[strongSwan-dev] StrongSwan 5.0.4 and IAS/ECC smartcards
hugo.damme at gmail.com
Fri Jun 14 15:53:51 CEST 2013
I am using StrongSwan 5.0.4 (commit
2e12fc4b0aee9434eaf5e42ddc57577df4fe4cb2) compiled from sources on amd64.
My goal is to establish a tunnel using IAS/ECC smartcards to hold
certificates and private keys (in one end).
I managed to have charon correctly interact with the smartcard :
(For my configurations: http://pastebin.com/rXwZTEK9)
workstation $ sudo ipsec rereadsecrets
Jun 12 10:49:09 workstation charon: 14[CFG] found key on PKCS#11 token
Jun 12 10:49:11 workstation charon: 14[CFG] loaded private key from
Upgrading from the standard wheezy version (4.5.2) I have to congratulate
you for merging the implementation of IKEv1,2 (the two daemons Pluto,
I first tried to use IKEv1 to initiate the connection and this works great.
However, I have a problem when I try to use the key exchange protocol IKEv2.
By reading the logs, I could tell the error is related to OpenSC
(middleware handling the smartcards). It should be noted that the OpenSC
version used is not mainstream. To support the IAS/ECC cards I had to use a
particular tree found here (https://github.com/viktorTarasov/OpenSC-SM.git)
Apparently, there is an error when Strongswan's PKCS11 module calls
C_SignInit function of OpenSC. The error returned to Strongswan is
(See error in Strongswan logs: http://pastebin.com/KNt0ykMJ)
I used a module in OpenSC that spies over transactions. This shows all
function calls and arguments.
When using IKEv2 :
[in] hSession = 0x17c6ee0
[in] hKey = 0x1780a30
Returned: 112 CKR_MECHANISM_INVALID
When using IKEv1 :
[in] hSession = 0x1ea2280
[in] hKey = 0x1e5fa30
Returned: 0 CKR_OK
After some research in StrongSwan's source code, it seems this mechanism is
hard-coded and is the only one supported (regardless of the configuration).
This can be seen in the file
82 /* we currently use always SHA1 for signatures,
83 * TODO: support other hashes depending on
84 scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
Since everything works fine when using IKEv1 and the only difference (at
this point) between IKEv1 and IKEv2 is in the signing mechanism, I have the
1) Why does changing from IKEv1 to IKEv2 changes the mechanism used with
the smartcard (RSA_PKCS to SHA1_RSA_PKCS)?
2) Would it be possible to change the source code and use RSA_PKCS (which
works) in IKEv2, or it is not allowed for some reason by the protocol ?
If it can be used, are there any side effects on security ?
3) How much time would it take to implement an additional mechanism in
StrongSwan (ex. SHA256_RSA_PKCS) ?
How should I proceed about doing so?
Any advice would be appreciated,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev