[strongSwan-dev] StrongSwan 5.0.4 and IAS/ECC smartcards

Hugo Damme hugo.damme at gmail.com
Fri Jun 14 15:53:51 CEST 2013 

Hello,

I am using StrongSwan 5.0.4 (commit
2e12fc4b0aee9434eaf5e42ddc57577df4fe4cb2) compiled from sources on amd64.

My goal is to establish a tunnel using IAS/ECC smartcards to hold
certificates and private keys (in one end).

I managed to have charon correctly interact with the smartcard :
(For my configurations: http://pastebin.com/rXwZTEK9)

workstation $ sudo ipsec rereadsecrets
Jun 12 10:49:09 workstation charon: 14[CFG] found key on PKCS#11 token
'pkcs11-test':1
Jun 12 10:49:11 workstation charon: 14[CFG]   loaded private key from
%smartcard1:19e69b3cf025053d08b52ffc80a3e8239423393e

Upgrading from the standard wheezy version (4.5.2) I have to congratulate
you for merging the implementation of IKEv1,2 (the two daemons Pluto,
Charon).
I first tried to use IKEv1 to initiate the connection and this works great.
However, I have a problem when I try to use the key exchange protocol IKEv2.

By reading the logs, I could tell the error is related to OpenSC
(middleware handling the smartcards). It should be noted that the OpenSC
version used is not mainstream. To support the IAS/ECC cards I had to use a
particular tree found here (https://github.com/viktorTarasov/OpenSC-SM.git)
Apparently, there is an error when Strongswan's PKCS11 module calls
C_SignInit function of OpenSC. The error returned to Strongswan is
MECHANISM_INVALID:
(See error in Strongswan logs: http://pastebin.com/KNt0ykMJ)

I used a module in OpenSC that spies over transactions. This shows all
function calls and arguments.
When using IKEv2 :
[...]
C_SignInit
2013-06-11 16:01:32.617
[in] hSession = 0x17c6ee0
pMechanism->type=CKM_SHA1_RSA_PKCS
[in] hKey = 0x1780a30
Returned:  112 CKR_MECHANISM_INVALID
[...]

When using IKEv1 :
[...]
C_SignInit
2013-06-11 16:03:40.237
[in] hSession = 0x1ea2280
pMechanism->type=CKM_RSA_PKCS
[in] hKey = 0x1e5fa30
Returned:  0 CKR_OK
[...]

After some research in StrongSwan's source code, it seems this mechanism is
hard-coded and is the only one supported (regardless of the configuration).
This can be seen in the file
src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c :
  82             /* we currently use always SHA1 for signatures,
  83              * TODO: support other hashes depending on
configuration/auth */
  84             scheme = SIGN_RSA_EMSA_PKCS1_SHA1;

Since everything works fine when using IKEv1  and the only difference (at
this point) between IKEv1 and IKEv2 is in the signing mechanism, I have the
following questions:

1) Why does changing from IKEv1 to IKEv2 changes the mechanism used with
the smartcard (RSA_PKCS to SHA1_RSA_PKCS)?

2) Would it be possible to change the source code and use RSA_PKCS (which
works) in IKEv2, or it is not allowed for some reason by the protocol ?
    If it can be used, are there any side effects on security ?

3) How much time would it take to implement an additional mechanism in
StrongSwan (ex. SHA256_RSA_PKCS) ?
     How should I proceed about doing so?

Any advice would be appreciated,

Best regards,

-- 
Hugo Damme
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130614/521f7a8e/attachment.html>

More information about the Dev mailing list