locked
IKEv1 with X509 certificate for Suite B RRS feed

  • Question

  • I am using x509v3 certificates for KEv1 main mode authentication.  I have not been able to get the IKE negotiation to work unless the key size in the certificate exactly matches signing CA’s signing algorithm key size.

    From RFC 5759 Suite B Certificate and CRL Profile:

    Every Suite B certificate MUST use the X.509 v3 format, and contain

       either:

          * An ECDSA-capable signing key, using curve P-256 or P-384; or

          * An ECDH-capable (Elliptic Curve Diffie-Hellman) key

            establishment key, using curve P-256 or P-384.

       Every Suite B certificate and CRL MUST be signed using ECDSA.  The

       signing Certification Authority's  (CA's) key MUST be on the curve

       P-256 or P-384 if the certificate contains a key on the curve P-256.

       If the certificate contains a key on the curve P-384, the signing

       CA's key MUST be on the curve P-384.  Any certificate and CRL MUST be

       hashed using SHA-256 or SHA-384, matched to the size of the signing

       CA's key.

    I interpret this to mean that a certificate that was signed with ECDSA P384 could contain a key with size 256.  But I can’t get it to work on Windows - the IKE negotiation fails because it cannot find a valid certificate (locally or remotely).   If I change the certificate to have a key of size 384 bits OR if I use a certificate signed with ECDSA P256 and key size 256  - it all works.    I have tried setting main mode authenticationMethodType to either IKEEXT_CERTIFICATE_ECDSA_P384 or IKEEXT_CERTIFICATE_ECDSA_P256.

    Am I interpreting the RFC incorrectly?  Why will windows IKE not select the certificate? Is there any documentation of the IKEv1 certificate selection process for x509v3 certificates?

    Below is a dump of the certificate that fails.

    X509 Certificate:

    Version: 3

    Serial Number: 14edd6e700000000006d

    Signature Algorithm:

        Algorithm ObjectId: 1.2.840.10045.4.3.3 sha384ECDSA

        Algorithm Parameters: NULL

    Issuer:

        CN=FK-CERTSERVER-CA

        DC=go

        DC=freddy

        DC=com

    NotBefore: 11/17/2015 12:35 PM

    NotAfter: 11/17/2016 12:45 PM

    Subject:

        CN=P256IPseKW1

        OU=Stealth

        O=Unisys

        C=US

    Public Key Algorithm:

        Algorithm ObjectId: 1.2.840.10045.2.1 ECC

        Algorithm Parameters:

        06 08 2a 86 48 ce 3d 03  01 07

            1.2.840.10045.3.1.7 ECDSA_P256

    Public Key Length: 256 bits

    Public Key: UnusedBits = 0

        0000  04 a9 0b 90 42 b4 1e 53  22 09 c4 9a 49 30 37 4d

        0010  df d6 4c 68 b9 02 83 0b  6b a9 07 4e ac 93 8a 78

        0020  b8 51 4d 0c ef 04 01 8f  38 30 ba 70 f9 c7 3c a4

        0030  00 bc 22 ee fa 79 e7 53  9a 3a 27 05 16 6d 7d 89

        0040  60

    Certificate Extensions: 7

        2.5.29.15: Flags = 0, Length = 4

        Key Usage

            Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86)

        2.5.29.37: Flags = 0, Length = c

        Enhanced Key Usage

            Code Signing (1.3.6.1.5.5.7.3.3)

        2.5.29.19: Flags = 1(Critical), Length = 5

        Basic Constraints

            Subject Type=CA

            Path Length Constraint=None

        2.5.29.14: Flags = 0, Length = 16

        Subject Key Identifier

            1f 92 b2 0e 3e c8 ca bc 26 b5 a1 42 de 9f 6e e5 77 b1 d2 4b

        2.5.29.35: Flags = 0, Length = 18

        Authority Key Identifier

            KeyID=14 20 3e 4b d4 9f 99 b0 15 0a f5 30 7d c1 50 9c 7e 83 7e c5

        2.5.29.31: Flags = 0, Length = 3e

        CRL Distribution Points

            [1]CRL Distribution Point

                 Distribution Point Name:

                      Full Name:

                           URL=http://fk-certserver/CertEnroll/FK-CERTSERVER-CA.crl

        1.3.6.1.5.5.7.1.1: Flags = 0, Length = 52

        Authority Information Access

            [1]Authority Info Access

                 Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)

                 Alternative Name:

                      URL=file://FK-CertServer/CertEnroll/FK-CertServer_FK-CERTSERVER-CA.crt

    Signature Algorithm:

        Algorithm ObjectId: 1.2.840.10045.4.3.3 sha384ECDSA

        Algorithm Parameters: NULL

    Signature: UnusedBits=0

        0000  b4 a5 b8 70 96 8a cd 95  27 d4 46 1a ee e7 13 f6

        0010  47 f4 e0 77 7b 83 f3 12  bd 5f 50 bc 9c d7 ef b1

        0020  3e f2 02 0b 11 5a d2 66  c0 7a 61 8f 45 ef 37 e5

        0030  00 31 02 8b 14 a7 8f da  ad eb 60 cd cf c3 f3 51

        0040  c4 dc 03 8b f5 1d 14 0b  92 bc 6b 39 ed 5d b3 39

        0050  bb d3 05 fe 41 69 63 4e  ec 81 be 2a 58 6e 5a bd

        0060  6c 7e 98 00 31 02 66 30

    Non-root Certificate

    Key Id Hash(rfc-sha1): 1f 92 b2 0e 3e c8 ca bc 26 b5 a1 42 de 9f 6e e5 77 b1 d2 4b

    Key Id Hash(sha1): 24 3c 63 87 f0 df 0c 17 ad 33 7f 41 8c df 8d 31 18 6c 86 61

    Cert Hash(md5): 5e f2 c8 1f 03 58 80 08 ed 04 8b ac 7e ac 8f 33

    Cert Hash(sha1): 95 35 85 93 02 0c 38 22 a2 a3 0f 30 f8 cf b0 9a 28 25 0b b9

    Friday, November 20, 2015 7:24 PM