Andreas Steffen [Sat, 18 Mar 2017 13:51:30 +0000 (14:51 +0100)]
The tpm plugin offers random number generation
The tpm plugin can be used to derive true random numbers from a
TPM 2.0 device. The get_random method must be explicitly enabled
in strongswan.conf with the plugin.tpm.use_rng = yes option.
Tobias Brunner [Mon, 13 Mar 2017 15:37:12 +0000 (16:37 +0100)]
ikev1: First do PSK lookups based on identities then fallback to IPs
This provides a solution for configs where there is e.g. a catch-all %any
PSK, while more specific PSKs would be found by the identities of configs
that e.g. use FQDNs as local/remote addresses.
Andreas Steffen [Mon, 6 Mar 2017 05:16:10 +0000 (06:16 +0100)]
aikpub2: Removed aikpub2 tool
The aikpub2 tool has been replaced by pki --pub|--req --keyid hex ..
where keyid indicates the TPM 2.0 private key object handle. Thus
either the public key in PKCS#1 format can be extracted or a PKCS#10
certificate request signed by the TPM private key can be generated.
Tobias Brunner [Thu, 2 Mar 2017 08:50:34 +0000 (09:50 +0100)]
testing: load-testconfig script loads config from source dir
It now does replace the IPs too. This way it's easier to play around
with a config (otherwise a do-tests run was required to build the
config files in the build dir).
Tobias Brunner [Thu, 2 Mar 2017 10:51:27 +0000 (11:51 +0100)]
libipsec: Enforce a minimum of 256 for SPIs
RFC 4303 reserves the SPIs between 1 and 255 for future use. This also
avoids an overflow and a division by zero if spi_min is 0 and spi_max is
0xffffffff.
Tobias Brunner [Thu, 2 Mar 2017 07:58:07 +0000 (08:58 +0100)]
controller: Don't listen for CHILD_SA state changes when terminating IKE_SAs
We actually want to wait until the IKE_SA is destroyed, not any of the
CHILD_SAs (even though there might not be that much of a difference
depending on the number of CHILD_SAs).
Martin Willi [Wed, 22 Feb 2017 09:01:19 +0000 (10:01 +0100)]
addrblock: Use dynamic TS narrowing instead of rejecting the whole CHILD_SA
Previously, the client had to propose no wider selectors than the certificate
permits, otherwise the complete CHILD_SA was rejected. However, with IKEv2
we can dynamically narrow the selectors to what the certificate allows. This
makes client and gateway configurations very simple by just proposing 0.0.0.0/0,
narrowed to selectors the client is permitted to route into the network.
Martin Willi [Wed, 22 Feb 2017 08:43:31 +0000 (09:43 +0100)]
addrblock: Support an optional non-strict mode accepting certs without addrblock
This allows a gateway to enforce the addrblock policy on certificates that
actually have the extension only. For (legacy) certificates not having the
extension, traffic selectors are validated/narrowed by other means, most
likely by the configuration.
Tobias Brunner [Mon, 20 Feb 2017 10:36:30 +0000 (11:36 +0100)]
child-cfg: Always apply hosts to traffic selectors if proposing transport mode
Usually, %dynamic is used as traffic selector for transport mode SAs,
however, if wildcard traps are used then the remote TS will be a subnet.
With strongSwan at the remote end that usually works fine as the local
%dynamic TS narrows the proposed TS appropriately. But some
implementations reject non-host TS for transport mode SAs.
Another problem could be if several distinct subnets are configured for a
wildcard trap, as we'd then propose unrelated subnets on that transport
mode SA, which might be problematic even for strongSwan (switch to tunnel
mode and duplicate policies).
Martin Willi [Tue, 21 Feb 2017 15:54:57 +0000 (16:54 +0100)]
x509: Do not mark generated addrblock extension as critical
While RFC 3779 says we SHOULD mark it is critical, this has severe side effects
in practice. The addrblock extension is not widely used nor implemented, and
only a few applications can handle this extension. By marking it critical,
none of these applications can make use of such certificates where included
addrblocks do not matter, such as TLS/HTTPS.
If an application wants to make use of addrblocks, that is usually an explicit
decision. Then the very same application obviously can handle addrblocks, and
there is no need for the extension to be critical. In other words, for local
policy checks it is a local matter to handle the extension, hence making it
critical is usually not of much help.
Tobias Brunner [Fri, 24 Feb 2017 17:22:23 +0000 (18:22 +0100)]
plugin-loader: Fix hashing of registered plugin features
This strangely never caused any noticeable issues, but was the reason for
build failures in certain test cases (mostly BLISS) due to missing plugin
features when built with specific options on Travis (was not reproducible
locally).
Tobias Brunner [Wed, 15 Feb 2017 15:08:35 +0000 (16:08 +0100)]
android: Send network change events from a separate thread via JNI
Doing this from the main UI thread (which delivers the broadcast) might
cause an ANR if there is a delay (e.g. while acquiring a mutex in the
native parts). There might also have been a race condition during
termination previously because Unregister() was not synchronized so there
might have been dangling events that got delivered while or after the mutex
in the native parts was destroyed.
Tobias Brunner [Mon, 13 Feb 2017 10:54:53 +0000 (11:54 +0100)]
ikev1: Respond to DPDs for rekeyed IKE_SAs
Some devices always use the oldest IKE_SA to send DPDs and will delete
all IKE_SAs when there is no response. If uniqueness is not enforced
rekeyed IKE_SAs might not get deleted until they expire so we should
respond to DPDs.
Martin Willi [Mon, 10 Oct 2016 13:59:52 +0000 (15:59 +0200)]
ike-sa: Optionally try to migrate to the best path on routing priority changes
When multihomed, a setup might prefer to dynamically stay on the cheapest
available path by using MOBIKE migrations. If the cheapest path goes away and
comes back, we currently stay on the more expensive path to reduce noise and
prevent potential migration issues. This is usually just fine for links not
generating real cost.
If we have more expensive links in the setup, it can be desirable to always
migrate to the cheapest link available. By setting charon.prefer_best_path,
charon tries to migrate to the path using the highest priority link, allowing
an external application to update routes to indirectly control MOBIKE behavior.
This option has no effect if MOBIKE is unavailable.
Tobias Brunner [Tue, 15 Nov 2016 14:42:33 +0000 (15:42 +0100)]
ikev2: Ignore roam events without MOBIKE but static local address
Disabling MOBIKE and statically configuring a local address should be
enough indication that the user doesn't want to roam to a different
address. There might not be any routes that indicate we can use the
current address but it might still work (e.g. if the address is on an
interface that is not referenced in any routes and the address itself
is neither). This way we avoid switching to another address for routes
that might be available on the system.
We currently don't make much use of COND_STALE anyway when MOBIKE is not
enabled, e.g. to avoid sending DPDs if the connection is seemingly down.
With MOBIKE enabled we don't exactly check that state but we do don't
send DPDs if there is no route/source address available.
Tobias Brunner [Tue, 7 Feb 2017 10:30:49 +0000 (11:30 +0100)]
peer-cfg: Store mediated_by as name and not peer-cfg reference
This way updates to the mediation config are respected and the order in
which configs are configured/loaded does not matter.
The SQL plugin currently maintains the strong relationship between
mediated and mediation connection (we could theoretically change that to a
string too).
Tobias Brunner [Fri, 9 Dec 2016 13:45:41 +0000 (14:45 +0100)]
vici: Use unique names for CHILD_SAs in the list-sas command
The original name is returned in the new "name" attribute.
This fixes an issue with bindings that map VICI messages to
dictionaries. For instance, in roadwarrior scenarios where every
CHILD_SA has the same name only the information of the last CHILD_SA
would end up in the dictionary for that name.
Tobias Brunner [Fri, 18 Nov 2016 14:01:18 +0000 (15:01 +0100)]
vici: Add command to load a private key from a token
PINs are stored in a "hidden" credential set, so that its shared
secrets are not exposed via VICI. Since they are not explicitly loaded as
shared secrets via VICI a client might consider them as removed secrets and
remove them.
Tobias Brunner [Mon, 13 Feb 2017 18:06:24 +0000 (19:06 +0100)]
bypass-lan: Don't use interfaces in policies
After an interface disappeared we can't remove the policies correctly as
the name doesn't resolve to the previous index anymore.
And making the policies so specific might not provide that much benefit.
To handle the interfaces on the policies correctly would require some
changes to the child-cfg, kernel-interface etc. so they'd take interface
indices directly so we could target the policies correctly even if an
interface disappeared (or reappeared and got a new index).
Tobias Brunner [Wed, 25 Jan 2017 15:17:38 +0000 (16:17 +0100)]
revocation: More accurately describe the flags to disable OCSP/CRL validation
These options disable validation as such, e.g. even from cached CRLs, not
only the fetching. Also made the plugin's validate() implementation a
no-op if both options are disabled.
Eyal Birger [Wed, 25 Jan 2017 10:26:42 +0000 (12:26 +0200)]
child-sa: Do not install mark on inbound kernel SA
The SA ID (src, dst, proto, spi) is unique on ingress.
As such, explicit inbound marking is not needed to match an SA.
On the other hand, requiring inbound SAs to use marks forces the
installation of a mechanism for marking traffic (e.g. iptables) based
on some criteria.
Defining the criteria becomes complicated, for example when required to
support multiple SAs from the same src, especially when traffic is UDP
encapsulated.
This commit removes the assignment of the child_sa mark_in to the inbound SA.
Policies can be arbitrated by existing means - e.g, via netfilter policy
matching or using VTI interfaces - without the need to classify the flows prior
to state matching.
Since the reqid allocator regards the mark value, there is no risk of matching
the wrong policy.
And as explicit marking was required for route-based VPN to work before this
change, it should not cause regressions in existing setups.
Martin Willi [Thu, 19 Jan 2017 10:23:45 +0000 (11:23 +0100)]
kernel-netlink: Use RTA_SRC to specify route source in kernel-based lookups
For table dumps the kernel accepts RTA_PREFSRC to filter the routes, which is
what we do when doing userspace route calculations. For kernel-based route
lookups, however, the RTA_PREFSRC attribute is ignored and we must specify
RTA_SRC for policy based route lookups.
Martin Willi [Thu, 19 Jan 2017 10:03:55 +0000 (11:03 +0100)]
kernel-netlink: Use kernel-based route lookup if we do not install routes
For gateways with many connections, installing routes is often disabled,
as we can use a static route configuration to achieve proper routing with
a single rule. If this is the case, there is no need to dump all routes and
do userspace route lookups, as there is no need to exclude routes we installed
ourself.
Doing kernel-based route lookups is not only faster with may routes, but also
can use the full power of Linux policy based routing; something we can hardly
rebuild in userspace when calculating routes.