1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _INET_SADB_H 27 #define _INET_SADB_H 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 #include <inet/ipsec_info.h> 34 #include <sys/crypto/common.h> 35 #include <sys/crypto/api.h> 36 #include <sys/note.h> 37 38 #define IPSA_MAX_ADDRLEN 4 /* Max address len. (in 32-bits) for an SA. */ 39 40 #define MAXSALTSIZE 8 41 42 /* 43 * For combined mode ciphers, store the crypto_mechanism_t in the 44 * per-packet ipsec_in_t/ipsec_out_t structures. This is because the PARAMS 45 * and nonce values change for each packet. For non-combined mode 46 * ciphers, these values are constant for the life of the SA. 47 */ 48 typedef struct ipsa_cm_mech_s { 49 crypto_mechanism_t combined_mech; 50 union { 51 CK_AES_CCM_PARAMS paramu_ccm; 52 CK_AES_GCM_PARAMS paramu_gcm; 53 } paramu; 54 uint8_t nonce[MAXSALTSIZE + sizeof (uint64_t)]; 55 #define param_ulMACSize paramu.paramu_ccm.ulMACSize 56 #define param_ulNonceSize paramu.paramu_ccm.ipsa_ulNonceSize 57 #define param_ulAuthDataSize paramu.paramu_ccm.ipsa_ulAuthDataSize 58 #define param_ulDataSize paramu.paramu_ccm.ipsa_ulDataSize 59 #define param_nonce paramu.paramu_ccm.nonce 60 #define param_authData paramu.paramu_ccm.authData 61 #define param_pIv paramu.paramu_gcm.ipsa_pIv 62 #define param_ulIvLen paramu.paramu_gcm.ulIvLen 63 #define param_ulIvBits paramu.paramu_gcm.ulIvBits 64 #define param_pAAD paramu.paramu_gcm.pAAD 65 #define param_ulAADLen paramu.paramu_gcm.ulAADLen 66 #define param_ulTagBits paramu.paramu_gcm.ulTagBits 67 } ipsa_cm_mech_t; 68 69 /* 70 * The Initialization Vector (also known as IV or Nonce) used to 71 * initialize the Block Cipher, is made up of a Counter and a Salt. 72 * The Counter is fixed at 64 bits and is incremented for each packet. 73 * The Salt value can be any whole byte value upto 64 bits. This is 74 * algorithm mode specific and can be configured with ipsecalgs(1m). 75 * 76 * We only support whole byte salt lengths, this is because the salt is 77 * stored in an array of uint8_t's. This is enforced by ipsecalgs(1m) 78 * which configures the salt length as a number of bytes. Checks are 79 * made to ensure the salt length defined in ipsecalgs(1m) fits in 80 * the ipsec_nonce_t. 81 * 82 * The Salt value remains constant for the life of the SA, the Salt is 83 * know to both peers, but NOT transmitted on the network. The Counter 84 * portion of the nonce is transmitted over the network with each packet 85 * and is confusingly described as the Initialization Vector by RFCs 86 * 4309/4106. 87 * 88 * The maximum Initialization Vector length is 128 bits, if the actual 89 * size is less, its padded internally by the algorithm. 90 * 91 * The nonce structure is defined like this in the SA (ipsa_t)to ensure 92 * the Initilization Vector (counter) is 64 bit aligned, because it will 93 * be incremented as an uint64_t. The nonce as used by the algorithms is 94 * a straight uint8_t array. 95 * 96 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 97 * | | | | |x|x|x|x| | 98 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 99 * salt_offset <------> 100 * ipsa_saltlen <-------> 101 * ipsa_nonce_buf------^ 102 * ipsa_salt-------------~~~~~~^ 103 * ipsa_nonce------------~~~~~~^ 104 * ipsa_iv-----------------------------^ 105 */ 106 typedef struct ipsec_nonce_s { 107 uint8_t salt[MAXSALTSIZE]; 108 uint64_t iv; 109 } ipsec_nonce_t; 110 111 /* 112 * IP security association. Synchronization assumes 32-bit loads, so 113 * the 64-bit quantities can't even be be read w/o locking it down! 114 */ 115 116 /* keying info */ 117 typedef struct ipsa_key_s { 118 uint8_t *sak_key; /* Algorithm key. */ 119 uint_t sak_keylen; /* Algorithm key length (in bytes). */ 120 uint_t sak_keybits; /* Algorithm key length (in bits) */ 121 uint_t sak_algid; /* Algorithm ID number. */ 122 } ipsa_key_t; 123 124 typedef struct ipsa_s { 125 struct ipsa_s *ipsa_next; /* Next in hash bucket */ 126 struct ipsa_s **ipsa_ptpn; /* Pointer to previous next pointer. */ 127 kmutex_t *ipsa_linklock; /* Pointer to hash-chain lock. */ 128 void (*ipsa_freefunc)(struct ipsa_s *); /* freeassoc function */ 129 void (*ipsa_noncefunc)(struct ipsa_s *, uchar_t *, 130 uint_t, uchar_t *, ipsa_cm_mech_t *, crypto_data_t *); 131 /* 132 * NOTE: I may need more pointers, depending on future SA 133 * requirements. 