4 years agoFixed some typos, courtesy of codespell
Tobias Brunner [Wed, 29 Jun 2016 14:14:17 +0000 (16:14 +0200)]
Fixed some typos, courtesy of codespell

4 years agotesting: Remove obsolete openssl-fips recipe
Tobias Brunner [Wed, 29 Jun 2016 12:39:06 +0000 (14:39 +0200)]
testing: Remove obsolete openssl-fips recipe

This was only required when we initially started and OpenSSL was built
from sources, which was changed with b97dd59ba841 ("install FIPS-aware
OpenSSL Debian packages").

4 years agoRevert "testing: Only load selected plugins in swanctl"
Tobias Brunner [Fri, 1 Jul 2016 15:18:11 +0000 (17:18 +0200)]
Revert "testing: Only load selected plugins in swanctl"

This reverts commit dee01d019ba9743b2784b417155601d10c173a66.

Thanks to 505c31870162 ("leak-detective: Try to properly free
allocations after deinitialization") this is not required anymore.

4 years agoVersion bump to 5.5.0rc1 5.5.0rc1
Andreas Steffen [Thu, 30 Jun 2016 14:28:28 +0000 (16:28 +0200)]
Version bump to 5.5.0rc1

4 years agoimcv: Added EFI HCRTM event
Andreas Steffen [Thu, 30 Jun 2016 14:20:00 +0000 (16:20 +0200)]
imcv: Added EFI HCRTM event

4 years agotesting: Version bump to 4.6.3 kernel and strongSwan 5.5.0
Andreas Steffen [Thu, 30 Jun 2016 14:18:38 +0000 (16:18 +0200)]
testing: Version bump to 4.6.3 kernel and strongSwan 5.5.0

4 years agoaikgen: Fix computation of key ID of the AIK public key
Tobias Brunner [Thu, 30 Jun 2016 10:56:41 +0000 (12:56 +0200)]
aikgen: Fix computation of key ID of the AIK public key

We don't have direct access to the modulus and exponent of the key anymore.

4 years agolibtpmtss: Define missing Doxygen group and fix some comments
Tobias Brunner [Thu, 30 Jun 2016 08:56:25 +0000 (10:56 +0200)]
libtpmtss: Define missing Doxygen group and fix some comments

4 years agolibimcv: Fix Doxygen comment
Tobias Brunner [Thu, 30 Jun 2016 08:54:45 +0000 (10:54 +0200)]
libimcv: Fix Doxygen comment

4 years agotesting: Add ikev1/net2net-esn scenario
Tobias Brunner [Tue, 21 Jun 2016 08:40:33 +0000 (10:40 +0200)]
testing: Add ikev1/net2net-esn scenario

4 years agoikev1: Add support for extended sequence numbers
Thomas Egerer [Mon, 20 Jun 2016 16:19:51 +0000 (18:19 +0200)]
ikev1: Add support for extended sequence numbers

Signed-off-by: Thomas Egerer <>
4 years agoplugin-loader: Allow selective modification of the default plugin list
Tobias Brunner [Tue, 21 Jun 2016 09:12:18 +0000 (11:12 +0200)]
plugin-loader: Allow selective modification of the default plugin list

This change allows selectively modifying the default plugin list by setting
the `load` setting of individual plugins (e.g. to disable them or to change
their priority) without enabling charon.load_modular and having to configure
a section and a load statement for every plugin.

4 years agoMerge branch 'openssl-1.1.0'
Tobias Brunner [Wed, 29 Jun 2016 09:10:07 +0000 (11:10 +0200)]
Merge branch 'openssl-1.1.0'

This adds support for OpenSSL 1.1.0.  Several APIs have changed and it makes
all types opaque, which requires using new getter/setter functions.  For older
versions fallbacks are provided.

4 years agoleak-detective: Try to properly free allocations after deinitialization
Tobias Brunner [Mon, 27 Jun 2016 16:04:39 +0000 (18:04 +0200)]
leak-detective: Try to properly free allocations after deinitialization

If a function we whitelist allocates memory while leak detective is enabled
but only frees it after LD has already been disabled, free() will get called
with invalid pointers (not pointing to the actually allocated memory by LD),
which will cause checks in the C library to fail and the program to crash.
This tries to detect such cases and calling free with the correct pointer.

