andreas steffen, 26.07.2011, freescale-2.pptx 1 freescale strongswan/ipsec training block 2 working...

Andreas Steffen, 26.07.2011, Freescale-2.pptx 1

Freescale strongSwan/IPsec Training

Block 2Working with strongSwan

Prof. Dr. Andreas Steffen

[email protected]


Agenda Block 2 Working with strongSwan• Building and Configuring strongSwan

• Alternative backends and interfaces via modular plugins• libcharon, libhydra, and pluto plugins• strongSwan Manager, NetworkManager, and SQL backends

• Virtual IP Addresses• Volatile RAM-based and persistant SQL-based IP address

pools• Assignment of configuration attributes via attr and attr-sql

plugins

• Cryptographical Plugins• Alternative crypto libraries and hw accelerators via modular

plugins• libstrongswan plugins• Suite B support via openssl plugin, Linux Crypto API via af-

alg plugin

• PKI Support• Revocation via CRLs and OCSP, certification fetching via

HashAndURL• The strongSwan PKI tool

• EAP Support• EAP-RADIUS, EAP-TLS, EAP-TNC, EAP-SIM/AKA



Configuring and Building strongSwan


Plugins for charon

credentialscredentials

charon

Plugin

Loader

busbus

backendsbackends

eapeap

…

strokestroke

smpsmp

sqlsql

eap_akaeap_aka

eap_simeap_sim

eap_md5eap_md5

controllercontroller

…

• eap_xAny EAP protocol.

• smpXML-based control andmanagement protocol.Implementation:strongSwan

Manager

• sqlGeneric SQL interfacefor configurations,credentials & logging.Implementations:SQLite & MySQL

nmnm• nm

DBUS-based pluginfor NetworkManager


libcharon plugins

addrblockaddrblock

androidandroid

couplingcoupling

dhcpdhcp

duplicheckduplicheck

eap-akaeap-aka

eap-aka-3ggp2eap-aka-3ggp2

eap-gtceap-gtc

eap-identityeap-identity

eap-md5eap-md5

eap-mschapv2eap-mschapv2

eap-peapeap-peap

eap-radiuseap-radius

eap-simeap-sim

eap-sim-fileeap-sim-file

eap-sim-pcsceap-sim-pcsc

eap-simaka-pseudonymeap-simaka-pseudonym

eap-simaka-reautheap-simaka-reauth

eap-simaka-sqleap-simaka-sql

eap-tnceap-tnc

eap-ttlseap-ttls

farpfarp

haha

ledled

load-testerload-tester

maemomaemo

medclimedcli

medsrvmedsrv

nmnm

smpsmp

socket-defaultsocket-default

socket-dynamicsocket-dynamic

socket-rawsocket-raw

sqlsql

strokestroke

tnccs-11tnccs-11

tnccs-20tnccs-20

tnccs-dynamictnccs-dynamic

tnc-imctnc-imc

tnc-imvtnc-imv

uciuci

eap-md5eap-md5

updownupdown

whitelistwhitelist


libhydra plugins (shared by charon & pluto)

attrattr

attr-sqlattr-sql

kernel-klipskernel-klips

kernel-netlinkkernel-netlink

kernel-pfkeykernel-pfkey

kernel-pfroutekernel-pfroute

resolveresolve


pluto plugins

xauthxauth


strongSwan Manager

take downIKE SA

take downIPsec SA

FastCGI written in C with ClearSilver templates


strongSwan NetworkManager with RSA

• The private RSA key stored in .ssh/id_rsa in PKCS#1 PEM format is managed by the ssh-agent and can be directly by strongSwan via the agent plugin.

