Print this page
5045 use atomic_{inc,dec}_* instead of atomic_add_*
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/uts/common/inet/ip/ipsecesp.c
+++ new/usr/src/uts/common/inet/ip/ipsecesp.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 */
25 25
26 26 #include <sys/types.h>
27 27 #include <sys/stream.h>
28 28 #include <sys/stropts.h>
29 29 #include <sys/errno.h>
30 30 #include <sys/strlog.h>
31 31 #include <sys/tihdr.h>
32 32 #include <sys/socket.h>
33 33 #include <sys/ddi.h>
34 34 #include <sys/sunddi.h>
35 35 #include <sys/kmem.h>
36 36 #include <sys/zone.h>
37 37 #include <sys/sysmacros.h>
38 38 #include <sys/cmn_err.h>
39 39 #include <sys/vtrace.h>
40 40 #include <sys/debug.h>
41 41 #include <sys/atomic.h>
42 42 #include <sys/strsun.h>
43 43 #include <sys/random.h>
44 44 #include <netinet/in.h>
45 45 #include <net/if.h>
46 46 #include <netinet/ip6.h>
47 47 #include <net/pfkeyv2.h>
48 48 #include <net/pfpolicy.h>
49 49
50 50 #include <inet/common.h>
51 51 #include <inet/mi.h>
52 52 #include <inet/nd.h>
53 53 #include <inet/ip.h>
54 54 #include <inet/ip_impl.h>
55 55 #include <inet/ip6.h>
56 56 #include <inet/ip_if.h>
57 57 #include <inet/ip_ndp.h>
58 58 #include <inet/sadb.h>
59 59 #include <inet/ipsec_info.h>
60 60 #include <inet/ipsec_impl.h>
61 61 #include <inet/ipsecesp.h>
62 62 #include <inet/ipdrop.h>
63 63 #include <inet/tcp.h>
64 64 #include <sys/kstat.h>
65 65 #include <sys/policy.h>
66 66 #include <sys/strsun.h>
67 67 #include <sys/strsubr.h>
68 68 #include <inet/udp_impl.h>
69 69 #include <sys/taskq.h>
70 70 #include <sys/note.h>
71 71
72 72 #include <sys/tsol/tnet.h>
73 73
74 74 /*
75 75 * Table of ND variables supported by ipsecesp. These are loaded into
76 76 * ipsecesp_g_nd in ipsecesp_init_nd.
77 77 * All of these are alterable, within the min/max values given, at run time.
78 78 */
79 79 static ipsecespparam_t lcl_param_arr[] = {
80 80 /* min max value name */
81 81 { 0, 3, 0, "ipsecesp_debug"},
82 82 { 125, 32000, SADB_AGE_INTERVAL_DEFAULT, "ipsecesp_age_interval"},
83 83 { 1, 10, 1, "ipsecesp_reap_delay"},
84 84 { 1, SADB_MAX_REPLAY, 64, "ipsecesp_replay_size"},
85 85 { 1, 300, 15, "ipsecesp_acquire_timeout"},
86 86 { 1, 1800, 90, "ipsecesp_larval_timeout"},
87 87 /* Default lifetime values for ACQUIRE messages. */
88 88 { 0, 0xffffffffU, 0, "ipsecesp_default_soft_bytes"},
89 89 { 0, 0xffffffffU, 0, "ipsecesp_default_hard_bytes"},
90 90 { 0, 0xffffffffU, 24000, "ipsecesp_default_soft_addtime"},
91 91 { 0, 0xffffffffU, 28800, "ipsecesp_default_hard_addtime"},
92 92 { 0, 0xffffffffU, 0, "ipsecesp_default_soft_usetime"},
93 93 { 0, 0xffffffffU, 0, "ipsecesp_default_hard_usetime"},
94 94 { 0, 1, 0, "ipsecesp_log_unknown_spi"},
95 95 { 0, 2, 1, "ipsecesp_padding_check"},
96 96 { 0, 600, 20, "ipsecesp_nat_keepalive_interval"},
97 97 };
98 98 #define ipsecesp_debug ipsecesp_params[0].ipsecesp_param_value
99 99 #define ipsecesp_age_interval ipsecesp_params[1].ipsecesp_param_value
100 100 #define ipsecesp_age_int_max ipsecesp_params[1].ipsecesp_param_max
101 101 #define ipsecesp_reap_delay ipsecesp_params[2].ipsecesp_param_value
102 102 #define ipsecesp_replay_size ipsecesp_params[3].ipsecesp_param_value
103 103 #define ipsecesp_acquire_timeout \
104 104 ipsecesp_params[4].ipsecesp_param_value
105 105 #define ipsecesp_larval_timeout \
106 106 ipsecesp_params[5].ipsecesp_param_value
107 107 #define ipsecesp_default_soft_bytes \
108 108 ipsecesp_params[6].ipsecesp_param_value
109 109 #define ipsecesp_default_hard_bytes \
110 110 ipsecesp_params[7].ipsecesp_param_value
111 111 #define ipsecesp_default_soft_addtime \
112 112 ipsecesp_params[8].ipsecesp_param_value
113 113 #define ipsecesp_default_hard_addtime \
114 114 ipsecesp_params[9].ipsecesp_param_value
115 115 #define ipsecesp_default_soft_usetime \
116 116 ipsecesp_params[10].ipsecesp_param_value
117 117 #define ipsecesp_default_hard_usetime \
118 118 ipsecesp_params[11].ipsecesp_param_value
119 119 #define ipsecesp_log_unknown_spi \
120 120 ipsecesp_params[12].ipsecesp_param_value
121 121 #define ipsecesp_padding_check \
122 122 ipsecesp_params[13].ipsecesp_param_value
123 123 /* For ipsecesp_nat_keepalive_interval, see ipsecesp.h. */
124 124
125 125 #define esp0dbg(a) printf a
126 126 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */
127 127 #define esp1dbg(espstack, a) if (espstack->ipsecesp_debug != 0) printf a
128 128 #define esp2dbg(espstack, a) if (espstack->ipsecesp_debug > 1) printf a
129 129 #define esp3dbg(espstack, a) if (espstack->ipsecesp_debug > 2) printf a
130 130
131 131 static int ipsecesp_open(queue_t *, dev_t *, int, int, cred_t *);
132 132 static int ipsecesp_close(queue_t *);
133 133 static void ipsecesp_wput(queue_t *, mblk_t *);
134 134 static void *ipsecesp_stack_init(netstackid_t stackid, netstack_t *ns);
135 135 static void ipsecesp_stack_fini(netstackid_t stackid, void *arg);
136 136 static void esp_send_acquire(ipsacq_t *, mblk_t *, netstack_t *);
137 137
138 138 static void esp_prepare_udp(netstack_t *, mblk_t *, ipha_t *);
139 139 static void esp_outbound_finish(mblk_t *, ip_xmit_attr_t *);
140 140 static void esp_inbound_restart(mblk_t *, ip_recv_attr_t *);
141 141
142 142 static boolean_t esp_register_out(uint32_t, uint32_t, uint_t,
143 143 ipsecesp_stack_t *, cred_t *);
144 144 static boolean_t esp_strip_header(mblk_t *, boolean_t, uint32_t,
145 145 kstat_named_t **, ipsecesp_stack_t *);
146 146 static mblk_t *esp_submit_req_inbound(mblk_t *, ip_recv_attr_t *,
147 147 ipsa_t *, uint_t);
148 148 static mblk_t *esp_submit_req_outbound(mblk_t *, ip_xmit_attr_t *,
149 149 ipsa_t *, uchar_t *, uint_t);
150 150
151 151 /* Setable in /etc/system */
152 152 uint32_t esp_hash_size = IPSEC_DEFAULT_HASH_SIZE;
153 153
154 154 static struct module_info info = {
155 155 5137, "ipsecesp", 0, INFPSZ, 65536, 1024
156 156 };
157 157
158 158 static struct qinit rinit = {
159 159 (pfi_t)putnext, NULL, ipsecesp_open, ipsecesp_close, NULL, &info,
160 160 NULL
161 161 };
162 162
163 163 static struct qinit winit = {
164 164 (pfi_t)ipsecesp_wput, NULL, ipsecesp_open, ipsecesp_close, NULL, &info,
165 165 NULL
166 166 };
167 167
168 168 struct streamtab ipsecespinfo = {
169 169 &rinit, &winit, NULL, NULL
170 170 };
171 171
172 172 static taskq_t *esp_taskq;
173 173
174 174 /*
175 175 * OTOH, this one is set at open/close, and I'm D_MTQPAIR for now.
176 176 *
177 177 * Question: Do I need this, given that all instance's esps->esps_wq point
178 178 * to IP?
179 179 *
180 180 * Answer: Yes, because I need to know which queue is BOUND to
181 181 * IPPROTO_ESP
182 182 */
183 183
184 184 /*
185 185 * Stats. This may eventually become a full-blown SNMP MIB once that spec
186 186 * stabilizes.
187 187 */
188 188
189 189 typedef struct esp_kstats_s {
190 190 kstat_named_t esp_stat_num_aalgs;
191 191 kstat_named_t esp_stat_good_auth;
192 192 kstat_named_t esp_stat_bad_auth;
193 193 kstat_named_t esp_stat_bad_padding;
194 194 kstat_named_t esp_stat_replay_failures;
195 195 kstat_named_t esp_stat_replay_early_failures;
196 196 kstat_named_t esp_stat_keysock_in;
197 197 kstat_named_t esp_stat_out_requests;
198 198 kstat_named_t esp_stat_acquire_requests;
199 199 kstat_named_t esp_stat_bytes_expired;
200 200 kstat_named_t esp_stat_out_discards;
201 201 kstat_named_t esp_stat_crypto_sync;
202 202 kstat_named_t esp_stat_crypto_async;
203 203 kstat_named_t esp_stat_crypto_failures;
204 204 kstat_named_t esp_stat_num_ealgs;
205 205 kstat_named_t esp_stat_bad_decrypt;
206 206 kstat_named_t esp_stat_sa_port_renumbers;
207 207 } esp_kstats_t;
208 208
209 209 /*
210 210 * espstack->esp_kstats is equal to espstack->esp_ksp->ks_data if
211 211 * kstat_create_netstack for espstack->esp_ksp succeeds, but when it
212 212 * fails, it will be NULL. Note this is done for all stack instances,
213 213 * so it *could* fail. hence a non-NULL checking is done for
214 214 * ESP_BUMP_STAT and ESP_DEBUMP_STAT
215 215 */
216 216 #define ESP_BUMP_STAT(espstack, x) \
217 217 do { \
218 218 if (espstack->esp_kstats != NULL) \
219 219 (espstack->esp_kstats->esp_stat_ ## x).value.ui64++; \
220 220 _NOTE(CONSTCOND) \
221 221 } while (0)
222 222
223 223 #define ESP_DEBUMP_STAT(espstack, x) \
224 224 do { \
225 225 if (espstack->esp_kstats != NULL) \
226 226 (espstack->esp_kstats->esp_stat_ ## x).value.ui64--; \
227 227 _NOTE(CONSTCOND) \
228 228 } while (0)
229 229
230 230 static int esp_kstat_update(kstat_t *, int);
231 231
232 232 static boolean_t
233 233 esp_kstat_init(ipsecesp_stack_t *espstack, netstackid_t stackid)
234 234 {
235 235 espstack->esp_ksp = kstat_create_netstack("ipsecesp", 0, "esp_stat",
236 236 "net", KSTAT_TYPE_NAMED,
237 237 sizeof (esp_kstats_t) / sizeof (kstat_named_t),
238 238 KSTAT_FLAG_PERSISTENT, stackid);
239 239
240 240 if (espstack->esp_ksp == NULL || espstack->esp_ksp->ks_data == NULL)
241 241 return (B_FALSE);
242 242
243 243 espstack->esp_kstats = espstack->esp_ksp->ks_data;
244 244
245 245 espstack->esp_ksp->ks_update = esp_kstat_update;
246 246 espstack->esp_ksp->ks_private = (void *)(uintptr_t)stackid;
247 247
248 248 #define K64 KSTAT_DATA_UINT64
249 249 #define KI(x) kstat_named_init(&(espstack->esp_kstats->esp_stat_##x), #x, K64)
250 250
251 251 KI(num_aalgs);
252 252 KI(num_ealgs);
253 253 KI(good_auth);
254 254 KI(bad_auth);
255 255 KI(bad_padding);
256 256 KI(replay_failures);
257 257 KI(replay_early_failures);
258 258 KI(keysock_in);
259 259 KI(out_requests);
260 260 KI(acquire_requests);
261 261 KI(bytes_expired);
262 262 KI(out_discards);
263 263 KI(crypto_sync);
264 264 KI(crypto_async);
265 265 KI(crypto_failures);
266 266 KI(bad_decrypt);
267 267 KI(sa_port_renumbers);
268 268
269 269 #undef KI
270 270 #undef K64
271 271
272 272 kstat_install(espstack->esp_ksp);
273 273
274 274 return (B_TRUE);
275 275 }
276 276
277 277 static int
278 278 esp_kstat_update(kstat_t *kp, int rw)
279 279 {
280 280 esp_kstats_t *ekp;
281 281 netstackid_t stackid = (zoneid_t)(uintptr_t)kp->ks_private;
282 282 netstack_t *ns;
283 283 ipsec_stack_t *ipss;
284 284
285 285 if ((kp == NULL) || (kp->ks_data == NULL))
286 286 return (EIO);
287 287
288 288 if (rw == KSTAT_WRITE)
289 289 return (EACCES);
290 290
291 291 ns = netstack_find_by_stackid(stackid);
292 292 if (ns == NULL)
293 293 return (-1);
294 294 ipss = ns->netstack_ipsec;
295 295 if (ipss == NULL) {
296 296 netstack_rele(ns);
297 297 return (-1);
298 298 }
299 299 ekp = (esp_kstats_t *)kp->ks_data;
300 300
301 301 mutex_enter(&ipss->ipsec_alg_lock);
302 302 ekp->esp_stat_num_aalgs.value.ui64 =
303 303 ipss->ipsec_nalgs[IPSEC_ALG_AUTH];
304 304 ekp->esp_stat_num_ealgs.value.ui64 =
305 305 ipss->ipsec_nalgs[IPSEC_ALG_ENCR];
306 306 mutex_exit(&ipss->ipsec_alg_lock);
307 307
308 308 netstack_rele(ns);
309 309 return (0);
310 310 }
311 311
312 312 #ifdef DEBUG
313 313 /*
314 314 * Debug routine, useful to see pre-encryption data.
315 315 */
316 316 static char *
317 317 dump_msg(mblk_t *mp)
318 318 {
319 319 char tmp_str[3], tmp_line[256];
320 320
321 321 while (mp != NULL) {
322 322 unsigned char *ptr;
323 323
324 324 printf("mblk address 0x%p, length %ld, db_ref %d "
325 325 "type %d, base 0x%p, lim 0x%p\n",
326 326 (void *) mp, (long)(mp->b_wptr - mp->b_rptr),
327 327 mp->b_datap->db_ref, mp->b_datap->db_type,
328 328 (void *)mp->b_datap->db_base, (void *)mp->b_datap->db_lim);
329 329 ptr = mp->b_rptr;
330 330
331 331 tmp_line[0] = '\0';
332 332 while (ptr < mp->b_wptr) {
333 333 uint_t diff;
334 334
335 335 diff = (ptr - mp->b_rptr);
336 336 if (!(diff & 0x1f)) {
337 337 if (strlen(tmp_line) > 0) {
338 338 printf("bytes: %s\n", tmp_line);
339 339 tmp_line[0] = '\0';
340 340 }
341 341 }
342 342 if (!(diff & 0x3))
343 343 (void) strcat(tmp_line, " ");
344 344 (void) sprintf(tmp_str, "%02x", *ptr);
345 345 (void) strcat(tmp_line, tmp_str);
346 346 ptr++;
347 347 }
348 348 if (strlen(tmp_line) > 0)
349 349 printf("bytes: %s\n", tmp_line);
350 350
351 351 mp = mp->b_cont;
352 352 }
353 353
354 354 return ("\n");
355 355 }
356 356
357 357 #else /* DEBUG */
358 358 static char *
359 359 dump_msg(mblk_t *mp)
360 360 {
361 361 printf("Find value of mp %p.\n", mp);
362 362 return ("\n");
363 363 }
364 364 #endif /* DEBUG */
365 365
366 366 /*
367 367 * Don't have to lock age_interval, as only one thread will access it at
368 368 * a time, because I control the one function that does with timeout().
369 369 */
370 370 static void
371 371 esp_ager(void *arg)
372 372 {
373 373 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)arg;
374 374 netstack_t *ns = espstack->ipsecesp_netstack;
375 375 hrtime_t begin = gethrtime();
376 376
377 377 sadb_ager(&espstack->esp_sadb.s_v4, espstack->esp_pfkey_q,
378 378 espstack->ipsecesp_reap_delay, ns);
379 379 sadb_ager(&espstack->esp_sadb.s_v6, espstack->esp_pfkey_q,
380 380 espstack->ipsecesp_reap_delay, ns);
381 381
382 382 espstack->esp_event = sadb_retimeout(begin, espstack->esp_pfkey_q,
383 383 esp_ager, espstack,
384 384 &espstack->ipsecesp_age_interval, espstack->ipsecesp_age_int_max,
385 385 info.mi_idnum);
386 386 }
387 387
388 388 /*
389 389 * Get an ESP NDD parameter.
390 390 */
391 391 /* ARGSUSED */
392 392 static int
393 393 ipsecesp_param_get(q, mp, cp, cr)
394 394 queue_t *q;
395 395 mblk_t *mp;
396 396 caddr_t cp;
397 397 cred_t *cr;
398 398 {
399 399 ipsecespparam_t *ipsecesppa = (ipsecespparam_t *)cp;
400 400 uint_t value;
401 401 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr;
402 402
403 403 mutex_enter(&espstack->ipsecesp_param_lock);
404 404 value = ipsecesppa->ipsecesp_param_value;
405 405 mutex_exit(&espstack->ipsecesp_param_lock);
406 406
407 407 (void) mi_mpprintf(mp, "%u", value);
408 408 return (0);
409 409 }
410 410
411 411 /*
412 412 * This routine sets an NDD variable in a ipsecespparam_t structure.
413 413 */
414 414 /* ARGSUSED */
415 415 static int
416 416 ipsecesp_param_set(q, mp, value, cp, cr)
417 417 queue_t *q;
418 418 mblk_t *mp;
419 419 char *value;
420 420 caddr_t cp;
421 421 cred_t *cr;
422 422 {
423 423 ulong_t new_value;
424 424 ipsecespparam_t *ipsecesppa = (ipsecespparam_t *)cp;
425 425 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr;
426 426
427 427 /*
428 428 * Fail the request if the new value does not lie within the
429 429 * required bounds.
430 430 */
431 431 if (ddi_strtoul(value, NULL, 10, &new_value) != 0 ||
432 432 new_value < ipsecesppa->ipsecesp_param_min ||
433 433 new_value > ipsecesppa->ipsecesp_param_max) {
434 434 return (EINVAL);
435 435 }
436 436
437 437 /* Set the new value */
438 438 mutex_enter(&espstack->ipsecesp_param_lock);
439 439 ipsecesppa->ipsecesp_param_value = new_value;
440 440 mutex_exit(&espstack->ipsecesp_param_lock);
441 441 return (0);
442 442 }
443 443
444 444 /*
445 445 * Using lifetime NDD variables, fill in an extended combination's
446 446 * lifetime information.
447 447 */
448 448 void
449 449 ipsecesp_fill_defs(sadb_x_ecomb_t *ecomb, netstack_t *ns)
450 450 {
451 451 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
452 452
453 453 ecomb->sadb_x_ecomb_soft_bytes = espstack->ipsecesp_default_soft_bytes;
454 454 ecomb->sadb_x_ecomb_hard_bytes = espstack->ipsecesp_default_hard_bytes;
455 455 ecomb->sadb_x_ecomb_soft_addtime =
456 456 espstack->ipsecesp_default_soft_addtime;
457 457 ecomb->sadb_x_ecomb_hard_addtime =
458 458 espstack->ipsecesp_default_hard_addtime;
459 459 ecomb->sadb_x_ecomb_soft_usetime =
460 460 espstack->ipsecesp_default_soft_usetime;
461 461 ecomb->sadb_x_ecomb_hard_usetime =
462 462 espstack->ipsecesp_default_hard_usetime;
463 463 }
464 464
465 465 /*
466 466 * Initialize things for ESP at module load time.
467 467 */
468 468 boolean_t
469 469 ipsecesp_ddi_init(void)
470 470 {
471 471 esp_taskq = taskq_create("esp_taskq", 1, minclsyspri,
472 472 IPSEC_TASKQ_MIN, IPSEC_TASKQ_MAX, 0);
473 473
474 474 /*
475 475 * We want to be informed each time a stack is created or
476 476 * destroyed in the kernel, so we can maintain the
477 477 * set of ipsecesp_stack_t's.
478 478 */
479 479 netstack_register(NS_IPSECESP, ipsecesp_stack_init, NULL,
480 480 ipsecesp_stack_fini);
481 481
482 482 return (B_TRUE);
483 483 }
484 484
485 485 /*
486 486 * Walk through the param array specified registering each element with the
487 487 * named dispatch handler.
488 488 */
489 489 static boolean_t
490 490 ipsecesp_param_register(IDP *ndp, ipsecespparam_t *espp, int cnt)
491 491 {
492 492 for (; cnt-- > 0; espp++) {
493 493 if (espp->ipsecesp_param_name != NULL &&
494 494 espp->ipsecesp_param_name[0]) {
495 495 if (!nd_load(ndp,
496 496 espp->ipsecesp_param_name,
497 497 ipsecesp_param_get, ipsecesp_param_set,
498 498 (caddr_t)espp)) {
499 499 nd_free(ndp);
500 500 return (B_FALSE);
501 501 }
502 502 }
503 503 }
504 504 return (B_TRUE);
505 505 }
506 506 /*
507 507 * Initialize things for ESP for each stack instance
508 508 */
509 509 static void *
510 510 ipsecesp_stack_init(netstackid_t stackid, netstack_t *ns)
511 511 {
512 512 ipsecesp_stack_t *espstack;
513 513 ipsecespparam_t *espp;
514 514
515 515 espstack = (ipsecesp_stack_t *)kmem_zalloc(sizeof (*espstack),
516 516 KM_SLEEP);
517 517 espstack->ipsecesp_netstack = ns;
518 518
519 519 espp = (ipsecespparam_t *)kmem_alloc(sizeof (lcl_param_arr), KM_SLEEP);
520 520 espstack->ipsecesp_params = espp;
521 521 bcopy(lcl_param_arr, espp, sizeof (lcl_param_arr));
522 522
523 523 (void) ipsecesp_param_register(&espstack->ipsecesp_g_nd, espp,
524 524 A_CNT(lcl_param_arr));
525 525
526 526 (void) esp_kstat_init(espstack, stackid);
527 527
528 528 espstack->esp_sadb.s_acquire_timeout =
529 529 &espstack->ipsecesp_acquire_timeout;
530 530 espstack->esp_sadb.s_acqfn = esp_send_acquire;
531 531 sadbp_init("ESP", &espstack->esp_sadb, SADB_SATYPE_ESP, esp_hash_size,
532 532 espstack->ipsecesp_netstack);
533 533
534 534 mutex_init(&espstack->ipsecesp_param_lock, NULL, MUTEX_DEFAULT, 0);
535 535
536 536 ip_drop_register(&espstack->esp_dropper, "IPsec ESP");
537 537 return (espstack);
538 538 }
539 539
540 540 /*
541 541 * Destroy things for ESP at module unload time.
542 542 */
543 543 void
544 544 ipsecesp_ddi_destroy(void)
545 545 {
546 546 netstack_unregister(NS_IPSECESP);
547 547 taskq_destroy(esp_taskq);
548 548 }
549 549
550 550 /*
551 551 * Destroy things for ESP for one stack instance
552 552 */
553 553 static void
554 554 ipsecesp_stack_fini(netstackid_t stackid, void *arg)
555 555 {
556 556 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)arg;
557 557
558 558 if (espstack->esp_pfkey_q != NULL) {
559 559 (void) quntimeout(espstack->esp_pfkey_q, espstack->esp_event);
560 560 }
561 561 espstack->esp_sadb.s_acqfn = NULL;
562 562 espstack->esp_sadb.s_acquire_timeout = NULL;
563 563 sadbp_destroy(&espstack->esp_sadb, espstack->ipsecesp_netstack);
564 564 ip_drop_unregister(&espstack->esp_dropper);
565 565 mutex_destroy(&espstack->ipsecesp_param_lock);
566 566 nd_free(&espstack->ipsecesp_g_nd);
567 567
568 568 kmem_free(espstack->ipsecesp_params, sizeof (lcl_param_arr));
569 569 espstack->ipsecesp_params = NULL;
570 570 kstat_delete_netstack(espstack->esp_ksp, stackid);
571 571 espstack->esp_ksp = NULL;
572 572 espstack->esp_kstats = NULL;
573 573 kmem_free(espstack, sizeof (*espstack));
574 574 }
575 575
576 576 /*
577 577 * ESP module open routine, which is here for keysock plumbing.
