1 #include <darwintest.h>
2 #include <darwintest_utils.h>
3 #include <dispatch/dispatch.h>
4 #include <net/if_var_private.h>
5 #include <System/net/pfkeyv2.h>
6 #include <netinet6/ipsec.h>
7 #include <arpa/inet.h>
8
9 T_GLOBAL_META(
10 T_META_NAMESPACE("xnu.pfkey"),
11 T_META_ASROOT(true),
12 T_META_RADAR_COMPONENT_NAME("xnu"),
13 T_META_RADAR_COMPONENT_VERSION("NetworkExtension"),
14 T_META_CHECK_LEAKS(false));
15
16 #define MAX_SPD_CHECK 100
17 #define TEST_SRC_ADDRESS_IPv4 "192.168.2.2"
18 #define TEST_DST_ADDRESS_IPv4 "192.168.2.3"
19 #define TEST_SRC_ADDRESS_IPv6 "fd04:5c6b:8df7:7092:0000:0000:0000:0002"
20 #define TEST_DST_ADDRESS_IPv6 "fd04:5c6b:8df7:7092:0000:0000:0000:0003"
21 #define TEST_MIGRATE_SRC_ADDRESS_IPv4 "192.168.2.10"
22 #define TEST_MIGRATE_DST_ADDRESS_IPv4 "192.168.2.11"
23 #define TEST_MIGRATE_SRC_ADDRESS_IPv6 "fd04:5c6b:8df7:7092:0000:0000:0002:0000"
24 #define TEST_MIGRATE_DST_ADDRESS_IPv6 "fd04:5c6b:8df7:7092:0000:0000:0003:0000"
25
26 typedef enum {
27 TEST_INVALID = 0,
28 TEST_SADB_X_GET_OVERFLOW_60822136 = 1,
29 TEST_SADB_X_SPDENABLE_OVERFLOW_60822924 = 2,
30 TEST_SADB_X_SPDDISABLE_OVERFLOW_60822956 = 3,
31 TEST_SADB_UPDATE_USE_AFTER_FREE_60679513 = 4,
32 TEST_SADB_DUMP_HEAP_OVERFLOW_60768729 = 5,
33 TEST_SADB_POLICY_DUMP_HEAP_OVERFLOW_60769680 = 6,
34 TEST_SADB_GETSASTAT_OOB_READ_60822823 = 7,
35 TEST_SADB_GETSASTAT_OOB_READ_SUCCESS = 8,
36 TEST_SADB_EXT_MIGRATE_ADDRESS_IPv4 = 9,
37 TEST_SADB_EXT_MIGRATE_ADDRESS_IPv6 = 10,
38 TEST_SADB_EXT_MIGRATE_BAD_ADDRESS = 11,
39 TEST_TCP_INPUT_IPSEC_COPY_POLICY = 12,
40 TEST_SADB_X_SPDADD_MEMORY_LEAK_78944570 = 13,
41 TEST_SADB_EXT_MIGRATE_AFTER_EXPIRY_134671927 = 14,
42 } test_identifier;
43
44 static test_identifier test_id = TEST_INVALID;
45 static dispatch_source_t pfkey_source = NULL;
46 static unsigned long oldmax;
47
48 static void pfkey_cleanup(void);
49
50 static void pfkey_process_message_test_60822136(uint8_t **mhp, int pfkey_socket);
51 static void pfkey_process_message_test_60822924(uint8_t **mhp, int pfkey_socket);
52 static void pfkey_process_message_test_60822956(uint8_t **mhp, int pfkey_socket);
53 static void pfkey_process_message_test_60679513(uint8_t **mhp, int pfkey_socket);
54 static void pfkey_process_message_test_60768729(uint8_t **mhp, int pfkey_socket);
55 static void pfkey_process_message_test_60769680(uint8_t **mhp, int pfkey_socket);
56 static void pfkey_process_message_test_60822823(uint8_t **mhp, int pfkey_socket);
57 static void pfkey_process_message_test_60822823_1(uint8_t **mhp, int pfkey_socket);
58 static void pfkey_process_message_test_60687183(uint8_t **mhp, int pfkey_socket);
59 static void pfkey_process_message_test_60687183_1(uint8_t **mhp, int pfkey_socket);
60 static void pfkey_process_message_test_60687183_2(uint8_t **mhp, int pfkey_socket);
61 static void pfkey_process_message_test_78944570(uint8_t **mhp, int pfkey_socket);
62 static void pfkey_process_message_test_134671927(uint8_t **mhp, int pfkey_socket);
63
64 static void(*const process_pfkey_message_tests[])(uint8_t * *mhp, int pfkey_socket) =
65 {
66 NULL,
67 pfkey_process_message_test_60822136, // TEST_SADB_X_GET_OVERFLOW_60822136
68 pfkey_process_message_test_60822924, // TEST_SADB_X_SPDENABLE_OVERFLOW_60822924
69 pfkey_process_message_test_60822956, // TEST_SADB_X_SPDDISABLE_OVERFLOW_60822956
70 pfkey_process_message_test_60679513, // TEST_SADB_UPDATE_USE_AFTER_FREE_60679513
71 pfkey_process_message_test_60768729, // TEST_SADB_DUMP_HEAP_OVERFLOW_60768729
72 pfkey_process_message_test_60769680, // TEST_SADB_POLICY_DUMP_HEAP_OVERFLOW_60769680
73 pfkey_process_message_test_60822823, // TEST_SADB_GETSASTAT_OOB_READ_60822823
74 pfkey_process_message_test_60822823_1, // TEST_SADB_GETSASTAT_OOB_READ_SUCCESS
75 pfkey_process_message_test_60687183, // TEST_SADB_EXT_MIGRATE_ADDRESS_IPv4
76 pfkey_process_message_test_60687183_1, // TEST_SADB_EXT_MIGRATE_ADDRESS_IPv6
77 pfkey_process_message_test_60687183_2, // TEST_SADB_EXT_MIGRATE_BAD_ADDRESS
78 NULL, // TEST_TCP_INPUT_IPSEC_COPY_POLICY
79 pfkey_process_message_test_78944570, // TEST_SADB_X_SPDADD_MEMORY_LEAK_78944570
80 pfkey_process_message_test_134671927, // TEST_SADB_EXT_MIGRATE_AFTER_EXPIRY_134671927
81 };
82
83 static void
pfkey_align(struct sadb_msg * msg,uint8_t ** mhp)84 pfkey_align(struct sadb_msg *msg, uint8_t **mhp)
85 {
86 struct sadb_ext *ext;
87 int i;
88 uint8_t *p;
89 uint8_t *ep; /* XXX should be passed from upper layer */
90
91 /* validity check */
92 T_QUIET; T_ASSERT_NOTNULL(msg, "pfkey align msg");
93 T_QUIET; T_ASSERT_NOTNULL(mhp, "pfkey align mhp");
94
95 /* initialize */
96 for (i = 0; i < SADB_EXT_MAX + 1; i++) {
97 mhp[i] = NULL;
98 }
99
100 mhp[0] = (void *)msg;
101
102 /* initialize */
103 p = (void *) msg;
104 ep = p + PFKEY_UNUNIT64(msg->sadb_msg_len);
105
106 /* skip base header */
107 p += sizeof(struct sadb_msg);
108
109 while (p < ep) {
110 ext = (void *)p;
111 T_QUIET; T_ASSERT_GE_PTR((void *)ep, (void *)(p + sizeof(*ext)), "pfkey extension header beyond end of buffer");
112 T_QUIET; T_ASSERT_GE_ULONG((unsigned long)PFKEY_EXTLEN(ext), sizeof(*ext), "pfkey extension shorter than extension header");
113 T_QUIET; T_ASSERT_GE_PTR((void *)ep, (void *)(p + PFKEY_EXTLEN(ext)), "pfkey extension length beyond end of buffer");
114
115 T_QUIET; T_EXPECT_NULL(mhp[ext->sadb_ext_type], "duplicate extension type %u payload", ext->sadb_ext_type);
116
117 /* set pointer */
118 switch (ext->sadb_ext_type) {
119 case SADB_EXT_SA:
120 case SADB_EXT_LIFETIME_CURRENT:
121 case SADB_EXT_LIFETIME_HARD:
122 case SADB_EXT_LIFETIME_SOFT:
123 case SADB_EXT_ADDRESS_SRC:
124 case SADB_EXT_ADDRESS_DST:
125 case SADB_EXT_ADDRESS_PROXY:
126 case SADB_EXT_KEY_AUTH:
127 /* XXX should to be check weak keys. */
128 case SADB_EXT_KEY_ENCRYPT:
129 /* XXX should to be check weak keys. */
130 case SADB_EXT_IDENTITY_SRC:
131 case SADB_EXT_IDENTITY_DST:
132 case SADB_EXT_SENSITIVITY:
133 case SADB_EXT_PROPOSAL:
134 case SADB_EXT_SUPPORTED_AUTH:
135 case SADB_EXT_SUPPORTED_ENCRYPT:
136 case SADB_EXT_SPIRANGE:
137 case SADB_X_EXT_POLICY:
138 case SADB_X_EXT_SA2:
139 case SADB_EXT_SESSION_ID:
140 case SADB_EXT_SASTAT:
141 #ifdef SADB_X_EXT_NAT_T_TYPE
142 case SADB_X_EXT_NAT_T_TYPE:
143 case SADB_X_EXT_NAT_T_SPORT:
144 case SADB_X_EXT_NAT_T_DPORT:
145 case SADB_X_EXT_NAT_T_OA:
146 #endif
147 #ifdef SADB_X_EXT_TAG
148 case SADB_X_EXT_TAG:
149 #endif
150 #ifdef SADB_X_EXT_PACKET
151 case SADB_X_EXT_PACKET:
152 #endif
153 case SADB_X_EXT_IPSECIF:
154 case SADB_X_EXT_ADDR_RANGE_SRC_START:
155 case SADB_X_EXT_ADDR_RANGE_SRC_END:
156 case SADB_X_EXT_ADDR_RANGE_DST_START:
157 case SADB_X_EXT_ADDR_RANGE_DST_END:
158 #ifdef SADB_MIGRATE
159 case SADB_EXT_MIGRATE_ADDRESS_SRC:
160 case SADB_EXT_MIGRATE_ADDRESS_DST:
161 case SADB_X_EXT_MIGRATE_IPSECIF:
162 #endif
163 mhp[ext->sadb_ext_type] = (void *)ext;
164 break;
165 default:
166 T_FAIL("bad extension type %u", ext->sadb_ext_type);
167 T_END;
168 }
169
170 p += PFKEY_EXTLEN(ext);
171 }
172
173 T_QUIET; T_EXPECT_EQ_PTR((void *)ep, (void *)p, "invalid pfkey message length");
174 return;
175 }
176
177
178 static void
recv_pfkey_message(int pfkey_socket)179 recv_pfkey_message(int pfkey_socket)
180 {
181 uint8_t buffer[8192] __attribute__((aligned(4)));
182 struct iovec iovecs[1] = {
183 { buffer, sizeof(buffer) },
184 };
185 struct msghdr msg = {
186 NULL,
187 0,
188 iovecs,
189 sizeof(iovecs) / sizeof(iovecs[0]),
190 NULL,
191 0,
192 0,
193 };
194
195 do {
196 ssize_t result = -1;
197 memset(buffer, 0, sizeof(buffer));
198 T_QUIET; T_ASSERT_POSIX_SUCCESS(result = recvmsg(pfkey_socket, &msg, 0), NULL);
199
200 if (result > 0) {
201 T_QUIET; T_ASSERT_GE_ULONG((size_t)result, sizeof(struct sadb_msg), "Invalid PFKey message size: %zu", result);
202 struct sadb_msg *hdr = (struct sadb_msg *)buffer;
203 uint8_t *mhp[SADB_EXT_MAX + 1];
204 pfkey_align(hdr, mhp);
205 (*process_pfkey_message_tests[test_id])(mhp, pfkey_socket);
206 } else if (result == 0) {
207 T_LOG("PFKey socket received EOF");
208 break;
209 }
210 } while (1);
211 }
212
213 static void
send_pfkey_spd_add_message(int pfkey_socket,uint8_t proto)214 send_pfkey_spd_add_message(int pfkey_socket, uint8_t proto)
215 {
216 uint8_t payload[MCLBYTES] __attribute__ ((aligned(32)));
217 bzero(payload, sizeof(payload));
218 uint16_t tlen = 0;
219
220 struct sadb_msg *msg_payload = (struct sadb_msg *)payload;
221 msg_payload->sadb_msg_version = PF_KEY_V2;
222 msg_payload->sadb_msg_type = SADB_X_SPDADD;
223 msg_payload->sadb_msg_errno = 0;
224 msg_payload->sadb_msg_satype = SADB_SATYPE_UNSPEC;
225 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
226 msg_payload->sadb_msg_reserved = 0;
227 msg_payload->sadb_msg_seq = 0;
228 msg_payload->sadb_msg_pid = (u_int32_t)getpid();
229 tlen += sizeof(*msg_payload);
230
231 struct sadb_address *src_address_payload = (struct sadb_address *)(void *)(payload + tlen);
232 src_address_payload->sadb_address_exttype = SADB_EXT_ADDRESS_SRC & 0xffff;
233 src_address_payload->sadb_address_proto = proto & 0xff;
234 src_address_payload->sadb_address_prefixlen = (sizeof(struct in_addr) << 3);
235 src_address_payload->sadb_address_reserved = 0;
236 tlen += sizeof(*src_address_payload);
237
238 struct sockaddr_in *src = (struct sockaddr_in *)(void *)(payload + tlen);
239 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET, TEST_SRC_ADDRESS_IPv4, &src->sin_addr), 1, "src address fail");
240 src->sin_family = AF_INET;
241 src->sin_len = sizeof(*src);
242 uint16_t len = sizeof(*src_address_payload) + PFKEY_ALIGN8(src->sin_len);
243 src_address_payload->sadb_address_len = PFKEY_UNIT64(len);
244 tlen += PFKEY_ALIGN8(src->sin_len);
245
246 struct sadb_address *dst_address_payload = (struct sadb_address *)(void *)(payload + tlen);
247 dst_address_payload->sadb_address_exttype = SADB_EXT_ADDRESS_DST & 0xffff;
248 dst_address_payload->sadb_address_proto = proto & 0xff;
249 dst_address_payload->sadb_address_prefixlen = (sizeof(struct in_addr) << 3);
250 dst_address_payload->sadb_address_reserved = 0;
251 tlen += sizeof(*dst_address_payload);
252
253 struct sockaddr_in *dst = (struct sockaddr_in *)(void *)(payload + tlen);
254 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET, TEST_DST_ADDRESS_IPv4, &dst->sin_addr), 1, "dst address fail");
255 dst->sin_family = AF_INET;
256 dst->sin_len = sizeof(*dst);
257 len = sizeof(*dst_address_payload) + PFKEY_ALIGN8(dst->sin_len);
258 dst_address_payload->sadb_address_len = PFKEY_UNIT64(len);
259 tlen += PFKEY_ALIGN8(dst->sin_len);
260
261 struct sadb_lifetime *lifetime_payload = (struct sadb_lifetime *)(void *)(payload + tlen);
262 lifetime_payload->sadb_lifetime_len = PFKEY_UNIT64(sizeof(*lifetime_payload));
