1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 * Copyright 2015 Garrett D'Amore <garrett@damore.org>
26 */
27
28 #include <sys/types.h>
29 #include <sys/stream.h>
30 #include <sys/stropts.h>
31 #include <sys/errno.h>
32 #include <sys/strlog.h>
33 #include <sys/tihdr.h>
34 #include <sys/socket.h>
35 #include <sys/ddi.h>
36 #include <sys/sunddi.h>
37 #include <sys/mkdev.h>
38 #include <sys/kmem.h>
39 #include <sys/zone.h>
40 #include <sys/sysmacros.h>
41 #include <sys/cmn_err.h>
42 #include <sys/vtrace.h>
43 #include <sys/debug.h>
44 #include <sys/atomic.h>
45 #include <sys/strsun.h>
46 #include <sys/random.h>
47 #include <netinet/in.h>
48 #include <net/if.h>
49 #include <netinet/ip6.h>
50 #include <netinet/icmp6.h>
51 #include <net/pfkeyv2.h>
52 #include <net/pfpolicy.h>
53
54 #include <inet/common.h>
55 #include <inet/mi.h>
56 #include <inet/ip.h>
57 #include <inet/ip6.h>
58 #include <inet/nd.h>
59 #include <inet/ip_if.h>
60 #include <inet/ip_ndp.h>
61 #include <inet/ipsec_info.h>
62 #include <inet/ipsec_impl.h>
63 #include <inet/sadb.h>
64 #include <inet/ipsecah.h>
65 #include <inet/ipsec_impl.h>
66 #include <inet/ipdrop.h>
67 #include <sys/taskq.h>
68 #include <sys/policy.h>
69 #include <sys/strsun.h>
70
71 #include <sys/crypto/common.h>
72 #include <sys/crypto/api.h>
73 #include <sys/kstat.h>
74 #include <sys/strsubr.h>
75
76 #include <sys/tsol/tnet.h>
77
78 /*
79 * Table of ND variables supported by ipsecah. These are loaded into
80 * ipsecah_g_nd in ipsecah_init_nd.
81 * All of these are alterable, within the min/max values given, at run time.
82 */
83 static ipsecahparam_t lcl_param_arr[] = {
84 /* min max value name */
85 { 0, 3, 0, "ipsecah_debug"},
86 { 125, 32000, SADB_AGE_INTERVAL_DEFAULT, "ipsecah_age_interval"},
87 { 1, 10, 1, "ipsecah_reap_delay"},
88 { 1, SADB_MAX_REPLAY, 64, "ipsecah_replay_size"},
89 { 1, 300, 15, "ipsecah_acquire_timeout"},
90 { 1, 1800, 90, "ipsecah_larval_timeout"},
91 /* Default lifetime values for ACQUIRE messages. */
92 { 0, 0xffffffffU, 0, "ipsecah_default_soft_bytes"},
93 { 0, 0xffffffffU, 0, "ipsecah_default_hard_bytes"},
94 { 0, 0xffffffffU, 24000, "ipsecah_default_soft_addtime"},
95 { 0, 0xffffffffU, 28800, "ipsecah_default_hard_addtime"},
96 { 0, 0xffffffffU, 0, "ipsecah_default_soft_usetime"},
97 { 0, 0xffffffffU, 0, "ipsecah_default_hard_usetime"},
98 { 0, 1, 0, "ipsecah_log_unknown_spi"},
99 };
100 #define ipsecah_debug ipsecah_params[0].ipsecah_param_value
101 #define ipsecah_age_interval ipsecah_params[1].ipsecah_param_value
102 #define ipsecah_age_int_max ipsecah_params[1].ipsecah_param_max
103 #define ipsecah_reap_delay ipsecah_params[2].ipsecah_param_value
104 #define ipsecah_replay_size ipsecah_params[3].ipsecah_param_value
105 #define ipsecah_acquire_timeout ipsecah_params[4].ipsecah_param_value
106 #define ipsecah_larval_timeout ipsecah_params[5].ipsecah_param_value
107 #define ipsecah_default_soft_bytes ipsecah_params[6].ipsecah_param_value
108 #define ipsecah_default_hard_bytes ipsecah_params[7].ipsecah_param_value
109 #define ipsecah_default_soft_addtime ipsecah_params[8].ipsecah_param_value
110 #define ipsecah_default_hard_addtime ipsecah_params[9].ipsecah_param_value
111 #define ipsecah_default_soft_usetime ipsecah_params[10].ipsecah_param_value
112 #define ipsecah_default_hard_usetime ipsecah_params[11].ipsecah_param_value
113 #define ipsecah_log_unknown_spi ipsecah_params[12].ipsecah_param_value
114
115 #define ah0dbg(a) printf a
116 /* NOTE: != 0 instead of > 0 so lint doesn't complain. */
117 #define ah1dbg(ahstack, a) if (ahstack->ipsecah_debug != 0) printf a
118 #define ah2dbg(ahstack, a) if (ahstack->ipsecah_debug > 1) printf a
119 #define ah3dbg(ahstack, a) if (ahstack->ipsecah_debug > 2) printf a
120
121 /*
122 * XXX This is broken. Padding should be determined dynamically
123 * depending on the ICV size and IP version number so that the
124 * total AH header size is a multiple of 32 bits or 64 bits
125 * for V4 and V6 respectively. For 96bit ICVs we have no problems.
126 * Anything different from that, we need to fix our code.
127 */
128 #define IPV4_PADDING_ALIGN 0x04 /* Multiple of 32 bits */
129 #define IPV6_PADDING_ALIGN 0x04 /* Multiple of 32 bits */
130
131 /*
132 * Helper macro. Avoids a call to msgdsize if there is only one
133 * mblk in the chain.
134 */
135 #define AH_MSGSIZE(mp) ((mp)->b_cont != NULL ? msgdsize(mp) : MBLKL(mp))
136
137
138 static mblk_t *ah_auth_out_done(mblk_t *, ip_xmit_attr_t *, ipsec_crypto_t *);
139 static mblk_t *ah_auth_in_done(mblk_t *, ip_recv_attr_t *, ipsec_crypto_t *);
140 static mblk_t *ah_process_ip_options_v4(mblk_t *, ipsa_t *, int *, uint_t,
141 boolean_t, ipsecah_stack_t *);
142 static mblk_t *ah_process_ip_options_v6(mblk_t *, ipsa_t *, int *, uint_t,
143 boolean_t, ipsecah_stack_t *);
144 static void ah_getspi(mblk_t *, keysock_in_t *, ipsecah_stack_t *);
145 static void ah_inbound_restart(mblk_t *, ip_recv_attr_t *);
146
147 static mblk_t *ah_outbound(mblk_t *, ip_xmit_attr_t *);
148 static void ah_outbound_finish(mblk_t *, ip_xmit_attr_t *);
149
150 static int ipsecah_open(queue_t *, dev_t *, int, int, cred_t *);
151 static int ipsecah_close(queue_t *);
152 static void ipsecah_wput(queue_t *, mblk_t *);
153 static void ah_send_acquire(ipsacq_t *, mblk_t *, netstack_t *);
154 static boolean_t ah_register_out(uint32_t, uint32_t, uint_t, ipsecah_stack_t *,
155 cred_t *);
156 static void *ipsecah_stack_init(netstackid_t stackid, netstack_t *ns);
157 static void ipsecah_stack_fini(netstackid_t stackid, void *arg);
158
159 /* Setable in /etc/system */
160 uint32_t ah_hash_size = IPSEC_DEFAULT_HASH_SIZE;
161
162 static taskq_t *ah_taskq;
163
164 static struct module_info info = {
165 5136, "ipsecah", 0, INFPSZ, 65536, 1024
166 };
167
168 static struct qinit rinit = {
169 (pfi_t)putnext, NULL, ipsecah_open, ipsecah_close, NULL, &info,
170 NULL
171 };
172
173 static struct qinit winit = {
174 (pfi_t)ipsecah_wput, NULL, ipsecah_open, ipsecah_close, NULL, &info,
175 NULL
176 };
177
178 struct streamtab ipsecahinfo = {
179 &rinit, &winit, NULL, NULL
180 };
181
182 static int ah_kstat_update(kstat_t *, int);
183
184 uint64_t ipsacq_maxpackets = IPSACQ_MAXPACKETS;
185
186 static boolean_t
187 ah_kstat_init(ipsecah_stack_t *ahstack, netstackid_t stackid)
188 {
189 ipsec_stack_t *ipss = ahstack->ipsecah_netstack->netstack_ipsec;
190
191 ahstack->ah_ksp = kstat_create_netstack("ipsecah", 0, "ah_stat", "net",
192 KSTAT_TYPE_NAMED, sizeof (ah_kstats_t) / sizeof (kstat_named_t),
193 KSTAT_FLAG_PERSISTENT, stackid);
194
195 if (ahstack->ah_ksp == NULL || ahstack->ah_ksp->ks_data == NULL)
196 return (B_FALSE);
197
198 ahstack->ah_kstats = ahstack->ah_ksp->ks_data;
199
200 ahstack->ah_ksp->ks_update = ah_kstat_update;
201 ahstack->ah_ksp->ks_private = (void *)(uintptr_t)stackid;
202
203 #define K64 KSTAT_DATA_UINT64
204 #define KI(x) kstat_named_init(&(ahstack->ah_kstats->ah_stat_##x), #x, K64)
205
206 KI(num_aalgs);
207 KI(good_auth);
208 KI(bad_auth);
209 KI(replay_failures);
210 KI(replay_early_failures);
211 KI(keysock_in);
212 KI(out_requests);
213 KI(acquire_requests);
214 KI(bytes_expired);
215 KI(out_discards);
216 KI(crypto_sync);
217 KI(crypto_async);
218 KI(crypto_failures);
219
220 #undef KI
221 #undef K64
222
223 kstat_install(ahstack->ah_ksp);
224 IP_ACQUIRE_STAT(ipss, maxpackets, ipsacq_maxpackets);
225 return (B_TRUE);
226 }
227
228 static int
229 ah_kstat_update(kstat_t *kp, int rw)
230 {
231 ah_kstats_t *ekp;
232 netstackid_t stackid = (netstackid_t)(uintptr_t)kp->ks_private;
233 netstack_t *ns;
234 ipsec_stack_t *ipss;
235
236 if ((kp == NULL) || (kp->ks_data == NULL))
237 return (EIO);
238
239 if (rw == KSTAT_WRITE)
240 return (EACCES);
241
242 ns = netstack_find_by_stackid(stackid);
243 if (ns == NULL)
244 return (-1);
245 ipss = ns->netstack_ipsec;
246 if (ipss == NULL) {
247 netstack_rele(ns);
248 return (-1);
249 }
250 ekp = (ah_kstats_t *)kp->ks_data;
251
252 mutex_enter(&ipss->ipsec_alg_lock);
253 ekp->ah_stat_num_aalgs.value.ui64 = ipss->ipsec_nalgs[IPSEC_ALG_AUTH];
254 mutex_exit(&ipss->ipsec_alg_lock);
255
256 netstack_rele(ns);
257 return (0);
258 }
259
260 /*
261 * Don't have to lock ipsec_age_interval, as only one thread will access it at
262 * a time, because I control the one function that does a qtimeout() on
263 * ah_pfkey_q.
264 */
265 static void
266 ah_ager(void *arg)
267 {
268 ipsecah_stack_t *ahstack = (ipsecah_stack_t *)arg;
269 netstack_t *ns = ahstack->ipsecah_netstack;
270 hrtime_t begin = gethrtime();
271
272 sadb_ager(&ahstack->ah_sadb.s_v4, ahstack->ah_pfkey_q,
273 ahstack->ipsecah_reap_delay, ns);
274 sadb_ager(&ahstack->ah_sadb.s_v6, ahstack->ah_pfkey_q,
275 ahstack->ipsecah_reap_delay, ns);
276
277 ahstack->ah_event = sadb_retimeout(begin, ahstack->ah_pfkey_q,
278 ah_ager, ahstack,
279 &ahstack->ipsecah_age_interval, ahstack->ipsecah_age_int_max,
280 info.mi_idnum);
281 }
282
283 /*
284 * Get an AH NDD parameter.
285 */
286 /* ARGSUSED */
287 static int
288 ipsecah_param_get(q, mp, cp, cr)
289 queue_t *q;
290 mblk_t *mp;
291 caddr_t cp;
292 cred_t *cr;
293 {
294 ipsecahparam_t *ipsecahpa = (ipsecahparam_t *)cp;
295 uint_t value;
296 ipsecah_stack_t *ahstack = (ipsecah_stack_t *)q->q_ptr;
297
298 mutex_enter(&ahstack->ipsecah_param_lock);
299 value = ipsecahpa->ipsecah_param_value;
300 mutex_exit(&ahstack->ipsecah_param_lock);
301
302 (void) mi_mpprintf(mp, "%u", value);
303 return (0);
304 }
305
306 /*
307 * This routine sets an NDD variable in a ipsecahparam_t structure.
308 */
309 /* ARGSUSED */
310 static int
311 ipsecah_param_set(q, mp, value, cp, cr)
312 queue_t *q;
313 mblk_t *mp;
314 char *value;
315 caddr_t cp;
316 cred_t *cr;
317 {
318 ulong_t new_value;
319 ipsecahparam_t *ipsecahpa = (ipsecahparam_t *)cp;
320 ipsecah_stack_t *ahstack = (ipsecah_stack_t *)q->q_ptr;
321
322 /*
323 * Fail the request if the new value does not lie within the
324 * required bounds.
325 */
326 if (ddi_strtoul(value, NULL, 10, &new_value) != 0 ||
327 new_value < ipsecahpa->ipsecah_param_min ||
328 new_value > ipsecahpa->ipsecah_param_max) {
329 return (EINVAL);
330 }
331
332 /* Set the new value */
333 mutex_enter(&ahstack->ipsecah_param_lock);
334 ipsecahpa->ipsecah_param_value = new_value;
335 mutex_exit(&ahstack->ipsecah_param_lock);
336 return (0);
337 }
338
339 /*
340 * Using lifetime NDD variables, fill in an extended combination's
341 * lifetime information.
342 */
343 void
344 ipsecah_fill_defs(sadb_x_ecomb_t *ecomb, netstack_t *ns)
345 {
346 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
347
348 ecomb->sadb_x_ecomb_soft_bytes = ahstack->ipsecah_default_soft_bytes;
349 ecomb->sadb_x_ecomb_hard_bytes = ahstack->ipsecah_default_hard_bytes;
350 ecomb->sadb_x_ecomb_soft_addtime =
351 ahstack->ipsecah_default_soft_addtime;
352 ecomb->sadb_x_ecomb_hard_addtime =
353 ahstack->ipsecah_default_hard_addtime;
354 ecomb->sadb_x_ecomb_soft_usetime =
355 ahstack->ipsecah_default_soft_usetime;
356 ecomb->sadb_x_ecomb_hard_usetime =
357 ahstack->ipsecah_default_hard_usetime;
358 }
359
360 /*
361 * Initialize things for AH at module load time.
362 */
363 boolean_t
364 ipsecah_ddi_init(void)
365 {
366 ah_taskq = taskq_create("ah_taskq", 1, minclsyspri,
367 IPSEC_TASKQ_MIN, IPSEC_TASKQ_MAX, 0);
368
369 /*
370 * We want to be informed each time a stack is created or
371 * destroyed in the kernel, so we can maintain the
372 * set of ipsecah_stack_t's.
373 */
374 netstack_register(NS_IPSECAH, ipsecah_stack_init, NULL,
375 ipsecah_stack_fini);
376
377 return (B_TRUE);
378 }
379
380 /*
381 * Walk through the param array specified registering each element with the
382 * named dispatch handler.
383 */
384 static boolean_t
385 ipsecah_param_register(IDP *ndp, ipsecahparam_t *ahp, int cnt)
386 {
387 for (; cnt-- > 0; ahp++) {
388 if (ahp->ipsecah_param_name != NULL &&
389 ahp->ipsecah_param_name[0]) {
390 if (!nd_load(ndp,
391 ahp->ipsecah_param_name,
392 ipsecah_param_get, ipsecah_param_set,
393 (caddr_t)ahp)) {
394 nd_free(ndp);
395 return (B_FALSE);
396 }
397 }
398 }
399 return (B_TRUE);
400 }
401
402 /*
403 * Initialize things for AH for each stack instance
404 */
405 static void *
406 ipsecah_stack_init(netstackid_t stackid, netstack_t *ns)
407 {
408 ipsecah_stack_t *ahstack;
409 ipsecahparam_t *ahp;
410
411 ahstack = (ipsecah_stack_t *)kmem_zalloc(sizeof (*ahstack), KM_SLEEP);
412 ahstack->ipsecah_netstack = ns;
413
414 ahp = (ipsecahparam_t *)kmem_alloc(sizeof (lcl_param_arr), KM_SLEEP);
415 ahstack->ipsecah_params = ahp;
416 bcopy(lcl_param_arr, ahp, sizeof (lcl_param_arr));
417
418 (void) ipsecah_param_register(&ahstack->ipsecah_g_nd, ahp,
419 A_CNT(lcl_param_arr));
420
421 (void) ah_kstat_init(ahstack, stackid);
422
423 ahstack->ah_sadb.s_acquire_timeout = &ahstack->ipsecah_acquire_timeout;
424 ahstack->ah_sadb.s_acqfn = ah_send_acquire;
425 sadbp_init("AH", &ahstack->ah_sadb, SADB_SATYPE_AH, ah_hash_size,
426 ahstack->ipsecah_netstack);
427
428 mutex_init(&ahstack->ipsecah_param_lock, NULL, MUTEX_DEFAULT, 0);
429
430 ip_drop_register(&ahstack->ah_dropper, "IPsec AH");
431 return (ahstack);
432 }
433
434 /*
435 * Destroy things for AH at module unload time.
436 */
437 void
438 ipsecah_ddi_destroy(void)
439 {
440 netstack_unregister(NS_IPSECAH);
441 taskq_destroy(ah_taskq);
442 }
443
444 /*
445 * Destroy things for AH for one stack... Never called?
446 */
447 static void
448 ipsecah_stack_fini(netstackid_t stackid, void *arg)
449 {
450 ipsecah_stack_t *ahstack = (ipsecah_stack_t *)arg;
451
452 if (ahstack->ah_pfkey_q != NULL) {
453 (void) quntimeout(ahstack->ah_pfkey_q, ahstack->ah_event);
454 }
455 ahstack->ah_sadb.s_acqfn = NULL;
456 ahstack->ah_sadb.s_acquire_timeout = NULL;
457 sadbp_destroy(&ahstack->ah_sadb, ahstack->ipsecah_netstack);
458 ip_drop_unregister(&ahstack->ah_dropper);
459 mutex_destroy(&ahstack->ipsecah_param_lock);
460 nd_free(&ahstack->ipsecah_g_nd);
461
462 kmem_free(ahstack->ipsecah_params, sizeof (lcl_param_arr));
463 ahstack->ipsecah_params = NULL;
464 kstat_delete_netstack(ahstack->ah_ksp, stackid);
465 ahstack->ah_ksp = NULL;
466 ahstack->ah_kstats = NULL;
467
468 kmem_free(ahstack, sizeof (*ahstack));
469 }
470
471 /*
472 * AH module open routine, which is here for keysock plumbing.
473 * Keysock is pushed over {AH,ESP} which is an artifact from the Bad Old
474 * Days of export control, and fears that ESP would not be allowed
475 * to be shipped at all by default. Eventually, keysock should
476 * either access AH and ESP via modstubs or krtld dependencies, or
477 * perhaps be folded in with AH and ESP into a single IPsec/netsec
478 * module ("netsec" if PF_KEY provides more than AH/ESP keying tables).
479 */
480 /* ARGSUSED */
481 static int
482 ipsecah_open(queue_t *q, dev_t *devp, int flag, int sflag, cred_t *credp)
483 {
484 netstack_t *ns;
485 ipsecah_stack_t *ahstack;
486
487 if (secpolicy_ip_config(credp, B_FALSE) != 0)
488 return (EPERM);
489
490 if (q->q_ptr != NULL)
491 return (0); /* Re-open of an already open instance. */
492
493 if (sflag != MODOPEN)
494 return (EINVAL);
495
496 ns = netstack_find_by_cred(credp);
497 ASSERT(ns != NULL);
498 ahstack = ns->netstack_ipsecah;
499 ASSERT(ahstack != NULL);
500
501 q->q_ptr = ahstack;
502 WR(q)->q_ptr = q->q_ptr;
503
504 qprocson(q);
505 return (0);
506 }
507
508 /*
509 * AH module close routine.
