strongswan.git
13 months agowip: kernel-netlink: Restrict route priority comparison to the same routing table kernel-netlink-prio-table
Tobias Brunner [Mon, 2 Jul 2018 08:56:15 +0000 (10:56 +0200)]
wip: kernel-netlink: Restrict route priority comparison to the same routing table

The priority/metric is not a global property but only relevant locally
per routing table.

wip: On the other hand, this provided the only possibility to prioritize
routes with our lookup (not sure if anybody used it that way though).

13 months agokernel-pfkey: Avoid updating policies if nothing significant changed
Tobias Brunner [Fri, 1 Jun 2018 09:15:22 +0000 (11:15 +0200)]
kernel-pfkey: Avoid updating policies if nothing significant changed

The FreeBSD kernel doesn't update policies atomically, causing
unnecessary traffic loss during simple rekeyings.

Fixes #2677.

13 months agosettings: Fix compilation with newer versions of Clang
Tobias Brunner [Fri, 29 Jun 2018 09:30:31 +0000 (11:30 +0200)]
settings: Fix compilation with newer versions of Clang

Depending on the actual va_list definition it's not valid to compare it
directly or assign NULL.

13 months agoMerge branch 'ike-proposal-switch'
Tobias Brunner [Thu, 28 Jun 2018 16:47:15 +0000 (18:47 +0200)]
Merge branch 'ike-proposal-switch'

This allows switching the originally selected IKE config (based on the
IPs and IKE version) to a different one if no matching proposal is found.

This way we don't rely that much on the order of configs anymore and it's
possible to configure separate configs for clients that require weak
algorithms.

13 months agotesting: Fix IKE proposal in swanctl/net2net-gw scenario
Tobias Brunner [Thu, 28 Jun 2018 16:03:57 +0000 (18:03 +0200)]
testing: Fix IKE proposal in swanctl/net2net-gw scenario

Also simplify config by using references.

13 months agobackend-manager: Change how IKE/peer config matches are logged
Tobias Brunner [Wed, 27 Jun 2018 15:59:54 +0000 (17:59 +0200)]
backend-manager: Change how IKE/peer config matches are logged

Instead of logging the search parameters for IKE configs (which were already
before starting the lookup) we log the configured settings.

The peer config lookup is also changed slightly by doing the IKE config
match first and skipping some checks if that or the local peer identity
doesn't match.

13 months agoReplace 'inacceptable' with the more common 'unacceptable'
Tobias Brunner [Tue, 29 May 2018 16:27:16 +0000 (18:27 +0200)]
Replace 'inacceptable' with the more common 'unacceptable'

13 months agochild-cfg: Allow suppressing log messages when selecting traffic selectors
Tobias Brunner [Tue, 29 May 2018 16:12:16 +0000 (18:12 +0200)]
child-cfg: Allow suppressing log messages when selecting traffic selectors

Although being already logged on level 2, these messages are usually just
confusing if they pop up randomly in the log when e.g. querying the configs
or installing traps.  So after this the log messages will only be logged when
actually proposing or selecting traffic selectors during IKE.

13 months agoike-init: Switch to an alternative config if proposals don't match
Tobias Brunner [Tue, 29 May 2018 15:04:12 +0000 (17:04 +0200)]
ike-init: Switch to an alternative config if proposals don't match

This way we don't rely on the order of equally matching configs as
heavily anymore (which is actually tricky in vici) and this also doesn't
require repeating weak algorithms in all configs that might potentially be
selected if there are some clients that require them.

There is currently no ordering, so an explicitly configured exactly matching
proposal isn't a better match than e.g. the default proposal that also
contains the proposed algorithms.

13 months agoike-auth: Consider negotiated IKE proposal when selecting peer configs
Tobias Brunner [Tue, 29 May 2018 14:57:49 +0000 (16:57 +0200)]
ike-auth: Consider negotiated IKE proposal when selecting peer configs

In some scenarios we might find multiple usable peer configs with different
IKE proposals.  This is a problem if we use a config with non-matching
proposals that later causes IKE rekeying to fail.  It might even be a problem
already when creating the CHILD_SA if the proposals of IKE and CHILD_SA
are consistent.

13 months agoike-cfg: Add method to check if config contains matching proposal
Tobias Brunner [Tue, 29 May 2018 14:51:48 +0000 (16:51 +0200)]
ike-cfg: Add method to check if config contains matching proposal

This way we can check whether the config should be considered or not if
we have a selected proposal.

