我已经在具有以下基本信息的两台主机上设置了IPSec系统:-Linux内核:4.4.135-IKE:strongSwan 5.6.1
局域网1 ---> | WAN1:192.168.100.121 | | WAN2:192.168.100.122 |
我正在测试一种新的名为BC512的块算法,其块大小为128位,密钥大小为512位(密钥比诸如AES或Camellia的常规算法大,但这是我需要运行测试的测试算法) 。
/etc/ipsec.conf文件的常规配置如下:
# ipsec.conf - Configuration file for IPSec
config setup
cachecrls=no
strictcrlpolicy=no
uniqueids=no
charondebug="cfg 4, dmn 4, ike 4, net 4, lib 4, knl 4"
conn %default
leftfirewall=yes
type=tunnel
authby=pubkey
auto=start
closeaction=clear
compress=yes
dpdaction=clear
dpddelay=60s
dpdtimeout=300s
inactivity=300s
installpolicy=yes
keyexchange=ikev2
keyingtries=5
lifetime=8h
leftauth=ike:rsa/pss-sha256
rightauth=ike:rsa/pss-sha256
conn VM-0121_VM-0122
left=192.168.100.221
leftsubnet=172.16.121.0/24
leftcert=VM.2019.0121_IPSEC_RSA_2048.PEM.CRT
leftid="C=VN, ST=Ha Noi, O=ABC.NET, OU=Dev Team, CN=ipsec121, E=ipsec121@abc.net"
leftfirewall=yes
right=192.168.100.222
rightsubnet=172.16.122.0/24
rightcert=VM.2019.0122_IPSEC_RSA_2048.PEM.CRT
rightid="C=VN, ST=Ha Noi, O=ABC.NET, OU=Dev Team, CN=ipsec122, E=ipsec122@abc.net"
rightfirewall=yes
esp=aes256ctr-sha512-modp2048!
ike=aes256ctr-sha512-modp2048!
type=tunnel
authby=pubkey
当我使用ESP / IKE参数在/etc/ipsec.conf文件中配置strongSwan时,给出以下结果:
1) esp=aes256ctr-sha1-modp2048!
ike=aes256ctr-sha512-modp2048!
Result: OK
2) esp=aes256ctr-sha256-modp2048!
ike=aes256ctr-sha512-modp2048!
Result: OK
3) esp=aes256ctr-sha512-modp2048!
ike=aes256ctr-sha512-modp2048!
Result: OK
4) esp=aes256ctr-sha1-modp2048!
ike=bc512ctr-sha512-modp2048!
Result: OK
5) esp=aes256ctr-sha256-modp2048!
ike=bc512ctr-sha512-modp2048!
Result: OK
6) esp=aes256ctr-sha512-modp2048!
ike=bc512ctr-sha512-modp2048!
Result: OK
7) esp=bc512ctr-sha1-modp2048!
ike=bc512ctr-sha512-modp2048!
Result: OK
8) esp=bc512ctr-sha256-modp2048!
ike=bc512ctr-sha512-modp2048!
Result: Error (as described later)
9) esp=bc512ctr-sha512-modp2048!
ike=bc512ctr-sha512-modp2048!
Result: Error (as described later)
运行ipsec start时出错--nofork:在Host1上:
...
...
...
11[IKE] IKE_SA VM-0121_VM-0122[1] state change: CONNECTING => ESTABLISHED
03[NET] waiting for data on sockets
11[IKE] scheduling reauthentication in 10005s
11[IKE] maximum IKE_SA lifetime 10545s
11[IKE] received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
11[CFG] configured proposals: ESP:BC512_CTR_512/HMAC_SHA2_512_256/MODP_2048/NO_EXT_SEQ
11[IKE] failed to establish CHILD_SA, keeping IKE_SA
11[KNL] deleting SAD entry with SPI 00003ac0
...
...
...
在Host2上:
...
...
...