510 */
511 static int
512 ipsecah_close(queue_t *q)
513 {
514 ipsecah_stack_t *ahstack = (ipsecah_stack_t *)q->q_ptr;
515
516 /*
517 * Clean up q_ptr, if needed.
518 */
519 qprocsoff(q);
520
521 /* Keysock queue check is safe, because of OCEXCL perimeter. */
522
523 if (q == ahstack->ah_pfkey_q) {
524 ah1dbg(ahstack,
525 ("ipsecah_close: Ummm... keysock is closing AH.\n"));
526 ahstack->ah_pfkey_q = NULL;
527 /* Detach qtimeouts. */
528 (void) quntimeout(q, ahstack->ah_event);
529 }
530
531 netstack_rele(ahstack->ipsecah_netstack);
532 return (0);
533 }
534
535 /*
536 * Construct an SADB_REGISTER message with the current algorithms.
537 */
538 static boolean_t
539 ah_register_out(uint32_t sequence, uint32_t pid, uint_t serial,
540 ipsecah_stack_t *ahstack, cred_t *cr)
541 {
542 mblk_t *mp;
543 boolean_t rc = B_TRUE;
544 sadb_msg_t *samsg;
545 sadb_supported_t *sasupp;
546 sadb_alg_t *saalg;
547 uint_t allocsize = sizeof (*samsg);
548 uint_t i, numalgs_snap;
549 ipsec_alginfo_t **authalgs;
550 uint_t num_aalgs;
551 ipsec_stack_t *ipss = ahstack->ipsecah_netstack->netstack_ipsec;
552 sadb_sens_t *sens;
553 size_t sens_len = 0;
554 sadb_ext_t *nextext;
555 ts_label_t *sens_tsl = NULL;
556
557 /* Allocate the KEYSOCK_OUT. */
558 mp = sadb_keysock_out(serial);
559 if (mp == NULL) {
560 ah0dbg(("ah_register_out: couldn't allocate mblk.\n"));
561 return (B_FALSE);
562 }
563
564 if (is_system_labeled() && (cr != NULL)) {
565 sens_tsl = crgetlabel(cr);
566 if (sens_tsl != NULL) {
567 sens_len = sadb_sens_len_from_label(sens_tsl);
568 allocsize += sens_len;
569 }
570 }
571
572 /*
573 * Allocate the PF_KEY message that follows KEYSOCK_OUT.
574 * The alg reader lock needs to be held while allocating
575 * the variable part (i.e. the algorithms) of the message.
576 */
577
578 mutex_enter(&ipss->ipsec_alg_lock);
579
580 /*
581 * Return only valid algorithms, so the number of algorithms
582 * to send up may be less than the number of algorithm entries
583 * in the table.
584 */
585 authalgs = ipss->ipsec_alglists[IPSEC_ALG_AUTH];
586 for (num_aalgs = 0, i = 0; i < IPSEC_MAX_ALGS; i++)
587 if (authalgs[i] != NULL && ALG_VALID(authalgs[i]))
588 num_aalgs++;
589
590 /*
591 * Fill SADB_REGISTER message's algorithm descriptors. Hold
592 * down the lock while filling it.
593 */
594 if (num_aalgs != 0) {
595 allocsize += (num_aalgs * sizeof (*saalg));
596 allocsize += sizeof (*sasupp);
597 }
598 mp->b_cont = allocb(allocsize, BPRI_HI);
599 if (mp->b_cont == NULL) {
600 mutex_exit(&ipss->ipsec_alg_lock);
601 freemsg(mp);
602 return (B_FALSE);
603 }
604
605 mp->b_cont->b_wptr += allocsize;
606 nextext = (sadb_ext_t *)(mp->b_cont->b_rptr + sizeof (*samsg));
607
608 if (num_aalgs != 0) {
609
610 saalg = (sadb_alg_t *)(((uint8_t *)nextext) + sizeof (*sasupp));
611 ASSERT(((ulong_t)saalg & 0x7) == 0);
612
613 numalgs_snap = 0;
614 for (i = 0;
615 ((i < IPSEC_MAX_ALGS) && (numalgs_snap < num_aalgs));
616 i++) {
617 if (authalgs[i] == NULL || !ALG_VALID(authalgs[i]))
618 continue;
619
620 saalg->sadb_alg_id = authalgs[i]->alg_id;
621 saalg->sadb_alg_ivlen = 0;
622 saalg->sadb_alg_minbits = authalgs[i]->alg_ef_minbits;
623 saalg->sadb_alg_maxbits = authalgs[i]->alg_ef_maxbits;
624 saalg->sadb_x_alg_increment =
625 authalgs[i]->alg_increment;
626 /* For now, salt is meaningless in AH. */
627 ASSERT(authalgs[i]->alg_saltlen == 0);
628 saalg->sadb_x_alg_saltbits =
629 SADB_8TO1(authalgs[i]->alg_saltlen);
630 numalgs_snap++;
631 saalg++;
632 }
633 ASSERT(numalgs_snap == num_aalgs);
634 #ifdef DEBUG
635 /*
636 * Reality check to make sure I snagged all of the
637 * algorithms.
638 */
639 for (; i < IPSEC_MAX_ALGS; i++)
640 if (authalgs[i] != NULL && ALG_VALID(authalgs[i]))
641 cmn_err(CE_PANIC,
642 "ah_register_out()! Missed #%d.\n", i);
643 #endif /* DEBUG */
644 nextext = (sadb_ext_t *)saalg;
645 }
646
647 mutex_exit(&ipss->ipsec_alg_lock);
648
649 if (sens_tsl != NULL) {
650 sens = (sadb_sens_t *)nextext;
651 sadb_sens_from_label(sens, SADB_EXT_SENSITIVITY,
652 sens_tsl, sens_len);
653
654 nextext = (sadb_ext_t *)(((uint8_t *)sens) + sens_len);
655 }
656
657 /* Now fill the restof the SADB_REGISTER message. */
658
659 samsg = (sadb_msg_t *)mp->b_cont->b_rptr;
660 samsg->sadb_msg_version = PF_KEY_V2;
661 samsg->sadb_msg_type = SADB_REGISTER;
662 samsg->sadb_msg_errno = 0;
663 samsg->sadb_msg_satype = SADB_SATYPE_AH;
664 samsg->sadb_msg_len = SADB_8TO64(allocsize);
665 samsg->sadb_msg_reserved = 0;
666 /*
667 * Assume caller has sufficient sequence/pid number info. If it's one
668 * from me over a new alg., I could give two hoots about sequence.
669 */
670 samsg->sadb_msg_seq = sequence;
671 samsg->sadb_msg_pid = pid;
672
673 if (num_aalgs != 0) {
674 sasupp = (sadb_supported_t *)(samsg + 1);
675 sasupp->sadb_supported_len = SADB_8TO64(
676 sizeof (*sasupp) + sizeof (*saalg) * num_aalgs);
677 sasupp->sadb_supported_exttype = SADB_EXT_SUPPORTED_AUTH;
678 sasupp->sadb_supported_reserved = 0;
679 }
680
681 if (ahstack->ah_pfkey_q != NULL)
682 putnext(ahstack->ah_pfkey_q, mp);
683 else {
684 rc = B_FALSE;
685 freemsg(mp);
686 }
687
688 return (rc);
689 }
690
691 /*
692 * Invoked when the algorithm table changes. Causes SADB_REGISTER
693 * messages continaining the current list of algorithms to be
694 * sent up to the AH listeners.
695 */
696 void
697 ipsecah_algs_changed(netstack_t *ns)
698 {
699 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
700
701 /*
702 * Time to send a PF_KEY SADB_REGISTER message to AH listeners
703 * everywhere. (The function itself checks for NULL ah_pfkey_q.)
704 */
705 (void) ah_register_out(0, 0, 0, ahstack, NULL);
706 }
707
708 /*
709 * Stub function that taskq_dispatch() invokes to take the mblk (in arg)
710 * and send it into AH and IP again.
711 */
712 static void
713 inbound_task(void *arg)
714 {
715 mblk_t *mp = (mblk_t *)arg;
716 mblk_t *async_mp;
717 ip_recv_attr_t iras;
718
719 async_mp = mp;
720 mp = async_mp->b_cont;
721 async_mp->b_cont = NULL;
722 if (!ip_recv_attr_from_mblk(async_mp, &iras)) {
723 /* The ill or ip_stack_t disappeared on us */
724 ip_drop_input("ip_recv_attr_from_mblk", mp, NULL);
725 freemsg(mp);
726 goto done;
727 }
728
729 ah_inbound_restart(mp, &iras);
730 done:
731 ira_cleanup(&iras, B_TRUE);
732 }
733
734 /*
735 * Restart ESP after the SA has been added.
736 */
737 static void
738 ah_inbound_restart(mblk_t *mp, ip_recv_attr_t *ira)
739 {
740 ah_t *ah;
741 netstack_t *ns;
742 ipsecah_stack_t *ahstack;
743
744 ns = ira->ira_ill->ill_ipst->ips_netstack;
745 ahstack = ns->netstack_ipsecah;
746
747 ASSERT(ahstack != NULL);
748 mp = ipsec_inbound_ah_sa(mp, ira, &ah);
749 if (mp == NULL)
750 return;
751
752 ASSERT(ah != NULL);
753 ASSERT(ira->ira_flags & IRAF_IPSEC_SECURE);
754 ASSERT(ira->ira_ipsec_ah_sa != NULL);
755
756 mp = ira->ira_ipsec_ah_sa->ipsa_input_func(mp, ah, ira);
757 if (mp == NULL) {
758 /*
759 * Either it failed or is pending. In the former case
760 * ipIfStatsInDiscards was increased.
761 */
762 return;
763 }
764 ip_input_post_ipsec(mp, ira);
765 }
766
767 /*
768 * Now that weak-key passed, actually ADD the security association, and
769 * send back a reply ADD message.
770 */
771 static int
772 ah_add_sa_finish(mblk_t *mp, sadb_msg_t *samsg, keysock_in_t *ksi,
773 int *diagnostic, ipsecah_stack_t *ahstack)
774 {
775 isaf_t *primary = NULL, *secondary;
776 boolean_t clone = B_FALSE, is_inbound = B_FALSE;
777 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
778 ipsa_t *larval;
779 ipsacq_t *acqrec;
780 iacqf_t *acq_bucket;
781 mblk_t *acq_msgs = NULL;
782 mblk_t *lpkt;
783 int rc;
784 ipsa_query_t sq;
785 int error;
786 netstack_t *ns = ahstack->ipsecah_netstack;
787 ipsec_stack_t *ipss = ns->netstack_ipsec;
788
789 /*
790 * Locate the appropriate table(s).
791 */
792
793 sq.spp = &ahstack->ah_sadb;
794 error = sadb_form_query(ksi, IPSA_Q_SA|IPSA_Q_DST,
795 IPSA_Q_SA|IPSA_Q_DST|IPSA_Q_INBOUND|IPSA_Q_OUTBOUND,
796 &sq, diagnostic);
797 if (error)
798 return (error);
799
800 /*
801 * Use the direction flags provided by the KMD to determine
802 * if the inbound or outbound table should be the primary
803 * for this SA. If these flags were absent then make this
804 * decision based on the addresses.
805 */
806 if (assoc->sadb_sa_flags & IPSA_F_INBOUND) {
807 primary = sq.inbound;
808 secondary = sq.outbound;
809 is_inbound = B_TRUE;
810 if (assoc->sadb_sa_flags & IPSA_F_OUTBOUND)
811 clone = B_TRUE;
812 } else {
813 if (assoc->sadb_sa_flags & IPSA_F_OUTBOUND) {
814 primary = sq.outbound;
815 secondary = sq.inbound;
816 }
817 }
818 if (primary == NULL) {
819 /*
820 * The KMD did not set a direction flag, determine which
821 * table to insert the SA into based on addresses.
822 */
823 switch (ksi->ks_in_dsttype) {
824 case KS_IN_ADDR_MBCAST:
825 clone = B_TRUE; /* All mcast SAs can be bidirectional */
826 assoc->sadb_sa_flags |= IPSA_F_OUTBOUND;
827 /* FALLTHRU */
828 /*
829 * If the source address is either one of mine, or unspecified
830 * (which is best summed up by saying "not 'not mine'"),
831 * then the association is potentially bi-directional,
832 * in that it can be used for inbound traffic and outbound
833 * traffic. The best example of such and SA is a multicast
834 * SA (which allows me to receive the outbound traffic).
835 */
836 case KS_IN_ADDR_ME:
837 assoc->sadb_sa_flags |= IPSA_F_INBOUND;
838 primary = sq.inbound;
839 secondary = sq.outbound;
840 if (ksi->ks_in_srctype != KS_IN_ADDR_NOTME)
841 clone = B_TRUE;
842 is_inbound = B_TRUE;
843 break;
844
845 /*
846 * If the source address literally not mine (either
847 * unspecified or not mine), then this SA may have an
848 * address that WILL be mine after some configuration.
849 * We pay the price for this by making it a bi-directional
850 * SA.
851 */
852 case KS_IN_ADDR_NOTME:
853 assoc->sadb_sa_flags |= IPSA_F_OUTBOUND;
854 primary = sq.outbound;
855 secondary = sq.inbound;
856 if (ksi->ks_in_srctype != KS_IN_ADDR_ME) {
857 assoc->sadb_sa_flags |= IPSA_F_INBOUND;
858 clone = B_TRUE;
859 }
860 break;
861 default:
862 *diagnostic = SADB_X_DIAGNOSTIC_BAD_DST;
863 return (EINVAL);
864 }
865 }
866
867 /*
868 * Find a ACQUIRE list entry if possible. If we've added an SA that
869 * suits the needs of an ACQUIRE list entry, we can eliminate the
870 * ACQUIRE list entry and transmit the enqueued packets. Use the
871 * high-bit of the sequence number to queue it. Key off destination
872 * addr, and change acqrec's state.
873 */
874
875 if (samsg->sadb_msg_seq & IACQF_LOWEST_SEQ) {
876 acq_bucket = &(sq.sp->sdb_acq[sq.outhash]);
877 mutex_enter(&acq_bucket->iacqf_lock);
878 for (acqrec = acq_bucket->iacqf_ipsacq; acqrec != NULL;
879 acqrec = acqrec->ipsacq_next) {
880 mutex_enter(&acqrec->ipsacq_lock);
881 /*
882 * Q: I only check sequence. Should I check dst?
883 * A: Yes, check dest because those are the packets
884 * that are queued up.
885 */
886 if (acqrec->ipsacq_seq == samsg->sadb_msg_seq &&
887 IPSA_ARE_ADDR_EQUAL(sq.dstaddr,
888 acqrec->ipsacq_dstaddr, acqrec->ipsacq_addrfam))
889 break;
890 mutex_exit(&acqrec->ipsacq_lock);
891 }
892 if (acqrec != NULL) {
893 /*
894 * AHA! I found an ACQUIRE record for this SA.
895 * Grab the msg list, and free the acquire record.
896 * I already am holding the lock for this record,
897 * so all I have to do is free it.
898 */
899 acq_msgs = acqrec->ipsacq_mp;
900 acqrec->ipsacq_mp = NULL;
901 mutex_exit(&acqrec->ipsacq_lock);
902 sadb_destroy_acquire(acqrec, ns);
903 }
904 mutex_exit(&acq_bucket->iacqf_lock);
905 }
906
907 /*
908 * Find PF_KEY message, and see if I'm an update. If so, find entry
909 * in larval list (if there).
910 */
911
912 larval = NULL;
913
914 if (samsg->sadb_msg_type == SADB_UPDATE) {
915 mutex_enter(&sq.inbound->isaf_lock);
916 larval = ipsec_getassocbyspi(sq.inbound, sq.assoc->sadb_sa_spi,
917 ALL_ZEROES_PTR, sq.dstaddr, sq.dst->sin_family);
918 mutex_exit(&sq.inbound->isaf_lock);
919
920 if ((larval == NULL) ||
921 (larval->ipsa_state != IPSA_STATE_LARVAL)) {
922 *diagnostic = SADB_X_DIAGNOSTIC_SA_NOTFOUND;
923 if (larval != NULL) {
924 IPSA_REFRELE(larval);
925 }
926 ah0dbg(("Larval update, but larval disappeared.\n"));
927 return (ESRCH);
928 } /* Else sadb_common_add unlinks it for me! */
929 }
930
931 if (larval != NULL) {
932 /*
933 * Hold again, because sadb_common_add() consumes a reference,
934 * and we don't want to clear_lpkt() without a reference.
935 */
936 IPSA_REFHOLD(larval);
937 }
938
939 rc = sadb_common_add(ahstack->ah_pfkey_q, mp,
940 samsg, ksi, primary, secondary, larval, clone, is_inbound,
941 diagnostic, ns, &ahstack->ah_sadb);
942
943 if (larval != NULL) {
944 if (rc == 0) {
945 lpkt = sadb_clear_lpkt(larval);
946 if (lpkt != NULL) {
947 rc = !taskq_dispatch(ah_taskq, inbound_task,
948 lpkt, TQ_NOSLEEP);
949 }
950 }
951 IPSA_REFRELE(larval);
952 }
953
954 /*
955 * How much more stack will I create with all of these
956 * ah_outbound_*() calls?
957 */
958
959 /* Handle the packets queued waiting for the SA */
960 while (acq_msgs != NULL) {
961 mblk_t *asyncmp;
962 mblk_t *data_mp;
963 ip_xmit_attr_t ixas;
964 ill_t *ill;
965
966 asyncmp = acq_msgs;
967 acq_msgs = acq_msgs->b_next;
968 asyncmp->b_next = NULL;
969
970 /*
971 * Extract the ip_xmit_attr_t from the first mblk.
972 * Verifies that the netstack and ill is still around; could
973 * have vanished while iked was doing its work.
974 * On succesful return we have a nce_t and the ill/ipst can't
975 * disappear until we do the nce_refrele in ixa_cleanup.
976 */
977 data_mp = asyncmp->b_cont;
978 asyncmp->b_cont = NULL;
979 if (!ip_xmit_attr_from_mblk(asyncmp, &ixas)) {
980 AH_BUMP_STAT(ahstack, out_discards);
981 ip_drop_packet(data_mp, B_FALSE, NULL,
982 DROPPER(ipss, ipds_sadb_acquire_timeout),
983 &ahstack->ah_dropper);
984 } else if (rc != 0) {
985 ill = ixas.ixa_nce->nce_ill;
986 AH_BUMP_STAT(ahstack, out_discards);
987 ip_drop_packet(data_mp, B_FALSE, ill,
988 DROPPER(ipss, ipds_sadb_acquire_timeout),
989 &ahstack->ah_dropper);
990 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
991 } else {
992 ah_outbound_finish(data_mp, &ixas);
993 }
994 ixa_cleanup(&ixas);
995 }
996
997 return (rc);
998 }
999
1000
1001 /*
1002 * Process one of the queued messages (from ipsacq_mp) once the SA
1003 * has been added.
1004 */
1005 static void
1006 ah_outbound_finish(mblk_t *data_mp, ip_xmit_attr_t *ixa)
1007 {
1008 netstack_t *ns = ixa->ixa_ipst->ips_netstack;
1009 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
1010 ipsec_stack_t *ipss = ns->netstack_ipsec;
1011 ill_t *ill = ixa->ixa_nce->nce_ill;
1012
1013 if (!ipsec_outbound_sa(data_mp, ixa, IPPROTO_AH)) {
1014 AH_BUMP_STAT(ahstack, out_discards);
1015 ip_drop_packet(data_mp, B_FALSE, ill,
1016 DROPPER(ipss, ipds_sadb_acquire_timeout),
1017 &ahstack->ah_dropper);
1018 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
1019 return;
1020 }
1021
1022 data_mp = ah_outbound(data_mp, ixa);
1023 if (data_mp == NULL)
1024 return;
1025
1026 (void) ip_output_post_ipsec(data_mp, ixa);
1027 }
1028
1029 /*
1030 * Add new AH security association. This may become a generic AH/ESP
1031 * routine eventually.