13 months agoproposal: Add method to check if two proposals match
Tobias Brunner [Tue, 29 May 2018 14:02:21 +0000 (16:02 +0200)]
proposal: Add method to check if two proposals match

Similar to select() but does not return a proposal and does not log
anything.

13 months agochild-cfg: Log the selected proposal on level 1
Tobias Brunner [Tue, 29 May 2018 13:39:38 +0000 (15:39 +0200)]
child-cfg: Log the selected proposal on level 1

13 months agoike-cfg: Log the selected proposal on level 1
Tobias Brunner [Tue, 29 May 2018 13:39:19 +0000 (15:39 +0200)]
ike-cfg: Log the selected proposal on level 1

13 months agobackend-manager: Add enumerator over all matching IKE configs
Tobias Brunner [Tue, 29 May 2018 10:44:12 +0000 (12:44 +0200)]
backend-manager: Add enumerator over all matching IKE configs

13 months agobackend-manager: Simplify sorting peer configs
Tobias Brunner [Tue, 29 May 2018 10:24:02 +0000 (12:24 +0200)]
backend-manager: Simplify sorting peer configs

13 months agotesting: Add wrapper for systemctl to collect leaks from charon-systemd
Tobias Brunner [Thu, 28 Jun 2018 14:29:22 +0000 (16:29 +0200)]
testing: Add wrapper for systemctl to collect leaks from charon-systemd

Similar to the wrapper around `service` added with 71d59af58aea, this
sets the variable only when running the automated tests.

13 months agoMerge branch 'settings-references'
Tobias Brunner [Wed, 27 Jun 2018 12:31:50 +0000 (14:31 +0200)]
Merge branch 'settings-references'

This adds the ability to reference existing sections to the settings parser.
Mainly for swanctl.conf, where this could simplify complex configs a lot
as redundant information has only to be specified once and may then be
included in other sections (there is an example in the man page and
there are some in the unit tests).

Also added is a new setting in filelog sections to specify the path of
the log file (in case it contains characters that are not allowed in section
names). We should encourage people to configure their log files that way
which might allow use to prohibit dots in section names in the future.

13 months agodaemon: Allow configuration of logfile path as value
Tobias Brunner [Thu, 31 May 2018 09:36:15 +0000 (11:36 +0200)]
daemon: Allow configuration of logfile path as value

Some characters are not allowed in section names, this way they can
still be used in paths of log files.

13 months agoconf: Document reference syntax
Tobias Brunner [Thu, 31 May 2018 09:29:37 +0000 (11:29 +0200)]
conf: Document reference syntax

13 months agosettings: Properly lock when extending sections or adding fallbacks
Tobias Brunner [Tue, 22 May 2018 08:51:50 +0000 (10:51 +0200)]
settings: Properly lock when extending sections or adding fallbacks

There was a potential chance for a race condition if the ensured section
was purged for some reason before using it later.

This also changes the behavior for NULL/empty strings via load_string*
with merge == FALSE, which now purges the config/section.

13 months agosettings-test: Add option to use the frontend to display the settings
Tobias Brunner [Tue, 15 May 2018 15:04:23 +0000 (17:04 +0200)]
settings-test: Add option to use the frontend to display the settings

This resolves references and redefined values. It currently doesn't work
properly if section names contain dots.

13 months agosettings: Add reference feature
Tobias Brunner [Tue, 15 May 2018 12:10:32 +0000 (14:10 +0200)]
settings: Add reference feature

Similar to the `also` keyword in ipsec.conf, the new syntax allows adding
one or more references to other sections, which means all the settings and
subsections defined there are inherited (values may be overridden, even
with an empty value to clear it).

It's important to note that all subsections are inherited, so if this is
used to reference a connection in swanctl.conf all auth rounds and
children are inherited.  There is currently no syntax to limit the
inclusion level or clear inherited sections (but as mentioned, settings
in those inherited sections may be overridden).

Another property is that inherited settings or sections always follow
explicitly defined entries in the current section when they are enumerated.
This is relevant if the order is important (e.g. for auth rounds if `round`
is not specified).

References are evaluated dynamically at runtime, so referring to
sections later in the config file or included via other files is no
problem.