06[KNL] adding SAD entry with SPI cccad04c and reqid {1}
06[KNL] using encryption algorithm BC512_CTR with key size 544
06[KNL] using integrity algorithm HMAC_SHA2_512_256 with key size 512
06[KNL] using replay window of 0 packets
06[KNL] sending XFRM_MSG_NEWSA 212: => 516 bytes @ 0x7f3e1248b4c0
...
...
...
06[KNL] received netlink error: No such file or directory (2)
06[KNL] unable to add SAD entry with SPI cccad04c (FAILED)
06[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel
06[IKE] failed to establish CHILD_SA, keeping IKE_SA
06[KNL] deleting policy 172.16.121.0/24 === 172.16.122.0/24 in
06[KNL] deleting policy 172.16.121.0/24 === 172.16.122.0/24 in failed, not found
06[KNL] deleting policy 172.16.121.0/24 === 172.16.122.0/24 fwd
06[KNL] deleting policy 172.16.121.0/24 === 172.16.122.0/24 fwd failed, not found
06[KNL] deleting SAD entry with SPI 00008d4e
...
...
...
我认为将BC512算法源代码集成到strongSwan中不是问题,因为可以毫无错误地配置IKE。
由于BC512算法集成到Linux内核中,可能会发生错误。 原因可能是BC512算法具有很大的密钥长度(512位)吗?
其他一些信息:1.运行命令cat / proc / crypto
cat /proc/crypto | grep aes
name : __ctr-aes-aesni
driver : cryptd(__driver-ctr-aes-aesni)
name : seqiv(authenc(hmac(sha512),rfc3686(ctr(aes))))
driver : seqiv(authenc(hmac(sha512-generic),rfc3686(ctr-aes-aesni)))
name : authenc(hmac(sha512),rfc3686(ctr(aes)))
driver : authenc(hmac(sha512-generic),rfc3686(ctr-aes-aesni))
name : rfc3686(ctr(aes))
driver : rfc3686(ctr-aes-aesni)
name : rfc3686(ctr(aes))
driver : rfc3686(ctr-aes-aesni)
name : ctr(aes)
driver : ctr-aes-aesni
...
...
...
name : aes
driver : aes-aesni
module : aesni_intel
name : aes
driver : aes-asm
module : aes_x86_64
name : aes
driver : aes-generic
cat /proc/crypto | grep bc512
name : seqiv(authenc(hmac(sha1),rfc3686(ctr(bc512))))
driver : seqiv(authenc(hmac(sha1-generic),rfc3686(ctr(bc512-generic))))
name : authenc(hmac(sha1),rfc3686(ctr(bc512)))
driver : authenc(hmac(sha1-generic),rfc3686(ctr(bc512-generic)))
name : authenc(hmac(sha256),rfc3686(ctr(bc512)))
driver : authenc(hmac(sha256-generic),rfc3686(ctr(bc512-generic)))
name : authenc(hmac(sha512),rfc3686(ctr(bc512)))
driver : authenc(hmac(sha512-generic),rfc3686(ctr(bc512-generic)))
name : rfc3686(ctr(bc512))
driver : rfc3686(ctr(bc512-generic))
name : rfc3686(ctr(bc512))
driver : rfc3686(ctr(bc512-generic))
name : ctr(bc512)
driver : ctr(bc512-generic)
name : ctr(bc512)
driver : ctr(bc512-generic)
name : bc512
driver : bc512-generic
module : bc512
如您所见,内核无法初始化如下转换:
name : seqiv(authenc(hmac(sha256),rfc3686(ctr(bc512))))
driver : seqiv(authenc(hmac(sha256-generic),rfc3686(ctr(bc512-generic))))