1032 */
1033 static int
1034 ah_add_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic, netstack_t *ns)
1035 {
1036 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
1037 sadb_address_t *srcext =
1038 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC];
1039 sadb_address_t *dstext =
1040 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
1041 sadb_address_t *isrcext =
1042 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_INNER_SRC];
1043 sadb_address_t *idstext =
1044 (sadb_address_t *)ksi->ks_in_extv[SADB_X_EXT_ADDRESS_INNER_DST];
1045 sadb_key_t *key = (sadb_key_t *)ksi->ks_in_extv[SADB_EXT_KEY_AUTH];
1046 struct sockaddr_in *src, *dst;
1047 /* We don't need sockaddr_in6 for now. */
1048 sadb_lifetime_t *soft =
1049 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_SOFT];
1050 sadb_lifetime_t *hard =
1051 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_EXT_LIFETIME_HARD];
1052 sadb_lifetime_t *idle =
1053 (sadb_lifetime_t *)ksi->ks_in_extv[SADB_X_EXT_LIFETIME_IDLE];
1054 ipsec_alginfo_t *aalg;
1055 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
1056 ipsec_stack_t *ipss = ns->netstack_ipsec;
1057
1058 /* I need certain extensions present for an ADD message. */
1059 if (srcext == NULL) {
1060 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SRC;
1061 return (EINVAL);
1062 }
1063 if (dstext == NULL) {
1064 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST;
1065 return (EINVAL);
1066 }
1067 if (isrcext == NULL && idstext != NULL) {
1068 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_INNER_SRC;
1069 return (EINVAL);
1070 }
1071 if (isrcext != NULL && idstext == NULL) {
1072 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_INNER_DST;
1073 return (EINVAL);
1074 }
1075 if (assoc == NULL) {
1076 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA;
1077 return (EINVAL);
1078 }
1079 if (key == NULL) {
1080 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_AKEY;
1081 return (EINVAL);
1082 }
1083
1084 src = (struct sockaddr_in *)(srcext + 1);
1085 dst = (struct sockaddr_in *)(dstext + 1);
1086
1087 /* Sundry ADD-specific reality checks. */
1088 /* XXX STATS : Logging/stats here? */
1089
1090 if (assoc->sadb_sa_state != SADB_SASTATE_MATURE) {
1091 *diagnostic = SADB_X_DIAGNOSTIC_BAD_SASTATE;
1092 return (EINVAL);
1093 }
1094 if (assoc->sadb_sa_encrypt != SADB_EALG_NONE) {
1095 *diagnostic = SADB_X_DIAGNOSTIC_ENCR_NOTSUPP;
1096 return (EINVAL);
1097 }
1098 if (assoc->sadb_sa_flags & ~ahstack->ah_sadb.s_addflags) {
1099 *diagnostic = SADB_X_DIAGNOSTIC_BAD_SAFLAGS;
1100 return (EINVAL);
1101 }
1102 if ((*diagnostic = sadb_hardsoftchk(hard, soft, idle)) != 0)
1103 return (EINVAL);
1104
1105 ASSERT(src->sin_family == dst->sin_family);
1106
1107 /* Stuff I don't support, for now. XXX Diagnostic? */
1108 if (ksi->ks_in_extv[SADB_EXT_LIFETIME_CURRENT] != NULL)
1109 return (EOPNOTSUPP);
1110
1111 if (ksi->ks_in_extv[SADB_EXT_SENSITIVITY] != NULL) {
1112 if (!is_system_labeled())
1113 return (EOPNOTSUPP);
1114 }
1115
1116 if (ksi->ks_in_extv[SADB_X_EXT_OUTER_SENS] != NULL) {
1117 if (!is_system_labeled())
1118 return (EOPNOTSUPP);
1119 }
1120 /*
1121 * XXX Policy : I'm not checking identities at this time, but
1122 * if I did, I'd do them here, before I sent the weak key
1123 * check up to the algorithm.
1124 */
1125
1126 /* verify that there is a mapping for the specified algorithm */
1127 mutex_enter(&ipss->ipsec_alg_lock);
1128 aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH][assoc->sadb_sa_auth];
1129 if (aalg == NULL || !ALG_VALID(aalg)) {
1130 mutex_exit(&ipss->ipsec_alg_lock);
1131 ah1dbg(ahstack, ("Couldn't find auth alg #%d.\n",
1132 assoc->sadb_sa_auth));
1133 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG;
1134 return (EINVAL);
1135 }
1136 ASSERT(aalg->alg_mech_type != CRYPTO_MECHANISM_INVALID);
1137
1138 /* sanity check key sizes */
1139 if (!ipsec_valid_key_size(key->sadb_key_bits, aalg)) {
1140 mutex_exit(&ipss->ipsec_alg_lock);
1141 *diagnostic = SADB_X_DIAGNOSTIC_BAD_AKEYBITS;
1142 return (EINVAL);
1143 }
1144
1145 /* check key and fix parity if needed */
1146 if (ipsec_check_key(aalg->alg_mech_type, key, B_TRUE,
1147 diagnostic) != 0) {
1148 mutex_exit(&ipss->ipsec_alg_lock);
1149 return (EINVAL);
1150 }
1151
1152 mutex_exit(&ipss->ipsec_alg_lock);
1153
1154 return (ah_add_sa_finish(mp, (sadb_msg_t *)mp->b_cont->b_rptr, ksi,
1155 diagnostic, ahstack));
1156 }
1157
1158 /* Refactor me */
1159 /*
1160 * Update a security association. Updates come in two varieties. The first
1161 * is an update of lifetimes on a non-larval SA. The second is an update of
1162 * a larval SA, which ends up looking a lot more like an add.
1163 */
1164 static int
1165 ah_update_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic,
1166 ipsecah_stack_t *ahstack, uint8_t sadb_msg_type)
1167 {
1168 sadb_address_t *dstext =
1169 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
1170
1171 if (dstext == NULL) {
1172 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_DST;
1173 return (EINVAL);
1174 }
1175
1176 return (sadb_update_sa(mp, ksi, &ahstack->ah_sadb, diagnostic,
1177 ahstack->ah_pfkey_q, ah_add_sa, ahstack->ipsecah_netstack,
1178 sadb_msg_type));
1179 }
1180
1181 /* Refactor me */
1182 /*
1183 * Delete a security association. This is REALLY likely to be code common to
1184 * both AH and ESP. Find the association, then unlink it.
1185 */
1186 static int
1187 ah_del_sa(mblk_t *mp, keysock_in_t *ksi, int *diagnostic,
1188 ipsecah_stack_t *ahstack, uint8_t sadb_msg_type)
1189 {
1190 sadb_sa_t *assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SA];
1191 sadb_address_t *dstext =
1192 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_DST];
1193 sadb_address_t *srcext =
1194 (sadb_address_t *)ksi->ks_in_extv[SADB_EXT_ADDRESS_SRC];
1195 struct sockaddr_in *sin;
1196
1197 if (assoc == NULL) {
1198 if (dstext != NULL)
1199 sin = (struct sockaddr_in *)(dstext + 1);
1200 else if (srcext != NULL)
1201 sin = (struct sockaddr_in *)(srcext + 1);
1202 else {
1203 *diagnostic = SADB_X_DIAGNOSTIC_MISSING_SA;
1204 return (EINVAL);
1205 }
1206 return (sadb_purge_sa(mp, ksi,
1207 (sin->sin_family == AF_INET6) ? &ahstack->ah_sadb.s_v6 :
1208 &ahstack->ah_sadb.s_v4, diagnostic, ahstack->ah_pfkey_q));
1209 }
1210
1211 return (sadb_delget_sa(mp, ksi, &ahstack->ah_sadb, diagnostic,
1212 ahstack->ah_pfkey_q, sadb_msg_type));
1213 }
1214
1215 /* Refactor me */
1216 /*
1217 * Convert the entire contents of all of AH's SA tables into PF_KEY SADB_DUMP
1218 * messages.
1219 */
1220 static void
1221 ah_dump(mblk_t *mp, keysock_in_t *ksi, ipsecah_stack_t *ahstack)
1222 {
1223 int error;
1224 sadb_msg_t *samsg;
1225
1226 /*
1227 * Dump each fanout, bailing if error is non-zero.
1228 */
1229
1230 error = sadb_dump(ahstack->ah_pfkey_q, mp, ksi, &ahstack->ah_sadb.s_v4);
1231 if (error != 0)
1232 goto bail;
1233
1234 error = sadb_dump(ahstack->ah_pfkey_q, mp, ksi, &ahstack->ah_sadb.s_v6);
1235 bail:
1236 ASSERT(mp->b_cont != NULL);
1237 samsg = (sadb_msg_t *)mp->b_cont->b_rptr;
1238 samsg->sadb_msg_errno = (uint8_t)error;
1239 sadb_pfkey_echo(ahstack->ah_pfkey_q, mp,
1240 (sadb_msg_t *)mp->b_cont->b_rptr, ksi, NULL);
1241 }
1242
1243 /*
1244 * First-cut reality check for an inbound PF_KEY message.
1245 */
1246 static boolean_t
1247 ah_pfkey_reality_failures(mblk_t *mp, keysock_in_t *ksi,
1248 ipsecah_stack_t *ahstack)
1249 {
1250 int diagnostic;
1251
1252 if (mp->b_cont == NULL) {
1253 freemsg(mp);
1254 return (B_TRUE);
1255 }
1256
1257 if (ksi->ks_in_extv[SADB_EXT_KEY_ENCRYPT] != NULL) {
1258 diagnostic = SADB_X_DIAGNOSTIC_EKEY_PRESENT;
1259 goto badmsg;
1260 }
1261 if (ksi->ks_in_extv[SADB_EXT_PROPOSAL] != NULL) {
1262 diagnostic = SADB_X_DIAGNOSTIC_PROP_PRESENT;
1263 goto badmsg;
1264 }
1265 if (ksi->ks_in_extv[SADB_EXT_SUPPORTED_AUTH] != NULL ||
1266 ksi->ks_in_extv[SADB_EXT_SUPPORTED_ENCRYPT] != NULL) {
1267 diagnostic = SADB_X_DIAGNOSTIC_SUPP_PRESENT;
1268 goto badmsg;
1269 }
1270 return (B_FALSE); /* False ==> no failures */
1271
1272 badmsg:
1273 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, EINVAL,
1274 diagnostic, ksi->ks_in_serial);
1275 return (B_TRUE); /* True ==> failures */
1276 }
1277
1278 /*
1279 * AH parsing of PF_KEY messages. Keysock did most of the really silly
1280 * error cases. What I receive is a fully-formed, syntactically legal
1281 * PF_KEY message. I then need to check semantics...
1282 *
1283 * This code may become common to AH and ESP. Stay tuned.
1284 *
1285 * I also make the assumption that db_ref's are cool. If this assumption
1286 * is wrong, this means that someone other than keysock or me has been
1287 * mucking with PF_KEY messages.
1288 */
1289 static void
1290 ah_parse_pfkey(mblk_t *mp, ipsecah_stack_t *ahstack)
1291 {
1292 mblk_t *msg = mp->b_cont;
1293 sadb_msg_t *samsg;
1294 keysock_in_t *ksi;
1295 int error;
1296 int diagnostic = SADB_X_DIAGNOSTIC_NONE;
1297
1298 ASSERT(msg != NULL);
1299
1300 samsg = (sadb_msg_t *)msg->b_rptr;
1301 ksi = (keysock_in_t *)mp->b_rptr;
1302
1303 /*
1304 * If applicable, convert unspecified AF_INET6 to unspecified
1305 * AF_INET.
1306 */
1307 if (!sadb_addrfix(ksi, ahstack->ah_pfkey_q, mp,
1308 ahstack->ipsecah_netstack) ||
1309 ah_pfkey_reality_failures(mp, ksi, ahstack)) {
1310 return;
1311 }
1312
1313 switch (samsg->sadb_msg_type) {
1314 case SADB_ADD:
1315 error = ah_add_sa(mp, ksi, &diagnostic,
1316 ahstack->ipsecah_netstack);
1317 if (error != 0) {
1318 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, error,
1319 diagnostic, ksi->ks_in_serial);
1320 }
1321 /* else ah_add_sa() took care of things. */
1322 break;
1323 case SADB_DELETE:
1324 case SADB_X_DELPAIR:
1325 error = ah_del_sa(mp, ksi, &diagnostic, ahstack,
1326 samsg->sadb_msg_type);
1327 if (error != 0) {
1328 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, error,
1329 diagnostic, ksi->ks_in_serial);
1330 }
1331 /* Else ah_del_sa() took care of things. */
1332 break;
1333 case SADB_GET:
1334 error = sadb_delget_sa(mp, ksi, &ahstack->ah_sadb, &diagnostic,
1335 ahstack->ah_pfkey_q, samsg->sadb_msg_type);
1336 if (error != 0) {
1337 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, error,
1338 diagnostic, ksi->ks_in_serial);
1339 }
1340 /* Else sadb_get_sa() took care of things. */
1341 break;
1342 case SADB_FLUSH:
1343 sadbp_flush(&ahstack->ah_sadb, ahstack->ipsecah_netstack);
1344 sadb_pfkey_echo(ahstack->ah_pfkey_q, mp, samsg, ksi, NULL);
1345 break;
1346 case SADB_REGISTER:
1347 /*
1348 * Hmmm, let's do it! Check for extensions (there should
1349 * be none), extract the fields, call ah_register_out(),
1350 * then either free or report an error.
1351 *
1352 * Keysock takes care of the PF_KEY bookkeeping for this.
1353 */
1354 if (ah_register_out(samsg->sadb_msg_seq, samsg->sadb_msg_pid,
1355 ksi->ks_in_serial, ahstack, msg_getcred(mp, NULL))) {
1356 freemsg(mp);
1357 } else {
1358 /*
1359 * Only way this path hits is if there is a memory
1360 * failure. It will not return B_FALSE because of
1361 * lack of ah_pfkey_q if I am in wput().
1362 */
1363 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, ENOMEM,
1364 diagnostic, ksi->ks_in_serial);
1365 }
1366 break;
1367 case SADB_UPDATE:
1368 case SADB_X_UPDATEPAIR:
1369 /*
1370 * Find a larval, if not there, find a full one and get
1371 * strict.
1372 */
1373 error = ah_update_sa(mp, ksi, &diagnostic, ahstack,
1374 samsg->sadb_msg_type);
1375 if (error != 0) {
1376 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, error,
1377 diagnostic, ksi->ks_in_serial);
1378 }
1379 /* else ah_update_sa() took care of things. */
1380 break;
1381 case SADB_GETSPI:
1382 /*
1383 * Reserve a new larval entry.
1384 */
1385 ah_getspi(mp, ksi, ahstack);
1386 break;
1387 case SADB_ACQUIRE:
1388 /*
1389 * Find larval and/or ACQUIRE record and kill it (them), I'm
1390 * most likely an error. Inbound ACQUIRE messages should only
1391 * have the base header.
1392 */
1393 sadb_in_acquire(samsg, &ahstack->ah_sadb, ahstack->ah_pfkey_q,
1394 ahstack->ipsecah_netstack);
1395 freemsg(mp);
1396 break;
1397 case SADB_DUMP:
1398 /*
1399 * Dump all entries.
1400 */
1401 ah_dump(mp, ksi, ahstack);
1402 /* ah_dump will take care of the return message, etc. */
1403 break;
1404 case SADB_EXPIRE:
1405 /* Should never reach me. */
1406 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, EOPNOTSUPP,
1407 diagnostic, ksi->ks_in_serial);
1408 break;
1409 default:
1410 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, EINVAL,
1411 SADB_X_DIAGNOSTIC_UNKNOWN_MSG, ksi->ks_in_serial);
1412 break;
1413 }
1414 }
1415
1416 /*
1417 * Handle case where PF_KEY says it can't find a keysock for one of my
1418 * ACQUIRE messages.
1419 */
1420 static void
1421 ah_keysock_no_socket(mblk_t *mp, ipsecah_stack_t *ahstack)
1422 {
1423 sadb_msg_t *samsg;
1424 keysock_out_err_t *kse = (keysock_out_err_t *)mp->b_rptr;
1425
1426 if (mp->b_cont == NULL) {
1427 freemsg(mp);
1428 return;
1429 }
1430 samsg = (sadb_msg_t *)mp->b_cont->b_rptr;
1431
1432 /*
1433 * If keysock can't find any registered, delete the acquire record
1434 * immediately, and handle errors.
1435 */
1436 if (samsg->sadb_msg_type == SADB_ACQUIRE) {
1437 samsg->sadb_msg_errno = kse->ks_err_errno;
1438 samsg->sadb_msg_len = SADB_8TO64(sizeof (*samsg));
1439 /*
1440 * Use the write-side of the ah_pfkey_q
1441 */
1442 sadb_in_acquire(samsg, &ahstack->ah_sadb,
1443 WR(ahstack->ah_pfkey_q), ahstack->ipsecah_netstack);
1444 }
1445
1446 freemsg(mp);
1447 }
1448
1449 /*
1450 * AH module write put routine.
1451 */
1452 static void
1453 ipsecah_wput(queue_t *q, mblk_t *mp)
1454 {
1455 ipsec_info_t *ii;
1456 struct iocblk *iocp;
1457 ipsecah_stack_t *ahstack = (ipsecah_stack_t *)q->q_ptr;
1458
1459 ah3dbg(ahstack, ("In ah_wput().\n"));
1460
1461 /* NOTE: Each case must take care of freeing or passing mp. */
1462 switch (mp->b_datap->db_type) {
1463 case M_CTL:
1464 if ((mp->b_wptr - mp->b_rptr) < sizeof (ipsec_info_t)) {
1465 /* Not big enough message. */
1466 freemsg(mp);
1467 break;
1468 }
1469 ii = (ipsec_info_t *)mp->b_rptr;
1470
1471 switch (ii->ipsec_info_type) {
1472 case KEYSOCK_OUT_ERR:
1473 ah1dbg(ahstack, ("Got KEYSOCK_OUT_ERR message.\n"));
1474 ah_keysock_no_socket(mp, ahstack);
1475 break;
1476 case KEYSOCK_IN:
1477 AH_BUMP_STAT(ahstack, keysock_in);
1478 ah3dbg(ahstack, ("Got KEYSOCK_IN message.\n"));
1479
1480 /* Parse the message. */
1481 ah_parse_pfkey(mp, ahstack);
1482 break;
1483 case KEYSOCK_HELLO:
1484 sadb_keysock_hello(&ahstack->ah_pfkey_q, q, mp,
1485 ah_ager, (void *)ahstack, &ahstack->ah_event,
1486 SADB_SATYPE_AH);
1487 break;
1488 default:
1489 ah1dbg(ahstack, ("Got M_CTL from above of 0x%x.\n",
1490 ii->ipsec_info_type));
1491 freemsg(mp);
1492 break;
1493 }
1494 break;
1495 case M_IOCTL:
1496 iocp = (struct iocblk *)mp->b_rptr;
1497 switch (iocp->ioc_cmd) {
1498 case ND_SET:
1499 case ND_GET:
1500 if (nd_getset(q, ahstack->ipsecah_g_nd, mp)) {
1501 qreply(q, mp);
1502 return;
1503 } else {
1504 iocp->ioc_error = ENOENT;
1505 }
1506 /* FALLTHRU */
1507 default:
1508 /* We really don't support any other ioctls, do we? */
1509
1510 /* Return EINVAL */
1511 if (iocp->ioc_error != ENOENT)
1512 iocp->ioc_error = EINVAL;
1513 iocp->ioc_count = 0;
1514 mp->b_datap->db_type = M_IOCACK;
1515 qreply(q, mp);
1516 return;
1517 }
1518 default:
1519 ah3dbg(ahstack,
1520 ("Got default message, type %d, passing to IP.\n",
1521 mp->b_datap->db_type));
1522 putnext(q, mp);
1523 }
1524 }
1525
1526 /* Refactor me */
1527 /*
1528 * Updating use times can be tricky business if the ipsa_haspeer flag is
1529 * set. This function is called once in an SA's lifetime.
1530 *
1531 * Caller has to REFRELE "assoc" which is passed in. This function has
1532 * to REFRELE any peer SA that is obtained.
1533 */
1534 static void
1535 ah_set_usetime(ipsa_t *assoc, boolean_t inbound)
1536 {
1537 ipsa_t *inassoc, *outassoc;
1538 isaf_t *bucket;
1539 sadb_t *sp;
1540 int outhash;
1541 boolean_t isv6;
1542 netstack_t *ns = assoc->ipsa_netstack;
1543 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
1544
1545 /* No peer? No problem! */
1546 if (!assoc->ipsa_haspeer) {
1547 sadb_set_usetime(assoc);
1548 return;
1549 }
1550
1551 /*
1552 * Otherwise, we want to grab both the original assoc and its peer.
1553 * There might be a race for this, but if it's a real race, the times
1554 * will be out-of-synch by at most a second, and since our time
1555 * granularity is a second, this won't be a problem.
1556 *
1557 * If we need tight synchronization on the peer SA, then we need to
1558 * reconsider.