134 */ 135 ipsa_key_t ipsa_authkeydata; 136 #define ipsa_authkey ipsa_authkeydata.sak_key 137 #define ipsa_authkeylen ipsa_authkeydata.sak_keylen 138 #define ipsa_authkeybits ipsa_authkeydata.sak_keybits 139 #define ipsa_auth_alg ipsa_authkeydata.sak_algid 140 ipsa_key_t ipsa_encrkeydata; 141 #define ipsa_encrkey ipsa_encrkeydata.sak_key 142 #define ipsa_encrkeylen ipsa_encrkeydata.sak_keylen 143 #define ipsa_encrkeybits ipsa_encrkeydata.sak_keybits 144 #define ipsa_encr_alg ipsa_encrkeydata.sak_algid 145 146 struct ipsid_s *ipsa_src_cid; /* Source certificate identity */ 147 struct ipsid_s *ipsa_dst_cid; /* Destination certificate identity */ 148 mblk_t *ipsa_lpkt; /* Packet received while larval (CAS me) */ 149 mblk_t *ipsa_bpkt_head; /* Packets received while idle */ 150 mblk_t *ipsa_bpkt_tail; 151 #define SADB_MAX_IDLEPKTS 100 152 uint8_t ipsa_mblkcnt; /* Number of packets received while idle */ 153 154 /* 155 * PF_KEYv2 supports a replay window size of 255. Hence there is a 156 * need a bit vector to support a replay window of 255. 256 is a nice 157 * round number, so I support that. 158 * 159 * Use an array of uint64_t for best performance on 64-bit 160 * processors. (And hope that 32-bit compilers can handle things 161 * okay.) The " >> 6 " is to get the appropriate number of 64-bit 162 * ints. 163 */ 164 #define SADB_MAX_REPLAY 256 /* Must be 0 mod 64. */ 165 uint64_t ipsa_replay_arr[SADB_MAX_REPLAY >> 6]; 166 167 uint64_t ipsa_unique_id; /* Non-zero for unique SAs */ 168 uint64_t ipsa_unique_mask; /* mask value for unique_id */ 169 170 /* 171 * Reference count semantics: 172 * 173 * An SA has a reference count of 1 if something's pointing 174 * to it. This includes being in a hash table. So if an 175 * SA is in a hash table, it has a reference count of at least 1. 176 * 177 * When a ptr. to an IPSA is assigned, you MUST REFHOLD after 178 * said assignment. When a ptr. to an IPSA is released 179 * you MUST REFRELE. When the refcount hits 0, REFRELE 180 * will free the IPSA. 181 */ 182 kmutex_t ipsa_lock; /* Locks non-linkage/refcnt fields. */ 183 /* Q: Since I may be doing refcnts differently, will I need cv? */ 184 uint_t ipsa_refcnt; /* Reference count. */ 185 186 /* 187 * The following four time fields are the ones monitored by ah_ager() 188 * and esp_ager() respectively. They are all absolute wall-clock 189 * times. The times of creation (i.e. add time) and first use are 190 * pretty straightforward. The soft and hard expire times are 191 * derived from the times of first use and creation, plus the minimum 192 * expiration times in the fields that follow this. 193 * 194 * For example, if I had a hard add time of 30 seconds, and a hard 195 * use time of 15, the ipsa_hardexpiretime would be time of add, plus 196 * 30 seconds. If I USE the SA such that time of first use plus 15 197 * seconds would be earlier than the add time plus 30 seconds, then 198 * ipsa_hardexpiretime would become this earlier time. 199 */ 200 time_t ipsa_addtime; /* Time I was added. */ 201 time_t ipsa_usetime; /* Time of my first use. */ 202 time_t ipsa_lastuse; /* Time of my last use. */ 203 time_t ipsa_idletime; /* Seconds of idle time */ 204 time_t ipsa_last_nat_t_ka; /* Time of my last NAT-T keepalive. */ 205 time_t ipsa_softexpiretime; /* Time of my first soft expire. */ 206 time_t ipsa_hardexpiretime; /* Time of my first hard expire. */ 207 time_t ipsa_idleexpiretime; /* Time of my next idle expire time */ 208 209 struct ipsec_nonce_s *ipsa_nonce_buf; 210 uint8_t *ipsa_nonce; 211 uint_t ipsa_nonce_len; 212 uint8_t *ipsa_salt; 213 uint_t ipsa_saltbits; 214 uint_t ipsa_saltlen; 215 uint64_t *ipsa_iv; 216 217 uint64_t ipsa_iv_hardexpire; 218 uint64_t ipsa_iv_softexpire; 219 /* 220 * The following fields are directly reflected in PF_KEYv2 LIFETIME 221 * extensions. The time_ts are in number-of-seconds, and the bytes 222 * are in... bytes. 223 */ 224 time_t ipsa_softaddlt; /* Seconds of soft lifetime after add. */ 225 time_t ipsa_softuselt; /* Seconds of soft lifetime after first use. */ 226 time_t ipsa_hardaddlt; /* Seconds of hard lifetime after add. */ 227 time_t ipsa_harduselt; /* Seconds of hard lifetime after first use. */ 228 time_t ipsa_idleaddlt; /* Seconds of idle time after add */ 229 time_t ipsa_idleuselt; /* Seconds of idle time after first use */ 230 uint64_t ipsa_softbyteslt; /* Bytes of soft lifetime. */ 231 uint64_t ipsa_hardbyteslt; /* Bytes of hard lifetime. */ 232 uint64_t ipsa_bytes; /* Bytes encrypted/authed by this SA. */ 233 234 /* 235 * "Allocations" are a concept mentioned in PF_KEYv2. We do not 236 * support them, except to record them per the PF_KEYv2 spec. 237 */ 238 uint_t ipsa_softalloc; /* Allocations allowed (soft). */ 239 uint_t ipsa_hardalloc; /* Allocations allowed (hard). */ 240 uint_t ipsa_alloc; /* Allocations made. */ 241 242 uint_t ipsa_type; /* Type of security association. (AH/etc.) */ 243 uint_t ipsa_state; /* State of my association. */ 244 uint_t ipsa_replay_wsize; /* Size of replay window */ 245 uint32_t ipsa_flags; /* Flags for security association. */ 246 uint32_t ipsa_spi; /* Security parameters index. */ 247 uint32_t ipsa_replay; /* Highest seen replay value for this SA. */ 248 uint32_t ipsa_kmp; /* key management proto */ 249 uint32_t ipsa_kmc; /* key management cookie */ 250 251 boolean_t ipsa_haspeer; /* Has peer in another table. */ 252 253 /* 254 * Address storage. 255 * The source address can be INADDR_ANY, IN6ADDR_ANY, etc. 256 * 257 * Address families (per sys/socket.h) guide us. We could have just 258 * used sockaddr_storage 259 */ 260 sa_family_t ipsa_addrfam; 261 sa_family_t ipsa_innerfam; /* Inner AF can be != src/dst AF. */ 262 263 uint32_t ipsa_srcaddr[IPSA_MAX_ADDRLEN]; 264 uint32_t ipsa_dstaddr[IPSA_MAX_ADDRLEN]; 265 uint32_t ipsa_innersrc[IPSA_MAX_ADDRLEN]; 266 uint32_t ipsa_innerdst[IPSA_MAX_ADDRLEN]; 267 268 uint8_t ipsa_innersrcpfx; 269 uint8_t ipsa_innerdstpfx; 270 271 uint16_t ipsa_inbound_cksum; /* cksum correction for inbound packets */ 272 uint16_t ipsa_local_nat_port; /* Local NAT-T port. (0 --> 4500) */ 273 uint16_t ipsa_remote_nat_port; /* The other port that isn't 4500 */ 274 275 /* these can only be v4 */ 276 uint32_t ipsa_natt_addr_loc; 277 uint32_t ipsa_natt_addr_rem; 278 279 /* 280 * icmp type and code. *_end are to specify ranges. if only 281 * a single value, * and *_end are the same value. 282 */ 283 uint8_t ipsa_icmp_type; 284 uint8_t ipsa_icmp_type_end; 285 uint8_t ipsa_icmp_code; 286 uint8_t ipsa_icmp_code_end; 287 288 /* 289 * For the kernel crypto framework. 290 */ 291 crypto_key_t ipsa_kcfauthkey; /* authentication key */ 292 crypto_key_t ipsa_kcfencrkey; /* encryption key */ 293 crypto_ctx_template_t ipsa_authtmpl; /* auth context template */ 294 crypto_ctx_template_t ipsa_encrtmpl; /* encr context template */ 295 crypto_mechanism_t ipsa_amech; /* auth mech type and ICV len */ 296 crypto_mechanism_t ipsa_emech; /* encr mech type */ 297 size_t ipsa_mac_len; /* auth MAC/ICV length */ 298 size_t ipsa_iv_len; /* encr IV length */ 299 size_t ipsa_datalen; /* block length in bytes. */ 300 301 /* 302 * Input and output processing functions called from IP. 303 * The mblk_t is the data; the IPsec information is in the attributes 304 * Returns NULL if the mblk is consumed which it is if there was 305 * a failure or if pending. If failure then 306 * the ipIfInDiscards/OutDiscards counters are increased. 307 */ 308 mblk_t *(*ipsa_output_func)(mblk_t *, ip_xmit_attr_t *); 309 mblk_t *(*ipsa_input_func)(mblk_t *, void *, ip_recv_attr_t *); 310 311 /* 312 * Soft reference to paired SA 313 */ 314 uint32_t ipsa_otherspi; 315 netstack_t *ipsa_netstack; /* Does not have a netstack_hold */ 316 317 ts_label_t *ipsa_tsl; /* MLS: label attributes */ 318 ts_label_t *ipsa_otsl; /* MLS: outer label */ 319 uint8_t ipsa_mac_exempt; /* MLS: mac exempt flag */ 320 uchar_t ipsa_opt_storage[IP_MAX_OPT_LENGTH]; 321 } ipsa_t; 322 323 /* 324 * ipsa_t address handling macros. We want these to be inlined, and deal 325 * with 32-bit words to avoid bcmp/bcopy calls. 326 * 327 * Assume we only have AF_INET and AF_INET6 addresses for now. Also assume 328 * that we have 32-bit alignment on everything. 329 */ 330 #define IPSA_IS_ADDR_UNSPEC(addr, fam) ((((uint32_t *)(addr))[0] == 0) && \ 331 (((fam) == AF_INET) || (((uint32_t *)(addr))[3] == 0 && \ 332 ((uint32_t *)(addr))[2] == 0 && ((uint32_t *)(addr))[1] == 0))) 333 #define IPSA_ARE_ADDR_EQUAL(addr1, addr2, fam) \ 334 ((((uint32_t *)(addr1))[0] == ((uint32_t *)(addr2))[0]) && \ 335 (((fam) == AF_INET) || \ 336 (((uint32_t *)(addr1))[3] == ((uint32_t *)(addr2))[3] && \ 337 ((uint32_t *)(addr1))[2] == ((uint32_t *)(addr2))[2] && \ 338 ((uint32_t *)(addr1))[1] == ((uint32_t *)(addr2))[1]))) 339 #define IPSA_COPY_ADDR(dstaddr, srcaddr, fam) { \ 340 ((uint32_t *)(dstaddr))[0] = ((uint32_t *)(srcaddr))[0]; \ 341 if ((fam) == AF_INET6) {\ 342 ((uint32_t *)(dstaddr))[1] = ((uint32_t *)(srcaddr))[1]; \ 343 ((uint32_t *)(dstaddr))[2] = ((uint32_t *)(srcaddr))[2]; \ 344 ((uint32_t *)(dstaddr))[3] = ((uint32_t *)(srcaddr))[3]; } } 345 346 /* 347 * ipsa_t reference hold/release macros. 