andreas steffen, 26.07.2011, freescale-2.pptx 1 freescale strongswan/ipsec training block 2 working...
TRANSCRIPT
Andreas Steffen, 26.07.2011, Freescale-2.pptx 1
Freescale strongSwan/IPsec Training
Block 2Working with strongSwan
Prof. Dr. Andreas Steffen
Andreas Steffen, 26.07.2011, Freescale-2.pptx 2
Agenda Block 2 Working with strongSwan• Building and Configuring strongSwan
• Alternative backends and interfaces via modular plugins• libcharon, libhydra, and pluto plugins• strongSwan Manager, NetworkManager, and SQL backends
• Virtual IP Addresses• Volatile RAM-based and persistant SQL-based IP address
pools• Assignment of configuration attributes via attr and attr-sql
plugins
• Cryptographical Plugins• Alternative crypto libraries and hw accelerators via modular
plugins• libstrongswan plugins• Suite B support via openssl plugin, Linux Crypto API via af-
alg plugin
• PKI Support• Revocation via CRLs and OCSP, certification fetching via
HashAndURL• The strongSwan PKI tool
• EAP Support• EAP-RADIUS, EAP-TLS, EAP-TNC, EAP-SIM/AKA
Andreas Steffen, 26.07.2011, Freescale-2.pptx 3
Freescale strongSwan/IPsec Training
Configuring and Building strongSwan
Andreas Steffen, 26.07.2011, Freescale-2.pptx 4
Plugins for charon
credentialscredentials
charon
Plugin
Loader
busbus
backendsbackends
eapeap
…
strokestroke
smpsmp
sqlsql
eap_akaeap_aka
eap_simeap_sim
eap_md5eap_md5
controllercontroller
…
• eap_xAny EAP protocol.
• smpXML-based control andmanagement protocol.Implementation:strongSwan
Manager
• sqlGeneric SQL interfacefor configurations,credentials & logging.Implementations:SQLite & MySQL
nmnm• nm
DBUS-based pluginfor NetworkManager
Andreas Steffen, 26.07.2011, Freescale-2.pptx 5
libcharon plugins
addrblockaddrblock
androidandroid
couplingcoupling
dhcpdhcp
duplicheckduplicheck
eap-akaeap-aka
eap-aka-3ggp2eap-aka-3ggp2
eap-gtceap-gtc
eap-identityeap-identity
eap-md5eap-md5
eap-mschapv2eap-mschapv2
eap-peapeap-peap
eap-radiuseap-radius
eap-simeap-sim
eap-sim-fileeap-sim-file
eap-sim-pcsceap-sim-pcsc
eap-simaka-pseudonymeap-simaka-pseudonym
eap-simaka-reautheap-simaka-reauth
eap-simaka-sqleap-simaka-sql
eap-tnceap-tnc
eap-ttlseap-ttls
farpfarp
haha
ledled
load-testerload-tester
maemomaemo
medclimedcli
medsrvmedsrv
nmnm
smpsmp
socket-defaultsocket-default
socket-dynamicsocket-dynamic
socket-rawsocket-raw
sqlsql
strokestroke
tnccs-11tnccs-11
tnccs-20tnccs-20
tnccs-dynamictnccs-dynamic
tnc-imctnc-imc
tnc-imvtnc-imv
uciuci
eap-md5eap-md5
updownupdown
whitelistwhitelist
Andreas Steffen, 26.07.2011, Freescale-2.pptx 6
libhydra plugins (shared by charon & pluto)
attrattr
attr-sqlattr-sql
kernel-klipskernel-klips
kernel-netlinkkernel-netlink
kernel-pfkeykernel-pfkey
kernel-pfroutekernel-pfroute
resolveresolve
Andreas Steffen, 26.07.2011, Freescale-2.pptx 7
pluto plugins
xauthxauth
Andreas Steffen, 26.07.2011, Freescale-2.pptx 8
strongSwan Manager
take downIKE SA
take downIPsec SA
FastCGI written in C with ClearSilver templates
Andreas Steffen, 26.07.2011, Freescale-2.pptx 9
strongSwan NetworkManager with RSA
• The private RSA key stored in .ssh/id_rsa in PKCS#1 PEM format is managed by the ssh-agent and can be directly by strongSwan via the agent plugin.