1559 */
1560
1561 /* Use address family to select IPv6/IPv4 */
1562 isv6 = (assoc->ipsa_addrfam == AF_INET6);
1563 if (isv6) {
1564 sp = &ahstack->ah_sadb.s_v6;
1565 } else {
1566 sp = &ahstack->ah_sadb.s_v4;
1567 ASSERT(assoc->ipsa_addrfam == AF_INET);
1568 }
1569 if (inbound) {
1570 inassoc = assoc;
1571 if (isv6)
1572 outhash = OUTBOUND_HASH_V6(sp,
1573 *((in6_addr_t *)&inassoc->ipsa_dstaddr));
1574 else
1575 outhash = OUTBOUND_HASH_V4(sp,
1576 *((ipaddr_t *)&inassoc->ipsa_dstaddr));
1577 bucket = &sp->sdb_of[outhash];
1578
1579 mutex_enter(&bucket->isaf_lock);
1580 outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi,
1581 inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr,
1582 inassoc->ipsa_addrfam);
1583 mutex_exit(&bucket->isaf_lock);
1584 if (outassoc == NULL) {
1585 /* Q: Do we wish to set haspeer == B_FALSE? */
1586 ah0dbg(("ah_set_usetime: "
1587 "can't find peer for inbound.\n"));
1588 sadb_set_usetime(inassoc);
1589 return;
1590 }
1591 } else {
1592 outassoc = assoc;
1593 bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi);
1594 mutex_enter(&bucket->isaf_lock);
1595 inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi,
1596 outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr,
1597 outassoc->ipsa_addrfam);
1598 mutex_exit(&bucket->isaf_lock);
1599 if (inassoc == NULL) {
1600 /* Q: Do we wish to set haspeer == B_FALSE? */
1601 ah0dbg(("ah_set_usetime: "
1602 "can't find peer for outbound.\n"));
1603 sadb_set_usetime(outassoc);
1604 return;
1605 }
1606 }
1607
1608 /* Update usetime on both. */
1609 sadb_set_usetime(inassoc);
1610 sadb_set_usetime(outassoc);
1611
1612 /*
1613 * REFRELE any peer SA.
1614 *
1615 * Because of the multi-line macro nature of IPSA_REFRELE, keep
1616 * them in { }.
1617 */
1618 if (inbound) {
1619 IPSA_REFRELE(outassoc);
1620 } else {
1621 IPSA_REFRELE(inassoc);
1622 }
1623 }
1624
1625 /* Refactor me */
1626 /*
1627 * Add a number of bytes to what the SA has protected so far. Return
1628 * B_TRUE if the SA can still protect that many bytes.
1629 *
1630 * Caller must REFRELE the passed-in assoc. This function must REFRELE
1631 * any obtained peer SA.
1632 */
1633 static boolean_t
1634 ah_age_bytes(ipsa_t *assoc, uint64_t bytes, boolean_t inbound)
1635 {
1636 ipsa_t *inassoc, *outassoc;
1637 isaf_t *bucket;
1638 boolean_t inrc, outrc, isv6;
1639 sadb_t *sp;
1640 int outhash;
1641 netstack_t *ns = assoc->ipsa_netstack;
1642 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
1643
1644 /* No peer? No problem! */
1645 if (!assoc->ipsa_haspeer) {
1646 return (sadb_age_bytes(ahstack->ah_pfkey_q, assoc, bytes,
1647 B_TRUE));
1648 }
1649
1650 /*
1651 * Otherwise, we want to grab both the original assoc and its peer.
1652 * There might be a race for this, but if it's a real race, two
1653 * expire messages may occur. We limit this by only sending the
1654 * expire message on one of the peers, we'll pick the inbound
1655 * arbitrarily.
1656 *
1657 * If we need tight synchronization on the peer SA, then we need to
1658 * reconsider.
1659 */
1660
1661 /* Pick v4/v6 bucket based on addrfam. */
1662 isv6 = (assoc->ipsa_addrfam == AF_INET6);
1663 if (isv6) {
1664 sp = &ahstack->ah_sadb.s_v6;
1665 } else {
1666 sp = &ahstack->ah_sadb.s_v4;
1667 ASSERT(assoc->ipsa_addrfam == AF_INET);
1668 }
1669 if (inbound) {
1670 inassoc = assoc;
1671 if (isv6)
1672 outhash = OUTBOUND_HASH_V6(sp,
1673 *((in6_addr_t *)&inassoc->ipsa_dstaddr));
1674 else
1675 outhash = OUTBOUND_HASH_V4(sp,
1676 *((ipaddr_t *)&inassoc->ipsa_dstaddr));
1677 bucket = &sp->sdb_of[outhash];
1678 mutex_enter(&bucket->isaf_lock);
1679 outassoc = ipsec_getassocbyspi(bucket, inassoc->ipsa_spi,
1680 inassoc->ipsa_srcaddr, inassoc->ipsa_dstaddr,
1681 inassoc->ipsa_addrfam);
1682 mutex_exit(&bucket->isaf_lock);
1683 if (outassoc == NULL) {
1684 /* Q: Do we wish to set haspeer == B_FALSE? */
1685 ah0dbg(("ah_age_bytes: "
1686 "can't find peer for inbound.\n"));
1687 return (sadb_age_bytes(ahstack->ah_pfkey_q, inassoc,
1688 bytes, B_TRUE));
1689 }
1690 } else {
1691 outassoc = assoc;
1692 bucket = INBOUND_BUCKET(sp, outassoc->ipsa_spi);
1693 mutex_enter(&bucket->isaf_lock);
1694 inassoc = ipsec_getassocbyspi(bucket, outassoc->ipsa_spi,
1695 outassoc->ipsa_srcaddr, outassoc->ipsa_dstaddr,
1696 outassoc->ipsa_addrfam);
1697 mutex_exit(&bucket->isaf_lock);
1698 if (inassoc == NULL) {
1699 /* Q: Do we wish to set haspeer == B_FALSE? */
1700 ah0dbg(("ah_age_bytes: "
1701 "can't find peer for outbound.\n"));
1702 return (sadb_age_bytes(ahstack->ah_pfkey_q, outassoc,
1703 bytes, B_TRUE));
1704 }
1705 }
1706
1707 inrc = sadb_age_bytes(ahstack->ah_pfkey_q, inassoc, bytes, B_TRUE);
1708 outrc = sadb_age_bytes(ahstack->ah_pfkey_q, outassoc, bytes, B_FALSE);
1709
1710 /*
1711 * REFRELE any peer SA.
1712 *
1713 * Because of the multi-line macro nature of IPSA_REFRELE, keep
1714 * them in { }.
1715 */
1716 if (inbound) {
1717 IPSA_REFRELE(outassoc);
1718 } else {
1719 IPSA_REFRELE(inassoc);
1720 }
1721
1722 return (inrc && outrc);
1723 }
1724
1725 /*
1726 * Perform the really difficult work of inserting the proposed situation.
1727 * Called while holding the algorithm lock.
1728 */
1729 static void
1730 ah_insert_prop(sadb_prop_t *prop, ipsacq_t *acqrec, uint_t combs,
1731 netstack_t *ns)
1732 {
1733 sadb_comb_t *comb = (sadb_comb_t *)(prop + 1);
1734 ipsec_action_t *ap;
1735 ipsec_prot_t *prot;
1736 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
1737 ipsec_stack_t *ipss = ns->netstack_ipsec;
1738
1739 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock));
1740
1741 prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
1742 prop->sadb_prop_len = SADB_8TO64(sizeof (sadb_prop_t));
1743 *(uint32_t *)(&prop->sadb_prop_replay) = 0; /* Quick zero-out! */
1744
1745 prop->sadb_prop_replay = ahstack->ipsecah_replay_size;
1746
1747 /*
1748 * Based upon algorithm properties, and what-not, prioritize a
1749 * proposal, based on the ordering of the AH algorithms in the
1750 * alternatives in the policy rule or socket that was placed
1751 * in the acquire record.
1752 */
1753
1754 for (ap = acqrec->ipsacq_act; ap != NULL;
1755 ap = ap->ipa_next) {
1756 ipsec_alginfo_t *aalg;
1757
1758 if ((ap->ipa_act.ipa_type != IPSEC_POLICY_APPLY) ||
1759 (!ap->ipa_act.ipa_apply.ipp_use_ah))
1760 continue;
1761
1762 prot = &ap->ipa_act.ipa_apply;
1763
1764 ASSERT(prot->ipp_auth_alg > 0);
1765
1766 aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH]
1767 [prot->ipp_auth_alg];
1768 if (aalg == NULL || !ALG_VALID(aalg))
1769 continue;
1770
1771 /* XXX check aalg for duplicates??.. */
1772
1773 comb->sadb_comb_flags = 0;
1774 comb->sadb_comb_reserved = 0;
1775 comb->sadb_comb_encrypt = 0;
1776 comb->sadb_comb_encrypt_minbits = 0;
1777 comb->sadb_comb_encrypt_maxbits = 0;
1778
1779 comb->sadb_comb_auth = aalg->alg_id;
1780 comb->sadb_comb_auth_minbits =
1781 MAX(prot->ipp_ah_minbits, aalg->alg_ef_minbits);
1782 comb->sadb_comb_auth_maxbits =
1783 MIN(prot->ipp_ah_maxbits, aalg->alg_ef_maxbits);
1784
1785 /*
1786 * The following may be based on algorithm
1787 * properties, but in the meantime, we just pick
1788 * some good, sensible numbers. Key mgmt. can
1789 * (and perhaps should) be the place to finalize
1790 * such decisions.
1791 */
1792
1793 /*
1794 * No limits on allocations, since we really don't
1795 * support that concept currently.
1796 */
1797 comb->sadb_comb_soft_allocations = 0;
1798 comb->sadb_comb_hard_allocations = 0;
1799
1800 /*
1801 * These may want to come from policy rule..
1802 */
1803 comb->sadb_comb_soft_bytes =
1804 ahstack->ipsecah_default_soft_bytes;
1805 comb->sadb_comb_hard_bytes =
1806 ahstack->ipsecah_default_hard_bytes;
1807 comb->sadb_comb_soft_addtime =
1808 ahstack->ipsecah_default_soft_addtime;
1809 comb->sadb_comb_hard_addtime =
1810 ahstack->ipsecah_default_hard_addtime;
1811 comb->sadb_comb_soft_usetime =
1812 ahstack->ipsecah_default_soft_usetime;
1813 comb->sadb_comb_hard_usetime =
1814 ahstack->ipsecah_default_hard_usetime;
1815
1816 prop->sadb_prop_len += SADB_8TO64(sizeof (*comb));
1817 if (--combs == 0)
1818 return; /* out of space.. */
1819 comb++;
1820 }
1821 }
1822
1823 /*
1824 * Prepare and actually send the SADB_ACQUIRE message to PF_KEY.
1825 */
1826 static void
1827 ah_send_acquire(ipsacq_t *acqrec, mblk_t *extended, netstack_t *ns)
1828 {
1829 uint_t combs;
1830 sadb_msg_t *samsg;
1831 sadb_prop_t *prop;
1832 mblk_t *pfkeymp, *msgmp;
1833 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
1834 ipsec_stack_t *ipss = ns->netstack_ipsec;
1835
1836 AH_BUMP_STAT(ahstack, acquire_requests);
1837
1838 if (ahstack->ah_pfkey_q == NULL) {
1839 mutex_exit(&acqrec->ipsacq_lock);
1840 return;
1841 }
1842
1843 /* Set up ACQUIRE. */
1844 pfkeymp = sadb_setup_acquire(acqrec, SADB_SATYPE_AH,
1845 ns->netstack_ipsec);
1846 if (pfkeymp == NULL) {
1847 ah0dbg(("sadb_setup_acquire failed.\n"));
1848 mutex_exit(&acqrec->ipsacq_lock);
1849 return;
1850 }
1851 ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock));
1852 combs = ipss->ipsec_nalgs[IPSEC_ALG_AUTH];
1853 msgmp = pfkeymp->b_cont;
1854 samsg = (sadb_msg_t *)(msgmp->b_rptr);
1855
1856 /* Insert proposal here. */
1857
1858 prop = (sadb_prop_t *)(((uint64_t *)samsg) + samsg->sadb_msg_len);
1859 ah_insert_prop(prop, acqrec, combs, ns);
1860 samsg->sadb_msg_len += prop->sadb_prop_len;
1861 msgmp->b_wptr += SADB_64TO8(samsg->sadb_msg_len);
1862
1863 mutex_exit(&ipss->ipsec_alg_lock);
1864
1865 /*
1866 * Must mutex_exit() before sending PF_KEY message up, in
1867 * order to avoid recursive mutex_enter() if there are no registered
1868 * listeners.
1869 *
1870 * Once I've sent the message, I'm cool anyway.
1871 */
1872 mutex_exit(&acqrec->ipsacq_lock);
1873 if (extended != NULL) {
1874 putnext(ahstack->ah_pfkey_q, extended);
1875 }
1876 putnext(ahstack->ah_pfkey_q, pfkeymp);
1877 }
1878
1879 /* Refactor me */
1880 /*
1881 * Handle the SADB_GETSPI message. Create a larval SA.
1882 */
1883 static void
1884 ah_getspi(mblk_t *mp, keysock_in_t *ksi, ipsecah_stack_t *ahstack)
1885 {
1886 ipsa_t *newbie, *target;
1887 isaf_t *outbound, *inbound;
1888 int rc, diagnostic;
1889 sadb_sa_t *assoc;
1890 keysock_out_t *kso;
1891 uint32_t newspi;
1892
1893 /*
1894 * Randomly generate a proposed SPI value.
1895 */
1896 (void) random_get_pseudo_bytes((uint8_t *)&newspi, sizeof (uint32_t));
1897 newbie = sadb_getspi(ksi, newspi, &diagnostic,
1898 ahstack->ipsecah_netstack);
1899
1900 if (newbie == NULL) {
1901 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, ENOMEM, diagnostic,
1902 ksi->ks_in_serial);
1903 return;
1904 } else if (newbie == (ipsa_t *)-1) {
1905 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, EINVAL, diagnostic,
1906 ksi->ks_in_serial);
1907 return;
1908 }
1909
1910 /*
1911 * XXX - We may randomly collide. We really should recover from this.
1912 * Unfortunately, that could require spending way-too-much-time
1913 * in here. For now, let the user retry.
1914 */
1915
1916 if (newbie->ipsa_addrfam == AF_INET6) {
1917 outbound = OUTBOUND_BUCKET_V6(&ahstack->ah_sadb.s_v6,
1918 *(uint32_t *)(newbie->ipsa_dstaddr));
1919 inbound = INBOUND_BUCKET(&ahstack->ah_sadb.s_v6,
1920 newbie->ipsa_spi);
1921 } else {
1922 outbound = OUTBOUND_BUCKET_V4(&ahstack->ah_sadb.s_v4,
1923 *(uint32_t *)(newbie->ipsa_dstaddr));
1924 inbound = INBOUND_BUCKET(&ahstack->ah_sadb.s_v4,
1925 newbie->ipsa_spi);
1926 }
1927
1928 mutex_enter(&outbound->isaf_lock);
1929 mutex_enter(&inbound->isaf_lock);
1930
1931 /*
1932 * Check for collisions (i.e. did sadb_getspi() return with something
1933 * that already exists?).
1934 *
1935 * Try outbound first. Even though SADB_GETSPI is traditionally
1936 * for inbound SAs, you never know what a user might do.
1937 */
1938 target = ipsec_getassocbyspi(outbound, newbie->ipsa_spi,
1939 newbie->ipsa_srcaddr, newbie->ipsa_dstaddr, newbie->ipsa_addrfam);
1940 if (target == NULL) {
1941 target = ipsec_getassocbyspi(inbound, newbie->ipsa_spi,
1942 newbie->ipsa_srcaddr, newbie->ipsa_dstaddr,
1943 newbie->ipsa_addrfam);
1944 }
1945
1946 /*
1947 * I don't have collisions elsewhere!
1948 * (Nor will I because I'm still holding inbound/outbound locks.)
1949 */
1950
1951 if (target != NULL) {
1952 rc = EEXIST;
1953 IPSA_REFRELE(target);
1954 } else {
1955 /*
1956 * sadb_insertassoc() also checks for collisions, so
1957 * if there's a colliding larval entry, rc will be set
1958 * to EEXIST.
1959 */
1960 rc = sadb_insertassoc(newbie, inbound);
1961 newbie->ipsa_hardexpiretime = gethrestime_sec();
1962 newbie->ipsa_hardexpiretime += ahstack->ipsecah_larval_timeout;
1963 }
1964
1965 /*
1966 * Can exit outbound mutex. Hold inbound until we're done with
1967 * newbie.
1968 */
1969 mutex_exit(&outbound->isaf_lock);
1970
1971 if (rc != 0) {
1972 mutex_exit(&inbound->isaf_lock);
1973 IPSA_REFRELE(newbie);
1974 sadb_pfkey_error(ahstack->ah_pfkey_q, mp, rc,
1975 SADB_X_DIAGNOSTIC_NONE, ksi->ks_in_serial);
1976 return;
1977 }
1978
1979 /* Can write here because I'm still holding the bucket lock. */
1980 newbie->ipsa_type = SADB_SATYPE_AH;
1981
1982 /*
1983 * Construct successful return message. We have one thing going
1984 * for us in PF_KEY v2. That's the fact that
1985 * sizeof (sadb_spirange_t) == sizeof (sadb_sa_t)
1986 */
1987 assoc = (sadb_sa_t *)ksi->ks_in_extv[SADB_EXT_SPIRANGE];
1988 assoc->sadb_sa_exttype = SADB_EXT_SA;
1989 assoc->sadb_sa_spi = newbie->ipsa_spi;
1990 *((uint64_t *)(&assoc->sadb_sa_replay)) = 0;
1991 mutex_exit(&inbound->isaf_lock);
1992
1993 /* Convert KEYSOCK_IN to KEYSOCK_OUT. */
1994 kso = (keysock_out_t *)ksi;
1995 kso->ks_out_len = sizeof (*kso);
1996 kso->ks_out_serial = ksi->ks_in_serial;
1997 kso->ks_out_type = KEYSOCK_OUT;
1998
1999 /*
2000 * Can safely putnext() to ah_pfkey_q, because this is a turnaround
2001 * from the ah_pfkey_q.
2002 */
2003 putnext(ahstack->ah_pfkey_q, mp);
2004 }
2005
2006 /*
2007 * IPv6 sends up the ICMP errors for validation and the removal of the AH
2008 * header.
2009 * If succesful, the mp has been modified to not include the AH header so
2010 * that the caller can fanout to the ULP's icmp error handler.
2011 */
2012 static mblk_t *
2013 ah_icmp_error_v6(mblk_t *mp, ip_recv_attr_t *ira, ipsecah_stack_t *ahstack)
2014 {
2015 ip6_t *ip6h, *oip6h;
2016 uint16_t hdr_length, ah_length;
2017 uint8_t *nexthdrp;
2018 ah_t *ah;
2019 icmp6_t *icmp6;
2020 isaf_t *isaf;
2021 ipsa_t *assoc;
2022 uint8_t *post_ah_ptr;
2023 ipsec_stack_t *ipss = ahstack->ipsecah_netstack->netstack_ipsec;
2024
2025 /*
2026 * Eat the cost of a pullupmsg() for now. It makes the rest of this
2027 * code far less convoluted.
