TPM 2.0 Use with strongSwan IKE Daemon

Configure Private Key Access

Configuration of TPM 2.0 private key access as tokens in the secrets section of swanctl.conf

secrets {
    token_ak_rsa {
       handle = 0x81010003
    }
    token_ak_ecc {
       handle = 0x81010004
    }
}

Define IPsec Connection

This connection configuration in swanctl.conf references the ECC AK certificate used for client authentication via its handle, i.e. the NV index

connections {
   host {
      remote_addrs = 10.10.1.43

      local {
         auth = pubkey
         certs-tpm {
            handle = 0x01800004
         }
         id = edu.strongsec.com
      }
      remote {
         auth = pubkey
         id = mijas.strongsec.com
      }
      children {
         host {
            esp_proposals = aes256gcm128-x25519
         }
      }
      version = 2
      proposals = aes256-sha256-x25519
   }
}

Starting the strongSwan Daemon

The strongSwan charon-systemd IKE daemon is started via systemd:

$ sudo systemctl start strongswan

Jan 04 15:18:38 systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
Jan 04 15:18:38 edu charon-systemd[648407]: loaded plugins: charon-systemd random nonce drbg x509 revocation constraints pubkey pkcs1 pkcs8 pkcs12 pem openssl curl tpm kernel-netl>
Jan 04 15:18:38 edu charon-systemd[648407]: spawning 16 worker threads
Jan 04 15:18:38 edu charon-systemd[648407]: loaded certificate 'C=CH, O=strongSec GmbH, OU=AK RSA, CN=edu.strongsec.com'
Jan 04 15:18:38 edu charon-systemd[648407]: loaded certificate 'C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA'

The RSA AK private key is attached to the charon-systemd IKE daemon via the TPM 2.0 TSS interface

Jan 04 15:18:38 edu charon-systemd[648407]: TPM 2.0 via TSS2 v2 available
Jan 04 15:18:38 edu charon-systemd[648407]: signature algorithm is RSASSA with SHA256 hash
Jan 04 15:18:38 edu charon-systemd[648407]: loaded RSA private key from token

The ECC AK private key is attached to the charon-systemd IKE daemon via the TPM 2.0 TSS interface

Jan 04 15:18:38 edu charon-systemd[648407]: TPM 2.0 via TSS2 v2 available
Jan 04 15:18:38 edu charon-systemd[648407]: signature algorithm is ECDSA with SHA256 hash
Jan 04 15:18:38 edu charon-systemd[648407]: loaded ECDSA private key from token

The ECC AK certificate is loaded by the charon-systemd IKE daemon via the TPM 2.0 TSS interface

Jan 04 15:18:38 edu charon-systemd[648407]: TPM 2.0 via TSS2 v2 available
Jan 04 15:18:38 edu charon-systemd[648407]: loaded certificate from TPM NV index 0x01800004

The connection definition is received by the charon-systemd IKE daemon triggered by the swanctl --load-conns command via the VICI interface

Jan 04 15:18:38 edu charon-systemd[648407]: added vici connection: host

The swanctl command line tool reports its actions

Jan 04 15:18:38 edu swanctl[648429]: loaded certificate from '/etc/swanctl/x509/ak_rsa_cert.der'
Jan 04 15:18:38 edu swanctl[648429]: loaded certificate from '/etc/swanctl/x509ca/cacert.pem'
Jan 04 15:18:38 edu swanctl[648429]: loaded key token_ak_rsa from token [keyid: 4882621574a210c57570c2d67d599f22d94f9c07]
Jan 04 15:18:38 edu swanctl[648429]: loaded key token_ak_ecc from token [keyid: cc8349872b9ef3cbb835120287ff14892844a604]
Jan 04 15:18:38 edu swanctl[648429]: loaded connection 'host'
Jan 04 15:18:38 edu swanctl[648429]: successfully loaded 1 connections, 0 unloaded

Jan 04 15:18:38 edu systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.

