我在两台主机上建立了一个 IPSec 系统,基本信息如下: - Linux 内核:4.4.135 - IKE:strongSwan 5.6.1
LAN1 --->| WAN1:192.168.100.121 | <---->| WAN2:192.168.100.122 | <---- 局域网2
我正在测试一个名为 BC512 的新块算法,块大小为 128 位,密钥大小为 512 位(密钥比 AES 或 Camellia 等常用算法大,但这是我需要运行测试的测试算法) .
/etc/ipsec.conf文件的一般配置如下:
# ipsec.conf - Configuration file for IPSec
config setup
cachecrls=no
strictcrlpolicy=no
uniqueids=no
charondebug="cfg 4, dmn 4, ike 4, net 4, lib 4, knl 4"
conn %default
leftfirewall=yes
type=tunnel
authby=pubkey
auto=start
closeaction=clear
compress=yes
dpdaction=clear
dpddelay=60s
dpdtimeout=300s
inactivity=300s
installpolicy=yes
keyexchange=ikev2
keyingtries=5
lifetime=8h
leftauth=ike:rsa/pss-sha256
rightauth=ike:rsa/pss-sha256
conn VM-0121_VM-0122
left=192.168.100.221
leftsubnet=172.16.121.0/24
leftcert=VM.2019.0121_IPSEC_RSA_2048.PEM.CRT
leftid="C=VN, ST=Ha Noi, O=ABC.NET, OU=Dev Team, CN=ipsec121, E=ipsec121@abc.net"
leftfirewall=yes
right=192.168.100.222
rightsubnet=172.16.122.0/24
rightcert=VM.2019.0122_IPSEC_RSA_2048.PEM.CRT
rightid="C=VN, ST=Ha Noi, O=ABC.NET, OU=Dev Team, CN=ipsec122, E=ipsec122@abc.net"
rightfirewall=yes
esp=aes256ctr-sha512-modp2048!
ike=aes256ctr-sha512-modp2048!
type=tunnel
authby=pubkey
当我在 /etc/ipsec.conf 文件中使用 ESP/IKE 参数配置 strongSwan 时,给出以下结果:
1) esp=aes256ctr-sha1-modp2048!
ike=aes256ctr-sha512-modp2048!
Result: OK
2) esp=aes256ctr-sha256-modp2048!
ike=aes256ctr-sha512-modp2048!
Result: OK
3) esp=aes256ctr-sha512-modp2048!
ike=aes256ctr-sha512-modp2048!
Result: OK
4) esp=aes256ctr-sha1-modp2048!
ike=bc512ctr-sha512-modp2048!
Result: OK
5) esp=aes256ctr-sha256-modp2048!
ike=bc512ctr-sha512-modp2048!
Result: OK
6) esp=aes256ctr-sha512-modp2048!
ike=bc512ctr-sha512-modp2048!
Result: OK
7) esp=bc512ctr-sha1-modp2048!
ike=bc512ctr-sha512-modp2048!
Result: OK
8) esp=bc512ctr-sha256-modp2048!
ike=bc512ctr-sha512-modp2048!
Result: Error (as described later)
9) esp=bc512ctr-sha512-modp2048!
ike=bc512ctr-sha512-modp2048!
Result: Error (as described later)
运行 ipsec start --nofork 时出错:在 Host1 上:
...
...
...
11[IKE] IKE_SA VM-0121_VM-0122[1] state change: CONNECTING => ESTABLISHED
03[NET] waiting for data on sockets
11[IKE] scheduling reauthentication in 10005s
11[IKE] maximum IKE_SA lifetime 10545s
11[IKE] received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
11[CFG] configured proposals: ESP:BC512_CTR_512/HMAC_SHA2_512_256/MODP_2048/NO_EXT_SEQ
11[IKE] failed to establish CHILD_SA, keeping IKE_SA
11[KNL] deleting SAD entry with SPI 00003ac0
...
...
...
在主机 2 上:
...
...
...
06[KNL] adding SAD entry with SPI cccad04c and reqid {1}
06[KNL] using encryption algorithm BC512_CTR with key size 544
06[KNL] using integrity algorithm HMAC_SHA2_512_256 with key size 512
06[KNL] using replay window of 0 packets
06[KNL] sending XFRM_MSG_NEWSA 212: => 516 bytes @ 0x7f3e1248b4c0
...
...
...
