TPM 2.0 Use with strongSwan IKE Daemon

Configure Private Key Access

Configuration of TPM 2.0 private key access as tokens in the secrets section of swanctl.conf

secrets {
    token_ak_rsa {
       handle = 0x81010003
    }
    token_ak_ecc {
       handle = 0x81010004
    }
}

Define IPsec Connection

This connection configuration in swanctl.conf references the ECC AK certificate used for client authentication via its handle, i.e. the NV index

connections {
   host {
      remote_addrs = 10.10.1.43

      local {
         auth = pubkey
         certs-tpm {
            handle = 0x01800004
         }
         id = edu.strongsec.com
      }
      remote {
         auth = pubkey
         id = mijas.strongsec.com
      }
      children {
         host {
            esp_proposals = aes256gcm128-x25519
         }
      }
      version = 2
      proposals = aes256-sha256-x25519
   }
}

Starting the strongSwan Daemon

The strongSwan charon-systemd IKE daemon is started via systemd:

$ sudo systemctl start strongswan
Jan 04 15:18:38 systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
Jan 04 15:18:38 edu charon-systemd[648407]: loaded plugins: charon-systemd random nonce drbg x509 revocation constraints pubkey pkcs1 pkcs8 pkcs12 pem openssl curl tpm kernel-netl>
Jan 04 15:18:38 edu charon-systemd[648407]: spawning 16 worker threads
Jan 04 15:18:38 edu charon-systemd[648407]: loaded certificate 'C=CH, O=strongSec GmbH, OU=AK RSA, CN=edu.strongsec.com'
Jan 04 15:18:38 edu charon-systemd[648407]: loaded certificate 'C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA'

The RSA AK private key is attached to the charon-systemd IKE daemon via the TPM 2.0 TSS interface

Jan 04 15:18:38 edu charon-systemd[648407]: TPM 2.0 via TSS2 v2 available
Jan 04 15:18:38 edu charon-systemd[648407]: signature algorithm is RSASSA with SHA256 hash
Jan 04 15:18:38 edu charon-systemd[648407]: loaded RSA private key from token

The ECC AK private key is attached to the charon-systemd IKE daemon via the TPM 2.0 TSS interface

Jan 04 15:18:38 edu charon-systemd[648407]: TPM 2.0 via TSS2 v2 available
Jan 04 15:18:38 edu charon-systemd[648407]: signature algorithm is ECDSA with SHA256 hash
Jan 04 15:18:38 edu charon-systemd[648407]: loaded ECDSA private key from token

The ECC AK certificate is loaded by the charon-systemd IKE daemon via the TPM 2.0 TSS interface

Jan 04 15:18:38 edu charon-systemd[648407]: TPM 2.0 via TSS2 v2 available
Jan 04 15:18:38 edu charon-systemd[648407]: loaded certificate from TPM NV index 0x01800004

The connection definition is received by the charon-systemd IKE daemon triggered by the swanctl --load-conns command via the VICI interface

Jan 04 15:18:38 edu charon-systemd[648407]: added vici connection: host

The swanctl command line tool reports its actions

Jan 04 15:18:38 edu swanctl[648429]: loaded certificate from '/etc/swanctl/x509/ak_rsa_cert.der'
Jan 04 15:18:38 edu swanctl[648429]: loaded certificate from '/etc/swanctl/x509ca/cacert.pem'
Jan 04 15:18:38 edu swanctl[648429]: loaded key token_ak_rsa from token [keyid: 4882621574a210c57570c2d67d599f22d94f9c07]
Jan 04 15:18:38 edu swanctl[648429]: loaded key token_ak_ecc from token [keyid: cc8349872b9ef3cbb835120287ff14892844a604]
Jan 04 15:18:38 edu swanctl[648429]: loaded connection 'host'
Jan 04 15:18:38 edu swanctl[648429]: successfully loaded 1 connections, 0 unloaded
Jan 04 15:18:38 edu systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.