• Communication with the Network Manager via the D-Bus interface


strongSwan Entity Relationship Diagram

identities

private_keys

certificates

leases

peer_configs

ike_configs

child_configs

traffic_selectorslogs

identitiesshared_secrets

pools

SQLite and MySQL implementations



Virtual IP Addresses


Volatile RAM-based IP Address Pools

conn rw ... rightsourceip=10.3.0.0/24 auto=add

• Configuration in ipsec.conf

ipsec leases

Leases in pool 'rw', usage: 2/255, 2 online 10.3.0.2 online '[email protected]' 10.3.0.1 online '[email protected]'

• Statistics

conn rw1 ... rightsourceip=%rw auto=add

• Referencing and sharing a volatile pool


Persistant SQL-based IP Address Pools I

http://wiki.strongswan.org/repositories/entry/strongswan/ testing/hosts/default/etc/ipsec.d/tables.sql

• SQLite database table definitions

# /etc/strongswan.conf - strongSwan configuration file

libstrongswan { plugins { attr-sql { database = sqlite:///etc/ipsec.d/ipsec.db } }}

• Connecting to the SQLite database

• Creation of SQLite database

cat /etc/ipsec.d/table.sql | sqlite3 /etc/ipsec.d/ipsec.db


Persistant SQL-based IP Address Pools II

conn rw keyexchange=ikev2 ... rightsourceip=%bigpool auto=add

• Configuration in ipsec.conf

ipsec pool –-status name start end timeout size online usagebigpool 10.3.0.1 10.3.0.254 48h 254 1 ( 0%) 2 ( 0%)

ipsec pool --leases --filter pool=bigpoolname address status start end identitybigpool 10.3.0.1 online Oct 22 23:13:50 2009 [email protected] 10.3.0.2 valid Oct 22 23:14:11 2009 Oct 22 23:14:25 2009 [email protected]

• Statistics

ipsec pool --add bigpool --start 10.3.0.1 --end 10.3.0.254 --timeout 48allocating 254 addresses... done.

• Pool creation



Cryptographical Plugins


Plugins for libstrongswan

credentialscredentials

libstrongswan

Plugin

Loader

cryptocrypto

databasedatabase

fetcherfetcher

…

…

…

sha2sha2

randomrandom

x509x509

sqlitesqlite

mysqlmysql

curlcurl

ldapldap

Factories

aesaes

• Certificate retrieval (HASH-and-URL)

• CRL fetching, OCSP

• Non-US crypto code

• No OpenSSL library

• ECCN: No LicenseRequired (NLR)


libstrongswan plugins

aesaes

af-algaf-alg

agentagent

blowfishblowfish

ccmccm

constraintsconstraints

ctrctr

curlcurl

desdes

dnskeydnskey

fips-prffips-prf

gcmgcm

gcryptgcrypt

gmpgmp

hmachmac

ldapldap

md4md4

md5md5

mysqlmysql

opensslopenssl

padlockpadlock

pempem

pgppgp

pkcs11pkcs11

pkcs1pkcs1

pubkeypubkey

randomrandom

revocationrevocation

sha1sha1

sha2sha2

soupsoup

sqlitesqlite

test-vectorstest-vectors

x509x509

xcbcxcbc


VIA EPIA-NX PadLock Crypto-Processor

• padlock pluginAES/SHAHW acceleration

• openssl pluginuses libcrypto-0.9.8OpenSSL library- ECP DH groups- ECDSA signatures- HW engine support


Suite B offers constant 128/192 Bit Security

# ipsec.conf for gateway moon

conn rw keyexchange=ikev2 ike=aes256-sha384-ecp384,aes128-sha256-ecp256! esp=aes256gcm16,aes128gcm16!

leftsubnet=10.1.0.0/24 leftcert=moonCert.der [email protected] right=%any rightsourceip=10.3.0.0/24 auto=add

rw[1]: ESTABLISHED 9 seconds ago, 192.168.0.1[moon.strongswan.org]... 192.168.0.100[[email protected]]rw[1]: IKE SPIs: 7c1dcd22a8266a3b_i 12bc51bc21994cdc_r*,rw[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256rw{1}: INSTALLED, TUNNEL, ESP SPIs: c05d34cd_i c9f09b38_orw{1}: AES_GCM_16_128, 84 bytes_i (6s ago), 84 bytes_o (6s ago),rw{1}: 10.1.0.0/24 === 10.3.0.1/32

# ipsec.secrets for gateway moon

: ECDSA moonKey.der

• 128 bit security requires 3072 bit RSA keys and DH groups!

• In 2005 NSA proposes use of efficient elliptic curve cryptography.

