Merge tag '5.9.5' of https://github.com/sophos/strongswan

sophos · May 4, 2022 · d6de793 · d6de793
2 parents b782f94 + 57d6e96
commit d6de793
Show file tree

Hide file tree

Showing 165 changed files with 13,078 additions and 753 deletions.
diff --git a/.github/workflows/tkm.yml b/.github/workflows/tkm.yml
@@ -0,0 +1,71 @@
+name: TKM
+
+on: [push, pull_request]
+
+env:
+  CCACHE_DIR: ${{ github.workspace }}/.ccache
+  CCACHE_CONTAINER: /root/.ccache
+  CCACHE_COMPILERCHECK: content
+  CCACHE_COMPRESS: true
+  CCACHE_MAXSIZE: 200M
+
+jobs:
+  pre-check:
+    runs-on: ubuntu-latest
+    outputs:
+      should_skip: ${{ steps.skip-check.outputs.should_skip }}
+    steps:
+      - id: skip-check
+        uses: fkirc/skip-duplicate-actions@master
+        with:
+          concurrent_skipping: 'same_content'
+
+  tkm:
+    needs: pre-check
+    if: ${{ needs.pre-check.outputs.should_skip != 'true' }}
+    runs-on: ubuntu-latest
+    env:
+      TEST: tkm
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/cache@v2
+        with:
+          path: ${{ env.CCACHE_DIR }}
+          key: ccache-tkm-${{ github.sha }}
+          restore-keys: |
+            ccache-tkm-
+      - name: Build Docker Image
+        run: docker build -t strongswan-tkm -f testing/tkm/Dockerfile testing
+      - name: Run Tests in Container
+        uses: addnab/docker-run-action@v3
+        with:
+          image: strongswan-tkm
+          shell: bash
+          options: |
+            --cap-add net_admin
+            -v ${{ github.workspace }}:/strongswan
+            -v ${{ env.CCACHE_DIR }}:${{ env.CCACHE_CONTAINER }}
+            -e CCACHE_DIR=${{ env.CCACHE_CONTAINER }}
+            -e CCACHE_COMPILERCHECK
+            -e CCACHE_COMPRESS
+            -e CCACHE_MAXSIZE
+          run: |
+            ccache -z
+            autoreconf -i /strongswan || exit 1
+            CFLAGS="-g -O2 -Wall -Wno-format -Wno-format-security -Wno-pointer-sign -Werror" \
+            /strongswan/configure --disable-defaults --enable-silent-rules \
+              --enable-ikev2 --enable-kernel-netlink --enable-openssl \
+              --enable-pem --enable-socket-default --enable-swanctl \
+              --enable-tkm || exit 1
+            # run tests without TKM first
+            make -j check TESTS_RUNNERS=tkm || exit 1
+
+            # generate TKM config
+            /usr/local/share/tkm/generate-config.sh
+
+            # start TKM in the background
+            tkm_keymanager -c tkm.conf -k key.der -r ca.der:1 >/tmp/tkm.log &
+            # run the tests against TKM and get TKM log
+            make -j check TESTS_RUNNERS=tkm TESTS_TKM=1 || exit 1
+            cat /tmp/tkm.log
+            ccache -s
diff --git a/NEWS b/NEWS
@@ -1,3 +1,42 @@
+strongswan-5.9.5
+----------------
+
+- Fixed a vulnerability in the EAP client implementation that was caused by
+  incorrectly handling early EAP-Success messages. It may allow to bypass the
+  client and in some scenarios even the server authentication, or could lead to
+  a denial-of-service attack.
+  This vulnerability has been registered as CVE-2021-45079.
+
+- Using the trusted RSA or ECC Endorsement Key of the TPM 2.0, libtpmtss may now
+  establish a secure session via RSA encryption or an ephemeral ECDH key
+  exchange, respectively. The session allows HMAC-based authenticated
+  communication with the TPM 2.0 and the exchanged parameters can be encrypted
+  where necessary to guarantee confidentiality (e.g. when using the TPM as RNG).
+
+- Basic support for OpenSSL 3.0 has been added, in particular, the new
+  load_legacy option (enabled by default) allows loading the "legacy" provider
+  for algorithms like MD4 and DES (both required for EAP-MSCHAPv2), and the
+  existing fips_mode option allows explicitly loading the "fips" provider e.g.
+  if it's not activated in OpenSSL's fipsmodule.cnf.
+
+- The MTU of TUN devices created by the kernel-pfroute plugin on macOS and
+  FreeBSD is now configurable and reduced to 1400 bytes, by default.  This also
+  fixes an issue on macOS 12 that prevented the detection of virtual IPs
+  installed on such TUN devices.
+
+- When rekeying CHILD_SAs, the old outbound SA is now uninstalled shortly after
+  the new SA has been installed on the initiator/winner. This is useful for
+  IPsec implementations where the ordering of SAs is unpredictable and we can't
+  set the SPI on the outbound policy to switch to the new SA while both are
+  installed.
+
+- The sw-collector utility may now iterate through APT history logs processed
+  by logrotate.
+
+- The openssl plugin now only announces the ECDH groups actually supported by
+  OpenSSL (determined via EC_get_builtin_curves()).
+
+
 strongswan-5.9.4
 ----------------
 

