projects / strongswan.git / blob
? search:


50a8aad959cb1b2bd775219d0ebfa6913cc76b1f
[strongswan.git] / src / libcharon / sa / ikev2 / tasks / child_rekey.c
1 /*
2 * Copyright (C) 2005-2007 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "child_rekey.h"
18
19 #include <daemon.h>
20 #include <encoding/payloads/notify_payload.h>
21 #include <sa/ikev2/tasks/child_create.h>
22 #include <sa/ikev2/tasks/child_delete.h>
23 #include <processing/jobs/rekey_child_sa_job.h>
24 #include <processing/jobs/rekey_ike_sa_job.h>
25
26
27 typedef struct private_child_rekey_t private_child_rekey_t;
28
29 /**
30 * Private members of a child_rekey_t task.
31 */
32 struct private_child_rekey_t {
33
34 /**
35 * Public methods and task_t interface.
36 */
37 child_rekey_t public;
38
39 /**
40 * Assigned IKE_SA.
41 */
42 ike_sa_t *ike_sa;
43
44 /**
45 * Are we the initiator?
46 */
47 bool initiator;
48
49 /**
50 * Protocol of CHILD_SA to rekey
51 */
52 protocol_id_t protocol;
53
54 /**
55 * Inbound SPI of CHILD_SA to rekey
56 */
57 u_int32_t spi;
58
59 /**
60 * the CHILD_CREATE task which is reused to simplify rekeying
61 */
62 child_create_t *child_create;
63
64 /**
65 * the CHILD_DELETE task to delete rekeyed CHILD_SA
66 */
67 child_delete_t *child_delete;
68
69 /**
70 * CHILD_SA which gets rekeyed
71 */
72 child_sa_t *child_sa;
73
74 /**
75 * colliding task, may be delete or rekey
76 */
77 task_t *collision;
78
79 /**
80 * Indicate that peer destroyed the redundant child from collision.
81 * This happens if a peer's delete notification for the redundant
82 * child gets processed before the rekey job. If so, we must not
83 * touch the child created in the collision since it points to
84 * memory already freed.
85 */
86 bool other_child_destroyed;
87 };
88
89 /**
90 * Implementation of task_t.build for initiator, after rekeying
91 */
92 static status_t build_i_delete(private_child_rekey_t *this, message_t *message)
93 {
94 /* update exchange type to INFORMATIONAL for the delete */
95 message->set_exchange_type(message, INFORMATIONAL);
96
97 return this->child_delete->task.build(&this->child_delete->task, message);
98 }
99
100 /**
101 * Implementation of task_t.process for initiator, after rekeying
102 */
103 static status_t process_i_delete(private_child_rekey_t *this, message_t *message)
104 {
105 return this->child_delete->task.process(&this->child_delete->task, message);
106 }
107
108 /**
109 * find a child using the REKEY_SA notify
110 */
111 static void find_child(private_child_rekey_t *this, message_t *message)
112 {
113 notify_payload_t *notify;
114 protocol_id_t protocol;
115 u_int32_t spi;
116
117 notify = message->get_notify(message, REKEY_SA);
118 if (notify)
119 {
120 protocol = notify->get_protocol_id(notify);
121 spi = notify->get_spi(notify);
122
123 if (protocol == PROTO_ESP || protocol == PROTO_AH)
124 {
125 this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, protocol,
126 spi, FALSE);
127 }
128 }
129 }
130
131 METHOD(task_t, build_i, status_t,
132 private_child_rekey_t *this, message_t *message)
133 {
134 notify_payload_t *notify;
135 u_int32_t reqid;
136 child_cfg_t *config;
137
138 this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol,
139 this->spi, TRUE);
140 if (!this->child_sa)
141 { /* check if it is an outbound CHILD_SA */
142 this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol,