348 * 349 * If you have a pointer, you REFHOLD. If you are releasing a pointer, you 350 * REFRELE. An ipsa_t that is newly inserted into the table should have 351 * a reference count of 1 (for the table's pointer), plus 1 more for every 352 * pointer that is referencing the ipsa_t. 353 */ 354 355 #define IPSA_REFHOLD(ipsa) { \ 356 atomic_add_32(&(ipsa)->ipsa_refcnt, 1); \ 357 ASSERT((ipsa)->ipsa_refcnt != 0); \ 358 } 359 360 /* 361 * Decrement the reference count on the SA. 362 * In architectures e.g sun4u, where atomic_add_32_nv is just 363 * a cas, we need to maintain the right memory barrier semantics 364 * as that of mutex_exit i.e all the loads and stores should complete 365 * before the cas is executed. membar_exit() does that here. 366 */ 367 368 #define IPSA_REFRELE(ipsa) { \ 369 ASSERT((ipsa)->ipsa_refcnt != 0); \ 370 membar_exit(); \ 371 if (atomic_add_32_nv(&(ipsa)->ipsa_refcnt, -1) == 0) \ 372 ((ipsa)->ipsa_freefunc)(ipsa); \ 373 } 374 375 /* 376 * Security association hash macros and definitions. For now, assume the 377 * IPsec model, and hash outbounds on destination address, and inbounds on 378 * SPI. 379 */ 380 381 #define IPSEC_DEFAULT_HASH_SIZE 256 382 383 #define INBOUND_HASH(sadb, spi) ((spi) % ((sadb)->sdb_hashsize)) 384 #define OUTBOUND_HASH_V4(sadb, v4addr) ((v4addr) % ((sadb)->sdb_hashsize)) 385 #define OUTBOUND_HASH_V6(sadb, v6addr) OUTBOUND_HASH_V4((sadb), \ 386 (*(uint32_t *)&(v6addr)) ^ (*(((uint32_t *)&(v6addr)) + 1)) ^ \ 387 (*(((uint32_t *)&(v6addr)) + 2)) ^ (*(((uint32_t *)&(v6addr)) + 3))) 388 389 /* 390 * Syntactic sugar to find the appropriate hash bucket directly. 391 */ 392 393 #define INBOUND_BUCKET(sadb, spi) &(((sadb)->sdb_if)[INBOUND_HASH(sadb, spi)]) 394 #define OUTBOUND_BUCKET_V4(sadb, v4addr) \ 395 &(((sadb)->sdb_of)[OUTBOUND_HASH_V4(sadb, v4addr)]) 396 #define OUTBOUND_BUCKET_V6(sadb, v6addr) \ 397 &(((sadb)->sdb_of)[OUTBOUND_HASH_V6(sadb, v6addr)]) 398 399 #define IPSA_F_PFS SADB_SAFLAGS_PFS /* PFS in use for this SA? */ 400 #define IPSA_F_NOREPFLD SADB_SAFLAGS_NOREPLAY /* No replay field, for */ 401 /* backward compat. */ 402 #define IPSA_F_USED SADB_X_SAFLAGS_USED /* SA has been used. */ 403 #define IPSA_F_UNIQUE SADB_X_SAFLAGS_UNIQUE /* SA is unique */ 404 #define IPSA_F_AALG1 SADB_X_SAFLAGS_AALG1 /* Auth alg flag 1 */ 405 #define IPSA_F_AALG2 SADB_X_SAFLAGS_AALG2 /* Auth alg flag 2 */ 406 #define IPSA_F_EALG1 SADB_X_SAFLAGS_EALG1 /* Encrypt alg flag 1 */ 407 #define IPSA_F_EALG2 SADB_X_SAFLAGS_EALG2 /* Encrypt alg flag 2 */ 408 409 #define IPSA_F_ASYNC 0x200000 /* Call KCF asynchronously? */ 410 #define IPSA_F_NATT_LOC SADB_X_SAFLAGS_NATT_LOC 411 #define IPSA_F_NATT_REM SADB_X_SAFLAGS_NATT_REM 412 #define IPSA_F_BEHIND_NAT SADB_X_SAFLAGS_NATTED 413 #define IPSA_F_NATT (SADB_X_SAFLAGS_NATT_LOC | SADB_X_SAFLAGS_NATT_REM | \ 414 SADB_X_SAFLAGS_NATTED) 415 #define IPSA_F_CINVALID 0x40000 /* SA shouldn't be cached */ 416 #define IPSA_F_PAIRED SADB_X_SAFLAGS_PAIRED /* SA is one of a pair */ 417 #define IPSA_F_OUTBOUND SADB_X_SAFLAGS_OUTBOUND /* SA direction bit */ 418 #define IPSA_F_INBOUND SADB_X_SAFLAGS_INBOUND /* SA direction bit */ 419 #define IPSA_F_TUNNEL SADB_X_SAFLAGS_TUNNEL 420 /* 421 * These flags are only defined here to prevent a flag value collision. 422 */ 423 #define IPSA_F_COMBINED SADB_X_SAFLAGS_EALG1 /* Defined in pfkeyv2.h */ 424 #define IPSA_F_COUNTERMODE SADB_X_SAFLAGS_EALG2 /* Defined in pfkeyv2.h */ 425 426 /* 427 * Sets of flags that are allowed to by set or modified by PF_KEY apps. 428 */ 429 #define AH_UPDATE_SETTABLE_FLAGS \ 430 (SADB_X_SAFLAGS_PAIRED | SADB_SAFLAGS_NOREPLAY | \ 431 SADB_X_SAFLAGS_OUTBOUND | SADB_X_SAFLAGS_INBOUND | \ 432 SADB_X_SAFLAGS_KM1 | SADB_X_SAFLAGS_KM2 | \ 433 SADB_X_SAFLAGS_KM3 | SADB_X_SAFLAGS_KM4) 434 435 /* AH can't set NAT flags (or even use NAT). Add NAT flags to the ESP set. */ 436 #define ESP_UPDATE_SETTABLE_FLAGS (AH_UPDATE_SETTABLE_FLAGS | IPSA_F_NATT) 437 438 #define AH_ADD_SETTABLE_FLAGS \ 439 (AH_UPDATE_SETTABLE_FLAGS | SADB_X_SAFLAGS_AALG1 | \ 440 SADB_X_SAFLAGS_AALG2 | SADB_X_SAFLAGS_TUNNEL | \ 441 SADB_SAFLAGS_NOREPLAY) 442 443 /* AH can't set NAT flags (or even use NAT). Add NAT flags to the ESP set. */ 444 #define ESP_ADD_SETTABLE_FLAGS (AH_ADD_SETTABLE_FLAGS | IPSA_F_NATT | \ 445 SADB_X_SAFLAGS_EALG1 | SADB_X_SAFLAGS_EALG2) 446 447 448 449 /* SA states are important for handling UPDATE PF_KEY messages. */ 450 #define IPSA_STATE_LARVAL SADB_SASTATE_LARVAL 451 #define IPSA_STATE_MATURE SADB_SASTATE_MATURE 452 #define IPSA_STATE_DYING