4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
33 #include <inet/ipsec_info.h>
34 #include <sys/crypto/common.h>
35 #include <sys/crypto/api.h>
38 #define IPSA_MAX_ADDRLEN 4 /* Max address len. (in 32-bits) for an SA. */
43 * For combined mode ciphers, store the crypto_mechanism_t in the
44 * per-packet ipsec_in_t/ipsec_out_t structures. This is because the PARAMS
45 * and nonce values change for each packet. For non-combined mode
46 * ciphers, these values are constant for the life of the SA.
48 typedef struct ipsa_cm_mech_s
{
49 crypto_mechanism_t combined_mech
;
51 CK_AES_CCM_PARAMS paramu_ccm
;
52 CK_AES_GCM_PARAMS paramu_gcm
;
54 uint8_t nonce
[MAXSALTSIZE
+ sizeof (uint64_t)];
55 #define param_ulMACSize paramu.paramu_ccm.ulMACSize
56 #define param_ulNonceSize paramu.paramu_ccm.ipsa_ulNonceSize
57 #define param_ulAuthDataSize paramu.paramu_ccm.ipsa_ulAuthDataSize
58 #define param_ulDataSize paramu.paramu_ccm.ipsa_ulDataSize
59 #define param_nonce paramu.paramu_ccm.nonce
60 #define param_authData paramu.paramu_ccm.authData
61 #define param_pIv paramu.paramu_gcm.ipsa_pIv
62 #define param_ulIvLen paramu.paramu_gcm.ulIvLen
63 #define param_ulIvBits paramu.paramu_gcm.ulIvBits
64 #define param_pAAD paramu.paramu_gcm.pAAD
65 #define param_ulAADLen paramu.paramu_gcm.ulAADLen
66 #define param_ulTagBits paramu.paramu_gcm.ulTagBits
70 * The Initialization Vector (also known as IV or Nonce) used to
71 * initialize the Block Cipher, is made up of a Counter and a Salt.
72 * The Counter is fixed at 64 bits and is incremented for each packet.
73 * The Salt value can be any whole byte value upto 64 bits. This is
74 * algorithm mode specific and can be configured with ipsecalgs(1m).
76 * We only support whole byte salt lengths, this is because the salt is
77 * stored in an array of uint8_t's. This is enforced by ipsecalgs(1m)
78 * which configures the salt length as a number of bytes. Checks are
79 * made to ensure the salt length defined in ipsecalgs(1m) fits in
82 * The Salt value remains constant for the life of the SA, the Salt is
83 * know to both peers, but NOT transmitted on the network. The Counter
84 * portion of the nonce is transmitted over the network with each packet
85 * and is confusingly described as the Initialization Vector by RFCs
88 * The maximum Initialization Vector length is 128 bits, if the actual
89 * size is less, its padded internally by the algorithm.
91 * The nonce structure is defined like this in the SA (ipsa_t)to ensure
92 * the Initilization Vector (counter) is 64 bit aligned, because it will
93 * be incremented as an uint64_t. The nonce as used by the algorithms is
94 * a straight uint8_t array.
96 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
98 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
99 * salt_offset <------>
100 * ipsa_saltlen <------->
101 * ipsa_nonce_buf------^
102 * ipsa_salt-------------~~~~~~^
103 * ipsa_nonce------------~~~~~~^
104 * ipsa_iv-----------------------------^
106 typedef struct ipsec_nonce_s
{
107 uint8_t salt
[MAXSALTSIZE
];
112 * IP security association. Synchronization assumes 32-bit loads, so
113 * the 64-bit quantities can't even be be read w/o locking it down!
117 typedef struct ipsa_key_s
{
118 uint8_t *sak_key
; /* Algorithm key. */
119 uint_t sak_keylen
; /* Algorithm key length (in bytes). */
120 uint_t sak_keybits
; /* Algorithm key length (in bits) */
121 uint_t sak_algid
; /* Algorithm ID number. */
124 typedef struct ipsa_s
{
125 struct ipsa_s
*ipsa_next
; /* Next in hash bucket */
126 struct ipsa_s
**ipsa_ptpn
; /* Pointer to previous next pointer. */
127 kmutex_t
*ipsa_linklock
; /* Pointer to hash-chain lock. */
128 void (*ipsa_freefunc
)(struct ipsa_s
*); /* freeassoc function */
129 void (*ipsa_noncefunc
)(struct ipsa_s
*, uchar_t
*,
130 uint_t
, uchar_t
*, ipsa_cm_mech_t
*, crypto_data_t
*);
132 * NOTE: I may need more pointers, depending on future SA
135 ipsa_key_t ipsa_authkeydata
;
136 #define ipsa_authkey ipsa_authkeydata.sak_key
137 #define ipsa_authkeylen ipsa_authkeydata.sak_keylen
138 #define ipsa_authkeybits ipsa_authkeydata.sak_keybits
139 #define ipsa_auth_alg ipsa_authkeydata.sak_algid
140 ipsa_key_t ipsa_encrkeydata
;
141 #define ipsa_encrkey ipsa_encrkeydata.sak_key
142 #define ipsa_encrkeylen ipsa_encrkeydata.sak_keylen
143 #define ipsa_encrkeybits ipsa_encrkeydata.sak_keybits
144 #define ipsa_encr_alg ipsa_encrkeydata.sak_algid
146 struct ipsid_s
*ipsa_src_cid
; /* Source certificate identity */
147 struct ipsid_s
*ipsa_dst_cid
; /* Destination certificate identity */
148 mblk_t
*ipsa_lpkt
; /* Packet received while larval (CAS me) */
149 mblk_t
*ipsa_bpkt_head
; /* Packets received while idle */
150 mblk_t
*ipsa_bpkt_tail
;
151 #define SADB_MAX_IDLEPKTS 100
152 uint8_t ipsa_mblkcnt
; /* Number of packets received while idle */
155 * PF_KEYv2 supports a replay window size of 255. Hence there is a
156 * need a bit vector to support a replay window of 255. 256 is a nice
157 * round number, so I support that.
