1 /*
2 * Copyright (c) 2008-2023 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /* $FreeBSD: src/sys/netinet6/ah_input.c,v 1.1.2.6 2002/04/28 05:40:26 suz Exp $ */
30 /* $KAME: ah_input.c,v 1.67 2002/01/07 11:39:56 kjc Exp $ */
31
32 /*
33 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
34 * All rights reserved.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 3. Neither the name of the project nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 */
60
61 /*
62 * RFC1826/2402 authentication header.
63 */
64
65 #include <sys/param.h>
66 #include <sys/systm.h>
67 #include <sys/malloc.h>
68 #include <sys/mbuf.h>
69 #include <sys/mcache.h>
70 #include <sys/domain.h>
71 #include <sys/protosw.h>
72 #include <sys/socket.h>
73 #include <sys/errno.h>
74 #include <sys/time.h>
75 #include <sys/kernel.h>
76 #include <sys/syslog.h>
77
78 #include <net/if.h>
79 #include <net/if_ipsec.h>
80 #include <net/route.h>
81 #include <kern/cpu_number.h>
82 #include <kern/locks.h>
83
84 #include <netinet/in.h>
85 #include <netinet/in_systm.h>
86 #include <netinet/in_var.h>
87 #include <netinet/ip.h>
88 #include <netinet/ip_var.h>
89 #include <netinet/ip_ecn.h>
90 #include <netinet/in_pcb.h>
91 #include <netinet6/ip6_ecn.h>
92
93 #include <netinet/ip6.h>
94 #include <netinet6/ip6_var.h>
95 #include <netinet6/in6_pcb.h>
96 #include <netinet/icmp6.h>
97 #include <netinet6/ip6protosw.h>
98
99 #include <netinet6/ipsec.h>
100 #include <netinet6/ipsec6.h>
101 #include <netinet6/ah.h>
102 #include <netinet6/ah6.h>
103 #include <netkey/key.h>
104 #include <netkey/keydb.h>
105 #if IPSEC_DEBUG
106 #include <netkey/key_debug.h>
107 #else
108 #define KEYDEBUG(lev, arg)
109 #endif
110
111 #include <net/kpi_protocol.h>
112 #include <netinet/kpi_ipfilter_var.h>
113 #include <mach/sdt.h>
114
115 #include <net/net_osdep.h>
116
117 #define IPLEN_FLIPPED
118
119 #if INET
120 void
ah4_input(struct mbuf * m,int off)121 ah4_input(struct mbuf *m, int off)
122 {
123 struct ip *ip;
124 struct ah *ah;
125 u_int32_t spi;
126 const struct ah_algorithm *algo;
127 size_t siz;
128 size_t siz1;
129 u_char *cksum;
130 struct secasvar *sav = NULL;
131 u_int16_t nxt;
132 u_int8_t hlen;
133 size_t stripsiz = 0;
134 sa_family_t ifamily;
135
136 if (m->m_len < off + sizeof(struct newah)) {
137 m = m_pullup(m, off + sizeof(struct newah));
138 if (!m) {
139 ipseclog((LOG_DEBUG, "IPv4 AH input: can't pullup;"
140 "dropping the packet for simplicity\n"));
141 IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
142 goto fail;
143 }
144 }
145
146 /* Expect 32-bit aligned data pointer on strict-align platforms */
147 MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
148
149 ip = mtod(m, struct ip *);
150 ah = (struct ah *)(void *)(((caddr_t)ip) + off);
151 nxt = ah->ah_nxt;
152 #ifdef _IP_VHL
153 hlen = (u_int8_t)(IP_VHL_HL(ip->ip_vhl) << 2);
154 #else
155 hlen = (u_int8_t)(ip->ip_hl << 2);
156 #endif
157
158 /* find the sassoc. */
159 spi = ah->ah_spi;
160
161 if ((sav = key_allocsa(AF_INET,
162 (caddr_t)&ip->ip_src, (caddr_t)&ip->ip_dst, IFSCOPE_NONE,
163 IPPROTO_AH, spi)) == 0) {
164 ipseclog((LOG_WARNING,
165 "IPv4 AH input: no key association found for spi %u\n",
166 (u_int32_t)ntohl(spi)));
167 IPSEC_STAT_INCREMENT(ipsecstat.in_nosa);
168 goto fail;
169 }
170 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
171 printf("DP ah4_input called to allocate SA:0x%llx\n",
172 (uint64_t)VM_KERNEL_ADDRPERM(sav)));
173 if (sav->state != SADB_SASTATE_MATURE
174 && sav->state != SADB_SASTATE_DYING) {
175 ipseclog((LOG_DEBUG,
176 "IPv4 AH input: non-mature/dying SA found for spi %u\n",
177 (u_int32_t)ntohl(spi)));
178 IPSEC_STAT_INCREMENT(ipsecstat.in_badspi);
179 goto fail;
180 }
181
182 algo = ah_algorithm_lookup(sav->alg_auth);
183 if (!algo) {
184 ipseclog((LOG_DEBUG, "IPv4 AH input: "
185 "unsupported authentication algorithm for spi %u\n",
186 (u_int32_t)ntohl(spi)));
187 IPSEC_STAT_INCREMENT(ipsecstat.in_badspi);
188 goto fail;
189 }
190
191 siz = (*algo->sumsiz)(sav);
192 siz1 = ((siz + 3) & ~(4 - 1));
193
194 /*
195 * sanity checks for header, 1.