diff --git a/conf/plugins/ha.opt b/conf/plugins/ha.opt
@@ -2,7 +2,7 @@ charon.plugins.ha.autobalance = 0
 	Interval in seconds to automatically balance handled segments between nodes.
 	Set to 0 to disable.
 
-charon.plugin.ha.buflen = 2048
+charon.plugins.ha.buflen = 2048
 	Buffer size for received HA messages.
 
 	Buffer size for received HA messages. For IKEv1 the public DH factors are

diff --git a/conf/plugins/kernel-pfroute.opt b/conf/plugins/kernel-pfroute.opt
@@ -1,3 +1,6 @@
+charon.plugins.kernel-pfroute.mtu = 1400
+	MTU to set on TUN devices created for virtual IPs.
+
 charon.plugins.kernel-pfroute.vip_wait = 1000
 	Time in ms to wait until virtual IP addresses appear/disappear before
 	failing.
diff --git a/conf/plugins/openssl.opt b/conf/plugins/openssl.opt
@@ -3,3 +3,16 @@ charon.plugins.openssl.engine_id = pkcs11
 
 charon.plugins.openssl.fips_mode = 0
 	Set OpenSSL FIPS mode: disabled(0), enabled(1), Suite B enabled(2).
+
+	Set OpenSSL FIPS mode.  With OpenSSL before 3.0, the supported values are
+	disabled(0), enabled(1) and Suite B enabled(2).  With OpenSSL 3+, any value
+	other than 0 will explicitly load the fips and base providers (_load_legacy_
+	will be ignored). The latter still requires the config in fipsmodule.cnf
+	(e.g. for the module's MAC), but allows explicitly loading the provider if
+	it's not activated in that config.
+
+charon.plugins.openssl.load_legacy = yes
+	Load the legacy provider in OpenSSL 3+ for algorithms like MD4, DES, or
+	Blowfish (the first two are required for EAP-MSCHAPv2). If disabled, the
+	default provider is loaded, or those configured in the OpenSSL config (e.g.
+	the fips provider).
diff --git a/conf/plugins/tpm.opt b/conf/plugins/tpm.opt
@@ -1,5 +1,6 @@
 charon.plugins.tpm.use_rng = no
-	Whether the TPM should be used as RNG.
+	Whether the TPM should be used as RNG. For security reasons enable only if
+	an authenticated session can be set up (see _ek_handle_ option).
 
 charon.plugins.tpm.fips_186_4 = no
 	Is the TPM 2.0 FIPS-186-4 compliant, forcing e.g. the use of the default
@@ -14,3 +15,7 @@ charon.plugins.tpm.tcti.name = device|tabrmd
 charon.plugins.tpm.tcti.opts = /dev/tpmrm0|<none>
 	Options for the TPM 2.0 TCTI library. Defaults are _/dev/tpmrm0_ if the
 	TCTI library name is _device_ and no options otherwise.
+
+charon.plugins.tpm.ek_handle =
+	Handle of the RSA or ECC Endorsement Key (EK) to be used to set up an
+	authenticated session with a TPM 2.0 (e.g. 0x81010001).
diff --git a/configure.ac b/configure.ac
@@ -19,7 +19,7 @@
 #  initialize & set some vars
 # ============================
 
-AC_INIT([strongSwan],[5.9.4])
+AC_INIT([strongSwan],[5.9.5])
 AM_INIT_AUTOMAKE(m4_esyscmd([
 	echo tar-ustar
 	echo subdir-objects

diff --git a/scripts/test.sh b/scripts/test.sh
@@ -4,7 +4,7 @@
 build_botan()
 {
 	# same revision used in the build recipe of the testing environment
-	BOTAN_REV=2.18.0
+	BOTAN_REV=c55f5d42650b # 2.18.2 + fix for SHA-3 compilation issue
 	BOTAN_DIR=$DEPS_BUILD_DIR/botan
 
 	if test -d "$BOTAN_DIR"; then
@@ -37,7 +37,7 @@ build_botan()
 
 build_wolfssl()
 {
-	WOLFSSL_REV=v4.8.0-stable
+	WOLFSSL_REV=v5.1.1-stable
 	WOLFSSL_DIR=$DEPS_BUILD_DIR/wolfssl
 
 	if test -d "$WOLFSSL_DIR"; then
@@ -116,8 +116,8 @@ openssl*)
 	DEPS="libssl-dev"
 	;;
 gcrypt)
-	CONFIG="--disable-defaults --enable-pki --enable-gcrypt --enable-pkcs1"
-	export TESTS_PLUGINS="test-vectors pkcs1 gcrypt!"
+	CONFIG="--disable-defaults --enable-pki --enable-gcrypt --enable-pkcs1 --enable-pkcs8"
+	export TESTS_PLUGINS="test-vectors pkcs1 pkcs8 gcrypt!"
 	if [ "$ID" = "ubuntu" -a "$VERSION_ID" = "20.04" ]; then
 		DEPS="libgcrypt20-dev"
 	else

diff --git a/src/charon-tkm/Makefile.am b/src/charon-tkm/Makefile.am
@@ -39,14 +39,15 @@ build_charon: build_charon.gpr src/charon-tkm.c
 build_tests: build_tests.gpr
 	@$(GPRBUILD) -p $< $(BUILD_OPTS) $(TEST_OPTS)
 
-check-tkm: build_tests
+check: build_tests
+	if test -z "${TESTS_TKM}"; then \
+		echo -e >&2 \
+			"\nSome TKM tests are not enabled, by default, because they have" \
+			"\nto be run as root and require a running TKM daemon. They may" \
+			"\nbe enabled by defining the TESTS_TKM environment variable.\n"; \
+	fi
 	@LD_LIBRARY_PATH=$(LIBPT) obj/tests
 
-check:
-	@echo "TKM tests are not run automatically because they have to be run as root" >&2
-	@echo "and require a properly configured TKM daemon to be running." >&2
-	@echo "They can be run from '$(abs_builddir)' with 'make check-tkm'" >&2
-
 install: build_charon
 	$(INSTALL) -m 755 obj/charon-tkm $(DESTDIR)$(ipsecdir)
 

diff --git a/src/charon-tkm/src/tkm/tkm_private_key.c b/src/charon-tkm/src/tkm/tkm_private_key.c
@@ -90,7 +90,7 @@ METHOD(private_key_t, sign, bool,
 
 METHOD(private_key_t, decrypt, bool,
 	private_tkm_private_key_t *this, encryption_scheme_t scheme,
-	chunk_t crypto, chunk_t *plain)
+	void *params, chunk_t crypto, chunk_t *plain)
 {
 	return FALSE;
 }

diff --git a/src/charon-tkm/src/tkm/tkm_public_key.c b/src/charon-tkm/src/tkm/tkm_public_key.c
@@ -62,7 +62,7 @@ METHOD(public_key_t, verify, bool,
 
 METHOD(public_key_t, encrypt_, bool,
 	private_tkm_public_key_t *this, encryption_scheme_t scheme,
-	chunk_t plain, chunk_t *crypto)
+	void *params, chunk_t plain, chunk_t *crypto)
 {
 	return FALSE;
 }

diff --git a/src/charon-tkm/tests/keymat_tests.c b/src/charon-tkm/tests/keymat_tests.c
@@ -62,7 +62,7 @@ START_TEST(test_derive_ike_keys)
 	aead_t * const aead = keymat->keymat_v2.keymat.get_aead(&keymat->keymat_v2.keymat, TRUE);
 	fail_if(!aead, "AEAD is NULL");
 