159 * Use an array of uint64_t for best performance on 64-bit
160 * processors. (And hope that 32-bit compilers can handle things
161 * okay.) The " >> 6 " is to get the appropriate number of 64-bit
164 #define SADB_MAX_REPLAY 256 /* Must be 0 mod 64. */
165 uint64_t ipsa_replay_arr
[SADB_MAX_REPLAY
>> 6];
167 uint64_t ipsa_unique_id
; /* Non-zero for unique SAs */
168 uint64_t ipsa_unique_mask
; /* mask value for unique_id */
171 * Reference count semantics:
173 * An SA has a reference count of 1 if something's pointing
174 * to it. This includes being in a hash table. So if an
175 * SA is in a hash table, it has a reference count of at least 1.
177 * When a ptr. to an IPSA is assigned, you MUST REFHOLD after
178 * said assignment. When a ptr. to an IPSA is released
179 * you MUST REFRELE. When the refcount hits 0, REFRELE
180 * will free the IPSA.
182 kmutex_t ipsa_lock
; /* Locks non-linkage/refcnt fields. */
183 /* Q: Since I may be doing refcnts differently, will I need cv? */
184 uint_t ipsa_refcnt
; /* Reference count. */
187 * The following four time fields are the ones monitored by ah_ager()
188 * and esp_ager() respectively. They are all absolute wall-clock
189 * times. The times of creation (i.e. add time) and first use are
190 * pretty straightforward. The soft and hard expire times are
191 * derived from the times of first use and creation, plus the minimum
192 * expiration times in the fields that follow this.
194 * For example, if I had a hard add time of 30 seconds, and a hard
195 * use time of 15, the ipsa_hardexpiretime would be time of add, plus
196 * 30 seconds. If I USE the SA such that time of first use plus 15
197 * seconds would be earlier than the add time plus 30 seconds, then
198 * ipsa_hardexpiretime would become this earlier time.
200 time_t ipsa_addtime
; /* Time I was added. */
201 time_t ipsa_usetime
; /* Time of my first use. */
202 time_t ipsa_lastuse
; /* Time of my last use. */
203 time_t ipsa_idletime
; /* Seconds of idle time */
204 time_t ipsa_last_nat_t_ka
; /* Time of my last NAT-T keepalive. */
205 time_t ipsa_softexpiretime
; /* Time of my first soft expire. */
206 time_t ipsa_hardexpiretime
; /* Time of my first hard expire. */
207 time_t ipsa_idleexpiretime
; /* Time of my next idle expire time */
209 struct ipsec_nonce_s
*ipsa_nonce_buf
;
211 uint_t ipsa_nonce_len
;
213 uint_t ipsa_saltbits
;
217 uint64_t ipsa_iv_hardexpire
;
218 uint64_t ipsa_iv_softexpire
;
220 * The following fields are directly reflected in PF_KEYv2 LIFETIME
221 * extensions. The time_ts are in number-of-seconds, and the bytes
224 time_t ipsa_softaddlt
; /* Seconds of soft lifetime after add. */
225 time_t ipsa_softuselt
; /* Seconds of soft lifetime after first use. */
226 time_t ipsa_hardaddlt
; /* Seconds of hard lifetime after add. */
227 time_t ipsa_harduselt
; /* Seconds of hard lifetime after first use. */
228 time_t ipsa_idleaddlt
; /* Seconds of idle time after add */
229 time_t ipsa_idleuselt
; /* Seconds of idle time after first use */
230 uint64_t ipsa_softbyteslt
; /* Bytes of soft lifetime. */
231 uint64_t ipsa_hardbyteslt
; /* Bytes of hard lifetime. */
232 uint64_t ipsa_bytes
; /* Bytes encrypted/authed by this SA. */
235 * "Allocations" are a concept mentioned in PF_KEYv2. We do not
236 * support them, except to record them per the PF_KEYv2 spec.
238 uint_t ipsa_softalloc
; /* Allocations allowed (soft). */
239 uint_t ipsa_hardalloc
; /* Allocations allowed (hard). */
240 uint_t ipsa_alloc
; /* Allocations made. */
242 uint_t ipsa_type
; /* Type of security association. (AH/etc.) */
243 uint_t ipsa_state
; /* State of my association. */
244 uint_t ipsa_replay_wsize
; /* Size of replay window */
245 uint32_t ipsa_flags
; /* Flags for security association. */
246 uint32_t ipsa_spi
; /* Security parameters index. */
247 uint32_t ipsa_replay
; /* Highest seen replay value for this SA. */
248 uint32_t ipsa_kmp
; /* key management proto */
249 uint32_t ipsa_kmc
; /* key management cookie */
251 boolean_t ipsa_haspeer
; /* Has peer in another table. */
255 * The source address can be INADDR_ANY, IN6ADDR_ANY, etc.
257 * Address families (per sys/socket.h) guide us. We could have just
258 * used sockaddr_storage
260 sa_family_t ipsa_addrfam
;
261 sa_family_t ipsa_innerfam
; /* Inner AF can be != src/dst AF. */
263 uint32_t ipsa_srcaddr
[IPSA_MAX_ADDRLEN
];
264 uint32_t ipsa_dstaddr
[IPSA_MAX_ADDRLEN
];
265 uint32_t ipsa_innersrc
[IPSA_MAX_ADDRLEN
];
266 uint32_t ipsa_innerdst
[IPSA_MAX_ADDRLEN
];
268 uint8_t ipsa_innersrcpfx
;
269 uint8_t ipsa_innerdstpfx
;
271 uint16_t ipsa_inbound_cksum
; /* cksum correction for inbound packets */
272 uint16_t ipsa_local_nat_port
; /* Local NAT-T port. (0 --> 4500) */
273 uint16_t ipsa_remote_nat_port
; /* The other port that isn't 4500 */
275 /* these can only be v4 */
276 uint32_t ipsa_natt_addr_loc
;
277 uint32_t ipsa_natt_addr_rem
;
280 * icmp type and code. *_end are to specify ranges. if only
281 * a single value, * and *_end are the same value.
283 uint8_t ipsa_icmp_type
;
284 uint8_t ipsa_icmp_type_end
;
285 uint8_t ipsa_icmp_code
;
286 uint8_t ipsa_icmp_code_end
;
289 * For the kernel crypto framework.
291 crypto_key_t ipsa_kcfauthkey
; /* authentication key */
292 crypto_key_t ipsa_kcfencrkey
; /* encryption key */
293 crypto_ctx_template_t ipsa_authtmpl
; /* auth context template */
294 crypto_ctx_template_t ipsa_encrtmpl
; /* encr context template */
295 crypto_mechanism_t ipsa_amech
; /* auth mech type and ICV len */
296 crypto_mechanism_t ipsa_emech
; /* encr mech type */
297 size_t ipsa_mac_len
; /* auth MAC/ICV length */
298 size_t ipsa_iv_len
; /* encr IV length */
299 size_t ipsa_datalen
; /* block length in bytes. */
302 * Input and output processing functions called from IP.
303 * The mblk_t is the data; the IPsec information is in the attributes
304 * Returns NULL if the mblk is consumed which it is if there was
305 * a failure or if pending. If failure then
306 * the ipIfInDiscards/OutDiscards counters are increased.
308 mblk_t
*(*ipsa_output_func
)(mblk_t
*, ip_xmit_attr_t
*);
309 mblk_t
*(*ipsa_input_func
)(mblk_t
*, void *, ip_recv_attr_t
*);
312 * Soft reference to paired SA
314 uint32_t ipsa_otherspi
;
315 netstack_t
*ipsa_netstack
; /* Does not have a netstack_hold */
317 uint8_t ipsa_mac_exempt
; /* MLS: mac exempt flag */
318 uchar_t ipsa_opt_storage
[IP_MAX_OPT_LENGTH
];
322 * ipsa_t address handling macros. We want these to be inlined, and deal
323 * with 32-bit words to avoid bcmp/bcopy calls.
325 * Assume we only have AF_INET and AF_INET6 addresses for now. Also assume
326 * that we have 32-bit alignment on everything.
328 #define IPSA_IS_ADDR_UNSPEC(addr, fam) ((((uint32_t *)(addr))[0] == 0) && \
329 (((fam) == AF_INET) || (((uint32_t *)(addr))[3] == 0 && \
330 ((uint32_t *)(addr))[2] == 0 && ((uint32_t *)(addr))[1] == 0)))
331 #define IPSA_ARE_ADDR_EQUAL(addr1, addr2, fam) \
332 ((((uint32_t *)(addr1))[0] == ((uint32_t *)(addr2))[0]) && \
333 (((fam) == AF_INET) || \
334 (((uint32_t *)(addr1))[3] == ((uint32_t *)(addr2))[3] && \
335 ((uint32_t *)(addr1))[2] == ((uint32_t *)(addr2))[2] && \
336 ((uint32_t *)(addr1))[1] == ((uint32_t *)(addr2))[1])))
337 #define IPSA_COPY_ADDR(dstaddr, srcaddr, fam) { \
338 ((uint32_t *)(dstaddr))[0] = ((uint32_t *)(srcaddr))[0]; \
339 if ((fam) == AF_INET6) {\
340 ((uint32_t *)(dstaddr))[1] = ((uint32_t *)(srcaddr))[1]; \
341 ((uint32_t *)(dstaddr))[2] = ((uint32_t *)(srcaddr))[2]; \
342 ((uint32_t *)(dstaddr))[3] = ((uint32_t *)(srcaddr))[3]; } }
345 * ipsa_t reference hold/release macros.
347 * If you have a pointer, you REFHOLD. If you are releasing a pointer, you
348 * REFRELE. An ipsa_t that is newly inserted into the table should have
349 * a reference count of 1 (for the table's pointer), plus 1 more for every
350 * pointer that is referencing the ipsa_t.
353 #define IPSA_REFHOLD(ipsa) { \
354 atomic_inc_32(&(ipsa)->ipsa_refcnt); \
355 ASSERT((ipsa)->ipsa_refcnt != 0); \
359 * Decrement the reference count on the SA.
360 * In architectures e.g sun4u, where atomic_add_32_nv is just
361 * a cas, we need to maintain the right memory barrier semantics
362 * as that of mutex_exit i.e all the loads and stores should complete
363 * before the cas is executed. membar_exit() does that here.
