Android.common.mk

@@ -26,5 +26,5 @@ add_plugin_subdirs = $(if $(call plugin_enabled,$(1)), \
               )
 
 # strongSwan version, replaced by top Makefile
-strongswan_VERSION := "5.8.1"
+strongswan_VERSION := "5.8.2"
 

NEWS

+strongswan-5.8.2
+----------------
+
+- Identity-based CA constraints are supported via vici/swanctl.conf. They
+  enforce that the remote's certificate chain contains a CA certificate with a
+  specific identity. While similar to the existing CA constraints, they don't
+  require that the CA certificate is locally installed such as intermediate CA
+  certificates received from peers. Compared to wildcard identity matching (e.g.
+  "..., OU=Research, CN=*") this requires less trust in the intermediate CAs (to
+  only issue certificates with legitimate subject DNs) as long as path length
+  basic constraints prevent them from issuing further intermediate CAs.
+
+- Intermediate CA certificates may now be sent in hash-and-URL encoding by
+  configuring a base URL for the parent CA.
+
+- Implemented NIST SP-800-90A Deterministic Random Bit Generator (DRBG)
+  based on AES-CTR and SHA2-HMAC modes. Currently used by gmp and ntru plugins.
+
+- Random nonces sent in an OCSP requests are now expected in the corresponding
+  OCSP responses.
+
+- The kernel-netlink plugin ignores deprecated IPv6 addresses for MOBIKE.
+  Whether temporary or permanent IPv6 addresses are included depends on the
+  charon.prefer_temporary_addrs setting.
+
+- Extended Sequence Numbers (ESN) are configured via PF_KEY if supported by the
+  kernel.
+
+- Unique section names are used for CHILD_SAs in vici child-updown events and
+  more information (e.g. statistics) are included for individually deleted
+  CHILD_SAs (in particular for IKEv1).
+
+- So fallbacks to other plugins work properly, creating HMACs via openssl plugin
+  now fails instantly if the underlying hash algorithm isn't supported (e.g.
+  MD5 in FIPS-mode).
+
+- Exponents of RSA keys read from TPM 2.0 via SAPI are now correctly converted.
+
+- Routing table IDs > 255 are supported for custom routes on Linux.
+
+- The D-Bus config file for charon-nm is now installed in
+  $(datadir)/dbus-1/system.d instead of $(sysconfdir)/dbus-1/system.d.
+
+- INVALID_MAJOR_VERSION notifies are now correctly sent in messages of the same
+  exchange type and using the same message ID as the request.
+
+- IKEv2 SAs are immediately destroyed when sending or receiving INVALID_SYNTAX
+  notifies in authenticated messages.
+
+
 strongswan-5.8.1
 ----------------
 

conf/Makefile.am

@@ -39,6 +39,7 @@ plugins = \
 	plugins/curl.opt \
 	plugins/dhcp.opt \
 	plugins/dnscert.opt \
+	plugins/drbg.opt \
 	plugins/duplicheck.opt \
 	plugins/eap-aka.opt \
 	plugins/eap-aka-3gpp.opt \

conf/Makefile.in

@@ -448,6 +448,7 @@ plugins = \
 	plugins/curl.opt \
 	plugins/dhcp.opt \
 	plugins/dnscert.opt \
+	plugins/drbg.opt \
 	plugins/duplicheck.opt \
 	plugins/eap-aka.opt \
 	plugins/eap-aka-3gpp.opt \

conf/format-options.py

 #!/usr/bin/env python
 #
-# Copyright (C) 2014-2017 Tobias Brunner
+# Copyright (C) 2014-2019 Tobias Brunner
 # HSR Hochschule fuer Technik Rapperswil
 #
 # This program is free software; you can redistribute it and/or modify it
@@ -67,7 +67,7 @@ charon.filelog./var/log/daemon\.log {}
 import sys
 import re
 from textwrap import TextWrapper
-from optparse import OptionParser
+from argparse import ArgumentParser
 from functools import cmp_to_key
 
 class ConfigOption:
@@ -344,21 +344,22 @@ class ManFormatter:
 			else:
 				self.__format_option(option)
 
