidx0_src_is_range) {
5606 if (!key_is_addr_in_range(&spidx1->src, &spidx0->src_range))
5607 return 0;
5608 } else {
5609 switch (spidx0->src.ss_family) {
5610 case AF_INET:
5611 if (satosin(&spidx0->src)->sin_port != IPSEC_PORT_ANY
5612 && satosin(&spidx0->src)->sin_port !=
5613 satosin(&spidx1->src)->sin_port)
5614 return 0;
5615 if (!key_bbcmp((caddr_t)&satosin(&spidx0->src)->sin_addr,
5616 (caddr_t)&satosin(&spidx1->src)->sin_addr, spidx0->prefs))
5617 return 0;
5618 break;
5619 case AF_INET6:
5620 if (satosin6(&spidx0->src)->sin6_port != IPSEC_PORT_ANY
5621 && satosin6(&spidx0->src)->sin6_port !=
5622 satosin6(&spidx1->src)->sin6_port)
5623 return 0;
5624 /*
5625 * scope_id check. if sin6_scope_id is 0, we regard it
5626 * as a wildcard scope, which matches any scope zone ID.
5627 */
5628 if (satosin6(&spidx0->src)->sin6_scope_id &&
5629 satosin6(&spidx1->src)->sin6_scope_id &&
5630 satosin6(&spidx0->src)->sin6_scope_id !=
5631 satosin6(&spidx1->src)->sin6_scope_id)
5632 return 0;
5633 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->src)->sin6_addr,
5634 (caddr_t)&satosin6(&spidx1->src)->sin6_addr, spidx0->prefs))
5635 return 0;
5636 break;
5637 default:
5638 /* XXX */
5639 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.ss_len) != 0)
5640 return 0;
5641 break;
5642 }
5643 }
5644
5645 if (spidx0_dst_is_range) {
5646 if (!key_is_addr_in_range(&spidx1->dst, &spidx0->dst_range))
5647 return 0;
5648 } else {
5649 switch (spidx0->dst.ss_family) {
5650 case AF_INET:
5651 if (satosin(&spidx0->dst)->sin_port != IPSEC_PORT_ANY
5652 && satosin(&spidx0->dst)->sin_port !=
5653 satosin(&spidx1->dst)->sin_port)
5654 return 0;
5655 if (!key_bbcmp((caddr_t)&satosin(&spidx0->dst)->sin_addr,
5656 (caddr_t)&satosin(&spidx1->dst)->sin_addr, spidx0->prefd))
5657 return 0;
5658 break;
5659 case AF_INET6:
5660 if (satosin6(&spidx0->dst)->sin6_port != IPSEC_PORT_ANY
5661 && satosin6(&spidx0->dst)->sin6_port !=
5662 satosin6(&spidx1->dst)->sin6_port)
5663 return 0;
5664 /*
5665 * scope_id check. if sin6_scope_id is 0, we regard it
5666 * as a wildcard scope, which matches any scope zone ID.
5667 */
5668 if (satosin6(&spidx0->src)->sin6_scope_id &&
5669 satosin6(&spidx1->src)->sin6_scope_id &&
5670 satosin6(&spidx0->dst)->sin6_scope_id !=
5671 satosin6(&spidx1->dst)->sin6_scope_id)
5672 return 0;
5673 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->dst)->sin6_addr,
5674 (caddr_t)&satosin6(&spidx1->dst)->sin6_addr, spidx0->prefd))
5675 return 0;
5676 break;
5677 default:
5678 /* XXX */
5679 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.ss_len) != 0)
5680 return 0;
5681 break;
5682 }
5683 }
5684
5685 /* XXX Do we check other field ? e.g. flowinfo */
5686
5687 return 1;
5688 }
5689
5690 static int
5691 key_is_addr_in_range(struct sockaddr_storage *addr, struct secpolicyaddrrange *addr_range)
5692 {
5693 int cmp = 0;
5694
5695 if (addr == NULL || addr_range == NULL)
5696 return 0;
5697
5698 /* Must be greater than or equal to start */
5699 cmp = key_sockaddrcmp((struct sockaddr *)addr, (struct sockaddr *)&addr_range->start, 1);
5700 if (cmp != 0 && cmp != 1)
5701 return 0;
5702
5703 /* Must be less than or equal to end */
5704 cmp = key_sockaddrcmp((struct sockaddr *)addr, (struct sockaddr *)&addr_range->end, 1);
5705 if (cmp != 0 && cmp != -1)
5706 return 0;
5707
5708 return 1;
5709 }
5710
5711 /*
5712 Return values:
5713 -1: sa1 < sa2
5714 0: sa1 == sa2
5715 1: sa1 > sa2
5716 2: Not comparable or error
5717 */
5718 static int
5719 key_sockaddrcmp(
5720 struct sockaddr *sa1,
5721 struct sockaddr *sa2,
5722 int port)
5723 {
5724 int result = 0;
5725 int port_result = 0;
5726
5727 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
5728 return 2;
5729
5730 if (sa1->sa_len == 0)
5731 return 0;
5732
5733 switch (sa1->sa_family) {
5734 case AF_INET:
5735 if (sa1->sa_len != sizeof(struct sockaddr_in))
5736 return 2;
5737
5738 result = memcmp(&satosin(sa1)->sin_addr.s_addr, &satosin(sa2)->sin_addr.s_addr, sizeof(satosin(sa1)->sin_addr.s_addr));
5739
5740 if (port) {
5741 if (satosin(sa1)->sin_port < satosin(sa2)->sin_port) {
5742 port_result = -1;
5743 } else if (satosin(sa1)->sin_port > satosin(sa2)->sin_port) {
5744 port_result = 1;
5745 }
5746
5747 if (result == 0)
5748 result = port_result;
5749 else if ((result > 0 && port_result < 0) || (result < 0 && port_result > 0))
5750 return 2;
5751 }
5752
5753 break;
5754 case AF_INET6:
5755 if (sa1->sa_len != sizeof(struct sockaddr_in6))
5756 return 2; /*EINVAL*/
5757
5758 if (satosin6(sa1)->sin6_scope_id !=
5759 satosin6(sa2)->sin6_scope_id) {
5760 return 2;
5761 }
5762
5763 result = memcmp(&satosin6(sa1)->sin6_addr.s6_addr[0], &satosin6(sa2)->sin6_addr.s6_addr[0], sizeof(struct in6_addr));
5764
5765 if (port) {
5766 if (satosin6(sa1)->sin6_port < satosin6(sa2)->sin6_port) {
5767 port_result = -1;
5768 } else if (satosin6(sa1)->sin6_port > satosin6(sa2)->sin6_port) {
5769 port_result = 1;
5770 }
5771
5772 if (result == 0)
5773 result = port_result;
5774 else if ((result > 0 && port_result < 0) || (result < 0 && port_result > 0))
5775 return 2;
5776 }
5777
5778 break;
5779 default:
5780 result = memcmp(sa1, sa2, sa1->sa_len);
5781 break;
5782 }
5783
5784 if (result < 0) result = -1;
5785 else if (result > 0) result = 1;
5786
5787 return result;
5788 }
5789
5790 /*
5791 * compare two buffers with mask.
5792 * IN:
5793 * addr1: source
5794 * addr2: object
5795 * bits: Number of bits to compare
5796 * OUT:
5797 * 1 : equal
5798 * 0 : not equal
5799 */
5800 static int
5801 key_bbcmp(
5802 caddr_t p1,
5803 caddr_t p2,
5804 u_int bits)
5805 {
5806 u_int8_t mask;
5807
5808 /* XXX: This could be considerably faster if we compare a word
5809 * at a time, but it is complicated on LSB Endian machines */
5810
5811 /* Handle null pointers */
5812 if (p1 == NULL || p2 == NULL)
5813 return (p1 == p2);
5814
5815 while (bits >= 8) {
5816 if (*p1++ != *p2++)
5817 return 0;
5818 bits -= 8;
5819 }
5820
5821 if (bits > 0) {
5822 mask = ~((1<<(8-bits))-1);
5823 if ((*p1 & mask) != (*p2 & mask))
5824 return 0;
5825 }
5826 return 1; /* Match! */
5827 }
5828
5829 /*
5830 * time handler.
5831 * scanning SPD and SAD to check status for each entries,
5832 * and do to remove or to expire.
5833 * XXX: year 2038 problem may remain.
5834 */
5835 int key_timehandler_debug = 0;
5836 u_int32_t spd_count = 0, sah_count = 0, dead_sah_count = 0, empty_sah_count = 0, larval_sav_count = 0, mature_sav_count = 0, dying_sav_count = 0, dead_sav_count = 0;
5837 u_int64_t total_sav_count = 0;
5838 void
5839 key_timehandler(void)
5840 {
5841 u_int dir;
5842 struct timeval tv;
5843 struct secpolicy **spbuf = NULL, **spptr = NULL;
5844 struct secasvar **savexbuf = NULL, **savexptr = NULL;
5845 struct secasvar **savkabuf = NULL, **savkaptr = NULL;
5846 int spbufcount = 0, savbufcount = 0, spcount = 0, savexcount = 0, savkacount = 0, cnt;
5847 int stop_handler = 1; /* stop the timehandler */
5848
5849 microtime(&tv);
5850
5851 /* pre-allocate buffers before taking the lock */
5852 /* if allocation failures occur - portions of the processing will be skipped */
5853 if ((spbufcount = ipsec_policy_count) != 0) {
5854 spbufcount += 256;
5855 KMALLOC_WAIT(spbuf, struct secpolicy **, spbufcount * sizeof(struct secpolicy *));
5856 if (spbuf)
5857 spptr = spbuf;
5858 }
5859 if ((savbufcount = ipsec_sav_count) != 0) {
5860 savbufcount += 512;
5861 KMALLOC_WAIT(savexbuf, struct secasvar **, savbufcount * sizeof(struct secasvar *));
5862 if (savexbuf)
5863 savexptr = savexbuf;
5864 KMALLOC_WAIT(savkabuf, struct secasvar **, savbufcount * sizeof(struct secasvar *));
5865 if (savkabuf)
5866 savkaptr = savkabuf;
5867 }
5868 lck_mtx_lock(sadb_mutex);
5869 /* SPD */
5870 if (spbuf) {
5871
5872 struct secpolicy *sp, *nextsp;
5873
5874 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
5875 for (sp = LIST_FIRST(&sptree[dir]);
5876 sp != NULL;
5877 sp = nextsp) {
5878
5879 /* don't prevent timehandler from stopping for generate policy */
5880 if (sp->policy != IPSEC_POLICY_GENERATE)
5881 stop_handler = 0;
5882 spd_count++;
5883 nextsp = LIST_NEXT(sp, chain);
5884
5885 if (sp->state == IPSEC_SPSTATE_DEAD) {
5886 key_freesp(sp, KEY_SADB_LOCKED);
5887 continue;
5888 }
5889
5890 if (sp->lifetime == 0 && sp->validtime == 0)
5891 continue;
5892 if (spbuf && spcount < spbufcount) {
5893 /* the deletion will occur next time */
5894 if ((sp->lifetime
5895 && tv.tv_sec - sp->created > sp->lifetime)
5896 || (sp->validtime
5897 && tv.tv_sec - sp->lastused > sp->validtime)) {
5898 //key_spdexpire(sp);
5899 sp->state = IPSEC_SPSTATE_DEAD;
5900 sp->refcnt++;
5901 *spptr++ = sp;
5902 spcount++;
5903 }
5904 }
5905 }
5906 }
5907 }
5908
5909 /* SAD */
5910 {
5911 struct secashead *sah, *nextsah;
5912 struct secasvar *sav, *nextsav;
5913
5914 for (sah = LIST_FIRST(&sahtree);
5915 sah != NULL;
5916 sah = nextsah) {
5917
5918 sah_count++;
5919 nextsah = LIST_NEXT(sah, chain);
5920
5921 /* if sah has been dead, then delete it and process next sah. */
5922 if (sah->state == SADB_SASTATE_DEAD) {
5923 key_delsah(sah);
5924 dead_sah_count++;
5925 continue;
5926 }
5927
5928 if (LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]) == NULL &&
5929 LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]) == NULL &&
5930 LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]) == NULL &&
5931 LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]) == NULL) {
5932 key_delsah(sah);
5933 empty_sah_count++;
5934 continue;
5935 }
5936
5937 if (savbufcount == 0) {
5938 continue;
5939 }
5940
5941 stop_handler = 0;
5942
5943 /* if LARVAL entry doesn't become MATURE, delete it. */
5944 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]);
5945 sav != NULL;
5946 sav = nextsav) {
5947
5948 larval_sav_count++;
5949 total_sav_count++;
5950 nextsav = LIST_NEXT(sav, chain);
5951
5952 if (sav->lft_h != NULL) {
5953 /* If a hard lifetime is defined for the LARVAL SA, use it */
5954 if (sav->lft_h->sadb_lifetime_addtime != 0
5955 && tv.tv_sec - sav->created > sav->lft_h->sadb_lifetime_addtime) {
5956 if (sav->always_expire) {
5957 key_send_delete(sav);
5958 sav = NULL;
5959 } else {
5960 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
5961 key_freesav(sav, KEY_SADB_LOCKED);
5962 sav = NULL;
5963 }
5964 }
5965 } else {
5966 if (tv.tv_sec - sav->created > key_larval_lifetime) {
5967 key_freesav(sav, KEY_SADB_LOCKED);
5968 }
5969 }
5970 }
5971
5972 /*
5973 * If this is a NAT traversal SA with no activity,
5974 * we need to send a keep alive.
5975 *
5976 * Performed outside of the loop before so we will
5977 * only ever send one keepalive. The first SA on
5978 * the list is the one that will be used for sending
5979 * traffic, so this is the one we use for determining
5980 * when to send the keepalive.
5981 */
5982 if (savkabuf && savkacount < savbufcount) {
5983 sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]); //%%% should we check dying list if this is empty???
5984 if (sav && (natt_keepalive_interval || sav->natt_interval) &&
5985 (sav->flags & (SADB_X_EXT_NATT_KEEPALIVE | SADB_X_EXT_ESP_KEEPALIVE)) != 0) {
5986 sav->refcnt++;
5987 *savkaptr++ = sav;
5988 savkacount++;
5989 }
5990 }
5991
5992 /*
5993 * check MATURE entry to start to send expire message
5994 * whether or not.
5995 */
5996 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);
5997 sav != NULL;
5998 sav = nextsav) {
5999
6000 mature_sav_count++;
6001 total_sav_count++;
6002 nextsav = LIST_NEXT(sav, chain);
6003
6004 /* we don't need to check. */
6005 if (sav->lft_s == NULL)
6006 continue;
6007
6008 /* sanity check */
6009 if (sav->lft_c == NULL) {
6010 ipseclog((LOG_DEBUG,"key_timehandler: "
6011 "There is no CURRENT time, why?\n"));
6012 continue;
6013 }
6014
6015 /* check SOFT lifetime */
6016 if (sav->lft_s->sadb_lifetime_addtime != 0
6017 && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
6018 /*
6019 * If always_expire is set, expire. Otherwise,
6020 * if the SA has not been used, delete immediately.
6021 */
6022 if (sav->lft_c->sadb_lifetime_usetime == 0
6023 && sav->always_expire == 0) {
6024 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
6025 key_freesav(sav, KEY_SADB_LOCKED);
6026 sav = NULL;
6027 } else if (savexbuf && savexcount < savbufcount) {
6028 key_sa_chgstate(sav, SADB_SASTATE_DYING);
6029 sav->refcnt++;
6030 *savexptr++ = sav;
6031 savexcount++;
6032 }
6033 }
6034
6035 /* check SOFT lifetime by bytes */
6036 /*
6037 * XXX I don't know the way to delete this SA
6038 * when new SA is installed. Caution when it's
6039 * installed too big lifetime by time.
6040 */
6041 else if (savexbuf && savexcount < savbufcount
6042 && sav->lft_s->sadb_lifetime_bytes != 0
6043 && sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
6044
6045 /*
6046 * XXX If we keep to send expire
6047 * message in the status of
6048 * DYING. Do remove below code.
6049 */
6050 //key_expire(sav);
6051 key_sa_chgstate(sav, SADB_SASTATE_DYING);
6052 sav->refcnt++;
6053 *savexptr++ = sav;
6054 savexcount++;
6055 }
6056 }
6057
6058 /* check DYING entry to change status to DEAD. */
6059 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]);
6060 sav != NULL;
6061 sav = nextsav) {
6062
6063 dying_sav_count++;
6064 total_sav_count++;
6065 nextsav = LIST_NEXT(sav, chain);
6066
6067 /* we don't need to check. */
6068 if (sav->lft_h == NULL)
6069 continue;
6070
6071 /* sanity check */
6072 if (sav->lft_c == NULL) {
6073 ipseclog((LOG_DEBUG, "key_timehandler: "
6074 "There is no CURRENT time, why?\n"));
6075 continue;
6076 }
6077
6078 if (sav->lft_h->sadb_lifetime_addtime != 0
6079 && tv.tv_sec - sav->created > sav->lft_h->sadb_lifetime_addtime) {
6080 if (sav->always_expire) {
6081 key_send_delete(sav);
6082 sav = NULL;
6083 } else {
6084 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
6085 key_freesav(sav, KEY_SADB_LOCKED);
6086 sav = NULL;
6087 }
6088 }
6089 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
6090 else if (savbuf && savexcount < savbufcount
6091 && sav->lft_s != NULL
6092 && sav->lft_s->sadb_lifetime_addtime != 0
6093 && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
6094 /*
6095 * XXX: should be checked to be
6096 * installed the valid SA.
6097 */
6098
6099 /*
6100 * If there is no SA then sending
6101 * expire message.
6102 */
6103 //key_expire(sav);
6104 sav->refcnt++;
6105 *savexptr++ = sav;
6106 savexcount++;
6107 }
6108 #endif
6109 /* check HARD lifetime by bytes */
6110 else if (sav->lft_h->sadb_lifetime_bytes != 0
6111 && sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
6112 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
6113 key_freesav(sav, KEY_SADB_LOCKED);
6114 sav = NULL;
6115 }
6116 }
6117
6118 /* delete entry in DEAD */
6119 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]);
6120 sav != NULL;
6121 sav = nextsav) {
6122
6123 dead_sav_count++;
6124 total_sav_count++;
6125 nextsav = LIST_NEXT(sav, chain);
6126
6127 /* sanity check */
6128 if (sav->state != SADB_SASTATE_DEAD) {
6129 ipseclog((LOG_DEBUG, "key_timehandler: "
6130 "invalid sav->state "
6131 "(queue: %d SA: %d): "
6132 "kill it anyway\n",
6133 SADB_SASTATE_DEAD, sav->state));
6134 }
6135
6136 /*
6137 * do not call key_freesav() here.
6138 * sav should already be freed, and sav->refcnt
6139 * shows other references to sav
6140 * (such as from SPD).
