]> git.saurik.com Git - apple/xnu.git/blob - bsd/netkey/key.c
projects / apple / xnu.git / blob
? search:


f373441d06af49b7a008b0a933660f71d06041a3
[apple/xnu.git] / bsd / netkey / key.c
1 /*
2 * Copyright (c) 2008-2016 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /* $FreeBSD: src/sys/netkey/key.c,v 1.16.2.13 2002/07/24 18:17:40 ume Exp $ */
30 /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
31
32 /*
33 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
34 * All rights reserved.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 3. Neither the name of the project nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 */
60
61 /*
62 * This code is referd to RFC 2367
63 */
64
65 #include <machine/endian.h>
66 #include <sys/types.h>
67 #include <sys/param.h>
68 #include <sys/systm.h>
69 #include <sys/kernel.h>
70 #include <sys/mbuf.h>
71 #include <sys/domain.h>
72 #include <sys/protosw.h>
73 #include <sys/malloc.h>
74 #include <sys/socket.h>
75 #include <sys/socketvar.h>
76 #include <sys/sysctl.h>
77 #include <sys/errno.h>
78 #include <sys/proc.h>
79 #include <sys/queue.h>
80 #include <sys/syslog.h>
81 #include <sys/mcache.h>
82
83 #include <kern/locks.h>
84
85 #include <net/if.h>
86 #include <net/route.h>
87 #include <net/raw_cb.h>
88
89 #include <netinet/in.h>
90 #include <netinet/in_systm.h>
91 #include <netinet/ip.h>
92 #include <netinet/in_var.h>
93
94 #if INET6
95 #include <netinet/ip6.h>
96 #include <netinet6/in6_var.h>
97 #include <netinet6/ip6_var.h>
98 #endif /* INET6 */
99
100 #include <net/pfkeyv2.h>
101 #include <netkey/keydb.h>
102 #include <netkey/key.h>
103 #include <netkey/keysock.h>
104 #include <netkey/key_debug.h>
105 #include <stdarg.h>
106 #include <libkern/crypto/rand.h>
107
108 #include <netinet6/ipsec.h>
109 #if INET6
110 #include <netinet6/ipsec6.h>
111 #endif
112 #include <netinet6/ah.h>
113 #if INET6
114 #include <netinet6/ah6.h>
115 #endif
116 #if IPSEC_ESP
117 #include <netinet6/esp.h>
118 #if INET6
119 #include <netinet6/esp6.h>
120 #endif
121 #endif
122 #include <netinet6/ipcomp.h>
123 #if INET6
124 #include <netinet6/ipcomp6.h>
125 #endif
126
127
128 /* randomness */
129 #include <sys/random.h>
130
131 #include <net/net_osdep.h>
132
133 #define FULLMASK 0xff
134
135 lck_grp_t *sadb_mutex_grp;
136 lck_grp_attr_t *sadb_mutex_grp_attr;
137 lck_attr_t *sadb_mutex_attr;
138 decl_lck_mtx_data(, sadb_mutex_data);
139 lck_mtx_t *sadb_mutex = &sadb_mutex_data;
140
141 lck_grp_t *pfkey_stat_mutex_grp;
142 lck_grp_attr_t *pfkey_stat_mutex_grp_attr;
143 lck_attr_t *pfkey_stat_mutex_attr;
144 decl_lck_mtx_data(, pfkey_stat_mutex_data);
145 lck_mtx_t *pfkey_stat_mutex = &pfkey_stat_mutex_data;
146
147 /*
148 * Note on SA reference counting:
149 * - SAs that are not in DEAD state will have (total external reference + 1)
150 * following value in reference count field. they cannot be freed and are
151 * referenced from SA header.
152 * - SAs that are in DEAD state will have (total external reference)
153 * in reference count field. they are ready to be freed. reference from
154 * SA header will be removed in key_delsav(), when the reference count
155 * field hits 0 (= no external reference other than from SA header.
156 */
157
158 u_int32_t key_debug_level = 0; //### our sysctl is not dynamic
159 static int key_timehandler_running = 0;
160 static u_int key_spi_trycnt = 1000;
161 static u_int32_t key_spi_minval = 0x100;
162 static u_int32_t key_spi_maxval = 0x0fffffff; /* XXX */
163 static u_int32_t policy_id = 0;
164 static u_int key_int_random = 60; /*interval to initialize randseed,1(m)*/
165 static u_int key_larval_lifetime = 30; /* interval to expire acquiring, 30(s)*/
166 static int key_blockacq_count = 10; /* counter for blocking SADB_ACQUIRE.*/
167 static int key_blockacq_lifetime = 20; /* lifetime for blocking SADB_ACQUIRE.*/
168 static int key_preferred_oldsa = 0; /* preferred old sa rather than new sa.*/
169 __private_extern__ int natt_keepalive_interval = 20; /* interval between natt keepalives.*/
170 __private_extern__ int ipsec_policy_count = 0;
171 static int ipsec_sav_count = 0;
172
173 static u_int32_t acq_seq = 0;
174 static int key_tick_init_random = 0;
175 static u_int64_t up_time = 0;
176 __private_extern__ u_int64_t natt_now = 0;
177
178 static LIST_HEAD(_sptree, secpolicy) sptree[IPSEC_DIR_MAX]; /* SPD */
179 static LIST_HEAD(_sahtree, secashead) sahtree; /* SAD */
180 static LIST_HEAD(_regtree, secreg) regtree[SADB_SATYPE_MAX + 1];
181 /* registed list */
182
183 #define SPIHASHSIZE 128
184 #define SPIHASH(x) (((x) ^ ((x) >> 16)) % SPIHASHSIZE)
185 static LIST_HEAD(_spihash, secasvar) spihash[SPIHASHSIZE];
186
187 #ifndef IPSEC_NONBLOCK_ACQUIRE
188 static LIST_HEAD(_acqtree, secacq) acqtree; /* acquiring list */
189 #endif
190 static LIST_HEAD(_spacqtree, secspacq) spacqtree; /* SP acquiring list */
191
192 struct key_cb key_cb;
193
194 /* search order for SAs */
195 static const u_int saorder_state_valid_prefer_old[] = {
196 SADB_SASTATE_DYING, SADB_SASTATE_MATURE,
197 };
198 static const u_int saorder_state_valid_prefer_new[] = {
199 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
200 };
201 static const u_int saorder_state_alive[] = {
202 /* except DEAD */
203 SADB_SASTATE_MATURE, SADB_SASTATE_DYING, SADB_SASTATE_LARVAL
204 };
205 static const u_int saorder_state_any[] = {
206 SADB_SASTATE_MATURE, SADB_SASTATE_DYING,
207 SADB_SASTATE_LARVAL, SADB_SASTATE_DEAD
208 };
209
210 static const int minsize[] = {
211 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
212 sizeof(struct sadb_sa), /* SADB_EXT_SA */
213 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
214 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
215 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
216 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_SRC */
217 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_DST */
218 sizeof(struct sadb_address), /* SADB_EXT_ADDRESS_PROXY */
219 sizeof(struct sadb_key), /* SADB_EXT_KEY_AUTH */
220 sizeof(struct sadb_key), /* SADB_EXT_KEY_ENCRYPT */
221 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_SRC */
222 sizeof(struct sadb_ident), /* SADB_EXT_IDENTITY_DST */
223 sizeof(struct sadb_sens), /* SADB_EXT_SENSITIVITY */
224 sizeof(struct sadb_prop), /* SADB_EXT_PROPOSAL */
225 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_AUTH */
226 sizeof(struct sadb_supported), /* SADB_EXT_SUPPORTED_ENCRYPT */
227 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
228 0, /* SADB_X_EXT_KMPRIVATE */
229 sizeof(struct sadb_x_policy), /* SADB_X_EXT_POLICY */
230 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
231 sizeof(struct sadb_session_id), /* SADB_EXT_SESSION_ID */
232 sizeof(struct sadb_sastat), /* SADB_EXT_SASTAT */
233 sizeof(struct sadb_x_ipsecif), /* SADB_X_EXT_IPSECIF */
234 sizeof(struct sadb_address), /* SADB_X_EXT_ADDR_RANGE_SRC_START */
235 sizeof(struct sadb_address), /* SADB_X_EXT_ADDR_RANGE_SRC_END */
236 sizeof(struct sadb_address), /* SADB_X_EXT_ADDR_RANGE_DST_START */
237 sizeof(struct sadb_address), /* SADB_X_EXT_ADDR_RANGE_DST_END */
238 sizeof(struct sadb_address), /* SADB_EXT_MIGRATE_ADDRESS_SRC */
239 sizeof(struct sadb_address), /* SADB_EXT_MIGRATE_ADDRESS_DST */
240 sizeof(struct sadb_x_ipsecif), /* SADB_X_EXT_MIGRATE_IPSECIF */
241 };
242 static const int maxsize[] = {
243 sizeof(struct sadb_msg), /* SADB_EXT_RESERVED */
244 sizeof(struct sadb_sa_2), /* SADB_EXT_SA */
245 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_CURRENT */
246 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_HARD */
247 sizeof(struct sadb_lifetime), /* SADB_EXT_LIFETIME_SOFT */
248 0, /* SADB_EXT_ADDRESS_SRC */
249 0, /* SADB_EXT_ADDRESS_DST */
250 0, /* SADB_EXT_ADDRESS_PROXY */
251 0, /* SADB_EXT_KEY_AUTH */
252 0, /* SADB_EXT_KEY_ENCRYPT */
253 0, /* SADB_EXT_IDENTITY_SRC */
254 0, /* SADB_EXT_IDENTITY_DST */
255 0, /* SADB_EXT_SENSITIVITY */
256 0, /* SADB_EXT_PROPOSAL */
257 0, /* SADB_EXT_SUPPORTED_AUTH */
258 0, /* SADB_EXT_SUPPORTED_ENCRYPT */
259 sizeof(struct sadb_spirange), /* SADB_EXT_SPIRANGE */
260 0, /* SADB_X_EXT_KMPRIVATE */
261 0, /* SADB_X_EXT_POLICY */
262 sizeof(struct sadb_x_sa2), /* SADB_X_SA2 */
263 0, /* SADB_EXT_SESSION_ID */
264 0, /* SADB_EXT_SASTAT */
265 sizeof(struct sadb_x_ipsecif), /* SADB_X_EXT_IPSECIF */
266 0, /* SADB_X_EXT_ADDR_RANGE_SRC_START */
267 0, /* SADB_X_EXT_ADDR_RANGE_SRC_END */
268 0, /* SADB_X_EXT_ADDR_RANGE_DST_START */
269 0, /* SADB_X_EXT_ADDR_RANGE_DST_END */
270 0, /* SADB_EXT_MIGRATE_ADDRESS_SRC */
271 0, /* SADB_EXT_MIGRATE_ADDRESS_DST */
272 sizeof(struct sadb_x_ipsecif), /* SADB_X_EXT_MIGRATE_IPSECIF */
273 };
274
275 static int ipsec_esp_keymin = 256;
276 static int ipsec_esp_auth = 0;
277 static int ipsec_ah_keymin = 128;
278
279 SYSCTL_DECL(_net_key);
280 /* Thread safe: no accumulated state */
281 SYSCTL_INT(_net_key, KEYCTL_DEBUG_LEVEL, debug, CTLFLAG_RW | CTLFLAG_LOCKED, \
282 &key_debug_level, 0, "");
283
284
285 /* max count of trial for the decision of spi value */
286 SYSCTL_INT(_net_key, KEYCTL_SPI_TRY, spi_trycnt, CTLFLAG_RW | CTLFLAG_LOCKED, \
287 &key_spi_trycnt, 0, "");
288
289 /* minimum spi value to allocate automatically. */
290 SYSCTL_INT(_net_key, KEYCTL_SPI_MIN_VALUE, spi_minval, CTLFLAG_RW | CTLFLAG_LOCKED, \
291 &key_spi_minval, 0, "");
292
293 /* maximun spi value to allocate automatically. */
294 SYSCTL_INT(_net_key, KEYCTL_SPI_MAX_VALUE, spi_maxval, CTLFLAG_RW | CTLFLAG_LOCKED, \
295 &key_spi_maxval, 0, "");
296
297 /* interval to initialize randseed */
298 SYSCTL_INT(_net_key, KEYCTL_RANDOM_INT, int_random, CTLFLAG_RW | CTLFLAG_LOCKED, \
299 &key_int_random, 0, "");
300
301 /* lifetime for larval SA; thread safe due to > compare */
302 SYSCTL_INT(_net_key, KEYCTL_LARVAL_LIFETIME, larval_lifetime, CTLFLAG_RW | CTLFLAG_LOCKED, \
303 &key_larval_lifetime, 0, "");
304
305 /* counter for blocking to send SADB_ACQUIRE to IKEd */
306 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_COUNT, blockacq_count, CTLFLAG_RW | CTLFLAG_LOCKED, \
307 &key_blockacq_count, 0, "");
308
309 /* lifetime for blocking to send SADB_ACQUIRE to IKEd: Thread safe, > compare */
310 SYSCTL_INT(_net_key, KEYCTL_BLOCKACQ_LIFETIME, blockacq_lifetime, CTLFLAG_RW | CTLFLAG_LOCKED, \
311 &key_blockacq_lifetime, 0, "");
312
313 /* ESP auth */
314 SYSCTL_INT(_net_key, KEYCTL_ESP_AUTH, esp_auth, CTLFLAG_RW | CTLFLAG_LOCKED, \
315 &ipsec_esp_auth, 0, "");
316
317 /* minimum ESP key length */
318 SYSCTL_INT(_net_key, KEYCTL_ESP_KEYMIN, esp_keymin, CTLFLAG_RW | CTLFLAG_LOCKED, \
319 &ipsec_esp_keymin, 0, "");
320
321 /* minimum AH key length */
322 SYSCTL_INT(_net_key, KEYCTL_AH_KEYMIN, ah_keymin, CTLFLAG_RW | CTLFLAG_LOCKED, \
323 &ipsec_ah_keymin, 0, "");
324
325 /* perfered old SA rather than new SA */
326 SYSCTL_INT(_net_key, KEYCTL_PREFERED_OLDSA, prefered_oldsa, CTLFLAG_RW | CTLFLAG_LOCKED,\
327 &key_preferred_oldsa, 0, "");
328
329 /* time between NATT keepalives in seconds, 0 disabled */
330 SYSCTL_INT(_net_key, KEYCTL_NATT_KEEPALIVE_INTERVAL, natt_keepalive_interval, CTLFLAG_RW | CTLFLAG_LOCKED,\
331 &natt_keepalive_interval, 0, "");
332
333 /* PF_KEY statistics */
334 SYSCTL_STRUCT(_net_key, KEYCTL_PFKEYSTAT, pfkeystat, CTLFLAG_RD | CTLFLAG_LOCKED,\
335 &pfkeystat, pfkeystat, "");
336
337 #ifndef LIST_FOREACH
338 #define LIST_FOREACH(elm, head, field) \
339 for (elm = LIST_FIRST(head); elm; elm = LIST_NEXT(elm, field))
340 #endif
341 #define __LIST_CHAINED(elm) \
342 (!((elm)->chain.le_next == NULL && (elm)->chain.le_prev == NULL))
343 #define LIST_INSERT_TAIL(head, elm, type, field) \
344 do {\
345 struct type *curelm = LIST_FIRST(head); \
346 if (curelm == NULL) {\
347 LIST_INSERT_HEAD(head, elm, field); \
348 } else { \
349 while (LIST_NEXT(curelm, field)) \
350 curelm = LIST_NEXT(curelm, field);\
351 LIST_INSERT_AFTER(curelm, elm, field);\
352 }\
353 } while (0)
354
355 #define KEY_CHKSASTATE(head, sav, name) \
356 do { \
357 if ((head) != (sav)) { \
358 ipseclog((LOG_DEBUG, "%s: state mismatched (TREE=%d SA=%d)\n", \
359 (name), (head), (sav))); \
360 continue; \
361 } \
362 } while (0)
363
364 #define KEY_CHKSPDIR(head, sp, name) \
365 do { \
366 if ((head) != (sp)) { \
367 ipseclog((LOG_DEBUG, "%s: direction mismatched (TREE=%d SP=%d), " \
368 "anyway continue.\n", \
369 (name), (head), (sp))); \
370 } \
371 } while (0)
372
373 #if 1
374 #define KMALLOC_WAIT(p, t, n) \
375 ((p) = (t) _MALLOC((u_int32_t)(n), M_SECA, M_WAITOK))
376 #define KMALLOC_NOWAIT(p, t, n) \
377 ((p) = (t) _MALLOC((u_int32_t)(n), M_SECA, M_NOWAIT))
378 #define KFREE(p) \
379 _FREE((caddr_t)(p), M_SECA);
380 #else
381 #define KMALLOC_WAIT(p, t, n) \
382 do { \
383 ((p) = (t)_MALLOC((u_int32_t)(n), M_SECA, M_WAITOK)); \
384 printf("%s %d: %p <- KMALLOC_WAIT(%s, %d)\n", \
385 __FILE__, __LINE__, (p), #t, n); \
386 } while (0)
387 #define KMALLOC_NOWAIT(p, t, n) \
388 do { \
389 ((p) = (t)_MALLOC((u_int32_t)(n), M_SECA, M_NOWAIT)); \
390 printf("%s %d: %p <- KMALLOC_NOWAIT(%s, %d)\n", \
391 __FILE__, __LINE__, (p), #t, n); \
392 } while (0)
393
394 #define KFREE(p) \
395 do { \
396 printf("%s %d: %p -> KFREE()\n", __FILE__, __LINE__, (p)); \
397 _FREE((caddr_t)(p), M_SECA); \
398 } while (0)
399 #endif
400
401 /*
402 * set parameters into secpolicyindex buffer.
403 * Must allocate secpolicyindex buffer passed to this function.
404 */
405 #define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, ifp, s_s, s_e, d_s, d_e, idx) \
406 do { \
407 bzero((idx), sizeof(struct secpolicyindex)); \
408 (idx)->dir = (_dir); \
409 (idx)->prefs = (ps); \
410 (idx)->prefd = (pd); \
411 (idx)->ul_proto = (ulp); \
412 (idx)->internal_if = (ifp); \
413 if (s) bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len); \
414 if (d) bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len); \
415 if (s_s) bcopy((s_s), &(idx)->src_range.start, ((struct sockaddr *)(s_s))->sa_len); \
416 if (s_e) bcopy((s_e), &(idx)->src_range.end, ((struct sockaddr *)(s_e))->sa_len); \
417 if (d_s) bcopy((d_s), &(idx)->dst_range.start, ((struct sockaddr *)(d_s))->sa_len); \
418 if (d_e) bcopy((d_e), &(idx)->dst_range.end, ((struct sockaddr *)(d_e))->sa_len); \
419 } while (0)
420
421 /*
422 * set parameters into secasindex buffer.
423 * Must allocate secasindex buffer before calling this function.
424 */
425 #define KEY_SETSECASIDX(p, m, r, s, d, ifi, idx) \
426 do { \
427 bzero((idx), sizeof(struct secasindex)); \
428 (idx)->proto = (p); \
429 (idx)->mode = (m); \
430 (idx)->reqid = (r); \
431 bcopy((s), &(idx)->src, ((const struct sockaddr *)(s))->sa_len); \
432 bcopy((d), &(idx)->dst, ((const struct sockaddr *)(d))->sa_len); \
433 (idx)->ipsec_ifindex = (ifi); \
434 } while (0)
435
436 /* key statistics */
437 struct _keystat {
438 u_int32_t getspi_count; /* the avarage of count to try to get new SPI */
439 } keystat;
440
441 struct sadb_msghdr {
442 struct sadb_msg *msg;
443 struct sadb_ext *ext[SADB_EXT_MAX + 1];
444 int extoff[SADB_EXT_MAX + 1];
445 int extlen[SADB_EXT_MAX + 1];
446 };
447
448 static struct secpolicy *__key_getspbyid(u_int32_t id);
449 static struct secasvar *key_do_allocsa_policy(struct secashead *, u_int, u_int16_t);
450 static int key_do_get_translated_port(struct secashead *, struct secasvar *, u_int);
451 static void key_delsp(struct secpolicy *);
452 static struct secpolicy *key_getsp(struct secpolicyindex *);
453 static u_int32_t key_newreqid(void);
454 static struct mbuf *key_gather_mbuf(struct mbuf *,
455 const struct sadb_msghdr *, int, int, int *);
456 static int key_spdadd(struct socket *, struct mbuf *,
457 const struct sadb_msghdr *);
458 static u_int32_t key_getnewspid(void);
459 static int key_spddelete(struct socket *, struct mbuf *,
460 const struct sadb_msghdr *);
461 static int key_spddelete2(struct socket *, struct mbuf *,
462 const struct sadb_msghdr *);
463 static int key_spdenable(struct socket *, struct mbuf *,
464 const struct sadb_msghdr *);
465 static int key_spddisable(struct socket *, struct mbuf *,
466 const struct sadb_msghdr *);
467 static int key_spdget(struct socket *, struct mbuf *,
468 const struct sadb_msghdr *);
469 static int key_spdflush(struct socket *, struct mbuf *,
470 const struct sadb_msghdr *);
471 static int key_spddump(struct socket *, struct mbuf *,
472 const struct sadb_msghdr *);
473 static struct mbuf *key_setdumpsp(struct secpolicy *,
474 u_int8_t, u_int32_t, u_int32_t);
475 static u_int key_getspreqmsglen(struct secpolicy *);
476 static int key_spdexpire(struct secpolicy *);
477 static struct secashead *key_newsah(struct secasindex *, ifnet_t, u_int, u_int8_t);
478 static struct secasvar *key_newsav(struct mbuf *,
479 const struct sadb_msghdr *, struct secashead *, int *,
480 struct socket *);
481 static struct secashead *key_getsah(struct secasindex *);
482 static struct secasvar *key_checkspidup(struct secasindex *, u_int32_t);
483 static void key_setspi __P((struct secasvar *, u_int32_t));
484 static struct secasvar *key_getsavbyspi(struct secashead *, u_int32_t);
485 static int key_setsaval(struct secasvar *, struct mbuf *,
486 const struct sadb_msghdr *);
487 static int key_mature(struct secasvar *);
488 static struct mbuf *key_setdumpsa(struct secasvar *, u_int8_t,
489 u_int8_t, u_int32_t, u_int32_t);
490 static struct mbuf *key_setsadbmsg(u_int8_t, u_int16_t, u_int8_t,
491 u_int32_t, pid_t, u_int16_t);
492 static struct mbuf *key_setsadbsa(struct secasvar *);
493 static struct mbuf *key_setsadbaddr(u_int16_t,
494 struct sockaddr *, u_int8_t, u_int16_t);
495 static struct mbuf *key_setsadbipsecif(ifnet_t, ifnet_t, ifnet_t, int);
496 #if 0
497 static struct mbuf *key_setsadbident(u_int16_t, u_int16_t, caddr_t,
498 int, u_int64_t);
499 #endif
500 static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t, u_int32_t, u_int16_t);
501 static struct mbuf *key_setsadbxpolicy(u_int16_t, u_int8_t,
502 u_int32_t);
503 static void *key_newbuf(const void *, u_int);
504 #if INET6
505 static int key_ismyaddr6(struct sockaddr_in6 *);
506 #endif
507 static void key_update_natt_keepalive_timestamp(struct secasvar *, struct secasvar *);
508
509 /* flags for key_cmpsaidx() */
510 #define CMP_HEAD 0x1 /* protocol, addresses. */
511 #define CMP_PORT 0x2 /* additionally HEAD, reqid, mode. */
512 #define CMP_REQID 0x4 /* additionally HEAD, reqid. */
513 #define CMP_MODE 0x8 /* additionally mode. */
514 #define CMP_EXACTLY 0xF /* all elements. */
515 static int key_cmpsaidx(struct secasindex *, struct secasindex *, int);
516
517 static int key_cmpspidx_exactly(struct secpolicyindex *,
518 struct secpolicyindex *);
519 static int key_cmpspidx_withmask(struct secpolicyindex *,
520 struct secpolicyindex *);
521 static int key_sockaddrcmp(struct sockaddr *, struct sockaddr *, int);
522 static int key_is_addr_in_range(struct sockaddr_storage *, struct secpolicyaddrrange *);
523 static int key_bbcmp(caddr_t, caddr_t, u_int);
524 static void key_srandom(void);
525 static u_int16_t key_satype2proto(u_int8_t);
526 static u_int8_t key_proto2satype(u_int16_t);
527
528 static int key_getspi(struct socket *, struct mbuf *,
529 const struct sadb_msghdr *);
530 static u_int32_t key_do_getnewspi(struct sadb_spirange *, struct secasindex *);
531 static int key_update(struct socket *, struct mbuf *,
532 const struct sadb_msghdr *);
533 #if IPSEC_DOSEQCHECK
534 static struct secasvar *key_getsavbyseq(struct secashead *, u_int32_t);
535 #endif
536 static int key_add(struct socket *, struct mbuf *, const struct sadb_msghdr *);
537 static int key_setident(struct secashead *, struct mbuf *,
538 const struct sadb_msghdr *);
539 static struct mbuf *key_getmsgbuf_x1(struct mbuf *, const struct sadb_msghdr *);
540 static int key_delete(struct socket *, struct mbuf *,
541 const struct sadb_msghdr *);
542 static int key_get(struct socket *, struct mbuf *, const struct sadb_msghdr *);
543
544 static void key_getcomb_setlifetime(struct sadb_comb *);
545 #if IPSEC_ESP
546 static struct mbuf *key_getcomb_esp(void);
547 #endif
548 static struct mbuf *key_getcomb_ah(void);
549 static struct mbuf *key_getcomb_ipcomp(void);
550 static struct mbuf *key_getprop(const struct secasindex *);
551
552 static int key_acquire(struct secasindex *, struct secpolicy *);
553 #ifndef IPSEC_NONBLOCK_ACQUIRE
554 static struct secacq *key_newacq(struct secasindex *);
555 static struct secacq *key_getacq(struct secasindex *);
556 static struct secacq *key_getacqbyseq(u_int32_t);
557 #endif
558 static struct secspacq *key_newspacq(struct secpolicyindex *);
559 static struct secspacq *key_getspacq(struct secpolicyindex *);
560 static int key_acquire2(struct socket *, struct mbuf *,
561 const struct sadb_msghdr *);
562 static int key_register(struct socket *, struct mbuf *,
563 const struct sadb_msghdr *);
564 static int key_expire(struct secasvar *);
565 static int key_flush(struct socket *, struct mbuf *,
566 const struct sadb_msghdr *);
567 static int key_dump(struct socket *, struct mbuf *, const struct sadb_msghdr *);
568 static int key_promisc(struct socket *, struct mbuf *,
569 const struct sadb_msghdr *);
570 static int key_senderror(struct socket *, struct mbuf *, int);
571 static int key_validate_ext(const struct sadb_ext *, int);
572 static int key_align(struct mbuf *, struct sadb_msghdr *);
573 static struct mbuf *key_alloc_mbuf(int);
574 static int key_getsastat (struct socket *, struct mbuf *, const struct sadb_msghdr *);
575 static int key_migrate (struct socket *, struct mbuf *, const struct sadb_msghdr *);
576 static int key_setsaval2(struct secasvar *sav,
577 u_int8_t satype,
578 u_int8_t alg_auth,
579 u_int8_t alg_enc,
580 u_int32_t flags,
581 u_int8_t replay,
582 struct sadb_key *key_auth,
583 u_int16_t key_auth_len,
584 struct sadb_key *key_enc,
585 u_int16_t key_enc_len,
586 u_int16_t natt_port,
587 u_int32_t seq,
588 u_int32_t spi,
589 u_int32_t pid,
590 struct sadb_lifetime *lifetime_hard,
591 struct sadb_lifetime *lifetime_soft);
592 static void bzero_keys(const struct sadb_msghdr *);
593
594 extern int ipsec_bypass;
595 extern int esp_udp_encap_port;
596 int ipsec_send_natt_keepalive(struct secasvar *sav);
597 bool ipsec_fill_offload_frame(ifnet_t ifp, struct secasvar *sav, struct ifnet_keepalive_offload_frame *frame, size_t frame_data_offset);
598
599 void key_init(struct protosw *, struct domain *);
600
601 /*
602 * PF_KEY init
603 * setup locks, call raw_init(), and then init timer and associated data
604 *
605 */
606 void
607 key_init(struct protosw *pp, struct domain *dp)
608 {
609 static int key_initialized = 0;
610 int i;
611
612 VERIFY((pp->pr_flags & (PR_INITIALIZED|PR_ATTACHED)) == PR_ATTACHED);
613
614 _CASSERT(PFKEY_ALIGN8(sizeof(struct sadb_msg)) <= _MHLEN);
615
616 if (key_initialized)
617 return;
618 key_initialized = 1;
619
620 sadb_mutex_grp_attr = lck_grp_attr_alloc_init();
621 sadb_mutex_grp = lck_grp_alloc_init("sadb", sadb_mutex_grp_attr);
622 sadb_mutex_attr = lck_attr_alloc_init();
623
624 lck_mtx_init(sadb_mutex, sadb_mutex_grp, sadb_mutex_attr);
625
626 pfkey_stat_mutex_grp_attr = lck_grp_attr_alloc_init();
627 pfkey_stat_mutex_grp = lck_grp_alloc_init("pfkey_stat", pfkey_stat_mutex_grp_attr);
628 pfkey_stat_mutex_attr = lck_attr_alloc_init();
629
630 lck_mtx_init(pfkey_stat_mutex, pfkey_stat_mutex_grp, pfkey_stat_mutex_attr);
631
632 for (i = 0; i < SPIHASHSIZE; i++)
633 LIST_INIT(&spihash[i]);
634
635 raw_init(pp, dp);
636
637 bzero((caddr_t)&key_cb, sizeof(key_cb));
638
639 for (i = 0; i < IPSEC_DIR_MAX; i++) {
640 LIST_INIT(&sptree[i]);
641 }
642 ipsec_policy_count = 0;
643
644 LIST_INIT(&sahtree);
645
646 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
647 LIST_INIT(&regtree[i]);
648 }
649 ipsec_sav_count = 0;
650
651 #ifndef IPSEC_NONBLOCK_ACQUIRE
652 LIST_INIT(&acqtree);
653 #endif
654 LIST_INIT(&spacqtree);
655
656 /* system default */
657 #if INET
658 ip4_def_policy.policy = IPSEC_POLICY_NONE;
659 ip4_def_policy.refcnt++; /*never reclaim this*/
660 #endif
661 #if INET6
662 ip6_def_policy.policy = IPSEC_POLICY_NONE;
663 ip6_def_policy.refcnt++; /*never reclaim this*/
664 #endif
665
666 key_timehandler_running = 0;
667
668 /* initialize key statistics */
669 keystat.getspi_count = 1;
670
671 #ifndef __APPLE__
672 printf("IPsec: Initialized Security Association Processing.\n");
673 #endif
674 }
675
676 static void
677 key_start_timehandler(void)
678 {
679 /* must be called while locked */
680 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
681 if (key_timehandler_running == 0) {
682 key_timehandler_running = 1;
683 (void)timeout((void *)key_timehandler, (void *)0, hz);
684 }
685
686 /* Turn off the ipsec bypass */
687 if (ipsec_bypass != 0)
688 ipsec_bypass = 0;
689 }
690
691 /* %%% IPsec policy management */
692 /*
693 * allocating a SP for OUTBOUND or INBOUND packet.
694 * Must call key_freesp() later.
695 * OUT: NULL: not found
696 * others: found and return the pointer.
697 */
698 struct secpolicy *
699 key_allocsp(
700 struct secpolicyindex *spidx,
701 u_int dir)
702 {
703 struct secpolicy *sp;
704 struct timeval tv;
705
706 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
707 /* sanity check */
708 if (spidx == NULL)
709 panic("key_allocsp: NULL pointer is passed.\n");
710
711 /* check direction */
712 switch (dir) {
713 case IPSEC_DIR_INBOUND:
714 case IPSEC_DIR_OUTBOUND:
715 break;
716 default:
717 panic("key_allocsp: Invalid direction is passed.\n");
718 }
719
720 /* get a SP entry */
721 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
722 printf("*** objects\n");
723 kdebug_secpolicyindex(spidx));
724
725 lck_mtx_lock(sadb_mutex);
726 LIST_FOREACH(sp, &sptree[dir], chain) {
727 KEYDEBUG(KEYDEBUG_IPSEC_DATA,
728 printf("*** in SPD\n");
729 kdebug_secpolicyindex(&sp->spidx));
730
731 if (sp->state == IPSEC_SPSTATE_DEAD)
732 continue;
733
734 /* If the policy is disabled, skip */
735 if (sp->disabled > 0)
736 continue;
737
738 /* If the incoming spidx specifies bound if,
739 ignore unbound policies*/
740 if (spidx->internal_if != NULL
741 && (sp->spidx.internal_if == NULL || sp->ipsec_if == NULL))
742 continue;
743
744 if (key_cmpspidx_withmask(&sp->spidx, spidx))
745 goto found;
746 }
747 lck_mtx_unlock(sadb_mutex);
748 return NULL;
749
750 found:
751
752 /* found a SPD entry */
753 microtime(&tv);
754 sp->lastused = tv.tv_sec;
755 sp->refcnt++;
756 lck_mtx_unlock(sadb_mutex);
757
758 /* sanity check */
759 KEY_CHKSPDIR(sp->spidx.dir, dir, "key_allocsp");
760 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
761 printf("DP key_allocsp cause refcnt++:%d SP:0x%llx\n",
762 sp->refcnt, (uint64_t)VM_KERNEL_ADDRPERM(sp)));
763 return sp;
764 }
765
766 /*
767 * return a policy that matches this particular inbound packet.
768 * XXX slow
769 */
770 struct secpolicy *
771 key_gettunnel(
772 struct sockaddr *osrc,
773 struct sockaddr *odst,
774 struct sockaddr *isrc,
775 struct sockaddr *idst)
776 {
777 struct secpolicy *sp;
778 const int dir = IPSEC_DIR_INBOUND;
779 struct timeval tv;
780 struct ipsecrequest *r1, *r2, *p;
781 struct sockaddr *os, *od, *is, *id;
782 struct secpolicyindex spidx;
783
784 if (isrc->sa_family != idst->sa_family) {
785 ipseclog((LOG_ERR, "protocol family mismatched %d != %d\n.",
786 isrc->sa_family, idst->sa_family));
787 return NULL;
788 }
789
790 lck_mtx_lock(sadb_mutex);
791 LIST_FOREACH(sp, &sptree[dir], chain) {
792 if (sp->state == IPSEC_SPSTATE_DEAD)
793 continue;
794
795 r1 = r2 = NULL;
796 for (p = sp->req; p; p = p->next) {
797 if (p->saidx.mode != IPSEC_MODE_TUNNEL)
798 continue;
799
800 r1 = r2;
801 r2 = p;
802
803 if (!r1) {
804 /* here we look at address matches only */
805 spidx = sp->spidx;
806 if (isrc->sa_len > sizeof(spidx.src) ||
807 idst->sa_len > sizeof(spidx.dst))
808 continue;
809 bcopy(isrc, &spidx.src, isrc->sa_len);
810 bcopy(idst, &spidx.dst, idst->sa_len);
811 if (!key_cmpspidx_withmask(&sp->spidx, &spidx))
812 continue;
813 } else {
814 is = (struct sockaddr *)&r1->saidx.src;
815 id = (struct sockaddr *)&r1->saidx.dst;
816 if (key_sockaddrcmp(is, isrc, 0) ||
817 key_sockaddrcmp(id, idst, 0))
818 continue;
819 }
820
821 os = (struct sockaddr *)&r2->saidx.src;
822 od = (struct sockaddr *)&r2->saidx.dst;
823 if (key_sockaddrcmp(os, osrc, 0) ||
824 key_sockaddrcmp(od, odst, 0))
825 continue;
826
827 goto found;
828 }
829 }
830 lck_mtx_unlock(sadb_mutex);
831 return NULL;
832
833 found:
834 microtime(&tv);
835 sp->lastused = tv.tv_sec;
836 sp->refcnt++;
837 lck_mtx_unlock(sadb_mutex);
838 return sp;
839 }
840
841 struct secasvar *key_alloc_outbound_sav_for_interface(ifnet_t interface, int family,
842 struct sockaddr *src,
843 struct sockaddr *dst)
844 {
845 struct secashead *sah;
846 struct secasvar *sav;
847 u_int stateidx;
848 u_int state;
849 const u_int *saorder_state_valid;
850 int arraysize;
851 struct sockaddr_in *sin;
852 u_int16_t dstport;
853 bool strict = true;
854
855 if (interface == NULL) {
856 return NULL;
857 }
858
859 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
860
861 lck_mtx_lock(sadb_mutex);
862
863 do {
864 LIST_FOREACH(sah, &sahtree, chain) {
865 if (sah->state == SADB_SASTATE_DEAD) {
866 continue;
867 }
868 if (sah->ipsec_if == interface &&
869 (family == AF_INET6 || family == AF_INET) &&
870 sah->dir == IPSEC_DIR_OUTBOUND) {
871
872 if (strict &&
873 sah->saidx.mode == IPSEC_MODE_TRANSPORT &&
874 src != NULL && dst != NULL) {
875 // Validate addresses for transport mode
876 if (key_sockaddrcmp((struct sockaddr *)&sah->saidx.src, src, 0) != 0) {
877 // Source doesn't match
878 continue;
879 }
880
881 if (key_sockaddrcmp((struct sockaddr *)&sah->saidx.dst, dst, 0) != 0) {
882 // Destination doesn't match
883 continue;
884 }
885 }
886
887 /* This SAH is linked to the IPSec interface, and the right family. We found it! */
888 if (key_preferred_oldsa) {
889 saorder_state_valid = saorder_state_valid_prefer_old;
890 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
891 } else {
892 saorder_state_valid = saorder_state_valid_prefer_new;
893 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
894 }
895
896 sin = (struct sockaddr_in *)&sah->saidx.dst;
897 dstport = sin->sin_port;
898 if (sah->saidx.mode == IPSEC_MODE_TRANSPORT) {
899 sin->sin_port = IPSEC_PORT_ANY;
900 }
901
902 for (stateidx = 0; stateidx < arraysize; stateidx++) {
903 state = saorder_state_valid[stateidx];
904 sav = key_do_allocsa_policy(sah, state, dstport);
905 if (sav != NULL) {
906 lck_mtx_unlock(sadb_mutex);
907 return sav;
908 }
909 }
910
911 break;
912 }
913 }
914 if (strict) {
915 // If we didn't find anything, try again without strict
916 strict = false;
917 } else {
918 // We already were on the second try, bail
919 break;
920 }
921 } while (true);
922
923 lck_mtx_unlock(sadb_mutex);
924 return NULL;
925 }
926
927 /*
928 * allocating an SA entry for an *OUTBOUND* packet.
929 * checking each request entries in SP, and acquire an SA if need.
930 * OUT: 0: there are valid requests.
931 * ENOENT: policy may be valid, but SA with REQUIRE is on acquiring.
932 */
933 int
934 key_checkrequest(
935 struct ipsecrequest *isr,
936 struct secasindex *saidx,
937 struct secasvar **sav)
938 {
939 u_int level;
940 int error;
941 struct sockaddr_in *sin;
942
943 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
944
945 *sav = NULL;
946
947 /* sanity check */
948 if (isr == NULL || saidx == NULL)
949 panic("key_checkrequest: NULL pointer is passed.\n");
950
951 /* check mode */
952 switch (saidx->mode) {
953 case IPSEC_MODE_TRANSPORT:
954 case IPSEC_MODE_TUNNEL:
955 break;
956 case IPSEC_MODE_ANY:
957 default:
958 panic("key_checkrequest: Invalid policy defined.\n");
959 }
960
961 /* get current level */
962 level = ipsec_get_reqlevel(isr);
963
964
965 /*
966 * key_allocsa_policy should allocate the oldest SA available.
967 * See key_do_allocsa_policy(), and draft-jenkins-ipsec-rekeying-03.txt.
968 */
969 if (*sav == NULL)
970 *sav = key_allocsa_policy(saidx);
971
972 /* When there is SA. */
973 if (*sav != NULL)
974 return 0;
975
976 /* There is no SA.
977 *
978 * Remove dst port - used for special natt support - don't call
979 * key_acquire with it.
980 */
981 if (saidx->mode == IPSEC_MODE_TRANSPORT) {
982 sin = (struct sockaddr_in *)&saidx->dst;
983 sin->sin_port = IPSEC_PORT_ANY;
984 }
985 if ((error = key_acquire(saidx, isr->sp)) != 0) {
986 /* XXX What should I do ? */
987 ipseclog((LOG_DEBUG, "key_checkrequest: error %d returned "
988 "from key_acquire.\n", error));
989 return error;
990 }
991
992 return level == IPSEC_LEVEL_REQUIRE ? ENOENT : 0;
993 }
994
995 /*
996 * allocating a SA for policy entry from SAD.
997 * NOTE: searching SAD of aliving state.
998 * OUT: NULL: not found.
999 * others: found and return the pointer.
1000 */
1001 u_int32_t sah_search_calls = 0;
1002 u_int32_t sah_search_count = 0;
1003 struct secasvar *
1004 key_allocsa_policy(
1005 struct secasindex *saidx)
1006 {
1007 struct secashead *sah;
1008 struct secasvar *sav;
1009 u_int stateidx, state;
1010 const u_int *saorder_state_valid;
1011 int arraysize;
1012 struct sockaddr_in *sin;
1013 u_int16_t dstport;
1014
1015 lck_mtx_lock(sadb_mutex);
1016 sah_search_calls++;
1017 LIST_FOREACH(sah, &sahtree, chain) {
1018 sah_search_count++;
1019 if (sah->state == SADB_SASTATE_DEAD)
1020 continue;
1021 if (key_cmpsaidx(&sah->saidx, saidx, CMP_MODE | CMP_REQID))
1022 goto found;
1023 }
1024 lck_mtx_unlock(sadb_mutex);
1025 return NULL;
1026
1027 found:
1028
1029 /*
1030 * search a valid state list for outbound packet.
1031 * This search order is important.
1032 */
1033 if (key_preferred_oldsa) {
1034 saorder_state_valid = saorder_state_valid_prefer_old;
1035 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
1036 } else {
1037 saorder_state_valid = saorder_state_valid_prefer_new;
1038 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
1039 }
1040
1041
1042 sin = (struct sockaddr_in *)&saidx->dst;
1043 dstport = sin->sin_port;
1044 if (saidx->mode == IPSEC_MODE_TRANSPORT)
1045 sin->sin_port = IPSEC_PORT_ANY;
1046
1047 for (stateidx = 0; stateidx < arraysize; stateidx++) {
1048
1049 state = saorder_state_valid[stateidx];
1050
1051 sav = key_do_allocsa_policy(sah, state, dstport);
1052 if (sav != NULL) {
1053 lck_mtx_unlock(sadb_mutex);
1054 return sav;
1055 }
1056 }
1057 lck_mtx_unlock(sadb_mutex);
1058 return NULL;
1059 }
1060
1061 static void
1062 key_send_delete (struct secasvar *sav)
1063 {
1064 struct mbuf *m, *result;
1065 u_int8_t satype;
1066
1067 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
1068
1069 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
1070 panic("key_do_allocsa_policy: invalid proto is passed.\n");
1071
1072 m = key_setsadbmsg(SADB_DELETE, 0,
1073 satype, 0, 0, sav->refcnt - 1);
1074 if (!m)
1075 goto msgfail;
1076 result = m;
1077
1078 /* set sadb_address for saidx's. */
1079 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
1080 (struct sockaddr *)&sav->sah->saidx.src,
1081 sav->sah->saidx.src.ss_len << 3,
1082 IPSEC_ULPROTO_ANY);
1083 if (!m)
1084 goto msgfail;
1085 m_cat(result, m);
1086
1087 /* set sadb_address for saidx's. */
1088 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
1089 (struct sockaddr *)&sav->sah->saidx.dst,
1090 sav->sah->saidx.src.ss_len << 3,
1091 IPSEC_ULPROTO_ANY);
1092 if (!m)
1093 goto msgfail;
1094 m_cat(result, m);
1095
1096 /* create SA extension */
1097 m = key_setsadbsa(sav);
1098 if (!m)
1099 goto msgfail;
1100 m_cat(result, m);
1101
1102 if (result->m_len < sizeof(struct sadb_msg)) {
1103 result = m_pullup(result,
1104 sizeof(struct sadb_msg));
1105 if (result == NULL)
1106 goto msgfail;
1107 }
1108
1109 result->m_pkthdr.len = 0;
1110 for (m = result; m; m = m->m_next)
1111 result->m_pkthdr.len += m->m_len;
1112 mtod(result, struct sadb_msg *)->sadb_msg_len =
1113 PFKEY_UNIT64(result->m_pkthdr.len);
1114
1115 if (key_sendup_mbuf(NULL, result,
1116 KEY_SENDUP_REGISTERED))
1117 goto msgfail;
1118 msgfail:
1119 key_freesav(sav, KEY_SADB_LOCKED);
1120 }
1121
1122 /*
1123 * searching SAD with direction, protocol, mode and state.
1124 * called by key_allocsa_policy().
1125 * OUT:
1126 * NULL : not found
1127 * others : found, pointer to a SA.
