From patchwork Sun Jan 19 12:54:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8432 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4YbYND0KhZz3x3f for ; Sun, 19 Jan 2025 12:55:08 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4YbYN855ChzLm; Sun, 19 Jan 2025 12:55:04 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4YbYN82fm7z33y4; Sun, 19 Jan 2025 12:55:04 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4YbYN64hSfz30L0 for ; Sun, 19 Jan 2025 12:55:02 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4YbYN54239zG9; Sun, 19 Jan 2025 12:55:01 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1737291301; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=7W12jEvtNXcyYHF6rU5FDu+8AJ+efweTg/m+gkUbdN8=; b=RzWjPCXcrl6XzlRho+g8gJbh30jIS+IhQgAK+KOx5F3oJflc8Mncek61TrB1t8WRR0/W0H 9jfh96JdixB3uTDA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1737291301; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=7W12jEvtNXcyYHF6rU5FDu+8AJ+efweTg/m+gkUbdN8=; b=Vh+4C++m9hZBMX+4ZXUChRvoCXCbVJDEatiJKlwRXk3IREWrmjCyILRgoGNQySo1ZNeWqM 6wLFLVwjp1SH7M7/50FglvhoEdeH1H2LwsshgjNN8SsQtrs4P3WGmE4TtP4PRTGhZEZtNd ua1/Tg6g00ut8WpwR4OP5ZxO1stFlhihBSfhcAWgDW6m9tAEBtL4M9v1zCoTOWkxoo46NF xhtqsRADzvfg7v0o6Rh8QRYGUcOf/GA1kAHpZNNB+4FA5iwr5WvCc3RxybaBHM9bkZ796b xFSTaGxJoUPx0khgn9/d0/a+bBPf2MT83qNONfhqghFbV4pLKkR9+iRpSTiCog== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] strongswan: Update to version 6.0.0 Date: Sun, 19 Jan 2025 13:54:57 +0100 Message-ID: <20250119125457.7940-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: 4K34JWANQJ47AOLHX3NGKC264K3ULTI3 X-Message-ID-Hash: 4K34JWANQJ47AOLHX3NGKC264K3ULTI3 X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 5.9.14 to 6.0.0 - Update of rootfile - The stroke plugin, which was deprecated in 2014 is no longer enabled by default. So it is now enabled expolicitly in this patch. The stroke plugin is recommended to be migrated to using the vici plugin but this will require a re-write of the ipsec WUI page. Hopefully the removal of the stroke plugin will also take many years as the time between deprecation and default disabling. - Also aes, curve25519, des, fips-prf, gmp, hmac, md5, pkcs12, rc2, sha1 & sha2 are no longer enabled by default. Most of these don 't need to be enabled as they are supported by the openssl plugin whicxh we have had explicitly enabled for some time. The openssl plugin is now enabled by default. After some checks to see which plugins I needed to enable to match the current set of algorithms I ended up only needing\ to explicitly enable fips-prf, mgf1 & hmac. - The ml plugin has also been enbabled so that we have the ML_KEM post quantum key exchange algorithms enabled so they can be made available in the ipsec WUI. - All existing algorithms are available together with the following new ones. XOF_MGF1_SHA3_224 XOF_MGF1_SHA3_256 XOF_MGF1_SHA3_384 XOF_MGF1_SHA3_512 ML_KEM_512 ML_KEM_768 ML_KEM_10245 - I also installed the build using 6.0.0 into a vm testbed system and confirmed that my existing ipsec connection using the default crypto values from the WUI worked without any problems. So existing connections should all be fine. - Changelog 6.0.0 New Feature Additions Support for multiple IKEv2 key exchanges (RFC 9370) has been added (3a850ae). IKE_INTERMEDIATE exchanges (RFC 9242) are used to transport additional KE payloads between the IKE_SA_INIT and IKE_AUTH exchanges. To