Re: IKEd support for ECDSA key authentication?
Stu, I am in the US. While I am no lawyer, I believe the export resctrictions are on the actual cryptography software, namely OpenSSL, which is developed in your neck of the woods. As my patch doesn't provide any actual cryptography, just using existing methods, it should be ok. But, as I said, I'm not a lawyer. If you can't use it, I greatly appreciate if someone not in the US would write something similar. Thanks, -Jason On 03/13/13 10:10, Stuart Henderson wrote: Looking at received: headers it looks like you're in the US - if so, and if my understanding of the restrictions is correct, I don't think we would be able to use this diff directly.
Re: IKEd support for ECDSA key authentication?
On 2013/03/13 09:52, Jason Hall wrote: > Reyk, > > I've taken the liberty of patching ca.c, crypto.c, ikev2.h, parse.y, > iked.8 and iked.conf.5. I'm no expert on this, but this seems to > work for me. SAs and Flows are established, it hasn't crashed, and > I'm passing data. > > Let me know what you think. Looking at received: headers it looks like you're in the US - if so, and if my understanding of the restrictions is correct, I don't think we would be able to use this diff directly. > Thanks, > -Jason > > diff -u sbin/iked.orig/ca.c sbin/iked/ca.c > --- sbin/iked.orig/ca.c Tue Mar 12 18:15:44 2013 > +++ sbin/iked/ca.cWed Mar 13 09:17:37 2013 > @@ -346,6 +346,9 @@ > case IKEV2_CERT_RSA_KEY: > ret = ca_validate_pubkey(env, &id, ptr, len); > break; > + case IKEV2_CERT_EC_KEY: > + ret = ca_validate_pubkey(env, &id, ptr, len); > + break; > default: > log_debug("%s: unsupported cert type %d", __func__, type); > ret = -1; > @@ -754,6 +757,7 @@ > int len; > u_int8_t*d; > RSA *rsa; > + EC_KEY *eckey; > > switch (key->type) { > case EVP_PKEY_RSA: > @@ -776,6 +780,26 @@ > > id->id_type = IKEV2_CERT_RSA_KEY; > break; > + case EVP_PKEY_EC: > + id->id_type = 0; > + id->id_offset = 0; > + ibuf_release(id->id_buf); > + > + if ((eckey = EVP_PKEY_get1_EC_KEY(key)) == NULL) > + return (-1); > + if ((len = i2d_ECPrivateKey(eckey, NULL)) <= 0) > + return (-1); > + if ((id->id_buf = ibuf_new(NULL, len)) == NULL) > + return (-1); > + > + d = ibuf_data(id->id_buf); > + if (i2d_ECPrivateKey(eckey, &d) != len) { > + ibuf_release(id->id_buf); > + return (-1); > + } > + > + id->id_type = IKEV2_CERT_EC_KEY; > + break; > default: > log_debug("%s: unsupported key type %d", __func__, key->type); > return (-1); > @@ -819,6 +843,7 @@ > { > BIO *rawcert = NULL; > RSA *rsa = NULL; > + EC_KEY *eckey = NULL; > EVP_PKEY*peerkey = NULL, *localkey = NULL; > int ret = -1; > FILE*fp = NULL; > @@ -856,12 +881,16 @@ > if ((rawcert = BIO_new_mem_buf(data, len)) == NULL) > goto done; > > - if ((rsa = d2i_RSAPublicKey_bio(rawcert, NULL)) == NULL) > - goto sslerr; > + if ((rsa = d2i_RSAPublicKey_bio(rawcert, NULL)) == NULL) { > + if ((eckey = d2i_EC_PUBKEY_bio(rawcert, NULL )) == NULL) > + goto sslerr; > + } > if ((peerkey = EVP_PKEY_new()) == NULL) > goto sslerr; > - if (!EVP_PKEY_set1_RSA(peerkey, rsa)) > - goto sslerr; > + if (!EVP_PKEY_set1_RSA(peerkey, rsa)) { > + if (!EVP_PKEY_set1_EC_KEY(peerkey, eckey)) > + goto sslerr; > + } > } > > lc_string(idstr); > @@ -892,6 +921,8 @@ > EVP_PKEY_free(peerkey); > if (rsa != NULL) > RSA_free(rsa); > + if (eckey != NULL) > + EC_KEY_free(eckey); > if (rawcert != NULL) > BIO_free(rawcert); > > diff -u sbin/iked.orig/crypto.c sbin/iked/crypto.c > --- sbin/iked.orig/crypto.c Tue Mar 12 18:15:44 2013 > +++ sbin/iked/crypto.cWed Mar 13 09:17:37 2013 > @@ -542,6 +542,7 @@ > BIO *rawcert = NULL; > X509*cert = NULL; > RSA *rsa = NULL; > + EC_KEY *eckey = NULL; > EVP_PKEY*pkey = NULL; > > ibuf_release(dsa->dsa_keydata); > @@ -576,6 +577,25 @@ > if ((pkey = EVP_PKEY_new()) == NULL) > goto sslerr; > if (!EVP_PKEY_set1_RSA(pkey, rsa)) > + goto sslerr; > + > + dsa->dsa_cert = NULL; > + dsa->dsa_key = pkey; > + break; > + case IKEV2_CERT_EC_KEY: > + if (dsa->dsa_sign) { > + if ((eckey = d2i_ECPrivateKey_bio(rawcert, > + NULL)) == NULL) > + goto sslerr; > + } else { > + if ((eckey = d2i_EC_PUBKEY_bio(rawcert, > + NULL)) == NULL) > + goto sslerr; > + } > + > + if ((pkey = EVP_PKEY_new()) == NULL) > + goto sslerr; > + if (!EVP_PKEY_set1_EC_KEY(pkey, eckey)) > goto sslerr; > > dsa->dsa_cert = NULL; > diff -u sbin/iked.orig/ike
Re: IKEd support for ECDSA key authentication?
Reyk, I've taken the liberty of patching ca.c, crypto.c, ikev2.h, parse.y, iked.8 and iked.conf.5. I'm no expert on this, but this seems to work for me. SAs and Flows are established, it hasn't crashed, and I'm passing data. Let me know what you think. Thanks, -Jason diff -u sbin/iked.orig/ca.c sbin/iked/ca.c --- sbin/iked.orig/ca.c Tue Mar 12 18:15:44 2013 +++ sbin/iked/ca.c Wed Mar 13 09:17:37 2013 @@ -346,6 +346,9 @@ case IKEV2_CERT_RSA_KEY: ret = ca_validate_pubkey(env, &id, ptr, len); break; + case IKEV2_CERT_EC_KEY: + ret = ca_validate_pubkey(env, &id, ptr, len); + break; default: log_debug("%s: unsupported cert type %d", __func__, type); ret = -1; @@ -754,6 +757,7 @@ int len; u_int8_t*d; RSA *rsa; + EC_KEY *eckey; switch (key->type) { case EVP_PKEY_RSA: @@ -776,6 +780,26 @@ id->id_type = IKEV2_CERT_RSA_KEY; break; + case EVP_PKEY_EC: + id->id_type = 0; + id->id_offset = 0; + ibuf_release(id->id_buf); + + if ((eckey = EVP_PKEY_get1_EC_KEY(key)) == NULL) + return (-1); + if ((len = i2d_ECPrivateKey(eckey, NULL)) <= 0) + return (-1); + if ((id->id_buf = ibuf_new(NULL, len)) == NULL) + return (-1); + + d = ibuf_data(id->id_buf); + if (i2d_ECPrivateKey(eckey, &d) != len) { + ibuf_release(id->id_buf); + return (-1); + } + + id->id_type = IKEV2_CERT_EC_KEY; + break; default: log_debug("%s: unsupported key type %d", __func__, key->type); return (-1); @@ -819,6 +843,7 @@ { BIO *rawcert = NULL; RSA *rsa = NULL; + EC_KEY *eckey = NULL; EVP_PKEY*peerkey = NULL, *localkey = NULL; int ret = -1; FILE*fp = NULL; @@ -856,12 +881,16 @@ if ((rawcert = BIO_new_mem_buf(data, len)) == NULL) goto done; - if ((rsa = d2i_RSAPublicKey_bio(rawcert, NULL)) == NULL) - goto sslerr; + if ((rsa = d2i_RSAPublicKey_bio(rawcert, NULL)) == NULL) { + if ((eckey = d2i_EC_PUBKEY_bio(rawcert, NULL )) == NULL) + goto sslerr; + } if ((peerkey = EVP_PKEY_new()) == NULL) goto sslerr; - if (!EVP_PKEY_set1_RSA(peerkey, rsa)) - goto sslerr; + if (!EVP_PKEY_set1_RSA(peerkey, rsa)) { + if (!EVP_PKEY_set1_EC_KEY(peerkey, eckey)) + goto