263 lifetime_payload->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
264 tlen += sizeof(*lifetime_payload);
265
266 struct sadb_x_policy *policy_payload = (struct sadb_x_policy *)(void *)(payload + tlen);
267 policy_payload->sadb_x_policy_len = PFKEY_UNIT64(sizeof(*policy_payload));
268 policy_payload->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
269 policy_payload->sadb_x_policy_type = IPSEC_POLICY_DISCARD;
270 if (test_id == TEST_SADB_X_SPDADD_MEMORY_LEAK_78944570) {
271 policy_payload->sadb_x_policy_dir = IPSEC_DIR_INVALID;
272 } else {
273 policy_payload->sadb_x_policy_dir = IPSEC_DIR_OUTBOUND;
274 }
275 tlen += sizeof(*policy_payload);
276
277 // Update the total length
278 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
279 T_QUIET; T_ASSERT_POSIX_SUCCESS(send(pfkey_socket, payload, (size_t)PFKEY_UNUNIT64(msg_payload->sadb_msg_len), 0), "pfkey send spd add");
280 }
281
282 static void
send_pfkey_spd_get_message(int pfkey_socket,uint32_t policy_id)283 send_pfkey_spd_get_message(int pfkey_socket, uint32_t policy_id)
284 {
285 uint8_t payload[MCLBYTES] __attribute__ ((aligned(32)));
286 bzero(payload, sizeof(payload));
287 uint16_t tlen = 0;
288
289 struct sadb_msg *msg_payload = (struct sadb_msg *)(void *)payload;
290 msg_payload->sadb_msg_version = PF_KEY_V2;
291 msg_payload->sadb_msg_type = SADB_X_SPDGET;
292 msg_payload->sadb_msg_errno = 0;
293 msg_payload->sadb_msg_satype = SADB_SATYPE_UNSPEC;
294 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
295 msg_payload->sadb_msg_reserved = 0;
296 msg_payload->sadb_msg_seq = 0;
297 msg_payload->sadb_msg_pid = (uint32_t)getpid();
298 tlen += sizeof(*msg_payload);
299
300 struct sadb_x_policy *policy_payload = (struct sadb_x_policy *)(void *)(payload + tlen);
301 policy_payload->sadb_x_policy_len = PFKEY_UNIT64(sizeof(*policy_payload));
302 policy_payload->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
303 policy_payload->sadb_x_policy_id = policy_id;
304 tlen += sizeof(*policy_payload);
305
306 // Update the total length
307 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
308 T_QUIET; T_ASSERT_POSIX_SUCCESS(send(pfkey_socket, payload, (size_t)PFKEY_UNUNIT64(msg_payload->sadb_msg_len), 0), "pfkey send spd get failed");
309 }
310
311 static void
send_pfkey_spd_enable_message(int pfkey_socket,uint32_t policy_id)312 send_pfkey_spd_enable_message(int pfkey_socket, uint32_t policy_id)
313 {
314 uint8_t payload[MCLBYTES] __attribute__ ((aligned(32)));
315 bzero(payload, sizeof(payload));
316 uint16_t tlen = 0;
317
318 struct sadb_msg *msg_payload = (struct sadb_msg *)(void *)payload;
319 msg_payload->sadb_msg_version = PF_KEY_V2;
320 msg_payload->sadb_msg_type = SADB_X_SPDENABLE;
321 msg_payload->sadb_msg_errno = 0;
322 msg_payload->sadb_msg_satype = SADB_SATYPE_UNSPEC;
323 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
324 msg_payload->sadb_msg_reserved = 0;
325 msg_payload->sadb_msg_seq = 0;
326 msg_payload->sadb_msg_pid = (uint32_t)getpid();
327 tlen += sizeof(*msg_payload);
328
329 struct sadb_x_policy *policy_payload = (struct sadb_x_policy *)(void *)(payload + tlen);
330 policy_payload->sadb_x_policy_len = PFKEY_UNIT64(sizeof(*policy_payload));
331 policy_payload->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
332 policy_payload->sadb_x_policy_id = policy_id;
333 tlen += sizeof(*policy_payload);
334
335 // Update the total length
336 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
337 T_QUIET; T_ASSERT_POSIX_SUCCESS(send(pfkey_socket, payload, (size_t)PFKEY_UNUNIT64(msg_payload->sadb_msg_len), 0), "pfkey send spd enable failed");
338 }
339
340 static void
send_pfkey_spd_disable_message(int pfkey_socket,uint32_t policy_id)341 send_pfkey_spd_disable_message(int pfkey_socket, uint32_t policy_id)
342 {
343 uint8_t payload[MCLBYTES] __attribute__ ((aligned(32)));
344 bzero(payload, sizeof(payload));
345 uint16_t tlen = 0;
346
347 struct sadb_msg *msg_payload = (struct sadb_msg *)(void *)payload;
348 msg_payload->sadb_msg_version = PF_KEY_V2;
349 msg_payload->sadb_msg_type = SADB_X_SPDDISABLE;
350 msg_payload->sadb_msg_errno = 0;
351 msg_payload->sadb_msg_satype = SADB_SATYPE_UNSPEC;
352 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
353 msg_payload->sadb_msg_reserved = 0;
354 msg_payload->sadb_msg_seq = 0;
355 msg_payload->sadb_msg_pid = (uint32_t)getpid();
356 tlen += sizeof(*msg_payload);
357
358 struct sadb_x_policy *policy_payload = (struct sadb_x_policy *)(void *)(payload + tlen);
359 policy_payload->sadb_x_policy_len = PFKEY_UNIT64(sizeof(*policy_payload));
360 policy_payload->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
361 policy_payload->sadb_x_policy_id = policy_id;
362 tlen += sizeof(*policy_payload);
363
364 // Update the total length
365 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
366 T_QUIET; T_ASSERT_POSIX_SUCCESS(send(pfkey_socket, payload, (size_t)PFKEY_UNUNIT64(msg_payload->sadb_msg_len), 0), "pfkey send spd disable failed");
367 }
368
369 static void
send_pfkey_spd_delete_message(int pfkey_socket,uint32_t policy_id)370 send_pfkey_spd_delete_message(int pfkey_socket, uint32_t policy_id)
371 {
372 uint8_t payload[MCLBYTES] __attribute__ ((aligned(32)));
373 bzero(payload, sizeof(payload));
374 uint16_t tlen = 0;
375
376 struct sadb_msg *msg_payload = (struct sadb_msg *)payload;
377 msg_payload->sadb_msg_version = PF_KEY_V2;
378 msg_payload->sadb_msg_type = SADB_X_SPDDELETE2;
379 msg_payload->sadb_msg_errno = 0;
380 msg_payload->sadb_msg_satype = SADB_SATYPE_UNSPEC;
381 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
382 msg_payload->sadb_msg_reserved = 0;
383 msg_payload->sadb_msg_seq = 0;
384 msg_payload->sadb_msg_pid = (uint32_t)getpid();
385 tlen += sizeof(*msg_payload);
386
387 struct sadb_x_policy *policy_payload = (struct sadb_x_policy *)(void *)(payload + tlen);
388 policy_payload->sadb_x_policy_len = PFKEY_UNIT64(sizeof(*policy_payload));
389 policy_payload->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
390 policy_payload->sadb_x_policy_id = policy_id;
391 tlen += sizeof(*policy_payload);
392
393 // Update the total length
394 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
395 T_QUIET; T_ASSERT_POSIX_SUCCESS(send(pfkey_socket, payload, (size_t)PFKEY_UNUNIT64(msg_payload->sadb_msg_len), 0), "pfkey send spd delete failed");
396 }
397
398 static void
send_pfkey_spd_dump_message(int pfkey_socket)399 send_pfkey_spd_dump_message(int pfkey_socket)
400 {
401 uint8_t payload[MCLBYTES] __attribute__ ((aligned(32)));
402 bzero(payload, sizeof(payload));
403 uint16_t tlen = 0;
404
405 struct sadb_msg *msg_payload = (struct sadb_msg *)(void *)payload;
406 msg_payload->sadb_msg_version = PF_KEY_V2;
407 msg_payload->sadb_msg_type = SADB_X_SPDDUMP;
408 msg_payload->sadb_msg_errno = 0;
409 msg_payload->sadb_msg_satype = SADB_SATYPE_UNSPEC;
410 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
411 msg_payload->sadb_msg_reserved = 0;
412 msg_payload->sadb_msg_seq = 0;
413 msg_payload->sadb_msg_pid = (uint32_t)getpid();
414 tlen += sizeof(*msg_payload);
415
416 // Update the total length
417 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
418 T_QUIET; T_ASSERT_POSIX_SUCCESS(send(pfkey_socket, payload, (size_t)PFKEY_UNUNIT64(msg_payload->sadb_msg_len), 0), "pfkey send spd dump failed");
419 }
420
421 static void
send_pfkey_flush_sp(int pfkey_socket)422 send_pfkey_flush_sp(int pfkey_socket)
423 {
424 uint8_t payload[MCLBYTES] __attribute__ ((aligned(32)));
425 bzero(payload, sizeof(payload));
426 uint16_t tlen = 0;
427
428 struct sadb_msg *msg_payload = (struct sadb_msg *)payload;
429 msg_payload->sadb_msg_version = PF_KEY_V2;
430 msg_payload->sadb_msg_type = SADB_X_SPDFLUSH;
431 msg_payload->sadb_msg_errno = 0;
432 msg_payload->sadb_msg_satype = SADB_SATYPE_UNSPEC;
433 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
434 msg_payload->sadb_msg_reserved = 0;
435 msg_payload->sadb_msg_seq = 0;
436 msg_payload->sadb_msg_pid = (u_int32_t)getpid();
437 tlen += sizeof(*msg_payload);
438
439 // Update the total length
440 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
441 T_QUIET; T_ASSERT_POSIX_SUCCESS(send(pfkey_socket, payload, (size_t)PFKEY_UNUNIT64(msg_payload->sadb_msg_len), 0), "pfkey flush security policies");
442 }
443
444 static void
send_pfkey_register(int pfkey_socket)445 send_pfkey_register(int pfkey_socket)
446 {
447 uint8_t payload[MCLBYTES] __attribute__ ((aligned(32)));
448 bzero(payload, sizeof(payload));
449 uint16_t tlen = 0;
450
451 struct sadb_msg *msg_payload = (struct sadb_msg *)payload;
452 msg_payload->sadb_msg_version = PF_KEY_V2;
453 msg_payload->sadb_msg_type = SADB_REGISTER;
454 msg_payload->sadb_msg_errno = 0;
455 msg_payload->sadb_msg_satype = SADB_SATYPE_ESP;
456 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
457 msg_payload->sadb_msg_reserved = 0;
458 msg_payload->sadb_msg_seq = 0;
459 msg_payload->sadb_msg_pid = (u_int32_t)getpid();
460 tlen += sizeof(*msg_payload);
461
462 // Update the total length
463 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
464 T_QUIET; T_ASSERT_POSIX_SUCCESS(send(pfkey_socket, payload, (size_t)PFKEY_UNUNIT64(msg_payload->sadb_msg_len), 0), "pfkey flush security policies");
465 }
466
467 static void
send_pkey_get_spi(int pfkey_socket)468 send_pkey_get_spi(int pfkey_socket)
469 {
470 uint8_t payload[MCLBYTES] __attribute__ ((aligned(32)));
471 bzero(payload, sizeof(payload));
472 uint16_t tlen = 0;
473
474 struct sadb_msg *msg_payload = (struct sadb_msg *)payload;
475 msg_payload->sadb_msg_version = PF_KEY_V2;
476 msg_payload->sadb_msg_type = SADB_GETSPI;
477 msg_payload->sadb_msg_errno = 0;
478 msg_payload->sadb_msg_satype = SADB_SATYPE_ESP;
479 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
480 msg_payload->sadb_msg_reserved = 0;
481 msg_payload->sadb_msg_seq = 0;
482 msg_payload->sadb_msg_pid = (u_int32_t)getpid();
483 tlen += sizeof(*msg_payload);
484
485 struct sadb_x_sa2 *sa2_payload = (struct sadb_x_sa2 *)(void *)(payload + tlen);
486 sa2_payload->sadb_x_sa2_len = PFKEY_UNIT64(sizeof(*sa2_payload));
487 sa2_payload->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
488 sa2_payload->sadb_x_sa2_mode = IPSEC_MODE_TRANSPORT;
489 sa2_payload->sadb_x_sa2_reqid = 0;
490 tlen += sizeof(*sa2_payload);
491
492 struct sadb_address *src_address_payload = (struct sadb_address *)(void *)(payload + tlen);
493 src_address_payload->sadb_address_exttype = SADB_EXT_ADDRESS_SRC & 0xffff;
494 src_address_payload->sadb_address_proto = IPSEC_ULPROTO_ANY & 0xff;
495 src_address_payload->sadb_address_prefixlen = (sizeof(struct in_addr) << 3);
496 src_address_payload->sadb_address_reserved = 0;
497 tlen += sizeof(*src_address_payload);
498