4 years agoopenssl: Whitelist OPENSSL_init_crypto() and others in leak detective
Tobias Brunner [Mon, 27 Jun 2016 15:44:57 +0000 (17:44 +0200)]
openssl: Whitelist OPENSSL_init_crypto() and others in leak detective

Lots of static data is allocated in this function, which isn't freed until
the library is unloaded (we can't call OPENSSL_cleanup() as initialization
would fail when calling it again later).  When enabling the leak
detective the test runner eventually crashes as all the data allocated during
initialization has an invalid size when freed after leak detective has been

4 years agoopenssl: Update GCM/crypter API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 15:33:58 +0000 (17:33 +0200)]
openssl: Update GCM/crypter API to OpenSSL 1.1.0

4 years agoopenssl: Update HMAC API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 15:31:31 +0000 (17:31 +0200)]
openssl: Update HMAC API to OpenSSL 1.1.0

4 years agoopenssl: Don't use deprecated RAND_pseudo_bytes()
Tobias Brunner [Mon, 27 Jun 2016 15:27:54 +0000 (17:27 +0200)]
openssl: Don't use deprecated RAND_pseudo_bytes()

4 years agoopenssl: Update PKCS#12 API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 15:26:16 +0000 (17:26 +0200)]
openssl: Update PKCS#12 API to OpenSSL 1.1.0

4 years agoopenssl: Update PKCS#7 API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 15:22:34 +0000 (17:22 +0200)]
openssl: Update PKCS#7 API to OpenSSL 1.1.0

4 years agoopenssl: Update CRL API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 14:56:22 +0000 (16:56 +0200)]
openssl: Update CRL API to OpenSSL 1.1.0

There is currently no way to compare the outer and inner algorithms
encoded in a parsed CRL.  X509_CRL_verify() does not seem to check that
either, though (unlike X509_verify()).

4 years agoopenssl: Update x509 API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 13:49:19 +0000 (15:49 +0200)]
openssl: Update x509 API to OpenSSL 1.1.0

4 years agoopenssl: Update ECDSA API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 10:36:32 +0000 (12:36 +0200)]
openssl: Update ECDSA API to OpenSSL 1.1.0

4 years agoopenssl: Update RSA API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 10:08:29 +0000 (12:08 +0200)]
openssl: Update RSA API to OpenSSL 1.1.0

4 years agoopenssl: Make some utilities take const BIGNUM pointers
Tobias Brunner [Mon, 27 Jun 2016 10:07:50 +0000 (12:07 +0200)]
openssl: Make some utilities take const BIGNUM pointers

4 years agoopenssl: Add macro to define fallback functions for non-opaque OpenSSL versions
Tobias Brunner [Tue, 28 Jun 2016 13:19:57 +0000 (15:19 +0200)]
openssl: Add macro to define fallback functions for non-opaque OpenSSL versions

4 years agoopenssl: Update DH API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 09:47:26 +0000 (11:47 +0200)]
openssl: Update DH API to OpenSSL 1.1.0

4 years agoopenssl: Update crypter API to OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 09:17:56 +0000 (11:17 +0200)]
openssl: Update crypter API to OpenSSL 1.1.0

EVP_CIPHER and EVP_CIPHER_CTX are now opaque types, the getters already
existed before.

4 years agoopenssl: Fix mapping from ASN1 to chunk_t with OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 09:17:31 +0000 (11:17 +0200)]
openssl: Fix mapping from ASN1 to chunk_t with OpenSSL 1.1.0

ASN1_OBJECT is now opaque.

4 years agoopenssl: Update initialization and cleanup for OpenSSL 1.1.0
Tobias Brunner [Mon, 27 Jun 2016 09:02:36 +0000 (11:02 +0200)]
openssl: Update initialization and cleanup for OpenSSL 1.1.0

We can't call OPENSSL_cleanup() as that would prevent us from
re-initializing the library again (which we use in the Android app, that
loads/unloads plugins).

4 years agoopenssl: OpenSSL 1.1.0 is thread-safe so we don't have to setup callbacks
Tobias Brunner [Mon, 27 Jun 2016 09:01:43 +0000 (11:01 +0200)]
openssl: OpenSSL 1.1.0 is thread-safe so we don't have to setup callbacks

4 years agotesting: Ignore tests/local directory
Tobias Brunner [Wed, 29 Jun 2016 08:36:10 +0000 (10:36 +0200)]
testing: Ignore tests/local directory

This could be used for experimental test scenarios that should not get
tracked in the repository.

