2 * SPDX-License-Identifier: BSD-3-Clause
4 * Copyright (c) 2003 Bruce M. Simpson <bms@spc.org>
5 * Copyright (c) 2016 Andrey V. Elsukov <ae@FreeBSD.org>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 /* TCP MD5 Signature Option (RFC2385) */
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
36 #include "opt_inet6.h"
37 #include "opt_ipsec.h"
39 #include <sys/param.h>
40 #include <sys/systm.h>
44 #include <sys/rmlock.h>
45 #include <sys/socket.h>
46 #include <sys/sockopt.h>
47 #include <sys/kernel.h>
48 #include <sys/module.h>
49 #include <sys/protosw.h>
51 #include <netinet/in.h>
52 #include <netinet/in_pcb.h>
53 #include <netinet/in_systm.h>
54 #include <netinet/ip.h>
55 #include <netinet/ip_var.h>
56 #include <netinet/tcp.h>
57 #include <netinet/tcp_var.h>
61 #include <netipsec/ipsec.h>
62 #include <netipsec/ipsec_support.h>
63 #include <netipsec/xform.h>
66 #include <netinet/ip6.h>
67 #include <netipsec/ipsec6.h>
70 #include <netipsec/key.h>
71 #include <netipsec/key_debug.h>
73 #define TCP_SIGLEN 16 /* length of computed digest in bytes */
74 #define TCP_KEYLEN_MIN 1 /* minimum length of TCP-MD5 key */
75 #define TCP_KEYLEN_MAX 80 /* maximum length of TCP-MD5 key */
78 tcp_ipsec_pcbctl(struct inpcb *inp, struct sockopt *sopt)
83 INP_WLOCK_ASSERT(inp);
84 if (sopt->sopt_name != TCP_MD5SIG) {
90 if (sopt->sopt_dir == SOPT_GET) {
91 optval = (tp->t_flags & TF_SIGNATURE) ? 1 : 0;
94 /* On success return with released INP_WLOCK */
95 return (sooptcopyout(sopt, &optval, sizeof(optval)));
100 error = sooptcopyin(sopt, &optval, sizeof(optval), sizeof(optval));
104 /* INP_WLOCK_RECHECK */
106 if (inp->inp_flags & (INP_TIMEWAIT | INP_DROPPED)) {
111 tp->t_flags |= TF_SIGNATURE;
113 tp->t_flags &= ~TF_SIGNATURE;
115 /* On success return with acquired INP_WLOCK */
120 * Callback function invoked by m_apply() to digest TCP segment data
121 * contained within an mbuf chain.
124 tcp_signature_apply(void *fstate, void *data, u_int len)
127 MD5Update(fstate, (u_char *)data, len);
133 ip_pseudo_compute(struct mbuf *m, MD5_CTX *ctx)
138 ip = mtod(m, struct ip *);
139 ipp.ippseudo_src.s_addr = ip->ip_src.s_addr;
140 ipp.ippseudo_dst.s_addr = ip->ip_dst.s_addr;
141 ipp.ippseudo_p = IPPROTO_TCP;
142 ipp.ippseudo_pad = 0;
143 ipp.ippseudo_len = htons(m->m_pkthdr.len - (ip->ip_hl << 2));
144 MD5Update(ctx, (char *)&ipp, sizeof(ipp));
145 return (ip->ip_hl << 2);
151 ip6_pseudo_compute(struct mbuf *m, MD5_CTX *ctx)
154 struct in6_addr src, dst;
160 ip6 = mtod(m, struct ip6_hdr *);
161 ip6p.src = ip6->ip6_src;
162 ip6p.dst = ip6->ip6_dst;
163 ip6p.len = htonl(m->m_pkthdr.len - sizeof(*ip6)); /* XXX: ext headers */
164 ip6p.nxt = htonl(IPPROTO_TCP);
165 MD5Update(ctx, (char *)&ip6p, sizeof(ip6p));
166 return (sizeof(*ip6));
171 tcp_signature_compute(struct mbuf *m, struct tcphdr *th,
172 struct secasvar *sav, u_char *buf)
179 /* Step 1: Update MD5 hash with IP(v6) pseudo-header. */
180 switch (sav->sah->saidx.dst.sa.sa_family) {
183 len = ip_pseudo_compute(m, &ctx);
188 len = ip6_pseudo_compute(m, &ctx);
192 return (EAFNOSUPPORT);
195 * Step 2: Update MD5 hash with TCP header, excluding options.
196 * The TCP checksum must be set to zero.
200 MD5Update(&ctx, (char *)th, sizeof(struct tcphdr));
203 * Step 3: Update MD5 hash with TCP segment data.
204 * Use m_apply() to avoid an early m_pullup().
206 len += (th->th_off << 2);
207 if (m->m_pkthdr.len - len > 0)
208 m_apply(m, len, m->m_pkthdr.len - len,
209 tcp_signature_apply, &ctx);
211 * Step 4: Update MD5 hash with shared secret.
213 MD5Update(&ctx, sav->key_auth->key_data, _KEYLEN(sav->key_auth));
215 key_sa_recordxfer(sav, m);
220 setsockaddrs(const struct mbuf *m, union sockaddr_union *src,
221 union sockaddr_union *dst)
225 IPSEC_ASSERT(m->m_len >= sizeof(*ip), ("unexpected mbuf len"));
227 ip = mtod(m, struct ip *);
231 ipsec4_setsockaddrs(m, src, dst);
235 case (IPV6_VERSION >> 4):
236 ipsec6_setsockaddrs(m, src, dst);
240 bzero(src, sizeof(*src));
241 bzero(dst, sizeof(*dst));
246 * Compute TCP-MD5 hash of an *INBOUND* TCP segment.