1128 */
1129 static struct secasvar *
1130 key_do_allocsa_policy(
1131 struct secashead *sah,
1132 u_int state,
1133 u_int16_t dstport)
1134 {
1135 struct secasvar *sav, *nextsav, *candidate, *natt_candidate, *no_natt_candidate, *d;
1136
1137 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1138
1139 /* initialize */
1140 candidate = NULL;
1141 natt_candidate = NULL;
1142 no_natt_candidate = NULL;
1143
1144 for (sav = LIST_FIRST(&sah->savtree[state]);
1145 sav != NULL;
1146 sav = nextsav) {
1147
1148 nextsav = LIST_NEXT(sav, chain);
1149
1150 /* sanity check */
1151 KEY_CHKSASTATE(sav->state, state, "key_do_allocsa_policy");
1152
1153 if (sah->saidx.mode == IPSEC_MODE_TUNNEL && dstport &&
1154 ((sav->flags & SADB_X_EXT_NATT) != 0) &&
1155 ntohs(dstport) != sav->remote_ike_port)
1156 continue;
1157
1158 if (sah->saidx.mode == IPSEC_MODE_TRANSPORT &&
1159 ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0) &&
1160 ntohs(dstport) != sav->remote_ike_port)
1161 continue; /* skip this one - not a match - or not UDP */
1162
1163 if ((sah->saidx.mode == IPSEC_MODE_TUNNEL &&
1164 ((sav->flags & SADB_X_EXT_NATT) != 0)) ||
1165 (sah->saidx.mode == IPSEC_MODE_TRANSPORT &&
1166 ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0))) {
1167 if (natt_candidate == NULL) {
1168 natt_candidate = sav;
1169 continue;
1170 } else
1171 candidate = natt_candidate;
1172 } else {
1173 if (no_natt_candidate == NULL) {
1174 no_natt_candidate = sav;
1175 continue;
1176 } else
1177 candidate = no_natt_candidate;
1178 }
1179
1180 /* Which SA is the better ? */
1181
1182 /* sanity check 2 */
1183 if (candidate->lft_c == NULL || sav->lft_c == NULL)
1184 panic("key_do_allocsa_policy: "
1185 "lifetime_current is NULL.\n");
1186
1187 /* What the best method is to compare ? */
1188 if (key_preferred_oldsa) {
1189 if (candidate->lft_c->sadb_lifetime_addtime >
1190 sav->lft_c->sadb_lifetime_addtime) {
1191 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
1192 natt_candidate = sav;
1193 else
1194 no_natt_candidate = sav;
1195 }
1196 continue;
1197 /*NOTREACHED*/
1198 }
1199
1200 /* prefered new sa rather than old sa */
1201 if (candidate->lft_c->sadb_lifetime_addtime <
1202 sav->lft_c->sadb_lifetime_addtime) {
1203 d = candidate;
1204 if ((sah->saidx.mode == IPSEC_MODE_TUNNEL &&
1205 ((sav->flags & SADB_X_EXT_NATT) != 0)) ||
1206 (sah->saidx.mode == IPSEC_MODE_TRANSPORT &&
1207 ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0))) {
1208 natt_candidate = sav;
1209 } else {
1210 no_natt_candidate = sav;
1211 }
1212 } else {
1213 d = sav;
1214 }
1215
1216 /*
1217 * prepared to delete the SA when there is more
1218 * suitable candidate and the lifetime of the SA is not
1219 * permanent.
1220 */
1221 if (d->lft_c->sadb_lifetime_addtime != 0) {
1222 key_send_delete(d);
1223 }
1224 }
1225
1226 /* choose latest if both types present */
1227 if (natt_candidate == NULL)
1228 candidate = no_natt_candidate;
1229 else if (no_natt_candidate == NULL)
1230 candidate = natt_candidate;
1231 else if (sah->saidx.mode == IPSEC_MODE_TUNNEL && dstport)
1232 candidate = natt_candidate;
1233 else if (natt_candidate->lft_c->sadb_lifetime_addtime >
1234 no_natt_candidate->lft_c->sadb_lifetime_addtime)
1235 candidate = natt_candidate;
1236 else
1237 candidate = no_natt_candidate;
1238
1239 if (candidate) {
1240 candidate->refcnt++;
1241 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1242 printf("DP allocsa_policy cause "
1243 "refcnt++:%d SA:0x%llx\n", candidate->refcnt,
1244 (uint64_t)VM_KERNEL_ADDRPERM(candidate)));
1245 }
1246 return candidate;
1247 }
1248
1249 /*
1250 * allocating a SA entry for a *INBOUND* packet.
1251 * Must call key_freesav() later.
1252 * OUT: positive: pointer to a sav.
1253 * NULL: not found, or error occurred.
1254 *
1255 * In the comparison, source address will be ignored for RFC2401 conformance.
1256 * To quote, from section 4.1:
1257 * A security association is uniquely identified by a triple consisting
1258 * of a Security Parameter Index (SPI), an IP Destination Address, and a
1259 * security protocol (AH or ESP) identifier.
1260 * Note that, however, we do need to keep source address in IPsec SA.
1261 * IKE specification and PF_KEY specification do assume that we
1262 * keep source address in IPsec SA. We see a tricky situation here.
1263 */
1264 struct secasvar *
1265 key_allocsa(
1266 u_int family,
1267 caddr_t src,
1268 caddr_t dst,
1269 u_int proto,
1270 u_int32_t spi)
1271 {
1272 return key_allocsa_extended(family, src, dst, proto, spi, NULL);
1273 }
1274
1275 struct secasvar *
1276 key_allocsa_extended(u_int family,
1277 caddr_t src,
1278 caddr_t dst,
1279 u_int proto,
1280 u_int32_t spi,
1281 ifnet_t interface)
1282 {
1283 struct secasvar *sav, *match;
1284 u_int stateidx, state, tmpidx, matchidx;
1285 struct sockaddr_in sin;
1286 struct sockaddr_in6 sin6;
1287 const u_int *saorder_state_valid;
1288 int arraysize;
1289
1290 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
1291
1292 /* sanity check */
1293 if (src == NULL || dst == NULL)
1294 panic("key_allocsa: NULL pointer is passed.\n");
1295
1296 /*
1297 * when both systems employ similar strategy to use a SA.
1298 * the search order is important even in the inbound case.
1299 */
1300 if (key_preferred_oldsa) {
1301 saorder_state_valid = saorder_state_valid_prefer_old;
1302 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
1303 } else {
1304 saorder_state_valid = saorder_state_valid_prefer_new;
1305 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
1306 }
1307
1308 /*
1309 * searching SAD.
1310 * XXX: to be checked internal IP header somewhere. Also when
1311 * IPsec tunnel packet is received. But ESP tunnel mode is
1312 * encrypted so we can't check internal IP header.
1313 */
1314 /*
1315 * search a valid state list for inbound packet.
1316 * the search order is not important.
1317 */
1318 match = NULL;
1319 matchidx = arraysize;
1320 lck_mtx_lock(sadb_mutex);
1321 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
1322 if (sav->spi != spi)
1323 continue;
1324 if (interface != NULL &&
1325 sav->sah->ipsec_if != interface) {
1326 continue;
1327 }
1328 if (proto != sav->sah->saidx.proto)
1329 continue;
1330 if (family != sav->sah->saidx.src.ss_family ||
1331 family != sav->sah->saidx.dst.ss_family)
1332 continue;
1333 tmpidx = arraysize;
1334 for (stateidx = 0; stateidx < matchidx; stateidx++) {
1335 state = saorder_state_valid[stateidx];
1336 if (sav->state == state) {
1337 tmpidx = stateidx;
1338 break;
1339 }
1340 }
1341 if (tmpidx >= matchidx)
1342 continue;
1343
1344 #if 0 /* don't check src */
1345 /* check src address */
1346 switch (family) {
1347 case AF_INET:
1348 bzero(&sin, sizeof(sin));
1349 sin.sin_family = AF_INET;
1350 sin.sin_len = sizeof(sin);
1351 bcopy(src, &sin.sin_addr,
1352 sizeof(sin.sin_addr));
1353 if (key_sockaddrcmp((struct sockaddr*)&sin,
1354 (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
1355 continue;
1356 break;
1357 case AF_INET6:
1358 bzero(&sin6, sizeof(sin6));
1359 sin6.sin6_family = AF_INET6;
1360 sin6.sin6_len = sizeof(sin6);
1361 bcopy(src, &sin6.sin6_addr,
1362 sizeof(sin6.sin6_addr));
1363 if (IN6_IS_SCOPE_LINKLOCAL(&sin6.sin6_addr)) {
1364 /* kame fake scopeid */
1365 sin6.sin6_scope_id =
1366 ntohs(sin6.sin6_addr.s6_addr16[1]);
1367 sin6.sin6_addr.s6_addr16[1] = 0;
1368 }
1369 if (key_sockaddrcmp((struct sockaddr*)&sin6,
1370 (struct sockaddr *)&sav->sah->saidx.src, 0) != 0)
1371 continue;
1372 break;
1373 default:
1374 ipseclog((LOG_DEBUG, "key_allocsa: "
1375 "unknown address family=%d.\n",
1376 family));
1377 continue;
1378 }
1379
1380 #endif
1381 /* check dst address */
1382 switch (family) {
1383 case AF_INET:
1384 bzero(&sin, sizeof(sin));
1385 sin.sin_family = AF_INET;
1386 sin.sin_len = sizeof(sin);
1387 bcopy(dst, &sin.sin_addr,
1388 sizeof(sin.sin_addr));
1389 if (key_sockaddrcmp((struct sockaddr*)&sin,
1390 (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
1391 continue;
1392
1393 break;
1394 case AF_INET6:
1395 bzero(&sin6, sizeof(sin6));
1396 sin6.sin6_family = AF_INET6;
1397 sin6.sin6_len = sizeof(sin6);
1398 bcopy(dst, &sin6.sin6_addr,
1399 sizeof(sin6.sin6_addr));
1400 if (IN6_IS_SCOPE_LINKLOCAL(&sin6.sin6_addr)) {
1401 /* kame fake scopeid */
1402 sin6.sin6_scope_id =
1403 ntohs(sin6.sin6_addr.s6_addr16[1]);
1404 sin6.sin6_addr.s6_addr16[1] = 0;
1405 }
1406 if (key_sockaddrcmp((struct sockaddr*)&sin6,
1407 (struct sockaddr *)&sav->sah->saidx.dst, 0) != 0)
1408 continue;
1409 break;
1410 default:
1411 ipseclog((LOG_DEBUG, "key_allocsa: "
1412 "unknown address family=%d.\n", family));
1413 continue;
1414 }
1415
1416 match = sav;
1417 matchidx = tmpidx;
1418 }
1419 if (match)
1420 goto found;
1421
1422 /* not found */
1423 lck_mtx_unlock(sadb_mutex);
1424 return NULL;
1425
1426 found:
1427 match->refcnt++;
1428 lck_mtx_unlock(sadb_mutex);
1429 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1430 printf("DP allocsa cause refcnt++:%d SA:0x%llx\n",
1431 match->refcnt, (uint64_t)VM_KERNEL_ADDRPERM(match)));
1432 return match;
1433 }
1434
1435 u_int16_t
1436 key_natt_get_translated_port(
1437 struct secasvar *outsav)
1438 {
1439
1440 struct secasindex saidx;
1441 struct secashead *sah;
1442 u_int stateidx, state;
1443 const u_int *saorder_state_valid;
1444 int arraysize;
1445
1446 /* get sa for incoming */
1447 saidx.mode = outsav->sah->saidx.mode;
1448 saidx.reqid = 0;
1449 saidx.proto = outsav->sah->saidx.proto;
1450 bcopy(&outsav->sah->saidx.src, &saidx.dst, sizeof(struct sockaddr_in));
1451 bcopy(&outsav->sah->saidx.dst, &saidx.src, sizeof(struct sockaddr_in));
1452
1453 lck_mtx_lock(sadb_mutex);
1454 LIST_FOREACH(sah, &sahtree, chain) {
1455 if (sah->state == SADB_SASTATE_DEAD)
1456 continue;
1457 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE))
1458 goto found;
1459 }
1460 lck_mtx_unlock(sadb_mutex);
1461 return 0;
1462
1463 found:
1464 /*
1465 * Found sah - now go thru list of SAs and find
1466 * matching remote ike port. If found - set
1467 * sav->natt_encapsulated_src_port and return the port.
1468 */
1469 /*
1470 * search a valid state list for outbound packet.
1471 * This search order is important.
1472 */
1473 if (key_preferred_oldsa) {
1474 saorder_state_valid = saorder_state_valid_prefer_old;
1475 arraysize = _ARRAYLEN(saorder_state_valid_prefer_old);
1476 } else {
1477 saorder_state_valid = saorder_state_valid_prefer_new;
1478 arraysize = _ARRAYLEN(saorder_state_valid_prefer_new);
1479 }
1480
1481 for (stateidx = 0; stateidx < arraysize; stateidx++) {
1482 state = saorder_state_valid[stateidx];
1483 if (key_do_get_translated_port(sah, outsav, state)) {
1484 lck_mtx_unlock(sadb_mutex);
1485 return outsav->natt_encapsulated_src_port;
1486 }
1487 }
1488 lck_mtx_unlock(sadb_mutex);
1489 return 0;
1490 }
1491
1492 static int
1493 key_do_get_translated_port(
1494 struct secashead *sah,
1495 struct secasvar *outsav,
1496 u_int state)
1497 {
1498 struct secasvar *currsav, *nextsav, *candidate;
1499
1500
1501 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1502
1503 /* initilize */
1504 candidate = NULL;
1505
1506 for (currsav = LIST_FIRST(&sah->savtree[state]);
1507 currsav != NULL;
1508 currsav = nextsav) {
1509
1510 nextsav = LIST_NEXT(currsav, chain);
1511
1512 /* sanity check */
1513 KEY_CHKSASTATE(currsav->state, state, "key_do_get_translated_port");
1514
1515 if ((currsav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) == 0 ||
1516 currsav->remote_ike_port != outsav->remote_ike_port)
1517 continue;
1518
1519 if (candidate == NULL) {
1520 candidate = currsav;
1521 continue;
1522 }
1523
1524 /* Which SA is the better ? */
1525
1526 /* sanity check 2 */
1527 if (candidate->lft_c == NULL || currsav->lft_c == NULL)
1528 panic("key_do_get_translated_port: "
1529 "lifetime_current is NULL.\n");
1530
1531 /* What the best method is to compare ? */
1532 if (key_preferred_oldsa) {
1533 if (candidate->lft_c->sadb_lifetime_addtime >
1534 currsav->lft_c->sadb_lifetime_addtime) {
1535 candidate = currsav;
1536 }
1537 continue;
1538 /*NOTREACHED*/
1539 }
1540
1541 /* prefered new sa rather than old sa */
1542 if (candidate->lft_c->sadb_lifetime_addtime <
1543 currsav->lft_c->sadb_lifetime_addtime)
1544 candidate = currsav;
1545 }
1546
1547 if (candidate) {
1548 outsav->natt_encapsulated_src_port = candidate->natt_encapsulated_src_port;
1549 return 1;
1550 }
1551
1552 return 0;
1553 }
1554
1555 /*
1556 * Must be called after calling key_allocsp().
1557 */
1558 void
1559 key_freesp(
1560 struct secpolicy *sp,
1561 int locked)
1562 {
1563
1564 /* sanity check */
1565 if (sp == NULL)
1566 panic("key_freesp: NULL pointer is passed.\n");
1567
1568 if (!locked)
1569 lck_mtx_lock(sadb_mutex);
1570 else
1571 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1572 sp->refcnt--;
1573 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1574 printf("DP freesp cause refcnt--:%d SP:0x%llx\n",
1575 sp->refcnt, (uint64_t)VM_KERNEL_ADDRPERM(sp)));
1576
1577 if (sp->refcnt == 0)
1578 key_delsp(sp);
1579 if (!locked)
1580 lck_mtx_unlock(sadb_mutex);
1581 return;
1582 }
1583
1584 /*
1585 * Must be called after calling key_allocsa().
1586 * This function is called by key_freesp() to free some SA allocated
1587 * for a policy.
1588 */
1589 void
1590 key_freesav(
1591 struct secasvar *sav,
1592 int locked)
1593 {
1594
1595 /* sanity check */
1596 if (sav == NULL)
1597 panic("key_freesav: NULL pointer is passed.\n");
1598
1599 if (!locked)
1600 lck_mtx_lock(sadb_mutex);
1601 else
1602 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1603 sav->refcnt--;
1604 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
1605 printf("DP freesav cause refcnt--:%d SA:0x%llx SPI %u\n",
1606 sav->refcnt, (uint64_t)VM_KERNEL_ADDRPERM(sav),
1607 (u_int32_t)ntohl(sav->spi)));
1608
1609 if (sav->refcnt == 0)
1610 key_delsav(sav);
1611 if (!locked)
1612 lck_mtx_unlock(sadb_mutex);
1613 return;
1614 }
1615
1616 /* %%% SPD management */
1617 /*
1618 * free security policy entry.
1619 */
1620 static void
1621 key_delsp(
1622 struct secpolicy *sp)
1623 {
1624
1625 /* sanity check */
1626 if (sp == NULL)
1627 panic("key_delsp: NULL pointer is passed.\n");
1628
1629 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1630 sp->state = IPSEC_SPSTATE_DEAD;
1631
1632 if (sp->refcnt > 0)
1633 return; /* can't free */
1634
1635 /* remove from SP index */
1636 if (__LIST_CHAINED(sp)) {
1637 LIST_REMOVE(sp, chain);
1638 ipsec_policy_count--;
1639 }
1640
1641 if (sp->spidx.internal_if) {
1642 ifnet_release(sp->spidx.internal_if);
1643 sp->spidx.internal_if = NULL;
1644 }
1645
1646 if (sp->ipsec_if) {
1647 ifnet_release(sp->ipsec_if);
1648 sp->ipsec_if = NULL;
1649 }
1650
1651 if (sp->outgoing_if) {
1652 ifnet_release(sp->outgoing_if);
1653 sp->outgoing_if = NULL;
1654 }
1655
1656 {
1657 struct ipsecrequest *isr = sp->req, *nextisr;
1658
1659 while (isr != NULL) {
1660 nextisr = isr->next;
1661 KFREE(isr);
1662 isr = nextisr;
1663 }
1664 }
1665 keydb_delsecpolicy(sp);
1666
1667 return;
1668 }
1669
1670 /*
1671 * search SPD
1672 * OUT: NULL : not found
1673 * others : found, pointer to a SP.
1674 */
1675 static struct secpolicy *
1676 key_getsp(
1677 struct secpolicyindex *spidx)
1678 {
1679 struct secpolicy *sp;
1680
1681 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1682
1683 /* sanity check */
1684 if (spidx == NULL)
1685 panic("key_getsp: NULL pointer is passed.\n");
1686
1687 LIST_FOREACH(sp, &sptree[spidx->dir], chain) {
1688 if (sp->state == IPSEC_SPSTATE_DEAD)
1689 continue;
1690 if (key_cmpspidx_exactly(spidx, &sp->spidx)) {
1691 sp->refcnt++;
1692 return sp;
1693 }
1694 }
1695
1696 return NULL;
1697 }
1698
1699 /*
1700 * get SP by index.
1701 * OUT: NULL : not found
1702 * others : found, pointer to a SP.
1703 */
1704 struct secpolicy *
1705 key_getspbyid(
1706 u_int32_t id)
1707 {
1708 struct secpolicy *sp;
1709
1710 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
1711
1712 lck_mtx_lock(sadb_mutex);
1713 sp = __key_getspbyid(id);
1714 lck_mtx_unlock(sadb_mutex);
1715
1716 return sp;
1717 }
1718
1719 static struct secpolicy *
1720 __key_getspbyid(u_int32_t id)
1721 {
1722 struct secpolicy *sp;
1723
1724 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
1725
1726 LIST_FOREACH(sp, &sptree[IPSEC_DIR_INBOUND], chain) {
1727 if (sp->state == IPSEC_SPSTATE_DEAD)
1728 continue;
1729 if (sp->id == id) {
1730 sp->refcnt++;
1731 return sp;
1732 }
1733 }
1734
1735 LIST_FOREACH(sp, &sptree[IPSEC_DIR_OUTBOUND], chain) {
1736 if (sp->state == IPSEC_SPSTATE_DEAD)
1737 continue;
1738 if (sp->id == id) {
1739 sp->refcnt++;
1740 return sp;
1741 }
1742 }
1743
1744 return NULL;
1745 }
1746
1747 struct secpolicy *
1748 key_newsp(void)
1749 {
1750 struct secpolicy *newsp = NULL;
1751
1752 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
1753 newsp = keydb_newsecpolicy();
1754 if (!newsp)
1755 return newsp;
1756
1757 newsp->refcnt = 1;
1758 newsp->req = NULL;
1759
1760 return newsp;
1761 }
1762
1763 /*
1764 * create secpolicy structure from sadb_x_policy structure.
1765 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1766 * so must be set properly later.
1767 */
1768 struct secpolicy *
1769 key_msg2sp(
1770 struct sadb_x_policy *xpl0,
1771 size_t len,
1772 int *error)
1773 {
1774 struct secpolicy *newsp;
1775
1776 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
1777
1778 /* sanity check */
1779 if (xpl0 == NULL)
1780 panic("key_msg2sp: NULL pointer was passed.\n");
1781 if (len < sizeof(*xpl0))
1782 panic("key_msg2sp: invalid length.\n");
1783 if (len != PFKEY_EXTLEN(xpl0)) {
1784 ipseclog((LOG_DEBUG, "key_msg2sp: Invalid msg length.\n"));
1785 *error = EINVAL;
1786 return NULL;
1787 }
1788
1789 if ((newsp = key_newsp()) == NULL) {
1790 *error = ENOBUFS;
1791 return NULL;
1792 }
1793
1794 newsp->spidx.dir = xpl0->sadb_x_policy_dir;
1795 newsp->policy = xpl0->sadb_x_policy_type;
1796
1797 /* check policy */
1798 switch (xpl0->sadb_x_policy_type) {
1799 case IPSEC_POLICY_DISCARD:
1800 case IPSEC_POLICY_GENERATE:
1801 case IPSEC_POLICY_NONE:
1802 case IPSEC_POLICY_ENTRUST:
1803 case IPSEC_POLICY_BYPASS:
1804 newsp->req = NULL;
1805 break;
1806
1807 case IPSEC_POLICY_IPSEC:
1808 {
1809 int tlen;
1810 struct sadb_x_ipsecrequest *xisr;
1811 struct ipsecrequest **p_isr = &newsp->req;
1812
1813 /* validity check */
1814 if (PFKEY_EXTLEN(xpl0) < sizeof(*xpl0)) {
1815 ipseclog((LOG_DEBUG,
1816 "key_msg2sp: Invalid msg length.\n"));
1817 key_freesp(newsp, KEY_SADB_UNLOCKED);
1818 *error = EINVAL;
1819 return NULL;
1820 }
1821
1822 tlen = PFKEY_EXTLEN(xpl0) - sizeof(*xpl0);
1823 xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
1824
1825 while (tlen > 0) {
1826 if (tlen < sizeof(*xisr)) {
1827 ipseclog((LOG_DEBUG, "key_msg2sp: "
1828 "invalid ipsecrequest.\n"));
1829 key_freesp(newsp, KEY_SADB_UNLOCKED);
1830 *error = EINVAL;
1831 return NULL;
1832 }
1833
1834 /* length check */
1835 if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
1836 ipseclog((LOG_DEBUG, "key_msg2sp: "
1837 "invalid ipsecrequest length.\n"));
1838 key_freesp(newsp, KEY_SADB_UNLOCKED);
1839 *error = EINVAL;
1840 return NULL;
1841 }
1842
1843 /* allocate request buffer */
1844 KMALLOC_WAIT(*p_isr, struct ipsecrequest *, sizeof(**p_isr));
1845 if ((*p_isr) == NULL) {
1846 ipseclog((LOG_DEBUG,
1847 "key_msg2sp: No more memory.\n"));
1848 key_freesp(newsp, KEY_SADB_UNLOCKED);
1849 *error = ENOBUFS;
1850 return NULL;
1851 }
1852 bzero(*p_isr, sizeof(**p_isr));
1853
1854 /* set values */
1855 (*p_isr)->next = NULL;
1856
1857 switch (xisr->sadb_x_ipsecrequest_proto) {
1858 case IPPROTO_ESP:
1859 case IPPROTO_AH:
1860 case IPPROTO_IPCOMP:
1861 break;
1862 default:
1863 ipseclog((LOG_DEBUG,
1864 "key_msg2sp: invalid proto type=%u\n",
1865 xisr->sadb_x_ipsecrequest_proto));
1866 key_freesp(newsp, KEY_SADB_UNLOCKED);
1867 *error = EPROTONOSUPPORT;
1868 return NULL;
1869 }
1870 (*p_isr)->saidx.proto = xisr->sadb_x_ipsecrequest_proto;
1871
1872 switch (xisr->sadb_x_ipsecrequest_mode) {
1873 case IPSEC_MODE_TRANSPORT:
1874 case IPSEC_MODE_TUNNEL:
1875 break;
1876 case IPSEC_MODE_ANY:
1877 default:
1878 ipseclog((LOG_DEBUG,
1879 "key_msg2sp: invalid mode=%u\n",
1880 xisr->sadb_x_ipsecrequest_mode));
1881 key_freesp(newsp, KEY_SADB_UNLOCKED);
1882 *error = EINVAL;
1883 return NULL;
1884 }
1885 (*p_isr)->saidx.mode = xisr->sadb_x_ipsecrequest_mode;
1886
1887 switch (xisr->sadb_x_ipsecrequest_level) {
1888 case IPSEC_LEVEL_DEFAULT:
1889 case IPSEC_LEVEL_USE:
1890 case IPSEC_LEVEL_REQUIRE:
1891 break;
1892 case IPSEC_LEVEL_UNIQUE:
1893 /* validity check */
1894 /*
1895 * If range violation of reqid, kernel will
1896 * update it, don't refuse it.
1897 */
1898 if (xisr->sadb_x_ipsecrequest_reqid
1899 > IPSEC_MANUAL_REQID_MAX) {
1900 ipseclog((LOG_DEBUG,
1901 "key_msg2sp: reqid=%d range "
1902 "violation, updated by kernel.\n",
1903 xisr->sadb_x_ipsecrequest_reqid));
1904 xisr->sadb_x_ipsecrequest_reqid = 0;
1905 }
1906
1907 /* allocate new reqid id if reqid is zero. */
1908 if (xisr->sadb_x_ipsecrequest_reqid == 0) {
1909 u_int32_t reqid;
1910 if ((reqid = key_newreqid()) == 0) {
1911 key_freesp(newsp, KEY_SADB_UNLOCKED);
1912 *error = ENOBUFS;
1913 return NULL;
1914 }
1915 (*p_isr)->saidx.reqid = reqid;
1916 xisr->sadb_x_ipsecrequest_reqid = reqid;
1917 } else {
1918 /* set it for manual keying. */
1919 (*p_isr)->saidx.reqid =
1920 xisr->sadb_x_ipsecrequest_reqid;
1921 }
1922 break;
1923
1924 default:
1925 ipseclog((LOG_DEBUG, "key_msg2sp: invalid level=%u\n",
1926 xisr->sadb_x_ipsecrequest_level));
1927 key_freesp(newsp, KEY_SADB_UNLOCKED);
1928 *error = EINVAL;
1929 return NULL;
1930 }
1931 (*p_isr)->level = xisr->sadb_x_ipsecrequest_level;
1932
1933 /* set IP addresses if there */
1934 if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
1935 struct sockaddr *paddr;
1936
1937 if (tlen < xisr->sadb_x_ipsecrequest_len) {
1938 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1939 "address length.\n"));
1940 key_freesp(newsp, KEY_SADB_UNLOCKED);
1941 *error = EINVAL;
1942 return NULL;
1943 }
1944
1945 paddr = (struct sockaddr *)(xisr + 1);
1946 uint8_t src_len = paddr->sa_len;
1947
1948 if (xisr->sadb_x_ipsecrequest_len < src_len) {
1949 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1950 "invalid source address length.\n"));
1951 key_freesp(newsp, KEY_SADB_UNLOCKED);
1952 *error = EINVAL;
1953 return NULL;
1954 }
1955
1956 /* validity check */
1957 if (paddr->sa_len
1958 > sizeof((*p_isr)->saidx.src)) {
1959 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1960 "address length.\n"));
1961 key_freesp(newsp, KEY_SADB_UNLOCKED);
1962 *error = EINVAL;
1963 return NULL;
1964 }
1965
1966 bcopy(paddr, &(*p_isr)->saidx.src,
1967 MIN(paddr->sa_len, sizeof((*p_isr)->saidx.src)));
1968
1969 paddr = (struct sockaddr *)((caddr_t)paddr + paddr->sa_len);
1970 uint8_t dst_len = paddr->sa_len;
1971
1972 if (xisr->sadb_x_ipsecrequest_len < (src_len + dst_len)) {
1973 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1974 "invalid dest address length.\n"));
1975 key_freesp(newsp, KEY_SADB_UNLOCKED);
1976 *error = EINVAL;
1977 return NULL;
1978 }
1979
1980 /* validity check */
1981 if (paddr->sa_len
1982 > sizeof((*p_isr)->saidx.dst)) {
1983 ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
1984 "address length.\n"));
1985 key_freesp(newsp, KEY_SADB_UNLOCKED);
1986 *error = EINVAL;
1987 return NULL;
1988 }
1989
1990 bcopy(paddr, &(*p_isr)->saidx.dst,
1991 MIN(paddr->sa_len, sizeof((*p_isr)->saidx.dst)));
1992 }
1993
1994 (*p_isr)->sp = newsp;
1995
1996 /* initialization for the next. */
1997 p_isr = &(*p_isr)->next;
1998 tlen -= xisr->sadb_x_ipsecrequest_len;
1999
2000 /* validity check */
2001 if (tlen < 0) {
2002 ipseclog((LOG_DEBUG, "key_msg2sp: becoming tlen < 0.\n"));
2003 key_freesp(newsp, KEY_SADB_UNLOCKED);
2004 *error = EINVAL;
2005 return NULL;
2006 }
2007
2008 xisr = (struct sadb_x_ipsecrequest *)(void *)
2009 ((caddr_t)xisr + xisr->sadb_x_ipsecrequest_len);
2010 }
2011 }
2012 break;
2013 default:
2014 ipseclog((LOG_DEBUG, "key_msg2sp: invalid policy type.\n"));
2015 key_freesp(newsp, KEY_SADB_UNLOCKED);
2016 *error = EINVAL;
2017 return NULL;
2018 }
2019
2020 *error = 0;
2021 return newsp;
2022 }
2023
2024 static u_int32_t
2025 key_newreqid(void)
2026 {
2027 lck_mtx_lock(sadb_mutex);
2028 static u_int32_t auto_reqid = IPSEC_MANUAL_REQID_MAX + 1;
2029 int done = 0;
2030
2031 /* The reqid must be limited to 16 bits because the PF_KEY message format only uses
2032 16 bits for this field. Once it becomes larger than 16 bits - ipsec fails to
2033 work anymore. Changing the PF_KEY message format would introduce compatibility
2034 issues. This code now tests to see if the tentative reqid is in use */
2035
2036 while (!done) {
2037 struct secpolicy *sp;
2038 struct ipsecrequest *isr;
2039 int dir;
2040
2041 auto_reqid = (auto_reqid == 0xFFFF
2042 ? IPSEC_MANUAL_REQID_MAX + 1 : auto_reqid + 1);
2043
2044 /* check for uniqueness */
2045 done = 1;
2046 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
2047 LIST_FOREACH(sp, &sptree[dir], chain) {
2048 for (isr = sp->req; isr != NULL; isr = isr->next) {
2049 if (isr->saidx.reqid == auto_reqid) {
2050 done = 0;
2051 break;
2052 }
2053 }
2054 if (done == 0)
2055 break;
2056 }
2057 if (done == 0)
2058 break;
2059 }
2060 }
2061
2062 lck_mtx_unlock(sadb_mutex);
2063 return auto_reqid;
2064 }
2065
2066 /*
2067 * copy secpolicy struct to sadb_x_policy structure indicated.
2068 */
2069 struct mbuf *
2070 key_sp2msg(
2071 struct secpolicy *sp)
2072 {
2073 struct sadb_x_policy *xpl;
2074 int tlen;
2075 caddr_t p;
2076 struct mbuf *m;
2077
2078 /* sanity check. */
2079 if (sp == NULL)
2080 panic("key_sp2msg: NULL pointer was passed.\n");
2081
2082 tlen = key_getspreqmsglen(sp);
2083
2084 m = key_alloc_mbuf(tlen);
2085 if (!m || m->m_next) { /*XXX*/
2086 if (m)
2087 m_freem(m);
2088 return NULL;
2089 }
2090
2091 m->m_len = tlen;
2092 m->m_next = NULL;
2093 xpl = mtod(m, struct sadb_x_policy *);
2094 bzero(xpl, tlen);
2095
2096 xpl->sadb_x_policy_len = PFKEY_UNIT64(tlen);
2097 xpl->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
2098 xpl->sadb_x_policy_type = sp->policy;
2099 xpl->sadb_x_policy_dir = sp->spidx.dir;
2100 xpl->sadb_x_policy_id = sp->id;
2101 p = (caddr_t)xpl + sizeof(*xpl);
2102
2103 /* if is the policy for ipsec ? */
2104 if (sp->policy == IPSEC_POLICY_IPSEC) {
2105 struct sadb_x_ipsecrequest *xisr;
2106 struct ipsecrequest *isr;
2107
2108 for (isr = sp->req; isr != NULL; isr = isr->next) {
2109
2110 xisr = (struct sadb_x_ipsecrequest *)(void *)p;
2111
2112 xisr->sadb_x_ipsecrequest_proto = isr->saidx.proto;
2113 xisr->sadb_x_ipsecrequest_mode = isr->saidx.mode;
2114 xisr->sadb_x_ipsecrequest_level = isr->level;
2115 xisr->sadb_x_ipsecrequest_reqid = isr->saidx.reqid;
2116
2117 p += sizeof(*xisr);
2118 bcopy(&isr->saidx.src, p, isr->saidx.src.ss_len);
2119 p += isr->saidx.src.ss_len;
2120 bcopy(&isr->saidx.dst, p, isr->saidx.dst.ss_len);
2121 p += isr->saidx.src.ss_len;
2122
2123 xisr->sadb_x_ipsecrequest_len =
2124 PFKEY_ALIGN8(sizeof(*xisr)
2125 + isr->saidx.src.ss_len
2126 + isr->saidx.dst.ss_len);
2127 }
2128 }
2129
2130 return m;
2131 }
2132
2133 /* m will not be freed nor modified */
2134 static struct mbuf *
2135 key_gather_mbuf(struct mbuf *m, const struct sadb_msghdr *mhp,
2136 int ndeep, int nitem, int *items)
2137 {
2138 int idx;
2139 int i;
2140 struct mbuf *result = NULL, *n;
2141 int len;
2142
2143 if (m == NULL || mhp == NULL)
2144 panic("null pointer passed to key_gather");
2145
2146 for (i = 0; i < nitem; i++) {
2147 idx = items[i];
2148 if (idx < 0 || idx > SADB_EXT_MAX)
2149 goto fail;
2150 /* don't attempt to pull empty extension */
2151 if (idx == SADB_EXT_RESERVED && mhp->msg == NULL)
2152 continue;
2153 if (idx != SADB_EXT_RESERVED &&
2154 (mhp->ext[idx] == NULL || mhp->extlen[idx] == 0))
2155 continue;
2156
2157 if (idx == SADB_EXT_RESERVED) {
2158 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2159 MGETHDR(n, M_WAITOK, MT_DATA); // sadb_msg len < MHLEN - enforced by _CASSERT
2160 if (!n)
2161 goto fail;
2162 n->m_len = len;
2163 n->m_next = NULL;
2164 m_copydata(m, 0, sizeof(struct sadb_msg),
2165 mtod(n, caddr_t));
2166 } else if (i < ndeep) {
2167 len = mhp->extlen[idx];
2168 n = key_alloc_mbuf(len);
2169 if (!n || n->m_next) { /*XXX*/
2170 if (n)
2171 m_freem(n);
2172 goto fail;
2173 }
2174 m_copydata(m, mhp->extoff[idx], mhp->extlen[idx],
2175 mtod(n, caddr_t));
2176 } else {
2177 n = m_copym(m, mhp->extoff[idx], mhp->extlen[idx],
2178 M_WAITOK);
2179 }
2180 if (n == NULL)
2181 goto fail;
2182
2183 if (result)
2184 m_cat(result, n);
2185 else
2186 result = n;
2187 }
2188
2189 if ((result->m_flags & M_PKTHDR) != 0) {
2190 result->m_pkthdr.len = 0;
2191 for (n = result; n; n = n->m_next)
2192 result->m_pkthdr.len += n->m_len;
2193 }
2194
2195 return result;
2196
2197 fail:
2198 m_freem(result);
2199 return NULL;
2200 }
2201
2202 /*
2203 * SADB_X_SPDADD, SADB_X_SPDSETIDX or SADB_X_SPDUPDATE processing
2204 * add a entry to SP database, when received
2205 * <base, address(SD), (lifetime(H),) policy>
2206 * from the user(?).
2207 * Adding to SP database,
2208 * and send
2209 * <base, address(SD), (lifetime(H),) policy>
2210 * to the socket which was send.
2211 *
2212 * SPDADD set a unique policy entry.
2213 * SPDSETIDX like SPDADD without a part of policy requests.
2214 * SPDUPDATE replace a unique policy entry.
2215 *
2216 * m will always be freed.
2217 */
2218 static int
2219 key_spdadd(
2220 struct socket *so,
2221 struct mbuf *m,
2222 const struct sadb_msghdr *mhp)
2223 {
2224 struct sadb_address *src0, *dst0, *src1 = NULL, *dst1 = NULL;
2225 struct sadb_x_policy *xpl0, *xpl;
2226 struct sadb_lifetime *lft = NULL;
2227 struct secpolicyindex spidx;
2228 struct secpolicy *newsp;
2229 struct timeval tv;
2230 ifnet_t internal_if = NULL;
2231 char *outgoing_if = NULL;
2232 char *ipsec_if = NULL;
2233 struct sadb_x_ipsecif *ipsecifopts = NULL;
2234 int error;
2235 int use_src_range = 0;
2236 int use_dst_range = 0;
2237 int init_disabled = 0;
2238 int address_family, address_len;
2239
2240 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2241
2242 /* sanity check */
2243 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2244 panic("key_spdadd: NULL pointer is passed.\n");
2245
2246 if (mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_START] != NULL && mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_END] != NULL) {
2247 use_src_range = 1;
2248 }
2249 if (mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_START] != NULL && mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_END] != NULL) {
2250 use_dst_range = 1;
2251 }
2252
2253 if ((!use_src_range && mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL) ||
2254 (!use_dst_range && mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) ||
2255 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
2256 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
2257 return key_senderror(so, m, EINVAL);
2258 }
2259 if ((use_src_range && (mhp->extlen[SADB_X_EXT_ADDR_RANGE_SRC_START] < sizeof(struct sadb_address)
2260 || mhp->extlen[SADB_X_EXT_ADDR_RANGE_SRC_END] < sizeof(struct sadb_address))) ||
2261 (!use_src_range && mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address)) ||
2262 (use_dst_range && (mhp->extlen[SADB_X_EXT_ADDR_RANGE_DST_START] < sizeof(struct sadb_address)
2263 || mhp->extlen[SADB_X_EXT_ADDR_RANGE_DST_END] < sizeof(struct sadb_address))) ||
2264 (!use_dst_range && mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) ||
2265 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2266 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
2267 return key_senderror(so, m, EINVAL);
2268 }
2269 if (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL) {
2270 if (mhp->extlen[SADB_EXT_LIFETIME_HARD]
2271 < sizeof(struct sadb_lifetime)) {
2272 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
2273 return key_senderror(so, m, EINVAL);
2274 }
2275 lft = (struct sadb_lifetime *)
2276 (void *)mhp->ext[SADB_EXT_LIFETIME_HARD];
2277 }
2278 if (mhp->ext[SADB_X_EXT_IPSECIF] != NULL) {
2279 if (mhp->extlen[SADB_X_EXT_IPSECIF] < sizeof(struct sadb_x_ipsecif)) {
2280 ipseclog((LOG_DEBUG, "key_spdadd: invalid message is passed.\n"));
2281 return key_senderror(so, m, EINVAL);
2282 }
2283 }
2284
2285 if (use_src_range) {
2286 src0 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_START];
2287 src1 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_END];
2288 } else {
2289 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
2290 }
2291 if (use_dst_range) {
2292 dst0 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_START];
2293 dst1 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_END];
2294 } else {
2295 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
2296 }
2297 xpl0 = (struct sadb_x_policy *)(void *)mhp->ext[SADB_X_EXT_POLICY];
2298 ipsecifopts = (struct sadb_x_ipsecif *)(void *)mhp->ext[SADB_X_EXT_IPSECIF];
2299
2300 /* check addresses */
2301 address_family = ((struct sockaddr *)(src0 + 1))->sa_family;
2302 address_len = ((struct sockaddr *)(src0 + 1))->sa_len;
2303 if (use_src_range) {
2304 if (((struct sockaddr *)(src1+ 1))->sa_family != address_family ||
2305 ((struct sockaddr *)(src1+ 1))->sa_len != address_len) {
2306 return key_senderror(so, m, EINVAL);
2307 }
2308 }
2309 if (((struct sockaddr *)(dst0+ 1))->sa_family != address_family ||
2310 ((struct sockaddr *)(dst0+ 1))->sa_len != address_len) {
2311 return key_senderror(so, m, EINVAL);
2312 }
2313 if (use_dst_range) {
2314 if (((struct sockaddr *)(dst1+ 1))->sa_family != address_family ||
2315 ((struct sockaddr *)(dst1+ 1))->sa_len != address_len) {
2316 return key_senderror(so, m, EINVAL);
2317 }
2318 }
2319
2320 /* checking the direction. */
2321 switch (xpl0->sadb_x_policy_dir) {
2322 case IPSEC_DIR_INBOUND:
2323 case IPSEC_DIR_OUTBOUND:
2324 break;
2325 default:
2326 ipseclog((LOG_DEBUG, "key_spdadd: Invalid SP direction.\n"));
2327 mhp->msg->sadb_msg_errno = EINVAL;
2328 return 0;
2329 }
2330
2331 /* check policy */
2332 /* key_spdadd() accepts DISCARD, NONE and IPSEC. */
2333 if (xpl0->sadb_x_policy_type == IPSEC_POLICY_ENTRUST
2334 || xpl0->sadb_x_policy_type == IPSEC_POLICY_BYPASS) {
2335 ipseclog((LOG_DEBUG, "key_spdadd: Invalid policy type.\n"));
2336 return key_senderror(so, m, EINVAL);
2337 }
2338
2339 /* policy requests are mandatory when action is ipsec. */
2340 if (mhp->msg->sadb_msg_type != SADB_X_SPDSETIDX
2341 && xpl0->sadb_x_policy_type == IPSEC_POLICY_IPSEC
2342 && mhp->extlen[SADB_X_EXT_POLICY] <= sizeof(*xpl0)) {
2343 ipseclog((LOG_DEBUG, "key_spdadd: some policy requests part required.\n"));
2344 return key_senderror(so, m, EINVAL);
2345 }
2346
2347 /* Process interfaces */
2348 if (ipsecifopts != NULL) {
2349 if (ipsecifopts->sadb_x_ipsecif_internal_if[0]) {
2350 ifnet_find_by_name(ipsecifopts->sadb_x_ipsecif_internal_if, &internal_if);
2351 }
2352 if (ipsecifopts->sadb_x_ipsecif_outgoing_if[0]) {
2353 outgoing_if = ipsecifopts->sadb_x_ipsecif_outgoing_if;
2354 }
2355 if (ipsecifopts->sadb_x_ipsecif_ipsec_if[0]) {
2356 ipsec_if = ipsecifopts->sadb_x_ipsecif_ipsec_if;
2357 }
2358 init_disabled = ipsecifopts->sadb_x_ipsecif_init_disabled;
2359 }
2360
2361 /* make secindex */
2362 /* XXX boundary check against sa_len */
2363 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
2364 src0 + 1,
2365 dst0 + 1,
2366 src0->sadb_address_prefixlen,
2367 dst0->sadb_address_prefixlen,
2368 src0->sadb_address_proto,
2369 internal_if,
2370 use_src_range ? src0 + 1 : NULL,
2371 use_src_range ? src1 + 1 : NULL,
2372 use_dst_range ? dst0 + 1 : NULL,
2373 use_dst_range ? dst1 + 1 : NULL,
2374 &spidx);
2375
2376 /*
2377 * checking there is SP already or not.
2378 * SPDUPDATE doesn't depend on whether there is a SP or not.
2379 * If the type is either SPDADD or SPDSETIDX AND a SP is found,
2380 * then error.
