Integrity Tests¶
To detect misconfigurations or non-malicious file manipulations, strongSwan 4.3.3 supports integrity checking of the executables, libraries (libstrongswan, libhydra, libcharon etc.) and all loaded plugins. This prevents the IKE daemon from using old, incompatible and/or corrupted libraries and plugins.
Integrity testing can not detect malicious manipulations by an attacker: This is not the intention, and doing so would require a trusted computing environment.
The used checksums are not cryptographically secure and only have a length of 32 bits. This is good enough to detect non-malicious errors, FIPS 140-2 actually requires only 16 bit for error detection codes.
Building Checksums¶
To build strongSwan with integrity checking support, add
--enable-integrity-test
to your ./configure options. This will create checksums of executables (like charon), the libraries and all plugins during the build/installation process. The checksum_builder in src/checksum will create a libchecksum.so shared library containing all checksums.
Verifiying Checksums¶
To enable integrity checking, you additionally have to enable the
libstrongswan { integrity_test = yes }
option in strongswan.conf.
The following checks are performed:
- library checksums
For the libraries, checksums are created both for on-disk integrity and in-memory code integrity. During library initialization both checksums are checked. Library initialization fails if at least one of the checksums does not match.
- executable checksums
If integrity checking is enabled, the executables check their integrity by calculating the checksum of the file named
argv[0]
on disk. In-memory checks are currently not implemented.
- plugin checksums
The plugin loader checks each plugin on-disk before loading the shared library. If the check was successful, the plugin gets loaded. Before the plugin gets initialized, the in-memory checksum is verified.
Portability¶
Integrity testing is currently considered experimental and has been tested on i386 platforms using ELF32 and on x86_64 platforms using ELF64 binaries.
Conflicts¶
Please be aware that utilities like strip or prelink change ELF executables and libraries and therefore cause the integrity test to fail miserably.