The colon used as separator to reference other sections may be used in
section names by writing :: (e.g. for Windows log file paths).

This is based on a patch originally written in 2016.

13 months agocharon-systemd: Register journal logger as custom logger
Tobias Brunner [Tue, 5 Jun 2018 09:52:32 +0000 (11:52 +0200)]
charon-systemd: Register journal logger as custom logger

This way we get early log messages during plugin loading (including
integrity check results).

Instead of the fallback we could also remove the `customlog` namespace,
which was added to avoid conflicts with other settings/sections.

13 months agolinked-list: Order of insert_before/remove_at calls doesn't matter anymore
Tobias Brunner [Mon, 28 May 2018 17:09:02 +0000 (19:09 +0200)]
linked-list: Order of insert_before/remove_at calls doesn't matter anymore

This was quite confusing previously:  While calling insert_before()
and then remove_at() properly replaced the current item, calling them the
other way around inserted the new item before the previous item because
remove_at() changed the enumerator's position to the previous item.

The behavior in corner cases (calling the methods before or after
enumeration) is also changed slightly.

13 months agovici: Maintain connection order when replacing one
Tobias Brunner [Mon, 28 May 2018 15:36:03 +0000 (17:36 +0200)]
vici: Maintain connection order when replacing one

13 months agoeap-radius: Document station_id_with_port option
Tobias Brunner [Mon, 25 Jun 2018 08:42:17 +0000 (10:42 +0200)]
eap-radius: Document station_id_with_port option

14 months agoVersion bump to 5.7.0dr4 5.7.0dr4
Andreas Steffen [Fri, 22 Jun 2018 09:21:02 +0000 (11:21 +0200)]
Version bump to 5.7.0dr4

14 months agovici: list cert_policy parameter
Andreas Steffen [Fri, 22 Jun 2018 08:39:36 +0000 (10:39 +0200)]
vici: list cert_policy parameter

14 months agotesting: Added swanctl/rw-ed25519-certpol scenario
Andreas Steffen [Fri, 22 Jun 2018 07:59:04 +0000 (09:59 +0200)]
testing: Added swanctl/rw-ed25519-certpol scenario

14 months agoike-mobike: Always use this task for DPDs even if not behind a NAT
Tobias Brunner [Tue, 22 May 2018 16:04:00 +0000 (18:04 +0200)]
ike-mobike: Always use this task for DPDs even if not behind a NAT

This allows switching to probing mode if the client is on a public IP
and this is the active task and connectivity gets restored.  We only add
NAT-D payloads if we are currently behind a NAT (to detect changed NAT
mappings), a MOBIKE update that might follow will add them in case we
move behind a NAT.

14 months agounit-tests: Add mock implementation of kernel_net_t
Tobias Brunner [Wed, 23 May 2018 08:13:56 +0000 (10:13 +0200)]
unit-tests: Add mock implementation of kernel_net_t

This is required for DPDs via ike-mobike task to work (it does a source
address lookup).

14 months agovici: Fixed crash when parsing cert_policy parameter
Andreas Steffen [Fri, 22 Jun 2018 06:52:09 +0000 (08:52 +0200)]
vici: Fixed crash when parsing cert_policy parameter

14 months agolibimcv: Prevent integer overflow in time conversion
Andreas Steffen [Mon, 18 Jun 2018 09:04:53 +0000 (11:04 +0200)]
libimcv: Prevent integer overflow in time conversion

14 months agoVersion bumpt to 5.7.0dr3 5.7.0dr3
Andreas Steffen [Thu, 14 Jun 2018 15:07:59 +0000 (17:07 +0200)]
Version bumpt to 5.7.0dr3

14 months agolibtpmtss: Query maximum TPM data transmission size
Andreas Steffen [Thu, 14 Jun 2018 13:46:35 +0000 (15:46 +0200)]
libtpmtss: Query maximum TPM data transmission size

14 months agotesting: Print command output if test fails
Tobias Brunner [Fri, 1 Jun 2018 13:26:45 +0000 (15:26 +0200)]
testing: Print command output if test fails

This is quite helpful to debug why a pattern didn't match.

As it could produce quite a lot of output if something is not found in a
log file, the complete output is only printed in verbose mode, otherwise,
`head` is used to print the first 10 lines of output.

We only get stdout from SSH, so the stderr redirection is only really
for errors ssh itself produces.