2381 */
2382 lck_mtx_lock(sadb_mutex);
2383 newsp = key_getsp(&spidx);
2384 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
2385 if (newsp) {
2386 newsp->state = IPSEC_SPSTATE_DEAD;
2387 key_freesp(newsp, KEY_SADB_LOCKED);
2388 }
2389 } else {
2390 if (newsp != NULL) {
2391 key_freesp(newsp, KEY_SADB_LOCKED);
2392 ipseclog((LOG_DEBUG, "key_spdadd: a SP entry exists already.\n"));
2393 lck_mtx_unlock(sadb_mutex);
2394 if (internal_if) {
2395 ifnet_release(internal_if);
2396 internal_if = NULL;
2397 }
2398 return key_senderror(so, m, EEXIST);
2399 }
2400 }
2401 lck_mtx_unlock(sadb_mutex);
2402
2403 /* allocation new SP entry */
2404 if ((newsp = key_msg2sp(xpl0, PFKEY_EXTLEN(xpl0), &error)) == NULL) {
2405 if (internal_if) {
2406 ifnet_release(internal_if);
2407 internal_if = NULL;
2408 }
2409 return key_senderror(so, m, error);
2410 }
2411
2412 if ((newsp->id = key_getnewspid()) == 0) {
2413 keydb_delsecpolicy(newsp);
2414 if (internal_if) {
2415 ifnet_release(internal_if);
2416 internal_if = NULL;
2417 }
2418 return key_senderror(so, m, ENOBUFS);
2419 }
2420
2421 /* XXX boundary check against sa_len */
2422 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
2423 src0 + 1,
2424 dst0 + 1,
2425 src0->sadb_address_prefixlen,
2426 dst0->sadb_address_prefixlen,
2427 src0->sadb_address_proto,
2428 internal_if,
2429 use_src_range ? src0 + 1 : NULL,
2430 use_src_range ? src1 + 1 : NULL,
2431 use_dst_range ? dst0 + 1 : NULL,
2432 use_dst_range ? dst1 + 1 : NULL,
2433 &newsp->spidx);
2434
2435 #if 1
2436 /*
2437 * allow IPv6 over IPv4 or IPv4 over IPv6 tunnels using ESP -
2438 * otherwise reject if inner and outer address families not equal
2439 */
2440 if (newsp->req && newsp->req->saidx.src.ss_family) {
2441 struct sockaddr *sa;
2442 sa = (struct sockaddr *)(src0 + 1);
2443 if (sa->sa_family != newsp->req->saidx.src.ss_family) {
2444 if (newsp->req->saidx.mode != IPSEC_MODE_TUNNEL || newsp->req->saidx.proto != IPPROTO_ESP) {
2445 keydb_delsecpolicy(newsp);
2446 if (internal_if) {
2447 ifnet_release(internal_if);
2448 internal_if = NULL;
2449 }
2450 return key_senderror(so, m, EINVAL);
2451 }
2452 }
2453 }
2454 if (newsp->req && newsp->req->saidx.dst.ss_family) {
2455 struct sockaddr *sa;
2456 sa = (struct sockaddr *)(dst0 + 1);
2457 if (sa->sa_family != newsp->req->saidx.dst.ss_family) {
2458 if (newsp->req->saidx.mode != IPSEC_MODE_TUNNEL || newsp->req->saidx.proto != IPPROTO_ESP) {
2459 keydb_delsecpolicy(newsp);
2460 if (internal_if) {
2461 ifnet_release(internal_if);
2462 internal_if = NULL;
2463 }
2464 return key_senderror(so, m, EINVAL);
2465 }
2466 }
2467 }
2468 #endif
2469
2470 microtime(&tv);
2471 newsp->created = tv.tv_sec;
2472 newsp->lastused = tv.tv_sec;
2473 newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0;
2474 newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0;
2475
2476 if (outgoing_if != NULL) {
2477 ifnet_find_by_name(outgoing_if, &newsp->outgoing_if);
2478 }
2479 if (ipsec_if != NULL) {
2480 ifnet_find_by_name(ipsec_if, &newsp->ipsec_if);
2481 }
2482 if (init_disabled > 0) {
2483 newsp->disabled = 1;
2484 }
2485
2486 newsp->refcnt = 1; /* do not reclaim until I say I do */
2487 newsp->state = IPSEC_SPSTATE_ALIVE;
2488 lck_mtx_lock(sadb_mutex);
2489 /*
2490 * policies of type generate should be at the end of the SPD
2491 * because they function as default discard policies
2492 * Don't start timehandler for generate policies
2493 */
2494 if (newsp->policy == IPSEC_POLICY_GENERATE)
2495 LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain);
2496 else { /* XXX until we have policy ordering in the kernel */
2497 struct secpolicy *tmpsp;
2498
2499 LIST_FOREACH(tmpsp, &sptree[newsp->spidx.dir], chain)
2500 if (tmpsp->policy == IPSEC_POLICY_GENERATE)
2501 break;
2502 if (tmpsp)
2503 LIST_INSERT_BEFORE(tmpsp, newsp, chain);
2504 else
2505 LIST_INSERT_TAIL(&sptree[newsp->spidx.dir], newsp, secpolicy, chain);
2506 key_start_timehandler();
2507 }
2508
2509 ipsec_policy_count++;
2510 /* Turn off the ipsec bypass */
2511 if (ipsec_bypass != 0)
2512 ipsec_bypass = 0;
2513
2514 /* delete the entry in spacqtree */
2515 if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
2516 struct secspacq *spacq;
2517 if ((spacq = key_getspacq(&spidx)) != NULL) {
2518 /* reset counter in order to deletion by timehandler. */
2519 microtime(&tv);
2520 spacq->created = tv.tv_sec;
2521 spacq->count = 0;
2522 }
2523 }
2524 lck_mtx_unlock(sadb_mutex);
2525
2526 {
2527 struct mbuf *n, *mpolicy;
2528 struct sadb_msg *newmsg;
2529 int off;
2530
2531 /* create new sadb_msg to reply. */
2532 if (lft) {
2533 int mbufItems[] = {SADB_EXT_RESERVED, SADB_X_EXT_POLICY,
2534 SADB_EXT_LIFETIME_HARD, SADB_EXT_ADDRESS_SRC,
2535 SADB_EXT_ADDRESS_DST, SADB_X_EXT_ADDR_RANGE_SRC_START, SADB_X_EXT_ADDR_RANGE_SRC_END,
2536 SADB_X_EXT_ADDR_RANGE_DST_START, SADB_X_EXT_ADDR_RANGE_DST_END};
2537 n = key_gather_mbuf(m, mhp, 2, sizeof(mbufItems)/sizeof(int), mbufItems);
2538 } else {
2539 int mbufItems[] = {SADB_EXT_RESERVED, SADB_X_EXT_POLICY,
2540 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
2541 SADB_X_EXT_ADDR_RANGE_SRC_START, SADB_X_EXT_ADDR_RANGE_SRC_END,
2542 SADB_X_EXT_ADDR_RANGE_DST_START, SADB_X_EXT_ADDR_RANGE_DST_END};
2543 n = key_gather_mbuf(m, mhp, 2, sizeof(mbufItems)/sizeof(int), mbufItems);
2544 }
2545 if (!n)
2546 return key_senderror(so, m, ENOBUFS);
2547
2548 if (n->m_len < sizeof(*newmsg)) {
2549 n = m_pullup(n, sizeof(*newmsg));
2550 if (!n)
2551 return key_senderror(so, m, ENOBUFS);
2552 }
2553 newmsg = mtod(n, struct sadb_msg *);
2554 newmsg->sadb_msg_errno = 0;
2555 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2556
2557 off = 0;
2558 mpolicy = m_pulldown(n, PFKEY_ALIGN8(sizeof(struct sadb_msg)),
2559 sizeof(*xpl), &off);
2560 if (mpolicy == NULL) {
2561 /* n is already freed */
2562 return key_senderror(so, m, ENOBUFS);
2563 }
2564 xpl = (struct sadb_x_policy *)(void *)(mtod(mpolicy, caddr_t) + off);
2565 if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
2566 m_freem(n);
2567 return key_senderror(so, m, EINVAL);
2568 }
2569 xpl->sadb_x_policy_id = newsp->id;
2570
2571 m_freem(m);
2572 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2573 }
2574 }
2575
2576 /*
2577 * get new policy id.
2578 * OUT:
2579 * 0: failure.
2580 * others: success.
2581 */
2582 static u_int32_t
2583 key_getnewspid(void)
2584 {
2585 u_int32_t newid = 0;
2586 int count = key_spi_trycnt; /* XXX */
2587 struct secpolicy *sp;
2588
2589 /* when requesting to allocate spi ranged */
2590 lck_mtx_lock(sadb_mutex);
2591 while (count--) {
2592 newid = (policy_id = (policy_id == ~0 ? 1 : policy_id + 1));
2593
2594 if ((sp = __key_getspbyid(newid)) == NULL)
2595 break;
2596
2597 key_freesp(sp, KEY_SADB_LOCKED);
2598 }
2599 lck_mtx_unlock(sadb_mutex);
2600 if (count == 0 || newid == 0) {
2601 ipseclog((LOG_DEBUG, "key_getnewspid: to allocate policy id is failed.\n"));
2602 return 0;
2603 }
2604
2605 return newid;
2606 }
2607
2608 /*
2609 * SADB_SPDDELETE processing
2610 * receive
2611 * <base, address(SD), policy(*)>
2612 * from the user(?), and set SADB_SASTATE_DEAD,
2613 * and send,
2614 * <base, address(SD), policy(*)>
2615 * to the ikmpd.
2616 * policy(*) including direction of policy.
2617 *
2618 * m will always be freed.
2619 */
2620 static int
2621 key_spddelete(
2622 struct socket *so,
2623 struct mbuf *m,
2624 const struct sadb_msghdr *mhp)
2625 {
2626 struct sadb_address *src0, *dst0, *src1 = NULL, *dst1 = NULL;
2627 struct sadb_x_policy *xpl0;
2628 struct secpolicyindex spidx;
2629 struct secpolicy *sp;
2630 ifnet_t internal_if = NULL;
2631 struct sadb_x_ipsecif *ipsecifopts = NULL;
2632 int use_src_range = 0;
2633 int use_dst_range = 0;
2634
2635 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2636
2637 /* sanity check */
2638 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2639 panic("key_spddelete: NULL pointer is passed.\n");
2640
2641 if (mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_START] != NULL && mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_END] != NULL) {
2642 use_src_range = 1;
2643 }
2644 if (mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_START] != NULL && mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_END] != NULL) {
2645 use_dst_range = 1;
2646 }
2647
2648 if ((!use_src_range && mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL) ||
2649 (!use_dst_range && mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) ||
2650 mhp->ext[SADB_X_EXT_POLICY] == NULL) {
2651 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
2652 return key_senderror(so, m, EINVAL);
2653 }
2654 if ((use_src_range && (mhp->extlen[SADB_X_EXT_ADDR_RANGE_SRC_START] < sizeof(struct sadb_address)
2655 || mhp->extlen[SADB_X_EXT_ADDR_RANGE_SRC_END] < sizeof(struct sadb_address))) ||
2656 (!use_src_range && mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address)) ||
2657 (use_dst_range && (mhp->extlen[SADB_X_EXT_ADDR_RANGE_DST_START] < sizeof(struct sadb_address)
2658 || mhp->extlen[SADB_X_EXT_ADDR_RANGE_DST_END] < sizeof(struct sadb_address))) ||
2659 (!use_dst_range && mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) ||
2660 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2661 ipseclog((LOG_DEBUG, "key_spddelete: invalid message is passed.\n"));
2662 return key_senderror(so, m, EINVAL);
2663 }
2664
2665 if (use_src_range) {
2666 src0 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_START];
2667 src1 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_SRC_END];
2668 } else {
2669 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
2670 }
2671 if (use_dst_range) {
2672 dst0 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_START];
2673 dst1 = (struct sadb_address *)mhp->ext[SADB_X_EXT_ADDR_RANGE_DST_END];
2674 } else {
2675 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
2676 }
2677 xpl0 = (struct sadb_x_policy *)(void *)mhp->ext[SADB_X_EXT_POLICY];
2678 ipsecifopts = (struct sadb_x_ipsecif *)(void *)mhp->ext[SADB_X_EXT_IPSECIF];
2679
2680 /* checking the direction. */
2681 switch (xpl0->sadb_x_policy_dir) {
2682 case IPSEC_DIR_INBOUND:
2683 case IPSEC_DIR_OUTBOUND:
2684 break;
2685 default:
2686 ipseclog((LOG_DEBUG, "key_spddelete: Invalid SP direction.\n"));
2687 return key_senderror(so, m, EINVAL);
2688 }
2689
2690 /* Process interfaces */
2691 if (ipsecifopts != NULL) {
2692 if (ipsecifopts->sadb_x_ipsecif_internal_if[0]) {
2693 ifnet_find_by_name(ipsecifopts->sadb_x_ipsecif_internal_if, &internal_if);
2694 }
2695 }
2696
2697 /* make secindex */
2698 /* XXX boundary check against sa_len */
2699 KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
2700 src0 + 1,
2701 dst0 + 1,
2702 src0->sadb_address_prefixlen,
2703 dst0->sadb_address_prefixlen,
2704 src0->sadb_address_proto,
2705 internal_if,
2706 use_src_range ? src0 + 1 : NULL,
2707 use_src_range ? src1 + 1 : NULL,
2708 use_dst_range ? dst0 + 1 : NULL,
2709 use_dst_range ? dst1 + 1 : NULL,
2710 &spidx);
2711
2712 /* Is there SP in SPD ? */
2713 lck_mtx_lock(sadb_mutex);
2714 if ((sp = key_getsp(&spidx)) == NULL) {
2715 ipseclog((LOG_DEBUG, "key_spddelete: no SP found.\n"));
2716 lck_mtx_unlock(sadb_mutex);
2717 if (internal_if) {
2718 ifnet_release(internal_if);
2719 internal_if = NULL;
2720 }
2721 return key_senderror(so, m, EINVAL);
2722 }
2723
2724 if (internal_if) {
2725 ifnet_release(internal_if);
2726 internal_if = NULL;
2727 }
2728
2729 /* save policy id to buffer to be returned. */
2730 xpl0->sadb_x_policy_id = sp->id;
2731
2732 sp->state = IPSEC_SPSTATE_DEAD;
2733 key_freesp(sp, KEY_SADB_LOCKED);
2734 lck_mtx_unlock(sadb_mutex);
2735
2736
2737 {
2738 struct mbuf *n;
2739 struct sadb_msg *newmsg;
2740 int mbufItems[] = {SADB_EXT_RESERVED, SADB_X_EXT_POLICY,
2741 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST,
2742 SADB_X_EXT_ADDR_RANGE_SRC_START, SADB_X_EXT_ADDR_RANGE_SRC_END,
2743 SADB_X_EXT_ADDR_RANGE_DST_START, SADB_X_EXT_ADDR_RANGE_DST_END};
2744
2745 /* create new sadb_msg to reply. */
2746 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
2747 if (!n)
2748 return key_senderror(so, m, ENOBUFS);
2749
2750 newmsg = mtod(n, struct sadb_msg *);
2751 newmsg->sadb_msg_errno = 0;
2752 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2753
2754 m_freem(m);
2755 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2756 }
2757 }
2758
2759 /*
2760 * SADB_SPDDELETE2 processing
2761 * receive
2762 * <base, policy(*)>
2763 * from the user(?), and set SADB_SASTATE_DEAD,
2764 * and send,
2765 * <base, policy(*)>
2766 * to the ikmpd.
2767 * policy(*) including direction of policy.
2768 *
2769 * m will always be freed.
2770 */
2771 static int
2772 key_spddelete2(
2773 struct socket *so,
2774 struct mbuf *m,
2775 const struct sadb_msghdr *mhp)
2776 {
2777 u_int32_t id;
2778 struct secpolicy *sp;
2779
2780 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2781
2782 /* sanity check */
2783 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2784 panic("key_spddelete2: NULL pointer is passed.\n");
2785
2786 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2787 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2788 ipseclog((LOG_DEBUG, "key_spddelete2: invalid message is passed.\n"));
2789 key_senderror(so, m, EINVAL);
2790 return 0;
2791 }
2792
2793 id = ((struct sadb_x_policy *)
2794 (void *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2795
2796 /* Is there SP in SPD ? */
2797 lck_mtx_lock(sadb_mutex);
2798 if ((sp = __key_getspbyid(id)) == NULL) {
2799 lck_mtx_unlock(sadb_mutex);
2800 ipseclog((LOG_DEBUG, "key_spddelete2: no SP found id:%u.\n", id));
2801 return key_senderror(so, m, EINVAL);
2802 }
2803
2804 sp->state = IPSEC_SPSTATE_DEAD;
2805 key_freesp(sp, KEY_SADB_LOCKED);
2806 lck_mtx_unlock(sadb_mutex);
2807
2808 {
2809 struct mbuf *n, *nn;
2810 struct sadb_msg *newmsg;
2811 int off, len;
2812
2813 /* create new sadb_msg to reply. */
2814 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
2815
2816 if (len > MCLBYTES)
2817 return key_senderror(so, m, ENOBUFS);
2818 MGETHDR(n, M_WAITOK, MT_DATA);
2819 if (n && len > MHLEN) {
2820 MCLGET(n, M_WAITOK);
2821 if ((n->m_flags & M_EXT) == 0) {
2822 m_freem(n);
2823 n = NULL;
2824 }
2825 }
2826 if (!n)
2827 return key_senderror(so, m, ENOBUFS);
2828
2829 n->m_len = len;
2830 n->m_next = NULL;
2831 off = 0;
2832
2833 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
2834 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
2835
2836 #if DIAGNOSTIC
2837 if (off != len)
2838 panic("length inconsistency in key_spddelete2");
2839 #endif
2840
2841 n->m_next = m_copym(m, mhp->extoff[SADB_X_EXT_POLICY],
2842 mhp->extlen[SADB_X_EXT_POLICY], M_WAITOK);
2843 if (!n->m_next) {
2844 m_freem(n);
2845 return key_senderror(so, m, ENOBUFS);
2846 }
2847
2848 n->m_pkthdr.len = 0;
2849 for (nn = n; nn; nn = nn->m_next)
2850 n->m_pkthdr.len += nn->m_len;
2851
2852 newmsg = mtod(n, struct sadb_msg *);
2853 newmsg->sadb_msg_errno = 0;
2854 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2855
2856 m_freem(m);
2857 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2858 }
2859 }
2860
2861 static int
2862 key_spdenable(
2863 struct socket *so,
2864 struct mbuf *m,
2865 const struct sadb_msghdr *mhp)
2866 {
2867 u_int32_t id;
2868 struct secpolicy *sp;
2869
2870 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2871
2872 /* sanity check */
2873 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2874 panic("key_spdenable: NULL pointer is passed.\n");
2875
2876 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2877 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2878 ipseclog((LOG_DEBUG, "key_spdenable: invalid message is passed.\n"));
2879 key_senderror(so, m, EINVAL);
2880 return 0;
2881 }
2882
2883 id = ((struct sadb_x_policy *)
2884 (void *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2885
2886 /* Is there SP in SPD ? */
2887 lck_mtx_lock(sadb_mutex);
2888 if ((sp = __key_getspbyid(id)) == NULL) {
2889 lck_mtx_unlock(sadb_mutex);
2890 ipseclog((LOG_DEBUG, "key_spdenable: no SP found id:%u.\n", id));
2891 return key_senderror(so, m, EINVAL);
2892 }
2893
2894 sp->disabled = 0;
2895 lck_mtx_unlock(sadb_mutex);
2896
2897 {
2898 struct mbuf *n;
2899 struct sadb_msg *newmsg;
2900 int mbufItems[] = {SADB_EXT_RESERVED, SADB_X_EXT_POLICY};
2901
2902 /* create new sadb_msg to reply. */
2903 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
2904 if (!n)
2905 return key_senderror(so, m, ENOBUFS);
2906
2907 if (n->m_len < sizeof(struct sadb_msg)) {
2908 n = m_pullup(n, sizeof(struct sadb_msg));
2909 if (n == NULL)
2910 return key_senderror(so, m, ENOBUFS);
2911 }
2912 newmsg = mtod(n, struct sadb_msg *);
2913 newmsg->sadb_msg_errno = 0;
2914 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2915
2916 m_freem(m);
2917 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2918 }
2919 }
2920
2921 static int
2922 key_spddisable(
2923 struct socket *so,
2924 struct mbuf *m,
2925 const struct sadb_msghdr *mhp)
2926 {
2927 u_int32_t id;
2928 struct secpolicy *sp;
2929
2930 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
2931
2932 /* sanity check */
2933 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
2934 panic("key_spddisable: NULL pointer is passed.\n");
2935
2936 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
2937 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
2938 ipseclog((LOG_DEBUG, "key_spddisable: invalid message is passed.\n"));
2939 key_senderror(so, m, EINVAL);
2940 return 0;
2941 }
2942
2943 id = ((struct sadb_x_policy *)
2944 (void *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
2945
2946 /* Is there SP in SPD ? */
2947 lck_mtx_lock(sadb_mutex);
2948 if ((sp = __key_getspbyid(id)) == NULL) {
2949 lck_mtx_unlock(sadb_mutex);
2950 ipseclog((LOG_DEBUG, "key_spddisable: no SP found id:%u.\n", id));
2951 return key_senderror(so, m, EINVAL);
2952 }
2953
2954 sp->disabled = 1;
2955 lck_mtx_unlock(sadb_mutex);
2956
2957 {
2958 struct mbuf *n;
2959 struct sadb_msg *newmsg;
2960 int mbufItems[] = {SADB_EXT_RESERVED, SADB_X_EXT_POLICY};
2961
2962 /* create new sadb_msg to reply. */
2963 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
2964 if (!n)
2965 return key_senderror(so, m, ENOBUFS);
2966
2967 if (n->m_len < sizeof(struct sadb_msg)) {
2968 n = m_pullup(n, sizeof(struct sadb_msg));
2969 if (n == NULL)
2970 return key_senderror(so, m, ENOBUFS);
2971 }
2972 newmsg = mtod(n, struct sadb_msg *);
2973 newmsg->sadb_msg_errno = 0;
2974 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
2975
2976 m_freem(m);
2977 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
2978 }
2979 }
2980
2981 /*
2982 * SADB_X_GET processing
2983 * receive
2984 * <base, policy(*)>
2985 * from the user(?),
2986 * and send,
2987 * <base, address(SD), policy>
2988 * to the ikmpd.
2989 * policy(*) including direction of policy.
2990 *
2991 * m will always be freed.
2992 */
2993 static int
2994 key_spdget(
2995 struct socket *so,
2996 struct mbuf *m,
2997 const struct sadb_msghdr *mhp)
2998 {
2999 u_int32_t id;
3000 struct secpolicy *sp;
3001 struct mbuf *n;
3002
3003 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
3004
3005 /* sanity check */
3006 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
3007 panic("key_spdget: NULL pointer is passed.\n");
3008
3009 if (mhp->ext[SADB_X_EXT_POLICY] == NULL ||
3010 mhp->extlen[SADB_X_EXT_POLICY] < sizeof(struct sadb_x_policy)) {
3011 ipseclog((LOG_DEBUG, "key_spdget: invalid message is passed.\n"));
3012 return key_senderror(so, m, EINVAL);
3013 }
3014
3015 id = ((struct sadb_x_policy *)
3016 (void *)mhp->ext[SADB_X_EXT_POLICY])->sadb_x_policy_id;
3017
3018 /* Is there SP in SPD ? */
3019 lck_mtx_lock(sadb_mutex);
3020 if ((sp = __key_getspbyid(id)) == NULL) {
3021 ipseclog((LOG_DEBUG, "key_spdget: no SP found id:%u.\n", id));
3022 lck_mtx_unlock(sadb_mutex);
3023 return key_senderror(so, m, ENOENT);
3024 }
3025 lck_mtx_unlock(sadb_mutex);
3026 n = key_setdumpsp(sp, SADB_X_SPDGET, 0, mhp->msg->sadb_msg_pid);
3027 if (n != NULL) {
3028 m_freem(m);
3029 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
3030 } else
3031 return key_senderror(so, m, ENOBUFS);
3032 }
3033
3034 /*
3035 * SADB_X_SPDACQUIRE processing.
3036 * Acquire policy and SA(s) for a *OUTBOUND* packet.
3037 * send
3038 * <base, policy(*)>
3039 * to KMD, and expect to receive
3040 * <base> with SADB_X_SPDACQUIRE if error occurred,
3041 * or
3042 * <base, policy>
3043 * with SADB_X_SPDUPDATE from KMD by PF_KEY.
3044 * policy(*) is without policy requests.
3045 *
3046 * 0 : succeed
3047 * others: error number
3048 */
3049 int
3050 key_spdacquire(
3051 struct secpolicy *sp)
3052 {
3053 struct mbuf *result = NULL, *m;
3054 struct secspacq *newspacq;
3055 int error;
3056
3057 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
3058
3059 /* sanity check */
3060 if (sp == NULL)
3061 panic("key_spdacquire: NULL pointer is passed.\n");
3062 if (sp->req != NULL)
3063 panic("key_spdacquire: called but there is request.\n");
3064 if (sp->policy != IPSEC_POLICY_IPSEC)
3065 panic("key_spdacquire: policy mismathed. IPsec is expected.\n");
3066
3067 /* get a entry to check whether sent message or not. */
3068 lck_mtx_lock(sadb_mutex);
3069 if ((newspacq = key_getspacq(&sp->spidx)) != NULL) {
3070 if (key_blockacq_count < newspacq->count) {
3071 /* reset counter and do send message. */
3072 newspacq->count = 0;
3073 } else {
3074 /* increment counter and do nothing. */
3075 newspacq->count++;
3076 lck_mtx_unlock(sadb_mutex);
3077 return 0;
3078 }
3079 } else {
3080 /* make new entry for blocking to send SADB_ACQUIRE. */
3081 if ((newspacq = key_newspacq(&sp->spidx)) == NULL) {
3082 lck_mtx_unlock(sadb_mutex);
3083 return ENOBUFS;
3084 }
3085 /* add to acqtree */
3086 LIST_INSERT_HEAD(&spacqtree, newspacq, chain);
3087 key_start_timehandler();
3088 }
3089 lck_mtx_unlock(sadb_mutex);
3090 /* create new sadb_msg to reply. */
3091 m = key_setsadbmsg(SADB_X_SPDACQUIRE, 0, 0, 0, 0, 0);
3092 if (!m) {
3093 error = ENOBUFS;
3094 goto fail;
3095 }
3096 result = m;
3097
3098 result->m_pkthdr.len = 0;
3099 for (m = result; m; m = m->m_next)
3100 result->m_pkthdr.len += m->m_len;
3101
3102 mtod(result, struct sadb_msg *)->sadb_msg_len =
3103 PFKEY_UNIT64(result->m_pkthdr.len);
3104
3105 return key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED);
3106
3107 fail:
3108 if (result)
3109 m_freem(result);
3110 return error;
3111 }
3112
3113 /*
3114 * SADB_SPDFLUSH processing
3115 * receive
3116 * <base>
3117 * from the user, and free all entries in secpctree.
3118 * and send,
3119 * <base>
3120 * to the user.
3121 * NOTE: what to do is only marking SADB_SASTATE_DEAD.
3122 *
3123 * m will always be freed.
3124 */
3125 static int
3126 key_spdflush(
3127 struct socket *so,
3128 struct mbuf *m,
3129 const struct sadb_msghdr *mhp)
3130 {
3131 struct sadb_msg *newmsg;
3132 struct secpolicy *sp;
3133 u_int dir;
3134
3135 /* sanity check */
3136 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
3137 panic("key_spdflush: NULL pointer is passed.\n");
3138
3139 if (m->m_len != PFKEY_ALIGN8(sizeof(struct sadb_msg)))
3140 return key_senderror(so, m, EINVAL);
3141
3142 lck_mtx_lock(sadb_mutex);
3143 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
3144 LIST_FOREACH(sp, &sptree[dir], chain) {
3145 sp->state = IPSEC_SPSTATE_DEAD;
3146 }
3147 }
3148 lck_mtx_unlock(sadb_mutex);
3149
3150 if (sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
3151 ipseclog((LOG_DEBUG, "key_spdflush: No more memory.\n"));
3152 return key_senderror(so, m, ENOBUFS);
3153 }
3154
3155 if (m->m_next)
3156 m_freem(m->m_next);
3157 m->m_next = NULL;
3158 m->m_pkthdr.len = m->m_len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
3159 newmsg = mtod(m, struct sadb_msg *);
3160 newmsg->sadb_msg_errno = 0;
3161 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
3162
3163 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
3164 }
3165
3166 /*
3167 * SADB_SPDDUMP processing
3168 * receive
3169 * <base>
3170 * from the user, and dump all SP leaves
3171 * and send,
3172 * <base> .....
3173 * to the ikmpd.
3174 *
3175 * m will always be freed.
3176 */
3177
3178 static int
3179 key_spddump(
3180 struct socket *so,
3181 struct mbuf *m,
3182 const struct sadb_msghdr *mhp)
3183 {
3184 struct secpolicy *sp, **spbuf = NULL, **sp_ptr;
3185 int cnt = 0, bufcount;
3186 u_int dir;
3187 struct mbuf *n;
3188 int error = 0;
3189
3190 /* sanity check */
3191 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
3192 panic("key_spddump: NULL pointer is passed.\n");
3193
3194 if ((bufcount = ipsec_policy_count) == 0) {
3195 error = ENOENT;
3196 goto end;
3197 }
3198 bufcount += 256; /* extra */
3199 KMALLOC_WAIT(spbuf, struct secpolicy**, bufcount * sizeof(struct secpolicy*));
3200 if (spbuf == NULL) {
3201 ipseclog((LOG_DEBUG, "key_spddump: No more memory.\n"));
3202 error = ENOMEM;
3203 goto end;
3204 }
3205 lck_mtx_lock(sadb_mutex);
3206 /* search SPD entry, make list. */
3207 sp_ptr = spbuf;
3208 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
3209 LIST_FOREACH(sp, &sptree[dir], chain) {
3210 if (cnt == bufcount)
3211 break; /* buffer full */
3212 *sp_ptr++ = sp;
3213 sp->refcnt++;
3214 cnt++;
3215 }
3216 }
3217 lck_mtx_unlock(sadb_mutex);
3218
3219 if (cnt == 0) {
3220 error = ENOENT;
3221 goto end;
3222 }
3223
3224 sp_ptr = spbuf;
3225 while (cnt) {
3226 --cnt;
3227 n = key_setdumpsp(*sp_ptr++, SADB_X_SPDDUMP, cnt,
3228 mhp->msg->sadb_msg_pid);
3229
3230 if (n)
3231 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
3232 }
3233
3234 lck_mtx_lock(sadb_mutex);
3235 while (sp_ptr > spbuf)
3236 key_freesp(*(--sp_ptr), KEY_SADB_LOCKED);
3237 lck_mtx_unlock(sadb_mutex);
3238
3239 end:
3240 if (spbuf)
3241 KFREE(spbuf);
3242 if (error)
3243 return key_senderror(so, m, error);
3244
3245 m_freem(m);
3246 return 0;
3247
3248 }
3249
3250 static struct mbuf *
3251 key_setdumpsp(
3252 struct secpolicy *sp,
3253 u_int8_t type,
3254 u_int32_t seq,
3255 u_int32_t pid)
3256 {
3257 struct mbuf *result = NULL, *m;
3258
3259 m = key_setsadbmsg(type, 0, SADB_SATYPE_UNSPEC, seq, pid, sp->refcnt);
3260 if (!m)
3261 goto fail;
3262 result = m;
3263
3264 if (sp->spidx.src_range.start.ss_len > 0) {
3265 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_START,
3266 (struct sockaddr *)&sp->spidx.src_range.start, sp->spidx.prefs,
3267 sp->spidx.ul_proto);
3268 if (!m)
3269 goto fail;
3270 m_cat(result, m);
3271
3272 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_END,
3273 (struct sockaddr *)&sp->spidx.src_range.end, sp->spidx.prefs,
3274 sp->spidx.ul_proto);
3275 if (!m)
3276 goto fail;
3277 m_cat(result, m);
3278 } else {
3279 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3280 (struct sockaddr *)&sp->spidx.src, sp->spidx.prefs,
3281 sp->spidx.ul_proto);
3282 if (!m)
3283 goto fail;
3284 m_cat(result, m);
3285 }
3286
3287 if (sp->spidx.dst_range.start.ss_len > 0) {
3288 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_START,
3289 (struct sockaddr *)&sp->spidx.dst_range.start, sp->spidx.prefd,
3290 sp->spidx.ul_proto);
3291 if (!m)
3292 goto fail;
3293 m_cat(result, m);
3294
3295 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_END,
3296 (struct sockaddr *)&sp->spidx.dst_range.end, sp->spidx.prefd,
3297 sp->spidx.ul_proto);
3298 if (!m)
3299 goto fail;
3300 m_cat(result, m);
3301 } else {
3302 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3303 (struct sockaddr *)&sp->spidx.dst, sp->spidx.prefd,
3304 sp->spidx.ul_proto);
3305 if (!m)
3306 goto fail;
3307 m_cat(result, m);
3308 }
3309
3310 if (sp->spidx.internal_if || sp->outgoing_if || sp->ipsec_if || sp->disabled) {
3311 m = key_setsadbipsecif(sp->spidx.internal_if, sp->outgoing_if, sp->ipsec_if, sp->disabled);
3312 if (!m)
3313 goto fail;
3314 m_cat(result, m);
3315 }
3316
3317 m = key_sp2msg(sp);
3318 if (!m)
3319 goto fail;
3320 m_cat(result, m);
3321
3322 if ((result->m_flags & M_PKTHDR) == 0)
3323 goto fail;
3324
3325 if (result->m_len < sizeof(struct sadb_msg)) {
3326 result = m_pullup(result, sizeof(struct sadb_msg));
3327 if (result == NULL)
3328 goto fail;
3329 }
3330
3331 result->m_pkthdr.len = 0;
3332 for (m = result; m; m = m->m_next)
3333 result->m_pkthdr.len += m->m_len;
3334
3335 mtod(result, struct sadb_msg *)->sadb_msg_len =
3336 PFKEY_UNIT64(result->m_pkthdr.len);
3337
3338 return result;
3339
3340 fail:
3341 m_freem(result);
3342 return NULL;
3343 }
3344
3345 /*
3346 * get PFKEY message length for security policy and request.
3347 */
3348 static u_int
3349 key_getspreqmsglen(
3350 struct secpolicy *sp)
3351 {
3352 u_int tlen;
3353
3354 tlen = sizeof(struct sadb_x_policy);
3355
3356 /* if is the policy for ipsec ? */
3357 if (sp->policy != IPSEC_POLICY_IPSEC)
3358 return tlen;
3359
3360 /* get length of ipsec requests */
3361 {
3362 struct ipsecrequest *isr;
3363 int len;
3364
3365 for (isr = sp->req; isr != NULL; isr = isr->next) {
3366 len = sizeof(struct sadb_x_ipsecrequest)
3367 + isr->saidx.src.ss_len
3368 + isr->saidx.dst.ss_len;
3369
3370 tlen += PFKEY_ALIGN8(len);
3371 }
3372 }
3373
3374 return tlen;
3375 }
3376
3377 /*
3378 * SADB_SPDEXPIRE processing
3379 * send
3380 * <base, address(SD), lifetime(CH), policy>
3381 * to KMD by PF_KEY.
3382 *
3383 * OUT: 0 : succeed
3384 * others : error number
3385 */
3386 static int
3387 key_spdexpire(
3388 struct secpolicy *sp)
3389 {
3390 struct mbuf *result = NULL, *m;
3391 int len;
3392 int error = EINVAL;
3393 struct sadb_lifetime *lt;
3394
3395 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
3396
3397 /* sanity check */
3398 if (sp == NULL)
3399 panic("key_spdexpire: NULL pointer is passed.\n");
3400
3401 /* set msg header */
3402 m = key_setsadbmsg(SADB_X_SPDEXPIRE, 0, 0, 0, 0, 0);
3403 if (!m) {
3404 error = ENOBUFS;
3405 goto fail;
3406 }
3407 result = m;
3408
3409 /* create lifetime extension (current and hard) */
3410 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
3411 m = key_alloc_mbuf(len);
3412 if (!m || m->m_next) { /*XXX*/
3413 if (m)
3414 m_freem(m);
3415 error = ENOBUFS;
3416 goto fail;
3417 }
3418 bzero(mtod(m, caddr_t), len);
3419 lt = mtod(m, struct sadb_lifetime *);
3420 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3421 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
3422 lt->sadb_lifetime_allocations = 0;
3423 lt->sadb_lifetime_bytes = 0;
3424 lt->sadb_lifetime_addtime = sp->created;
3425 lt->sadb_lifetime_usetime = sp->lastused;
3426 lt = (struct sadb_lifetime *)(void *)(mtod(m, caddr_t) + len / 2);
3427 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3428 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
3429 lt->sadb_lifetime_allocations = 0;
3430 lt->sadb_lifetime_bytes = 0;
3431 lt->sadb_lifetime_addtime = sp->lifetime;
3432 lt->sadb_lifetime_usetime = sp->validtime;
3433 m_cat(result, m);
3434
3435 /* set sadb_address(es) for source */
3436 if (sp->spidx.src_range.start.ss_len > 0) {
3437 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_START,
3438 (struct sockaddr *)&sp->spidx.src_range.start, sp->spidx.prefs,
3439 sp->spidx.ul_proto);
3440 if (!m) {
3441 error = ENOBUFS;
3442 goto fail;
3443 }
3444 m_cat(result, m);
3445
3446 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_END,
3447 (struct sockaddr *)&sp->spidx.src_range.end, sp->spidx.prefs,
3448 sp->spidx.ul_proto);
3449 if (!m) {
3450 error = ENOBUFS;
3451 goto fail;
3452 }
3453 m_cat(result, m);
3454 } else {
3455 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
3456 (struct sockaddr *)&sp->spidx.src, sp->spidx.prefs,
3457 sp->spidx.ul_proto);
3458 if (!m) {
3459 error = ENOBUFS;
3460 goto fail;
3461 }
3462 m_cat(result, m);
3463 }
3464
3465 /* set sadb_address(es) for dest */
3466 if (sp->spidx.dst_range.start.ss_len > 0) {
3467 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_START,
3468 (struct sockaddr *)&sp->spidx.dst_range.start, sp->spidx.prefd,
3469 sp->spidx.ul_proto);
3470 if (!m) {
3471 error = ENOBUFS;
3472 goto fail;
3473 }
3474 m_cat(result, m);
3475
3476 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_END,
3477 (struct sockaddr *)&sp->spidx.dst_range.end, sp->spidx.prefd,
3478 sp->spidx.ul_proto);
3479 if (!m) {
3480 error = ENOBUFS;
3481 goto fail;
3482 }
3483 m_cat(result, m);
3484 } else {
3485 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
3486 (struct sockaddr *)&sp->spidx.dst, sp->spidx.prefd,
3487 sp->spidx.ul_proto);
3488 if (!m) {
3489 error = ENOBUFS;
3490 goto fail;
3491 }
3492 m_cat(result, m);
3493 }
3494
3495 /* set secpolicy */
3496 m = key_sp2msg(sp);
3497 if (!m) {
3498 error = ENOBUFS;
3499 goto fail;
3500 }
3501 m_cat(result, m);
3502
3503 if ((result->m_flags & M_PKTHDR) == 0) {
3504 error = EINVAL;
3505 goto fail;
3506 }
3507
3508 if (result->m_len < sizeof(struct sadb_msg)) {
3509 result = m_pullup(result, sizeof(struct sadb_msg));
3510 if (result == NULL) {
3511 error = ENOBUFS;
3512 goto fail;
3513 }
3514 }
3515
3516 result->m_pkthdr.len = 0;
3517 for (m = result; m; m = m->m_next)
3518 result->m_pkthdr.len += m->m_len;
3519
3520 mtod(result, struct sadb_msg *)->sadb_msg_len =
3521 PFKEY_UNIT64(result->m_pkthdr.len);
3522
3523 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
3524
3525 fail:
3526 if (result)
3527 m_freem(result);
3528 return error;
3529 }
3530
3531 /* %%% SAD management */
3532 /*
3533 * allocating a memory for new SA head, and copy from the values of mhp.
3534 * OUT: NULL : failure due to the lack of memory.
3535 * others : pointer to new SA head.
3536 */
3537 static struct secashead *
3538 key_newsah(struct secasindex *saidx,
3539 ifnet_t ipsec_if,
3540 u_int outgoing_if,
3541 u_int8_t dir)
3542 {
3543 struct secashead *newsah;
3544
3545 /* sanity check */
3546 if (saidx == NULL)
3547 panic("key_newsaidx: NULL pointer is passed.\n");
3548
3549 newsah = keydb_newsecashead();
3550 if (newsah == NULL)
3551 return NULL;
3552
3553 bcopy(saidx, &newsah->saidx, sizeof(newsah->saidx));
3554
3555 /* remove the ports */
3556 switch (saidx->src.ss_family) {
3557 case AF_INET:
3558 ((struct sockaddr_in *)(&newsah->saidx.src))->sin_port = IPSEC_PORT_ANY;
3559 break;
3560 case AF_INET6:
3561 ((struct sockaddr_in6 *)(&newsah->saidx.src))->sin6_port = IPSEC_PORT_ANY;
3562 break;
3563 default:
3564 break;
3565 }
3566 switch (saidx->dst.ss_family) {
3567 case AF_INET:
3568 ((struct sockaddr_in *)(&newsah->saidx.dst))->sin_port = IPSEC_PORT_ANY;
3569 break;
3570 case AF_INET6:
3571 ((struct sockaddr_in6 *)(&newsah->saidx.dst))->sin6_port = IPSEC_PORT_ANY;
3572 break;
3573 default:
3574 break;
3575 }
3576
3577 newsah->outgoing_if = outgoing_if;
3578 if (ipsec_if) {
3579 ifnet_reference(ipsec_if);
3580 newsah->ipsec_if = ipsec_if;
3581 }
3582 newsah->dir = dir;
3583 /* add to saidxtree */
3584 newsah->state = SADB_SASTATE_MATURE;
3585 LIST_INSERT_HEAD(&sahtree, newsah, chain);
3586 key_start_timehandler();
3587
3588 return(newsah);
3589 }
3590
3591 /*
3592 * delete SA index and all SA registerd.
3593 */
3594 void
3595 key_delsah(
3596 struct secashead *sah)
3597 {
3598 struct secasvar *sav, *nextsav;
3599 u_int stateidx, state;
3600 int zombie = 0;
3601
3602 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3603
3604 /* sanity check */
3605 if (sah == NULL)
3606 panic("key_delsah: NULL pointer is passed.\n");
3607
3608 /* searching all SA registerd in the secindex. */
3609 for (stateidx = 0;
3610 stateidx < _ARRAYLEN(saorder_state_any);
3611 stateidx++) {
3612
3613 state = saorder_state_any[stateidx];
3614 for (sav = (struct secasvar *)LIST_FIRST(&sah->savtree[state]);
3615 sav != NULL;
3616 sav = nextsav) {
3617
3618 nextsav = LIST_NEXT(sav, chain);
3619
3620 if (sav->refcnt > 0) {
3621 /* give up to delete this sa */
3622 zombie++;
3623 continue;
3624 }
3625
3626 /* sanity check */
3627 KEY_CHKSASTATE(state, sav->state, "key_delsah");
3628
3629 key_freesav(sav, KEY_SADB_LOCKED);
3630
3631 /* remove back pointer */
3632 sav->sah = NULL;
3633 sav = NULL;
3634 }
3635 }
3636
3637 /* don't delete sah only if there are savs. */
3638 if (zombie)
3639 return;
3640
3641 ROUTE_RELEASE(&sah->sa_route);
3642
3643 if (sah->ipsec_if) {
3644 ifnet_release(sah->ipsec_if);
3645 sah->ipsec_if = NULL;
3646 }
3647
3648 if (sah->idents) {
3649 KFREE(sah->idents);
3650 }
3651
3652 if (sah->identd) {
3653 KFREE(sah->identd);
3654 }
3655
3656 /* remove from tree of SA index */
3657 if (__LIST_CHAINED(sah))
3658 LIST_REMOVE(sah, chain);
3659
3660 KFREE(sah);
3661
3662 return;
3663 }
3664
3665 /*
3666 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
3667 * and copy the values of mhp into new buffer.
3668 * When SAD message type is GETSPI:
3669 * to set sequence number from acq_seq++,
3670 * to set zero to SPI.
3671 * not to call key_setsava().
3672 * OUT: NULL : fail
3673 * others : pointer to new secasvar.
3674 *
3675 * does not modify mbuf. does not free mbuf on error.
3676 */
3677 static struct secasvar *
3678 key_newsav(
3679 struct mbuf *m,
3680 const struct sadb_msghdr *mhp,
3681 struct secashead *sah,
3682 int *errp,
3683 struct socket *so)
3684 {
3685 struct secasvar *newsav;
3686 const struct sadb_sa *xsa;
3687
3688 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3689
3690 /* sanity check */
3691 if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL)
3692 panic("key_newsa: NULL pointer is passed.\n");
3693
3694 KMALLOC_NOWAIT(newsav, struct secasvar *, sizeof(struct secasvar));
3695 if (newsav == NULL) {
3696 lck_mtx_unlock(sadb_mutex);
3697 KMALLOC_WAIT(newsav, struct secasvar *, sizeof(struct secasvar));
3698 lck_mtx_lock(sadb_mutex);
3699 if (newsav == NULL) {
3700 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
3701 *errp = ENOBUFS;
3702 return NULL;
3703 }
3704 }
3705 bzero((caddr_t)newsav, sizeof(struct secasvar));
3706
3707 switch (mhp->msg->sadb_msg_type) {
3708 case SADB_GETSPI:
3709 key_setspi(newsav, 0);
3710
3711 #if IPSEC_DOSEQCHECK
3712 /* sync sequence number */
3713 if (mhp->msg->sadb_msg_seq == 0)
3714 newsav->seq =
3715 (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
3716 else
3717 #endif
3718 newsav->seq = mhp->msg->sadb_msg_seq;
3719 break;
3720
3721 case SADB_ADD:
3722 /* sanity check */
3723 if (mhp->ext[SADB_EXT_SA] == NULL) {
3724 key_delsav(newsav);
3725 ipseclog((LOG_DEBUG, "key_newsa: invalid message is passed.\n"));
3726 *errp = EINVAL;
3727 return NULL;
3728 }
3729 xsa = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
3730 key_setspi(newsav, xsa->sadb_sa_spi);
3731 newsav->seq = mhp->msg->sadb_msg_seq;
3732 break;
3733 default:
3734 key_delsav(newsav);
3735 *errp = EINVAL;
3736 return NULL;
3737 }
3738
3739 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
3740 if (((struct sadb_x_sa2 *)(void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_alwaysexpire)
3741 newsav->always_expire = 1;
3742 newsav->flags2 = ((struct sadb_x_sa2 *)(void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_flags;
3743 if (newsav->flags2 & SADB_X_EXT_SA2_DELETE_ON_DETACH) {
3744 newsav->so = so;
3745 }
3746 }
3747
3748 /* copy sav values */
3749 if (mhp->msg->sadb_msg_type != SADB_GETSPI) {
3750 *errp = key_setsaval(newsav, m, mhp);
3751 if (*errp) {
3752 key_delsav(newsav);
3753 return NULL;
3754 }
3755 } else {
3756 /* For get SPI, if has a hard lifetime, apply */
3757 const struct sadb_lifetime *lft0;
3758 struct timeval tv;
3759
3760 lft0 = (struct sadb_lifetime *)(void *)mhp->ext[SADB_EXT_LIFETIME_HARD];
3761 if (lft0 != NULL) {
3762 /* make lifetime for CURRENT */
3763 KMALLOC_NOWAIT(newsav->lft_c, struct sadb_lifetime *,
3764 sizeof(struct sadb_lifetime));
3765 if (newsav->lft_c == NULL) {
3766 lck_mtx_unlock(sadb_mutex);
3767 KMALLOC_WAIT(newsav->lft_c, struct sadb_lifetime *,
3768 sizeof(struct sadb_lifetime));
3769 lck_mtx_lock(sadb_mutex);
3770 if (newsav->lft_c == NULL) {
3771 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
3772 key_delsav(newsav);
3773 *errp = ENOBUFS;
3774 return NULL;
3775 }
3776 }
3777
3778 microtime(&tv);
3779
3780 newsav->lft_c->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
3781 newsav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
3782 newsav->lft_c->sadb_lifetime_allocations = 0;
3783 newsav->lft_c->sadb_lifetime_bytes = 0;
3784 newsav->lft_c->sadb_lifetime_addtime = tv.tv_sec;
3785 newsav->lft_c->sadb_lifetime_usetime = 0;
3786
3787 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
3788 ipseclog((LOG_DEBUG, "key_newsa: invalid hard lifetime ext len.\n"));
3789 key_delsav(newsav);
3790 *errp = EINVAL;
3791 return NULL;
3792 }
3793 newsav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0, sizeof(*lft0));
3794 if (newsav->lft_h == NULL) {
3795 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
3796 key_delsav(newsav);
3797 *errp = ENOBUFS;
3798 return NULL;
3799 }
3800 }
3801 }
3802
3803 /* reset created */
3804 {
3805 struct timeval tv;
3806 microtime(&tv);
3807 newsav->created = tv.tv_sec;
3808 }
3809
3810 newsav->pid = mhp->msg->sadb_msg_pid;
3811
3812 /* add to satree */
3813 newsav->sah = sah;
3814 newsav->refcnt = 1;
3815 newsav->state = SADB_SASTATE_LARVAL;
3816 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
3817 secasvar, chain);
3818 ipsec_sav_count++;
3819
3820 return newsav;
3821 }
3822
3823 /*
3824 * allocating a new SA with LARVAL state. key_add() and key_getspi() call,
3825 * and copy the values passed into new buffer.