499 struct sockaddr_in *src = (struct sockaddr_in *)(void *)(payload + tlen);
500 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET, TEST_SRC_ADDRESS_IPv4, &src->sin_addr), 1, "src address fail");
501 src->sin_family = AF_INET;
502 src->sin_len = sizeof(*src);
503 uint16_t len = sizeof(*src_address_payload) + PFKEY_ALIGN8(src->sin_len);
504 src_address_payload->sadb_address_len = PFKEY_UNIT64(len);
505 tlen += PFKEY_ALIGN8(src->sin_len);
506
507 struct sadb_address *dst_address_payload = (struct sadb_address *)(void *)(payload + tlen);
508 dst_address_payload->sadb_address_exttype = SADB_EXT_ADDRESS_DST & 0xffff;
509 dst_address_payload->sadb_address_proto = IPSEC_ULPROTO_ANY & 0xff;
510 dst_address_payload->sadb_address_prefixlen = (sizeof(struct in_addr) << 3);
511 dst_address_payload->sadb_address_reserved = 0;
512 tlen += sizeof(*dst_address_payload);
513
514 struct sockaddr_in *dst = (struct sockaddr_in *)(void *)(payload + tlen);
515 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET, TEST_DST_ADDRESS_IPv4, &dst->sin_addr), 1, "dst address fail");
516 dst->sin_family = AF_INET;
517 dst->sin_len = sizeof(*dst);
518 len = sizeof(*dst_address_payload) + PFKEY_ALIGN8(dst->sin_len);
519 dst_address_payload->sadb_address_len = PFKEY_UNIT64(len);
520 tlen += PFKEY_ALIGN8(dst->sin_len);
521
522 // Update the total length
523 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
524 T_QUIET; T_ASSERT_POSIX_SUCCESS(send(pfkey_socket, payload, (size_t)PFKEY_UNUNIT64(msg_payload->sadb_msg_len), 0), "pfkey send get spi");
525 }
526
527 static void
send_pkey_add_sa(int pfkey_socket,uint32_t spi,const char * src,const char * dst,int family)528 send_pkey_add_sa(int pfkey_socket, uint32_t spi, const char *src, const char *dst, int family)
529 {
530 uint8_t payload[MCLBYTES] __attribute__ ((aligned(32)));
531 bzero(payload, sizeof(payload));
532 uint16_t tlen = 0;
533
534 struct sadb_msg *msg_payload = (struct sadb_msg *)payload;
535 msg_payload->sadb_msg_version = PF_KEY_V2;
536 msg_payload->sadb_msg_type = SADB_ADD;
537 msg_payload->sadb_msg_errno = 0;
538 msg_payload->sadb_msg_satype = SADB_SATYPE_ESP;
539 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
540 msg_payload->sadb_msg_reserved = 0;
541 msg_payload->sadb_msg_seq = 0;
542 msg_payload->sadb_msg_pid = (u_int32_t)getpid();
543 tlen += sizeof(*msg_payload);
544
545 struct sadb_sa_2 *sa2_payload = (struct sadb_sa_2 *)(void *)(payload + tlen);
546 sa2_payload->sa.sadb_sa_len = PFKEY_UNIT64(sizeof(*sa2_payload));
547 sa2_payload->sa.sadb_sa_exttype = SADB_EXT_SA;
548 sa2_payload->sa.sadb_sa_spi = htonl(spi);
549 sa2_payload->sa.sadb_sa_replay = 4;
550 sa2_payload->sa.sadb_sa_state = SADB_SASTATE_LARVAL;
551 sa2_payload->sa.sadb_sa_auth = SADB_X_AALG_SHA2_256;
552 sa2_payload->sa.sadb_sa_encrypt = SADB_X_EALG_AESCBC;
553 sa2_payload->sa.sadb_sa_flags |= (SADB_X_EXT_NATT | SADB_X_EXT_NATT_KEEPALIVE);
554 sa2_payload->sadb_sa_natt_src_port = htons(4500);
555 sa2_payload->sadb_sa_natt_port = 4500;
556 sa2_payload->sadb_sa_natt_interval = 20;
557 sa2_payload->sadb_sa_natt_offload_interval = 0;
558 tlen += sizeof(*sa2_payload);
559
560 struct sadb_x_sa2 *sa2_x_payload = (struct sadb_x_sa2 *)(void *)(payload + tlen);
561 sa2_x_payload->sadb_x_sa2_len = PFKEY_UNIT64(sizeof(*sa2_x_payload));
562 sa2_x_payload->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
563 sa2_x_payload->sadb_x_sa2_mode = IPSEC_MODE_TRANSPORT;
564 sa2_x_payload->sadb_x_sa2_reqid = 0;
565 if (test_id == TEST_SADB_EXT_MIGRATE_AFTER_EXPIRY_134671927) {
566 sa2_x_payload->sadb_x_sa2_alwaysexpire = 1;
567 }
568 tlen += sizeof(*sa2_x_payload);
569
570 uint8_t prefixlen = (family == AF_INET) ? (sizeof(struct in_addr) << 3) : (sizeof(struct in6_addr) << 3);
571
572 struct sadb_address *src_address_payload = (struct sadb_address *)(void *)(payload + tlen);
573 src_address_payload->sadb_address_exttype = SADB_EXT_ADDRESS_SRC & 0xffff;
574 src_address_payload->sadb_address_proto = IPSEC_ULPROTO_ANY & 0xff;
575 src_address_payload->sadb_address_prefixlen = prefixlen;
576 src_address_payload->sadb_address_reserved = 0;
577 tlen += sizeof(*src_address_payload);
578
579 if (family == AF_INET) {
580 struct sockaddr_in *src4 = (struct sockaddr_in *)(void *)(payload + tlen);
581 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET, src, &src4->sin_addr), 1, "src address fail");
582 src4->sin_family = AF_INET;
583 src4->sin_len = sizeof(*src4);
584 uint16_t len = sizeof(*src_address_payload) + PFKEY_ALIGN8(src4->sin_len);
585 src_address_payload->sadb_address_len = PFKEY_UNIT64(len);
586 tlen += PFKEY_ALIGN8(src4->sin_len);
587 } else {
588 struct sockaddr_in6 *src6 = (struct sockaddr_in6 *)(void *)(payload + tlen);
589 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET6, src, &src6->sin6_addr), 1, "src address fail");
590 src6->sin6_family = AF_INET6;
591 src6->sin6_len = sizeof(*src6);
592 uint16_t len = sizeof(*src_address_payload) + PFKEY_ALIGN8(src6->sin6_len);
593 src_address_payload->sadb_address_len = PFKEY_UNIT64(len);
594 tlen += PFKEY_ALIGN8(src6->sin6_len);
595 }
596
597 struct sadb_address *dst_address_payload = (struct sadb_address *)(void *)(payload + tlen);
598 dst_address_payload->sadb_address_exttype = SADB_EXT_ADDRESS_DST & 0xffff;
599 dst_address_payload->sadb_address_proto = IPSEC_ULPROTO_ANY & 0xff;
600 dst_address_payload->sadb_address_prefixlen = prefixlen;
601 dst_address_payload->sadb_address_reserved = 0;
602 tlen += sizeof(*dst_address_payload);
603
604 if (family == AF_INET) {
605 struct sockaddr_in *dst4 = (struct sockaddr_in *)(void *)(payload + tlen);
606 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET, dst, &dst4->sin_addr), 1, "dst address fail");
607 dst4->sin_family = AF_INET;
608 dst4->sin_len = sizeof(*dst4);
609 uint16_t len = sizeof(*dst_address_payload) + PFKEY_ALIGN8(dst4->sin_len);
610 dst_address_payload->sadb_address_len = PFKEY_UNIT64(len);
611 tlen += PFKEY_ALIGN8(dst4->sin_len);
612 } else {
613 struct sockaddr_in6 *dst6 = (struct sockaddr_in6 *)(void *)(payload + tlen);
614 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET6, dst, &dst6->sin6_addr), 1, "dst address fail");
615 dst6->sin6_family = AF_INET6;
616 dst6->sin6_len = sizeof(*dst6);
617 uint16_t len = sizeof(*dst_address_payload) + PFKEY_ALIGN8(dst6->sin6_len);
618 dst_address_payload->sadb_address_len = PFKEY_UNIT64(len);
619 tlen += PFKEY_ALIGN8(dst6->sin6_len);
620 }
621
622 struct sadb_key *encrypt_key_payload = (struct sadb_key *)(void *)(payload + tlen);
623 uint16_t len = sizeof(*encrypt_key_payload) + PFKEY_ALIGN8(32);
624 encrypt_key_payload->sadb_key_len = PFKEY_UNIT64(len);
625 encrypt_key_payload->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
626 encrypt_key_payload->sadb_key_bits = (uint16_t)(32 << 3);
627 encrypt_key_payload->sadb_key_reserved = 0;
628 tlen += sizeof(*encrypt_key_payload);
629 arc4random_buf(payload + tlen, 32);
630 tlen += PFKEY_ALIGN8(32);
631
632 struct sadb_key *auth_key_payload = (struct sadb_key *)(void *)(payload + tlen);
633 len = sizeof(*auth_key_payload) + PFKEY_ALIGN8(32);
634 auth_key_payload->sadb_key_len = PFKEY_UNIT64(len);
635 auth_key_payload->sadb_key_exttype = SADB_EXT_KEY_AUTH;
636 auth_key_payload->sadb_key_bits = (uint16_t)(32 << 3);
637 auth_key_payload->sadb_key_reserved = 0;
638 tlen += sizeof(*auth_key_payload);
639 arc4random_buf(payload + tlen, 32);
640 tlen += PFKEY_ALIGN8(32);
641
642 struct sadb_lifetime *hard_lifetime_payload = (struct sadb_lifetime *)(void *)(payload + tlen);
643 hard_lifetime_payload->sadb_lifetime_len = PFKEY_UNIT64(sizeof(*hard_lifetime_payload));
644 hard_lifetime_payload->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
645 tlen += sizeof(*hard_lifetime_payload);
646
647 struct sadb_lifetime *soft_lifetime_payload = (struct sadb_lifetime *)(void *)(payload + tlen);
648 soft_lifetime_payload->sadb_lifetime_len = PFKEY_UNIT64(sizeof(*soft_lifetime_payload));
649 soft_lifetime_payload->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
650 if (test_id == TEST_SADB_EXT_MIGRATE_AFTER_EXPIRY_134671927) {
651 soft_lifetime_payload->sadb_lifetime_addtime = 1;
652 }
653 tlen += sizeof(*soft_lifetime_payload);
654
655 // Update the total length
656 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
657 T_QUIET; T_ASSERT_POSIX_SUCCESS(send(pfkey_socket, payload, (size_t)PFKEY_UNUNIT64(msg_payload->sadb_msg_len), 0), "pfkey send update sa");
658 }
659
660 static void
send_pkey_update_sa(int pfkey_socket,uint32_t spi)661 send_pkey_update_sa(int pfkey_socket, uint32_t spi)
662 {
663 uint8_t payload[MCLBYTES] __attribute__ ((aligned(32)));
664 bzero(payload, sizeof(payload));
665 uint16_t tlen = 0;
666
667 struct sadb_msg *msg_payload = (struct sadb_msg *)payload;
668 msg_payload->sadb_msg_version = PF_KEY_V2;
669 msg_payload->sadb_msg_type = SADB_UPDATE;
670 msg_payload->sadb_msg_errno = 0;
671 msg_payload->sadb_msg_satype = SADB_SATYPE_ESP;
672 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
673 msg_payload->sadb_msg_reserved = 0;
674 msg_payload->sadb_msg_seq = 0;
675 msg_payload->sadb_msg_pid = (u_int32_t)getpid();
676 tlen += sizeof(*msg_payload);
677
678 struct sadb_sa_2 *sa2_payload = (struct sadb_sa_2 *)(void *)(payload + tlen);
679 sa2_payload->sa.sadb_sa_len = PFKEY_UNIT64(sizeof(*sa2_payload));
680 sa2_payload->sa.sadb_sa_exttype = SADB_EXT_SA;
681 sa2_payload->sa.sadb_sa_spi = htonl(spi);
682 sa2_payload->sa.sadb_sa_replay = 4;
683 sa2_payload->sa.sadb_sa_state = SADB_SASTATE_LARVAL;
684 sa2_payload->sa.sadb_sa_auth = SADB_X_AALG_SHA2_256;
685 sa2_payload->sa.sadb_sa_encrypt = SADB_X_EALG_AESCBC;
686 sa2_payload->sa.sadb_sa_flags |= (SADB_X_EXT_NATT | SADB_X_EXT_NATT_KEEPALIVE);
687 sa2_payload->sadb_sa_natt_src_port = htons(4500);
688 sa2_payload->sadb_sa_natt_port = 0; // Bad value to trigger failure
689 sa2_payload->sadb_sa_natt_interval = 20;
690 sa2_payload->sadb_sa_natt_offload_interval = 0;
691 tlen += sizeof(*sa2_payload);
692
693 struct sadb_x_sa2 *sa2_x_payload = (struct sadb_x_sa2 *)(void *)(payload + tlen);
694 sa2_x_payload->sadb_x_sa2_len = PFKEY_UNIT64(sizeof(*sa2_x_payload));
695 sa2_x_payload->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
696 sa2_x_payload->sadb_x_sa2_mode = IPSEC_MODE_TRANSPORT;
697 sa2_x_payload->sadb_x_sa2_reqid = 0;
698 tlen += sizeof(*sa2_x_payload);
699
700 struct sadb_address *src_address_payload = (struct sadb_address *)(void *)(payload + tlen);
701 src_address_payload->sadb_address_exttype = SADB_EXT_ADDRESS_SRC & 0xffff;
702 src_address_payload->sadb_address_proto = IPSEC_ULPROTO_ANY & 0xff;
703 src_address_payload->sadb_address_prefixlen = (sizeof(struct in_addr) << 3);
704 src_address_payload->sadb_address_reserved = 0;
