Tobias Brunner [Fri, 27 Mar 2015 15:14:45 +0000 (16:14 +0100)]
WIP
We could extend the expire event so it includes the last usage values of
the expired SA. One issue with that is that we only get one direction,
so we'd have to query the other direction before we delete the SA (there
could be a race if it expired shortly after the first one - we could
increase the lifetime of one direction a bit, though, so we would have
enough time for this). Also, we currently don't cache usage data on the
child_sa_t object, which we had to do to report the final numbers via
get_usestats(). And we'd also need to actually trigger child_updown
for such SAs even after they were rekeyed (not possible for IKEv2 at
the moment). This may all be a bit overkill as for the general use case
this should not be an issue.
Basically, if the other peer uses an SA after it got rekeyed the usage
numbers won't be accurate. That is, all data transmitted since the last
update before expiration won't be accounted for (child_rekey, or interim
update - so this is less of an issue with interim updates, or with
relatively short rekeymargin). The peer will also only be able to send
data on the inbound SA (from the server's point of view), as the server
will always use the latest outbound SA. But the same problem occurs if
no rekeying is used, as in that case SAs will simply expire at some point
and no current data can be queried anymore (but I guess that's a rather
unusual use case).
Tobias Brunner [Wed, 25 Mar 2015 17:05:57 +0000 (18:05 +0100)]
bus: Add new hook called when IKEv1 CHILD_SAs are migrated to a new IKE_SA
The interface is currently not very nice, but if we ever were able to
safely checkout multiple SAs concurrently we could add something similar
to ike_rekey() and call that when we detect a reauthentication.
Tobias Brunner [Tue, 24 Mar 2015 16:38:49 +0000 (17:38 +0100)]
eap-radius: Add cache for usage stats of expired/rekeyed SAs
There are several situations that the previous code didn't handle that
well, for example, interim updates during rekeying (until the rekeyed SA
was deleted the numbers were too high, then suddenly dropped afterwards),
or rekeying for IKEv1 in general because rekeyed IPsec SAs stay installed
until they expire (so if they were still around when the IKE_SA was
terminated, the reported numbers in the Stop message were too high).
If intermediate updates are not used the cache entries for rekeyed
CHILD_SA will accumulate, we can't clean them up as we don't get
child_updown() events for them.
If we sent retransmits for a message and didn't receive a response it might
still arrive later. Such a message will be queued on the socket. The next
read will then return not the expected response but the one for the earlier
request. For this message the verification will fail and the message gets
discarded. But with the earlier code the actual response was never received.
Instead, a subsequent request resulted in the same failure and so on.
Tobias Brunner [Tue, 5 May 2015 16:11:50 +0000 (18:11 +0200)]
starter: Ensure the daemon executable exists when starting up
The only purpose of starter is to control the IKE daemon, so we
terminate it if the daemon executable is not found (e.g. because
DAEMON_NAME is incorrect).
This removes the charonstart setting (it was not actually configurable
anymore).
Tobias Brunner [Tue, 5 May 2015 15:50:27 +0000 (17:50 +0200)]
starter: Remove START_CHARON compile flag
Since the removal of pluto this is quite superfluous. The flag itself
might be useful to avoid starting charon if the executable does not
exist for some reason (e.g. if DAEMON_NAME is incorrect).
Tobias Brunner [Tue, 5 May 2015 07:39:11 +0000 (09:39 +0200)]
ike-init: Fix error handling if nonceg can't be created
Returning FAILED in the constructor is wrong, but returning NULL doesn't work
either as it's currently assumed tasks always can be created.
Therefore, delay this check until we actually try to allocate a nonce.
Martin Willi [Tue, 5 May 2015 08:37:34 +0000 (10:37 +0200)]
swanctl: Fix --uri option
As we now pass the vici connection to the command dispatcher callback, we can't
parse the --uri option to create the connection from the same callback. Instead
pre-process the common command options in a separate loop, and ignore the same
options while processing the actual command.
This allows to control the life-cycle of a nonce in the context of the
ike init task. In the TKM use-case the nonce generator cannot be
destroyed before the ike init task is finalized, otherwise the created
nonce is detected as stale.
child-create: Make nonceg a member of child_create struct
This allows to control the life-cycle of a nonce in the context of the
child create task. In the TKM use-case, it is required to reset the
nonce context if the created nonce is not consumed. This happens if the
child SA negotiation fails and it is detected before the SA is
established via the TKM kernel plugin (i.e. rekey collision).
If the nonce generator detects a stale nonce upon destroy(), it resets
the context in the TKM and releases associated resources in the ID
manager and chunk map.
Also, do not acquire the nonce context ID in tkm_nonceg_create function
but rather when the nonce is actually created by get_nonce().
The nonces created with get_nonce must also be registered in the chunk map.
Timo Teräs [Wed, 29 Apr 2015 15:13:19 +0000 (18:13 +0300)]
vici: Default to certificate subject for identity
If id is not specified and certificate authentication is used, use the
certificate subject name as identity. Simplifies configuration as in most cases
this is the right thing to do.
openssl: Don't refer to EVP_des_ecb() if OpenSSL is built without DES support
While DES-ECB is not registered by the plugin in this case (so the
function will never actually be called), the compiler still warns
about the implicitly declared function.
Martin Willi [Thu, 16 Apr 2015 14:50:27 +0000 (16:50 +0200)]
Merge branch 'utils-split'
Split up the almighty utils.[ch] to separate files in the utils/utils subfolder.
These are not meant to include manually, but bring back some order to all
this functionality included through utils.h.
Martin Willi [Thu, 16 Apr 2015 07:38:14 +0000 (09:38 +0200)]
test-vectors: Define test vector symbols as extern
We don't actually define a vector, but only prototype the test vector
implemented in a different file. GCC uses the correct symbol during testing,
but clang correctly complains about duplicated symbols during linking.
Martin Willi [Tue, 14 Apr 2015 07:26:17 +0000 (09:26 +0200)]
unit-tests: Set test verbosity just after test suite loading
We see any plugin startup messages during suite configuration, where
initialization is called once to query plugin features. No need to be verbose
and show these messages once again in the first test.
Martin Willi [Mon, 13 Apr 2015 16:23:58 +0000 (18:23 +0200)]
unit-tests: Use progressive testing of transforms with test vectors
This allows us to show which transform from which plugin failed. Also, we use
the new cleanup handler functionality that allows proper deinitialization on
failure or timeout.
Martin Willi [Tue, 14 Apr 2015 06:59:58 +0000 (08:59 +0200)]
unit-tests: Invoke all registered thread cleanup handlers on test failure
If a test fails in a timeout or a test failure, longjmp() is used to restore
the thread context and handle test failure. However, there might be unreleased
resources, namely locks, which prevent the library to clean up properly after
finishing the test.
By using thread cleanup handlers, we can release any test subject internal or
test specific external resources on test failure. We do so by calling all
registered cleanup handlers.
Martin Willi [Mon, 13 Apr 2015 15:12:49 +0000 (17:12 +0200)]
gcrypt: Explicitly initialize RNG backend to allocate static data
The libgcrypt RNG implementation uses static buffer allocation which it does
not free. There is no symbol we can catch in leak-detective, hence we explicitly
initialize the RNG during the whitelisted gcrypt_plugin_create() function.
Martin Willi [Mon, 13 Apr 2015 10:02:07 +0000 (12:02 +0200)]
leak-detective: Whitelist gcrypt_plugin_create()
gcry_check_version() does not free statically allocated resources. However,
we can't whitelist it in some versions, as it is not a resolvable symbol name.
Instead, whitelist our own plugin constructor function.