3826 * When SAD message type is GETSPI:
3827 * to set sequence number from acq_seq++,
3828 * to set zero to SPI.
3829 * not to call key_setsava().
3830 * OUT: NULL : fail
3831 * others : pointer to new secasvar.
3832 */
3833 struct secasvar *
3834 key_newsav2(struct secashead *sah,
3835 u_int8_t satype,
3836 u_int8_t alg_auth,
3837 u_int8_t alg_enc,
3838 u_int32_t flags,
3839 u_int8_t replay,
3840 struct sadb_key *key_auth,
3841 u_int16_t key_auth_len,
3842 struct sadb_key *key_enc,
3843 u_int16_t key_enc_len,
3844 u_int16_t natt_port,
3845 u_int32_t seq,
3846 u_int32_t spi,
3847 u_int32_t pid,
3848 struct sadb_lifetime *lifetime_hard,
3849 struct sadb_lifetime *lifetime_soft)
3850 {
3851 struct secasvar *newsav;
3852
3853 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3854
3855 /* sanity check */
3856 if (sah == NULL)
3857 panic("key_newsa: NULL pointer is passed.\n");
3858
3859 KMALLOC_NOWAIT(newsav, struct secasvar *, sizeof(struct secasvar));
3860 if (newsav == NULL) {
3861 lck_mtx_unlock(sadb_mutex);
3862 KMALLOC_WAIT(newsav, struct secasvar *, sizeof(struct secasvar));
3863 lck_mtx_lock(sadb_mutex);
3864 if (newsav == NULL) {
3865 ipseclog((LOG_DEBUG, "key_newsa: No more memory.\n"));
3866 return NULL;
3867 }
3868 }
3869 bzero((caddr_t)newsav, sizeof(struct secasvar));
3870
3871 #if IPSEC_DOSEQCHECK
3872 /* sync sequence number */
3873 if (seq == 0)
3874 newsav->seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
3875 else
3876 #endif
3877 newsav->seq = seq;
3878 key_setspi(newsav, spi);
3879
3880 if (key_setsaval2(newsav,
3881 satype,
3882 alg_auth,
3883 alg_enc,
3884 flags,
3885 replay,
3886 key_auth,
3887 key_auth_len,
3888 key_enc,
3889 key_enc_len,
3890 natt_port,
3891 seq,
3892 spi,
3893 pid,
3894 lifetime_hard,
3895 lifetime_soft)) {
3896 key_delsav(newsav);
3897 return NULL;
3898 }
3899
3900 /* reset created */
3901 {
3902 struct timeval tv;
3903 microtime(&tv);
3904 newsav->created = tv.tv_sec;
3905 }
3906
3907 newsav->pid = pid;
3908
3909 /* add to satree */
3910 newsav->sah = sah;
3911 newsav->refcnt = 1;
3912 if (spi && key_auth && key_auth_len && key_enc && key_enc_len) {
3913 newsav->state = SADB_SASTATE_MATURE;
3914 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_MATURE], newsav,
3915 secasvar, chain);
3916 } else {
3917 newsav->state = SADB_SASTATE_LARVAL;
3918 LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
3919 secasvar, chain);
3920 }
3921 ipsec_sav_count++;
3922
3923 return newsav;
3924 }
3925
3926 static int
3927 key_migratesav(struct secasvar *sav,
3928 struct secashead *newsah)
3929 {
3930 if (sav == NULL || newsah == NULL || sav->state != SADB_SASTATE_MATURE) {
3931 return EINVAL;
3932 }
3933
3934 /* remove from SA header */
3935 if (__LIST_CHAINED(sav))
3936 LIST_REMOVE(sav, chain);
3937
3938 sav->sah = newsah;
3939 LIST_INSERT_TAIL(&newsah->savtree[SADB_SASTATE_MATURE], sav, secasvar, chain);
3940 return 0;
3941 }
3942
3943 /*
3944 * free() SA variable entry.
3945 */
3946 void
3947 key_delsav(
3948 struct secasvar *sav)
3949 {
3950
3951 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
3952
3953 /* sanity check */
3954 if (sav == NULL)
3955 panic("key_delsav: NULL pointer is passed.\n");
3956
3957 if (sav->refcnt > 0)
3958 return; /* can't free */
3959
3960 /* remove from SA header */
3961 if (__LIST_CHAINED(sav))
3962 LIST_REMOVE(sav, chain);
3963 ipsec_sav_count--;
3964
3965 if (sav->spihash.le_prev || sav->spihash.le_next)
3966 LIST_REMOVE(sav, spihash);
3967
3968 if (sav->key_auth != NULL) {
3969 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
3970 KFREE(sav->key_auth);
3971 sav->key_auth = NULL;
3972 }
3973 if (sav->key_enc != NULL) {
3974 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
3975 KFREE(sav->key_enc);
3976 sav->key_enc = NULL;
3977 }
3978 if (sav->sched) {
3979 bzero(sav->sched, sav->schedlen);
3980 KFREE(sav->sched);
3981 sav->sched = NULL;
3982 }
3983 if (sav->replay != NULL) {
3984 keydb_delsecreplay(sav->replay);
3985 sav->replay = NULL;
3986 }
3987 if (sav->lft_c != NULL) {
3988 KFREE(sav->lft_c);
3989 sav->lft_c = NULL;
3990 }
3991 if (sav->lft_h != NULL) {
3992 KFREE(sav->lft_h);
3993 sav->lft_h = NULL;
3994 }
3995 if (sav->lft_s != NULL) {
3996 KFREE(sav->lft_s);
3997 sav->lft_s = NULL;
3998 }
3999 if (sav->iv != NULL) {
4000 KFREE(sav->iv);
4001 sav->iv = NULL;
4002 }
4003
4004 KFREE(sav);
4005
4006 return;
4007 }
4008
4009 /*
4010 * search SAD.
4011 * OUT:
4012 * NULL : not found
4013 * others : found, pointer to a SA.
4014 */
4015 static struct secashead *
4016 key_getsah(struct secasindex *saidx)
4017 {
4018 struct secashead *sah;
4019
4020 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
4021
4022 LIST_FOREACH(sah, &sahtree, chain) {
4023 if (sah->state == SADB_SASTATE_DEAD)
4024 continue;
4025 if (key_cmpsaidx(&sah->saidx, saidx, CMP_REQID))
4026 return sah;
4027 }
4028
4029 return NULL;
4030 }
4031
4032 struct secashead *
4033 key_newsah2 (struct secasindex *saidx,
4034 u_int8_t dir)
4035 {
4036 struct secashead *sah;
4037
4038 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
4039
4040 sah = key_getsah(saidx);
4041 if (!sah) {
4042 return(key_newsah(saidx, NULL, 0, dir));
4043 }
4044 return sah;
4045 }
4046
4047 /*
4048 * check not to be duplicated SPI.
4049 * NOTE: this function is too slow due to searching all SAD.
4050 * OUT:
4051 * NULL : not found
4052 * others : found, pointer to a SA.
4053 */
4054 static struct secasvar *
4055 key_checkspidup(
4056 struct secasindex *saidx,
4057 u_int32_t spi)
4058 {
4059 struct secasvar *sav;
4060 u_int stateidx, state;
4061
4062 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
4063
4064 /* check address family */
4065 if (saidx->src.ss_family != saidx->dst.ss_family) {
4066 ipseclog((LOG_DEBUG, "key_checkspidup: address family mismatched.\n"));
4067 return NULL;
4068 }
4069
4070 /* check all SAD */
4071 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
4072 if (sav->spi != spi)
4073 continue;
4074 for (stateidx = 0;
4075 stateidx < _ARRAYLEN(saorder_state_alive);
4076 stateidx++) {
4077 state = saorder_state_alive[stateidx];
4078 if (sav->state == state &&
4079 key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst))
4080 return sav;
4081 }
4082 }
4083
4084 return NULL;
4085 }
4086
4087 static void
4088 key_setspi(
4089 struct secasvar *sav,
4090 u_int32_t spi)
4091 {
4092 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
4093 sav->spi = spi;
4094 if (sav->spihash.le_prev || sav->spihash.le_next)
4095 LIST_REMOVE(sav, spihash);
4096 LIST_INSERT_HEAD(&spihash[SPIHASH(spi)], sav, spihash);
4097 }
4098
4099
4100 /*
4101 * search SAD litmited alive SA, protocol, SPI.
4102 * OUT:
4103 * NULL : not found
4104 * others : found, pointer to a SA.
4105 */
4106 static struct secasvar *
4107 key_getsavbyspi(
4108 struct secashead *sah,
4109 u_int32_t spi)
4110 {
4111 struct secasvar *sav, *match;
4112 u_int stateidx, state, matchidx;
4113
4114 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
4115 match = NULL;
4116 matchidx = _ARRAYLEN(saorder_state_alive);
4117 LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
4118 if (sav->spi != spi)
4119 continue;
4120 if (sav->sah != sah)
4121 continue;
4122 for (stateidx = 0; stateidx < matchidx; stateidx++) {
4123 state = saorder_state_alive[stateidx];
4124 if (sav->state == state) {
4125 match = sav;
4126 matchidx = stateidx;
4127 break;
4128 }
4129 }
4130 }
4131
4132 return match;
4133 }
4134
4135 /*
4136 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
4137 * You must update these if need.
4138 * OUT: 0: success.
4139 * !0: failure.
4140 *
4141 * does not modify mbuf. does not free mbuf on error.
4142 */
4143 static int
4144 key_setsaval(
4145 struct secasvar *sav,
4146 struct mbuf *m,
4147 const struct sadb_msghdr *mhp)
4148 {
4149 #if IPSEC_ESP
4150 const struct esp_algorithm *algo;
4151 #endif
4152 int error = 0;
4153 struct timeval tv;
4154
4155 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
4156
4157 /* sanity check */
4158 if (m == NULL || mhp == NULL || mhp->msg == NULL)
4159 panic("key_setsaval: NULL pointer is passed.\n");
4160
4161 /* initialization */
4162 sav->replay = NULL;
4163 sav->key_auth = NULL;
4164 sav->key_enc = NULL;
4165 sav->sched = NULL;
4166 sav->schedlen = 0;
4167 sav->iv = NULL;
4168 sav->lft_c = NULL;
4169 sav->lft_h = NULL;
4170 sav->lft_s = NULL;
4171 sav->remote_ike_port = 0;
4172 sav->natt_last_activity = natt_now;
4173 sav->natt_encapsulated_src_port = 0;
4174
4175 /* SA */
4176 if (mhp->ext[SADB_EXT_SA] != NULL) {
4177 const struct sadb_sa *sa0;
4178
4179 sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
4180 if (mhp->extlen[SADB_EXT_SA] < sizeof(*sa0)) {
4181 ipseclog((LOG_DEBUG, "key_setsaval: invalid message size.\n"));
4182 error = EINVAL;
4183 goto fail;
4184 }
4185
4186 sav->alg_auth = sa0->sadb_sa_auth;
4187 sav->alg_enc = sa0->sadb_sa_encrypt;
4188 sav->flags = sa0->sadb_sa_flags;
4189
4190 /*
4191 * Verify that a nat-traversal port was specified if
4192 * the nat-traversal flag is set.
4193 */
4194 if ((sav->flags & SADB_X_EXT_NATT) != 0) {
4195 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa_2) ||
4196 ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_port == 0) {
4197 ipseclog((LOG_DEBUG, "key_setsaval: natt port not set.\n"));
4198 error = EINVAL;
4199 goto fail;
4200 }
4201 sav->remote_ike_port = ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_port;
4202 sav->natt_interval = ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_interval;
4203 sav->natt_offload_interval = ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_offload_interval;
4204 }
4205
4206 /*
4207 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
4208 * SADB_X_EXT_NATT is set and SADB_X_EXT_NATT_KEEPALIVE is not
4209 * set (we're not behind nat) - otherwise clear it.
4210 */
4211 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
4212 if ((sav->flags & SADB_X_EXT_NATT) == 0 ||
4213 (sav->flags & SADB_X_EXT_NATT_KEEPALIVE) != 0)
4214 sav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
4215
4216 /* replay window */
4217 if ((sa0->sadb_sa_flags & SADB_X_EXT_OLD) == 0) {
4218 sav->replay = keydb_newsecreplay(sa0->sadb_sa_replay);
4219 if (sav->replay == NULL) {
4220 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4221 error = ENOBUFS;
4222 goto fail;
4223 }
4224 }
4225 }
4226
4227 /* Authentication keys */
4228 if (mhp->ext[SADB_EXT_KEY_AUTH] != NULL) {
4229 const struct sadb_key *key0;
4230 int len;
4231
4232 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_AUTH];
4233 len = mhp->extlen[SADB_EXT_KEY_AUTH];
4234
4235 error = 0;
4236 if (len < sizeof(*key0)) {
4237 ipseclog((LOG_DEBUG, "key_setsaval: invalid auth key ext len. len = %d\n", len));
4238 error = EINVAL;
4239 goto fail;
4240 }
4241 switch (mhp->msg->sadb_msg_satype) {
4242 case SADB_SATYPE_AH:
4243 case SADB_SATYPE_ESP:
4244 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
4245 sav->alg_auth != SADB_X_AALG_NULL)
4246 error = EINVAL;
4247 break;
4248 case SADB_X_SATYPE_IPCOMP:
4249 default:
4250 error = EINVAL;
4251 break;
4252 }
4253 if (error) {
4254 ipseclog((LOG_DEBUG, "key_setsaval: invalid key_auth values.\n"));
4255 goto fail;
4256 }
4257
4258 sav->key_auth = (struct sadb_key *)key_newbuf(key0, len);
4259 if (sav->key_auth == NULL) {
4260 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4261 error = ENOBUFS;
4262 goto fail;
4263 }
4264 }
4265
4266 /* Encryption key */
4267 if (mhp->ext[SADB_EXT_KEY_ENCRYPT] != NULL) {
4268 const struct sadb_key *key0;
4269 int len;
4270
4271 key0 = (const struct sadb_key *)mhp->ext[SADB_EXT_KEY_ENCRYPT];
4272 len = mhp->extlen[SADB_EXT_KEY_ENCRYPT];
4273
4274 error = 0;
4275 if (len < sizeof(*key0)) {
4276 ipseclog((LOG_DEBUG, "key_setsaval: invalid encryption key ext len. len = %d\n", len));
4277 error = EINVAL;
4278 goto fail;
4279 }
4280 switch (mhp->msg->sadb_msg_satype) {
4281 case SADB_SATYPE_ESP:
4282 if (len == PFKEY_ALIGN8(sizeof(struct sadb_key)) &&
4283 sav->alg_enc != SADB_EALG_NULL) {
4284 ipseclog((LOG_DEBUG, "key_setsaval: invalid ESP algorithm.\n"));
4285 error = EINVAL;
4286 break;
4287 }
4288 sav->key_enc = (struct sadb_key *)key_newbuf(key0, len);
4289 if (sav->key_enc == NULL) {
4290 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4291 error = ENOBUFS;
4292 goto fail;
4293 }
4294 break;
4295 case SADB_X_SATYPE_IPCOMP:
4296 if (len != PFKEY_ALIGN8(sizeof(struct sadb_key)))
4297 error = EINVAL;
4298 sav->key_enc = NULL; /*just in case*/
4299 break;
4300 case SADB_SATYPE_AH:
4301 default:
4302 error = EINVAL;
4303 break;
4304 }
4305 if (error) {
4306 ipseclog((LOG_DEBUG, "key_setsaval: invalid key_enc value.\n"));
4307 goto fail;
4308 }
4309 }
4310
4311 /* set iv */
4312 sav->ivlen = 0;
4313
4314 switch (mhp->msg->sadb_msg_satype) {
4315 case SADB_SATYPE_ESP:
4316 #if IPSEC_ESP
4317 algo = esp_algorithm_lookup(sav->alg_enc);
4318 if (algo && algo->ivlen)
4319 sav->ivlen = (*algo->ivlen)(algo, sav);
4320 if (sav->ivlen == 0)
4321 break;
4322 KMALLOC_NOWAIT(sav->iv, caddr_t, sav->ivlen);
4323 if (sav->iv == 0) {
4324 lck_mtx_unlock(sadb_mutex);
4325 KMALLOC_WAIT(sav->iv, caddr_t, sav->ivlen);
4326 lck_mtx_lock(sadb_mutex);
4327 if (sav->iv == 0) {
4328 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4329 error = ENOBUFS;
4330 goto fail;
4331 }
4332 }
4333
4334 /* initialize */
4335 if (sav->alg_enc == SADB_X_EALG_AES_GCM) {
4336 bzero(sav->iv, sav->ivlen);
4337 } else {
4338 key_randomfill(sav->iv, sav->ivlen);
4339 }
4340 #endif
4341 break;
4342 case SADB_SATYPE_AH:
4343 case SADB_X_SATYPE_IPCOMP:
4344 break;
4345 default:
4346 ipseclog((LOG_DEBUG, "key_setsaval: invalid SA type.\n"));
4347 error = EINVAL;
4348 goto fail;
4349 }
4350
4351 /* reset created */
4352 microtime(&tv);
4353 sav->created = tv.tv_sec;
4354
4355 /* make lifetime for CURRENT */
4356 KMALLOC_NOWAIT(sav->lft_c, struct sadb_lifetime *,
4357 sizeof(struct sadb_lifetime));
4358 if (sav->lft_c == NULL) {
4359 lck_mtx_unlock(sadb_mutex);
4360 KMALLOC_WAIT(sav->lft_c, struct sadb_lifetime *,
4361 sizeof(struct sadb_lifetime));
4362 lck_mtx_lock(sadb_mutex);
4363 if (sav->lft_c == NULL) {
4364 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4365 error = ENOBUFS;
4366 goto fail;
4367 }
4368 }
4369
4370 microtime(&tv);
4371
4372 sav->lft_c->sadb_lifetime_len =
4373 PFKEY_UNIT64(sizeof(struct sadb_lifetime));
4374 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
4375 sav->lft_c->sadb_lifetime_allocations = 0;
4376 sav->lft_c->sadb_lifetime_bytes = 0;
4377 sav->lft_c->sadb_lifetime_addtime = tv.tv_sec;
4378 sav->lft_c->sadb_lifetime_usetime = 0;
4379
4380 /* lifetimes for HARD and SOFT */
4381 {
4382 const struct sadb_lifetime *lft0;
4383
4384 lft0 = (struct sadb_lifetime *)
4385 (void *)mhp->ext[SADB_EXT_LIFETIME_HARD];
4386 if (lft0 != NULL) {
4387 if (mhp->extlen[SADB_EXT_LIFETIME_HARD] < sizeof(*lft0)) {
4388 ipseclog((LOG_DEBUG, "key_setsaval: invalid hard lifetime ext len.\n"));
4389 error = EINVAL;
4390 goto fail;
4391 }
4392 sav->lft_h = (struct sadb_lifetime *)key_newbuf(lft0,
4393 sizeof(*lft0));
4394 if (sav->lft_h == NULL) {
4395 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4396 error = ENOBUFS;
4397 goto fail;
4398 }
4399 /* to be initialize ? */
4400 }
4401
4402 lft0 = (struct sadb_lifetime *)
4403 (void *)mhp->ext[SADB_EXT_LIFETIME_SOFT];
4404 if (lft0 != NULL) {
4405 if (mhp->extlen[SADB_EXT_LIFETIME_SOFT] < sizeof(*lft0)) {
4406 ipseclog((LOG_DEBUG, "key_setsaval: invalid soft lifetime ext len.\n"));
4407 error = EINVAL;
4408 goto fail;
4409 }
4410 sav->lft_s = (struct sadb_lifetime *)key_newbuf(lft0,
4411 sizeof(*lft0));
4412 if (sav->lft_s == NULL) {
4413 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4414 error = ENOBUFS;
4415 goto fail;
4416 }
4417 /* to be initialize ? */
4418 }
4419 }
4420
4421 return 0;
4422
4423 fail:
4424 /* initialization */
4425 if (sav->replay != NULL) {
4426 keydb_delsecreplay(sav->replay);
4427 sav->replay = NULL;
4428 }
4429 if (sav->key_auth != NULL) {
4430 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
4431 KFREE(sav->key_auth);
4432 sav->key_auth = NULL;
4433 }
4434 if (sav->key_enc != NULL) {
4435 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
4436 KFREE(sav->key_enc);
4437 sav->key_enc = NULL;
4438 }
4439 if (sav->sched) {
4440 bzero(sav->sched, sav->schedlen);
4441 KFREE(sav->sched);
4442 sav->sched = NULL;
4443 }
4444 if (sav->iv != NULL) {
4445 KFREE(sav->iv);
4446 sav->iv = NULL;
4447 }
4448 if (sav->lft_c != NULL) {
4449 KFREE(sav->lft_c);
4450 sav->lft_c = NULL;
4451 }
4452 if (sav->lft_h != NULL) {
4453 KFREE(sav->lft_h);
4454 sav->lft_h = NULL;
4455 }
4456 if (sav->lft_s != NULL) {
4457 KFREE(sav->lft_s);
4458 sav->lft_s = NULL;
4459 }
4460
4461 return error;
4462 }
4463
4464 /*
4465 * copy SA values from PF_KEY message except *SPI, SEQ, PID, STATE and TYPE*.
4466 * You must update these if need.
4467 * OUT: 0: success.
4468 * !0: failure.
4469 *
4470 * does not modify mbuf. does not free mbuf on error.
4471 */
4472 int
4473 key_setsaval2(struct secasvar *sav,
4474 u_int8_t satype,
4475 u_int8_t alg_auth,
4476 u_int8_t alg_enc,
4477 u_int32_t flags,
4478 u_int8_t replay,
4479 struct sadb_key *key_auth,
4480 u_int16_t key_auth_len,
4481 struct sadb_key *key_enc,
4482 u_int16_t key_enc_len,
4483 u_int16_t natt_port,
4484 u_int32_t seq,
4485 u_int32_t spi,
4486 u_int32_t pid,
4487 struct sadb_lifetime *lifetime_hard,
4488 struct sadb_lifetime *lifetime_soft)
4489 {
4490 #if IPSEC_ESP
4491 const struct esp_algorithm *algo;
4492 #endif
4493 int error = 0;
4494 struct timeval tv;
4495
4496 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
4497
4498 /* initialization */
4499 sav->replay = NULL;
4500 sav->key_auth = NULL;
4501 sav->key_enc = NULL;
4502 sav->sched = NULL;
4503 sav->schedlen = 0;
4504 sav->iv = NULL;
4505 sav->lft_c = NULL;
4506 sav->lft_h = NULL;
4507 sav->lft_s = NULL;
4508 sav->remote_ike_port = 0;
4509 sav->natt_last_activity = natt_now;
4510 sav->natt_encapsulated_src_port = 0;
4511
4512 sav->alg_auth = alg_auth;
4513 sav->alg_enc = alg_enc;
4514 sav->flags = flags;
4515 sav->pid = pid;
4516 sav->seq = seq;
4517 key_setspi(sav, htonl(spi));
4518
4519 /*
4520 * Verify that a nat-traversal port was specified if
4521 * the nat-traversal flag is set.
4522 */
4523 if ((sav->flags & SADB_X_EXT_NATT) != 0) {
4524 if (natt_port == 0) {
4525 ipseclog((LOG_DEBUG, "key_setsaval2: natt port not set.\n"));
4526 error = EINVAL;
4527 goto fail;
4528 }
4529 sav->remote_ike_port = natt_port;
4530 }
4531
4532 /*
4533 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
4534 * SADB_X_EXT_NATT is set and SADB_X_EXT_NATT_KEEPALIVE is not
4535 * set (we're not behind nat) - otherwise clear it.
4536 */
4537 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
4538 if ((sav->flags & SADB_X_EXT_NATT) == 0 ||
4539 (sav->flags & SADB_X_EXT_NATT_KEEPALIVE) != 0)
4540 sav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
4541
4542 /* replay window */
4543 if ((flags & SADB_X_EXT_OLD) == 0) {
4544 sav->replay = keydb_newsecreplay(replay);
4545 if (sav->replay == NULL) {
4546 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4547 error = ENOBUFS;
4548 goto fail;
4549 }
4550 }
4551
4552 /* Authentication keys */
4553 sav->key_auth = (__typeof__(sav->key_auth))key_newbuf(key_auth, key_auth_len);
4554 if (sav->key_auth == NULL) {
4555 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4556 error = ENOBUFS;
4557 goto fail;
4558 }
4559
4560 /* Encryption key */
4561 sav->key_enc = (__typeof__(sav->key_enc))key_newbuf(key_enc, key_enc_len);
4562 if (sav->key_enc == NULL) {
4563 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4564 error = ENOBUFS;
4565 goto fail;
4566 }
4567
4568 /* set iv */
4569 sav->ivlen = 0;
4570
4571 if (satype == SADB_SATYPE_ESP) {
4572 #if IPSEC_ESP
4573 algo = esp_algorithm_lookup(sav->alg_enc);
4574 if (algo && algo->ivlen)
4575 sav->ivlen = (*algo->ivlen)(algo, sav);
4576 if (sav->ivlen != 0) {
4577 KMALLOC_NOWAIT(sav->iv, caddr_t, sav->ivlen);
4578 if (sav->iv == 0) {
4579 lck_mtx_unlock(sadb_mutex);
4580 KMALLOC_WAIT(sav->iv, caddr_t, sav->ivlen);
4581 lck_mtx_lock(sadb_mutex);
4582 if (sav->iv == 0) {
4583 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4584 error = ENOBUFS;
4585 goto fail;
4586 }
4587 }
4588 /* initialize */
4589 if (sav->alg_enc == SADB_X_EALG_AES_GCM) {
4590 bzero(sav->iv, sav->ivlen);
4591 } else {
4592 key_randomfill(sav->iv, sav->ivlen);
4593 }
4594 }
4595 #endif
4596 }
4597
4598 /* reset created */
4599 microtime(&tv);
4600 sav->created = tv.tv_sec;
4601
4602 /* make lifetime for CURRENT */
4603 KMALLOC_NOWAIT(sav->lft_c, struct sadb_lifetime *,
4604 sizeof(struct sadb_lifetime));
4605 if (sav->lft_c == NULL) {
4606 lck_mtx_unlock(sadb_mutex);
4607 KMALLOC_WAIT(sav->lft_c, struct sadb_lifetime *,
4608 sizeof(struct sadb_lifetime));
4609 lck_mtx_lock(sadb_mutex);
4610 if (sav->lft_c == NULL) {
4611 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4612 error = ENOBUFS;
4613 goto fail;
4614 }
4615 }
4616
4617 microtime(&tv);
4618
4619 sav->lft_c->sadb_lifetime_len =
4620 PFKEY_UNIT64(sizeof(struct sadb_lifetime));
4621 sav->lft_c->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
4622 sav->lft_c->sadb_lifetime_allocations = 0;
4623 sav->lft_c->sadb_lifetime_bytes = 0;
4624 sav->lft_c->sadb_lifetime_addtime = tv.tv_sec;
4625 sav->lft_c->sadb_lifetime_usetime = 0;
4626
4627 /* lifetimes for HARD and SOFT */
4628 sav->lft_h = (__typeof__(sav->lft_h))key_newbuf(lifetime_hard,
4629 sizeof(*lifetime_hard));
4630 if (sav->lft_h == NULL) {
4631 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4632 error = ENOBUFS;
4633 goto fail;
4634 }
4635 sav->lft_s = (__typeof__(sav->lft_s))key_newbuf(lifetime_soft,
4636 sizeof(*lifetime_soft));
4637 if (sav->lft_s == NULL) {
4638 ipseclog((LOG_DEBUG, "key_setsaval: No more memory.\n"));
4639 error = ENOBUFS;
4640 goto fail;
4641 }
4642
4643 return 0;
4644
4645 fail:
4646 /* initialization */
4647 if (sav->replay != NULL) {
4648 keydb_delsecreplay(sav->replay);
4649 sav->replay = NULL;
4650 }
4651 if (sav->key_auth != NULL) {
4652 bzero(_KEYBUF(sav->key_auth), _KEYLEN(sav->key_auth));
4653 KFREE(sav->key_auth);
4654 sav->key_auth = NULL;
4655 }
4656 if (sav->key_enc != NULL) {
4657 bzero(_KEYBUF(sav->key_enc), _KEYLEN(sav->key_enc));
4658 KFREE(sav->key_enc);
4659 sav->key_enc = NULL;
4660 }
4661 if (sav->sched) {
4662 bzero(sav->sched, sav->schedlen);
4663 KFREE(sav->sched);
4664 sav->sched = NULL;
4665 }
4666 if (sav->iv != NULL) {
4667 KFREE(sav->iv);
4668 sav->iv = NULL;
4669 }
4670 if (sav->lft_c != NULL) {
4671 KFREE(sav->lft_c);
4672 sav->lft_c = NULL;
4673 }
4674 if (sav->lft_h != NULL) {
4675 KFREE(sav->lft_h);
4676 sav->lft_h = NULL;
4677 }
4678 if (sav->lft_s != NULL) {
4679 KFREE(sav->lft_s);
4680 sav->lft_s = NULL;
4681 }
4682
4683 return error;
4684 }
4685
4686 /*
4687 * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
4688 * OUT: 0: valid
4689 * other: errno
4690 */
4691 static int
4692 key_mature(
4693 struct secasvar *sav)
4694 {
4695 int mature;
4696 int checkmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
4697 int mustmask = 0; /* 2^0: ealg 2^1: aalg 2^2: calg */
4698
4699 mature = 0;
4700
4701 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
4702
4703 /* check SPI value */
4704 switch (sav->sah->saidx.proto) {
4705 case IPPROTO_ESP:
4706 case IPPROTO_AH:
4707
4708 /* No reason to test if this is >= 0, because ntohl(sav->spi) is unsigned. */
4709 if (ntohl(sav->spi) <= 255) {
4710 ipseclog((LOG_DEBUG,
4711 "key_mature: illegal range of SPI %u.\n",
4712 (u_int32_t)ntohl(sav->spi)));
4713 return EINVAL;
4714 }
4715 break;
4716 }
4717
4718 /* check satype */
4719 switch (sav->sah->saidx.proto) {
4720 case IPPROTO_ESP:
4721 /* check flags */
4722 if ((sav->flags & SADB_X_EXT_OLD)
4723 && (sav->flags & SADB_X_EXT_DERIV)) {
4724 ipseclog((LOG_DEBUG, "key_mature: "
4725 "invalid flag (derived) given to old-esp.\n"));
4726 return EINVAL;
4727 }
4728 if (sav->alg_auth == SADB_AALG_NONE)
4729 checkmask = 1;
4730 else
4731 checkmask = 3;
4732 mustmask = 1;
4733 break;
4734 case IPPROTO_AH:
4735 /* check flags */
4736 if (sav->flags & SADB_X_EXT_DERIV) {
4737 ipseclog((LOG_DEBUG, "key_mature: "
4738 "invalid flag (derived) given to AH SA.\n"));
4739 return EINVAL;
4740 }
4741 if (sav->alg_enc != SADB_EALG_NONE) {
4742 ipseclog((LOG_DEBUG, "key_mature: "
4743 "protocol and algorithm mismated.\n"));
4744 return(EINVAL);
4745 }
4746 checkmask = 2;
4747 mustmask = 2;
4748 break;
4749 case IPPROTO_IPCOMP:
4750 if (sav->alg_auth != SADB_AALG_NONE) {
4751 ipseclog((LOG_DEBUG, "key_mature: "
4752 "protocol and algorithm mismated.\n"));
4753 return(EINVAL);
4754 }
4755 if ((sav->flags & SADB_X_EXT_RAWCPI) == 0
4756 && ntohl(sav->spi) >= 0x10000) {
4757 ipseclog((LOG_DEBUG, "key_mature: invalid cpi for IPComp.\n"));
4758 return(EINVAL);
4759 }
4760 checkmask = 4;
4761 mustmask = 4;
4762 break;
4763 default:
4764 ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n"));
4765 return EPROTONOSUPPORT;
4766 }
4767
4768 /* check authentication algorithm */
4769 if ((checkmask & 2) != 0) {
4770 const struct ah_algorithm *algo;
4771 int keylen;
4772
4773 algo = ah_algorithm_lookup(sav->alg_auth);
4774 if (!algo) {
4775 ipseclog((LOG_DEBUG,"key_mature: "
4776 "unknown authentication algorithm.\n"));
4777 return EINVAL;
4778 }
4779
4780 /* algorithm-dependent check */
4781 if (sav->key_auth)
4782 keylen = sav->key_auth->sadb_key_bits;
4783 else
4784 keylen = 0;
4785 if (keylen < algo->keymin || algo->keymax < keylen) {
4786 ipseclog((LOG_DEBUG,
4787 "key_mature: invalid AH key length %d "
4788 "(%d-%d allowed)\n",
4789 keylen, algo->keymin, algo->keymax));
4790 return EINVAL;
4791 }
4792
4793 if (algo->mature) {
4794 if ((*algo->mature)(sav)) {
4795 /* message generated in per-algorithm function*/
4796 return EINVAL;
4797 } else
4798 mature = SADB_SATYPE_AH;
4799 }
4800
4801 if ((mustmask & 2) != 0 && mature != SADB_SATYPE_AH) {
4802 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for AH\n"));
4803 return EINVAL;
4804 }
4805 }
4806
4807 /* check encryption algorithm */
4808 if ((checkmask & 1) != 0) {
4809 #if IPSEC_ESP
4810 const struct esp_algorithm *algo;
4811 int keylen;
4812
4813 algo = esp_algorithm_lookup(sav->alg_enc);
4814 if (!algo) {
4815 ipseclog((LOG_DEBUG, "key_mature: unknown encryption algorithm.\n"));
4816 return EINVAL;
4817 }
4818
4819 /* algorithm-dependent check */
4820 if (sav->key_enc)
4821 keylen = sav->key_enc->sadb_key_bits;
4822 else
4823 keylen = 0;
4824 if (keylen < algo->keymin || algo->keymax < keylen) {
4825 ipseclog((LOG_DEBUG,
4826 "key_mature: invalid ESP key length %d "
4827 "(%d-%d allowed)\n",
4828 keylen, algo->keymin, algo->keymax));
4829 return EINVAL;
4830 }
4831
4832 if (algo->mature) {
4833 if ((*algo->mature)(sav)) {
4834 /* message generated in per-algorithm function*/
4835 return EINVAL;
4836 } else
4837 mature = SADB_SATYPE_ESP;
4838 }
4839
4840 if ((mustmask & 1) != 0 && mature != SADB_SATYPE_ESP) {
4841 ipseclog((LOG_DEBUG, "key_mature: no satisfy algorithm for ESP\n"));
4842 return EINVAL;
4843 }
4844 #else /*IPSEC_ESP*/
4845 ipseclog((LOG_DEBUG, "key_mature: ESP not supported in this configuration\n"));
4846 return EINVAL;
4847 #endif
4848 }
4849
4850 /* check compression algorithm */
4851 if ((checkmask & 4) != 0) {
4852 const struct ipcomp_algorithm *algo;
4853
4854 /* algorithm-dependent check */
4855 algo = ipcomp_algorithm_lookup(sav->alg_enc);
4856 if (!algo) {
4857 ipseclog((LOG_DEBUG, "key_mature: unknown compression algorithm.\n"));
4858 return EINVAL;
4859 }
4860 }
4861
4862 key_sa_chgstate(sav, SADB_SASTATE_MATURE);
4863
4864 return 0;
4865 }
4866
4867 /*
4868 * subroutine for SADB_GET and SADB_DUMP.
4869 */
4870 static struct mbuf *
4871 key_setdumpsa(
4872 struct secasvar *sav,
4873 u_int8_t type,
4874 u_int8_t satype,
4875 u_int32_t seq,
4876 u_int32_t pid)
4877 {
4878 struct mbuf *result = NULL, *tres = NULL, *m;
4879 int l = 0;
4880 int i;
4881 void *p;
4882 int dumporder[] = {
4883 SADB_EXT_SA, SADB_X_EXT_SA2,
4884 SADB_EXT_LIFETIME_HARD, SADB_EXT_LIFETIME_SOFT,
4885 SADB_EXT_LIFETIME_CURRENT, SADB_EXT_ADDRESS_SRC,
4886 SADB_EXT_ADDRESS_DST, SADB_EXT_ADDRESS_PROXY, SADB_EXT_KEY_AUTH,
4887 SADB_EXT_KEY_ENCRYPT, SADB_EXT_IDENTITY_SRC,
4888 SADB_EXT_IDENTITY_DST, SADB_EXT_SENSITIVITY,
4889 };
4890
4891 m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
4892 if (m == NULL)
4893 goto fail;
4894 result = m;
4895
4896 for (i = sizeof(dumporder)/sizeof(dumporder[0]) - 1; i >= 0; i--) {
4897 m = NULL;
4898 p = NULL;
4899 switch (dumporder[i]) {
4900 case SADB_EXT_SA:
4901 m = key_setsadbsa(sav);
4902 if (!m)
4903 goto fail;
4904 break;
4905
4906 case SADB_X_EXT_SA2:
4907 m = key_setsadbxsa2(sav->sah->saidx.mode,
4908 sav->replay ? sav->replay->count : 0,
4909 sav->sah->saidx.reqid,
4910 sav->flags2);
4911 if (!m)
4912 goto fail;
4913 break;
4914
4915 case SADB_EXT_ADDRESS_SRC:
4916 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
4917 (struct sockaddr *)&sav->sah->saidx.src,
4918 FULLMASK, IPSEC_ULPROTO_ANY);
4919 if (!m)
4920 goto fail;
4921 break;
4922
4923 case SADB_EXT_ADDRESS_DST:
4924 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
4925 (struct sockaddr *)&sav->sah->saidx.dst,
4926 FULLMASK, IPSEC_ULPROTO_ANY);
4927 if (!m)
4928 goto fail;
4929 break;
4930
4931 case SADB_EXT_KEY_AUTH:
4932 if (!sav->key_auth)
4933 continue;
4934 l = PFKEY_UNUNIT64(sav->key_auth->sadb_key_len);
4935 p = sav->key_auth;
4936 break;
4937
4938 case SADB_EXT_KEY_ENCRYPT:
4939 if (!sav->key_enc)
4940 continue;
4941 l = PFKEY_UNUNIT64(sav->key_enc->sadb_key_len);
4942 p = sav->key_enc;
4943 break;
4944
4945 case SADB_EXT_LIFETIME_CURRENT:
4946 if (!sav->lft_c)
4947 continue;
4948 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_c)->sadb_ext_len);
4949 p = sav->lft_c;
4950 break;
4951
4952 case SADB_EXT_LIFETIME_HARD:
4953 if (!sav->lft_h)
4954 continue;
4955 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_h)->sadb_ext_len);
4956 p = sav->lft_h;
4957 break;
4958
4959 case SADB_EXT_LIFETIME_SOFT:
4960 if (!sav->lft_s)
4961 continue;
4962 l = PFKEY_UNUNIT64(((struct sadb_ext *)sav->lft_s)->sadb_ext_len);
4963 p = sav->lft_s;
4964 break;
4965
4966 case SADB_EXT_ADDRESS_PROXY:
4967 case SADB_EXT_IDENTITY_SRC:
4968 case SADB_EXT_IDENTITY_DST:
4969 /* XXX: should we brought from SPD ? */
4970 case SADB_EXT_SENSITIVITY:
4971 default:
4972 continue;
4973 }
4974
4975 if ((!m && !p) || (m && p))
4976 goto fail;
4977 if (p && tres) {
4978 M_PREPEND(tres, l, M_WAITOK, 1);
4979 if (!tres)
4980 goto fail;
4981 bcopy(p, mtod(tres, caddr_t), l);
4982 continue;
4983 }
4984 if (p) {
4985 m = key_alloc_mbuf(l);
4986 if (!m)
4987 goto fail;
4988 m_copyback(m, 0, l, p);
4989 }
4990
4991 if (tres)
4992 m_cat(m, tres);
4993 tres = m;
4994 }
4995
4996 m_cat(result, tres);
4997
4998 if (sav->sah && (sav->sah->outgoing_if || sav->sah->ipsec_if)) {
4999 m = key_setsadbipsecif(NULL, ifindex2ifnet[sav->sah->outgoing_if], sav->sah->ipsec_if, 0);
5000 if (!m)
5001 goto fail;
5002 m_cat(result, m);
5003 }
5004
5005 if (result->m_len < sizeof(struct sadb_msg)) {
5006 result = m_pullup(result, sizeof(struct sadb_msg));
5007 if (result == NULL)
5008 goto fail;
5009 }
5010
5011 result->m_pkthdr.len = 0;
5012 for (m = result; m; m = m->m_next)
5013 result->m_pkthdr.len += m->m_len;
5014
5015 mtod(result, struct sadb_msg *)->sadb_msg_len =
5016 PFKEY_UNIT64(result->m_pkthdr.len);
5017
5018 return result;
5019
5020 fail:
5021 m_freem(result);
5022 m_freem(tres);
5023 return NULL;
5024 }
5025
5026 /*
5027 * set data into sadb_msg.
5028 */
5029 static struct mbuf *
5030 key_setsadbmsg(
5031 u_int8_t type,
5032 u_int16_t tlen,
5033 u_int8_t satype,
5034 u_int32_t seq,
5035 pid_t pid,
5036 u_int16_t reserved)
5037 {
5038 struct mbuf *m;
5039 struct sadb_msg *p;
5040 int len;
5041
5042 len = PFKEY_ALIGN8(sizeof(struct sadb_msg));
5043 if (len > MCLBYTES)
5044 return NULL;
5045 MGETHDR(m, M_DONTWAIT, MT_DATA);
5046 if (m && len > MHLEN) {
5047 MCLGET(m, M_DONTWAIT);
5048 if ((m->m_flags & M_EXT) == 0) {
5049 m_freem(m);
5050 m = NULL;
5051 }
5052 }
5053 if (!m)
5054 return NULL;
5055 m->m_pkthdr.len = m->m_len = len;
5056 m->m_next = NULL;
5057
5058 p = mtod(m, struct sadb_msg *);
5059
5060 bzero(p, len);
5061 p->sadb_msg_version = PF_KEY_V2;
5062 p->sadb_msg_type = type;
5063 p->sadb_msg_errno = 0;
5064 p->sadb_msg_satype = satype;
5065 p->sadb_msg_len = PFKEY_UNIT64(tlen);
5066 p->sadb_msg_reserved = reserved;
5067 p->sadb_msg_seq = seq;
5068 p->sadb_msg_pid = (u_int32_t)pid;
5069
5070 return m;
5071 }
5072
5073 /*
5074 * copy secasvar data into sadb_address.
5075 */
5076 static struct mbuf *
5077 key_setsadbsa(
5078 struct secasvar *sav)
5079 {
5080 struct mbuf *m;
5081 struct sadb_sa *p;
5082 int len;
5083
5084 len = PFKEY_ALIGN8(sizeof(struct sadb_sa));
5085 m = key_alloc_mbuf(len);
5086 if (!m || m->m_next) { /*XXX*/
5087 if (m)
5088 m_freem(m);
5089 return NULL;
5090 }
5091
5092 p = mtod(m, struct sadb_sa *);
5093
5094 bzero(p, len);
5095 p->sadb_sa_len = PFKEY_UNIT64(len);
5096 p->sadb_sa_exttype = SADB_EXT_SA;
5097 p->sadb_sa_spi = sav->spi;
5098 p->sadb_sa_replay = (sav->replay != NULL ? sav->replay->wsize : 0);
5099 p->sadb_sa_state = sav->state;
5100 p->sadb_sa_auth = sav->alg_auth;
5101 p->sadb_sa_encrypt = sav->alg_enc;
5102 p->sadb_sa_flags = sav->flags;
5103
5104 return m;
5105 }
5106
5107 /*
5108 * set data into sadb_address.
5109 */
5110 static struct mbuf *
5111 key_setsadbaddr(
5112 u_int16_t exttype,
5113 struct sockaddr *saddr,
5114 u_int8_t prefixlen,
5115 u_int16_t ul_proto)
5116 {
5117 struct mbuf *m;
5118 struct sadb_address *p;
5119 size_t len;
5120
5121 len = PFKEY_ALIGN8(sizeof(struct sadb_address)) +
5122 PFKEY_ALIGN8(saddr->sa_len);
5123 m = key_alloc_mbuf(len);
5124 if (!m || m->m_next) { /*XXX*/
5125 if (m)
5126 m_freem(m);
5127 return NULL;
5128 }
5129
5130 p = mtod(m, struct sadb_address *);
5131
5132 bzero(p, len);
5133 p->sadb_address_len = PFKEY_UNIT64(len);
5134 p->sadb_address_exttype = exttype;
5135 p->sadb_address_proto = ul_proto;
5136 if (prefixlen == FULLMASK) {
5137 switch (saddr->sa_family) {
5138 case AF_INET:
5139 prefixlen = sizeof(struct in_addr) << 3;
5140 break;
5141 case AF_INET6:
5142 prefixlen = sizeof(struct in6_addr) << 3;
5143 break;
5144 default:
5145 ; /*XXX*/
5146 }
5147 }
5148 p->sadb_address_prefixlen = prefixlen;
5149 p->sadb_address_reserved = 0;
5150
5151 bcopy(saddr,
5152 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_address)),
5153 saddr->sa_len);
5154
5155 return m;
5156 }
5157
5158 static struct mbuf *
5159 key_setsadbipsecif(ifnet_t internal_if,
5160 ifnet_t outgoing_if,
5161 ifnet_t ipsec_if,
5162 int init_disabled)
5163 {
5164 struct mbuf *m;
5165 struct sadb_x_ipsecif *p;
5166 size_t len;
5167
5168 len = PFKEY_ALIGN8(sizeof(struct sadb_x_ipsecif));
5169 m = key_alloc_mbuf(len);
5170 if (!m || m->m_next) { /*XXX*/
5171 if (m)
5172 m_freem(m);
5173 return NULL;
5174 }
5175
5176 p = mtod(m, struct sadb_x_ipsecif *);
5177
5178 bzero(p, len);
5179 p->sadb_x_ipsecif_len = PFKEY_UNIT64(len);
5180 p->sadb_x_ipsecif_exttype = SADB_X_EXT_IPSECIF;
5181
5182 if (internal_if && internal_if->if_xname)
5183 strlcpy(p->sadb_x_ipsecif_internal_if, internal_if->if_xname, IFXNAMSIZ);
5184 if (outgoing_if && outgoing_if->if_xname)
5185 strlcpy(p->sadb_x_ipsecif_outgoing_if, outgoing_if->if_xname, IFXNAMSIZ);
5186 if (ipsec_if && ipsec_if->if_xname)
5187 strlcpy(p->sadb_x_ipsecif_ipsec_if, ipsec_if->if_xname, IFXNAMSIZ);
5188
5189 p->sadb_x_ipsecif_init_disabled = init_disabled;
5190
5191 return m;
5192 }
5193
5194 /*
5195 * set data into sadb_session_id
5196 */
5197 static struct mbuf *
5198 key_setsadbsession_id (u_int64_t session_ids[])
5199 {
5200 struct mbuf *m;
5201 struct sadb_session_id *p;
5202 size_t len;
5203
5204 len = PFKEY_ALIGN8(sizeof(*p));
5205 m = key_alloc_mbuf(len);
5206 if (!m || m->m_next) { /*XXX*/
5207 if (m)
5208 m_freem(m);
5209 return NULL;
5210 }
5211
5212 p = mtod(m, __typeof__(p));
5213
5214 bzero(p, len);
5215 p->sadb_session_id_len = PFKEY_UNIT64(len);
5216 p->sadb_session_id_exttype = SADB_EXT_SESSION_ID;
5217 p->sadb_session_id_v[0] = session_ids[0];
5218 p->sadb_session_id_v[1] = session_ids[1];
5219
5220 return m;
5221 }
5222
5223 /*
5224 * copy stats data into sadb_sastat type.