143 this->spi, FALSE);
144 if (!this->child_sa)
145 { /* CHILD_SA is gone, unable to rekey. As an empty CREATE_CHILD_SA
146 * exchange is invalid, we fall back to an INFORMATIONAL exchange.*/
147 message->set_exchange_type(message, INFORMATIONAL);
148 return SUCCESS;
149 }
150 /* we work only with the inbound SPI */
151 this->spi = this->child_sa->get_spi(this->child_sa, TRUE);
152 }
153 config = this->child_sa->get_config(this->child_sa);
154
155 /* we just need the rekey notify ... */
156 notify = notify_payload_create_from_protocol_and_type(NOTIFY,
157 this->protocol, REKEY_SA);
158 notify->set_spi(notify, this->spi);
159 message->add_payload(message, (payload_t*)notify);
160
161 /* ... our CHILD_CREATE task does the hard work for us. */
162 if (!this->child_create)
163 {
164 this->child_create = child_create_create(this->ike_sa, config, TRUE,
165 NULL, NULL);
166 }
167 reqid = this->child_sa->get_reqid(this->child_sa);
168 this->child_create->use_reqid(this->child_create, reqid);
169 this->child_create->task.build(&this->child_create->task, message);
170
171 this->child_sa->set_state(this->child_sa, CHILD_REKEYING);
172
173 return NEED_MORE;
174 }
175
176 METHOD(task_t, process_r, status_t,
177 private_child_rekey_t *this, message_t *message)
178 {
179 /* let the CHILD_CREATE task process the message */
180 this->child_create->task.process(&this->child_create->task, message);
181
182 find_child(this, message);
183
184 return NEED_MORE;
185 }
186
187 METHOD(task_t, build_r, status_t,
188 private_child_rekey_t *this, message_t *message)
189 {
190 u_int32_t reqid;
191
192 if (this->child_sa == NULL ||
193 this->child_sa->get_state(this->child_sa) == CHILD_DELETING)
194 {
195 DBG1(DBG_IKE, "unable to rekey, CHILD_SA not found");
196 message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
197 return SUCCESS;
198 }
199
200 /* let the CHILD_CREATE task build the response */
201 reqid = this->child_sa->get_reqid(this->child_sa);
202 this->child_create->use_reqid(this->child_create, reqid);
203 this->child_create->task.build(&this->child_create->task, message);
204
205 if (message->get_payload(message, SECURITY_ASSOCIATION) == NULL)
206 {
207 /* rekeying failed, reuse old child */
208 this->child_sa->set_state(this->child_sa, CHILD_INSTALLED);
209 return SUCCESS;
210 }
211
212 this->child_sa->set_state(this->child_sa, CHILD_REKEYING);
213
214 /* invoke rekey hook */
215 charon->bus->child_rekey(charon->bus, this->child_sa,
216 this->child_create->get_child(this->child_create));
217 return SUCCESS;
218 }
219
220 /**
221 * Handle a rekey collision
222 */
223 static child_sa_t *handle_collision(private_child_rekey_t *this)
224 {
225 child_sa_t *to_delete;
226
227 if (this->collision->get_type(this->collision) == TASK_CHILD_REKEY)
228 {
229 chunk_t this_nonce, other_nonce;
230 private_child_rekey_t *other = (private_child_rekey_t*)this->collision;
231
232 this_nonce = this->child_create->get_lower_nonce(this->child_create);
233 other_nonce = other->child_create->get_lower_nonce(other->child_create);
234
235 /* if we have the lower nonce, delete rekeyed SA. If not, delete
236 * the redundant. */
237 if (memcmp(this_nonce.ptr, other_nonce.ptr,
238 min(this_nonce.len, other_nonce.len)) > 0)
239 {
240 child_sa_t *child_sa;
241
242 DBG1(DBG_IKE, "CHILD_SA rekey collision won, deleting old child");
243 to_delete = this->child_sa;
244 /* don't touch child other created, it has already been deleted */
245 if (!this->other_child_destroyed)
246 {
247 /* disable close action for the redundand child */
248 child_sa = other->child_create->get_child(other->child_create);
249 if (child_sa)
250 {
251 child_sa->set_close_action(child_sa, ACTION_NONE);
252 }
253 }
254 }
255 else
256 {
257 DBG1(DBG_IKE, "CHILD_SA rekey collision lost, "
258 "deleting rekeyed child");
259 to_delete = this->child_create->get_child(this->child_create);
260 }
261 }
262 else
263 { /* CHILD_DELETE */
264 child_delete_t *del = (child_delete_t*)this->collision;
265
266 /* we didn't had a chance to compare the nonces, so we delete
267 * the CHILD_SA the other is not deleting. */
268 if (del->get_child(del) != this->child_sa)
269 {
270 DBG1(DBG_IKE, "CHILD_SA rekey/delete collision, "
271 "deleting rekeyed child");
272 to_delete = this->child_sa;
273 }
274 else
275 {
276 DBG1(DBG_IKE, "CHILD_SA rekey/delete collision, "
277 "deleting redundant child");
278 to_delete = this->child_create->get_child(this->child_create);
279 }
280 }
281 return to_delete;
282 }
283
284 METHOD(task_t, process_i, status_t,
285 private_child_rekey_t *this, message_t *message)
286 {
287 protocol_id_t protocol;
288 u_int32_t spi;
289 child_sa_t *to_delete;
290
291 if (message->get_notify(message, NO_ADDITIONAL_SAS))
292 {
293 DBG1(DBG_IKE, "peer seems to not support CHILD_SA rekeying, "
294 "starting reauthentication");
295 this->child_sa->set_state(this->child_sa, CHILD_INSTALLED);
296 lib->processor->queue_job(lib->processor,
297 (job_t*)rekey_ike_sa_job_create(
298 this->ike_sa->get_id(this->ike_sa), TRUE));
299 return SUCCESS;
300 }
301
302 if (this->child_create->task.process(&this->child_create->task,
303 message) == NEED_MORE)
304 {
305 /* bad DH group while rekeying, try again */
306 this->child_create->task.migrate(&this->child_create->task, this->ike_sa);
307 return NEED_MORE;
308 }
309 if (message->get_payload(message, SECURITY_ASSOCIATION) == NULL)
310 {
311 /* establishing new child failed, reuse old. but not when we
312 * received a delete in the meantime */
313 if (!(this->collision &&
314 this->collision->get_type(this->collision) == TASK_CHILD_DELETE))
315 {
316 job_t *job;
317 u_int32_t retry = RETRY_INTERVAL - (random() % RETRY_JITTER);
318
319 job = (job_t*)rekey_child_sa_job_create(
320 this->child_sa->get_reqid(this->child_sa),
321 this->child_sa->get_protocol(this->child_sa),
322 this->child_sa->get_spi(this->child_sa, TRUE));
323 DBG1(DBG_IKE, "CHILD_SA rekeying failed, "
324 "trying again in %d seconds", retry);
325 this->child_sa->set_state(this->child_sa, CHILD_INSTALLED);
326 lib->scheduler->schedule_job(lib->scheduler, job, retry);
327 }
328 return SUCCESS;
329 }
330
331 /* check for rekey collisions */
332 if (this->collision)
333 {
334 to_delete = handle_collision(this);
335 }
336 else
337 {
338 to_delete = this->child_sa;
339 }
340
341 if (to_delete != this->child_create->get_child(this->child_create))
342 { /* invoke rekey hook if rekeying successful */
343 charon->bus->child_rekey(charon->bus, this->child_sa,
344 this->child_create->get_child(this->child_create));
345 }
346
347 if (to_delete == NULL)
348 {
349 return SUCCESS;
350 }
351 spi = to_delete->get_spi(to_delete, TRUE);
352 protocol = to_delete->get_protocol(to_delete);
353
