Commit Graph

67 Commits

Author SHA1 Message Date
ozaki-r
e1c9808fed Don't acquire global locks for IPsec if NET_MPSAFE
Note that the change is just to make testing easy and IPsec isn't MP-safe yet.
2017-07-27 06:59:28 +00:00
ozaki-r
8487e35ae9 Use pool to allocate tdb_crypto
For ESP and AH, we need to allocate an extra variable space in addition
to struct tdb_crypto. The fixed size of pool items may be larger than
an actual requisite size of a buffer, but still the performance
improvement by replacing malloc with pool wins.
2017-07-20 08:07:14 +00:00
ozaki-r
1cf1ea9ddf Hold a reference to an SP during opencrypto processing
An SP has a list of isr (ipsecrequest) that represents a sequence
of IPsec encryption/authentication processing. One isr corresponds
to one opencrypto processing. The lifetime of an isr follows its SP.

We pass an isr to a callback function of opencrypto to continue
to a next encryption/authentication processing. However nobody
guaranteed that the isr wasn't freed, i.e., its SP wasn't destroyed.

In order to avoid such unexpected destruction of isr, hold a reference
to its SP during opencrypto processing.
2017-07-19 10:26:09 +00:00
ozaki-r
80807c7710 Don't bother the case of crp->crp_buf == NULL in callbacks 2017-07-19 09:38:57 +00:00
ozaki-r
dfce9c5119 Don't release sav if calling crypto_dispatch again 2017-07-19 09:03:08 +00:00
ozaki-r
38b8f795b6 Prepare to stop using isr->sav
isr is a shared resource and using isr->sav as a temporal storage
for each packet processing is racy. And also having a reference from
isr to sav makes the lifetime of sav non-deterministic; such a reference
is removed when a packet is processed and isr->sav is overwritten by
new one. Let's have a sav locally for each packet processing instead of
using shared isr->sav.

However this change doesn't stop using isr->sav yet because there are
some users of isr->sav. isr->sav will be removed after the users find
a way to not use isr->sav.
2017-07-14 12:26:26 +00:00
ozaki-r
be5a3d6f81 Pass sav directly to opencrypto callback
In a callback, use a passed sav as-is by default and look up a sav
only if the passed sav is dead.
2017-07-14 01:24:23 +00:00
ozaki-r
f924be8731 Fix header size calculation of esp where sav is NULL 2017-07-13 03:00:46 +00:00
ozaki-r
27c8ae80b9 Use explicit_memset to surely zero-clear key_auth and key_enc 2017-07-10 07:17:12 +00:00
ozaki-r
6f13f59f2e Rename key_alloc* functions (NFC)
We shouldn't use the term "alloc" for functions that just look up
data and actually don't allocate memory.
2017-07-07 01:37:34 +00:00
ozaki-r
2b6b0bfccb Remove codes for PACKET_TAG_IPSEC_IN_CRYPTO_DONE
It seems that PACKET_TAG_IPSEC_IN_CRYPTO_DONE is for network adapters
that have IPsec accelerators; a driver sets the mtag to a packet
when its device has already encrypted the packet.

Unfortunately no driver implements such offload features for long
years and seems unlikely to implement them soon. (Note that neither
FreeBSD nor Linux doesn't have such drivers.) Let's remove related
(unused) codes and simplify the IPsec code.
2017-07-05 03:44:59 +00:00
ozaki-r
8f43f955ac Apply C99-style struct initialization to xformsw 2017-06-29 07:13:41 +00:00
ryo
dd8c81f5bb Make ipsec_address() and ipsec_logsastr() mpsafe. 2017-05-11 05:55:14 +00:00
ozaki-r
ef67739a78 Retire ipsec_osdep.h
We don't need to care other OSes (FreeBSD) anymore.

Some macros are alive in ipsec_private.h.
2017-04-19 03:39:14 +00:00
ozaki-r
2620e166df Convert IPSEC_ASSERT to KASSERT or KASSERTMSG
IPSEC_ASSERT just discarded specified message...
2017-04-18 05:26:41 +00:00
ozaki-r
b4d2d2c260 Remove __FreeBSD__ and __NetBSD__ switches
No functional changes (except for a debug printf).