5225 */
5226 static struct mbuf *
5227 key_setsadbsastat (u_int32_t dir,
5228 struct sastat *stats,
5229 u_int32_t max_stats)
5230 {
5231 struct mbuf *m;
5232 struct sadb_sastat *p;
5233 int list_len, len;
5234
5235 if (!stats) {
5236 return NULL;
5237 }
5238
5239 list_len = sizeof(*stats) * max_stats;
5240 len = PFKEY_ALIGN8(sizeof(*p)) + PFKEY_ALIGN8(list_len);
5241 m = key_alloc_mbuf(len);
5242 if (!m || m->m_next) { /*XXX*/
5243 if (m)
5244 m_freem(m);
5245 return NULL;
5246 }
5247
5248 p = mtod(m, __typeof__(p));
5249
5250 bzero(p, len);
5251 p->sadb_sastat_len = PFKEY_UNIT64(len);
5252 p->sadb_sastat_exttype = SADB_EXT_SASTAT;
5253 p->sadb_sastat_dir = dir;
5254 p->sadb_sastat_list_len = max_stats;
5255 if (list_len) {
5256 bcopy(stats,
5257 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(*p)),
5258 list_len);
5259 }
5260
5261 return m;
5262 }
5263
5264 #if 0
5265 /*
5266 * set data into sadb_ident.
5267 */
5268 static struct mbuf *
5269 key_setsadbident(
5270 u_int16_t exttype,
5271 u_int16_t idtype,
5272 caddr_t string,
5273 int stringlen,
5274 u_int64_t id)
5275 {
5276 struct mbuf *m;
5277 struct sadb_ident *p;
5278 size_t len;
5279
5280 len = PFKEY_ALIGN8(sizeof(struct sadb_ident)) + PFKEY_ALIGN8(stringlen);
5281 m = key_alloc_mbuf(len);
5282 if (!m || m->m_next) { /*XXX*/
5283 if (m)
5284 m_freem(m);
5285 return NULL;
5286 }
5287
5288 p = mtod(m, struct sadb_ident *);
5289
5290 bzero(p, len);
5291 p->sadb_ident_len = PFKEY_UNIT64(len);
5292 p->sadb_ident_exttype = exttype;
5293 p->sadb_ident_type = idtype;
5294 p->sadb_ident_reserved = 0;
5295 p->sadb_ident_id = id;
5296
5297 bcopy(string,
5298 mtod(m, caddr_t) + PFKEY_ALIGN8(sizeof(struct sadb_ident)),
5299 stringlen);
5300
5301 return m;
5302 }
5303 #endif
5304
5305 /*
5306 * set data into sadb_x_sa2.
5307 */
5308 static struct mbuf *
5309 key_setsadbxsa2(
5310 u_int8_t mode,
5311 u_int32_t seq,
5312 u_int32_t reqid,
5313 u_int16_t flags)
5314 {
5315 struct mbuf *m;
5316 struct sadb_x_sa2 *p;
5317 size_t len;
5318
5319 len = PFKEY_ALIGN8(sizeof(struct sadb_x_sa2));
5320 m = key_alloc_mbuf(len);
5321 if (!m || m->m_next) { /*XXX*/
5322 if (m)
5323 m_freem(m);
5324 return NULL;
5325 }
5326
5327 p = mtod(m, struct sadb_x_sa2 *);
5328
5329 bzero(p, len);
5330 p->sadb_x_sa2_len = PFKEY_UNIT64(len);
5331 p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
5332 p->sadb_x_sa2_mode = mode;
5333 p->sadb_x_sa2_reserved1 = 0;
5334 p->sadb_x_sa2_reserved2 = 0;
5335 p->sadb_x_sa2_sequence = seq;
5336 p->sadb_x_sa2_reqid = reqid;
5337 p->sadb_x_sa2_flags = flags;
5338
5339 return m;
5340 }
5341
5342 /*
5343 * set data into sadb_x_policy
5344 */
5345 static struct mbuf *
5346 key_setsadbxpolicy(
5347 u_int16_t type,
5348 u_int8_t dir,
5349 u_int32_t id)
5350 {
5351 struct mbuf *m;
5352 struct sadb_x_policy *p;
5353 size_t len;
5354
5355 len = PFKEY_ALIGN8(sizeof(struct sadb_x_policy));
5356 m = key_alloc_mbuf(len);
5357 if (!m || m->m_next) { /*XXX*/
5358 if (m)
5359 m_freem(m);
5360 return NULL;
5361 }
5362
5363 p = mtod(m, struct sadb_x_policy *);
5364
5365 bzero(p, len);
5366 p->sadb_x_policy_len = PFKEY_UNIT64(len);
5367 p->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
5368 p->sadb_x_policy_type = type;
5369 p->sadb_x_policy_dir = dir;
5370 p->sadb_x_policy_id = id;
5371
5372 return m;
5373 }
5374
5375 /* %%% utilities */
5376 /*
5377 * copy a buffer into the new buffer allocated.
5378 */
5379 static void *
5380 key_newbuf(
5381 const void *src,
5382 u_int len)
5383 {
5384 caddr_t new;
5385
5386 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
5387 KMALLOC_NOWAIT(new, caddr_t, len);
5388 if (new == NULL) {
5389 lck_mtx_unlock(sadb_mutex);
5390 KMALLOC_WAIT(new, caddr_t, len);
5391 lck_mtx_lock(sadb_mutex);
5392 if (new == NULL) {
5393 ipseclog((LOG_DEBUG, "key_newbuf: No more memory.\n"));
5394 return NULL;
5395 }
5396 }
5397 bcopy(src, new, len);
5398
5399 return new;
5400 }
5401
5402 /* compare my own address
5403 * OUT: 1: true, i.e. my address.
5404 * 0: false
5405 */
5406 int
5407 key_ismyaddr(
5408 struct sockaddr *sa)
5409 {
5410 #if INET
5411 struct sockaddr_in *sin;
5412 struct in_ifaddr *ia;
5413 #endif
5414
5415 /* sanity check */
5416 if (sa == NULL)
5417 panic("key_ismyaddr: NULL pointer is passed.\n");
5418
5419 switch (sa->sa_family) {
5420 #if INET
5421 case AF_INET:
5422 lck_rw_lock_shared(in_ifaddr_rwlock);
5423 sin = (struct sockaddr_in *)(void *)sa;
5424 for (ia = in_ifaddrhead.tqh_first; ia;
5425 ia = ia->ia_link.tqe_next) {
5426 IFA_LOCK_SPIN(&ia->ia_ifa);
5427 if (sin->sin_family == ia->ia_addr.sin_family &&
5428 sin->sin_len == ia->ia_addr.sin_len &&
5429 sin->sin_addr.s_addr == ia->ia_addr.sin_addr.s_addr)
5430 {
5431 IFA_UNLOCK(&ia->ia_ifa);
5432 lck_rw_done(in_ifaddr_rwlock);
5433 return 1;
5434 }
5435 IFA_UNLOCK(&ia->ia_ifa);
5436 }
5437 lck_rw_done(in_ifaddr_rwlock);
5438 break;
5439 #endif
5440 #if INET6
5441 case AF_INET6:
5442 return key_ismyaddr6((struct sockaddr_in6 *)(void *)sa);
5443 #endif
5444 }
5445
5446 return 0;
5447 }
5448
5449 #if INET6
5450 /*
5451 * compare my own address for IPv6.
5452 * 1: ours
5453 * 0: other
5454 * NOTE: derived ip6_input() in KAME. This is necessary to modify more.
5455 */
5456 #include <netinet6/in6_var.h>
5457
5458 static int
5459 key_ismyaddr6(
5460 struct sockaddr_in6 *sin6)
5461 {
5462 struct in6_ifaddr *ia;
5463 struct in6_multi *in6m;
5464
5465 lck_rw_lock_shared(&in6_ifaddr_rwlock);
5466 for (ia = in6_ifaddrs; ia; ia = ia->ia_next) {
5467 IFA_LOCK(&ia->ia_ifa);
5468 if (key_sockaddrcmp((struct sockaddr *)&sin6,
5469 (struct sockaddr *)&ia->ia_addr, 0) == 0) {
5470 IFA_UNLOCK(&ia->ia_ifa);
5471 lck_rw_done(&in6_ifaddr_rwlock);
5472 return 1;
5473 }
5474 IFA_UNLOCK(&ia->ia_ifa);
5475
5476 /*
5477 * XXX Multicast
5478 * XXX why do we care about multlicast here while we don't care
5479 * about IPv4 multicast??
5480 * XXX scope
5481 */
5482 in6m = NULL;
5483 in6_multihead_lock_shared();
5484 IN6_LOOKUP_MULTI(&sin6->sin6_addr, ia->ia_ifp, in6m);
5485 in6_multihead_lock_done();
5486 if (in6m != NULL) {
5487 lck_rw_done(&in6_ifaddr_rwlock);
5488 IN6M_REMREF(in6m);
5489 return 1;
5490 }
5491 }
5492 lck_rw_done(&in6_ifaddr_rwlock);
5493
5494 /* loopback, just for safety */
5495 if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr))
5496 return 1;
5497
5498 return 0;
5499 }
5500 #endif /*INET6*/
5501
5502 /*
5503 * compare two secasindex structure.
5504 * flag can specify to compare 2 saidxes.
5505 * compare two secasindex structure without both mode and reqid.
5506 * don't compare port.
5507 * IN:
5508 * saidx0: source, it can be in SAD.
5509 * saidx1: object.
5510 * OUT:
5511 * 1 : equal
5512 * 0 : not equal
5513 */
5514 static int
5515 key_cmpsaidx(
5516 struct secasindex *saidx0,
5517 struct secasindex *saidx1,
5518 int flag)
5519 {
5520 /* sanity */
5521 if (saidx0 == NULL && saidx1 == NULL)
5522 return 1;
5523
5524 if (saidx0 == NULL || saidx1 == NULL)
5525 return 0;
5526
5527 if (saidx0->ipsec_ifindex != 0 && saidx0->ipsec_ifindex != saidx1->ipsec_ifindex)
5528 return 0;
5529
5530 if (saidx0->proto != saidx1->proto)
5531 return 0;
5532
5533 if (flag == CMP_EXACTLY) {
5534 if (saidx0->mode != saidx1->mode)
5535 return 0;
5536 if (saidx0->reqid != saidx1->reqid)
5537 return 0;
5538 if (bcmp(&saidx0->src, &saidx1->src, saidx0->src.ss_len) != 0 ||
5539 bcmp(&saidx0->dst, &saidx1->dst, saidx0->dst.ss_len) != 0)
5540 return 0;
5541 } else {
5542
5543 /* CMP_MODE_REQID, CMP_REQID, CMP_HEAD */
5544 if (flag & CMP_REQID) {
5545 /*
5546 * If reqid of SPD is non-zero, unique SA is required.
5547 * The result must be of same reqid in this case.
5548 */
5549 if (saidx1->reqid != 0 && saidx0->reqid != saidx1->reqid)
5550 return 0;
5551 }
5552
5553 if (flag & CMP_MODE) {
5554 if (saidx0->mode != IPSEC_MODE_ANY
5555 && saidx0->mode != saidx1->mode)
5556 return 0;
5557 }
5558
5559 if (key_sockaddrcmp((struct sockaddr *)&saidx0->src,
5560 (struct sockaddr *)&saidx1->src, flag & CMP_PORT ? 1 : 0) != 0) {
5561 return 0;
5562 }
5563 if (key_sockaddrcmp((struct sockaddr *)&saidx0->dst,
5564 (struct sockaddr *)&saidx1->dst, flag & CMP_PORT ? 1 : 0) != 0) {
5565 return 0;
5566 }
5567 }
5568
5569 return 1;
5570 }
5571
5572 /*
5573 * compare two secindex structure exactly.
5574 * IN:
5575 * spidx0: source, it is often in SPD.
5576 * spidx1: object, it is often from PFKEY message.
5577 * OUT:
5578 * 1 : equal
5579 * 0 : not equal
5580 */
5581 static int
5582 key_cmpspidx_exactly(
5583 struct secpolicyindex *spidx0,
5584 struct secpolicyindex *spidx1)
5585 {
5586 /* sanity */
5587 if (spidx0 == NULL && spidx1 == NULL)
5588 return 1;
5589
5590 if (spidx0 == NULL || spidx1 == NULL)
5591 return 0;
5592
5593 if (spidx0->prefs != spidx1->prefs
5594 || spidx0->prefd != spidx1->prefd
5595 || spidx0->ul_proto != spidx1->ul_proto
5596 || spidx0->internal_if != spidx1->internal_if)
5597 return 0;
5598
5599 if (key_sockaddrcmp((struct sockaddr *)&spidx0->src,
5600 (struct sockaddr *)&spidx1->src, 1) != 0) {
5601 return 0;
5602 }
5603 if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst,
5604 (struct sockaddr *)&spidx1->dst, 1) != 0) {
5605 return 0;
5606 }
5607
5608 if (key_sockaddrcmp((struct sockaddr *)&spidx0->src_range.start,
5609 (struct sockaddr *)&spidx1->src_range.start, 1) != 0) {
5610 return 0;
5611 }
5612 if (key_sockaddrcmp((struct sockaddr *)&spidx0->src_range.end,
5613 (struct sockaddr *)&spidx1->src_range.end, 1) != 0) {
5614 return 0;
5615 }
5616 if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst_range.start,
5617 (struct sockaddr *)&spidx1->dst_range.start, 1) != 0) {
5618 return 0;
5619 }
5620 if (key_sockaddrcmp((struct sockaddr *)&spidx0->dst_range.end,
5621 (struct sockaddr *)&spidx1->dst_range.end, 1) != 0) {
5622 return 0;
5623 }
5624
5625 return 1;
5626 }
5627
5628 /*
5629 * compare two secindex structure with mask.
5630 * IN:
5631 * spidx0: source, it is often in SPD.
5632 * spidx1: object, it is often from IP header.
5633 * OUT:
5634 * 1 : equal
5635 * 0 : not equal
5636 */
5637 static int
5638 key_cmpspidx_withmask(
5639 struct secpolicyindex *spidx0,
5640 struct secpolicyindex *spidx1)
5641 {
5642 int spidx0_src_is_range = 0;
5643 int spidx0_dst_is_range = 0;
5644
5645 /* sanity */
5646 if (spidx0 == NULL && spidx1 == NULL)
5647 return 1;
5648
5649 if (spidx0 == NULL || spidx1 == NULL)
5650 return 0;
5651
5652 if (spidx0->src_range.start.ss_len > 0)
5653 spidx0_src_is_range = 1;
5654
5655 if (spidx0->dst_range.start.ss_len > 0)
5656 spidx0_dst_is_range = 1;
5657
5658 if ((spidx0_src_is_range ? spidx0->src_range.start.ss_family : spidx0->src.ss_family) != spidx1->src.ss_family ||
5659 (spidx0_dst_is_range ? spidx0->dst_range.start.ss_family : spidx0->dst.ss_family) != spidx1->dst.ss_family ||
5660 (spidx0_src_is_range ? spidx0->src_range.start.ss_len : spidx0->src.ss_len) != spidx1->src.ss_len ||
5661 (spidx0_dst_is_range ? spidx0->dst_range.start.ss_len : spidx0->dst.ss_len) != spidx1->dst.ss_len)
5662 return 0;
5663
5664 /* if spidx.ul_proto == IPSEC_ULPROTO_ANY, ignore. */
5665 if (spidx0->ul_proto != (u_int16_t)IPSEC_ULPROTO_ANY
5666 && spidx0->ul_proto != spidx1->ul_proto)
5667 return 0;
5668
5669 /* If spidx1 specifies interface, ignore src addr */
5670 if (spidx1->internal_if != NULL) {
5671 if (spidx0->internal_if == NULL
5672 || spidx0->internal_if != spidx1->internal_if)
5673 return 0;
5674
5675 /* Still check ports */
5676 switch (spidx0->src.ss_family) {
5677 case AF_INET:
5678 if (spidx0_src_is_range &&
5679 (satosin(&spidx1->src)->sin_port < satosin(&spidx0->src_range.start)->sin_port
5680 || satosin(&spidx1->src)->sin_port > satosin(&spidx0->src_range.end)->sin_port))
5681 return 0;
5682 else if (satosin(&spidx0->src)->sin_port != IPSEC_PORT_ANY
5683 && satosin(&spidx0->src)->sin_port !=
5684 satosin(&spidx1->src)->sin_port)
5685 return 0;
5686 break;
5687 case AF_INET6:
5688 if (spidx0_src_is_range &&
5689 (satosin6(&spidx1->src)->sin6_port < satosin6(&spidx0->src_range.start)->sin6_port
5690 || satosin6(&spidx1->src)->sin6_port > satosin6(&spidx0->src_range.end)->sin6_port))
5691 return 0;
5692 else if (satosin6(&spidx0->src)->sin6_port != IPSEC_PORT_ANY
5693 && satosin6(&spidx0->src)->sin6_port !=
5694 satosin6(&spidx1->src)->sin6_port)
5695 return 0;
5696 break;
5697 default:
5698 break;
5699 }
5700 } else if (spidx0_src_is_range) {
5701 if (!key_is_addr_in_range(&spidx1->src, &spidx0->src_range))
5702 return 0;
5703 } else {
5704 switch (spidx0->src.ss_family) {
5705 case AF_INET:
5706 if (satosin(&spidx0->src)->sin_port != IPSEC_PORT_ANY
5707 && satosin(&spidx0->src)->sin_port !=
5708 satosin(&spidx1->src)->sin_port)
5709 return 0;
5710 if (!key_bbcmp((caddr_t)&satosin(&spidx0->src)->sin_addr,
5711 (caddr_t)&satosin(&spidx1->src)->sin_addr, spidx0->prefs))
5712 return 0;
5713 break;
5714 case AF_INET6:
5715 if (satosin6(&spidx0->src)->sin6_port != IPSEC_PORT_ANY
5716 && satosin6(&spidx0->src)->sin6_port !=
5717 satosin6(&spidx1->src)->sin6_port)
5718 return 0;
5719 /*
5720 * scope_id check. if sin6_scope_id is 0, we regard it
5721 * as a wildcard scope, which matches any scope zone ID.
5722 */
5723 if (satosin6(&spidx0->src)->sin6_scope_id &&
5724 satosin6(&spidx1->src)->sin6_scope_id &&
5725 satosin6(&spidx0->src)->sin6_scope_id !=
5726 satosin6(&spidx1->src)->sin6_scope_id)
5727 return 0;
5728 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->src)->sin6_addr,
5729 (caddr_t)&satosin6(&spidx1->src)->sin6_addr, spidx0->prefs))
5730 return 0;
5731 break;
5732 default:
5733 /* XXX */
5734 if (bcmp(&spidx0->src, &spidx1->src, spidx0->src.ss_len) != 0)
5735 return 0;
5736 break;
5737 }
5738 }
5739
5740 if (spidx0_dst_is_range) {
5741 if (!key_is_addr_in_range(&spidx1->dst, &spidx0->dst_range))
5742 return 0;
5743 } else {
5744 switch (spidx0->dst.ss_family) {
5745 case AF_INET:
5746 if (satosin(&spidx0->dst)->sin_port != IPSEC_PORT_ANY
5747 && satosin(&spidx0->dst)->sin_port !=
5748 satosin(&spidx1->dst)->sin_port)
5749 return 0;
5750 if (!key_bbcmp((caddr_t)&satosin(&spidx0->dst)->sin_addr,
5751 (caddr_t)&satosin(&spidx1->dst)->sin_addr, spidx0->prefd))
5752 return 0;
5753 break;
5754 case AF_INET6:
5755 if (satosin6(&spidx0->dst)->sin6_port != IPSEC_PORT_ANY
5756 && satosin6(&spidx0->dst)->sin6_port !=
5757 satosin6(&spidx1->dst)->sin6_port)
5758 return 0;
5759 /*
5760 * scope_id check. if sin6_scope_id is 0, we regard it
5761 * as a wildcard scope, which matches any scope zone ID.
5762 */
5763 if (satosin6(&spidx0->src)->sin6_scope_id &&
5764 satosin6(&spidx1->src)->sin6_scope_id &&
5765 satosin6(&spidx0->dst)->sin6_scope_id !=
5766 satosin6(&spidx1->dst)->sin6_scope_id)
5767 return 0;
5768 if (!key_bbcmp((caddr_t)&satosin6(&spidx0->dst)->sin6_addr,
5769 (caddr_t)&satosin6(&spidx1->dst)->sin6_addr, spidx0->prefd))
5770 return 0;
5771 break;
5772 default:
5773 /* XXX */
5774 if (bcmp(&spidx0->dst, &spidx1->dst, spidx0->dst.ss_len) != 0)
5775 return 0;
5776 break;
5777 }
5778 }
5779
5780 /* XXX Do we check other field ? e.g. flowinfo */
5781
5782 return 1;
5783 }
5784
5785 static int
5786 key_is_addr_in_range(struct sockaddr_storage *addr, struct secpolicyaddrrange *addr_range)
5787 {
5788 int cmp = 0;
5789
5790 if (addr == NULL || addr_range == NULL)
5791 return 0;
5792
5793 /* Must be greater than or equal to start */
5794 cmp = key_sockaddrcmp((struct sockaddr *)addr, (struct sockaddr *)&addr_range->start, 1);
5795 if (cmp != 0 && cmp != 1)
5796 return 0;
5797
5798 /* Must be less than or equal to end */
5799 cmp = key_sockaddrcmp((struct sockaddr *)addr, (struct sockaddr *)&addr_range->end, 1);
5800 if (cmp != 0 && cmp != -1)
5801 return 0;
5802
5803 return 1;
5804 }
5805
5806 /*
5807 Return values:
5808 -1: sa1 < sa2
5809 0: sa1 == sa2
5810 1: sa1 > sa2
5811 2: Not comparable or error
5812 */
5813 static int
5814 key_sockaddrcmp(
5815 struct sockaddr *sa1,
5816 struct sockaddr *sa2,
5817 int port)
5818 {
5819 int result = 0;
5820 int port_result = 0;
5821
5822 if (sa1->sa_family != sa2->sa_family || sa1->sa_len != sa2->sa_len)
5823 return 2;
5824
5825 if (sa1->sa_len == 0)
5826 return 0;
5827
5828 switch (sa1->sa_family) {
5829 case AF_INET:
5830 if (sa1->sa_len != sizeof(struct sockaddr_in))
5831 return 2;
5832
5833 result = memcmp(&satosin(sa1)->sin_addr.s_addr, &satosin(sa2)->sin_addr.s_addr, sizeof(satosin(sa1)->sin_addr.s_addr));
5834
5835 if (port) {
5836 if (satosin(sa1)->sin_port < satosin(sa2)->sin_port) {
5837 port_result = -1;
5838 } else if (satosin(sa1)->sin_port > satosin(sa2)->sin_port) {
5839 port_result = 1;
5840 }
5841
5842 if (result == 0)
5843 result = port_result;
5844 else if ((result > 0 && port_result < 0) || (result < 0 && port_result > 0))
5845 return 2;
5846 }
5847
5848 break;
5849 case AF_INET6:
5850 if (sa1->sa_len != sizeof(struct sockaddr_in6))
5851 return 2; /*EINVAL*/
5852
5853 if (satosin6(sa1)->sin6_scope_id !=
5854 satosin6(sa2)->sin6_scope_id) {
5855 return 2;
5856 }
5857
5858 result = memcmp(&satosin6(sa1)->sin6_addr.s6_addr[0], &satosin6(sa2)->sin6_addr.s6_addr[0], sizeof(struct in6_addr));
5859
5860 if (port) {
5861 if (satosin6(sa1)->sin6_port < satosin6(sa2)->sin6_port) {
5862 port_result = -1;
5863 } else if (satosin6(sa1)->sin6_port > satosin6(sa2)->sin6_port) {
5864 port_result = 1;
5865 }
5866
5867 if (result == 0)
5868 result = port_result;
5869 else if ((result > 0 && port_result < 0) || (result < 0 && port_result > 0))
5870 return 2;
5871 }
5872
5873 break;
5874 default:
5875 result = memcmp(sa1, sa2, sa1->sa_len);
5876 break;
5877 }
5878
5879 if (result < 0) result = -1;
5880 else if (result > 0) result = 1;
5881
5882 return result;
5883 }
5884
5885 /*
5886 * compare two buffers with mask.
5887 * IN:
5888 * addr1: source
5889 * addr2: object
5890 * bits: Number of bits to compare
5891 * OUT:
5892 * 1 : equal
5893 * 0 : not equal
5894 */
5895 static int
5896 key_bbcmp(
5897 caddr_t p1,
5898 caddr_t p2,
5899 u_int bits)
5900 {
5901 u_int8_t mask;
5902
5903 /* XXX: This could be considerably faster if we compare a word
5904 * at a time, but it is complicated on LSB Endian machines */
5905
5906 /* Handle null pointers */
5907 if (p1 == NULL || p2 == NULL)
5908 return (p1 == p2);
5909
5910 while (bits >= 8) {
5911 if (*p1++ != *p2++)
5912 return 0;
5913 bits -= 8;
5914 }
5915
5916 if (bits > 0) {
5917 mask = ~((1<<(8-bits))-1);
5918 if ((*p1 & mask) != (*p2 & mask))
5919 return 0;
5920 }
5921 return 1; /* Match! */
5922 }
5923
5924 /*
5925 * time handler.
5926 * scanning SPD and SAD to check status for each entries,
5927 * and do to remove or to expire.
5928 * XXX: year 2038 problem may remain.
5929 */
5930 int key_timehandler_debug = 0;
5931 u_int32_t spd_count = 0, sah_count = 0, dead_sah_count = 0, empty_sah_count = 0, larval_sav_count = 0, mature_sav_count = 0, dying_sav_count = 0, dead_sav_count = 0;
5932 u_int64_t total_sav_count = 0;
5933 void
5934 key_timehandler(void)
5935 {
5936 u_int dir;
5937 struct timeval tv;
5938 struct secpolicy **spbuf = NULL, **spptr = NULL;
5939 struct secasvar **savexbuf = NULL, **savexptr = NULL;
5940 struct secasvar **savkabuf = NULL, **savkaptr = NULL;
5941 int spbufcount = 0, savbufcount = 0, spcount = 0, savexcount = 0, savkacount = 0, cnt;
5942 int stop_handler = 1; /* stop the timehandler */
5943
5944 microtime(&tv);
5945
5946 /* pre-allocate buffers before taking the lock */
5947 /* if allocation failures occur - portions of the processing will be skipped */
5948 if ((spbufcount = ipsec_policy_count) != 0) {
5949 spbufcount += 256;
5950 KMALLOC_WAIT(spbuf, struct secpolicy **, spbufcount * sizeof(struct secpolicy *));
5951 if (spbuf)
5952 spptr = spbuf;
5953 }
5954 if ((savbufcount = ipsec_sav_count) != 0) {
5955 savbufcount += 512;
5956 KMALLOC_WAIT(savexbuf, struct secasvar **, savbufcount * sizeof(struct secasvar *));
5957 if (savexbuf)
5958 savexptr = savexbuf;
5959 KMALLOC_WAIT(savkabuf, struct secasvar **, savbufcount * sizeof(struct secasvar *));
5960 if (savkabuf)
5961 savkaptr = savkabuf;
5962 }
5963 lck_mtx_lock(sadb_mutex);
5964 /* SPD */
5965 if (spbuf) {
5966
5967 struct secpolicy *sp, *nextsp;
5968
5969 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
5970 for (sp = LIST_FIRST(&sptree[dir]);
5971 sp != NULL;
5972 sp = nextsp) {
5973
5974 /* don't prevent timehandler from stopping for generate policy */
5975 if (sp->policy != IPSEC_POLICY_GENERATE)
5976 stop_handler = 0;
5977 spd_count++;
5978 nextsp = LIST_NEXT(sp, chain);
5979
5980 if (sp->state == IPSEC_SPSTATE_DEAD) {
5981 key_freesp(sp, KEY_SADB_LOCKED);
5982 continue;
5983 }
5984
5985 if (sp->lifetime == 0 && sp->validtime == 0)
5986 continue;
5987 if (spbuf && spcount < spbufcount) {
5988 /* the deletion will occur next time */
5989 if ((sp->lifetime
5990 && tv.tv_sec - sp->created > sp->lifetime)
5991 || (sp->validtime
5992 && tv.tv_sec - sp->lastused > sp->validtime)) {
5993 //key_spdexpire(sp);
5994 sp->state = IPSEC_SPSTATE_DEAD;
5995 sp->refcnt++;
5996 *spptr++ = sp;
5997 spcount++;
5998 }
5999 }
6000 }
6001 }
6002 }
6003
6004 /* SAD */
6005 {
6006 struct secashead *sah, *nextsah;
6007 struct secasvar *sav, *nextsav;
6008
6009 for (sah = LIST_FIRST(&sahtree);
6010 sah != NULL;
6011 sah = nextsah) {
6012
6013 sah_count++;
6014 nextsah = LIST_NEXT(sah, chain);
6015
6016 /* if sah has been dead, then delete it and process next sah. */
6017 if (sah->state == SADB_SASTATE_DEAD) {
6018 key_delsah(sah);
6019 dead_sah_count++;
6020 continue;
6021 }
6022
6023 if (LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]) == NULL &&
6024 LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]) == NULL &&
6025 LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]) == NULL &&
6026 LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]) == NULL) {
6027 key_delsah(sah);
6028 empty_sah_count++;
6029 continue;
6030 }
6031
6032 if (savbufcount == 0) {
6033 continue;
6034 }
6035
6036 stop_handler = 0;
6037
6038 /* if LARVAL entry doesn't become MATURE, delete it. */
6039 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_LARVAL]);
6040 sav != NULL;
6041 sav = nextsav) {
6042
6043 larval_sav_count++;
6044 total_sav_count++;
6045 nextsav = LIST_NEXT(sav, chain);
6046
6047 if (sav->lft_h != NULL) {
6048 /* If a hard lifetime is defined for the LARVAL SA, use it */
6049 if (sav->lft_h->sadb_lifetime_addtime != 0
6050 && tv.tv_sec - sav->created > sav->lft_h->sadb_lifetime_addtime) {
6051 if (sav->always_expire) {
6052 key_send_delete(sav);
6053 sav = NULL;
6054 } else {
6055 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
6056 key_freesav(sav, KEY_SADB_LOCKED);
6057 sav = NULL;
6058 }
6059 }
6060 } else {
6061 if (tv.tv_sec - sav->created > key_larval_lifetime) {
6062 key_freesav(sav, KEY_SADB_LOCKED);
6063 }
6064 }
6065 }
6066
6067 /*
6068 * If this is a NAT traversal SA with no activity,
6069 * we need to send a keep alive.
6070 *
6071 * Performed outside of the loop before so we will
6072 * only ever send one keepalive. The first SA on
6073 * the list is the one that will be used for sending
6074 * traffic, so this is the one we use for determining
6075 * when to send the keepalive.
6076 */
6077 if (savkabuf && savkacount < savbufcount) {
6078 sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]); //%%% should we check dying list if this is empty???
6079 if (sav && (natt_keepalive_interval || sav->natt_interval) &&
6080 (sav->flags & (SADB_X_EXT_NATT_KEEPALIVE | SADB_X_EXT_ESP_KEEPALIVE)) != 0) {
6081 sav->refcnt++;
6082 *savkaptr++ = sav;
6083 savkacount++;
6084 }
6085 }
6086
6087 /*
6088 * check MATURE entry to start to send expire message
6089 * whether or not.
6090 */
6091 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_MATURE]);
6092 sav != NULL;
6093 sav = nextsav) {
6094
6095 mature_sav_count++;
6096 total_sav_count++;
6097 nextsav = LIST_NEXT(sav, chain);
6098
6099 /* we don't need to check. */
6100 if (sav->lft_s == NULL)
6101 continue;
6102
6103 /* sanity check */
6104 if (sav->lft_c == NULL) {
6105 ipseclog((LOG_DEBUG,"key_timehandler: "
6106 "There is no CURRENT time, why?\n"));
6107 continue;
6108 }
6109
6110 /* check SOFT lifetime */
6111 if (sav->lft_s->sadb_lifetime_addtime != 0
6112 && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
6113 /*
6114 * If always_expire is set, expire. Otherwise,
6115 * if the SA has not been used, delete immediately.
6116 */
6117 if (sav->lft_c->sadb_lifetime_usetime == 0
6118 && sav->always_expire == 0) {
6119 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
6120 key_freesav(sav, KEY_SADB_LOCKED);
6121 sav = NULL;
6122 } else if (savexbuf && savexcount < savbufcount) {
6123 key_sa_chgstate(sav, SADB_SASTATE_DYING);
6124 sav->refcnt++;
6125 *savexptr++ = sav;
6126 savexcount++;
6127 }
6128 }
6129
6130 /* check SOFT lifetime by bytes */
6131 /*
6132 * XXX I don't know the way to delete this SA
6133 * when new SA is installed. Caution when it's
6134 * installed too big lifetime by time.
6135 */
6136 else if (savexbuf && savexcount < savbufcount
6137 && sav->lft_s->sadb_lifetime_bytes != 0
6138 && sav->lft_s->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
6139
6140 /*
6141 * XXX If we keep to send expire
6142 * message in the status of
6143 * DYING. Do remove below code.
6144 */
6145 //key_expire(sav);
6146 key_sa_chgstate(sav, SADB_SASTATE_DYING);
6147 sav->refcnt++;
6148 *savexptr++ = sav;
6149 savexcount++;
6150 }
6151 }
6152
6153 /* check DYING entry to change status to DEAD. */
6154 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DYING]);
6155 sav != NULL;
6156 sav = nextsav) {
6157
6158 dying_sav_count++;
6159 total_sav_count++;
6160 nextsav = LIST_NEXT(sav, chain);
6161
6162 /* we don't need to check. */
6163 if (sav->lft_h == NULL)
6164 continue;
6165
6166 /* sanity check */
6167 if (sav->lft_c == NULL) {
6168 ipseclog((LOG_DEBUG, "key_timehandler: "
6169 "There is no CURRENT time, why?\n"));
6170 continue;
6171 }
6172
6173 if (sav->lft_h->sadb_lifetime_addtime != 0
6174 && tv.tv_sec - sav->created > sav->lft_h->sadb_lifetime_addtime) {
6175 if (sav->always_expire) {
6176 key_send_delete(sav);
6177 sav = NULL;
6178 } else {
6179 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
6180 key_freesav(sav, KEY_SADB_LOCKED);
6181 sav = NULL;
6182 }
6183 }
6184 #if 0 /* XXX Should we keep to send expire message until HARD lifetime ? */
6185 else if (savbuf && savexcount < savbufcount
6186 && sav->lft_s != NULL
6187 && sav->lft_s->sadb_lifetime_addtime != 0
6188 && tv.tv_sec - sav->created > sav->lft_s->sadb_lifetime_addtime) {
6189 /*
6190 * XXX: should be checked to be
6191 * installed the valid SA.
6192 */
6193
6194 /*
6195 * If there is no SA then sending
6196 * expire message.
6197 */
6198 //key_expire(sav);
6199 sav->refcnt++;
6200 *savexptr++ = sav;
6201 savexcount++;
6202 }
6203 #endif
6204 /* check HARD lifetime by bytes */
6205 else if (sav->lft_h->sadb_lifetime_bytes != 0
6206 && sav->lft_h->sadb_lifetime_bytes < sav->lft_c->sadb_lifetime_bytes) {
6207 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
6208 key_freesav(sav, KEY_SADB_LOCKED);
6209 sav = NULL;
6210 }
6211 }
6212
6213 /* delete entry in DEAD */
6214 for (sav = LIST_FIRST(&sah->savtree[SADB_SASTATE_DEAD]);
6215 sav != NULL;
6216 sav = nextsav) {
6217
6218 dead_sav_count++;
6219 total_sav_count++;
6220 nextsav = LIST_NEXT(sav, chain);
6221
6222 /* sanity check */
6223 if (sav->state != SADB_SASTATE_DEAD) {
6224 ipseclog((LOG_DEBUG, "key_timehandler: "
6225 "invalid sav->state "
6226 "(queue: %d SA: %d): "
6227 "kill it anyway\n",
6228 SADB_SASTATE_DEAD, sav->state));
6229 }
6230
6231 /*
6232 * do not call key_freesav() here.
6233 * sav should already be freed, and sav->refcnt
6234 * shows other references to sav
6235 * (such as from SPD).
6236 */
6237 }
6238 }
6239 }
6240
6241 if (++key_timehandler_debug >= 300) {
6242 if (key_debug_level) {
6243 printf("%s: total stats for %u calls\n", __FUNCTION__, key_timehandler_debug);
6244 printf("%s: walked %u SPDs\n", __FUNCTION__, spd_count);
6245 printf("%s: walked %llu SAs: LARVAL SAs %u, MATURE SAs %u, DYING SAs %u, DEAD SAs %u\n", __FUNCTION__,
6246 total_sav_count, larval_sav_count, mature_sav_count, dying_sav_count, dead_sav_count);
6247 printf("%s: walked %u SAHs: DEAD SAHs %u, EMPTY SAHs %u\n", __FUNCTION__,
6248 sah_count, dead_sah_count, empty_sah_count);
6249 if (sah_search_calls) {
6250 printf("%s: SAH search cost %d iters per call\n", __FUNCTION__,
6251 (sah_search_count/sah_search_calls));
6252 }
6253 }
6254 spd_count = 0;
6255 sah_count = 0;
6256 dead_sah_count = 0;
6257 empty_sah_count = 0;
6258 larval_sav_count = 0;
6259 mature_sav_count = 0;
6260 dying_sav_count = 0;
6261 dead_sav_count = 0;
6262 total_sav_count = 0;
6263 sah_search_count = 0;
6264 sah_search_calls = 0;
6265 key_timehandler_debug = 0;
6266 }
6267 #ifndef IPSEC_NONBLOCK_ACQUIRE
6268 /* ACQ tree */
6269 {
6270 struct secacq *acq, *nextacq;
6271
6272 for (acq = LIST_FIRST(&acqtree);
6273 acq != NULL;
6274 acq = nextacq) {
6275
6276 stop_handler = 0;
6277 nextacq = LIST_NEXT(acq, chain);
6278
6279 if (tv.tv_sec - acq->created > key_blockacq_lifetime
6280 && __LIST_CHAINED(acq)) {
6281 LIST_REMOVE(acq, chain);
6282 KFREE(acq);
6283 }
6284 }
6285 }
6286 #endif
6287
6288 /* SP ACQ tree */
6289 {
6290 struct secspacq *acq, *nextacq;
6291
6292 for (acq = LIST_FIRST(&spacqtree);
6293 acq != NULL;
6294 acq = nextacq) {
6295
6296 stop_handler = 0;
6297 nextacq = LIST_NEXT(acq, chain);
6298
6299 if (tv.tv_sec - acq->created > key_blockacq_lifetime
6300 && __LIST_CHAINED(acq)) {
6301 LIST_REMOVE(acq, chain);
6302 KFREE(acq);
6303 }
6304 }
6305 }
6306
6307 /* initialize random seed */
6308 if (key_tick_init_random++ > key_int_random) {
6309 key_tick_init_random = 0;
6310 key_srandom();
6311 }
6312
6313 uint64_t acc_sleep_time = 0;
6314 absolutetime_to_nanoseconds(mach_absolutetime_asleep, &acc_sleep_time);
6315 natt_now = ++up_time + (acc_sleep_time / NSEC_PER_SEC);
6316
6317 lck_mtx_unlock(sadb_mutex);
6318
6319 /* send messages outside of sadb_mutex */
6320 if (spbuf && spcount > 0) {
6321 cnt = spcount;
6322 while (cnt--)
6323 key_spdexpire(*(--spptr));
6324 }
6325 if (savkabuf && savkacount > 0) {
6326 struct secasvar **savkaptr_sav = savkaptr;
6327 int cnt_send = savkacount;
6328
6329 while (cnt_send--) {
6330 if (ipsec_send_natt_keepalive(*(--savkaptr))) {
6331 // <rdar://6768487> iterate (all over again) and update timestamps
6332 struct secasvar **savkaptr_update = savkaptr_sav;
6333 int cnt_update = savkacount;
6334 while (cnt_update--) {
6335 key_update_natt_keepalive_timestamp(*savkaptr,
6336 *(--savkaptr_update));
6337 }
6338 }
6339 }
6340 }
6341 if (savexbuf && savexcount > 0) {
6342 cnt = savexcount;
6343 while (cnt--)
6344 key_expire(*(--savexptr));
6345 }
6346
6347 /* decrement ref counts and free buffers */
6348 lck_mtx_lock(sadb_mutex);
6349 if (spbuf) {
6350 while (spcount--)
6351 key_freesp(*spptr++, KEY_SADB_LOCKED);
6352 KFREE(spbuf);
6353 }
6354 if (savkabuf) {
6355 while (savkacount--)
6356 key_freesav(*savkaptr++, KEY_SADB_LOCKED);
6357 KFREE(savkabuf);
6358 }
6359 if (savexbuf) {
6360 while (savexcount--)
6361 key_freesav(*savexptr++, KEY_SADB_LOCKED);
6362 KFREE(savexbuf);
6363 }
6364
6365 if (stop_handler) {
6366 key_timehandler_running = 0;
6367 /* Turn on the ipsec bypass */
6368 ipsec_bypass = 1;
6369 } else {
6370 /* do exchange to tick time !! */
6371 (void)timeout((void *)key_timehandler, (void *)0, hz);
6372 }
6373
6374 lck_mtx_unlock(sadb_mutex);
6375 return;
6376 }
6377
6378 /*
6379 * to initialize a seed for random()
6380 */
6381 static void
6382 key_srandom(void)
6383 {
6384 #ifdef __APPLE__
6385 /* Our PRNG is based on Yarrow and doesn't need to be seeded */
6386 random();
6387 #else
6388 struct timeval tv;
6389
6390 microtime(&tv);
6391
6392 srandom(tv.tv_usec);
6393 #endif
6394
6395 return;
6396 }
6397
6398 u_int32_t
6399 key_random(void)
6400 {
6401 u_int32_t value;
6402
6403 key_randomfill(&value, sizeof(value));
6404 return value;
6405 }
6406
6407 void
6408 key_randomfill(
6409 void *p,
6410 size_t l)
6411 {
6412 #ifdef __APPLE__
6413 cc_rand_generate(p, l);
6414 #else
6415 size_t n;
6416 u_int32_t v;
6417 static int warn = 1;
6418
6419 n = 0;
6420 n = (size_t)read_random(p, (u_int)l);
6421 /* last resort */
6422 while (n < l) {
6423 v = random();
6424 bcopy(&v, (u_int8_t *)p + n,
6425 l - n < sizeof(v) ? l - n : sizeof(v));
6426 n += sizeof(v);
6427
6428 if (warn) {
6429 printf("WARNING: pseudo-random number generator "
6430 "used for IPsec processing\n");
6431 warn = 0;
6432 }
6433 }
6434 #endif
6435 }
6436
6437 /*
6438 * map SADB_SATYPE_* to IPPROTO_*.
6439 * if satype == SADB_SATYPE then satype is mapped to ~0.
6440 * OUT:
6441 * 0: invalid satype.
6442 */
6443 static u_int16_t
6444 key_satype2proto(
6445 u_int8_t satype)
6446 {
6447 switch (satype) {
6448 case SADB_SATYPE_UNSPEC:
6449 return IPSEC_PROTO_ANY;
6450 case SADB_SATYPE_AH:
6451 return IPPROTO_AH;
6452 case SADB_SATYPE_ESP:
6453 return IPPROTO_ESP;
6454 case SADB_X_SATYPE_IPCOMP:
6455 return IPPROTO_IPCOMP;
6456 default:
6457 return 0;
6458 }
6459 /* NOTREACHED */
6460 }
6461
6462 /*
6463 * map IPPROTO_* to SADB_SATYPE_*
6464 * OUT:
6465 * 0: invalid protocol type.
6466 */
6467 static u_int8_t
6468 key_proto2satype(
6469 u_int16_t proto)
6470 {
6471 switch (proto) {
6472 case IPPROTO_AH:
6473 return SADB_SATYPE_AH;
6474 case IPPROTO_ESP:
6475 return SADB_SATYPE_ESP;
6476 case IPPROTO_IPCOMP:
6477 return SADB_X_SATYPE_IPCOMP;
6478 default:
6479 return 0;
6480 }
6481 /* NOTREACHED */
6482 }
6483
6484 static ifnet_t
6485 key_get_ipsec_if_from_message (const struct sadb_msghdr *mhp, int message_type)
6486 {
6487 struct sadb_x_ipsecif *ipsecifopts = NULL;
6488 ifnet_t ipsec_if = NULL;
6489
6490 ipsecifopts = (struct sadb_x_ipsecif *)(void *)mhp->ext[message_type];
6491 if (ipsecifopts != NULL) {
6492 if (ipsecifopts->sadb_x_ipsecif_ipsec_if[0]) {
6493 ifnet_find_by_name(ipsecifopts->sadb_x_ipsecif_ipsec_if, &ipsec_if);
6494 }
6495 }
6496
6497 return ipsec_if;
6498 }
6499
6500 static u_int
6501 key_get_outgoing_ifindex_from_message (const struct sadb_msghdr *mhp, int message_type)
6502 {
6503 struct sadb_x_ipsecif *ipsecifopts = NULL;
6504 ifnet_t outgoing_if = NULL;
6505
6506 ipsecifopts = (struct sadb_x_ipsecif *)(void *)mhp->ext[message_type];
6507 if (ipsecifopts != NULL) {
6508 if (ipsecifopts->sadb_x_ipsecif_outgoing_if[0]) {
6509 ifnet_find_by_name(ipsecifopts->sadb_x_ipsecif_outgoing_if, &outgoing_if);
6510 }
6511 }
6512
6513 return outgoing_if ? outgoing_if->if_index : 0;
6514 }
6515
6516 /* %%% PF_KEY */
6517 /*
6518 * SADB_GETSPI processing is to receive
6519 * <base, (SA2), src address, dst address, (SPI range)>
6520 * from the IKMPd, to assign a unique spi value, to hang on the INBOUND
6521 * tree with the status of LARVAL, and send
6522 * <base, SA(*), address(SD)>
6523 * to the IKMPd.