6141 */
6142 }
6143 }
6144 }
6145
6146 if (++key_timehandler_debug >= 300) {
6147 if (key_debug_level) {
6148 printf("%s: total stats for %u calls\n", __FUNCTION__, key_timehandler_debug);
6149 printf("%s: walked %u SPDs\n", __FUNCTION__, spd_count);
6150 printf("%s: walked %llu SAs: LARVAL SAs %u, MATURE SAs %u, DYING SAs %u, DEAD SAs %u\n", __FUNCTION__,
6151 total_sav_count, larval_sav_count, mature_sav_count, dying_sav_count, dead_sav_count);
6152 printf("%s: walked %u SAHs: DEAD SAHs %u, EMPTY SAHs %u\n", __FUNCTION__,
6153 sah_count, dead_sah_count, empty_sah_count);
6154 if (sah_search_calls) {
6155 printf("%s: SAH search cost %d iters per call\n", __FUNCTION__,
6156 (sah_search_count/sah_search_calls));
6157 }
6158 }
6159 spd_count = 0;
6160 sah_count = 0;
6161 dead_sah_count = 0;
6162 empty_sah_count = 0;
6163 larval_sav_count = 0;
6164 mature_sav_count = 0;
6165 dying_sav_count = 0;
6166 dead_sav_count = 0;
6167 total_sav_count = 0;
6168 sah_search_count = 0;
6169 sah_search_calls = 0;
6170 key_timehandler_debug = 0;
6171 }
6172 #ifndef IPSEC_NONBLOCK_ACQUIRE
6173 /* ACQ tree */
6174 {
6175 struct secacq *acq, *nextacq;
6176
6177 for (acq = LIST_FIRST(&acqtree);
6178 acq != NULL;
6179 acq = nextacq) {
6180
6181 stop_handler = 0;
6182 nextacq = LIST_NEXT(acq, chain);
6183
6184 if (tv.tv_sec - acq->created > key_blockacq_lifetime
6185 && __LIST_CHAINED(acq)) {
6186 LIST_REMOVE(acq, chain);
6187 KFREE(acq);
6188 }
6189 }
6190 }
6191 #endif
6192
6193 /* SP ACQ tree */
6194 {
6195 struct secspacq *acq, *nextacq;
6196
6197 for (acq = LIST_FIRST(&spacqtree);
6198 acq != NULL;
6199 acq = nextacq) {
6200
6201 stop_handler = 0;
6202 nextacq = LIST_NEXT(acq, chain);
6203
6204 if (tv.tv_sec - acq->created > key_blockacq_lifetime
6205 && __LIST_CHAINED(acq)) {
6206 LIST_REMOVE(acq, chain);
6207 KFREE(acq);
6208 }
6209 }
6210 }
6211
6212 /* initialize random seed */
6213 if (key_tick_init_random++ > key_int_random) {
6214 key_tick_init_random = 0;
6215 key_srandom();
6216 }
6217
6218 natt_now++;
6219
6220 lck_mtx_unlock(sadb_mutex);
6221
6222 /* send messages outside of sadb_mutex */
6223 if (spbuf && spcount > 0) {
6224 cnt = spcount;
6225 while (cnt--)
6226 key_spdexpire(*(--spptr));
6227 }
6228 if (savkabuf && savkacount > 0) {
6229 struct secasvar **savkaptr_sav = savkaptr;
6230 int cnt_send = savkacount;
6231
6232 while (cnt_send--) {
6233 if (ipsec_send_natt_keepalive(*(--savkaptr))) {
6234 // <rdar://6768487> iterate (all over again) and update timestamps
6235 struct secasvar **savkaptr_update = savkaptr_sav;
6236 int cnt_update = savkacount;
6237 while (cnt_update--) {
6238 key_update_natt_keepalive_timestamp(*savkaptr,
6239 *(--savkaptr_update));
6240 }
6241 }
6242 }
6243 }
6244 if (savexbuf && savexcount > 0) {
6245 cnt = savexcount;
6246 while (cnt--)
6247 key_expire(*(--savexptr));
6248 }
6249
6250 /* decrement ref counts and free buffers */
6251 lck_mtx_lock(sadb_mutex);
6252 if (spbuf) {
6253 while (spcount--)
6254 key_freesp(*spptr++, KEY_SADB_LOCKED);
6255 KFREE(spbuf);
6256 }
6257 if (savkabuf) {
6258 while (savkacount--)
6259 key_freesav(*savkaptr++, KEY_SADB_LOCKED);
6260 KFREE(savkabuf);
6261 }
6262 if (savexbuf) {
6263 while (savexcount--)
6264 key_freesav(*savexptr++, KEY_SADB_LOCKED);
6265 KFREE(savexbuf);
6266 }
6267
6268 if (stop_handler) {
6269 key_timehandler_running = 0;
6270 /* Turn on the ipsec bypass */
6271 ipsec_bypass = 1;
6272 } else {
6273 /* do exchange to tick time !! */
6274 (void)timeout((void *)key_timehandler, (void *)0, hz);
6275 }
6276
6277 lck_mtx_unlock(sadb_mutex);
6278 return;
6279 }
6280
6281 /*
6282 * to initialize a seed for random()
6283 */
6284 static void
6285 key_srandom(void)
6286 {
6287 #ifdef __APPLE__
6288 /* Our PRNG is based on Yarrow and doesn't need to be seeded */
6289 random();
6290 #else
6291 struct timeval tv;
6292
6293 microtime(&tv);
6294
6295 srandom(tv.tv_usec);
6296 #endif
6297
6298 return;
6299 }
6300
6301 u_int32_t
6302 key_random(void)
6303 {
6304 u_int32_t value;
6305
6306 key_randomfill(&value, sizeof(value));
6307 return value;
6308 }
6309
6310 void
6311 key_randomfill(
6312 void *p,
6313 size_t l)
6314 {
6315 #ifdef __APPLE__
6316
6317 read_random(p, (u_int)l);
6318 #else
6319 size_t n;
6320 u_int32_t v;
6321 static int warn = 1;
6322
6323 n = 0;
6324 n = (size_t)read_random(p, (u_int)l);
6325 /* last resort */
6326 while (n < l) {
6327 v = random();
6328 bcopy(&v, (u_int8_t *)p + n,
6329 l - n < sizeof(v) ? l - n : sizeof(v));
6330 n += sizeof(v);
6331
6332 if (warn) {
6333 printf("WARNING: pseudo-random number generator "
6334 "used for IPsec processing\n");
6335 warn = 0;
6336 }
6337 }
6338 #endif
6339 }
6340
6341 /*
6342 * map SADB_SATYPE_* to IPPROTO_*.
6343 * if satype == SADB_SATYPE then satype is mapped to ~0.
6344 * OUT:
6345 * 0: invalid satype.
6346 */
6347 static u_int16_t
6348 key_satype2proto(
6349 u_int8_t satype)
6350 {
6351 switch (satype) {
6352 case SADB_SATYPE_UNSPEC:
6353 return IPSEC_PROTO_ANY;
6354 case SADB_SATYPE_AH:
6355 return IPPROTO_AH;
6356 case SADB_SATYPE_ESP:
6357 return IPPROTO_ESP;
6358 case SADB_X_SATYPE_IPCOMP:
6359 return IPPROTO_IPCOMP;
6360 break;
6361 default:
6362 return 0;
6363 }
6364 /* NOTREACHED */
6365 }
6366
6367 /*
6368 * map IPPROTO_* to SADB_SATYPE_*
6369 * OUT:
6370 * 0: invalid protocol type.
6371 */
6372 static u_int8_t
6373 key_proto2satype(
6374 u_int16_t proto)
6375 {
6376 switch (proto) {
6377 case IPPROTO_AH:
6378 return SADB_SATYPE_AH;
6379 case IPPROTO_ESP:
6380 return SADB_SATYPE_ESP;
6381 case IPPROTO_IPCOMP:
6382 return SADB_X_SATYPE_IPCOMP;
6383 break;
6384 default:
6385 return 0;
6386 }
6387 /* NOTREACHED */
6388 }
6389
6390 static ifnet_t
6391 key_get_ipsec_if_from_message (const struct sadb_msghdr *mhp, int message_type)
6392 {
6393 struct sadb_x_ipsecif *ipsecifopts = NULL;
6394 ifnet_t ipsec_if = NULL;
6395
6396 ipsecifopts = (struct sadb_x_ipsecif *)(void *)mhp->ext[message_type];
6397 if (ipsecifopts != NULL) {
6398 if (ipsecifopts->sadb_x_ipsecif_ipsec_if[0]) {
6399 ifnet_find_by_name(ipsecifopts->sadb_x_ipsecif_ipsec_if, &ipsec_if);
6400 }
6401 }
6402
6403 return ipsec_if;
6404 }
6405
6406 static u_int
6407 key_get_outgoing_ifindex_from_message (const struct sadb_msghdr *mhp, int message_type)
6408 {
6409 struct sadb_x_ipsecif *ipsecifopts = NULL;
6410 ifnet_t outgoing_if = NULL;
6411
6412 ipsecifopts = (struct sadb_x_ipsecif *)(void *)mhp->ext[message_type];
6413 if (ipsecifopts != NULL) {
6414 if (ipsecifopts->sadb_x_ipsecif_outgoing_if[0]) {
6415 ifnet_find_by_name(ipsecifopts->sadb_x_ipsecif_outgoing_if, &outgoing_if);
6416 }
6417 }
6418
6419 return outgoing_if ? outgoing_if->if_index : 0;
6420 }
6421
6422 /* %%% PF_KEY */
6423 /*
6424 * SADB_GETSPI processing is to receive
6425 * <base, (SA2), src address, dst address, (SPI range)>
6426 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
6427 * tree with the status of LARVAL, and send
6428 * <base, SA(*), address(SD)>
6429 * to the IKMPd.
6430 *
6431 * IN: mhp: pointer to the pointer to each header.
6432 * OUT: NULL if fail.
6433 * other if success, return pointer to the message to send.
6434 */
6435 static int
6436 key_getspi(
6437 struct socket *so,
6438 struct mbuf *m,
6439 const struct sadb_msghdr *mhp)
6440 {
6441 struct sadb_address *src0, *dst0;
6442 struct secasindex saidx;
6443 struct secashead *newsah;
6444 struct secasvar *newsav;
6445 ifnet_t ipsec_if = NULL;
6446 u_int8_t proto;
6447 u_int32_t spi;
6448 u_int8_t mode;
6449 u_int32_t reqid;
6450 int error;
6451
6452 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
6453
6454 /* sanity check */
6455 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6456 panic("key_getspi: NULL pointer is passed.\n");
6457
6458 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
6459 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
6460 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
6461 return key_senderror(so, m, EINVAL);
6462 }
6463 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
6464 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
6465 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
6466 return key_senderror(so, m, EINVAL);
6467 }
6468 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
6469 mode = ((struct sadb_x_sa2 *)
6470 (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
6471 reqid = ((struct sadb_x_sa2 *)
6472 (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
6473 } else {
6474 mode = IPSEC_MODE_ANY;
6475 reqid = 0;
6476 }
6477
6478 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
6479 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
6480
6481 ipsec_if = key_get_ipsec_if_from_message(mhp, SADB_X_EXT_IPSECIF);
6482
6483 /* map satype to proto */
6484 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6485 ipseclog((LOG_DEBUG, "key_getspi: invalid satype is passed.\n"));
6486 return key_senderror(so, m, EINVAL);
6487 }
6488
6489 /* make sure if port number is zero. */
6490 switch (((struct sockaddr *)(src0 + 1))->sa_family) {
6491 case AF_INET:
6492 if (((struct sockaddr *)(src0 + 1))->sa_len !=
6493 sizeof(struct sockaddr_in))
6494 return key_senderror(so, m, EINVAL);
6495 ((struct sockaddr_in *)(void *)(src0 + 1))->sin_port = 0;
6496 break;
6497 case AF_INET6:
6498 if (((struct sockaddr *)(src0 + 1))->sa_len !=
6499 sizeof(struct sockaddr_in6))
6500 return key_senderror(so, m, EINVAL);
6501 ((struct sockaddr_in6 *)(void *)(src0 + 1))->sin6_port = 0;
6502 break;
6503 default:
6504 ; /*???*/
6505 }
6506 switch (((struct sockaddr *)(dst0 + 1))->sa_family) {
6507 case AF_INET:
6508 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
6509 sizeof(struct sockaddr_in))
6510 return key_senderror(so, m, EINVAL);
6511 ((struct sockaddr_in *)(void *)(dst0 + 1))->sin_port = 0;
6512 break;
6513 case AF_INET6:
6514 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
6515 sizeof(struct sockaddr_in6))
6516 return key_senderror(so, m, EINVAL);
6517 ((struct sockaddr_in6 *)(void *)(dst0 + 1))->sin6_port = 0;
6518 break;
6519 default:
6520 ; /*???*/
6521 }
6522
6523 /* XXX boundary check against sa_len */
6524 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
6525
6526 lck_mtx_lock(sadb_mutex);
6527
6528 /* SPI allocation */
6529 spi = key_do_getnewspi((struct sadb_spirange *)
6530 (void *)mhp->ext[SADB_EXT_SPIRANGE], &saidx);
6531 if (spi == 0) {
6532 lck_mtx_unlock(sadb_mutex);
6533 return key_senderror(so, m, EINVAL);
6534 }
6535
6536 /* get a SA index */
6537 if ((newsah = key_getsah(&saidx)) == NULL) {
6538 /* create a new SA index: key_addspi is always used for inbound spi */
6539 if ((newsah = key_newsah(&saidx, ipsec_if, key_get_outgoing_ifindex_from_message(mhp, SADB_X_EXT_IPSECIF), IPSEC_DIR_INBOUND)) == NULL) {
6540 lck_mtx_unlock(sadb_mutex);
6541 ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n"));
6542 return key_senderror(so, m, ENOBUFS);
6543 }
6544 }
6545
6546 /* get a new SA */
6547 /* XXX rewrite */
6548 newsav = key_newsav(m, mhp, newsah, &error, so);
6549 if (newsav == NULL) {
6550 /* XXX don't free new SA index allocated in above. */
6551 lck_mtx_unlock(sadb_mutex);
6552 return key_senderror(so, m, error);
6553 }
6554
6555 /* set spi */
6556 key_setspi(newsav, htonl(spi));
6557
6558 #ifndef IPSEC_NONBLOCK_ACQUIRE
6559 /* delete the entry in acqtree */
6560 if (mhp->msg->sadb_msg_seq != 0) {
6561 struct secacq *acq;
6562 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
6563 /* reset counter in order to deletion by timehandler. */
6564 struct timeval tv;
6565 microtime(&tv);
6566 acq->created = tv.tv_sec;
6567 acq->count = 0;
6568 }
6569 }
6570 #endif
6571
6572 lck_mtx_unlock(sadb_mutex);
6573
6574 {
6575 struct mbuf *n, *nn;
6576 struct sadb_sa *m_sa;
6577 struct sadb_msg *newmsg;
6578 int off, len;
6579
6580 /* create new sadb_msg to reply. */
6581 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
6582 PFKEY_ALIGN8(sizeof(struct sadb_sa));
6583 if (len > MCLBYTES)
6584 return key_senderror(so, m, ENOBUFS);
6585
6586 MGETHDR(n, M_WAITOK, MT_DATA);
6587 if (n && len > MHLEN) {
6588 MCLGET(n, M_WAITOK);
6589 if ((n->m_flags & M_EXT) == 0) {
6590 m_freem(n);
6591 n = NULL;
6592 }
6593 }
6594 if (!n)
6595 return key_senderror(so, m, ENOBUFS);
6596
6597 n->m_len = len;
6598 n->m_next = NULL;
6599 off = 0;
6600
6601 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
6602 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
6603
6604 m_sa = (struct sadb_sa *)(void *)(mtod(n, caddr_t) + off);
6605 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
6606 m_sa->sadb_sa_exttype = SADB_EXT_SA;
6607 m_sa->sadb_sa_spi = htonl(spi);
6608 off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
6609
6610 #if DIAGNOSTIC
6611 if (off != len)
6612 panic("length inconsistency in key_getspi");
6613 #endif
6614 {
6615 int mbufItems[] = {SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST};
6616 n->m_next = key_gather_mbuf(m, mhp, 0, sizeof(mbufItems)/sizeof(int), mbufItems);
6617 if (!n->m_next) {
6618 m_freem(n);
6619 return key_senderror(so, m, ENOBUFS);
6620 }
6621 }
6622
6623 if (n->m_len < sizeof(struct sadb_msg)) {
6624 n = m_pullup(n, sizeof(struct sadb_msg));
6625 if (n == NULL)
6626 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
6627 }
6628
6629 n->m_pkthdr.len = 0;
6630 for (nn = n; nn; nn = nn->m_next)
6631 n->m_pkthdr.len += nn->m_len;
6632
6633 newmsg = mtod(n, struct sadb_msg *);
6634 newmsg->sadb_msg_seq = newsav->seq;
6635 newmsg->sadb_msg_errno = 0;
6636 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
6637
6638 m_freem(m);
6639 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
6640 }
6641 }
6642
6643 u_int32_t
6644 key_getspi2(struct sockaddr *src,
6645 struct sockaddr *dst,
6646 u_int8_t proto,
6647 u_int8_t mode,
6648 u_int32_t reqid,
6649 struct sadb_spirange *spirange)
6650 {
6651 u_int32_t spi;
6652 struct secasindex saidx;
6653
6654 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
6655
6656 /* XXX boundary check against sa_len */
6657 KEY_SETSECASIDX(proto, mode, reqid, src, dst, 0, &saidx);
6658
6659 /* make sure if port number is zero. */
6660 switch (((struct sockaddr *)&saidx.src)->sa_family) {
6661 case AF_INET:
6662 if (((struct sockaddr *)&saidx.src)->sa_len != sizeof(struct sockaddr_in))
6663 return 0;
6664 ((struct sockaddr_in *)&saidx.src)->sin_port = 0;
6665 break;
6666 case AF_INET6:
6667 if (((struct sockaddr *)&saidx.src)->sa_len != sizeof(struct sockaddr_in6))
6668 return 0;
6669 ((struct sockaddr_in6 *)&saidx.src)->sin6_port = 0;
6670 break;
6671 default:
6672 ; /*???*/
6673 }
6674 switch (((struct sockaddr *)&saidx.dst)->sa_family) {
6675 case AF_INET:
6676 if (((struct sockaddr *)&saidx.dst)->sa_len != sizeof(struct sockaddr_in))
6677 return 0;
6678 ((struct sockaddr_in *)&saidx.dst)->sin_port = 0;
6679 break;
6680 case AF_INET6:
6681 if (((struct sockaddr *)&saidx.dst)->sa_len != sizeof(struct sockaddr_in6))
6682 return 0;
6683 ((struct sockaddr_in6 *)&saidx.dst)->sin6_port = 0;
6684 break;
6685 default:
6686 ; /*???*/
6687 }
6688
6689 lck_mtx_lock(sadb_mutex);
6690
6691 /* SPI allocation */
6692 spi = key_do_getnewspi(spirange, &saidx);
6693
6694 lck_mtx_unlock(sadb_mutex);
6695
6696 return spi;
6697 }
6698
6699 /*
6700 * allocating new SPI
6701 * called by key_getspi() and key_getspi2().
6702 * OUT:
6703 * 0: failure.
6704 * others: success.