578 578 * Keysock is pushed over {AH,ESP} which is an artifact from the Bad Old
579 579 * Days of export control, and fears that ESP would not be allowed
580 580 * to be shipped at all by default. Eventually, keysock should
581 581 * either access AH and ESP via modstubs or krtld dependencies, or
582 582 * perhaps be folded in with AH and ESP into a single IPsec/netsec
583 583 * module ("netsec" if PF_KEY provides more than AH/ESP keying tables).
584 584 */
585 585 /* ARGSUSED */
586 586 static int
587 587 ipsecesp_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp)
588 588 {
589 589 netstack_t *ns;
590 590 ipsecesp_stack_t *espstack;
591 591
592 592 if (secpolicy_ip_config(credp, B_FALSE) != 0)
593 593 return (EPERM);
594 594
595 595 if (q->q_ptr != NULL)
596 596 return (0); /* Re-open of an already open instance. */
597 597
598 598 if (sflag != MODOPEN)
599 599 return (EINVAL);
600 600
601 601 ns = netstack_find_by_cred(credp);
602 602 ASSERT(ns != NULL);
603 603 espstack = ns->netstack_ipsecesp;
604 604 ASSERT(espstack != NULL);
605 605
606 606 q->q_ptr = espstack;
607 607 WR(q)->q_ptr = q->q_ptr;
608 608
609 609 qprocson(q);
610 610 return (0);
611 611 }
612 612
613 613 /*
614 614 * ESP module close routine.
615 615 */
616 616 static int
617 617 ipsecesp_close(queue_t *q)
618 618 {
619 619 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr;
620 620
621 621 /*
622 622 * Clean up q_ptr, if needed.
623 623 */
624 624 qprocsoff(q);
625 625
626 626 /* Keysock queue check is safe, because of OCEXCL perimeter. */
627 627
628 628 if (q == espstack->esp_pfkey_q) {
629 629 esp1dbg(espstack,
630 630 ("ipsecesp_close: Ummm... keysock is closing ESP.\n"));
631 631 espstack->esp_pfkey_q = NULL;
632 632 /* Detach qtimeouts. */
633 633 (void) quntimeout(q, espstack->esp_event);
634 634 }
635 635
636 636 netstack_rele(espstack->ipsecesp_netstack);
637 637 return (0);
638 638 }
639 639
640 640 /*
641 641 * Add a number of bytes to what the SA has protected so far. Return
642 642 * B_TRUE if the SA can still protect that many bytes.
643 643 *
644 644 * Caller must REFRELE the passed-in assoc. This function must REFRELE
645 645 * any obtained peer SA.
646 646 */
647 647 static boolean_t
648 648 esp_age_bytes(ipsa_t *assoc, uint64_t bytes, boolean_t inbound)
649 649 {
650 650 ipsa_t *inassoc, *outassoc;
651 651 isaf_t *bucket;
652 652 boolean_t inrc, outrc, isv6;
653 653 sadb_t *sp;
654 654 int outhash;
655 655 netstack_t *ns = assoc->ipsa_netstack;
656 656 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
657 657
658 658 /* No peer? No problem! */
659 659 if (!assoc->ipsa_haspeer) {
660 660 return (sadb_age_bytes(espstack->esp_pfkey_q, assoc, bytes,
661 661 B_TRUE));
662 662 }
663 663
664 664 /*
665 665 * Otherwise, we want to grab both the original assoc and its peer.
666 666 * There might be a race for this, but if it's a real race, two
667 667 * expire messages may occur. We limit this by only sending the
668 668 * expire message on one of the peers, we'll pick the inbound
669 669 * arbitrarily.
670 670 *
671 671 * If we need tight synchronization on the peer SA, then we need to
672 672 * reconsider.
673 673 */
674 674
675 675 /* Use address length to select IPv6/IPv4 */
676 676 isv6 = (assoc->ipsa_addrfam == AF_INET6);
677 677 sp = isv6 ? &espstack->esp_sadb.s_v6 : &espstack->esp_sadb.s_v4;
678 678
679 679 if (inbound) {
680 680 inassoc = assoc;
681 681 if (isv6) {
682 682 outhash = OUTBOUND_HASH_V6(sp, *((in6_addr_t *)
683 683 &inassoc->ipsa_dstaddr));
684 684 } else {
685 685 outhash = OUTBOUND_HASH_V4(sp, *((ipaddr_t *)
686 686 &inassoc->ipsa_dstaddr));
687 687 }
688 688 bucket = &sp->sdb_of[outhash];
689 689 mutex_enter(&bucket->isaf_lock);
690 690 outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi,
691 691 inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr,
692 692 inassoc->ipsa_addrfam);
693 693 mutex_exit(&bucket->isaf_lock);
694 694 if (outassoc == NULL) {
695 695 /* Q: Do we wish to set haspeer == B_FALSE? */
696 696 esp0dbg(("esp_age_bytes: "
697 697 "can't find peer for inbound.\n"));
698 698 return (sadb_age_bytes(espstack->esp_pfkey_q, inassoc,
699 699 bytes, B_TRUE));
700 700 }
701 701 } else {
702 702 outassoc = assoc;
703 703 bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi);
704 704 mutex_enter(&bucket->isaf_lock);
705 705 inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi,
706 706 outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr,
707 707 outassoc->ipsa_addrfam);
708 708 mutex_exit(&bucket->isaf_lock);
709 709 if (inassoc == NULL) {
710 710 /* Q: Do we wish to set haspeer == B_FALSE? */
711 711 esp0dbg(("esp_age_bytes: "
712 712 "can't find peer for outbound.\n"));
713 713 return (sadb_age_bytes(espstack->esp_pfkey_q, outassoc,
714 714 bytes, B_TRUE));
715 715 }
716 716 }
717 717
718 718 inrc = sadb_age_bytes(espstack->esp_pfkey_q, inassoc, bytes, B_TRUE);
719 719 outrc = sadb_age_bytes(espstack->esp_pfkey_q, outassoc, bytes, B_FALSE);
720 720
721 721 /*
722 722 * REFRELE any peer SA.
723 723 *
724 724 * Because of the multi-line macro nature of IPSA_REFRELE, keep
725 725 * them in { }.
726 726 */
727 727 if (inbound) {
728 728 IPSA_REFRELE(outassoc);
729 729 } else {
730 730 IPSA_REFRELE(inassoc);
731 731 }
732 732
733 733 return (inrc && outrc);
734 734 }
735 735
736 736 /*
737 737 * Do incoming NAT-T manipulations for packet.
738 738 * Returns NULL if the mblk chain is consumed.
739 739 */
740 740 static mblk_t *
741 741 esp_fix_natt_checksums(mblk_t *data_mp, ipsa_t *assoc)
742 742 {
743 743 ipha_t *ipha = (ipha_t *)data_mp->b_rptr;
744 744 tcpha_t *tcpha;
745 745 udpha_t *udpha;
746 746 /* Initialize to our inbound cksum adjustment... */
747 747 uint32_t sum = assoc->ipsa_inbound_cksum;
748 748
749 749 switch (ipha->ipha_protocol) {
750 750 case IPPROTO_TCP:
751 751 tcpha = (tcpha_t *)(data_mp->b_rptr +
752 752 IPH_HDR_LENGTH(ipha));
753 753
754 754 #define DOWN_SUM(x) (x) = ((x) & 0xFFFF) + ((x) >> 16)
755 755 sum += ~ntohs(tcpha->tha_sum) & 0xFFFF;
756 756 DOWN_SUM(sum);
757 757 DOWN_SUM(sum);
758 758 tcpha->tha_sum = ~htons(sum);
759 759 break;
760 760 case IPPROTO_UDP:
761 761 udpha = (udpha_t *)(data_mp->b_rptr + IPH_HDR_LENGTH(ipha));
762 762
763 763 if (udpha->uha_checksum != 0) {
764 764 /* Adujst if the inbound one was not zero. */
765 765 sum += ~ntohs(udpha->uha_checksum) & 0xFFFF;
766 766 DOWN_SUM(sum);
767 767 DOWN_SUM(sum);
768 768 udpha->uha_checksum = ~htons(sum);
769 769 if (udpha->uha_checksum == 0)
770 770 udpha->uha_checksum = 0xFFFF;
771 771 }
772 772 #undef DOWN_SUM
773 773 break;
774 774 case IPPROTO_IP:
775 775 /*
776 776 * This case is only an issue for self-encapsulated
777 777 * packets. So for now, fall through.
778 778 */
779 779 break;
780 780 }
781 781 return (data_mp);
782 782 }
783 783
784 784
785 785 /*
786 786 * Strip ESP header, check padding, and fix IP header.
787 787 * Returns B_TRUE on success, B_FALSE if an error occured.
788 788 */
789 789 static boolean_t
790 790 esp_strip_header(mblk_t *data_mp, boolean_t isv4, uint32_t ivlen,
791 791 kstat_named_t **counter, ipsecesp_stack_t *espstack)
792 792 {
793 793 ipha_t *ipha;
794 794 ip6_t *ip6h;
795 795 uint_t divpoint;
796 796 mblk_t *scratch;
797 797 uint8_t nexthdr, padlen;
798 798 uint8_t lastpad;
799 799 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec;
800 800 uint8_t *lastbyte;
801 801
802 802 /*
803 803 * Strip ESP data and fix IP header.
804 804 *
805 805 * XXX In case the beginning of esp_inbound() changes to not do a
806 806 * pullup, this part of the code can remain unchanged.
807 807 */
808 808 if (isv4) {
809 809 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (ipha_t));
810 810 ipha = (ipha_t *)data_mp->b_rptr;
811 811 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (esph_t) +
812 812 IPH_HDR_LENGTH(ipha));
813 813 divpoint = IPH_HDR_LENGTH(ipha);
814 814 } else {
815 815 ASSERT((data_mp->b_wptr - data_mp->b_rptr) >= sizeof (ip6_t));
816 816 ip6h = (ip6_t *)data_mp->b_rptr;
817 817 divpoint = ip_hdr_length_v6(data_mp, ip6h);
818 818 }
819 819
820 820 scratch = data_mp;
821 821 while (scratch->b_cont != NULL)
822 822 scratch = scratch->b_cont;
823 823
824 824 ASSERT((scratch->b_wptr - scratch->b_rptr) >= 3);
825 825
826 826 /*
827 827 * "Next header" and padding length are the last two bytes in the
828 828 * ESP-protected datagram, thus the explicit - 1 and - 2.
829 829 * lastpad is the last byte of the padding, which can be used for
830 830 * a quick check to see if the padding is correct.
831 831 */
832 832 lastbyte = scratch->b_wptr - 1;
833 833 nexthdr = *lastbyte--;
834 834 padlen = *lastbyte--;
835 835
836 836 if (isv4) {
837 837 /* Fix part of the IP header. */
838 838 ipha->ipha_protocol = nexthdr;
839 839 /*
840 840 * Reality check the padlen. The explicit - 2 is for the
841 841 * padding length and the next-header bytes.
842 842 */
843 843 if (padlen >= ntohs(ipha->ipha_length) - sizeof (ipha_t) - 2 -
844 844 sizeof (esph_t) - ivlen) {
845 845 ESP_BUMP_STAT(espstack, bad_decrypt);
846 846 ipsec_rl_strlog(espstack->ipsecesp_netstack,
847 847 info.mi_idnum, 0, 0,
848 848 SL_ERROR | SL_WARN,
849 849 "Corrupt ESP packet (padlen too big).\n");
850 850 esp1dbg(espstack, ("padlen (%d) is greater than:\n",
851 851 padlen));
852 852 esp1dbg(espstack, ("pkt len(%d) - ip hdr - esp "
853 853 "hdr - ivlen(%d) = %d.\n",
854 854 ntohs(ipha->ipha_length), ivlen,
855 855 (int)(ntohs(ipha->ipha_length) - sizeof (ipha_t) -
856 856 2 - sizeof (esph_t) - ivlen)));
857 857 *counter = DROPPER(ipss, ipds_esp_bad_padlen);
858 858 return (B_FALSE);
859 859 }
860 860
861 861 /*
862 862 * Fix the rest of the header. The explicit - 2 is for the
863 863 * padding length and the next-header bytes.
864 864 */
865 865 ipha->ipha_length = htons(ntohs(ipha->ipha_length) - padlen -
866 866 2 - sizeof (esph_t) - ivlen);
867 867 ipha->ipha_hdr_checksum = 0;
868 868 ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha);
869 869 } else {
870 870 if (ip6h->ip6_nxt == IPPROTO_ESP) {
871 871 ip6h->ip6_nxt = nexthdr;
872 872 } else {
873 873 ip_pkt_t ipp;
874 874
875 875 bzero(&ipp, sizeof (ipp));
876 876 (void) ip_find_hdr_v6(data_mp, ip6h, B_FALSE, &ipp,
877 877 NULL);
878 878 if (ipp.ipp_dstopts != NULL) {
879 879 ipp.ipp_dstopts->ip6d_nxt = nexthdr;
880 880 } else if (ipp.ipp_rthdr != NULL) {
881 881 ipp.ipp_rthdr->ip6r_nxt = nexthdr;
882 882 } else if (ipp.ipp_hopopts != NULL) {
883 883 ipp.ipp_hopopts->ip6h_nxt = nexthdr;
884 884 } else {
885 885 /* Panic a DEBUG kernel. */
886 886 ASSERT(ipp.ipp_hopopts != NULL);
887 887 /* Otherwise, pretend it's IP + ESP. */
888 888 cmn_err(CE_WARN, "ESP IPv6 headers wrong.\n");
889 889 ip6h->ip6_nxt = nexthdr;
890 890 }
891 891 }
892 892
893 893 if (padlen >= ntohs(ip6h->ip6_plen) - 2 - sizeof (esph_t) -
894 894 ivlen) {
895 895 ESP_BUMP_STAT(espstack, bad_decrypt);
896 896 ipsec_rl_strlog(espstack->ipsecesp_netstack,
897 897 info.mi_idnum, 0, 0,
898 898 SL_ERROR | SL_WARN,
899 899 "Corrupt ESP packet (v6 padlen too big).\n");
900 900 esp1dbg(espstack, ("padlen (%d) is greater than:\n",
901 901 padlen));
902 902 esp1dbg(espstack,
903 903 ("pkt len(%u) - ip hdr - esp hdr - ivlen(%d) = "
904 904 "%u.\n", (unsigned)(ntohs(ip6h->ip6_plen)
905 905 + sizeof (ip6_t)), ivlen,
906 906 (unsigned)(ntohs(ip6h->ip6_plen) - 2 -
907 907 sizeof (esph_t) - ivlen)));
908 908 *counter = DROPPER(ipss, ipds_esp_bad_padlen);
909 909 return (B_FALSE);
910 910 }
911 911
912 912
913 913 /*
914 914 * Fix the rest of the header. The explicit - 2 is for the
915 915 * padding length and the next-header bytes. IPv6 is nice,
916 916 * because there's no hdr checksum!
917 917 */
918 918 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - padlen -
919 919 2 - sizeof (esph_t) - ivlen);
920 920 }
921 921
922 922 if (espstack->ipsecesp_padding_check > 0 && padlen > 0) {
923 923 /*
924 924 * Weak padding check: compare last-byte to length, they
925 925 * should be equal.
926 926 */
927 927 lastpad = *lastbyte--;
928 928
929 929 if (padlen != lastpad) {
930 930 ipsec_rl_strlog(espstack->ipsecesp_netstack,
931 931 info.mi_idnum, 0, 0, SL_ERROR | SL_WARN,
932 932 "Corrupt ESP packet (lastpad != padlen).\n");
933 933 esp1dbg(espstack,
934 934 ("lastpad (%d) not equal to padlen (%d):\n",
935 935 lastpad, padlen));
936 936 ESP_BUMP_STAT(espstack, bad_padding);
937 937 *counter = DROPPER(ipss, ipds_esp_bad_padding);
938 938 return (B_FALSE);
939 939 }
940 940
941 941 /*
942 942 * Strong padding check: Check all pad bytes to see that
943 943 * they're ascending. Go backwards using a descending counter
944 944 * to verify. padlen == 1 is checked by previous block, so
945 945 * only bother if we've more than 1 byte of padding.
946 946 * Consequently, start the check one byte before the location
947 947 * of "lastpad".
948 948 */
949 949 if (espstack->ipsecesp_padding_check > 1) {
950 950 /*
951 951 * This assert may have to become an if and a pullup
952 952 * if we start accepting multi-dblk mblks. For now,
953 953 * though, any packet here will have been pulled up in
954 954 * esp_inbound.
955 955 */
956 956 ASSERT(MBLKL(scratch) >= lastpad + 3);
957 957
958 958 /*
959 959 * Use "--lastpad" because we already checked the very
960 960 * last pad byte previously.
961 961 */
962 962 while (--lastpad != 0) {
963 963 if (lastpad != *lastbyte) {
964 964 ipsec_rl_strlog(
965 965 espstack->ipsecesp_netstack,
966 966 info.mi_idnum, 0, 0,
967 967 SL_ERROR | SL_WARN, "Corrupt ESP "
968 968 "packet (bad padding).\n");
969 969 esp1dbg(espstack,
970 970 ("padding not in correct"
971 971 " format:\n"));
972 972 ESP_BUMP_STAT(espstack, bad_padding);
973 973 *counter = DROPPER(ipss,
974 974 ipds_esp_bad_padding);
975 975 return (B_FALSE);
976 976 }
977 977 lastbyte--;
978 978 }
979 979 }
980 980 }
981 981
982 982 /* Trim off the padding. */
983 983 ASSERT(data_mp->b_cont == NULL);
984 984 data_mp->b_wptr -= (padlen + 2);
985 985
986 986 /*
987 987 * Remove the ESP header.
988 988 *
989 989 * The above assertions about data_mp's size will make this work.
990 990 *
991 991 * XXX Question: If I send up and get back a contiguous mblk,
992 992 * would it be quicker to bcopy over, or keep doing the dupb stuff?
993 993 * I go with copying for now.
994 994 */
995 995
996 996 if (IS_P2ALIGNED(data_mp->b_rptr, sizeof (uint32_t)) &&
997 997 IS_P2ALIGNED(ivlen, sizeof (uint32_t))) {
998 998 uint8_t *start = data_mp->b_rptr;
999 999 uint32_t *src, *dst;
1000 1000
1001 1001 src = (uint32_t *)(start + divpoint);
1002 1002 dst = (uint32_t *)(start + divpoint + sizeof (esph_t) + ivlen);
1003 1003
1004 1004 ASSERT(IS_P2ALIGNED(dst, sizeof (uint32_t)) &&
1005 1005 IS_P2ALIGNED(src, sizeof (uint32_t)));
1006 1006
1007 1007 do {
1008 1008 src--;
1009 1009 dst--;
1010 1010 *dst = *src;
1011 1011 } while (src != (uint32_t *)start);
1012 1012
1013 1013 data_mp->b_rptr = (uchar_t *)dst;
1014 1014 } else {
1015 1015 uint8_t *start = data_mp->b_rptr;
1016 1016 uint8_t *src, *dst;
1017 1017
1018 1018 src = start + divpoint;
1019 1019 dst = src + sizeof (esph_t) + ivlen;
1020 1020
1021 1021 do {
1022 1022 src--;
1023 1023 dst--;
1024 1024 *dst = *src;
1025 1025 } while (src != start);
1026 1026
1027 1027 data_mp->b_rptr = dst;
1028 1028 }
1029 1029
1030 1030 esp2dbg(espstack, ("data_mp after inbound ESP adjustment:\n"));
1031 1031 esp2dbg(espstack, (dump_msg(data_mp)));
1032 1032
1033 1033 return (B_TRUE);
1034 1034 }
1035 1035
1036 1036 /*
1037 1037 * Updating use times can be tricky business if the ipsa_haspeer flag is
1038 1038 * set. This function is called once in an SA's lifetime.
1039 1039 *
1040 1040 * Caller has to REFRELE "assoc" which is passed in. This function has
1041 1041 * to REFRELE any peer SA that is obtained.
1042 1042 */
1043 1043 static void
1044 1044 esp_set_usetime(ipsa_t *assoc, boolean_t inbound)
1045 1045 {
1046 1046 ipsa_t *inassoc, *outassoc;
1047 1047 isaf_t *bucket;
1048 1048 sadb_t *sp;
1049 1049 int outhash;
1050 1050 boolean_t isv6;
1051 1051 netstack_t *ns = assoc->ipsa_netstack;
1052 1052 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1053 1053
1054 1054 /* No peer? No problem! */
1055 1055 if (!assoc->ipsa_haspeer) {
1056 1056 sadb_set_usetime(assoc);
1057 1057 return;
1058 1058 }
1059 1059
1060 1060 /*
1061 1061 * Otherwise, we want to grab both the original assoc and its peer.
1062 1062 * There might be a race for this, but if it's a real race, the times
1063 1063 * will be out-of-synch by at most a second, and since our time
1064 1064 * granularity is a second, this won't be a problem.
1065 1065 *
1066 1066 * If we need tight synchronization on the peer SA, then we need to
1067 1067 * reconsider.
1068 1068 */
1069 1069
1070 1070 /* Use address length to select IPv6/IPv4 */
1071 1071 isv6 = (assoc->ipsa_addrfam == AF_INET6);
1072 1072 sp = isv6 ? &espstack->esp_sadb.s_v6 : &espstack->esp_sadb.s_v4;
1073 1073
1074 1074 if (inbound) {
1075 1075 inassoc = assoc;
1076 1076 if (isv6) {
1077 1077 outhash = OUTBOUND_HASH_V6(sp, *((in6_addr_t *)
1078 1078 &inassoc->ipsa_dstaddr));
1079 1079 } else {
1080 1080 outhash = OUTBOUND_HASH_V4(sp, *((ipaddr_t *)
1081 1081 &inassoc->ipsa_dstaddr));
1082 1082 }
1083 1083 bucket = &sp->sdb_of[outhash];
1084 1084 mutex_enter(&bucket->isaf_lock);
1085 1085 outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi,
1086 1086 inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr,
1087 1087 inassoc->ipsa_addrfam);
1088 1088 mutex_exit(&bucket->isaf_lock);
1089 1089 if (outassoc == NULL) {
1090 1090 /* Q: Do we wish to set haspeer == B_FALSE? */
1091 1091 esp0dbg(("esp_set_usetime: "
1092 1092 "can't find peer for inbound.\n"));
1093 1093 sadb_set_usetime(inassoc);
1094 1094 return;
1095 1095 }
1096 1096 } else {
1097 1097 outassoc = assoc;
1098 1098 bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi);
1099 1099 mutex_enter(&bucket->isaf_lock);
1100 1100 inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi,
1101 1101 outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr,
1102 1102 outassoc->ipsa_addrfam);
1103 1103 mutex_exit(&bucket->isaf_lock);
1104 1104 if (inassoc == NULL) {
1105 1105 /* Q: Do we wish to set haspeer == B_FALSE? */
1106 1106 esp0dbg(("esp_set_usetime: "
1107 1107 "can't find peer for outbound.\n"));
1108 1108 sadb_set_usetime(outassoc);
1109 1109 return;
1110 1110 }
1111 1111 }
1112 1112
1113 1113 /* Update usetime on both. */
1114 1114 sadb_set_usetime(inassoc);
1115 1115 sadb_set_usetime(outassoc);
1116 1116
1117 1117 /*
1118 1118 * REFRELE any peer SA.
1119 1119 *
1120 1120 * Because of the multi-line macro nature of IPSA_REFRELE, keep
1121 1121 * them in { }.
1122 1122 */
1123 1123 if (inbound) {
1124 1124 IPSA_REFRELE(outassoc);
1125 1125 } else {
1126 1126 IPSA_REFRELE(inassoc);
1127 1127 }
1128 1128 }
1129 1129
1130 1130 /*
1131 1131 * Handle ESP inbound data for IPv4 and IPv6.
1132 1132 * On success returns B_TRUE, on failure returns B_FALSE and frees the
1133 1133 * mblk chain data_mp.
1134 1134 */
1135 1135 mblk_t *
1136 1136 esp_inbound(mblk_t *data_mp, void *arg, ip_recv_attr_t *ira)
1137 1137 {
1138 1138 esph_t *esph = (esph_t *)arg;
1139 1139 ipsa_t *ipsa = ira->ira_ipsec_esp_sa;
1140 1140 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack;
1141 1141 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1142 1142 ipsec_stack_t *ipss = ns->netstack_ipsec;
1143 1143
1144 1144 /*
1145 1145 * We may wish to check replay in-range-only here as an optimization.
1146 1146 * Include the reality check of ipsa->ipsa_replay >
1147 1147 * ipsa->ipsa_replay_wsize for times when it's the first N packets,
1148 1148 * where N == ipsa->ipsa_replay_wsize.
1149 1149 *
1150 1150 * Another check that may come here later is the "collision" check.
1151 1151 * If legitimate packets flow quickly enough, this won't be a problem,
1152 1152 * but collisions may cause authentication algorithm crunching to
1153 1153 * take place when it doesn't need to.