14 months agotesting: Fixed evaltest of tnc/tnccs-20-pdp-pt-tls scenario 5.7.0dr2
Andreas Steffen [Wed, 13 Jun 2018 15:57:10 +0000 (17:57 +0200)]
testing: Fixed evaltest of tnc/tnccs-20-pdp-pt-tls scenario

14 months agoVersion bump to 5.7.0dr2
Andreas Steffen [Wed, 13 Jun 2018 15:07:58 +0000 (17:07 +0200)]
Version bump to 5.7.0dr2

14 months agotesting: Renewed ECDSA certificates
Andreas Steffen [Wed, 13 Jun 2018 15:07:25 +0000 (17:07 +0200)]
testing: Renewed ECDSA certificates

14 months agoMerge branch 'swima-reserved'
Andreas Steffen [Tue, 12 Jun 2018 19:49:54 +0000 (21:49 +0200)]
Merge branch 'swima-reserved'

14 months agolibimcv: Implementation of RFC 8412 SWIMA
Andreas Steffen [Tue, 12 Jun 2018 16:09:12 +0000 (18:09 +0200)]
libimcv: Implementation of RFC 8412 SWIMA

14 months agolibimcv: Added reserved field in SWIMA Inventory encoding
Andreas Steffen [Mon, 21 May 2018 08:55:08 +0000 (10:55 +0200)]
libimcv: Added reserved field in SWIMA Inventory encoding

14 months agofuzz: Added PB-TNC fuzzer
Andreas Steffen [Fri, 9 Mar 2018 13:40:00 +0000 (14:40 +0100)]
fuzz: Added PB-TNC fuzzer

14 months agolibimcv: Fixed processing of PTS Request File Metadata
Andreas Steffen [Sat, 3 Mar 2018 20:06:42 +0000 (21:06 +0100)]
libimcv: Fixed processing of PTS Request File Metadata

14 months agolibimcv: Removed whitespace
Andreas Steffen [Sat, 3 Mar 2018 19:56:47 +0000 (20:56 +0100)]
libimcv: Removed whitespace

14 months agolibimcv: Fixed processing of PTS Simple Component Evidence
Andreas Steffen [Sat, 3 Mar 2018 18:30:55 +0000 (19:30 +0100)]
libimcv: Fixed processing of PTS Simple Component Evidence

14 months agobio_reader: Fix read_uint24
Andreas Steffen [Fri, 2 Mar 2018 13:45:28 +0000 (14:45 +0100)]
bio_reader: Fix read_uint24

14 months agofuzz: Added PA-TNC fuzzer
Andreas Steffen [Fri, 2 Mar 2018 12:35:30 +0000 (13:35 +0100)]
fuzz: Added PA-TNC fuzzer

14 months agotesting: Removed TCG SWID IMC/IMV scenarios
Andreas Steffen [Mon, 5 Mar 2018 10:31:27 +0000 (11:31 +0100)]
testing: Removed TCG SWID IMC/IMV scenarios

14 months agolibimcv: Removed TCG SWID IMC/IMV support
Andreas Steffen [Thu, 1 Mar 2018 16:33:49 +0000 (17:33 +0100)]
libimcv: Removed TCG SWID IMC/IMV support

14 months agolibimcv: SWIMA SW locator must be file URI
Andreas Steffen [Mon, 5 Mar 2018 19:56:25 +0000 (20:56 +0100)]
libimcv: SWIMA SW locator must be file URI

14 months agolibimcv: Updated IANA numbers assigned to SWIMA
Andreas Steffen [Wed, 28 Feb 2018 18:23:59 +0000 (19:23 +0100)]
libimcv: Updated IANA numbers assigned to SWIMA

14 months agoAllow charon to change group on files before dropping caps
Micah Morton [Fri, 8 Jun 2018 18:55:30 +0000 (11:55 -0700)]
Allow charon to change group on files before dropping caps

Allow charon to start as a non-root user without CAP_CHOWN and still be
able to change the group on files that need to be accessed by charon
after capabilities have been dropped. This requires the user charon starts
as to have access to socket/pidfile directory as well as belong to the
group that charon will run as after dropping capabilities.

Closes strongswan/strongswan#105.

14 months agostarter: Reset action before handling it
Markus Sattler [Tue, 5 Jun 2018 06:20:52 +0000 (08:20 +0200)]
starter: Reset action before handling it

Stater will lose update/reload commands when there is a second signal
coming in when the previous is still processed. This can happen more
easily with big configurations.