354 /* rekeying done, delete the obsolete CHILD_SA using a subtask */
355 this->child_delete = child_delete_create(this->ike_sa, protocol, spi);
356 this->public.task.build = (status_t(*)(task_t*,message_t*))build_i_delete;
357 this->public.task.process = (status_t(*)(task_t*,message_t*))process_i_delete;
358
359 return NEED_MORE;
360 }
361
362 METHOD(task_t, get_type, task_type_t,
363 private_child_rekey_t *this)
364 {
365 return TASK_CHILD_REKEY;
366 }
367
368 METHOD(child_rekey_t, collide, void,
369 private_child_rekey_t *this, task_t *other)
370 {
371 /* the task manager only detects exchange collision, but not if
372 * the collision is for the same child. we check it here. */
373 if (other->get_type(other) == TASK_CHILD_REKEY)
374 {
375 private_child_rekey_t *rekey = (private_child_rekey_t*)other;
376 if (rekey->child_sa != this->child_sa)
377 {
378 /* not the same child => no collision */
379 other->destroy(other);
380 return;
381 }
382 }
383 else if (other->get_type(other) == TASK_CHILD_DELETE)
384 {
385 child_delete_t *del = (child_delete_t*)other;
386 if (del->get_child(del) == this->child_create->get_child(this->child_create))
387 {
388 /* peer deletes redundant child created in collision */
389 this->other_child_destroyed = TRUE;
390 other->destroy(other);
391 return;
392 }
393 if (del->get_child(del) != this->child_sa)
394 {
395 /* not the same child => no collision */
396 other->destroy(other);
397 return;
398 }
399 }
400 else
401 {
402 /* any other task is not critical for collisisions, ignore */
403 other->destroy(other);
404 return;
405 }
406 DBG1(DBG_IKE, "detected %N collision with %N", task_type_names,
407 TASK_CHILD_REKEY, task_type_names, other->get_type(other));
408 DESTROY_IF(this->collision);
409 this->collision = other;
410 }
411
412 METHOD(task_t, migrate, void,
413 private_child_rekey_t *this, ike_sa_t *ike_sa)
414 {
415 if (this->child_create)
416 {
417 this->child_create->task.migrate(&this->child_create->task, ike_sa);
418 }
419 if (this->child_delete)
420 {
421 this->child_delete->task.migrate(&this->child_delete->task, ike_sa);
422 }
423 DESTROY_IF(this->collision);
424
425 this->ike_sa = ike_sa;
426 this->collision = NULL;
427 }
428
429 METHOD(task_t, destroy, void,
430 private_child_rekey_t *this)
431 {
432 if (this->child_create)
433 {
434 this->child_create->task.destroy(&this->child_create->task);
435 }
436 if (this->child_delete)
437 {
438 this->child_delete->task.destroy(&this->child_delete->task);
439 }
440 DESTROY_IF(this->collision);
441 free(this);
442 }
443
444 /*
445 * Described in header.
446 */
447 child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol,
448 u_int32_t spi)
449 {
450 private_child_rekey_t *this;
451
452 INIT(this,
453 .public = {
454 .task = {
455 .get_type = _get_type,
456 .migrate = _migrate,
457 .destroy = _destroy,
458 },
459 .collide = _collide,
460 },
461 .ike_sa = ike_sa,
462 .protocol = protocol,
463 .spi = spi,
464 );
465
466 if (protocol != PROTO_NONE)
467 {
468 this->public.task.build = _build_i;
469 this->public.task.process = _process_i;
470 this->initiator = TRUE;
471 this->child_create = NULL;
472 }
473 else
474 {
475 this->public.task.build = _build_r;
476 this->public.task.process = _process_r;
477 this->initiator = FALSE;
478 this->child_create = child_create_create(ike_sa, NULL, TRUE, NULL, NULL);
479 }
480
481 return &this->public;
482 }
strongSwan - IPsec VPN