2028 */
2029 if (!pullupmsg(mp, -1) ||
2030 !ip_hdr_length_nexthdr_v6(mp, (ip6_t *)mp->b_rptr, &hdr_length,
2031 &nexthdrp) ||
2032 mp->b_rptr + hdr_length + sizeof (icmp6_t) + sizeof (ip6_t) +
2033 sizeof (ah_t) > mp->b_wptr) {
2034 IP_AH_BUMP_STAT(ipss, in_discards);
2035 ip_drop_packet(mp, B_TRUE, ira->ira_ill,
2036 DROPPER(ipss, ipds_ah_nomem),
2037 &ahstack->ah_dropper);
2038 return (NULL);
2039 }
2040
2041 oip6h = (ip6_t *)mp->b_rptr;
2042 icmp6 = (icmp6_t *)((uint8_t *)oip6h + hdr_length);
2043 ip6h = (ip6_t *)(icmp6 + 1);
2044 if (!ip_hdr_length_nexthdr_v6(mp, ip6h, &hdr_length, &nexthdrp)) {
2045 IP_AH_BUMP_STAT(ipss, in_discards);
2046 ip_drop_packet(mp, B_TRUE, ira->ira_ill,
2047 DROPPER(ipss, ipds_ah_bad_v6_hdrs),
2048 &ahstack->ah_dropper);
2049 return (NULL);
2050 }
2051 ah = (ah_t *)((uint8_t *)ip6h + hdr_length);
2052
2053 isaf = OUTBOUND_BUCKET_V6(&ahstack->ah_sadb.s_v6, ip6h->ip6_dst);
2054 mutex_enter(&isaf->isaf_lock);
2055 assoc = ipsec_getassocbyspi(isaf, ah->ah_spi,
2056 (uint32_t *)&ip6h->ip6_src, (uint32_t *)&ip6h->ip6_dst, AF_INET6);
2057 mutex_exit(&isaf->isaf_lock);
2058
2059 if (assoc == NULL) {
2060 IP_AH_BUMP_STAT(ipss, lookup_failure);
2061 IP_AH_BUMP_STAT(ipss, in_discards);
2062 if (ahstack->ipsecah_log_unknown_spi) {
2063 ipsec_assocfailure(info.mi_idnum, 0, 0,
2064 SL_CONSOLE | SL_WARN | SL_ERROR,
2065 "Bad ICMP message - No association for the "
2066 "attached AH header whose spi is 0x%x, "
2067 "sender is 0x%x\n",
2068 ah->ah_spi, &oip6h->ip6_src, AF_INET6,
2069 ahstack->ipsecah_netstack);
2070 }
2071 ip_drop_packet(mp, B_TRUE, ira->ira_ill,
2072 DROPPER(ipss, ipds_ah_no_sa),
2073 &ahstack->ah_dropper);
2074 return (NULL);
2075 }
2076
2077 IPSA_REFRELE(assoc);
2078
2079 /*
2080 * There seems to be a valid association. If there is enough of AH
2081 * header remove it, otherwise bail. One could check whether it has
2082 * complete AH header plus 8 bytes but it does not make sense if an
2083 * icmp error is returned for ICMP messages e.g ICMP time exceeded,
2084 * that are being sent up. Let the caller figure out.
2085 *
2086 * NOTE: ah_length is the number of 32 bit words minus 2.
2087 */
2088 ah_length = (ah->ah_length << 2) + 8;
2089 post_ah_ptr = (uint8_t *)ah + ah_length;
2090
2091 if (post_ah_ptr > mp->b_wptr) {
2092 IP_AH_BUMP_STAT(ipss, in_discards);
2093 ip_drop_packet(mp, B_TRUE, ira->ira_ill,
2094 DROPPER(ipss, ipds_ah_bad_length),
2095 &ahstack->ah_dropper);
2096 return (NULL);
2097 }
2098
2099 ip6h->ip6_plen = htons(ntohs(ip6h->ip6_plen) - ah_length);
2100 *nexthdrp = ah->ah_nexthdr;
2101 ovbcopy(post_ah_ptr, ah,
2102 (size_t)((uintptr_t)mp->b_wptr - (uintptr_t)post_ah_ptr));
2103 mp->b_wptr -= ah_length;
2104
2105 return (mp);
2106 }
2107
2108 /*
2109 * IP sends up the ICMP errors for validation and the removal of
2110 * the AH header.
2111 * If succesful, the mp has been modified to not include the AH header so
2112 * that the caller can fanout to the ULP's icmp error handler.
2113 */
2114 static mblk_t *
2115 ah_icmp_error_v4(mblk_t *mp, ip_recv_attr_t *ira, ipsecah_stack_t *ahstack)
2116 {
2117 mblk_t *mp1;
2118 icmph_t *icmph;
2119 int iph_hdr_length;
2120 int hdr_length;
2121 isaf_t *hptr;
2122 ipsa_t *assoc;
2123 int ah_length;
2124 ipha_t *ipha;
2125 ipha_t *oipha;
2126 ah_t *ah;
2127 uint32_t length;
2128 int alloc_size;
2129 uint8_t nexthdr;
2130 ipsec_stack_t *ipss = ahstack->ipsecah_netstack->netstack_ipsec;
2131
2132 oipha = ipha = (ipha_t *)mp->b_rptr;
2133 iph_hdr_length = IPH_HDR_LENGTH(ipha);
2134 icmph = (icmph_t *)&mp->b_rptr[iph_hdr_length];
2135
2136 ipha = (ipha_t *)&icmph[1];
2137 hdr_length = IPH_HDR_LENGTH(ipha);
2138
2139 /*
2140 * See if we have enough to locate the SPI
2141 */
2142 if ((uchar_t *)ipha + hdr_length + 8 > mp->b_wptr) {
2143 if (!pullupmsg(mp, (uchar_t *)ipha + hdr_length + 8 -
2144 mp->b_rptr)) {
2145 ipsec_rl_strlog(ahstack->ipsecah_netstack,
2146 info.mi_idnum, 0, 0,
2147 SL_WARN | SL_ERROR,
2148 "ICMP error: Small AH header\n");
2149 IP_AH_BUMP_STAT(ipss, in_discards);
2150 ip_drop_packet(mp, B_TRUE, ira->ira_ill,
2151 DROPPER(ipss, ipds_ah_bad_length),
2152 &ahstack->ah_dropper);
2153 return (NULL);
2154 }
2155 icmph = (icmph_t *)&mp->b_rptr[iph_hdr_length];
2156 ipha = (ipha_t *)&icmph[1];
2157 }
2158
2159 ah = (ah_t *)((uint8_t *)ipha + hdr_length);
2160 nexthdr = ah->ah_nexthdr;
2161
2162 hptr = OUTBOUND_BUCKET_V4(&ahstack->ah_sadb.s_v4, ipha->ipha_dst);
2163 mutex_enter(&hptr->isaf_lock);
2164 assoc = ipsec_getassocbyspi(hptr, ah->ah_spi,
2165 (uint32_t *)&ipha->ipha_src, (uint32_t *)&ipha->ipha_dst, AF_INET);
2166 mutex_exit(&hptr->isaf_lock);
2167
2168 if (assoc == NULL) {
2169 IP_AH_BUMP_STAT(ipss, lookup_failure);
2170 IP_AH_BUMP_STAT(ipss, in_discards);
2171 if (ahstack->ipsecah_log_unknown_spi) {
2172 ipsec_assocfailure(info.mi_idnum, 0, 0,
2173 SL_CONSOLE | SL_WARN | SL_ERROR,
2174 "Bad ICMP message - No association for the "
2175 "attached AH header whose spi is 0x%x, "
2176 "sender is 0x%x\n",
2177 ah->ah_spi, &oipha->ipha_src, AF_INET,
2178 ahstack->ipsecah_netstack);
2179 }
2180 ip_drop_packet(mp, B_TRUE, ira->ira_ill,
2181 DROPPER(ipss, ipds_ah_no_sa),
2182 &ahstack->ah_dropper);
2183 return (NULL);
2184 }
2185
2186 IPSA_REFRELE(assoc);
2187 /*
2188 * There seems to be a valid association. If there
2189 * is enough of AH header remove it, otherwise remove
2190 * as much as possible and send it back. One could check
2191 * whether it has complete AH header plus 8 bytes but it
2192 * does not make sense if an icmp error is returned for
2193 * ICMP messages e.g ICMP time exceeded, that are being
2194 * sent up. Let the caller figure out.
2195 *
2196 * NOTE: ah_length is the number of 32 bit words minus 2.
2197 */
2198 ah_length = (ah->ah_length << 2) + 8;
2199
2200 if ((uchar_t *)ipha + hdr_length + ah_length > mp->b_wptr) {
2201 if (mp->b_cont == NULL) {
2202 /*
2203 * There is nothing to pullup. Just remove as
2204 * much as possible. This is a common case for
2205 * IPV4.
2206 */
2207 ah_length = (mp->b_wptr - ((uchar_t *)ipha +
2208 hdr_length));
2209 goto done;
2210 }
2211 /* Pullup the full ah header */
2212 if (!pullupmsg(mp, (uchar_t *)ah + ah_length - mp->b_rptr)) {
2213 /*
2214 * pullupmsg could have failed if there was not
2215 * enough to pullup or memory allocation failed.
2216 * We tried hard, give up now.
2217 */
2218 IP_AH_BUMP_STAT(ipss, in_discards);
2219 ip_drop_packet(mp, B_TRUE, ira->ira_ill,
2220 DROPPER(ipss, ipds_ah_nomem),
2221 &ahstack->ah_dropper);
2222 return (NULL);
2223 }
2224 icmph = (icmph_t *)&mp->b_rptr[iph_hdr_length];
2225 ipha = (ipha_t *)&icmph[1];
2226 }
2227 done:
2228 /*
2229 * Remove the AH header and change the protocol.
2230 * Don't update the spi fields in the ip_recv_attr_t
2231 * as we are called just to validate the
2232 * message attached to the ICMP message.
2233 *
2234 * If we never pulled up since all of the message
2235 * is in one single mblk, we can't remove the AH header
2236 * by just setting the b_wptr to the beginning of the
2237 * AH header. We need to allocate a mblk that can hold
2238 * up until the inner IP header and copy them.
2239 */
2240 alloc_size = iph_hdr_length + sizeof (icmph_t) + hdr_length;
2241
2242 if ((mp1 = allocb(alloc_size, BPRI_LO)) == NULL) {
2243 IP_AH_BUMP_STAT(ipss, in_discards);
2244 ip_drop_packet(mp, B_TRUE, ira->ira_ill,
2245 DROPPER(ipss, ipds_ah_nomem),
2246 &ahstack->ah_dropper);
2247 return (NULL);
2248 }
2249 bcopy(mp->b_rptr, mp1->b_rptr, alloc_size);
2250 mp1->b_wptr += alloc_size;
2251
2252 /*
2253 * Skip whatever we have copied and as much of AH header
2254 * possible. If we still have something left in the original
2255 * message, tag on.
2256 */
2257 mp->b_rptr = (uchar_t *)ipha + hdr_length + ah_length;
2258
2259 if (mp->b_rptr != mp->b_wptr) {
2260 mp1->b_cont = mp;
2261 } else {
2262 if (mp->b_cont != NULL)
2263 mp1->b_cont = mp->b_cont;
2264 freeb(mp);
2265 }
2266
2267 ipha = (ipha_t *)(mp1->b_rptr + iph_hdr_length + sizeof (icmph_t));
2268 ipha->ipha_protocol = nexthdr;
2269 length = ntohs(ipha->ipha_length);
2270 length -= ah_length;
2271 ipha->ipha_length = htons((uint16_t)length);
2272 ipha->ipha_hdr_checksum = 0;
2273 ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha);
2274
2275 return (mp1);
2276 }
2277
2278 /*
2279 * IP calls this to validate the ICMP errors that
2280 * we got from the network.
2281 */
2282 mblk_t *
2283 ipsecah_icmp_error(mblk_t *data_mp, ip_recv_attr_t *ira)
2284 {
2285 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack;
2286 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
2287
2288 if (ira->ira_flags & IRAF_IS_IPV4)
2289 return (ah_icmp_error_v4(data_mp, ira, ahstack));
2290 else
2291 return (ah_icmp_error_v6(data_mp, ira, ahstack));
2292 }
2293
2294 static int
2295 ah_fix_tlv_options_v6(uint8_t *oi_opt, uint8_t *pi_opt, uint_t ehdrlen,
2296 uint8_t hdr_type, boolean_t copy_always)
2297 {
2298 uint8_t opt_type;
2299 uint_t optlen;
2300
2301 ASSERT(hdr_type == IPPROTO_DSTOPTS || hdr_type == IPPROTO_HOPOPTS);
2302
2303 /*
2304 * Copy the next header and hdr ext. len of the HOP-by-HOP
2305 * and Destination option.
2306 */
2307 *pi_opt++ = *oi_opt++;
2308 *pi_opt++ = *oi_opt++;
2309 ehdrlen -= 2;
2310
2311 /*
2312 * Now handle all the TLV encoded options.
2313 */
2314 while (ehdrlen != 0) {
2315 opt_type = *oi_opt;
2316
2317 if (opt_type == IP6OPT_PAD1) {
2318 optlen = 1;
2319 } else {
2320 if (ehdrlen < 2)
2321 goto bad_opt;
2322 optlen = 2 + oi_opt[1];
2323 if (optlen > ehdrlen)
2324 goto bad_opt;
2325 }
2326 if (copy_always || !(opt_type & IP6OPT_MUTABLE)) {
2327 bcopy(oi_opt, pi_opt, optlen);
2328 } else {
2329 if (optlen == 1) {
2330 *pi_opt = 0;
2331 } else {
2332 /*
2333 * Copy the type and data length fields.
2334 * Zero the option data by skipping
2335 * option type and option data len
2336 * fields.
2337 */
2338 *pi_opt = *oi_opt;
2339 *(pi_opt + 1) = *(oi_opt + 1);
2340 bzero(pi_opt + 2, optlen - 2);
2341 }
2342 }
2343 ehdrlen -= optlen;
2344 oi_opt += optlen;
2345 pi_opt += optlen;
2346 }
2347 return (0);
2348 bad_opt:
2349 return (-1);
2350 }
2351
2352 /*
2353 * Construct a pseudo header for AH, processing all the options.
2354 *
2355 * oip6h is the IPv6 header of the incoming or outgoing packet.
2356 * ip6h is the pointer to the pseudo headers IPV6 header. All
2357 * the space needed for the options have been allocated including
2358 * the AH header.
2359 *
2360 * If copy_always is set, all the options that appear before AH are copied
2361 * blindly without checking for IP6OPT_MUTABLE. This is used by
2362 * ah_auth_out_done(). Please refer to that function for details.
2363 *
2364 * NOTE :
2365 *
2366 * * AH header is never copied in this function even if copy_always
2367 * is set. It just returns the ah_offset - offset of the AH header
2368 * and the caller needs to do the copying. This is done so that we
2369 * don't have pass extra arguments e.g. SA etc. and also,
2370 * it is not needed when ah_auth_out_done is calling this function.
2371 */
2372 static uint_t
2373 ah_fix_phdr_v6(ip6_t *ip6h, ip6_t *oip6h, boolean_t outbound,
2374 boolean_t copy_always)
2375 {
2376 uint8_t *oi_opt;
2377 uint8_t *pi_opt;
2378 uint8_t nexthdr;
2379 uint8_t *prev_nexthdr;
2380 ip6_hbh_t *hbhhdr;
2381 ip6_dest_t *dsthdr = NULL;
2382 ip6_rthdr0_t *rthdr;
2383 int ehdrlen;
2384 ah_t *ah;
2385 int ret;
2386
2387 /*
2388 * In the outbound case for source route, ULP has already moved
2389 * the first hop, which is now in ip6_dst. We need to re-arrange
2390 * the header to make it look like how it would appear in the
2391 * receiver i.e
2392 *
2393 * Because of ip_massage_options_v6 the header looks like
2394 * this :
2395 *
2396 * ip6_src = S, ip6_dst = I1. followed by I2,I3,D.
2397 *
2398 * When it reaches the receiver, it would look like
2399 *
2400 * ip6_src = S, ip6_dst = D. followed by I1,I2,I3.
2401 *
2402 * NOTE : We assume that there are no problems with the options
2403 * as IP should have already checked this.
2404 */
2405
2406 oi_opt = (uchar_t *)&oip6h[1];
2407 pi_opt = (uchar_t *)&ip6h[1];
2408
2409 /*
2410 * We set the prev_nexthdr properly in the pseudo header.
2411 * After we finish authentication and come back from the
2412 * algorithm module, pseudo header will become the real
2413 * IP header.
2414 */
2415 prev_nexthdr = (uint8_t *)&ip6h->ip6_nxt;
2416 nexthdr = oip6h->ip6_nxt;
2417 /* Assume IP has already stripped it */
2418 ASSERT(nexthdr != IPPROTO_FRAGMENT);
2419 ah = NULL;
2420 dsthdr = NULL;
2421 for (;;) {
2422 switch (nexthdr) {
2423 case IPPROTO_HOPOPTS:
2424 hbhhdr = (ip6_hbh_t *)oi_opt;
2425 nexthdr = hbhhdr->ip6h_nxt;
2426 ehdrlen = 8 * (hbhhdr->ip6h_len + 1);
2427 ret = ah_fix_tlv_options_v6(oi_opt, pi_opt, ehdrlen,
2428 IPPROTO_HOPOPTS, copy_always);
2429 /*
2430 * Return a zero offset indicating error if there
2431 * was error.
2432 */
2433 if (ret == -1)
2434 return (0);
2435 hbhhdr = (ip6_hbh_t *)pi_opt;
2436 prev_nexthdr = (uint8_t *)&hbhhdr->ip6h_nxt;
2437 break;
2438 case IPPROTO_ROUTING:
2439 rthdr = (ip6_rthdr0_t *)oi_opt;
2440 nexthdr = rthdr->ip6r0_nxt;
2441 ehdrlen = 8 * (rthdr->ip6r0_len + 1);
2442 if (!copy_always && outbound) {
2443 int i, left;
2444 ip6_rthdr0_t *prthdr;
2445 in6_addr_t *ap, *pap;
2446
2447 left = rthdr->ip6r0_segleft;
2448 prthdr = (ip6_rthdr0_t *)pi_opt;
2449 pap = (in6_addr_t *)(prthdr + 1);
2450 ap = (in6_addr_t *)(rthdr + 1);
2451 /*
2452 * First eight bytes except seg_left
2453 * does not change en route.
2454 */
2455 bcopy(oi_opt, pi_opt, 8);
2456 prthdr->ip6r0_segleft = 0;
2457 /*
2458 * First address has been moved to
2459 * the destination address of the
2460 * ip header by ip_massage_options_v6.
2461 * And the real destination address is
2462 * in the last address part of the
2463 * option.
2464 */
2465 *pap = oip6h->ip6_dst;
2466 for (i = 1; i < left - 1; i++)
2467 pap[i] = ap[i - 1];
2468 ip6h->ip6_dst = *(ap + left - 1);
2469 } else {
2470 bcopy(oi_opt, pi_opt, ehdrlen);
2471 }
2472 rthdr = (ip6_rthdr0_t *)pi_opt;
2473 prev_nexthdr = (uint8_t *)&rthdr->ip6r0_nxt;
2474 break;
2475 case IPPROTO_DSTOPTS:
2476 /*
2477 * Destination options are tricky. If there is
2478 * a terminal (e.g. non-IPv6-extension) header
2479 * following the destination options, don't
2480 * reset prev_nexthdr or advance the AH insertion
2481 * point and just treat this as a terminal header.
2482 *
2483 * If this is an inbound packet, just deal with
2484 * it as is.
2485 */
2486 dsthdr = (ip6_dest_t *)oi_opt;
2487 /*
2488 * XXX I hope common-subexpression elimination
2489 * saves us the double-evaluate.
2490 */
2491 if (outbound && dsthdr->ip6d_nxt != IPPROTO_ROUTING &&
2492 dsthdr->ip6d_nxt != IPPROTO_HOPOPTS)
2493 goto terminal_hdr;
2494 nexthdr = dsthdr->ip6d_nxt;
2495 ehdrlen = 8 * (dsthdr->ip6d_len + 1);
2496 ret = ah_fix_tlv_options_v6(oi_opt, pi_opt, ehdrlen,
2497 IPPROTO_DSTOPTS, copy_always);
2498 /*
2499 * Return a zero offset indicating error if there
2500 * was error.
2501 */
2502 if (ret == -1)
2503 return (0);
2504 break;
2505 case IPPROTO_AH:
2506 /*
2507 * Be conservative in what you send. We shouldn't
2508 * see two same-scoped AH's in one packet.
2509 * (Inner-IP-scoped AH will be hit by terminal
2510 * header of IP or IPv6.)
2511 */
2512 ASSERT(!outbound);
2513 return ((uint_t)(pi_opt - (uint8_t *)ip6h));
2514 default:
2515 ASSERT(outbound);
2516 terminal_hdr:
2517 *prev_nexthdr = IPPROTO_AH;
2518 ah = (ah_t *)pi_opt;
2519 ah->ah_nexthdr = nexthdr;
2520 return ((uint_t)(pi_opt - (uint8_t *)ip6h));
2521 }
2522 pi_opt += ehdrlen;
2523 oi_opt += ehdrlen;
2524 }
2525 /* NOTREACHED */
2526 }
2527
2528 static boolean_t
2529 ah_finish_up(ah_t *phdr_ah, ah_t *inbound_ah, ipsa_t *assoc,
2530 int ah_data_sz, int ah_align_sz, ipsecah_stack_t *ahstack)
2531 {
2532 int i;
2533
2534 /*
2535 * Padding :
2536 *
2537 * 1) Authentication data may have to be padded
2538 * before ICV calculation if ICV is not a multiple
2539 * of 64 bits. This padding is arbitrary and transmitted
2540 * with the packet at the end of the authentication data.