SADB_SASTATE_DYING 453 #define IPSA_STATE_DEAD SADB_SASTATE_DEAD 454 #define IPSA_STATE_IDLE SADB_X_SASTATE_IDLE 455 #define IPSA_STATE_ACTIVE_ELSEWHERE SADB_X_SASTATE_ACTIVE_ELSEWHERE 456 457 /* 458 * NOTE: If the document authors do things right in defining algorithms, we'll 459 * probably have flags for what all is here w.r.t. replay, ESP w/HMAC, 460 * etc. 461 */ 462 463 #define IPSA_T_ACQUIRE SEC_TYPE_NONE /* If this typed returned, sa needed */ 464 #define IPSA_T_AH SEC_TYPE_AH /* IPsec AH association */ 465 #define IPSA_T_ESP SEC_TYPE_ESP /* IPsec ESP association */ 466 467 #define IPSA_AALG_NONE SADB_AALG_NONE /* No auth. algorithm */ 468 #define IPSA_AALG_MD5H SADB_AALG_MD5HMAC /* MD5-HMAC algorithm */ 469 #define IPSA_AALG_SHA1H SADB_AALG_SHA1HMAC /* SHA1-HMAC algorithm */ 470 471 #define IPSA_EALG_NONE SADB_EALG_NONE /* No encryption algorithm */ 472 #define IPSA_EALG_DES_CBC SADB_EALG_DESCBC 473 #define IPSA_EALG_3DES SADB_EALG_3DESCBC 474 475 /* 476 * Protect each ipsa_t bucket (and linkage) with a lock. 477 */ 478 479 typedef struct isaf_s { 480 ipsa_t *isaf_ipsa; 481 kmutex_t isaf_lock; 482 uint64_t isaf_gen; 483 } isaf_t; 484 485 /* 486 * ACQUIRE record. If AH/ESP/whatever cannot find an association for outbound 487 * traffic, it sends up an SADB_ACQUIRE message and create an ACQUIRE record. 488 */ 489 490 #define IPSACQ_MAXPACKETS 4 /* Number of packets that can be queued up */ 491 /* waiting for an ACQUIRE to finish. */ 492 493 typedef struct ipsacq_s { 494 struct ipsacq_s *ipsacq_next; 495 struct ipsacq_s **ipsacq_ptpn; 496 kmutex_t *ipsacq_linklock; 497 struct ipsec_policy_s *ipsacq_policy; 498 struct ipsec_action_s *ipsacq_act; 499 500 sa_family_t ipsacq_addrfam; /* Address family. */ 501 sa_family_t ipsacq_inneraddrfam; /* Inner-packet address family. */ 502 int ipsacq_numpackets; /* How many packets queued up so far. */ 503 uint32_t ipsacq_seq; /* PF_KEY sequence number. */ 504 uint64_t ipsacq_unique_id; /* Unique ID for SAs that need it. */ 505 506 kmutex_t ipsacq_lock; /* Protects non-linkage fields. */ 507 time_t ipsacq_expire; /* Wall-clock time when this record expires. */ 508 mblk_t *ipsacq_mp; /* List of datagrams waiting for an SA. */ 509 510 /* These two point inside the last mblk inserted. */ 511 uint32_t *ipsacq_srcaddr; 512 uint32_t *ipsacq_dstaddr; 513 514 /* Cache these instead of point so we can mask off accordingly */ 515 uint32_t ipsacq_innersrc[IPSA_MAX_ADDRLEN]; 516 uint32_t ipsacq_innerdst[IPSA_MAX_ADDRLEN]; 517 518 /* These may change per-acquire. */ 519 uint16_t ipsacq_srcport; 520 uint16_t ipsacq_dstport; 521 uint8_t ipsacq_proto; 522 uint8_t ipsacq_inner_proto; 523 uint8_t ipsacq_innersrcpfx; 524 uint8_t ipsacq_innerdstpfx; 525 526 /* icmp type and code of triggering packet (if applicable) */ 527 uint8_t ipsacq_icmp_type; 528 uint8_t ipsacq_icmp_code; 529 530 /* label associated with triggering packet */ 531 ts_label_t *ipsacq_tsl; 532 } ipsacq_t; 533 534 /* 535 * Kernel-generated sequence numbers will be no less than 0x80000000 to 536 * forestall any cretinous problems with manual keying accidentally updating 537 * an ACQUIRE entry. 538 */ 539 #define IACQF_LOWEST_SEQ 0x80000000 540 541 #define SADB_AGE_INTERVAL_DEFAULT 8000 542 543 /* 544 * ACQUIRE fanout. Protect each linkage with a lock. 545 */ 546 547 typedef struct iacqf_s { 548 ipsacq_t *iacqf_ipsacq; 549 kmutex_t iacqf_lock; 550 } iacqf_t; 551 552 /* 553 * A (network protocol, ipsec protocol) specific SADB. 554 * (i.e., one each for {ah, esp} and {v4, v6}. 555 * 556 * Keep outbound assocs in a simple hash table for now. 557 * One danger point, multiple SAs for a single dest will clog a bucket. 558 * For the future, consider two-level hashing (2nd hash on IPC?), then probe. 559 */ 560 561 typedef struct sadb_s 562 { 563 isaf_t *sdb_of; 564 isaf_t *sdb_if; 565 iacqf_t *sdb_acq; 566 int sdb_hashsize; 567 } sadb_t; 568 569 /* 570 * A pair of SADB's (one for v4, one for v6), and related state (including 571 * acquire callbacks). 572 */ 573 574 typedef struct sadbp_s 575 { 576 uint32_t s_satype; 577 uint32_t *s_acquire_timeout; 578 void (*s_acqfn)(ipsacq_t *, mblk_t *, netstack_t *); 579 sadb_t s_v4; 580 sadb_t s_v6; 581 uint32_t s_addflags; 582 uint32_t s_updateflags; 583 } sadbp_t; 584 585 /* 586 * A pair of SA's for a single connection, the structure contains a 587 * pointer to a SA and the SA its paired with (opposite direction) as well 588 * as the SA's respective hash buckets. 