Project

General

Profile

Issue #3343

signature validation failed, looking for another key

Added by praneeth earikireddy about 2 months ago. Updated about 2 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
interoperability
Affected version:
5.5.3
Resolution:

Description

Created a Route based IPsec tunnel between strongSwan 5.5.3 and Cisco ASA using certificates.
The certificates have subject alternate name set to IP address. strongSwan is the initiator and the Cisco is responder.
I see the Cisco is able to establish the tunnel but strongSwan send an AUTH Failed because it is not able to verify the signature of a certificate.

2020-01-30 08:32:42 32[DMN] <cisco-1|2192> [GARNER-LOGGING] (child_alert) ALERT: peer authentication failed
2020-01-30 08:32:42 32[ENC] <cisco-1|2192> generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
2020-01-30 08:32:42 32[NET] <cisco-1|2192> sending packet: from 172.0.0.195[500] to 172.0.0.4[500] (96 bytes)
2020-01-30 08:32:57 30[CFG] received stroke: delete connection 'cisco-1'
2020-01-30 08:32:57 30[CFG] deleted connection 'cisco-1'
2020-01-30 08:32:57 19[CFG] rereading secrets
2020-01-30 08:32:57 19[CFG] loading secrets from '/_conf/ipsec/ipsec.secrets'
2020-01-30 08:32:57 19[CFG] expanding file expression '/_conf/ipsec/connections/*.secrets' failed
2020-01-30 08:32:57 17[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
2020-01-30 08:32:57 17[CFG]   loaded ca certificate "C=DE, ST=BW, L=KA, O=Sophos, OU=NSG, CN=nsg1, E=daniel.kercher@sophos.com" from '/_conf/ipsec/ipsec.d/cacerts/AAAAAAAAAAAAAAAAAA.pem'
2020-01-30 08:33:08 26[CFG] rereading secrets
2020-01-30 08:33:08 26[CFG] loading secrets from '/_conf/ipsec/ipsec.secrets'
2020-01-30 08:33:08 26[CFG] loading secrets from '/_conf/ipsec/connections/cisco.secrets'
2020-01-30 08:33:08 26[CFG]   loaded RSA private key from '/conf/certificate/private/local.key'
2020-01-30 08:33:08 10[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
2020-01-30 08:33:08 10[CFG]   loaded ca certificate "C=DE, ST=BW, L=KA, O=Sophos, OU=NSG, CN=nsg1, E=daniel.kercher@sophos.com" from '/_conf/ipsec/ipsec.d/cacerts/AAAAAAAAAAAAAAAAAA.pem'
2020-01-30 08:33:08 11[CFG] received stroke: add connection 'cisco-1'
2020-01-30 08:33:08 11[CFG]   loaded certificate "C=DE, ST=BW, L=KA, O=Sophos, OU=NSG, CN=172.0.0.195" from '/conf/certificate/local.pem'
2020-01-30 08:33:08 11[CFG]   loaded certificate "C=DE, ST=BW, L=KA, O=Sophos, OU=NSG, CN=172.0.0.4" from '/conf/certificate/remote.pem'
2020-01-30 08:33:08 11[CFG] added configuration 'cisco-1'
2020-01-30 08:33:08 14[CFG] received stroke: initiate 'cisco-1'
2020-01-30 08:33:08 14[IKE] <cisco-1|2193> initiating IKE_SA cisco-1[2193] to 172.0.0.4
2020-01-30 08:33:08 14[ENC] <cisco-1|2193> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
2020-01-30 08:33:08 14[NET] <cisco-1|2193> sending packet: from 172.0.0.195[500] to 172.0.0.4[500] (854 bytes)
2020-01-30 08:33:08 18[NET] <cisco-1|2193> received packet: from 172.0.0.4[500] to 172.0.0.195[500] (371 bytes)
2020-01-30 08:33:08 18[ENC] <cisco-1|2193> parsed IKE_SA_INIT response 0 [ SA KE No V V CERTREQ N(FRAG_SUP) V ]
2020-01-30 08:33:08 18[IKE] <cisco-1|2193> received Cisco Delete Reason vendor ID
2020-01-30 08:33:08 18[IKE] <cisco-1|2193> received Cisco Copyright (c) 2009 vendor ID
2020-01-30 08:33:08 18[IKE] <cisco-1|2193> received FRAGMENTATION vendor ID
2020-01-30 08:33:08 18[IKE] <cisco-1|2193> received cert request for "C=DE, ST=BW, L=KA, O=Sophos, OU=NSG, CN=nsg1, E=daniel.kercher@sophos.com" 
2020-01-30 08:33:08 18[IKE] <cisco-1|2193> received 1 cert requests for an unknown ca
2020-01-30 08:33:08 18[IKE] <cisco-1|2193> authentication of '172.0.0.195' (myself) with RSA signature successful
2020-01-30 08:33:08 18[IKE] <cisco-1|2193> sending end entity cert "C=DE, ST=BW, L=KA, O=Sophos, OU=NSG, CN=172.0.0.195" 
2020-01-30 08:33:08 18[IKE] <cisco-1|2193> establishing CHILD_SA cisco-1
2020-01-30 08:33:08 18[ENC] <cisco-1|2193> generating IKE_AUTH request 1 [ IDi CERT IDr AUTH SA TSi TSr N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
2020-01-30 08:33:08 18[ENC] <cisco-1|2193> splitting IKE message with length of 1552 bytes into 2 fragments
2020-01-30 08:33:08 18[ENC] <cisco-1|2193> generating IKE_AUTH request 1 [ EF(1/2) ]
2020-01-30 08:33:08 18[ENC] <cisco-1|2193> generating IKE_AUTH request 1 [ EF(2/2) ]
2020-01-30 08:33:08 18[NET] <cisco-1|2193> sending packet: from 172.0.0.195[500] to 172.0.0.4[500] (1252 bytes)
2020-01-30 08:33:08 18[NET] <cisco-1|2193> sending packet: from 172.0.0.195[500] to 172.0.0.4[500] (388 bytes)
2020-01-30 08:33:08 15[NET] <cisco-1|2193> received packet: from 172.0.0.4[500] to 172.0.0.195[500] (1392 bytes)
2020-01-30 08:33:08 15[ENC] <cisco-1|2193> parsed IKE_AUTH response 1 [ V IDr CERT AUTH SA TSi TSr N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) ]
2020-01-30 08:33:08 15[IKE] <cisco-1|2193> received end entity cert "C=DE, ST=BW, L=KA, O=Sophos, OU=NSG, CN=172.0.0.4" 
2020-01-30 08:33:08 15[CFG] <cisco-1|2193>   using trusted ca certificate "C=DE, ST=BW, L=KA, O=Sophos, OU=NSG, CN=nsg1, E=daniel.kercher@sophos.com" 
2020-01-30 08:33:08 15[CFG] <cisco-1|2193> checking certificate status of "C=DE, ST=BW, L=KA, O=Sophos, OU=NSG, CN=172.0.0.4" 
2020-01-30 08:33:08 15[CFG] <cisco-1|2193> certificate status is not available
2020-01-30 08:33:08 15[CFG] <cisco-1|2193>   reached self-signed root ca with a path length of 0
2020-01-30 08:33:08 15[CFG] <cisco-1|2193>   using trusted certificate "C=DE, ST=BW, L=KA, O=Sophos, OU=NSG, CN=172.0.0.4" 
2020-01-30 08:33:08 15[IKE] <cisco-1|2193> signature validation failed, looking for another key
2020-01-30 08:33:08 15[DMN] <cisco-1|2193> [GARNER-LOGGING] (child_alert) ALERT: peer authentication failed
2020-01-30 08:33:08 15[ENC] <cisco-1|2193> generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
2020-01-30 08:33:08 15[NET] <cisco-1|2193> sending packet: from 172.0.0.195[500] to 172.0.0.4[500] (96 bytes)
2020-01-30 08:33:18 19[DMN] [GARNER-LOGGING] (child_alert) ALERT: received IKE message with invalid SPI (8962714D) from other side