2541 * Payload length should include the padding bytes.
2542 *
2543 * 2) Explicit padding of the whole datagram may be
2544 * required by the algorithm which need not be
2545 * transmitted. It is assumed that this will be taken
2546 * care by the algorithm module.
2547 */
2548 bzero(phdr_ah + 1, ah_data_sz); /* Zero out ICV for pseudo-hdr. */
2549
2550 if (inbound_ah == NULL) {
2551 /* Outbound AH datagram. */
2552
2553 phdr_ah->ah_length = (ah_align_sz >> 2) + 1;
2554 phdr_ah->ah_reserved = 0;
2555 phdr_ah->ah_spi = assoc->ipsa_spi;
2556
2557 phdr_ah->ah_replay =
2558 htonl(atomic_inc_32_nv(&assoc->ipsa_replay));
2559 if (phdr_ah->ah_replay == 0 && assoc->ipsa_replay_wsize != 0) {
2560 /*
2561 * XXX We have replay counter wrapping. We probably
2562 * want to nuke this SA (and its peer).
2563 */
2564 ipsec_assocfailure(info.mi_idnum, 0, 0,
2565 SL_ERROR | SL_CONSOLE | SL_WARN,
2566 "Outbound AH SA (0x%x), dst %s has wrapped "
2567 "sequence.\n", phdr_ah->ah_spi,
2568 assoc->ipsa_dstaddr, assoc->ipsa_addrfam,
2569 ahstack->ipsecah_netstack);
2570
2571 sadb_replay_delete(assoc);
2572 /* Caller will free phdr_mp and return NULL. */
2573 return (B_FALSE);
2574 }
2575
2576 if (ah_data_sz != ah_align_sz) {
2577 uchar_t *pad = ((uchar_t *)phdr_ah + sizeof (ah_t) +
2578 ah_data_sz);
2579
2580 for (i = 0; i < (ah_align_sz - ah_data_sz); i++) {
2581 pad[i] = (uchar_t)i; /* Fill the padding */
2582 }
2583 }
2584 } else {
2585 /* Inbound AH datagram. */
2586 phdr_ah->ah_nexthdr = inbound_ah->ah_nexthdr;
2587 phdr_ah->ah_length = inbound_ah->ah_length;
2588 phdr_ah->ah_reserved = 0;
2589 ASSERT(inbound_ah->ah_spi == assoc->ipsa_spi);
2590 phdr_ah->ah_spi = inbound_ah->ah_spi;
2591 phdr_ah->ah_replay = inbound_ah->ah_replay;
2592
2593 if (ah_data_sz != ah_align_sz) {
2594 uchar_t *opad = ((uchar_t *)inbound_ah +
2595 sizeof (ah_t) + ah_data_sz);
2596 uchar_t *pad = ((uchar_t *)phdr_ah + sizeof (ah_t) +
2597 ah_data_sz);
2598
2599 for (i = 0; i < (ah_align_sz - ah_data_sz); i++) {
2600 pad[i] = opad[i]; /* Copy the padding */
2601 }
2602 }
2603 }
2604
2605 return (B_TRUE);
2606 }
2607
2608 /*
2609 * Called upon failing the inbound ICV check. The message passed as
2610 * argument is freed.
2611 */
2612 static void
2613 ah_log_bad_auth(mblk_t *mp, ip_recv_attr_t *ira, ipsec_crypto_t *ic)
2614 {
2615 boolean_t isv4 = (ira->ira_flags & IRAF_IS_IPV4);
2616 ipsa_t *assoc = ira->ira_ipsec_ah_sa;
2617 int af;
2618 void *addr;
2619 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack;
2620 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
2621 ipsec_stack_t *ipss = ns->netstack_ipsec;
2622
2623 ASSERT(mp->b_datap->db_type == M_DATA);
2624
2625 mp->b_rptr -= ic->ic_skip_len;
2626
2627 if (isv4) {
2628 ipha_t *ipha = (ipha_t *)mp->b_rptr;
2629 addr = &ipha->ipha_dst;
2630 af = AF_INET;
2631 } else {
2632 ip6_t *ip6h = (ip6_t *)mp->b_rptr;
2633 addr = &ip6h->ip6_dst;
2634 af = AF_INET6;
2635 }
2636
2637 /*
2638 * Log the event. Don't print to the console, block
2639 * potential denial-of-service attack.
2640 */
2641 AH_BUMP_STAT(ahstack, bad_auth);
2642
2643 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN,
2644 "AH Authentication failed spi %x, dst_addr %s",
2645 assoc->ipsa_spi, addr, af, ahstack->ipsecah_netstack);
2646
2647 IP_AH_BUMP_STAT(ipss, in_discards);
2648 ip_drop_packet(mp, B_TRUE, ira->ira_ill,
2649 DROPPER(ipss, ipds_ah_bad_auth),
2650 &ahstack->ah_dropper);
2651 }
2652
2653 /*
2654 * Kernel crypto framework callback invoked after completion of async
2655 * crypto requests for outbound packets.
2656 */
2657 static void
2658 ah_kcf_callback_outbound(void *arg, int status)
2659 {
2660 mblk_t *mp = (mblk_t *)arg;
2661 mblk_t *async_mp;
2662 netstack_t *ns;
2663 ipsec_stack_t *ipss;
2664 ipsecah_stack_t *ahstack;
2665 mblk_t *data_mp;
2666 ip_xmit_attr_t ixas;
2667 ipsec_crypto_t *ic;
2668 ill_t *ill;
2669
2670 /*
2671 * First remove the ipsec_crypto_t mblk
2672 * Note that we need to ipsec_free_crypto_data(mp) once done with ic.
2673 */
2674 async_mp = ipsec_remove_crypto_data(mp, &ic);
2675 ASSERT(async_mp != NULL);
2676
2677 /*
2678 * Extract the ip_xmit_attr_t from the first mblk.
2679 * Verifies that the netstack and ill is still around; could
2680 * have vanished while kEf was doing its work.
2681 * On succesful return we have a nce_t and the ill/ipst can't
2682 * disappear until we do the nce_refrele in ixa_cleanup.
2683 */
2684 data_mp = async_mp->b_cont;
2685 async_mp->b_cont = NULL;
2686 if (!ip_xmit_attr_from_mblk(async_mp, &ixas)) {
2687 /* Disappeared on us - no ill/ipst for MIB */
2688 if (ixas.ixa_nce != NULL) {
2689 ill = ixas.ixa_nce->nce_ill;
2690 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
2691 ip_drop_output("ipIfStatsOutDiscards", data_mp, ill);
2692 }
2693 freemsg(data_mp);
2694 goto done;
2695 }
2696 ns = ixas.ixa_ipst->ips_netstack;
2697 ahstack = ns->netstack_ipsecah;
2698 ipss = ns->netstack_ipsec;
2699 ill = ixas.ixa_nce->nce_ill;
2700
2701 if (status == CRYPTO_SUCCESS) {
2702 data_mp = ah_auth_out_done(data_mp, &ixas, ic);
2703 if (data_mp == NULL)
2704 goto done;
2705
2706 (void) ip_output_post_ipsec(data_mp, &ixas);
2707 } else {
2708 /* Outbound shouldn't see invalid MAC */
2709 ASSERT(status != CRYPTO_INVALID_MAC);
2710
2711 ah1dbg(ahstack,
2712 ("ah_kcf_callback_outbound: crypto failed with 0x%x\n",
2713 status));
2714 AH_BUMP_STAT(ahstack, crypto_failures);
2715 AH_BUMP_STAT(ahstack, out_discards);
2716
2717 ip_drop_packet(data_mp, B_FALSE, ill,
2718 DROPPER(ipss, ipds_ah_crypto_failed),
2719 &ahstack->ah_dropper);
2720 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
2721 }
2722 done:
2723 ixa_cleanup(&ixas);
2724 (void) ipsec_free_crypto_data(mp);
2725 }
2726
2727 /*
2728 * Kernel crypto framework callback invoked after completion of async
2729 * crypto requests for inbound packets.
2730 */
2731 static void
2732 ah_kcf_callback_inbound(void *arg, int status)
2733 {
2734 mblk_t *mp = (mblk_t *)arg;
2735 mblk_t *async_mp;
2736 netstack_t *ns;
2737 ipsec_stack_t *ipss;
2738 ipsecah_stack_t *ahstack;
2739 mblk_t *data_mp;
2740 ip_recv_attr_t iras;
2741 ipsec_crypto_t *ic;
2742
2743 /*
2744 * First remove the ipsec_crypto_t mblk
2745 * Note that we need to ipsec_free_crypto_data(mp) once done with ic.
2746 */
2747 async_mp = ipsec_remove_crypto_data(mp, &ic);
2748 ASSERT(async_mp != NULL);
2749
2750 /*
2751 * Extract the ip_xmit_attr_t from the first mblk.
2752 * Verifies that the netstack and ill is still around; could
2753 * have vanished while kEf was doing its work.
2754 */
2755 data_mp = async_mp->b_cont;
2756 async_mp->b_cont = NULL;
2757 if (!ip_recv_attr_from_mblk(async_mp, &iras)) {
2758 /* The ill or ip_stack_t disappeared on us */
2759 ip_drop_input("ip_recv_attr_from_mblk", data_mp, NULL);
2760 freemsg(data_mp);
2761 goto done;
2762 }
2763 ns = iras.ira_ill->ill_ipst->ips_netstack;
2764 ahstack = ns->netstack_ipsecah;
2765 ipss = ns->netstack_ipsec;
2766
2767 if (status == CRYPTO_SUCCESS) {
2768 data_mp = ah_auth_in_done(data_mp, &iras, ic);
2769 if (data_mp == NULL)
2770 goto done;
2771
2772 /* finish IPsec processing */
2773 ip_input_post_ipsec(data_mp, &iras);
2774
2775 } else if (status == CRYPTO_INVALID_MAC) {
2776 ah_log_bad_auth(data_mp, &iras, ic);
2777 } else {
2778 ah1dbg(ahstack,
2779 ("ah_kcf_callback_inbound: crypto failed with 0x%x\n",
2780 status));
2781 AH_BUMP_STAT(ahstack, crypto_failures);
2782 IP_AH_BUMP_STAT(ipss, in_discards);
2783 ip_drop_packet(data_mp, B_TRUE, iras.ira_ill,
2784 DROPPER(ipss, ipds_ah_crypto_failed),
2785 &ahstack->ah_dropper);
2786 BUMP_MIB(iras.ira_ill->ill_ip_mib, ipIfStatsInDiscards);
2787 }
2788 done:
2789 ira_cleanup(&iras, B_TRUE);
2790 (void) ipsec_free_crypto_data(mp);
2791 }
2792
2793 /*
2794 * Invoked on kernel crypto failure during inbound and outbound processing.
2795 */
2796 static void
2797 ah_crypto_failed(mblk_t *data_mp, boolean_t is_inbound, int kef_rc,
2798 ill_t *ill, ipsecah_stack_t *ahstack)
2799 {
2800 ipsec_stack_t *ipss = ahstack->ipsecah_netstack->netstack_ipsec;
2801
2802 ah1dbg(ahstack, ("crypto failed for %s AH with 0x%x\n",
2803 is_inbound ? "inbound" : "outbound", kef_rc));
2804 ip_drop_packet(data_mp, is_inbound, ill,
2805 DROPPER(ipss, ipds_ah_crypto_failed),
2806 &ahstack->ah_dropper);
2807 AH_BUMP_STAT(ahstack, crypto_failures);
2808 if (is_inbound)
2809 IP_AH_BUMP_STAT(ipss, in_discards);
2810 else
2811 AH_BUMP_STAT(ahstack, out_discards);
2812 }
2813
2814 /*
2815 * Helper macros for the ah_submit_req_{inbound,outbound}() functions.
2816 */
2817
2818 /*
2819 * A statement-equivalent macro, _cr MUST point to a modifiable
2820 * crypto_call_req_t.
2821 */
2822 #define AH_INIT_CALLREQ(_cr, _mp, _callback) \
2823 (_cr)->cr_flag = CRYPTO_SKIP_REQID|CRYPTO_ALWAYS_QUEUE; \
2824 (_cr)->cr_callback_arg = (_mp); \
2825 (_cr)->cr_callback_func = (_callback)
2826
2827 #define AH_INIT_CRYPTO_DATA(data, msglen, mblk) { \
2828 (data)->cd_format = CRYPTO_DATA_MBLK; \
2829 (data)->cd_mp = mblk; \
2830 (data)->cd_offset = 0; \
2831 (data)->cd_length = msglen; \
2832 }
2833
2834 #define AH_INIT_CRYPTO_MAC(mac, icvlen, icvbuf) { \
2835 (mac)->cd_format = CRYPTO_DATA_RAW; \
2836 (mac)->cd_offset = 0; \
2837 (mac)->cd_length = icvlen; \
2838 (mac)->cd_raw.iov_base = icvbuf; \
2839 (mac)->cd_raw.iov_len = icvlen; \
2840 }
2841
2842 /*
2843 * Submit an inbound packet for processing by the crypto framework.
2844 */
2845 static mblk_t *
2846 ah_submit_req_inbound(mblk_t *phdr_mp, ip_recv_attr_t *ira,
2847 size_t skip_len, uint32_t ah_offset, ipsa_t *assoc)
2848 {
2849 int kef_rc;
2850 mblk_t *mp;
2851 crypto_call_req_t call_req, *callrp;
2852 uint_t icv_len = assoc->ipsa_mac_len;
2853 crypto_ctx_template_t ctx_tmpl;
2854 ipsecah_stack_t *ahstack;
2855 ipsec_crypto_t *ic, icstack;
2856 boolean_t force = (assoc->ipsa_flags & IPSA_F_ASYNC);
2857
2858 ahstack = ira->ira_ill->ill_ipst->ips_netstack->netstack_ipsecah;
2859
2860 ASSERT(phdr_mp != NULL);
2861 ASSERT(phdr_mp->b_datap->db_type == M_DATA);
2862
2863 if (force) {
2864 /* We are doing asynch; allocate mblks to hold state */
2865 if ((mp = ip_recv_attr_to_mblk(ira)) == NULL ||
2866 (mp = ipsec_add_crypto_data(mp, &ic)) == NULL) {
2867 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
2868 ip_drop_input("ipIfStatsInDiscards", phdr_mp,
2869 ira->ira_ill);
2870 freemsg(phdr_mp);
2871 return (NULL);
2872 }
2873
2874 linkb(mp, phdr_mp);
2875 callrp = &call_req;
2876 AH_INIT_CALLREQ(callrp, mp, ah_kcf_callback_inbound);
2877 } else {
2878 /*
2879 * If we know we are going to do sync then ipsec_crypto_t
2880 * should be on the stack.
2881 */
2882 ic = &icstack;
2883 bzero(ic, sizeof (*ic));
2884 callrp = NULL;
2885 }
2886
2887 /* init arguments for the crypto framework */
2888 AH_INIT_CRYPTO_DATA(&ic->ic_crypto_data, AH_MSGSIZE(phdr_mp),
2889 phdr_mp);
2890
2891 AH_INIT_CRYPTO_MAC(&ic->ic_crypto_mac, icv_len,
2892 (char *)phdr_mp->b_cont->b_rptr - skip_len + ah_offset +
2893 sizeof (ah_t));
2894
2895 ic->ic_skip_len = skip_len;
2896
2897 IPSEC_CTX_TMPL(assoc, ipsa_authtmpl, IPSEC_ALG_AUTH, ctx_tmpl);
2898
2899 /* call KEF to do the MAC operation */
2900 kef_rc = crypto_mac_verify(&assoc->ipsa_amech,
2901 &ic->ic_crypto_data, &assoc->ipsa_kcfauthkey, ctx_tmpl,
2902 &ic->ic_crypto_mac, callrp);
2903
2904 switch (kef_rc) {
2905 case CRYPTO_SUCCESS:
2906 AH_BUMP_STAT(ahstack, crypto_sync);
2907 phdr_mp = ah_auth_in_done(phdr_mp, ira, ic);
2908 if (force) {
2909 /* Free mp after we are done with ic */
2910 mp = ipsec_free_crypto_data(mp);
2911 (void) ip_recv_attr_free_mblk(mp);
2912 }
2913 return (phdr_mp);
2914 case CRYPTO_QUEUED:
2915 /* ah_kcf_callback_inbound() will be invoked on completion */
2916 AH_BUMP_STAT(ahstack, crypto_async);
2917 return (NULL);
2918 case CRYPTO_INVALID_MAC:
2919 /* Free mp after we are done with ic */
2920 AH_BUMP_STAT(ahstack, crypto_sync);
2921 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
2922 ah_log_bad_auth(phdr_mp, ira, ic);
2923 /* phdr_mp was passed to ip_drop_packet */
2924 if (force) {
2925 mp = ipsec_free_crypto_data(mp);
2926 (void) ip_recv_attr_free_mblk(mp);
2927 }
2928 return (NULL);
2929 }
2930
2931 if (force) {
2932 mp = ipsec_free_crypto_data(mp);
2933 phdr_mp = ip_recv_attr_free_mblk(mp);
2934 }
2935 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
2936 ah_crypto_failed(phdr_mp, B_TRUE, kef_rc, ira->ira_ill, ahstack);
2937 /* phdr_mp was passed to ip_drop_packet */
2938 return (NULL);
2939 }
2940
2941 /*
2942 * Submit an outbound packet for processing by the crypto framework.
2943 */
2944 static mblk_t *
2945 ah_submit_req_outbound(mblk_t *phdr_mp, ip_xmit_attr_t *ixa,
2946 size_t skip_len, ipsa_t *assoc)
2947 {
2948 int kef_rc;
2949 mblk_t *mp;
2950 crypto_call_req_t call_req, *callrp;
2951 uint_t icv_len = assoc->ipsa_mac_len;
2952 ipsecah_stack_t *ahstack;
2953 ipsec_crypto_t *ic, icstack;
2954 ill_t *ill = ixa->ixa_nce->nce_ill;
2955 boolean_t force = (assoc->ipsa_flags & IPSA_F_ASYNC);
2956
2957 ahstack = ill->ill_ipst->ips_netstack->netstack_ipsecah;
2958
2959 ASSERT(phdr_mp != NULL);
2960 ASSERT(phdr_mp->b_datap->db_type == M_DATA);
2961
2962 if (force) {
2963 /* We are doing asynch; allocate mblks to hold state */
2964 if ((mp = ip_xmit_attr_to_mblk(ixa)) == NULL ||
2965 (mp = ipsec_add_crypto_data(mp, &ic)) == NULL) {
2966 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
2967 ip_drop_output("ipIfStatsOutDiscards", phdr_mp, ill);
2968 freemsg(phdr_mp);
2969 return (NULL);
2970 }
2971 linkb(mp, phdr_mp);
2972 callrp = &call_req;
2973 AH_INIT_CALLREQ(callrp, mp, ah_kcf_callback_outbound);
2974 } else {
2975 /*
2976 * If we know we are going to do sync then ipsec_crypto_t
2977 * should be on the stack.
2978 */
2979 ic = &icstack;
2980 bzero(ic, sizeof (*ic));
2981 callrp = NULL;
2982 }
2983
2984 /* init arguments for the crypto framework */
2985 AH_INIT_CRYPTO_DATA(&ic->ic_crypto_data, AH_MSGSIZE(phdr_mp),
2986 phdr_mp);
2987
2988 AH_INIT_CRYPTO_MAC(&ic->ic_crypto_mac, icv_len,
2989 (char *)phdr_mp->b_wptr);
2990
2991 ic->ic_skip_len = skip_len;
2992
2993 ASSERT(ixa->ixa_ipsec_ah_sa != NULL);
2994
2995 /* call KEF to do the MAC operation */
2996 kef_rc = crypto_mac(&assoc->ipsa_amech, &ic->ic_crypto_data,
2997 &assoc->ipsa_kcfauthkey, assoc->ipsa_authtmpl,
2998 &ic->ic_crypto_mac, callrp);
2999
3000 switch (kef_rc) {
3001 case CRYPTO_SUCCESS:
3002 AH_BUMP_STAT(ahstack, crypto_sync);
3003 phdr_mp = ah_auth_out_done(phdr_mp, ixa, ic);
3004 if (force) {
3005 /* Free mp after we are done with ic */
3006 mp = ipsec_free_crypto_data(mp);
3007 (void) ip_xmit_attr_free_mblk(mp);
3008 }
3009 return (phdr_mp);
3010 case CRYPTO_QUEUED:
3011 /* ah_kcf_callback_outbound() will be invoked on completion */
3012 AH_BUMP_STAT(ahstack, crypto_async);
3013 return (NULL);
3014 }
3015
3016 if (force) {
3017 mp = ipsec_free_crypto_data(mp);
3018 phdr_mp = ip_xmit_attr_free_mblk(mp);
3019 }
3020 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
3021 ah_crypto_failed(phdr_mp, B_FALSE, kef_rc, NULL, ahstack);
3022 /* phdr_mp was passed to ip_drop_packet */
3023 return (NULL);
3024 }
3025
3026 /*
3027 * This function constructs a pseudo header by looking at the IP header
3028 * and options if any. This is called for both outbound and inbound,
3029 * before computing the ICV.