• Communication with the Network Manager via the D-Bus interface
Andreas Steffen, 26.07.2011, Freescale-2.pptx 10
strongSwan Entity Relationship Diagram
identities
private_keys
certificates
leases
peer_configs
ike_configs
child_configs
traffic_selectorslogs
identitiesshared_secrets
pools
SQLite and MySQL implementations
Andreas Steffen, 26.07.2011, Freescale-2.pptx 11
Freescale strongSwan/IPsec Training
Virtual IP Addresses
Andreas Steffen, 26.07.2011, Freescale-2.pptx 12
Volatile RAM-based IP Address Pools
conn rw ... rightsourceip=10.3.0.0/24 auto=add
• Configuration in ipsec.conf
ipsec leases
Leases in pool 'rw', usage: 2/255, 2 online 10.3.0.2 online '[email protected]' 10.3.0.1 online '[email protected]'
• Statistics
conn rw1 ... rightsourceip=%rw auto=add
• Referencing and sharing a volatile pool
Andreas Steffen, 26.07.2011, Freescale-2.pptx 13
Persistant SQL-based IP Address Pools I
http://wiki.strongswan.org/repositories/entry/strongswan/ testing/hosts/default/etc/ipsec.d/tables.sql
• SQLite database table definitions
# /etc/strongswan.conf - strongSwan configuration file
libstrongswan { plugins { attr-sql { database = sqlite:///etc/ipsec.d/ipsec.db } }}
• Connecting to the SQLite database
• Creation of SQLite database
cat /etc/ipsec.d/table.sql | sqlite3 /etc/ipsec.d/ipsec.db
Andreas Steffen, 26.07.2011, Freescale-2.pptx 14
Persistant SQL-based IP Address Pools II
conn rw keyexchange=ikev2 ... rightsourceip=%bigpool auto=add
• Configuration in ipsec.conf
ipsec pool –-status name start end timeout size online usagebigpool 10.3.0.1 10.3.0.254 48h 254 1 ( 0%) 2 ( 0%)
ipsec pool --leases --filter pool=bigpoolname address status start end identitybigpool 10.3.0.1 online Oct 22 23:13:50 2009 [email protected] 10.3.0.2 valid Oct 22 23:14:11 2009 Oct 22 23:14:25 2009 [email protected]
• Statistics
ipsec pool --add bigpool --start 10.3.0.1 --end 10.3.0.254 --timeout 48allocating 254 addresses... done.
• Pool creation
Andreas Steffen, 26.07.2011, Freescale-2.pptx 15
Freescale strongSwan/IPsec Training
Cryptographical Plugins
Andreas Steffen, 26.07.2011, Freescale-2.pptx 16
Plugins for libstrongswan
credentialscredentials
libstrongswan
Plugin
Loader
cryptocrypto
databasedatabase
fetcherfetcher
…
…
…
sha2sha2
randomrandom
x509x509
sqlitesqlite
mysqlmysql
curlcurl
ldapldap
Factories
aesaes
• Certificate retrieval (HASH-and-URL)
• CRL fetching, OCSP
• Non-US crypto code
• No OpenSSL library
• ECCN: No LicenseRequired (NLR)
Andreas Steffen, 26.07.2011, Freescale-2.pptx 17
libstrongswan plugins
aesaes
af-algaf-alg
agentagent
blowfishblowfish
ccmccm
constraintsconstraints
ctrctr
curlcurl
desdes
dnskeydnskey
fips-prffips-prf
gcmgcm
gcryptgcrypt
gmpgmp
hmachmac
ldapldap
md4md4
md5md5
mysqlmysql
opensslopenssl
padlockpadlock
pempem
pgppgp
pkcs11pkcs11
pkcs1pkcs1
pubkeypubkey
randomrandom
revocationrevocation
sha1sha1
sha2sha2
soupsoup
sqlitesqlite
test-vectorstest-vectors
x509x509
xcbcxcbc
Andreas Steffen, 26.07.2011, Freescale-2.pptx 18
VIA EPIA-NX PadLock Crypto-Processor
• padlock pluginAES/SHAHW acceleration
• openssl pluginuses libcrypto-0.9.8OpenSSL library- ECP DH groups- ECDSA signatures- HW engine support
Andreas Steffen, 26.07.2011, Freescale-2.pptx 19
Suite B offers constant 128/192 Bit Security
# ipsec.conf for gateway moon
conn rw keyexchange=ikev2 ike=aes256-sha384-ecp384,aes128-sha256-ecp256! esp=aes256gcm16,aes128gcm16!
leftsubnet=10.1.0.0/24 leftcert=moonCert.der [email protected] right=%any rightsourceip=10.3.0.0/24 auto=add
rw[1]: ESTABLISHED 9 seconds ago, 192.168.0.1[moon.strongswan.org]... 192.168.0.100[[email protected]]rw[1]: IKE SPIs: 7c1dcd22a8266a3b_i 12bc51bc21994cdc_r*,rw[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256rw{1}: INSTALLED, TUNNEL, ESP SPIs: c05d34cd_i c9f09b38_orw{1}: AES_GCM_16_128, 84 bytes_i (6s ago), 84 bytes_o (6s ago),rw{1}: 10.1.0.0/24 === 10.3.0.1/32
# ipsec.secrets for gateway moon
: ECDSA moonKey.der
• 128 bit security requires 3072 bit RSA keys and DH groups!
