aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
* vici: Certification Authority support added.Andreas Steffen2015-07-219-11/+937
| | | | | | CDP and OCSP URIs for a one or multiple certification authorities can be added via the VICI interface. swanctl allows to read definitions from a new authorities section.
* vici: Compute rekey_bytes and rekey_packets if life_bytes and life_packets ↵Andreas Steffen2015-07-201-6/+20
| | | | are defined
* ike-sa-manager: Safely access the RNG instance with an rwlockTobias Brunner2015-07-141-5/+16
| | | | | | | | | | | Threads might still be allocating SPIs (e.g. triggered by an acquire or an inbound message) while the main thread calls flush(). If there is a context switch right after such a thread successfully checked this->rng in get_spi() and the main thread destroys the RNG instance right then, that worker thread will cause a segmentation fault when it continues and attempts to call get_bytes(). Fixes #1014.
* vici: Asynchronize debug loggingMartin Willi2015-07-121-1/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The vici logger uses the listener_t.log() callback to raise vici events. When doing so, it holds the bus lock as reader while acquiring the vici socket mutex (1). If at the same time the vici socket enables a writer, that thread tries to lock the watcher mutex (2). The watcher thread uses debugging while holding the lock, i.e. acquires the bus read lock (3). (1) bus.rlock -> vici.lock! (2) vici.lock -> watcher.lock! (3) watcher.lock -> bus.rlock! This all actually would resolve just fine, as we have a shared read lock on the bus. However, under Windows we seem to have a strict writer preference when acquiring the rwlock (4). This results in blocking read locks until any pending write lock can be fulfilled, and makes the constellation deadlock. The relevant threads are: Thread (1) 6 0x71313d25 in wait_ at threading/windows/mutex.c:137 7 0x7054c8a2 in find_entry at vici_socket.c:201 8 0x7054d690 in send_ at vici_socket.c:624 9 0x7054f6c1 in send_op at vici_dispatcher.c:119 10 0x705502c1 in raise_event at vici_dispatcher.c:469 12 0x704c3878 in log_cb at bus/bus.c:332 13 0x712c7c3a in invoke_function at collections/linked_list.c:414 14 0x704c3a63 in vlog at bus/bus.c:400 15 0x704c3b36 in log_ at bus/bus.c:430 18 0x70508f1f in process_response at sa/ikev2/task_manager_v2.c:664 20 0x704f5430 in process_message at sa/ike_sa.c:1369 21 0x704e3823 in execute at processing/jobs/process_message_job.c:74 22 0x712e629f in process_job at processing/processor.c:235 Thread (2) 4 0x71313b61 in lock at threading/windows/mutex.c:66 5 0x712e81fd in add at processing/watcher.c:441 6 0x712e1ab9 in add_watcher at networking/streams/stream.c:213 7 0x712e1b4d in on_write at networking/streams/stream.c:237 8 0x7054d606 in _cb_enable_writer at vici_socket.c:609 9 0x712e5e34 in execute at processing/jobs/callback_job.c:77 10 0x712e629f in process_job at processing/processor.c:235 Thread (3) 3 0x71313f38 in read_lock at threading/windows/rwlock.c:74 4 0x704c3971 in vlog at bus/bus.c:373 5 0x704cc156 in dbg_bus at daemon.c:126 6 0x712e7bf9 in watch at processing/watcher.c:316 7 0x712e5e34 in execute at processing/jobs/callback_job.c:77 8 0x712e629f in process_job at processing/processor.c:235 Thread (4) 3 0x71313f70 in write_lock at threading/windows/rwlock.c:82 4 0x704c378b in remove_logger at bus/bus.c:290 5 0x704cb284 in listener_unregister at control/controller.c:166 6 0x713136cd in thread_cleanup_pop at threading/windows/thread.c:558 8 0x704cb94e in initiate at control/controller.c:435 9 0x70553996 in _cb_initiate at vici_control.c:187 12 0x7054d200 in _cb_process_queue at vici_socket.c:508 13 0x712e5e34 in execute at processing/jobs/callback_job.c:77 14 0x712e629f in process_job at processing/processor.c:235 To avoid such a situation, we dissolve the (1) lock sequence. It's actually never good practice to acquire shared locks during bus hooks, as it is problematic if we raise bus events while holding the lock. We do so by raising vici events for log message asynchronously, but of curse must keep log order as is using a synchronized queue.