1154 1154 */
1155 1155 if (!sadb_replay_peek(ipsa, esph->esph_replay)) {
1156 1156 ESP_BUMP_STAT(espstack, replay_early_failures);
1157 1157 IP_ESP_BUMP_STAT(ipss, in_discards);
1158 1158 ip_drop_packet(data_mp, B_TRUE, ira->ira_ill,
1159 1159 DROPPER(ipss, ipds_esp_early_replay),
1160 1160 &espstack->esp_dropper);
1161 1161 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
1162 1162 return (NULL);
1163 1163 }
1164 1164
1165 1165 /*
1166 1166 * Adjust the IP header's payload length to reflect the removal
1167 1167 * of the ICV.
1168 1168 */
1169 1169 if (!(ira->ira_flags & IRAF_IS_IPV4)) {
1170 1170 ip6_t *ip6h = (ip6_t *)data_mp->b_rptr;
1171 1171 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) -
1172 1172 ipsa->ipsa_mac_len);
1173 1173 } else {
1174 1174 ipha_t *ipha = (ipha_t *)data_mp->b_rptr;
1175 1175 ipha->ipha_length = htons(ntohs(ipha->ipha_length) -
1176 1176 ipsa->ipsa_mac_len);
1177 1177 }
1178 1178
1179 1179 /* submit the request to the crypto framework */
1180 1180 return (esp_submit_req_inbound(data_mp, ira, ipsa,
1181 1181 (uint8_t *)esph - data_mp->b_rptr));
1182 1182 }
1183 1183
1184 1184 /*
1185 1185 * Perform the really difficult work of inserting the proposed situation.
1186 1186 * Called while holding the algorithm lock.
1187 1187 */
1188 1188 static void
1189 1189 esp_insert_prop(sadb_prop_t *prop, ipsacq_t *acqrec, uint_t combs,
1190 1190 netstack_t *ns)
1191 1191 {
1192 1192 sadb_comb_t *comb = (sadb_comb_t *)(prop + 1);
1193 1193 ipsec_action_t *ap;
1194 1194 ipsec_prot_t *prot;
1195 1195 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1196 1196 ipsec_stack_t *ipss = ns->netstack_ipsec;
1197 1197
1198 1198 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock));
1199 1199
1200 1200 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
1201 1201 prop->sadb_prop_len = SADB_8TO64(sizeof (sadb_prop_t));
1202 1202 *(uint32_t *)(&prop->sadb_prop_replay) = 0; /* Quick zero-out! */
1203 1203
1204 1204 prop->sadb_prop_replay = espstack->ipsecesp_replay_size;
1205 1205
1206 1206 /*
1207 1207 * Based upon algorithm properties, and what-not, prioritize a
1208 1208 * proposal, based on the ordering of the ESP algorithms in the
1209 1209 * alternatives in the policy rule or socket that was placed
1210 1210 * in the acquire record.
1211 1211 *
1212 1212 * For each action in policy list
1213 1213 * Add combination. If I've hit limit, return.
1214 1214 */
1215 1215
1216 1216 for (ap = acqrec->ipsacq_act; ap != NULL;
1217 1217 ap = ap->ipa_next) {
1218 1218 ipsec_alginfo_t *ealg = NULL;
1219 1219 ipsec_alginfo_t *aalg = NULL;
1220 1220
1221 1221 if (ap->ipa_act.ipa_type != IPSEC_POLICY_APPLY)
1222 1222 continue;
1223 1223
1224 1224 prot = &ap->ipa_act.ipa_apply;
1225 1225
1226 1226 if (!(prot->ipp_use_esp))
1227 1227 continue;
1228 1228
1229 1229 if (prot->ipp_esp_auth_alg != 0) {
1230 1230 aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH]
1231 1231 [prot->ipp_esp_auth_alg];
1232 1232 if (aalg == NULL || !ALG_VALID(aalg))
1233 1233 continue;
1234 1234 }
1235 1235
1236 1236 ASSERT(prot->ipp_encr_alg > 0);
1237 1237 ealg = ipss->ipsec_alglists[IPSEC_ALG_ENCR]
1238 1238 [prot->ipp_encr_alg];
1239 1239 if (ealg == NULL || !ALG_VALID(ealg))
1240 1240 continue;
1241 1241
1242 1242 comb->sadb_comb_flags = 0;
1243 1243 comb->sadb_comb_reserved = 0;
1244 1244 comb->sadb_comb_encrypt = ealg->alg_id;
1245 1245 comb->sadb_comb_encrypt_minbits =
1246 1246 MAX(prot->ipp_espe_minbits, ealg->alg_ef_minbits);
1247 1247 comb->sadb_comb_encrypt_maxbits =
1248 1248 MIN(prot->ipp_espe_maxbits, ealg->alg_ef_maxbits);
1249 1249
1250 1250 if (aalg == NULL) {
1251 1251 comb->sadb_comb_auth = 0;
1252 1252 comb->sadb_comb_auth_minbits = 0;
1253 1253 comb->sadb_comb_auth_maxbits = 0;
1254 1254 } else {
1255 1255 comb->sadb_comb_auth = aalg->alg_id;
1256 1256 comb->sadb_comb_auth_minbits =
1257 1257 MAX(prot->ipp_espa_minbits, aalg->alg_ef_minbits);
1258 1258 comb->sadb_comb_auth_maxbits =
1259 1259 MIN(prot->ipp_espa_maxbits, aalg->alg_ef_maxbits);
1260 1260 }
1261 1261
1262 1262 /*
1263 1263 * The following may be based on algorithm
1264 1264 * properties, but in the meantime, we just pick
1265 1265 * some good, sensible numbers. Key mgmt. can
1266 1266 * (and perhaps should) be the place to finalize
1267 1267 * such decisions.
1268 1268 */
1269 1269
1270 1270 /*
1271 1271 * No limits on allocations, since we really don't
1272 1272 * support that concept currently.
1273 1273 */
1274 1274 comb->sadb_comb_soft_allocations = 0;
1275 1275 comb->sadb_comb_hard_allocations = 0;
1276 1276
1277 1277 /*
1278 1278 * These may want to come from policy rule..
1279 1279 */
1280 1280 comb->sadb_comb_soft_bytes =
1281 1281 espstack->ipsecesp_default_soft_bytes;
1282 1282 comb->sadb_comb_hard_bytes =
1283 1283 espstack->ipsecesp_default_hard_bytes;
1284 1284 comb->sadb_comb_soft_addtime =
1285 1285 espstack->ipsecesp_default_soft_addtime;
1286 1286 comb->sadb_comb_hard_addtime =
1287 1287 espstack->ipsecesp_default_hard_addtime;
1288 1288 comb->sadb_comb_soft_usetime =
1289 1289 espstack->ipsecesp_default_soft_usetime;
1290 1290 comb->sadb_comb_hard_usetime =
1291 1291 espstack->ipsecesp_default_hard_usetime;
1292 1292
1293 1293 prop->sadb_prop_len += SADB_8TO64(sizeof (*comb));
1294 1294 if (--combs == 0)
1295 1295 break; /* out of space.. */
1296 1296 comb++;
1297 1297 }
1298 1298 }
1299 1299
1300 1300 /*
1301 1301 * Prepare and actually send the SADB_ACQUIRE message to PF_KEY.
1302 1302 */
1303 1303 static void
1304 1304 esp_send_acquire(ipsacq_t *acqrec, mblk_t *extended, netstack_t *ns)
1305 1305 {
1306 1306 uint_t combs;
1307 1307 sadb_msg_t *samsg;
1308 1308 sadb_prop_t *prop;
1309 1309 mblk_t *pfkeymp, *msgmp;
1310 1310 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1311 1311 ipsec_stack_t *ipss = ns->netstack_ipsec;
1312 1312
1313 1313 ESP_BUMP_STAT(espstack, acquire_requests);
1314 1314
1315 1315 if (espstack->esp_pfkey_q == NULL) {
1316 1316 mutex_exit(&acqrec->ipsacq_lock);
1317 1317 return;
1318 1318 }
1319 1319
1320 1320 /* Set up ACQUIRE. */
1321 1321 pfkeymp = sadb_setup_acquire(acqrec, SADB_SATYPE_ESP,
1322 1322 ns->netstack_ipsec);
1323 1323 if (pfkeymp == NULL) {
1324 1324 esp0dbg(("sadb_setup_acquire failed.\n"));
1325 1325 mutex_exit(&acqrec->ipsacq_lock);
1326 1326 return;
1327 1327 }
1328 1328 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock));
1329 1329 combs = ipss->ipsec_nalgs[IPSEC_ALG_AUTH] *
1330 1330 ipss->ipsec_nalgs[IPSEC_ALG_ENCR];
1331 1331 msgmp = pfkeymp->b_cont;
1332 1332 samsg = (sadb_msg_t *)(msgmp->b_rptr);
1333 1333
1334 1334 /* Insert proposal here. */
1335 1335
1336 1336 prop = (sadb_prop_t *)(((uint64_t *)samsg) + samsg->sadb_msg_len);
1337 1337 esp_insert_prop(prop, acqrec, combs, ns);
1338 1338 samsg->sadb_msg_len += prop->sadb_prop_len;
1339 1339 msgmp->b_wptr += SADB_64TO8(samsg->sadb_msg_len);
1340 1340
1341 1341 mutex_exit(&ipss->ipsec_alg_lock);
1342 1342
1343 1343 /*
1344 1344 * Must mutex_exit() before sending PF_KEY message up, in
1345 1345 * order to avoid recursive mutex_enter() if there are no registered
1346 1346 * listeners.
1347 1347 *
1348 1348 * Once I've sent the message, I'm cool anyway.
1349 1349 */
1350 1350 mutex_exit(&acqrec->ipsacq_lock);
1351 1351 if (extended != NULL) {
1352 1352 putnext(espstack->esp_pfkey_q, extended);
1353 1353 }
1354 1354 putnext(espstack->esp_pfkey_q, pfkeymp);
1355 1355 }
1356 1356
1357 1357 /* XXX refactor me */
1358 1358 /*
1359 1359 * Handle the SADB_GETSPI message. Create a larval SA.
1360 1360 */
1361 1361 static void
1362 1362 esp_getspi(mblk_t *mp, keysock_in_t *ksi, ipsecesp_stack_t *espstack)
1363 1363 {
1364 1364 ipsa_t *newbie, *target;
1365 1365 isaf_t *outbound, *inbound;
1366 1366 int rc, diagnostic;
1367 1367 sadb_sa_t *assoc;
1368 1368 keysock_out_t *kso;
1369 1369 uint32_t newspi;
1370 1370
1371 1371 /*
1372 1372 * Randomly generate a proposed SPI value
1373 1373 */
1374 1374 if (cl_inet_getspi != NULL) {
1375 1375 cl_inet_getspi(espstack->ipsecesp_netstack->netstack_stackid,
1376 1376 IPPROTO_ESP, (uint8_t *)&newspi, sizeof (uint32_t), NULL);
1377 1377 } else {
1378 1378 (void) random_get_pseudo_bytes((uint8_t *)&newspi,
1379 1379 sizeof (uint32_t));
1380 1380 }
1381 1381 newbie = sadb_getspi(ksi, newspi, &diagnostic,
1382 1382 espstack->ipsecesp_netstack, IPPROTO_ESP);
1383 1383
1384 1384 if (newbie == NULL) {
1385 1385 sadb_pfkey_error(espstack->esp_pfkey_q, mp, ENOMEM, diagnostic,
1386 1386 ksi->ks_in_serial);
1387 1387 return;
1388 1388 } else if (newbie == (ipsa_t *)-1) {
1389 1389 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, diagnostic,
1390 1390 ksi->ks_in_serial);
1391 1391 return;
1392 1392 }
1393 1393
1394 1394 /*
1395 1395 * XXX - We may randomly collide. We really should recover from this.
1396 1396 * Unfortunately, that could require spending way-too-much-time
1397 1397 * in here. For now, let the user retry.
1398 1398 */
1399 1399
1400 1400 if (newbie->ipsa_addrfam == AF_INET6) {
1401 1401 outbound = OUTBOUND_BUCKET_V6(&espstack->esp_sadb.s_v6,
1402 1402 *(uint32_t *)(newbie->ipsa_dstaddr));
1403 1403 inbound = INBOUND_BUCKET(&espstack->esp_sadb.s_v6,
1404 1404 newbie->ipsa_spi);
1405 1405 } else {
1406 1406 ASSERT(newbie->ipsa_addrfam == AF_INET);
1407 1407 outbound = OUTBOUND_BUCKET_V4(&espstack->esp_sadb.s_v4,
1408 1408 *(uint32_t *)(newbie->ipsa_dstaddr));
1409 1409 inbound = INBOUND_BUCKET(&espstack->esp_sadb.s_v4,
1410 1410 newbie->ipsa_spi);
1411 1411 }
1412 1412
1413 1413 mutex_enter(&outbound->isaf_lock);
1414 1414 mutex_enter(&inbound->isaf_lock);
1415 1415
1416 1416 /*
1417 1417 * Check for collisions (i.e. did sadb_getspi() return with something
1418 1418 * that already exists?).
1419 1419 *
1420 1420 * Try outbound first. Even though SADB_GETSPI is traditionally
1421 1421 * for inbound SAs, you never know what a user might do.
1422 1422 */
1423 1423 target = ipsec_getassocbyspi(outbound, newbie->ipsa_spi,
1424 1424 newbie->ipsa_srcaddr, newbie->ipsa_dstaddr, newbie->ipsa_addrfam);
1425 1425 if (target == NULL) {
1426 1426 target = ipsec_getassocbyspi(inbound, newbie->ipsa_spi,
1427 1427 newbie->ipsa_srcaddr, newbie->ipsa_dstaddr,
1428 1428 newbie->ipsa_addrfam);
1429 1429 }
1430 1430
1431 1431 /*
1432 1432 * I don't have collisions elsewhere!
1433 1433 * (Nor will I because I'm still holding inbound/outbound locks.)
1434 1434 */
1435 1435
1436 1436 if (target != NULL) {
1437 1437 rc = EEXIST;
1438 1438 IPSA_REFRELE(target);
1439 1439 } else {
1440 1440 /*
1441 1441 * sadb_insertassoc() also checks for collisions, so
1442 1442 * if there's a colliding entry, rc will be set
1443 1443 * to EEXIST.
1444 1444 */
1445 1445 rc = sadb_insertassoc(newbie, inbound);
1446 1446 newbie->ipsa_hardexpiretime = gethrestime_sec();
1447 1447 newbie->ipsa_hardexpiretime +=
1448 1448 espstack->ipsecesp_larval_timeout;
1449 1449 }
1450 1450
1451 1451 /*
1452 1452 * Can exit outbound mutex. Hold inbound until we're done
1453 1453 * with newbie.
1454 1454 */
1455 1455 mutex_exit(&outbound->isaf_lock);
1456 1456
1457 1457 if (rc != 0) {
1458 1458 mutex_exit(&inbound->isaf_lock);
1459 1459 IPSA_REFRELE(newbie);
1460 1460 sadb_pfkey_error(espstack->esp_pfkey_q, mp, rc,
1461 1461 SADB_X_DIAGNOSTIC_NONE, ksi->ks_in_serial);
1462 1462 return;
1463 1463 }
1464 1464
1465 1465
1466 1466 /* Can write here because I'm still holding the bucket lock. */
1467 1467 newbie->ipsa_type = SADB_SATYPE_ESP;
1468 1468
1469 1469 /*
1470 1470 * Construct successful return message. We have one thing going
1471 1471 * for us in PF_KEY v2. That's the fact that
1472 1472 * sizeof (sadb_spirange_t) == sizeof (sadb_sa_t)
1473 1473 */
1474 1474 assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SPIRANGE];
1475 1475 assoc->sadb_sa_exttype = SADB_EXT_SA;
1476 1476 assoc->sadb_sa_spi = newbie->ipsa_spi;
1477 1477 *((uint64_t *)(&assoc->sadb_sa_replay)) = 0;
1478 1478 mutex_exit(&inbound->isaf_lock);
1479 1479
1480 1480 /* Convert KEYSOCK_IN to KEYSOCK_OUT. */
1481 1481 kso = (keysock_out_t *)ksi;
1482 1482 kso->ks_out_len = sizeof (*kso);
1483 1483 kso->ks_out_serial = ksi->ks_in_serial;
1484 1484 kso->ks_out_type = KEYSOCK_OUT;
1485 1485
1486 1486 /*
1487 1487 * Can safely putnext() to esp_pfkey_q, because this is a turnaround
1488 1488 * from the esp_pfkey_q.
1489 1489 */
1490 1490 putnext(espstack->esp_pfkey_q, mp);
1491 1491 }
1492 1492
1493 1493 /*
1494 1494 * Insert the ESP header into a packet. Duplicate an mblk, and insert a newly
1495 1495 * allocated mblk with the ESP header in between the two.
1496 1496 */
1497 1497 static boolean_t
1498 1498 esp_insert_esp(mblk_t *mp, mblk_t *esp_mp, uint_t divpoint,
1499 1499 ipsecesp_stack_t *espstack)
1500 1500 {
1501 1501 mblk_t *split_mp = mp;
1502 1502 uint_t wheretodiv = divpoint;
1503 1503
1504 1504 while ((split_mp->b_wptr - split_mp->b_rptr) < wheretodiv) {
1505 1505 wheretodiv -= (split_mp->b_wptr - split_mp->b_rptr);
1506 1506 split_mp = split_mp->b_cont;
1507 1507 ASSERT(split_mp != NULL);
1508 1508 }
1509 1509
1510 1510 if (split_mp->b_wptr - split_mp->b_rptr != wheretodiv) {
1511 1511 mblk_t *scratch;
1512 1512
1513 1513 /* "scratch" is the 2nd half, split_mp is the first. */
1514 1514 scratch = dupb(split_mp);
1515 1515 if (scratch == NULL) {
1516 1516 esp1dbg(espstack,
1517 1517 ("esp_insert_esp: can't allocate scratch.\n"));
1518 1518 return (B_FALSE);
1519 1519 }
1520 1520 /* NOTE: dupb() doesn't set b_cont appropriately. */
1521 1521 scratch->b_cont = split_mp->b_cont;
1522 1522 scratch->b_rptr += wheretodiv;
1523 1523 split_mp->b_wptr = split_mp->b_rptr + wheretodiv;
1524 1524 split_mp->b_cont = scratch;
1525 1525 }
1526 1526 /*
1527 1527 * At this point, split_mp is exactly "wheretodiv" bytes long, and
1528 1528 * holds the end of the pre-ESP part of the datagram.
1529 1529 */
1530 1530 esp_mp->b_cont = split_mp->b_cont;
1531 1531 split_mp->b_cont = esp_mp;
1532 1532
1533 1533 return (B_TRUE);
1534 1534 }
1535 1535
1536 1536 /*
1537 1537 * Section 7 of RFC 3947 says:
1538 1538 *
1539 1539 * 7. Recovering from the Expiring NAT Mappings
1540 1540 *
1541 1541 * There are cases where NAT box decides to remove mappings that are still
1542 1542 * alive (for example, when the keepalive interval is too long, or when the
1543 1543 * NAT box is rebooted). To recover from this, ends that are NOT behind
1544 1544 * NAT SHOULD use the last valid UDP encapsulated IKE or IPsec packet from
1545 1545 * the other end to determine which IP and port addresses should be used.
1546 1546 * The host behind dynamic NAT MUST NOT do this, as otherwise it opens a
1547 1547 * DoS attack possibility because the IP address or port of the other host
1548 1548 * will not change (it is not behind NAT).
1549 1549 *
1550 1550 * Keepalives cannot be used for these purposes, as they are not
1551 1551 * authenticated, but any IKE authenticated IKE packet or ESP packet can be
1552 1552 * used to detect whether the IP address or the port has changed.
1553 1553 *
1554 1554 * The following function will check an SA and its explicitly-set pair to see
1555 1555 * if the NAT-T remote port matches the received packet (which must have
1556 1556 * passed ESP authentication, see esp_in_done() for the caller context). If
1557 1557 * there is a mismatch, the SAs are updated. It is not important if we race
1558 1558 * with a transmitting thread, as if there is a transmitting thread, it will
1559 1559 * merely emit a packet that will most-likely be dropped.
1560 1560 *
1561 1561 * "ports" are ordered src,dst, and assoc is an inbound SA, where src should
1562 1562 * match ipsa_remote_nat_port and dst should match ipsa_local_nat_port.
1563 1563 */
1564 1564 #ifdef _LITTLE_ENDIAN
1565 1565 #define FIRST_16(x) ((x) & 0xFFFF)
1566 1566 #define NEXT_16(x) (((x) >> 16) & 0xFFFF)
1567 1567 #else
1568 1568 #define FIRST_16(x) (((x) >> 16) & 0xFFFF)
1569 1569 #define NEXT_16(x) ((x) & 0xFFFF)
1570 1570 #endif
1571 1571 static void
1572 1572 esp_port_freshness(uint32_t ports, ipsa_t *assoc)
1573 1573 {
1574 1574 uint16_t remote = FIRST_16(ports);
1575 1575 uint16_t local = NEXT_16(ports);
1576 1576 ipsa_t *outbound_peer;
1577 1577 isaf_t *bucket;
1578 1578 ipsecesp_stack_t *espstack = assoc->ipsa_netstack->netstack_ipsecesp;
1579 1579
1580 1580 /* We found a conn_t, therefore local != 0. */
1581 1581 ASSERT(local != 0);
1582 1582 /* Assume an IPv4 SA. */
1583 1583 ASSERT(assoc->ipsa_addrfam == AF_INET);
1584 1584
1585 1585 /*
1586 1586 * On-the-wire rport == 0 means something's very wrong.
1587 1587 * An unpaired SA is also useless to us.
1588 1588 * If we are behind the NAT, don't bother.
1589 1589 * A zero local NAT port defaults to 4500, so check that too.
1590 1590 * And, of course, if the ports already match, we don't need to
1591 1591 * bother.
1592 1592 */
1593 1593 if (remote == 0 || assoc->ipsa_otherspi == 0 ||
1594 1594 (assoc->ipsa_flags & IPSA_F_BEHIND_NAT) ||
1595 1595 (assoc->ipsa_remote_nat_port == 0 &&
1596 1596 remote == htons(IPPORT_IKE_NATT)) ||
1597 1597 remote == assoc->ipsa_remote_nat_port)
1598 1598 return;
1599 1599
1600 1600 /* Try and snag the peer. NOTE: Assume IPv4 for now. */
1601 1601 bucket = OUTBOUND_BUCKET_V4(&(espstack->esp_sadb.s_v4),
1602 1602 assoc->ipsa_srcaddr[0]);
1603 1603 mutex_enter(&bucket->isaf_lock);
1604 1604 outbound_peer = ipsec_getassocbyspi(bucket, assoc->ipsa_otherspi,
1605 1605 assoc->ipsa_dstaddr, assoc->ipsa_srcaddr, AF_INET);
1606 1606 mutex_exit(&bucket->isaf_lock);
1607 1607
1608 1608 /* We probably lost a race to a deleting or expiring thread. */
1609 1609 if (outbound_peer == NULL)
1610 1610 return;
1611 1611
1612 1612 /*
1613 1613 * Hold the mutexes for both SAs so we don't race another inbound
1614 1614 * thread. A lock-entry order shouldn't matter, since all other
1615 1615 * per-ipsa locks are individually held-then-released.
1616 1616 *
1617 1617 * Luckily, this has nothing to do with the remote-NAT address,
1618 1618 * so we don't have to re-scribble the cached-checksum differential.
1619 1619 */
1620 1620 mutex_enter(&outbound_peer->ipsa_lock);
1621 1621 mutex_enter(&assoc->ipsa_lock);
1622 1622 outbound_peer->ipsa_remote_nat_port = assoc->ipsa_remote_nat_port =
1623 1623 remote;
1624 1624 mutex_exit(&assoc->ipsa_lock);
1625 1625 mutex_exit(&outbound_peer->ipsa_lock);
1626 1626 IPSA_REFRELE(outbound_peer);
1627 1627 ESP_BUMP_STAT(espstack, sa_port_renumbers);
1628 1628 }
1629 1629 /*
1630 1630 * Finish processing of an inbound ESP packet after processing by the
1631 1631 * crypto framework.
1632 1632 * - Remove the ESP header.
1633 1633 * - Send packet back to IP.
1634 1634 * If authentication was performed on the packet, this function is called
1635 1635 * only if the authentication succeeded.
1636 1636 * On success returns B_TRUE, on failure returns B_FALSE and frees the
1637 1637 * mblk chain data_mp.
1638 1638 */
1639 1639 static mblk_t *
1640 1640 esp_in_done(mblk_t *data_mp, ip_recv_attr_t *ira, ipsec_crypto_t *ic)
1641 1641 {
1642 1642 ipsa_t *assoc;
1643 1643 uint_t espstart;
1644 1644 uint32_t ivlen = 0;
1645 1645 uint_t processed_len;
1646 1646 esph_t *esph;
1647 1647 kstat_named_t *counter;
1648 1648 boolean_t is_natt;
1649 1649 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack;
1650 1650 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1651 1651 ipsec_stack_t *ipss = ns->netstack_ipsec;
1652 1652
1653 1653 assoc = ira->ira_ipsec_esp_sa;
1654 1654 ASSERT(assoc != NULL);
1655 1655
1656 1656 is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0);
1657 1657
1658 1658 /* get the pointer to the ESP header */
1659 1659 if (assoc->ipsa_encr_alg == SADB_EALG_NULL) {
1660 1660 /* authentication-only ESP */
1661 1661 espstart = ic->ic_crypto_data.cd_offset;
1662 1662 processed_len = ic->ic_crypto_data.cd_length;
1663 1663 } else {
1664 1664 /* encryption present */
1665 1665 ivlen = assoc->ipsa_iv_len;
1666 1666 if (assoc->ipsa_auth_alg == SADB_AALG_NONE) {
1667 1667 /* encryption-only ESP */
1668 1668 espstart = ic->ic_crypto_data.cd_offset -
1669 1669 sizeof (esph_t) - assoc->ipsa_iv_len;
1670 1670 processed_len = ic->ic_crypto_data.cd_length +
1671 1671 ivlen;
1672 1672 } else {
1673 1673 /* encryption with authentication */
1674 1674 espstart = ic->ic_crypto_dual_data.dd_offset1;
1675 1675 processed_len = ic->ic_crypto_dual_data.dd_len2 +
1676 1676 ivlen;
1677 1677 }
1678 1678 }
1679 1679
1680 1680 esph = (esph_t *)(data_mp->b_rptr + espstart);
1681 1681
1682 1682 if (assoc->ipsa_auth_alg != IPSA_AALG_NONE ||
1683 1683 (assoc->ipsa_flags & IPSA_F_COMBINED)) {
1684 1684 /*
1685 1685 * Authentication passed if we reach this point.
1686 1686 * Packets with authentication will have the ICV
1687 1687 * after the crypto data. Adjust b_wptr before
1688 1688 * making padlen checks.
1689 1689 */
1690 1690 ESP_BUMP_STAT(espstack, good_auth);
1691 1691 data_mp->b_wptr -= assoc->ipsa_mac_len;
1692 1692
1693 1693 /*
1694 1694 * Check replay window here!
1695 1695 * For right now, assume keysock will set the replay window
1696 1696 * size to zero for SAs that have an unspecified sender.
1697 1697 * This may change...
1698 1698 */
1699 1699
1700 1700 if (!sadb_replay_check(assoc, esph->esph_replay)) {
1701 1701 /*
1702 1702 * Log the event. As of now we print out an event.
1703 1703 * Do not print the replay failure number, or else
1704 1704 * syslog cannot collate the error messages. Printing
1705 1705 * the replay number that failed opens a denial-of-
1706 1706 * service attack.
1707 1707 */
1708 1708 ipsec_assocfailure(info.mi_idnum, 0, 0,
1709 1709 SL_ERROR | SL_WARN,
1710 1710 "Replay failed for ESP spi 0x%x, dst %s.\n",
1711 1711 assoc->ipsa_spi, assoc->ipsa_dstaddr,
1712 1712 assoc->ipsa_addrfam, espstack->ipsecesp_netstack);
1713 1713 ESP_BUMP_STAT(espstack, replay_failures);
1714 1714 counter = DROPPER(ipss, ipds_esp_replay);
1715 1715 goto drop_and_bail;
1716 1716 }
1717 1717
1718 1718 if (is_natt) {
1719 1719 ASSERT(ira->ira_flags & IRAF_ESP_UDP_PORTS);
1720 1720 ASSERT(ira->ira_esp_udp_ports != 0);
1721 1721 esp_port_freshness(ira->ira_esp_udp_ports, assoc);
1722 1722 }
1723 1723 }
1724 1724
1725 1725 esp_set_usetime(assoc, B_TRUE);
1726 1726
1727 1727 if (!esp_age_bytes(assoc, processed_len, B_TRUE)) {
1728 1728 /* The ipsa has hit hard expiration, LOG and AUDIT. */
1729 1729 ipsec_assocfailure(info.mi_idnum, 0, 0,
1730 1730 SL_ERROR | SL_WARN,
1731 1731 "ESP association 0x%x, dst %s had bytes expire.\n",
1732 1732 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam,
1733 1733 espstack->ipsecesp_netstack);
1734 1734 ESP_BUMP_STAT(espstack, bytes_expired);
1735 1735 counter = DROPPER(ipss, ipds_esp_bytes_expire);
1736 1736 goto drop_and_bail;
1737 1737 }
1738 1738
1739 1739 /*
1740 1740 * Remove ESP header and padding from packet. I hope the compiler
1741 1741 * spews "branch, predict taken" code for this.
1742 1742 */
1743 1743
1744 1744 if (esp_strip_header(data_mp, (ira->ira_flags & IRAF_IS_IPV4),
1745 1745 ivlen, &counter, espstack)) {
1746 1746
1747 1747 if (is_system_labeled() && assoc->ipsa_tsl != NULL) {
1748 1748 if (!ip_recv_attr_replace_label(ira, assoc->ipsa_tsl)) {
1749 1749 ip_drop_packet(data_mp, B_TRUE, ira->ira_ill,
1750 1750 DROPPER(ipss, ipds_ah_nomem),
1751 1751 &espstack->esp_dropper);
1752 1752 BUMP_MIB(ira->ira_ill->ill_ip_mib,
1753 1753 ipIfStatsInDiscards);
1754 1754 return (NULL);
1755 1755 }
1756 1756 }
1757 1757 if (is_natt)
1758 1758 return (esp_fix_natt_checksums(data_mp, assoc));
1759 1759
1760 1760 if (assoc->ipsa_state == IPSA_STATE_IDLE) {
1761 1761 /*
1762 1762 * Cluster buffering case. Tell caller that we're
1763 1763 * handling the packet.
1764 1764 */
1765 1765 sadb_buf_pkt(assoc, data_mp, ira);
1766 1766 return (NULL);
1767 1767 }
1768 1768
1769 1769 return (data_mp);
1770 1770 }
1771 1771
1772 1772 esp1dbg(espstack, ("esp_in_done: esp_strip_header() failed\n"));
1773 1773 drop_and_bail:
1774 1774 IP_ESP_BUMP_STAT(ipss, in_discards);
1775 1775 ip_drop_packet(data_mp, B_TRUE, ira->ira_ill, counter,
1776 1776 &espstack->esp_dropper);
1777 1777 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
1778 1778 return (NULL);
1779 1779 }
1780 1780
1781 1781 /*
1782 1782 * Called upon failing the inbound ICV check. The message passed as
1783 1783 * argument is freed.
1784 1784 */
1785 1785 static void
1786 1786 esp_log_bad_auth(mblk_t *mp, ip_recv_attr_t *ira)
1787 1787 {
1788 1788 ipsa_t *assoc = ira->ira_ipsec_esp_sa;
1789 1789 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack;
1790 1790 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
1791 1791 ipsec_stack_t *ipss = ns->netstack_ipsec;
1792 1792
1793 1793 /*
1794 1794 * Log the event. Don't print to the console, block
1795 1795 * potential denial-of-service attack.
1796 1796 */
1797 1797 ESP_BUMP_STAT(espstack, bad_auth);
1798 1798
1799 1799 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN,
1800 1800 "ESP Authentication failed for spi 0x%x, dst %s.\n",
1801 1801 assoc->ipsa_spi, assoc->ipsa_dstaddr, assoc->ipsa_addrfam,
1802 1802 espstack->ipsecesp_netstack);
1803 1803
1804 1804 IP_ESP_BUMP_STAT(ipss, in_discards);
1805 1805 ip_drop_packet(mp, B_TRUE, ira->ira_ill,
1806 1806 DROPPER(ipss, ipds_esp_bad_auth),
1807 1807 &espstack->esp_dropper);
1808 1808 }
1809 1809
1810 1810
1811 1811 /*
1812 1812 * Invoked for outbound packets after ESP processing. If the packet
1813 1813 * also requires AH, performs the AH SA selection and AH processing.
1814 1814 * Returns B_TRUE if the AH processing was not needed or if it was
1815 1815 * performed successfully. Returns B_FALSE and consumes the passed mblk
1816 1816 * if AH processing was required but could not be performed.
1817 1817 *
1818 1818 * Returns data_mp unless data_mp was consumed/queued.
1819 1819 */
1820 1820 static mblk_t *
1821 1821 esp_do_outbound_ah(mblk_t *data_mp, ip_xmit_attr_t *ixa)
1822 1822 {
1823 1823 ipsec_action_t *ap;
1824 1824
1825 1825 ap = ixa->ixa_ipsec_action;
1826 1826 if (ap == NULL) {
1827 1827 ipsec_policy_t *pp = ixa->ixa_ipsec_policy;
1828 1828 ap = pp->ipsp_act;
1829 1829 }
1830 1830
1831 1831 if (!ap->ipa_want_ah)
1832 1832 return (data_mp);
1833 1833
1834 1834 /*
1835 1835 * Normally the AH SA would have already been put in place
1836 1836 * but it could have been flushed so we need to look for it.
1837 1837 */
1838 1838 if (ixa->ixa_ipsec_ah_sa == NULL) {
1839 1839 if (!ipsec_outbound_sa(data_mp, ixa, IPPROTO_AH)) {
1840 1840 sadb_acquire(data_mp, ixa, B_TRUE, B_FALSE);
1841 1841 return (NULL);
1842 1842 }
1843 1843 }
1844 1844 ASSERT(ixa->ixa_ipsec_ah_sa != NULL);
1845 1845
1846 1846 data_mp = ixa->ixa_ipsec_ah_sa->ipsa_output_func(data_mp, ixa);
1847 1847 return (data_mp);
1848 1848 }
1849 1849
1850 1850
1851 1851 /*
1852 1852 * Kernel crypto framework callback invoked after completion of async
1853 1853 * crypto requests for outbound packets.
1854 1854 */
1855 1855 static void
1856 1856 esp_kcf_callback_outbound(void *arg, int status)
1857 1857 {
1858 1858 mblk_t *mp = (mblk_t *)arg;
1859 1859 mblk_t *async_mp;
1860 1860 netstack_t *ns;
1861 1861 ipsec_stack_t *ipss;
1862 1862 ipsecesp_stack_t *espstack;
1863 1863 mblk_t *data_mp;
1864 1864 ip_xmit_attr_t ixas;
1865 1865 ipsec_crypto_t *ic;
1866 1866 ill_t *ill;
1867 1867
1868 1868 /*
1869 1869 * First remove the ipsec_crypto_t mblk
1870 1870 * Note that we need to ipsec_free_crypto_data(mp) once done with ic.
1871 1871 */
1872 1872 async_mp = ipsec_remove_crypto_data(mp, &ic);
1873 1873 ASSERT(async_mp != NULL);
1874 1874
1875 1875 /*
1876 1876 * Extract the ip_xmit_attr_t from the first mblk.
1877 1877 * Verifies that the netstack and ill is still around; could
1878 1878 * have vanished while kEf was doing its work.
1879 1879 * On succesful return we have a nce_t and the ill/ipst can't
1880 1880 * disappear until we do the nce_refrele in ixa_cleanup.
1881 1881 */
1882 1882 data_mp = async_mp->b_cont;
1883 1883 async_mp->b_cont = NULL;
1884 1884 if (!ip_xmit_attr_from_mblk(async_mp, &ixas)) {
1885 1885 /* Disappeared on us - no ill/ipst for MIB */
1886 1886 /* We have nowhere to do stats since ixa_ipst could be NULL */
1887 1887 if (ixas.ixa_nce != NULL) {
1888 1888 ill = ixas.ixa_nce->nce_ill;
1889 1889 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
1890 1890 ip_drop_output("ipIfStatsOutDiscards", data_mp, ill);
1891 1891 }
1892 1892 freemsg(data_mp);
1893 1893 goto done;
1894 1894 }
1895 1895 ns = ixas.ixa_ipst->ips_netstack;
1896 1896 espstack = ns->netstack_ipsecesp;
1897 1897 ipss = ns->netstack_ipsec;
1898 1898 ill = ixas.ixa_nce->nce_ill;
1899 1899
1900 1900 if (status == CRYPTO_SUCCESS) {
1901 1901 /*
1902 1902 * If a ICV was computed, it was stored by the
1903 1903 * crypto framework at the end of the packet.
1904 1904 */
1905 1905 ipha_t *ipha = (ipha_t *)data_mp->b_rptr;
1906 1906
1907 1907 esp_set_usetime(ixas.ixa_ipsec_esp_sa, B_FALSE);
1908 1908 /* NAT-T packet. */
1909 1909 if (IPH_HDR_VERSION(ipha) == IP_VERSION &&
1910 1910 ipha->ipha_protocol == IPPROTO_UDP)
1911 1911 esp_prepare_udp(ns, data_mp, ipha);
1912 1912
1913 1913 /* do AH processing if needed */
1914 1914 data_mp = esp_do_outbound_ah(data_mp, &ixas);
1915 1915 if (data_mp == NULL)
1916 1916 goto done;
1917 1917
1918 1918 (void) ip_output_post_ipsec(data_mp, &ixas);
1919 1919 } else {
1920 1920 /* Outbound shouldn't see invalid MAC */
1921 1921 ASSERT(status != CRYPTO_INVALID_MAC);
1922 1922
1923 1923 esp1dbg(espstack,
1924 1924 ("esp_kcf_callback_outbound: crypto failed with 0x%x\n",
1925 1925 status));
1926 1926 ESP_BUMP_STAT(espstack, crypto_failures);
1927 1927 ESP_BUMP_STAT(espstack, out_discards);
1928 1928 ip_drop_packet(data_mp, B_FALSE, ill,
1929 1929 DROPPER(ipss, ipds_esp_crypto_failed),
1930 1930 &espstack->esp_dropper);
1931 1931 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
1932 1932 }
1933 1933 done:
1934 1934 ixa_cleanup(&ixas);
1935 1935 (void) ipsec_free_crypto_data(mp);
1936 1936 }
1937 1937
1938 1938 /*
1939 1939 * Kernel crypto framework callback invoked after completion of async
1940 1940 * crypto requests for inbound packets.
1941 1941 */
1942 1942 static void
1943 1943 esp_kcf_callback_inbound(void *arg, int status)
1944 1944 {
1945 1945 mblk_t *mp = (mblk_t *)arg;
1946 1946 mblk_t *async_mp;
1947 1947 netstack_t *ns;
1948 1948 ipsecesp_stack_t *espstack;
1949 1949 ipsec_stack_t *ipss;
1950 1950 mblk_t *data_mp;
1951 1951 ip_recv_attr_t iras;
1952 1952 ipsec_crypto_t *ic;
1953 1953
1954 1954 /*
1955 1955 * First remove the ipsec_crypto_t mblk
1956 1956 * Note that we need to ipsec_free_crypto_data(mp) once done with ic.
1957 1957 */
1958 1958 async_mp = ipsec_remove_crypto_data(mp, &ic);
1959 1959 ASSERT(async_mp != NULL);
1960 1960
1961 1961 /*
1962 1962 * Extract the ip_recv_attr_t from the first mblk.
1963 1963 * Verifies that the netstack and ill is still around; could
1964 1964 * have vanished while kEf was doing its work.
1965 1965 */
1966 1966 data_mp = async_mp->b_cont;
1967 1967 async_mp->b_cont = NULL;
1968 1968 if (!ip_recv_attr_from_mblk(async_mp, &iras)) {
1969 1969 /* The ill or ip_stack_t disappeared on us */
1970 1970 ip_drop_input("ip_recv_attr_from_mblk", data_mp, NULL);
1971 1971 freemsg(data_mp);
1972 1972 goto done;
1973 1973 }
1974 1974
1975 1975 ns = iras.ira_ill->ill_ipst->ips_netstack;
1976 1976 espstack = ns->netstack_ipsecesp;
1977 1977 ipss = ns->netstack_ipsec;
1978 1978
1979 1979 if (status == CRYPTO_SUCCESS) {
1980 1980 data_mp = esp_in_done(data_mp, &iras, ic);
1981 1981 if (data_mp == NULL)
1982 1982 goto done;
1983 1983
1984 1984 /* finish IPsec processing */
1985 1985 ip_input_post_ipsec(data_mp, &iras);
1986 1986 } else if (status == CRYPTO_INVALID_MAC) {
1987 1987 esp_log_bad_auth(data_mp, &iras);
1988 1988 } else {
1989 1989 esp1dbg(espstack,
1990 1990 ("esp_kcf_callback: crypto failed with 0x%x\n",
1991 1991 status));
1992 1992 ESP_BUMP_STAT(espstack, crypto_failures);
1993 1993 IP_ESP_BUMP_STAT(ipss, in_discards);
1994 1994 ip_drop_packet(data_mp, B_TRUE, iras.ira_ill,
1995 1995 DROPPER(ipss, ipds_esp_crypto_failed),
1996 1996 &espstack->esp_dropper);
1997 1997 BUMP_MIB(iras.ira_ill->ill_ip_mib, ipIfStatsInDiscards);
1998 1998 }
1999 1999 done:
2000 2000 ira_cleanup(&iras, B_TRUE);
2001 2001 (void) ipsec_free_crypto_data(mp);
2002 2002 }
2003 2003
2004 2004 /*
2005 2005 * Invoked on crypto framework failure during inbound and outbound processing.
2006 2006 */
2007 2007 static void
2008 2008 esp_crypto_failed(mblk_t *data_mp, boolean_t is_inbound, int kef_rc,
2009 2009 ill_t *ill, ipsecesp_stack_t *espstack)
2010 2010 {
2011 2011 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec;
2012 2012
2013 2013 esp1dbg(espstack, ("crypto failed for %s ESP with 0x%x\n",
2014 2014 is_inbound ? "inbound" : "outbound", kef_rc));
2015 2015 ip_drop_packet(data_mp, is_inbound, ill,
2016 2016 DROPPER(ipss, ipds_esp_crypto_failed),
2017 2017 &espstack->esp_dropper);
2018 2018 ESP_BUMP_STAT(espstack, crypto_failures);
2019 2019 if (is_inbound)
2020 2020 IP_ESP_BUMP_STAT(ipss, in_discards);
2021 2021 else
2022 2022 ESP_BUMP_STAT(espstack, out_discards);
2023 2023 }
2024 2024
2025 2025 /*
2026 2026 * A statement-equivalent macro, _cr MUST point to a modifiable
2027 2027 * crypto_call_req_t.
2028 2028 */
2029 2029 #define ESP_INIT_CALLREQ(_cr, _mp, _callback) \
2030 2030 (_cr)->cr_flag = CRYPTO_SKIP_REQID|CRYPTO_ALWAYS_QUEUE; \
2031 2031 (_cr)->cr_callback_arg = (_mp); \
2032 2032 (_cr)->cr_callback_func = (_callback)
2033 2033
2034 2034 #define ESP_INIT_CRYPTO_MAC(mac, icvlen, icvbuf) { \
2035 2035 (mac)->cd_format = CRYPTO_DATA_RAW; \
2036 2036 (mac)->cd_offset = 0; \
2037 2037 (mac)->cd_length = icvlen; \
2038 2038 (mac)->cd_raw.iov_base = (char *)icvbuf; \
2039 2039 (mac)->cd_raw.iov_len = icvlen; \
2040 2040 }
2041 2041
2042 2042 #define ESP_INIT_CRYPTO_DATA(data, mp, off, len) { \
2043 2043 if (MBLKL(mp) >= (len) + (off)) { \
2044 2044 (data)->cd_format = CRYPTO_DATA_RAW; \
2045 2045 (data)->cd_raw.iov_base = (char *)(mp)->b_rptr; \
2046 2046 (data)->cd_raw.iov_len = MBLKL(mp); \
2047 2047 (data)->cd_offset = off; \
2048 2048 } else { \
2049 2049 (data)->cd_format = CRYPTO_DATA_MBLK; \
2050 2050 (data)->cd_mp = mp; \
2051 2051 (data)->cd_offset = off; \
2052 2052 } \
2053 2053 (data)->cd_length = len; \
2054 2054 }
2055 2055
2056 2056 #define ESP_INIT_CRYPTO_DUAL_DATA(data, mp, off1, len1, off2, len2) { \
2057 2057 (data)->dd_format = CRYPTO_DATA_MBLK; \
2058 2058 (data)->dd_mp = mp; \
2059 2059 (data)->dd_len1 = len1; \
2060 2060 (data)->dd_offset1 = off1; \
2061 2061 (data)->dd_len2 = len2; \
2062 2062 (data)->dd_offset2 = off2; \
2063 2063 }
2064 2064
2065 2065 /*
2066 2066 * Returns data_mp if successfully completed the request. Returns
2067 2067 * NULL if it failed (and increments InDiscards) or if it is pending.
2068 2068 */
2069 2069 static mblk_t *
2070 2070 esp_submit_req_inbound(mblk_t *esp_mp, ip_recv_attr_t *ira,
2071 2071 ipsa_t *assoc, uint_t esph_offset)
2072 2072 {
2073 2073 uint_t auth_offset, msg_len, auth_len;
2074 2074 crypto_call_req_t call_req, *callrp;
2075 2075 mblk_t *mp;
2076 2076 esph_t *esph_ptr;
2077 2077 int kef_rc;
2078 2078 uint_t icv_len = assoc->ipsa_mac_len;
2079 2079 crypto_ctx_template_t auth_ctx_tmpl;
2080 2080 boolean_t do_auth, do_encr, force;
2081 2081 uint_t encr_offset, encr_len;
2082 2082 uint_t iv_len = assoc->ipsa_iv_len;
2083 2083 crypto_ctx_template_t encr_ctx_tmpl;
2084 2084 ipsec_crypto_t *ic, icstack;
2085 2085 uchar_t *iv_ptr;
2086 2086 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack;
2087 2087 ipsec_stack_t *ipss = ns->netstack_ipsec;
2088 2088 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
2089 2089
2090 2090 do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE;
2091 2091 do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL;
2092 2092 force = (assoc->ipsa_flags & IPSA_F_ASYNC);
2093 2093
2094 2094 #ifdef IPSEC_LATENCY_TEST
2095 2095 kef_rc = CRYPTO_SUCCESS;
2096 2096 #else
2097 2097 kef_rc = CRYPTO_FAILED;
2098 2098 #endif
2099 2099
2100 2100 /*
2101 2101 * An inbound packet is of the form:
2102 2102 * [IP,options,ESP,IV,data,ICV,pad]
2103 2103 */
2104 2104 esph_ptr = (esph_t *)(esp_mp->b_rptr + esph_offset);
2105 2105 iv_ptr = (uchar_t *)(esph_ptr + 1);
2106 2106 /* Packet length starting at IP header ending after ESP ICV. */
2107 2107 msg_len = MBLKL(esp_mp);
2108 2108
2109 2109 encr_offset = esph_offset + sizeof (esph_t) + iv_len;
2110 2110 encr_len = msg_len - encr_offset;
2111 2111
2112 2112 /*
2113 2113 * Counter mode algs need a nonce. This is setup in sadb_common_add().
2114 2114 * If for some reason we are using a SA which does not have a nonce
2115 2115 * then we must fail here.
2116 2116 */
2117 2117 if ((assoc->ipsa_flags & IPSA_F_COUNTERMODE) &&
2118 2118 (assoc->ipsa_nonce == NULL)) {
2119 2119 ip_drop_packet(esp_mp, B_TRUE, ira->ira_ill,
2120 2120 DROPPER(ipss, ipds_esp_nomem), &espstack->esp_dropper);
2121 2121 return (NULL);
2122 2122 }
2123 2123
2124 2124 if (force) {
2125 2125 /* We are doing asynch; allocate mblks to hold state */
2126 2126 if ((mp = ip_recv_attr_to_mblk(ira)) == NULL ||
2127 2127 (mp = ipsec_add_crypto_data(mp, &ic)) == NULL) {
2128 2128 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
2129 2129 ip_drop_input("ipIfStatsInDiscards", esp_mp,
2130 2130 ira->ira_ill);
2131 2131 return (NULL);
2132 2132 }
2133 2133 linkb(mp, esp_mp);
2134 2134 callrp = &call_req;
2135 2135 ESP_INIT_CALLREQ(callrp, mp, esp_kcf_callback_inbound);
2136 2136 } else {
2137 2137 /*
2138 2138 * If we know we are going to do sync then ipsec_crypto_t
2139 2139 * should be on the stack.
