Project

General

Profile

An XML based management protocol for strongSwan (SMP) » History » Version 8

Tobias Brunner, 06.05.2009 16:22
repo link fixed

1 7 Martin Willi
h1. An XML based management protocol for strongSwan (SMP)
2 1 Martin Willi
3 1 Martin Willi
4 7 Martin Willi
We are developing a flexible XML-based configuration interface. It uses the *SMP* protocol developed by Andreas Eigenmann and Joël Stillhart as part of their diploma thesis. 
5 7 Martin Willi
6 7 Martin Willi
7 7 Martin Willi
h2. Overview
8 7 Martin Willi
9 7 Martin Willi
The currently implemented communication interface to [[charon]] is called stroke. It's a simple protocol with it's own binary format. Only the input format is specified, output is redirected to the console.
10 7 Martin Willi
11 1 Martin Willi
While this protocol is usable for console applications (ipsec/starter), we need a better protocol to get feedback for an operation, query the status of the daemon, ...
12 1 Martin Willi
13 1 Martin Willi
14 7 Martin Willi
h2. Requirements
15 1 Martin Willi
16 8 Tobias Brunner
* Querying
17 8 Tobias Brunner
** IKE_SA list
18 8 Tobias Brunner
** Daemon status
19 8 Tobias Brunner
** ...
20 8 Tobias Brunner
* Control
21 8 Tobias Brunner
** initiate connection
22 8 Tobias Brunner
** terminate connection
23 8 Tobias Brunner
** ...
24 8 Tobias Brunner
* Get notifications
25 8 Tobias Brunner
** client connected
26 8 Tobias Brunner
** client connect attempt failed
27 8 Tobias Brunner
** ...
28 7 Martin Willi
29 7 Martin Willi
30 7 Martin Willi
h2. Protocol
31 7 Martin Willi
32 7 Martin Willi
To get an universal usable and easy to implement protocol, SMP is based on a XML. We use "Relax-NG":http://www.relaxng.org schemas for validation, as they are more powerful than DTD, but simpler than XML schema.
33 7 Martin Willi
34 7 Martin Willi
35 7 Martin Willi
h3. Connectivity
36 7 Martin Willi
37 1 Martin Willi
SMP uses a reliable protocol. We implement the protocol over a Unix socket for the first try, TCP connections are targeted for a later release (see security).
38 3 Martin Willi
39 7 Martin Willi
40 7 Martin Willi
h3. Security
41 7 Martin Willi
42 1 Martin Willi
We do not implement any security (encryption/authentication) in the first iteration. We will operate on a Unix socket, we enforce security with file permissions. Further development iterations will support for remote administration (over TCP), and then we need authentication, encryption and integrity checks.
43 3 Martin Willi
44 3 Martin Willi
The proposed XML-Security like approach proposed in the diploma thesis suffers from replay attack detection. Futher, using the asymmetric approach for each message may be to expensive.
45 1 Martin Willi
46 3 Martin Willi
If we implement a more complex notification mechanism, we need to register anyway at connection setup. We could agree on encryption and compression algorithm and exchange a key in this registration process.
47 3 Martin Willi
48 3 Martin Willi
49 7 Martin Willi
h3. Message format
50 3 Martin Willi
51 7 Martin Willi
The root element of an exchanged element is the _<message>_ element. A message has a _type_ attribute of either _request_, _response_ or _notification_. To protect messages against replay attacks, each message as an _id_ attribute, which in unique and incremental for each request/response pair. Notifications use their own counter for for message ids, as they appear asynchronously.
52 7 Martin Willi
53 7 Martin Willi
Messages of _type_ _request_ and _response_ contain one or more of the elements _query_ and _control_.
54 7 Martin Willi
55 7 Martin Willi
56 7 Martin Willi
h3. Schema
57 7 Martin Willi
58 8 Tobias Brunner
The complete schema is available at source:src/charon/plugins/smp/schema.xml (draft).
59 4 Tobias Brunner
60 7 Martin Willi
61 7 Martin Willi
h3. Query Operations
62 7 Martin Willi
63 7 Martin Willi
** [[SMPQueryIKESA|Query a list of IKE_SAs]]
64 7 Martin Willi
** ...
65 7 Martin Willi
The status of all IKE_SAs can be queried by sending a message of type _request_ including a query