366 #define IPSA_REFRELE(ipsa) { \
367 ASSERT((ipsa)->ipsa_refcnt != 0); \
369 if (atomic_dec_32_nv(&(ipsa)->ipsa_refcnt) == 0) \
370 ((ipsa)->ipsa_freefunc)(ipsa); \
374 * Security association hash macros and definitions. For now, assume the
375 * IPsec model, and hash outbounds on destination address, and inbounds on
379 #define IPSEC_DEFAULT_HASH_SIZE 256
381 #define INBOUND_HASH(sadb, spi) ((spi) % ((sadb)->sdb_hashsize))
382 #define OUTBOUND_HASH_V4(sadb, v4addr) ((v4addr) % ((sadb)->sdb_hashsize))
383 #define OUTBOUND_HASH_V6(sadb, v6addr) OUTBOUND_HASH_V4((sadb), \
384 (*(uint32_t *)&(v6addr)) ^ (*(((uint32_t *)&(v6addr)) + 1)) ^ \
385 (*(((uint32_t *)&(v6addr)) + 2)) ^ (*(((uint32_t *)&(v6addr)) + 3)))
388 * Syntactic sugar to find the appropriate hash bucket directly.
391 #define INBOUND_BUCKET(sadb, spi) &(((sadb)->sdb_if)[INBOUND_HASH(sadb, spi)])
392 #define OUTBOUND_BUCKET_V4(sadb, v4addr) \
393 &(((sadb)->sdb_of)[OUTBOUND_HASH_V4(sadb, v4addr)])
394 #define OUTBOUND_BUCKET_V6(sadb, v6addr) \
395 &(((sadb)->sdb_of)[OUTBOUND_HASH_V6(sadb, v6addr)])
397 #define IPSA_F_PFS SADB_SAFLAGS_PFS /* PFS in use for this SA? */
398 #define IPSA_F_NOREPFLD SADB_SAFLAGS_NOREPLAY /* No replay field, for */
399 /* backward compat. */
400 #define IPSA_F_USED SADB_X_SAFLAGS_USED /* SA has been used. */
401 #define IPSA_F_UNIQUE SADB_X_SAFLAGS_UNIQUE /* SA is unique */
402 #define IPSA_F_AALG1 SADB_X_SAFLAGS_AALG1 /* Auth alg flag 1 */
403 #define IPSA_F_AALG2 SADB_X_SAFLAGS_AALG2 /* Auth alg flag 2 */
404 #define IPSA_F_EALG1 SADB_X_SAFLAGS_EALG1 /* Encrypt alg flag 1 */
405 #define IPSA_F_EALG2 SADB_X_SAFLAGS_EALG2 /* Encrypt alg flag 2 */
407 #define IPSA_F_ASYNC 0x200000 /* Call KCF asynchronously? */
408 #define IPSA_F_NATT_LOC SADB_X_SAFLAGS_NATT_LOC
409 #define IPSA_F_NATT_REM SADB_X_SAFLAGS_NATT_REM
410 #define IPSA_F_BEHIND_NAT SADB_X_SAFLAGS_NATTED
411 #define IPSA_F_NATT (SADB_X_SAFLAGS_NATT_LOC | SADB_X_SAFLAGS_NATT_REM | \
412 SADB_X_SAFLAGS_NATTED)
413 #define IPSA_F_CINVALID 0x40000 /* SA shouldn't be cached */
414 #define IPSA_F_PAIRED SADB_X_SAFLAGS_PAIRED /* SA is one of a pair */
415 #define IPSA_F_OUTBOUND SADB_X_SAFLAGS_OUTBOUND /* SA direction bit */
416 #define IPSA_F_INBOUND SADB_X_SAFLAGS_INBOUND /* SA direction bit */
417 #define IPSA_F_TUNNEL SADB_X_SAFLAGS_TUNNEL
419 * These flags are only defined here to prevent a flag value collision.
421 #define IPSA_F_COMBINED SADB_X_SAFLAGS_EALG1 /* Defined in pfkeyv2.h */
422 #define IPSA_F_COUNTERMODE SADB_X_SAFLAGS_EALG2 /* Defined in pfkeyv2.h */
425 * Sets of flags that are allowed to by set or modified by PF_KEY apps.
427 #define AH_UPDATE_SETTABLE_FLAGS \
428 (SADB_X_SAFLAGS_PAIRED | SADB_SAFLAGS_NOREPLAY | \
429 SADB_X_SAFLAGS_OUTBOUND | SADB_X_SAFLAGS_INBOUND | \
430 SADB_X_SAFLAGS_KM1 | SADB_X_SAFLAGS_KM2 | \
431 SADB_X_SAFLAGS_KM3 | SADB_X_SAFLAGS_KM4)
433 /* AH can't set NAT flags (or even use NAT). Add NAT flags to the ESP set. */
434 #define ESP_UPDATE_SETTABLE_FLAGS (AH_UPDATE_SETTABLE_FLAGS | IPSA_F_NATT)
436 #define AH_ADD_SETTABLE_FLAGS \
437 (AH_UPDATE_SETTABLE_FLAGS | SADB_X_SAFLAGS_AALG1 | \
438 SADB_X_SAFLAGS_AALG2 | SADB_X_SAFLAGS_TUNNEL | \
439 SADB_SAFLAGS_NOREPLAY)
441 /* AH can't set NAT flags (or even use NAT). Add NAT flags to the ESP set. */
442 #define ESP_ADD_SETTABLE_FLAGS (AH_ADD_SETTABLE_FLAGS | IPSA_F_NATT | \
443 SADB_X_SAFLAGS_EALG1 | SADB_X_SAFLAGS_EALG2)
447 /* SA states are important for handling UPDATE PF_KEY messages. */
448 #define IPSA_STATE_LARVAL SADB_SASTATE_LARVAL
449 #define IPSA_STATE_MATURE SADB_SASTATE_MATURE
450 #define IPSA_STATE_DYING SADB_SASTATE_DYING
451 #define IPSA_STATE_DEAD SADB_SASTATE_DEAD
452 #define IPSA_STATE_IDLE SADB_X_SASTATE_IDLE
453 #define IPSA_STATE_ACTIVE_ELSEWHERE SADB_X_SASTATE_ACTIVE_ELSEWHERE
456 * NOTE: If the document authors do things right in defining algorithms, we'll
457 * probably have flags for what all is here w.r.t. replay, ESP w/HMAC,
461 #define IPSA_T_ACQUIRE SEC_TYPE_NONE /* If this typed returned, sa needed */
462 #define IPSA_T_AH SEC_TYPE_AH /* IPsec AH association */
463 #define IPSA_T_ESP SEC_TYPE_ESP /* IPsec ESP association */
465 #define IPSA_AALG_NONE SADB_AALG_NONE /* No auth. algorithm */
466 #define IPSA_AALG_MD5H SADB_AALG_MD5HMAC /* MD5-HMAC algorithm */
467 #define IPSA_AALG_SHA1H SADB_AALG_SHA1HMAC /* SHA1-HMAC algorithm */
469 #define IPSA_EALG_NONE SADB_EALG_NONE /* No encryption algorithm */
470 #define IPSA_EALG_DES_CBC SADB_EALG_DESCBC
471 #define IPSA_EALG_3DES SADB_EALG_3DESCBC
474 * Protect each ipsa_t bucket (and linkage) with a lock.