* unit-tests: Add a IKEv2 message encryption test caseMartin Willi2015-07-123-0/+140
| | | | | It uses the ChaCha20Poly1305 test vectors from draft-ietf-ipsecme-chacha20-poly1305-06.
* unit-tests: Forward variable argument list in TEST_SUITE_DEPENDMartin Willi2015-07-121-2/+2
| | | | | For some plugin features, such as crypters or AEADs, we have some additional feature arguments, such as the key size.
* unit-tests: Load libstrongswan plugins in libcharon testsMartin Willi2015-07-122-0/+16
|
* ikev2: Derive additional 4 byte CHILD_SA nonce keymat for ChaCha20-Poly1305Martin Willi2015-06-291-0/+1
|
* ikev2: Use four byte salt for ChaCha20-Poly1305 AEADMartin Willi2015-06-291-0/+1
|
* osx-attr: Optionally replace existing DNS server instead of appending themMartin Willi2015-06-181-3/+27
|
* ikev2: Enforce remote authentication config before proceeding with own ↵Martin Willi2015-06-051-0/+44
| | | | | | | | | | | | | | | | | | | | | | | | authentication Previously the constraints in the authentication configuration of an initiator were enforced only after all authentication rounds were complete. This posed a problem if an initiator used EAP or PSK authentication while the responder was authenticated with a certificate and if a rogue server was able to authenticate itself with a valid certificate issued by any CA the initiator trusted. Because any constraints for the responder's identity (rightid) or other aspects of the authentication (e.g. rightca) the initiator had were not enforced until the initiator itself finished its authentication such a rogue responder was able to acquire usernames and password hashes from the client. And if a client supported EAP-GTC it was even possible to trick it into sending plaintext passwords. This patch enforces the configured constraints right after the responder's authentication successfully finished for each round and before the initiator starts with its own authentication. Fixes CVE-2015-4171.
* child-sa: Use any fixed reqid configured on the CHILD_SA configMartin Willi2015-06-051-2/+2
| | | | | | | Global reqid allocation (94eb09ac) broke fixed reqid allocation. Resupport them by bypassing allocation in the kernel if a fixed reqid has been configured. Fixes #976.
* message: Log message if unknown/disallowed payload receivedTobias Brunner2015-06-011-3/+10
|
* message: Log original message type of unknown payloadsTobias Brunner2015-06-011-0/+13
|
* unknown-payload: Use a new private payload type and make original type availableTobias Brunner2015-06-016-10/+35
| | | | | | | | | This fixes a DoS and potential remote code execution vulnerability that was caused because the original payload type that was returned previously was used to cast such payload objects to payloads of the indicated type (e.g. when logging notify payloads with a payload type for the wrong IKE version). Fixes CVE-2015-3991.
* ikev2: Include fragment number into message ID passed to IV genMartin Willi2015-06-011-0/+5
| | | | | | When using a cipher with sequential IVs, we never must pass an identical IV to the IV generator. To avoid it when using IKEv2 fragmentation, use the lower bits of the 64-bit message ID as the fragment number.
* message: Show the fragmentation numbers in message stringificationMartin Willi2015-06-011-0/+36
|
* ha: Document tunnel parameterTobias Brunner2015-05-271-0/+1
|
* ha: Skip SA for sync messages when resyncing HA segmentsTobias Brunner2015-05-263-3/+14
|
* ha: Move plugin initialization from constructor to plugin callbackTobias Brunner2015-05-261-58/+69
| | | | | This fixes support for the secret option, as otherwise the kernel interface is not registered yet when the trap policy is installed.