705 tlen += sizeof(*src_address_payload);
706
707 struct sockaddr_in *src = (struct sockaddr_in *)(void *)(payload + tlen);
708 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET, TEST_SRC_ADDRESS_IPv4, &src->sin_addr), 1, "src address fail");
709 src->sin_family = AF_INET;
710 src->sin_len = sizeof(*src);
711 uint16_t len = sizeof(*src_address_payload) + PFKEY_ALIGN8(src->sin_len);
712 src_address_payload->sadb_address_len = PFKEY_UNIT64(len);
713 tlen += PFKEY_ALIGN8(src->sin_len);
714
715 struct sadb_address *dst_address_payload = (struct sadb_address *)(void *)(payload + tlen);
716 dst_address_payload->sadb_address_exttype = SADB_EXT_ADDRESS_DST & 0xffff;
717 dst_address_payload->sadb_address_proto = IPSEC_ULPROTO_ANY & 0xff;
718 dst_address_payload->sadb_address_prefixlen = (sizeof(struct in_addr) << 3);
719 dst_address_payload->sadb_address_reserved = 0;
720 tlen += sizeof(*dst_address_payload);
721
722 struct sockaddr_in *dst = (struct sockaddr_in *)(void *)(payload + tlen);
723 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET, TEST_DST_ADDRESS_IPv4, &dst->sin_addr), 1, "dst address fail");
724 dst->sin_family = AF_INET;
725 dst->sin_len = sizeof(*dst);
726 len = sizeof(*dst_address_payload) + PFKEY_ALIGN8(dst->sin_len);
727 dst_address_payload->sadb_address_len = PFKEY_UNIT64(len);
728 tlen += PFKEY_ALIGN8(dst->sin_len);
729
730 struct sadb_key *encrypt_key_payload = (struct sadb_key *)(void *)(payload + tlen);
731 len = sizeof(*encrypt_key_payload) + PFKEY_ALIGN8(32);
732 encrypt_key_payload->sadb_key_len = PFKEY_UNIT64(len);
733 encrypt_key_payload->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT;
734 encrypt_key_payload->sadb_key_bits = (uint16_t)(32 << 3);
735 encrypt_key_payload->sadb_key_reserved = 0;
736 tlen += sizeof(*encrypt_key_payload);
737 arc4random_buf(payload + tlen, 32);
738 tlen += PFKEY_ALIGN8(32);
739
740 struct sadb_key *auth_key_payload = (struct sadb_key *)(void *)(payload + tlen);
741 len = sizeof(*auth_key_payload) + PFKEY_ALIGN8(32);
742 auth_key_payload->sadb_key_len = PFKEY_UNIT64(len);
743 auth_key_payload->sadb_key_exttype = SADB_EXT_KEY_AUTH;
744 auth_key_payload->sadb_key_bits = (uint16_t)(32 << 3);
745 auth_key_payload->sadb_key_reserved = 0;
746 tlen += sizeof(*auth_key_payload);
747 arc4random_buf(payload + tlen, 32);
748 tlen += PFKEY_ALIGN8(32);
749
750 struct sadb_lifetime *hard_lifetime_payload = (struct sadb_lifetime *)(void *)(payload + tlen);
751 hard_lifetime_payload->sadb_lifetime_len = PFKEY_UNIT64(sizeof(*hard_lifetime_payload));
752 hard_lifetime_payload->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD;
753 tlen += sizeof(*hard_lifetime_payload);
754
755 struct sadb_lifetime *soft_lifetime_payload = (struct sadb_lifetime *)(void *)(payload + tlen);
756 soft_lifetime_payload->sadb_lifetime_len = PFKEY_UNIT64(sizeof(*soft_lifetime_payload));
757 soft_lifetime_payload->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT;
758 tlen += sizeof(*soft_lifetime_payload);
759
760 // Update the total length
761 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
762 T_QUIET; T_ASSERT_POSIX_SUCCESS(send(pfkey_socket, payload, (size_t)PFKEY_UNUNIT64(msg_payload->sadb_msg_len), 0), "pfkey send update sa");
763 }
764
765 static void
send_pkey_migrate_sa(int pfkey_socket,uint32_t spi,const char * src,const char * dst,int family,const char * migrate_src,const char * migrate_dst,int migrate_family)766 send_pkey_migrate_sa(int pfkey_socket, uint32_t spi, const char *src, const char *dst, int family,
767 const char *migrate_src, const char *migrate_dst, int migrate_family)
768 {
769 uint8_t payload[MCLBYTES] __attribute__ ((aligned(32)));
770 bzero(payload, sizeof(payload));
771 uint16_t tlen = 0;
772
773 struct sadb_msg *msg_payload = (struct sadb_msg *)payload;
774 msg_payload->sadb_msg_version = PF_KEY_V2;
775 msg_payload->sadb_msg_type = SADB_MIGRATE;
776 msg_payload->sadb_msg_errno = 0;
777 msg_payload->sadb_msg_satype = SADB_SATYPE_ESP;
778 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
779 msg_payload->sadb_msg_reserved = 0;
780 msg_payload->sadb_msg_seq = 0;
781 msg_payload->sadb_msg_pid = (u_int32_t)getpid();
782 tlen += sizeof(*msg_payload);
783
784 struct sadb_sa_2 *sa2_payload = (struct sadb_sa_2 *)(void *)(payload + tlen);
785 sa2_payload->sa.sadb_sa_len = PFKEY_UNIT64(sizeof(*sa2_payload));
786 sa2_payload->sa.sadb_sa_exttype = SADB_EXT_SA;
787 sa2_payload->sa.sadb_sa_spi = htonl(spi);
788 sa2_payload->sa.sadb_sa_replay = 4;
789 sa2_payload->sa.sadb_sa_state = SADB_SASTATE_LARVAL;
790 sa2_payload->sa.sadb_sa_auth = SADB_X_AALG_SHA2_256;
791 sa2_payload->sa.sadb_sa_encrypt = SADB_X_EALG_AESCBC;
792 sa2_payload->sa.sadb_sa_flags |= (SADB_X_EXT_NATT | SADB_X_EXT_NATT_KEEPALIVE);
793 sa2_payload->sadb_sa_natt_src_port = htons(4500);
794 sa2_payload->sadb_sa_natt_port = 0; // Bad value to trigger failure
795 sa2_payload->sadb_sa_natt_interval = 20;
796 sa2_payload->sadb_sa_natt_offload_interval = 0;
797 tlen += sizeof(*sa2_payload);
798
799 struct sadb_x_sa2 *sa2_x_payload = (struct sadb_x_sa2 *)(void *)(payload + tlen);
800 sa2_x_payload->sadb_x_sa2_len = PFKEY_UNIT64(sizeof(*sa2_x_payload));
801 sa2_x_payload->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
802 sa2_x_payload->sadb_x_sa2_mode = IPSEC_MODE_TRANSPORT;
803 sa2_x_payload->sadb_x_sa2_reqid = 0;
804 tlen += sizeof(*sa2_x_payload);
805
806 uint8_t prefixlen = (family == AF_INET) ? (sizeof(struct in_addr) << 3) : (sizeof(struct in6_addr) << 3);
807
808 struct sadb_address *src_address_payload = (struct sadb_address *)(void *)(payload + tlen);
809 src_address_payload->sadb_address_exttype = SADB_EXT_ADDRESS_SRC & 0xffff;
810 src_address_payload->sadb_address_proto = IPSEC_ULPROTO_ANY & 0xff;
811 src_address_payload->sadb_address_prefixlen = prefixlen;
812 src_address_payload->sadb_address_reserved = 0;
813 tlen += sizeof(*src_address_payload);
814
815 if (family == AF_INET) {
816 struct sockaddr_in *src4 = (struct sockaddr_in *)(void *)(payload + tlen);
817 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET, src, &src4->sin_addr), 1, "src address fail");
818 src4->sin_family = AF_INET;
819 src4->sin_len = sizeof(*src4);
820 uint16_t len = sizeof(*src_address_payload) + PFKEY_ALIGN8(src4->sin_len);
821 src_address_payload->sadb_address_len = PFKEY_UNIT64(len);
822 tlen += PFKEY_ALIGN8(src4->sin_len);
823 } else {
824 struct sockaddr_in6 *src6 = (struct sockaddr_in6 *)(void *)(payload + tlen);
825 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET6, src, &src6->sin6_addr), 1, "src address fail");
826 src6->sin6_family = AF_INET6;
827 src6->sin6_len = sizeof(*src6);
828 uint16_t len = sizeof(*src_address_payload) + PFKEY_ALIGN8(src6->sin6_len);
829 src_address_payload->sadb_address_len = PFKEY_UNIT64(len);
830 tlen += PFKEY_ALIGN8(src6->sin6_len);
831 }
832
833 struct sadb_address *dst_address_payload = (struct sadb_address *)(void *)(payload + tlen);
834 dst_address_payload->sadb_address_exttype = SADB_EXT_ADDRESS_DST & 0xffff;
835 dst_address_payload->sadb_address_proto = IPSEC_ULPROTO_ANY & 0xff;
836 dst_address_payload->sadb_address_prefixlen = prefixlen;
837 dst_address_payload->sadb_address_reserved = 0;
838 tlen += sizeof(*dst_address_payload);
839
840 if (family == AF_INET) {
841 struct sockaddr_in *dst4 = (struct sockaddr_in *)(void *)(payload + tlen);
842 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET, dst, &dst4->sin_addr), 1, "dst address fail");
843 dst4->sin_family = AF_INET;
844 dst4->sin_len = sizeof(*dst4);
845 uint16_t len = sizeof(*dst_address_payload) + PFKEY_ALIGN8(dst4->sin_len);
846 dst_address_payload->sadb_address_len = PFKEY_UNIT64(len);
847 tlen += PFKEY_ALIGN8(dst4->sin_len);
848 } else {
849 struct sockaddr_in6 *dst6 = (struct sockaddr_in6 *)(void *)(payload + tlen);
850 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET6, dst, &dst6->sin6_addr), 1, "dst address fail");
851 dst6->sin6_family = AF_INET6;
852 dst6->sin6_len = sizeof(*dst6);
853 uint16_t len = sizeof(*dst_address_payload) + PFKEY_ALIGN8(dst6->sin6_len);
854 dst_address_payload->sadb_address_len = PFKEY_UNIT64(len);
855 tlen += PFKEY_ALIGN8(dst6->sin6_len);
856 }
857
858 prefixlen = (migrate_family == AF_INET) ? (sizeof(struct in_addr) << 3) : (sizeof(struct in6_addr) << 3);
859
860 struct sadb_address *migrate_src_address_payload = (struct sadb_address *)(void *)(payload + tlen);
861 migrate_src_address_payload->sadb_address_exttype = SADB_EXT_MIGRATE_ADDRESS_SRC & 0xffff;
862 migrate_src_address_payload->sadb_address_proto = IPSEC_ULPROTO_ANY & 0xff;
863 migrate_src_address_payload->sadb_address_prefixlen = prefixlen;
864 migrate_src_address_payload->sadb_address_reserved = 0;
865 tlen += sizeof(*migrate_src_address_payload);
866
867 if (migrate_family == AF_INET) {
868 struct sockaddr_in *migrate_src4 = (struct sockaddr_in *)(void *)(payload + tlen);
869 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET, migrate_src, &migrate_src4->sin_addr), 1, "migrate src fail");
870 migrate_src4->sin_family = AF_INET;
871 migrate_src4->sin_len = sizeof(*migrate_src4);
872 uint16_t len = sizeof(*migrate_src_address_payload) + PFKEY_ALIGN8(migrate_src4->sin_len);
873 migrate_src_address_payload->sadb_address_len = PFKEY_UNIT64(len);
874 tlen += PFKEY_ALIGN8(migrate_src4->sin_len);
875 } else if (migrate_family == AF_INET6) {
876 struct sockaddr_in6 *migrate_src6 = (struct sockaddr_in6 *)(void *)(payload + tlen);
877 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET6, migrate_src, &migrate_src6->sin6_addr), 1, "migrate src fail");
878 migrate_src6->sin6_family = AF_INET6;
879 migrate_src6->sin6_len = sizeof(*migrate_src6);
880 uint16_t len = sizeof(*migrate_src_address_payload) + PFKEY_ALIGN8(migrate_src6->sin6_len);
881 migrate_src_address_payload->sadb_address_len = PFKEY_UNIT64(len);
882 tlen += PFKEY_ALIGN8(migrate_src6->sin6_len);
883 } else if (migrate_family == AF_CHAOS) {
884 struct sockaddr_in6 *migrate_src6 = (struct sockaddr_in6 *)(void *)(payload + tlen);
885 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET6, migrate_src, &migrate_src6->sin6_addr), 1, "migrate src fail");
886 migrate_src6->sin6_family = AF_INET6;
887 migrate_src6->sin6_len = sizeof(*migrate_src6) + 100; // Bad value to trigger exploit
888 uint16_t len = sizeof(*migrate_src_address_payload) + PFKEY_ALIGN8(migrate_src6->sin6_len);
889 migrate_src_address_payload->sadb_address_len = PFKEY_UNIT64(len);
890 tlen += PFKEY_ALIGN8(migrate_src6->sin6_len);
891 }
892
893 struct sadb_address *migrate_dst_address_payload = (struct sadb_address *)(void *)(payload + tlen);
894 migrate_dst_address_payload->sadb_address_exttype = SADB_EXT_MIGRATE_ADDRESS_DST & 0xffff;