196 */
197 {
198 int sizoff;
199
200 sizoff = (sav->flags & SADB_X_EXT_OLD) ? 0 : 4;
201
202 /*
203 * Here, we do not do "siz1 == siz". This is because the way
204 * RFC240[34] section 2 is written. They do not require truncation
205 * to 96 bits.
206 * For example, Microsoft IPsec stack attaches 160 bits of
207 * authentication data for both hmac-md5 and hmac-sha1. For hmac-sha1,
208 * 32 bits of padding is attached.
209 *
210 * There are two downsides to this specification.
211 * They have no real harm, however, they leave us fuzzy feeling.
212 * - if we attach more than 96 bits of authentication data onto AH,
213 * we will never notice about possible modification by rogue
214 * intermediate nodes.
215 * Since extra bits in AH checksum is never used, this constitutes
216 * no real issue, however, it is wacky.
217 * - even if the peer attaches big authentication data, we will never
218 * notice the difference, since longer authentication data will just
219 * work.
220 *
221 * We may need some clarification in the spec.
222 */
223 if (siz1 < siz) {
224 ipseclog((LOG_NOTICE, "sum length too short in IPv4 AH input "
225 "(%u, should be at least %u): %s\n",
226 (u_int32_t)siz1, (u_int32_t)siz,
227 ipsec4_logpacketstr(ip, spi)));
228 IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
229 goto fail;
230 }
231 if ((ah->ah_len << 2) - sizoff != siz1) {
232 ipseclog((LOG_NOTICE, "sum length mismatch in IPv4 AH input "
233 "(%d should be %u): %s\n",
234 (ah->ah_len << 2) - sizoff, (u_int32_t)siz1,
235 ipsec4_logpacketstr(ip, spi)));
236 IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
237 goto fail;
238 }
239
240 if (m->m_len < off + sizeof(struct ah) + sizoff + siz1) {
241 VERIFY((off + sizeof(struct ah) + sizoff + siz1) <= INT_MAX);
242 m = m_pullup(m, (int)(off + sizeof(struct ah) + sizoff + siz1));
243 if (!m) {
244 ipseclog((LOG_DEBUG, "IPv4 AH input: can't pullup\n"));
245 IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
246 goto fail;
247 }
248 /* Expect 32-bit aligned data ptr on strict-align platforms */
249 MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
250
251 ip = mtod(m, struct ip *);
252 ah = (struct ah *)(void *)(((caddr_t)ip) + off);
253 }
254 }
255
256 /*
257 * check for sequence number.
258 */
259 if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay[0] != NULL) {
260 if (ipsec_chkreplay(ntohl(((struct newah *)ah)->ah_seq), sav, 0)) {
261 ; /*okey*/
262 } else {
263 IPSEC_STAT_INCREMENT(ipsecstat.in_ahreplay);
264 ipseclog((LOG_WARNING,
265 "replay packet in IPv4 AH input: %s %s\n",
266 ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
267 goto fail;
268 }
269 }
270
271 /*
272 * alright, it seems sane. now we are going to check the
273 * cryptographic checksum.
274 */
275 cksum = (u_char *)kalloc_data(siz1, Z_NOWAIT);
276 if (!cksum) {
277 ipseclog((LOG_DEBUG, "IPv4 AH input: "
278 "couldn't alloc temporary region for cksum\n"));
279 IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
280 goto fail;
281 }
282
283 /*
284 * some of IP header fields are flipped to the host endian.
285 * convert them back to network endian. VERY stupid.
286 */
287 if ((ip->ip_len + hlen) > UINT16_MAX) {
288 ipseclog((LOG_DEBUG, "IPv4 AH input: "
289 "bad length ip header len %u, total len %u\n",
290 ip->ip_len, hlen));
291 IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
292 goto fail;
293 }
294
295 ip->ip_len = htons((u_int16_t)(ip->ip_len + hlen));
296 ip->ip_off = htons(ip->ip_off);
297 if (ah4_calccksum(m, (caddr_t)cksum, siz1, algo, sav)) {
298 kfree_data(cksum, siz1);
299 IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
300 goto fail;
301 }
302 IPSEC_STAT_INCREMENT(ipsecstat.in_ahhist[sav->alg_auth]);
303 /*
304 * flip them back.
305 */
306 ip->ip_len = ntohs(ip->ip_len) - hlen;
307 ip->ip_off = ntohs(ip->ip_off);
308
309 {
310 caddr_t sumpos = NULL;
311
312 if (sav->flags & SADB_X_EXT_OLD) {
313 /* RFC 1826 */
314 sumpos = (caddr_t)(ah + 1);
315 } else {
316 /* RFC 2402 */
317 sumpos = (caddr_t)(((struct newah *)ah) + 1);
318 }
319
320 if (bcmp(sumpos, cksum, siz) != 0) {
321 ipseclog((LOG_WARNING,
322 "checksum mismatch in IPv4 AH input: %s %s\n",
323 ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
324 kfree_data(cksum, siz1);
325 IPSEC_STAT_INCREMENT(ipsecstat.in_ahauthfail);
326 goto fail;
327 }
328 }
329
330 kfree_data(cksum, siz1);
331
332 m->m_flags |= M_AUTHIPHDR;
333 m->m_flags |= M_AUTHIPDGM;
334
335 if (m->m_flags & M_AUTHIPHDR && m->m_flags & M_AUTHIPDGM) {
336 IPSEC_STAT_INCREMENT(ipsecstat.in_ahauthsucc);
337 } else {
338 ipseclog((LOG_WARNING,
339 "authentication failed in IPv4 AH input: %s %s\n",
340 ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
341 IPSEC_STAT_INCREMENT(ipsecstat.in_ahauthfail);
342 goto fail;
343 }
344
345 /*
346 * update sequence number.
347 */
348 if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay[0] != NULL) {
349 if (ipsec_updatereplay(ntohl(((struct newah *)ah)->ah_seq), sav, 0)) {
350 IPSEC_STAT_INCREMENT(ipsecstat.in_ahreplay);
351 goto fail;
352 }
353 }
354
355 /* was it transmitted over the IPsec tunnel SA? */
356 if (sav->flags & SADB_X_EXT_OLD) {
357 /* RFC 1826 */
358 stripsiz = sizeof(struct ah) + siz1;
359 } else {
360 /* RFC 2402 */
361 stripsiz = sizeof(struct newah) + siz1;
362 }
363 if (ipsec4_tunnel_validate(m, (int)(off + stripsiz), nxt, sav, &ifamily)) {
364 ifaddr_t ifa;
365 struct sockaddr_storage addr;
366 struct sockaddr_in *ipaddr;
367
368 /*
369 * strip off all the headers that precedes AH.
370 * IP xx AH IP' payload -> IP' payload
371 *
372 * XXX more sanity checks
373 * XXX relationship with gif?
374 */
375 u_int8_t tos, otos;
376 int sum;
377
378 if (ifamily == AF_INET6) {
379 ipseclog((LOG_NOTICE, "ipsec tunnel protocol mismatch "
380 "in IPv4 AH input: %s\n", ipsec_logsastr(sav)));
381 goto fail;
382 }
383 tos = ip->ip_tos;
384 m_adj(m, (int)(off + stripsiz));
385 if (m->m_len < sizeof(*ip)) {
386 m = m_pullup(m, sizeof(*ip));
387 if (!m) {
388 IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
389 goto fail;
390 }
391 }
392 ip = mtod(m, struct ip *);
393 otos = ip->ip_tos;
394 /* ECN consideration. */
395 if (ip_ecn_egress(ip4_ipsec_ecn, &tos, &ip->ip_tos) == 0) {
396 IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
397 goto fail;
398 }
399
400 if (otos != ip->ip_tos) {
401 sum = ~ntohs(ip->ip_sum) & 0xffff;
402 sum += (~otos & 0xffff) + ip->ip_tos;
403 sum = (sum >> 16) + (sum & 0xffff);
404 sum += (sum >> 16); /* add carry */
405 ip->ip_sum = htons(~sum & 0xffff);
406 }
407
408 if (!key_checktunnelsanity(sav, AF_INET,
409 (caddr_t)&ip->ip_src, (caddr_t)&ip->ip_dst)) {
410 ipseclog((LOG_NOTICE, "ipsec tunnel address mismatch "
411 "in IPv4 AH input: %s %s\n",
412 ipsec4_logpacketstr(ip, spi), ipsec_logsastr(sav)));
413 IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
414 goto fail;
415 }
416
417 #if 1
418 /*
419 * Should the inner packet be considered authentic?
420 * My current answer is: NO.
421 *
422 * host1 -- gw1 === gw2 -- host2
423 * In this case, gw2 can trust the authenticity of the
424 * outer packet, but NOT inner. Packet may be altered
425 * between host1 and gw1.
426 *
427 * host1 -- gw1 === host2
428 * This case falls into the same scenario as above.
429 *
430 * host1 === host2
431 * This case is the only case when we may be able to leave
432 * M_AUTHIPHDR and M_AUTHIPDGM set.
433 * However, if host1 is wrongly configured, and allows
434 * attacker to inject some packet with src=host1 and
435 * dst=host2, you are in risk.
436 */
437 m->m_flags &= ~M_AUTHIPHDR;
438 m->m_flags &= ~M_AUTHIPDGM;
439 #endif
440
441 key_sa_recordxfer(sav, m->m_pkthdr.len);
442 if (ipsec_incr_history_count(m, IPPROTO_AH, spi) != 0 ||
443 ipsec_incr_history_count(m, IPPROTO_IPV4, 0) != 0) {
444 IPSEC_STAT_INCREMENT(ipsecstat.in_nomem);
445 goto fail;
446 }
447
448 bzero(&addr, sizeof(addr));
449 ipaddr = (__typeof__(ipaddr)) & addr;
450 ipaddr->sin_family = AF_INET;
451 ipaddr->sin_len = sizeof(*ipaddr);
452 ipaddr->sin_addr = ip->ip_dst;
453
454 // update the receiving interface address based on the inner address
455 ifa = ifa_ifwithaddr((struct sockaddr *)&addr);
456 if (ifa) {
457 m->m_pkthdr.rcvif = ifa->ifa_ifp;
458 IFA_REMREF(ifa);
459 }
460
461 // Input via IPsec interface
462 lck_mtx_lock(sadb_mutex);
463 ifnet_t ipsec_if = sav->sah->ipsec_if;
464 if (ipsec_if != NULL) {
465 // If an interface is found, add a reference count before dropping the lock
466 ifnet_reference(ipsec_if);
467 }
468 lck_mtx_unlock(sadb_mutex);
469 if (ipsec_if != NULL) {
470 errno_t inject_error = ipsec_inject_inbound_packet(ipsec_if, m);
471 ifnet_release(ipsec_if);
472 if (inject_error == 0) {
473 m = NULL;
474 goto done;
475 } else {
476 goto fail;
477 }
478 }
479
480 if (proto_input(PF_INET, m) != 0) {
481 goto fail;
482 }
483 nxt = IPPROTO_DONE;
484 } else {
485 /*
486 * strip off AH.
487 */
488
489 ip = mtod(m, struct ip *);
490 /*
491 * We do deep-copy since KAME requires that
492 * the packet is placed in a single external mbuf.
493 */
494 ovbcopy((caddr_t)ip, (caddr_t)(((u_char *)ip) + stripsiz), off);
495 m->m_data += stripsiz;
496 m->m_len -= stripsiz;
497 m->m_pkthdr.len -= stripsiz;
498
499 if (m->m_len < sizeof(*ip)) {
500 m = m_pullup(m, sizeof(*ip));
501 if (m == NULL) {
502 IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
503 goto fail;
504 }
505 }
506 ip = mtod(m, struct ip *);
507 #ifdef IPLEN_FLIPPED
508 ip->ip_len = (u_short)(ip->ip_len - stripsiz);
509 #else
510 ip->ip_len = htons(ntohs(ip->ip_len) - stripsiz);
511 #endif
512 ip->ip_p = (u_char)nxt;
513 /* forget about IP hdr checksum, the check has already been passed */
514
515 key_sa_recordxfer(sav, m->m_pkthdr.len);
516 if (ipsec_incr_history_count(m, IPPROTO_AH, spi) != 0) {
517 IPSEC_STAT_INCREMENT(ipsecstat.in_nomem);
518 goto fail;
519 }
520
521 DTRACE_IP6(receive, struct mbuf *, m, struct inpcb *, NULL,
522 struct ip *, ip, struct ifnet *, m->m_pkthdr.rcvif,
523 struct ip *, ip, struct ip6_hdr *, NULL);
524
525 if (nxt != IPPROTO_DONE) {
526 // Input via IPsec interface
527 lck_mtx_lock(sadb_mutex);
528 ifnet_t ipsec_if = sav->sah->ipsec_if;
529 if (ipsec_if != NULL) {
530 // If an interface is found, add a reference count before dropping the lock
531 ifnet_reference(ipsec_if);
532 }
533 lck_mtx_unlock(sadb_mutex);
534 if (ipsec_if != NULL) {
535 ip->ip_len = htons(ip->ip_len + hlen);
536 ip->ip_off = htons(ip->ip_off);
537 ip->ip_sum = 0;
538 ip->ip_sum = ip_cksum_hdr_in(m, hlen);
539 errno_t inject_error = ipsec_inject_inbound_packet(ipsec_if, m);
540 ifnet_release(ipsec_if);
541 if (inject_error == 0) {
542 m = NULL;
543 goto done;
544 } else {
545 goto fail;
546 }
547 }
548
549 if ((ip_protox[nxt]->pr_flags & PR_LASTHDR) != 0 &&
550 ipsec4_in_reject(m, NULL)) {
551 IPSEC_STAT_INCREMENT(ipsecstat.in_polvio);
552 goto fail;
553 }
554 ip_proto_dispatch_in(m, off, (u_int8_t)nxt, 0);
555 } else {
556 m_freem(m);
557 }
558 m = NULL;
559 }
560 done:
561 if (sav) {
562 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
563 printf("DP ah4_input call free SA:0x%llx\n",
564 (uint64_t)VM_KERNEL_ADDRPERM(sav)));
565 key_freesav(sav, KEY_SADB_UNLOCKED);
566 }
567 IPSEC_STAT_INCREMENT(ipsecstat.in_success);
568 return;
569
570 fail:
571 if (sav) {
572 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
573 printf("DP ah4_input call free SA:0x%llx\n",
574 (uint64_t)VM_KERNEL_ADDRPERM(sav)));
575 key_freesav(sav, KEY_SADB_UNLOCKED);
576 }
577 if (m) {
578 m_freem(m);
579 }
580 return;
581 }
582 #endif /* INET */
583
584 int
ah6_input(struct mbuf ** mp,int * offp,int proto)585 ah6_input(struct mbuf **mp, int *offp, int proto)
586 {
587 #pragma unused(proto)
588 struct mbuf *m = *mp;
589 int off = *offp;
590 struct ip6_hdr *ip6 = NULL;
591 struct ah *ah = NULL;
592 u_int32_t spi = 0;
593 const struct ah_algorithm *algo = NULL;
594 size_t siz = 0;
595 size_t siz1 = 0;
596 u_char *cksum = NULL;
597 struct secasvar *sav = NULL;
598 u_int16_t nxt = IPPROTO_DONE;
599 size_t stripsiz = 0;
600 sa_family_t ifamily = AF_UNSPEC;
601
602 IP6_EXTHDR_CHECK(m, off, sizeof(struct ah), {return IPPROTO_DONE;});
603 ah = (struct ah *)(void *)(mtod(m, caddr_t) + off);
604 /* Expect 32-bit aligned data pointer on strict-align platforms */
605 MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
606
607 ip6 = mtod(m, struct ip6_hdr *);
608 nxt = ah->ah_nxt;
609
610 /* find the sassoc. */
611 spi = ah->ah_spi;
612
613 if (ntohs(ip6->ip6_plen) == 0) {
614 ipseclog((LOG_ERR, "IPv6 AH input: "
615 "AH with IPv6 jumbogram is not supported.\n"));
616 IPSEC_STAT_INCREMENT(ipsec6stat.in_inval);
617 goto fail;
618 }
619
620 if ((sav = key_allocsa(AF_INET6,
621 (caddr_t)&ip6->ip6_src, (caddr_t)&ip6->ip6_dst, ip6_input_getsrcifscope(m),
622 IPPROTO_AH, spi)) == 0) {
623 ipseclog((LOG_WARNING,
624 "IPv6 AH input: no key association found for spi %u\n",
625 (u_int32_t)ntohl(spi)));
626 IPSEC_STAT_INCREMENT(ipsec6stat.in_nosa);
627 goto fail;
628 }
629 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
630 printf("DP ah6_input called to allocate SA:0x%llx\n",
631 (uint64_t)VM_KERNEL_ADDRPERM(sav)));
632 if (sav->state != SADB_SASTATE_MATURE
633 && sav->state != SADB_SASTATE_DYING) {
634 ipseclog((LOG_DEBUG,
635 "IPv6 AH input: non-mature/dying SA found for spi %u; ",
636 (u_int32_t)ntohl(spi)));
637 IPSEC_STAT_INCREMENT(ipsec6stat.in_badspi);
638 goto fail;
639 }
640
641 algo = ah_algorithm_lookup(sav->alg_auth);
642 if (!algo) {
643 ipseclog((LOG_DEBUG, "IPv6 AH input: "
644 "unsupported authentication algorithm for spi %u\n",
645 (u_int32_t)ntohl(spi)));
646 IPSEC_STAT_INCREMENT(ipsec6stat.in_badspi);
647 goto fail;
648 }
649
650 siz = (*algo->sumsiz)(sav);
651 siz1 = ((siz + 3) & ~(4 - 1));
652
653 /*
654 * sanity checks for header, 1.
655 */
656 {
657 int sizoff;
658
659 sizoff = (sav->flags & SADB_X_EXT_OLD) ? 0 : 4;
660
661 /*
662 * Here, we do not do "siz1 == siz". See ah4_input() for complete
663 * description.
664 */
665 if (siz1 < siz) {
666 ipseclog((LOG_NOTICE, "sum length too short in IPv6 AH input "
667 "(%u, should be at least %u): %s\n",
668 (u_int32_t)siz1, (u_int32_t)siz,
669 ipsec6_logpacketstr(ip6, spi)));
670 IPSEC_STAT_INCREMENT(ipsec6stat.in_inval);
671 goto fail;
672 }
673 if ((ah->ah_len << 2) - sizoff != siz1) {
674 ipseclog((LOG_NOTICE, "sum length mismatch in IPv6 AH input "
675 "(%d should be %u): %s\n",
676 (ah->ah_len << 2) - sizoff, (u_int32_t)siz1,
677 ipsec6_logpacketstr(ip6, spi)));
678 IPSEC_STAT_INCREMENT(ipsec6stat.in_inval);
679 goto fail;
680 }
681 VERIFY((sizeof(struct ah) + sizoff + siz1) <= INT_MAX);
682 IP6_EXTHDR_CHECK(m, off, (int)(sizeof(struct ah) + sizoff + siz1),
683 {goto fail;});
684 ip6 = mtod(m, struct ip6_hdr *);
685 ah = (struct ah *)(void *)(mtod(m, caddr_t) + off);
686 }
687
688 /*
689 * check for sequence number.
690 */
691 if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay[0] != NULL) {
692 if (ipsec_chkreplay(ntohl(((struct newah *)ah)->ah_seq), sav, 0)) {
693 ; /*okey*/
694 } else {
695 IPSEC_STAT_INCREMENT(ipsec6stat.in_ahreplay);
696 ipseclog((LOG_WARNING,
697 "replay packet in IPv6 AH input: %s %s\n",
698 ipsec6_logpacketstr(ip6, spi),
699 ipsec_logsastr(sav)));
700 goto fail;
701 }
702 }
703
704 /*
705 * alright, it seems sane. now we are going to check the
706 * cryptographic checksum.
707 */
708 cksum = (u_char *)kalloc_data(siz1, Z_NOWAIT);
709 if (!cksum) {
710 ipseclog((LOG_DEBUG, "IPv6 AH input: "
711 "couldn't alloc temporary region for cksum\n"));
712 IPSEC_STAT_INCREMENT(ipsec6stat.in_inval);
713 goto fail;
714 }
715
716 if (ah6_calccksum(m, (caddr_t)cksum, siz1, algo, sav)) {
717 kfree_data(cksum, siz1);
718 IPSEC_STAT_INCREMENT(ipsec6stat.in_inval);
719 goto fail;
720 }
721 IPSEC_STAT_INCREMENT(ipsec6stat.in_ahhist[sav->alg_auth]);
722
723 {
724 caddr_t sumpos = NULL;
725
726 if (sav->flags & SADB_X_EXT_OLD) {
727 /* RFC 1826 */
728 sumpos = (caddr_t)(ah + 1);
729 } else {
730 /* RFC 2402 */
731 sumpos = (caddr_t)(((struct newah *)ah) + 1);
732 }
733
734 if (bcmp(sumpos, cksum, siz) != 0) {
735 ipseclog((LOG_WARNING,
736 "checksum mismatch in IPv6 AH input: %s %s\n",
737 ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav)));
738 kfree_data(cksum, siz1);
739 IPSEC_STAT_INCREMENT(ipsec6stat.in_ahauthfail);
740 goto fail;
741 }
742 }
743
744 kfree_data(cksum, siz1);
745
746 m->m_flags |= M_AUTHIPHDR;
747 m->m_flags |= M_AUTHIPDGM;
748
749 if (m->m_flags & M_AUTHIPHDR && m->m_flags & M_AUTHIPDGM) {
750 IPSEC_STAT_INCREMENT(ipsec6stat.in_ahauthsucc);
751 } else {
752 ipseclog((LOG_WARNING,
753 "authentication failed in IPv6 AH input: %s %s\n",
754 ipsec6_logpacketstr(ip6, spi), ipsec_logsastr(sav)));
755 IPSEC_STAT_INCREMENT(ipsec6stat.in_ahauthfail);
756 goto fail;
757 }
758
759 /*
760 * update sequence number.
761 */
762 if ((sav->flags & SADB_X_EXT_OLD) == 0 && sav->replay[0] != NULL) {
763 if (ipsec_updatereplay(ntohl(((struct newah *)ah)->ah_seq), sav, 0)) {
764 IPSEC_STAT_INCREMENT(ipsec6stat.in_ahreplay);
765 goto fail;
766 }
767 }
768
769 /* was it transmitted over the IPsec tunnel SA? */
770 if (sav->flags & SADB_X_EXT_OLD) {
771 /* RFC 1826 */
772 stripsiz = sizeof(struct ah) + siz1;
773 } else {
774 /* RFC 2402 */
775 stripsiz = sizeof(struct newah) + siz1;
776 }
777 if (ipsec6_tunnel_validate(m, (int)(off + stripsiz), nxt, sav, &ifamily)) {
778 ifaddr_t ifa;
779 struct sockaddr_storage addr;
780 struct sockaddr_in6 *ip6addr;
781 /*
782 * strip off all the headers that precedes AH.
783 * IP6 xx AH IP6' payload -> IP6' payload
784 *
785 * XXX more sanity checks
786 * XXX relationship with gif?
787 */
788 u_int32_t flowinfo; /*net endian*/
789
790 if (ifamily == AF_INET) {
791 ipseclog((LOG_NOTICE, "ipsec tunnel protocol mismatch "
792 "in IPv6 AH input: %s\n", ipsec_logsastr(sav)));
793 goto fail;
794 }
795
796 flowinfo = ip6->ip6_flow;
797 m_adj(m, (int)(off + stripsiz));
798 if (m->m_len < sizeof(*ip6)) {
799 /*
800 * m_pullup is prohibited in KAME IPv6 input processing
801 * but there's no other way!
802 */
803 m = m_pullup(m, sizeof(*ip6));
804 if (!m) {
805 IPSEC_STAT_INCREMENT(ipsec6stat.in_inval);
806 goto fail;
807 }
808 }
809 ip6 = mtod(m, struct ip6_hdr *);
810 /* ECN consideration. */
811 if (ip6_ecn_egress(ip6_ipsec_ecn, &flowinfo, &ip6->ip6_flow) == 0) {
812 IPSEC_STAT_INCREMENT(ipsec6stat.in_inval);
813 goto fail;
814 }
815 if (!key_checktunnelsanity(sav, AF_INET6,
816 (caddr_t)&ip6->ip6_src, (caddr_t)&ip6->ip6_dst)) {
817 ipseclog((LOG_NOTICE, "ipsec tunnel address mismatch "
818 "in IPv6 AH input: %s %s\n",
819 ipsec6_logpacketstr(ip6, spi),
820 ipsec_logsastr(sav)));
821 IPSEC_STAT_INCREMENT(ipsec6stat.in_inval);
822 goto fail;
823 }
824
825 /*
826 * should the inner packet be considered authentic?
827 * see comment in ah4_input().
828 */
829 m->m_flags &= ~M_AUTHIPHDR;
830 m->m_flags &= ~M_AUTHIPDGM;
831
832 key_sa_recordxfer(sav, m->m_pkthdr.len);
833 if (ipsec_incr_history_count(m, IPPROTO_AH, spi) != 0 ||
834 ipsec_incr_history_count(m, IPPROTO_IPV6, 0) != 0) {
835 IPSEC_STAT_INCREMENT(ipsec6stat.in_nomem);
836 goto fail;
837 }
838
839 bzero(&addr, sizeof(addr));
840 ip6addr = (__typeof__(ip6addr)) & addr;
841 ip6addr->sin6_family = AF_INET6;
842 ip6addr->sin6_len = sizeof(*ip6addr);
843 ip6addr->sin6_addr = ip6->ip6_dst;
844
845 // update the receiving interface address based on the inner address
846 ifa = ifa_ifwithaddr((struct sockaddr *)&addr);
847 if (ifa) {
848 m->m_pkthdr.rcvif = ifa->ifa_ifp;
849 IFA_REMREF(ifa);
850 }
851
852 // Input via IPsec interface
853 lck_mtx_lock(sadb_mutex);
854 ifnet_t ipsec_if = sav->sah->ipsec_if;
855 if (ipsec_if != NULL) {
856 // If an interface is found, add a reference count before dropping the lock
857 ifnet_reference(ipsec_if);
858 }
859 lck_mtx_unlock(sadb_mutex);
860 if (ipsec_if != NULL) {
861 errno_t inject_error = ipsec_inject_inbound_packet(ipsec_if, m);
862 ifnet_release(ipsec_if);
863 if (inject_error == 0) {
864 m = NULL;
865 nxt = IPPROTO_DONE;
866 goto done;
867 } else {
868 goto fail;
869 }
870 }
871
872 if (proto_input(PF_INET6, m) != 0) {
873 goto fail;
874 }
875 nxt = IPPROTO_DONE;
876 } else {
877 /*
878 * strip off AH.
879 */
880 char *prvnxtp;
881
882 /*
883 * Copy the value of the next header field of AH to the
884 * next header field of the previous header.
885 * This is necessary because AH will be stripped off below.
886 */
887 prvnxtp = ip6_get_prevhdr(m, off); /* XXX */
888 *prvnxtp = (u_int8_t)nxt;
889
890 ip6 = mtod(m, struct ip6_hdr *);
891 /*
892 * We do deep-copy since KAME requires that
893 * the packet is placed in a single mbuf.
894 */
895 ovbcopy((caddr_t)ip6, ((caddr_t)ip6) + stripsiz, off);
896 m->m_data += stripsiz;
897 m->m_len -= stripsiz;
898 m->m_pkthdr.len -= stripsiz;
899 ip6 = mtod(m, struct ip6_hdr *);
900 /* XXX jumbogram */
901 ip6->ip6_plen = htons((u_int16_t)(ntohs(ip6->ip6_plen) - stripsiz));
902
903 key_sa_recordxfer(sav, m->m_pkthdr.len);
904 if (ipsec_incr_history_count(m, IPPROTO_AH, spi) != 0) {
905 IPSEC_STAT_INCREMENT(ipsec6stat.in_nomem);
906 goto fail;
907 }
908
909 // Input via IPsec interface
910 lck_mtx_lock(sadb_mutex);
911 ifnet_t ipsec_if = sav->sah->ipsec_if;
912 if (ipsec_if != NULL) {
913 // If an interface is found, add a reference count before dropping the lock
914 ifnet_reference(ipsec_if);
915 }
916 lck_mtx_unlock(sadb_mutex);
917 if (ipsec_if != NULL) {
918 errno_t inject_error = ipsec_inject_inbound_packet(ipsec_if, m);
919 ifnet_release(ipsec_if);
920 if (inject_error == 0) {
921 m = NULL;
922 nxt = IPPROTO_DONE;
923 goto done;
924 } else {
925 goto fail;
926 }
927 }
928 }
929
930 done:
931 *offp = off;
932 *mp = m;
933 if (sav) {
934 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
935 printf("DP ah6_input call free SA:0x%llx\n",
936 (uint64_t)VM_KERNEL_ADDRPERM(sav)));
937 key_freesav(sav, KEY_SADB_UNLOCKED);
938 }
939 IPSEC_STAT_INCREMENT(ipsec6stat.in_success);
940 return nxt;
941
942 fail:
943 if (sav) {
944 KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
945 printf("DP ah6_input call free SA:0x%llx\n",
946 (uint64_t)VM_KERNEL_ADDRPERM(sav)));
947 key_freesav(sav, KEY_SADB_UNLOCKED);
948 }
949 if (m) {
950 m_freem(m);
951 *mp = NULL;
952 }
953 return IPPROTO_DONE;
954 }
955
956 void
ah6_ctlinput(int cmd,struct sockaddr * sa,void * d)957 ah6_ctlinput(int cmd, struct sockaddr *sa, void *d)
958 {
959 const struct newah *ahp;
960 struct newah ah;
961 struct secasvar *sav;
962 struct ip6_hdr *ip6;
963 struct mbuf *m;
964 struct ip6ctlparam *ip6cp = NULL;
965 int off = 0;
966 struct sockaddr_in6 *sa6_src, *sa6_dst;
967
968 if (sa->sa_family != AF_INET6 ||
969 sa->sa_len != sizeof(struct sockaddr_in6)) {
970 return;
971 }
972 if ((unsigned)cmd >= PRC_NCMDS) {
973 return;
974 }
975
976 /* if the parameter is from icmp6, decode it. */
977 if (d != NULL) {
978 ip6cp = (struct ip6ctlparam *)d;
979 m = ip6cp->ip6c_m;
980 ip6 = ip6cp->ip6c_ip6;
981 off = ip6cp->ip6c_off;
982 } else {
983 m = NULL;
984 ip6 = NULL;
985 }
986
987 if (ip6) {
988 /*
989 * XXX: We assume that when ip6 is non NULL,
990 * M and OFF are valid.
991 */
992
993 /* check if we can safely examine src and dst ports */
994 if (m->m_pkthdr.len < off + sizeof(ah)) {
995 return;
996 }
997
998 if (m->m_len < off + sizeof(ah)) {
999 /*
1000 * this should be rare case,
1001 * so we compromise on this copy...
1002 */
1003 m_copydata(m, off, sizeof(ah), (caddr_t)&ah);
1004 ahp = &ah;
1005 } else {
1006 ahp = (struct newah *)(void *)(mtod(m, caddr_t) + off);
1007 }
1008
1009 if (cmd == PRC_MSGSIZE) {
1010 int valid = 0;
1011
1012 /*
1013 * Check to see if we have a valid SA corresponding to
1014 * the address in the ICMP message payload.
1015 */
1016 sa6_src = ip6cp->ip6c_src;
1017 sa6_dst = (struct sockaddr_in6 *)(void *)sa;
1018 sav = key_allocsa(AF_INET6,
1019 (caddr_t)&sa6_src->sin6_addr,
1020 (caddr_t)&sa6_dst->sin6_addr,
1021 sa6_dst->sin6_scope_id,
1022 IPPROTO_AH, ahp->ah_spi);
1023 if (sav) {
1024 if (sav->state == SADB_SASTATE_MATURE ||
1025 sav->state == SADB_SASTATE_DYING) {
1026 valid++;
1027 }
1028 key_freesav(sav, KEY_SADB_UNLOCKED);
1029 }
1030
1031 /* XXX Further validation? */
1032
1033 /*
1034 * Depending on the value of "valid" and routing table
1035 * size (mtudisc_{hi,lo}wat), we will:
1036 * - recalcurate the new MTU and create the
1037 * corresponding routing entry, or
1038 * - ignore the MTU change notification.
1039 */
1040 icmp6_mtudisc_update((struct ip6ctlparam *)d, valid);
1041 }
1042
1043 /* we normally notify single pcb here */
1044 } else {
1045 /* we normally notify any pcb here */
1046 }
1047 }
1048