* vici: Explicitly disable --user-install when installing Ruby GemTobias Brunner2015-05-211-1/+1
| | | | | | | | Only one of `--user-install` and `--install-dir` may be set and if `--user-install` is the default on a system installation will fail unless we disable it explicitly. Fixes #914.
* vici: Make installation of Ruby Gem and Python Egg optionalTobias Brunner2015-05-212-0/+4
| | | | | | | | | | | | | | | | | | Installing them might not work well when building distro packages (e.g. with DESTDIR installs). It might be easier to install them later with a script in the distro package. When building from source on the local system it could still be useful to install the packages directly, which can be enabled with separate configure options. The main problem with DESTDIR installations of the Python Egg is that easy_install creates or modifies a file called easy-install.pth in the installation directory. So it's not actually possible to simply copy the results in DESTDIR over to the actual system as that file would have to be merged with any existing one. Fixes #914.
* vici: Support out-of-tree build of Python EggTobias Brunner2015-05-211-5/+5
| | | | | | | We also don't require setup.py to exist during cleanup, as e.g. with make distcheck the source directory is not writable when the build directory is cleaned, so setup.py can't be created (to just get removed again anyway if VICI and the Python Eggs haven't been enabled previously).
* ikev1: When a reauth is detected explicitly delete the old IKE_SATobias Brunner2015-05-211-3/+13
| | | | | | | | | | | Instead of just implicitly destroying the old SA we properly delete it to notify the other peer (if the other peer keeps the SA up after the reauthentication and sends DPDs it might consider us dead even though the new SA is up, that seems to be the case with racoon). We delay the DELETE a bit to give the other peer time to get the new SA fully established. Since DELETE messages are not retransmitted it is still possible that the other peer misses that we deleted the SA.
* eap-radius: Keep track of stats for SAs migrated during IKEv1 reauthenticationTobias Brunner2015-05-211-88/+229
|
* ikev1: Trigger children_migrate event if CHILD_SAs are adoptedTobias Brunner2015-05-213-1/+12
|
* bus: Add new hook called when IKEv1 CHILD_SAs are migrated to a new IKE_SATobias Brunner2015-05-213-3/+58
| | | | | | The interface is currently not very nice, but if we ever were able to safely checkout multiple SAs concurrently we could add something similar to ike_rekey() and call that when we detect a reauthentication.
* eap-radius: Remove cache entries for expired SAs during ike/child_rekeyTobias Brunner2015-05-211-0/+53
|
* eap-radius: Add cache for usage stats of expired/rekeyed SAsTobias Brunner2015-05-211-6/+102
| | | | | | | | | | | | | There are several situations that the previous code didn't handle that well, for example, interim updates during rekeying (until the rekeyed SA was deleted the numbers were too high, then suddenly dropped afterwards), or rekeying for IKEv1 in general because rekeyed IPsec SAs stay installed until they expire (so if they were still around when the IKE_SA was terminated, the reported numbers in the Stop message were too high). If intermediate updates are not used the cache entries for rekeyed CHILD_SA will accumulate, we can't clean them up as we don't get child_updown() events for them.
* child-create: Destroy nonceg in migrate()Tobias Brunner2015-05-051-1/+2
| | | | | Since another nonce gets allocated later (if any was allocated already) this would have resulted in a leaked nonce context ID when used in charon-tkm.
* child-create: Fix error handling if nonceg can't be createdTobias Brunner2015-05-051-14/+12
| | | | As with ike-init we can't return NULL in the task constructor.
* ike-init: Fix error handling if nonceg can't be createdTobias Brunner2015-05-051-13/+21
| | | | | | Returning FAILED in the constructor is wrong, but returning NULL doesn't work either as it's currently assumed tasks always can be created. Therefore, delay this check until we actually try to allocate a nonce.
* ike-init: Fix compiler warningTobias Brunner2015-05-051-2/+0
|
* ike-init: Make nonceg a member of ike_init structReto Buerki2015-05-041-20/+17
| | | | | | | This allows to control the life-cycle of a nonce in the context of the ike init task. In the TKM use-case the nonce generator cannot be destroyed before the ike init task is finalized, otherwise the created nonce is detected as stale.