• Suite B use for IPsec defined in RFC 4869.



PKI Support


HTTP or LDAP based CRL Fetching

13[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=Research, [email protected]" 13[CFG] fetching crl from 'http://crl.strongswan.org/strongswan.crl' ... 13[CFG] using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 13[CFG] crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 13[CFG] crl is valid: until Nov 15 22:42:42 2009 13[CFG] certificate status is good13[LIB] written crl file '/etc/ipsec.d/crls/5da7...4def.crl' (942 bytes)

crlDistributionPoints = URI:http://crl.strongswan.org/strongswan.crl

crlDistributionPoints extension in user certificate

# ipsec.conf

config setupstrictcrlpolicy=yescachecrls=yes

ca strongswancacert=strongswanCert.pemcrluri="ldap://ldap.strongswan.org/cn=strongSwan Root CA,

o=Linux strongSwan, c=CH?certificateRevocationList"auto=add


Antje Bodo

Kool CA

Kool CA

#0

Online Certificate Status Protocol (OCSP)with self-signed OCSP certificate

OCSP Server

OCSP Reply:Kool CA #2 good

signed by OCSP Server

OCSP

Kool CA

Bodo

OCSP Request:status of Kool CA #2 ?optionally signed by Bodo

Bodo

Kool CA

#3

frequent status updates e.g. via CRL

AntjeAntje

Kool CA

#2

Authentication

OCSP

OCSP

#0

locally stored


OCSP with self-signed OCSP Certificate

# /etc/ipsec.conf

ca strongswancacert=strongswanCert.pemocspuri=http://ocsp.strongswan.org:8880auto=add

13[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=Research, [email protected]" 13[CFG] requesting ocsp status from 'http://ocsp.strongswan.org:8880' ... 13[CFG] using trusted certificate "C=CH, O=Linux strongSwan, OU=OCSP Self-Signed Authority, CN=ocsp.strongswan.org" 13[CFG] ocsp response correctly signed by "C=CH, O=Linux strongSwan, OU=OCSP Self-Signed Authority, CN=ocsp.strongswan.org" 13[CFG] ocsp response is valid: until Oct 17 02:11:09 2009 13[CFG] certificate status is good

ipsec listcainfos authname: "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" authkey: 5d:a7:dd:70:06:51:32:7e:e7:b6:6d:b3:b5:e5:e0:60:ea:2e:4d:ef keyid: ae:09:6b:87:b4:48:86:d3:b8:20:97:86:23:da:bd:0e:ae:22:eb:bc ocspuris: 'http://ocsp.strongswan.org:8880'

moon


carol moon

Kool CA

Kool CA

#0

Online Certificate Status Protocol (OCSP)with delegated trust

OCSP Server

OCSP

Kool CA

moon

OCSP Request:status of Kool CA #2 ?

optionally signed by moon

moon

Kool CA

#3

frequent status updates e.g. via CRL

carolcarol

Kool CA

#2

Authentication

OCSP Reply:Kool CA #2 good

signed by OCSP Server

OCSP

Kool CA

#1isOCSP


OCSP with Delegated Trust

11[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=OCSP, [email protected]" 11[CFG] requesting ocsp status from 'http://ocsp.strongswan.org:8880' ... 11[CFG] using certificate "C=CH, O=Linux strongSwan, OU=OCSP Signing Authority, CN=ocsp.strongswan.org" 11[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 11[CFG] ocsp response correctly signed by "C=CH, O=Linux strongSwan, OU=OCSP Signing Authority, CN=ocsp.strongswan.org" 11[CFG] ocsp response is valid: until Oct 17 02:13:21 2009 11[CFG] certificate status is good

moon

authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880

carol: authorityInfoAccess extension in user certificate

extendedKeyUsage = OCSPSigning

extendedKeyUsage flag in OCSP-signer certificate


X.509 Certificate and Key Hashes

signatureAlgorithm*

Hash Function*Hash Function*

Encryption withIssuer Private Key

Encryption withIssuer Private Keysignature

tbsCertificate version (usually v3) serialNumber signature* issuer validity subject subjectPublicKeyInfo algorithm subjectPublicKey extensions subjectKeyIdentifier