2140 2140 */
2141 2141 ic = &icstack;
2142 2142 bzero(ic, sizeof (*ic));
2143 2143 callrp = NULL;
2144 2144 }
2145 2145
2146 2146 if (do_auth) {
2147 2147 /* authentication context template */
2148 2148 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH,
2149 2149 auth_ctx_tmpl);
2150 2150
2151 2151 /* ICV to be verified */
2152 2152 ESP_INIT_CRYPTO_MAC(&ic->ic_crypto_mac,
2153 2153 icv_len, esp_mp->b_wptr - icv_len);
2154 2154
2155 2155 /* authentication starts at the ESP header */
2156 2156 auth_offset = esph_offset;
2157 2157 auth_len = msg_len - auth_offset - icv_len;
2158 2158 if (!do_encr) {
2159 2159 /* authentication only */
2160 2160 /* initialize input data argument */
2161 2161 ESP_INIT_CRYPTO_DATA(&ic->ic_crypto_data,
2162 2162 esp_mp, auth_offset, auth_len);
2163 2163
2164 2164 /* call the crypto framework */
2165 2165 kef_rc = crypto_mac_verify(&assoc->ipsa_amech,
2166 2166 &ic->ic_crypto_data,
2167 2167 &assoc->ipsa_kcfauthkey, auth_ctx_tmpl,
2168 2168 &ic->ic_crypto_mac, callrp);
2169 2169 }
2170 2170 }
2171 2171
2172 2172 if (do_encr) {
2173 2173 /* encryption template */
2174 2174 IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR,
2175 2175 encr_ctx_tmpl);
2176 2176
2177 2177 /* Call the nonce update function. Also passes in IV */
2178 2178 (assoc->ipsa_noncefunc)(assoc, (uchar_t *)esph_ptr, encr_len,
2179 2179 iv_ptr, &ic->ic_cmm, &ic->ic_crypto_data);
2180 2180
2181 2181 if (!do_auth) {
2182 2182 /* decryption only */
2183 2183 /* initialize input data argument */
2184 2184 ESP_INIT_CRYPTO_DATA(&ic->ic_crypto_data,
2185 2185 esp_mp, encr_offset, encr_len);
2186 2186
2187 2187 /* call the crypto framework */
2188 2188 kef_rc = crypto_decrypt((crypto_mechanism_t *)
2189 2189 &ic->ic_cmm, &ic->ic_crypto_data,
2190 2190 &assoc->ipsa_kcfencrkey, encr_ctx_tmpl,
2191 2191 NULL, callrp);
2192 2192 }
2193 2193 }
2194 2194
2195 2195 if (do_auth && do_encr) {
2196 2196 /* dual operation */
2197 2197 /* initialize input data argument */
2198 2198 ESP_INIT_CRYPTO_DUAL_DATA(&ic->ic_crypto_dual_data,
2199 2199 esp_mp, auth_offset, auth_len,
2200 2200 encr_offset, encr_len - icv_len);
2201 2201
2202 2202 /* specify IV */
2203 2203 ic->ic_crypto_dual_data.dd_miscdata = (char *)iv_ptr;
2204 2204
2205 2205 /* call the framework */
2206 2206 kef_rc = crypto_mac_verify_decrypt(&assoc->ipsa_amech,
2207 2207 &assoc->ipsa_emech, &ic->ic_crypto_dual_data,
2208 2208 &assoc->ipsa_kcfauthkey, &assoc->ipsa_kcfencrkey,
2209 2209 auth_ctx_tmpl, encr_ctx_tmpl, &ic->ic_crypto_mac,
2210 2210 NULL, callrp);
2211 2211 }
2212 2212
2213 2213 switch (kef_rc) {
2214 2214 case CRYPTO_SUCCESS:
2215 2215 ESP_BUMP_STAT(espstack, crypto_sync);
2216 2216 esp_mp = esp_in_done(esp_mp, ira, ic);
2217 2217 if (force) {
2218 2218 /* Free mp after we are done with ic */
2219 2219 mp = ipsec_free_crypto_data(mp);
2220 2220 (void) ip_recv_attr_free_mblk(mp);
2221 2221 }
2222 2222 return (esp_mp);
2223 2223 case CRYPTO_QUEUED:
2224 2224 /* esp_kcf_callback_inbound() will be invoked on completion */
2225 2225 ESP_BUMP_STAT(espstack, crypto_async);
2226 2226 return (NULL);
2227 2227 case CRYPTO_INVALID_MAC:
2228 2228 if (force) {
2229 2229 mp = ipsec_free_crypto_data(mp);
2230 2230 esp_mp = ip_recv_attr_free_mblk(mp);
2231 2231 }
2232 2232 ESP_BUMP_STAT(espstack, crypto_sync);
2233 2233 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
2234 2234 esp_log_bad_auth(esp_mp, ira);
2235 2235 /* esp_mp was passed to ip_drop_packet */
2236 2236 return (NULL);
2237 2237 }
2238 2238
2239 2239 if (force) {
2240 2240 mp = ipsec_free_crypto_data(mp);
2241 2241 esp_mp = ip_recv_attr_free_mblk(mp);
2242 2242 }
2243 2243 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
2244 2244 esp_crypto_failed(esp_mp, B_TRUE, kef_rc, ira->ira_ill, espstack);
2245 2245 /* esp_mp was passed to ip_drop_packet */
2246 2246 return (NULL);
2247 2247 }
2248 2248
2249 2249 /*
2250 2250 * Compute the IP and UDP checksums -- common code for both keepalives and
2251 2251 * actual ESP-in-UDP packets. Be flexible with multiple mblks because ESP
2252 2252 * uses mblk-insertion to insert the UDP header.
2253 2253 * TODO - If there is an easy way to prep a packet for HW checksums, make
2254 2254 * it happen here.
2255 2255 * Note that this is used before both before calling ip_output_simple and
2256 2256 * in the esp datapath. The former could use IXAF_SET_ULP_CKSUM but not the
2257 2257 * latter.
2258 2258 */
2259 2259 static void
2260 2260 esp_prepare_udp(netstack_t *ns, mblk_t *mp, ipha_t *ipha)
2261 2261 {
2262 2262 int offset;
2263 2263 uint32_t cksum;
2264 2264 uint16_t *arr;
2265 2265 mblk_t *udpmp = mp;
2266 2266 uint_t hlen = IPH_HDR_LENGTH(ipha);
2267 2267
2268 2268 ASSERT(MBLKL(mp) >= sizeof (ipha_t));
2269 2269
2270 2270 ipha->ipha_hdr_checksum = 0;
2271 2271 ipha->ipha_hdr_checksum = ip_csum_hdr(ipha);
2272 2272
2273 2273 if (ns->netstack_udp->us_do_checksum) {
2274 2274 ASSERT(MBLKL(udpmp) >= sizeof (udpha_t));
2275 2275 /* arr points to the IP header. */
2276 2276 arr = (uint16_t *)ipha;
2277 2277 IP_STAT(ns->netstack_ip, ip_out_sw_cksum);
2278 2278 IP_STAT_UPDATE(ns->netstack_ip, ip_out_sw_cksum_bytes,
2279 2279 ntohs(htons(ipha->ipha_length) - hlen));
2280 2280 /* arr[6-9] are the IP addresses. */
2281 2281 cksum = IP_UDP_CSUM_COMP + arr[6] + arr[7] + arr[8] + arr[9] +
2282 2282 ntohs(htons(ipha->ipha_length) - hlen);
2283 2283 cksum = IP_CSUM(mp, hlen, cksum);
2284 2284 offset = hlen + UDP_CHECKSUM_OFFSET;
2285 2285 while (offset >= MBLKL(udpmp)) {
2286 2286 offset -= MBLKL(udpmp);
2287 2287 udpmp = udpmp->b_cont;
2288 2288 }
2289 2289 /* arr points to the UDP header's checksum field. */
2290 2290 arr = (uint16_t *)(udpmp->b_rptr + offset);
2291 2291 *arr = cksum;
2292 2292 }
2293 2293 }
2294 2294
2295 2295 /*
2296 2296 * taskq handler so we can send the NAT-T keepalive on a separate thread.
2297 2297 */
2298 2298 static void
2299 2299 actually_send_keepalive(void *arg)
2300 2300 {
2301 2301 mblk_t *mp = (mblk_t *)arg;
2302 2302 ip_xmit_attr_t ixas;
2303 2303 netstack_t *ns;
2304 2304 netstackid_t stackid;
2305 2305
2306 2306 stackid = (netstackid_t)(uintptr_t)mp->b_prev;
2307 2307 mp->b_prev = NULL;
2308 2308 ns = netstack_find_by_stackid(stackid);
2309 2309 if (ns == NULL) {
2310 2310 /* Disappeared */
2311 2311 ip_drop_output("ipIfStatsOutDiscards", mp, NULL);
2312 2312 freemsg(mp);
2313 2313 return;
2314 2314 }
2315 2315
2316 2316 bzero(&ixas, sizeof (ixas));
2317 2317 ixas.ixa_zoneid = ALL_ZONES;
2318 2318 ixas.ixa_cred = kcred;
2319 2319 ixas.ixa_cpid = NOPID;
2320 2320 ixas.ixa_tsl = NULL;
2321 2321 ixas.ixa_ipst = ns->netstack_ip;
2322 2322 /* No ULP checksum; done by esp_prepare_udp */
2323 2323 ixas.ixa_flags = (IXAF_IS_IPV4 | IXAF_NO_IPSEC | IXAF_VERIFY_SOURCE);
2324 2324
2325 2325 (void) ip_output_simple(mp, &ixas);
2326 2326 ixa_cleanup(&ixas);
2327 2327 netstack_rele(ns);
2328 2328 }
2329 2329
2330 2330 /*
2331 2331 * Send a one-byte UDP NAT-T keepalive.
2332 2332 */
2333 2333 void
2334 2334 ipsecesp_send_keepalive(ipsa_t *assoc)
2335 2335 {
2336 2336 mblk_t *mp;
2337 2337 ipha_t *ipha;
2338 2338 udpha_t *udpha;
2339 2339 netstack_t *ns = assoc->ipsa_netstack;
2340 2340
2341 2341 ASSERT(MUTEX_NOT_HELD(&assoc->ipsa_lock));
2342 2342
2343 2343 mp = allocb(sizeof (ipha_t) + sizeof (udpha_t) + 1, BPRI_HI);
2344 2344 if (mp == NULL)
2345 2345 return;
2346 2346 ipha = (ipha_t *)mp->b_rptr;
2347 2347 ipha->ipha_version_and_hdr_length = IP_SIMPLE_HDR_VERSION;
2348 2348 ipha->ipha_type_of_service = 0;
2349 2349 ipha->ipha_length = htons(sizeof (ipha_t) + sizeof (udpha_t) + 1);
2350 2350 /* Use the low-16 of the SPI so we have some clue where it came from. */
2351 2351 ipha->ipha_ident = *(((uint16_t *)(&assoc->ipsa_spi)) + 1);
2352 2352 ipha->ipha_fragment_offset_and_flags = 0; /* Too small to fragment! */
2353 2353 ipha->ipha_ttl = 0xFF;
2354 2354 ipha->ipha_protocol = IPPROTO_UDP;
2355 2355 ipha->ipha_hdr_checksum = 0;
2356 2356 ipha->ipha_src = assoc->ipsa_srcaddr[0];
2357 2357 ipha->ipha_dst = assoc->ipsa_dstaddr[0];
2358 2358 udpha = (udpha_t *)(ipha + 1);
2359 2359 udpha->uha_src_port = (assoc->ipsa_local_nat_port != 0) ?
2360 2360 assoc->ipsa_local_nat_port : htons(IPPORT_IKE_NATT);
2361 2361 udpha->uha_dst_port = (assoc->ipsa_remote_nat_port != 0) ?
2362 2362 assoc->ipsa_remote_nat_port : htons(IPPORT_IKE_NATT);
2363 2363 udpha->uha_length = htons(sizeof (udpha_t) + 1);
2364 2364 udpha->uha_checksum = 0;
2365 2365 mp->b_wptr = (uint8_t *)(udpha + 1);
2366 2366 *(mp->b_wptr++) = 0xFF;
2367 2367
2368 2368 esp_prepare_udp(ns, mp, ipha);
2369 2369
2370 2370 /*
2371 2371 * We're holding an isaf_t bucket lock, so pawn off the actual
2372 2372 * packet transmission to another thread. Just in case syncq
2373 2373 * processing causes a same-bucket packet to be processed.
2374 2374 */
2375 2375 mp->b_prev = (mblk_t *)(uintptr_t)ns->netstack_stackid;
2376 2376
2377 2377 if (taskq_dispatch(esp_taskq, actually_send_keepalive, mp,
2378 2378 TQ_NOSLEEP) == 0) {
2379 2379 /* Assume no memory if taskq_dispatch() fails. */
2380 2380 mp->b_prev = NULL;
2381 2381 ip_drop_packet(mp, B_FALSE, NULL,
2382 2382 DROPPER(ns->netstack_ipsec, ipds_esp_nomem),
2383 2383 &ns->netstack_ipsecesp->esp_dropper);
2384 2384 }
2385 2385 }
2386 2386
2387 2387 /*
2388 2388 * Returns mp if successfully completed the request. Returns
2389 2389 * NULL if it failed (and increments InDiscards) or if it is pending.
2390 2390 */
2391 2391 static mblk_t *
2392 2392 esp_submit_req_outbound(mblk_t *data_mp, ip_xmit_attr_t *ixa, ipsa_t *assoc,
2393 2393 uchar_t *icv_buf, uint_t payload_len)
2394 2394 {
2395 2395 uint_t auth_len;
2396 2396 crypto_call_req_t call_req, *callrp;
2397 2397 mblk_t *esp_mp;
2398 2398 esph_t *esph_ptr;
2399 2399 mblk_t *mp;
2400 2400 int kef_rc = CRYPTO_FAILED;
2401 2401 uint_t icv_len = assoc->ipsa_mac_len;
2402 2402 crypto_ctx_template_t auth_ctx_tmpl;
2403 2403 boolean_t do_auth, do_encr, force;
2404 2404 uint_t iv_len = assoc->ipsa_iv_len;
2405 2405 crypto_ctx_template_t encr_ctx_tmpl;
2406 2406 boolean_t is_natt = ((assoc->ipsa_flags & IPSA_F_NATT) != 0);
2407 2407 size_t esph_offset = (is_natt ? UDPH_SIZE : 0);
2408 2408 netstack_t *ns = ixa->ixa_ipst->ips_netstack;
2409 2409 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
2410 2410 ipsec_crypto_t *ic, icstack;
2411 2411 uchar_t *iv_ptr;
2412 2412 crypto_data_t *cd_ptr = NULL;
2413 2413 ill_t *ill = ixa->ixa_nce->nce_ill;
2414 2414 ipsec_stack_t *ipss = ns->netstack_ipsec;
2415 2415
2416 2416 esp3dbg(espstack, ("esp_submit_req_outbound:%s",
2417 2417 is_natt ? "natt" : "not natt"));
2418 2418
2419 2419 do_encr = assoc->ipsa_encr_alg != SADB_EALG_NULL;
2420 2420 do_auth = assoc->ipsa_auth_alg != SADB_AALG_NONE;
2421 2421 force = (assoc->ipsa_flags & IPSA_F_ASYNC);
2422 2422
2423 2423 #ifdef IPSEC_LATENCY_TEST
2424 2424 kef_rc = CRYPTO_SUCCESS;
2425 2425 #else
2426 2426 kef_rc = CRYPTO_FAILED;
2427 2427 #endif
2428 2428
2429 2429 /*
2430 2430 * Outbound IPsec packets are of the form:
2431 2431 * [IP,options] -> [ESP,IV] -> [data] -> [pad,ICV]
2432 2432 * unless it's NATT, then it's
2433 2433 * [IP,options] -> [udp][ESP,IV] -> [data] -> [pad,ICV]
2434 2434 * Get a pointer to the mblk containing the ESP header.
2435 2435 */
2436 2436 ASSERT(data_mp->b_cont != NULL);
2437 2437 esp_mp = data_mp->b_cont;
2438 2438 esph_ptr = (esph_t *)(esp_mp->b_rptr + esph_offset);
2439 2439 iv_ptr = (uchar_t *)(esph_ptr + 1);
2440 2440
2441 2441 /*
2442 2442 * Combined mode algs need a nonce. This is setup in sadb_common_add().
2443 2443 * If for some reason we are using a SA which does not have a nonce
2444 2444 * then we must fail here.
2445 2445 */
2446 2446 if ((assoc->ipsa_flags & IPSA_F_COUNTERMODE) &&
2447 2447 (assoc->ipsa_nonce == NULL)) {
2448 2448 ip_drop_packet(data_mp, B_FALSE, NULL,
2449 2449 DROPPER(ipss, ipds_esp_nomem), &espstack->esp_dropper);
2450 2450 return (NULL);
2451 2451 }
2452 2452
2453 2453 if (force) {
2454 2454 /* We are doing asynch; allocate mblks to hold state */
2455 2455 if ((mp = ip_xmit_attr_to_mblk(ixa)) == NULL ||
2456 2456 (mp = ipsec_add_crypto_data(mp, &ic)) == NULL) {
2457 2457 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
2458 2458 ip_drop_output("ipIfStatsOutDiscards", data_mp, ill);
2459 2459 freemsg(data_mp);
2460 2460 return (NULL);
2461 2461 }
2462 2462
2463 2463 linkb(mp, data_mp);
2464 2464 callrp = &call_req;
2465 2465 ESP_INIT_CALLREQ(callrp, mp, esp_kcf_callback_outbound);
2466 2466 } else {
2467 2467 /*
2468 2468 * If we know we are going to do sync then ipsec_crypto_t
2469 2469 * should be on the stack.
2470 2470 */
2471 2471 ic = &icstack;
2472 2472 bzero(ic, sizeof (*ic));
2473 2473 callrp = NULL;
2474 2474 }
2475 2475
2476 2476
2477 2477 if (do_auth) {
2478 2478 /* authentication context template */
2479 2479 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH,
2480 2480 auth_ctx_tmpl);
2481 2481
2482 2482 /* where to store the computed mac */
2483 2483 ESP_INIT_CRYPTO_MAC(&ic->ic_crypto_mac,
2484 2484 icv_len, icv_buf);
2485 2485
2486 2486 /* authentication starts at the ESP header */
2487 2487 auth_len = payload_len + iv_len + sizeof (esph_t);
2488 2488 if (!do_encr) {
2489 2489 /* authentication only */
2490 2490 /* initialize input data argument */
2491 2491 ESP_INIT_CRYPTO_DATA(&ic->ic_crypto_data,
2492 2492 esp_mp, esph_offset, auth_len);
2493 2493
2494 2494 /* call the crypto framework */
2495 2495 kef_rc = crypto_mac(&assoc->ipsa_amech,
2496 2496 &ic->ic_crypto_data,
2497 2497 &assoc->ipsa_kcfauthkey, auth_ctx_tmpl,
2498 2498 &ic->ic_crypto_mac, callrp);
2499 2499 }
2500 2500 }
2501 2501
2502 2502 if (do_encr) {
2503 2503 /* encryption context template */
2504 2504 IPSEC_CTX_TMPL(assoc, ipsa_encrtmpl, IPSEC_ALG_ENCR,
2505 2505 encr_ctx_tmpl);
2506 2506 /* Call the nonce update function. */
2507 2507 (assoc->ipsa_noncefunc)(assoc, (uchar_t *)esph_ptr, payload_len,
2508 2508 iv_ptr, &ic->ic_cmm, &ic->ic_crypto_data);
2509 2509
2510 2510 if (!do_auth) {
2511 2511 /* encryption only, skip mblk that contains ESP hdr */
2512 2512 /* initialize input data argument */
2513 2513 ESP_INIT_CRYPTO_DATA(&ic->ic_crypto_data,
2514 2514 esp_mp->b_cont, 0, payload_len);
2515 2515
2516 2516 /*
2517 2517 * For combined mode ciphers, the ciphertext is the same
2518 2518 * size as the clear text, the ICV should follow the
2519 2519 * ciphertext. To convince the kcf to allow in-line
2520 2520 * encryption, with an ICV, use ipsec_out_crypto_mac
2521 2521 * to point to the same buffer as the data. The calling
2522 2522 * function need to ensure the buffer is large enough to
2523 2523 * include the ICV.
2524 2524 *
2525 2525 * The IV is already written to the packet buffer, the
2526 2526 * nonce setup function copied it to the params struct
2527 2527 * for the cipher to use.
2528 2528 */
2529 2529 if (assoc->ipsa_flags & IPSA_F_COMBINED) {
2530 2530 bcopy(&ic->ic_crypto_data,
2531 2531 &ic->ic_crypto_mac,
2532 2532 sizeof (crypto_data_t));
2533 2533 ic->ic_crypto_mac.cd_length =
2534 2534 payload_len + icv_len;
2535 2535 cd_ptr = &ic->ic_crypto_mac;
2536 2536 }
2537 2537
2538 2538 /* call the crypto framework */
2539 2539 kef_rc = crypto_encrypt((crypto_mechanism_t *)
2540 2540 &ic->ic_cmm, &ic->ic_crypto_data,
2541 2541 &assoc->ipsa_kcfencrkey, encr_ctx_tmpl,
2542 2542 cd_ptr, callrp);
2543 2543
2544 2544 }
2545 2545 }
2546 2546
2547 2547 if (do_auth && do_encr) {
2548 2548 /*
2549 2549 * Encryption and authentication:
2550 2550 * Pass the pointer to the mblk chain starting at the ESP
2551 2551 * header to the framework. Skip the ESP header mblk
2552 2552 * for encryption, which is reflected by an encryption
2553 2553 * offset equal to the length of that mblk. Start
2554 2554 * the authentication at the ESP header, i.e. use an
2555 2555 * authentication offset of zero.
2556 2556 */
2557 2557 ESP_INIT_CRYPTO_DUAL_DATA(&ic->ic_crypto_dual_data,
2558 2558 esp_mp, MBLKL(esp_mp), payload_len, esph_offset, auth_len);
2559 2559
2560 2560 /* specify IV */
2561 2561 ic->ic_crypto_dual_data.dd_miscdata = (char *)iv_ptr;
2562 2562
2563 2563 /* call the framework */
2564 2564 kef_rc = crypto_encrypt_mac(&assoc->ipsa_emech,
2565 2565 &assoc->ipsa_amech, NULL,
2566 2566 &assoc->ipsa_kcfencrkey, &assoc->ipsa_kcfauthkey,
2567 2567 encr_ctx_tmpl, auth_ctx_tmpl,
2568 2568 &ic->ic_crypto_dual_data,
2569 2569 &ic->ic_crypto_mac, callrp);
2570 2570 }
2571 2571
2572 2572 switch (kef_rc) {
2573 2573 case CRYPTO_SUCCESS:
2574 2574 ESP_BUMP_STAT(espstack, crypto_sync);
2575 2575 esp_set_usetime(assoc, B_FALSE);
2576 2576 if (force) {
2577 2577 mp = ipsec_free_crypto_data(mp);
2578 2578 data_mp = ip_xmit_attr_free_mblk(mp);
2579 2579 }
2580 2580 if (is_natt)
2581 2581 esp_prepare_udp(ns, data_mp, (ipha_t *)data_mp->b_rptr);
2582 2582 return (data_mp);
2583 2583 case CRYPTO_QUEUED:
2584 2584 /* esp_kcf_callback_outbound() will be invoked on completion */
2585 2585 ESP_BUMP_STAT(espstack, crypto_async);
2586 2586 return (NULL);
2587 2587 }
2588 2588
2589 2589 if (force) {
2590 2590 mp = ipsec_free_crypto_data(mp);
2591 2591 data_mp = ip_xmit_attr_free_mblk(mp);
2592 2592 }
2593 2593 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
2594 2594 esp_crypto_failed(data_mp, B_FALSE, kef_rc, NULL, espstack);
2595 2595 /* data_mp was passed to ip_drop_packet */
2596 2596 return (NULL);
2597 2597 }
2598 2598
2599 2599 /*
2600 2600 * Handle outbound IPsec processing for IPv4 and IPv6
2601 2601 *
2602 2602 * Returns data_mp if successfully completed the request. Returns
2603 2603 * NULL if it failed (and increments InDiscards) or if it is pending.
2604 2604 */
2605 2605 static mblk_t *
2606 2606 esp_outbound(mblk_t *data_mp, ip_xmit_attr_t *ixa)
2607 2607 {
2608 2608 mblk_t *espmp, *tailmp;
2609 2609 ipha_t *ipha;
2610 2610 ip6_t *ip6h;
2611 2611 esph_t *esph_ptr, *iv_ptr;
2612 2612 uint_t af;
2613 2613 uint8_t *nhp;
2614 2614 uintptr_t divpoint, datalen, adj, padlen, i, alloclen;
2615 2615 uintptr_t esplen = sizeof (esph_t);
2616 2616 uint8_t protocol;
2617 2617 ipsa_t *assoc;
2618 2618 uint_t iv_len, block_size, mac_len = 0;
2619 2619 uchar_t *icv_buf;
2620 2620 udpha_t *udpha;
2621 2621 boolean_t is_natt = B_FALSE;
2622 2622 netstack_t *ns = ixa->ixa_ipst->ips_netstack;
2623 2623 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
2624 2624 ipsec_stack_t *ipss = ns->netstack_ipsec;
2625 2625 ill_t *ill = ixa->ixa_nce->nce_ill;
2626 2626 boolean_t need_refrele = B_FALSE;
2627 2627
2628 2628 ESP_BUMP_STAT(espstack, out_requests);
2629 2629
2630 2630 /*
2631 2631 * <sigh> We have to copy the message here, because TCP (for example)
2632 2632 * keeps a dupb() of the message lying around for retransmission.