* child-create: Make nonceg a member of child_create structReto Buerki2015-05-041-12/+16
| | | | | | | | This allows to control the life-cycle of a nonce in the context of the child create task. In the TKM use-case, it is required to reset the nonce context if the created nonce is not consumed. This happens if the child SA negotiation fails and it is detected before the SA is established via the TKM kernel plugin (i.e. rekey collision).
* Add bool param to ALERT_KEEP_ON_CHILD_SA_FAILURE alertAdrian-Ken Rueegsegger2015-05-042-3/+8
| | | | | The parameter indicates if the alert is raised upon failure to establish the first CHILD SA of an IKE SA.
* vici: Default to certificate subject for identityTimo Teräs2015-05-041-0/+37
| | | | | | | | If id is not specified and certificate authentication is used, use the certificate subject name as identity. Simplifies configuration as in most cases this is the right thing to do. Signed-off-by: Timo Teräs <timo.teras@iki.fi>
* vici: Add support for ike_sa and child_sa updown notificationsTimo Teräs2015-05-043-0/+137
| | | | | | Useful for monitoring and management purposes. Signed-off-by: Timo Teräs <timo.teras@iki.fi>
* vici: Add function to test if an event should be generatedTimo Teräs2015-05-042-0/+74
| | | | | | | Useful to avoid generating vici messages if they are not needed and their generation is heavy operation. Signed-off-by: Timo Teräs <timo.teras@iki.fi>
* ike-vendor: Add some Microsoft vendor IDsTobias Brunner2015-04-211-0/+10
|
* vici: Relicense libvici.h under MITMartin Willi2015-04-141-9/+20
| | | | | | libvici currently relies on libstrongswan, and therefore is bound to the GPLv2. But to allow alternatively licensed reimplementations without copyleft based on the same interface, we liberate the header.
* utils: Use chunk_equals_const() for all cryptographic purposesMartin Willi2015-04-1410-13/+11
|
* utils: Use memeq_const() for all cryptographic purposesMartin Willi2015-04-146-13/+7
|
* vici: Defer read/write error reporting after connection entry has been releasedMartin Willi2015-04-131-12/+34
| | | | | | | | | | | | | | | | If a vici client registered for (control-)log events, but a vici read/write operation fails, this may result in a deadlock. The attempt to write to the bus results in a vici log message, which in turn tries to acquire the lock for the entry currently held. While a recursive lock could help as well for a single thread, there is still a risk of inter-thread races if there is more than one thread listening for events and/or having read/write errors. We instead log to a local buffer, and write to the bus not before the connection entry has been released. Additionally, we mark the connection entry as unusable to avoid writing to the failed socket again, potentially triggering an error loop.
* aead: Create AEAD using traditional transforms with an explicit IV generatorMartin Willi2015-04-131-4/+11
| | | | | | Real AEADs directly provide a suitable IV generator, but traditional crypters do not. For some (stream) ciphers, we should use sequential IVs, for which we pass an appropriate generator to the AEAD wrapper.
* stroke: Properly parse bliss key strength in public key constraintTobias Brunner2015-03-251-1/+1
|
* eap-tnc: Free eap-tnc object if IKE_SA not found to get IPsTobias Brunner2015-03-251-0/+1
|
* Fixed some typos, courtesy of codespellTobias Brunner2015-03-252-2/+2
|
* child-sa: Add a new state to track rekeyed IKEv1 CHILD_SAsTobias Brunner2015-03-257-5/+15
| | | | | | This is needed to handle DELETEs properly, which was previously done via CHILD_REKEYING, which we don't use anymore since 5c6a62ceb6 as it prevents reauthentication.
* ikev1: Inverse check when applying received KE value during Quick Mode5.3.0rc1Martin Willi2015-03-241-1/+1
| | | | Fixes Quick Mode negotiation when PFS is in use.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 16:42:46 +0000