Note that there remain some __FreeBSD__ for sysctl knobs which counerparts
to NetBSD don't exist. And ipsec_osdep.h isn't touched yet; tidying it up
requires actual code changes.
2017-04-18 05:25:32 +00:00
christos
3d6520b363 cosmetic fixes:
- __func__ in printfs
	- no space after sizeof
	- eliminate useless casts
	- u_intX_t -> uintX_t
2017-04-15 22:01:57 +00:00
christos
62446aa148 Redo the statistics through an indirection array and put the definitions
of the arrays in pfkeyv2.h so that they are next to the index definitions.
Remove "bogus" comment about compressing the statistics which is now fixed.
2017-04-13 16:38:31 +00:00
ozaki-r
61c284b0f0 Fix that ah_algorithm_lookup and esp_algorithm_lookup don't handle some algorithms
Unrelated upper limit values, AH_ALG_MAX and ESP_ALG_MAX, prevented some
algorithms from being looked up.
2017-04-13 01:32:57 +00:00
christos
b12f0138d5 PR/52150: Ryota Ozaki: ipsec: kernel panic on adding a key with an invalid
length.
2017-04-10 14:19:22 +00:00
ozaki-r
80d40a78b4 Prepare netipsec for rump-ification
- Include "opt_*.h" only if _KERNEL_OPT is defined
- Allow encapinit to be called twice (by ifinit and ipe4_attach)
  - ifinit didn't call encapinit if IPSEC is enabled (ipe4_attach called
    it instead), however, on a rump kernel ipe4_attach may not be called
    even if IPSEC is enabled. So we need to allow ifinit to call it anyway
- Setup sysctls in ipsec_attach explicitly instead of using SYSCTL_SETUP
- Call ip6flow_invalidate_all in key_spdadd only if in6_present
  - It's possible that a rump kernel loads the ipsec library but not
    the inet6 library
2017-04-06 09:20:07 +00:00
ozaki-r
48b3acd885 Tidy up opt_ipsec.h inclusions
Some inclusions of opt_ipsec.h were for IPSEC_NAT_T and are now unnecessary.
Add inclusions to some C files for IPSEC_DEBUG.
2015-03-30 03:51:50 +00:00
mrg
a370d57c87 - apply some __diagused
- remove unused variables
- move some variables inside their relevant use #ifdef
2013-11-03 18:37:10 +00:00
riastradh
cc79193075 Fix sense of consttime_memequal and update all callers.
Now it returns true (nonzero) to mean equal and false (zero) to mean
inequal, as the name suggests.

As promised on tech-userlevel back in June:

https://mail-index.netbsd.org/tech-userlevel/2013/06/24/msg007843.html
2013-08-28 15:24:41 +00:00
riastradh
82db4b9858 Replace consttime_bcmp/explicit_bzero by consttime_memequal/explicit_memset.
consttime_memequal is the same as the old consttime_bcmp.
explicit_memset is to memset as explicit_bzero was to bcmp.