895 migrate_dst_address_payload->sadb_address_proto = IPSEC_ULPROTO_ANY & 0xff;
896 migrate_dst_address_payload->sadb_address_prefixlen = prefixlen;
897 migrate_dst_address_payload->sadb_address_reserved = 0;
898
899 tlen += sizeof(*migrate_dst_address_payload);
900
901 if (migrate_family == AF_INET) {
902 struct sockaddr_in *migrate_dst4 = (struct sockaddr_in *)(void *)(payload + tlen);
903 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET, migrate_dst, &migrate_dst4->sin_addr), 1, "migrate dst fail");
904 migrate_dst4->sin_family = AF_INET;
905 migrate_dst4->sin_len = sizeof(*migrate_dst4);
906 uint16_t len = sizeof(*migrate_dst_address_payload) + PFKEY_ALIGN8(migrate_dst4->sin_len);
907 migrate_dst_address_payload->sadb_address_len = PFKEY_UNIT64(len);
908 tlen += PFKEY_ALIGN8(migrate_dst4->sin_len);
909 } else if (migrate_family == AF_INET6) {
910 struct sockaddr_in6 *migrate_dst6 = (struct sockaddr_in6 *)(void *)(payload + tlen);
911 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET6, migrate_dst, &migrate_dst6->sin6_addr), 1, "migrate dst fail");
912 migrate_dst6->sin6_family = AF_INET6;
913 migrate_dst6->sin6_len = sizeof(*migrate_dst6);
914 uint16_t len = sizeof(*migrate_dst_address_payload) + PFKEY_ALIGN8(migrate_dst6->sin6_len);
915 migrate_dst_address_payload->sadb_address_len = PFKEY_UNIT64(len);
916 tlen += PFKEY_ALIGN8(migrate_dst6->sin6_len);
917 } else if (migrate_family == AF_CHAOS) {
918 struct sockaddr_in6 *migrate_dst6 = (struct sockaddr_in6 *)(void *)(payload + tlen);
919 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET6, migrate_dst, &migrate_dst6->sin6_addr), 1, "migrate dst fail");
920 migrate_dst6->sin6_family = AF_INET6;
921 migrate_dst6->sin6_len = sizeof(*migrate_dst6) + 100; // Bad value to trigger exploit
922 uint16_t len = sizeof(*migrate_dst_address_payload) + PFKEY_ALIGN8(migrate_dst6->sin6_len);
923 migrate_dst_address_payload->sadb_address_len = PFKEY_UNIT64(len);
924 tlen += PFKEY_ALIGN8(migrate_dst6->sin6_len);
925 }
926
927 // Update the total length
928 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
929 T_QUIET; T_ASSERT_POSIX_SUCCESS(send(pfkey_socket, payload, (size_t)PFKEY_UNUNIT64(msg_payload->sadb_msg_len), 0), "pfkey send migrate sa");
930 }
931
932 static void
send_pfkey_get_sa_stat(int pfkey_socket,uint32_t spi,uint32_t stat_length)933 send_pfkey_get_sa_stat(int pfkey_socket, uint32_t spi, uint32_t stat_length)
934 {
935 uint8_t payload[MCLBYTES] __attribute__ ((aligned(32)));
936 bzero(payload, sizeof(payload));
937 uint16_t tlen = 0;
938
939 struct sadb_msg *msg_payload = (struct sadb_msg *)payload;
940 msg_payload->sadb_msg_version = PF_KEY_V2;
941 msg_payload->sadb_msg_type = SADB_GETSASTAT;
942 msg_payload->sadb_msg_errno = 0;
943 msg_payload->sadb_msg_satype = SADB_SATYPE_UNSPEC;
944 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
945 msg_payload->sadb_msg_reserved = 0;
946 msg_payload->sadb_msg_seq = 0;
947 msg_payload->sadb_msg_pid = (u_int32_t)getpid();
948 tlen += sizeof(*msg_payload);
949
950 struct sadb_session_id *session_id_payload = (struct sadb_session_id *)(void *)(payload + tlen);
951 session_id_payload->sadb_session_id_len = PFKEY_UNIT64(sizeof(*session_id_payload));
952 session_id_payload->sadb_session_id_exttype = SADB_EXT_SESSION_ID;
953 session_id_payload->sadb_session_id_v[0] = 1;
954 tlen += sizeof(*session_id_payload);
955
956 struct sadb_sastat *sadb_stat_payload = (struct sadb_sastat *)(void *)(payload + tlen);
957 uint16_t length = sizeof(*sadb_stat_payload) + PFKEY_ALIGN8(sizeof(struct sastat));
958 sadb_stat_payload->sadb_sastat_len = PFKEY_UNIT64(length);
959 sadb_stat_payload->sadb_sastat_exttype = SADB_EXT_SASTAT;
960 sadb_stat_payload->sadb_sastat_dir = IPSEC_DIR_OUTBOUND;
961 sadb_stat_payload->sadb_sastat_list_len = stat_length;
962 tlen += sizeof(*sadb_stat_payload);
963
964 struct sastat *sastat_payload = (struct sastat *)(void *)(payload + tlen);
965 sastat_payload->spi = htonl(spi);
966 tlen += PFKEY_ALIGN8(sizeof(*sastat_payload));
967
968 // Update the total length
969 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
970 T_QUIET; T_ASSERT_POSIX_SUCCESS(send(pfkey_socket, payload, (size_t)PFKEY_UNUNIT64(msg_payload->sadb_msg_len), 0), "pfkey send get sa stat");
971 }
972
973 static void
send_pkey_delete_sa(int pfkey_socket,uint32_t spi)974 send_pkey_delete_sa(int pfkey_socket, uint32_t spi)
975 {
976 uint8_t payload[MCLBYTES] __attribute__ ((aligned(32)));
977 bzero(payload, sizeof(payload));
978 uint16_t tlen = 0;
979
980 struct sadb_msg *msg_payload = (struct sadb_msg *)payload;
981 msg_payload->sadb_msg_version = PF_KEY_V2;
982 msg_payload->sadb_msg_type = SADB_DELETE;
983 msg_payload->sadb_msg_errno = 0;
984 msg_payload->sadb_msg_satype = SADB_SATYPE_ESP;
985 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
986 msg_payload->sadb_msg_reserved = 0;
987 msg_payload->sadb_msg_seq = 0;
988 msg_payload->sadb_msg_pid = (u_int32_t)getpid();
989 tlen += sizeof(*msg_payload);
990
991 struct sadb_sa_2 *sa2_payload = (struct sadb_sa_2 *)(void *)(payload + tlen);
992 sa2_payload->sa.sadb_sa_len = PFKEY_UNIT64(sizeof(*sa2_payload));
993 sa2_payload->sa.sadb_sa_exttype = SADB_EXT_SA;
994 sa2_payload->sa.sadb_sa_spi = htonl(spi);
995 tlen += sizeof(*sa2_payload);
996
997 struct sadb_address *src_address_payload = (struct sadb_address *)(void *)(payload + tlen);
998 src_address_payload->sadb_address_exttype = SADB_EXT_ADDRESS_SRC & 0xffff;
999 src_address_payload->sadb_address_proto = IPSEC_ULPROTO_ANY & 0xff;
1000 src_address_payload->sadb_address_prefixlen = (sizeof(struct in_addr) << 3);
1001 src_address_payload->sadb_address_reserved = 0;
1002 tlen += sizeof(*src_address_payload);
1003
1004 struct sockaddr_in *src = (struct sockaddr_in *)(void *)(payload + tlen);
1005 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET, TEST_SRC_ADDRESS_IPv4, &src->sin_addr), 1, "migrate src fail");
1006 src->sin_family = AF_INET;
1007 src->sin_len = sizeof(*src);
1008 uint16_t len = sizeof(*src_address_payload) + PFKEY_ALIGN8(src->sin_len);
1009 src_address_payload->sadb_address_len = PFKEY_UNIT64(len);
1010 tlen += PFKEY_ALIGN8(src->sin_len);
1011
1012 struct sadb_address *dst_address_payload = (struct sadb_address *)(void *)(payload + tlen);
1013 dst_address_payload->sadb_address_exttype = SADB_EXT_ADDRESS_DST & 0xffff;
1014 dst_address_payload->sadb_address_proto = IPSEC_ULPROTO_ANY & 0xff;
1015 dst_address_payload->sadb_address_prefixlen = (sizeof(struct in_addr) << 3);
1016 dst_address_payload->sadb_address_reserved = 0;
1017 tlen += sizeof(*dst_address_payload);
1018
1019 struct sockaddr_in *dst = (struct sockaddr_in *)(void *)(payload + tlen);
1020 T_QUIET; T_ASSERT_EQ_INT(inet_pton(AF_INET, TEST_DST_ADDRESS_IPv4, &dst->sin_addr), 1, "migrate dst fail");
1021 dst->sin_family = AF_INET;
1022 dst->sin_len = sizeof(*dst);
1023 len = sizeof(*dst_address_payload) + PFKEY_ALIGN8(dst->sin_len);
1024 dst_address_payload->sadb_address_len = PFKEY_UNIT64(len);
1025 tlen += PFKEY_ALIGN8(dst->sin_len);
1026
1027 // Update the total length
1028 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
1029 T_QUIET; T_ASSERT_POSIX_SUCCESS(send(pfkey_socket, payload, (size_t)PFKEY_UNUNIT64(msg_payload->sadb_msg_len), 0), "pfkey send delete sa");
1030 }
1031
1032 static void
send_pfkey_sa_dump_message(int pfkey_socket)1033 send_pfkey_sa_dump_message(int pfkey_socket)
1034 {
1035 uint8_t payload[MCLBYTES] __attribute__ ((aligned(32)));
1036 bzero(payload, sizeof(payload));
1037 uint16_t tlen = 0;
1038
1039 struct sadb_msg *msg_payload = (struct sadb_msg *)(void *)payload;
1040 msg_payload->sadb_msg_version = PF_KEY_V2;
1041 msg_payload->sadb_msg_type = SADB_DUMP;
1042 msg_payload->sadb_msg_errno = 0;
1043 msg_payload->sadb_msg_satype = SADB_SATYPE_UNSPEC;
1044 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
1045 msg_payload->sadb_msg_reserved = 0;
1046 msg_payload->sadb_msg_seq = 0;
1047 msg_payload->sadb_msg_pid = (uint32_t)getpid();
1048 tlen += sizeof(*msg_payload);
1049
1050 // Update the total length
1051 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
1052 T_QUIET; T_ASSERT_POSIX_SUCCESS(send(pfkey_socket, payload, (size_t)PFKEY_UNUNIT64(msg_payload->sadb_msg_len), 0), "pfkey send sa dump failed");
1053 }
1054
1055 static void
send_pfkey_flush_sa(int pfkey_socket)1056 send_pfkey_flush_sa(int pfkey_socket)
1057 {
1058 uint8_t payload[MCLBYTES] __attribute__ ((aligned(32)));
1059 bzero(payload, sizeof(payload));
1060 uint16_t tlen = 0;
1061
1062 struct sadb_msg *msg_payload = (struct sadb_msg *)payload;
1063 msg_payload->sadb_msg_version = PF_KEY_V2;
1064 msg_payload->sadb_msg_type = SADB_FLUSH;
1065 msg_payload->sadb_msg_errno = 0;
1066 msg_payload->sadb_msg_satype = SADB_SATYPE_UNSPEC;
1067 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
1068 msg_payload->sadb_msg_reserved = 0;
1069 msg_payload->sadb_msg_seq = 0;
1070 msg_payload->sadb_msg_pid = (u_int32_t)getpid();
1071 tlen += sizeof(*msg_payload);
1072
1073 // Update the total length
1074 msg_payload->sadb_msg_len = PFKEY_UNIT64(tlen);
1075 T_QUIET; T_ASSERT_POSIX_SUCCESS(send(pfkey_socket, payload, (size_t)PFKEY_UNUNIT64(msg_payload->sadb_msg_len), 0), "pfkey flush sa");
1076 }
1077
1078 static void
pfkey_cleanup(void)1079 pfkey_cleanup(void)
1080 {
1081 if (pfkey_source != NULL) {
1082 int pfkey_socket = (int)dispatch_source_get_handle(pfkey_source);
1083 if (pfkey_socket > 0) {
1084 send_pfkey_flush_sa(pfkey_socket);
1085 send_pfkey_flush_sp(pfkey_socket);
1086 }
1087 dispatch_source_cancel(pfkey_source);
1088 pfkey_source = NULL;
1089 }
1090
1091 if (oldmax != 0) {
1092 (void)sysctlbyname("kern.ipc.maxsockbuf", NULL, NULL, &oldmax, sizeof(oldmax));
1093 }
1094 }
1095
1096 static int
pfkey_setup_socket(void)1097 pfkey_setup_socket(void)
1098 {
1099 int pfkey_socket = -1;
1100 int bufsiz = 0;
1101 const unsigned long newbufk = 1536;
1102 size_t oldmaxsize = sizeof(oldmax);
1103 unsigned long newmax = newbufk * (1024 + 128);
1104
1105 T_QUIET; T_ASSERT_POSIX_SUCCESS(pfkey_socket = socket(PF_KEY, SOCK_RAW, PF_KEY_V2), NULL);
1106
1107 if (sysctlbyname("kern.ipc.maxsockbuf", &oldmax, &oldmaxsize, &newmax, sizeof(newmax)) != 0) {
1108 bufsiz = 233016; /* Max allowed by default */
1109 } else {
1110 bufsiz = newbufk * 800;
1111 }
1112
1113 T_QUIET; T_ASSERT_POSIX_SUCCESS(setsockopt(pfkey_socket, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz)), "pfkey set snd socket buf failed %d", bufsiz);
1114 T_QUIET; T_ASSERT_POSIX_SUCCESS(setsockopt(pfkey_socket, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz)), "pfkey set recv socket buf failed %d", bufsiz);
1115