The swanctl --list-conns command allows to list the loaded connection definitions

$ swanctl --list-conns

host: IKEv2, no reauthentication, rekeying every 14400s
  local:  %any
  remote: 10.10.1.43
  local public key authentication:
    id: edu.strongsec.com
    certs: C=CH, O=strongSec GmbH, OU=AK ECC, CN=edu.strongsec.com
  remote public key authentication:
    id: mijas.strongsec.com
  host: TUNNEL, rekeying every 3600s
    local:  dynamic
    remote: dynamic

The loaded certificates can also be displayed

$ swanctl --list-certs

You can clearly see that the connection between the AK certificates and their matching AK private key has been established (…, has private key)

List of X.509 End Entity Certificates

  subject:  "C=CH, O=strongSec GmbH, OU=AK ECC, CN=edu.strongsec.com"
  issuer:   "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
  validity:  not before Dec 23 15:27:40 2020, ok
             not after  Dec 23 15:27:40 2025, ok (expires in 1814 days)
  serial:    65:fd:5b:98:47:11:f6:45
  altNames:  edu.strongsec.com
  flags:     serverAuth
  CRL URIs:  http://www.strongsec.com/ca/strongsec.crl
  authkeyId: 6d:c2:af:37:49:41:b9:fd:f4:45:8b:aa:e0:03:3b:b9:e5:7b:9c:b5
  subjkeyId: cc:83:49:87:2b:9e:f3:cb:b8:35:12:02:87:ff:14:89:28:44:a6:04
  pubkey:    ECDSA 256 bits, has private key
  keyid:     ba:64:37:a4:0e:c8:42:67:8c:55:5a:f9:1b:2a:eb:ff:5f:40:c3:e3
  subjkey:   cc:83:49:87:2b:9e:f3:cb:b8:35:12:02:87:ff:14:89:28:44:a6:04

  subject:  "C=CH, O=strongSec GmbH, OU=AK RSA, CN=edu.strongsec.com"
  issuer:   "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
  validity:  not before Dec 23 15:26:22 2020, ok
             not after  Dec 23 15:26:22 2025, ok (expires in 1813 days)
  serial:    79:e5:74:2f:a4:df:b8:d2
  altNames:  edu.strongsec.com
  flags:     serverAuth
  CRL URIs:  http://www.strongsec.com/ca/strongsec.crl
  authkeyId: 6d:c2:af:37:49:41:b9:fd:f4:45:8b:aa:e0:03:3b:b9:e5:7b:9c:b5
  subjkeyId: 48:82:62:15:74:a2:10:c5:75:70:c2:d6:7d:59:9f:22:d9:4f:9c:07
  pubkey:    RSA 2048 bits, has private key
  keyid:     df:b7:8f:95:61:8f:70:84:f4:03:e8:7e:83:a6:dd:5f:c5:ff:72:b5
  subjkey:   48:82:62:15:74:a2:10:c5:75:70:c2:d6:7d:59:9f:22:d9:4f:9c:07

List of X.509 CA Certificates

  subject:  "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
  issuer:   "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
  validity:  not before Sep 02 10:25:01 2016, ok
             not after  Sep 02 10:25:01 2026, ok (expires in 2066 days)
  serial:    7c:24:43:4b:b7:dc:ef:7e
  flags:     CA CRLSign self-signed
  subjkeyId: 6d:c2:af:37:49:41:b9:fd:f4:45:8b:aa:e0:03:3b:b9:e5:7b:9c:b5
  pubkey:    RSA 4096 bits
  keyid:     6c:79:f3:7a:b0:df:ac:69:03:b2:ac:6a:ed:82:3a:d2:66:93:b1:21
  subjkey:   6d:c2:af:37:49:41:b9:fd:f4:45:8b:aa:e0:03:3b:b9:e5:7b:9c:b5

Initiating IKEv2 Connection

Next we initiate the "host" connection

$ swanctl --initiate --child host

[IKE] initiating IKE_SA host[1] to 10.10.1.43
[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
[NET] sending packet: from 10.10.1.33[500] to 10.10.1.43[500] (240 bytes)
[NET] received packet: from 10.10.1.43[500] to 10.10.1.33[500] (293 bytes)
[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
[IKE] received cert request for "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
[IKE] sending cert request for "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"

The ECC AK private key stored in the TPM 2.0 is used to generate an ECDSA_WITH_SHA256_DER signature which is sent in the AUTH payload of the IKE_AUTH request. The matching client certificate is sent in the CERT payload.