SHA-1SHA-1

IKEv2 Hash-and-URL

IKEv2 CERTREQ

SHA-1SHA-1

SHA-1SHA-1


The strongSwan PKI function

ipsec pki --gen --type ecdsa --size 521 > strongswanKey.deripsec pki --self --in strongswanKey.der –type ecdsa --lifetime 3650 --dn "C=CH, O=strongSwan, CN=strongSwan EC CA" --ca --digest sha512 > strongswanCert.der

ipsec pki --gen --type ecdsa --size 384 > moonKey.deripsec pki --req --in moonKey.der --type ecdsa --digest sha384 --dn "C=CH, O=strongSwan, CN=moon.strongswan.org" --san moon.strongswan.org > moonReq.der

ipsec pki --gen --type ecdsa --size 256 > carolKey.deripsec pki --req --in carolKey.der --type ecdsa --digest sha256 --dn "C=CH, O=strongSwan, [email protected]" --san [email protected] > carolReq.der

cat pki.opt--type pkcs10 --lifetime 1825 --crl http://crl.strongswan.org/ecdsa.crl--cacert strongswanCert.der --cakey strongswanKey.der --digest sha512 ipsec pki --issue -–options pki.opt --in moonReq.der --flag serverAuth --serial 01 > moonCert.deripsec pki --issue -–options pki.opt --in carolReq.der --serial 02 > carolCert.der



EAP Support


RADIUS Server Configuration

# strongswan.conf of gateway moon

charon { plugins { eap-radius { secret = gv6URkSs server = 10.1.0.10 } }}

# ipsec.conf of gateway moon

conn rw-eapleft=%anyleftsubnet=10.1.0.0/[email protected]=moonCert.pemleftauth=pubkeyleftfirewall=yesright=%anyrightsendcert=never

rightsourceip=10.3.0.0/24rightauth=eap-radiuseap_identity=%anyauto=add

# /etc/raddb/clients.conf

client 10.1.0.1 { secret = gv6URkSs shortname = moon

moon radius server

# /etc/raddb/eap.conf

eap { default_eap_type = md5 md5 { }}

# /etc/raddb/proxy.conf

realm LOCAL { type = radius authhost = LOCAL accthost = LOCAL}

# /etc/raddb/users

carol Cleartext-Password := "tuxmux"dave Cleartext-Password := "grummel"


Windows 7 VPN with EAP Authentication I

• Using IKEv2 EAP-MSCHAPv2


Windows 7 VPN with EAP Authentication II

• Using IKEv2 EAP-TLS with smartcards


strongSwan office appliance with EAP-TLS


Trusted Network Connect (TNC)

1.1 / 2.0

EAP-TNC in EAP-TTLS


EAP and SIM Managers

charon

Plugin

Loader

…

eap-sim-fileeap-sim-file

eap-simaka-sqleap-simaka-sql

eap-akaeap-aka

eap-simeap-sim

eap-md5eap-md5

eap_manager_t *eapeap_manager_t *eap

eap-sim-pcsceap-sim-pcsc

sim_manager_t *simsim_manager_t *sim

add_card() remove_card() card_get_triplet() card_get_quintuplet() add_provider() remove_provider() provider_get_triplet() provider_get_quintuplet()

add_card() remove_card() card_get_triplet() card_get_quintuplet() add_provider() remove_provider() provider_get_triplet() provider_get_quintuplet()

add_method(type, role) remove_method() create_instance(type, role)

add_method(type, role) remove_method() create_instance(type, role)

eap-tlseap-tls

…

eap_method_teap_method_t

eap_card_teap_card_t

eap_provider_teap_provider_t

initiate() process() get_msk()

initiate() process() get_msk()

get_triplet() get_quintuplet()




eap_role_teap_role_t

EAP_PEER EAP_SERVER

EAP_PEER EAP_SERVER

andreas steffen, 26.07.2011, freescale-2.pptx 1 freescale strongswan/ipsec training block 2 working...

Documents

eap protocol

eapsimaka slide

andreas steffen

file eapsim

pseudonym eapsimaka

pcsc eapsimaka

reauth eapsimaka

md5 controller eap