589 */ 590 typedef struct ipsap_s 591 { 592 boolean_t in_inbound_table; 593 isaf_t *ipsap_bucket; 594 ipsa_t *ipsap_sa_ptr; 595 isaf_t *ipsap_pbucket; 596 ipsa_t *ipsap_psa_ptr; 597 } ipsap_t; 598 599 typedef struct templist_s 600 { 601 ipsa_t *ipsa; 602 struct templist_s *next; 603 } templist_t; 604 605 /* Pointer to an all-zeroes IPv6 address. */ 606 #define ALL_ZEROES_PTR ((uint32_t *)&ipv6_all_zeros) 607 608 /* 609 * Form unique id from ip_xmit_attr_t. 610 */ 611 #define SA_FORM_UNIQUE_ID(ixa) \ 612 SA_UNIQUE_ID((ixa)->ixa_ipsec_src_port, (ixa)->ixa_ipsec_dst_port, \ 613 (((ixa)->ixa_flags & IXAF_IPSEC_TUNNEL) ? \ 614 ((ixa)->ixa_ipsec_inaf == AF_INET6 ? \ 615 IPPROTO_IPV6 : IPPROTO_ENCAP) : \ 616 (ixa)->ixa_ipsec_proto), \ 617 (((ixa)->ixa_flags & IXAF_IPSEC_TUNNEL) ? \ 618 (ixa)->ixa_ipsec_proto : 0)) 619 620 /* 621 * This macro is used to generate unique ids (along with the addresses, both 622 * inner and outer) for outbound datagrams that require unique SAs. 623 * 624 * N.B. casts and unsigned shift amounts discourage unwarranted 625 * sign extension of dstport, proto, and iproto. 626 * 627 * Unique ID is 64-bits allocated as follows (pardon my big-endian bias): 628 * 629 * 6 4 43 33 11 630 * 3 7 09 21 65 0 631 * +---------------*-------+-------+--------------+---------------+ 632 * | MUST-BE-ZERO |<iprot>|<proto>| <src port> | <dest port> | 633 * +---------------*-------+-------+--------------+---------------+ 634 * 635 * If there are inner addresses (tunnel mode) the ports come from the 636 * inner addresses. If there are no inner addresses, the ports come from 637 * the outer addresses (transport mode). Tunnel mode MUST have <proto> 638 * set to either IPPROTO_ENCAP or IPPPROTO_IPV6. 639 */ 640 #define SA_UNIQUE_ID(srcport, dstport, proto, iproto) \ 641 ((srcport) | ((uint64_t)(dstport) << 16U) | \ 642 ((uint64_t)(proto) << 32U) | ((uint64_t)(iproto) << 40U)) 643 644 /* 645 * SA_UNIQUE_MASK generates a mask value to use when comparing the unique value 646 * from a packet to an SA. 647 */ 648 649 #define SA_UNIQUE_MASK(srcport, dstport, proto, iproto) \ 650 SA_UNIQUE_ID((srcport != 0) ? 0xffff : 0, \ 651 (dstport != 0) ? 0xffff : 0, \ 652 (proto != 0) ? 0xff : 0, \ 653 (iproto != 0) ? 0xff : 0) 654 655 /* 656 * Decompose unique id back into its original fields. 657 */ 658 #define SA_IPROTO(ipsa) ((ipsa)->ipsa_unique_id>>40)&0xff 659 #define SA_PROTO(ipsa) ((ipsa)->ipsa_unique_id>>32)&0xff 660 #define SA_SRCPORT(ipsa) ((ipsa)->ipsa_unique_id & 0xffff) 661 #define SA_DSTPORT(ipsa) (((ipsa)->ipsa_unique_id >> 16) & 0xffff) 662 663 typedef struct ipsa_query_s ipsa_query_t; 664 665 typedef boolean_t (*ipsa_match_fn_t)(ipsa_query_t *, ipsa_t *); 666 667 #define IPSA_NMATCH 10 668 669 /* 670 * SADB query structure. 671 * 672 * Provide a generalized mechanism for matching entries in the SADB; 673 * one of these structures is initialized using sadb_form_query(), 674 * and then can be used as a parameter to sadb_match_query() which returns 675 * B_TRUE if the SA matches the query. 676 * 677 * Under the covers, sadb_form_query populates the matchers[] array with 678 * functions which are called one at a time until one fails to match. 679 */ 680 struct ipsa_query_s { 681 uint32_t req, match; 682 sadb_address_t *srcext, *dstext; 683 sadb_ident_t *srcid, *dstid; 684 sadb_x_kmc_t *kmcext; 685 sadb_sa_t *assoc; 686 uint32_t spi; 687 struct sockaddr_in *src; 688 struct sockaddr_in6 *src6; 689 struct sockaddr_in *dst; 690 struct sockaddr_in6 *dst6; 691 sa_family_t af; 692 uint32_t *srcaddr, *dstaddr; 693 uint32_t ifindex; 694 uint32_t kmc, kmp; 695 char *didstr, *sidstr; 696 uint16_t didtype, sidtype; 697 sadbp_t *spp; 698 sadb_t *sp; 699 isaf_t *inbound, *outbound; 700 uint32_t outhash; 701 uint32_t inhash; 702 ipsa_match_fn_t matchers[IPSA_NMATCH]; 703 }; 704 705 #define IPSA_Q_SA 0x00000001 706 #define IPSA_Q_DST 0x00000002 707 #define IPSA_Q_SRC 0x00000004 708 #define IPSA_Q_DSTID 0x00000008 709 #define IPSA_Q_SRCID 0x00000010 710 #define IPSA_Q_KMC 0x00000020 711 #define IPSA_Q_INBOUND 0x00000040 /* fill in inbound isaf_t */ 712 #define IPSA_Q_OUTBOUND 0x00000080 /* fill in outbound isaf_t */ 713 714 int sadb_form_query(keysock_in_t *, uint32_t, uint32_t, ipsa_query_t *, int *); 715 boolean_t sadb_match_query(ipsa_query_t *q, ipsa_t *sa); 716 717 718 /* 719 * All functions that return an ipsa_t will return it with IPSA_REFHOLD() 720 * already called. 