The swanctl --list-conns command allows to list the loaded connection definitions

$ swanctl --list-conns

host: IKEv2, no reauthentication, rekeying every 14400s
  local:  %any
  remote: 10.10.1.43
  local public key authentication:
    id: edu.strongsec.com
    certs: C=CH, O=strongSec GmbH, OU=AK ECC, CN=edu.strongsec.com
  remote public key authentication:
    id: mijas.strongsec.com
  host: TUNNEL, rekeying every 3600s
    local:  dynamic
    remote: dynamic

The loaded certificates can also be displayed

$ swanctl --list-certs

You can clearly see that the connection between the AK certificates and their matching AK private key has been established (…​, has private key)

List of X.509 End Entity Certificates

  subject:  "C=CH, O=strongSec GmbH, OU=AK ECC, CN=edu.strongsec.com"
  issuer:   "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
  validity:  not before Dec 23 15:27:40 2020, ok
             not after  Dec 23 15:27:40 2025, ok (expires in 1814 days)
  serial:    65:fd:5b:98:47:11:f6:45
  altNames:  edu.strongsec.com
  flags:     serverAuth
  CRL URIs:  http://www.strongsec.com/ca/strongsec.crl
  authkeyId: 6d:c2:af:37:49:41:b9:fd:f4:45:8b:aa:e0:03:3b:b9:e5:7b:9c:b5
  subjkeyId: cc:83:49:87:2b:9e:f3:cb:b8:35:12:02:87:ff:14:89:28:44:a6:04
  pubkey:    ECDSA 256 bits, has private key
  keyid:     ba:64:37:a4:0e:c8:42:67:8c:55:5a:f9:1b:2a:eb:ff:5f:40:c3:e3
  subjkey:   cc:83:49:87:2b:9e:f3:cb:b8:35:12:02:87:ff:14:89:28:44:a6:04

  subject:  "C=CH, O=strongSec GmbH, OU=AK RSA, CN=edu.strongsec.com"
  issuer:   "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
  validity:  not before Dec 23 15:26:22 2020, ok
             not after  Dec 23 15:26:22 2025, ok (expires in 1813 days)
  serial:    79:e5:74:2f:a4:df:b8:d2
  altNames:  edu.strongsec.com
  flags:     serverAuth
  CRL URIs:  http://www.strongsec.com/ca/strongsec.crl
  authkeyId: 6d:c2:af:37:49:41:b9:fd:f4:45:8b:aa:e0:03:3b:b9:e5:7b:9c:b5
  subjkeyId: 48:82:62:15:74:a2:10:c5:75:70:c2:d6:7d:59:9f:22:d9:4f:9c:07
  pubkey:    RSA 2048 bits, has private key
  keyid:     df:b7:8f:95:61:8f:70:84:f4:03:e8:7e:83:a6:dd:5f:c5:ff:72:b5
  subjkey:   48:82:62:15:74:a2:10:c5:75:70:c2:d6:7d:59:9f:22:d9:4f:9c:07
List of X.509 CA Certificates

  subject:  "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
  issuer:   "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
  validity:  not before Sep 02 10:25:01 2016, ok
             not after  Sep 02 10:25:01 2026, ok (expires in 2066 days)
  serial:    7c:24:43:4b:b7:dc:ef:7e
  flags:     CA CRLSign self-signed
  subjkeyId: 6d:c2:af:37:49:41:b9:fd:f4:45:8b:aa:e0:03:3b:b9:e5:7b:9c:b5
  pubkey:    RSA 4096 bits
  keyid:     6c:79:f3:7a:b0:df:ac:69:03:b2:ac:6a:ed:82:3a:d2:66:93:b1:21
  subjkey:   6d:c2:af:37:49:41:b9:fd:f4:45:8b:aa:e0:03:3b:b9:e5:7b:9c:b5

Initiating IKEv2 Connection

Next we initiate the "host" connection

$ swanctl --initiate --child host
[IKE] initiating IKE_SA host[1] to 10.10.1.43
[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
[NET] sending packet: from 10.10.1.33[500] to 10.10.1.43[500] (240 bytes)
[NET] received packet: from 10.10.1.43[500] to 10.10.1.33[500] (293 bytes)
[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
[IKE] received cert request for "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
[IKE] sending cert request for "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"

The ECC AK private key stored in the TPM 2.0 is used to generate an ECDSA_WITH_SHA256_DER signature which is sent in the AUTH payload of the IKE_AUTH request. The matching client certificate is sent in the CERT payload.