6524 *
6525 * IN: mhp: pointer to the pointer to each header.
6526 * OUT: NULL if fail.
6527 * other if success, return pointer to the message to send.
6528 */
6529 static int
6530 key_getspi(
6531 struct socket *so,
6532 struct mbuf *m,
6533 const struct sadb_msghdr *mhp)
6534 {
6535 struct sadb_address *src0, *dst0;
6536 struct secasindex saidx;
6537 struct secashead *newsah;
6538 struct secasvar *newsav;
6539 ifnet_t ipsec_if = NULL;
6540 u_int8_t proto;
6541 u_int32_t spi;
6542 u_int8_t mode;
6543 u_int32_t reqid;
6544 int error;
6545
6546 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
6547
6548 /* sanity check */
6549 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6550 panic("key_getspi: NULL pointer is passed.\n");
6551
6552 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
6553 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
6554 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
6555 return key_senderror(so, m, EINVAL);
6556 }
6557 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
6558 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
6559 ipseclog((LOG_DEBUG, "key_getspi: invalid message is passed.\n"));
6560 return key_senderror(so, m, EINVAL);
6561 }
6562 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
6563 mode = ((struct sadb_x_sa2 *)
6564 (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
6565 reqid = ((struct sadb_x_sa2 *)
6566 (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
6567 } else {
6568 mode = IPSEC_MODE_ANY;
6569 reqid = 0;
6570 }
6571
6572 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
6573 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
6574
6575 ipsec_if = key_get_ipsec_if_from_message(mhp, SADB_X_EXT_IPSECIF);
6576
6577 /* map satype to proto */
6578 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6579 ipseclog((LOG_DEBUG, "key_getspi: invalid satype is passed.\n"));
6580 return key_senderror(so, m, EINVAL);
6581 }
6582
6583 /* make sure if port number is zero. */
6584 switch (((struct sockaddr *)(src0 + 1))->sa_family) {
6585 case AF_INET:
6586 if (((struct sockaddr *)(src0 + 1))->sa_len !=
6587 sizeof(struct sockaddr_in))
6588 return key_senderror(so, m, EINVAL);
6589 ((struct sockaddr_in *)(void *)(src0 + 1))->sin_port = 0;
6590 break;
6591 case AF_INET6:
6592 if (((struct sockaddr *)(src0 + 1))->sa_len !=
6593 sizeof(struct sockaddr_in6))
6594 return key_senderror(so, m, EINVAL);
6595 ((struct sockaddr_in6 *)(void *)(src0 + 1))->sin6_port = 0;
6596 break;
6597 default:
6598 ; /*???*/
6599 }
6600 switch (((struct sockaddr *)(dst0 + 1))->sa_family) {
6601 case AF_INET:
6602 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
6603 sizeof(struct sockaddr_in))
6604 return key_senderror(so, m, EINVAL);
6605 ((struct sockaddr_in *)(void *)(dst0 + 1))->sin_port = 0;
6606 break;
6607 case AF_INET6:
6608 if (((struct sockaddr *)(dst0 + 1))->sa_len !=
6609 sizeof(struct sockaddr_in6))
6610 return key_senderror(so, m, EINVAL);
6611 ((struct sockaddr_in6 *)(void *)(dst0 + 1))->sin6_port = 0;
6612 break;
6613 default:
6614 ; /*???*/
6615 }
6616
6617 /* XXX boundary check against sa_len */
6618 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
6619
6620 lck_mtx_lock(sadb_mutex);
6621
6622 /* SPI allocation */
6623 spi = key_do_getnewspi((struct sadb_spirange *)
6624 (void *)mhp->ext[SADB_EXT_SPIRANGE], &saidx);
6625 if (spi == 0) {
6626 lck_mtx_unlock(sadb_mutex);
6627 return key_senderror(so, m, EINVAL);
6628 }
6629
6630 /* get a SA index */
6631 if ((newsah = key_getsah(&saidx)) == NULL) {
6632 /* create a new SA index: key_addspi is always used for inbound spi */
6633 if ((newsah = key_newsah(&saidx, ipsec_if, key_get_outgoing_ifindex_from_message(mhp, SADB_X_EXT_IPSECIF), IPSEC_DIR_INBOUND)) == NULL) {
6634 lck_mtx_unlock(sadb_mutex);
6635 ipseclog((LOG_DEBUG, "key_getspi: No more memory.\n"));
6636 return key_senderror(so, m, ENOBUFS);
6637 }
6638 }
6639
6640 /* get a new SA */
6641 /* XXX rewrite */
6642 newsav = key_newsav(m, mhp, newsah, &error, so);
6643 if (newsav == NULL) {
6644 /* XXX don't free new SA index allocated in above. */
6645 lck_mtx_unlock(sadb_mutex);
6646 return key_senderror(so, m, error);
6647 }
6648
6649 /* set spi */
6650 key_setspi(newsav, htonl(spi));
6651
6652 #ifndef IPSEC_NONBLOCK_ACQUIRE
6653 /* delete the entry in acqtree */
6654 if (mhp->msg->sadb_msg_seq != 0) {
6655 struct secacq *acq;
6656 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) != NULL) {
6657 /* reset counter in order to deletion by timehandler. */
6658 struct timeval tv;
6659 microtime(&tv);
6660 acq->created = tv.tv_sec;
6661 acq->count = 0;
6662 }
6663 }
6664 #endif
6665
6666 lck_mtx_unlock(sadb_mutex);
6667
6668 {
6669 struct mbuf *n, *nn;
6670 struct sadb_sa *m_sa;
6671 struct sadb_msg *newmsg;
6672 int off, len;
6673
6674 /* create new sadb_msg to reply. */
6675 len = PFKEY_ALIGN8(sizeof(struct sadb_msg)) +
6676 PFKEY_ALIGN8(sizeof(struct sadb_sa));
6677 if (len > MCLBYTES)
6678 return key_senderror(so, m, ENOBUFS);
6679
6680 MGETHDR(n, M_WAITOK, MT_DATA);
6681 if (n && len > MHLEN) {
6682 MCLGET(n, M_WAITOK);
6683 if ((n->m_flags & M_EXT) == 0) {
6684 m_freem(n);
6685 n = NULL;
6686 }
6687 }
6688 if (!n)
6689 return key_senderror(so, m, ENOBUFS);
6690
6691 n->m_len = len;
6692 n->m_next = NULL;
6693 off = 0;
6694
6695 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
6696 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
6697
6698 m_sa = (struct sadb_sa *)(void *)(mtod(n, caddr_t) + off);
6699 m_sa->sadb_sa_len = PFKEY_UNIT64(sizeof(struct sadb_sa));
6700 m_sa->sadb_sa_exttype = SADB_EXT_SA;
6701 m_sa->sadb_sa_spi = htonl(spi);
6702 off += PFKEY_ALIGN8(sizeof(struct sadb_sa));
6703
6704 #if DIAGNOSTIC
6705 if (off != len)
6706 panic("length inconsistency in key_getspi");
6707 #endif
6708 {
6709 int mbufItems[] = {SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST};
6710 n->m_next = key_gather_mbuf(m, mhp, 0, sizeof(mbufItems)/sizeof(int), mbufItems);
6711 if (!n->m_next) {
6712 m_freem(n);
6713 return key_senderror(so, m, ENOBUFS);
6714 }
6715 }
6716
6717 if (n->m_len < sizeof(struct sadb_msg)) {
6718 n = m_pullup(n, sizeof(struct sadb_msg));
6719 if (n == NULL)
6720 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
6721 }
6722
6723 n->m_pkthdr.len = 0;
6724 for (nn = n; nn; nn = nn->m_next)
6725 n->m_pkthdr.len += nn->m_len;
6726
6727 newmsg = mtod(n, struct sadb_msg *);
6728 newmsg->sadb_msg_seq = newsav->seq;
6729 newmsg->sadb_msg_errno = 0;
6730 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
6731
6732 m_freem(m);
6733 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
6734 }
6735 }
6736
6737 u_int32_t
6738 key_getspi2(struct sockaddr *src,
6739 struct sockaddr *dst,
6740 u_int8_t proto,
6741 u_int8_t mode,
6742 u_int32_t reqid,
6743 struct sadb_spirange *spirange)
6744 {
6745 u_int32_t spi;
6746 struct secasindex saidx;
6747
6748 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
6749
6750 /* XXX boundary check against sa_len */
6751 KEY_SETSECASIDX(proto, mode, reqid, src, dst, 0, &saidx);
6752
6753 /* make sure if port number is zero. */
6754 switch (((struct sockaddr *)&saidx.src)->sa_family) {
6755 case AF_INET:
6756 if (((struct sockaddr *)&saidx.src)->sa_len != sizeof(struct sockaddr_in))
6757 return 0;
6758 ((struct sockaddr_in *)&saidx.src)->sin_port = 0;
6759 break;
6760 case AF_INET6:
6761 if (((struct sockaddr *)&saidx.src)->sa_len != sizeof(struct sockaddr_in6))
6762 return 0;
6763 ((struct sockaddr_in6 *)&saidx.src)->sin6_port = 0;
6764 break;
6765 default:
6766 ; /*???*/
6767 }
6768 switch (((struct sockaddr *)&saidx.dst)->sa_family) {
6769 case AF_INET:
6770 if (((struct sockaddr *)&saidx.dst)->sa_len != sizeof(struct sockaddr_in))
6771 return 0;
6772 ((struct sockaddr_in *)&saidx.dst)->sin_port = 0;
6773 break;
6774 case AF_INET6:
6775 if (((struct sockaddr *)&saidx.dst)->sa_len != sizeof(struct sockaddr_in6))
6776 return 0;
6777 ((struct sockaddr_in6 *)&saidx.dst)->sin6_port = 0;
6778 break;
6779 default:
6780 ; /*???*/
6781 }
6782
6783 lck_mtx_lock(sadb_mutex);
6784
6785 /* SPI allocation */
6786 spi = key_do_getnewspi(spirange, &saidx);
6787
6788 lck_mtx_unlock(sadb_mutex);
6789
6790 return spi;
6791 }
6792
6793 /*
6794 * allocating new SPI
6795 * called by key_getspi() and key_getspi2().
6796 * OUT:
6797 * 0: failure.
6798 * others: success.
6799 */
6800 static u_int32_t
6801 key_do_getnewspi(
6802 struct sadb_spirange *spirange,
6803 struct secasindex *saidx)
6804 {
6805 u_int32_t newspi;
6806 u_int32_t keymin, keymax;
6807 int count = key_spi_trycnt;
6808
6809 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
6810
6811 /* set spi range to allocate */
6812 if (spirange != NULL) {
6813 keymin = spirange->sadb_spirange_min;
6814 keymax = spirange->sadb_spirange_max;
6815 } else {
6816 keymin = key_spi_minval;
6817 keymax = key_spi_maxval;
6818 }
6819 /* IPCOMP needs 2-byte SPI */
6820 if (saidx->proto == IPPROTO_IPCOMP) {
6821 u_int32_t t;
6822 if (keymin >= 0x10000)
6823 keymin = 0xffff;
6824 if (keymax >= 0x10000)
6825 keymax = 0xffff;
6826 if (keymin > keymax) {
6827 t = keymin; keymin = keymax; keymax = t;
6828 }
6829 }
6830
6831 if (keymin == keymax) {
6832 if (key_checkspidup(saidx, keymin) != NULL) {
6833 ipseclog((LOG_DEBUG, "key_do_getnewspi: SPI %u exists already.\n", keymin));
6834 return 0;
6835 }
6836
6837 count--; /* taking one cost. */
6838 newspi = keymin;
6839
6840 } else {
6841
6842 u_int32_t range = keymax - keymin + 1; /* overflow value of zero means full range */
6843
6844 /* init SPI */
6845 newspi = 0;
6846
6847 /* when requesting to allocate spi ranged */
6848 while (count--) {
6849 u_int32_t rand_val = key_random();
6850
6851 /* generate pseudo-random SPI value ranged. */
6852 newspi = (range == 0 ? rand_val : keymin + (rand_val % range));
6853
6854 if (key_checkspidup(saidx, newspi) == NULL)
6855 break;
6856 }
6857
6858 if (count == 0 || newspi == 0) {
6859 ipseclog((LOG_DEBUG, "key_do_getnewspi: to allocate spi is failed.\n"));
6860 return 0;
6861 }
6862 }
6863
6864 /* statistics */
6865 keystat.getspi_count =
6866 (keystat.getspi_count + key_spi_trycnt - count) / 2;
6867
6868 return newspi;
6869 }
6870
6871 /*
6872 * SADB_UPDATE processing
6873 * receive
6874 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
6875 * key(AE), (identity(SD),) (sensitivity)>
6876 * from the ikmpd, and update a secasvar entry whose status is SADB_SASTATE_LARVAL.
6877 * and send
6878 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
6879 * (identity(SD),) (sensitivity)>
6880 * to the ikmpd.
6881 *
6882 * m will always be freed.
6883 */
6884 static int
6885 key_update(
6886 struct socket *so,
6887 struct mbuf *m,
6888 const struct sadb_msghdr *mhp)
6889 {
6890 struct sadb_sa *sa0;
6891 struct sadb_address *src0, *dst0;
6892 ifnet_t ipsec_if = NULL;
6893 struct secasindex saidx;
6894 struct secashead *sah;
6895 struct secasvar *sav;
6896 u_int16_t proto;
6897 u_int8_t mode;
6898 u_int32_t reqid;
6899 u_int16_t flags2;
6900 int error;
6901
6902 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
6903
6904 /* sanity check */
6905 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
6906 panic("key_update: NULL pointer is passed.\n");
6907
6908 /* map satype to proto */
6909 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
6910 ipseclog((LOG_DEBUG, "key_update: invalid satype is passed.\n"));
6911 return key_senderror(so, m, EINVAL);
6912 }
6913
6914 if (mhp->ext[SADB_EXT_SA] == NULL ||
6915 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
6916 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
6917 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
6918 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
6919 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
6920 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
6921 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
6922 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
6923 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
6924 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
6925 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
6926 return key_senderror(so, m, EINVAL);
6927 }
6928 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
6929 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
6930 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
6931 ipseclog((LOG_DEBUG, "key_update: invalid message is passed.\n"));
6932 return key_senderror(so, m, EINVAL);
6933 }
6934 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
6935 mode = ((struct sadb_x_sa2 *)
6936 (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
6937 reqid = ((struct sadb_x_sa2 *)
6938 (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
6939 flags2 = ((struct sadb_x_sa2 *)(void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_flags;
6940 } else {
6941 mode = IPSEC_MODE_ANY;
6942 reqid = 0;
6943 flags2 = 0;
6944 }
6945 /* XXX boundary checking for other extensions */
6946
6947 sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
6948 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
6949 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
6950 ipsec_if = key_get_ipsec_if_from_message(mhp, SADB_X_EXT_IPSECIF);
6951
6952 /* XXX boundary check against sa_len */
6953 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
6954
6955 lck_mtx_lock(sadb_mutex);
6956
6957 /* get a SA header */
6958 if ((sah = key_getsah(&saidx)) == NULL) {
6959 lck_mtx_unlock(sadb_mutex);
6960 ipseclog((LOG_DEBUG, "key_update: no SA index found.\n"));
6961 return key_senderror(so, m, ENOENT);
6962 }
6963
6964 /* set spidx if there */
6965 /* XXX rewrite */
6966 error = key_setident(sah, m, mhp);
6967 if (error) {
6968 lck_mtx_unlock(sadb_mutex);
6969 return key_senderror(so, m, error);
6970 }
6971
6972 /* find a SA with sequence number. */
6973 #if IPSEC_DOSEQCHECK
6974 if (mhp->msg->sadb_msg_seq != 0
6975 && (sav = key_getsavbyseq(sah, mhp->msg->sadb_msg_seq)) == NULL) {
6976 lck_mtx_unlock(sadb_mutex);
6977 ipseclog((LOG_DEBUG,
6978 "key_update: no larval SA with sequence %u exists.\n",
6979 mhp->msg->sadb_msg_seq));
6980 return key_senderror(so, m, ENOENT);
6981 }
6982 #else
6983 if ((sav = key_getsavbyspi(sah, sa0->sadb_sa_spi)) == NULL) {
6984 lck_mtx_unlock(sadb_mutex);
6985 ipseclog((LOG_DEBUG,
6986 "key_update: no such a SA found (spi:%u)\n",
6987 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
6988 return key_senderror(so, m, EINVAL);
6989 }
6990 #endif
6991
6992 /* validity check */
6993 if (sav->sah->saidx.proto != proto) {
6994 lck_mtx_unlock(sadb_mutex);
6995 ipseclog((LOG_DEBUG,
6996 "key_update: protocol mismatched (DB=%u param=%u)\n",
6997 sav->sah->saidx.proto, proto));
6998 return key_senderror(so, m, EINVAL);
6999 }
7000 #if IPSEC_DOSEQCHECK
7001 if (sav->spi != sa0->sadb_sa_spi) {
7002 lck_mtx_unlock(sadb_mutex);
7003 ipseclog((LOG_DEBUG,
7004 "key_update: SPI mismatched (DB:%u param:%u)\n",
7005 (u_int32_t)ntohl(sav->spi),
7006 (u_int32_t)ntohl(sa0->sadb_sa_spi)));
7007 return key_senderror(so, m, EINVAL);
7008 }
7009 #endif
7010 if (sav->pid != mhp->msg->sadb_msg_pid) {
7011 lck_mtx_unlock(sadb_mutex);
7012 ipseclog((LOG_DEBUG,
7013 "key_update: pid mismatched (DB:%u param:%u)\n",
7014 sav->pid, mhp->msg->sadb_msg_pid));
7015 return key_senderror(so, m, EINVAL);
7016 }
7017
7018 /* copy sav values */
7019 error = key_setsaval(sav, m, mhp);
7020 if (error) {
7021 key_freesav(sav, KEY_SADB_LOCKED);
7022 lck_mtx_unlock(sadb_mutex);
7023 return key_senderror(so, m, error);
7024 }
7025
7026 sav->flags2 = flags2;
7027 if (flags2 & SADB_X_EXT_SA2_DELETE_ON_DETACH) {
7028 sav->so = so;
7029 }
7030
7031 /*
7032 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
7033 * this SA is for transport mode - otherwise clear it.
7034 */
7035 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0 &&
7036 (sav->sah->saidx.mode != IPSEC_MODE_TRANSPORT ||
7037 sav->sah->saidx.src.ss_family != AF_INET))
7038 sav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
7039
7040 /* check SA values to be mature. */
7041 if ((error = key_mature(sav)) != 0) {
7042 key_freesav(sav, KEY_SADB_LOCKED);
7043 lck_mtx_unlock(sadb_mutex);
7044 return key_senderror(so, m, error);
7045 }
7046
7047 lck_mtx_unlock(sadb_mutex);
7048
7049 {
7050 struct mbuf *n;
7051
7052 /* set msg buf from mhp */
7053 n = key_getmsgbuf_x1(m, mhp);
7054 if (n == NULL) {
7055 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
7056 return key_senderror(so, m, ENOBUFS);
7057 }
7058
7059 m_freem(m);
7060 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
7061 }
7062 }
7063
7064 static int
7065 key_migrate(struct socket *so,
7066 struct mbuf *m,
7067 const struct sadb_msghdr *mhp)
7068 {
7069 struct sadb_sa *sa0 = NULL;
7070 struct sadb_address *src0 = NULL;
7071 struct sadb_address *dst0 = NULL;
7072 struct sadb_address *src1 = NULL;
7073 struct sadb_address *dst1 = NULL;
7074 ifnet_t ipsec_if0 = NULL;
7075 ifnet_t ipsec_if1 = NULL;
7076 struct secasindex saidx0;
7077 struct secasindex saidx1;
7078 struct secashead *sah = NULL;
7079 struct secashead *newsah = NULL;
7080 struct secasvar *sav = NULL;
7081 u_int16_t proto;
7082
7083 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
7084
7085 /* sanity check */
7086 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7087 panic("key_migrate: NULL pointer is passed.\n");
7088
7089 /* map satype to proto */
7090 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7091 ipseclog((LOG_DEBUG, "key_migrate: invalid satype is passed.\n"));
7092 return key_senderror(so, m, EINVAL);
7093 }
7094
7095 if (mhp->ext[SADB_EXT_SA] == NULL ||
7096 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
7097 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
7098 mhp->ext[SADB_EXT_MIGRATE_ADDRESS_SRC] == NULL ||
7099 mhp->ext[SADB_EXT_MIGRATE_ADDRESS_DST] == NULL) {
7100 ipseclog((LOG_DEBUG, "key_migrate: invalid message is passed.\n"));
7101 return key_senderror(so, m, EINVAL);
7102 }
7103
7104 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
7105 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
7106 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
7107 mhp->extlen[SADB_EXT_MIGRATE_ADDRESS_SRC] < sizeof(struct sadb_address) ||
7108 mhp->extlen[SADB_EXT_MIGRATE_ADDRESS_DST] < sizeof(struct sadb_address)) {
7109 ipseclog((LOG_DEBUG, "key_migrate: invalid message is passed.\n"));
7110 return key_senderror(so, m, EINVAL);
7111 }
7112
7113 lck_mtx_lock(sadb_mutex);
7114
7115 sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
7116 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
7117 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
7118 src1 = (struct sadb_address *)(mhp->ext[SADB_EXT_MIGRATE_ADDRESS_SRC]);
7119 dst1 = (struct sadb_address *)(mhp->ext[SADB_EXT_MIGRATE_ADDRESS_DST]);
7120 ipsec_if0 = key_get_ipsec_if_from_message(mhp, SADB_X_EXT_IPSECIF);
7121 ipsec_if1 = key_get_ipsec_if_from_message(mhp, SADB_X_EXT_MIGRATE_IPSECIF);
7122
7123 /* Find existing SAH and SAV */
7124 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, ipsec_if0 ? ipsec_if0->if_index : 0, &saidx0);
7125
7126 LIST_FOREACH(sah, &sahtree, chain) {
7127 if (sah->state != SADB_SASTATE_MATURE)
7128 continue;
7129 if (key_cmpsaidx(&sah->saidx, &saidx0, CMP_HEAD) == 0)
7130 continue;
7131
7132 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
7133 if (sav && sav->state == SADB_SASTATE_MATURE)
7134 break;
7135 }
7136 if (sah == NULL) {
7137 lck_mtx_unlock(sadb_mutex);
7138 ipseclog((LOG_DEBUG, "key_migrate: no mature SAH found.\n"));
7139 return key_senderror(so, m, ENOENT);
7140 }
7141
7142 if (sav == NULL) {
7143 lck_mtx_unlock(sadb_mutex);
7144 ipseclog((LOG_DEBUG, "key_migrate: no SA found.\n"));
7145 return key_senderror(so, m, ENOENT);
7146 }
7147
7148 /* Find or create new SAH */
7149 KEY_SETSECASIDX(proto, sah->saidx.mode, sah->saidx.reqid, src1 + 1, dst1 + 1, ipsec_if1 ? ipsec_if1->if_index : 0, &saidx1);
7150
7151 if ((newsah = key_getsah(&saidx1)) == NULL) {
7152 if ((newsah = key_newsah(&saidx1, ipsec_if1, key_get_outgoing_ifindex_from_message(mhp, SADB_X_EXT_MIGRATE_IPSECIF), sah->dir)) == NULL) {
7153 lck_mtx_unlock(sadb_mutex);
7154 ipseclog((LOG_DEBUG, "key_migrate: No more memory.\n"));
7155 return key_senderror(so, m, ENOBUFS);
7156 }
7157 }
7158
7159 /* Migrate SAV in to new SAH */
7160 if (key_migratesav(sav, newsah) != 0) {
7161 lck_mtx_unlock(sadb_mutex);
7162 ipseclog((LOG_DEBUG, "key_migrate: Failed to migrate SA to new SAH.\n"));
7163 return key_senderror(so, m, EINVAL);
7164 }
7165
7166 /* Reset NAT values */
7167 sav->flags = sa0->sadb_sa_flags;
7168 sav->remote_ike_port = ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_port;
7169 sav->natt_interval = ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_interval;
7170 sav->natt_offload_interval = ((const struct sadb_sa_2*)(sa0))->sadb_sa_natt_offload_interval;
7171 sav->natt_last_activity = natt_now;
7172
7173 /*
7174 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
7175 * SADB_X_EXT_NATT is set and SADB_X_EXT_NATT_KEEPALIVE is not
7176 * set (we're not behind nat) - otherwise clear it.
7177 */
7178 if ((sav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0)
7179 if ((sav->flags & SADB_X_EXT_NATT) == 0 ||
7180 (sav->flags & SADB_X_EXT_NATT_KEEPALIVE) != 0)
7181 sav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
7182
7183 lck_mtx_unlock(sadb_mutex);
7184 {
7185 struct mbuf *n;
7186 struct sadb_msg *newmsg;
7187 int mbufItems[] = {SADB_EXT_RESERVED, SADB_EXT_SA,
7188 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST, SADB_X_EXT_IPSECIF,
7189 SADB_EXT_MIGRATE_ADDRESS_SRC, SADB_EXT_MIGRATE_ADDRESS_DST, SADB_X_EXT_MIGRATE_IPSECIF};
7190
7191 /* create new sadb_msg to reply. */
7192 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
7193 if (!n)
7194 return key_senderror(so, m, ENOBUFS);
7195
7196 if (n->m_len < sizeof(struct sadb_msg)) {
7197 n = m_pullup(n, sizeof(struct sadb_msg));
7198 if (n == NULL)
7199 return key_senderror(so, m, ENOBUFS);
7200 }
7201 newmsg = mtod(n, struct sadb_msg *);
7202 newmsg->sadb_msg_errno = 0;
7203 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
7204
7205 m_freem(m);
7206 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
7207 }
7208 }
7209
7210 /*
7211 * search SAD with sequence for a SA which state is SADB_SASTATE_LARVAL.
7212 * only called by key_update().
7213 * OUT:
7214 * NULL : not found
7215 * others : found, pointer to a SA.
7216 */
7217 #if IPSEC_DOSEQCHECK
7218 static struct secasvar *
7219 key_getsavbyseq(
7220 struct secashead *sah,
7221 u_int32_t seq)
7222 {
7223 struct secasvar *sav;
7224 u_int state;
7225
7226 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
7227
7228 state = SADB_SASTATE_LARVAL;
7229
7230 /* search SAD with sequence number ? */
7231 LIST_FOREACH(sav, &sah->savtree[state], chain) {
7232
7233 KEY_CHKSASTATE(state, sav->state, "key_getsabyseq");
7234
7235 if (sav->seq == seq) {
7236 sav->refcnt++;
7237 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
7238 printf("DP key_getsavbyseq cause "
7239 "refcnt++:%d SA:0x%llx\n", sav->refcnt,
7240 (uint64_t)VM_KERNEL_ADDRPERM(sav)));
7241 return sav;
7242 }
7243 }
7244
7245 return NULL;
7246 }
7247 #endif
7248
7249 /*
7250 * SADB_ADD processing
7251 * add a entry to SA database, when received
7252 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
7253 * key(AE), (identity(SD),) (sensitivity)>
7254 * from the ikmpd,
7255 * and send
7256 * <base, SA, (SA2), (lifetime(HSC),) address(SD), (address(P),)
7257 * (identity(SD),) (sensitivity)>
7258 * to the ikmpd.
7259 *
7260 * IGNORE identity and sensitivity messages.
7261 *
7262 * m will always be freed.
7263 */
7264 static int
7265 key_add(
7266 struct socket *so,
7267 struct mbuf *m,
7268 const struct sadb_msghdr *mhp)
7269 {
7270 struct sadb_sa *sa0;
7271 struct sadb_address *src0, *dst0;
7272 ifnet_t ipsec_if = NULL;
7273 struct secasindex saidx;
7274 struct secashead *newsah;
7275 struct secasvar *newsav;
7276 u_int16_t proto;
7277 u_int8_t mode;
7278 u_int32_t reqid;
7279 int error;
7280
7281 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
7282
7283 /* sanity check */
7284 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7285 panic("key_add: NULL pointer is passed.\n");
7286
7287 /* map satype to proto */
7288 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7289 ipseclog((LOG_DEBUG, "key_add: invalid satype is passed.\n"));
7290 bzero_keys(mhp);
7291 return key_senderror(so, m, EINVAL);
7292 }
7293
7294 if (mhp->ext[SADB_EXT_SA] == NULL ||
7295 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
7296 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
7297 (mhp->msg->sadb_msg_satype == SADB_SATYPE_ESP &&
7298 mhp->ext[SADB_EXT_KEY_ENCRYPT] == NULL) ||
7299 (mhp->msg->sadb_msg_satype == SADB_SATYPE_AH &&
7300 mhp->ext[SADB_EXT_KEY_AUTH] == NULL) ||
7301 (mhp->ext[SADB_EXT_LIFETIME_HARD] != NULL &&
7302 mhp->ext[SADB_EXT_LIFETIME_SOFT] == NULL) ||
7303 (mhp->ext[SADB_EXT_LIFETIME_HARD] == NULL &&
7304 mhp->ext[SADB_EXT_LIFETIME_SOFT] != NULL)) {
7305 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
7306 bzero_keys(mhp);
7307 return key_senderror(so, m, EINVAL);
7308 }
7309 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
7310 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
7311 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
7312 /* XXX need more */
7313 ipseclog((LOG_DEBUG, "key_add: invalid message is passed.\n"));
7314 bzero_keys(mhp);
7315 return key_senderror(so, m, EINVAL);
7316 }
7317 if (mhp->ext[SADB_X_EXT_SA2] != NULL) {
7318 mode = ((struct sadb_x_sa2 *)
7319 (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_mode;
7320 reqid = ((struct sadb_x_sa2 *)
7321 (void *)mhp->ext[SADB_X_EXT_SA2])->sadb_x_sa2_reqid;
7322 } else {
7323 mode = IPSEC_MODE_ANY;
7324 reqid = 0;
7325 }
7326
7327 sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
7328 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
7329 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
7330 ipsec_if = key_get_ipsec_if_from_message(mhp, SADB_X_EXT_IPSECIF);
7331
7332 /* XXX boundary check against sa_len */
7333 KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
7334
7335 lck_mtx_lock(sadb_mutex);
7336
7337 /* get a SA header */
7338 if ((newsah = key_getsah(&saidx)) == NULL) {
7339 /* create a new SA header: key_addspi is always used for outbound spi */
7340 if ((newsah = key_newsah(&saidx, ipsec_if, key_get_outgoing_ifindex_from_message(mhp, SADB_X_EXT_IPSECIF), IPSEC_DIR_OUTBOUND)) == NULL) {
7341 lck_mtx_unlock(sadb_mutex);
7342 ipseclog((LOG_DEBUG, "key_add: No more memory.\n"));
7343 bzero_keys(mhp);
7344 return key_senderror(so, m, ENOBUFS);
7345 }
7346 }
7347
7348 /* set spidx if there */
7349 /* XXX rewrite */
7350 error = key_setident(newsah, m, mhp);
7351 if (error) {
7352 lck_mtx_unlock(sadb_mutex);
7353 bzero_keys(mhp);
7354 return key_senderror(so, m, error);
7355 }
7356
7357 /* create new SA entry. */
7358 /* We can create new SA only if SPI is different. */
7359 if (key_getsavbyspi(newsah, sa0->sadb_sa_spi)) {
7360 lck_mtx_unlock(sadb_mutex);
7361 ipseclog((LOG_DEBUG, "key_add: SA already exists.\n"));
7362 bzero_keys(mhp);
7363 return key_senderror(so, m, EEXIST);
7364 }
7365 newsav = key_newsav(m, mhp, newsah, &error, so);
7366 if (newsav == NULL) {
7367 lck_mtx_unlock(sadb_mutex);
7368 bzero_keys(mhp);
7369 return key_senderror(so, m, error);
7370 }
7371
7372 /*
7373 * Verify if SADB_X_EXT_NATT_MULTIPLEUSERS flag is set that
7374 * this SA is for transport mode - otherwise clear it.
7375 */
7376 if ((newsav->flags & SADB_X_EXT_NATT_MULTIPLEUSERS) != 0 &&
7377 (newsah->saidx.mode != IPSEC_MODE_TRANSPORT ||
7378 newsah->saidx.dst.ss_family != AF_INET))
7379 newsav->flags &= ~SADB_X_EXT_NATT_MULTIPLEUSERS;
7380
7381 /* check SA values to be mature. */
7382 if ((error = key_mature(newsav)) != 0) {
7383 key_freesav(newsav, KEY_SADB_LOCKED);
7384 lck_mtx_unlock(sadb_mutex);
7385 bzero_keys(mhp);
7386 return key_senderror(so, m, error);
7387 }
7388
7389 lck_mtx_unlock(sadb_mutex);
7390
7391 /*
7392 * don't call key_freesav() here, as we would like to keep the SA
7393 * in the database on success.
7394 */
7395
7396 {
7397 struct mbuf *n;
7398
7399 /* set msg buf from mhp */
7400 n = key_getmsgbuf_x1(m, mhp);
7401 if (n == NULL) {
7402 ipseclog((LOG_DEBUG, "key_update: No more memory.\n"));
7403 bzero_keys(mhp);
7404 return key_senderror(so, m, ENOBUFS);
7405 }
7406
7407 // mh.ext points to the mbuf content.
7408 // Zero out Encryption and Integrity keys if present.
7409 bzero_keys(mhp);
7410 m_freem(m);
7411 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
7412 }
7413 }
7414
7415 /* m is retained */
7416 static int
7417 key_setident(
7418 struct secashead *sah,
7419 struct mbuf *m,
7420 const struct sadb_msghdr *mhp)
7421 {
7422 const struct sadb_ident *idsrc, *iddst;
7423 int idsrclen, iddstlen;
7424
7425 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
7426
7427 /* sanity check */
7428 if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7429 panic("key_setident: NULL pointer is passed.\n");
7430
7431 /* don't make buffer if not there */
7432 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL &&
7433 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
7434 sah->idents = NULL;
7435 sah->identd = NULL;
7436 return 0;
7437 }
7438
7439 if (mhp->ext[SADB_EXT_IDENTITY_SRC] == NULL ||
7440 mhp->ext[SADB_EXT_IDENTITY_DST] == NULL) {
7441 ipseclog((LOG_DEBUG, "key_setident: invalid identity.\n"));
7442 return EINVAL;
7443 }
7444
7445 idsrc = (const struct sadb_ident *)
7446 (void *)mhp->ext[SADB_EXT_IDENTITY_SRC];
7447 iddst = (const struct sadb_ident *)
7448 (void *)mhp->ext[SADB_EXT_IDENTITY_DST];
7449 idsrclen = mhp->extlen[SADB_EXT_IDENTITY_SRC];
7450 iddstlen = mhp->extlen[SADB_EXT_IDENTITY_DST];
7451
7452 /* validity check */
7453 if (idsrc->sadb_ident_type != iddst->sadb_ident_type) {
7454 ipseclog((LOG_DEBUG, "key_setident: ident type mismatch.\n"));
7455 return EINVAL;
7456 }
7457
7458 switch (idsrc->sadb_ident_type) {
7459 case SADB_IDENTTYPE_PREFIX:
7460 case SADB_IDENTTYPE_FQDN:
7461 case SADB_IDENTTYPE_USERFQDN:
7462 default:
7463 /* XXX do nothing */
7464 sah->idents = NULL;
7465 sah->identd = NULL;
7466 return 0;
7467 }
7468
7469 /* make structure */
7470 KMALLOC_NOWAIT(sah->idents, struct sadb_ident *, idsrclen);
7471 if (sah->idents == NULL) {
7472 lck_mtx_unlock(sadb_mutex);
7473 KMALLOC_WAIT(sah->idents, struct sadb_ident *, idsrclen);
7474 lck_mtx_lock(sadb_mutex);
7475 if (sah->idents == NULL) {
7476 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
7477 return ENOBUFS;
7478 }
7479 }
7480 KMALLOC_NOWAIT(sah->identd, struct sadb_ident *, iddstlen);
7481 if (sah->identd == NULL) {
7482 lck_mtx_unlock(sadb_mutex);
7483 KMALLOC_WAIT(sah->identd, struct sadb_ident *, iddstlen);
7484 lck_mtx_lock(sadb_mutex);
7485 if (sah->identd == NULL) {
7486 KFREE(sah->idents);
7487 sah->idents = NULL;
7488 ipseclog((LOG_DEBUG, "key_setident: No more memory.\n"));
7489 return ENOBUFS;
7490 }
7491 }
7492 bcopy(idsrc, sah->idents, idsrclen);
7493 bcopy(iddst, sah->identd, iddstlen);
7494
7495 return 0;
7496 }
7497
7498 /*
7499 * m will not be freed on return.
7500 * it is caller's responsibility to free the result.
7501 */
7502 static struct mbuf *
7503 key_getmsgbuf_x1(
7504 struct mbuf *m,
7505 const struct sadb_msghdr *mhp)
7506 {
7507 struct mbuf *n;
7508 int mbufItems[] = {SADB_EXT_RESERVED, SADB_EXT_SA,
7509 SADB_X_EXT_SA2, SADB_EXT_ADDRESS_SRC,
7510 SADB_EXT_ADDRESS_DST, SADB_EXT_LIFETIME_HARD,
7511 SADB_EXT_LIFETIME_SOFT, SADB_EXT_IDENTITY_SRC,
7512 SADB_EXT_IDENTITY_DST};
7513
7514 /* sanity check */
7515 if (m == NULL || mhp == NULL || mhp->msg == NULL)
7516 panic("key_getmsgbuf_x1: NULL pointer is passed.\n");
7517
7518 /* create new sadb_msg to reply. */
7519 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
7520 if (!n)
7521 return NULL;
7522
7523 if (n->m_len < sizeof(struct sadb_msg)) {
7524 n = m_pullup(n, sizeof(struct sadb_msg));
7525 if (n == NULL)
7526 return NULL;
7527 }
7528 mtod(n, struct sadb_msg *)->sadb_msg_errno = 0;
7529 mtod(n, struct sadb_msg *)->sadb_msg_len =
7530 PFKEY_UNIT64(n->m_pkthdr.len);
7531
7532 return n;
7533 }
7534
7535 static int key_delete_all(struct socket *, struct mbuf *,
7536 const struct sadb_msghdr *, u_int16_t);
7537
7538 /*
7539 * SADB_DELETE processing
7540 * receive
7541 * <base, SA(*), address(SD)>
7542 * from the ikmpd, and set SADB_SASTATE_DEAD,
7543 * and send,
7544 * <base, SA(*), address(SD)>
7545 * to the ikmpd.
7546 *
7547 * m will always be freed.
7548 */
7549 static int
7550 key_delete(
7551 struct socket *so,
7552 struct mbuf *m,
7553 const struct sadb_msghdr *mhp)
7554 {
7555 struct sadb_sa *sa0;
7556 struct sadb_address *src0, *dst0;
7557 ifnet_t ipsec_if = NULL;
7558 struct secasindex saidx;
7559 struct secashead *sah;
7560 struct secasvar *sav = NULL;
7561 u_int16_t proto;
7562
7563 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
7564
7565 /* sanity check */
7566 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7567 panic("key_delete: NULL pointer is passed.\n");
7568
7569 /* map satype to proto */
7570 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7571 ipseclog((LOG_DEBUG, "key_delete: invalid satype is passed.\n"));
7572 return key_senderror(so, m, EINVAL);
7573 }
7574
7575 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
7576 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
7577 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
7578 return key_senderror(so, m, EINVAL);
7579 }
7580
7581 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
7582 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
7583 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
7584 return key_senderror(so, m, EINVAL);
7585 }
7586
7587 lck_mtx_lock(sadb_mutex);
7588
7589 if (mhp->ext[SADB_EXT_SA] == NULL) {
7590 /*
7591 * Caller wants us to delete all non-LARVAL SAs
7592 * that match the src/dst. This is used during
7593 * IKE INITIAL-CONTACT.
7594 */
7595 ipseclog((LOG_DEBUG, "key_delete: doing delete all.\n"));
7596 /* key_delete_all will unlock sadb_mutex */
7597 return key_delete_all(so, m, mhp, proto);
7598 } else if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa)) {
7599 lck_mtx_unlock(sadb_mutex);
7600 ipseclog((LOG_DEBUG, "key_delete: invalid message is passed.\n"));
7601 return key_senderror(so, m, EINVAL);
7602 }
7603
7604 sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
7605 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
7606 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
7607 ipsec_if = key_get_ipsec_if_from_message(mhp, SADB_X_EXT_IPSECIF);
7608
7609 /* XXX boundary check against sa_len */
7610 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
7611
7612 /* get a SA header */
7613 LIST_FOREACH(sah, &sahtree, chain) {
7614 if (sah->state == SADB_SASTATE_DEAD)
7615 continue;
7616 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
7617 continue;
7618
7619 /* get a SA with SPI. */
7620 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
7621 if (sav)
7622 break;
7623 }
7624 if (sah == NULL) {
7625 lck_mtx_unlock(sadb_mutex);
7626 ipseclog((LOG_DEBUG, "key_delete: no SA found.\n"));
7627 return key_senderror(so, m, ENOENT);
7628 }
7629
7630 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
7631 key_freesav(sav, KEY_SADB_LOCKED);
7632
7633 lck_mtx_unlock(sadb_mutex);
7634 sav = NULL;
7635
7636 {
7637 struct mbuf *n;
7638 struct sadb_msg *newmsg;
7639 int mbufItems[] = {SADB_EXT_RESERVED, SADB_EXT_SA,
7640 SADB_EXT_ADDRESS_SRC, SADB_EXT_ADDRESS_DST};
7641
7642 /* create new sadb_msg to reply. */
7643 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
7644 if (!n)
7645 return key_senderror(so, m, ENOBUFS);
7646
7647 if (n->m_len < sizeof(struct sadb_msg)) {
7648 n = m_pullup(n, sizeof(struct sadb_msg));
7649 if (n == NULL)
7650 return key_senderror(so, m, ENOBUFS);
7651 }
7652 newmsg = mtod(n, struct sadb_msg *);
7653 newmsg->sadb_msg_errno = 0;
7654 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
7655
7656 m_freem(m);
7657 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
7658 }
7659 }
7660
7661 /*
7662 * delete all SAs for src/dst. Called from key_delete().
7663 */
7664 static int
7665 key_delete_all(
7666 struct socket *so,
7667 struct mbuf *m,
7668 const struct sadb_msghdr *mhp,
7669 u_int16_t proto)
7670 {
7671 struct sadb_address *src0, *dst0;
7672 ifnet_t ipsec_if = NULL;
7673 struct secasindex saidx;
7674 struct secashead *sah;
7675 struct secasvar *sav, *nextsav;
7676 u_int stateidx, state;
7677
7678 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
7679
7680 src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
7681 dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
7682 ipsec_if = key_get_ipsec_if_from_message(mhp, SADB_X_EXT_IPSECIF);
7683
7684 /* XXX boundary check against sa_len */
7685 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
7686
7687 LIST_FOREACH(sah, &sahtree, chain) {
7688 if (sah->state == SADB_SASTATE_DEAD)
7689 continue;
7690 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
7691 continue;
7692
7693 /* Delete all non-LARVAL SAs. */
7694 for (stateidx = 0;
7695 stateidx < _ARRAYLEN(saorder_state_alive);
7696 stateidx++) {
7697 state = saorder_state_alive[stateidx];
7698 if (state == SADB_SASTATE_LARVAL)
7699 continue;
7700 for (sav = LIST_FIRST(&sah->savtree[state]);
7701 sav != NULL; sav = nextsav) {
7702 nextsav = LIST_NEXT(sav, chain);
7703 /* sanity check */
7704 if (sav->state != state) {
7705 ipseclog((LOG_DEBUG, "key_delete_all: "
7706 "invalid sav->state "
7707 "(queue: %d SA: %d)\n",
7708 state, sav->state));
7709 continue;
7710 }
7711
7712 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
7713 key_freesav(sav, KEY_SADB_LOCKED);
7714 }
7715 }
7716 }
7717 lck_mtx_unlock(sadb_mutex);
7718
7719 {
7720 struct mbuf *n;
7721 struct sadb_msg *newmsg;
7722 int mbufItems[] = {SADB_EXT_RESERVED, SADB_EXT_ADDRESS_SRC,
7723 SADB_EXT_ADDRESS_DST};
7724
7725 /* create new sadb_msg to reply. */
7726 n = key_gather_mbuf(m, mhp, 1, sizeof(mbufItems)/sizeof(int), mbufItems);
7727 if (!n)
7728 return key_senderror(so, m, ENOBUFS);
7729
7730 if (n->m_len < sizeof(struct sadb_msg)) {
7731 n = m_pullup(n, sizeof(struct sadb_msg));
7732 if (n == NULL)
7733 return key_senderror(so, m, ENOBUFS);
7734 }
7735 newmsg = mtod(n, struct sadb_msg *);
7736 newmsg->sadb_msg_errno = 0;
7737 newmsg->sadb_msg_len = PFKEY_UNIT64(n->m_pkthdr.len);
7738
7739 m_freem(m);
7740 return key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
7741 }
7742 }
7743
7744 /*
7745 * SADB_GET processing
7746 * receive
7747 * <base, SA(*), address(SD)>
7748 * from the ikmpd, and get a SP and a SA to respond,
7749 * and send,
7750 * <base, SA, (lifetime(HSC),) address(SD), (address(P),) key(AE),
7751 * (identity(SD),) (sensitivity)>
7752 * to the ikmpd.
7753 *
7754 * m will always be freed.
