[strongSwan] IKEV2 Support for 96-bit HMAC-SHA-256
chinna obireddy
chinnaobi at gmail.com
Wed Oct 27 06:08:38 CEST 2021
Hello All,
I have a request from one of the customers to support HMAC_SHA256_96
algorithm. From the documentation, there is an option called
"sha256_96=yes" to support the 96-bit truncation instead of the default
128.
The environment is Stronswan version 5.5.3, Linux kernel 4.1.52.
For that I am trying to test a setup of Strongswan between two sites with
the following configuration:
*Initiator:*
# cat /var/ipsec/ipsec.conf
conn %default
ikelifetime=60m
keylife=60m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn "test_initiator"
auto=add
closeaction=hold
left=192.168.10.4
leftsubnet=192.168.1.0/24
right=%any
rightsubnet=192.168.2.0/24
authby=secret
dpdaction=restart
dpddelay=30
dpdtimeout=150
ikelifetime=3600s
ike=aes256-sha256-modp3072
lifetime=3600s
esp=aes256-sha256
leftfirewall=yes
sha256_96=yes
*Responder:*
# cat /var/ipsec/ipsec.conf
conn %default
ikelifetime=60m
keylife=60m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn "test_responder"
auto=start
closeaction=restart
left=192.168.10.5
leftsubnet=192.168.2.0/24
right=192.168.10.4
rightsubnet=192.168.1.0/24
authby=secret
dpdaction=restart
dpddelay=30
dpdtimeout=150
ikelifetime=3600s
ike=aes256-sha256-modp3072
lifetime=3600s
esp=aes256-sha256
sha256_96=yes
leftfirewall=yes
# ipsec listalgs
no files found matching '/var/ipsec/strongswan.conf'
List of registered IKE algorithms:
encryption: AES_CBC[aes] 3DES_CBC[des] DES_CBC[des] DES_ECB[des]
RC2_CBC[rc2] CAMELLIA_CBC[openssl]
BLOWFISH_CBC[openssl] NULL[openssl] AES_CTR[ctr]
CAMELLIA_CTR[ctr]
integrity: HMAC_MD5_96[openssl] HMAC_MD5_128[openssl]
HMAC_SHA1_96[openssl] HMAC_SHA1_128[openssl]
HMAC_SHA1_160[openssl] HMAC_SHA2_256_128[openssl]
HMAC_SHA2_256_256[openssl] HMAC_SHA2_384_192[openssl]
HMAC_SHA2_384_384[openssl] HMAC_SHA2_512_256[openssl]
HMAC_SHA2_512_512[openssl] CAMELLIA_XCBC_96[xcbc]
AES_XCBC_96[xcbc] AES_CMAC_96[cmac]
aead: AES_GCM_16[openssl] AES_GCM_12[openssl] AES_GCM_8[openssl]
AES_CCM_8[ccm] AES_CCM_12[ccm] AES_CCM_16[ccm]
CAMELLIA_CCM_8[ccm] CAMELLIA_CCM_12[ccm] CAMELLIA_CCM_16[ccm]
hasher: HASH_SHA1[sha1] HASH_SHA224[sha2] HASH_SHA256[sha2]
HASH_SHA384[sha2] HASH_SHA512[sha2] HASH_MD5[md5]
HASH_MD4[openssl] HASH_IDENTITY[curve25519]
prf: PRF_KEYED_SHA1[sha1] PRF_HMAC_MD5[openssl]
PRF_HMAC_SHA1[openssl] PRF_HMAC_SHA2_256[openssl]
PRF_HMAC_SHA2_384[openssl] PRF_HMAC_SHA2_512[openssl]
PRF_FIPS_SHA1_160[fips-prf] PRF_AES128_XCBC[xcbc]
PRF_CAMELLIA128_XCBC[xcbc] PRF_AES128_CMAC[cmac]
xof:
dh-group: ECP_256[openssl] ECP_384[openssl] ECP_521[openssl]
ECP_224[openssl] ECP_192[openssl] ECP_256_BP[openssl]
ECP_384_BP[openssl] ECP_512_BP[openssl] ECP_224_BP[openssl]
MODP_3072[openssl] MODP_4096[openssl]
MODP_6144[openssl] MODP_8192[openssl] MODP_2048[openssl]
MODP_2048_224[openssl] MODP_2048_256[openssl]
MODP_1536[openssl] MODP_1024[openssl] MODP_1024_160[openssl]
MODP_768[openssl] MODP_CUSTOM[openssl]
CURVE_25519[curve25519]
random-gen: RNG_WEAK[openssl] RNG_STRONG[random] RNG_TRUE[random]
nonce-gen: [nonce]
However, I am seeing an error in kernel_netlink_ipsec.c complaining the
unsupported algorithm HMAC_SHA256_96
Here are the logs,
Initiator log:
Oct 27 00:02:32 (none) daemon.info syslog: 00[CFG] loading aa certificates
from '/etc/ipsec.d/aacerts' 108