4 years agoandroid: Actually add for libtpmtss
Tobias Brunner [Tue, 28 Jun 2016 12:34:13 +0000 (14:34 +0200)]
android: Actually add for libtpmtss

4 years agotravis: Disable tss-tss2 and aikpub2 but enable TrouSerS and build aikgen
Tobias Brunner [Fri, 24 Jun 2016 10:18:28 +0000 (12:18 +0200)]
travis: Disable tss-tss2 and aikpub2 but enable TrouSerS and build aikgen

Ubuntu 12.04 does not provide libtss2-dev.

4 years agoconfigure: Enable respective TSS if aikgen/-pub2 are enabled
Tobias Brunner [Fri, 24 Jun 2016 11:03:15 +0000 (13:03 +0200)]
configure: Enable respective TSS if aikgen/-pub2 are enabled

4 years agoandroid: Fix build after adding libtpmtss
Tobias Brunner [Tue, 28 Jun 2016 09:28:15 +0000 (11:28 +0200)]
android: Fix build after adding libtpmtss

4 years agoVersion bump to 5.5.0dr1 5.5.0dr1
Andreas Steffen [Sun, 26 Jun 2016 16:54:56 +0000 (18:54 +0200)]
Version bump to 5.5.0dr1

4 years agoMerge branch 'tpm2'
Andreas Steffen [Sun, 26 Jun 2016 16:40:01 +0000 (18:40 +0200)]
Merge branch 'tpm2'

The libtpmtss library supports both TPM 1.2 and TPM 2.0 Trusted
Platform Modules. Features comprise capability discovery,
listing of PCRs, AIK generation and quote signatures.

4 years agolibtpmtss: Added to integrity checks
Andreas Steffen [Sun, 26 Jun 2016 14:00:43 +0000 (16:00 +0200)]
libtpmtss: Added to integrity checks

4 years agoaikpub2: Output AIK signature algorithm
Andreas Steffen [Thu, 23 Jun 2016 10:42:22 +0000 (12:42 +0200)]
aikpub2: Output AIK signature algorithm

4 years agoRefactoring to tpm_tss_quote_info object
Andreas Steffen [Mon, 20 Jun 2016 08:47:27 +0000 (10:47 +0200)]
Refactoring to tpm_tss_quote_info object

4 years agolibimcv: Changed debug level for functional components from 2 to 3
Andreas Steffen [Thu, 16 Jun 2016 15:41:03 +0000 (17:41 +0200)]
libimcv: Changed debug level for functional components from 2 to 3

4 years agolibtpmtss: Implemented TSS2 quote() method
Andreas Steffen [Thu, 16 Jun 2016 15:40:10 +0000 (17:40 +0200)]
libtpmtss: Implemented TSS2 quote() method

4 years agolibtpmtss: Implemented TSS2 read_pcr() method
Andreas Steffen [Tue, 14 Jun 2016 21:34:29 +0000 (23:34 +0200)]
libtpmtss: Implemented TSS2 read_pcr() method

4 years agolibimcv: migrate pts to tpm_tss
Andreas Steffen [Sun, 5 Jun 2016 18:39:41 +0000 (20:39 +0200)]
libimcv: migrate pts to tpm_tss

4 years agolibtpmtss: Get TPM 2.0 capabilities
Andreas Steffen [Sun, 5 Jun 2016 18:31:13 +0000 (20:31 +0200)]
libtpmtss: Get TPM 2.0 capabilities

4 years agolibtpmtss: Retrieve TPM 1.2 version info
Andreas Steffen [Sat, 4 Jun 2016 18:13:52 +0000 (20:13 +0200)]
libtpmtss: Retrieve TPM 1.2 version info

4 years agoCreated libtpmtss library handling access to v1.2 and v2.0 TPMs
Andreas Steffen [Thu, 2 Jun 2016 21:01:11 +0000 (23:01 +0200)]
Created libtpmtss library handling access to v1.2 and v2.0 TPMs

4 years agoaikpub2: --handle option retrieves public key from TPM 2.0 NVRAM
Andreas Steffen [Tue, 31 May 2016 21:48:28 +0000 (23:48 +0200)]
aikpub2:  --handle option retrieves public key from TPM 2.0 NVRAM