-options = OptionParser(usage = "Usage: %prog [options] file1 file2\n\n"
-					   "If no filenames are provided the input is read from stdin.")
-options.add_option("-f", "--format", dest="format", type="choice", choices=["conf", "man"],
-				   help="output format: conf, man [default: %default]", default="conf")
-options.add_option("-r", "--root", dest="root", metavar="NAME",
-				   help="root section of which options are printed, "
-				   "if not found everything is printed")
-options.add_option("-n", "--nosort", action="store_false", dest="sort",
-				   default=True, help="do not sort sections alphabetically")
+args = ArgumentParser()
+args.add_argument('file', nargs='*',
+				  help="files to process, omit to read input from stdin")
+args.add_argument("-f", "--format", dest="format", choices=["conf", "man"],
+				  help="output format (default: %(default)s)", default="conf")
+args.add_argument("-r", "--root", dest="root", metavar="NAME",
+				  help="root section of which options are printed; everything"
+				  "is printed if not found")
+args.add_argument("-n", "--nosort", action="store_false", dest="sort",
+				  default=True, help="do not sort sections alphabetically")
 
-(opts, args) = options.parse_args()
+opts = args.parse_args()
 
 parser = Parser(opts.sort)
-if len(args):
-	for filename in args:
+if len(opts.file):
+	for filename in opts.file:
 		try:
 			with open(filename, 'r') as file:
 				parser.parse(file)

conf/options/charon.conf

@@ -176,9 +176,8 @@ charon {
     # INVALID_KE_PAYLOAD notifies).
     # prefer_configured_proposals = yes
 
-    # By default public IPv6 addresses are preferred over temporary ones (RFC
-    # 4941), to make connections more stable. Enable this option to reverse
-    # this.
+    # Controls whether permanent or temporary IPv6 addresses are used as source,
+    # or announced as additional addresses if MOBIKE is used.
     # prefer_temporary_addrs = no
 
     # Process RTM_NEWROUTE and RTM_DELROUTE events.

conf/options/charon.opt

@@ -286,8 +286,16 @@ charon.prefer_configured_proposals = yes
 	notifies).
 
 charon.prefer_temporary_addrs = no
-	By default public IPv6 addresses are preferred over temporary ones (RFC
-	4941), to make connections more stable. Enable this option to reverse this.
+	Controls whether permanent or temporary IPv6 addresses are used as source,
+	or announced as additional addresses if MOBIKE is used.
+
+	By default, permanent IPv6 source addresses are preferred over temporary
+	ones (RFC 4941), to make connections more stable. Enable this option to
+	reverse this.
+
+	It also affects which IPv6 addresses are announced as additional addresses
+	if MOBIKE is used.  If the option is disabled, only permanent addresses are
+	sent, and only temporary ones if it is enabled.
 
 charon.process_route = yes
 	Process RTM_NEWROUTE and RTM_DELROUTE events.
@@ -310,7 +318,7 @@ charon.rdn_matching = strict
 	the configured identity (missing RDNs are treated like a wildcard match).
 
 	Note that _reordered_ and _relaxed_ impose a considerable overhead on memory
-	usage and runtime, in particular, for mismatches, compared to _static_.
+	usage and runtime, in particular, for mismatches, compared to _strict_.
 
 charon.receive_delay = 0
 	Delay in ms for receiving packets, to simulate larger RTT.

conf/plugins/drbg.conf

+drbg {
+
+    # Whether to load the plugin. Can also be an integer to increase the
+    # priority of this plugin.
+    load = yes
+
+    # Number of pseudo-random bit requests from the DRBG before an automatic
+    # reseeding occurs.
+    # max_drbg_requests = 4294967294
+
+}
+

conf/plugins/drbg.opt

+charon.plugins.drbg.max_drbg_requests = 4294967294
+	Number of pseudo-random bit requests from the DRBG before an automatic
+	reseeding occurs.

conf/plugins/kernel-netlink.conf

@@ -10,6 +10,9 @@ kernel-netlink {
     # routing table.
     # fwmark =
 
+    # Interface to be used to find hardware offload feature flag on.
+    # hw_offload_feature_interface = lo
+
     # Whether to ignore errors potentially resulting from a retransmission.
     # ignore_retransmit_errors = no
 

conf/plugins/kernel-netlink.opt

@@ -18,6 +18,16 @@ charon.plugins.kernel-netlink.fwmark =
 	inverts the meaning (i.e. the rule only applies to packets that don't match
 	the mark).
 
