Hi Bob, > Does StrongSwan (5.3.x) support IKEV2 authentication payload RSA > signatures using a sha-256 as the hash digest function?
If you are referring to the classic IKEv2 authentication methods (type 1 - RSA, or 9-11 - ECDSA) then no, but strongSwan supports RFC 7427 (type 14 - Digital Signature), which supports signatures with SHA-256/384/512. > The 5.3.0 change log mentions support for RFC 7427, but it’s not clear > if StrongSwan added stronger hash support for both RSA and ECDSA, or > just ECDSA. Since 5.3.0 strongSwan supports that RFC for both key types (and BLISS). But nothing changed in regards to the classic IKEv2 public key authentication schemes. > I’m testing against another IKE client, which is using sha256 as the > digest, and I’m getting this StrongSwan log: > > */ “expected hash algorithm HASH_SHA1, but found HASH_SHA256 (OID: > 30:0d:06:09:60:86:48:01:65:03:04:02:01:05:00)”/* The other client probably does not support RFC 7427 but instead just uses SHA-256 instead of SHA-1 to generate a classic IKEv2 signature. The latter is not supported by strongSwan, which will always assume SHA-1 for the classic authentication methods. If you want to use stronger hashes you'll need a client that supports RFC 7427 (or you patch strongSwan so a different hash algorithm is used by default, but that would only work with peers that do the same). Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