7755 */
7756 static int
7757 key_get(
7758 struct socket *so,
7759 struct mbuf *m,
7760 const struct sadb_msghdr *mhp)
7761 {
7762 struct sadb_sa *sa0;
7763 struct sadb_address *src0, *dst0;
7764 ifnet_t ipsec_if = NULL;
7765 struct secasindex saidx;
7766 struct secashead *sah;
7767 struct secasvar *sav = NULL;
7768 u_int16_t proto;
7769
7770 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
7771
7772 /* sanity check */
7773 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
7774 panic("key_get: NULL pointer is passed.\n");
7775
7776 /* map satype to proto */
7777 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
7778 ipseclog((LOG_DEBUG, "key_get: invalid satype is passed.\n"));
7779 return key_senderror(so, m, EINVAL);
7780 }
7781
7782 if (mhp->ext[SADB_EXT_SA] == NULL ||
7783 mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
7784 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL) {
7785 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
7786 return key_senderror(so, m, EINVAL);
7787 }
7788 if (mhp->extlen[SADB_EXT_SA] < sizeof(struct sadb_sa) ||
7789 mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
7790 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address)) {
7791 ipseclog((LOG_DEBUG, "key_get: invalid message is passed.\n"));
7792 return key_senderror(so, m, EINVAL);
7793 }
7794
7795 sa0 = (struct sadb_sa *)(void *)mhp->ext[SADB_EXT_SA];
7796 src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
7797 dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
7798 ipsec_if = key_get_ipsec_if_from_message(mhp, SADB_X_EXT_IPSECIF);
7799
7800 /* XXX boundary check against sa_len */
7801 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
7802
7803 lck_mtx_lock(sadb_mutex);
7804
7805 /* get a SA header */
7806 LIST_FOREACH(sah, &sahtree, chain) {
7807 if (sah->state == SADB_SASTATE_DEAD)
7808 continue;
7809 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_HEAD) == 0)
7810 continue;
7811
7812 /* get a SA with SPI. */
7813 sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
7814 if (sav)
7815 break;
7816 }
7817 if (sah == NULL) {
7818 lck_mtx_unlock(sadb_mutex);
7819 ipseclog((LOG_DEBUG, "key_get: no SA found.\n"));
7820 return key_senderror(so, m, ENOENT);
7821 }
7822
7823 {
7824 struct mbuf *n;
7825 u_int8_t satype;
7826
7827 /* map proto to satype */
7828 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
7829 lck_mtx_unlock(sadb_mutex);
7830 ipseclog((LOG_DEBUG, "key_get: there was invalid proto in SAD.\n"));
7831 return key_senderror(so, m, EINVAL);
7832 }
7833 lck_mtx_unlock(sadb_mutex);
7834
7835 /* create new sadb_msg to reply. */
7836 n = key_setdumpsa(sav, SADB_GET, satype, mhp->msg->sadb_msg_seq,
7837 mhp->msg->sadb_msg_pid);
7838
7839
7840
7841 if (!n)
7842 return key_senderror(so, m, ENOBUFS);
7843
7844 m_freem(m);
7845 return key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
7846 }
7847 }
7848
7849 /*
7850 * get SA stats by spi.
7851 * OUT: -1 : not found
7852 * 0 : found, arg pointer to a SA stats is updated.
7853 */
7854 static int
7855 key_getsastatbyspi_one (u_int32_t spi,
7856 struct sastat *stat)
7857 {
7858 struct secashead *sah;
7859 struct secasvar *sav = NULL;
7860
7861 if ((void *)stat == NULL) {
7862 return -1;
7863 }
7864
7865 lck_mtx_lock(sadb_mutex);
7866
7867 /* get a SA header */
7868 LIST_FOREACH(sah, &sahtree, chain) {
7869 if (sah->state == SADB_SASTATE_DEAD)
7870 continue;
7871
7872 /* get a SA with SPI. */
7873 sav = key_getsavbyspi(sah, spi);
7874 if (sav) {
7875 stat->spi = sav->spi;
7876 stat->created = sav->created;
7877 if (sav->lft_c) {
7878 bcopy(sav->lft_c,&stat->lft_c, sizeof(stat->lft_c));
7879 } else {
7880 bzero(&stat->lft_c, sizeof(stat->lft_c));
7881 }
7882 lck_mtx_unlock(sadb_mutex);
7883 return 0;
7884 }
7885 }
7886
7887 lck_mtx_unlock(sadb_mutex);
7888
7889 return -1;
7890 }
7891
7892 /*
7893 * get SA stats collection by indices.
7894 * OUT: -1 : not found
7895 * 0 : found, arg pointers to a SA stats and 'maximum stats' are updated.
7896 */
7897 static int
7898 key_getsastatbyspi (struct sastat *stat_arg,
7899 u_int32_t max_stat_arg,
7900 struct sastat *stat_res,
7901 u_int32_t *max_stat_res)
7902 {
7903 int cur, found = 0;
7904
7905 if (stat_arg == NULL ||
7906 stat_res == NULL ||
7907 max_stat_res == NULL) {
7908 return -1;
7909 }
7910
7911 for (cur = 0; cur < max_stat_arg; cur++) {
7912 if (key_getsastatbyspi_one(stat_arg[cur].spi,
7913 &stat_res[found]) == 0) {
7914 found++;
7915 }
7916 }
7917 *max_stat_res = found;
7918
7919 if (found) {
7920 return 0;
7921 }
7922 return -1;
7923 }
7924
7925 /* XXX make it sysctl-configurable? */
7926 static void
7927 key_getcomb_setlifetime(
7928 struct sadb_comb *comb)
7929 {
7930
7931 comb->sadb_comb_soft_allocations = 1;
7932 comb->sadb_comb_hard_allocations = 1;
7933 comb->sadb_comb_soft_bytes = 0;
7934 comb->sadb_comb_hard_bytes = 0;
7935 comb->sadb_comb_hard_addtime = 86400; /* 1 day */
7936 comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100;
7937 comb->sadb_comb_soft_usetime = 28800; /* 8 hours */
7938 comb->sadb_comb_hard_usetime = comb->sadb_comb_hard_usetime * 80 / 100;
7939 }
7940
7941 #if IPSEC_ESP
7942 /*
7943 * XXX reorder combinations by preference
7944 * XXX no idea if the user wants ESP authentication or not
7945 */
7946 static struct mbuf *
7947 key_getcomb_esp(void)
7948 {
7949 struct sadb_comb *comb;
7950 const struct esp_algorithm *algo;
7951 struct mbuf *result = NULL, *m, *n;
7952 int encmin;
7953 int i, off, o;
7954 int totlen;
7955 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
7956
7957 m = NULL;
7958 for (i = 1; i <= SADB_EALG_MAX; i++) {
7959 algo = esp_algorithm_lookup(i);
7960 if (!algo)
7961 continue;
7962
7963 if (algo->keymax < ipsec_esp_keymin)
7964 continue;
7965 if (algo->keymin < ipsec_esp_keymin)
7966 encmin = ipsec_esp_keymin;
7967 else
7968 encmin = algo->keymin;
7969
7970 if (ipsec_esp_auth)
7971 m = key_getcomb_ah();
7972 else {
7973 #if DIAGNOSTIC
7974 if (l > MLEN)
7975 panic("assumption failed in key_getcomb_esp");
7976 #endif
7977 MGET(m, M_WAITOK, MT_DATA);
7978 if (m) {
7979 M_ALIGN(m, l);
7980 m->m_len = l;
7981 m->m_next = NULL;
7982 bzero(mtod(m, caddr_t), m->m_len);
7983 }
7984 }
7985 if (!m)
7986 goto fail;
7987
7988 totlen = 0;
7989 for (n = m; n; n = n->m_next)
7990 totlen += n->m_len;
7991 #if DIAGNOSTIC
7992 if (totlen % l)
7993 panic("assumption failed in key_getcomb_esp");
7994 #endif
7995
7996 for (off = 0; off < totlen; off += l) {
7997 n = m_pulldown(m, off, l, &o);
7998 if (!n) {
7999 /* m is already freed */
8000 goto fail;
8001 }
8002 comb = (struct sadb_comb *)
8003 (void *)(mtod(n, caddr_t) + o);
8004 bzero(comb, sizeof(*comb));
8005 key_getcomb_setlifetime(comb);
8006 comb->sadb_comb_encrypt = i;
8007 comb->sadb_comb_encrypt_minbits = encmin;
8008 comb->sadb_comb_encrypt_maxbits = algo->keymax;
8009 }
8010
8011 if (!result)
8012 result = m;
8013 else
8014 m_cat(result, m);
8015 }
8016
8017 return result;
8018
8019 fail:
8020 if (result)
8021 m_freem(result);
8022 return NULL;
8023 }
8024 #endif
8025
8026 /*
8027 * XXX reorder combinations by preference
8028 */
8029 static struct mbuf *
8030 key_getcomb_ah(void)
8031 {
8032 struct sadb_comb *comb;
8033 const struct ah_algorithm *algo;
8034 struct mbuf *m;
8035 int keymin;
8036 int i;
8037 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
8038
8039 m = NULL;
8040 for (i = 1; i <= SADB_AALG_MAX; i++) {
8041 #if 1
8042 /* we prefer HMAC algorithms, not old algorithms */
8043 if (i != SADB_AALG_SHA1HMAC && i != SADB_AALG_MD5HMAC)
8044 continue;
8045 #endif
8046 algo = ah_algorithm_lookup(i);
8047 if (!algo)
8048 continue;
8049
8050 if (algo->keymax < ipsec_ah_keymin)
8051 continue;
8052 if (algo->keymin < ipsec_ah_keymin)
8053 keymin = ipsec_ah_keymin;
8054 else
8055 keymin = algo->keymin;
8056
8057 if (!m) {
8058 #if DIAGNOSTIC
8059 if (l > MLEN)
8060 panic("assumption failed in key_getcomb_ah");
8061 #endif
8062 MGET(m, M_WAITOK, MT_DATA);
8063 if (m) {
8064 M_ALIGN(m, l);
8065 m->m_len = l;
8066 m->m_next = NULL;
8067 }
8068 } else
8069 M_PREPEND(m, l, M_WAITOK, 1);
8070 if (!m)
8071 return NULL;
8072
8073 comb = mtod(m, struct sadb_comb *);
8074 bzero(comb, sizeof(*comb));
8075 key_getcomb_setlifetime(comb);
8076 comb->sadb_comb_auth = i;
8077 comb->sadb_comb_auth_minbits = keymin;
8078 comb->sadb_comb_auth_maxbits = algo->keymax;
8079 }
8080
8081 return m;
8082 }
8083
8084 /*
8085 * not really an official behavior. discussed in pf_key@inner.net in Sep2000.
8086 * XXX reorder combinations by preference
8087 */
8088 static struct mbuf *
8089 key_getcomb_ipcomp(void)
8090 {
8091 struct sadb_comb *comb;
8092 const struct ipcomp_algorithm *algo;
8093 struct mbuf *m;
8094 int i;
8095 const int l = PFKEY_ALIGN8(sizeof(struct sadb_comb));
8096
8097 m = NULL;
8098 for (i = 1; i <= SADB_X_CALG_MAX; i++) {
8099 algo = ipcomp_algorithm_lookup(i);
8100 if (!algo)
8101 continue;
8102
8103 if (!m) {
8104 #if DIAGNOSTIC
8105 if (l > MLEN)
8106 panic("assumption failed in key_getcomb_ipcomp");
8107 #endif
8108 MGET(m, M_WAITOK, MT_DATA);
8109 if (m) {
8110 M_ALIGN(m, l);
8111 m->m_len = l;
8112 m->m_next = NULL;
8113 }
8114 } else
8115 M_PREPEND(m, l, M_WAITOK, 1);
8116 if (!m)
8117 return NULL;
8118
8119 comb = mtod(m, struct sadb_comb *);
8120 bzero(comb, sizeof(*comb));
8121 key_getcomb_setlifetime(comb);
8122 comb->sadb_comb_encrypt = i;
8123 /* what should we set into sadb_comb_*_{min,max}bits? */
8124 }
8125
8126 return m;
8127 }
8128
8129 /*
8130 * XXX no way to pass mode (transport/tunnel) to userland
8131 * XXX replay checking?
8132 * XXX sysctl interface to ipsec_{ah,esp}_keymin
8133 */
8134 static struct mbuf *
8135 key_getprop(
8136 const struct secasindex *saidx)
8137 {
8138 struct sadb_prop *prop;
8139 struct mbuf *m, *n;
8140 const int l = PFKEY_ALIGN8(sizeof(struct sadb_prop));
8141 int totlen;
8142
8143 switch (saidx->proto) {
8144 #if IPSEC_ESP
8145 case IPPROTO_ESP:
8146 m = key_getcomb_esp();
8147 break;
8148 #endif
8149 case IPPROTO_AH:
8150 m = key_getcomb_ah();
8151 break;
8152 case IPPROTO_IPCOMP:
8153 m = key_getcomb_ipcomp();
8154 break;
8155 default:
8156 return NULL;
8157 }
8158
8159 if (!m)
8160 return NULL;
8161 M_PREPEND(m, l, M_WAITOK, 1);
8162 if (!m)
8163 return NULL;
8164
8165 totlen = 0;
8166 for (n = m; n; n = n->m_next)
8167 totlen += n->m_len;
8168
8169 prop = mtod(m, struct sadb_prop *);
8170 bzero(prop, sizeof(*prop));
8171 prop->sadb_prop_len = PFKEY_UNIT64(totlen);
8172 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
8173 prop->sadb_prop_replay = 32; /* XXX */
8174
8175 return m;
8176 }
8177
8178 /*
8179 * SADB_ACQUIRE processing called by key_checkrequest() and key_acquire2().
8180 * send
8181 * <base, SA, address(SD), (address(P)), x_policy,
8182 * (identity(SD),) (sensitivity,) proposal>
8183 * to KMD, and expect to receive
8184 * <base> with SADB_ACQUIRE if error occurred,
8185 * or
8186 * <base, src address, dst address, (SPI range)> with SADB_GETSPI
8187 * from KMD by PF_KEY.
8188 *
8189 * XXX x_policy is outside of RFC2367 (KAME extension).
8190 * XXX sensitivity is not supported.
8191 * XXX for ipcomp, RFC2367 does not define how to fill in proposal.
8192 * see comment for key_getcomb_ipcomp().
8193 *
8194 * OUT:
8195 * 0 : succeed
8196 * others: error number
8197 */
8198 static int
8199 key_acquire(
8200 struct secasindex *saidx,
8201 struct secpolicy *sp)
8202 {
8203 struct mbuf *result = NULL, *m;
8204 #ifndef IPSEC_NONBLOCK_ACQUIRE
8205 struct secacq *newacq;
8206 #endif
8207 u_int8_t satype;
8208 int error = -1;
8209 u_int32_t seq;
8210
8211 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
8212
8213 /* sanity check */
8214 if (saidx == NULL)
8215 panic("key_acquire: NULL pointer is passed.\n");
8216 if ((satype = key_proto2satype(saidx->proto)) == 0)
8217 panic("key_acquire: invalid proto is passed.\n");
8218
8219 #ifndef IPSEC_NONBLOCK_ACQUIRE
8220 /*
8221 * We never do anything about acquirng SA. There is anather
8222 * solution that kernel blocks to send SADB_ACQUIRE message until
8223 * getting something message from IKEd. In later case, to be
8224 * managed with ACQUIRING list.
8225 */
8226 /* get a entry to check whether sending message or not. */
8227 lck_mtx_lock(sadb_mutex);
8228 if ((newacq = key_getacq(saidx)) != NULL) {
8229 if (key_blockacq_count < newacq->count) {
8230 /* reset counter and do send message. */
8231 newacq->count = 0;
8232 } else {
8233 /* increment counter and do nothing. */
8234 newacq->count++;
8235 lck_mtx_unlock(sadb_mutex);
8236 return 0;
8237 }
8238 } else {
8239 /* make new entry for blocking to send SADB_ACQUIRE. */
8240 if ((newacq = key_newacq(saidx)) == NULL) {
8241 lck_mtx_unlock(sadb_mutex);
8242 return ENOBUFS;
8243 }
8244
8245 /* add to acqtree */
8246 LIST_INSERT_HEAD(&acqtree, newacq, chain);
8247 key_start_timehandler();
8248 }
8249 seq = newacq->seq;
8250 lck_mtx_unlock(sadb_mutex);
8251
8252 #else
8253 seq = (acq_seq = (acq_seq == ~0 ? 1 : ++acq_seq));
8254 #endif
8255 m = key_setsadbmsg(SADB_ACQUIRE, 0, satype, seq, 0, 0);
8256 if (!m) {
8257 error = ENOBUFS;
8258 goto fail;
8259 }
8260 result = m;
8261
8262 /* set sadb_address for saidx's. */
8263 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
8264 (struct sockaddr *)&saidx->src, FULLMASK, IPSEC_ULPROTO_ANY);
8265 if (!m) {
8266 error = ENOBUFS;
8267 goto fail;
8268 }
8269 m_cat(result, m);
8270
8271 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
8272 (struct sockaddr *)&saidx->dst, FULLMASK, IPSEC_ULPROTO_ANY);
8273 if (!m) {
8274 error = ENOBUFS;
8275 goto fail;
8276 }
8277 m_cat(result, m);
8278
8279 /* XXX proxy address (optional) */
8280
8281 /* set sadb_x_policy */
8282 if (sp) {
8283 m = key_setsadbxpolicy(sp->policy, sp->spidx.dir, sp->id);
8284 if (!m) {
8285 error = ENOBUFS;
8286 goto fail;
8287 }
8288 m_cat(result, m);
8289 }
8290
8291 /* XXX identity (optional) */
8292 #if 0
8293 if (idexttype && fqdn) {
8294 /* create identity extension (FQDN) */
8295 struct sadb_ident *id;
8296 int fqdnlen;
8297
8298 fqdnlen = strlen(fqdn) + 1; /* +1 for terminating-NUL */
8299 id = (struct sadb_ident *)p;
8300 bzero(id, sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
8301 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(fqdnlen));
8302 id->sadb_ident_exttype = idexttype;
8303 id->sadb_ident_type = SADB_IDENTTYPE_FQDN;
8304 bcopy(fqdn, id + 1, fqdnlen);
8305 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(fqdnlen);
8306 }
8307
8308 if (idexttype) {
8309 /* create identity extension (USERFQDN) */
8310 struct sadb_ident *id;
8311 int userfqdnlen;
8312
8313 if (userfqdn) {
8314 /* +1 for terminating-NUL */
8315 userfqdnlen = strlen(userfqdn) + 1;
8316 } else
8317 userfqdnlen = 0;
8318 id = (struct sadb_ident *)p;
8319 bzero(id, sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
8320 id->sadb_ident_len = PFKEY_UNIT64(sizeof(*id) + PFKEY_ALIGN8(userfqdnlen));
8321 id->sadb_ident_exttype = idexttype;
8322 id->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
8323 /* XXX is it correct? */
8324 if (curproc && curproc->p_cred)
8325 id->sadb_ident_id = curproc->p_cred->p_ruid;
8326 if (userfqdn && userfqdnlen)
8327 bcopy(userfqdn, id + 1, userfqdnlen);
8328 p += sizeof(struct sadb_ident) + PFKEY_ALIGN8(userfqdnlen);
8329 }
8330 #endif
8331
8332 /* XXX sensitivity (optional) */
8333
8334 /* create proposal/combination extension */
8335 m = key_getprop(saidx);
8336 #if 0
8337 /*
8338 * spec conformant: always attach proposal/combination extension,
8339 * the problem is that we have no way to attach it for ipcomp,
8340 * due to the way sadb_comb is declared in RFC2367.
8341 */
8342 if (!m) {
8343 error = ENOBUFS;
8344 goto fail;
8345 }
8346 m_cat(result, m);
8347 #else
8348 /*
8349 * outside of spec; make proposal/combination extension optional.
8350 */
8351 if (m)
8352 m_cat(result, m);
8353 #endif
8354
8355 if ((result->m_flags & M_PKTHDR) == 0) {
8356 error = EINVAL;
8357 goto fail;
8358 }
8359
8360 if (result->m_len < sizeof(struct sadb_msg)) {
8361 result = m_pullup(result, sizeof(struct sadb_msg));
8362 if (result == NULL) {
8363 error = ENOBUFS;
8364 goto fail;
8365 }
8366 }
8367
8368 result->m_pkthdr.len = 0;
8369 for (m = result; m; m = m->m_next)
8370 result->m_pkthdr.len += m->m_len;
8371
8372 mtod(result, struct sadb_msg *)->sadb_msg_len =
8373 PFKEY_UNIT64(result->m_pkthdr.len);
8374
8375 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
8376
8377 fail:
8378 if (result)
8379 m_freem(result);
8380 return error;
8381 }
8382
8383 #ifndef IPSEC_NONBLOCK_ACQUIRE
8384 static struct secacq *
8385 key_newacq(
8386 struct secasindex *saidx)
8387 {
8388 struct secacq *newacq;
8389 struct timeval tv;
8390
8391 /* get new entry */
8392 KMALLOC_NOWAIT(newacq, struct secacq *, sizeof(struct secacq));
8393 if (newacq == NULL) {
8394 lck_mtx_unlock(sadb_mutex);
8395 KMALLOC_WAIT(newacq, struct secacq *, sizeof(struct secacq));
8396 lck_mtx_lock(sadb_mutex);
8397 if (newacq == NULL) {
8398 ipseclog((LOG_DEBUG, "key_newacq: No more memory.\n"));
8399 return NULL;
8400 }
8401 }
8402 bzero(newacq, sizeof(*newacq));
8403
8404 /* copy secindex */
8405 bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx));
8406 newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq);
8407 microtime(&tv);
8408 newacq->created = tv.tv_sec;
8409 newacq->count = 0;
8410
8411 return newacq;
8412 }
8413
8414 static struct secacq *
8415 key_getacq(
8416 struct secasindex *saidx)
8417 {
8418 struct secacq *acq;
8419
8420 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
8421
8422 LIST_FOREACH(acq, &acqtree, chain) {
8423 if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY))
8424 return acq;
8425 }
8426
8427 return NULL;
8428 }
8429
8430 static struct secacq *
8431 key_getacqbyseq(
8432 u_int32_t seq)
8433 {
8434 struct secacq *acq;
8435
8436 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
8437
8438 LIST_FOREACH(acq, &acqtree, chain) {
8439 if (acq->seq == seq)
8440 return acq;
8441 }
8442
8443 return NULL;
8444 }
8445 #endif
8446
8447 static struct secspacq *
8448 key_newspacq(
8449 struct secpolicyindex *spidx)
8450 {
8451 struct secspacq *acq;
8452 struct timeval tv;
8453
8454 /* get new entry */
8455 KMALLOC_NOWAIT(acq, struct secspacq *, sizeof(struct secspacq));
8456 if (acq == NULL) {
8457 lck_mtx_unlock(sadb_mutex);
8458 KMALLOC_WAIT(acq, struct secspacq *, sizeof(struct secspacq));
8459 lck_mtx_lock(sadb_mutex);
8460 if (acq == NULL) {
8461 ipseclog((LOG_DEBUG, "key_newspacq: No more memory.\n"));
8462 return NULL;
8463 }
8464 }
8465 bzero(acq, sizeof(*acq));
8466
8467 /* copy secindex */
8468 bcopy(spidx, &acq->spidx, sizeof(acq->spidx));
8469 microtime(&tv);
8470 acq->created = tv.tv_sec;
8471 acq->count = 0;
8472
8473 return acq;
8474 }
8475
8476 static struct secspacq *
8477 key_getspacq(
8478 struct secpolicyindex *spidx)
8479 {
8480 struct secspacq *acq;
8481
8482 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
8483
8484 LIST_FOREACH(acq, &spacqtree, chain) {
8485 if (key_cmpspidx_exactly(spidx, &acq->spidx))
8486 return acq;
8487 }
8488
8489 return NULL;
8490 }
8491
8492 /*
8493 * SADB_ACQUIRE processing,
8494 * in first situation, is receiving
8495 * <base>
8496 * from the ikmpd, and clear sequence of its secasvar entry.
8497 *
8498 * In second situation, is receiving
8499 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
8500 * from a user land process, and return
8501 * <base, address(SD), (address(P),) (identity(SD),) (sensitivity,) proposal>
8502 * to the socket.
8503 *
8504 * m will always be freed.
8505 */
8506 static int
8507 key_acquire2(
8508 struct socket *so,
8509 struct mbuf *m,
8510 const struct sadb_msghdr *mhp)
8511 {
8512 const struct sadb_address *src0, *dst0;
8513 ifnet_t ipsec_if = NULL;
8514 struct secasindex saidx;
8515 struct secashead *sah;
8516 u_int16_t proto;
8517 int error;
8518
8519
8520 /* sanity check */
8521 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
8522 panic("key_acquire2: NULL pointer is passed.\n");
8523
8524 /*
8525 * Error message from KMd.
8526 * We assume that if error was occurred in IKEd, the length of PFKEY
8527 * message is equal to the size of sadb_msg structure.
8528 * We do not raise error even if error occurred in this function.
8529 */
8530 lck_mtx_lock(sadb_mutex);
8531
8532 if (mhp->msg->sadb_msg_len == PFKEY_UNIT64(sizeof(struct sadb_msg))) {
8533 #ifndef IPSEC_NONBLOCK_ACQUIRE
8534 struct secacq *acq;
8535 struct timeval tv;
8536
8537 /* check sequence number */
8538 if (mhp->msg->sadb_msg_seq == 0) {
8539 lck_mtx_unlock(sadb_mutex);
8540 ipseclog((LOG_DEBUG, "key_acquire2: must specify sequence number.\n"));
8541 m_freem(m);
8542 return 0;
8543 }
8544
8545 if ((acq = key_getacqbyseq(mhp->msg->sadb_msg_seq)) == NULL) {
8546 /*
8547 * the specified larval SA is already gone, or we got
8548 * a bogus sequence number. we can silently ignore it.
8549 */
8550 lck_mtx_unlock(sadb_mutex);
8551 m_freem(m);
8552 return 0;
8553 }
8554
8555 /* reset acq counter in order to deletion by timehander. */
8556 microtime(&tv);
8557 acq->created = tv.tv_sec;
8558 acq->count = 0;
8559 #endif
8560 lck_mtx_unlock(sadb_mutex);
8561 m_freem(m);
8562 return 0;
8563 }
8564
8565 /*
8566 * This message is from user land.
8567 */
8568
8569 /* map satype to proto */
8570 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
8571 lck_mtx_unlock(sadb_mutex);
8572 ipseclog((LOG_DEBUG, "key_acquire2: invalid satype is passed.\n"));
8573 return key_senderror(so, m, EINVAL);
8574 }
8575
8576 if (mhp->ext[SADB_EXT_ADDRESS_SRC] == NULL ||
8577 mhp->ext[SADB_EXT_ADDRESS_DST] == NULL ||
8578 mhp->ext[SADB_EXT_PROPOSAL] == NULL) {
8579 /* error */
8580 lck_mtx_unlock(sadb_mutex);
8581 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
8582 return key_senderror(so, m, EINVAL);
8583 }
8584 if (mhp->extlen[SADB_EXT_ADDRESS_SRC] < sizeof(struct sadb_address) ||
8585 mhp->extlen[SADB_EXT_ADDRESS_DST] < sizeof(struct sadb_address) ||
8586 mhp->extlen[SADB_EXT_PROPOSAL] < sizeof(struct sadb_prop)) {
8587 /* error */
8588 lck_mtx_unlock(sadb_mutex);
8589 ipseclog((LOG_DEBUG, "key_acquire2: invalid message is passed.\n"));
8590 return key_senderror(so, m, EINVAL);
8591 }
8592
8593 src0 = (const struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
8594 dst0 = (const struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
8595 ipsec_if = key_get_ipsec_if_from_message(mhp, SADB_X_EXT_IPSECIF);
8596
8597 /* XXX boundary check against sa_len */
8598 /* cast warnings */
8599 KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, ipsec_if ? ipsec_if->if_index : 0, &saidx);
8600
8601 /* get a SA index */
8602 LIST_FOREACH(sah, &sahtree, chain) {
8603 if (sah->state == SADB_SASTATE_DEAD)
8604 continue;
8605 if (key_cmpsaidx(&sah->saidx, &saidx, CMP_MODE | CMP_REQID))
8606 break;
8607 }
8608 if (sah != NULL) {
8609 lck_mtx_unlock(sadb_mutex);
8610 ipseclog((LOG_DEBUG, "key_acquire2: a SA exists already.\n"));
8611 return key_senderror(so, m, EEXIST);
8612 }
8613 lck_mtx_unlock(sadb_mutex);
8614 error = key_acquire(&saidx, NULL);
8615 if (error != 0) {
8616 ipseclog((LOG_DEBUG, "key_acquire2: error %d returned "
8617 "from key_acquire.\n", mhp->msg->sadb_msg_errno));
8618 return key_senderror(so, m, error);
8619 }
8620
8621 return key_sendup_mbuf(so, m, KEY_SENDUP_REGISTERED);
8622 }
8623
8624 /*
8625 * SADB_REGISTER processing.
8626 * If SATYPE_UNSPEC has been passed as satype, only return sadb_supported.
8627 * receive
8628 * <base>
8629 * from the ikmpd, and register a socket to send PF_KEY messages,
8630 * and send
8631 * <base, supported>
8632 * to KMD by PF_KEY.
8633 * If socket is detached, must free from regnode.
8634 *
8635 * m will always be freed.
8636 */
8637 static int
8638 key_register(
8639 struct socket *so,
8640 struct mbuf *m,
8641 const struct sadb_msghdr *mhp)
8642 {
8643 struct secreg *reg, *newreg = 0;
8644
8645 /* sanity check */
8646 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
8647 panic("key_register: NULL pointer is passed.\n");
8648
8649 /* check for invalid register message */
8650 if (mhp->msg->sadb_msg_satype >= sizeof(regtree)/sizeof(regtree[0]))
8651 return key_senderror(so, m, EINVAL);
8652
8653 /* When SATYPE_UNSPEC is specified, only return sadb_supported. */
8654 if (mhp->msg->sadb_msg_satype == SADB_SATYPE_UNSPEC)
8655 goto setmsg;
8656
8657 /* create regnode */
8658 KMALLOC_WAIT(newreg, struct secreg *, sizeof(*newreg));
8659 if (newreg == NULL) {
8660 ipseclog((LOG_DEBUG, "key_register: No more memory.\n"));
8661 return key_senderror(so, m, ENOBUFS);
8662 }
8663 bzero((caddr_t)newreg, sizeof(*newreg));
8664
8665 lck_mtx_lock(sadb_mutex);
8666 /* check whether existing or not */
8667 LIST_FOREACH(reg, &regtree[mhp->msg->sadb_msg_satype], chain) {
8668 if (reg->so == so) {
8669 lck_mtx_unlock(sadb_mutex);
8670 ipseclog((LOG_DEBUG, "key_register: socket exists already.\n"));
8671 KFREE(newreg);
8672 return key_senderror(so, m, EEXIST);
8673 }
8674 }
8675
8676 socket_lock(so, 1);
8677 newreg->so = so;
8678 ((struct keycb *)sotorawcb(so))->kp_registered++;
8679 socket_unlock(so, 1);
8680
8681 /* add regnode to regtree. */
8682 LIST_INSERT_HEAD(&regtree[mhp->msg->sadb_msg_satype], newreg, chain);
8683 lck_mtx_unlock(sadb_mutex);
8684 setmsg:
8685 {
8686 struct mbuf *n;
8687 struct sadb_msg *newmsg;
8688 struct sadb_supported *sup;
8689 u_int len, alen, elen;
8690 int off;
8691 int i;
8692 struct sadb_alg *alg;
8693
8694 /* create new sadb_msg to reply. */
8695 alen = 0;
8696 for (i = 1; i <= SADB_AALG_MAX; i++) {
8697 if (ah_algorithm_lookup(i))
8698 alen += sizeof(struct sadb_alg);
8699 }
8700 if (alen)
8701 alen += sizeof(struct sadb_supported);
8702 elen = 0;
8703 #if IPSEC_ESP
8704 for (i = 1; i <= SADB_EALG_MAX; i++) {
8705 if (esp_algorithm_lookup(i))
8706 elen += sizeof(struct sadb_alg);
8707 }
8708 if (elen)
8709 elen += sizeof(struct sadb_supported);
8710 #endif
8711
8712 len = sizeof(struct sadb_msg) + alen + elen;
8713
8714 if (len > MCLBYTES)
8715 return key_senderror(so, m, ENOBUFS);
8716
8717 MGETHDR(n, M_WAITOK, MT_DATA);
8718 if (n && len > MHLEN) {
8719 MCLGET(n, M_WAITOK);
8720 if ((n->m_flags & M_EXT) == 0) {
8721 m_freem(n);
8722 n = NULL;
8723 }
8724 }
8725 if (!n)
8726 return key_senderror(so, m, ENOBUFS);
8727
8728 n->m_pkthdr.len = n->m_len = len;
8729 n->m_next = NULL;
8730 off = 0;
8731
8732 m_copydata(m, 0, sizeof(struct sadb_msg), mtod(n, caddr_t) + off);
8733 newmsg = mtod(n, struct sadb_msg *);
8734 newmsg->sadb_msg_errno = 0;
8735 newmsg->sadb_msg_len = PFKEY_UNIT64(len);
8736 off += PFKEY_ALIGN8(sizeof(struct sadb_msg));
8737
8738 /* for authentication algorithm */
8739 if (alen) {
8740 sup = (struct sadb_supported *)(void *)(mtod(n, caddr_t) + off);
8741 sup->sadb_supported_len = PFKEY_UNIT64(alen);
8742 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
8743 off += PFKEY_ALIGN8(sizeof(*sup));
8744
8745 for (i = 1; i <= SADB_AALG_MAX; i++) {
8746 const struct ah_algorithm *aalgo;
8747
8748 aalgo = ah_algorithm_lookup(i);
8749 if (!aalgo)
8750 continue;
8751 alg = (struct sadb_alg *)
8752 (void *)(mtod(n, caddr_t) + off);
8753 alg->sadb_alg_id = i;
8754 alg->sadb_alg_ivlen = 0;
8755 alg->sadb_alg_minbits = aalgo->keymin;
8756 alg->sadb_alg_maxbits = aalgo->keymax;
8757 off += PFKEY_ALIGN8(sizeof(*alg));
8758 }
8759 }
8760
8761 #if IPSEC_ESP
8762 /* for encryption algorithm */
8763 if (elen) {
8764 sup = (struct sadb_supported *)(void *)(mtod(n, caddr_t) + off);
8765 sup->sadb_supported_len = PFKEY_UNIT64(elen);
8766 sup->sadb_supported_exttype = SADB_EXT_SUPPORTED_ENCRYPT;
8767 off += PFKEY_ALIGN8(sizeof(*sup));
8768
8769 for (i = 1; i <= SADB_EALG_MAX; i++) {
8770 const struct esp_algorithm *ealgo;
8771
8772 ealgo = esp_algorithm_lookup(i);
8773 if (!ealgo)
8774 continue;
8775 alg = (struct sadb_alg *)
8776 (void *)(mtod(n, caddr_t) + off);
8777 alg->sadb_alg_id = i;
8778 if (ealgo && ealgo->ivlen) {
8779 /*
8780 * give NULL to get the value preferred by
8781 * algorithm XXX SADB_X_EXT_DERIV ?
8782 */
8783 alg->sadb_alg_ivlen =
8784 (*ealgo->ivlen)(ealgo, NULL);
8785 } else
8786 alg->sadb_alg_ivlen = 0;
8787 alg->sadb_alg_minbits = ealgo->keymin;
8788 alg->sadb_alg_maxbits = ealgo->keymax;
8789 off += PFKEY_ALIGN8(sizeof(struct sadb_alg));
8790 }
8791 }
8792 #endif
8793
8794 #if DIGAGNOSTIC
8795 if (off != len)
8796 panic("length assumption failed in key_register");
8797 #endif
8798
8799 m_freem(m);
8800 return key_sendup_mbuf(so, n, KEY_SENDUP_REGISTERED);
8801 }
8802 }
8803
8804 static void
8805 key_delete_all_for_socket (struct socket *so)
8806 {
8807 struct secashead *sah, *nextsah;
8808 struct secasvar *sav, *nextsav;
8809 u_int stateidx;
8810 u_int state;
8811
8812 for (sah = LIST_FIRST(&sahtree);
8813 sah != NULL;
8814 sah = nextsah) {
8815 nextsah = LIST_NEXT(sah, chain);
8816 for (stateidx = 0; stateidx < _ARRAYLEN(saorder_state_alive); stateidx++) {
8817 state = saorder_state_any[stateidx];
8818 for (sav = LIST_FIRST(&sah->savtree[state]); sav != NULL; sav = nextsav) {
8819 nextsav = LIST_NEXT(sav, chain);
8820 if (sav->flags2 & SADB_X_EXT_SA2_DELETE_ON_DETACH &&
8821 sav->so == so) {
8822 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
8823 key_freesav(sav, KEY_SADB_LOCKED);
8824 }
8825 }
8826 }
8827 }
8828 }
8829
8830 /*
8831 * free secreg entry registered.
8832 * XXX: I want to do free a socket marked done SADB_RESIGER to socket.
8833 */
8834 void
8835 key_freereg(
8836 struct socket *so)
8837 {
8838 struct secreg *reg;
8839 int i;
8840
8841 /* sanity check */
8842 if (so == NULL)
8843 panic("key_freereg: NULL pointer is passed.\n");
8844
8845 /*
8846 * check whether existing or not.
8847 * check all type of SA, because there is a potential that
8848 * one socket is registered to multiple type of SA.
8849 */
8850 lck_mtx_lock(sadb_mutex);
8851 key_delete_all_for_socket(so);
8852 for (i = 0; i <= SADB_SATYPE_MAX; i++) {
8853 LIST_FOREACH(reg, &regtree[i], chain) {
8854 if (reg->so == so
8855 && __LIST_CHAINED(reg)) {
8856 LIST_REMOVE(reg, chain);
8857 KFREE(reg);
8858 break;
8859 }
8860 }
8861 }
8862 lck_mtx_unlock(sadb_mutex);
8863 return;
8864 }
8865
8866 /*
8867 * SADB_EXPIRE processing
8868 * send
8869 * <base, SA, SA2, lifetime(C and one of HS), address(SD)>
8870 * to KMD by PF_KEY.
8871 * NOTE: We send only soft lifetime extension.
8872 *
8873 * OUT: 0 : succeed
8874 * others : error number
8875 */
8876 static int
8877 key_expire(
8878 struct secasvar *sav)
8879 {
8880 int satype;
8881 struct mbuf *result = NULL, *m;
8882 int len;
8883 int error = -1;
8884 struct sadb_lifetime *lt;
8885
8886 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
8887
8888 /* sanity check */
8889 if (sav == NULL)
8890 panic("key_expire: NULL pointer is passed.\n");
8891 if (sav->sah == NULL)
8892 panic("key_expire: Why was SA index in SA NULL.\n");
8893 if ((satype = key_proto2satype(sav->sah->saidx.proto)) == 0)
8894 panic("key_expire: invalid proto is passed.\n");
8895
8896 /* set msg header */
8897 m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
8898 if (!m) {
8899 error = ENOBUFS;
8900 goto fail;
8901 }
8902 result = m;
8903
8904 /* create SA extension */
8905 m = key_setsadbsa(sav);
8906 if (!m) {
8907 error = ENOBUFS;
8908 goto fail;
8909 }
8910 m_cat(result, m);
8911
8912 /* create SA extension */
8913 m = key_setsadbxsa2(sav->sah->saidx.mode,
8914 sav->replay ? sav->replay->count : 0,
8915 sav->sah->saidx.reqid,
8916 sav->flags2);
8917 if (!m) {
8918 error = ENOBUFS;
8919 goto fail;
8920 }
8921 m_cat(result, m);
8922
8923 /* create lifetime extension (current and soft) */
8924 len = PFKEY_ALIGN8(sizeof(*lt)) * 2;
8925 m = key_alloc_mbuf(len);
8926 if (!m || m->m_next) { /*XXX*/
8927 if (m)
8928 m_freem(m);
8929 error = ENOBUFS;
8930 goto fail;
8931 }
8932 bzero(mtod(m, caddr_t), len);
8933 lt = mtod(m, struct sadb_lifetime *);
8934 lt->sadb_lifetime_len = PFKEY_UNIT64(sizeof(struct sadb_lifetime));
8935 lt->sadb_lifetime_exttype = SADB_EXT_LIFETIME_CURRENT;
8936 lt->sadb_lifetime_allocations = sav->lft_c->sadb_lifetime_allocations;
8937 lt->sadb_lifetime_bytes = sav->lft_c->sadb_lifetime_bytes;
8938 lt->sadb_lifetime_addtime = sav->lft_c->sadb_lifetime_addtime;
8939 lt->sadb_lifetime_usetime = sav->lft_c->sadb_lifetime_usetime;
8940 lt = (struct sadb_lifetime *)(void *)(mtod(m, caddr_t) + len / 2);
8941 bcopy(sav->lft_s, lt, sizeof(*lt));
8942 m_cat(result, m);
8943
8944 /* set sadb_address for source */
8945 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
8946 (struct sockaddr *)&sav->sah->saidx.src,
8947 FULLMASK, IPSEC_ULPROTO_ANY);
8948 if (!m) {
8949 error = ENOBUFS;
8950 goto fail;
8951 }
8952 m_cat(result, m);
8953
8954 /* set sadb_address for destination */
8955 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
8956 (struct sockaddr *)&sav->sah->saidx.dst,
8957 FULLMASK, IPSEC_ULPROTO_ANY);
8958 if (!m) {
8959 error = ENOBUFS;
8960 goto fail;
8961 }
8962 m_cat(result, m);
8963
8964 if ((result->m_flags & M_PKTHDR) == 0) {
8965 error = EINVAL;
8966 goto fail;
8967 }
8968
8969 if (result->m_len < sizeof(struct sadb_msg)) {
8970 result = m_pullup(result, sizeof(struct sadb_msg));
8971 if (result == NULL) {
8972 error = ENOBUFS;
8973 goto fail;
8974 }
8975 }
8976
8977 result->m_pkthdr.len = 0;
8978 for (m = result; m; m = m->m_next)
8979 result->m_pkthdr.len += m->m_len;
8980
8981 mtod(result, struct sadb_msg *)->sadb_msg_len =
8982 PFKEY_UNIT64(result->m_pkthdr.len);
8983
8984 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
8985
8986 fail:
8987 if (result)
8988 m_freem(result);
8989 return error;
8990 }
8991
8992 /*
8993 * SADB_FLUSH processing
8994 * receive
8995 * <base>
8996 * from the ikmpd, and free all entries in secastree.
8997 * and send,
8998 * <base>
8999 * to the ikmpd.
9000 * NOTE: to do is only marking SADB_SASTATE_DEAD.
9001 *
9002 * m will always be freed.
9003 */
9004 static int
9005 key_flush(
9006 struct socket *so,
9007 struct mbuf *m,
9008 const struct sadb_msghdr *mhp)
9009 {
9010 struct sadb_msg *newmsg;
9011 struct secashead *sah, *nextsah;
9012 struct secasvar *sav, *nextsav;
9013 u_int16_t proto;
9014 u_int8_t state;
9015 u_int stateidx;
9016
9017 /* sanity check */
9018 if (so == NULL || mhp == NULL || mhp->msg == NULL)
9019 panic("key_flush: NULL pointer is passed.\n");
9020
9021 /* map satype to proto */
9022 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
9023 ipseclog((LOG_DEBUG, "key_flush: invalid satype is passed.\n"));
9024 return key_senderror(so, m, EINVAL);
9025 }
9026
9027 lck_mtx_lock(sadb_mutex);
9028
9029 /* no SATYPE specified, i.e. flushing all SA. */
9030 for (sah = LIST_FIRST(&sahtree);
9031 sah != NULL;
9032 sah = nextsah) {
9033 nextsah = LIST_NEXT(sah, chain);
9034
9035 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
9036 && proto != sah->saidx.proto)
9037 continue;
9038
9039 for (stateidx = 0;
9040 stateidx < _ARRAYLEN(saorder_state_alive);
9041 stateidx++) {
9042 state = saorder_state_any[stateidx];
9043 for (sav = LIST_FIRST(&sah->savtree[state]);
9044 sav != NULL;
9045 sav = nextsav) {
9046
9047 nextsav = LIST_NEXT(sav, chain);
9048
9049 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
9050 key_freesav(sav, KEY_SADB_LOCKED);
9051 }
9052 }
9053
9054 sah->state = SADB_SASTATE_DEAD;
9055 }
9056 lck_mtx_unlock(sadb_mutex);
9057
9058 if (m->m_len < sizeof(struct sadb_msg) ||
9059 sizeof(struct sadb_msg) > m->m_len + M_TRAILINGSPACE(m)) {
9060 ipseclog((LOG_DEBUG, "key_flush: No more memory.\n"));
9061 return key_senderror(so, m, ENOBUFS);
9062 }
9063
9064 if (m->m_next)
9065 m_freem(m->m_next);
9066 m->m_next = NULL;
9067 m->m_pkthdr.len = m->m_len = sizeof(struct sadb_msg);
9068 newmsg = mtod(m, struct sadb_msg *);
9069 newmsg->sadb_msg_errno = 0;
9070 newmsg->sadb_msg_len = PFKEY_UNIT64(m->m_pkthdr.len);
9071
9072 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
9073 }
9074
9075 /*
9076 * SADB_DUMP processing
9077 * dump all entries including status of DEAD in SAD.
9078 * receive
9079 * <base>
9080 * from the ikmpd, and dump all secasvar leaves
9081 * and send,
9082 * <base> .....
9083 * to the ikmpd.
9084 *
9085 * m will always be freed.