rekey IKE and Child SAs with multiple key exchanges, IKE_FOLLOWUP_KE exchanges are used, as defined in RFC 9370. In proposals, additional key exchange methods are configured via keX_ prefix, where X is a number between 1 and 7. For example, ke1_mlkem768 adds ML-KEM-768 as additional KE method (works with any key exchange method, whether post-quantum or classic). As with regular key exchanges, peers have to agree on a method for each round unless no algorithms are defined by both or keX_none is configured to make that round explicitly optional. Support for the Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM, FIPS 203), a key exchange method that, at present, is believed to be secure even against adversaries who possess a quantum computer, has been added via Botan 3.6.0+ (botan plugin), wolfSSL 5.7.4+ (wolfssl plugin), AWS-LC 1.37.0+ (openssl plugin), and the new ml plugin. The keywords for ML-KEM-512 (128 bits security strength), ML-KEM-768 (192 bits), ML-KEM-1024 (256 bits) are mlkem512, mlkem768 and mlkem1024, respectively. AF_VSOCK sockets can be used on Linux to communicate with a daemon that runs in a VM (e.g. via the vici plugin). The file logger can optionally log messages as JSON objects (a2fba6d, bea1f11, see the docs for details), and can add timestamps in microseconds via the new time_precision setting (#2475). Enhancements and Optimizations Handling of CHILD_SA rekey collisions has been improved (d2b2e1b). This makes CHILD_SAs properly trackable via child_rekey() hook and some corner cases are also handled correctly e.g. if a responder's DELETE for the new CHILD_SA arrives before its CREATE_CHILD_SA response that creates that SA in the first place. Also handled properly are responders of rekeyings that incorrectly send a DELETE for the old CHILD_SA (previously, this caused both, the new and the old SA, to get deleted). The behavior when reloading or unloading connections that include start in their start_action has been improved (#2324, #2418). If no identity is configured but a certificate is available, the subject DN is used instead of the IP address (#2353). The cert-enroll script now supports three generations of CA certificates (f59ca96). IKE ports are now considered when matching connections (9228a51, 6928709). The base address of in-memory IP address pools is now reported as configured (#2264). IKE fragment sizes can be configured for each address family explicitly (84bd011). The openssl plugin can use the EVP_DigestSqueeze() API for XOFs, which was introduced with OpenSSL 3.3 (3d0f695). The kernel-netlink plugin explicitly configures the direction of IPsec SAs when running on 6.10+ kernels (abdc787). The Android app was updated for compatibility with Android 14 (740cbb2), a bug was fixed that affects importing already existing VPN profiles (9b9cf20). Fixes The NetworkManager plugin (charon-nm) now uses a different routing table than the regular IKE daemon to avoid conflicts if both are running (#2230). TUN devices can properly handle IPv6 addresses (fccc764) and routes via them are now correctly installed on FreeBSD (bf165af). Reassigning a matching online lease is now preferred over an offline lease by the in-memory IP address pool to avoid conflicts with make-before-break reauthentication and multiple IKE_SAs per identity (#2472). To avoid conflicts with other processes when using ephemeral UDP ports, the