248 * m pointer to head of mbuf chain
249 * th pointer to TCP header
250 * buf pointer to storage for computed MD5 digest
252 * Return 0 if successful, otherwise return -1.
255 tcp_ipsec_input(struct mbuf *m, struct tcphdr *th, u_char *buf)
257 char tmpdigest[TCP_SIGLEN];
258 struct secasindex saidx;
259 struct secasvar *sav;
261 setsockaddrs(m, &saidx.src, &saidx.dst);
262 saidx.proto = IPPROTO_TCP;
263 saidx.mode = IPSEC_MODE_TCPMD5;
265 sav = key_allocsa_tcpmd5(&saidx);
267 KMOD_TCPSTAT_INC(tcps_sig_err_buildsig);
271 * tcp_input() operates with TCP header fields in host
272 * byte order. We expect them in network byte order.
274 tcp_fields_to_net(th);
275 tcp_signature_compute(m, th, sav, tmpdigest);
276 tcp_fields_to_host(th);
278 if (bcmp(buf, tmpdigest, TCP_SIGLEN) != 0) {
279 KMOD_TCPSTAT_INC(tcps_sig_rcvbadsig);
282 KMOD_TCPSTAT_INC(tcps_sig_rcvgoodsig);
287 * Compute TCP-MD5 hash of an *OUTBOUND* TCP segment.
289 * m pointer to head of mbuf chain
290 * th pointer to TCP header
291 * buf pointer to storage for computed MD5 digest
293 * Return 0 if successful, otherwise return error code.
296 tcp_ipsec_output(struct mbuf *m, struct tcphdr *th, u_char *buf)
298 struct secasindex saidx;
299 struct secasvar *sav;
301 setsockaddrs(m, &saidx.src, &saidx.dst);
302 saidx.proto = IPPROTO_TCP;
303 saidx.mode = IPSEC_MODE_TCPMD5;
305 sav = key_allocsa_tcpmd5(&saidx);
307 KMOD_TCPSTAT_INC(tcps_sig_err_buildsig);
310 tcp_signature_compute(m, th, sav, buf);
316 * Initialize a TCP-MD5 SA. Called when the SA is being set up.
318 * We don't need to set up the tdb prefixed fields, as we don't use the
319 * opencrypto code; we just perform a key length check.
321 * XXX: Currently we have used single 'magic' SPI and need to still
324 * This allows per-host granularity without affecting the userland
325 * interface, which is a simple socket option toggle switch,
326 * TCP_SIGNATURE_ENABLE.
328 * To allow per-service granularity requires that we have a means
329 * of mapping port to SPI. The mandated way of doing this is to
330 * use SPD entries to specify packet flows which get the TCP-MD5
331 * treatment, however the code to do this is currently unstable
332 * and unsuitable for production use.
334 * Therefore we use this compromise in the meantime.
337 tcpsignature_init(struct secasvar *sav, struct xformsw *xsp)
341 if (sav->alg_auth != SADB_X_AALG_TCP_MD5) {
342 DPRINTF(("%s: unsupported authentication algorithm %u\n",
343 __func__, sav->alg_auth));
346 if (sav->key_auth == NULL) {
347 DPRINTF(("%s: no authentication key present\n", __func__));
350 keylen = _KEYLEN(sav->key_auth);
351 if ((keylen < TCP_KEYLEN_MIN) || (keylen > TCP_KEYLEN_MAX)) {
352 DPRINTF(("%s: invalid key length %u\n", __func__, keylen));
355 sav->tdb_xform = xsp;
360 * Called when the SA is deleted.
363 tcpsignature_zeroize(struct secasvar *sav)
366 if (sav->key_auth != NULL)
367 bzero(sav->key_auth->key_data, _KEYLEN(sav->key_auth));
368 sav->tdb_xform = NULL;
372 static struct xformsw tcpsignature_xformsw = {
373 .xf_type = XF_TCPSIGNATURE,
374 .xf_name = "TCP-MD5",
375 .xf_init = tcpsignature_init,
376 .xf_zeroize = tcpsignature_zeroize,
379 static const struct tcpmd5_methods tcpmd5_methods = {
380 .input = tcp_ipsec_input,
381 .output = tcp_ipsec_output,
382 .pcbctl = tcp_ipsec_pcbctl,
386 /* TCP-MD5 support is build in the kernel */
387 static const struct tcpmd5_support tcpmd5_ipsec = {
388 .enabled = IPSEC_MODULE_ENABLED,
389 .methods = &tcpmd5_methods
391 const struct tcpmd5_support * const tcp_ipsec_support = &tcpmd5_ipsec;
392 #endif /* !KLD_MODULE */
395 tcpmd5_modevent(module_t mod, int type, void *data)
400 xform_attach(&tcpsignature_xformsw);
402 tcpmd5_support_enable(&tcpmd5_methods);
407 tcpmd5_support_disable();
409 xform_detach(&tcpsignature_xformsw);
417 static moduledata_t tcpmd5_mod = {
423 DECLARE_MODULE(tcpmd5, tcpmd5_mod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);
424 MODULE_VERSION(tcpmd5, 1);
426 MODULE_DEPEND(tcpmd5, ipsec_support, 1, 1, 1);