6705 */
6706 static u_int32_t
6707 key_do_getnewspi(
6708 struct sadb_spirange *spirange,
6709 struct secasindex *saidx)
6710 {
6711 u_int32_t newspi;
6712 u_int32_t keymin, keymax;
6713 int count = key_spi_trycnt;
6714
6715 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
6716
6717 /* set spi range to allocate */
6718 if (spirange != NULL) {
6719 keymin = spirange->sadb_spirange_min;
6720 keymax = spirange->sadb_spirange_max;
6721 } else {
6722 keymin = key_spi_minval;
6723 keymax = key_spi_maxval;
6724 }
6725 /* IPCOMP needs 2-byte SPI */
6726 if (saidx->proto == IPPROTO_IPCOMP) {
6727 u_int32_t t;
6728 if (keymin >= 0x10000)
6729 keymin = 0xffff;
6730 if (keymax >= 0x10000)
6731 keymax = 0xffff;
6732 if (keymin > keymax) {
6733 t = keymin; keymin = keymax; keymax = t;
6734 }
6735 }
6736
6737 if (keymin == keymax) {
6738 if (key_checkspidup(saidx, keymin) != NULL) {
6739 ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", keymin));
6740 return 0;
6741 }
6742
6743 count--; /* taking one cost. */
6744 newspi = keymin;
6745
6746 } else {
6747
6748 u_int32_t range = keymax - keymin + 1; /* overflow value of zero means full range */
6749
6750 /* init SPI */
6751 newspi = 0;
6752
6753 /* when requesting to allocate spi ranged */
6754 while (count--) {
6755 u_int32_t rand_val = key_random();
6756
6757 /* generate pseudo-random SPI value ranged. */
6758 newspi = (range == 0 ? rand_val : keymin + (rand_val % range));
6759
6760 if (key_checkspidup(saidx, newspi) == NULL)
6761 break;
6762 }
6763
6764 if (count == 0 || newspi == 0) {
6765 ipseclog((LOG_DEBUG, "key_do_getnewspi: to allocate spi is failed.\n"));
6766 return 0;
6767 }
6768 }
6769
6770 /* statistics */
6771 keystat.getspi_count =
6772 (keystat.getspi_count + key_spi_trycnt - count) / 2;
6773
6774 return newspi;
6775 }
6776
6777 /*
6778 * SADB_UPDATE processing
6779 * receive
6780 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
6781 * key(AE), (identity(SD),) (sensitivity)>
6782 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
6783 * and send
6784 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
6785 * (identity(SD),) (sensitivity)>
6786 * to the ikmpd.
6787 *
6788 * m will always be freed.
6789 */
6790 static int
6791 key_update(
6792 struct socket *so,
6793 struct mbuf *m,
6794 const struct sadb_msghdr *mhp)
6795 {
6796 struct sadb_sa *sa0;
6797 struct sadb_address *src0, *dst0;
6798 ifnet_t ipsec_if = NULL;
6799 struct secasindex saidx;
6800 struct secashead *sah;
6801 struct secasvar *sav;
6802 u_int16_t proto;
6803 u_int8_t mode;
6804 u_int32_t reqid;
6805 u_int16_t flags2;
6806 int error;
6807
6808 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
6809
6810 /* sanity check */
6811 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6812 panic("key_update: NULL pointer is passed.\n");
6813
6814 /* map satype to proto */
6815 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6816 ipseclog((LOG_DEBUG, "key_update: invalid satype is passed.\n"));
6817 return key_senderror(so, m, EINVAL);
6818 }
6819
6820 if (mhp->ext[SADB_EXT_SA] == NULL ||
6821 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
6822 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
6823 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
6824 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
6825 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
6826 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
6827 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
6828 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
6829 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
6830 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
6831 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
6832 return key_senderror(so, m, EINVAL);
6833 }
6834 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
6835 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
6836 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
6837 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
6838 return key_senderror(so, m, EINVAL);
6839 }
6840 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
6841 mode = ((struct sadb_x_sa2 *)
6842 (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
6843 reqid = ((struct sadb_x_sa2 *)
6844 (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
6845 flags2 = ((struct sadb_x_sa2 *)(void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_flags;
6846 } else {
6847 mode = IPSEC_MODE_ANY;
6848 reqid = 0;
6849 flags2 = 0;
6850 }
6851 /* XXX boundary checking for other extensions */
6852
6853 sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
6854 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
6855 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
6856 ipsec_if = key_get_ipsec_if_from_message(mhp, SADB_X_EXT_IPSECIF);
6857
6858 /* XXX boundary check against sa_len */
6859 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
6860
6861 lck_mtx_lock(sadb_mutex);
6862
6863 /* get a SA header */
6864 if ((sah = key_getsah(&saidx)) == NULL) {
6865 lck_mtx_unlock(sadb_mutex);
6866 ipseclog((LOG_DEBUG, "key_update: no SA index found.\n"));
6867 return key_senderror(so, m, ENOENT);
6868 }
6869
6870 /* set spidx if there */
6871 /* XXX rewrite */
6872 error = key_setident(sah, m, mhp);
6873 if (error) {
6874 lck_mtx_unlock(sadb_mutex);
6875 return key_senderror(so, m, error);
6876 }
6877
6878 /* find a SA with sequence number. */
6879 #if IPSEC_DOSEQCHECK
6880 if (mhp->msg->sadb_msg_seq != 0
6881 && (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
6882 lck_mtx_unlock(sadb_mutex);
6883 ipseclog((LOG_DEBUG,
6884 "key_update: no larval SA with sequence %u exists.\n",
6885 mhp->msg->sadb_msg_seq));
6886 return key_senderror(so, m, ENOENT);
6887 }
6888 #else
6889 if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) {
6890 lck_mtx_unlock(sadb_mutex);
6891 ipseclog((LOG_DEBUG,
6892 "key_update: no such a SA found (spi:%u)\n",
6893 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
6894 return key_senderror(so, m, EINVAL);
6895 }
6896 #endif
6897
6898 /* validity check */
6899 if (sav->sah->saidx.proto != proto) {
6900 lck_mtx_unlock(sadb_mutex);
6901 ipseclog((LOG_DEBUG,
6902 "key_update: protocol mismatched (DB=%u param=%u)\n",
6903 sav->sah->saidx.proto, proto));
6904 return key_senderror(so, m, EINVAL);
6905 }
6906 #if IPSEC_DOSEQCHECK
6907 if (sav->spi != sa0->sadb_sa_spi) {
6908 lck_mtx_unlock(sadb_mutex);
6909 ipseclog((LOG_DEBUG,
6910 "key_update: SPI mismatched (DB:%u param:%u)\n",
6911 (u_int32_t)ntohl(sav->spi),
6912 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
6913 return key_senderror(so, m, EINVAL);
6914 }
6915 #endif
6916 if (sav->pid != mhp->msg->sadb_msg_pid) {
6917 lck_mtx_unlock(sadb_mutex);
6918 ipseclog((LOG_DEBUG,
6919 "key_update: pid mismatched (DB:%u param:%u)\n",
6920 sav->pid, mhp->msg->sadb_msg_pid));
6921 return key_senderror(so, m, EINVAL);
6922 }
6923
6924 /* copy sav values */
6925 error = key_setsaval(sav, m, mhp);
6926 if (error) {
6927 key_freesav(sav, KEY_SADB_LOCKED);
6928 lck_mtx_unlock(sadb_mutex);
6929 return key_senderror(so, m, error);
6930 }
6931
6932 sav->flags2 = flags2;
6933 if (flags2 & SADB_X_EXT_SA2_DELETE_ON_DETACH) {
6934 sav->so = so;
6935 }
6936
6937 /*
6938 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
6939 * this SA is for transport mode - otherwise clear it.
6940 */
6941 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0 &&
6942 (sav->sah->saidx.mode != IPSEC_MODE_TRANSPORT ||
6943 sav->sah->saidx.src.ss_family != AF_INET))
6944 sav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
6945
6946 /* check SA values to be mature. */
6947 if ((error = key_mature(sav)) != 0) {
6948 key_freesav(sav, KEY_SADB_LOCKED);
6949 lck_mtx_unlock(sadb_mutex);
6950 return key_senderror(so, m, error);
6951 }
6952
6953 lck_mtx_unlock(sadb_mutex);
6954
6955 {
6956 struct mbuf *n;
6957
6958 /* set msg buf from mhp */
6959 n = key_getmsgbuf_x1(m, mhp);
6960 if (n == NULL) {
6961 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
6962 return key_senderror(so, m, ENOBUFS);
6963 }
6964
6965 m_freem(m);
6966 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
6967 }
6968 }
6969
6970 static int
6971 key_migrate(struct socket *so,
6972 struct mbuf *m,
6973 const struct sadb_msghdr *mhp)
6974 {
6975 struct sadb_sa *sa0 = NULL;
6976 struct sadb_address *src0 = NULL;
6977 struct sadb_address *dst0 = NULL;
6978 struct sadb_address *src1 = NULL;
6979 struct sadb_address *dst1 = NULL;
6980 ifnet_t ipsec_if0 = NULL;
6981 ifnet_t ipsec_if1 = NULL;
6982 struct secasindex saidx0;
6983 struct secasindex saidx1;
6984 struct secashead *sah = NULL;
6985 struct secashead *newsah = NULL;
6986 struct secasvar *sav = NULL;
6987 u_int16_t proto;
6988
6989 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
6990
6991 /* sanity check */
6992 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6993 panic("key_migrate: NULL pointer is passed.\n");
6994
6995 /* map satype to proto */
6996 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6997 ipseclog((LOG_DEBUG, "key_migrate: invalid satype is passed.\n"));
6998 return key_senderror(so, m, EINVAL);
6999 }
7000
7001 if (mhp->ext[SADB_EXT_SA] == NULL ||
7002 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
7003 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
7004 mhp->ext[SADB_EXT_MIGRATE_ADDRESS_SRC] == NULL ||
7005 mhp->ext[SADB_EXT_MIGRATE_ADDRESS_DST] == NULL) {
7006 ipseclog((LOG_DEBUG, "key_migrate: invalid message is passed.\n"));
7007 return key_senderror(so, m, EINVAL);
7008 }
7009
7010 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
7011 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
7012 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
7013 mhp->extlen[SADB_EXT_MIGRATE_ADDRESS_SRC] < sizeof(struct sadb_address) ||
7014 mhp->extlen[SADB_EXT_MIGRATE_ADDRESS_DST] < sizeof(struct sadb_address)) {
7015 ipseclog((LOG_DEBUG, "key_migrate: invalid message is passed.\n"));
7016 return key_senderror(so, m, EINVAL);
7017 }
7018
7019 lck_mtx_lock(sadb_mutex);
7020
7021 sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
7022 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
7023 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
7024 src1 = (struct sadb_address *)(mhp->ext[SADB_EXT_MIGRATE_ADDRESS_SRC]);
7025 dst1 = (struct sadb_address *)(mhp->ext[SADB_EXT_MIGRATE_ADDRESS_DST]);
7026 ipsec_if0 = key_get_ipsec_if_from_message(mhp, SADB_X_EXT_IPSECIF);
7027 ipsec_if1 = key_get_ipsec_if_from_message(mhp, SADB_X_EXT_MIGRATE_IPSECIF);
7028
7029 /* Find existing SAH and SAV */
7030 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, ipsec_if0 ? ipsec_if0->if_index : 0, &saidx0);
7031
7032 LIST_FOREACH(sah, &sahtree, chain) {
7033 if (sah->state != SADB_SASTATE_MATURE)
7034 continue;
7035 if (key_cmpsaidx(&sah->saidx, &saidx0, CMP_HEAD) == 0)
7036 continue;
7037
7038 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
7039 if (sav && sav->state == SADB_SASTATE_MATURE)
7040 break;
7041 }
7042 if (sah == NULL) {
7043 lck_mtx_unlock(sadb_mutex);
7044 ipseclog((LOG_DEBUG, "key_migrate: no mature SAH found.\n"));
7045 return key_senderror(so, m, ENOENT);
7046 }
7047
7048 if (sav == NULL) {
7049 lck_mtx_unlock(sadb_mutex);
7050 ipseclog((LOG_DEBUG, "key_migrate: no SA found.\n"));
7051 return key_senderror(so, m, ENOENT);
7052 }
7053
7054 /* Find or create new SAH */
7055 KEY_SETSECASIDX(proto, sah->saidx.mode, sah->saidx.reqid, src1 + 1, dst1 + 1, ipsec_if1 ? ipsec_if1->if_index : 0, &saidx1);
7056
7057 if ((newsah = key_getsah(&saidx1)) == NULL) {
7058 if ((newsah = key_newsah(&saidx1, ipsec_if1, key_get_outgoing_ifindex_from_message(mhp, SADB_X_EXT_MIGRATE_IPSECIF), sah->dir)) == NULL) {
7059 lck_mtx_unlock(sadb_mutex);
7060 ipseclog((LOG_DEBUG, "key_migrate: No more memory.\n"));
7061 return key_senderror(so, m, ENOBUFS);
7062 }
7063 }
7064
7065 /* Migrate SAV in to new SAH */
7066 if (key_migratesav(sav, newsah) != 0) {
7067 lck_mtx_unlock(sadb_mutex);
7068 ipseclog((LOG_DEBUG, "key_migrate: Failed to migrate SA to new SAH.\n"));
7069 return key_senderror(so, m, EINVAL);
7070 }
7071
7072 /* Reset NAT values */
7073 sav->flags = sa0->sadb_sa_flags;
7074 sav->remote_ike_port = ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_port;
7075 sav->natt_interval = ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_interval;
7076 sav->natt_offload_interval = ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_offload_interval;
7077 sav->natt_last_activity = natt_now;
7078
7079 /*
7080 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
7081 * SADB_X_EXT_NATT is set and SADB_X_EXT_NATT_KEEPALIVE is not
7082 * set (we're not behind nat) - otherwise clear it.
7083 */
7084 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
7085 if ((sav->flags & SADB_X_EXT_NATT) == 0 ||
7086 (sav->flags & SADB_X_EXT_NATT_KEEPALIVE) != 0)
7087 sav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
7088
7089 lck_mtx_unlock(sadb_mutex);
7090 {
7091 struct mbuf *n;
7092 struct sadb_msg *newmsg;
7093 int mbufItems[] = {SADB_EXT_RESERVED, SADB_EXT_SA,
7094 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, SADB_X_EXT_IPSECIF,
7095 SADB_EXT_MIGRATE_ADDRESS_SRC, SADB_EXT_MIGRATE_ADDRESS_DST, SADB_X_EXT_MIGRATE_IPSECIF};
7096
7097 /* create new sadb_msg to reply. */
7098 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
7099 if (!n)
7100 return key_senderror(so, m, ENOBUFS);
7101
7102 if (n->m_len < sizeof(struct sadb_msg)) {
7103 n = m_pullup(n, sizeof(struct sadb_msg));
7104 if (n == NULL)
7105 return key_senderror(so, m, ENOBUFS);
7106 }
7107 newmsg = mtod(n, struct sadb_msg *);
7108 newmsg->sadb_msg_errno = 0;
7109 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
7110
7111 m_freem(m);
7112 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
7113 }
7114 }
7115
7116 /*
7117 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
7118 * only called by key_update().
7119 * OUT:
7120 * NULL : not found
7121 * others : found, pointer to a SA.
7122 */
7123 #if IPSEC_DOSEQCHECK
7124 static struct secasvar *
7125 key_getsavbyseq(
7126 struct secashead *sah,
7127 u_int32_t seq)
7128 {
7129 struct secasvar *sav;
7130 u_int state;
7131
7132 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
7133
7134 state = SADB_SASTATE_LARVAL;
7135
7136 /* search SAD with sequence number ? */
7137 LIST_FOREACH(sav, &sah->savtree[state], chain) {
7138
7139 KEY_CHKSASTATE(state, sav->state, "key_getsabyseq");
7140
7141 if (sav->seq == seq) {
7142 sav->refcnt++;
7143 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
7144 printf("DP key_getsavbyseq cause "
7145 "refcnt++:%d SA:0x%llx\n", sav->refcnt,
7146 (uint64_t)VM_KERNEL_ADDRPERM(sav)));
7147 return sav;
7148 }
7149 }
7150
7151 return NULL;
7152 }
7153 #endif
7154
7155 /*
7156 * SADB_ADD processing
7157 * add a entry to SA database, when received
7158 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
7159 * key(AE), (identity(SD),) (sensitivity)>
7160 * from the ikmpd,
7161 * and send
7162 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
7163 * (identity(SD),) (sensitivity)>
7164 * to the ikmpd.
7165 *
7166 * IGNORE identity and sensitivity messages.
7167 *
7168 * m will always be freed.
7169 */
7170 static int
7171 key_add(
7172 struct socket *so,
7173 struct mbuf *m,
7174 const struct sadb_msghdr *mhp)
7175 {
7176 struct sadb_sa *sa0;
7177 struct sadb_address *src0, *dst0;
7178 ifnet_t ipsec_if = NULL;
7179 struct secasindex saidx;
7180 struct secashead *newsah;
7181 struct secasvar *newsav;
7182 u_int16_t proto;
7183 u_int8_t mode;
7184 u_int32_t reqid;
7185 int error;
7186
7187 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
7188
7189 /* sanity check */
7190 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7191 panic("key_add: NULL pointer is passed.\n");
7192
7193 /* map satype to proto */
7194 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7195 ipseclog((LOG_DEBUG, "key_add: invalid satype is passed.\n"));
7196 bzero_keys(mhp);
7197 return key_senderror(so, m, EINVAL);
7198 }
7199
7200 if (mhp->ext[SADB_EXT_SA] == NULL ||
7201 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
7202 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
7203 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
7204 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
7205 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
7206 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
7207 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
7208 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
7209 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
7210 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
7211 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
7212 bzero_keys(mhp);
7213 return key_senderror(so, m, EINVAL);
7214 }
7215 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
7216 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
7217 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
7218 /* XXX need more */
7219 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
7220 bzero_keys(mhp);
7221 return key_senderror(so, m, EINVAL);
7222 }
7223 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
7224 mode = ((struct sadb_x_sa2 *)
7225 (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
7226 reqid = ((struct sadb_x_sa2 *)
7227 (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
7228 } else {
7229 mode = IPSEC_MODE_ANY;
7230 reqid = 0;
7231 }
7232
7233 sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
7234 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
7235 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
7236 ipsec_if = key_get_ipsec_if_from_message(mhp, SADB_X_EXT_IPSECIF);
7237
7238 /* XXX boundary check against sa_len */
7239 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
7240
7241 lck_mtx_lock(sadb_mutex);
7242
7243 /* get a SA header */
7244 if ((newsah = key_getsah(&saidx)) == NULL) {
7245 /* create a new SA header: key_addspi is always used for outbound spi */
7246 if ((newsah = key_newsah(&saidx, ipsec_if, key_get_outgoing_ifindex_from_message(mhp, SADB_X_EXT_IPSECIF), IPSEC_DIR_OUTBOUND)) == NULL) {
7247 lck_mtx_unlock(sadb_mutex);
7248 ipseclog((LOG_DEBUG, "key_add: No more memory.\n"));
7249 bzero_keys(mhp);
7250 return key_senderror(so, m, ENOBUFS);
7251 }
7252 }
7253
7254 /* set spidx if there */
7255 /* XXX rewrite */
7256 error = key_setident(newsah, m, mhp);
7257 if (error) {
7258 lck_mtx_unlock(sadb_mutex);
7259 bzero_keys(mhp);
7260 return key_senderror(so, m, error);
7261 }
7262
7263 /* create new SA entry. */
7264 /* We can create new SA only if SPI is different. */
7265 if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) {
7266 lck_mtx_unlock(sadb_mutex);
7267 ipseclog((LOG_DEBUG, "key_add: SA already exists.\n"));
7268 bzero_keys(mhp);
7269 return key_senderror(so, m, EEXIST);
7270 }
7271 newsav = key_newsav(m, mhp, newsah, &error, so);
7272 if (newsav == NULL) {
7273 lck_mtx_unlock(sadb_mutex);
7274 bzero_keys(mhp);
7275 return key_senderror(so, m, error);
7276 }
7277
7278 /*
7279 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
7280 * this SA is for transport mode - otherwise clear it.
7281 */
7282 if ((newsav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0 &&
7283 (newsah->saidx.mode != IPSEC_MODE_TRANSPORT ||
7284 newsah->saidx.dst.ss_family != AF_INET))
7285 newsav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
7286
7287 /* check SA values to be mature. */
7288 if ((error = key_mature(newsav)) != 0) {
7289 key_freesav(newsav, KEY_SADB_LOCKED);
7290 lck_mtx_unlock(sadb_mutex);
7291 bzero_keys(mhp);
7292 return key_senderror(so, m, error);
7293 }
7294
7295 lck_mtx_unlock(sadb_mutex);
7296
7297 /*
7298 * don't call key_freesav() here, as we would like to keep the SA
7299 * in the database on success.