Closes strongswan/strongswan#101.

14 months agoVersion bump to 5.7.0dr1 5.7.0dr1
Andreas Steffen [Wed, 30 May 2018 21:02:27 +0000 (23:02 +0200)]
Version bump to 5.7.0dr1

14 months agolibstrongswan: xmppaddr prefix designates an xmppAddr otherName ID type
Andreas Steffen [Wed, 30 May 2018 13:41:01 +0000 (15:41 +0200)]
libstrongswan: xmppaddr prefix designates an xmppAddr otherName ID type

14 months agoVersion bump to 5.6.3 5.6.3
Andreas Steffen [Mon, 28 May 2018 13:38:58 +0000 (15:38 +0200)]
Version bump to 5.6.3

14 months agoNEWS: Add info about CVE-2018-10811
Tobias Brunner [Thu, 24 May 2018 13:52:06 +0000 (15:52 +0200)]
NEWS: Add info about CVE-2018-10811

14 months agoikev2: Initialize variable in case set_key() or allocate_bytes() fails
Tobias Brunner [Mon, 19 Mar 2018 16:03:05 +0000 (17:03 +0100)]
ikev2: Initialize variable in case set_key() or allocate_bytes() fails

In case the PRF's set_key() or allocate_bytes() method failed, skeyseed
was not initialized and the chunk_clear() call later caused a crash.

This could have happened with OpenSSL in FIPS mode when MD5 was
negotiated (and test vectors were not checked, in which case the PRF
couldn't be instantiated as the test vectors would have failed).
MD5 is not included in the default proposal anymore since 5.6.1, so
with recent versions this could only happen with configs that are not
valid in FIPS mode anyway.

Fixes: CVE-2018-10811

14 months agoNEWS: Some minor updates
Tobias Brunner [Thu, 24 May 2018 10:03:45 +0000 (12:03 +0200)]
NEWS: Some minor updates

14 months agoswanctl: Document new HW offload options/behavior
Tobias Brunner [Thu, 24 May 2018 08:49:19 +0000 (10:49 +0200)]
swanctl: Document new HW offload options/behavior

15 months agoVersion bump to 5.6.3rc1 5.6.3rc1
Andreas Steffen [Wed, 23 May 2018 20:36:39 +0000 (22:36 +0200)]
Version bump to 5.6.3rc1

15 months agoNEWS: Added some news for 5.6.3
Tobias Brunner [Wed, 23 May 2018 18:25:18 +0000 (20:25 +0200)]
NEWS: Added some news for 5.6.3

15 months agosw-collector: Proper cleanup if DB query fails in check operation
Tobias Brunner [Wed, 23 May 2018 17:08:45 +0000 (19:08 +0200)]
sw-collector: Proper cleanup if DB query fails in check operation

15 months agokernel-netlink: Use strncpy to copy interface name when configuring HW offload
Tobias Brunner [Wed, 23 May 2018 17:06:02 +0000 (19:06 +0200)]
kernel-netlink: Use strncpy to copy interface name when configuring HW offload

15 months agoFixed some typos, courtesy of codespell
Tobias Brunner [Wed, 23 May 2018 14:06:45 +0000 (16:06 +0200)]
Fixed some typos, courtesy of codespell

15 months agoUnify format of HSR copyright statements
Tobias Brunner [Wed, 23 May 2018 14:04:50 +0000 (16:04 +0200)]
Unify format of HSR copyright statements

15 months agosettings: Parse assigned values in a different context
Tobias Brunner [Mon, 7 May 2018 16:24:48 +0000 (18:24 +0200)]
settings: Parse assigned values in a different context

This allows us to accept characters like = or { without having to use
quoted strings.  And we can also properly warn about unexpected quoted
strings.

15 months agosettings: Support CRLF in settings parser
Tobias Brunner [Mon, 13 Jul 2015 09:58:21 +0000 (11:58 +0200)]
settings: Support CRLF in settings parser

15 months agoVersion bump to 5.6.3dr2 5.6.3dr2
Andreas Steffen [Tue, 22 May 2018 19:58:32 +0000 (21:58 +0200)]
Version bump to 5.6.3dr2

15 months agoman: Remove keylife/rekeymargin from ipsec.conf man page
Tobias Brunner [Tue, 22 May 2018 12:18:17 +0000 (14:18 +0200)]
man: Remove keylife/rekeymargin from ipsec.conf man page

We continue to parse them but remove the documentation because mixing the two
sets of keywords in the same config might result in unexpected behavior.