4 years agoaikpub2: Convert TSS 2.0 AIK public key blob into PKCS#1 format
Andreas Steffen [Mon, 16 May 2016 08:53:44 +0000 (10:53 +0200)]
aikpub2: Convert TSS 2.0 AIK public key blob into PKCS#1 format

4 years agotesting: Start charon before Apache in tnc/tnccs-20-pdp-pt-tls
Tobias Brunner [Mon, 20 Jun 2016 16:31:13 +0000 (18:31 +0200)]
testing: Start charon before Apache in tnc/tnccs-20-pdp-pt-tls

The change in c423d0e8a124 ("testing: Fix race in tnc/tnccs-20-pdp-pt-tls
scenario") is not really ideal as now the vici plugin might not yet be
ready when `swanctl --load-creds` is called.  Perhaps starting charon
before Apache causes enough delay.

Once we switch to charon-systemd this isn't a problem anymore as starting the
unit will block until everything is up and ready.  Also, the individual
swanctl calls will be redundant as the default service unit calls --load-all.
But start scripts do run before charon-systemd signals that the daemon is
ready, so using these would work too then.

4 years agotesting: Only load selected plugins in swanctl
Tobias Brunner [Mon, 20 Jun 2016 16:18:46 +0000 (18:18 +0200)]
testing: Only load selected plugins in swanctl

The main issue is that the ldap and curl plugins, or rather the libraries
they use, initialize GnuTLS (curl, strangely, even when it is, by its own
account, linked against OpenSSL).  Some of these allocations are only freed
once the libraries are unloaded.  This means that the leak detective causes
invalid frees when swanctl is terminated and libraries are unloaded after the
leak detective is already deinitialized.

4 years agoMerge branch 'exchange-collisions'
Tobias Brunner [Fri, 17 Jun 2016 16:53:51 +0000 (18:53 +0200)]
Merge branch 'exchange-collisions'

Improves the handling of IKEv2 exchange collisions in several corner
cases.  TEMPORARY_FAILURE and CHILD_SA_NOT_FOUND notifies that were defined
with RFC 7296 are now handled and sent as appropriate.

The behavior in these situations is tested with new unit tests.

Fixes #379, #464, #876, #1293.

4 years agounit-tests: Add tests for expires after CHILD_SA rekeying
Tobias Brunner [Fri, 10 Jun 2016 14:41:47 +0000 (16:41 +0200)]
unit-tests: Add tests for expires after CHILD_SA rekeying

4 years agochild-rekey: Only rekey installed CHILD_SAs
Tobias Brunner [Fri, 10 Jun 2016 14:00:25 +0000 (16:00 +0200)]
child-rekey: Only rekey installed CHILD_SAs

Depending on the lifetimes a CHILD_SA we rekeyed as responder might
expire shortly afterwards.  We don't want to rekey it again.

When retrying due to an INVALID_KE_PAYLOAD notify the expected state
is CHILD_REKEYING if it is anything else (e.g. due to a collision) we
ignore it.

We also abort the exchange properly if we don't find the CHILD_SA, no
need for an empty INFORMATIONAL exchange anymore.

4 years agoReport test coverage of libcharon and starter
Tobias Brunner [Thu, 2 Jun 2016 16:15:27 +0000 (18:15 +0200)]
Report test coverage of libcharon and starter

4 years agounit-tests: Add test for CHILD_SA rekey if a retry due to an INVALID_KE_PAYLOAD is...
Tobias Brunner [Thu, 2 Jun 2016 15:28:03 +0000 (17:28 +0200)]
unit-tests: Add test for CHILD_SA rekey if a retry due to an INVALID_KE_PAYLOAD is delayed

4 years agochild-rekey: Ignore failed colliding CHILD_SA rekeyings
Tobias Brunner [Thu, 2 Jun 2016 15:23:35 +0000 (17:23 +0200)]
child-rekey: Ignore failed colliding CHILD_SA rekeyings

If a passive rekeying fails due to an INVALID_KE_PAYLOAD we don't want
to consider this task later when resolving collisions.  This previously
might have caused the wrong SA to get deleted/installed based on the nonces
in the unsuccessful exchange.

4 years agounit-tests: Add test for collision between IKE_SA rekey and CHILD_SA creation
Tobias Brunner [Thu, 2 Jun 2016 14:03:30 +0000 (16:03 +0200)]
unit-tests: Add test for collision between IKE_SA rekey and CHILD_SA creation

4 years agochild-create: Retry creating the CHILD_SA if TEMPORARY_FAILURE is received
Tobias Brunner [Thu, 2 Jun 2016 14:01:48 +0000 (16:01 +0200)]
child-create: Retry creating the CHILD_SA if TEMPORARY_FAILURE is received

We queue a delayed task that is initiated after a while.