7300 */
7301
7302 {
7303 struct mbuf *n;
7304
7305 /* set msg buf from mhp */
7306 n = key_getmsgbuf_x1(m, mhp);
7307 if (n == NULL) {
7308 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
7309 bzero_keys(mhp);
7310 return key_senderror(so, m, ENOBUFS);
7311 }
7312
7313 // mh.ext points to the mbuf content.
7314 // Zero out Encryption and Integrity keys if present.
7315 bzero_keys(mhp);
7316 m_freem(m);
7317 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
7318 }
7319 }
7320
7321 /* m is retained */
7322 static int
7323 key_setident(
7324 struct secashead *sah,
7325 struct mbuf *m,
7326 const struct sadb_msghdr *mhp)
7327 {
7328 const struct sadb_ident *idsrc, *iddst;
7329 int idsrclen, iddstlen;
7330
7331 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
7332
7333 /* sanity check */
7334 if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7335 panic("key_setident: NULL pointer is passed.\n");
7336
7337 /* don't make buffer if not there */
7338 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
7339 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
7340 sah->idents = NULL;
7341 sah->identd = NULL;
7342 return 0;
7343 }
7344
7345 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
7346 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
7347 ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n"));
7348 return EINVAL;
7349 }
7350
7351 idsrc = (const struct sadb_ident *)
7352 (void *)mhp->ext[SADB_EXT_IDENTITY_SRC];
7353 iddst = (const struct sadb_ident *)
7354 (void *)mhp->ext[SADB_EXT_IDENTITY_DST];
7355 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
7356 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
7357
7358 /* validity check */
7359 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
7360 ipseclog((LOG_DEBUG, "key_setident: ident type mismatch.\n"));
7361 return EINVAL;
7362 }
7363
7364 switch (idsrc->sadb_ident_type) {
7365 case SADB_IDENTTYPE_PREFIX:
7366 case SADB_IDENTTYPE_FQDN:
7367 case SADB_IDENTTYPE_USERFQDN:
7368 default:
7369 /* XXX do nothing */
7370 sah->idents = NULL;
7371 sah->identd = NULL;
7372 return 0;
7373 }
7374
7375 /* make structure */
7376 KMALLOC_NOWAIT(sah->idents, struct sadb_ident *, idsrclen);
7377 if (sah->idents == NULL) {
7378 lck_mtx_unlock(sadb_mutex);
7379 KMALLOC_WAIT(sah->idents, struct sadb_ident *, idsrclen);
7380 lck_mtx_lock(sadb_mutex);
7381 if (sah->idents == NULL) {
7382 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
7383 return ENOBUFS;
7384 }
7385 }
7386 KMALLOC_NOWAIT(sah->identd, struct sadb_ident *, iddstlen);
7387 if (sah->identd == NULL) {
7388 lck_mtx_unlock(sadb_mutex);
7389 KMALLOC_WAIT(sah->identd, struct sadb_ident *, iddstlen);
7390 lck_mtx_lock(sadb_mutex);
7391 if (sah->identd == NULL) {
7392 KFREE(sah->idents);
7393 sah->idents = NULL;
7394 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
7395 return ENOBUFS;
7396 }
7397 }
7398 bcopy(idsrc, sah->idents, idsrclen);
7399 bcopy(iddst, sah->identd, iddstlen);
7400
7401 return 0;
7402 }
7403
7404 /*
7405 * m will not be freed on return.
7406 * it is caller's responsibility to free the result.
7407 */
7408 static struct mbuf *
7409 key_getmsgbuf_x1(
7410 struct mbuf *m,
7411 const struct sadb_msghdr *mhp)
7412 {
7413 struct mbuf *n;
7414 int mbufItems[] = {SADB_EXT_RESERVED, SADB_EXT_SA,
7415 SADB_X_EXT_SA2, SADB_EXT_ADDRESS_SRC,
7416 SADB_EXT_ADDRESS_DST, SADB_EXT_LIFETIME_HARD,
7417 SADB_EXT_LIFETIME_SOFT, SADB_EXT_IDENTITY_SRC,
7418 SADB_EXT_IDENTITY_DST};
7419
7420 /* sanity check */
7421 if (m == NULL || mhp == NULL || mhp->msg == NULL)
7422 panic("key_getmsgbuf_x1: NULL pointer is passed.\n");
7423
7424 /* create new sadb_msg to reply. */
7425 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
7426 if (!n)
7427 return NULL;
7428
7429 if (n->m_len < sizeof(struct sadb_msg)) {
7430 n = m_pullup(n, sizeof(struct sadb_msg));
7431 if (n == NULL)
7432 return NULL;
7433 }
7434 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
7435 mtod(n, struct sadb_msg *)->sadb_msg_len =
7436 PFKEY_UNIT64(n->m_pkthdr.len);
7437
7438 return n;
7439 }
7440
7441 static int key_delete_all(struct socket *, struct mbuf *,
7442 const struct sadb_msghdr *, u_int16_t);
7443
7444 /*
7445 * SADB_DELETE processing
7446 * receive
7447 * <base, SA(*), address(SD)>
7448 * from the ikmpd, and set SADB_SASTATE_DEAD,
7449 * and send,
7450 * <base, SA(*), address(SD)>
7451 * to the ikmpd.
7452 *
7453 * m will always be freed.
7454 */
7455 static int
7456 key_delete(
7457 struct socket *so,
7458 struct mbuf *m,
7459 const struct sadb_msghdr *mhp)
7460 {
7461 struct sadb_sa *sa0;
7462 struct sadb_address *src0, *dst0;
7463 ifnet_t ipsec_if = NULL;
7464 struct secasindex saidx;
7465 struct secashead *sah;
7466 struct secasvar *sav = NULL;
7467 u_int16_t proto;
7468
7469 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
7470
7471 /* sanity check */
7472 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7473 panic("key_delete: NULL pointer is passed.\n");
7474
7475 /* map satype to proto */
7476 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7477 ipseclog((LOG_DEBUG, "key_delete: invalid satype is passed.\n"));
7478 return key_senderror(so, m, EINVAL);
7479 }
7480
7481 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
7482 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
7483 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
7484 return key_senderror(so, m, EINVAL);
7485 }
7486
7487 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
7488 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
7489 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
7490 return key_senderror(so, m, EINVAL);
7491 }
7492
7493 lck_mtx_lock(sadb_mutex);
7494
7495 if (mhp->ext[SADB_EXT_SA] == NULL) {
7496 /*
7497 * Caller wants us to delete all non-LARVAL SAs
7498 * that match the src/dst. This is used during
7499 * IKE INITIAL-CONTACT.
7500 */
7501 ipseclog((LOG_DEBUG, "key_delete: doing delete all.\n"));
7502 /* key_delete_all will unlock sadb_mutex */
7503 return key_delete_all(so, m, mhp, proto);
7504 } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
7505 lck_mtx_unlock(sadb_mutex);
7506 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
7507 return key_senderror(so, m, EINVAL);
7508 }
7509
7510 sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
7511 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
7512 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
7513 ipsec_if = key_get_ipsec_if_from_message(mhp, SADB_X_EXT_IPSECIF);
7514
7515 /* XXX boundary check against sa_len */
7516 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
7517
7518 /* get a SA header */
7519 LIST_FOREACH(sah, &sahtree, chain) {
7520 if (sah->state == SADB_SASTATE_DEAD)
7521 continue;
7522 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
7523 continue;
7524
7525 /* get a SA with SPI. */
7526 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
7527 if (sav)
7528 break;
7529 }
7530 if (sah == NULL) {
7531 lck_mtx_unlock(sadb_mutex);
7532 ipseclog((LOG_DEBUG, "key_delete: no SA found.\n"));
7533 return key_senderror(so, m, ENOENT);
7534 }
7535
7536 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
7537 key_freesav(sav, KEY_SADB_LOCKED);
7538
7539 lck_mtx_unlock(sadb_mutex);
7540 sav = NULL;
7541
7542 {
7543 struct mbuf *n;
7544 struct sadb_msg *newmsg;
7545 int mbufItems[] = {SADB_EXT_RESERVED, SADB_EXT_SA,
7546 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST};
7547
7548 /* create new sadb_msg to reply. */
7549 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
7550 if (!n)
7551 return key_senderror(so, m, ENOBUFS);
7552
7553 if (n->m_len < sizeof(struct sadb_msg)) {
7554 n = m_pullup(n, sizeof(struct sadb_msg));
7555 if (n == NULL)
7556 return key_senderror(so, m, ENOBUFS);
7557 }
7558 newmsg = mtod(n, struct sadb_msg *);
7559 newmsg->sadb_msg_errno = 0;
7560 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
7561
7562 m_freem(m);
7563 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
7564 }
7565 }
7566
7567 /*
7568 * delete all SAs for src/dst. Called from key_delete().
7569 */
7570 static int
7571 key_delete_all(
7572 struct socket *so,
7573 struct mbuf *m,
7574 const struct sadb_msghdr *mhp,
7575 u_int16_t proto)
7576 {
7577 struct sadb_address *src0, *dst0;
7578 ifnet_t ipsec_if = NULL;
7579 struct secasindex saidx;
7580 struct secashead *sah;
7581 struct secasvar *sav, *nextsav;
7582 u_int stateidx, state;
7583
7584 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
7585
7586 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
7587 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
7588 ipsec_if = key_get_ipsec_if_from_message(mhp, SADB_X_EXT_IPSECIF);
7589
7590 /* XXX boundary check against sa_len */
7591 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
7592
7593 LIST_FOREACH(sah, &sahtree, chain) {
7594 if (sah->state == SADB_SASTATE_DEAD)
7595 continue;
7596 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
7597 continue;
7598
7599 /* Delete all non-LARVAL SAs. */
7600 for (stateidx = 0;
7601 stateidx < _ARRAYLEN(saorder_state_alive);
7602 stateidx++) {
7603 state = saorder_state_alive[stateidx];
7604 if (state == SADB_SASTATE_LARVAL)
7605 continue;
7606 for (sav = LIST_FIRST(&sah->savtree[state]);
7607 sav != NULL; sav = nextsav) {
7608 nextsav = LIST_NEXT(sav, chain);
7609 /* sanity check */
7610 if (sav->state != state) {
7611 ipseclog((LOG_DEBUG, "key_delete_all: "
7612 "invalid sav->state "
7613 "(queue: %d SA: %d)\n",
7614 state, sav->state));
7615 continue;
7616 }
7617
7618 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
7619 key_freesav(sav, KEY_SADB_LOCKED);
7620 }
7621 }
7622 }
7623 lck_mtx_unlock(sadb_mutex);
7624
7625 {
7626 struct mbuf *n;
7627 struct sadb_msg *newmsg;
7628 int mbufItems[] = {SADB_EXT_RESERVED, SADB_EXT_ADDRESS_SRC,
7629 SADB_EXT_ADDRESS_DST};
7630
7631 /* create new sadb_msg to reply. */
7632 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
7633 if (!n)
7634 return key_senderror(so, m, ENOBUFS);
7635
7636 if (n->m_len < sizeof(struct sadb_msg)) {
7637 n = m_pullup(n, sizeof(struct sadb_msg));
7638 if (n == NULL)
7639 return key_senderror(so, m, ENOBUFS);
7640 }
7641 newmsg = mtod(n, struct sadb_msg *);
7642 newmsg->sadb_msg_errno = 0;
7643 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
7644
7645 m_freem(m);
7646 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
7647 }
7648 }
7649
7650 /*
7651 * SADB_GET processing
7652 * receive
7653 * <base, SA(*), address(SD)>
7654 * from the ikmpd, and get a SP and a SA to respond,
7655 * and send,
7656 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
7657 * (identity(SD),) (sensitivity)>
7658 * to the ikmpd.
7659 *
7660 * m will always be freed.
7661 */
7662 static int
7663 key_get(
7664 struct socket *so,
7665 struct mbuf *m,
7666 const struct sadb_msghdr *mhp)
7667 {
7668 struct sadb_sa *sa0;
7669 struct sadb_address *src0, *dst0;
7670 ifnet_t ipsec_if = NULL;
7671 struct secasindex saidx;
7672 struct secashead *sah;
7673 struct secasvar *sav = NULL;
7674 u_int16_t proto;
7675
7676 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
7677
7678 /* sanity check */
7679 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7680 panic("key_get: NULL pointer is passed.\n");
7681
7682 /* map satype to proto */
7683 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7684 ipseclog((LOG_DEBUG, "key_get: invalid satype is passed.\n"));
7685 return key_senderror(so, m, EINVAL);
7686 }
7687
7688 if (mhp->ext[SADB_EXT_SA] == NULL ||
7689 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
7690 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
7691 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
7692 return key_senderror(so, m, EINVAL);
7693 }
7694 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
7695 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
7696 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
7697 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
7698 return key_senderror(so, m, EINVAL);
7699 }
7700
7701 sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
7702 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
7703 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
7704 ipsec_if = key_get_ipsec_if_from_message(mhp, SADB_X_EXT_IPSECIF);
7705
7706 /* XXX boundary check against sa_len */
7707 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
7708
7709 lck_mtx_lock(sadb_mutex);
7710
7711 /* get a SA header */
7712 LIST_FOREACH(sah, &sahtree, chain) {
7713 if (sah->state == SADB_SASTATE_DEAD)
7714 continue;
7715 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
7716 continue;
7717
7718 /* get a SA with SPI. */
7719 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
7720 if (sav)
7721 break;
7722 }
7723 if (sah == NULL) {
7724 lck_mtx_unlock(sadb_mutex);
7725 ipseclog((LOG_DEBUG, "key_get: no SA found.\n"));
7726 return key_senderror(so, m, ENOENT);
7727 }
7728
7729 {
7730 struct mbuf *n;
7731 u_int8_t satype;
7732
7733 /* map proto to satype */
7734 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
7735 lck_mtx_unlock(sadb_mutex);
7736 ipseclog((LOG_DEBUG, "key_get: there was invalid proto in SAD.\n"));
7737 return key_senderror(so, m, EINVAL);
7738 }
7739 lck_mtx_unlock(sadb_mutex);
7740
7741 /* create new sadb_msg to reply. */
7742 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
7743 mhp->msg->sadb_msg_pid);
7744
7745
7746
7747 if (!n)
7748 return key_senderror(so, m, ENOBUFS);
7749
7750 m_freem(m);
7751 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
7752 }
7753 }
7754
7755 /*
7756 * get SA stats by spi.
7757 * OUT: -1 : not found
7758 * 0 : found, arg pointer to a SA stats is updated.
7759 */
7760 static int
7761 key_getsastatbyspi_one (u_int32_t spi,
7762 struct sastat *stat)
7763 {
7764 struct secashead *sah;
7765 struct secasvar *sav = NULL;
7766
7767 if ((void *)stat == NULL) {
7768 return -1;
7769 }
7770
7771 lck_mtx_lock(sadb_mutex);
7772
7773 /* get a SA header */
7774 LIST_FOREACH(sah, &sahtree, chain) {
7775 if (sah->state == SADB_SASTATE_DEAD)
7776 continue;
7777
7778 /* get a SA with SPI. */
7779 sav = key_getsavbyspi(sah, spi);
7780 if (sav) {
7781 stat->spi = sav->spi;
7782 stat->created = sav->created;
7783 if (sav->lft_c) {
7784 bcopy(sav->lft_c,&stat->lft_c, sizeof(stat->lft_c));
7785 } else {
7786 bzero(&stat->lft_c, sizeof(stat->lft_c));
7787 }
7788 lck_mtx_unlock(sadb_mutex);
7789 return 0;
7790 }
7791 }
7792
7793 lck_mtx_unlock(sadb_mutex);
7794
7795 return -1;
7796 }
7797
7798 /*
7799 * get SA stats collection by indices.
7800 * OUT: -1 : not found
7801 * 0 : found, arg pointers to a SA stats and 'maximum stats' are updated.
7802 */
7803 static int
7804 key_getsastatbyspi (struct sastat *stat_arg,
7805 u_int32_t max_stat_arg,
7806 struct sastat *stat_res,
7807 u_int32_t *max_stat_res)
7808 {
7809 int cur, found = 0;
7810
7811 if (stat_arg == NULL ||
7812 stat_res == NULL ||
7813 max_stat_res == NULL) {
7814 return -1;
7815 }
7816
7817 for (cur = 0; cur < max_stat_arg; cur++) {
7818 if (key_getsastatbyspi_one(stat_arg[cur].spi,
7819 &stat_res[found]) == 0) {
7820 found++;
7821 }
7822 }
7823 *max_stat_res = found;
7824
7825 if (found) {
7826 return 0;
7827 }
7828 return -1;
7829 }
7830
7831 /* XXX make it sysctl-configurable? */
7832 static void
7833 key_getcomb_setlifetime(
7834 struct sadb_comb *comb)
7835 {
7836
7837 comb->sadb_comb_soft_allocations = 1;
7838 comb->sadb_comb_hard_allocations = 1;
7839 comb->sadb_comb_soft_bytes = 0;
7840 comb->sadb_comb_hard_bytes = 0;
7841 comb->sadb_comb_hard_addtime = 86400; /* 1 day */
7842 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100;
7843 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */
7844 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
7845 }
7846
7847 #if IPSEC_ESP
7848 /*
7849 * XXX reorder combinations by preference
7850 * XXX no idea if the user wants ESP authentication or not
7851 */
7852 static struct mbuf *
7853 key_getcomb_esp(void)
7854 {
7855 struct sadb_comb *comb;
7856 const struct esp_algorithm *algo;
7857 struct mbuf *result = NULL, *m, *n;
7858 int encmin;
7859 int i, off, o;
7860 int totlen;
7861 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
7862
7863 m = NULL;
7864 for (i = 1; i <= SADB_EALG_MAX; i++) {
7865 algo = esp_algorithm_lookup(i);
7866 if (!algo)
7867 continue;
7868
7869 if (algo->keymax < ipsec_esp_keymin)
7870 continue;
7871 if (algo->keymin < ipsec_esp_keymin)
7872 encmin = ipsec_esp_keymin;
7873 else
7874 encmin = algo->keymin;
7875
7876 if (ipsec_esp_auth)
7877 m = key_getcomb_ah();
7878 else {
7879 #if DIAGNOSTIC
7880 if (l > MLEN)
7881 panic("assumption failed in key_getcomb_esp");
7882 #endif
7883 MGET(m, M_WAITOK, MT_DATA);
7884 if (m) {
7885 M_ALIGN(m, l);
7886 m->m_len = l;
7887 m->m_next = NULL;
7888 bzero(mtod(m, caddr_t), m->m_len);
7889 }
7890 }
7891 if (!m)
7892 goto fail;
7893
7894 totlen = 0;
7895 for (n = m; n; n = n->m_next)
7896 totlen += n->m_len;
7897 #if DIAGNOSTIC
7898 if (totlen % l)
7899 panic("assumption failed in key_getcomb_esp");
7900 #endif
7901
7902 for (off = 0; off < totlen; off += l) {
7903 n = m_pulldown(m, off, l, &o);
7904 if (!n) {
7905 /* m is already freed */
7906 goto fail;
7907 }
7908 comb = (struct sadb_comb *)
7909 (void *)(mtod(n, caddr_t) + o);
7910 bzero(comb, sizeof(*comb));
7911 key_getcomb_setlifetime(comb);
7912 comb->sadb_comb_encrypt = i;
7913 comb->sadb_comb_encrypt_minbits = encmin;
7914 comb->sadb_comb_encrypt_maxbits = algo->keymax;
7915 }
7916
7917 if (!result)
7918 result = m;
7919 else
7920 m_cat(result, m);
7921 }
7922
7923 return result;
7924
7925 fail:
7926 if (result)
7927 m_freem(result);
7928 return NULL;
7929 }
7930 #endif
7931
7932 /*
7933 * XXX reorder combinations by preference
7934 */
7935 static struct mbuf *
7936 key_getcomb_ah(void)
7937 {
7938 struct sadb_comb *comb;
7939 const struct ah_algorithm *algo;
7940 struct mbuf *m;
7941 int keymin;
7942 int i;
7943 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
7944
7945 m = NULL;
7946 for (i = 1; i <= SADB_AALG_MAX; i++) {
7947 #if 1
7948 /* we prefer HMAC algorithms, not old algorithms */
7949 if (i != SADB_AALG_SHA1HMAC && i != SADB_AALG_MD5HMAC)
7950 continue;
7951 #endif
7952 algo = ah_algorithm_lookup(i);
7953 if (!algo)
7954 continue;
7955
7956 if (algo->keymax < ipsec_ah_keymin)
7957 continue;
7958 if (algo->keymin < ipsec_ah_keymin)
7959 keymin = ipsec_ah_keymin;
7960 else
7961 keymin = algo->keymin;
7962
7963 if (!m) {
7964 #if DIAGNOSTIC
7965 if (l > MLEN)
7966 panic("assumption failed in key_getcomb_ah");
7967 #endif
7968 MGET(m, M_WAITOK, MT_DATA);
7969 if (m) {
7970 M_ALIGN(m, l);
7971 m->m_len = l;
7972 m->m_next = NULL;
7973 }
7974 } else
7975 M_PREPEND(m, l, M_WAITOK, 1);
7976 if (!m)
7977 return NULL;
7978
7979 comb = mtod(m, struct sadb_comb *);
7980 bzero(comb, sizeof(*comb));
7981 key_getcomb_setlifetime(comb);
7982 comb->sadb_comb_auth = i;
7983 comb->sadb_comb_auth_minbits = keymin;
7984 comb->sadb_comb_auth_maxbits = algo->keymax;
7985 }
7986
7987 return m;
7988 }
7989
7990 /*
7991 * not really an official behavior. discussed in pf_key@inner.net in Sep2000.