Oct 27 00:02:32 (none) daemon.info syslog: 00[CFG] loading ocsp signer
certificates from '/etc/ipsec.d/ocspcerts' 119
Oct 27 00:02:32 (none) daemon.info syslog: 00[CFG] loading attribute
certificates from '/etc/ipsec.d/acerts' 114
Oct 27 00:02:32 (none) daemon.info syslog: 00[CFG] loading crls from
'/etc/ipsec.d/crls' 94
Oct 27 00:02:32 (none) daemon.info syslog: 00[CFG] loading secrets from
'/etc/ipsec.secrets' 98
Oct 27 00:02:32 (none) daemon.info syslog: 00[CFG] loading secrets from
'/var/ipsec/ipsec.secrets' 104
Oct 27 00:02:32 (none) daemon.info syslog: 00[CFG] loaded IKE secret for
%any 85
Oct 27 00:02:32 (none) daemon.info syslog: 00[LIB] loaded plugins: charon
aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey
pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519
xcbc cmac hmac ctr ccm gcm attr kernel-pfkey ke 276
Oct 27 00:02:32 (none) daemon.info syslog: 00[JOB] spawning 16 worker
threads 83
Oct 27 00:02:32 (none) authpriv.info ipsec_starter[2866]: charon (2867)
started after 840 ms 98
Oct 27 00:02:32 (none) daemon.info syslog: 05[CFG] received stroke: add
connection 'test_initiator' 105
Oct 27 00:02:32 (none) daemon.info syslog: 05[CFG] added configuration
'test_initiator' 93
Oct 27 00:02:33 (none) daemon.info syslog: 08[NET] received packet: from
192.168.10.5[500] to 192.168.10.4[500] (1446 bytes) 130
Oct 27 00:02:33 (none) daemon.info syslog: 08[ENC] parsed IKE_SA_INIT
request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG)
N(REDIR_SUP) ] 161
Oct 27 00:02:33 (none) daemon.info syslog: 08[IKE] 192.168.10.5 is
initiating an IKE_SA 93
Oct 27 00:02:33 (none) authpriv.info syslog: 08[IKE] 192.168.10.5 is
initiating an IKE_SA 95
Oct 27 00:02:36 (none) daemon.info syslog: 08[ENC] generating IKE_SA_INIT
response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG)
N(MULT_AUTH) ] 166
Oct 27 00:02:36 (none) daemon.info syslog: 08[NET] sending packet: from
192.168.10.4[500] to 192.168.10.5[500] (594 bytes) 128
Oct 27 00:02:38 (none) daemon.info syslog: 16[NET] received packet: from
192.168.10.5[4500] to 192.168.10.4[4500] (416 bytes) 131
Oct 27 00:02:38 (none) daemon.info syslog: 16[ENC] parsed IKE_AUTH request
1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP)
N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ] 214
Oct 27 00:02:38 (none) daemon.info syslog: 16[CFG] looking for peer configs
matching 192.168.10.4[192.168.10.4]...192.168.10.5[192.168.10.5] 146
Oct 27 00:02:38 (none) daemon.info syslog: 16[CFG] selected peer config
'test_initiator' 94
Oct 27 00:02:38 (none) daemon.info syslog: 16[IKE] authentication of
'192.168.10.5' with pre-shared key successful 120
Oct 27 00:02:38 (none) daemon.info syslog: 16[IKE] received
ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding 124
Oct 27 00:02:38 (none) daemon.info syslog: 16[IKE] peer supports MOBIKE 77
Oct 27 00:02:38 (none) daemon.info syslog: 16[IKE] authentication of
'192.168.10.4' (myself) with pre-shared key 118
Oct 27 00:02:38 (none) daemon.info syslog: 16[IKE] IKE_SA test_initiator[1]
established between 192.168.10.4[192.168.10.4]...192.168.10.5[192.168.10.5]
157
Oct 27 00:02:38 (none) authpriv.info syslog: 16[IKE] IKE_SA
test_initiator[1] established between
192.168.10.4[192.168.10.4]...192.168.10.5[192.168.10.5] 159
Oct 27 00:02:38 (none) daemon.info syslog: 16[IKE] scheduling
reauthentication in 3297s 93
Oct 27 00:02:38 (none) daemon.info syslog: 16[IKE] maximum IKE_SA lifetime
3477s 86
Oct 27 00:02:38 (none) daemon.info syslog: 16[KNL] algorithm
HMAC_SHA2_256_96 not supported by kernel! 108
Oct 27 00:02:38 (none) daemon.info syslog: 16[KNL] algorithm
HMAC_SHA2_256_96 not supported by kernel! 108
Oct 27 00:02:38 (none) daemon.info syslog: 16[IKE] unable to install
inbound and outbound IPsec SA (SAD) in kernel 120
Oct 27 00:02:38 (none) daemon.info syslog: 16[IKE] failed to establish
CHILD_SA, keeping IKE_SA 101
Oct 27 00:02:38 (none) daemon.info syslog: 16[KNL] deleting policy
192.168.1.0/24 === 192.168.2.0/24 out failed, not found 128
Oct 27 00:02:38 (none) daemon.info syslog: 16[KNL] deleting policy
192.168.2.0/24 === 192.168.1.0/24 in failed, not found 127
Oct 27 00:02:38 (none) daemon.info syslog: 16[KNL] deleting policy
192.168.2.0/24 === 192.168.1.0/24 fwd failed, not found 128
Oct 27 00:02:38 (none) daemon.info syslog: 16[KNL] deleting policy
192.168.1.0/24 === 192.168.2.0/24 out failed, not found 128
Oct 27 00:02:38 (none) daemon.info syslog: 16[KNL] unable to delete SAD
entry with SPI c58ff6ee: No such process (3) 122
Oct 27 00:02:38 (none) daemon.info syslog: 16[KNL] unable to delete SAD
entry with SPI cf825e3a: No such process (3) 122
Oct 27 00:02:38 (none) daemon.info syslog: 16[ENC] generating IKE_AUTH
response 1 [ IDr AUTH N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(NO_PROP) ]
151
Oct 27 00:02:38 (none) daemon.info syslog: 16[NET] sending packet: from
192.168.10.4[4500] to 192.168.10.5[4500] (160 bytes) 130
Responder log:
Oct 27 03:54:17 (none) daemon.info syslog: 00[DMN] Starting IKE charon
daemon (strongSwan 5.5.3, Linux 4.1.52, mips) 122
Oct 27 03:54:18 (none) daemon.info syslog: 00[CFG] loading ca certificates
from '/etc/ipsec.d/cacerts' 108
Oct 27 03:54:18 (none) daemon.info syslog: 00[LIB] opening directory
'/etc/ipsec.d/cacerts' failed: No such file or directory 131
Oct 27 03:54:18 (none) daemon.info syslog: 00[CFG] reading directory
failed 83
Oct 27 03:54:18 (none) daemon.info syslog: 00[CFG] loading aa certificates
from '/etc/ipsec.d/aacerts' 108
Oct 27 03:54:18 (none) daemon.info syslog: 00[CFG] loading ocsp signer
certificates from '/etc/ipsec.d/ocspcerts' 119
Oct 27 03:54:18 (none) daemon.info syslog: 00[CFG] loading attribute
certificates from '/etc/ipsec.d/acerts' 114
Oct 27 03:54:18 (none) daemon.info syslog: 00[CFG] loading crls from
'/etc/ipsec.d/crls' 94
Oct 27 03:54:18 (none) daemon.info syslog: 00[CFG] loading secrets from
'/etc/ipsec.secrets' 98
Oct 27 03:54:18 (none) daemon.info syslog: 00[CFG] loading secrets from
'/var/ipsec/ipsec.secrets' 104
Oct 27 03:54:18 (none) daemon.info syslog: 00[CFG] loaded IKE secret for
192.168.10.4 93
Oct 27 03:54:18 (none) daemon.info syslog: 00[LIB] loaded plugins: charon
aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey
pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519
xcbc cmac hmac ctr ccm gcm attr kernel-pfkey ke 276
Oct 27 03:54:18 (none) daemon.info syslog: 00[JOB] spawning 16 worker
threads 83
Oct 27 03:54:18 (none) authpriv.info ipsec_starter[3485]: charon (3486)
started after 860 ms 98
Oct 27 03:54:18 (none) daemon.info syslog: 05[CFG] received stroke: add
connection 'test_responder' 105
Oct 27 03:54:18 (none) daemon.info syslog: 05[CFG] added configuration
'test_responder' 93
Oct 27 03:54:18 (none) daemon.info syslog: 06[CFG] received stroke:
initiate 'test_responder' 99
Oct 27 03:54:18 (none) daemon.info syslog: 06[IKE] initiating IKE_SA
test_responder[1] to 192.168.10.4 108
Oct 27 03:54:18 (none) authpriv.info syslog: 06[IKE] initiating IKE_SA
test_responder[1] to 192.168.10.4 110
Oct 27 03:54:20 (none) daemon.info syslog: 06[ENC] generating IKE_SA_INIT
request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG)
N(REDIR_SUP) ] 165
Oct 27 03:54:20 (none) daemon.info syslog: 06[NET] sending packet: from
192.168.10.5[500] to 192.168.10.4[500] (1446 bytes) 129
Oct 27 03:54:24 (none) daemon.info syslog: 08[IKE] retransmit 1 of request
with message ID 0 98
Oct 27 03:54:24 (none) daemon.info syslog: 08[NET] sending packet: from
192.168.10.5[500] to 192.168.10.4[500] (1446 bytes) 129
Oct 27 03:54:27 (none) daemon.info syslog: 09[NET] received packet: from
192.168.10.4[500] to 192.168.10.5[500] (594 bytes) 129
Oct 27 03:54:27 (none) daemon.info syslog: 09[ENC] parsed IKE_SA_INIT
response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG)
N(MULT_AUTH) ] 162
Oct 27 03:54:29 (none) daemon.info syslog: 09[IKE] authentication of
'192.168.10.5' (myself) with pre-shared key 118
Oct 27 03:54:29 (none) daemon.info syslog: 09[IKE] establishing CHILD_SA
test_responder 93
Oct 27 03:54:29 (none) authpriv.info syslog: 09[IKE] establishing CHILD_SA
test_responder 95
Oct 27 03:54:29 (none) daemon.info syslog: 09[ENC] generating IKE_AUTH
request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr
N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ] 218
Oct 27 03:54:29 (none) daemon.info syslog: 09[NET] sending packet: from
192.168.10.5[4500] to 192.168.10.4[4500] (416 bytes) 130
Oct 27 03:54:29 (none) daemon.info syslog: 10[NET] received packet: from
192.168.10.4[4500] to 192.168.10.5[4500] (160 bytes) 131
Oct 27 03:54:29 (none) daemon.info syslog: 10[ENC] parsed IKE_AUTH response
1 [ IDr AUTH N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(NO_PROP) ] 147
Oct 27 03:54:29 (none) daemon.info syslog: 10[IKE] authentication of
'192.168.10.4' with pre-shared key successful 120
Oct 27 03:54:29 (none) daemon.info syslog: 10[IKE] IKE_SA test_responder[1]
established between 192.168.10.5[192.168.10.5]...192.168.10.4[192.168.10.4]
157
Oct 27 03:54:29 (none) authpriv.info syslog: 10[IKE] IKE_SA
test_responder[1] established between
192.168.10.5[192.168.10.5]...192.168.10.4[192.168.10.4] 159
Oct 27 03:54:29 (none) daemon.info syslog: 10[IKE] scheduling
reauthentication in 3385s 93
Oct 27 03:54:29 (none) daemon.info syslog: 10[IKE] maximum IKE_SA lifetime
3565s 86
Oct 27 03:54:29 (none) daemon.info syslog: 10[IKE] received
NO_PROPOSAL_CHOSEN notify, no CHILD_SA built 110
Oct 27 03:54:29 (none) daemon.info syslog: 10[IKE] failed to establish
CHILD_SA, keeping IKE_SA 101
Oct 27 03:54:29 (none) daemon.info syslog: 10[IKE] received AUTH_LIFETIME
of 3297s, scheduling reauthentication in 3117s 126
I was thinking the sha256_96 reuses the sha256 algorithm but with 96-bit
truncation. However, the algorithm HMAC_SHA256_96 seems to be required in
the kernel. What is the best way to add the support for HMAC_SHA256_96 in
the kernel?
Any help is appreciated.
Thanks,
Obi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20211027/9b2a0b2c/attachment-0001.html>
More information about the Users
mailing list