But according to ipsec pki the used certificates are valid and trusted

SF01V_SO01_SFOS 18.0.0 GA# ipsec pki --verify --in /conf/certificate/local.pem --cacert /_conf/ipsec/ipsec.d/cacerts/AAAAAAAAAAAAAAAAAA.
pem
  using certificate "C=DE, ST=BW, L=KA, O=Sophos, OU=NSG, CN=172.0.0.195" 
  using trusted ca certificate "C=DE, ST=BW, L=KA, O=Sophos, OU=NSG, CN=nsg1, E=daniel.kercher@sophos.com" 
  reached self-signed root ca with a path length of 0
certificate trusted, lifetimes valid

SF01V_SO01_SFOS 18.0.0 GA# ipsec pki --verify --in /conf/certificate/remote.pem  --cacert /_conf/ipsec/ipsec.d/cacerts/AAAAAAAAAAAAAAAAA
A.pem
  using certificate "C=DE, ST=BW, L=KA, O=Sophos, OU=NSG, CN=172.0.0.4" 
  using trusted ca certificate "C=DE, ST=BW, L=KA, O=Sophos, OU=NSG, CN=nsg1, E=daniel.kercher@sophos.com" 
  reached self-signed root ca with a path length of 0
certificate trusted, lifetimes valid

Note : Setup works with watchguard, so it looks like Cisco doing something different than watchguard/strongSwan.

-Praneeth

172.0.0.4.p12 (3.54 KB) 172.0.0.4.p12 praneeth earikireddy, 19.02.2020 11:17
172.0.0.195.p12 (3.55 KB) 172.0.0.195.p12 praneeth earikireddy, 19.02.2020 11:17
nsg1.pem (1.39 KB) nsg1.pem praneeth earikireddy, 19.02.2020 11:17
nsg1.key (1.64 KB) nsg1.key praneeth earikireddy, 19.02.2020 11:17

History

#1 Updated by praneeth earikireddy about 2 months ago

Attaching certificates used for issue.

CA: nsg1.pem and nsg1.key as private key
strongSwan cert : 172.0.0.195.p12
Cisco cert : 172.0.0.4.p12

password for the certs is pppppppp
The PKI is created with XCA.

#2 Updated by Tobias Brunner about 2 months ago

  • Description updated (diff)
  • Category set to interoperability
  • Status changed from New to Feedback

It's not a problem with the certificate's signature or its validity, but the IKE authentication. It's possible that the Cisco device uses a different hash algorithm for it. strongSwan only supports SHA-1 for the legacy IKEv2 signature authentication (i.e. pre-RFC 7427, also see #2473).

If you can, enable the use of the scheme defined in RFC 7427 on the Cisco box, or make it use SHA-1 for the legacy signature authentication. Alternatively, patch the strongSwan code to use a different hash algorithm (see source:src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c#L602), but that's a global change (unless you add more code).

Also available in: Atom PDF