Hello Noel, actually the compile option --enable-integrity-test generates a checksum [which currently is not cryptographically strong] stored in src/checksum/checksum.c of each strongSwan plugin and library and includes the checksums in a struct in the charon daemon code. This guarantees that the daemon always loads the correct version of the plugins and libraries.
Best regards Andreas On 19.05.2017 00:18, Noel Kuntze wrote: > Hello list, > > I am working on implementing version checking for plugins to prevent the > mixing of different > library and plugin versions. This has accidently happened in the past and > caused issues. > Implementing this will reduce the work load in support slightly. > > The code I wrote thus far is in the "plugin-version-check" branch[1] in my > strongSwan repo fork[2] > > It works by accessing the "version" attribute of the public interface of the > plugin during load time > and compares it with the "version" attribute of libstrongswan. That obviously > requires ever plugin > to have that attribute set. > > I stumbled upon the problem, that to define a plugin's version and make sure > that it is included in the shared object > statically, I'd need to touch that plugin's source files. So if I wanted to > introduce version checking, > I'd need to edit every single plugin and at the same time, it will cause that > third party plugins won't build > without changes. > > Is there another solution to this problem? > > Kind regards, > Noel > > [1] https://github.com/Thermi/strongswan/tree/plugin-version-check > [2] https://github.com/Thermi/strongswan/ > -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Networked Solutions HSR University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[INS-HSR]==
/**
* checksums of files and loaded code segments.
* created by /home/andi/strongswan/src/checksum/.libs/lt-checksum_builder
*/
#include <library.h>
integrity_checksum_t checksums[] = {
{"libstrongswan", 2319016, 0x9d05faea, 381148, 0x3e17e029},
{"libtls", 607080, 0x56a04cb8, 86228, 0x826ea3b5},
{"libradius", 130816, 0x6a655071, 21636, 0x7dcaae58},
{"libnttfft", 32632, 0x66d4671e, 13964, 0xd0bdf081},
{"libpttls", 151048, 0xecb68e12, 16740, 0x20ab0006},
{"libtpmtss", 146232, 0x2e8c0576, 19652, 0x7ecaf0aa},
{"libtnccs", 106576, 0x11f116ad, 11204, 0x80475dd8},
{"libimcv", 1616176, 0xca17d2ce, 247324, 0xe146ed84},
{"libcharon", 6507600, 0x0b11378a, 561172, 0x62785877},
{"charon", 113112, 0x4f1ea6e1, 0, 0x00000000},
{"charon-systemd", 113328, 0x6d294f1d, 0, 0x00000000},
{"scepclient", 159096, 0x469000f2, 0, 0x00000000},
{"pki", 574928, 0x9d3f3b18, 0, 0x00000000},
{"swanctl", 469720, 0xec118a8a, 0, 0x00000000},
{"attest", 204456, 0x282726e0, 0, 0x00000000},
{"test-vectors", 252080, 0x8d92168d, 85820, 0xd08cd6c5},
{"rc2", 40080, 0xac777859, 5092, 0x1c260a00},
{"sha2", 55872, 0x3c460eea, 10180, 0xe87faccb},
{"sha3", 47640, 0xfba7c1de, 7428, 0x6eea39b7},
{"sha1", 50144, 0x490fa0a2, 9676, 0xb3f80ffa},
{"mgf1", 64760, 0x02a7b91e, 4468, 0x02177e6b},
{"random", 59592, 0x9b126660, 4700, 0x62dd644d},
{"nonce", 52776, 0x5cdc7c52, 2772, 0x15218107},
{"x509", 440600, 0xa56f1032, 76084, 0x913f5687},
{"revocation", 110432, 0x9708fcad, 11748, 0x0664c0cc},
{"constraints", 107616, 0x5db323b2, 9140, 0x40aecd00},
{"pubkey", 64712, 0x1020fd16, 5532, 0x04e2fd16},
{"pkcs1", 116728, 0x29c6a985, 9340, 0x85f29ca8},
{"pkcs7", 195544, 0xbf8d3458, 25596, 0xf0779b77},
{"pkcs8", 63440, 0x6c8a69cc, 4708, 0x2063572d},
{"pkcs12", 79288, 0xf14ce7cc, 8116, 0x34bd1465},
{"pgp", 157800, 0xef8d9649, 13492, 0xc019d18e},
{"dnskey", 85960, 0xd0ab3929, 4332, 0x26cf42c6},
{"sshkey", 103464, 0x20794c3e, 8628, 0x3305bbff},
{"pem", 135720, 0xfeb1cc31, 12652, 0x75fcd566},
{"openssl", 627480, 0xc6d14b59, 76860, 0xaed69699},
{"gmp", 181744, 0xd006d237, 23612, 0xf854bdea},
{"curve25519", 488504, 0xdb2f23b9, 90228, 0xf1e7b8fc},
{"chapoly", 153680, 0x61dd05e5, 18524, 0x7022f692},
{"xcbc", 76224, 0x947a5602, 7092, 0x35f72cea},
{"cmac", 75368, 0x6a8fddd3, 7132, 0xcd7489a2},
{"hmac", 62824, 0x23d0dabe, 4532, 0x560d79a0},
{"ntru", 213120, 0x7e05b98d, 29892, 0xa93297f0},
{"newhope", 119112, 0x7300fe2d, 11604, 0x7ab05d5f},
{"bliss", 229128, 0xaa9f1e9e, 34300, 0x93a84dd5},
{"curl", 55888, 0x04b8b60a, 7716, 0x880498e9},
{"sqlite", 46624, 0x92345ae2, 9108, 0x585f88b2},
{"tpm", 92288, 0x69bc0611, 5628, 0x17001e35},
{"tnc-imv", 194896, 0xe638b2fb, 26596, 0xc9382994},
{"tnc-tnccs", 119664, 0xd0f49dfa, 15348, 0xed861a11},
{"tnccs-20", 379264, 0xfe88b08c, 53244, 0x829da6a1},
{"attr", 145824, 0xc3128ec0, 7484, 0x4c4ae168},
{"kernel-netlink", 472120, 0x1985eacc, 74956, 0x4985dd70},
{"resolve", 138656, 0x876fd8bc, 8796, 0xa2e0f293},
{"socket-default", 125112, 0x2167dd92, 10388, 0x043a38cb},
{"farp", 183456, 0x9de3e3cb, 6580, 0x1562580d},
{"vici", 863328, 0xfc53d24a, 116444, 0x9986b38a},
{"updown", 193152, 0xbb811e5a, 10828, 0x340308a5},
{"eap-identity", 38928, 0xb8c74b9e, 4308, 0x69b506a7},
{"eap-md5", 109552, 0xc02edf15, 5972, 0x194e31ac},
{"eap-dynamic", 109416, 0xab696873, 6236, 0xb3c2822a},
{"eap-radius", 568752, 0xbb2c65a4, 45756, 0x5918f560},
{"eap-tls", 65664, 0x41309deb, 4284, 0xfb144756},
{"eap-ttls", 203752, 0x7821e65e, 13508, 0x6a2ac768},
{"eap-tnc", 118040, 0x30689c56, 6764, 0x3fedceda},
{"xauth-generic", 106896, 0x078cd883, 5748, 0x02d080c4},
{"tnc-ifmap", 301968, 0x69ee2955, 23036, 0xa1188c8f},
{"tnc-pdp", 216872, 0xa023a9cc, 19748, 0xbd9e2310},
{"dhcp", 232272, 0xa3f1b07a, 16004, 0xad93a12b},
};
int checksum_count = countof(checksums);
smime.p7s
Description: S/MIME Cryptographic Signature
