<div dir="ltr">Hello,<br><br>I am using StrongSwan 5.0.4 (commit 2e12fc4b0aee9434eaf5e42ddc57577df4fe4cb2) compiled from sources on amd64.<br><br>My goal is to establish a tunnel using IAS/ECC smartcards to hold certificates and private keys (in one end).<br>
<br>I managed to have charon correctly interact with the smartcard :<br>(For my configurations: <a href="http://pastebin.com/rXwZTEK9">http://pastebin.com/rXwZTEK9</a>)<br><br>workstation $ sudo ipsec rereadsecrets<br>Jun 12 10:49:09 workstation charon: 14[CFG] found key on PKCS#11 token 'pkcs11-test':1<br>
Jun 12 10:49:11 workstation charon: 14[CFG] loaded private key from %smartcard1:19e69b3cf025053d08b52ffc80a3e8239423393e<br><br>Upgrading from the standard wheezy version (4.5.2) I have to congratulate you for merging the implementation of IKEv1,2 (the two daemons Pluto, Charon).<br>
I first tried to use IKEv1 to initiate the connection and this works great. However, I have a problem when I try to use the key exchange protocol IKEv2.<br><br>By reading the logs, I could tell the error is related to OpenSC (middleware handling the smartcards). It should be noted that the OpenSC version used is not mainstream. To support the IAS/ECC cards I had to use a particular tree found here (<a href="https://github.com/viktorTarasov/OpenSC-SM.git">https://github.com/viktorTarasov/OpenSC-SM.git</a>)<br>
Apparently, there is an error when Strongswan's PKCS11 module calls C_SignInit function of OpenSC. The error returned to Strongswan is MECHANISM_INVALID:<br>(See error in Strongswan logs: <a href="http://pastebin.com/KNt0ykMJ">http://pastebin.com/KNt0ykMJ</a>)<br>
<br>I used a module in OpenSC that spies over transactions. This shows all function calls and arguments.<br>When using IKEv2 :<br>[...]<br>C_SignInit<br>2013-06-11 16:01:32.617<br>[in] hSession = 0x17c6ee0<br>pMechanism->type=CKM_SHA1_RSA_PKCS<br>
[in] hKey = 0x1780a30<br>Returned: 112 CKR_MECHANISM_INVALID<br>[...]<br><br>When using IKEv1 :<br>[...]<br>C_SignInit<br>2013-06-11 16:03:40.237<br>[in] hSession = 0x1ea2280<br>pMechanism->type=CKM_RSA_PKCS<br>[in] hKey = 0x1e5fa30<br>
Returned: 0 CKR_OK<br>[...]<br><br>After some research in StrongSwan's source code, it seems this mechanism is hard-coded and is the only one supported (regardless of the configuration). This can be seen in the file src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c :<br>
82 /* we currently use always SHA1 for signatures,<br> 83 * TODO: support other hashes depending on configuration/auth */<br> 84 scheme = SIGN_RSA_EMSA_PKCS1_SHA1;<br><br>Since everything works fine when using IKEv1 and the only difference (at this point) between IKEv1 and IKEv2 is in the signing mechanism, I have the following questions:<br>
<br>1) Why does changing from IKEv1 to IKEv2 changes the mechanism used with the smartcard (RSA_PKCS to SHA1_RSA_PKCS)?<br><br>2) Would it be possible to change the source code and use RSA_PKCS (which works) in IKEv2, or it is not allowed for some reason by the protocol ?<br>
If it can be used, are there any side effects on security ?<br><br>3) How much time would it take to implement an additional mechanism in StrongSwan (ex. SHA256_RSA_PKCS) ?<br> How should I proceed about doing so?<br>
<br>Any advice would be appreciated,<br><br>Best regards,<br clear="all"><br>-- <br>Hugo Damme<br><br></div>