7992 * XXX reorder combinations by preference
7993 */
7994 static struct mbuf *
7995 key_getcomb_ipcomp(void)
7996 {
7997 struct sadb_comb *comb;
7998 const struct ipcomp_algorithm *algo;
7999 struct mbuf *m;
8000 int i;
8001 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
8002
8003 m = NULL;
8004 for (i = 1; i <= SADB_X_CALG_MAX; i++) {
8005 algo = ipcomp_algorithm_lookup(i);
8006 if (!algo)
8007 continue;
8008
8009 if (!m) {
8010 #if DIAGNOSTIC
8011 if (l > MLEN)
8012 panic("assumption failed in key_getcomb_ipcomp");
8013 #endif
8014 MGET(m, M_WAITOK, MT_DATA);
8015 if (m) {
8016 M_ALIGN(m, l);
8017 m->m_len = l;
8018 m->m_next = NULL;
8019 }
8020 } else
8021 M_PREPEND(m, l, M_WAITOK, 1);
8022 if (!m)
8023 return NULL;
8024
8025 comb = mtod(m, struct sadb_comb *);
8026 bzero(comb, sizeof(*comb));
8027 key_getcomb_setlifetime(comb);
8028 comb->sadb_comb_encrypt = i;
8029 /* what should we set into sadb_comb_*_{min,max}bits? */
8030 }
8031
8032 return m;
8033 }
8034
8035 /*
8036 * XXX no way to pass mode (transport/tunnel) to userland
8037 * XXX replay checking?
8038 * XXX sysctl interface to ipsec_{ah,esp}_keymin
8039 */
8040 static struct mbuf *
8041 key_getprop(
8042 const struct secasindex *saidx)
8043 {
8044 struct sadb_prop *prop;
8045 struct mbuf *m, *n;
8046 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
8047 int totlen;
8048
8049 switch (saidx->proto) {
8050 #if IPSEC_ESP
8051 case IPPROTO_ESP:
8052 m = key_getcomb_esp();
8053 break;
8054 #endif
8055 case IPPROTO_AH:
8056 m = key_getcomb_ah();
8057 break;
8058 case IPPROTO_IPCOMP:
8059 m = key_getcomb_ipcomp();
8060 break;
8061 default:
8062 return NULL;
8063 }
8064
8065 if (!m)
8066 return NULL;
8067 M_PREPEND(m, l, M_WAITOK, 1);
8068 if (!m)
8069 return NULL;
8070
8071 totlen = 0;
8072 for (n = m; n; n = n->m_next)
8073 totlen += n->m_len;
8074
8075 prop = mtod(m, struct sadb_prop *);
8076 bzero(prop, sizeof(*prop));
8077 prop->sadb_prop_len = PFKEY_UNIT64(totlen);
8078 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
8079 prop->sadb_prop_replay = 32; /* XXX */
8080
8081 return m;
8082 }
8083
8084 /*
8085 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
8086 * send
8087 * <base, SA, address(SD), (address(P)), x_policy,
8088 * (identity(SD),) (sensitivity,) proposal>
8089 * to KMD, and expect to receive
8090 * <base> with SADB_ACQUIRE if error occurred,
8091 * or
8092 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
8093 * from KMD by PF_KEY.
8094 *
8095 * XXX x_policy is outside of RFC2367 (KAME extension).
8096 * XXX sensitivity is not supported.
8097 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
8098 * see comment for key_getcomb_ipcomp().
8099 *
8100 * OUT:
8101 * 0 : succeed
8102 * others: error number
8103 */
8104 static int
8105 key_acquire(
8106 struct secasindex *saidx,
8107 struct secpolicy *sp)
8108 {
8109 struct mbuf *result = NULL, *m;
8110 #ifndef IPSEC_NONBLOCK_ACQUIRE
8111 struct secacq *newacq;
8112 #endif
8113 u_int8_t satype;
8114 int error = -1;
8115 u_int32_t seq;
8116
8117 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
8118
8119 /* sanity check */
8120 if (saidx == NULL)
8121 panic("key_acquire: NULL pointer is passed.\n");
8122 if ((satype = key_proto2satype(saidx->proto)) == 0)
8123 panic("key_acquire: invalid proto is passed.\n");
8124
8125 #ifndef IPSEC_NONBLOCK_ACQUIRE
8126 /*
8127 * We never do anything about acquirng SA. There is anather
8128 * solution that kernel blocks to send SADB_ACQUIRE message until
8129 * getting something message from IKEd. In later case, to be
8130 * managed with ACQUIRING list.
8131 */
8132 /* get a entry to check whether sending message or not. */
8133 lck_mtx_lock(sadb_mutex);
8134 if ((newacq = key_getacq(saidx)) != NULL) {
8135 if (key_blockacq_count < newacq->count) {
8136 /* reset counter and do send message. */
8137 newacq->count = 0;
8138 } else {
8139 /* increment counter and do nothing. */
8140 newacq->count++;
8141 lck_mtx_unlock(sadb_mutex);
8142 return 0;
8143 }
8144 } else {
8145 /* make new entry for blocking to send SADB_ACQUIRE. */
8146 if ((newacq = key_newacq(saidx)) == NULL) {
8147 lck_mtx_unlock(sadb_mutex);
8148 return ENOBUFS;
8149 }
8150
8151 /* add to acqtree */
8152 LIST_INSERT_HEAD(&acqtree, newacq, chain);
8153 key_start_timehandler();
8154 }
8155 seq = newacq->seq;
8156 lck_mtx_unlock(sadb_mutex);
8157
8158 #else
8159 seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
8160 #endif
8161 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
8162 if (!m) {
8163 error = ENOBUFS;
8164 goto fail;
8165 }
8166 result = m;
8167
8168 /* set sadb_address for saidx's. */
8169 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
8170 (struct sockaddr *)&saidx->src, FULLMASK, IPSEC_ULPROTO_ANY);
8171 if (!m) {
8172 error = ENOBUFS;
8173 goto fail;
8174 }
8175 m_cat(result, m);
8176
8177 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
8178 (struct sockaddr *)&saidx->dst, FULLMASK, IPSEC_ULPROTO_ANY);
8179 if (!m) {
8180 error = ENOBUFS;
8181 goto fail;
8182 }
8183 m_cat(result, m);
8184
8185 /* XXX proxy address (optional) */
8186
8187 /* set sadb_x_policy */
8188 if (sp) {
8189 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id);
8190 if (!m) {
8191 error = ENOBUFS;
8192 goto fail;
8193 }
8194 m_cat(result, m);
8195 }
8196
8197 /* XXX identity (optional) */
8198 #if 0
8199 if (idexttype && fqdn) {
8200 /* create identity extension (FQDN) */
8201 struct sadb_ident *id;
8202 int fqdnlen;
8203
8204 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */
8205 id = (struct sadb_ident *)p;
8206 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
8207 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
8208 id->sadb_ident_exttype = idexttype;
8209 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
8210 bcopy(fqdn, id + 1, fqdnlen);
8211 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
8212 }
8213
8214 if (idexttype) {
8215 /* create identity extension (USERFQDN) */
8216 struct sadb_ident *id;
8217 int userfqdnlen;
8218
8219 if (userfqdn) {
8220 /* +1 for terminating-NUL */
8221 userfqdnlen = strlen(userfqdn) + 1;
8222 } else
8223 userfqdnlen = 0;
8224 id = (struct sadb_ident *)p;
8225 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
8226 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
8227 id->sadb_ident_exttype = idexttype;
8228 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
8229 /* XXX is it correct? */
8230 if (curproc && curproc->p_cred)
8231 id->sadb_ident_id = curproc->p_cred->p_ruid;
8232 if (userfqdn && userfqdnlen)
8233 bcopy(userfqdn, id + 1, userfqdnlen);
8234 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
8235 }
8236 #endif
8237
8238 /* XXX sensitivity (optional) */
8239
8240 /* create proposal/combination extension */
8241 m = key_getprop(saidx);
8242 #if 0
8243 /*
8244 * spec conformant: always attach proposal/combination extension,
8245 * the problem is that we have no way to attach it for ipcomp,
8246 * due to the way sadb_comb is declared in RFC2367.
8247 */
8248 if (!m) {
8249 error = ENOBUFS;
8250 goto fail;
8251 }
8252 m_cat(result, m);
8253 #else
8254 /*
8255 * outside of spec; make proposal/combination extension optional.
8256 */
8257 if (m)
8258 m_cat(result, m);
8259 #endif
8260
8261 if ((result->m_flags & M_PKTHDR) == 0) {
8262 error = EINVAL;
8263 goto fail;
8264 }
8265
8266 if (result->m_len < sizeof(struct sadb_msg)) {
8267 result = m_pullup(result, sizeof(struct sadb_msg));
8268 if (result == NULL) {
8269 error = ENOBUFS;
8270 goto fail;
8271 }
8272 }
8273
8274 result->m_pkthdr.len = 0;
8275 for (m = result; m; m = m->m_next)
8276 result->m_pkthdr.len += m->m_len;
8277
8278 mtod(result, struct sadb_msg *)->sadb_msg_len =
8279 PFKEY_UNIT64(result->m_pkthdr.len);
8280
8281 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
8282
8283 fail:
8284 if (result)
8285 m_freem(result);
8286 return error;
8287 }
8288
8289 #ifndef IPSEC_NONBLOCK_ACQUIRE
8290 static struct secacq *
8291 key_newacq(
8292 struct secasindex *saidx)
8293 {
8294 struct secacq *newacq;
8295 struct timeval tv;
8296
8297 /* get new entry */
8298 KMALLOC_NOWAIT(newacq, struct secacq *, sizeof(struct secacq));
8299 if (newacq == NULL) {
8300 lck_mtx_unlock(sadb_mutex);
8301 KMALLOC_WAIT(newacq, struct secacq *, sizeof(struct secacq));
8302 lck_mtx_lock(sadb_mutex);
8303 if (newacq == NULL) {
8304 ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n"));
8305 return NULL;
8306 }
8307 }
8308 bzero(newacq, sizeof(*newacq));
8309
8310 /* copy secindex */
8311 bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx));
8312 newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq);
8313 microtime(&tv);
8314 newacq->created = tv.tv_sec;
8315 newacq->count = 0;
8316
8317 return newacq;
8318 }
8319
8320 static struct secacq *
8321 key_getacq(
8322 struct secasindex *saidx)
8323 {
8324 struct secacq *acq;
8325
8326 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
8327
8328 LIST_FOREACH(acq, &acqtree, chain) {
8329 if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY))
8330 return acq;
8331 }
8332
8333 return NULL;
8334 }
8335
8336 static struct secacq *
8337 key_getacqbyseq(
8338 u_int32_t seq)
8339 {
8340 struct secacq *acq;
8341
8342 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
8343
8344 LIST_FOREACH(acq, &acqtree, chain) {
8345 if (acq->seq == seq)
8346 return acq;
8347 }
8348
8349 return NULL;
8350 }
8351 #endif
8352
8353 static struct secspacq *
8354 key_newspacq(
8355 struct secpolicyindex *spidx)
8356 {
8357 struct secspacq *acq;
8358 struct timeval tv;
8359
8360 /* get new entry */
8361 KMALLOC_NOWAIT(acq, struct secspacq *, sizeof(struct secspacq));
8362 if (acq == NULL) {
8363 lck_mtx_unlock(sadb_mutex);
8364 KMALLOC_WAIT(acq, struct secspacq *, sizeof(struct secspacq));
8365 lck_mtx_lock(sadb_mutex);
8366 if (acq == NULL) {
8367 ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n"));
8368 return NULL;
8369 }
8370 }
8371 bzero(acq, sizeof(*acq));
8372
8373 /* copy secindex */
8374 bcopy(spidx, &acq->spidx, sizeof(acq->spidx));
8375 microtime(&tv);
8376 acq->created = tv.tv_sec;
8377 acq->count = 0;
8378
8379 return acq;
8380 }
8381
8382 static struct secspacq *
8383 key_getspacq(
8384 struct secpolicyindex *spidx)
8385 {
8386 struct secspacq *acq;
8387
8388 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
8389
8390 LIST_FOREACH(acq, &spacqtree, chain) {
8391 if (key_cmpspidx_exactly(spidx, &acq->spidx))
8392 return acq;
8393 }
8394
8395 return NULL;
8396 }
8397
8398 /*
8399 * SADB_ACQUIRE processing,
8400 * in first situation, is receiving
8401 * <base>
8402 * from the ikmpd, and clear sequence of its secasvar entry.
8403 *
8404 * In second situation, is receiving
8405 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
8406 * from a user land process, and return
8407 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
8408 * to the socket.
8409 *
8410 * m will always be freed.
8411 */
8412 static int
8413 key_acquire2(
8414 struct socket *so,
8415 struct mbuf *m,
8416 const struct sadb_msghdr *mhp)
8417 {
8418 const struct sadb_address *src0, *dst0;
8419 ifnet_t ipsec_if = NULL;
8420 struct secasindex saidx;
8421 struct secashead *sah;
8422 u_int16_t proto;
8423 int error;
8424
8425
8426 /* sanity check */
8427 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
8428 panic("key_acquire2: NULL pointer is passed.\n");
8429
8430 /*
8431 * Error message from KMd.
8432 * We assume that if error was occurred in IKEd, the length of PFKEY
8433 * message is equal to the size of sadb_msg structure.
8434 * We do not raise error even if error occurred in this function.
8435 */
8436 lck_mtx_lock(sadb_mutex);
8437
8438 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
8439 #ifndef IPSEC_NONBLOCK_ACQUIRE
8440 struct secacq *acq;
8441 struct timeval tv;
8442
8443 /* check sequence number */
8444 if (mhp->msg->sadb_msg_seq == 0) {
8445 lck_mtx_unlock(sadb_mutex);
8446 ipseclog((LOG_DEBUG, "key_acquire2: must specify sequence number.\n"));
8447 m_freem(m);
8448 return 0;
8449 }
8450
8451 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) {
8452 /*
8453 * the specified larval SA is already gone, or we got
8454 * a bogus sequence number. we can silently ignore it.
8455 */
8456 lck_mtx_unlock(sadb_mutex);
8457 m_freem(m);
8458 return 0;
8459 }
8460
8461 /* reset acq counter in order to deletion by timehander. */
8462 microtime(&tv);
8463 acq->created = tv.tv_sec;
8464 acq->count = 0;
8465 #endif
8466 lck_mtx_unlock(sadb_mutex);
8467 m_freem(m);
8468 return 0;
8469 }
8470
8471 /*
8472 * This message is from user land.
8473 */
8474
8475 /* map satype to proto */
8476 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
8477 lck_mtx_unlock(sadb_mutex);
8478 ipseclog((LOG_DEBUG, "key_acquire2: invalid satype is passed.\n"));
8479 return key_senderror(so, m, EINVAL);
8480 }
8481
8482 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
8483 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
8484 mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
8485 /* error */
8486 lck_mtx_unlock(sadb_mutex);
8487 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
8488 return key_senderror(so, m, EINVAL);
8489 }
8490 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
8491 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
8492 mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
8493 /* error */
8494 lck_mtx_unlock(sadb_mutex);
8495 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
8496 return key_senderror(so, m, EINVAL);
8497 }
8498
8499 src0 = (const struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
8500 dst0 = (const struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
8501 ipsec_if = key_get_ipsec_if_from_message(mhp, SADB_X_EXT_IPSECIF);
8502
8503 /* XXX boundary check against sa_len */
8504 /* cast warnings */
8505 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
8506
8507 /* get a SA index */
8508 LIST_FOREACH(sah, &sahtree, chain) {
8509 if (sah->state == SADB_SASTATE_DEAD)
8510 continue;
8511 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE | CMP_REQID))
8512 break;
8513 }
8514 if (sah != NULL) {
8515 lck_mtx_unlock(sadb_mutex);
8516 ipseclog((LOG_DEBUG, "key_acquire2: a SA exists already.\n"));
8517 return key_senderror(so, m, EEXIST);
8518 }
8519 lck_mtx_unlock(sadb_mutex);
8520 error = key_acquire(&saidx, NULL);
8521 if (error != 0) {
8522 ipseclog((LOG_DEBUG, "key_acquire2: error %d returned "
8523 "from key_acquire.\n", mhp->msg->sadb_msg_errno));
8524 return key_senderror(so, m, error);
8525 }
8526
8527 return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
8528 }
8529
8530 /*
8531 * SADB_REGISTER processing.
8532 * If SATYPE_UNSPEC has been passed as satype, only return sadb_supported.
8533 * receive
8534 * <base>
8535 * from the ikmpd, and register a socket to send PF_KEY messages,
8536 * and send
8537 * <base, supported>
8538 * to KMD by PF_KEY.
8539 * If socket is detached, must free from regnode.
8540 *
8541 * m will always be freed.