477 typedef struct isaf_s
{
484 * ACQUIRE record. If AH/ESP/whatever cannot find an association for outbound
485 * traffic, it sends up an SADB_ACQUIRE message and create an ACQUIRE record.
488 #define IPSACQ_MAXPACKETS 4 /* Number of packets that can be queued up */
489 /* waiting for an ACQUIRE to finish. */
491 typedef struct ipsacq_s
{
492 struct ipsacq_s
*ipsacq_next
;
493 struct ipsacq_s
**ipsacq_ptpn
;
494 kmutex_t
*ipsacq_linklock
;
495 struct ipsec_policy_s
*ipsacq_policy
;
496 struct ipsec_action_s
*ipsacq_act
;
498 sa_family_t ipsacq_addrfam
; /* Address family. */
499 sa_family_t ipsacq_inneraddrfam
; /* Inner-packet address family. */
500 int ipsacq_numpackets
; /* How many packets queued up so far. */
501 uint32_t ipsacq_seq
; /* PF_KEY sequence number. */
502 uint64_t ipsacq_unique_id
; /* Unique ID for SAs that need it. */
504 kmutex_t ipsacq_lock
; /* Protects non-linkage fields. */
505 time_t ipsacq_expire
; /* Wall-clock time when this record expires. */
506 mblk_t
*ipsacq_mp
; /* List of datagrams waiting for an SA. */
508 /* These two point inside the last mblk inserted. */
509 uint32_t *ipsacq_srcaddr
;
510 uint32_t *ipsacq_dstaddr
;
512 /* Cache these instead of point so we can mask off accordingly */
513 uint32_t ipsacq_innersrc
[IPSA_MAX_ADDRLEN
];
514 uint32_t ipsacq_innerdst
[IPSA_MAX_ADDRLEN
];
516 /* These may change per-acquire. */
517 uint16_t ipsacq_srcport
;
518 uint16_t ipsacq_dstport
;
519 uint8_t ipsacq_proto
;
520 uint8_t ipsacq_inner_proto
;
521 uint8_t ipsacq_innersrcpfx
;
522 uint8_t ipsacq_innerdstpfx
;
524 /* icmp type and code of triggering packet (if applicable) */
525 uint8_t ipsacq_icmp_type
;
526 uint8_t ipsacq_icmp_code
;
531 * Kernel-generated sequence numbers will be no less than 0x80000000 to
532 * forestall any cretinous problems with manual keying accidentally updating
535 #define IACQF_LOWEST_SEQ 0x80000000
537 #define SADB_AGE_INTERVAL_DEFAULT 8000
540 * ACQUIRE fanout. Protect each linkage with a lock.
543 typedef struct iacqf_s
{
544 ipsacq_t
*iacqf_ipsacq
;
549 * A (network protocol, ipsec protocol) specific SADB.
550 * (i.e., one each for {ah, esp} and {v4, v6}.
552 * Keep outbound assocs in a simple hash table for now.
553 * One danger point, multiple SAs for a single dest will clog a bucket.
554 * For the future, consider two-level hashing (2nd hash on IPC?), then probe.
557 typedef struct sadb_s
566 * A pair of SADB's (one for v4, one for v6), and related state (including
567 * acquire callbacks).
570 typedef struct sadbp_s
573 uint32_t *s_acquire_timeout
;
574 void (*s_acqfn
)(ipsacq_t
*, mblk_t
*, netstack_t
*);
578 uint32_t s_updateflags
;
582 * A pair of SA's for a single connection, the structure contains a
583 * pointer to a SA and the SA its paired with (opposite direction) as well
584 * as the SA's respective hash buckets.
586 typedef struct ipsap_s
588 boolean_t in_inbound_table
;
589 isaf_t
*ipsap_bucket
;
590 ipsa_t
*ipsap_sa_ptr
;
591 isaf_t
*ipsap_pbucket
;
592 ipsa_t
*ipsap_psa_ptr
;
595 typedef struct templist_s
598 struct templist_s
*next
;
601 /* Pointer to an all-zeroes IPv6 address. */
602 #define ALL_ZEROES_PTR ((uint32_t *)&ipv6_all_zeros)
605 * Form unique id from ip_xmit_attr_t.