• In 2005 NSA proposes use of efficient elliptic curve cryptography.
• Suite B use for IPsec defined in RFC 4869.
Andreas Steffen, 26.07.2011, Freescale-2.pptx 20
Freescale strongSwan/IPsec Training
PKI Support
Andreas Steffen, 26.07.2011, Freescale-2.pptx 21
HTTP or LDAP based CRL Fetching
13[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=Research, [email protected]" 13[CFG] fetching crl from 'http://crl.strongswan.org/strongswan.crl' ... 13[CFG] using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 13[CFG] crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 13[CFG] crl is valid: until Nov 15 22:42:42 2009 13[CFG] certificate status is good13[LIB] written crl file '/etc/ipsec.d/crls/5da7...4def.crl' (942 bytes)
crlDistributionPoints = URI:http://crl.strongswan.org/strongswan.crl
crlDistributionPoints extension in user certificate
# ipsec.conf
config setupstrictcrlpolicy=yescachecrls=yes
ca strongswancacert=strongswanCert.pemcrluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA,
o=Linux strongSwan, c=CH?certificateRevocationList"auto=add
Andreas Steffen, 26.07.2011, Freescale-2.pptx 22
Antje Bodo
Kool CA
Kool CA
#0
Online Certificate Status Protocol (OCSP)with self-signed OCSP certificate
OCSP Server
OCSP Reply:Kool CA #2 good
signed by OCSP Server
OCSP
Kool CA
Bodo
OCSP Request:status of Kool CA #2 ?optionally signed by Bodo
Bodo
Kool CA
#3
frequent status updates e.g. via CRL
AntjeAntje
Kool CA
#2
Authentication
OCSP
OCSP
#0
locally stored
Andreas Steffen, 26.07.2011, Freescale-2.pptx 23
OCSP with self-signed OCSP Certificate
# /etc/ipsec.conf
ca strongswancacert=strongswanCert.pemocspuri=http://ocsp.strongswan.org:8880auto=add
13[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=Research, [email protected]" 13[CFG] requesting ocsp status from 'http://ocsp.strongswan.org:8880' ... 13[CFG] using trusted certificate "C=CH, O=Linux strongSwan, OU=OCSP Self-Signed Authority, CN=ocsp.strongswan.org" 13[CFG] ocsp response correctly signed by "C=CH, O=Linux strongSwan, OU=OCSP Self-Signed Authority, CN=ocsp.strongswan.org" 13[CFG] ocsp response is valid: until Oct 17 02:11:09 2009 13[CFG] certificate status is good
ipsec listcainfos authname: "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" authkey: 5d:a7:dd:70:06:51:32:7e:e7:b6:6d:b3:b5:e5:e0:60:ea:2e:4d:ef keyid: ae:09:6b:87:b4:48:86:d3:b8:20:97:86:23:da:bd:0e:ae:22:eb:bc ocspuris: 'http://ocsp.strongswan.org:8880'
moon
Andreas Steffen, 26.07.2011, Freescale-2.pptx 24
carol moon
Kool CA
Kool CA
#0
Online Certificate Status Protocol (OCSP)with delegated trust
OCSP Server
OCSP
Kool CA
moon
OCSP Request:status of Kool CA #2 ?