+charon.plugins.kernel-netlink.hw_offload_feature_interface = lo
+	Interface to be used to find hardware offload feature flag on.
+
+	If the kernel supports hardware offloading, the plugin needs to find the
+	feature flag which represents hardware offloading support for network
+	devices. Using the loopback device for this purpose is usually fine, since
+	it should always be present. For rare cases in which the loopback device
+	cannot be used to obtain the appropriate feature flag, this option can
+	be used to specify an alternative interface for offload feature detection.
+
 charon.plugins.kernel-netlink.mss = 0
 	MSS to set on installed routes, 0 to disable.
 

conf/plugins/ntru.conf

@@ -4,10 +4,6 @@ ntru {
     # priority of this plugin.
     load = yes
 
-    # Number of pseudo-random bit requests from the DRBG before an automatic
-    # reseeding occurs.
-    # max_drbg_requests = 4294967294
-
     # The following parameter sets are available: x9_98_speed, x9_98_bandwidth,
     # x9_98_balance and optimum, the last set not being part of the X9.98
     # standard but having the best performance.

conf/plugins/ntru.opt

-charon.plugins.ntru.max_drbg_requests = 4294967294
-	Number of pseudo-random bit requests from the DRBG before an automatic
-	reseeding occurs.
-
 charon.plugins.ntru.parameter_set = optimum
 	The following parameter sets are available: **x9_98_speed**,
 	**x9_98_bandwidth**, **x9_98_balance** and **optimum**, the last set not

conf/strongswan.conf.5.main

@@ -579,6 +579,11 @@ since the server port is already bound, ICMPs should not be an issue).
 .BR charon.plugins.dnscert.enable " [no]"
 Enable fetching of CERT RRs via DNS.
 
+.TP
+.BR charon.plugins.drbg.max_drbg_requests " [4294967294]"
+Number of pseudo\-random bit requests from the DRBG before an automatic reseeding
+occurs.
+
 .TP
 .BR charon.plugins.duplicheck.enable " [yes]"
 Enable duplicheck plugin (if loaded).
@@ -1015,6 +1020,15 @@ Firewall mark to set on the routing rule that directs traffic to our routing
 table. The format is [!]mark[/mask], where the optional exclamation mark inverts
 the meaning (i.e. the rule only applies to packets that don't match the mark).
 
+.TP
+.BR charon.plugins.kernel-netlink.hw_offload_feature_interface " [lo]"
+If the kernel supports hardware offloading, the plugin needs to find the feature
+flag which represents hardware offloading support for network devices. Using the
+loopback device for this purpose is usually fine, since it should always be
+present. For rare cases in which the loopback device cannot be used to obtain
+the appropriate feature flag, this option can be used to specify an alternative
+interface for offload feature detection.
+
 .TP
 .BR charon.plugins.kernel-netlink.ignore_retransmit_errors " [no]"
 Whether to ignore errors potentially resulting from a retransmission.
@@ -1336,11 +1350,6 @@ responder).
 .BR charon.plugins.lookip.socket " [unix://${piddir}/charon.lkp]"
 Socket provided by the lookip plugin.
 
-.TP
-.BR charon.plugins.ntru.max_drbg_requests " [4294967294]"
-Number of pseudo\-random bit requests from the DRBG before an automatic reseeding
-occurs.
-
 .TP
 .BR charon.plugins.ntru.parameter_set " [optimum]"
 The following parameter sets are available:
@@ -1805,8 +1814,12 @@ notifies).
 
 .TP
 .BR charon.prefer_temporary_addrs " [no]"
-By default public IPv6 addresses are preferred over temporary ones (RFC 4941),
-to make connections more stable. Enable this option to reverse this.
+By default, permanent IPv6 source addresses are preferred over temporary ones
+(RFC 4941), to make connections more stable. Enable this option to reverse this.
+
+It also affects which IPv6 addresses are announced as additional addresses if
+MOBIKE is used.  If the option is disabled, only permanent addresses are sent,
+and only temporary ones if it is enabled.
 
 .TP
 .BR charon.process_route " [yes]"
@@ -1848,7 +1861,7 @@ and
 .RI "" "relaxed" ""
 impose a considerable overhead on memory
 usage and runtime, in particular, for mismatches, compared to
-.RI "" "static" "."
+.RI "" "strict" "."
 
 
 .TP

configure.ac

 #
 # Copyright (C) 2007-2017 Tobias Brunner
-# Copyright (C) 2006-2017 Andreas Steffen
+# Copyright (C) 2006-2019 Andreas Steffen
 # Copyright (C) 2006-2014 Martin Willi
 # HSR Hochschule fuer Technik Rapperswil
 #
@@ -19,7 +19,7 @@
 #  initialize & set some vars
 # ============================
 
