[strongSwan] Strongswan AUTH payload signature hash algorithm for certificate based authentication
Andreas Steffen
andreas.steffen at strongswan.org
Tue Oct 11 20:16:33 CEST 2016
Hi Kalyiani,
compliant with RFC 5996, strongSwan generates the RSA public key
signature embedded in the AUTH payload with a SHA1 hash independent
of the HASH and PRF algorithm selected for IKEv2.
In addition to this legacy mechanism, strongSwan supports RFC 7427
"Signature Authentication in IKEv2"
https://tools.ietf.org/html/rfc7427
where depending on the capabilities of the peer either SHA1, SHA256,
SHA384 or SHA512 based digital signatures are possible.
Starting with strongswan 5.3.0, "Signature Authentication" is enabled
by default and if the peer supports RFC 7427 usually SHA256 is chosen
implicitly with a 2048 bit or 3072 bit RSA key. The digest strength
of the AUTH payload of type "Digital Signature" can also be configured
explicitly if desired.
Best regards
Andreas
On 11.10.2016 19:20, Kalyani Garigipati (kagarigi) wrote:
> Hi,
>
> I am trying to bring up ikev2 sa between strongswan and cisco router.
>
> The authentication method used is certificates and prf algorithm is SHA256.
>
> · I wanted to know what is the hash algorithm that is used while
> generating the signature in AUTH payload for strongswan.
>
> Is it SHA1 or SHA256 ?
>
> · I observed that if I generate the signature in AUTH payload
> using SHA256, it fails the signature validation
>
> If I generate the signature in authentication payload using SHA1 , it
> passes the signature validation.
>
> RFC quotes below in page 94 of 5996
>
> RSA Digital Signature 1
>
> Computed as specified in Section 2.15
> <https://tools.ietf.org/html/rfc5996#section-2.15> using an RSA private key
>
> with RSASSA-PKCS1-v1_5 signature scheme specified in [PKCS1
> <https://tools.ietf.org/html/rfc5996#ref-PKCS1>]
> (implementers should note that IKEv1 used a different method for>
> RSA signatures). To promote interoperability, implementations
> that support this type SHOULD support signatures that use SHA-1
> as the hash function and SHOULD use SHA-1 as the default hash
> function when generating signatures
>
> Regards,
>
> kalyani
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3859 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161011/0ce43ca8/attachment.bin>
More information about the Users
mailing list