2633 2633 * Since ESP changes the whole of the datagram, we have to create our
2634 2634 * own copy lest we clobber TCP's data. Since we have to copy anyway,
2635 2635 * we might as well make use of msgpullup() and get the mblk into one
2636 2636 * contiguous piece!
2637 2637 */
2638 2638 tailmp = msgpullup(data_mp, -1);
2639 2639 if (tailmp == NULL) {
2640 2640 esp0dbg(("esp_outbound: msgpullup() failed, "
2641 2641 "dropping packet.\n"));
2642 2642 ip_drop_packet(data_mp, B_FALSE, ill,
2643 2643 DROPPER(ipss, ipds_esp_nomem),
2644 2644 &espstack->esp_dropper);
2645 2645 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
2646 2646 return (NULL);
2647 2647 }
2648 2648 freemsg(data_mp);
2649 2649 data_mp = tailmp;
2650 2650
2651 2651 assoc = ixa->ixa_ipsec_esp_sa;
2652 2652 ASSERT(assoc != NULL);
2653 2653
2654 2654 /*
2655 2655 * Get the outer IP header in shape to escape this system..
2656 2656 */
2657 2657 if (is_system_labeled() && (assoc->ipsa_otsl != NULL)) {
2658 2658 /*
2659 2659 * Need to update packet with any CIPSO option and update
2660 2660 * ixa_tsl to capture the new label.
2661 2661 * We allocate a separate ixa for that purpose.
2662 2662 */
2663 2663 ixa = ip_xmit_attr_duplicate(ixa);
2664 2664 if (ixa == NULL) {
2665 2665 ip_drop_packet(data_mp, B_FALSE, ill,
2666 2666 DROPPER(ipss, ipds_esp_nomem),
2667 2667 &espstack->esp_dropper);
2668 2668 return (NULL);
2669 2669 }
2670 2670 need_refrele = B_TRUE;
2671 2671
2672 2672 label_hold(assoc->ipsa_otsl);
2673 2673 ip_xmit_attr_replace_tsl(ixa, assoc->ipsa_otsl);
2674 2674
2675 2675 data_mp = sadb_whack_label(data_mp, assoc, ixa,
2676 2676 DROPPER(ipss, ipds_esp_nomem), &espstack->esp_dropper);
2677 2677 if (data_mp == NULL) {
2678 2678 /* Packet dropped by sadb_whack_label */
2679 2679 ixa_refrele(ixa);
2680 2680 return (NULL);
2681 2681 }
2682 2682 }
2683 2683
2684 2684 /*
2685 2685 * Reality check....
2686 2686 */
2687 2687 ipha = (ipha_t *)data_mp->b_rptr; /* So we can call esp_acquire(). */
2688 2688
2689 2689 if (ixa->ixa_flags & IXAF_IS_IPV4) {
2690 2690 ASSERT(IPH_HDR_VERSION(ipha) == IPV4_VERSION);
2691 2691
2692 2692 af = AF_INET;
2693 2693 divpoint = IPH_HDR_LENGTH(ipha);
2694 2694 datalen = ntohs(ipha->ipha_length) - divpoint;
2695 2695 nhp = (uint8_t *)&ipha->ipha_protocol;
2696 2696 } else {
2697 2697 ip_pkt_t ipp;
2698 2698
2699 2699 ASSERT(IPH_HDR_VERSION(ipha) == IPV6_VERSION);
2700 2700
2701 2701 af = AF_INET6;
2702 2702 ip6h = (ip6_t *)ipha;
2703 2703 bzero(&ipp, sizeof (ipp));
2704 2704 divpoint = ip_find_hdr_v6(data_mp, ip6h, B_FALSE, &ipp, NULL);
2705 2705 if (ipp.ipp_dstopts != NULL &&
2706 2706 ipp.ipp_dstopts->ip6d_nxt != IPPROTO_ROUTING) {
2707 2707 /*
2708 2708 * Destination options are tricky. If we get in here,
2709 2709 * then we have a terminal header following the
2710 2710 * destination options. We need to adjust backwards
2711 2711 * so we insert ESP BEFORE the destination options
2712 2712 * bag. (So that the dstopts get encrypted!)
2713 2713 *
2714 2714 * Since this is for outbound packets only, we know
2715 2715 * that non-terminal destination options only precede
2716 2716 * routing headers.
2717 2717 */
2718 2718 divpoint -= ipp.ipp_dstoptslen;
2719 2719 }
2720 2720 datalen = ntohs(ip6h->ip6_plen) + sizeof (ip6_t) - divpoint;
2721 2721
2722 2722 if (ipp.ipp_rthdr != NULL) {
2723 2723 nhp = &ipp.ipp_rthdr->ip6r_nxt;
2724 2724 } else if (ipp.ipp_hopopts != NULL) {
2725 2725 nhp = &ipp.ipp_hopopts->ip6h_nxt;
2726 2726 } else {
2727 2727 ASSERT(divpoint == sizeof (ip6_t));
2728 2728 /* It's probably IP + ESP. */
2729 2729 nhp = &ip6h->ip6_nxt;
2730 2730 }
2731 2731 }
2732 2732
2733 2733 mac_len = assoc->ipsa_mac_len;
2734 2734
2735 2735 if (assoc->ipsa_flags & IPSA_F_NATT) {
2736 2736 /* wedge in UDP header */
2737 2737 is_natt = B_TRUE;
2738 2738 esplen += UDPH_SIZE;
2739 2739 }
2740 2740
2741 2741 /*
2742 2742 * Set up ESP header and encryption padding for ENCR PI request.
2743 2743 */
2744 2744
2745 2745 /* Determine the padding length. Pad to 4-bytes for no-encryption. */
2746 2746 if (assoc->ipsa_encr_alg != SADB_EALG_NULL) {
2747 2747 iv_len = assoc->ipsa_iv_len;
2748 2748 block_size = assoc->ipsa_datalen;
2749 2749
2750 2750 /*
2751 2751 * Pad the data to the length of the cipher block size.
2752 2752 * Include the two additional bytes (hence the - 2) for the
2753 2753 * padding length and the next header. Take this into account
2754 2754 * when calculating the actual length of the padding.
2755 2755 */
2756 2756 ASSERT(ISP2(iv_len));
2757 2757 padlen = ((unsigned)(block_size - datalen - 2)) &
2758 2758 (block_size - 1);
2759 2759 } else {
2760 2760 iv_len = 0;
2761 2761 padlen = ((unsigned)(sizeof (uint32_t) - datalen - 2)) &
2762 2762 (sizeof (uint32_t) - 1);
2763 2763 }
2764 2764
2765 2765 /* Allocate ESP header and IV. */
2766 2766 esplen += iv_len;
2767 2767
2768 2768 /*
2769 2769 * Update association byte-count lifetimes. Don't forget to take
2770 2770 * into account the padding length and next-header (hence the + 2).
2771 2771 *
2772 2772 * Use the amount of data fed into the "encryption algorithm". This
2773 2773 * is the IV, the data length, the padding length, and the final two
2774 2774 * bytes (padlen, and next-header).
2775 2775 *
2776 2776 */
2777 2777
2778 2778 if (!esp_age_bytes(assoc, datalen + padlen + iv_len + 2, B_FALSE)) {
2779 2779 ip_drop_packet(data_mp, B_FALSE, ill,
2780 2780 DROPPER(ipss, ipds_esp_bytes_expire),
2781 2781 &espstack->esp_dropper);
2782 2782 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
2783 2783 if (need_refrele)
2784 2784 ixa_refrele(ixa);
2785 2785 return (NULL);
2786 2786 }
2787 2787
2788 2788 espmp = allocb(esplen, BPRI_HI);
2789 2789 if (espmp == NULL) {
2790 2790 ESP_BUMP_STAT(espstack, out_discards);
2791 2791 esp1dbg(espstack, ("esp_outbound: can't allocate espmp.\n"));
2792 2792 ip_drop_packet(data_mp, B_FALSE, ill,
2793 2793 DROPPER(ipss, ipds_esp_nomem),
2794 2794 &espstack->esp_dropper);
2795 2795 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
2796 2796 if (need_refrele)
2797 2797 ixa_refrele(ixa);
2798 2798 return (NULL);
2799 2799 }
2800 2800 espmp->b_wptr += esplen;
2801 2801 esph_ptr = (esph_t *)espmp->b_rptr;
2802 2802
2803 2803 if (is_natt) {
2804 2804 esp3dbg(espstack, ("esp_outbound: NATT"));
2805 2805
2806 2806 udpha = (udpha_t *)espmp->b_rptr;
2807 2807 udpha->uha_src_port = (assoc->ipsa_local_nat_port != 0) ?
2808 2808 assoc->ipsa_local_nat_port : htons(IPPORT_IKE_NATT);
2809 2809 udpha->uha_dst_port = (assoc->ipsa_remote_nat_port != 0) ?
2810 2810 assoc->ipsa_remote_nat_port : htons(IPPORT_IKE_NATT);
↓ open down ↓ |
2810 lines elided |
↑ open up ↑ |
2811 2811 /*
2812 2812 * Set the checksum to 0, so that the esp_prepare_udp() call
2813 2813 * can do the right thing.
2814 2814 */
2815 2815 udpha->uha_checksum = 0;
2816 2816 esph_ptr = (esph_t *)(udpha + 1);
2817 2817 }
2818 2818
2819 2819 esph_ptr->esph_spi = assoc->ipsa_spi;
2820 2820
2821 - esph_ptr->esph_replay = htonl(atomic_add_32_nv(&assoc->ipsa_replay, 1));
2821 + esph_ptr->esph_replay = htonl(atomic_inc_32_nv(&assoc->ipsa_replay));
2822 2822 if (esph_ptr->esph_replay == 0 && assoc->ipsa_replay_wsize != 0) {
2823 2823 /*
2824 2824 * XXX We have replay counter wrapping.
2825 2825 * We probably want to nuke this SA (and its peer).
2826 2826 */
2827 2827 ipsec_assocfailure(info.mi_idnum, 0, 0,
2828 2828 SL_ERROR | SL_CONSOLE | SL_WARN,
2829 2829 "Outbound ESP SA (0x%x, %s) has wrapped sequence.\n",
2830 2830 esph_ptr->esph_spi, assoc->ipsa_dstaddr, af,
2831 2831 espstack->ipsecesp_netstack);
2832 2832
2833 2833 ESP_BUMP_STAT(espstack, out_discards);
2834 2834 sadb_replay_delete(assoc);
2835 2835 ip_drop_packet(data_mp, B_FALSE, ill,
2836 2836 DROPPER(ipss, ipds_esp_replay),
2837 2837 &espstack->esp_dropper);
2838 2838 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
2839 2839 if (need_refrele)
2840 2840 ixa_refrele(ixa);
2841 2841 return (NULL);
2842 2842 }
2843 2843
2844 2844 iv_ptr = (esph_ptr + 1);
2845 2845 /*
2846 2846 * iv_ptr points to the mblk which will contain the IV once we have
2847 2847 * written it there. This mblk will be part of a mblk chain that
2848 2848 * will make up the packet.
2849 2849 *
2850 2850 * For counter mode algorithms, the IV is a 64 bit quantity, it
2851 2851 * must NEVER repeat in the lifetime of the SA, otherwise an
2852 2852 * attacker who had recorded enough packets might be able to
2853 2853 * determine some clear text.
2854 2854 *
2855 2855 * To ensure this does not happen, the IV is stored in the SA and
2856 2856 * incremented for each packet, the IV is then copied into the
2857 2857 * "packet" for transmission to the receiving system. The IV will
2858 2858 * also be copied into the nonce, when the packet is encrypted.
2859 2859 *
2860 2860 * CBC mode algorithms use a random IV for each packet. We do not
2861 2861 * require the highest quality random bits, but for best security
2862 2862 * with CBC mode ciphers, the value must be unlikely to repeat and
2863 2863 * must not be known in advance to an adversary capable of influencing
2864 2864 * the clear text.
2865 2865 */
2866 2866 if (!update_iv((uint8_t *)iv_ptr, espstack->esp_pfkey_q, assoc,
2867 2867 espstack)) {
2868 2868 ip_drop_packet(data_mp, B_FALSE, ill,
2869 2869 DROPPER(ipss, ipds_esp_iv_wrap), &espstack->esp_dropper);
2870 2870 if (need_refrele)
2871 2871 ixa_refrele(ixa);
2872 2872 return (NULL);
2873 2873 }
2874 2874
2875 2875 /* Fix the IP header. */
2876 2876 alloclen = padlen + 2 + mac_len;
2877 2877 adj = alloclen + (espmp->b_wptr - espmp->b_rptr);
2878 2878
2879 2879 protocol = *nhp;
2880 2880
2881 2881 if (ixa->ixa_flags & IXAF_IS_IPV4) {
2882 2882 ipha->ipha_length = htons(ntohs(ipha->ipha_length) + adj);
2883 2883 if (is_natt) {
2884 2884 *nhp = IPPROTO_UDP;
2885 2885 udpha->uha_length = htons(ntohs(ipha->ipha_length) -
2886 2886 IPH_HDR_LENGTH(ipha));
2887 2887 } else {
2888 2888 *nhp = IPPROTO_ESP;
2889 2889 }
2890 2890 ipha->ipha_hdr_checksum = 0;
2891 2891 ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha);
2892 2892 } else {
2893 2893 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) + adj);
2894 2894 *nhp = IPPROTO_ESP;
2895 2895 }
2896 2896
2897 2897 /* I've got the two ESP mblks, now insert them. */
2898 2898
2899 2899 esp2dbg(espstack, ("data_mp before outbound ESP adjustment:\n"));
2900 2900 esp2dbg(espstack, (dump_msg(data_mp)));
2901 2901
2902 2902 if (!esp_insert_esp(data_mp, espmp, divpoint, espstack)) {
2903 2903 ESP_BUMP_STAT(espstack, out_discards);
2904 2904 /* NOTE: esp_insert_esp() only fails if there's no memory. */
2905 2905 ip_drop_packet(data_mp, B_FALSE, ill,
2906 2906 DROPPER(ipss, ipds_esp_nomem),
2907 2907 &espstack->esp_dropper);
2908 2908 freeb(espmp);
2909 2909 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
2910 2910 if (need_refrele)
2911 2911 ixa_refrele(ixa);
2912 2912 return (NULL);
2913 2913 }
2914 2914
2915 2915 /* Append padding (and leave room for ICV). */
2916 2916 for (tailmp = data_mp; tailmp->b_cont != NULL; tailmp = tailmp->b_cont)
2917 2917 ;
2918 2918 if (tailmp->b_wptr + alloclen > tailmp->b_datap->db_lim) {
2919 2919 tailmp->b_cont = allocb(alloclen, BPRI_HI);
2920 2920 if (tailmp->b_cont == NULL) {
2921 2921 ESP_BUMP_STAT(espstack, out_discards);
2922 2922 esp0dbg(("esp_outbound: Can't allocate tailmp.\n"));
2923 2923 ip_drop_packet(data_mp, B_FALSE, ill,
2924 2924 DROPPER(ipss, ipds_esp_nomem),
2925 2925 &espstack->esp_dropper);
2926 2926 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
2927 2927 if (need_refrele)
2928 2928 ixa_refrele(ixa);
2929 2929 return (NULL);
2930 2930 }
2931 2931 tailmp = tailmp->b_cont;
2932 2932 }
2933 2933
2934 2934 /*
2935 2935 * If there's padding, N bytes of padding must be of the form 0x1,
2936 2936 * 0x2, 0x3... 0xN.
2937 2937 */
2938 2938 for (i = 0; i < padlen; ) {
2939 2939 i++;
2940 2940 *tailmp->b_wptr++ = i;
2941 2941 }
2942 2942 *tailmp->b_wptr++ = i;
2943 2943 *tailmp->b_wptr++ = protocol;
2944 2944
2945 2945 esp2dbg(espstack, ("data_Mp before encryption:\n"));
2946 2946 esp2dbg(espstack, (dump_msg(data_mp)));
2947 2947
2948 2948 /*
2949 2949 * Okay. I've set up the pre-encryption ESP. Let's do it!
2950 2950 */
2951 2951
2952 2952 if (mac_len > 0) {
2953 2953 ASSERT(tailmp->b_wptr + mac_len <= tailmp->b_datap->db_lim);
2954 2954 icv_buf = tailmp->b_wptr;
2955 2955 tailmp->b_wptr += mac_len;
2956 2956 } else {
2957 2957 icv_buf = NULL;
2958 2958 }
2959 2959
2960 2960 data_mp = esp_submit_req_outbound(data_mp, ixa, assoc, icv_buf,
2961 2961 datalen + padlen + 2);
2962 2962 if (need_refrele)
2963 2963 ixa_refrele(ixa);
2964 2964 return (data_mp);
2965 2965 }
2966 2966
2967 2967 /*
2968 2968 * IP calls this to validate the ICMP errors that
2969 2969 * we got from the network.
2970 2970 */
2971 2971 mblk_t *
2972 2972 ipsecesp_icmp_error(mblk_t *data_mp, ip_recv_attr_t *ira)
2973 2973 {
2974 2974 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack;
2975 2975 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
2976 2976 ipsec_stack_t *ipss = ns->netstack_ipsec;
2977 2977
2978 2978 /*
2979 2979 * Unless we get an entire packet back, this function is useless.
2980 2980 * Why?
2981 2981 *
2982 2982 * 1.) Partial packets are useless, because the "next header"
2983 2983 * is at the end of the decrypted ESP packet. Without the
2984 2984 * whole packet, this is useless.
2985 2985 *
2986 2986 * 2.) If we every use a stateful cipher, such as a stream or a
2987 2987 * one-time pad, we can't do anything.
2988 2988 *
2989 2989 * Since the chances of us getting an entire packet back are very
2990 2990 * very small, we discard here.
2991 2991 */
2992 2992 IP_ESP_BUMP_STAT(ipss, in_discards);
2993 2993 ip_drop_packet(data_mp, B_TRUE, ira->ira_ill,
2994 2994 DROPPER(ipss, ipds_esp_icmp),
2995 2995 &espstack->esp_dropper);
2996 2996 return (NULL);
2997 2997 }
2998 2998
2999 2999 /*
3000 3000 * Construct an SADB_REGISTER message with the current algorithms.
3001 3001 * This function gets called when 'ipsecalgs -s' is run or when
3002 3002 * in.iked (or other KMD) starts.
3003 3003 */
3004 3004 static boolean_t
3005 3005 esp_register_out(uint32_t sequence, uint32_t pid, uint_t serial,
3006 3006 ipsecesp_stack_t *espstack, cred_t *cr)
3007 3007 {
3008 3008 mblk_t *pfkey_msg_mp, *keysock_out_mp;
3009 3009 sadb_msg_t *samsg;
3010 3010 sadb_supported_t *sasupp_auth = NULL;
3011 3011 sadb_supported_t *sasupp_encr = NULL;
3012 3012 sadb_alg_t *saalg;
3013 3013 uint_t allocsize = sizeof (*samsg);
3014 3014 uint_t i, numalgs_snap;
3015 3015 int current_aalgs;
3016 3016 ipsec_alginfo_t **authalgs;
3017 3017 uint_t num_aalgs;
3018 3018 int current_ealgs;
3019 3019 ipsec_alginfo_t **encralgs;
3020 3020 uint_t num_ealgs;
3021 3021 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec;
3022 3022 sadb_sens_t *sens;
3023 3023 size_t sens_len = 0;
3024 3024 sadb_ext_t *nextext;
3025 3025 ts_label_t *sens_tsl = NULL;
3026 3026
3027 3027 /* Allocate the KEYSOCK_OUT. */
3028 3028 keysock_out_mp = sadb_keysock_out(serial);
3029 3029 if (keysock_out_mp == NULL) {
3030 3030 esp0dbg(("esp_register_out: couldn't allocate mblk.\n"));
3031 3031 return (B_FALSE);
3032 3032 }
3033 3033
3034 3034 if (is_system_labeled() && (cr != NULL)) {
3035 3035 sens_tsl = crgetlabel(cr);
3036 3036 if (sens_tsl != NULL) {
3037 3037 sens_len = sadb_sens_len_from_label(sens_tsl);
3038 3038 allocsize += sens_len;
3039 3039 }
3040 3040 }
3041 3041
3042 3042 /*
3043 3043 * Allocate the PF_KEY message that follows KEYSOCK_OUT.
3044 3044 */
3045 3045
3046 3046 mutex_enter(&ipss->ipsec_alg_lock);
3047 3047 /*
3048 3048 * Fill SADB_REGISTER message's algorithm descriptors. Hold
3049 3049 * down the lock while filling it.
3050 3050 *
3051 3051 * Return only valid algorithms, so the number of algorithms
3052 3052 * to send up may be less than the number of algorithm entries
3053 3053 * in the table.
3054 3054 */
3055 3055 authalgs = ipss->ipsec_alglists[IPSEC_ALG_AUTH];
3056 3056 for (num_aalgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++)
3057 3057 if (authalgs[i] != NULL && ALG_VALID(authalgs[i]))
3058 3058 num_aalgs++;
3059 3059
3060 3060 if (num_aalgs != 0) {
3061 3061 allocsize += (num_aalgs * sizeof (*saalg));
3062 3062 allocsize += sizeof (*sasupp_auth);
3063 3063 }
3064 3064 encralgs = ipss->ipsec_alglists[IPSEC_ALG_ENCR];
3065 3065 for (num_ealgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++)
3066 3066 if (encralgs[i] != NULL && ALG_VALID(encralgs[i]))
3067 3067 num_ealgs++;
3068 3068
3069 3069 if (num_ealgs != 0) {
3070 3070 allocsize += (num_ealgs * sizeof (*saalg));
3071 3071 allocsize += sizeof (*sasupp_encr);
3072 3072 }
3073 3073 keysock_out_mp->b_cont = allocb(allocsize, BPRI_HI);
3074 3074 if (keysock_out_mp->b_cont == NULL) {
3075 3075 mutex_exit(&ipss->ipsec_alg_lock);
3076 3076 freemsg(keysock_out_mp);
3077 3077 return (B_FALSE);
3078 3078 }
3079 3079 pfkey_msg_mp = keysock_out_mp->b_cont;
3080 3080 pfkey_msg_mp->b_wptr += allocsize;
3081 3081
3082 3082 nextext = (sadb_ext_t *)(pfkey_msg_mp->b_rptr + sizeof (*samsg));
3083 3083
3084 3084 if (num_aalgs != 0) {
3085 3085 sasupp_auth = (sadb_supported_t *)nextext;
3086 3086 saalg = (sadb_alg_t *)(sasupp_auth + 1);
3087 3087
3088 3088 ASSERT(((ulong_t)saalg & 0x7) == 0);
3089 3089
3090 3090 numalgs_snap = 0;
3091 3091 for (i = 0;
3092 3092 ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_aalgs));
3093 3093 i++) {
3094 3094 if (authalgs[i] == NULL || !ALG_VALID(authalgs[i]))
3095 3095 continue;
3096 3096
3097 3097 saalg->sadb_alg_id = authalgs[i]->alg_id;
3098 3098 saalg->sadb_alg_ivlen = 0;
3099 3099 saalg->sadb_alg_minbits = authalgs[i]->alg_ef_minbits;
3100 3100 saalg->sadb_alg_maxbits = authalgs[i]->alg_ef_maxbits;
3101 3101 saalg->sadb_x_alg_increment =
3102 3102 authalgs[i]->alg_increment;
3103 3103 saalg->sadb_x_alg_saltbits = SADB_8TO1(
3104 3104 authalgs[i]->alg_saltlen);
3105 3105 numalgs_snap++;
3106 3106 saalg++;
3107 3107 }
3108 3108 ASSERT(numalgs_snap == num_aalgs);
3109 3109 #ifdef DEBUG
3110 3110 /*
3111 3111 * Reality check to make sure I snagged all of the
3112 3112 * algorithms.
3113 3113 */
3114 3114 for (; i < IPSEC_MAX_ALGS; i++) {
3115 3115 if (authalgs[i] != NULL && ALG_VALID(authalgs[i])) {
3116 3116 cmn_err(CE_PANIC, "esp_register_out()! "
3117 3117 "Missed aalg #%d.\n", i);
3118 3118 }
3119 3119 }
3120 3120 #endif /* DEBUG */
3121 3121 nextext = (sadb_ext_t *)saalg;
3122 3122 }
3123 3123
3124 3124 if (num_ealgs != 0) {
3125 3125 sasupp_encr = (sadb_supported_t *)nextext;
3126 3126 saalg = (sadb_alg_t *)(sasupp_encr + 1);
3127 3127
3128 3128 numalgs_snap = 0;
3129 3129 for (i = 0;
3130 3130 ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_ealgs)); i++) {
3131 3131 if (encralgs[i] == NULL || !ALG_VALID(encralgs[i]))
3132 3132 continue;
3133 3133 saalg->sadb_alg_id = encralgs[i]->alg_id;
3134 3134 saalg->sadb_alg_ivlen = encralgs[i]->alg_ivlen;
3135 3135 saalg->sadb_alg_minbits = encralgs[i]->alg_ef_minbits;
3136 3136 saalg->sadb_alg_maxbits = encralgs[i]->alg_ef_maxbits;
3137 3137 /*
3138 3138 * We could advertise the ICV length, except there
3139 3139 * is not a value in sadb_x_algb to do this.