Passes amd64 release and i386/ALL, but I'm sure I missed some spots,
so please let me know.
2013-06-24 04:21:19 +00:00
christos
213e873fd6 PR/47886: Dr. Wolfgang Stukenbrock: IPSEC_NAT_T enabled kernels may access
outdated pointers and pass ESP data to UPD-sockets.
While here, simplify the code and remove the IPSEC_NAT_T option; always
compile nat-traversal in so that it does not bitrot.
2013-06-04 22:47:37 +00:00
drochner
8588929dc5 Add "consttime_bcmp" and "explicit_bzero" functions for both kernel
abd userland, as proposed on tech-security, with explicit_bzero using
a volatile function pointer as suggested by Alan Barrett.
Both do what the name says. For userland, both are prefixed by "__"
to keep them out of the user namespace.
Change some memset/memcmp uses to the new functions where it makes
sense -- these are just some examples, more to come.
2012-08-30 12:16:48 +00:00
drochner
22beeb59d8 Make sure the mbufs in the input path (only the parts which we are going
to modify in the AH case) are writable/non-shared.
This addresses PR kern/33162 by Jeff Rizzo, and replaces the insufficient
patch from that time by a radical solution.
(The PR's problem had been worked around by rev.1.3 of xennetback_xenbus.c,
so it needs a network driver modification to reproduce it.)
Being here, clarify a bit of ipcomp -- uncompression is done in-place,
the header must be removed explicitly.
2012-01-25 20:31:23 +00:00
plunky
7f3d4048d7 NULL does not need a cast 2011-08-31 18:31:02 +00:00
drochner
0a8dabda40 pull in AES-GCM/GMAC support from OpenBSD
This is still somewhat experimental. Tested between 2 similar boxes
so far. There is much potential for performance improvement. For now,
I've changed the gmac code to accept any data alignment, as the "char *"
pointer suggests. As the code is practically used, 32-bit alignment
can be assumed, at the cost of data copies. I don't know whether
bytewise access or copies are worse performance-wise. For efficient
implementations using SSE2 instructions on x86, even stricter
alignment requirements might arise.
2011-05-26 21:50:02 +00:00
drochner
fe35ba177e g/c remainders of IV handling in pfkey code -- this is done in
opencrypto now
2011-05-23 15:17:25 +00:00
drochner
22a8d55c40 allow ESP to use AES-CTR
(pfkey and userland tool support is already there because it has been
in KAME IPSEC all the time)
tested against KAME IPSEC
2011-05-23 13:57:52 +00:00
drochner
5fafa9c424 -in the descriptor for encryption xforms, split the "blocksize" field
into "blocksize" and "IV size"
-add an "reinit" function pointer which, if set, means that the xform
 does its IV handling itself and doesn't want the default CBC handling
 by the framework (poor name, but left that way to avoid unecessary
 differences)
This syncs with Open/FreeBSD, purpose is to allow non-CBC transforms.
Refer to ivsize instead of blocksize where appropriate.
(At this point, blocksize and ivsize are identical.)
2011-05-23 13:46:54 +00:00
drochner
d26dda3d0d As a first step towards more fine-grained locking, don't require
crypto_{new.free}session() to be called with the "crypto_mtx"
spinlock held.
This doesn't change much for now because these functions acquire
the said mutex first on entry now, but at least it keeps the nasty
locks local to the opencrypto core.
2011-05-06 21:48:46 +00:00
drochner
41fde2494b fix C&P botch in diagnostic printfs 2011-05-05 20:15:14 +00:00
drochner
08355b198c support camellia-cbc as ESP cipher 2011-05-05 17:48:29 +00:00
spz
2fbfb83e1b fix compiling with IPSEC_DEBUG:
it's authsize not authlen in struct auth_hash
2011-03-27 21:56:57 +00:00
drochner
b4da53f1e6 make the use of SHA2-HMAC by FAST_IPSEC compliant to current standards:
-RFC2104 says that the block size of the hash algorithm must be used
 for key/ipad/opad calculations. While formerly all ciphers used a block
 length of 64, SHA384 and SHA512 use 128 bytes. So we can't use the
 HMAC_BLOCK_LEN constant anymore. Add a new field to "struct auth_hash"
 for the per-cipher blocksize.
-Due to this, there can't be a single "CRYPTO_SHA2_HMAC" external name
 anymore. Replace this by 3 for the 3 different keysizes.
 This was done by Open/FreeBSD before.
-Also fix the number of authenticator bits used tor ESP and AH to
 conform to RFC4868, and remove uses of AH_HMAC_HASHLEN which did
 assume a fixed authenticator size of 12 bytes.

FAST_IPSEC will not interoperate with KAME IPSEC anymore if sha2 is used,
because the latter doesn't implement these standards. It should
interoperate with at least modern Free/OpenBSD now.
(I've only tested with NetBSD-current/FAST_IPSEC on both ends.)
2011-02-25 20:13:10 +00:00
degroote
de55cbd2df Fix a missing const in FAST_IPSEC && IPSEC_DEBUG 2011-02-19 18:26:50 +00:00
drochner
909a8e8346 more "const" 2011-02-18 19:56:01 +00:00
drochner
bbd82ed172 sprinkle some "const", documenting that the SA is not supposed to
change during an xform operation
2011-02-18 19:06:45 +00:00
drochner
6ed51462a6 one more botched statistics counter (could increment semi-random locations) 2011-02-14 18:49:31 +00:00
drochner
254b02f7fb fix output bytecount statcounter 2011-02-14 16:34:43 +00:00
drochner
72fa9245cb change locking order, to make sure the cpu is at splsoftnet()
before the softnet_lock (adaptive) mutex is acquired, from
Wolfgang Stukenbrock, should fix a recursive lock panic
2011-02-14 13:43:45 +00:00
drochner
6c21d3ecdd -in opencrypto callbacks (which run in a kernel thread), pull softnet_lock
everywhere splsoftnet() was used before, to fix MP concurrency problems
-pull KERNEL_LOCK where ip(6)_output() is called, as this is what
 the network stack (unfortunately) expects, in particular to avoid
 races for packets in the interface send queues
From Wolfgang Stukenbrock per PR kern/44418, with the application
of KERNEL_LOCK to what I think are the essential points, tested
on a dual-core i386.
2011-02-10 20:24:27 +00:00
cegger
4f9cf8aa30 Correct bungled bcopy() -> memcpy() conversion 2009-03-20 05:26:37 +00:00
cegger
e2cb85904d bcopy -> memcpy 2009-03-18 17:06:41 +00:00
cegger
c363a9cb62 bzero -> memset 2009-03-18 16:00:08 +00:00
cegger
35fb64746b bcmp -> memcmp 2009-03-18 15:14:29 +00:00
thorpej
caf49ea572 Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and
netstat_sysctl().
2008-04-23 06:09:04 +00:00