[IKE] authentication of 'edu.strongsec.com' (myself) with ECDSA_WITH_SHA256_DER successful
[IKE] sending end entity cert "C=CH, O=strongSec GmbH, OU=AK ECC, CN=edu.strongsec.com"
[IKE] establishing CHILD_SA host{1}
[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
[NET] sending packet: from 10.10.1.33[4500] to 10.10.1.43[4500] (1392 bytes)
[NET] received packet: from 10.10.1.43[4500] to 10.10.1.33[4500] (1236 bytes)
[ENC] parsed IKE_AUTH response 1 [ EF(1/2) ]
[ENC] received fragment #1 of 2, waiting for complete IKE message
[NET] received packet: from 10.10.1.43[4500] to 10.10.1.33[4500] (132 bytes)
[ENC] parsed IKE_AUTH response 1 [ EF(2/2) ]
[ENC] received fragment #2 of 2, reassembled fragmented IKE message (1296 bytes)
[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) ]
[IKE] received end entity cert "C=CH, O=strongSec GmbH, CN=mijas.strongsec.com"
[CFG]   using certificate "C=CH, O=strongSec GmbH, CN=mijas.strongsec.com"
[CFG]   using trusted ca certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"

The status of the received peer certificate is verified using CRLs:

[CFG] checking certificate status of "C=CH, O=strongSec GmbH, CN=mijas.strongsec.com"
[CFG]   fetching crl from 'http://www.strongsec.com/ca/strongsec.crl' ...
[CFG]   using trusted certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
[CFG]   crl correctly signed by "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
[CFG]   crl is valid: until Jan 10 10:00:01 2021
[CFG]   fetching crl from 'http://www.strongsec.net/ca/strongsec_delta.crl' ...
[CFG]   using trusted certificate "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
[CFG]   crl correctly signed by "C=CH, O=strongSec GmbH, CN=strongSec 2016 Root CA"
[CFG]   crl is valid: until Jan 05 10:00:01 2021
[CFG] certificate status is good
[CFG]   reached self-signed root ca with a path length of 0
[IKE] authentication of 'mijas.strongsec.com' with ECDSA_WITH_SHA256_DER successful
[IKE] IKE_SA host[1] established between 10.10.1.33[edu.strongsec.com]...10.10.1.43[mijas.strongsec.com]
[IKE] scheduling rekeying in 13703s
[IKE] maximum IKE_SA lifetime 15143s
[CFG] selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ
[IKE] CHILD_SA host{1} established with SPIs c585d49f_i c1630769_o and TS 10.10.1.33/32 === 10.10.1.43/32
[IKE] received AUTH_LIFETIME of 9777s, scheduling reauthentication in 8337s
initiate completed successfully

The established IKE and CHILD SAs can be displayed

$ swanctl --list-sas

host: #1, ESTABLISHED, IKEv2, 4ef1452bda258a1b_i* a8508d872adadc84_r
  local  'edu.strongsec.com' @ 10.10.1.33[4500]
  remote 'mijas.strongsec.com' @ 10.10.1.43[4500]
  AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
  established 60s ago, rekeying in 13643s, reauth in 8277s
  host: #1, reqid 1, INSTALLED, TUNNEL, ESP:AES_GCM_16-256
    installed 62s ago, rekeying in 3271s, expires in 3900s
    in  c585d49f,  15168 bytes,   172 packets,     0s ago
    out c1630769,  25184 bytes,   113 packets,    60s ago
    local  10.10.1.33/32
    remote 10.10.1.43/32

Terminating IKEv2 Connection

The IKE and CHILD SAs are terminated

$ swanctl --terminate --ike host
[IKE] deleting IKE_SA host[1] between 10.10.1.33[edu.strongsec.com]...10.10.1.43[mijas.strongsec.com]
[IKE] sending DELETE for IKE_SA host[1]
[ENC] generating INFORMATIONAL request 2 [ D ]
[NET] sending packet: from 10.10.1.33[4500] to 10.10.1.43[4500] (80 bytes)
[NET] received packet: from 10.10.1.43[4500] to 10.10.1.33[4500] (80 bytes)
[ENC] parsed INFORMATIONAL response 2 [ ]
[IKE] IKE_SA deleted
terminate completed successfully