06[KNL] received netlink error: No such file or directory (2)
06[KNL] unable to add SAD entry with SPI cccad04c (FAILED)
06[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel
06[IKE] failed to establish CHILD_SA, keeping IKE_SA
06[KNL] deleting policy 172.16.121.0/24 === 172.16.122.0/24 in
06[KNL] deleting policy 172.16.121.0/24 === 172.16.122.0/24 in failed, not found
06[KNL] deleting policy 172.16.121.0/24 === 172.16.122.0/24 fwd
06[KNL] deleting policy 172.16.121.0/24 === 172.16.122.0/24 fwd failed, not found
06[KNL] deleting SAD entry with SPI 00008d4e
...
...
...
我认为将BC512算法源代码集成到strongSwan中是没有问题的,因为可以配置IKE而不会出现任何错误。
由于 BC512 算法集成到 Linux 内核中,可能会发生错误。原因可能是 BC512 算法的密钥长度非常大(512 位)?
其他一些信息: 1. 运行命令 cat /proc/crypto
cat /proc/crypto | grep aes
name : __ctr-aes-aesni
driver : cryptd(__driver-ctr-aes-aesni)
name : seqiv(authenc(hmac(sha512),rfc3686(ctr(aes))))
driver : seqiv(authenc(hmac(sha512-generic),rfc3686(ctr-aes-aesni)))
name : authenc(hmac(sha512),rfc3686(ctr(aes)))
driver : authenc(hmac(sha512-generic),rfc3686(ctr-aes-aesni))
name : rfc3686(ctr(aes))
driver : rfc3686(ctr-aes-aesni)
name : rfc3686(ctr(aes))
driver : rfc3686(ctr-aes-aesni)
name : ctr(aes)
driver : ctr-aes-aesni
...
...
...
name : aes
driver : aes-aesni
module : aesni_intel
name : aes
driver : aes-asm
module : aes_x86_64
name : aes
driver : aes-generic
cat /proc/crypto | grep bc512
name : seqiv(authenc(hmac(sha1),rfc3686(ctr(bc512))))
driver : seqiv(authenc(hmac(sha1-generic),rfc3686(ctr(bc512-generic))))
name : authenc(hmac(sha1),rfc3686(ctr(bc512)))
driver : authenc(hmac(sha1-generic),rfc3686(ctr(bc512-generic)))
name : authenc(hmac(sha256),rfc3686(ctr(bc512)))
driver : authenc(hmac(sha256-generic),rfc3686(ctr(bc512-generic)))
name : authenc(hmac(sha512),rfc3686(ctr(bc512)))
driver : authenc(hmac(sha512-generic),rfc3686(ctr(bc512-generic)))
name : rfc3686(ctr(bc512))
driver : rfc3686(ctr(bc512-generic))
name : rfc3686(ctr(bc512))
driver : rfc3686(ctr(bc512-generic))
name : ctr(bc512)
driver : ctr(bc512-generic)
name : ctr(bc512)
driver : ctr(bc512-generic)
name : bc512
driver : bc512-generic
module : bc512
如您所见,内核无法初始化转换,例如:
name : seqiv(authenc(hmac(sha256),rfc3686(ctr(bc512))))
driver : seqiv(authenc(hmac(sha256-generic),rfc3686(ctr(bc512-generic))))
or
name : seqiv(authenc(hmac(sha512),rfc3686(ctr(bc512))))
driver : seqiv(authenc(hmac(sha512-generic),rfc3686(ctr(bc512-generic))))
- 来自 Linux 内核的调试信息:
[ 4158.398344] ------------[ cut here ]------------
[ 4158.398346] WARNING: CPU: 0 PID: 18942 at lib/iomap.c:43 bad_io_access+0x38/0x40()
[ 4158.398347] Bad IO access at port 0x3c (outl(val,port))
[ 4158.398509] Call Trace:
[ 4158.398511] [<ffffffff813c7e1c>] dump_stack+0x63/0x87
[ 4158.398513] [<ffffffff810802e6>] warn_slowpath_common+0x86/0xc0
[ 4158.398515] [<ffffffff8108036c>] warn_slowpath_fmt+0x4c/0x50
[ 4158.398517] [<ffffffff8138246d>] ? shash_default_export+0x1d/0x30
[ 4158.398518] [<ffffffff81384450>] ? hmac_setkey+0x1a0/0x1b0
[ 4158.398520] [<ffffffff813e0b88>] bad_io_access+0x38/0x40
[ 4158.398522] [<ffffffff813e0cff>] iowrite32+0x2f/0x40
[ 4158.398524] [<ffffffffc046a035>] write_key_to_hardware+0x35/0x50 [bc512]
[ 4158.398526] [<ffffffffc046a06b>] bc512_set_key_32bit+0x1b/0x20 [bc512]
[ 4158.398527] [<ffffffff8137bf2d>] setkey+0x5d/0x110
[ 4158.398529] [<ffffffffc0465034>] crypto_ctr_setkey+0x34/0x50 [ctr]
[ 4158.398531] [<ffffffff8137ff3d>] setkey+0x4d/0x100
[ 4158.398532] [<ffffffff8137fffe>] async_setkey+0xe/0x10
[ 4158.398534] [<ffffffffc04651ca>] crypto_rfc3686_setkey+0x4a/0x60 [ctr]
[ 4158.398536] [<ffffffffc047936e>] crypto_authenc_setkey+0x9e/0xe0 [authenc]
[ 4158.398537] [<ffffffff8137e565>] crypto_aead_setkey+0x35/0xd0
[ 4158.398539] [<ffffffff8137bcde>] ? crypto_create_tfm+0x4e/0xc0
[ 4158.398541] [<ffffffff8137e612>] aead_geniv_setkey+0x12/0x20
[ 4158.398542] [<ffffffff8137e565>] crypto_aead_setkey+0x35/0xd0
[ 4158.398544] [<ffffffffc041e62e>] esp_init_state+0x36e/0x450 [esp4]
[ 4158.398546] [<ffffffff81788116>] ? xfrm_get_mode+0x96/0xb0
[ 4158.398548] [<ffffffff81788307>] __xfrm_init_state+0x1d7/0x230
[ 4158.398550] [<ffffffffc044d7ee>] xfrm_add_sa+0x67e/0xaa0 [xfrm_user]
[ 4158.398552] [<ffffffff813f3b63>] ? nla_parse+0xa3/0x100
[ 4158.398554] [<ffffffffc0449d29>] xfrm_user_rcv_msg+0x1a9/0x1d0 [xfrm_user]
[ 4158.398556] [<ffffffffc0449b80>] ? xfrm_dump_sa_done+0x30/0x30 [xfrm_user]
[ 4158.398558] [<ffffffff81720809>] netlink_rcv_skb+0xa9/0xc0
[ 4158.398560] [<ffffffffc0449805>] xfrm_netlink_rcv+0x35/0x50 [xfrm_user]
[ 4158.398562] [<ffffffff817201c3>] netlink_unicast+0x163/0x230
[ 4158.398563] [<ffffffff817205b2>] netlink_sendmsg+0x322/0x3a0
[ 4158.398565] [<ffffffff816d1ade>] sock_sendmsg+0x3e/0x50
[ 4158.398566] [<ffffffff816d1f82>] SYSC_sendto+0x102/0x190
[ 4158.398568] [<ffffffff817f0ab6>] ? __schedule+0x2d6/0x820
[ 4158.398570] [<ffffffff8121740d>] ? SyS_select+0xbd/0xf0
[ 4158.398572] [<ffffffff816d2ace>] SyS_sendto+0xe/0x10
[ 4158.398574] [<ffffffff817f48e5>] entry_SYSCALL_64_fastpath+0x22/0x9d
[ 4158.398575] ---[ end trace 01669c0f1d468642 ]---
[ 4158.422826] ip_tables: (C) 2000-2006 Netfilter Core Team
程序 hmac_setkey 后出现错误。
我每周调试和搜索,但无法解决问题。
我认为 Linux 内核的 Crypto API 已被限制为无法使用验证码 HMAC-SHA256 或 HMAC-SHA512 初始化在 CTR 模式下运行的分组密码算法(BC512)。
此外,当使用 AES(密钥大小 128、192 和 256)、Blowfish(密钥大小 128)、Camellia(密钥大小 128、192 和 256)等其他分组密码时,可以在 CTR 模式和 HMAC-SHA256 或 HMAC 下运行-SHA512。
在CBC、CFB、OFB、GCM、CCM模式下配置BC512时;可以使用 HMAC-SHA1、HMAC-SHA256 和 HMAC-SHA512。
只有具有 CTR 模式的 BC512 不能与 HMAC-SHA256 和 HMAC-SHA512 一起使用。
请帮助我,提前谢谢你。