cipherdyne.org

Michael Rash, Security Researcher



Software Release - fwknop-2.0.2

fwknop-2.0.2 released The fwknop-2.0.2 release of fwknop is available for download. This release includes new support for SPA using GPG keys in automated environments, and this particularly affects fwknopd server deployments on systems where the GnuPG engine seems to require gpg-agent or pinentry for passphrase entry associated with GnuPG keys. In addition, a couple of important bug fixes were made to ensure replay attack detection is properly done when SPA packet prefixes are added/removed (this is done to increase the difficulty of using Snort or other IDS to detection SPA packets on the wire).

Here is the complete fwknop-2.0.2 ChangeLog:

  • [server] For GPG mode, added a new access.conf variable "GPG_ALLOW_NO_PW" to make it possible to leverage a server-side GPG key pair that has no associated password. This comes in handy when a system requires the user to leverage gpg-agent / pinentry which can present a problem in automated environments as required by the fwknopd server. Now, it might seem like a problem to remove the passphrase from a GPG key pair, but it's important to note that simply doing this is little worse than storing the passphrase in the clear on disk anyway in the access.conf file. Further, this link helps provide additional detail:

    http://www.gnupg.org/faq/GnuPG-FAQ.html#how-can-i-use-gnupg-in-an-automated-environment

  • [client] In IP resolution mode (-R) changed HTTP connection type to 'close' since there is no need for connection persistence, and indeed the client expects to just get the IP and the connection to be closed. Jonathan Schulz submitted a patch for this.
  • [client] Bug fix to ensure that all data is read via recv() from a remote webserver IP resolution mode (-R). Previously IP resolution could fail if HTTP headers were transferred separately from the data (for whatever reason). Jonathan Schulz submitted a patch for this.
  • [client] Added backup check against a cipherdyne.com 'myip' cgi instance in -R mode if the normal check against cipherdyne.org fails.
  • [server] Bug fix to implement FLUSH_IPT_AT_INIT and FLUSH_IPT_AT_EXIT functionality. These are enabled by default, and now iptables rules added by fwknopd can be made persistant by setting these variables to "N" in the fwknopd.conf file (this is not a recommended setting however).
  • [server] Added FLUSH_IPFW_AT_INIT and FLUSH_IPFW_AT_EXIT for ipfw firewalls to emulate the corresponding functionality that is implemented for iptables firewalls. This was suggested by Jonathan Schulz.
  • [server] Replay attack bug fix to ensure that an attacker cannot force a replay attack by intercepting an SPA packet and the replaying it with the base64 version of "Salted__" (for Rindael) or the "hQ" prefix (for GnuPG). This is an important fix. The following comment was added into the fwknopd code:

    /* Ignore any SPA packets that contain the Rijndael or GnuPG prefixes
     * since an attacker might have tacked them on to a previously seen
     * SPA packet in an attempt to get past the replay check.  And, we're
     * no worse off since a legitimate SPA packet that happens to include
     * a prefix after the outer one is stripped off won't decrypt properly
     * anyway because libfko would not add a new one.
    */
    
  • [server] Fixed a memory leak bug in the replay attack detection code. The leak was found with the test suite in --enable-valgrind mode, and here is the valgrind trace that exposed it:

    44 bytes in 1 blocks are definitely lost in loss record 2 of 2
       at 0x482BE68: malloc (in
       /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
       by 0x490EA50: strdup (strdup.c:43)
       by 0x10CD69: incoming_spa (incoming_spa.c:162)
       by 0x10E000: process_packet (process_packet.c:200)
       by 0x4862E63: ??? (in /usr/lib/i386-linux-gnu/libpcap.so.1.1.1)
       by 0x4865667: pcap_dispatch (in /usr/lib/i386-linux-gnu/libpcap.so.1.1.1)
       by 0x10DABF: pcap_capture (pcap_capture.c:226)
       by 0x10A798: main (fwknopd.c:299)
    
  • [test suite] Added GPG tests for keyrings that have no associated passphrases.
  • [server] Implemented a new check to ensure that the iptables 'comment' match exists to ensure the proper environment for fwknopd operations. This check is controlled by the new ENABLE_IPT_COMMENT_CHECK variable, and was suggested by Hank Leininger.
  • [server] 'make install' fix to ensure restrictive permissions on the /etc/fwknop/ directory and /etc/fwknop/* files. Also updated the 'make install' step to not overwrite any existing config files in /etc/fwknop/ and instead install new copies from the source tree at /etc/fwknop/fwknopd.conf.inst and /etc/fwknop/access.conf.inst
The complete fwknop-2.0.2 ChangeLog can be found here via the fwknop gitweb interface.