3140 3140 * saalg->sadb_alg_maclen = encralgs[i]->alg_maclen;
3141 3141 */
3142 3142 saalg->sadb_x_alg_increment =
3143 3143 encralgs[i]->alg_increment;
3144 3144 saalg->sadb_x_alg_saltbits =
3145 3145 SADB_8TO1(encralgs[i]->alg_saltlen);
3146 3146
3147 3147 numalgs_snap++;
3148 3148 saalg++;
3149 3149 }
3150 3150 ASSERT(numalgs_snap == num_ealgs);
3151 3151 #ifdef DEBUG
3152 3152 /*
3153 3153 * Reality check to make sure I snagged all of the
3154 3154 * algorithms.
3155 3155 */
3156 3156 for (; i < IPSEC_MAX_ALGS; i++) {
3157 3157 if (encralgs[i] != NULL && ALG_VALID(encralgs[i])) {
3158 3158 cmn_err(CE_PANIC, "esp_register_out()! "
3159 3159 "Missed ealg #%d.\n", i);
3160 3160 }
3161 3161 }
3162 3162 #endif /* DEBUG */
3163 3163 nextext = (sadb_ext_t *)saalg;
3164 3164 }
3165 3165
3166 3166 current_aalgs = num_aalgs;
3167 3167 current_ealgs = num_ealgs;
3168 3168
3169 3169 mutex_exit(&ipss->ipsec_alg_lock);
3170 3170
3171 3171 if (sens_tsl != NULL) {
3172 3172 sens = (sadb_sens_t *)nextext;
3173 3173 sadb_sens_from_label(sens, SADB_EXT_SENSITIVITY,
3174 3174 sens_tsl, sens_len);
3175 3175
3176 3176 nextext = (sadb_ext_t *)(((uint8_t *)sens) + sens_len);
3177 3177 }
3178 3178
3179 3179 /* Now fill the rest of the SADB_REGISTER message. */
3180 3180
3181 3181 samsg = (sadb_msg_t *)pfkey_msg_mp->b_rptr;
3182 3182 samsg->sadb_msg_version = PF_KEY_V2;
3183 3183 samsg->sadb_msg_type = SADB_REGISTER;
3184 3184 samsg->sadb_msg_errno = 0;
3185 3185 samsg->sadb_msg_satype = SADB_SATYPE_ESP;
3186 3186 samsg->sadb_msg_len = SADB_8TO64(allocsize);
3187 3187 samsg->sadb_msg_reserved = 0;
3188 3188 /*
3189 3189 * Assume caller has sufficient sequence/pid number info. If it's one
3190 3190 * from me over a new alg., I could give two hoots about sequence.
3191 3191 */
3192 3192 samsg->sadb_msg_seq = sequence;
3193 3193 samsg->sadb_msg_pid = pid;
3194 3194
3195 3195 if (sasupp_auth != NULL) {
3196 3196 sasupp_auth->sadb_supported_len = SADB_8TO64(
3197 3197 sizeof (*sasupp_auth) + sizeof (*saalg) * current_aalgs);
3198 3198 sasupp_auth->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
3199 3199 sasupp_auth->sadb_supported_reserved = 0;
3200 3200 }
3201 3201
3202 3202 if (sasupp_encr != NULL) {
3203 3203 sasupp_encr->sadb_supported_len = SADB_8TO64(
3204 3204 sizeof (*sasupp_encr) + sizeof (*saalg) * current_ealgs);
3205 3205 sasupp_encr->sadb_supported_exttype =
3206 3206 SADB_EXT_SUPPORTED_ENCRYPT;
3207 3207 sasupp_encr->sadb_supported_reserved = 0;
3208 3208 }
3209 3209
3210 3210 if (espstack->esp_pfkey_q != NULL)
3211 3211 putnext(espstack->esp_pfkey_q, keysock_out_mp);
3212 3212 else {
3213 3213 freemsg(keysock_out_mp);
3214 3214 return (B_FALSE);
3215 3215 }
3216 3216
3217 3217 return (B_TRUE);
3218 3218 }
3219 3219
3220 3220 /*
3221 3221 * Invoked when the algorithm table changes. Causes SADB_REGISTER
3222 3222 * messages continaining the current list of algorithms to be
3223 3223 * sent up to the ESP listeners.
3224 3224 */
3225 3225 void
3226 3226 ipsecesp_algs_changed(netstack_t *ns)
3227 3227 {
3228 3228 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
3229 3229
3230 3230 /*
3231 3231 * Time to send a PF_KEY SADB_REGISTER message to ESP listeners
3232 3232 * everywhere. (The function itself checks for NULL esp_pfkey_q.)
3233 3233 */
3234 3234 (void) esp_register_out(0, 0, 0, espstack, NULL);
3235 3235 }
3236 3236
3237 3237 /*
3238 3238 * Stub function that taskq_dispatch() invokes to take the mblk (in arg)
3239 3239 * and send() it into ESP and IP again.
3240 3240 */
3241 3241 static void
3242 3242 inbound_task(void *arg)
3243 3243 {
3244 3244 mblk_t *mp = (mblk_t *)arg;
3245 3245 mblk_t *async_mp;
3246 3246 ip_recv_attr_t iras;
3247 3247
3248 3248 async_mp = mp;
3249 3249 mp = async_mp->b_cont;
3250 3250 async_mp->b_cont = NULL;
3251 3251 if (!ip_recv_attr_from_mblk(async_mp, &iras)) {
3252 3252 /* The ill or ip_stack_t disappeared on us */
3253 3253 ip_drop_input("ip_recv_attr_from_mblk", mp, NULL);
3254 3254 freemsg(mp);
3255 3255 goto done;
3256 3256 }
3257 3257
3258 3258 esp_inbound_restart(mp, &iras);
3259 3259 done:
3260 3260 ira_cleanup(&iras, B_TRUE);
3261 3261 }
3262 3262
3263 3263 /*
3264 3264 * Restart ESP after the SA has been added.
3265 3265 */
3266 3266 static void
3267 3267 esp_inbound_restart(mblk_t *mp, ip_recv_attr_t *ira)
3268 3268 {
3269 3269 esph_t *esph;
3270 3270 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack;
3271 3271 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
3272 3272
3273 3273 esp2dbg(espstack, ("in ESP inbound_task"));
3274 3274 ASSERT(espstack != NULL);
3275 3275
3276 3276 mp = ipsec_inbound_esp_sa(mp, ira, &esph);
3277 3277 if (mp == NULL)
3278 3278 return;
3279 3279
3280 3280 ASSERT(esph != NULL);
3281 3281 ASSERT(ira->ira_flags & IRAF_IPSEC_SECURE);
3282 3282 ASSERT(ira->ira_ipsec_esp_sa != NULL);
3283 3283
3284 3284 mp = ira->ira_ipsec_esp_sa->ipsa_input_func(mp, esph, ira);
3285 3285 if (mp == NULL) {
3286 3286 /*
3287 3287 * Either it failed or is pending. In the former case
3288 3288 * ipIfStatsInDiscards was increased.
3289 3289 */
3290 3290 return;
3291 3291 }
3292 3292
3293 3293 ip_input_post_ipsec(mp, ira);
3294 3294 }
3295 3295
3296 3296 /*
3297 3297 * Now that weak-key passed, actually ADD the security association, and
3298 3298 * send back a reply ADD message.
3299 3299 */
3300 3300 static int
3301 3301 esp_add_sa_finish(mblk_t *mp, sadb_msg_t *samsg, keysock_in_t *ksi,
3302 3302 int *diagnostic, ipsecesp_stack_t *espstack)
3303 3303 {
3304 3304 isaf_t *primary = NULL, *secondary;
3305 3305 boolean_t clone = B_FALSE, is_inbound = B_FALSE;
3306 3306 ipsa_t *larval = NULL;
3307 3307 ipsacq_t *acqrec;
3308 3308 iacqf_t *acq_bucket;
3309 3309 mblk_t *acq_msgs = NULL;
3310 3310 int rc;
3311 3311 mblk_t *lpkt;
3312 3312 int error;
3313 3313 ipsa_query_t sq;
3314 3314 ipsec_stack_t *ipss = espstack->ipsecesp_netstack->netstack_ipsec;
3315 3315
3316 3316 /*
3317 3317 * Locate the appropriate table(s).
3318 3318 */
3319 3319 sq.spp = &espstack->esp_sadb; /* XXX */
3320 3320 error = sadb_form_query(ksi, IPSA_Q_SA|IPSA_Q_DST,
3321 3321 IPSA_Q_SA|IPSA_Q_DST|IPSA_Q_INBOUND|IPSA_Q_OUTBOUND,
3322 3322 &sq, diagnostic);
3323 3323 if (error)
3324 3324 return (error);
3325 3325
3326 3326 /*
3327 3327 * Use the direction flags provided by the KMD to determine
3328 3328 * if the inbound or outbound table should be the primary
3329 3329 * for this SA. If these flags were absent then make this
3330 3330 * decision based on the addresses.
3331 3331 */
3332 3332 if (sq.assoc->sadb_sa_flags & IPSA_F_INBOUND) {
3333 3333 primary = sq.inbound;
3334 3334 secondary = sq.outbound;
3335 3335 is_inbound = B_TRUE;
3336 3336 if (sq.assoc->sadb_sa_flags & IPSA_F_OUTBOUND)
3337 3337 clone = B_TRUE;
3338 3338 } else if (sq.assoc->sadb_sa_flags & IPSA_F_OUTBOUND) {
3339 3339 primary = sq.outbound;
3340 3340 secondary = sq.inbound;
3341 3341 }
3342 3342
3343 3343 if (primary == NULL) {
3344 3344 /*
3345 3345 * The KMD did not set a direction flag, determine which
3346 3346 * table to insert the SA into based on addresses.
3347 3347 */
3348 3348 switch (ksi->ks_in_dsttype) {
3349 3349 case KS_IN_ADDR_MBCAST:
3350 3350 clone = B_TRUE; /* All mcast SAs can be bidirectional */
3351 3351 sq.assoc->sadb_sa_flags |= IPSA_F_OUTBOUND;
3352 3352 /* FALLTHRU */
3353 3353 /*
3354 3354 * If the source address is either one of mine, or unspecified
3355 3355 * (which is best summed up by saying "not 'not mine'"),
3356 3356 * then the association is potentially bi-directional,
3357 3357 * in that it can be used for inbound traffic and outbound
3358 3358 * traffic. The best example of such an SA is a multicast
3359 3359 * SA (which allows me to receive the outbound traffic).
3360 3360 */
3361 3361 case KS_IN_ADDR_ME:
3362 3362 sq.assoc->sadb_sa_flags |= IPSA_F_INBOUND;
3363 3363 primary = sq.inbound;
3364 3364 secondary = sq.outbound;
3365 3365 if (ksi->ks_in_srctype != KS_IN_ADDR_NOTME)
3366 3366 clone = B_TRUE;
3367 3367 is_inbound = B_TRUE;
3368 3368 break;
3369 3369 /*
3370 3370 * If the source address literally not mine (either
3371 3371 * unspecified or not mine), then this SA may have an
3372 3372 * address that WILL be mine after some configuration.
3373 3373 * We pay the price for this by making it a bi-directional
3374 3374 * SA.
3375 3375 */
3376 3376 case KS_IN_ADDR_NOTME:
3377 3377 sq.assoc->sadb_sa_flags |= IPSA_F_OUTBOUND;
3378 3378 primary = sq.outbound;
3379 3379 secondary = sq.inbound;
3380 3380 if (ksi->ks_in_srctype != KS_IN_ADDR_ME) {
3381 3381 sq.assoc->sadb_sa_flags |= IPSA_F_INBOUND;
3382 3382 clone = B_TRUE;
3383 3383 }
3384 3384 break;
3385 3385 default:
3386 3386 *diagnostic = SADB_X_DIAGNOSTIC_BAD_DST;
3387 3387 return (EINVAL);
3388 3388 }
3389 3389 }
3390 3390
3391 3391 /*
3392 3392 * Find a ACQUIRE list entry if possible. If we've added an SA that
3393 3393 * suits the needs of an ACQUIRE list entry, we can eliminate the
3394 3394 * ACQUIRE list entry and transmit the enqueued packets. Use the
3395 3395 * high-bit of the sequence number to queue it. Key off destination
3396 3396 * addr, and change acqrec's state.
3397 3397 */
3398 3398
3399 3399 if (samsg->sadb_msg_seq & IACQF_LOWEST_SEQ) {
3400 3400 acq_bucket = &(sq.sp->sdb_acq[sq.outhash]);
3401 3401 mutex_enter(&acq_bucket->iacqf_lock);
3402 3402 for (acqrec = acq_bucket->iacqf_ipsacq; acqrec != NULL;
3403 3403 acqrec = acqrec->ipsacq_next) {
3404 3404 mutex_enter(&acqrec->ipsacq_lock);
3405 3405 /*
3406 3406 * Q: I only check sequence. Should I check dst?
3407 3407 * A: Yes, check dest because those are the packets
3408 3408 * that are queued up.
3409 3409 */
3410 3410 if (acqrec->ipsacq_seq == samsg->sadb_msg_seq &&
3411 3411 IPSA_ARE_ADDR_EQUAL(sq.dstaddr,
3412 3412 acqrec->ipsacq_dstaddr, acqrec->ipsacq_addrfam))
3413 3413 break;
3414 3414 mutex_exit(&acqrec->ipsacq_lock);
3415 3415 }
3416 3416 if (acqrec != NULL) {
3417 3417 /*
3418 3418 * AHA! I found an ACQUIRE record for this SA.
3419 3419 * Grab the msg list, and free the acquire record.
3420 3420 * I already am holding the lock for this record,
3421 3421 * so all I have to do is free it.
3422 3422 */
3423 3423 acq_msgs = acqrec->ipsacq_mp;
3424 3424 acqrec->ipsacq_mp = NULL;
3425 3425 mutex_exit(&acqrec->ipsacq_lock);
3426 3426 sadb_destroy_acquire(acqrec,
3427 3427 espstack->ipsecesp_netstack);
3428 3428 }
3429 3429 mutex_exit(&acq_bucket->iacqf_lock);
3430 3430 }
3431 3431
3432 3432 /*
3433 3433 * Find PF_KEY message, and see if I'm an update. If so, find entry
3434 3434 * in larval list (if there).
3435 3435 */
3436 3436 if (samsg->sadb_msg_type == SADB_UPDATE) {
3437 3437 mutex_enter(&sq.inbound->isaf_lock);
3438 3438 larval = ipsec_getassocbyspi(sq.inbound, sq.assoc->sadb_sa_spi,
3439 3439 ALL_ZEROES_PTR, sq.dstaddr, sq.dst->sin_family);
3440 3440 mutex_exit(&sq.inbound->isaf_lock);
3441 3441
3442 3442 if ((larval == NULL) ||
3443 3443 (larval->ipsa_state != IPSA_STATE_LARVAL)) {
3444 3444 *diagnostic = SADB_X_DIAGNOSTIC_SA_NOTFOUND;
3445 3445 if (larval != NULL) {
3446 3446 IPSA_REFRELE(larval);
3447 3447 }
3448 3448 esp0dbg(("Larval update, but larval disappeared.\n"));
3449 3449 return (ESRCH);
3450 3450 } /* Else sadb_common_add unlinks it for me! */
3451 3451 }
3452 3452
3453 3453 if (larval != NULL) {
3454 3454 /*
3455 3455 * Hold again, because sadb_common_add() consumes a reference,
3456 3456 * and we don't want to clear_lpkt() without a reference.
3457 3457 */
3458 3458 IPSA_REFHOLD(larval);
3459 3459 }
3460 3460
3461 3461 rc = sadb_common_add(espstack->esp_pfkey_q,
3462 3462 mp, samsg, ksi, primary, secondary, larval, clone, is_inbound,
3463 3463 diagnostic, espstack->ipsecesp_netstack, &espstack->esp_sadb);
3464 3464
3465 3465 if (larval != NULL) {
3466 3466 if (rc == 0) {
3467 3467 lpkt = sadb_clear_lpkt(larval);
3468 3468 if (lpkt != NULL) {
3469 3469 rc = !taskq_dispatch(esp_taskq, inbound_task,
3470 3470 lpkt, TQ_NOSLEEP);
3471 3471 }
3472 3472 }
3473 3473 IPSA_REFRELE(larval);
3474 3474 }
3475 3475
3476 3476 /*
3477 3477 * How much more stack will I create with all of these
3478 3478 * esp_outbound() calls?
3479 3479 */
3480 3480
3481 3481 /* Handle the packets queued waiting for the SA */
3482 3482 while (acq_msgs != NULL) {
3483 3483 mblk_t *asyncmp;
3484 3484 mblk_t *data_mp;
3485 3485 ip_xmit_attr_t ixas;
3486 3486 ill_t *ill;
3487 3487
3488 3488 asyncmp = acq_msgs;
3489 3489 acq_msgs = acq_msgs->b_next;
3490 3490 asyncmp->b_next = NULL;
3491 3491
3492 3492 /*
3493 3493 * Extract the ip_xmit_attr_t from the first mblk.
3494 3494 * Verifies that the netstack and ill is still around; could
3495 3495 * have vanished while iked was doing its work.
3496 3496 * On succesful return we have a nce_t and the ill/ipst can't
3497 3497 * disappear until we do the nce_refrele in ixa_cleanup.
3498 3498 */
3499 3499 data_mp = asyncmp->b_cont;
3500 3500 asyncmp->b_cont = NULL;
3501 3501 if (!ip_xmit_attr_from_mblk(asyncmp, &ixas)) {
3502 3502 ESP_BUMP_STAT(espstack, out_discards);
3503 3503 ip_drop_packet(data_mp, B_FALSE, NULL,
3504 3504 DROPPER(ipss, ipds_sadb_acquire_timeout),
3505 3505 &espstack->esp_dropper);
3506 3506 } else if (rc != 0) {
3507 3507 ill = ixas.ixa_nce->nce_ill;
3508 3508 ESP_BUMP_STAT(espstack, out_discards);
3509 3509 ip_drop_packet(data_mp, B_FALSE, ill,
3510 3510 DROPPER(ipss, ipds_sadb_acquire_timeout),
3511 3511 &espstack->esp_dropper);
3512 3512 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
3513 3513 } else {
3514 3514 esp_outbound_finish(data_mp, &ixas);
3515 3515 }
3516 3516 ixa_cleanup(&ixas);
3517 3517 }
3518 3518
3519 3519 return (rc);
3520 3520 }
3521 3521
3522 3522 /*
3523 3523 * Process one of the queued messages (from ipsacq_mp) once the SA
3524 3524 * has been added.
3525 3525 */
3526 3526 static void
3527 3527 esp_outbound_finish(mblk_t *data_mp, ip_xmit_attr_t *ixa)
3528 3528 {
3529 3529 netstack_t *ns = ixa->ixa_ipst->ips_netstack;
3530 3530 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
3531 3531 ipsec_stack_t *ipss = ns->netstack_ipsec;
3532 3532 ill_t *ill = ixa->ixa_nce->nce_ill;
3533 3533
3534 3534 if (!ipsec_outbound_sa(data_mp, ixa, IPPROTO_ESP)) {
3535 3535 ESP_BUMP_STAT(espstack, out_discards);
3536 3536 ip_drop_packet(data_mp, B_FALSE, ill,
3537 3537 DROPPER(ipss, ipds_sadb_acquire_timeout),
3538 3538 &espstack->esp_dropper);
3539 3539 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
3540 3540 return;
3541 3541 }
3542 3542
3543 3543 data_mp = esp_outbound(data_mp, ixa);
3544 3544 if (data_mp == NULL)
3545 3545 return;
3546 3546
3547 3547 /* do AH processing if needed */
3548 3548 data_mp = esp_do_outbound_ah(data_mp, ixa);
3549 3549 if (data_mp == NULL)
3550 3550 return;
3551 3551
3552 3552 (void) ip_output_post_ipsec(data_mp, ixa);
3553 3553 }
3554 3554
3555 3555 /*
3556 3556 * Add new ESP security association. This may become a generic AH/ESP
3557 3557 * routine eventually.
3558 3558 */
3559 3559 static int
3560 3560 esp_add_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic, netstack_t *ns)
3561 3561 {
3562 3562 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
3563 3563 sadb_address_t *srcext =
3564 3564 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC];
3565 3565 sadb_address_t *dstext =
3566 3566 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
3567 3567 sadb_address_t *isrcext =
3568 3568 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_INNER_SRC];
3569 3569 sadb_address_t *idstext =
3570 3570 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_INNER_DST];
3571 3571 sadb_address_t *nttext_loc =
3572 3572 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_NATT_LOC];
3573 3573 sadb_address_t *nttext_rem =
3574 3574 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_NATT_REM];
3575 3575 sadb_key_t *akey = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_AUTH];
3576 3576 sadb_key_t *ekey = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_ENCRYPT];
3577 3577 struct sockaddr_in *src, *dst;
3578 3578 struct sockaddr_in *natt_loc, *natt_rem;
3579 3579 struct sockaddr_in6 *natt_loc6, *natt_rem6;
3580 3580 sadb_lifetime_t *soft =
3581 3581 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_SOFT];
3582 3582 sadb_lifetime_t *hard =
3583 3583 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_HARD];
3584 3584 sadb_lifetime_t *idle =
3585 3585 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_X_EXT_LIFETIME_IDLE];
3586 3586 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
3587 3587 ipsec_stack_t *ipss = ns->netstack_ipsec;
3588 3588
3589 3589
3590 3590
3591 3591 /* I need certain extensions present for an ADD message. */
3592 3592 if (srcext == NULL) {
3593 3593 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SRC;
3594 3594 return (EINVAL);
3595 3595 }
3596 3596 if (dstext == NULL) {
3597 3597 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST;
3598 3598 return (EINVAL);
3599 3599 }
3600 3600 if (isrcext == NULL && idstext != NULL) {
3601 3601 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_INNER_SRC;
3602 3602 return (EINVAL);
3603 3603 }
3604 3604 if (isrcext != NULL && idstext == NULL) {
3605 3605 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_INNER_DST;
3606 3606 return (EINVAL);
3607 3607 }
3608 3608 if (assoc == NULL) {
3609 3609 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA;
3610 3610 return (EINVAL);
3611 3611 }
3612 3612 if (ekey == NULL && assoc->sadb_sa_encrypt != SADB_EALG_NULL) {
3613 3613 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_EKEY;
3614 3614 return (EINVAL);
3615 3615 }
3616 3616
3617 3617 src = (struct sockaddr_in *)(srcext + 1);
3618 3618 dst = (struct sockaddr_in *)(dstext + 1);
3619 3619 natt_loc = (struct sockaddr_in *)(nttext_loc + 1);
3620 3620 natt_loc6 = (struct sockaddr_in6 *)(nttext_loc + 1);
3621 3621 natt_rem = (struct sockaddr_in *)(nttext_rem + 1);
3622 3622 natt_rem6 = (struct sockaddr_in6 *)(nttext_rem + 1);
3623 3623
3624 3624 /* Sundry ADD-specific reality checks. */
3625 3625 /* XXX STATS : Logging/stats here? */
3626 3626
3627 3627 if ((assoc->sadb_sa_state != SADB_SASTATE_MATURE) &&
3628 3628 (assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE_ELSEWHERE)) {
3629 3629 *diagnostic = SADB_X_DIAGNOSTIC_BAD_SASTATE;
3630 3630 return (EINVAL);
3631 3631 }
3632 3632 if (assoc->sadb_sa_encrypt == SADB_EALG_NONE) {
3633 3633 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG;
3634 3634 return (EINVAL);
3635 3635 }
3636 3636
3637 3637 #ifndef IPSEC_LATENCY_TEST
3638 3638 if (assoc->sadb_sa_encrypt == SADB_EALG_NULL &&
3639 3639 assoc->sadb_sa_auth == SADB_AALG_NONE) {
3640 3640 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG;
3641 3641 return (EINVAL);
3642 3642 }
3643 3643 #endif
3644 3644
3645 3645 if (assoc->sadb_sa_flags & ~espstack->esp_sadb.s_addflags) {
3646 3646 *diagnostic = SADB_X_DIAGNOSTIC_BAD_SAFLAGS;
3647 3647 return (EINVAL);
3648 3648 }
3649 3649
3650 3650 if ((*diagnostic = sadb_hardsoftchk(hard, soft, idle)) != 0) {
3651 3651 return (EINVAL);
3652 3652 }
3653 3653 ASSERT(src->sin_family == dst->sin_family);
3654 3654
3655 3655 if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_LOC) {
3656 3656 if (nttext_loc == NULL) {
3657 3657 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_NATT_LOC;
3658 3658 return (EINVAL);
3659 3659 }
3660 3660
3661 3661 if (natt_loc->sin_family == AF_INET6 &&
3662 3662 !IN6_IS_ADDR_V4MAPPED(&natt_loc6->sin6_addr)) {
3663 3663 *diagnostic = SADB_X_DIAGNOSTIC_MALFORMED_NATT_LOC;
3664 3664 return (EINVAL);
3665 3665 }
3666 3666 }
3667 3667
3668 3668 if (assoc->sadb_sa_flags & SADB_X_SAFLAGS_NATT_REM) {
3669 3669 if (nttext_rem == NULL) {
3670 3670 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_NATT_REM;
3671 3671 return (EINVAL);
3672 3672 }
3673 3673 if (natt_rem->sin_family == AF_INET6 &&
3674 3674 !IN6_IS_ADDR_V4MAPPED(&natt_rem6->sin6_addr)) {
3675 3675 *diagnostic = SADB_X_DIAGNOSTIC_MALFORMED_NATT_REM;
3676 3676 return (EINVAL);
3677 3677 }
3678 3678 }
3679 3679
3680 3680
3681 3681 /* Stuff I don't support, for now. XXX Diagnostic? */
3682 3682 if (ksi->ks_in_extv[SADB_EXT_LIFETIME_CURRENT] != NULL)
3683 3683 return (EOPNOTSUPP);
3684 3684
3685 3685 if ((*diagnostic = sadb_labelchk(ksi)) != 0)
3686 3686 return (EINVAL);
3687 3687
3688 3688 /*
3689 3689 * XXX Policy : I'm not checking identities at this time,
3690 3690 * but if I did, I'd do them here, before I sent
3691 3691 * the weak key check up to the algorithm.