References #2663.

15 months agoMerge branch 'ikesa-force-destroy'
Tobias Brunner [Tue, 22 May 2018 08:13:59 +0000 (10:13 +0200)]
Merge branch 'ikesa-force-destroy'

Adds new options to force the local destruction of an IKE_SA (after
trying to send a DELETE first).  This might be useful in situations where
it's known the other end is not reachable or already deleted the IKE_SA so
there is no point in retransmitting the DELETE and waiting for a response.

15 months agoswanctl: Add option to force IKE_SA termination
Tobias Brunner [Fri, 27 Apr 2018 16:11:42 +0000 (18:11 +0200)]
swanctl: Add option to force IKE_SA termination

15 months agovici: Optionally terminate IKE_SA immediately
Tobias Brunner [Fri, 27 Apr 2018 16:09:25 +0000 (18:09 +0200)]
vici: Optionally terminate IKE_SA immediately

15 months agocontroller: Add option to force destruction of an IKE_SA
Tobias Brunner [Fri, 27 Apr 2018 16:01:54 +0000 (18:01 +0200)]
controller: Add option to force destruction of an IKE_SA

It's optionally possible to wait for a timeout to destroy the SA.

15 months agoike-sa: Add option to force the destruction of an IKE_SA after initiating a delete
Tobias Brunner [Fri, 27 Apr 2018 15:27:53 +0000 (17:27 +0200)]
ike-sa: Add option to force the destruction of an IKE_SA after initiating a delete

15 months agoproposal: Add a compat alg for ChaCha20Poly1305 with explicit key length
Martin Willi [Tue, 8 May 2018 13:06:33 +0000 (15:06 +0200)]
proposal: Add a compat alg for ChaCha20Poly1305 with explicit key length

The keylength fix for ChaCha20Poly1305 (5a7b0be2) removes the keylength
attribute from the AEAD transform. This breaks compatibility between
versions with the patch and those without. The ChaCha20Poly1305 AEAD
won't match in proposals between such versions, and if no other algorithm
is available, negotiating SAs fails.

As a migration strategy, this patch introduces a new string identifier for a
ChaCha20Poly1305 proposal keyword which uses the explicit keylength, exactly
as it was used before the mentioned patch. Administrators that care about
the use of that AEAD with old clients can temporarily add this keyword to
the list of proposals, until all clients have been upgraded.

The used approach is the least invasive, as it just adds an additional
keyword that can't do any harm if not explicitly configured. Nontheless
allows it the administrator to smoothly keep ChaCha20Poly1305 working,
even if upgrading all peers simultaneously is not an option. It requires
manual configuration edits, though, but we assume that ChaCha20Poly1305
is not that widely used, and not as the only transform in proposals.

Removing the compat keyword in a future version is an option; it might
be helpful for other implementations, though, that falsely use an
explicit key length in ChaCha20Poly1305 AEAD transforms.

15 months agokernel-netlink: Change how routes are un-/installed
Tobias Brunner [Thu, 19 Apr 2018 16:15:24 +0000 (18:15 +0200)]
kernel-netlink: Change how routes are un-/installed

We now check if there are other routes tracked for the same destination
and replace the installed route instead of just removing it.  Same during
installation, where we previously didn't replace existing routes due to
NLM_F_EXCL.  Routes with virtual IPs as source address are preferred over
routes without.

This should allow using trap policies with virtual IPs on Linux.

Fixes #85, #2162.

15 months agoMerge branch 'cert-chain-fixes'
Tobias Brunner [Tue, 22 May 2018 07:52:08 +0000 (09:52 +0200)]
Merge branch 'cert-chain-fixes'

This fixes several issues that came up via BSI's Certification Path
Validation Test Tool (CPT):

 1) In compliance with RFC 4945, section 5.1.3.2, we now enforce that a
    certificate used for IKE authentication either does not contain a keyUsage
    extension (like the ones produced by pki --issue) or that they include
    digitalSignature or nonRepudiation.

 2) CRLs that are not yet valid are now rejected as that could be a
    problem in scenarios where expired certificates are removed from CRLs and
    the clock on the host doing the revocation check is trailing behind that
    of the host issuing CRLs.

 3) Results other than revocation (e.g. a skipped check because the CRL
    couldn't be fetched) are now stored also for intermediate CA certificates
    and not only for end-entity certificates, so a strict CRL policy can be
    enforced in such cases.

15 months agotesting: Add ikev2/multi-level-ca-skipped scenario
Tobias Brunner [Thu, 3 May 2018 09:26:34 +0000 (11:26 +0200)]
testing: Add ikev2/multi-level-ca-skipped scenario

15 months agorevocation: Fix memory leak if fetching CRL/OCSP fails
Tobias Brunner [Thu, 3 May 2018 09:38:07 +0000 (11:38 +0200)]
revocation: Fix memory leak if fetching CRL/OCSP fails

We might get a 404 error page back.

15 months agorevocation: Set defaults if CRL/OCSP checking is disabled in config
Tobias Brunner [Thu, 3 May 2018 09:19:18 +0000 (11:19 +0200)]
revocation: Set defaults if CRL/OCSP checking is disabled in config

15 months agorevocation: Also store validation results for intermediate CA certificates
Tobias Brunner [Thu, 3 May 2018 09:07:59 +0000 (11:07 +0200)]
revocation: Also store validation results for intermediate CA certificates

If the certificate is revoked, we immediately returned and the chain was
invalid, however, if we couldn't fetch the CRL that result was not stored
for intermediate CAs and we weren't able to enforce a strict CRL policy
later.

15 months agorevocation: Ignore CRLs that are not yet valid
Tobias Brunner [Wed, 25 Apr 2018 09:38:38 +0000 (11:38 +0200)]
revocation: Ignore CRLs that are not yet valid

Using such CRLs can be a problem if the clock on the host doing the
revocation check is trailing behind that of the host issuing CRLs in
scenarios where expired certificates are removed from CRLs.  As revoked
certificates that expired will then not be part of new CRLs a host with
trailing clock might still accept such a certificate if it is still
valid according to its system clock but is not contained anymore in the
not yet valid CRL.

15 months agoopenssl: Fail CRL validity check if thisUpdate is in the future
Tobias Brunner [Wed, 25 Apr 2018 09:38:22 +0000 (11:38 +0200)]
openssl: Fail CRL validity check if thisUpdate is in the future

15 months agox509: Fail CRL validity check if thisUpdate is in the future
Tobias Brunner [Wed, 25 Apr 2018 09:37:43 +0000 (11:37 +0200)]
x509: Fail CRL validity check if thisUpdate is in the future

15 months agoike: Reject certificates that are not compliant with RFC 4945
Tobias Brunner [Wed, 25 Apr 2018 09:10:48 +0000 (11:10 +0200)]
ike: Reject certificates that are not compliant with RFC 4945

15 months agoopenssl: Set IKE compliance flag depending on keyUsage
Tobias Brunner [Wed, 25 Apr 2018 08:51:51 +0000 (10:51 +0200)]
openssl: Set IKE compliance flag depending on keyUsage

15 months agox509: Set IKE compliance flag depending on keyUsage
Tobias Brunner [Wed, 25 Apr 2018 08:50:03 +0000 (10:50 +0200)]
x509: Set IKE compliance flag depending on keyUsage

15 months agox509: Add flag that marks compliance with RFC 4945
Tobias Brunner [Wed, 25 Apr 2018 08:48:21 +0000 (10:48 +0200)]
x509: Add flag that marks compliance with RFC 4945

According to RFC 4945, section 5.1.3.2, a certificate for IKE must
either not contain the keyUsage extension, or, if it does, have at least
one of the digitalSignature or nonReputiation bits set.

15 months agoMerge branch 'dhcp-fixes'
Tobias Brunner [Tue, 22 May 2018 07:44:51 +0000 (09:44 +0200)]
Merge branch 'dhcp-fixes'

Fixes some issues in the dhcp plugin like avoiding ICMP port unreachables
when setting a specific server address, or increasing the maximum size for
options e.g. for DNs in the client identifier option. The latter is also
only sent now if identity_lease is enabled (for most DHCP servers it
serves the same function as a unique MAC address does).