721 */ 722 723 /* SA retrieval (inbound and outbound) */ 724 ipsa_t *ipsec_getassocbyspi(isaf_t *, uint32_t, uint32_t *, uint32_t *, 725 sa_family_t); 726 ipsa_t *ipsec_getassocbyconn(isaf_t *, ip_xmit_attr_t *, uint32_t *, uint32_t *, 727 sa_family_t, uint8_t, ts_label_t *); 728 729 /* SA insertion. */ 730 int sadb_insertassoc(ipsa_t *, isaf_t *); 731 732 /* SA table construction and destruction. */ 733 void sadbp_init(const char *name, sadbp_t *, int, int, netstack_t *); 734 void sadbp_flush(sadbp_t *, netstack_t *); 735 void sadbp_destroy(sadbp_t *, netstack_t *); 736 737 /* SA insertion and deletion. */ 738 int sadb_insertassoc(ipsa_t *, isaf_t *); 739 void sadb_unlinkassoc(ipsa_t *); 740 741 /* Support routines to interface a keysock consumer to PF_KEY. */ 742 mblk_t *sadb_keysock_out(minor_t); 743 int sadb_hardsoftchk(sadb_lifetime_t *, sadb_lifetime_t *, sadb_lifetime_t *); 744 int sadb_labelchk(struct keysock_in_s *); 745 void sadb_pfkey_echo(queue_t *, mblk_t *, sadb_msg_t *, struct keysock_in_s *, 746 ipsa_t *); 747 void sadb_pfkey_error(queue_t *, mblk_t *, int, int, uint_t); 748 void sadb_keysock_hello(queue_t **, queue_t *, mblk_t *, void (*)(void *), 749 void *, timeout_id_t *, int); 750 int sadb_addrcheck(queue_t *, mblk_t *, sadb_ext_t *, uint_t, netstack_t *); 751 boolean_t sadb_addrfix(keysock_in_t *, queue_t *, mblk_t *, netstack_t *); 752 int sadb_addrset(ire_t *); 753 int sadb_delget_sa(mblk_t *, keysock_in_t *, sadbp_t *, int *, queue_t *, 754 uint8_t); 755 756 int sadb_purge_sa(mblk_t *, keysock_in_t *, sadb_t *, int *, queue_t *); 757 int sadb_common_add(queue_t *, mblk_t *, sadb_msg_t *, 758 keysock_in_t *, isaf_t *, isaf_t *, ipsa_t *, boolean_t, boolean_t, int *, 759 netstack_t *, sadbp_t *); 760 void sadb_set_usetime(ipsa_t *); 761 boolean_t sadb_age_bytes(queue_t *, ipsa_t *, uint64_t, boolean_t); 762 int sadb_update_sa(mblk_t *, keysock_in_t *, mblk_t **, sadbp_t *, 763 int *, queue_t *, int (*)(mblk_t *, keysock_in_t *, int *, netstack_t *), 764 netstack_t *, uint8_t); 765 void sadb_acquire(mblk_t *, ip_xmit_attr_t *, boolean_t, boolean_t); 766 void gcm_params_init(ipsa_t *, uchar_t *, uint_t, uchar_t *, ipsa_cm_mech_t *, 767 crypto_data_t *); 768 void ccm_params_init(ipsa_t *, uchar_t *, uint_t, uchar_t *, ipsa_cm_mech_t *, 769 crypto_data_t *); 770 void cbc_params_init(ipsa_t *, uchar_t *, uint_t, uchar_t *, ipsa_cm_mech_t *, 771 crypto_data_t *); 772 773 void sadb_destroy_acquire(ipsacq_t *, netstack_t *); 774 struct ipsec_stack; 775 mblk_t *sadb_setup_acquire(ipsacq_t *, uint8_t, struct ipsec_stack *); 776 ipsa_t *sadb_getspi(keysock_in_t *, uint32_t, int *, netstack_t *, uint_t); 777 void sadb_in_acquire(sadb_msg_t *, sadbp_t *, queue_t *, netstack_t *); 778 boolean_t sadb_replay_check(ipsa_t *, uint32_t); 779 boolean_t sadb_replay_peek(ipsa_t *, uint32_t); 780 int sadb_dump(queue_t *, mblk_t *, keysock_in_t *, sadb_t *); 781 void sadb_replay_delete(ipsa_t *); 782 void sadb_ager(sadb_t *, queue_t *, int, netstack_t *); 783 784 timeout_id_t sadb_retimeout(hrtime_t, queue_t *, void (*)(void *), void *, 785 uint_t *, uint_t, short); 786 void sadb_sa_refrele(void *target); 787 mblk_t *sadb_set_lpkt(ipsa_t *, mblk_t *, ip_recv_attr_t *); 788 mblk_t *sadb_clear_lpkt(ipsa_t *); 789 void sadb_buf_pkt(ipsa_t *, mblk_t *, ip_recv_attr_t *); 790 void sadb_clear_buf_pkt(void *ipkt); 791 792 /* Note that buf_pkt is the product of ip_recv_attr_to_mblk() */ 793 #define HANDLE_BUF_PKT(taskq, stack, dropper, buf_pkt) \ 794 { \ 795 if (buf_pkt != NULL) { \ 796 if (taskq_dispatch(taskq, sadb_clear_buf_pkt, \ 797 (void *) buf_pkt, TQ_NOSLEEP) == 0) { \ 798 /* Dispatch was unsuccessful drop the packets. */ \ 799 mblk_t *tmp; \ 800 while (buf_pkt != NULL) { \ 801 tmp = buf_pkt->b_next; \ 802 buf_pkt->b_next = NULL; \ 803 buf_pkt = ip_recv_attr_free_mblk(buf_pkt); \ 804 ip_drop_packet(buf_pkt, B_TRUE, NULL, \ 805 DROPPER(stack, \ 806 ipds_sadb_inidle_timeout), \ 807 &dropper); \ 808 buf_pkt = tmp; \ 809 } \ 810 } \ 811 } \ 812 } \ 813 814 /* 815 * Two IPsec rate-limiting routines. 816 */ 817 /*PRINTFLIKE6*/ 818 extern void ipsec_rl_strlog(netstack_t *, short, short, char, 819 ushort_t, char *, ...) 820 __KPRINTFLIKE(6); 821 extern void ipsec_assocfailure(short, short, char, ushort_t, char *, uint32_t, 822 void *, int, netstack_t *); 823 824 /* 825 * Algorithm types. 