1 /*
2 * Copyright (c) 2016 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /* $KAME: keydb.c,v 1.61 2000/03/25 07:24:13 sumikawa Exp $ */
30
31 /*
32 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
33 * All rights reserved.
34 *
35 * Redistribution and use in source and binary forms, with or without
36 * modification, are permitted provided that the following conditions
37 * are met:
38 * 1. Redistributions of source code must retain the above copyright
39 * notice, this list of conditions and the following disclaimer.
40 * 2. Redistributions in binary form must reproduce the above copyright
41 * notice, this list of conditions and the following disclaimer in the
42 * documentation and/or other materials provided with the distribution.
43 * 3. Neither the name of the project nor the names of its contributors
44 * may be used to endorse or promote products derived from this software
45 * without specific prior written permission.
46 *
47 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
48 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
49 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
50 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
51 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
52 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
53 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
54 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
55 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
56 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
57 * SUCH DAMAGE.
58 */
59
60 #include <sys/types.h>
61 #include <sys/socket.h>
62 #include <sys/param.h>
63 #include <sys/systm.h>
64 #include <sys/kernel.h>
65 #include <sys/malloc.h>
66 #include <sys/errno.h>
67 #include <sys/queue.h>
68
69 #include <net/if.h>
70 #include <net/route.h>
71
72 #include <netinet/in.h>
73
74 #include <net/pfkeyv2.h>
75 #include <netkey/key.h>
76 #include <netkey/keydb.h>
77 #include <netinet6/ipsec.h>
78
79 #include <net/net_osdep.h>
80
81 MALLOC_DEFINE(M_SECA, "key mgmt", "security associations, key management");
82
83 // static void keydb_delsecasvar(struct secasvar *); // not used
84
85 /*
86 * secpolicy management
87 */
88 struct secpolicy *
keydb_newsecpolicy(void)89 keydb_newsecpolicy(void)
90 {
91 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
92
93 return kalloc_type(struct secpolicy, Z_WAITOK | Z_ZERO);
94 }
95
96 void
keydb_delsecpolicy(struct secpolicy * p)97 keydb_delsecpolicy(struct secpolicy *p)
98 {
99 kfree_type(struct secpolicy, p);
100 }
101
102 /*
103 * secashead management
104 */
105 struct secashead *
keydb_newsecashead(void)106 keydb_newsecashead(void)
107 {
108 struct secashead *p;
109 int i;
110
111 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
112
113 p = (struct secashead *)_MALLOC(sizeof(*p), M_SECA, M_NOWAIT | M_ZERO);
114 if (!p) {
115 lck_mtx_unlock(sadb_mutex);
116 p = (struct secashead *)_MALLOC(sizeof(*p), M_SECA,
117 M_WAITOK | M_ZERO);
118 lck_mtx_lock(sadb_mutex);
119 }
120 if (!p) {
121 return p;
122 }
123 for (i = 0; i < sizeof(p->savtree) / sizeof(p->savtree[0]); i++) {
124 LIST_INIT(&p->savtree[i]);
125 }
126 return p;
127 }
128
129 #if 0
130 void
131 keydb_delsecashead(p)
132 struct secashead *p;
133 {
134 _FREE(p, M_SECA);
135 }
136
137
138
139 /*
140 * secasvar management (reference counted)
141 */
142 struct secasvar *
143 keydb_newsecasvar()
144 {
145 struct secasvar *p;
146
147 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
148
149 p = (struct secasvar *)_MALLOC(sizeof(*p), M_SECA, M_WAITOK);
150 if (!p) {
151 return p;
152 }
153 bzero(p, sizeof(*p));
154 p->refcnt = 1;
155 return p;
156 }
157
158 void
159 keydb_refsecasvar(p)
160 struct secasvar *p;
161 {
162 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
163
164 p->refcnt++;
165 }
166
167 void
168 keydb_freesecasvar(p)
169 struct secasvar *p;
170 {
171 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
172
173 p->refcnt--;
174 /* negative refcnt will cause panic intentionally */
175 if (p->refcnt <= 0) {
176 keydb_delsecasvar(p);
177 }
178 }
179
180 static void
181 keydb_delsecasvar(p)
182 struct secasvar *p;
183 {
184 if (p->refcnt) {
185 panic("keydb_delsecasvar called with refcnt != 0");
186 }
187
188 _FREE(p, M_SECA);
189 }
190 #endif
191
192 /*
193 * secreplay management
194 */
195 struct secreplay *
keydb_newsecreplay(u_int8_t wsize)196 keydb_newsecreplay(u_int8_t wsize)
197 {
198 struct secreplay *p;
199
200 LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
201
202 p = kalloc_type(struct secreplay, Z_NOWAIT | Z_ZERO);
203 if (!p) {
204 lck_mtx_unlock(sadb_mutex);
205 p = kalloc_type(struct secreplay, Z_WAITOK | Z_ZERO);
206 lck_mtx_lock(sadb_mutex);
207 }
208 if (!p) {
209 return p;
210 }
211
212 if (wsize != 0) {
213 p->bitmap = (caddr_t)kalloc_data(wsize, Z_NOWAIT | Z_ZERO);
214 if (!p->bitmap) {
215 lck_mtx_unlock(sadb_mutex);
216 p->bitmap = (caddr_t)kalloc_data(wsize, Z_WAITOK | Z_ZERO);
217 lck_mtx_lock(sadb_mutex);
218 if (!p->bitmap) {
219 kfree_type(struct secreplay, p);
220 return NULL;
221 }
222 }
223 }
224 p->wsize = wsize;
225 return p;
226 }
227
228 void
keydb_delsecreplay(struct secreplay * p)229 keydb_delsecreplay(struct secreplay *p)
230 {
231 if (p->bitmap) {
232 kfree_data(p->bitmap, p->wsize);
233 }
234 kfree_type(struct secreplay, p);
235 }
236
237 #if 0
238 /* NOT USED
239 * secreg management
240 */
241 struct secreg *
242 keydb_newsecreg()
243 {
244 struct secreg *p;
245
246 p = (struct secreg *)_MALLOC(sizeof(*p), M_SECA, M_WAITOK);
247 if (p) {
248 bzero(p, sizeof(*p));
249 }
250 return p;
251 }
252
253 void
254 keydb_delsecreg(p)
255 struct secreg *p;
256 {
257 _FREE(p, M_SECA);
258 }
259 #endif
260