aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ikev2/tasks
Commit message (Collapse)AuthorAgeFilesLines
* traffic-selector: Don't end printf'ed list of traffic selectors with a spaceTobias Brunner2015-11-102-4/+4
|
* ike-natd: Create fake NAT-D payloads in a more static wayTobias Brunner2015-11-091-20/+8
| | | | | | | | | | | | | | | In some scenarios an IKE_SA might get restarted multiple times (e.g. due to retransmits and delayed INVALID_KE_PAYLOAD notifies) so that two IKE_SA_INIT messages might be sent that only differ in the previously randomly generated NAT_DETECTION_SOURCE_IP payload. This could cause an authentication failure on the responder if the two peers don't use the same IKE_SA_INIT message in their InitiatorSignedOctets. While the payload is generated in a reproducible way it will still change when the daemon is restarted, which should make detecting the payloads as fake a bit harder (compared to e.g. just using 0.0.0.0:0 as address). Fixes #1131.
* ike-mobike: Send retransmits to the current local and remote addressesTobias Brunner2015-10-301-1/+5
| | | | | | These might have changed by a peer-initiated MOBIKE address update. Fixes #1125.
* child-rekey: Don't add a REKEY_SA notify if the child-create task is ↵Tobias Brunner2015-08-211-6/+9
| | | | deleting the SA
* child-create: Cache proposed IPsec protocolTobias Brunner2015-08-211-10/+13
| | | | | This allows us to DELETE CHILD_SAs on failures that occur before we retrieved the selected proposal.
* child-create: Don't attempt to delete the SA if we don't have all the ↵Tobias Brunner2015-08-211-8/+10
| | | | | | | information Since we only support single protocols we could probably guess it and always send a DELETE.
* child-rekey: Remove redundant migrate() call for child-create sub-taskTobias Brunner2015-08-211-2/+1
| | | | | | | When retrying due to a DH group mismatch this is already done by the child-create task itself. And in other cases where the task returns NEED_MORE we actually will need access to a possible proposal to properly delete it.
* child-create: Fix crash when retrying CHILD_SA rekeying due to a DH group ↵Tobias Brunner2015-08-211-0/+1
| | | | | | | | | | mismatch If the responder declines our KE payload during a CHILD_SA rekeying migrate() is called to reuse the child-create task. But the child-rekey task then calls the same method again. Fixes: 32df0d81fb46 ("child-create: Destroy nonceg in migrate()")
* ike-rekey: Fix cleanup() callTobias Brunner2015-07-271-2/+2
|
* ike-rekey: Reset IKE_SA on bus before sending CREATE_CHILD_SA responseTobias Brunner2015-07-271-1/+2
| | | | | Even when there is no error the CREATE_CHILD_SA response should be sent in the context of the existing IKE_SA.
* ike-rekey: Reset IKE_SA on the bus after destroying new IKE_SATobias Brunner2015-07-271-16/+15
| | | | | | | | | | | | | | | The destroy() method sets the IKE_SA on the bus to NULL, we reset it to the current IKE_SA so any events and log messages that follow happen in the correct context. A practical example where this is problematic is a DH group mismatch, which causes the first CREATE_CHILD_SA exchange to fail. Because the SA was not reset previously, the message() hook for the CREATE_CHILD_SA response, for instance, was triggered outside the context of an IKE_SA, that is, the ike_sa parameter was NULL, which is definitely not expected by several plugins. Fixes #862.
* ikev2: Enforce remote authentication config before proceeding with own ↵Martin Willi2015-06-051-0/+44
| | | | | | | | | | | | | | | | | | | | | | | | authentication Previously the constraints in the authentication configuration of an initiator were enforced only after all authentication rounds were complete. This posed a problem if an initiator used EAP or PSK authentication while the responder was authenticated with a certificate and if a rogue server was able to authenticate itself with a valid certificate issued by any CA the initiator trusted. Because any constraints for the responder's identity (rightid) or other aspects of the authentication (e.g. rightca) the initiator had were not enforced until the initiator itself finished its authentication such a rogue responder was able to acquire usernames and password hashes from the client. And if a client supported EAP-GTC it was even possible to trick it into sending plaintext passwords. This patch enforces the configured constraints right after the responder's authentication successfully finished for each round and before the initiator starts with its own authentication. Fixes CVE-2015-4171.