4 years agoikev2: Add possibility to delay initiation of a queued task
Tobias Brunner [Thu, 2 Jun 2016 13:50:11 +0000 (15:50 +0200)]
ikev2: Add possibility to delay initiation of a queued task

Such a task is not initiated unless a certain time has passed.  This
allows delaying certain tasks but avoids problems if we'd do this
via a scheduled job (e.g. if the IKE_SA is rekeyed in the meantime).

If the IKE_SA is rekeyed the delay of such tasks is reset when the
tasks are adopted i.e. they get executed immediately on the new IKE_SA.

This hasn't been implemented for IKEv1 yet.

4 years agoike: Reduce RETRY_INTERVAL a bit
Tobias Brunner [Thu, 2 Jun 2016 13:24:36 +0000 (15:24 +0200)]
ike: Reduce RETRY_INTERVAL a bit

Retry exchanges between 5 and 15 seconds after a temporary failure.

4 years agoike-rekey: Return TEMPORARY_FAILURE when concurrently creating a CHILD_SA
Tobias Brunner [Thu, 2 Jun 2016 13:13:24 +0000 (15:13 +0200)]
ike-rekey: Return TEMPORARY_FAILURE when concurrently creating a CHILD_SA

4 years agounit-tests: Add tests for IKE rekeying if INVALID_KE_PAYLOAD notifies are received
Tobias Brunner [Wed, 1 Jun 2016 13:49:45 +0000 (15:49 +0200)]
unit-tests: Add tests for IKE rekeying if INVALID_KE_PAYLOAD notifies are received

4 years agoike: Add configuration option to switch to preferring supplied proposals over local...
Tobias Brunner [Wed, 1 Jun 2016 10:18:56 +0000 (12:18 +0200)]
ike: Add configuration option to switch to preferring supplied proposals over local ones

4 years agochild-cfg: Add option to prefer supplied proposals over locally configured ones
Tobias Brunner [Wed, 1 Jun 2016 10:03:21 +0000 (12:03 +0200)]
child-cfg: Add option to prefer supplied proposals over locally configured ones

4 years agoike-cfg: Add option to prefer supplied proposals over locally configured ones
Tobias Brunner [Wed, 1 Jun 2016 09:44:33 +0000 (11:44 +0200)]
ike-cfg: Add option to prefer supplied proposals over locally configured ones

4 years agoproposal: Remove MODP_NONE from IKE proposals parsed from strings
Tobias Brunner [Wed, 1 Jun 2016 12:53:23 +0000 (14:53 +0200)]
proposal: Remove MODP_NONE from IKE proposals parsed from strings

4 years agoproposal: Handle MODP_NONE in both directions when selecting proposals
Tobias Brunner [Wed, 1 Jun 2016 09:28:30 +0000 (11:28 +0200)]
proposal: Handle MODP_NONE in both directions when selecting proposals

4 years agoproposal: Parse modpnone as MODP_NONE(0)
Tobias Brunner [Wed, 1 Jun 2016 09:14:20 +0000 (11:14 +0200)]
proposal: Parse modpnone as MODP_NONE(0)

4 years agoike-rekey: Make sure to ignore task when detecting collisions if ike-init subtask...
Tobias Brunner [Wed, 1 Jun 2016 13:45:01 +0000 (15:45 +0200)]
ike-rekey: Make sure to ignore task when detecting collisions if ike-init subtask failed

For instance, if INVALID_KE_PAYLOAD is returned we don't want this task
to affect any active rekeying (no new SA has been established so far).

4 years agounit-tests: Add test for rekey collision if one CREATE_CHILD_SA response is delayed
Tobias Brunner [Tue, 31 May 2016 16:19:17 +0000 (18:19 +0200)]
unit-tests: Add test for rekey collision if one CREATE_CHILD_SA response is delayed

4 years agounit-tests: Add tests for IKE_SA rekeying if collision is not detected by one peer
Tobias Brunner [Tue, 31 May 2016 12:47:05 +0000 (14:47 +0200)]
unit-tests: Add tests for IKE_SA rekeying if collision is not detected by one peer

4 years agoike-rekey: Handle undetected collisions also if delete is delayed
Tobias Brunner [Tue, 31 May 2016 12:41:19 +0000 (14:41 +0200)]
ike-rekey: Handle undetected collisions also if delete is delayed

If the peer does not detect the rekey collision and deletes the old
IKE_SA and then receives the colliding rekey request it will respond with
TEMPORARY_FAILURE.  That notify may arrive before the DELETE does, in
which case we may just conclude the rekeying initiated by the peer.