8542 */
8543 static int
8544 key_register(
8545 struct socket *so,
8546 struct mbuf *m,
8547 const struct sadb_msghdr *mhp)
8548 {
8549 struct secreg *reg, *newreg = 0;
8550
8551 /* sanity check */
8552 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
8553 panic("key_register: NULL pointer is passed.\n");
8554
8555 /* check for invalid register message */
8556 if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0]))
8557 return key_senderror(so, m, EINVAL);
8558
8559 /* When SATYPE_UNSPEC is specified, only return sadb_supported. */
8560 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
8561 goto setmsg;
8562
8563 /* create regnode */
8564 KMALLOC_WAIT(newreg, struct secreg *, sizeof(*newreg));
8565 if (newreg == NULL) {
8566 ipseclog((LOG_DEBUG, "key_register: No more memory.\n"));
8567 return key_senderror(so, m, ENOBUFS);
8568 }
8569 bzero((caddr_t)newreg, sizeof(*newreg));
8570
8571 lck_mtx_lock(sadb_mutex);
8572 /* check whether existing or not */
8573 LIST_FOREACH(reg, &regtree[mhp->msg->sadb_msg_satype], chain) {
8574 if (reg->so == so) {
8575 lck_mtx_unlock(sadb_mutex);
8576 ipseclog((LOG_DEBUG, "key_register: socket exists already.\n"));
8577 KFREE(newreg);
8578 return key_senderror(so, m, EEXIST);
8579 }
8580 }
8581
8582 socket_lock(so, 1);
8583 newreg->so = so;
8584 ((struct keycb *)sotorawcb(so))->kp_registered++;
8585 socket_unlock(so, 1);
8586
8587 /* add regnode to regtree. */
8588 LIST_INSERT_HEAD(&regtree[mhp->msg->sadb_msg_satype], newreg, chain);
8589 lck_mtx_unlock(sadb_mutex);
8590 setmsg:
8591 {
8592 struct mbuf *n;
8593 struct sadb_msg *newmsg;
8594 struct sadb_supported *sup;
8595 u_int len, alen, elen;
8596 int off;
8597 int i;
8598 struct sadb_alg *alg;
8599
8600 /* create new sadb_msg to reply. */
8601 alen = 0;
8602 for (i = 1; i <= SADB_AALG_MAX; i++) {
8603 if (ah_algorithm_lookup(i))
8604 alen += sizeof(struct sadb_alg);
8605 }
8606 if (alen)
8607 alen += sizeof(struct sadb_supported);
8608 elen = 0;
8609 #if IPSEC_ESP
8610 for (i = 1; i <= SADB_EALG_MAX; i++) {
8611 if (esp_algorithm_lookup(i))
8612 elen += sizeof(struct sadb_alg);
8613 }
8614 if (elen)
8615 elen += sizeof(struct sadb_supported);
8616 #endif
8617
8618 len = sizeof(struct sadb_msg) + alen + elen;
8619
8620 if (len > MCLBYTES)
8621 return key_senderror(so, m, ENOBUFS);
8622
8623 MGETHDR(n, M_WAITOK, MT_DATA);
8624 if (n && len > MHLEN) {
8625 MCLGET(n, M_WAITOK);
8626 if ((n->m_flags & M_EXT) == 0) {
8627 m_freem(n);
8628 n = NULL;
8629 }
8630 }
8631 if (!n)
8632 return key_senderror(so, m, ENOBUFS);
8633
8634 n->m_pkthdr.len = n->m_len = len;
8635 n->m_next = NULL;
8636 off = 0;
8637
8638 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
8639 newmsg = mtod(n, struct sadb_msg *);
8640 newmsg->sadb_msg_errno = 0;
8641 newmsg->sadb_msg_len = PFKEY_UNIT64(len);
8642 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
8643
8644 /* for authentication algorithm */
8645 if (alen) {
8646 sup = (struct sadb_supported *)(void *)(mtod(n, caddr_t) + off);
8647 sup->sadb_supported_len = PFKEY_UNIT64(alen);
8648 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
8649 off += PFKEY_ALIGN8(sizeof(*sup));
8650
8651 for (i = 1; i <= SADB_AALG_MAX; i++) {
8652 const struct ah_algorithm *aalgo;
8653
8654 aalgo = ah_algorithm_lookup(i);
8655 if (!aalgo)
8656 continue;
8657 alg = (struct sadb_alg *)
8658 (void *)(mtod(n, caddr_t) + off);
8659 alg->sadb_alg_id = i;
8660 alg->sadb_alg_ivlen = 0;
8661 alg->sadb_alg_minbits = aalgo->keymin;
8662 alg->sadb_alg_maxbits = aalgo->keymax;
8663 off += PFKEY_ALIGN8(sizeof(*alg));
8664 }
8665 }
8666
8667 #if IPSEC_ESP
8668 /* for encryption algorithm */
8669 if (elen) {
8670 sup = (struct sadb_supported *)(void *)(mtod(n, caddr_t) + off);
8671 sup->sadb_supported_len = PFKEY_UNIT64(elen);
8672 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
8673 off += PFKEY_ALIGN8(sizeof(*sup));
8674
8675 for (i = 1; i <= SADB_EALG_MAX; i++) {
8676 const struct esp_algorithm *ealgo;
8677
8678 ealgo = esp_algorithm_lookup(i);
8679 if (!ealgo)
8680 continue;
8681 alg = (struct sadb_alg *)
8682 (void *)(mtod(n, caddr_t) + off);
8683 alg->sadb_alg_id = i;
8684 if (ealgo && ealgo->ivlen) {
8685 /*
8686 * give NULL to get the value preferred by
8687 * algorithm XXX SADB_X_EXT_DERIV ?
8688 */
8689 alg->sadb_alg_ivlen =
8690 (*ealgo->ivlen)(ealgo, NULL);
8691 } else
8692 alg->sadb_alg_ivlen = 0;
8693 alg->sadb_alg_minbits = ealgo->keymin;
8694 alg->sadb_alg_maxbits = ealgo->keymax;
8695 off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
8696 }
8697 }
8698 #endif
8699
8700 #if DIGAGNOSTIC
8701 if (off != len)
8702 panic("length assumption failed in key_register");
8703 #endif
8704
8705 m_freem(m);
8706 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
8707 }
8708 }
8709
8710 static void
8711 key_delete_all_for_socket (struct socket *so)
8712 {
8713 struct secashead *sah, *nextsah;
8714 struct secasvar *sav, *nextsav;
8715 u_int stateidx;
8716 u_int state;
8717
8718 for (sah = LIST_FIRST(&sahtree);
8719 sah != NULL;
8720 sah = nextsah) {
8721 nextsah = LIST_NEXT(sah, chain);
8722 for (stateidx = 0; stateidx < _ARRAYLEN(saorder_state_alive); stateidx++) {
8723 state = saorder_state_any[stateidx];
8724 for (sav = LIST_FIRST(&sah->savtree[state]); sav != NULL; sav = nextsav) {
8725 nextsav = LIST_NEXT(sav, chain);
8726 if (sav->flags2 & SADB_X_EXT_SA2_DELETE_ON_DETACH &&
8727 sav->so == so) {
8728 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
8729 key_freesav(sav, KEY_SADB_LOCKED);
8730 }
8731 }
8732 }
8733 }
8734 }
8735
8736 /*
8737 * free secreg entry registered.
8738 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
8739 */
8740 void
8741 key_freereg(
8742 struct socket *so)
8743 {
8744 struct secreg *reg;
8745 int i;
8746
8747 /* sanity check */
8748 if (so == NULL)
8749 panic("key_freereg: NULL pointer is passed.\n");
8750
8751 /*
8752 * check whether existing or not.
8753 * check all type of SA, because there is a potential that
8754 * one socket is registered to multiple type of SA.
8755 */
8756 lck_mtx_lock(sadb_mutex);
8757 key_delete_all_for_socket(so);
8758 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
8759 LIST_FOREACH(reg, &regtree[i], chain) {
8760 if (reg->so == so
8761 && __LIST_CHAINED(reg)) {
8762 LIST_REMOVE(reg, chain);
8763 KFREE(reg);
8764 break;
8765 }
8766 }
8767 }
8768 lck_mtx_unlock(sadb_mutex);
8769 return;
8770 }
8771
8772 /*
8773 * SADB_EXPIRE processing
8774 * send
8775 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
8776 * to KMD by PF_KEY.
8777 * NOTE: We send only soft lifetime extension.
8778 *
8779 * OUT: 0 : succeed
8780 * others : error number
8781 */
8782 static int
8783 key_expire(
8784 struct secasvar *sav)
8785 {
8786 int satype;
8787 struct mbuf *result = NULL, *m;
8788 int len;
8789 int error = -1;
8790 struct sadb_lifetime *lt;
8791
8792 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
8793
8794 /* sanity check */
8795 if (sav == NULL)
8796 panic("key_expire: NULL pointer is passed.\n");
8797 if (sav->sah == NULL)
8798 panic("key_expire: Why was SA index in SA NULL.\n");
8799 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
8800 panic("key_expire: invalid proto is passed.\n");
8801
8802 /* set msg header */
8803 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
8804 if (!m) {
8805 error = ENOBUFS;
8806 goto fail;
8807 }
8808 result = m;
8809
8810 /* create SA extension */
8811 m = key_setsadbsa(sav);
8812 if (!m) {
8813 error = ENOBUFS;
8814 goto fail;
8815 }
8816 m_cat(result, m);
8817
8818 /* create SA extension */
8819 m = key_setsadbxsa2(sav->sah->saidx.mode,
8820 sav->replay ? sav->replay->count : 0,
8821 sav->sah->saidx.reqid,
8822 sav->flags2);
8823 if (!m) {
8824 error = ENOBUFS;
8825 goto fail;
8826 }
8827 m_cat(result, m);
8828
8829 /* create lifetime extension (current and soft) */
8830 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
8831 m = key_alloc_mbuf(len);
8832 if (!m || m->m_next) { /*XXX*/
8833 if (m)
8834 m_freem(m);
8835 error = ENOBUFS;
8836 goto fail;
8837 }
8838 bzero(mtod(m, caddr_t), len);
8839 lt = mtod(m, struct sadb_lifetime *);
8840 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
8841 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
8842 lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations;
8843 lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes;
8844 lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime;
8845 lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime;
8846 lt = (struct sadb_lifetime *)(void *)(mtod(m, caddr_t) + len / 2);
8847 bcopy(sav->lft_s, lt, sizeof(*lt));
8848 m_cat(result, m);
8849
8850 /* set sadb_address for source */
8851 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
8852 (struct sockaddr *)&sav->sah->saidx.src,
8853 FULLMASK, IPSEC_ULPROTO_ANY);
8854 if (!m) {
8855 error = ENOBUFS;
8856 goto fail;
8857 }
8858 m_cat(result, m);
8859
8860 /* set sadb_address for destination */
8861 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
8862 (struct sockaddr *)&sav->sah->saidx.dst,
8863 FULLMASK, IPSEC_ULPROTO_ANY);
8864 if (!m) {
8865 error = ENOBUFS;
8866 goto fail;
8867 }
8868 m_cat(result, m);
8869
8870 if ((result->m_flags & M_PKTHDR) == 0) {
8871 error = EINVAL;
8872 goto fail;
8873 }
8874
8875 if (result->m_len < sizeof(struct sadb_msg)) {
8876 result = m_pullup(result, sizeof(struct sadb_msg));
8877 if (result == NULL) {
8878 error = ENOBUFS;
8879 goto fail;
8880 }
8881 }
8882
8883 result->m_pkthdr.len = 0;
8884 for (m = result; m; m = m->m_next)
8885 result->m_pkthdr.len += m->m_len;
8886
8887 mtod(result, struct sadb_msg *)->sadb_msg_len =
8888 PFKEY_UNIT64(result->m_pkthdr.len);
8889
8890 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
8891
8892 fail:
8893 if (result)
8894 m_freem(result);
8895 return error;
8896 }
8897
8898 /*
8899 * SADB_FLUSH processing
8900 * receive
8901 * <base>
8902 * from the ikmpd, and free all entries in secastree.
8903 * and send,
8904 * <base>
8905 * to the ikmpd.
8906 * NOTE: to do is only marking SADB_SASTATE_DEAD.
8907 *
8908 * m will always be freed.
8909 */
8910 static int
8911 key_flush(
8912 struct socket *so,
8913 struct mbuf *m,
8914 const struct sadb_msghdr *mhp)
8915 {
8916 struct sadb_msg *newmsg;
8917 struct secashead *sah, *nextsah;
8918 struct secasvar *sav, *nextsav;
8919 u_int16_t proto;
8920 u_int8_t state;
8921 u_int stateidx;
8922
8923 /* sanity check */
8924 if (so == NULL || mhp == NULL || mhp->msg == NULL)
8925 panic("key_flush: NULL pointer is passed.\n");
8926
8927 /* map satype to proto */
8928 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
8929 ipseclog((LOG_DEBUG, "key_flush: invalid satype is passed.\n"));
8930 return key_senderror(so, m, EINVAL);
8931 }
8932
8933 lck_mtx_lock(sadb_mutex);
8934
8935 /* no SATYPE specified, i.e. flushing all SA. */
8936 for (sah = LIST_FIRST(&sahtree);
8937 sah != NULL;
8938 sah = nextsah) {
8939 nextsah = LIST_NEXT(sah, chain);
8940
8941 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
8942 && proto != sah->saidx.proto)
8943 continue;
8944
8945 for (stateidx = 0;
8946 stateidx < _ARRAYLEN(saorder_state_alive);
8947 stateidx++) {
8948 state = saorder_state_any[stateidx];
8949 for (sav = LIST_FIRST(&sah->savtree[state]);
8950 sav != NULL;
8951 sav = nextsav) {
8952
8953 nextsav = LIST_NEXT(sav, chain);
8954
8955 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
8956 key_freesav(sav, KEY_SADB_LOCKED);
8957 }
8958 }
8959
8960 sah->state = SADB_SASTATE_DEAD;
8961 }
8962 lck_mtx_unlock(sadb_mutex);
8963
8964 if (m->m_len < sizeof(struct sadb_msg) ||
8965 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
8966 ipseclog((LOG_DEBUG, "key_flush: No more memory.\n"));
8967 return key_senderror(so, m, ENOBUFS);
8968 }
8969
8970 if (m->m_next)
8971 m_freem(m->m_next);
8972 m->m_next = NULL;
8973 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
8974 newmsg = mtod(m, struct sadb_msg *);
8975 newmsg->sadb_msg_errno = 0;
8976 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
8977
8978 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
8979 }
8980
8981 /*
8982 * SADB_DUMP processing
8983 * dump all entries including status of DEAD in SAD.
8984 * receive
8985 * <base>
8986 * from the ikmpd, and dump all secasvar leaves
8987 * and send,
8988 * <base> .....
8989 * to the ikmpd.
8990 *
8991 * m will always be freed.
8992 */
8993
8994 struct sav_dump_elem {
8995 struct secasvar *sav;
8996 u_int8_t satype;
8997 };
8998
8999 static int
9000 key_dump(
9001 struct socket *so,
9002 struct mbuf *m,
9003 const struct sadb_msghdr *mhp)
9004 {
9005 struct secashead *sah;
9006 struct secasvar *sav;
9007 struct sav_dump_elem *savbuf = NULL, *elem_ptr;
9008 u_int16_t proto;
9009 u_int stateidx;
9010 u_int8_t satype;
9011 u_int8_t state;
9012 int cnt = 0, cnt2, bufcount;
9013 struct mbuf *n;
9014 int error = 0;
9015
9016 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
9017
9018 /* sanity check */
9019 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
9020 panic("key_dump: NULL pointer is passed.\n");
9021
9022 /* map satype to proto */
9023 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
9024 ipseclog((LOG_DEBUG, "key_dump: invalid satype is passed.\n"));
9025 return key_senderror(so, m, EINVAL);
9026 }
9027
9028 if ((bufcount = ipsec_sav_count) <= 0) {
9029 error = ENOENT;
9030 goto end;
9031 }
9032 bufcount += 512; /* extra */
9033 KMALLOC_WAIT(savbuf, struct sav_dump_elem*, bufcount * sizeof(struct sav_dump_elem));
9034 if (savbuf == NULL) {
9035 ipseclog((LOG_DEBUG, "key_dump: No more memory.\n"));
9036 error = ENOMEM;
9037 goto end;
9038 }
9039
9040 /* count sav entries to be sent to the userland. */
9041 lck_mtx_lock(sadb_mutex);
9042 elem_ptr = savbuf;
9043 LIST_FOREACH(sah, &sahtree, chain) {
9044 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
9045 && proto != sah->saidx.proto)
9046 continue;
9047
9048 /* map proto to satype */
9049 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
9050 lck_mtx_unlock(sadb_mutex);
9051 ipseclog((LOG_DEBUG, "key_dump: there was invalid proto in SAD.\n"));
9052 error = EINVAL;
9053 goto end;
9054 }
9055
9056 for (stateidx = 0;
9057 stateidx < _ARRAYLEN(saorder_state_any);
9058 stateidx++) {
9059 state = saorder_state_any[stateidx];
9060 LIST_FOREACH(sav, &sah->savtree[state], chain) {
9061 if (cnt == bufcount)
9062 break; /* out of buffer space */
9063 elem_ptr->sav = sav;
9064 elem_ptr->satype = satype;
9065 sav->refcnt++;
9066 elem_ptr++;
9067 cnt++;
9068 }
9069 }
9070 }
9071 lck_mtx_unlock(sadb_mutex);
9072
9073 if (cnt == 0) {
9074 error = ENOENT;
9075 goto end;
9076 }
9077
9078 /* send this to the userland, one at a time. */
9079 elem_ptr = savbuf;
9080 cnt2 = cnt;
9081 while (cnt2) {
9082 n = key_setdumpsa(elem_ptr->sav, SADB_DUMP, elem_ptr->satype,
9083 --cnt2, mhp->msg->sadb_msg_pid);
9084
9085 if (!n) {
9086 error = ENOBUFS;
9087 goto end;
9088 }
9089
9090 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
9091 elem_ptr++;
9092 }
9093
9094 end:
9095 if (savbuf) {
9096 if (cnt) {
9097 elem_ptr = savbuf;
9098 lck_mtx_lock(sadb_mutex);
9099 while (cnt--)
9100 key_freesav((elem_ptr++)->sav, KEY_SADB_LOCKED);
9101 lck_mtx_unlock(sadb_mutex);
9102 }
9103 KFREE(savbuf);
9104 }
9105
9106 if (error)
9107 return key_senderror(so, m, error);
9108
9109 m_freem(m);
9110 return 0;
9111 }
9112
9113 /*
9114 * SADB_X_PROMISC processing
9115 *
9116 * m will always be freed.
9117 */
9118 static int
9119 key_promisc(
9120 struct socket *so,
9121 struct mbuf *m,
9122 const struct sadb_msghdr *mhp)
9123 {
9124 int olen;
9125
9126 /* sanity check */
9127 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
9128 panic("key_promisc: NULL pointer is passed.\n");
9129
9130 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
9131
9132 if (olen < sizeof(struct sadb_msg)) {
9133 #if 1
9134 return key_senderror(so, m, EINVAL);
9135 #else
9136 m_freem(m);
9137 return 0;
9138 #endif
9139 } else if (olen == sizeof(struct sadb_msg)) {
9140 /* enable/disable promisc mode */
9141 struct keycb *kp;
9142
9143 socket_lock(so, 1);
9144 if ((kp = (struct keycb *)sotorawcb(so)) == NULL)
9145 return key_senderror(so, m, EINVAL);
9146 mhp->msg->sadb_msg_errno = 0;
9147 switch (mhp->msg->sadb_msg_satype) {
9148 case 0:
9149 case 1:
9150 kp->kp_promisc = mhp->msg->sadb_msg_satype;
9151 break;
9152 default:
9153 socket_unlock(so, 1);
9154 return key_senderror(so, m, EINVAL);
9155 }
9156 socket_unlock(so, 1);
9157
9158 /* send the original message back to everyone */
9159 mhp->msg->sadb_msg_errno = 0;
9160 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
9161 } else {
9162 /* send packet as is */
9163
9164 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
9165
9166 /* TODO: if sadb_msg_seq is specified, send to specific pid */
9167 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
9168 }
9169 }
9170
9171 static int (*key_typesw[])(struct socket *, struct mbuf *,
9172 const struct sadb_msghdr *) = {
9173 NULL, /* SADB_RESERVED */
9174 key_getspi, /* SADB_GETSPI */
9175 key_update, /* SADB_UPDATE */
9176 key_add, /* SADB_ADD */
9177 key_delete, /* SADB_DELETE */
9178 key_get, /* SADB_GET */
9179 key_acquire2, /* SADB_ACQUIRE */
9180 key_register, /* SADB_REGISTER */
9181 NULL, /* SADB_EXPIRE */
9182 key_flush, /* SADB_FLUSH */
9183 key_dump, /* SADB_DUMP */
9184 key_promisc, /* SADB_X_PROMISC */
9185 NULL, /* SADB_X_PCHANGE */
9186 key_spdadd, /* SADB_X_SPDUPDATE */
9187 key_spdadd, /* SADB_X_SPDADD */
9188 key_spddelete, /* SADB_X_SPDDELETE */
9189 key_spdget, /* SADB_X_SPDGET */
9190 NULL, /* SADB_X_SPDACQUIRE */
9191 key_spddump, /* SADB_X_SPDDUMP */
9192 key_spdflush, /* SADB_X_SPDFLUSH */
9193 key_spdadd, /* SADB_X_SPDSETIDX */
9194 NULL, /* SADB_X_SPDEXPIRE */
9195 key_spddelete2, /* SADB_X_SPDDELETE2 */
9196 key_getsastat, /* SADB_GETSASTAT */
9197 key_spdenable, /* SADB_X_SPDENABLE */
9198 key_spddisable, /* SADB_X_SPDDISABLE */
9199 key_migrate, /* SADB_MIGRATE */
9200 };
9201
9202 static void
9203 bzero_mbuf(struct mbuf *m)
9204 {
9205 struct mbuf *mptr = m;
9206 struct sadb_msg *msg = NULL;
9207 int offset = 0;
9208
9209 if (!mptr) {
9210 return;
9211 }
9212
9213 if (mptr->m_len >= sizeof(struct sadb_msg)) {
9214 msg = mtod(mptr, struct sadb_msg *);
9215 if (msg->sadb_msg_type != SADB_ADD &&
9216 msg->sadb_msg_type != SADB_UPDATE) {
9217 return;
9218 }
9219 offset = sizeof(struct sadb_msg);
9220 }
9221 bzero(mptr->m_data+offset, mptr->m_len-offset);
9222 mptr = mptr->m_next;
9223 while (mptr != NULL) {
9224 bzero(mptr->m_data, mptr->m_len);
9225 mptr = mptr->m_next;
9226 }
9227 }
9228
9229 static void
9230 bzero_keys(const struct sadb_msghdr *mh)
9231 {
9232 int extlen = 0;
9233 int offset = 0;
9234
9235 if (!mh) {
9236 return;
9237 }
9238 offset = sizeof(struct sadb_key);
9239
9240 if (mh->ext[SADB_EXT_KEY_ENCRYPT]) {
9241 struct sadb_key *key = (struct sadb_key*)mh->ext[SADB_EXT_KEY_ENCRYPT];
9242 extlen = key->sadb_key_bits >> 3;
9243
9244 if (mh->extlen[SADB_EXT_KEY_ENCRYPT] >= offset + extlen) {
9245 bzero((uint8_t *)mh->ext[SADB_EXT_KEY_ENCRYPT]+offset, extlen);
9246 } else {
9247 bzero(mh->ext[SADB_EXT_KEY_ENCRYPT], mh->extlen[SADB_EXT_KEY_ENCRYPT]);
9248 }
9249 }
9250 if (mh->ext[SADB_EXT_KEY_AUTH]) {
9251 struct sadb_key *key = (struct sadb_key*)mh->ext[SADB_EXT_KEY_AUTH];
9252 extlen = key->sadb_key_bits >> 3;
9253
9254 if (mh->extlen[SADB_EXT_KEY_AUTH] >= offset + extlen) {
9255 bzero((uint8_t *)mh->ext[SADB_EXT_KEY_AUTH]+offset, extlen);
9256 } else {
9257 bzero(mh->ext[SADB_EXT_KEY_AUTH], mh->extlen[SADB_EXT_KEY_AUTH]);
9258 }
9259 }
9260 }
9261
9262 /*
9263 * parse sadb_msg buffer to process PFKEYv2,
9264 * and create a data to response if needed.
9265 * I think to be dealed with mbuf directly.
9266 * IN:
9267 * msgp : pointer to pointer to a received buffer pulluped.
9268 * This is rewrited to response.
9269 * so : pointer to socket.
9270 * OUT:
9271 * length for buffer to send to user process.
9272 */
9273 int
9274 key_parse(
9275 struct mbuf *m,
9276 struct socket *so)
9277 {
9278 struct sadb_msg *msg;
9279 struct sadb_msghdr mh;
9280 u_int orglen;
9281 int error;
9282 int target;
9283 Boolean keyAligned = FALSE;
9284
9285 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
9286
9287 /* sanity check */
9288 if (m == NULL || so == NULL)
9289 panic("key_parse: NULL pointer is passed.\n");
9290
9291 #if 0 /*kdebug_sadb assumes msg in linear buffer*/
9292 KEYDEBUG(KEYDEBUG_KEY_DUMP,
9293 ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n"));
9294 kdebug_sadb(msg));
9295 #endif
9296
9297 if (m->m_len < sizeof(struct sadb_msg)) {
9298 m = m_pullup(m, sizeof(struct sadb_msg));
9299 if (!m)
9300 return ENOBUFS;
9301 }
9302 msg = mtod(m, struct sadb_msg *);
9303 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
9304 target = KEY_SENDUP_ONE;
9305
9306 if ((m->m_flags & M_PKTHDR) == 0 ||
9307 m->m_pkthdr.len != m->m_pkthdr.len) {
9308 ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n"));
9309 PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
9310 error = EINVAL;
9311 goto senderror;
9312 }
9313
9314 if (msg->sadb_msg_version != PF_KEY_V2) {
9315 ipseclog((LOG_DEBUG,
9316 "key_parse: PF_KEY version %u is mismatched.\n",
9317 msg->sadb_msg_version));
9318 PFKEY_STAT_INCREMENT(pfkeystat.out_invver);
9319 error = EINVAL;
9320 goto senderror;
9321 }
9322
9323 if (msg->sadb_msg_type > SADB_MAX) {
9324 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
9325 msg->sadb_msg_type));
9326 PFKEY_STAT_INCREMENT(pfkeystat.out_invmsgtype);
9327 error = EINVAL;
9328 goto senderror;
9329 }
9330
9331 /* for old-fashioned code - should be nuked */
9332 if (m->m_pkthdr.len > MCLBYTES) {
9333 m_freem(m);
9334 return ENOBUFS;
9335 }
9336 if (m->m_next) {
9337 struct mbuf *n;
9338
9339 MGETHDR(n, M_WAITOK, MT_DATA);
9340 if (n && m->m_pkthdr.len > MHLEN) {
9341 MCLGET(n, M_WAITOK);
9342 if ((n->m_flags & M_EXT) == 0) {
9343 m_free(n);
9344 n = NULL;
9345 }
9346 }
9347 if (!n) {
9348 bzero_mbuf(m);
9349 m_freem(m);
9350 return ENOBUFS;
9351 }
9352 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t));
9353 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
9354 n->m_next = NULL;
9355 bzero_mbuf(m);
9356 m_freem(m);
9357 m = n;
9358 }
9359
9360 /* align the mbuf chain so that extensions are in contiguous region. */
9361 error = key_align(m, &mh);
9362 if (error)
9363 return error;
9364
9365 if (m->m_next) { /*XXX*/
9366 bzero_mbuf(m);
9367 m_freem(m);
9368 return ENOBUFS;
9369 }
9370
9371 keyAligned = TRUE;
9372 msg = mh.msg;
9373
9374 /* check SA type */
9375 switch (msg->sadb_msg_satype) {
9376 case SADB_SATYPE_UNSPEC:
9377 switch (msg->sadb_msg_type) {
9378 case SADB_GETSPI:
9379 case SADB_UPDATE:
9380 case SADB_ADD:
9381 case SADB_DELETE:
9382 case SADB_GET:
9383 case SADB_ACQUIRE:
9384 case SADB_EXPIRE:
9385 ipseclog((LOG_DEBUG, "key_parse: must specify satype "
9386 "when msg type=%u.\n", msg->sadb_msg_type));
9387 PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
9388 error = EINVAL;
9389 goto senderror;
9390 }
9391 break;
9392 case SADB_SATYPE_AH:
9393 case SADB_SATYPE_ESP:
9394 case SADB_X_SATYPE_IPCOMP:
9395 switch (msg->sadb_msg_type) {
9396 case SADB_X_SPDADD:
9397 case SADB_X_SPDDELETE:
9398 case SADB_X_SPDGET:
9399 case SADB_X_SPDDUMP:
9400 case SADB_X_SPDFLUSH:
9401 case SADB_X_SPDSETIDX:
9402 case SADB_X_SPDUPDATE:
9403 case SADB_X_SPDDELETE2:
9404 case SADB_X_SPDENABLE:
9405 case SADB_X_SPDDISABLE:
9406 ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n",
9407 msg->sadb_msg_type));
9408 PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
9409 error = EINVAL;
9410 goto senderror;
9411 }
9412 break;
9413 case SADB_SATYPE_RSVP:
9414 case SADB_SATYPE_OSPFV2:
9415 case SADB_SATYPE_RIPV2:
9416 case SADB_SATYPE_MIP:
9417 ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n",
9418 msg->sadb_msg_satype));
9419 PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
9420 error = EOPNOTSUPP;
9421 goto senderror;
9422 case 1: /* XXX: What does it do? */
9423 if (msg->sadb_msg_type == SADB_X_PROMISC)
9424 break;
9425 /*FALLTHROUGH*/
9426 default:
9427 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
9428 msg->sadb_msg_satype));
9429 PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
9430 error = EINVAL;
9431 goto senderror;
9432 }
9433
9434 /* check field of upper layer protocol and address family */
9435 if (mh.ext[SADB_EXT_ADDRESS_SRC] != NULL
9436 && mh.ext[SADB_EXT_ADDRESS_DST] != NULL) {
9437 struct sadb_address *src0, *dst0;
9438 u_int plen;
9439
9440 src0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_SRC]);
9441 dst0 = (struct sadb_address *)(mh.ext[SADB_EXT_ADDRESS_DST]);
9442
9443 /* check upper layer protocol */
9444 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
9445 ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n"));
9446 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9447 error = EINVAL;
9448 goto senderror;
9449 }
9450
9451 /* check family */
9452 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
9453 PFKEY_ADDR_SADDR(dst0)->sa_family) {
9454 ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n"));
9455 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9456 error = EINVAL;
9457 goto senderror;
9458 }
9459 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
9460 PFKEY_ADDR_SADDR(dst0)->sa_len) {
9461 ipseclog((LOG_DEBUG,
9462 "key_parse: address struct size mismatched.\n"));
9463 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9464 error = EINVAL;
9465 goto senderror;
9466 }
9467
9468 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
9469 case AF_INET:
9470 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
9471 sizeof(struct sockaddr_in)) {
9472 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9473 error = EINVAL;
9474 goto senderror;
9475 }
9476 break;
9477 case AF_INET6:
9478 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
9479 sizeof(struct sockaddr_in6)) {
9480 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9481 error = EINVAL;
9482 goto senderror;
9483 }
9484 break;
9485 default:
9486 ipseclog((LOG_DEBUG,
9487 "key_parse: unsupported address family.\n"));
9488 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9489 error = EAFNOSUPPORT;
9490 goto senderror;
9491 }
9492
9493 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
9494 case AF_INET:
9495 plen = sizeof(struct in_addr) << 3;
9496 break;
9497 case AF_INET6:
9498 plen = sizeof(struct in6_addr) << 3;
9499 break;
9500 default:
9501 plen = 0; /*fool gcc*/
9502 break;
9503 }
9504
9505 /* check max prefix length */
9506 if (src0->sadb_address_prefixlen > plen ||
9507 dst0->sadb_address_prefixlen > plen) {
9508 ipseclog((LOG_DEBUG,
9509 "key_parse: illegal prefixlen.\n"));
9510 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9511 error = EINVAL;
9512 goto senderror;
9513 }
9514
9515 /*
9516 * prefixlen == 0 is valid because there can be a case when
9517 * all addresses are matched.
9518 */
9519 }
9520
9521 if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
9522 key_typesw[msg->sadb_msg_type] == NULL) {
9523 PFKEY_STAT_INCREMENT(pfkeystat.out_invmsgtype);
9524 error = EINVAL;
9525 goto senderror;
9526 }
9527
9528 error = (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
9529
9530 return error;
9531
9532 senderror:
9533 if (keyAligned) {
9534 bzero_keys(&mh);
9535 } else {
9536 bzero_mbuf(m);
9537 }
9538 msg->sadb_msg_errno = error;
9539 return key_sendup_mbuf(so, m, target);
9540 }
9541
9542 static int
9543 key_senderror(
9544 struct socket *so,
9545 struct mbuf *m,
9546 int code)
9547 {
9548 struct sadb_msg *msg;
9549
9550 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
9551
9552 if (m->m_len < sizeof(struct sadb_msg))
9553 panic("invalid mbuf passed to key_senderror");
9554
9555 msg = mtod(m, struct sadb_msg *);
9556 msg->sadb_msg_errno = code;
9557 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
9558 }
9559
9560 /*
9561 * set the pointer to each header into message buffer.
9562 * m will be freed on error.
9563 * XXX larger-than-MCLBYTES extension?
9564 */
9565 static int
9566 key_align(
9567 struct mbuf *m,
9568 struct sadb_msghdr *mhp)
9569 {
9570 struct mbuf *n;
9571 struct sadb_ext *ext;
9572 size_t off, end;
9573 int extlen;
9574 int toff;
9575
9576 /* sanity check */
9577 if (m == NULL || mhp == NULL)
9578 panic("key_align: NULL pointer is passed.\n");
9579 if (m->m_len < sizeof(struct sadb_msg))
9580 panic("invalid mbuf passed to key_align");
9581
9582 /* initialize */
9583 bzero(mhp, sizeof(*mhp));
9584
9585 mhp->msg = mtod(m, struct sadb_msg *);
9586 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */
9587
9588 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
9589 extlen = end; /*just in case extlen is not updated*/
9590 for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
9591 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
9592 if (!n) {
9593 /* m is already freed */
9594 return ENOBUFS;
9595 }
9596 ext = (struct sadb_ext *)(void *)(mtod(n, caddr_t) + toff);
9597
9598 /* set pointer */
9599 switch (ext->sadb_ext_type) {
9600 case SADB_EXT_SA:
9601 case SADB_EXT_ADDRESS_SRC:
9602 case SADB_EXT_ADDRESS_DST:
9603 case SADB_EXT_ADDRESS_PROXY:
9604 case SADB_EXT_LIFETIME_CURRENT:
9605 case SADB_EXT_LIFETIME_HARD:
9606 case SADB_EXT_LIFETIME_SOFT:
9607 case SADB_EXT_KEY_AUTH:
9608 case SADB_EXT_KEY_ENCRYPT:
9609 case SADB_EXT_IDENTITY_SRC:
9610 case SADB_EXT_IDENTITY_DST:
9611 case SADB_EXT_SENSITIVITY:
9612 case SADB_EXT_PROPOSAL:
9613 case SADB_EXT_SUPPORTED_AUTH:
9614 case SADB_EXT_SUPPORTED_ENCRYPT:
9615 case SADB_EXT_SPIRANGE:
9616 case SADB_X_EXT_POLICY:
9617 case SADB_X_EXT_SA2:
9618 case SADB_EXT_SESSION_ID:
9619 case SADB_EXT_SASTAT:
9620 case SADB_X_EXT_IPSECIF:
9621 case SADB_X_EXT_ADDR_RANGE_SRC_START:
9622 case SADB_X_EXT_ADDR_RANGE_SRC_END:
9623 case SADB_X_EXT_ADDR_RANGE_DST_START:
9624 case SADB_X_EXT_ADDR_RANGE_DST_END:
9625 case SADB_EXT_MIGRATE_ADDRESS_SRC:
9626 case SADB_EXT_MIGRATE_ADDRESS_DST:
9627 case SADB_X_EXT_MIGRATE_IPSECIF:
9628 /* duplicate check */
9629 /*
9630 * XXX Are there duplication payloads of either
9631 * KEY_AUTH or KEY_ENCRYPT ?
9632 */
9633 if (mhp->ext[ext->sadb_ext_type] != NULL) {
9634 ipseclog((LOG_DEBUG,
9635 "key_align: duplicate ext_type %u "
9636 "is passed.\n", ext->sadb_ext_type));
9637 bzero_mbuf(m);
9638 m_freem(m);
9639 PFKEY_STAT_INCREMENT(pfkeystat.out_dupext);
9640 return EINVAL;
9641 }
9642 break;
9643 default:
9644 ipseclog((LOG_DEBUG,
9645 "key_align: invalid ext_type %u is passed.\n",
9646 ext->sadb_ext_type));
9647 bzero_mbuf(m);
9648 m_freem(m);
9649 PFKEY_STAT_INCREMENT(pfkeystat.out_invexttype);
9650 return EINVAL;
9651 }
9652
9653 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
9654
9655 if (key_validate_ext(ext, extlen)) {
9656 bzero_mbuf(m);
9657 m_freem(m);
9658 PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
9659 return EINVAL;
9660 }
9661
9662 n = m_pulldown(m, off, extlen, &toff);
9663 if (!n) {
9664 /* m is already freed */
9665 return ENOBUFS;
9666 }
9667 ext = (struct sadb_ext *)(void *)(mtod(n, caddr_t) + toff);
9668
9669 mhp->ext[ext->sadb_ext_type] = ext;
9670 mhp->extoff[ext->sadb_ext_type] = off;
9671 mhp->extlen[ext->sadb_ext_type] = extlen;
9672 }
9673
9674 if (off != end) {
9675 bzero_mbuf(m);
9676 m_freem(m);
9677 PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
9678 return EINVAL;
9679 }
9680
9681 return 0;
9682 }
9683
9684 static int
9685 key_validate_ext(
9686 const struct sadb_ext *ext,
9687 int len)
9688 {
9689 struct sockaddr *sa;
9690 enum { NONE, ADDR } checktype = NONE;
9691 int baselen;
9692 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
9693
9694 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
9695 return EINVAL;
9696
9697 /* if it does not match minimum/maximum length, bail */
9698 if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) ||
9699 ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0]))
9700 return EINVAL;
9701 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
9702 return EINVAL;
9703 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
9704 return EINVAL;
9705
9706 /* more checks based on sadb_ext_type XXX need more */
9707 switch (ext->sadb_ext_type) {
9708 case SADB_EXT_ADDRESS_SRC:
9709 case SADB_EXT_ADDRESS_DST:
9710 case SADB_EXT_ADDRESS_PROXY:
9711 case SADB_X_EXT_ADDR_RANGE_SRC_START:
9712 case SADB_X_EXT_ADDR_RANGE_SRC_END:
9713 case SADB_X_EXT_ADDR_RANGE_DST_START:
9714 case SADB_X_EXT_ADDR_RANGE_DST_END:
9715 case SADB_EXT_MIGRATE_ADDRESS_SRC:
9716 case SADB_EXT_MIGRATE_ADDRESS_DST:
9717 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
9718 checktype = ADDR;
9719 break;
9720 case SADB_EXT_IDENTITY_SRC:
9721 case SADB_EXT_IDENTITY_DST:
9722 if (((struct sadb_ident *)(uintptr_t)(size_t)ext)->
9723 sadb_ident_type == SADB_X_IDENTTYPE_ADDR) {
9724 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
9725 checktype = ADDR;
9726 } else
9727 checktype = NONE;
9728 break;
9729 default:
9730 checktype = NONE;
9731 break;
9732 }
9733
9734 switch (checktype) {
9735 case NONE:
9736 break;
9737 case ADDR:
9738 sa = (struct sockaddr *)((caddr_t)(uintptr_t)ext + baselen);
9739
9740 if (len < baselen + sal)
9741 return EINVAL;
9742 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
9743 return EINVAL;
9744 break;
9745 }
9746
9747 return 0;
9748 }
9749
9750 /*
9751 * XXX: maybe This function is called after INBOUND IPsec processing.