[IKE] authentication of 'edu.strongsec.com' (myself) with ECDSA_WITH_SHA256_DER successful
[IKE] sending end entity cert "C=CH, O=strongSec GmbH, OU=AK ECC, CN=edu.strongsec.com"

[IKE] establishing CHILD_SA host{1}
[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
[NET] sending packet: from 10.10.1.33[4500] to 10.10.1.43[4500] (1392 bytes)
[NET] received packet: from 10.10.1.43[4500] to 10.10.1.33[4500] (1236 bytes)
[ENC] parsed IKE_AUTH response 1 [ EF(1/2) ]
[ENC] received fragment #1 of 2, waiting for complete IKE message
[NET] received packet: from 10.10.1.43[4500] to 10.10.1.33[4500] (132 bytes)
[ENC] parsed IKE_AUTH response 1 [ EF(2/2) ]
[ENC] received fragment #2 of 2, reassembled fragmented IKE message (1296 bytes)
[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) ]
[IKE] received end entity cert "C=CH, O=strongSec GmbH, CN=mijas.strongsec.com"
[CFG]   using certificate "C=CH, O=strongSec GmbH, CN=mijas.strongsec.com"
[CFG]   using trusted ca certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"

The status of the received peer certificate is verified using CRLs:

[CFG] checking certificate status of "C=CH, O=strongSec GmbH, CN=mijas.strongsec.com"
[CFG]   fetching crl from 'http://www.strongsec.com/ca/strongsec.crl' ...
[CFG]   using trusted certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
[CFG]   crl correctly signed by "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
[CFG]   crl is valid: until Jan 10 10:00:01 2021
[CFG]   fetching crl from 'http://www.strongsec.net/ca/strongsec_delta.crl' ...
[CFG]   using trusted certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
[CFG]   crl correctly signed by "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
[CFG]   crl is valid: until Jan 05 10:00:01 2021
[CFG] certificate status is good

[CFG]   reached self-signed root ca with a path length of 0
[IKE] authentication of 'mijas.strongsec.com' with ECDSA_WITH_SHA256_DER successful
[IKE] IKE_SA host[1] established between 10.10.1.33[edu.strongsec.com]...10.10.1.43[mijas.strongsec.com]
[IKE] scheduling rekeying in 13703s
[IKE] maximum IKE_SA lifetime 15143s
[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ
[IKE] CHILD_SA host{1} established with SPIs c585d49f_i c1630769_o and TS 10.10.1.33/32 === 10.10.1.43/32
[IKE] received AUTH_LIFETIME of 9777s, scheduling reauthentication in 8337s
initiate completed successfully

The established IKE and CHILD SAs can be displayed

$ swanctl --list-sas

host: #1, ESTABLISHED, IKEv2, 4ef1452bda258a1b_i* a8508d872adadc84_r
  local  'edu.strongsec.com' @ 10.10.1.33[4500]
  remote 'mijas.strongsec.com' @ 10.10.1.43[4500]
  AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
  established 60s ago, rekeying in 13643s, reauth in 8277s
  host: #1, reqid 1, INSTALLED, TUNNEL, ESP:AES_GCM_16-256
    installed 62s ago, rekeying in 3271s, expires in 3900s
    in  c585d49f,  15168 bytes,   172 packets,     0s ago
    out c1630769,  25184 bytes,   113 packets,    60s ago
    local  10.10.1.33/32
    remote 10.10.1.43/32

Terminating IKEv2 Connection

The IKE and CHILD SAs are terminated

$ swanctl --terminate --ike host

[IKE] deleting IKE_SA host[1] between 10.10.1.33[edu.strongsec.com]...10.10.1.43[mijas.strongsec.com]
[IKE] sending DELETE for IKE_SA host[1]
[ENC] generating INFORMATIONAL request 2 [ D ]
[NET] sending packet: from 10.10.1.33[4500] to 10.10.1.43[4500] (80 bytes)
[NET] received packet: from 10.10.1.43[4500] to 10.10.1.33[4500] (80 bytes)
[ENC] parsed INFORMATIONAL response 2 [ ]
[IKE] IKE_SA deleted
terminate completed successfully