[strongSwan] Strongswan IPsec gateway intergrated with TNC server segfaults with TNCCS1.1

Avesh Agarwal avesh.ncsu at gmail.com
Wed Jun 19 19:31:43 CEST 2013 

Hello,

I followed these wikis to setup strongswan IPsec client and server with
integrated TNC client and server respectively for TPM based remote
attestation withh PTS-IMC and PTS-IMV.

http://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMC

http://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMV

Everything works as described above with TNCCS2.0 and TPM based remote
attestation is successful. However when I change protocol to tnccs1.1 in
strongswan.conf, strongswan ipsec gateway crashes and the back trace is
here:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fbc0bbe4700 (LWP 22551)]
0x00007fbc1300b48e in get_my_public_value (this=0x7fbbc40020b0,
value=0x7fbc0bbe3550, nonce=0x7fbc0bbe3560) at pts/pts.c:221
221        this->dh->get_my_public_value(this->dh, value);
(gdb) bt
#0  0x00007fbc1300b48e in get_my_public_value (this=0x7fbbc40020b0,
value=0x7fbc0bbe3550, nonce=0x7fbc0bbe3560) at pts/pts.c:221
#1  0x00007fbc1343b80e in imv_attestation_build
(out_msg=out_msg at entry=0x7fbbc8001850,

    attestation_state=attestation_state at entry=0x7fbbc4001820,
supported_algorithms=PTS_MEAS_ALGO_SHA1,
    supported_dh_groups=<optimized out>, pts_db=0x2071460) at
imv_attestation_build.c:115
#2  0x00007fbc13439da2 in send_message (out_msg=0x7fbbc8001850,
state=0x7fbbc4001820) at imv_attestation.c:179
#3  receive_message (state=0x7fbbc4001820, in_msg=in_msg at entry=0x7fbbc8005110)
at imv_attestation.c:310
#4  0x00007fbc1343a197 in TNC_IMV_ReceiveMessage (imv_id=<optimized out>,
connection_id=<optimized out>, msg=0x7fbbc80055f0 "\001",
    msg_len=70, msg_type=1) at imv_attestation.c:385
#5  0x00007fbc13a5e08f in receive_message (this=0x205f930, connection_id=1,
excl=false, msg=0x7fbbc80055f0 "\001", msg_len=70, msg_vid=0,
    msg_subtype=1, src_imc_id=0, dst_imv_id=65535) at tnc_imv_manager.c:433
#6  0x00007fbc1406df96 in handle_message (msg=<optimized out>,
this=0x7fbbc4000a70) at tnccs_11.c:214
#7  process (this=0x7fbbc4000a70, buf=0x7fbbc80012e6, buflen=675) at
tnccs_11.c:364
#8  0x00007fbc14c97202 in process_pkt (this=0x7fbbd0000e20,
this=0x7fbbd0000e20, pkt=0x7fbbc80012e0) at tls_eap.c:180
#9  process (this=0x7fbbd0000e20, in=..., out=0x7fbc0bbe38c0) at
tls_eap.c:377
#10 0x00007fbc14888b78 in process (this=0x7fbbd0000900, in=<optimized out>,
out=0x7fbbd8003588) at eap_tnc.c:110
#11 0x00007fbc14ea6420 in process (this=0x7fbbd8003550, reader=<optimized
out>) at eap_ttls_server.c:262
#12 0x00007fbc14c930a0 in process_application (reader=0x7fbbc80009b0,
this=0x7fbbd8004940) at tls_fragmentation.c:219
#13 process (this=0x7fbbd8004940, type=TLS_APPLICATION_DATA, data=...) at
tls_fragmentation.c:270
#14 0x00007fbc14c9c2e8 in process (this=0x7fbbd8003fb0, buf=0x7fbbc8000fca,
buflen=741) at tls.c:242
#15 0x00007fbc14c97202 in process_pkt (this=0x7fbbd8004a60,
this=0x7fbbd8004a60, pkt=0x7fbbc8000fc0) at tls_eap.c:180
#16 process (this=0x7fbbd8004a60, in=..., out=0x7fbc0bbe3ae0) at
tls_eap.c:377
#17 0x00007fbc14ea5588 in process (this=0x7fbbd8003f60, in=<optimized out>,
out=0x7fbc0bbe3b48) at eap_ttls.c:69
#18 0x00007fbc17bf8528 in server_process_eap (in=0x7fbbc8000f10,
this=0x7fbbd8003d80) at sa/ikev2/authenticators/eap_authenticator.c:278
#19 process_server (this=0x7fbbd8003d80, message=<optimized out>) at
sa/ikev2/authenticators/eap_authenticator.c:540
#20 0x00007fbc17bffb14 in process_r (this=0x7fbbd4006de0,
message=0x7fbbf4000f10) at sa/ikev2/tasks/ike_auth.c:627
#21 0x00007fbc17bf7117 in process_request (message=<optimized out>,
this=0x7fbbd4001a10) at sa/ikev2/task_manager_v2.c:905
#22 process_message (msg=<optimized out>, this=0x7fbbd4001a10) at
sa/ikev2/task_manager_v2.c:1153
#23 process_message (this=0x7fbbd4001a10, msg=<optimized out>) at
sa/ikev2/task_manager_v2.c:1075
#24 0x00007fbc17bec90f in process_message (message=0x7fbbf4000f10,
this=0x7fbbd4000a50) at sa/ike_sa.c:1268
#25 process_message (this=0x7fbbd4000a50, message=0x7fbbf4000f10) at
sa/ike_sa.c:1249
#26 0x00007fbc17be7434 in execute (this=0x7fbbf4000900) at
processing/jobs/process_message_job.c:74
#27 0x00007fbc18064433 in process_jobs (worker=0x206a8a0) at
processing/processor.c:219
#28 0x00007fbc180668d9 in thread_main (this=0x20816b0) at
threading/thread.c:309
#29 0x0000003743c07d15 in start_thread () from /lib64/libpthread.so.0
#30 0x00000037434f248d in clone () from /lib64/libc.so.6

I am not sure if this is due to configuration error or a bug in strongswan.
Any help is appreciated.

Thanks and Regards
Avesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130619/88450e26/attachment.html>

More information about the Users mailing list