* child-create: Destroy nonceg in migrate()Tobias Brunner2015-05-051-1/+2
| | | | | Since another nonce gets allocated later (if any was allocated already) this would have resulted in a leaked nonce context ID when used in charon-tkm.
* child-create: Fix error handling if nonceg can't be createdTobias Brunner2015-05-051-14/+12
| | | | As with ike-init we can't return NULL in the task constructor.
* ike-init: Fix error handling if nonceg can't be createdTobias Brunner2015-05-051-13/+21
| | | | | | Returning FAILED in the constructor is wrong, but returning NULL doesn't work either as it's currently assumed tasks always can be created. Therefore, delay this check until we actually try to allocate a nonce.
* ike-init: Fix compiler warningTobias Brunner2015-05-051-2/+0
|
* ike-init: Make nonceg a member of ike_init structReto Buerki2015-05-041-20/+17
| | | | | | | This allows to control the life-cycle of a nonce in the context of the ike init task. In the TKM use-case the nonce generator cannot be destroyed before the ike init task is finalized, otherwise the created nonce is detected as stale.
* child-create: Make nonceg a member of child_create structReto Buerki2015-05-041-12/+16
| | | | | | | | This allows to control the life-cycle of a nonce in the context of the child create task. In the TKM use-case, it is required to reset the nonce context if the created nonce is not consumed. This happens if the child SA negotiation fails and it is detected before the SA is established via the TKM kernel plugin (i.e. rekey collision).
* Add bool param to ALERT_KEEP_ON_CHILD_SA_FAILURE alertAdrian-Ken Rueegsegger2015-05-041-2/+6
| | | | | The parameter indicates if the alert is raised upon failure to establish the first CHILD SA of an IKE SA.
* ike-vendor: Add some Microsoft vendor IDsTobias Brunner2015-04-211-0/+10
|
* utils: Use chunk_equals_const() for all cryptographic purposesMartin Willi2015-04-141-1/+1
|
* diffie-hellman: Add a bool return value to set_other_public_value()Martin Willi2015-03-232-3/+42
|
* diffie-hellman: Add a bool return value to get_my_public_value()Martin Willi2015-03-231-0/+1
|
* encoding: Allow ke_payload_create_from_diffie_hellman() to failMartin Willi2015-03-232-7/+34
|
* ikev2: Immediately initiate queued tasks after establishing rekeyed IKE_SAMartin Willi2015-03-181-0/+29
| | | | | | If additional tasks get queued before/while rekeying an IKE_SA, these get migrated to the new IKE_SA. We previously did not trigger initiation of these tasks, though, leaving the task unexecuted until a new task gets queued.
* ikev2: Consider signature schemes in rightauth when sending hash algorithmsTobias Brunner2015-03-041-14/+54
|
* ikev2: Add a global option to disable RFC 7427 signature authenticationTobias Brunner2015-03-041-2/+12
| | | | This is mostly for testing.
* ikev2: Enable signature authentication by transmitting supported hash algorithmsTobias Brunner2015-03-041-4/+83
|
* ikev2: Schedule a timeout for the delete message following passive IKE rekeyingMartin Willi2015-03-031-0/+6
| | | | | | | | | | | | | | | | | | | | | | | Under some conditions it can happen that the CREATE_CHILD_SA exchange for rekeying the IKE_SA initiated by the peer is successful, but the delete message does not follow. For example if processing takes just too long locally, the peer might consider us dead, but we won't notice that. As this leaves the old IKE_SA in IKE_REKEYING state, we currently avoid actively initiating any tasks, such as rekeying or scheduled DPD. This leaves the IKE_SA in a dead and unusable state. To avoid that situation, we schedule a timeout to wait for the DELETE message to follow the CREATE_CHILD_SA, before we actively start to delete the IKE_SA. Alternatively we could start a liveness check on the SA after a timeout to see if the peer still has that state and we can expect the delete to follow. But it is unclear if all peers can handle such messages in this very special state, so we currently don't go for that approach. While we could calculate the timeout based on the local retransmission timeout, the peer might use a different scheme, so a fixed timeout works as well. Fixes #742.
