Tobias Brunner [Fri, 23 Oct 2015 14:55:39 +0000 (16:55 +0200)]
android: Fix build after updating Linux headers
Since we don't use the kernel-netlink plugin anymore and the headers
in the NDK are reasonably recent, we don't need this anymore (at least
when building the app).
Tobias Brunner [Mon, 9 Nov 2015 16:07:25 +0000 (17:07 +0100)]
ikev1: Also use message hashes for Quick Mode for the early retransmission check
We already did so during Phase 1 but because all three Quick Mode
message have the same message ID we occasionally dropped the third
message as retransmit, so we do it there too. For INFORMATIONAL
and TRANSACTION exchanges we don't expect more than one inbound message
with the same message ID so we still use them there.
Thomas Egerer [Tue, 6 Oct 2015 09:02:45 +0000 (11:02 +0200)]
kernel-interface: Return bool for kernel interface registration
If the (un)registering of a kernel interface (net or ipsec) fails, the
plugin loader will never know, since the appropriate functions always
returns TRUE. By making the (un)register functions return a boolean
value, the loader can detect a failure during initializing the kernel
interface and abort charon startup if desired.
Tobias Brunner [Mon, 2 Nov 2015 15:22:38 +0000 (16:22 +0100)]
socket-default: Refactor setting source address when sending messages
This ensures we don't pass data (via msg_control) defined in a different
scope to sendmsg(). Actually, some compilers (e.g. GCC 5.2.1) might
optimize the memcpy() call away causing the packets not to get sent from
the intended source address.
It also makes the code clearer than with all these ifdefs.
ike-natd: Create fake NAT-D payloads in a more static way
In some scenarios an IKE_SA might get restarted multiple times (e.g.
due to retransmits and delayed INVALID_KE_PAYLOAD notifies) so that
two IKE_SA_INIT messages might be sent that only differ in the
previously randomly generated NAT_DETECTION_SOURCE_IP payload.
This could cause an authentication failure on the responder if the two
peers don't use the same IKE_SA_INIT message in their InitiatorSignedOctets.
While the payload is generated in a reproducible way it will still change
when the daemon is restarted, which should make detecting the payloads
as fake a bit harder (compared to e.g. just using 0.0.0.0:0 as address).
Tobias Brunner [Fri, 6 Nov 2015 13:45:57 +0000 (14:45 +0100)]
mediation: Reschedule initiate mediation job if SA is not yet found
If the job gets queued for a newly created IKE_SA it might not yet be
checked in when the job is running, reschedule the job in that case.
This should fix the two p2pnat test scenarios, which occasionally
failed because one of the peers did not initiate the connection to
the mediation server.
Tobias Brunner [Thu, 5 Nov 2015 17:52:27 +0000 (18:52 +0100)]
ike-sa-manager: Signal entries that we don't actually check out
In some cases we call wait_for_entry() but don't actually check out the
entry afterwards (e.g. because it doesn't match certain criteria). So
there won't be a call to checkin() for such entries causing waiting
threads to get signaled. Instead, such threads would be blocked until
another thread properly checks out/in the entry (or does a blocking
enumeration).
Tobias Brunner [Thu, 5 Nov 2015 13:59:34 +0000 (14:59 +0100)]
testing: Speed up ifdown calls in ikev2/mobike scenarios
ifdown calls bind's rndc, which tries to access TCP port 953 on lo.
If these packets are dropped by the firewall we have to wait for the TCP
connections to time out, which takes quite a while.
Tobias Brunner [Thu, 5 Nov 2015 13:57:07 +0000 (14:57 +0100)]
testing: Avoid delays with ping by using -W and -i options
With -W we reduce timeouts when we don't expect a response. With -i the
interval between pings is reduced (mostly in case of auto=route where
the first ping yields no reply).