3692 3692 */
3693 3693
3694 3694 mutex_enter(&ipss->ipsec_alg_lock);
3695 3695
3696 3696 /*
3697 3697 * First locate the authentication algorithm.
3698 3698 */
3699 3699 #ifdef IPSEC_LATENCY_TEST
3700 3700 if (akey != NULL && assoc->sadb_sa_auth != SADB_AALG_NONE) {
3701 3701 #else
3702 3702 if (akey != NULL) {
3703 3703 #endif
3704 3704 ipsec_alginfo_t *aalg;
3705 3705
3706 3706 aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH]
3707 3707 [assoc->sadb_sa_auth];
3708 3708 if (aalg == NULL || !ALG_VALID(aalg)) {
3709 3709 mutex_exit(&ipss->ipsec_alg_lock);
3710 3710 esp1dbg(espstack, ("Couldn't find auth alg #%d.\n",
3711 3711 assoc->sadb_sa_auth));
3712 3712 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG;
3713 3713 return (EINVAL);
3714 3714 }
3715 3715
3716 3716 /*
3717 3717 * Sanity check key sizes.
3718 3718 * Note: It's not possible to use SADB_AALG_NONE because
3719 3719 * this auth_alg is not defined with ALG_FLAG_VALID. If this
3720 3720 * ever changes, the same check for SADB_AALG_NONE and
3721 3721 * a auth_key != NULL should be made here ( see below).
3722 3722 */
3723 3723 if (!ipsec_valid_key_size(akey->sadb_key_bits, aalg)) {
3724 3724 mutex_exit(&ipss->ipsec_alg_lock);
3725 3725 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AKEYBITS;
3726 3726 return (EINVAL);
3727 3727 }
3728 3728 ASSERT(aalg->alg_mech_type != CRYPTO_MECHANISM_INVALID);
3729 3729
3730 3730 /* check key and fix parity if needed */
3731 3731 if (ipsec_check_key(aalg->alg_mech_type, akey, B_TRUE,
3732 3732 diagnostic) != 0) {
3733 3733 mutex_exit(&ipss->ipsec_alg_lock);
3734 3734 return (EINVAL);
3735 3735 }
3736 3736 }
3737 3737
3738 3738 /*
3739 3739 * Then locate the encryption algorithm.
3740 3740 */
3741 3741 if (ekey != NULL) {
3742 3742 uint_t keybits;
3743 3743 ipsec_alginfo_t *ealg;
3744 3744
3745 3745 ealg = ipss->ipsec_alglists[IPSEC_ALG_ENCR]
3746 3746 [assoc->sadb_sa_encrypt];
3747 3747 if (ealg == NULL || !ALG_VALID(ealg)) {
3748 3748 mutex_exit(&ipss->ipsec_alg_lock);
3749 3749 esp1dbg(espstack, ("Couldn't find encr alg #%d.\n",
3750 3750 assoc->sadb_sa_encrypt));
3751 3751 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG;
3752 3752 return (EINVAL);
3753 3753 }
3754 3754
3755 3755 /*
3756 3756 * Sanity check key sizes. If the encryption algorithm is
3757 3757 * SADB_EALG_NULL but the encryption key is NOT
3758 3758 * NULL then complain.
3759 3759 *
3760 3760 * The keying material includes salt bits if required by
3761 3761 * algorithm and optionally the Initial IV, check the
3762 3762 * length of whats left.
3763 3763 */
3764 3764 keybits = ekey->sadb_key_bits;
3765 3765 keybits -= ekey->sadb_key_reserved;
3766 3766 keybits -= SADB_8TO1(ealg->alg_saltlen);
3767 3767 if ((assoc->sadb_sa_encrypt == SADB_EALG_NULL) ||
3768 3768 (!ipsec_valid_key_size(keybits, ealg))) {
3769 3769 mutex_exit(&ipss->ipsec_alg_lock);
3770 3770 *diagnostic = SADB_X_DIAGNOSTIC_BAD_EKEYBITS;
3771 3771 return (EINVAL);
3772 3772 }
3773 3773 ASSERT(ealg->alg_mech_type != CRYPTO_MECHANISM_INVALID);
3774 3774
3775 3775 /* check key */
3776 3776 if (ipsec_check_key(ealg->alg_mech_type, ekey, B_FALSE,
3777 3777 diagnostic) != 0) {
3778 3778 mutex_exit(&ipss->ipsec_alg_lock);
3779 3779 return (EINVAL);
3780 3780 }
3781 3781 }
3782 3782 mutex_exit(&ipss->ipsec_alg_lock);
3783 3783
3784 3784 return (esp_add_sa_finish(mp, (sadb_msg_t *)mp->b_cont->b_rptr, ksi,
3785 3785 diagnostic, espstack));
3786 3786 }
3787 3787
3788 3788 /*
3789 3789 * Update a security association. Updates come in two varieties. The first
3790 3790 * is an update of lifetimes on a non-larval SA. The second is an update of
3791 3791 * a larval SA, which ends up looking a lot more like an add.
3792 3792 */
3793 3793 static int
3794 3794 esp_update_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic,
3795 3795 ipsecesp_stack_t *espstack, uint8_t sadb_msg_type)
3796 3796 {
3797 3797 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
3798 3798 mblk_t *buf_pkt;
3799 3799 int rcode;
3800 3800
3801 3801 sadb_address_t *dstext =
3802 3802 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
3803 3803
3804 3804 if (dstext == NULL) {
3805 3805 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST;
3806 3806 return (EINVAL);
3807 3807 }
3808 3808
3809 3809 rcode = sadb_update_sa(mp, ksi, &buf_pkt, &espstack->esp_sadb,
3810 3810 diagnostic, espstack->esp_pfkey_q, esp_add_sa,
3811 3811 espstack->ipsecesp_netstack, sadb_msg_type);
3812 3812
3813 3813 if ((assoc->sadb_sa_state != SADB_X_SASTATE_ACTIVE) ||
3814 3814 (rcode != 0)) {
3815 3815 return (rcode);
3816 3816 }
3817 3817
3818 3818 HANDLE_BUF_PKT(esp_taskq, espstack->ipsecesp_netstack->netstack_ipsec,
3819 3819 espstack->esp_dropper, buf_pkt);
3820 3820
3821 3821 return (rcode);
3822 3822 }
3823 3823
3824 3824 /* XXX refactor me */
3825 3825 /*
3826 3826 * Delete a security association. This is REALLY likely to be code common to
3827 3827 * both AH and ESP. Find the association, then unlink it.
3828 3828 */
3829 3829 static int
3830 3830 esp_del_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic,
3831 3831 ipsecesp_stack_t *espstack, uint8_t sadb_msg_type)
3832 3832 {
3833 3833 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
3834 3834 sadb_address_t *dstext =
3835 3835 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
3836 3836 sadb_address_t *srcext =
3837 3837 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC];
3838 3838 struct sockaddr_in *sin;
3839 3839
3840 3840 if (assoc == NULL) {
3841 3841 if (dstext != NULL) {
3842 3842 sin = (struct sockaddr_in *)(dstext + 1);
3843 3843 } else if (srcext != NULL) {
3844 3844 sin = (struct sockaddr_in *)(srcext + 1);
3845 3845 } else {
3846 3846 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA;
3847 3847 return (EINVAL);
3848 3848 }
3849 3849 return (sadb_purge_sa(mp, ksi,
3850 3850 (sin->sin_family == AF_INET6) ? &espstack->esp_sadb.s_v6 :
3851 3851 &espstack->esp_sadb.s_v4, diagnostic,
3852 3852 espstack->esp_pfkey_q));
3853 3853 }
3854 3854
3855 3855 return (sadb_delget_sa(mp, ksi, &espstack->esp_sadb, diagnostic,
3856 3856 espstack->esp_pfkey_q, sadb_msg_type));
3857 3857 }
3858 3858
3859 3859 /* XXX refactor me */
3860 3860 /*
3861 3861 * Convert the entire contents of all of ESP's SA tables into PF_KEY SADB_DUMP
3862 3862 * messages.
3863 3863 */
3864 3864 static void
3865 3865 esp_dump(mblk_t *mp, keysock_in_t *ksi, ipsecesp_stack_t *espstack)
3866 3866 {
3867 3867 int error;
3868 3868 sadb_msg_t *samsg;
3869 3869
3870 3870 /*
3871 3871 * Dump each fanout, bailing if error is non-zero.
3872 3872 */
3873 3873
3874 3874 error = sadb_dump(espstack->esp_pfkey_q, mp, ksi,
3875 3875 &espstack->esp_sadb.s_v4);
3876 3876 if (error != 0)
3877 3877 goto bail;
3878 3878
3879 3879 error = sadb_dump(espstack->esp_pfkey_q, mp, ksi,
3880 3880 &espstack->esp_sadb.s_v6);
3881 3881 bail:
3882 3882 ASSERT(mp->b_cont != NULL);
3883 3883 samsg = (sadb_msg_t *)mp->b_cont->b_rptr;
3884 3884 samsg->sadb_msg_errno = (uint8_t)error;
3885 3885 sadb_pfkey_echo(espstack->esp_pfkey_q, mp,
3886 3886 (sadb_msg_t *)mp->b_cont->b_rptr, ksi, NULL);
3887 3887 }
3888 3888
3889 3889 /*
3890 3890 * First-cut reality check for an inbound PF_KEY message.
3891 3891 */
3892 3892 static boolean_t
3893 3893 esp_pfkey_reality_failures(mblk_t *mp, keysock_in_t *ksi,
3894 3894 ipsecesp_stack_t *espstack)
3895 3895 {
3896 3896 int diagnostic;
3897 3897
3898 3898 if (ksi->ks_in_extv[SADB_EXT_PROPOSAL] != NULL) {
3899 3899 diagnostic = SADB_X_DIAGNOSTIC_PROP_PRESENT;
3900 3900 goto badmsg;
3901 3901 }
3902 3902 if (ksi->ks_in_extv[SADB_EXT_SUPPORTED_AUTH] != NULL ||
3903 3903 ksi->ks_in_extv[SADB_EXT_SUPPORTED_ENCRYPT] != NULL) {
3904 3904 diagnostic = SADB_X_DIAGNOSTIC_SUPP_PRESENT;
3905 3905 goto badmsg;
3906 3906 }
3907 3907 return (B_FALSE); /* False ==> no failures */
3908 3908
3909 3909 badmsg:
3910 3910 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL, diagnostic,
3911 3911 ksi->ks_in_serial);
3912 3912 return (B_TRUE); /* True ==> failures */
3913 3913 }
3914 3914
3915 3915 /*
3916 3916 * ESP parsing of PF_KEY messages. Keysock did most of the really silly
3917 3917 * error cases. What I receive is a fully-formed, syntactically legal
3918 3918 * PF_KEY message. I then need to check semantics...
3919 3919 *
3920 3920 * This code may become common to AH and ESP. Stay tuned.
3921 3921 *
3922 3922 * I also make the assumption that db_ref's are cool. If this assumption
3923 3923 * is wrong, this means that someone other than keysock or me has been
3924 3924 * mucking with PF_KEY messages.
3925 3925 */
3926 3926 static void
3927 3927 esp_parse_pfkey(mblk_t *mp, ipsecesp_stack_t *espstack)
3928 3928 {
3929 3929 mblk_t *msg = mp->b_cont;
3930 3930 sadb_msg_t *samsg;
3931 3931 keysock_in_t *ksi;
3932 3932 int error;
3933 3933 int diagnostic = SADB_X_DIAGNOSTIC_NONE;
3934 3934
3935 3935 ASSERT(msg != NULL);
3936 3936
3937 3937 samsg = (sadb_msg_t *)msg->b_rptr;
3938 3938 ksi = (keysock_in_t *)mp->b_rptr;
3939 3939
3940 3940 /*
3941 3941 * If applicable, convert unspecified AF_INET6 to unspecified
3942 3942 * AF_INET. And do other address reality checks.
3943 3943 */
3944 3944 if (!sadb_addrfix(ksi, espstack->esp_pfkey_q, mp,
3945 3945 espstack->ipsecesp_netstack) ||
3946 3946 esp_pfkey_reality_failures(mp, ksi, espstack)) {
3947 3947 return;
3948 3948 }
3949 3949
3950 3950 switch (samsg->sadb_msg_type) {
3951 3951 case SADB_ADD:
3952 3952 error = esp_add_sa(mp, ksi, &diagnostic,
3953 3953 espstack->ipsecesp_netstack);
3954 3954 if (error != 0) {
3955 3955 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error,
3956 3956 diagnostic, ksi->ks_in_serial);
3957 3957 }
3958 3958 /* else esp_add_sa() took care of things. */
3959 3959 break;
3960 3960 case SADB_DELETE:
3961 3961 case SADB_X_DELPAIR:
3962 3962 case SADB_X_DELPAIR_STATE:
3963 3963 error = esp_del_sa(mp, ksi, &diagnostic, espstack,
3964 3964 samsg->sadb_msg_type);
3965 3965 if (error != 0) {
3966 3966 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error,
3967 3967 diagnostic, ksi->ks_in_serial);
3968 3968 }
3969 3969 /* Else esp_del_sa() took care of things. */
3970 3970 break;
3971 3971 case SADB_GET:
3972 3972 error = sadb_delget_sa(mp, ksi, &espstack->esp_sadb,
3973 3973 &diagnostic, espstack->esp_pfkey_q, samsg->sadb_msg_type);
3974 3974 if (error != 0) {
3975 3975 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error,
3976 3976 diagnostic, ksi->ks_in_serial);
3977 3977 }
3978 3978 /* Else sadb_get_sa() took care of things. */
3979 3979 break;
3980 3980 case SADB_FLUSH:
3981 3981 sadbp_flush(&espstack->esp_sadb, espstack->ipsecesp_netstack);
3982 3982 sadb_pfkey_echo(espstack->esp_pfkey_q, mp, samsg, ksi, NULL);
3983 3983 break;
3984 3984 case SADB_REGISTER:
3985 3985 /*
3986 3986 * Hmmm, let's do it! Check for extensions (there should
3987 3987 * be none), extract the fields, call esp_register_out(),
3988 3988 * then either free or report an error.
3989 3989 *
3990 3990 * Keysock takes care of the PF_KEY bookkeeping for this.
3991 3991 */
3992 3992 if (esp_register_out(samsg->sadb_msg_seq, samsg->sadb_msg_pid,
3993 3993 ksi->ks_in_serial, espstack, msg_getcred(mp, NULL))) {
3994 3994 freemsg(mp);
3995 3995 } else {
3996 3996 /*
3997 3997 * Only way this path hits is if there is a memory
3998 3998 * failure. It will not return B_FALSE because of
3999 3999 * lack of esp_pfkey_q if I am in wput().
4000 4000 */
4001 4001 sadb_pfkey_error(espstack->esp_pfkey_q, mp, ENOMEM,
4002 4002 diagnostic, ksi->ks_in_serial);
4003 4003 }
4004 4004 break;
4005 4005 case SADB_UPDATE:
4006 4006 case SADB_X_UPDATEPAIR:
4007 4007 /*
4008 4008 * Find a larval, if not there, find a full one and get
4009 4009 * strict.
4010 4010 */
4011 4011 error = esp_update_sa(mp, ksi, &diagnostic, espstack,
4012 4012 samsg->sadb_msg_type);
4013 4013 if (error != 0) {
4014 4014 sadb_pfkey_error(espstack->esp_pfkey_q, mp, error,
4015 4015 diagnostic, ksi->ks_in_serial);
4016 4016 }
4017 4017 /* else esp_update_sa() took care of things. */
4018 4018 break;
4019 4019 case SADB_GETSPI:
4020 4020 /*
4021 4021 * Reserve a new larval entry.
4022 4022 */
4023 4023 esp_getspi(mp, ksi, espstack);
4024 4024 break;
4025 4025 case SADB_ACQUIRE:
4026 4026 /*
4027 4027 * Find larval and/or ACQUIRE record and kill it (them), I'm
4028 4028 * most likely an error. Inbound ACQUIRE messages should only
4029 4029 * have the base header.
4030 4030 */
4031 4031 sadb_in_acquire(samsg, &espstack->esp_sadb,
4032 4032 espstack->esp_pfkey_q, espstack->ipsecesp_netstack);
4033 4033 freemsg(mp);
4034 4034 break;
4035 4035 case SADB_DUMP:
4036 4036 /*
4037 4037 * Dump all entries.
4038 4038 */
4039 4039 esp_dump(mp, ksi, espstack);
4040 4040 /* esp_dump will take care of the return message, etc. */
4041 4041 break;
4042 4042 case SADB_EXPIRE:
4043 4043 /* Should never reach me. */
4044 4044 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EOPNOTSUPP,
4045 4045 diagnostic, ksi->ks_in_serial);
4046 4046 break;
4047 4047 default:
4048 4048 sadb_pfkey_error(espstack->esp_pfkey_q, mp, EINVAL,
4049 4049 SADB_X_DIAGNOSTIC_UNKNOWN_MSG, ksi->ks_in_serial);
4050 4050 break;
4051 4051 }
4052 4052 }
4053 4053
4054 4054 /*
4055 4055 * Handle case where PF_KEY says it can't find a keysock for one of my
4056 4056 * ACQUIRE messages.
4057 4057 */
4058 4058 static void
4059 4059 esp_keysock_no_socket(mblk_t *mp, ipsecesp_stack_t *espstack)
4060 4060 {
4061 4061 sadb_msg_t *samsg;
4062 4062 keysock_out_err_t *kse = (keysock_out_err_t *)mp->b_rptr;
4063 4063
4064 4064 if (mp->b_cont == NULL) {
4065 4065 freemsg(mp);
4066 4066 return;
4067 4067 }
4068 4068 samsg = (sadb_msg_t *)mp->b_cont->b_rptr;
4069 4069
4070 4070 /*
4071 4071 * If keysock can't find any registered, delete the acquire record
4072 4072 * immediately, and handle errors.
4073 4073 */
4074 4074 if (samsg->sadb_msg_type == SADB_ACQUIRE) {
4075 4075 samsg->sadb_msg_errno = kse->ks_err_errno;
4076 4076 samsg->sadb_msg_len = SADB_8TO64(sizeof (*samsg));
4077 4077 /*
4078 4078 * Use the write-side of the esp_pfkey_q
4079 4079 */
4080 4080 sadb_in_acquire(samsg, &espstack->esp_sadb,
4081 4081 WR(espstack->esp_pfkey_q), espstack->ipsecesp_netstack);
4082 4082 }
4083 4083
4084 4084 freemsg(mp);
4085 4085 }
4086 4086
4087 4087 /*
4088 4088 * ESP module write put routine.
4089 4089 */
4090 4090 static void
4091 4091 ipsecesp_wput(queue_t *q, mblk_t *mp)
4092 4092 {
4093 4093 ipsec_info_t *ii;
4094 4094 struct iocblk *iocp;
4095 4095 ipsecesp_stack_t *espstack = (ipsecesp_stack_t *)q->q_ptr;
4096 4096
4097 4097 esp3dbg(espstack, ("In esp_wput().\n"));
4098 4098
4099 4099 /* NOTE: Each case must take care of freeing or passing mp. */
4100 4100 switch (mp->b_datap->db_type) {
4101 4101 case M_CTL:
4102 4102 if ((mp->b_wptr - mp->b_rptr) < sizeof (ipsec_info_t)) {
4103 4103 /* Not big enough message. */
4104 4104 freemsg(mp);
4105 4105 break;
4106 4106 }
4107 4107 ii = (ipsec_info_t *)mp->b_rptr;
4108 4108
4109 4109 switch (ii->ipsec_info_type) {
4110 4110 case KEYSOCK_OUT_ERR:
4111 4111 esp1dbg(espstack, ("Got KEYSOCK_OUT_ERR message.\n"));
4112 4112 esp_keysock_no_socket(mp, espstack);
4113 4113 break;
4114 4114 case KEYSOCK_IN:
4115 4115 ESP_BUMP_STAT(espstack, keysock_in);
4116 4116 esp3dbg(espstack, ("Got KEYSOCK_IN message.\n"));
4117 4117
4118 4118 /* Parse the message. */
4119 4119 esp_parse_pfkey(mp, espstack);
4120 4120 break;
4121 4121 case KEYSOCK_HELLO:
4122 4122 sadb_keysock_hello(&espstack->esp_pfkey_q, q, mp,
4123 4123 esp_ager, (void *)espstack, &espstack->esp_event,
4124 4124 SADB_SATYPE_ESP);
4125 4125 break;
4126 4126 default:
4127 4127 esp2dbg(espstack, ("Got M_CTL from above of 0x%x.\n",
4128 4128 ii->ipsec_info_type));
4129 4129 freemsg(mp);
4130 4130 break;
4131 4131 }
4132 4132 break;
4133 4133 case M_IOCTL:
4134 4134 iocp = (struct iocblk *)mp->b_rptr;
4135 4135 switch (iocp->ioc_cmd) {
4136 4136 case ND_SET:
4137 4137 case ND_GET:
4138 4138 if (nd_getset(q, espstack->ipsecesp_g_nd, mp)) {
4139 4139 qreply(q, mp);
4140 4140 return;
4141 4141 } else {
4142 4142 iocp->ioc_error = ENOENT;
4143 4143 }
4144 4144 /* FALLTHRU */
4145 4145 default:
4146 4146 /* We really don't support any other ioctls, do we? */
4147 4147
4148 4148 /* Return EINVAL */
4149 4149 if (iocp->ioc_error != ENOENT)
4150 4150 iocp->ioc_error = EINVAL;
4151 4151 iocp->ioc_count = 0;
4152 4152 mp->b_datap->db_type = M_IOCACK;
4153 4153 qreply(q, mp);
4154 4154 return;
4155 4155 }
4156 4156 default:
4157 4157 esp3dbg(espstack,
4158 4158 ("Got default message, type %d, passing to IP.\n",
4159 4159 mp->b_datap->db_type));
4160 4160 putnext(q, mp);
4161 4161 }
4162 4162 }
4163 4163
4164 4164 /*
4165 4165 * Wrapper to allow IP to trigger an ESP association failure message
4166 4166 * during inbound SA selection.
4167 4167 */
4168 4168 void
4169 4169 ipsecesp_in_assocfailure(mblk_t *mp, char level, ushort_t sl, char *fmt,
4170 4170 uint32_t spi, void *addr, int af, ip_recv_attr_t *ira)
4171 4171 {
4172 4172 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack;
4173 4173 ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
4174 4174 ipsec_stack_t *ipss = ns->netstack_ipsec;
4175 4175
4176 4176 if (espstack->ipsecesp_log_unknown_spi) {
4177 4177 ipsec_assocfailure(info.mi_idnum, 0, level, sl, fmt, spi,
4178 4178 addr, af, espstack->ipsecesp_netstack);
4179 4179 }
4180 4180
4181 4181 ip_drop_packet(mp, B_TRUE, ira->ira_ill,
4182 4182 DROPPER(ipss, ipds_esp_no_sa),
4183 4183 &espstack->esp_dropper);
4184 4184 }
4185 4185
4186 4186 /*
4187 4187 * Initialize the ESP input and output processing functions.
4188 4188 */
4189 4189 void
4190 4190 ipsecesp_init_funcs(ipsa_t *sa)
4191 4191 {
4192 4192 if (sa->ipsa_output_func == NULL)
4193 4193 sa->ipsa_output_func = esp_outbound;
4194 4194 if (sa->ipsa_input_func == NULL)
4195 4195 sa->ipsa_input_func = esp_inbound;
4196 4196 }
↓ open down ↓ |
1365 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX