Andreas Steffen [Sun, 26 Jun 2016 16:40:01 +0000 (18:40 +0200)]
Merge branch 'tpm2'
The libtpmtss library supports both TPM 1.2 and TPM 2.0 Trusted
Platform Modules. Features comprise capability discovery,
listing of PCRs, AIK generation and quote signatures.
Tobias Brunner [Mon, 20 Jun 2016 16:31:13 +0000 (18:31 +0200)]
testing: Start charon before Apache in tnc/tnccs-20-pdp-pt-tls
The change in c423d0e8a124 ("testing: Fix race in tnc/tnccs-20-pdp-pt-tls
scenario") is not really ideal as now the vici plugin might not yet be
ready when `swanctl --load-creds` is called. Perhaps starting charon
before Apache causes enough delay.
Once we switch to charon-systemd this isn't a problem anymore as starting the
unit will block until everything is up and ready. Also, the individual
swanctl calls will be redundant as the default service unit calls --load-all.
But start scripts do run before charon-systemd signals that the daemon is
ready, so using these would work too then.
Tobias Brunner [Mon, 20 Jun 2016 16:18:46 +0000 (18:18 +0200)]
testing: Only load selected plugins in swanctl
The main issue is that the ldap and curl plugins, or rather the libraries
they use, initialize GnuTLS (curl, strangely, even when it is, by its own
account, linked against OpenSSL). Some of these allocations are only freed
once the libraries are unloaded. This means that the leak detective causes
invalid frees when swanctl is terminated and libraries are unloaded after the
leak detective is already deinitialized.
Tobias Brunner [Fri, 17 Jun 2016 16:53:51 +0000 (18:53 +0200)]
Merge branch 'exchange-collisions'
Improves the handling of IKEv2 exchange collisions in several corner
cases. TEMPORARY_FAILURE and CHILD_SA_NOT_FOUND notifies that were defined
with RFC 7296 are now handled and sent as appropriate.
The behavior in these situations is tested with new unit tests.
If a passive rekeying fails due to an INVALID_KE_PAYLOAD we don't want
to consider this task later when resolving collisions. This previously
might have caused the wrong SA to get deleted/installed based on the nonces
in the unsuccessful exchange.
Tobias Brunner [Thu, 2 Jun 2016 13:50:11 +0000 (15:50 +0200)]
ikev2: Add possibility to delay initiation of a queued task
Such a task is not initiated unless a certain time has passed. This
allows delaying certain tasks but avoids problems if we'd do this
via a scheduled job (e.g. if the IKE_SA is rekeyed in the meantime).
If the IKE_SA is rekeyed the delay of such tasks is reset when the
tasks are adopted i.e. they get executed immediately on the new IKE_SA.
Tobias Brunner [Tue, 31 May 2016 12:41:19 +0000 (14:41 +0200)]
ike-rekey: Handle undetected collisions also if delete is delayed
If the peer does not detect the rekey collision and deletes the old
IKE_SA and then receives the colliding rekey request it will respond with
TEMPORARY_FAILURE. That notify may arrive before the DELETE does, in
which case we may just conclude the rekeying initiated by the peer.
Also, since the IKE_SA is destroyed in any case when we receive a delete
there is no point in storing the delete task in collide() as process_i()
in the ike-rekey task will never be called.
Tobias Brunner [Tue, 31 May 2016 10:22:32 +0000 (12:22 +0200)]
ike-rekey: Properly handle situation if the peer did not notice the rekey collision
We conclude the rekeying before deleting the IKE_SA. Waiting for the
potential TEMPORARY_FAILURE notify is no good because if that response
does not reach us the peer will not retransmit it upon our retransmits
of the rekey request if it already deleted the IKE_SA after receiving
our response to the delete.
Tobias Brunner [Sat, 28 May 2016 07:34:29 +0000 (09:34 +0200)]
ikev2: Add a new state to track rekeyed IKE_SAs
This makes handling such IKE_SAs more specifically compared to keeping them
in state IKE_CONNECTING or IKE_ESTABLISHED (which we did when we lost a
collision - even triggering the ike_updown event), or using IKE_REKEYING for
them, which would also be ambiguous.
For instance, we can now reject anything but DELETES for such SAs.
Tobias Brunner [Fri, 27 May 2016 08:17:53 +0000 (10:17 +0200)]
unit-tests: Make sure to flush the IKE_SA manager before destroying the sender
As the static plugin that creates and destroys the default sender was
not initialized because of the missing socket the daemon won't destroy
our sender. Test cases will eventually have to flush the IKE_SA manager to
satisfy the leak detective. However, in case of a test failure and if there
are IKE_SAs in the manager the daemon will flush the SAs when deinitializing,
which will cause deletes to get sent. This crashes if the sender is already
destroyed.
Tobias Brunner [Thu, 26 May 2016 14:57:31 +0000 (16:57 +0200)]
unit-tests: Provide a wrapper around bus_t::add_listener and unregister them during cleanup
In case listeners on the stack are triggered while cleaning up after a
test failed (e.g. via ike_sa_manager_t::flush) remaining listeners defined on
the stack would cause a segmentation fault.
Tobias Brunner [Thu, 26 May 2016 13:08:09 +0000 (15:08 +0200)]
ike-rekey: Establish new IKE_SA earlier as responder, but only if no collision
Moving to the new SA only after receiving the DELETE for the old SA was
not ideal as it rendered the new SA unusable (because it simply didn't
exist in the manager) if the DELETE was delayed/got dropped.
Tobias Brunner [Wed, 25 May 2016 17:12:53 +0000 (19:12 +0200)]
child-delete: Check if the deleted CHILD_SA is the redundant SA of a collision
This happens if the peer deletes the redundant SA before we are able to
handle the response. The deleted SA will be in state CHILD_INSTALLED but
we don't want to trigger the child_updown() event for it or recreate it.
Tobias Brunner [Thu, 12 May 2016 10:22:35 +0000 (12:22 +0200)]
child-delete: Remove unnecessary call to destroy_child_sa()
Generally, we will not find the CHILD_SA by searching for it with the
outbound SPI (the initiator of the DELETE sent its inbound SPI) - and if
we found a CHILD_SA it would most likely be the wrong one (one in which
we used the same inbound SPI as the peer used for the one it deletes).
And we don't actually want to destroy the CHILD_SA at this point as we
know we already initiated a DELETE ourselves, which means that task
still has a reference to it and will destroy the CHILD_SA when it
receives the response from the other peer.
Tobias Brunner [Thu, 12 May 2016 11:49:11 +0000 (13:49 +0200)]
unit-tests: Don't unload plugins before calling libcharon_deinit()
libcharon_deinit() already calls all the functions we called manually.
Unloading the plugins will not work if charon->initialize() is called
as charon's static plugin features would already be unloaded before the
destroyed members are accessed in destroy() to flush them.