1 /*
2 * Copyright (c) 2019 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /* $KAME: keysock.c,v 1.13 2000/03/25 07:24:13 sumikawa Exp $ */
30
31 /*
32 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
33 * All rights reserved.
34 *
35 * Redistribution and use in source and binary forms, with or without
36 * modification, are permitted provided that the following conditions
37 * are met:
38 * 1. Redistributions of source code must retain the above copyright
39 * notice, this list of conditions and the following disclaimer.
40 * 2. Redistributions in binary form must reproduce the above copyright
41 * notice, this list of conditions and the following disclaimer in the
42 * documentation and/or other materials provided with the distribution.
43 * 3. Neither the name of the project nor the names of its contributors
44 * may be used to endorse or promote products derived from this software
45 * without specific prior written permission.
46 *
47 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
48 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
49 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
50 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
51 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
52 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
53 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
54 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
55 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
56 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
57 * SUCH DAMAGE.
58 */
59
60 /* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
61
62 #include <sys/types.h>
63 #include <sys/param.h>
64 #include <sys/systm.h>
65 #include <sys/kernel.h>
66 #include <sys/sysctl.h>
67 #include <sys/mbuf.h>
68 #include <sys/mcache.h>
69 #include <sys/malloc.h>
70 #include <sys/socket.h>
71 #include <sys/socketvar.h>
72 #include <sys/domain.h>
73 #include <sys/protosw.h>
74 #include <sys/errno.h>
75
76 #include <kern/locks.h>
77
78 #include <net/raw_cb.h>
79 #include <net/route.h>
80
81 #include <net/pfkeyv2.h>
82 #include <netkey/keydb.h>
83 #include <netkey/key.h>
84 #include <netkey/keysock.h>
85 #include <netkey/key_debug.h>
86 #include <net/sockaddr_utils.h>
87
88 extern lck_mtx_t raw_mtx;
89 extern void key_init(struct protosw *, struct domain *);
90
91 struct sockaddr key_dst = { .sa_len = 2, .sa_family = PF_KEY, .sa_data = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, } };
92 struct sockaddr key_src = { .sa_len = 2, .sa_family = PF_KEY, .sa_data = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, } };
93
94 static void key_dinit(struct domain *);
95 static int key_sendup0(struct rawcb *, struct mbuf *, int);
96
97 struct pfkeystat pfkeystat;
98
99 static struct domain *keydomain = NULL;
100
101 static LCK_GRP_DECLARE(pfkey_stat_mutex_grp, "pfkey_stat");
102 LCK_MTX_DECLARE(pfkey_stat_mutex, &pfkey_stat_mutex_grp);
103
104 /*
105 * key_output()
106 */
107 int
108 #ifdef __APPLE__
109 /* No variable argument support? */
key_output(struct mbuf * m,struct socket * so)110 key_output(struct mbuf *m, struct socket *so)
111 #else
112 #if __STDC__
113 key_output(struct mbuf *m, ...)
114 #else
115 key_output(m, va_alist)
116 struct mbuf *m;
117 va_dcl
118 #endif
119 #endif
120 {
121 struct sadb_msg *msg;
122 int len, error = 0;
123 #ifndef __APPLE__
124 struct socket *so;
125 va_list ap;
126
127 va_start(ap, m);
128 so = va_arg(ap, struct socket *);
129 va_end(ap);
130 #endif
131
132 if (m == 0) {
133 panic("key_output: NULL pointer was passed.");
134 }
135
136 socket_unlock(so, 0);
137 lck_mtx_lock(&pfkey_stat_mutex);
138 pfkeystat.out_total++;
139 pfkeystat.out_bytes += m->m_pkthdr.len;
140 lck_mtx_unlock(&pfkey_stat_mutex);
141
142 len = m->m_pkthdr.len;
143 if (len < sizeof(struct sadb_msg)) {
144 #if IPSEC_DEBUG
145 printf("key_output: Invalid message length.\n");
146 #endif
147 PFKEY_STAT_INCREMENT(pfkeystat.out_tooshort);
148 error = EINVAL;
149 goto end;
150 }
151
152 if (m->m_len < sizeof(struct sadb_msg)) {
153 if ((m = m_pullup(m, sizeof(struct sadb_msg))) == 0) {
154 #if IPSEC_DEBUG
155 printf("key_output: can't pullup mbuf\n");
156 #endif
157 PFKEY_STAT_INCREMENT(pfkeystat.out_nomem);
158 error = ENOBUFS;
159 goto end;
160 }
161 }
162
163 if ((m->m_flags & M_PKTHDR) == 0) {
164 panic("key_output: not M_PKTHDR ??");
165 }
166
167 #if IPSEC_DEBUG
168 KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
169 #endif /* defined(IPSEC_DEBUG) */
170
171 msg = mtod(m, struct sadb_msg *);
172 PFKEY_STAT_INCREMENT(pfkeystat.out_msgtype[msg->sadb_msg_type]);
173 if (len != PFKEY_UNUNIT64(msg->sadb_msg_len)) {
174 #if IPSEC_DEBUG
175 printf("key_output: Invalid message length.\n");
176 #endif
177 PFKEY_STAT_INCREMENT(pfkeystat.out_invlen);
178 error = EINVAL;
179 goto end;
180 }
181
182 error = key_parse(m, so);
183 m = NULL;
184
185 end:
186 if (m) {
187 m_freem(m);
188 }
189 socket_lock(so, 0);
190 return error;
191 }
192
193 /*
194 * send message to the socket.