sslerr; + } } lc_string(idstr); @@ -892,6 +921,8 @@ EVP_PKEY_free(peerkey); if (rsa != NULL) RSA_free(rsa); + if (eckey != NULL) + EC_KEY_free(eckey); if (rawcert != NULL) BIO_free(rawcert); diff -u sbin/iked.orig/crypto.c sbin/iked/crypto.c --- sbin/iked.orig/crypto.c Tue Mar 12 18:15:44 2013 +++ sbin/iked/crypto.c Wed Mar 13 09:17:37 2013 @@ -542,6 +542,7 @@ BIO *rawcert = NULL; X509*cert = NULL; RSA *rsa = NULL; + EC_KEY *eckey = NULL; EVP_PKEY*pkey = NULL; ibuf_release(dsa->dsa_keydata); @@ -576,6 +577,25 @@ if ((pkey = EVP_PKEY_new()) == NULL) goto sslerr; if (!EVP_PKEY_set1_RSA(pkey, rsa)) + goto sslerr; + + dsa->dsa_cert = NULL; + dsa->dsa_key = pkey; + break; + case IKEV2_CERT_EC_KEY: + if (dsa->dsa_sign) { + if ((eckey = d2i_ECPrivateKey_bio(rawcert, + NULL)) == NULL) + goto sslerr; + } else { + if ((eckey = d2i_EC_PUBKEY_bio(rawcert, + NULL)) == NULL) + goto sslerr; + } + + if ((pkey = EVP_PKEY_new()) == NULL) + goto sslerr; + if (!EVP_PKEY_set1_EC_KEY(pkey, eckey)) goto sslerr; dsa->dsa_cert = NULL; diff -u sbin/iked.orig/iked.8 sbin/iked/iked.8 --- sbin/iked.orig/iked.8 Tue Mar 12 18:15:45 2013 +++ sbin/iked/iked.8Wed Mar 13 09:17:37 2013 @@ -46,7 +46,7 @@ .Xr isakmpd 8 . .Pp .Nm -supports mutual authentication using RSA public keys and X.509 certificates. +supports mutual authentication using RSA, or ECDSA, publ
Re: IKEd support for ECDSA key authentication?
Hi! Am 11.03.2013 um 02:04 schrieb Jason Hall : > I recently started using (open)IKEd, and am quite happy with it. Very > easy to configure/use, well documented, and supports many protocols. > Following USA's NSA Suite B security recommendations for which > protocols to use (because if it's good enough for them ...), they > recommend using ECDSA keys for authentication, but IKEd currently only > supports RSA keys. > > Are there plans to support ECDSA keys? All other recommended > protocols (AES GCM, ECDH) are currently supported. > Yes, absolutely! > When attempting to start IKEd (iked -dvv) with ECDSA keys, the error message > is: > ca_key_serialize: unsupported key type 408 > fatal: ca: failed to serialize private key > This part is not implemented but it will be trivial to do. > For more information on Suite B Authentication Methods, check out RFC > 6380 (https://tools.ietf.org/html/rfc6380) section 4.3, and Suite B in > general RFC 6379 (http://tools.ietf.org/html/rfc6379). > Thanks! Reyk
Re: IKEd support for ECDSA key authentication?
On Sun, 10 Mar 2013, Jason Hall wrote: > Are there plans to support ECDSA keys? All other recommended > protocols (AES GCM, ECDH) are currently supported. > > When attempting to start IKEd (iked -dvv) with ECDSA keys, the error message > is: > ca_key_serialize: unsupported key type 408 > fatal: ca: failed to serialize private key > > For more information on Suite B Authentication Methods, check out RFC > 6380 (https://tools.ietf.org/html/rfc6380) section 4.3, and Suite B in > general RFC 6379 (http://tools.ietf.org/html/rfc6379). OpenSSH also has some decent examples for handling ECDSA including serialisation and deserialisation and public value sanity checking. I'm happy to answer questions if someone is implementing it. -d