Also, since the IKE_SA is destroyed in any case when we receive a delete
there is no point in storing the delete task in collide() as process_i()
in the ike-rekey task will never be called.

4 years agoike-rekey: There is no passive reauth task, so it will never collide with one
Tobias Brunner [Tue, 31 May 2016 12:35:22 +0000 (14:35 +0200)]
ike-rekey: There is no passive reauth task, so it will never collide with one

4 years agoike-rekey: Ignore colliding rekey tasks that did not create an IKE_SA
Tobias Brunner [Tue, 31 May 2016 12:14:26 +0000 (14:14 +0200)]
ike-rekey: Ignore colliding rekey tasks that did not create an IKE_SA

This simplifies collision handling and we don't need to know about these
tasks when concluding the rekeying we initiated.

4 years agoike-rekey: Properly handle situation if the peer did not notice the rekey collision
Tobias Brunner [Tue, 31 May 2016 10:22:32 +0000 (12:22 +0200)]
ike-rekey: Properly handle situation if the peer did not notice the rekey collision

We conclude the rekeying before deleting the IKE_SA.  Waiting for the
potential TEMPORARY_FAILURE notify is no good because if that response
does not reach us the peer will not retransmit it upon our retransmits
of the rekey request if it already deleted the IKE_SA after receiving
our response to the delete.

4 years agoike-delete: Handle deletes while rekeying differently if there was a collision
Tobias Brunner [Tue, 31 May 2016 10:21:01 +0000 (12:21 +0200)]
ike-delete: Handle deletes while rekeying differently if there was a collision

We treat these as if we concluded the rekeying, the active ike-rekey task
will handle the collision afterwards.

4 years agoike-rekey: Add method to check if there was a rekey collision
Tobias Brunner [Tue, 31 May 2016 10:19:53 +0000 (12:19 +0200)]
ike-rekey: Add method to check if there was a rekey collision

4 years agoikev2: Check for collisions after handling IKE deletion
Tobias Brunner [Tue, 31 May 2016 10:18:44 +0000 (12:18 +0200)]
ikev2: Check for collisions after handling IKE deletion

4 years agounit-tests: Add tests for IKE/CHILD delete collisions
Tobias Brunner [Tue, 31 May 2016 08:09:29 +0000 (10:09 +0200)]
unit-tests: Add tests for IKE/CHILD delete collisions

4 years agochild-delete: Reply as usual when concurrently rekeying the IKE_SA
Tobias Brunner [Tue, 31 May 2016 08:08:03 +0000 (10:08 +0200)]
child-delete: Reply as usual when concurrently rekeying the IKE_SA

As per RFC 7296, 2.25.2 (what we did before was the behavior described
in RFC 4718).

4 years agounit-tests: Add tests for IKE/CHILD rekey collisions
Tobias Brunner [Mon, 30 May 2016 16:30:51 +0000 (18:30 +0200)]
unit-tests: Add tests for IKE/CHILD rekey collisions

4 years agochild-create: Respond with TEMPORARY_FAILURE while rekeying/deleting IKE_SA
Tobias Brunner [Mon, 30 May 2016 16:07:53 +0000 (18:07 +0200)]
child-create: Respond with TEMPORARY_FAILURE while rekeying/deleting IKE_SA

4 years agoike-rekey: Respond with TEMPORARY_FAILURE if CHILD_SAs are currently rekeyed/deleted...
Tobias Brunner [Mon, 30 May 2016 15:59:42 +0000 (17:59 +0200)]
ike-rekey: Respond with TEMPORARY_FAILURE if CHILD_SAs are currently rekeyed/deleted/established

4 years agounit-tests: Add tests for collisions between IKE_SA rekeying and deletion
Tobias Brunner [Mon, 30 May 2016 15:26:28 +0000 (17:26 +0200)]
unit-tests: Add tests for collisions between IKE_SA rekeying and deletion