3030 */
3031 static mblk_t *
3032 ah_process_ip_options_v6(mblk_t *mp, ipsa_t *assoc, int *length_to_skip,
3033 uint_t ah_data_sz, boolean_t outbound, ipsecah_stack_t *ahstack)
3034 {
3035 ip6_t *ip6h;
3036 ip6_t *oip6h;
3037 mblk_t *phdr_mp;
3038 int option_length;
3039 uint_t ah_align_sz;
3040 uint_t ah_offset;
3041 int hdr_size;
3042
3043 /*
3044 * Allocate space for the authentication data also. It is
3045 * useful both during the ICV calculation where we need to
3046 * feed in zeroes and while sending the datagram back to IP
3047 * where we will be using the same space.
3048 *
3049 * We need to allocate space for padding bytes if it is not
3050 * a multiple of IPV6_PADDING_ALIGN.
3051 *
3052 * In addition, we allocate space for the ICV computed by
3053 * the kernel crypto framework, saving us a separate kmem
3054 * allocation down the road.
3055 */
3056
3057 ah_align_sz = P2ALIGN(ah_data_sz + IPV6_PADDING_ALIGN - 1,
3058 IPV6_PADDING_ALIGN);
3059
3060 ASSERT(ah_align_sz >= ah_data_sz);
3061
3062 hdr_size = ipsec_ah_get_hdr_size_v6(mp, B_FALSE);
3063 option_length = hdr_size - IPV6_HDR_LEN;
3064
3065 /* This was not included in ipsec_ah_get_hdr_size_v6() */
3066 hdr_size += (sizeof (ah_t) + ah_align_sz);
3067
3068 if (!outbound && (MBLKL(mp) < hdr_size)) {
3069 /*
3070 * We have post-AH header options in a separate mblk,
3071 * a pullup is required.
3072 */
3073 if (!pullupmsg(mp, hdr_size))
3074 return (NULL);
3075 }
3076
3077 if ((phdr_mp = allocb_tmpl(hdr_size + ah_data_sz, mp)) == NULL) {
3078 return (NULL);
3079 }
3080
3081 oip6h = (ip6_t *)mp->b_rptr;
3082
3083 /*
3084 * Form the basic IP header first. Zero out the header
3085 * so that the mutable fields are zeroed out.
3086 */
3087 ip6h = (ip6_t *)phdr_mp->b_rptr;
3088 bzero(ip6h, sizeof (ip6_t));
3089 ip6h->ip6_vcf = IPV6_DEFAULT_VERS_AND_FLOW;
3090
3091 if (outbound) {
3092 /*
3093 * Include the size of AH and authentication data.
3094 * This is how our recipient would compute the
3095 * authentication data. Look at what we do in the
3096 * inbound case below.
3097 */
3098 ip6h->ip6_plen = htons(ntohs(oip6h->ip6_plen) +
3099 sizeof (ah_t) + ah_align_sz);
3100 } else {
3101 ip6h->ip6_plen = oip6h->ip6_plen;
3102 }
3103
3104 ip6h->ip6_src = oip6h->ip6_src;
3105 ip6h->ip6_dst = oip6h->ip6_dst;
3106
3107 *length_to_skip = IPV6_HDR_LEN;
3108 if (option_length == 0) {
3109 /* Form the AH header */
3110 ip6h->ip6_nxt = IPPROTO_AH;
3111 ((ah_t *)(ip6h + 1))->ah_nexthdr = oip6h->ip6_nxt;
3112 ah_offset = *length_to_skip;
3113 } else {
3114 ip6h->ip6_nxt = oip6h->ip6_nxt;
3115 /* option_length does not include the AH header's size */
3116 *length_to_skip += option_length;
3117
3118 ah_offset = ah_fix_phdr_v6(ip6h, oip6h, outbound, B_FALSE);
3119 if (ah_offset == 0) {
3120 return (NULL);
3121 }
3122 }
3123
3124 if (!ah_finish_up(((ah_t *)((uint8_t *)ip6h + ah_offset)),
3125 (outbound ? NULL : ((ah_t *)((uint8_t *)oip6h + ah_offset))),
3126 assoc, ah_data_sz, ah_align_sz, ahstack)) {
3127 freeb(phdr_mp);
3128 /*
3129 * Returning NULL will tell the caller to
3130 * IPSA_REFELE(), free the memory, etc.
3131 */
3132 return (NULL);
3133 }
3134
3135 phdr_mp->b_wptr = ((uint8_t *)ip6h + ah_offset + sizeof (ah_t) +
3136 ah_align_sz);
3137 if (!outbound)
3138 *length_to_skip += sizeof (ah_t) + ah_align_sz;
3139 return (phdr_mp);
3140 }
3141
3142 /*
3143 * This function constructs a pseudo header by looking at the IP header
3144 * and options if any. This is called for both outbound and inbound,
3145 * before computing the ICV.
3146 */
3147 static mblk_t *
3148 ah_process_ip_options_v4(mblk_t *mp, ipsa_t *assoc, int *length_to_skip,
3149 uint_t ah_data_sz, boolean_t outbound, ipsecah_stack_t *ahstack)
3150 {
3151 ipoptp_t opts;
3152 uint32_t option_length;
3153 ipha_t *ipha;
3154 ipha_t *oipha;
3155 mblk_t *phdr_mp;
3156 int size;
3157 uchar_t *optptr;
3158 uint8_t optval;
3159 uint8_t optlen;
3160 ipaddr_t dst;
3161 uint32_t v_hlen_tos_len;
3162 int ip_hdr_length;
3163 uint_t ah_align_sz;
3164 uint32_t off;
3165
3166 #ifdef _BIG_ENDIAN
3167 #define V_HLEN (v_hlen_tos_len >> 24)
3168 #else
3169 #define V_HLEN (v_hlen_tos_len & 0xFF)
3170 #endif
3171
3172 oipha = (ipha_t *)mp->b_rptr;
3173 v_hlen_tos_len = ((uint32_t *)oipha)[0];
3174
3175 /*
3176 * Allocate space for the authentication data also. It is
3177 * useful both during the ICV calculation where we need to
3178 * feed in zeroes and while sending the datagram back to IP
3179 * where we will be using the same space.
3180 *
3181 * We need to allocate space for padding bytes if it is not
3182 * a multiple of IPV4_PADDING_ALIGN.
3183 *
3184 * In addition, we allocate space for the ICV computed by
3185 * the kernel crypto framework, saving us a separate kmem
3186 * allocation down the road.
3187 */
3188
3189 ah_align_sz = P2ALIGN(ah_data_sz + IPV4_PADDING_ALIGN - 1,
3190 IPV4_PADDING_ALIGN);
3191
3192 ASSERT(ah_align_sz >= ah_data_sz);
3193
3194 size = IP_SIMPLE_HDR_LENGTH + sizeof (ah_t) + ah_align_sz +
3195 ah_data_sz;
3196
3197 if (V_HLEN != IP_SIMPLE_HDR_VERSION) {
3198 option_length = oipha->ipha_version_and_hdr_length -
3199 (uint8_t)((IP_VERSION << 4) +
3200 IP_SIMPLE_HDR_LENGTH_IN_WORDS);
3201 option_length <<= 2;
3202 size += option_length;
3203 }
3204
3205 if ((phdr_mp = allocb_tmpl(size, mp)) == NULL) {
3206 return (NULL);
3207 }
3208
3209 /*
3210 * Form the basic IP header first.
3211 */
3212 ipha = (ipha_t *)phdr_mp->b_rptr;
3213 ipha->ipha_version_and_hdr_length = oipha->ipha_version_and_hdr_length;
3214 ipha->ipha_type_of_service = 0;
3215
3216 if (outbound) {
3217 /*
3218 * Include the size of AH and authentication data.
3219 * This is how our recipient would compute the
3220 * authentication data. Look at what we do in the
3221 * inbound case below.
3222 */
3223 ipha->ipha_length = ntohs(htons(oipha->ipha_length) +
3224 sizeof (ah_t) + ah_align_sz);
3225 } else {
3226 ipha->ipha_length = oipha->ipha_length;
3227 }
3228
3229 ipha->ipha_ident = oipha->ipha_ident;
3230 ipha->ipha_fragment_offset_and_flags = 0;
3231 ipha->ipha_ttl = 0;
3232 ipha->ipha_protocol = IPPROTO_AH;
3233 ipha->ipha_hdr_checksum = 0;
3234 ipha->ipha_src = oipha->ipha_src;
3235 ipha->ipha_dst = dst = oipha->ipha_dst;
3236
3237 /*
3238 * If there is no option to process return now.
3239 */
3240 ip_hdr_length = IP_SIMPLE_HDR_LENGTH;
3241
3242 if (V_HLEN == IP_SIMPLE_HDR_VERSION) {
3243 /* Form the AH header */
3244 goto ah_hdr;
3245 }
3246
3247 ip_hdr_length += option_length;
3248
3249 /*
3250 * We have options. In the outbound case for source route,
3251 * ULP has already moved the first hop, which is now in
3252 * ipha_dst. We need the final destination for the calculation
3253 * of authentication data. And also make sure that mutable
3254 * and experimental fields are zeroed out in the IP options.
3255 */
3256
3257 bcopy(&oipha[1], &ipha[1], option_length);
3258
3259 for (optval = ipoptp_first(&opts, ipha);
3260 optval != IPOPT_EOL;
3261 optval = ipoptp_next(&opts)) {
3262 optptr = opts.ipoptp_cur;
3263 optlen = opts.ipoptp_len;
3264 switch (optval) {
3265 case IPOPT_EXTSEC:
3266 case IPOPT_COMSEC:
3267 case IPOPT_RA:
3268 case IPOPT_SDMDD:
3269 case IPOPT_SECURITY:
3270 /*
3271 * These options are Immutable, leave them as-is.
3272 * Note that IPOPT_NOP is also Immutable, but it
3273 * was skipped by ipoptp_next() and thus remains
3274 * intact in the header.
3275 */
3276 break;
3277 case IPOPT_SSRR:
3278 case IPOPT_LSRR:
3279 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0)
3280 goto bad_ipv4opt;
3281 /*
3282 * These two are mutable and will be zeroed, but
3283 * first get the final destination.
3284 */
3285 off = optptr[IPOPT_OFFSET];
3286 /*
3287 * If one of the conditions is true, it means
3288 * end of options and dst already has the right
3289 * value. So, just fall through.
3290 */
3291 if (!(optlen < IP_ADDR_LEN || off > optlen - 3)) {
3292 off = optlen - IP_ADDR_LEN;
3293 bcopy(&optptr[off], &dst, IP_ADDR_LEN);
3294 }
3295 /* FALLTHRU */
3296 case IPOPT_RR:
3297 case IPOPT_TS:
3298 case IPOPT_SATID:
3299 default:
3300 /*
3301 * optlen should include from the beginning of an
3302 * option.
3303 * NOTE : Stream Identifier Option (SID): RFC 791
3304 * shows the bit pattern of optlen as 2 and documents
3305 * the length as 4. We assume it to be 2 here.
3306 */
3307 bzero(optptr, optlen);
3308 break;
3309 }
3310 }
3311
3312 if ((opts.ipoptp_flags & IPOPTP_ERROR) != 0) {
3313 bad_ipv4opt:
3314 ah1dbg(ahstack, ("AH : bad IPv4 option"));
3315 freeb(phdr_mp);
3316 return (NULL);
3317 }
3318
3319 /*
3320 * Don't change ipha_dst for an inbound datagram as it points
3321 * to the right value. Only for the outbound with LSRR/SSRR,
3322 * because of ip_massage_options called by the ULP, ipha_dst
3323 * points to the first hop and we need to use the final
3324 * destination for computing the ICV.
3325 */
3326
3327 if (outbound)
3328 ipha->ipha_dst = dst;
3329 ah_hdr:
3330 ((ah_t *)((uint8_t *)ipha + ip_hdr_length))->ah_nexthdr =
3331 oipha->ipha_protocol;
3332 if (!ah_finish_up(((ah_t *)((uint8_t *)ipha + ip_hdr_length)),
3333 (outbound ? NULL : ((ah_t *)((uint8_t *)oipha + ip_hdr_length))),
3334 assoc, ah_data_sz, ah_align_sz, ahstack)) {
3335 freeb(phdr_mp);
3336 /*
3337 * Returning NULL will tell the caller to IPSA_REFELE(), free
3338 * the memory, etc.
3339 */
3340 return (NULL);
3341 }
3342
3343 phdr_mp->b_wptr = ((uchar_t *)ipha + ip_hdr_length +
3344 sizeof (ah_t) + ah_align_sz);
3345
3346 ASSERT(phdr_mp->b_wptr <= phdr_mp->b_datap->db_lim);
3347 if (outbound)
3348 *length_to_skip = ip_hdr_length;
3349 else
3350 *length_to_skip = ip_hdr_length + sizeof (ah_t) + ah_align_sz;
3351 return (phdr_mp);
3352 }
3353
3354 /*
3355 * Authenticate an outbound datagram. This function is called
3356 * whenever IP sends an outbound datagram that needs authentication.
3357 * Returns a modified packet if done. Returns NULL if error or queued.
3358 * If error return then ipIfStatsOutDiscards has been increased.
3359 */
3360 static mblk_t *
3361 ah_outbound(mblk_t *data_mp, ip_xmit_attr_t *ixa)
3362 {
3363 mblk_t *phdr_mp;
3364 ipsa_t *assoc;
3365 int length_to_skip;
3366 uint_t ah_align_sz;
3367 uint_t age_bytes;
3368 netstack_t *ns = ixa->ixa_ipst->ips_netstack;
3369 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
3370 ipsec_stack_t *ipss = ns->netstack_ipsec;
3371 ill_t *ill = ixa->ixa_nce->nce_ill;
3372 boolean_t need_refrele = B_FALSE;
3373
3374 /*
3375 * Construct the chain of mblks
3376 *
3377 * PSEUDO_HDR->DATA
3378 *
3379 * one by one.
3380 */
3381
3382 AH_BUMP_STAT(ahstack, out_requests);
3383
3384 ASSERT(data_mp->b_datap->db_type == M_DATA);
3385
3386 assoc = ixa->ixa_ipsec_ah_sa;
3387 ASSERT(assoc != NULL);
3388
3389
3390 /*
3391 * Get the outer IP header in shape to escape this system..
3392 */
3393 if (is_system_labeled() && (assoc->ipsa_otsl != NULL)) {
3394 /*
3395 * Need to update packet with any CIPSO option and update
3396 * ixa_tsl to capture the new label.
3397 * We allocate a separate ixa for that purpose.
3398 */
3399 ixa = ip_xmit_attr_duplicate(ixa);
3400 if (ixa == NULL) {
3401 ip_drop_packet(data_mp, B_FALSE, ill,
3402 DROPPER(ipss, ipds_ah_nomem),
3403 &ahstack->ah_dropper);
3404 return (NULL);
3405 }
3406 need_refrele = B_TRUE;
3407
3408 label_hold(assoc->ipsa_otsl);
3409 ip_xmit_attr_replace_tsl(ixa, assoc->ipsa_otsl);
3410
3411 data_mp = sadb_whack_label(data_mp, assoc, ixa,
3412 DROPPER(ipss, ipds_ah_nomem), &ahstack->ah_dropper);
3413 if (data_mp == NULL) {
3414 /* Packet dropped by sadb_whack_label */
3415 ixa_refrele(ixa);
3416 return (NULL);
3417 }
3418 }
3419
3420 /*
3421 * Age SA according to number of bytes that will be sent after
3422 * adding the AH header, ICV, and padding to the packet.
3423 */
3424
3425 if (ixa->ixa_flags & IXAF_IS_IPV4) {
3426 ipha_t *ipha = (ipha_t *)data_mp->b_rptr;
3427 ah_align_sz = P2ALIGN(assoc->ipsa_mac_len +
3428 IPV4_PADDING_ALIGN - 1, IPV4_PADDING_ALIGN);
3429 age_bytes = ntohs(ipha->ipha_length) + sizeof (ah_t) +
3430 ah_align_sz;
3431 } else {
3432 ip6_t *ip6h = (ip6_t *)data_mp->b_rptr;
3433 ah_align_sz = P2ALIGN(assoc->ipsa_mac_len +
3434 IPV6_PADDING_ALIGN - 1, IPV6_PADDING_ALIGN);
3435 age_bytes = sizeof (ip6_t) + ntohs(ip6h->ip6_plen) +
3436 sizeof (ah_t) + ah_align_sz;
3437 }
3438
3439 if (!ah_age_bytes(assoc, age_bytes, B_FALSE)) {
3440 /* rig things as if ipsec_getassocbyconn() failed */
3441 ipsec_assocfailure(info.mi_idnum, 0, 0, SL_ERROR | SL_WARN,
3442 "AH association 0x%x, dst %s had bytes expire.\n",
3443 ntohl(assoc->ipsa_spi), assoc->ipsa_dstaddr, AF_INET,
3444 ahstack->ipsecah_netstack);
3445 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
3446 ip_drop_output("ipIfStatsOutDiscards", data_mp, ill);
3447 freemsg(data_mp);
3448 if (need_refrele)
3449 ixa_refrele(ixa);
3450 return (NULL);
3451 }
3452
3453 /*
3454 * XXX We need to have fixed up the outer label before we get here.
3455 * (AH is computing the checksum over the outer label).
3456 */
3457
3458 /*
3459 * Insert pseudo header:
3460 * [IP, ULP] => [IP, AH, ICV] -> ULP
3461 */
3462
3463 if (ixa->ixa_flags & IXAF_IS_IPV4) {
3464 phdr_mp = ah_process_ip_options_v4(data_mp, assoc,
3465 &length_to_skip, assoc->ipsa_mac_len, B_TRUE, ahstack);
3466 } else {
3467 phdr_mp = ah_process_ip_options_v6(data_mp, assoc,
3468 &length_to_skip, assoc->ipsa_mac_len, B_TRUE, ahstack);
3469 }
3470
3471 if (phdr_mp == NULL) {
3472 AH_BUMP_STAT(ahstack, out_discards);
3473 ip_drop_packet(data_mp, B_FALSE, ixa->ixa_nce->nce_ill,
3474 DROPPER(ipss, ipds_ah_bad_v4_opts),
3475 &ahstack->ah_dropper);
3476 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
3477 if (need_refrele)
3478 ixa_refrele(ixa);
3479 return (NULL);
3480 }
3481
3482 phdr_mp->b_cont = data_mp;
3483 data_mp->b_rptr += length_to_skip;
3484 data_mp = phdr_mp;
3485
3486 /*
3487 * At this point data_mp points to
3488 * an mblk containing the pseudo header (IP header,
3489 * AH header, and ICV with mutable fields zero'ed out).
3490 * mp points to the mblk containing the ULP data. The original
3491 * IP header is kept before the ULP data in data_mp.
3492 */
3493
3494 /* submit MAC request to KCF */
3495 data_mp = ah_submit_req_outbound(data_mp, ixa, length_to_skip, assoc);
3496 if (need_refrele)
3497 ixa_refrele(ixa);
3498 return (data_mp);
3499 }
3500
3501 static mblk_t *
3502 ah_inbound(mblk_t *data_mp, void *arg, ip_recv_attr_t *ira)
3503 {
3504 ah_t *ah = (ah_t *)arg;
3505 ipsa_t *assoc = ira->ira_ipsec_ah_sa;
3506 int length_to_skip;
3507 int ah_length;
3508 mblk_t *phdr_mp;
3509 uint32_t ah_offset;
3510 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack;
3511 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
3512 ipsec_stack_t *ipss = ns->netstack_ipsec;
3513
3514 ASSERT(assoc != NULL);
3515
3516 /*
3517 * We may wish to check replay in-range-only here as an optimization.
