History

UserDocumentation ยป

Integrity Tests

To detect misconfigurations or non-malicious file manipulations, strongSwan 4.3.3 supports integrity checking of the daemons (pluto and charon), libraries (libstrongswan, libhydra, libcharon) and all loaded plugins. This prevents the daemons from using old, incompatible and/or corrupted libraries and plugins.

Integrity testing can not detect malicious manipulations by an attacker: This is not the intention, and doing so would require a trusted computing environment.

The used checksums are not cryptographically secure and only have a length of 32 bits. This is good enough to detect non-malicious errors, FIPS 140-2 actually requires only 16 bit for error detection codes.

Building Checksums

To build strongSwan with integrity checking support, add

--enable-integrity-test

to your ./configure options. This will create checksums of pluto, charon, the libraries and all plugins during the build process. The checksum_builder in src/checksum will create a libchecksum.so shared library containing all checksums.

Verifiying Checksums

To enable integrity checking, you additionally have to enable the

libstrongswan {
  integrity_test = yes
}

option in strongswan.conf.

The following checks are performed:

  • library checksums

    For the libraries, checksums are created both for on-disk integrity and in-memory code integrity. During library initialization both checksums are checked. Library initialization fails if at least one of the checksums does not match.

  • daemon checksums

    If integrity checking is enabled, the daemons check their integrity by calculating the checksum of the file named argv[0] on disk. In-memory checks for pluto and charon are currently not implemented.

  • plugin checksums

    The plugin loader checks each plugin on-disk before loading the shared library. If the check was successful, the plugin gets loaded. Before the plugin gets initialized, the in-memory checksum is verified.

Portability

Integrity testing is currently considered experimental and has been tested on i386 platforms using ELF32 and on x86_64 platforms using ELF64 binaries.

Conflicts

Please be aware that utilities like prelink change ELF executables and libraries and therefore cause the integrity test to fail miserably.