[strongSwan] SHA-256 for IKE_AUTH (IKEv2) ?

Tobias Brunner tobias at strongswan.org
Mon Jun 22 14:43:23 CEST 2015

Hi Bob,

> Does StrongSwan (5.3.x) support IKEV2 authentication payload RSA
> signatures using a sha-256 as the hash digest function?

If you are referring to the classic IKEv2 authentication methods (type 1
- RSA, or 9-11 - ECDSA) then no, but strongSwan supports RFC 7427 (type
14 - Digital Signature), which supports signatures with SHA-256/384/512.

> The 5.3.0 change log mentions support for RFC 7427, but it’s not clear
> if StrongSwan added stronger hash support for both RSA and ECDSA, or
> just ECDSA.

Since 5.3.0 strongSwan supports that RFC for both key types (and BLISS).
 But nothing changed in regards to the classic IKEv2 public key
authentication schemes.

> I’m testing against another IKE client, which is using sha256 as the
> digest, and I’m getting this StrongSwan log:
> */       “expected hash algorithm HASH_SHA1, but found HASH_SHA256 (OID:
> 30:0d:06:09:60:86:48:01:65:03:04:02:01:05:00)”/*

The other client probably does not support RFC 7427 but instead just
uses SHA-256 instead of SHA-1 to generate a classic IKEv2 signature.
The latter is not supported by strongSwan, which will always assume
SHA-1 for the classic authentication methods.  If you want to use
stronger hashes you'll need a client that supports RFC 7427 (or you
patch strongSwan so a different hash algorithm is used by default, but
that would only work with peers that do the same).


More information about the Users mailing list