1116 pfkey_source = dispatch_source_create(DISPATCH_SOURCE_TYPE_READ, (uintptr_t)pfkey_socket, 0, dispatch_get_main_queue());
1117 T_QUIET; T_ASSERT_NOTNULL(pfkey_source, "dispatch_source_create(DISPATCH_SOURCE_TYPE_READ, ...)");
1118 dispatch_source_set_event_handler(pfkey_source, ^{
1119 recv_pfkey_message(pfkey_socket);
1120 });
1121 dispatch_source_set_cancel_handler(pfkey_source, ^{
1122 close(pfkey_socket);
1123 });
1124 dispatch_resume(pfkey_source);
1125 return pfkey_socket;
1126 }
1127
1128 static void
pfkey_process_message_test_60822136(uint8_t ** mhp,int pfkey_socket)1129 pfkey_process_message_test_60822136(uint8_t **mhp, int pfkey_socket)
1130 {
1131 struct sadb_msg *message = (struct sadb_msg *)(void *)mhp[0];
1132 static int counter = 0;
1133 static uint32_t policy_id = 0;
1134
1135 if (message->sadb_msg_pid != (uint32_t)getpid()) {
1136 return;
1137 }
1138
1139 if (message->sadb_msg_errno) {
1140 T_QUIET; T_ASSERT_EQ(message->sadb_msg_type, SADB_X_SPDDUMP, "SADB error for type %u", message->sadb_msg_type);
1141 pfkey_cleanup();
1142 T_END;
1143 }
1144
1145 switch (message->sadb_msg_type) {
1146 case SADB_X_SPDADD:
1147 {
1148 struct sadb_x_policy *policy_message = (struct sadb_x_policy *)(void *)mhp[SADB_X_EXT_POLICY];
1149 T_QUIET; T_ASSERT_NOTNULL(policy_message, "spd add policy message is NULL");
1150 policy_id = policy_message->sadb_x_policy_id;
1151 T_LOG("Added policy id %u", policy_id);
1152 send_pfkey_spd_get_message(pfkey_socket, policy_id);
1153 break;
1154 }
1155 case SADB_X_SPDGET:
1156 {
1157 struct sadb_x_policy *policy_message = (struct sadb_x_policy *)(void *)mhp[SADB_X_EXT_POLICY];
1158 T_QUIET; T_ASSERT_NOTNULL(policy_message, "spd get policy message is NULL");
1159 T_QUIET; T_ASSERT_EQ(policy_id, policy_message->sadb_x_policy_id, "spd_get: spid mismatch %u != %u", policy_id, policy_message->sadb_x_policy_id);
1160 if (counter < MAX_SPD_CHECK) {
1161 counter++;
1162 send_pfkey_spd_get_message(pfkey_socket, policy_id);
1163 } else {
1164 T_LOG("Deleting policy id %u", policy_id);
1165 send_pfkey_spd_delete_message(pfkey_socket, policy_id);
1166 }
1167 break;
1168 }
1169 case SADB_X_SPDDELETE2:
1170 {
1171 struct sadb_x_policy *policy_message = (struct sadb_x_policy *)(void *)mhp[SADB_X_EXT_POLICY];
1172 T_QUIET; T_ASSERT_NOTNULL(policy_message, "spd delete2 policy message is NULL");
1173 T_QUIET; T_ASSERT_EQ(policy_id, policy_message->sadb_x_policy_id, "spd_delete2: spid mismatch %u != %u", policy_id, policy_message->sadb_x_policy_id);
1174 T_LOG("Deleted policy id %u", policy_id);
1175 sleep(2);
1176 send_pfkey_spd_dump_message(pfkey_socket);
1177 break;
1178 }
1179 case SADB_X_SPDDUMP:
1180 {
1181 struct sadb_x_policy *policy_message = (struct sadb_x_policy *)(void *)mhp[SADB_X_EXT_POLICY];
1182 T_QUIET; T_ASSERT_NOTNULL(policy_message, "spd dump policy message is NULL");
1183 T_QUIET; T_ASSERT_EQ(policy_id, policy_message->sadb_x_policy_id, "spd_dump: spid mismatch %u != %u", policy_id, policy_message->sadb_x_policy_id);
1184 T_FAIL("Policy id %u still exists", policy_id);
1185 pfkey_cleanup();
1186 T_END;
1187 }
1188 case SADB_FLUSH:
1189 case SADB_X_SPDFLUSH:
1190 break;
1191 default:
1192 T_FAIL("bad SADB message type %u", message->sadb_msg_type);
1193 T_END;
1194 }
1195 return;
1196 }
1197
1198 static void
pfkey_process_message_test_60822924(uint8_t ** mhp,int pfkey_socket)1199 pfkey_process_message_test_60822924(uint8_t **mhp, int pfkey_socket)
1200 {
1201 struct sadb_msg *message = (struct sadb_msg *)(void *)mhp[0];
1202 static int counter = 0;
1203 static uint32_t policy_id = 0;
1204
1205 if (message->sadb_msg_pid != (uint32_t)getpid()) {
1206 return;
1207 }
1208
1209 if (message->sadb_msg_errno) {
1210 T_QUIET; T_ASSERT_EQ(message->sadb_msg_type, SADB_X_SPDDUMP, "SADB error for type %u", message->sadb_msg_type);
1211 pfkey_cleanup();
1212 T_END;
1213 }
1214
1215 switch (message->sadb_msg_type) {
1216 case SADB_X_SPDADD:
1217 {
1218 struct sadb_x_policy *policy_message = (struct sadb_x_policy *)(void *)mhp[SADB_X_EXT_POLICY];
1219 T_QUIET; T_ASSERT_NOTNULL(policy_message, "spd add policy message is NULL");
1220 policy_id = policy_message->sadb_x_policy_id;
1221 T_LOG("Added policy id %u", policy_id);
1222 send_pfkey_spd_enable_message(pfkey_socket, policy_id);
1223 break;
1224 }
1225 case SADB_X_SPDENABLE:
1226 {
1227 struct sadb_x_policy *policy_message = (struct sadb_x_policy *)(void *)mhp[SADB_X_EXT_POLICY];
1228 T_QUIET; T_ASSERT_NOTNULL(policy_message, "spd enable policy message is NULL");
1229 T_QUIET; T_ASSERT_EQ(policy_id, policy_message->sadb_x_policy_id, "spd_enable: spid mismatch %u != %u", policy_id, policy_message->sadb_x_policy_id);
1230 if (counter < MAX_SPD_CHECK) {
1231 counter++;
1232 send_pfkey_spd_enable_message(pfkey_socket, policy_id);
1233 } else {
1234 T_LOG("Deleting policy id %u", policy_id);
1235 send_pfkey_spd_delete_message(pfkey_socket, policy_id);
1236 }
1237 break;
1238 }
1239 case SADB_X_SPDDELETE2:
1240 {
1241 struct sadb_x_policy *policy_message = (struct sadb_x_policy *)(void *)mhp[SADB_X_EXT_POLICY];
1242 T_QUIET; T_ASSERT_NOTNULL(policy_message, "spd delete2 policy message is NULL");
1243 T_QUIET; T_ASSERT_EQ(policy_id, policy_message->sadb_x_policy_id, "spd_delete2: spid mismatch %u != %u", policy_id, policy_message->sadb_x_policy_id);
1244 T_LOG("Deleted policy id %u", policy_id);
1245 sleep(2);
1246 send_pfkey_spd_dump_message(pfkey_socket);
1247 break;
1248 }
1249 case SADB_X_SPDDUMP:
1250 {
1251 struct sadb_x_policy *policy_message = (struct sadb_x_policy *)(void *)mhp[SADB_X_EXT_POLICY];
1252 T_QUIET; T_ASSERT_NOTNULL(policy_message, "spd dump policy message is NULL");
1253 T_QUIET; T_ASSERT_EQ(policy_id, policy_message->sadb_x_policy_id, "spd_dump: spid mismatch %u != %u", policy_id, policy_message->sadb_x_policy_id);
1254 T_FAIL("Policy id %u still exists", policy_id);
1255 pfkey_cleanup();
1256 T_END;
1257 }
1258 case SADB_FLUSH:
1259 case SADB_X_SPDFLUSH:
1260 break;
1261 default:
1262 T_FAIL("bad SADB message type %u", message->sadb_msg_type);
1263 T_END;
1264 }
1265 return;
1266 }
1267
1268 static void
pfkey_process_message_test_60822956(uint8_t ** mhp,int pfkey_socket)1269 pfkey_process_message_test_60822956(uint8_t **mhp, int pfkey_socket)
1270 {
1271 struct sadb_msg *message = (struct sadb_msg *)(void *)mhp[0];
1272 static int counter = 0;
1273 static uint32_t policy_id = 0;
1274
1275 if (message->sadb_msg_pid != (uint32_t)getpid()) {
1276 return;
1277 }
1278
1279 if (message->sadb_msg_errno) {
1280 T_QUIET; T_ASSERT_EQ(message->sadb_msg_type, SADB_X_SPDDUMP, "SADB error for type %u", message->sadb_msg_type);
1281 pfkey_cleanup();
1282 T_END;
1283 }
1284
1285 switch (message->sadb_msg_type) {
1286 case SADB_X_SPDADD:
1287 {
1288 struct sadb_x_policy *policy_message = (struct sadb_x_policy *)(void *)mhp[SADB_X_EXT_POLICY];
1289 T_QUIET; T_ASSERT_NOTNULL(policy_message, "spd add policy message is NULL");
1290 policy_id = policy_message->sadb_x_policy_id;
1291 T_LOG("Added policy id %u", policy_id);
1292 send_pfkey_spd_disable_message(pfkey_socket, policy_id);
1293 break;
1294 }
1295 case SADB_X_SPDDISABLE:
1296 {
1297 struct sadb_x_policy *policy_message = (struct sadb_x_policy *)(void *)mhp[SADB_X_EXT_POLICY];
1298 T_QUIET; T_ASSERT_NOTNULL(policy_message, "spd disable policy message is NULL");
1299 T_QUIET; T_ASSERT_EQ(policy_id, policy_message->sadb_x_policy_id, "spd_disable: spid mismatch %u != %u", policy_id, policy_message->sadb_x_policy_id);
1300 if (counter < MAX_SPD_CHECK) {
1301 counter++;
1302 send_pfkey_spd_disable_message(pfkey_socket, policy_id);
1303 } else {
1304 T_LOG("Deleting policy id %u", policy_id);
1305 send_pfkey_spd_delete_message(pfkey_socket, policy_id);
1306 }
1307 break;
1308 }
1309 case SADB_X_SPDDELETE2:
1310 {
1311 struct sadb_x_policy *policy_message = (struct sadb_x_policy *)(void *)mhp[SADB_X_EXT_POLICY];
1312 T_QUIET; T_ASSERT_NOTNULL(policy_message, "spd delete2 policy message is NULL");
1313 T_QUIET; T_ASSERT_EQ(policy_id, policy_message->sadb_x_policy_id, "spd_delete2: spid mismatch %u != %u", policy_id, policy_message->sadb_x_policy_id);
1314 T_LOG("Deleted policy id %u", policy_id);
1315 sleep(2);
1316 send_pfkey_spd_dump_message(pfkey_socket);
1317 break;
1318 }
1319 case SADB_X_SPDDUMP:
1320 {
1321 struct sadb_x_policy *policy_message = (struct sadb_x_policy *)(void *)mhp[SADB_X_EXT_POLICY];
1322 T_QUIET; T_ASSERT_NOTNULL(policy_message, "spd dump policy message is NULL");
1323 T_QUIET; T_ASSERT_EQ(policy_id, policy_message->sadb_x_policy_id, "spd_dump: spid mismatch %u != %u", policy_id, policy_message->sadb_x_policy_id);
1324 T_FAIL("Policy id %u still exists", policy_id);
1325 pfkey_cleanup();
1326 T_END;
1327 }
1328 case SADB_FLUSH:
1329 case SADB_X_SPDFLUSH:
1330 break;
1331 default:
1332 T_FAIL("bad SADB message type %u", message->sadb_msg_type);
1333 T_END;
1334 }
1335 return;
1336 }
1337
1338 static void
pfkey_process_message_test_60679513(uint8_t ** mhp,int pfkey_socket)1339 pfkey_process_message_test_60679513(uint8_t **mhp, int pfkey_socket)
1340 {
1341 struct sadb_msg *message = (struct sadb_msg *)(void *)mhp[0];
1342 static uint32_t spi = 0;
1343
1344 if (message->sadb_msg_pid != (uint32_t)getpid()) {
1345 return;
1346 }
1347
1348 if (message->sadb_msg_errno) {
1349 T_QUIET; T_ASSERT_EQ(message->sadb_msg_type, SADB_UPDATE, "SADB error for type %u", message->sadb_msg_type);
1350 }
1351
1352 switch (message->sadb_msg_type) {
1353 case SADB_GETSPI:
1354 {
1355 struct sadb_sa *sa_message = (struct sadb_sa *)(void *)mhp[SADB_EXT_SA];
1356 T_QUIET; T_ASSERT_NOTNULL(sa_message, "sa get spi message is NULL");
1357 spi = ntohl(sa_message->sadb_sa_spi);
1358 T_LOG("get spi 0x%x", spi);
1359 send_pkey_update_sa(pfkey_socket, spi);
1360 break;
1361 }
1362 case SADB_UPDATE:
1363 {
1364 struct sadb_sa *sa_message = (struct sadb_sa *)(void *)mhp[SADB_EXT_SA];
1365 T_QUIET; T_ASSERT_NOTNULL(sa_message, "update sa message is NULL");
1366 T_QUIET; T_ASSERT_EQ(spi, ntohl(sa_message->sadb_sa_spi), "sadb update: spi mismatch %u != %u", spi, ntohl(sa_message->sadb_sa_spi));
1367 T_LOG("update sa 0x%x", spi);
1368 send_pkey_delete_sa(pfkey_socket, spi);
1369 break;
1370 }
1371 case SADB_DELETE:
1372 {
1373 struct sadb_sa *sa_message = (struct sadb_sa *)(void *)mhp[SADB_EXT_SA];
1374 T_QUIET; T_ASSERT_NOTNULL(sa_message, "delete sa message is NULL");
1375 T_QUIET; T_ASSERT_EQ(spi, ntohl(sa_message->sadb_sa_spi), "sadb delete: spi mismatch %u != %u", spi, ntohl(sa_message->sadb_sa_spi));
1376 T_LOG("delete sa 0x%x", spi);
1377 pfkey_cleanup();
1378 T_END;
1379 }
1380 case SADB_FLUSH:
1381 case SADB_X_SPDFLUSH:
1382 break;
1383 default:
1384 T_FAIL("bad SADB message type %u", message->sadb_msg_type);
1385 T_END;
1386 }
1387 return;
1388 }
1389
1390 static void
pfkey_process_message_test_60768729(uint8_t ** mhp,int pfkey_socket)1391 pfkey_process_message_test_60768729(uint8_t **mhp, int pfkey_socket)
1392 {
1393 struct sadb_msg *message = (struct sadb_msg *)(void *)mhp[0];
1394 uint32_t spi = 0;
1395 static int counter = 0;
1396
1397 if (message->sadb_msg_pid != (uint32_t)getpid()) {
1398 return;
1399 }
1400
1401 T_QUIET; T_ASSERT_EQ(message->sadb_msg_errno, 0, "SADB error for type %u", message->sadb_msg_type);
1402
1403 switch (message->sadb_msg_type) {
1404 case SADB_GETSPI:
1405 {
1406 struct sadb_sa *sa_message = (struct sadb_sa *)(void *)mhp[SADB_EXT_SA];
1407 T_QUIET; T_ASSERT_NOTNULL(sa_message, "sa get spi message is NULL");
1408 spi = ntohl(sa_message->sadb_sa_spi);
1409 counter++;
1410 if (counter <= 1000) {
1411 send_pkey_get_spi(pfkey_socket);
1412 } else {
1413 T_LOG("SADB added 1000 Larval SPIs");
1414 send_pfkey_sa_dump_message(pfkey_socket);
1415 }
1416 break;
1417 }
1418 case SADB_DUMP:
1419 {
1420 counter--;
1421 if (counter == 0) {
1422 T_PASS("SADB dump successful");
1423 pfkey_cleanup();
1424 T_END;
1425 }
1426 break;
1427 }
1428
1429 case SADB_FLUSH:
1430 case SADB_X_SPDFLUSH:
1431 break;
1432 default:
1433 T_FAIL("bad SADB message type %u", message->sadb_msg_type);
1434 T_END;
1435 }
1436 return;
1437 }
1438
1439 static void
pfkey_process_message_test_60769680(uint8_t ** mhp,int pfkey_socket)1440 pfkey_process_message_test_60769680(uint8_t **mhp, int pfkey_socket)
1441 {
1442 struct sadb_msg *message = (struct sadb_msg *)(void *)mhp[0];
1443 static uint8_t counter = 0;
1444
1445 if (message->sadb_msg_pid != (uint32_t)getpid()) {
1446 return;
1447 }
1448
1449 T_QUIET; T_ASSERT_EQ(message->sadb_msg_errno, 0, "SADB error for type %u error %d", message->sadb_msg_type, message->sadb_msg_errno);
1450
1451 switch (message->sadb_msg_type) {
1452 case SADB_X_SPDADD:
1453 {
1454 struct sadb_x_policy *policy_message = (struct sadb_x_policy *)(void *)mhp[SADB_X_EXT_POLICY];
1455 T_QUIET; T_ASSERT_NOTNULL(policy_message, "spd add policy message is NULL");
1456 counter++;
1457 if (counter <= 240) {
1458 send_pfkey_spd_add_message(pfkey_socket, counter + 1);
1459 } else {
1460 T_LOG("SADB added 240 security policies");
1461 send_pfkey_spd_dump_message(pfkey_socket);
1462 }
1463 break;
1464 }
1465 case SADB_X_SPDDUMP:
1466 {
1467 counter--;
1468 if (counter == 0) {
1469 T_PASS("SADB policy dump successful");
1470 pfkey_cleanup();
1471 T_END;
1472 }
1473 break;
1474 }
1475
1476 case SADB_FLUSH:
1477 case SADB_X_SPDFLUSH:
1478 break;
1479 default:
1480 T_FAIL("bad SADB message type %u", message->sadb_msg_type);
1481 T_END;
1482 }
1483 return;
1484 }
1485
1486 static void
pfkey_process_message_test_60822823(uint8_t ** mhp,int pfkey_socket)1487 pfkey_process_message_test_60822823(uint8_t **mhp, int pfkey_socket)
1488 {
1489 struct sadb_msg *message = (struct sadb_msg *)(void *)mhp[0];
1490 static uint32_t spi = 0;
1491
1492 if (message->sadb_msg_pid != (uint32_t)getpid()) {
1493 return;
1494 }
1495
1496 if (message->sadb_msg_errno != 0) {
1497 T_QUIET; T_ASSERT_EQ(message->sadb_msg_type, SADB_GETSASTAT, "SADB error for type %u error %d", message->sadb_msg_type, message->sadb_msg_errno);
1498 T_QUIET; T_ASSERT_EQ(message->sadb_msg_errno, EINVAL, "SADB error for type %u error %d", message->sadb_msg_type, message->sadb_msg_errno);
1499 T_PASS("SADB get SA Stat received EINVAL");
1500 T_END;
1501 }
1502
1503 switch (message->sadb_msg_type) {
1504 case SADB_ADD:
1505 {
1506 struct sadb_sa *sa_message = (struct sadb_sa *)(void *)mhp[SADB_EXT_SA];
1507 T_QUIET; T_ASSERT_NOTNULL(sa_message, "add sa message is NULL");
1508 spi = ntohl(sa_message->sadb_sa_spi);
1509 T_LOG("added sa 0x%x", spi);
1510 send_pfkey_get_sa_stat(pfkey_socket, spi, 5);
1511 break;
1512 }
1513 case SADB_GETSASTAT:
1514 {
1515 T_FAIL("get sa stat should fail %u", message->sadb_msg_type);
1516 T_END;
1517 }
1518 case SADB_FLUSH:
1519 case SADB_X_SPDFLUSH:
1520 break;
1521 default:
1522 T_FAIL("bad SADB message type %u", message->sadb_msg_type);
1523 T_END;
1524 }
1525 return;
1526 }
1527
1528 static void
pfkey_process_message_test_60822823_1(uint8_t ** mhp,int pfkey_socket)1529 pfkey_process_message_test_60822823_1(uint8_t **mhp, int pfkey_socket)
1530 {
1531 struct sadb_msg *message = (struct sadb_msg *)(void *)mhp[0];
1532 static uint32_t spi = 0;
1533
1534 if (message->sadb_msg_pid != (uint32_t)getpid()) {
1535 return;
1536 }
1537
1538 T_QUIET; T_ASSERT_EQ(message->sadb_msg_errno, 0, "SADB error for type %u error %d", message->sadb_msg_type, message->sadb_msg_errno);
1539
1540 switch (message->sadb_msg_type) {
1541 case SADB_ADD:
1542 {
1543 struct sadb_sa *sa_message = (struct sadb_sa *)(void *)mhp[SADB_EXT_SA];
1544 T_QUIET; T_ASSERT_NOTNULL(sa_message, "add sa message is NULL");
1545 spi = ntohl(sa_message->sadb_sa_spi);
1546 T_LOG("added sa 0x%x", spi);
1547 send_pfkey_get_sa_stat(pfkey_socket, spi, 1);
1548 break;
1549 }
1550 case SADB_GETSASTAT:
1551 {
1552 struct sadb_session_id *session_id = (struct sadb_session_id *)(void *)mhp[SADB_EXT_SESSION_ID];
1553 T_QUIET; T_ASSERT_NOTNULL(session_id, "session id is NULL");
1554 T_QUIET; T_EXPECT_EQ_ULLONG(session_id->sadb_session_id_v[0], 1ULL, "Session id is not equal");
1555 T_PASS("get sa stat success %u", message->sadb_msg_type);
1556 T_END;
1557 }
1558 case SADB_FLUSH:
1559 case SADB_X_SPDFLUSH:
1560 break;
1561 default:
1562 T_FAIL("bad SADB message type %u", message->sadb_msg_type);
1563 T_END;
1564 }
1565 return;
1566 }
1567
1568 static void
pfkey_process_message_test_60687183(uint8_t ** mhp,int pfkey_socket)1569 pfkey_process_message_test_60687183(uint8_t **mhp, int pfkey_socket)
1570 {
1571 struct sadb_msg *message = (struct sadb_msg *)(void *)mhp[0];
1572 static uint32_t spi = 0;
1573
1574 if (message->sadb_msg_pid != (uint32_t)getpid()) {
1575 return;
1576 }
1577
1578 T_QUIET; T_ASSERT_EQ(message->sadb_msg_errno, 0, "SADB error for type %u error %d", message->sadb_msg_type, message->sadb_msg_errno);
1579
1580 switch (message->sadb_msg_type) {
1581 case SADB_ADD:
1582 {
1583 struct sadb_sa *sa_message = (struct sadb_sa *)(void *)mhp[SADB_EXT_SA];
1584 T_QUIET; T_ASSERT_NOTNULL(sa_message, "add sa message is NULL");
1585 spi = ntohl(sa_message->sadb_sa_spi);
1586 T_LOG("added sa 0x%x", spi);
1587 send_pkey_migrate_sa(pfkey_socket, spi, TEST_SRC_ADDRESS_IPv4, TEST_DST_ADDRESS_IPv4, AF_INET,
1588 TEST_MIGRATE_SRC_ADDRESS_IPv4, TEST_MIGRATE_DST_ADDRESS_IPv4, AF_INET);
1589 break;
1590 }
1591 case SADB_MIGRATE:
1592 {
1593 T_PASS("migrate SA success");
1594 T_END;
1595 }
1596 case SADB_FLUSH:
1597 case SADB_X_SPDFLUSH:
1598 break;
1599 default:
1600 T_FAIL("bad SADB message type %u", message->sadb_msg_type);
1601 T_END;
1602 }
1603 return;
1604 }
1605
1606 static void
pfkey_process_message_test_60687183_1(uint8_t ** mhp,int pfkey_socket)1607 pfkey_process_message_test_60687183_1(uint8_t **mhp, int pfkey_socket)
1608 {
1609 struct sadb_msg *message = (struct sadb_msg *)(void *)mhp[0];
1610 static uint32_t spi = 0;
1611
1612 if (message->sadb_msg_pid != (uint32_t)getpid()) {
1613 return;
1614 }
1615
1616 T_QUIET; T_ASSERT_EQ(message->sadb_msg_errno, 0, "SADB error for type %u error %d", message->sadb_msg_type, message->sadb_msg_errno);
1617
1618 switch (message->sadb_msg_type) {
1619 case SADB_ADD:
1620 {
1621 struct sadb_sa *sa_message = (struct sadb_sa *)(void *)mhp[SADB_EXT_SA];
1622 T_QUIET; T_ASSERT_NOTNULL(sa_message, "add sa message is NULL");
1623 spi = ntohl(sa_message->sadb_sa_spi);
1624 T_LOG("added sa 0x%x", spi);
1625 send_pkey_migrate_sa(pfkey_socket, spi, TEST_SRC_ADDRESS_IPv6, TEST_DST_ADDRESS_IPv6, AF_INET6,
1626 TEST_MIGRATE_SRC_ADDRESS_IPv6, TEST_MIGRATE_DST_ADDRESS_IPv6, AF_INET6);
1627 break;
1628 }
1629 case SADB_MIGRATE:
1630 {
1631 T_PASS("migrate SA success");
1632 T_END;
1633 }
1634 case SADB_FLUSH:
1635 case SADB_X_SPDFLUSH:
1636 break;
1637 default:
1638 T_FAIL("bad SADB message type %u", message->sadb_msg_type);
1639 T_END;
1640 }
1641 return;
1642 }
1643
1644 static void
pfkey_process_message_test_60687183_2(uint8_t ** mhp,int pfkey_socket)1645 pfkey_process_message_test_60687183_2(uint8_t **mhp, int pfkey_socket)
1646 {
1647 struct sadb_msg *message = (struct sadb_msg *)(void *)mhp[0];
1648 static uint32_t spi = 0;
1649
1650 if (message->sadb_msg_pid != (uint32_t)getpid()) {
1651 return;
1652 }
1653
1654 if (message->sadb_msg_errno != 0) {
1655 T_QUIET; T_ASSERT_EQ(message->sadb_msg_type, SADB_MIGRATE, "SADB error for type %u error %d", message->sadb_msg_type, message->sadb_msg_errno);
1656 T_QUIET; T_ASSERT_EQ(message->sadb_msg_errno, EINVAL, "SADB error for type %u error %d", message->sadb_msg_type, message->sadb_msg_errno);
1657 T_PASS("SADB migrate SA received EINVAL");
1658 T_END;
1659 }
1660
1661 T_QUIET; T_ASSERT_EQ(message->sadb_msg_errno, 0, "SADB error for type %u error %d", message->sadb_msg_type, message->sadb_msg_errno);
1662
1663 switch (message->sadb_msg_type) {
1664 case SADB_ADD:
1665 {
1666 struct sadb_sa *sa_message = (struct sadb_sa *)(void *)mhp[SADB_EXT_SA];
1667 T_QUIET; T_ASSERT_NOTNULL(sa_message, "add sa message is NULL");
1668 spi = ntohl(sa_message->sadb_sa_spi);
1669 T_LOG("added sa 0x%x", spi);
1670 send_pkey_migrate_sa(pfkey_socket, spi, TEST_SRC_ADDRESS_IPv6, TEST_DST_ADDRESS_IPv6, AF_INET6,
1671 TEST_MIGRATE_SRC_ADDRESS_IPv6, TEST_MIGRATE_DST_ADDRESS_IPv6, AF_CHAOS);
1672 break;
1673 }
1674 case SADB_MIGRATE:
1675 {
1676 T_FAIL("migrate SA test for bad address failed");
1677 T_END;
1678 }
1679 case SADB_FLUSH:
1680 case SADB_X_SPDFLUSH:
1681 break;
1682 default:
1683 T_FAIL("bad SADB message type %u", message->sadb_msg_type);
1684 T_END;
1685 }
1686 return;
1687 }
1688
1689 static void
pfkey_process_message_test_78944570(uint8_t ** mhp,__unused int pfkey_socket)1690 pfkey_process_message_test_78944570(uint8_t **mhp, __unused int pfkey_socket)
1691 {
1692 struct sadb_msg *message = (struct sadb_msg *)(void *)mhp[0];
1693
1694 if (message->sadb_msg_pid != (uint32_t)getpid()) {
1695 return;
1696 }
1697
1698 switch (message->sadb_msg_type) {
1699 case SADB_X_SPDADD:
1700 {
1701 if (message->sadb_msg_errno != 0) {
1702 T_QUIET; T_ASSERT_EQ(message->sadb_msg_errno, EINVAL, "SADB error for type %u error %d", message->sadb_msg_type, message->sadb_msg_errno);
1703 T_PASS("SADB spd add received EINVAL");
1704 } else {
1705 T_FAIL("SADB spd add received success");
1706 }
1707 T_END;
1708 break;
1709 }
1710 case SADB_FLUSH:
1711 case SADB_X_SPDFLUSH:
1712 break;
1713 default:
1714 T_FAIL("bad SADB message type %u", message->sadb_msg_type);
1715 T_END;
1716 }
1717 return;
1718 }
1719