or
name : seqiv(authenc(hmac(sha512),rfc3686(ctr(bc512))))
driver : seqiv(authenc(hmac(sha512-generic),rfc3686(ctr(bc512-generic))))
从Linux内核调试信息:
[ 4158.398344] ------------[ cut here ]------------
[ 4158.398346] WARNING: CPU: 0 PID: 18942 at lib/iomap.c:43 bad_io_access+0x38/0x40()
[ 4158.398347] Bad IO access at port 0x3c (outl(val,port))
[ 4158.398509] Call Trace:
[ 4158.398511] [] dump_stack+0x63/0x87
[ 4158.398513] [] warn_slowpath_common+0x86/0xc0
[ 4158.398515] [] warn_slowpath_fmt+0x4c/0x50
[ 4158.398517] [] ? shash_default_export+0x1d/0x30
[ 4158.398518] [] ? hmac_setkey+0x1a0/0x1b0
[ 4158.398520] [] bad_io_access+0x38/0x40
[ 4158.398522] [] iowrite32+0x2f/0x40
[ 4158.398524] [] write_key_to_hardware+0x35/0x50 [bc512]
[ 4158.398526] [] bc512_set_key_32bit+0x1b/0x20 [bc512]
[ 4158.398527] [] setkey+0x5d/0x110
[ 4158.398529] [] crypto_ctr_setkey+0x34/0x50 [ctr]
[ 4158.398531] [] setkey+0x4d/0x100
[ 4158.398532] [] async_setkey+0xe/0x10
[ 4158.398534] [] crypto_rfc3686_setkey+0x4a/0x60 [ctr]
[ 4158.398536] [] crypto_authenc_setkey+0x9e/0xe0 [authenc]
[ 4158.398537] [] crypto_aead_setkey+0x35/0xd0
[ 4158.398539] [] ? crypto_create_tfm+0x4e/0xc0
[ 4158.398541] [] aead_geniv_setkey+0x12/0x20
[ 4158.398542] [] crypto_aead_setkey+0x35/0xd0
[ 4158.398544] [] esp_init_state+0x36e/0x450 [esp4]
[ 4158.398546] [] ? xfrm_get_mode+0x96/0xb0
[ 4158.398548] [] __xfrm_init_state+0x1d7/0x230
[ 4158.398550] [] xfrm_add_sa+0x67e/0xaa0 [xfrm_user]
[ 4158.398552] [] ? nla_parse+0xa3/0x100
[ 4158.398554] [] xfrm_user_rcv_msg+0x1a9/0x1d0 [xfrm_user]
[ 4158.398556] [] ? xfrm_dump_sa_done+0x30/0x30 [xfrm_user]
[ 4158.398558] [] netlink_rcv_skb+0xa9/0xc0
[ 4158.398560] [] xfrm_netlink_rcv+0x35/0x50 [xfrm_user]
[ 4158.398562] [] netlink_unicast+0x163/0x230
[ 4158.398563] [] netlink_sendmsg+0x322/0x3a0
[ 4158.398565] [] sock_sendmsg+0x3e/0x50
[ 4158.398566] [] SYSC_sendto+0x102/0x190
[ 4158.398568] [] ? __schedule+0x2d6/0x820
[ 4158.398570] [] ? SyS_select+0xbd/0xf0
[ 4158.398572] [] SyS_sendto+0xe/0x10
[ 4158.398574] [] entry_SYSCALL_64_fastpath+0x22/0x9d
[ 4158.398575] ---[ end trace 01669c0f1d468642 ]---
[ 4158.422826] ip_tables: (C) 2000-2006 Netfilter Core Team
过程hmac_setkey之后发生错误。
我每周进行调试和搜索,但无法解决问题。
我认为Linux内核的Crypto API已被限制为无法使用身份验证代码HMAC-SHA256或HMAC-SHA512初始化以CTR模式运行的块密码算法(BC512)。
此外,当使用其他分组密码时,例如AES(密钥大小为128、192和256),Blowfish(密钥大小为128),山茶(密钥大小为128、192和256)可以在CTR模式下运行,并且HMAC-SHA256或HMAC -SHA512。
在CBC,CFB,OFB,GCM和CCM模式下配置BC512时; 可以使用HMAC-SHA1,HMAC-SHA256和HMAC-SHA512。
仅具有CTR模式的BC512不能与HMAC-SHA256和HMAC-SHA512一起使用。
请帮助我,谢谢你。