195 */
196 static int
key_sendup0(struct rawcb * rp,struct mbuf * m,int promisc)197 key_sendup0(struct rawcb *rp, struct mbuf *m, int promisc)
198 {
199 int error;
200
201 if (promisc) {
202 struct sadb_msg *pmsg;
203
204 M_PREPEND(m, sizeof(struct sadb_msg), M_NOWAIT, 1);
205 if (m && m->m_len < sizeof(struct sadb_msg)) {
206 m = m_pullup(m, sizeof(struct sadb_msg));
207 }
208 if (!m) {
209 #if IPSEC_DEBUG
210 printf("key_sendup0: cannot pullup\n");
211 #endif
212 PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
213 m_freem(m);
214 return ENOBUFS;
215 }
216 m->m_pkthdr.len += sizeof(*pmsg);
217 VERIFY(PFKEY_UNIT64(m->m_pkthdr.len) <= UINT16_MAX);
218
219 pmsg = mtod(m, struct sadb_msg *);
220 bzero(pmsg, sizeof(*pmsg));
221 pmsg->sadb_msg_version = PF_KEY_V2;
222 pmsg->sadb_msg_type = SADB_X_PROMISC;
223 pmsg->sadb_msg_len = (u_int16_t)PFKEY_UNIT64(m->m_pkthdr.len);
224 /* pid and seq? */
225
226 PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[pmsg->sadb_msg_type]);
227 }
228
229 if (!sbappendaddr(&rp->rcb_socket->so_rcv, SA(&key_src),
230 m, NULL, &error)) {
231 #if IPSEC_DEBUG
232 printf("key_sendup0: sbappendaddr failed\n");
233 #endif
234 PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
235 } else {
236 sorwakeup(rp->rcb_socket);
237 }
238 return error;
239 }
240
241
242 /* so can be NULL if target != KEY_SENDUP_ONE */
243 int
key_sendup_mbuf(struct socket * so,struct mbuf * m,int target)244 key_sendup_mbuf(struct socket *so, struct mbuf *m, int target)
245 {
246 struct mbuf *n;
247 struct keycb *kp;
248 int sendup;
249 struct rawcb *rp;
250 int error = 0;
251
252 if (m == NULL) {
253 panic("key_sendup_mbuf: NULL pointer was passed.");
254 }
255 if (so == NULL && target == KEY_SENDUP_ONE) {
256 panic("key_sendup_mbuf: NULL pointer was passed.");
257 }
258
259 lck_mtx_lock(&pfkey_stat_mutex);
260 pfkeystat.in_total++;
261 pfkeystat.in_bytes += m->m_pkthdr.len;
262 lck_mtx_unlock(&pfkey_stat_mutex);
263 if (m->m_len < sizeof(struct sadb_msg)) {
264 #if 1
265 m = m_pullup(m, sizeof(struct sadb_msg));
266 if (m == NULL) {
267 PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
268 return ENOBUFS;
269 }
270 #else
271 /* don't bother pulling it up just for stats */
272 #endif
273 }
274 if (m->m_len >= sizeof(struct sadb_msg)) {
275 struct sadb_msg *msg;
276 msg = mtod(m, struct sadb_msg *);
277 PFKEY_STAT_INCREMENT(pfkeystat.in_msgtype[msg->sadb_msg_type]);
278 }
279
280 lck_mtx_lock(&raw_mtx);
281 LIST_FOREACH(rp, &rawcb_list, list)
282 {
283 if (rp->rcb_proto.sp_family != PF_KEY) {
284 continue;
285 }
286 if (rp->rcb_proto.sp_protocol
287 && rp->rcb_proto.sp_protocol != PF_KEY_V2) {
288 continue;
289 }
290
291 kp = __container_of(rp, struct keycb, kp_raw);
292
293 socket_lock(rp->rcb_socket, 1);
294 /*
295 * If you are in promiscuous mode, and when you get broadcasted
296 * reply, you'll get two PF_KEY messages.