1720 static void
pfkey_process_message_test_134671927(uint8_t ** mhp,int pfkey_socket)1721 pfkey_process_message_test_134671927(uint8_t **mhp, int pfkey_socket)
1722 {
1723 struct sadb_msg *message = (struct sadb_msg *)(void *)mhp[0];
1724 static uint32_t spi = 0;
1725
1726 if (message->sadb_msg_type != SADB_EXPIRE && message->sadb_msg_pid != (uint32_t)getpid()) {
1727 return;
1728 }
1729
1730 T_QUIET; T_ASSERT_EQ(message->sadb_msg_errno, 0, "SADB error for type %u error %d", message->sadb_msg_type, message->sadb_msg_errno);
1731
1732 switch (message->sadb_msg_type) {
1733 case SADB_REGISTER:
1734 {
1735 T_LOG("registered for SA updates");
1736 send_pkey_add_sa(pfkey_socket, 0x12345678, TEST_SRC_ADDRESS_IPv6, TEST_DST_ADDRESS_IPv6, AF_INET6);
1737 break;
1738 }
1739 case SADB_ADD:
1740 {
1741 struct sadb_sa *sa_message = (struct sadb_sa *)(void *)mhp[SADB_EXT_SA];
1742 T_QUIET; T_ASSERT_NOTNULL(sa_message, "add sa message is NULL");
1743 spi = ntohl(sa_message->sadb_sa_spi);
1744 T_LOG("added sa 0x%x", spi);
1745 break;
1746 }
1747 case SADB_EXPIRE:
1748 {
1749 struct sadb_sa *sa_message = (struct sadb_sa *)(void *)mhp[SADB_EXT_SA];
1750 T_QUIET; T_ASSERT_NOTNULL(sa_message, "expire sa message is NULL");
1751 if (spi == 0 || spi != ntohl(sa_message->sadb_sa_spi)) {
1752 break;
1753 }
1754 T_LOG("expire sa 0x%x", spi);
1755 send_pkey_migrate_sa(pfkey_socket, spi, TEST_SRC_ADDRESS_IPv6, TEST_DST_ADDRESS_IPv6, AF_INET6,
1756 TEST_MIGRATE_SRC_ADDRESS_IPv6, TEST_MIGRATE_DST_ADDRESS_IPv6, AF_INET6);
1757 break;
1758 }
1759 case SADB_MIGRATE:
1760 {
1761 T_PASS("migrate SA success");
1762 T_END;
1763 }
1764 case SADB_FLUSH:
1765 case SADB_X_SPDFLUSH:
1766 break;
1767 default:
1768 T_FAIL("bad SADB message type %u", message->sadb_msg_type);
1769 T_END;
1770 }
1771 return;
1772 }
1773
1774 static int
setup_tcp_server(uint16_t port)1775 setup_tcp_server(uint16_t port)
1776 {
1777 struct sockaddr_in server_addr = {};
1778 int server_fd = -1;
1779
1780 T_QUIET; T_ASSERT_POSIX_SUCCESS(server_fd = socket(AF_INET, SOCK_STREAM, 0),
1781 "tcp server socket creation failed");
1782
1783 server_addr.sin_family = AF_INET;
1784 server_addr.sin_addr.s_addr = htonl(INADDR_ANY);
1785 server_addr.sin_port = htons(port);
1786
1787 T_QUIET; T_ASSERT_POSIX_SUCCESS(bind(server_fd, (struct sockaddr *)&server_addr,
1788 sizeof(server_addr)), "tcp server bind failed");
1789
1790 T_QUIET; T_ASSERT_POSIX_SUCCESS(listen(server_fd, 2), "tcp server listen failed");
1791 return server_fd;
1792 }
1793
1794 static int
setup_loopback_tcp_client(uint16_t server_port)1795 setup_loopback_tcp_client(uint16_t server_port)
1796 {
1797 struct sockaddr_in conn_addr = {};
1798 int client_fd = -1;
1799
1800 T_QUIET; T_ASSERT_POSIX_SUCCESS(client_fd = socket(AF_INET, SOCK_STREAM, 0),
1801 "tcp client socket creation failed");
1802 T_QUIET; T_ASSERT_POSIX_SUCCESS(inet_pton(AF_INET, "127.0.0.1", &conn_addr.sin_addr),
1803 "loopback address inet_pton failed");
1804
1805 conn_addr.sin_family = AF_INET;
1806 conn_addr.sin_port = htons(server_port);
1807
1808 T_QUIET; T_ASSERT_POSIX_SUCCESS(connect(client_fd, (struct sockaddr *)&conn_addr, sizeof(conn_addr)),
1809 "tcp loopback client connect failed");
1810 return client_fd;
1811 }
1812
1813 static void
setup_socket_policy(int socket_fd)1814 setup_socket_policy(int socket_fd)
1815 {
1816 uint8_t __attribute__((aligned(4))) buf[
1817 sizeof(struct sadb_x_policy) +
1818 sizeof(struct sadb_x_ipsecrequest) +
1819 sizeof(struct sockaddr_in) +
1820 sizeof(struct sockaddr_in)
1821 ];
1822
1823 struct sadb_x_policy *xpl = (struct sadb_x_policy *)buf;
1824 struct sadb_x_ipsecrequest *xisr = (struct sadb_x_ipsecrequest *)(xpl + 1);
1825 struct sockaddr *sa;
1826
1827
1828 bzero(buf, sizeof(buf));
1829 /* xpl: */
1830 xpl->sadb_x_policy_len = sizeof(buf) >> 3;
1831 xpl->sadb_x_policy_dir = IPSEC_DIR_INBOUND;
1832 xpl->sadb_x_policy_type = IPSEC_POLICY_IPSEC;
1833 /* xisr: */
1834 xisr->sadb_x_ipsecrequest_len = sizeof(buf) - sizeof(*xpl);
1835 xisr->sadb_x_ipsecrequest_proto = IPPROTO_ESP;
1836 xisr->sadb_x_ipsecrequest_mode = IPSEC_MODE_TRANSPORT;
1837 xisr->sadb_x_ipsecrequest_level = IPSEC_LEVEL_DEFAULT;
1838 /* src sockaddr: */
1839 sa = (struct sockaddr *)(xisr + 1);
1840 sa->sa_len = sizeof(struct sockaddr_in);
1841 /* dst sockaddr: */
1842 sa = (struct sockaddr *)((char *)(xisr + 1) + sa->sa_len);
1843 sa->sa_len = sizeof(struct sockaddr_in);
1844
1845 T_QUIET; T_ASSERT_POSIX_SUCCESS(setsockopt(socket_fd, IPPROTO_IP, IP_IPSEC_POLICY,
1846 buf, sizeof(buf)), "tcp server listen failed");
1847 }
1848
1849 T_DECL(sadb_x_get_60822136, "security policy reference count overflow", T_META_TAG_VM_PREFERRED)
1850 {
1851 test_id = TEST_SADB_X_GET_OVERFLOW_60822136;
1852
1853 int pfkey_socket = pfkey_setup_socket();
1854 send_pfkey_flush_sa(pfkey_socket);
1855 send_pfkey_flush_sp(pfkey_socket);
1856 send_pfkey_spd_add_message(pfkey_socket, IPSEC_ULPROTO_ANY);
1857
1858 dispatch_main();
1859 }
1860
1861 T_DECL(sadb_x_spd_enable_60822924, "security policy reference count overflow", T_META_TAG_VM_PREFERRED)
1862 {
1863 test_id = TEST_SADB_X_SPDENABLE_OVERFLOW_60822924;
1864
1865 int pfkey_socket = pfkey_setup_socket();
1866 send_pfkey_flush_sa(pfkey_socket);
1867 send_pfkey_flush_sp(pfkey_socket);
1868 send_pfkey_spd_add_message(pfkey_socket, IPSEC_ULPROTO_ANY);
1869
1870 dispatch_main();
1871 }
1872
1873 T_DECL(sadb_x_spd_disable_60822956, "security policy reference count overflow", T_META_TAG_VM_PREFERRED)
1874 {
1875 test_id = TEST_SADB_X_SPDDISABLE_OVERFLOW_60822956;
1876
1877 int pfkey_socket = pfkey_setup_socket();
1878 send_pfkey_flush_sa(pfkey_socket);
1879 send_pfkey_flush_sp(pfkey_socket);
1880 send_pfkey_spd_add_message(pfkey_socket, IPSEC_ULPROTO_ANY);
1881
1882 dispatch_main();
1883 }
1884
1885 T_DECL(sadb_update_60679513, "security association use after free", T_META_TAG_VM_PREFERRED)
1886 {
1887 test_id = TEST_SADB_UPDATE_USE_AFTER_FREE_60679513;
1888
1889 int pfkey_socket = pfkey_setup_socket();
1890 send_pfkey_flush_sa(pfkey_socket);
1891 send_pfkey_flush_sp(pfkey_socket);
1892 send_pkey_get_spi(pfkey_socket);
1893
1894 dispatch_main();
1895 }
1896
1897 T_DECL(sadb_dump_60768729, "security association sa dump heap overflow", T_META_ENABLED(false), T_META_TAG_VM_PREFERRED)
1898 {
1899 test_id = TEST_SADB_DUMP_HEAP_OVERFLOW_60768729;
1900
1901 int pfkey_socket = pfkey_setup_socket();
1902 T_ATEND(pfkey_cleanup);
1903 send_pfkey_flush_sa(pfkey_socket);
1904 send_pfkey_flush_sp(pfkey_socket);
1905 send_pkey_get_spi(pfkey_socket);
1906
1907 dispatch_main();
1908 }
1909
1910 // Disabled due to rdar://92910783
1911 T_DECL(sadb_policy_dump_60769680, "security association sa policy dump heap overflow", T_META_ENABLED(false), T_META_TAG_VM_PREFERRED)
1912 {
1913 test_id = TEST_SADB_POLICY_DUMP_HEAP_OVERFLOW_60769680;
1914
1915 int pfkey_socket = pfkey_setup_socket();
1916 T_ATEND(pfkey_cleanup);
1917 send_pfkey_flush_sa(pfkey_socket);
1918 send_pfkey_flush_sp(pfkey_socket);
1919 send_pfkey_spd_add_message(pfkey_socket, 1);
1920
1921 dispatch_main();
1922 }
1923
1924 T_DECL(sadb_get_sastat_oob_60769680, "security association get sa stat oob read", T_META_TAG_VM_PREFERRED)
1925 {
1926 test_id = TEST_SADB_GETSASTAT_OOB_READ_60822823;
1927
1928 int pfkey_socket = pfkey_setup_socket();
1929 T_ATEND(pfkey_cleanup);
1930 send_pfkey_flush_sa(pfkey_socket);
1931 send_pfkey_flush_sp(pfkey_socket);
1932 send_pkey_add_sa(pfkey_socket, 0x12345678, TEST_SRC_ADDRESS_IPv4, TEST_DST_ADDRESS_IPv4, AF_INET);
1933
1934 dispatch_main();
1935 }
1936
1937 T_DECL(sadb_get_sastat_success, "security association get sa stat", T_META_TAG_VM_PREFERRED)
1938 {
1939 test_id = TEST_SADB_GETSASTAT_OOB_READ_SUCCESS;
1940
1941 int pfkey_socket = pfkey_setup_socket();
1942 T_ATEND(pfkey_cleanup);
1943 send_pfkey_flush_sa(pfkey_socket);
1944 send_pfkey_flush_sp(pfkey_socket);
1945 send_pkey_add_sa(pfkey_socket, 0x12345678, TEST_SRC_ADDRESS_IPv4, TEST_DST_ADDRESS_IPv4, AF_INET);
1946
1947 dispatch_main();
1948 }
1949
1950 T_DECL(sadb_key_migrate_address_ipv4, "security association migrate address ipv4", T_META_TAG_VM_PREFERRED)
1951 {
1952 test_id = TEST_SADB_EXT_MIGRATE_ADDRESS_IPv4;
1953
1954 int pfkey_socket = pfkey_setup_socket();
1955 T_ATEND(pfkey_cleanup);
1956 send_pfkey_flush_sa(pfkey_socket);
1957 send_pfkey_flush_sp(pfkey_socket);
1958 send_pkey_add_sa(pfkey_socket, 0x12345678, TEST_SRC_ADDRESS_IPv4, TEST_DST_ADDRESS_IPv4, AF_INET);
1959
1960 dispatch_main();
1961 }
1962
1963 T_DECL(sadb_key_migrate_address_ipv6, "security association migrate address ipv6", T_META_TAG_VM_PREFERRED)
1964 {
1965 test_id = TEST_SADB_EXT_MIGRATE_ADDRESS_IPv6;
1966
1967 int pfkey_socket = pfkey_setup_socket();
1968 T_ATEND(pfkey_cleanup);
1969 send_pfkey_flush_sa(pfkey_socket);
1970 send_pfkey_flush_sp(pfkey_socket);
1971 send_pkey_add_sa(pfkey_socket, 0x12345678, TEST_SRC_ADDRESS_IPv6, TEST_DST_ADDRESS_IPv6, AF_INET6);
1972
1973 dispatch_main();
1974 }
1975
1976 T_DECL(sadb_key_migrate_bad_address, "security association migrate bad address", T_META_TAG_VM_PREFERRED)
1977 {
1978 test_id = TEST_SADB_EXT_MIGRATE_BAD_ADDRESS;
1979
1980 int pfkey_socket = pfkey_setup_socket();
1981 T_ATEND(pfkey_cleanup);
1982 send_pfkey_flush_sa(pfkey_socket);
1983 send_pfkey_flush_sp(pfkey_socket);
1984 send_pkey_add_sa(pfkey_socket, 0x12345678, TEST_SRC_ADDRESS_IPv6, TEST_DST_ADDRESS_IPv6, AF_INET6);
1985
1986 dispatch_main();
1987 }
1988
1989 T_DECL(tcp_input_ipsec_copy_policy, "listener policy copied to child", T_META_TAG_VM_PREFERRED)
1990 {
1991 test_id = TEST_TCP_INPUT_IPSEC_COPY_POLICY;
1992
1993 int server_fd = setup_tcp_server(4000);
1994 setup_socket_policy(server_fd);
1995 int client_fd = setup_loopback_tcp_client(4000);
1996
1997 sleep(3);
1998 close(client_fd);
1999 close(server_fd);
2000
2001 T_PASS("listener policy copied to child");
2002 }
2003
2004 T_DECL(sadb_x_spd_add_78944570, "security policy add failure", T_META_TAG_VM_PREFERRED)
2005 {
2006 test_id = TEST_SADB_X_SPDADD_MEMORY_LEAK_78944570;
2007
2008 int pfkey_socket = pfkey_setup_socket();
2009 send_pfkey_flush_sa(pfkey_socket);
2010 send_pfkey_flush_sp(pfkey_socket);
2011 send_pfkey_spd_add_message(pfkey_socket, IPSEC_ULPROTO_ANY);
2012
2013 dispatch_main();
2014 }
2015
2016 T_DECL(sadb_key_migrate_after_expiry_134671927, "security association migrate after expiry", T_META_TAG_VM_PREFERRED)
2017 {
2018 test_id = TEST_SADB_EXT_MIGRATE_AFTER_EXPIRY_134671927;
2019
2020 int pfkey_socket = pfkey_setup_socket();
2021 T_ATEND(pfkey_cleanup);
2022 send_pfkey_flush_sa(pfkey_socket);
2023 send_pfkey_flush_sp(pfkey_socket);
2024 send_pfkey_register(pfkey_socket);
2025
2026 dispatch_main();
2027 }
2028