-AC_INIT([strongSwan],[5.8.1])
+AC_INIT([strongSwan],[5.8.2])
 AM_INIT_AUTOMAKE(m4_esyscmd([
 	echo tar-ustar
 	echo subdir-objects
@@ -132,6 +132,7 @@ ARG_ENABL_SET([chapoly],        [enables the ChaCha20/Poly1305 AEAD plugin.])
 ARG_DISBL_SET([cmac],           [disable CMAC crypto implementation plugin.])
 ARG_ENABL_SET([ctr],            [enables the Counter Mode wrapper crypto plugin.])
 ARG_DISBL_SET([des],            [disable DES/3DES software implementation plugin.])
+ARG_DISBL_SET([drbg],           [disable the NIST Deterministic Random Bit Generator plugin.])
 ARG_DISBL_SET([fips-prf],       [disable FIPS PRF software implementation plugin.])
 ARG_ENABL_SET([gcm],            [enables the GCM AEAD wrapper crypto plugin.])
 ARG_ENABL_SET([gcrypt],         [enables the libgcrypt plugin.])
@@ -373,33 +374,35 @@ AC_PROG_LEX
 AC_PROG_YACC
 AM_PATH_PYTHON(,,[:])
 AC_PATH_PROG([PERL], [perl], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
+AC_ARG_VAR([PERL], [the Perl interpreter])
 AC_PATH_PROG([GPERF], [gperf], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
+AC_ARG_VAR([GPERF], [the GNU gperf program])
 
-# because gperf is not needed by end-users we just report it but do not abort on failure
-AC_MSG_CHECKING([gperf version >= 3.0.0])
+# because gperf is not needed by end-users we only abort if generated files don't exist
+AC_MSG_CHECKING([gperf len type])
 if test -x "$GPERF"; then
-	if test "`$GPERF --version | $AWK -F' ' '/^GNU gperf/ { print $3 }' | $AWK -F. '{ print $1 }'`" -ge "3"; then
-		GPERF_OUTPUT="`echo foo | ${GPERF}`"
-		AC_COMPILE_IFELSE(
+	GPERF_OUTPUT="`echo foo | ${GPERF}`"
+	AC_COMPILE_IFELSE(
+		[AC_LANG_PROGRAM(
+			[[#include <string.h>
+			  const char *in_word_set(const char*, size_t); $GPERF_OUTPUT]])],
+		[GPERF_LEN_TYPE=size_t],
+		[AC_COMPILE_IFELSE(
 			[AC_LANG_PROGRAM(
 				[[#include <string.h>
-				  const char *in_word_set(const char*, size_t); $GPERF_OUTPUT]])],
-			[GPERF_LEN_TYPE=size_t],
-			[AC_COMPILE_IFELSE(
-				[AC_LANG_PROGRAM(
-					[[#include <string.h>
-					  const char *in_word_set(const char*, unsigned); $GPERF_OUTPUT]])],
-				[GPERF_LEN_TYPE=unsigned],
-				[AC_MSG_ERROR([unable to determine gperf len type])]
-			)]
-		)
-		AC_SUBST(GPERF_LEN_TYPE)
-		AC_MSG_RESULT([yes])
-	else
-		AC_MSG_RESULT([no])
-	fi
+				  const char *in_word_set(const char*, unsigned); $GPERF_OUTPUT]])],
+			[GPERF_LEN_TYPE=unsigned],
+			[AC_MSG_ERROR([unable to determine gperf len type])]
+		)]
+	)
+	AC_SUBST(GPERF_LEN_TYPE)
+	AC_MSG_RESULT([$GPERF_LEN_TYPE])
 else
 	AC_MSG_RESULT([not found])
+	GPERF_TEST_FILE="$srcdir/src/libstrongswan/crypto/proposal/proposal_keywords_static.c"
+	if test ! -f "$GPERF_TEST_FILE"; then
+		AC_MSG_ERROR([GNU gperf required to generate e.g. $GPERF_TEST_FILE])
+	fi
 fi
 
 # ========================
@@ -1442,6 +1445,7 @@ ADD_PLUGIN([ctr],                  [s charon scripts nm cmd])
 ADD_PLUGIN([ccm],                  [s charon scripts nm cmd])
 ADD_PLUGIN([gcm],                  [s charon scripts nm cmd])
 ADD_PLUGIN([ntru],                 [s charon scripts nm cmd])
+ADD_PLUGIN([drbg],                 [s charon pki scripts nm cmd])
 ADD_PLUGIN([newhope],              [s charon scripts nm cmd])
 ADD_PLUGIN([bliss],                [s charon pki scripts nm cmd])
 ADD_PLUGIN([curl],                 [s charon scepclient pki scripts nm cmd])
@@ -1611,6 +1615,7 @@ AM_CONDITIONAL(USE_AF_ALG, test x$af_alg = xtrue)
 AM_CONDITIONAL(USE_NTRU, test x$ntru = xtrue)
 AM_CONDITIONAL(USE_NEWHOPE, test x$newhope = xtrue)
 AM_CONDITIONAL(USE_BLISS, test x$bliss = xtrue)
+AM_CONDITIONAL(USE_DRBG, test x$drbg = xtrue)
 