-	fail_if(aead->get_key_size(aead) != 96, "Key size mismatch %d",
+	fail_if(aead->get_key_size(aead) != 1, "Key size mismatch %d",
 			aead->get_key_size(aead));
 	fail_if(aead->get_block_size(aead) != 16, "Block size mismatch %d",
 			aead->get_block_size(aead));

diff --git a/src/charon-tkm/tests/tests.c b/src/charon-tkm/tests/tests.c
@@ -41,21 +41,31 @@ static test_configuration_t tests[] = {
 	{ .suite = NULL, }
 };
 
-static bool tkm_initialized = false;
+static bool tkm_initialized, use_tkm;
 
 static bool test_runner_init(bool init)
 {
 	bool result = TRUE;
 
-	if (init)
+	if (init && use_tkm)
 	{
+		int level = LEVEL_SILENT;
+		char *verbosity;
+
 		libcharon_init();
-		lib->settings->set_int(lib->settings,
-							   "test-runner.filelog.stdout.default", 0);
+		verbosity = getenv("TESTS_VERBOSITY");
+		if (verbosity)
+		{
+			level = atoi(verbosity);
+		}
+		lib->settings->set_int(lib->settings, "%s.filelog.stderr.default",
+			lib->settings->get_int(lib->settings, "%s.filelog.stderr.default",
+								   level, lib->ns), lib->ns);
 		charon->load_loggers(charon);
 
 		/* Register TKM specific plugins */
 		static plugin_feature_t features[] = {
+			PLUGIN_PROVIDE(CUSTOM, "tkm"),
 			PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create),
 				PLUGIN_PROVIDE(NONCE_GEN),
 			PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create),
@@ -98,6 +108,8 @@ int main(int argc, char *argv[])
 {
 	bool result;
 
+	use_tkm = getenv("TESTS_TKM") != NULL;
+
 	/* disable leak detective because of how tkm_init/deinit is called, which
 	 * does not work otherwise due to limitations of the external libraries */
 	setenv("LEAK_DETECTIVE_DISABLE", "1", 1);

diff --git a/src/charon-tkm/tests/tests.h b/src/charon-tkm/tests/tests.h
@@ -17,7 +17,7 @@
 TEST_SUITE(make_id_manager_tests)
 TEST_SUITE(make_chunk_map_tests)
 TEST_SUITE(make_utility_tests)
-TEST_SUITE(make_nonceg_tests)
-TEST_SUITE(make_diffie_hellman_tests)
-TEST_SUITE(make_keymat_tests)
+TEST_SUITE_DEPEND(make_nonceg_tests, CUSTOM, "tkm")
+TEST_SUITE_DEPEND(make_diffie_hellman_tests, CUSTOM, "tkm")
+TEST_SUITE_DEPEND(make_keymat_tests, CUSTOM, "tkm")
 TEST_SUITE(make_kernel_sad_tests)
diff --git a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_private_key.c b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_private_key.c
@@ -388,7 +388,7 @@ METHOD(private_key_t, get_type, key_type_t,
 
 METHOD(private_key_t, decrypt, bool,
 	private_private_key_t *this, encryption_scheme_t scheme,
-	chunk_t crypto, chunk_t *plain)
+	void *params, chunk_t crypto, chunk_t *plain)
 {
 	DBG1(DBG_LIB, "private key decryption is currently not supported via JNI");
 	return FALSE;

diff --git a/src/frontends/android/app/src/main/res/values-zh-rCN/arrays.xml b/src/frontends/android/app/src/main/res/values-zh-rCN/arrays.xml
@@ -24,8 +24,8 @@
 
     <!-- the order here must match the enum entries in VpnProfile.java -->
     <string-array name="apps_handling">
-        <item>All applications use the VPN</item>
-        <item>Exclude selected applications from the VPN</item>
-        <item>Only selected applications use the VPN</item>
+        <item>所有应用程序都使用VPN</item>
+        <item>从VPN中排除选定的应用程序</item>
+        <item>只有选定的应用程序使用VPN</item>
     </string-array>
-</resources>
+</resources>