15 months agodhcp: Only send client identifier if identity_lease is enabled
Tobias Brunner [Wed, 11 Apr 2018 08:51:01 +0000 (10:51 +0200)]
dhcp: Only send client identifier if identity_lease is enabled

The client identifier serves as unique identifier just like a unique MAC
address would, so even with identity_leases disabled some DHCP servers
might assign unique leases per identity.

15 months agodhcp: Increase maximum size of client identification option
Tobias Brunner [Tue, 10 Apr 2018 16:45:16 +0000 (18:45 +0200)]
dhcp: Increase maximum size of client identification option

This increases the chances that subject DNs that might have been cut
off with the arbitrary previous limit of 64 bytes might now be sent
successfully.

The REQUEST message has the most static overhead in terms of other
options (17 bytes) as compared to DISCOVER (5) and RELEASE (7).
Added to that are 3 bytes for the DHCP message type, which means we have
288 bytes left for the two options based on the client identity (host
name and client identification).  Since both contain the same value, a
FQDN identity, which causes a host name option to get added, may be
142 bytes long, other identities like subject DNs may be 255 bytes
long (the maximum for a DHCP option).

15 months agodhcp: Increase buffer size for options in DHCP messages
Tobias Brunner [Tue, 10 Apr 2018 16:19:35 +0000 (18:19 +0200)]
dhcp: Increase buffer size for options in DHCP messages

According to RFC 2131, the minimum size of the 'options' field is 312
bytes, including the 4 byte magic cookie.  There also does not seem to
be any restriction regarding the message length, previously the length
was rounded to a multiple of 64 bytes.  The latter might have been
because in BOOTP the options field (or rather vendor-specific area as it
was called back then) had a fixed length of 64 bytes (so max(optlen+4, 64)
might actually have been what was intended), but for DHCP the field is
explicitly variable length, so I don't think it's necessary to pad it.

15 months agodhcp: Reduce receive buffer size on send socket
Tobias Brunner [Tue, 10 Apr 2018 16:14:32 +0000 (18:14 +0200)]
dhcp: Reduce receive buffer size on send socket

Since we won't read from the socket reducing the receive buffer saves
some memory and it should also minimize the impact on other processes that
bind the same port (Linux distributes packets to the sockets round-robin).

15 months agodhcp: Bind server port when a specific server address is specified
Tobias Brunner [Tue, 10 Apr 2018 15:04:10 +0000 (17:04 +0200)]
dhcp: Bind server port when a specific server address is specified

DHCP servers will respond to port 67 if giaddr is non-zero, which we set
if we are not broadcasting.  While such messages are received fine via
RAW socket the kernel will respond with an ICMP port unreachable if no
socket is bound to that port.  Instead of opening a dummy socket on port
67 just to avoid the ICMPs we can also just operate with a single
socket, bind it to port 67 and send our requests from that port.

Since SO_REUSEADDR behaves on Linux like SO_REUSEPORT does on other
systems we can bind that port even if a DHCP server is running on the
same host as the daemon (this might have to be adapted to make this work
on other systems, but due to the raw socket the plugin is not that portable
anyway).

15 months agodhcp: Fix destination port check in packet filter
Tobias Brunner [Fri, 16 Mar 2018 08:59:25 +0000 (09:59 +0100)]
dhcp: Fix destination port check in packet filter

The previous code compared the port in the packet to the client port and, if
successful, checked it also against the server port, which, therefore, never
matched, but due to incorrect offsets did skip the BPF_JA.  If the client port
didn't match the code also skipped to the instruction after the BPF_JA.
However, the latter was incorrect also and processing would have continued at
the next instruction anyway.  Basically, DHCP packets to any port were accepted.

What's not fixed with this is that the kernel returns an ICMP Port
unreachable for packets sent to the server port (67) because we don't
have a socket bound to it.

Fixes: f0212e8837b5 ("Accept DHCP replies on bootps port, as we act as a relay agent if server address configured")

15 months agodhcp: Fix typos in comments
Matt Selsky [Thu, 12 Apr 2018 04:17:49 +0000 (00:17 -0400)]
dhcp: Fix typos in comments

15 months agoeap-aka-3gpp: Add test vectors from 3GPP TS 35.207 14.0.0
Tobias Brunner [Mon, 23 Apr 2018 16:46:30 +0000 (18:46 +0200)]
eap-aka-3gpp: Add test vectors from 3GPP TS 35.207 14.0.0