 #  charon plugins
 # ----------------
@@ -1887,6 +1892,7 @@ AC_CONFIG_FILES([
 	src/libstrongswan/plugins/ccm/Makefile
 	src/libstrongswan/plugins/gcm/Makefile
 	src/libstrongswan/plugins/af_alg/Makefile
+	src/libstrongswan/plugins/drbg/Makefile
 	src/libstrongswan/plugins/ntru/Makefile
 	src/libstrongswan/plugins/bliss/Makefile
 	src/libstrongswan/plugins/bliss/tests/Makefile

debian/changelog

+strongswan (5.8.2-1) unstable; urgency=medium
+
+  [ Jean-Michel Vourgère ]
+  * README.Debian: Fixed typo
+
+  [ Yves-Alexis Perez ]
+  * d/control: replace iptables-dev b-dep by libip{4,6}tc-dev (Closes: #946148)
+  * d/watch: use uscan special strings
+  * New upstream version 5.8.2
+  * d/control: update dh compat level to 12
+  * strongswan-nm: update path for dbus service file
+  * install DRBG plugin to libstrongswan
+  * d/control: add ${misc:Pre-Depends} to strongswan-starter
+
+ -- Yves-Alexis Perez <corsac@debian.org>  Wed, 01 Jan 2020 14:35:46 +0100
+
 strongswan (5.8.1-1) unstable; urgency=medium
 
   * d/rules: disable http and stream tests under CI

debian/control

@@ -8,7 +8,7 @@ Vcs-Browser: https://salsa.debian.org/debian/strongswan
 Vcs-Git: https://salsa.debian.org/debian/strongswan.git
 Build-Depends: bison,
                bzip2,
-               debhelper-compat (= 11),
+               debhelper-compat (= 12),
                dh-apparmor,
                dpkg-dev (>= 1.16.2),
                flex,
@@ -62,6 +62,7 @@ Description: strongSwan utility and crypto library
   - aes (AES-128/192/256 cipher software implementation)
   - constraints (X.509 certificate advanced constraint checking)
   - dnskey (Parse RFC 4034 public keys)
+  - drbg (NIST SP-800-90A Deterministic Random Bit Generator)
   - fips-prf (PRF specified by FIPS, used by EAP-SIM/AKA algorithms)
   - gmp (RSA/DH crypto backend based on libgmp)
   - hmac (HMAC wrapper using various hashers)
@@ -205,6 +206,7 @@ Description: strongSwan charon library (extra plugins)
 
 Package: strongswan-starter
 Architecture: any
+Pre-Depends: ${misc:Pre-Depends}
 Depends: adduser,
          libstrongswan (= ${binary:Version}),
          lsb-base (>= 3.0-6),

debian/libstrongswan.install

@@ -3,6 +3,7 @@ usr/lib/ipsec/libstrongswan.so*
 usr/lib/ipsec/plugins/libstrongswan-aes.so
 usr/lib/ipsec/plugins/libstrongswan-constraints.so
 usr/lib/ipsec/plugins/libstrongswan-dnskey.so
+usr/lib/ipsec/plugins/libstrongswan-drbg.so
 usr/lib/ipsec/plugins/libstrongswan-fips-prf.so
 usr/lib/ipsec/plugins/libstrongswan-gmp.so
 usr/lib/ipsec/plugins/libstrongswan-hmac.so
@@ -28,6 +29,7 @@ usr/lib/ipsec/plugins/libstrongswan-xcbc.so
 usr/share/strongswan/templates/config/plugins/aes.conf
 usr/share/strongswan/templates/config/plugins/constraints.conf
 usr/share/strongswan/templates/config/plugins/dnskey.conf
+usr/share/strongswan/templates/config/plugins/drbg.conf
 usr/share/strongswan/templates/config/plugins/fips-prf.conf
 usr/share/strongswan/templates/config/plugins/gmp.conf
 usr/share/strongswan/templates/config/plugins/hmac.conf
@@ -52,6 +54,7 @@ usr/share/strongswan/templates/config/plugins/xcbc.conf
 etc/strongswan.d/charon/aes.conf
 etc/strongswan.d/charon/constraints.conf
 etc/strongswan.d/charon/dnskey.conf
+etc/strongswan.d/charon/drbg.conf
 etc/strongswan.d/charon/fips-prf.conf
 etc/strongswan.d/charon/gmp.conf
 etc/strongswan.d/charon/hmac.conf

debian/strongswan-nm.install

 usr/lib/ipsec/charon-nm
-etc/dbus-1/system.d/nm-strongswan-service.conf
+usr/share/dbus-1/system.d/nm-strongswan-service.conf