607 #define SA_FORM_UNIQUE_ID(ixa) \
608 SA_UNIQUE_ID((ixa)->ixa_ipsec_src_port, (ixa)->ixa_ipsec_dst_port, \
609 (((ixa)->ixa_flags & IXAF_IPSEC_TUNNEL) ? \
610 ((ixa)->ixa_ipsec_inaf == AF_INET6 ? \
611 IPPROTO_IPV6 : IPPROTO_ENCAP) : \
612 (ixa)->ixa_ipsec_proto), \
613 (((ixa)->ixa_flags & IXAF_IPSEC_TUNNEL) ? \
614 (ixa)->ixa_ipsec_proto : 0))
617 * This macro is used to generate unique ids (along with the addresses, both
618 * inner and outer) for outbound datagrams that require unique SAs.
620 * N.B. casts and unsigned shift amounts discourage unwarranted
621 * sign extension of dstport, proto, and iproto.
623 * Unique ID is 64-bits allocated as follows (pardon my big-endian bias):
627 * +---------------*-------+-------+--------------+---------------+
628 * | MUST-BE-ZERO |<iprot>|<proto>| <src port> | <dest port> |
629 * +---------------*-------+-------+--------------+---------------+
631 * If there are inner addresses (tunnel mode) the ports come from the
632 * inner addresses. If there are no inner addresses, the ports come from
633 * the outer addresses (transport mode). Tunnel mode MUST have <proto>
634 * set to either IPPROTO_ENCAP or IPPPROTO_IPV6.
636 #define SA_UNIQUE_ID(srcport, dstport, proto, iproto) \
637 ((srcport) | ((uint64_t)(dstport) << 16U) | \
638 ((uint64_t)(proto) << 32U) | ((uint64_t)(iproto) << 40U))
641 * SA_UNIQUE_MASK generates a mask value to use when comparing the unique value
642 * from a packet to an SA.
645 #define SA_UNIQUE_MASK(srcport, dstport, proto, iproto) \
646 SA_UNIQUE_ID((srcport != 0) ? 0xffff : 0, \
647 (dstport != 0) ? 0xffff : 0, \
648 (proto != 0) ? 0xff : 0, \
649 (iproto != 0) ? 0xff : 0)
652 * Decompose unique id back into its original fields.
654 #define SA_IPROTO(ipsa) ((ipsa)->ipsa_unique_id>>40)&0xff
655 #define SA_PROTO(ipsa) ((ipsa)->ipsa_unique_id>>32)&0xff
656 #define SA_SRCPORT(ipsa) ((ipsa)->ipsa_unique_id & 0xffff)
657 #define SA_DSTPORT(ipsa) (((ipsa)->ipsa_unique_id >> 16) & 0xffff)
659 typedef struct ipsa_query_s ipsa_query_t
;
661 typedef boolean_t (*ipsa_match_fn_t
)(ipsa_query_t
*, ipsa_t
*);
663 #define IPSA_NMATCH 10
666 * SADB query structure.
668 * Provide a generalized mechanism for matching entries in the SADB;
669 * one of these structures is initialized using sadb_form_query(),
670 * and then can be used as a parameter to sadb_match_query() which returns
671 * B_TRUE if the SA matches the query.
673 * Under the covers, sadb_form_query populates the matchers[] array with
674 * functions which are called one at a time until one fails to match.
676 struct ipsa_query_s
{
678 sadb_address_t
*srcext
, *dstext
;
679 sadb_ident_t
*srcid
, *dstid
;
680 sadb_x_kmc_t
*kmcext
;
683 struct sockaddr_in
*src
;
684 struct sockaddr_in6
*src6
;
685 struct sockaddr_in
*dst
;
686 struct sockaddr_in6
*dst6
;
688 uint32_t *srcaddr
, *dstaddr
;
691 char *didstr
, *sidstr
;
692 uint16_t didtype
, sidtype
;
695 isaf_t
*inbound
, *outbound
;
698 ipsa_match_fn_t matchers
[IPSA_NMATCH
];
701 #define IPSA_Q_SA 0x00000001
702 #define IPSA_Q_DST 0x00000002
703 #define IPSA_Q_SRC 0x00000004
704 #define IPSA_Q_DSTID 0x00000008
705 #define IPSA_Q_SRCID 0x00000010
706 #define IPSA_Q_KMC 0x00000020
707 #define IPSA_Q_INBOUND 0x00000040 /* fill in inbound isaf_t */
708 #define IPSA_Q_OUTBOUND 0x00000080 /* fill in outbound isaf_t */
710 int sadb_form_query(keysock_in_t
*, uint32_t, uint32_t, ipsa_query_t
*, int *);
711 boolean_t
sadb_match_query(ipsa_query_t
*q
, ipsa_t
*sa
);
715 * All functions that return an ipsa_t will return it with IPSA_REFHOLD()
719 /* SA retrieval (inbound and outbound) */
720 ipsa_t
*ipsec_getassocbyspi(isaf_t
*, uint32_t, uint32_t *, uint32_t *,
722 ipsa_t
*ipsec_getassocbyconn(isaf_t
*, ip_xmit_attr_t
*, uint32_t *, uint32_t *,
723 sa_family_t
, uint8_t);
726 int sadb_insertassoc(ipsa_t
*, isaf_t
*);
728 /* SA table construction and destruction. */
729 void sadbp_init(const char *name
, sadbp_t
*, int, int, netstack_t
*);
730 void sadbp_flush(sadbp_t
*, netstack_t
*);
731 void sadbp_destroy(sadbp_t
*, netstack_t
*);
733 /* SA insertion and deletion. */
734 int sadb_insertassoc(ipsa_t
*, isaf_t
*);
735 void sadb_unlinkassoc(ipsa_t
*);
737 /* Support routines to interface a keysock consumer to PF_KEY. */
738 mblk_t
*sadb_keysock_out(minor_t
);
739 int sadb_hardsoftchk(sadb_lifetime_t
*, sadb_lifetime_t
*, sadb_lifetime_t
*);
740 void sadb_pfkey_echo(queue_t
*, mblk_t
*, sadb_msg_t
*, struct keysock_in_s
*,
742 void sadb_pfkey_error(queue_t
*, mblk_t
*, int, int, uint_t
);
743 void sadb_keysock_hello(queue_t
**, queue_t
*, mblk_t
*, void (*)(void *),
744 void *, timeout_id_t
*, int);
745 int sadb_addrcheck(queue_t
*, mblk_t
*, sadb_ext_t
*, uint_t
, netstack_t
*);
746 boolean_t
sadb_addrfix(keysock_in_t
*, queue_t
*, mblk_t
*, netstack_t
*);
747 int sadb_addrset(ire_t
*);
748 int sadb_delget_sa(mblk_t
*, keysock_in_t
*, sadbp_t
*, int *, queue_t
*,
751 int sadb_purge_sa(mblk_t
*, keysock_in_t
*, sadb_t
*, int *, queue_t
*);
752 int sadb_common_add(queue_t
*, mblk_t
*, sadb_msg_t
*,
753 keysock_in_t
*, isaf_t
*, isaf_t
*, ipsa_t
*, boolean_t
, boolean_t
, int *,
754 netstack_t
*, sadbp_t
*);
755 void sadb_set_usetime(ipsa_t
*);
756 boolean_t
sadb_age_bytes(queue_t
*, ipsa_t
*, uint64_t, boolean_t
);
757 int sadb_update_sa(mblk_t
*, keysock_in_t
*, mblk_t
**, sadbp_t
*,
758 int *, queue_t
*, int (*)(mblk_t
*, keysock_in_t
*, int *, netstack_t
*),
759 netstack_t
*, uint8_t);
760 void sadb_acquire(mblk_t
*, ip_xmit_attr_t
*, boolean_t
, boolean_t
);
761 void gcm_params_init(ipsa_t
*, uchar_t
*, uint_t
, uchar_t
*, ipsa_cm_mech_t
*,
763 void ccm_params_init(ipsa_t
*, uchar_t
*, uint_t
, uchar_t
*, ipsa_cm_mech_t
*,
765 void cbc_params_init(ipsa_t
*, uchar_t
*, uint_t
, uchar_t
*, ipsa_cm_mech_t
*,
768 void sadb_destroy_acquire(ipsacq_t
*, netstack_t
*);
770 mblk_t
*sadb_setup_acquire(ipsacq_t
*, uint8_t, struct ipsec_stack
*);
771 ipsa_t
*sadb_getspi(keysock_in_t
*, uint32_t, int *, netstack_t
*);
772 void sadb_in_acquire(sadb_msg_t
*, sadbp_t
*, queue_t
*, netstack_t
*);
773 boolean_t
sadb_replay_check(ipsa_t
*, uint32_t);
774 boolean_t
sadb_replay_peek(ipsa_t
*, uint32_t);
775 int sadb_dump(queue_t
*, mblk_t
*, keysock_in_t
*, sadb_t
*);
776 void sadb_replay_delete(ipsa_t
*);
777 void sadb_ager(sadb_t
*, queue_t
*, int, netstack_t
*);
779 timeout_id_t
sadb_retimeout(hrtime_t
, queue_t
*, void (*)(void *), void *,
780 uint_t
*, uint_t
, short);
781 void sadb_sa_refrele(void *target
);
782 mblk_t
*sadb_set_lpkt(ipsa_t
*, mblk_t
*, ip_recv_attr_t
*);
783 mblk_t
*sadb_clear_lpkt(ipsa_t
*);
784 void sadb_buf_pkt(ipsa_t
*, mblk_t
*, ip_recv_attr_t
*);
785 void sadb_clear_buf_pkt(void *ipkt
);
787 /* Note that buf_pkt is the product of ip_recv_attr_to_mblk() */
788 #define HANDLE_BUF_PKT(taskq, stack, dropper, buf_pkt) \
790 if (buf_pkt != NULL) { \
791 if (taskq_dispatch(taskq, sadb_clear_buf_pkt, \
792 (void *) buf_pkt, TQ_NOSLEEP) == 0) { \
793 /* Dispatch was unsuccessful drop the packets. */ \
795 while (buf_pkt != NULL) { \
796 tmp = buf_pkt->b_next; \
797 buf_pkt->b_next = NULL; \
798 buf_pkt = ip_recv_attr_free_mblk(buf_pkt); \
799 ip_drop_packet(buf_pkt, B_TRUE, NULL, \
801 ipds_sadb_inidle_timeout), \
810 * Two IPsec rate-limiting routines.
813 extern void ipsec_rl_strlog(netstack_t
*, short, short, char,
814 ushort_t
, char *, ...)
816 extern void ipsec_assocfailure(short, short, char, ushort_t
, char *, uint32_t,
817 void *, int, netstack_t
*);
823 #define IPSEC_NALGTYPES 2
825 typedef enum ipsec_algtype
{
832 * Definitions as per IPsec/ISAKMP DOI.