* ikev2: Schedule a make-before-break completion task to delete old IKE_SAMartin Willi2015-02-203-0/+160
|
* attribute-manager: Pass full IKE_SA to handler methodsMartin Willi2015-02-201-4/+2
|
* attribute-manager: Pass the full IKE_SA to provider methodsMartin Willi2015-02-201-2/+2
|
* attributes: Move the configuration attributes framework to libcharonMartin Willi2015-02-201-8/+7
|
* ike: Consistently log CHILD_SAs with their unique_id instead of their reqidMartin Willi2015-02-202-3/+3
|
* inactivity-job: Schedule job by CHILD_SA unique ID instead of reqidMartin Willi2015-02-201-7/+4
|
* kernel-interface: Raise expires with a proto/SPI/dst tuple instead of reqidMartin Willi2015-02-201-2/+2
|
* ike: Maintain per-IKE_SA CHILD_SAs in the global CHILD_SA managerMartin Willi2015-02-201-8/+19
|
* child-sa: Replace reqid based marks by "unique" marksMartin Willi2015-02-203-2/+38
| | | | | | | | | | | As we now use the same reqid for multiple CHILD_SAs with the same selectors, having marks based on the reqid makes not that much sense anymore. Instead we use unique marks that use a custom identifier. This identifier is reused during rekeying, keeping the marks constant for any rule relying on it (for example installed by updown). This also simplifies handling of reqid allocation, as we do not have to query the marks that is not yet assigned for an unknown reqid.
* ikev2: Only touch the DH object if we have a matching proposalTobias Brunner2014-12-231-11/+17
|
* ikev2: Fix handling of more than one hash-and-URL certificate payloadsTobias Brunner2014-12-041-2/+2
|
* ikev2: Fix ike_rekey switch statement broken with last commitMartin Willi2014-11-241-1/+1
|
* ikev2: Prevent IKE_SA rekeying if we are currently retrying a CHILD_SA rekeyMartin Willi2014-11-211-0/+1
|
* child-sa: Introduce a CHILD_RETRYING state to detect DH group retriesMartin Willi2014-11-211-0/+1
|
* ikev2: Negotiate support for IKEv2 fragmentationTobias Brunner2014-10-101-0/+23
|
* ike-mobike: Allow calling transmit() even when not currently path probingTobias Brunner2014-09-121-5/+17
| | | | Path probing is enabled if the current path is not available anymore.
* ike-mobike: Return FALSE in transmit() if no path was availableTobias Brunner2014-09-122-3/+7
|
* ike-mobike: Add method to enable path probingTobias Brunner2014-09-122-0/+12
|
* ike-mobike: Skip peer addresses we can't send packets to when checking pathsTobias Brunner2014-09-121-5/+18
|
* ikev2: Migrate number of pending MOBIKE updatesTobias Brunner2014-09-121-0/+5
| | | | | This will probably never be more than 1 since we only have one task queued at a time and we don't migrate running tasks.
* ikev2: Properly keep track of pending MOBIKE updatesTobias Brunner2014-09-121-8/+27
| | | | | | | | Because we only queue one MOBIKE task at a time, but destroy superfluous ones only after we already increased the counter for pending MOBIKE updates, we have to reduce the counter when such tasks are destroyed. Otherwise, the queued task would assume another task is queued when it is running and ignore any successful response.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-22 13:35:39 +0000