View Issue Details

IDProjectCategoryView StatusLast Update
0017946CentOS-8libreswanpublic2020-12-15 12:58
ReporterManfred Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
Summary0017946: authentication method: IKEv2_AUTH_ECDSA_P384 not supported in I2 Auth Payload
DescriptionHi all,
I am a long time Fedora user, pretty satisfied by the way, recently addressing CentOS for some project where long term stability is a major point.

This problem appears to be due to missing support for RFC 4754 in Libreswan.

In the context of IKEv2 Authentication Methods, see:
https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-12

Libreswan provides support for Elliptic Curve Digital Signature Algorithm (ECDSA) as standardized by RFC 7427, but not as provided for by RFC 4754.

Although the former is a generalization of IKEv2 signature support that aims at widening the spectrumn of IKEv2 digital signature methods beyond those specified by RFC 4754, lack of support for the latter results in incompatibility with peers that authenticate with ECDSA by means of RFC 4754.

It is worth of note that although RFC 7427 aims at being a generalization beyond RFC 4754, both are actual and valid IETF proposed standards, in other words the former does not obsolete or replace the latter.

Specifically, such incompatibility shows up with current Windows 10 peers, which support ECDSA by means of RFC 4754.
With these peers, the additional complication is that they only allow EC DH Groups (e.g. ECP384) in combination with ECDSA machine certificates[1]. Possibly Microsoft made this choice on the basis of the following statement in the introduction of RFC 4754:
"Additional efficiency may be gained by simultaneously using ECDSA for IKE/IKEv2 authentication and using elliptic curve groups for the IKE/IKEv2 key exchange"

The result is that when using Libreswan with Windows 10 peers, the best that can be done with respect to cipher strength of the DH Groups is MODP2048.
(As a side note, the same does not apply to strongswan, which does support RFC 4754, and is able to authenticate these peers with ECDSA in combination with DH Group ECP384)

CentOS (as well as RHEL) is aimed at targeting a wide base of server/gateway systems, therefore this interoperability problem seems worth consideration, considering the wide diffusion of peers like the ones mentioned above. This in the light of the fact that RFC 4754, as said, is an actual and valid IETF proposed standard, and the authentication methods it specifies are cryptographically solid.
An additional complication in this respect is that CentOS does not provide alternatives to libreswan (e.g. strongswan).

[1] More specifically, if ECP384 is selected as DH group via Set-VpnConnectionIPsecConfiguration then non-ECDSA machine certificates are rejected with error 13806: "IKE failed to find valid machine certificate."
Steps To Reproduce1. Set up a gateway connection for Win10 clients with DH Group ECP384 and an ECDSA machine certificate.
2. The error "authentication method: IKEv2_AUTH_ECDSA_P384 not supported in I2 Auth Payload" occurs on the Libreswan gateway.
TagsNo tags attached.

Activities

Manfred

Manfred

2020-12-15 12:58

reporter  

libreswan.log (2,809 bytes)   
Dec 14 17:29:59 centos8.example.org pluto[4374]: "test-vpn"[1] aa.bb.cc.dd #1: processing IKE_SA_INIT request: SA,KE,Ni,N,N,N,V,V,V,V (message arrived 0 seconds ago)
Dec 14 17:29:59 centos8.example.org pluto[4374]: "test-vpn"[1] aa.bb.cc.dd: constructed local IKE proposals for test-vpn (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_384;INTEG=NONE;DH=ECP_384
Dec 14 17:29:59 centos8.example.org pluto[4374]: "test-vpn"[1] aa.bb.cc.dd #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_384;DH=ECP_384 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_384;DH=ECP_384[first-match]
Dec 14 17:29:59 centos8.example.org pluto[4374]: "test-vpn"[1] aa.bb.cc.dd #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_384 group=DH20}
Dec 14 17:29:59 centos8.example.org pluto[4374]: "test-vpn"[1] aa.bb.cc.dd #1: processing encrypted IKE_AUTH request: SKF (message arrived 0 seconds ago)
Dec 14 17:29:59 centos8.example.org pluto[4374]: "test-vpn"[1] aa.bb.cc.dd #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N,CP,SA,TSi,TSr}
Dec 14 17:29:59 centos8.example.org pluto[4374]: "test-vpn"[1] aa.bb.cc.dd #1: loading root certificate cache
Dec 14 17:29:59 centos8.example.org pluto[4374]: "test-vpn"[1] aa.bb.cc.dd #1: certificate verified OK: CN=rw.vpn.example.org,OU=DEP,O=EXAMPLE ltd,ST=TheState,C=US
Dec 14 17:29:59 centos8.example.org pluto[4374]: | pub  ...
Dec 14 17:29:59 centos8.example.org pluto[4374]: | ecParams  ...
Dec 14 17:29:59 centos8.example.org pluto[4374]: | keyid  ...
Dec 14 17:29:59 centos8.example.org pluto[4374]: | pub  ...
Dec 14 17:29:59 centos8.example.org pluto[4374]: | ecParams  ...
Dec 14 17:29:59 centos8.example.org pluto[4374]: | keyid  ...
Dec 14 17:29:59 centos8.example.org pluto[4374]: | pub  ...
Dec 14 17:29:59 centos8.example.org pluto[4374]: | ecParams  ...
Dec 14 17:29:59 centos8.example.org pluto[4374]: | keyid  ...
Dec 14 17:29:59 centos8.example.org pluto[4374]: "test-vpn"[1] aa.bb.cc.dd #1: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=US, ST=TheState, O=EXAMPLE ltd, OU=DEP, CN=rw.vpn.example.org'
Dec 14 17:29:59 centos8.example.org pluto[4374]: "test-vpn"[1] aa.bb.cc.dd #1: authentication method: IKEv2_AUTH_ECDSA_P384 not supported in I2 Auth Payload
Dec 14 17:29:59 centos8.example.org pluto[4374]: "test-vpn"[1] aa.bb.cc.dd #1: responding to IKE_AUTH message (ID 1) from aa.bb.cc.dd:4500 with encrypted notification AUTHENTICATION_FAILED
Dec 14 17:29:59 centos8.example.org pluto[4374]: "test-vpn"[1] aa.bb.cc.dd #1: deleting state (STATE_PARENT_R1) aged 0.146s and NOT sending notification
Dec 14 17:29:59 centos8.example.org pluto[4374]: deleting connection "test-vpn"[1] aa.bb.cc.dd instance with peer aa.bb.cc.dd {isakmp=#0/ipsec=#0}
libreswan.log (2,809 bytes)   

Issue History

Date Modified Username Field Change
2020-12-15 12:58 Manfred New Issue
2020-12-15 12:58 Manfred File Added: libreswan.log