optionally signed by moon
moon
Kool CA
#3
frequent status updates e.g. via CRL
carolcarol
Kool CA
#2
Authentication
OCSP Reply:Kool CA #2 good
signed by OCSP Server
OCSP
Kool CA
#1isOCSP
Andreas Steffen, 26.07.2011, Freescale-2.pptx 25
OCSP with Delegated Trust
11[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=OCSP, [email protected]" 11[CFG] requesting ocsp status from 'http://ocsp.strongswan.org:8880' ... 11[CFG] using certificate "C=CH, O=Linux strongSwan, OU=OCSP Signing Authority, CN=ocsp.strongswan.org" 11[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 11[CFG] ocsp response correctly signed by "C=CH, O=Linux strongSwan, OU=OCSP Signing Authority, CN=ocsp.strongswan.org" 11[CFG] ocsp response is valid: until Oct 17 02:13:21 2009 11[CFG] certificate status is good
moon
authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880
carol: authorityInfoAccess extension in user certificate
extendedKeyUsage = OCSPSigning
extendedKeyUsage flag in OCSP-signer certificate
Andreas Steffen, 26.07.2011, Freescale-2.pptx 26
X.509 Certificate and Key Hashes
signatureAlgorithm*
Hash Function*Hash Function*
Encryption withIssuer Private Key
Encryption withIssuer Private Keysignature
tbsCertificate version (usually v3) serialNumber signature* issuer validity subject subjectPublicKeyInfo algorithm subjectPublicKey extensions subjectKeyIdentifier
SHA-1SHA-1
IKEv2 Hash-and-URL
IKEv2 CERTREQ
SHA-1SHA-1
SHA-1SHA-1
Andreas Steffen, 26.07.2011, Freescale-2.pptx 27
The strongSwan PKI function
ipsec pki --gen --type ecdsa --size 521 > strongswanKey.deripsec pki --self --in strongswanKey.der –type ecdsa --lifetime 3650 --dn "C=CH, O=strongSwan, CN=strongSwan EC CA" --ca --digest sha512 > strongswanCert.der
ipsec pki --gen --type ecdsa --size 384 > moonKey.deripsec pki --req --in moonKey.der --type ecdsa --digest sha384 --dn "C=CH, O=strongSwan, CN=moon.strongswan.org" --san moon.strongswan.org > moonReq.der
ipsec pki --gen --type ecdsa --size 256 > carolKey.deripsec pki --req --in carolKey.der --type ecdsa --digest sha256 --dn "C=CH, O=strongSwan, [email protected]" --san [email protected] > carolReq.der
cat pki.opt--type pkcs10 --lifetime 1825 --crl http://crl.strongswan.org/ecdsa.crl--cacert strongswanCert.der --cakey strongswanKey.der --digest sha512 ipsec pki --issue -–options pki.opt --in moonReq.der --flag serverAuth --serial 01 > moonCert.deripsec pki --issue -–options pki.opt --in carolReq.der --serial 02 > carolCert.der
Andreas Steffen, 26.07.2011, Freescale-2.pptx 28
Freescale strongSwan/IPsec Training
EAP Support
Andreas Steffen, 26.07.2011, Freescale-2.pptx 29
RADIUS Server Configuration
# strongswan.conf of gateway moon
charon { plugins { eap-radius { secret = gv6URkSs server = 10.1.0.10 } }}
# ipsec.conf of gateway moon
conn rw-eapleft=%anyleftsubnet=10.1.0.0/[email protected]=moonCert.pemleftauth=pubkeyleftfirewall=yesright=%anyrightsendcert=never
rightsourceip=10.3.0.0/24rightauth=eap-radiuseap_identity=%anyauto=add
# /etc/raddb/clients.conf
client 10.1.0.1 { secret = gv6URkSs shortname = moon
moon radius server
# /etc/raddb/eap.conf
eap { default_eap_type = md5 md5 { }}
# /etc/raddb/proxy.conf
realm LOCAL { type = radius authhost = LOCAL accthost = LOCAL}
# /etc/raddb/users
carol Cleartext-Password := "tuxmux"dave Cleartext-Password := "grummel"
Andreas Steffen, 26.07.2011, Freescale-2.pptx 30
Windows 7 VPN with EAP Authentication I
• Using IKEv2 EAP-MSCHAPv2
Andreas Steffen, 26.07.2011, Freescale-2.pptx 31
Windows 7 VPN with EAP Authentication II
• Using IKEv2 EAP-TLS with smartcards
Andreas Steffen, 26.07.2011, Freescale-2.pptx 32
strongSwan office appliance with EAP-TLS
Andreas Steffen, 26.07.2011, Freescale-2.pptx 33
Trusted Network Connect (TNC)
1.1 / 2.0
EAP-TNC in EAP-TTLS
Andreas Steffen, 26.07.2011, Freescale-2.pptx 34
EAP and SIM Managers
charon
Plugin
Loader
…
eap-sim-fileeap-sim-file
eap-simaka-sqleap-simaka-sql
eap-akaeap-aka
eap-simeap-sim
eap-md5eap-md5
eap_manager_t *eapeap_manager_t *eap
eap-sim-pcsceap-sim-pcsc
sim_manager_t *simsim_manager_t *sim
add_card() remove_card() card_get_triplet() card_get_quintuplet() add_provider() remove_provider() provider_get_triplet() provider_get_quintuplet()
add_card() remove_card() card_get_triplet() card_get_quintuplet() add_provider() remove_provider() provider_get_triplet() provider_get_quintuplet()
add_method(type, role) remove_method() create_instance(type, role)
add_method(type, role) remove_method() create_instance(type, role)
eap-tlseap-tls
…
eap_method_teap_method_t
eap_card_teap_card_t
eap_provider_teap_provider_t
initiate() process() get_msk()
initiate() process() get_msk()
get_triplet() get_quintuplet()
get_triplet() get_quintuplet()
get_triplet() get_quintuplet()
get_triplet() get_quintuplet()
eap_role_teap_role_t
EAP_PEER EAP_SERVER
EAP_PEER EAP_SERVER