297 * (based on [email protected] message on 14 Oct 1998)
298 */
299 if (kp->kp_promisc) {
300 if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
301 (void)key_sendup0(rp, n, 1);
302 n = NULL;
303 }
304 }
305
306 /* the exact target will be processed later */
307 if (so && sotorawcb(so) == rp) {
308 socket_unlock(rp->rcb_socket, 1);
309 continue;
310 }
311
312 sendup = 0;
313 switch (target) {
314 case KEY_SENDUP_ONE:
315 /* the statement has no effect */
316 break;
317 case KEY_SENDUP_ALL:
318 sendup++;
319 break;
320 case KEY_SENDUP_REGISTERED:
321 if (kp->kp_registered) {
322 sendup++;
323 }
324 break;
325 }
326 PFKEY_STAT_INCREMENT(pfkeystat.in_msgtarget[target]);
327
328 if (!sendup) {
329 socket_unlock(rp->rcb_socket, 1);
330 continue;
331 } else {
332 sendup = 0; // clear for next iteration
333 }
334 if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) {
335 #if IPSEC_DEBUG
336 printf("key_sendup: m_copy fail\n");
337 #endif
338 m_freem(m);
339 PFKEY_STAT_INCREMENT(pfkeystat.in_nomem);
340 socket_unlock(rp->rcb_socket, 1);
341 lck_mtx_unlock(&raw_mtx);
342 return ENOBUFS;
343 }
344
345 /*
346 * ignore error even if queue is full. PF_KEY does not
347 * guarantee the delivery of the message.
348 * this is important when target == KEY_SENDUP_ALL.
349 */
350 key_sendup0(rp, n, 0);
351 socket_unlock(rp->rcb_socket, 1);
352 n = NULL;
353 }
354
355 lck_mtx_unlock(&raw_mtx);
356 if (so) {
357 socket_lock(so, 1);
358 error = key_sendup0(sotorawcb(so), m, 0);
359 socket_unlock(so, 1);
360 m = NULL;
361 } else {
362 error = 0;
363 m_freem(m);
364 }
365 return error;
366 }
367
368 /*
369 * key_abort()
370 * derived from net/rtsock.c:rts_abort()
371 */
372 static int
key_abort(struct socket * so)373 key_abort(struct socket *so)
374 {
375 int error;
376 error = raw_usrreqs.pru_abort(so);
377 return error;
378 }
379
380 /*
381 * key_attach()
382 * derived from net/rtsock.c:rts_attach()
383 */
384 static int
key_attach(struct socket * so,int proto,struct proc * p)385 key_attach(struct socket *so, int proto, struct proc *p)
386 {
387 struct keycb *kp;
388 int error;
389
390 if (sotorawcb(so) != 0) {
391 return EISCONN; /* XXX panic? */
392 }
393
394 kp = kalloc_type(struct keycb, Z_WAITOK_ZERO_NOFAIL);
395 so->so_pcb = (caddr_t)kp;
396 kp->kp_raw.rcb_laddr = &key_src;
397 kp->kp_raw.rcb_faddr = &key_dst;
398
399 error = raw_usrreqs.pru_attach(so, proto, p);
400 kp = (struct keycb *)sotorawcb(so);
401 if (error) {
402 kfree_type(struct keycb, kp);
403 so->so_pcb = (caddr_t) 0;
404 so->so_flags |= SOF_PCBCLEARING;
405 printf("key_usrreq: key_usrreq results %d\n", error);
406 return error;
407 }
408
409 /* so is already locked when calling key_attach */
410 if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) { /* XXX: AF_KEY */
411 key_cb.key_count++;
412 }
413 key_cb.any_count++;
414 soisconnected(so);
415 so->so_options |= SO_USELOOPBACK;
416
417 return 0;
418 }
419
420 /*
421 * key_bind()
422 * derived from net/rtsock.c:rts_bind()
423 */
424 static int
key_bind(struct socket * so,struct sockaddr * nam,struct proc * p)425 key_bind(struct socket *so, struct sockaddr *nam, struct proc *p)
426 {
427 int error;
428 error = raw_usrreqs.pru_bind(so, nam, p); /* xxx just EINVAL */
429 return error;
430 }
431
432 /*
433 * key_connect()
434 * derived from net/rtsock.c:rts_connect()
435 */
436 static int
key_connect(struct socket * so,struct sockaddr * nam,struct proc * p)437 key_connect(struct socket *so, struct sockaddr *nam, struct proc *p)
438 {
439 int error;
440 error = raw_usrreqs.pru_connect(so, nam, p); /* XXX just EINVAL */
441 return error;
442 }
443
444 /*
445 * key_detach()
446 * derived from net/rtsock.c:rts_detach()
447 */
448 static int
key_detach(struct socket * so)449 key_detach(struct socket *so)
450 {
451 struct keycb *kp = (struct keycb *)sotorawcb(so);
452
453 if (kp == 0) {
454 return EINVAL;
455 }
456
457 if (kp->kp_raw.rcb_proto.sp_protocol == PF_KEY) { /* XXX: AF_KEY */
458 key_cb.key_count--;
459 }
460 key_cb.any_count--;
461 socket_unlock(so, 0);
462 key_freereg(so);
463 socket_lock(so, 0);
464
465 raw_detach_nofree(sotorawcb(so));
466 kfree_type(struct keycb, kp);
467 return 0;
468 }
469
470 /*
471 * key_disconnect()
472 * derived from net/rtsock.c:key_disconnect()
473 */
474 static int
key_disconnect(struct socket * so)475 key_disconnect(struct socket *so)
476 {
477 int error;
478 error = raw_usrreqs.pru_disconnect(so);
479 return error;
480 }
481
482 /*
483 * key_peeraddr()
484 * derived from net/rtsock.c:rts_peeraddr()
485 */
486 static int
key_peeraddr(struct socket * so,struct sockaddr ** nam)487 key_peeraddr(struct socket *so, struct sockaddr **nam)
488 {
489 int error;
490 error = raw_usrreqs.pru_peeraddr(so, nam);
491 return error;
492 }
493
494 /*
495 * key_send()
496 * derived from net/rtsock.c:rts_send()
497 */
498 static int
key_send(struct socket * so,int flags,struct mbuf * m,struct sockaddr * nam,struct mbuf * control,struct proc * p)499 key_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam,
500 struct mbuf *control, struct proc *p)
501 {
502 int error;
503 error = raw_usrreqs.pru_send(so, flags, m, nam, control, p);
504 return error;
505 }
506
507 /*
508 * key_shutdown()
509 * derived from net/rtsock.c:rts_shutdown()
510 */
511 static int
key_shutdown(struct socket * so)512 key_shutdown(struct socket *so)
513 {
514 int error;
515 error = raw_usrreqs.pru_shutdown(so);
516 return error;
517 }
518
519 /*
520 * key_sockaddr()
521 * derived from net/rtsock.c:rts_sockaddr()
522 */
523 static int
key_sockaddr(struct socket * so,struct sockaddr ** nam)524 key_sockaddr(struct socket *so, struct sockaddr **nam)
525 {
526 int error;
527 error = raw_usrreqs.pru_sockaddr(so, nam);
528 return error;
529 }
530
531 static struct pr_usrreqs key_usrreqs = {
532 .pru_abort = key_abort,
533 .pru_attach = key_attach,
534 .pru_bind = key_bind,
535 .pru_connect = key_connect,
536 .pru_detach = key_detach,
537 .pru_disconnect = key_disconnect,
538 .pru_peeraddr = key_peeraddr,
539 .pru_send = key_send,
540 .pru_shutdown = key_shutdown,
541 .pru_sockaddr = key_sockaddr,
542 .pru_sosend = sosend,
543 .pru_soreceive = soreceive,
544 };
545
546 /* sysctl */
547 SYSCTL_NODE(_net, PF_KEY, key, CTLFLAG_RW | CTLFLAG_LOCKED, 0, "Key Family");
548
549 /*
550 * Definitions of protocols supported in the KEY domain.
551 */
552
553 extern struct domain keydomain_s;
554
555 static struct protosw keysw[] = {
556 {
557 .pr_type = SOCK_RAW,
558 .pr_protocol = PF_KEY_V2,
559 .pr_flags = PR_ATOMIC | PR_ADDR,
560 .pr_output = key_output,
561 .pr_ctlinput = raw_ctlinput,
562 .pr_init = key_init,
563 .pr_usrreqs = &key_usrreqs,
564 }
565 };
566
567 static int key_proto_count = (sizeof(keysw) / sizeof(struct protosw));
568
569 struct domain keydomain_s = {
570 .dom_family = PF_KEY,
571 .dom_name = "key",
572 .dom_init = key_dinit,
573 .dom_maxrtkey = sizeof(struct key_cb),
574 };
575
576 static void
key_dinit(struct domain * dp)577 key_dinit(struct domain *dp)
578 {
579 struct protosw *pr;
580 int i;
581
582 VERIFY(!(dp->dom_flags & DOM_INITIALIZED));
583 VERIFY(keydomain == NULL);
584
585 keydomain = dp;
586
587 for (i = 0, pr = &keysw[0]; i < key_proto_count; i++, pr++) {
588 net_add_proto(pr, dp, 1);
589 }
590 }
591