9086 */
9087
9088 struct sav_dump_elem {
9089 struct secasvar *sav;
9090 u_int8_t satype;
9091 };
9092
9093 static int
9094 key_dump(
9095 struct socket *so,
9096 struct mbuf *m,
9097 const struct sadb_msghdr *mhp)
9098 {
9099 struct secashead *sah;
9100 struct secasvar *sav;
9101 struct sav_dump_elem *savbuf = NULL, *elem_ptr;
9102 u_int16_t proto;
9103 u_int stateidx;
9104 u_int8_t satype;
9105 u_int8_t state;
9106 int cnt = 0, cnt2, bufcount;
9107 struct mbuf *n;
9108 int error = 0;
9109
9110 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
9111
9112 /* sanity check */
9113 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
9114 panic("key_dump: NULL pointer is passed.\n");
9115
9116 /* map satype to proto */
9117 if ((proto = key_satype2proto(mhp->msg->sadb_msg_satype)) == 0) {
9118 ipseclog((LOG_DEBUG, "key_dump: invalid satype is passed.\n"));
9119 return key_senderror(so, m, EINVAL);
9120 }
9121
9122 if ((bufcount = ipsec_sav_count) <= 0) {
9123 error = ENOENT;
9124 goto end;
9125 }
9126 bufcount += 512; /* extra */
9127 KMALLOC_WAIT(savbuf, struct sav_dump_elem*, bufcount * sizeof(struct sav_dump_elem));
9128 if (savbuf == NULL) {
9129 ipseclog((LOG_DEBUG, "key_dump: No more memory.\n"));
9130 error = ENOMEM;
9131 goto end;
9132 }
9133
9134 /* count sav entries to be sent to the userland. */
9135 lck_mtx_lock(sadb_mutex);
9136 elem_ptr = savbuf;
9137 LIST_FOREACH(sah, &sahtree, chain) {
9138 if (mhp->msg->sadb_msg_satype != SADB_SATYPE_UNSPEC
9139 && proto != sah->saidx.proto)
9140 continue;
9141
9142 /* map proto to satype */
9143 if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
9144 lck_mtx_unlock(sadb_mutex);
9145 ipseclog((LOG_DEBUG, "key_dump: there was invalid proto in SAD.\n"));
9146 error = EINVAL;
9147 goto end;
9148 }
9149
9150 for (stateidx = 0;
9151 stateidx < _ARRAYLEN(saorder_state_any);
9152 stateidx++) {
9153 state = saorder_state_any[stateidx];
9154 LIST_FOREACH(sav, &sah->savtree[state], chain) {
9155 if (cnt == bufcount)
9156 break; /* out of buffer space */
9157 elem_ptr->sav = sav;
9158 elem_ptr->satype = satype;
9159 sav->refcnt++;
9160 elem_ptr++;
9161 cnt++;
9162 }
9163 }
9164 }
9165 lck_mtx_unlock(sadb_mutex);
9166
9167 if (cnt == 0) {
9168 error = ENOENT;
9169 goto end;
9170 }
9171
9172 /* send this to the userland, one at a time. */
9173 elem_ptr = savbuf;
9174 cnt2 = cnt;
9175 while (cnt2) {
9176 n = key_setdumpsa(elem_ptr->sav, SADB_DUMP, elem_ptr->satype,
9177 --cnt2, mhp->msg->sadb_msg_pid);
9178
9179 if (!n) {
9180 error = ENOBUFS;
9181 goto end;
9182 }
9183
9184 key_sendup_mbuf(so, n, KEY_SENDUP_ONE);
9185 elem_ptr++;
9186 }
9187
9188 end:
9189 if (savbuf) {
9190 if (cnt) {
9191 elem_ptr = savbuf;
9192 lck_mtx_lock(sadb_mutex);
9193 while (cnt--)
9194 key_freesav((elem_ptr++)->sav, KEY_SADB_LOCKED);
9195 lck_mtx_unlock(sadb_mutex);
9196 }
9197 KFREE(savbuf);
9198 }
9199
9200 if (error)
9201 return key_senderror(so, m, error);
9202
9203 m_freem(m);
9204 return 0;
9205 }
9206
9207 /*
9208 * SADB_X_PROMISC processing
9209 *
9210 * m will always be freed.
9211 */
9212 static int
9213 key_promisc(
9214 struct socket *so,
9215 struct mbuf *m,
9216 const struct sadb_msghdr *mhp)
9217 {
9218 int olen;
9219
9220 /* sanity check */
9221 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
9222 panic("key_promisc: NULL pointer is passed.\n");
9223
9224 olen = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
9225
9226 if (olen < sizeof(struct sadb_msg)) {
9227 #if 1
9228 return key_senderror(so, m, EINVAL);
9229 #else
9230 m_freem(m);
9231 return 0;
9232 #endif
9233 } else if (olen == sizeof(struct sadb_msg)) {
9234 /* enable/disable promisc mode */
9235 struct keycb *kp;
9236
9237 socket_lock(so, 1);
9238 if ((kp = (struct keycb *)sotorawcb(so)) == NULL)
9239 return key_senderror(so, m, EINVAL);
9240 mhp->msg->sadb_msg_errno = 0;
9241 switch (mhp->msg->sadb_msg_satype) {
9242 case 0:
9243 case 1:
9244 kp->kp_promisc = mhp->msg->sadb_msg_satype;
9245 break;
9246 default:
9247 socket_unlock(so, 1);
9248 return key_senderror(so, m, EINVAL);
9249 }
9250 socket_unlock(so, 1);
9251
9252 /* send the original message back to everyone */
9253 mhp->msg->sadb_msg_errno = 0;
9254 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
9255 } else {
9256 /* send packet as is */
9257
9258 m_adj(m, PFKEY_ALIGN8(sizeof(struct sadb_msg)));
9259
9260 /* TODO: if sadb_msg_seq is specified, send to specific pid */
9261 return key_sendup_mbuf(so, m, KEY_SENDUP_ALL);
9262 }
9263 }
9264
9265 static int (*const key_typesw[])(struct socket *, struct mbuf *,
9266 const struct sadb_msghdr *) = {
9267 NULL, /* SADB_RESERVED */
9268 key_getspi, /* SADB_GETSPI */
9269 key_update, /* SADB_UPDATE */
9270 key_add, /* SADB_ADD */
9271 key_delete, /* SADB_DELETE */
9272 key_get, /* SADB_GET */
9273 key_acquire2, /* SADB_ACQUIRE */
9274 key_register, /* SADB_REGISTER */
9275 NULL, /* SADB_EXPIRE */
9276 key_flush, /* SADB_FLUSH */
9277 key_dump, /* SADB_DUMP */
9278 key_promisc, /* SADB_X_PROMISC */
9279 NULL, /* SADB_X_PCHANGE */
9280 key_spdadd, /* SADB_X_SPDUPDATE */
9281 key_spdadd, /* SADB_X_SPDADD */
9282 key_spddelete, /* SADB_X_SPDDELETE */
9283 key_spdget, /* SADB_X_SPDGET */
9284 NULL, /* SADB_X_SPDACQUIRE */
9285 key_spddump, /* SADB_X_SPDDUMP */
9286 key_spdflush, /* SADB_X_SPDFLUSH */
9287 key_spdadd, /* SADB_X_SPDSETIDX */
9288 NULL, /* SADB_X_SPDEXPIRE */
9289 key_spddelete2, /* SADB_X_SPDDELETE2 */
9290 key_getsastat, /* SADB_GETSASTAT */
9291 key_spdenable, /* SADB_X_SPDENABLE */
9292 key_spddisable, /* SADB_X_SPDDISABLE */
9293 key_migrate, /* SADB_MIGRATE */
9294 };
9295
9296 static void
9297 bzero_mbuf(struct mbuf *m)
9298 {
9299 struct mbuf *mptr = m;
9300 struct sadb_msg *msg = NULL;
9301 int offset = 0;
9302
9303 if (!mptr) {
9304 return;
9305 }
9306
9307 if (mptr->m_len >= sizeof(struct sadb_msg)) {
9308 msg = mtod(mptr, struct sadb_msg *);
9309 if (msg->sadb_msg_type != SADB_ADD &&
9310 msg->sadb_msg_type != SADB_UPDATE) {
9311 return;
9312 }
9313 offset = sizeof(struct sadb_msg);
9314 }
9315 bzero(mptr->m_data+offset, mptr->m_len-offset);
9316 mptr = mptr->m_next;
9317 while (mptr != NULL) {
9318 bzero(mptr->m_data, mptr->m_len);
9319 mptr = mptr->m_next;
9320 }
9321 }
9322
9323 static void
9324 bzero_keys(const struct sadb_msghdr *mh)
9325 {
9326 int extlen = 0;
9327 int offset = 0;
9328
9329 if (!mh) {
9330 return;
9331 }
9332 offset = sizeof(struct sadb_key);
9333
9334 if (mh->ext[SADB_EXT_KEY_ENCRYPT]) {
9335 struct sadb_key *key = (struct sadb_key*)mh->ext[SADB_EXT_KEY_ENCRYPT];
9336 extlen = key->sadb_key_bits >> 3;
9337
9338 if (mh->extlen[SADB_EXT_KEY_ENCRYPT] >= offset + extlen) {
9339 bzero((uint8_t *)mh->ext[SADB_EXT_KEY_ENCRYPT]+offset, extlen);
9340 } else {
9341 bzero(mh->ext[SADB_EXT_KEY_ENCRYPT], mh->extlen[SADB_EXT_KEY_ENCRYPT]);
9342 }
9343 }
9344 if (mh->ext[SADB_EXT_KEY_AUTH]) {
9345 struct sadb_key *key = (struct sadb_key*)mh->ext[SADB_EXT_KEY_AUTH];
9346 extlen = key->sadb_key_bits >> 3;
9347
9348 if (mh->extlen[SADB_EXT_KEY_AUTH] >= offset + extlen) {
9349 bzero((uint8_t *)mh->ext[SADB_EXT_KEY_AUTH]+offset, extlen);
9350 } else {
9351 bzero(mh->ext[SADB_EXT_KEY_AUTH], mh->extlen[SADB_EXT_KEY_AUTH]);
9352 }
9353 }
9354 }
9355
9356 static int
9357 key_validate_address_pair(struct sadb_address *src0,
9358 struct sadb_address *dst0)
9359 {
9360 u_int plen = 0;
9361
9362 /* check upper layer protocol */
9363 if (src0->sadb_address_proto != dst0->sadb_address_proto) {
9364 ipseclog((LOG_DEBUG, "key_parse: upper layer protocol mismatched.\n"));
9365 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9366 return (EINVAL);
9367 }
9368
9369 /* check family */
9370 if (PFKEY_ADDR_SADDR(src0)->sa_family !=
9371 PFKEY_ADDR_SADDR(dst0)->sa_family) {
9372 ipseclog((LOG_DEBUG, "key_parse: address family mismatched.\n"));
9373 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9374 return (EINVAL);
9375 }
9376 if (PFKEY_ADDR_SADDR(src0)->sa_len !=
9377 PFKEY_ADDR_SADDR(dst0)->sa_len) {
9378 ipseclog((LOG_DEBUG,
9379 "key_parse: address struct size mismatched.\n"));
9380 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9381 return (EINVAL);
9382 }
9383
9384 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
9385 case AF_INET:
9386 if (PFKEY_ADDR_SADDR(src0)->sa_len != sizeof(struct sockaddr_in)) {
9387 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9388 return (EINVAL);
9389 }
9390 break;
9391 case AF_INET6:
9392 if (PFKEY_ADDR_SADDR(src0)->sa_len != sizeof(struct sockaddr_in6)) {
9393 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9394 return (EINVAL);
9395 }
9396 break;
9397 default:
9398 ipseclog((LOG_DEBUG,
9399 "key_parse: unsupported address family.\n"));
9400 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9401 return (EAFNOSUPPORT);
9402 }
9403
9404 switch (PFKEY_ADDR_SADDR(src0)->sa_family) {
9405 case AF_INET:
9406 plen = sizeof(struct in_addr) << 3;
9407 break;
9408 case AF_INET6:
9409 plen = sizeof(struct in6_addr) << 3;
9410 break;
9411 default:
9412 plen = 0; /*fool gcc*/
9413 break;
9414 }
9415
9416 /* check max prefix length */
9417 if (src0->sadb_address_prefixlen > plen ||
9418 dst0->sadb_address_prefixlen > plen) {
9419 ipseclog((LOG_DEBUG,
9420 "key_parse: illegal prefixlen.\n"));
9421 PFKEY_STAT_INCREMENT(pfkeystat.out_invaddr);
9422 return (EINVAL);
9423 }
9424
9425 /*
9426 * prefixlen == 0 is valid because there can be a case when
9427 * all addresses are matched.
9428 */
9429 return (0);
9430 }
9431
9432 /*
9433 * parse sadb_msg buffer to process PFKEYv2,
9434 * and create a data to response if needed.
9435 * I think to be dealed with mbuf directly.
9436 * IN:
9437 * msgp : pointer to pointer to a received buffer pulluped.
9438 * This is rewrited to response.
9439 * so : pointer to socket.
9440 * OUT:
9441 * length for buffer to send to user process.
9442 */
9443 int
9444 key_parse(
9445 struct mbuf *m,
9446 struct socket *so)
9447 {
9448 struct sadb_msg *msg;
9449 struct sadb_msghdr mh;
9450 u_int orglen;
9451 int error;
9452 int target;
9453 Boolean keyAligned = FALSE;
9454
9455 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
9456
9457 /* sanity check */
9458 if (m == NULL || so == NULL)
9459 panic("key_parse: NULL pointer is passed.\n");
9460
9461 #if 0 /*kdebug_sadb assumes msg in linear buffer*/
9462 KEYDEBUG(KEYDEBUG_KEY_DUMP,
9463 ipseclog((LOG_DEBUG, "key_parse: passed sadb_msg\n"));
9464 kdebug_sadb(msg));
9465 #endif
9466
9467 if (m->m_len < sizeof(struct sadb_msg)) {
9468 m = m_pullup(m, sizeof(struct sadb_msg));
9469 if (!m)
9470 return ENOBUFS;
9471 }
9472 msg = mtod(m, struct sadb_msg *);
9473 orglen = PFKEY_UNUNIT64(msg->sadb_msg_len);
9474 target = KEY_SENDUP_ONE;
9475
9476 if ((m->m_flags & M_PKTHDR) == 0 ||
9477 m->m_pkthdr.len != m->m_pkthdr.len) {
9478 ipseclog((LOG_DEBUG, "key_parse: invalid message length.\n"));
9479 PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
9480 error = EINVAL;
9481 goto senderror;
9482 }
9483
9484 if (msg->sadb_msg_version != PF_KEY_V2) {
9485 ipseclog((LOG_DEBUG,
9486 "key_parse: PF_KEY version %u is mismatched.\n",
9487 msg->sadb_msg_version));
9488 PFKEY_STAT_INCREMENT(pfkeystat.out_invver);
9489 error = EINVAL;
9490 goto senderror;
9491 }
9492
9493 if (msg->sadb_msg_type > SADB_MAX) {
9494 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
9495 msg->sadb_msg_type));
9496 PFKEY_STAT_INCREMENT(pfkeystat.out_invmsgtype);
9497 error = EINVAL;
9498 goto senderror;
9499 }
9500
9501 /* for old-fashioned code - should be nuked */
9502 if (m->m_pkthdr.len > MCLBYTES) {
9503 m_freem(m);
9504 return ENOBUFS;
9505 }
9506 if (m->m_next) {
9507 struct mbuf *n;
9508
9509 MGETHDR(n, M_WAITOK, MT_DATA);
9510 if (n && m->m_pkthdr.len > MHLEN) {
9511 MCLGET(n, M_WAITOK);
9512 if ((n->m_flags & M_EXT) == 0) {
9513 m_free(n);
9514 n = NULL;
9515 }
9516 }
9517 if (!n) {
9518 bzero_mbuf(m);
9519 m_freem(m);
9520 return ENOBUFS;
9521 }
9522 m_copydata(m, 0, m->m_pkthdr.len, mtod(n, caddr_t));
9523 n->m_pkthdr.len = n->m_len = m->m_pkthdr.len;
9524 n->m_next = NULL;
9525 bzero_mbuf(m);
9526 m_freem(m);
9527 m = n;
9528 }
9529
9530 /* align the mbuf chain so that extensions are in contiguous region. */
9531 error = key_align(m, &mh);
9532 if (error)
9533 return error;
9534
9535 if (m->m_next) { /*XXX*/
9536 bzero_mbuf(m);
9537 m_freem(m);
9538 return ENOBUFS;
9539 }
9540
9541 keyAligned = TRUE;
9542 msg = mh.msg;
9543
9544 /* check SA type */
9545 switch (msg->sadb_msg_satype) {
9546 case SADB_SATYPE_UNSPEC:
9547 switch (msg->sadb_msg_type) {
9548 case SADB_GETSPI:
9549 case SADB_UPDATE:
9550 case SADB_ADD:
9551 case SADB_DELETE:
9552 case SADB_GET:
9553 case SADB_ACQUIRE:
9554 case SADB_EXPIRE:
9555 ipseclog((LOG_DEBUG, "key_parse: must specify satype "
9556 "when msg type=%u.\n", msg->sadb_msg_type));
9557 PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
9558 error = EINVAL;
9559 goto senderror;
9560 }
9561 break;
9562 case SADB_SATYPE_AH:
9563 case SADB_SATYPE_ESP:
9564 case SADB_X_SATYPE_IPCOMP:
9565 switch (msg->sadb_msg_type) {
9566 case SADB_X_SPDADD:
9567 case SADB_X_SPDDELETE:
9568 case SADB_X_SPDGET:
9569 case SADB_X_SPDDUMP:
9570 case SADB_X_SPDFLUSH:
9571 case SADB_X_SPDSETIDX:
9572 case SADB_X_SPDUPDATE:
9573 case SADB_X_SPDDELETE2:
9574 case SADB_X_SPDENABLE:
9575 case SADB_X_SPDDISABLE:
9576 ipseclog((LOG_DEBUG, "key_parse: illegal satype=%u\n",
9577 msg->sadb_msg_type));
9578 PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
9579 error = EINVAL;
9580 goto senderror;
9581 }
9582 break;
9583 case SADB_SATYPE_RSVP:
9584 case SADB_SATYPE_OSPFV2:
9585 case SADB_SATYPE_RIPV2:
9586 case SADB_SATYPE_MIP:
9587 ipseclog((LOG_DEBUG, "key_parse: type %u isn't supported.\n",
9588 msg->sadb_msg_satype));
9589 PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
9590 error = EOPNOTSUPP;
9591 goto senderror;
9592 case 1: /* XXX: What does it do? */
9593 if (msg->sadb_msg_type == SADB_X_PROMISC)
9594 break;
9595 /*FALLTHROUGH*/
9596 default:
9597 ipseclog((LOG_DEBUG, "key_parse: invalid type %u is passed.\n",
9598 msg->sadb_msg_satype));
9599 PFKEY_STAT_INCREMENT(pfkeystat.out_invsatype);
9600 error = EINVAL;
9601 goto senderror;
9602 }
9603
9604 /* Validate address fields for matching families, lengths, etc. */
9605 void *src0 = mh.ext[SADB_EXT_ADDRESS_SRC];
9606 void *dst0 = mh.ext[SADB_EXT_ADDRESS_DST];
9607 if (mh.ext[SADB_X_EXT_ADDR_RANGE_SRC_START] != NULL &&
9608 mh.ext[SADB_X_EXT_ADDR_RANGE_SRC_END] != NULL) {
9609
9610 error = key_validate_address_pair((struct sadb_address *)(mh.ext[SADB_X_EXT_ADDR_RANGE_SRC_START]),
9611 (struct sadb_address *)(mh.ext[SADB_X_EXT_ADDR_RANGE_SRC_END]));
9612 if (error != 0) {
9613 goto senderror;
9614 }
9615
9616 if (src0 == NULL) {
9617 src0 = mh.ext[SADB_X_EXT_ADDR_RANGE_SRC_START];
9618 }
9619 }
9620 if (mh.ext[SADB_X_EXT_ADDR_RANGE_DST_START] != NULL &&
9621 mh.ext[SADB_X_EXT_ADDR_RANGE_DST_END] != NULL) {
9622
9623 error = key_validate_address_pair((struct sadb_address *)(mh.ext[SADB_X_EXT_ADDR_RANGE_DST_START]),
9624 (struct sadb_address *)(mh.ext[SADB_X_EXT_ADDR_RANGE_DST_END]));
9625 if (error != 0) {
9626 goto senderror;
9627 }
9628
9629 if (dst0 == NULL) {
9630 dst0 = mh.ext[SADB_X_EXT_ADDR_RANGE_DST_START];
9631 }
9632 }
9633 if (src0 != NULL && dst0 != NULL) {
9634 error = key_validate_address_pair((struct sadb_address *)(src0),
9635 (struct sadb_address *)(dst0));
9636 if (error != 0) {
9637 goto senderror;
9638 }
9639 }
9640
9641 if (msg->sadb_msg_type >= sizeof(key_typesw)/sizeof(key_typesw[0]) ||
9642 key_typesw[msg->sadb_msg_type] == NULL) {
9643 PFKEY_STAT_INCREMENT(pfkeystat.out_invmsgtype);
9644 error = EINVAL;
9645 goto senderror;
9646 }
9647
9648 error = (*key_typesw[msg->sadb_msg_type])(so, m, &mh);
9649
9650 return error;
9651
9652 senderror:
9653 if (keyAligned) {
9654 bzero_keys(&mh);
9655 } else {
9656 bzero_mbuf(m);
9657 }
9658 msg->sadb_msg_errno = error;
9659 return key_sendup_mbuf(so, m, target);
9660 }
9661
9662 static int
9663 key_senderror(
9664 struct socket *so,
9665 struct mbuf *m,
9666 int code)
9667 {
9668 struct sadb_msg *msg;
9669
9670 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
9671
9672 if (m->m_len < sizeof(struct sadb_msg))
9673 panic("invalid mbuf passed to key_senderror");
9674
9675 msg = mtod(m, struct sadb_msg *);
9676 msg->sadb_msg_errno = code;
9677 return key_sendup_mbuf(so, m, KEY_SENDUP_ONE);
9678 }
9679
9680 /*
9681 * set the pointer to each header into message buffer.
9682 * m will be freed on error.
9683 * XXX larger-than-MCLBYTES extension?
9684 */
9685 static int
9686 key_align(
9687 struct mbuf *m,
9688 struct sadb_msghdr *mhp)
9689 {
9690 struct mbuf *n;
9691 struct sadb_ext *ext;
9692 size_t off, end;
9693 int extlen;
9694 int toff;
9695
9696 /* sanity check */
9697 if (m == NULL || mhp == NULL)
9698 panic("key_align: NULL pointer is passed.\n");
9699 if (m->m_len < sizeof(struct sadb_msg))
9700 panic("invalid mbuf passed to key_align");
9701
9702 /* initialize */
9703 bzero(mhp, sizeof(*mhp));
9704
9705 mhp->msg = mtod(m, struct sadb_msg *);
9706 mhp->ext[0] = (struct sadb_ext *)mhp->msg; /*XXX backward compat */
9707
9708 end = PFKEY_UNUNIT64(mhp->msg->sadb_msg_len);
9709 extlen = end; /*just in case extlen is not updated*/
9710 for (off = sizeof(struct sadb_msg); off < end; off += extlen) {
9711 n = m_pulldown(m, off, sizeof(struct sadb_ext), &toff);
9712 if (!n) {
9713 /* m is already freed */
9714 return ENOBUFS;
9715 }
9716 ext = (struct sadb_ext *)(void *)(mtod(n, caddr_t) + toff);
9717
9718 /* set pointer */
9719 switch (ext->sadb_ext_type) {
9720 case SADB_EXT_SA:
9721 case SADB_EXT_ADDRESS_SRC:
9722 case SADB_EXT_ADDRESS_DST:
9723 case SADB_EXT_ADDRESS_PROXY:
9724 case SADB_EXT_LIFETIME_CURRENT:
9725 case SADB_EXT_LIFETIME_HARD:
9726 case SADB_EXT_LIFETIME_SOFT:
9727 case SADB_EXT_KEY_AUTH:
9728 case SADB_EXT_KEY_ENCRYPT:
9729 case SADB_EXT_IDENTITY_SRC:
9730 case SADB_EXT_IDENTITY_DST:
9731 case SADB_EXT_SENSITIVITY:
9732 case SADB_EXT_PROPOSAL:
9733 case SADB_EXT_SUPPORTED_AUTH:
9734 case SADB_EXT_SUPPORTED_ENCRYPT:
9735 case SADB_EXT_SPIRANGE:
9736 case SADB_X_EXT_POLICY:
9737 case SADB_X_EXT_SA2:
9738 case SADB_EXT_SESSION_ID:
9739 case SADB_EXT_SASTAT:
9740 case SADB_X_EXT_IPSECIF:
9741 case SADB_X_EXT_ADDR_RANGE_SRC_START:
9742 case SADB_X_EXT_ADDR_RANGE_SRC_END:
9743 case SADB_X_EXT_ADDR_RANGE_DST_START:
9744 case SADB_X_EXT_ADDR_RANGE_DST_END:
9745 case SADB_EXT_MIGRATE_ADDRESS_SRC:
9746 case SADB_EXT_MIGRATE_ADDRESS_DST:
9747 case SADB_X_EXT_MIGRATE_IPSECIF:
9748 /* duplicate check */
9749 /*
9750 * XXX Are there duplication payloads of either
9751 * KEY_AUTH or KEY_ENCRYPT ?
9752 */
9753 if (mhp->ext[ext->sadb_ext_type] != NULL) {
9754 ipseclog((LOG_DEBUG,
9755 "key_align: duplicate ext_type %u "
9756 "is passed.\n", ext->sadb_ext_type));
9757 bzero_mbuf(m);
9758 m_freem(m);
9759 PFKEY_STAT_INCREMENT(pfkeystat.out_dupext);
9760 return EINVAL;
9761 }
9762 break;
9763 default:
9764 ipseclog((LOG_DEBUG,
9765 "key_align: invalid ext_type %u is passed.\n",
9766 ext->sadb_ext_type));
9767 bzero_mbuf(m);
9768 m_freem(m);
9769 PFKEY_STAT_INCREMENT(pfkeystat.out_invexttype);
9770 return EINVAL;
9771 }
9772
9773 extlen = PFKEY_UNUNIT64(ext->sadb_ext_len);
9774
9775 if (key_validate_ext(ext, extlen)) {
9776 bzero_mbuf(m);
9777 m_freem(m);
9778 PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
9779 return EINVAL;
9780 }
9781
9782 n = m_pulldown(m, off, extlen, &toff);
9783 if (!n) {
9784 /* m is already freed */
9785 return ENOBUFS;
9786 }
9787 ext = (struct sadb_ext *)(void *)(mtod(n, caddr_t) + toff);
9788
9789 mhp->ext[ext->sadb_ext_type] = ext;
9790 mhp->extoff[ext->sadb_ext_type] = off;
9791 mhp->extlen[ext->sadb_ext_type] = extlen;
9792 }
9793
9794 if (off != end) {
9795 bzero_mbuf(m);
9796 m_freem(m);
9797 PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
9798 return EINVAL;
9799 }
9800
9801 return 0;
9802 }
9803
9804 static int
9805 key_validate_ext(
9806 const struct sadb_ext *ext,
9807 int len)
9808 {
9809 struct sockaddr *sa;
9810 enum { NONE, ADDR } checktype = NONE;
9811 int baselen = 0;
9812 const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
9813
9814 if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
9815 return EINVAL;
9816
9817 /* if it does not match minimum/maximum length, bail */
9818 if (ext->sadb_ext_type >= sizeof(minsize) / sizeof(minsize[0]) ||
9819 ext->sadb_ext_type >= sizeof(maxsize) / sizeof(maxsize[0]))
9820 return EINVAL;
9821 if (!minsize[ext->sadb_ext_type] || len < minsize[ext->sadb_ext_type])
9822 return EINVAL;
9823 if (maxsize[ext->sadb_ext_type] && len > maxsize[ext->sadb_ext_type])
9824 return EINVAL;
9825
9826 /* more checks based on sadb_ext_type XXX need more */
9827 switch (ext->sadb_ext_type) {
9828 case SADB_EXT_ADDRESS_SRC:
9829 case SADB_EXT_ADDRESS_DST:
9830 case SADB_EXT_ADDRESS_PROXY:
9831 case SADB_X_EXT_ADDR_RANGE_SRC_START:
9832 case SADB_X_EXT_ADDR_RANGE_SRC_END:
9833 case SADB_X_EXT_ADDR_RANGE_DST_START:
9834 case SADB_X_EXT_ADDR_RANGE_DST_END:
9835 case SADB_EXT_MIGRATE_ADDRESS_SRC:
9836 case SADB_EXT_MIGRATE_ADDRESS_DST:
9837 baselen = PFKEY_ALIGN8(sizeof(struct sadb_address));
9838 checktype = ADDR;
9839 break;
9840 case SADB_EXT_IDENTITY_SRC:
9841 case SADB_EXT_IDENTITY_DST:
9842 if (((struct sadb_ident *)(uintptr_t)(size_t)ext)->
9843 sadb_ident_type == SADB_X_IDENTTYPE_ADDR) {
9844 baselen = PFKEY_ALIGN8(sizeof(struct sadb_ident));
9845 checktype = ADDR;
9846 } else
9847 checktype = NONE;
9848 break;
9849 default:
9850 checktype = NONE;
9851 break;
9852 }
9853
9854 switch (checktype) {
9855 case NONE:
9856 break;
9857 case ADDR:
9858 sa = (struct sockaddr *)((caddr_t)(uintptr_t)ext + baselen);
9859
9860 if (len < baselen + sal)
9861 return EINVAL;
9862 if (baselen + PFKEY_ALIGN8(sa->sa_len) != len)
9863 return EINVAL;
9864 break;
9865 }
9866
9867 return 0;
9868 }
9869
9870 /*
9871 * XXX: maybe This function is called after INBOUND IPsec processing.
9872 *
9873 * Special check for tunnel-mode packets.
9874 * We must make some checks for consistency between inner and outer IP header.
9875 *
9876 * xxx more checks to be provided
9877 */
9878 int
9879 key_checktunnelsanity(
9880 struct secasvar *sav,
9881 __unused u_int family,
9882 __unused caddr_t src,
9883 __unused caddr_t dst)
9884 {
9885
9886 /* sanity check */
9887 if (sav->sah == NULL)
9888 panic("sav->sah == NULL at key_checktunnelsanity");
9889
9890 /* XXX: check inner IP header */
9891
9892 return 1;
9893 }
9894
9895 /* record data transfer on SA, and update timestamps */
9896 void
9897 key_sa_recordxfer(
9898 struct secasvar *sav,
9899 struct mbuf *m)
9900 {
9901
9902
9903 if (!sav)
9904 panic("key_sa_recordxfer called with sav == NULL");
9905 if (!m)
9906 panic("key_sa_recordxfer called with m == NULL");
9907 if (!sav->lft_c)
9908 return;
9909
9910 lck_mtx_lock(sadb_mutex);
9911 /*
9912 * XXX Currently, there is a difference of bytes size
9913 * between inbound and outbound processing.
9914 */
9915 sav->lft_c->sadb_lifetime_bytes += m->m_pkthdr.len;
9916 /* to check bytes lifetime is done in key_timehandler(). */
9917
9918 /*
9919 * We use the number of packets as the unit of
9920 * sadb_lifetime_allocations. We increment the variable
9921 * whenever {esp,ah}_{in,out}put is called.
9922 */
9923 sav->lft_c->sadb_lifetime_allocations++;
9924 /* XXX check for expires? */
9925
9926 /*
9927 * NOTE: We record CURRENT sadb_lifetime_usetime by using wall clock,
9928 * in seconds. HARD and SOFT lifetime are measured by the time
9929 * difference (again in seconds) from sadb_lifetime_usetime.
9930 *
9931 * usetime
9932 * v expire expire
9933 * -----+-----+--------+---> t
9934 * <--------------> HARD
9935 * <-----> SOFT
9936 */
9937 {
9938 struct timeval tv;
9939 microtime(&tv);
9940 sav->lft_c->sadb_lifetime_usetime = tv.tv_sec;
9941 /* XXX check for expires? */
9942 }
9943 lck_mtx_unlock(sadb_mutex);
9944
9945 return;
9946 }
9947
9948 /* dumb version */
9949 void
9950 key_sa_routechange(
9951 struct sockaddr *dst)
9952 {
9953 struct secashead *sah;
9954 struct route *ro;
9955
9956 lck_mtx_lock(sadb_mutex);
9957 LIST_FOREACH(sah, &sahtree, chain) {
9958 ro = (struct route *)&sah->sa_route;
9959 if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len
9960 && bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) {
9961 ROUTE_RELEASE(ro);
9962 }
9963 }
9964 lck_mtx_unlock(sadb_mutex);
9965
9966 return;
9967 }
9968
9969 void
9970 key_sa_chgstate(
9971 struct secasvar *sav,
9972 u_int8_t state)
9973 {
9974
9975 if (sav == NULL)
9976 panic("key_sa_chgstate called with sav == NULL");
9977
9978 if (sav->state == state)
9979 return;
9980
9981 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
9982
9983 if (__LIST_CHAINED(sav))
9984 LIST_REMOVE(sav, chain);
9985
9986 sav->state = state;
9987 LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
9988
9989 }
9990
9991 void
9992 key_sa_stir_iv(
9993 struct secasvar *sav)
9994 {
9995 lck_mtx_lock(sadb_mutex);
9996 if (!sav->iv)
9997 panic("key_sa_stir_iv called with sav == NULL");
9998 key_randomfill(sav->iv, sav->ivlen);
9999 lck_mtx_unlock(sadb_mutex);
10000 }
10001
10002 /* XXX too much? */
10003 static struct mbuf *
10004 key_alloc_mbuf(
10005 int l)
10006 {
10007 struct mbuf *m = NULL, *n;
10008 int len, t;
10009
10010 len = l;
10011 while (len > 0) {
10012 MGET(n, M_DONTWAIT, MT_DATA);
10013 if (n && len > MLEN)
10014 MCLGET(n, M_DONTWAIT);
10015 if (!n) {
10016 m_freem(m);
10017 return NULL;
10018 }
10019
10020 n->m_next = NULL;
10021 n->m_len = 0;
10022 n->m_len = M_TRAILINGSPACE(n);
10023 /* use the bottom of mbuf, hoping we can prepend afterwards */
10024 if (n->m_len > len) {
10025 t = (n->m_len - len) & ~(sizeof(long) - 1);
10026 n->m_data += t;
10027 n->m_len = len;
10028 }
10029
10030 len -= n->m_len;
10031
10032 if (m)
10033 m_cat(m, n);
10034 else
10035 m = n;
10036 }
10037
10038 return m;
10039 }
10040
10041 static struct mbuf *
10042 key_setdumpsastats (u_int32_t dir,
10043 struct sastat *stats,
10044 u_int32_t max_stats,
10045 u_int64_t session_ids[],
10046 u_int32_t seq,
10047 u_int32_t pid)
10048 {
10049 struct mbuf *result = NULL, *m = NULL;
10050
10051 m = key_setsadbmsg(SADB_GETSASTAT, 0, 0, seq, pid, 0);
10052 if (!m) {
10053 goto fail;
10054 }
10055 result = m;
10056
10057 m = key_setsadbsession_id(session_ids);
10058 if (!m) {
10059 goto fail;
10060 }
10061 m_cat(result, m);
10062
10063 m = key_setsadbsastat(dir,
10064 stats,
10065 max_stats);
10066 if (!m) {
10067 goto fail;
10068 }
10069 m_cat(result, m);
10070
10071 if ((result->m_flags & M_PKTHDR) == 0) {
10072 goto fail;
10073 }
10074
10075 if (result->m_len < sizeof(struct sadb_msg)) {
10076 result = m_pullup(result, sizeof(struct sadb_msg));
10077 if (result == NULL) {
10078 goto fail;
10079 }
10080 }
10081
10082 result->m_pkthdr.len = 0;
10083 for (m = result; m; m = m->m_next) {
10084 result->m_pkthdr.len += m->m_len;
10085 }
10086
10087 mtod(result, struct sadb_msg *)->sadb_msg_len =
10088 PFKEY_UNIT64(result->m_pkthdr.len);
10089
10090 return result;
10091
10092 fail:
10093 if (result) {
10094 m_freem(result);
10095 }
10096 return NULL;
10097 }
10098
10099 /*
10100 * SADB_GETSASTAT processing
10101 * dump all stats for matching entries in SAD.
10102 *
10103 * m will always be freed.
10104 */
10105
10106 static int
10107 key_getsastat (struct socket *so,
10108 struct mbuf *m,
10109 const struct sadb_msghdr *mhp)
10110 {
10111 struct sadb_session_id *session_id;
10112 u_int32_t bufsize, arg_count, res_count;
10113 struct sadb_sastat *sa_stats_arg;
10114 struct sastat *sa_stats_sav = NULL;
10115 struct mbuf *n;
10116 int error = 0;
10117
10118 /* sanity check */
10119 if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
10120 panic("%s: NULL pointer is passed.\n", __FUNCTION__);
10121
10122 if (mhp->ext[SADB_EXT_SESSION_ID] == NULL) {
10123 printf("%s: invalid message is passed. missing session-id.\n", __FUNCTION__);
10124 return key_senderror(so, m, EINVAL);
10125 }
10126 if (mhp->extlen[SADB_EXT_SESSION_ID] < sizeof(struct sadb_session_id)) {
10127 printf("%s: invalid message is passed. short session-id.\n", __FUNCTION__);
10128 return key_senderror(so, m, EINVAL);
10129 }
10130 if (mhp->ext[SADB_EXT_SASTAT] == NULL) {
10131 printf("%s: invalid message is passed. missing stat args.\n", __FUNCTION__);
10132 return key_senderror(so, m, EINVAL);
10133 }
10134 if (mhp->extlen[SADB_EXT_SASTAT] < sizeof(*sa_stats_arg)) {
10135 printf("%s: invalid message is passed. short stat args.\n", __FUNCTION__);
10136 return key_senderror(so, m, EINVAL);
10137 }
10138
10139 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
10140
10141 // exit early if there are no active SAs
10142 if (ipsec_sav_count <= 0) {
10143 printf("%s: No active SAs.\n", __FUNCTION__);
10144 error = ENOENT;
10145 goto end;
10146 }
10147 bufsize = (ipsec_sav_count + 1) * sizeof(*sa_stats_sav);
10148
10149 KMALLOC_WAIT(sa_stats_sav, __typeof__(sa_stats_sav), bufsize);
10150 if (sa_stats_sav == NULL) {
10151 printf("%s: No more memory.\n", __FUNCTION__);
10152 error = ENOMEM;
10153 goto end;
10154 }
10155 bzero(sa_stats_sav, bufsize);
10156
10157 sa_stats_arg = (__typeof__(sa_stats_arg))
10158 (void *)mhp->ext[SADB_EXT_SASTAT];
10159 arg_count = sa_stats_arg->sadb_sastat_list_len;
10160 // exit early if there are no requested SAs
10161 if (arg_count == 0) {
10162 printf("%s: No SAs requested.\n", __FUNCTION__);
10163 error = ENOENT;
10164 goto end;
10165 }
10166 res_count = 0;
10167
10168 if (key_getsastatbyspi((struct sastat *)(sa_stats_arg + 1),
10169 arg_count,
10170 sa_stats_sav,
10171 &res_count)) {
10172 printf("%s: Error finding SAs.\n", __FUNCTION__);
10173 error = ENOENT;
10174 goto end;
10175 }
10176 if (!res_count) {
10177 printf("%s: No SAs found.\n", __FUNCTION__);
10178 error = ENOENT;
10179 goto end;
10180 }
10181
10182 session_id = (__typeof__(session_id))
10183 (void *)mhp->ext[SADB_EXT_SESSION_ID];
10184
10185 /* send this to the userland. */
10186 n = key_setdumpsastats(sa_stats_arg->sadb_sastat_dir,
10187 sa_stats_sav,
10188 res_count,
10189 session_id->sadb_session_id_v,
10190 mhp->msg->sadb_msg_seq,
10191 mhp->msg->sadb_msg_pid);
10192 if (!n) {
10193 printf("%s: No bufs to dump stats.\n", __FUNCTION__);
10194 error = ENOBUFS;
10195 goto end;
10196 }
10197
10198 key_sendup_mbuf(so, n, KEY_SENDUP_ALL);
10199 end:
10200 if (sa_stats_sav) {
10201 KFREE(sa_stats_sav);
10202 }
10203
10204 if (error)
10205 return key_senderror(so, m, error);
10206
10207 m_freem(m);
10208 return 0;
10209 }
10210
10211 static void
10212 key_update_natt_keepalive_timestamp (struct secasvar *sav_sent,
10213 struct secasvar *sav_update)
10214 {
10215 struct secasindex saidx_swap_sent_addr;
10216
10217 // exit early if two SAs are identical, or if sav_update is current
10218 if (sav_sent == sav_update ||
10219 sav_update->natt_last_activity == natt_now) {
10220 return;
10221 }
10222
10223 // assuming that (sav_update->remote_ike_port != 0 && (esp_udp_encap_port & 0xFFFF) != 0)
10224
10225 bzero(&saidx_swap_sent_addr, sizeof(saidx_swap_sent_addr));
10226 memcpy(&saidx_swap_sent_addr.src, &sav_sent->sah->saidx.dst, sizeof(saidx_swap_sent_addr.src));
10227 memcpy(&saidx_swap_sent_addr.dst, &sav_sent->sah->saidx.src, sizeof(saidx_swap_sent_addr.dst));
10228 saidx_swap_sent_addr.proto = sav_sent->sah->saidx.proto;
10229 saidx_swap_sent_addr.mode = sav_sent->sah->saidx.mode;
10230 // we ignore reqid for split-tunnel setups
10231
10232 if (key_cmpsaidx(&sav_sent->sah->saidx, &sav_update->sah->saidx, CMP_MODE | CMP_PORT) ||
10233 key_cmpsaidx(&saidx_swap_sent_addr, &sav_update->sah->saidx, CMP_MODE | CMP_PORT)) {
10234 sav_update->natt_last_activity = natt_now;
10235 }
10236 }
10237
10238 static int
10239 key_send_delsp (struct secpolicy *sp)
10240 {
10241 struct mbuf *result = NULL, *m;
10242
10243 if (sp == NULL)
10244 goto fail;
10245
10246 /* set msg header */
10247 m = key_setsadbmsg(SADB_X_SPDDELETE, 0, 0, 0, 0, 0);
10248 if (!m) {
10249 goto fail;
10250 }
10251 result = m;
10252
10253 /* set sadb_address(es) for source */
10254 if (sp->spidx.src_range.start.ss_len > 0) {
10255 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_START,
10256 (struct sockaddr *)&sp->spidx.src_range.start, sp->spidx.prefs,
10257 sp->spidx.ul_proto);
10258 if (!m)
10259 goto fail;
10260 m_cat(result, m);
10261
10262 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_SRC_END,
10263 (struct sockaddr *)&sp->spidx.src_range.end, sp->spidx.prefs,
10264 sp->spidx.ul_proto);
10265 if (!m)
10266 goto fail;
10267 m_cat(result, m);
10268 } else {
10269 m = key_setsadbaddr(SADB_EXT_ADDRESS_SRC,
10270 (struct sockaddr *)&sp->spidx.src, sp->spidx.prefs,
10271 sp->spidx.ul_proto);
10272 if (!m)
10273 goto fail;
10274 m_cat(result, m);
10275 }
10276
10277 /* set sadb_address(es) for destination */
10278 if (sp->spidx.dst_range.start.ss_len > 0) {
10279 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_START,
10280 (struct sockaddr *)&sp->spidx.dst_range.start, sp->spidx.prefd,
10281 sp->spidx.ul_proto);
10282 if (!m)
10283 goto fail;
10284 m_cat(result, m);
10285
10286 m = key_setsadbaddr(SADB_X_EXT_ADDR_RANGE_DST_END,
10287 (struct sockaddr *)&sp->spidx.dst_range.end, sp->spidx.prefd,
10288 sp->spidx.ul_proto);
10289 if (!m)
10290 goto fail;
10291 m_cat(result, m);
10292 } else {
10293 m = key_setsadbaddr(SADB_EXT_ADDRESS_DST,
10294 (struct sockaddr *)&sp->spidx.dst, sp->spidx.prefd,
10295 sp->spidx.ul_proto);
10296 if (!m)
10297 goto fail;
10298 m_cat(result, m);
10299 }
10300
10301 /* set secpolicy */
10302 m = key_sp2msg(sp);
10303 if (!m) {
10304 goto fail;
10305 }
10306 m_cat(result, m);
10307
10308 if ((result->m_flags & M_PKTHDR) == 0) {
10309 goto fail;
10310 }
10311
10312 if (result->m_len < sizeof(struct sadb_msg)) {
10313 result = m_pullup(result, sizeof(struct sadb_msg));
10314 if (result == NULL) {
10315 goto fail;
10316 }
10317 }
10318
10319 result->m_pkthdr.len = 0;
10320 for (m = result; m; m = m->m_next)
10321 result->m_pkthdr.len += m->m_len;
10322
10323 mtod(result, struct sadb_msg *)->sadb_msg_len = PFKEY_UNIT64(result->m_pkthdr.len);
10324
10325 return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
10326
10327 fail:
10328 if (result)
10329 m_free(result);
10330 return -1;
10331 }
10332
10333 void
10334 key_delsp_for_ipsec_if (ifnet_t ipsec_if)
10335 {
10336 struct secashead *sah;
10337 struct secasvar *sav, *nextsav;
10338 u_int stateidx;
10339 u_int state;
10340 struct secpolicy *sp, *nextsp;
10341 int dir;
10342
10343 if (ipsec_if == NULL)
10344 return;
10345
10346 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
10347
10348 lck_mtx_lock(sadb_mutex);
10349
10350 for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
10351 for (sp = LIST_FIRST(&sptree[dir]);
10352 sp != NULL;
10353 sp = nextsp) {
10354
10355 nextsp = LIST_NEXT(sp, chain);
10356
10357 if (sp->ipsec_if == ipsec_if) {
10358 ifnet_release(sp->ipsec_if);
10359 sp->ipsec_if = NULL;
10360
10361 key_send_delsp(sp);
10362
10363 sp->state = IPSEC_SPSTATE_DEAD;
10364 key_freesp(sp, KEY_SADB_LOCKED);
10365 }
10366 }
10367 }
10368
10369 LIST_FOREACH(sah, &sahtree, chain) {
10370 if (sah->ipsec_if == ipsec_if) {
10371 /* This SAH is linked to the IPSec interface. It now needs to close. */
10372 ifnet_release(sah->ipsec_if);
10373 sah->ipsec_if = NULL;
10374
10375 for (stateidx = 0; stateidx < _ARRAYLEN(saorder_state_alive); stateidx++) {
10376 state = saorder_state_any[stateidx];
10377 for (sav = LIST_FIRST(&sah->savtree[state]); sav != NULL; sav = nextsav) {
10378 nextsav = LIST_NEXT(sav, chain);
10379
10380 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
10381 key_freesav(sav, KEY_SADB_LOCKED);
10382 }
10383 }
10384
10385 sah->state = SADB_SASTATE_DEAD;
10386 }
10387 }
10388
10389 lck_mtx_unlock(sadb_mutex);
10390 }
10391
10392 __private_extern__ u_int32_t
10393 key_fill_offload_frames_for_savs (ifnet_t ifp,
10394 struct ifnet_keepalive_offload_frame *frames_array,
10395 u_int32_t frames_array_count,
10396 size_t frame_data_offset)
10397 {
10398 struct secashead *sah = NULL;
10399 struct secasvar *sav = NULL;
10400 struct ifnet_keepalive_offload_frame *frame = frames_array;
10401 u_int32_t frame_index = 0;
10402
10403 if (frame == NULL || frames_array_count == 0) {
10404 return (frame_index);
10405 }
10406
10407 lck_mtx_lock(sadb_mutex);
10408 LIST_FOREACH(sah, &sahtree, chain) {
10409 LIST_FOREACH(sav, &sah->savtree[SADB_SASTATE_MATURE], chain) {
10410 if (ipsec_fill_offload_frame(ifp, sav, frame, frame_data_offset)) {
10411 frame_index++;
10412 if (frame_index >= frames_array_count) {
10413 lck_mtx_unlock(sadb_mutex);
10414 return (frame_index);
10415 }
10416 frame = &(frames_array[frame_index]);
10417 }
10418 }
10419 }
10420 lck_mtx_unlock(sadb_mutex);
10421
10422 return (frame_index);
10423 }
mirror of XNU