Hello, I am using StrongSwan 5.0.4 (commit 2e12fc4b0aee9434eaf5e42ddc57577df4fe4cb2) compiled from sources on amd64.
My goal is to establish a tunnel using IAS/ECC smartcards to hold certificates and private keys (in one end). I managed to have charon correctly interact with the smartcard : (For my configurations: http://pastebin.com/rXwZTEK9) workstation $ sudo ipsec rereadsecrets Jun 12 10:49:09 workstation charon: 14[CFG] found key on PKCS#11 token 'pkcs11-test':1 Jun 12 10:49:11 workstation charon: 14[CFG] loaded private key from %smartcard1:19e69b3cf025053d08b52ffc80a3e8239423393e Upgrading from the standard wheezy version (4.5.2) I have to congratulate you for merging the implementation of IKEv1,2 (the two daemons Pluto, Charon). I first tried to use IKEv1 to initiate the connection and this works great. However, I have a problem when I try to use the key exchange protocol IKEv2. By reading the logs, I could tell the error is related to OpenSC (middleware handling the smartcards). It should be noted that the OpenSC version used is not mainstream. To support the IAS/ECC cards I had to use a particular tree found here (https://github.com/viktorTarasov/OpenSC-SM.git) Apparently, there is an error when Strongswan's PKCS11 module calls C_SignInit function of OpenSC. The error returned to Strongswan is MECHANISM_INVALID: (See error in Strongswan logs: http://pastebin.com/KNt0ykMJ) I used a module in OpenSC that spies over transactions. This shows all function calls and arguments. When using IKEv2 : [...] C_SignInit 2013-06-11 16:01:32.617 [in] hSession = 0x17c6ee0 pMechanism->type=CKM_SHA1_RSA_PKCS [in] hKey = 0x1780a30 Returned: 112 CKR_MECHANISM_INVALID [...] When using IKEv1 : [...] C_SignInit 2013-06-11 16:03:40.237 [in] hSession = 0x1ea2280 pMechanism->type=CKM_RSA_PKCS [in] hKey = 0x1e5fa30 Returned: 0 CKR_OK [...] After some research in StrongSwan's source code, it seems this mechanism is hard-coded and is the only one supported (regardless of the configuration). This can be seen in the file src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c : 82 /* we currently use always SHA1 for signatures, 83 * TODO: support other hashes depending on configuration/auth */ 84 scheme = SIGN_RSA_EMSA_PKCS1_SHA1; Since everything works fine when using IKEv1 and the only difference (at this point) between IKEv1 and IKEv2 is in the signing mechanism, I have the following questions: 1) Why does changing from IKEv1 to IKEv2 changes the mechanism used with the smartcard (RSA_PKCS to SHA1_RSA_PKCS)? 2) Would it be possible to change the source code and use RSA_PKCS (which works) in IKEv2, or it is not allowed for some reason by the protocol ? If it can be used, are there any side effects on security ? 3) How much time would it take to implement an additional mechanism in StrongSwan (ex. SHA256_RSA_PKCS) ? How should I proceed about doing so? Any advice would be appreciated, Best regards, -- Hugo Damme
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
