Tobias Brunner [Thu, 26 Nov 2020 09:53:45 +0000 (10:53 +0100)]
github: Migrate from Travis CI to Github Actions
On travis-ci.com (travis-ci.org will be discontinued by the end of the
year) we are now charged for each minute. We only got 10000 credits in
a trial plan, which we used up with a few builds. Minutes also cost a
different amount of credits on different platforms: 10 on Linux,
but 50 on macOS (installing the dependencies on macOS alone took 12-15
minutes on Travis for some reason, takes about half on Github's runners).
No native Windows build yet as we have the same issue as on AppVeyor where
threading/streaming tests might get stuck. And there is also only a
single Windows platform to test on. Plus building/testing on Windows is
very slow (and getting ccache to work seems tricky).
The 'sw_collector' test case had to be disabled because we can't access
/usr/local/share on the Github build hosts (the process is just blocked
in readdir() and eventually times out).
Unfortunately, we can't test on different architectures anymore (in
particular ARM and the big-endian IBM Z/x390x).
Tobias Brunner [Thu, 3 Dec 2020 11:14:35 +0000 (12:14 +0100)]
imv-scanner: Fix potentially unsafe port filter attribute destruction
DESTROY_IF() checks if the given value is not NULL, before calling
destroy() on it, which does not work for sub-structs. If
port_filter_attr is NULL, this could crash.
Tobias Brunner [Tue, 1 Dec 2020 11:12:25 +0000 (12:12 +0100)]
child-rekey: Don't migrate child-create task if we already are deleting
If we are already deleting the old/redundant CHILD_SA, we must not
migrate the child-create task as that would destroy the new CHILD_SA we
already moved to the IKE_SA.
Tobias Brunner [Fri, 20 Nov 2020 14:02:30 +0000 (15:02 +0100)]
host-resolver: Don't wait for a reply if there are no threads
Without threads handling the resolution, there is no point waiting
for a reply. If no subsequent resolution successfully starts a
thread (there might not even be one), we'd wait indefinitely.
Tobias Brunner [Mon, 2 Nov 2020 14:09:13 +0000 (15:09 +0100)]
identification: Validate ASN.1 DN in from_data() constructor
The DN is otherwise not parsed until compared/printed. This avoids
false detections as ASN.1 DN if e.g. an email address starts with "0",
which is 0x30 = ASN.1 sequence tag, and the next character denotes
the exact length of the rest of the string (see the unit tests for an
example).
Tobias Brunner [Tue, 1 Dec 2020 14:54:35 +0000 (15:54 +0100)]
android: Don't default to marking VPN connections as metered
For apps targeting Android 10, where a method to change this was added, the
default changed so that all VPN connections are marked as metered. This means
certain background operations (e.g. syncing data) are not performed anymore
even when connected to a WiFi. By setting this to false, the metered state
of the VPN connection reflects that of the underlying networks.
Tobias Brunner [Thu, 29 Oct 2020 16:55:38 +0000 (17:55 +0100)]
testing: Add option to build all software recipes when building strongSwan
This is like building the root image but using a specific strongSwan
source tree, which is helpful if code changes depend on other software
packages (e.g. TKM-related or testing new crypto libraries). If the script
is called and the root image does not exist, the new option is enabled
automatically.
The option to build in a specific guest image is now also moved to an
explicit command line option so that the source dir path is the only
remaining positional argument (see --help for details).
Tobias Brunner [Mon, 9 Nov 2020 09:51:56 +0000 (10:51 +0100)]
testing: Improve building different revisions of Git-recipes
If we check out and build a certain revision of a dependency in a branch and
switch to another that requires a different revision and then switch back,
the previous approach installed the wrong revision as it would incorrectly
assume the required revision was already built and ready to install.
Tobias Brunner [Thu, 12 Nov 2020 13:20:04 +0000 (14:20 +0100)]
windows: Don't declare [v]asprintf()
None of our build environments seem to require these declarations. And
current versions of MinGW-w64 define them as inline functions in stdio.h
so these declarations clashed with that ("static declaration of '...'
follows non-static declaration").
Shmulik Ladkani [Mon, 2 Nov 2020 12:54:48 +0000 (14:54 +0200)]
controller: Always return SUCCESS when terminating IKE_SAs without callback
If no callback is specified, terminate_ike_execute() is invoked without the
listener waiting on the IKE state change.
Now, if 'force' is false, then ike_sa->delete() just queues an
IKE_DELETE task, and returns SUCCESS - indicating successful task
manager initiation.
However, terminate_ike_execute() ignored this success and set the
status to FAILED.
This is not ideal, as it will be the overall return code of
terminate_ike(), although no failure did occur. This eventually leads
vici's "terminate" to return "Command failed: terminating SA failed",
as seen in this example:
CommandException: Command failed: terminating SA failed
If we consider both queueing the task and actually destroying the IKS_SA
a success, we can just always return SUCCESS if we don't have a
callback. There is also no need to explicitly set the status to FAILED
if a listener is waiting as that's the default anyway.
Tobias Brunner [Tue, 3 Nov 2020 11:07:48 +0000 (12:07 +0100)]
gcrypt: Use a dummy buffer to initialize static allocations
In FIPS mode, libgcrypt uses a DRBG, which behaves differently when the
length passed to gcry_create_nonce() or gcry_randomize() is <= 0. It
expects a struct and explicitly checks that the passed pointer is not
NULL.
Tobias Brunner [Tue, 20 Oct 2020 18:14:08 +0000 (20:14 +0200)]
vici: Send all queued messages during shutdown
This ensures that e.g. ike/child-updown messages are sent that were
queued but couldn't be sent (even the job to enable to on_write() callback
requires a worker thread that's not around anymore during shutdown).
Tobias Brunner [Wed, 28 Oct 2020 14:50:59 +0000 (15:50 +0100)]
ikev2: Clear fragments of a retransmitted message if we receive the next one
The message_t object used for defragmentation was only cleared after
all fragments have been received and the message was delivered. So
if we received only some fragments of a retransmitted message, the
fragments of the next message were not processed (message_t returns
INVALID_ARG if the message ID does not match causing the message to
get ignored). This rendered the IKE_SA unusable as the client
obviously never retransmitted the fragments of that previous message
after it received our response.
Tobias Brunner [Thu, 29 Oct 2020 10:23:48 +0000 (11:23 +0100)]
Merge branch 'android-ipv6-transport'
Adds support to use IPv6 as transport addresses for IKE and ESP and a
bunch of fixes. On Linux servers, this requires at least a 5.8 kernel so
UDP encapsulation for IPv6 is supported.
Tobias Brunner [Mon, 19 Oct 2020 15:52:15 +0000 (17:52 +0200)]
android: Throw an exception if UUID can't get parsed
The parser is quite picky and e.g. doesn't accept UUIDs without dashes.
Even without a specific error, this at least points the users into the
right direction.
Tobias Brunner [Mon, 19 Oct 2020 15:41:52 +0000 (17:41 +0200)]
android: Prevent illegalStateException when showing power whitelist dialog
If the activity is not active when the service connection is
established and handleIntent() is called, the activity's state is already
saved and any fragment transaction would result in an illegalStateException
due to state loss. We just ignore this and wait for another initiation
attempt (via onNewIntent()).
Tobias Brunner [Mon, 19 Oct 2020 14:46:22 +0000 (16:46 +0200)]
android: Handle restarts of control activity with power whitelist dialog better
With the flag set, we basically ignore the resent intent, which is not
ideal if we have not yet actually started another activity. The information
dialog we show first would disappear when closing and reopening the app
or even just rotating it (we hide all dialogs when receiving an intent),
but since the flag was restored, the dialog was not shown again even
when attempting to start other connections.
Tobias Brunner [Thu, 15 Oct 2020 14:10:07 +0000 (16:10 +0200)]
kernel-netlink: Update cached address flags
Note that manually adding an IPv6 address without disabling duplicate
address detection (DAD, e.g. via `nodad` when using iproute2) will cause
a roam event due to a flag change after about 1-2 seconds (TENTATIVE is
removed). If this is a problem, we might have to ignore addresses with
TENTATIVE flag when we receive a RTM_NEWADDR message until that flag is
eventually removed.
Tobias Brunner [Thu, 15 Oct 2020 11:45:53 +0000 (13:45 +0200)]
child-create: Update CHILD_SA IP addresses before installation
We create the child_sa_t object when initiating the CREATE_CHILD_SA
request, however, the IP addresses/ports might have changed once we
eventually receive the response (potentially to a retransmit sent to
a different address). So update them before installing the SA and
policies.
If the local address changed too and depending on the kernel
implementation, the temporary SA created to allocate the inbound SPI
might remain as it can't be updated. This could cause issues if e.g.
the address switches back before that SA expired (the updated inbound
SA conflicts with the temporary one), or if that happens close together
and the expire (having to wait for the address update) causes the
updated SA to get deleted.
Tobias Brunner [Thu, 8 Oct 2020 07:40:12 +0000 (09:40 +0200)]
swanctl: Support any key type for decrypted keys
The previous code required explicit support for a particular key type,
of which Ed25519 and Ed448 were missing. While a fallback to `any` would
have been possible (this is already the case for unencrypted keys in the
`private` and `pkcs8` directories, which are not parsed by swanctl), it's
not necessary (as long as swanctl and the daemon are from the same release)
and does not require the daemon to detect the key type again.
Martin Willi [Mon, 10 Aug 2020 16:29:52 +0000 (18:29 +0200)]
revocation: Validate OCSP nonce only if response actually contains a nonce
Commit 27756b081c1b8 (revocation: Check that nonce in OCSP response matches)
introduced strict nonce validation to prevent replay attacks with OCSP
responses having a longer lifetime. However, many commercial CAs (such as
Digicert) do not support nonces in responses, as they reuse once-issued OCSP
responses for the OCSP lifetime. This can be problematic for replay attack
scenarios, but is nothing we can fix at our end.
With the mentioned commit, such OCSP responses get completely unusable,
requiring the fallback to CRL based revocation. CRLs don't provide any
replay protection either, so there is nothing gained security-wise, but may
require a download of several megabytes CRL data.
To make use of replay protection where available, but fix OCSP verification
where it is not, do nonce verification only if the response actually contains
a nonce. To be safe against replay attacks, one has to fix the OCSP responder
or use a different CA, but this is not something we can enforce.
openssl: Accept CRLs issued by non-CA certificates with cRLSign keyUsage flag
The x509 plugin accepted CRL signers since forever, to be precise, since dffb176f2bc0 ("CRLSign keyUsage or CA basicConstraint are sufficient
for CRL validation")).
lgtm: Fix building dependencies (in particular tpm2-tss)
This was moved to a separate step with 0ff939585ec7 ("travis: Bump tpm2-tss
to 2.4.1") so packages are installed before these dependencies are built.
However, on LGTM, packages can't be installed explicitly, so `deps` is
a no-op and we still have to list some dependencies in the config.
ike-vendor: Add option to send Cisco FLexVPN vendor ID
A new global option enables sending this vendor ID to prevent Cisco
devices from narrowing the initiator's local traffic selector to the
requested virtual IP, so e.g. 0.0.0.0/0 can be used instead.
This has been tested with a "tunnel mode ipsec ipv4" Cisco template but
should also work for GRE encapsulation.
It's ever so close with strongTNC, sometimes the OOM killer got triggered
and the tests failed, or even worse, the whole guest system got stuck.
This might just be enough for now.
Tobias Brunner [Mon, 24 Aug 2020 14:22:18 +0000 (16:22 +0200)]
testing: Fix dependency issue with strongTNC
Apparently, djangorestframework-camel-case, in the referenced version,
uses `six` but does not itself require/install it (later versions removed
Python 2 support altogether).
On newer systems, the upper hard limit for open file descriptors (see
`ulimit -H -n`) was increased from 4096 to 524288. Due to how python-daemon
closes potentially open file descriptors (basically stores them in a set,
removes those excluded by config, and loops through all of them), the updown
script was either killed immediately (by the OOM killer) or not ready yet
when updown events occurred.