826 */ 827 828 #define IPSEC_NALGTYPES 2 829 830 typedef enum ipsec_algtype { 831 IPSEC_ALG_AUTH = 0, 832 IPSEC_ALG_ENCR = 1, 833 IPSEC_ALG_ALL = 2 834 } ipsec_algtype_t; 835 836 /* 837 * Definitions as per IPsec/ISAKMP DOI. 838 */ 839 840 #define IPSEC_MAX_ALGS 256 841 #define PROTO_IPSEC_AH 2 842 #define PROTO_IPSEC_ESP 3 843 844 /* 845 * Common algorithm info. 846 */ 847 typedef struct ipsec_alginfo 848 { 849 uint8_t alg_id; 850 uint8_t alg_flags; 851 uint16_t *alg_key_sizes; 852 uint16_t *alg_block_sizes; 853 uint16_t *alg_params; 854 uint16_t alg_nkey_sizes; 855 uint16_t alg_ivlen; 856 uint16_t alg_icvlen; 857 uint8_t alg_saltlen; 858 uint16_t alg_nblock_sizes; 859 uint16_t alg_nparams; 860 uint16_t alg_minbits; 861 uint16_t alg_maxbits; 862 uint16_t alg_datalen; 863 /* 864 * increment: number of bits from keysize to keysize 865 * default: # of increments from min to default key len 866 */ 867 uint16_t alg_increment; 868 uint16_t alg_default; 869 uint16_t alg_default_bits; 870 /* 871 * Min, max, and default key sizes effectively supported 872 * by the encryption framework. 873 */ 874 uint16_t alg_ef_minbits; 875 uint16_t alg_ef_maxbits; 876 uint16_t alg_ef_default; 877 uint16_t alg_ef_default_bits; 878 879 crypto_mech_type_t alg_mech_type; /* KCF mechanism type */ 880 crypto_mech_name_t alg_mech_name; /* KCF mechanism name */ 881 } ipsec_alginfo_t; 882 883 #define alg_datalen alg_block_sizes[0] 884 #define ALG_VALID(_alg) ((_alg)->alg_flags & ALG_FLAG_VALID) 885 886 /* 887 * Software crypto execution mode. 888 */ 889 typedef enum { 890 IPSEC_ALGS_EXEC_SYNC = 0, 891 IPSEC_ALGS_EXEC_ASYNC = 1 892 } ipsec_algs_exec_mode_t; 893 894 extern void ipsec_alg_reg(ipsec_algtype_t, ipsec_alginfo_t *, netstack_t *); 895 extern void ipsec_alg_unreg(ipsec_algtype_t, uint8_t, netstack_t *); 896 extern void ipsec_alg_fix_min_max(ipsec_alginfo_t *, ipsec_algtype_t, 897 netstack_t *ns); 898 extern void alg_flag_check(ipsec_alginfo_t *); 899 extern void ipsec_alg_free(ipsec_alginfo_t *); 900 extern void ipsec_register_prov_update(void); 901 extern void sadb_alg_update(ipsec_algtype_t, uint8_t, boolean_t, netstack_t *); 902 903 extern int sadb_sens_len_from_label(ts_label_t *); 904 extern void sadb_sens_from_label(sadb_sens_t *, int, ts_label_t *, int); 905 906 /* 907 * Context templates management. 908 */ 909 910 #define IPSEC_CTX_TMPL_ALLOC ((crypto_ctx_template_t)-1) 911 #define IPSEC_CTX_TMPL(_sa, _which, _type, _tmpl) { \ 912 if ((_tmpl = (_sa)->_which) == IPSEC_CTX_TMPL_ALLOC) { \ 913 mutex_enter(&assoc->ipsa_lock); \ 914 if ((_sa)->_which == IPSEC_CTX_TMPL_ALLOC) { \ 915 ipsec_stack_t *ipss; \ 916 \ 917 ipss = assoc->ipsa_netstack->netstack_ipsec; \ 918 mutex_enter(&ipss->ipsec_alg_lock); \ 919 (void) ipsec_create_ctx_tmpl(_sa, _type); \ 920 mutex_exit(&ipss->ipsec_alg_lock); \ 921 } \ 922 mutex_exit(&assoc->ipsa_lock); \ 923 if ((_tmpl = (_sa)->_which) == IPSEC_CTX_TMPL_ALLOC) \ 924 _tmpl = NULL; \ 925 } \ 926 } 927 928 extern int ipsec_create_ctx_tmpl(ipsa_t *, ipsec_algtype_t); 929 extern void ipsec_destroy_ctx_tmpl(ipsa_t *, ipsec_algtype_t); 930 931 /* key checking */ 932 extern int ipsec_check_key(crypto_mech_type_t, sadb_key_t *, boolean_t, int *); 933 934 typedef struct ipsec_kstats_s { 935 kstat_named_t esp_stat_in_requests; 936 kstat_named_t esp_stat_in_discards; 937 kstat_named_t esp_stat_lookup_failure; 938 kstat_named_t ah_stat_in_requests; 939 kstat_named_t ah_stat_in_discards; 940 kstat_named_t ah_stat_lookup_failure; 941 kstat_named_t sadb_acquire_maxpackets; 942 kstat_named_t sadb_acquire_qhiwater; 943 } ipsec_kstats_t; 944 945 /* 946 * (ipss)->ipsec_kstats is equal to (ipss)->ipsec_ksp->ks_data if 947 * kstat_create_netstack for (ipss)->ipsec_ksp succeeds, but when it 948 * fails, it will be NULL. Note this is done for all stack instances, 949 * so it *could* fail. hence a non-NULL checking is done for 950 * IP_ESP_BUMP_STAT, IP_AH_BUMP_STAT and IP_ACQUIRE_STAT 951 */ 952 #define IP_ESP_BUMP_STAT(ipss, x) \ 953 do { \ 954 if ((ipss)->ipsec_kstats != NULL) \ 955 ((ipss)->ipsec_kstats->esp_stat_ ## x).value.ui64++; \ 956 _NOTE(CONSTCOND) \ 957 } while (0) 958 959 #define IP_AH_BUMP_STAT(ipss, x) \ 960 do { \ 961 if ((ipss)->ipsec_kstats != NULL) \ 962 ((ipss)->ipsec_kstats->ah_stat_ ## x).value.ui64++; \ 963 _NOTE(CONSTCOND) \ 964 } while (0) 965 966 #define IP_ACQUIRE_STAT(ipss, val, new) \ 967 do { \ 968 if ((ipss)->ipsec_kstats != NULL && \ 969 ((uint64_t)(new)) > \ 970 ((ipss)->ipsec_kstats->sadb_acquire_ ## val).value.ui64) \ 971 ((ipss)->ipsec_kstats->sadb_acquire_ ## val).value.ui64 = \ 972 ((uint64_t)(new)); \ 973 _NOTE(CONSTCOND) \ 974 } while (0) 975 976 977 #ifdef __cplusplus 978 } 979 #endif 980 981 #endif /* _INET_SADB_H */ 982