9752 *
9753 * Special check for tunnel-mode packets.
9754 * We must make some checks for consistency between inner and outer IP header.
9755 *
9756 * xxx more checks to be provided
9757 */
9758 int
9759 key_checktunnelsanity(
9760 struct secasvar *sav,
9761 __unused u_int family,
9762 __unused caddr_t src,
9763 __unused caddr_t dst)
9764 {
9765
9766 /* sanity check */
9767 if (sav->sah == NULL)
9768 panic("sav->sah == NULL at key_checktunnelsanity");
9769
9770 /* XXX: check inner IP header */
9771
9772 return 1;
9773 }
9774
9775 /* record data transfer on SA, and update timestamps */
9776 void
9777 key_sa_recordxfer(
9778 struct secasvar *sav,
9779 struct mbuf *m)
9780 {
9781
9782
9783 if (!sav)
9784 panic("key_sa_recordxfer called with sav == NULL");
9785 if (!m)
9786 panic("key_sa_recordxfer called with m == NULL");
9787 if (!sav->lft_c)
9788 return;
9789
9790 lck_mtx_lock(sadb_mutex);
9791 /*
9792 * XXX Currently, there is a difference of bytes size
9793 * between inbound and outbound processing.
9794 */
9795 sav->lft_c->sadb_lifetime_bytes += m->m_pkthdr.len;
9796 /* to check bytes lifetime is done in key_timehandler(). */
9797
9798 /*
9799 * We use the number of packets as the unit of
9800 * sadb_lifetime_allocations. We increment the variable
9801 * whenever {esp,ah}_{in,out}put is called.
9802 */
9803 sav->lft_c->sadb_lifetime_allocations++;
9804 /* XXX check for expires? */
9805
9806 /*
9807 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
9808 * in seconds. HARD and SOFT lifetime are measured by the time
9809 * difference (again in seconds) from sadb_lifetime_usetime.
9810 *
9811 * usetime
9812 * v expire expire
9813 * -----+-----+--------+---> t
9814 * <--------------> HARD
9815 * <-----> SOFT
9816 */
9817 {
9818 struct timeval tv;
9819 microtime(&tv);
9820 sav->lft_c->sadb_lifetime_usetime = tv.tv_sec;
9821 /* XXX check for expires? */
9822 }
9823 lck_mtx_unlock(sadb_mutex);
9824
9825 return;
9826 }
9827
9828 /* dumb version */
9829 void
9830 key_sa_routechange(
9831 struct sockaddr *dst)
9832 {
9833 struct secashead *sah;
9834 struct route *ro;
9835
9836 lck_mtx_lock(sadb_mutex);
9837 LIST_FOREACH(sah, &sahtree, chain) {
9838 ro = &sah->sa_route;
9839 if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len
9840 && bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) {
9841 ROUTE_RELEASE(ro);
9842 }
9843 }
9844 lck_mtx_unlock(sadb_mutex);
9845
9846 return;
9847 }
9848
9849 void
9850 key_sa_chgstate(
9851 struct secasvar *sav,
9852 u_int8_t state)
9853 {
9854
9855 if (sav == NULL)
9856 panic("key_sa_chgstate called with sav == NULL");
9857
9858 if (sav->state == state)
9859 return;
9860
9861 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
9862
9863 if (__LIST_CHAINED(sav))
9864 LIST_REMOVE(sav, chain);
9865
9866 sav->state = state;
9867 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
9868
9869 }
9870
9871 void
9872 key_sa_stir_iv(
9873 struct secasvar *sav)
9874 {
9875 lck_mtx_lock(sadb_mutex);
9876 if (!sav->iv)
9877 panic("key_sa_stir_iv called with sav == NULL");
9878 key_randomfill(sav->iv, sav->ivlen);
9879 lck_mtx_unlock(sadb_mutex);
9880 }
9881
9882 /* XXX too much? */
9883 static struct mbuf *
9884 key_alloc_mbuf(
9885 int l)
9886 {
9887 struct mbuf *m = NULL, *n;
9888 int len, t;
9889
9890 len = l;
9891 while (len > 0) {
9892 MGET(n, M_DONTWAIT, MT_DATA);
9893 if (n && len > MLEN)
9894 MCLGET(n, M_DONTWAIT);
9895 if (!n) {
9896 m_freem(m);
9897 return NULL;
9898 }
9899
9900 n->m_next = NULL;
9901 n->m_len = 0;
9902 n->m_len = M_TRAILINGSPACE(n);
9903 /* use the bottom of mbuf, hoping we can prepend afterwards */
9904 if (n->m_len > len) {
9905 t = (n->m_len - len) & ~(sizeof(long) - 1);
9906 n->m_data += t;
9907 n->m_len = len;
9908 }
9909
9910 len -= n->m_len;
9911
9912 if (m)
9913 m_cat(m, n);
9914 else
9915 m = n;
9916 }
9917
9918 return m;
9919 }
9920
9921 static struct mbuf *
9922 key_setdumpsastats (u_int32_t dir,
9923 struct sastat *stats,
9924 u_int32_t max_stats,
9925 u_int64_t session_ids[],
9926 u_int32_t seq,
9927 u_int32_t pid)
9928 {
9929 struct mbuf *result = NULL, *m = NULL;
9930
9931 m = key_setsadbmsg(SADB_GETSASTAT, 0, 0, seq, pid, 0);
9932 if (!m) {
9933 goto fail;
9934 }
9935 result = m;
9936
9937 m = key_setsadbsession_id(session_ids);
9938 if (!m) {
9939 goto fail;
9940 }
9941 m_cat(result, m);
9942
9943 m = key_setsadbsastat(dir,
9944 stats,
9945 max_stats);
9946 if (!m) {
9947 goto fail;
9948 }
9949 m_cat(result, m);
9950
9951 if ((result->m_flags & M_PKTHDR) == 0) {
9952 goto fail;
9953 }
9954
9955 if (result->m_len < sizeof(struct sadb_msg)) {
9956 result = m_pullup(result, sizeof(struct sadb_msg));
9957 if (result == NULL) {
9958 goto fail;
9959 }
9960 }
9961
9962 result->m_pkthdr.len = 0;
9963 for (m = result; m; m = m->m_next) {
9964 result->m_pkthdr.len += m->m_len;
9965 }
9966
9967 mtod(result, struct sadb_msg *)->sadb_msg_len =
9968 PFKEY_UNIT64(result->m_pkthdr.len);
9969
9970 return result;
9971
9972 fail:
9973 if (result) {
9974 m_freem(result);
9975 }
9976 return NULL;
9977 }
9978
9979 /*
9980 * SADB_GETSASTAT processing
9981 * dump all stats for matching entries in SAD.
9982 *
9983 * m will always be freed.
9984 */
9985
9986 static int
9987 key_getsastat (struct socket *so,
9988 struct mbuf *m,
9989 const struct sadb_msghdr *mhp)
9990 {
9991 struct sadb_session_id *session_id;
9992 u_int32_t bufsize, arg_count, res_count;
9993 struct sadb_sastat *sa_stats_arg;
9994 struct sastat *sa_stats_sav = NULL;
9995 struct mbuf *n;
9996 int error = 0;
9997
9998 /* sanity check */
9999 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
10000 panic("%s: NULL pointer is passed.\n", __FUNCTION__);
10001
10002 if (mhp->ext[SADB_EXT_SESSION_ID] == NULL) {
10003 printf("%s: invalid message is passed. missing session-id.\n", __FUNCTION__);
10004 return key_senderror(so, m, EINVAL);
10005 }
10006 if (mhp->extlen[SADB_EXT_SESSION_ID] < sizeof(struct sadb_session_id)) {
10007 printf("%s: invalid message is passed. short session-id.\n", __FUNCTION__);
10008 return key_senderror(so, m, EINVAL);
10009 }
10010 if (mhp->ext[SADB_EXT_SASTAT] == NULL) {
10011 printf("%s: invalid message is passed. missing stat args.\n", __FUNCTION__);
10012 return key_senderror(so, m, EINVAL);
10013 }
10014 if (mhp->extlen[SADB_EXT_SASTAT] < sizeof(*sa_stats_arg)) {
10015 printf("%s: invalid message is passed. short stat args.\n", __FUNCTION__);
10016 return key_senderror(so, m, EINVAL);
10017 }
10018
10019 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
10020
10021 // exit early if there are no active SAs
10022 if (ipsec_sav_count <= 0) {
10023 printf("%s: No active SAs.\n", __FUNCTION__);
10024 error = ENOENT;
10025 goto end;
10026 }
10027 bufsize = (ipsec_sav_count + 1) * sizeof(*sa_stats_sav);
10028
10029 KMALLOC_WAIT(sa_stats_sav, __typeof__(sa_stats_sav), bufsize);
10030 if (sa_stats_sav == NULL) {
10031 printf("%s: No more memory.\n", __FUNCTION__);
10032 error = ENOMEM;
10033 goto end;
10034 }
10035 bzero(sa_stats_sav, bufsize);
10036
10037 sa_stats_arg = (__typeof__(sa_stats_arg))
10038 (void *)mhp->ext[SADB_EXT_SASTAT];
10039 arg_count = sa_stats_arg->sadb_sastat_list_len;
10040 // exit early if there are no requested SAs
10041 if (arg_count == 0) {
10042 printf("%s: No SAs requested.\n", __FUNCTION__);
10043 error = ENOENT;
10044 goto end;
10045 }
10046 res_count = 0;
10047
10048 if (key_getsastatbyspi((struct sastat *)(sa_stats_arg + 1),
10049 arg_count,
10050 sa_stats_sav,
10051 &res_count)) {
10052 printf("%s: Error finding SAs.\n", __FUNCTION__);
10053 error = ENOENT;
10054 goto end;
10055 }
10056 if (!res_count) {
10057 printf("%s: No SAs found.\n", __FUNCTION__);
10058 error = ENOENT;
10059 goto end;
10060 }
10061
10062 session_id = (__typeof__(session_id))
10063 (void *)mhp->ext[SADB_EXT_SESSION_ID];
10064
10065 /* send this to the userland. */
10066 n = key_setdumpsastats(sa_stats_arg->sadb_sastat_dir,
10067 sa_stats_sav,
10068 res_count,
10069 session_id->sadb_session_id_v,
10070 mhp->msg->sadb_msg_seq,
10071 mhp->msg->sadb_msg_pid);
10072 if (!n) {
10073 printf("%s: No bufs to dump stats.\n", __FUNCTION__);
10074 error = ENOBUFS;
10075 goto end;
10076 }
10077
10078 key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
10079 end:
10080 if (sa_stats_sav) {
10081 KFREE(sa_stats_sav);
10082 }
10083
10084 if (error)
10085 return key_senderror(so, m, error);
10086
10087 m_freem(m);
10088 return 0;
10089 }
10090
10091 static void
10092 key_update_natt_keepalive_timestamp (struct secasvar *sav_sent,
10093 struct secasvar *sav_update)
10094 {
10095 struct secasindex saidx_swap_sent_addr;
10096
10097 // exit early if two SAs are identical, or if sav_update is current
10098 if (sav_sent == sav_update ||
10099 sav_update->natt_last_activity == natt_now) {
10100 return;
10101 }
10102
10103 // assuming that (sav_update->remote_ike_port != 0 && (esp_udp_encap_port & 0xFFFF) != 0)
10104
10105 bzero(&saidx_swap_sent_addr, sizeof(saidx_swap_sent_addr));
10106 memcpy(&saidx_swap_sent_addr.src, &sav_sent->sah->saidx.dst, sizeof(saidx_swap_sent_addr.src));
10107 memcpy(&saidx_swap_sent_addr.dst, &sav_sent->sah->saidx.src, sizeof(saidx_swap_sent_addr.dst));
10108 saidx_swap_sent_addr.proto = sav_sent->sah->saidx.proto;
10109 saidx_swap_sent_addr.mode = sav_sent->sah->saidx.mode;
10110 // we ignore reqid for split-tunnel setups
10111
10112 if (key_cmpsaidx(&sav_sent->sah->saidx, &sav_update->sah->saidx, CMP_MODE | CMP_PORT) ||
10113 key_cmpsaidx(&saidx_swap_sent_addr, &sav_update->sah->saidx, CMP_MODE | CMP_PORT)) {
10114 sav_update->natt_last_activity = natt_now;
10115 }
10116 }
10117
10118 static int
10119 key_send_delsp (struct secpolicy *sp)
10120 {
10121 struct mbuf *result = NULL, *m;
10122
10123 if (sp == NULL)
10124 goto fail;
10125
10126 /* set msg header */
10127 m = key_setsadbmsg(SADB_X_SPDDELETE, 0, 0, 0, 0, 0);
10128 if (!m) {
10129 goto fail;
10130 }
10131 result = m;
10132
10133 /* set sadb_address(es) for source */
10134 if (sp->spidx.src_range.start.ss_len > 0) {
10135 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_START,
10136 (struct sockaddr *)&sp->spidx.src_range.start, sp->spidx.prefs,
10137 sp->spidx.ul_proto);
10138 if (!m)
10139 goto fail;
10140 m_cat(result, m);
10141
10142 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_END,
10143 (struct sockaddr *)&sp->spidx.src_range.end, sp->spidx.prefs,
10144 sp->spidx.ul_proto);
10145 if (!m)
10146 goto fail;
10147 m_cat(result, m);
10148 } else {
10149 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
10150 (struct sockaddr *)&sp->spidx.src, sp->spidx.prefs,
10151 sp->spidx.ul_proto);
10152 if (!m)
10153 goto fail;
10154 m_cat(result, m);
10155 }
10156
10157 /* set sadb_address(es) for destination */
10158 if (sp->spidx.dst_range.start.ss_len > 0) {
10159 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_START,
10160 (struct sockaddr *)&sp->spidx.dst_range.start, sp->spidx.prefd,
10161 sp->spidx.ul_proto);
10162 if (!m)
10163 goto fail;
10164 m_cat(result, m);
10165
10166 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_END,
10167 (struct sockaddr *)&sp->spidx.dst_range.end, sp->spidx.prefd,
10168 sp->spidx.ul_proto);
10169 if (!m)
10170 goto fail;
10171 m_cat(result, m);
10172 } else {
10173 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
10174 (struct sockaddr *)&sp->spidx.dst, sp->spidx.prefd,
10175 sp->spidx.ul_proto);
10176 if (!m)
10177 goto fail;
10178 m_cat(result, m);
10179 }
10180
10181 /* set secpolicy */
10182 m = key_sp2msg(sp);
10183 if (!m) {
10184 goto fail;
10185 }
10186 m_cat(result, m);
10187
10188 if ((result->m_flags & M_PKTHDR) == 0) {
10189 goto fail;
10190 }
10191
10192 if (result->m_len < sizeof(struct sadb_msg)) {
10193 result = m_pullup(result, sizeof(struct sadb_msg));
10194 if (result == NULL) {
10195 goto fail;
10196 }
10197 }
10198
10199 result->m_pkthdr.len = 0;
10200 for (m = result; m; m = m->m_next)
10201 result->m_pkthdr.len += m->m_len;
10202
10203 mtod(result, struct sadb_msg *)->sadb_msg_len = PFKEY_UNIT64(result->m_pkthdr.len);
10204
10205 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
10206
10207 fail:
10208 if (result)
10209 m_free(result);
10210 return -1;
10211 }
10212
10213 void
10214 key_delsp_for_ipsec_if (ifnet_t ipsec_if)
10215 {
10216 struct secashead *sah;
10217 struct secasvar *sav, *nextsav;
10218 u_int stateidx;
10219 u_int state;
10220 struct secpolicy *sp, *nextsp;
10221 int dir;
10222
10223 if (ipsec_if == NULL)
10224 return;
10225
10226 lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
10227
10228 lck_mtx_lock(sadb_mutex);
10229
10230 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
10231 for (sp = LIST_FIRST(&sptree[dir]);
10232 sp != NULL;
10233 sp = nextsp) {
10234
10235 nextsp = LIST_NEXT(sp, chain);
10236
10237 if (sp->ipsec_if == ipsec_if) {
10238 ifnet_release(sp->ipsec_if);
10239 sp->ipsec_if = NULL;
10240
10241 key_send_delsp(sp);
10242
10243 sp->state = IPSEC_SPSTATE_DEAD;
10244 key_freesp(sp, KEY_SADB_LOCKED);
10245 }
10246 }
10247 }
10248
10249 LIST_FOREACH(sah, &sahtree, chain) {
10250 if (sah->ipsec_if == ipsec_if) {
10251 /* This SAH is linked to the IPSec interface. It now needs to close. */
10252 ifnet_release(sah->ipsec_if);
10253 sah->ipsec_if = NULL;
10254
10255 for (stateidx = 0; stateidx < _ARRAYLEN(saorder_state_alive); stateidx++) {
10256 state = saorder_state_any[stateidx];
10257 for (sav = LIST_FIRST(&sah->savtree[state]); sav != NULL; sav = nextsav) {
10258 nextsav = LIST_NEXT(sav, chain);
10259
10260 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
10261 key_freesav(sav, KEY_SADB_LOCKED);
10262 }
10263 }
10264
10265 sah->state = SADB_SASTATE_DEAD;
10266 }
10267 }
10268
10269 lck_mtx_unlock(sadb_mutex);
10270 }
10271
10272 __private_extern__ u_int32_t
10273 key_fill_offload_frames_for_savs (ifnet_t ifp,
10274 struct ifnet_keepalive_offload_frame *frames_array,
10275 u_int32_t frames_array_count,
10276 size_t frame_data_offset)
10277 {
10278 struct secashead *sah = NULL;
10279 struct secasvar *sav = NULL;
10280 struct ifnet_keepalive_offload_frame *frame = frames_array;
10281 u_int32_t frame_index = 0;
10282
10283 if (frame == NULL || frames_array_count == 0) {
10284 return (frame_index);
10285 }
10286
10287 lck_mtx_lock(sadb_mutex);
10288 LIST_FOREACH(sah, &sahtree, chain) {
10289 LIST_FOREACH(sav, &sah->savtree[SADB_SASTATE_MATURE], chain) {
10290 if (ipsec_fill_offload_frame(ifp, sav, frame, frame_data_offset)) {
10291 frame_index++;
10292 if (frame_index >= frames_array_count) {
10293 lck_mtx_unlock(sadb_mutex);
10294 return (frame_index);
10295 }
10296 frame = &(frames_array[frame_index]);
10297 }
10298 }
10299 }
10300 lck_mtx_unlock(sadb_mutex);
10301
10302 return (frame_index);
10303 }