4 years agoike-rekey: Handle TEMPORARY_FAILURE notify
Tobias Brunner [Mon, 30 May 2016 15:10:51 +0000 (17:10 +0200)]
ike-rekey: Handle TEMPORARY_FAILURE notify

4 years agoike-rekey: Respond with TEMPORARY_FAILURE if we are deleting the SA
Tobias Brunner [Mon, 30 May 2016 14:53:37 +0000 (16:53 +0200)]
ike-rekey: Respond with TEMPORARY_FAILURE if we are deleting the SA

4 years agounit-tests: Add tests for IKE SA deletion
Tobias Brunner [Mon, 30 May 2016 14:30:56 +0000 (16:30 +0200)]
unit-tests: Add tests for IKE SA deletion

4 years agoike-delete: No need to wait for a response in case of concurrent deletes
Tobias Brunner [Mon, 30 May 2016 14:27:47 +0000 (16:27 +0200)]
ike-delete: No need to wait for a response in case of concurrent deletes

RFC 7296 explicitly says we SHOULD reply as usual and forget about our
own close request.

4 years agounit-tests: Only deliver messages to the SA they are addressed to
Tobias Brunner [Mon, 30 May 2016 13:39:38 +0000 (15:39 +0200)]
unit-tests: Only deliver messages to the SA they are addressed to

4 years agounit-tests: Add test for simple IKE rekey collision
Tobias Brunner [Sat, 28 May 2016 08:10:18 +0000 (10:10 +0200)]
unit-tests: Add test for simple IKE rekey collision

4 years agoikev2: Add a new state to track rekeyed IKE_SAs
Tobias Brunner [Sat, 28 May 2016 07:34:29 +0000 (09:34 +0200)]
ikev2: Add a new state to track rekeyed IKE_SAs

This makes handling such IKE_SAs more specifically compared to keeping them
in state IKE_CONNECTING or IKE_ESTABLISHED (which we did when we lost a
collision - even triggering the ike_updown event), or using IKE_REKEYING for
them, which would also be ambiguous.

For instance, we can now reject anything but DELETES for such SAs.

4 years agoike-rekey: Add the name/ID of the redundant IKE_SAs to the log messages
Tobias Brunner [Fri, 27 May 2016 17:16:03 +0000 (19:16 +0200)]
ike-rekey: Add the name/ID of the redundant IKE_SAs to the log messages

4 years agounit-tests: Add tests for IKE_SA rekeying
Tobias Brunner [Fri, 27 May 2016 08:31:42 +0000 (10:31 +0200)]
unit-tests: Add tests for IKE_SA rekeying

4 years agounit-tests: Add asserts against IKE_SAs
Tobias Brunner [Fri, 27 May 2016 08:31:11 +0000 (10:31 +0200)]
unit-tests: Add asserts against IKE_SAs

4 years agounit-tests: Make sure to flush the IKE_SA manager before destroying the sender
Tobias Brunner [Fri, 27 May 2016 08:17:53 +0000 (10:17 +0200)]
unit-tests: Make sure to flush the IKE_SA manager before destroying the sender

As the static plugin that creates and destroys the default sender was
not initialized because of the missing socket the daemon won't destroy
our sender.  Test cases will eventually have to flush the IKE_SA manager to
satisfy the leak detective.  However, in case of a test failure and if there
are IKE_SAs in the manager the daemon will flush the SAs when deinitializing,
which will cause deletes to get sent.  This crashes if the sender is already

4 years agounit-tests: Return status from process_message()
Tobias Brunner [Fri, 27 May 2016 08:07:03 +0000 (10:07 +0200)]
unit-tests: Return status from process_message()

4 years agounit-tests: Use wrapper for add_listener in bus_t related asserts
Tobias Brunner [Thu, 26 May 2016 15:00:10 +0000 (17:00 +0200)]
unit-tests: Use wrapper for add_listener in bus_t related asserts

4 years agounit-tests: Provide a wrapper around bus_t::add_listener and unregister them during...
Tobias Brunner [Thu, 26 May 2016 14:57:31 +0000 (16:57 +0200)]
unit-tests: Provide a wrapper around bus_t::add_listener and unregister them during cleanup

In case listeners on the stack are triggered while cleaning up after a
test failed (e.g. via ike_sa_manager_t::flush) remaining listeners defined on
the stack would cause a segmentation fault.