835 #define IPSEC_MAX_ALGS 256
836 #define PROTO_IPSEC_AH 2
837 #define PROTO_IPSEC_ESP 3
840 * Common algorithm info.
842 typedef struct ipsec_alginfo
846 uint16_t *alg_key_sizes
;
847 uint16_t *alg_block_sizes
;
848 uint16_t *alg_params
;
849 uint16_t alg_nkey_sizes
;
853 uint16_t alg_nblock_sizes
;
854 uint16_t alg_nparams
;
855 uint16_t alg_minbits
;
856 uint16_t alg_maxbits
;
857 uint16_t alg_datalen
;
859 * increment: number of bits from keysize to keysize
860 * default: # of increments from min to default key len
862 uint16_t alg_increment
;
863 uint16_t alg_default
;
864 uint16_t alg_default_bits
;
866 * Min, max, and default key sizes effectively supported
867 * by the encryption framework.
869 uint16_t alg_ef_minbits
;
870 uint16_t alg_ef_maxbits
;
871 uint16_t alg_ef_default
;
872 uint16_t alg_ef_default_bits
;
874 crypto_mech_type_t alg_mech_type
; /* KCF mechanism type */
875 crypto_mech_name_t alg_mech_name
; /* KCF mechanism name */
878 #define alg_datalen alg_block_sizes[0]
879 #define ALG_VALID(_alg) ((_alg)->alg_flags & ALG_FLAG_VALID)
882 * Software crypto execution mode.
885 IPSEC_ALGS_EXEC_SYNC
= 0,
886 IPSEC_ALGS_EXEC_ASYNC
= 1
887 } ipsec_algs_exec_mode_t
;
889 extern void ipsec_alg_reg(ipsec_algtype_t
, ipsec_alginfo_t
*, netstack_t
*);
890 extern void ipsec_alg_unreg(ipsec_algtype_t
, uint8_t, netstack_t
*);
891 extern void ipsec_alg_fix_min_max(ipsec_alginfo_t
*, ipsec_algtype_t
,
893 extern void alg_flag_check(ipsec_alginfo_t
*);
894 extern void ipsec_alg_free(ipsec_alginfo_t
*);
895 extern void ipsec_register_prov_update(void);
896 extern void sadb_alg_update(ipsec_algtype_t
, uint8_t, boolean_t
, netstack_t
*);
899 * Context templates management.
902 #define IPSEC_CTX_TMPL_ALLOC ((crypto_ctx_template_t)-1)
903 #define IPSEC_CTX_TMPL(_sa, _which, _type, _tmpl) { \
904 if ((_tmpl = (_sa)->_which) == IPSEC_CTX_TMPL_ALLOC) { \
905 mutex_enter(&assoc->ipsa_lock); \
906 if ((_sa)->_which == IPSEC_CTX_TMPL_ALLOC) { \
907 ipsec_stack_t *ipss; \
909 ipss = assoc->ipsa_netstack->netstack_ipsec; \
910 mutex_enter(&ipss->ipsec_alg_lock); \
911 (void) ipsec_create_ctx_tmpl(_sa, _type); \
912 mutex_exit(&ipss->ipsec_alg_lock); \
914 mutex_exit(&assoc->ipsa_lock); \
915 if ((_tmpl = (_sa)->_which) == IPSEC_CTX_TMPL_ALLOC) \
920 extern int ipsec_create_ctx_tmpl(ipsa_t
*, ipsec_algtype_t
);
921 extern void ipsec_destroy_ctx_tmpl(ipsa_t
*, ipsec_algtype_t
);
924 extern int ipsec_check_key(crypto_mech_type_t
, sadb_key_t
*, boolean_t
, int *);
926 typedef struct ipsec_kstats_s
{
927 kstat_named_t esp_stat_in_requests
;
928 kstat_named_t esp_stat_in_discards
;
929 kstat_named_t esp_stat_lookup_failure
;
930 kstat_named_t ah_stat_in_requests
;
931 kstat_named_t ah_stat_in_discards
;
932 kstat_named_t ah_stat_lookup_failure
;
933 kstat_named_t sadb_acquire_maxpackets
;
934 kstat_named_t sadb_acquire_qhiwater
;
938 * (ipss)->ipsec_kstats is equal to (ipss)->ipsec_ksp->ks_data if
939 * kstat_create_netstack for (ipss)->ipsec_ksp succeeds, but when it
940 * fails, it will be NULL. Note this is done for all stack instances,
941 * so it *could* fail. hence a non-NULL checking is done for
942 * IP_ESP_BUMP_STAT, IP_AH_BUMP_STAT and IP_ACQUIRE_STAT
944 #define IP_ESP_BUMP_STAT(ipss, x) \
946 if ((ipss)->ipsec_kstats != NULL) \
947 ((ipss)->ipsec_kstats->esp_stat_ ## x).value.ui64++; \
951 #define IP_AH_BUMP_STAT(ipss, x) \
953 if ((ipss)->ipsec_kstats != NULL) \
954 ((ipss)->ipsec_kstats->ah_stat_ ## x).value.ui64++; \
958 #define IP_ACQUIRE_STAT(ipss, val, new) \
960 if ((ipss)->ipsec_kstats != NULL && \
961 ((uint64_t)(new)) > \
962 ((ipss)->ipsec_kstats->sadb_acquire_ ## val).value.ui64) \
963 ((ipss)->ipsec_kstats->sadb_acquire_ ## val).value.ui64 = \
973 #endif /* _INET_SADB_H */