socket-default plugin now always opens IPv4 sockets before IPv6 sockets (#2494). Challenge passwords in PKCS#10 containers are again encoded as PrintableString if possible to be compatible with older SCEP implementations (8e88d56). The vici plugin now uses the same ESP proposals (AEAD before regular) when configuring default instead of not configuring esp_proposals at all (8e020bc). Fixed handling of adopted reqids during IKEv1 rekeying (d02aea9, bug was introduced in 5.9.12). A typo in the cert-enroll script prevented successful signalling of a change of the sub CA certificate (957aae8). Plugin and Configuration Changes The legacy stroke plugin is no longer enabled by default and must be enabled explicitly. The openssl plugin is now enabled by default, while the following crypto plugins are no longer enabled by default: aes, curve25519, des, fips-prf, gmp, hmac, md5, pkcs12, rc2, sha1, sha2. The following deprecated plugins have been removed: bliss (signature scheme), newhope (key exchange method), ntru (key exchange method). charon.make_before_break is now enabled by default, which initiates IKEv2 reauthentication with a make-before-break instead of a break-before-make scheme. Make-before-break creates overlapping IKE and Child SA during reauthentication by first recreating all SAs before deleting the old ones. This behavior can be beneficial to avoid connectivity gaps during reauthentication (unlike rekeying still not completely without interruption), but requires support for overlapping SAs by the peer. strongSwan can handle such overlapping SAs since version 5.3.0. For Developers Using the child_rekey() hook now allows tracking CHILD_SAs correctly in case of rekey collisions. The event is generally only triggered once after installing the outbound SA for the new/winning CHILD_SA. However, in some cases the event is triggered twice, but it is now ensured that listeners can properly transition to the winning SA. Refer to the documentation of key_exchange_method_t interface to learn how KEMs can be implemented in plugins. The format of key exchange test vectors has been changed so they can be used for KEMs and classic DH methods (4067678). The NetworkManager frontend's build files have been updated to not rely on gnome-common. It now also uses gettext directly instead of intltool (5019e3e). Performance of running tests in the testing environment has been improved. Refer to the 6.0.0 milestone for a list of all closed issues and pull requests. Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- config/rootfiles/common/strongswan | 30 +++++------------------------- lfs/strongswan | 13 ++++++++----- 2 files changed, 13 insertions(+), 30 deletions(-) diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan index a5f256e02..cd446d1e9 100644 --- a/config/rootfiles/common/strongswan +++ b/config/rootfiles/common/strongswan @@ -14,7 +14,6 @@ etc/strongswan.d etc/strongswan.d/charon etc/strongswan.d/charon-logging.conf etc/strongswan.d/charon.conf -etc/strongswan.d/charon/aes.conf etc/strongswan.d/charon/attr.conf etc/strongswan.d/charon/ccm.conf etc/strongswan.d/charon/chapoly.conf @@ -23,8 +22,6 @@ etc/strongswan.d/charon/constraints.conf etc/strongswan.d/charon/counters.conf etc/strongswan.d/charon/ctr.conf etc/strongswan.d/charon/curl.conf -etc/strongswan.d/charon/curve25519.conf -etc/strongswan.d/charon/des.conf etc/strongswan.d/charon/dhcp.conf