Tobias Brunner [Tue, 6 Oct 2015 15:21:01 +0000 (17:21 +0200)]
ipsec: Quit script quicker for ipsec stop
It rarely takes 1 second or longer to terminate the daemon. This
decreases the runtime of the post test step a lot where `ipsec stop`
is called for multiple hosts in each test case (10-15 minutes over all
test cases).
testing: Add a base strongswan.conf file used by all hosts in all scenarios
We will use this to set some defaults (e.g. timeouts to make testing
negative tests quicker). We don't want these settings to show up in the
configs of the actual scenarios though.
plugin-loader: Optionally use RTLD_NOW with dlopen()
This can be useful when writing custom plugins as typos or missing
linker flags that result in unresolved symbols in the shared object
could otherwise cause late crashes. In particular, if such a symbol
is used in a code path that is rarely executed. During development
and testing using RTLD_NOW instead of RTLD_LAZY will prevent the
plugin from getting loaded and makes the error visible immediately.
Tobias Brunner [Mon, 9 Nov 2015 10:39:54 +0000 (11:39 +0100)]
vici: Add NAT information when listing IKE_SAs
The `nat-local` and `nat-remote` keys contain information on the NAT
status of the local and remote IKE endpoints, respectively. If a
responder did not detect a NAT but is configured to fake a NAT situation
this is indicated by `nat-fake` (if an initiator fakes a NAT situation
`nat-local` is set). If any NAT is detected or faked `nat-any` is set.
Tobias Brunner [Fri, 23 Oct 2015 12:34:54 +0000 (14:34 +0200)]
iv-gen: Use NULL IV generator for NULL encryption
We don't need an IV for NULL encryption, so we wouldn't technically need
an IV generator. But some of the code currently relies on an IV
generator to be present. So we don't have to change that code and
handle IV size == 0 specially we use the new NULL IV generator, which
handles this transparently to the existing code.
Before 3c81cb6fc322 ("aead: Create AEAD using traditional transforms
with an explicit IV generator") iv_gen_rand_t was used for NULL
encryption, which would work too but this way it's clearer.
Tobias Brunner [Fri, 30 Oct 2015 10:19:44 +0000 (11:19 +0100)]
testing: Update tkm to version 0.1.3
Adds XFRM state/policy flush when terminating which caused tests to fail
due to the check added with 9086f060d35a ("testing: Let test scenarios
fail if IPsec SAs or policies are not removed").
Due to the nonce, the ESP key material is four bytes longer than needed for
the actual AES key. The crypto plugins, however, register their AES-CTR
implementations with the AES key length, so the lookup here failed.
For IKEv2 the key material is allocated after creating a crypter instance
with the negotiated AES key size. The length of the actual key material is
retrieved via get_key_size(), which adds the four bytes to the AES key length.
Tobias Brunner [Fri, 30 Oct 2015 09:33:51 +0000 (10:33 +0100)]
Merge branch 'ikev1-cache-informational'
With these changes an INFORMATIONAL message (e.g. with an INITIAL_CONTACT
notify) that arrives while a responder is waiting for the last Aggressive
Mode request gets queued and delivered later. Previously such messages
caused the IKE_SA to fail as some tasks waiting for the last AM message
fail when trying to handle the INFORMATIONAL message. Therefore, all
other messages, such as TRANSACTION and QUICK_MODE requests, are now
dropped until AM is complete. These don't have to be cached as they get
retransmitted by the other peer.
Tobias Brunner [Mon, 12 Oct 2015 09:04:55 +0000 (11:04 +0200)]
random: Properly handle errors when reading from /dev/[u]random
If -1 was returned on the first call to read() `done` got SIZE_MAX
and the function returned TRUE even though no actual random data had
been allocated.
Tobias Brunner [Wed, 7 Oct 2015 14:08:22 +0000 (16:08 +0200)]
ikev1: Avoid fourth QM message if third QM messages of multiple exchanges are handled delayed
If we haven't received the third QM message for multiple exchanges the
return value of NEED_MORE for passive tasks that are not responsible for
a specific exchange would trigger a fourth empty QM message.
ikev1: Prevent deadlock when checking for duplicate IKEv1 SAs
Previously, the current segment was held while checking for duplicate
SAs, which requires acquiring all segments. If multiple threads did this
concurrently this resulted in a deadlock as they couldn't acquire the
segments held by the other threads attempting to do the same. With the
default configuration only one segment is used, which prevents the problem
as only one thread can check in an IKE SA concurrently.
Fixes: a064eaa8a63a ("Handling of initial contact")