3518 * Include the reality check of ipsa->ipsa_replay >
3519 * ipsa->ipsa_replay_wsize for times when it's the first N packets,
3520 * where N == ipsa->ipsa_replay_wsize.
3521 *
3522 * Another check that may come here later is the "collision" check.
3523 * If legitimate packets flow quickly enough, this won't be a problem,
3524 * but collisions may cause authentication algorithm crunching to
3525 * take place when it doesn't need to.
3526 */
3527 if (!sadb_replay_peek(assoc, ah->ah_replay)) {
3528 AH_BUMP_STAT(ahstack, replay_early_failures);
3529 IP_AH_BUMP_STAT(ipss, in_discards);
3530 ip_drop_packet(data_mp, B_TRUE, ira->ira_ill,
3531 DROPPER(ipss, ipds_ah_early_replay),
3532 &ahstack->ah_dropper);
3533 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
3534 return (NULL);
3535 }
3536
3537 /*
3538 * The offset of the AH header can be computed from its pointer
3539 * within the data mblk, which was pulled up until the AH header
3540 * by ipsec_inbound_ah_sa() during SA selection.
3541 */
3542 ah_offset = (uchar_t *)ah - data_mp->b_rptr;
3543
3544 /*
3545 * We need to pullup until the ICV before we call
3546 * ah_process_ip_options_v6.
3547 */
3548 ah_length = (ah->ah_length << 2) + 8;
3549
3550 /*
3551 * NOTE : If we want to use any field of IP/AH header, you need
3552 * to re-assign following the pullup.
3553 */
3554 if (((uchar_t *)ah + ah_length) > data_mp->b_wptr) {
3555 if (!pullupmsg(data_mp, (uchar_t *)ah + ah_length -
3556 data_mp->b_rptr)) {
3557 (void) ipsec_rl_strlog(ns, info.mi_idnum, 0, 0,
3558 SL_WARN | SL_ERROR,
3559 "ah_inbound: Small AH header\n");
3560 IP_AH_BUMP_STAT(ipss, in_discards);
3561 ip_drop_packet(data_mp, B_TRUE, ira->ira_ill,
3562 DROPPER(ipss, ipds_ah_nomem),
3563 &ahstack->ah_dropper);
3564 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
3565 return (NULL);
3566 }
3567 }
3568
3569 /*
3570 * Insert pseudo header:
3571 * [IP, ULP] => [IP, AH, ICV] -> ULP
3572 */
3573 if (ira->ira_flags & IRAF_IS_IPV4) {
3574 phdr_mp = ah_process_ip_options_v4(data_mp, assoc,
3575 &length_to_skip, assoc->ipsa_mac_len, B_FALSE, ahstack);
3576 } else {
3577 phdr_mp = ah_process_ip_options_v6(data_mp, assoc,
3578 &length_to_skip, assoc->ipsa_mac_len, B_FALSE, ahstack);
3579 }
3580
3581 if (phdr_mp == NULL) {
3582 IP_AH_BUMP_STAT(ipss, in_discards);
3583 ip_drop_packet(data_mp, B_TRUE, ira->ira_ill,
3584 ((ira->ira_flags & IRAF_IS_IPV4) ?
3585 DROPPER(ipss, ipds_ah_bad_v4_opts) :
3586 DROPPER(ipss, ipds_ah_bad_v6_hdrs)),
3587 &ahstack->ah_dropper);
3588 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
3589 return (NULL);
3590 }
3591
3592 phdr_mp->b_cont = data_mp;
3593 data_mp->b_rptr += length_to_skip;
3594 data_mp = phdr_mp;
3595
3596 /* submit request to KCF */
3597 return (ah_submit_req_inbound(data_mp, ira, length_to_skip, ah_offset,
3598 assoc));
3599 }
3600
3601 /*
3602 * Invoked after processing of an inbound packet by the
3603 * kernel crypto framework. Called by ah_submit_req() for a sync request,
3604 * or by the kcf callback for an async request.
3605 * Returns NULL if the mblk chain is consumed.
3606 */
3607 static mblk_t *
3608 ah_auth_in_done(mblk_t *phdr_mp, ip_recv_attr_t *ira, ipsec_crypto_t *ic)
3609 {
3610 ipha_t *ipha;
3611 uint_t ah_offset = 0;
3612 mblk_t *mp;
3613 int align_len, newpos;
3614 ah_t *ah;
3615 uint32_t length;
3616 uint32_t *dest32;
3617 uint8_t *dest;
3618 boolean_t isv4;
3619 ip6_t *ip6h;
3620 uint_t icv_len;
3621 ipsa_t *assoc;
3622 kstat_named_t *counter;
3623 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack;
3624 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
3625 ipsec_stack_t *ipss = ns->netstack_ipsec;
3626
3627 isv4 = (ira->ira_flags & IRAF_IS_IPV4);
3628 assoc = ira->ira_ipsec_ah_sa;
3629 icv_len = (uint_t)ic->ic_crypto_mac.cd_raw.iov_len;
3630
3631 if (phdr_mp == NULL) {
3632 ip_drop_packet(phdr_mp, B_TRUE, ira->ira_ill,
3633 DROPPER(ipss, ipds_ah_nomem),
3634 &ahstack->ah_dropper);
3635 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
3636 return (NULL);
3637 }
3638
3639 mp = phdr_mp->b_cont;
3640 if (mp == NULL) {
3641 ip_drop_packet(phdr_mp, B_TRUE, ira->ira_ill,
3642 DROPPER(ipss, ipds_ah_nomem),
3643 &ahstack->ah_dropper);
3644 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
3645 return (NULL);
3646 }
3647 mp->b_rptr -= ic->ic_skip_len;
3648
3649 ah_set_usetime(assoc, B_TRUE);
3650
3651 if (isv4) {
3652 ipha = (ipha_t *)mp->b_rptr;
3653 ah_offset = ipha->ipha_version_and_hdr_length -
3654 (uint8_t)((IP_VERSION << 4));
3655 ah_offset <<= 2;
3656 align_len = P2ALIGN(icv_len + IPV4_PADDING_ALIGN - 1,
3657 IPV4_PADDING_ALIGN);
3658 } else {
3659 ip6h = (ip6_t *)mp->b_rptr;
3660 ah_offset = ipsec_ah_get_hdr_size_v6(mp, B_TRUE);
3661 ASSERT((mp->b_wptr - mp->b_rptr) >= ah_offset);
3662 align_len = P2ALIGN(icv_len + IPV6_PADDING_ALIGN - 1,
3663 IPV6_PADDING_ALIGN);
3664 }
3665
3666 ah = (ah_t *)(mp->b_rptr + ah_offset);
3667 newpos = sizeof (ah_t) + align_len;
3668
3669 /*
3670 * We get here only when authentication passed.
3671 */
3672
3673 ah3dbg(ahstack, ("AH succeeded, checking replay\n"));
3674 AH_BUMP_STAT(ahstack, good_auth);
3675
3676 if (!sadb_replay_check(assoc, ah->ah_replay)) {
3677 int af;
3678 void *addr;
3679
3680 if (isv4) {
3681 addr = &ipha->ipha_dst;
3682 af = AF_INET;
3683 } else {
3684 addr = &ip6h->ip6_dst;
3685 af = AF_INET6;
3686 }
3687
3688 /*
3689 * Log the event. As of now we print out an event.
3690 * Do not print the replay failure number, or else
3691 * syslog cannot collate the error messages. Printing
3692 * the replay number that failed (or printing to the
3693 * console) opens a denial-of-service attack.
3694 */
3695 AH_BUMP_STAT(ahstack, replay_failures);
3696 ipsec_assocfailure(info.mi_idnum, 0, 0,
3697 SL_ERROR | SL_WARN,
3698 "Replay failed for AH spi %x, dst_addr %s",
3699 assoc->ipsa_spi, addr, af, ahstack->ipsecah_netstack);
3700 counter = DROPPER(ipss, ipds_ah_replay);
3701 goto ah_in_discard;
3702 }
3703
3704 /*
3705 * We need to remove the AH header from the original
3706 * datagram. Best way to do this is to move the pre-AH headers
3707 * forward in the (relatively simple) IPv4 case. In IPv6, it's
3708 * a bit more complicated because of IPv6's next-header chaining,
3709 * but it's doable.
3710 */
3711 if (isv4) {
3712 /*
3713 * Assign the right protocol, adjust the length as we
3714 * are removing the AH header and adjust the checksum to
3715 * account for the protocol and length.
3716 */
3717 length = ntohs(ipha->ipha_length);
3718 if (!ah_age_bytes(assoc, length, B_TRUE)) {
3719 /* The ipsa has hit hard expiration, LOG and AUDIT. */
3720 ipsec_assocfailure(info.mi_idnum, 0, 0,
3721 SL_ERROR | SL_WARN,
3722 "AH Association 0x%x, dst %s had bytes expire.\n",
3723 assoc->ipsa_spi, assoc->ipsa_dstaddr,
3724 AF_INET, ahstack->ipsecah_netstack);
3725 AH_BUMP_STAT(ahstack, bytes_expired);
3726 counter = DROPPER(ipss, ipds_ah_bytes_expire);
3727 goto ah_in_discard;
3728 }
3729 ipha->ipha_protocol = ah->ah_nexthdr;
3730 length -= newpos;
3731
3732 ipha->ipha_length = htons((uint16_t)length);
3733 ipha->ipha_hdr_checksum = 0;
3734 ipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(ipha);
3735 } else {
3736 uchar_t *whereptr;
3737 int hdrlen;
3738 uint8_t *nexthdr;
3739 ip6_hbh_t *hbhhdr;
3740 ip6_dest_t *dsthdr;
3741 ip6_rthdr0_t *rthdr;
3742
3743 /*
3744 * Make phdr_mp hold until the AH header and make
3745 * mp hold everything past AH header.
3746 */
3747 length = ntohs(ip6h->ip6_plen);
3748 if (!ah_age_bytes(assoc, length + sizeof (ip6_t), B_TRUE)) {
3749 /* The ipsa has hit hard expiration, LOG and AUDIT. */
3750 ipsec_assocfailure(info.mi_idnum, 0, 0,
3751 SL_ERROR | SL_WARN,
3752 "AH Association 0x%x, dst %s had bytes "
3753 "expire.\n", assoc->ipsa_spi, &ip6h->ip6_dst,
3754 AF_INET6, ahstack->ipsecah_netstack);
3755 AH_BUMP_STAT(ahstack, bytes_expired);
3756 counter = DROPPER(ipss, ipds_ah_bytes_expire);
3757 goto ah_in_discard;
3758 }
3759
3760 /*
3761 * Update the next header field of the header preceding
3762 * AH with the next header field of AH. Start with the
3763 * IPv6 header and proceed with the extension headers
3764 * until we find what we're looking for.
3765 */
3766 nexthdr = &ip6h->ip6_nxt;
3767 whereptr = (uchar_t *)ip6h;
3768 hdrlen = sizeof (ip6_t);
3769
3770 while (*nexthdr != IPPROTO_AH) {
3771 whereptr += hdrlen;
3772 /* Assume IP has already stripped it */
3773 ASSERT(*nexthdr != IPPROTO_FRAGMENT);
3774 switch (*nexthdr) {
3775 case IPPROTO_HOPOPTS:
3776 hbhhdr = (ip6_hbh_t *)whereptr;
3777 nexthdr = &hbhhdr->ip6h_nxt;
3778 hdrlen = 8 * (hbhhdr->ip6h_len + 1);
3779 break;
3780 case IPPROTO_DSTOPTS:
3781 dsthdr = (ip6_dest_t *)whereptr;
3782 nexthdr = &dsthdr->ip6d_nxt;
3783 hdrlen = 8 * (dsthdr->ip6d_len + 1);
3784 break;
3785 case IPPROTO_ROUTING:
3786 rthdr = (ip6_rthdr0_t *)whereptr;
3787 nexthdr = &rthdr->ip6r0_nxt;
3788 hdrlen = 8 * (rthdr->ip6r0_len + 1);
3789 break;
3790 }
3791 }
3792 *nexthdr = ah->ah_nexthdr;
3793 length -= newpos;
3794 ip6h->ip6_plen = htons((uint16_t)length);
3795 }
3796
3797 /* Now that we've fixed the IP header, move it forward. */
3798 mp->b_rptr += newpos;
3799 if (IS_P2ALIGNED(mp->b_rptr, sizeof (uint32_t))) {
3800 dest32 = (uint32_t *)(mp->b_rptr + ah_offset);
3801 while (--dest32 >= (uint32_t *)mp->b_rptr)
3802 *dest32 = *(dest32 - (newpos >> 2));
3803 } else {
3804 dest = mp->b_rptr + ah_offset;
3805 while (--dest >= mp->b_rptr)
3806 *dest = *(dest - newpos);
3807 }
3808 freeb(phdr_mp);
3809
3810 /*
3811 * If SA is labelled, use its label, else inherit the label
3812 */
3813 if (is_system_labeled() && (assoc->ipsa_tsl != NULL)) {
3814 if (!ip_recv_attr_replace_label(ira, assoc->ipsa_tsl)) {
3815 ip_drop_packet(mp, B_TRUE, ira->ira_ill,
3816 DROPPER(ipss, ipds_ah_nomem), &ahstack->ah_dropper);
3817 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
3818 return (NULL);
3819 }
3820 }
3821
3822 return (mp);
3823
3824 ah_in_discard:
3825 IP_AH_BUMP_STAT(ipss, in_discards);
3826 ip_drop_packet(phdr_mp, B_TRUE, ira->ira_ill, counter,
3827 &ahstack->ah_dropper);
3828 BUMP_MIB(ira->ira_ill->ill_ip_mib, ipIfStatsInDiscards);
3829 return (NULL);
3830 }
3831
3832 /*
3833 * Invoked after processing of an outbound packet by the
3834 * kernel crypto framework, either by ah_submit_req() for a request
3835 * executed syncrhonously, or by the KEF callback for a request
3836 * executed asynchronously.
3837 */
3838 static mblk_t *
3839 ah_auth_out_done(mblk_t *phdr_mp, ip_xmit_attr_t *ixa, ipsec_crypto_t *ic)
3840 {
3841 mblk_t *mp;
3842 int align_len;
3843 uint32_t hdrs_length;
3844 uchar_t *ptr;
3845 uint32_t length;
3846 boolean_t isv4;
3847 size_t icv_len;
3848 netstack_t *ns = ixa->ixa_ipst->ips_netstack;
3849 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
3850 ipsec_stack_t *ipss = ns->netstack_ipsec;
3851 ill_t *ill = ixa->ixa_nce->nce_ill;
3852
3853 isv4 = (ixa->ixa_flags & IXAF_IS_IPV4);
3854 icv_len = ic->ic_crypto_mac.cd_raw.iov_len;
3855
3856 mp = phdr_mp->b_cont;
3857 if (mp == NULL) {
3858 ip_drop_packet(phdr_mp, B_FALSE, ill,
3859 DROPPER(ipss, ipds_ah_nomem),
3860 &ahstack->ah_dropper);
3861 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards);
3862 return (NULL);
3863 }
3864 mp->b_rptr -= ic->ic_skip_len;
3865
3866 ASSERT(ixa->ixa_flags & IXAF_IPSEC_SECURE);
3867 ASSERT(ixa->ixa_ipsec_ah_sa != NULL);
3868 ah_set_usetime(ixa->ixa_ipsec_ah_sa, B_FALSE);
3869
3870 if (isv4) {
3871 ipha_t *ipha;
3872 ipha_t *nipha;
3873
3874 ipha = (ipha_t *)mp->b_rptr;
3875 hdrs_length = ipha->ipha_version_and_hdr_length -
3876 (uint8_t)((IP_VERSION << 4));
3877 hdrs_length <<= 2;
3878 align_len = P2ALIGN(icv_len + IPV4_PADDING_ALIGN - 1,
3879 IPV4_PADDING_ALIGN);
3880 /*
3881 * phdr_mp must have the right amount of space for the
3882 * combined IP and AH header. Copy the IP header and
3883 * the ack_data onto AH. Note that the AH header was
3884 * already formed before the ICV calculation and hence
3885 * you don't have to copy it here.
3886 */
3887 bcopy(mp->b_rptr, phdr_mp->b_rptr, hdrs_length);
3888
3889 ptr = phdr_mp->b_rptr + hdrs_length + sizeof (ah_t);
3890 bcopy(phdr_mp->b_wptr, ptr, icv_len);
3891
3892 /*
3893 * Compute the new header checksum as we are assigning
3894 * IPPROTO_AH and adjusting the length here.
3895 */
3896 nipha = (ipha_t *)phdr_mp->b_rptr;
3897
3898 nipha->ipha_protocol = IPPROTO_AH;
3899 length = ntohs(nipha->ipha_length);
3900 length += (sizeof (ah_t) + align_len);
3901 nipha->ipha_length = htons((uint16_t)length);
3902 nipha->ipha_hdr_checksum = 0;
3903 nipha->ipha_hdr_checksum = (uint16_t)ip_csum_hdr(nipha);
3904 } else {
3905 ip6_t *ip6h;
3906 ip6_t *nip6h;
3907 uint_t ah_offset;
3908
3909 ip6h = (ip6_t *)mp->b_rptr;
3910 nip6h = (ip6_t *)phdr_mp->b_rptr;
3911 align_len = P2ALIGN(icv_len + IPV6_PADDING_ALIGN - 1,
3912 IPV6_PADDING_ALIGN);
3913 /*
3914 * phdr_mp must have the right amount of space for the
3915 * combined IP and AH header. Copy the IP header with
3916 * options into the pseudo header. When we constructed
3917 * a pseudo header, we did not copy some of the mutable
3918 * fields. We do it now by calling ah_fix_phdr_v6()
3919 * with the last argument B_TRUE. It returns the
3920 * ah_offset into the pseudo header.
3921 */
3922
3923 bcopy(ip6h, nip6h, IPV6_HDR_LEN);
3924 ah_offset = ah_fix_phdr_v6(nip6h, ip6h, B_TRUE, B_TRUE);
3925 ASSERT(ah_offset != 0);
3926 /*
3927 * phdr_mp can hold exactly the whole IP header with options
3928 * plus the AH header also. Thus subtracting the AH header's
3929 * size should give exactly how much of the original header
3930 * should be skipped.
3931 */
3932 hdrs_length = (phdr_mp->b_wptr - phdr_mp->b_rptr) -
3933 sizeof (ah_t) - icv_len;
3934 bcopy(phdr_mp->b_wptr, ((uint8_t *)nip6h + ah_offset +
3935 sizeof (ah_t)), icv_len);
3936 length = ntohs(nip6h->ip6_plen);
3937 length += (sizeof (ah_t) + align_len);
3938 nip6h->ip6_plen = htons((uint16_t)length);
3939 }
3940
3941 /* Skip the original IP header */
3942 mp->b_rptr += hdrs_length;
3943 if (mp->b_rptr == mp->b_wptr) {
3944 phdr_mp->b_cont = mp->b_cont;
3945 freeb(mp);
3946 }
3947
3948 return (phdr_mp);
3949 }
3950
3951 /* Refactor me */
3952 /*
3953 * Wrapper to allow IP to trigger an AH association failure message
3954 * during SA inbound selection.
3955 */
3956 void
3957 ipsecah_in_assocfailure(mblk_t *mp, char level, ushort_t sl, char *fmt,
3958 uint32_t spi, void *addr, int af, ip_recv_attr_t *ira)
3959 {
3960 netstack_t *ns = ira->ira_ill->ill_ipst->ips_netstack;
3961 ipsecah_stack_t *ahstack = ns->netstack_ipsecah;
3962 ipsec_stack_t *ipss = ns->netstack_ipsec;
3963
3964 if (ahstack->ipsecah_log_unknown_spi) {
3965 ipsec_assocfailure(info.mi_idnum, 0, level, sl, fmt, spi,
3966 addr, af, ahstack->ipsecah_netstack);
3967 }
3968
3969 ip_drop_packet(mp, B_TRUE, ira->ira_ill,
3970 DROPPER(ipss, ipds_ah_no_sa),
3971 &ahstack->ah_dropper);
3972 }
3973
3974 /*
3975 * Initialize the AH input and output processing functions.
3976 */
3977 void
3978 ipsecah_init_funcs(ipsa_t *sa)
3979 {
3980 if (sa->ipsa_output_func == NULL)
3981 sa->ipsa_output_func = ah_outbound;
3982 if (sa->ipsa_input_func == NULL)
3983 sa->ipsa_input_func = ah_inbound;
3984 }