etc/strongswan.d/charon/dnskey.conf etc/strongswan.d/charon/drbg.conf @@ -38,26 +35,22 @@ etc/strongswan.d/charon/farp.conf etc/strongswan.d/charon/fips-prf.conf etc/strongswan.d/charon/gcm.conf etc/strongswan.d/charon/gcrypt.conf -etc/strongswan.d/charon/gmp.conf etc/strongswan.d/charon/hmac.conf etc/strongswan.d/charon/kdf.conf etc/strongswan.d/charon/kernel-netlink.conf -etc/strongswan.d/charon/md5.conf etc/strongswan.d/charon/mgf1.conf +etc/strongswan.d/charon/ml.conf etc/strongswan.d/charon/nonce.conf etc/strongswan.d/charon/openssl.conf etc/strongswan.d/charon/pem.conf etc/strongswan.d/charon/pgp.conf etc/strongswan.d/charon/pkcs1.conf -etc/strongswan.d/charon/pkcs12.conf etc/strongswan.d/charon/pkcs7.conf etc/strongswan.d/charon/pkcs8.conf etc/strongswan.d/charon/pubkey.conf etc/strongswan.d/charon/random.conf etc/strongswan.d/charon/resolve.conf etc/strongswan.d/charon/revocation.conf -etc/strongswan.d/charon/sha1.conf -etc/strongswan.d/charon/sha2.conf etc/strongswan.d/charon/sha3.conf etc/strongswan.d/charon/socket-default.conf etc/strongswan.d/charon/sshkey.conf @@ -73,7 +66,6 @@ etc/strongswan.d/pki.conf etc/strongswan.d/starter.conf etc/strongswan.d/swanctl.conf #etc/swanctl -etc/swanctl/bliss etc/swanctl/conf.d etc/swanctl/ecdsa etc/swanctl/pkcs12 @@ -111,7 +103,6 @@ usr/lib/ipsec/libvici.so usr/lib/ipsec/libvici.so.0 usr/lib/ipsec/libvici.so.0.0.0 #usr/lib/ipsec/plugins -usr/lib/ipsec/plugins/libstrongswan-aes.so usr/lib/ipsec/plugins/libstrongswan-attr.so usr/lib/ipsec/plugins/libstrongswan-ccm.so usr/lib/ipsec/plugins/libstrongswan-chapoly.so @@ -120,8 +111,6 @@ usr/lib/ipsec/plugins/libstrongswan-constraints.so usr/lib/ipsec/plugins/libstrongswan-counters.so usr/lib/ipsec/plugins/libstrongswan-ctr.so usr/lib/ipsec/plugins/libstrongswan-curl.so -usr/lib/ipsec/plugins/libstrongswan-curve25519.so -usr/lib/ipsec/plugins/libstrongswan-des.so usr/lib/ipsec/plugins/libstrongswan-dhcp.so usr/lib/ipsec/plugins/libstrongswan-dnskey.so usr/lib/ipsec/plugins/libstrongswan-drbg.so @@ -135,26 +124,24 @@ usr/lib/ipsec/plugins/libstrongswan-farp.so usr/lib/ipsec/plugins/libstrongswan-fips-prf.so usr/lib/ipsec/plugins/libstrongswan-gcm.so usr/lib/ipsec/plugins/libstrongswan-gcrypt.so -usr/lib/ipsec/plugins/libstrongswan-gmp.so usr/lib/ipsec/plugins/libstrongswan-hmac.so usr/lib/ipsec/plugins/libstrongswan-kdf.so usr/lib/ipsec/plugins/libstrongswan-kernel-netlink.so -usr/lib/ipsec/plugins/libstrongswan-md5.so usr/lib/ipsec/plugins/libstrongswan-mgf1.so +usr/lib/ipsec/plugins/libstrongswan-ml.so +usr/lib/ipsec/plugins/libstrongswan-ml.so.0 +usr/lib/ipsec/plugins/libstrongswan-ml.so.0.0.0 usr/lib/ipsec/plugins/libstrongswan-nonce.so usr/lib/ipsec/plugins/libstrongswan-openssl.so usr/lib/ipsec/plugins/libstrongswan-pem.so usr/lib/ipsec/plugins/libstrongswan-pgp.so usr/lib/ipsec/plugins/libstrongswan-pkcs1.so -usr/lib/ipsec/plugins/libstrongswan-pkcs12.so usr/lib/ipsec/plugins/libstrongswan-pkcs7.so usr/lib/ipsec/plugins/libstrongswan-pkcs8.so usr/lib/ipsec/plugins/libstrongswan-pubkey.so usr/lib/ipsec/plugins/libstrongswan-random.so usr/lib/ipsec/plugins/libstrongswan-resolve.so usr/lib/ipsec/plugins/libstrongswan-revocation.so -usr/lib/ipsec/plugins/libstrongswan-sha1.so -usr/lib/ipsec/plugins/libstrongswan-sha2.so usr/lib/ipsec/plugins/libstrongswan-sha3.so usr/lib/ipsec/plugins/libstrongswan-socket-default.so usr/lib/ipsec/plugins/libstrongswan-sshkey.so @@ -202,7 +189,6 @@ usr/sbin/swanctl #usr/share/strongswan/templates #usr/share/strongswan/templates/config #usr/share/strongswan/templates/config/plugins -#usr/share/strongswan/templates/config/plugins/aes.conf #usr/share/strongswan/templates/config/plugins/attr.conf #usr/share/strongswan/templates/config/plugins/ccm.conf #usr/share/strongswan/templates/config/plugins/chapoly.conf @@ -211,8 +197,6 @@ usr/sbin/swanctl #usr/share/strongswan/templates/config/plugins/counters.conf #usr/share/strongswan/templates/config/plugins/ctr.conf #usr/share/strongswan/templates/config/plugins/curl.conf -#usr/share/strongswan/templates/config/plugins/curve25519.conf -#usr/share/strongswan/templates/config/plugins/des.conf #usr/share/strongswan/templates/config/plugins/dhcp.conf #usr/share/strongswan/templates/config/plugins/dnskey.conf #usr/share/strongswan/templates/config/plugins/drbg.conf @@ -226,26 +210,22 @@ usr/sbin/swanctl #usr/share/strongswan/templates/config/plugins/fips-prf.conf #usr/share/strongswan/templates/config/plugins/gcm.conf #usr/share/strongswan/templates/config/plugins/gcrypt.conf -#usr/share/strongswan/templates/config/plugins/gmp.conf #usr/share/strongswan/templates/config/plugins/hmac.conf #usr/share/strongswan/templates/config/plugins/kdf.conf #usr/share/strongswan/templates/config/plugins/kernel-netlink.conf -#usr/share/strongswan/templates/config/plugins/md5.conf #usr/share/strongswan/templates/config/plugins/mgf1.conf +#usr/share/strongswan/templates/config/plugins/ml.conf #usr/share/strongswan/templates/config/plugins/nonce.conf #usr/share/strongswan/templates/config/plugins/openssl.conf #usr/share/strongswan/templates/config/plugins/pem.conf #usr/share/strongswan/templates/config/plugins/pgp.conf #usr/share/strongswan/templates/config/plugins/pkcs1.conf -#usr/share/strongswan/templates/config/plugins/pkcs12.conf #usr/share/strongswan/templates/config/plugins/pkcs7.conf #usr/share/strongswan/templates/config/plugins/pkcs8.conf #usr/share/strongswan/templates/config/plugins/pubkey.conf #usr/share/strongswan/templates/config/plugins/random.conf #usr/share/strongswan/templates/config/plugins/resolve.conf #usr/share/strongswan/templates/config/plugins/revocation.conf -#usr/share/strongswan/templates/config/plugins/sha1.conf -#usr/share/strongswan/templates/config/plugins/sha2.conf #usr/share/strongswan/templates/config/plugins/sha3.conf #usr/share/strongswan/templates/config/plugins/socket-default.conf #usr/share/strongswan/templates/config/plugins/sshkey.conf diff --git a/lfs/strongswan b/lfs/strongswan index 9b2a5bc9f..4241bf0ca 100644 --- a/lfs/strongswan +++ b/lfs/strongswan @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 5.9.14 +VER = 6.0.0 THISAPP = strongswan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 8b64903cfa087d42ae0895e7c11a2fcbd9c6a4a4241548d947753e081a4a4e3c5946e5cf4bbd326840e596e51c61554146f007e6882f11c874454b9480f6f7a6 +$(DL_FILE)_BLAKE2 = acb7c76dd3f4ce88ddc9d81c1f831d37c1975441f73af4025049d495c4103e3d4bf132fce4dd85b148cc58e130dd9609383c8eae569f4a3cb55c56f0ac03f9da install : $(TARGET) @@ -95,8 +95,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --enable-eap-identity \ --enable-chapoly \ --enable-sha3 \ - --disable-padlock \ - --disable-rc2 \ + --enable-stroke \ + --enable-fips-prf \ + --enable-mgf1 \ + --enable-hmac \ + --enable-ml \ $(CONFIGURE_OPTIONS) cd $(DIR_APP) && make $(MAKETUNING)